Meraki Webhook and Pagerduty hide "shared secret"

SOLVED
Mikanator
Here to help

Meraki Webhook and Pagerduty hide "shared secret"

Hello,

we have the meraki and pagerduty integration working

using the custom code provided by cisco for the event transformation.

 

we are using the "shared secret" as a filter for incoming alerts.

 

now we are wanting to hide from the incident payload so that users/ticket do not see the "shared secret"

anyone have any luck in doing this?  we have tried the splice function and it did not work...

 

here is the current code:

 

/ Consume Meraki Alert via Webhook
var body = PD.inputRequest.body;
 
// Set Alert Severity
var severity = "warning";
// critical
// error
// warning
// info
// unknown
 
if(body.alertType == "Settings changed") {severity = "info";}
if(body.alertType == "Motion detected") {severity = "info";}
if(body.alertType == "Network usage alert") {severity = "warning";}
if(body.alertType == "APs went down") {severity = "critical";}
if(body.alertType == "Uplink status changed" && !body.alertData.uplink) {severity = "critical";}
 

var event_type = "PD.Trigger";
//PD.Trigger - use this event type to trigger a new event
//PD.Resolve - use this event type to resolve a triggered incident
//PD.Acknowledge - use this event type to acknowledge a triggered incident
 
//if (body.alertType == "APs came up") {event_type="PD.Resolve";}
 
//var title = body.alertType+": "+body.networkName;
 
var description = body.alertType+": "+body.networkName;
 
// Format payload
var cef_event = {
    event_type: event_type,
      //title: title,
      description: description,
    severity: severity,
    source_origin: body.networkId,
    dedup_key: body.alertId,
    service_group: body.organizationId,
      event_action: PD.Trigger,
      details: body
}
 
// Check secret and store event
const SECRET = "xxx123";
 
if(body.sharedSecret == SECRET){ 
   PD.emitCEFEvents([cef_event]);
}
1 ACCEPTED SOLUTION

Brilliant!

 

the idea worked.

 

the actual syntax is:

 

// Check secret and store event
const SECRET = "xxx123";
 
if(body.sharedSecret == SECRET){ 
   body.sharedSecret = null                <----- Blank secret from data (no brackets)
   PD.emitCEFEvents([cef_event]);

View solution in original post

4 REPLIES 4
jdsilva
Kind of a big deal

I've not used the code you're referring to before, and honestly I only really know a bit of python, but it seems to me that if you were to blank out the secret before you do anything else with the data tat should do the trick?

@Mikanator wrote:
 
// Check secret and store event
const SECRET = "xxx123";
 
if(body.sharedSecret == SECRET){ 
   body.sharedSecret = <NULL>                <----- Blank secret from data
   PD.emitCEFEvents([cef_event]);
}

 

Brilliant!

 

the idea worked.

 

the actual syntax is:

 

// Check secret and store event
const SECRET = "xxx123";
 
if(body.sharedSecret == SECRET){ 
   body.sharedSecret = null                <----- Blank secret from data (no brackets)
   PD.emitCEFEvents([cef_event]);
jdsilva
Kind of a big deal

Woohoo!

 

My example was meant as pseudocode since I didn't have any idea what a null character would be in whatever language that actually is 🙂

Well thank you soooo much!

simplicity at its best!

 

Get notified when there are additional replies to this discussion.