From 43999ff91437fe8a4f437e68b547c56d32f9bbbe Mon Sep 17 00:00:00 2001 From: darius Date: Thu, 9 May 2024 21:00:24 +0200 Subject: [PATCH] priority + tags fix --- wazuh-notify-go/services/init.go | 9 ++++++--- wazuh-notify-go/services/mapping.go | 13 +++++++------ wazuh-notify-go/wazuh-notify-config.yaml | 10 +++++----- 3 files changed, 18 insertions(+), 14 deletions(-) diff --git a/wazuh-notify-go/services/init.go b/wazuh-notify-go/services/init.go index cdb01d5..ff99215 100644 --- a/wazuh-notify-go/services/init.go +++ b/wazuh-notify-go/services/init.go @@ -9,6 +9,7 @@ import ( "os" "path" "runtime" + "strings" "wazuh-notify/log" "wazuh-notify/types" ) @@ -33,8 +34,6 @@ func InitNotify() types.Params { log.Log("env loaded") } - wazuhInput() - yamlFile, err := os.ReadFile(path.Join(BasePath, "../../etc/wazuh-notify-config.yaml")) if err != nil { log.Log("yaml failed to load") @@ -56,6 +55,8 @@ func InitNotify() types.Params { log.Log("params loaded") inputParams.Targets = configParams.Targets + wazuhInput() + return inputParams } @@ -64,7 +65,9 @@ func wazuhInput() { json.NewDecoder(reader).Decode(&wazuhData) - mapPriority() + inputParams.Priority = mapPriority() + + inputParams.Tags += strings.Join(wazuhData.Parameters.Alert.Rule.Groups, ",") inputParams.WazuhMessage = wazuhData } diff --git a/wazuh-notify-go/services/mapping.go b/wazuh-notify-go/services/mapping.go index 90a1219..051ff0f 100644 --- a/wazuh-notify-go/services/mapping.go +++ b/wazuh-notify-go/services/mapping.go @@ -2,20 +2,21 @@ package services import "slices" -func mapPriority() { +func mapPriority() int { if slices.Contains(configParams.Priority1, wazuhData.Parameters.Alert.Rule.Level) { - inputParams.Priority = wazuhData.Parameters.Alert.Rule.Level + return 1 } if slices.Contains(configParams.Priority2, wazuhData.Parameters.Alert.Rule.Level) { - inputParams.Priority = wazuhData.Parameters.Alert.Rule.Level + return 2 } if slices.Contains(configParams.Priority3, wazuhData.Parameters.Alert.Rule.Level) { - inputParams.Priority = wazuhData.Parameters.Alert.Rule.Level + return 3 } if slices.Contains(configParams.Priority4, wazuhData.Parameters.Alert.Rule.Level) { - inputParams.Priority = wazuhData.Parameters.Alert.Rule.Level + return 4 } if slices.Contains(configParams.Priority5, wazuhData.Parameters.Alert.Rule.Level) { - inputParams.Priority = wazuhData.Parameters.Alert.Rule.Level + return 5 } + return 0 } diff --git a/wazuh-notify-go/wazuh-notify-config.yaml b/wazuh-notify-go/wazuh-notify-config.yaml index 50a3302..9f2a28e 100644 --- a/wazuh-notify-go/wazuh-notify-config.yaml +++ b/wazuh-notify-go/wazuh-notify-config.yaml @@ -16,11 +16,11 @@ excluded_agents: "999" # Priority mapping from 1-12 (Wazuh events) to 1-5 (Discord and ntfy notification) -priority_1: 12, 11, 10 -priority_2: 9, 8 -priority_3: 7, 6 -priority_4: 5, 4 -priority_5: 3 ,2, 1 +priority_5: [12,11,10] +priority_4: [9,8] +priority_3: [7,6] +priority_2: [5,4] +priority_1: [3,2,1] sender: "Wazuh (IDS)" click: "https://google.com"