diff --git a/core/lib/rules.py b/core/lib/rules.py index 1159c0b..958960c 100644 --- a/core/lib/rules.py +++ b/core/lib/rules.py @@ -107,7 +107,7 @@ def format_webhook(**kwargs): return notify_message -def rule_notify(rule, index, message, matched): +def rule_notify(rule, index, message, meta=None): """ Send a notification for a matching rule. Gets the notification settings for the rule. @@ -115,7 +115,7 @@ def rule_notify(rule, index, message, matched): :param rule: The rule object, must be specified :param index: The index the rule matched on, can be None :param message: The message to send, can be None - :param matched: The matched fields, can be None + :param meta: dict of metadata, contains `aggs` key for the matched fields """ # If there is no message, don't say anything matched if message: @@ -138,7 +138,7 @@ def rule_notify(rule, index, message, matched): "rule": rule, "index": index, "message": message, - "matched": matched, + "matched": meta["aggs"], "notification_settings": notification_settings, } @@ -249,7 +249,7 @@ class NotificationRuleData(object): return new_aggs - def rule_matched(self, index, message, aggs): + def rule_matched(self, index, message, meta): """ A rule has matched. If the previous run did not match, send a notification after formatting @@ -262,8 +262,8 @@ class NotificationRuleData(object): log.debug(f"Rule matched: {index} - current match: {current_match}") if current_match is False: # Matched now, but not before - formatted_aggs = self.format_aggs(aggs) - rule_notify(self.object, index, message, formatted_aggs) + meta["aggs"] = self.format_aggs(meta["aggs"]) + rule_notify(self.object, index, message, meta) self.store_match(index, True) def rule_no_match(self, index=None): @@ -309,7 +309,7 @@ class NotificationRuleData(object): if all(aggs_for_index): # All aggs have matched self.rule_matched( - index, results[: self.object.amount], meta["aggs"] + index, results[: self.object.amount], meta ) continue # Default branch, since the happy path has a continue keyword