search

outflanknl / RedELK

Red Team's SIEM - tool for Red Teams used for tracking and alarming about Blue Team activities as well as better usability in long term operations.
BSD 3-Clause "New" or "Revised" License
2.38k stars 370 forks source link

Add slack connector for notifications #258

Closed Matthijsy closed 2 years ago

Matthijsy commented 2 years ago

Currently there is a configuration for notifications via Slack, however there is not slack implementation within the project. This pull requests adds a slack connector, based on the msteams connector. It will send a message to a certain slack webhook when an alarm is raised

fastlorenzo commented 2 years ago

@Matthijsy thanks for the PR! We'll have a look and test it before merging 😉

fastlorenzo commented 2 years ago

Please have a look at the linter errors:

pylint elkserver/docker/redelk-base/redelkinstalldata/scripts/modules/slack/module.py
************* Module module
elkserver/docker/redelk-base/redelkinstalldata/scripts/modules/slack/module.py:85:0: C0325: Unnecessary parens after 'not' keyword (superfluous-parens)
elkserver/docker/redelk-base/redelkinstalldata/scripts/modules/slack/module.py:37:0: W1405: Quote delimiter " is inconsistent with the rest of the file (inconsistent-quotes)
elkserver/docker/redelk-base/redelkinstalldata/scripts/modules/slack/module.py:44:0: W1405: Quote delimiter " is inconsistent with the rest of the file (inconsistent-quotes)
elkserver/docker/redelk-base/redelkinstalldata/scripts/modules/slack/module.py:44:0: W1405: Quote delimiter " is inconsistent with the rest of the file (inconsistent-quotes)
elkserver/docker/redelk-base/redelkinstalldata/scripts/modules/slack/module.py:60:0: W1405: Quote delimiter " is inconsistent with the rest of the file (inconsistent-quotes)
elkserver/docker/redelk-base/redelkinstalldata/scripts/modules/slack/module.py:66:0: W1405: Quote delimiter " is inconsistent with the rest of the file (inconsistent-quotes)
elkserver/docker/redelk-base/redelkinstalldata/scripts/modules/slack/module.py:69:0: W1405: Quote delimiter " is inconsistent with the rest of the file (inconsistent-quotes)
elkserver/docker/redelk-base/redelkinstalldata/scripts/modules/slack/module.py:77:0: W1405: Quote delimiter " is inconsistent with the rest of the file (inconsistent-quotes)
elkserver/docker/redelk-base/redelkinstalldata/scripts/modules/slack/module.py:77:0: W1405: Quote delimiter " is inconsistent with the rest of the file (inconsistent-quotes)
elkserver/docker/redelk-base/redelkinstalldata/scripts/modules/slack/module.py:86:0: W1405: Quote delimiter " is inconsistent with the rest of the file (inconsistent-quotes)
elkserver/docker/redelk-base/redelkinstalldata/scripts/modules/slack/module.py:86:12: W1203: Use lazy % formatting in logging functions (logging-fstring-interpolation)
Matthijsy commented 2 years ago

Thank you! Wasn't aware of the linters, but the issues should be resolved now

MarcOverIP commented 2 years ago

@Matthijsy Hey I think we're missing the addition to the config.json file. Could you please check? After that it should be good for merging.

Matthijsy commented 2 years ago

@MarcOverIP Sorry for my late response! I think you refer to this file right? https://github.com/outflanknl/RedELK/blob/master/elkserver/mounts/redelk-config/etc/redelk/config.json#L29

For some reason the slack webhook_url config was already in there, but just not used anywhere in the product. I just used that one since the naming sounds logical.

MarcOverIP commented 2 years ago

You are right. Thank you for the PR! Merging now.