exclude as well the alerts with no decisions that were from list or community blocklist pull
This commit is contained in:
parent
ac01faf483
commit
9c7da86dd3
|
@ -17,6 +17,7 @@ import (
|
||||||
|
|
||||||
"github.com/crowdsecurity/go-cs-lib/slicetools"
|
"github.com/crowdsecurity/go-cs-lib/slicetools"
|
||||||
|
|
||||||
|
"github.com/crowdsecurity/crowdsec/pkg/apiserver"
|
||||||
"github.com/crowdsecurity/crowdsec/pkg/database/ent"
|
"github.com/crowdsecurity/crowdsec/pkg/database/ent"
|
||||||
"github.com/crowdsecurity/crowdsec/pkg/database/ent/alert"
|
"github.com/crowdsecurity/crowdsec/pkg/database/ent/alert"
|
||||||
"github.com/crowdsecurity/crowdsec/pkg/database/ent/decision"
|
"github.com/crowdsecurity/crowdsec/pkg/database/ent/decision"
|
||||||
|
@ -859,9 +860,22 @@ func AlertPredicatesFromFilter(filter map[string][]string) ([]predicate.Alert, e
|
||||||
predicates = append(predicates, alert.HasDecisionsWith(decision.OriginEQ(value[0])))
|
predicates = append(predicates, alert.HasDecisionsWith(decision.OriginEQ(value[0])))
|
||||||
case "include_capi": //allows to exclude one or more specific origins
|
case "include_capi": //allows to exclude one or more specific origins
|
||||||
if value[0] == "false" {
|
if value[0] == "false" {
|
||||||
predicates = append(predicates, alert.Not(alert.HasDecisionsWith(decision.OriginEQ(types.CAPIOrigin))))
|
predicates = append(predicates, alert.Or(
|
||||||
predicates = append(predicates, alert.Not(alert.HasDecisionsWith(decision.OriginEQ(types.ListOrigin))))
|
//do not show alerts with active decisions having origin CAPI or lists
|
||||||
|
alert.And(
|
||||||
|
alert.Not(alert.HasDecisionsWith(decision.OriginEQ(types.CAPIOrigin))),
|
||||||
|
alert.Not(alert.HasDecisionsWith(decision.OriginEQ(types.ListOrigin))),
|
||||||
|
),
|
||||||
|
alert.And(
|
||||||
|
//do not show neither alerts with no decisions if the Source Scope is lists: or CAPI
|
||||||
|
alert.Not(alert.HasDecisions()),
|
||||||
|
alert.Or(
|
||||||
|
alert.SourceScopeHasPrefix(types.ListOrigin+":"),
|
||||||
|
alert.SourceScopeEQ(apiserver.SCOPE_CAPI_ALIAS_ALIAS),
|
||||||
|
),
|
||||||
|
),
|
||||||
|
),
|
||||||
|
)
|
||||||
} else if value[0] != "true" {
|
} else if value[0] != "true" {
|
||||||
log.Errorf("Invalid bool '%s' for include_capi", value[0])
|
log.Errorf("Invalid bool '%s' for include_capi", value[0])
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue