diff --git a/connection.yml.sample b/connection.yml.sample index 4d598cf..59dbe0f 100644 --- a/connection.yml.sample +++ b/connection.yml.sample @@ -3,6 +3,7 @@ notify: suppress_duplicates: True slack: webhook_url: https://hooks.slack.com/services/T0XXXXXXXXXXX/BXXXXXXXX/1CIyXXXXXXXXXXXXXXX + mention: "<@U013BDEFABC>" jira: username: "amce@org.com" server_url: "https://amce.atlassian.net" diff --git a/hawk_scanner/main.py b/hawk_scanner/main.py index b3ff6a0..37472dd 100644 --- a/hawk_scanner/main.py +++ b/hawk_scanner/main.py @@ -47,7 +47,7 @@ def group_results(args, results): return grouped_results -def format_slack_message(group, result, records_mini): +def format_slack_message(group, result, records_mini, mention): template_map = { 's3': """ *** PII Or Secret Found *** @@ -171,7 +171,7 @@ def format_slack_message(group, result, records_mini): Exposed Values: {exposed_values} """ } - return template_map.get(group, "").format( + return f"{mention} " + template_map.get(group, "").format( vulnerable_profile=result['profile'], bucket=result.get('bucket', ''), file_path=result.get('file_path', ''), @@ -258,7 +258,9 @@ def main(): add_columns_to_table(group, table) for i, result in enumerate(group_data, 1): records_mini = ', '.join(result['matches']) if len(result['matches']) < 25 else ', '.join(result['matches'][:25]) + f" + {len(result['matches']) - 25} more" - slack_message = format_slack_message(group, result, records_mini) + connection = system.get_connection(args) + mention = connection.get('notify', {}).get('slack', {}).get('mention', '') + slack_message = format_slack_message(group, result, records_mini, mention) if slack_message: system.create_jira_ticket(args, result, slack_message) system.SlackNotify(slack_message, args) diff --git a/readme.md b/readme.md index 4646751..6e2a31f 100644 --- a/readme.md +++ b/readme.md @@ -387,6 +387,29 @@ sources: ``` You can add or remove profiles from the connection.yml file as needed. You can also configure only one or two data sources if you don't need to scan all of them. + +## Slack Bot Mentions and Workflow Integration + +Hawk-eye now supports customizable Slack mentions in alert messages, allowing you to trigger internal Slack bot workflows (such as archiving the channel, etc) automatically. + +### How to Configure Slack Mentions + +In your `connection.yml`, under the `notify.slack` section, add a `mention` key. This value should be the Slack user ID of your bot in the format `<@USERID>`. Using the display name (e.g., `@DataScanBot`) will not trigger a real mention—Slack requires the user ID format. + +**Example:** +```yaml +notify: + slack: + webhook_url: https://hooks.slack.com/services/... + mention: "<@U12345678>" # Replace with your bot's actual user ID +``` + +When Hawk-eye sends a Slack alert, the message will begin with this mention, ensuring your bot is properly notified and any associated workflows are triggered. + +**Tip:** To find your bot's user ID, click on the bot's profile in Slack and look for the ID in the URL (e.g., `/team/U12345678`). + +``` + ## Adding New Commands diff --git a/setup.py b/setup.py index 3b0f7ae..189a917 100644 --- a/setup.py +++ b/setup.py @@ -1,4 +1,4 @@ -VERSION = "0.3.38" +VERSION = "0.3.39" from setuptools import setup, find_packages