-
Notifications
You must be signed in to change notification settings - Fork 1
Open
Description
Using example slack.json template with arbor it is quickly seen that this does not work optimally unless the alert_type is dos_host_detection due to the payload contents.
There does not appear to be any way to have hookman process based on payload data let alone change template used for it. If you could put the jinja logic in the template then it would be pretty easy to solve, however this does not work as the mapping file is expected to be valid json which the jinja logic breaks:
example:
{
"http":
{
"url": "http://<ip>:9090"
},
"mappings":
{
"slack":
{
"method": "POST",
"url": "<slack_url>",
"payload":
{
"blocks": [
{
"type": "section",
"text": {
"type": "mrkdwn",
"text": "ID: *{{payload['data']['id']}}*"
}
},
{%- if {{payload["data"]["attributes"]["alert_type"]}} in [ "dos_host_detection" ] %}
{
"type": "section",
"fields": [
{
"type": "mrkdwn",
"text": "*Type:*\n{{payload['data']['attributes']['alert_type']}}"
},
{
"type": "mrkdwn",
"text": "*Misuse Types:*\n{{payload['data']['attributes']['subobject']['misuse_types']}}"
}
]
},
{%- endif %}
{
"type": "divider"
}
]
}
}
}
}
results in:
> python3 -m hookman slack.json
ERROR Error loading configuration file: Expecting property name enclosed in double quotes: line 22 column 2 (char 419)
Reactions are currently unavailable
Metadata
Metadata
Assignees
Labels
No labels