feat(chore): add Liquibase changelogs for visualization updates and module activation

mjabascal10 · mjabascal10 · commit 9b41fb16c489 · 2026-01-22T15:31:41.000-06:00
diff --git a/backend/src/main/resources/config/liquibase/changelog/20260122001_update_is_activatable_macos_module.xml b/backend/src/main/resources/config/liquibase/changelog/20260122001_update_is_activatable_macos_module.xml
@@ -0,0 +1,21 @@
+<?xml version="1.0" encoding="utf-8"?>
+<databaseChangeLog
+        xmlns="http://www.liquibase.org/xml/ns/dbchangelog"
+        xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+        xsi:schemaLocation="http://www.liquibase.org/xml/ns/dbchangelog http://www.liquibase.org/xml/ns/dbchangelog/dbchangelog-3.5.xsd">
+
+    <changeSet id="20260122001" author="manuel">
+
+        <update tableName="utm_module">
+            <column name="is_activatable" value="false"/>
+            <column name="module_active" value="true"/>
+            <where> module_name = 'MACOS' </where>
+        </update>
+
+        <update tableName="utm_menu">
+            <column name="menu_active" value="true"/>
+            <where> name = 'MacOS' </where>
+        </update>
+
+    </changeSet>
+</databaseChangeLog>
diff --git a/backend/src/main/resources/config/liquibase/changelog/20260122002_update_o365_visualizations_filters.xml b/backend/src/main/resources/config/liquibase/changelog/20260122002_update_o365_visualizations_filters.xml
@@ -0,0 +1,52 @@
+<?xml version="1.0" encoding="utf-8"?>
+<databaseChangeLog
+        xmlns="http://www.liquibase.org/xml/ns/dbchangelog"
+        xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+        xsi:schemaLocation="http://www.liquibase.org/xml/ns/dbchangelog http://www.liquibase.org/xml/ns/dbchangelog/dbchangelog-3.5.xsd">
+
+    <changeSet id="20260122002" author="Manuel Abascal">
+
+        <sql dbms="postgresql" splitStatements="true" stripComments="true">
+            <![CDATA[
+
+            ------------------------------------------------------------------
+            -- Filters field replacements (safe one-by-one updates)
+            ------------------------------------------------------------------
+
+            UPDATE utm_visualization SET filters = REPLACE(filters,'emailVerdict.keyword','log.Verdict.keyword') WHERE filters IS NOT NULL;
+            UPDATE utm_visualization SET filters = REPLACE(filters,'log.o365.P2Sender.keyword','log.P2Sender.keyword') WHERE filters IS NOT NULL;
+            UPDATE utm_visualization SET filters = REPLACE(filters,'log.o365.DetectionMethod.keyword','log.DetectionMethod.keyword') WHERE filters IS NOT NULL;
+            UPDATE utm_visualization SET filters = REPLACE(filters,'log.logonError.keyword','log.LogonError.keyword') WHERE filters IS NOT NULL;
+            UPDATE utm_visualization SET filters = REPLACE(filters,'log.o365.OrganizationName.keyword','log.OrganizationName.keyword') WHERE filters IS NOT NULL;
+            UPDATE utm_visualization SET filters = REPLACE(filters,'log.o365.ClientIPAddress.keyword','log.clientIp.keyword') WHERE filters IS NOT NULL;
+            UPDATE utm_visualization SET filters = REPLACE(filters,'log.o365.MailboxOwnerUPN.keyword','log.MailboxOwnerUPN.keyword') WHERE filters IS NOT NULL;
+            UPDATE utm_visualization SET filters = REPLACE(filters,'log.o365.MailboxOwnerSid.keyword','log.MailboxOwnerSid.keyword') WHERE filters IS NOT NULL;
+            UPDATE utm_visualization SET filters = REPLACE(filters,'log.o365.ClientInfoString.keyword','log.ClientInfoString.keyword') WHERE filters IS NOT NULL;
+            UPDATE utm_visualization SET filters = REPLACE(filters,'log.o365.Operation','action.keyword') WHERE filters IS NOT NULL;
+            UPDATE utm_visualization SET filters = REPLACE(filters,'log.o365.Platform.keyword','log.Platform.keyword') WHERE filters IS NOT NULL;
+            UPDATE utm_visualization SET filters = REPLACE(filters,'log.o365.TargetUserOrGroupType.keyword','log.TargetUserOrGroupType.keyword') WHERE filters IS NOT NULL;
