Configuring Siren Alert
Siren Alert is configured using parameters in the main Siren Investigate (or Kibana) YAML file
By default, all actions are switched off and will only produce log
entries. To enable one or more actions, configure the required
parameters on each, and set the active
flag.
Note that these examples apply only to Siren platform 10 and later.
Example (minimal)
sentinl: settings: email: active: true user: smtp_username password: smtp_password host: smtp.server.com ssl: true report: active: true puppeteer: browser_path: '/usr/bin/chromium' # path to Chrome v59+ or Chromium v59+
For more detail, examine the following extended example.
Example (extended)
sentinl:
es:
host: 'localhost'
port: 9200
# protocol: 'http'
# results: 50
# timefield: '@timestamp'
# default_type: 'doc'
# alarm_index: 'watcher_alarms'
# alarm_type: 'sentinl-alarm'
settings:
email:
active: true
host: 'localhost'
# user: 'admin'
# password: 'password'
# port: 25
# domain: 'beast.com'
# ssl: false
# tls: false
# authentication: ['PLAIN', 'LOGIN', 'CRAM-MD5', 'XOAUTH2']
# timeout: 10000 # mail server connection timeout
# cert:
# key: '/full/sys/path/to/key/file'
# cert: '/full/sys/path/to/cert/file'
# ca: '/full/sys/path/to/ca/file'
slack:
active: false
username: 'username'
hook: 'https://hooks.slack.com/services/<token>'
channel: '#channel'
webhook:
active: false
host: 'localhost'
port: 9200
# use_https: false
# path: ':/{{payload.watcher_id}}'
# body: '{{payload.watcher_id}}{payload.hits.total}}'
# method: POST
report:
active: true
puppeteer:
browser_path: '/usr/bin/chromium' # path to Chrome v59+ or Chromium v59+
timeout: 5000
# authentication:
# enabled: true
# mode:
# searchguard: false
# xpack: false
# basic: false
# custom: true
# custom:
# username_input_selector: '#username'
# password_input_selector: '#password'
# login_btn_selector: '#login-btn'
# file:
# pdf:
# format: 'A4'
# landscape: true
# screenshot:
# width: 1280
# height: 900
pushapps:
active: false
api_key: '<pushapps API Key>'