MCPcopy
hub / github.com/crowdsecurity/crowdsec / createAlertBatch

Method createAlertBatch

pkg/database/alerts.go:633–720  ·  view source on GitHub ↗
(ctx context.Context, machineID string, owner *ent.Machine, alerts []*models.Alert)

Source from the content-addressed store, hash-verified

631}
632
633func (c *Client) createAlertBatch(ctx context.Context, machineID string, owner *ent.Machine, alerts []*models.Alert) ([]string, error) {
634 tx, err := c.Ent.Tx(ctx)
635 if err != nil {
636 return nil, fmt.Errorf("creating alert transaction: %w: %w", err, BulkError)
637 }
638
639 txEnt := tx.Client()
640
641 batch := make([]alertCreatePlan, 0, len(alerts))
642
643 for _, alertItem := range alerts {
644 startAtTime, stopAtTime := parseAlertTimes(alertItem, c.Log)
645
646 // display proper alert in logs
647 for _, disp := range alertItem.FormatAsStrings(machineID, log.StandardLogger()) {
648 c.Log.Info(disp)
649 }
650
651 events, err := buildEventCreates(ctx, c.Log, txEnt, machineID, alertItem)
652 if err != nil {
653 return nil, rollbackOnError(tx, err, fmt.Sprintf("building events for alert %s", alertItem.UUID))
654 }
655
656 metas, err := buildMetaCreates(ctx, c.Log, txEnt, alertItem)
657 if err != nil {
658 c.Log.Warningf("error creating alert meta: %s", err)
659 }
660
661 decisions, discardCount, err := c.buildDecisions(ctx, c.Log, txEnt, alertItem, stopAtTime)
662 if err != nil {
663 return nil, rollbackOnError(tx, err, fmt.Sprintf("building decisions for alert %s", alertItem.UUID))
664 }
665
666 // if all decisions were discarded, discard the alert too
667 if discardCount > 0 && len(decisions) == 0 {
668 c.Log.Warningf("dropping alert %s: all decisions invalid", alertItem.UUID)
669 continue
670 }
671
672 builder := txEnt.Alert.
673 Create().
674 SetScenario(*alertItem.Scenario).
675 SetMessage(*alertItem.Message).
676 SetEventsCount(*alertItem.EventsCount).
677 SetStartedAt(startAtTime).
678 SetStoppedAt(stopAtTime).
679 SetSourceScope(*alertItem.Source.Scope).
680 SetSourceValue(*alertItem.Source.Value).
681 SetSourceIp(alertItem.Source.IP).
682 SetSourceRange(alertItem.Source.Range).
683 SetSourceAsNumber(alertItem.Source.AsNumber).
684 SetSourceAsName(alertItem.Source.AsName).
685 SetSourceCountry(alertItem.Source.Cn).
686 SetSourceLatitude(alertItem.Source.Latitude).
687 SetSourceLongitude(alertItem.Source.Longitude).
688 SetCapacity(*alertItem.Capacity).
689 SetLeakSpeed(*alertItem.Leakspeed).
690 SetSimulated(*alertItem.Simulated).

Callers 1

CreateAlertMethod · 0.95

Calls 15

buildDecisionsMethod · 0.95
saveAlertsMethod · 0.95
parseAlertTimesFunction · 0.85
buildEventCreatesFunction · 0.85
rollbackOnErrorFunction · 0.85
buildMetaCreatesFunction · 0.85
FormatAsStringsMethod · 0.80
StandardLoggerMethod · 0.80
CommitMethod · 0.65
TxMethod · 0.45
ClientMethod · 0.45
InfoMethod · 0.45

Tested by

no test coverage detected