feat(awooop): mirror AI alert card metadata
This commit is contained in:
@@ -1,6 +1,7 @@
|
||||
from __future__ import annotations
|
||||
|
||||
from src.services.telegram_gateway import (
|
||||
format_aiops_signal_alert_card,
|
||||
_outbound_source_envelope,
|
||||
_sanitize_telegram_error,
|
||||
)
|
||||
@@ -139,3 +140,39 @@ def test_outbound_source_envelope_reads_ai_advisory_refs_without_raw_callback()
|
||||
"ai_advisory:coverage_gap:auto_rule_creation"
|
||||
]
|
||||
assert "ai_advisory_handled:coverage_gap:auto_rule_creation" not in str(envelope)
|
||||
|
||||
|
||||
def test_outbound_source_envelope_marks_wazuh_ai_alert_card_for_awooop_readback() -> None:
|
||||
raw_alert = """
|
||||
wazuh_dashboard_api_readback_degraded dashboard agent list disappeared
|
||||
POST /api/check-stored-api status=429 POST /api/check-api status=500
|
||||
https://127.0.0.1:55000 is unreachable manager registry readback blocked
|
||||
full_log=/var/ossec/logs/alerts/alerts.json Authorization: Bearer abcdefghijklmnopqrstuvwxyz
|
||||
"""
|
||||
card = format_aiops_signal_alert_card(raw_alert)
|
||||
payload = {
|
||||
"chat_id": "-100123",
|
||||
"text": card,
|
||||
"parse_mode": "HTML",
|
||||
}
|
||||
|
||||
envelope = _outbound_source_envelope("sendMessage", payload)
|
||||
|
||||
card_metadata = envelope["ai_automation_alert_card"]
|
||||
assert card_metadata["schema_version"] == "ai_automation_alert_card_mirror_v1"
|
||||
assert card_metadata["card_schema"] == "ai_automation_alert_card_v1"
|
||||
assert card_metadata["event_type"] == "wazuh_dashboard_api_readback_degraded"
|
||||
assert card_metadata["lane"] == "siem_observability_readback_degraded"
|
||||
assert card_metadata["target"] == "wazuh_dashboard_api"
|
||||
assert card_metadata["gates"] == ["candidate_only", "runtime_write_gate=0"]
|
||||
assert card_metadata["runtime_write_gate_count"] == 0
|
||||
assert card_metadata["delivery_receipt_readback_required"] is True
|
||||
assert envelope["source_refs"]["alert_ids"] == [
|
||||
"wazuh_dashboard_api_readback_degraded"
|
||||
]
|
||||
assert envelope["source_refs"]["fingerprints"] == [
|
||||
"ai_automation_alert_card:wazuh_dashboard_api_readback_degraded:siem_observability_readback_degraded"
|
||||
]
|
||||
assert "127.0.0.1:55000" not in str(envelope)
|
||||
assert "/var/ossec" not in str(envelope)
|
||||
assert "abcdefghijkl" not in str(envelope)
|
||||
|
||||
Reference in New Issue
Block a user