feat(techniques): status hover tooltips + min 2 tests for validated
Some checks failed
Aegis CI / lint-and-test (push) Has been cancelled
Some checks failed
Aegis CI / lint-and-test (push) Has been cancelled
1. Status logic (v3): require ≥2 validated tests with 'detected' result to reach 'validated' status. With only 1 validated+detected test the technique stays 'partial' (single test is insufficient evidence). Backfilled existing data: T1012 and T1059.001 downgraded to 'partial'. 2. Hover tooltips on status badges in TechniquesPage and TechniqueDetailPage: - validated: ≥2 tests executed and detected - partial: some tests done but incomplete coverage - in_progress: tests exist but none validated yet - not_covered: tests run but Blue Team didn't detect - not_evaluated: no tests created yet - review_required: recent update needs acknowledgment Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
kitos
@@ -115,17 +115,26 @@ class TechniqueEntity:
|
||||
) -> TechniqueStatus:
|
||||
"""Recompute ``status_global`` from a list of (state, detection_result) pairs.
|
||||
|
||||
Rules (v2):
|
||||
Rules (v3):
|
||||
1. No tests -> not_evaluated
|
||||
2. All validated -> inspect detection results:
|
||||
- All detected -> validated
|
||||
- Any partially_detected -> partial
|
||||
- Otherwise -> not_covered
|
||||
3. Some validated, others in progress -> partial
|
||||
4. All in intermediate states -> in_progress
|
||||
2. All tests validated -> inspect detection results:
|
||||
a. All detected AND ≥ 2 validated tests -> validated
|
||||
b. All detected but only 1 validated test -> partial
|
||||
(single test is not enough evidence for full coverage)
|
||||
c. Any partially_detected -> partial
|
||||
d. Otherwise (no detected results) -> not_covered
|
||||
3. Some validated, others in intermediate states -> partial
|
||||
4. All tests in intermediate states (draft/executing/evaluating/review/rejected)
|
||||
-> in_progress
|
||||
|
||||
Minimum validated count for "validated": 2 tests.
|
||||
With only 1 validated+detected test the technique is "partial" to
|
||||
signal that more testing is recommended.
|
||||
|
||||
Returns the new status (also set on the entity).
|
||||
"""
|
||||
_MIN_VALIDATED_FOR_FULL = 2 # require ≥ N validated tests for "validated"
|
||||
|
||||
tests = [
|
||||
_TestSnapshot(
|
||||
state=s if isinstance(s, TestState) else TestState(s),
|
||||
@@ -137,9 +146,14 @@ class TechniqueEntity:
|
||||
if not tests:
|
||||
self.status_global = TechniqueStatus.not_evaluated
|
||||
elif all(t.state == TestState.validated for t in tests):
|
||||
validated_count = len(tests)
|
||||
results = [t.detection_result for t in tests if t.detection_result]
|
||||
if results and all(r == TestResult.detected or r == "detected" for r in results):
|
||||
self.status_global = TechniqueStatus.validated
|
||||
# Need at least _MIN_VALIDATED_FOR_FULL tests for "validated"
|
||||
if validated_count >= _MIN_VALIDATED_FOR_FULL:
|
||||
self.status_global = TechniqueStatus.validated
|
||||
else:
|
||||
self.status_global = TechniqueStatus.partial
|
||||
elif any(
|
||||
r == TestResult.partially_detected or r == "partially_detected"
|
||||
for r in results
|
||||
|
||||
Reference in New Issue
Block a user