From d32e5c10b8c2473abfe8d6cd405286e00346b2d2 Mon Sep 17 00:00:00 2001 From: christophetd Date: Wed, 3 Apr 2019 17:22:58 +0200 Subject: [PATCH] Allow generating Elastalert rules with the http_post alert type without specifying a URL at generation time --- tools/sigma/backends/elasticsearch.py | 21 +++++++++++---------- 1 file changed, 11 insertions(+), 10 deletions(-) diff --git a/tools/sigma/backends/elasticsearch.py b/tools/sigma/backends/elasticsearch.py index 016fbd29647..551fc9af9ba 100644 --- a/tools/sigma/backends/elasticsearch.py +++ b/tools/sigma/backends/elasticsearch.py @@ -671,19 +671,20 @@ def generate(self, sigmaparser): rule_object['smtp_auth_file'] = self.smtp_auth_file if 'http_post' in alert_methods: if self.http_post_url is None: - print('Warning: the Elastalert HTTP POST method is selected but no URL has been provided. This alert method will be ignored', file=sys.stderr) + print('Warning: the Elastalert HTTP POST method is selected but no URL has been provided.', file=sys.stderr) else: - rule_object['alert'].append('post') rule_object['http_post_url'] = self.http_post_url - if self.http_post_include_rule_metadata: - rule_object['http_post_static_payload'] = { - 'sigma_rule_metadata': { - 'title': title, - 'description': description, - 'level': level, - 'tags': rule_tag - } + + rule_object['alert'].append('post') + if self.http_post_include_rule_metadata: + rule_object['http_post_static_payload'] = { + 'sigma_rule_metadata': { + 'title': title, + 'description': description, + 'level': level, + 'tags': rule_tag } + } #If alert is not define put debug as default if len(rule_object['alert']) == 0: rule_object['alert'].append('debug')