def pre_receive(self, alert):
if db.is_correlated(alert) is True:
self.correlated = True
LOG.info("Correlated Alert: {}".format(self.correlated))
return alert
def process_alert(incomingAlert):
for plugin in plugins:
try:
incomingAlert = plugin.pre_receive(incomingAlert)
except RejectException:
raise
except Exception as e:
raise RuntimeError('Error while running pre-receive plug-in: %s', e)
if not incomingAlert:
raise SyntaxError('Plug-in pre-receive hook did not return modified alert')
try:
if db.is_duplicate(incomingAlert):
started = duplicate_timer.start_timer()
alert = db.save_duplicate(incomingAlert)
duplicate_timer.stop_timer(started)
elif db.is_correlated(incomingAlert):
started = correlate_timer.start_timer()
alert = db.save_correlated(incomingAlert)
correlate_timer.stop_timer(started)
else:
started = create_timer.start_timer()
alert = db.create_alert(incomingAlert)
create_timer.stop_timer(started)
except Exception as e:
raise RuntimeError(e)
for plugin in plugins:
try:
plugin.post_receive(alert)
except Exception as e:
raise RuntimeError('Error while running post-receive plug-in: %s', e)
return alert
def process_alert(alert):
for plugin in plugins.routing(alert):
started = pre_plugin_timer.start_timer()
try:
alert = plugin.pre_receive(alert)
except (RejectException, RateLimit):
reject_counter.inc()
pre_plugin_timer.stop_timer(started)
raise
except Exception as e:
error_counter.inc()
pre_plugin_timer.stop_timer(started)
raise RuntimeError(
"Error while running pre-receive plug-in '%s': %s" %
(plugin.name, str(e)))
if not alert:
error_counter.inc()
pre_plugin_timer.stop_timer(started)
raise SyntaxError(
"Plug-in '%s' pre-receive hook did not return modified alert" %
plugin.name)
pre_plugin_timer.stop_timer(started)
if db.is_blackout_period(alert):
raise BlackoutPeriod("Suppressed alert during blackout period")
try:
if db.is_duplicate(alert):
started = duplicate_timer.start_timer()
alert = db.save_duplicate(alert)
duplicate_timer.stop_timer(started)
elif db.is_correlated(alert):
started = correlate_timer.start_timer()
alert = db.save_correlated(alert)
correlate_timer.stop_timer(started)
else:
started = create_timer.start_timer()
alert = db.create_alert(alert)
create_timer.stop_timer(started)
except Exception as e:
error_counter.inc()
raise RuntimeError(e)
for plugin in plugins.routing(alert):
started = post_plugin_timer.start_timer()
try:
plugin.post_receive(alert)
except Exception as e:
error_counter.inc()
post_plugin_timer.stop_timer(started)
raise RuntimeError(
"Error while running post-receive plug-in '%s': %s" %
(plugin.name, str(e)))
post_plugin_timer.stop_timer(started)
return alert
def process_alert(incomingAlert):
for plugin in plugins:
started = pre_plugin_timer.start_timer()
try:
incomingAlert = plugin.pre_receive(incomingAlert)
except RejectException:
reject_counter.inc()
pre_plugin_timer.stop_timer(started)
raise
except Exception as e:
error_counter.inc()
pre_plugin_timer.stop_timer(started)
raise RuntimeError('Error while running pre-receive plug-in: %s' %
str(e))
if not incomingAlert:
error_counter.inc()
pre_plugin_timer.stop_timer(started)
raise SyntaxError(
'Plug-in pre-receive hook did not return modified alert')
pre_plugin_timer.stop_timer(started)
if db.is_blackout_period(incomingAlert):
raise RuntimeWarning('Suppressed during blackout period')
try:
if db.is_duplicate(incomingAlert):
started = duplicate_timer.start_timer()
alert = db.save_duplicate(incomingAlert)
duplicate_timer.stop_timer(started)
elif db.is_correlated(incomingAlert):
started = correlate_timer.start_timer()
alert = db.save_correlated(incomingAlert)
correlate_timer.stop_timer(started)
else:
started = create_timer.start_timer()
alert = db.create_alert(incomingAlert)
create_timer.stop_timer(started)
except Exception as e:
error_counter.inc()
raise RuntimeError(e)
for plugin in plugins:
started = post_plugin_timer.start_timer()
try:
plugin.post_receive(alert)
except Exception as e:
error_counter.inc()
post_plugin_timer.stop_timer(started)
raise RuntimeError('Error while running post-receive plug-in: %s' %
str(e))
post_plugin_timer.stop_timer(started)
return alert
def process_alert(incomingAlert):
for plugin in plugins:
started = pre_plugin_timer.start_timer()
try:
incomingAlert = plugin.pre_receive(incomingAlert)
except RejectException:
reject_counter.inc()
pre_plugin_timer.stop_timer(started)
raise
except Exception as e:
error_counter.inc()
pre_plugin_timer.stop_timer(started)
raise RuntimeError('Error while running pre-receive plug-in: %s' % str(e))
if not incomingAlert:
error_counter.inc()
pre_plugin_timer.stop_timer(started)
