http post api

[ozgursuder]

Hello there

I have an api access information as follows.

I can get the src_ip part here from elastalert.

I wonder how can I write the above code to the api using http post

this api code is a code belonging to the firewall

[ozgursuder]

[nsano-rururu]

look https://elastalert.readthedocs.io/en/latest/ruletypes.html#http-post

[ozgursuder]

I looked at this and wrote it here because I failed

[lastbulletbender]

I don't think there is any string substitution happening for post_url which can replace the src_ip. @ozgursuder

[ozgursuder]

I can post the src_ip part but I have no idea how to split it as post url

[lastbulletbender]

I have no idea how to split it as post url

I don't think this is possible with the current HTTPPostAlerter implementation. You can write a small server which translates the post to the suitable URL and makes the requests on elastalert's behalf.

So it will look like

elastalert -> your_small_translation_server -> actual_destination

I was thinking of writing a more feature rich webhook implementation if there's a requirement.

[ozgursuder]

Frankly, many will want to connect through the firewall api and I think this will be needed.

[lastbulletbender]

Unfortunately, this repo is not being actively maintained.

https://github.com/Yelp/elastalert/issues/2947

I'll try writing the webhook implementation if i get the time and create a PR in case this project ever becomes active.

[lastbulletbender]

@ozgursuder I have created a PR and added an alerter which should allow you to create the URL as you need

https://github.com/Yelp/elastalert/pull/3042

It still needs to be reviewed though