List view for Judgement Entities

threatgrid / ctia-ui

A web-based interface to a Cisco Threat Intel API instance

5 stars 2 forks source link

List view for Judgement Entities #2

Closed oakmac closed 7 years ago

oakmac commented 8 years ago

User needs to be able to see a table of all the Judgements in a CTIA instance.

What column headers should we have for Judgements?

oakmac commented 8 years ago

Column headers:

Observable
Disposition
Confidence
Severity

The rest can be in the "expanded view" row.

oakmac commented 8 years ago

Attached is the current state of the Judgements table:

judgements-table

oakmac commented 8 years ago

Disposition column should display the Disposition name, not the number.

craigbro commented 8 years ago

We should display the reason.

We also need an expanded view. That expanded view should show the remaining fields. It should also show any indicators associated with the Judgement, presenting the title/short_descirption of the indicator, and a link.

craigbro commented 8 years ago

The row needs to show the type of the observable as well.

craigbro commented 8 years ago

The search bar can be hooked up to the following URL:

http://tenzin-beta.amp.cisco.com/ctia/judgement/search?query=foo

The contents of the bar are put into the "query" parameter. Additional before/after params can specify date ranges, and offset/limit provider controls for pagination.

See response headers for X-Total-Hits other pagination data.

oakmac commented 8 years ago

Expanded row screenshot: judgements-table-expanded-row

pxninja commented 8 years ago

IMPORTANT • Observables • Disposition • Reason • Indicator • Valid Time • Severity • Confidence • Source

NOT IMPORTANT (meta data) • Everything else

pxninja commented 8 years ago

expanded-row-02

The top wireframe is a literal translation of my last comment. The bottom wire is a UX translation. Let's hop on a call to discuss if another iteration is needed, or we can move forward with one of the above.

craigbro commented 8 years ago

Like the bottom. Tempted to take source out of the top bar to make more room for indicator title.

craigbro commented 8 years ago

Also, Dean suggested we put the soruce of the indicator in their display in the expended view

pxninja commented 8 years ago

This is now committed to the UI Sandbox.

saintx commented 8 years ago

I drafted up a rough sketch of what I think the top level columns could be in these entity tables, and put it into the wiki:

https://github.com/threatgrid/wiki/wiki/IROH-Entity-Tables

If we use these columns in the top level entity tables, it would let a user crawl the whole object graph from sighting all the way to COAs without going into the expanded view.

I omitted the Incident entity, because the GUI for Incidents requires special attention, IMO. It's not just another node in the graph, in my opinion, but really the intersection of all of the other data with respect to the afflicted customer organization.