yaml to toml

wazuh-notify-go/go.mod

@@ -6,3 +6,5 @@ require (
 	github.com/joho/godotenv v1.5.1
 	gopkg.in/yaml.v2 v2.4.0
 )
+
+require github.com/BurntSushi/toml v1.4.0 // indirect

wazuh-notify-go/go.sum

@@ -1,3 +1,5 @@
+github.com/BurntSushi/toml v1.4.0 h1:kuoIxZQy2WRRk1pttg9asf+WVv6tWQuBNVmK8+nqPr0=
+github.com/BurntSushi/toml v1.4.0/go.mod h1:ukJfTF/6rtPPRCnwkur4qwRxa8vTRFBF0uk2lLoLwho=
 github.com/joho/godotenv v1.5.1 h1:7eLL/+HRGLY0ldzfGMeQkb7vMd0as4CfYvUVzLqw0N0=
 github.com/joho/godotenv v1.5.1/go.mod h1:f4LDr5Voq0i2e/R5DDNOoa2zzDfwtkZa6DnEwAbqwq4=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405 h1:yhCVgyC4o1eVCa2tZl7eS0r+SDo693bJlVdllGtEeKM=

wazuh-notify-go/main.go

@@ -10,7 +10,7 @@ import (
 func main() {
 	inputParams := services.InitNotify()
 
-	for _, target := range strings.Split(inputParams.Targets, ",") {
+	for _, target := range strings.Split(inputParams.General.Targets, ", ") {
 		switch target {
 		case "discord":
 			log.Log(target)

wazuh-notify-go/notification/discord.go

@@ -17,7 +17,7 @@ func SendDiscord(params types.Params) {
 
 	var embedDescription string
 
-	if slices.Contains(strings.Split(params.FullAlert, ","), "discord") {
+	if slices.Contains(strings.Split(params.General.FullAlert, ","), "discord") {
 		fullAlert, _ := json.MarshalIndent(params.WazuhMessage, "", "  ")
 		fullAlertString := strings.ReplaceAll(string(fullAlert), `"`, "")
 		fullAlertString = strings.ReplaceAll(fullAlertString, "{", "")
@@ -31,7 +31,7 @@ func SendDiscord(params types.Params) {
 			"```\n\n" +
 			"Priority: " + strconv.Itoa(params.Priority) + "\n" +
 			"Tags: " + params.Tags + "\n\n" +
-			params.Click
+			params.General.Click
 	} else {
 		embedDescription = "\n\n" +
 			"**Timestamp: **" + time.Now().Format(time.DateTime) + "\n" +
@@ -44,15 +44,15 @@ func SendDiscord(params types.Params) {
 			"\n\n" +
 			"Priority: " + strconv.Itoa(params.Priority) + "\n" +
 			"Tags: " + params.Tags + "\n\n" +
-			params.Click
+			params.General.Click
 	}
 
 	message := types.Message{
-		Username: params.Sender,
+		Username: params.General.Sender,
 		Content:  params.Mention,
 		Embeds: []types.Embed{
 			{
-				Title:       params.Sender,
+				Title:       params.General.Sender,
 				Description: embedDescription,
 				Color:       params.Color,
 			},

wazuh-notify-go/notification/ntfy.go

@@ -15,7 +15,7 @@ func SendNtfy(params types.Params) {
 
 	var payload string
 
-	if slices.Contains(strings.Split(params.FullAlert, ","), "discord") {
+	if slices.Contains(strings.Split(params.General.FullAlert, ","), "discord") {
 		fullAlert, _ := json.MarshalIndent(params.WazuhMessage, "", "  ")
 		fullAlertString := strings.ReplaceAll(string(fullAlert), `"`, "")
 		fullAlertString = strings.ReplaceAll(fullAlertString, "{", "")
@@ -39,14 +39,14 @@ func SendNtfy(params types.Params) {
 	req, _ := http.NewRequest("POST", os.Getenv("NTFY_URL"), strings.NewReader(payload))
 	req.Header.Set("Content-Type", "text/plain")
 
-	if params.Sender != "" {
+	if params.General.Sender != "" {
-		req.Header.Add("Title", params.Sender)
+		req.Header.Add("Title", params.General.Sender)
 	}
 	if params.Tags != "" {
 		req.Header.Add("Tags", params.Tags)
 	}
-	if params.Click != "" {
+	if params.General.Click != "" {
-		req.Header.Add("Click", params.Click)
+		req.Header.Add("Click", params.General.Click)
 	}
 	if params.Priority != 0 {
 		req.Header.Add("Priority", strconv.Itoa(params.Priority))

wazuh-notify-go/notification/slack.go

@@ -3,6 +3,7 @@ package notification
 import (
 	"bytes"
 	"encoding/json"
+	"fmt"
 	"log"
 	"net/http"
 	"os"
@@ -17,7 +18,7 @@ func SendSlack(params types.Params) {
 
