[prev in list] [next in list] [prev in thread] [next in thread] 

List:       prelude-devel
Subject:    Re: [prelude-devel] A tale of two front-ends: Piwi vs. Prewikka
From:       Yoann Vandoorselaere <yoann.v () prelude-ids ! com>
Date:       2005-04-20 19:22:43
Message-ID: 1114024963.13591.36.camel () arwen ! prelude-ids ! org
[Download RAW message or body]

On Wed, 2005-04-20 at 02:13 -0700, Gene R Gomez wrote: 
> Hi all,

[...]

> Ok, so to be quick, the things that Prewikka brings that Piwi didn't have:
> * A prettier interface: I don't think that anyone will argue that Piwi was
> pretty; it could be downright nasty at times.
> * The ability to manage users and their permissions from within the
> frontend: Piwi had a requirement to define users and what they could do
> from an editor on the system
> 
> The things we lost by moving from Piwi to Prewikka:
> * Basic reporting functionalities: Piwi would draw a variety of Top 10
> reports in graphical format.
> * Platform independence: Piwi could easily interact with Internet
> Explorer.  Prewikka, on the other hand, doesn't render properly, and in
> fact bombs some IE instances I've seen with the Google Toolbar (a pretty
> common ID plug-in).
> 
> So, it appears to me that Prewikka is a step forward in *useability*, but
> a step backward in *functionality*.  Does everyone feel this is a fair
> assessment?

I'd like to correct some of theses misleading comment; you seem to be
missing a lot of functionality that Prewikka bring:

- Alert aggregation.

- Contextual alert filtering (the dynamic filter you get when clicking
on the event listing table head).

- Sensor localtime / frontend localtime / UTC, time based navigation -
which is a feature you asked for a long time and which is a must for
analysis of events from sensors located in different timezone.

- Start of integration with tools for backtracking attacker.

- Fully transparent IDMEF v14 implementation (Piwi didn't even comply in
regard to most IDMEF v5 fields).

- Heartbeat are correctly handled (listing, analysis, agent view). Piwi
was completly broken in this regard, 

Most Piwi feature were incomplete and/or broken. See for example Piwi
heartbeat, and alert groupby handling.

As for Internet Explorer compliance, I'd appreciate very much if a web
developer with concrete IE experience could show up in order to help
with that specific stuff. I guess we're better releasing what we have
now rather than waiting endlessly for someone to tackle the task.

As for the interface work that was done on Prewikka, just realize it was
several month of work involving several developers, with professional
security analyst reviewing and commenting on Prewikka ergonomic.

Regards,
-- 
Yoann Vandoorselaere <yoann.v@prelude-ids.com>


[prev in list] [next in list] [prev in thread] [next in thread]