wazuh iris

compose-overrides/iris.shared-network.yml

@@ -10,6 +10,8 @@ services:
       - soc_shared
 
   app:
+    ports:
+      - "8001:8000"
     networks:
       - iris_backend
       - iris_frontend

compose-overrides/soc-integrator.yml

@@ -38,6 +38,7 @@ services:
       - "${SOC_INTEGRATOR_PORT:-8088}:8080"
     volumes:
       - ../scripts:/app/scripts:ro
+      - ../soc-integrator/app:/app/app
     depends_on:
       soc-integrator-db:
         condition: service_healthy

iris-web/source/app/__init__.py

@@ -103,7 +103,8 @@ app.config.from_object('app.configuration.Config')
 app.config.update(
     SESSION_COOKIE_SECURE=True,
     SESSION_COOKIE_HTTPONLY=True,
-    SESSION_COOKIE_SAMESITE='Lax'
+    SESSION_COOKIE_SAMESITE='Lax',
+    SOC_INTEGRATOR_URL=os.getenv('SOC_INTEGRATOR_URL', 'http://soc-integrator:8080'),
 )
 
 cache = Cache(app)

iris-web/source/app/blueprints/pages/case/templates/case.html

@@ -42,6 +42,7 @@
                                      <span title="Case outcome" class="float-right btn btn-rounded badge-pill hidden-caret btn-sm ml-2 mb-2 {% if case.status_id == 1%}badge-success{% elif case.status_id == 2 %}badge-danger{% else %}btn-light{% endif %}"
                                         onclick="case_detail('{{ case.case_id }}', true);"
                                      ><i class="fa-solid fa-group-arrows-rotate mr-2"></i>{{ case.status_name }}</span>
+                                     <span id="case-kpi-badge" class="ml-2 mb-2 d-inline-flex align-items-center" style="gap:4px;color:#fff;opacity:.9"></span>
                                 </div>
                                 <div class="row">
                                       <div class="ml-auto">
@@ -338,6 +339,23 @@
 <script>
     $('#modal_select_report').selectpicker();
     load_menu_mod_options_modal([{{case.case_id}}], 'case', $("#case_modal_quick_actions"));
+
+    (async function loadCaseKpi() {
+        try {
+            const res = await fetch('/kpi-dashboard/api/cases/{{ case.case_id }}');
+            if (!res.ok) return;
+            const json = await res.json();
+            const kpi = json.data?.case?.kpi;
+            if (!kpi) return;
+            const segs = (kpi.segments || []).map(s =>
+                `<div style="width:18px;height:8px;border-radius:3px;background:${s.active ? s.color : 'rgba(255,255,255,.25)'}" title="${s.label}"></div>`
+            ).join('');
+            document.getElementById('case-kpi-badge').innerHTML =
+                `<b><i class="fa-solid fa-gauge-high"></i></b>
+                 <span style="display:flex;gap:3px">${segs}</span>
+                 <small>${kpi.status}</small>`;
+        } catch(e) {}
+    })();
 </script>
 
 {% endblock javascripts %}

iris-web/source/app/blueprints/pages/kpi_dashboard/kpi_dashboard_routes.py

@@ -0,0 +1,85 @@
+import json
+import urllib.parse
+import urllib.request
+from flask import Blueprint, render_template, redirect, url_for, current_app, request, Response
+
+from app.blueprints.access_controls import ac_requires, ac_api_requires
+from app.models.authorization import Permissions
+
+kpi_dashboard_blueprint = Blueprint(
+    'kpi_dashboard', __name__, template_folder='templates'
+)
+
+
+def _soc_url() -> str:
+    return current_app.config.get('SOC_INTEGRATOR_URL', 'http://soc-integrator:8000')
+
+
+def _soc_get(path: str, params: dict) -> tuple[bytes, int, str]:
+    qs = urllib.parse.urlencode({k: v for k, v in params.items() if v is not None})
+    url = f"{_soc_url()}{path}{'?' + qs if qs else ''}"
+    with urllib.request.urlopen(url, timeout=30) as r:
+        return r.read(), r.status, r.headers.get('Content-Type', 'application/json')
+
+
+def _soc_post(path: str, body: dict) -> tuple[bytes, int]:
+    url = f"{_soc_url()}{path}"
+    data = json.dumps(body).encode()
+    req = urllib.request.Request(url, data=data, headers={'Content-Type': 'application/json'})
+    with urllib.request.urlopen(req, timeout=20) as r:
+        return r.read(), r.status
+
+
+@kpi_dashboard_blueprint.route('/kpi-dashboard')
+@ac_requires(no_cid_required=True)
+def kpi_dashboard(caseid, url_redir):
+    if url_redir:
+        return redirect(url_for('index.index', cid=caseid if caseid is not None else 1, redirect=True))
+    return render_template('kpi_dashboard.html')
+
+
+@kpi_dashboard_blueprint.route('/kpi-dashboard/api/alerts')
+@ac_api_requires(Permissions.alerts_read)
+def proxy_list_alerts():
+    content, status, _ = _soc_get('/iris/alerts', request.args)
+    return Response(content, status=status, content_type='application/json')
+
+
+@kpi_dashboard_blueprint.route('/kpi-dashboard/api/alerts/<int:alert_id>')
+@ac_api_requires(Permissions.alerts_read)
+def proxy_get_alert(alert_id):
+    content, status, _ = _soc_get(f'/iris/alerts/{alert_id}', {})
+    return Response(content, status=status, content_type='application/json')
+
+
+@kpi_dashboard_blueprint.route('/kpi-dashboard/api/alerts/<int:alert_id>/assign', methods=['POST'])
+@ac_api_requires(Permissions.alerts_write)
+def proxy_assign_alert(alert_id):
+    content, status = _soc_post(f'/iris/alerts/{alert_id}/assign', request.get_json() or {})
+    return Response(content, status=status, content_type='application/json')
+
+
+@kpi_dashboard_blueprint.route('/kpi-dashboard/api/alerts/export-csv')
+@ac_api_requires(Permissions.alerts_read)
+def proxy_export_csv():
+    content, status, _ = _soc_get('/iris/alerts/export-csv', request.args)
+    return Response(
+        content,
+        status=status,
+        content_type='text/csv',
+        headers={'Content-Disposition': 'attachment; filename=iris_alerts.csv'},
+    )
+
+
+@kpi_dashboard_blueprint.route('/kpi-dashboard/api/cases')
+@ac_api_requires(Permissions.alerts_read)
+def proxy_list_cases():
+    content, status, _ = _soc_get('/iris/cases', request.args)
+    return Response(content, status=status, content_type='application/json')
+
+
+@kpi_dashboard_blueprint.route('/kpi-dashboard/api/cases/<int:case_id>')
+@ac_api_requires(Permissions.alerts_read)
+def proxy_get_case(case_id):
+    content, status, _ = _soc_get(f'/iris/cases/{case_id}', {})
+    return Response(content, status=status, content_type='application/json')

iris-web/source/app/blueprints/pages/kpi_dashboard/templates/kpi_dashboard.html

@@ -0,0 +1,74 @@
+{% extends "layouts/default.html" %}
+
+{% block title %}KPI Dashboard{% endblock %}
+
+{% block stylesheets %}
+  <link rel="stylesheet" href="/static/assets/css/kpi_dashboard.css">
+{% endblock %}
+
+{% block content %}
+<div class="panel-header bg-primary-gradient mt--4">
+  <div class="page-inner py-4">
+    <h2 class="text-white fw-bold">KPI Dashboard</h2>
+  </div>
+</div>
+
+<div class="page-inner mt--5">
+  <!-- Table card -->
+  <div class="card">
+    <!-- Tabs + filters inside card header -->
+    <div class="card-header pb-0 pt-3">
+      <ul class="nav nav-tabs card-header-tabs" id="kpi-tabs">
+        <li class="nav-item">
+          <a class="nav-link active" id="tab-alerts" href="#" onclick="switchTab('alerts'); return false;">Alerts</a>
+        </li>
+        <li class="nav-item">
+          <a class="nav-link" id="tab-cases" href="#" onclick="switchTab('cases'); return false;">Cases</a>
+        </li>
+      </ul>
+      <div class="d-flex gap-2 mt-2 mb-2">
+        <input id="filter-owner" class="form-control form-control-sm" style="width:180px"
+               placeholder="Enter Assignee..." oninput="debouncedLoad()">
+        <input id="filter-title" class="form-control form-control-sm" style="width:240px"
+               placeholder="Enter name..." oninput="debouncedLoad()">
+      </div>
+    </div>
+    <div class="card-body p-0">
+      <div class="table-responsive">
+        <table class="table table-hover table-sm mb-0" id="alerts-table">
+          <thead class="table-light">
+            <tr>
+              <th><input type="checkbox" id="chk-all" onchange="toggleAll(this)"></th>
+              <th></th>
+              <th>Assignee</th>
+              <th class="sortable" data-col="alert_id" onclick="sortBy('alert_id')">No. <span class="sort-icon">↕</span></th>
+              <th class="sortable" data-col="alert_title" onclick="sortBy('alert_title')">Name <span class="sort-icon">↕</span></th>
+              <th class="sortable" data-col="alert_classification_id" onclick="sortBy('alert_classification_id')">Category <span class="sort-icon">↕</span></th>
+              <th>Product</th>
+              <th class="sortable" data-col="alert_creation_time" onclick="sortBy('alert_creation_time')">Created at <span class="sort-icon">↕</span></th>
+              <th class="sortable" data-col="kpi" onclick="sortBy('kpi')">KPI Timeout <span class="sort-icon">↕</span></th>
+              <th class="sortable" data-col="alert_source_event_time" onclick="sortBy('alert_source_event_time')">Notified at <span class="sort-icon">↕</span></th>
+              <th>Closed at</th>
+              <th>Region</th>
+            </tr>
+          </thead>
+          <tbody id="alerts-body">
+            <tr><td colspan="12" class="text-center text-muted py-4">Loading...</td></tr>
+          </tbody>
+        </table>
+      </div>
+    </div>
+  </div>
+
+  <!-- Pagination (outside card) -->
+  <div class="d-flex justify-content-between align-items-center mt-2">
+    <button class="btn btn-sm btn-outline-secondary" onclick="prevPage()">&#8249; Prev</button>
+    <span id="page-info" class="text-muted small"></span>
+    <button class="btn btn-sm btn-outline-secondary" onclick="nextPage()">Next &#8250;</button>
+  </div>
+</div>
+{% endblock %}
+
+{% block javascripts %}
+  <script src="/static/assets/js/iris/kpi_dashboard.js"></script>
+{% endblock %}

iris-web/source/app/blueprints/pages/manage/templates/manage_cases.html

@@ -44,6 +44,7 @@
                                         <th>Close date</th>
                                         <th>SOC Ticket</th>
                                         <th>Opening user</th>
+                                        <th>KPI</th>
                                     </tr>
                                 </thead>
                                 <tfoot>
@@ -56,6 +57,7 @@
                                         <th>Close date</th>
                                         <th>SOC Ticket</th>
                                         <th>Opening user</th>
+                                        <th>KPI</th>
                                     </tr>
                                 </tfoot>
                             </table>

iris-web/source/app/templates/includes/sidenav.html

@@ -101,6 +101,12 @@
 								<span>DIM Tasks</span>
 							</a>
 						</li>
+						<li class="nav-item">
+							<a href="/kpi-dashboard">
+								<i class="fas fa-tachometer-alt"></i>
+								<span>KPI Dashboard</span>
+							</a>
+						</li>
 
 
 						<li class="nav-section nav-advanced">

iris-web/source/app/views.py

@@ -97,6 +97,7 @@ from app.blueprints.rest.search_routes import search_rest_blueprint
 from app.blueprints.graphql.graphql_route import graphql_blueprint
 
 from app.blueprints.rest.v2 import rest_v2_blueprint
+from app.blueprints.pages.kpi_dashboard.kpi_dashboard_routes import kpi_dashboard_blueprint
 from app.models.authorization import User
 
 def register_blusprints(app):
@@ -183,6 +184,8 @@ def register_blusprints(app):
 
     app.register_blueprint(rest_v2_blueprint)
 
