diff --git a/CHANGELOG.md b/CHANGELOG.md index 8200885b..62b50a5d 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -9,6 +9,7 @@ ## Other changes - [Indexer] Fixed fields types error on instance indexer_alert_config in schema.yml - [#1499](https://github.com/jertel/elastalert2/pull/1499) - @olehpalanskyi +- [IRIS] Changed alert_source field from static 'ElastAlert2' value to field iris_alert_source value with default of 'ElastAlert2' - @bvirgilioamnh # 2.19.0 diff --git a/docs/source/alerts.rst b/docs/source/alerts.rst index 4bac3aaf..77779172 100644 --- a/docs/source/alerts.rst +++ b/docs/source/alerts.rst @@ -1201,6 +1201,8 @@ Optional: ``iris_alert_note``: Note for the alert. +``iris_alert_source``: Source of the alert. Default value is ``ElastAlert2``. + ``iris_alert_tags``: List of tags. ``iris_alert_status_id``: The alert status of the alert, default value is ``2``. This parameter requires an integer input. diff --git a/elastalert/alerters/iris.py b/elastalert/alerters/iris.py index 5dee7b83..57e7a88d 100644 --- a/elastalert/alerters/iris.py +++ b/elastalert/alerters/iris.py @@ -27,6 +27,7 @@ def __init__(self, rule): 'Authorization': f'Bearer {self.rule.get("iris_api_token")}' } self.alert_note = self.rule.get('iris_alert_note', None) + self.alert_source = self.rule.get('iris_alert_source', 'ElastAlert2') self.alert_tags = self.rule.get('iris_alert_tags', None) self.alert_status_id = self.rule.get('iris_alert_status_id', 2) self.alert_source_link = self.rule.get('iris_alert_source_link', None) @@ -78,7 +79,7 @@ def make_alert(self, matches): alert_data = { "alert_title": self.rule.get('name'), "alert_description": self.description, - "alert_source": "ElastAlert2", + "alert_source": self.alert_source, "alert_severity_id": self.alert_severity_id, "alert_status_id": self.alert_status_id, "alert_source_event_time": event_timestamp, diff --git a/elastalert/schema.yaml b/elastalert/schema.yaml index aee33262..59d83297 100644 --- a/elastalert/schema.yaml +++ b/elastalert/schema.yaml @@ -597,6 +597,7 @@ properties: iris_alert_note: {type: string} iris_alert_tags: {type: string} iris_alert_status_id: {type: integer, enum: [1, 2, 3, 4, 5, 6, 7]} + iris_alert_source: {type: string} iris_alert_source_link: {type: string} iris_alert_severity_id: {type: integer, enum: [1, 2, 3, 4, 5, 6]} iris_iocs: *arrayOfIrisIocFields diff --git a/tests/alerters/iris_test.py b/tests/alerters/iris_test.py index 3b4a97e6..12f15100 100644 --- a/tests/alerters/iris_test.py +++ b/tests/alerters/iris_test.py @@ -155,6 +155,7 @@ def test_iris_make_alert_maximal(caplog): 'iris_alert_tags': 'test, alert', 'iris_overwrite_timestamp': True, 'iris_alert_source_link': 'https://example.com', + 'iris_alert_source': "TestSource", 'iris_iocs': [ { 'ioc_description': 'source address', @@ -187,7 +188,7 @@ def test_iris_make_alert_maximal(caplog): expected_data = { "alert_title": 'Test Maximal Alert Body', "alert_description": 'test description in alert', - "alert_source": "ElastAlert2", + "alert_source": "TestSource", "alert_severity_id": 1, "alert_status_id": 2, "alert_source_event_time": '2023-10-21 20:00:00.000', @@ -235,6 +236,7 @@ def test_iris_make_alert_maximal_with_nested_json(caplog): 'iris_alert_tags': 'test, alert', 'iris_overwrite_timestamp': True, 'iris_alert_source_link': 'https://example.com', + 'iris_alert_source': "TestSource", 'iris_iocs': [ { 'ioc_description': 'source address', @@ -267,7 +269,7 @@ def test_iris_make_alert_maximal_with_nested_json(caplog): expected_data = { "alert_title": 'Test Maximal Alert Body', "alert_description": 'test description in alert', - "alert_source": "ElastAlert2", + "alert_source": "TestSource", "alert_severity_id": 1, "alert_status_id": 2, "alert_source_event_time": '2023-10-21 20:00:00.000',