diff --git a/src/main/java/com/airbus_cyber_security/graylog/wizard/alert/rest/AlertRuleResource.java b/src/main/java/com/airbus_cyber_security/graylog/wizard/alert/rest/AlertRuleResource.java index e8815d98..45eaf669 100755 --- a/src/main/java/com/airbus_cyber_security/graylog/wizard/alert/rest/AlertRuleResource.java +++ b/src/main/java/com/airbus_cyber_security/graylog/wizard/alert/rest/AlertRuleResource.java @@ -173,6 +173,7 @@ private GetDataAlertRule constructDataAlertRule(AlertRule alert) { alertRuleStream2 = this.constructAlertRuleStream(conditions2); isDisabled = this.isDisabled(conditions); eventIdentifier2 = pattern.eventIdentifier2(); + completeParametersConditionForDisjunction(parametersCondition, this.eventDefinitionService.getEventDefinition(eventIdentifier2)); } else if (alertPattern instanceof AggregationAlertPattern pattern) { event = this.eventDefinitionService.getEventDefinition(pattern.eventIdentifier()); parametersCondition = getConditionParameters(event); @@ -192,19 +193,10 @@ private GetDataAlertRule constructDataAlertRule(AlertRule alert) { String eventIdentifier = null; String description = null; - String searchQuery = null; if (event.isPresent()) { EventDefinitionDto eventDefinitionDto = event.get(); eventIdentifier = eventDefinitionDto.id(); description = eventDefinitionDto.description(); - if(eventDefinitionDto.config() != null) { - if(eventDefinitionDto.config() instanceof AggregationEventProcessorConfig) { - searchQuery = ((AggregationEventProcessorConfig) eventDefinitionDto.config()).query(); - } - if(eventDefinitionDto.config() instanceof CorrelationCountProcessorConfig) { - searchQuery = ((CorrelationCountProcessorConfig) eventDefinitionDto.config()).searchQuery(); - } - } } return GetDataAlertRule.create(alert.getTitle(), @@ -217,7 +209,6 @@ private GetDataAlertRule constructDataAlertRule(AlertRule alert) { lastModified, isDisabled, description, - searchQuery, alert.getAlertType(), parametersCondition, alertRuleStream, @@ -231,6 +222,12 @@ private Map getConditionParameters(Optional return this.conversions.getConditionParameters(event.get().config()); } + private void completeParametersConditionForDisjunction(Map configParameters, Optional event) { + if (event.isPresent()) { + configParameters.put("additional_search_query", ((AggregationEventProcessorConfig) event.get().config()).query()); + } + } + @GET @Timed @ApiOperation(value = "Lists all existing alerts") @@ -399,10 +396,9 @@ private AlertPattern createAlertPattern(String notificationIdentifier, AlertRule return createDisjunctionAlertPattern(notificationIdentifier, request, alertTitle, userContext, userName, conditions); default: String description = request.getDescription(); - String searchQuery = request.getSearchQuery(); Map conditionParameters = request.conditionParameters(); String streamIdentifier = conditions.outputStreamIdentifier(); - EventProcessorConfig configuration1 = this.conversions.createEventConfiguration(alertType, conditionParameters, streamIdentifier, searchQuery); + EventProcessorConfig configuration1 = this.conversions.createEventConfiguration(alertType, conditionParameters, streamIdentifier); String eventIdentifier = this.eventDefinitionService.createEvent(alertTitle, description, notificationIdentifier, configuration1, userContext); return AggregationAlertPattern.builder().conditions(conditions).eventIdentifier(eventIdentifier).build(); @@ -411,15 +407,14 @@ private AlertPattern createAlertPattern(String notificationIdentifier, AlertRule private DisjunctionAlertPattern createDisjunctionAlertPattern(String notificationIdentifier, AlertRuleRequest request, String alertTitle, UserContext userContext, String userName, TriggeringConditions conditions) throws ValidationException { String description = request.getDescription(); - String searchQuery = request.getSearchQuery(); Map conditionParameters = request.conditionParameters(); TriggeringConditions conditions2 = createTriggeringConditions(request.getSecondStream(), alertTitle + "#2", userName); String streamIdentifier = conditions.outputStreamIdentifier(); - EventProcessorConfig configuration = this.conversions.createAggregationCondition(streamIdentifier, searchQuery, conditionParameters); + EventProcessorConfig configuration = this.conversions.createAggregationCondition(streamIdentifier, conditionParameters); String eventIdentifier = this.eventDefinitionService.createEvent(alertTitle, description, notificationIdentifier, configuration, userContext); String streamIdentifier2 = conditions2.outputStreamIdentifier(); - EventProcessorConfig configuration2 = this.conversions.createAggregationCondition(streamIdentifier2, searchQuery, conditionParameters); + EventProcessorConfig configuration2 = this.conversions.createAggregationCondition(streamIdentifier2, conditionParameters, true); String eventIdentifier2 = this.eventDefinitionService.createEvent(alertTitle + "#2", description, notificationIdentifier, configuration2, userContext); return DisjunctionAlertPattern.builder() @@ -429,14 +424,13 @@ private DisjunctionAlertPattern createDisjunctionAlertPattern(String notificatio private CorrelationAlertPattern createCorrelationAlertPattern(String notificationIdentifier, AlertRuleRequest request, String alertTitle, UserContext userContext, String userName, TriggeringConditions conditions) throws ValidationException { String description = request.getDescription(); - String searchQuery = request.getSearchQuery(); AlertType alertType = request.getConditionType(); Map conditionParameters = request.conditionParameters(); TriggeringConditions conditions2 = createTriggeringConditions(request.getSecondStream(), alertTitle + "#2", userName); String streamIdentifier = conditions.outputStreamIdentifier(); String streamIdentifier2 = conditions2.outputStreamIdentifier(); - EventProcessorConfig configuration = this.conversions.createCorrelationCondition(alertType, streamIdentifier, streamIdentifier2, searchQuery, conditionParameters); + EventProcessorConfig configuration = this.conversions.createCorrelationCondition(alertType, streamIdentifier, streamIdentifier2, conditionParameters); String eventIdentifier = this.eventDefinitionService.createEvent(alertTitle, description, notificationIdentifier, configuration, userContext); return CorrelationAlertPattern.builder().conditions1(conditions).conditions2(conditions2).eventIdentifier(eventIdentifier).build(); } @@ -462,7 +456,7 @@ private AlertPattern updateAlertPattern(AlertPattern previousAlertPattern, Strin String streamIdentifier = conditions.outputStreamIdentifier(); String streamIdentifier2 = conditions2.outputStreamIdentifier(); - EventProcessorConfig configuration = this.conversions.createCorrelationCondition(alertType, streamIdentifier, streamIdentifier2, request.getSearchQuery(), request.conditionParameters()); + EventProcessorConfig configuration = this.conversions.createCorrelationCondition(alertType, streamIdentifier, streamIdentifier2, request.conditionParameters()); this.eventDefinitionService.updateEvent(title, request.getDescription(), previousPattern.eventIdentifier(), configuration); return previousPattern.toBuilder().conditions1(conditions).build(); @@ -473,11 +467,11 @@ private AlertPattern updateAlertPattern(AlertPattern previousAlertPattern, Strin TriggeringConditions conditions2 = this.updateTriggeringConditions(previousConditions2, title2, streamConfiguration2, userName); String streamIdentifier = conditions.outputStreamIdentifier(); - EventProcessorConfig configuration = this.conversions.createEventConfiguration(request.getConditionType(), request.conditionParameters(), streamIdentifier, request.getSearchQuery()); + EventProcessorConfig configuration = this.conversions.createEventConfiguration(request.getConditionType(), request.conditionParameters(), streamIdentifier); this.eventDefinitionService.updateEvent(title, request.getDescription(), previousPattern.eventIdentifier1(), configuration); String streamIdentifier2 = conditions2.outputStreamIdentifier(); - EventProcessorConfig configuration2 = this.conversions.createAggregationCondition(streamIdentifier2, request.getSearchQuery(), request.conditionParameters()); + EventProcessorConfig configuration2 = this.conversions.createAggregationCondition(streamIdentifier2, request.conditionParameters(), true); this.eventDefinitionService.updateEvent(title2, request.getDescription(), previousPattern.eventIdentifier2(), configuration2); return