def add_labels(alert_id, labels, **kwargs):
"""
Add one or multiple labels to a given alert
Variables:
alert_id => ID of the alert to add the label to
labels => List of labels to add as comma separated string
Arguments:
None
Data Block:
None
API call example:
/api/v3/alert/label/1234567890/EMAIL/
Result example:
{"success": true,
"event_id": 0}
"""
user = kwargs['user']
labels = set(labels.upper().split(","))
alert = STORAGE.get_alert(alert_id)
if not alert:
return make_api_response({
"success": False,
"event_id": None
},
err="Alert ID %s not found" % alert_id,
status_code=404)
if not Classification.is_accessible(user['classification'],
alert['classification']):
return make_api_response("",
"You are not allowed to see this alert...",
403)
cur_label = set(alert.get('label', []))
if labels.difference(labels.intersection(cur_label)):
cur_label = cur_label.union(labels)
alert['label'] = list(cur_label)
STORAGE.save_alert(alert_id, alert)
return make_api_response({"success": True})
else:
return make_api_response({"success": False},
err="Alert already has labels %s" %
", ".join(labels),
status_code=403)
def change_priority(alert_id, priority, **kwargs):
"""
Change the priority of a given alert
Variables:
alert_id => ID of the alert to change the priority
priority => New priority for the alert
Arguments:
None
Data Block:
None
API call example:
/api/v3/alert/priority/1234567890/MALICIOUS/
Result example:
{"success": true,
"event_id": 0}
"""
user = kwargs['user']
priority = priority.upper()
alert = STORAGE.get_alert(alert_id)
if not alert:
return make_api_response({
"success": False,
"event_id": None
},
err="Alert ID %s not found" % alert_id,
status_code=404)
if not Classification.is_accessible(user['classification'],
alert['classification']):
return make_api_response("",
"You are not allowed to see this alert...",
403)
if priority != alert.get('priority', None):
alert['priority'] = priority
STORAGE.save_alert(alert_id, alert)
return make_api_response({"success": True})
else:
return make_api_response({"success": False},
err="Alert already has priority %s" %
priority,
status_code=403)
def take_ownership(alert_id, **kwargs):
"""
Take ownership of a given alert
Variables:
alert_id => ID of the alert to send to take ownership
Arguments:
None
Data Block:
None
API call example:
/api/v3/alert/ownership/1234567890/
Result example:
{"success": true}
"""
user = kwargs['user']
alert = STORAGE.get_alert(alert_id)
if not alert:
return make_api_response({"success": False},
err="Alert ID %s not found" % alert_id,
status_code=404)
if not Classification.is_accessible(user['classification'],
alert['classification']):
return make_api_response({"success": False},
"You are not allowed to see this alert...",
403)
if alert.get('owner', None) is None:
alert.update({"owner": user['uname']})
STORAGE.save_alert(alert_id, alert)
return make_api_response({"success": True})
else:
return make_api_response({"success": False},
err="Alert is already owned by %s" %
alert['owner'],
status_code=403)