feat(TheHive Node): Overhaul (#6457)

packages/nodes-base/nodes/TheHiveProject/methods/index.ts

@@ -0,0 +1,3 @@
+export * as loadOptions from './loadOptions';
+export * as listSearch from './listSearch';
+export * as resourceMapping from './resourceMapping';

packages/nodes-base/nodes/TheHiveProject/methods/listSearch.ts

@@ -0,0 +1,246 @@
+import type { IDataObject, ILoadOptionsFunctions, INodeListSearchResult } from 'n8n-workflow';
+import { theHiveApiRequest } from '../transport';
+
+async function listResource(
+	this: ILoadOptionsFunctions,
+	resource: string,
+	filterField: string,
+	nameField: string,
+	urlPlaceholder: string | undefined,
+	filter?: string,
+	paginationToken?: string,
+): Promise<INodeListSearchResult> {
+	const query: IDataObject[] = [
+		{
+			_name: resource,
+		},
+	];
+
+	if (filter) {
+		query.push({
+			_name: 'filter',
+			_like: {
+				_field: filterField,
+				_value: filter,
+			},
+		});
+	}
+
+	const from = paginationToken !== undefined ? parseInt(paginationToken, 10) : 0;
+	const to = from + 100;
+	query.push({
+		_name: 'page',
+		from,
+		to,
+	});
+
+	const response = await theHiveApiRequest.call(this, 'POST', '/v1/query', { query });
+
+	if (response.length === 0) {
+		return {
+			results: [],
+			paginationToken: undefined,
+		};
+	}
+
+	const credentials = await this.getCredentials('theHiveProjectApi');
+	const url = credentials?.url as string;
+
+	return {
+		results: response.map((entry: IDataObject) => ({
+			name: entry[nameField],
+			value: entry._id,
+			url:
+				urlPlaceholder !== undefined ? `${url}/${urlPlaceholder}/${entry._id}/details` : undefined,
+		})),
+		paginationToken: to,
+	};
+}
+
+export async function caseSearch(
+	this: ILoadOptionsFunctions,
+	filter?: string,
+	paginationToken?: string,
+): Promise<INodeListSearchResult> {
+	return listResource.call(this, 'listCase', 'title', 'title', 'cases', filter, paginationToken);
+}
+
+export async function commentSearch(
+	this: ILoadOptionsFunctions,
+	filter?: string,
+	paginationToken?: string,
+): Promise<INodeListSearchResult> {
+	return listResource.call(
+		this,
+		'listComment',
+		'message',
+		'message',
+		undefined,
+		filter,
+		paginationToken,
+	);
+}
+
+export async function alertSearch(
+	this: ILoadOptionsFunctions,
+	filter?: string,
+	paginationToken?: string,
+): Promise<INodeListSearchResult> {
+	return listResource.call(this, 'listAlert', 'title', 'title', 'alerts', filter, paginationToken);
+}
+
+export async function taskSearch(
+	this: ILoadOptionsFunctions,
+	filter?: string,
+	paginationToken?: string,
+): Promise<INodeListSearchResult> {
+	return listResource.call(this, 'listTask', 'title', 'title', undefined, filter, paginationToken);
+}
+
+export async function pageSearch(
+	this: ILoadOptionsFunctions,
+	filter?: string,
+	paginationToken?: string,
+): Promise<INodeListSearchResult> {
+	let caseId;
+
+	try {
+		caseId = this.getNodeParameter('caseId', '', { extractValue: true }) as string;
+	} catch (error) {
+		caseId = undefined;
+	}
+
+	let query: IDataObject[];
+
+	if (caseId) {
+		query = [
+			{
+				_name: 'getCase',
+				idOrName: caseId,
+			},
+			{
+				_name: 'pages',
+			},
+		];
+	} else {
+		query = [
+			{
+				_name: 'listOrganisationPage',
+			},
+		];
+	}
+
+	if (filter) {
+		query.push({
+			_name: 'filter',
+			_like: {
+				_field: 'title',
+				_value: filter,
+			},
+		});
+	}
+
+	const from = paginationToken !== undefined ? parseInt(paginationToken, 10) : 0;
