public async void GetAlertsFilteredByDevice() { var device = await GetWindowsDeviceAsync().ConfigureAwait(false); var startUtcIsBefore = new DateTime(2018, 1, 1); foreach (var alertType in new List <AlertType> { AlertType.DataSource, AlertType.EventSource }) { var alertTypes = new List <AlertType> { alertType }; var alertFilter = new AlertFilter { AlertTypes = alertTypes, MonitorObjectId = device.Id, StartUtcIsBefore = startUtcIsBefore }; var alerts = await PortalClient.GetAlertsAsync(alertFilter).ConfigureAwait(false); // TODO CheckAlertsAreValid(alerts); // Make sure there are no alerts for hosts not mentioned by the hostFilter Assert.DoesNotContain(alerts, alert => alert.MonitorObjectName != device.DisplayName); Assert.All(alerts, alert => Assert.Contains(alert.AlertType, alertTypes)); Assert.All(alerts, alert => Assert.True(alert.StartOnUtc < startUtcIsBefore)); } }
public void LevelDefaultsToError() { var alertFilter = new AlertFilter(); Assert.Equal(2, alertFilter.Levels.Count); Assert.Equal(AlertLevel.Error, alertFilter.Levels[0]); Assert.Equal(AlertLevel.Critical, alertFilter.Levels[1]); }
public static void Checkbox(ProfileLog log) { if (AlertFilter.TryGetValue(log.type, out var value)) { AlertFilter[log.type] = !value; } else { AlertFilter.Add(log.type, true); } }
/// <summary> /// Retrieves a list of open alerts /// </summary> /// <param name="page"> /// The requested page from the server. This is an optional /// argument and if omitted the server will default to returning the /// first page with a maximum of <tt>100</tt> items. /// </param> /// <param name="filter"> /// A filter object to filter the open alerts on the /// server.If omitted, the server will return all objects as a /// paginated response. /// </param> /// <exception cref="Core.NebException"> /// An error with the GraphQL endpoint /// </exception> /// <returns>A paginated list of open alerts</returns> public AlertList GetOpenAlerts( PageInput page = null, AlertFilter filter = null) { // setup parameters GraphQLParameters parameters = new GraphQLParameters(); parameters.Add("page", page, true); parameters.Add("filter", filter, true); return(RunQuery <AlertList>(@"getOpenAlerts", parameters)); }
public async void GetAlertsFilteredByDeviceRest() { var device = await GetWindowsDeviceAsync().ConfigureAwait(false); var deviceGroupFullPathFilter = new List <string> { "Collectors*" }; const string dataSourceNameFilter = "Volume Usage-"; const string dataSourceInstanceNameFilter = @"WinVolumeUsage-C:\\"; const string dataPointNameFilter = "Capacity"; const AckFilter ackFilter = AckFilter.Acked; const SdtFilter sdtFilter = SdtFilter.Sdt; var levelsFilter = new List <AlertLevel> { AlertLevel.Error, AlertLevel.Critical }; bool?includeClearedFilter = true; var utcNow = DateTime.UtcNow; var alertFilter = new AlertFilter { MonitorObjectGroupFullPaths = deviceGroupFullPathFilter, MonitorObjectName = device.DisplayName, ResourceTemplateName = dataSourceNameFilter, DataPointName = dataPointNameFilter, InstanceName = dataSourceInstanceNameFilter, AckFilter = ackFilter, SdtFilter = sdtFilter, Levels = levelsFilter, IncludeCleared = includeClearedFilter, StartEpochIsAfter = utcNow.AddDays(-1).SecondsSinceTheEpoch(), StartEpochIsBefore = utcNow.SecondsSinceTheEpoch() }; var alerts = await PortalClient.GetAlertsAsync(alertFilter).ConfigureAwait(false); // TODO CheckAlertsAreValid(alerts); // Make sure there are no alerts for hosts not mentioned by the hostFilter Assert.True(alerts.All(alert => alert.MonitorObjectName == device.DisplayName)); //Assert.True(alerts.All(alert => alert.MonitorObjectGroups.Any(mog => mog.FullPath.StartsWith(deviceGroupFullPathFilter.Replace("*", ""))))); Assert.True(alerts.All(alert => alert.InstanceName.StartsWith(dataSourceNameFilter))); Assert.True(alerts.All(alert => alert.DataPointName.StartsWith(dataPointNameFilter))); }
