XF/neptune
2
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Implement getting alerts in overview

Browse Source
This commit is contained in:
Mark Veidemanis
2022-08-03 09:24:13 +01:00
parent f52d01d6f7
commit 04d4cee222
6 changed files with 174 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

56
core/lib/manage/threshold.py
View File

@@ -1,5 +1,8 @@
import urllib.parse
from django.conf import settings
from core.lib.opensearch import client, run_main_query
from core.lib.threshold import threshold_request
@@ -139,3 +142,56 @@ def del_network(net):
payload = {}
deleted = threshold_request(url, payload, method="DELETE")
return deleted
def construct_alert_query():
# Get the initial query
query = {
"size": 25,
"query": {
"bool": {
"must": [
{"match": {"src": "irc"}},
]
}
},
"sort": [
{
"ts": {
"order": "desc",
}
}
],
}
return query
def get_irc_alerts(user):
query = construct_alert_query()
print("QUERY1", query)
results = run_main_query(
client,
user, # passed through run_main_query to filter_blacklisted
query,
custom_query=True,
index=settings.OPENSEARCH_INDEX_INT,
)
print("ALERTS", results)
if not results:
return []
results_parsed = []
if "hits" in results.keys():
if "hits" in results["hits"]:
for item in results["hits"]["hits"]:
element = item["_source"]
element["id"] = item["_id"]
# Split the timestamp into date and time
ts = element["ts"]
ts_spl = ts.split("T")
date = ts_spl[0]
time = ts_spl[1]
element["date"] = date
element["time"] = time
results_parsed.append(element)
return results_parsed

3
core/lib/opensearch.py
View File

@@ -123,7 +123,8 @@ def run_main_query(client, user, query, custom_query=False, index=None, size=Non
search_query = construct_query(query, size)
try:
response = client.search(body=search_query, index=index)
except RequestError:
except RequestError as err:
print(err)
return False
filter_blacklisted(user, response)
return response