Issues with the Timesketch init prompt #768
Description
Expecting a prompt to enter in my Timesketch info when first running a dfTimewolf recipe using Timesketch.
Behavior with the default dfTimewolf UI:
wyassine@47c20a8a4c5e:~/dftimewolf$ dftimewolf gcp_turbinia_ts <project_name> <zone> --disk_names test-disk-20gb-1 --incident_id test123
gcp_turbinia_ts
Preflights:
GCPTokenCheck: Completed
Modules:
TimesketchExporter: Setting Up
TurbiniaGCPProcessor: Pending
Messages:
[ dftimewolf ] Debug log: /tmp/dftimewolf-run-20230719_212057__t5zynqd.log
The recipe will just get stuck there even though in the background its looking for Timesketch credentials.
When using DFTIMEWOLF_NO_CURSES=1, the prompt asking for Timesketch info pops up so seems like some UI issue:
wyassine@47c20a8a4c5e:~/dftimewolf$ dftimewolf gcp_turbinia_ts <project_name> <zone> --disk_names test-disk-20gb-1 --incident_id test123
[2023-07-19 21:22:00,680] [dftimewolf ] DEBUG Logging to stdout and /tmp/dftimewolf-run-20230719_212200_jdtfa630.log
[2023-07-19 21:22:00,680] [dftimewolf ] DEBUG Recipe data path: /home/wyassine/dftimewolf/data
[2023-07-19 21:22:00,680] [dftimewolf ] DEBUG Configuration loaded from: /home/wyassine/dftimewolf/data/config.json
[2023-07-19 21:22:00,705] [dftimewolf ] INFO Loading recipe gcp_turbinia_ts...
[2023-07-19 21:22:00,705] [dftimewolf.state ] DEBUG Loading module TurbiniaGCPProcessor from dftimewolf.lib.processors.turbinia_gcp
[2023-07-19 21:22:00,890] [dftimewolf.state ] DEBUG Loading module TimesketchExporter from dftimewolf.lib.exporters.timesketch
[2023-07-19 21:22:01,640] [dftimewolf.state ] DEBUG Loading module GCPTokenCheck from dftimewolf.lib.preflights.cloud_token
[2023-07-19 21:22:01,697] [dftimewolf ] INFO Running preflights...
[2023-07-19 21:22:03,891] [dftimewolf ] INFO Setting up modules...
[2023-07-19 21:22:03,892] [dftimewolf.state ] INFO Setting up module: TurbiniaGCPProcessor
[2023-07-19 21:22:03,894] [dftimewolf.state ] INFO Setting up module: TimesketchExporter
What is the value for <host_uri> (URL of the Timesketch server): [2023-07-19 21:22:03,893] [TurbiniaGCPProcessor] DEBUG TurbiniaGCPProcessor is storing a turbiniarequest container: test-disk-20gb-1
Also it's hard to tell it's asking for input at first because of the log line coming after the What is the value for <host_uri> (URL of the Timesketch server):. If possible, the other request would be to add a new line between the log line and the Timesketch prompt to make it more clear you have to enter something in.
Another great option would be if we can instead already provide the Timesketch config file for it to use. From my tests, using the config.json does not work. Also can file this as a separate issue if it'll require a whole other body of work.