WIP omron fins integration, cisagov#554

mmguero-dev · Jan 15, 2025 · 5d8fed7 · 5d8fed7
1 parent 9503a4d
commit 5d8fed7
Show file tree

Hide file tree

Showing 3 changed files with 97 additions and 47 deletions.
diff --git a/dashboards/scripts/index-refresh.py b/dashboards/scripts/index-refresh.py
@@ -397,6 +397,9 @@ def main():
                         'urlTemplate'
                     ] = '/netbox/search/?q={{value}}&obj_types=dcim.site&lookup=iexact'
 
+                elif field['name'] == 'zeek.files.extracted_uri':
+                    fieldFormatInfo['params']['urlTemplate'] = '/{{value}}'
+
                 else:
                     # for Arkime to query by database field name, see arkime issue/PR 1461/1463
                     valQuote = '"' if field['type'] == 'string' else ''

diff --git a/nginx/nginx.conf b/nginx/nginx.conf
@@ -170,6 +170,53 @@ http {
       proxy_set_header X-Remote-Auth $authenticated_user;
     }
 
+    # extracted file download
+    location ~* ^/extracted-files\b(.*) {
+      include /etc/nginx/nginx_auth_rt.conf;
+      # thanks to https://stackoverflow.com/a/31440150, handle spaces in names
+      set $filereq $1;
+      proxy_pass http://extracted-file-http-server$filereq$is_args$args;
+      proxy_redirect off;
+      proxy_set_header Host file-monitor.malcolm.local;
+    }
+
+    # extracted file download hedgehog redirect
+    location ~* ^/hh-extracted-files/([a-zA-Z0-9-\.]+)\b(.*) {
+      include /etc/nginx/nginx_auth_rt.conf;
+      include /etc/nginx/nginx_system_resolver.conf;
+      set $upstream $1:8006;
+      set $filereq $2;
+      rewrite ^/hh-extracted-files/([a-zA-Z0-9-\.]+)(.*)$ $filereq break;
+      proxy_pass https://$upstream;
+      proxy_ssl_verify off;
+      proxy_set_header Host $1;
+      proxy_set_header X-Malcolm-Forward "/hh-extracted-files/$1";
+    }
+
+    # extracted files from dashboards link (because Dashboards is prepending its own prefix, we have to handle it)
+    location ~* ^/dashboards/app/extracted-files/(.*) {
+      set $forwarded_scheme $scheme;
+      if ($http_x_forwarded_proto = 'https') {
+          set $forwarded_scheme https;
+      }
+      set $fwuri $1;
+      rewrite ^/dashboards/app/extracted-files/(.*) $forwarded_scheme://$host/extracted-files/$1 redirect;
+      proxy_pass http://extracted-file-http-server;
+      proxy_redirect off;
+      proxy_set_header Host file-monitor.malcolm.local;
+    }
+    location ~* ^/dashboards/app/hh-extracted-files/([a-zA-Z0-9-\.]+)\b(.*) {
+      include /etc/nginx/nginx_auth_rt.conf;
+      include /etc/nginx/nginx_system_resolver.conf;
+      set $upstream $1:8006;
+      set $filereq $2;
+      rewrite ^/dashboards/app/hh-extracted-files/([a-zA-Z0-9-\.]+)(.*)$ $filereq break;
+      proxy_pass https://$upstream;
+      proxy_ssl_verify off;
+      proxy_set_header Host $1;
+      proxy_set_header X-Malcolm-Forward "/hh-extracted-files/$1";
+    }
+
     # Arkime -> Dashboards shortcut
     location ~* /idark2dash(.*) {
       set $filter_start_time now-1d;
@@ -223,30 +270,6 @@ http {
       proxy_set_header Host dashboards-helper.malcolm.local;
     }
 
-    # extracted file download
-    location ~* ^/extracted-files\b(.*) {
-      include /etc/nginx/nginx_auth_rt.conf;
-      # thanks to https://stackoverflow.com/a/31440150, handle spaces in names
-      set $filereq $1;
-      proxy_pass http://extracted-file-http-server$filereq$is_args$args;
-      proxy_redirect off;
-      proxy_set_header Host file-monitor.malcolm.local;
-    }
-
-    # extracted file download hedgehog redirect
-    location ~* ^/hh-extracted-files/([a-zA-Z0-9-\.]+)\b(.*) {
-      include /etc/nginx/nginx_auth_rt.conf;
-      include /etc/nginx/nginx_system_resolver.conf;
-      set $upstream $1:8006;
-      set $filereq $2;
-      # TODO: check, do i need is_args/args here?
-      rewrite ^/hh-extracted-files/([a-zA-Z0-9-\.]+)(.*)$ $filereq break;
-      proxy_pass https://$upstream;
-      proxy_ssl_verify off;
-      proxy_set_header Host $1;
-      proxy_set_header X-Malcolm-Forward "/hh-extracted-files/$1";
-    }
-
     # Fix cyberchef JS module(s)
     # https://localhost/arkime/session/190924-KgO9H30qhdREw7ltsDXn1Rgp/modules/Regex.js
     location ~* ^/arkime/session/.*/(modules/.*\.js) {

