work in progress for idaholab#331, improvements to extracted_files_ht…

…tp_server.py and the setting/creation of ACL rules on hedgehog

arkime/etc/config.ini

@@ -515,9 +515,9 @@ zeek.files.md5=db:zeek.files.md5;group:zeek_files;kind:termfield;viewerOnly:true
 zeek.files.sha1=db:zeek.files.sha1;group:zeek_files;kind:termfield;viewerOnly:true;friendly:SHA1 Digest;help:SHA1 Digest
 zeek.files.sha256=db:zeek.files.sha256;group:zeek_files;kind:termfield;viewerOnly:true;friendly:SHA256 Digest;help:SHA256 Digest
 zeek.files.extracted=db:zeek.files.extracted;group:zeek_files;kind:termfield;viewerOnly:true;friendly:Extracted Filename;help:Extracted Filename
+zeek.files.extracted_uri=db:zeek.files.extracted_uri;group:zeek_files;kind:termfield;viewerOnly:true;friendly:Extracted Filename URL;help:Extracted File URL
 zeek.files.extracted_cutoff=db:zeek.files.extracted_cutoff;group:zeek_files;kind:termfield;viewerOnly:true;friendly:Truncated;help:Truncated
 zeek.files.extracted_size=db:zeek.files.extracted_size;group:zeek_files;kind:integer;viewerOnly:true;friendly:Extracted Bytes;help:Extracted Bytes
-zeek.files.extracted_uri=db:zeek.files.extracted_uri;group:zeek_files;kind:termfield;viewerOnly:true;friendly:Extracted Filename URL;help:Extracted File URL
 
 # ftp.log
 # https://docs.zeek.org/en/stable/scripts/base/protocols/ftp/info.zeek.html#type-FTP::Info
@@ -2663,7 +2663,7 @@ o_zeek_ecat_log_address=require:zeek.ecat_log_address;title:Zeek ecat_log_addres
 o_zeek_ecat_registers=require:zeek.ecat_registers;title:Zeek ecat_registers.log;fields:zeek.ecat_registers.command,zeek.ecat_registers.server_addr,zeek.ecat_registers.register_type,zeek.ecat_registers.register_addr,zeek.ecat_registers.data
 o_zeek_ecat_soe_info=require:zeek.ecat_soe_info;title:Zeek ecat_soe_info.log;fields:zeek.ecat_soe_info.opcode,zeek.ecat_soe_info.incomplete,zeek.ecat_soe_info.error,zeek.ecat_soe_info.drive_num,zeek.ecat_soe_info.element,zeek.ecat_soe_info.index
 o_zeek_enip=require:zeek.enip;title:Zeek enip.log;fields:zeek.enip.enip_command,zeek.enip.enip_command_code,zeek.enip.length,zeek.enip.session_handle,zeek.enip.enip_status,zeek.enip.sender_context,zeek.enip.options
-o_zeek_files=require:zeek.files;title:Zeek files.log;fields:zeek.files.tx_hosts,zeek.files.rx_hosts,zeek.files.conn_uids,zeek.files.source,zeek.files.depth,zeek.files.analyzers,zeek.files.mime_type,zeek.files.filename,zeek.files.ftime,zeek.files.duration,zeek.files.local_orig,zeek.files.seen_bytes,zeek.files.total_bytes,zeek.files.missing_bytes,zeek.files.overflow_bytes,zeek.files.timedout,zeek.files.parent_fuid,zeek.files.md5,zeek.files.sha1,zeek.files.sha256,zeek.files.extracted,zeek.files.extracted_cutoff,zeek.files.extracted_size,zeek.files.extracted_uri
+o_zeek_files=require:zeek.files;title:Zeek files.log;fields:zeek.files.tx_hosts,zeek.files.rx_hosts,zeek.files.conn_uids,zeek.files.source,zeek.files.depth,zeek.files.analyzers,zeek.files.mime_type,zeek.files.filename,zeek.files.ftime,zeek.files.duration,zeek.files.local_orig,zeek.files.seen_bytes,zeek.files.total_bytes,zeek.files.missing_bytes,zeek.files.overflow_bytes,zeek.files.timedout,zeek.files.parent_fuid,zeek.files.md5,zeek.files.sha1,zeek.files.sha256,zeek.files.extracted,zeek.files.extracted_uri,zeek.files.extracted_cutoff,zeek.files.extracted_size
 o_zeek_ftp=require:zeek.ftp;title:Zeek ftp.log;fields:zeek.ftp.command,zeek.ftp.arg,zeek.ftp.mime_type,zeek.ftp.file_size,zeek.ftp.reply_code,zeek.ftp.reply_msg,zeek.ftp.data_channel.passive,zeek.ftp.data_channel.orig_h,zeek.ftp.data_channel.resp_h,zeek.ftp.data_channel.resp_p
 o_zeek_genisys=require:zeek.genisys;title:Zeek genisys.log;fields:zeek.genisys.header,zeek.genisys.server,zeek.genisys.direction,zeek.genisys.crc_transmitted,zeek.genisys.crc_calculated,zeek.genisys.payload.address,zeek.genisys.payload.data
 o_zeek_gquic=require:zeek.gquic;title:Zeek gquic.log;fields:zeek.gquic.version,zeek.gquic.server_name,zeek.gquic.user_agent,zeek.gquic.tag_count,zeek.gquic.cyu,zeek.gquic.cyutags

arkime/wise/source.zeeklogs.js

@@ -2269,11 +2269,6 @@ class MalcolmSource extends WISESource {
     var apiURL = "/mapi/agg/%DBFIELD%?from=%ISOSTART%&to=%ISOSTOP%";
     this.api.addFieldAction("malcolm_mapi_fields_zeek", { name: apiLabel, url: apiURL, all: true });
 
-    // add rick-click for extracted-files
-    var extractedFilesLabel = "Browse Extracted Files";
-    var extractedFilesURL = "/extracted-files/";
-    this.api.addFieldAction("malcolm_mapi_field_extracted_files", { name: extractedFilesLabel, url: extractedFilesURL, fields: carvedFieldsStr });
-
     // add right-click for viewing original JSON document
     this.api.addValueAction("malcolm_json_source", { name: "%DBFIELD% Document(s) JSON", url: "/mapi/document?filter={\"%DBFIELD%\":\"%TEXT%\"}", fields: "communityId,event.id,id,network.community_id,rootId,zeek.fuid,zeek.uid" });