Skip to content

feat(providers): SNMP trap ingestion via JSON webhook (#2112)#6265

Open
Leviann wants to merge 4 commits intokeephq:mainfrom
Leviann:feat/snmp-provider-2112
Open

feat(providers): SNMP trap ingestion via JSON webhook (#2112)#6265
Leviann wants to merge 4 commits intokeephq:mainfrom
Leviann:feat/snmp-provider-2112

Conversation

@Leviann
Copy link
Copy Markdown

@Leviann Leviann commented Apr 19, 2026

Summary

Adds an SNMP provider that ingests traps as JSON over the existing webhook path \POST /event/snmp\ (API key auth), matching how UDP/BER traps are usually integrated in production (snmptrapd \ raphandle\ + curl, SNMPTT, Telegraf \inputs.snmp_trap\ → HTTP, etc.).

What is included

  • \SnmpProvider\ with \parse_event_raw_body\ + _format_alert\ (single object, root JSON array, or \snmp_traps\ / \ raps\ batch).
  • Field aliases (\ rapOid, \�gentAddress, …) and basic severity mapping for standard \1.3.6.1.6.3.1.1.5.*\ notification OIDs.
  • \webhook_markdown\ setup notes + unit tests under \ ests/providers/snmp_provider/.

Notes

  • Native UDP/162 listener is out of scope here; HTTP JSON is the practical integration surface for Keep.

Closes #2112

/claim #2112

Made with Cursor

@Leviann
feat(providers): add SNMP webhook provider for JSON trap payloads
1a5ca14 
- POST /event/snmp accepts JSON from snmptrapd/Telegraf-style forwarders

- Single trap, root JSON array, or batch via snmp_traps / traps

- Map standard snmpTrapOID 1.3.6.1.6.3.1.1.5.* suffixes to severity

- Unit tests for parse + format paths

/claim keephq#2112

Made-with: Cursor
Copilot AI review requested due to automatic review settings April 19, 2026 16:44
@algora-pbc algora-pbc Bot mentioned this pull request Apr 19, 2026
Open
@dosubot dosubot Bot added the size:L This PR changes 100-499 lines, ignoring generated files. label Apr 19, 2026
@CLAassistant
Copy link
Copy Markdown

CLAassistant commented Apr 19, 2026
edited
Loading

CLA assistant check
All committers have signed the CLA.

@dosubot dosubot Bot added Feature A new feature Provider Providers related issues labels Apr 19, 2026
@Leviann
fix(snmp): strict std trap OID prefix + safe severity from_number
9baf16d 
- Only map 1.3.6.1.6.3.1.1.5.* (SNMPv2-MIB notifications), not arbitrary .5.X tails

- Catch ValueError from AlertSeverity.from_number for out-of-range ints

Made-with: Cursor
Copilot AI reviewed Apr 19, 2026
View reviewed changes
Copy link
Copy Markdown

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Copilot encountered an error and was unable to review this pull request. You can try again by re-requesting a review.

@Leviann
chore(snmp): docs, mint nav, safer severity coercion
dcac6b7 
- mint + snmp-provider.mdx for docs sidebar

- bool/float severity handling; enterprise OID severity regression test

- traps type guard test; int out-of-range + float JSON tests

Made-with: Cursor
@Leviann
Copy link
Copy Markdown
Author

Leviann commented Apr 19, 2026

Follow-up polish (no demo video)

  • Docs: snmp-provider.mdx + mint.json nav entry
  • Severity: exclude bool from int path; support float JSON severities; non-integer float falls back to OID map
  • Tests: enterprise OID 1.2.3.4.5.3 -> INFO; traps non-list raises; int out-of-range + float cases

Commit: dcac6b7

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

🙋 Bounty claim Feature A new feature Provider Providers related issues size:L This PR changes 100-499 lines, ignoring generated files.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

[🔌 Provider]: SNMP provider

3 participants

@Leviann @CLAassistant