-
Notifications
You must be signed in to change notification settings - Fork 299
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add new bot: time filter #1969
base: develop
Are you sure you want to change the base?
Add new bot: time filter #1969
Conversation
We already have the "filter" expert which can filter on (non-)equality, non-existence and regular expressions (match and non-match). We also have the sieve expert with filtering capabilities on all of the above plus existence, substrings, numeric comparisons, network ranges, set/list operations and all with typing support. I'm reflecting what is the best user experience
1 and 2 contradict each other, while 3 is orthogonal. I'm currently tending towards 1 (which is, what this PR does), as 2 means a more complex configuration of the bot - but I want to sleep over it first and hear others' opinions. And 3, our swiss-army knife, would be cool as well =) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think that a dedicated time filtering bot would be the best solution, but we have to think twice about which features this bot should have, to make it not too complicated to configure.
I not sure yet what the purpose of this bot is due to missing docs, however I want to point out named queued ("paths") in IntelMQ. Using them could extend the functionality of the bot, by keeping the configuration simple. Thay are used in the "normal" filter expert like this: https://intelmq.readthedocs.io/en/latest/user/bots.html#filter (section Possible paths) and https://github.com/certtools/intelmq/blob/develop/intelmq/bots/experts/filter/expert.py#L105-L143 For example, with a single parameter (timespan), multiple use-cases could be solved, all used in parallel by the IntelMQ user
or similar. |
@mariuskarotkis The tests (or other Actions) of all your remaining PRs are failing currently. Could you please have a look at them? Please also apply the lessons learnt from the review of the merged PRs - if applicable to the new ones. If a PR is ready for review from your side, please give us a short ping. |
Please check tests. |
The pycodestyle check fails with
For the nosetests, you introduced a new testing requirement |
Codecov Report
📣 This organization is not using Codecov’s GitHub App Integration. We recommend you install it so Codecov can continue to function properly for your repositories. Learn more @@ Coverage Diff @@
## develop #1969 +/- ##
===========================================
- Coverage 76.91% 76.35% -0.57%
===========================================
Files 454 456 +2
Lines 24120 24052 -68
Branches 3516 3793 +277
===========================================
- Hits 18553 18366 -187
- Misses 4793 4938 +145
+ Partials 774 748 -26
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
the docs need much more details on how the bot works and what it does. it's really hard to get an understanding of the bot, even when studying the code in detail
When I read the docs of this new bot I don't understand the difference to the existing filter expert using |
@sebix Please check reviewer is active or no. |
Can you answer this question in the docs?
|
Add new bot: time filter