cloudmarker.alerts package¶
A package for alert plugins packaged with this project.
This package contains alert plugins that are packaged as part of this
project. The alert plugins implement a function named write()
that
accepts input records and typically sends them to an alerting
destination. The alert plugins also implement a function named done
that perform cleanup work when called.
Note that the alert plugins implement the exact same interface as the
store plugins in the cloudmarker.stores
package. So a store
plugin can usually serve equally well as an alert plugin, and vice
versa. In fact, some of the store plugins such as
cloudmarker.stores.esstore.EsStore
and
cloudmarker.stores.mongodbstore.MongoDBStore
are indeed used as
alert plugins too because security events can be alerted by storing them
in an Elasticsearch index or MongoDB collection.
If a plugin can serve as both a store plugin and an alert plugin, we
keep them in the cloudmarker.stores
package. If a plugin makes
sense only as an alert plugin, we keep them in this
cloudmarker.alerts
package.
Submodules¶
cloudmarker.alerts.emailalert module¶
Email alert plugin.
-
class
cloudmarker.alerts.emailalert.
EmailAlert
(**kwargs)¶ Bases:
object
A plugin to send email alerts.
Create an instance of
EmailAlert
plugin.This class accepts the same arguments as
cloudmarker.util.send_email()
.The
content
argument is not honoured. Even if acontent
argument is provided, it is ignored by this class because this class defines its own content from the event records it receives in itswrite()
method.-
done
()¶ Send the buffered events as an email alert.
-
cloudmarker.alerts.slackalert module¶
Alerter to send Slack messages for identified anomalies.
-
class
cloudmarker.alerts.slackalert.
SlackAlert
(bot_user_token, to, text, temp_file='/tmp/cloudmarker/slackalert.json')¶ Bases:
object
Alert plugin to send Slack alerts.
Initialize the class:SlackAlert.
Parameters: - bot_user_token (string) – Token for Slack bot user.
- to (list) – List of recipients (string) to send Slack alert to.
- text (string) – Message body.
- temp_file (string) – Name of file to be used to save interim JSON record which will be used to attach as report to Slack message.
-
done
()¶ Write the JSON data to a file and send alert.
This function writes the JSON data to a file. The created JSON file will be used by self._post_message method to send the file as an attachment.