Creating a Saved Script to Generate an Email Alert
To create a saved script to generate a custom email alert, we create a shell script to generate the email, and then call that script from Stellar Cyber.
You must have an email program installed, of course. We use SSMTP in our example.
Creating the Shell Script
To create the shell script:
- Create a file named mail.sh.
- Make note of where you created it. Ours is in the home/aella/ directory.
-
Enter your script. Our script is:
#! /bin/bash
recipient=$1
event_category=$2
event_name=$3
event_type=$4
event_index=$5
event_id=$6
if [ $event_type == 'action' ]; then
event_type='actions-exfiltration'
elif [ $event_type == 'exploit' ]; then
event_type='exploitation'
elif [ $event_type == 'install' ]; then
event_type='installation'
fi
cat > /tmp/mail.txt << EOF
Subject: $2 - $3 Alert
From: stellarcyber@naver.com
Content-Type: text/html; charset="utf8"<html>
<body>
Click this URL to check the event: https://<IP address of Stellar Cyber>/detect/event/$event_index/amsg/$event_id <br>
Click this URL to enter the category: https://<IP address of Stellar Cyber>/detect/$event_category/$event_type/$event_name
</body>
</html>
EOFssmtp $recipient < /tmp/mail.txt
- Save the file.
Calling the Shell Script from Stellar Cyber
To call the shell script from Stellar Cyber:
-
Log in to Stellar Cyber.
-
Click System | Administration | Saved Scripts. The Script Template page appears.
-
Click Create to add a new script. The Add Script Template screen appears.
-
Enter the Name. Each script must have a unique name. This field does not support multibyte characters. You cannot edit the name after you submit. We entered Email Alert2.
-
Choose a Tenant Name. We chose Root Tenant. You cannot edit the tenant after you submit.
-
In the Script Body, call the script you created earlier. Our Script Body is:
bash /home/aella/mail.sh <Your Email Address> {{_source.event_category}} {{_source.event_name}} {{_source.event_type}} {{_index}} {{_id}}
-
Click Submit. The script is saved and added to the table.