Skip to content

Commit

Permalink
Merge pull request #134 from thalesgroup-cert/v2
Browse files Browse the repository at this point in the history
Fix false positives in domain monitoring module
  • Loading branch information
ygalnezri authored Jun 27, 2024
2 parents 7893720 + 85a5bc7 commit efc88db
Showing 1 changed file with 8 additions and 7 deletions.
15 changes: 8 additions & 7 deletions Watcher/Watcher/site_monitoring/core.py
Original file line number Diff line number Diff line change
Expand Up @@ -359,16 +359,17 @@ def create_alert(alert, site, new_ip, new_ip_second, score):
if site.monitored and alert != 0:
alert_data = alert_types[alert]

# Get current time and time one hour ago
now = datetime.now()
one_hour_ago = now - timedelta(hours=1)

# Retrieve the two latest alerts for this site within the last hour
one_hour_ago = datetime.now() - timedelta(hours=1)
last_two_alerts = Alert.objects.filter(site=site, created_at__gte=one_hour_ago).order_by('-created_at')[:2]
last_two_alerts = Alert.objects.filter(site=site, created_at__gte=one_hour_ago, created_at__lte=now).order_by('-created_at')[:2]

# Check if the information of the new alert is identical to the last two alerts
# Check if the new alert is identical to the last two alerts created at the exact same time
for previous_alert in last_two_alerts:
if all(getattr(previous_alert, key) == value for key, value in alert_data.items()):
if previous_alert.created_at.replace(microsecond=0) == datetime.now().replace(microsecond=0):
# If the information is identical to one of the last two alerts created at the exact same second, do not create a new alert
return
if all(getattr(previous_alert, key) == value for key, value in alert_data.items()) and previous_alert.created_at.replace(microsecond=0) == now.replace(microsecond=0):
return

# Create a new alert
new_alert = Alert.objects.create(site=site, **alert_data)
Expand Down

0 comments on commit efc88db

Please sign in to comment.