Skip to content

Instantly share code, notes, and snippets.

@erikanderson

erikanderson/flatline_test_rule.yaml

Created December 19, 2017 22:40
Show Gist options
  • Save erikanderson/54dae7e9f55c641805b7104d98537518 to your computer and use it in GitHub Desktop.
Save erikanderson/54dae7e9f55c641805b7104d98537518 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
flatline_test_rule.yaml
---
type: flatline
threshold: 1
timeframe:
weeks: 1
buffer_time:
weeks: 1
run_every:
days: 1
index: nessus-*
filter:
- query_string:
query: "*"
realert:
days: 1
alert:
- slack
alert_subject: "[PROD] Flatline alert"
alert_text_type: alert_text_only
alert_text: |
No prod Nessus results in ELK for over 1 week.
slack_webhook_url: https://hooks.slack.com/services/******
slack_username_override: Prod Scanner
slack_channel_override: "#elastalert_testing"
slack_emoji_override: ":skull_and_crossbones:"
slack_msg_color: danger
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment