def add_labels(alert_id, labels, **kwargs): """ Add one or multiple labels to a given alert Variables: alert_id => ID of the alert to add the label to labels => List of labels to add as comma separated string Arguments: None Data Block: None API call example: /api/v3/alert/label/1234567890/EMAIL/ Result example: {"success": true, "event_id": 0} """ user = kwargs['user'] labels = set(labels.upper().split(",")) alert = STORAGE.get_alert(alert_id) if not alert: return make_api_response({ "success": False, "event_id": None }, err="Alert ID %s not found" % alert_id, status_code=404) if not Classification.is_accessible(user['classification'], alert['classification']): return make_api_response("", "You are not allowed to see this alert...", 403) cur_label = set(alert.get('label', [])) if labels.difference(labels.intersection(cur_label)): cur_label = cur_label.union(labels) alert['label'] = list(cur_label) STORAGE.save_alert(alert_id, alert) return make_api_response({"success": True}) else: return make_api_response({"success": False}, err="Alert already has labels %s" % ", ".join(labels), status_code=403)
def change_priority(alert_id, priority, **kwargs): """ Change the priority of a given alert Variables: alert_id => ID of the alert to change the priority priority => New priority for the alert Arguments: None Data Block: None API call example: /api/v3/alert/priority/1234567890/MALICIOUS/ Result example: {"success": true, "event_id": 0} """ user = kwargs['user'] priority = priority.upper() alert = STORAGE.get_alert(alert_id) if not alert: return make_api_response({ "success": False, "event_id": None }, err="Alert ID %s not found" % alert_id, status_code=404) if not Classification.is_accessible(user['classification'], alert['classification']): return make_api_response("", "You are not allowed to see this alert...", 403) if priority != alert.get('priority', None): alert['priority'] = priority STORAGE.save_alert(alert_id, alert) return make_api_response({"success": True}) else: return make_api_response({"success": False}, err="Alert already has priority %s" % priority, status_code=403)
def take_ownership(alert_id, **kwargs): """ Take ownership of a given alert Variables: alert_id => ID of the alert to send to take ownership Arguments: None Data Block: None API call example: /api/v3/alert/ownership/1234567890/ Result example: {"success": true} """ user = kwargs['user'] alert = STORAGE.get_alert(alert_id) if not alert: return make_api_response({"success": False}, err="Alert ID %s not found" % alert_id, status_code=404) if not Classification.is_accessible(user['classification'], alert['classification']): return make_api_response({"success": False}, "You are not allowed to see this alert...", 403) if alert.get('owner', None) is None: alert.update({"owner": user['uname']}) STORAGE.save_alert(alert_id, alert) return make_api_response({"success": True}) else: return make_api_response({"success": False}, err="Alert is already owned by %s" % alert['owner'], status_code=403)