feat[soc-ai]: improve soc-ai integration

Author: Kbayero

backend/src/main/java/com/park/utmstack/domain/application_modules/factory/impl/ModuleSocAi.java

@@ -45,16 +45,6 @@ public List<ModuleRequirement> checkRequirements(Long serverId) throws Exception
     public List<ModuleConfigurationKey> getConfigurationKeys(Long groupId) throws Exception {
         List<ModuleConfigurationKey> keys = new ArrayList<>();
 
-        // soc_ai_key
-        keys.add(ModuleConfigurationKey.builder()
-            .withGroupId(groupId)
-            .withConfKey("utmstack.socai.key")
-            .withConfName("Key")
-            .withConfDescription("OpenAI Connection key")
-            .withConfDataType("password")
-            .withConfRequired(true)
-            .build());
-
         keys.add(ModuleConfigurationKey.builder()
             .withGroupId(groupId)
             .withConfKey("utmstack.socai.incidentCreation")

backend/src/main/java/com/park/utmstack/service/application_modules/UtmModuleGroupConfigurationService.java

@@ -22,6 +22,7 @@
 import java.util.Collections;
 import java.util.List;
 import java.util.Map;
+import java.util.Objects;
 import java.util.stream.Collectors;
 
 /**
@@ -59,11 +60,27 @@ public UtmModule updateConfigurationKeys(Long moduleId, List<UtmModuleGroupConfi
         try {
             if (CollectionUtils.isEmpty(keys))
                 throw new ApiException("No configuration keys were provided to update", HttpStatus.BAD_REQUEST);
+
+            // Load existing values from DB to detect unchanged encrypted fields
+            Map<String, String> existingValues = keys.stream()
+                .filter(k -> k.getId() != null)
+                .map(k -> moduleConfigurationRepository.findById(k.getId()).orElse(null))
+                .filter(java.util.Objects::nonNull)
+                .collect(Collectors.toMap(UtmModuleGroupConfiguration::getConfKey,
+                    c -> c.getConfValue() != null ? c.getConfValue() : "", (a, b) -> a));
+
             for (UtmModuleGroupConfiguration key : keys) {
                 if (key.getConfRequired() && !StringUtils.hasText(key.getConfValue()))
                     throw new Exception(String.format("No value was found for required configuration: %1$s (%2$s)", key.getConfName(), key.getConfKey()));
-                if (key.getConfDataType().equals("password") || key.getConfDataType().equals("file"))
+                if (key.getConfDataType().equals("password") || key.getConfDataType().equals("file")) {
+                    String existingEncrypted = existingValues.get(key.getConfKey());
+                    // Only encrypt if the value actually changed (is not the same encrypted value from DB)
+                    if (existingEncrypted != null && existingEncrypted.equals(key.getConfValue())) {
+                        // Value unchanged - already encrypted in DB, don't re-encrypt
+                        continue;
+                    }
                     key.setConfValue(CipherUtil.encrypt(key.getConfValue(), System.getenv(Constants.ENV_ENCRYPTION_KEY)));
+                }
             }
             moduleConfigurationRepository.saveAll(keys);
 

backend/src/main/resources/config/liquibase/changelog/20260409002_update_socai_config.xml

@@ -0,0 +1,26 @@
+<?xml version="1.0" encoding="utf-8"?>
+<databaseChangeLog
+    xmlns="http://www.liquibase.org/xml/ns/dbchangelog"
+    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+    xsi:schemaLocation="http://www.liquibase.org/xml/ns/dbchangelog http://www.liquibase.org/xml/ns/dbchangelog/dbchangelog-3.5.xsd">
+
+    <changeSet id="20260409002" author="Yorjander">
+        <sql>
+            UPDATE utm_module
+            SET module_description = 'SOC AI uses advanced language models to investigate Security Operations Center alerts by analyzing large volumes of data, identifying patterns, and providing insights into potential security incidents. By leveraging natural language processing capabilities, security analysts can efficiently triage alerts, prioritize threats, and gather contextual information to aid in incident response and remediation.',
+                module_icon = 'soc-ai.svg'
+            WHERE module_name = 'SOC_AI';
+
+            UPDATE utm_module_group_configuration
+            SET conf_visibility = '{"dependsOn": "utmstack.socai.provider", "values": ["custom"]}'
+            WHERE conf_key = 'utmstack.socai.url';
+
+            UPDATE utm_module_group_configuration
+            SET conf_visibility = '{"dependsOn": "utmstack.socai.provider", "values": ["anthropic", "custom"]}'
+            WHERE conf_key = 'utmstack.socai.maxTokens';
+
+            DELETE FROM utm_module_group_configuration
+            WHERE conf_key = 'utmstack.socai.key';
+        </sql>
+    </changeSet>
+</databaseChangeLog>

backend/src/main/resources/config/liquibase/master.xml

@@ -591,4 +591,6 @@
 
   <include file="/config/liquibase/changelog/20260409001_add_shell_to_alert_response_rule.xml" relativeToChangelogFile="false"/>
 
