Created
October 12, 2018 05:38
-
-
Save sduff/3c461f05f907ebd08e7f128237705a0f to your computer and use it in GitHub Desktop.
Splunk alert_webhook with proxy support
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import sys | |
| import json | |
| import urllib2 | |
| import csv | |
| import gzip | |
| from collections import OrderedDict | |
| def send_webhook_request(url, body, user_agent=None): | |
| if url is None: | |
| print >> sys.stderr, "ERROR No URL provided" | |
| return False | |
| print >> sys.stderr, "INFO Sending POST request to url=%s with size=%d bytes payload" % (url, len(body)) | |
| print >> sys.stderr, "DEBUG Body: %s" % body | |
| try: | |
| # sduff - install proxy handler | |
| proxy = urllib2.ProxyHandler({'http': '127.0.0.1'}) | |
| opener = urllib2.build_opener(proxy) | |
| urllib2.install_opener(opener) | |
| # sduff - end of proxy handler code | |
| req = urllib2.Request(url, body, {"Content-Type": "application/json", "User-Agent": user_agent}) | |
| res = urllib2.urlopen(req) | |
| if 200 <= res.code < 300: | |
| print >> sys.stderr, "INFO Webhook receiver responded with HTTP status=%d" % res.code | |
| return True | |
| else: | |
| print >> sys.stderr, "ERROR Webhook receiver responded with HTTP status=%d" % res.code | |
| return False | |
| except urllib2.HTTPError, e: | |
| print >> sys.stderr, "ERROR Error sending webhook request: %s" % e | |
| except urllib2.URLError, e: | |
| print >> sys.stderr, "ERROR Error sending webhook request: %s" % e | |
| except ValueError, e: | |
| print >> sys.stderr, "ERROR Invalid URL: %s" % e | |
| return False | |
| if __name__ == "__main__": | |
| if len(sys.argv) < 2 or sys.argv[1] != "--execute": | |
| print >> sys.stderr, "FATAL Unsupported execution mode (expected --execute flag)" | |
| sys.exit(1) | |
| try: | |
| settings = json.loads(sys.stdin.read()) | |
| url = settings['configuration'].get('url') | |
| body = OrderedDict( | |
| sid=settings.get('sid'), | |
| search_name=settings.get('search_name'), | |
| app=settings.get('app'), | |
| owner=settings.get('owner'), | |
| results_link=settings.get('results_link'), | |
| result=settings.get('result') | |
| ) | |
| user_agent = settings['configuration'].get('user_agent', 'Splunk') | |
| if not send_webhook_request(url, json.dumps(body), user_agent=user_agent): | |
| sys.exit(2) | |
| except Exception, e: | |
| print >> sys.stderr, "ERROR Unexpected error: %s" % e | |
| sys.exit(3) |
This script is 5 years old and was written for Python 2. It does not support Python 3, which handles urllib2 differently
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
05-25-2023 11:45:03.016 +0100 ERROR sendmodalert [1525300 AlertNotifierWorker-0] - action=ecm_dev_alert_webhook STDERR - Traceback (most recent call last):
05-25-2023 11:45:03.017 +0100 ERROR sendmodalert [1525300 AlertNotifierWorker-0] - action=alert_webhook STDERR - File "/opt/splunk/etc/apps/alert_webhook/bin/alert_webhook.py", line 3, in
05-25-2023 11:45:03.017 +0100 ERROR sendmodalert [1525300 AlertNotifierWorker-0] - action=alert_webhook STDERR - import urllib2
05-25-2023 11:45:03.017 +0100 ERROR sendmodalert [1525300 AlertNotifierWorker-0] - action=alert_webhook STDERR - ModuleNotFoundError: No module named 'urllib2'
05-25-2023 11:45:03.025 +0100 INFO sendmodalert [1525300 AlertNotifierWorker-0] - action=alert_webhook - Alert action script completed in duration=73 ms with exit code=1
05-25-2023 11:45:03.025 +0100 WARN sendmodalert [1525300 AlertNotifierWorker-0] - action=alert_webhook - Alert action script returned error code=1