klein-projects/wazuh-notify
2
0
Fork 0
Code Issues 1 Pull Requests Actions Packages Projects Releases 2 Wiki Activity

notification update

Browse Source
This commit is contained in:
Darius 2024-05-27 11:36:33 +02:00
parent 4601c0acd9
commit 1544ac351e
3 changed files with 27 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
wazuh-notify-go/notification/discord.go
View File

@ -9,6 +9,7 @@ import (
"slices" "slices"
"strconv" "strconv"
"strings" "strings"
"time"
"wazuh-notify/types" "wazuh-notify/types"
) )
@ -33,6 +34,7 @@ func SendDiscord(params types.Params) {
params.Click params.Click
} else { } else {
embedDescription = "\n\n" + embedDescription = "\n\n" +
"**Timestamp: **" + time.Now().Format(time.DateTime) + "\n" +
"**Agent:** " + params.WazuhMessage.Parameters.Alert.Agent.Name + "\n" + "**Agent:** " + params.WazuhMessage.Parameters.Alert.Agent.Name + "\n" +
"**Event id:** " + params.WazuhMessage.Parameters.Alert.Rule.ID + "\n" + "**Event id:** " + params.WazuhMessage.Parameters.Alert.Rule.ID + "\n" +
"**Rule:** " + params.WazuhMessage.Parameters.Alert.Rule.Description + "\n" + "**Rule:** " + params.WazuhMessage.Parameters.Alert.Rule.Description + "\n" +

30
wazuh-notify-go/notification/ntfy.go
View File

@ -1,8 +1,10 @@
package notification package notification
import ( import (
"encoding/json"
"net/http" "net/http"
"os" "os"
"slices"
"strconv" "strconv"
"strings" "strings"
"time" "time"
@ -11,12 +13,28 @@ import (
func SendNtfy(params types.Params) { func SendNtfy(params types.Params) {
payload := time.Now().Format(time.RFC3339) + "\n\n" + var payload string
"Agent: " + params.WazuhMessage.Parameters.Alert.Agent.Name + "\n" +
"Event id: " + params.WazuhMessage.Parameters.Alert.Rule.ID + "\n" + if slices.Contains(strings.Split(params.FullAlert, ","), "discord") {
"Description: " + params.WazuhMessage.Parameters.Alert.Rule.Description + "\n" + fullAlert, _ := json.MarshalIndent(params.WazuhMessage, "", " ")
"Threat level: " + strconv.Itoa(params.WazuhMessage.Parameters.Alert.Rule.Level) + "\n" + fullAlertString := strings.ReplaceAll(string(fullAlert), `"`, "")
"Times fired: " + strconv.Itoa(params.WazuhMessage.Parameters.Alert.Rule.Firedtimes) + "\n" fullAlertString = strings.ReplaceAll(fullAlertString, "{", "")
fullAlertString = strings.ReplaceAll(fullAlertString, "}", "")
fullAlertString = strings.ReplaceAll(fullAlertString, "[", "")
fullAlertString = strings.ReplaceAll(fullAlertString, "]", "")
fullAlertString = strings.ReplaceAll(fullAlertString, " ,", "")
payload = "\n\n ```" +
fullAlertString +
"```"
} else {
payload = time.Now().Format(time.RFC3339) + "\n\n" +
"Agent: " + params.WazuhMessage.Parameters.Alert.Agent.Name + "\n" +
"Event id: " + params.WazuhMessage.Parameters.Alert.Rule.ID + "\n" +
"Description: " + params.WazuhMessage.Parameters.Alert.Rule.Description + "\n" +
"Threat level: " + strconv.Itoa(params.WazuhMessage.Parameters.Alert.Rule.Level) + "\n" +
"Times fired: " + strconv.Itoa(params.WazuhMessage.Parameters.Alert.Rule.Firedtimes) + "\n"
}
req, _ := http.NewRequest("POST", os.Getenv("NTFY_URL"), strings.NewReader(payload)) req, _ := http.NewRequest("POST", os.Getenv("NTFY_URL"), strings.NewReader(payload))
req.Header.Set("Content-Type", "text/plain") req.Header.Set("Content-Type", "text/plain")

1
wazuh-notify-go/notification/slack.go Normal file
View File

@ -0,0 +1 @@
package notification