Adding MISP URL for SIEM monitoring (#11)

CERN-CERT · Aug 30, 2023 · 4a89f33 · 4a89f33
1 parent 3f88f53
commit 4a89f33
Show file tree

Hide file tree

Showing 3 changed files with 2 additions and 16 deletions.
diff --git a/lib/alerts.rb b/lib/alerts.rb
@@ -47,6 +47,7 @@ def query_misp(misp_server, ioc_detected, type_ioc, all_uuids)
                   'misp_info' => misp_event.info,
                   'misp_id' => misp_event.id,
                   'misp_server' => misp_server["domain"],
+                  'event_url' => MISP_URL % [s:misp_server["domain"], i:misp_event.id],
                   'num_iocs' => misp_event.attribute_count,
                   'publication' => misp_event.date,
                   'organisation' => misp_event.orgc.name,

diff --git a/lib/constants.rb b/lib/constants.rb
@@ -13,6 +13,7 @@ module ConstantsConfig
     PATH_HTML = ENV['PATH_HTML'] || "/etc/pdnssoc/notification_email.html"
     FILENAME_LOG_ALERT = ENV['FILENAME_LOG_ALERT'] || "alerts.log"
     FILENAME_LOG_SYS = ENV['FILENAME_LOG_SYS'] || "pdnssoc_sys.log"
+    MISP_URL = "https://%{s}/events/view/%{i}"
 end
 
 module ConstantsGeneral

diff --git a/lib/post_install.rb b/lib/post_install.rb