mirror of
https://github.com/overcuriousity/autopsy-flatpak.git
synced 2025-07-13 08:26:15 +00:00
Merge pull request #5477 from kellykelly3/5838-useful-correlation-engine-message
5838 useful correlation engine message
This commit is contained in:
Richard Cordovano
GitHub
commit
c6fc1dfda9
@ -5,7 +5,10 @@ CentralRepoCommentDialog.title.addEditCentralRepoComment=Add/Edit Central Reposi
|
|||||||
OpenIDE-Module-Name=Central Repository
|
OpenIDE-Module-Name=Central Repository
|
||||||
OpenIDE-Module-Display-Category=Ingest Module
|
OpenIDE-Module-Display-Category=Ingest Module
|
||||||
OpenIDE-Module-Short-Description=Correlation Engine Ingest Module
|
OpenIDE-Module-Short-Description=Correlation Engine Ingest Module
|
||||||
OpenIDE-Module-Long-Description=Correlation Engine ingest module and central database. \n\nThe Correlation Engine ingest module stores attributes of artifacts matching selected correlation types into a central database.\nStored attributes are used in future cases to correlate and analyzes files and artifacts during ingest.
|
OpenIDE-Module-Long-Description=\
|
||||||
|
Correlation Engine ingest module and central database. \n\n\
|
||||||
|
The Correlation Engine ingest module stores attributes of artifacts matching selected correlation types into a central database.\n\
|
||||||
|
Stored attributes are used in future cases to correlate and analyzes files and artifacts during ingest.
|
||||||
CentralRepoCommentDialog.commentLabel.text=Comment:
|
CentralRepoCommentDialog.commentLabel.text=Comment:
|
||||||
CentralRepoCommentDialog.okButton.text=&OK
|
CentralRepoCommentDialog.okButton.text=&OK
|
||||||
CentralRepoCommentDialog.cancelButton.text=C&ancel
|
CentralRepoCommentDialog.cancelButton.text=C&ancel
|
||||||
|
|||||||
@ -18,7 +18,6 @@
|
|||||||
*/
|
*/
|
||||||
package org.sleuthkit.autopsy.centralrepository.ingestmodule;
|
package org.sleuthkit.autopsy.centralrepository.ingestmodule;
|
||||||
|
|
||||||
import java.util.ArrayList;
|
|
||||||
import java.util.Arrays;
|
import java.util.Arrays;
|
||||||
import java.util.Collection;
|
import java.util.Collection;
|
||||||
import java.util.List;
|
import java.util.List;
|
||||||
@ -54,7 +53,6 @@ import org.sleuthkit.datamodel.BlackboardAttribute;
|
|||||||
import static org.sleuthkit.datamodel.BlackboardAttribute.ATTRIBUTE_TYPE.TSK_COMMENT;
|
import static org.sleuthkit.datamodel.BlackboardAttribute.ATTRIBUTE_TYPE.TSK_COMMENT;
|
||||||
import static org.sleuthkit.datamodel.BlackboardAttribute.ATTRIBUTE_TYPE.TSK_SET_NAME;
|
import static org.sleuthkit.datamodel.BlackboardAttribute.ATTRIBUTE_TYPE.TSK_SET_NAME;
|
||||||
import org.sleuthkit.datamodel.HashUtility;
|
import org.sleuthkit.datamodel.HashUtility;
|
||||||
import org.sleuthkit.datamodel.SleuthkitCase;
|
|
||||||
import org.sleuthkit.datamodel.TskCoreException;
|
import org.sleuthkit.datamodel.TskCoreException;
|
||||||
import org.sleuthkit.datamodel.TskData;
|
import org.sleuthkit.datamodel.TskData;
|
||||||
|
|
||||||
@ -355,7 +353,7 @@ final class CentralRepoIngestModule implements FileIngestModule {
|
|||||||
logger.log(Level.SEVERE, "Unable to index blackboard artifact " + tifArtifact.getArtifactID(), ex); //NON-NLS
|
logger.log(Level.SEVERE, "Unable to index blackboard artifact " + tifArtifact.getArtifactID(), ex); //NON-NLS
|
||||||
}
|
}
|
||||||
// send inbox message
|
// send inbox message
|
||||||
sendBadFileInboxMessage(tifArtifact, abstractFile.getName(), abstractFile.getMd5Hash());
|
sendBadFileInboxMessage(tifArtifact, abstractFile.getName(), abstractFile.getMd5Hash(), caseDisplayNames);
|
||||||
}
|
}
|
||||||
} catch (TskCoreException ex) {
|
} catch (TskCoreException ex) {
|
||||||
logger.log(Level.SEVERE, "Failed to create BlackboardArtifact.", ex); // NON-NLS
|
logger.log(Level.SEVERE, "Failed to create BlackboardArtifact.", ex); // NON-NLS
|
||||||
@ -364,6 +362,13 @@ final class CentralRepoIngestModule implements FileIngestModule {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@Messages({
|
||||||
|
"CentralRepoIngestModule_notable_message_header=<html>A file in this data source was previously seen and tagged as Notable.<br>",
|
||||||
|
"CentralRepoIngestModel_name_header=Name:<br>",
|
||||||
|
"CentralRepoIngestModel_previous_case_header=<br>Previous Cases:<br>"
|
||||||
|
|
||||||
|
})
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Post a message to the ingest inbox alerting the user that a bad file was
|
* Post a message to the ingest inbox alerting the user that a bad file was
|
||||||
* found.
