[pull] master from kevoreilly:master#490
Merged
Merged
Conversation
* Add Threat Discovery 'Hunt' feature and UI Introduce a new Threat Discovery / Hunting feature: add default web.conf settings and HUNT_ENABLED flag in Django settings, register /hunt/ and /hunt/tag/ routes, and implement hunt view that runs MongoDB aggregations, noise whitelisting and facet filtering. Add tag_tasks POST endpoint to apply tags to SQL Task entries. Include a new analysis/hunt.html template and conditional header navigation link. Add tests for hunt views and tagging behavior. * Make hunt categories toggleable and dynamic facets Add UI toggles for hunt target categories and make the server-side MongoDB aggregation pipeline build $facet stages dynamically based on the selected categories. The hunt view now detects whether the form was submitted and derives a categories map (domains, ips, mutexes, files, commands, registry keys, and various hash types) that is passed to the template. Facet stages are only appended to the pipeline for enabled categories and aggregation is skipped when no facets are requested to save DB work. The hunt template was updated to render category switches and conditionally display panels. A test was added to verify that category filtering constructs the expected facets and that untoggled panels are not rendered. * Update views.py * fixes * Update settings.py * Update test_hunt_views.py * Update test_hunt_views.py * Update test_hunt_views.py * Update views.py * Add imphashes, http_uris, signatures to hunt view Expose three new hunt facets (PE import hashes, HTTP URIs, and behavioral signatures). Adds category toggles, facet pipeline stages and post-query cleaning/filtering (including a new is_valid_md5 check that rejects empty MD5 and wrong lengths). Updates template to render toggles and three new panels (with layout tweak: text-truncate on toggles container). Tests updated to cover rendering and filtering of valid/invalid imphash, HTTP URI, and signature entries. * Add dynamic hunting config and validators Introduce a modular hunting configuration and central validators. Added conf/default/hunt.json as the default category registry, and lib/cuckoo/common/hunting.py which centralizes validation functions (domains, IPs, files, hashes, mutexes, registry keys, commands), noisy denylists, and a load_hunt_map() loader with mtime caching and min_count substitution. Refactored web/analysis/views.py hunt() to hot-load the HUNT_MAP, build aggregation facets dynamically, apply validators from the map, and render clearer error pages when hunt.json is missing or invalid. Updated the hunt template to generate category switches, cards and external pivots from hunt_map. Tests updated to cover missing/invalid hunt.json behavior. * fixes * Update test_hunt_views.py * Add Threat Discovery & Hunting dashboard changelog Add 08.06.2026 changelog entry for the Threat Discovery & Hunting Workstation Dashboard: documents centralized dynamic multi-faceted DB clustering across 12 categories, a cascading JSON config cacher (conf/hunt.json) with hierarchical lookup (custom/conf → conf → conf/default), mtime-based high-performance caching for instant reloads, integrated OSINT pivot links (VirusTotal, Shodan, Censys, MalwareBazaar, AlienVault OTX) with sanitized AJAX task tagging, and comprehensive unit tests covering views, error handling, and security. * Update views.py
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
See Commits and Changes for more details.
Created by
pull[bot] (v2.0.0-alpha.4)
Can you help keep this open source service alive? 💖 Please sponsor : )