notification update

2024-05-27 11:36:33 +02:00 · 2024-05-27 11:36:33 +02:00 · 1544ac351e
commit 1544ac351e
parent 4601c0acd9
3 changed files with 27 additions and 6 deletions
--- a/wazuh-notify-go/notification/discord.go
+++ b/wazuh-notify-go/notification/discord.go
@ -9,6 +9,7 @@ import (
 	"slices"
 	"strconv"
 	"strings"
+	"time"
 	"wazuh-notify/types"
 )

@ -33,6 +34,7 @@ func SendDiscord(params types.Params) {
 			params.Click
 	} else {
 		embedDescription = "\n\n" +
+			"**Timestamp: **" + time.Now().Format(time.DateTime) + "\n" +
 			"**Agent:** " + params.WazuhMessage.Parameters.Alert.Agent.Name + "\n" +
 			"**Event id:** " + params.WazuhMessage.Parameters.Alert.Rule.ID + "\n" +
 			"**Rule:** " + params.WazuhMessage.Parameters.Alert.Rule.Description + "\n" +
--- a/wazuh-notify-go/notification/ntfy.go
+++ b/wazuh-notify-go/notification/ntfy.go
@ -1,8 +1,10 @@
 package notification

 import (
+	"encoding/json"
 	"net/http"
 	"os"
+	"slices"
 	"strconv"
 	"strings"
 	"time"
@ -11,12 +13,28 @@ import (

 func SendNtfy(params types.Params) {

-	payload := time.Now().Format(time.RFC3339) + "\n\n" +
+	var payload string
+
+	if slices.Contains(strings.Split(params.FullAlert, ","), "discord") {
+		fullAlert, _ := json.MarshalIndent(params.WazuhMessage, "", "  ")
+		fullAlertString := strings.ReplaceAll(string(fullAlert), `"`, "")
+		fullAlertString = strings.ReplaceAll(fullAlertString, "{", "")
+		fullAlertString = strings.ReplaceAll(fullAlertString, "}", "")
+		fullAlertString = strings.ReplaceAll(fullAlertString, "[", "")
+		fullAlertString = strings.ReplaceAll(fullAlertString, "]", "")
+		fullAlertString = strings.ReplaceAll(fullAlertString, " ,", "")
+
+		payload = "\n\n ```" +
+			fullAlertString +
+			"```"
+	} else {
+		payload = time.Now().Format(time.RFC3339) + "\n\n" +
 			"Agent: " + params.WazuhMessage.Parameters.Alert.Agent.Name + "\n" +
 			"Event id: " + params.WazuhMessage.Parameters.Alert.Rule.ID + "\n" +
 			"Description: " + params.WazuhMessage.Parameters.Alert.Rule.Description + "\n" +
 			"Threat level: " + strconv.Itoa(params.WazuhMessage.Parameters.Alert.Rule.Level) + "\n" +
 			"Times fired: " + strconv.Itoa(params.WazuhMessage.Parameters.Alert.Rule.Firedtimes) + "\n"
+	}

 	req, _ := http.NewRequest("POST", os.Getenv("NTFY_URL"), strings.NewReader(payload))
 	req.Header.Set("Content-Type", "text/plain")
--- a/wazuh-notify-go/notification/slack.go
+++ b/wazuh-notify-go/notification/slack.go
@ -0,0 +1 @@
+package notification