klein-projects/wazuh-notify
2
0
Fork 0
Code Issues 1 Pull Requests Actions Packages Projects Releases 2 Wiki Activity

priority + tags fix

Browse Source
This commit is contained in:
darius 2024-05-09 21:00:24 +02:00
parent 69ebc0fca3
commit 43999ff914
3 changed files with 18 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
wazuh-notify-go/services/init.go
View File

@ -9,6 +9,7 @@ import (
"os" "os"
"path" "path"
"runtime" "runtime"
"strings"
"wazuh-notify/log" "wazuh-notify/log"
"wazuh-notify/types" "wazuh-notify/types"
) )
@ -33,8 +34,6 @@ func InitNotify() types.Params {
log.Log("env loaded") log.Log("env loaded")
} }
wazuhInput()
yamlFile, err := os.ReadFile(path.Join(BasePath, "../../etc/wazuh-notify-config.yaml")) yamlFile, err := os.ReadFile(path.Join(BasePath, "../../etc/wazuh-notify-config.yaml"))
if err != nil { if err != nil {
log.Log("yaml failed to load") log.Log("yaml failed to load")
@ -56,6 +55,8 @@ func InitNotify() types.Params {
log.Log("params loaded") log.Log("params loaded")
inputParams.Targets = configParams.Targets inputParams.Targets = configParams.Targets
wazuhInput()
return inputParams return inputParams
} }
@ -64,7 +65,9 @@ func wazuhInput() {
json.NewDecoder(reader).Decode(&wazuhData) json.NewDecoder(reader).Decode(&wazuhData)
mapPriority() inputParams.Priority = mapPriority()
inputParams.Tags += strings.Join(wazuhData.Parameters.Alert.Rule.Groups, ",")
inputParams.WazuhMessage = wazuhData inputParams.WazuhMessage = wazuhData
} }

13
wazuh-notify-go/services/mapping.go
View File

@ -2,20 +2,21 @@ package services
import "slices" import "slices"
func mapPriority() { func mapPriority() int {
if slices.Contains(configParams.Priority1, wazuhData.Parameters.Alert.Rule.Level) { if slices.Contains(configParams.Priority1, wazuhData.Parameters.Alert.Rule.Level) {
inputParams.Priority = wazuhData.Parameters.Alert.Rule.Level return 1
} }
if slices.Contains(configParams.Priority2, wazuhData.Parameters.Alert.Rule.Level) { if slices.Contains(configParams.Priority2, wazuhData.Parameters.Alert.Rule.Level) {
inputParams.Priority = wazuhData.Parameters.Alert.Rule.Level return 2
} }
if slices.Contains(configParams.Priority3, wazuhData.Parameters.Alert.Rule.Level) { if slices.Contains(configParams.Priority3, wazuhData.Parameters.Alert.Rule.Level) {
inputParams.Priority = wazuhData.Parameters.Alert.Rule.Level return 3
} }
if slices.Contains(configParams.Priority4, wazuhData.Parameters.Alert.Rule.Level) { if slices.Contains(configParams.Priority4, wazuhData.Parameters.Alert.Rule.Level) {
inputParams.Priority = wazuhData.Parameters.Alert.Rule.Level return 4
} }
if slices.Contains(configParams.Priority5, wazuhData.Parameters.Alert.Rule.Level) { if slices.Contains(configParams.Priority5, wazuhData.Parameters.Alert.Rule.Level) {
inputParams.Priority = wazuhData.Parameters.Alert.Rule.Level return 5
} }
return 0
} }

10
wazuh-notify-go/wazuh-notify-config.yaml
View File

@ -16,11 +16,11 @@ excluded_agents: "999"
# Priority mapping from 1-12 (Wazuh events) to 1-5 (Discord and ntfy notification) # Priority mapping from 1-12 (Wazuh events) to 1-5 (Discord and ntfy notification)
priority_1: 12, 11, 10 priority_5: [12,11,10]
priority_2: 9, 8 priority_4: [9,8]
priority_3: 7, 6 priority_3: [7,6]
priority_4: 5, 4 priority_2: [5,4]
priority_5: 3 ,2, 1 priority_1: [3,2,1]
sender: "Wazuh (IDS)" sender: "Wazuh (IDS)"
click: "https://google.com" click: "https://google.com"