Skip to content

feat: add SNMP provider for receiving and processing SNMP traps (#2112) #5216

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 3 commits into from
Closed

feat: add SNMP provider for receiving and processing SNMP traps (#2112) #5216

wants to merge 3 commits into from

Conversation

@MAVRICK-1
Copy link

@MAVRICK-1 MAVRICK-1 commented Jul 23, 2025
edited
Loading

Closes #2112

📑 Description

This PR adds a new SNMP provider that enables Keep to receive and process SNMP traps from network devices, converting them into actionable Keep alerts.

Key Features Implemented:

  • Support for SNMPv1, SNMPv2c, and SNMPv3 protocols
  • Authentication and encryption for SNMPv3 (MD5/SHA auth, DES/AES privacy)
  • Automatic severity mapping for standard SNMP traps
  • Configurable listening address and port
  • Rich alert context with system information and trap variables
  • Comprehensive error handling and validation
  • Added pysnmp-lextudio dependency for SNMP protocol support
  • Complete documentation with usage examples

The provider automatically maps standard SNMP traps (coldStart, warmStart, linkDown, linkUp, authenticationFailure, etc.) to appropriate alert severities
and extracts meaningful information like system name, uptime, and interface details.

✅ Checks

  • My pull request adheres to the code style of this project
  • My code requires changes to the documentation
  • I have updated the documentation as required
  • All the tests have passed

ℹ Additional Information

Dependencies Added:

  • pysnmp-lextudio = "^6.3.0" - Modern SNMP library for Python with asyncio support

Configuration Example:

# Basic SNMPv1/v2c setup
authentication:
  listen_address: "0.0.0.0"
  listen_port: 162
  community_string: "public"

# Advanced SNMPv3 setup
authentication:
  listen_address: "0.0.0.0"
  listen_port: 162
  community_string: "public"
  security_name: "snmpuser"
  auth_protocol: "SHA"
  auth_key: "authpassword123"
  priv_protocol: "AES"
  priv_key: "privpassword123"

Testing:

The provider has been tested with various SNMP trap types and includes comprehensive error handling for production use. Test scripts are provided in the
codebase for validation.

Breaking Changes:

None - this is a new provider addition that doesn't affect existing functionality.

Files Added:

  • keep/providers/snmp_provider/snmp_provider.py - Main provider implementation
  • keep/providers/snmp_provider/init.py - Package initialization
  • keep/providers/snmp_provider/README.md - Comprehensive documentation

/claim #2112

@MAVRICK-1
feat: add SNMP provider for receiving and processing SNMP traps (keep…
1c9a854 
…hq#2112)

- Support for SNMPv1, SNMPv2c, and SNMPv3 protocols
- Authentication and encryption for SNMPv3 (MD5/SHA auth, DES/AES privacy)
- Automatic severity mapping for standard SNMP traps
- Configurable listening address and port
- Rich alert context with system information and trap variables
- Comprehensive error handling and validation
- Added pysnmp-lextudio dependency for SNMP protocol support
- Complete documentation with usage examples
@vercel
Copy link

vercel bot commented Jul 23, 2025

@MAVRICK-1 is attempting to deploy a commit to the KeepHQ Team on Vercel.

A member of the Team first needs to authorize it.

@algora-pbc algora-pbc bot mentioned this pull request Jul 23, 2025
Open
@dosubot dosubot bot added the size:XL This PR changes 500-999 lines, ignoring generated files. label Jul 23, 2025
@CLAassistant
Copy link

CLAassistant commented Jul 23, 2025
edited
Loading

CLA assistant check
All committers have signed the CLA.

@dosubot dosubot bot added Feature A new feature Provider Providers related issues labels Jul 23, 2025
cursor[bot]

This comment was marked as outdated.

Sign in to view

@MAVRICK-1
fix: resolve thread safety and transport extraction issues in SNMP pr…
892f83d 
…ovider

- Add thread locks to prevent race conditions on received_traps list
- Fix transport info extraction with proper null checks
- Prevent multiple trap receiver thread startups
- Ensure atomic operations for alert buffer management

Fixes identified race conditions that could cause:
- Data corruption and lost alerts
- Port binding conflicts
- Resource leaks
- Incorrect transport information
cursor[bot]
cursor bot reviewed Jul 23, 2025
View reviewed changes
Copy link

@cursor cursor bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Bug: SNMPv3 Protocol Validation and Key Handling

The SNMP provider has two validation issues:

  1. SNMPv3 auth_protocol and priv_protocol validation is case-sensitive, but the underlying setup code is case-insensitive, causing valid lowercase inputs to be rejected.
  2. It fails to validate that priv_key is provided when priv_protocol is configured for SNMPv3, which can lead to runtime errors during engine setup.

keep/providers/snmp_provider/snmp_provider.py#L194-L203

keep/keep/providers/snmp_provider/snmp_provider.py

Lines 194 to 203 in 892f83d

# Validate SNMPv3 configuration if provided
if self.authentication_config.security_name:
if not self.authentication_config.auth_protocol:
raise ValueError("SNMPv3 security name provided but auth protocol is missing")
if not self.authentication_config.auth_key:
raise ValueError("SNMPv3 security name provided but auth key is missing")
if self.authentication_config.auth_protocol not in ["MD5", "SHA"]:
raise ValueError(f"Invalid auth protocol: {self.authentication_config.auth_protocol}. Must be MD5 or SHA")
if self.authentication_config.priv_protocol and self.authentication_config.priv_protocol not in ["DES", "AES"]:
raise ValueError(f"Invalid privacy protocol: {self.authentication_config.priv_protocol}. Must be DES or AES")

Fix in CursorFix in Web

Was this report helpful? Give feedback by reacting with 👍 or 👎

shahargl
shahargl requested changes Jul 23, 2025
View reviewed changes
Copy link
Member

@shahargl shahargl left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

hey! thanks for opening this PR.

have you tested it? can you share a video of this working?

@MAVRICK-1
Copy link
Author

Screencast.from.2025-07-23.18-20-20.mp4

@shahargl

@MAVRICK-1 MAVRICK-1 requested a review from shahargl July 23, 2025 12:59
@shahargl
Copy link
Member

@MAVRICK-1 closing as its not ready to merge. you can see other PR's about new providers to understand whats need to be done.

@shahargl shahargl closed this Aug 20, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@cursor cursor[bot] cursor[bot] left review comments

@shahargl shahargl Awaiting requested review from shahargl

Assignees

No one assigned

Labels

🙋 Bounty claim Feature A new feature Provider Providers related issues size:XL This PR changes 500-999 lines, ignoring generated files.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

[🔌 Provider]: SNMP provider

3 participants

@MAVRICK-1 @CLAassistant @shahargl