Closed carlosmmatos closed 1 year ago
Would this change the current behavior to forward fewer events? Or does the current code also do this, but at a later time (after we receive the events but before forwarding)
@ffalor Correct, the current code will process/eval every event coming through the streaming API and in the parse() does a check to make sure it's of type DetectionSummaryEvent
.. btw I will update the code to remove this check as it should no longer be needed and will just be additional overhead.
The new code basically says, when you start the stream with the url - I only want to see DetectionSummaryEvent
coming through the stream. So the parse() will only ever get that.
Sounds good, just wanted to make sure the functionality doesn't change for current users.
This pull request introduces a small but important change in the
Stream
class of thestream.py
module in theSecurity-Hub
project. The change consists of adding an event type filter to thedata_feed
string which helps to reduce noise in the stream.The specific event type that the filter targets is
DetectionSummaryEvent
. This will ensure that only events of this type are included in thedata_feed
, eliminating irrelevant events and therefore improving the efficiency and relevancy of our data stream processing.Please review and provide any feedback. Thank you.