Actions
Feature #7621
openReporting of post-hoc events detected by FTAS (and other)
Start date:
01/04/2023
Due date:
% Done:
0%
Estimated time:
To be discussed:
No
Description
The Flow Traffic Analysis System (FTAS) routinely reports incidents that were prevented by automated measures. The prevention mechanism is generally a blocking of specific flows. The affected users should therefore be notified of the blocking and the characteristics of the prevented traffic. IDEA events sent by FTAS do contain the required information and can be transformed into such reports. Automatic way is preferable to the current state - personal warnings by FTAS administrators.
These reports must be distinguished from the existing ones, as they differ in two aspects:
- The recipient is a target of an attack,
- The reports are mostly informative, no action is expected of the recipient.
Updated by Pavel Kácha 2 days ago
Poznámky ze schůzky 2024-07-23:
- Hlavičky v Idea _Mentat: vedle EventClass, EventSeverity, ResolvedAbuses použijeme TargetClass, TargetSeverity, TargetAbuses
- V rozhraní Source groups, Target groups (kde to dává smysl zbavujeme se 'abuse')
- Subclassy, Tresholding a relapse, filtry - bylo by vhodné zachovat, zvlášť pokud to povede k znovupoužití kódu
Actions