WTI Event based Streaming Telemetry Service (Slack EndPoint App)

WTI devices are capable of sending event based JSON data to a program of your choosing utilizing WebHook technology. When an event is triggered on a WTI device the data from the event can be sent to common collection end point and examined at a later time. 


To do this we need to get into the WTI telemetry command and for this example we will use a Slack App as a collection end point.


On the Slack end you need to make a Slack App, when you make this App it will create a Webhook URL. You will need to copy this value to be used for WTI device.


Information on how to create and manage a Slack App can be found here:


https://api.slack.com/apps


After you sign into your api.slack.com account:

  1. Click on the button “Create New App”
  2. Fill in the App Name and which Slack Workspace you want this App assigned.
  3. Click on the Button “Create App”
  4. Click on the dropdown “Add features and functionality”
  5. Click on the Button “Incoming Webhooks”
  6. Click the slider “Activate Incoming Webhooks” to On
  7. Click on the button “Add New Webhook to Workspace”
  8. Choose the channel where you want the information to post, then click on the button “Allow”
  9. Under the Title “Webhook URL”, copy the URL listed, you will use it as a WTI Command below.

When the Slack bot has been created and the Access Token has been copied, you can now login to the WTI device, issue the command


/tel


Choose:


2. Event Based (One Shot Data)


Choose the slot in which you want to make the service.


Below is a sample screen for a Telemetry service that is already complete.


EVENT BASED TELEMETRY DETAILS: [testslack] IPv4/IPv6

  1. 1. Enable: On
  2. 2. Name: testslack
  3. 3. User Name: (undefined)
  4. 4. Password: (undefined)
  5. 5. Shared Secret: (undefined)
  6. 6. Dataset: Custom
  7. 7. Timeout: 10
  8. 8. Retries: 2
  9. 9. Command: https://hooks.slack.com/services/LP843CM6B/VHAH2M6F7/pp663jOnnpnnnnYNyylrmtr
  10. 10. Custom Post String: {‘text’:’%date%, lo=%location% si=%siteid%, at=%assettag%, t=%type%, l=%level%, t=%trigger%, u=%user% m=%message% a=%additional% office’}
  11. 11. Display Status
  12. 12. Display Debug Info

These fields should be filled out to match your setup

  • 1. Enable – Starts the WTI service sending telemetry data.
  • 2. Name – Any arbitrary name you want to name this service.
  • 3. User Name – not used for this particular type of end point
  • 4. Password – not used for this particular type of end point
  • 5. Shared Secret – not used for this particular type of end point
  • 6. Dataset – We choose Custom, but there is also Alert Data
  • 7. Timeout when to give up on sending the command before retying again
  • 8. Retries – How many times to try a command before its signaled a failure
  • 9. Command – The Slack “Webhook URL” copied from above .
  • 10. Custom Post String – This is the string that gets sent to your bot, since not all collectors are the same this string is customizable with variable that can be used to fit you exact needs. Please see below for a more detailed explanation.
  • 11. Display Status – Dynamically changes after a command is send to tell you the response.
  • 12. Display Debug Info – If the debug for the system is on, will contained debug information after a command is sent.

    • After all the parameters are entered, you can back out to the main menu, you should start seeing the event data appearing into your WebEx client when the next event occurs (i.e. a login/logout for example).


    Custom Post String


    Depending on if you are using WebEx, Slack, or your custom WebHook client, the JSON data format required for that client may vary and be rigid to its requirements. To accommodate a varied number of clients, WTI has allowed total customization of the JSON block along with replaceable variables. Below is the sample of JSON that could be sent for a Slack App


    {‘text’:’%date%, lo=%location% si=%siteid%, at=%assettag%, t=%type%, l=%level%, t=%trigger%, u=%user% m=%message% a=%additional% office’}


    The text tag is required by the WebEx API, it is a string with text that will appear in your WebEx client.


    Anything that is enclosed with quotes will be replaced by the corresponding text before it is sent to the WebEx client.


    %date% – UTC unit based date and time


    %location% – The location field of the WTI device


    %siteid% – The Site ID field of the WTI device


    %assettag% – The Asset Tag field of the WTI device


    %type% – the type of alert that the WTI device is generating


    %level% – The level (if there is one defined) for this alert


    %trigger% – What triggered this alert


    %user% – The user (if applicable) that triggered the alert


    %message% – The message that goes along with the alert


    %additional% – Any additional information that was generated by the alert.


    This is the text that should appear in your Slack App when an alert is sent in the example above.


    WTI event 2020-06-08T22:46:02+00:00, loc=LABRACK1 site=CPM-1600-2-EC-158, at=156009, t=audit, l=-1, t=LOGIN Network, u=super m=LOGIN Network SSH Port 22 super a= SSH Port 22 office


    Published on

    Tags: