Summary

Implements an SNMP provider that receives SNMP traps via webhook and converts them into Keep alerts.

How it works: An external snmptrapd daemon receives SNMP traps and forwards them as JSON payloads to Keep’s /event/snmp endpoint via a simple shell script or HTTP forwarder.

Key features:

• SNMPv1/v2c/v3 support — Parses well-known trap OIDs (coldStart, warmStart, linkDown, linkUp, authenticationFailure) and enterprise-specific traps
• Automatic severity mapping — linkDown → CRITICAL, authenticationFailure → WARNING, coldStart/warmStart → INFO
• Smart status detection — linkUp auto-resolves corresponding alerts (RESOLVED), all others FIRING
• Deduplication — SHA256 fingerprint from source_ip + trap_oid ensures duplicate traps are deduplicated
• Varbind extraction — All variable bindings are extracted into alert labels for full context
• No external dependencies — Pure Python, no pysnmp or other SNMP libraries needed (traps arrive as JSON via HTTP)

Files changed:

Architecture:

Network Device → SNMP Trap → snmptrapd → JSON webhook → Keep /event/snmp → AlertDto

Test coverage:

• TestParseEventRawBody — dict passthrough, JSON bytes, invalid JSON, other types
• TestGetTrapName — well-known OIDs, SNMPv1 generic_trap, enterprise-specific, unknown
• TestGetSeverity — all severity levels, event-provided severity override
• TestGetStatus — linkUp=RESOLVED, linkDown=FIRING, unknown=FIRING
• TestBuildFingerprint — deterministic, different inputs = different fingerprints
• TestFormatAlert — v2c linkDown, v1 coldStart, linkUp resolved, enterprise traps, varbinds, minimal events

/claim #2112

Closes #2112