/
__init__.py
95 lines (76 loc) · 3.07 KB
/
__init__.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
# encoding: utf-8
#
# This Source Code Form is subject to the terms of the Mozilla Public
# License, v. 2.0. If a copy of the MPL was not distributed with this file,
# You can obtain one at http://mozilla.org/MPL/2.0/.
#
# Author: Kyle Lahnakoski (kyle@lahnakoski.com)
#
from __future__ import unicode_literals
from datetime import datetime
from dzAlerts.util.collections import OR
from dzAlerts.util.env.logs import Log
from dzAlerts.util.maths import Math
# ARE THESE SEVERITY OR CONFIDENCE NUMBERS SIGNIFICANTLY DIFFERENT TO WARRANT AN
# UPDATE?
from dzAlerts.util.queries import Q
from dzAlerts.util.sql.db import SQL
from dzAlerts.util.struct import nvl
SIGNIFICANT = 0.2
DEBUG_TOUCH_ALL_ALERTS = False
VERBOSE = True
NOW = datetime.utcnow()
def significant_difference(a, b):
try:
if a in (0.0, 1.0) or b in (0.0, 1.0):
return True
if a / b < (1 - SIGNIFICANT) or (1 + SIGNIFICANT) < a / b:
return True
b_diff = Math.bayesian_subtract(a, b)
if 0.3 < b_diff < 0.7:
return False
return True
except Exception, e:
Log.error("Problem", e)
def significant_score_difference(a, b):
return abs(a - b) > 0.5
def update_alert_status(settings, alerts_db, found_alerts, old_alerts):
verbose = nvl(settings.param.verbose, VERBOSE)
found_alerts = Q.unique_index(found_alerts, "tdad_id")
old_alerts = Q.unique_index(old_alerts, "tdad_id")
new_alerts = found_alerts - old_alerts
changed_alerts = found_alerts & old_alerts
obsolete_alerts = old_alerts - found_alerts
if verbose:
Log.note("Update Alerts: ({{num_new}} new, {{num_change}} changed, {{num_delete}} obsoleted)", {
"num_new": len(new_alerts),
"num_change": len(changed_alerts),
"num_delete": len(obsolete_alerts)
})
if new_alerts:
for a in new_alerts:
a.id = SQL("util.newid()")
a.last_updated = NOW
try:
alerts_db.insert_list("alerts", new_alerts)
except Exception, e:
Log.error("problem with insert", e)
# CURRENT ALERTS, UPDATE IF DIFFERENT
for new_alert in changed_alerts:
old_alert = old_alerts[new_alert]
if len(nvl(old_alert.solution, "").strip()) != 0:
continue # DO NOT TOUCH SOLVED ALERTS
if new_alert == None:
Log.error("Programmer error, changed_alerts must have {{key_value}}", {"key_value": old_alert.tdad.id})
if OR(
DEBUG_TOUCH_ALL_ALERTS,
old_alert.status == 'obsolete',
significant_difference(new_alert.severity, old_alert.severity),
significant_score_difference(new_alert.confidence, old_alert.confidence)
):
new_alert.last_updated = NOW
alerts_db.update("alerts", {"id": old_alert.id}, new_alert)
# OBSOLETE THE ALERTS THAT ARE NO LONGER VALID
for old_alert in Q.filter(obsolete_alerts, {"not": {"term": {"status": "obsolete"}}}):
alerts_db.update("alerts", {"id": old_alert.id}, {"status": "obsolete", "last_updated": NOW})
alerts_db.flush()