Improve alert messages with color coded serverity

2018-04-13 00:35:42 -05:00 · 2018-04-13 00:35:42 -05:00 · 7383ea479d
--- a/bot/mozdefbot_slack.py
+++ b/bot/mozdefbot_slack.py
@ -61,21 +61,44 @@ class SlackBot(object):
    def run(self):
        if self.slack_client.rtm_connect():
            print("SlackBot connected and running!")
-            self.post_message(random.choice(greetz))
+            self.post_welcome_message(random.choice(greetz))
        else:
            print("Unable to connect")

    def handle_command(self, command, channel):
        print(command)

-    def post_message(self, message, channel=None):
+    def post_attachment(self, message, channel, color):
        if channel is None:
            message_channels = self.channels
        else:
            message_channels = [channel]

        for message_channel in message_channels:
-            self.slack_client.api_call("chat.postMessage", channel=message_channel, text=message, as_user=True)
+            attachment = {
+                'fallback': message,
+                'text': message,
+                'color': color
+            }
+            self.slack_client.api_call("chat.postMessage", channel=message_channel, attachments=[attachment], as_user=True)
+
+    def post_welcome_message(self, message, channel=None):
+        self.post_attachment(message, channel, '#36a64f')
+
+    def post_info_message(self, message, channel=None):
+        self.post_attachment(message, channel, '#99ccff')
+
+    def post_critical_message(self, message, channel=None):
+        self.post_attachment(message, channel, '#ff0000')
+
+    def post_warning_message(self, message, channel=None):
+        self.post_attachment(message, channel, '#e6e600')
+
+    def post_notice_message(self, message, channel=None):
+        self.post_attachment(message, channel, '#a64dff')
+
+    def post_unknown_severity_message(self, message, channel=None):
+        self.post_attachment(message, channel, '#000000')

    def parse_slack_output(self, slack_rtm_output):
        output_list = slack_rtm_output
@ -157,8 +180,17 @@ class alertConsumer(ConsumerMixin):
                sys.stdout.write('alert is more than 450 bytes, truncating\n')
                bodyDict['summary'] = bodyDict['summary'][:450] + ' truncated...'

-            self.bot.post_message(formatAlert(bodyDict), channel)
-
+            summary = bodyDict['summary'].upper()
+            if summary == 'CRITICAL':
+                self.bot.post_critical_message(formatAlert(bodyDict), channel)
+            elif summary == 'WARNING':
+                self.bot.post_warning_message(formatAlert(bodyDict), channel)
+            elif summary == 'INFO':
+                self.bot.post_info_message(formatAlert(bodyDict), channel)
+            elif summary == 'NOTICE':
+                self.bot.post_notice_message(formatAlert(bodyDict), channel)
+            else:
+                self.bot.post_unknown_severity_message(formatAlert(bodyDict), channel)
            message.ack()
        except ValueError as e:
            logger.exception("mozdefbot_slack exception while processing events queue %r" % e)