+	const to = from + 100;
+	query.push({
+		_name: 'page',
+		from,
+		to,
+	});
+
+	const response = await theHiveApiRequest.call(this, 'POST', '/v1/query', { query });
+
+	if (response.length === 0) {
+		return {
+			results: [],
+			paginationToken: undefined,
+		};
+	}
+
+	return {
+		results: response.map((entry: IDataObject) => ({
+			name: entry.title,
+			value: entry._id,
+		})),
+		paginationToken: to,
+	};
+}
+
+export async function logSearch(
+	this: ILoadOptionsFunctions,
+	filter?: string,
+	paginationToken?: string,
+): Promise<INodeListSearchResult> {
+	return listResource.call(
+		this,
+		'listLog',
+		'message',
+		'message',
+		undefined,
+		filter,
+		paginationToken,
+	);
+}
+
+export async function observableSearch(
+	this: ILoadOptionsFunctions,
+	filter?: string,
+	paginationToken?: string,
+): Promise<INodeListSearchResult> {
+	const query: IDataObject[] = [
+		{
+			_name: 'listObservable',
+		},
+	];
+
+	if (filter) {
+		query.push({
+			_name: 'filter',
+			_or: [
+				{
+					_like: {
+						_field: 'data',
+						_value: filter,
+					},
+				},
+				{
+					_like: {
+						_field: 'message',
+						_value: filter,
+					},
+				},
+				{
+					_like: {
+						_field: 'attachment.name',
+						_value: filter,
+					},
+				},
+			],
+		});
+	}
+
+	const from = paginationToken !== undefined ? parseInt(paginationToken, 10) : 0;
+	const to = from + 100;
+	query.push({
+		_name: 'page',
+		from,
+		to,
+	});
+
+	const response = await theHiveApiRequest.call(this, 'POST', '/v1/query', { query });
+
+	if (response.length === 0) {
+		return {
+			results: [],
+			paginationToken: undefined,
+		};
+	}
+
+	return {
+		results: response.map((entry: IDataObject) => ({
+			name: entry.data || (entry.attachment as IDataObject)?.name || entry.message || entry._id,
+			value: entry._id,
+		})),
+		paginationToken: to,
+	};
+}

packages/nodes-base/nodes/TheHiveProject/methods/loadOptions.ts

@@ -0,0 +1,348 @@
+import type { IDataObject, ILoadOptionsFunctions, INodePropertyOptions } from 'n8n-workflow';
+import { theHiveApiRequest } from '../transport';
+import {
+	alertCommonFields,
+	caseCommonFields,
+	observableCommonFields,
+	taskCommonFields,
+} from '../helpers/constants';
+
+export async function loadResponders(this: ILoadOptionsFunctions): Promise<INodePropertyOptions[]> {
+	let resource = this.getNodeParameter('resource') as string;
+
+	let resourceId = '';
+
+	if (['case', 'alert', 'observable', 'log', 'task'].includes(resource)) {
+		resourceId = this.getNodeParameter('id', '', { extractValue: true }) as string;
+	} else {
+		resourceId = this.getNodeParameter('id') as string;
+	}
+
+	switch (resource) {
+		case 'observable':
+			resource = 'case_artifact';
+			break;
+		case 'task':
+			resource = 'case_task';
+			break;
+		case 'log':
+			resource = 'case_task_log';
+			break;
+	}
+
+	const responders = await theHiveApiRequest.call(
+		this,
+		'GET',
+		`/connector/cortex/responder/${resource}/${resourceId}`,
+	);
+
+	const returnData: INodePropertyOptions[] = [];
+
+	for (const responder of responders) {
+		returnData.push({
+			name: responder.name as string,
+			value: responder.id,
+			description: responder.description as string,
+		});
+	}
+
+	return returnData;
+}
+
+export async function loadAnalyzers(this: ILoadOptionsFunctions): Promise<INodePropertyOptions[]> {
+	const returnData: INodePropertyOptions[] = [];
+
+	const dataType = this.getNodeParameter('dataType') as string;
