Task #4114

Report content design and adjustments

Added by Jan Mach 11 months ago. Updated 7 months ago.

Status:ClosedStart date:05/31/2018
Priority:NormalDue date:
Assignee:Pavel Kácha% Done:

100%

Category:Design
Target version:2.1

Description

Following tasks could be done to improve currently used report templates and reporting altogether:

  • Abridge report text and move some of the text to informational web page
  • Improve event classifications in classifying inspection module
  • Improve report section labels for event classess

Related issues

Related to Mentat - Task #4236: Reorganize content on https://mentat.cesnet.cz and https:... Closed 07/27/2018 09/30/2018
Related to Mentat - Feature #4232: Do not attach too big data attachments to reports Closed 07/27/2018

Associated revisions

Revision ddcd3362
Added by Jan Mach 7 months ago

Abbreviated the contents of generated reports.

Some of the original content was moved to a web page of Mentat system as a service operated by CESNET. Some of the content was abbreviated without any replacement. (Redmine issue: #4114)

Revision 3bd24bcb
Added by Jan Mach 7 months ago

Changed URL to Mentat system homepage in reports to pages describing Mentat as a service.

(Redmine issue: #4114)

History

#1 Updated by Pavel Kácha 9 months ago

Jan Mach wrote:

  • Improve event classifications in classifying inspection module
  • Improve report section labels for event classess

I consider aforementioned two done.

#2 Updated by Pavel Kácha 9 months ago

Webpage https://mentat.cesnet.cz/cs/reporting should move and get incorporated to the (probably top) of the page https://csirt.cesnet.cz/cs/services/mentat (which also needs shortening and overhaul).

#3 Updated by Pavel Kácha 9 months ago

Attempt of czech version abbreviation. Tried to shorten the text and omit duplicate information, but leave most of the info in. The note about technical problems email () may go to the webpage, also warning about Shadowserver’ish services possible delays.

Vážení kolegové,

    naše detekční systémy zaznamenaly 3 událost(i) související s hostitelem
147.229.29.84, který patří do Vašeho rozsahu IP adres nebo domény s kontaktní
adresou abuse@vutbr.cz.

    Report obsahuje události s NÍZKOU závažností. Zvažte prosím kontrolu
dotčených systémů a případnou nápravu zjištěných problémů.

    Časové okno: 25. 7. 2018 9:00:00 - 26. 7. 2018 9:00:00 Europe/Prague (+02:00)

[1] Stroj se pokoušel o nějakou formu aktivního skenování.

    Zdroj                           Výskyt první události      Výskyt poslední události     Počet  Protokol
    ──────────────────────────────────────────────────────────────────────────────────────────────────────────────
    147.229.29.84                   25. 7. 2018 11:00:11       25. 7. 2018 16:59:21             3  tcp
    ──────────────────────────────────────────────────────────────────────────────────────────────────────────────

    Další informace: https://csirt.cesnet.cz/cs/services/eventclass/recon-scanning

    Report pro tuto IP je dostupný také na adrese:
        https://mentat-hub.cesnet.cz/mentat/reports/RQDbHcRAQ364MlIlBgKz/unauth

    Souhrnný report je dostupný na adrese:
        https://mentat-hub.cesnet.cz/mentat/reports/DV8Yb49253pcG33Bnjos/unauth

    Kompletní dostupné informace k jednotlivým událostem lze nalézt v přiložených
strojově zpracovatelných souborech (doporučujeme JSON, kde jsou data úplná).

    Zpráva byla vygenerována automatizovaným systémem. Pro komunikaci o událostech
proto prosím použijte kontaktní emailovou adresu <certs@cesnet.cz> a pro snazší
orientaci ponechte v předmětu zprávy identifikátor [M20180726EL-R0XPI].

Za spolupráci Vám předem děkuje
    Bezpečnostní tým CESNET-CERTS <certs@cesnet.cz>

If summary:

    Report je dostupný také na adrese:
        https://mentat-hub.cesnet.cz/mentat/reports/RQDbHcRAQ364MlIlBgKz/unauth

If attachments disabled:

    Kompletní dostupné informace k jednotlivým událostem lze nalézt ve strojově
zpracovatelných souborech webové verze reportu (doporučujeme JSON, kde jsou data úplná).
V nastavení reportování pro Vaši kontaktní adresu je vypnuto zasílání mailových příloh.

I presume the date of generation is in the Date of the email.

#4 Updated by Jan Mach 9 months ago

  • Target version changed from 2.0 to Future

#5 Updated by Pavel Kácha 9 months ago

  • Assignee changed from Pavel Kácha to Jan Mach

Attempt at english version abbreviation.

Dear colleagues.

Our detection systems registered following possible problems related to host
XXX.XXX.XXX.XXX, belonging into your IP address range or domain with contact
address YYY@YYY.YY.

This report contains events with LOW severity. Please consider reviewing the
host systems and fix any possible issues.

Time window: XXXXXXXXXXXXXX - YYYYYYYYYYY UTC (+00:00)

    Source                          First event time           Last event time              Count  Protocol
    ──────────────────────────────────────────────────────────────────────────────────────────────────────────────
    147.229.29.84                   25. 7. 2018 11:00:11       25. 7. 2018 16:59:21             3  tcp
    ──────────────────────────────────────────────────────────────────────────────────────────────────────────────

Report for this IP is also available at:
    https://mentat-hub.cesnet.cz/mentat/reports/RQDbHcRAQ364MlIlBgKz/unauth

Summary report is available at:
    https://mentat-hub.cesnet.cz/mentat/reports/DV8Yb49253pcG33Bnjos/unauth

Complete information available for each event can be found in the attached
machine-processable files (we recommend JSON, which bears full data).

The message has been generated by an automated system. For further communication
regarding events please use the contact email address certs@cesnet.cz and keep the
identifier [M20180726EL-R0XPI] in the email subject for easier orientation.

Thank you in advance for you cooperation
    CESNET-CERTS Computer Security Team <certs@cesnet.cz>

If summary:

Report is also available at:
    https://mentat-hub.cesnet.cz/mentat/reports/DV8Yb49253pcG33Bnjos/unauth

If attachments disabled:

Complete information available for each event can be found in the machine-processable
files of the web version of the report (we recommend JSON, which bears full data).
Appending attachments is disabled in the reporting settings for your contact address.

#6 Updated by Pavel Kácha 9 months ago

  • Related to Task #4236: Reorganize content on https://mentat.cesnet.cz and https://csirt.cesnet.cz/cs/services/mentat web pages added

#7 Updated by Jan Mach 9 months ago

  • Target version changed from Future to 2.1

#8 Updated by Jan Mach 7 months ago

  • Status changed from New to In Progress
  • % Done changed from 0 to 70

#9 Updated by Jan Mach 7 months ago

  • Related to Feature #4232: Do not attach too big data attachments to reports added

#10 Updated by Jan Mach 7 months ago

  • Status changed from In Progress to Resolved
  • Assignee changed from Jan Mach to Pavel Kácha
  • % Done changed from 70 to 100

I now consider this issue to be resolved. In my opinion further abbreviations of the report content will not make the report more useful and readable.

#11 Updated by Pavel Kácha 7 months ago

  • Status changed from Resolved to Closed

Also available in: Atom PDF