Actions
Currently supported "actions" for Siren Alert watchers:
Send Query results and message using Email/SMTP.
Requires action settings in Siren Investigate configuration.
"email" : { "to" : "root@localhost", "from" : "sirenalert@localhost", "subject" : "Alarm Title", "priority" : "high", "body" : "Series Alarm {{ payload._id}}: {{payload.hits.total}}", "stateless" : false }
Email HTML
Send Query results and message using Email/SMTP using HTML body.
Requires action settings in Siren Investigate configuration.
"email_html" : { "to" : "root@localhost", "from" : "sirenalert@localhost", "subject" : "Alarm Title", "priority" : "high", "body" : "Series Alarm {{ payload._id}}: {{payload.hits.total}}", "html" : "<p>Series Alarm {{ payload._id}}: {{payload.hits.total}}</p>", "stateless" : false }
webHook
Deliver message to remote web API
"webhook" : { "method" : "POST", "host" : "remote.server", "port" : 9200, "path": ":/{{payload.watcher_id}}", "body" : "{{payload.watcher_id}}:{{payload.hits.total}}", "create_alert" : true }
webHook using Proxy ^^^^^^^
Deliver message to remote API using Proxy - Telegram example:
"webhook": { "method": "POST", "host": "remote.proxy", "port": "3128", "path": "https://api.telegram.org/bot{botId}/sendMessage", "body": "chat_id={chatId}&text=Count+total+hits:%20{{payload.hits.total}}", "headers": { "Content-Type": "application/x-www-form-urlencoded" }, "create_alert" : true }
Slack
Delivery Message to #Slack channel.
Requires action settings in Siren Investigate configuration.
"slack" : { "channel": "#channel", "message" : "Series Alarm {{ payload._id}}: {{payload.hits.total}}", "stateless" : false }
Report
Take a website snapshot using PhantomJS and send it using Email/SMTP.
- Requires action settings in Siren Investigate configuration.
- Requires Pageres/PhantomJS:
npm install -g pageres
.
"report" : { "to" : "root@localhost", "from" : "kaae@localhost", "subject" : "Report Title", "priority" : "high", "body" : "Series Report {{ payload._id}}: {{payload.hits.total}}", "snapshot" : { "res" : "1280,900", "url" : "http://127.0.0.1/app/kibana#/dashboard/Alerts", "path" : "/tmp/", "params" : { "username" : "username", "password" : "password", "delay" : 5000, "crop" : false } }, "stateless" : false }
Console
Output Query results and message to Console.
"console" : { "priority" : "DEBUG", "message" : "Average {{payload.aggregations.avg.value}}" }