def pre_receive(self, alert): if db.is_correlated(alert) is True: self.correlated = True LOG.info("Correlated Alert: {}".format(self.correlated)) return alert
def process_alert(incomingAlert): for plugin in plugins: try: incomingAlert = plugin.pre_receive(incomingAlert) except RejectException: raise except Exception as e: raise RuntimeError('Error while running pre-receive plug-in: %s', e) if not incomingAlert: raise SyntaxError('Plug-in pre-receive hook did not return modified alert') try: if db.is_duplicate(incomingAlert): started = duplicate_timer.start_timer() alert = db.save_duplicate(incomingAlert) duplicate_timer.stop_timer(started) elif db.is_correlated(incomingAlert): started = correlate_timer.start_timer() alert = db.save_correlated(incomingAlert) correlate_timer.stop_timer(started) else: started = create_timer.start_timer() alert = db.create_alert(incomingAlert) create_timer.stop_timer(started) except Exception as e: raise RuntimeError(e) for plugin in plugins: try: plugin.post_receive(alert) except Exception as e: raise RuntimeError('Error while running post-receive plug-in: %s', e) return alert
def process_alert(alert): for plugin in plugins.routing(alert): started = pre_plugin_timer.start_timer() try: alert = plugin.pre_receive(alert) except (RejectException, RateLimit): reject_counter.inc() pre_plugin_timer.stop_timer(started) raise except Exception as e: error_counter.inc() pre_plugin_timer.stop_timer(started) raise RuntimeError( "Error while running pre-receive plug-in '%s': %s" % (plugin.name, str(e))) if not alert: error_counter.inc() pre_plugin_timer.stop_timer(started) raise SyntaxError( "Plug-in '%s' pre-receive hook did not return modified alert" % plugin.name) pre_plugin_timer.stop_timer(started) if db.is_blackout_period(alert): raise BlackoutPeriod("Suppressed alert during blackout period") try: if db.is_duplicate(alert): started = duplicate_timer.start_timer() alert = db.save_duplicate(alert) duplicate_timer.stop_timer(started) elif db.is_correlated(alert): started = correlate_timer.start_timer() alert = db.save_correlated(alert) correlate_timer.stop_timer(started) else: started = create_timer.start_timer() alert = db.create_alert(alert) create_timer.stop_timer(started) except Exception as e: error_counter.inc() raise RuntimeError(e) for plugin in plugins.routing(alert): started = post_plugin_timer.start_timer() try: plugin.post_receive(alert) except Exception as e: error_counter.inc() post_plugin_timer.stop_timer(started) raise RuntimeError( "Error while running post-receive plug-in '%s': %s" % (plugin.name, str(e))) post_plugin_timer.stop_timer(started) return alert
def process_alert(incomingAlert): for plugin in plugins: started = pre_plugin_timer.start_timer() try: incomingAlert = plugin.pre_receive(incomingAlert) except RejectException: reject_counter.inc() pre_plugin_timer.stop_timer(started) raise except Exception as e: error_counter.inc() pre_plugin_timer.stop_timer(started) raise RuntimeError('Error while running pre-receive plug-in: %s' % str(e)) if not incomingAlert: error_counter.inc() pre_plugin_timer.stop_timer(started) raise SyntaxError( 'Plug-in pre-receive hook did not return modified alert') pre_plugin_timer.stop_timer(started) if db.is_blackout_period(incomingAlert): raise RuntimeWarning('Suppressed during blackout period') try: if db.is_duplicate(incomingAlert): started = duplicate_timer.start_timer() alert = db.save_duplicate(incomingAlert) duplicate_timer.stop_timer(started) elif db.is_correlated(incomingAlert): started = correlate_timer.start_timer() alert = db.save_correlated(incomingAlert) correlate_timer.stop_timer(started) else: started = create_timer.start_timer() alert = db.create_alert(incomingAlert) create_timer.stop_timer(started) except Exception as e: error_counter.inc() raise RuntimeError(e) for plugin in plugins: started = post_plugin_timer.start_timer() try: plugin.post_receive(alert) except Exception as e: error_counter.inc() post_plugin_timer.stop_timer(started) raise RuntimeError('Error while running post-receive plug-in: %s' % str(e)) post_plugin_timer.stop_timer(started) return alert
