-- =============================================
-- ALARM ZORLUK SEVİYESİ GÜNCELLEME
-- Easy → Intermediate → Hard → Expert
-- =============================================
-- Bu SQL'i phpMyAdmin'de çalıştırın
-- =============================================

-- Önce mevcut durumu kontrol et
SELECT difficulty, COUNT(*) as count FROM alerts GROUP BY difficulty;

-- =============================================
-- 1. KOLAY (Beginner) - Basit alarmlar
-- =============================================
UPDATE alerts 
SET difficulty = 'Beginner'
WHERE 
    severity IN ('low', 'medium')
    OR alert_type IN ('Brute Force', 'Port Scan', 'Login Failure');

-- =============================================
-- 2. ORTA (Intermediate) - Orta seviye
-- =============================================
UPDATE alerts 
SET difficulty = 'Intermediate'
WHERE 
    severity = 'high'
    AND alert_type NOT IN ('APT', 'Ransomware', 'Data Exfiltration', 'Lateral Movement');

-- =============================================
-- 3. ZOR (Advanced) - İleri seviye
-- =============================================
UPDATE alerts 
SET difficulty = 'Advanced'
WHERE 
    severity = 'critical'
    OR alert_type IN ('APT', 'Ransomware', 'Data Exfiltration', 'exec_anomaly');

-- =============================================
-- 4. UZMAN (Expert) - En zor alarmlar
-- =============================================
UPDATE alerts 
SET difficulty = 'Expert'
WHERE 
    alert_type IN ('APT', 'Lateral Movement', 'Living Off the Land')
    AND severity = 'critical';

-- =============================================
-- Sonucu kontrol et
-- =============================================
SELECT difficulty, COUNT(*) as count FROM alerts GROUP BY difficulty ORDER BY 
    CASE difficulty 
        WHEN 'Beginner' THEN 1 
        WHEN 'Intermediate' THEN 2 
        WHEN 'Advanced' THEN 3 
        WHEN 'Expert' THEN 4 
    END;