Project

General

Profile

Actions

Task #4114

closed

Report content design and adjustments

Added by Jan Mach over 4 years ago. Updated about 4 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Category:
Design
Target version:
Start date:
05/31/2018
Due date:
% Done:

100%

Estimated time:
To be discussed:

Description

Following tasks could be done to improve currently used report templates and reporting altogether:

  • Abridge report text and move some of the text to informational web page
  • Improve event classifications in classifying inspection module
  • Improve report section labels for event classess

Related issues

Related to Mentat - Task #4236: Reorganize content on https://mentat.cesnet.cz and https://csirt.cesnet.cz/cs/services/mentat web pagesClosedPavel Kácha07/27/201809/30/2018

Actions
Related to Mentat - Feature #4232: Do not attach too big data attachments to reportsClosedJan Mach07/27/2018

Actions
Actions #1

Updated by Pavel Kácha about 4 years ago

Jan Mach wrote:

  • Improve event classifications in classifying inspection module
  • Improve report section labels for event classess

I consider aforementioned two done.

Actions #2

Updated by Pavel Kácha about 4 years ago

Webpage https://mentat.cesnet.cz/cs/reporting should move and get incorporated to the (probably top) of the page https://csirt.cesnet.cz/cs/services/mentat (which also needs shortening and overhaul).

Actions #3

Updated by Pavel Kácha about 4 years ago

Attempt of czech version abbreviation. Tried to shorten the text and omit duplicate information, but leave most of the info in. The note about technical problems email () may go to the webpage, also warning about Shadowserver'ish services possible delays.

Vážení kolegové,

    naše detekční systémy zaznamenaly 3 událost(i) související s hostitelem
147.229.29.84, který patří do Vašeho rozsahu IP adres nebo domény s kontaktní
adresou abuse@vutbr.cz.

    Report obsahuje události s NÍZKOU závažností. Zvažte prosím kontrolu
dotčených systémů a případnou nápravu zjištěných problémů.

    Časové okno: 25. 7. 2018 9:00:00 - 26. 7. 2018 9:00:00 Europe/Prague (+02:00)

[1] Stroj se pokoušel o nějakou formu aktivního skenování.

    Zdroj                           Výskyt první události      Výskyt poslední události     Počet  Protokol
    ──────────────────────────────────────────────────────────────────────────────────────────────────────────────
    147.229.29.84                   25. 7. 2018 11:00:11       25. 7. 2018 16:59:21             3  tcp
    ──────────────────────────────────────────────────────────────────────────────────────────────────────────────

    Další informace: https://csirt.cesnet.cz/cs/services/eventclass/recon-scanning

    Report pro tuto IP je dostupný také na adrese:
        https://mentat-hub.cesnet.cz/mentat/reports/RQDbHcRAQ364MlIlBgKz/unauth

    Souhrnný report je dostupný na adrese:
        https://mentat-hub.cesnet.cz/mentat/reports/DV8Yb49253pcG33Bnjos/unauth

    Kompletní dostupné informace k jednotlivým událostem lze nalézt v přiložených
strojově zpracovatelných souborech (doporučujeme JSON, kde jsou data úplná).

    Zpráva byla vygenerována automatizovaným systémem. Pro komunikaci o událostech
proto prosím použijte kontaktní emailovou adresu <certs@cesnet.cz> a pro snazší
orientaci ponechte v předmětu zprávy identifikátor [M20180726EL-R0XPI].

Za spolupráci Vám předem děkuje
    Bezpečnostní tým CESNET-CERTS <certs@cesnet.cz>

If summary:

    Report je dostupný také na adrese:
        https://mentat-hub.cesnet.cz/mentat/reports/RQDbHcRAQ364MlIlBgKz/unauth

If attachments disabled:

    Kompletní dostupné informace k jednotlivým událostem lze nalézt ve strojově
zpracovatelných souborech webové verze reportu (doporučujeme JSON, kde jsou data úplná).
V nastavení reportování pro Vaši kontaktní adresu je vypnuto zasílání mailových příloh.

I presume the date of generation is in the Date of the email.

Actions #4

Updated by Jan Mach about 4 years ago

  • Target version changed from 2.0 to Backlog
Actions #5

Updated by Pavel Kácha about 4 years ago

  • Assignee changed from Pavel Kácha to Jan Mach

Attempt at english version abbreviation.

Dear colleagues.

Our detection systems registered following possible problems related to host
XXX.XXX.XXX.XXX, belonging into your IP address range or domain with contact
address YYY@YYY.YY.

This report contains events with LOW severity. Please consider reviewing the
host systems and fix any possible issues.

Time window: XXXXXXXXXXXXXX - YYYYYYYYYYY UTC (+00:00)

    Source                          First event time           Last event time              Count  Protocol
    ──────────────────────────────────────────────────────────────────────────────────────────────────────────────
    147.229.29.84                   25. 7. 2018 11:00:11       25. 7. 2018 16:59:21             3  tcp
    ──────────────────────────────────────────────────────────────────────────────────────────────────────────────

Report for this IP is also available at:
    https://mentat-hub.cesnet.cz/mentat/reports/RQDbHcRAQ364MlIlBgKz/unauth

Summary report is available at:
    https://mentat-hub.cesnet.cz/mentat/reports/DV8Yb49253pcG33Bnjos/unauth

Complete information available for each event can be found in the attached
machine-processable files (we recommend JSON, which bears full data).

The message has been generated by an automated system. For further communication
regarding events please use the contact email address certs@cesnet.cz and keep the
identifier [M20180726EL-R0XPI] in the email subject for easier orientation.

Thank you in advance for you cooperation
    CESNET-CERTS Computer Security Team <certs@cesnet.cz>

If summary:

Report is also available at:
    https://mentat-hub.cesnet.cz/mentat/reports/DV8Yb49253pcG33Bnjos/unauth

If attachments disabled:

Complete information available for each event can be found in the machine-processable
files of the web version of the report (we recommend JSON, which bears full data).
Appending attachments is disabled in the reporting settings for your contact address.
Actions #6

Updated by Pavel Kácha about 4 years ago

  • Related to Task #4236: Reorganize content on https://mentat.cesnet.cz and https://csirt.cesnet.cz/cs/services/mentat web pages added
Actions #7

Updated by Jan Mach about 4 years ago

  • Target version changed from Backlog to 2.1
Actions #8

Updated by Jan Mach about 4 years ago

  • Status changed from New to In Progress
  • % Done changed from 0 to 70
Actions #9

Updated by Jan Mach about 4 years ago

  • Related to Feature #4232: Do not attach too big data attachments to reports added
Actions #10

Updated by Jan Mach about 4 years ago

  • Status changed from In Progress to Resolved
  • Assignee changed from Jan Mach to Pavel Kácha
  • % Done changed from 70 to 100

I now consider this issue to be resolved. In my opinion further abbreviations of the report content will not make the report more useful and readable.

Actions #11

Updated by Pavel Kácha about 4 years ago

  • Status changed from Resolved to Closed
Actions

Also available in: Atom PDF