X-Git-Url: http://ftp.carnet.hr/pub/carnet-debian/scm?a=blobdiff_plain;ds=sidebyside;f=active-response%2Fossec-pagerduty.sh;fp=active-response%2Fossec-pagerduty.sh;h=a732ba1a4ac722c37543c83d409572663ca9674d;hb=3f728675941dc69d4e544d3a880a56240a6e394a;hp=0000000000000000000000000000000000000000;hpb=927951d1c1ad45ba9e7325f07d996154a91c911b;p=ossec-hids.git

diff --git a/active-response/ossec-pagerduty.sh b/active-response/ossec-pagerduty.sh
new file mode 100644
index 0000000..a732ba1
--- /dev/null
+++ b/active-response/ossec-pagerduty.sh
@@ -0,0 +1,30 @@
+#!/bin/bash -x
+
+# Change these values!
+# APIKEY Your pagerduty api key
+
+APIKEY="xxxxxxx"
+# Checking user arguments
+if [ "x$1" = "xdelete" ]; then
+    exit 0;
+fi
+ALERTID=$4
+RULEID=$5
+LOCAL=`dirname $0`;
+ALERTTIME=`echo "$ALERTID" | cut -d  "." -f 1`
+ALERTLAST=`echo "$ALERTID" | cut -d  "." -f 2`
+
+# Logging
+cd $LOCAL
+cd ../
+PWD=`pwd`
+echo "`date` $0 $1 $2 $3 $4 $5 $6 $7 $8" >> ${PWD}/../logs/active-responses.log
+ALERTFULL=`grep -A 10 "$ALERTTIME" ${PWD}/../logs/alerts/alerts.log | grep -v "\.$ALERTLAST: " -A 10 | grep -v "Src IP: " | grep -v "User: " |grep "Rule: " -A 4 | cut -c -139 | sed 's/\"//g'`
+
+ALERTLOG= ${PWD}/../logs/alerts/alerts.log 
+
+postfile=`mktemp`
+
+echo '{ "service_key": "'$APIKEY'", "incident_key": "Alert: '$ALERTTIME' / Rule: '$RULEID'", "event_type": "trigger", "description": "OSSEC Alert: '$ALERTLAST'", "client": "OSSEC IDS", "client_url": "http://dcid.me/ossec", "details": { "location": "'$HOSTNAME'", "Rule":"'$RULEID'", "Description":"'$ALERTFULL'", "Log":"'$ALERTLOG'"} } ' > $postfile
+
+curl -H "Content-type: application/json" -X POST --data @$postfile "https://events.pagerduty.com/generic/2010-04-15/create_event.json"