[core] Moved pymsteams to package.py

[docs] Corrected docstring for teams and added teams to outputs [core] Added Alert section to card (didn't have the alert_id which made it confusing previously) [testing] re-wrote the tests Signed-off-by: jack1902 <[email protected]>
airbnb · Jan 27, 2020 · 63b3142 · 63b3142
1 parent cef9a9a
commit 63b3142
Show file tree

Hide file tree

Showing 5 changed files with 415 additions and 175 deletions.
diff --git a/conf/lambda.json b/conf/lambda.json
@@ -44,9 +44,6 @@
         "threshold": 0
       }
     },
-    "third_party_libraries": [
-      "pymsteams"
-    ],
     "timeout": 60,
     "vpc_config": {
       "security_group_ids": [],

diff --git a/docs/source/outputs.rst b/docs/source/outputs.rst
@@ -42,7 +42,7 @@ Adding a new configuration for a currently supported service is handled using ``
     - ``<SERVICE_NAME>`` above should be one of the following supported service identifiers:
       ``aws-cloudwatch-log``, ``aws-firehose``, ``aws-lambda``, ``aws-s3``, ``aws-sns``, ``aws-sqs``,
       ``carbonblack``, ``github``, ``jira``, ``komand``, ``pagerduty``, ``pagerduty-incident``,
-      ``pagerduty-v2``, ``phantom``, ``slack``
+      ``pagerduty-v2``, ``phantom``, ``slack``, ``teams``
 
 For example:
  - ``python manage.py output slack``

diff --git a/streamalert/alert_processor/outputs/teams.py b/streamalert/alert_processor/outputs/teams.py
@@ -44,7 +44,7 @@ def get_user_defined_properties(cls):
         Every output should return a dict that contains a 'descriptor' with a description of the
         integration being configured.
 
-        Microsoft Teams also requires a user provided 'webhook' url that is comprised of the Teams
+        Microsoft Teams also requires a user provided 'webhook' url that is composed of the Team's
         api url and the unique integration key for this output. This value should be should be
         masked during input and is a credential requirement.
 
@@ -78,6 +78,7 @@ def _format_message(cls, alert, publication, webhook_url):
         Args:
             alert (Alert): The alert
             publication (dict): Alert relevant to the triggered rule
+            webhook_url (str): The webhook_url to send the card too
 
         Returns:
             pymsteams.connectorcard: The message to be sent to Teams
@@ -110,18 +111,12 @@ def _format_message(cls, alert, publication, webhook_url):
         teams_card.text(description)
         teams_card.color(card_color)
 
-        if with_record:
-            # Instantiate the card section
-            record_section = pymsteams.cardsection()
-
-            # Set the title
-            record_section.activityTitle("StreamAlert Alert Record")
+        # Add the Alert Section
+        teams_card.addSection(cls._generate_alert_section(alert))
 
-            # Add the raw alert as key/value pairs
-            for key, value in alert.record.items():
-                record_section.addFact(key, str(value))
-
-            teams_card.addSection(record_section)
+        if with_record:
+            # Add the record Section
+            teams_card.addSection(cls._generate_record_section(alert.record))
 
         if "@teams.additional_card_sections" in publication:
             teams_card = cls._add_additional_sections(
@@ -130,6 +125,51 @@ def _format_message(cls, alert, publication, webhook_url):
 
         return teams_card
 
+    @classmethod
+    def _generate_record_section(cls, record):
+        """Generate the record section
+
+        This adds the entire record to a section as key/value pairs
+
+        Args:
+            record (dict): asd
+        Returns:
+            record_section (pymsteams.cardsection): record section for the outgoing card
+        """
+        # Instantiate the card section
+        record_section = pymsteams.cardsection()
+
+        # Set the title
+        record_section.activityTitle("StreamAlert Alert Record")
+
+        # Add the record as key/value pairs
+        for key, value in record.items():
+            record_section.addFact(key, str(value))
+
+        return record_section
+
+    @classmethod
+    def _generate_alert_section(cls, alert):
+        """Generate the alert section
+
+        Args:
+            alert (Alert): The alert
+        Returns:
+            alert_section (pymsteams.cardsection): alert section for the outgoing card
+        """
+
+        # Instantiate the card
+        alert_section = pymsteams.cardsection()
+
+        # Set the title
+        alert_section.activityTitle("Alert Info")
+
+        # Add basic information to the alert section
+        alert_section.addFact("rule_name", alert.rule_name)
+        alert_section.addFact("alert_id", alert.alert_id)
+
+        return alert_section
+
     @staticmethod
     def _add_additional_sections(teams_card, additional_sections):
         """Add additional card sections to the teams card
@@ -202,10 +242,13 @@ def _dispatch(self, alert, descriptor):
         """
         creds = self._load_creds(descriptor)
         if not creds:
+            LOGGER.error("No credentials found for descriptor: %s", descriptor)
             return False
 
+        # Create the publication
         publication = compose_alert(alert, self, descriptor)
 
+        # Format the message
         teams_card = self._format_message(alert, publication, creds["url"])
 
         try:

diff --git a/streamalert_cli/manage_lambda/package.py b/streamalert_cli/manage_lambda/package.py
@@ -54,6 +54,7 @@ class LambdaPackage:
         'netaddr': 'netaddr==0.7.19',
         'policyuniverse': 'policyuniverse==1.3.2.1',
         'requests': 'requests==2.22.0',
+        'pymsteams': 'pymsteams==0.1.12'
     }
 
     def __init__(self, config):
@@ -226,7 +227,7 @@ class AlertProcessorPackage(LambdaPackage):
         'streamalert/shared'
     }
     package_name = 'alert_processor'
-    package_libs = {'cbapi', 'netaddr', 'requests'}
+    package_libs = {'cbapi', 'netaddr', 'pymsteams', 'requests'}
 
 
 class AlertMergerPackage(LambdaPackage):