Configuring Siren Alert
Siren Alert is configured using parameters in the main Siren Investigate (or Kibana) YAML file
By default, all actions are switched off and will only produce log
entries. To enable one or more actions, configure the required
parameters on each, and set the active flag.
Each action can use configuration passed through the Siren Investigate YAML file
with the action property. If some of `action’s parameters
are defined in Siren Investigate YAML file, each action of the same type
will use it.
Note that these examples apply only to Siren platform 10 and later.
Example (minimal)
sentinl:
settings:
email:
active: true
user: smtp_username
password: smtp_password
host: smtp.server.com
ssl: true
report:
active: true
puppeteer:
browser_path: '/usr/bin/chromium' # path to Chrome v59+ or Chromium v59+
For more detail, examine the following extended example.
Example (extended)
sentinl:
es:
host: 'localhost'
port: 9200
# protocol: 'http'
# results: 50
# timefield: '@timestamp'
# alarm_index: 'watcher_alarms'
settings:
email:
active: true
host: 'localhost'
# user: 'admin'
# password: 'password'
# port: 25
# domain: 'beast.com'
# ssl: false
# tls: false
# authentication: ['PLAIN', 'LOGIN', 'CRAM-MD5', 'XOAUTH2']
# timeout: 10000 # mail server connection timeout
# cert:
# key: '/full/sys/path/to/key/file'
# cert: '/full/sys/path/to/cert/file'
# ca: '/full/sys/path/to/ca/file'
# action:
# priority: 'medium'
# subject: 'subject'
# body: 'message'
# stateless: false
# from: 'from@siren'
# to: 'to@siren'
# email_html:
# action:
# priority: 'medium'
# subject: 'subject'
# html: '<b>message</b>'
# stateless: false
# from: 'from@siren'
# to: 'to@siren'
slack:
active: false
token: '<token>'
# action:
# priority: 'medium'
# stateless: false
# channel: '#mychannel'
# message: 'hello, mychannel'
console:
# action:
# stateless: false
# message: 'message'
# priority: 'medium'
webhook:
active: false
host: 'localhost'
port: 9200
# use_https: false
# path: ':/{{payload.watcher_id}}'
# body: '{{payload.watcher_id}}{payload.hits.total}}'
# method: POST
# action:
# priority: 'medium'
# message: 'message'
# stateless: false
# use_https: true
# host: 'localhost'
# port: '9220'
# method: 'POST'
# headers:
# my_header: 'header_content'
# auth: 'user:password'
# path: '/'
# params:
# my_param: 'param_body'
# body: '{ "webhook": "body" }'
report:
active: true
puppeteer:
browser_path: '/usr/bin/chromium' # path to Chrome v59+ or Chromium v59+
timeout: 5000
# authentication:
# enabled: true
# mode:
# searchguard: false
# xpack: false
# basic: false
# custom: true
# custom:
# username_input_selector: '#username'
# password_input_selector: '#password'
# login_btn_selector: '#login-btn'
# file:
# pdf:
# format: 'A4'
# landscape: true
# screenshot:
# width: 1280
# height: 900
# action:
# priority: 'medium'
# stateless: true
# save: false
# to: 'to@siren'
# from: 'from@siren'
# subject: 'subject'
# body: 'message'
# snapshot:
# name: 'name'
# res: '1920x1080'
# type: 'png'
# url: 'https://siren.io'
# params:
# delay: 7000
# auth:
# mode: 'basic'
# active: true
# username: 'username'
# password: 'password'
# selector_login_btn: '.submit-button'
# selector_password: '.password-field'
# selector_username: '.username-field'
# elastic:
# action:
# message: 'my moo message'
# priority: 'medium'
pushapps:
active: false
api_key: '<pushapps API Key>'