search aux msg

Author: doomedraven

.gemini/settings.json

@@ -5,4 +5,4 @@
       "type": "sse"
     }
   }
-}
+}

web/templates/analysis/search.html

@@ -23,7 +23,8 @@ <h5 class="mb-0 text-white"><i class="fas fa-info-circle me-2"></i> Search Help<
                 </div>
                 <div class="card-body">
                     <p class="text-white-50">ElasticSearch queries do not use a prefix. e.g., <code>*windows.*</code> matches 'time.windows.com'.</p>
-                    <p class="text-white-50">For MD5, SHA1, SHA256, etc., no prefix is needed (matches any file generated by analysis).</p>
+                    <p class="text-white-50">For MD5, SHA1, SHA256, etc., no prefix is needed (matches <b>any</b> file generated by analysis, including dropped/extracted files).</p>
+                    <p class="text-white-50">To search for the <b>initial submitted file</b> specifically, use <code>target_sha256:</code> prefix.</p>
                     <p class="text-white-50">By default, searches are exact matches. Use regex characters (e.g., <code>^ $ | ? * + ( ) [ ] { }</code>) to force a regex search.</p>
                     <div class="table-responsive">
                         <table class="table table-striped table-dark table-hover table-sm">
@@ -117,6 +118,9 @@ <h5 class="mb-0 text-white"><i class="fas fa-info-circle me-2"></i> Search Help<
 <div class="row mb-3">
     <div class="col-12 text-white-50 text-center">
         <h3>Results for term: <span class="text-danger font-weight-bold">{{term}}</span></h3>
+        {% if term_only in 'md5,sha1,sha256' %}
+            <p class="text-muted mt-1">Note: Hash searches match all generated files inside analysis. Use <code>target_sha256:</code> for initial file matches.</p>
+        {% endif %}
         {% if settings.ZIPPED_DOWNLOAD_ALL and term_only in 'capetype,capeyara' %}
             <a href="{% url 'file' term_only|add:'zipall' '1' value_only %}" class="btn btn-sm btn-outline-warning mt-2" data-bs-toggle="tooltip" title="Download password-protected archive with all matching files."><i class="fas fa-file-archive me-1"></i> Download All Matches</a>
         {% endif %}