Beispiel #1
0
 def test_status_closed(self):
     """
     When alert Clears or becomes Normal, then status is Closed
     """
     self.assertEquals(severity_code.status_from_severity(severity_code.CRITICAL, severity_code.CLEARED), status_code.CLOSED)
     self.assertEquals(severity_code.status_from_severity(severity_code.WARNING, severity_code.CLEARED), status_code.CLOSED)
     self.assertEquals(severity_code.status_from_severity(severity_code.UNKNOWN, severity_code.NORMAL), status_code.CLOSED)
     self.assertEquals(severity_code.status_from_severity(severity_code.DEBUG, severity_code.CLEARED), status_code.CLOSED)
     self.assertEquals(severity_code.status_from_severity(severity_code.AUTH, severity_code.NORMAL), status_code.CLOSED)
Beispiel #2
0
 def test_status_reopen(self):
     """
     When trendIndication is moreSevere, status should be set to Open
     """
     self.assertEquals(
         severity_code.status_from_severity(severity_code.MINOR,
                                            severity_code.MAJOR,
                                            status_code.ACK),
         status_code.OPEN)
     self.assertEquals(
         severity_code.status_from_severity(severity_code.NORMAL,
                                            severity_code.MAJOR,
                                            status_code.CLOSED),
         status_code.OPEN)
Beispiel #3
0
 def test_status_no_change(self):
     """
     When trendIndication is lessSevere, status should not change
     """
     self.assertEquals(
         severity_code.status_from_severity(severity_code.NORMAL,
                                            severity_code.UNKNOWN,
                                            status_code.OPEN),
         status_code.OPEN)
Beispiel #4
0
 def test_status_closed(self):
     """
     When alert Clears or becomes Normal, then status is Closed
     """
     self.assertEquals(
         severity_code.status_from_severity(severity_code.CRITICAL,
                                            severity_code.CLEARED),
         status_code.CLOSED)
     self.assertEquals(
         severity_code.status_from_severity(severity_code.WARNING,
                                            severity_code.CLEARED),
         status_code.CLOSED)
     self.assertEquals(
         severity_code.status_from_severity(severity_code.UNKNOWN,
                                            severity_code.NORMAL),
         status_code.CLOSED)
     self.assertEquals(
         severity_code.status_from_severity(severity_code.DEBUG,
                                            severity_code.CLEARED),
         status_code.CLOSED)
     self.assertEquals(
         severity_code.status_from_severity(severity_code.AUTH,
                                            severity_code.NORMAL),
         status_code.CLOSED)
Beispiel #5
0
    def create_alert(self, alert):

        trend_indication = severity_code.trend(severity_code.UNKNOWN,
                                               alert.severity)
        if alert.status == status_code.UNKNOWN:
            status = severity_code.status_from_severity(
                severity_code.UNKNOWN, alert.severity)
        else:
            status = alert.status

        now = datetime.datetime.utcnow()
        history = [{
            "id": alert.id,
            "event": alert.event,
            "severity": alert.severity,
            "value": alert.value,
            "text": alert.text,
            "updateTime": alert.create_time
        }]
        if status != alert.status:
            history.append({
                "event": alert.event,
                "status": status,
                "text": "new alert status change",
                "id": alert.id,
                "updateTime": now
            })

        alert = {
            "_id": alert.id,
            "resource": alert.resource,
            "event": alert.event,
            "environment": alert.environment,
            "severity": alert.severity,
            "correlate": alert.correlate,
            "status": status,
            "service": alert.service,
            "group": alert.group,
            "value": alert.value,
            "text": alert.text,
            "tags": alert.tags,
            "attributes": alert.attributes,
            "origin": alert.origin,
            "type": alert.event_type,
            "createTime": alert.create_time,
            "timeout": alert.timeout,
            "rawData": alert.raw_data,
            "duplicateCount": 0,
            "repeat": False,
            "previousSeverity": severity_code.UNKNOWN,
            "trendIndication": trend_indication,
            "receiveTime": now,
            "lastReceiveId": alert.id,
            "lastReceiveTime": now,
            "history": history
        }

