Skip to main content

Insight Detection Bricks

PurposeFollow this guide to uncover the Insight Detection Brick and learn how to set it up effortlessly. We'll guide you through the simple steps to configure the Insight Detection Brick, making it easy for you to use and enhance your projects.
Last UpdatedMay 21, 2024

About Insight Detection Bricks

Insight Detection Bricks are used for storing the configuration details of a specific Detection.

Creating Insight Detection Bricks

To create a Insight Detection Brick, follow these steps:

  1. Navigate to Settings / Brick Management V3.

  2. Click CREATE BRICK in the top right corner.

  3. Fill in the required details:

A. Name: Provide a descriptive name. B. Description: Give a brief overview. C. Type: Select Detection.

Utilizing Existing Bricks: If you already have a similar Detection Brick, you can fork it to skip several configuration steps.

Code Implementation

To start coding the Brick, follow these steps:

  1. Go to the Code section.
  2. Click + to add a new Python file.

The name of this file should match the main parameter you configure.

Implementing the UseCase Class

Your Brick should have a UseCase class that extends the BaseUseCase class.

BaseUseCase

The BaseUseCase class provides the query method for querying tables.

query(query: str) -> pandas.DataFrame: This method allows you to run SQL queries on your team's tables and returns the data as a pandas DataFrame.

You don't need to import BaseUseCase; it's automatically available in the Brick's global scope.

UseCase

The UseCase class is where you implement the main functionality of your Brick. It extends the BaseUseCase.

run()

(last_run_at: datetime.datetime, kwargs) -> Alert: This is where the main logic goes.

Parameters:

  1. last_run_at (datetime.datetime): The last execution time of this UseCase, useful for deduplication.

  2. **kwargs: Additional parameters configured in the Parameters section.

Returns:

An alert object with the following attributes:

  1. detection_id (String): A unique UUID for this UseCase.

  2. title (String): Title of the alert.

  3. description (String): Description of the alert.

  4. occurrences (List[datetime.datetime]): List of timestamps of occurrences.

  5. events (List[Dict]): Aggregated list of related events.

  6. severity (String): Severity level of the alert.

With these steps completed, your Detection is ready to be integrated into the Portal, facilitating efficient tracking and management.

Currently, the addition of Usecases to the Portal can only be done by the DTACT team personnel. For any assistance, contact your designated person within the team.

For more information about configuring a Detection follow link below:

Learn more about configuring Detections