def get_alert(alert_key, **kwargs): """ Get the alert details for a given alert key Variables: alert_key => Alert key to get the details for Arguments: None Data Block: None API call example: /api/v3/alert/1234567890/ Result example: { KEY: VALUE, # All fields of an alert in key/value pair } """ user = kwargs['user'] data = STORAGE.get_alert(alert_key) if user and data and Classification.is_accessible(user['classification'], data['classification']): return make_api_response(data) else: return make_api_response("", "You are not allowed to see this alert...", 403)
def add_labels(alert_id, labels, **kwargs): """ Add one or multiple labels to a given alert Variables: alert_id => ID of the alert to add the label to labels => List of labels to add as comma separated string Arguments: None Data Block: None API call example: /api/v3/alert/label/1234567890/EMAIL/ Result example: {"success": true, "event_id": 0} """ user = kwargs['user'] labels = set(labels.upper().split(",")) alert = STORAGE.get_alert(alert_id) if not alert: return make_api_response({ "success": False, "event_id": None }, err="Alert ID %s not found" % alert_id, status_code=404) if not Classification.is_accessible(user['classification'], alert['classification']): return make_api_response("", "You are not allowed to see this alert...", 403) cur_label = set(alert.get('label', [])) if labels.difference(labels.intersection(cur_label)): cur_label = cur_label.union(labels) alert['label'] = list(cur_label) STORAGE.save_alert(alert_id, alert) return make_api_response({"success": True}) else: return make_api_response({"success": False}, err="Alert already has labels %s" % ", ".join(labels), status_code=403)
def change_priority(alert_id, priority, **kwargs): """ Change the priority of a given alert Variables: alert_id => ID of the alert to change the priority priority => New priority for the alert Arguments: None Data Block: None API call example: /api/v3/alert/priority/1234567890/MALICIOUS/ Result example: {"success": true, "event_id": 0} """ user = kwargs['user'] priority = priority.upper() alert = STORAGE.get_alert(alert_id) if not alert: return make_api_response({ "success": False, "event_id": None }, err="Alert ID %s not found" % alert_id, status_code=404) if not Classification.is_accessible(user['classification'], alert['classification']): return make_api_response("", "You are not allowed to see this alert...", 403) if priority != alert.get('priority', None): alert['priority'] = priority STORAGE.save_alert(alert_id, alert) return make_api_response({"success": True}) else: return make_api_response({"success": False}, err="Alert already has priority %s" % priority, status_code=403)
def alert_detail(*_, **kwargs): user = kwargs['user'] alert_key = angular_safe(request.args.get("alert_key", None)) if not alert_key: abort(404) alert = STORAGE.get_alert(alert_key) if user and alert and Classification.is_accessible( user['classification'], alert['classification']): return custom_render("alert_detail.html", alert_key=alert_key, **kwargs) else: abort(403)
def take_ownership(alert_id, **kwargs): """ Take ownership of a given alert Variables: alert_id => ID of the alert to send to take ownership Arguments: None Data Block: None API call example: /api/v3/alert/ownership/1234567890/ Result example: {"success": true} """ user = kwargs['user'] alert = STORAGE.get_alert(alert_id) if not alert: return make_api_response({"success": False}, err="Alert ID %s not found" % alert_id, status_code=404) if not Classification.is_accessible(user['classification'], alert['classification']): return make_api_response({"success": False}, "You are not allowed to see this alert...", 403) if alert.get('owner', None) is None: alert.update({"owner": user['uname']}) STORAGE.save_alert(alert_id, alert) return make_api_response({"success": True}) else: return make_api_response({"success": False}, err="Alert is already owned by %s" % alert['owner'], status_code=403)