        LOG.debug('Insert new alert in database: %s', alert)

        response = self.db.alerts.insert(alert)

        if not response:
            return

        return AlertDocument(id=alert['_id'],
                             resource=alert['resource'],
                             event=alert['event'],
                             environment=alert['environment'],
                             severity=alert['severity'],
                             correlate=alert['correlate'],
                             status=alert['status'],
                             service=alert['service'],
                             group=alert['group'],
                             value=alert['value'],
                             text=alert['text'],
                             tags=alert['tags'],
                             attributes=alert['attributes'],
                             origin=alert['origin'],
                             event_type=alert['type'],
                             create_time=alert['createTime'],
                             timeout=alert['timeout'],
                             raw_data=alert['rawData'],
                             duplicate_count=alert['duplicateCount'],
                             repeat=alert['repeat'],
                             previous_severity=alert['previousSeverity'],
                             trend_indication=alert['trendIndication'],
                             receive_time=alert['receiveTime'],
                             last_receive_id=alert['lastReceiveId'],
                             last_receive_time=alert['lastReceiveTime'],
                             history=list())
Beispiel #6
0
    def save_correlated(self, alert):
        """
        Update alert key attributes, reset duplicate count and set repeat=False, keep track of last
        receive id and time, appending all to history. Append to history again if status changes.
        """

        previous_severity = self.get_severity(alert)
        previous_status = self.get_status(alert)
        trend_indication = severity_code.trend(previous_severity,
                                               alert.severity)
        if alert.status == status_code.UNKNOWN:
            status = severity_code.status_from_severity(
                previous_severity, alert.severity, previous_status)
        else:
            status = alert.status

        query = {
            "environment":
            alert.environment,
            "resource":
            alert.resource,
            '$or': [{
                "event": alert.event,
                "severity": {
                    '$ne': alert.severity
                }
            }, {
                "event": {
                    '$ne': alert.event
                },
                "correlate": alert.event,
                "severity": alert.severity
            }, {
                "event": {
                    '$ne': alert.event
                },
                "correlate": alert.event,
                "severity": {
                    '$ne': alert.severity
                }
            }]
        }

        now = datetime.datetime.utcnow()
        update = {
            '$set': {
                "event": alert.event,
                "severity": alert.severity,
                "status": status,
                "value": alert.value,
                "text": alert.text,
                "tags": alert.tags,
                "attributes": alert.attributes,
                "createTime": alert.create_time,
                "rawData": alert.raw_data,
                "duplicateCount": 0,
                "repeat": False,
                "previousSeverity": previous_severity,
                "trendIndication": trend_indication,
                "receiveTime": now,
                "lastReceiveId": alert.id,
                "lastReceiveTime": now
            },
            '$pushAll': {
                "history": [{
                    "event": alert.event,
                    "severity": alert.severity,
                    "value": alert.value,
                    "text": alert.text,
                    "id": alert.id,
                    "updateTime": alert.create_time
                }]
            }
        }

        if status != previous_status:
            update['$pushAll']['history'].append({
                "event": alert.event,
                "status": status,
                "text": "correlated alert status change",
                "id": alert.id,
                "updateTime": now
            })

        LOG.debug('Update correlated alert in database: %s', update)

        no_obj_error = "No matching object found"
        response = self.db.command("findAndModify",
                                   'alerts',
                                   allowable_errors=[no_obj_error],
                                   query=query,
                                   update=update,
                                   new=True,
                                   fields={"history": 0})["value"]

        return AlertDocument(id=response['_id'],
                             resource=response['resource'],
                             event=response['event'],
                             environment=response['environment'],
                             severity=response['severity'],
                             correlate=response['correlate'],
                             status=response['status'],
                             service=response['service'],
                             group=response['group'],
                             value=response['value'],
                             text=response['text'],
                             tags=response['tags'],
                             attributes=response['attributes'],
                             origin=response['origin'],
                             event_type=response['type'],
                             create_time=response['createTime'],
                             timeout=response['timeout'],
                             raw_data=response['rawData'],
                             duplicate_count=response['duplicateCount'],
                             repeat=response['repeat'],
                             previous_severity=response['previousSeverity'],
                             trend_indication=response['trendIndication'],
                             receive_time=response['receiveTime'],
                             last_receive_id=response['lastReceiveId'],
                             last_receive_time=response['lastReceiveTime'],
                             history=list())
Beispiel #7
0
    def create_alert(self, alert):

