stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity
Files
310e9f84fe09fa2fc71e2f91b6153cc904cd2df4
git.stella-ops.org/docs/features/dropped/comparative-evidence-suppression-pattern-analysis.md

34 lines
2.2 KiB
Markdown
Raw Blame History

# Comparative Evidence/Suppression Pattern Analysis
## Module
Attestor
## Status
PARTIALLY_IMPLEMENTED
## Description
Evidence and suppression patterns are implemented in the scanning and VEX override subsystems. The advisory was primarily a research/comparison document; its findings appear to have influenced the VEX override and evidence panel designs rather than producing a standalone feature.
## What's Implemented
- **VEX Override System**: `src/Attestor/__Libraries/StellaOps.Attestor.StandardPredicates/VexOverride/` -- VexOverridePredicateBuilder, VexOverridePredicateParser, VexOverrideDecision, EvidenceReference -- provides structured suppression with evidence.
- **Audit Hash Logger**: `__Libraries/StellaOps.Attestor.ProofChain/Audit/AuditHashLogger.cs` (with `.Validation`) -- audit logging for evidence and suppression actions.
- **Change Trace Attestation Service**: `ProofChain/ChangeTrace/ChangeTraceAttestationService.cs` -- tracks changes including suppressions.
- **VEX Delta Tracking**: `Predicates/VexDeltaPredicate.cs`, `VexDeltaChange.cs`, `VexDeltaSummary.cs` -- tracks VEX status transitions.
## What's Missing
- **Cross-organization pattern analysis**: No service that compares suppression patterns across tenants or organizations to detect anomalous suppression rates.
- **Suppression pattern dashboard**: No UX component showing suppression trends, outliers, or comparative analysis against baselines.
- **Suppression quality scoring**: No scoring model that evaluates the quality/legitimacy of suppressions based on evidence strength.
- **Anomaly detection**: No automated detection of suspicious suppression patterns (e.g., bulk suppressions without evidence, suppressions of critical CVEs).
## Implementation Plan
- Design a suppression analytics service that aggregates suppression patterns
- Implement cross-tenant comparison with configurable baselines
- Add suppression quality scoring based on evidence reference count and type
- Build anomaly detection rules for suspicious suppression patterns
- Add dashboard UX components for suppression trend visualization
- Add tests for pattern analysis, scoring, and anomaly detection
## Related Documentation
- Source: See feature catalog
Reference in New Issue View Git Blame Copy Permalink