Consolidate Analysis Meta Information

[mr-tz]

from -vv output I think the following items are

• important and should be shown by default
• details that could be expanded on demand
  • putting this into a separate (expandable/hideable) section would save some space and reduce the clutter

IMPORTANT
md5                     6a352c3e55e8ae5ed39dc1be7fb964b1
sha1                    e2cfb70c2757270288d10008fb4c8d3c2afd8fc3
sha256                  c69121a994ea8ff188510f41890208625710870af9a06b005db817934b517bc1
path                    tests/data/6a352c3e55e8ae5ed39dc1be7fb964b1.dll_
timestamp               2024-07-04 08:48:17.995087
capa version            7.1.0
---
DETAILS
os                      windows
format                  pe
arch                    i386
analysis                static  << may also be IMPORTANT
extractor               VivisectFeatureExtractor
base address            0x10000000
rules                   capa/rules  << may also be IMPORTANT
---
TO DISCUSS, MAYBE IMPORTANT
function count          685
library function count  303
total feature count     28147

[williballenthin]

I've mocked up a layout that conveys a bunch of the key information quickly:

(edit: I've learned my lesson not to publicly post the editor link to the mockup, sorry the original mockup has been destroyed)

In particular, I think this layout uses more horizontal space, letting the key information (the capa rule matches) float higher above the fold.

Something else we can do is put the full metadata at the bottom of the page, keeping only the most important into at the top.

We might also consider porting the best ideas to the CLI interface, too.

[mike-hunhoff]

Completed