68 lines
1.7 KiB
Python
68 lines
1.7 KiB
Python
#!/usr/bin/env python2.7
|
|
import os
|
|
import datetime
|
|
import logging
|
|
import boto3
|
|
import base64
|
|
|
|
from elastalert import elastalert
|
|
from elastalert_rules import elastalert_rules
|
|
|
|
__author__ = "Stefan Reimer"
|
|
__author_email__ = "stefan@zero-downtime.net"
|
|
__version__ = "0.3.0"
|
|
|
|
logger = logging.getLogger(__name__)
|
|
logging.getLogger("urllib3").setLevel(logging.WARNING)
|
|
logging.getLogger('boto3').setLevel(logging.WARNING)
|
|
logging.getLogger('botocore').setLevel(logging.WARNING)
|
|
|
|
# Wrapper class to load rules from index within ES before calling elastalert
|
|
rules = elastalert_rules()
|
|
|
|
|
|
def boolean(value):
|
|
if value in ('t', 'T', 'true', 'True', 'TRUE', '1', 1, True):
|
|
return True
|
|
return False
|
|
|
|
|
|
def decrypt(encrypted):
|
|
try:
|
|
kms = boto3.client('kms')
|
|
plaintext = kms.decrypt(CiphertextBlob=base64.b64decode(encrypted))['Plaintext']
|
|
return plaintext.decode()
|
|
except Exception:
|
|
logging.exception("Failed to decrypt via KMS")
|
|
|
|
|
|
DEBUG = boolean(os.getenv('DEBUG', default=False))
|
|
TEST = boolean(os.getenv('TEST', default=False))
|
|
if DEBUG:
|
|
logging.getLogger().setLevel(logging.DEBUG)
|
|
else:
|
|
logging.getLogger().setLevel(logging.INFO)
|
|
|
|
|
|
def handler(event, context):
|
|
logger.debug("Event received: {}".format(event))
|
|
# (region, account_id) = context.invoked_function_arn.split(":")[3:5]
|
|
|
|
args = ['--config', 'config.yaml', '--verbose']
|
|
args.extend([
|
|
'--end',
|
|
datetime.datetime.utcnow().isoformat(),
|
|
])
|
|
|
|
try:
|
|
rules.get()
|
|
elastalert.main(args)
|
|
except SystemExit as exc:
|
|
if exc.args[0] == 0:
|
|
logger.info("ElastAlert run successfully!")
|
|
return
|
|
raise
|
|
|
|
if __name__ == "__main__":
|
|
handler({}, {})
|