From 90c2b5870844bdbed711dd1ba28a2d8003534cc7 Mon Sep 17 00:00:00 2001
From: taylor_socfortress <111797488+taylorwalton@users.noreply.github.com>
Date: Tue, 11 Jun 2024 09:03:05 -0500
Subject: [PATCH] chore: Deprecate create_alert_route in general_alert.py and
 update process_image handling (#239)

---
 .../integrations/alert_escalation/routes/general_alert.py   | 1 +
 .../alert_escalation/services/escalate_alert.py             | 6 +++++-
 backend/app/integrations/monitoring_alert/services/wazuh.py | 2 ++
 3 files changed, 8 insertions(+), 1 deletion(-)

diff --git a/backend/app/integrations/alert_escalation/routes/general_alert.py b/backend/app/integrations/alert_escalation/routes/general_alert.py
index 89f6c445b..66734140e 100644
--- a/backend/app/integrations/alert_escalation/routes/general_alert.py
+++ b/backend/app/integrations/alert_escalation/routes/general_alert.py
@@ -18,6 +18,7 @@
     response_model=CreateAlertResponse,
     description="Manually create an alert in IRIS from Copilot WebUI",
     dependencies=[Security(AuthHandler().require_any_scope("admin", "analyst"))],
+    deprecated=True,
 )
 async def create_alert_route(
     create_alert_request: CreateAlertRequest,
diff --git a/backend/app/integrations/alert_escalation/services/escalate_alert.py b/backend/app/integrations/alert_escalation/services/escalate_alert.py
index 03804444f..83352add8 100644
--- a/backend/app/integrations/alert_escalation/services/escalate_alert.py
+++ b/backend/app/integrations/alert_escalation/services/escalate_alert.py
@@ -158,8 +158,12 @@ def get_process_image(source_dict: dict) -> str:
         str: The process image.
     """
     process_image = source_dict.get("process_image")
+    if not process_image:
+        process_image = source_dict.get("data_win_eventdata_image")
+    if not process_image:
+        process_image = source_dict.get("data_event_Image")
     logger.info(f"Process image: {process_image}")
-    return process_image if process_image else source_dict.get("data_win_eventdata_image")
+    return process_image
 
 
 def get_process_name_from_image(process_image: str) -> str:
diff --git a/backend/app/integrations/monitoring_alert/services/wazuh.py b/backend/app/integrations/monitoring_alert/services/wazuh.py
index f1d883c23..32da972a8 100644
--- a/backend/app/integrations/monitoring_alert/services/wazuh.py
+++ b/backend/app/integrations/monitoring_alert/services/wazuh.py
@@ -274,6 +274,8 @@ async def get_process_name(source_dict: dict) -> List[str]:
     process_image = source.get("process_image")
     if process_image is None:
         process_image = source.get("data_win_eventdata_image")
+    if process_image is None:
+        process_image = source.get("data_event_Image")
 
     process_name = os.path.basename(process_image) if process_image else None
     return [process_name] if process_name else ["No process name found"]