%20(1)-x8Y.png)
is_overflowed_alert
This function checks whether a given alert will be overflowed during the case ingestion in Siemplify system. Siemplify has a builtin overflow prevention mechanism, based on multiple parameters, i.e: alert identifier, ingestion time, alert name and etc. An overflowed alert will not be ingested to the Siemplify system, but marked as an overflow alert. This function allows to determine whether a given alert with certain parameters will be marked as an overflow during ingestion process or not.
is_overflowed_alert(environment, alert_identifier, ingestion_time=SiemplifyUtils.unix_now(), original_file_path=None, original_file_content=None, alert_name=None, product=None, source_ip=None, source_host=None, destination_ip=None, destination_host=None)Parameters
| Param Name | Param Type | Possible Values | Comments | Mandatory Parameter |
|---|---|---|---|---|
| environment | string | Siemplify, Apple | The environment of the alert. Environment can be created in the Siemplify settings | Yes |
| alert_identifier | string | 123123 | Unique alert identifier | Yes |
| ingestion_time | long | Current Unix Time | If not provided, defaults to current time (UNIX time format). | Yes |
| original_file_path | string | Path to the file containing the alert’s original raw data |
|
No |
| original_file_content | string | Content of the file containing the alert’s original raw data |
|
No |
| alert_name | string | The name of the alert |
|
No |
| product | string | McAfee ESM, QRadar | The product name for the device that generated the alert | No |
| source_ip | string | 10.0.0.13, 192.168.0.13 | Source IP address associated with the alert | No |
| source_host | string | source@company.local, source.company.local | The source host address associated with the alert | No |
| destination_ip | string | 10.0.0.31, 192.168.0.31 | Destination IP address associated with the alert | No |
| destination_host | string | remote.company.local | Destination host address associated with the alert | No |
Return Type
Boolean Example
Sample code
from SiemplifyConnectors import SiemplifyConnectorExecution
siemplify = SiemplifyConnectorExecution()
siemplify.is_overflowed_alert(environment, alert_identifier, ingestion_time=SiemplifyUtils.unix_now(), original_file_path, original_file_content, alert_name, product, source_ip, source_host, destination_ip, destination_host)Result Behavior
True if the alert will be overflowed during ingestion process, otherwise False. Result Value
True/False