No memory analysis expression code in Django

[hakawati]

Hi, everyone,

I've been working on the Cuckoo Sandbox for three days. I tried to check memory analysis and results. However, unlike previous versions, Memory Analysis did not appear in the web interface. Analysis shows that there is no memory analysis related code in sidebar.html and nav-sidebar.html. Also, the memory/index.html code is not integrated into version 2.0. For this reason, memory analysis results are not shown in the Django web interface.

[jbremer]

Thanks! We're going to have to take a look at this.

[jbremer]

Should be fixed now, assuming that the rest of the web code is still functional - see also the commit above. Will be pushing out an alpha release soon where you'll be able to test it! Thanks again for reporting.

[jbremer]

@hakawati Could you check if version 2.0.2a2 includes a working version of the volatility results? The HTML templates have been modified to work, but I haven't had the chance to really test it yet. Thanks!

[hakawati]

Ok~ Please wait. I'll test soon.

[hakawati]

Hi

We tested the latest version of Volatility 2.6 and the previous version 2.5. The "VM Memory Dump" sidebar was created in the Django web framework, but nothing was displayed inside.

I think this reason for this is that the path for each page in memory/index.html is wrong.

For example, modifying analysis/memory/_pslist.html to analysis/pages/memory/_pslist.html worked fine.

Other insufficient parts, including memory analysis:

• The sidebar disappears when I open the "VM Memory Dump" page.
• Use the \

  tag with a title icon on each page. But "Network Analysis" uses the \

  tag and does not use the icon. "Export Analysis" uses the \

  tag. "VM Memory Dump" does not use titles and icons.

• Pending function does not work properly.

Thanks!

[jbremer]

@hakawati Would you mind doing a PR with all the necessary changes or should I give it another attempt based on your feedback? ;-) I'll do some initial changes in a little bit - you're very much correct regarding the template file paths etc.

[hakawati]

I do not know if I should give feedback for each test or if I acted on the subject. As an old fan of cuckoo, I hope forever and ever.

[jbremer]

@hakawati We've put out a new release, version 2.0.2, which you may obtain through pip install -U cuckoo, including various improvements for the Volatility / memory.py issue posted above. Please check it out! From now on you can specify the profile for each VM by adding, e.g., osprofile = WinXPSP2x86, to each of your VMs. I'll leave this issue open for now - in case you require any additional support on this matter - but will be closing it in the coming days. Thanks for your feedback and if you have any additional feedback, do not hesitate to let us know or create a new issue!

Additionally we've given the Web Interface templates some UX love, I hope you like it :-) Can you elaborate a bit more on the h2 vs h1 & pending page does not work properly comments? Perhaps including some screenshots helps as well!

[hakawati]

@jbremer Thanks for your hard work. I just tested version 2.0.2. The VM Memory Dump section works very well. It was a great UI.

• The previously mentioned h2 vs h1is this part. Personally, I like the unified UI. :-)

• I thought Pending Pages was wrong. I thought I could see a page on the Pending Pages where I can see the status under analysis. Please check if the sample is being analyzed in Recent Pages or Pending Pages.

• When you click Compare Analysis, the VM Memory Dump disappears from the sidebar. Request you to check.

• Finally, it is a separate story, but there is no color in each behavior in the Behavior Analysis, so Compare Analysis does not work properly. Please confirm this part.

Yesterday, I worked with Elasticsearch and MISP. I really think Cuckoo Sandbox is a great tool. The developer who developed the Cuckoo Sandbox is a really nice people. Thank you.

[jbremer]

@hakawati Thanks for the sweet feedback! Compare analyses is still in alpha status, I wouldn't recommend using it - we'll hopefully get back to that in a few months from now, though. @automagisch Can you push through the missing icon & unify the h1 vs h2 differences mentioned above? Thanks!

@hakawati Btw, the behavior page is getting a new look as well - stay tuned, it's going to be pretty sweet thanks to @automagisch ;-)

[jbremer]

@hakawati The h1 vs h2 part has been fixed and pushed as alpha version 2.0.3a1. The request we'll get back to later.