feat(severity-priority): fix doc + simplify

Signed-off-by: Lyonel Martinez <[email protected]>

README.md

@@ -248,7 +248,7 @@ alertmanager:
   # expiresafter: "" if set to a non-zero value, alert expires after that time in seconds (default: 0)
   # extralabels: "" # comma separated list of labels composed of a ':' separated name and value that is added to the Alerts. Example: my_label_1:my_value_1, my_label_1:my_value_2
   # extraannotations: "" # comma separated list of annotations composed of a ':' separated name and value that is added to the Alerts. Example: my_annotation_1:my_value_1, my_annotation_1:my_value_2
-  # customseveritymap: "" # comma separated list of tuple composed of a ':' separated Falco priority and Alertmanager severity that is used to override the severity label associated to the priority level of falco event. Example: debug:value_1,critical:value2.  Default mapping (priority:severity): emergency:critical|alert:critical|critical:critical|error:warning|warning:warning|notice:information|informational:information|debug:information
+  # customseveritymap: "" # comma separated list of tuple composed of a ':' separated Falco priority and Alertmanager severity that is used to override the severity label associated to the priority level of falco event. Example: debug:value_1,critical:value2.  Default mapping (priority:severity): emergency:critical,alert:critical,critical:critical,error:warning,warning:warning,notice:information,informational:information,debug:information
 
 elasticsearch:
   # hostport: "" # http://{domain or ip}:{port}, if not empty, Elasticsearch output is enabled
@@ -730,9 +730,7 @@ care of lower/uppercases**) : `yaml: a.b --> envvar: A_B` :
   value that is added to the Alerts. Example: `my_annotation_1:my_value_1, my_annotation_1:my_value_2` (default: `""`)
 - **ALERTMANAGER_CUSTOMSEVERITYMAP** : comma separated list of tuple composed of a ':' separated Falco priority and
   Alertmanager severity that is used to override the severity label associated to the priority level of falco event.
-  Example: `debug:value_1,critical:value2`. 
-  Default mapping (priority:severity): `emergency:critical|alert:critical|critical:critical|error:warning|warning:warning|notice:information|informational:information|debug:information`.
-  (default: `""`)
+  Example: `debug:value_1,critical:value2`. Default mapping (priority:severity): `emergency:critical,alert:critical,critical:critical,error:warning,warning:warning,notice:information,informational:information,debug:information` (default: `""`)
 - **ELASTICSEARCH_HOSTPORT** : Elasticsearch http://host:port, if not `empty`,
   Elasticsearch is _enabled_
 - **ELASTICSEARCH_INDEX** : Elasticsearch index (default: falco)

config.go

@@ -25,7 +25,7 @@ func getConfig() *types.Configuration {
 		Loki:            types.LokiOutputConfig{CustomHeaders: make(map[string]string)},
 		Elasticsearch:   types.ElasticsearchOutputConfig{CustomHeaders: make(map[string]string)},
 		Webhook:         types.WebhookOutputConfig{CustomHeaders: make(map[string]string)},
-		Alertmanager:    types.AlertmanagerOutputConfig{ExtraLabels: make(map[string]string), ExtraAnnotations: make(map[string]string), CustomSeverityMap: make(map[string]string)},
+		Alertmanager:    types.AlertmanagerOutputConfig{ExtraLabels: make(map[string]string), ExtraAnnotations: make(map[string]string), CustomSeverityMap: make(map[types.PriorityType]string)},
 		CloudEvents:     types.CloudEventsOutputConfig{Extensions: make(map[string]string)},
 	}
 
@@ -551,11 +551,12 @@ func getConfig() *types.Configuration {
 		severitymap := strings.Split(value, ",")
 		for _, severitymatch := range severitymap {
 			priorityString, severityValue, found := strings.Cut(severitymatch, ":")
-			if types.Priority(priorityString) == types.Default {
+			priority := types.Priority(priorityString)
+			if priority == types.Default {
 				log.Printf("[ERROR] : AlertManager - Priority '%v' is not a valid falco priority level", priorityString)
 				continue
 			} else if found {
-				c.Alertmanager.CustomSeverityMap[priorityString] = strings.TrimSpace(severityValue)
+				c.Alertmanager.CustomSeverityMap[priority] = strings.TrimSpace(severityValue)
 			} else {
 				log.Printf("[ERROR] : AlertManager - No severity given to '%v' (tuple extracted: '%v')", priorityString, severitymatch)
 			}

config_example.yaml

@@ -62,7 +62,7 @@ alertmanager:
   # expiresafter: "" if set to a non-zero value, alert expires after that time in seconds (default: 0)
   # extralabels: "" # comma separated list of labels composed of a ':' separated name and value that is added to the Alerts. Example: my_label_1:my_value_1, my_label_1:my_value_2 (default: "")
   # extraannotations: "" # comma separated list of annotations composed of a ':' separated name and value that is added to the Alerts. Example: my_annotation_1:my_value_1, my_annotation_1:my_value_2 (default: "")
-  # customseveritymap: "" # comma separated list of tuple composed of a ':' separated Falco priority and Alertmanager severity that is used to override the severity label associated to the priority level of falco event. Example: debug:value_1,critical:value2. Default mapping: emergency:critical|alert:critical|critical:critical|error:warning|warning:warning|notice:information|informational:information|debug:information. (default: "")
+  # customseveritymap: "" # comma separated list of tuple composed of a ':' separated Falco priority and Alertmanager severity that is used to override the severity label associated to the priority level of falco event. Example: debug:value_1,critical:value2. Default mapping: emergency:critical,alert:critical,critical:critical,error:warning,warning:warning,notice:information,informational:information,debug:information. (default: "")
 
 elasticsearch:
   # hostport: "" # http://{domain or ip}:{port}, if not empty, Elasticsearch output is enabled

outputs/alertmanager.go

@@ -93,7 +93,7 @@ func newAlertmanagerPayload(falcopayload types.FalcoPayload, config *types.Confi
 
 	amPayload.Labels["priority"] = falcopayload.Priority.String()
 
-	if val, ok := config.Alertmanager.CustomSeverityMap[falcopayload.Priority.String()]; ok {
+	if val, ok := config.Alertmanager.CustomSeverityMap[falcopayload.Priority]; ok {
 		amPayload.Labels["severity"] = val
 	} else {
 		amPayload.Labels["severity"] = defaultSeverityMap[falcopayload.Priority]

types/types.go

@@ -206,7 +206,7 @@ type AlertmanagerOutputConfig struct {
 	ExpiresAfter      int
 	ExtraLabels       map[string]string
 	ExtraAnnotations  map[string]string
-	CustomSeverityMap map[string]string
+	CustomSeverityMap map[PriorityType]string
 }
 
 type ElasticsearchOutputConfig struct {