Skip to content

feat: move all alert ingestion logic to engines/ folder #1206

New issue
New issue
Open
Open
feat: move all alert ingestion logic to engines/ folder#1206
Labels
ArchitectureRequires an architecture change/reviewEnhancementNew feature or requestInfrastructureInfrastructure related issues
@shahargl

Description

@shahargl
shahargl
opened on Jun 3, 2024

** Current architecture/design **

Currently, there is a lot of logic around alerts including:

  1. deduplication (alert_deduplicator/)
  2. enrichment (enrich_alert in db.py)
  3. mapping and extraction (EnrichBl under bl)
  4. search engine (search_alerts/)
  5. rules engine (rule_engine/)

** Why is this change needed? **

  1. It is hard to understand all the changes/logic that touch alerts
  2. No clear guidelines how to do things (e.g. some cases use direct access to db, some have wrapper around it)

** Expected behavior **

  1. All logic sits under engine/ folder.
  2. No direct operations on alerts directly on db

Metadata

Metadata

Assignees

No one assigned

    Labels

    ArchitectureRequires an architecture change/reviewEnhancementNew feature or requestInfrastructureInfrastructure related issues

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions