go functional mirror added

requirements.txt

@@ -0,0 +1,3 @@
+requests~=2.31.0
+PyYAML~=6.0.1
+python-dotenv~=1.0.1

wazuh-notify-go/.env

@@ -0,0 +1,2 @@
+DISCORD_WEBHOOK=https://discord.com/api/webhooks/1237526475306176572/kHGnaQiM8qWOfdLIN1LWqgq3dsfqiHtsfs-Z5FralJNdX5hdw-MOPf4zzIDiFVjcIat4
+NTFY_URL=https://ntfy.sh/__KleinTest

wazuh-notify-go/.idea/.gitignore

@@ -0,0 +1,8 @@
+# Default ignored files
+/shelf/
+/workspace.xml
+# Editor-based HTTP Client requests
+/httpRequests/
+# Datasource local storage ignored files
+/dataSources/
+/dataSources.local.xml

wazuh-notify-go/.idea/.name

@@ -0,0 +1 @@
+wazuh-notify-go

wazuh-notify-go/.idea/modules.xml

@@ -0,0 +1,8 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project version="4">
+  <component name="ProjectModuleManager">
+    <modules>
+      <module fileurl="file://$PROJECT_DIR$/.idea/wazuh-notify-go.iml" filepath="$PROJECT_DIR$/.idea/wazuh-notify-go.iml" />
+    </modules>
+  </component>
+</project>

wazuh-notify-go/config.yaml

@@ -0,0 +1,86 @@
+---
+#start of yaml
+
+# This is the yaml config file for both the wazuh-ntfy-notifier.py and wazuh-discord-notifier.py.
+# The yaml needs to be in the same folder as the wazuh-ntfy-notifier.py and wazuh-discord-notifier.py
+
+# COMMON (custom-wazuh-notifiers.py) configuration settings start here.
+# 1 =  messages will be sent through this message server. 0 = messages will NOT be sent through this message server.
+
+discord_enabled: 1
+ntfy_enabled: 1
+targets: "discord,ntfy"
+
+# Exclude rules that are listed in the ossec.conf active response definition.
+
+excluded_rules: "5401, 5403"
+excluded_agents: "999"
+
+# Priority mapping from 1-12 (Wazuh events) to 1-5 (Discord and ntfy notification)
+
+notifier_priority_1: 12, 11, 10
+notifier_priority_2: 9, 8
+notifier_priority_3: 7, 6
+notifier_priority_4: 5, 4
+notifier_priority_5: 3 ,2, 1
+
+# COMMON configuration settings end here.
+
+
+# NTFY configuration settings start here.
+# The default values refer to the hard-coded defaults, if no yaml configuration is found.
+#
+# -u, --server        is the URL of the NTFY server, ending with a "/". Default is https://ntfy.sh/.
+# -s, --sender        is the sender of the message, either an app name or a person. Default is "Wazuh (IDS)".
+# -d, --destination   is the NTFY subscription, to send the message to. Default is none.
+# -p, --priority      is the priority of the message, ranging from 1 (highest), to 5 (lowest). Default is 5.
+# -m, --message       is the text of the message to be sent. Default is "Test message".
+# -t, --tags          is an arbitrary strings of tags (keywords), seperated by a "," (comma). Default is "informational, testing, hard-coded".
+# -c, --click         is a link (URL) that can be followed by tapping/clicking inside the message. Default is https://google.com.
+# -h, --help          shows this help message. Must have no value argument.
+# -v, --view          show config.
+
+ntfy_server: "https://ntfy.sh/"
+ntfy_sender: "Wazuh (IDS)"
+ntfy_destination: "__KleinTest"
+ntfy_priority: "3"
+ntfy_message: "Test message"
+ntfy_tags: "information, testing, yaml"
+ntfy_click: "https://google.com"
+
+# 1 to send the full event data with the message. 0 only sends the message with basic details
+ntfy_full_message: "0"
+
+# NTFY configuration settings end here.
+
+# DISCORD configuration settings start here.
+# The default values refer to the hard-coded defaults, if no yaml configuration is found.
+
+# -u, --server        is the webhook URL of the Discord server. It is stored in .env.
+# -s, --sender        is the sender of the message, either an app name or a person. The default is "Security message".
+# -d, --destination   is the destination (actually the originator) of the message, either an app name or a person. Default is "Wazuh (IDS)"
+# -p, --priority      is the priority of the message, ranging from 1 (highest), to 5 (lowest). Default is 5.
+# -m, --message       is the text of the message to be sent. Default is "Test message", but may include --tags and/or --click.
+# -t, --tags          is an arbitrary strings of tags (keywords), seperated by a "," (comma). Default is "informational, testing, hard-coded".
+# -c, --click         is a link (URL) that can be followed by tapping/clicking inside the message. Default is https://google.com.
+# -h, --help          shows this help message. Must have no value argument.
+# -v, --view          show config.
+
+discord_server: "not used! The webhook (server) is a secret stored in .env"
+discord_sender: "Security message"
+discord_destination: "WAZUH (IDS)"
+discord_priority: 3
+discord_message: "Test message"
+discord_tags: "informational, testing, yaml"
+discord_click: "https://google.com"
+
+# 1 to send the full event data with the message. 0 only sends the message with basic details
+discord_full_message: "0"
+
+# DISCORD configuration settings ends here.
+
+#end of yaml
+...
+
+
+