+            UPDATE utm_visualization SET filters = REPLACE(filters,'log.o365.Severity.keyword','log.Severity.keyword') WHERE filters IS NOT NULL;
+            UPDATE utm_visualization SET filters = REPLACE(filters,'log.o365.OriginatingServer.keyword','log.OriginatingServer.keyword') WHERE filters IS NOT NULL;
+            UPDATE utm_visualization SET filters = REPLACE(filters,'log.o365.SourceFileExtension.keyword','log.SourceFileExtension.keyword') WHERE filters IS NOT NULL;
+            UPDATE utm_visualization SET filters = REPLACE(filters,'log.o365.UserType','log.UserType.keyword') WHERE filters IS NOT NULL;
+            UPDATE utm_visualization SET filters = REPLACE(filters,'log.o365.GeoLocation.keyword','log.GeoLocation.keyword') WHERE filters IS NOT NULL;
+            UPDATE utm_visualization SET filters = REPLACE(filters,'log.o365.ObjectId.keyword','log.ObjectId.keyword') WHERE filters IS NOT NULL;
+            UPDATE utm_visualization SET filters = REPLACE(filters,'log.o365.SourceFileName.keyword','log.SourceFileName.keyword') WHERE filters IS NOT NULL;
+            UPDATE utm_visualization SET filters = REPLACE(filters,'log.o365.SiteUrl.keyword','log.SiteUrl.keyword') WHERE filters IS NOT NULL;
+            UPDATE utm_visualization SET filters = REPLACE(filters,'log.o365.AppAccessContext.ClientAppName.keyword','log.appAccessContextClientAppId.keyword') WHERE filters IS NOT NULL;
+            UPDATE utm_visualization SET filters = REPLACE(filters,'log.o365.CorrelationId.keyword','log.CorrelationId.keyword') WHERE filters IS NOT NULL;
+            UPDATE utm_visualization SET filters = REPLACE(filters,'log.o365.ApplicationDisplayName.keyword','log.ApplicationDisplayName.keyword') WHERE filters IS NOT NULL;
+            UPDATE utm_visualization SET filters = REPLACE(filters,'log.o365.UserAgent.keyword','log.UserAgent.keyword') WHERE filters IS NOT NULL;
+
+            ------------------------------------------------------------------
+            -- ExternalAccess and LogonType
+            ------------------------------------------------------------------
+            UPDATE utm_visualization SET filters = REPLACE(filters,'log.o365.ExternalAccess','log.ExternalAccess.keyword') WHERE filters IS NOT NULL;
+            UPDATE utm_visualization SET filters = REPLACE(filters,'log.o365.LogonType','log.LogonType.keyword') WHERE filters IS NOT NULL;
+
+            ]]>
+        </sql>
+
+    </changeSet>
+
+</databaseChangeLog>
diff --git a/backend/src/main/resources/config/liquibase/changelog/20260122003_update_o365_visualizations_agg.xml b/backend/src/main/resources/config/liquibase/changelog/20260122003_update_o365_visualizations_agg.xml
@@ -0,0 +1,60 @@
+<?xml version="1.0" encoding="utf-8"?>
+<databaseChangeLog
+        xmlns="http://www.liquibase.org/xml/ns/dbchangelog"
+        xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+        xsi:schemaLocation="http://www.liquibase.org/xml/ns/dbchangelog http://www.liquibase.org/xml/ns/dbchangelog/dbchangelog-3.5.xsd">
+
+    <changeSet id="20260122003" author="Manuel Abascal">
+
+        <sql dbms="postgresql" splitStatements="true" stripComments="true">
+            <![CDATA[
+
+            ------------------------------------------------------------------
+            -- Aggregation field replacements (safe one-by-one updates)
+            ------------------------------------------------------------------
+
+            UPDATE utm_visualization SET aggregation = REPLACE(aggregation,'emailVerdict.keyword','log.Verdict.keyword') WHERE aggregation IS NOT NULL;
+            UPDATE utm_visualization SET aggregation = REPLACE(aggregation,'log.o365.P2Sender.keyword','log.P2Sender.keyword') WHERE aggregation IS NOT NULL;
+            UPDATE utm_visualization SET aggregation = REPLACE(aggregation,'log.o365.DetectionMethod.keyword','log.DetectionMethod.keyword') WHERE aggregation IS NOT NULL;
+            UPDATE utm_visualization SET aggregation = REPLACE(aggregation,'log.logonError.keyword','log.LogonError.keyword') WHERE aggregation IS NOT NULL;
