vaultsovereign/vm-cloudflare
1
0
Fork 0
Code Issues Pull Requests Actions 3 Packages Projects Releases Wiki Activity
Files
f0b8d962de8f3d8a98b33d43419fa3bcb53eee58
vm-cloudflare/observatory/alertmanager/templates/slack.tmpl
Vault Sovereign 37a867c485 Initial commit: Cloudflare infrastructure with WAF Intelligence 
- Complete Cloudflare Terraform configuration (DNS, WAF, tunnels, access)
- WAF Intelligence MCP server with threat analysis and ML classification
- GitOps automation with PR workflows and drift detection
- Observatory monitoring stack with Prometheus/Grafana
- IDE operator rules for governed development
- Security playbooks and compliance frameworks
- Autonomous remediation and state reconciliation
2025-12-16 18:31:53 +00:00

201 lines
5.1 KiB
Cheetah
Raw Blame History

{{/* Slack notification templates for Cloudflare Mesh Observatory */}}
{{/* Title template */}}
{{ define "slack.cloudflare.title" -}}
{{ if eq .Status "firing" }}{{ .Alerts.Firing | len }} FIRING{{ end }}{{ if and (eq .Status "resolved") (gt (.Alerts.Resolved | len) 0) }}{{ .Alerts.Resolved | len }} RESOLVED{{ end }} | {{ .CommonLabels.alertname }}
{{- end }}
{{/* Color template based on severity */}}
{{ define "slack.cloudflare.color" -}}
{{ if eq .Status "resolved" }}good{{ else if eq .CommonLabels.severity "critical" }}danger{{ else if eq .CommonLabels.severity "warning" }}warning{{ else }}#439FE0{{ end }}
{{- end }}
{{/* Main text body */}}
{{ define "slack.cloudflare.text" -}}
{{ range .Alerts }}
*Alert:* {{ .Labels.alertname }}
*Severity:* {{ .Labels.severity | toUpper }}
*Component:* {{ .Labels.component }}
*Status:* {{ .Status | toUpper }}
*Summary:* {{ .Annotations.summary }}
*Description:* {{ .Annotations.description }}
{{ if .Annotations.runbook_url }}*Runbook:* <{{ .Annotations.runbook_url }}|View Playbook>{{ end }}
*Labels:*
{{ range .Labels.SortedPairs -}}
- {{ .Name }}: `{{ .Value }}`
{{ end }}
*Started:* {{ .StartsAt.Format "2006-01-02 15:04:05 UTC" }}
{{ if eq .Status "resolved" }}*Resolved:* {{ .EndsAt.Format "2006-01-02 15:04:05 UTC" }}{{ end }}
---
{{ end }}
{{- end }}
{{/* Runbook URL template */}}
{{ define "slack.cloudflare.runbook" -}}
{{ if .CommonAnnotations.runbook_url }}{{ .CommonAnnotations.runbook_url }}{{ else }}https://wiki.internal/playbooks/cloudflare{{ end }}
{{- end }}
{{/* Compact alert list for summary */}}
{{ define "slack.cloudflare.alertlist" -}}
{{ range . }}
- {{ .Labels.alertname }} ({{ .Labels.severity }})
{{ end }}
{{- end }}
{{/* Tunnel-specific template */}}
{{ define "slack.cloudflare.tunnel" -}}
{{ range .Alerts }}
*Tunnel Alert*
*Tunnel ID:* {{ .Labels.tunnel_id }}
*Tunnel Name:* {{ .Labels.tunnel_name }}
*Status:* {{ .Status | toUpper }}
{{ .Annotations.description }}
*Action Required:*
{{ if eq .Labels.alertname "TunnelDown" }}
1. Check cloudflared service status
2. Verify network connectivity
3. Run tunnel rotation if unrecoverable
{{ else if eq .Labels.alertname "TunnelRotationDue" }}
1. Schedule maintenance window
2. Execute tunnel rotation protocol
3. Verify new tunnel connectivity
{{ end }}
---
{{ end }}
{{- end }}
{{/* DNS-specific template */}}
{{ define "slack.cloudflare.dns" -}}
{{ range .Alerts }}
*DNS Alert*
*Record:* {{ .Labels.record_name }}
*Type:* {{ .Labels.record_type }}
*Zone:* {{ .Labels.zone }}
*Status:* {{ .Status | toUpper }}
{{ .Annotations.description }}
*Immediate Actions:*
{{ if eq .Labels.alertname "DNSHijackDetected" }}
1. CRITICAL: Potential DNS hijack detected
2. Immediately verify DNS resolution
3. Check Cloudflare audit logs
4. Engage incident response team
{{ else if eq .Labels.alertname "DNSDriftDetected" }}
1. Compare current vs expected records
2. Check for unauthorized changes
3. Run state reconciler if needed
{{ end }}
---
{{ end }}
{{- end }}
{{/* WAF-specific template */}}
{{ define "slack.cloudflare.waf" -}}
{{ range .Alerts }}
*WAF Alert*
*Rule ID:* {{ .Labels.rule_id }}
*Action:* {{ .Labels.action }}
*Source:* {{ .Labels.source_ip }}
*Status:* {{ .Status | toUpper }}
{{ .Annotations.description }}
*Threat Intelligence:*
- Request Count: {{ .Labels.request_count }}
- Block Rate: {{ .Labels.block_rate }}%
- Attack Type: {{ .Labels.attack_type }}
*Recommended Actions:*
{{ if eq .Labels.alertname "WAFMassiveAttack" }}
1. Verify attack is not false positive
2. Consider enabling Under Attack Mode
3. Review and adjust rate limiting
4. Document attack patterns
{{ else if eq .Labels.alertname "WAFRuleBypass" }}
1. Analyze bypassed requests
2. Tighten rule specificity
3. Add supplementary rules
{{ end }}
---
{{ end }}
{{- end }}
{{/* Security/Invariant template */}}
{{ define "slack.cloudflare.security" -}}
{{ range .Alerts }}
*Security Invariant Violation*
*Invariant:* {{ .Labels.invariant_name }}
*Category:* {{ .Labels.category }}
*Status:* {{ .Status | toUpper }}
{{ .Annotations.description }}
*Violation Details:*
- Expected: {{ .Labels.expected_value }}
- Actual: {{ .Labels.actual_value }}
- First Seen: {{ .StartsAt.Format "2006-01-02 15:04:05 UTC" }}
*Compliance Impact:*
This violation may affect:
{{ range split .Labels.frameworks "," -}}
- {{ . }}
{{ end }}
*Remediation Steps:*
1. Review invariant definition
2. Check for authorized changes
3. Run autonomous remediator or manual fix
4. Document change justification
---
{{ end }}
{{- end }}
{{/* Proofchain template */}}
{{ define "slack.cloudflare.proofchain" -}}
{{ range .Alerts }}
*Proofchain Alert*
*Chain:* {{ .Labels.chain_name }}
*Receipt Type:* {{ .Labels.receipt_type }}
*Status:* {{ .Status | toUpper }}
{{ .Annotations.description }}
*Integrity Details:*
- Last Valid Hash: {{ .Labels.last_valid_hash }}
- Expected Hash: {{ .Labels.expected_hash }}
- Computed Hash: {{ .Labels.computed_hash }}
*This indicates potential:*
- Ledger tampering
- Receipt corruption
- Chain fork
- Missing anchors
*Immediate Actions:*
1. DO NOT write new receipts until resolved
2. Identify last known-good state
3. Investigate discrepancy source
4. Contact proofchain administrator
---
{{ end }}
{{- end }}
Reference in New Issue View Git Blame Copy Permalink