def add_rule():
form = CreateRuleForm()
form.set_choices()
if form.validate_on_submit():
rule = Rule(name=form.name.data,
alerters=form.alerters.data,
description=form.description.data,
conditions=form.conditions.data,
updated_at=dt.datetime.utcnow())
rule.save()
return redirect(url_for('manage.rule', rule_id=rule.id))
flash_errors(form)
return render_template('rule.html', form=form)
def handle_log_entry(self, entry, node):
""" The actual entrypoint for handling input log entries. """
from doorman.models import Rule
from doorman.rules import RuleMatch
from doorman.utils import extract_results
self.load_rules()
to_trigger = []
for name, action, columns, timestamp in extract_results(entry):
result = {
'name': name,
'action': action,
'timestamp': timestamp,
'columns': columns,
}
alerts = self.network.process(result, node)
if len(alerts) == 0:
continue
# Alerts is a set of (alerter name, rule id) tuples. We convert
# these into RuleMatch instances, which is what our alerters are
# actually expecting.
for alerter, rule_id in alerts:
rule = Rule.get_by_id(rule_id)
to_trigger.append(
(alerter, RuleMatch(rule=rule, result=result, node=node)))
# Now that we've collected all results, start triggering them.
for alerter, match in to_trigger:
self.alerters[alerter].handle_alert(node, match)
def handle_log_entry(self, entry, node):
""" The actual entrypoint for handling input log entries. """
from doorman.models import Rule
from doorman.rules import RuleMatch
from doorman.utils import extract_results
self.load_rules()
to_trigger = []
for name, action, columns, timestamp in extract_results(entry):
result = {
'name': name,
'action': action,
'timestamp': timestamp,
'columns': columns,
}
alerts = self.network.process(result, node)
if len(alerts) == 0:
continue
# Alerts is a set of (alerter name, rule id) tuples. We convert
# these into RuleMatch instances, which is what our alerters are
# actually expecting.
for alerter, rule_id in alerts:
rule = Rule.get_by_id(rule_id)
to_trigger.append((alerter, RuleMatch(
rule=rule,
result=result,
node=node
)))
# Now that we've collected all results, start triggering them.
for alerter, match in to_trigger:
self.alerters[alerter].handle_alert(node, match)
def add_rule():
form = CreateRuleForm()
form.set_choices()
if form.validate_on_submit():
rule = Rule(name=form.name.data,
alerters=form.alerters.data,
description=form.description.data,
conditions=form.conditions.data,
updated_at=dt.datetime.utcnow())
rule.save()
return redirect(url_for('manage.rule', rule_id=rule.id))
flash_errors(form)
return render_template('rule.html', form=form)
def add_rule():
form = CreateRuleForm()
form.set_choices()
if form.validate_on_submit():
rule = Rule(type=form.type.data,
name=form.name.data,
action=form.action.data,
alerters=form.alerters.data,
config=form.config.data)
rule.save()
reload_rules.delay()
return redirect(url_for('manage.rule', rule_id=rule.id))
flash_errors(form)
return render_template('rule.html', form=form)
def test_will_reload_when_changed(self, app, db):
from doorman.models import Rule
mgr = app.rule_manager
dummy_rule = {
"id": "query_name",
"field": "query_name",
"type": "string",
"input": "text",
"operator": "equal",
"value": "dummy-query",
}
now = dt.datetime.utcnow()
next = now + dt.timedelta(minutes=5)
# Insert a first rule.
rule = Rule(
name='foo',
alerters=[],
conditions={'condition': 'AND', 'rules': [dummy_rule]},
updated_at=now
)
db.session.add(rule)
db.session.commit()
# Verify that we will reload these rules
assert mgr.should_reload_rules() is True
# Actually load them
mgr.load_rules()
# Verify that (with no changes made), we should NOT reload.
assert mgr.should_reload_rules() is False
# Make a change to a rule.
rule.update(
conditions={'condition': 'OR', 'rules': [dummy_rule]},
updated_at=next)
db.session.add(rule)
db.session.commit()
# Verify that we will now reload
assert mgr.should_reload_rules() is True