Skip to content
This repository has been archived by the owner on Sep 16, 2022. It is now read-only.

Redesign look and behavior of recommended actions #532

Closed
vpetersson opened this issue Nov 14, 2019 · 25 comments · Fixed by #568
Closed

Redesign look and behavior of recommended actions #532

vpetersson opened this issue Nov 14, 2019 · 25 comments · Fixed by #568

Comments

@vpetersson
Copy link
Contributor

vpetersson commented Nov 14, 2019

We need to redesign the recommended actions feature a bit to make it more intuitive.

Here's a quick mock-up:

68872186-88cb4b00-06f5-11ea-84d2-0192e7b47cd8

The changes are as follows:

  • Remove the X in the upper right-hand corner.
  • Add a "Severity" indicator in the upper right-hand corner. It should be one of the following for each event:
    • <span class="badge badge-danger">Severity: High</span>
    • <span class="badge badge-warning">Severity: Medium</span>
    • <span class="badge badge-secondary">Severity: Low</span>
  • Introduce a "Learn More" link for every recommended action (needs to link to a knowledge base article that is yet to be written).
  • Introduce a "Resolve" (or maybe we should call it "Done") button that has the same feature as the current "X" feature (i.e. it will resurface at next ping if not fixed).
    • Style btn-success and a Mixpanel event.
  • Introduce an "Ignore" button that simply flags and hides the recommended action (see Allow for 'ignoring' recommended actions #524).
    • Style as btn-danger and send Mixpanel event.
  • Introduce a "Snooze" feature that will allow you to snooze the recommended action for 24 hours or 7 days.

Mixpanel events

The mixpanel events should include the following meta data:

  • The event taken (Resolve, Ignore, Snooze)
  • The recommended action (e.g 'Insecure service found')
  • The affected service (e.g rsh-server) if applicable
  • The duration of the snooze (in case of the snooze event)

fired that includes the button and what recommended action it was as meta data.

@a-martynovich
Copy link
Contributor

@vpetersson

  1. Does "ignore" mean "Snooze forever"?
  2. Please define severity for every recommended action
  3. What do we do with "Add your first node" action? Should it even be snoozable/ignorable/fixable?

@vpetersson
Copy link
Contributor Author

Does "ignore" mean "Snooze forever"?

Correct.

Please define severity for every recommended action

This is something we need manually do for now. Take a stab at it and I'll correct.

What do we do with "Add your first node" action? Should it even be snoozable/ignorable/fixable?

That's an edge case. That one shouldn't have this action.

@a-martynovich
Copy link
Contributor

Screenshot from 2019-11-29 15-16-24

@a-martynovich
Copy link
Contributor

Screenshot from 2019-11-29 15-35-01

@vpetersson
Copy link
Contributor Author

Hmm @a-martynovich the readability with white on yellow is not ideal. Can you do black text just to get me a sense for how that looks?

@a-martynovich
Copy link
Contributor

@vpetersson On the previous screenshot the severity label was also half-opaque, turning fully opaque on hover (because it's supposed to be a "close" button like an "x"). I made it fully opaque now.
Screenshot from 2019-12-02 11-44-30

@a-martynovich
Copy link
Contributor

@vpetersson Here's the dropdown:
Screenshot from 2019-12-02 12-05-57

@vpetersson
Copy link
Contributor Author

@a-martynovich Thanks. Are we able to override these colors to the default ones from Bootstrap?

@a-martynovich
Copy link
Contributor

@vpetersson Not without breaking the layout elsewhere. So if we're going to fallback to Bootstrap we might as well need to do it globally as much as possible.

@vpetersson
Copy link
Contributor Author

Ok noted - I'm not a big fan of the current color scheme but let's leave that aside for now then.

@a-martynovich
Copy link
Contributor

@vpetersson

The affected service (e.g rsh-server) if applicable

Just one service? Or multiple services? And to which recommended actions from the list I gave you is it applicable?

@vpetersson
Copy link
Contributor Author

I think we need to redesign this to a per-service basis. If not, it makes it very difficult when you have N nodes involved.

