Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

How to send mail to matched username from rule

See original GitHub issue

Hi, I have rule (type change) to detect user login from new IP. Now i want send mail to that user. How can ? for example :

filter:
- query:
    query_string:
      query: "type: ssh"
#- term:
#    type: "ssh"
# (Required)
# The alert is use when a match is found
alert_text: |
    New login from {0} for user {1} at {2}
alert_text_args:
  - src_ip
  - username
  - timestamp
alert_text_type: alert_text_only

I want to send mail to {username}

Thanks!

Issue Analytics

State:
Created 6 years ago
Comments:5 (3 by maintainers)

Top GitHub Comments

1reaction

Qmandocommented, Apr 12, 2017

If you need to normalize the data, either do it before it goes into Elasticsearch (like with logstash), or you need to write an enhancement.

http://elastalert.readthedocs.io/en/latest/recipes/adding_enhancements.html#enhancements

In the enhancement, do something like match['username_field'] = normalize(match['username_field'])

1reaction

Qmandocommented, Apr 11, 2017

You need to add a default email.

email: "something@example.com"

Top Results From Across the Web

Mail flow rule conditions and exceptions (predicates) in ...

In the EAC, in the Properties of this rule section, click Match sender address in message. Note that you might need to click...

Email routing and delivery options for Google Workspace

Use Default routing to set up the default mail delivery for your organization. For example, if you want to send all or most...

Enforcing a match between FROM address and sasl username

This article explains how to ensure that the from address matches the sender's username.

Rule-based matching · spaCy Usage Documentation

All you know is that they are listed as “User name: {username}“. The name itself may contain any character, but no whitespace –...

Content filtering in Amazon EventBridge event patterns

You can combine multiple matching rules into a more complex event pattern. For example, the following event pattern combines anything-but and numeric ....