+  <include file="/config/liquibase/changelog/20260409002_update_socai_config.xml" relativeToChangelogFile="false"/>
+
 </databaseChangeLog>

frontend/src/app/app-module/conf/int-generic-group-config/int-generic-group-config.component.ts

@@ -23,13 +23,14 @@ import {IntegrationConfigFactory} from './int-config-types/IntegrationConfigFact
   templateUrl: './int-generic-group-config.component.html',
   styleUrls: ['./int-generic-group-config.component.css']
 })
-export class IntGenericGroupConfigComponent implements OnInit, OnDestroy {
+export class IntGenericGroupConfigComponent implements OnInit, OnChanges, OnDestroy {
   @Input() serverId: number;
   @Input() moduleId: number;
   @Input() groupType = GroupTypeEnum.TENANT;
   @Input() allowAdd = true;
   @Input() editable = true;
   @Input() disablePreAction = false;
+  @Input() hiddenValues: {[confKey: string]: string} = {};
   @Output() configValidChange = new EventEmitter<boolean>();
   @Output() runDisablePreAction = new EventEmitter<boolean>();
   loading = true;
@@ -57,6 +58,12 @@ export class IntGenericGroupConfigComponent implements OnInit, OnDestroy {
               private cdr: ChangeDetectorRef) {
   }
 
+  ngOnChanges(changes: SimpleChanges) {
+    if (changes.hiddenValues && !changes.hiddenValues.firstChange && this.groups.length > 0) {
+      this.applyHiddenValues();
+    }
+  }
+
   ngOnInit() {
     this.config = this.configFactory.getConfiguration(this.groupType);
     this.getGroups().subscribe();
@@ -98,11 +105,29 @@ export class IntGenericGroupConfigComponent implements OnInit, OnDestroy {
     return this.config.getIntegrationConfigs(this.moduleId)
         .pipe(
             tap(() => {
+              this.applyHiddenValues();
               this.configValidChange.emit(this.tenantGroupConfigValid());
               this.loading = false;
             }));
   }
 
+  applyHiddenValues() {
+    if (!this.hiddenValues || Object.keys(this.hiddenValues).length === 0) {
+      return;
+    }
+    for (const group of this.groups) {
+      for (const conf of group.moduleGroupConfigurations) {
+        if (this.hiddenValues[conf.confKey] !== undefined) {
+          const newValue = this.hiddenValues[conf.confKey];
+          if (conf.confValue !== newValue) {
+            conf.confValue = newValue;
+            this.addChange(conf);
+          }
+        }
+      }
+    }
+  }
+
   createGroup() {
     this.getGroups().subscribe(res => {
       const modal = this.modalService.open(IntCreateGroupComponent, {centered: true});
@@ -397,6 +422,10 @@ export class IntGenericGroupConfigComponent implements OnInit, OnDestroy {
   }
 
   isVisible(integrationConfig: UtmModuleGroupConfType): boolean {
+    // Hide fields that are set via hiddenValues
+    if (this.hiddenValues && this.hiddenValues[integrationConfig.confKey] !== undefined) {
+      return false;
+    }
 
     if (!integrationConfig.confVisibility) {
       return true;

frontend/src/app/app-module/guides/guide-soc-ai/guide-soc-ai.component.css

@@ -0,0 +1,23 @@
+.provider-logo {
+  width: 20px;
+  height: 20px;
+  object-fit: contain;
+}
+
+.nav-tabs .nav-link {
+  display: flex;
+  align-items: center;
+  padding: 8px 14px;
+  font-size: 13px;
+}
+
+:host ::ng-deep .step-guide a,
+:host ::ng-deep p a {
+  color: #2563eb;
+  text-decoration: underline;
+}
+
+:host ::ng-deep .step-guide a:hover,
+:host ::ng-deep p a:hover {
+  color: #1d4ed8;
+}

