def _apply_rule(context: LoggingContext, rule: ConfigRule, record: Dict,
parsed_record: Dict):
for attribute in rule.attributes:
try:
value = jmespath.search(attribute.pattern, record,
JMESPATH_OPTIONS)
if value:
parsed_record[attribute.key] = value
except Exception:
context.t_exception(
f"Encountered exception when evaluating attribute {attribute} of rule for {rule.entity_type_name}",
f"rule-attribute-evaluation-{rule.entity_type_name}exception")
def apply(self, context: LoggingContext, record: Dict,
parsed_record: Dict):
try:
if self.common_rule:
_apply_rule(context, self.common_rule, record, parsed_record)
any_rule_applied = self._apply_rules(context, self.rules, record,
parsed_record)
any_audit_rule_applied = self._apply_rules(context,
self.audit_logs_rules,
record, parsed_record)
# No matching rule has been found, applying the default rule
no_rule_applied = not (any_rule_applied or any_audit_rule_applied)
if no_rule_applied and self.default_rule:
_apply_rule(context, self.default_rule, record, parsed_record)
except Exception as e:
context.t_exception(
f"Encountered exception when running Rule Engine. {e}")