+    app.register_blueprint(kpi_dashboard_blueprint)
+
 
 
 # provide login manager with load_user callback

iris-web/ui/package-lock.json

@@ -21,6 +21,7 @@
         "jquery.scrollbar": "^0.2.10",
         "jqvmap": "^1.5.1",
         "moment": "^2.22.2",
+        "rollup": "^4.59.0",
         "showdown": "^1.9.0",
         "socket.io": "^4.3.2",
         "sortablejs": "^1.7.0",
@@ -842,13 +843,12 @@
       }
     },
     "node_modules/@rollup/rollup-android-arm-eabi": {
-      "version": "4.22.5",
-      "resolved": "https://registry.npmjs.org/@rollup/rollup-android-arm-eabi/-/rollup-android-arm-eabi-4.22.5.tgz",
-      "integrity": "sha512-SU5cvamg0Eyu/F+kLeMXS7GoahL+OoizlclVFX3l5Ql6yNlywJJ0OuqTzUx0v+aHhPHEB/56CT06GQrRrGNYww==",
+      "version": "4.59.0",
+      "resolved": "https://registry.npmjs.org/@rollup/rollup-android-arm-eabi/-/rollup-android-arm-eabi-4.59.0.tgz",
+      "integrity": "sha512-upnNBkA6ZH2VKGcBj9Fyl9IGNPULcjXRlg0LLeaioQWueH30p6IXtJEbKAgvyv+mJaMxSm1l6xwDXYjpEMiLMg==",
       "cpu": [
         "arm"
       ],
-      "dev": true,
       "license": "MIT",
       "optional": true,
       "os": [
@@ -856,13 +856,12 @@
       ]
     },
     "node_modules/@rollup/rollup-android-arm64": {
-      "version": "4.22.5",
-      "resolved": "https://registry.npmjs.org/@rollup/rollup-android-arm64/-/rollup-android-arm64-4.22.5.tgz",
-      "integrity": "sha512-S4pit5BP6E5R5C8S6tgU/drvgjtYW76FBuG6+ibG3tMvlD1h9LHVF9KmlmaUBQ8Obou7hEyS+0w+IR/VtxwNMQ==",
+      "version": "4.59.0",
+      "resolved": "https://registry.npmjs.org/@rollup/rollup-android-arm64/-/rollup-android-arm64-4.59.0.tgz",
+      "integrity": "sha512-hZ+Zxj3SySm4A/DylsDKZAeVg0mvi++0PYVceVyX7hemkw7OreKdCvW2oQ3T1FMZvCaQXqOTHb8qmBShoqk69Q==",
       "cpu": [
         "arm64"
       ],
-      "dev": true,
       "license": "MIT",
       "optional": true,
       "os": [
@@ -870,13 +869,12 @@
       ]
     },
     "node_modules/@rollup/rollup-darwin-arm64": {
-      "version": "4.22.5",
-      "resolved": "https://registry.npmjs.org/@rollup/rollup-darwin-arm64/-/rollup-darwin-arm64-4.22.5.tgz",
-      "integrity": "sha512-250ZGg4ipTL0TGvLlfACkIxS9+KLtIbn7BCZjsZj88zSg2Lvu3Xdw6dhAhfe/FjjXPVNCtcSp+WZjVsD3a/Zlw==",
+      "version": "4.59.0",
+      "resolved": "https://registry.npmjs.org/@rollup/rollup-darwin-arm64/-/rollup-darwin-arm64-4.59.0.tgz",
+      "integrity": "sha512-W2Psnbh1J8ZJw0xKAd8zdNgF9HRLkdWwwdWqubSVk0pUuQkoHnv7rx4GiF9rT4t5DIZGAsConRE3AxCdJ4m8rg==",
       "cpu": [
         "arm64"
       ],
-      "dev": true,
       "license": "MIT",
       "optional": true,
       "os": [
@@ -884,27 +882,51 @@
       ]
     },
     "node_modules/@rollup/rollup-darwin-x64": {
-      "version": "4.22.5",
-      "resolved": "https://registry.npmjs.org/@rollup/rollup-darwin-x64/-/rollup-darwin-x64-4.22.5.tgz",
-      "integrity": "sha512-D8brJEFg5D+QxFcW6jYANu+Rr9SlKtTenmsX5hOSzNYVrK5oLAEMTUgKWYJP+wdKyCdeSwnapLsn+OVRFycuQg==",
+      "version": "4.59.0",
+      "resolved": "https://registry.npmjs.org/@rollup/rollup-darwin-x64/-/rollup-darwin-x64-4.59.0.tgz",
+      "integrity": "sha512-ZW2KkwlS4lwTv7ZVsYDiARfFCnSGhzYPdiOU4IM2fDbL+QGlyAbjgSFuqNRbSthybLbIJ915UtZBtmuLrQAT/w==",
       "cpu": [
         "x64"
       ],
-      "dev": true,
       "license": "MIT",
       "optional": true,
       "os": [
         "darwin"
       ]
     },
+    "node_modules/@rollup/rollup-freebsd-arm64": {
+      "version": "4.59.0",
+      "resolved": "https://registry.npmjs.org/@rollup/rollup-freebsd-arm64/-/rollup-freebsd-arm64-4.59.0.tgz",
+      "integrity": "sha512-EsKaJ5ytAu9jI3lonzn3BgG8iRBjV4LxZexygcQbpiU0wU0ATxhNVEpXKfUa0pS05gTcSDMKpn3Sx+QB9RlTTA==",
+      "cpu": [
+        "arm64"
+      ],
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "freebsd"
+      ]
+    },
+    "node_modules/@rollup/rollup-freebsd-x64": {
+      "version": "4.59.0",
+      "resolved": "https://registry.npmjs.org/@rollup/rollup-freebsd-x64/-/rollup-freebsd-x64-4.59.0.tgz",
+      "integrity": "sha512-d3DuZi2KzTMjImrxoHIAODUZYoUUMsuUiY4SRRcJy6NJoZ6iIqWnJu9IScV9jXysyGMVuW+KNzZvBLOcpdl3Vg==",
+      "cpu": [
+        "x64"
+      ],
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "freebsd"
+      ]
+    },
     "node_modules/@rollup/rollup-linux-arm-gnueabihf": {
-      "version": "4.22.5",
-      "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-arm-gnueabihf/-/rollup-linux-arm-gnueabihf-4.22.5.tgz",
-      "integrity": "sha512-PNqXYmdNFyWNg0ma5LdY8wP+eQfdvyaBAojAXgO7/gs0Q/6TQJVXAXe8gwW9URjbS0YAammur0fynYGiWsKlXw==",
+      "version": "4.59.0",
+      "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-arm-gnueabihf/-/rollup-linux-arm-gnueabihf-4.59.0.tgz",
+      "integrity": "sha512-t4ONHboXi/3E0rT6OZl1pKbl2Vgxf9vJfWgmUoCEVQVxhW6Cw/c8I6hbbu7DAvgp82RKiH7TpLwxnJeKv2pbsw==",
       "cpu": [
         "arm"
       ],
-      "dev": true,
       "license": "MIT",
       "optional": true,
       "os": [
@@ -912,13 +934,12 @@
       ]
     },
     "node_modules/@rollup/rollup-linux-arm-musleabihf": {
-      "version": "4.22.5",
-      "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-arm-musleabihf/-/rollup-linux-arm-musleabihf-4.22.5.tgz",
-      "integrity": "sha512-kSSCZOKz3HqlrEuwKd9TYv7vxPYD77vHSUvM2y0YaTGnFc8AdI5TTQRrM1yIp3tXCKrSL9A7JLoILjtad5t8pQ==",
+      "version": "4.59.0",
+      "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-arm-musleabihf/-/rollup-linux-arm-musleabihf-4.59.0.tgz",
+      "integrity": "sha512-CikFT7aYPA2ufMD086cVORBYGHffBo4K8MQ4uPS/ZnY54GKj36i196u8U+aDVT2LX4eSMbyHtyOh7D7Zvk2VvA==",
       "cpu": [
         "arm"
       ],
-      "dev": true,
       "license": "MIT",
       "optional": true,
       "os": [
@@ -926,13 +947,12 @@
       ]
     },
     "node_modules/@rollup/rollup-linux-arm64-gnu": {
-      "version": "4.22.5",
-      "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-arm64-gnu/-/rollup-linux-arm64-gnu-4.22.5.tgz",
-      "integrity": "sha512-oTXQeJHRbOnwRnRffb6bmqmUugz0glXaPyspp4gbQOPVApdpRrY/j7KP3lr7M8kTfQTyrBUzFjj5EuHAhqH4/w==",
+      "version": "4.59.0",
+      "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-arm64-gnu/-/rollup-linux-arm64-gnu-4.59.0.tgz",
+      "integrity": "sha512-jYgUGk5aLd1nUb1CtQ8E+t5JhLc9x5WdBKew9ZgAXg7DBk0ZHErLHdXM24rfX+bKrFe+Xp5YuJo54I5HFjGDAA==",
       "cpu": [
         "arm64"
       ],
-      "dev": true,
       "license": "MIT",
       "optional": true,
       "os": [
@@ -940,27 +960,64 @@
       ]
     },
     "node_modules/@rollup/rollup-linux-arm64-musl": {
-      "version": "4.22.5",
-      "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-arm64-musl/-/rollup-linux-arm64-musl-4.22.5.tgz",
-      "integrity": "sha512-qnOTIIs6tIGFKCHdhYitgC2XQ2X25InIbZFor5wh+mALH84qnFHvc+vmWUpyX97B0hNvwNUL4B+MB8vJvH65Fw==",
+      "version": "4.59.0",
+      "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-arm64-musl/-/rollup-linux-arm64-musl-4.59.0.tgz",
+      "integrity": "sha512-peZRVEdnFWZ5Bh2KeumKG9ty7aCXzzEsHShOZEFiCQlDEepP1dpUl/SrUNXNg13UmZl+gzVDPsiCwnV1uI0RUA==",
       "cpu": [
         "arm64"
       ],
-      "dev": true,
       "license": "MIT",
       "optional": true,
       "os": [
         "linux"
       ]
     },
-    "node_modules/@rollup/rollup-linux-powerpc64le-gnu": {
-      "version": "4.22.5",
-      "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-powerpc64le-gnu/-/rollup-linux-powerpc64le-gnu-4.22.5.tgz",
-      "integrity": "sha512-TMYu+DUdNlgBXING13rHSfUc3Ky5nLPbWs4bFnT+R6Vu3OvXkTkixvvBKk8uO4MT5Ab6lC3U7x8S8El2q5o56w==",
+    "node_modules/@rollup/rollup-linux-loong64-gnu": {
+      "version": "4.59.0",
+      "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-loong64-gnu/-/rollup-linux-loong64-gnu-4.59.0.tgz",
+      "integrity": "sha512-gbUSW/97f7+r4gHy3Jlup8zDG190AuodsWnNiXErp9mT90iCy9NKKU0Xwx5k8VlRAIV2uU9CsMnEFg/xXaOfXg==",
+      "cpu": [
+        "loong64"
+      ],
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "linux"
+      ]
+    },
+    "node_modules/@rollup/rollup-linux-loong64-musl": {
+      "version": "4.59.0",
+      "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-loong64-musl/-/rollup-linux-loong64-musl-4.59.0.tgz",
+      "integrity": "sha512-yTRONe79E+o0FWFijasoTjtzG9EBedFXJMl888NBEDCDV9I2wGbFFfJQQe63OijbFCUZqxpHz1GzpbtSFikJ4Q==",
+      "cpu": [
+        "loong64"
+      ],
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "linux"
+      ]
+    },
+    "node_modules/@rollup/rollup-linux-ppc64-gnu": {
+      "version": "4.59.0",
+      "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-ppc64-gnu/-/rollup-linux-ppc64-gnu-4.59.0.tgz",
+      "integrity": "sha512-sw1o3tfyk12k3OEpRddF68a1unZ5VCN7zoTNtSn2KndUE+ea3m3ROOKRCZxEpmT9nsGnogpFP9x6mnLTCaoLkA==",
+      "cpu": [
+        "ppc64"
+      ],
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "linux"
+      ]
+    },
+    "node_modules/@rollup/rollup-linux-ppc64-musl": {
+      "version": "4.59.0",
+      "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-ppc64-musl/-/rollup-linux-ppc64-musl-4.59.0.tgz",
+      "integrity": "sha512-+2kLtQ4xT3AiIxkzFVFXfsmlZiG5FXYW7ZyIIvGA7Bdeuh9Z0aN4hVyXS/G1E9bTP/vqszNIN/pUKCk/BTHsKA==",
       "cpu": [
         "ppc64"
       ],
-      "dev": true,
       "license": "MIT",
       "optional": true,
       "os": [
@@ -968,13 +1025,25 @@
       ]
     },
     "node_modules/@rollup/rollup-linux-riscv64-gnu": {
-      "version": "4.22.5",
-      "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-riscv64-gnu/-/rollup-linux-riscv64-gnu-4.22.5.tgz",
-      "integrity": "sha512-PTQq1Kz22ZRvuhr3uURH+U/Q/a0pbxJoICGSprNLAoBEkyD3Sh9qP5I0Asn0y0wejXQBbsVMRZRxlbGFD9OK4A==",
+      "version": "4.59.0",
+      "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-riscv64-gnu/-/rollup-linux-riscv64-gnu-4.59.0.tgz",
+      "integrity": "sha512-NDYMpsXYJJaj+I7UdwIuHHNxXZ/b/N2hR15NyH3m2qAtb/hHPA4g4SuuvrdxetTdndfj9b1WOmy73kcPRoERUg==",
+      "cpu": [
+        "riscv64"
+      ],
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "linux"
+      ]
+    },
+    "node_modules/@rollup/rollup-linux-riscv64-musl": {
+      "version": "4.59.0",
