# # /etc/crowdsec/notifications/discord.yaml # type: http name: discord log_level: info format: | { "embeds": [ { {{range . -}} {{$alert := . -}} {{range .Decisions -}} {{- $cti := .Value | CrowdsecCTI -}} "timestamp": "{{$alert.StartAt}}", "title": "Crowdsec Alert", "color": 16711680, "description": "Potential threat detected. View details in [Crowdsec Console]()", "url": "https://app.crowdsec.net/cti/{{.Value}}", {{if $alert.Source.Cn -}} "image": { "url": "https://maps.geoapify.com/v1/staticmap?style=osm-bright-grey&width=600&height=400¢er=lonlat:{{$alert.Source.Longitude}},{{$alert.Source.Latitude}}&zoom=8.1848&marker=lonlat:{{$alert.Source.Longitude}},{{$alert.Source.Latitude}};type:awesome;color:%23655e90;size:large;icon:industry|lonlat:{{$alert.Source.Longitude}},{{$alert.Source.Latitude}};type:material;color:%23ff3421;icontype:awesome&scaleFactor=2&apiKey=APIKEYHERE" }, {{end}} "fields": [ {{if and $alert.MachineID (ne $alert.MachineID "N/A") -}} { "name": "Hostname", "value": "`{{$alert.MachineID}}`", "inline": "true" }, {{end -}} {{if env "HOST_HOSTNAME" -}} { "name": "LAPI", "value": "`{{ env "HOST_HOSTNAME" }}`", "inline": "true" }, {{else if env "HOST" -}} { "name": "LAPI", "value": "`{{ env "HOST" }}`", "inline": "true" }, {{else if Hostname -}} { "name": "LAPI", "value": "`{{ Hostname }}`", "inline": "true" }, {{end -}} { "name": "Scenario", "value": "`{{ .Scenario }}`", "inline": "true" }, { "name": "IP", "value": "[{{.Value}}]()", "inline": "true" }, { "name": "Ban Duration", "value": "{{.Duration}}", "inline": "true" }, {{if $alert.Source.Cn -}} { "name": "Country", "value": "{{$alert.Source.Cn}} :flag_{{ $alert.Source.Cn | lower }}:", "inline": "true" } {{if $cti.Location.City -}} , { "name": "City", "value": "{{$cti.Location.City}}", "inline": "true" }, { "name": "Maliciousness", "value": "{{mulf $cti.GetMaliciousnessScore 100 | floor}} %", "inline": "true" } {{end}} {{end}} {{if not $alert.Source.Cn -}} { "name": "Location", "value": "Unknown :pirate_flag:" } {{end}} {{end -}} {{end -}} {{range . -}} {{$alert := . -}} {{if GetMeta $alert "target_fqdn" -}} , { "name": "Target", "value": "{{range (GetMeta $alert "target_fqdn" | uniq) -}}`{{.}}`\n{{ end -}}" } {{end}} {{range .Meta -}} , { "name": "{{.Key}}", "value": "{{ (splitList "," (.Value | replace "\"" "`" | replace "[" "" | replace "]" "")) | join "\\n"}}" } {{end -}} {{end -}} ] } ] } url: https://discord.com/api/webhooks/ # ^^^^^^^^^^^^^^^^^^^^^^^^^^^^ # Your ID+Token Here method: POST headers: Content-Type: application/json