Inherits org.sleuthkit.autopsy.report.GeneralReportModule.

Public Member Functions
default void	generateReport (String baseReportDir, ReportProgressPanel progressPanel)

void	generateReport (GeneralReportSettings settings, ReportProgressPanel progressPanel)

ReportModuleSettings	getConfiguration ()

JPanel	getConfigurationPanel ()

ReportModuleSettings	getDefaultConfiguration ()

String	getDescription ()

String	getName ()

String	getRelativeFilePath ()

void	setConfiguration (ReportModuleSettings settings)

default boolean	supportsDataSourceSelection ()

Static Public Member Functions
static synchronized STIXReportModule	getDefault ()

Private Member Functions
	STIXReportModule ()

ObservableResult	evaluateObject (ObjectType obj, String spacing, String id)

ObservableResult	evaluateObservableComposition (ObservableCompositionType comp, String spacing) throws TskCoreException

ObservableResult	evaluateSingleObservable (Observable obs, String spacing) throws TskCoreException

void	initializePanel ()

STIXPackage	loadSTIXFile (String stixFileName) throws JAXBException

String	makeMapKey (Observable obs)

void	printFileHeader (String a_fileName, BufferedWriter output)

void	processFile (String stixFile, ReportProgressPanel progressPanel, BufferedWriter output) throws JAXBException, TskCoreException

void	processIndicators (STIXPackage stix, BufferedWriter output, ReportProgressPanel progressPanel) throws TskCoreException

void	processObservables (STIXPackage stix)

void	saveResultsAsArtifacts (Indicator ind, ObservableResult result, ReportProgressPanel progressPanel) throws TskCoreException

void	saveToObjectMap (Observable obs)

void	writeResultsToFile (Indicator ind, String resultStr, boolean found, BufferedWriter output)

Private Attributes
STIXReportModuleConfigPanel	configPanel

Map< String, ObjectType >	idToObjectMap = new HashMap<>()

Map< String, ObservableResult >	idToResult = new HashMap<>()

List< EvalRegistryObj.RegistryFileInfo >	registryFileData = null

boolean	reportAllResults

String	reportPath

final boolean	skipShortCircuit = true

Static Private Attributes
static STIXReportModule	instance = null

static final Logger	logger = Logger.getLogger(STIXReportModule.class.getName())

Detailed Description

Definition at line 68 of file STIXReportModule.java.

Constructor & Destructor Documentation

org.sleuthkit.autopsy.report.modules.stix.STIXReportModule.STIXReportModule ( )

private

Definition at line 84 of file STIXReportModule.java.

Referenced by org.sleuthkit.autopsy.report.modules.stix.STIXReportModule.getDefault().

Member Function Documentation

ObservableResult org.sleuthkit.autopsy.report.modules.stix.STIXReportModule.evaluateObject	(	ObjectType	obj,
		String	spacing,
		String	id
	)

private

Evaluate a STIX object.

Parameters

obj	The object to evaluate against the datasource(s)
spacing	For formatting the output
id

Returns

Definition at line 589 of file STIXReportModule.java.

References org.sleuthkit.autopsy.report.modules.stix.STIXReportModule.registryFileData.

Referenced by org.sleuthkit.autopsy.report.modules.stix.STIXReportModule.evaluateSingleObservable().

ObservableResult org.sleuthkit.autopsy.report.modules.stix.STIXReportModule.evaluateObservableComposition	(	ObservableCompositionType	comp,
		String	spacing
	)		throws TskCoreException

private

Evaluate an observable composition. Can be called recursively.

Parameters

comp	The observable composition object to evaluate
spacing	Used to formatting the output

Returns: The status of the composition

Exceptions

TskCoreException

Definition at line 451 of file STIXReportModule.java.

References org.sleuthkit.autopsy.report.modules.stix.STIXReportModule.evaluateSingleObservable().

Referenced by org.sleuthkit.autopsy.report.modules.stix.STIXReportModule.processIndicators().

ObservableResult org.sleuthkit.autopsy.report.modules.stix.STIXReportModule.evaluateSingleObservable	(	Observable	obs,
		String	spacing
	)		throws TskCoreException

private

Evaluate one observable and return the result. This is at the end of the observable composition tree and will not be called recursively.

Parameters

obs	The observable object to evaluate
spacing	For formatting the output

Returns: The status of the observable

Exceptions

TskCoreException

Definition at line 547 of file STIXReportModule.java.

References org.sleuthkit.autopsy.report.modules.stix.STIXReportModule.evaluateObject(), org.sleuthkit.autopsy.report.modules.stix.STIXReportModule.makeMapKey(), and org.sleuthkit.autopsy.report.modules.stix.STIXReportModule.saveToObjectMap().

