search

mitre-attack / tram

Threat Report ATT&CK™ Mapping (TRAM) is a tool to aid analyst in mapping finished reports to ATT&CK.
Apache License 2.0
346 stars 66 forks source link

Sentence Highlighting Improvements #16

Closed ForensicITGuy closed 3 years ago

ForensicITGuy commented 4 years ago

Please Describe The Problem To Be Solved

In its current form, the sentence highlighting doesn't help an analyst keep track of their current spot in the analyzed article. The only sentences highlighted are the ones flagged automatically by TRAM as having content for review. When one of the sentences is highlighted, the highlight doesn't change, making it difficult for an analyst to find the amount of text in the currently analyzed line. In addition, when reviewing non-highlighted lines it is difficult for new users to understand that they are adding techniques to a non-highlighted line as there is no interaction on the sentence side to indicate it is selected.

Proposed Change

The best solution would be one that highlights automatically identified sentences in one color (possibly yellow) and changes the background highlight of the sentence currently selected when clicked. Once techniques have been added for the sentence and the analyst clicks away from the selected sentence, the background highlight should change to a third color to indicate the text has been reviewed already. For the color scheme, consideration should be given to ease of use for color blindness. It may be necessary to add a small icon to the side of a sentence to indicate analysis has occurred for color blind users.

ghost commented 4 years ago

I think this is a fantastic idea! I will keep the issue open until we begin the development for the feature.

ghost commented 3 years ago

Please Describe The Problem To Be Solved

In its current form, the sentence highlighting doesn't help an analyst keep track of their current spot in the analyzed article. The only sentences highlighted are the ones flagged automatically by TRAM as having content for review. When one of the sentences is highlighted, the highlight doesn't change, making it difficult for an analyst to find the amount of text in the currently analyzed line. In addition, when reviewing non-highlighted lines it is difficult for new users to understand that they are adding techniques to a non-highlighted line as there is no interaction on the sentence side to indicate it is selected.

Proposed Change

The best solution would be one that highlights automatically identified sentences in one color (possibly yellow) and changes the background highlight of the sentence currently selected when clicked. Once techniques have been added for the sentence and the analyst clicks away from the selected sentence, the background highlight should change to a third color to indicate the text has been reviewed already. For the color scheme, consideration should be given to ease of use for color blindness. It may be necessary to add a small icon to the side of a sentence to indicate analysis has occurred for color blind users.

Hey @ForensicITGuy, does this mean I can actually click a non highlighted sentence and add a technique to the sentence I clicked or is this not even possible?

ForensicITGuy commented 3 years ago

Hi @timoliciouz if memory serves you should be able to click on a non-highlighted section and add a technique

MarkDavidson commented 3 years ago

Hello @ForensicITGuy and thank you for the feature request. TRAM has been moved to https://github.com/center-for-threat-informed-defense/tram and I believe the intent behind this feature request has been implemented in that repository so I am closing this issue. Thank you!