@scoutflo/alert-correlation 0.1.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +34 -0
- package/dist/src/contracts/alertRef.d.ts +21 -0
- package/dist/src/contracts/alertRef.js +12 -0
- package/dist/src/contracts/alertRef.js.map +1 -0
- package/dist/src/contracts/context.d.ts +37 -0
- package/dist/src/contracts/context.js +3 -0
- package/dist/src/contracts/context.js.map +1 -0
- package/dist/src/contracts/decision.d.ts +29 -0
- package/dist/src/contracts/decision.js +3 -0
- package/dist/src/contracts/decision.js.map +1 -0
- package/dist/src/contracts/facts.d.ts +32 -0
- package/dist/src/contracts/facts.js +3 -0
- package/dist/src/contracts/facts.js.map +1 -0
- package/dist/src/contracts/index.d.ts +5 -0
- package/dist/src/contracts/index.js +22 -0
- package/dist/src/contracts/index.js.map +1 -0
- package/dist/src/contracts/topology.d.ts +38 -0
- package/dist/src/contracts/topology.js +3 -0
- package/dist/src/contracts/topology.js.map +1 -0
- package/dist/src/decision/decideTarget.d.ts +3 -0
- package/dist/src/decision/decideTarget.js +50 -0
- package/dist/src/decision/decideTarget.js.map +1 -0
- package/dist/src/decision/reasonCodes.d.ts +10 -0
- package/dist/src/decision/reasonCodes.js +13 -0
- package/dist/src/decision/reasonCodes.js.map +1 -0
- package/dist/src/extractors/genericExtractor.d.ts +23 -0
- package/dist/src/extractors/genericExtractor.js +162 -0
- package/dist/src/extractors/genericExtractor.js.map +1 -0
- package/dist/src/extractors/prometheusExtractor.d.ts +4 -0
- package/dist/src/extractors/prometheusExtractor.js +114 -0
- package/dist/src/extractors/prometheusExtractor.js.map +1 -0
- package/dist/src/extractors/registry.d.ts +4 -0
- package/dist/src/extractors/registry.js +23 -0
- package/dist/src/extractors/registry.js.map +1 -0
- package/dist/src/extractors/sentryExtractor.d.ts +2 -0
- package/dist/src/extractors/sentryExtractor.js +114 -0
- package/dist/src/extractors/sentryExtractor.js.map +1 -0
- package/dist/src/extractors/types.d.ts +12 -0
- package/dist/src/extractors/types.js +3 -0
- package/dist/src/extractors/types.js.map +1 -0
- package/dist/src/extractors/victoriaMetricsExtractor.d.ts +2 -0
- package/dist/src/extractors/victoriaMetricsExtractor.js +12 -0
- package/dist/src/extractors/victoriaMetricsExtractor.js.map +1 -0
- package/dist/src/index.d.ts +18 -0
- package/dist/src/index.js +36 -0
- package/dist/src/index.js.map +1 -0
- package/dist/src/matchers/providerRelationshipMatcher.d.ts +4 -0
- package/dist/src/matchers/providerRelationshipMatcher.js +111 -0
- package/dist/src/matchers/providerRelationshipMatcher.js.map +1 -0
- package/dist/src/matchers/types.d.ts +10 -0
- package/dist/src/matchers/types.js +3 -0
- package/dist/src/matchers/types.js.map +1 -0
- package/dist/src/resolveAlertCorrelation.d.ts +13 -0
- package/dist/src/resolveAlertCorrelation.js +17 -0
- package/dist/src/resolveAlertCorrelation.js.map +1 -0
- package/dist/src/time/normalizeAlertTime.d.ts +9 -0
- package/dist/src/time/normalizeAlertTime.js +25 -0
- package/dist/src/time/normalizeAlertTime.js.map +1 -0
- package/dist/test/contracts.test.d.ts +1 -0
- package/dist/test/contracts.test.js +39 -0
- package/dist/test/contracts.test.js.map +1 -0
- package/dist/test/decision.test.d.ts +1 -0
- package/dist/test/decision.test.js +50 -0
- package/dist/test/decision.test.js.map +1 -0
- package/dist/test/generic-extractor.test.d.ts +1 -0
- package/dist/test/generic-extractor.test.js +28 -0
- package/dist/test/generic-extractor.test.js.map +1 -0
- package/dist/test/prometheus-extractor.test.d.ts +1 -0
- package/dist/test/prometheus-extractor.test.js +29 -0
- package/dist/test/prometheus-extractor.test.js.map +1 -0
- package/dist/test/resolve-alert-correlation.test.d.ts +1 -0
- package/dist/test/resolve-alert-correlation.test.js +38 -0
- package/dist/test/resolve-alert-correlation.test.js.map +1 -0
- package/dist/test/sentry-extractor.test.d.ts +1 -0
- package/dist/test/sentry-extractor.test.js +30 -0
- package/dist/test/sentry-extractor.test.js.map +1 -0
- package/dist/test/smoke.test.d.ts +1 -0
- package/dist/test/smoke.test.js +12 -0
- package/dist/test/smoke.test.js.map +1 -0
- package/dist/test/time.test.d.ts +1 -0
- package/dist/test/time.test.js +30 -0
- package/dist/test/time.test.js.map +1 -0
- package/dist/test/victoriametrics-extractor.test.d.ts +1 -0
- package/dist/test/victoriametrics-extractor.test.js +27 -0
- package/dist/test/victoriametrics-extractor.test.js.map +1 -0
- package/package.json +32 -0
package/README.md
ADDED
|
@@ -0,0 +1,34 @@
|
|
|
1
|
+
# @scoutflo/alert-correlation
|
|
2
|
+
|
|
3
|
+
Pure alert-to-topology correlation contracts and policies for Scoutflo alert investigation workflows.
|
|
4
|
+
|
|
5
|
+
This package intentionally owns only shared contracts, extraction, matching, scoring, and decision logic. Provider detail fetching, tenant authorization, topology loading, topology slice construction, and API response shaping stay in Gateway. Investigation lifecycle and supervisor startup stay in Voyager.
|
|
6
|
+
|
|
7
|
+
## Version
|
|
8
|
+
|
|
9
|
+
Current package version: `0.1.0`.
|
|
10
|
+
|
|
11
|
+
Gateway and Voyager should consume the exact published version:
|
|
12
|
+
|
|
13
|
+
```json
|
|
14
|
+
"@scoutflo/alert-correlation": "0.1.0"
|
|
15
|
+
```
|
|
16
|
+
|
|
17
|
+
During local development, consumers may temporarily use a `file:` dependency pointed at `../integration-sdk/packages/alert-correlation`, then replace it with the exact npm version before release.
