UI tips and tricks - stamparm/maltrail GitHub Wiki

1. Auto-refresh for Maltrail web-page

Users can define auto-refresh period for Maltrail web-page by adding /?refresh=N in the address line of the browser, where N in seconds. By default, no auto-refresh is given.

For example, /?refresh=30 is given and Maltrail web-page will be automatically refreshed every 30 seconds:

2. Table page change with keyboard

By pressing left or right keys on the keyboard, users can easily switch from one table page to another, without a need to use the mouse.

3. Tags

Summary: Tags mechanism allows users to define specific notes for trails to build personal filters on various threats.

3.1. Creation

Note: When creating a tag or set of tags, use alphanumeric characters.

  • To create a new tag or set of tags, do:
  1. In Maltrail GUI move the mouse to tags column.
  2. Press left-mouse button inside a desired cell.
  3. Write the text you need.
  4. Finish tag creation by pressing Enter or by clicking somewhere else on the page.
  • To create a set of tags, repeat 1)-4) by a number of tags you need for the current trail:

3.2. Deletion

To delete a target tag, move the mouse on it and press middle-mouse button/mouse-wheel.

3.3. Modification

Tags can only be deleted or created.

3.4. Filtering

User can filter Maltrail detection list with one or several tags by clicking on the respective tag in series:

In this example, has clicked in series tag1, tag2, and tag_3 respectively to build a relevant filter for Maltrail detection list.

4. Report false positive detection

To report false positive detection to developers one can do in several ways:

  1. By creating an Issue with a brief description of why Maltrail detection incorrect is.
  2. By creating a Pull request with patch and a brief description why Maltrail detection incorrect is.
  3. By right-mouse click inside the GUI on a respective line and choosing Report false positive option. Details will be sent to Maltrail developers for additional analysis.

5. Hide specific threat

In case, if you want to hide a threat from the detection list, do right-mouse click on a respective line and choose Hide threat option.

To revert hidings, one should do Tools -> Flush local storage: