Skip to content

Api v2 create alert filter #946

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 30 commits into
base: develop
Choose a base branch
from
Open

Api v2 create alert filter #946

wants to merge 30 commits into from

Conversation

@Elise17
Copy link
Contributor

@Elise17 Elise17 commented Oct 20, 2025

Implementation of endpoint POST /api/v2/alerts-filters to create an alert filter.

  • Deprecated POST /filters/add

Note: this PR is accompanied by the documentation dfir-iris/iris-doc-src#86.

c8y3 and others added 30 commits October 6, 2025 15:37
@c8y3
Moved code into persistence layer
54932da
@c8y3
Import logger directly
8c18603
@c8y3
Reuse method
2f8e1ce
@c8y3
Extracted method
a6ef962
@c8y3
Started implementation of POST /api/v2/manage/customers
c205de7
@c8y3
Create customer should allow to set customer_name
5335c51
@c8y3
Create customer should return 400 when another customer with the same…
ee4a875 
… name already exists
@c8y3
Fixed regression
5611cbc
@c8y3
POST /api/v2/manage/customers adds an activity
9fdaf1e
@c8y3
Fixed incorrect test
06d65fd
@c8y3
POST /api/v2/manage/customers adds user to customer
5e4b536
@c8y3
Fixed ruff warning
d4a6b49
@c8y3
Deprecated POST /manage/customers/add
e36816a
@Elise17
Changed branch alert_similarities
70fd435
@Elise17
Changed test rest alerts
3b9a545
@Elise17
Changed import from the API layer
afde506
@Elise17
Fixed check analysis
c99d817
@Elise17
changed message api error
7f3dcd7
@Elise17
Removed unused function
2f1a1d4
@Elise17
Removed import
0516cc4
@Elise17
Started implementation of POST /api/v2/alerts-filters
9a33abf
@Elise17
Fixed analysis check
b7088fd
@Elise17
Added function _load
103ed2c
@Elise17
Deprecated endpoint POST /filters/add in favor of POST /api/v2/alerts…
82bfec6 
…-filters
@Elise17
Added test create alert when filter data is missing
5b1290e
@Elise17
Added test test_create_alert_filter_should_return_filter_type
ea45b99
@Elise17
Added test_create_alert_filter_should_return_filter_name
4c5ddd6
@Elise17
Added test_create_alert_filter_should_return_in_filter_data_alert_title
0a0f63d
@Elise17
Fixed problem with filter_id
7a24e1e
@Elise17
Fixed static analysis
b898352
@Elise17 Elise17 requested a review from whikernel October 20, 2025 08:35
@Elise17 Elise17 self-assigned this Oct 20, 2025
@Elise17 Elise17 added the enhancement New feature or request label Oct 20, 2025
@coderabbitai
Copy link

coderabbitai bot commented Oct 20, 2025

Important

Review skipped

Auto reviews are disabled on base/target branches other than the default branch.

🗂️ Base branches to auto review (1)
  • api_*

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

✨ Finishing touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Post copyable unit tests in a comment
  • Commit unit tests in branch api_v2_create_alert_filter

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

@whikernel whikernel requested a review from Copilot October 24, 2025 09:10
Copilot AI reviewed Oct 24, 2025
View reviewed changes
Copy link

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This PR implements a new API v2 endpoint for creating alert filters (POST /api/v2/alerts-filters) while deprecating the legacy endpoint (POST /filters/add). The changes include adding a v2 customer management endpoint, refactoring database functions, and adding support for retrieving related alerts.

Key changes:

  • New REST API v2 endpoints for alert filters and customer management
  • Database function refactoring to improve reusability and remove unused return values
  • Addition of related alerts functionality with query parameter support

Reviewed Changes

Copilot reviewed 21 out of 21 changed files in this pull request and generated 3 comments.

Show a summary per file
File Description
source/app/blueprints/rest/v2/alerts_filters.py New v2 endpoint implementation for alert filter creation
source/app/blueprints/rest/v2/manage_routes/customers.py New v2 endpoint for customer creation
source/app/blueprints/rest/filters_routes.py Deprecated legacy filter endpoint
source/app/blueprints/rest/manage/manage_customers_routes.py Updated legacy customer endpoint to use refactored functions
source/app/business/alerts_filters.py Business logic for alert filter creation
source/app/business/customers.py Business logic for customer creation
source/app/blueprints/rest/v2/alerts.py Added related alerts endpoint
source/app/datamgmt/client/client_db.py Refactored create_client to accept Client object
source/app/datamgmt/manage/manage_users_db.py Removed unused return value
source/app/datamgmt/case/case_events_db.py Added get_events_by_case helper function
source/app/datamgmt/case/case_assets_db.py Added get_assets_by_case helper function
tests/tests_rest_alerts_filters.py Test coverage for new alert filter endpoint
tests/tests_rest_customers.py Test coverage for new customer endpoint
tests/tests_rest_alerts.py Test coverage for related alerts endpoint

Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.

source/app/blueprints/rest/v2/alerts_filters.py

def create(self):
request_data = request.get_json()
request_data ['created_by'] = iris_current_user.id
Copy link

Copilot AI Oct 24, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

There is an unnecessary space before the opening bracket. Change request_data ['created_by'] to request_data['created_by'] for consistent Python spacing conventions.

Suggested change
request_data ['created_by'] = iris_current_user.id
request_data['created_by'] = iris_current_user.id

Copilot uses AI. Check for mistakes.
source/app/blueprints/rest/v2/manage_routes/groups.py
try:
request_data = request.get_json()
group = self._load(request_data)
group = self._schema.load(request_data)
Copy link

Copilot AI Oct 24, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

[nitpick] The _load helper method was removed, but calling self._schema.load() directly is repeated in multiple places (lines 50, 70). Consider keeping the helper method to maintain consistency and reduce duplication.

Copilot uses AI. Check for mistakes.
source/app/datamgmt/case/case_assets_db.py
Comment on lines +112 to +114
).filter(
CaseEventsAssets.case_id == case_identifier,
).join(CaseEventsAssets.asset).all()
Copy link

Copilot AI Oct 24, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The filter condition CaseEventsAssets.case_id == case_identifier is applied before the join, but CaseAssets is the primary query entity. The join may produce incorrect results. The filter should be applied after establishing the join relationship or use CaseAssets.case_id directly if that's the intended filter.

Suggested change
).filter(
CaseEventsAssets.case_id == case_identifier,
).join(CaseEventsAssets.asset).all()
).join(
CaseEventsAssets.asset
).filter(
CaseEventsAssets.case_id == case_identifier
).all()

Copilot uses AI. Check for mistakes.
@c8y3 c8y3 linked an issue Oct 27, 2025 that may be closed by this pull request
API v2 create alert filter #938
Open
7 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@whikernel whikernel Awaiting requested review from whikernel

Assignees

@Elise17 Elise17

Labels

enhancement New feature or request

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

API v2 create alert filter

3 participants

@Elise17 @c8y3