private Map<String, Object> createMetaAlert(String guid) throws Exception { // create and index 2 normal alerts List<Map<String, Object>> alerts = buildAlerts(2); alerts.get(0).put(METAALERT_FIELD, Collections.singletonList(guid)); alerts.get(1).put(METAALERT_FIELD, Collections.singletonList(guid)); addRecords(alerts, getTestIndexFullName(), SENSOR_NAME); // create and index a meta-alert Map<String, Object> metaAlert = buildMetaAlert(guid, MetaAlertStatus.ACTIVE, Optional.of(alerts)); addRecords(Collections.singletonList(metaAlert), getMetaAlertIndex(), METAALERT_TYPE); // ensure the test alerts were loaded findCreatedDocs(Arrays.asList( new GetRequest("message_0", SENSOR_NAME), new GetRequest("message_1", SENSOR_NAME), new GetRequest("meta_alert", METAALERT_TYPE))); return metaAlert; }
@Test public void shouldGetAllMetaAlertsForAlert() throws Exception { List<Map<String, Object>> alerts = buildAlerts(3); addRecords(alerts, getTestIndexFullName(), SENSOR_NAME);
@Test public void shouldPatchMetaAlertFields() throws Exception { // Load alerts List<Map<String, Object>> alerts = buildAlerts(2); alerts.get(0).put(METAALERT_FIELD, Collections.singletonList("meta_active")); alerts.get(1).put(METAALERT_FIELD, Collections.singletonList("meta_active")); addRecords(alerts, getTestIndexFullName(), SENSOR_NAME); // Put the nested type into the test index, so that it'll match appropriately setupTypings(); // Load metaAlerts Map<String, Object> metaAlert = buildMetaAlert("meta_alert", MetaAlertStatus.ACTIVE, Optional.of(Arrays.asList(alerts.get(0), alerts.get(1)))); // We pass MetaAlertDao.METAALERT_TYPE, because the "_doc" gets appended automatically. addRecords(Collections.singletonList(metaAlert), getMetaAlertIndex(), METAALERT_TYPE); // ensure the test data was loaded findCreatedDocs(Arrays.asList( new GetRequest("message_0", SENSOR_NAME), new GetRequest("message_1", SENSOR_NAME), new GetRequest("meta_alert", METAALERT_TYPE))); // patch the name field String namePatch = namePatchRequest.replace(META_INDEX_FLAG, getMetaAlertIndex()); PatchRequest patchRequest = JSONUtils.INSTANCE.load(namePatch, PatchRequest.class); metaDao.patch(metaDao, patchRequest, Optional.of(System.currentTimeMillis())); // ensure the alert was patched assertEventually(() -> { Document updated = metaDao.getLatest("meta_alert", METAALERT_TYPE); Assert.assertEquals("New Meta Alert", updated.getDocument().get(NAME_FIELD)); }); }
List<Map<String, Object>> alerts = buildAlerts(2); alerts.get(0).put(METAALERT_FIELD, Collections.singletonList("meta_active")); alerts.get(1).put(METAALERT_FIELD, Collections.singletonList("meta_active"));
List<Map<String, Object>> alerts = buildAlerts(2); alerts.get(0).put(METAALERT_FIELD, Collections.singletonList("meta_active")); alerts.get(1).put(METAALERT_FIELD, Collections.singletonList("meta_active"));
@Test public void shouldSearchByStatus() throws Exception { List<Map<String, Object>> alerts = buildAlerts(1); alerts.get(0).put(METAALERT_FIELD, Collections.singletonList("meta_active")); alerts.get(0).put("ip_src_addr", "192.168.1.1");
public void shouldRemoveAlertsFromMetaAlert() throws Exception { List<Map<String, Object>> alerts = buildAlerts(4); alerts.get(0).put(METAALERT_FIELD, Collections.singletonList("meta_alert")); alerts.get(1).put(METAALERT_FIELD, Collections.singletonList("meta_alert"));
@Test public void shouldAddAlertsToMetaAlert() throws Exception { List<Map<String, Object>> alerts = buildAlerts(4); alerts.get(0).put(METAALERT_FIELD, Collections.singletonList("meta_alert")); addRecords(alerts, getTestIndexFullName(), SENSOR_NAME);
@Test public void shouldCreateMetaAlert() throws Exception { List<Map<String, Object>> alerts = buildAlerts(3); addRecords(alerts, getTestIndexFullName(), SENSOR_NAME);
@Test public void shouldHidesAlertsOnGroup() throws Exception { List<Map<String, Object>> alerts = buildAlerts(2); alerts.get(0).put(METAALERT_FIELD, Collections.singletonList("meta_active")); alerts.get(0).put("ip_src_addr", "192.168.1.1");
@Test public void addRemoveAlertsShouldThrowExceptionForInactiveMetaAlert() throws Exception { List<Map<String, Object>> alerts = buildAlerts(2); alerts.get(0).put(METAALERT_FIELD, Collections.singletonList("meta_alert")); addRecords(alerts, getTestIndexFullName(), SENSOR_NAME);
List<Map<String, Object>> alerts = buildAlerts(totalAlerts); List<Map<String, Object>> childAlerts = alerts.subList(0, numChildAlerts); List<Map<String, Object>> unrelatedAlerts = alerts.subList(numChildAlerts, totalAlerts);
@Test public void shouldSortByThreatTriageScore() throws Exception { List<Map<String, Object>> alerts = buildAlerts(2); alerts.get(0).put(METAALERT_FIELD, "meta_active_0"); addRecords(alerts, getTestIndexFullName(), SENSOR_NAME);
List<Map<String, Object>> alerts = buildAlerts(2); alerts.get(0).put(METAALERT_FIELD, Arrays.asList("meta_active", "meta_inactive")); addRecords(alerts, getTestIndexFullName(), SENSOR_NAME);