chg: [sow item] show item investigations

This commit is contained in:
Terrtia 2023-06-07 14:17:06 +02:00
parent 9776ebb070
commit f540df0ff2
No known key found for this signature in database
GPG key ID: 1E1B1F50D84613D0
3 changed files with 170 additions and 48 deletions

View file

@ -283,6 +283,8 @@ class Item(AbstractObject):
if 'mimetype' in options: if 'mimetype' in options:
content = meta.get('content') content = meta.get('content')
meta['mimetype'] = self.get_mimetype(content=content) meta['mimetype'] = self.get_mimetype(content=content)
if 'investigations' in options:
meta['investigations'] = self.get_investigations()
# meta['encoding'] = None # meta['encoding'] = None
return meta return meta

View file

@ -25,6 +25,7 @@ from lib.objects.Items import Item
from lib.objects.Screenshots import Screenshot from lib.objects.Screenshots import Screenshot
from lib import Tag from lib import Tag
from lib import Investigations
from lib import module_extractor from lib import module_extractor
@ -66,7 +67,7 @@ def showItem(): # # TODO: support post
abort(404) abort(404)
item = Item(item_id) item = Item(item_id)
meta = item.get_meta(options={'content', 'crawler', 'duplicates', 'lines', 'size'}) meta = item.get_meta(options={'content', 'crawler', 'duplicates', 'investigations', 'lines', 'size'})
meta['name'] = meta['id'].replace('/', ' / ') meta['name'] = meta['id'].replace('/', ' / ')
meta['father'] = item_basic.get_item_parent(item_id) meta['father'] = item_basic.get_item_parent(item_id)
@ -75,6 +76,15 @@ def showItem(): # # TODO: support post
# meta['hive_case'] = Export.get_item_hive_cases(item_id) # meta['hive_case'] = Export.get_item_hive_cases(item_id)
meta['hive_case'] = None meta['hive_case'] = None
if meta.get('investigations'):
invests = []
for investigation_uuid in meta['investigations']:
inv = Investigations.Investigation(investigation_uuid)
invests.append(inv.get_metadata(r_str=True))
meta['investigations'] = invests
else:
meta['investigations'] = []
extracted = module_extractor.extract(item.id, content=meta['content']) extracted = module_extractor.extract(item.id, content=meta['content'])
extracted_matches = module_extractor.get_extracted_by_match(extracted) extracted_matches = module_extractor.get_extracted_by_match(extracted)

