The method score_by_packet_attr hasn't been implemented yet and needs to be completed.
The score, based on the triage policy, should be evaluated using three criteria:
whether the confidence is higher than a certain minimum specified in the TriagePolicy
whether the values of each event's attributes fall within the ranges designated in the TriagePolicy
whether certain attribute values of each event match entries in some TI databases
The first criterion is already implemented in the code, while the last one requires further consideration for its design. This issue concerns the second criterion.
The method
score_by_packet_attrhasn't been implemented yet and needs to be completed.The score, based on the triage policy, should be evaluated using three criteria:
TriagePolicyTriagePolicyThe first criterion is already implemented in the code, while the last one requires further consideration for its design. This issue concerns the second criterion.