View Source OffBroadway.Defender365.Producer (off_broadway_defender365 v1.0.0)
GenStage Producer for a stream of incidents from the Microsoft 365 Defender APIs.
producer-options
Producer options
:receive_interval
- The duration (in milliseconds) for which the producer waits before making a request for more messages. Keep in mind that the 365 Defender API quota is 50 calls per minute and 1500 calls per hour. The default value is5000
.:from_timestamp
- If present, use this value to fetch incidents with "lastUpdateTime" greater or equal to given value.:on_success
- Configures the acking behaviour for successful messages. See the "Acknowledgements" section below for all the possible values. The default value is:ack
.:on_failure
- Configures the acking behaviour for failed messages. See the "Acknowledgements" section below for all the possible values. The default value is:noop
.:incident_client
- A module that implements theOffBroadway.Defender365.Client
behaviour. This module is responsible for fetching and acknowledging the messages from the 365 Defender APIs. All options passed to the producer will also be forwarded to the client. The default value isOffBroadway.Defender365.IncidentClient
.:config
- Required. A set of config options that overrides the default config for theincident_client
module. Any option set here can also be configured inconfig.exs
.:tenant_id
- Required. Tenant ID to consume incidents for:client_id
- Required. Client ID to use for obtaining authentication token:client_secret
- Required. Client secret to use for obtaining authentication token
acknowledgements
Acknowledgements
You can use on_success
and on_failure
options to control how messages are
acknowledged. You can set these options when starting the Defender365 producer,
or change them for each message through Broadway.Message.configure_ack/2
.
By default, successful messages are acked (:ack
) and failed messages are not (:noop
).
The possible values for :on_success
and :on_failure
are:
:ack
- acknowledge the message. The 365 defender APIs does not have any concept of acking messages because we are just consuming messages from a web api endpoint. For now we are just executing a:telemetry
event for acked messages.:noop
- do not acknowledge the message. No action are taken.
## Telemetry
This library exposes the following telemetry events:
* `[:off_broadway_defender365, :receive_messages, :start]` - Dispatched before receiving
messages from the 365 Defender APIs.
* measurement: `%{time: System.monotonic_time}`
* metadata: `%{tenant_id: string, demand: integer}`
* `[:off_broadway_defender365, :receive_messages, :stop]` - Dispatched after messages have been
received from the 365 Defender APIs and "wrapped".
* measurement: `%{time: native_time}`
* metadata:
```
%{
tenant_id: string,
received: integer,
demand: integer
}
```
* `[:off_broadway_defender365, :receive_messages, :exception]` - Dispatched after a failure while
receiving messages from the 365 Defender APIs.
* measurement: `%{duration: native_time}`
* metadata:
```
%{
tenant_id: string,
demand: integer,
kind: kind,
reason: reason,
stacktrace: stacktrace
}
```
* `[:off_broadway_defender365, :receive_messages, :ack]` - Dispatched when acking a message.
* measurement: `%{time: System.system_time, count: 1}`
* meatadata:
```
%{
tenant_id: string,
receipt: receipt
}
```