feat(severity-priority): fix naming + doc

Signed-off-by: Lyonel Martinez <[email protected]>

README.md

@@ -243,7 +243,7 @@ alertmanager:
   # expiresafter: "" if set to a non-zero value, alert expires after that time in seconds (default: 0)
   # extralabels: "" # comma separated list of labels composed of a ':' separated name and value that is added to the Alerts. Example: my_label_1:my_value_1, my_label_1:my_value_2
   # extraannotations: "" # comma separated list of annotations composed of a ':' separated name and value that is added to the Alerts. Example: my_annotation_1:my_value_1, my_annotation_1:my_value_2
-  # severitymap: "" # comma separated list of tuple composed of a ':' separated priority and severity that is used to insert a severity label based on the priority level of falco event. Example: debug:value_1,critical:value2. Default mapping: emergency|alert|critical|error|warning|notice|informational|debug:critical|critical|critical|warning|warning|informational|informational|informational
+  # customseveritymap: "" # comma separated list of tuple composed of a ':' separated Falco priority and Alertmanager severity that is used to override the severity label associated to the priority level of falco event. Example: debug:value_1,critical:value2.  Default mapping (priority:severity): emergency:critical|alert:critical|critical:critical|error:warning|warning:warning|notice:information|informational:information|debug:information
 
 elasticsearch:
   # hostport: "" # http://{domain or ip}:{port}, if not empty, Elasticsearch output is enabled
@@ -708,7 +708,7 @@ care of lower/uppercases**) : `yaml: a.b --> envvar: A_B` :
 - **ALERTMANAGER_CUSTOM_SEVERITYMAP** : comma separated list of tuple composed of a ':' separated Falco priority and
   Alertmanager severity that is used to override the severity label associated to the priority level of falco event.
   Example: `debug:value_1,critical:value2`. 
-  Default mapping: `emergency:critical|alert:critical|critical:critical|error:warning|warning:warning|notice:information|informational:information|debug:information`.
+  Default mapping (priority:severity): `emergency:critical|alert:critical|critical:critical|error:warning|warning:warning|notice:information|informational:information|debug:information`.
   (default: `""`)
 - **ELASTICSEARCH_HOSTPORT** : Elasticsearch http://host:port, if not `empty`,
   Elasticsearch is _enabled_

config.go

@@ -24,7 +24,7 @@ func getConfig() *types.Configuration {
 		Loki:          types.LokiOutputConfig{CustomHeaders: make(map[string]string)},
 		Elasticsearch: types.ElasticsearchOutputConfig{CustomHeaders: make(map[string]string)},
 		Webhook:       types.WebhookOutputConfig{CustomHeaders: make(map[string]string)},
-		Alertmanager:  types.AlertmanagerOutputConfig{ExtraLabels: make(map[string]string), ExtraAnnotations: make(map[string]string), SeverityMap: make(map[string]string)},
+		Alertmanager:  types.AlertmanagerOutputConfig{ExtraLabels: make(map[string]string), ExtraAnnotations: make(map[string]string), CustomSeverityMap: make(map[string]string)},
 		CloudEvents:   types.CloudEventsOutputConfig{Extensions: make(map[string]string)},
 	}
 
@@ -441,7 +441,7 @@ func getConfig() *types.Configuration {
 	v.GetStringMapString("CloudEvents.Extensions")
 	v.GetStringMapString("AlertManager.ExtraLabels")
 	v.GetStringMapString("AlertManager.ExtraAnnotations")
-	v.GetStringMapString("AlertManager.SeverityMap")
+	v.GetStringMapString("AlertManager.CustomSeverityMap")
 	if err := v.Unmarshal(c); err != nil {
 		log.Printf("[ERROR] : Error unmarshalling config : %s", err)
 	}
@@ -549,7 +549,7 @@ func getConfig() *types.Configuration {
 				log.Printf("[ERROR] : AlertManager - No severity given to '%v' (tuple extracted: '%v')", priorityString, severitymatch)
 				continue
 			} else {
-				c.Alertmanager.SeverityMap[priorityString] = strings.TrimSpace(values[1])
+				c.Alertmanager.CustomSeverityMap[priorityString] = strings.TrimSpace(values[1])
 			}
 		}
 	}

outputs/alertmanager.go

@@ -16,7 +16,7 @@ type alertmanagerPayload struct {
 	EndsAt      time.Time         `json:"endsAt,omitempty"`
 }
 
-var defaultPriorityMap = map[types.PriorityType]string{
+var defaultSeverityMap = map[types.PriorityType]string{
 	types.Debug:         "information",
 	types.Informational: "information",
 	types.Notice:        "information",
@@ -93,10 +93,10 @@ func newAlertmanagerPayload(falcopayload types.FalcoPayload, config *types.Confi
 
 	amPayload.Labels["priority"] = falcopayload.Priority.String()
 
-	if val, ok := config.Alertmanager.SeverityMap[falcopayload.Priority.String()]; ok {
+	if val, ok := config.Alertmanager.CustomSeverityMap[falcopayload.Priority.String()]; ok {
 		amPayload.Labels["severity"] = val
 	} else {
-		amPayload.Labels["severity"] = defaultPriorityMap[falcopayload.Priority]
+		amPayload.Labels["severity"] = defaultSeverityMap[falcopayload.Priority]
 	}
 
 	amPayload.Annotations["info"] = falcopayload.Output

types/types.go

@@ -203,8 +203,8 @@ type AlertmanagerOutputConfig struct {
 	Endpoint         string
 	ExpiresAfter     int
 	ExtraLabels      map[string]string
-	ExtraAnnotations map[string]string
-	SeverityMap      map[string]string
+	ExtraAnnotations  map[string]string
+	CustomSeverityMap map[string]string
 }
 
 type ElasticsearchOutputConfig struct {