+      "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-riscv64-musl/-/rollup-linux-riscv64-musl-4.59.0.tgz",
+      "integrity": "sha512-nLckB8WOqHIf1bhymk+oHxvM9D3tyPndZH8i8+35p/1YiVoVswPid2yLzgX7ZJP0KQvnkhM4H6QZ5m0LzbyIAg==",
       "cpu": [
         "riscv64"
       ],
-      "dev": true,
       "license": "MIT",
       "optional": true,
       "os": [
@@ -982,13 +1051,12 @@
       ]
     },
     "node_modules/@rollup/rollup-linux-s390x-gnu": {
-      "version": "4.22.5",
-      "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-s390x-gnu/-/rollup-linux-s390x-gnu-4.22.5.tgz",
-      "integrity": "sha512-bR5nCojtpuMss6TDEmf/jnBnzlo+6n1UhgwqUvRoe4VIotC7FG1IKkyJbwsT7JDsF2jxR+NTnuOwiGv0hLyDoQ==",
+      "version": "4.59.0",
+      "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-s390x-gnu/-/rollup-linux-s390x-gnu-4.59.0.tgz",
+      "integrity": "sha512-oF87Ie3uAIvORFBpwnCvUzdeYUqi2wY6jRFWJAy1qus/udHFYIkplYRW+wo+GRUP4sKzYdmE1Y3+rY5Gc4ZO+w==",
       "cpu": [
         "s390x"
       ],
-      "dev": true,
       "license": "MIT",
       "optional": true,
       "os": [
@@ -996,13 +1064,12 @@
       ]
     },
     "node_modules/@rollup/rollup-linux-x64-gnu": {
-      "version": "4.22.5",
-      "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-x64-gnu/-/rollup-linux-x64-gnu-4.22.5.tgz",
-      "integrity": "sha512-N0jPPhHjGShcB9/XXZQWuWBKZQnC1F36Ce3sDqWpujsGjDz/CQtOL9LgTrJ+rJC8MJeesMWrMWVLKKNR/tMOCA==",
+      "version": "4.59.0",
+      "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-x64-gnu/-/rollup-linux-x64-gnu-4.59.0.tgz",
+      "integrity": "sha512-3AHmtQq/ppNuUspKAlvA8HtLybkDflkMuLK4DPo77DfthRb71V84/c4MlWJXixZz4uruIH4uaa07IqoAkG64fg==",
       "cpu": [
         "x64"
       ],
-      "dev": true,
       "license": "MIT",
       "optional": true,
       "os": [
@@ -1010,27 +1077,51 @@
       ]
     },
     "node_modules/@rollup/rollup-linux-x64-musl": {
-      "version": "4.22.5",
-      "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-x64-musl/-/rollup-linux-x64-musl-4.22.5.tgz",
-      "integrity": "sha512-uBa2e28ohzNNwjr6Uxm4XyaA1M/8aTgfF2T7UIlElLaeXkgpmIJ2EitVNQxjO9xLLLy60YqAgKn/AqSpCUkE9g==",
+      "version": "4.59.0",
+      "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-x64-musl/-/rollup-linux-x64-musl-4.59.0.tgz",
+      "integrity": "sha512-2UdiwS/9cTAx7qIUZB/fWtToJwvt0Vbo0zmnYt7ED35KPg13Q0ym1g442THLC7VyI6JfYTP4PiSOWyoMdV2/xg==",
       "cpu": [
         "x64"
       ],
-      "dev": true,
       "license": "MIT",
       "optional": true,
       "os": [
         "linux"
       ]
     },
+    "node_modules/@rollup/rollup-openbsd-x64": {
+      "version": "4.59.0",
+      "resolved": "https://registry.npmjs.org/@rollup/rollup-openbsd-x64/-/rollup-openbsd-x64-4.59.0.tgz",
+      "integrity": "sha512-M3bLRAVk6GOwFlPTIxVBSYKUaqfLrn8l0psKinkCFxl4lQvOSz8ZrKDz2gxcBwHFpci0B6rttydI4IpS4IS/jQ==",
+      "cpu": [
+        "x64"
+      ],
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "openbsd"
+      ]
+    },
+    "node_modules/@rollup/rollup-openharmony-arm64": {
+      "version": "4.59.0",
+      "resolved": "https://registry.npmjs.org/@rollup/rollup-openharmony-arm64/-/rollup-openharmony-arm64-4.59.0.tgz",
+      "integrity": "sha512-tt9KBJqaqp5i5HUZzoafHZX8b5Q2Fe7UjYERADll83O4fGqJ49O1FsL6LpdzVFQcpwvnyd0i+K/VSwu/o/nWlA==",
+      "cpu": [
+        "arm64"
+      ],
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "openharmony"
+      ]
+    },
     "node_modules/@rollup/rollup-win32-arm64-msvc": {
-      "version": "4.22.5",
-      "resolved": "https://registry.npmjs.org/@rollup/rollup-win32-arm64-msvc/-/rollup-win32-arm64-msvc-4.22.5.tgz",
-      "integrity": "sha512-RXT8S1HP8AFN/Kr3tg4fuYrNxZ/pZf1HemC5Tsddc6HzgGnJm0+Lh5rAHJkDuW3StI0ynNXukidROMXYl6ew8w==",
+      "version": "4.59.0",
+      "resolved": "https://registry.npmjs.org/@rollup/rollup-win32-arm64-msvc/-/rollup-win32-arm64-msvc-4.59.0.tgz",
+      "integrity": "sha512-V5B6mG7OrGTwnxaNUzZTDTjDS7F75PO1ae6MJYdiMu60sq0CqN5CVeVsbhPxalupvTX8gXVSU9gq+Rx1/hvu6A==",
       "cpu": [
         "arm64"
       ],
-      "dev": true,
       "license": "MIT",
       "optional": true,
       "os": [
@@ -1038,13 +1129,25 @@
       ]
     },
     "node_modules/@rollup/rollup-win32-ia32-msvc": {
-      "version": "4.22.5",
-      "resolved": "https://registry.npmjs.org/@rollup/rollup-win32-ia32-msvc/-/rollup-win32-ia32-msvc-4.22.5.tgz",
-      "integrity": "sha512-ElTYOh50InL8kzyUD6XsnPit7jYCKrphmddKAe1/Ytt74apOxDq5YEcbsiKs0fR3vff3jEneMM+3I7jbqaMyBg==",
+      "version": "4.59.0",
+      "resolved": "https://registry.npmjs.org/@rollup/rollup-win32-ia32-msvc/-/rollup-win32-ia32-msvc-4.59.0.tgz",
+      "integrity": "sha512-UKFMHPuM9R0iBegwzKF4y0C4J9u8C6MEJgFuXTBerMk7EJ92GFVFYBfOZaSGLu6COf7FxpQNqhNS4c4icUPqxA==",
       "cpu": [
         "ia32"
       ],
-      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "win32"
+      ]
+    },
+    "node_modules/@rollup/rollup-win32-x64-gnu": {
+      "version": "4.59.0",
+      "resolved": "https://registry.npmjs.org/@rollup/rollup-win32-x64-gnu/-/rollup-win32-x64-gnu-4.59.0.tgz",
+      "integrity": "sha512-laBkYlSS1n2L8fSo1thDNGrCTQMmxjYY5G0WFWjFFYZkKPjsMBsgJfGf4TLxXrF6RyhI60L8TMOjBMvXiTcxeA==",
+      "cpu": [
+        "x64"
+      ],
       "license": "MIT",
       "optional": true,
       "os": [
@@ -1052,13 +1155,12 @@
       ]
     },
     "node_modules/@rollup/rollup-win32-x64-msvc": {
-      "version": "4.22.5",
-      "resolved": "https://registry.npmjs.org/@rollup/rollup-win32-x64-msvc/-/rollup-win32-x64-msvc-4.22.5.tgz",
-      "integrity": "sha512-+lvL/4mQxSV8MukpkKyyvfwhH266COcWlXE/1qxwN08ajovta3459zrjLghYMgDerlzNwLAcFpvU+WWE5y6nAQ==",
+      "version": "4.59.0",
+      "resolved": "https://registry.npmjs.org/@rollup/rollup-win32-x64-msvc/-/rollup-win32-x64-msvc-4.59.0.tgz",
+      "integrity": "sha512-2HRCml6OztYXyJXAvdDXPKcawukWY2GpR5/nxKp4iBgiO3wcoEGkAaqctIbZcNB6KlUQBIqt8VYkNSj2397EfA==",
       "cpu": [
         "x64"
       ],
-      "dev": true,
       "license": "MIT",
       "optional": true,
       "os": [
@@ -1122,10 +1224,9 @@
       }
     },
     "node_modules/@types/estree": {
-      "version": "1.0.6",
-      "resolved": "https://registry.npmjs.org/@types/estree/-/estree-1.0.6.tgz",
-      "integrity": "sha512-AYnb1nQyY49te+VRAVgmzfcgjYS91mY5P0TKUDCLEM+gNnA+3T6rWITXRLYCpahpqSQbN5cE+gHpnPyXjHWxcw==",
-      "dev": true,
+      "version": "1.0.8",
+      "resolved": "https://registry.npmjs.org/@types/estree/-/estree-1.0.8.tgz",
+      "integrity": "sha512-dWHzHa2WqEXI/O1E9OjrocMTKJl2mSrEolh1Iomrv6U+JuNwaHXsXx9bLu5gG7BUWFIN0skIQJQ/L1rIex4X6w==",
       "license": "MIT"
     },
     "node_modules/@types/jquery": {
@@ -2341,7 +2442,6 @@
       "version": "2.3.3",
       "resolved": "https://registry.npmjs.org/fsevents/-/fsevents-2.3.3.tgz",
       "integrity": "sha512-5xoDfX+fL7faATnagmWPpbFtwh/R77WmMMqqHGS65C3vvB0YHrgF+B1YmZ3441tMj5n63k0212XNoJwzlhffQw==",
-      "dev": true,
       "hasInstallScript": true,
       "license": "MIT",
       "optional": true,
@@ -3553,13 +3653,12 @@
       }
     },
     "node_modules/rollup": {
-      "version": "4.22.5",
-      "resolved": "https://registry.npmjs.org/rollup/-/rollup-4.22.5.tgz",
-      "integrity": "sha512-WoinX7GeQOFMGznEcWA1WrTQCd/tpEbMkc3nuMs9BT0CPjMdSjPMTVClwWd4pgSQwJdP65SK9mTCNvItlr5o7w==",
-      "dev": true,
+      "version": "4.59.0",
+      "resolved": "https://registry.npmjs.org/rollup/-/rollup-4.59.0.tgz",
+      "integrity": "sha512-2oMpl67a3zCH9H79LeMcbDhXW/UmWG/y2zuqnF2jQq5uq9TbM9TVyXvA4+t+ne2IIkBdrLpAaRQAvo7YI/Yyeg==",
       "license": "MIT",
       "dependencies": {
-        "@types/estree": "1.0.6"
+        "@types/estree": "1.0.8"
       },
       "bin": {
         "rollup": "dist/bin/rollup"
@@ -3569,22 +3668,31 @@
         "npm": ">=8.0.0"
       },
       "optionalDependencies": {
-        "@rollup/rollup-android-arm-eabi": "4.22.5",
-        "@rollup/rollup-android-arm64": "4.22.5",
-        "@rollup/rollup-darwin-arm64": "4.22.5",
-        "@rollup/rollup-darwin-x64": "4.22.5",
-        "@rollup/rollup-linux-arm-gnueabihf": "4.22.5",
-        "@rollup/rollup-linux-arm-musleabihf": "4.22.5",
-        "@rollup/rollup-linux-arm64-gnu": "4.22.5",
-        "@rollup/rollup-linux-arm64-musl": "4.22.5",
-        "@rollup/rollup-linux-powerpc64le-gnu": "4.22.5",
-        "@rollup/rollup-linux-riscv64-gnu": "4.22.5",
-        "@rollup/rollup-linux-s390x-gnu": "4.22.5",
-        "@rollup/rollup-linux-x64-gnu": "4.22.5",
-        "@rollup/rollup-linux-x64-musl": "4.22.5",
-        "@rollup/rollup-win32-arm64-msvc": "4.22.5",
-        "@rollup/rollup-win32-ia32-msvc": "4.22.5",
-        "@rollup/rollup-win32-x64-msvc": "4.22.5",
+        "@rollup/rollup-android-arm-eabi": "4.59.0",
+        "@rollup/rollup-android-arm64": "4.59.0",
+        "@rollup/rollup-darwin-arm64": "4.59.0",
+        "@rollup/rollup-darwin-x64": "4.59.0",
+        "@rollup/rollup-freebsd-arm64": "4.59.0",
+        "@rollup/rollup-freebsd-x64": "4.59.0",
+        "@rollup/rollup-linux-arm-gnueabihf": "4.59.0",
+        "@rollup/rollup-linux-arm-musleabihf": "4.59.0",
+        "@rollup/rollup-linux-arm64-gnu": "4.59.0",
+        "@rollup/rollup-linux-arm64-musl": "4.59.0",
+        "@rollup/rollup-linux-loong64-gnu": "4.59.0",
+        "@rollup/rollup-linux-loong64-musl": "4.59.0",
+        "@rollup/rollup-linux-ppc64-gnu": "4.59.0",
+        "@rollup/rollup-linux-ppc64-musl": "4.59.0",
+        "@rollup/rollup-linux-riscv64-gnu": "4.59.0",
+        "@rollup/rollup-linux-riscv64-musl": "4.59.0",
+        "@rollup/rollup-linux-s390x-gnu": "4.59.0",
+        "@rollup/rollup-linux-x64-gnu": "4.59.0",
+        "@rollup/rollup-linux-x64-musl": "4.59.0",
+        "@rollup/rollup-openbsd-x64": "4.59.0",
+        "@rollup/rollup-openharmony-arm64": "4.59.0",
+        "@rollup/rollup-win32-arm64-msvc": "4.59.0",
+        "@rollup/rollup-win32-ia32-msvc": "4.59.0",
+        "@rollup/rollup-win32-x64-gnu": "4.59.0",
+        "@rollup/rollup-win32-x64-msvc": "4.59.0",
         "fsevents": "~2.3.2"
       }
     },

