dlee35/rtir_elastalert.py

## rtir_elastalert.py
#! /usr/bin/env python
# requires pip
# pip install rt
import rt
import urllib3
import argparse

"""
Create ticket using python-rt interface
https://github.com/CZ-NIC/python-rt

Defaults fields are:
Queue
Owner
Subject
Text

Custom fields are:
IP
Port
Description

Add more to suit your needs/desires
"""

# Disable urllib3 warning for self-signed cert
urllib3.disable_warnings()

# Add site specific data
RTIR_host = ''
RTIR_user = ''
RTIR_pass = ''
# Change to http/s depending on env
RTIR_uri = 'https://' + RTIR_host + '/REST/1.0/'

# Build args to generate data
parser = argparse.ArgumentParser(description='Create RT Ticket from ElastAlert')
parser.add_argument('--queue', action="store", default='Elastalert', help='Queue to use for ticket')
parser.add_argument('--owner', action="store", default='root', help='Responder making ticket')
parser.add_argument('--subject', action="store", default='ElastAlert', help='Subject of ticket')
parser.add_argument('--text', action="store", default='ElastAlert Ticket', help='Summarized info on ticket')
parser.add_argument('--ip', action="store", default='', help='IP in alert')
parser.add_argument('--port', action="store", default='', help='Port in alert')
parser.add_argument('--description', action="store", default='', help='Description of ticket')

args = parser.parse_args()

# SSL/TLS cert verification is default.. add "verify_cert=False" if using self-signed
RTIR_Rt = rt.Rt(RTIR_uri, RTIR_user, RTIR_pass, verify_cert=False)
RTIR_Rt.login()
RTIR_Rt.create_ticket(Queue=args.queue, Owner=args.owner, Subject=args.subject, Text=args.text, CF_IP=args.ip, CF_Port=args.port, CF_Description=args.description)
RTIR_Rt.logout()
	#! /usr/bin/env python
	# requires pip
	# pip install rt
	import rt
	import urllib3
	import argparse

	"""
	Create ticket using python-rt interface
	https://github.com/CZ-NIC/python-rt

	Defaults fields are:
	Queue
	Owner
	Subject
	Text

	Custom fields are:
	IP
	Port
	Description

	Add more to suit your needs/desires
	"""

	# Disable urllib3 warning for self-signed cert
	urllib3.disable_warnings()

	# Add site specific data
	RTIR_host = ''
	RTIR_user = ''
	RTIR_pass = ''
	# Change to http/s depending on env
	RTIR_uri = 'https://' + RTIR_host + '/REST/1.0/'

	# Build args to generate data
	parser = argparse.ArgumentParser(description='Create RT Ticket from ElastAlert')
	parser.add_argument('--queue', action="store", default='Elastalert', help='Queue to use for ticket')
	parser.add_argument('--owner', action="store", default='root', help='Responder making ticket')
	parser.add_argument('--subject', action="store", default='ElastAlert', help='Subject of ticket')
	parser.add_argument('--text', action="store", default='ElastAlert Ticket', help='Summarized info on ticket')
	parser.add_argument('--ip', action="store", default='', help='IP in alert')
	parser.add_argument('--port', action="store", default='', help='Port in alert')
	parser.add_argument('--description', action="store", default='', help='Description of ticket')

	args = parser.parse_args()

	# SSL/TLS cert verification is default.. add "verify_cert=False" if using self-signed
	RTIR_Rt = rt.Rt(RTIR_uri, RTIR_user, RTIR_pass, verify_cert=False)
	RTIR_Rt.login()
	RTIR_Rt.create_ticket(Queue=args.queue, Owner=args.owner, Subject=args.subject, Text=args.text, CF_IP=args.ip, CF_Port=args.port, CF_Description=args.description)
	RTIR_Rt.logout()