View Source Runbox.Scenario.OutputAction.Event (runbox v13.0.3)

Parameters for output action Event.

The resulting output action creates an event.

See t/0 for more information.

Note

Beware that creating incident history manually via event's incident_actors property, instead of relying on Incident output actions, is low-level and prone to errors. You must always ensure that you create the event and you accordingly update the incident itself. Failing to do either will result in inconsistent state.

Summary

Types

actor()
actors()
incident_actor()

Incident actor of the event.

incident_actors()
t()

Event

Types

Link to this type

actor()

View Source 
@type actor() :: %{asset_type: String.t(), asset_id: String.t()}
Link to this type

actors()

View Source 
@type actors() :: %{required(actor_key :: String.t()) => actor()}
Link to this type

incident_actor()

View Source 
@type incident_actor() :: %{
  :type => String.t(),
  :id => String.t(),
  optional(:status) => String.t() | nil,
  optional(:severity) => 1 | 2 | 3 | 4 | nil,
  optional(:attributes) => map() | nil
}

Incident actor of the event.

Can mean two things depending on if status and severity is set. If either is empty, then the event is considered related to the incident, similar to actors. If both are set, then the event is considered a part of the incident's history. status and severity then represent the change of these incident properties at the time of the event. attributes is fully optional and contains further context about the change of the incident.

Link to this type

incident_actors()

View Source 
@type incident_actors() :: %{required(actor_key :: String.t()) => incident_actor()}
Link to this type

t()

View Source 
@type t() :: %Runbox.Scenario.OutputAction.Event{
  actors: actors(),
  incident_actors: incident_actors(),
  origin_messages: [Runbox.Message.origin()],
  params: %{required(String.t()) => String.t()},
  template: String.t(),
  type: String.t() | atom()
}

Event

  • :type - type of the event. It's declared in Scenario's Manifest.
  • :template - event's template that allows to interpolate actors and parameters (see the Interpolation section below).
  • :actors - map of asset actors that are to be linked with the event. They may also be interpolated in the template.
  • :incident_actors - map of incident actors that are to be linked with the event. This means the event is either part of the incident's history, or is just related. They may also be interpolated in the template. See incident_actor/0 for more information.
  • :params - map of template parameters that are interpolated in the template (optional, defaults to %{}).
  • :origin_messages - list of references to raw messages linked with the event itself (optional, defaults to []).

Interpolation

The template may reference actors using placeholders like ${actors.actor_key}, where actor_key corresponds to a key in the actors map within this struct. In the UI, these placeholders are transformed into links. Each link points to the corresponding asset and displays the asset's name as the link text.

Incident actors can be interpolated in a very similar manner using incidents keyword - ${incidents.fire}.

The template may also contain placeholders like ${params.param_key}, where param_key is a key under the params map. These placeholders are simply replaced with the corresponding values from the params map. These parameters are useful for dynamic content other than actors.

Example 

%Event{
  type: "server_login",
  template: "${actors.person} logged into ${actors.server} using OpenSSH ${params.openssh_version}",
  actors: %{
    "person" => %{
      asset_type: "/assets/person",
      asset_id: "joe"
    },
    "server" => %{
      asset_type: "/assets/server",
      asset_id: "192.168.142.18"
    }
  },
  params: %{"openssh_version" => "9.8"},
  origin_messages: [normalized_message.origin]
}