diff --git a/docs/doxygen-user/data_source_summary.dox b/docs/doxygen-user/data_source_summary.dox index f656e5a6ab..459dd7f611 100644 --- a/docs/doxygen-user/data_source_summary.dox +++ b/docs/doxygen-user/data_source_summary.dox @@ -32,7 +32,7 @@ The Types tab shows counts of different file types found in the data source. \subsection ds_summary_user_activity User Activity -The User Activity tab shows the most recent results found in the data source. +The User Activity tab shows the most recent results found in the data source. You can right click on a row to navigate directly to the corresponding result. \image html ds_summary_user_activity.png @@ -44,7 +44,7 @@ The Analysis tab shows the sets with the most results from the \ref hash_db_page \subsection ds_summary_recent_files Recent Files -The Recent Files tab shows information on the most recent files opened and downloaded. +The Recent Files tab shows information on the most recent files opened and downloaded. You can right click on a row to navigate directly to the corresponding file or result. \image html ds_summary_recent_files.png @@ -56,6 +56,18 @@ The Past Cases tab shows which cases had results or notable files in common with Note that because these entries are based on the Interesting Items results created during ingest and not querying the central repository, they will not reflect any matches in cases processed after this case. For example, suppose we create Case A and ingest a data source with Device Z. If we make a new case Case B afterward and ingest a data source that also has Device Z, we would see Case A listed in this tab for Case B, but if we reopened Case A we would not see Case B listed unless ingest was run again. +\subsection ds_summary_geo Geolocation + +The Geolocation tab uses the coordinates from geolocation results to find the nearest city for each and displays the most recent cities and most common cities. If the location is more than 150 km from a city then it will be displayed as "Unknown". The "View in Map" button under the recent cities table will open the \ref geolocation_page "Geolocation window" showing all waypoints for this data source with timestamps in the last 30 days. The "View in Map" button under the most common cities will show all waypoints for this data source. + +\image html ds_summary_geo.png + +\subsection ds_summary_timeline Timeline + +The Timeline tab shows a simplified version of the \ref timeline_page "Timeline Viewer" for the selected data source. It will show events for the last 30 days of activity in the data source and give the first and last dates of activity. "File events" represent file creation, modification, access, and change. "Result events" represent the results from running ingest, such as the time a message was sent or when a URL was accessed. The "View in Timeline" button will open the main \ref timeline_page "Timeline Viewer". + +\image html ds_summary_timeline.png + \subsection ds_summary_ingest_history Ingest History The Ingest History tab shows which ingest modules have been run on the data source and the version of each module. diff --git a/docs/doxygen-user/images/DataSourceSummary/ds_summary_analysis.png b/docs/doxygen-user/images/DataSourceSummary/ds_summary_analysis.png index 15957a0712..a1e6bfb842 100644 Binary files a/docs/doxygen-user/images/DataSourceSummary/ds_summary_analysis.png and b/docs/doxygen-user/images/DataSourceSummary/ds_summary_analysis.png differ diff --git a/docs/doxygen-user/images/DataSourceSummary/ds_summary_container.png b/docs/doxygen-user/images/DataSourceSummary/ds_summary_container.png index 3adf7ec40d..3d51efee73 100644 Binary files a/docs/doxygen-user/images/DataSourceSummary/ds_summary_container.png and b/docs/doxygen-user/images/DataSourceSummary/ds_summary_container.png differ diff --git a/docs/doxygen-user/images/DataSourceSummary/ds_summary_geo.png b/docs/doxygen-user/images/DataSourceSummary/ds_summary_geo.png new file mode 100644 index 0000000000..6b6d1c5931 Binary files /dev/null and b/docs/doxygen-user/images/DataSourceSummary/ds_summary_geo.png differ diff --git a/docs/doxygen-user/images/DataSourceSummary/ds_summary_ingest.png b/docs/doxygen-user/images/DataSourceSummary/ds_summary_ingest.png index 203e9c44ee..d3a1a970a9 100644 Binary files a/docs/doxygen-user/images/DataSourceSummary/ds_summary_ingest.png and b/docs/doxygen-user/images/DataSourceSummary/ds_summary_ingest.png differ diff --git a/docs/doxygen-user/images/DataSourceSummary/ds_summary_past_cases.png b/docs/doxygen-user/images/DataSourceSummary/ds_summary_past_cases.png index 591cb66867..3b47578b0e 100644 Binary files a/docs/doxygen-user/images/DataSourceSummary/ds_summary_past_cases.png and b/docs/doxygen-user/images/DataSourceSummary/ds_summary_past_cases.png differ diff --git a/docs/doxygen-user/images/DataSourceSummary/ds_summary_recent_files.png b/docs/doxygen-user/images/DataSourceSummary/ds_summary_recent_files.png index af63e103f7..3eeaeffd89 100644 Binary files a/docs/doxygen-user/images/DataSourceSummary/ds_summary_recent_files.png and b/docs/doxygen-user/images/DataSourceSummary/ds_summary_recent_files.png differ diff --git a/docs/doxygen-user/images/DataSourceSummary/ds_summary_result_viewer.png b/docs/doxygen-user/images/DataSourceSummary/ds_summary_result_viewer.png index ad16f2e031..8f2b4d3f47 100644 Binary files a/docs/doxygen-user/images/DataSourceSummary/ds_summary_result_viewer.png and b/docs/doxygen-user/images/DataSourceSummary/ds_summary_result_viewer.png differ diff --git a/docs/doxygen-user/images/DataSourceSummary/ds_summary_timeline.png b/docs/doxygen-user/images/DataSourceSummary/ds_summary_timeline.png new file mode 100644 index 0000000000..1ab2cdc033 Binary files /dev/null and b/docs/doxygen-user/images/DataSourceSummary/ds_summary_timeline.png differ diff --git a/docs/doxygen-user/images/DataSourceSummary/ds_summary_types.png b/docs/doxygen-user/images/DataSourceSummary/ds_summary_types.png index db3f4a14f9..2bf93d3f90 100644 Binary files a/docs/doxygen-user/images/DataSourceSummary/ds_summary_types.png and b/docs/doxygen-user/images/DataSourceSummary/ds_summary_types.png differ diff --git a/docs/doxygen-user/images/DataSourceSummary/ds_summary_user_activity.png b/docs/doxygen-user/images/DataSourceSummary/ds_summary_user_activity.png index 2ce9dcaf16..7b6d4d09f5 100644 Binary files a/docs/doxygen-user/images/DataSourceSummary/ds_summary_user_activity.png and b/docs/doxygen-user/images/DataSourceSummary/ds_summary_user_activity.png differ diff --git a/docs/doxygen-user/images/DataSourceSummary/ds_summary_window.png b/docs/doxygen-user/images/DataSourceSummary/ds_summary_window.png index 745c3b1d97..a9d61e9084 100644 Binary files a/docs/doxygen-user/images/DataSourceSummary/ds_summary_window.png and b/docs/doxygen-user/images/DataSourceSummary/ds_summary_window.png differ