Closed Neleus closed 1 year ago
As I understand all templates are located in modules directory (opencanary/modules/portscan.py for example) But how to manage Alert notifications as I describe upper need Your help to resolve.
Hi @Survial,
We usually recommend Opencanary Correlator to help with alerting since Opencanary can produce a lot of logs. You can read about it over here. It is part of our roadmap to build in better alert handling and clean up the logs a bit, but we haven't got there yet.
@jayjb
Opencanary Correlator uses old Python version 2.7 but on 3+ Python it doesn't work (it's a big problem).
It would be perfect to update it to Python3.
Thanks.
Survial, you can run both simultaneously. A bit of a hassle, but doable.
Hi @Survial,
Ye thats a good point; updating it to work with python3 would be useful. Im nervous the time spent on that, would be better spent on building in some better alert handling within the Opencanary project.
How to exclude some logs from Alerting? I'm using opencanary.logger.SocketJSONHandler in my OpenCanary conf. To my email I've received next Alerts
{"dst_host": "192.168.1.121", "dst_port": "445", "local_time": "2022-07-19 11:09:28.443132", "local_time_adjusted": "2022-07-19 11:09:28.443529", "logdata": {"DF": "", "ID": "49799", "IN": "eth0", "LEN": "60", "MAC": "XX:XX:XX:XX:XX:XX", "OUT": "", "PREC": "0x00", "PROTO": "TCP", "RES": "0x00", "SYN": "", "TOS": "0x00", "TTL": "64", "URGP": "0", "WINDOW": "65535"}, "logtype": 5001, "node_id": "opencanary-node1", "src_host": "192.168.1.11", "src_port": "38610", "utc_time": "2022-07-19 11:09:28.443409"}
But I want to receive like this{"dst_host": "192.168.1.121", "dst_port": "445", "local_time": "2022-07-19 11:09:28", "node_id": "opencanary-node1", "src_host": "192.168.1.11", "}
How to manage this Alert logs? Where are logs template can be edited? Thanks for help.