Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update Pull Request: "feat: Add hostname to payload" #383

Merged
merged 1 commit into from
Nov 16, 2022
Merged

Update Pull Request: "feat: Add hostname to payload" #383

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 3 additions & 0 deletions outputs/alertmanager.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -73,6 +73,9 @@ func newAlertmanagerPayload(falcopayload types.FalcoPayload, config *types.Confi
amPayload.Labels["source"] = "falco"
amPayload.Labels["rule"] = falcopayload.Rule
amPayload.Labels["eventsource"] = falcopayload.Source
if falcopayload.Hostname != "" {
amPayload.Labels[Hostname] = falcopayload.Hostname
}
if len(falcopayload.Tags) != 0 {
amPayload.Labels["tags"] = strings.Join(falcopayload.Tags, ",")
}
Expand Down
3 changes: 1 addition & 2 deletions outputs/alertmanager_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -11,8 +11,7 @@ import (
)

func TestNewAlertmanagerPayloadO(t *testing.T) {
expectedOutput := `[{"labels":{"proc_name":"falcosidekick","priority":"Debug","proc_tty":"1234","eventsource":"syscalls","rule":"Test rule","source":"falco","tags":"test,example"},"annotations":{"info":"This is a test from falcosidekick","summary":"Test rule"}}]`

expectedOutput := `[{"labels":{"proc_name":"falcosidekick","priority":"Debug","proc_tty":"1234","eventsource":"syscalls","hostname":"test-host","rule":"Test rule","source":"falco","tags":"test,example"},"annotations":{"info":"This is a test from falcosidekick","summary":"Test rule"}}]`
var f types.FalcoPayload
d := json.NewDecoder(strings.NewReader(falcoTestInput))
d.UseNumber()
Expand Down
7 changes: 6 additions & 1 deletion outputs/aws.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -232,7 +232,12 @@ func (c *Client) PublishTopic(falcopayload types.FalcoPayload) {
StringValue: aws.String(strings.Join(falcopayload.Tags, ",")),
}
}

if falcopayload.Hostname != "" {
msg.MessageAttributes[Hostname] = &sns.MessageAttributeValue{
DataType: aws.String("String"),
StringValue: aws.String(falcopayload.Hostname),
}
}
for i, j := range falcopayload.OutputFields {
switch v := j.(type) {
case string:
Expand Down
2 changes: 1 addition & 1 deletion outputs/client_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -25,7 +25,7 @@ import (
"github.com/falcosecurity/falcosidekick/types"
)

var falcoTestInput = `{"output":"This is a test from falcosidekick","priority":"Debug","rule":"Test rule", "time":"2001-01-01T01:10:00Z","source":"syscalls","output_fields": {"proc.name":"falcosidekick", "proc.tty": 1234}, "tags":["test","example"]}`
var falcoTestInput = `{"output":"This is a test from falcosidekick","priority":"Debug","rule":"Test rule", "time":"2001-01-01T01:10:00Z","source":"syscalls","output_fields": {"proc.name":"falcosidekick", "proc.tty": 1234}, "tags":["test","example"], "hostname":"test-host"}`

func TestNewClient(t *testing.T) {
u, _ := url.Parse("http://localhost")
Expand Down
6 changes: 6 additions & 0 deletions outputs/cliq.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -100,6 +100,12 @@ func newCliqPayload(falcopayload types.FalcoPayload, config *types.Configuration
field.Value = falcopayload.Priority.String()
table.Rows = append(table.Rows, field)

if falcopayload.Hostname != "" {
field.Field = Hostname
field.Value = falcopayload.Hostname
table.Rows = append(table.Rows, field)
}

for _, i := range getSortedStringKeys(falcopayload.OutputFields) {
field.Field = i
field.Value = falcopayload.OutputFields[i].(string)
Expand Down
4 changes: 4 additions & 0 deletions outputs/cliq_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -39,6 +39,10 @@ func TestNewCliqPayload(t *testing.T) {
Field: "priority",
Value: "Debug",
},
{
Field: "hostname",
Value: "test-host",
},
{
Field: "proc.name",
Value: "falcosidekick",
Expand Down
4 changes: 4 additions & 0 deletions outputs/cloudevents.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -33,6 +33,10 @@ func (c *Client) CloudEventsSend(falcopayload types.FalcoPayload) {
event.SetExtension("rule", falcopayload.Rule)
event.SetExtension("source", falcopayload.Source)

if falcopayload.Hostname != "" {
event.SetExtension(Hostname, falcopayload.Hostname)
}

// Set Extensions.
for k, v := range c.Config.CloudEvents.Extensions {
event.SetExtension(k, v)
Expand Down
1 change: 1 addition & 0 deletions outputs/constants.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -29,6 +29,7 @@ const (
Plaintext string = "plaintext"
JSON string = "json"
Markdown string = "markdown"
Hostname string = "hostname"

