wazuh-notify/wazuh-notify-python/wazuh-notify.py

#!/usr/bin/env python3

#           This program is free software; you can redistribute it
#           and/or modify it under the terms of the GNU General Public
#           License (version 2) as published by the FSF - Free Software
#           Foundation.
#
#           Rudi Klein, May 2024


import requests

from wazuh_notify_module import *


def main():
    # The 'me' variable sets the called function (current function), the 'him' the calling function. Used for logging.
    me = frame(0).f_code.co_name
    him = frame(1).f_code.co_name

    # Load the TOML config.
    config: dict = get_config()

    logger(0, config, me, him, "############ Processing event ###############################")

    # Get the arguments used with running the script.
    arguments = get_arguments()

    # Check for test mode. Use test data if true.
    event_data = check_test_mode(config)

    # Extract the 'alert' section of the (JSON) event.
    alert = event_data["parameters"]["alert"]
    logger(2, config, me, him, "Extracting data from the event")

    # Check the config for any exclusion rules and abort when excluded.
    exclusions_check(config, alert)

    # Get the mapping from event threat level to priority, color and mention_flag.
    priority, color, mention = threat_mapping(config, alert['rule']['level'], alert['rule']['firedtimes'])

    # If the target argument was used with the script, we'll use that instead of the configuration parameter.
    config["targets"] = arguments['targets'] if arguments['targets'] != "" else config["targets"]

    # Prepare the messaging platform specific notification and execute if configured.

    # Discord notification handler
    if "discord" in config["targets"]:
        payload_json, discord_url = handle_discord_notification(config=config, arguments=arguments, alert=alert,
                                                                color=color, priority=priority, mention=mention)
        # POST the notification through requests.
        discord_result = requests.post(url=discord_url, json=payload_json)
        logger(1, config, me, him, "Discord notification constructed and sent: " + str(discord_result))

    # ntfy.sh notification handler
    if "ntfy" in config["targets"]:
        payload_data, payload_headers, ntfy_url = handle_ntfy_notification(config=config, arguments=arguments,
                                                                           alert=alert, priority=priority)
        # POST the notification through requests.
        ntfy_result = requests.post(url=ntfy_url, data=payload_data, headers=payload_headers)
        logger(1, config, me, him, "Ntfy notification constructed and sent: " + str(ntfy_result))

    # Slack notification handler
    if "slack" in config["targets"]:
        payload_json, slack_url = handle_slack_notification(config=config, arguments=arguments, alert=alert,
                                                            color=color, priority=priority, mention=mention)

        slack_result = requests.post(url=slack_url, headers={'Content-Type': 'application/json'}, json=payload_json)
        logger(1, config, me, him, "Slack notification constructed and sent: " + str(slack_result))

    # The end of processing
    logger(0, config, me, him, "############ Event processed ################################")
    exit(0)


if "__main__" == __name__:
    main()
Merger of module and notifier. Rename of files to 'notify' 2024-05-18 21:23:35 +02:00			`#!/usr/bin/env python3`

			`# This program is free software; you can redistribute it`
			`# and/or modify it under the terms of the GNU General Public`
			`# License (version 2) as published by the FSF - Free Software`
			`# Foundation.`
			`#`
Over to TOML and refactored. Testing needed. 2024-05-27 20:24:00 +02:00			`# Rudi Klein, May 2024`
Merger of module and notifier. Rename of files to 'notify' 2024-05-18 21:23:35 +02:00