+
+	const requestResult = await theHiveApiRequest.call(
+		this,
+		'GET',
+		`/connector/cortex/analyzer/type/${dataType}`,
+	);
+
+	for (const analyzer of requestResult) {
+		for (const cortexId of analyzer.cortexIds) {
+			returnData.push({
+				name: `[${cortexId}] ${analyzer.name}`,
+				value: `${analyzer.id as string}::${cortexId as string}`,
+				description: analyzer.description as string,
+			});
+		}
+	}
+
+	return returnData;
+}
+
+export async function loadCustomFields(
+	this: ILoadOptionsFunctions,
+): Promise<INodePropertyOptions[]> {
+	const requestResult = await theHiveApiRequest.call(this, 'GET', '/customField');
+
+	const returnData: INodePropertyOptions[] = [];
+
+	for (const field of requestResult) {
+		returnData.push({
+			name: `Custom Field: ${(field.displayName || field.name) as string}`,
+			value: `customFields.${field.name}`,
+			// description: `${field.type}: ${field.description}`,
+		} as INodePropertyOptions);
+	}
+
+	return returnData;
+}
+
+export async function loadObservableTypes(
+	this: ILoadOptionsFunctions,
+): Promise<INodePropertyOptions[]> {
+	const returnData: INodePropertyOptions[] = [];
+
+	const body = {
+		query: [
+			{
+				_name: 'listObservableType',
+			},
+		],
+	};
+
+	const response = await theHiveApiRequest.call(this, 'POST', '/v1/query', body);
+
+	for (const entry of response) {
+		returnData.push({
+			name: `${entry.name as string}${entry.isAttachment ? ' (attachment)' : ''}`,
+			value: entry.name,
+		});
+	}
+	return returnData;
+}
+export async function loadCaseAttachments(
+	this: ILoadOptionsFunctions,
+): Promise<INodePropertyOptions[]> {
+	const returnData: INodePropertyOptions[] = [];
+	const caseId = this.getNodeParameter('caseId', '', { extractValue: true }) as string;
+
+	const body = {
+		query: [
+			{
+				_name: 'getCase',
+				idOrName: caseId,
+			},
+			{
+				_name: 'attachments',
+			},
+		],
+	};
+
+	const response = await theHiveApiRequest.call(this, 'POST', '/v1/query', body);
+
+	for (const entry of response) {
+		returnData.push({
+			name: entry.name as string,
+			value: entry._id,
+			description: `Content-Type: ${entry.contentType}`,
+		});
+	}
+	return returnData;
+}
+
+export async function loadLogAttachments(
+	this: ILoadOptionsFunctions,
+): Promise<INodePropertyOptions[]> {
+	const returnData: INodePropertyOptions[] = [];
+	const logId = this.getNodeParameter('logId', '', { extractValue: true }) as string;
+
+	const body = {
+		query: [
+			{
+				_name: 'getLog',
+				idOrName: logId,
+			},
+		],
+	};
+
+	// extract log object from array
+	const [response] = await theHiveApiRequest.call(this, 'POST', '/v1/query', body);
+
+	for (const entry of (response.attachments as IDataObject[]) || []) {
+		returnData.push({
+			name: entry.name as string,
+			value: entry._id as string,
+			description: `Content-Type: ${entry.contentType}`,
+		});
+	}
+	return returnData;
+}
+
+export async function loadAlertStatus(
+	this: ILoadOptionsFunctions,
+): Promise<INodePropertyOptions[]> {
+	const returnData: INodePropertyOptions[] = [];
+
+	const body = {
+		query: [
+			{
+				_name: 'listAlertStatus',
+			},
+		],
+	};
+
+	const response = await theHiveApiRequest.call(this, 'POST', '/v1/query', body);
+
+	for (const entry of response) {
+		returnData.push({
+			name: entry.value,
+			value: entry.value,
+			description: `Stage: ${entry.stage}`,
+		});
+	}
+	return returnData.sort((a, b) => a.name.localeCompare(b.name));
+}
+
