From 85a5bc7795026f906e4fb2e2bef017748c456d75 Mon Sep 17 00:00:00 2001 From: NEZRI Ygal Date: Thu, 27 Jun 2024 10:54:40 +0200 Subject: [PATCH] Fix false positives in domain monitoring module Corrected the issue causing false positives in the domain monitoring module. --- Watcher/Watcher/site_monitoring/core.py | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) diff --git a/Watcher/Watcher/site_monitoring/core.py b/Watcher/Watcher/site_monitoring/core.py index 15b9c3e..d9fb2b6 100644 --- a/Watcher/Watcher/site_monitoring/core.py +++ b/Watcher/Watcher/site_monitoring/core.py @@ -359,16 +359,17 @@ def create_alert(alert, site, new_ip, new_ip_second, score): if site.monitored and alert != 0: alert_data = alert_types[alert] + # Get current time and time one hour ago + now = datetime.now() + one_hour_ago = now - timedelta(hours=1) + # Retrieve the two latest alerts for this site within the last hour - one_hour_ago = datetime.now() - timedelta(hours=1) - last_two_alerts = Alert.objects.filter(site=site, created_at__gte=one_hour_ago).order_by('-created_at')[:2] + last_two_alerts = Alert.objects.filter(site=site, created_at__gte=one_hour_ago, created_at__lte=now).order_by('-created_at')[:2] - # Check if the information of the new alert is identical to the last two alerts + # Check if the new alert is identical to the last two alerts created at the exact same time for previous_alert in last_two_alerts: - if all(getattr(previous_alert, key) == value for key, value in alert_data.items()): - if previous_alert.created_at.replace(microsecond=0) == datetime.now().replace(microsecond=0): - # If the information is identical to one of the last two alerts created at the exact same second, do not create a new alert - return + if all(getattr(previous_alert, key) == value for key, value in alert_data.items()) and previous_alert.created_at.replace(microsecond=0) == now.replace(microsecond=0): + return # Create a new alert new_alert = Alert.objects.create(site=site, **alert_data)