Unfurl integration

[jkppr]

Integrating the dfir-unfurl project into timesketch via the context links. This feature will allow for using unful on every URL in a timesketch url attribute (configurable). Having the unfurl function included in Timesketch allows for easy analysis and understanding of URLs encountered during the investigation.

This PR does:

• Add the concept of "build-in modules" to the context links.
• Add dfir-unfurl as a requirement for timesketch.
• Add an API endpoint to handle unfurl requests and return the graph in a json format.
• Add the API call to the frontend API client. (+ fix some string formatting)
• Add an UnfurlDialog component that will render the unfurl graph using the cytoscape js lib
• Adjust the EventDetail component to trigger the unfurl dialog for defined attributes.

Open tasks:

• [x] Fine tune the cytoscape graph:
  • [x] Center graph on loading
  • [x] Dynamically scale the dialog?
  • [x] Tweak the layout and style to look like the original unfurl graph.
• [x] Add mouseover in the graph to show unfurl context on edges and nodes.
• [x] Update the context links to support modules
• [x] Update the tsctl validate-context-links-conf
• [x] Update unit tests

[berggren]

AHey @jkppr is this still draft or is it ready for review?

[jkppr]

@berggren it is still in draft. There is still some fine tuning around the graph and the setup to be done.

[berggren]

@berggren it is still in draft. There is still some fine tuning around the graph and the setup to be done.

Ack, thanks for the update. Let me know when it is ready for review.

Also, @obsidianforensics for awareness, unfurl is being integrated to TS :)

[berggren]

@obsidianforensics One idea, could we use the official Unfurl logo in the TS UI? That would be nice :)

[obsidianforensics]

Sorry, didn't see the comment until now :/

This is amazing! And yes, please use the official logos wherever you'd like. https://github.com/obsidianforensics/unfurl/tree/main/unfurl/static has a number of different types - I'd probably recommend the square u one rather than the recentagle unfurl one, but feel free to use any.