Meraki

Community

Meraki Webhook and Pagerduty hide "shared secret"

Solved
Mikanator
Here to help
‎Apr 3 2020 12:23 PM
‎Apr 3 2020 12:23 PM

Meraki Webhook and Pagerduty hide "shared secret"

Hello,

we have the meraki and pagerduty integration working

using the custom code provided by cisco for the event transformation.

 

we are using the "shared secret" as a filter for incoming alerts.

 

now we are wanting to hide from the incident payload so that users/ticket do not see the "shared secret"

anyone have any luck in doing this?  we have tried the splice function and it did not work...

 

here is the current code:

 

/ Consume Meraki Alert via Webhook
var body = PD.inputRequest.body;
 
// Set Alert Severity
var severity = "warning";
// critical
// error
// warning
// info
// unknown
 
if(body.alertType == "Settings changed") {severity = "info";}
if(body.alertType == "Motion detected") {severity = "info";}
if(body.alertType == "Network usage alert") {severity = "warning";}
if(body.alertType == "APs went down") {severity = "critical";}
if(body.alertType == "Uplink status changed" && !body.alertData.uplink) {severity = "critical";}
 

var event_type = "PD.Trigger";
//PD.Trigger - use this event type to trigger a new event
//PD.Resolve - use this event type to resolve a triggered incident
//PD.Acknowledge - use this event type to acknowledge a triggered incident
 
//if (body.alertType == "APs came up") {event_type="PD.Resolve";}
 
//var title = body.alertType+": "+body.networkName;
 
var description = body.alertType+": "+body.networkName;
 
// Format payload
var cef_event = {
    event_type: event_type,
      //title: title,
      description: description,
    severity: severity,
    source_origin: body.networkId,
    dedup_key: body.alertId,
    service_group: body.organizationId,
      event_action: PD.Trigger,
      details: body
}
 
// Check secret and store event
const SECRET = "xxx123";
 
if(body.sharedSecret == SECRET){ 
   PD.emitCEFEvents([cef_event]);
}
Labels:
0 Kudos
1 Accepted Solution
In response to jdsilva
Mikanator
Here to help
‎Apr 3 2020 1:27 PM
‎Apr 3 2020 1:27 PM

Brilliant!

 

the idea worked.

 

the actual syntax is:

 

// Check secret and store event
const SECRET = "xxx123";
 
if(body.sharedSecret == SECRET){ 
   body.sharedSecret = null                <----- Blank secret from data (no brackets)
   PD.emitCEFEvents([cef_event]);

View solution in original post

4 Replies 4
jdsilva
Kind of a big deal
‎Apr 3 2020 12:55 PM
‎Apr 3 2020 12:55 PM

I've not used the code you're referring to before, and honestly I only really know a bit of python, but it seems to me that if you were to blank out the secret before you do anything else with the data tat should do the trick?

@Mikanator wrote:
 
// Check secret and store event
const SECRET = "xxx123";
 
if(body.sharedSecret == SECRET){ 
   body.sharedSecret = <NULL>                <----- Blank secret from data
   PD.emitCEFEvents([cef_event]);
}

 

http://blog.brokennetwork.ca | @jdsilva
In response to jdsilva
Mikanator
Here to help
‎Apr 3 2020 1:27 PM
‎Apr 3 2020 1:27 PM

Brilliant!

 

the idea worked.

 

the actual syntax is:

 

// Check secret and store event
const SECRET = "xxx123";
 
if(body.sharedSecret == SECRET){ 
   body.sharedSecret = null                <----- Blank secret from data (no brackets)
   PD.emitCEFEvents([cef_event]);
In response to Mikanator
jdsilva
Kind of a big deal
‎Apr 3 2020 1:30 PM
‎Apr 3 2020 1:30 PM

Woohoo!

 

My example was meant as pseudocode since I didn't have any idea what a null character would be in whatever language that actually is 🙂

http://blog.brokennetwork.ca | @jdsilva
In response to jdsilva
Mikanator
Here to help
‎Apr 3 2020 1:36 PM
‎Apr 3 2020 1:36 PM

Well thank you soooo much!

simplicity at its best!

 

0 Kudos
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
© 2024 Cisco Systems, Inc.