nl-kat-coordination icon indicating copy to clipboard operation
nl-kat-coordination copied to clipboard
verified publisher icon minvws

Searching and filtering in findings-overview

Open paulvandenbraken opened this issue 1 year ago • 1 comments

About this feature

Should have for Kennisnet phase: Epic-3 Must have for subsequent phase

Detailed description

Journals and/or Audit trails need to be searchable and filterable (in findings-overview)

Feature benefit / User story

As an administrator, I want journals and audit trails to be searchable so that I can quickly find specific actions or changes for research and reports.

This important for efficient analysis during findings and understanding the reports; Also answer questions about this.

paulvandenbraken avatar Sep 09 '24 15:09 paulvandenbraken

Journals and/or Audit trails need to be searchable and filterable (in findings-overview)

Our current Audit-trails are log-based messages that we expect the user to collect in a different system outside OpenKAT. This is partially to make sure we keep our scope reasonable, but also to make sure they are stored outside the system that is being monitored. We suggest collecting the Log files as Structured Json, from where you can filer out the various Event's and aggregate/filter and search trough them as you please. tools like the ELK-stack, or similar can be used to provide dashboarding etc.

Inside OpenKAT we also collect various audit-events, but those are more limited. We collect the last user who created/changed/deleted an OOI, finding or muted one. We also collect who set an indemnification declaration. If your question is regarding these fields, we could probably create some search filters based on these values for the OOI's and findings.

underdarknl avatar Sep 10 '24 07:09 underdarknl

  • We could provide search filters based on the Author of an OOI.
  • We could also allow users to search for objects that have a clearance level declaration by a specific user.
  • We could allow searches for Objects that have been muted by a specific user.

underdarknl avatar Oct 01 '24 09:10 underdarknl

@Donnype could you refine what search/filtering/sorting options we can readily implement on the current Findings endpoint?

underdarknl avatar Oct 03 '24 11:10 underdarknl

Currently, in terms of filters, we can:

  • Specify if we want muted findings or exclude muted findings
  • Define the severities we want to filter on
  • We also have a generic search string query that is applied to the OOI id, meaning we could search by the primary key of the finding type and primary key of the OOI the finding is attached to.

In terms of sorting:

  • We can order by the score (default) or
  • We can order by the finding_type

These are all implemented in the findings overview page at the moment.

What we could implement for the Findings API is quite a lot, especially as this is an endpoint for which the OOI type, and therefore its fields, are known. (Indeed this includes adding a user filter on both the Finding and MutedFinding objects.) My question is: are we looking to filter Findings or is something else meant by "audit trails" in a Findings-overview-page-context? Perhaps being able to quickly find changes partly boils down to properly showing/filtering the most recent Findings? And being able to search audit trails perhaps means it should be easier to see/filter both the boefjes/bits/normalizers that ran (including when) and on which inputs, so you know the source of the recent changes you see in the Findings overview as well?

Donnype avatar Oct 04 '24 13:10 Donnype

I would like to have the ability to see when an object was created and last verified. If we could sort by this information, it would create a sort of journal that tracks objects added over time. This feature would be incredibly helpful, as it allows you to quickly see which items have been added since the last time you checked. This functionality should be available on both the findings page and the objects page, and it would also be great to have a search option for objects on these pages.

jordy-kennisnet avatar Oct 10 '24 12:10 jordy-kennisnet

Validate if any of the original questions are still valid / not resolved.

underdarknl avatar Feb 06 '25 13:02 underdarknl

For both the Findings page as the Objects page it is already possible to search for objects (and for the primary key). Besides this, it is possible to sort the tables and to add several filters to the table.

We haven't implemented colums yet for:

  • When an object was created
  • When an object was last verified

Therefore, we've also not implemented the filter for this yet.

@underdarknl @Donnype From the backend perspective, would it be possible to receive this data and to filter by this data?

madelondohmen avatar Feb 13 '25 11:02 madelondohmen

Discussed in stakeholder meeting today 26 February 2025. Four use cases plus new concepts for 'Operations log', object timeline (#3495) & 'Finding/Object changes log' are shown in the design file: https://www.figma.com/design/Ez6Kz23u5jvout5A4gwsaB/%E2%9C%8D%F0%9F%8F%BC-KAT-%7C-For-Review-%7C--Findings?node-id=2364-31387&t=vuVIcrwXlvzUtn0v-1

For refinement on the latter, 'Finding/Object changes log' we will continue discussing in the next stakeholder meeting 12 march 2025.

RomijnHumanoids avatar Feb 26 '25 14:02 RomijnHumanoids

To be reviewed/confirmed

Distilled User needs/questions from this ticket:

  1. "As an admin, I want to see “audit log” per user"

    • New design ticket (#4202); we do keep operations log that we can introduce in the frontend for admins.

  2. "As a user, I want to filter/sort findings on contributor/owner"

    • Although an object/finding-owner in OpenKat might have a different meaning than 'issue owners' outside of our application, this didn't seem to be a problem for stakeholders involved in the meeting on 28 february 2024. It's possible to add this to the frontend as an object/finding filter.
    • Contributor is currently not logged as a role when users perform actions on findings/objects in OpenKat.
    • However, the reason behind wanting to filter findings/objects on contributor/owner might already be fixed with an operations log.
    • Conclusion: Let's hold off on this for now, as users could have different expectations. An owner is the last user to edit an object, meaning that the creator is not always the owner. Often, system operations like bits/normalisers are owners as well.

  3. "As a user, I want to see which member performed actions on a finding/object"

    • To be covered in finding timelines #3495. On a finding specific level.

  4. "As a user I want to see what is new since last login"

    • New design ticket #4203, or old (https://github.com/minvws/nl-rt-tim-abang-rocky/issues/703?). I proposed a concept of a 'change log' which is also technically possible. I would like to refine this with stakeholders in the next stakeholder session on upcoming 26 march 2025, as we failed to cover this last stakeholder meeting.

RomijnHumanoids avatar Mar 24 '25 09:03 RomijnHumanoids