previousPattern.toBuilder().conditions1(conditions).build(); @@ -485,7 +479,7 @@ private AlertPattern updateAlertPattern(AlertPattern previousAlertPattern, Strin TriggeringConditions previousConditions = previousPattern.conditions(); TriggeringConditions conditions = updateTriggeringConditions(previousConditions, title, streamConfiguration, userName); String streamIdentifier = conditions.outputStreamIdentifier(); - EventProcessorConfig configuration = this.conversions.createEventConfiguration(request.getConditionType(), request.conditionParameters(), streamIdentifier, request.getSearchQuery()); + EventProcessorConfig configuration = this.conversions.createEventConfiguration(request.getConditionType(), request.conditionParameters(), streamIdentifier); this.eventDefinitionService.updateEvent(title, request.getDescription(), previousPattern.eventIdentifier(), configuration); return previousPattern.toBuilder().conditions(conditions).build(); diff --git a/src/main/java/com/airbus_cyber_security/graylog/wizard/alert/rest/Conversions.java b/src/main/java/com/airbus_cyber_security/graylog/wizard/alert/rest/Conversions.java index 0c05e890..1ac1af6d 100755 --- a/src/main/java/com/airbus_cyber_security/graylog/wizard/alert/rest/Conversions.java +++ b/src/main/java/com/airbus_cyber_security/graylog/wizard/alert/rest/Conversions.java @@ -69,6 +69,8 @@ public class Conversions { private static final String THRESHOLD = "threshold"; private static final String THRESHOLD_TYPE_MORE = ">"; private static final String THRESHOLD_TYPE_LESS = "<"; + private static final String SEARCH_QUERY = "search_query"; + private static final String ADDITIONAL_SEARCH_QUERY = "additional_search_query"; private final FieldRulesUtilities fieldRulesUtilities; @@ -135,11 +137,14 @@ Map getConditionParameters(EventProcessorConfig eventConfig) { parametersCondition.put(TIME, this.convertMillisecondsToMinutes(correlationConfig.searchWithinMs())); parametersCondition.put(GROUPING_FIELDS, correlationConfig.groupingFields()); parametersCondition.put(GRACE, this.convertMillisecondsToMinutes(correlationConfig.executeEveryMs())); + parametersCondition.put(SEARCH_QUERY, correlationConfig.searchQuery()); + parametersCondition.put(ADDITIONAL_SEARCH_QUERY, correlationConfig.additionalSearchQuery()); break; case "aggregation-v1": AggregationEventProcessorConfig aggregationConfig = (AggregationEventProcessorConfig) eventConfig; parametersCondition.put(TIME, this.convertMillisecondsToMinutes(aggregationConfig.searchWithinMs())); parametersCondition.put(GRACE, this.convertMillisecondsToMinutes(aggregationConfig.executeEveryMs())); + parametersCondition.put(SEARCH_QUERY, aggregationConfig.query()); parametersCondition.put(THRESHOLD, convertThreshold(aggregationConfig.conditions().get().expression().get())); parametersCondition.put(THRESHOLD_TYPE, aggregationConfig.conditions().get().expression().get().expr()); AggregationSeries series = aggregationConfig.series().get(0); @@ -293,7 +298,7 @@ private int accessThreshold(Map conditionParameter) { // TODO move method to AlertRuleUtils? // TODO instead of a String, the type could already be a com.airbus_cyber_security.graylog.events.processor.correlation.checks.OrderType - EventProcessorConfig createCorrelationCondition(AlertType type, String streamID, String streamID2, String searchQuery, Map conditionParameter) { + EventProcessorConfig createCorrelationCondition(AlertType type, String streamID, String streamID2, Map conditionParameter) { OrderType messageOrder; if (type == AlertType.THEN) { messageOrder = OrderType.AFTER; @@ -302,6 +307,8 @@ EventProcessorConfig createCorrelationCondition(AlertType type, String streamID, } String thresholdType = convertThresholdTypeToCorrelation((String) conditionParameter.get(THRESHOLD_TYPE)); String additionalThresholdType = convertThresholdTypeToCorrelation((String) conditionParameter.get(ADDITIONAL_THRESHOLD_TYPE)); + String searchQuery = (String) conditionParameter.get(SEARCH_QUERY); + String additionalSearchQuery = (String) conditionParameter.get(ADDITIONAL_SEARCH_QUERY); int