+export async function loadCaseStatus(this: ILoadOptionsFunctions): Promise<INodePropertyOptions[]> {
+	const returnData: INodePropertyOptions[] = [];
+
+	const body = {
+		query: [
+			{
+				_name: 'listCaseStatus',
+			},
+		],
+	};
+
+	const response = await theHiveApiRequest.call(this, 'POST', '/v1/query', body);
+
+	for (const entry of response) {
+		returnData.push({
+			name: entry.value,
+			value: entry.value,
+			description: `Stage: ${entry.stage}`,
+		});
+	}
+	return returnData.sort((a, b) => a.name.localeCompare(b.name));
+}
+
+export async function loadCaseTemplate(
+	this: ILoadOptionsFunctions,
+): Promise<INodePropertyOptions[]> {
+	const returnData: INodePropertyOptions[] = [];
+
+	const body = {
+		query: [
+			{
+				_name: 'listCaseTemplate',
+			},
+		],
+	};
+
+	const response = await theHiveApiRequest.call(this, 'POST', '/v1/query', body);
+
+	for (const entry of response) {
+		returnData.push({
+			name: entry.displayName || entry.name,
+			value: entry.name,
+		});
+	}
+	return returnData;
+}
+
+export async function loadUsers(this: ILoadOptionsFunctions): Promise<INodePropertyOptions[]> {
+	const returnData: INodePropertyOptions[] = [];
+
+	const body = {
+		query: [
+			{
+				_name: 'listUser',
+			},
+		],
+	};
+
+	const response = await theHiveApiRequest.call(this, 'POST', '/v1/query', body);
+
+	for (const entry of response) {
+		returnData.push({
+			name: entry.name,
+			value: entry.login,
+		});
+	}
+	return returnData;
+}
+
+export async function loadAlertFields(
+	this: ILoadOptionsFunctions,
+): Promise<INodePropertyOptions[]> {
+	const returnData: INodePropertyOptions[] = [];
+
+	const excludeFields = ['addTags', 'removeTags'];
+
+	const fields = alertCommonFields
+		.filter((entry) => !excludeFields.includes(entry.id))
+		.map((entry) => {
+			const field: INodePropertyOptions = {
+				name: entry.displayName || entry.id,
+				value: entry.id,
+			};
+
+			return field;
+		});
+
+	const customFields = await loadCustomFields.call(this);
+
+	returnData.push(...fields, ...customFields);
+	return returnData;
+}
+
+export async function loadCaseFields(this: ILoadOptionsFunctions): Promise<INodePropertyOptions[]> {
+	const returnData: INodePropertyOptions[] = [];
+
+	const excludeFields = ['addTags', 'removeTags', 'taskRule', 'observableRule'];
+
+	const fields = caseCommonFields
+		.filter((entry) => !excludeFields.includes(entry.id))
+		.map((entry) => {
+			const field: INodePropertyOptions = {
+				name: entry.displayName || entry.id,
+				value: entry.id,
+			};
+
+			return field;
+		});
+
+	const customFields = await loadCustomFields.call(this);
+
+	returnData.push(...fields, ...customFields);
+	return returnData;
+}
+
+export async function loadObservableFields(
+	this: ILoadOptionsFunctions,
+): Promise<INodePropertyOptions[]> {
+	const returnData: INodePropertyOptions[] = [];
+
+	const excludeFields = ['addTags', 'removeTags', 'zipPassword'];
+
+	const fields = observableCommonFields
+		.filter((entry) => !excludeFields.includes(entry.id))
+		.map((entry) => {
+			const field: INodePropertyOptions = {
+				name: entry.displayName || entry.id,
+				value: entry.id,
+			};
+
+			return field;
+		});
+
+	returnData.push(...fields);
+	return returnData;
+}
+
+export async function loadTaskFields(this: ILoadOptionsFunctions): Promise<INodePropertyOptions[]> {
+	const fields = taskCommonFields.map((entry) => {
+		const field: INodePropertyOptions = {
+			name: entry.displayName || entry.id,
