Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Missing "Priority" in alertmanager notifications #275

Closed
mac-chaffee opened this issue Oct 8, 2021 · 2 comments · Fixed by #276
Closed

Missing "Priority" in alertmanager notifications #275

mac-chaffee opened this issue Oct 8, 2021 · 2 comments · Fixed by #276
Assignees
@Issif
Labels
kind/feature New feature or request
Milestone
2.25.0

Comments

@mac-chaffee
Copy link
Contributor

Motivation

When Falco sends alertmanager an alert, it looks like it doesn't include the "priority" field:
image

That makes it difficult to route alerts to the right "receivers". For example, I'd like to send "warning" alerts to one notification system and "emergency|alert|critical|error" alerts to a different notification system that is more closely monitored.

Feature

Include the "priority" field in the alertmanager payload as a "label".

Alternatives

Other alerts like the ones that ship with kube-prometheus-stack use a label called "severity" instead of "priority". That could be an option, but "priority" is probably better for consistency with the rest of falco.
@mac-chaffee mac-chaffee added the kind/feature New feature or request label Oct 8, 2021
@Issif Issif self-assigned this Oct 8, 2021
@Issif Issif added this to the 2.25.0 milestone Oct 8, 2021
@Issif
Copy link
Member

Issif commented Oct 8, 2021

Hello, you're right, I missed that, sorry. See alertmanager.go#L77.

It's not a big deal to add this, feel free to propose a PR for fixing it if you feel confident enough. Anyway, I'm planning to work soon on all outputs for adding tags (which are now included in events since falco 0.30.0), I may fix that too.

Thanks for the issue, it will help everybody.

@mac-chaffee
Copy link
Contributor Author

Thanks @Issif ! I can try my hand at contributing. Fingers crossed my laptop's go toolchain is still working correctly!

@mac-chaffee mac-chaffee mentioned this issue Oct 8, 2021
Merged
@Issif Issif moved this to Done in Falcosidekick 2.x Aug 25, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@Issif Issif

Labels
kind/feature New feature or request
Projects
Falcosidekick 2.x
Status: Done
Milestone
2.25.0
Development

Successfully merging a pull request may close this issue.

Add priority label to alertmanager alerts
2 participants
@Issif @mac-chaffee