Integrations

There are some categories of integrations to help integrate for any platform or business logic:

Platform Platforms allow malwatch to cohesively conform to your setup according to any requirements by overriding config values and almost any aspect of the functional environment.
Acter Acters are the result of any verb definitions which enact the fate of malware detections. The acters alert, clean, quarantine and exile are bundled by default.
Alerter Alerters are transports associated with alert delivery. More than one can be active. Support for json, pagerduty and smtp are included by default.

Alerter	Description
`json`	Deliver payloads to your own backend.
`pagerduty`	Deliver alerts through PagerDuty.
`smtp`	Deliver alerts using authenticated SMTP (`sendmail` is not available).

Integrations are loaded by means of the Plat, Acter and Alerter interfaces:

pkg/plat/plat.go

type Plat interface {
    Load() error
    Cfg() Cfg
    Acters() []acter.Acter
}

pkg/plat/acter/acter.go

type Acter interface {
    Load() error
    Verb() string
    Act(*state.Result) error
}

pkg/plat/alert/alert.go

type Sender interface {
    Load() error
    Cfg() plat.Cfg
    Alert(*state.Result) error
}

If your integration or alerter requires a config file, then the Cfg interface can be used:

pkg/plat/plat.go

type Cfg interface {
    Load() error
    Path() string
}

Need Help?

Please contact us for help with integrating malwatch with your platform, we would love to help.