diff --git a/nginx/nginx_readonly.conf b/nginx/nginx_readonly.conf
@@ -131,6 +131,53 @@ http {
       proxy_set_header X-Remote-Auth $authenticated_user;
     }
 
+    # extracted file download
+    location ~* ^/extracted-files\b(.*) {
+      include /etc/nginx/nginx_auth_rt.conf;
+      # thanks to https://stackoverflow.com/a/31440150, handle spaces in names
+      set $filereq $1;
+      proxy_pass http://extracted-file-http-server$filereq$is_args$args;
+      proxy_redirect off;
+      proxy_set_header Host file-monitor.malcolm.local;
+    }
+
+    # extracted file download hedgehog redirect
+    location ~* ^/hh-extracted-files/([a-zA-Z0-9-\.]+)\b(.*) {
+      include /etc/nginx/nginx_system_resolver.conf;
+      set $upstream $1:8006;
+      set $filereq $2;
+      # TODO: check, do i need is_args/args here?
+      rewrite ^/hh-extracted-files/([a-zA-Z0-9-\.]+)(.*)$ $filereq break;
+      proxy_pass https://$upstream;
+      proxy_ssl_verify off;
+      proxy_set_header Host $1;
+      proxy_set_header X-Malcolm-Forward "/hh-extracted-files/$1";
+    }
+
+    # extracted files from dashboards link (because Dashboards is prepending its own prefix, we have to handle it)
+    location ~* ^/dashboards/app/extracted-files/(.*) {
+      set $forwarded_scheme $scheme;
+      if ($http_x_forwarded_proto = 'https') {
+          set $forwarded_scheme https;
+      }
+      set $fwuri $1;
+      rewrite ^/dashboards/app/extracted-files/(.*) $forwarded_scheme://$host/extracted-files/$1 redirect;
+      proxy_pass http://extracted-file-http-server;
+      proxy_redirect off;
+      proxy_set_header Host file-monitor.malcolm.local;
+    }
+    location ~* ^/dashboards/app/hh-extracted-files/([a-zA-Z0-9-\.]+)\b(.*) {
+      include /etc/nginx/nginx_auth_rt.conf;
+      include /etc/nginx/nginx_system_resolver.conf;
+      set $upstream $1:8006;
+      set $filereq $2;
+      rewrite ^/dashboards/app/hh-extracted-files/([a-zA-Z0-9-\.]+)(.*)$ $filereq break;
+      proxy_pass https://$upstream;
+      proxy_ssl_verify off;
+      proxy_set_header Host $1;
+      proxy_set_header X-Malcolm-Forward "/hh-extracted-files/$1";
+    }
+
     # Dashboards -> Arkime shortcut
     location ~* /iddash2ark/(.*) {
       set $forwarded_scheme $scheme;
@@ -158,29 +205,6 @@ http {
       proxy_set_header Host dashboards-helper.malcolm.local;
     }
 
-    # extracted file download
-    location ~* ^/extracted-files\b(.*) {
-      include /etc/nginx/nginx_auth_rt.conf;
-      # thanks to https://stackoverflow.com/a/31440150, handle spaces in names
-      set $filereq $1;
-      proxy_pass http://extracted-file-http-server$filereq$is_args$args;
-      proxy_redirect off;
-      proxy_set_header Host file-monitor.malcolm.local;
-    }
-
-    # extracted file download hedgehog redirect
-    location ~* ^/hh-extracted-files/([a-zA-Z0-9-\.]+)\b(.*) {
-      include /etc/nginx/nginx_system_resolver.conf;
-      set $upstream $1:8006;
-      set $filereq $2;
-      # TODO: check, do i need is_args/args here?
-      rewrite ^/hh-extracted-files/([a-zA-Z0-9-\.]+)(.*)$ $filereq break;
-      proxy_pass https://$upstream;
-      proxy_ssl_verify off;
-      proxy_set_header Host $1;
-      proxy_set_header X-Malcolm-Forward "/hh-extracted-files/$1";
-    }
-
     # favicon, logos, banners, etc.
     include /etc/nginx/nginx_image_aliases.conf;