Skip to content

Commit 5a4b09e

Browse files
ylladayllada
committed
feat: add debug logging for alert processing and related alerts retrieval
1 parent 1611144 commit 5a4b09e

3 files changed

Lines changed: 27 additions & 9 deletions

File tree

soc-ai/elastic/alerts.go

Lines changed: 22 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -74,6 +74,9 @@ type AlertCorrelation struct {
7474
}
7575

7676
func GetRelatedAlerts() ([]schema.GPTAlertResponse, error) {
77+
// Debug log
78+
utils.Logger.Info("Getting historical alerts from Elasticsearch")
79+
7780
result, err := ElasticSearch(configurations.ALERT_INDEX_PATTERN, "*", "*")
7881
if err != nil {
7982
return nil, fmt.Errorf("error getting historical alerts: %v", err)
@@ -89,6 +92,9 @@ func GetRelatedAlerts() ([]schema.GPTAlertResponse, error) {
8992
}
9093

9194
func FindRelatedAlerts(currentAlert schema.Alert) (*AlertCorrelation, error) {
95+
// Debug log
96+
utils.Logger.Info("Finding related alerts for alert %s", currentAlert.ID)
97+
9298
correlation := &AlertCorrelation{
9399
CurrentAlert: currentAlert,
94100
RelatedAlerts: []schema.Alert{},
@@ -100,6 +106,8 @@ func FindRelatedAlerts(currentAlert schema.Alert) (*AlertCorrelation, error) {
100106
return nil, err
101107
}
102108

109+
utils.Logger.Info("Found %d historical alerts to analyze", len(historicalResponses))
110+
103111
var alertIDs []string
104112
for _, resp := range historicalResponses {
105113
alertIDs = append(alertIDs, resp.ActivityID)
@@ -123,36 +131,50 @@ func FindRelatedAlerts(currentAlert schema.Alert) (*AlertCorrelation, error) {
123131
}
124132
}
125133

134+
utils.Logger.Info("Completed related alerts search. Found %d related alerts for ID: %s",
135+
len(correlation.RelatedAlerts), currentAlert.ID)
136+
126137
return correlation, nil
127138
}
128139

129140
func isAlertRelated(current, historical schema.Alert) bool {
141+
utils.Logger.Info("Checking relation between alerts - Current: %s, Historical: %s", current.ID, historical.ID)
142+
130143
if current.Destination.IP != "" && current.Destination.IP == historical.Destination.IP {
144+
utils.Logger.Info("Match found: Destination IP %s", current.Destination.IP)
131145
return true
132146
}
133147
if current.Destination.Port != 0 && current.Destination.Port == historical.Destination.Port {
148+
utils.Logger.Info("Match found: Destination Port %d", current.Destination.Port)
134149
return true
135150
}
136151
if current.Destination.Host != "" && current.Destination.Host == historical.Destination.Host {
152+
utils.Logger.Info("Match found: Destination Host %s", current.Destination.Host)
137153
return true
138154
}
139155
if current.Destination.User != "" && current.Destination.User == historical.Destination.User {
156+
utils.Logger.Info("Match found: Destination User %s", current.Destination.User)
140157
return true
141158
}
142159

143160
if current.Source.IP != "" && current.Source.IP == historical.Source.IP {
161+
utils.Logger.Info("Match found: Source IP %s", current.Source.IP)
144162
return true
145163
}
146164
if current.Source.Port != 0 && current.Source.Port == historical.Source.Port {
165+
utils.Logger.Info("Match found: Source Port %d", current.Source.Port)
147166
return true
148167
}
149168
if current.Source.Host != "" && current.Source.Host == historical.Source.Host {
169+
utils.Logger.Info("Match found: Source Host %s", current.Source.Host)
150170
return true
151171
}
152172
if current.Source.User != "" && current.Source.User == historical.Source.User {
173+
utils.Logger.Info("Match found: Source User %s", current.Source.User)
153174
return true
154175
}
155176

177+
utils.Logger.Info("No match found between alerts %s and %s", current.ID, historical.ID)
156178
return false
157179
}
158180

@@ -194,12 +216,6 @@ func BuildCorrelationContext(correlation *AlertCorrelation) string {
194216
if alert.Destination.Port != 0 {
195217
context.WriteString(fmt.Sprintf("- Destination Port: %d\n", alert.Destination.Port))
196218
}
197-
if alert.Protocol != "" {
198-
context.WriteString(fmt.Sprintf("- Protocol: %s\n", alert.Protocol))
199-
}
200-
if alert.Severity != 0 {
201-
context.WriteString(fmt.Sprintf("- Severity: %d\n", alert.Severity))
202-
}
203219
}
204220

205221
return context.String()

soc-ai/gpt/client.go

Lines changed: 2 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -58,14 +58,13 @@ func (c *GPTClient) Request(alert schema.AlertGPTDetails) (string, error) {
5858
},
5959
}
6060

61-
// Debug log
62-
utils.Logger.Info("GPT Request: %s", req.Messages[0].Content)
63-
6461
requestJson, error := json.Marshal(req)
6562
if error != nil {
6663
return "", fmt.Errorf("error marshalling request: %v", error)
6764
}
6865

66+
utils.Logger.Info("Complete GPT Request JSON: %s", string(requestJson))
67+
6968
headers := map[string]string{
7069
"Authorization": "Bearer " + configurations.GetGPTConfig().APIKey,
7170
"Content-Type": "application/json",

soc-ai/processor/alertProcessor.go

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -10,11 +10,14 @@ import (
1010

1111
func (p *Processor) processAlertsInfo() {
1212
for alert := range p.AlertInfoQueue {
13+
utils.Logger.Info("Processing alert info for ID: %s", alert.AlertID)
14+
1315
alertInfo, err := elastic.GetAlertsInfo(alert.AlertID)
1416
if err != nil {
1517
p.RegisterError(fmt.Sprintf("error while getting alert %s info: %v", alert.AlertID, err), alert.AlertID)
1618
continue
1719
}
20+
utils.Logger.Info("Alert info retrieved successfully for ID: %s", alert.AlertID)
1821

1922
correlation, err := elastic.FindRelatedAlerts(alertInfo)
2023
if err != nil {

0 commit comments

Comments
 (0)