arazzo: 1.0.1
info:
  title: Shodan Alert With Notifier
  summary: Create a notifier, attach it via an alert, and arm a trigger for delivery.
  description: >-
    A notification-wired monitoring pattern. The workflow creates a notifier for
    receiving alerts, creates a network alert over the supplied IP ranges, and
    enables a trigger so events on the monitored ranges are delivered. Every
    step spells out its request inline so the flow can be read and executed
    without opening the underlying OpenAPI description.
  version: 1.0.0
sourceDescriptions:
- name: shodanRest
  url: ../openapi/shodan-rest-openapi.yml
  type: openapi
workflows:
- workflowId: alert-with-notifier
  summary: Stand up a notifier and a triggered network alert in one flow.
  description: >-
    Creates a notifier, creates a network alert on the supplied IP ranges, and
    enables a trigger so the alert can deliver events to the notifier.
  inputs:
    type: object
    required:
    - apiKey
    - provider
    - description
    - notifierArgs
    - alertName
    - ips
    - trigger
    properties:
      apiKey:
        type: string
        description: Shodan API key passed as the `key` query parameter.
      provider:
        type: string
        description: The notifier provider type (e.g. "email", "slack").
      description:
        type: string
        description: A human-readable description for the notifier.
      notifierArgs:
        type: object
        description: Provider-specific configuration arguments for the notifier.
      alertName:
        type: string
        description: A human-readable name for the network alert.
      ips:
        type: array
        items:
          type: string
        description: The IP ranges to monitor with this alert.
      trigger:
        type: string
        description: The trigger name to enable on the alert.
  steps:
  - stepId: createNotifier
    description: >-
      Create a notifier for receiving alert events.
    operationId: createNotifier
    requestBody:
      contentType: application/json
      payload:
        provider: $inputs.provider
        description: $inputs.description
        args: $inputs.notifierArgs
    parameters:
    - name: key
      in: query
      value: $inputs.apiKey
    successCriteria:
    - condition: $statusCode == 200
    outputs:
      notifierId: $response.body#/id
  - stepId: createAlert
    description: >-
      Create a network alert over the supplied IP ranges.
    operationId: createAlert
    requestBody:
      contentType: application/json
      payload:
        name: $inputs.alertName
        filters:
          ip: $inputs.ips
    parameters:
    - name: key
      in: query
      value: $inputs.apiKey
    successCriteria:
    - condition: $statusCode == 200
    outputs:
      alertId: $response.body#/id
  - stepId: enableTrigger
    description: >-
      Enable the requested trigger so the alert begins delivering events.
    operationId: enableAlertTrigger
    parameters:
    - name: key
      in: query
      value: $inputs.apiKey
    - name: id
      in: path
      value: $steps.createAlert.outputs.alertId
    - name: trigger
      in: path
      value: $inputs.trigger
    successCriteria:
    - condition: $statusCode == 200
    outputs:
      success: $response.body#/success
  outputs:
    notifierId: $steps.createNotifier.outputs.notifierId
    alertId: $steps.createAlert.outputs.alertId