Adding a completed manual flow to a hunt. (Velocidex#1182)

It is now possible to add an unrelated flow to a hunt. This helps in the case where the original flow in the hunt timed out. The user then can re-run the hunt manually possibly increasing timeout. Then they can simply click the add flow to hunt button in the UI to add the flow to an existing time. Additionally, the upload function accepts all 4 timestamps for a file. Depending on the uploader these may be used or just recorded. In the case of the file uploader, the filesystem timestamps will be reset to reflect these times if possible. This allows us to create the Windows.KapeFiles.Extract artifact to extract the container files recreating timestamps.
bvhuntcontent · Aug 9, 2021 · c89b706 · c89b706
1 parent c932f8c
commit c89b706
Show file tree

Hide file tree

Showing 60 changed files with 1,133 additions and 383 deletions.
diff --git a/acls/proto/acl.pb.go b/acls/proto/acl.pb.go
diff --git a/actions/proto/transport.pb.go b/actions/proto/transport.pb.go
diff --git a/actions/proto/transport.proto b/actions/proto/transport.proto
@@ -55,6 +55,9 @@ message FileBuffer {
     Index index = 6;
 
     int64 mtime = 10;
+    int64 atime = 11;
+    int64 ctime = 12;
+    int64 btime = 13;
 }
 
 message ForemanCheckin {

diff --git a/actions/proto/vql.pb.go b/actions/proto/vql.pb.go
diff --git a/api/proto/api.pb.go b/api/proto/api.pb.go
diff --git a/api/proto/api.pb.gw.go b/api/proto/api.pb.gw.go
diff --git a/api/proto/artifacts.pb.go b/api/proto/artifacts.pb.go
diff --git a/api/proto/clients.pb.go b/api/proto/clients.pb.go
diff --git a/api/proto/completions.pb.go b/api/proto/completions.pb.go
diff --git a/api/proto/csv.pb.go b/api/proto/csv.pb.go
diff --git a/api/proto/download.pb.go b/api/proto/download.pb.go
diff --git a/api/proto/flows.pb.go b/api/proto/flows.pb.go