refactor files

wazuh-notify-go/discord/discord.go

@@ -1,4 +1,4 @@
-package notification
+package discord
 
 import (
 	"bytes"
@@ -16,10 +16,10 @@ func SendDiscord(params types.Params) {
 		"**Tags:** " + params.Tags + "\n\n" +
 		params.General.Click
 
-	message := types.DiscordMessage{
+	message := DiscordMessage{
 		Username: params.General.Sender,
 		Content:  params.Mention,
-		Embeds: []types.Embed{
+		Embeds: []Embed{
 			{
 				Title:       params.General.Sender,
 				Description: embedDescription,

wazuh-notify-go/discord/types.go

@@ -1,4 +1,4 @@
-package types
+package discord
 
 type DiscordMessage struct {
 	Username  string  `json:"username,omitempty"`

wazuh-notify-go/main.go

@@ -4,7 +4,9 @@ import (
 	"strings"
 	"wazuh-notify/log"
 	"wazuh-notify/notification"
+	"wazuh-notify/ntfy"
 	"wazuh-notify/services"
+	"wazuh-notify/slack"
 )
 
 func main() {
@@ -17,10 +19,10 @@ func main() {
 			notification.SendDiscord(inputParams)
 		case "ntfy":
 			log.Log(target)
-			notification.SendNtfy(inputParams)
+			ntfy.SendNtfy(inputParams)
 		case "slack":
 			log.Log(target)
-			notification.SendSlack(inputParams)
+			slack.SendSlack(inputParams)
 		}
 	}
 	log.CloseLogFile()

wazuh-notify-go/ntfy/ntfy.go

@@ -1,4 +1,4 @@
-package notification
+package ntfy
 
 import (
 	"net/http"

wazuh-notify-go/ntfy/types.go

@@ -0,0 +1 @@
+package ntfy

wazuh-notify-go/slack/slack.go

@@ -1,4 +1,4 @@
-package notification
+package slack
 
 import (
 	"bytes"
@@ -12,7 +12,7 @@ import (
 
 func SendSlack(params types.Params) {
 
-	message := types.SlackMessage{
+	message := SlackMessage{
 		Text: services.BuildMessage(params, "slack", params.MarkdownEmphasis.Slack) +
 			"*Tags:* " + params.Tags + "\n\n" +
 			params.General.Click,

wazuh-notify-go/slack/types.go

@@ -1,4 +1,4 @@
-package types
+package slack
 
 type SlackMessage struct {
 	Text string `json:"text,omitempty"`

wazuh-notify-go/types/ntfy.go

@@ -1 +0,0 @@
-package types

wazuh-notify-go/wazuh-notify-config.toml

@@ -0,0 +1,84 @@
+#############################################################################################################
+# This is the TOML config file for wazuh-notify (active response) for both the Python and Go implementation #
+#############################################################################################################
+
+[general]
+# Platforms in this string with comma seperated values are triggered.
+targets = "slack, ntfy, discord"
+
+# Platforms in this string will enable sending the full event information.
+full_alert = ""
+
+# Exclude rule events that are enabled in the ossec.conf active response definition.
+# These settings provide an easier way to disable events from firing the notifiers.
+excluded_rules = "99999, 00000"
+excluded_agents = "99999"
+
+# The next 2 settings are used to add information to the messages.
+sender = "Wazuh (IDS)"
+click = "https://documentation.wazuh.com/"
+
+# Priority mapping from 0-15 (Wazuh threat levels) to 1-5 (in notifications) and their respective colors (Discord)
+# https://documentation.wazuh.com/current/user-manual/ruleset/rules-classification.html
+# Enter threat_map as lists of integers, mention_threshold as integer and color as Hex integer
+[[priority_map]]
+threat_map = [15, 14, 13, 12]
+mention_threshold = 1
+notify_threshold = 1
+color = 0xec3e40 # Red, SEVERE
+
+[[priority_map]]
+threat_map = [11, 10, 9]
+mention_threshold = 1
+notify_threshold = 1
+color = 0xff9b2b # Orange, HIGH
+
+[[priority_map]]
+threat_map = [8, 7, 6]
+mention_threshold = 5
+notify_threshold = 5
+color = 0xf5d800 # Yellow, ELEVATED
+
+[[priority_map]]
+threat_map = [5, 4]
+mention_threshold = 20
+notify_threshold = 5
+color = 0x377fc7 # Blue, GUARDED
+
+[[priority_map]]
+threat_map = [3, 2, 1, 0]
+mention_threshold = 20
+notify_threshold = 5
+color = 0x01a465 # Green, LOW
+
+################ End of priority mapping ##################################
+
+# Following parameter defines the markdown characters to emphasise the parameter names in the notification messages
+[markdown_emphasis]
+slack = "*"
+ntfy = "**"
+discord = "**"
+
+##################################################################################
+# From here on the settings are ONLY used by the Python version of wazuh-notify. #
+##################################################################################
+
+[python]
+
+# The next settings are used for testing and troubleshooting.
+
+# Test mode will add the example event in wazuh-notify-test-event.json instead of the message received through wazuh.
+# This enables testing for particular events when the test event is customized.
+test_mode = true
+
+# Enabling this parameter provides more logging to the wazuh-notifier log.
+extended_logging = 2
+
+# Enabling this parameter provides extended logging to the console.
+extended_print = 2
+
+# Below settings provide for a window that enable/disables events from firing the notifiers.
+excluded_days = ""
+
+# Enter as a tuple of string values. Be aware of your regional settings.
+excluded_hours = ["23:59", "00:00"]

wazuh-notify-go/wazuh-notify-config.yaml

@@ -1,49 +0,0 @@
----
-#start of yaml
-
-# This is the yaml config file for both the wazuh-ntfy-notifier.py and wazuh-discord-notifier.py.
-# The yaml needs to be in the same folder as the wazuh-ntfy-notifier.py and wazuh-discord-notifier.py
-
-targets: "discord,ntfy,slack"
-full_message: "ntfy"
-
-# Exclude rules that are listed in the ossec.conf active response definition.
-
-excluded_rules: "5401,5403"
-excluded_agents: "999"
-
-# Priority mapping from 1-12 (Wazuh events) to 1-5 (Discord and ntfy notification)
-# Discord mention after x amount of event fired times
-
-priority_map:
-  -
-    threat_map: [15,14,13,12]
-    mention_threshold: 1
-    color: 0xcc3300
-  -
-    threat_map: [11,10,9]
-    mention_threshold: 1
-    color: 0xff9966
-  -
-    threat_map: [8,7,6]
-    mention_threshold: 5
-    color: 0xffcc00
-  -
-    threat_map: [5,4]
-    mention_threshold: 5
-    color: 0x99cc33
-  -
-    threat_map: [3,2,1,0]
-    mention_threshold: 5
-    color: 0x339900
-
-
-sender: "Wazuh (IDS)"
-click: "https://google.com"
-
-
-#end of yaml
-...
-
-
-