iris-web/ui/package.json

@@ -37,6 +37,7 @@
     "jquery.scrollbar": "^0.2.10",
     "jqvmap": "^1.5.1",
     "moment": "^2.22.2",
+    "rollup": "^4.59.0",
     "showdown": "^1.9.0",
     "socket.io": "^4.3.2",
     "sortablejs": "^1.7.0",

iris-web/ui/src/css/kpi_dashboard.css

@@ -0,0 +1,25 @@
+/* KPI Alert Dashboard — styles */
+
+/* KPI bar — 4 segments */
+.kpi-bar-wrap  { display:flex; flex-direction:column; gap:3px; min-width:120px; }
+.kpi-segs      { display:flex; gap:4px; }
+.kpi-seg       { width:26px; height:10px; border-radius:3px; }
+
+/* Scaled fill bar (width = kpi_pct%) */
+.kpi-track     { width:100px; height:6px; background:#e5e7eb; border-radius:3px; overflow:hidden; }
+.kpi-fill      { height:6px; border-radius:3px; transition:width 0.4s ease; }
+.kpi-pct-label { font-size:10px; color:#6b7280; }
+
+/* Severity badges */
+.badge-high    { background:#fed7aa; color:#c2410c; font-size:10px; padding:1px 6px; border-radius:999px; display:inline-block; }
+.badge-medium  { background:#fef9c3; color:#854d0e; font-size:10px; padding:1px 6px; border-radius:999px; display:inline-block; }
+.badge-low     { background:#d1fae5; color:#065f46; font-size:10px; padding:1px 6px; border-radius:999px; display:inline-block; }
+
+/* Status dot */
+.status-dot    { width:10px; height:10px; border-radius:50%; display:inline-block; }
+.dot-open      { background:#ef4444; }
+.dot-closed    { background:#22c55e; }
+
+/* Sortable column headers */
+.sortable      { cursor:pointer; user-select:none; }
+.sortable:hover { background:#f1f5f9; }

iris-web/ui/src/pages/alerts.js

@@ -1,6 +1,32 @@
 let sortOrder ;
 let editor = null;
 
+// ---------------------------------------------------------------------------
+// KPI — fetch from soc-integrator, injected into alert objects before render
+// ---------------------------------------------------------------------------
+async function _fetchAlertKpi(alertId) {
+  try {
+    const res = await fetch(`/kpi-dashboard/api/alerts/${alertId}`);
+    if (!res.ok) return null;
+    const json = await res.json();
+    return json.data?.alert?.kpi ?? null;
+  } catch { return null; }
+}
+
+function _renderAlertKpiBar(alert) {
+  const kpi = alert.kpi;
+  if (!kpi) return '';
+  const segs = kpi.segments.map(s =>
+    `<div style="width:20px;height:8px;border-radius:3px;background:${s.active ? s.color : '#e5e7eb'}" title="${s.label}"></div>`
+  ).join('');
+  return `
+    <span title="KPI: ${kpi.status} — ${kpi.elapsed_pct}% elapsed" class="ml-3 d-inline-flex align-items-center" style="gap:4px">
+      <b><i class="fa-solid fa-gauge-high"></i></b>
+      <span style="display:flex;gap:3px">${segs}</span>
+      <small class="text-muted ml-1">${kpi.status}</small>
+    </span>`;
+}
+
 function objectToQueryString(obj) {
   return Object.keys(obj)
     .filter(key => obj[key] !== undefined && obj[key] !== null && obj[key] !== '')
@@ -1239,6 +1265,7 @@ function renderAlert(alert, expanded=false, modulesOptionsAlertReq,
                 <small class="text-muted ml-1">${formatTime(alert.alert_source_event_time)}</small></span>
                 <span title="Alert severity"><b class="ml-3"><i class="fa-solid fa-bolt"></i></b>
                   <small class="text-muted ml-1" id="alertSeverity-${alert.alert_id}" data-severity-id="${alert.severity.severity_id}">${alert.severity.severity_name}</small></span>
+                ${_renderAlertKpiBar(alert)}
                 <span title="Alert source"><b class="ml-3"><i class="fa-solid fa-cloud-arrow-down"></i></b>
                   <small class="text-muted ml-1">${filterXSS(alert.alert_source) || 'Unspecified'}</small></span>
                 <span title="Alert client"><b class="ml-3"><i class="fa-regular fa-circle-user"></i></b>
@@ -1300,6 +1327,7 @@ async function showAlertHistory(alertId) {
 }
 
 async function refreshAlert(alertId, alertData, expanded=false) {
+    const kpiFetch = _fetchAlertKpi(alertId);
     if (alertData === undefined) {
         const alertDataReq = await fetchAlert(alertId);
         if (api_request_failed(alertDataReq)) {
@@ -1307,6 +1335,8 @@ async function refreshAlert(alertId, alertData, expanded=false) {
         }
         alertData = alertDataReq.data;
     }
+    const kpi = await kpiFetch;
+    if (kpi) alertData.kpi = kpi;
 
       if (modulesOptionsAlertReq === null) {
     modulesOptionsAlertReq = await fetchModulesOptionsAlert();
@@ -1359,12 +1389,14 @@ async function updateAlerts(page, per_page, filters = {}, paging=false){
 
   const filterString = objectToQueryString(filters);
   const data = await fetchAlerts(page, per_page, filterString, sortOrder).catch((error) => {
-        notify_error('Failed to fetch alerts');
-        alertsContainer.html('<h4 class="ml-auto mr-auto">Oops error loading the alerts - Check logs</h4>');
-        console.error(error);
-    });
+      notify_error('Failed to fetch alerts');
+      alertsContainer.html('<h4 class="ml-auto mr-auto">Oops error loading the alerts - Check logs</h4>');
+      console.error(error);
+  });
+  if (!data) return;
 
-  const alerts = data.data;
+  const kpiResults = await Promise.all(data.data.map(a => _fetchAlertKpi(a.alert_id)));
+  const alerts = data.data.map((a, i) => ({ ...a, kpi: kpiResults[i] ?? null }));
 
   if (modulesOptionsAlertReq === null) {
     modulesOptionsAlertReq = await fetchModulesOptionsAlert();

