Related files feature #676
Description
Feature Category
- Correctness
- User Interface / User Experience
- Performance
- Other (please explain)
Describe the problem
We need a way to upload a file associated with a sample that should not be analyzed or investigated, like a .IDB (Ida database) file, a .pdf report or other goodware supporting data but simply shown as download links in the custom attribute section or in a new "Related files" tab like the following:
Describe the solution you'd like
The related files should be shown as download links in the custom attribute section or in a new "Related files" tab. The related files should not be shown in the samples list because they are not malwares.
Describe alternatives you've considered
We see that there are only 3 type of objects: sample, blob and config. We maybe need an additional object type named supporting_data or associated_file that must not be analyzed and listed in "samples" but shown in a new tab (like what happens with config).
We also considered the opportunity to create a plugin that intercept and abort the upload process when the uploaded file is a .IDB or .PDF but we miss a webhook like before_file_creation that could be used to:
- filter out the uploaded file (that is abort the upload process)
- instead upload the file in third-party service (or in an alternative bucket of the minio instance)
- create a custom attribute with the download link in the parent sample
Is it reasonable to have this feature in the MWDB project or it is too much "case-management" oriented? That is will you accept pull requests about this feature?
This issue is somehow similar to #560.