        trend_indication = severity_code.trend(severity_code.UNKNOWN, alert.severity)
        if alert.status == status_code.UNKNOWN:
            status = severity_code.status_from_severity(severity_code.UNKNOWN, alert.severity)
        else:
            status = alert.status

        now = datetime.datetime.utcnow()
        history = [{
            "id": alert.id,
            "event": alert.event,
            "severity": alert.severity,
            "value": alert.value,
            "text": alert.text,
            "updateTime": alert.create_time
        }]
        if status != alert.status:
            history.append({
                "event": alert.event,
                "status": status,
                "text": "new alert status change",
                "id": alert.id,
                "updateTime": now
            })

        alert = {
            "_id": alert.id,
            "resource": alert.resource,
            "event": alert.event,
            "environment": alert.environment,
            "severity": alert.severity,
            "correlate": alert.correlate,
            "status": status,
            "service": alert.service,
            "group": alert.group,
            "value": alert.value,
            "text": alert.text,
            "tags": alert.tags,
            "attributes": alert.attributes,
            "origin": alert.origin,
            "type": alert.event_type,
            "createTime": alert.create_time,
            "timeout": alert.timeout,
            "rawData": alert.raw_data,
            "customer": alert.customer,
            "duplicateCount": 0,
            "repeat": False,
            "previousSeverity": severity_code.UNKNOWN,
            "trendIndication": trend_indication,
            "receiveTime": now,
            "lastReceiveId": alert.id,
            "lastReceiveTime": now,
            "history": history
        }

        LOG.debug('Insert new alert in database: %s', alert)

        response = self._db.alerts.insert_one(alert)

        if not response:
            return

        return AlertDocument(
            id=alert['_id'],
            resource=alert['resource'],
            event=alert['event'],
            environment=alert['environment'],
            severity=alert['severity'],
            correlate=alert['correlate'],
            status=alert['status'],
            service=alert['service'],
            group=alert['group'],
            value=alert['value'],
            text=alert['text'],
            tags=alert['tags'],
            attributes=alert['attributes'],
            origin=alert['origin'],
            event_type=alert['type'],
            create_time=alert['createTime'],
            timeout=alert['timeout'],
            raw_data=alert['rawData'],
            customer=alert['customer'],
            duplicate_count=alert['duplicateCount'],
            repeat=alert['repeat'],
            previous_severity=alert['previousSeverity'],
            trend_indication=alert['trendIndication'],
            receive_time=alert['receiveTime'],
            last_receive_id=alert['lastReceiveId'],
            last_receive_time=alert['lastReceiveTime'],
            history=list()
        )
Beispiel #8
0
    def save_correlated(self, alert):
        """
        Update alert key attributes, reset duplicate count and set repeat=False, keep track of last
        receive id and time, appending all to history. Append to history again if status changes.
        """

        previous_severity = self.get_severity(alert)
        previous_status = self.get_status(alert)
        trend_indication = severity_code.trend(previous_severity, alert.severity)
        if alert.status == status_code.UNKNOWN:
            status = severity_code.status_from_severity(previous_severity, alert.severity, previous_status)
        else:
            status = alert.status

        query = {
            "environment": alert.environment,
            "resource": alert.resource,
            '$or': [
                {
                    "event": alert.event,
                    "severity": {'$ne': alert.severity}
                },
                {
                    "event": {'$ne': alert.event},
                    "correlate": alert.event
                }],
            "customer": alert.customer
        }

