diff --git a/handler_functions_sql/jira_handler_v2.sql b/handler_functions_sql/jira_handler_v2.sql index a0b80f6..ef7696b 100644 --- a/handler_functions_sql/jira_handler_v2.sql +++ b/handler_functions_sql/jira_handler_v2.sql @@ -15,288 +15,24 @@ ${jira_api_function}( 'name', COALESCE(payload['issue_type'], '${default_jira_issue_type}') ), 'summary', alert['TITLE']::STRING, - 'description', TO_JSON(OBJECT_CONSTRUCT( - 'version', 1, - 'type', 'doc', - 'content', ARRAY_CONSTRUCT( - OBJECT_CONSTRUCT( - 'type', 'paragraph', - 'content', ARRAY_CONSTRUCT( - OBJECT_CONSTRUCT( - 'type', 'text', - 'text', 'Alert ID: ', - 'marks', ARRAY_CONSTRUCT( - OBJECT_CONSTRUCT( - 'type', 'strong' - ) - ) - ), - OBJECT_CONSTRUCT( - 'type', 'text', - 'text', alert['ID']::STRING - ), - OBJECT_CONSTRUCT( - 'type', 'hardBreak' - ), - OBJECT_CONSTRUCT( - 'type', 'text', - 'text', 'Query ID: ', - 'marks', ARRAY_CONSTRUCT( - OBJECT_CONSTRUCT( - 'type', 'strong' - ) - ) - ), - OBJECT_CONSTRUCT( - 'type', 'text', - 'text', alert['QUERY_ID']::STRING - ), - OBJECT_CONSTRUCT( - 'type', 'hardBreak' - ), - OBJECT_CONSTRUCT( - 'type', 'text', - 'text', 'Query Name: ', - 'marks', ARRAY_CONSTRUCT( - OBJECT_CONSTRUCT( - 'type', 'strong' - ) - ) - ), - OBJECT_CONSTRUCT( - 'type', 'text', - 'text', alert['QUERY_NAME']::STRING - ), - OBJECT_CONSTRUCT( - 'type', 'hardBreak' - ), - OBJECT_CONSTRUCT( - 'type', 'text', - 'text', 'Environment: ', - 'marks', ARRAY_CONSTRUCT( - OBJECT_CONSTRUCT( - 'type', 'strong' - ) - ) - ), - OBJECT_CONSTRUCT( - 'type', 'text', - 'text', alert['ENVIRONMENT']::STRING - ), - OBJECT_CONSTRUCT( - 'type', 'hardBreak' - ), - OBJECT_CONSTRUCT( - 'type', 'text', - 'text', 'Sources: ', - 'marks', ARRAY_CONSTRUCT( - OBJECT_CONSTRUCT( - 'type', 'strong' - ) - ) - ), - OBJECT_CONSTRUCT( - 'type', 'text', - 'text', alert['SOURCES']::STRING - ), - OBJECT_CONSTRUCT( - 'type', 'hardBreak' - ), - OBJECT_CONSTRUCT( - 'type', 'text', - 'text', 'Categories: ', - 'marks', ARRAY_CONSTRUCT( - OBJECT_CONSTRUCT( - 'type', 'strong' - ) - ) - ), - OBJECT_CONSTRUCT( - 'type', 'text', - 'text', COALESCE(alert['CATEGORIES']::STRING, '-') - ), - OBJECT_CONSTRUCT( - 'type', 'hardBreak' - ), - OBJECT_CONSTRUCT( - 'type', 'text', - 'text', 'Actor: ', - 'marks', ARRAY_CONSTRUCT( - OBJECT_CONSTRUCT( - 'type', 'strong' - ) - ) - ), - OBJECT_CONSTRUCT( - 'type', 'text', - 'text', alert['ACTOR']::STRING - ), - OBJECT_CONSTRUCT( - 'type', 'hardBreak' - ), - OBJECT_CONSTRUCT( - 'type', 'text', - 'text', 'Object: ', - 'marks', ARRAY_CONSTRUCT( - OBJECT_CONSTRUCT( - 'type', 'strong' - ) - ) - ), - OBJECT_CONSTRUCT( - 'type', 'text', - 'text', alert['OBJECT']::STRING - ), - OBJECT_CONSTRUCT( - 'type', 'hardBreak' - ), - OBJECT_CONSTRUCT( - 'type', 'text', - 'text', 'Action: ', - 'marks', ARRAY_CONSTRUCT( - OBJECT_CONSTRUCT( - 'type', 'strong' - ) - ) - ), - OBJECT_CONSTRUCT( - 'type', 'text', - 'text', alert['ACTION']::STRING - ), - OBJECT_CONSTRUCT( - 'type', 'hardBreak' - ), - OBJECT_CONSTRUCT( - 'type', 'text', - 'text', 'Title: ', - 'marks', ARRAY_CONSTRUCT( - OBJECT_CONSTRUCT( - 'type', 