iris-web/ui/src/pages/kpi_dashboard.js

@@ -0,0 +1,314 @@
+// KPI Alert Dashboard — vanilla JS, compiled by Vite into /static/assets/js/iris/kpi_dashboard.js
+import '../css/kpi_dashboard.css';
+
+const API_BASE = '/kpi-dashboard/api';
+
+const state = {
+  page: 1,
+  perPage: 20,
+  sortBy: 'alert_id',
+  sortDir: 'desc',
+  filterTitle: '',
+  filterOwner: '',
+  total: 0,
+  selected: new Set(),
+};
+
+// Debounce helper for filter inputs
+let _debounceTimer = null;
+function debouncedLoad() {
+  clearTimeout(_debounceTimer);
+  _debounceTimer = setTimeout(() => {
+    state.page = 1;
+    loadAlerts();
+  }, 350);
+}
+
+async function loadAlerts() {
+  state.filterTitle = document.getElementById('filter-title').value;
+  state.filterOwner = document.getElementById('filter-owner').value;
+
+  const params = new URLSearchParams({
+    page: state.page,
+    per_page: state.perPage,
+    sort_by: state.sortBy,
+    sort_dir: state.sortDir,
+  });
+  if (state.filterTitle) params.set('filter_title', state.filterTitle);
+  if (state.filterOwner) params.set('filter_owner', state.filterOwner);
+
+  const body = document.getElementById('alerts-body');
+  body.innerHTML = '<tr><td colspan="12" class="text-center text-muted py-4">Loading...</td></tr>';
+
+  try {
+    const res = await fetch(`${API_BASE}/alerts?${params}`);
+    if (!res.ok) throw new Error(`HTTP ${res.status}`);
+    const json = await res.json();
+    const alertsData = json.data?.alerts ?? {};
+    const alerts = alertsData.data ?? [];
+    state.total = alertsData.total ?? alerts.length;
+    renderTable(alerts);
+    updatePageInfo();
+    updateSelectionLabel();
+  } catch (err) {
+    body.innerHTML = `<tr><td colspan="12" class="text-center text-danger py-4">Error: ${err.message}</td></tr>`;
+  }
+}
+
+function renderKpiBar(kpi) {
+  if (!kpi) return '<span class="text-muted">—</span>';
+  const containerW = 100;
+  const fillW = Math.round((kpi.elapsed_pct / 100) * containerW);
+  const fillColor = kpi.resolved ? '#6b7280'
+    : kpi.elapsed_pct >= 75 ? '#ef4444'
+    : kpi.elapsed_pct >= 50 ? '#f97316'
+    : kpi.elapsed_pct >= 25 ? '#eab308'
+    : '#22c55e';
+
+  const segs = (kpi.segments || []).map(s =>
+    `<div class="kpi-seg" style="background:${s.active ? s.color : '#e5e7eb'}" title="${s.label}: ${s.active ? 'active' : 'inactive'}"></div>`
+  ).join('');
+
+  return `
+    <div class="kpi-bar-wrap" title="${kpi.status} — ${kpi.elapsed_pct}% elapsed">
+      <div class="kpi-segs">${segs}</div>
+      <div class="kpi-track">
+        <div class="kpi-fill" style="width:${fillW}px;background:${fillColor}"></div>
+      </div>
+      <span class="kpi-pct-label">${kpi.status}</span>
+    </div>`;
+}
+
+function severityBadge(severity) {
+  if (!severity) return '';
+  const name = (severity.severity_name || '').toLowerCase();
+  const cls = name === 'high' ? 'badge-high' : name === 'medium' ? 'badge-medium' : 'badge-low';
+  return `<span class="${cls}">${severity.severity_name || ''}</span>`;
+}
+
+function statusDot(status) {
+  if (!status) return '';
+  const name = (status.status_name || '').toLowerCase();
+  const cls = name === 'closed' ? 'dot-closed' : 'dot-open';
+  return `<span class="status-dot ${cls}" title="${status.status_name || ''}"></span>`;
+}
+
+function fmtDate(str) {
+  if (!str) return '—';
+  try {
+    return new Date(str).toLocaleString();
+  } catch {
+    return str;
+  }
+}
+
+function renderTable(alerts) {
+  const body = document.getElementById('alerts-body');
+  if (!alerts.length) {
+    body.innerHTML = '<tr><td colspan="12" class="text-center text-muted py-4">No alerts found.</td></tr>';
+    return;
+  }
+
+  body.innerHTML = alerts.map(alert => {
+    const id = alert.alert_id ?? '';
+    const checked = state.selected.has(id) ? 'checked' : '';
+    const owner = (alert.owner || {}).user_name || '—';
+    const classification = (alert.classification || {}).name || '—';
+    const closedAt = alert.alert_close_timestamp ? fmtDate(alert.alert_close_timestamp) : '—';
+    return `
+      <tr class="alert-row" style="cursor:pointer" onclick="openAlertDetail(${id}, event)">
+        <td><input type="checkbox" class="row-chk" data-id="${id}" ${checked} onchange="toggleRow(this)"></td>
+        <td>${statusDot(alert.status)}</td>
+        <td>${owner}</td>
+        <td>${id}</td>
+        <td>${alert.alert_title || '—'}</td>
+        <td>${classification}</td>
+        <td>${severityBadge(alert.severity)}</td>
+        <td>${fmtDate(alert.alert_creation_time)}</td>
+        <td>${renderKpiBar(alert.kpi)}</td>
+        <td>${fmtDate(alert.alert_source_event_time)}</td>
+        <td>${closedAt}</td>
+        <td>—</td>
+      </tr>`;
+  }).join('');
+}
+
+function toggleAll(chk) {
+  document.querySelectorAll('.row-chk').forEach(el => {
+    el.checked = chk.checked;
+    const id = Number(el.dataset.id);
+    if (chk.checked) state.selected.add(id);
+    else state.selected.delete(id);
+  });
+  updateSelectionLabel();
+}
+
+function toggleRow(el) {
+  const id = Number(el.dataset.id);
+  if (el.checked) state.selected.add(id);
+  else state.selected.delete(id);
+  updateSelectionLabel();
+}
+
+function updateSelectionLabel() {
+  // selection label removed from UI
+}
+
+function updatePageInfo() {
+  const el = document.getElementById('page-info');
+  if (el) {
+    const totalPages = Math.max(1, Math.ceil(state.total / state.perPage));
+    el.textContent = `Page ${state.page} of ${totalPages} (${state.total} total)`;
+  }
+}
+
+function prevPage() {
+  if (state.page > 1) {
+    state.page--;
+    refreshActive();
+  }
+}
+
+function nextPage() {
+  const totalPages = Math.ceil(state.total / state.perPage);
+  if (state.page < totalPages) {
+    state.page++;
+    refreshActive();
+  }
+}
+
+function sortBy(col) {
+  if (state.sortBy === col) {
+    state.sortDir = state.sortDir === 'asc' ? 'desc' : 'asc';
+  } else {
+    state.sortBy = col;
+    state.sortDir = 'desc';
+  }
+  state.page = 1;
+  loadAlerts();
+}
+
+async function assignSelected() {
+  if (!state.selected.size) {
+    alert('No alerts selected.');
+    return;
+  }
+  const ownerIdStr = prompt('Enter owner user ID to assign:');
+  if (!ownerIdStr) return;
+  const ownerId = parseInt(ownerIdStr, 10);
+  if (isNaN(ownerId)) {
+    alert('Invalid owner ID.');
+    return;
+  }
+  const ids = Array.from(state.selected);
+  try {
+    await Promise.all(ids.map(id =>
+      fetch(`${API_BASE}/alerts/${id}/assign`, {
+        method: 'POST',
+        headers: { 'Content-Type': 'application/json' },
+        body: JSON.stringify({ owner_id: ownerId }),
+      })
+    ));
+    state.selected.clear();
+    loadAlerts();
+  } catch (err) {
+    alert(`Assignment failed: ${err.message}`);
+  }
+}
+
+function exportCsv() {
+  const params = new URLSearchParams({
+    sort_by: state.sortBy,
+    sort_dir: state.sortDir,
+  });
+  if (state.filterTitle) params.set('filter_title', state.filterTitle);
+  if (state.filterOwner) params.set('filter_owner', state.filterOwner);
+  window.location.href = `${API_BASE}/alerts/export-csv?${params}`;
+}
+
+let activeTab = 'alerts';
+
+function switchTab(tab) {
+  activeTab = tab;
+  document.getElementById('tab-alerts').classList.toggle('active', tab === 'alerts');
+  document.getElementById('tab-cases').classList.toggle('active', tab === 'cases');
+  state.page = 1;
+  activeTab === 'alerts' ? loadAlerts() : loadCases();
+}
+
+async function loadCases() {
+  const params = new URLSearchParams({
+    page: state.page,
+    per_page: state.perPage,
+    sort_by: state.sortBy,
+    sort_dir: state.sortDir,
+  });
+  const body = document.getElementById('alerts-body');
+  body.innerHTML = '<tr><td colspan="12" class="text-center text-muted py-4">Loading...</td></tr>';
+  try {
+    const res = await fetch(`${API_BASE}/cases?${params}`);
+    if (!res.ok) throw new Error(`HTTP ${res.status}`);
+    const json = await res.json();
+    const casesData = json.data?.cases ?? {};
+    const cases = casesData.data ?? [];
+    state.total = casesData.total ?? cases.length;
+    renderCasesTable(cases);
+    updatePageInfo();
+  } catch (err) {
+    body.innerHTML = `<tr><td colspan="12" class="text-center text-danger py-4">Error: ${err.message}</td></tr>`;
+  }
+}
+
+function renderCasesTable(cases) {
+  const body = document.getElementById('alerts-body');
+  if (!cases.length) {
+    body.innerHTML = '<tr><td colspan="12" class="text-center text-muted py-4">No cases found.</td></tr>';
+    return;
+  }
+  body.innerHTML = cases.map(c => {
+    const owner = (c.owner || {}).user_name || '—';
+    const stateName = (c.state || {}).state_name || '—';
+    const closed = c.close_date ? fmtDate(c.close_date) : '—';
+    return `<tr>
+      <td></td>
+      <td>${statusDot({status_name: stateName})}</td>
+      <td>${owner}</td>
+      <td>${c.case_id ?? ''}</td>
+      <td>${c.case_name || '—'}</td>
+      <td>${c.case_soc_id || '—'}</td>
+      <td>—</td>
+      <td>${fmtDate(c.open_date)}</td>
+      <td>${renderKpiBar(c.kpi)}</td>
+      <td>—</td>
+      <td>${closed}</td>
+      <td>—</td>
+    </tr>`;
+  }).join('');
+}
+
+function openAlertDetail(alertId, event) {
+  // Don't navigate when clicking the checkbox
+  if (event && event.target.type === 'checkbox') return;
+  window.location.href = `/alerts?alert_ids=${alertId}&cid=1`;
+}
+
+function refreshActive() {
+  activeTab === 'alerts' ? loadAlerts() : loadCases();
+}
+
+// Auto-load on page ready
+document.addEventListener('DOMContentLoaded', loadAlerts);
+setInterval(refreshActive, 60_000);
+
+// Expose for inline onclick handlers
+window.debouncedLoad = debouncedLoad;
+window.loadAlerts = loadAlerts;
+window.toggleAll = toggleAll;
+window.toggleRow = toggleRow;
+window.assignSelected = assignSelected;
+window.exportCsv = exportCsv;
+window.prevPage = prevPage;
+window.nextPage = nextPage;
+window.sortBy = sortBy;
+window.switchTab = switchTab;
+window.openAlertDetail = openAlertDetail;

iris-web/ui/src/pages/manage.cases.js

@@ -26,7 +26,31 @@ $('#classification_id').prepend(new Option('', ''));
 
 
  /*************************
- *  Case list section 
+ *  KPI helpers
+ *************************/
+async function _fetchCaseKpi(caseId) {
+  try {
+    const res = await fetch(`/kpi-dashboard/api/cases/${caseId}`);
+    if (!res.ok) return null;
+    const json = await res.json();
+    return json.data?.case?.kpi ?? null;
+  } catch { return null; }
+}
+
+function _renderCaseKpiBar(kpi) {
+  if (!kpi) return '<span class="text-muted">—</span>';
+  const segs = (kpi.segments || []).map(s =>
+    `<div style="width:18px;height:8px;border-radius:3px;background:${s.active ? s.color : '#e5e7eb'}" title="${s.label}"></div>`
+  ).join('');
+  return `<span title="KPI: ${kpi.status} — ${kpi.elapsed_pct}% elapsed" style="display:inline-flex;align-items:center;gap:4px">
+    <b><i class="fa-solid fa-gauge-high"></i></b>
+    <span style="display:flex;gap:3px">${segs}</span>
+    <small class="text-muted">${kpi.status}</small>
+  </span>`;
+}
+
+ /*************************
+ *  Case list section
  *************************/
 /* case table creation */
 $.each($.find("table"), function(index, element){
@@ -112,6 +136,17 @@ $('#cases_table').dataTable({
             if (type === 'display') { data = sanitizeHTML(data);}
             return data;
           }
+        },
+        {
+            "data": "case_id",
+            "orderable": false,
+            "searchable": false,
+            "render": function (data, type, row) {
+                if (type === 'display') {
+                    return `<span id="case-kpi-${data}"><small class="text-muted">…</small></span>`;
+                }
+                return data;
+            }
         }
     ],
     dom: '<"container-fluid"<"row"<"col"l><"col"f>>>rt<"container-fluid"<"row"<"col"i><"col"p>>>',
@@ -133,7 +168,16 @@ $('#cases_table').dataTable({
     },
     initComplete: function () {
             tableFiltering(this.api(), 'cases_table');
-        }
+        },
+    drawCallback: function () {
+        const api = this.api();
+        api.rows({ page: 'current' }).data().each(function (row) {
+            const caseId = row.case_id;
+            _fetchCaseKpi(caseId).then(kpi => {
+                $(`#case-kpi-${caseId}`).html(_renderCaseKpiBar(kpi));
+            });
+        });
+    }
     }
 );
 

run-combined-stack.sh

@@ -101,7 +101,7 @@ run_iris() {
   docker compose \
     --project-name iris-web \
     --project-directory "${ROOT_DIR}/iris-web" \
-    -f "${ROOT_DIR}/iris-web/docker-compose.yml" \
+    -f "${ROOT_DIR}/iris-web/docker-compose.dev.yml" \
     -f "${ROOT_DIR}/compose-overrides/iris.shared-network.yml" \
     "${COMMAND}" ${ARGS[@]+"${ARGS[@]}"}
 }

