Strelka UI App, Improving Node Edge Readability, Encryption, and More

Overview

This pull request introduces several improvements to the Strelka UI App, focusing on enhancing the readability of node edges, ensuring accurate mimetype/YARA flavor representation, and providing better feedback for encryption handling. These changes aim to improve the visual clarity, usability, and overall functionality of the graph visualization and related components.

Key Changes

Running Strelka UI Backend as a Package

• Improved Project Structure: The backend now runs as a package, providing a more elegant structure and execution method for the project.
• Enhanced Metadata: Introduced more structured client metadata into Strelka events to improve the trackability of requests.

Encryption Status Indicators

• Decryption Success/Failure Check: Added checks for signs of decryption success or failure in the seven_zip, rar, and encrypted_zip scanners.
• Visual Indicators: Applied icons and tooltips to indicate the decryption status, providing immediate feedback to users.

Mimetype/YARA Accuracy

• Comprehensive Representation: Refactored handling to ensure accurate representation of all mimetypes and YARA hits associated with a file, rather than just the first entry.

Edge Styling Enhancements

• Conditional Styling: Introduced conditional styling for edges based on node relationships and highlighting states.
• Interactive Highlights: Highlights the parent and child line, as well as the node currently being hovered over, improving visual clarity.

Scan Source Edge Addition

• Source Scan Information: Added information about the source scan for a given parent-child relationship, allowing users to see which scanner resulted in the creation of the child node.

Tooltips for Checkboxes

• Descriptive Tooltips: Wrapped each checkbox with a Tooltip component to provide descriptions when hovering over the checkbox, enhancing user understanding.

Human Readable Text Option

• Toggle View: Provided users with the ability to toggle between a human-readable form and the array form for string_text, assuming string_text is collected.

Encryption Cards

• Added cards for ScanSevenZip, ScanRar, ScanZip, and ScanEncryptedZip

These enhancements collectively improve the usability and clarity of the Strelka UI App, providing users with better visual feedback and more accurate information about file submissions and their processing.

VT Augment + View Refactor

Summary

This release introduces several enhancements to the Strelka UI, including VirusTotal Augment integration, improved file analysis UX, a filterable IOC display, and more intuitive navigation.

Dashboard & Analysis Pages:

Added VirusTotal Augment
If a Premium VirusTotal key is provided, users gain access to VirusTotal Augment functionality for submitted and scanned files. This enhancement provides direct access to the latest VirusTotal data and file relationships. As Strelka UI only stores the VirusTotal data at time of submission, this will provide a more accurate read on the file.

Prevent Non-Premium VT Key Usage
Users without a Premium VirusTotal key can no longer access VirusTotal-related features on both the dashboard and analysis pages. This will prevent confusion / errors.

Analysis Page Enhancements:

Filterable IOC Display
All potential IOCs from file submissions are now displayed in a unique and filterable box on the left side of the analysis page, allowing users to quickly identify and filter files based on IOCs.

ScanXml Card
Added a ScanXml card displaying details from the XML scanner, including extracted tags and content.

Improved ScanIoc File Pagination
Fixed the IOC pagination table to correctly adjust table size based on content.

Raw JSON View Filtering
Users can now filter the Raw JSON View card based on a string, quickly highlighting matches for that filter.

General UX Improvements:

File Details Drawer
File details have been moved to a drawer that pops up when clicking a file, improving UX by providing immediate access to file details without needing to scroll.

Toggle Expand/Collapse Button
Added a button on file analysis cards to toggle between showing all or hiding all details, improving readability and user control.

Enhanced Filter Functionality
Updated left-hand filter functionality to visually indicate when a filter is applied, enhancing user understanding and interaction.

Limited File Display
Implemented a feature to limit the total files/highlights shown, with an option for users to load 10 more files at a time, preventing overwhelming displays in submissions with numerous files.

Dark Mode (Beta)
Lets user toggle and persist dark mode. May include visual artifacts / bugs.

Testing and Validation

Each feature has been tested on several samples to ensure functionality works. Although, bugs may occur because there's so many variations. Let me know please.

Fix for Missing VirusTotal Key

Full Changelog: v2.191...v2.192

Fix for Missing VirusTotal Key

Full Changelog: v2.19...v2.191

Unencrypted VirusTotal Support

What's Changed

• Adding Unencrypted VT Submission Support by @phutelmyer in #79
• Bump black from 21.12b0 to 24.3.0 in /app by @dependabot in #76

Full Changelog: v2.18...v2.19

Dependency Updates

Merge pull request #75 from target/dependency-updates

Updating UI and Backend Dependencies

TLSH Support

Merge pull request #73 from target/tlsh-update

Adding TLSH Card

QR Card Support and Update

This PR makes changes to the QR code functionality of the File View portion of the UI.

• Adds a marker / tag icon to a node that includes a QR code. This will allow users to quickly identify which images have a QR code in them.
• Blurs QR code images by default. Users can override and accept potential security risk.
• Adds a basic, filterable, QR code section so users do not need to review the JSON
• IOCs support QR data domain extraction now
• Quick change to the IOC header to not report if "0 More" iocs are available

Email Card, Submission Method Indicators, and Other Updates

This pull request introduces several enhancements to the Strelka UI:

Image Hover Functionality
Adds Hover over functionality on Flow nodes that include image thumbnails

Email Card
Added a new card that shows Email contents (and image if enabled).

Submitted Type Indicator:
Added a new field called submitted_type to submissions, which denotes the method used for submission, whether it's through the UI/API or via VirusTotal integration.

Submission Table Enhancement:
Added an image icon in the submission table to visually represent the submission type (UI/API or VirusTotal) for each entry. This provides users with a quick way to identify the submission method at a glance.

VirusTotal Submission Improvements:
If the submitted_type for a submission is marked as "VirusTotal," the pull request includes logic to hide the zip file details. This improves the user experience by not displaying unnecessary information for VirusTotal submissions.

VirusTotal Uploader Form Update:
Updated the VirusTotal uploader form to allow users to submit a MD5, SHA1, or SHA256 hash for submission. Prior to this, users were told to use SHA256.

Bug Fixes + VB Card

v2.13

Update CHANGELOG.md