DefaultFooter string = "https://github.com/falcosecurity/falcosidekick"
DefaultIconURL string = "https://raw.githubusercontent.com/falcosecurity/falcosidekick/master/imgs/falcosidekick.png"
Expand Down
3 changes: 3 additions & 0 deletions outputs/datadog.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -32,6 +32,9 @@ func newDatadogPayload(falcopayload types.FalcoPayload) datadogPayload {
}
}
tags = append(tags, "source:"+falcopayload.Source)
if falcopayload.Hostname != "" {
tags = append(tags, Hostname+":"+falcopayload.Hostname)
}
if len(falcopayload.Tags) != 0 {
tags = append(tags, falcopayload.Tags...)
}
Expand Down
3 changes: 1 addition & 2 deletions outputs/datadog_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,8 +10,7 @@ import (
)

func TestNewDatadogPayload(t *testing.T) {
expectedOutput := `{"title":"Test rule","text":"This is a test from falcosidekick","alert_type":"info","source_type_name":"falco","tags":["proc.name:falcosidekick", "source:syscalls", "test", "example"]}`

expectedOutput := `{"title":"Test rule","text":"This is a test from falcosidekick","alert_type":"info","source_type_name":"falco","tags":["proc.name:falcosidekick", "source:syscalls", "hostname:test-host", "test", "example"]}`
var f types.FalcoPayload
json.Unmarshal([]byte(falcoTestInput), &f)
s, _ := json.Marshal(newDatadogPayload(f))
Expand Down
3 changes: 3 additions & 0 deletions outputs/discord.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -74,6 +74,9 @@ func newDiscordPayload(falcopayload types.FalcoPayload, config *types.Configurat
embedFields = append(embedFields, discordEmbedFieldPayload{Rule, falcopayload.Rule, true})
embedFields = append(embedFields, discordEmbedFieldPayload{Priority, falcopayload.Priority.String(), true})
embedFields = append(embedFields, discordEmbedFieldPayload{Source, falcopayload.Source, true})
if falcopayload.Hostname != "" {
embedFields = append(embedFields, discordEmbedFieldPayload{Hostname, falcopayload.Hostname, true})
}
if len(falcopayload.Tags) != 0 {
embedFields = append(embedFields, discordEmbedFieldPayload{Tags, strings.Join(falcopayload.Tags, ", "), true})
}
Expand Down
5 changes: 5 additions & 0 deletions outputs/discord_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -40,6 +40,11 @@ func TestNewDiscordPayload(t *testing.T) {
Value: "syscalls",
Inline: true,
},
{
Name: "hostname",
Value: "test-host",
Inline: true,
},
{
Name: "tags",
Value: "test, example",
Expand Down
4 changes: 4 additions & 0 deletions outputs/googlechat.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -68,6 +68,10 @@ func newGooglechatPayload(falcopayload types.FalcoPayload, config *types.Configu
widgets = append(widgets, widget{KeyValue: keyValue{"priority", falcopayload.Priority.String()}})
widgets = append(widgets, widget{KeyValue: keyValue{"source", falcopayload.Source}})

if falcopayload.Hostname != "" {
widgets = append(widgets, widget{KeyValue: keyValue{Hostname, falcopayload.Hostname}})
}

if len(falcopayload.Tags) != 0 {
widgets = append(widgets, widget{
KeyValue: keyValue{
Expand Down
6 changes: 6 additions & 0 deletions outputs/googlechat_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -42,6 +42,12 @@ func TestNewGoogleChatPayload(t *testing.T) {
Content: "syscalls",
},
},
{
keyValue{
TopLabel: "hostname",
Content: "test-host",
},
},
{
keyValue{
TopLabel: "tags",
Expand Down
4 changes: 4 additions & 0 deletions outputs/grafana.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -26,6 +26,10 @@ func newGrafanaPayload(falcopayload types.FalcoPayload, config *types.Configurat
falcopayload.Rule,
falcopayload.Source,
}
if falcopayload.Hostname != "" {
tags = append(tags, falcopayload.Hostname)
}

if config.Grafana.AllFieldsAsTags {
for _, i := range falcopayload.OutputFields {
tags = append(tags, fmt.Sprintf("%v", i))
Expand Down
4 changes: 4 additions & 0 deletions outputs/influxdb.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -21,6 +21,10 @@ func newInfluxdbPayload(falcopayload types.FalcoPayload, config *types.Configura
}
}

if falcopayload.Hostname != "" {
s += "," + Hostname + "=" + falcopayload.Hostname
}

