19 package org.sleuthkit.autopsy.centralrepository.eventlisteners;
21 import java.beans.PropertyChangeEvent;
22 import java.beans.PropertyChangeListener;
23 import static java.lang.Boolean.FALSE;
24 import java.util.ArrayList;
25 import java.util.Collection;
26 import java.util.LinkedHashSet;
27 import java.util.List;
28 import java.util.logging.Level;
29 import java.util.stream.Collectors;
30 import org.openide.util.NbBundle;
54 final Collection<String> addedCeArtifactTrackerSet =
new LinkedHashSet<>();
81 ceModuleInstanceCount++;
90 ceModuleInstanceCount--;
98 synchronized static void resetCeModuleInstanceCount() {
99 ceModuleInstanceCount = 0;
121 LOGGER.log(Level.SEVERE,
"Failed to connect to Central Repository database.", ex);
130 Collection<BlackboardArtifact> bbArtifacts = mde.
getArtifacts();
131 if (null == bbArtifacts) {
134 List<CorrelationAttribute> eamArtifacts =
new ArrayList<>();
136 for (BlackboardArtifact bbArtifact : bbArtifacts) {
142 if (addedCeArtifactTrackerSet.add(eamArtifact.toString())) {
148 if (!caseDisplayNames.isEmpty()) {
152 eamArtifacts.add(eamArtifact);
155 LOGGER.log(Level.SEVERE,
"Error counting notable artifacts.", ex);
160 if (FALSE == eamArtifacts.isEmpty()) {
164 Thread t =
new Thread(r);
179 case DATA_SOURCE_ANALYSIS_COMPLETED: {
183 addedCeArtifactTrackerSet.clear();
191 @NbBundle.Messages({
"IngestEventsListener.prevTaggedSet.text=Previously Tagged As Notable (Central Repository)",
192 "IngestEventsListener.prevCaseComment.text=Previous Case: ",
193 "IngestEventsListener.ingestmodule.name=Correlation Engine"})
197 AbstractFile af = bbArtifact.getSleuthkitCase().getAbstractFileById(bbArtifact.getObjectID());
199 String MODULE_NAME = Bundle.IngestEventsListener_ingestmodule_name();
200 BlackboardArtifact tifArtifact = af.newArtifact(BlackboardArtifact.ARTIFACT_TYPE.TSK_INTERESTING_ARTIFACT_HIT);
201 BlackboardAttribute att =
new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_SET_NAME, MODULE_NAME,
202 Bundle.IngestEventsListener_prevTaggedSet_text());
203 BlackboardAttribute att2 =
new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_COMMENT, MODULE_NAME,
204 Bundle.IngestEventsListener_prevCaseComment_text() + caseDisplayNames.stream().distinct().collect(Collectors.joining(
",",
"",
"")));
205 tifArtifact.addAttribute(att);
206 tifArtifact.addAttribute(att2);
207 tifArtifact.addAttribute(
new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_ASSOCIATED_ARTIFACT, MODULE_NAME, bbArtifact.getArtifactID()));
214 LOGGER.log(Level.SEVERE,
"Unable to index blackboard artifact " + tifArtifact.getArtifactID(), ex);
219 }
catch (TskCoreException ex) {
220 LOGGER.log(Level.SEVERE,
"Failed to create BlackboardArtifact.", ex);
221 }
catch (IllegalStateException ex) {
222 LOGGER.log(Level.SEVERE,
"Failed to create BlackboardAttribute.", ex);
Collection< BlackboardArtifact > getArtifacts()
void removeIngestModuleEventListener(final PropertyChangeListener listener)
static synchronized IngestManager getInstance()
static synchronized int getCeModuleInstanceCount()
static final Logger LOGGER
void postCorrelatedBadArtifactToBlackboard(BlackboardArtifact bbArtifact, List< String > caseDisplayNames)
final PropertyChangeListener pcl1
List< String > getListCasesHavingArtifactInstancesKnownBad(CorrelationAttribute.Type aType, String value)
void removeIngestJobEventListener(final PropertyChangeListener listener)
void uninstallListeners()
static EamDb getInstance()
void addIngestJobEventListener(final PropertyChangeListener listener)
void fireModuleDataEvent(ModuleDataEvent moduleDataEvent)
void propertyChange(PropertyChangeEvent evt)
static boolean isEnabled()
void propertyChange(PropertyChangeEvent evt)
Blackboard getBlackboard()
void addIngestModuleEventListener(final PropertyChangeListener listener)
synchronized void indexArtifact(BlackboardArtifact artifact)
static int ceModuleInstanceCount
static Case getCurrentCase()
synchronized static Logger getLogger(String name)
static synchronized void incrementCorrelationEngineModuleCount()
static synchronized void decrementCorrelationEngineModuleCount()
final PropertyChangeListener pcl2
static List< CorrelationAttribute > getCorrelationAttributeFromBlackboardArtifact(BlackboardArtifact bbArtifact, boolean addInstanceDetails, boolean checkEnabled)
static synchronized IngestServices getInstance()