Class: ESP::Alert

Inherits:

Resource

• Object
• ActiveResource::Base
• Resource
• ESP::Alert

Defined in:

lib/esp/resources/alert.rb

Class Method Summary

• .find(*arguments) ⇒ ESP::Alert

  Find an Alert by id.

• .where(clauses = {}) ⇒ ActiveResource::PaginatedCollection<ESP::Alert>

  Returns alerts for the given report_id.

Instance Method Summary

• #cloud_trail_events ⇒ ActiveResource::PaginatedCollection<ESP::CloudTrailEvent>

  Returns the cloud trail events associated with this alert.

• #custom_signature ⇒ ESP::CustomSignature

  Returns the custom signature associated with this alert.

• #destroy ⇒ void

  Not Implemented.

• #external_account ⇒ ESP::ExternalAccount

  Returns the external account associated with this alert.

• #metadata ⇒ ESP::Metadata

  Returns the metadata associated with this alert.

• #region ⇒ ESP::Region

  Returns the region associated with this alert.

• #save ⇒ void

  Not Implemented.

• #signature ⇒ ESP::Signature

  Returns the region associated with this alert.

• #suppress_region(reason = nil) ⇒ ESP::Suppression::Region

  Suppress the region associated with this alert.

• #suppress_signature(reason = nil) ⇒ ESP::Suppression::Signature

  Suppress the signature associated with this alert.

• #suppress_unique_identifier(reason = nil) ⇒ ESP::Suppression::UniqueIdentifier

  Suppress the unique identifier associated with this alert.

• #suppression ⇒ ESP::Suppression

  Returns the suppression associated with this alert.

• #tags ⇒ ActiveResource::PaginatedCollection<ESP::Tag>

  Returns the tags associated with this alert.

Methods included from Dirty

#changed_attributes, #original_attributes, #original_attributes=

Methods included from LoadWithOriginalAttributes

#load

Class Method Details

.find(id) ⇒ ESP::Alert .find(id, options) ⇒ ESP::Alert .find(scope, options) ⇒ ESP::Alert

Find an Alert by id

Examples:

alert = ESP::Alert.find(1)
alert = ESP::Alert.find(1, include: 'tags,external_account.team')
alert = ESP::Alert.find(:all, params: { report_id: 5 })

Overloads:

• .find(id) ⇒ ESP::Alert

  Parameters:

  • id (Integer, Numeric, #to_i) —

    Required ID of the alert to retrieve.

• .find(id, options) ⇒ ESP::Alert

  Parameters:

  • id (Integer, Numeric, #to_i) —

    Required ID of the alert to retrieve.

  • options (Hash) —

    Valid Options

    include | The list of associated objects to return on the initial request.

    Valid Includable Associations

    See API documentation for valid arguments

• .find(scope, options) ⇒ ESP::Alert

  This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

  call-seq -> super.all(options)

  Parameters:

  • scope (Object) —

    Example: :all

  • options (Hash) —

    { params: { report_id: Integer } }

  Raises:

  • (ArgumentError) —

    if no report_id is supplied.

Returns:

• (ESP::Alert)

# File 'lib/esp/resources/alert.rb', line 96

def self.find(*arguments)
  scope = arguments.slice!(0)
  options = (arguments.slice!(0) || {}).with_indifferent_access
  return super(scope, options) if scope.is_a?(Numeric) || options[:from].present?
  params = options.fetch(:params, {})
  from = for_report(params.delete(:report_id))
  all(from: "#{from}.json", params: params)
end

.where(clauses = {}) ⇒ ActiveResource::PaginatedCollection<ESP::Alert>

Returns alerts for the given report_id

call-seq -> super.where(clauses)

Examples:

alerts = ESP::Alert.where(report_id: 54, status_eq: 'fail', signature_risk_level_in: ['High'], include: 'signature')

Parameters:

• clauses (Hash) (defaults to: {}) —

  Required hash of attributes with appended predicates to search, sort and include.

