Skip to content
This repository was archived by the owner on Sep 17, 2021. It is now read-only.

Add support for overriding audit scores #552

Merged
scriptsrc merged 5 commits into from
Feb 21, 2017
Merged

Add support for overriding audit scores #552

scriptsrc merged 5 commits into from
Feb 21, 2017

Conversation

@scriptsrc
Copy link
Contributor

@scriptsrc scriptsrc commented Feb 17, 2017

Replaces #535
Fixes merge conflicts and db migration path.

From @kalpatel01:

Type: generic-large-feature

Why is this change necessary?
We've run into instances where we have wanted to reconfigure watcher run
intervals to improve performance or even remove watchers that were
causing problems. Currently this requires logging into the server and
physically changing the code

This change addresses the need by:
Provides a Watcher Config page in Settings and an api where a user can
configure the run interval and the active flag

Potential Side Effects:
No known side effects

Anne Ebie and others added 3 commits February 10, 2017 11:30
[secmonkey] Add support for overriding audit scores
060a6ab 
Type: feature

Why is this change necessary?
Prior to this change, you would need to update the source code in order
to change the values of audit issue scores or to disable them.

This change addresses the need by:
Providing a way for administrators to override audit issue scores as
they see fit for their organization.  Support is added to both the
Security Monkey web console (Settings -> Audit Issue Scores) and the
manage.py CLI (add_override_score).

Potential Side Effects:
No known side effects
Merging PR 535 - Audit Score Override
59c9944
Updating db migration path.
11fb310
@scriptsrc scriptsrc mentioned this pull request Feb 17, 2017
Closed
@coveralls
Copy link

coveralls commented Feb 17, 2017

Coverage Status

Changes Unknown when pulling bf1996b on Bridgewater-7923_OverrideScores into ** on develop**.

@scriptsrc
Copy link
Contributor Author

scriptsrc commented Feb 21, 2017

Here's something I was confused on until Curtis/Anne cleared it up for me:
The account patterns allow you to apply an override score to multiple accounts at once. Example: Change scores to 0 for all of our PLAY accounts with one pattern. There's a note at the bottom of misc.rst that I had misinterpreted to mean that account patterns couldn't match to multiple accounts. That note actually means there could be undefined behavior if conflicting account patterns are created.

I'm going to merge this in.

I have a few ideas for the future:

  • Add Tags to accounts, and allow patterns to be based on these tags. (Similar to the notes field example.)
  • Make it so that account patterns can be re-used, so you don't need to recreate it for each override.
  • Make the Account Value field an autocomplete. We'll need to send distinct account values to the client.
  • Some UI changes so you can navigate back to /viewauditscore/<id> from /auditscore/<id>/createaccountpatternauditscore

@coveralls
Copy link

coveralls commented Feb 21, 2017

Coverage Status

Changes Unknown when pulling bf0c9c0 on Bridgewater-7923_OverrideScores into ** on develop**.

@scriptsrc scriptsrc merged commit 99b9224 into develop Feb 21, 2017
This was referenced Feb 21, 2017
Closed
Open
@scriptsrc scriptsrc deleted the Bridgewater-7923_OverrideScores branch April 5, 2017 23:04
This was referenced Apr 14, 2017
Merged
Merged
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@scriptsrc @coveralls