threshold = this.accessThreshold(conditionParameter); @@ -322,6 +329,7 @@ EventProcessorConfig createCorrelationCondition(AlertType type, String streamID, .groupingFields((List) conditionParameter.get(GROUPING_FIELDS)) .comment(Description.COMMENT_ALERT_WIZARD) .searchQuery(searchQuery) + .additionalSearchQuery(additionalSearchQuery) .build(); } @@ -338,7 +346,11 @@ private Expression createExpressionFromNumberThreshold(String identifie } } - public EventProcessorConfig createAggregationCondition(String streamIdentifier, String searchQuery, Map conditionParameter) { + public EventProcessorConfig createAggregationCondition(String streamIdentifier, Map conditionParameter) { + return createAggregationCondition(streamIdentifier, conditionParameter, false); + } + + public EventProcessorConfig createAggregationCondition(String streamIdentifier, Map conditionParameter, boolean useAdditionalSearchQuery) { List groupByFields = (List) conditionParameter.get(GROUPING_FIELDS); String distinctBy = (String) conditionParameter.get(DISTINCT_BY); @@ -367,6 +379,8 @@ public EventProcessorConfig createAggregationCondition(String streamIdentifier, .expression(expression) .build(); + String searchQuery = useAdditionalSearchQuery ? (String) conditionParameter.get(ADDITIONAL_SEARCH_QUERY) : (String) conditionParameter.get(SEARCH_QUERY); + return AggregationEventProcessorConfig.builder() .query(searchQuery) .streams(streams) @@ -422,7 +436,7 @@ private Expression createExpressionFromThreshold(String identifier, Str } } - public EventProcessorConfig createStatisticalCondition(String streamID, String searchQuery, Map conditionParameter) { + public EventProcessorConfig createStatisticalCondition(String streamID, Map conditionParameter) { String type = conditionParameter.get(TYPE).toString(); LOG.debug("Begin Stat, type: {}", type); // TODO extract method to parse searchWithinMs @@ -443,6 +457,8 @@ public EventProcessorConfig createStatisticalCondition(String streamID, String s conditionParameter.get(THRESHOLD_TYPE).toString(), threshold); + String searchQuery = (String) conditionParameter.get(SEARCH_QUERY); + return AggregationEventProcessorConfig.builder() .query(searchQuery) .streams(new HashSet<>(Collections.singleton(streamID))) @@ -456,11 +472,11 @@ public EventProcessorConfig createStatisticalCondition(String streamID, String s .build(); } - public EventProcessorConfig createEventConfiguration(AlertType alertType, Map conditionParameter, String streamIdentifier, String searchQuery) { + public EventProcessorConfig createEventConfiguration(AlertType alertType, Map conditionParameter, String streamIdentifier) { if (alertType == AlertType.STATISTICAL) { - return createStatisticalCondition(streamIdentifier, searchQuery, conditionParameter); + return createStatisticalCondition(streamIdentifier, conditionParameter); } else { - return createAggregationCondition(streamIdentifier, searchQuery, conditionParameter); + return createAggregationCondition(streamIdentifier, conditionParameter); } } } diff --git a/src/main/java/com/airbus_cyber_security/graylog/wizard/alert/rest/models/requests/AlertRuleRequest.java b/src/main/java/com/airbus_cyber_security/graylog/wizard/alert/rest/models/requests/AlertRuleRequest.java index d8427213..4b1c44a8 100755 --- a/src/main/java/com/airbus_cyber_security/graylog/wizard/alert/rest/models/requests/AlertRuleRequest.java +++ b/src/main/java/com/airbus_cyber_security/graylog/wizard/alert/rest/models/requests/AlertRuleRequest.java @@ -44,10 +44,6 @@ public abstract class AlertRuleRequest { @NotNull public abstract String getDescription(); - @JsonProperty("search_query") - @NotNull - public abstract String getSearchQuery(); - // TODO should be an enum. Possible values: COUNT, GROUP_DISTINCT, STATISTICAL, AND, THEN, OR @JsonProperty("condition_type") @NotNull @@ -69,11 +65,10 @@ public abstract class AlertRuleRequest { public static AlertRuleRequest create(@JsonProperty("title") String title, @JsonProperty("severity") String severity, @JsonProperty("description") String description, - @JsonProperty("search_query") String searchQuery, @JsonProperty("condition_type") AlertType