frontend/src/app/app-module/guides/guide-soc-ai/guide-soc-ai.component.html

@@ -1,52 +1,171 @@
 <div class="w-100 h-100">
   <div class="card-header d-flex justify-content-between align-items-center">
-    <h4 class="card-title mb-0 text-primary">
-      SOC AI
-    </h4>
+    <h4 class="card-title mb-0 text-primary">SOC AI</h4>
   </div>
   <div class="card-body">
-    <ol class="setup_list">
-      <li>
-        <p class="step-guide mb-3">
-          <span class="step_number">1</span> Access the API key by logging in to your OpenAI account and navigating to
-          the
-          API section
-          <img alt="IAM configuration" class="step-img"
-               src="../../../../assets/img/guides/soc-ai/step1.png">
-      </li>
-      <li>
-        <p class="step-guide mb-3">
-          <span class="step_number">2</span> Create a new API key, and copy the value
-        </p>
-        <img alt="IAM configuration" class="step-img"
-             src="../../../../assets/img/guides/soc-ai/step2.png">
-      </li>
-      <li>
-        <p class="step-guide mb-3">
-          <span class="step_number">3</span> Paste the API Key in the form below:
-        </p>
-        <div class="row mt-3">
-          <div class="col-lg-12 col-md-12 col-sm-12">
-            <app-int-generic-group-config [moduleId]="integrationId"
-                                          [allowAdd]="false"
-                                          [editable]="false"
-                                          (configValidChange)="configValidChange($event)"
-                                          [serverId]="serverId"></app-int-generic-group-config>
-          </div>
-        </div>
-
-      </li>
-      <li>
-        <p class="step-guide mb-3">
-          <span class="step_number">4</span>
-          Click on the button shown below, to activate the UTMStack features related to this integration
-        </p>
-        <app-app-module-activate-button [module]="module.SOC_AI" [type]="'integration'"
-                                        [disabled]="false"
-                                        [serverId]="serverId"
-                                        class="mt-3">
-        </app-app-module-activate-button>
-      </li>
-    </ol>
+
+    <p class="mb-4">
+      SOC AI enhances your security operations by integrating advanced language models directly into your alert investigation workflow.
+      It automatically analyzes alerts, identifies patterns, prioritizes threats, and provides actionable insights to accelerate incident response.
+      Connect any of the supported AI providers below to get started.
+      If your provider is not listed, you can use the <strong>Custom</strong> tab to configure any service that supports the OpenAI-compatible chat completions format.
+    </p>
+
+    <div *ngIf="loading" class="d-flex justify-content-center p-5">
+      <app-utm-spinner [loading]="true" label="Loading configuration..."></app-utm-spinner>
+    </div>
+
+    <ng-container *ngIf="!loading">
+      <!-- Provider tabs -->
+      <ngb-tabset (tabChange)="onTabChange($event)">
+        <ngb-tab *ngFor="let provider of providers" [id]="provider.id">
+          <ng-template ngbTabTitle>
+            <img [src]="provider.logo" [alt]="provider.name" class="provider-logo mr-1">
+            {{ provider.name }}
+          </ng-template>
+          <ng-template ngbTabContent>
+            <div class="mt-3">
+              <!-- Provider description -->
+              <p class="step-guide mb-4" [innerHTML]="provider.description"></p>
+
+              <!-- Dynamic fields -->
+              <div class="row">
+                <ng-container *ngFor="let field of provider.fields">
+                  <!-- Text / Password / Number inputs -->
+                  <div *ngIf="field.type === 'text' || field.type === 'password' || field.type === 'number'"
+                       class="col-lg-6 col-md-12 mb-3">
+                    <label class="pb-1 d-flex justify-content-between align-items-center">
+                      <span>
+                        <i [ngClass]="field.required && !formValues[field.key] ? 'text-danger' : 'text-success'"
+                           class="icon-circle2 mr-1"></i>
+                        {{ field.label }}
+                      </span>
+                      <i *ngIf="field.tooltip" [ngbTooltip]="field.tooltip"
+                         class="icon-question3 text-primary" placement="auto"></i>
+                    </label>
+                    <input [type]="field.type"
+                           [(ngModel)]="formValues[field.key]"
+                           [placeholder]="field.placeholder || ''"
+                           [required]="field.required"
+                           class="form-control">
+                    <small *ngIf="field.required && !formValues[field.key]" class="text-danger">
+                      {{ field.label }} is required
+                    </small>
+                  </div>
+
+                  <!-- Select -->
+                  <div *ngIf="field.type === 'select'" class="col-lg-6 col-md-12 mb-3">
+                    <label class="pb-1 d-flex justify-content-between align-items-center">
+                      <span>
+                        <i [ngClass]="field.required && !formValues[field.key] ? 'text-danger' : 'text-success'"
+                           class="icon-circle2 mr-1"></i>
+                        {{ field.label }}
+                      </span>
