diff --git a/wazuh-notify-go/main.go b/wazuh-notify-go/main.go index ab6c2b2..85c2abb 100644 --- a/wazuh-notify-go/main.go +++ b/wazuh-notify-go/main.go @@ -2,27 +2,31 @@ package main import ( "strings" + "wazuh-notify/discord" "wazuh-notify/log" - "wazuh-notify/notification" "wazuh-notify/ntfy" "wazuh-notify/services" "wazuh-notify/slack" ) func main() { - inputParams := services.InitNotify() + configParams := services.ReadConfig() - for _, target := range strings.Split(inputParams.General.Targets, ", ") { + inputParams := services.ParseFlags(configParams) + + Params := services.ParseWazuhInput(inputParams) + + for _, target := range strings.Split(Params.General.Targets, ", ") { switch target { case "discord": log.Log(target) - notification.SendDiscord(inputParams) + discord.SendDiscord(Params) case "ntfy": log.Log(target) - ntfy.SendNtfy(inputParams) + ntfy.SendNtfy(Params) case "slack": log.Log(target) - slack.SendSlack(inputParams) + slack.SendSlack(Params) } } log.CloseLogFile() diff --git a/wazuh-notify-go/services/filters.go b/wazuh-notify-go/services/filters.go index 373016f..efd7458 100644 --- a/wazuh-notify-go/services/filters.go +++ b/wazuh-notify-go/services/filters.go @@ -4,18 +4,19 @@ import ( "os" "strings" "wazuh-notify/log" + "wazuh-notify/types" ) -func Filter() { - for _, rule := range strings.Split(inputParams.General.ExcludedRules, ",") { - if rule == inputParams.WazuhMessage.Parameters.Alert.Rule.ID { +func Filter(params types.Params) { + for _, rule := range strings.Split(params.General.ExcludedRules, ",") { + if rule == params.WazuhMessage.Parameters.Alert.Rule.ID { log.Log("rule excluded") log.CloseLogFile() os.Exit(0) } } - for _, agent := range strings.Split(inputParams.General.ExcludedAgents, ",") { - if agent == inputParams.WazuhMessage.Parameters.Alert.Agent.ID { + for _, agent := range strings.Split(params.General.ExcludedAgents, ",") { + if agent == params.WazuhMessage.Parameters.Alert.Agent.ID { log.Log("agent excluded") log.CloseLogFile() os.Exit(0) diff --git a/wazuh-notify-go/services/flags.go b/wazuh-notify-go/services/flags.go new file mode 100644 index 0000000..df76e3b --- /dev/null +++ b/wazuh-notify-go/services/flags.go @@ -0,0 +1,23 @@ +package services + +import ( + "flag" + "wazuh-notify/log" + "wazuh-notify/types" +) + +func ParseFlags(params types.Params) types.Params { + + flag.StringVar(¶ms.Url, "url", "", "is the webhook URL of the Discord server. It is stored in .env.") + flag.StringVar(¶ms.General.Click, "click", params.General.Click, "is a link (URL) that can be followed by tapping/clicking inside the message. Default is https://google.com.") + flag.IntVar(¶ms.Priority, "priority", 0, "is the priority of the message, ranging from 1 (highest), to 5 (lowest). Default is 5.") + flag.StringVar(¶ms.General.Sender, "sender", params.General.Sender+" Golang", "is the sender of the message, either an app name or a person. The default is \"Security message\".") + flag.StringVar(¶ms.Tags, "tags", "", "is an arbitrary strings of tags (keywords), seperated by a \",\" (comma). Default is \"informational,testing,hard-coded\".") + flag.StringVar(¶ms.General.Targets, "targets", params.General.Targets, "is a list of targets to send notifications to. Default is \"discord\".") + + flag.Parse() + + log.Log("params loaded") + + return params +} diff --git a/wazuh-notify-go/services/init.go b/wazuh-notify-go/services/init.go deleted file mode 100644 index c7ed975..0000000 --- a/wazuh-notify-go/services/init.go +++ /dev/null @@ -1,101 +0,0 @@ -package services - -import ( - "bufio" - "encoding/json" - "flag" - "github.com/BurntSushi/toml" - "github.com/joho/godotenv" - "os" - "path" - "slices" - "strings" - "wazuh-notify/log" - "wazuh-notify/types" -) - -var inputParams types.Params -var configParams types.Params -var wazuhData types.WazuhMessage - -func InitNotify() types.Params { - BaseFilePath, _ := os.Executable() - BaseDirPath := path.Dir(BaseFilePath) - - log.OpenLogFile(BaseDirPath) - - err := godotenv.Load(path.Join(BaseDirPath, "../../etc/.env")) - if err != nil { - log.Log("env failed to load") - godotenv.Load(path.Join(BaseDirPath, ".env")) - } else { - log.Log("env loaded") - } - - tomlFile, err := os.ReadFile(path.Join(BaseDirPath, "../../etc/wazuh-notify-config.toml")) - if err != nil { - log.Log("toml failed to load") - tomlFile, err = os.ReadFile(path.Join(BaseDirPath, "wazuh-notify-config.toml")) - } - err = toml.Unmarshal(tomlFile, &configParams) - if err != nil { - print(err) - } - - log.Log("yaml loaded") - configParamString, _ := json.Marshal(configParams) - log.Log(string(configParamString)) - - flag.StringVar(&inputParams.Url, "url", "", "is the webhook URL of the