alertType, @JsonProperty("condition_parameters") Map conditionParameters, @JsonProperty("stream") AlertRuleStream stream, @JsonProperty("second_stream") AlertRuleStream stream2) { - return new AutoValue_AlertRuleRequest(title, severity, description, searchQuery, alertType, conditionParameters, stream, stream2); + return new AutoValue_AlertRuleRequest(title, severity, description, alertType, conditionParameters, stream, stream2); } } diff --git a/src/main/java/com/airbus_cyber_security/graylog/wizard/alert/rest/models/responses/GetDataAlertRule.java b/src/main/java/com/airbus_cyber_security/graylog/wizard/alert/rest/models/responses/GetDataAlertRule.java index 317f972a..af74ca03 100755 --- a/src/main/java/com/airbus_cyber_security/graylog/wizard/alert/rest/models/responses/GetDataAlertRule.java +++ b/src/main/java/com/airbus_cyber_security/graylog/wizard/alert/rest/models/responses/GetDataAlertRule.java @@ -49,10 +49,6 @@ public abstract class GetDataAlertRule { @Nullable public abstract String getDescription(); - @JsonProperty("search_query") - @Nullable - public abstract String getSearchQuery(); - @JsonProperty("condition_type") @Nullable public abstract AlertType getConditionType(); @@ -115,12 +111,11 @@ public static GetDataAlertRule create(@JsonProperty("title") String title, @JsonProperty("created_at") DateTime lastModified, @JsonProperty("disabled") boolean isDisabled, @JsonProperty("description") String description, - @JsonProperty("search_query") String searchQuery, @JsonProperty("condition_type") AlertType alertType, @JsonProperty("condition_parameters") Map conditionParameters, @JsonProperty("stream") AlertRuleStream stream, @JsonProperty("second_stream") AlertRuleStream stream2) { - return new AutoValue_GetDataAlertRule(title, severity, description, searchQuery, alertType, conditionParameters, stream, stream2, + return new AutoValue_GetDataAlertRule(title, severity, description, alertType, conditionParameters, stream, stream2, eventDefinitionIdentifier, secondEventDefinitionIdentifier, notificationIdentifier, createdAt, creatorUserIdentifier, lastModified, isDisabled); } diff --git a/src/web/translations/fr.json b/src/web/translations/fr.json index 6fd77fa5..846f4e09 100755 --- a/src/web/translations/fr.json +++ b/src/web/translations/fr.json @@ -25,7 +25,7 @@ "wizard.descripionParameters": "Définir les paramètres de la règle d'alerte", "wizard.titleAdvancedParameters": "Paramètres avancés (optionnel)", "wizard.titleDescription": "Description (optionnel)", - "wizard.titleSearchQuery": "Requête de recherche (optionnel)", + "wizard.titleSearchQuery": "Requête de recherche", "wizard.descriptionAlert": "Définir la description de la règle d'alerte", "wizard.titleSeverity": "Titre et sévérité de l'alerte", "wizard.fieldsCondition": "Condition sur les champs", diff --git a/src/web/wizard/components/conditions/CorrelationCondition.jsx b/src/web/wizard/components/conditions/CorrelationCondition.jsx index b54b83a7..fdadaa33 100755 --- a/src/web/wizard/components/conditions/CorrelationCondition.jsx +++ b/src/web/wizard/components/conditions/CorrelationCondition.jsx @@ -98,8 +98,10 @@ const CorrelationCondition = createReactClass({ let alert = ObjectUtils.clone(this.state.alert); alert.stream = this.state.alert.second_stream ? this.state.alert.second_stream : STREAM; alert.second_stream = this.state.alert.stream ? this.state.alert.stream : STREAM; + alert.condition_parameters.search_query = this.state.alert.condition_parameters.additional_search_query; alert.condition_parameters.threshold = this.state.alert.condition_parameters.additional_threshold; alert.condition_parameters.threshold_type = this.state.alert.condition_parameters.additional_threshold_type; + alert.condition_parameters.additional_search_query = this.state.alert.condition_parameters.search_query; alert.condition_parameters.additional_threshold = this.state.alert.condition_parameters.threshold; alert.condition_parameters.additional_threshold_type = this.state.alert.condition_parameters.threshold_type; this.setState({alert:alert}); @@ -133,6 +135,8 @@ const CorrelationCondition = createReactClass({ return ( <> + +

