github.com/crowdsecurity/crowdsec@v1.6.1/cmd/notification-slack/slack.yaml

github.com/crowdsecurity/crowdsec@v1.6.1/cmd/notification-slack/slack.yaml (about)

     1  type: slack           # Don't change
     2  name: slack_default   # Must match the registered plugin in the profile
     3  
     4  # One of "trace", "debug", "info", "warn", "error", "off"
     5  log_level: info
     6  
     7  # group_wait:         # Time to wait collecting alerts before relaying a message to this plugin, eg "30s"
     8  # group_threshold:    # Amount of alerts that triggers a message before <group_wait> has expired, eg "10"
     9  # max_retry:          # Number of attempts to relay messages to plugins in case of error
    10  # timeout:            # Time to wait for response from the plugin before considering the attempt a failure, eg "10s"
    11  
    12  #-------------------------
    13  # plugin-specific options
    14  
    15  # The following template receives a list of models.Alert objects
    16  # The output goes in the slack message
    17  format: |
    18    {{range . -}}
    19    {{$alert := . -}}
    20    {{range .Decisions -}}
    21    {{if $alert.Source.Cn -}}
    22    :flag-{{$alert.Source.Cn}}: <https://www.whois.com/whois/{{.Value}}|{{.Value}}> will get {{.Type}} for next {{.Duration}} for triggering {{.Scenario}} on machine '{{$alert.MachineID}}'. <https://app.crowdsec.net/cti/{{.Value}}|CrowdSec CTI>{{end}}
    23    {{if not $alert.Source.Cn -}}
    24    :pirate_flag: <https://www.whois.com/whois/{{.Value}}|{{.Value}}> will get {{.Type}} for next {{.Duration}} for triggering {{.Scenario}} on machine '{{$alert.MachineID}}'.  <https://app.crowdsec.net/cti/{{.Value}}|CrowdSec CTI>{{end}}
    25    {{end -}}
    26    {{end -}}
    27  
    28  
    29  webhook: <WEBHOOK_URL>
    30  
    31  ---
    32  
    33  # type: slack
    34  # name: slack_second_notification
    35  # ...
    36