        now = datetime.datetime.utcnow()
        update = {
            '$set': {
                "event": alert.event,
                "severity": alert.severity,
                "status": status,
                "value": alert.value,
                "text": alert.text,
                "tags": alert.tags,
                "attributes": alert.attributes,
                "createTime": alert.create_time,
                "rawData": alert.raw_data,
                "duplicateCount": 0,
                "repeat": False,
                "previousSeverity": previous_severity,
                "trendIndication": trend_indication,
                "receiveTime": now,
                "lastReceiveId": alert.id,
                "lastReceiveTime": now
            },
            '$push': {
                "history": {
                    '$each': [{
                        "event": alert.event,
                        "severity": alert.severity,
                        "value": alert.value,
                        "text": alert.text,
                        "id": alert.id,
                        "updateTime": alert.create_time
                    }],
                    '$slice': -abs(app.config['HISTORY_LIMIT'])
                }
            }
        }

        if status != previous_status:
            update['$push']['history']['$each'].append({
                "event": alert.event,
                "status": status,
                "text": "correlated alert status change",
                "id": alert.id,
                "updateTime": now
            })

        LOG.debug('Update correlated alert in database: %s', update)
        response = self._db.alerts.find_one_and_update(
            query,
            update=update,
            projection={"history": 0},
            return_document=ReturnDocument.AFTER
        )

        return AlertDocument(
            id=response['_id'],
            resource=response['resource'],
            event=response['event'],
            environment=response['environment'],
            severity=response['severity'],
            correlate=response['correlate'],
            status=response['status'],
            service=response['service'],
            group=response['group'],
            value=response['value'],
            text=response['text'],
            tags=response['tags'],
            attributes=response['attributes'],
            origin=response['origin'],
            event_type=response['type'],
            create_time=response['createTime'],
            timeout=response['timeout'],
            raw_data=response['rawData'],
            customer=response.get('customer', None),
            duplicate_count=response['duplicateCount'],
            repeat=response['repeat'],
            previous_severity=response['previousSeverity'],
            trend_indication=response['trendIndication'],
            receive_time=response['receiveTime'],
            last_receive_id=response['lastReceiveId'],
            last_receive_time=response['lastReceiveTime'],
            history=list()
        )
Beispiel #9
0
    def save_duplicate(self, alert):
        """
        Update alert value, text and rawData, increment duplicate count and set repeat=True, and
        keep track of last receive id and time but don't append to history unless status changes.
        """

        previous_status = self.get_status(alert)
        if alert.status != status_code.UNKNOWN and alert.status != previous_status:
            status = alert.status
        else:
            status = severity_code.status_from_severity(alert.severity, alert.severity, previous_status)

        query = {
            "environment": alert.environment,
            "resource": alert.resource,
            "event": alert.event,
            "severity": alert.severity,
            "customer": alert.customer
        }

        now = datetime.datetime.utcnow()
        update = {
            '$set': {
                "status": status,
                "value": alert.value,
                "text": alert.text,
                "rawData": alert.raw_data,
                "repeat": True,
                "lastReceiveId": alert.id,
                "lastReceiveTime": now
            },
            '$inc': {"duplicateCount": 1}
        }
        if status != previous_status:
            update['$push'] = {
                "history": {
                    '$each': [{
                        "event": alert.event,
                        "status": status,
                        "text": "duplicate alert status change",
                        "id": alert.id,
                        "updateTime": now
                    }],
                    '$slice': -abs(app.config['HISTORY_LIMIT'])
                }
            }

        LOG.debug('Update duplicate alert in database: %s', update)
        response = self._db.alerts.find_one_and_update(
            query,
            update=update,
            projection={"history": 0},
            return_document=ReturnDocument.AFTER
        )

        return AlertDocument(
            id=response['_id'],
            resource=response['resource'],
            event=response['event'],
            environment=response['environment'],
            severity=response['severity'],
            correlate=response['correlate'],
            status=response['status'],
            service=response['service'],
            group=response['group'],
            value=response['value'],
            text=response['text'],
            tags=response['tags'],
            attributes=response['attributes'],
            origin=response['origin'],
            event_type=response['type'],
            create_time=response['createTime'],
            timeout=response['timeout'],
            raw_data=response['rawData'],
            customer=response.get('customer', None),
            duplicate_count=response['duplicateCount'],
            repeat=response['repeat'],
            previous_severity=response['previousSeverity'],
            trend_indication=response['trendIndication'],
            receive_time=response['receiveTime'],
            last_receive_id=response['lastReceiveId'],
            last_receive_time=response['lastReceiveTime'],
            history=list()
        )
Beispiel #10
0
    def save_correlated(self, alert):
        """
        Update alert key attributes, reset duplicate count and set repeat=False, keep track of last
        receive id and time, appending all to history. Append to history again if status changes.
        """

