def run(self, idmef): t = time.localtime(int(idmef.get("alert.create_time"))) if not (t.tm_wday == 5 or t.tm_wday == 6 or t.tm_hour < 9 or t.tm_hour > 17): return if idmef.get("alert.assessment.impact.completion") != "succeeded": return ca = IDMEF() ca.addAlertReference(idmef) ca.set("alert.classification", idmef.get("alert.classification")) ca.set("alert.correlation_alert.name", "Critical system activity on day off") ca.alert()
def run(self, idmef): t = time.localtime(int(idmef.get("alert.create_time"))) if not (t.tm_wday == 5 or t.tm_wday == 6 or t.tm_hour < 9 or t.tm_hour > 17): return if idmef.get("alert.assessment.impact.completion") != "succeeded": return ca = IDMEF(ruleid=self.name) ca.addAlertReference(idmef) ca.set("alert.classification", idmef.get("alert.classification")) ca.set("alert.correlation_alert.name", "Critical system activity on day off") ca.alert()