scripts/seed-kpi-test-data.py

@@ -0,0 +1,358 @@
+#!/usr/bin/env python3
+"""
+seed-kpi-test-data.py — Create test IRIS alerts and cases for KPI dashboard UI testing.
+
+Creates a spread of records covering every KPI state:
+  On Track | Watch | Warning | Urgent | Critical | Breached | Resolved
+
+Usage:
+  python3 scripts/seed-kpi-test-data.py [--alerts-only] [--cases-only] [--dry-run]
+
+Env vars (override defaults):
+  IRIS_BASE_URL   default: https://localhost:8443
+  IRIS_API_KEY    required
+"""
+import argparse
+import json
+import os
+import ssl
+import sys
+import urllib.request
+from datetime import datetime, timedelta, timezone
+from pathlib import Path
+
+# ---------------------------------------------------------------------------
+# Config
+# ---------------------------------------------------------------------------
+
+def _read_env_file(path: str, key: str) -> str:
+    p = Path(path)
+    if not p.exists():
+        return ""
+    for line in p.read_text().splitlines():
+        if line.startswith(f"{key}="):
+            return line[len(key) + 1:].strip()
+    return ""
+
+BASE_DIR = Path(__file__).parent.parent
+ENV_FILE = BASE_DIR / "soc-integrator" / ".env"
+
+IRIS_BASE_URL = (
+    os.environ.get("IRIS_BASE_URL")
+    or _read_env_file(str(ENV_FILE), "IRIS_BASE_URL")
+    or "https://localhost:8443"
+).rstrip("/").replace("iriswebapp_nginx", "localhost")
+
+IRIS_API_KEY = (
+    os.environ.get("IRIS_API_KEY")
+    or _read_env_file(str(ENV_FILE), "IRIS_API_KEY")
+    or ""
+)
+
+if not IRIS_API_KEY:
+    sys.exit("error: IRIS_API_KEY not set. Export it or add it to soc-integrator/.env")
+
+# ---------------------------------------------------------------------------
+# HTTP helpers (no extra deps)
+# ---------------------------------------------------------------------------
+
+_ssl_ctx = ssl.create_default_context()
+_ssl_ctx.check_hostname = False
+_ssl_ctx.verify_mode = ssl.CERT_NONE
+
+
+def _req(method: str, path: str, body: dict | None = None) -> dict:
+    url = f"{IRIS_BASE_URL}{path}"
+    data = json.dumps(body).encode() if body else None
+    headers = {
+        "Authorization": f"Bearer {IRIS_API_KEY}",
+        "Content-Type": "application/json",
+    }
+    req = urllib.request.Request(url, data=data, headers=headers, method=method)
+    with urllib.request.urlopen(req, context=_ssl_ctx, timeout=15) as r:
+        return json.loads(r.read())
+
+
+def get(path: str) -> dict:
+    return _req("GET", path)
+
+
+def post(path: str, body: dict) -> dict:
+    return _req("POST", path, body)
+
+
+def put(path: str, body: dict) -> dict:
+    return _req("PUT", path, body)
+
+
+# ---------------------------------------------------------------------------
+# Lookup tables
+# ---------------------------------------------------------------------------
+
+def _get_severity_ids() -> dict[str, int]:
+    """Return name→id map for alert severities."""
+    data = get("/manage/severities/list")
+    items = (data.get("data") or [])
+    return {s["severity_name"].lower(): s["severity_id"] for s in items if "severity_name" in s}
+
+
+def _get_alert_status_ids() -> dict[str, int]:
+    data = get("/manage/alert-status/list")
+    items = data.get("data") or []
+    return {s["status_name"].lower(): s["status_id"] for s in items if "status_name" in s}
+
+
+def _get_resolution_status_ids() -> dict[str, int]:
+    try:
+        data = get("/manage/alert-resolutions/list")
+        items = data.get("data") or []
+        return {s["resolution_status_name"].lower(): s["resolution_status_id"]
+                for s in items if "resolution_status_name" in s}
+    except Exception:
+        return {}
+
+
+def _get_customer_id() -> int:
+    try:
+        data = get("/api/v2/customers")
+        items = (data.get("data") or {}).get("customers") or []
+        if items:
+            return items[0].get("customer_id", 1)
+    except Exception:
+        pass
+    return 1
+
+
+# ---------------------------------------------------------------------------
+# Alert scenarios
+# ---------------------------------------------------------------------------
+
+def _ts(offset_hours: float) -> str:
+    """ISO timestamp offset_hours ago (UTC, naive — what IRIS expects)."""
+    dt = datetime.now(timezone.utc) - timedelta(hours=offset_hours)
+    return dt.strftime("%Y-%m-%dT%H:%M:%S")
+
+
+def _date(offset_hours: float) -> str:
+    """Date string (YYYY-MM-DD) offset_hours ago — for case close_date."""
+    dt = datetime.now(timezone.utc) - timedelta(hours=offset_hours)
+    return dt.strftime("%Y-%m-%d")
+
+
+# Each tuple: (label, severity, created_hours_ago, resolved_hours_after_creation_or_None)
+# SLA: High=4h  Medium=8h  Low=24h
+ALERT_SCENARIOS = [
+    # --- High severity (4h SLA) ---
+    ("High / On Track (1h old)",       "High",   1.0,   None),   # 75% remaining
+    ("High / Watch (2.5h old)",        "High",   2.5,   None),   # ~37% remaining → Watch
+    ("High / Warning (3h old)",        "High",   3.0,   None),   # 25% remaining
+    ("High / Breached (6h old)",       "High",   6.0,   None),   # 0%
+    ("High / Resolved in SLA (2h)",    "High",   4.0,   2.0),    # resolved 2h after open → 50% KPI frozen
+    ("High / Resolved breached (5h)",  "High",   7.0,   5.0),    # resolved after SLA breach → Resolved/0%
+    # --- Medium severity (8h SLA) ---
+    ("Medium / On Track (1h old)",     "Medium", 1.0,   None),
+    ("Medium / Watch (3h old)",        "Medium", 3.0,   None),
+    ("Medium / Warning (5h old)",      "Medium", 5.0,   None),
+    ("Medium / Urgent (7h old)",       "Medium", 7.0,   None),
+    ("Medium / Critical (7.8h old)",   "Medium", 7.8,   None),
+    ("Medium / Breached (10h old)",    "Medium", 10.0,  None),
+    ("Medium / Resolved in SLA (4h)",  "Medium", 9.0,   4.0),
+    # --- Low severity (24h SLA) ---
+    ("Low / On Track (2h old)",        "Low",    2.0,   None),
+    ("Low / Warning (14h old)",        "Low",    14.0,  None),
+    ("Low / Breached (30h old)",       "Low",    30.0,  None),
+    ("Low / Resolved in SLA (12h)",    "Low",    25.0,  12.0),
+]
+
+# Case scenarios: (label, tags, created_hours_ago, close_hours_after_creation_or_None)
+CASE_SCENARIOS = [
+    ("High / Open On Track",           "High,wazuh",         1.0,   None),
+    ("High / Open Watch",              "High,brute-force",   2.5,   None),
+    ("High / Breached",                "High,lateral-movement", 6.0, None),
+    ("High / Resolved in SLA",         "High,exfiltration",  5.0,   2.0),
+    ("Medium / Open Watch",            "Medium,wazuh",       3.0,   None),
+    ("Medium / Open Urgent",           "Medium,phishing",    7.0,   None),
+    ("Medium / Breached",              "Medium,ransomware",  12.0,  None),
+    ("Medium / Resolved",              "Medium,malware",     10.0,  5.0),
+    ("Low / On Track",                 "Low,wazuh",          2.0,   None),
+    ("Low / Warning",                  "Low,recon",          14.0,  None),
+    ("Low / Resolved in SLA",          "Low,policy",         26.0,  10.0),
+]
+
+
+# ---------------------------------------------------------------------------
+# Create alerts
+# ---------------------------------------------------------------------------
+
+def create_alerts(sev_ids: dict, status_ids: dict, res_ids: dict, customer_id: int, dry_run: bool):
+    new_id = status_ids.get("new") or 2
+    closed_id = status_ids.get("closed") or 6
+    # Pick any "true positive" resolution, falling back to first available
+    res_tp_id = (
+        res_ids.get("true positive with impact")
+        or res_ids.get("true positive without impact")
+        or (list(res_ids.values())[0] if res_ids else 2)
+    )
+
+    print(f"\n=== Creating {len(ALERT_SCENARIOS)} alerts ===")
+    for label, sev_name, created_h, resolved_h in ALERT_SCENARIOS:
+        sev_id = sev_ids.get(sev_name.lower()) or sev_ids.get("medium") or 3
+        created_ts = _ts(created_h)
+
+        payload: dict = {
+            "alert_title": f"[KPI Test] {label}",
+            "alert_description": f"Seed data: {label}. Created {created_h}h ago.",
+            "alert_severity_id": sev_id,
+            "alert_status_id": new_id,
+            "alert_customer_id": customer_id,
+            "alert_source": "kpi-seed",
+            "alert_source_ref": "seed-kpi-test-data",
+            "alert_source_event_time": created_ts,
+            "alert_creation_time": created_ts,
+        }
+
+        if resolved_h is not None:
+            payload["alert_status_id"] = closed_id
+            if res_tp_id:
+                payload["alert_resolution_status_id"] = res_tp_id
+
+        if dry_run:
+            print(f"  DRY-RUN  {label}")
+            continue
+
+        try:
+            resp = post("/alerts/add", payload)
+            alert_data = resp.get("data") or {}
+            aid = alert_data.get("alert_id", "?")
+            print(f"  created  alert_id={aid}  {label}")
+        except Exception as exc:
+            print(f"  FAILED   {label}: {exc}")
+
+
+# ---------------------------------------------------------------------------
+# Create cases
+# ---------------------------------------------------------------------------
+
+def create_cases(customer_id: int, dry_run: bool):
+    print(f"\n=== Creating {len(CASE_SCENARIOS)} cases ===")
+    for label, tags, created_h, close_h in CASE_SCENARIOS:
+        open_date = _ts(created_h)
+        # close_date: a date-only string (IRIS v2 close_date is a date, not datetime)
+        close_date = _date(created_h - close_h) if close_h is not None else None
+
+        payload: dict = {
+            "case_name": f"[KPI Test] {label}",
+            "case_description": f"Seed data: {label}. Opened {created_h}h ago.",
+            "case_customer": customer_id,
+            "case_tags": tags,
+            "case_soc_id": "seed-kpi",
+        }
+
+        if dry_run:
+            print(f"  DRY-RUN  {label}")
+            continue
+
+        try:
+            resp = post("/api/v2/cases", payload)
+            # v2 create returns the case object directly (no data wrapper)
+            cid = resp.get("case_id") or (resp.get("data") or {}).get("case_id", "?")
+            print(f"  created  case_id={cid}  {label}")
+
+            # Close the case if needed — IRIS v2: PUT /api/v2/cases/{id} with close_date
+            if close_date and cid and cid != "?":
+                try:
+                    put(f"/api/v2/cases/{cid}", {"close_date": close_date})
+                    print(f"           └─ closed at {close_date}")
+                except Exception as exc:
+                    print(f"           └─ close failed: {exc}")
+        except Exception as exc:
+            print(f"  FAILED   {label}: {exc}")
+
+
+# ---------------------------------------------------------------------------
+# Main
+# ---------------------------------------------------------------------------
+
+def _backdate_alerts_via_db(scenarios: list, dry_run: bool):
+    """Update alert_creation_time and modification_history in Postgres via docker exec."""
+    import subprocess
+
+    lines = []
+    for label, sev, created_h, resolved_h in scenarios:
+        title_sql = label.replace("'", "''")
+        lines.append(
+            f"UPDATE alerts SET alert_creation_time = NOW() - INTERVAL '{int(created_h * 60)} minutes' "
+            f"WHERE alert_title = '[KPI Test] {title_sql}';"
+        )
+        if resolved_h is not None:
+            elapsed_h = created_h - resolved_h          # hours from now to resolution
+            lines.append(
+                f"WITH ts AS (SELECT EXTRACT(EPOCH FROM NOW() - INTERVAL '{int(elapsed_h * 60)} minutes') AS t) "
+                f"UPDATE alerts SET modification_history = jsonb_build_object((SELECT t::text FROM ts), "
+                f"'{{\"user\":\"seed\",\"action\":\"Alert resolved\"}}') "
+                f"WHERE alert_title = '[KPI Test] {title_sql}';"
+            )
+
+    sql = "\n".join(lines)
+    print("\n--- Backdating alert timestamps via docker exec ---")
+    if dry_run:
+        print("  DRY-RUN (SQL would be):")
+        print(sql[:500] + "...")
+        return
+    result = subprocess.run(
+        ["docker", "exec", "iriswebapp_db", "psql", "-U", "postgres", "-d", "iris_db", "-c", sql],
+        capture_output=True, text=True,
+    )
+    if result.returncode != 0:
+        print(f"  WARN: backdate failed: {result.stderr[:300]}")
+    else:
+        print("  done.")
+
+
+def main():
+    parser = argparse.ArgumentParser(description=__doc__, formatter_class=argparse.RawDescriptionHelpFormatter)
+    parser.add_argument("--alerts-only", action="store_true")
+    parser.add_argument("--cases-only", action="store_true")
+    parser.add_argument("--backdate", action="store_true",
+                        help="Update alert_creation_time in PostgreSQL via docker exec after creation")
+    parser.add_argument("--dry-run", action="store_true", help="Print what would be created without calling IRIS")
+    args = parser.parse_args()
+
+    print(f"IRIS: {IRIS_BASE_URL}")
+
+    if args.dry_run:
+        print("DRY-RUN mode — no requests will be made\n")
+        if not args.cases_only:
+            create_alerts({}, {}, {}, 1, dry_run=True)
+            if args.backdate:
+                _backdate_alerts_via_db(ALERT_SCENARIOS, dry_run=True)
+        if not args.alerts_only:
+            create_cases(1, dry_run=True)
+        return
+
+    print("Fetching IRIS lookup tables...")
+    try:
+        sev_ids = _get_severity_ids()
+        status_ids = _get_alert_status_ids()
+        res_ids = _get_resolution_status_ids()
+        customer_id = _get_customer_id()
+    except Exception as exc:
+        sys.exit(f"error: could not reach IRIS at {IRIS_BASE_URL}: {exc}")
+
+    print(f"  severities:    {sev_ids}")
+    print(f"  alert statuses:{status_ids}")
+    print(f"  resolution:    {res_ids}")
+    print(f"  customer_id:   {customer_id}")
+
+    if not args.cases_only:
+        create_alerts(sev_ids, status_ids, res_ids, customer_id, dry_run=False)
+        if args.backdate:
+            _backdate_alerts_via_db(ALERT_SCENARIOS, dry_run=False)
+    if not args.alerts_only:
+        create_cases(customer_id, dry_run=False)
+
+    print("\ndone.")
+
+
+if __name__ == "__main__":
+    main()

