added filter based on description

2024-11-29 11:48:51 +01:00 · 2024-11-29 11:48:51 +01:00 · ac5d2babbd
commit ac5d2babbd
parent bb4d4cf76f
5 changed files with 22 additions and 7 deletions
--- a/.github/workflows/golang.yml
+++ b/.github/workflows/golang.yml
@ -32,3 +32,4 @@ jobs:
        tag_name: Golang-vx.x.x
        files: |
          wazuh-notify-go/wazuh-notify
+          wazuh-notify-go/wazuh-notify-config.toml
--- a/wazuh-notify-go/go.mod
+++ b/wazuh-notify-go/go.mod
@ -1,6 +1,6 @@
 module wazuh-notify

-go 1.22
+go 1.23

 require (
 	github.com/BurntSushi/toml v1.4.0
--- a/wazuh-notify-go/services/filters.go
+++ b/wazuh-notify-go/services/filters.go
@ -22,4 +22,11 @@ func Filter(params types.Params) {
 			os.Exit(0)
 		}
 	}
+	for _, description := range params.General.ExcludedDescription {
+		if strings.Contains(params.WazuhMessage.Parameters.Alert.FullLog, description) {
+			log.Log("excluded based on description")
+			log.CloseLogFile()
+			os.Exit(0)
+		}
+	}
 }
--- a/wazuh-notify-go/types/params.go
+++ b/wazuh-notify-go/types/params.go
@ -19,6 +19,7 @@ type General struct {
 	ExcludedAgents      string   `toml:"excluded_agents"`
 	Sender              string   `toml:"sender"`
 	Click               string   `toml:"click"`
+	ExcludedDescription []string `toml:"exclude_descriptions"`
 }
 type PriorityMap struct {
 	ThreatMap        []int `toml:"threat_map"`
--- a/wazuh-notify-go/wazuh-notify-config.toml
+++ b/wazuh-notify-go/wazuh-notify-config.toml
@ -14,6 +14,12 @@ full_alert = ""
 excluded_rules = "99999, 00000"
 excluded_agents = "99999"

+# Exclude specific rules by string contained in description
+# These settings provide an easier way to disable events from firing the notifiers.
+exclude_descriptions = [
+    ""
+]
+
 # The next 2 settings are used to add information to the messages.
 sender = "Wazuh (IDS)"
 click = "https://documentation.wazuh.com/"