Merge pull request #36 from Zentrust/master

jertel · web-flow · commit 1da295b844f0 · 2021-01-21T08:36:15.000-05:00
Add support for custom_details in the PagerDuty alerter v2 module
diff --git a/docs/source/ruletypes.rst b/docs/source/ruletypes.rst
@@ -1926,6 +1926,11 @@ See https://developer.pagerduty.com/docs/events-api-v2/trigger-events/
 
 ``pagerduty_v2_payload_source_args``: If set, and ``pagerduty_v2_payload_source`` is a formattable string, Elastalert will format the source based on the provided array of fields from the rule or match.
 
+``pagerduty_v2_payload_custom_details``: List of keys:values to use as the content of the custom_details payload. Example - ip:clientip will map the value from the clientip index of Elasticsearch to JSON key named ip.
+
+``pagerduty_v2_payload_include_all_info``: If True, this will include the entire Elasticsearch document as a custom detail field called "information" in the PagerDuty alert.
+
+
 PagerTree
 ~~~~~~~~~
 
diff --git a/elastalert/alerts.py b/elastalert/alerts.py
@@ -1275,6 +1275,8 @@ def __init__(self, rule):
         self.pagerduty_v2_payload_severity = self.rule.get('pagerduty_v2_payload_severity', 'critical')
         self.pagerduty_v2_payload_source = self.rule.get('pagerduty_v2_payload_source', 'ElastAlert')
         self.pagerduty_v2_payload_source_args = self.rule.get('pagerduty_v2_payload_source_args', None)
+        self.pagerduty_v2_payload_custom_details = self.rule.get('pagerduty_v2_payload_custom_details', {})
+        self.pagerduty_v2_payload_include_all_info = self.rule.get('pagerduty_v2_payload_include_all_info', True)
 
         if self.pagerduty_api_version == 'v2':
             self.url = 'https://events.pagerduty.com/v2/enqueue'
@@ -1287,6 +1289,13 @@ def alert(self, matches):
         # post to pagerduty
         headers = {'content-type': 'application/json'}
         if self.pagerduty_api_version == 'v2':
+
+            custom_details_payload = {'information': body} if self.pagerduty_v2_payload_include_all_info else {}
+            if self.pagerduty_v2_payload_custom_details:
+                for match in matches:
+                    for custom_details_key, es_key in list(self.pagerduty_v2_payload_custom_details.items()):
+                        custom_details_payload[custom_details_key] = lookup_es_key(match, es_key)
+
             payload = {
                 'routing_key': self.pagerduty_service_key,
                 'event_action': self.pagerduty_event_type,
@@ -1307,9 +1316,7 @@ def alert(self, matches):
                                                          self.pagerduty_v2_payload_source_args,
                                                          matches),
                     'summary': self.create_title(matches),
-                    'custom_details': {
-                        'information': body,
-                    },
+                    'custom_details': custom_details_payload,
                 },
             }
             match_timestamp = lookup_es_key(matches[0], self.rule.get('timestamp_field', '@timestamp'))
