Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

IOCTypes - PR 2045 #2050

Closed
lprat opened this issue Nov 27, 2021 · 4 comments
Closed

IOCTypes - PR 2045 #2050

lprat opened this issue Nov 27, 2021 · 4 comments
Assignees
@tomchop
Labels
Feature Request

Comments

@lprat
Copy link
Contributor

lprat commented Nov 27, 2021
edited
Loading

Hi @tomchop ,
Can you add possibility to configure from file /etc/timesketch/ioctype.yaml (by example), the choice of IOC Type that you can use in your interface intelligence ? Because today, these values are fixed:

timesketch/timesketch/frontend/src/components/Common/TsIOCMenu.vue

Lines 67 to 76 in 8f74f17

IOCTypes: [
{ regex: /^(\/[\S]+)+$/i, type: 'fs_path' },
{ regex: /^([-\w]+\.)+[a-z]{2,}$/i, type: 'hostname' },
{ regex: /^((25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)$/g, type: 'ip' },
{ regex: /^[0-9a-f]{64}$/i, type: 'hash_sha256' },
{ regex: /^[0-9a-f]{40}$/i, type: 'hash_sha1' },
{ regex: /^[0-9a-f]{32}$/i, type: 'hash_md5' },
// Match any "other" selection
{ regex: /./g, type: 'other' },
],

Exemple of file ioctype.yaml (user can add new IOC type like URL, email, ...):

fs_path:
        regex: /^(\/[\S]+)+$/i
hostname:
        regex: /^([-\w]+\.)+[a-z]{2,}$/i
ipv4:
        regex: /^((25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)$/g
hash_sha256:
        regex: /^[0-9a-f]{64}$/i
hash_sha1:
        regex: /^[0-9a-f]{40}$/i
hash_md5:
        regex: /^[0-9a-f]{32}$/i
other:
        regex: /./g

Thank for your help!
Lionel
@tomchop
Copy link
Collaborator

tomchop commented Jan 26, 2022
edited
Loading

Since these are pure UI components, it's a little tricky to achieve without having to rebuild the UI (I think). But I'll keep it in mind!

The most straightforward way I can think of is to have the yaml file be loaded by the API backend, and have the frontend query that to obtain the data. Maybet there's a solution somewhere with webpack, but I don't know enough about it to be sure.

@tomchop tomchop self-assigned this Jan 26, 2022
@tomchop
Copy link
Collaborator

tomchop commented Jan 26, 2022

I've separated the hardcoded IOCTypes into their own JavaScript file here: #2123. Still, the UI will need to be rebuilt if these change.

@jaegeral
Copy link
Collaborator

jaegeral commented Dec 2, 2022

@tomchop can we close this one?

@tomchop
Copy link
Collaborator

tomchop commented Dec 5, 2022

@lprat These values are currently fixed, but we are working on another (larger) feature to include more settings in Timesketch - we'll be using that to store the regexes / IOC types. For now, the fixed values are the way to go.

@tomchop tomchop closed this as completed Dec 5, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@tomchop tomchop

Labels
Feature Request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@jaegeral @lprat @tomchop