Improve templates

Author: martijnrondeel

.gitlab-ci.yml

@@ -22,8 +22,8 @@
 stages:
   - build
   - test
-  - deploy
   - mirror
+  - deploy
 
 cache:
   key: elastalert
@@ -45,11 +45,18 @@ test:
     - npm install --quiet
     - npm test
 
-lint:
-  <<: *node-test
+mirror:github:
+  stage: mirror
   script:
-    - npm install --quiet
-    - ./node_modules/.bin/eslint .
+    - git clone --mirror https://git.bitsensor.io/back-end/elastalert.git mirror-github
+    - cd mirror-github
+    - git remote add github https://$MIRROR_GITHUB_USER:$MIRROR_GITHUB_PASSWORD@$MIRROR_GITHUB_URL
+    - git push -u github -q --mirror
+    - rm -rf mirror-github
+  when: always
+  only:
+    - tags
+    - develop
 
 deploy:npm:
   image: node:slim
@@ -63,6 +70,8 @@ deploy:npm:
 
 deploy:docker:
   stage: deploy
+  before_script:
+    - sh scripts/replace_templates.sh
   script:
     - docker info
     - docker login -u $BITSENSOR_USERNAME -p $BITSENSOR_PASSWORD artifacts.bitsensor.io:1443
@@ -78,6 +87,8 @@ deploy:docker:
 
 deploy:docker:snapshot:
   stage: deploy
+  before_script:
+    - sh scripts/replace_templates.sh
   script:
     - docker info
     - docker login -u $BITSENSOR_USERNAME -p $BITSENSOR_PASSWORD artifacts.bitsensor.io:1443
@@ -115,16 +126,4 @@ deploy:docker-hub:snapshot:
   only:
     - develop
   tags:
-    - docker
-
-mirror:github:
-  stage: mirror
-  script:
-    - git clone --mirror https://git.bitsensor.io/back-end/elastalert.git mirror-github
-    - cd mirror-github
-    - git remote add github https://$MIRROR_GITHUB_USER:$MIRROR_GITHUB_PASSWORD@$MIRROR_GITHUB_URL
-    - git push -u github -q --mirror
-  when: always
-  only:
-    - tags
-    - develop
+    - docker

rule_templates/detection_template.yaml

@@ -52,5 +52,5 @@ alert_text_args:
 # The alert is use when a match is found
 alert:
   - slack
-slack_webhook_url: "https://hooks.slack.com/services/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"
+slack_webhook_url: "https://hooks.slack.com/services/"
 slack_username_override: "ElastAlert"

rule_templates/integration_started.yaml …plates/integration_started_template.yamlrule_templates/integration_started.yaml renamed to rule_templates/integration_started_template.yaml rule_templates/integration_started.yaml renamed to rule_templates/integration_started_template.yaml

@@ -39,14 +39,14 @@ alert_text_args:
 alert:
   - slack
 
-slack_webhook_url: "https://hooks.slack.com/services/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"
+slack_webhook_url: "https://hooks.slack.com/services/"
 slack_username_override: "ElastAlert"
 
 # Alert body only cointains a title and text
 alert_text_type: alert_text_only
 
 # Link to BitSensor Kibana Dashboard
-use_kibana4_dashboard: "https://dev.bitsensor.io/app/kibana#/dashboard/Pre-Integration"
+use_kibana4_dashboard: "https://kibana.dashboard.io/app/kibana#/dashboard"
 
 # Index to search, wildcard supported
 index: bitsensor

rule_templates/no_data.yaml rule_templates/no_data_template.yamlrule_templates/no_data.yaml renamed to rule_templates/no_data_template.yaml

@@ -26,13 +26,13 @@ doc_type: datapoint
 index: bitsensor
 timestamp_field: endpoint.localtime
 
-alert_subject: "No data on dev.bitsensor.io"
+alert_subject: "No data on dashboard"
 
 alert_text_type: alert_text_only
 alert_text: "The stack receives no data. It might be down :("
 
 # The alert is use when a match is found
 alert:
   - slack
-slack_webhook_url: "https://hooks.slack.com/services/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"
+slack_webhook_url: "https://hooks.slack.com/services/"
 slack_username_override: "ElastAlert"

rule_templates/relevant_attack_template.yaml

@@ -63,14 +63,14 @@ alert:
 # Click on your Workspace name (upper left corner)
 # Go to "Manage Apps", then "Custom Integrations", "Incoming Webhooks"
 # Press "Add Configuration", and choose your channel. Now paste it here:
-slack_webhook_url: "https://hooks.slack.com/services/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"
+slack_webhook_url: "https://hooks.slack.com/services/"
 slack_username_override: "BitSensor Alerting"
 
 # Alert body only cointains a title and text
 alert_text_type: alert_text_only
 
 # Link to BitSensor Kibana Dashboard
-use_kibana4_dashboard: "https://dev.bitsensor.io/app/kibana#/dashboard/Live-Hacking"
+use_kibana4_dashboard: "https://kibana.dashboard.io/app/kibana#/dashboard"
 
 # Enhancement for converting 'detections' array into object, ex. get merged detection type by  
 # 'detections_parsed.type' or get first detection type by 'detection_parsed.0.type' 

rule_templates/spike.yml rule_templates/spike_template.ymlrule_templates/spike.yml renamed to rule_templates/spike_template.yml

@@ -29,6 +29,6 @@ alert_text_args:
 # The alert is use when a match is found
 alert:
   - slack
-slack_webhook_url: "https://hooks.slack.com/services/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"
+slack_webhook_url: "https://hooks.slack.com/services/"
 slack_username_override: "ElastAlert"
 

rule_templates/successful_attack_template.yaml

@@ -46,5 +46,5 @@ alert_text_args:
 # The alert is use when a match is found
 alert:
   - slack
-slack_webhook_url: "https://hooks.slack.com/services/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"
+slack_webhook_url: "https://hooks.slack.com/services/"
 slack_username_override: "ElastAlert"

rule_templates/threshold.yml rule_templates/threshold_template.ymlrule_templates/threshold.yml renamed to rule_templates/threshold_template.yml

@@ -55,5 +55,5 @@ alert_text_args:
 # The alert is use when a match is found
 alert:
   - slack
-slack_webhook_url: "https://hooks.slack.com/services/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"
+slack_webhook_url: "https://hooks.slack.com/services/"
 slack_username_override: "ElastAlert"

rule_templates/volumetric_alert.yaml …templates/volumetric_alert_template.yamlrule_templates/volumetric_alert.yaml renamed to rule_templates/volumetric_alert_template.yaml rule_templates/volumetric_alert.yaml renamed to rule_templates/volumetric_alert_template.yaml

@@ -60,11 +60,11 @@ alert_text_args:
 alert:
   - slack
 
-slack_webhook_url: "https://hooks.slack.com/services/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"
+slack_webhook_url: "https://hooks.slack.com/services/"
 slack_username_override: "ElastAlert"
 
 # Alert body only cointains a title and text
 alert_text_type: alert_text_only
 
 # Link to BitSensor Kibana Dashboard
-use_kibana4_dashboard: "https://dev.bitsensor.io/app/kibana#/dashboard/Live-Hacking"
+use_kibana4_dashboard: "https://kibana.dashboard.io/app/kibana#/dashboard"

scripts/replace_templates.sh

@@ -0,0 +1,8 @@
+#!/bin/bash
+# This script replaces the default templates with
+# custom ElastAlert templates we use at BitSensor
+
+rm rule_templates/*
+git clone [email protected]:front-end/elastalert-rules.git replacement-rules
+cp replacement-rules/rules/* rule_templates/
+rm -rf replacement-rules