+			value: entry.id,
+		};
+
+		return field;
+	});
+
+	return fields;
+}

packages/nodes-base/nodes/TheHiveProject/methods/resourceMapping.ts

@@ -0,0 +1,442 @@
+import type {
+	FieldType,
+	IDataObject,
+	ILoadOptionsFunctions,
+	ResourceMapperField,
+	ResourceMapperFields,
+} from 'n8n-workflow';
+
+import { theHiveApiRequest } from '../transport';
+
+import {
+	loadAlertStatus,
+	loadCaseStatus,
+	loadCaseTemplate,
+	loadObservableTypes,
+	loadUsers,
+} from './loadOptions';
+
+import {
+	alertCommonFields,
+	caseCommonFields,
+	observableCommonFields,
+	taskCommonFields,
+} from '../helpers/constants';
+
+async function getCustomFields(this: ILoadOptionsFunctions) {
+	const customFields = (await theHiveApiRequest.call(this, 'POST', '/v1/query', {
+		query: [
+			{
+				_name: 'listCustomField',
+			},
+		],
+	})) as IDataObject[];
+
+	return customFields.map((field) => ({
+		displayName: `Custom Field: ${(field.displayName || field.name) as string}`,
+		id: `customFields.${field.name}`,
+		required: false,
+		display: true,
+		type: (field.options as string[])?.length ? 'options' : (field.type as FieldType),
+		defaultMatch: false,
+		options: (field.options as string[])?.length
+			? (field.options as string[]).map((option) => ({ name: option, value: option }))
+			: undefined,
+		removed: true,
+	}));
+}
+
+export async function getAlertFields(this: ILoadOptionsFunctions): Promise<ResourceMapperFields> {
+	const alertStatus = await loadAlertStatus.call(this);
+	const caseTemplates = await loadCaseTemplate.call(this);
+
+	const requiredFields = ['title', 'description', 'type', 'source', 'sourceRef'];
+	const excludeFields = ['addTags', 'removeTags', 'lastSyncDate'];
+
+	const fields: ResourceMapperField[] = alertCommonFields
+		.filter((entry) => !excludeFields.includes(entry.id))
+		.map((entry) => {
+			const type = entry.type as FieldType;
+			const field: ResourceMapperField = {
+				...entry,
+				type,
+				required: false,
+				display: true,
+				defaultMatch: false,
+			};
+
+			if (requiredFields.includes(entry.id)) {
+				field.required = true;
+			}
+
+			if (field.id === 'status') {
+				field.options = alertStatus;
+			}
+
+			if (field.id === 'caseTemplate') {
+				field.options = caseTemplates;
+			}
+			return field;
+		});
+
+	const customFields = (await getCustomFields.call(this)) || [];
+	fields.push(...customFields);
+
+	const columnData: ResourceMapperFields = {
+		fields,
+	};
+
+	return columnData;
+}
+
+export async function getAlertUpdateFields(
+	this: ILoadOptionsFunctions,
+): Promise<ResourceMapperFields> {
+	const alertStatus = await loadAlertStatus.call(this);
+	const excludedFromMatching = ['addTags', 'removeTags'];
+	const excludeFields = ['flag', 'caseTemplate'];
+
+	const alertUpdateFields = alertCommonFields
+		.filter((entry) => !excludeFields.includes(entry.id))
+		.map((entry) => {
+			const type = entry.type as FieldType;
+			const field: ResourceMapperField = {
+				...entry,
+				type,
+				required: false,
+				display: true,
+				defaultMatch: false,
+				canBeUsedToMatch: true,
+			};
+
+			if (excludedFromMatching.includes(field.id)) {
+				field.canBeUsedToMatch = false;
+			}
+
+			if (field.id === 'status') {
+				field.options = alertStatus;
+			}
+			return field;
+		});
+
+	const fields: ResourceMapperField[] = [
+		{
+			displayName: 'ID',
+			id: 'id',
+			required: false,
+			display: true,
+			type: 'string',
+			defaultMatch: true,
+			canBeUsedToMatch: true,
