MCPcopy
hub / github.com/crowdsecurity/crowdsec / FormatAsStrings

Method FormatAsStrings

pkg/models/helpers.go:116–166  ·  view source on GitHub ↗
(machineID string, logger *log.Logger)

Source from the content-addressed store, hash-verified

114}
115
116func (a *Alert) FormatAsStrings(machineID string, logger *log.Logger) []string {
117 src := a.Source.String()
118
119 msg := "empty scenario"
120 if a.Scenario != nil && *a.Scenario != "" {
121 msg = *a.Scenario
122 } else if a.Message != nil && *a.Message != "" {
123 msg = *a.Message
124 }
125
126 reason := fmt.Sprintf("%s by %s", msg, src)
127
128 if len(a.Decisions) == 0 {
129 return []string{fmt.Sprintf("(%s) alert : %s", machineID, reason)}
130 }
131
132 var retStr []string
133
134 if a.Decisions[0].Origin != nil && *a.Decisions[0].Origin == CscliImportOrigin {
135 return []string{fmt.Sprintf("(%s) alert : %s", machineID, reason)}
136 }
137
138 for i, decisionItem := range a.Decisions {
139 decision := ""
140 if a.Simulated != nil && *a.Simulated {
141 decision = "(simulated alert)"
142 } else if decisionItem.Simulated != nil && *decisionItem.Simulated {
143 decision = "(simulated decision)"
144 }
145
146 if logger.IsLevelEnabled(log.DebugLevel) {
147 logger.Debug(spew.Sdump(decisionItem))
148 }
149
150 if len(a.Decisions) > 1 {
151 reason = fmt.Sprintf("%s for %d/%d decisions", msg, i+1, len(a.Decisions))
152 }
153
154 origin := *decisionItem.Origin
155 if machineID != "" {
156 origin = machineID + "/" + origin
157 }
158
159 decision += fmt.Sprintf("%s %s on %s %s", *decisionItem.Duration,
160 *decisionItem.Type, *decisionItem.Scope, *decisionItem.Value)
161 retStr = append(retStr,
162 fmt.Sprintf("(%s) %s : %s", origin, reason, decision))
163 }
164
165 return retStr
166}
167
168type ProfileAlert struct {
169 ProfileID uint

Callers 1

createAlertBatchMethod · 0.80

Calls 2

StringMethod · 0.45
DebugMethod · 0.45

Tested by

no test coverage detected