soc-integrator/app/adapters/iris.py

@@ -67,8 +67,9 @@ class IrisAdapter:
         headers = self._headers()
         safe_limit = max(1, limit)
         safe_offset = max(0, offset)
+        page = (safe_offset // safe_limit) + 1
         v2_url = f"{self.base_url}/api/v2/cases"
-        params = {"limit": safe_limit, "offset": safe_offset}
+        params = {"page": page, "per_page": safe_limit}
         async with httpx.AsyncClient(verify=False, timeout=20.0) as client:
             response = await client.get(v2_url, params=params, headers=headers)
             active_url = v2_url
@@ -112,6 +113,9 @@ class IrisAdapter:
                 return {"status_code": response.status_code}
 
             result = response.json()
+            # IRIS v2 response: { "total": int, "data": [...], "last_page": int, ... }
+            if isinstance(result, dict) and isinstance(result.get("total"), int) and isinstance(result.get("data"), list):
+                return result  # pass v2 response through directly
             if isinstance(result, dict) and isinstance(result.get("data"), list):
                 total = result.get("recordsTotal")
                 if not isinstance(total, int):
@@ -125,3 +129,93 @@ class IrisAdapter:
                     "raw": result,
                 }
             return result
+
+    async def create_alert(self, payload: dict[str, Any]) -> dict[str, Any]:
+        headers = self._headers()
+        url = f"{self.base_url}/alerts/add"
+        async with httpx.AsyncClient(verify=False, timeout=20.0) as client:
+            response = await client.post(url, json=payload, headers=headers)
+            try:
+                response.raise_for_status()
+            except httpx.HTTPStatusError as exc:
+                detail = response.text.strip()
+                raise RuntimeError(
+                    f"IRIS returned {response.status_code} for {url}. Response: {detail}"
+                ) from exc
+            return response.json() if response.content else {"status_code": response.status_code}
+
+    async def get_case(self, case_id: int) -> dict[str, Any]:
+        headers = self._headers()
+        url = f"{self.base_url}/api/v2/cases/{case_id}"
+        async with httpx.AsyncClient(verify=False, timeout=20.0) as client:
+            response = await client.get(url, headers=headers)
+            try:
+                response.raise_for_status()
+            except httpx.HTTPStatusError as exc:
+                detail = response.text.strip()
+                raise RuntimeError(
+                    f"IRIS returned {response.status_code} for {url}. Response: {detail}"
+                ) from exc
+            return response.json() if response.content else {}
+
+    async def get_alert(self, alert_id: int) -> dict[str, Any]:
+        headers = self._headers()
+        url = f"{self.base_url}/alerts/{alert_id}"
+        async with httpx.AsyncClient(verify=False, timeout=20.0) as client:
+            response = await client.get(url, headers=headers)
+            try:
+                response.raise_for_status()
+            except httpx.HTTPStatusError as exc:
+                detail = response.text.strip()
+                raise RuntimeError(
+                    f"IRIS returned {response.status_code} for {url}. Response: {detail}"
+                ) from exc
+            result = response.json() if response.content else {}
+            # Legacy endpoint returns {"status": "success", "data": {...}}
+            return result.get("data", result)
+
+    async def list_alerts(
+        self,
+        page: int = 1,
+        per_page: int = 50,
+        sort_by: str = "alert_id",
+        sort_dir: str = "desc",
+        filter_title: str | None = None,
+        filter_owner_id: int | None = None,
+    ) -> dict[str, Any]:
+        headers = self._headers()
+        url = f"{self.base_url}/api/v2/alerts"
+        params: dict[str, Any] = {
+            "page": max(1, page),
+            "per_page": max(1, per_page),
+            "sort": f"{sort_by}:{sort_dir}",
+        }
+        if filter_title:
+            params["alert_title"] = filter_title
+        if filter_owner_id:
+            params["alert_owner_id"] = filter_owner_id
+        async with httpx.AsyncClient(verify=False, timeout=30.0) as client:
+            response = await client.get(url, params=params, headers=headers)
+            try:
+                response.raise_for_status()
+            except httpx.HTTPStatusError as exc:
+                detail = response.text.strip()
+                raise RuntimeError(
+                    f"IRIS returned {response.status_code} for {url}. Response: {detail}"
+                ) from exc
+            return response.json() if response.content else {"status_code": response.status_code}
+
+    async def assign_alert(self, alert_id: int, owner_id: int) -> dict[str, Any]:
+        headers = self._headers()
+        url = f"{self.base_url}/api/v2/alerts/{alert_id}"
+        payload = {"alert_owner_id": owner_id}
+        async with httpx.AsyncClient(verify=False, timeout=20.0) as client:
+            response = await client.put(url, json=payload, headers=headers)
+            try:
+                response.raise_for_status()
+            except httpx.HTTPStatusError as exc:
+                detail = response.text.strip()
+                raise RuntimeError(
+                    f"IRIS returned {response.status_code} for {url}. Response: {detail}"
+                ) from exc
+            return response.json() if response.content else {"status_code": response.status_code}

soc-integrator/app/main.py

@@ -11,7 +11,9 @@ from pathlib import Path
 
 from psycopg import sql
 from fastapi import Depends, FastAPI, File, HTTPException, Request, UploadFile
-from fastapi.responses import FileResponse, Response
+import csv
+import io
+from fastapi.responses import FileResponse, Response, StreamingResponse
 from fastapi.staticfiles import StaticFiles
 
