Get alerted by email when rules failed to execute.
- Fetch Elastic SIEM rules via the Kibana Api
- For each rule, check if there is a failure since the last check
- Group failures in a human readable table (HTML)
- Send email
- Repeat each XX seconds
No need of cron jobs, this script includes a scheduler.
Edit docker-compose.yml and fill the environment variables with your settings.
docker-compose up --buildEdit .env and fill the environment variables with your settings. Or directly pass the environment variable when you execute the script.
npm run start
OR
node index.js
| name | description | type | required | default |
|---|---|---|---|---|
| KIBANA_URL | URL of Kibana instance | String | No | http://localhost:5601 |
| SCHEDULE_SECOND | Time (in seconds) between each checks | Integer | No | 600 |
| MAILER_HOST | Mail server address | String | Yes | - |
| MAILER_PORT | Mail server port | Integer | Yes | - |
| MAILER_SECURE | Mail server secure communication | Boolean | No | false |
| MAILER_USER | Mail server username | String | Yes | - |
| MAILER_PASS | Mail server password | String | Yes | - |
| MAILER_FROM | Address used as "from" | String | Yes | - |
| MAILER_TO | Addresses that will receives alerts (separated by comma) | String | Yes | - |
| MAILER_SUBJECT | Mail subject | String | No | [Elastic SIEM] Rules monitoring |