Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

add alert heartbeats #94

Merged
merged 2 commits into from
Dec 9, 2021
Merged

add alert heartbeats #94

merged 2 commits into from
Dec 9, 2021
+121 −14

Conversation

satta
Copy link
Member

@satta satta commented Dec 9, 2021
edited
Loading

One can now use the heartbeat.alert-times list to specify when an alert heartbeat should be injected.

heartbeat:
  enable: true
  # 24h HH:MM strings with local times to send heartbeat as HTTP event
  times:
    - "00:01"
  # 24h HH:MM strings with local times to send heartbeat as alert
  alert-times:
    - "00:02"

The approach is identical to the one for the general heartbeats: at each specified time, an alert like

{
    "timestamp": "2021-12-09T09:49:35.641252+0000",
    "event_type": "alert",
    "src_ip": "192.0.2.1",
    "src_port": 39106,
    "dest_ip": "192.0.2.2",
    "dest_port": 80,
    "proto": "TCP",
    "alert": {
        "action": "allowed",
        "gid": 0,
        "signature_id": 0,
        "rev": 0,
        "signature": "DCSO FEVER TEST alert",
        "category": "Not Suspicious Traffic",
        "severity": 0
    },
    "http": {
        "hostname": "test-2021-12-09.vast",
        "url": "/just-visiting",
        "http_user_agent": "FEVER",
        "http_content_type": "text/html",
        "http_method": "GET",
        "protocol": "HTTP/1.1",
        "status": 200,
        "length": 42
    }
}

is generated and injected in to the stream of forwarded events.

@satta satta added the enhancement New feature or request label Dec 9, 2021
@satta satta requested a review from 0mbi December 9, 2021 11:27
@satta satta merged commit ff210ee into DCSO:master Dec 9, 2021
@satta satta deleted the heartbeat-alert branch December 9, 2021 13:56
# for free to join this conversation on GitHub. Already have an account? # to comment
Reviewers

@0mbi 0mbi 0mbi approved these changes

Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@satta @0mbi