public EventModel(Core.MessageModel message) { this.Id = (message?.EventId).GetValueOrDefault(-1); this.ActionId = (message?.ActionId).GetValueOrDefault(Guid.Empty); this.Category = message?.Category ?? string.Empty; this.Action = message?.Action ?? string.Empty; this.Timestamp = message?.TimestampDateTime; }
public static MessageModel FromElasticMessage(Core.MessageModel elasticMessage, ValidatorResult result, ElasticConfigurationModel config) => new MessageModel() { ElasticMessage = elasticMessage, FoundInElastic = elasticMessage != null, Result = result, Event = new EventModel(elasticMessage), KibanaUrl = MessageModel.GetKibanaUrl(elasticMessage, config) };
public static string GetKibanaUrl(Core.MessageModel elasticMessage, ElasticConfigurationModel config) => elasticMessage != null ? $"{config.KibanaRoot}/app/kibana#/discover?_g=(time:(from:'{elasticMessage.TimestampDateTime.GetValueOrDefault(DateTime.MinValue).AddMinutes(-30):o}',to:now))&_a=(columns:!(_source),filters:!((query:(match:(actionId:(query:'{elasticMessage?.ActionId}',type:phrase))))))" : string.Empty;