message builder refactor
This commit is contained in:
darius
parent
c6f365ff54
commit
2bc675b150
@ -6,46 +6,17 @@ import (
|
||||
"log"
|
||||
"net/http"
|
||||
"os"
|
||||
"slices"
|
||||
"strconv"
|
||||
"strings"
|
||||
"time"
|
||||
"wazuh-notify/services"
|
||||
"wazuh-notify/types"
|
||||
)
|
||||
|
||||
func SendDiscord(params types.Params) {
|
||||
|
||||
var embedDescription string
|
||||
|
||||
if slices.Contains(strings.Split(params.General.FullAlert, ","), "discord") {
|
||||
fullAlert, _ := json.MarshalIndent(params.WazuhMessage, "", " ")
|
||||
fullAlertString := strings.ReplaceAll(string(fullAlert), `"`, "")
|
||||
fullAlertString = strings.ReplaceAll(fullAlertString, "{", "")
|
||||
fullAlertString = strings.ReplaceAll(fullAlertString, "}", "")
|
||||
fullAlertString = strings.ReplaceAll(fullAlertString, "[", "")
|
||||
fullAlertString = strings.ReplaceAll(fullAlertString, "]", "")
|
||||
fullAlertString = strings.ReplaceAll(fullAlertString, " ,", "")
|
||||
|
||||
embedDescription = "\n\n ```" +
|
||||
fullAlertString +
|
||||
"```\n\n" +
|
||||
"Priority: " + strconv.Itoa(params.Priority) + "\n" +
|
||||
"Tags: " + params.Tags + "\n\n" +
|
||||
params.General.Click
|
||||
} else {
|
||||
embedDescription = "\n\n" +
|
||||
"**Timestamp: **" + time.Now().Format(time.DateTime) + "\n" +
|
||||
"**Agent:** " + params.WazuhMessage.Parameters.Alert.Agent.Name + "\n" +
|
||||
"**Event id:** " + params.WazuhMessage.Parameters.Alert.Rule.ID + "\n" +
|
||||
"**Rule:** " + params.WazuhMessage.Parameters.Alert.Rule.Description + "\n" +
|
||||
"**Description: **" + params.WazuhMessage.Parameters.Alert.FullLog + "\n" +
|
||||
"**Threat level:** " + strconv.Itoa(params.WazuhMessage.Parameters.Alert.Rule.Level) + "\n" +
|
||||
"**Times fired:** " + strconv.Itoa(params.WazuhMessage.Parameters.Alert.Rule.Firedtimes) +
|
||||
"\n\n" +
|
||||
embedDescription := services.BuildMessage(params, "discord", params.MarkdownEmphasis.Discord) +
|
||||
"**Priority:** " + strconv.Itoa(params.Priority) + "\n" +
|
||||
"**Tags:** " + params.Tags + "\n\n" +
|
||||
params.General.Click
|
||||
}
|
||||
|
||||
message := types.DiscordMessage{
|
||||
Username: params.General.Sender,
|
||||
|
||||
@ -1,42 +1,21 @@
|
||||
package notification
|
||||
|
||||
import (
|
||||
"encoding/json"
|
||||
"net/http"
|
||||
"os"
|
||||
"slices"
|
||||
"strconv"
|
||||
"strings"
|
||||
"time"
|
||||
"wazuh-notify/services"
|
||||
"wazuh-notify/types"
|
||||
)
|
||||
|
||||
func SendNtfy(params types.Params) {
|
||||
|
||||
var payload string
|
||||
req, _ := http.NewRequest(
|
||||
"POST",
|
||||
os.Getenv("NTFY_URL"),
|
||||
strings.NewReader(services.BuildMessage(params, "ntfy", params.MarkdownEmphasis.Ntfy)))
|
||||
|
||||
if slices.Contains(strings.Split(params.General.FullAlert, ","), "discord") {
|
||||
fullAlert, _ := json.MarshalIndent(params.WazuhMessage, "", " ")
|
||||
fullAlertString := strings.ReplaceAll(string(fullAlert), `"`, "")
|
||||
fullAlertString = strings.ReplaceAll(fullAlertString, "{", "")
|
||||
fullAlertString = strings.ReplaceAll(fullAlertString, "}", "")
|
||||
fullAlertString = strings.ReplaceAll(fullAlertString, "[", "")
|
||||
fullAlertString = strings.ReplaceAll(fullAlertString, "]", "")
|
||||