+            UPDATE utm_visualization SET aggregation = REPLACE(aggregation,'log.o365.OrganizationName.keyword','log.OrganizationName.keyword') WHERE aggregation IS NOT NULL;
+            UPDATE utm_visualization SET aggregation = REPLACE(aggregation,'log.o365.ClientIPAddress.keyword','log.clientIp.keyword') WHERE aggregation IS NOT NULL;
+            UPDATE utm_visualization SET aggregation = REPLACE(aggregation,'log.o365.MailboxOwnerUPN.keyword','log.MailboxOwnerUPN.keyword') WHERE aggregation IS NOT NULL;
+            UPDATE utm_visualization SET aggregation = REPLACE(aggregation,'log.o365.MailboxOwnerSid.keyword','log.MailboxOwnerSid.keyword') WHERE aggregation IS NOT NULL;
+            UPDATE utm_visualization SET aggregation = REPLACE(aggregation,'log.o365.ClientInfoString.keyword','log.ClientInfoString.keyword') WHERE aggregation IS NOT NULL;
+            UPDATE utm_visualization SET aggregation = REPLACE(aggregation,'log.o365.Operation','action.keyword') WHERE aggregation IS NOT NULL;
+            UPDATE utm_visualization SET aggregation = REPLACE(aggregation,'log.o365.Platform.keyword','log.Platform.keyword') WHERE aggregation IS NOT NULL;
+            UPDATE utm_visualization SET aggregation = REPLACE(aggregation,'log.o365.TargetUserOrGroupType.keyword','log.TargetUserOrGroupType.keyword') WHERE aggregation IS NOT NULL;
+            UPDATE utm_visualization SET aggregation = REPLACE(aggregation,'log.o365.Severity.keyword','log.Severity.keyword') WHERE aggregation IS NOT NULL;
+            UPDATE utm_visualization SET aggregation = REPLACE(aggregation,'log.o365.OriginatingServer.keyword','log.OriginatingServer.keyword') WHERE aggregation IS NOT NULL;
+            UPDATE utm_visualization SET aggregation = REPLACE(aggregation,'log.o365.SourceFileExtension.keyword','log.SourceFileExtension.keyword') WHERE aggregation IS NOT NULL;
+            UPDATE utm_visualization SET aggregation = REPLACE(aggregation,'log.o365.UserType','log.UserType.keyword') WHERE aggregation IS NOT NULL;
+            UPDATE utm_visualization SET aggregation = REPLACE(aggregation,'log.o365.GeoLocation.keyword','log.GeoLocation.keyword') WHERE aggregation IS NOT NULL;
+            UPDATE utm_visualization SET aggregation = REPLACE(aggregation,'log.o365.ObjectId.keyword','log.ObjectId.keyword') WHERE aggregation IS NOT NULL;
+            UPDATE utm_visualization SET aggregation = REPLACE(aggregation,'log.o365.SourceFileName.keyword','log.SourceFileName.keyword') WHERE aggregation IS NOT NULL;
+            UPDATE utm_visualization SET aggregation = REPLACE(aggregation,'log.o365.SiteUrl.keyword','log.SiteUrl.keyword') WHERE aggregation IS NOT NULL;
+            UPDATE utm_visualization SET aggregation = REPLACE(aggregation,'log.o365.AppAccessContext.ClientAppName.keyword','log.appAccessContextClientAppId.keyword') WHERE aggregation IS NOT NULL;
+            UPDATE utm_visualization SET aggregation = REPLACE(aggregation,'log.o365.CorrelationId.keyword','log.CorrelationId.keyword') WHERE aggregation IS NOT NULL;
+            UPDATE utm_visualization SET aggregation = REPLACE(aggregation,'log.o365.ApplicationDisplayName.keyword','log.ApplicationDisplayName.keyword') WHERE aggregation IS NOT NULL;
+            UPDATE utm_visualization SET aggregation = REPLACE(aggregation,'log.o365.UserAgent.keyword','log.UserAgent.keyword') WHERE aggregation IS NOT NULL;
+
+            ------------------------------------------------------------------
+            -- ExternalAccess and LogonType
+            ------------------------------------------------------------------
+            UPDATE utm_visualization SET aggregation = REPLACE(aggregation,'log.o365.ExternalAccess','log.ExternalAccess.keyword') WHERE aggregation IS NOT NULL;
+            UPDATE utm_visualization SET aggregation = REPLACE(aggregation,'log.o365.LogonType','log.LogonType.keyword') WHERE aggregation IS NOT NULL;
+
+            ------------------------------------------------------------------
+            -- Replace origin.ip.keyword for specific IDs
