arkime / arkimeweb Goto Github PK

Description

As part of the AWS-AIO project (https://github.com/arkime/aws-aio), we'd love to have a way to surface Capture and Viewer nodes' config.ini file to the user in a way they can easily modify. Additionally, we need to provide our own special-sauce details to make the solution work. This creates a need to have an understanding of the config file's "schema". We have a good start on that with the key/default/text values already provided in-YAML here (https://github.com/arkime/arkimeweb/tree/main/_data/settings).

It is requested that the schema be updated to provide the "type" of each setting value, and which Arkime versions it is for.

Use our accessibility review guide and template to complete a review for our site: https://arkime.com/

** Please only complete one review per project in scope for Yahoo Hack together.

@31453 please add labels "HackTogether" and "accessibility" to this issue.

Use our accessibility review guide and template to complete a review for our site: https://arkime.com/

** Please only complete one review per project in scope for Yahoo Hack together.

@31453 please add labels "HackTogether" and "accessibility" to this issue.

Add one or more WISE Configs.

They live here: https://arkime.com/wise-configs
Here's how to add one: https://github.com/arkime/arkimeweb/blob/main/CONTRIBUTING.md#wise-configs

Add one or more Arkime Rules.

They live here: https://arkime.com/rules
Here's how to add one: https://github.com/arkime/arkimeweb/blob/main/CONTRIBUTING.md#arikme-rules

Use our user experience review guide and templates to complete a review for our site: https://arkime.com/.

Please also provide us some feedback on our social https://twitter.com/arkime_fpc

** Please only complete one review of this type per project in scope for Yahoo Hack together.

@31453 please add labels "HackTogether" and "user experience" to this issue.

Add a theme gallery so user's can submit their custom Arkime themes.

Add a link in the Galleries dropdown in the navbar of the site.

The theme color list can be found at the bottom of the Arkime -> Settings -> Themes page after creating a custom theme.

This feature request has been submitted to allow Arkime to send TCP packets that do not have any payload to TCP callbacks.
The current code does not send TCP packets without a payload to callbacks registered by plugins.
In case of the new Ja4Plus plugin, we want to be able to access TCP packets to record and create fingerprints based on the below criteria and fields.

• SYN packet timestamp
• SYN-ACK packet timestamps along with re-trasmitted SYN-ACKs
• ACK pacet timestamp
• TCP options
• TCP window size
• IP time to live

Instead of adding these to the existing Arkime code, we thought it would be cleaner to just send the entire ArkimePacket to plugins that have registered for TCP. The length of the packet will be zero in this case. It is upto the plugin to peek into the packet to decipher the TCP headers, IP headers or any other data that it requires.

Find and fix typos in the website! I'm sure they're everywhere! ✨

Use our accessibility review guide and template to complete a review for our site: https://arkime.com/

** Please only complete one review per project in scope for Yahoo Hack together.

@31453 please add labels "HackTogether" and "accessibility" to this issue.

Verify future versions of Opensearch as this is becoming a very viable option as an Elastic replacement and it is fully open source as opposite from Elastic that has started to limit the usage. Right now version 7 and Opensearch 1.x are quite compatible but who knows if things will diverge in the future.

We have several Opensearch clusters available to use for indexing but installing and maintaining Elasticsearch and purchase licenses just for Arkime usage might not be a viable option, and I think others might have the same issue. Especially if you require things like AD logins and such.

Br
Jan

https://arkime.com/settings#lua has a link to https://arkime.com/lua which returns a 404.

Use our user experience review guide and templates to complete a review for our site: https://arkime.com/.

Please also provide us some feedback on our social https://twitter.com/arkime_fpc

** Please only complete one review of this type per project in scope for Yahoo Hack together.

@31453 please add labels "HackTogether" and "user experience" to this issue.

Use our user experience review guide and templates to complete a review for our site: https://arkime.com/.

Please also provide us some feedback on our social https://twitter.com/arkime_fpc

** Please only complete one review of this type per project in scope for Yahoo Hack together.

@31453 please add labels "HackTogether" and "user experience" to this issue.

Create a gallery/directory (or whatever your favorite term) to show a bunch of sample configs for both WISE 3.0 Configs and Arkime Rules. (2 different areas I think, not 1 with both, but not sure)

Requirements:

• To add a new item you will NOT have to edit html. :) Not sure the best way to store them, if they should all live in their own files and use jekyll to combine them or just 1 file with some kind of separator or what. Might be able to reuse a jekyll CMS system.
• Each items will have at least
  • a name
  • description (optional)
  • tags
  • the actual item text (for rules it is yaml, for wise it is json or just text)
• The UI will display each item
• The UI will allow you to filter the items by searching the name and tags field
• The UI will have a copy to clipboard button per item
• The UI will have directions on submitting a new one (ex: do a PR, add to X file, blahblah)

We use Bootstrap to style our page, here's their resource on accessibility: https://getbootstrap.com/docs/4.0/getting-started/accessibility