Referenced by org.sleuthkit.autopsy.report.modules.stix.STIXReportModule.evaluateObservableComposition(), and org.sleuthkit.autopsy.report.modules.stix.STIXReportModule.processIndicators().

default void org.sleuthkit.autopsy.report.GeneralReportModule.generateReport	(	String	baseReportDir,
		ReportProgressPanel	progressPanel
	)

inherited

Called to generate the report. Method is responsible for saving the file at the path specified and updating progress via the progressPanel object.

Parameters

baseReportDir	Base directory that reports are being stored in. Report should go into baseReportDir + getRelativeFilePath().
progressPanel	panel to update the report's progress with

Deprecated:: Use generateReport(GeneralReportSettings settings, ReportProgressPanel progressPanel) instead. The baseReportDir is stored in the settings instance.

Implemented in org.sleuthkit.autopsy.report.GeneralReportModuleAdapter.

Definition at line 36 of file GeneralReportModule.java.

Referenced by org.sleuthkit.autopsy.report.GeneralReportModule.generateReport().

void org.sleuthkit.autopsy.report.modules.stix.STIXReportModule.generateReport	(	GeneralReportSettings	settings,
		ReportProgressPanel	progressPanel
	)

Parameters

settings	Report settings.
progressPanel	panel to update the report's progress

Implements org.sleuthkit.autopsy.report.GeneralReportModule.

Definition at line 101 of file STIXReportModule.java.

ReportModuleSettings org.sleuthkit.autopsy.report.modules.stix.STIXReportModule.getConfiguration ( )

Get current configuration for this report module.

Returns: Object which contains current report module settings.

Implements org.sleuthkit.autopsy.report.ReportModule.

Definition at line 673 of file STIXReportModule.java.

References org.sleuthkit.autopsy.report.modules.stix.STIXReportModule.initializePanel().

JPanel org.sleuthkit.autopsy.report.modules.stix.STIXReportModule.getConfigurationPanel ( )

Returns the configuration panel for the report, which is displayed in the report configuration step of the report wizard.

Returns: Configuration panel or null if the module does not need configuration.

Implements org.sleuthkit.autopsy.report.ReportModule.

Definition at line 646 of file STIXReportModule.java.

References org.sleuthkit.autopsy.report.modules.stix.STIXReportModule.configPanel, and org.sleuthkit.autopsy.report.modules.stix.STIXReportModule.initializePanel().

static synchronized STIXReportModule org.sleuthkit.autopsy.report.modules.stix.STIXReportModule.getDefault ( )

static

Definition at line 88 of file STIXReportModule.java.

References org.sleuthkit.autopsy.report.modules.stix.STIXReportModule.instance, and org.sleuthkit.autopsy.report.modules.stix.STIXReportModule.STIXReportModule().

ReportModuleSettings org.sleuthkit.autopsy.report.modules.stix.STIXReportModule.getDefaultConfiguration ( )

Get default configuration for this report module.

Returns: Object which contains default report module settings.

Implements org.sleuthkit.autopsy.report.ReportModule.

Definition at line 663 of file STIXReportModule.java.

Referenced by org.sleuthkit.autopsy.report.modules.stix.STIXReportModule.setConfiguration().

String org.sleuthkit.autopsy.report.modules.stix.STIXReportModule.getDescription ( )

Gets a one-line, user friendly description of the type of report this module generates.

Implements org.sleuthkit.autopsy.report.ReportModule.

Definition at line 640 of file STIXReportModule.java.

String org.sleuthkit.autopsy.report.modules.stix.STIXReportModule.getName ( )

Get the name of the report this module generates.

Implements org.sleuthkit.autopsy.report.ReportModule.

Definition at line 629 of file STIXReportModule.java.

String org.sleuthkit.autopsy.report.modules.stix.STIXReportModule.getRelativeFilePath ( )

Gets the relative path of the report file, if any, generated by this module. The path should be relative to the location that gets passed in to generateReport() (or similar).

Returns: Relative path to where report will be stored. Return an empty string if the location passed to generateReport() is the output location. Return null to indicate that there is no report file.

Implements org.sleuthkit.autopsy.report.ReportModule.

Definition at line 635 of file STIXReportModule.java.

Referenced by org.sleuthkit.autopsy.report.modules.stix.STIXReportModule.generateReport().

void org.sleuthkit.autopsy.report.modules.stix.STIXReportModule.initializePanel ( )

private

Definition at line 651 of file STIXReportModule.java.

Referenced by org.sleuthkit.autopsy.report.modules.stix.STIXReportModule.getConfiguration(), org.sleuthkit.autopsy.report.modules.stix.STIXReportModule.getConfigurationPanel(), and org.sleuthkit.autopsy.report.modules.stix.STIXReportModule.setConfiguration().

