You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
64 lines
1.9 KiB
64 lines
1.9 KiB
# encoding = utf-8
|
|
# Always put this line at the beginning of this file
|
|
import import_declare_test
|
|
|
|
import os
|
|
import sys
|
|
|
|
from splunktaucclib.alert_actions_base import ModularAlertBase
|
|
import modalert_trackme_stateful_alert_helper
|
|
|
|
|
|
class AlertActionWorkertrackme_stateful_alert(ModularAlertBase):
|
|
|
|
def __init__(self, ta_name, alert_name):
|
|
super(AlertActionWorkertrackme_stateful_alert, self).__init__(
|
|
ta_name, alert_name
|
|
)
|
|
|
|
def validate_params(self):
|
|
|
|
if not self.get_param("delivery_target"):
|
|
self.log_error(
|
|
"delivery_target is a mandatory parameter, but its value is None."
|
|
)
|
|
return False
|
|
|
|
if not self.get_param("orange_as_alerting_state"):
|
|
self.log_error(
|
|
"orange_as_alerting_state is a mandatory parameter, but its value is None."
|
|
)
|
|
return False
|
|
return True
|
|
|
|
def process_event(self, *args, **kwargs):
|
|
status = 0
|
|
try:
|
|
if not self.validate_params():
|
|
return 3
|
|
status = modalert_trackme_stateful_alert_helper.process_event(
|
|
self, *args, **kwargs
|
|
)
|
|
except (AttributeError, TypeError) as ae:
|
|
self.log_error(
|
|
f"Error: {str(ae)}. Please double check spelling and also verify that a compatible version of Splunk_SA_CIM is installed."
|
|
)
|
|
return 4
|
|
except Exception as e:
|
|
msg = "Unexpected error: {}."
|
|
if str(e):
|
|
self.log_error(f"Error: {str(e)}") # e.message replaced with str(ae)
|
|
else:
|
|
import traceback
|
|
|
|
self.log_error(f"Error: {traceback.format_exc()}")
|
|
return 5
|
|
return status
|
|
|
|
|
|
if __name__ == "__main__":
|
|
exitcode = AlertActionWorkertrackme_stateful_alert(
|
|
"trackme", "trackme_stateful_alert"
|
|
).run(sys.argv)
|
|
sys.exit(exitcode)
|