Bug #49
Do not rely on ident to get the latest alert/heartbeat
Status:
Closed
Priority:
Normal
Assignee:
-
Target version:
-
Start date:
Due date:
% Done:
0%
Resolution:
fixed
Description
Currently, Prewikka consider the heartbeat in database with the highest ident to be the last heartbeat that has been added to the database. This is wrong since the ident allocation scheme drasticaly changed, and even through ident are unique, it shouldn't be assumed that there number is increasing incrementaly. Moreover this specificity is not described by the IDMEF standard and would result in incorrect behavior with other IDMEF database implementation.
In order to get the latest heartbeat in database, Prewikka should rely on the create_time field contained within the heartbeat.
History
#1 Updated by almost 19 years ago
- Status changed from New to Closed
- Resolution set to fixed
#2 Updated by Yoann VANDOORSELAERE over 14 years ago
- Project changed from PRELUDE SIEM to Prewikka
- Category deleted (
5)