Beispiel #1
0
def process_alert(incomingAlert):

    for plugin in plugins:
        try:
            incomingAlert = plugin.pre_receive(incomingAlert)
        except RejectException:
            raise
        except Exception as e:
            raise RuntimeError('Error while running pre-receive plug-in: %s', e)
        if not incomingAlert:
            raise SyntaxError('Plug-in pre-receive hook did not return modified alert')

    try:
        if db.is_duplicate(incomingAlert):
            started = duplicate_timer.start_timer()
            alert = db.save_duplicate(incomingAlert)
            duplicate_timer.stop_timer(started)
        elif db.is_correlated(incomingAlert):
            started = correlate_timer.start_timer()
            alert = db.save_correlated(incomingAlert)
            correlate_timer.stop_timer(started)
        else:
            started = create_timer.start_timer()
            alert = db.create_alert(incomingAlert)
            create_timer.stop_timer(started)
    except Exception as e:
        raise RuntimeError(e)

    for plugin in plugins:
        try:
            plugin.post_receive(alert)
        except Exception as e:
            raise RuntimeError('Error while running post-receive plug-in: %s', e)

    return alert
Beispiel #2
0
def process_alert(alert):

    for plugin in plugins.routing(alert):
        started = pre_plugin_timer.start_timer()
        try:
            alert = plugin.pre_receive(alert)
        except (RejectException, RateLimit):
            reject_counter.inc()
            pre_plugin_timer.stop_timer(started)
            raise
        except Exception as e:
            error_counter.inc()
            pre_plugin_timer.stop_timer(started)
            raise RuntimeError(
                "Error while running pre-receive plug-in '%s': %s" %
                (plugin.name, str(e)))
        if not alert:
            error_counter.inc()
            pre_plugin_timer.stop_timer(started)
            raise SyntaxError(
                "Plug-in '%s' pre-receive hook did not return modified alert" %
                plugin.name)
        pre_plugin_timer.stop_timer(started)

    if db.is_blackout_period(alert):
        raise BlackoutPeriod("Suppressed alert during blackout period")

    try:
        if db.is_duplicate(alert):
            started = duplicate_timer.start_timer()
            alert = db.save_duplicate(alert)
            duplicate_timer.stop_timer(started)
        elif db.is_correlated(alert):
            started = correlate_timer.start_timer()
            alert = db.save_correlated(alert)
            correlate_timer.stop_timer(started)
        else:
            started = create_timer.start_timer()
            alert = db.create_alert(alert)
            create_timer.stop_timer(started)
    except Exception as e:
        error_counter.inc()
        raise RuntimeError(e)

    for plugin in plugins.routing(alert):
        started = post_plugin_timer.start_timer()
        try:
            plugin.post_receive(alert)
        except Exception as e:
            error_counter.inc()
            post_plugin_timer.stop_timer(started)
            raise RuntimeError(
                "Error while running post-receive plug-in '%s': %s" %
                (plugin.name, str(e)))
        post_plugin_timer.stop_timer(started)

    return alert
Beispiel #3
0
def process_alert(incomingAlert):

    for plugin in plugins:
        started = pre_plugin_timer.start_timer()
        try:
            incomingAlert = plugin.pre_receive(incomingAlert)
        except RejectException:
            reject_counter.inc()
            pre_plugin_timer.stop_timer(started)
            raise
        except Exception as e:
            error_counter.inc()
            pre_plugin_timer.stop_timer(started)
            raise RuntimeError('Error while running pre-receive plug-in: %s' %
                               str(e))
        if not incomingAlert:
            error_counter.inc()
            pre_plugin_timer.stop_timer(started)
            raise SyntaxError(
                'Plug-in pre-receive hook did not return modified alert')
        pre_plugin_timer.stop_timer(started)

    if db.is_blackout_period(incomingAlert):
        raise RuntimeWarning('Suppressed during blackout period')

    try:
        if db.is_duplicate(incomingAlert):
            started = duplicate_timer.start_timer()
            alert = db.save_duplicate(incomingAlert)
            duplicate_timer.stop_timer(started)
        elif db.is_correlated(incomingAlert):
            started = correlate_timer.start_timer()
            alert = db.save_correlated(incomingAlert)
            correlate_timer.stop_timer(started)
        else:
            started = create_timer.start_timer()
            alert = db.create_alert(incomingAlert)
            create_timer.stop_timer(started)
    except Exception as e:
        error_counter.inc()
        raise RuntimeError(e)

    for plugin in plugins:
        started = post_plugin_timer.start_timer()
        try:
            plugin.post_receive(alert)
        except Exception as e:
            error_counter.inc()
            post_plugin_timer.stop_timer(started)
            raise RuntimeError('Error while running post-receive plug-in: %s' %
                               str(e))
        post_plugin_timer.stop_timer(started)

    return alert
Beispiel #4
0
def process_alert(incomingAlert):

    for plugin in plugins:
        started = pre_plugin_timer.start_timer()
        try:
            incomingAlert = plugin.pre_receive(incomingAlert)
        except RejectException:
            reject_counter.inc()
            pre_plugin_timer.stop_timer(started)
            raise
        except Exception as e:
            error_counter.inc()
            pre_plugin_timer.stop_timer(started)
            raise RuntimeError('Error while running pre-receive plug-in: %s' % str(e))
        if not incomingAlert:
            error_counter.inc()
            pre_plugin_timer.stop_timer(started)
            raise SyntaxError('Plug-in pre-receive hook did not return modified alert')
        pre_plugin_timer.stop_timer(started)