 from app.adapters.abuseipdb import AbuseIpdbAdapter
@@ -29,6 +31,7 @@ from app.models import (
     CDetectionEvaluateRequest,
     IocEnrichRequest,
     IocEvaluateRequest,
+    IrisAlertCreateRequest,
     IrisTicketCreateRequest,
     LogLossCheckRequest,
     LogLossStreamCheck,
@@ -2299,3 +2302,361 @@ async def monitor_c_detections_state() -> ApiResponse:
             "state": getattr(app.state, "c_detection_state", {}),
         }
     )
+
+
+# ---------------------------------------------------------------------------
+# KPI Timeout helpers and IRIS alert routes
+# ---------------------------------------------------------------------------
+
+SLA_SECONDS: dict[str, int] = {"High": 14400, "Medium": 28800, "Low": 86400}
+
+
+def compute_kpi(
+    created_at: str,
+    severity_name: str,
+    resolved_at: str | None = None,
+) -> dict[str, object]:
+    sla = SLA_SECONDS.get(severity_name, 28800)
+
+    def _parse(ts: str) -> datetime:
+        dt = datetime.fromisoformat(ts.replace("Z", "+00:00"))
+        return dt if dt.tzinfo else dt.replace(tzinfo=timezone.utc)
+
+    start = _parse(created_at)
+    thresholds = [("S1", "#22c55e", 25), ("S2", "#eab308", 50), ("S3", "#f97316", 75), ("S4", "#ef4444", 100)]
+
+    if resolved_at:
+        end = _parse(resolved_at)
+        elapsed = max(0, (end - start).total_seconds())  # clamp: close_date can't precede open_date
+        elapsed_pct = min(elapsed / sla * 100, 100)
+        kpi_pct = max(100 - elapsed_pct, 0)
+        segments = [{"label": l, "color": c, "active": elapsed_pct >= t} for l, c, t in thresholds]
+        return {
+            "kpi_pct": round(kpi_pct, 1),
+            "elapsed_pct": round(elapsed_pct, 1),
+            "status": "Resolved",
+            "segments": segments,
+            "resolved": True,
+        }
+
+    elapsed = (datetime.now(timezone.utc) - start).total_seconds()
+    elapsed_pct = min(elapsed / sla * 100, 100)
+    kpi_pct = max(100 - elapsed_pct, 0)
+    segments = [{"label": l, "color": c, "active": elapsed_pct >= t} for l, c, t in thresholds]
+    if kpi_pct >= 80:
+        status = "On Track"
+    elif kpi_pct >= 60:
+        status = "Watch"
+    elif kpi_pct >= 40:
+        status = "Warning"
+    elif kpi_pct >= 20:
+        status = "Urgent"
+    elif kpi_pct > 0:
+        status = "Critical"
+    else:
+        status = "Breached"
+    return {
+        "kpi_pct": round(kpi_pct, 1),
+        "elapsed_pct": round(elapsed_pct, 1),
+        "status": status,
+        "segments": segments,
+        "resolved": False,
+    }
+
+
+def _enrich_alerts_with_kpi(iris_response: dict) -> dict:
+    """Inject kpi field into each alert row returned by IRIS.
+
+    IRIS GET /api/v2/alerts returns: { "total": N, "data": [...], ... }
+    """
+    alerts = iris_response.get("data", [])
+    if not isinstance(alerts, list):
+        return iris_response
+    for alert in alerts:
+        created_at = alert.get("alert_creation_time") or ""
+        severity = (alert.get("severity") or {}).get("severity_name", "Medium")
+        if not created_at:
+            continue
+        resolved_at: str | None = None
+        if alert.get("alert_resolution_status_id") is not None:
+            history: dict = alert.get("modification_history") or {}
+            if history:
+                last_ts = max(history.keys(), key=lambda k: float(k))
+                resolved_at = datetime.fromtimestamp(float(last_ts), tz=timezone.utc).isoformat()
+        try:
+            alert["kpi"] = compute_kpi(created_at, severity, resolved_at)
+        except Exception:
+            alert["kpi"] = {"kpi_pct": 0, "elapsed_pct": 100, "status": "Breached", "segments": [], "resolved": False}
+    return iris_response
+
+
+def _enrich_cases_with_kpi(iris_response: dict) -> dict:
+    # v2 cases list: { "data": [...], "total": N, ... }
+    # Each case uses open_date / close_date / state.state_name / severity_id
+    _CASE_SEV: dict[int, str] = {1: "Medium", 4: "Low", 5: "High", 6: "High"}  # severity_id → name
+    cases = iris_response.get("data") or iris_response.get("items", [])
+    if not isinstance(cases, list):
+        return iris_response
+    for case in cases:
+        created_at = case.get("open_date") or ""
+        if not created_at:
+            continue
+        sev_id = case.get("severity_id") or 1
+        severity = _CASE_SEV.get(int(sev_id), "Medium")
+        resolved_at = None
+        close_date = case.get("close_date")
+        state_name = ((case.get("state") or {}).get("state_name") or "").lower()
+        if close_date:
+            resolved_at = close_date
+        elif state_name == "closed":
+            resolved_at = created_at
+        try:
+            case["kpi"] = compute_kpi(created_at, severity, resolved_at)
+        except Exception:
+            case["kpi"] = {"kpi_pct": 0, "elapsed_pct": 100, "status": "Breached", "segments": [], "resolved": False}
+    return iris_response
+
+
+@app.get(
+    "/iris/cases/export-csv",
+    summary="Export IRIS cases as CSV",
+    description="Download all cases (up to 1000) with KPI as a CSV attachment.",
+)
+async def iris_export_cases_csv() -> StreamingResponse:
+    try:
+        raw = await iris_adapter.list_cases(limit=1000, offset=0)
+    except Exception as exc:
+        raise HTTPException(status_code=502, detail=f"IRIS case export failed: {exc}") from exc
+    enriched = _enrich_cases_with_kpi(raw)
+    cases = enriched.get("data") or enriched.get("items", [])
+    _CASE_SEV: dict[int, str] = {1: "Medium", 4: "Low", 5: "High", 6: "High"}
+    output = io.StringIO()
+    fieldnames = ["case_id", "case_name", "severity", "state", "open_date", "close_date", "kpi_pct", "kpi_status"]
+    writer = csv.DictWriter(output, fieldnames=fieldnames, extrasaction="ignore")
+    writer.writeheader()
+    for case in cases:
+        kpi = case.get("kpi", {})
+        writer.writerow({
+            "case_id": case.get("case_id", ""),
+            "case_name": case.get("case_name", ""),
+            "severity": _CASE_SEV.get(int(case.get("severity_id") or 1), "Medium"),
+            "state": (case.get("state") or {}).get("state_name", ""),
+            "open_date": case.get("open_date", ""),
+            "close_date": case.get("close_date", ""),
+            "kpi_pct": kpi.get("kpi_pct", ""),
+            "kpi_status": kpi.get("status", ""),
+        })
+    output.seek(0)
+    return StreamingResponse(
+        iter([output.getvalue()]),
+        media_type="text/csv",
+        headers={"Content-Disposition": "attachment; filename=iris_cases.csv"},
+    )
+
+
+@app.get(
+    "/iris/cases/{case_id}",
+    response_model=ApiResponse,
+    summary="Get single IRIS case with KPI",
+    description="Fetch one DFIR-IRIS case by ID and annotate with computed KPI data.",
+)
+async def iris_get_case(case_id: int) -> ApiResponse:
+    try:
+        raw = await iris_adapter.get_case(case_id)
+    except Exception as exc:
+        raise HTTPException(status_code=502, detail=f"IRIS case fetch failed: {exc}") from exc
+    wrapper = {"data": [raw]}
+    enriched = _enrich_cases_with_kpi(wrapper)
+    case_out = enriched["data"][0] if enriched.get("data") else raw
+    return ApiResponse(data={"case": case_out})
+
+
+@app.get(
+    "/iris/cases",
+    response_model=ApiResponse,
+    summary="List IRIS cases with KPI",
+    description="Fetch cases from DFIR-IRIS and annotate each with computed KPI data.",
+)
+async def iris_list_cases(
+    page: int = 1,
+    per_page: int = 20,
+    sort_by: str = "case_id",
+    sort_dir: str = "desc",
+    filter_name: str | None = None,
+) -> ApiResponse:
+    # adapter maps (limit, offset) → (per_page, page) for IRIS v2
+    offset = (page - 1) * per_page
+    try:
+        raw = await iris_adapter.list_cases(limit=per_page, offset=offset)
+    except Exception as exc:
+        raise HTTPException(status_code=502, detail=f"IRIS case list failed: {exc}") from exc
+    enriched = _enrich_cases_with_kpi(raw)
+    items = enriched.get("data") or enriched.get("items", [])
+    total = enriched.get("total", len(items))
+    last_page = enriched.get("last_page", max(1, -(-total // per_page)))
+    if filter_name:
+        items = [c for c in items if filter_name.lower() in (c.get("case_name") or "").lower()]
+    reverse = sort_dir == "desc"
+    items.sort(key=lambda c: c.get(sort_by) or 0, reverse=reverse)
+    return ApiResponse(data={"cases": {
+        "data": items,
+        "total": total,
+        "current_page": page,
+        "last_page": last_page,
+    }})
+
+
+@app.post(
+    "/iris/alerts",
+    response_model=ApiResponse,
+    summary="Create IRIS alert",
+    description="Create a new alert in DFIR-IRIS via /api/v2/alerts.",
+)
+async def iris_create_alert(payload: IrisAlertCreateRequest) -> ApiResponse:
+    alert_payload: dict[str, Any] = {
+        "alert_title": payload.title,
+        "alert_description": payload.description,
+        "alert_severity_id": payload.severity_id,
+        "alert_status_id": payload.status_id,
+        "alert_source": payload.source,
+        "alert_customer_id": payload.customer_id or settings.iris_default_customer_id,
+        "alert_source_event_time": datetime.now(timezone.utc).isoformat(),
+    }
+    if payload.source_ref:
+        alert_payload["alert_source_ref"] = payload.source_ref
+    if payload.payload:
+        alert_payload.update(payload.payload)
+    try:
+        result = await iris_adapter.create_alert(alert_payload)
+    except Exception as exc:
+        raise HTTPException(status_code=502, detail=f"IRIS alert create failed: {exc}") from exc
+    return ApiResponse(data={"alert": result})
+
+
+@app.get(
+    "/iris/alerts",
+    response_model=ApiResponse,
+    summary="List IRIS alerts with KPI Timeout",
+    description="Fetch alerts from DFIR-IRIS and annotate each row with computed KPI Timeout data.",
+)
+async def iris_list_alerts(
+    page: int = 1,
+    per_page: int = 20,
+    sort_by: str = "alert_id",
+    sort_dir: str = "desc",
+    filter_title: str | None = None,
+    filter_owner_id: int | None = None,
+) -> ApiResponse:
+    try:
+        raw = await iris_adapter.list_alerts(
+            page=page,
+            per_page=per_page,
+            sort_by=sort_by,
+            sort_dir=sort_dir,
+            filter_title=filter_title,
+            filter_owner_id=filter_owner_id,
+        )
+        enriched = _enrich_alerts_with_kpi(raw)
+        return ApiResponse(data={
+            "alerts": {
+                "data": enriched.get("data", []),
+                "total": enriched.get("total", 0),
+                "current_page": enriched.get("current_page", page),
+                "last_page": enriched.get("last_page", 1),
+            }
+        })
+    except Exception as exc:
+        raise HTTPException(status_code=502, detail=f"IRIS alert list failed: {exc}") from exc
+
+
+@app.get(
+    "/iris/alerts/export-csv",
+    summary="Export IRIS alerts as CSV",
+    description="Download all matching alerts (up to 1000) as a CSV attachment.",
+)
+async def iris_export_alerts_csv(
+    sort_by: str = "alert_id",
+    sort_dir: str = "desc",
+    filter_title: str | None = None,
+    filter_owner_id: int | None = None,
+) -> StreamingResponse:
+    try:
+        raw = await iris_adapter.list_alerts(
+            page=1,
+            per_page=1000,
+            sort_by=sort_by,
+            sort_dir=sort_dir,
+            filter_title=filter_title,
+            filter_owner_id=filter_owner_id,
+        )
+    except Exception as exc:
+        raise HTTPException(status_code=502, detail=f"IRIS alert export failed: {exc}") from exc
+
+    enriched = _enrich_alerts_with_kpi(raw)
+    alerts = enriched.get("data", [])
+
+    output = io.StringIO()
+    fieldnames = [
+        "alert_id", "alert_title", "alert_severity", "alert_status",
+        "alert_creation_time", "alert_source_event_time", "alert_owner",
+        "kpi_pct", "kpi_status",
+    ]
+    writer = csv.DictWriter(output, fieldnames=fieldnames, extrasaction="ignore")
+    writer.writeheader()
+    for alert in alerts:
+        kpi = alert.get("kpi", {})
+        severity_name = (alert.get("severity") or {}).get("severity_name", "")
+        writer.writerow({
+            "alert_id": alert.get("alert_id", ""),
+            "alert_title": alert.get("alert_title", ""),
+            "alert_severity": severity_name,
+            "alert_status": (alert.get("status") or {}).get("status_name", ""),
+            "alert_creation_time": alert.get("alert_creation_time", ""),
+            "alert_source_event_time": alert.get("alert_source_event_time", ""),
+            "alert_owner": (alert.get("owner") or {}).get("user_name", ""),
+            "kpi_pct": kpi.get("kpi_pct", ""),
+            "kpi_status": kpi.get("status", ""),
+        })
+
+    output.seek(0)
+    return StreamingResponse(
+        iter([output.getvalue()]),
+        media_type="text/csv",
+        headers={"Content-Disposition": "attachment; filename=iris_alerts.csv"},
+    )
+
+
+@app.get(
+    "/iris/alerts/{alert_id}",
+    response_model=ApiResponse,
+    summary="Get single IRIS alert with KPI",
+    description="Fetch one DFIR-IRIS alert by ID and annotate with computed KPI data.",
+)
+async def iris_get_alert(alert_id: int) -> ApiResponse:
+    try:
+        raw = await iris_adapter.get_alert(alert_id)
+    except Exception as exc:
+        raise HTTPException(status_code=502, detail=f"IRIS alert fetch failed: {exc}") from exc
+    # Wrap in list-shaped dict so _enrich_alerts_with_kpi can process it
+    alert = raw if isinstance(raw, dict) else {}
+    wrapper = {"data": [alert]}
+    enriched = _enrich_alerts_with_kpi(wrapper)
+    alert_out = enriched["data"][0] if enriched.get("data") else alert
+    return ApiResponse(data={"alert": alert_out})
+
+
+@app.post(
+    "/iris/alerts/{alert_id}/assign",
+    response_model=ApiResponse,
+    summary="Assign IRIS alert to owner",
+    description="Update the owner of a DFIR-IRIS alert.",
+)
+async def iris_assign_alert(alert_id: int, body: dict) -> ApiResponse:
+    owner_id = body.get("owner_id")
+    if not isinstance(owner_id, int):
+        raise HTTPException(status_code=422, detail="owner_id must be an integer")
+    try:
+        result = await iris_adapter.assign_alert(alert_id=alert_id, owner_id=owner_id)
+        return ApiResponse(data=result)
+    except Exception as exc:
+        raise HTTPException(status_code=502, detail=f"IRIS alert assign failed: {exc}") from exc

soc-integrator/app/models.py

@@ -355,6 +355,32 @@ class SimLogRunRequest(BaseModel):
     forever: bool = Field(default=False, description="Run continuously until stopped.", examples=[False])
 
 
+class IrisAlertCreateRequest(BaseModel):
+    model_config = ConfigDict(
+        json_schema_extra={
+            "example": {
+                "title": "Suspicious login detected",
+                "description": "Multiple failed logins followed by success from unusual IP",
+                "severity_id": 4,
+                "status_id": 2,
+                "source": "wazuh",
+                "source_ref": "wazuh-alert-12345",
+                "customer_id": 1,
+                "payload": {"alert_tags": "brute-force,authentication"},
+            }
+        }
+    )
+
+    title: str = Field(description="Alert title.", examples=["Suspicious login detected"])
+    description: str = Field(default="Created by soc-integrator", description="Alert description.")
+    severity_id: int = Field(default=3, description="IRIS severity ID (1=Info,2=Low,3=Medium,4=High,5=Critical).", examples=[4])
+    status_id: int = Field(default=2, description="IRIS alert status ID.", examples=[2])
+    source: str = Field(default="soc-integrator", description="Alert source name.", examples=["wazuh"])
+    source_ref: str | None = Field(default=None, description="Source-system reference ID.", examples=["wazuh-alert-12345"])
+    customer_id: int | None = Field(default=None, description="IRIS customer ID (defaults to configured value).")
+    payload: dict[str, Any] = Field(default_factory=dict, description="Additional IRIS alert fields merged into the request.")
+
+
 class ApiResponse(BaseModel):
     ok: bool = True
     message: str = "ok"