fullAlertString = strings.ReplaceAll(fullAlertString, " ,", "")
|
||||
|
||||
payload = "\n\n ```" +
|
||||
fullAlertString +
|
||||
"```"
|
||||
} else {
|
||||
payload = time.Now().Format(time.RFC3339) + "\n\n" +
|
||||
"**Agent:** " + params.WazuhMessage.Parameters.Alert.Agent.Name + "\n" +
|
||||
"**Event id:** " + params.WazuhMessage.Parameters.Alert.Rule.ID + "\n" +
|
||||
"**Description:** " + params.WazuhMessage.Parameters.Alert.Rule.Description + "\n" +
|
||||
"**Threat level:** " + strconv.Itoa(params.WazuhMessage.Parameters.Alert.Rule.Level) + "\n" +
|
||||
"**Times fired:** " + strconv.Itoa(params.WazuhMessage.Parameters.Alert.Rule.Firedtimes) + "\n"
|
||||
}
|
||||
|
||||
req, _ := http.NewRequest("POST", os.Getenv("NTFY_URL"), strings.NewReader(payload))
|
||||
req.Header.Set("Content-Type", "text/markdown")
|
||||
|
||||
if params.General.Sender != "" {
|
||||
|
||||
@ -6,49 +6,18 @@ import (
|
||||
"log"
|
||||
"net/http"
|
||||
"os"
|
||||
"slices"
|
||||
"strconv"
|
||||
"strings"
|
||||
"time"
|
||||
"wazuh-notify/services"
|
||||
"wazuh-notify/types"
|
||||
)
|
||||
|
||||
func SendSlack(params types.Params) {
|
||||
|
||||
var embedDescription string
|
||||
|
||||
if slices.Contains(strings.Split(params.General.FullAlert, ","), "slack") {
|
||||
fullAlert, _ := json.MarshalIndent(params.WazuhMessage, "", " ")
|
||||
fullAlertString := strings.ReplaceAll(string(fullAlert), `"`, "")
|
||||
fullAlertString = strings.ReplaceAll(fullAlertString, "{", "")
|
||||
fullAlertString = strings.ReplaceAll(fullAlertString, "}", "")
|
||||
fullAlertString = strings.ReplaceAll(fullAlertString, "[", "")
|
||||
fullAlertString = strings.ReplaceAll(fullAlertString, "]", "")
|
||||
fullAlertString = strings.ReplaceAll(fullAlertString, " ,", "")
|
||||
|
||||
embedDescription = "\n\n ```" +
|
||||
fullAlertString +
|
||||
"```\n\n" +
|
||||
"Priority: " + strconv.Itoa(params.Priority) + "\n" +
|
||||
"Tags: " + params.Tags + "\n\n" +
|
||||
params.General.Click
|
||||
} else {
|
||||
embedDescription = "\n\n" +
|
||||
"*Timestamp:* " + time.Now().Format(time.DateTime) + "\n" +
|
||||
"*Agent:* " + params.WazuhMessage.Parameters.Alert.Agent.Name + "\n" +
|
||||
"*Event id:* " + params.WazuhMessage.Parameters.Alert.Rule.ID + "\n" +
|
||||
"*Rule:* " + params.WazuhMessage.Parameters.Alert.Rule.Description + "\n" +
|
||||
"*Description:* " + params.WazuhMessage.Parameters.Alert.FullLog + "\n" +
|
||||
"*Threat level:* " + strconv.Itoa(params.WazuhMessage.Parameters.Alert.Rule.Level) + "\n" +
|
||||
"*Times fired:* " + strconv.Itoa(params.WazuhMessage.Parameters.Alert.Rule.Firedtimes) +
|
||||
"\n\n" +
|
||||
message := types.SlackMessage{
|
||||
Text: services.BuildMessage(params, "slack", params.MarkdownEmphasis.Slack) +
|
||||
"*Priority:* " + strconv.Itoa(params.Priority) + "\n" +
|
||||
"*Tags:* " + params.Tags + "\n\n" +
|
||||
params.General.Click
|
||||
}
|
||||
|
||||
message := types.SlackMessage{
|
||||
Text: embedDescription,
|
||||
params.General.Click,
|
||||
}
|
||||
|
||||
payload := new(bytes.Buffer)
|
||||
|
||||
@ -49,7 +49,7 @@ func InitNotify() types.Params {
|
||||
flag.StringVar(&inputParams.Url, "url", "", "is the webhook URL of the Discord server. It is stored in .env.")