+		},
+		...alertUpdateFields,
+	];
+
+	const customFields = (await getCustomFields.call(this)) || [];
+	fields.push(...customFields);
+
+	const columnData: ResourceMapperFields = {
+		fields,
+	};
+
+	return columnData;
+}
+
+export async function getCaseFields(this: ILoadOptionsFunctions): Promise<ResourceMapperFields> {
+	const caseStatus = await loadCaseStatus.call(this);
+	const caseTemplates = await loadCaseTemplate.call(this);
+	const users = await loadUsers.call(this);
+
+	const requiredFields = ['title', 'description'];
+	const excludeCreateFields = ['impactStatus', 'taskRule', 'addTags', 'removeTags'];
+
+	const fields: ResourceMapperField[] = caseCommonFields
+		.filter((entry) => !excludeCreateFields.includes(entry.id))
+		.map((entry) => {
+			const type = entry.type as FieldType;
+			const field: ResourceMapperField = {
+				...entry,
+				type,
+				required: false,
+				display: true,
+				defaultMatch: false,
+			};
+
+			if (requiredFields.includes(entry.id)) {
+				field.required = true;
+			}
+
+			if (field.id === 'assignee') {
+				field.options = users;
+			}
+
+			if (field.id === 'status') {
+				field.options = caseStatus;
+			}
+
+			if (field.id === 'caseTemplate') {
+				field.options = caseTemplates;
+			}
+			return field;
+		});
+
+	const customFields = (await getCustomFields.call(this)) || [];
+	fields.push(...customFields);
+
+	const columnData: ResourceMapperFields = {
+		fields,
+	};
+
+	return columnData;
+}
+
+export async function getCaseUpdateFields(
+	this: ILoadOptionsFunctions,
+): Promise<ResourceMapperFields> {
+	const caseStatus = await loadCaseStatus.call(this);
+	const users = await loadUsers.call(this);
+
+	const excludedFromMatching = ['addTags', 'removeTags', 'taskRule', 'observableRule'];
+	const excludeUpdateFields = ['caseTemplate', 'tasks', 'sharingParameters'];
+
+	const caseUpdateFields = caseCommonFields
+		.filter((entry) => !excludeUpdateFields.includes(entry.id))
+		.map((entry) => {
+			const type = entry.type as FieldType;
+			const field: ResourceMapperField = {
+				...entry,
+				type,
+				required: false,
+				display: true,
+				defaultMatch: false,
+				canBeUsedToMatch: true,
+			};
+
+			if (excludedFromMatching.includes(field.id)) {
+				field.canBeUsedToMatch = false;
+			}
+
+			if (field.id === 'assignee') {
+				field.options = users;
+			}
+
+			if (field.id === 'status') {
+				field.options = caseStatus;
+			}
+			return field;
+		});
+
+	const fields: ResourceMapperField[] = [
+		{
+			displayName: 'ID',
+			id: 'id',
+			required: false,
+			display: true,
+			type: 'string',
+			defaultMatch: true,
+			canBeUsedToMatch: true,
+		},
+		...caseUpdateFields,
+	];
+
+	const customFields = (await getCustomFields.call(this)) || [];
+	fields.push(...customFields);
+
+	const columnData: ResourceMapperFields = {
+		fields,
+	};
+
+	return columnData;
+}
+
+export async function getTaskFields(this: ILoadOptionsFunctions): Promise<ResourceMapperFields> {
+	const users = await loadUsers.call(this);
+
+	const requiredFields = ['title'];
+
+	const fields: ResourceMapperField[] = taskCommonFields.map((entry) => {
+		const type = entry.type as FieldType;
+		const field: ResourceMapperField = {
+			...entry,
+			type,
+			required: false,
+			display: true,
+			defaultMatch: false,
+		};
+
+		if (requiredFields.includes(entry.id)) {
+			field.required = true;
+		}
+
+		if (field.id === 'assignee') {
+			field.options = users;
+		}
+
+		return field;
