Merge pull request #518 from fwalloe/master

Reduce risk of sourceRef collision for The Hive alerts by using full UUID

CHANGELOG.md

@@ -40,6 +40,7 @@
 
 ## Other changes
 - [Rule Test] Fix issue related to --start/--end/--days params - [#424](https://github.com/jertel/elastalert2/pull/424), [#433](https://github.com/jertel/elastalert2/pull/433) - @thican
+- [TheHive] Reduce risk of sourceRef collision for Hive Alerts by using full UUID -[#513](https://github.com/jertel/elastalert2/pull/513) - @fwalloe
 - Changed the wording of ElastAlert to ElastAlert 2 and Update FAQ -[#446](https://github.com/jertel/elastalert2/pull/446) - @nsano-rururu
 - Add missing show_ssl_warn and silence_qk_value params to docs - [#469](https://github.com/jertel/elastalert2/pull/469) - @jertel
 - [OpsGenie] Clarify documentation for URL endpoint to use in European region - [#475](https://github.com/jertel/elastalert2/pull/475) - @nsano-rururu

elastalert/alerters/thehive.py

@@ -80,7 +80,7 @@ def alert(self, matches):
             'customFields': {},
             'date': int(time.time()) * 1000,
             'description': self.create_alert_body(matches),
-            'sourceRef': str(uuid.uuid4())[0:6],
+            'sourceRef': str(uuid.uuid4()),
             'tags': [],
             'title': self.create_title(matches),
         }

tests/alerters/thehive_test.py

@@ -97,6 +97,8 @@ def test_thehive_alerter(caplog):
     actual_data = json.loads(mock_post_request.call_args_list[0][1]['data'])
     # The date and sourceRef are autogenerated, so we can't expect them to be a particular value
     del actual_data['date']
+
+    assert len(actual_data['sourceRef']) == 36
     del actual_data['sourceRef']
 
     assert expected_data == actual_data