@@ -143,6 +147,8 @@ const CorrelationCondition = createReactClass({ {label}
+ +


- -

diff --git a/src/web/wizard/components/conditions/CountCondition.jsx b/src/web/wizard/components/conditions/CountCondition.jsx index 65ff76aa..5d11e2ce 100755 --- a/src/web/wizard/components/conditions/CountCondition.jsx +++ b/src/web/wizard/components/conditions/CountCondition.jsx @@ -78,16 +78,16 @@ const CountCondition = createReactClass({ return ( <> + +
+ matchData={this.props.matchData} />


- -

diff --git a/src/web/wizard/components/conditions/GroupDistinctCondition.jsx b/src/web/wizard/components/conditions/GroupDistinctCondition.jsx index 42190880..61b5ef85 100755 --- a/src/web/wizard/components/conditions/GroupDistinctCondition.jsx +++ b/src/web/wizard/components/conditions/GroupDistinctCondition.jsx @@ -73,6 +73,8 @@ const GroupDistinctCondition = createReactClass({ return ( <> + +

@@ -85,8 +87,6 @@ const GroupDistinctCondition = createReactClass({

- -

diff --git a/src/web/wizard/components/conditions/OrCondition.jsx b/src/web/wizard/components/conditions/OrCondition.jsx index e79bbd03..cb855676 100755 --- a/src/web/wizard/components/conditions/OrCondition.jsx +++ b/src/web/wizard/components/conditions/OrCondition.jsx @@ -89,6 +89,8 @@ const OrCondition = createReactClass({ return ( <> + +
@@ -96,6 +98,8 @@ const OrCondition = createReactClass({
+ +

@@ -104,8 +108,6 @@ const OrCondition = createReactClass({

- -

diff --git a/src/web/wizard/components/conditions/StatisticsCondition.jsx b/src/web/wizard/components/conditions/StatisticsCondition.jsx index 202efd0a..5464e4c3 100755 --- a/src/web/wizard/components/conditions/StatisticsCondition.jsx +++ b/src/web/wizard/components/conditions/StatisticsCondition.jsx @@ -75,6 +75,8 @@ const StatisticsCondition = createReactClass({ return ( <> + +

