Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Implement score_by_packet_attr to calculate triage scores properly #354

Open
sehkone opened this issue Sep 27, 2024 · 0 comments · May be fixed by #353
Open

Implement score_by_packet_attr to calculate triage scores properly #354

sehkone opened this issue Sep 27, 2024 · 0 comments · May be fixed by #353

Comments

@sehkone
Copy link
Contributor

sehkone commented Sep 27, 2024

The method score_by_packet_attr hasn't been implemented yet and needs to be completed.

The score, based on the triage policy, should be evaluated using three criteria:

  • whether the confidence is higher than a certain minimum specified in the TriagePolicy
  • whether the values of each event's attributes fall within the ranges designated in the TriagePolicy
  • whether certain attribute values of each event match entries in some TI databases

The first criterion is already implemented in the code, while the last one requires further consideration for its design. This issue concerns the second criterion.
@sehkone sehkone linked a pull request Sep 27, 2024 that will close this issue
Open
kimhanbeom added a commit to kimhanbeom/review-database that referenced this issue Oct 30, 2024
@kimhanbeom
Add packet attribute triage function
3c3f6e7 
- Add triage functionality for scoring with attributes of each protocol.
  - Add a new enum type `AttrValue`.
  - Add the `target_attribute` to the `Match` trait.
  - Implement `score_by_packet_attr` under `Match` trait.
- Modify the `ValueKind` enum to support different types of input.
- Remove the `tor` module file. The structures (`HttpEventFields`,
  `TorConnection`) and implementations within that module have been
  moved to `crate::event::http`.
- Fix HTTP detection events to consistently use `referrer` instead of
  `referrer` and `referrer` interchangeably.
- Change the type of fields in the detection event structure for some
  protocols.
  - `post_body`: `Vec<u8>` to `String`.
  - `chaddr`: `Vec<u8>` to `String`.
  - `class_id`: `Vec<u8>` to `String`.
  - `client_id`: `Vec<u8>` to `String`.

Close: petabi#354
kimhanbeom added a commit to kimhanbeom/review-database that referenced this issue Dec 4, 2024
@kimhanbeom
Add packet attribute triage function
9880f6d 
- Add triage functionality for scoring with attributes of each protocol.
  - Add a new enum type `AttrValue`.
  - Add the `target_attribute` to the `Match` trait.
  - Implement `score_by_packet_attr` under `Match` trait.
- Modify the `ValueKind` enum to support different types of input.
- Remove the `tor` module file. The structures (`HttpEventFields`,
  `TorConnection`) and implementations within that module have been
  moved to `crate::event::http`.
- Fix HTTP detection events to consistently use `referrer` instead of
  `referrer` and `referrer` interchangeably.
- Change the type of fields in the detection event structure for some
  protocols.
  - `post_body`: `Vec<u8>` to `String`.
  - `chaddr`: `Vec<u8>` to `String`.
  - `class_id`: `Vec<u8>` to `String`.
  - `client_id`: `Vec<u8>` to `String`.

Close: petabi#354
@kimhanbeom kimhanbeom mentioned this issue Dec 13, 2024
Closed
kimhanbeom added a commit to kimhanbeom/review-database that referenced this issue Dec 18, 2024
@kimhanbeom
Add packet attribute triage function
829f5a4 
- Add triage functionality for scoring with attributes of each protocol.
  - Add the `target_attribute` to the `Match` trait.
  - Implement `score_by_packet_attr` under `Match` trait.
- Modify the `ValueKind` enum to support different types of input.
- Remove the `tor` module file. The structures (`HttpEventFields`,
  `TorConnection`) and implementations within that module have been
  moved to `crate::event::http`.
- Fix HTTP detection events to consistently use `referrer` instead of
  `referrer` and `referer` interchangeably.
- Change the type of fields in the detection event structure for some
  protocols.
  - `post_body`: `Vec<u8>` to `String`.
  - `chaddr`: `Vec<u8>` to `String`.
  - `class_id`: `Vec<u8>` to `String`.
  - `client_id`: `Vec<u8>` to `String`.

Close: petabi#354
kimhanbeom added a commit to kimhanbeom/review-database that referenced this issue Dec 18, 2024
@kimhanbeom
Add packet attribute triage function
826f656 
- Add triage functionality for scoring with attributes of each protocol.
  - Add the `target_attribute` to the `Match` trait.
  - Implement `score_by_packet_attr` under `Match` trait.
- Modify the `ValueKind` enum to support different types of input.
- Remove the `tor` module file. The structures (`HttpEventFields`,
  `TorConnection`) and implementations within that module have been
  moved to `crate::event::http`.
- Fix HTTP detection events to consistently use `referrer` instead of
  `referrer` and `referer` interchangeably.
- Change the type of fields in the detection event structure for some
  protocols.
  - `post_body`: `Vec<u8>` to `String`.
  - `chaddr`: `Vec<u8>` to `String`.
  - `class_id`: `Vec<u8>` to `String`.
  - `client_id`: `Vec<u8>` to `String`.

