def test_create_from_dynamo_record(self): """Alert Class - Create Alert from Dynamo Record""" alert = self._customized_alert() # Converting to a Dynamo record and back again should result in the exact same alert record = alert.dynamo_record() new_alert = Alert.create_from_dynamo_record(record) assert_equal(alert.dynamo_record(), new_alert.dynamo_record())
def _alert_generator(self, rule_name): """ Returns a generator that yields Alert instances triggered from the given rule name. To limit memory consumption, the generator yields a maximum number of alerts, defined by self._alert_generator_limit. """ generator = self.table.get_alert_records(rule_name, self.alert_proc_timeout) for idx, record in enumerate(generator, start=1): try: yield Alert.create_from_dynamo_record(record) except AlertCreationError: LOGGER.exception('Invalid alert record %s', record) continue if idx >= self._alert_generator_limit: LOGGER.warning( 'Alert Merger reached alert limit of %d for rule "%s"', self._alert_generator_limit, rule_name) return
def run(self, event): """Run the alert processor! Args: event (dict): Lambda invocation event containing at least the rule name and alert ID. Returns: dict: Maps output (str) to whether it sent successfully (bool). An empty dict is returned if the Alert was improperly formatted. """ # Grab the alert record from Dynamo (if needed). if set(event) == {'AlertID', 'RuleName'}: LOGGER.info('Retrieving %s from alerts table', event) alert_record = self.alerts_table.get_alert_record( event['RuleName'], event['AlertID']) if not alert_record: LOGGER.error('%s does not exist in the alerts table', event) return {} else: alert_record = event # Convert record to an Alert instance. try: alert = Alert.create_from_dynamo_record(alert_record) except AlertCreationError: LOGGER.exception('Invalid alert %s', event) return {} # Remove normalization key from the record. # TODO: Consider including this in at least some outputs, e.g. default Athena firehose if Normalizer.NORMALIZATION_KEY in alert.record: del alert.record[Normalizer.NORMALIZATION_KEY] result = self._send_to_outputs(alert) self._update_table(alert, result) return result