@Override public Document addAlertsToMetaAlert(MetaAlertAddRemoveRequest metaAlertAddRemoveRequest) throws RestException { try { return dao.addAlertsToMetaAlert(metaAlertAddRemoveRequest.getMetaAlertGuid(), metaAlertAddRemoveRequest.getAlerts()); } catch (IOException | IllegalStateException e) { throw new RestException(e.getMessage(), e); } }
@Override public Document create(MetaAlertCreateRequest createRequest) throws RestException { try { return dao.createMetaAlert(createRequest); } catch (InvalidCreateException | IOException e) { throw new RestException(e.getMessage(), e); } }
@Override public SearchResponse getAllMetaAlertsForAlert(String guid) throws RestException { try { return dao.getAllMetaAlertsForAlert(guid); } catch (IOException|InvalidSearchException ise) { throw new RestException(ise.getMessage(), ise); } }
metaDao.addAlertsToMetaAlert("meta_alert", Collections.singletonList(new GetRequest("message_1", SENSOR_NAME))); Assert.fail("Adding alerts to an inactive meta alert should throw an exception"); metaDao.removeAlertsFromMetaAlert("meta_alert", Collections.singletonList(new GetRequest("message_0", SENSOR_NAME))); Assert.fail("Removing alerts from an inactive meta alert should throw an exception");
private SearchResponse searchForSortedMetaAlerts(SortField sortBy) throws InvalidSearchException { SearchRequest searchRequest = new SearchRequest(); searchRequest.setFrom(0); searchRequest.setSize(10); searchRequest.setIndices(Arrays.asList(getTestIndexName(), METAALERT_TYPE)); searchRequest.setQuery("*:*"); searchRequest.setSort(Collections.singletonList(sortBy)); return metaDao.search(searchRequest); }
private void escalateMetaAlert(String guid) throws Exception { // create the patch that 'escalates' the meta-alert Map<String, Object> patch = new HashMap<>(); patch.put("op", "add"); patch.put("path", "/alert_status"); patch.put("value", "escalate"); // 'escalate' the meta-alert PatchRequest patchRequest = new PatchRequest(); patchRequest.setGuid(guid); patchRequest.setIndex(getMetaAlertIndex()); patchRequest.setSensorType(METAALERT_TYPE); patchRequest.setPatch(Collections.singletonList(patch)); metaDao.patch(metaDao, patchRequest, Optional.of(System.currentTimeMillis())); // ensure the alert status was changed to 'escalate' assertEventually(() -> { Document updated = metaDao.getLatest(guid, METAALERT_TYPE); Assert.assertEquals("escalate", updated.getDocument().get("alert_status")); }); }
.createMetaAlert(metaAlertCreateRequest); Document alert = metaDao.getLatest("message_0", SENSOR_NAME); Assert.assertEquals(4, alert.getDocument().size()); Assert.assertNull(alert.getDocument().get(METAALERT_FIELD));
@Override public Document removeAlertsFromMetaAlert(MetaAlertAddRemoveRequest metaAlertAddRemoveRequest) throws RestException { try { return dao.removeAlertsFromMetaAlert(metaAlertAddRemoveRequest.getMetaAlertGuid(), metaAlertAddRemoveRequest.getAlerts()); } catch (IOException | IllegalStateException e) { throw new RestException(e.getMessage(), e); } }
/** * Initializes a Meta Alert DAO with default "sum" meta alert threat sorting. * @param indexDao The DAO to wrap for our queries. */ default void init(IndexDao indexDao) { init(indexDao, Optional.empty()); }
@Override public Document updateMetaAlertStatus(String metaAlertGuid, MetaAlertStatus status) throws RestException { try { return dao.updateMetaAlertStatus(metaAlertGuid, status); } catch (IOException ioe) { throw new RestException(ioe.getMessage(), ioe); } } }
Document message0 = metaDao.getLatest("message_0", SENSOR_NAME); message0.getDocument().put(NEW_FIELD, expectedFieldValue); message0.getDocument().put(THREAT_FIELD_DEFAULT, 10.0d); metaDao.update(message0, Optional.of(getTestIndexFullName())); Document message0 = metaDao.getLatest("message_0", SENSOR_NAME); Assert.assertNotNull(message0); Assert.assertEquals(expectedFieldValue, message0.getDocument().get(NEW_FIELD)); Document active = metaDao.getLatest("meta_active", METAALERT_TYPE); Object value = active.getDocument().get(ALERT_FIELD); List<Map<String, Object>> children = List.class.cast(value); Document inactive = metaDao.getLatest("meta_inactive", METAALERT_TYPE); Object value = inactive.getDocument().get(ALERT_FIELD); List<Map<String, Object>> children = List.class.cast(value);
protected boolean findCreatedDoc(String guid, String sensorType) throws InterruptedException, IOException, OriginalNotFoundException { for (int t = 0; t < MAX_RETRIES; ++t, Thread.sleep(SLEEP_MS)) { Document doc = metaDao.getLatest(guid, sensorType); if (doc != null) { return true; } } throw new OriginalNotFoundException( "Count not find " + guid + " after " + MAX_RETRIES + "tries"); }
