wazuh-notify/wazuh-notify-go/notification/slack.go

package notification

import (
	"bytes"
	"encoding/json"
	"fmt"
	"log"
	"net/http"
	"os"
	"slices"
	"strconv"
	"strings"
	"time"
	"wazuh-notify/types"
)

func SendSlack(params types.Params) {

	var embedDescription string

	if slices.Contains(strings.Split(params.General.FullAlert, ","), "slack") {
		fullAlert, _ := json.MarshalIndent(params.WazuhMessage, "", "  ")
		fullAlertString := strings.ReplaceAll(string(fullAlert), `"`, "")
		fullAlertString = strings.ReplaceAll(fullAlertString, "{", "")
		fullAlertString = strings.ReplaceAll(fullAlertString, "}", "")
		fullAlertString = strings.ReplaceAll(fullAlertString, "[", "")
		fullAlertString = strings.ReplaceAll(fullAlertString, "]", "")
		fullAlertString = strings.ReplaceAll(fullAlertString, " ,", "")

		embedDescription = "\n\n ```" +
			fullAlertString +
			"```\n\n" +
			"Priority: " + strconv.Itoa(params.Priority) + "\n" +
			"Tags: " + params.Tags + "\n\n" +
			params.General.Click
	} else {
		embedDescription = "\n\n" +
			"**Timestamp: **" + time.Now().Format(time.DateTime) + "\n" +
			"**Agent:** " + params.WazuhMessage.Parameters.Alert.Agent.Name + "\n" +
			"**Event id:** " + params.WazuhMessage.Parameters.Alert.Rule.ID + "\n" +
			"**Rule:** " + params.WazuhMessage.Parameters.Alert.Rule.Description + "\n" +
			"**Description: **" + params.WazuhMessage.Parameters.Alert.FullLog + "\n" +
			"**Threat level:** " + strconv.Itoa(params.WazuhMessage.Parameters.Alert.Rule.Level) + "\n" +
			"**Times fired:** " + strconv.Itoa(params.WazuhMessage.Parameters.Alert.Rule.Firedtimes) +
			"\n\n" +
			"Priority: " + strconv.Itoa(params.Priority) + "\n" +
			"Tags: " + params.Tags + "\n\n" +
			params.General.Click
	}

	message := fmt.Sprintf("{\"text\": %s}", embedDescription)

	payload := new(bytes.Buffer)

	err := json.NewEncoder(payload).Encode(message)
	if err != nil {
		return
	}

	_, err = http.Post(os.Getenv("SLACK_URL"), "application/json", payload)
	if err != nil {
		log.Fatalf("An Error Occured %v", err)
	}
}
notification update 2024-05-27 11:36:33 +02:00			`package notification`
slack added 2024-05-27 11:44:24 +02:00
			`import (`
			`"bytes"`
			`"encoding/json"`
yaml to toml 2024-05-27 13:01:39 +02:00			`"fmt"`
slack added 2024-05-27 11:44:24 +02:00			`"log"`
			`"net/http"`
			`"os"`
			`"slices"`
			`"strconv"`
			`"strings"`
			`"time"`
			`"wazuh-notify/types"`
			`)`

			`func SendSlack(params types.Params) {`

			`var embedDescription string`

yaml to toml 2024-05-27 13:01:39 +02:00			`if slices.Contains(strings.Split(params.General.FullAlert, ","), "slack") {`
slack added 2024-05-27 11:44:24 +02:00			`fullAlert, _ := json.MarshalIndent(params.WazuhMessage, "", " ")`
			fullAlertString := strings.ReplaceAll(string(fullAlert), `"`, "")
			`fullAlertString = strings.ReplaceAll(fullAlertString, "{", "")`
			`fullAlertString = strings.ReplaceAll(fullAlertString, "}", "")`
			`fullAlertString = strings.ReplaceAll(fullAlertString, "[", "")`
			`fullAlertString = strings.ReplaceAll(fullAlertString, "]", "")`
			`fullAlertString = strings.ReplaceAll(fullAlertString, " ,", "")`

			embedDescription = "\n\n ```" +
			`fullAlertString +`
			"```\n\n" +
			`"Priority: " + strconv.Itoa(params.Priority) + "\n" +`
			`"Tags: " + params.Tags + "\n\n" +`
yaml to toml 2024-05-27 13:01:39 +02:00			`params.General.Click`
slack added 2024-05-27 11:44:24 +02:00			`} else {`
			`embedDescription = "\n\n" +`
			`"Timestamp: " + time.Now().Format(time.DateTime) + "\n" +`
			`"Agent: " + params.WazuhMessage.Parameters.Alert.Agent.Name + "\n" +`
			`"Event id: " + params.WazuhMessage.Parameters.Alert.Rule.ID + "\n" +`
			`"Rule: " + params.WazuhMessage.Parameters.Alert.Rule.Description + "\n" +`
			`"Description: " + params.WazuhMessage.Parameters.Alert.FullLog + "\n" +`
			`"Threat level: " + strconv.Itoa(params.WazuhMessage.Parameters.Alert.Rule.Level) + "\n" +`
			`"Times fired: " + strconv.Itoa(params.WazuhMessage.Parameters.Alert.Rule.Firedtimes) +`
			`"\n\n" +`
			`"Priority: " + strconv.Itoa(params.Priority) + "\n" +`
			`"Tags: " + params.Tags + "\n\n" +`
yaml to toml 2024-05-27 13:01:39 +02:00			`params.General.Click`
slack added 2024-05-27 11:44:24 +02:00			`}`

yaml to toml 2024-05-27 13:01:39 +02:00			`message := fmt.Sprintf("{\"text\": %s}", embedDescription)`
slack added 2024-05-27 11:44:24 +02:00
			`payload := new(bytes.Buffer)`

			`err := json.NewEncoder(payload).Encode(message)`
			`if err != nil {`
			`return`
			`}`

			`_, err = http.Post(os.Getenv("SLACK_URL"), "application/json", payload)`
			`if err != nil {`
			`log.Fatalf("An Error Occured %v", err)`
			`}`
			`}`