|
* found.
|
||||||
@ -371,43 +376,17 @@ final class CentralRepoIngestModule implements FileIngestModule {
|
|||||||
* @param artifact badFile Blackboard Artifact
|
* @param artifact badFile Blackboard Artifact
|
||||||
* @param name badFile's name
|
* @param name badFile's name
|
||||||
* @param md5Hash badFile's md5 hash
|
* @param md5Hash badFile's md5 hash
|
||||||
|
* @param caseDisplayNames List of cases that the artifact appears in.
|
||||||
*/
|
*/
|
||||||
@Messages({"CentralRepoIngestModule.postToBB.fileName=File Name",
|
private void sendBadFileInboxMessage(BlackboardArtifact artifact, String name, String md5Hash, List<String> caseDisplayNames) {
|
||||||
"CentralRepoIngestModule.postToBB.md5Hash=MD5 Hash",
|
StringBuilder detailsSb = new StringBuilder(1024);
|
||||||
"CentralRepoIngestModule.postToBB.hashSetSource=Source of Hash",
|
|
||||||
"CentralRepoIngestModule.postToBB.eamHit=Central Repository",
|
|
||||||
"# {0} - Name of file that is Notable",
|
|
||||||
"CentralRepoIngestModule.postToBB.knownBadMsg=Notable: {0}"})
|
|
||||||
public void sendBadFileInboxMessage(BlackboardArtifact artifact, String name, String md5Hash) {
|
|
||||||
StringBuilder detailsSb = new StringBuilder();
|
|
||||||
//details
|
|
||||||
detailsSb.append("<table border='0' cellpadding='4' width='280'>"); //NON-NLS
|
|
||||||
//hit
|
|
||||||
detailsSb.append("<tr>"); //NON-NLS
|
|
||||||
detailsSb.append("<th>") //NON-NLS
|
|
||||||
.append(Bundle.CentralRepoIngestModule_postToBB_fileName())
|
|
||||||
.append("</th>"); //NON-NLS
|
|
||||||
detailsSb.append("<td>") //NON-NLS
|
|
||||||
.append(name)
|
|
||||||
.append("</td>"); //NON-NLS
|
|
||||||
detailsSb.append("</tr>"); //NON-NLS
|
|
||||||
|
|
||||||
detailsSb.append("<tr>"); //NON-NLS
|
|
||||||
detailsSb.append("<th>") //NON-NLS
|
|
||||||
.append(Bundle.CentralRepoIngestModule_postToBB_md5Hash())
|
|
||||||
.append("</th>"); //NON-NLS
|
|
||||||
detailsSb.append("<td>").append(md5Hash).append("</td>"); //NON-NLS
|
|
||||||
detailsSb.append("</tr>"); //NON-NLS
|
|
||||||
|
|
||||||
detailsSb.append("<tr>"); //NON-NLS
|
|
||||||
detailsSb.append("<th>") //NON-NLS
|
|
||||||
.append(Bundle.CentralRepoIngestModule_postToBB_hashSetSource())
|
|
||||||
.append("</th>"); //NON-NLS
|
|
||||||
detailsSb.append("<td>").append(Bundle.CentralRepoIngestModule_postToBB_eamHit()).append("</td>"); //NON-NLS
|
|
||||||
detailsSb.append("</tr>"); //NON-NLS
|
|
||||||
|
|
||||||
detailsSb.append("</table>"); //NON-NLS
|
|
||||||
|
|
||||||
|
detailsSb.append(Bundle.CentralRepoIngestModule_notable_message_header()).append(Bundle.CentralRepoIngestModel_name_header());
|
||||||
|
detailsSb.append(name).append(Bundle.CentralRepoIngestModel_previous_case_header());
|
||||||
|
for (String str : caseDisplayNames) {
|
||||||
|
detailsSb.append(str).append("<br>");
|
||||||
|
}
|
||||||
|
detailsSb.append("</html>");
|
||||||
services.postMessage(IngestMessage.createDataMessage(CentralRepoIngestModuleFactory.getModuleName(),
|
services.postMessage(IngestMessage.createDataMessage(CentralRepoIngestModuleFactory.getModuleName(),
|
||||||
Bundle.CentralRepoIngestModule_postToBB_knownBadMsg(name),
|
Bundle.CentralRepoIngestModule_postToBB_knownBadMsg(name),
|
||||||
detailsSb.toString(),
|
detailsSb.toString(),
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user