models

package
v1.12.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Nov 12, 2020 License: AGPL-3.0 Imports: 1 Imported by: 0

Documentation

Index

Constants

View Source
const (
	// Open is strictly used for updating/filtering and is not explicitly set on an alert
	OpenStatus = "OPEN"

	// Triaged sets the alert to actively investigating
	TriagedStatus = "TRIAGED"

	// Closed is set for false positive or anything other reason than resolved
	ClosedStatus = "CLOSED"

	// Resolved is set when the issue was found and remediated
	ResolvedStatus = "RESOLVED"
)

Constants defined for alert statuses

Variables

This section is empty.

Functions

This section is empty.

Types

type Alert

type Alert struct {
	AlertSummary
	Events                 []*string `json:"events" validate:"required"`
	EventsLastEvaluatedKey *string   `json:"eventsLastEvaluatedKey,omitempty"`
}

Alert contains the details of an alert

type AlertSummary

type AlertSummary struct {
	AlertID           string              `json:"alertId" validate:"required"`
	RuleID            *string             `json:"ruleId" validate:"required"`
	RuleDisplayName   *string             `json:"ruleDisplayName,omitempty"`
	RuleVersion       *string             `json:"ruleVersion" validate:"required"`
	DedupString       *string             `json:"dedupString,omitempty"`
	DeliveryResponses []*DeliveryResponse `json:"deliveryResponses" validate:"required"`
	LogTypes          []string            `json:"logTypes" validate:"required"`
	CreationTime      *time.Time          `json:"creationTime" validate:"required"`
	UpdateTime        *time.Time          `json:"updateTime" validate:"required"`
	EventsMatched     *int                `json:"eventsMatched" validate:"required"`
	Severity          *string             `json:"severity" validate:"required"`
	Status            string              `json:"status,omitempty"`
	Title             *string             `json:"title" validate:"required"`
	LastUpdatedBy     string              `json:"lastUpdatedBy,omitempty"`
	LastUpdatedByTime time.Time           `json:"lastUpdatedByTime,omitempty"`
}

AlertSummary contains summary information for an alert

type DeliveryResponse added in v1.8.0

type DeliveryResponse struct {
	OutputID     string    `json:"outputId" validate:"required,uuid4"`
	Message      string    `json:"message"`
	StatusCode   int       `json:"statusCode"`
	Success      bool      `json:"success"`
	DispatchedAt time.Time `json:"dispatchedAt"`
}

DeliveryResponse holds the delivery response for data stored in DDB

type GetAlertInput

type GetAlertInput struct {
	AlertID                 string  `json:"alertId" validate:"required,hexadecimal,len=32"` // AlertID is an MD5 hash
	EventsPageSize          *int    `json:"eventsPageSize"  validate:"required,min=1,max=50"`
	EventsExclusiveStartKey *string `json:"eventsExclusiveStartKey,omitempty"`
}

GetAlertInput retrieves details for a single alert.

The response will contain by definition all of the events associated with the alert. If `eventPageSize` and `eventPage` are specified, it will returns only the specified events in the response. Example:

{
    "getAlert": {
        "alertId": "ruleId-2",
        "eventsPageSize": 20
    }
}

type GetAlertOutput

type GetAlertOutput = Alert

GetAlertOutput retrieves details for a single alert.

type LambdaInput

type LambdaInput struct {
	GetAlert            *GetAlertInput            `json:"getAlert"`
	ListAlerts          *ListAlertsInput          `json:"listAlerts"`
	UpdateAlertStatus   *UpdateAlertStatusInput   `json:"updateAlertStatus"`
	UpdateAlertDelivery *UpdateAlertDeliveryInput `json:"updateAlertDelivery"`
}

LambdaInput is the request structure for the alerts-api Lambda function.

type ListAlertsInput

type ListAlertsInput struct {
	// Used for searching as secondary index
	RuleID *string `json:"ruleId"`

	// Number of results to return per query
	PageSize *int `json:"pageSize" validate:"omitempty,min=1,max=50"`

	// Infinite scroll/pagination query key
	ExclusiveStartKey *string `json:"exclusiveStartKey"`

