chg: [show tracker] filter result by object type

Author: Terrtia

bin/lib/Tracker.py

@@ -390,13 +390,22 @@ def get_objs(self):
     def get_nb_objs_by_date(self, date):
         return r_tracker.scard(f'tracker:objs:{self.uuid}:{date}')
 
-    def get_objs_by_date(self, date):
-        return r_tracker.smembers(f'tracker:objs:{self.uuid}:{date}')
+    def get_objs_by_date(self, date, obj_types=[]):
+        objs = r_tracker.smembers(f'tracker:objs:{self.uuid}:{date}')
+        if obj_types:
+            l_objs = set()
+            for obj in objs:
+                obj_type = obj.split(':', 1)[0]
+                if obj_type in obj_types:
+                    l_objs.add(obj)
+            return l_objs
+        else:
+            return objs
 
-    def get_objs_by_daterange(self, date_from, date_to):
+    def get_objs_by_daterange(self, date_from, date_to, obj_types):
         objs = set()
         for date in Date.get_daterange(date_from, date_to):
-            objs |= self.get_objs_by_date(date)
+            objs |= self.get_objs_by_date(date, obj_types=obj_types)
         return objs
 
     def get_obj_dates(self, obj_type, subtype, obj_id):

var/www/blueprints/hunters.py

@@ -153,21 +153,34 @@ def tracked_menu_admin():
                            bootstrap_label=bootstrap_label)
 
 
-@hunters.route("/tracker/show")
+@hunters.route("/tracker/show", methods=['GET', 'POST'])
 @login_required
 @login_read_only
 def show_tracker():
     user_id = current_user.get_user_id()
     user_org = current_user.get_org()
     user_role = current_user.get_role()
-    tracker_uuid = request.args.get('uuid', None)
+    filter_obj_types = []
+
+    if request.method == 'POST':
+        tracker_uuid = request.form.get('tracker_uuid', None)
+        date_from = request.form.get('date_from')
+        date_to = request.form.get('date_to')
+        for obj_type in Tracker.get_objects_tracked():
+            new_filter = request.form.get(f'{obj_type}_obj')
+            if new_filter:
+                filter_obj_types.append(obj_type)
+        if sorted(filter_obj_types) == Tracker.get_objects_tracked():
+            filter_obj_types = []
+    else:
+        tracker_uuid = request.args.get('uuid', None)
+        date_from = request.args.get('date_from')
+        date_to = request.args.get('date_to')
+
     res = Tracker.api_check_tracker_acl(tracker_uuid, user_org, user_id, user_role, 'view')
     if res:  # invalid access
         return Response(json.dumps(res[0], indent=2, sort_keys=True), mimetype='application/json'), res[1]
 
-    date_from = request.args.get('date_from')
-    date_to = request.args.get('date_to')
-
     if date_from:
         date_from = date_from.replace('-', '')
     if date_to:
@@ -190,7 +203,7 @@ def show_tracker():
 
     if date_from:
         date_from, date_to = Date.sanitise_daterange(date_from, date_to)
-        objs = tracker.get_objs_by_daterange(date_from, date_to)
+        objs = tracker.get_objs_by_daterange(date_from, date_to, filter_obj_types)
         meta['objs'] = ail_objects.get_objects_meta(objs, options={'last_full_date'}, flask_context=True)
     else:
         date_from = ''
@@ -204,9 +217,10 @@ def show_tracker():
         meta['filters'] = json.dumps(meta['filters'], indent=4)
 
     return render_template("tracker_show.html", meta=meta,
-                           rule_content=yara_rule_content,
-                           typo_squatting=typo_squatting,
-                           bootstrap_label=bootstrap_label)
+                            rule_content=yara_rule_content,
+                            typo_squatting=typo_squatting,
+                            filter_obj_types=filter_obj_types,
+                            bootstrap_label=bootstrap_label)
 
 def parse_add_edit_request(request_form):
     to_track = request_form.get("tracker")

var/www/templates/hunter/tracker_show.html

@@ -223,40 +223,83 @@ <h5 class="mb-0">Yara Rule:</h5>
                         </p>
                     {% endif %}
 
-                    <div class="card mb-5 mt-1">
-                        <div class="card-body">
-
-                            <div class="row mb-3">
-                                <div class="col-md-6">
-                                    <div class="input-group" id="date-range-from">
-                                        <div class="input-group-prepend"><span class="input-group-text"><i
-                                                class="far fa-calendar-alt" aria-hidden="true"></i></span></div>
-                                        <input class="form-control" id="date-range-from-input" placeholder="yyyy-mm-dd"
-                                               name="date_from" autocomplete="off"
-                                               {% if meta['date_from'] %}value="{{ meta['date_from'][0:4] }}-{{ meta['date_from'][4:6] }}-{{ meta['date_from'][6:8] }}"
-                                               {% elif meta['first_seen'] %}value="{{ meta['first_seen'][0:4] }}-{{ meta['first_seen'][4:6] }}-{{ meta['first_seen'][6:8] }}"
-                                               {% endif %}>
+                    <form action="{{ url_for('hunters.show_tracker') }}" method='post'>
+                        <input id="tracker_uuid" name="tracker_uuid" class="form-control" type="text" value="{{ meta['uuid'] }}" hidden>
+
+                        <div class="card mb-5 mt-1">
+                            <div class="card-body">
+
+                                <div class="row mb-3">
+                                    <div class="col-md-6">
+                                        <div class="input-group" id="date-range-from">
+                                            <div class="input-group-prepend"><span class="input-group-text"><i
+                                                    class="far fa-calendar-alt" aria-hidden="true"></i></span></div>
+                                            <input class="form-control" id="date-range-from-input" placeholder="yyyy-mm-dd"
+                                                   name="date_from" autocomplete="off"
+                                                   {% if meta['date_from'] %}value="{{ meta['date_from'][0:4] }}-{{ meta['date_from'][4:6] }}-{{ meta['date_from'][6:8] }}"
+                                                   {% elif meta['first_seen'] %}value="{{ meta['first_seen'][0:4] }}-{{ meta['first_seen'][4:6] }}-{{ meta['first_seen'][6:8] }}"
+                                                   {% endif %}>
+                                        </div>
+                                    </div>
+                                    <div class="col-md-6">
+                                        <div class="input-group" id="date-range-to">
+                                            <div class="input-group-prepend"><span class="input-group-text"><i
+                                                    class="far fa-calendar-alt" aria-hidden="true"></i></span></div>
+                                            <input class="form-control" id="date-range-to-input" placeholder="yyyy-mm-dd"
+                                                   name="date_to" autocomplete="off"
+                                                   {% if meta['date_to'] %}value="{{ meta['date_to'][0:4] }}-{{ meta['date_to'][4:6] }}-{{ meta['date_to'][6:8] }}"
+                                                   {% elif meta['last_seen'] %}value="{{ meta['last_seen'][0:4] }}-{{ meta['last_seen'][4:6] }}-{{ meta['last_seen'][6:8] }}"
+                                                   {% endif %}>
+                                        </div>
                                     </div>
                                 </div>
-                                <div class="col-md-6">
-                                    <div class="input-group" id="date-range-to">
-                                        <div class="input-group-prepend"><span class="input-group-text"><i
-                                                class="far fa-calendar-alt" aria-hidden="true"></i></span></div>
-                                        <input class="form-control" id="date-range-to-input" placeholder="yyyy-mm-dd"
-                                               name="date_to" autocomplete="off"
-                                               {% if meta['date_to'] %}value="{{ meta['date_to'][0:4] }}-{{ meta['date_to'][4:6] }}-{{ meta['date_to'][6:8] }}"
-                                               {% elif meta['last_seen'] %}value="{{ meta['last_seen'][0:4] }}-{{ meta['last_seen'][4:6] }}-{{ meta['last_seen'][6:8] }}"
-                                               {% endif %}>
+                                <h5>Filter Objects:</h5>
+                                <div class="row">
+                                    <div class="col-lg-6">
+                                        <div class="custom-control custom-switch mt-1">
+                                            <input class="custom-control-input" type="checkbox" name="decoded_obj" id="decoded_obj" {% if 'decoded' in filter_obj_types or filter_obj_types|length == 0 %}checked=""{% endif %}>
