elastalert-lambda/elastalert_lambda.py
2019-07-01 15:21:34 +00:00

68 lines
1.7 KiB
Python

#!/usr/bin/env python2.7
import os
import datetime
import logging
import boto3
import base64
from elastalert import elastalert
from elastalert_rules import elastalert_rules
__author__ = "Stefan Reimer"
__author_email__ = "stefan@zero-downtime.net"
__version__ = "0.3.0"
logger = logging.getLogger(__name__)
logging.getLogger("urllib3").setLevel(logging.WARNING)
logging.getLogger('boto3').setLevel(logging.WARNING)
logging.getLogger('botocore').setLevel(logging.WARNING)
# Wrapper class to load rules from index within ES before calling elastalert
rules = elastalert_rules()
def boolean(value):
if value in ('t', 'T', 'true', 'True', 'TRUE', '1', 1, True):
return True
return False
def decrypt(encrypted):
try:
kms = boto3.client('kms')
plaintext = kms.decrypt(CiphertextBlob=base64.b64decode(encrypted))['Plaintext']
return plaintext.decode()
except Exception:
logging.exception("Failed to decrypt via KMS")
DEBUG = boolean(os.getenv('DEBUG', default=False))
TEST = boolean(os.getenv('TEST', default=False))
if DEBUG:
logging.getLogger().setLevel(logging.DEBUG)
else:
logging.getLogger().setLevel(logging.INFO)
def handler(event, context):
logger.debug("Event received: {}".format(event))
# (region, account_id) = context.invoked_function_arn.split(":")[3:5]
args = ['--config', 'config.yaml', '--verbose']
args.extend([
'--end',
datetime.datetime.utcnow().isoformat(),
])
try:
rules.get()
elastalert.main(args)
except SystemExit as exc:
if exc.args[0] == 0:
logger.info("ElastAlert run successfully!")
return
raise
if __name__ == "__main__":
handler({}, {})