feat(api): Geo related field addition in the feed_response. Closes #524#909
Conversation
Signed-off-by: Dorna Raj Gyawali <dronarajgyawali@gmail.com>
regulartim
left a comment
There was a problem hiding this comment.
Hey @drona-gyawali ! Sorry if I was not precise enough here: I don't think it makes a lot of sense to include the senor country in the responses. The attacker country is sufficient I guess. What do you think?
I think your changes DOES affect user-facing behavior as you are adding fields to the API response. |
Thanks for the review I added the sensor countries as an experiment. My initial thought was: we can already see the attacker country, but what if we also want to know where the IOC was actually detected? For example, if the attacker country is Nepal, the attack might have been observed from Germany this could give richer context for analysis. That said, I’m completely fine reverting this change and keeping only the attacker country in the response. Once again, thank you for your guidance! |
Yeah, I see what you mean. I'll keep this in the back of my head. The
Thank you for your work! :) |
…eedyBear-Project#524 (GreedyBear-Project#909) * version(1): added geo field in api response Signed-off-by: Dorna Raj Gyawali <dronarajgyawali@gmail.com> * version(2): added only attacker_country --------- Signed-off-by: Dorna Raj Gyawali <dronarajgyawali@gmail.com>
Description
Initially, I tried a simpler approach: adding an ArrayAgg annotation for sensor_countries in get_queryset and including it in a feed_response inside the base_fields. This was straightforward and clean just two lines of change.
Issue with initial approach:
Current Approach:
Removed sensor_countries from base_fields to prevent errors in non-feed code.
Implemented get_sensor_countries_map to fetch sensor countries in batch, avoiding N+1 queries.
The feed response now includes sorted sensor_countries per IOC, along with attacker_country and other base fields.
Related issues
closes: #524
related PR : #880
Type of change
Checklist
Please complete this checklist carefully. It helps guide your contribution and lets maintainers verify that all requirements are met.
Formalities
<feature name>. Closes #999develop.develop.Docs and tests
Ruff) gave 0 errors. If you have correctly installed pre-commit, it does these checks and adjustments on your behalf.GUI changes
Ignore this section if you did not make any changes to the GUI.
Review process