Cloudera Docs

Integrating Third-Party Portals

You can reach other web services to view additional information about the alert data through dynamically created URLs by adding click-through navigation in the Alerts user interface. For example you can view third-party threat intelligence portals or corporate ticketing systems and directories. You can attach click-through navigation to a cell or a raw in the Alerts UI table.

  1. Change the isEnabled property in /$METRON/web/alerts-ui/assets/context-menu.conf.json file to true: 
    {
  isEnabled: true,
  config: {
  ...
  2. To attach and configure a menu configuration to a column in the Alerts table, use the field ID to target the particular column.
    For example, to configure the "Whois Reputation Service" item for the context menu, add the following information:
    {
  isEnabled: true,
  config: {
    "host": [
      {
        "label": "Whois Reputation Service",
        "urlPattern": "https://www.whois.com/whois/{}"
      }
    ],
  ...
    Clicking on the item opens another browser tab and calls the URL in the urlPattern config field.
    1. The {} at the end of the urlPattern is a default placeholder. If you add any available alert property field at the end of the urlPattern, the value of the host field replaces the default placeholder.
      For example:
      {
  isEnabled: true,
  config: {
    "host": [
      {
        "label": "Whois Reputation Service",
        "urlPattern": "https://www.whois.com/whois/{ip_src_addr}"
      }
    ],
  ...
    2. You can also reference multiple fields and combine default and specific placeholders: 
      {
  isEnabled: true,
  config: {
    "host": [
      {
        "label": "Whois Reputation Service",
        "urlPattern": "https://www.whois.com/whois/{}?srcip={ip_src_addr}&destip={ip_dest_addr}"
      }
    ],
  ...
    3. You can also configure multiple menu items to a particular column: 
      {
  isEnabled: true,
  config: {
    "ip_src_addr": [
      {
        "label": "IP Investigation Notebook",
        "urlPattern": "http://zepellin.example.com:9000/notebook/someid?ip={ip_src_addr}"
      },
      {
        "label": "IP Conversation Investigation",
        "urlPattern": "http://zepellin.example.com:9000/notebook/someid?ip_src_addr={ip_src_addr}&ip_dst_addr={ip_dst_addr}"
      }
    ],
    "host": [
      {
        "label": "Whois Reputation Service",
        "urlPattern": "https://www.whois.com/whois/{}?srcip={ip_src_addr}&destip={ip_dest_addr}"
      }
    ],
  ...
  3. To attach and configure a menu configuration to a row in the Alerts table, you can configure for an alert or a meta alert.
    To cofigure for an alert, use the keyword alertEntry. For a meta alert, use the keyword metaAlertEntry:
    {
  isEnabled: true,
  config: {
    "alertEntry": [
      {
        "label": "Internal ticketing system",
        "urlPattern": "http://mytickets.org/tickets/{id}"
      }
    ],
    "metaAlertEntry": [
      {
        "label": "MetaAlert specific item",
        "urlPattern": "http://mytickets.org/tickets/{id}"
      }
    ],
  ...