Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Feature: Archive events for time range #51

Closed
LaramieSmile opened this issue Jun 15, 2017 · 6 comments
Closed

Feature: Archive events for time range #51

LaramieSmile opened this issue Jun 15, 2017 · 6 comments
Labels
feature notfixed
Milestone
0.10.0

Comments

@LaramieSmile
Copy link

Would it be possible to make it so you can archive alert IDs for the entire selected time range and not just the visible events on screen?
@LaramieSmile
Copy link
Author

Or/also, the ability to whitelist SIDs so evebox won't ever display them. There are a number of SIDs I'm interested in aggregate numbers for, but don't care to see the individual events and just clutter things up.

@jasonish
Copy link
Owner

Would it be possible to make it so you can archive alert IDs for the entire selected time range and not just the visible events on screen?

Yeah, I've thought about this. Like GMail lets you apply an operation to all matching, even if not displayed on the screen (I feature I use). This shouldn't be too hard so perhaps I'll look sooner than later.

@jasonish
Copy link
Owner

Or/also, the ability to whitelist SIDs so evebox won't ever display them. There are a number of SIDs I'm interested in aggregate numbers for, but don't care to see the individual events and just clutter things up.

Yes, this is planned. Its pending me completing PostgreSQL support tho. But the idea would be to auto-archive events matching a filter where the filter is the same aggregation used in the event display (sid, src ip, dest ip). So they would never show up in the inbox, but show up in searches, etc. Auto archiving, muting, not sure what to call it.

@jasonish jasonish mentioned this issue Jun 19, 2017
Open
@jasonish
Copy link
Owner

Or/also, the ability to whitelist SIDs so evebox won't ever display them. There are a number of SIDs I'm interested in aggregate numbers for, but don't care to see the individual events and just clutter things up.
Yes, this is planned. Its pending me completing PostgreSQL support tho. But the idea would be to auto-archive events matching a filter where the filter is the same aggregation used in the event display (sid, src ip, dest ip). So they would never show up in the inbox, but show up in searches, etc. Auto archiving, muting, not sure what to call it.

Created a feature for issue for this one: #52

@jasonish
Copy link
Owner

Would it be possible to make it so you can archive alert IDs for the entire selected time range and not just the visible events on screen?

@LaramieSmile Trying out a dropdown like this:
6255944561590272

@jasonish jasonish added this to the 0.9.0 milestone Jan 20, 2018
@jasonish jasonish modified the milestones: 0.9.0, 0.9.1 Jan 30, 2018
@jasonish jasonish modified the milestones: 0.9.1, 0.10.0 May 29, 2018
@jasonish
Copy link
Owner

Closing as notfixed due to age. Don't see myself getting around to this.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
feature notfixed
Projects
None yet
Milestone
0.10.0
Development

No branches or pull requests
2 participants
@jasonish @LaramieSmile