wazuh-notify-go/go.mod

@@ -0,0 +1,8 @@
+module wazuh-notify
+
+go 1.22
+
+require (
+	github.com/joho/godotenv v1.5.1
+	gopkg.in/yaml.v2 v2.4.0
+)

wazuh-notify-go/go.sum

@@ -0,0 +1,6 @@
+github.com/joho/godotenv v1.5.1 h1:7eLL/+HRGLY0ldzfGMeQkb7vMd0as4CfYvUVzLqw0N0=
+github.com/joho/godotenv v1.5.1/go.mod h1:f4LDr5Voq0i2e/R5DDNOoa2zzDfwtkZa6DnEwAbqwq4=
+gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405 h1:yhCVgyC4o1eVCa2tZl7eS0r+SDo693bJlVdllGtEeKM=
+gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
+gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY=
+gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ=

wazuh-notify-go/init.go

@@ -0,0 +1,59 @@
+package main
+
+import (
+	"flag"
+	"github.com/joho/godotenv"
+	"gopkg.in/yaml.v2"
+	"log"
+	"os"
+	"wazuh-notify/types"
+)
+
+var configParams types.Params
+
+func initNotify() {
+	err := godotenv.Load()
+	if err != nil {
+		log.Fatalf(".env not found: %v", err)
+		return
+	}
+
+	flag.StringVar(&inputParams.Server, "server", "", "is the webhook URL of the Discord server. It is stored in .env.")
+	flag.StringVar(&inputParams.Click, "click", "", "is a link (URL) that can be followed by tapping/clicking inside the message. Default is https://google.com.")
+	flag.StringVar(&inputParams.Destination, "destination", "", "is the destination (actually the originator) of the message, either an app name or a person. Default is \"Wazuh (IDS)\"")
+	flag.StringVar(&inputParams.Message, "message", "", "is the text of the message to be sent. Default is \"Test message\", but may include --tags and/or --click.")
+	flag.IntVar(&inputParams.Priority, "priority", 0, "is the priority of the message, ranging from 1 (highest), to 5 (lowest). Default is 5.")
+	flag.StringVar(&inputParams.Sender, "sender", "", "is the sender of the message, either an app name or a person. The default is \"Security message\".")
+	flag.StringVar(&inputParams.Tags, "tags", "", "is an arbitrary strings of tags (keywords), seperated by a \",\" (comma). Default is \"informational,testing,hard-coded\".")
+	flag.StringVar(&inputParams.Targets, "targets", "", "is a list of targets to send notifications to. Default is \"discord\".")
+
+	flag.Parse()
+
+	yamlFile, err := os.ReadFile("./config.yaml")
+	yaml.Unmarshal(yamlFile, &configParams)
+
+	if inputParams.Server == "" {
+		inputParams.Server = configParams.Server
+	}
+	if inputParams.Click == "" {
+		inputParams.Click = configParams.Click
+	}
+	if inputParams.Destination == "" {
+		inputParams.Destination = configParams.Destination
+	}
+	if inputParams.Message == "" {
+		inputParams.Message = configParams.Message
+	}
+	if inputParams.Priority == 0 {
+		inputParams.Priority = configParams.Priority
+	}
+	if inputParams.Sender == "" {
+		inputParams.Sender = configParams.Sender
+	}
+	if inputParams.Tags == "" {
+		inputParams.Tags = configParams.Tags
+	}
+	if inputParams.Targets == "" {
+		inputParams.Targets = configParams.Targets
+	}
+}

