mirror of https://github.com/MISP/misp-website
62 lines
3.3 KiB
Markdown
62 lines
3.3 KiB
Markdown
---
|
|
title: Periodic summaries - Visualize summaries of MISP data
|
|
date: 2022-09-12
|
|
layout: post
|
|
banner: /img/blog/periodic-summary/periodic-summary-1.png
|
|
---
|
|
|
|
# Periodic summaries - Visualize summaries of MISP data
|
|
|
|
As of version 2.4.162, MISP includes a **periodic summary** feature allowing users to consult a summary based on a requested time-frame for data the user has access to.
|
|
|
|
Currently, the summaries can be generated for 3 different periods: `daily`, `weekly` and `monthly` and then sent to all users that subscribed to one of these periods.
|
|
|
|
In addition to letting users subscribe to a period, they can also specify filtering options such as tags or distribution levels to be applied when generating the report.
|
|
|
|
|
|
|
|
|
|
## Viewing summaries
|
|
There are currently two ways to view a periodic summary:
|
|
- In the MISP ui, click on the *View periodic summary* link when browsing events
|
|
- Subscribe to one of the available period and receive the summary directly in the user's mailbox
|
|
|
|
## [admin] Automatic delivery
|
|
In order to have MISP send periodic mails, the periodic notification task should be scheduled. One of the easiest way to do it is to use CRON jobs.
|
|
|
|
For example, this entry could be added
|
|
```text
|
|
0 6 * * * /var/www/MISP/app/Console/cake Server sendPeriodicSummaryToUsers >/dev/null 2>&1
|
|
```
|
|
|
|
The `sendPeriodicSummaryToUsers` should be called daily and takes care of sending the summaries to every users that subscribed to the `daily` notification.
|
|
|
|
For the `weekly` and `monthly` periods, they will be sent on Mondays and on the first day of each months respectively.
|
|
|
|
More details about setting the scheduled task and the CLI tool can be found in the *automation page* (/events/automation).
|
|
|
|
|
|
## [admin] Extending / Overriding
|
|
|
|
Site administrators of MISP can also extend, replace or remove parts of a periodic summary.
|
|
|
|
The notification templates can be found under the `app/View/Emails/html` folder. Each template extend a parametrized common template allowing site-admins to customize the summary to fit theirs needs.
|
|
|
|
For example, the default `monthly` notification template is configured to only include a subset of the *detailed summary* section.
|
|
|
|
Options and developer documentation can be found in the `notification_common.ctp` file.
|
|
|
|
## Changes and improvement since MISP v2.4.163
|
|
- **Bug fixes**
|
|
- Data collection and aggregation give more accurate results
|
|
- **Changes**
|
|
- Improved UI and data visualization
|
|
- Decaying event `base_score` has been replaced by decaying `event score` effectively computing the `score` of each event based on their `last_modified` timestamp
|
|
- **New**
|
|
- Section `New correlations` showing the correlations that were created by the data considered by the report
|
|
|
|
- Section `Report settings` in user setting allowing users to customize the generated report. Customization include tags to be considered when generating trends, new correlations and trending period count allowing users to see trend over a longer time.
|
|
|
|
|
|
##### Edits
|
|
- 2022-09-26 - Added changes and improvements from MISP v2.4.163. |