Lookyloo
[Feature]: Add Title/Description Field into LookyLoo
Feature Request: Add Title/Description Field into LookyLoo
It would be beneficial to add a new field, such as "Title" or "Description," in the database to enhance the tracking and organization of URLs being analyzed. This would provide better context for the URLs and can be quickly used to find a case.
Describe the solution you'd like
Proposed Solution
- Title/Description Field: Introduce a new field in the database (either "title" or "description") to categorize the URLs being analyzed.
- Capture Page Input: This field should be available on the URL/multi-URL capture page, where users can input a descriptive title before submitting the URL(s) for analysis.
- List View Display: The title/description should be displayed in the list view, allowing users to quickly identify and manage analyzed URLs based on this information. Organize the captured URLs into groups based on title if multiple capture is used.
- MISP Event Integration: The title could also be used to populate the event info field when creating a MISP event, improving event clarity and management.
- Modify Title/Description Field: If the user decides to change the title after the capture is completed, create a page which allows the users to modify the title/description.
Benefits
- Better tracking and organization of analyzed URLs.
- Easier management and navigation within the list view.
- Improved MISP event creation by automatically filling in the event info field with the provided title/description.
Describe alternatives you've considered
No response
Additional context
This addition would streamline workflow and provide a clearer, more organized overview of analyzed URLs.
Thank you for the detailed feature request, I'll work on it over time, probably starting from the categorization, which is already there but only accessible to the admins. The first step will probably be to expose the categorization to all, and manually validate them after the fact (we cannot expect people to categorize the captures properly on the public instance). This capture category can then be attached to the MISP event as a tag.
The title/description part is a bit more tricky as it is free text, and much more prone to issues/typos. This one will probably not be exposed to the non-admins any time soon.
Then, I'm not sure what you mean by Capture page input. Is it simply to add a free text field on the capture page so the user can already classify a capture before submitting it? This one is a bit tricky as the capture may do unexpected things and then the title will be incorrect.
By capture page input i mean this page:
I don't want to overwrite the captured page title.
Is it simply to add a free text field on the capture page so the user can already classify a capture before submitting it? yes.
By providing a free text field in this page, users can give more context for the URLs before submitting them.
For example, if during a fraud campaign analysis there are multiple URLs based on DHL theme, analysts can add a quick title like Fraud campaign targeting DHL users. This would be very helpful.
I'm using the self hosted version of lookyloo, and having this feature only for admin is okay for me.
Alright, makes sense, especially when you submit a bunch of URLs, having them pre-tagged would be good.
@danieleperera: Quick update on that: it is now possible to categorize captures using (for now) one MISP Taxonomy, and it is only doable after the capture is done and from the UI. But that was a required step for your request.
I want to avoid the free text option as long as possible because it's going to make sharing the categories/tags a complete nightmare. We probably need to come up with a better taxonomy than the one we're using right now (dark-web) but it doesn't exists yet. If you already have one you can share, that would be a good starting point.