 	var embedDescription string
 
-	if slices.Contains(strings.Split(params.FullAlert, ","), "slack") {
+	if slices.Contains(strings.Split(params.General.FullAlert, ","), "slack") {
 		fullAlert, _ := json.MarshalIndent(params.WazuhMessage, "", "  ")
 		fullAlertString := strings.ReplaceAll(string(fullAlert), `"`, "")
 		fullAlertString = strings.ReplaceAll(fullAlertString, "{", "")
@@ -31,7 +32,7 @@ func SendSlack(params types.Params) {
 			"```\n\n" +
 			"Priority: " + strconv.Itoa(params.Priority) + "\n" +
 			"Tags: " + params.Tags + "\n\n" +
-			params.Click
+			params.General.Click
 	} else {
 		embedDescription = "\n\n" +
 			"**Timestamp: **" + time.Now().Format(time.DateTime) + "\n" +
@@ -44,20 +45,10 @@ func SendSlack(params types.Params) {
 			"\n\n" +
 			"Priority: " + strconv.Itoa(params.Priority) + "\n" +
 			"Tags: " + params.Tags + "\n\n" +
-			params.Click
+			params.General.Click
 	}
 
-	message := types.Message{
+	message := fmt.Sprintf("{\"text\": %s}", embedDescription)
-		Username: params.Sender,
-		Content:  params.Mention,
-		Embeds: []types.Embed{
-			{
-				Title:       params.Sender,
-				Description: embedDescription,
-				Color:       params.Color,
-			},
-		},
-	}
 
 	payload := new(bytes.Buffer)
 

wazuh-notify-go/services/filters.go

@@ -7,14 +7,14 @@ import (
 )
 
 func Filter() {
-	for _, rule := range strings.Split(inputParams.ExcludedRules, ",") {
+	for _, rule := range strings.Split(inputParams.General.ExcludedRules, ",") {
 		if rule == inputParams.WazuhMessage.Parameters.Alert.Rule.ID {
 			log.Log("rule excluded")
 			log.CloseLogFile()
 			os.Exit(0)
 		}
 	}
-	for _, agent := range strings.Split(inputParams.ExcludedAgents, ",") {
+	for _, agent := range strings.Split(inputParams.General.ExcludedAgents, ",") {
 		if agent == inputParams.WazuhMessage.Parameters.Alert.Agent.ID {
 			log.Log("agent excluded")
 			log.CloseLogFile()

wazuh-notify-go/services/init.go

@@ -4,8 +4,8 @@ import (
 	"bufio"
 	"encoding/json"
 	"flag"
+	"github.com/BurntSushi/toml"
 	"github.com/joho/godotenv"
-	"gopkg.in/yaml.v2"
 	"os"
 	"path"
 	"slices"
@@ -32,12 +32,12 @@ func InitNotify() types.Params {
 		log.Log("env loaded")
 	}
 
-	yamlFile, err := os.ReadFile(path.Join(BaseDirPath, "../../etc/wazuh-notify-config.yaml"))
+	tomlFile, err := os.ReadFile(path.Join(BaseDirPath, "../../etc/wazuh-notify-config.toml"))
 	if err != nil {
-		log.Log("yaml failed to load")
+		log.Log("toml failed to load")
-		yamlFile, err = os.ReadFile(path.Join(BaseDirPath, "wazuh-notify-config.yaml"))
+		tomlFile, err = os.ReadFile(path.Join(BaseDirPath, "wazuh-notify-config.toml"))
 	}
-	err = yaml.Unmarshal(yamlFile, &configParams)
+	err = toml.Unmarshal(tomlFile, &configParams)
 	if err != nil {
 		print(err)
 	}
@@ -47,11 +47,11 @@ func InitNotify() types.Params {
 	log.Log(string(configParamString))
 
 	flag.StringVar(&inputParams.Url, "url", "", "is the webhook URL of the Discord server. It is stored in .env.")
-	flag.StringVar(&inputParams.Click, "click", configParams.Click, "is a link (URL) that can be followed by tapping/clicking inside the message. Default is https://google.com.")
+	flag.StringVar(&inputParams.General.Click, "click", configParams.General.Click, "is a link (URL) that can be followed by tapping/clicking inside the message. Default is https://google.com.")
 	flag.IntVar(&inputParams.Priority, "priority", 0, "is the priority of the message, ranging from 1 (highest), to 5 (lowest). Default is 5.")
-	flag.StringVar(&inputParams.Sender, "sender", configParams.Sender, "is the sender of the message, either an app name or a person. The default is \"Security message\".")
+	flag.StringVar(&inputParams.General.Sender, "sender", configParams.General.Sender, "is the sender of the message, either an app name or a person. The default is \"Security message\".")
 	flag.StringVar(&inputParams.Tags, "tags", "", "is an arbitrary strings of tags (keywords), seperated by a \",\" (comma). Default is \"informational,testing,hard-coded\".")
-	flag.StringVar(&inputParams.Targets, "targets", "", "is a list of targets to send notifications to. Default is \"discord\".")
+	flag.StringVar(&inputParams.General.Targets, "targets", "", "is a list of targets to send notifications to. Default is \"discord\".")
 