wazuh-notify-go/main.go

@@ -0,0 +1,21 @@
+package main
+
+import (
+	"strings"
+	"wazuh-notify/notification"
+	"wazuh-notify/types"
+)
+
+var inputParams types.Params
+
+func main() {
+	initNotify()
+	for _, target := range strings.Split(inputParams.Targets, ",") {
+		switch target {
+		case "discord":
+			notification.SendDiscord(inputParams)
+		case "ntfy":
+			notification.SendNtfy(inputParams)
+		}
+	}
+}

wazuh-notify-go/notification/discord.go

@@ -0,0 +1,42 @@
+package notification
+
+import (
+	"bytes"
+	"encoding/json"
+	"fmt"
+	"log"
+	"net/http"
+	"os"
+	"wazuh-notify/types"
+)
+
+func SendDiscord(params types.Params) {
+	embedDescription := fmt.Sprintf("\n\n %s \n\nPriority: %x\nTags: %s\n\n%s",
+		params.Message,
+		params.Priority,
+		params.Tags,
+		params.Click,
+	)
+
+	message := types.Message{
+		Username: params.Sender,
+		Embeds: []types.Embed{
+			{
+				Title:       params.Destination,
+				Description: embedDescription,
+			},
+		},
+	}
+
+	payload := new(bytes.Buffer)
+
+	err := json.NewEncoder(payload).Encode(message)
+	if err != nil {
+		return
+	}
+
+	_, err = http.Post(os.Getenv("DISCORD_WEBHOOK"), "application/json", payload)
+	if err != nil {
+		log.Fatalf("An Error Occured %v", err)
+	}
+}

wazuh-notify-go/notification/ntfy.go

@@ -0,0 +1,33 @@
+package notification
+
+import (
+	"net/http"
+	"os"
+	"strconv"
+	"strings"
+	"time"
+	"wazuh-notify/types"
+)
+
+func SendNtfy(params types.Params) {
+
+	payload := time.Now().Format(time.RFC3339) + "\n\n" + params.Message
+
+	req, _ := http.NewRequest("POST", os.Getenv("NTFY_URL"), strings.NewReader(payload))
+	req.Header.Set("Content-Type", "text/plain")
+
+	if params.Sender != "" {
+		req.Header.Add("Title", params.Sender)
+	}
+	if params.Tags != "" {
+		req.Header.Add("Tags", params.Tags)
+	}
+	if params.Click != "" {
+		req.Header.Add("Click", params.Click)
+	}
+	if params.Priority != 0 {
+		req.Header.Add("Priority", strconv.Itoa(params.Priority))
+	}
+
+	http.DefaultClient.Do(req)
+}

wazuh-notify-go/types/types.go

@@ -0,0 +1,25 @@
+package types
+
+type Params struct {
+	Server      string `yaml:"discord_server"`
+	Sender      string `yaml:"discord_sender"`
+	Destination string `yaml:"discord_destination"`
+	Priority    int    `yaml:"discord_priority"`
+	Message     string `yaml:"discord_message"`
+	Tags        string `yaml:"discord_tags"`
+	Click       string `yaml:"discord_click"`
+	Targets     string `yaml:"targets"`
+}
+
+type Message struct {
+	Username  string  `json:"username,omitempty"`
+	AvatarUrl string  `json:"avatar_url,omitempty"`
+	Content   string  `json:"content,omitempty"`
+	Embeds    []Embed `json:"embeds,omitempty"`
+}
+
+type Embed struct {
+	Title       string `json:"title,omitempty"`
+	Description string `json:"description,omitempty"`
+	Color       string `json:"color,omitempty"`
+}