if len(falcopayload.Tags) != 0 {
s += ",tags=" + strings.Join(falcopayload.Tags, "_")
}
Expand Down
3 changes: 1 addition & 2 deletions outputs/influxdb_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,8 +10,7 @@ import (
)

func TestNewInfluxdbPayload(t *testing.T) {
expectedOutput := `"events,rule=Test_rule,priority=Debug,source=syscalls,proc.name=falcosidekick,tags=test_example value=\"This is a test from falcosidekick\""`

expectedOutput := `"events,rule=Test_rule,priority=Debug,source=syscalls,proc.name=falcosidekick,hostname=test-host,tags=test_example value=\"This is a test from falcosidekick\""`
var f types.FalcoPayload
require.Nil(t, json.Unmarshal([]byte(falcoTestInput), &f))

Expand Down
4 changes: 4 additions & 0 deletions outputs/loki.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -46,6 +46,10 @@ func newLokiPayload(falcopayload types.FalcoPayload, config *types.Configuration
}
}

if falcopayload.Hostname != "" {
s[Hostname] = falcopayload.Hostname
}

if len(falcopayload.Tags) != 0 {
s["tags"] = strings.Join(falcopayload.Tags, ",")
}
Expand Down
1 change: 1 addition & 0 deletions outputs/loki_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,7 @@ func TestNewLokiPayload(t *testing.T) {
Streams: []lokiStream{
{
Stream: map[string]string{
"hostname": "test-host",
"tags": "test,example",
"rule": "Test rule",
"source": "syscalls",
Expand Down
6 changes: 6 additions & 0 deletions outputs/mattermost.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -22,6 +22,12 @@ func newMattermostPayload(falcopayload types.FalcoPayload, config *types.Configu
field.Value = falcopayload.Rule
field.Short = true
fields = append(fields, field)
if falcopayload.Hostname != "" {
field.Title = Hostname
field.Value = falcopayload.Hostname
field.Short = true
fields = append(fields, field)
}
field.Title = Priority
field.Value = falcopayload.Priority.String()
field.Short = true
Expand Down
5 changes: 5 additions & 0 deletions outputs/mattermost_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -27,6 +27,11 @@ func TestMattermostPayload(t *testing.T) {
Value: "Test rule",
Short: true,
},
{
Title: "hostname",
Value: "test-host",
Short: true,
},
{
Title: "priority",
Value: "Debug",
Expand Down
3 changes: 3 additions & 0 deletions outputs/opsgenie.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -29,6 +29,9 @@ func newOpsgeniePayload(falcopayload types.FalcoPayload, config *types.Configura
details["source"] = falcopayload.Source
details["rule"] = falcopayload.Rule
details["priority"] = falcopayload.Priority.String()
if falcopayload.Hostname != "" {
details[Hostname] = falcopayload.Hostname
}
if len(falcopayload.Tags) != 0 {
details["tags"] = strings.Join(falcopayload.Tags, ", ")
}
Expand Down
1 change: 1 addition & 0 deletions outputs/opsgenie_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -15,6 +15,7 @@ func TestNewOpsgeniePayload(t *testing.T) {
Entity: "Falcosidekick",
Description: "Test rule",
Details: map[string]string{
"hostname": "test-host",
"priority": "Debug",
"tags": "test, example",
"proc_name": "falcosidekick",
Expand Down
3 changes: 3 additions & 0 deletions outputs/pagerduty.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -35,6 +35,9 @@ func createPagerdutyEvent(falcopayload types.FalcoPayload, config types.Pagerdut
details["rule"] = falcopayload.Rule
details["priority"] = falcopayload.Priority.String()
details["source"] = falcopayload.Source
if len(falcopayload.Hostname) != 0 {
falcopayload.OutputFields[Hostname] = falcopayload.Hostname
}
if len(falcopayload.Tags) != 0 {
details["tags"] = strings.Join(falcopayload.Tags, ", ")
}
Expand Down
4 changes: 2 additions & 2 deletions outputs/pagerduty_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -11,8 +11,7 @@ import (
)

func TestPagerdutyPayload(t *testing.T) {
var falcoTestInput = `{"output":"This is a test from falcosidekick","priority":"Debug","rule":"Test rule","time":"2001-01-01T01:10:00Z","output_fields": {"proc.name":"falcosidekick", "proc.tty": 1234}}`

