From 69b0c95193bb6198f87a698d7c33ca1a4022b314 Mon Sep 17 00:00:00 2001
From: Darius <darius.klein@student.hu.nl>
Date: Mon, 27 May 2024 11:44:24 +0200
Subject: [PATCH] slack added

---
 wazuh-notify-go/main.go               |  5 +-
 wazuh-notify-go/notification/slack.go | 72 +++++++++++++++++++++++++++
 2 files changed, 76 insertions(+), 1 deletion(-)

diff --git a/wazuh-notify-go/main.go b/wazuh-notify-go/main.go
index d0a2980..3e34362 100644
--- a/wazuh-notify-go/main.go
+++ b/wazuh-notify-go/main.go
@@ -18,7 +18,10 @@ func main() {
 		case "ntfy":
 			log.Log(target)
 			notification.SendNtfy(inputParams)
+		case "slack":
+			log.Log(target)
+			notification.SendSlack(inputParams)
 		}
 	}
-    log.CloseLogFile()
+	log.CloseLogFile()
 }
diff --git a/wazuh-notify-go/notification/slack.go b/wazuh-notify-go/notification/slack.go
index 4306c87..375a3ea 100644
--- a/wazuh-notify-go/notification/slack.go
+++ b/wazuh-notify-go/notification/slack.go
@@ -1 +1,73 @@
 package notification
+
+import (
+	"bytes"
+	"encoding/json"
+	"log"
+	"net/http"
+	"os"
+	"slices"
+	"strconv"
+	"strings"
+	"time"
+	"wazuh-notify/types"
+)
+
+func SendSlack(params types.Params) {
+
+	var embedDescription string
+
+	if slices.Contains(strings.Split(params.FullAlert, ","), "slack") {
+		fullAlert, _ := json.MarshalIndent(params.WazuhMessage, "", "  ")
+		fullAlertString := strings.ReplaceAll(string(fullAlert), `"`, "")
+		fullAlertString = strings.ReplaceAll(fullAlertString, "{", "")
+		fullAlertString = strings.ReplaceAll(fullAlertString, "}", "")
+		fullAlertString = strings.ReplaceAll(fullAlertString, "[", "")
+		fullAlertString = strings.ReplaceAll(fullAlertString, "]", "")
+		fullAlertString = strings.ReplaceAll(fullAlertString, " ,", "")
+
+		embedDescription = "\n\n ```" +
+			fullAlertString +
+			"```\n\n" +
+			"Priority: " + strconv.Itoa(params.Priority) + "\n" +
+			"Tags: " + params.Tags + "\n\n" +
+			params.Click
+	} else {
+		embedDescription = "\n\n" +
+			"**Timestamp: **" + time.Now().Format(time.DateTime) + "\n" +
+			"**Agent:** " + params.WazuhMessage.Parameters.Alert.Agent.Name + "\n" +
+			"**Event id:** " + params.WazuhMessage.Parameters.Alert.Rule.ID + "\n" +
+			"**Rule:** " + params.WazuhMessage.Parameters.Alert.Rule.Description + "\n" +
+			"**Description: **" + params.WazuhMessage.Parameters.Alert.FullLog + "\n" +
+			"**Threat level:** " + strconv.Itoa(params.WazuhMessage.Parameters.Alert.Rule.Level) + "\n" +
+			"**Times fired:** " + strconv.Itoa(params.WazuhMessage.Parameters.Alert.Rule.Firedtimes) +
+			"\n\n" +
+			"Priority: " + strconv.Itoa(params.Priority) + "\n" +
+			"Tags: " + params.Tags + "\n\n" +
+			params.Click
+	}
+
+	message := types.Message{
+		Username: params.Sender,
+		Content:  params.Mention,
+		Embeds: []types.Embed{
+			{
+				Title:       params.Sender,
+				Description: embedDescription,
+				Color:       params.Color,
+			},
+		},
+	}
+
+	payload := new(bytes.Buffer)
+
+	err := json.NewEncoder(payload).Encode(message)
+	if err != nil {
+		return
+	}
+
+	_, err = http.Post(os.Getenv("SLACK_URL"), "application/json", payload)
+	if err != nil {
+		log.Fatalf("An Error Occured %v", err)
+	}
+}