			`import requests`

all is working 2024-05-22 21:05:27 +02:00			`from wazuh_notify_module import *`

Merger of module and notifier. Rename of files to 'notify' 2024-05-18 21:23:35 +02:00
all is working 2024-05-22 21:05:27 +02:00			`def main():`
Over to TOML and refactored. Testing needed. 2024-05-27 20:24:00 +02:00			`# The 'me' variable sets the called function (current function), the 'him' the calling function. Used for logging.`
all is working 2024-05-22 21:05:27 +02:00			`me = frame(0).f_code.co_name`
			`him = frame(1).f_code.co_name`
Merger of module and notifier. Rename of files to 'notify' 2024-05-18 21:23:35 +02:00
Over to TOML and refactored. Testing needed. 2024-05-27 20:24:00 +02:00			`# Load the TOML config.`
Merger of module and notifier. Rename of files to 'notify' 2024-05-18 21:23:35 +02:00			`config: dict = get_config()`
Code improvement 2024-05-29 20:37:53 +02:00
all is working 2024-05-22 21:05:27 +02:00			`logger(0, config, me, him, "############ Processing event ###############################")`
Merger of module and notifier. Rename of files to 'notify' 2024-05-18 21:23:35 +02:00
all is working 2024-05-22 21:05:27 +02:00			`# Get the arguments used with running the script.`
			`arguments = get_arguments()`
Merger of module and notifier. Rename of files to 'notify' 2024-05-18 21:23:35 +02:00
Code improvement 2024-05-29 20:37:53 +02:00			`# Check for test mode. Use test data if true.`
			`event_data = check_test_mode(config)`
Merger of module and notifier. Rename of files to 'notify' 2024-05-18 21:23:35 +02:00
Code improvement 2024-05-29 20:37:53 +02:00			`# Extract the 'alert' section of the (JSON) event.`
			`alert = event_data["parameters"]["alert"]`
all is working 2024-05-22 21:05:27 +02:00			`logger(2, config, me, him, "Extracting data from the event")`
Merger of module and notifier. Rename of files to 'notify' 2024-05-18 21:23:35 +02:00
Over to TOML and refactored. Testing needed. 2024-05-27 20:24:00 +02:00			`# Check the config for any exclusion rules and abort when excluded.`
			`exclusions_check(config, alert)`
Merger of module and notifier. Rename of files to 'notify' 2024-05-18 21:23:35 +02:00
all is working 2024-05-22 21:05:27 +02:00			`# Get the mapping from event threat level to priority, color and mention_flag.`
			`priority, color, mention = threat_mapping(config, alert['rule']['level'], alert['rule']['firedtimes'])`
Small changes and cosmetic changes 2024-05-24 13:06:46 +02:00
all is working 2024-05-22 21:05:27 +02:00			`# If the target argument was used with the script, we'll use that instead of the configuration parameter.`
			`config["targets"] = arguments['targets'] if arguments['targets'] != "" else config["targets"]`
Merger of module and notifier. Rename of files to 'notify' 2024-05-18 21:23:35 +02:00
Over to TOML and refactored. Testing needed. 2024-05-27 20:24:00 +02:00			`# Prepare the messaging platform specific notification and execute if configured.`
all is working 2024-05-22 21:05:27 +02:00
Code improvement 2024-05-29 20:37:53 +02:00			`# Discord notification handler`
			`if "discord" in config["targets"]:`
			`payload_json, discord_url = handle_discord_notification(config=config, arguments=arguments, alert=alert,`
			`color=color, priority=priority, mention=mention)`
all is working 2024-05-22 21:05:27 +02:00			`# POST the notification through requests.`
Code improvement 2024-05-29 20:37:53 +02:00			`discord_result = requests.post(url=discord_url, json=payload_json)`
			`logger(1, config, me, him, "Discord notification constructed and sent: " + str(discord_result))`
Merger of module and notifier. Rename of files to 'notify' 2024-05-18 21:23:35 +02:00
Code improvement 2024-05-29 20:37:53 +02:00			`# ntfy.sh notification handler`
Merger of module and notifier. Rename of files to 'notify' 2024-05-18 21:23:35 +02:00			`if "ntfy" in config["targets"]:`
Code improvement 2024-05-29 20:37:53 +02:00			`payload_data, payload_headers, ntfy_url = handle_ntfy_notification(config=config, arguments=arguments,`
			`alert=alert, priority=priority)`
			`# POST the notification through requests.`
			`ntfy_result = requests.post(url=ntfy_url, data=payload_data, headers=payload_headers)`
			`logger(1, config, me, him, "Ntfy notification constructed and sent: " + str(ntfy_result))`
Small changes and cosmetic changes 2024-05-24 13:06:46 +02:00
Code improvement 2024-05-29 20:37:53 +02:00			`# Slack notification handler`
			`if "slack" in config["targets"]:`
			`payload_json, slack_url = handle_slack_notification(config=config, arguments=arguments, alert=alert,`
			`color=color, priority=priority, mention=mention)`
all is working 2024-05-22 21:05:27 +02:00
Code improvement 2024-05-29 20:37:53 +02:00			`slack_result = requests.post(url=slack_url, headers={'Content-Type': 'application/json'}, json=payload_json)`
			`logger(1, config, me, him, "Slack notification constructed and sent: " + str(slack_result))`
all is working 2024-05-22 21:05:27 +02:00
Code improvement 2024-05-29 20:37:53 +02:00			`# The end of processing`
all is working 2024-05-22 21:05:27 +02:00			`logger(0, config, me, him, "############ Event processed ################################")`
			`exit(0)`
Merger of module and notifier. Rename of files to 'notify' 2024-05-18 21:23:35 +02:00

Over to TOML and refactored. Testing needed. 2024-05-27 20:24:00 +02:00			`if "__main__" == __name__:`
all is working 2024-05-22 21:05:27 +02:00			`main()`