Skip to content

Commit 537de37

Browse files
SeaBloomsSeaBlooms
authored
Merge pull request #30 from JupiterOne/KNO-483
add alert rule methods
2 parents ad62b53 + 48b302f commit 537de37

2 files changed

Lines changed: 162 additions & 21 deletions

File tree

jupiterone/client.py

Lines changed: 90 additions & 17 deletions
Original file line numberDiff line numberDiff line change
@@ -37,8 +37,10 @@
3737
CREATE_SMARTCLASS_QUERY,
3838
EVALUATE_SMARTCLASS,
3939
GET_SMARTCLASS_DETAILS,
40+
J1QL_FROM_NATURAL_LANGUAGE,
4041
LIST_RULE_INSTANCES,
41-
J1QL_FROM_NATURAL_LANGUAGE
42+
CREATE_RULE_INSTANCE,
43+
DELETE_RULE_INSTANCE
4244
)
4345

4446

@@ -434,10 +436,7 @@ def delete_relationship(self, relationship_id: str = None):
434436
response = self._execute_query(DELETE_RELATIONSHIP, variables=variables)
435437
return response["data"]["deleteRelationship"]
436438

437-
def create_integration_instance(self,
438-
instance_name: str = None,
439-
instance_description: str = None,
440-
integration_definition_id: str = "8013680b-311a-4c2e-b53b-c8735fd97a5c"):
439+
def create_integration_instance(self, instance_name: str = None, instance_description: str = None, integration_definition_id: str = "8013680b-311a-4c2e-b53b-c8735fd97a5c"):
441440
"""Creates a new Custom Integration Instance.
442441
443442
args:
@@ -696,18 +695,6 @@ def get_smartclass_details(self, smartclass_id: str = None):
696695

697696
return response['data']['smartClass']
698697

699-
def list_configured_alert_rules(self):
700-
"""List defined Alert Rules configured in J1 account
701-
702-
"""
703-
variables = {
704-
"limit": 100
705-
}
706-
707-
response = self._execute_query(LIST_RULE_INSTANCES, variables=variables)
708-
709-
return response['data']['listRuleInstances']
710-
711698
def generate_j1ql(self, natural_language_prompt: str = None):
712699
"""Generate J1QL query syntax from natural language user input.
713700
@@ -723,3 +710,89 @@ def generate_j1ql(self, natural_language_prompt: str = None):
723710
response = self._execute_query(J1QL_FROM_NATURAL_LANGUAGE, variables=variables)
724711

725712
return response['data']['j1qlFromNaturalLanguage']
713+
714+
def list_alert_rules(self):
715+
"""List defined Alert Rules configured in J1 account
716+
717+
"""
718+
response = self._execute_query(LIST_RULE_INSTANCES)
719+
720+
return response['data']['listRuleInstances']
721+
722+
def create_alert_rule(self, name: str = None, description: str = None, tags: List[str] = None, polling_interval: str = None, severity: str = None, j1ql: str = None, action_configs: Dict = None):
723+
"""Create Alert Rule Configuration in J1 account
724+
725+
"""
726+
727+
variables = {
728+
"instance": {
729+
"name": name,
730+
"description": description,
731+
"notifyOnFailure": True,
732+
"triggerActionsOnNewEntitiesOnly": True,
733+
"ignorePreviousResults": False,
734+
"operations": [
735+
{
736+
"when": {
737+
"type": "FILTER",
738+
"condition": [
739+
"AND",
740+
[
741+
"queries.query0.total",
742+
">",
743+
0
744+
]
745+
]
746+
},
747+
"actions": [
748+
{
749+
"type": "SET_PROPERTY",
750+
"targetProperty": "alertLevel",
751+
"targetValue": severity
752+
},
753+
{
754+
"type": "CREATE_ALERT"
755+
}
756+
]
757+
}
758+
],
759+
"outputs": [
760+
"alertLevel"
761+
],
762+
"pollingInterval": polling_interval,
763+
"question": {
764+
"queries": [
765+
{
766+
"query": j1ql,
767+
"name": "query0",
768+
"version": "v1",
769+
"includeDeleted": False
770+
}
771+
]
772+
},
773+
"specVersion": 1,
774+
"tags": tags,
775+
"templates": {}
776+
}
777+
}
778+
779+
if action_configs:
780+
variables['instance']['operations'][0]['actions'].append(action_configs)
781+
782+
print(variables)
783+
784+
response = self._execute_query(CREATE_RULE_INSTANCE, variables=variables)
785+
786+
return response['data']['createInlineQuestionRuleInstance']
787+
788+
def delete_alert_rule(self, rule_id: str = None):
789+
"""Delete a single Alert Rule configured in J1 account
790+
791+
"""
792+
variables = {
793+
"id": rule_id
794+
}
795+
796+
response = self._execute_query(DELETE_RULE_INSTANCE, variables=variables)
797+
798+
return response['data']['deleteRuleInstance']

jupiterone/constants.py

Lines changed: 72 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -331,6 +331,14 @@
331331
}
332332
"""
333333

334+
J1QL_FROM_NATURAL_LANGUAGE = """
335+
query j1qlFromNaturalLanguage($input: J1qlFromNaturalLanguageInput!) {
336+
j1qlFromNaturalLanguage(input: $input) {
337+
j1ql
338+
}
339+
}
340+
"""
341+
334342
LIST_RULE_INSTANCES = """
335343
query listRuleInstances(
336344
$limit: Int,
@@ -399,10 +407,70 @@
399407
}
400408
"""
401409

402-
J1QL_FROM_NATURAL_LANGUAGE = """
403-
query j1qlFromNaturalLanguage($input: J1qlFromNaturalLanguageInput!) {
404-
j1qlFromNaturalLanguage(input: $input) {
405-
j1ql
410+
CREATE_RULE_INSTANCE = """
411+
mutation createInlineQuestionRuleInstance($instance: CreateInlineQuestionRuleInstanceInput!) {
412+
createInlineQuestionRuleInstance(instance: $instance) {
413+
...RuleInstanceFields
414+
__typename
415+
}
416+
}
417+
418+
fragment RuleInstanceFields on QuestionRuleInstance {
419+
id
420+
accountId
421+
name
422+
description
423+
version
424+
lastEvaluationStartOn
425+
lastEvaluationEndOn
426+
evaluationStep
427+
specVersion
428+
notifyOnFailure
429+
triggerActionsOnNewEntitiesOnly
430+
ignorePreviousResults
431+
pollingInterval
432+
templates
433+
outputs
434+
labels {
435+
labelName
436+
labelValue
437+
__typename
438+
}
439+
question {
440+
queries {
441+
query
442+
name
443+
includeDeleted
444+
__typename
406445
}
446+
__typename
447+
}
448+
questionId
449+
latest
450+
deleted
451+
type
452+
operations {
453+
when
454+
actions
455+
__typename
456+
}
457+
latestAlertId
458+
latestAlertIsActive
459+
state {
460+
actions
461+
__typename
462+
}
463+
tags
464+
remediationSteps
465+
__typename
466+
}
467+
"""
468+
469+
DELETE_RULE_INSTANCE = """
470+
mutation deleteRuleInstance($id: ID!) {
471+
deleteRuleInstance(id: $id) {
472+
id
473+
__typename
474+
}
407475
}
408476
"""

0 commit comments

Comments
 (0)