Include alert details in subject in email notifications

1

Hello,

I have 2 questions.

Is it possible to include alert details, such as the IP in the subject line in email notifications?

This is the “email_subject” setting in “/etc/crowdsec/notifications/email.yaml”

And for the email body (the “format” in email.yaml), is it possible to include the whole alert object in YAML format.

(That is I wanna include ASNNumber, IsoCode, etc. in the email; everything in the ‘show full alert object’ example here: Introduction | CrowdSec )

Thanks

2

Hello,

Any update on this?

Just to further clarify this. We are trying to replicate the functionality of Fail2Ban.

So for #1:
The subject of the email notification should be something like: "Banned [IP ADDRESS] for [REASON] on [HOSTNAME]

For #2: we want al the information about the offending IP (WHOIS, etc.) in a nice readable form, i.e. not JSON!

Thanks,
R.

3

Sorry for missing your initial thread:

For 1 the subject is not passed to the format function and its pretty hard to refactor the way to plugin works to accommodate this so unfortunately not.

For 2 you can have access to all properties on the Alert object you just need to reference them within the template {{ .Variable }}, we dont have a YAML helper function and the Alert doesnt have yaml properties assigned so it cant be converted unless golang will just guess the keys from the property key.

Let me know which properties you want and I can advise how to add them to the template if it just the geo location data here is the default template modified:

format: |
  <html><body>
  {{range . -}}
    {{$alert := . -}}
    {{range .Decisions -}}
      <p><a href="https://www.whois.com/whois/{{.Value}}">{{.Value}}</a> will get <b>{{.Type}}</b> for next <b>{{.Duration}}</b> for triggering <b>{{.Scenario}}</b> on machine <b>{{$alert.MachineID}}</b>.</p>
      <p><a href="https://app.crowdsec.net/cti/{{.Value}}">CrowdSec CTI</a></p>
    {{end -}}
      <p>Country: {{.Source.Cn}}</p>
      <p>AsName: {{.Source.AsName}}</p>
  {{end -}}
  </body></html>

all provided via the source models package - github.com/crowdsecurity/crowdsec/pkg/models - Go Packages