+                                            <label class="custom-control-label" for="decoded_obj"><i class="fas fa-lock-open"></i>&nbsp;Decoded <i class="fas fa-info-circle text-info" data-toggle="tooltip" data-placement="right" title="Content that has been decoded from an encoded format, such as base64"></i></label>
+                                        </div>
+                                        <div class="custom-control custom-switch mt-1">
+                                            <input class="custom-control-input" type="checkbox" name="item_obj" id="item_obj" {% if 'item' in filter_obj_types or filter_obj_types|length == 0 %}checked=""{% endif %}>
+                                                <label class="custom-control-label" for="item_obj"><i class="fas fa-file"></i>&nbsp;Item <i class="fas fa-info-circle text-info" data-toggle="tooltip" data-placement="right" title="Text that has been processed by AIL. It can include various types of extracted information"></i></label>
+                                        </div>
+                                        <div class="custom-control custom-switch mt-1">
+                                            <input class="custom-control-input" type="checkbox" name="pgp_obj" id="pgp_obj" {% if 'pgp' in filter_obj_types or filter_obj_types|length == 0 %}checked=""{% endif %}>
+                                            <label class="custom-control-label" for="pgp_obj"><i class="fas fa-key"></i>&nbsp;PGP <i class="fas fa-info-circle text-info" data-toggle="tooltip" data-placement="right" title="PGP key/block metadata"></i></label>
+                                        </div>
+                                        <div class="custom-control custom-switch mt-1">
+                                            <input class="custom-control-input" type="checkbox" name="title_obj" id="title_obj" {% if 'title' in filter_obj_types or filter_obj_types|length == 0 %}checked=""{% endif %}>
+                                            <label class="custom-control-label" for="title_obj"><i class="fas fa-heading"></i>&nbsp;Title <i class="fas fa-info-circle text-info" data-toggle="tooltip" data-placement="right" title="Title that has been extracted from a HTML page"></i></label>
+                                        </div>
+                                    </div>
+                                    <div class="col-lg-6">
+                                        <div class="custom-control custom-switch mt-1">
+                                            <input class="custom-control-input" type="checkbox" name="message_obj" id="message_obj" {% if 'message' in filter_obj_types or filter_obj_types|length == 0 %}checked=""{% endif %}>
+                                            <label class="custom-control-label" for="message_obj"><i class="fas fa-comment-dots"></i>&nbsp;Message <i class="fas fa-info-circle text-info" data-toggle="tooltip" data-placement="right" title="Messages from Chats"></i></label>
+                                        </div>
+                                        <div class="custom-control custom-switch mt-1">
+                                            <input class="custom-control-input" type="checkbox" name="ocr_obj" id="ocr_obj" {% if 'ocr' in filter_obj_types or filter_obj_types|length == 0 %}checked=""{% endif %}>
+                                            <label class="custom-control-label" for="ocr_obj"><i class="fas fa-expand"></i>&nbsp;OCR <i class="fas fa-info-circle text-info" data-toggle="tooltip" data-placement="right" title="Text extracted from Images"></i></label>
+                                        </div>
+                                        <div class="custom-control custom-switch mt-1">
+                                            <input class="custom-control-input" type="checkbox" name="barcode_obj" id="barcode_obj" {% if 'barcode' in filter_obj_types or filter_obj_types|length == 0 %}checked=""{% endif %}>
+                                            <label class="custom-control-label" for="barcode_obj"><i class="fas fa-barcode"></i>&nbsp;Barcode <i class="fas fa-info-circle text-info" data-toggle="tooltip" data-placement="right" title="Qcodes Extracted from Images ans Screenshots"></i></label>
+                                        </div>
+                                        <div class="custom-control custom-switch mt-1">
+                                            <input class="custom-control-input" type="checkbox" name="qrcode_obj" id="qrcode_obj" {% if 'qrcode' in filter_obj_types or filter_obj_types|length == 0 %}checked=""{% endif %}>
+                                            <label class="custom-control-label" for="qrcode_obj"><i class="fas fa-qrcode"></i>&nbsp;Qrcode <i class="fas fa-info-circle text-info" data-toggle="tooltip" data-placement="right" title="Qcodes Extracted from Images ans Screenshots"></i></label>
+                                        </div>
                                     </div>
                                 </div>
-                            </div>
 
