mstoeck3/autopsy-flatpak
1
0
Fork 0
mirror of https://github.com/overcuriousity/autopsy-flatpak.git synced 2025-07-15 09:17:42 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #7183 from APriestman/7868_pastPersonas

Browse Source 
7868 Add past cases attribute to persona artifact
This commit is contained in:
Ann Priestman 2021-08-04 09:54:56 -04:00 committed by GitHub
commit 142aa040d4
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 15 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
Core/src/org/sleuthkit/autopsy/centralrepository/eventlisteners/IngestEventsListener.java
View File

@ -325,8 +325,10 @@ public class IngestEventsListener {
* @param originalArtifact the artifact to create the "previously unseen" item * @param originalArtifact the artifact to create the "previously unseen" item
* for * for
*/ */
static private void makeAndPostMatchingPersonaArtifact(BlackboardArtifact originalArtifact, Persona persona, CorrelationAttributeInstance.Type aType, String value) { static private void makeAndPostMatchingPersonaArtifact(BlackboardArtifact originalArtifact, Persona persona,
Collection<BlackboardAttribute> attributesForNewArtifact = Arrays.asList( List<String> caseDisplayNames, CorrelationAttributeInstance.Type aType, String value) {
String prevCases = caseDisplayNames.stream().distinct().collect(Collectors.joining(","));
Collection<BlackboardAttribute> attributesForNewArtifact = Arrays.asList(
new BlackboardAttribute( new BlackboardAttribute(
TSK_NAME, MODULE_NAME, TSK_NAME, MODULE_NAME,
persona.getName()), persona.getName()),
@ -338,7 +340,10 @@ public class IngestEventsListener {
aType.getDisplayName()), aType.getDisplayName()),
new BlackboardAttribute( new BlackboardAttribute(
TSK_CORRELATION_VALUE, MODULE_NAME, TSK_CORRELATION_VALUE, MODULE_NAME,
value) value),
new BlackboardAttribute(
TSK_OTHER_CASES, MODULE_NAME,
prevCases)
); );
makeAndPostPersonaArtifact(BlackboardArtifact.Type.TSK_MATCHING_PERSONA, originalArtifact, attributesForNewArtifact, "", makeAndPostPersonaArtifact(BlackboardArtifact.Type.TSK_MATCHING_PERSONA, originalArtifact, attributesForNewArtifact, "",
Score.SCORE_LIKELY_NOTABLE, "This account is associated with a persona"); Score.SCORE_LIKELY_NOTABLE, "This account is associated with a persona");
@ -665,11 +670,17 @@ public class IngestEventsListener {
String accountId = eamArtifact.getCorrelationValue(); String accountId = eamArtifact.getCorrelationValue();
Collection<Persona> personaMatches = Persona.getPersonaByAccountIdentifierLike(accountId); Collection<Persona> personaMatches = Persona.getPersonaByAccountIdentifierLike(accountId);
for (Persona persona : personaMatches) { for (Persona persona : personaMatches) {
// Make sure at least one account is an exact match.
boolean foundExactMatch = false;
for (PersonaAccount personaAccount : persona.getPersonaAccounts()) { for (PersonaAccount personaAccount : persona.getPersonaAccounts()) {
if (accountId.equalsIgnoreCase(personaAccount.getAccount().getIdentifier())) { if (accountId.equalsIgnoreCase(personaAccount.getAccount().getIdentifier())) {
makeAndPostMatchingPersonaArtifact(bbArtifact, persona, eamArtifact.getCorrelationType(), eamArtifact.getCorrelationValue()); foundExactMatch = true;
} }
} }
if (foundExactMatch) {
List<String> caseDisplayNames = persona.getCases().stream().map(p -> p.getDisplayName()).collect(Collectors.toList());
makeAndPostMatchingPersonaArtifact(bbArtifact, persona, caseDisplayNames, eamArtifact.getCorrelationType(), eamArtifact.getCorrelationValue());
}
} }
} }