Пример #1
0
 def test_create_from_dynamo_record(self):
     """Alert Class - Create Alert from Dynamo Record"""
     alert = self._customized_alert()
     # Converting to a Dynamo record and back again should result in the exact same alert
     record = alert.dynamo_record()
     new_alert = Alert.create_from_dynamo_record(record)
     assert_equal(alert.dynamo_record(), new_alert.dynamo_record())
Пример #2
0
    def run(self, event):
        """Run the alert processor!

        Args:
            event (dict): Lambda invocation event containing at least the rule name and alert ID.

        Returns:
            dict: Maps output (str) to whether it sent successfully (bool).
                An empty dict is returned if the Alert was improperly formatted.
        """
        # Grab the alert record from Dynamo (if needed).
        if set(event) == {'AlertID', 'RuleName'}:
            LOGGER.info('Retrieving %s from alerts table', event)
            alert_record = self.alerts_table.get_alert_record(event['RuleName'], event['AlertID'])
            if not alert_record:
                LOGGER.error('%s does not exist in the alerts table', event)
                return {}
        else:
            alert_record = event

        # Convert record to an Alert instance.
        try:
            alert = Alert.create_from_dynamo_record(alert_record)
        except AlertCreationError:
            LOGGER.exception('Invalid alert %s', event)
            return {}

        # Remove normalization key from the record.
        # TODO: Consider including this in at least some outputs, e.g. default Athena firehose
        if Normalizer.NORMALIZATION_KEY in alert.record:
            del alert.record[Normalizer.NORMALIZATION_KEY]

        result = self._send_to_outputs(alert)
        self._update_table(alert, result)
        return result
Пример #3
0
    def _get_alerts(self, rule_name):
        """Build a list of Alert instances triggered from the given rule name."""
        alerts = []

        for record in self.table.get_alert_records(rule_name,
                                                   self.alert_proc_timeout):
            try:
                alerts.append(Alert.create_from_dynamo_record(record))
            except AlertCreationError:
                LOGGER.exception('Invalid alert record %s', record)

        return alerts