public EventModel(Core.MessageModel message)
{
this.Id = (message?.EventId).GetValueOrDefault(-1);
this.ActionId = (message?.ActionId).GetValueOrDefault(Guid.Empty);
this.Category = message?.Category ?? string.Empty;
this.Action = message?.Action ?? string.Empty;
this.Timestamp = message?.TimestampDateTime;
}
public static MessageModel FromElasticMessage(Core.MessageModel elasticMessage, ValidatorResult result, ElasticConfigurationModel config) => new MessageModel()
{
ElasticMessage = elasticMessage,
FoundInElastic = elasticMessage != null,
Result = result,
Event = new EventModel(elasticMessage),
KibanaUrl = MessageModel.GetKibanaUrl(elasticMessage, config)
};
public static string GetKibanaUrl(Core.MessageModel elasticMessage, ElasticConfigurationModel config) =>
elasticMessage != null
? $"{config.KibanaRoot}/app/kibana#/discover?_g=(time:(from:'{elasticMessage.TimestampDateTime.GetValueOrDefault(DateTime.MinValue).AddMinutes(-30):o}',to:now))&_a=(columns:!(_source),filters:!((query:(match:(actionId:(query:'{elasticMessage?.ActionId}',type:phrase))))))"
: string.Empty;
