add new output : Opsgenie + new avatar (#39)

add new output : Opsgenie + new avatar + more tests

CHANGELOG.md

@@ -1,5 +1,13 @@
 # Changelog
 
+## 2.9.0 - 2019-10-04
+#### New
+- New output : **Opsgenie**
+#### Enhancement
+- New avatar : with colors and squared
+#### Fix
+- Duplicated entries when events have non-string fields ([PR#38](https://github.com/falcosecurity/falcosidekick/pull/38) thanks to [@actgardner](https://github.com/actgardner))
+
 ## 2.8.0 - 2019-09-11
 #### New
 - New output : **NATS**

README.md

@@ -1,6 +1,6 @@
 # Falcosidekick
 
-![falcosidekick](https://github.com/falcosecurity/falcosidekick/raw/master/imgs/falcosidekick.png)
+![falcosidekick](https://github.com/falcosecurity/falcosidekick/raw/master/imgs/falcosidekick_color.png)
 
 ![release](https://flat.badgen.net/github/release/falcosecurity/falcosidekick/latest?color=green) ![last commit](https://flat.badgen.net/github/last-commit/falcosecurity/falcosidekick) ![licence](https://flat.badgen.net/badge/license/MIT/blue) ![docker pulls](https://flat.badgen.net/docker/pulls/falcosecurity/falcosidekick?icon=docker)
 
@@ -23,6 +23,7 @@ Currently available outputs are :
 * **AWS Lambda**
 * **AWS SQS**
 * **SMTP** (email)
+* **Opsgenie**
 