/// <summary> /// Gets a list of alerts. /// If no alert filter is present, all alerts are returned, including inactive alerts /// </summary> /// <param name="alertFilter">An alert filter</param> /// <param name="cancellationToken">An optional cancellation token</param> /// <returns>a list of alerts that meet the filter</returns> public async Task <List <Alert> > GetAlertsAsync(AlertFilter alertFilter = null, CancellationToken cancellationToken = default) { // When scanning using both startAfter and startBefore (but not endAfter or endBefore), apply the workaround to avoid LogicMonitor's 10,000 alert limit var alerts = alertFilter?.StartUtcIsAfter != null && alertFilter.StartUtcIsBefore != null && alertFilter.EndUtcIsAfter == null && alertFilter.EndUtcIsBefore == null ? await GetRestAlertsWithV84Bug(alertFilter, TimeSpan.FromHours(8)).ConfigureAwait(false) : await GetRestAlertsWithoutV84BugAsync(alertFilter, cancellationToken).ConfigureAwait(false); if (alertFilter?.IsCleared == true) { return(alerts.Where(a => a.IsCleared).ToList()); } if (alertFilter?.IsCleared == false) { return(alerts.Where(a => !a.IsCleared).ToList()); } return(alerts); }
/// <summary> /// This version of the call requests hourly chunks /// </summary> /// <param name="alertFilter"></param> /// <param name="chunkSize"></param> public async Task <List <Alert> > GetRestAlertsWithV84Bug(AlertFilter alertFilter, TimeSpan chunkSize) { var originalStartEpochIsAfter = alertFilter.StartEpochIsAfter; var originalStartEpochIsBefore = alertFilter.StartEpochIsBefore; var utcNow = DateTime.UtcNow; if (alertFilter.StartEpochIsAfter == null) { alertFilter.StartEpochIsAfter = utcNow.AddYears(-1).SecondsSinceTheEpoch(); } if (alertFilter.StartEpochIsBefore == null) { alertFilter.StartEpochIsBefore = utcNow.SecondsSinceTheEpoch(); } var allAlerts = new ConcurrentBag <Alert>(); var alertFilterList = ((long)alertFilter.StartEpochIsAfter).ToDateTimeUtc() .GetChunkedTimeRangeList(((long)alertFilter.StartEpochIsBefore).ToDateTimeUtc(), chunkSize) .Select(t => { var newAlertFilter = alertFilter.Clone(); newAlertFilter.ResetSearch(); newAlertFilter.StartEpochIsAfter = t.Item1.SecondsSinceTheEpoch() - 1; // Take one off to include anything raised on that exact second newAlertFilter.StartEpochIsBefore = t.Item2.SecondsSinceTheEpoch(); return(newAlertFilter); }); await Task.WhenAll(alertFilterList.Select(async individualAlertFilter => { foreach (var alert in await GetRestAlertsWithoutV84BugAsync(individualAlertFilter).ConfigureAwait(false)) { allAlerts.Add(alert); } })).ConfigureAwait(false); alertFilter.StartEpochIsAfter = originalStartEpochIsAfter; alertFilter.StartEpochIsBefore = originalStartEpochIsBefore; return(allAlerts.DistinctBy(a => a.Id).Take(alertFilter.Take ?? int.MaxValue).ToList()); }
public async void GetAlerts_SdtsMatchRequest() { // Arrange var allFilter = new AlertFilter { SdtFilter = SdtFilter.All, StartEpochIsAfter = StartDateTimeSeconds, StartEpochIsBefore = EndDateTimeSeconds }; var sdtFilter = new AlertFilter { SdtFilter = SdtFilter.Sdt, StartEpochIsAfter = StartDateTimeSeconds, StartEpochIsBefore = EndDateTimeSeconds }; var nonSdtFilter = new AlertFilter { SdtFilter = SdtFilter.NonSdt, StartEpochIsAfter = StartDateTimeSeconds, StartEpochIsBefore = EndDateTimeSeconds }; // Act var allAlerts = await PortalClient.GetAlertsAsync(allFilter).ConfigureAwait(false); var sdtAlerts = await PortalClient.GetAlertsAsync(sdtFilter).ConfigureAwait(false); var nonSdtAlerts = await PortalClient.GetAlertsAsync(nonSdtFilter).ConfigureAwait(false); // Assert // Alert counts add up Assert.Equal(allAlerts.Count, sdtAlerts.Count + nonSdtAlerts.Count); // Alerts have the expected SDT status Assert.True(sdtAlerts.All(a => a.InScheduledDownTime)); Assert.True(nonSdtAlerts.All(a => !a.InScheduledDownTime)); }