+	});
+
+	const columnData: ResourceMapperFields = {
+		fields,
+	};
+
+	return columnData;
+}
+
+export async function getTaskUpdateFields(
+	this: ILoadOptionsFunctions,
+): Promise<ResourceMapperFields> {
+	const users = await loadUsers.call(this);
+
+	const caseUpdateFields = taskCommonFields.map((entry) => {
+		const type = entry.type as FieldType;
+		const field: ResourceMapperField = {
+			...entry,
+			type,
+			required: false,
+			display: true,
+			defaultMatch: false,
+			canBeUsedToMatch: true,
+		};
+
+		if (field.id === 'assignee') {
+			field.options = users;
+		}
+
+		return field;
+	});
+
+	const fields: ResourceMapperField[] = [
+		{
+			displayName: 'ID',
+			id: 'id',
+			required: false,
+			display: true,
+			type: 'string',
+			defaultMatch: true,
+			canBeUsedToMatch: true,
+		},
+		...caseUpdateFields,
+	];
+
+	const columnData: ResourceMapperFields = {
+		fields,
+	};
+
+	return columnData;
+}
+
+export async function getLogFields(this: ILoadOptionsFunctions): Promise<ResourceMapperFields> {
+	const fields: ResourceMapperField[] = [
+		{
+			displayName: 'Message',
+			id: 'message',
+			required: true,
+			display: true,
+			type: 'string',
+			defaultMatch: true,
+		},
+		{
+			displayName: 'Start Date',
+			id: 'startDate',
+			required: false,
+			display: true,
+			type: 'dateTime',
+			defaultMatch: false,
+			removed: true,
+		},
+		{
+			displayName: 'Include In Timeline',
+			id: 'includeInTimeline',
+			required: false,
+			display: true,
+			type: 'dateTime',
+			defaultMatch: false,
+			removed: true,
+		},
+	];
+
+	const columnData: ResourceMapperFields = {
+		fields,
+	};
+
+	return columnData;
+}
+
+export async function getObservableFields(
+	this: ILoadOptionsFunctions,
+): Promise<ResourceMapperFields> {
+	const excludeFields = ['addTags', 'removeTags', 'dataType'];
+
+	const fields: ResourceMapperField[] = observableCommonFields
+		.filter((entry) => !excludeFields.includes(entry.id))
+		.map((entry) => {
+			const type = entry.type as FieldType;
+			const field: ResourceMapperField = {
+				...entry,
+				type,
+				required: false,
+				display: true,
+				defaultMatch: false,
+			};
+
+			return field;
+		});
+
+	const columnData: ResourceMapperFields = {
+		fields,
+	};
+
+	return columnData;
+}
+
+export async function getObservableUpdateFields(
+	this: ILoadOptionsFunctions,
+): Promise<ResourceMapperFields> {
+	const dataTypes = await loadObservableTypes.call(this);
+
+	const excludedFromMatching = ['addTags', 'removeTags'];
+	const excludeFields: string[] = ['attachment', 'data', 'startDate', 'zipPassword', 'isZip'];
+
+	const caseUpdateFields = observableCommonFields
+		.filter((entry) => !excludeFields.includes(entry.id))
+		.map((entry) => {
+			const type = entry.type as FieldType;
+			const field: ResourceMapperField = {
+				...entry,
+				type,
+				required: false,
+				display: true,
+				defaultMatch: false,
+				canBeUsedToMatch: true,
+			};
+
+			if (excludedFromMatching.includes(field.id)) {
+				field.canBeUsedToMatch = false;
+			}
+
+			if (field.id === 'dataType') {
+				field.options = dataTypes;
+			}
+
+			return field;
+		});
+
+	const fields: ResourceMapperField[] = [
+		{
+			displayName: 'ID',
+			id: 'id',
+			required: false,
+			display: true,
+			type: 'string',
+			defaultMatch: true,
+			canBeUsedToMatch: true,
+		},
+		...caseUpdateFields,
+	];
+
+	const columnData: ResourceMapperFields = {
+		fields,
+	};
+
+	return columnData;
+}