def answer_false(event, action):
value = action["value"]
value = json.loads(value)
print_json({
"type": "Slack",
"message": "Interactive Event Value",
"value": value,
})
message = event["message"]
alert_id = value["SystemAlertId"]
user = event["user"],
channel_id = event["container"]["channel_id"]
blocks = message["blocks"]
blocks[2] = {
"type": "section",
"block_id": "reason",
"fields": [
{"type": "mrkdwn", "text": "*応答*"},
{"type": "mrkdwn", "text": "心当たりがない"},
{"type": "mrkdwn", "text": "*応答ユーザー*"},
{"type": "mrkdwn", "text": user[0]["username"]}
]
}
set_status(alert_id, False)
slack_api_token = kms_decrypted("SLACK_API_TOKEN")
slack_chat = Slack.Chat(token=slack_api_token)
post_args = {
"channel": channel_id,
"text": message["text"],
"ts": message["ts"],
"blocks": blocks,
}
slack_chat.update_message(**post_args)
def view_submission(event):
"""
@brief 入力用Modal ViewからSubmitssion Callbackの受け取り
@params[in] event イベントペイロード
@details 入力値を取得しprivate_metadataから呼出元メッセージを特定し
@n chat.update APIにて入力値を呼び出し元に反映します
"""
view = event["view"]
private_metadata = json.loads(view["private_metadata"])
container = private_metadata["container"]
message = private_metadata["message"]
channel_id = container["channel_id"]
blocks = message["blocks"]
user = private_metadata["user"]
action_value = private_metadata["action_value"]
reason = view["state"]["values"]["reason_input"]["reason_text"]["value"]
status = action_value["Status"]
alert_id = action_value["SystemAlertId"]
message_id = action_value["MessageId"]
blocks[2] = {
"type": "section",
"block_id": "reason",
"fields": [
{"type": "mrkdwn", "text": "*応答*"},
{"type": "mrkdwn", "text": "意図している"},
{"type": "mrkdwn", "text": "*応答ユーザー*"},
{"type": "mrkdwn", "text": user["username"]},
{"type": "mrkdwn", "text": "*理由*"},
{"type": "mrkdwn", "text": reason}
]
}
reason = "[{}]{}".format(user["username"], reason)
result = set_status(alert_id, status, reason)
if result:
slack_api_token = kms_decrypted("SLACK_API_TOKEN")
slack_chat = Slack.Chat(token=slack_api_token)
post_args = {
"channel": channel_id,
"text": message["text"],
"ts": message["ts"],
"blocks": blocks,
}
print_json({
"type": "Slack",
"message": "Update Message",
"metadata": post_args
})
slack_chat.update_message(**post_args)
remove_message(message_id, alert_id)
def main_function(events):
slack_api_token = kms_decrypted("SLACK_API_TOKEN")
slack_bot_token = kms_decrypted("SLACK_BOT_TOKEN")
channel_id = kms_decrypted("SLACK_CHANNEL_ID")
slack_chat = Slack.Chat(token=slack_api_token)
for event in events:
body = event.get("body", None)
if body is None:
continue
id = set_ignore_queue(body)
body = json.loads(body)
username = body["Name"].replace('assumed-role/sso/', '')
body["MessageId"] = id
blocks = []
blocks.append({
"type":
"section",
"block_id":
"alert",
"text": {
"type": "mrkdwn",
"text": "@{}\nAzure Sentinel 警告通知".format(username)
},
"fields": [
{
"type": "mrkdwn",
"text": "*アラート名*"
},
{
"type": "mrkdwn",
"text": body["AlertName"]
},
{
"type": "mrkdwn",
"text": "*アラート概要*"
},
{
"type": "mrkdwn",
"text": body["Description"]
},
]
})
blocks.append({"type": "divider"})
elements = []
body["Status"] = True
elements.append({
"action_id": "answer_true",
"type": "button",
"text": {
"type": "plain_text",
"text": "意図している"
},
"value": json.dumps(body)
})
body["Status"] = False
elements.append({
"action_id": "answer_false",
"type": "button",
"text": {
"type": "plain_text",
"text": "心当たりがない"
},
"value": json.dumps(body)
})
blocks.append({
"block_id": "answer",
"type": "actions",
"elements": elements
})
post_args = {
"channel": channel_id,
"text": "Azure Sentinel 警告通知",
"blocks": blocks,
"link_names": True,
"mrkdwn": True
}
print_json({
"type": "Slack",
"message": "メッセージ送信",
"channel-id": channel_id,
"payload": post_args,
})
result = slack_chat.post_message(**post_args)
def main_function(data, context):
credential_setting()
body = data.get("body", {})
event = body.get("event", {})
text = event.get("text", None)
channel_id = event.get("channel", None)
channel_type = event.get("channel_type", None)
ts = event.get("ts", None)
files = event.get("files", [])
user_id = event.get("user")
thread_ts = event.get("thread_ts", None)
blocks = event.get("blocks", None)
links = []
for file in files:
try:
id, name, link = transfer(file, event)
links.append(link)
except urllib.error.HTTPError as e:
if e.code == 404:
print_json({
"level": "warning",
"type": "Slack",
"message": "Slack上にFileが存在しません",
"id": file["id"],
"name": file["name"]
})
continue
raise e
except Exception as e:
raise e
if len(links) == 0:
return
# Slack処理
user_info = slack_user.info(user_id)
profile = user_info["user"]["profile"]
user_icon = profile.get("image_original", profile["image_192"])
user_name = profile.get("display_name")
if user_name == "":
user_name = profile.get("real_name")
if channel_type == "im":
channel_id = user_id
try:
slack_chat = Slack.Chat(token=slack_bot_token)
message = {
"channel": channel_id,
"text": "{}\n{}".format(text, "\n".join(links)),
"link_names": True,
"username": user_name,
"icon_url": user_icon,
"thread_ts": thread_ts
}
print_json({
"type": "Slack",
"message": "Slack上にメッセージをPostします",
"data": message
})
slack_chat.post_message(**message)
except Exception as e:
raise e
# 古いメッセージを削除
try:
print_json({
"type": "Slack",
"message": "Slack上の古いメッセージを削除します",
"channel": channel_id,
"ts": ts
})
slack_chat = Slack.Chat(token=slack_token)
slack_chat.delete(channel=channel_id, ts=ts, as_user=True)
except Exception as e:
print_json({
"type": "Slac",
"level": "error",
"request-id": lambda_tools.aws_request_id,
"channel": channel_id,
"ts": ts,
"message": "メッセージ削除に失敗しました[{}]".format(str(e))
})
# Slack上のファイルを削除
slack_file = Slack.File(token=slack_token)
for file in files:
try:
print_json({
"type": "Slack",
"message": "Slack上のファイルを削除します",
"file": file["id"],
"name": file["name"]
})
slack_file.delete(file=file["id"])
except Exception as e:
print_json({
"type": "lambda",
"level": "error",
"request-id": lambda_tools.aws_request_id,
"message": "ファイル削除に失敗しました[{}]".format(str(e)),
"file": file["id"],
"name": file["name"]
})