From b6f48f50a6925e15c17523756caa28ebe546c09e Mon Sep 17 00:00:00 2001
From: Emma Rose <emrose@mozilla.com>
Date: Mon, 13 May 2019 17:26:50 -0400
Subject: [PATCH] Add the name of the office/vpn/whatever to details.site

---
 alerts/plugins/ip_source_enrichment.py            |  1 +
 tests/alerts/plugins/test_ip_source_enrichment.py | 10 +++++++---
 2 files changed, 8 insertions(+), 3 deletions(-)

diff --git a/alerts/plugins/ip_source_enrichment.py b/alerts/plugins/ip_source_enrichment.py
index f0833344..33260c3b 100644
--- a/alerts/plugins/ip_source_enrichment.py
+++ b/alerts/plugins/ip_source_enrichment.py
@@ -63,6 +63,7 @@ def enrich(alert, known_ips):
         for desc in matching_descriptions:
             enriched = desc['format'].format(ip)
 
+            alert['details']['site'] = desc['site']
             alert['summary'] += '; ' + enriched
 
     return alert
diff --git a/tests/alerts/plugins/test_ip_source_enrichment.py b/tests/alerts/plugins/test_ip_source_enrichment.py
index 133a2a7f..b70d78a5 100644
--- a/tests/alerts/plugins/test_ip_source_enrichment.py
+++ b/tests/alerts/plugins/test_ip_source_enrichment.py
@@ -14,13 +14,13 @@ bad_ipv6 = '2001:db8:a0b:12f0::'
 
 known_ips = [
     {
-        'ipVersion': 4,
         'range': good_ipv4 + '/8',
+        'site': 'office1',
         'format': '{0} known',
     },
     {
-        'ipVersion': 6,
         'range': good_ipv6 + '/64',
+        'site': 'office2',
         'format': '{0} known',
     }
 ]
@@ -40,7 +40,7 @@ alert_with_ipv6 = {
     'category': 'bro',
     'tags': ['test'],
     'summary': 'Another test alert',
-    'deails': {
+    'details': {
         'sourceipaddress': good_ipv6,
         'destinationipaddress': bad_ipv6,
         'port': [22, 9001, 24404, 65532]
@@ -67,21 +67,25 @@ class TestIPSourceEnrichment(object):
         enriched = enrich(alert_with_ipv4, known_ips)
 
         assert '{0} known'.format(good_ipv4) in enriched['summary']
+        assert enriched['details']['site'] == 'office1'
 
     def test_ipv6_addrs_enriched(self):
         enriched = enrich(alert_with_ipv6, known_ips)
 
         assert '{0} known'.format(good_ipv6) in enriched['summary']
+        assert enriched['details']['site'] == 'office2'
 
     def test_ipv4_addrs_in_summary_enriched(self):
         enriched = enrich(alert_with_ipv4_in_summary, known_ips)
 
         assert '{0} known'.format(good_ipv4) in enriched['summary']
+        assert enriched['details']['site'] == 'office1'
 
     def test_ipv6_addrs_in_summary_enriched(self):
         enriched = enrich(alert_with_ipv6_in_summary, known_ips)
 
         assert '{0} known'.format(good_ipv6) in enriched['summary']
+        assert enriched['details']['site'] == 'office2'
 
     def test_unrecognized_ipv4_addrs_not_enriched(self):
         enriched = enrich(alert_with_ipv4, known_ips)