improve the extracted_files download page

[mmguero]

Here's what the /extracted-files/ screen looks like now:

We could improve this I think in a few ways:

• general visual updates
• put files in columns: based on filename, we can check to see if it matches the usual pattern and put the protocol, FUID, UID, timestamp and extension into individual columns
• perhaps, based on those same things, make the FUID and UID columns actually a hyperlink into dashboards with those applied as filters
• file size?
• mime type?

This page is generated by this python script

[mmguero]

It's shaping up nicely, here's what it looks like so far:

There is a new variable in zeek.env with the rest of the EXTRACTED_FILE... variables:

# Whether or not to use libmagic to show MIME types for Zeek-extracted files served
EXTRACTED_FILE_HTTP_SERVER_MAGIC=false

If set to true, it will also do a libmagic lookup on each file:

The links are (by column):

• Download - link for the file download
• Type - link to IANA.org based on the file type
• IDs - Zeek UID and FUID (which are both stored in event.id) link to Dashboards with that filter applied

Things still to work on:

• the time frame for the aforementioned dashboard link does not appear to work.
• ~remove "unknown" from list of IDs~
• ~handle "XOR decrypted from FEieEe1f1SI6YJk4H5" (make source XOR and put FUID in IDs)~
• ~filter <error> from source~

[mmguero]

I've added documentation for the improvements as well. I think I'm satisfied with this feature now, closing.