	// Filtering
	Severity        []*string  `json:"severity" validate:"omitempty,dive,oneof=INFO LOW MEDIUM HIGH CRITICAL"`
	NameContains    *string    `json:"nameContains"`
	Status          []string   `json:"status" validate:"omitempty,dive,oneof=OPEN TRIAGED CLOSED RESOLVED"`
	CreatedAtBefore *time.Time `json:"createdAtBefore"`
	CreatedAtAfter  *time.Time `json:"createdAtAfter"`
	RuleIDContains  *string    `json:"ruleIdContains"`
	AlertIDContains *string    `json:"alertIdContains"`
	EventCountMin   *int       `json:"eventCountMin" validate:"omitempty,min=0"`
	EventCountMax   *int       `json:"eventCountMax" validate:"omitempty,min=1"`
	LogTypes        []string   `json:"logTypes" validate:"omitempty,dive,required"`
	// Sorting
	SortDir *string `json:"sortDir" validate:"omitempty,oneof=ascending descending"`
}

ListAlertsInput lists the alerts in reverse-chronological order (newest to oldest) If "ruleId" is not set, we return all the alerts for the organization If the "exclusiveStartKey" is not set, we return alerts starting from the most recent one. If it is set, the output will return alerts starting from the "exclusiveStartKey" exclusive.

{
    "listAlerts": {
        "ruleId": "My.Rule",
        "pageSize": 25,
        "exclusiveStartKey": "abcdef",
        "severity": ["INFO"],
        "status": ["TRIAGED"],
        "nameContains": "string in alert title",
        "createdAtAfter": "2020-06-17T15:49:40Z",
        "createdAtBefore": "2020-06-17T15:49:40Z",
        "ruleIdContains": "string in rule id",
        "alertIdContains": "string in alert id",
        "eventCountMin": "0",
        "eventCountMax": "500",
        "sortDir": "ascending",
    }
}

type ListAlertsOutput

type ListAlertsOutput struct {
	// Alerts is a list of alerts sorted by timestamp descending.
	// Alerts with the same timestamp are returned in ascending order of alert ID.
	Alerts []*AlertSummary `json:"alertSummaries"`
	// LastEvaluatedKey contains the last evaluated alert Id.
	// If it is populated it means there are more alerts available
	// If it is nil, it means there are no more alerts to be returned.
	LastEvaluatedKey *string `json:"lastEvaluatedKey,omitempty"`
}

ListAlertsOutput is the returned alert list.

type UpdateAlertDeliveryInput added in v1.8.0

type UpdateAlertDeliveryInput struct {
	// ID of the alert to update
	AlertID string `json:"alertId" validate:"hexadecimal,len=32"` // AlertID is an MD5 hash

	// Variables that we allow updating (will be appended)
	DeliveryResponses []*DeliveryResponse `json:"deliveryResponses"`
}

UpdateAlertDeliveryInput updates an alert by its ID

{
    "updateAlertDelivery": {
        "alertId": "84c3e4b27c702a1c31e6eb412fc377f6",
        "deliveryResponses": [
          {
            "outputId": "1f54cf4a-ec56-44c2-83bc-8b742600f307"
            "message": "gateway timeout",
            "statusCode": 504,
            "success": false,
            "dispatchedAt": "2020-06-17T15:49:40Z",
          }
        ]
    }
}

type UpdateAlertDeliveryOutput added in v1.8.0

type UpdateAlertDeliveryOutput = AlertSummary

UpdateAlertDeliveryOutput is an alias for an alert summary

type UpdateAlertStatusInput added in v1.6.0

type UpdateAlertStatusInput struct {
	// ID of the alert to update
	AlertIDs []string `json:"alertIds" validate:"gt=0,dive,hexadecimal,len=32"` // AlertID is an MD5 hash

	// Variables that we allow updating:
	Status string `json:"status" validate:"oneof=OPEN TRIAGED CLOSED RESOLVED"`

	// User who made the change
	UserID string `json:"userId" validate:"uuid4"`
}

UpdateAlertStatusInput updates alert statuses by their IDs

{
    "updateAlertStatus": {
        "alertIds": ["84c3e4b27c702a1c31e6eb412fc377f6"],
        "status": "CLOSED"
        // userId is added by AppSync resolver (UpdateAlertStatusResolver)
        "userId": "5f54cf4a-ec56-44c2-83bc-8b742600f307"
    }
}

type UpdateAlertStatusOutput added in v1.6.0

type UpdateAlertStatusOutput = []*AlertSummary

UpdateAlertStatusOutput is an alias for an alert summary

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL