Store alert remediations status in DB (#3115)

crowdsecurity · Jul 16, 2024 · c4bfdf1 · c4bfdf1
1 parent 84c214a
commit c4bfdf1
Show file tree

Hide file tree

Showing 12 changed files with 155 additions and 9 deletions.
diff --git a/cmd/crowdsec-cli/alerts.go b/cmd/crowdsec-cli/alerts.go
@@ -120,6 +120,7 @@ func (cli *cliAlerts) displayOneAlert(alert *models.Alert, withDetail bool) erro
  - Date         : {{.CreatedAt}}
  - Machine      : {{.MachineID}}
  - Simulation   : {{.Simulated}}
+ - Remediation  : {{.Remediation}}
  - Reason       : {{.Scenario}}
  - Events Count : {{.EventsCount}}
  - Scope:Value  : {{.Source.Scope}}{{if .Source.Value}}:{{.Source.Value}}{{end}}

diff --git a/cmd/crowdsec-cli/decisions.go b/cmd/crowdsec-cli/decisions.go
@@ -374,9 +374,10 @@ func (cli *cliDecisions) add(addIP, addRange, addDuration, addValue, addScope, a
 			Scope:    &addScope,
 			Value:    &addValue,
 		},
-		StartAt:   &startAt,
-		StopAt:    &stopAt,
-		CreatedAt: createdAt,
+		StartAt:     &startAt,
+		StopAt:      &stopAt,
+		CreatedAt:   createdAt,
+		Remediation: true,
 	}
 	alerts = append(alerts, &alert)
 

diff --git a/pkg/apiserver/controllers/v1/alerts.go b/pkg/apiserver/controllers/v1/alerts.go
@@ -43,6 +43,7 @@ func FormatOneAlert(alert *ent.Alert) *models.Alert {
 		Capacity:        &alert.Capacity,
 		Leakspeed:       &alert.LeakSpeed,
 		Simulated:       &alert.Simulated,
+		Remediation:     alert.Remediation,
 		UUID:            alert.UUID,
 		Source: &models.Source{
 			Scope:     &alert.SourceScope,

diff --git a/pkg/database/alerts.go b/pkg/database/alerts.go
@@ -241,7 +241,8 @@ func (c *Client) UpdateCommunityBlocklist(alertItem *models.Alert) (int, int, in
 		SetLeakSpeed(*alertItem.Leakspeed).
 		SetSimulated(*alertItem.Simulated).
 		SetScenarioVersion(*alertItem.ScenarioVersion).
-		SetScenarioHash(*alertItem.ScenarioHash)
+		SetScenarioHash(*alertItem.ScenarioHash).
+		SetRemediation(true) // it's from CAPI, we always have decisions
 
 	alertRef, err := alertB.Save(c.CTX)
 	if err != nil {
@@ -554,7 +555,6 @@ func (c *Client) createAlertChunk(machineID string, owner *ent.Machine, alerts [
 
 				if len(metaItem.Value) > 4095 {
 					c.Log.Warningf("truncated meta %s : value too long", metaItem.Key)
-
 					value = value[:4095]
 				}
 
@@ -618,6 +618,7 @@ func (c *Client) createAlertChunk(machineID string, owner *ent.Machine, alerts [
 			SetSimulated(*alertItem.Simulated).
 			SetScenarioVersion(*alertItem.ScenarioVersion).
 			SetScenarioHash(*alertItem.ScenarioHash).
+			SetRemediation(alertItem.Remediation).
 			SetUUID(alertItem.UUID).
 			AddEvents(events...).
 			AddMetas(metas...)
@@ -677,7 +678,6 @@ func (c *Client) createAlertChunk(machineID string, owner *ent.Machine, alerts [
 			}
 		}
 	}
-
 	return ret, nil
 }
 

diff --git a/pkg/database/ent/alert.go b/pkg/database/ent/alert.go
diff --git a/pkg/database/ent/alert/alert.go b/pkg/database/ent/alert/alert.go
diff --git a/pkg/database/ent/alert/where.go b/pkg/database/ent/alert/where.go
diff --git a/pkg/database/ent/alert_create.go b/pkg/database/ent/alert_create.go
diff --git a/pkg/database/ent/alert_update.go b/pkg/database/ent/alert_update.go
diff --git a/pkg/database/ent/migrate/schema.go b/pkg/database/ent/migrate/schema.go
diff --git a/pkg/database/ent/mutation.go b/pkg/database/ent/mutation.go
diff --git a/pkg/database/ent/schema/alert.go b/pkg/database/ent/schema/alert.go
@@ -52,6 +52,7 @@ func (Alert) Fields() []ent.Field {
 		field.String("scenarioHash").Optional().Immutable(),
 		field.Bool("simulated").Default(false).Immutable(),
 		field.String("uuid").Optional().Immutable(), // this uuid is mostly here to ensure that CAPI/PAPI has a unique id for each alert
+		field.Bool("remediation").Optional().Immutable(),
 	}
 }