-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathalerts.go
106 lines (85 loc) · 2.83 KB
/
alerts.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
package alphasoc
import (
"context"
"encoding/json"
"fmt"
"net/http"
"github.com/alphasoc/alphasoc-go/models"
)
// Alerts allows for fetching alerts generated by network telemetry submitted to
// the AlphaSOC Analytics Engine (via API or other sources). Each alert includes
// the original (although normalized) event along with the associated threats
// and context.
//
// In every response there is a Follow bookmark attached, which
// should be passed to consecutive requests as a parameter, so only new alerts
// are being returned. Once the last page is returned More property in the
// response is set to false.
func (c *Client) Alerts(ctx context.Context, follow string) (*models.Alerts, error) {
req, err := c.prepareRequest(ctx, "GET", alertsEndpoint, nil)
if err != nil {
return nil, err
}
if follow != "" {
query := req.URL.Query()
query.Add("follow", follow)
req.URL.RawQuery = query.Encode()
}
resp, err := c.client.Do(req)
if err != nil {
return nil, err
}
defer resp.Body.Close()
decoder := json.NewDecoder(resp.Body)
switch resp.StatusCode {
case http.StatusOK:
alerts := &models.Alerts{}
err := decoder.Decode(alerts)
if err != nil {
return nil, APIError{fmt.Sprintf("parsing alerts: %v", err), resp.StatusCode}
}
return alerts, nil
case http.StatusBadRequest:
errMsg := &models.ErrorMessage{}
err := decoder.Decode(errMsg)
if err != nil {
return nil, APIError{fmt.Sprintf("status bad request, json decode error %v", err), resp.StatusCode}
}
if errMsg.Message == nil {
return nil, APIError{"status bad request", resp.StatusCode}
}
return nil, APIError{*errMsg.Message, resp.StatusCode}
case http.StatusUnauthorized:
errMsg := &models.ErrorMessage{}
err := decoder.Decode(errMsg)
if err != nil {
return nil, APIError{fmt.Sprintf("status unauthorized, json decode error %v", err), resp.StatusCode}
}
if errMsg.Message == nil {
return nil, APIError{"status unauthorized", resp.StatusCode}
}
return nil, APIError{*errMsg.Message, resp.StatusCode}
case http.StatusForbidden:
errMsg := &models.ErrorMessage{}
err := decoder.Decode(errMsg)
if err != nil {
return nil, APIError{fmt.Sprintf("status forbidden, json decode error %v", err), resp.StatusCode}
}
if errMsg.Message == nil {
return nil, APIError{"status forbidden", resp.StatusCode}
}
return nil, APIError{*errMsg.Message, resp.StatusCode}
case http.StatusTooManyRequests:
errMsg := &models.ErrorMessage{}
err := decoder.Decode(errMsg)
if err != nil {
return nil, APIError{fmt.Sprintf("status too many requests, json decode error %v", err), resp.StatusCode}
}
if errMsg.Message == nil {
return nil, APIError{"status too many requests", resp.StatusCode}
}
return nil, APIError{*errMsg.Message, resp.StatusCode}
default:
return nil, APIError{"unexpected response", resp.StatusCode}
}
}