old_console/correlation/models.py

import logging

from django.core.validators import MinValueValidator
from django.db import models
from django.utils.translation import gettext_lazy

from console.models import NameDescriptionModel, UniqueNameDescriptionModel
from correlation.constants import Type

_log = logging.getLogger(__name__)


class Group(UniqueNameDescriptionModel):
    """ Groups for correlator rules"""
    pass


class Rule(NameDescriptionModel):
    """ Model for correlator rule"""

    group = models.ForeignKey(Group,
                              on_delete=models.SET_NULL,
                              related_name='rules',
                              null=True,
                              blank=True,
                              verbose_name=gettext_lazy("Group"))
    multi = models.BooleanField(verbose_name=gettext_lazy("Multi reaction"),
                                help_text=gettext_lazy("Apply actions to every event that match the rule"),
                                default=False)
    type = models.IntegerField(choices=Type.choices,
                               verbose_name=gettext_lazy("Type"))
    status = models.BooleanField(verbose_name=gettext_lazy("Enabled"), help_text=gettext_lazy("Is rule enabled?"))
    archived = models.BooleanField(verbose_name=gettext_lazy("Archived"),
                                   help_text=gettext_lazy(
                                       "Is rule archived? If set - than rule can never be enabled again"),
                                   default=False)
    depth = models.DurationField(verbose_name=gettext_lazy("Depth"),
                                 help_text=gettext_lazy("Analize depth in format HH:MM:SS"))
    created = models.DateTimeField(auto_now_add=True,
                                   verbose_name=gettext_lazy('Created'))
    updated = models.DateTimeField(auto_now=True,
                                   verbose_name=gettext_lazy('Updated'))
    rule_json = models.JSONField(verbose_name=gettext_lazy('Predicats'),
                                 help_text=gettext_lazy('JSON object with predicats description'))
    actions_json = models.JSONField(verbose_name=gettext_lazy('Actions'),
                                    help_text=gettext_lazy('JSON object with actions description'))

    rev = models.IntegerField(default=1,
                              verbose_name=gettext_lazy('Rule version'),
                              help_text=gettext_lazy('Shows rule current version. Increments on change'))
    sid = models.IntegerField(blank=False,
                              verbose_name=gettext_lazy('Rule SID'),
                              help_text=gettext_lazy('SID of correlation rule'),
                              validators=[MinValueValidator(1)])
    is_active = models.BooleanField(gettext_lazy('Is rule active'),
                                    default=True,
                                    help_text=gettext_lazy('Indicates if rule is activated or not'))

    class Meta:
        unique_together = ('rev', 'sid')

    def save(self, *args, **kwargs):
        self.is_being_parsed = kwargs.get("is_being_parsed", None)
        super(Rule, self).save()