STIXPackage org.sleuthkit.autopsy.report.modules.stix.STIXReportModule.loadSTIXFile ( String stixFileName ) throws JAXBException

private

Load a STIX-formatted XML file into a STIXPackage object.

Parameters

stixFileName Name of the STIX file to unmarshal

Returns: Unmarshalled file contents

Exceptions

JAXBException

Definition at line 229 of file STIXReportModule.java.

Referenced by org.sleuthkit.autopsy.report.modules.stix.STIXReportModule.processFile().

String org.sleuthkit.autopsy.report.modules.stix.STIXReportModule.makeMapKey ( Observable obs )

private

Use the ID or ID ref to create a key into the observable map.

Parameters

obs

Returns

Definition at line 416 of file STIXReportModule.java.

Referenced by org.sleuthkit.autopsy.report.modules.stix.STIXReportModule.evaluateSingleObservable(), and org.sleuthkit.autopsy.report.modules.stix.STIXReportModule.saveToObjectMap().

void org.sleuthkit.autopsy.report.modules.stix.STIXReportModule.printFileHeader	(	String	a_fileName,
		BufferedWriter	output
	)

private

Write the a header for the current file to the output file.

Parameters

a_fileName
output

Definition at line 391 of file STIXReportModule.java.

Referenced by org.sleuthkit.autopsy.report.modules.stix.STIXReportModule.processFile().

void org.sleuthkit.autopsy.report.modules.stix.STIXReportModule.processFile	(	String	stixFile,
		ReportProgressPanel	progressPanel,
		BufferedWriter	output
	)		throws JAXBException, TskCoreException

private

Process a STIX file.

Parameters

stixFile	- Name of the file
progressPanel	- Progress panel (for updating)
output

Exceptions

JAXBException
TskCoreException

Definition at line 198 of file STIXReportModule.java.

References org.sleuthkit.autopsy.report.ReportProgressPanel.increment(), org.sleuthkit.autopsy.report.modules.stix.STIXReportModule.loadSTIXFile(), org.sleuthkit.autopsy.report.modules.stix.STIXReportModule.printFileHeader(), org.sleuthkit.autopsy.report.modules.stix.STIXReportModule.processIndicators(), org.sleuthkit.autopsy.report.modules.stix.STIXReportModule.processObservables(), and org.sleuthkit.autopsy.report.modules.stix.STIXReportModule.registryFileData.

Referenced by org.sleuthkit.autopsy.report.modules.stix.STIXReportModule.generateReport().

void org.sleuthkit.autopsy.report.modules.stix.STIXReportModule.processIndicators	(	STIXPackage	stix,
		BufferedWriter	output,
		ReportProgressPanel	progressPanel
	)		throws TskCoreException

private

Process all STIX indicators and save results to output file and create artifacts.

Parameters

stix	STIXPackage
output
progressPanel

Definition at line 271 of file STIXReportModule.java.

References org.sleuthkit.autopsy.report.modules.stix.STIXReportModule.evaluateObservableComposition(), org.sleuthkit.autopsy.report.modules.stix.STIXReportModule.evaluateSingleObservable(), org.sleuthkit.autopsy.report.modules.stix.STIXReportModule.reportAllResults, org.sleuthkit.autopsy.report.modules.stix.STIXReportModule.saveResultsAsArtifacts(), and org.sleuthkit.autopsy.report.modules.stix.STIXReportModule.writeResultsToFile().

Referenced by org.sleuthkit.autopsy.report.modules.stix.STIXReportModule.processFile().

void org.sleuthkit.autopsy.report.modules.stix.STIXReportModule.processObservables ( STIXPackage stix )

private

Do the initial processing of the list of observables. For each observable, save it in a map using the ID as key.

Parameters

stix	STIXPackage

Definition at line 252 of file STIXReportModule.java.

References org.sleuthkit.autopsy.report.modules.stix.STIXReportModule.saveToObjectMap().

Referenced by org.sleuthkit.autopsy.report.modules.stix.STIXReportModule.processFile().

void org.sleuthkit.autopsy.report.modules.stix.STIXReportModule.saveResultsAsArtifacts	(	Indicator	ind,
		ObservableResult	result,
		ReportProgressPanel	progressPanel
	)		throws TskCoreException

private

Create the artifacts saved in the observable result.

Parameters

ind
result
progressPanel

Exceptions

TskCoreException

Definition at line 311 of file STIXReportModule.java.

References org.sleuthkit.autopsy.report.ReportProgressPanel.updateStatusLabel().

Referenced by org.sleuthkit.autopsy.report.modules.stix.STIXReportModule.processIndicators().

void org.sleuthkit.autopsy.report.modules.stix.STIXReportModule.saveToObjectMap ( Observable obs )

private

Save an observable in the object map.