View file

@ -145,7 +145,117 @@
</div> </div>
{% endif %} {% endif %}
{% if meta['duplicates'] != 0 %} {% if meta['investigations'] %}
<div id="accordionInvestigation" class="mb-2 mx-3">
<div class="card">
<div class="card-header py-1" id="headingInvestigation">
<div class="row">
<div class="col-11">
<div class="mt-2">
<i class="fas fa-microscope"></i> Investigations&nbsp;&nbsp;
<div class="badge badge-warning">{{meta['investigations']|length}}</div>
</div>
</div>
<div class="col-1">
<button class="btn btn-link btn-lg py-2 float-right rotate" data-toggle="collapse" data-target="#collapseInvestigation" aria-expanded="true" aria-controls="collapseInvestigation">
<i class="fas fa-chevron-circle-down"></i>
</button>
</div>
</div>
</div>
<div id="collapseInvestigation" class="collapse" aria-labelledby="headingInvestigation" data-parent="#accordionInvestigation">
<div class="card-body">
<table id="table_investigation" class="table table-striped border-primary">
<thead class="bg-dark text-white">
<tr>
<th>Name</th>
<th>Date</th>
<th>last modified</th>
<td>Info</td>
<th>Nb Objects</th>
</tr>
</thead>
<tbody style="font-size: 15px;">
{% for dict_investigation in meta['investigations'] %}
<tr class="border-color: blue;">
<td>
<a href="{{ url_for('investigations_b.show_investigation') }}?uuid={{ dict_investigation['uuid'] }}">
{{ dict_investigation['info']}}
<div>
{% for tag in dict_investigation['tags'] %}
<span class="badge badge-{{ bootstrap_label[loop.index0 % 5] }} pull-left">{{ tag }}</span>
{% endfor %}
</div>
</a>
</td>
<td>{{ dict_investigation['date']}}</td>
<td>{{ dict_investigation['last_change']}}</td>
<td>{{ dict_investigation['info']}}</td>
<td>{{ dict_investigation['nb_objects']}}</td>
</tr>
{% endfor %}
</tbody>
</table>
</div>
</div>
</div>
</div>
{% endif %}
{% if l_64|length != 0 %}
<div id="accordionDecoded" class="mb-3">
<div class="card">
<div class="card-header py-1" id="headingDecoded">
<div class="row">
<div class="col-11">
<div class="mt-2">
<i class="fas fa-lock-open"></i> Decoded Files&nbsp;&nbsp;
<div class="badge badge-warning">{{l_64|length}}</div>
</div>
</div>
<div class="col-1">
<button class="btn btn-link py-2 float-right rotate" data-toggle="collapse" data-target="#collapseDecoded" aria-expanded="true" aria-controls="collapseDecoded">
<i class="fas fa-chevron-circle-down"></i>
</button>
</div>
</div>
</div>
<div id="collapseDecoded" class="collapse show" aria-labelledby="headingDecoded" data-parent="#accordionDecoded">
<div class="card-body">
<table id="tableb64" class="red_table table table-striped">
<thead>
<tr>
<th>estimated type</th>
<th>hash</th>
</tr>
</thead>
<tbody>
{% for b64 in l_64 %}
<tr>
<td><i class="fas {{ b64[0] }}"></i>&nbsp;&nbsp;{{ b64[1] }}</td>
<td><a target="_blank" href="{{ url_for('correlation.show_correlation') }}?type=decoded&id={{ b64[2] }}"> {{b64[2]}} ({{ b64[4] }})</a></td>
</tr>
{% endfor %}
</tbody>
</table>
</div>
</div>
</div>
</div>
{% endif %}
{% if meta['duplicates'] %}
<div id="accordionDuplicate" class="mb-2 mx-3"> <div id="accordionDuplicate" class="mb-2 mx-3">
<div class="card"> <div class="card">
<div class="card-header py-1" id="headingDuplicate"> <div class="card-header py-1" id="headingDuplicate">
@ -219,52 +329,52 @@
{% endif %} {% endif %}
{% if l_64|length != 0 %} {# {% if l_64|length != 0 %}#}
<div id="accordionDecoded" class="mb-3"> {# <div id="accordionDecoded" class="mb-3">#}
<div class="card"> {# <div class="card">#}
<div class="card-header py-1" id="headingDecoded"> {# <div class="card-header py-1" id="headingDecoded">#}
<div class="row"> {# <div class="row">#}
<div class="col-11"> {# <div class="col-11">#}
<div class="mt-2"> {# <div class="mt-2">#}
<i class="fas fa-lock-open"></i> Decoded Files&nbsp;&nbsp; {# <i class="fas fa-lock-open"></i> Decoded Files&nbsp;&nbsp;#}
<div class="badge badge-warning">{{l_64|length}}</div> {# <div class="badge badge-warning">{{l_64|length}}</div>#}
</div> {# </div>#}
</div> {# </div>#}
<div class="col-1"> {# <div class="col-1">#}
<button class="btn btn-link py-2 float-right rotate" data-toggle="collapse" data-target="#collapseDecoded" aria-expanded="true" aria-controls="collapseDecoded"> {# <button class="btn btn-link py-2 float-right rotate" data-toggle="collapse" data-target="#collapseDecoded" aria-expanded="true" aria-controls="collapseDecoded">#}
<i class="fas fa-chevron-circle-down"></i> {# <i class="fas fa-chevron-circle-down"></i>#}
</button> {# </button>#}
</div> {# </div>#}
</div> {# </div>#}
</div> {# </div>#}
{##}
<div id="collapseDecoded" class="collapse show" aria-labelledby="headingDecoded" data-parent="#accordionDecoded"> {# <div id="collapseDecoded" class="collapse show" aria-labelledby="headingDecoded" data-parent="#accordionDecoded">#}
<div class="card-body"> {# <div class="card-body">#}
{##}
<table id="tableb64" class="red_table table table-striped"> {# <table id="tableb64" class="red_table table table-striped">#}
<thead> {# <thead>#}
<tr> {# <tr>#}
<th>estimated type</th> {# <th>estimated type</th>#}
<th>hash</th> {# <th>hash</th>#}
</tr> {# </tr>#}
</thead> {# </thead>#}
<tbody> {# <tbody>#}
{% for b64 in l_64 %} {# {% for b64 in l_64 %}#}
<tr> {# <tr>#}
<td><i class="fas {{ b64[0] }}"></i>&nbsp;&nbsp;{{ b64[1] }}</td> {# <td><i class="fas {{ b64[0] }}"></i>&nbsp;&nbsp;{{ b64[1] }}</td>#}
<td><a target="_blank" href="{{ url_for('correlation.show_correlation') }}?type=decoded&id={{ b64[2] }}"> {{b64[2]}} ({{ b64[4] }})</a></td> {# <td><a target="_blank" href="{{ url_for('correlation.show_correlation') }}?type=decoded&id={{ b64[2] }}"> {{b64[2]}} ({{ b64[4] }})</a></td>#}
</tr> {# </tr>#}
{% endfor %} {# {% endfor %}#}
</tbody> {# </tbody>#}
</table> {# </table>#}
{##}
</div> {# </div>#}
</div> {# </div>#}
{##}
{##}
</div> {# </div>#}
</div> {# </div>#}
{% endif %} {# {% endif %}#}
{% if meta['crawler'] %} {% if meta['crawler'] %}