-
Notifications
You must be signed in to change notification settings - Fork 18
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add Capture True filter to FileRecon DB / Add Captured column to SMTP Table #42
Add Capture True filter to FileRecon DB / Add Captured column to SMTP Table #42
Conversation
File Recon is now filtered on Captured True and Attach True
Conflicts: resources/dashboards/File-Reconstruction-Dashboard.json resources/dashboards/SMTP-Trends-Dashboard.json resources/searches/SMTP-Table.json
"hits": 0, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I don't see any substantive changes in this file.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Nice word choice
👍 |
"description": "", | ||
"title": "SMTP Trends Dashboard", | ||
"panelsJSON": "[{\"id\":\"Top-10-Email-Senders\",\"type\":\"visualization\",\"size_x\":3,\"size_y\":3,\"col\":7,\"row\":1},{\"id\":\"Top-10-Email-Subjects\",\"type\":\"visualization\",\"size_x\":3,\"size_y\":3,\"col\":7,\"row\":4},{\"id\":\"Top-10-Email-Sender-Domains\",\"type\":\"visualization\",\"size_x\":3,\"size_y\":3,\"col\":10,\"row\":4},{\"id\":\"Top-10-Attachment-Types-By-Count\",\"type\":\"visualization\",\"size_x\":3,\"size_y\":3,\"col\":10,\"row\":1},{\"id\":\"Sessions-Over-Time\",\"type\":\"visualization\",\"size_x\":6,\"size_y\":6,\"col\":1,\"row\":1},{\"id\":\"SMTP-Table\",\"type\":\"search\",\"size_x\":12,\"size_y\":5,\"col\":1,\"row\":7,\"columns\":[\"Attach\",\"Captured\",\"SenderEmail\",\"ReceiverEmail\",\"Subject\",\"TotalBytes\"],\"sort\":[\"TimeUpdated\",\"desc\"]}]", |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@john-gress and other reviewers, this DB is needed. If you look towards the bottom of this line, the STMP-Table
's columns have been updated to include Captured
, whereas the old DB doesn't.
👍 |
Update to Amanda's PR after talking with Rob
The mismatched formatting and order of keys is because I used the new export script to generate the files. The python dictionary that they are printed from has no ordering of keys, so the key/value pairs are in a different order. This makes no difference for ES insertion.
I will look into how the script could sort the keys in the future.