'strong' - ) - ) - ), - OBJECT_CONSTRUCT( - 'type', 'text', - 'text', alert['TITLE']::STRING - ), - OBJECT_CONSTRUCT( - 'type', 'hardBreak' - ), - OBJECT_CONSTRUCT( - 'type', 'text', - 'text', 'Event Time: ', - 'marks', ARRAY_CONSTRUCT( - OBJECT_CONSTRUCT( - 'type', 'strong' - ) - ) - ), - OBJECT_CONSTRUCT( - 'type', 'text', - 'text', alert['EVENT_TIME']::STRING - ), - OBJECT_CONSTRUCT( - 'type', 'hardBreak' - ), - OBJECT_CONSTRUCT( - 'type', 'text', - 'text', 'Alert Time: ', - 'marks', ARRAY_CONSTRUCT( - OBJECT_CONSTRUCT( - 'type', 'strong' - ) - ) - ), - OBJECT_CONSTRUCT( - 'type', 'text', - 'text', alert['ALERT_TIME']::STRING - ), - OBJECT_CONSTRUCT( - 'type', 'hardBreak' - ), - OBJECT_CONSTRUCT( - 'type', 'text', - 'text', 'Detector: ', - 'marks', ARRAY_CONSTRUCT( - OBJECT_CONSTRUCT( - 'type', 'strong' - ) - ) - ), - OBJECT_CONSTRUCT( - 'type', 'text', - 'text', alert['DETECTOR']::STRING - ), - OBJECT_CONSTRUCT( - 'type', 'hardBreak' - ), - OBJECT_CONSTRUCT( - 'type', 'text', - 'text', 'Severity: ', - 'marks', ARRAY_CONSTRUCT( - OBJECT_CONSTRUCT( - 'type', 'strong' - ) - ) - ), - OBJECT_CONSTRUCT( - 'type', 'text', - 'text', alert['SEVERITY']::STRING - ), - OBJECT_CONSTRUCT( - 'type', 'hardBreak' - ), - OBJECT_CONSTRUCT( - 'type', 'text', - 'text', 'Description:', - 'marks', ARRAY_CONSTRUCT( - OBJECT_CONSTRUCT( - 'type', 'strong' - ) - ) - ) - ) - ), - OBJECT_CONSTRUCT( - 'type', 'blockquote', - 'content', ARRAY_CONSTRUCT( - OBJECT_CONSTRUCT( - 'type', 'paragraph', - 'content', ARRAY_CONSTRUCT( - OBJECT_CONSTRUCT( - 'type', 'text', - 'text', alert['DESCRIPTION']::STRING - ) - ) - ) - ) - ), - OBJECT_CONSTRUCT( - 'type', 'paragraph', - 'content', ARRAY_CONSTRUCT( - OBJECT_CONSTRUCT( - 'type', 'text', - 'text', 'Event Data:', - 'marks', ARRAY_CONSTRUCT( - OBJECT_CONSTRUCT( - 'type', 'strong' - ) - ) - ) - ) - ), - OBJECT_CONSTRUCT( - 'type', 'codeBlock', - 'attrs', OBJECT_CONSTRUCT(), - 'content', ARRAY_CONSTRUCT( - OBJECT_CONSTRUCT( - 'type', 'text', - 'text', alert['EVENT_DATA']::STRING - ) - ) - ) - ) - )) + 'description', '|| Field || Value ||\r\n' + || '||Alert ID|| ' || alert['ID']::STRING || ' ||\r\n' + || '||Query ID|| ' || alert['QUERY_ID']::STRING || ' ||\r\n' + || '||Query Name|| ' || alert['QUERY_NAME']::STRING || ' ||\r\n' + || '||Environment|| ' || alert['ENVIRONMENT']::STRING || ' ||\r\n' + || '||Sources|| ' || alert['SOURCES']::STRING || ' ||\r\n' + || '||Categories|| ' || COALESCE(alert['CATEGORIES']::STRING, '-') || ' ||\r\n' + || '||Actor|| ' || alert['ACTOR']::STRING || ' ||\r\n' + || '||Object|| ' || alert['OBJECT']::STRING || ' ||\r\n' + || '||Action|| ' || alert['ACTION']::STRING || ' ||\r\n' + || '||Title|| ' || alert['TITLE']::STRING || ' ||\r\n' + || '||Event Time|| ' || alert['EVENT_TIME']::STRING || ' ||\r\n' + || '||Alert Time|| ' || alert['ALERT_TIME']::STRING || ' ||\r\n' + || '||Detector|| ' || alert['DETECTOR']::STRING || ' ||\r\n' + || '||Severity|| ' || alert['SEVERITY']::STRING || ' ||\r\n' + || '||Description|| ' || alert['DESCRIPTION']::STRING || ' ||\r\n' + || '||Event Data|| ' || alert['EVENT_DATA']::STRING || ' ||\r\n' + ) ) ),