Bug #49: Do not rely on ident to get the latest alert/heartbeat - Prewikka - UNITY 360

Bug #49

Do not rely on ident to get the latest alert/heartbeat

Added by Yoann VANDOORSELAERE almost 19 years ago. Updated over 14 years ago.

Status:

Closed

Priority:

Normal

Assignee:

Target version:

Start date:

Due date:

% Done:

Resolution:

fixed

Description

Currently, Prewikka consider the heartbeat in database with the highest ident to be the last heartbeat that has been added to the database. This is wrong since the ident allocation scheme drasticaly changed, and even through ident are unique, it shouldn't be assumed that there number is increasing incrementaly. Moreover this specificity is not described by the IDMEF standard and would result in incorrect behavior with other IDMEF database implementation.

In order to get the latest heartbeat in database, Prewikka should rely on the create_time field contained within the heartbeat.

History

#1 Updated by almost 19 years ago

Status changed from New to Closed
Resolution set to fixed

#2 Updated by Yoann VANDOORSELAERE over 14 years ago

Project changed from PRELUDE SIEM to Prewikka
Category deleted (5)

Also available in: Atom PDF

Project

General

Profile

Issues

Bug #49

Do not rely on ident to get the latest alert/heartbeat

History

#1 Updated by almost 19 years ago

#2 Updated by Yoann VANDOORSELAERE over 14 years ago