alert

package

v0.2.0 Latest Latest Go to latest Published: Aug 7, 2025 License: Apache-2.0 Imports: 18 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/secmon-lab/warren

Links

Open Source Insights

Documentation ¶

Index ¶

Constants
func ClusterAlerts(ctx context.Context, alerts []*Alert, similarityThreshold float64, topN int) [][]*Alert
func CosineSimilarity(a, b []float32) float64
type Alert
- func New(ctx context.Context, schema types.AlertSchema, data any, metadata Metadata) Alert
type AlertListRepository
type Alerts
- func (x Alerts) MaxSimilarity() float64
type Attribute
type Finding
- func (x *Finding) Validate() error
type List
- func NewList(ctx context.Context, thread slack.Thread, createdBy *slack.User, alerts Alerts) *List
type ListStatus
type Metadata
type QueryOutput

Constants ¶

View Source

const (
	DefaultAlertTitle       = "(no title)"
	DefaultAlertDescription = "(no description)"
)

Variables ¶

This section is empty.

Functions ¶

func ClusterAlerts ¶

func ClusterAlerts(ctx context.Context, alerts []*Alert, similarityThreshold float64, topN int) [][]*Alert

func CosineSimilarity ¶

func CosineSimilarity(a, b []float32) float64

Types ¶

type Alert ¶

type Alert struct {
	ID       types.AlertID     `json:"id"`
	TicketID types.TicketID    `json:"ticket_id"`
	Schema   types.AlertSchema `json:"schema"`
	Data     any               `json:"data"`

	Metadata

	CreatedAt   time.Time          `json:"created_at"`
	SlackThread *slack.Thread      `json:"slack_thread"`
	Embedding   firestore.Vector32 `json:"-"`
	TagIDs      map[string]bool    `json:"tag_ids"`
}

Alert represents an event of a potential security incident. This model is designed to be immutable. An Alert can be linked to at most one ticket.

func New ¶

func New(ctx context.Context, schema types.AlertSchema, data any, metadata Metadata) Alert

func (*Alert) CosineSimilarity ¶

func (x *Alert) CosineSimilarity(other []float32) float64

func (*Alert) FillMetadata ¶

func (x *Alert) FillMetadata(ctx context.Context, llmClient gollem.LLMClient) error

func (*Alert) GetTagNames ¶ added in v0.2.0

func (a *Alert) GetTagNames(ctx context.Context, tagGetter func(context.Context, []string) ([]*tag.Tag, error)) ([]string, error)

GetTagNames returns tag names for external API compatibility

func (*Alert) HasSlackThread ¶ added in v0.1.0

func (a *Alert) HasSlackThread() bool

HasSlackThread returns true if the alert has a valid Slack thread

type AlertListRepository ¶

type AlertListRepository interface {
	BatchGetAlerts(ctx context.Context, alertIDs []types.AlertID) (Alerts, error)
}

type Alerts ¶

type Alerts []*Alert

func (Alerts) MaxSimilarity ¶

func (x Alerts) MaxSimilarity() float64

type Attribute ¶

type Attribute struct {
	Key   string `json:"key"`
	Value string `json:"value"`
	Link  string `json:"link"`
	Auto  bool   `json:"auto"`
}

type Finding ¶

type Finding struct {
	Severity       types.AlertSeverity `json:"severity"`
	Summary        string              `json:"summary"`
	Reason         string              `json:"reason"`
	Recommendation string              `json:"recommendation"`
}

Finding is the conclusion of the alert. This is set by the AI.

func (*Finding) Validate ¶

func (x *Finding) Validate() error

type List ¶

type List struct {
	ID             types.AlertListID `json:"id"`
	AlertIDs       []types.AlertID   `json:"alert_ids"`
	SlackThread    *slack.Thread     `json:"slack_thread"`
	SlackMessageID string            `json:"slack_message_id"`
	Status         ListStatus        `json:"status"`
	CreatedAt      time.Time         `json:"created_at"`
	CreatedBy      *slack.User       `json:"created_by"`

	Metadata
	Embedding firestore.Vector32 `json:"-"`
	// contains filtered or unexported fields
}

func NewList ¶

func NewList(ctx context.Context, thread slack.Thread, createdBy *slack.User, alerts Alerts) *List

func (*List) Alerts ¶

func (x *List) Alerts() (Alerts, error)

func (*List) FillMetadata ¶

func (x *List) FillMetadata(ctx context.Context, llmClient gollem.LLMClient) error

func (*List) GetAlerts ¶

func (x *List) GetAlerts(ctx context.Context, repo AlertListRepository) (Alerts, error)

type ListStatus ¶

type ListStatus string

const (
	ListStatusUnbound ListStatus = "unbound"
	ListStatusBound   ListStatus = "bound"
)

func (ListStatus) DisplayName ¶

func (s ListStatus) DisplayName() string

func (ListStatus) Icon ¶

func (s ListStatus) Icon() string

func (ListStatus) String ¶

func (s ListStatus) String() string

type Metadata ¶

type Metadata struct {
	Title             string       `json:"title"`
	Description       string       `json:"description"`
	Attributes        []Attribute  `json:"attributes"`
	TitleSource       types.Source `json:"title_source"`
	DescriptionSource types.Source `json:"description_source"`
	// Tags field is used temporarily during policy processing to pass tag names
	// These are converted to TagIDs and not persisted in this field
	Tags []string `json:"tags,omitempty"`
}

type QueryOutput ¶

type QueryOutput struct {
	Alert []Metadata `json:"alert"`
}

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL