19 package org.sleuthkit.autopsy.centralrepository.eventlisteners;
21 import com.google.common.util.concurrent.ThreadFactoryBuilder;
22 import java.beans.PropertyChangeEvent;
23 import java.beans.PropertyChangeListener;
24 import static java.lang.Boolean.FALSE;
25 import java.util.ArrayList;
26 import java.util.Collection;
27 import java.util.LinkedHashSet;
28 import java.util.List;
29 import java.util.concurrent.ExecutorService;
30 import java.util.concurrent.Executors;
31 import java.util.logging.Level;
32 import java.util.stream.Collectors;
33 import org.openide.util.NbBundle;
59 final Collection<String> recentlyAddedCeArtifacts =
new LinkedHashSet<>();
68 jobProcessingExecutor = Executors.newSingleThreadExecutor(
new ThreadFactoryBuilder().setNameFormat(INGEST_EVENT_THREAD_NAME).build());
96 correlationModuleInstanceCount++;
105 correlationModuleInstanceCount--;
113 synchronized static void resetCeModuleInstanceCount() {
114 correlationModuleInstanceCount = 0;
142 flagNotableItems = value;
145 @NbBundle.Messages({
"IngestEventsListener.prevTaggedSet.text=Previously Tagged As Notable (Central Repository)",
146 "IngestEventsListener.prevCaseComment.text=Previous Case: ",
147 "IngestEventsListener.ingestmodule.name=Correlation Engine"})
151 AbstractFile af = bbArtifact.getSleuthkitCase().getAbstractFileById(bbArtifact.getObjectID());
152 Collection<BlackboardAttribute> attributes =
new ArrayList<>();
153 String MODULE_NAME = Bundle.IngestEventsListener_ingestmodule_name();
154 BlackboardArtifact tifArtifact = af.newArtifact(BlackboardArtifact.ARTIFACT_TYPE.TSK_INTERESTING_ARTIFACT_HIT);
155 BlackboardAttribute att =
new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_SET_NAME, MODULE_NAME,
156 Bundle.IngestEventsListener_prevTaggedSet_text());
157 BlackboardAttribute att2 =
new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_COMMENT, MODULE_NAME,
158 Bundle.IngestEventsListener_prevCaseComment_text() + caseDisplayNames.stream().distinct().collect(Collectors.joining(
",",
"",
"")));
160 attributes.add(att2);
161 attributes.add(
new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_ASSOCIATED_ARTIFACT, MODULE_NAME, bbArtifact.getArtifactID()));
163 tifArtifact.addAttributes(attributes);
169 LOGGER.log(Level.SEVERE,
"Unable to index blackboard artifact " + tifArtifact.getArtifactID(), ex);
174 }
catch (TskCoreException ex) {
175 LOGGER.log(Level.SEVERE,
"Failed to create BlackboardArtifact.", ex);
176 }
catch (IllegalStateException ex) {
177 LOGGER.log(Level.SEVERE,
"Failed to create BlackboardAttribute.", ex);
190 LOGGER.log(Level.SEVERE,
"Failed to connect to Central Repository database.", ex);
208 case DATA_SOURCE_ANALYSIS_COMPLETED: {
223 recentlyAddedCeArtifacts.clear();
232 private final PropertyChangeEvent
event;
247 Collection<BlackboardArtifact> bbArtifacts = mde.
getArtifacts();
248 if (null == bbArtifacts) {
251 List<CorrelationAttribute> eamArtifacts =
new ArrayList<>();
253 for (BlackboardArtifact bbArtifact : bbArtifacts) {
259 if (recentlyAddedCeArtifacts.add(eamArtifact.toString())) {
264 if (flagNotableItemsEnabled) {
266 if (!caseDisplayNames.isEmpty()) {
271 eamArtifacts.add(eamArtifact);
274 LOGGER.log(Level.SEVERE,
"Error counting notable artifacts.", ex);
278 if (FALSE == eamArtifacts.isEmpty()) {
284 LOGGER.log(Level.SEVERE,
"Error connecting to Central Repository database.", ex);
Collection< BlackboardArtifact > getArtifacts()
void removeIngestModuleEventListener(final PropertyChangeListener listener)
final ExecutorService jobProcessingExecutor
static synchronized IngestManager getInstance()
static synchronized int getCeModuleInstanceCount()
static final Logger LOGGER
final PropertyChangeListener pcl1
List< String > getListCasesHavingArtifactInstancesKnownBad(CorrelationAttribute.Type aType, String value)
void addArtifact(CorrelationAttribute eamArtifact)
static synchronized boolean isFlagNotableItems()
void removeIngestJobEventListener(final PropertyChangeListener listener)
static void shutDownTaskExecutor(ExecutorService executor)
void uninstallListeners()
final PropertyChangeEvent event
static EamDb getInstance()
void addIngestJobEventListener(final PropertyChangeListener listener)
final boolean flagNotableItemsEnabled
DataAddedTask(EamDb db, PropertyChangeEvent evt, boolean flagNotableItemsEnabled)
void fireModuleDataEvent(ModuleDataEvent moduleDataEvent)
void propertyChange(PropertyChangeEvent evt)
static boolean isEnabled()
static final String INGEST_EVENT_THREAD_NAME
void propertyChange(PropertyChangeEvent evt)
static int correlationModuleInstanceCount
static synchronized void setFlagNotableItems(boolean value)
Blackboard getBlackboard()
void addIngestModuleEventListener(final PropertyChangeListener listener)
synchronized void indexArtifact(BlackboardArtifact artifact)
synchronized static Logger getLogger(String name)
static Case getCurrentCaseThrows()
static boolean flagNotableItems
static void postCorrelatedBadArtifactToBlackboard(BlackboardArtifact bbArtifact, List< String > caseDisplayNames)
static synchronized void incrementCorrelationEngineModuleCount()
static synchronized void decrementCorrelationEngineModuleCount()
final PropertyChangeListener pcl2
static List< CorrelationAttribute > getCorrelationAttributeFromBlackboardArtifact(BlackboardArtifact bbArtifact, boolean addInstanceDetails, boolean checkEnabled)
static synchronized IngestServices getInstance()