Parameters

obs

Definition at line 434 of file STIXReportModule.java.

References org.sleuthkit.autopsy.report.modules.stix.STIXReportModule.makeMapKey().

Referenced by org.sleuthkit.autopsy.report.modules.stix.STIXReportModule.evaluateSingleObservable(), and org.sleuthkit.autopsy.report.modules.stix.STIXReportModule.processObservables().

void org.sleuthkit.autopsy.report.modules.stix.STIXReportModule.setConfiguration ( ReportModuleSettings settings )

Set report module configuration.

Parameters

settings Object which contains report module settings.

Implements org.sleuthkit.autopsy.report.ReportModule.

Definition at line 684 of file STIXReportModule.java.

References org.sleuthkit.autopsy.report.modules.stix.STIXReportModule.getDefaultConfiguration(), and org.sleuthkit.autopsy.report.modules.stix.STIXReportModule.initializePanel().

default boolean org.sleuthkit.autopsy.report.GeneralReportModule.supportsDataSourceSelection ( )

inherited

Determines if the module supports report generation on a subset of data sources in a case. Defaults to false. The data source selections are stored in the GeneralReportSettings instance.

Returns: True if the module can be configured to run on a subset of data sources.

Implemented in org.sleuthkit.autopsy.report.modules.kml.KMLReport, and org.sleuthkit.autopsy.report.modules.caseuco.CaseUcoReportModule.

Definition at line 64 of file GeneralReportModule.java.

void org.sleuthkit.autopsy.report.modules.stix.STIXReportModule.writeResultsToFile	(	Indicator	ind,
		String	resultStr,
		boolean	found,
		BufferedWriter	output
	)

private

Write the full results string to the output file.

Parameters

ind	- Used to get the title, ID, and description of the indicator
resultStr	- Full results for this indicator
found	- true if the indicator was found in datasource(s)
output

Definition at line 354 of file STIXReportModule.java.

Referenced by org.sleuthkit.autopsy.report.modules.stix.STIXReportModule.processIndicators().

Member Data Documentation

STIXReportModuleConfigPanel org.sleuthkit.autopsy.report.modules.stix.STIXReportModule.configPanel

private

Definition at line 71 of file STIXReportModule.java.

Referenced by org.sleuthkit.autopsy.report.modules.stix.STIXReportModule.getConfigurationPanel().

Map<String, ObjectType> org.sleuthkit.autopsy.report.modules.stix.STIXReportModule.idToObjectMap = new HashMap<>()

private

Definition at line 76 of file STIXReportModule.java.

Map<String, ObservableResult> org.sleuthkit.autopsy.report.modules.stix.STIXReportModule.idToResult = new HashMap<>()

private

Definition at line 77 of file STIXReportModule.java.

STIXReportModule org.sleuthkit.autopsy.report.modules.stix.STIXReportModule.instance = null

staticprivate

Definition at line 72 of file STIXReportModule.java.

Referenced by org.sleuthkit.autopsy.report.modules.stix.STIXReportModule.getDefault().

final Logger org.sleuthkit.autopsy.report.modules.stix.STIXReportModule.logger = Logger.getLogger(STIXReportModule.class.getName())

staticprivate

Definition at line 70 of file STIXReportModule.java.

List<EvalRegistryObj.RegistryFileInfo> org.sleuthkit.autopsy.report.modules.stix.STIXReportModule.registryFileData = null

private

Definition at line 79 of file STIXReportModule.java.

Referenced by org.sleuthkit.autopsy.report.modules.stix.STIXReportModule.evaluateObject(), and org.sleuthkit.autopsy.report.modules.stix.STIXReportModule.processFile().

boolean org.sleuthkit.autopsy.report.modules.stix.STIXReportModule.reportAllResults

private

Definition at line 74 of file STIXReportModule.java.

Referenced by org.sleuthkit.autopsy.report.modules.stix.STIXReportModule.processIndicators().

String org.sleuthkit.autopsy.report.modules.stix.STIXReportModule.reportPath

private

Definition at line 73 of file STIXReportModule.java.

final boolean org.sleuthkit.autopsy.report.modules.stix.STIXReportModule.skipShortCircuit = true

private

Definition at line 81 of file STIXReportModule.java.

The documentation for this class was generated from the following file:

/home/carriersleuth/repos/autopsy/Core/src/org/sleuthkit/autopsy/report/modules/stix/STIXReportModule.java

Public Member Functions

Static Public Member Functions

Private Member Functions

Private Attributes

Static Private Attributes

Detailed Description

Constructor & Destructor Documentation

Member Function Documentation

Member Data Documentation