#1553 Imported customFields when merging alerts

TheHive-Project · Nov 13, 2020 · 76d62a1 · 76d62a1
1 parent 9985dd9
commit 76d62a1
Showing 1 changed file with 17 additions and 0 deletions.
diff --git a/thehive/app/org/thp/thehive/services/AlertSrv.scala b/thehive/app/org/thp/thehive/services/AlertSrv.scala
@@ -277,6 +277,7 @@ class AlertSrv @Inject() (
       description = `case`.description + s"\n  \n#### Merged with alert #${alert.sourceRef} ${alert.title}\n\n${alert.description.trim}"
       c <- caseSrv.get(`case`).update(_.description, description).getOrFail("Case")
       _ <- importObservables(alert, `case`)
+      _ <- importCustomFields(alert, `case`)
       _ <- alertCaseSrv.create(AlertCase(), alert, `case`)
       _ <- markAsRead(alert._id)
       _ <- auditSrv.alertToCase.merge(alert, c)
@@ -314,6 +315,22 @@ class AlertSrv @Inject() (
       }
       .map(_ => ())
 
+  def importCustomFields(alert: Alert with Entity, `case`: Case with Entity)(implicit
+      graph: Graph,
+      authContext: AuthContext
+  ): Try[Unit] =
+    get(alert)
+      .richCustomFields
+      .toIterator
+      .toTry { richCustomField =>
+        caseSrv
+          .setOrCreateCustomField(`case`,
+            richCustomField.customField._id,
+            richCustomField.value,
+            richCustomField.customFieldValue.order)
+      }
+      .map(_ => ())
+
   def remove(alert: Alert with Entity)(implicit graph: Graph, authContext: AuthContext): Try[Unit] =
     for {
       organisation <- organisationSrv.getOrFail(authContext.organisation)