Comments (6)
cccs-sgaron
commented on June 12, 2024
This should fix the issue: CybercentreCanada/assemblyline-ui-frontend#941
from assemblyline.
kam193
commented on June 12, 2024
Thanks! Do you maybe know if it's expected to remove older archived submissions (after expiration), or it's just because the archive wasn't released yet?
from assemblyline.
cccs-sgaron
commented on June 12, 2024
Older archived submissions should not be removed as they don't have any expiry_ts value. In the end the process that expires the data will expire anything that has an expiry_ts value at the time of the value. The archiving process explicitely clears that date.
from assemblyline.
kam193
commented on June 12, 2024
Hey, this is what I expected - and unfortunately, not what I see. Please take a look:
ES query:
GET submission/_search
{
"query": {
"match": {"archived": true}
},
"_source": ["archived", "archive_ts", "metadata.ts", "expiry_ts"]
}
Response:
{
"took" : 1,
"timed_out" : false,
"_shards" : {
"total" : 1,
"successful" : 1,
"skipped" : 0,
"failed" : 0
},
"hits" : {
"total" : {
"value" : 13,
"relation" : "eq"
},
"max_score" : 5.9746575,
"hits" : [
{
"_index" : "submission_hot",
"_type" : "_doc",
"_id" : "7cXDHh2j2bJA8cSMrO2Iff",
"_score" : 5.9746575,
"_source" : {
"archived" : true,
"metadata" : {
"ts" : "2024-02-08T04:11:50.392027Z"
},
"archive_ts" : null,
"expiry_ts" : "2024-02-13T04:11:50.392183Z"
}
},
{
"_index" : "submission_hot",
"_type" : "_doc",
"_id" : "7JnQYw67zLwmI6vb4MtPTt",
"_score" : 5.9746575,
"_source" : {
"archived" : true,
"metadata" : {
"ts" : "2024-02-09T17:06:15.830477Z"
},
"archive_ts" : null,
"expiry_ts" : "2024-02-14T17:06:15.830537Z"
}
},
[...]
{
"_index" : "submission_hot",
"_type" : "_doc",
"_id" : "4QKReAE5AkIIyZaOjF9bJp",
"_score" : 5.977854,
"_source" : {
"archived" : true,
"archive_ts" : null,
"expiry_ts" : "2024-02-17T19:11:38.466351Z"
}
}
]
}
}
The first one was probably on the older version, but the last just a few minutes ago, and here is the log from archiver (version stable91):
{"@timestamp": "2024-02-12 19:14:12,085", "event": { "module": "assemblyline", "dataset": "assemblyline.archiver" }, "host": { "ip": "x.x.x.x", "hostname": "475fe3517330" }, "log": { "level": "INFO", "logger": "assemblyline.archiver" }, "process": { "pid": "1" }, "message": "Successfully archived submission '4QKReAE5AkIIyZaOjF9bJp'."}
As you can see, they all have the expiry_ts set. In addition, I haven't seen any archived file without expiry_ts, some archived submissions have also already been removed. Could it be that the configuration datastore.archive.indices is, in fact, empty by default, although the documentation says it's not?
from assemblyline.
cccs-sgaron
commented on June 12, 2024
No this is working fine, you are just looking at the wrong index. The archiving process copies the data from submission_hot to submission-ma_hot. All documents in submission_hot will still have their expiry_ts but documents in submission-ma_hot will not. From what I see in your results, all the documents that you found with an expiry_ts are in the non -ma indices.
from assemblyline.
kam193
commented on June 12, 2024
Ah, right, thanks for the explanation! I should have verified this first
from assemblyline.
Related Issues (20)
- Cannot submit archived expired file
- Wrong file type identification - Python as INI HOT 4
- Missed .online static domain HOT 1
- UI: Badlisted tags are not colored in file details view HOT 2
- Scaler to recognize service in failed state HOT 2
- Suricata service can be stuck for hours if suricata didn't start HOT 5
- Health checks for services are broken in Docker Compose HOT 1
- Update service stays in a loop trying to install obsoletes or non accessible docker images. HOT 1
- Intezer-Analyze short-circuit download
- Feature Request: tolerations and nodeAffinity HOT 12
- Identity: Python obfuscated code identified as text/plain HOT 4
- Suricata 4.5.0.7 seems to be broken HOT 1
- Expose `delete_file_from_filestore` API to Python Client HOT 1
- Allow "private" submissions
- FrankenStrings URL extraction seems to trim URLs on char 0, even when it's not a binary file HOT 2
- AL 4.5.0.27: updater cannot upgrade any service HOT 15
- YARA service cannot parse rules with negative integers in metadata HOT 4
- Signature update services may not expose new signatures for workers immediately
- Unable to setup - Kibana keeps failing HOT 8
- Error: 504 Gateway-Timeout when all containers are up and healthy. HOT 5
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from assemblyline.