|
||||
flag.StringVar(&inputParams.General.Click, "click", configParams.General.Click, "is a link (URL) that can be followed by tapping/clicking inside the message. Default is https://google.com.")
|
||||
flag.IntVar(&inputParams.Priority, "priority", 0, "is the priority of the message, ranging from 1 (highest), to 5 (lowest). Default is 5.")
|
||||
flag.StringVar(&inputParams.General.Sender, "sender", configParams.General.Sender + " Golang", "is the sender of the message, either an app name or a person. The default is \"Security message\".")
|
||||
flag.StringVar(&inputParams.General.Sender, "sender", configParams.General.Sender+" Golang", "is the sender of the message, either an app name or a person. The default is \"Security message\".")
|
||||
flag.StringVar(&inputParams.Tags, "tags", "", "is an arbitrary strings of tags (keywords), seperated by a \",\" (comma). Default is \"informational,testing,hard-coded\".")
|
||||
flag.StringVar(&inputParams.General.Targets, "targets", "", "is a list of targets to send notifications to. Default is \"discord\".")
|
||||
|
||||
@ -64,6 +64,7 @@ func InitNotify() types.Params {
|
||||
inputParams.General.ExcludedAgents = configParams.General.ExcludedAgents
|
||||
inputParams.General.ExcludedRules = configParams.General.ExcludedRules
|
||||
inputParams.PriorityMap = configParams.PriorityMap
|
||||
inputParams.MarkdownEmphasis = configParams.MarkdownEmphasis
|
||||
|
||||
wazuhInput()
|
||||
|
||||
|
||||
39
wazuh-notify-go/services/messageBuilder.go
Normal file
39
wazuh-notify-go/services/messageBuilder.go
Normal file
@ -0,0 +1,39 @@
|
||||
package services
|
||||
|
||||
import (
|
||||
"encoding/json"
|
||||
"fmt"
|
||||
"slices"
|
||||
"strconv"
|
||||
"strings"
|
||||
"time"
|
||||
"wazuh-notify/types"
|
||||
)
|
||||
|
||||
func BuildMessage(params types.Params, target string, emphasis string) string {
|
||||
|
||||
if slices.Contains(strings.Split(params.General.FullAlert, ","), target) {
|
||||
fullAlert, _ := json.MarshalIndent(params.WazuhMessage, "", " ")
|
||||
fullAlertString := strings.ReplaceAll(string(fullAlert), `"`, "")
|
||||
fullAlertString = strings.ReplaceAll(fullAlertString, "{", "")
|
||||
fullAlertString = strings.ReplaceAll(fullAlertString, "}", "")
|
||||
fullAlertString = strings.ReplaceAll(fullAlertString, "[", "")
|
||||
fullAlertString = strings.ReplaceAll(fullAlertString, "]", "")
|
||||
fullAlertString = strings.ReplaceAll(fullAlertString, " ,", "")
|
||||
|
||||
return "\n\n ```" +
|
||||
fullAlertString +
|
||||
"```\n\n"
|
||||
} else {
|
||||
return "\n\n" +
|
||||
fmt.Sprintf("%sTimestamp:%s ", emphasis, emphasis) + time.Now().Format(time.DateTime) + "\n" +
|
||||
fmt.Sprintf("%sAgent:%s ", emphasis, emphasis) + params.WazuhMessage.Parameters.Alert.Agent.Name + "\n" +
|
||||
fmt.Sprintf("%sEvent id:%s ", emphasis, emphasis) + params.WazuhMessage.Parameters.Alert.Rule.ID + "\n" +
|
||||
fmt.Sprintf("%sRule:%s ", emphasis, emphasis) + params.WazuhMessage.Parameters.Alert.Rule.Description + "\n" +
|
||||
fmt.Sprintf("%sDescription:%s ", emphasis, emphasis) + params.WazuhMessage.Parameters.Alert.FullLog + "\n" +
|
||||
fmt.Sprintf("%sThreat level:%s ", emphasis, emphasis) + strconv.Itoa(params.WazuhMessage.Parameters.Alert.Rule.Level) + "\n" +
|
||||
fmt.Sprintf("%sTimes fired:%s ", emphasis, emphasis) + strconv.Itoa(params.WazuhMessage.Parameters.Alert.Rule.Firedtimes) +
|
||||
"\n\n"
|
||||
|
||||
}
|
||||
}
|
||||
Loading…
x
Reference in New Issue
Block a user