Use Priority instead of Severity

airbus-cyber / graylog-plugin-alert-wizard

Alert Wizard plugin for Graylog to manage the alert rules

Other

45 stars 7 forks source link

Use Priority instead of Severity #100

Open frantz45 opened 1 year ago

frantz45 commented 1 year ago

When we created Logging Alert plugin we created the field Severity because there was no equivalent in Graylog. But now there is the Priority field. Priority has only 3 levels, and Severity 4, but it may be enough.

c8y3 commented 6 months ago

This is a breaking change. It seems to me that it implies a migration step (exporting/importing all rules). The mapping from current severity levels to priorities needs to be defined in order to have the import accept ancient rules.

VincentD06 commented 2 weeks ago

The mapping for this feature is :

Severity	Priority
INFO	LOW
FAIBLE	LOW
MOYENNE	NORMAL
HAUTE	HIGH