feedback

package
v0.0.0-...-2aa9ba2 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Mar 2, 2026 License: Apache-2.0 Imports: 14 Imported by: 0

Documentation

Overview

Package feedback provides feedback collection and rule refinement. This handles user feedback, rule tuning, and continuous improvement.

Index

Constants

View Source 
const MaxCommentLength = 1000

MaxCommentLength bounds user-supplied feedback comments.

Variables

View Source 
var ValidFeedbackTypes = map[string]bool{
	"false_positive": true,
	"true_positive":  true,
	"false_negative": true,
}

ValidFeedbackTypes defines the allowed feedback types

Functions

func NormalizeFeedbackType 

func NormalizeFeedbackType(raw string) (string, bool)

NormalizeFeedbackType canonicalizes accepted feedback type values. "improvement" is kept as a backwards-compatible alias for false_negative.

Types

type Feedback 

type Feedback struct {
	ID        string    `json:"id"`
	EventID   string    `json:"event_id"`
	AlertID   string    `json:"alert_id"`
	RuleName  string    `json:"rule_name"`
	Verdict   string    `json:"verdict"` // "false_positive", "true_positive", "false_negative"
	Comment   string    `json:"comment,omitempty"`
	Timestamp time.Time `json:"timestamp"`
}

Feedback represents user feedback on an alert or rule

type FeedbackManager 

type FeedbackManager struct {
	// contains filtered or unexported fields
}

FeedbackManager handles feedback operations

func NewFeedbackManager 

func NewFeedbackManager(store *store.Store) *FeedbackManager

NewFeedbackManager creates a new feedback manager

func (*FeedbackManager) GetFeedbackForRule 

func (fm *FeedbackManager) GetFeedbackForRule(ruleName string, limit int) ([]Feedback, error)

GetFeedbackForRule retrieves feedback for a specific rule

func (*FeedbackManager) GetFeedbackSummary 

func (fm *FeedbackManager) GetFeedbackSummary() (*FeedbackSummary, error)

GetFeedbackSummary returns a summary of all feedback

func (*FeedbackManager) GetHighFalsePositiveRules 

func (fm *FeedbackManager) GetHighFalsePositiveRules(threshold float64) ([]RuleStats, error)

GetHighFalsePositiveRules returns rules with high false positive rates

func (*FeedbackManager) GetRuleFalsePositiveRate 

func (fm *FeedbackManager) GetRuleFalsePositiveRate(ruleName string) (float64, error)

GetRuleFalsePositiveRate calculates the false positive rate for a rule

func (*FeedbackManager) GetRuleStats 

func (fm *FeedbackManager) GetRuleStats(ruleName string) (*RuleStats, error)

GetRuleStats returns comprehensive statistics for a rule

func (*FeedbackManager) SubmitFeedback 

func (fm *FeedbackManager) SubmitFeedback(feedback *Feedback) error

SubmitFeedback validates and stores feedback

type FeedbackSummary 

type FeedbackSummary struct {
	TotalFeedback      int               `json:"total_feedback"`
	ByType             map[string]int    `json:"by_type"`
	TopFalsePositives  []string          `json:"top_false_positives"`
	RecentFeedback     []Feedback        `json:"recent_feedback"`
	RecommendedActions map[string]string `json:"recommended_actions"`
}

FeedbackSummary provides an overview of feedback for reporting

type RefinementEngine 

type RefinementEngine struct {
	// contains filtered or unexported fields
}

RefinementEngine handles rule analysis and improvement suggestions

func NewRefinementEngine 

func NewRefinementEngine(feedbackManager *FeedbackManager, rulesDir string, triager *triage.Triager) *RefinementEngine

NewRefinementEngine creates a new refinement engine

func (*RefinementEngine) AnalyzeRule 

func (re *RefinementEngine) AnalyzeRule(ctx context.Context, ruleName string) (*RuleRefinementResult, error)

AnalyzeRule performs comprehensive analysis of a rule and suggests improvements

func (*RefinementEngine) ApplyRefinement 

func (re *RefinementEngine) ApplyRefinement(ruleName string, suggestion *RefinementSuggestion, backup bool) error

ApplyRefinement applies a suggested refinement to a rule file

func (*RefinementEngine) GetRulesNeedingRefinement 

func (re *RefinementEngine) GetRulesNeedingRefinement(threshold float64) ([]RuleRefinementResult, error)

GetRulesNeedingRefinement returns rules with high false positive rates

type RefinementSuggestion 

type RefinementSuggestion struct {
	Type        string  `json:"type"`        // "add_exception", "narrow_condition", "reduce_severity", "disable"
	Description string  `json:"description"` // Human-readable description
	Before      string  `json:"before"`      // Current rule content (relevant section)
	After       string  `json:"after"`       // Suggested rule content
	Confidence  float64 `json:"confidence"`  // 0.0-1.0 confidence in suggestion
	Reasoning   string  `json:"reasoning"`   // Why this change is suggested
}

RefinementSuggestion represents a suggested rule improvement

type RuleRefinementResult 

type RuleRefinementResult struct {
	RuleName          string                 `json:"rule_name"`
	RuleFile          string                 `json:"rule_file"`
	FalsePositiveRate float64                `json:"false_positive_rate"`
	TotalAlerts       int                    `json:"total_alerts"`
	FeedbackCount     int                    `json:"feedback_count"`
	CommonPatterns    []string               `json:"common_patterns"`
	Suggestions       []RefinementSuggestion `json:"suggestions"`
	LLMAnalysis       *triage.TriageResult   `json:"llm_analysis,omitempty"`
	RecommendedAction string                 `json:"recommended_action"`
}

RuleRefinementResult contains analysis and suggestions for a rule

type RuleStats 

type RuleStats struct {
	RuleName          string     `json:"rule_name"`
	TotalAlerts       int        `json:"total_alerts"`
	FalsePositiveRate float64    `json:"false_positive_rate"`
	TruePositiveRate  float64    `json:"true_positive_rate"`
	FeedbackCount     int        `json:"feedback_count"`
	LastTriggered     *time.Time `json:"last_triggered"`
	RecommendedAction string     `json:"recommended_action"`
}

RuleStats represents statistics about a rule's performance

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.