        previous_severity = self.get_severity(alert)
        previous_status = self.get_status(alert)
        trend_indication = severity_code.trend(previous_severity, alert.severity)
        if alert.status == status_code.UNKNOWN:
            status = severity_code.status_from_severity(previous_severity, alert.severity, previous_status)
        else:
            status = alert.status

        query = {
            "environment": alert.environment,
            "resource": alert.resource,
            "$or": [
                {"event": alert.event, "severity": {"$ne": alert.severity}},
                {"event": {"$ne": alert.event}, "correlate": alert.event},
            ],
            "customer": alert.customer,
        }

        now = datetime.datetime.utcnow()
        update = {
            "$set": {
                "event": alert.event,
                "severity": alert.severity,
                "status": status,
                "value": alert.value,
                "text": alert.text,
                "tags": alert.tags,
                "attributes": alert.attributes,
                "createTime": alert.create_time,
                "rawData": alert.raw_data,
                "duplicateCount": 0,
                "repeat": False,
                "previousSeverity": previous_severity,
                "trendIndication": trend_indication,
                "receiveTime": now,
                "lastReceiveId": alert.id,
                "lastReceiveTime": now,
            },
            "$push": {
                "history": {
                    "$each": [
                        {
                            "event": alert.event,
                            "severity": alert.severity,
                            "value": alert.value,
                            "text": alert.text,
                            "id": alert.id,
                            "updateTime": alert.create_time,
                        }
                    ],
                    "$slice": -abs(app.config["HISTORY_LIMIT"]),
                }
            },
        }

        if status != previous_status:
            update["$push"]["history"]["$each"].append(
                {
                    "event": alert.event,
                    "status": status,
                    "text": "correlated alert status change",
                    "id": alert.id,
                    "updateTime": now,
                }
            )

        LOG.debug("Update correlated alert in database: %s", update)
        response = self._db.alerts.find_one_and_update(
            query, update=update, projection={"history": 0}, return_document=ReturnDocument.AFTER
        )

        return AlertDocument(
            id=response["_id"],
            resource=response["resource"],
            event=response["event"],
            environment=response["environment"],
            severity=response["severity"],
            correlate=response["correlate"],
            status=response["status"],
            service=response["service"],
            group=response["group"],
            value=response["value"],
            text=response["text"],
            tags=response["tags"],
            attributes=response["attributes"],
            origin=response["origin"],
            event_type=response["type"],
            create_time=response["createTime"],
            timeout=response["timeout"],
            raw_data=response["rawData"],
            customer=response.get("customer", None),
            duplicate_count=response["duplicateCount"],
            repeat=response["repeat"],
            previous_severity=response["previousSeverity"],
            trend_indication=response["trendIndication"],
            receive_time=response["receiveTime"],
            last_receive_id=response["lastReceiveId"],
            last_receive_time=response["lastReceiveTime"],
            history=list(),
        )
Beispiel #11
0
 def test_status_reopen(self):
     """
     When trendIndication is moreSevere, status should be set to Open
     """
     self.assertEquals(severity_code.status_from_severity(severity_code.MINOR, severity_code.MAJOR, status_code.ACK), status_code.OPEN)
     self.assertEquals(severity_code.status_from_severity(severity_code.NORMAL, severity_code.MAJOR, status_code.CLOSED), status_code.OPEN)
Beispiel #12
0
 def test_status_no_change(self):
     """
     When trendIndication is lessSevere, status should not change
     """
     self.assertEquals(severity_code.status_from_severity(severity_code.NORMAL, severity_code.UNKNOWN, status_code.OPEN), status_code.OPEN)
Beispiel #13
0
    def save_correlated(self, alert):
        """
        Update alert key attributes, reset duplicate count and set repeat=False, keep track of last
        receive id and time, appending all to history. Append to history again if status changes.
        """

