-
Notifications
You must be signed in to change notification settings - Fork 166
/
teams.go
134 lines (113 loc) · 3.37 KB
/
teams.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
// SPDX-License-Identifier: MIT OR Apache-2.0
package outputs
import (
"log"
"sort"
"strings"
"github.com/falcosecurity/falcosidekick/types"
)
type teamsFact struct {
Name string `json:"name"`
Value string `json:"value"`
}
type teamsSection struct {
ActivityTitle string `json:"activityTitle"`
ActivitySubTitle string `json:"activitySubtitle"`
ActivityImage string `json:"activityImage,omitempty"`
Text string `json:"text"`
Facts []teamsFact `json:"facts,omitempty"`
}
// Payload
type teamsPayload struct {
Type string `json:"@type"`
Summary string `json:"summary,omitempty"`
ThemeColor string `json:"themeColor,omitempty"`
Sections []teamsSection `json:"sections"`
}
func newTeamsPayload(falcopayload types.FalcoPayload, config *types.Configuration) teamsPayload {
var (
sections []teamsSection
section teamsSection
facts []teamsFact
fact teamsFact
)
section.ActivityTitle = "Falco Sidekick"
section.ActivitySubTitle = falcopayload.Time.String()
if config.Teams.OutputFormat == All || config.Teams.OutputFormat == Text || config.Teams.OutputFormat == "" {
section.Text = falcopayload.Output
}
if config.Teams.ActivityImage != "" {
section.ActivityImage = config.Teams.ActivityImage
}
if config.Teams.OutputFormat == All || config.Teams.OutputFormat == "facts" || config.Teams.OutputFormat == "" {
fact.Name = Rule
fact.Value = falcopayload.Rule
facts = append(facts, fact)
fact.Name = Priority
fact.Value = falcopayload.Priority.String()
facts = append(facts, fact)
fact.Name = Source
fact.Value = falcopayload.Source
facts = append(facts, fact)
if falcopayload.Hostname != "" {
fact.Name = Hostname
fact.Value = falcopayload.Hostname
facts = append(facts, fact)
}
for _, i := range getSortedStringKeys(falcopayload.OutputFields) {
fact.Name = i
fact.Value = falcopayload.OutputFields[i].(string)
facts = append(facts, fact)
}
if len(falcopayload.Tags) != 0 {
sort.Strings(falcopayload.Tags)
fact.Name = Tags
fact.Value = strings.Join(falcopayload.Tags, ", ")
facts = append(facts, fact)
}
}
section.Facts = facts
var color string
switch falcopayload.Priority {
case types.Emergency:
color = "e20b0b"
case types.Alert:
color = "ff5400"
case types.Critical:
color = "ff9000"
case types.Error:
color = "ffc700"
case types.Warning:
color = "ffff00"
case types.Notice:
color = "5bffb5"
case types.Informational:
color = "68c2ff"
case types.Debug:
color = "ccfff2"
}
sections = append(sections, section)
t := teamsPayload{
Type: "MessageCard",
Summary: falcopayload.Output,
ThemeColor: color,
Sections: sections,
}
return t
}
// TeamsPost posts event to Teams
func (c *Client) TeamsPost(falcopayload types.FalcoPayload) {
c.Stats.Teams.Add(Total, 1)
err := c.Post(newTeamsPayload(falcopayload, c.Config))
if err != nil {
go c.CountMetric(Outputs, 1, []string{"output:teams", "status:error"})
c.Stats.Teams.Add(Error, 1)
c.PromStats.Outputs.With(map[string]string{"destination": "teams", "status": Error}).Inc()
log.Printf("[ERROR] : Teams - %v\n", err)
return
}
// Setting the success status
go c.CountMetric(Outputs, 1, []string{"output:teams", "status:ok"})
c.Stats.Teams.Add(OK, 1)
c.PromStats.Outputs.With(map[string]string{"destination": "teams", "status": OK}).Inc()
}