From c7aed4a9a7fa645c09d73fd51ae0d2b589f2f09e Mon Sep 17 00:00:00 2001 From: darius Date: Mon, 13 May 2024 16:03:00 +0200 Subject: [PATCH 1/2] alot of ifs to loop --- wazuh-notify-go/notification/discord.go | 35 ++----------------------- wazuh-notify-go/services/init.go | 11 +++++++- wazuh-notify-go/services/mapping.go | 22 ---------------- wazuh-notify-go/types/types.go | 2 ++ 4 files changed, 14 insertions(+), 56 deletions(-) delete mode 100644 wazuh-notify-go/services/mapping.go diff --git a/wazuh-notify-go/notification/discord.go b/wazuh-notify-go/notification/discord.go index f6b977a..ac543a5 100644 --- a/wazuh-notify-go/notification/discord.go +++ b/wazuh-notify-go/notification/discord.go @@ -45,45 +45,14 @@ func SendDiscord(params types.Params) { params.Click } - var color int - var mention string - - switch params.Priority { - case 1: - color = params.PriorityMaps[4].Color - if params.WazuhMessage.Parameters.Alert.Rule.Firedtimes >= params.PriorityMaps[4].MentionThreshold { - mention = "@here" - } - case 2: - color = params.PriorityMaps[3].Color - if params.WazuhMessage.Parameters.Alert.Rule.Firedtimes >= params.PriorityMaps[3].MentionThreshold { - mention = "@here" - } - case 3: - color = params.PriorityMaps[2].Color - if params.WazuhMessage.Parameters.Alert.Rule.Firedtimes >= params.PriorityMaps[2].MentionThreshold { - mention = "@here" - } - case 4: - color = params.PriorityMaps[1].Color - if params.WazuhMessage.Parameters.Alert.Rule.Firedtimes >= params.PriorityMaps[1].MentionThreshold { - mention = "@here" - } - case 5: - color = params.PriorityMaps[0].Color - if params.WazuhMessage.Parameters.Alert.Rule.Firedtimes >= params.PriorityMaps[0].MentionThreshold { - mention = "@here" - } - } - message := types.Message{ Username: params.Sender, - Content: mention, + Content: params.Mention, Embeds: []types.Embed{ { Title: params.Sender, Description: embedDescription, - Color: color, + Color: params.Color, }, }, } diff --git a/wazuh-notify-go/services/init.go b/wazuh-notify-go/services/init.go index 88aabb6..4f0ddf2 100644 --- a/wazuh-notify-go/services/init.go +++ b/wazuh-notify-go/services/init.go @@ -8,6 +8,7 @@ import ( "gopkg.in/yaml.v2" "os" "path" + "slices" "strings" "wazuh-notify/log" "wazuh-notify/types" @@ -74,7 +75,15 @@ func wazuhInput() { json.NewDecoder(reader).Decode(&wazuhData) - inputParams.Priority = mapPriority() + for i, _ := range configParams.PriorityMaps { + if slices.Contains(configParams.PriorityMaps[i].ThreatMap, wazuhData.Parameters.Alert.Rule.Level) { + inputParams.Color = inputParams.PriorityMaps[i].Color + if inputParams.WazuhMessage.Parameters.Alert.Rule.Firedtimes >= inputParams.PriorityMaps[i].MentionThreshold { + inputParams.Mention = "@here" + } + inputParams.Priority = 5 - i + } + } inputParams.Tags += strings.Join(wazuhData.Parameters.Alert.Rule.Groups, ",") diff --git a/wazuh-notify-go/services/mapping.go b/wazuh-notify-go/services/mapping.go deleted file mode 100644 index c289491..0000000 --- a/wazuh-notify-go/services/mapping.go +++ /dev/null @@ -1,22 +0,0 @@ -package services - -import "slices" - -func mapPriority() int { - if slices.Contains(configParams.PriorityMaps[4].ThreatMap, wazuhData.Parameters.Alert.Rule.Level) { - return 1 - } - if slices.Contains(configParams.PriorityMaps[3].ThreatMap, wazuhData.Parameters.Alert.Rule.Level) { - return 2 - } - if slices.Contains(configParams.PriorityMaps[2].ThreatMap, wazuhData.Parameters.Alert.Rule.Level) { - return 3 - } - if slices.Contains(configParams.PriorityMaps[1].ThreatMap, wazuhData.Parameters.Alert.Rule.Level) { - return 4 - } - if slices.Contains(configParams.PriorityMaps[0].ThreatMap, wazuhData.Parameters.Alert.Rule.Level) { - return 5 - } - return 0 -} diff --git a/wazuh-notify-go/types/types.go b/wazuh-notify-go/types/types.go index c543cc4..ce40ca3 100644 --- a/wazuh-notify-go/types/types.go +++ b/wazuh-notify-go/types/types.go @@ -10,6 +10,8 @@ type Params struct { FullMessage string `yaml:"full_message,omitempty"` ExcludedRules string `yaml:"excluded_rules,omitempty"` ExcludedAgents string `yaml:"excluded_agents,omitempty"` + Color int + Mention string WazuhMessage WazuhMessage PriorityMaps []PriorityMap `yaml:"priority_map"` } From 09f26a10dc00d3e3a02d391d716ab572aedb5292 Mon Sep 17 00:00:00 2001 From: darius Date: Fri, 17 May 2024 18:42:16 +0200 Subject: [PATCH 2/2] hmmmmmmmmmmmmmmmmmmmm --- wazuh-notify-go/services/init.go | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/wazuh-notify-go/services/init.go b/wazuh-notify-go/services/init.go index 4f0ddf2..0a39453 100644 --- a/wazuh-notify-go/services/init.go +++ b/wazuh-notify-go/services/init.go @@ -75,6 +75,10 @@ func wazuhInput() { json.NewDecoder(reader).Decode(&wazuhData) + inputParams.Tags += strings.Join(wazuhData.Parameters.Alert.Rule.Groups, ",") + + inputParams.WazuhMessage = wazuhData + for i, _ := range configParams.PriorityMaps { if slices.Contains(configParams.PriorityMaps[i].ThreatMap, wazuhData.Parameters.Alert.Rule.Level) { inputParams.Color = inputParams.PriorityMaps[i].Color @@ -85,10 +89,6 @@ func wazuhInput() { } } - inputParams.Tags += strings.Join(wazuhData.Parameters.Alert.Rule.Groups, ",") - - inputParams.WazuhMessage = wazuhData - Filter() log.Log("Wazuh data loaded")