@a-martynovich
Copy link
Contributor

@vpetersson this doesn't answer the question.

@vpetersson
Copy link
Contributor Author

Ok, fair. I've spent a fair bit of time thinking about the issues in the current design, and I think i need share some backstory for this to make sense.

Currently any Recommended Action (RA) can have X nodes and Y sub-actions (e.g. multiple vulnerable services, or configuration changes). What I'm saying is that I think we need to change this structure, such that a recommended action can only have X nodes, but each sub-action would be its own recommended action.

So what this means in practical terms is as follows:

  • The OpenSSH audit would be broken down into multiple RAs.
  • The "Insecure services" would be broken down into individual ones for each recommended action. As such, we only have one command we need to run for this.

(Do note that I want to completely refactor the RAs for CVEs)

So cross-references to the the list in WoTTsecurity/wott-io#198, we should with this change now have a 1:1 mapping between an event and N nodes.

Does that make sense?

@a-martynovich
Copy link
Contributor

@vpetersson No, how does this apply to this particular task? I'm not asking about future developments, I'm asking about the current state of things.

Given how we currently generate recommended actions what is "the affected service (e.g rsh-server) if applicable" which you want to track? And to which recommended actions is this applicable?

@vpetersson
Copy link
Contributor Author

I see what you mean now. Leave that particular Mixpanel event out now due to the issue I outlined above.

@vpetersson
Copy link
Contributor Author

@a-martynovich Here's the categorization

  • Default credentials detected
    • Severity: High
  • Consider moving to SFTP
    • Severity: Medium
  • Permissive firewall policy detected
    • Severity: Medium
  • Insecure services found
    • rsh-server / rsh-redone-server
      • Severity: High
    • fingerd
      • Severity: Medium
    • tftpd
      • Severity: Medium
    • telnetd
      • Severity: High
    • snmpd
      • Severity: Medium
    • xinetd
      • Severity: Medium
    • nis
      • Severity: Medium
    • atftpd
      • Severity: Medium
    • tftpd-hpa
      • Severity: Medium
  • Insecure configuration for OpenSSH found.
    • PermitRootLogin
      • Severity: Medium
    • AllowAgentForwarding
      • Severity: Medium
    • PasswordAuthentication
      • Severity: High
  • Consider enable automatic security updates
    • Severity: High
  • Your MongoDB instance may be publicly accessible.
    • Severity: High
  • Your MySQL instance may be publicly accessible.
    • Severity: High
  • No root password set for the MySQL/MariaDB server
    • Severity: High
  • Your Memcached instance may be publicly accessible
    • Severity: High
  • Your Redis instance may be publicly accessible
    • Severity: High
  • Your system is vulnerable to Meltdown and/or Spectre attacks
    • Severity: High

@a-martynovich
Copy link
Contributor

Because currently we have 1 recommended action for insecure services and 1 action for OpenSSH I've set their severity to High. Later we can refactor this, of course.

@vpetersson
Copy link
Contributor Author

Sure, that's fine.

@a-martynovich
Copy link
Contributor

@vpetersson You've been asking how do recommended actions look in vanilla Bootstrap. Here's my attempt:
image

@vpetersson
Copy link
Contributor Author

Interesting. So some things are better and some things are worse. Would it be possible to only override (or rather, use vanilla bootstrap) on the buttons and the severity badge?

@a-martynovich
Copy link
Contributor

Links are now blue, but I guess I can revert them to cyan if needed
image

@vpetersson
Copy link
Contributor Author

That's much better! I'm OK with this blue shade for now.

@a-martynovich
Copy link
Contributor

@vpetersson This concerns me a little bit. Notice the new color of those buttons:
image

Compare this to
image

Either I got too used to the current color scheme or my eyes deceive me, but it looks like a cyan button fits this color scheme better than a blue one. None of them fit perfectly, though.

@a-martynovich
Copy link
Contributor

Also those buttons have funky color.
image

Here's my attempt to color them:
image

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
None yet
Projects
None yet
Development

Successfully merging a pull request may close this issue.

2 participants