Project

General

Profile

Feature #316

More specific grouping of events in prewikka console

Added by almost 11 years ago. Updated about 3 years ago.

Status:
Closed
Priority:
Normal
Start date:
Due date:
% Done:

0%

Resolution:

Description

Current prewikka console groups together the events that has same alert.source.{node-name, node-addr} and/or alert.target.{node-name, node-addr} defined. Buf if both fields don't exist (prewikka displays them as n/a) then all alerts are placed in the single table 'row'. This looks terrible if you have several hundreds sensors or even more.

So I suggest to group them by alert.analyzer.node-name using the node-name of analyzer closest to the source of alert (usually this one is the host where an alert happened).

History

#1 Updated by almost 11 years ago

Updated: I mean "Sensor name" as grouping value.

#2 Updated by Yoann VANDOORSELAERE over 10 years ago

  • Project changed from PRELUDE SIEM to Prewikka
  • Category deleted (5)
  • Target version deleted (80)

#3 Updated by Yoann VANDOORSELAERE over 10 years ago

  • Target version set to 0.9.15

#4 Updated by Yoann VANDOORSELAERE about 10 years ago

  • Target version deleted (0.9.15)

#5 Updated by Jean-Charles ROGEZ almost 6 years ago

  • Target version set to 122

#6 Updated by Thomas ANDREJAK almost 4 years ago

  • Target version changed from 122 to Prelude OSS 3.0.0

#7 Updated by Thomas ANDREJAK over 3 years ago

  • Target version changed from Prelude OSS 3.0.0 to Prelude OSS 3.1.0

#8 Updated by Thomas ANDREJAK about 3 years ago

  • Status changed from New to Closed
  • Assignee set to Thomas ANDREJAK

No activity

Also available in: Atom PDF