Open km-janmejay opened 4 years ago
Qmando
commented
4 years ago Every time an alert happens, it stores a document with that alert data into Elasticsearch.
And if you modify a rule file, elastalert will reload the file. So yes you can update them from a python script.
km-janmejay
commented
4 years ago Is there any example for that or where shall i read about it? I read the document for it, didnt find much about this usecase? @Qmando
nsano-rururu
commented
4 years ago ElastAlert Metadata Index
elastalert_status elastalert elastalert_error silence https://elastalert.readthedocs.io/en/latest/elastalert_status.html#elastalert-metadata-index
Web APIs that access the ElastAlert Metadata Index are third-party and include: However, development has already stopped.
ElastAlert Server
It is made with Node.js and is accessing the ElastAlert Metadata Index programmatically. https://github.com/bitsensor/elastalert
ElastAlert Kibana Plugin
ElastAlertServer is required for operation because it is accessing ElastAlertServer. https://github.com/bitsensor/elastalert-kibana-plugin
There are things that are forked and developed. I also participate in development. It's still about updating libraries and fixing bugs...
ElastAlert Server https://github.com/johnsusek/elastalert-server
ElastAlert Kibana Plugin https://github.com/nsano-rururu/elastalert-kibana-plugin
Praeco
ElastAlertServer Web UI ElastAlertServer is required for operation because it is accessing ElastAlertServer. https://github.com/johnsusek/praeco
Hey, I am using emails of user in , as the filters, so my rule file generate alerts for those specific user. Now if i want to add, remove, check what all user are there in the filter i have to do that manually. I need to know if it is possible to update the rule file (querylist in the filter) dynamically via python script? And can i store the data about the usernames present in the filter, in a Database? Highly appreciable if u can look into this asap. @Qmando @nsano-rururu