+                      <i *ngIf="field.tooltip" [ngbTooltip]="field.tooltip"
+                         class="icon-question3 text-primary" placement="auto"></i>
+                    </label>
+                    <ng-select *ngIf="formValues[field.key] !== '__custom__'"
+                               [items]="field.options"
+                               bindLabel="label"
+                               bindValue="value"
+                               [(ngModel)]="formValues[field.key]"
+                               [clearable]="false"
+                               [searchable]="false"
+                               [placeholder]="'Select ' + field.label">
+                    </ng-select>
+                    <div *ngIf="formValues[field.key] === '__custom__'" class="input-group">
+                      <input type="text"
+                             [(ngModel)]="customModelValue"
+                             placeholder="Enter model name"
+                             class="form-control">
+                      <div class="input-group-append">
+                        <button class="btn btn-outline-secondary" type="button"
+                                (click)="formValues[field.key] = ''">
+                          <i class="icon-arrow-left32"></i>
+                        </button>
+                      </div>
+                    </div>
+                    <small *ngIf="field.required && !formValues[field.key] && formValues[field.key] !== '__custom__'" class="text-danger">
+                      {{ field.label }} is required
+                    </small>
+                  </div>
+
+                  <!-- Headers table -->
+                  <div *ngIf="field.type === 'headers' && formValues['authType'] !== 'none'" class="col-12 mb-3">
+                    <label class="pb-1">
+                      <i class="icon-circle2 mr-1 text-success"></i>
+                      {{ field.label }}
+                    </label>
+                    <table class="table table-sm table-bordered mb-2">
+                      <thead>
+                        <tr class="bg-light">
+                          <th style="width: 35%">Header Name</th>
+                          <th>Header Value</th>
+                          <th style="width: 50px"></th>
+                        </tr>
+                      </thead>
+                      <tbody>
+                        <tr *ngFor="let row of headerRows; let i = index">
+                          <td>
+                            <input type="text" [(ngModel)]="row.key"
+                                   (ngModelChange)="syncHeadersToForm()"
+                                   placeholder="e.g. Authorization"
+                                   class="form-control form-control-sm">
+                          </td>
+                          <td>
+                            <input type="text" [(ngModel)]="row.value"
+                                   (ngModelChange)="syncHeadersToForm()"
+                                   placeholder="e.g. Bearer sk-xxx"
+                                   class="form-control form-control-sm">
+                          </td>
+                          <td class="text-center">
+                            <i class="icon-cross2 cursor-pointer text-danger"
+                               (click)="removeHeaderRow(i)"
+                               ngbTooltip="Remove header"></i>
+                          </td>
+                        </tr>
+                        <tr *ngIf="headerRows.length === 0">
+                          <td colspan="3" class="text-center text-muted py-2">
+                            No headers configured. Click "Add Header" to add one.
+                          </td>
+                        </tr>
+                      </tbody>
+                    </table>
+                    <button class="btn btn-sm utm-button utm-button-primary" (click)="addHeaderRow()">
+                      <i class="icon-plus2 mr-1"></i> Add Header
+                    </button>
+                  </div>
+
+                  <!-- Toggle -->
+                  <div *ngIf="field.type === 'toggle'" class="col-lg-6 col-md-12 mb-3">
+                    <app-utm-toggle
+                      [active]="formValues[field.key] === 'true'"
+                      [label]="field.label"
+                      [emitAtStart]="false"
+                      (toggleChange)="onToggle(field.key, $event)">
+                    </app-utm-toggle>
+                  </div>
+                </ng-container>
+              </div>
+
+              <!-- Save & Activate -->
+              <div class="d-flex justify-content-end align-items-center mt-3 border-top pt-3">
+                <button class="btn utm-button utm-button-primary" (click)="save()"
+                        [disabled]="!isFormValid() || saving">
+                  <i [ngClass]="saving ? 'icon-spinner2 spinner' : 'icon-cog5'" class="mr-1"></i>
+                  Save configuration
+                </button>
+                <app-app-module-activate-button [module]="module.SOC_AI" [type]="'integration'"
+                                                [disabled]="false"
+                                                [serverId]="serverId"
+                                                class="ml-2">
+                </app-app-module-activate-button>
+              </div>
+            </div>
+          </ng-template>
+        </ngb-tab>
+      </ngb-tabset>
+    </ng-container>
+
   </div>
 </div>