Closed timbastin closed 6 months ago
@timbastin: Thanks for opening an issue, it is currently awaiting triage.
In the meantime, you can:
Hello @timbastin !
Are you referring to a profile that requires a decision to be made?
I'm not certain if the notification template is suitable for alerts that do not require a decision, but I'm using it for other purposes as well.
(You should be able to use cscli alerts inspect -d
to get more context)
Hello @buixor my profile.yaml
looks like the one in the documentation:
name: default_ip_remediation
debug: true
filters:
- Alert.Remediation == true && Alert.GetScope() == "Ip"
notifications:
- slack_default
I am testing the slack notification by triggering a http probing alert using nikto.pl
The issue was, that I was missing the decisions part in the profiles.yaml. The correct profiles.yaml looks like this:
name: default_ip_remediation
debug: true
filters:
- Alert.Remediation == true && Alert.GetScope() == "Ip"
notifications:
- slack_default
decisions:
- type: ban
duration: 4h
discord thread where answer was initially discovered.
What happened?
I integrated the slack notification plugin. I used the slack.yaml which is present in this repository. I followed the documentation.
What did you expect to happen?
I expected to receive a slack notification.
How can we reproduce it (as minimally and precisely as possible)?
You can follow your documentation on how to alert to slack.
Anything else we need to know?
The problem seems to be related to the "format" key of the plugin. If I change the content inside format to something like: "this is a test", I receive that notification.
Here are the logs of the failing plugin:
Crowdsec version
OS version
Enabled collections and parsers
Acquisition config
Config show
Prometheus metrics
Related custom configs versions (if applicable) : notification plugins, custom scenarios, parsers etc.