Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Unfurl integration #2897

Merged
merged 25 commits into from
Oct 24, 2023
Merged

Unfurl integration #2897

merged 25 commits into from
Oct 24, 2023

Conversation

jkppr
Copy link
Collaborator

@jkppr jkppr commented Sep 19, 2023
edited
Loading

Integrating the dfir-unfurl project into timesketch via the context links. This feature will allow for using unful on every URL in a timesketch url attribute (configurable). Having the unfurl function included in Timesketch allows for easy analysis and understanding of URLs encountered during the investigation.

image

This PR does:

  • Add the concept of "build-in modules" to the context links.
  • Add dfir-unfurl as a requirement for timesketch.
  • Add an API endpoint to handle unfurl requests and return the graph in a json format.
  • Add the API call to the frontend API client. (+ fix some string formatting)
  • Add an UnfurlDialog component that will render the unfurl graph using the cytoscape js lib
  • Adjust the EventDetail component to trigger the unfurl dialog for defined attributes.

Open tasks:

  • Fine tune the cytoscape graph:
    • Center graph on loading
    • Dynamically scale the dialog?
    • Tweak the layout and style to look like the original unfurl graph.
  • Add mouseover in the graph to show unfurl context on edges and nodes.
  • Update the context links to support modules
  • Update the tsctl validate-context-links-conf
  • Update unit tests

@jkppr jkppr self-assigned this Sep 19, 2023
@berggren berggren added this to the Release: 20231025 milestone Sep 19, 2023
@berggren berggren changed the title Unfurl integration into timesketch Unfurl integration Sep 29, 2023
@berggren
Copy link
Contributor

AHey @jkppr is this still draft or is it ready for review?

@jkppr
Copy link
Collaborator Author

jkppr commented Sep 29, 2023
edited
Loading

@berggren it is still in draft. There is still some fine tuning around the graph and the setup to be done.

@berggren
Copy link
Contributor

@berggren it is still in draft. There is still some fine tuning around the graph and the setup to be done.

Ack, thanks for the update. Let me know when it is ready for review.

Also, @obsidianforensics for awareness, unfurl is being integrated to TS :)

@berggren
Copy link
Contributor

@obsidianforensics One idea, could we use the official Unfurl logo in the TS UI? That would be nice :)

@obsidianforensics
Copy link
Contributor

Sorry, didn't see the comment until now :/

This is amazing! And yes, please use the official logos wherever you'd like. https://github.com/obsidianforensics/unfurl/tree/main/unfurl/static has a number of different types - I'd probably recommend the square u one rather than the recentagle unfurl one, but feel free to use any.

@jkppr jkppr marked this pull request as ready for review October 24, 2023 07:17
@jkppr jkppr requested a review from berggren October 24, 2023 07:18
@jkppr
+ Adding zoom icon
c63389e 
+ Adding reset icon
berggren
berggren requested changes Oct 24, 2023
View reviewed changes
test_tools/test_events/mock_context_links.yaml Outdated Show resolved Hide resolved
timesketch/frontend-ng/src/components/Explore/UnfurlDialog.vue Outdated Show resolved Hide resolved
timesketch/tsctl.py Show resolved Hide resolved
timesketch/frontend-ng/public/unfurl-logo.png Outdated Show resolved Hide resolved
@jkppr jkppr requested a review from berggren October 24, 2023 14:43
@jkppr jkppr merged commit 1670b98 into google:master Oct 24, 2023
24 checks passed
@jkppr jkppr deleted the ui_timesketch_unfurl_integration branch October 24, 2023 15:13
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@obsidianforensics obsidianforensics obsidianforensics left review comments

@berggren berggren berggren approved these changes

Assignees

@jkppr jkppr

Labels
Backend Frontend
Projects
None yet
Milestone
Release: 20231025
Development

Successfully merging this pull request may close these issues.
3 participants
@jkppr @berggren @obsidianforensics