|
|
18
|
+
|
|
19
|
+
## Release
|
|
20
|
+
|
|
21
|
+
Build and test before publishing:
|
|
22
|
+
|
|
23
|
+
```bash
|
|
24
|
+
npm run build --workspace @scoutflo/alert-correlation
|
|
25
|
+
npm test --workspace @scoutflo/alert-correlation
|
|
26
|
+
```
|
|
27
|
+
|
|
28
|
+
Publish only when explicitly approved:
|
|
29
|
+
|
|
30
|
+
```bash
|
|
31
|
+
npm publish --workspace @scoutflo/alert-correlation
|
|
32
|
+
```
|
|
33
|
+
|
|
34
|
+
The package is configured for public npm publishing through its `publishConfig`.
|
|
@@ -0,0 +1,21 @@
|
|
|
1
|
+
import { z } from 'zod';
|
|
2
|
+
export declare const alertRefSchema: z.ZodObject<{
|
|
3
|
+
integrationId: z.ZodString;
|
|
4
|
+
provider: z.ZodString;
|
|
5
|
+
alertKey: z.ZodString;
|
|
6
|
+
timestamp: z.ZodString;
|
|
7
|
+
selectedAt: z.ZodString;
|
|
8
|
+
}, "strip", z.ZodTypeAny, {
|
|
9
|
+
integrationId: string;
|
|
10
|
+
provider: string;
|
|
11
|
+
alertKey: string;
|
|
12
|
+
timestamp: string;
|
|
13
|
+
selectedAt: string;
|
|
14
|
+
}, {
|
|
15
|
+
integrationId: string;
|
|
16
|
+
provider: string;
|
|
17
|
+
alertKey: string;
|
|
18
|
+
timestamp: string;
|
|
19
|
+
selectedAt: string;
|
|
20
|
+
}>;
|
|
21
|
+
export type AlertRef = z.infer<typeof alertRefSchema>;
|
|
@@ -0,0 +1,12 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
exports.alertRefSchema = void 0;
|
|
4
|
+
const zod_1 = require("zod");
|
|
5
|
+
exports.alertRefSchema = zod_1.z.object({
|
|
6
|
+
integrationId: zod_1.z.string().min(1),
|
|
7
|
+
provider: zod_1.z.string().min(1),
|
|
8
|
+
alertKey: zod_1.z.string().min(1),
|
|
9
|
+
timestamp: zod_1.z.string().datetime(),
|
|
10
|
+
selectedAt: zod_1.z.string().datetime(),
|
|
11
|
+
});
|
|
12
|
+
//# sourceMappingURL=alertRef.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"alertRef.js","sourceRoot":"","sources":["../../../src/contracts/alertRef.ts"],"names":[],"mappings":";;;AAAA,6BAAwB;AAEX,QAAA,cAAc,GAAG,OAAC,CAAC,MAAM,CAAC;IACrC,aAAa,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;IAChC,QAAQ,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;IAC3B,QAAQ,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;IAC3B,SAAS,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAChC,UAAU,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;CAClC,CAAC,CAAC"}
|
|
@@ -0,0 +1,37 @@
|
|
|
1
|
+
import type { AlertRef } from './alertRef';
|
|
2
|
+
import type { AlertCorrelationDecision } from './decision';
|
|
3
|
+
import type { AlertCorrelationFacts, AlertTimeWindow } from './facts';
|
|
4
|
+
export interface AlertSummarySnapshot {
|
|
5
|
+
title?: string;
|
|
6
|
+
severity?: string;
|
|
7
|
+
status?: string;
|
|
8
|
+
description?: string;
|
|
9
|
+
project?: string;
|
|
10
|
+
resource?: string;
|
|
11
|
+
}
|
|
12
|
+
export interface AlertCorrelationDiagnostics {
|
|
13
|
+
providerDetailFetched: boolean;
|
|
14
|
+
rawTruncated: boolean;
|
|
15
|
+
extractorName: string;
|
|
16
|
+
extractorVersion: string;
|
|
17
|
+
matcherName?: string;
|
|
18
|
+
matcherVersion?: string;
|
|
19
|
+
sourceResourceFound: boolean;
|
|
20
|
+
relationshipCount: number;
|
|
21
|
+
candidateCount: number;
|
|
22
|
+
selectedTarget?: {
|
|
23
|
+
type: 'service' | 'resource';
|
|
24
|
+
id: string;
|
|
25
|
+
};
|
|
26
|
+
}
|
|
27
|
+
export interface AlertInvestigationContext {
|
|
28
|
+
request: AlertRef;
|
|
29
|
+
time: AlertTimeWindow;
|
|
30
|
+
summary: AlertSummarySnapshot;
|
|
31
|
+
facts: AlertCorrelationFacts;
|
|
32
|
+
resolution: AlertCorrelationDecision;
|
|
33
|
+
topologySlice: unknown | null;
|
|
34
|
+
bindingHints: unknown[];
|
|
35
|
+
diagnostics: AlertCorrelationDiagnostics;
|
|
36
|
+
reasonCodes: string[];
|
|
37
|
+
}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"context.js","sourceRoot":"","sources":["../../../src/contracts/context.ts"],"names":[],"mappings":""}
|
|
@@ -0,0 +1,29 @@
|
|
|
1
|
+
export type CorrelationStatus = 'resolved' | 'ambiguous' | 'degraded' | 'unresolved';
|
|
2
|
+
export interface CorrelationEvidence {
|
|
3
|
+
kind: 'relationship_attribute' | 'raw_alert_field' | 'resource_inference' | 'fallback';
|
|
4
|
+
