 DiscoveryAttributes ()

static void computeFrequency (Set< String > hashesToLookUp, List< ResultFile > currentFiles, CentralRepository centralRepoDb)
static String createCSV (Set< String > values)
static String createSetNameClause (List< Result > results, int artifactTypeID, int setNameAttrID) throws DiscoveryException
static Map< String, List< ResultDomain > > organizeByValue (List< ResultDomain > domainsBatch, CorrelationAttributeInstance.Type attributeType)
static void queryDomainFrequency (List< ResultDomain > domainsToQuery, CentralRepository centralRepository) throws DiscoveryException

static final Logger logger = Logger.getLogger(DiscoveryAttributes.class.getName())

Class which contains the search attributes which can be specified for Discovery.

Constructor & Destructor Documentation ( )

Private constructor for DiscoveryAttributes class.

static void ( Set< String >  hashesToLookUp,
List< ResultFile currentFiles,
CentralRepository  centralRepoDb 

Computes the CR frequency of all the given hashes and updates the list of files.

hashesToLookUpHashes to find the frequency of.
currentFilesList of files to update with frequencies.
centralRepoDbThe central repository being used.

static String ( Set< String >  values)

Helper function to create a string of comma separated values. Each value is wrapped in '. This method is used to bundle up a collection of values for use in a SQL WHERE IN (...) clause.

static String ( List< Result results,
int  artifactTypeID,
int  setNameAttrID 
) throws DiscoveryException

Private helper method to create a set name clause to be used in queries.

resultsThe list of results to create the set name clause for.
artifactTypeIDThe Blackboard Artifact type ID for the artifact type.
setNameAttrIDThe set name attribute id.
The String to use as a set name clause in queries.

static Map<String, List<ResultDomain> > ( List< ResultDomain domainsBatch,
CorrelationAttributeInstance.Type  attributeType 

Organizes the domain instances by normalized domain value. This helps reduce the complexity of updating ResultDomain instances after the query has been executed.

Example: query for notable status of Result: notable With this map, all domain instances that represent can be updated after one simple lookup.

References org.sleuthkit.autopsy.centralrepository.datamodel.CorrelationAttributeNormalizer.normalize().

static void ( List< ResultDomain domainsToQuery,
CentralRepository  centralRepository 
) throws DiscoveryException

final Logger = Logger.getLogger(DiscoveryAttributes.class.getName())

