fix: update to return schema.Alert and adjust related logic

yllada · yllada · commit d89e0335efd2 · 2025-05-01T19:50:32.000-04:00
diff --git a/soc-ai/elastic/alerts.go b/soc-ai/elastic/alerts.go
@@ -73,7 +73,7 @@ type AlertCorrelation struct {
 	Classifications []string
 }
 
-func GetRelatedAlerts() ([]schema.GPTAlertResponse, error) {
+func GetRelatedAlerts() ([]schema.Alert, error) {
 	// Debug log
 	utils.Logger.Info("Getting historical alerts from Elasticsearch")
 
@@ -82,7 +82,7 @@ func GetRelatedAlerts() ([]schema.GPTAlertResponse, error) {
 		return nil, fmt.Errorf("error getting historical alerts: %v", err)
 	}
 
-	var alerts []schema.GPTAlertResponse
+	var alerts []schema.Alert
 	err = json.Unmarshal(result, &alerts)
 	if err != nil {
 		return nil, fmt.Errorf("error unmarshalling alerts: %v", err)
@@ -110,7 +110,7 @@ func FindRelatedAlerts(currentAlert schema.Alert) (*AlertCorrelation, error) {
 
 	var alertIDs []string
 	for _, resp := range historicalResponses {
-		alertIDs = append(alertIDs, resp.ActivityID)
+		alertIDs = append(alertIDs, resp.ID)
 	}
 
 	for _, id := range alertIDs {
@@ -123,8 +123,8 @@ func FindRelatedAlerts(currentAlert schema.Alert) (*AlertCorrelation, error) {
 			correlation.RelatedAlerts = append(correlation.RelatedAlerts, alert)
 
 			for _, resp := range historicalResponses {
-				if resp.ActivityID == alert.ID {
-					correlation.Classifications = append(correlation.Classifications, resp.Classification)
+				if resp.ID == alert.ID {
+					correlation.Classifications = append(correlation.Classifications, resp.Tags...)
 					break
 				}
 			}

Original file line number	Diff line number	Diff line change
`@@ -73,7 +73,7 @@ type AlertCorrelation struct {`
`73`	`73`	`Classifications []string`
`74`	`74`	`}`
`75`	`75`
`76`		`-func GetRelatedAlerts() ([]schema.GPTAlertResponse, error) {`
	`76`	`+func GetRelatedAlerts() ([]schema.Alert, error) {`
`77`	`77`	`// Debug log`
`78`	`78`	`utils.Logger.Info("Getting historical alerts from Elasticsearch")`
`79`	`79`
`@@ -82,7 +82,7 @@ func GetRelatedAlerts() ([]schema.GPTAlertResponse, error) {`
`82`	`82`	`return nil, fmt.Errorf("error getting historical alerts: %v", err)`
`83`	`83`	`}`
`84`	`84`
`85`		`- var alerts []schema.GPTAlertResponse`
	`85`	`+ var alerts []schema.Alert`
`86`	`86`	`err = json.Unmarshal(result, &alerts)`
`87`	`87`	`if err != nil {`
`88`	`88`	`return nil, fmt.Errorf("error unmarshalling alerts: %v", err)`
`@@ -110,7 +110,7 @@ func FindRelatedAlerts(currentAlert schema.Alert) (*AlertCorrelation, error) {`
`110`	`110`
`111`	`111`	`var alertIDs []string`
`112`	`112`	`for _, resp := range historicalResponses {`
`113`		`- alertIDs = append(alertIDs, resp.ActivityID)`
	`113`	`+ alertIDs = append(alertIDs, resp.ID)`
`114`	`114`	`}`
`115`	`115`
`116`	`116`	`for _, id := range alertIDs {`
`@@ -123,8 +123,8 @@ func FindRelatedAlerts(currentAlert schema.Alert) (*AlertCorrelation, error) {`
`123`	`123`	`correlation.RelatedAlerts = append(correlation.RelatedAlerts, alert)`
`124`	`124`
`125`	`125`	`for _, resp := range historicalResponses {`
`126`		`- if resp.ActivityID == alert.ID {`
`127`		`- correlation.Classifications = append(correlation.Classifications, resp.Classification)`
	`126`	`+ if resp.ID == alert.ID {`
	`127`	`+ correlation.Classifications = append(correlation.Classifications, resp.Tags...)`
`128`	`128`	`break`
`129`	`129`	`}`
`130`	`130`	`}`