factKey?: string;
|
|
5
|
+
factValue?: string;
|
|
6
|
+
relationshipId?: string;
|
|
7
|
+
reason: string;
|
|
8
|
+
}
|
|
9
|
+
export interface CorrelationCandidate {
|
|
10
|
+
target: {
|
|
11
|
+
type: 'service' | 'resource';
|
|
12
|
+
id: string;
|
|
13
|
+
};
|
|
14
|
+
name?: string;
|
|
15
|
+
confidence: number;
|
|
16
|
+
evidence: CorrelationEvidence[];
|
|
17
|
+
reasonCodes: string[];
|
|
18
|
+
}
|
|
19
|
+
export interface AlertCorrelationDecision {
|
|
20
|
+
status: CorrelationStatus;
|
|
21
|
+
target: {
|
|
22
|
+
type: 'service' | 'resource';
|
|
23
|
+
id: string;
|
|
24
|
+
} | null;
|
|
25
|
+
candidates: CorrelationCandidate[];
|
|
26
|
+
evidence: CorrelationEvidence[];
|
|
27
|
+
confidence: number;
|
|
28
|
+
reasonCodes: string[];
|
|
29
|
+
}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"decision.js","sourceRoot":"","sources":["../../../src/contracts/decision.ts"],"names":[],"mappings":""}
|
|
@@ -0,0 +1,32 @@
|
|
|
1
|
+
export type FactKind = 'label' | 'tag' | 'annotation' | 'provider_identity' | 'resource_hint' | 'text_derived' | 'time';
|
|
2
|
+
export interface Fact {
|
|
3
|
+
key: string;
|
|
4
|
+
value: string;
|
|
5
|
+
sourcePath: string;
|
|
6
|
+
confidence: number;
|
|
7
|
+
kind: FactKind;
|
|
8
|
+
}
|
|
9
|
+
export interface AlertTimeWindow {
|
|
10
|
+
timestamp: string;
|
|
11
|
+
selectedAt: string;
|
|
12
|
+
startsAt: string;
|
|
13
|
+
endsAt?: string;
|
|
14
|
+
lastSeen?: string;
|
|
15
|
+
isOpenEnded: boolean;
|
|
16
|
+
}
|
|
17
|
+
export interface AlertCorrelationFacts {
|
|
18
|
+
provider: string;
|
|
19
|
+
integrationId: string;
|
|
20
|
+
alertKey: string;
|
|
21
|
+
extractor: {
|
|
22
|
+
name: string;
|
|
23
|
+
version: string;
|
|
24
|
+
};
|
|
25
|
+
time: AlertTimeWindow;
|
|
26
|
+
labels: Fact[];
|
|
27
|
+
identifiers: Fact[];
|
|
28
|
+
resourceHints: Fact[];
|
|
29
|
+
textHints: Fact[];
|
|
30
|
+
severity?: Fact;
|
|
31
|
+
title?: Fact;
|
|
32
|
+
}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"facts.js","sourceRoot":"","sources":["../../../src/contracts/facts.ts"],"names":[],"mappings":""}
|
|
@@ -0,0 +1,22 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
|
|
3
|
+
if (k2 === undefined) k2 = k;
|
|
4
|
+
var desc = Object.getOwnPropertyDescriptor(m, k);
|
|
5
|
+
if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
|
|
6
|
+
desc = { enumerable: true, get: function() { return m[k]; } };
|
|
7
|
+
}
|
|
8
|
+
Object.defineProperty(o, k2, desc);
|
|
9
|
+
}) : (function(o, m, k, k2) {
|
|
10
|
+
if (k2 === undefined) k2 = k;
|
|
11
|
+
o[k2] = m[k];
|
|
12
|
+
}));
|
|
13
|
+
var __exportStar = (this && this.__exportStar) || function(m, exports) {
|
|
14
|
+
for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
|
|
15
|
+
};
|
|
16
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
17
|
+
__exportStar(require("./alertRef"), exports);
|
|
18
|
+
__exportStar(require("./facts"), exports);
|
|
19
|
+
__exportStar(require("./topology"), exports);
|
|
20
|
+
__exportStar(require("./decision"), exports);
|
|
21
|
+
__exportStar(require("./context"), exports);
|
|
22
|
+
//# sourceMappingURL=index.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/contracts/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;AAAA,6CAA2B;AAC3B,0CAAwB;AACxB,6CAA2B;AAC3B,6CAA2B;AAC3B,4CAA0B"}
|
|
@@ -0,0 +1,38 @@
|
|
|
1
|
+
export type CorrelationEntityType = 'service' | 'resource';
|
|
2
|
+
export interface CorrelationTopologyEntityRef {
|
|
3
|
+
type: CorrelationEntityType;
|
|
4
|
+
id: string;
|
|
5
|
+
}
|
|
6
|
+
export interface CorrelationService {
|
|
7
|
+
id: string;
|
|
8
|
+
name: string;
|
|
9
|
+
displayName?: string;
|
|
10
|
+
attributes?: Record<string, unknown>;
|
|
11
|
+
}
|
|
12
|
+
export interface CorrelationTopologyResource {
|
|
13
|
+
id: string;
|
|
14
|
+
name: string;
|
|
15
|
+
provider?: string;
|
|
16
|
+
resourceType?: string;
|
|
17
|
+
externalRef?: {
|
|
18
|
+
provider?: string;
|
|
19
|
+
externalId?: string;
|
|
20
|
+
sourceCollection?: string;
|
|
21
|
+
};
|
|
22
|
+
attributes?: Record<string, unknown>;
|
|
23
|
+
}
|
|
24
|
+
