Skip to content

Commit

Permalink
Adding a mega config file
Browse files Browse the repository at this point in the history
  • Loading branch information
traut committed Jan 6, 2024
1 parent f6cb56b commit 4b92ea0
Showing 1 changed file with 133 additions and 0 deletions.
133 changes: 133 additions & 0 deletions syntax-example.fabric
Original file line number Diff line number Diff line change
@@ -0,0 +1,133 @@
fabric {

cache_dir = "./.fabric"

plugins_registry {
mirror_dir = "/tmp/plugins/"
}

plugin_versions = {
"data.elasticsearch" = "1.2.3"
"content.openai" = ">= 1.2.0, < 2.0.0"
}
}

config data elasticsearch {
cloud_id = "elastic-cloud-id"
api_key = "elastic-cloud-api-key"
}

config content openai "personal_openai_key" {
# `from_env_var` is a built-in function that reads the value of an environment variable
api_key = from_env_var("MY_OPENAI_KEY")
}


content text "disclaimer" {

meta = {
tags = ["required"]
updated_at = "2023-12-26T20:16:01+01:00"
}

# Text is a go-template string. In this example, `now` is an exposed `time.Now`
text = <<-EOT
We strive for accuracy in this article but cannot guarantee it, and we are not liable for any resulting damages or losses. If you have questions or concerns about typos, content errors, or other matters in the article, don't hesitate to contact us at the provided address.
Contact: Example Company -- https://example.company
{{now.UTC.Year}}
EOT
}



document "weekly-alerts-overview" {

meta = {
name = "Weekly Alerts Overview Template"
description = <<-EOT
The overview describes the alerts from the Elastic SIEM and exported to a local JSON file.
EOT

author = "John Smith <[email protected]>"
tags = ["elasticsearch", "alerts", "weekly"]
updated_at = "2023-12-26T20:16:01+01:00"
}


data json "exported_alerts" {
path = "/Users/traut/Sandbox/exported_alerts*.json"
}

data elasticsearch "last_week_alerts" {
index = ".alerts-security.alerts-*"
query_string = "kibana.alert.severity:critical AND @timestamp:[now-7d/d TO now]"
size = 10
}

data elasticsearch "last_week_alerts_another_cluster" {
# Inline configuration that takes precedence over the default configuration
config {
cloud_id = "another-elastic-cloud-id"
api_key = "another-elastic-cloud-api-key"
}

index = ".alerts-security.alerts-*"
query_string = "kibana.alert.severity:critical AND @timestamp:[now-7d/d TO now]"
size = 10
}

title = "Weekly Alerts Overview"

content text {
text = "Every week the security team shares an overview of the alerts created"
}

section "elastic_alerts" {

title = "Elastic SIEM alerts"

content table "alerts_table" {
query = <<-EOT
.data.elasticsearch.last_week_alerts | (
group_by(."kibana.alert.rule.name") |
map({rule_name: .[0]."kibana.alert.rule.name", count: length})
)
EOT

# Attributes specific for `content.table` plugin
columns = ["Rule Name", "Alerts Count"]
datapoints = [".rule_name", ".count"]
}
}

section "exported_alerts" {

title = "Exported alerts"

content table {
query = ".data.json.exported_alerts[]"

# Attributes specific for `content.table` plugin
columns = ["Alert Name", "Rule Name", "Created At"]
datapoints = [".alert_name", ".rule_name", ".created_at"]
}

content openai {
# Referencing the named configuration defined on the root level of the file
config = config.content.openai.personal_openai_key
query = ".data.json.exported_alerts[] | {alert_name,rule_name}"

keep_if_no_data = true
no_data_text = "There are no exported alerts this week"

prompt = "Summarize the list of alerts, described by provided alert name and rule name pairs"
}
}

content ref {
# Referencing the content block defined above on the root level of the file
base = content.text.disclaimer
}
}

0 comments on commit 4b92ea0

Please sign in to comment.