Class: ESP::Alert

Inherits:
Resource
  • Object
show all
Defined in:
lib/esp/resources/alert.rb

Constant Summary

Constants inherited from Resource

Resource::PREDICATES

Class Method Summary collapse

Instance Method Summary collapse

Methods inherited from Resource

arrange_options, make_pageable, #serializable_hash

Class Method Details

.find(*arguments) ⇒ Object

Find an Alert by id

Parameter

id | Required | The ID of the alert to retrieve

options | Optional | A hash of options

Valid Options

include | The list of associated objects to return on the initial request.

Valid Includable Associations

See API documentation for valid arguments

Example

alert = ESP::Alert.find(1, include: ‘tags,external_account.team’)

:call-seq:

find(id, options = {})



87
88
89
90
91
92
93
94
 
# File 'lib/esp/resources/alert.rb', line 87

def self.find(*arguments)
  scope = arguments.slice!(0)
  options = (arguments.slice!(0) || {}).with_indifferent_access
  return super(scope, options) if scope.is_a?(Numeric) || options[:from].present?
  params = options.fetch(:params, {})
  from = for_report(params.delete(:report_id))
  all(from: "#{from}.json", params: params)
end

.for_report(report_id) ⇒ Object

:nodoc:



96
97
98
99
 
# File 'lib/esp/resources/alert.rb', line 96

def self.for_report(report_id) # :nodoc:
  fail ArgumentError, "You must supply a report id." unless report_id.present?
  "#{prefix}reports/#{report_id}/alerts"
end

.where(clauses = {}) ⇒ Object

Returns a paginated collection of alerts for the given report_id

Parameters

clauses | Required | Hash of attributes with appended predicates to search, sort and include.

Valid Clauses

See API documentation for valid arguments

Example

alerts = ESP::Alert.where(report_id: 54, status_eq: 'fail', signature_risk_level_in: ['High'], include: 'signature')



59
60
61
62
63
64
 
# File 'lib/esp/resources/alert.rb', line 59

def self.where(clauses = {})
  clauses = clauses.with_indifferent_access
  return super(clauses) if clauses[:from].present?
  from = for_report(clauses.delete(:report_id))
  super clauses.merge(from: from)
end

Instance Method Details

#cloud_trail_eventsObject

Returns the cloud trail events associated with this alert. These may be added up to 10 minutes after the alert was created



25
 
# File 'lib/esp/resources/alert.rb', line 25

has_many :cloud_trail_events, class_name: 'ESP::CloudTrailEvent'

#custom_signatureObject

Returns the custom signature associated with this alert. Either a signature or custom signature but not both will be present.



17
 
# File 'lib/esp/resources/alert.rb', line 17

belongs_to :custom_signature, class_name: 'ESP::CustomSignature'

#destroyObject

Not Implemented. You cannot destroy a an Alert.



43
44
45
 
# File 'lib/esp/resources/alert.rb', line 43

def destroy
  fail ESP::NotImplementedError
end

#external_accountObject

Returns the external account associated with this alert.



5
 
# File 'lib/esp/resources/alert.rb', line 5

belongs_to :external_account, class_name: 'ESP::ExternalAccount'

#metadataObject

Returns the metadata associated with this alert.



33
34
35
 
# File 'lib/esp/resources/alert.rb', line 33

def metadata
  ESP::Metadata.for_alert(id)
end

#regionObject

Returns the region associated with this alert.



9
 
# File 'lib/esp/resources/alert.rb', line 9

belongs_to :region, class_name: 'ESP::Region'

#saveObject

Not Implemented. You cannot create or update an Alert.



38
39
40
 
# File 'lib/esp/resources/alert.rb', line 38

def save
  fail ESP::NotImplementedError
end

#signatureObject

Returns the region associated with this alert. Either a signature or custom signature but not both will be present.



13
 
# File 'lib/esp/resources/alert.rb', line 13

belongs_to :signature, class_name: 'ESP::Signature'

#suppress_region(reason = nil) ⇒ Object

Suppress the region associated with this alert.

Parameter

reason | Required | The reason for creating the suppression.



113
114
115
 
# File 'lib/esp/resources/alert.rb', line 113

def suppress_region(reason = nil)
  suppress(Suppression::Region, reason)
end

#suppress_signature(reason = nil) ⇒ Object

Suppress the signature associated with this alert.

Parameter

reason | Required | The reason for creating the suppression.



105
106
107
 
# File 'lib/esp/resources/alert.rb', line 105

def suppress_signature(reason = nil)
  suppress(Suppression::Signature, reason)
end

#suppress_unique_identifier(reason = nil) ⇒ Object

Suppress the unique identifier associated with this alert.

Parameter

reason | Required | The reason for creating the suppression.



121
122
123
 
# File 'lib/esp/resources/alert.rb', line 121

def suppress_unique_identifier(reason = nil)
  suppress(Suppression::UniqueIdentifier, reason)
end

#suppressionObject

Returns the suppression associated with this alert. If present the alert was suppressed.



21
 
# File 'lib/esp/resources/alert.rb', line 21

belongs_to :suppression, class_name: 'ESP::Suppression'

#tagsObject

Returns the tags associated with this alert.



29
 
# File 'lib/esp/resources/alert.rb', line 29

has_many :tags, class_name: 'ESP::Tag'