0

My goal is to show all the data using angular 5.

{
 "route": "/hx/api/v3/alerts/id",
 "data": {
 "agent": {
  "containment_state": "normal",
  "_id": "Aq0mOZ2D9ubcBwkoB9riaX",
  "url": "/hx/api/v3/hosts/Aq0mOZ2D9ubcBwkoB9riaX"
},
"reported_at": "2018-08-31T20:51:59.903Z",
"matched_source_alerts": [

],
"is_false_positive": false,
"event_at": "2018-08-31T20:51:59.496Z",
"source": "MAL",
"resolution": "ALERT",
"url": "/hx/api/v3/alerts/3271",
"condition": null,
"event_id": null,
"event_type": null,
"matched_at": "2018-08-31T20:51:59.496Z",
"event_values": {
  "scanned-object": {
    "file-event": {
      "actor-process": {
        "path": "C:\\Program Files (x86)\\Internet Explorer\\iexplore.exe",
        "pid": "12364",
        "user": {
          "domain": "HCCC-MANAGER1",
          "username": "admin"
        }
      },
      "file-path": "C:\\Users\\admin\\AppData\\Local\\Microsoft\\Windows\\INetCache\\Low\\IE\\2UK27Y9J\\ACY8PW37.htm"
    },
    "scanned-object-type": "file-event"
  },
  "scan-type": "oas",
  "system-data": {
    "engine-version": "11.0.1.18",
    "content-version": "7.77212",
    "xmlns": "http://www.fireeye.com/antimalware-alert",
    "whitelist-schema-version": "1.0.0",
    "alert-version": "1",
    "product-version": "26.35.0.0",
    "correlation-id": "7a1d883b-e579-4d2a-b050-5eec7def16a2",
    "xsi:schemaLocation": "http://www.fireeye.com/antimalware-alert AM-alert.xsd",
    "xmlns:xsi": "http://www.w3.org/2001/XMLSchema-instance",
    "whitelist-content-version": "1.1.6",
    "timestamp": "2018-08-31T20:51:59.496Z"
  },
  "detections": {
    "detection": [
      {
        "infection": {
          "infection-type": "malware",
          "infection-name": "JS:Trojan.Cryxos.1726",
          "confidence-level": "high"
        },
        "infected-object": {
          "object-type": "file",
          "file-object": {
            "container": "true",
            "access-time": "2018-08-31T20:51:59.238Z",
            "modification-time": "2018-08-31T20:51:59.238Z",
            "sha1sum": "96c4c0c176933a58ad480cbd63d999ed11e0a968",
            "md5sum": "9b4d577410c14dac4628f471ba85f344",
            "creation-time": "2018-08-31T20:51:59.238Z",
            "inner-file-path": "(INFECTED_JS)",
            "size-in-bytes": "14100",
            "packed": "false",
            "file-path": "C:\\Users\\admin\\AppData\\Local\\Microsoft\\Windows\\INetCache\\Low\\IE\\2UK27Y9J\\ACY8PW37.htm"
          }
        },
        "action": {
          "result": "success",
          "requested-action": "none",
          "reboot-required": "false",
          "applied-action": "none",
          "error": "0",
          "actioned-object": {
            "object-type": "file",
            "file-object": {
              "container": "true",
              "access-time": "2018-08-31T20:51:59.238Z",
              "modification-time": "2018-08-31T20:51:59.238Z",
              "sha1sum": "96c4c0c176933a58ad480cbd63d999ed11e0a968",
              "md5sum": "9b4d577410c14dac4628f471ba85f344",
              "creation-time": "2018-08-31T20:51:59.238Z",
              "inner-file-path": "(INFECTED_JS)",
              "size-in-bytes": "14100",
              "packed": "false",
              "file-path": "C:\\Users\\admin\\AppData\\Local\\Microsoft\\Windows\\INetCache\\Low\\IE\\2UK27Y9J\\ACY8PW37.htm"
            }
          }
        }
      }
    ]
  }
},
"_id": 3271
 },
 "details": [

],
"message": "OK"
 }

this is just a sample of data. In my program i ll be getting such objects dynamically without any proper pattern. I ll have to show all these key-value pair. How to retrieve all the nested key-value pair dynamically?

Retrive the following type of key-value pair is not an issue but the event_values object is most challenging part. because if such data will come via API dynamically how to retrieve it?

"is_false_positive": false,
"event_at": "2018-08-31T20:51:59.496Z",
"source": "MAL",
"resolution": "ALERT",
"url": "/hx/api/v3/alerts/3271",
"condition": null,
"event_id": null,
"event_type": null,
"matched_at": "2018-08-31T20:51:59.496Z",
Improve this question

2 Answers 2

Reset to default
1

can't quite determine what you are trying to do but if I understood correctly you should be able to iterate the object like this:

function inspect(obj, depth){
    for (let key in obj) {
        var indent = new Array(depth * 3).join(' ')
        if(typeof(obj[key]) === 'object')
           inspect(obj[key], depth + 1)
        else
           console.log(indent + key + ":" + obj[key]);
    }
}

inspect(event_values, 0);

If it's really an arbitrary key value list you might need to consider nested arrays as well.

Example: https://stackblitz.com/edit/typescript-yzpdvj

Improve this answer
Sign up to request clarification or add additional context in comments.

5 Comments

Thank you . Can you please describe why you created the array .
are you refering to event_values? If so, thats an object I created to simulate the one you would deserialize from the api result (did you look at the example code?)
ye i went through it and deployed in my code .. but i still am stuck at a point, I am not able to get the parent object . for example- this is a small part of the result array. 1:pid:12364" 2: "domain:HCCC-MANAGER1" 3: "username:admin" 4: "file-path:C:\Users\INetCache\Low\IE\2UK27Y9J\ACY8PW37.htm" 5: "scanned-object-type:file-event" 6: "scan-type:oas" key:value pair is properly mentioned but inside which objects we get this pair is not found. this is the actual path of the object ->scanned-object->file-event->actor-processpid:12364 but we only get actor-processpid:12364
I was asking why you created this array ` var indent = new Array(depth * 3).join(' ') ` without using this indent also I am able to retrieve all the key:value pair
oh sry - you don't need that arary - it's just to indent the console output from the code above with spaces (I forgot to remove it from the live example)
0

i am not sure to have understand what you try to achieve so far. I have assume you have unstructured Json input, and you want to scan it, and keep all value of listed keys.

if i am right, this following code do the job : 

import {data} from './data';
import {isObject, isArray, isNullOrUndefined} from 'util';


const haveToGoDeeper = val => isObject(val) || isArray(val);

const parser = val => {
  const info = [];
  let finded = {};
  for(let index in val) {
    ["is_false_positive","event_at","source","resolution","url","condition","event_id","event_type","matched_at"].forEach(k => {
        //If actual keys is on the list.
        if(k === index)
            finded[index] = val[index];
    });
    // If we have find at least 1 items on bellow array of keys, we keep it.
    if(Object.keys(finded).length > 0)
      info.push(finded);

    //Recursive section.
    if(haveToGoDeeper(val[index])) {
        info.push(...parser(val[index]));
    }

  }

  return info;
};


console.log(parser(data).filter(e => e !== null));

Online Sample

if is not this one, please comment and ill be my pleasure to update my post.

Improve this answer

1 Comment

Thank you so much for this effort. But here u have taken the following value as keys ["is_false_positive","event_at","source","resolution","url","condition","event_id","event_type","matched_at"] in the object i have provided as example, these keys only contains a single value. but the key like event_values contains nested objects which are tough to retrieve. and such nested objects are completely dynamic as its depends on the server side programmer. My goal is to retrieve all the key:value pairs available in the object and print it.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.