Table of Content

  • Introduction
  • Steps
  • Reference Links


Introduction 


Postee is a simple message routing application that receives JSON input messages through a webhook interface and delivers them based on rules to a set of collaboration systems, including JIRA, Email, Slack, Microsoft Teams, ServiceNow, Splunk, and Generic WebHook.


The primary use of Postee is to act as a notification component for Aqua Security products. It's extremely useful for sending vulnerability scan results or audit alerts from Aqua Platform to collaboration systems.


Steps:-


1. Go to the  GitHub link and clone it your local system.


git clone https://github.com/aquasecurity/postee


2.  Go to the directory postee

cd postee/


3. Build postee image

docker build -t aquasec/postee:latest .

4. To run Postee as a Docker container, you mount the cfg.yaml to '/config/cfg.yaml' path in the Postee container.


docker run -d --name=postee -v /root/postee/cfg.yaml://config/cfg.yaml -e AQUAALERT_CFG=/config/cfg.yaml -e AQUAALERT_URL=0.0.0.0:8084 -e       AQUAALERT_TLS=0.0.0.0:8444 -p 8444:8444 -p 8084:8084 aquasec/postee:latest


5. Sample CFG file to alert on email. 

root@ip-10-0-5-107:~/postee# cat cfg.yaml 
---
- type: common   #  Common settings for all plugins
  AquaServer: http://ec2-34-214-21-44.us-west-2.compute.amazonaws.com:8080   # my aqua openshift url
  Max_DB_Size: 1000   #  Max size of DB. MB. if empty then unlimited
  Delete_Old_Data: 10   #  delete data older than N day(s).  If empty then we do not delete.
  DbVerifyInterval: 1   #  hours. an Interval between tests of DB. Default: 1 hour

- name: my-email
  type: email
  enable: true
  user: my smtp user # Mandatory: SMTP user name (e.g. johndoe@gmail.com)
  password: my smtp passwd # Mandatory: SMTP password
  host: my smtp host # Mandatory: SMTP host name (e.g. smtp.gmail.com)
  port: 587 # Mandatory: SMTP server port (e.g. 587)
  sender: anjali.nair@aquasec.com # Mandatory: The email address to use as a sender
  recipients: [anjali.nair@aquasec.com]
  Policy-Min-Vulnerability: low   #  (what is the minimum vulnerability severity that triggers a ticket)
  Policy-Non-Compliant: false  # Optional. Open a ticket only if image is non-compliant (true) or in any case (false)
root@ip-10-0-5-107:~/postee#

6. When the scanning is triggered at Aqua Console, you will get an email like below.




Postee Container Logs at the same time:


Reference Links:


https://github.com/aquasecurity/postee