update alerts to match the new aggregation functions

alerts/bro_intel_pyes.py

@@ -24,12 +24,12 @@ class AlertBroIntel(AlertTask):
         self.filtersManual(date_timedelta, must=must)
 
         # Search aggregations on field 'seenindicator', keep 50 samples of events at most
-        self.searchEventsAggreg('seenindicator', samplesLimit=50)
+        self.searchEventsAggregated('details.seenindicator', samplesLimit=50)
         # alert when >= 5 matching events in an aggregation
         self.walkAggregations(threshold=5)
 
     # Set alert properties
-    def onAggreg(self, aggreg):
+    def onAggregation(self, aggreg):
         # aggreg['count']: number of items in the aggregation, ex: number of failed login attempts
         # aggreg['value']: value of the aggregation field, ex: toto@example.com
         # aggreg['events']: list of events in the aggregation

alerts/bruteforce_ssh_pyes.py

@@ -30,12 +30,12 @@ class AlertBruteforceSsh(AlertTask):
         self.filtersManual(date_timedelta, must=must, must_not=must_not)
 
         # Search aggregations on field 'sourceipaddress', keep X samples of events at most
-        self.searchEventsAggreg('sourceipaddress', samplesLimit=10)
+        self.searchEventsAggregated('details.sourceipaddress', samplesLimit=10)
         # alert when >= X matching events in an aggregation
         self.walkAggregations(threshold=10)
 
     # Set alert properties
-    def onAggreg(self, aggreg):
+    def onAggregation(self, aggreg):
         # aggreg['count']: number of items in the aggregation, ex: number of failed login attempts
         # aggreg['value']: value of the aggregation field, ex: toto@example.com
         # aggreg['events']: list of events in the aggregation

alerts/duo_fail_open.py

@@ -26,13 +26,13 @@ class AlertDuoFailOpen(AlertTask):
         self.filtersManual(date_timedelta, must=must)
 
         # Search aggregations on field 'sourceipaddress', keep X samples of events at most
-        self.searchEventsAggreg('hostname', samplesLimit=10)
+        self.searchEventsAggregated('details.hostname', samplesLimit=10)
         # alert when >= X matching events in an aggregation
         # in this case, always
         self.walkAggregations(threshold=1)
 
     # Set alert properties
-    def onAggreg(self, aggreg):
+    def onAggregation(self, aggreg):
         # aggreg['count']: number of items in the aggregation, ex: number of failed login attempts
         # aggreg['value']: value of the aggregation field, ex: toto@example.com
         # aggreg['events']: list of events in the aggregation

alerts/multiple_intel_hits_pyes.py

@@ -28,12 +28,12 @@ class AlertMultipleIntelHits(AlertTask):
         self.filtersManual(date_timedelta, must=must)
 
         # Search aggregations on field 'seenindicator', keep X samples of events at most
-        self.searchEventsAggreg('seenindicator', samplesLimit=10)
+        self.searchEventsAggregated('details.seenindicator', samplesLimit=10)
         # alert when >= X matching events in an aggregation
         self.walkAggregations(threshold=10)
 
     # Set alert properties
-    def onAggreg(self, aggreg):
+    def onAggregation(self, aggreg):
         # aggreg['count']: number of items in the aggregation, ex: number of failed login attempts
         # aggreg['value']: value of the aggregation field, ex: toto@example.com
         # aggreg['events']: list of events in the aggregation