Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

eventType Filter addition #157

Merged
merged 3 commits into from
May 22, 2023
Merged

eventType Filter addition #157

merged 3 commits into from
May 22, 2023

Conversation

carlosmmatos
Copy link
Contributor

@carlosmmatos carlosmmatos commented May 20, 2023
edited
Loading

This PR implements several changes that aim to improve the system's handling of detection events and provide better debugging tools for these processes. Here are the key changes:

  1. Refactoring of Event Type Checks: In backends/__init__.py, the way we check if RELEVANT_EVENT_TYPES is "ALL" has been modified. Instead of comparing the entire list to the string "ALL", we now check if "ALL" is an element of RELEVANT_EVENT_TYPES. This change allows for more flexibility in the RELEVANT_EVENT_TYPES configuration, as it does not have to be exactly "ALL" to be considered as such.

  2. Minor Grammar Change: In falcon/models.py, the logging message for when a detection event is skipped has been grammatically fixed.

  3. Incorporation of Relevant Event Types in Streaming Connection: Changes in falcon/stream.py add relevant_event_types as a parameter in the StreamingConnection class. This allows relevant_event_types to be used when establishing the connection. Now, when constructing the URL for the streaming connection, if relevant_event_types is not None, it is added as a filter in the URL query parameters (&eventType=). This change should help in reducing unnecessary network traffic by filtering out irrelevant events directly at the source.

  4. Enhanced Debugging Information: Also in falcon/stream.py, a new debugging log has been added to print the complete URL used for the streaming connection. This addition should assist in debugging issues related to streaming connection setup.

These changes are expected to enhance the system's performance and make it easier to manage and debug.

@carlosmmatos
Fix issue with improper type checking
0028ad0 
RELEVANT_EVENT_TYPES is a list, therefore the check to see if
'ALL' was in there was orginally did not work since it was
treating it as a string. We now check to see if the string 'ALL'
is in the list.
@carlosmmatos
Introduce streaming url eventType filter.
85a1617 
This change takes the set of RELEVANT_EVENT_TYPES by a backend
and uses that as a filter to the streaming url. This prevents
the need to have the FIG process ALL events, instead allows it
to process only the relevant events, reducing overhead.
@carlosmmatos
Minor grammar update
756e357
@musayev-io musayev-io merged commit f9e6cf8 into CrowdStrike:main May 22, 2023
@carlosmmatos carlosmmatos self-assigned this Jul 30, 2023
@carlosmmatos carlosmmatos added the enhancement New feature or request label Jul 30, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@redhatrises redhatrises redhatrises approved these changes

@musayev-io musayev-io musayev-io approved these changes

Assignees

@carlosmmatos carlosmmatos

Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@carlosmmatos @redhatrises @musayev-io