Fix: Count only unique events. (Redmine issue: #7577)

When filtering based on the credibility of detectors, duplicate IDEA events were counted towards the total count of blocked events.

Fix: Count only unique events. (Redmine issue: #7577)
284a4620 · Rajmund Hruška · fd49db5c · 284a4620
Commit 284a4620 authored 2 years ago by Rajmund Hruška
--- a/lib/mentat/reports/event.py
+++ b/lib/mentat/reports/event.py
@@ -216,12 +216,12 @@ class EventReporter(BaseReporter):
            for groups, events_aggr in aggregated_events.items():
                group_chain = groups[0]
                # C: Discard events from detectors with low credibility.
-                _events_aggr, passed_cnt, blocked_cnt = self.filter_events_by_credibility(events_aggr)
+                _events_aggr, blocked_cnt = self.filter_events_by_credibility(events_aggr)
                # If all events were discarded, _events_aggr is None.
                if _events_aggr:
                    aggregated_credible_events[groups] = _events_aggr
                # Save information about how many events passed and how many were discarded.
-                result[str(group_chain)]['evcount_det'] = passed_cnt
+                result[str(group_chain)]['evcount_det'] = result['evcount_flt'] - blocked_cnt
                result[str(group_chain)]['evcount_det_blk'] = blocked_cnt

            for groups, events_aggr in aggregated_credible_events.items():
@@ -560,8 +560,7 @@ class EventReporter(BaseReporter):
        :return: Tuple with filtered dictionary, number of events passed, number of events discarded.
        :rtype: tuple
        """
-        passed_cnt = 0
-        blocked_cnt = 0
+        blocked = set()
        _events_aggr = {}
        for ip in events_aggr:
            for event in events_aggr[ip]:
@@ -572,8 +571,9 @@ class EventReporter(BaseReporter):
                        continue
                    _pass *= self.detectors_dict[detector].credibility
                if _pass < 0.5:
-                    # TODO: blocked_cnt and passed_cnt are counting duplicate events.
-                    blocked_cnt += 1
+                    if event['ID'] in blocked:
+                        continue
+                    blocked.add(event['ID'])
                    # Increase number of hits.
                    sql_detector = self.detectors_dict[event.get_detectors()[-1]]
                    sql_detector.hits += 1
@@ -581,11 +581,10 @@ class EventReporter(BaseReporter):
                    self.sqlservice.session.add(sql_detector)
                    self.sqlservice.session.commit()
                else:
-                    passed_cnt += 1
                    if ip not in _events_aggr:
                        _events_aggr[ip] = []
                    _events_aggr[ip].append(event)
-        return _events_aggr if passed_cnt != 0 else None, passed_cnt, blocked_cnt
+        return _events_aggr, len(blocked)

    def filter_events(self, main_group, events):
        """