Project

General

Profile

Actions
Copy link

Feature #7621

open

Reporting of post-hoc events detected by FTAS (and other)

Added by Radko Krkoš over 1 year ago. Updated 2 days ago.

Status:
In Progress
Priority:
High
Assignee:
Jakub Judiny
Category:
Design
Target version:
Backlog
Start date:
01/04/2023
Due date:
% Done:

0%

Estimated time:
To be discussed:
No

Description

The Flow Traffic Analysis System (FTAS) routinely reports incidents that were prevented by automated measures. The prevention mechanism is generally a blocking of specific flows. The affected users should therefore be notified of the blocking and the characteristics of the prevented traffic. IDEA events sent by FTAS do contain the required information and can be transformed into such reports. Automatic way is preferable to the current state - personal warnings by FTAS administrators.
These reports must be distinguished from the existing ones, as they differ in two aspects:
- The recipient is a target of an attack,
- The reports are mostly informative, no action is expected of the recipient.

Actions
Copy link
 #1

Updated by Pavel Kácha 3 months ago

  • Priority changed from Normal to High
Actions
Copy link
 #2

Updated by Jakub Judiny 10 days ago

  • Assignee set to Jakub Judiny
Actions
Copy link
 #3

Updated by Jakub Judiny 2 days ago

  • Status changed from New to In Progress
Actions
Copy link
 #4

Updated by Pavel Kácha 2 days ago

Poznámky ze schůzky 2024-07-23:

  • Hlavičky v Idea _Mentat: vedle EventClass, EventSeverity, ResolvedAbuses použijeme TargetClass, TargetSeverity, TargetAbuses
  • V rozhraní Source groups, Target groups (kde to dává smysl zbavujeme se 'abuse')
  • Subclassy, Tresholding a relapse, filtry - bylo by vhodné zachovat, zvlášť pokud to povede k znovupoužití kódu
Actions
Copy link

Also available in: Atom PDF