@@ -84,8 +86,6 @@ const StatisticsCondition = createReactClass({ field={this.props.alert.condition_parameters.field} threshold={this.props.alert.condition_parameters.threshold} thresholdType={this.props.alert.condition_parameters.threshold_type}/>
- -

diff --git a/src/web/wizard/components/inputs/SearchQueryInput.jsx b/src/web/wizard/components/inputs/SearchQueryInput.jsx index 5746ca24..72fbb2cc 100644 --- a/src/web/wizard/components/inputs/SearchQueryInput.jsx +++ b/src/web/wizard/components/inputs/SearchQueryInput.jsx @@ -27,20 +27,23 @@ const SearchQueryInput = createReactClass({ propTypes: { onUpdate: PropTypes.func, + fieldName: PropTypes.string }, getDefaultProps() { return { search_query:'', + fieldName: 'search_query' }; }, getInitialState() { return { - search_query:this.props.search_query, + search_query: this.props.search_query, + fieldName: this.props.fieldName }; }, - _onValueChanged(field) { + _onValueChanged() { return e => { - this.props.onUpdate(field, e.target.value); + this.props.onUpdate(this.props.fieldName, e.target.value); }; }, @@ -53,7 +56,7 @@ const SearchQueryInput = createReactClass({ diff --git a/src/web/wizard/pages/NewAlertPage.jsx b/src/web/wizard/pages/NewAlertPage.jsx index e5ad1ba1..b6033da0 100755 --- a/src/web/wizard/pages/NewAlertPage.jsx +++ b/src/web/wizard/pages/NewAlertPage.jsx @@ -68,7 +68,6 @@ const NewAlertPage = () => { const alert = { title: default_values.title, description: '', - search_query: '', severity: default_values.severity, condition_type: 'COUNT', condition_parameters: { @@ -83,7 +82,9 @@ const NewAlertPage = () => { grouping_fields: [], distinct_by: '', field: '', - type: '' + type: '', + search_query: '*', + additional_search_query: '*' }, stream: { matching_type: default_values.matching_type, diff --git a/src/web/wizard/resources/AlertRuleResource.js b/src/web/wizard/resources/AlertRuleResource.js index a9d2a4c7..2396b0cc 100644 --- a/src/web/wizard/resources/AlertRuleResource.js +++ b/src/web/wizard/resources/AlertRuleResource.js @@ -28,7 +28,6 @@ function create(newAlert) { title: newAlert.title, severity: newAlert.severity, description: newAlert.description, - search_query: newAlert.search_query, condition_type: newAlert.condition_type, condition_parameters: newAlert.condition_parameters, stream: newAlert.stream, diff --git a/src/web/wizard/stores/AlertRuleStore.js b/src/web/wizard/stores/AlertRuleStore.js index 2e9ab52a..88b91ea9 100755 --- a/src/web/wizard/stores/AlertRuleStore.js +++ b/src/web/wizard/stores/AlertRuleStore.js @@ -95,7 +95,6 @@ const AlertRuleStore = Reflux.createStore({ title: newAlert.title, severity: newAlert.severity, description: newAlert.description, - search_query: newAlert.search_query, condition_type: newAlert.condition_type, condition_parameters: newAlert.condition_parameters, stream: newAlert.stream, @@ -122,7 +121,6 @@ const AlertRuleStore = Reflux.createStore({ title: updatedAlert.title, severity: updatedAlert.severity, description: updatedAlert.description, - search_query: updatedAlert.search_query, condition_type: updatedAlert.condition_type, condition_parameters: updatedAlert.condition_parameters, stream: updatedAlert.stream, diff --git a/validation/graylog.py b/validation/graylog.py index da08a27e..2c498455 100644 --- a/validation/graylog.py +++ b/validation/graylog.py @@ -131,7 +131,6 @@ def delete_stream(self, identifier): def get_events(self): return self._api.get_events() - def get_events_count(self, event_definition_type=None): response = self.get_events() total = response['total_events']