iris-web

iris-web copied to clipboard

Two changes for better reports in IRIS.

CaseEvents

To have only the Show in summary timeline events in a report, this field is needed there to filter for it. We use this for example to show the most important Events below the management summary.

Images in Docx-Reports

Since DFIR-IRIS has a datastore where images can be attached, we need them also as evidence or whatever in our reports for the customer. For this I have implemented an ImageHandler in the docx-generator ( https://github.com/dfir-iris/docx-generator/pull/1 ) and the counterpart here to copy and append images from the datastore

Thanks for your work! Lukas

There is an issue with the links created when pasting images in notes/summary, or when using links created by Markdown link on the datastore of IRIS.
These links are created like this :

![image.png](/datastore/view/<ID>?cid=<CID> =<scale>)

These are not detected as proper images link due to the scale part. As far as I understand this is coming from the used module mistletoe. A dirty patch would be to add a sanitation before handing off the markdown to the Docx Reporter.

markdown = re.sub(r'(datastore\/file\/view\/\d+\?cid=\d+)( =[0-9A-z%]*)\)', r"\1)", markdown)

We'll probably add this after the merge unless you see something more elegant.