Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
botbuilder-instrumentation
Advanced tools
This module is used to add instrumentation to bots built with [Microsoft Bot Framework](https://dev.botframework.com/). You can leverage the events from this module using [Ibex Dashboard](https://github.com/CatalystCode/ibex-dashboard).
This module is used to add instrumentation to bots built with Microsoft Bot Framework. You can leverage the events from this module using Ibex Dashboard.
Instrumentation Key
inside your bot registration page under Instrumentation key.This is an optional step in case you want user messages to be analyzed for sentiments. Create a new Sentiment Analysis Service under Cognitive Services. When creating the service, make sure to mark Text Analytics - Preview.
You can use the following option for running locally.
APPINSIGHTS_INSTRUMENTATIONKEY={App Insights Instrumentation Key}
CG_SENTIMENT_KEY={Cognitive Services Text Analytics Key}
CG_SENTIMENT_KEY
is optional.
const instrumentation = require('botbuilder-instrumentation');
// Setting up advanced instrumentation
let logging = new instrumentation.BotFrameworkInstrumentation({
instrumentationKey: process.env.APPINSIGHTS_INSTRUMENTATION_KEY,
sentiments: {
key: process.env.CG_SENTIMENT_KEY,
}
});
let recognizer = new builder.LuisRecognizer('...');
logging.monitor(bot, recognizer);
If you're not using a `LuisRecognizer', use the following code in addition:
var instrumentation = require('botbuilder-instrumentation');
// Setting up advanced instrumentation
let logging = new instrumentation.BotFrameworkInstrumentation({
instrumentationKey: process.env.APPINSIGHTS_INSTRUMENTATION_KEY,
sentiments: {
key: process.env.CG_SENTIMENT_KEY,
}
});
logging.monitor(bot);
Although CG_SENTIMENT_KEY
is optional, it is recommended if you're using Ibex Dashboard, in which case, adding sentiment analysis will add sentiments overview to the dashboard along with a sentiment icon next to all conversations.
// Hook into the result function of QNA to extract relevant data for logging.
logging.trackQNAEvent(context, userQuery, kbQuestion, kbAnswer, score);
You can see how to implement a QnA service here.
let logger = new instrumentation.BotFrameworkInstrumentation({
instrumentationKey: process.env.APPINSIGHTS_INSTRUMENTATION_KEY,
sentiments: {
key: process.env.CG_SENTIMENT_KEY,
},
// Will omit the user name from the logs for anonimization
omitUserName: true,
// Application insights options, all set to false by default
autoLogOptions: {
autoCollectConsole: true,
autoCollectExceptions: true,
autoCollectRequests: true,
autoCollectPerf: true // (auto collect performance)
}
customFields: {
userData: [ "CUSTOM_PROPERTY_1" ],
dialogData: [ "CUSTOM_PROPERTY_2" ],
conversationData: [ "CUSTOM_PROPERTY_3" ],
privateConversationData: [ "CUSTOM_PROPERTY_4" ]
}
});
The CUSTOM_PROPERTY
could be a String or an Array. If it's an array it will as a path. Lodash#get
The CUSTOM_PROPERTY
will be searched for in the session/context object of each event and will be added automatically under customDimensions in Application Insights.
If it does not exist, it will not be added to the logged events.
You can use any, all or none of the property bags under session: userData
, conversationData
, privateConversationData
, dialogData
.
You can track generic goal triggers, just like you would trigger a goal in Google Analytics for a web site. A triggered goal has a name and optionally custom properties that can be attached to the goal. Triggered goals can be seen in the Generic Goals Triggered dashboard template.
// This will show up as the event name in Application Insights.
let customEventName = 'myCustomEventName';
// Custom key-value data. It will be avaiable under the customDimensions column in Application Insights.
let customEventData = { customDataA: 'customValueA', customDataB: 3 };
// You can log using context (session), in which case, session variables like timespan, userId etc will also be logged
logging.trackCustomEvent(customEventName, customEventData, session);
// You can log without a session/context
logging.trackCustomEvent(customEventName, customEventData);
// And you can log without an event name, in which case the event name will be 'MBFEvent.CustomEvent'
logging.trackEvent(customEventData);
// Custom key-value data. It will be avaiable under the customDimensions column in Application Insights.
let customEventData = { customDataA: 'customValueA', customDataB: 3 };
// goalName is the name of the goal you want to trigger. e.g. "Goal A". You log using context (session), in which case, session variables like timespan, userId etc will also be logged
logging.trackGoalTriggeredEvent(goalName, customEventData, session);
You can see a working sample in morsh/bot-with-instrumentation
This project is licensed under the MIT License.
FAQs
This module is used to add instrumentation to bots built with [Microsoft Bot Framework](https://dev.botframework.com/). You can leverage the events from this module using [Ibex Dashboard](https://github.com/CatalystCode/ibex-dashboard).
The npm package botbuilder-instrumentation receives a total of 2,997 weekly downloads. As such, botbuilder-instrumentation popularity was classified as popular.
We found that botbuilder-instrumentation demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 4 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.