zeek-notice-telegram

https://github.com/corelight/zeek-notice-telegram
5 2 3 1 Last Push 4/15/24, 9:34 PM

zeek-notice-telegram

Zeek package that extends Zeek's Notice Framework to enable sending notices over Telegram. The zeek-notice-slack package was used as inspiration.

Installation

$ zkg install zeek-notice-telegram

Otherwise, you can clone this repo and install locally with zkg.

Configuration

In order to use this package, you must create a Telegram bot and identify your user ID or group chat ID. After creating a bot, you will receive a token $TOKEN from @BotFather. After chatting with @userinfobot you will have your $CHAT_ID. To properly configure this package, you will need to:

redef Notice::telegram_token = "$TOKEN";
redef Notice::telegram_chat_id = "$CHAT_ID";

directly, or modify them using the Configuration Framework. If either of these are not redefined, reporter warnings will be generated and the Telegram notifications will not work.

Usage

In your script, all notices can be sent over Telegram using the following hook:

hook Notice::policy(n: Notice::Info)
    {
    add n$actions[Notice::ACTION_TELEGRAM];
    }

Package Version :

Description :

Package that extends the Notice Framework to include
`ACTION_TELEGRAM` for sending messages on notices over Telegram.

Script Dir :

scripts