Send a message to slack when clients become enrolled.
This artifact triggers when a client is interrogated within 60 seconds of it being seen for the first time.
name: Server.Slack.Clients.Enrolled
description: |
Send a message to slack when clients become enrolled.
This artifact triggers when a client is interrogated within 60
seconds of it being seen for the first time.
type: SERVER_EVENT
parameters:
- name: FirstSeenDelay
default: "60"
type: int
description: |
The time between first_seen_time and Generic.Client.Info collection.
- name: SlackToken
description: |
The token URL obtained from Slack. Leave blank to use server metadata.
e.g. https://hooks.slack.com/services/XXXX/YYYY/ZZZZ
sources:
- query: |
LET token_url = if(
condition=SlackToken,
then=SlackToken,
else=server_metadata().SlackToken)
-- Returns an event for each interrogation that occurs within 60 seconds
-- of first seen timestamp.
LET completions = SELECT *,
client_info(client_id=ClientId) AS ClientInfo ,
now() AS Now
FROM watch_monitoring(artifact="System.Flow.Completion")
WHERE Flow.artifacts_with_results =~ "Generic.Client.Info/BasicInformation"
AND Now - ClientInfo.first_seen_at < FirstSeenDelay
-- Sends the message to a slack channel.
LET SendToSlack(Message) = SELECT *
FROM http_client(
method="POST",
headers=dict(`Content-Type`="application/json"),
data=serialize(format="json", item=dict(text=Message)),
url=token_url)
SELECT * FROM foreach(row=completions, query={
SELECT * FROM foreach(row={
SELECT * FROM source(
artifact="Generic.Client.Info/BasicInformation",
client_id=ClientId, flow_id=FlowId)
}, query={
SELECT * FROM SendToSlack(
Message=format(format="Enrollment FROM %v with ClientID %v!",
args=[Fqdn, ClientId]))
})
})