IntelOwl icon indicating copy to clipboard operation
IntelOwl copied to clipboard
verified publisher icon intelowlproject

Pivot Framework: Frontend and Docs

Open mlodic opened this issue 2 years ago • 2 comments

Right now the new Pivot framework introduces with the v5.1.0 is available in the backend only.

We need to define requirements for the frontend and, at the end, update the documentation regarding this new feature.

mlodic avatar Aug 30 '23 13:08 mlodic

Any specific directions you think on how the front end should be implemented?

g4ze avatar Jan 06 '24 08:01 g4ze

It is something that requires some design which has not been done yet.

The pivot framework allows to create a job from another one. I would like to give to the users the chance to do that from the GUI in the Job Report.

Right now there are 2 basic Pivots that can be extended to create your own pivot (the logic for which the new analysis will be created). However the can be used already and they work in this way:

  • "Compare" pivot: the user can select a field extracted from the Job Report and analyze its value.
  • "Self Analyzable" pivot: the user want to analyze the same observable/file that he has just analyzed. In both cases, the users should be able to select the playbook to execute in the new job. The difference between the two is that, in the first case, the user would need to select the field to analyze.

So basically, somewhere in the Job Result page we would need a button which opens a model where we can select the Playbook and whether you want to analyze a field of the results or the same observable you have analyzed. Then with another button, to trigger the new analysis.

If you would like, you could try to make an hypothesis of what you would like to achieve and propose it here.

mlodic avatar Jan 08 '24 09:01 mlodic

https://github.com/intelowlproject/IntelOwl/pull/2239

carellamartina avatar Apr 04 '24 14:04 carellamartina