Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
OrkhanRustamli
Participant
Jump to solution

SmartEvent External Script for Mail

Hi All,

I want to write custom script for sending SmartEvent alerts to Slack via mail. I cannot use default mail reaction because it send graphics as attachment and as the number of attachment is 25 which is higher than Slack application Accepts, I would like to create my own external script which will send alert in defined format. The problem is I cannot find any example or sample script in Internet which I can use as guide. It would be really helpful If someone can share sample code. Thanks in advance!

0 Kudos
1 Solution

Accepted Solutions
David_Herselman
Collaborator

In case it helps someone else, this request was almost two years ago...

 

The following:

  • Sanitises input
  • If it managed to extract a username it calls an API
  • It then logs debug information

 

 

[Expert@checkpoint-management:0]# cat $RTDIR/bin/ext_commands/block_on_clearpass
#!/bin/bash
INPUT=$(cat);
CURL_OUTPUT='';
EVENT="${INPUT//[^a-zA-Z0-9 ().,:;+_-]}";
USERID=`echo "$EVENT" | sed -r "/user_name/ s/.*user_name: ([[:alnum:]_-]+).*/\1/"`;

[ ${#USERID} -ge 4 ] && [ ${#USERID} -le 40 ] && CURL_OUTPUT=`curl_cli -kX POST -H 'Content-type: application/json' --data '{"text":"Hello, World!"}' https://hooks.slack.com/services/RANDOMSTRINGPROVIDEDBYSLACK --fail --silent --show-error 2>&1`;

if [ ${#CURL_OUTPUT} -gt 0 ]; then
  echo -e "User: $USERID\nCurl debug data: \n$CURL_OUTPUT" >> /tmp/block_on_clearpass;
else
  echo -e "User: $USERID - Curl return code: $? - Sanitised event data:\n$EVENT" >> /tmp/block_on_clearpass;
fi

 

 

View solution in original post

3 Replies
masher
Employee
Employee

This doesn't use any email functionality because I don't have that available to test but I was able to create a basic app using the Incoming Webhooks function when building an app in Slack.

Slack will provide an example using Curl that can be used in a script on the Smartevent server.

In my case, my script is placed under /home/admin/scripts 

#!/bin/bash
curl_cli -kX POST -H 'Content-type: application/json' --data '{"text":"Hello, World!"}' https://hooks.slack.com/services/RANDOMSTRINGPROVIDEDBYSLACK

 

I then created an automatic reaction that triggers the script when called.

SME.png

When triggered, it runs the curl script to post whatever message is defined in the "--data" portion of the curl command.

slack.png

 

I'm sure there are better options available when interacting in Slack, but this was my quick effort that might provide some direction.

 

0 Kudos
OrkhanRustamli
Participant

Hello, Thank you for provided script. However mostly I need script example which shows way of getting values from event data.

0 Kudos
David_Herselman
Collaborator

In case it helps someone else, this request was almost two years ago...

 

The following:

  • Sanitises input
  • If it managed to extract a username it calls an API
  • It then logs debug information

 

 

[Expert@checkpoint-management:0]# cat $RTDIR/bin/ext_commands/block_on_clearpass
#!/bin/bash
INPUT=$(cat);
CURL_OUTPUT='';
EVENT="${INPUT//[^a-zA-Z0-9 ().,:;+_-]}";
USERID=`echo "$EVENT" | sed -r "/user_name/ s/.*user_name: ([[:alnum:]_-]+).*/\1/"`;

[ ${#USERID} -ge 4 ] && [ ${#USERID} -le 40 ] && CURL_OUTPUT=`curl_cli -kX POST -H 'Content-type: application/json' --data '{"text":"Hello, World!"}' https://hooks.slack.com/services/RANDOMSTRINGPROVIDEDBYSLACK --fail --silent --show-error 2>&1`;

if [ ${#CURL_OUTPUT} -gt 0 ]; then
  echo -e "User: $USERID\nCurl debug data: \n$CURL_OUTPUT" >> /tmp/block_on_clearpass;
else
  echo -e "User: $USERID - Curl return code: $? - Sanitised event data:\n$EVENT" >> /tmp/block_on_clearpass;
fi