mquery
mquery copied to clipboard
CERT-Polska
[META] Results view improvements
Description Right now, results view is pretty basic. Since it's one of the most important views in the system, we should work on improving it
Required Features
- [x] #78 Filter query results based on rule-name
- [ ] #38 Show matched strings
- [x] #81 Bugfix for query updater
- [x] #64 Show query duration
- [x] #37 Display number of results immediately (both here and in /recent)
- [x] #34 Add a copy button for all hashes, and for every single hash
- [x] #16 Display hash values along with samples
We should also consider making the query-view and results-view separate subpages (querying and looking at the results are different use-cases)
Copying this nice writeup by @ITAYC0HEN here (source: https://github.com/CERT-Polska/mquery/issues/78#issuecomment-612114150):
Absolutely. I agree. I think it should be carefully planned, even discussing with a UX personnel or at least an experienced front-end dev.
Keep this in mind:
- How should mquery used in your opinion
- Should it used mostly via API or from the website
- Should it be used for hunting? For testing?
- How familiar is the user with the dataset?
- The table can be expanded with more metadata about the samples
- Hash(es), mime type, size, VT detection rate, MWDB link
- Is it the desired outcome at all? Or do you want it to only be limited to hash+matched rule(s)
- How useful is the query textarea after a query is executed? should it be collapsed maybe, to free more screen space? Can be un-collapsed upon demand
- Should you even invest time in MQuery's front end? Maybe it can be narrowed to a simple one, as it is now, and let MWDB integration provide the rich tables, the filtering, the metadata (hashes, mime types, size, more labels)