Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Case merging #14

Closed
nadouani opened this issue Nov 16, 2016 · 1 comment
Closed

Case merging #14

nadouani opened this issue Nov 16, 2016 · 1 comment
Assignees
@To-om
Labels
feature request
Milestone
2.9.1

Comments

@nadouani
Copy link
Contributor

Request Type

Feature Request

Problem Description

There are times when a security analyst may open a new case and carry on with their investigation only to realize that a similar case has been opened by another security analyst (or by themselves if they have short time memory) or that there is a former case that is sufficiently related to the new case that they should be merged together in a single one instead of having two (or more) separate ones.

Possible Solutions

  1. Provide a solution to allow a security analyst to select two or more cases and merge them together. When doing so, they must supply a short description to justify their action.
  2. When a new case has been opened and observables imported, check upon import if said observables have already been encountered and suggest (without blocking the addition) that the security analyst should consider merging this case with the one where these observables have been already seen. If the security analyst elect to do so, they should go on with their observable addition and then go back to 1. (see above) to perform the merge operation.

The check in 2. may be done using a proximity algorithm.

Complementary information

Caution

Upon merging, we shall retain the ancient cases in the database so that when a security analyst look them up by case ID, they should get a hit that:

  1. tells them the case they are looking for has been merged with another
  2. redirect them to the new case
@saadkadhi saadkadhi added this to the 2.9.1 milestone Nov 16, 2016
nadouani added a commit that referenced this issue Nov 16, 2016
@nadouani
#14 add initial support to case merging
53ee39b
nadouani added a commit that referenced this issue Nov 16, 2016
@nadouani
#14 Add tooltip to the “Flag/Unflag” case button, and fix an issue in…
05be4c4 
… HTML (missing closing tag)
nadouani added a commit that referenced this issue Nov 17, 2016
@nadouani
#14 improve the case merge dialog to support autocomplete, search by …
87cda03 
…title and by case number
To-om pushed a commit that referenced this issue Nov 17, 2016
#14 Fix case merging in backend
4e3ff6a
To-om pushed a commit that referenced this issue Nov 18, 2016
#14 exclude initial cases of merge for linked cases and seen observab…
bf306cf 
…les searchs
nadouani added a commit that referenced this issue Nov 18, 2016
@nadouani
#14 Disable merge button after it has been clicked. This prevents use…
1dc88a3 
…rs from clicking multiple times
nadouani added a commit that referenced this issue Nov 18, 2016
@nadouani
#14 Add visual hints indicating that a case has been closed as duplicate
14d5147
To-om pushed a commit that referenced this issue Nov 18, 2016
#14 Update case summary with a reference of merged case
d3b576e
To-om pushed a commit that referenced this issue Nov 18, 2016
#14 Add merge information in stats ; add nstats parameter in get case…
f63d737 
… api call
To-om pushed a commit that referenced this issue Nov 18, 2016
#14 Fix get nstats parameter (bodyParser doesn't work in GET request)
87f0c4b
nadouani added a commit that referenced this issue Nov 18, 2016
@nadouani
#14 display merged case title, in case details page for cases closed …
95c34e7 
…as duplicate
To-om added a commit that referenced this issue Nov 20, 2016
@To-om
#14 Fix summary in duplicate cases (its value is optional)
cca0d05
To-om pushed a commit that referenced this issue Nov 21, 2016
#14 Don't run analyzer on case merging
3a188ee
nadouani added a commit that referenced this issue Nov 21, 2016
@nadouani
#14 Fix a typo
cfd3845
nadouani added a commit that referenced this issue Nov 21, 2016
@nadouani
#14 Add merge summary in to the open cases list
e994a8b
@analyst444
Copy link

Can we add merging cases functionality to our Hive? Looks like we don't have the facing arrows.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@To-om To-om

Labels
feature request
Projects
None yet
Milestone
2.9.1
Development

No branches or pull requests
4 participants
@nadouani @saadkadhi @To-om @analyst444