mozilla
/
MozDef
зеркало из https://github.com/mozilla/MozDef.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность

Improve alert messages with color coded serverity

This commit is contained in:
Brandon Myers 2018-04-13 00:35:42 -05:00
Родитель 18504dca50
Коммит 7383ea479d
Не найден ключ, соответствующий данной подписи
Идентификатор ключа GPG: 8AA79AD83045BBC7
1 изменённых файлов: 37 добавлений и 5 удалений
Показать статистику Скачать Patch файл Скачать Diff файл Показать все файлы Свернуть все файлы

42
bot/mozdefbot_slack.py
Просмотреть файл

@ -61,21 +61,44 @@ class SlackBot(object):
def run(self): def run(self):
if self.slack_client.rtm_connect(): if self.slack_client.rtm_connect():
print("SlackBot connected and running!") print("SlackBot connected and running!")
self.post_message(random.choice(greetz)) self.post_welcome_message(random.choice(greetz))
else: else:
print("Unable to connect") print("Unable to connect")
def handle_command(self, command, channel): def handle_command(self, command, channel):
print(command) print(command)
def post_message(self, message, channel=None): def post_attachment(self, message, channel, color):
if channel is None: if channel is None:
message_channels = self.channels message_channels = self.channels
else: else:
message_channels = [channel] message_channels = [channel]
for message_channel in message_channels: for message_channel in message_channels:
self.slack_client.api_call("chat.postMessage", channel=message_channel, text=message, as_user=True) attachment = {
'fallback': message,
'text': message,
'color': color
}
self.slack_client.api_call("chat.postMessage", channel=message_channel, attachments=[attachment], as_user=True)
def post_welcome_message(self, message, channel=None):
self.post_attachment(message, channel, '#36a64f')
def post_info_message(self, message, channel=None):
self.post_attachment(message, channel, '#99ccff')
def post_critical_message(self, message, channel=None):
self.post_attachment(message, channel, '#ff0000')
def post_warning_message(self, message, channel=None):
self.post_attachment(message, channel, '#e6e600')
def post_notice_message(self, message, channel=None):
self.post_attachment(message, channel, '#a64dff')
def post_unknown_severity_message(self, message, channel=None):
self.post_attachment(message, channel, '#000000')
def parse_slack_output(self, slack_rtm_output): def parse_slack_output(self, slack_rtm_output):
output_list = slack_rtm_output output_list = slack_rtm_output
@ -157,8 +180,17 @@ class alertConsumer(ConsumerMixin):
sys.stdout.write('alert is more than 450 bytes, truncating\n') sys.stdout.write('alert is more than 450 bytes, truncating\n')
bodyDict['summary'] = bodyDict['summary'][:450] + ' truncated...' bodyDict['summary'] = bodyDict['summary'][:450] + ' truncated...'
self.bot.post_message(formatAlert(bodyDict), channel) summary = bodyDict['summary'].upper()
if summary == 'CRITICAL':
self.bot.post_critical_message(formatAlert(bodyDict), channel)
elif summary == 'WARNING':
self.bot.post_warning_message(formatAlert(bodyDict), channel)
elif summary == 'INFO':
self.bot.post_info_message(formatAlert(bodyDict), channel)
elif summary == 'NOTICE':
self.bot.post_notice_message(formatAlert(bodyDict), channel)
else:
self.bot.post_unknown_severity_message(formatAlert(bodyDict), channel)
message.ack() message.ack()
except ValueError as e: except ValueError as e:
logger.exception("mozdefbot_slack exception while processing events queue %r" % e) logger.exception("mozdefbot_slack exception while processing events queue %r" % e)