work in progress for idaholab#288

mmguero-dev · Jan 4, 2024 · 9f9775e · 9f9775e
1 parent bc36146
commit 9f9775e
Show file tree

Hide file tree

Showing 2 changed files with 5 additions and 10 deletions.
diff --git a/arkime/wise/source.zeeklogs.js b/arkime/wise/source.zeeklogs.js
@@ -2210,10 +2210,9 @@ class MalcolmSource extends WISESource {
     var mimeFieldsStr = allFields.filter(value => /mime[_\.-]?type/i.test(value)).join(',');
     this.api.addValueAction("malcolm_websearch_mime", { name: "Media Type Registry", url: 'https://www.iana.org/assignments/media-types/%TEXT%', fields: mimeFieldsStr });
 
-    // add right-click for extracted/quarantined files from zeek
+    // add right-click for extracted files from zeek
     var carvedFieldsStr = allFields.filter(value => /^zeek\.files\.extracted$/i.test(value)).join(',');
-    this.api.addValueAction("malcolm_carved_file_quarantined", { name: "Download (if quarantined)", url: "/dl-extracted-files/quarantine/%TEXT%", fields: carvedFieldsStr });
-    this.api.addValueAction("malcolm_carved_file_preserved", { name: "Download (if preserved)", url: "/dl-extracted-files/preserved/%TEXT%", fields: carvedFieldsStr });
+    this.api.addValueAction("malcolm_carved_file_quarantined", { name: "Download", url: "/dl-extracted-files/%TEXT%", fields: carvedFieldsStr });
 
     // add right-clicks for pivoting into dashboards from Arkime (see nginx.conf)
     var filterLabel = "OpenSearch Dashboards %DBFIELD%";

diff --git a/dashboards/scripts/index-refresh.py b/dashboards/scripts/index-refresh.py
@@ -410,14 +410,10 @@ def main():
                     drilldownInfoParamsUrlTemplates.append(drilldownInfoParamsUrlTemplateValues)
 
                 elif re.search(r'(^zeek\.files\.extracted$)', field['name'], re.IGNORECASE) is not None:
-                    # add download for extracted/quarantined zeek files
+                    # add download for extracted zeek files
                     drilldownInfoParamsUrlTemplateValues = {}
-                    drilldownInfoParamsUrlTemplateValues['url'] = '/dl-extracted-files/quarantine/{{value}}'
-                    drilldownInfoParamsUrlTemplateValues['label'] = 'Download (if quarantined)'
-                    drilldownInfoParamsUrlTemplates.append(drilldownInfoParamsUrlTemplateValues)
-                    drilldownInfoParamsUrlTemplateValues = {}
-                    drilldownInfoParamsUrlTemplateValues['url'] = '/dl-extracted-files/preserved/{{value}}'
-                    drilldownInfoParamsUrlTemplateValues['label'] = 'Download (if preserved)'
+                    drilldownInfoParamsUrlTemplateValues['url'] = '/dl-extracted-files/{{value}}'
+                    drilldownInfoParamsUrlTemplateValues['label'] = 'Download'
                     drilldownInfoParamsUrlTemplates.append(drilldownInfoParamsUrlTemplateValues)
 
                 drilldownInfoParams = {}