Feature #316
More specific grouping of events in prewikka console
Start date:
Due date:
% Done:
0%
Resolution:
Description
Current prewikka console groups together the events that has same alert.source.{node-name, node-addr} and/or alert.target.{node-name, node-addr} defined. Buf if both fields don't exist (prewikka displays them as n/a) then all alerts are placed in the single table 'row'. This looks terrible if you have several hundreds sensors or even more.
So I suggest to group them by alert.analyzer.node-name using the node-name of analyzer closest to the source of alert (usually this one is the host where an alert happened).
History
#1 Updated by over 15 years ago
Updated: I mean "Sensor name" as grouping value.
#2 Updated by Yoann VANDOORSELAERE almost 15 years ago
- Project changed from PRELUDE SIEM to Prewikka
- Category deleted (
5) - Target version deleted (
80)
#3 Updated by Yoann VANDOORSELAERE almost 15 years ago
- Target version set to 0.9.15
#4 Updated by Yoann VANDOORSELAERE almost 15 years ago
- Target version deleted (
0.9.15)
#5 Updated by Jean-Charles ROGEZ over 10 years ago
- Target version set to 122
#6 Updated by Thomas ANDREJAK over 8 years ago
- Target version changed from 122 to Prelude OSS 3.0.0
#7 Updated by Thomas ANDREJAK almost 8 years ago
- Target version changed from Prelude OSS 3.0.0 to Prelude OSS 3.1.0
#8 Updated by Thomas ANDREJAK almost 8 years ago
- Status changed from New to Closed
- Assignee set to Thomas ANDREJAK
No activity