MarkDavidson
commented
2 years ago Hello @jecarr and thank you for the bug report. TRAM has moved to https://github.com/center-for-threat-informed-defense/tram and this issue is no longer present in that repository so I am closing this issue. Thank you!
Please Describe The Problem To Be Solved
True/false positives and false negatives are tied to their own button presses: 'Accept' a technique = true positive; 'Reject' = false positive. Incorrectly, a missing technique is added as a true positive (if a ML model has missed this as a technique, I'd argue this is falsely flagged as a negative unless I'm missing something in your design).
Currently, I can alternate how many times I press the Accept, Reject and Add Missing Technique buttons. I can reject an attack and re-introduce it later. This will cause what I intend to be true/false positives/negatives incorrectly duplicated across the tables of the db.
Proposed Change
Either remove Accept, Reject and Add Missing Technique functionality for confirmed techniques (but don't be so restrictive where a user can't make a mistake, i.e. have an x button or something next to confirmed techniques).
Or here's an approach I came up with: arachne-threat-intel#4. Granted, there are large changes with the db here but it works: it checks the db for history on a sentence-hit to determine which one of a true/false positive/negative it is.
I did realise near the end of my PR that you have a branch false-positives-fix (at time of writing, unmerged and last updated last year). I haven't checked fully how that branch handles this nor tested it so I understand if there is overlap in approaches.