odfe-monitor-cli icon indicating copy to clipboard operation
odfe-monitor-cli copied to clipboard

Published 20 hours ago verified publisher icon mihirsoni

json: unsupported type: map[interface {}]interface{}

Open esfateev opened this issue 4 years ago • 5 comments

Hi! I've got error "json: unsupported type: map[interface {}]interface{}".

Applied monitor template:

- name: 'Critical vulnerabilities detected'
  enabled: true
  schedule:
      period:
          interval: 8
          unit: HOURS
      cron: null
  inputs:
    - search:
          indices:
            - wazuh-alerts-3.x-*
          query:
              aggregations: {}
              query:
                  bool:
                      adjust_pure_negative: true
                      boost: 1
                      filter:
                        - range:
                              '@timestamp':
                                  boost: 1
                                  format: epoch_millis
                                  from: '{{period_end}}||-1d'
                                  include_lower: true
                                  include_upper: true
                                  to: '{{period_end}}'
                        - term:
                              data.vulnerability.severity:
                                  boost: 1
                                  value: Critical
              size: 0
  triggers:
    - name: Above 10 Critical vurnerabilities detected per 1 hour
      severity: "4"
      condition: ctx.results[0].hits.total.value > 10
      actions:
	- name: Send notification to Opsgenie (Vulnerability issues)
          destinationId: opsgenie_integration:_secops_group
          subject: ""
          message: "{\n \"message\": \"{{ctx.monitor.name}}. Trigger: {{ctx.trigger.name}}.\",
              \n \"description\": \"{{ctx.monitor.name}}. Trigger: {{ctx.trigger.name}}.
              Period start: {{ctx.periodStart}}. Period end: {{ctx.periodEnd}}.\",
              \n \"entity \":\"rtrx_security\",\n \"priority\": \"P{{ctx.trigger.severity}}\",\n
              \"alias\": \"{{ctx.trigger.name}}\"\n}"

Similar problem described here: https://github.com/mattn/anko/issues/264 Could we fix? Might migrate from encoding\json to github.com/json-iterator/go ?

Thanks! BR, Eugene Fateev

esfateev avatar May 07 '20 07:05 esfateev

This also happens when using the sample monitor... is this software in a working state at all?

adam-turner-j avatar Jun 12 '20 17:06 adam-turner-j

Same exact problem, I even copy pasted existing ymls into the working dir and it throws the same error:

DEBU[0000] Running monitor: simplemon FATA[0000] Unable to parse monitor correctly: json: unsupported type: map[interface {}]interface {}

Line 59 on https://github.com/mihirsoni/odfe-monitor-cli/blob/master/commands/push.go is where the fatal is being thrown.

mentalburden avatar Jul 27 '20 22:07 mentalburden

@mentalburden Could you provide sample YAML monitor ? You can redact the other details. Believe must be missing some new fields from alerting.

mihirsoni avatar Aug 17 '20 07:08 mihirsoni

@mihirsoni The sample monitor in the README does not work.

adam-turner-j avatar Aug 17 '20 21:08 adam-turner-j

Hello,

The same problem occurred to me when I used this by the Releases section, but when I cloned the repo to my local and run it, it was perfectly fine.

I realized Releases is 5 commits behind the master, so I forked it and released a new package up until the latest commit.

Working fine on my end: https://github.com/emretanriverdi/odfe-monitor-cli

I hope it works for you too! @esfateev @adam-turner-j @mentalburden

emretanriverdi avatar Apr 29 '21 05:04 emretanriverdi