Class: AgentAdmit::AlertsClient

Inherits:

Object

• Object
• AgentAdmit::AlertsClient

Defined in:

lib/agentadmit/alerts_client.rb

Overview

AlertsClient — configure and query security alerts via the AgentAdmit hosted service.

Supported alert types:

ALERT_TYPE_VOLUME_SPIKE, ALERT_TYPE_FAILED_SCOPE_ATTEMPTS,
ALERT_TYPE_BURST_PATTERN, ALERT_TYPE_STALE_REACTIVATION,
ALERT_TYPE_NEW_SCOPE_USAGE, ALERT_TYPE_REVOKED_CONNECTION_ATTEMPT

Examples:

client = AgentAdmit::AlertsClient.new

client.configure_alerts(
  app_id:                   "app_abc123",
  alert_type:               AgentAdmit::AlertsClient::ALERT_TYPE_VOLUME_SPIKE,
  enabled:                  true,
  threshold_value:          100,
  threshold_window_minutes: 5,
)

Constant Summary

ALERT_TYPE_VOLUME_SPIKE =

"volume_spike"

ALERT_TYPE_FAILED_SCOPE_ATTEMPTS =

"failed_scope_attempts"

ALERT_TYPE_BURST_PATTERN =

"burst_pattern"

ALERT_TYPE_STALE_REACTIVATION =

"stale_reactivation"

ALERT_TYPE_NEW_SCOPE_USAGE =

"new_scope_usage"

ALERT_TYPE_REVOKED_CONNECTION_ATTEMPT =

"revoked_connection_attempt"

Instance Method Summary

• #configure_alerts(app_id:, alert_type:, connection_id: nil, enabled: nil, threshold_value: nil, threshold_window_minutes: nil, threshold_rate_per_minute: nil, stale_days: nil, kill_switch_enabled: nil, kill_switch_threshold_value: nil, kill_switch_threshold_window_minutes: nil) ⇒ Hash

  Configure alert thresholds for an app or connection.

• #get_alert_config(app_id:, connection_id: nil) ⇒ Hash

  Get the current alert configuration for an app.

• #initialize(config = nil) ⇒ AlertsClient constructor

  A new instance of AlertsClient.

• #list_alerts(app_id:, connection_id: nil, alert_type: nil, limit: 50, offset: 0) ⇒ Hash

  List alert events for an app.

Constructor Details

#initialize(config = nil) ⇒ AlertsClient

Returns a new instance of AlertsClient.

# File 'lib/agentadmit/alerts_client.rb', line 35

def initialize(config = nil)
  @config = config || AgentAdmit.configuration || Config.new
end

Instance Method Details

#configure_alerts(app_id:, alert_type:, connection_id: nil, enabled: nil, threshold_value: nil, threshold_window_minutes: nil, threshold_rate_per_minute: nil, stale_days: nil, kill_switch_enabled: nil, kill_switch_threshold_value: nil, kill_switch_threshold_window_minutes: nil) ⇒ Hash

Configure alert thresholds for an app or connection. POST /api/v1/alerts

Parameters:

• app_id (String)
• alert_type (String) —

  One of the ALERT_TYPE_* constants

• connection_id (String, nil) (defaults to: nil)
• enabled (Boolean, nil) (defaults to: nil)
• threshold_value (Numeric, nil) (defaults to: nil)
• threshold_window_minutes (Integer, nil) (defaults to: nil)
• threshold_rate_per_minute (Numeric, nil) (defaults to: nil)
• stale_days (Integer, nil) (defaults to: nil)
• kill_switch_enabled (Boolean, nil) (defaults to: nil)
• kill_switch_threshold_value (Numeric, nil) (defaults to: nil)
• kill_switch_threshold_window_minutes (Integer, nil) (defaults to: nil)

Returns:

• (Hash) —

  { “ok” => true, “config” => … }

Raises:

• (IntrospectionError)

# File 'lib/agentadmit/alerts_client.rb', line 57

def configure_alerts(
  app_id:,
  alert_type:,
  connection_id: nil,
  enabled: nil,
  threshold_value: nil,
  threshold_window_minutes: nil,
  threshold_rate_per_minute: nil,
  stale_days: nil,
  kill_switch_enabled: nil,
  kill_switch_threshold_value: nil,
  kill_switch_threshold_window_minutes: nil
)
  body = { app_id: app_id, alert_type: alert_type }
  body[:connection_id]                        = connection_id                        unless connection_id.nil?
  body[:enabled]                              = enabled                              unless enabled.nil?
  body[:threshold_value]                      = threshold_value                      unless threshold_value.nil?
  body[:threshold_window_minutes]             = threshold_window_minutes             unless threshold_window_minutes.nil?
  body[:threshold_rate_per_minute]            = threshold_rate_per_minute            unless threshold_rate_per_minute.nil?
  body[:stale_days]                           = stale_days                           unless stale_days.nil?
  body[:kill_switch_enabled]                  = kill_switch_enabled                  unless kill_switch_enabled.nil?
  body[:kill_switch_threshold_value]          = kill_switch_threshold_value          unless kill_switch_threshold_value.nil?
  body[:kill_switch_threshold_window_minutes] = kill_switch_threshold_window_minutes unless kill_switch_threshold_window_minutes.nil?

  post_json("/api/v1/alerts", body)
end

#get_alert_config(app_id:, connection_id: nil) ⇒ Hash

Get the current alert configuration for an app. GET /api/v1/alerts/config

Parameters:

• app_id (String)
• connection_id (String, nil) (defaults to: nil)

Returns:

• (Hash) —

  { “app_id”, “app_level”, “connection_overrides”, “alert_types” }

Raises:

• (IntrospectionError)

# File 'lib/agentadmit/alerts_client.rb', line 113

def get_alert_config(app_id:, connection_id: nil)
  params = { app_id: app_id }
  params[:connection_id] = connection_id if connection_id

  get_json("/api/v1/alerts/config", params)
end

#list_alerts(app_id:, connection_id: nil, alert_type: nil, limit: 50, offset: 0) ⇒ Hash

List alert events for an app. GET /api/v1/alerts

Parameters:

• app_id (String)
• connection_id (String, nil) (defaults to: nil)
• alert_type (String, nil) (defaults to: nil)
• limit (Integer) (defaults to: 50) —

  default 50

• offset (Integer) (defaults to: 0) —

  default 0

Returns:

• (Hash) —

  { “events” => […], “total” => Integer, “limit” => Integer, “offset” => Integer }

Raises:

• (IntrospectionError)

# File 'lib/agentadmit/alerts_client.rb', line 96

def list_alerts(app_id:, connection_id: nil, alert_type: nil, limit: 50, offset: 0)
  params = { app_id: app_id, limit: limit, offset: offset }
  params[:connection_id] = connection_id if connection_id
  params[:alert_type]    = alert_type    if alert_type

  get_json("/api/v1/alerts", params)
end