Compatibility with Graylog 7.0.1 - #59

Author: VincentD06

.mvn/wrapper/maven-wrapper.properties

@@ -14,5 +14,6 @@
 # KIND, either express or implied.  See the License for the
 # specific language governing permissions and limitations
 # under the License.
-distributionUrl=https://repo.maven.apache.org/maven2/org/apache/maven/apache-maven/3.9.6/apache-maven-3.9.6-bin.zip
-wrapperUrl=https://repo.maven.apache.org/maven2/org/apache/maven/wrapper/maven-wrapper/3.2.0/maven-wrapper-3.2.0.jar
+wrapperVersion=3.3.2
+distributionType=only-script
+distributionUrl=https://repo.maven.apache.org/maven2/org/apache/maven/apache-maven/3.9.10/apache-maven-3.9.10-bin.zip

CHANGELOG.md

@@ -2,9 +2,14 @@
 
 All notable changes to this project will be documented in this file.
 
+## [7.0.0](https://github.com/airbus-cyber/graylog-plugin-logging-alert/compare/6.3.0...7.0.0)
+### Changes
+* Add compatibility with [Graylog 7.0.1](https://graylog.org/post/announcing-graylog-7-0-1/) ([issue #59](https://github.com/airbus-cyber/graylog-plugin-logging-alert/issues/59))
+
+
 ## [6.3.0](https://github.com/airbus-cyber/graylog-plugin-logging-alert/compare/6.1.7...6.3.0)
 ### Changes
-* Change Graylog minimum version to 6.3.7
+* Add compatibility with [Graylog 6.3.7](https://graylog.org/post/announcing-graylog-6-3-7/)
 
 
 ## [6.1.8](https://github.com/airbus-cyber/graylog-plugin-logging-alert/compare/6.1.7...6.1.8)

README.md

@@ -22,6 +22,7 @@ Alert example recorded as an internal log message:
 
 | Plugin Version | Graylog Version |
 |----------------|-----------------|
+| 7.0.0          | 7.0.1           |
 | 6.3.x          | 6.3.7           |
 | 6.1.3+         | 6.1.4+          |
 | 6.1.0 to 6.1.2 | 6.1.0+          |

package.json

@@ -1,6 +1,6 @@
 {
   "name": "LoggingAlert",
-  "version": "6.3.0",
+  "version": "7.0.0",
   "description": "Graylog plugin LoggingAlert Web Interface",
   "repository": {
     "type": "git",

pom.xml

@@ -23,12 +23,12 @@
     <parent>
         <groupId>org.graylog.plugins</groupId>
         <artifactId>graylog-plugin-web-parent</artifactId>
-        <version>6.3.7</version>
+        <version>7.0.1</version>
     </parent>
 
     <groupId>com.airbus-cyber-security.graylog</groupId>
     <artifactId>graylog-plugin-logging-alert</artifactId>
-    <version>6.3.0</version>
+    <version>7.0.0</version>
     <packaging>jar</packaging>
     <name>${project.artifactId}</name>
     <description>Graylog ${project.artifactId} plugin.</description>
@@ -141,7 +141,6 @@
         <dependency>
             <groupId>com.fasterxml.jackson.core</groupId>
             <artifactId>jackson-annotations</artifactId>
-            <version>${jackson.version}</version>
             <scope>provided</scope>
         </dependency>
         <dependency>
@@ -249,10 +248,10 @@
                             <rules>
                                 <banDuplicatePomDependencyVersions/>
                                 <requireMavenVersion>
-                                    <version>[3.9.0,)</version>
+                                    <version>[3.9.6,3.99.99]</version>
                                 </requireMavenVersion>
                                 <requireJavaVersion>
-                                    <version>[17.0,17.99]</version>
+                                    <version>[21.0,21.99]</version>
                                 </requireJavaVersion>
                                 <requireOS>
                                     <family>unix</family>

runtime/docker-compose.yml

@@ -6,7 +6,7 @@ services:
 
   # MongoDB: https://hub.docker.com/_/mongo/
   mongo:
-    image: "mongo:6.0"
+    image: "mongo:7.0"
     container_name: mongo
     # uncomment to expose mongodb on localhost:27017
     ports:
@@ -16,8 +16,8 @@ services:
   # * https://hub.docker.com/r/opensearchproject/opensearch
   # * https://opensearch.org/docs/2.12/install-and-configure/install-opensearch/docker/#sample-docker-composeyml
   opensearch:
-    image: "opensearchproject/opensearch:2.15.0"
-    container_name: opensearch2.15
+    image: "opensearchproject/opensearch:2.19.3"
+    container_name: opensearch
     environment:
       - plugins.security.disabled=true
       - discovery.type=single-node

src/main/java/com/airbus_cyber_security/graylog/events/notifications/types/MessageBodyBuilder.java

