Project

General

Profile

Actions

Feature #7621

open

Reporting of post-hoc events detected by FTAS (and other)

Added by Radko Krkoš almost 2 years ago. Updated about 1 month ago.

Status:
In Review
Priority:
High
Assignee:
Category:
Development - Core
Target version:
Start date:
01/04/2023
Due date:
% Done:

0%

Estimated time:
To be discussed:
No

Description

The Flow Traffic Analysis System (FTAS) routinely reports incidents that were prevented by automated measures. The prevention mechanism is generally a blocking of specific flows. The affected users should therefore be notified of the blocking and the characteristics of the prevented traffic. IDEA events sent by FTAS do contain the required information and can be transformed into such reports. Automatic way is preferable to the current state - personal warnings by FTAS administrators.
These reports must be distinguished from the existing ones, as they differ in two aspects:
- The recipient is a target of an attack,
- The reports are mostly informative, no action is expected of the recipient.


Related issues

Related to Mentat - Bug #7796: Mentat-reporter doesn't list all created labels in logIn ReviewJakub Judiny10/15/2024

Actions
Actions

Also available in: Atom PDF