create a way for automations to output notification GCFs

GoogleCloudPlatform / security-response-automation

Take automated actions against threats and vulnerabilities.

Apache License 2.0

208 stars 52 forks source link

create a way for automations to output notification GCFs #146

Closed tomscript closed 4 years ago

tomscript commented 4 years ago

we need a way that an automation can pass its output to another automation. for example, after we create a disk snapshot can we output the name of the disk we created to Turbinia? Or Slack?

we should create a PoC that standardizes what each automation outputs and a configuration where a user can specify an array of outputs.

daniel-cit commented 4 years ago

Suggestion of output message

OutputMessage struct {
 correlationID  string
 timestamp      string
 automationName string
 sourceInfo     string
 priority       string
 status         string
 sensitiveInfo  bool
 subject        string
 message        string
}

daniel-cit commented 4 years ago

Possible output destinations:

Turbinia
PagerDuty
Slack
Sendgrid
Hangouts
StackDriver

daniel-cit commented 4 years ago

initial version will implement integration with

Turbinia
PagerDuty

One CF for routing output messages, one CF for PagerDuty and One CF for Turbinia