Add schema for in-memory engaged_host_alerts table and host_alerts_view aggregated view on ClickHouse Cluster

httpdocs/misc/db_schema_clickhouse_cluster.sql

@@ -322,6 +322,41 @@ ALTER TABLE `host_alerts` ON CLUSTER '$CLUSTER' ADD COLUMN IF NOT EXISTS alert_c
 
 @
 
+DROP TABLE IF EXISTS `engaged_host_alerts`;
+
+@
+
+CREATE TABLE `engaged_host_alerts` (
+`rowid` UUID,
+`alert_id` UInt32 NOT NULL,
+`alert_status` UInt8 NOT NULL,
+`interface_id` UInt16 NULL,
+`ip_version` UInt8 NOT NULL,
+`ip` String NOT NULL,
+`vlan_id` UInt16,
+`name` String,
+`is_attacker` UInt8,
+`is_victim` UInt8,
+`is_client` UInt8,
+`is_server` UInt8,
+`tstamp` DateTime NOT NULL,
+`tstamp_end` DateTime,
+`severity` UInt8 NOT NULL,
+`score` UInt16 NOT NULL,
+`granularity` UInt8 NOT NULL,
+`counter` UInt32 NOT NULL,
+`description` String,
+`json` String,
+`user_label` String,
+`user_label_tstamp` DateTime,
+`host_pool_id` UInt16,
+`network` UInt16,
+`country` String,
+`alert_category` UInt8
+) ENGINE = Memory;
+
+@
+
 CREATE TABLE IF NOT EXISTS `mac_alerts` ON CLUSTER '$CLUSTER' (
 `rowid` UUID,
 `alert_id` UInt32 NOT NULL,
@@ -622,7 +657,12 @@ SELECT
   mitre.SUB_TECHNIQUE AS mitre_subtechnique,
   mitre.MITRE_ID AS mitre_id
 FROM
-  `host_alerts` AS ha
+(
+  SELECT * FROM `host_alerts`
+  UNION ALL
+  SELECT * FROM `engaged_host_alerts`
+)
+  AS ha
 LEFT JOIN
   `mitre_table_info` AS mitre
 ON
@@ -710,4 +750,4 @@ CREATE TABLE IF NOT EXISTS `asset_management` (
 `last_seen` DateTime NOT NULL DEFAULT 0,
 `trigger_alert` Boolean NULL,
 `device_status` String NULL
-) ENGINE = ReplacingMergeTree() PRIMARY KEY (`key`) ORDER BY (`key`);
+) ENGINE = ReplacingMergeTree() PRIMARY KEY (`key`) ORDER BY (`key`);