Documentation ¶
Index ¶
Constants ¶
View Source
const ( AlertTablePartitionKey = "id" AlertTableLogTypesAttribute = "logTypes" AlertTableEventCountAttribute = "eventCount" AlertTableUpdateTimeAttribute = "updateTime" )
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Alert ¶
type Alert struct { ID string `dynamodbav:"id,string"` TimePartition string `dynamodbav:"timePartition,string"` Severity *string `dynamodbav:"severity,string"` RuleDisplayName *string `dynamodbav:"ruleDisplayName,string"` FirstEventMatchTime time.Time `dynamodbav:"firstEventMatchTime,string"` LogTypes []string `dynamodbav:"logTypes,stringset"` // Alert Title - will be the Python-generated title or a default one if no Python-generated title is available. Title string `dynamodbav:"title,string"` AlertDedupEvent AlertPolicy }
Alert contains all the fields associated to the alert stored in DDB
type AlertDedupEvent ¶
type AlertDedupEvent struct { RuleID string `dynamodbav:"ruleId"` RuleVersion string `dynamodbav:"ruleVersion"` DeduplicationString string `dynamodbav:"dedup"` CreationTime time.Time `dynamodbav:"creationTime"` UpdateTime time.Time `dynamodbav:"updateTime"` EventCount int64 `dynamodbav:"eventCount"` LogTypes []string `dynamodbav:"logTypes,stringset"` AlertContext *string `dynamodbav:"context,string"` Type string `dynamodbav:"type"` // Generated Fields GeneratedTitle *string `dynamodbav:"title,string"` GeneratedDescription *string `dynamodbav:"description,string"` GeneratedReference *string `dynamodbav:"reference"` GeneratedSeverity *string `dynamodbav:"severity"` GeneratedRunbook *string `dynamodbav:"runbook"` GeneratedDestinations []string `dynamodbav:"destinations,stringset"` AlertCount int64 `dynamodbav:"-"` // There is no need to store this item in DDB }
AlertDedupEvent represents the event stored in the alert dedup DDB table by the rules engine
func FromDynamodDBAttribute ¶
func FromDynamodDBAttribute(input map[string]events.DynamoDBAttributeValue) (event *AlertDedupEvent, err error)
type AlertPolicy ¶
type AlertPolicy struct { PolicyID string `dynamodbav:"policyId,string"` PolicyDisplayName string `dynamodbav:"policyDisplayName,string"` PolicyVersion string `dynamodbav:"policyVersion,string"` PolicySourceID string `dynamodbav:"policySourceId,string"` ResourceTypes []string `dynamodbav:"resourceTypes,stringset"` ResourceID string `dynamodbav:"resourceId,string"` // This is the failing resource }
AlertPolicy represents the policy-specific fields for alerts genereated by policies
Click to show internal directories.
Click to hide internal directories.