alert

package
v0.6.2 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Nov 16, 2025 License: Apache-2.0 Imports: 20 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	DefaultAlertTitle       = "(no title)"
	DefaultAlertDescription = "(no description)"
)

Variables

This section is empty.

Functions

func ClusterAlerts 

func ClusterAlerts(ctx context.Context, alerts []*Alert, similarityThreshold float64, topN int) [][]*Alert

func CosineSimilarity 

func CosineSimilarity(a, b []float32) float64

Types

type Alert 

type Alert struct {
	ID       types.AlertID     `json:"id"`
	TicketID types.TicketID    `json:"ticket_id"`
	Schema   types.AlertSchema `json:"schema"`
	Data     any               `json:"data"`

	Metadata

	CreatedAt      time.Time          `json:"created_at"`
	SlackThread    *slack.Thread      `json:"slack_thread"`
	SlackMessageID string             `json:"slack_message_id"`
	Embedding      firestore.Vector32 `json:"-"`
	TagIDs         map[string]bool    `json:"tag_ids"`
}

Alert represents an event of a potential security incident. This model is designed to be immutable. An Alert can be linked to at most one ticket.

func New 

func New(ctx context.Context, schema types.AlertSchema, data any, metadata Metadata) Alert

func (*Alert) CosineSimilarity 

func (x *Alert) CosineSimilarity(other []float32) float64

func (*Alert) FillMetadata 

func (x *Alert) FillMetadata(ctx context.Context, llmClient gollem.LLMClient) error

func (*Alert) GetTagNames added in v0.2.0 

func (a *Alert) GetTagNames(ctx context.Context, tagGetter func(context.Context, []string) ([]*tag.Tag, error)) ([]string, error)

GetTagNames returns tag names for external API compatibility

func (*Alert) HasSlackThread added in v0.1.0 

func (a *Alert) HasSlackThread() bool

HasSlackThread returns true if the alert has a valid Slack thread

type AlertListRepository 

type AlertListRepository interface {
	BatchGetAlerts(ctx context.Context, alertIDs []types.AlertID) (Alerts, error)
}

type Alerts 

type Alerts []*Alert

func (Alerts) MaxSimilarity 

func (x Alerts) MaxSimilarity() float64

type Attribute 

type Attribute struct {
	Key   string `json:"key"`
	Value string `json:"value"`
	Link  string `json:"link"`
	Auto  bool   `json:"auto"`
}

func (*Attribute) UnmarshalJSON added in v0.5.0 

func (a *Attribute) UnmarshalJSON(data []byte) error

UnmarshalJSON implements custom unmarshaling to handle both string and numeric values

type Finding 

type Finding struct {
	Severity       types.AlertSeverity `json:"severity"`
	Summary        string              `json:"summary"`
	Reason         string              `json:"reason"`
	Recommendation string              `json:"recommendation"`
}

Finding is the conclusion of the alert. This is set by the AI.

func (*Finding) Validate 

func (x *Finding) Validate() error

type GenAIConfig added in v0.4.0 

type GenAIConfig struct {
	Prompt string                   `json:"prompt"` // Prompt template file name
	Format types.GenAIContentFormat `json:"format"` // Response format: "text" | "json" (default: "text")
}

GenAIConfig configures LLM processing for alerts

type GenAIResponse added in v0.4.0 

type GenAIResponse struct {
	Data   any                      `json:"data"`   // Raw response data
	Format types.GenAIContentFormat `json:"format"` // Response format for formatting
}

GenAIResponse represents the LLM response for display purposes

type List 

type List struct {
	ID             types.AlertListID `json:"id"`
	AlertIDs       []types.AlertID   `json:"alert_ids"`
	SlackThread    *slack.Thread     `json:"slack_thread"`
	SlackMessageID string            `json:"slack_message_id"`
	Status         ListStatus        `json:"status"`
	CreatedAt      time.Time         `json:"created_at"`
	CreatedBy      *slack.User       `json:"created_by"`

	Metadata
	Embedding firestore.Vector32 `json:"-"`
	// contains filtered or unexported fields
}

func NewList 

func NewList(ctx context.Context, thread slack.Thread, createdBy *slack.User, alerts Alerts) *List

func (*List) Alerts 

func (x *List) Alerts() (Alerts, error)

func (*List) FillMetadata 

func (x *List) FillMetadata(ctx context.Context, llmClient gollem.LLMClient) error

func (*List) GetAlerts 

func (x *List) GetAlerts(ctx context.Context, repo AlertListRepository) (Alerts, error)

type ListStatus 

type ListStatus string
const (
	ListStatusUnbound ListStatus = "unbound"
	ListStatusBound   ListStatus = "bound"
)

func (ListStatus) DisplayName 

func (s ListStatus) DisplayName() string

func (ListStatus) Icon 

func (s ListStatus) Icon() string

func (ListStatus) String 

func (s ListStatus) String() string

type Metadata 

type Metadata struct {
	Title             string       `json:"title"`
	Description       string       `json:"description"`
	Attributes        []Attribute  `json:"attributes"`
	TitleSource       types.Source `json:"title_source"`
	DescriptionSource types.Source `json:"description_source"`
	// Tags field is used temporarily during policy processing to pass tag names
	// These are converted to TagIDs and not persisted in this field
	Tags []string `json:"tags,omitempty"`
	// Channel field specifies target Slack channel for alert notification
	// Set by action policy evaluation
	Channel string `json:"channel,omitempty"`
}

type QueryOutput 

type QueryOutput struct {
	Alert []Metadata `json:"alert"`
}

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.