Class: ESP::Alert

Inherits:
Resource
  • Object
show all
Defined in:
lib/esp/resources/alert.rb

Class Method Summary collapse

Instance Method Summary collapse

Methods inherited from Resource

arrange_options, make_pageable, #serializable_hash, where

Class Method Details

.find(*arguments) ⇒ Object

Find an Alert by id

Parameter

id | Required | The ID of the alert to retrieve

:call-seq:

find(id)



96
97
98
99
100
101
102
103
 
# File 'lib/esp/resources/alert.rb', line 96

def self.find(*arguments)
  scope = arguments.slice!(0)
  options = (arguments.slice!(0) || {}).with_indifferent_access
  return super(scope, options) if scope.is_a?(Numeric) || options[:from].present?
  params = options.fetch(:params, {}).with_indifferent_access
  report_id = params.delete(:report_id)
  for_report(report_id, params)
end

.for_report(report_id = nil, arguments = {}) ⇒ Object

Returns a paginated collection of alerts for the given report_id Convenience method to use instead of ::find since a report_id is required to return alerts.

Parameters

report_id | Required | The ID of the report to retrieve alerts for

arguments | Not Required | An optional hash of search criteria to filter the returned collection

Valid Arguments

region_id | Not Required | Return only alerts for this region.

status | Not Required | Return only alerts for the give status(es). Valid values are fail, warn, error, pass, info

first_seen | Not Required | Return only alerts that have started within a number of hours of the report. For example, first_seen of 3 will return alerts that started showing up within the last 3 hours of the report.

suppressed | Not Required | Return only suppressed alerts

team_id | Not Required | Return only alerts for the given team.

external_account_id | Not Required | Return only alerts for the given external id.

service_id | Not Required | Return only alerts on signatures with the given service.

signature_severity | Not Required | Return only alerts for signatures with the given risk_level. Valid values are Low, Medium, High

signature_name | Not Required | Return only alerts for signatures with the given name.

resource | Not Required | Return only alerts for the given resource or tag.

signature_identifier | Not Required | Return only alerts for signatures with the given identifier.

Example

alerts = ESP::Alert.for_report(54, status: 'fail', signature_severity: 'High')



82
83
84
85
86
 
# File 'lib/esp/resources/alert.rb', line 82

def self.for_report(report_id = nil, arguments = {})
  fail ArgumentError, "You must supply a report id." unless report_id.present?
  from = "#{prefix}reports/#{report_id}/alerts.json"
  all(from: from, params: arguments)
end

Instance Method Details

#cloud_trail_eventsObject

Returns the cloud trail events associated with this alert. These may be added up to 10 minutes after the alert was created



25
 
# File 'lib/esp/resources/alert.rb', line 25

has_many :cloud_trail_events, class_name: 'ESP::CloudTrailEvent'

#custom_signatureObject

Returns the custom signature associated with this alert. Either a signature or custom signature but not both will be present.



17
 
# File 'lib/esp/resources/alert.rb', line 17

belongs_to :custom_signature, class_name: 'ESP::CustomSignature'

#destroyObject

Not Implemented. You cannot destroy a an Alert.



43
44
45
 
# File 'lib/esp/resources/alert.rb', line 43

def destroy
  fail ESP::NotImplementedError
end

#external_accountObject

Returns the external account associated with this alert.



5
 
# File 'lib/esp/resources/alert.rb', line 5

belongs_to :external_account, class_name: 'ESP::ExternalAccount'

#metadataObject

Returns the metadata associated with this alert.



33
34
35
 
# File 'lib/esp/resources/alert.rb', line 33

def metadata
  ESP::Metadata.for_alert(id)
end

#regionObject

Returns the region associated with this alert.



9
 
# File 'lib/esp/resources/alert.rb', line 9

belongs_to :region, class_name: 'ESP::Region'

#saveObject

Not Implemented. You cannot create or update an Alert.



38
39
40
 
# File 'lib/esp/resources/alert.rb', line 38

def save
  fail ESP::NotImplementedError
end

#signatureObject

Returns the region associated with this alert. Either a signature or custom signature but not both will be present.



13
 
# File 'lib/esp/resources/alert.rb', line 13

belongs_to :signature, class_name: 'ESP::Signature'

#suppress_region(reason = nil) ⇒ Object

Suppress the region associated with this alert.

Parameter

reason | Required | The reason for creating the suppression.



117
118
119
 
# File 'lib/esp/resources/alert.rb', line 117

def suppress_region(reason = nil)
  suppress(Suppression::Region, reason)
end

#suppress_signature(reason = nil) ⇒ Object

Suppress the signature associated with this alert.

Parameter

reason | Required | The reason for creating the suppression.



109
110
111
 
# File 'lib/esp/resources/alert.rb', line 109

def suppress_signature(reason = nil)
  suppress(Suppression::Signature, reason)
end

#suppress_unique_identifier(reason = nil) ⇒ Object

Suppress the unique identifier associated with this alert.

Parameter

reason | Required | The reason for creating the suppression.



125
126
127
 
# File 'lib/esp/resources/alert.rb', line 125

def suppress_unique_identifier(reason = nil)
  suppress(Suppression::UniqueIdentifier, reason)
end

#suppressionObject

Returns the suppression associated with this alert. If present the alert was suppressed.



21
 
# File 'lib/esp/resources/alert.rb', line 21

belongs_to :suppression, class_name: 'ESP::Suppression'

#tagsObject

Returns the tags associated with this alert.



29
 
# File 'lib/esp/resources/alert.rb', line 29

has_many :tags, class_name: 'ESP::Tag'