[➕ Feature]: Extraction and Mapping should expose logs

[talboren]

As a user, I would like to be able to see the last X logs for every rule I've created, to understand why, for example, the rule did not match some alert I expected it to match.
As a user, I should be able to expand the rule row in the rules table and see X last logs for that specific rule with some indicative information.

[cu8code]

Has anyone picked up this issue, or assign it to me @talboren

[talboren]

@cu8code not yet, it's up for grabs :)

[cu8code]

@talboren could you guild me a bit about which part of the codebase need to change and I should focus on

[talboren]

@cu8code actually I don't have complete PRD for this. The motivation I had in mind is this: right now, when a user configures mapping/extraction rule, it's hard for him to know when it succeeded or when it failed and why (in the perspective of a single alert for example).

As a user, I push some alert in, I expect it to be enriched from mapping/extraction (or both), and it didn't happen - "now what?"

So the general idea here is to create some way for the user to know what happened. It can be via exposing logs that the user can query for mapping & extraction (enrichments_bl.py is probably the way to get started with it), or it can be via a "manual run" for mapping/extraction rule, where the user can select the alert he wants to test it against and see what happens in the process (we have something quite similar in workflow execution).

CleanShot.2024-09-24.at.11.42.44.mp4

Let me know if you have further questions, we can discuss it over Slack