 ## Usage
 
@@ -133,7 +134,12 @@ smtp:
   # from: "" # Sender address (mandatory if SMTP output is enabled)
   # to: "" # comma-separated list of Recipident addresses, can't be empty (mandatory if SMTP output is enabled)
   # outputformat: "" # html (default), text
-  # minimumpriority: "" # minimum priority of event for using this output, order is emergency|alert|critical|error|warning|notice|informationnal|debug or "" (default)  
+  # minimumpriority: "" # minimum priority of event for using this output, order is emergency|alert|critical|error|warning|notice|informationnal|debug or "" (default)
+
+opsgenie:
+  # apikey: "" # Opsgenie API Key, if not empty, Opsgenie output is enabled
+  # region: "eu" # (us|eu) region of your domain (default is 'us')
+  # minimumpriority: "" # minimum priority of event for using this output, order is emergency|alert|critical|error|warning|notice|informationnal|debug or "" (default)
 ```
 
 Usage :
@@ -196,6 +202,9 @@ The *env vars* "match" field names in *yaml file with this structure (**take car
 * **SMTP_TO** : comma-separated list of Recipident addresses, can't be empty (mandatory if SMTP output is enabled)
 * **SMTP_OUTPUTFORMAT** : "" # html (default), text
 * **SMTP_MINIMUMPRIORITY** : minimum priority of event for using this output, order is `emergency|alert|critical|error|warning|notice|informationnal|debug or "" (default)`
+* **OPSGENIE_APIKEY** : Opsgenie API Key, if not empty, Opsgenie output is enabled
+* **OPSGENIE_REGION** : "" # (us|eu) region of your domain (default is 'us')
+* **OPSGENIE_MINIMUMPRIORITY** : minimum priority of event for using this output, order is `emergency|alert|critical|error|warning|notice|informationnal|debug or "" (default)`
 
 ## Handlers
 
@@ -291,6 +300,10 @@ time                akey    bkey    ckey    priority rule      value
 (SMTP_OUTPUTFORMAT="**text**")
 ![smtp plaintext example](https://github.com/falcosecurity/falcosidekick/raw/master/imgs/smtp_plaintext.png)
 
+### Opsgenie
+
+![opsgenie example](https://github.com/falcosecurity/falcosidekick/raw/master/imgs/opsgenie.png)
+
 ## Development
 
 ### Build

config.go

@@ -25,11 +25,11 @@ func getConfig() *types.Configuration {
 	v.SetDefault("Debug", false)
 	v.SetDefault("Slack.WebhookURL", "")
 	v.SetDefault("Slack.Footer", "https://github.com/falcosecurity/falcosidekick")
-	v.SetDefault("Slack.Icon", "https://raw.githubusercontent.com/falcosecurity/falcosidekick/master/imgs/falcosidekick.png")
+	v.SetDefault("Slack.Icon", "https://raw.githubusercontent.com/falcosecurity/falcosidekick/master/imgs/falcosidekick_color.png")
 	v.SetDefault("Slack.OutputFormat", "all")
 	v.SetDefault("Slack.MinimumPriority", "")
 	v.SetDefault("Teams.WebhookURL", "")
-	v.SetDefault("Teams.ActivityImage", "https://raw.githubusercontent.com/falcosecurity/falcosidekick/master/imgs/falcosidekick.png")
+	v.SetDefault("Teams.ActivityImage", "https://raw.githubusercontent.com/falcosecurity/falcosidekick/master/imgs/falcosidekick_color.png")
 	v.SetDefault("Teams.OutputFormat", "all")
 	v.SetDefault("Teams.MinimumPriority", "")
 	v.SetDefault("Datadog.APIKey", "")
@@ -64,7 +64,9 @@ func getConfig() *types.Configuration {
 	v.SetDefault("SMTP.To", "")
 	v.SetDefault("SMTP.OutputFormat", "html")
 	v.SetDefault("SMTP.MinimumPriority", "")
-	v.SetDefault("AWS.SQS.MinimumPriority", "")
+	v.SetDefault("Opsgenie.Region", "us")
+	v.SetDefault("Opsgenie.APIKey", "")
+	v.SetDefault("Opsgenie.MinimumPriority", "")
 	v.SetDefault("Customfields", map[string]string{})
 
 	v.SetEnvKeyReplacer(strings.NewReplacer(".", "_"))
@@ -99,6 +101,7 @@ func getConfig() *types.Configuration {
 	}
 	if match, _ := regexp.MatchString("(?i)(emergency|alert|critical|error|warning|notice|informationnal|debug)", c.Slack.MinimumPriority); !match {
 		c.Slack.MinimumPriority = ""
+		c.Teams.MinimumPriority = ""
 	}
 
 	return c

config_example.yaml

@@ -66,4 +66,9 @@ smtp:
   # from: "" # Sender address (mandatory if SMTP output is enabled)
   # to: "" # comma-separated list of Recipident addresses, can't be empty (mandatory if SMTP output is enabled)
   # outputformat: "" # html (default), text
+  # minimumpriority: "" # minimum priority of event for using this output, order is emergency|alert|critical|error|warning|notice|informationnal|debug or "" (default)
+
+opsgenie:
+  # apikey: "" # Opsgenie API Key, if not empty, Opsgenie output is enabled
+  # region: "eu" # (us|eu) region of your domain
   # minimumpriority: "" # minimum priority of event for using this output, order is emergency|alert|critical|error|warning|notice|informationnal|debug or "" (default)

deploy/helm/falcosidekick/Chart.yaml

@@ -1,9 +1,9 @@
 apiVersion: v1
-appVersion: "2.8.0"
+appVersion: "2.9.0"
 description: A simple daemon to help you with falco's outputs
 icon: https://raw.githubusercontent.com/falcosecurity/falcosidekick/master/imgs/falcosidekick.png
 name: falcosidekick
-version: 0.1.6
+version: 0.1.7
 maintainers:
   - name: SweetOps
   - name: Issif

deploy/helm/falcosidekick/templates/deployment.yaml

@@ -180,6 +180,17 @@ spec:
                   key: smtp-password
             {{- end }}  
             {{- end }}
+            {{- if .Values.opsgenie.datadog.apikey }}
+            - name: OPSGENIE_APIKEY
+              valueFrom:
+                secretKeyRef:
+                  name: {{ include "falcosidekick.fullname" . }}
+                  key: opsgenie-apikey
+            - name: OPSGENIE_REGION
+              value: {{ .Values.config.opsgenie.region | quote }}
+            - name: OPSGENIE_MINIMUMPRIORITY
+              value: {{ .Values.config.opsgenie.minimumpriority | quote }}
+            {{- end }}
           resources:
             {{- toYaml .Values.resources | nindent 12 }}
       {{- with .Values.nodeSelector }}

deploy/helm/falcosidekick/templates/secrets.yaml

@@ -30,3 +30,6 @@ data:
   smtp-user: "{{ .Values.config.smtp.user | b64enc }}"
   smtp-password: "{{ .Values.config.smtp.password | b64enc }}"
   {{- end }}
+  {{- if .Values.config.opsgenie.apikey }}
+  opsgenie-apikey: "{{ .Values.config.opsgenie.apikey | b64enc }}"
+  {{- end }}

deploy/helm/falcosidekick/values.yaml

@@ -6,7 +6,7 @@ replicaCount: 1
 
 image:
   repository: falcosecurity/falcosidekick
-  tag: 2.7.2
+  tag: 2.9.0
   pullPolicy: IfNotPresent
 
 nameOverride: ""
@@ -80,6 +80,11 @@ config:
     outputformat: "html"
     minimumpriority: ""
 
+  opsgenie:
+    aipkey: ""
+    region: ""
+    minimumpriority: ""
+
 service:
   type: ClusterIP
   port: 2801

handlers.go

@@ -98,6 +98,9 @@ func mainHandler(w http.ResponseWriter, r *http.Request) {
 	if config.SMTP.HostPort != "" && (priorityMap[strings.ToLower(falcopayload.Priority)] >= priorityMap[strings.ToLower(config.SMTP.MinimumPriority)] || falcopayload.Rule == "Test rule") {
 		go smtpClient.SendMail(falcopayload)
 	}
+	if config.Opsgenie.APIKey != "" && (priorityMap[strings.ToLower(falcopayload.Priority)] >= priorityMap[strings.ToLower(config.Opsgenie.MinimumPriority)] || falcopayload.Rule == "Test rule") {
+		go opsgenieClient.OpsgeniePost(falcopayload)
+	}
 }
 
 // pingHandler is a simple handler to test if daemon is UP.