    if db.is_blackout_period(incomingAlert):
        raise RuntimeWarning('Suppressed during blackout period')

    try:
        if db.is_duplicate(incomingAlert):
            started = duplicate_timer.start_timer()
            alert = db.save_duplicate(incomingAlert)
            duplicate_timer.stop_timer(started)
        elif db.is_correlated(incomingAlert):
            started = correlate_timer.start_timer()
            alert = db.save_correlated(incomingAlert)
            correlate_timer.stop_timer(started)
        else:
            started = create_timer.start_timer()
            alert = db.create_alert(incomingAlert)
            create_timer.stop_timer(started)
    except Exception as e:
        error_counter.inc()
        raise RuntimeError(e)

    for plugin in plugins:
        started = post_plugin_timer.start_timer()
        try:
            plugin.post_receive(alert)
        except Exception as e:
            error_counter.inc()
            post_plugin_timer.stop_timer(started)
            raise RuntimeError('Error while running post-receive plug-in: %s' % str(e))
        post_plugin_timer.stop_timer(started)

    return alert
Beispiel #5
0
def process_alert(alert):

    for plugin in plugins.routing(alert):
        started = pre_plugin_timer.start_timer()
        try:
            alert = plugin.pre_receive(alert)
        except (RejectException, RateLimit):
            reject_counter.inc()
            pre_plugin_timer.stop_timer(started)
            raise
        except Exception as e:
            error_counter.inc()
            pre_plugin_timer.stop_timer(started)
            raise RuntimeError("Error while running pre-receive plug-in '%s': %s" % (plugin.name, str(e)))
        if not alert:
            error_counter.inc()
            pre_plugin_timer.stop_timer(started)
            raise SyntaxError("Plug-in '%s' pre-receive hook did not return modified alert" % plugin.name)
        pre_plugin_timer.stop_timer(started)

    if db.is_blackout_period(alert):
        raise BlackoutPeriod("Suppressed alert during blackout period")

    try:
        if db.is_duplicate(alert):
            started = duplicate_timer.start_timer()
            alert = db.save_duplicate(alert)
            duplicate_timer.stop_timer(started)
        elif db.is_correlated(alert):
            started = correlate_timer.start_timer()
            alert = db.save_correlated(alert)
            correlate_timer.stop_timer(started)
        else:
            started = create_timer.start_timer()
            alert = db.create_alert(alert)
            create_timer.stop_timer(started)
    except Exception as e:
        error_counter.inc()
        raise RuntimeError(e)

    for plugin in plugins.routing(alert):
        started = post_plugin_timer.start_timer()
        try:
            plugin.post_receive(alert)
        except Exception as e:
            error_counter.inc()
            post_plugin_timer.stop_timer(started)
            raise RuntimeError("Error while running post-receive plug-in '%s': %s" % (plugin.name, str(e)))
        post_plugin_timer.stop_timer(started)

    return alert
Beispiel #6
0
def process_alert(incomingAlert):

    for plugin in plugins:
        try:
            incomingAlert = plugin.pre_receive(incomingAlert)
        except RejectException:
            raise
        except Exception as e:
            raise RuntimeError('Error while running pre-receive plug-in: %s',
                               e)
        if not incomingAlert:
            raise SyntaxError(
                'Plug-in pre-receive hook did not return modified alert')

    try:
        if db.is_duplicate(incomingAlert):
            started = duplicate_timer.start_timer()
            alert = db.save_duplicate(incomingAlert)
            duplicate_timer.stop_timer(started)
        elif db.is_correlated(incomingAlert):
            started = correlate_timer.start_timer()
            alert = db.save_correlated(incomingAlert)
            correlate_timer.stop_timer(started)
        else:
            started = create_timer.start_timer()
            alert = db.create_alert(incomingAlert)
            create_timer.stop_timer(started)
    except Exception as e:
        raise RuntimeError(e)

    for plugin in plugins:
        try:
            plugin.post_receive(alert)
        except Exception as e:
            raise RuntimeError('Error while running post-receive plug-in: %s',
                               e)

    return alert
Beispiel #7
0
        LOG.info('Suppressing alert %s', incomingAlert.get_id())
        return jsonify(status="error", message="alert suppressed by transform")

    if db.is_duplicate(incomingAlert):

        started = duplicate_timer.start_timer()
        alert = db.save_duplicate(incomingAlert)
        duplicate_timer.stop_timer(started)

        if alert and CONF.forward_duplicate:
            notify.send(alert)

    elif db.is_correlated(incomingAlert):

        started = correlate_timer.start_timer()
        alert = db.save_correlated(incomingAlert)
        correlate_timer.stop_timer(started)

        if alert:
            notify.send(alert)

    else:
        started = create_new_timer.start_timer()
        alert = db.save_alert(incomingAlert)
        create_new_timer.stop_timer(started)

        if alert:
            notify.send(alert)

    if alert:
        return jsonify(status="ok", id=alert.id)