export interface CorrelationRelationship {
|
|
25
|
+
id: string;
|
|
26
|
+
relation: string;
|
|
27
|
+
from: CorrelationTopologyEntityRef;
|
|
28
|
+
to: CorrelationTopologyEntityRef;
|
|
29
|
+
attributeSchemaKey?: string;
|
|
30
|
+
attributes?: Record<string, unknown>;
|
|
31
|
+
}
|
|
32
|
+
export interface TopologyCandidateInput {
|
|
33
|
+
sourceResource: CorrelationTopologyResource | null;
|
|
34
|
+
monitoredByRelationships: CorrelationRelationship[];
|
|
35
|
+
deployedAsRelationships: CorrelationRelationship[];
|
|
36
|
+
services: CorrelationService[];
|
|
37
|
+
resources: CorrelationTopologyResource[];
|
|
38
|
+
}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"topology.js","sourceRoot":"","sources":["../../../src/contracts/topology.ts"],"names":[],"mappings":""}
|
|
@@ -0,0 +1,50 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
exports.DETERMINISTIC_CONFIDENCE = void 0;
|
|
4
|
+
exports.decideTarget = decideTarget;
|
|
5
|
+
const reasonCodes_1 = require("./reasonCodes");
|
|
6
|
+
exports.DETERMINISTIC_CONFIDENCE = 8;
|
|
7
|
+
function hasTopologyEvidence(candidate) {
|
|
8
|
+
return candidate.evidence.some((evidence) => evidence.kind === 'relationship_attribute' || evidence.kind === 'resource_inference');
|
|
9
|
+
}
|
|
10
|
+
function sortedCandidates(candidates) {
|
|
11
|
+
return [...candidates].sort((left, right) => right.confidence - left.confidence);
|
|
12
|
+
}
|
|
13
|
+
function uniqueReasonCodes(candidates, extra = []) {
|
|
14
|
+
return [...new Set([...candidates.flatMap((candidate) => candidate.reasonCodes), ...extra])];
|
|
15
|
+
}
|
|
16
|
+
function decideTarget(candidates) {
|
|
17
|
+
const ranked = sortedCandidates(candidates);
|
|
18
|
+
const best = ranked[0];
|
|
19
|
+
if (!best) {
|
|
20
|
+
return {
|
|
21
|
+
status: 'unresolved',
|
|
22
|
+
target: null,
|
|
23
|
+
candidates: [],
|
|
24
|
+
evidence: [],
|
|
25
|
+
confidence: 0,
|
|
26
|
+
reasonCodes: [reasonCodes_1.REASON_CODES.NO_CANDIDATES],
|
|
27
|
+
};
|
|
28
|
+
}
|
|
29
|
+
if (ranked.length === 1 && best.confidence >= exports.DETERMINISTIC_CONFIDENCE && hasTopologyEvidence(best)) {
|
|
30
|
+
return {
|
|
31
|
+
status: 'resolved',
|
|
32
|
+
target: best.target,
|
|
33
|
+
candidates: ranked,
|
|
34
|
+
evidence: best.evidence,
|
|
35
|
+
confidence: best.confidence,
|
|
36
|
+
reasonCodes: uniqueReasonCodes(ranked, [reasonCodes_1.REASON_CODES.RESOLVED_DETERMINISTIC]),
|
|
37
|
+
};
|
|
38
|
+
}
|
|
39
|
+
return {
|
|
40
|
+
status: 'ambiguous',
|
|
41
|
+
target: null,
|
|
42
|
+
candidates: ranked,
|
|
43
|
+
evidence: best.evidence,
|
|
44
|
+
confidence: best.confidence,
|
|
45
|
+
reasonCodes: uniqueReasonCodes(ranked, [
|
|
46
|
+
ranked.length > 1 ? reasonCodes_1.REASON_CODES.MULTIPLE_CANDIDATES : reasonCodes_1.REASON_CODES.WEAK_CANDIDATE,
|
|
47
|
+
]),
|
|
48
|
+
};
|
|
49
|
+
}
|
|
50
|
+
//# sourceMappingURL=decideTarget.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"decideTarget.js","sourceRoot":"","sources":["../../../src/decision/decideTarget.ts"],"names":[],"mappings":";;;AAoBA,oCAoCC;AAvDD,+CAA6C;AAEhC,QAAA,wBAAwB,GAAG,CAAC,CAAC;AAE1C,SAAS,mBAAmB,CAAC,SAA+B;IAC1D,OAAO,SAAS,CAAC,QAAQ,CAAC,IAAI,CAC5B,CAAC,QAAQ,EAAE,EAAE,CACX,QAAQ,CAAC,IAAI,KAAK,wBAAwB,IAAI,QAAQ,CAAC,IAAI,KAAK,oBAAoB,CACvF,CAAC;AACJ,CAAC;AAED,SAAS,gBAAgB,CAAC,UAAkC;IAC1D,OAAO,CAAC,GAAG,UAAU,CAAC,CAAC,IAAI,CAAC,CAAC,IAAI,EAAE,KAAK,EAAE,EAAE,CAAC,KAAK,CAAC,UAAU,GAAG,IAAI,CAAC,UAAU,CAAC,CAAC;AACnF,CAAC;AAED,SAAS,iBAAiB,CAAC,UAAkC,EAAE,QAAkB,EAAE;IACjF,OAAO,CAAC,GAAG,IAAI,GAAG,CAAC,CAAC,GAAG,UAAU,CAAC,OAAO,CAAC,CAAC,SAAS,EAAE,EAAE,CAAC,SAAS,CAAC,WAAW,CAAC,EAAE,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;AAC/F,CAAC;AAED,SAAgB,YAAY,CAAC,UAAkC;IAC7D,MAAM,MAAM,GAAG,gBAAgB,CAAC,UAAU,CAAC,CAAC;IAC5C,MAAM,IAAI,GAAG,MAAM,CAAC,CAAC,CAAC,CAAC;IAEvB,IAAI,CAAC,IAAI,EAAE,CAAC;QACV,OAAO;YACL,MAAM,EAAE,YAAY;YACpB,MAAM,EAAE,IAAI;YACZ,UAAU,EAAE,EAAE;YACd,QAAQ,EAAE,EAAE;YACZ,UAAU,EAAE,CAAC;YACb,WAAW,EAAE,CAAC,0BAAY,CAAC,aAAa,CAAC;SAC1C,CAAC;IACJ,CAAC;IAED,IAAI,MAAM,CAAC,MAAM,KAAK,CAAC,IAAI,IAAI,CAAC,UAAU,IAAI,gCAAwB,IAAI,mBAAmB,CAAC,IAAI,CAAC,EAAE,CAAC;QACpG,OAAO;YACL,MAAM,EAAE,UAAU;YAClB,MAAM,EAAE,IAAI,CAAC,MAAM;YACnB,UAAU,EAAE,MAAM;YAClB,QAAQ,EAAE,IAAI,CAAC,QAAQ;YACvB,UAAU,EAAE,IAAI,CAAC,UAAU;YAC3B,WAAW,EAAE,iBAAiB,CAAC,MAAM,EAAE,CAAC,0BAAY,CAAC,sBAAsB,CAAC,CAAC;SAC9E,CAAC;IACJ,CAAC;IAED,OAAO;QACL,MAAM,EAAE,WAAW;QACnB,MAAM,EAAE,IAAI;QACZ,UAAU,EAAE,MAAM;QAClB,QAAQ,EAAE,IAAI,CAAC,QAAQ;QACvB,UAAU,EAAE,IAAI,CAAC,UAAU;QAC3B,WAAW,EAAE,iBAAiB,CAAC,MAAM,EAAE;YACrC,MAAM,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,0BAAY,CAAC,mBAAmB,CAAC,CAAC,CAAC,0BAAY,CAAC,cAAc;SACnF,CAAC;KACH,CAAC;AACJ,CAAC"}
|
|
@@ -0,0 +1,10 @@
|
|
|
1
|
+
export declare const REASON_CODES: {
|
|
2
|
+
readonly NO_CANDIDATES: "no_candidates";
|
|
3
|
+
readonly RELATIONSHIP_ATTRIBUTE_MATCH: "relationship_attribute_match";
|
|
4
|
+
readonly RELATIONSHIP_PATTERN_MATCH: "relationship_pattern_match";
|
|
5
|
+
readonly RAW_LABEL_CANDIDATE: "raw_label_candidate";
|
|
6
|
+
readonly MULTIPLE_CANDIDATES: "multiple_candidates";
|
|
7
|
+
readonly WEAK_CANDIDATE: "weak_candidate";
|
|
8
|
+
readonly RESOLVED_DETERMINISTIC: "resolved_deterministic";
|
|
9
|
+
};
|
|
10
|
+
export type ReasonCode = (typeof REASON_CODES)[keyof typeof REASON_CODES];
|
|
@@ -0,0 +1,13 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
exports.REASON_CODES = void 0;
|
|
4
|
+
exports.REASON_CODES = {
|
|
5
|
+
NO_CANDIDATES: 'no_candidates',
|
|
6
|
+
RELATIONSHIP_ATTRIBUTE_MATCH: 'relationship_attribute_match',
|
|
7
|
+
RELATIONSHIP_PATTERN_MATCH: 'relationship_pattern_match',
|
|
8
|
+
RAW_LABEL_CANDIDATE: 'raw_label_candidate',
|
|
9
|
+
MULTIPLE_CANDIDATES: 'multiple_candidates',
|
|
10
|
+
WEAK_CANDIDATE: 'weak_candidate',
|
|
11
|
+
RESOLVED_DETERMINISTIC: 'resolved_deterministic',
|
|
12
|
+
};
|
|
13
|
+
//# sourceMappingURL=reasonCodes.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"reasonCodes.js","sourceRoot":"","sources":["../../../src/decision/reasonCodes.ts"],"names":[],"mappings":";;;AAAa,QAAA,YAAY,GAAG;IAC1B,aAAa,EAAE,eAAe;IAC9B,4BAA4B,EAAE,8BAA8B;IAC5D,0BAA0B,EAAE,4BAA4B;IACxD,mBAAmB,EAAE,qBAAqB;IAC1C,mBAAmB,EAAE,qBAAqB;IAC1C,cAAc,EAAE,gBAAgB;IAChC,sBAAsB,EAAE,wBAAwB;CACxC,CAAC"}
|
|
@@ -0,0 +1,23 @@
|
|
|
1
|
+
import type { AlertCorrelationFacts, Fact, FactKind } from '../contracts';
|
|
2
|
+
import { type ProviderTimeHints } from '../time/normalizeAlertTime';
|
|
3
|
+
import type { ProviderExtractor, ProviderExtractorInput } from './types';
|
|
4
|
+
type UnknownRecord = Record<string, unknown>;
|
|
5
|
+
export declare const GENERIC_EXTRACTOR_NAME = "generic-extractor";
|
|
6
|
+
export declare const EXTRACTOR_VERSION = "0.1.0";
|
|
7
|
+
export declare function isRecord(value: unknown): value is UnknownRecord;
|
|
8
|
+
export declare function primitiveToString(value: unknown): string | undefined;
|
|
9
|
+
export declare function makeFact(input: {
|
|
10
|
+
key: string;
|
|
11
|
+
value: unknown;
|
|
12
|
+
sourcePath: string;
|
|
13
|
+
kind: FactKind;
|
|
14
|
+
confidence?: number;
|
|
15
|
+
}): Fact | undefined;
|
|
16
|
+
export declare function factsFromRecord(value: unknown, sourcePath: string, kind: FactKind, confidence?: number): Fact[];
|
|
17
|
+
export declare function factsFromTagCollection(value: unknown, sourcePath: string): Fact[];
|
|
18
|
+
export declare function getPath(value: unknown, path: string[]): unknown;
|
|
19
|
+
export declare function firstPrimitive(raw: unknown, paths: string[][]): string | undefined;
|
|
20
|
+
export declare function extractProviderTimeHints(raw: unknown): ProviderTimeHints;
|
|
21
|
+
export declare function extractGenericFacts(input: ProviderExtractorInput, extractorName?: string): AlertCorrelationFacts;
|
|
22
|
+
export declare const genericExtractor: ProviderExtractor;
|
|
23
|
+
export {};
|
|
@@ -0,0 +1,162 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
exports.genericExtractor = exports.EXTRACTOR_VERSION = exports.GENERIC_EXTRACTOR_NAME = void 0;
|
|
4
|
+
exports.isRecord = isRecord;
|
|
5
|
+
exports.primitiveToString = primitiveToString;
|
|
6
|
+
exports.makeFact = makeFact;
|
|
7
|
+
exports.factsFromRecord = factsFromRecord;
|
|
8
|
+
exports.factsFromTagCollection = factsFromTagCollection;
