private String generateAlertDataDesc(AlertStreamEvent event) { if (event.getDataMap() == null) { return "N/A"; } StringBuilder sb = new StringBuilder(); for (Map.Entry<String, Object> entry : event.getDataMap().entrySet()) { sb.append(entry.getKey()).append("=").append(entry.getValue()).append(" "); } return sb.toString(); }
private static VelocityContext buildAlertContext(PolicyDefinition policyDefinition, AlertStreamEvent event) { VelocityContext context = new VelocityContext(); context.put(AlertContextFields.SITE_ID, event.getSiteId()); context.put(AlertContextFields.STREAM_ID, event.getStreamId()); context.put(AlertContextFields.ALERT_ID, event.getAlertId()); context.put(AlertContextFields.CREATED_BY, event.getCreatedBy()); context.put(AlertContextFields.CREATED_TIMESTAMP, event.getCreatedTime()); context.put(AlertContextFields.CREATED_TIME, String.format("%s %s", DateTimeUtil.millisecondsToHumanDateWithSeconds(event.getCreatedTime()), DateTimeUtil.CURRENT_TIME_ZONE.getID())); context.put(AlertContextFields.ALERT_TIMESTAMP, event.getTimestamp()); context.put(AlertContextFields.ALERT_TIME, String.format("%s %s", DateTimeUtil.millisecondsToHumanDateWithSeconds(event.getTimestamp()), DateTimeUtil.CURRENT_TIME_ZONE.getID())); context.put(AlertContextFields.ALERT_SCHEMA, event.getSchema()); context.put(AlertContextFields.ALERT_EVENT, event); context.put(AlertContextFields.POLICY_ID, policyDefinition.getName()); context.put(AlertContextFields.POLICY_DESC, policyDefinition.getDescription()); context.put(AlertContextFields.POLICY_TYPE, policyDefinition.getDefinition().getType()); context.put(AlertContextFields.POLICY_DEFINITION, policyDefinition.getDefinition().getValue()); context.put(AlertContextFields.POLICY_HANDLER, policyDefinition.getDefinition().getHandlerClass()); for (Map.Entry<String, Object> entry : event.getDataMap().entrySet()) { context.put(entry.getKey(), entry.getValue()); } return context; } }
@Override public String toString() { List<String> dataStrings = new ArrayList<>(this.getData().length); for (Object obj : this.getData()) { if (obj != null) { dataStrings.add(obj.toString()); } else { dataStrings.add(null); } } return String.format("Alert {site=%s, stream=%s,timestamp=%s,data=%s, policyId=%s, createdBy=%s, metaVersion=%s}", this.getSiteId(), this.getStreamId(), DateTimeUtil.millisecondsToHumanDateWithMilliseconds(this.getTimestamp()), this.getDataMap(), this.getPolicyId(), this.getCreatedBy(), this.getMetaVersion()); }
public AlertEntity convertAlertEvent(AlertStreamEvent event) { Preconditions.checkNotNull(event.getAlertId(), "alertId is not initialized before being published: " + event.toString()); AlertEntity alertEvent = new AlertEntity(); Map<String, String> tags = new HashMap<>(); tags.put(POLICY_ID_KEY, event.getPolicyId()); tags.put(ALERT_ID_KEY, event.getAlertId()); tags.put(ALERT_CATEGORY, event.getCategory()); tags.put(ALERT_SEVERITY, event.getSeverity().toString()); String host = event.getDataMap().getOrDefault("host", "null").toString(); String hostname = event.getDataMap().getOrDefault("hostname", "null").toString(); if (host != "null") { tags.put(ALERT_HOST, host); } else { tags.put(ALERT_HOST, hostname); } if (event.getContext() != null && !event.getContext().isEmpty()) { tags.put(SITE_ID_KEY, event.getContext().get(SITE_ID_KEY).toString()); alertEvent.setPolicyValue(event.getContext().get(POLICY_VALUE_KEY).toString()); alertEvent.setAppIds((List<String>) event.getContext().get(APP_IDS_KEY)); } alertEvent.setTimestamp(event.getCreatedTime()); alertEvent.setAlertData(event.getDataMap()); alertEvent.setAlertSubject(event.getSubject()); alertEvent.setAlertBody(event.getBody()); alertEvent.setTags(tags); return alertEvent; }
alertContext.put(PublishConstants.ALERT_EMAIL_POLICY_ID, event.getPolicyId()); alertContext.put(PublishConstants.ALERT_EMAIL_ALERT_ID, event.getAlertId()); alertContext.put(PublishConstants.ALERT_EMAIL_ALERT_DATA, event.getDataMap().toString()); alertContext.put(PublishConstants.ALERT_EMAIL_ALERT_DATA_DESC, generateAlertDataDesc(event)); alertContext.put(PublishConstants.ALERT_EMAIL_ALERT_CATEGORY, event.getCategory());
public static AlertPublishEvent createAlertPublishEvent(AlertStreamEvent event) { Preconditions.checkNotNull(event.getAlertId(), "alertId is not initialized before being published: " + event.toString()); AlertPublishEvent alertEvent = new AlertPublishEvent(); alertEvent.setAlertId(event.getAlertId()); alertEvent.setPolicyId(event.getPolicyId()); alertEvent.setAlertTimestamp(event.getCreatedTime()); alertEvent.setStreamId(event.getStreamId()); alertEvent.setCreatedBy(event.getCreatedBy()); alertEvent.setCreatedTime(event.getCreatedTime()); alertEvent.setAlertSubject(event.getSubject()); alertEvent.setAlertBody(event.getBody()); if (event.getContext() != null && !event.getContext().isEmpty()) { if (event.getContext().containsKey(SITE_ID_KEY)) { alertEvent.setSiteId(event.getContext().get(SITE_ID_KEY).toString()); } if (event.getContext().containsKey(POLICY_VALUE_KEY)) { alertEvent.setPolicyValue(event.getContext().get(POLICY_VALUE_KEY).toString()); } if (event.getContext().containsKey(APP_IDS_KEY)) { alertEvent.setAppIds((List<String>) event.getContext().get(APP_IDS_KEY)); } } alertEvent.setAlertData(event.getDataMap()); return alertEvent; }