Creating a Saved Script to Generate an Email Alert

To create a saved script to generate a custom email alert, we create a shell script to generate the email, and then call that script from Stellar Cyber.

You must have an email program installed, of course. We use SSMTP in our example.

Creating the Shell Script

To create the shell script:

  1. Create a file named mail.sh.
  2. Make note of where you created it. Ours is in the home/aella/ directory.
  3. Enter your script. Our script is:

    #! /bin/bash

    recipient=$1

    event_category=$2

    event_name=$3

    event_type=$4

    event_index=$5

    event_id=$6

    if [ $event_type == 'action' ]; then

    event_type='actions-exfiltration'

    elif [ $event_type == 'exploit' ]; then

    event_type='exploitation'

    elif [ $event_type == 'install' ]; then

    event_type='installation'

    fi

    cat > /tmp/mail.txt << EOF

    Subject: $2 - $3 Alert

    From: stellarcyber@naver.com

    Content-Type: text/html; charset="utf8"<html>

    <body>

    Click this URL to check the event: https://<IP address of Stellar Cyber>/detect/event/$event_index/amsg/$event_id <br>

    Click this URL to enter the category: https://<IP address of Stellar Cyber>/detect/$event_category/$event_type/$event_name

    </body>

    </html>

    EOFssmtp $recipient < /tmp/mail.txt

  4. Save the file.

Calling the Shell Script from Stellar Cyber

To call the shell script from Stellar Cyber:

  1. Log in to Stellar Cyber.

  2. Select System | Saved Scripts.

    The Script Template page appears.

  3. Select Create to add a new script.

    The Add Script Template screen appears.

  4. Enter a Name.

    Each script must have a unique name. This field does not support multibyte characters. You cannot edit the name after you submit. We entered Email Alert2.

  5. Choose a Tenant Name.

    We chose Root Tenant. You cannot edit the tenant after you submit.

  6. In the Script Body, call the script you created earlier.

    Our Script Body is:

    bash /home/aella/mail.sh <Your Email Address> {{_source.event_category}} {{_source.event_name}} {{_source.event_type}} {{_index}} {{_id}}

  7. Submit.

    The script is saved and added to the table.