ffalor
commented
1 year ago Would this change the current behavior to forward fewer events? Or does the current code also do this, but at a later time (after we receive the events but before forwarding)
Closed carlosmmatos closed 1 year ago
ffalor
commented
1 year ago Would this change the current behavior to forward fewer events? Or does the current code also do this, but at a later time (after we receive the events but before forwarding)
carlosmmatos
commented
1 year ago @ffalor Correct, the current code will process/eval every event coming through the streaming API and in the parse() does a check to make sure it's of type DetectionSummaryEvent.. btw I will update the code to remove this check as it should no longer be needed and will just be additional overhead.
The new code basically says, when you start the stream with the url - I only want to see DetectionSummaryEvent coming through the stream. So the parse() will only ever get that.
ffalor
commented
1 year ago Sounds good, just wanted to make sure the functionality doesn't change for current users.
This pull request introduces a small but important change in the
Streamclass of thestream.pymodule in theSecurity-Hubproject. The change consists of adding an event type filter to thedata_feedstring which helps to reduce noise in the stream.The specific event type that the filter targets is
DetectionSummaryEvent. This will ensure that only events of this type are included in thedata_feed, eliminating irrelevant events and therefore improving the efficiency and relevancy of our data stream processing.Please review and provide any feedback. Thank you.