public async void GetAlertsIncludeInactiveShouldWork() { // IncludeCleared set false should bring back only active alerts var alertFilterNotIncludingCleared = new AlertFilter { IncludeCleared = false, AckFilter = AckFilter.All, AlertRuleName = null, StartEpochIsBefore = DateTime.UtcNow.AddMinutes(-1).SecondsSinceTheEpoch(), SdtFilter = SdtFilter.All, StartEpochIsAfter = DateTime.UtcNow.AddDays(-7).SecondsSinceTheEpoch(), OrderByProperty = nameof(Alert.StartOnSeconds), OrderDirection = OrderDirection.Desc }; var alertsNotIncludingCleared = await PortalClient.GetAlertsAsync(alertFilterNotIncludingCleared).ConfigureAwait(false); Assert.True(alertsNotIncludingCleared.Count > 0); Assert.DoesNotContain(alertsNotIncludingCleared, a => !a.IsActive); Assert.Contains(alertsNotIncludingCleared, a => a.IsActive); // IncludeCleared set true should bring back active AND non-active alerts var alertFilterIncludingCleared = new AlertFilter { IncludeCleared = true, AckFilter = AckFilter.All, AlertRuleName = null, StartEpochIsBefore = DateTime.UtcNow.AddMinutes(-1).SecondsSinceTheEpoch(), SdtFilter = SdtFilter.All, StartEpochIsAfter = DateTime.UtcNow.AddDays(-7).SecondsSinceTheEpoch(), OrderByProperty = nameof(Alert.StartOnSeconds), OrderDirection = OrderDirection.Desc }; var alertsIncludngCleared = await PortalClient.GetAlertsAsync(alertFilterIncludingCleared).ConfigureAwait(false); Assert.True(alertsIncludngCleared.Count > 0); Assert.Contains(alertsIncludngCleared, a => !a.IsActive); Assert.Contains(alertsIncludngCleared, a => a.IsActive); }
private void InitializeApiObjects() { //New API needs to be instantiated here, in the same alphabetical order as above Acsrf = new Acsrf(this); AjaxSpider = new AjaxSpider(this); Alert = new Generated.Alert(this); AlertFilter = new AlertFilter(this); Ascan = new Ascan(this); Authentication = new Authentication(this); Authorization = new Authorization(this); AutoUpdate = new AutoUpdate(this); Brk = new Break(this); Context = new Context(this); Core = new Core(this); ForcedUser = new ForcedUser(this); HttpSessions = new HttpSessions(this); ImportLogFiles = new ImportLogFiles(this); ImportUrls = new ImportUrls(this); LocalProxies = new LocalProxies(this); OpenApi = new OpenApi(this); Parameters = new Params(this); Pnh = new Pnh(this); PScan = new PScan(this); Replacer = new Replacer(this); Reveal = new Reveal(this); RuleConfig = new RuleConfig(this); Script = new Script(this); Search = new Search(this); Selenium = new Selenium(this); SessionManagement = new SessionManagement(this); Soap = new Soap(this); Spider = new Spider(this); Stats = new Stats(this); Users = new Users(this); Websocket = new Websocket(this); }
private void InitializeApiObjects() { //New API needs to be instantiated here, in the same alphabetical order as above acsrf = new Acsrf(this); ajaxspider = new AjaxSpider(this); alert = new OWASPZAPDotNetAPI.Generated.Alert(this); alertFilter = new AlertFilter(this); ascan = new Ascan(this); authentication = new Authentication(this); authorization = new OWASPZAPDotNetAPI.Generated.Authorization(this); autoupdate = new Autoupdate(this); brk = new Break(this); context = new Context(this); core = new Core(this); forcedUser = new ForcedUser(this); httpSessions = new HttpSessions(this); importLogFiles = new ImportLogFiles(this); importurls = new Importurls(this); localProxies = new LocalProxies(this); openapi = new Openapi(this); parameters = new Params(this); pnh = new Pnh(this); pscan = new Pscan(this); replacer = new Replacer(this); reveal = new Reveal(this); ruleConfig = new RuleConfig(this); script = new Script(this); search = new Search(this); selenium = new Selenium(this); sessionManagement = new SessionManagement(this); soap = new Soap(this); spider = new Spider(this); stats = new Stats(this); users = new Users(this); websocket = new Websocket(this); }
