Merge pull request #2648 from sleuthkit/misc_demo_fixes

Added more support in tree for INTERESTING_ARTIFACTS and send ingest …

Core/src/org/sleuthkit/autopsy/datamodel/BlackboardArtifactNode.java

@@ -70,7 +70,8 @@ public class BlackboardArtifactNode extends DisplayableItemNode {
     private static final Integer[] SHOW_UNIQUE_PATH = new Integer[]{
         BlackboardArtifact.ARTIFACT_TYPE.TSK_HASHSET_HIT.getTypeID(),
         BlackboardArtifact.ARTIFACT_TYPE.TSK_KEYWORD_HIT.getTypeID(),
-        BlackboardArtifact.ARTIFACT_TYPE.TSK_INTERESTING_FILE_HIT.getTypeID(),};
+        BlackboardArtifact.ARTIFACT_TYPE.TSK_INTERESTING_FILE_HIT.getTypeID(),
+        BlackboardArtifact.ARTIFACT_TYPE.TSK_INTERESTING_ARTIFACT_HIT.getTypeID(),};
 
     // TODO (RC): This is an unattractive alternative to subclassing BlackboardArtifactNode,
     // cut from the same cloth as the equally unattractive SHOW_UNIQUE_PATH array
@@ -207,7 +208,9 @@ public class BlackboardArtifactNode extends DisplayableItemNode {
         // If this is a node for a keyword hit on an artifact, we set the
         // display name to be the artifact type name followed by " Artifact"
         // e.g. "Messages Artifact".
-        if (artifact != null && artifact.getArtifactTypeID() == ARTIFACT_TYPE.TSK_KEYWORD_HIT.getTypeID()) {
+        if (artifact != null && 
+                (artifact.getArtifactTypeID() == ARTIFACT_TYPE.TSK_KEYWORD_HIT.getTypeID() || 
+                artifact.getArtifactTypeID() == ARTIFACT_TYPE.TSK_INTERESTING_ARTIFACT_HIT.getTypeID())) {
             try {
                 for (BlackboardAttribute attribute : artifact.getAttributes()) {
                     if (attribute.getAttributeType().getTypeID() == ATTRIBUTE_TYPE.TSK_ASSOCIATED_ARTIFACT.getTypeID()) {

Core/src/org/sleuthkit/autopsy/modules/interestingitems/FilesIdentifierIngestModule.java

@@ -32,6 +32,7 @@ import org.sleuthkit.autopsy.coreutils.Logger;
 import org.sleuthkit.autopsy.coreutils.MessageNotifyUtil;
 import org.sleuthkit.autopsy.ingest.FileIngestModule;
 import org.sleuthkit.autopsy.ingest.IngestJobContext;
+import org.sleuthkit.autopsy.ingest.IngestMessage;
 import org.sleuthkit.autopsy.ingest.IngestModuleReferenceCounter;
 import org.sleuthkit.autopsy.ingest.IngestServices;
 import org.sleuthkit.autopsy.ingest.ModuleDataEvent;
@@ -55,6 +56,7 @@ final class FilesIdentifierIngestModule implements FileIngestModule {
     private static final IngestModuleReferenceCounter refCounter = new IngestModuleReferenceCounter();
     private static final Map<Long, List<FilesSet>> interestingFileSetsByJob = new ConcurrentHashMap<>();
     private final FilesIdentifierIngestJobSettings settings;
+    private final IngestServices services = IngestServices.getInstance();
     private IngestJobContext context;
     private Blackboard blackboard;
 
@@ -141,7 +143,18 @@ final class FilesIdentifierIngestModule implements FileIngestModule {
                         MessageNotifyUtil.Notify.error(Bundle.FilesIdentifierIngestModule_indexError_message(), artifact.getDisplayName());
                     }
 
-                    IngestServices.getInstance().fireModuleDataEvent(new ModuleDataEvent(moduleName, BlackboardArtifact.ARTIFACT_TYPE.TSK_INTERESTING_FILE_HIT, Collections.singletonList(artifact)));
+                    services.fireModuleDataEvent(new ModuleDataEvent(moduleName, BlackboardArtifact.ARTIFACT_TYPE.TSK_INTERESTING_FILE_HIT, Collections.singletonList(artifact)));
+
+                    // make an ingest inbox message
+                    StringBuilder detailsSb = new StringBuilder();
+                    detailsSb.append("File: " + file.getParentPath() + file.getName() + "<br/>\n");
+                    detailsSb.append("Rule Set: " + filesSet.getName());
+
+                    services.postMessage(IngestMessage.createDataMessage(InterestingItemsIngestModuleFactory.getModuleName(),
+                            "Interesting File Match: " + filesSet.getName() + "(" + file.getName() +")",
+                            detailsSb.toString(),
+                            file.getName(),
+                            artifact));
 
                 } catch (TskCoreException ex) {
                     FilesIdentifierIngestModule.logger.log(Level.SEVERE, "Error posting to the blackboard", ex); //NOI18N NON-NLS