Configuring Siren Alert

Siren Alert is configured using parameters in the main Siren Investigate (or Kibana) YAML file

By default, all actions are switched off and will only produce log entries. To enable one or more actions, configure the required parameters on each, and set the active flag. Each action can use configuration passed through the Siren Investigate YAML file with the action property. If some of `action’s parameters are defined in Siren Investigate YAML file, each action of the same type will use it.

Note that these examples apply only to Siren platform 10 and later.

Example (minimal)

sentinl:
  settings:
    email:
      active: true
      user: smtp_username
      password: smtp_password
      host: smtp.server.com
      ssl: true
    report:
      active: true
      puppeteer:
        browser_path: '/usr/bin/chromium' # path to Chrome v59+ or Chromium v59+

For more detail, examine the following extended example.

Example (extended)

sentinl:
  es:
    host: 'localhost'
    port: 9200
    # protocol: 'http'
    # results: 50
    # timefield: '@timestamp'
    # default_type: 'doc'
    # alarm_index: 'watcher_alarms'
    # alarm_type: 'sentinl-alarm'
  settings:
    email:
      active: true
      host: 'localhost'
      # user: 'admin'
      # password: 'password'
      # port: 25
      # domain: 'beast.com'
      # ssl: false
      # tls: false
      # authentication: ['PLAIN', 'LOGIN', 'CRAM-MD5', 'XOAUTH2']
      # timeout: 10000  # mail server connection timeout
      # cert:
      #   key: '/full/sys/path/to/key/file'
      #   cert: '/full/sys/path/to/cert/file'
      #   ca: '/full/sys/path/to/ca/file'
      # action:
      #   priority: 'medium'
      #   subject: 'subject'
      #   body: 'message'
      #   stateless: false
      #   from: 'from@siren'
      #   to: 'to@siren'
    # email_html:
    #   action:
    #     priority: 'medium'
    #     subject: 'subject'
    #     html: '<b>message</b>'
    #     stateless: false
    #     from: 'from@siren'
    #     to: 'to@siren'
    slack:
      active: false
      username: 'username'
      hook: 'https://hooks.slack.com/services/<token>'
      # action:
      #   priority: 'medium'
      #   stateless: false
      #   channel: '#mychannel'
      #   message: 'hello, mychannel'
    console:
      # action:
      #   stateless: false
      #   message: 'message'
      #   priority: 'medium'
    webhook:
      active: false
      host: 'localhost'
      port: 9200
      # use_https: false
      # path: ':/{{payload.watcher_id}}'
      # body: '{{payload.watcher_id}}{payload.hits.total}}'
      # method: POST
      # action:
      #   priority: 'medium'
      #   message: 'message'
      #   stateless: false
      #   use_https: true
      #   host: 'localhost'
      #   port: '9220'
      #   method: 'POST'
      #   headers:
      #     my_header: 'header_content'
      #   auth: 'user:password'
      #   path: '/'
      #   params:
      #     my_param: 'param_body'
      #   body: '{ "webhook": "body" }'
    report:
      active: true
      puppeteer:
        browser_path: '/usr/bin/chromium' # path to Chrome v59+ or Chromium v59+
      timeout: 5000
      # authentication:
      #   enabled: true
      #   mode:
      #     searchguard: false
      #     xpack: false
      #     basic: false
      #     custom: true
      #   custom:
      #     username_input_selector: '#username'
      #     password_input_selector: '#password'
      #     login_btn_selector: '#login-btn'
      # file:
      #   pdf:
      #     format: 'A4'
      #     landscape: true
      #   screenshot:
      #     width: 1280
      #     height: 900
      # action:
      #   priority: 'medium'
      #   stateless: true
      #   save: false
      #   to: 'to@siren'
      #   from: 'from@siren'
      #   subject: 'subject'
      #   body: 'message'
      #   snapshot:
      #     name: 'name'
      #     res: '1920x1080'
      #     type: 'png'
      #     url: 'https://siren.io'
      #     params:
      #       delay: 7000
      #   auth:
      #     mode: 'basic'
      #     active: true
      #     username: 'username'
      #     password: 'password'
      #     selector_login_btn: '.submit-button'
      #     selector_password: '.password-field'
      #     selector_username: '.username-field'
    # elastic:
    #  action:
    #    message: 'my moo message'
    #    priority: 'medium'
    pushapps:
      active: false
      api_key: '<pushapps API Key>'