+            ------------------------------------------------------------------
+            UPDATE utm_visualization
+            SET aggregation = REPLACE(aggregation, 'origin.ip.keyword', 'log.SenderIp.keyword')
+            WHERE id IN (532, 470)
+              AND aggregation IS NOT NULL;
+
+            ]]>
+        </sql>
+
+    </changeSet>
+
+</databaseChangeLog>
diff --git a/backend/src/main/resources/config/liquibase/changelog/20260122004_update_azure_visualizations.xml b/backend/src/main/resources/config/liquibase/changelog/20260122004_update_azure_visualizations.xml
@@ -0,0 +1,143 @@
+<?xml version="1.0" encoding="utf-8"?>
+<databaseChangeLog
+        xmlns="http://www.liquibase.org/xml/ns/dbchangelog"
+        xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+        xsi:schemaLocation="http://www.liquibase.org/xml/ns/dbchangelog http://www.liquibase.org/xml/ns/dbchangelog/dbchangelog-3.5.xsd">
+
+    <changeSet id="20260122004" author="Manuel Abascal">
+
+        <sql dbms="postgresql" splitStatements="true" stripComments="true">
+            <![CDATA[
+
+            ------------------------------------------------------------------
+            -- Azure: requestUri → og.propertiesRequestUri.keyword
+            ------------------------------------------------------------------
+            UPDATE utm_visualization
+            SET filters = REPLACE(filters,
+                                  'log.azure.properties.requestUri.keyword',
+                                  'log.propertiesRequestUri.keyword')
+                WHERE filters IS NOT NULL;
+
+            UPDATE utm_visualization
+            SET aggregation = REPLACE(aggregation,
+                                      'log.azure.properties.requestUri.keyword',
+                                      'log.propertiesRequestUri.keyword')
+                WHERE aggregation IS NOT NULL;
+
+
+            ------------------------------------------------------------------
+            -- Azure: operationName → log.operationName.keyword
+            ------------------------------------------------------------------
+            UPDATE utm_visualization
+            SET filters = REPLACE(filters,
+                                  'log.azure.operationName.keyword',
+                                  'log.operationName.keyword')
+                WHERE filters IS NOT NULL;
+
+            UPDATE utm_visualization
+            SET aggregation = REPLACE(aggregation,
+                                      'log.azure.operationName.keyword',
+                                      'log.operationName.keyword')
+                WHERE aggregation IS NOT NULL;
+
+
+            ------------------------------------------------------------------
+            -- Azure: resourceUri → log.resourceId.keyword
+            ------------------------------------------------------------------
+            UPDATE utm_visualization
+            SET filters = REPLACE(filters,
+                                  'log.azure.resourceUri.keyword',
+                                  'log.resourceId.keyword')
+                WHERE filters IS NOT NULL;
+
+            UPDATE utm_visualization
+            SET aggregation = REPLACE(aggregation,
+                                      'log.azure.resourceUri.keyword',
+                                      'log.resourceId.keyword')
+                WHERE aggregation IS NOT NULL;
+
+
+            ------------------------------------------------------------------
+            -- Azure: message → log.operationName.keyword
+            ------------------------------------------------------------------
+            UPDATE utm_visualization
+            SET filters = REPLACE(filters,
+                                  'log.azure.message',
+                                  'log.operationName.keyword')
+                WHERE filters IS NOT NULL;
+
+            UPDATE utm_visualization
+            SET aggregation = REPLACE(aggregation,
+                                      'log.azure.message',