var falcoTestInput = `{"output":"This is a test from falcosidekick","priority":"Debug","rule":"Test rule","hostname":"test-host","time":"2001-01-01T01:10:00Z","output_fields": {"hostname": "test-host", "proc.name":"falcosidekick", "proc.tty": 1234}}`
var excpectedOutput = pagerduty.V2Event{
RoutingKey: "",
Action: "trigger",
Expand All @@ -25,6 +24,7 @@ func TestPagerdutyPayload(t *testing.T) {
Group: "",
Class: "",
Details: map[string]interface{}{
"hostname": "test-host",
"proc.name": "falcosidekick",
"proc.tty": float64(1234),
},
Expand Down
6 changes: 6 additions & 0 deletions outputs/rocketchat.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -52,6 +52,12 @@ func newRocketchatPayload(falcopayload types.FalcoPayload, config *types.Configu
field.Short = false
field.Value = falcopayload.Time.String()
fields = append(fields, field)
if falcopayload.Hostname != "" {
field.Title = Hostname
field.Value = falcopayload.Hostname
field.Short = true
fields = append(fields, field)
}
}

attachment.Fallback = falcopayload.Output
Expand Down
5 changes: 5 additions & 0 deletions outputs/rocketchat_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -52,6 +52,11 @@ func TestNewRocketchatPayload(t *testing.T) {
Value: "2001-01-01 01:10:00 +0000 UTC",
Short: false,
},
{
Title: "hostname",
Value: "test-host",
Short: true,
},
},
},
},
Expand Down
6 changes: 6 additions & 0 deletions outputs/slack.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -55,6 +55,12 @@ func newSlackPayload(falcopayload types.FalcoPayload, config *types.Configuratio
field.Value = falcopayload.Source
field.Short = true
fields = append(fields, field)
if falcopayload.Hostname != "" {
field.Title = Hostname
field.Value = falcopayload.Hostname
field.Short = true
fields = append(fields, field)
}
if len(falcopayload.Tags) != 0 {
field.Title = Tags
field.Value = strings.Join(falcopayload.Tags, ", ")
Expand Down
5 changes: 5 additions & 0 deletions outputs/slack_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -37,6 +37,11 @@ func TestNewSlackPayload(t *testing.T) {
Value: "syscalls",
Short: true,
},
{
Title: "hostname",
Value: "test-host",
Short: true,
},
{
Title: "tags",
Value: "test, example",
Expand Down
5 changes: 5 additions & 0 deletions outputs/smtp_templates.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,7 @@ var plaintextTmpl = `Priority: {{ .Priority }}
Output: {{ .Output }}
Rule: {{ .Rule }}
Source: {{ .Source }}
Hostname: {{ .Hostname }}
Tags: {{ range .Tags }}{{ . }} {{ end }}
Time: {{ .Time }}

Expand Down Expand Up @@ -59,6 +60,10 @@ var htmlTmpl = `
<tr>
<td style="background-color:#858585"><span style="font-size:14px;color:#fff;"><strong>Source</strong></span></td>
<td style="background-color:#d1d6da">{{ .Source }}</td>
</tr>
<tr>
<td style="background-color:#858585"><span style="font-size:14px;color:#fff;"><strong>Hostname</strong></span></td>
<td style="background-color:#d1d6da">{{ .Hostname }}</td>
</tr>
<tr>
<td style="background-color:#858585"><span style="font-size:14px;color:#fff;"><strong>Tags</strong></span></td>
Expand Down
5 changes: 5 additions & 0 deletions outputs/teams.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -69,6 +69,11 @@ func newTeamsPayload(falcopayload types.FalcoPayload, config *types.Configuratio
fact.Name = Source
fact.Value = falcopayload.Source
facts = append(facts, fact)
if falcopayload.Hostname != "" {
fact.Name = Hostname
fact.Value = falcopayload.Hostname
facts = append(facts, fact)
}
if len(falcopayload.Tags) != 0 {
fact.Name = Tags
fact.Value = strings.Join(falcopayload.Tags, ", ")
Expand Down
4 changes: 4 additions & 0 deletions outputs/teams_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -37,6 +37,10 @@ func TestNewTeamsPayload(t *testing.T) {
Name: "source",
Value: "syscalls",
},
{
Name: "hostname",
Value: "test-host",
},
{
Name: "tags",
Value: "test, example",
Expand Down
4 changes: 4 additions & 0 deletions outputs/wavefront.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -71,6 +71,10 @@ func (c *Client) WavefrontPost(falcopayload types.FalcoPayload) {
tags["rule"] = falcopayload.Rule
tags["source"] = falcopayload.Source

if falcopayload.Hostname != "" {
tags[Hostname] = falcopayload.Hostname
}

for tag, value := range falcopayload.OutputFields {
switch v := value.(type) {
case string:
Expand Down
1 change: 1 addition & 0 deletions types/types.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,7 @@ type FalcoPayload struct {
OutputFields map[string]interface{} `json:"output_fields"`
Source string `json:"source"`
Tags []string `json:"tags,omitempty"`
Hostname string `json:"hostname,omitempty"`
}

func (f FalcoPayload) String() string {
Expand Down