|
|
9
|
+
exports.getPath = getPath;
|
|
10
|
+
exports.firstPrimitive = firstPrimitive;
|
|
11
|
+
exports.extractProviderTimeHints = extractProviderTimeHints;
|
|
12
|
+
exports.extractGenericFacts = extractGenericFacts;
|
|
13
|
+
const normalizeAlertTime_1 = require("../time/normalizeAlertTime");
|
|
14
|
+
exports.GENERIC_EXTRACTOR_NAME = 'generic-extractor';
|
|
15
|
+
exports.EXTRACTOR_VERSION = '0.1.0';
|
|
16
|
+
function isRecord(value) {
|
|
17
|
+
return typeof value === 'object' && value !== null && !Array.isArray(value);
|
|
18
|
+
}
|
|
19
|
+
function primitiveToString(value) {
|
|
20
|
+
if (typeof value === 'string')
|
|
21
|
+
return value;
|
|
22
|
+
if (typeof value === 'number' || typeof value === 'boolean')
|
|
23
|
+
return String(value);
|
|
24
|
+
return undefined;
|
|
25
|
+
}
|
|
26
|
+
function makeFact(input) {
|
|
27
|
+
const value = primitiveToString(input.value);
|
|
28
|
+
if (!value)
|
|
29
|
+
return undefined;
|
|
30
|
+
return {
|
|
31
|
+
key: input.key,
|
|
32
|
+
value,
|
|
33
|
+
sourcePath: input.sourcePath,
|
|
34
|
+
confidence: input.confidence ?? 0.7,
|
|
35
|
+
kind: input.kind,
|
|
36
|
+
};
|
|
37
|
+
}
|
|
38
|
+
function factsFromRecord(value, sourcePath, kind, confidence = 0.7) {
|
|
39
|
+
if (!isRecord(value))
|
|
40
|
+
return [];
|
|
41
|
+
return Object.entries(value)
|
|
42
|
+
.map(([key, entry]) => makeFact({
|
|
43
|
+
key,
|
|
44
|
+
value: entry,
|
|
45
|
+
sourcePath: `${sourcePath}.${key}`,
|
|
46
|
+
kind,
|
|
47
|
+
confidence,
|
|
48
|
+
}))
|
|
49
|
+
.filter((fact) => Boolean(fact));
|
|
50
|
+
}
|
|
51
|
+
function factsFromTagCollection(value, sourcePath) {
|
|
52
|
+
if (Array.isArray(value)) {
|
|
53
|
+
return value
|
|
54
|
+
.map((entry, index) => {
|
|
55
|
+
if (!isRecord(entry))
|
|
56
|
+
return undefined;
|
|
57
|
+
const key = primitiveToString(entry.key) ?? primitiveToString(entry.name);
|
|
58
|
+
if (!key)
|
|
59
|
+
return undefined;
|
|
60
|
+
return makeFact({
|
|
61
|
+
key,
|
|
62
|
+
value: entry.value,
|
|
63
|
+
sourcePath: `${sourcePath}[${index}]`,
|
|
64
|
+
kind: 'tag',
|
|
65
|
+
confidence: 0.72,
|
|
66
|
+
});
|
|
67
|
+
})
|
|
68
|
+
.filter((fact) => Boolean(fact));
|
|
69
|
+
}
|
|
70
|
+
return factsFromRecord(value, sourcePath, 'tag', 0.72);
|
|
71
|
+
}
|
|
72
|
+
function getPath(value, path) {
|
|
73
|
+
let cursor = value;
|
|
74
|
+
for (const segment of path) {
|
|
75
|
+
if (!isRecord(cursor))
|
|
76
|
+
return undefined;
|
|
77
|
+
cursor = cursor[segment];
|
|
78
|
+
}
|
|
79
|
+
return cursor;
|
|
80
|
+
}
|
|
81
|
+
function firstPrimitive(raw, paths) {
|
|
82
|
+
for (const path of paths) {
|
|
83
|
+
const value = primitiveToString(getPath(raw, path));
|
|
84
|
+
if (value)
|
|
85
|
+
return value;
|
|
86
|
+
}
|
|
87
|
+
return undefined;
|
|
88
|
+
}
|
|
89
|
+
function extractProviderTimeHints(raw) {
|
|
90
|
+
return {
|
|
91
|
+
startsAt: firstPrimitive(raw, [['startsAt']]),
|
|
92
|
+
firstSeen: firstPrimitive(raw, [['firstSeen'], ['first_seen'], ['dateCreated']]),
|
|
93
|
+
eventTimestamp: firstPrimitive(raw, [['eventTimestamp'], ['event_time'], ['timestamp']]),
|
|
94
|
+
endsAt: firstPrimitive(raw, [['endsAt'], ['endedAt']]),
|
|
95
|
+
lastSeen: firstPrimitive(raw, [['lastSeen'], ['last_seen'], ['dateUpdated']]),
|
|
96
|
+
};
|
|
97
|
+
}
|
|
98
|
+
function extractGenericFacts(input, extractorName = exports.GENERIC_EXTRACTOR_NAME) {
|
|
99
|
+
const raw = input.raw;
|
|
100
|
+
const labels = [
|
|
101
|
+
...factsFromRecord(getPath(raw, ['labels']), 'raw.labels', 'label', 0.75),
|
|
102
|
+
...factsFromRecord(getPath(raw, ['commonLabels']), 'raw.commonLabels', 'label', 0.75),
|
|
103
|
+
...factsFromTagCollection(getPath(raw, ['tags']), 'raw.tags'),
|
|
104
|
+
];
|
|
105
|
+
const textHints = [
|
|
106
|
+
...factsFromRecord(getPath(raw, ['annotations']), 'raw.annotations', 'annotation', 0.6),
|
|
107
|
+
];
|
|
108
|
+
const title = makeFact({
|
|
109
|
+
key: 'title',
|
|
110
|
+
value: firstPrimitive(raw, [['title'], ['name']]) ?? input.summary?.title,
|
|
111
|
+
sourcePath: firstPrimitive(raw, [['title']])
|
|
112
|
+
