Filter query results based on rule-name

[ITAYC0HEN]

Description
I think it is a good idea to let the user interact a little bit more with the results page. This including secondary filtering.

For example, a query can contain multiple rules, and each sample that showed in the matches table has a label(s) with the name(s) of the matched rule(s).

This can be shown in the following image.

I'd like to a more dynamic approach for the matches table, in which the user can click on a label (rule name) and the table will be filtered based on the selected rule.

Not surprisingly, this is implemented in mwdb in a very nice way. The user can click on a tag and it will immediately filter.

[msm-code]

Yeah, matches view should be totally reworked. We have so many issues about it that it may deserve a meta issue on its own 🤔 . Not suprisingly, since it's probably the most important view in the app.

We should also allow filtering based on strings after implementing #38.

[ITAYC0HEN]

Absolutely. I agree. I think it should be carefully planned, even discussing with a UX personnel or at least an experienced front-end dev.

Keep this in mind:

• How should mquery used in your opinion
  • Should it used mostly via API or from the website
  • Should it be used for hunting? For testing?
  • How familiar is the user with the dataset?
• The table can be expanded with more metadata about the samples
  • Hash(es), mime type, size, VT detection rate, MWDB link
  • Is it the desired outcome at all? Or do you want it to only be limited to hash+matched rule(s)
• How useful is the query textarea after a query is executed? should it be collapsed maybe, to free more screen space? Can be un-collapsed upon demand
• Should you even invest time in MQuery's front end? Maybe it can be narrowed to a simple one, as it is now, and let MWDB integration provide the rich tables, the filtering, the metadata (hashes, mime types, size, more labels)