Show connection information and Threat Jammer risk score after a successful SSH connection to a server

ssh-login-info

IP="$(echo $SSH_CONNECTION | cut -d " " -f 1)"
if [ ! -z "$IP" ]; then
  TJ_API_KEY="THREAT_JAMMER_API_KEY"
  TJ_URL_PREFIX="https://dublin.api.threatjammer.com"
  SLACK_WEBHOOK_URL="SLACK_APP_INCOMING_WEBHOOK"
  SLACK_CHANNEL="SLACK_CHANNEL_OF_THE_APP_WITH_PUBLISHING_PERMISSIONS"
  SLACK_RISK_COLOR="#02ff00" # Green bar

  HOSTNAME=$(hostname -f)
  NOW=$(date +"%r (UTC %Z), %e %b %Y")

  ASSESS="$(curl -s -X GET ''$TJ_URL_PREFIX'/v1/assess/ip/'$IP'' -H 'accept: application/json' -H 'Authorization: Bearer '$TJ_API_KEY'')"
  RESULT=$(echo $ASSESS)

  SCORE="$(echo $RESULT | jq -r .score)"
  RISK="$(echo $RESULT | jq -r .risk)"
  REASON="$(echo $RESULT | jq -r .reason)"
  RISK_INFO="$SCORE ($RISK) - $REASON"
  ASN="$(echo $RESULT | jq -r .asn)"

  if [ $SCORE -gt 34 ]; then
    SLACK_RISK_COLOR="#ffe200" # Yellow bar
  fi

  if [ $SCORE -gt 67 ]; then
    SLACK_RISK_COLOR="#ff0002" # Red bar
  fi

  AS="$(curl -s -X GET ''$TJ_URL_PREFIX$ASN'' -H 'accept: application/json' -H 'Authorization: Bearer '$TJ_API_KEY'')"
  RESULT=$(echo $AS)
  AS_INFO="AS${ASN:8} $(echo $RESULT | jq -r .name) - $(echo $RESULT | jq -r .description)"

  GEO="$(curl -s -X GET ''$TJ_URL_PREFIX'/v1/geo/'$IP'' -H 'accept: application/json' -H 'Authorization: Bearer '$TJ_API_KEY'')"
  RESULT=$(echo $GEO)
  COUNTRY_CODE="$(echo $RESULT | jq -r .country_iso_code)"
  REGION_NAME="$(echo $RESULT | jq -r .region_name)"
  CITY_NAME="$(echo $RESULT | jq -r .city_name)"
  GEO_INFO="$CITY_NAME - $REGION_NAME ($COUNTRY_CODE)"

  curl -H 'Content-type: application/json' --data '{"attachments":[{"title":"New SSH login of >'"$(whoami)"'< to >'"$HOSTNAME"'< at '"$NOW"'", "color":"'"$SLACK_RISK_COLOR"'", "mrkdwn_in": ["text"], "text": "*Connected from IP:* '"$IP"'\n*Connected from ISP:* '"$AS_INFO"'\n*IP Location:* '"$GEO_INFO"'\n*Threat Jammer Risk:* '"$RISK_INFO"'"}]}' $SLACK_WEBHOOK_URL
fi