Feature #7678
closedBetter event view
100%
Description
Multiple fields from IDEA are not displayed in the event view. It would be great to add at least the most used ones, so users do not have to go to JSON view.
Mainly:
- attachments
- refs
- counts (ConnCount/FlowCount...)
- AggrWin in Nodes
Files
Related issues
Updated by Pavel Kácha about 1 year ago
- Related to Bug #7561: Inconsistent quotation in YAML representation of event added
Updated by Pavel Kácha about 1 year ago
Updated by Pavel Kácha about 1 year ago
Just note: cz.cesnet.ftas content type is fixed (from text/csv to text/plain)
Updated by Jakub Judiny about 1 year ago
- Status changed from In Progress to Resolved
Updated by Jakub Judiny about 1 year ago
- Related to Feature #7685: Implement hostname context search and additional data loading in event view added
Updated by Rajmund Hruška about 1 year ago
- Target version changed from Backlog to 2.12
In fc7bdcc9, why did you set self.csag = {} in lib/hawat/base.py, when it was already set to an empty dictionary a few lines before that?
Documentation for events blueprint is now (or will be, after merge) outdated - https://713.gitlab-pages.cesnet.cz/mentat/mentat/devel/html/_doclib/hawat_plugin_events.html#section-hawat-plugin-events. But it would be nice to update the documentation in general.
Other than that, LGTM.
Updated by Rajmund Hruška about 1 year ago
- Status changed from Resolved to Feedback
Updated by Jakub Judiny about 1 year ago
- Status changed from Feedback to Resolved
Rajmund Hruska wrote in #note-7:
In fc7bdcc9, why did you set
self.csag = {}inlib/hawat/base.py, when it was already set to an empty dictionary a few lines before that?Documentation for
eventsblueprint is now (or will be, after merge) outdated - https://713.gitlab-pages.cesnet.cz/mentat/mentat/devel/html/_doclib/hawat_plugin_events.html#section-hawat-plugin-events. But it would be nice to update the documentation in general.Other than that, LGTM.
self.csag = {} was not intentional, so I removed it. I also added some missing fields from FTAS events. I am planning to update the documentation, but it would be great to deploy this on alt before I update it, so we can test it more.
Updated by Jakub Judiny about 1 year ago
Also, while working on #7685, I merged branch 'judiny-bugfix-#7683-passivedns-hostname' into 'judiny-feature-#7678-better-event-view', so when you merge this branch into devel, you don't need to merge 'judiny-bugfix-#7683-passivedns-hostname' into devel anymore.
Updated by Rajmund Hruška about 1 year ago
- Status changed from Resolved to In Review
Updated by Rajmund Hruška about 1 year ago
In Czech, the Detectors section is translated as "Detektorů". It's the same in the current production version, but I have only noticed now and it makes sense to fix it in this issue.
Updated by Radko Krkoš about 1 year ago
As for providing potentially malicious code for download safely (discussed in VC), application/octet-stream is designed for this:
https://www.iana.org/assignments/media-types/application/octet-stream