Close: petabi#354
kimhanbeom added a commit to kimhanbeom/review-database that referenced this issue Dec 18, 2024
@kimhanbeom
Add packet attribute triage function
31ab52f 
- Add triage functionality for scoring with attributes of each raw
  event.
  - Add the `target_attribute` to the `Match` trait.
  - Implement `score_by_packet_attr` under `Match` trait.
- Modify the `ValueKind` enum to support different types of input.
- Remove the `tor` module file. The structures (`HttpEventFields`,
  `TorConnection`) and implementations within that module have been
  moved to `crate::event::http`.
- Fix HTTP detection events to consistently use `referrer` instead of
  `referrer` and `referer` interchangeably.
- Change the type of fields in the detection event structure for some
  raw event.
  - `post_body`: `Vec<u8>` to `String`.
  - `chaddr`: `Vec<u8>` to `String`.
  - `class_id`: `Vec<u8>` to `String`.
  - `client_id`: `Vec<u8>` to `String`.

Close: petabi#354
kimhanbeom added a commit to kimhanbeom/review-database that referenced this issue Dec 20, 2024
@kimhanbeom
Add packet attribute triage function
b1eaa7e 
- Add triage functionality for scoring with attributes of each raw
  event.
  - Introduced a new crate attrievent. The kinds of raw events and their
    attributes change as our software evolves. The purpose of attrievent
    is to provide a comprehensive list of attributes for both review and
    the UI simultaneously.
  - Add the `to_attr_value` to the `Match` trait.
  - Implement `score_by_attr` under `Match` trait.
- Modify the `ValueKind` enum to support different types of input.
- Remove the `tor` module file. The structures (`HttpEventFields`,
  `TorConnection`) and implementations within that module have been
  moved to `crate::event::http`.
- Fix HTTP detection events to consistently use `referrer` instead of
  `referrer` and `referer` interchangeably.
- Change the type of fields in the detection event structure for some
  raw event.
  - `post_body`: `Vec<u8>` to `String`.
  - `chaddr`: `Vec<u8>` to `String`.
  - `class_id`: `Vec<u8>` to `String`.
  - `client_id`: `Vec<u8>` to `String`.

Close: petabi#354
kimhanbeom added a commit to kimhanbeom/review-database that referenced this issue Dec 20, 2024
@kimhanbeom
Add packet attribute triage function
b8d9cc7 
- Add triage functionality for scoring with attributes of each raw
  event.
  - Introduced a new crate attrievent. The kinds of raw events and their
    attributes change as our software evolves. The purpose of attrievent
    is to provide a comprehensive list of attributes for both review and
    the UI simultaneously.
  - Add the `to_attr_value` to the `Match` trait.
  - Implement `score_by_attr` under `Match` trait.
- Modify the `ValueKind` enum to support different types of input.
- Remove the `tor` module file. The structures (`HttpEventFields`,
  `TorConnection`) and implementations within that module have been
  moved to `crate::event::http`.
- Fix HTTP detection events to consistently use `referrer` instead of
  `referrer` and `referer` interchangeably.
- Change the type of fields in the detection event structure for some
  raw event.
  - `post_body`: `Vec<u8>` to `String`.
  - `chaddr`: `Vec<u8>` to `String`.
  - `class_id`: `Vec<u8>` to `String`.
  - `client_id`: `Vec<u8>` to `String`.

Close: petabi#354
kimhanbeom added a commit to kimhanbeom/review-database that referenced this issue Jan 3, 2025
@kimhanbeom
Add packet attribute triage function
fb56194 
- Add triage functionality for scoring with attributes of each raw
  event.
  - Introduced a new crate attrievent. The kinds of raw events and their
    attributes change as our software evolves. The purpose of attrievent
    is to provide a comprehensive list of attributes for both review and
    the UI simultaneously.
  - Add the `to_attr_value` to the `Match` trait.
  - Implement `score_by_attr` under `Match` trait.
- Modify the `ValueKind` enum to support different types of input.
- Remove the `tor` module file. The structures (`HttpEventFields`,
  `TorConnection`) and implementations within that module have been
  moved to `crate::event::http`.
- Change the type of fields in the detection event structure for some
  raw event.
  - `post_body`: `Vec<u8>` to `String`.
  - `chaddr`: `Vec<u8>` to `String`.
  - `class_id`: `Vec<u8>` to `String`.
  - `client_id`: `Vec<u8>` to `String`.

