klein-projects/wazuh-notify
2
0
Fork 0
Code Issues 1 Pull Requests Actions Packages Projects Releases 2 Wiki Activity

additional doc improvement

Browse Source
This commit is contained in:
Rudi klein 2024-05-23 19:43:33 +02:00
parent da5658a99a
commit 1a2530b627
1 changed files with 6 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
Writerside/topics/Wazuh-notifier.md
View File

@ -192,7 +192,7 @@ full_message: ""
Exclude_rules and excluded_agents will disable notification for these particular events or agents that are enabled in Exclude_rules and excluded_agents will disable notification for these particular events or agents that are enabled in
the ossec.conf active response definition. the ossec.conf active response definition.
These settings provide an easier way to disable events from firing. No need to restart Wazuh-manager. These settings provide an easier way to disable event notifications from firing. No need to restart Wazuh-manager.
Enter rule numbers as a string with comma-separated values. Enter rule numbers as a string with comma-separated values.
Enter numeric agent id's as a string with comma-separated values. Enter numeric agent id's as a string with comma-separated values.
@ -202,12 +202,14 @@ excluded_rules: "99999, 00000"
excluded_agents: "99999" excluded_agents: "99999"
``` ```
There is a mapping from Wazuh threat levels (0-15) to priorities (1-5) in notifications. There is a mapping from [Wazuh threat levels](https://documentation.wazuh.com/current/user-manual/ruleset/rules-classification.html) (0-15) to priorities (1-5) in notifications.
https://documentation.wazuh.com/current/user-manual/ruleset/rules-classification.html
Enter the values for the threat_map as lists of integers, mention_thresholds as integers and colors as Hex integers. Enter the values for the threat_map as lists of integers, mention_thresholds as integers and colors as Hex integers.
The mention_threshold, relates to the number of times a rule has been fired. When the times fired is equal to or greater The mention_threshold, relates to the number of times a rule has been fired. When the times fired is equal to or greater
than the mention_threshold, the recipient will receive a Discord mention in addition to the normal message. than the mention_threshold, the recipient will receive a Discord mention in addition to the normal message.
This is a list notation.
This setting is a list notation.
``` ```
priority_map: priority_map: