2024-05-08 01:56:48 +02:00
|
|
|
package notification
|
|
|
|
|
|
|
|
|
|
import (
|
|
|
|
|
"bytes"
|
|
|
|
|
"encoding/json"
|
|
|
|
|
"log"
|
|
|
|
|
"net/http"
|
|
|
|
|
"os"
|
2024-05-10 14:23:54 +02:00
|
|
|
"slices"
|
2024-05-09 15:27:45 +02:00
|
|
|
"strconv"
|
2024-05-10 14:23:54 +02:00
|
|
|
"strings"
|
2024-05-08 01:56:48 +02:00
|
|
|
"wazuh-notify/types"
|
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
func SendDiscord(params types.Params) {
|
2024-05-10 14:23:54 +02:00
|
|
|
|
|
|
|
|
var embedDescription string
|
|
|
|
|
|
|
|
|
|
if slices.Contains(strings.Split(params.FullMessage, ","), "discord") {
|
|
|
|
|
fullMessage, _ := json.MarshalIndent(params.WazuhMessage, "", " ")
|
|
|
|
|
fullMessageString := strings.ReplaceAll(string(fullMessage), `"`, "")
|
|
|
|
|
fullMessageString = strings.ReplaceAll(fullMessageString, "{", "")
|
|
|
|
|
fullMessageString = strings.ReplaceAll(fullMessageString, "}", "")
|
|
|
|
|
fullMessageString = strings.ReplaceAll(fullMessageString, "[", "")
|
|
|
|
|
fullMessageString = strings.ReplaceAll(fullMessageString, "]", "")
|
|
|
|
|
fullMessageString = strings.ReplaceAll(fullMessageString, " ,", "")
|
|
|
|
|
|
|
|
|
|
embedDescription = "\n\n ```" +
|
|
|
|
|
fullMessageString +
|
|
|
|
|
"```\n\n" +
|
|
|
|
|
"Priority: " + strconv.Itoa(params.Priority) + "\n" +
|
|
|
|
|
"Tags: " + params.Tags + "\n\n" +
|
|
|
|
|
params.Click
|
|
|
|
|
} else {
|
|
|
|
|
embedDescription = "\n\n" +
|
|
|
|
|
"**Agent:** " + params.WazuhMessage.Parameters.Alert.Agent.Name + "\n" +
|
|
|
|
|
"**Event id:** " + params.WazuhMessage.Parameters.Alert.Rule.ID + "\n" +
|
2024-05-13 14:44:32 +02:00
|
|
|
"**Rule:** " + params.WazuhMessage.Parameters.Alert.Rule.Description + "\n" +
|
|
|
|
|
"**Description: **" + params.WazuhMessage.Parameters.Alert.FullLog + "\n" +
|
2024-05-10 14:23:54 +02:00
|
|
|
"**Threat level:** " + strconv.Itoa(params.WazuhMessage.Parameters.Alert.Rule.Level) + "\n" +
|
|
|
|
|
"**Times fired:** " + strconv.Itoa(params.WazuhMessage.Parameters.Alert.Rule.Firedtimes) +
|
|
|
|
|
"\n\n" +
|
|
|
|
|
"Priority: " + strconv.Itoa(params.Priority) + "\n" +
|
|
|
|
|
"Tags: " + params.Tags + "\n\n" +
|
|
|
|
|
params.Click
|
|
|
|
|
}
|
2024-05-08 01:56:48 +02:00
|
|
|
|
2024-05-09 17:52:16 +02:00
|
|
|
var color int
|
2024-05-13 14:44:32 +02:00
|
|
|
var mention string
|
2024-05-09 17:52:16 +02:00
|
|
|
|
|
|
|
|
switch params.Priority {
|
|
|
|
|
case 1:
|
2024-05-13 14:52:42 +02:00
|
|
|
color = params.PriorityMaps[4].Color
|
2024-05-13 14:44:32 +02:00
|
|
|
if params.WazuhMessage.Parameters.Alert.Rule.Firedtimes >= params.PriorityMaps[4].MentionThreshold {
|
|
|
|
|
mention = "@here"
|
|
|
|
|
}
|
2024-05-09 17:52:16 +02:00
|
|
|
case 2:
|
2024-05-13 14:52:42 +02:00
|
|
|
color = params.PriorityMaps[3].Color
|
2024-05-13 14:44:32 +02:00
|
|
|
if params.WazuhMessage.Parameters.Alert.Rule.Firedtimes >= params.PriorityMaps[3].MentionThreshold {
|
|
|
|
|
mention = "@here"
|
|
|
|
|
}
|
2024-05-09 17:52:16 +02:00
|
|
|
case 3:
|
2024-05-13 14:52:42 +02:00
|
|
|
color = params.PriorityMaps[2].Color
|
2024-05-13 14:44:32 +02:00
|
|
|
if params.WazuhMessage.Parameters.Alert.Rule.Firedtimes >= params.PriorityMaps[2].MentionThreshold {
|
|
|
|
|
mention = "@here"
|
|
|
|
|
}
|
2024-05-09 17:52:16 +02:00
|
|
|
case 4:
|
2024-05-13 14:52:42 +02:00
|
|
|
color = params.PriorityMaps[1].Color
|
2024-05-13 14:44:32 +02:00
|
|
|
if params.WazuhMessage.Parameters.Alert.Rule.Firedtimes >= params.PriorityMaps[1].MentionThreshold {
|
|
|
|
|
mention = "@here"
|
|
|
|
|
}
|
2024-05-09 17:52:16 +02:00
|
|
|
case 5:
|
2024-05-13 14:52:42 +02:00
|
|
|
color = params.PriorityMaps[0].Color
|
2024-05-13 14:44:32 +02:00
|
|
|
if params.WazuhMessage.Parameters.Alert.Rule.Firedtimes >= params.PriorityMaps[0].MentionThreshold {
|
|
|
|
|
mention = "@here"
|
|
|
|
|
}
|
2024-05-09 17:52:16 +02:00
|
|
|
}
|
|
|
|
|
|
2024-05-08 01:56:48 +02:00
|
|
|
message := types.Message{
|
|
|
|
|
Username: params.Sender,
|
2024-05-13 14:44:32 +02:00
|
|
|
Content: mention,
|
2024-05-08 01:56:48 +02:00
|
|
|
Embeds: []types.Embed{
|
|
|
|
|
{
|
2024-05-09 15:27:45 +02:00
|
|
|
Title: params.Sender,
|
2024-05-08 01:56:48 +02:00
|
|
|
Description: embedDescription,
|
2024-05-09 17:52:16 +02:00
|
|
|
Color: color,
|
2024-05-08 01:56:48 +02:00
|
|
|
},
|
|
|
|
|
},
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
payload := new(bytes.Buffer)
|
|
|
|
|
|
|
|
|
|
err := json.NewEncoder(payload).Encode(message)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
2024-05-09 19:03:34 +02:00
|
|
|
_, err = http.Post(os.Getenv("DISCORD_URL"), "application/json", payload)
|
2024-05-08 01:56:48 +02:00
|
|
|
if err != nil {
|
|
|
|
|
log.Fatalf("An Error Occured %v", err)
|
|
|
|
|
}
|
|
|
|
|
}
|
