{"id":23010082,"url":"https://github.com/dmdhrumilmistry/elk-alerts","last_synced_at":"2025-04-02T16:15:22.762Z","repository":{"id":190153779,"uuid":"681741110","full_name":"dmdhrumilmistry/elk-alerts","owner":"dmdhrumilmistry","description":"ELK slack integration alternative for alerting ","archived":false,"fork":false,"pushed_at":"2023-08-23T12:09:17.000Z","size":15,"stargazers_count":2,"open_issues_count":0,"forks_count":0,"subscribers_count":2,"default_branch":"master","last_synced_at":"2025-02-08T07:08:53.164Z","etag":null,"topics":["blue-team-tool","elk","elk-alerts","slack-bot","slack-webhook"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/dmdhrumilmistry.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null}},"created_at":"2023-08-22T16:52:31.000Z","updated_at":"2024-03-30T19:53:05.000Z","dependencies_parsed_at":"2023-08-23T13:24:57.844Z","dependency_job_id":null,"html_url":"https://github.com/dmdhrumilmistry/elk-alerts","commit_stats":null,"previous_names":["dmdhrumilmistry/elk-alerts"],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dmdhrumilmistry%2Felk-alerts","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dmdhrumilmistry%2Felk-alerts/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dmdhrumilmistry%2Felk-alerts/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dmdhrumilmistry%2Felk-alerts/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/dmdhrumilmistry","download_url":"https://codeload.github.com/dmdhrumilmistry/elk-alerts/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":246847137,"owners_count":20843444,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["blue-team-tool","elk","elk-alerts","slack-bot","slack-webhook"],"created_at":"2024-12-15T09:16:53.687Z","updated_at":"2025-04-02T16:15:22.724Z","avatar_url":"https://github.com/dmdhrumilmistry.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"# ELK alerts\n\nSimple Alerting tool which queries elasticsearch for data, filters it and sends alerts on slack.\n\n## Installation\n\n### Using GO Install\n\n```bash\ngo install github.com/dmdhrumilmistry/elk-alerts@latest\n```\n\n### Using git clone\n\n```bash\ngit clone https://github.com/dmdhrumilmistry/elk-alerts.git\ncd elk-alerts\ngo install\n```\n\n## Usage\n\n- Basic Usage\n\n    ```bash\n    elk-alerts -f config.yaml\n    ```\n\n- Set crontab for periodic alerts\n\n## Example Config file\n\n```yaml\n# this can help to detect directory bruteforcing\nelk_host: http://localhost:9200\nelk_username: elk_alerts\nelk_password: 'your_super_secure_password'\nelk_index: 'your-index-*'\nelk_threshold: 100\nelk_query: |\n  {\n    \"query\": {\n      \"bool\": {\n        \"filter\": [\n          {\n            \"range\": {\n              \"@timestamp\": {\n                \"gte\": \"now-5m\"\n              }\n            }\n          },\n          {\n            \"term\": {\n              \"response.keyword\": {\n                \"value\": 404\n              }\n            }\n          }\n        ]\n      }\n    },\n    \"size\": 0,\n    \"aggs\": {\n      \"aggs_data\": {\n        \"terms\": {\n          \"field\": \"client_ip.keyword\"\n        }\n      }\n    }\n  }\n\n# aggs must contain aggs_data\nwhitelist: ['1.1.1.1','1.0.0.1']\n\n# slack webhook configs\nslack_webhook: https://hooks.slack.com/services/your/slack/webhook\nslack_message_title: \"*Test Message* :bomb:\"\n```\n\n- `elk_alerts` must have read only permission to work.\n\n- replace `elk_query` param with query from elk devtools console.\n\n- Tool provide option to whitelist ips from alerts.\n\n- `aggs` must have `aggs_data` key in order to work correctly.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdmdhrumilmistry%2Felk-alerts","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fdmdhrumilmistry%2Felk-alerts","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdmdhrumilmistry%2Felk-alerts/lists"}