Merge pull request #1206 from SEKOIA-IO/fix/SentinelOneSingularityMet…

…rics SentinelOne: fix metrics
SEKOIA-IO · Dec 4, 2024 · 3e9c67f · 3e9c67f
2 parents 8682680 + dfdbdd5
commit 3e9c67f
Show file tree

Hide file tree

Showing 6 changed files with 26 additions and 27 deletions.
diff --git a/SentinelOne/CHANGELOG.md b/SentinelOne/CHANGELOG.md
@@ -7,6 +7,12 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## Unreleased
 
+## 2024-12-04 - 1.19.3
+
+### Fixed
+
+- Fix the metrics
+
 ## 2024-12-03 - 1.19.2
 
 ### Fixed

diff --git a/SentinelOne/manifest.json b/SentinelOne/manifest.json
@@ -22,7 +22,7 @@
   "name": "SentinelOne",
   "uuid": "ff675e74-e5c1-47c8-a571-d207fc297464",
   "slug": "sentinelone",
-  "version": "1.19.2",
+  "version": "1.19.3",
   "categories": [
     "Endpoint"
   ]

diff --git a/SentinelOne/sentinelone_module/logs/connector.py b/SentinelOne/sentinelone_module/logs/connector.py
@@ -133,9 +133,7 @@ def next_batch(self) -> None:
             batch_end_time = time()
             batch_duration = int(batch_end_time - batch_start_time)
             logger.debug(f"Fetched and forwarded events", duration=batch_duration, nb_events=len(events_id))
-            FORWARD_EVENTS_DURATION.labels(intake_key=self.configuration.intake_key, datasource="sentinelone").observe(
-                batch_duration
-            )
+            FORWARD_EVENTS_DURATION.labels(intake_key=self.configuration.intake_key).observe(batch_duration)
 
             # log the number of forwarded events
             log_message = "No events to forward"
@@ -192,9 +190,7 @@ def pull_events(self, last_timestamp: datetime | None) -> list:
             nb_activities = len(activities.data)
             logger.debug("Collected activities", nb=nb_activities)
 
-            INCOMING_MESSAGES.labels(intake_key=self.configuration.intake_key, datasource="sentinelone").inc(
-                nb_activities
-            )
+            INCOMING_MESSAGES.labels(intake_key=self.configuration.intake_key).inc(nb_activities)
 
             # discard already collected events
             selected_events = filter_collected_events(activities.data, lambda activity: activity.id, self.events_cache)
@@ -204,9 +200,7 @@ def pull_events(self, last_timestamp: datetime | None) -> list:
                 events_id.extend(self.connector.push_events_to_intakes(self._serialize_events(selected_events)))
 
             # Send Prometheus metrics
-            OUTCOMING_EVENTS.labels(intake_key=self.configuration.intake_key, datasource="sentinelone").inc(
-                len(selected_events)
-            )
+            OUTCOMING_EVENTS.labels(intake_key=self.configuration.intake_key).inc(len(selected_events))
 
             # Update context with latest event date
             current_lag: int = 0
@@ -254,9 +248,7 @@ def pull_events(self, last_timestamp: datetime | None):
                 events_id.extend(self.connector.push_events_to_intakes(self._serialize_events(selected_events)))
 
             # Send Prometheus metrics
-            OUTCOMING_EVENTS.labels(intake_key=self.configuration.intake_key, datasource="sentinelone").inc(
-                len(selected_events)
-            )
+            OUTCOMING_EVENTS.labels(intake_key=self.configuration.intake_key).inc(len(selected_events))
 
             # Update context with the latest event date
             current_lag: int = 0

diff --git a/SentinelOne/sentinelone_module/logs/metrics.py b/SentinelOne/sentinelone_module/logs/metrics.py
@@ -3,28 +3,29 @@
 from prometheus_client import Counter, Gauge, Histogram
 
 # Declare common prometheus metrics
+prom_namespace_sentinelone = "symphony_module_sentinelone"
 prom_namespace = "symphony_module_common"
 
 
 INCOMING_MESSAGES = Counter(
     name="collected_messages",
     documentation="Number of messages consumed from the event_hub",
-    namespace=prom_namespace,
-    labelnames=["intake_key", "datasource"],
+    namespace=prom_namespace_sentinelone,
+    labelnames=["intake_key"],
 )
 
 OUTCOMING_EVENTS = Counter(
     name="forwarded_events",
     documentation="Number of events forwarded to Sekoia.io",
     namespace=prom_namespace,
-    labelnames=["intake_key", "datasource"],
+    labelnames=["intake_key"],
 )
 
 FORWARD_EVENTS_DURATION = Histogram(
     name="forward_events_duration",
     documentation="Duration to collect and forward events from eventhub",
     namespace=prom_namespace,
-    labelnames=["intake_key", "datasource"],
+    labelnames=["intake_key"],
 )
 
 EVENTS_LAG = Gauge(

diff --git a/SentinelOne/sentinelone_module/singularity/connectors.py b/SentinelOne/sentinelone_module/singularity/connectors.py
@@ -98,7 +98,7 @@ async def async_run(self) -> None:  # pragma: no cover
                 last_event_date = self.last_event_date.offset
                 processing_end = time.time()
 
-                EVENTS_LAG.labels(intake_key=self.configuration.intake_key).set(
+                EVENTS_LAG.labels(intake_key=self.configuration.intake_key, type=self.product_name).set(
                     processing_end - last_event_date.timestamp()
                 )
 

diff --git a/SentinelOne/tests/logs/test_connector.py b/SentinelOne/tests/logs/test_connector.py
@@ -38,9 +38,10 @@ def test_pull_activities(activity_consumer, activity_1, activity_2):
         call(activity_consumer._serialize_events([activity_2])),
     ]
 
-    assert OUTCOMING_EVENTS.labels(
-        intake_key=activity_consumer.configuration.intake_key, datasource="sentinelone"
-    ).inc.call_args_list == [call(1), call(1)]
+    assert OUTCOMING_EVENTS.labels(intake_key=activity_consumer.configuration.intake_key).inc.call_args_list == [
+        call(1),
+        call(1),
+    ]
     assert EVENTS_LAG.labels(
         intake_key=activity_consumer.configuration.intake_key, type="activities"
     ).set.call_args_list == [
@@ -85,9 +86,10 @@ def test_pull_threats(threat_consumer, threat_1, threat_2):
         call(threat_consumer._serialize_events([threat_2])),
     ]
 
-    assert OUTCOMING_EVENTS.labels(
-        intake_key=threat_consumer.configuration.intake_key, datasource="sentinelone"
-    ).inc.call_args_list == [call(1), call(1)]
+    assert OUTCOMING_EVENTS.labels(intake_key=threat_consumer.configuration.intake_key).inc.call_args_list == [
+        call(1),
+        call(1),
+    ]
     assert EVENTS_LAG.labels(
         intake_key=threat_consumer.configuration.intake_key, type="threats"
     ).set.call_args_list == [
@@ -136,9 +138,7 @@ def sleeper(_):
         t.join()
 
         pull_events.assert_called()
-        FORWARD_EVENTS_DURATION.labels(
-            intake_key=activity_consumer.configuration.intake_key, datasource="sentinelone"
-        ).observe.assert_called()
+        FORWARD_EVENTS_DURATION.labels(intake_key=activity_consumer.configuration.intake_key).observe.assert_called()
 
 
 def test_run_consumer_fail_get_info(activity_consumer):