diff --git a/wazuh-notify-go/notification/discord.go b/wazuh-notify-go/notification/discord.go index 95d9cdb..db70f4e 100644 --- a/wazuh-notify-go/notification/discord.go +++ b/wazuh-notify-go/notification/discord.go @@ -6,46 +6,17 @@ import ( "log" "net/http" "os" - "slices" "strconv" - "strings" - "time" + "wazuh-notify/services" "wazuh-notify/types" ) func SendDiscord(params types.Params) { - var embedDescription string - - if slices.Contains(strings.Split(params.General.FullAlert, ","), "discord") { - fullAlert, _ := json.MarshalIndent(params.WazuhMessage, "", " ") - fullAlertString := strings.ReplaceAll(string(fullAlert), `"`, "") - fullAlertString = strings.ReplaceAll(fullAlertString, "{", "") - fullAlertString = strings.ReplaceAll(fullAlertString, "}", "") - fullAlertString = strings.ReplaceAll(fullAlertString, "[", "") - fullAlertString = strings.ReplaceAll(fullAlertString, "]", "") - fullAlertString = strings.ReplaceAll(fullAlertString, " ,", "") - - embedDescription = "\n\n ```" + - fullAlertString + - "```\n\n" + - "Priority: " + strconv.Itoa(params.Priority) + "\n" + - "Tags: " + params.Tags + "\n\n" + - params.General.Click - } else { - embedDescription = "\n\n" + - "**Timestamp: **" + time.Now().Format(time.DateTime) + "\n" + - "**Agent:** " + params.WazuhMessage.Parameters.Alert.Agent.Name + "\n" + - "**Event id:** " + params.WazuhMessage.Parameters.Alert.Rule.ID + "\n" + - "**Rule:** " + params.WazuhMessage.Parameters.Alert.Rule.Description + "\n" + - "**Description: **" + params.WazuhMessage.Parameters.Alert.FullLog + "\n" + - "**Threat level:** " + strconv.Itoa(params.WazuhMessage.Parameters.Alert.Rule.Level) + "\n" + - "**Times fired:** " + strconv.Itoa(params.WazuhMessage.Parameters.Alert.Rule.Firedtimes) + - "\n\n" + - "**Priority:** " + strconv.Itoa(params.Priority) + "\n" + - "**Tags:** " + params.Tags + "\n\n" + - params.General.Click - } + embedDescription := services.BuildMessage(params, "discord", params.MarkdownEmphasis.Discord) + + "**Priority:** " + strconv.Itoa(params.Priority) + "\n" + + "**Tags:** " + params.Tags + "\n\n" + + params.General.Click message := types.DiscordMessage{ Username: params.General.Sender, diff --git a/wazuh-notify-go/notification/ntfy.go b/wazuh-notify-go/notification/ntfy.go index 456bc1f..7103143 100644 --- a/wazuh-notify-go/notification/ntfy.go +++ b/wazuh-notify-go/notification/ntfy.go @@ -1,42 +1,21 @@ package notification import ( - "encoding/json" "net/http" "os" - "slices" "strconv" "strings" - "time" + "wazuh-notify/services" "wazuh-notify/types" ) func SendNtfy(params types.Params) { - var payload string + req, _ := http.NewRequest( + "POST", + os.Getenv("NTFY_URL"), + strings.NewReader(services.BuildMessage(params, "ntfy", params.MarkdownEmphasis.Ntfy))) - if slices.Contains(strings.Split(params.General.FullAlert, ","), "discord") { - fullAlert, _ := json.MarshalIndent(params.WazuhMessage, "", " ") - fullAlertString := strings.ReplaceAll(string(fullAlert), `"`, "") - fullAlertString = strings.ReplaceAll(fullAlertString, "{", "") - fullAlertString = strings.ReplaceAll(fullAlertString, "}", "") - fullAlertString = strings.ReplaceAll(fullAlertString, "[", "") - fullAlertString = strings.ReplaceAll(fullAlertString, "]", "") - fullAlertString = strings.ReplaceAll(fullAlertString, " ,", "") - - payload = "\n\n ```" + - fullAlertString + - "```" - } else { - payload = time.Now().Format(time.RFC3339) + "\n\n" + - "**Agent:** " + params.WazuhMessage.Parameters.Alert.Agent.Name + "\n" + - "**Event id:** " + params.WazuhMessage.Parameters.Alert.Rule.ID + "\n" + - "**Description:** " + params.WazuhMessage.Parameters.Alert.Rule.Description + "\n" + - "**Threat level:** " + strconv.Itoa(params.WazuhMessage.Parameters.Alert.Rule.Level) + "\n" + - "**Times fired:** " + strconv.Itoa(params.WazuhMessage.Parameters.Alert.Rule.Firedtimes) + "\n" - } - - req, _ := http.NewRequest("POST", os.Getenv("NTFY_URL"), strings.NewReader(payload)) req.Header.Set("Content-Type", "text/markdown") if params.General.Sender != "" { diff --git a/wazuh-notify-go/notification/slack.go b/wazuh-notify-go/notification/slack.go index 2e5336a..98603cf 100644 --- a/wazuh-notify-go/notification/slack.go +++ b/wazuh-notify-go/notification/slack.go @@ -6,49 +6,18 @@ import ( "log" "net/http" "os" - "slices" "strconv" - "strings" - "time" + "wazuh-notify/services" "wazuh-notify/types" ) func SendSlack(params types.Params) { - var embedDescription string - - if slices.Contains(strings.Split(params.General.FullAlert, ","), "slack") { - fullAlert, _ := json.MarshalIndent(params.WazuhMessage, "", " ") - fullAlertString := strings.ReplaceAll(string(fullAlert), `"`, "") - fullAlertString = strings.ReplaceAll(fullAlertString, "{", "") - fullAlertString = strings.ReplaceAll(fullAlertString, "}", "") - fullAlertString = strings.ReplaceAll(fullAlertString, "[", "") - fullAlertString = strings.ReplaceAll(fullAlertString, "]", "") - fullAlertString = strings.ReplaceAll(fullAlertString, " ,", "") - - embedDescription = "\n\n ```" + - fullAlertString + - "```\n\n" + - "Priority: " + strconv.Itoa(params.Priority) + "\n" + - "Tags: " + params.Tags + "\n\n" + - params.General.Click - } else { - embedDescription = "\n\n" + - "*Timestamp:* " + time.Now().Format(time.DateTime) + "\n" + - "*Agent:* " + params.WazuhMessage.Parameters.Alert.Agent.Name + "\n" + - "*Event id:* " + params.WazuhMessage.Parameters.Alert.Rule.ID + "\n" + - "*Rule:* " + params.WazuhMessage.Parameters.Alert.Rule.Description + "\n" + - "*Description:* " + params.WazuhMessage.Parameters.Alert.FullLog + "\n" + - "*Threat level:* " + strconv.Itoa(params.WazuhMessage.Parameters.Alert.Rule.Level) + "\n" + - "*Times fired:* " + strconv.Itoa(params.WazuhMessage.Parameters.Alert.Rule.Firedtimes) + - "\n\n" + + message := types.SlackMessage{ + Text: services.BuildMessage(params, "slack", params.MarkdownEmphasis.Slack) + "*Priority:* " + strconv.Itoa(params.Priority) + "\n" + "*Tags:* " + params.Tags + "\n\n" + - params.General.Click - } - - message := types.SlackMessage{ - Text: embedDescription, + params.General.Click, } payload := new(bytes.Buffer) diff --git a/wazuh-notify-go/services/init.go b/wazuh-notify-go/services/init.go index 12b31c4..b29416c 100644 --- a/wazuh-notify-go/services/init.go +++ b/wazuh-notify-go/services/init.go @@ -49,7 +49,7 @@ func InitNotify() types.Params { flag.StringVar(&inputParams.Url, "url", "", "is the webhook URL of the Discord server. It is stored