@@ -78,6 +78,7 @@ private Map<String, Object> getModel(EventNotificationContext context, Immutable
                 .eventDefinitionType(definitionDto.map(d -> d.config().type()).orElse(UNKNOWN))
                 .eventDefinitionTitle(definitionDto.map(EventDefinitionDto::title).orElse(UNKNOWN))
                 .eventDefinitionDescription(definitionDto.map(EventDefinitionDto::description).orElse(UNKNOWN))
+                .remediationSteps(definitionDto.map(EventDefinitionDto::remediationSteps).orElse(UNKNOWN))
                 .jobDefinitionId(jobTriggerDto.map(JobTriggerDto::jobDefinitionId).orElse(UNKNOWN))
                 .jobTriggerId(jobTriggerDto.map(JobTriggerDto::id).orElse(UNKNOWN))
                 .event(context.event())

validation/graylog/rest_api.py

@@ -45,13 +45,15 @@ def default_deflector_is_up(self):
 
     def create_notification(self, single_message=False, log_body=_DEFAULT_LOG_BODY, description='', title='N'):
         notification_configuration = {
-        'config': {
-                'log_body': log_body,
-                'single_notification': single_message,
-                'type': 'logging-alert-notification'
-            },
-            'description': description,
-            'title': title
+            'entity': {
+                'config': {
+                    'log_body': log_body,
+                    'single_notification': single_message,
+                    'type': 'logging-alert-notification'
+                },
+                'description': description,
+                'title': title
+            }
         }
         response = self._post('events/notifications', notification_configuration)
         notification = response.json()
@@ -66,34 +68,37 @@ def create_event_definition(self, notification_identifier, streams=None, backlog
         if streams is None:
             streams = []
         events_definition_configuration = {
-            'alert': True,
-            'config': {
-                'conditions': conditions,
-                'event_limit': 100,
-                'execute_every_ms': period*1000,
-                'filters': [],
-                'group_by': [],
-                'query': '',
-                'query_parameters': [],
-                'search_within_ms': period*1000,
-                'series': series,
-                'streams': streams,
-                'type': 'aggregation-v1'
-            },
-            'description': '',
-            'field_spec': {},
-            'key_spec': [],
-            'notification_settings': {
-                'backlog_size': backlog_size,
-                'grace_period_ms': 0
+            'entity': {
+                'alert': True,
+                'config': {
+                    'conditions': conditions,
+                    'event_limit': 100,
+                    'execute_every_ms': period*1000,
+                    'filters': [],
+                    'group_by': [],
+                    'query': '',
+                    'query_parameters': [],
+                    'search_within_ms': period*1000,
+                    'series': series,
+                    'streams': streams,
+                    'type': 'aggregation-v1'
+                },
+                'description': '',
+                'field_spec': {},
+                'key_spec': [],
+                'notification_settings': {
+                    'backlog_size': backlog_size,
+                    'grace_period_ms': 0
+                },
+                'notifications': [{
+                    'notification_id': notification_identifier
+                }],
+                'priority': 2,
+                'title': 'E'
             },
-            'notifications': [{
-                'notification_id': notification_identifier
-            }],
-            'priority': 2,
-            'title': 'E'
+            'share_request': {}
         }
-        self._post('events/definitions', events_definition_configuration)
+        self._post('events/definitions?schedule=true', events_definition_configuration)
 
     def gelf_input_is_running(self, identifier):
         response = self._get('system/inputstates/')
@@ -135,10 +140,12 @@ def create_stream_with_rule(self, title, field, value):
         response = self._get('system/indices/index_sets')
         default_index_set_identifier = response.json()['index_sets'][0]['id']
         stream = {
-            'description': title,
-            'index_set_id': default_index_set_identifier,
-            'remove_matches_from_default_stream': False,
-            'title': title
+            'entity': {
+                'description': title,
+                'index_set_id': default_index_set_identifier,
+                'remove_matches_from_default_stream': False,
+                'title': title},
+            'share_request': {}
         }
         response = self._post('streams', stream)
         stream_identifier = response.json()['stream_id']