tg
commented
5 years ago Partially fixed in v1.7.0.
Added severity for now as "top threat" wouldn't be consistent if there is more than one threat with the same severity. Also while severity have a practical importance of allowing to filter high severity alerts easily, "top threat" doesn't really have one and could easily make people ignore the full context (i.e. stop paying attention to other threats attached). Happy to add it later if necessary though.
When users are fetching alerts in JSON format, it's non-trivial to get the idea what is the actual severity for the event, as the values for individual threats are buried into the dictionary. I think we should add fields like "top threat" and "max severity" to a top-level JSON, so users can easily filter on these.