        previous_severity = self.get_severity(alert)
        previous_status = self.get_status(alert)
        trend_indication = severity_code.trend(previous_severity, alert.severity)
        if alert.status == status_code.UNKNOWN:
            status = severity_code.status_from_severity(previous_severity, alert.severity, previous_status)
        else:
            status = alert.status

        query = {
            "environment": alert.environment,
            "resource": alert.resource,
            '$or': [
                {
                    "event": alert.event,
                    "severity": {'$ne': alert.severity}
                },
                {
                    "event": {'$ne': alert.event},
                    "correlate": alert.event,
                    "severity": alert.severity
                },
                {
                    "event": {'$ne': alert.event},
                    "correlate": alert.event,
                    "severity": {'$ne': alert.severity}
                }]
        }

        now = datetime.datetime.utcnow()
        update = {
            '$set': {
                "event": alert.event,
                "severity": alert.severity,
                "status": status,
                "value": alert.value,
                "text": alert.text,
                "tags": alert.tags,
                "attributes": alert.attributes,
                "createTime": alert.create_time,
                "rawData": alert.raw_data,
                "duplicateCount": 0,
                "repeat": False,
                "previousSeverity": previous_severity,
                "trendIndication": trend_indication,
                "receiveTime": now,
                "lastReceiveId": alert.id,
                "lastReceiveTime": now
            },
            '$pushAll': {
                "history": [{
                    "event": alert.event,
                    "severity": alert.severity,
                    "value": alert.value,
                    "text": alert.text,
                    "id": alert.id,
                    "updateTime": alert.create_time
                }]
            }
        }

        if status != previous_status:
            update['$pushAll']['history'].append({
                "event": alert.event,
                "status": status,
                "text": "correlated alert status change",
                "id": alert.id,
                "updateTime": now
            })

        LOG.debug('Update correlated alert in database: %s', update)

        no_obj_error = "No matching object found"
        response = self.db.command("findAndModify", 'alerts',
                                   allowable_errors=[no_obj_error],
                                   query=query,
                                   update=update,
                                   new=True,
                                   fields={"history": 0})["value"]

        return AlertDocument(
            id=response['_id'],
            resource=response['resource'],
            event=response['event'],
            environment=response['environment'],
            severity=response['severity'],
            correlate=response['correlate'],
            status=response['status'],
            service=response['service'],
            group=response['group'],
            value=response['value'],
            text=response['text'],
            tags=response['tags'],
            attributes=response['attributes'],
            origin=response['origin'],
            event_type=response['type'],
            create_time=response['createTime'],
            timeout=response['timeout'],
            raw_data=response['rawData'],
            duplicate_count=response['duplicateCount'],
            repeat=response['repeat'],
            previous_severity=response['previousSeverity'],
            trend_indication=response['trendIndication'],
            receive_time=response['receiveTime'],
            last_receive_id=response['lastReceiveId'],
            last_receive_time=response['lastReceiveTime'],
            history=list()
        )
Beispiel #14
0
    def save_correlated(self, alert, tenant):
        """
        Update alert key attributes, reset duplicate count and set repeat=False, keep track of last
        receive id and time, appending all to history. Append to history again if status changes.
        """
        dBase = self._client[tenant]

        previous_severity = self.get_severity(alert, tenant)
        previous_status = self.get_status(alert, tenant)
        trend_indication = severity_code.trend(previous_severity, alert.severity)
        if alert.status == status_code.UNKNOWN:
            status = severity_code.status_from_severity(previous_severity, alert.severity, previous_status)
        else:
            status = alert.status

        query = {
            "environment": alert.environment,
            "resource": alert.resource,
            '$or': [
                {
                    "event": alert.event,
                    "severity": {'$ne': alert.severity}
                },
                {
                    "event": {'$ne': alert.event},
                    "correlate": alert.event
                }],
            "customer": alert.customer
        }

