add the graph from parse_alerts_table() to the readme

stratosphereips · May 23, 2024 · 1f1937e · 1f1937e
1 parent c0b0104
commit 1f1937e
Show file tree

Hide file tree

Showing 2 changed files with 9 additions and 2 deletions.
diff --git a/README.md b/README.md
@@ -149,7 +149,15 @@ are discarded. The number of discarded flows is written in the cli at the end of
 * the flows read by suricata, slips and the gt don't have to be the same, meaning that, the final flows count don't have to match because each tool reads the pcap differently
 
 * timewindow numbers may be negative if a flow is found with a flow timestamp < timestamp of the first flow seen
-
+* if a slips alert exists in parts of 2 timewindows
+* what we're doing here is marking bith timewindows as malicious 
+
+                1:30                   2:30
+                 │      slips alert     │
+                 ├──────────────────────┤
+ 1:00                       2:00                         3:00
+ ├───────────────────────────┼────────────────────────────┤
+ │             tw 1                 tw 2                  │
 
 ---
 

diff --git a/parsers/slips.py b/parsers/slips.py
@@ -125,7 +125,6 @@ def parse_alerts_table(self):
             # 1:00                       2:00                         3:00
             # ├───────────────────────────┼────────────────────────────┤
             # │             tw 1                 tw 2                  │
-            # for ts in (, alert['tw_end']):
             self.mark_tw_as_malicious(alert['tw_start'], alert['ip_alerted'])
             # the goal of this is the following:
             # if slips has an alert from 1:00 to 2:00 then we shouldnt mark