Permalink
Browse files

Update docs & deprecate per-alert renderers

  • Loading branch information...
kiwiz committed Jun 15, 2017
1 parent ca13d80 commit 7fcf1a8a4e83e438b853c1ad8ada756271021b94
Showing with 31 additions and 13 deletions.
  1. +1 −1 db.sql
  2. +1 −1 db_mysql.sql
  3. +23 −0 docs/Development/NewEnricherRendererType.md
  4. +0 −10 docs/Filters.md
  5. +6 −1 docs/Renderers.md
View
2 db.sql
@@ -86,7 +86,7 @@ CREATE TABLE `alerts` (
`alert_date` UNSIGNED INTEGER NOT NULL,
`content` TEXT NOT NULL,
`content_hash` VARCHAR(64) NOT NULL,
`renderer_data` TEXT NOT NULL,
`renderer_data` TEXT NOT NULL, /* unused */
`assignee_type` INTEGER NOT NULL,
`assignee` INTEGER NOT NULL,
`search_id` INTEGER NOT NULL,
View
@@ -38,7 +38,7 @@ CREATE TABLE `alerts` (
`create_date` bigint(20) unsigned NOT NULL,
`update_date` bigint(20) unsigned NOT NULL,
`site_id` bigint(20) unsigned NOT NULL,
`renderer_data` longtext COLLATE utf8mb4_unicode_ci NOT NULL,
`renderer_data` longtext COLLATE utf8mb4_unicode_ci NOT NULL, /* unused */
`resolution` tinyint(1) NOT NULL,
PRIMARY KEY (`alert_id`),
KEY `alert_date_idx` (`alert_date`),
@@ -19,6 +19,10 @@ class MyIP_Enricher extends Enricher {
public static function process($data) {
// TODO
}
public static function processHTML($data) {
// TODO
}
}
```
@@ -40,6 +44,25 @@ The `process` method takes some input data (the contents of an Alert field) and
```
Implementing `processHTML`
------------------------
The `processHTML` method takes the same input as `process`, but outputs HTML. Here, we can just call `process` and render a table with the content.
```
public static function process($data) {
$resp = self::process($data);
$ret = [];
$ret[] = '<table><tbody>';
foreach($data as $k=>$v) {
$ret[] = '<tr><th>' . Util::escape($k) . '</th><td>' . Util::escape($v) . '</tr>';
}
$ret[] = '</tbody></table>';
return implode('', $ret);
}
```
Update the list of Enricher types
-------------------------------
View
@@ -79,16 +79,6 @@ Executes a script on Alerts. Scripts are executables which accept a JSON blob fr
- Script: The name of the script to execute.
### Enricher ###
Executes an Enricher on a field and replaces the contents of the field with the output.
#### Parameters ####
- Key: The key to execute an Enricher on.
- Enricher: The name of the Enricher to execute.
### Expression ###
Whitelist/Blacklist Alerts based on whether they match a given [SEL](https://symfony.com/doc/current/components/expression_language/syntax.html) expression. The contents of the Alert are available via the `content` variable when writing expressions.
View
@@ -11,7 +11,7 @@ To configure Renderers, you first need to be viewing an Alert. Find the field th
![Renderer config](/docs/imgs/renderer_config.png?raw=true)
You can save this configuration by clicking on the dropdown next to 'Add Note' and selecting from the list. Most of the time, you'll want to click 'Save Search Renderers', which will apply this configuration to all Alerts generated by the Search. In contrast, 'Save Alert Renderers' will only apply this configuration to the current Alert.
You can save this configuration by clicking on the dropdown next to 'Add Note' and selecting from the list. Click 'Save Renderers', which will apply this configuration to all Alerts generated by the Search.
![Renderer config save](/docs/imgs/renderer_save.png?raw=true)
@@ -38,3 +38,8 @@ Display vendor information on a MAC address.
![Link renderer](/docs/imgs/renderer_link.png?raw=true)
Turn all URLs into clickable links.
### Stacktrace ###
Render pre-formatted content (like stack traces)

0 comments on commit 7fcf1a8

Please sign in to comment.