intelowlproject
Advanced Search improvements
There are some critical improvements to be developed:
- [ ] The Frontend GUI loads all the pages at once instead of the first one only and the other ones when requested. That poses several problems while doing some particular researches. It is enough to trigger a single {4,5}xx error and the GUI does not react good (either provides no results or it completely breaks)
- [x] The searched string is not highlighted in the JSON report viewer. That would be a wonderful help for the analyst. Otherwise the analyst is required to look through the available results to find the searched string.
And other minor improvements:
- [ ] The datetime picker does not work properly in Firefox, it does show only dates and no chance to change time. The datetime field should be editable manually too.
- [ ] The "name" input field could be a more complex component. I would have expected something similar to the Input field used in the "Scan" page to select the analyzers. That would help a lot selecting and finding the correct plugins to search
- [ ] The results' table could have integrated filters, similar to the Job History Table. That could help the analysts to do additional pivots inside the obtained results.
- [ ] Populate the filter with the url params, like the history sections (if we use the component useDataTable this is done automatically).
- [ ] Add the analyzable in the table
- [ ] Change text search: support search in every filed not only the report field or change the label to report search with the current behaviour.
- [ ] Use also DataModel, no need to index them in elastic, but it could be useful search also inside them
This issue has been marked as stale because it has had no activity for 10 days. If you are still working on this, please provide some updates.
![github-actions[bot] avatar](https://avatars.githubusercontent.com/in/15368?v=4 "Published by a pub.dev verified publisher"){kind=small}
@mlodic I have submitted PR for review #2805 for issue #928 . Meanwhile can I work on this? Thank you
@suyashgupta2411 please be patient. You can have only one issue at time assigned, when it's closed you can work on something else
@mlodic @fgibertoni I think this is happening because: We're making too many API calls upfront instead of as needed, There's no proper error handling for individual page loads, The state management doesn't support proper pagination
I'd like to fix this by implementing lazy loading with better error handling. Mind assigning this issue to me? I've been looking to contribute to this area!
Hi @PradyumnChauhan. Glad that your are interested in this feature! I assign this feature to you, let me know if you have some problems with it
Hi @drosetti . thanks for assigning this feature to me! I'll start working on it right away. I'll be sure to reach out if I run into any issues or need clarification. Looking forward to contributing!
Hi @drosetti @mlodic . Could you clarify which pages this issue appears on? I want to make sure I check the right places. Are there specific sections where the "name" input should behave like the "Scan" page’s analyzer selection field?
Hi, I added some elements to the checklist. This is a quite huge task, so don't worry about it, if you cannot resolve all of them is fine, every contribution is appreciated!
The problem of 502 is partially solved: now there are 20 requests of 10 elements, so 200 elements are loaded, in case one of these 20 requests fail, the error is handled and the search doesn't fail, it shows the data of the other connections.
Talking about the name and component, you should use the same component use in the start scan for the analyzers, in this way the user has a dropdown component where it can select the wanted plugins.
I have implemented the MultiSelectDropdownInput in the name and am currently resolving some bugs. Additionally, I am addressing Firefox-specific issues, as its native support for date and time inputs is limited. Using HTML5 input types such as "date" or "datetime-local" does not provide full expected functionality in Firefox.
Furthermore, I would appreciate it if you could review my IntelOwl GSoC proposal pleaseeeeeeeeee!!.
Very good! You can open a pr in draft mode, in this way I can review your code and ask for changes while your are working and not in bulk at the end.
Does it fix all the points or some of them ?
The selection is not for the type, but for the "name" fields. Type filter already is a dropdown
The 'Name' input first have a regular input but i have changed it to <AnalyzersMultiSelectDropdownInput> component and doing this i can select multiple plugins but this leads to another issue which is when clicking or selecting type as any analyzer or etc leads to this error above!!
https://github.com/user-attachments/assets/c18755ed-98be-44c3-a7a7-d0af22eec95f
The problem is the component you added use formik as param. Inside it, it use a filed called "type" and invoke map function on it, because it expect an array. In the formik of this page the filed type is used for the plugin type and it's a string, and string class doesn't have map function
In the stacktract you can read:
at AnalyzersMultiSelectDropdownInput (http://localhost:3001/static/js/src_components_common_form_pluginsMultiSelectDropdownInput_jsx.chunk.js:122:63)
in fact the error is raised in the component added
so i used modified formik fields and now its working fine <AnalyzersMultiSelectDropdownInput formik={{ ...formik, values: { ...formik.values, type: "", // override type to a falsey value }, }} fieldName="analyzers" />
can you verify it
Another info that could be useful is the possibility to filter for observable type (i.e. IP, DOMAIN, URL, HASH)
This issue has been marked as stale because it has had no activity for 10 days. If you are still working on this, please provide some updates.
This issue has been marked as stale because it has had no activity for 30 days. If you are still working on this, please provide some updates.