forked from falcosecurity/falcosidekick
/
discord.go
117 lines (101 loc) · 3.38 KB
/
discord.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
package outputs
import (
"fmt"
"log"
"strings"
"github.com/ir0njaw/falcosidekick/types"
)
type discordPayload struct {
Content string `json:"content"`
AvatarURL string `json:"avatar_url,omitempty"`
Embeds []discordEmbedPayload `json:"embeds"`
}
type discordEmbedPayload struct {
Title string `json:"title"`
URL string `json:"url"`
Description string `json:"description"`
Color string `json:"color"`
Fields []discordEmbedFieldPayload `json:"fields"`
}
type discordEmbedFieldPayload struct {
Name string `json:"name"`
Value string `json:"value"`
Inline bool `json:"inline"`
}
func newDiscordPayload(falcopayload types.FalcoPayload, config *types.Configuration) discordPayload {
var iconURL string
if config.Discord.Icon != "" {
iconURL = config.Discord.Icon
} else {
iconURL = DefaultIconURL
}
var color string
switch falcopayload.Priority {
case types.Emergency:
color = "15158332" // red
case types.Alert:
color = "11027200" // dark orange
case types.Critical:
color = "15105570" // orange
case types.Error:
color = "15844367" // gold
case types.Warning:
color = "12745742" // dark gold
case types.Notice:
color = "3066993" // teal
case types.Informational:
color = "3447003" // blue
case types.Debug:
color = "12370112" // light grey
}
embeds := make([]discordEmbedPayload, 0)
embedFields := make([]discordEmbedFieldPayload, 0)
var embedField discordEmbedFieldPayload
for i, j := range falcopayload.OutputFields {
switch v := j.(type) {
case string:
embedField = discordEmbedFieldPayload{i, fmt.Sprintf("```%s```", v), true}
default:
continue
}
embedFields = append(embedFields, embedField)
}
embedFields = append(embedFields, discordEmbedFieldPayload{Rule, falcopayload.Rule, true})
embedFields = append(embedFields, discordEmbedFieldPayload{Priority, falcopayload.Priority.String(), true})
embedFields = append(embedFields, discordEmbedFieldPayload{Source, falcopayload.Source, true})
if falcopayload.Hostname != "" {
embedFields = append(embedFields, discordEmbedFieldPayload{Hostname, falcopayload.Hostname, true})
}
if len(falcopayload.Tags) != 0 {
embedFields = append(embedFields, discordEmbedFieldPayload{Tags, strings.Join(falcopayload.Tags, ", "), true})
}
embedFields = append(embedFields, discordEmbedFieldPayload{Time, falcopayload.Time.String(), true})
embed := discordEmbedPayload{
Title: "",
Description: falcopayload.Output,
Color: color,
Fields: embedFields,
}
embeds = append(embeds, embed)
return discordPayload{
Content: "",
AvatarURL: iconURL,
Embeds: embeds,
}
}
// DiscordPost posts events to discord
func (c *Client) DiscordPost(falcopayload types.FalcoPayload) {
c.Stats.Discord.Add(Total, 1)
err := c.Post(newDiscordPayload(falcopayload, c.Config))
if err != nil {
go c.CountMetric(Outputs, 1, []string{"output:discord", "status:error"})
c.Stats.Discord.Add(Error, 1)
c.PromStats.Outputs.With(map[string]string{"destination": "discord", "status": Error}).Inc()
log.Printf("[ERROR] : Discord - %v\n", err)
return
}
// Setting the success status
go c.CountMetric(Outputs, 1, []string{"output:discord", "status:ok"})
c.Stats.Discord.Add(OK, 1)
c.PromStats.Outputs.With(map[string]string{"destination": "discord", "status": OK}).Inc()
}