Documentation ¶
Index ¶
Constants ¶
View Source
const ( // RuleType identifies the Alert to be for a Policy RuleType = "RULE" // PolicyType identifies the Alert to be for a Policy PolicyType = "POLICY" )
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Alert ¶
type Alert struct { // ID is the rule that triggered the alert. AnalysisID string `json:"analysisId" validate:"required"` // Type specifies if an alert is for a policy or a rule Type string `json:"type" validate:"oneof=RULE POLICY"` // CreatedAt is the creation timestamp (seconds since epoch). CreatedAt time.Time `json:"createdAt" validate:"required"` // Severity is the alert severity at the time of creation. Severity string `json:"severity" validate:"oneof=INFO LOW MEDIUM HIGH CRITICAL"` // OutputIds is the set of outputs for this alert. OutputIds []string `json:"outputIds,omitempty"` // LogTypes is the set of logs that could trigger the alert. LogTypes []string `json:"logTypes,omitempty"` // AnalysisDescription is the description of the rule that triggered the alert. AnalysisDescription *string `json:"analysisDescription,omitempty"` // Name is the name of the policy at the time the alert was triggered. AnalysisName *string `json:"analysisName,omitempty"` // Version is the S3 object version for the policy. Version *string `json:"version,omitempty"` // Runbook is the user-provided triage information. Runbook *string `json:"runbook,omitempty"` // Tags is the set of policy tags. Tags []string `json:"tags,omitempty"` // AlertID specifies the alertId that this Alert is associated with. AlertID *string `json:"alertId,omitempty"` // Title is the optional title for the alert generated by Python Rules engine Title *string `json:"title,omitempty"` // RetryCount is a counter for the nubmer of times we have attempted to send this alert to a destination. RetryCount int `json:"retryCount,omitempty"` // IsTest is a test flag set only to replace the contents of the alert with dummy values IsTest bool `json:"isTest,omitempty"` // IsResent is a flag set to indicate the alert is not new IsResent bool `json:"isResent,omitempty"` }
Alert is the schema for each row in the Dynamo alerts table.
type DeliverAlertInput ¶
type DeliverAlertInput struct { AlertID string `json:"alertId" validate:"required,hexadecimal,len=32"` // AlertID is an MD5 hash OutputIds []string `json:"outputIds" validate:"gt=0,dive,uuid4"` }
DeliverAlertInput sends an alert to the specified destinations
Example:
{ "deliverAlert": { "alertId": "8304cc90750d4b8f9a63b90a4543c707" "outputIds": ["198bdbc5-5d94-4d59-8c93-f2bab86359f5"] } }
type DeliverAlertOutput ¶
type DeliverAlertOutput = alertModels.AlertSummary
DeliverAlertOutput is an alias for an alert summary
type DispatchAlertsInput ¶
type DispatchAlertsInput = events.SQSMessage
DispatchAlertsInput is an alias for an SQSMessage
Example:
{ "Records": [ { "MessageId": "messageId", "ReceiptHandle": "MessageReceiptHandle", "Body": "{\"analysisId\":\"Test.Analysis.ID\",\"type\":\"RULE\", \ \"createdAt\":\"2020-09-01T21:10:41.80307Z\",\"severity\":\"INFO\", \ \"outputIds\":[\"1954ae35-f896-4d55-941f-f596ea80da86\", \ \"d498bac4-7ec3-432c-92b5-9a470d592c16\"],\"analysisDescription\": \ \"A test alert\",\"analysisName\":\"Test Analysis Name\",\"version\": \ \"abc\",\"runbook\":\"A runbook link\",\"tags\":[\"test\",\"alert\"], \ \"alertId\":\"1302cc3f4fab40b37f6f6a441e944206\",\"title\":\"Test Alert\"}", "Md5OfBody": "7b270e59b47ff90a553787216d55d91d", "Attributes": { "ApproximateReceiveCount": "1", "SentTimestamp": "1523232000000", "SenderId": "123456789012", "ApproximateFirstReceiveTimestamp": "1523232000001" }, "EventSourceARN": "arn:aws:sqs:us-west-2:123456789012:MyQueue", "EventSource": "aws:sqs", "AWSRegion": "us-west-2" } ] }
type LambdaInput ¶
type LambdaInput struct { // `DispatchAlerts` is an alias for `SQSMessage` so that we can invoke directly // in AWS UI with a valid `SQSMessage` JSON payload without needing to put data on // the queue and wait for the trigger. This matches the raw SQS message format // (hence 'Records' being the name of the field), but genericapi will route the // request to the DispatchAlerts handler. This way all requests can be routed // by genericapi without having to inspect the message ahead of time. DispatchAlerts []*DispatchAlertsInput `json:"Records"` DeliverAlert *DeliverAlertInput `json:"deliverAlert"` SendTestAlert *SendTestAlertInput `json:"sendTestAlert"` }
LambdaInput is the invocation event expected by the Lambda function.
Exactly one action must be specified, see comments below for examples.
type SendTestAlertInput ¶
type SendTestAlertInput struct {
OutputIds []string `json:"outputIds" validate:"gt=0,dive,uuid4"`
}
SendTestAlertInput sends a dummy alert to the specified destinations
Example:
{ "sendTestAlert": { "outputIds": ["198bdbc5-5d94-4d59-8c93-f2bab86359f5"] } }
type SendTestAlertOutput ¶
type SendTestAlertOutput struct { OutputID string `json:"outputId"` Message string `json:"message"` StatusCode int `json:"statusCode"` Success bool `json:"success"` DispatchedAt time.Time `json:"dispatchedAt"` }
SendTestAlertOutput holds only the attributes we want to return to the user
Click to show internal directories.
Click to hide internal directories.