        now = datetime.datetime.utcnow()
        update = {
            '$set': {
                "event": alert.event,
                "severity": alert.severity,
                "status": status,
                "value": alert.value,
                "text": alert.text,
                "tags": alert.tags,
                "attributes": alert.attributes,
                "createTime": alert.create_time,
                "rawData": alert.raw_data,
                "duplicateCount": 0,
                "repeat": False,
                "previousSeverity": previous_severity,
                "trendIndication": trend_indication,
                "receiveTime": now,
                "lastReceiveId": alert.id,
                "lastReceiveTime": now
            },
            '$pushAll': {
                "history": [{
                    "event": alert.event,
                    "severity": alert.severity,
                    "value": alert.value,
                    "text": alert.text,
                    "id": alert.id,
                    "updateTime": alert.create_time
                }]
            }
        }

        if status != previous_status:
            update['$pushAll']['history'].append({
                "event": alert.event,
                "status": status,
                "text": "correlated alert status change",
                "id": alert.id,
                "updateTime": now
            })

        LOG.debug('Update correlated alert in database: %s', update)
        response = dBase.alerts.find_one_and_update(
            query,
            update=update,
            projection={"history": 0},
            return_document=ReturnDocument.AFTER
        )

        return AlertDocument(
            id=response['_id'],
            resource=response['resource'],
            event=response['event'],
            environment=response['environment'],
            severity=response['severity'],
            correlate=response['correlate'],
            status=response['status'],
            service=response['service'],
            group=response['group'],
            value=response['value'],
            text=response['text'],
            tags=response['tags'],
            attributes=response['attributes'],
            origin=response['origin'],
            event_type=response['type'],
            create_time=response['createTime'],
            timeout=response['timeout'],
            raw_data=response['rawData'],
            customer=response.get('customer', None),
            duplicate_count=response['duplicateCount'],
            repeat=response['repeat'],
            previous_severity=response['previousSeverity'],
            trend_indication=response['trendIndication'],
            receive_time=response['receiveTime'],
            last_receive_id=response['lastReceiveId'],
            last_receive_time=response['lastReceiveTime'],
            history=list()
        )
Beispiel #15
0
    def save_duplicate(self, alert, tenant):
        """
        Update alert value, text and rawData, increment duplicate count and set repeat=True, and
        keep track of last receive id and time but don't append to history unless status changes.
        """
        dBase = self._client[tenant]

        previous_status = self.get_status(alert, tenant)
        if alert.status != status_code.UNKNOWN and alert.status != previous_status:
            status = alert.status
        else:
            status = severity_code.status_from_severity(alert.severity, alert.severity, previous_status)

        query = {
            "environment": alert.environment,
            "resource": alert.resource,
            "event": alert.event,
            "severity": alert.severity,
            "customer": alert.customer
        }

        now = datetime.datetime.utcnow()
        update = {
            '$set': {
                "status": status,
                "value": alert.value,
                "text": alert.text,
                "rawData": alert.raw_data,
                "repeat": True,
                "lastReceiveId": alert.id,
                "lastReceiveTime": now
            },
            '$inc': {"duplicateCount": 1}
        }
        if status != previous_status:
            update['$push'] = {
                "history": {
                    "event": alert.event,
                    "status": status,
                    "text": "duplicate alert status change",
                    "id": alert.id,
                    "updateTime": now
                }
            }

        LOG.debug('Update duplicate alert in database: %s', update)
        response = dBase.alerts.find_one_and_update(
            query,
            update=update,
            projection={"history": 0},
            return_document=ReturnDocument.AFTER
        )

        return AlertDocument(
            id=response['_id'],
            resource=response['resource'],
            event=response['event'],
            environment=response['environment'],
            severity=response['severity'],
            correlate=response['correlate'],
            status=response['status'],
            service=response['service'],
            group=response['group'],
            value=response['value'],
            text=response['text'],
            tags=response['tags'],
            attributes=response['attributes'],
            origin=response['origin'],
            event_type=response['type'],
            create_time=response['createTime'],
            timeout=response['timeout'],
            raw_data=response['rawData'],
            customer=response.get('customer', None),
            duplicate_count=response['duplicateCount'],
            repeat=response['repeat'],
            previous_severity=response['previousSeverity'],
            trend_indication=response['trendIndication'],
            receive_time=response['receiveTime'],
            last_receive_id=response['lastReceiveId'],
            last_receive_time=response['lastReceiveTime'],
            history=list()
        )