Discord server. It is stored in .env.") - flag.StringVar(&inputParams.General.Click, "click", configParams.General.Click, "is a link (URL) that can be followed by tapping/clicking inside the message. Default is https://google.com.") - flag.IntVar(&inputParams.Priority, "priority", 0, "is the priority of the message, ranging from 1 (highest), to 5 (lowest). Default is 5.") - flag.StringVar(&inputParams.General.Sender, "sender", configParams.General.Sender+" Golang", "is the sender of the message, either an app name or a person. The default is \"Security message\".") - flag.StringVar(&inputParams.Tags, "tags", "", "is an arbitrary strings of tags (keywords), seperated by a \",\" (comma). Default is \"informational,testing,hard-coded\".") - flag.StringVar(&inputParams.General.Targets, "targets", "", "is a list of targets to send notifications to. Default is \"discord\".") - - flag.Parse() - - log.Log("params loaded") - inputParamString, _ := json.Marshal(inputParams) - log.Log(string(inputParamString)) - - inputParams.General.Targets = configParams.General.Targets - inputParams.General.FullAlert = configParams.General.FullAlert - inputParams.General.ExcludedAgents = configParams.General.ExcludedAgents - inputParams.General.ExcludedRules = configParams.General.ExcludedRules - inputParams.PriorityMap = configParams.PriorityMap - inputParams.MarkdownEmphasis = configParams.MarkdownEmphasis - - wazuhInput() - - return inputParams -} - -func wazuhInput() { - reader := bufio.NewReader(os.Stdin) - - json.NewDecoder(reader).Decode(&wazuhData) - - inputParams.Tags += strings.Join(wazuhData.Parameters.Alert.Rule.Groups, ",") - - inputParams.WazuhMessage = wazuhData - - for i := range configParams.PriorityMap { - if slices.Contains(configParams.PriorityMap[i].ThreatMap, wazuhData.Parameters.Alert.Rule.Level) { - if inputParams.WazuhMessage.Parameters.Alert.Rule.Firedtimes%inputParams.PriorityMap[i].NotifyThreshold != 0 { - os.Exit(0) - } - inputParams.Color = inputParams.PriorityMap[i].Color - if inputParams.WazuhMessage.Parameters.Alert.Rule.Firedtimes >= inputParams.PriorityMap[i].MentionThreshold { - inputParams.Mention = "@here" - } - inputParams.Priority = 5 - i - } - } - - Filter() - - log.Log("Wazuh data loaded") - inputParamString, _ := json.Marshal(inputParams) - log.Log(string(inputParamString)) -} diff --git a/wazuh-notify-go/services/readConfig.go b/wazuh-notify-go/services/readConfig.go new file mode 100644 index 0000000..15f68ce --- /dev/null +++ b/wazuh-notify-go/services/readConfig.go @@ -0,0 +1,42 @@ +package services + +import ( + "github.com/BurntSushi/toml" + "github.com/joho/godotenv" + "os" + "path" + "wazuh-notify/log" + "wazuh-notify/types" +) + +func ReadConfig() types.Params { + + var configParams types.Params + + baseFilePath, _ := os.Executable() + baseDirPath := path.Dir(baseFilePath) + + log.OpenLogFile(baseDirPath) + + err := godotenv.Load(path.Join(baseDirPath, "../../etc/.env")) + if err != nil { + log.Log("env failed to load") + godotenv.Load(path.Join(baseDirPath, ".env")) + } else { + log.Log("env loaded") + } + + tomlFile, err := os.ReadFile(path.Join(baseDirPath, "../../etc/wazuh-notify-config.toml")) + if err != nil { + log.Log("toml failed to load") + tomlFile, err = os.ReadFile(path.Join(baseDirPath, "wazuh-notify-config.toml")) + } + err = toml.Unmarshal(tomlFile, &configParams) + if err != nil { + print(err) + } else { + log.Log("yaml loaded") + } + + return configParams +} diff --git a/wazuh-notify-go/services/wazuhData.go b/wazuh-notify-go/services/wazuhData.go new file mode 100644 index 0000000..ec9093f --- /dev/null +++ b/wazuh-notify-go/services/wazuhData.go @@ -0,0 +1,45 @@ +package services + +import ( + "bufio" + "encoding/json" + "os" + "slices" + "strings" + "wazuh-notify/log" + "wazuh-notify/types" +) + +func ParseWazuhInput(params types.Params) types.Params { + + var wazuhData types.WazuhMessage + + reader := bufio.NewReader(os.Stdin) + + json.NewDecoder(reader).Decode(&wazuhData) + + params.Tags += strings.Join(wazuhData.Parameters.Alert.Rule.Groups, ",") + + params.WazuhMessage = wazuhData + + for i := range params.PriorityMap { + if slices.Contains(params.PriorityMap[i].ThreatMap, wazuhData.Parameters.Alert.Rule.Level) { + if params.WazuhMessage.Parameters.Alert.Rule.Firedtimes%params.PriorityMap[i].NotifyThreshold != 0 { + log.Log("threshold not met") + log.CloseLogFile() + os.Exit(0) + } + params.Color = params.PriorityMap[i].Color + if params.WazuhMessage.Parameters.Alert.Rule.Firedtimes >= params.PriorityMap[i].MentionThreshold { + params.Mention = "@here" + } + params.Priority = 5 - i + } + } + + log.Log("Wazuh data loaded") + + Filter(params) + + return params +}