raise SyntaxError('Plug-in pre-receive hook did not return modified alert')
pre_plugin_timer.stop_timer(started)
if db.is_blackout_period(incomingAlert):
raise RuntimeWarning('Suppressed during blackout period')
try:
if db.is_duplicate(incomingAlert):
started = duplicate_timer.start_timer()
alert = db.save_duplicate(incomingAlert)
duplicate_timer.stop_timer(started)
elif db.is_correlated(incomingAlert):
started = correlate_timer.start_timer()
alert = db.save_correlated(incomingAlert)
correlate_timer.stop_timer(started)
else:
started = create_timer.start_timer()
alert = db.create_alert(incomingAlert)
create_timer.stop_timer(started)
except Exception as e:
error_counter.inc()
raise RuntimeError(e)
for plugin in plugins:
started = post_plugin_timer.start_timer()
try:
plugin.post_receive(alert)
except Exception as e:
error_counter.inc()
post_plugin_timer.stop_timer(started)
raise RuntimeError('Error while running post-receive plug-in: %s' % str(e))
post_plugin_timer.stop_timer(started)
return alert
def process_alert(alert):
for plugin in plugins.routing(alert):
started = pre_plugin_timer.start_timer()
try:
alert = plugin.pre_receive(alert)
except (RejectException, RateLimit):
reject_counter.inc()
pre_plugin_timer.stop_timer(started)
raise
except Exception as e:
error_counter.inc()
pre_plugin_timer.stop_timer(started)
raise RuntimeError("Error while running pre-receive plug-in '%s': %s" % (plugin.name, str(e)))
if not alert:
error_counter.inc()
pre_plugin_timer.stop_timer(started)
raise SyntaxError("Plug-in '%s' pre-receive hook did not return modified alert" % plugin.name)
pre_plugin_timer.stop_timer(started)
if db.is_blackout_period(alert):
raise BlackoutPeriod("Suppressed alert during blackout period")
try:
if db.is_duplicate(alert):
started = duplicate_timer.start_timer()
alert = db.save_duplicate(alert)
duplicate_timer.stop_timer(started)
elif db.is_correlated(alert):
started = correlate_timer.start_timer()
alert = db.save_correlated(alert)
correlate_timer.stop_timer(started)
else:
started = create_timer.start_timer()
alert = db.create_alert(alert)
create_timer.stop_timer(started)
except Exception as e:
error_counter.inc()
raise RuntimeError(e)
for plugin in plugins.routing(alert):
started = post_plugin_timer.start_timer()
try:
plugin.post_receive(alert)
except Exception as e:
error_counter.inc()
post_plugin_timer.stop_timer(started)
raise RuntimeError("Error while running post-receive plug-in '%s': %s" % (plugin.name, str(e)))
post_plugin_timer.stop_timer(started)
return alert
def process_alert(incomingAlert):
for plugin in plugins:
try:
incomingAlert = plugin.pre_receive(incomingAlert)
except RejectException:
raise
except Exception as e:
raise RuntimeError('Error while running pre-receive plug-in: %s',
e)
if not incomingAlert:
raise SyntaxError(
'Plug-in pre-receive hook did not return modified alert')
try:
if db.is_duplicate(incomingAlert):
started = duplicate_timer.start_timer()
alert = db.save_duplicate(incomingAlert)
duplicate_timer.stop_timer(started)
elif db.is_correlated(incomingAlert):
started = correlate_timer.start_timer()
alert = db.save_correlated(incomingAlert)
correlate_timer.stop_timer(started)
else:
started = create_timer.start_timer()
alert = db.create_alert(incomingAlert)
create_timer.stop_timer(started)
except Exception as e:
raise RuntimeError(e)
for plugin in plugins:
try:
plugin.post_receive(alert)
except Exception as e:
raise RuntimeError('Error while running post-receive plug-in: %s',
e)
return alert
def is_correlated(self) -> bool:
return db.is_correlated(self)
def is_correlated(self):
return db.is_correlated(self)
def is_correlated(self) -> Optional['Alert']:
"""Return correlated alert or None"""
return Alert.from_db(db.is_correlated(self))
def is_correlated(self):
return db.is_correlated(self)
return jsonify(status="error", message=str(e))
if suppress:
LOG.info('Suppressing alert %s', incomingAlert.get_id())
return jsonify(status="error", message="alert suppressed by transform")
if db.is_duplicate(incomingAlert):
started = duplicate_timer.start_timer()
alert = db.save_duplicate(incomingAlert)
duplicate_timer.stop_timer(started)
if alert and CONF.forward_duplicate:
notify.send(alert)
elif db.is_correlated(incomingAlert):
started = correlate_timer.start_timer()
alert = db.save_correlated(incomingAlert)
correlate_timer.stop_timer(started)
if alert:
notify.send(alert)
else:
started = create_new_timer.start_timer()
alert = db.save_alert(incomingAlert)
create_new_timer.stop_timer(started)
if alert:
notify.send(alert)
def is_correlated(self) -> Optional['Alert']:
"""Return correlated alert or None"""
return Alert.from_db(db.is_correlated(self))