def process_alert(incomingAlert): for plugin in plugins: started = pre_plugin_timer.start_timer() try: incomingAlert = plugin.pre_receive(incomingAlert) except RejectException: reject_counter.inc() pre_plugin_timer.stop_timer(started) raise except Exception as e: error_counter.inc() pre_plugin_timer.stop_timer(started) raise RuntimeError('Error while running pre-receive plug-in: %s' % str(e)) if not incomingAlert: error_counter.inc() pre_plugin_timer.stop_timer(started) raise SyntaxError('Plug-in pre-receive hook did not return modified alert') pre_plugin_timer.stop_timer(started) if db.is_blackout_period(incomingAlert): raise RuntimeWarning('Suppressed during blackout period') try: if db.is_duplicate(incomingAlert): started = duplicate_timer.start_timer() alert = db.save_duplicate(incomingAlert) duplicate_timer.stop_timer(started) elif db.is_correlated(incomingAlert): started = correlate_timer.start_timer() alert = db.save_correlated(incomingAlert) correlate_timer.stop_timer(started) else: started = create_timer.start_timer() alert = db.create_alert(incomingAlert) create_timer.stop_timer(started) except Exception as e: error_counter.inc() raise RuntimeError(e) for plugin in plugins: started = post_plugin_timer.start_timer() try: plugin.post_receive(alert) except Exception as e: error_counter.inc() post_plugin_timer.stop_timer(started) raise RuntimeError('Error while running post-receive plug-in: %s' % str(e)) post_plugin_timer.stop_timer(started) return alert
def process_alert(alert): for plugin in plugins.routing(alert): started = pre_plugin_timer.start_timer() try: alert = plugin.pre_receive(alert) except (RejectException, RateLimit): reject_counter.inc() pre_plugin_timer.stop_timer(started) raise except Exception as e: error_counter.inc() pre_plugin_timer.stop_timer(started) raise RuntimeError("Error while running pre-receive plug-in '%s': %s" % (plugin.name, str(e))) if not alert: error_counter.inc() pre_plugin_timer.stop_timer(started) raise SyntaxError("Plug-in '%s' pre-receive hook did not return modified alert" % plugin.name) pre_plugin_timer.stop_timer(started) if db.is_blackout_period(alert): raise BlackoutPeriod("Suppressed alert during blackout period") try: if db.is_duplicate(alert): started = duplicate_timer.start_timer() alert = db.save_duplicate(alert) duplicate_timer.stop_timer(started) elif db.is_correlated(alert): started = correlate_timer.start_timer() alert = db.save_correlated(alert) correlate_timer.stop_timer(started) else: started = create_timer.start_timer() alert = db.create_alert(alert) create_timer.stop_timer(started) except Exception as e: error_counter.inc() raise RuntimeError(e) for plugin in plugins.routing(alert): started = post_plugin_timer.start_timer() try: plugin.post_receive(alert) except Exception as e: error_counter.inc() post_plugin_timer.stop_timer(started) raise RuntimeError("Error while running post-receive plug-in '%s': %s" % (plugin.name, str(e))) post_plugin_timer.stop_timer(started) return alert
def process_alert(incomingAlert): for plugin in plugins: try: incomingAlert = plugin.pre_receive(incomingAlert) except RejectException: raise except Exception as e: raise RuntimeError('Error while running pre-receive plug-in: %s', e) if not incomingAlert: raise SyntaxError( 'Plug-in pre-receive hook did not return modified alert') try: if db.is_duplicate(incomingAlert): started = duplicate_timer.start_timer() alert = db.save_duplicate(incomingAlert) duplicate_timer.stop_timer(started) elif db.is_correlated(incomingAlert): started = correlate_timer.start_timer() alert = db.save_correlated(incomingAlert) correlate_timer.stop_timer(started) else: started = create_timer.start_timer() alert = db.create_alert(incomingAlert) create_timer.stop_timer(started) except Exception as e: raise RuntimeError(e) for plugin in plugins: try: plugin.post_receive(alert) except Exception as e: raise RuntimeError('Error while running post-receive plug-in: %s', e) return alert
def is_correlated(self) -> bool: return db.is_correlated(self)
def is_correlated(self): return db.is_correlated(self)
def is_correlated(self) -> Optional['Alert']: """Return correlated alert or None""" return Alert.from_db(db.is_correlated(self))
return jsonify(status="error", message=str(e)) if suppress: LOG.info('Suppressing alert %s', incomingAlert.get_id()) return jsonify(status="error", message="alert suppressed by transform") if db.is_duplicate(incomingAlert): started = duplicate_timer.start_timer() alert = db.save_duplicate(incomingAlert) duplicate_timer.stop_timer(started) if alert and CONF.forward_duplicate: notify.send(alert) elif db.is_correlated(incomingAlert): started = correlate_timer.start_timer() alert = db.save_correlated(incomingAlert) correlate_timer.stop_timer(started) if alert: notify.send(alert) else: started = create_new_timer.start_timer() alert = db.save_alert(incomingAlert) create_new_timer.stop_timer(started) if alert: notify.send(alert)