It’s been a while since I abandoned the blog. Lot of things happened in the latest few years: changed job, changed house (twice), adopted my best friend Milo and finally asked my girlfriend to marry me.

I don’t think many people are interested to my personal life and my projects, but since this year has been very tough and the social interactions have been reduced to the minimum, maybe write could help me to relieve some stress.

Apart from all the personal situations, corona virus and lockdowns, you name it…from a more interesting perspective, I started an own project called Driplane and I’m actively involved in. I plan to improve and extend it in the next future. Thanks to it, I solved some issues and I thought to return something to the OpenSource world.

After a long period of tests and features adding I decided to release the v1.0.0 of driplane. More features are under development but I think the project is more than stable right now.https://t.co/C6MCavyuO5

— Gianluca Braga (@Matrix86_) February 14, 2021

I consider Driplane as my personal swiss knife for events monitoring!

How many times you created a script to keep under control changes on a website, or an interesting thread on Twitter? Personally…a lot.

The basic idea is to have one or more “generators” of events (feeders) that fill a pipeline. Attached to each pipeline there are filters whose purpose is to check the events they receive and decide to drop or change them before forwarding to the next filter. Every pipeline can have one or more filters.

The feeder can check changes on a website (web feeder) or a file (file feeder), keep track of keywords or users on Twitter (Twitter feeder), Slack events and so on…

The pipeline is defined by a rule. I created a simple syntax for them and you can see it here:

# Twitter feed
# Define a rule with a Twitter feeder and define keywords and users
Twitter => <twitter: users="goofy, mickeymouse", keywords="malware, virus, PE">;

# Define a rule to send a slack message using a defined api hook
slack => http(url="https://hooks.slack.com/services/XXXXXXXXXX/XXXXXXXXXX/XXXXXXXXXXXXXXXXXXXXXXXXXXXXXX",method="POST",headers="{\"Content-type\": \"application/json\"}",rawData="{{.main}}");

# Define a rule that filter the received tweets
tweet_rule => @Twitter |
              # ignore spanish tweets
              !text(target="language", pattern="es") |
              # extract hashes from them
              hash(extract="true") |
              # add a new field to the stream with the hash
              override(name="hash", value="{{ .main }}") |
              # drop it if we saw that hash before
              cache(ttl="24h", global="true") |
              # fill the template with extracted data
              format(file="slack_twitter.txt") |
              # use the rule defined above to send the filled template to slack endpoint
              @slack_alert;

I wrote on my notes a lot of new interesting features, like the possibility to launch driplane as daemon so that it can serve an web interface and be configured through it, and a lot of more stuff. The only variable here is to find some free time but I think it won’t be so difficult.

via GIPHY

This just wanted to be a little review of driplane but if you are more interested or you actually need it, I tried to document all the project right here.

Byez!