A package for alert plugins packaged with this project.
This package contains alert plugins that are packaged as part of this
project. The alert plugins implement a function named
accepts input records and typically sends them to an alerting
destination. The alert plugins also implement a function named
that perform cleanup work when called.
Note that the alert plugins implement the exact same interface as the
store plugins in the
cloudmarker.stores package. So a store
plugin can usually serve equally well as an alert plugin, and vice
versa. In fact, some of the store plugins such as
cloudmarker.stores.mongodbstore.MongoDBStore are indeed used as
alert plugins too because security events can be alerted by storing them
in an Elasticsearch index or MongoDB collection.
If a plugin can serve as both a store plugin and an alert plugin, we
keep them in the
cloudmarker.stores package. If a plugin makes
sense only as an alert plugin, we keep them in this
Email alert plugin.
A plugin to send email alerts.
Create an instance of
This class accepts the same arguments as
contentargument is not honoured. Even if a
contentargument is provided, it is ignored by this class because this class defines its own content from the event records it receives in its
Send the buffered events as an email alert.
Alerter to send Slack messages for identified anomalies.
SlackAlert(bot_user_token, to, text, temp_file='/tmp/cloudmarker/slackalert.json')¶
Alert plugin to send Slack alerts.
Initialize the class:SlackAlert.
- bot_user_token (string) – Token for Slack bot user.
- to (list) – List of recipients (string) to send Slack alert to.
- text (string) – Message body.
- temp_file (string) – Name of file to be used to save interim JSON record which will be used to attach as report to Slack message.
Write the JSON data to a file and send alert.
This function writes the JSON data to a file. The created JSON file will be used by self._post_message method to send the file as an attachment.