Merge pull request #1531 from bvirgilioamnh/iris-alert-source

Converting IRIS Alert Source from Hardcoded to Dynamic Alert Field Variable

CHANGELOG.md

@@ -9,6 +9,7 @@
 
 ## Other changes
 - [Indexer] Fixed fields types error on instance indexer_alert_config in schema.yml - [#1499](https://github.com/jertel/elastalert2/pull/1499) - @olehpalanskyi
+- [IRIS] Changed alert_source field from static 'ElastAlert2' value to field iris_alert_source value with default of 'ElastAlert2' - @bvirgilioamnh
 
 # 2.19.0
 

docs/source/alerts.rst

@@ -1201,6 +1201,8 @@ Optional:
 
 ``iris_alert_note``: Note for the alert.
 
+``iris_alert_source``: Source of the alert. Default value is ``ElastAlert2``.
+
 ``iris_alert_tags``: List of tags.
 
 ``iris_alert_status_id``: The alert status of the alert, default value is ``2``. This parameter requires an integer input.

elastalert/alerters/iris.py

@@ -27,6 +27,7 @@ def __init__(self, rule):
             'Authorization': f'Bearer {self.rule.get("iris_api_token")}'
         }
         self.alert_note = self.rule.get('iris_alert_note', None)
+        self.alert_source = self.rule.get('iris_alert_source', 'ElastAlert2')
         self.alert_tags = self.rule.get('iris_alert_tags', None)
         self.alert_status_id = self.rule.get('iris_alert_status_id', 2)
         self.alert_source_link = self.rule.get('iris_alert_source_link', None)
@@ -78,7 +79,7 @@ def make_alert(self, matches):
         alert_data = {
             "alert_title": self.rule.get('name'),
             "alert_description": self.description,
-            "alert_source": "ElastAlert2",
+            "alert_source": self.alert_source,
             "alert_severity_id": self.alert_severity_id,
             "alert_status_id": self.alert_status_id,
             "alert_source_event_time": event_timestamp,

elastalert/schema.yaml

@@ -597,6 +597,7 @@ properties:
   iris_alert_note: {type: string}
   iris_alert_tags: {type: string}
   iris_alert_status_id: {type: integer, enum: [1, 2, 3, 4, 5, 6, 7]}
+  iris_alert_source: {type: string}
   iris_alert_source_link: {type: string}
   iris_alert_severity_id: {type: integer, enum: [1, 2, 3, 4, 5, 6]}
   iris_iocs: *arrayOfIrisIocFields

tests/alerters/iris_test.py

@@ -155,6 +155,7 @@ def test_iris_make_alert_maximal(caplog):
         'iris_alert_tags': 'test, alert',
         'iris_overwrite_timestamp': True,
         'iris_alert_source_link': 'https://example.com',
+        'iris_alert_source': "TestSource",
         'iris_iocs': [
             {
                 'ioc_description': 'source address',
@@ -187,7 +188,7 @@ def test_iris_make_alert_maximal(caplog):
     expected_data = {
         "alert_title": 'Test Maximal Alert Body',
         "alert_description": 'test description in alert',
-        "alert_source": "ElastAlert2",
+        "alert_source": "TestSource",
         "alert_severity_id": 1,
         "alert_status_id": 2,
         "alert_source_event_time": '2023-10-21 20:00:00.000',
@@ -235,6 +236,7 @@ def test_iris_make_alert_maximal_with_nested_json(caplog):
         'iris_alert_tags': 'test, alert',
         'iris_overwrite_timestamp': True,
         'iris_alert_source_link': 'https://example.com',
+        'iris_alert_source': "TestSource",
         'iris_iocs': [
             {
                 'ioc_description': 'source address',
@@ -267,7 +269,7 @@ def test_iris_make_alert_maximal_with_nested_json(caplog):
     expected_data = {
         "alert_title": 'Test Maximal Alert Body',
         "alert_description": 'test description in alert',
-        "alert_source": "ElastAlert2",
+        "alert_source": "TestSource",
         "alert_severity_id": 1,
         "alert_status_id": 2,
         "alert_source_event_time": '2023-10-21 20:00:00.000',