Config #7567
closedUpdate reporter templates to support different wording for severity
100%
Description
CESNET-CERTS decided to better align human and Mentat reports. Till today, Mentat reports are taken as "info" despite severity indicated in subject (Low, Medium, ...). It was decided to start with reports, containing Vunerable.* (or class vulnerable-...), and then proceed with event class severity review.
There are two possible paths:
- update template texting conditionally just for Vulnerables
- review severities
- finally after time switch to conditional texting based on real severities (not just Vulnerables) (to not overload CESNET-CERTS with answers or escallations)
or
- update severities to Low even for (now) Medium/High/Crit in Inspector
- make template texting change conditionally for various severities
- review severities
- finaly after time or gradually bump up severities in Inspector back (to not overload CESNET-CERTS with answers or escallations)
When overviewing templates after the todays Mentat meeting, I found out that templates are already structured for different low/medium/high/critical wording, and incorporating wording specifically for Vulnerables might be overkill (and unnecessary complication). So I propose to go or B - update just wording (to indicate expected reaction), and push down severities in Inspector except for vulnerable-*. Inspector changes are just configuration and presumably temporary, so we can do them on installed instances and not in the repo, however templates need proper gettext/Babel update, so repo change is more appropriate.
Proposed wording (no change for Low):
msgid "" "This report contains events with MEDIUM severity. Please review the host " "systems mentioned in this report, fix the issues and inform us of the outcome." msgstr "" "Tento report obsahuje událostí se STŘEDNÍ závažností. Prosím prohledejte " "dotčené systémy, napravte zjištěné problémy a informujte nás o výsledku." msgid "" "This report contains events with HIGH severity. Please take action " "immediatelly and inform us of the outcome." msgstr "" "Tento report obsahuje události s VYSOKOU závažností. Prosím podnikněte " "okamžitě nápravné kroky a informujte nás o výsledku." msgid "" "This report contains events with CRITICAL severity. Please take action " "immediatelly and inform us of the outcome." msgstr "" "Tento report obsahuje události s KRITICKOU závažností. Prosím podnikněte " "okamžitě nápravné kroky a informujte nás o výsledku."
Updated by Rajmund Hruška about 2 years ago
- Status changed from New to Resolved
- % Done changed from 0 to 100
Updated by Rajmund Hruška about 2 years ago
- Status changed from Resolved to In Review
Merged into devel.
Updated by Pavel Kácha about 2 years ago
- Status changed from In Review to Closed