Added Button to select all in policy edit modal - policy.volt

[vzeller]

Added Button to select all in policy edit modal - policy.volt
So users can quickly select all options and deselect what they do not want.
Saves a lot of time when creating custom policies.

[AdSchellevis]

@vzeller do you have a concrete example where this would save time? I haven't seen many cases where you would like to have all options except some.

[vzeller]

@vzeller do you have a concrete example where this would save time? I haven't seen many cases where you would like to have all options except some.

Not sure if im using Policys the intended or right way. However, i have added Snort rules via oink code and ET Pro via the Telemetry Plugin and enabled all rules. To make the IDS use the rules work, except some things i want to have passed. It is my workflow to add a Policy that has everything enabled. And change all Alerts to be Dropped. Then i deselect the the category i want to have passed.
Before i came up with the Javascript i would select all categories CVE's and Threat Groups .. everything manually. Which takes a lot of time if you have many entries populated from Snort, ET Pro and maybe others.
Makes sense?

[vzeller]

Also, with every update ( i have daily updates for IDS rules via cron job). It would change names and add entries in First-Seen or CVE's etc. So i have to update the policy frequently.

[vzeller]

Privacy enhancing techniques used in a surveilled network / surveillance state.

[AdSchellevis]

I'm only using ET's rules, but in practice you really only want to filter either full sets (files) or things that are clearly specified (and have limited options), such as deployment type. Micromanaging on things that change daily is usually not a great strategy in my humble opinion.

[vzeller]

Yes, ideally it would add the new IDS rules enabled. Or give the Option to add them either disabled or enabled, keeping previous selections. Until that, this is a step in the right direction.

[AdSchellevis]

Maybe it's better to start with a ticket explaining the issue you want to solve, either I don't understand the use-case (which is perfectly possible) or this option doesn't add much value and we're trying to fix the wrong thing here.

These metadata selections are intended to match more or less static things like type of attacks (from a limited list) or deployments. When trying to more or less specify single sids by there metadata, this seems overly complicated.

[vzeller]

If the code is not harmfull and adds functionality, why argue against if?

[fichtner]

Talking use cases and problems can help remove code sometimes, but adding “solutions” always adds code.

[vzeller]

Well, after all I'm just a user. And this helps me a lot, so I wanted to share it 💞