Actions
Feature #5752
closedReporting based on event class knowledge
Start date:
08/29/2019
Due date:
% Done:
0%
Estimated time:
To be discussed:
No
Description
Leverage class knowledge for specific class parts in reports. Will need to add template mechanism and suitable templates for separate class parts in reports. Will need to consider txt/html versions and translations. May be opportune to implement at least basic #5751 first.
Reasoning: we have events sorted into more detailed "classes", see CESNET-CERTS web. However, report templates are formatted the same way for all the events, so important information (for example phishing URL) stays hidden in the Idea data.
Related issues
Updated by Pavel Kácha over 5 years ago
- Related to Feature #5751: Consolidate event class configuration added
Updated by Pavel Kácha about 5 years ago
Notes from talks and meetings:
- shorten dates (timezone, year) for narrower columns
- add number of unique detectors, possibly into event count column like DetCnt/EvtCnt
- fold ConnCount and FlowCount into approximate connection count column, where crude guess of missing ConnCount = FlowCount/2
- Add ACCcount and PacketCount into anomaly-traffic.
- Unify all Proto columns into case_insensitive_uniq(Source.*.Proto + Target.*.Proto).
- Domain and dns are the same protocol (in fact, dns is an error of some detectors and should be coerced to domain), so Proto in vulnerable-config-domain can be removed (as in other vunerables).
- Consider multiple rows of header in text version. (Possible problem with linebreaking in Jinja and/or translation, so just for consideration.)
Updated by Pavel Kácha almost 5 years ago
- Status changed from New to Closed
In fact all done within #5751, closing.
Updated by Jan Mach almost 5 years ago
- Target version changed from Backlog to 2.6
Actions