? 'raw.title'
|
|
113
|
+
: firstPrimitive(raw, [['name']])
|
|
114
|
+
? 'raw.name'
|
|
115
|
+
: 'summary.title',
|
|
116
|
+
kind: 'text_derived',
|
|
117
|
+
confidence: 0.8,
|
|
118
|
+
}) ?? undefined;
|
|
119
|
+
const severity = makeFact({
|
|
120
|
+
key: 'severity',
|
|
121
|
+
value: firstPrimitive(raw, [['severity'], ['level']]) ?? input.summary?.severity,
|
|
122
|
+
sourcePath: firstPrimitive(raw, [['severity']])
|
|
123
|
+
? 'raw.severity'
|
|
124
|
+
: firstPrimitive(raw, [['level']])
|
|
125
|
+
? 'raw.level'
|
|
126
|
+
: 'summary.severity',
|
|
127
|
+
kind: 'label',
|
|
128
|
+
confidence: 0.7,
|
|
129
|
+
}) ?? undefined;
|
|
130
|
+
const resourceHints = [
|
|
131
|
+
makeFact({
|
|
132
|
+
key: 'resource',
|
|
133
|
+
value: firstPrimitive(raw, [['resource']]) ?? input.summary?.resource,
|
|
134
|
+
sourcePath: firstPrimitive(raw, [['resource']]) ? 'raw.resource' : 'summary.resource',
|
|
135
|
+
kind: 'resource_hint',
|
|
136
|
+
confidence: 0.65,
|
|
137
|
+
}),
|
|
138
|
+
].filter((fact) => Boolean(fact));
|
|
139
|
+
return {
|
|
140
|
+
provider: input.alertRef.provider,
|
|
141
|
+
integrationId: input.alertRef.integrationId,
|
|
142
|
+
alertKey: input.alertRef.alertKey,
|
|
143
|
+
extractor: {
|
|
144
|
+
name: extractorName,
|
|
145
|
+
version: exports.EXTRACTOR_VERSION,
|
|
146
|
+
},
|
|
147
|
+
time: (0, normalizeAlertTime_1.normalizeAlertTime)(input.alertRef, extractProviderTimeHints(raw)),
|
|
148
|
+
labels,
|
|
149
|
+
identifiers: [],
|
|
150
|
+
resourceHints,
|
|
151
|
+
textHints,
|
|
152
|
+
...(severity ? { severity } : {}),
|
|
153
|
+
...(title ? { title } : {}),
|
|
154
|
+
};
|
|
155
|
+
}
|
|
156
|
+
exports.genericExtractor = {
|
|
157
|
+
provider: '*',
|
|
158
|
+
name: exports.GENERIC_EXTRACTOR_NAME,
|
|
159
|
+
version: exports.EXTRACTOR_VERSION,
|
|
160
|
+
extract: (input) => extractGenericFacts(input),
|
|
161
|
+
};
|
|
162
|
+
//# sourceMappingURL=genericExtractor.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"genericExtractor.js","sourceRoot":"","sources":["../../../src/extractors/genericExtractor.ts"],"names":[],"mappings":";;;AASA,4BAEC;AAED,8CAIC;AAED,4BAiBC;AAED,0CAmBC;AAED,wDAmBC;AAED,0BAOC;AAED,wCAMC;AAED,4DAQC;AAED,kDAkEC;AA5KD,mEAAwF;AAK3E,QAAA,sBAAsB,GAAG,mBAAmB,CAAC;AAC7C,QAAA,iBAAiB,GAAG,OAAO,CAAC;AAEzC,SAAgB,QAAQ,CAAC,KAAc;IACrC,OAAO,OAAO,KAAK,KAAK,QAAQ,IAAI,KAAK,KAAK,IAAI,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC;AAC9E,CAAC;AAED,SAAgB,iBAAiB,CAAC,KAAc;IAC9C,IAAI,OAAO,KAAK,KAAK,QAAQ;QAAE,OAAO,KAAK,CAAC;IAC5C,IAAI,OAAO,KAAK,KAAK,QAAQ,IAAI,OAAO,KAAK,KAAK,SAAS;QAAE,OAAO,MAAM,CAAC,KAAK,CAAC,CAAC;IAClF,OAAO,SAAS,CAAC;AACnB,CAAC;AAED,SAAgB,QAAQ,CAAC,KAMxB;IACC,MAAM,KAAK,GAAG,iBAAiB,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;IAC7C,IAAI,CAAC,KAAK;QAAE,OAAO,SAAS,CAAC;IAE7B,OAAO;QACL,GAAG,EAAE,KAAK,CAAC,GAAG;QACd,KAAK;QACL,UAAU,EAAE,KAAK,CAAC,UAAU;QAC5B,UAAU,EAAE,KAAK,CAAC,UAAU,IAAI,GAAG;QACnC,IAAI,EAAE,KAAK,CAAC,IAAI;KACjB,CAAC;AACJ,CAAC;AAED,SAAgB,eAAe,CAC7B,KAAc,EACd,UAAkB,EAClB,IAAc,EACd,UAAU,GAAG,GAAG;IAEhB,IAAI,CAAC,QAAQ,CAAC,KAAK,CAAC;QAAE,OAAO,EAAE,CAAC;IAEhC,OAAO,MAAM,CAAC,OAAO,CAAC,KAAK,CAAC;SACzB,GAAG,CAAC,CAAC,CAAC,GAAG,EAAE,KAAK,CAAC,EAAE,EAAE,CACpB,QAAQ,CAAC;QACP,GAAG;QACH,KAAK,EAAE,KAAK;QACZ,UAAU,EAAE,GAAG,UAAU,IAAI,GAAG,EAAE;QAClC,IAAI;QACJ,UAAU;KACX,CAAC,CACH;SACA,MAAM,CAAC,CAAC,IAAI,EAAgB,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC;AACnD,CAAC;AAED,SAAgB,sBAAsB,CAAC,KAAc,EAAE,UAAkB;IACvE,IAAI,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC;QACzB,OAAO,KAAK;aACT,GAAG,CAAC,CAAC,KAAK,EAAE,KAAK,EAAE,EAAE;YACpB,IAAI,CAAC,QAAQ,CAAC,KAAK,CAAC;gBAAE,OAAO,SAAS,CAAC;YACvC,MAAM,GAAG,GAAG,iBAAiB,CAAC,KAAK,CAAC,GAAG,CAAC,IAAI,iBAAiB,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;YAC1E,IAAI,CAAC,GAAG;gBAAE,OAAO,SAAS,CAAC;YAC3B,OAAO,QAAQ,CAAC;gBACd,GAAG;gBACH,KAAK,EAAE,KAAK,CAAC,KAAK;gBAClB,UAAU,EAAE,GAAG,UAAU,IAAI,KAAK,GAAG;gBACrC,IAAI,EAAE,KAAK;gBACX,UAAU,EAAE,IAAI;aACjB,CAAC,CAAC;QACL,CAAC,CAAC;aACD,MAAM,CAAC,CAAC,IAAI,EAAgB,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC;IACnD,CAAC;IAED,OAAO,eAAe,CAAC,KAAK,EAAE,UAAU,EAAE,KAAK,EAAE,IAAI,CAAC,CAAC;AACzD,CAAC;AAED,SAAgB,OAAO,CAAC,KAAc,EAAE,IAAc;IACpD,IAAI,MAAM,GAAG,KAAK,CAAC;IACnB,KAAK,MAAM,OAAO,IAAI,IAAI,EAAE,CAAC;QAC3B,IAAI,CAAC,QAAQ,CAAC,MAAM,CAAC;YAAE,OAAO,SAAS,CAAC;QACxC,MAAM,GAAG,MAAM,CAAC,OAAO,CAAC,CAAC;IAC3B,CAAC;IACD,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,SAAgB,cAAc,CAAC,GAAY,EAAE,KAAiB;IAC5D,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;QACzB,MAAM,KAAK,GAAG,iBAAiB,CAAC,OAAO,CAAC,GAAG,EAAE,IAAI,CAAC,CAAC,CAAC;QACpD,IAAI,KAAK;YAAE,OAAO,KAAK,CAAC;IAC1B,CAAC;IACD,OAAO,SAAS,CAAC;AACnB,CAAC;AAED,SAAgB,wBAAwB,CAAC,GAAY;IACnD,OAAO;QACL,QAAQ,EAAE,cAAc,CAAC,GAAG,EAAE,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC;QAC7C,SAAS,EAAE,cAAc,CAAC,GAAG,EAAE,CAAC,CAAC,WAAW,CAAC,EAAE,CAAC,YAAY,CAAC,EAAE,CAAC,aAAa,CAAC,CAAC,CAAC;QAChF,cAAc,EAAE,cAAc,CAAC,GAAG,EAAE,CAAC,CAAC,gBAAgB,CAAC,EAAE,CAAC,YAAY,CAAC,EAAE,CAAC,WAAW,CAAC,CAAC,CAAC;QACxF,MAAM,EAAE,cAAc,CAAC,GAAG,EAAE,CAAC,CAAC,QAAQ,CAAC,EAAE,CAAC,SAAS,CAAC,CAAC,CAAC;QACtD,QAAQ,EAAE,cAAc,CAAC,GAAG,EAAE,CAAC,CAAC,UAAU,CAAC,EAAE,CAAC,WAAW,CAAC,EAAE,CAAC,aAAa,CAAC,CAAC,CAAC;KAC9E,CAAC;AACJ,CAAC;AAED,SAAgB,mBAAmB,CACjC,KAA6B,EAC7B,aAAa,GAAG,8BAAsB;IAEtC,MAAM,GAAG,GAAG,KAAK,CAAC,GAAG,CAAC;IACtB,MAAM,MAAM,GAAG;QACb,GAAG,eAAe,CAAC,OAAO,CAAC,GAAG,EAAE,CAAC,QAAQ,CAAC,CAAC,EAAE,YAAY,EAAE,OAAO,EAAE,IAAI,CAAC;QACzE,GAAG,eAAe,CAAC,OAAO,CAAC,GAAG,EAAE,CAAC,cAAc,CAAC,CAAC,EAAE,kBAAkB,EAAE,OAAO,EAAE,IAAI,CAAC;QACrF,GAAG,sBAAsB,CAAC,OAAO,CAAC,GAAG,EAAE,CAAC,MAAM,CAAC,CAAC,EAAE,UAAU,CAAC;KAC9D,CAAC;IACF,MAAM,SAAS,GAAG;QAChB,GAAG,eAAe,CAAC,OAAO,CAAC,GAAG,EAAE,CAAC,aAAa,CAAC,CAAC,EAAE,iBAAiB,EAAE,YAAY,EAAE,GAAG,CAAC;KACxF,CAAC;IAEF,MAAM,KAAK,GACT,QAAQ,CAAC;QACP,GAAG,EAAE,OAAO;QACZ,KAAK,EAAE,cAAc,CAAC,GAAG,EAAE,CAAC,CAAC,OAAO,CAAC,EAAE,CAAC,MAAM,CAAC,CAAC,CAAC,IAAI,KAAK,CAAC,OAAO,EAAE,KAAK;QACzE,UAAU,EAAE,cAAc,CAAC,GAAG,EAAE,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC;YAC1C,CAAC,CAAC,WAAW;YACb,CAAC,CAAC,cAAc,CAAC,GAAG,EAAE,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC;gBAC/B,CAAC,CAAC,UAAU;gBACZ,CAAC,CAAC,eAAe;QACrB,IAAI,EAAE,cAAc;QACpB,UAAU,EAAE,GAAG;KAChB,CAAC,IAAI,SAAS,CAAC;IAElB,MAAM,QAAQ,GACZ,QAAQ,CAAC;QACP,GAAG,EAAE,UAAU;QACf,KAAK,EAAE,cAAc,CAAC,GAAG,EAAE,CAAC,CAAC,UAAU,CAAC,EAAE,CAAC,OAAO,CAAC,CAAC,CAAC,IAAI,KAAK,CAAC,OAAO,EAAE,QAAQ;QAChF,UAAU,EAAE,cAAc,CAAC,GAAG,EAAE,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC;YAC7C,CAAC,CAAC,cAAc;YAChB,CAAC,CAAC,cAAc,CAAC,GAAG,EAAE,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC;gBAChC,CAAC,CAAC,WAAW;gBACb,CAAC,CAAC,kBAAkB;QACxB,IAAI,EAAE,OAAO;QACb,UAAU,EAAE,GAAG;KAChB,CAAC,IAAI,SAAS,CAAC;IAElB,MAAM,aAAa,GAAG;QACpB,QAAQ,CAAC;YACP,GAAG,EAAE,UAAU;YACf,KAAK,EAAE,cAAc,CAAC,GAAG,EAAE,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,IAAI,KAAK,CAAC,OAAO,EAAE,QAAQ;YACrE,UAAU,EAAE,cAAc,CAAC,GAAG,EAAE,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,cAAc,CAAC,CAAC,CAAC,kBAAkB;YACrF,IAAI,EAAE,eAAe;YACrB,UAAU,EAAE,IAAI;SACjB,CAAC;KACH,CAAC,MAAM,CAAC,CAAC,IAAI,EAAgB,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC;IAEhD,OAAO;QACL,QAAQ,EAAE,KAAK,CAAC,QAAQ,CAAC,QAAQ;QACjC,aAAa,EAAE,KAAK,CAAC,QAAQ,CAAC,aAAa;QAC3C,QAAQ,EAAE,KAAK,CAAC,QAAQ,CAAC,QAAQ;QACjC,SAAS,EAAE;YACT,IAAI,EAAE,aAAa;YACnB,OAAO,EAAE,yBAAiB;SAC3B;QACD,IAAI,EAAE,IAAA,uCAAkB,EAAC,KAAK,CAAC,QAAQ,EAAE,wBAAwB,CAAC,GAAG,CAAC,CAAC;QACvE,MAAM;QACN,WAAW,EAAE,EAAE;QACf,aAAa;QACb,SAAS;QACT,GAAG,CAAC,QAAQ,CAAC,CAAC,CAAC,EAAE,QAAQ,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;QACjC,GAAG,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,KAAK,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;KAC5B,CAAC;AACJ,CAAC;AAEY,QAAA,gBAAgB,GAAsB;IACjD,QAAQ,EAAE,GAAG;IACb,IAAI,EAAE,8BAAsB;IAC5B,OAAO,EAAE,yBAAiB;IAC1B,OAAO,EAAE,CAAC,KAAK,EAAE,EAAE,CAAC,mBAAmB,CAAC,KAAK,CAAC;CAC/C,CAAC"}
|
|
@@ -0,0 +1,4 @@
|
|
|
1
|
+
import type { AlertCorrelationFacts } from '../contracts';
|
|
2
|
+
import type { ProviderExtractor, ProviderExtractorInput } from './types';
|
|
3
|
+
export declare function extractPrometheusCompatibleFacts(input: ProviderExtractorInput, extractorName: string): AlertCorrelationFacts;
|
|
4
|
+
export declare const prometheusExtractor: ProviderExtractor;
|