models

package
v1.14.1 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Dec 11, 2020 License: AGPL-3.0 Imports: 3 Imported by: 0

Documentation

Index

Constants

View Source
const (
	// RuleType identifies the Alert to be for a Rule
	RuleType = "RULE"

	// RuleErrorType identifies the Alert to be for a Rule error
	RuleErrorType = "RULE_ERROR"

	// PolicyType identifies the Alert to be for a Policy
	PolicyType = "POLICY"
)

Variables

This section is empty.

Functions

This section is empty.

Types

type Alert

type Alert struct {
	// ID is the rule that triggered the alert.
	AnalysisID string `json:"analysisId" validate:"required"`

	// Type specifies if an alert is for a policy or a rule
	Type string `json:"type" validate:"oneof=RULE POLICY RULE_ERROR"`

	// CreatedAt is the creation timestamp (seconds since epoch).
	CreatedAt time.Time `json:"createdAt" validate:"required"`

	// Severity is the alert severity at the time of creation.
	Severity string `json:"severity" validate:"oneof=INFO LOW MEDIUM HIGH CRITICAL"`

	// OutputIds is the set of outputs for this alert.
	OutputIds []string `json:"outputIds,omitempty" validate:"dive,uuid4"`

	// LogTypes is the set of logs that could trigger the alert.
	LogTypes []string `json:"logTypes,omitempty"`

	// AnalysisDescription is the description of the rule that triggered the alert.
	AnalysisDescription string `json:"analysisDescription,omitempty"`

	// Name is the name of the policy at the time the alert was triggered.
	AnalysisName *string `json:"analysisName,omitempty"`

	// Version is the S3 object version for the policy.
	Version *string `json:"version,omitempty"`

	// Reference is the user-provided triage information
	Reference string `json:"reference,omitempty"`

	// DestinationOverride is the custom user-provided destination override
	DestinationOverride []string `json:"destinationOverride,omitempty" validate:"dive,uuid4"`

	// Runbook is the user-provided triage information.
	Runbook string `json:"runbook,omitempty"`

	// Tags is the set of policy tags.
	Tags []string `json:"tags,omitempty"`

	// AlertID specifies the alertId that this Alert is associated with.
	AlertID *string `json:"alertId,omitempty"`

	// Title is the optional title for the alert generated by Python Rules engine
	Title string `json:"title,omitempty"`

	Context map[string]interface{} `json:"context"`

	// RetryCount is a counter for the nubmer of times we have attempted to send this alert to a destination.
	RetryCount int `json:"retryCount,omitempty"`

	// IsTest is a test flag set only to replace the contents of the alert with dummy values
	IsTest bool `json:"isTest,omitempty"`

	// IsResent is a flag set to indicate the alert is not new
	IsResent bool `json:"isResent,omitempty"`
}

Alert is the schema for each row in the Dynamo alerts table.

type DeliverAlertInput

type DeliverAlertInput struct {
	AlertID   string   `json:"alertId" validate:"required,hexadecimal,len=32"` // AlertID is an MD5 hash
	OutputIds []string `json:"outputIds" validate:"gt=0,dive,uuid4"`
}

DeliverAlertInput sends an alert to the specified destinations

Example:

{
    "deliverAlert": {
        "alertId": "8304cc90750d4b8f9a63b90a4543c707"
        "outputIds": ["198bdbc5-5d94-4d59-8c93-f2bab86359f5"]
    }
}

type DeliverAlertOutput

type DeliverAlertOutput = alertModels.AlertSummary

DeliverAlertOutput is an alias for an alert summary

type DispatchAlertsInput

type DispatchAlertsInput = events.SQSMessage

DispatchAlertsInput is an alias for an SQSMessage

Example:

{
	"Records": [
	  {
		"MessageId": "messageId",
		"ReceiptHandle": "MessageReceiptHandle",
		"Body": "{\"analysisId\":\"Test.Analysis.ID\",\"type\":\"RULE\", 		\
       \"createdAt\":\"2020-09-01T21:10:41.80307Z\",\"severity\":\"INFO\", 	\
       \"outputIds\":[\"1954ae35-f896-4d55-941f-f596ea80da86\",				\
       \"d498bac4-7ec3-432c-92b5-9a470d592c16\"],\"analysisDescription\":	\
       \"A test alert\",\"analysisName\":\"Test Analysis Name\",\"version\":	\
       \"abc\",\"runbook\":\"A runbook link\",\"tags\":[\"test\",\"alert\"],	\
       \"alertId\":\"1302cc3f4fab40b37f6f6a441e944206\",\"title\":\"Test Alert\"}",
		"Md5OfBody": "7b270e59b47ff90a553787216d55d91d",
		"Attributes": {
		  "ApproximateReceiveCount": "1",
		  "SentTimestamp": "1523232000000",
		  "SenderId": "123456789012",
		  "ApproximateFirstReceiveTimestamp": "1523232000001"
		},
		"EventSourceARN": "arn:aws:sqs:us-west-2:123456789012:MyQueue",
		"EventSource": "aws:sqs",
		"AWSRegion": "us-west-2"
	  }
	]
}

type LambdaInput

type LambdaInput struct {
	// `DispatchAlerts` is an alias for `SQSMessage` so that we can invoke directly
	// in AWS UI with a valid `SQSMessage` JSON payload without needing to put data on
	// the queue and wait for the trigger. This matches the raw SQS message format
	// (hence 'Records' being the name of the field), but genericapi will route the
	// request to the DispatchAlerts handler. This way all requests can be routed
	// by genericapi without having to inspect the message ahead of time.
	DispatchAlerts []*DispatchAlertsInput `json:"Records"`
	DeliverAlert   *DeliverAlertInput     `json:"deliverAlert"`
	SendTestAlert  *SendTestAlertInput    `json:"sendTestAlert"`
}

LambdaInput is the invocation event expected by the Lambda function.

Exactly one action must be specified, see comments below for examples.

type SendTestAlertInput

type SendTestAlertInput struct {
	OutputIds []string `json:"outputIds" validate:"gt=0,dive,uuid4"`
}

SendTestAlertInput sends a dummy alert to the specified destinations

Example:

{
    "sendTestAlert": {
        "outputIds": ["198bdbc5-5d94-4d59-8c93-f2bab86359f5"]
    }
}

type SendTestAlertOutput

type SendTestAlertOutput struct {
	OutputID     string    `json:"outputId"`
	Message      string    `json:"message"`
	StatusCode   int       `json:"statusCode"`
	Success      bool      `json:"success"`
	DispatchedAt time.Time `json:"dispatchedAt"`
}

SendTestAlertOutput holds only the attributes we want to return to the user

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL