[frontend] Implement Detection Remediation Rules by AI - Button UseAriane (Issue/3668 chunk 3)

[RomuDeuxfois]

Proposed changes

• Add button UseAriane into remediation of Payload and Inject (AtomicTesting & Simulation)
• Animation AI while rules generated
• Chips Informations : Rules generated by AI or edited by HUMAN or AI Outdated (rules generated by AI but the payload as been updated after generation of rules; Field concerned : type, hostname, Command executor, Attack command, description, platform, attack patterns, architecture, arguments)

Testing Instructions

1. Follow Instruction chunk 1

2. Workflow concern:
   2.1 Payload Creation
   2.2 Payload Update
   2.3 Rules generation by Inject : Atomic Testing
   2.4 Rules generation by Inject : Simulation

3. Payload Type:

• File Drop : Not implemented
• Executable: Not implemented
• Command: implemented
• Dns resolution: implemented

4. Collector Type:

• Crowdstrike
  The table collector is populated by an external system: https://github.com/OpenAEV-Platform/collectors , depending on the collectors (EDR and SIEM) installed on your system. Note that the name of your CrowdStrike collector MUST BE "openbas_crowdstrike". An update of the collectors project is in progress to prevent modification of this name. On 30/09/2025, the names starting with "openbas_" will be updated to "openaev_".

5. RBAC:

• Edition Payload

5. Workflow Payload 2.1 (Creation) and 2.2 (Update):

• Create or Update a Payload (1 by available type) see join file yaml for payload exemple.
• Form incomplet should disable the Button UseAriane (Tab Remediation)
• Button UseAriane should be disable for other collector's type than Crowdstrike (30/09/2025)
• Content into Editor Crowdstrike should disable the button UseArian (30/09/2025)
• EE licence not activated should disable the button Use Ariane
• Click on Button UseAriane :
  • case 1: EE licence not activated : display dialog 'Activation EE required'
  • case 2: EE licence activated & Setting>Parameters>Remove Filigran logos disable : call process and loading Filigran display
  • case 3: EE licence activated & Setting>Parameters>Remove Filigran logos enable : call process and loading circle display
  • After case 2 or 3 (AI process duration : max 3min):
    • case 1: ERROR: Type Payload not implemented (END)
    • case 2:
      • Animation typing start
      • Chips Rules edited by AI display.
      • Edit rules : should change the chips by "Rules written by Human" (green)
      • Edit form (see fields concern) : should change the chips by "Payload changed since rule was edited" (orange)
      • Remove change form and rules : should change the chips by "Rules generated by AI" (purple)
      • Click on Update: Save the Payload and Detection Remediation (END)

6. Workflow 2.3 (Inject Atomic Testing):

• Create a Payload Command or DnsResolution
• Create an Atomic Testing inject preview payload
• Tab "Remediations"
• Button UseAriane available if:
  • Content empty
  • Collector available (at 30/09/2025 : only Crowdstrike)
• Click on "UseAriane" :
• case 1: EE licence not activated : display dialog 'Activation EE required'
• case 2: EE licence activated & Setting > Parameters > Remove Filigran logos disable : call process and loading Filigran display
• case 3: EE licence activated & Setting > Parameters > Remove Filigran logos enable : call process and loading circle display
• After case 2 or 3:
• Animation typing start
• Chips display "Rules generated by AI" (purple) (END)

7. Workflow 2.4 (Simulation):

• Create a Payload Command or DnsResolution
• Create a Simulation
• Tab Inject > Add an inject with your previous payload
• Launch the simulation
• Tab Overview > Part: "Injects results" > click on your inject
• Tab > Remediation
• Button UseAriane available if:
  • Content empty
  • Collector available (at 30/09/2025 : only Crowdstrike)
  • Click on "UseAriane" :
  • case 1: EE licence not activated : display dialog 'Activation EE required'
  • case 2: EE licence activated & Setting > Parameters > Remove Filigran logos disable : call process and loading Filigran display
  • case 3: EE licence activated & Setting > Parameters > Remove Filigran logos enable : call process and loading circle display
  • After case 2 or 3:
  • Animation typing start
  • Chips display "Rules generated by AI" (purple) (END)

Error Workflow 2.3 (Inject Atomic Testing) and 2.4 (Simulation):

• Use payload not Command or DnsResolution
• Button UseAriane available if:
  • Content empty
  • Collector available (at 30/09/2025 : only Crowdstrike)
• Click on UseAriane
• return an error "AI Webservice for FileDrop or Executable File not implemented"

8. Environment or config notes

Local : install Docker webservice: webservice.remediation.detection : https://github.com/FiligranHQ/remediation_detection_webservice

Related issues

• Closes #ISSUE-NUMBER Detection Remediation by AI #3668

Checklist

• I consider the submitted work as finished
• I tested the code for its functionality
• I wrote test cases for the relevant uses case
• I added/update the relevant documentation (either on github or on notion)
• Where necessary I refactored code to improve the overall quality
• For bug fix -> I implemented a test that covers the bug

Further comments

If this is a relatively large or complex change, kick off the discussion by explaining why you chose the solution you did and what alternatives you considered, etc...
download-macro-phishing.txt
activate-guest-account.txt
enable-guest-rdp-admin.txt

[codecov]

Codecov Report

❌ Patch coverage is 2.59259% with 263 lines in your changes missing coverage. Please review.
✅ Project coverage is 47.15%. Comparing base (17a984e) to head (d1ca67f).
⚠️ Report is 2 commits behind head on release/current.

Files with missing lines	Patch %	Lines
...ation/DetectionRemediationCrowdstrikeResponse.java	0.00%	78 Missing ⚠️
...ction_remediation/DetectionRemediationRequest.java	0.00%	76 Missing ⚠️
...ction_remediation/DetectionRemediationService.java	3.03%	32 Missing ⚠️
...detection_remediation/DetectionRemediationApi.java	0.00%	30 Missing ⚠️
...ion_remediation/DetectionRemediationAIService.java	3.44%	28 Missing ⚠️
...in/java/io/openbas/utils/mapper/PayloadMapper.java	11.11%	8 Missing ⚠️
openbas-api/src/main/java/io/openbas/ee/Ee.java	0.00%	4 Missing ⚠️
...enbas/rest/collector/service/CollectorService.java	0.00%	3 Missing ⚠️
...as/api/detection_remediation/dto/PayloadInput.java	0.00%	1 Missing ⚠️
...a/io/openbas/collectors/utils/CollectorsUtils.java	0.00%	1 Missing ⚠️
... and 2 more

Additional details and impacted files

@@                  Coverage Diff                  @@
##             release/current    #4051      +/-   ##
=====================================================
- Coverage              47.62%   47.15%   -0.47%     
- Complexity              3266     3272       +6     
=====================================================
  Files                    842      851       +9     
  Lines                  25034    25302     +268     
  Branches                1814     1846      +32     
=====================================================
+ Hits                   11923    11932       +9     
- Misses                 12409    12667     +258     
- Partials                 702      703       +1     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.