protected boolean findCreatedDocs(List<GetRequest> getRequests) throws InterruptedException, IOException, OriginalNotFoundException { for (int t = 0; t < MAX_RETRIES; ++t, Thread.sleep(SLEEP_MS)) { Iterable<Document> docs = metaDao.getAllLatest(getRequests); if (docs != null) { int docCount = 0; for (Document doc : docs) { docCount++; } if (getRequests.size() == docCount) { return true; } } } throw new OriginalNotFoundException("Count not find guids after " + MAX_RETRIES + "tries"); }
List<Group> groupList = new ArrayList<>(); groupList.add(searchGroup); GroupResponse groupResponse = metaDao.group(new GroupRequest() {
new GetRequest("meta_inactive", METAALERT_TYPE))); SearchResponse searchResponse = metaDao.search(new SearchRequest() {
@Test public void shouldPatchMetaAlertFields() throws Exception { // Load alerts List<Map<String, Object>> alerts = buildAlerts(2); alerts.get(0).put(METAALERT_FIELD, Collections.singletonList("meta_active")); alerts.get(1).put(METAALERT_FIELD, Collections.singletonList("meta_active")); addRecords(alerts, getTestIndexFullName(), SENSOR_NAME); // Put the nested type into the test index, so that it'll match appropriately setupTypings(); // Load metaAlerts Map<String, Object> metaAlert = buildMetaAlert("meta_alert", MetaAlertStatus.ACTIVE, Optional.of(Arrays.asList(alerts.get(0), alerts.get(1)))); // We pass MetaAlertDao.METAALERT_TYPE, because the "_doc" gets appended automatically. addRecords(Collections.singletonList(metaAlert), getMetaAlertIndex(), METAALERT_TYPE); // ensure the test data was loaded findCreatedDocs(Arrays.asList( new GetRequest("message_0", SENSOR_NAME), new GetRequest("message_1", SENSOR_NAME), new GetRequest("meta_alert", METAALERT_TYPE))); // patch the name field String namePatch = namePatchRequest.replace(META_INDEX_FLAG, getMetaAlertIndex()); PatchRequest patchRequest = JSONUtils.INSTANCE.load(namePatch, PatchRequest.class); metaDao.patch(metaDao, patchRequest, Optional.of(System.currentTimeMillis())); // ensure the alert was patched assertEventually(() -> { Document updated = metaDao.getLatest("meta_alert", METAALERT_TYPE); Assert.assertEquals("New Meta Alert", updated.getDocument().get(NAME_FIELD)); }); }
Document actualMetaAlert = metaDao.removeAlertsFromMetaAlert("meta_alert", Arrays .asList(new GetRequest("message_0", SENSOR_NAME), new GetRequest("message_1", SENSOR_NAME))); Document actualMetaAlert = metaDao.removeAlertsFromMetaAlert("meta_alert", Arrays .asList(new GetRequest("message_0", SENSOR_NAME), new GetRequest("message_1", SENSOR_NAME))); expectedMetaAlert.put(getThreatTriageField(), 3.0d); Document actualMetaAlert = metaDao.removeAlertsFromMetaAlert("meta_alert", Arrays .asList(new GetRequest("message_0", SENSOR_NAME), new GetRequest("message_2", SENSOR_NAME))); metaDao.removeAlertsFromMetaAlert("meta_alert", Collections.singletonList(new GetRequest("message_3", SENSOR_NAME))); Assert.fail("Removing these alerts will result in an empty meta alert. Empty meta alerts are not allowed.");
ret.init(indexDao, Optional.ofNullable(metaDaoSort)); return ret;
expectedMetaAlert.put(STATUS_FIELD, MetaAlertStatus.INACTIVE.getStatusString()); Document actualMetaAlert = metaDao.updateMetaAlertStatus("meta_alert", MetaAlertStatus.INACTIVE); Assert.assertEquals(expectedMetaAlert, actualMetaAlert.getDocument()); findUpdatedDoc(expectedMetaAlert, "meta_alert", METAALERT_TYPE); expectedMetaAlert.put(STATUS_FIELD, MetaAlertStatus.ACTIVE.getStatusString()); Document actualMetaAlert = metaDao.updateMetaAlertStatus("meta_alert", MetaAlertStatus.ACTIVE); Assert.assertEquals(expectedMetaAlert, actualMetaAlert.getDocument()); findUpdatedDoc(expectedMetaAlert, "meta_alert", METAALERT_TYPE); expectedMetaAlert.put(STATUS_FIELD, MetaAlertStatus.ACTIVE.getStatusString()); Document actualMetaAlert = metaDao.updateMetaAlertStatus("meta_alert", MetaAlertStatus.ACTIVE); Assert.assertEquals(expectedMetaAlert, actualMetaAlert.getDocument()); findUpdatedDoc(expectedMetaAlert, "meta_alert", METAALERT_TYPE);
protected void findUpdatedDoc(Map<String, Object> message0, String guid, String sensorType) throws InterruptedException, IOException, OriginalNotFoundException { commit(); for (int t = 0; t < MAX_RETRIES; ++t, Thread.sleep(SLEEP_MS)) { Document doc = metaDao.getLatest(guid, sensorType); // Change the underlying document alerts lists to sets to avoid ordering issues. convertAlertsFieldToSet(doc.getDocument()); convertAlertsFieldToSet(message0); if (doc.getDocument() != null && message0.equals(doc.getDocument())) { convertAlertsFieldToList(doc.getDocument()); convertAlertsFieldToList(message0); return; } } throw new OriginalNotFoundException( "Count not find " + guid + " after " + MAX_RETRIES + " tries"); }