From bc200b5f3bf6668c1220b803298f077142d49d44 Mon Sep 17 00:00:00 2001 From: minoplhy Date: Fri, 22 Mar 2024 20:34:52 +0700 Subject: [PATCH] crowdsec-notifications : add ASN to notify --- crowdsec-notifications/discord.yaml | 4 ++-- crowdsec-notifications/line.yaml | 1 + 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/crowdsec-notifications/discord.yaml b/crowdsec-notifications/discord.yaml index a47470b..e0f82de 100644 --- a/crowdsec-notifications/discord.yaml +++ b/crowdsec-notifications/discord.yaml @@ -14,14 +14,14 @@ format: | {{if $alert.Source.Cn -}} { "title": "{{.Scenario}}", - "description": ":flag_{{ $alert.Source.Cn | lower }}: {{$alert.Source.IP}}\n Hostname: {{Hostname}}\nAction: {{.Type}} {{.Duration}}\nLinks: [CTI](https://app.crowdsec.net/cti/{{$alert.Source.IP}}) | [Shodan](https://www.shodan.io/host/{{$alert.Source.IP}})", + "description": ":flag_{{ $alert.Source.Cn | lower }}: {{$alert.Source.IP}}\n Hostname: {{Hostname}}\nAS{{ $alert.Source.AsNumber }}: {{ $alert.Source.AsName }}\nAction: {{.Type}} {{.Duration}}\nLinks: [CTI](https://app.crowdsec.net/cti/{{$alert.Source.IP}}) | [Shodan](https://www.shodan.io/host/{{$alert.Source.IP}})", "color": "16711680" } {{end}} {{if not $alert.Source.Cn -}} { "title": "{{.Scenario}}", - "description": ":pirate_flag: {{$alert.Source.IP}}\nHostname: {{Hostname}}\nAction: {{.Type}} {{.Duration}}\nLinks: [CTI](https://app.crowdsec.net/cti/{{$alert.Source.IP}}) | [Shodan](https://www.shodan.io/host/{{$alert.Source.IP}})", + "description": ":pirate_flag: {{$alert.Source.IP}}\nHostname: {{Hostname}}\nAS{{ $alert.Source.AsNumber }}: {{ $alert.Source.AsName }}\nAction: {{.Type}} {{.Duration}}\nLinks: [CTI](https://app.crowdsec.net/cti/{{$alert.Source.IP}}) | [Shodan](https://www.shodan.io/host/{{$alert.Source.IP}})", "color": "16711680" } {{end}} diff --git a/crowdsec-notifications/line.yaml b/crowdsec-notifications/line.yaml index 867d94b..c698d2a 100644 --- a/crowdsec-notifications/line.yaml +++ b/crowdsec-notifications/line.yaml @@ -10,6 +10,7 @@ format: | [ *{{.Scenario}}* ] {{if $alert.Source.Cn -}}{{ $alert.Source.Cn }}{{end}}{{if not $alert.Source.Cn -}}N/A{{end}} {{$alert.Source.IP}} Hostname: {{Hostname}} + AS{{ $alert.Source.AsNumber }}: {{ $alert.Source.AsName }} Action: {{.Type}} {{.Duration}} Links: https://app.crowdsec.net/cti/{{$alert.Source.IP}} Links: https://www.shodan.io/host/{{$alert.Source.IP}}