Fix alerts in view 2 to include all detection types

cyberdyne-ventures / skynet-data

Data Layer For the Skynet Project, Including Sample Data

Other

5 stars 0 forks source link

Fix alerts in view 2 to include all detection types #15

Closed rewanthtammana closed 3 months ago

rewanthtammana commented 3 months ago

In the current repository, the alerts with no source or destination ip aren't being recorded in the view 2.

POC

Total alerts in the data folder

jq -s 'map(length) | add' data/*.json

Total alerts ingested in neo4j

randomuserid commented 3 months ago

This is what view1 looks like when running on this data layer - entity names repeat all over the screen, the view is broken and unusable EV-AUGUST2

rewanthtammana commented 3 months ago

The entity names are repeated across as the SEVERITY_CLUSTER nodes have various set of information including entity_type, entity, severity, source_ip, dest_ip, etc. that makes them unique. Each set of repetitive entry has a different value of source_ip and dest_ip.

Since now we have a new query for UI based on this data layer, I believe this is good to go.

randomuserid commented 3 months ago

tests as good on the cloud instance

randomuserid commented 3 months ago

tests as good