internal async Task <List <Alert> > GetRestAlertsWithoutV84BugAsync(AlertFilter alertFilter, CancellationToken cancellationToken = default) { var correctedAlertFilter = alertFilter?.Clone() ?? new AlertFilter { StartEpochIsAfter = 0 }; // There is a bug in LogicMonitor (https://jira.logicmonitor.com/browse/DEVTS-4968) // whereby the MonitorObjectId does not work in a filter. If used, substitute the MonitorObjectName instead // If the MonitorObjectId is set, set the correctedAlertFilter.MonitorObjectId = null; var alertFilterMonitorObjectId = alertFilter?.MonitorObjectId; if (alertFilterMonitorObjectId.HasValue) { var alertTypesOrNull = alertFilter.GetAlertTypes(); var alertTypesAreOnlyWebsite = alertTypesOrNull?.All(alertType => alertType == AlertType.Website) ?? false; correctedAlertFilter.MonitorObjectName = alertTypesAreOnlyWebsite ? (await GetAsync <Website>(alertFilterMonitorObjectId.Value).ConfigureAwait(false)).Name : (await GetAsync <Device>(alertFilterMonitorObjectId.Value).ConfigureAwait(false)).DisplayName; } // If take is specified, do only that chunk. if (correctedAlertFilter.Skip == null) { correctedAlertFilter.Skip = 0; } int maxAlertCount; if (correctedAlertFilter.Take != null) { if (correctedAlertFilter.Take > AlertsMaxTake) { maxAlertCount = (int)correctedAlertFilter.Take; correctedAlertFilter.Take = AlertsMaxTake; } else { maxAlertCount = (int)correctedAlertFilter.Take; } } else { maxAlertCount = int.MaxValue; correctedAlertFilter.Take = AlertsMaxTake; } var allAlerts = new List <Alert>(); do { var page = await FilteredGetAsync("alert/alerts", correctedAlertFilter.GetFilter(), cancellationToken).ConfigureAwait(false); allAlerts.AddRange(page.Items.Where(a => !allAlerts.Select(aa => aa.Id).Contains(a.Id)).ToList()); // The page TotalCount is negative if there are more to come, but this is not particularly useful to us. // The only way to be sure (while bugs exist) is to keep fetching the next batch until no more results are returned. if (page.Items?.Count == 0) { break; } // Adjust the alertFilter if (correctedAlertFilter.SearchId == null && !string.IsNullOrWhiteSpace(page.SearchId)) { // We can re-use the searchId correctedAlertFilter.SearchId = page.SearchId; } correctedAlertFilter.Skip += AlertsMaxTake; correctedAlertFilter.Take = Math.Min(AlertsMaxTake, maxAlertCount - allAlerts.Count); }while (correctedAlertFilter.Take != 0); return(allAlerts); }
/// <summary> /// Performs execution of the command /// </summary> protected override void ProcessRecord() { try { AlertFilter filter = new AlertFilter(); if (ParameterPresent("CreatedAfter")) { filter.CreatedAfter = CreatedAfter; } if (ParameterPresent("CreatedBefore")) { filter.CreatedBefore = CreatedBefore; } if (ParameterPresent("ResourceId")) { filter.ResourceID = ResourceId; } if (ParameterPresent("ResourceType")) { filter.ResourceType = ResourceType; } if (ParameterPresent("Severity")) { filter.Severity = Severity; } if (ParameterPresent("Status")) { filter.Status = Status; } PageInput page = PageInput.First; AlertList list = Connection.GetOpenAlerts(page, filter); foreach (Alert alert in list.Items) { WriteObject(alert); } while (list.More) { // advance the page page.Page = page.Page + 1; list = Connection.GetOpenAlerts(page); foreach (Alert alert in list.Items) { WriteObject(alert); } } } catch (AggregateException exceptions) { foreach (Exception ex in exceptions.InnerExceptions) { ErrorRecord record = new ErrorRecord( ex, ex.GetType().ToString(), ErrorCategory.NotSpecified, null); WriteError(record); } } catch (Exception ex) { ErrorRecord record = new ErrorRecord( ex, ex.GetType().ToString(), ErrorCategory.NotSpecified, null); WriteError(record); } }