 	flag.Parse()
 
@@ -59,11 +59,11 @@ func InitNotify() types.Params {
 	inputParamString, _ := json.Marshal(inputParams)
 	log.Log(string(inputParamString))
 
-	inputParams.Targets = configParams.Targets
+	inputParams.General.Targets = configParams.General.Targets
-	inputParams.FullAlert = configParams.FullAlert
+	inputParams.General.FullAlert = configParams.General.FullAlert
-	inputParams.ExcludedAgents = configParams.ExcludedAgents
+	inputParams.General.ExcludedAgents = configParams.General.ExcludedAgents
-	inputParams.ExcludedRules = configParams.ExcludedRules
+	inputParams.General.ExcludedRules = configParams.General.ExcludedRules
-	inputParams.PriorityMaps = configParams.PriorityMaps
+	inputParams.PriorityMap = configParams.PriorityMap
 
 	wazuhInput()
 
@@ -79,10 +79,10 @@ func wazuhInput() {
 
 	inputParams.WazuhMessage = wazuhData
 
-	for i, _ := range configParams.PriorityMaps {
+	for i, _ := range configParams.PriorityMap {
-		if slices.Contains(configParams.PriorityMaps[i].ThreatMap, wazuhData.Parameters.Alert.Rule.Level) {
+		if slices.Contains(configParams.PriorityMap[i].ThreatMap, wazuhData.Parameters.Alert.Rule.Level) {
-			inputParams.Color = inputParams.PriorityMaps[i].Color
+			inputParams.Color = inputParams.PriorityMap[i].Color
-			if inputParams.WazuhMessage.Parameters.Alert.Rule.Firedtimes >= inputParams.PriorityMaps[i].MentionThreshold {
+			if inputParams.WazuhMessage.Parameters.Alert.Rule.Firedtimes >= inputParams.PriorityMap[i].MentionThreshold {
 				inputParams.Mention = "@here"
 			}
 			inputParams.Priority = 5 - i

wazuh-notify-go/types/types.go

@@ -1,25 +1,34 @@
 package types
 
 type Params struct {
-	Url            string
+	General          General `toml:"general"`
-	Sender         string `yaml:"sender,omitempty"`
+	Url              string
-	Priority       int
+	Priority         int
-	Tags           string
+	Tags             string
-	Click          string `yaml:"click,omitempty"`
+	Color            int
-	Targets        string `yaml:"targets,omitempty"`
+	Mention          string
-	FullAlert      string `yaml:"full_message,omitempty"`
+	WazuhMessage     WazuhMessage
-	ExcludedRules  string `yaml:"excluded_rules,omitempty"`
+	PriorityMap      []PriorityMap    `toml:"priority_map"`
-	ExcludedAgents string `yaml:"excluded_agents,omitempty"`
+	MarkdownEmphasis MarkdownEmphasis `toml:"markdown_emphasis"`
-	Color          int
-	Mention        string
-	WazuhMessage   WazuhMessage
-	PriorityMaps   []PriorityMap `yaml:"priority_map"`
 }
 
+type General struct {
+	Targets        string `toml:"targets"`
+	FullAlert      string `toml:"full_alert"`
+	ExcludedRules  string `toml:"excluded_rules"`
+	ExcludedAgents string `toml:"excluded_agents"`
+	Sender         string `toml:"sender"`
+	Click          string `toml:"click"`
+}
 type PriorityMap struct {
-	ThreatMap        []int `yaml:"threat_map"`
+	ThreatMap        []int `toml:"threat_map"`
-	MentionThreshold int   `yaml:"mention_threshold"`
+	MentionThreshold int   `toml:"mention_threshold"`
-	Color            int   `yaml:"color"`
+	Color            int   `toml:"color"`
+}
+type MarkdownEmphasis struct {
+	Slack   string `toml:"slack"`
+	Ntfy    string `toml:"ntfy"`
+	Discord string `toml:"discord"`
 }
 
 type Message struct {

wazuh-notify-go/wazuh-notify-config.yaml

@@ -4,7 +4,7 @@
 # This is the yaml config file for both the wazuh-ntfy-notifier.py and wazuh-discord-notifier.py.
 # The yaml needs to be in the same folder as the wazuh-ntfy-notifier.py and wazuh-discord-notifier.py
 
-targets: "discord,ntfy"
+targets: "discord,ntfy,slack"
 full_message: "ntfy"
 
 # Exclude rules that are listed in the ossec.conf active response definition.