-
Notifications
You must be signed in to change notification settings - Fork 6
/
EDAInsightsMalware.yml
32 lines (27 loc) · 1.08 KB
/
EDAInsightsMalware.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
---
- name: Create an incident in ServiceNow from EDA for Malware Resolution
hosts: localhost
gather_facts: false
tasks:
- name: Include SNOW Ticket role
ansible.builtin.include_role:
name: servicenow_ticket
vars:
servicenow_ticket: "create"
sn_urgency: critical
sn_impact: high
incident_description: "Alert {{ item.payload.matched_rules }} detected on host {{ item.payload.host_name }}"
sn_description: |
The following alert triggered on {{ item.payload.host_name }}:
"Malware {{ item.payload.matched_rules }} detected at {{ item.payload.matched_at }} in {{ item.payload.host_name }}
Red Hat Insights account {{ item.payload.account_id }}"
loop: "{{ insights_mal_data }}"
- name: Notify Mattermost Channel of Malware Incident
hosts: localhost
gather_facts: false
vars:
alert_title: "Malware Issue"
alert_issue_value: "Malware Issue detected"
alert_details_value: "Malware Issue, incident {{ new_incident.results[0].record.number}} created"
roles:
- shadowman_mattermost