From 7383ea479dc7d39801d40a1a43d588791d0eae53 Mon Sep 17 00:00:00 2001
From: Brandon Myers <bmyers@mozilla.com>
Date: Fri, 13 Apr 2018 00:35:42 -0500
Subject: [PATCH] Improve alert messages with color coded serverity

---
 bot/mozdefbot_slack.py | 42 +++++++++++++++++++++++++++++++++++++-----
 1 file changed, 37 insertions(+), 5 deletions(-)

diff --git a/bot/mozdefbot_slack.py b/bot/mozdefbot_slack.py
index 337d1f6f..7ddbb692 100644
--- a/bot/mozdefbot_slack.py
+++ b/bot/mozdefbot_slack.py
@@ -61,21 +61,44 @@ class SlackBot(object):
     def run(self):
         if self.slack_client.rtm_connect():
             print("SlackBot connected and running!")
-            self.post_message(random.choice(greetz))
+            self.post_welcome_message(random.choice(greetz))
         else:
             print("Unable to connect")
 
     def handle_command(self, command, channel):
         print(command)
 
-    def post_message(self, message, channel=None):
+    def post_attachment(self, message, channel, color):
         if channel is None:
             message_channels = self.channels
         else:
             message_channels = [channel]
 
         for message_channel in message_channels:
-            self.slack_client.api_call("chat.postMessage", channel=message_channel, text=message, as_user=True)
+            attachment = {
+                'fallback': message,
+                'text': message,
+                'color': color
+            }
+            self.slack_client.api_call("chat.postMessage", channel=message_channel, attachments=[attachment], as_user=True)
+
+    def post_welcome_message(self, message, channel=None):
+        self.post_attachment(message, channel, '#36a64f')
+
+    def post_info_message(self, message, channel=None):
+        self.post_attachment(message, channel, '#99ccff')
+
+    def post_critical_message(self, message, channel=None):
+        self.post_attachment(message, channel, '#ff0000')
+
+    def post_warning_message(self, message, channel=None):
+        self.post_attachment(message, channel, '#e6e600')
+
+    def post_notice_message(self, message, channel=None):
+        self.post_attachment(message, channel, '#a64dff')
+
+    def post_unknown_severity_message(self, message, channel=None):
+        self.post_attachment(message, channel, '#000000')
 
     def parse_slack_output(self, slack_rtm_output):
         output_list = slack_rtm_output
@@ -157,8 +180,17 @@ class alertConsumer(ConsumerMixin):
                 sys.stdout.write('alert is more than 450 bytes, truncating\n')
                 bodyDict['summary'] = bodyDict['summary'][:450] + ' truncated...'
 
-            self.bot.post_message(formatAlert(bodyDict), channel)
-
+            summary = bodyDict['summary'].upper()
+            if summary == 'CRITICAL':
+                self.bot.post_critical_message(formatAlert(bodyDict), channel)
+            elif summary == 'WARNING':
+                self.bot.post_warning_message(formatAlert(bodyDict), channel)
+            elif summary == 'INFO':
+                self.bot.post_info_message(formatAlert(bodyDict), channel)
+            elif summary == 'NOTICE':
+                self.bot.post_notice_message(formatAlert(bodyDict), channel)
+            else:
+                self.bot.post_unknown_severity_message(formatAlert(bodyDict), channel)
             message.ack()
         except ValueError as e:
             logger.exception("mozdefbot_slack exception while processing events queue %r" % e)