Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Enhancement of ScanOcr Scanner and Strelka Scanners with IOC Changes #417

Merged
merged 9 commits into from
Jan 3, 2024

Conversation

phutelmyer
Copy link
Contributor

@phutelmyer phutelmyer commented Jan 3, 2024

Describe the change
This Pull Request introduces significant enhancements to the ScanOcr scanner and general improvements to the handling of Indicators of Compromise (IOCs) in various Strelka scanners.

  • ScanOcr Scanner Changes
    • Thumbnail Generation: The scanner now includes functionality to generate a base64-encoded thumbnail of the scanned image. This feature is controlled by the create_thumbnail option and uses PIL for image processing.
    • Improved OCR Handling: The OCR process has been refined to support the conversion of PDFs to PNGs for better text extraction. Additionally, the handling of text formatting and splitting has been improved for more accurate results.

This change also adds tests for the new functionality.

  • IOC Handling Improvements
    • Uniform Handling Across Scanners: Modifications have been made across various scanners to standardize and improve the processing of IOCs. Types are now defined by Strelka rather than the user.

Usage and Backward Compatibility:
The new features in ScanOcr are controlled via options, maintaining backward compatibility.
Default settings ensure the existing behavior is unchanged unless explicitly configured via the options.

Describe testing procedures
All build tests are passing, including new tests added for ScanOcr.

Sample output

Strelka Raw Output

....
{
    base64_thumbnail: "UklGRkwAAA...",
    elapsed: 0.103358
}
...

Strelka UI Output
image

Checklist

  • My code follows the style guidelines of this project
  • I have performed a self-review of and tested my code
  • I have commented my code, particularly in hard-to-understand areas
  • I have made corresponding changes to the documentation
  • My changes generate no new warnings

@phutelmyer phutelmyer added the enhancement New feature or request label Jan 3, 2024
@phutelmyer phutelmyer merged commit f3d14c1 into master Jan 3, 2024
3 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
enhancement New feature or request
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant