Skip to:

  1. Skip to Jira Navigation
  2. Skip to Side Navigation
  3. Skip to Main Content

Review classification rules in the flow pipeline

Description

Review classification rules in the flow data pipeline and analyze for opportunities to improve the performance.

Acceptance / Success Criteria

None

Lucidchart Diagrams

Activity

Benjamin Reed September 7, 2021 at 6:06 PM

Stefan merged this earlier today and it should make the release now.

Stefan Wachter August 31, 2021 at 6:46 PM

Another PR for fixing UI integration tests: https://github.com/OpenNMS/opennms/pull/3613

Stefan Wachter August 19, 2021 at 1:17 PM

Stefan Wachter August 13, 2021 at 1:17 PM

The existing classification engine does only include some optimizations for selecting rules with ports. In case that a rule base heavily relies on address matches rule selection is a linear search. In addition, the current rule engine does not support port ranges explictly. Port ranges are represented as corresponding single ports which is highly inefficient for large port ranges.

A new rule engine was developed that uses a decision tree to select rules. On each node a threshold for one of the aspects (src addr, dst addr, src port, dst port, or protocol) is used to split the rule set. For classification the decision tree is traversed and finally the classification rules found at the leaves are applied.

Fixed

Details

Assignee

Reporter

Sprint

Fix versions

Priority

PagerDuty

Created August 2, 2021 at 3:22 PM
Updated September 7, 2021 at 6:06 PM
Resolved September 7, 2021 at 6:06 PM