Allow search window type to be specified in generic deadman config

alerts/deadman_generic.json

@@ -1,14 +1,16 @@
 {
     "alerts": [
         {
+            "description": "Sample Alert 1",
             "search_query": "ABC12345436",
             "time_window": "5",
-            "description": "Basic deadman"
+            "time_window_type": "minutes"
         },
         {
+            "description": "Sample Alert 2",
             "search_query": "anotherterm",
             "time_window": "20",
-            "description": "Another deadman"
+            "time_window_type": "hours"
         }
     ]
 }

alerts/deadman_generic.py

@@ -15,7 +15,6 @@ class AlertDeadman_Generic(AlertTask):
 
     def main(self):
         self._config = self.parse_json_alert_config('deadman_generic.json')
-
         for alert_cfg in self._config['alerts']:
             try:
                 self.process_alert(alert_cfg)
@@ -27,7 +26,9 @@ class AlertDeadman_Generic(AlertTask):
 
     def process_alert(self, alert_config):
         self.current_alert_time_window = int(alert_config['time_window'])
-        search_query = SearchQuery(minutes=self.current_alert_time_window)
+        self.current_alert_time_type = alert_config['time_window_type']
+        search_query_time_window = {self.current_alert_time_type: self.current_alert_time_window}
+        search_query = SearchQuery(**search_query_time_window)
         search_query.add_must(QueryStringMatch(str(alert_config['search_query'])))
         self.filtersManual(search_query)
         self.searchEventsSimple()
@@ -40,5 +41,9 @@ class AlertDeadman_Generic(AlertTask):
         tags = ['deadman']
         severity = 'ERROR'
 
-        summary = "Deadman check failed for '{0}' the past {1} minutes".format(description, self.current_alert_time_window)
+        summary = "Deadman check failed for '{0}' the past {1} {2}".format(
+            description,
+            self.current_alert_time_window,
+            self.current_alert_time_type
+        )
         return self.createAlertDict(summary, category, tags, [], severity=severity)

tests/alerts/test_deadman_generic.py

@@ -32,7 +32,7 @@ class TestDeadman_Generic(AlertTestSuite):
         "category": "deadman",
         "tags": ['deadman'],
         "severity": "ERROR",
-        "summary": 'Deadman check failed for \'Basic deadman\' the past 5 minutes',
+        "summary": 'Deadman check failed for \'Sample Alert 1\' the past 5 minutes',
     }
     test_cases.append(
         PositiveAlertTestCase(
@@ -51,7 +51,7 @@ class TestDeadman_Generic(AlertTestSuite):
         "category": "deadman",
         "tags": ['deadman'],
         "severity": "ERROR",
-        "summary": 'Deadman check failed for \'Another deadman\' the past 20 minutes',
+        "summary": 'Deadman check failed for \'Sample Alert 2\' the past 20 hours',
     }
     test_cases.append(
         PositiveAlertTestCase(
@@ -86,8 +86,8 @@ class TestDeadman_Generic(AlertTestSuite):
         AlertTestSuite.create_event(matched_event_first),
         AlertTestSuite.create_event(matched_event_second)
     ]
-    events[1]['_source']['utctimestamp'] = AlertTestSuite.subtract_from_timestamp_lambda(date_timedelta={'minutes': 21})
+    events[1]['_source']['utctimestamp'] = AlertTestSuite.subtract_from_timestamp_lambda(date_timedelta={'hours': 21})
-    events[1]['_source']['receivedtimestamp'] = AlertTestSuite.subtract_from_timestamp_lambda(date_timedelta={'minutes': 21})
+    events[1]['_source']['receivedtimestamp'] = AlertTestSuite.subtract_from_timestamp_lambda(date_timedelta={'hours': 21})
     test_cases.append(
         PositiveAlertTestCase(
             description="Positive test case with events matching second alert configuration but are old",