in .env.") flag.StringVar(&inputParams.General.Click, "click", configParams.General.Click, "is a link (URL) that can be followed by tapping/clicking inside the message. Default is https://google.com.") flag.IntVar(&inputParams.Priority, "priority", 0, "is the priority of the message, ranging from 1 (highest), to 5 (lowest). Default is 5.") - flag.StringVar(&inputParams.General.Sender, "sender", configParams.General.Sender + " Golang", "is the sender of the message, either an app name or a person. The default is \"Security message\".") + flag.StringVar(&inputParams.General.Sender, "sender", configParams.General.Sender+" Golang", "is the sender of the message, either an app name or a person. The default is \"Security message\".") flag.StringVar(&inputParams.Tags, "tags", "", "is an arbitrary strings of tags (keywords), seperated by a \",\" (comma). Default is \"informational,testing,hard-coded\".") flag.StringVar(&inputParams.General.Targets, "targets", "", "is a list of targets to send notifications to. Default is \"discord\".") @@ -64,6 +64,7 @@ func InitNotify() types.Params { inputParams.General.ExcludedAgents = configParams.General.ExcludedAgents inputParams.General.ExcludedRules = configParams.General.ExcludedRules inputParams.PriorityMap = configParams.PriorityMap + inputParams.MarkdownEmphasis = configParams.MarkdownEmphasis wazuhInput() diff --git a/wazuh-notify-go/services/messageBuilder.go b/wazuh-notify-go/services/messageBuilder.go new file mode 100644 index 0000000..7fb94db --- /dev/null +++ b/wazuh-notify-go/services/messageBuilder.go @@ -0,0 +1,39 @@ +package services + +import ( + "encoding/json" + "fmt" + "slices" + "strconv" + "strings" + "time" + "wazuh-notify/types" +) + +func BuildMessage(params types.Params, target string, emphasis string) string { + + if slices.Contains(strings.Split(params.General.FullAlert, ","), target) { + fullAlert, _ := json.MarshalIndent(params.WazuhMessage, "", " ") + fullAlertString := strings.ReplaceAll(string(fullAlert), `"`, "") + fullAlertString = strings.ReplaceAll(fullAlertString, "{", "") + fullAlertString = strings.ReplaceAll(fullAlertString, "}", "") + fullAlertString = strings.ReplaceAll(fullAlertString, "[", "") + fullAlertString = strings.ReplaceAll(fullAlertString, "]", "") + fullAlertString = strings.ReplaceAll(fullAlertString, " ,", "") + + return "\n\n ```" + + fullAlertString + + "```\n\n" + } else { + return "\n\n" + + fmt.Sprintf("%sTimestamp:%s ", emphasis, emphasis) + time.Now().Format(time.DateTime) + "\n" + + fmt.Sprintf("%sAgent:%s ", emphasis, emphasis) + params.WazuhMessage.Parameters.Alert.Agent.Name + "\n" + + fmt.Sprintf("%sEvent id:%s ", emphasis, emphasis) + params.WazuhMessage.Parameters.Alert.Rule.ID + "\n" + + fmt.Sprintf("%sRule:%s ", emphasis, emphasis) + params.WazuhMessage.Parameters.Alert.Rule.Description + "\n" + + fmt.Sprintf("%sDescription:%s ", emphasis, emphasis) + params.WazuhMessage.Parameters.Alert.FullLog + "\n" + + fmt.Sprintf("%sThreat level:%s ", emphasis, emphasis) + strconv.Itoa(params.WazuhMessage.Parameters.Alert.Rule.Level) + "\n" + + fmt.Sprintf("%sTimes fired:%s ", emphasis, emphasis) + strconv.Itoa(params.WazuhMessage.Parameters.Alert.Rule.Firedtimes) + + "\n\n" + + } +}