-                            <button class="btn btn-info" type="button" id="button-search-tags" onclick="getItems();">
-                                <i class="fas fa-search"></i> Tracked Objects
-                            </button>
+                                <button class="btn btn-info mt-2">
+                                    <i class="fas fa-search"></i> Tracked Objects
+                                </button>
 
+                            </div>
                         </div>
-                    </div>
+                    </form>
 
                 </div>
             </div>

var/www/templates/settings/menu_sidebar.html

@@ -17,29 +17,31 @@ <h5 class="d-flex text-muted w-100" id="nav_server">
       	      </a>
       	    </li>
           </ul>
-          <h5 class="d-flex text-muted w-100" id="nav_sync">
-      		  <span>AIL SYNC</span>
-      		</h5>
-          <ul class="nav flex-md-column flex-row navbar-nav justify-content-between w-100"> <!--nav-pills-->
-            <li class="nav-item">
-      	      <a class="nav-link" href="{{url_for('ail_2_ail_sync.ail_2_ail_dashboard')}}" id="nav_ail_sync">
-      	        <img src="{{ url_for('static', filename='image/ail.png')}}" alt="AIL servers" style="width:25px;">
-      	        <span>AIL SYNC</span>
-      	      </a>
-      	    </li>
-            <li class="nav-item">
-              <a class="nav-link" href="{{url_for('ail_2_ail_sync.ail_servers')}}" id="nav_ail_servers">
-                <i class="fas fa-server"></i>
-                <span>Servers</span>
-              </a>
-            </li>
-            <li class="nav-item">
-             <a class="nav-link" href="{{url_for('ail_2_ail_sync.sync_queues')}}" id="navsync_queues">
-               <i class="fas fa-stream"></i>
-               <span>Sync queues</span>
-             </a>
-           </li>
-          </ul>
+          {% if acl_admin %}
+              <h5 class="d-flex text-muted w-100" id="nav_sync">
+                  <span>AIL SYNC</span>
+                </h5>
+              <ul class="nav flex-md-column flex-row navbar-nav justify-content-between w-100"> <!--nav-pills-->
+                <li class="nav-item">
+                  <a class="nav-link" href="{{url_for('ail_2_ail_sync.ail_2_ail_dashboard')}}" id="nav_ail_sync">
+                    <img src="{{ url_for('static', filename='image/ail.png')}}" alt="AIL servers" style="width:25px;">
+                    <span>AIL SYNC</span>
+                  </a>
+                </li>
+                <li class="nav-item">
+                  <a class="nav-link" href="{{url_for('ail_2_ail_sync.ail_servers')}}" id="nav_ail_servers">
+                    <i class="fas fa-server"></i>
+                    <span>Servers</span>
+                  </a>
+                </li>
+                <li class="nav-item">
+                 <a class="nav-link" href="{{url_for('ail_2_ail_sync.sync_queues')}}" id="navsync_queues">
+                   <i class="fas fa-stream"></i>
+                   <span>Sync queues</span>
+                 </a>
+               </li>
+              </ul>
+          {% endif %}
           <h5 class="d-flex text-muted w-100" id="nav_settings">
       		  <span>Settings</span>
       		</h5>