nikrozman/sflow-abuse
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Add alert handling

Browse Source
This commit is contained in:
Nik Rozman
2023-10-27 18:05:58 +02:00
parent 3a14e9be09
commit 2f9c2c1969
4 changed files with 67 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
ignored.txt
View File

@@ -1 +1 @@
192.168.1.191/32 192.168.1.190/32

2
main.go
View File

@@ -80,7 +80,7 @@ func main() {
fmt.Printf("Loaded %d ignored subnets: %v\n", len(ignored), ignored) fmt.Printf("Loaded %d ignored subnets: %v\n", len(ignored), ignored)
// Create an instance of EventCounter to track events. // Create an instance of EventCounter to track events.
eventCounter := src.NewEventCounter(1*time.Minute, src.HandleAlert) eventCounter := src.NewEventCounter(10*time.Second, src.HandleAlert)
go eventCounter.StartMonitoring() go eventCounter.StartMonitoring()
// Open the named pipe for reading. // Open the named pipe for reading.

63
src/alert_channel.go Normal file
View File

@@ -0,0 +1,63 @@
package src
import (
"bytes"
"encoding/json"
"fmt"
"net/http"
)
// WebhookURL is the URL of the Discord webhook.
const WebhookURL = "https://discord.com/api/webhooks/1116824798421594233/ARw2KQvPPIt2wLlw4Ssp98o0VWkjr-FdZ2kpFono8zu5UC-N1Uyysy73wbL_DvYJutya"
// AlertData represents the data to be sent in the alert.
type AlertData struct {
Embeds []Embed `json:"embeds"`
}
// Embed represents an embedded message in the alert.
type Embed struct {
Title string `json:"title"`
Description string `json:"description"`
Color int `json:"color"`
}
// SendAlert sends an alert to the specified Discord webhook.
func SendAlert(alert string) error {
url := WebhookURL
alertData := AlertData{
Embeds: []Embed{
{
Title: "IP Abuse alert",
Description: alert,
Color: 15258703, // Color in decimal (corresponding to a certain color)
},
},
}
jsonData, err := json.Marshal(alertData)
if err != nil {
return err
}
client := &http.Client{}
req, err := http.NewRequest("POST", url, bytes.NewBuffer(jsonData))
if err != nil {
return err
}
req.Header.Set("Content-Type", "application/json")
resp, err := client.Do(req)
if err != nil {
return err
}
defer resp.Body.Close()
if resp.StatusCode < 200 || resp.StatusCode >= 300 {
fmt.Printf("non-2xx status code: %d\n", resp.StatusCode)
return fmt.Errorf("non-2xx status code")
}
return nil
}

3
src/event_counter.go
View File

@@ -39,7 +39,7 @@ func (ec *EventCounter) StartMonitoring() {
for range ec.resetTimer.C { for range ec.resetTimer.C {
ec.mutex.Lock() ec.mutex.Lock()
for key, count := range ec.counts { for key, count := range ec.counts {
if count >= 100 { if count >= 10 {
ip, port := parseKey(key) ip, port := parseKey(key)
ec.alertHandler(ip, port, count) ec.alertHandler(ip, port, count)
} }
@@ -68,5 +68,6 @@ func (ec *EventCounter) StopMonitoring() {
// HandleAlert is a placeholder for alert handling logic. // HandleAlert is a placeholder for alert handling logic.
func HandleAlert(ip, port string, count int) { func HandleAlert(ip, port string, count int) {
SendAlert(fmt.Sprintf("Alert: Source IP %s, Port %s exceeded the threshold with a count of %d\n", ip, port, count))
fmt.Printf("Alert: Source IP %s, Port %s exceeded the threshold with a count of %d\n", ip, port, count) fmt.Printf("Alert: Source IP %s, Port %s exceeded the threshold with a count of %d\n", ip, port, count)
} }