Close: petabi#354
kimhanbeom added a commit to kimhanbeom/review-database that referenced this issue Jan 3, 2025
@kimhanbeom
Add packet attribute triage function
21246c1 
- Add triage functionality for scoring with attributes of each raw
  event.
  - Introduced a new crate attrievent. The kinds of raw events and their
    attributes change as our software evolves. The purpose of attrievent
    is to provide a comprehensive list of attributes for both review and
    the UI simultaneously.
  - Add the `to_attr_value` to the `Match` trait.
  - Implement `score_by_attr` under `Match` trait.
- Modify the `ValueKind` enum to support different types of input.
- Remove the `tor` module file. The structures (`HttpEventFields`,
  `TorConnection`) and implementations within that module have been
  moved to `crate::event::http`.
- Change the type of fields in the detection event structure for some
  raw event.
  - `post_body`: `Vec<u8>` to `String`.
  - `chaddr`: `Vec<u8>` to `String`.
  - `class_id`: `Vec<u8>` to `String`.
  - `client_id`: `Vec<u8>` to `String`.

Close: petabi#354
kimhanbeom added a commit to kimhanbeom/review-database that referenced this issue Jan 8, 2025
@kimhanbeom
Add packet attribute triage function
61dbbf6 
- Add triage functionality for scoring with attributes of each raw
  event.
  - Introduced a new crate attrievent. The kinds of raw events and their
    attributes change as our software evolves. The purpose of attrievent
    is to provide a comprehensive list of attributes for both review and
    the UI simultaneously.
  - Add the `to_attr_value` to the `Match` trait.
  - Implement `score_by_attr` under `Match` trait.
- Modify the `ValueKind` enum to support different types of input.
- Remove the `tor` module file. The structures (`HttpEventFields`,
  `TorConnection`) and implementations within that module have been
  moved to `crate::event::http`.
- Change the type of fields in the detection event structure for some
  raw event.
  - `post_body`: `Vec<u8>` to `String`.
  - `chaddr`: `Vec<u8>` to `String`.
  - `class_id`: `Vec<u8>` to `String`.
  - `client_id`: `Vec<u8>` to `String`.

Close: petabi#354
kimhanbeom added a commit to kimhanbeom/review-database that referenced this issue Jan 14, 2025
@kimhanbeom
Add packet attribute triage function
475a843 
- Add triage functionality for scoring with attributes of each raw
  event.
  - Introduced a new crate attrievent. The kinds of raw events and their
    attributes change as our software evolves. The purpose of attrievent
    is to provide a comprehensive list of attributes for both review and
    the UI simultaneously.
  - Add the `to_attr_value` to the `Match` trait.
  - Implement `score_by_attr` under `Match` trait.
- Modify the `ValueKind` enum to support different types of input.
- Remove the `tor` module file. The structures (`HttpEventFields`,
  `TorConnection`) and implementations within that module have been
  moved to `crate::event::http`.
- Change the type of fields in the detection event structure for some
  raw event.
  - `post_body`: `Vec<u8>` to `String`.
  - `chaddr`: `Vec<u8>` to `String`.
  - `class_id`: `Vec<u8>` to `String`.
  - `client_id`: `Vec<u8>` to `String`.

Close: petabi#354
kimhanbeom added a commit to kimhanbeom/review-database that referenced this issue Jan 14, 2025
@kimhanbeom
Add packet attribute triage function
30ce6f2 
- Add triage functionality for scoring with attributes of each raw
  event.
  - Introduced a new crate attrievent. The kinds of raw events and their
    attributes change as our software evolves. The purpose of attrievent
    is to provide a comprehensive list of attributes for both review and
    the UI simultaneously.
  - Add the `to_attr_value` to the `Match` trait.
  - Implement `score_by_attr` under `Match` trait.
- Modify the `ValueKind` enum to support different types of input.
- Remove the `tor` module file. The structures (`HttpEventFields`,
  `TorConnection`) and implementations within that module have been
  moved to `crate::event::http`.
- Change the type of fields in the detection event structure for some
  raw event.
  - `post_body`: `Vec<u8>` to `String`.
  - `chaddr`: `Vec<u8>` to `String`.
  - `class_id`: `Vec<u8>` to `String`.
  - `client_id`: `Vec<u8>` to `String`.

Close: petabi#354
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Add packet attribute triage function kimhanbeom/review-database
1 participant
@sehkone