Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Adding referential afterwards does not update the knowledge base #156

Closed
cudeso opened this issue Apr 25, 2019 · 7 comments

Comments

3 participants
@cudeso
Copy link

commented Apr 25, 2019

  • New risk analysis (in NL)
  • Only add NIST 800
  • Go in Knowledge Base ; add custom referential, delete custom referential
  • Edit analysis, add ISO and NIST Core
  • Go in Knowledge Base, only NIST 800 is displayed
    1
    2
@cudeso

This comment has been minimized.

Copy link
Author

commented Apr 25, 2019

v2.8.1

@cedricbonhomme

This comment has been minimized.

Copy link
Member

commented Apr 25, 2019

I was not able to reproduce on my.monarc.lu

Adding several referentials can take some time because the backend will also update the matching between the controls of the referentials.

Did you saw the green bow with the message "The risk analysis have been edited" before checking in the knowledge base?

@cedricbonhomme

This comment has been minimized.

Copy link
Member

commented Apr 26, 2019

Tested again and can not reproduce it.
If you create a new analysis with no referential, then you edit it by adding a new referential. After the success message of edition is displayed, you check in the knowledge base. Do you see it?

@cudeso

This comment has been minimized.

Copy link
Author

commented Apr 29, 2019

Tested on the VM.
1/ Create new analysis, no referentials. Then edit, add new one. Save. If you wait until the green "ok" appears and then go to KB then it's OK. But it takes a while before the green OK appears. And after you click "Save" in the edit of the risk analysis it's not clear that actions are still going on in the background.
2/ Create new analysis, no referentials. Then edit, add new one. Save. Don't wait and go to KB: not OK. If you go back to the main screen (risk analysis) after a couple of seconds you get the green popup from the previous edit. Going back to KB however doesn't show the referentials.

It seems that with 2/ the background job gets canceled. Maybe disable the KB-referentials option until the background job has finished. And provide visual feedback in 1/ that something is going on in the background.

@cedricbonhomme

This comment has been minimized.

Copy link
Member

commented Apr 30, 2019

Yes, We thought about adding an icon to let the user know that something is running in the backend. Like when an analysis is creating.
This is the best solution.
There is no link between the "background job" and the JavaScript side.

But still I can not reproduce your problem. I tried several times:

  1. creation of a analysis with no referential;
  2. add the 3 default referentials (the mapping will be done in the background);
  3. go to the kowledge base without waiting for the confirmation message and continue to do various things;
  4. finally the referentials are displayed without forcing the page refresh.

I had the web console open during this time. The status of the HTTP request was pending for approximately 20 seconds, then changed to 200. And so just after the code is set to 200, the referentials are listed.

Anyway, yes, we will add a icon to let the user know when the analysis is updated.

I want to emphasis that this is a huge process. It's way more than adding some measures in a table of the database.
For each referentials, each mapping between measures is updated (n-n link), then each risk of the analysis (asset, threat, vulnerability) is updated. This is rapidly thousand of relations.

Adding a referential via the knowledge base is faster because it's a more manual process. To achieve the same thing in the knowledge base you have to:

  1. create a new referential;
  2. add some measures to this referential;
  3. eventually update the matching;
    4 update the controls in the 'Information risks' tab (else MONARC can not know how to update the AMVs)

Of course assuming you have a matching file. Otherwise the controls in the "Information risks" tabs must be edited manually one by one.

@cudeso

This comment has been minimized.

Copy link
Author

commented Apr 30, 2019

Think I found it.
If you go to KB after edit of the analysis, the referentials are not shown (the task is still running in the background). The referential tab is selected. If you then click on the analysis name to go back to the main screen and then select edit the referentials are shown.
Then again select KB, the referential tab is the one that is directly selected. "/referentials" in the background have finished (200). No referentials are shown in the interface.
However if you click in the KB first on, for example, assets and then again referentials they are displayed.

Seems the referential tab content isn't refreshed.

I understand it's a resource intense process, but from a user perspective this isn't always clear.

@jfrocha

This comment has been minimized.

Copy link
Contributor

commented May 2, 2019

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.