Nugget Post: Insert an alert / rule name in emails sent from ElastAlert

ElastAlert is a fantastic python module that makes it easy to setup near – realtime alerts and responses to entries of interest. A quick piece of information  which I didnt find clearly documented was how to insert an alert name into a custom subject line sending email alerts. 

A typical custom email alert rule file would include something similar to the following:

alert_subject: “My Alert: {0} triggered”
alert_subject_args:
– name

The “name” variable is basically a “reserved keyword” that will be substituted with the alert name, internally the code is making a lookup in a dictionary:

if ‘alert_subject_args’ in self.rule:
alert_subject_args = self.rule[‘alert_subject_args’]

Looking at other parts of the code reveals that “self.rule” is a dictionary, which has an element called “name” containing the alert name defined in the rule file

Advertisements

Embedding Javascript and HTML into Kibana 5.x

Reading this post:

http://www.supermind.org/blog/1213/embed-custom-javascript-and-html-in-a-kibana-4-x-visualization

Kelvin makes a really good suggestion…. and very good inspiration. The suggestion works fine but in my case I needed it to go a step further – I needed to embed an iframe into Kibana. The iframe (and indeed any other <script> tag) was being filtered out by Angular’s sanitization protection. I needed to disable this and make sure that Angular trusts any inputted HTML and displays it as is. TO do this, we need to change the file kibana/src/core_plugins/markdown_vis/public/markdown_vis_controller.js to:

Notes:

  • Line 12: we inject $sce into the controller
  • Line 15, we use the $sce.trustAsHTML function to avoid HTML sanitation

Obviously…. be very careful, this leaves you wide open to some nasty stuff like XSS, javascript attacks and so on…. make sure your kibana users are trusted