Project

General

Profile

Bug #49

Do not rely on ident to get the latest alert/heartbeat

Added by Yoann VANDOORSELAERE almost 15 years ago. Updated over 10 years ago.

Status:
Closed
Priority:
Normal
Assignee:
-
Target version:
-
Start date:
Due date:
% Done:

0%

Resolution:
fixed

Description

Currently, Prewikka consider the heartbeat in database with the highest ident to be the last heartbeat that has been added to the database. This is wrong since the ident allocation scheme drasticaly changed, and even through ident are unique, it shouldn't be assumed that there number is increasing incrementaly. Moreover this specificity is not described by the IDMEF standard and would result in incorrect behavior with other IDMEF database implementation.

In order to get the latest heartbeat in database, Prewikka should rely on the create_time field contained within the heartbeat.

History

#1 Updated by almost 15 years ago

  • Status changed from New to Closed
  • Resolution set to fixed

#2 Updated by Yoann VANDOORSELAERE over 10 years ago

  • Project changed from PRELUDE SIEM to Prewikka
  • Category deleted (5)

Also available in: Atom PDF