  Valid Clauses

  See API documentation for valid arguments

Returns:

• (ActiveResource::PaginatedCollection<ESP::Alert>)

# File 'lib/esp/resources/alert.rb', line 63

def self.where(clauses = {})
  clauses = clauses.with_indifferent_access
  return super(clauses) if clauses[:from].present?
  from = for_report(clauses.delete(:report_id))
  super clauses.merge(from: from)
end

Instance Method Details

#cloud_trail_events ⇒ ActiveResource::PaginatedCollection<ESP::CloudTrailEvent>

Returns the cloud trail events associated with this alert. These may be added up to 10 minutes after the alert was created

Returns:

• (ActiveResource::PaginatedCollection<ESP::CloudTrailEvent>)

# File 'lib/esp/resources/alert.rb', line 25

has_many :cloud_trail_events, class_name: 'ESP::CloudTrailEvent'

#custom_signature ⇒ ESP::CustomSignature

Returns the custom signature associated with this alert. Either a signature or custom signature but not both will be present.

Returns:

• (ESP::CustomSignature)

# File 'lib/esp/resources/alert.rb', line 17

belongs_to :custom_signature, class_name: 'ESP::CustomSignature'

#destroy ⇒ void

This method returns an undefined value.

Not Implemented. You cannot destroy an Alert.

# File 'lib/esp/resources/alert.rb', line 48

def destroy
  fail ESP::NotImplementedError
end

#external_account ⇒ ESP::ExternalAccount

Returns the external account associated with this alert.

Returns:

• (ESP::ExternalAccount)

# File 'lib/esp/resources/alert.rb', line 5

belongs_to :external_account, class_name: 'ESP::ExternalAccount'

#metadata ⇒ ESP::Metadata

Returns the metadata associated with this alert.

Returns:

• (ESP::Metadata)

# File 'lib/esp/resources/alert.rb', line 34

def metadata
  ESP::Metadata.for_alert(id)
end

#region ⇒ ESP::Region

Returns the region associated with this alert.

Returns:

• (ESP::Region)

# File 'lib/esp/resources/alert.rb', line 9

belongs_to :region, class_name: 'ESP::Region'

#save ⇒ void

This method returns an undefined value.

Not Implemented. You cannot create or update an Alert.

# File 'lib/esp/resources/alert.rb', line 41

def save
  fail ESP::NotImplementedError
end

#signature ⇒ ESP::Signature

Returns the region associated with this alert. Either a signature or custom signature but not both will be present.

Returns:

• (ESP::Signature)

# File 'lib/esp/resources/alert.rb', line 13

belongs_to :signature, class_name: 'ESP::Signature'

#suppress_region(reason = nil) ⇒ ESP::Suppression::Region

Suppress the region associated with this alert.

Parameters:

• reason (String) (defaults to: nil) —

  Required reason for creating the suppression.

Returns:

• (ESP::Suppression::Region)

# File 'lib/esp/resources/alert.rb', line 123

def suppress_region(reason = nil)
  suppress(Suppression::Region, reason)
end

#suppress_signature(reason = nil) ⇒ ESP::Suppression::Signature

Suppress the signature associated with this alert.

Parameters:

• reason (String) (defaults to: nil) —

  Required reason for creating the suppression.

Returns:

• (ESP::Suppression::Signature)

# File 'lib/esp/resources/alert.rb', line 115

def suppress_signature(reason = nil)
  suppress(Suppression::Signature, reason)
end

#suppress_unique_identifier(reason = nil) ⇒ ESP::Suppression::UniqueIdentifier

Suppress the unique identifier associated with this alert.

Parameters:

• reason (String) (defaults to: nil) —

  Required reason for creating the suppression.

Returns:

• (ESP::Suppression::UniqueIdentifier)

Raises:

• (ArgumentError) —

  if no reason is supplied.

# File 'lib/esp/resources/alert.rb', line 132

def suppress_unique_identifier(reason = nil)
  suppress(Suppression::UniqueIdentifier, reason)
end

#suppression ⇒ ESP::Suppression

Returns the suppression associated with this alert. If present the alert was suppressed.

Returns:

• (ESP::Suppression)

# File 'lib/esp/resources/alert.rb', line 21

belongs_to :suppression, class_name: 'ESP::Suppression'

#tags ⇒ ActiveResource::PaginatedCollection<ESP::Tag>

Returns the tags associated with this alert.

Returns:

• (ActiveResource::PaginatedCollection<ESP::Tag>)

# File 'lib/esp/resources/alert.rb', line 29

has_many :tags, class_name: 'ESP::Tag'