+                                      'log.operationName.keyword')
+                WHERE aggregation IS NOT NULL;
+
+
+            ------------------------------------------------------------------
+            -- Visualización 569: override completo de filtros
+            ------------------------------------------------------------------
+            UPDATE utm_visualization
+            SET filters = '[{"operator":"IS_BETWEEN","field":"@timestamp","value":["now-24h","now"]},{"operator":"IS","field":"log.operationName.keyword","value":"Sign-in activity"}]'
+            WHERE id = 569;
+
+
+            ------------------------------------------------------------------
+            -- Azure: clientIp → origin.ip.keyword
+            ------------------------------------------------------------------
+            UPDATE utm_visualization
+            SET filters = REPLACE(filters,
+                                  'log.azure.properties.clientIp.keyword',
+                                  'origin.ip.keyword')
+            WHERE filters IS NOT NULL;
+
+            UPDATE utm_visualization
+            SET aggregation = REPLACE(aggregation,
+                                      'log.azure.properties.clientIp.keyword',
+                                      'origin.ip.keyword')
+            WHERE aggregation IS NOT NULL;
+
+
+            ------------------------------------------------------------------
+            -- Azure: message → log.message.keyword
+            ------------------------------------------------------------------
+            UPDATE utm_visualization
+            SET filters = REPLACE(filters,
+                                  'log.azure.properties.message.keyword',
+                                  'log.message.keyword')
+            WHERE filters IS NOT NULL;
+
+            UPDATE utm_visualization
+            SET aggregation = REPLACE(aggregation,
+                                      'log.azure.properties.message.keyword',
+                                      'log.message.keyword')
+            WHERE aggregation IS NOT NULL;
+
+
+            ------------------------------------------------------------------
+            -- Azure: category.localizedValue → log.category.keyword
+            ------------------------------------------------------------------
+            UPDATE utm_visualization
+            SET filters = REPLACE(filters,
+                                  'log.azure.category.localizedValue.keyword',
+                                  'log.category.keyword')
+            WHERE filters IS NOT NULL;
+
+            UPDATE utm_visualization
+            SET aggregation = REPLACE(aggregation,
+                                      'log.azure.category.localizedValue.keyword',
+                                      'log.category.keyword')
+            WHERE aggregation IS NOT NULL;
+
+
+            ------------------------------------------------------------------
+            -- DELETE visualización con id = 805
+            ------------------------------------------------------------------
+            DELETE FROM utm_visualization
+            WHERE id = 805;
+
+            ]]>
+        </sql>
+
+    </changeSet>
+
+</databaseChangeLog>
diff --git a/backend/src/main/resources/config/liquibase/master.xml b/backend/src/main/resources/config/liquibase/master.xml
@@ -311,4 +311,12 @@
 
     <include file="/config/liquibase/changelog/20251203001_add_column_sqlQuery_to_visualization.xml" relativeToChangelogFile="false"/>
 
+    <include file="/config/liquibase/changelog/20260122001_update_is_activatable_macos_module.xml" relativeToChangelogFile="false"/>
+
+    <include file="/config/liquibase/changelog/20260122002_update_o365_visualizations_filters.xml" relativeToChangelogFile="false"/>
+
+    <include file="/config/liquibase/changelog/20260122003_update_o365_visualizations_agg.xml" relativeToChangelogFile="false"/>
+
+    <include file="/config/liquibase/changelog/20260122004_update_azure_visualizations.xml" relativeToChangelogFile="false"/>
+
 </databaseChangeLog>
