From 43999ff91437fe8a4f437e68b547c56d32f9bbbe Mon Sep 17 00:00:00 2001 From: darius Date: Thu, 9 May 2024 21:00:24 +0200 Subject: [PATCH 1/7] priority + tags fix --- wazuh-notify-go/services/init.go | 9 ++++++--- wazuh-notify-go/services/mapping.go | 13 +++++++------ wazuh-notify-go/wazuh-notify-config.yaml | 10 +++++----- 3 files changed, 18 insertions(+), 14 deletions(-) diff --git a/wazuh-notify-go/services/init.go b/wazuh-notify-go/services/init.go index cdb01d5..ff99215 100644 --- a/wazuh-notify-go/services/init.go +++ b/wazuh-notify-go/services/init.go @@ -9,6 +9,7 @@ import ( "os" "path" "runtime" + "strings" "wazuh-notify/log" "wazuh-notify/types" ) @@ -33,8 +34,6 @@ func InitNotify() types.Params { log.Log("env loaded") } - wazuhInput() - yamlFile, err := os.ReadFile(path.Join(BasePath, "../../etc/wazuh-notify-config.yaml")) if err != nil { log.Log("yaml failed to load") @@ -56,6 +55,8 @@ func InitNotify() types.Params { log.Log("params loaded") inputParams.Targets = configParams.Targets + wazuhInput() + return inputParams } @@ -64,7 +65,9 @@ func wazuhInput() { json.NewDecoder(reader).Decode(&wazuhData) - mapPriority() + inputParams.Priority = mapPriority() + + inputParams.Tags += strings.Join(wazuhData.Parameters.Alert.Rule.Groups, ",") inputParams.WazuhMessage = wazuhData } diff --git a/wazuh-notify-go/services/mapping.go b/wazuh-notify-go/services/mapping.go index 90a1219..051ff0f 100644 --- a/wazuh-notify-go/services/mapping.go +++ b/wazuh-notify-go/services/mapping.go @@ -2,20 +2,21 @@ package services import "slices" -func mapPriority() { +func mapPriority() int { if slices.Contains(configParams.Priority1, wazuhData.Parameters.Alert.Rule.Level) { - inputParams.Priority = wazuhData.Parameters.Alert.Rule.Level + return 1 } if slices.Contains(configParams.Priority2, wazuhData.Parameters.Alert.Rule.Level) { - inputParams.Priority = wazuhData.Parameters.Alert.Rule.Level + return 2 } if slices.Contains(configParams.Priority3, wazuhData.Parameters.Alert.Rule.Level) { - inputParams.Priority = wazuhData.Parameters.Alert.Rule.Level + return 3 } if slices.Contains(configParams.Priority4, wazuhData.Parameters.Alert.Rule.Level) { - inputParams.Priority = wazuhData.Parameters.Alert.Rule.Level + return 4 } if slices.Contains(configParams.Priority5, wazuhData.Parameters.Alert.Rule.Level) { - inputParams.Priority = wazuhData.Parameters.Alert.Rule.Level + return 5 } + return 0 } diff --git a/wazuh-notify-go/wazuh-notify-config.yaml b/wazuh-notify-go/wazuh-notify-config.yaml index 50a3302..9f2a28e 100644 --- a/wazuh-notify-go/wazuh-notify-config.yaml +++ b/wazuh-notify-go/wazuh-notify-config.yaml @@ -16,11 +16,11 @@ excluded_agents: "999" # Priority mapping from 1-12 (Wazuh events) to 1-5 (Discord and ntfy notification) -priority_1: 12, 11, 10 -priority_2: 9, 8 -priority_3: 7, 6 -priority_4: 5, 4 -priority_5: 3 ,2, 1 +priority_5: [12,11,10] +priority_4: [9,8] +priority_3: [7,6] +priority_2: [5,4] +priority_1: [3,2,1] sender: "Wazuh (IDS)" click: "https://google.com" From 123dfecadce2ad9783859e6f7d0b9f41474ffb59 Mon Sep 17 00:00:00 2001 From: Darius Date: Thu, 9 May 2024 23:11:41 +0200 Subject: [PATCH 2/7] test --- wazuh-notify-go/log/log.go | 1 - wazuh-notify-go/services/init.go | 4 +--- 2 files changed, 1 insertion(+), 4 deletions(-) diff --git a/wazuh-notify-go/log/log.go b/wazuh-notify-go/log/log.go index 3ebf948..2633ce4 100644 --- a/wazuh-notify-go/log/log.go +++ b/wazuh-notify-go/log/log.go @@ -2,7 +2,6 @@ package log import ( "os" - "path" "time" ) diff --git a/wazuh-notify-go/services/init.go b/wazuh-notify-go/services/init.go index ff99215..eee4aac 100644 --- a/wazuh-notify-go/services/init.go +++ b/wazuh-notify-go/services/init.go @@ -20,9 +20,7 @@ var wazuhData types.WazuhMessage var BasePath string func InitNotify() types.Params { - _, currentFile, _, _ := runtime.Caller(1) - - BasePath = path.Dir(currentFile) + BasePath, _ := os.Executable() log.OpenLogFile(BasePath) From a18ae36dfb239d66507ce42b70e61e92fd2d25b3 Mon Sep 17 00:00:00 2001 From: darius Date: Thu, 9 May 2024 23:13:00 +0200 Subject: [PATCH 3/7] fix --- wazuh-notify-go/log/log.go | 1 + wazuh-notify-go/services/init.go | 1 - 2 files changed, 1 insertion(+), 1 deletion(-) diff --git a/wazuh-notify-go/log/log.go b/wazuh-notify-go/log/log.go index 2633ce4..3ebf948 100644 --- a/wazuh-notify-go/log/log.go +++ b/wazuh-notify-go/log/log.go @@ -2,6 +2,7 @@ package log import ( "os" + "path" "time" ) diff --git a/wazuh-notify-go/services/init.go b/wazuh-notify-go/services/init.go index eee4aac..1e7aea5 100644 --- a/wazuh-notify-go/services/init.go +++ b/wazuh-notify-go/services/init.go @@ -8,7 +8,6 @@ import ( "gopkg.in/yaml.v2" "os" "path" - "runtime" "strings" "wazuh-notify/log" "wazuh-notify/types" From a6504842f21ab6449a2b19cf4159e34cfd6d85a4 Mon Sep 17 00:00:00 2001 From: Darius Date: Thu, 9 May 2024 23:19:59 +0200 Subject: [PATCH 4/7] fix path --- wazuh-notify-go/services/init.go | 16 +++++++++------- 1 file changed, 9 insertions(+), 7 deletions(-) diff --git a/wazuh-notify-go/services/init.go b/wazuh-notify-go/services/init.go index 1e7aea5..4111836 100644 --- a/wazuh-notify-go/services/init.go +++ b/wazuh-notify-go/services/init.go @@ -4,6 +4,7 @@ import ( "bufio" "encoding/json" "flag" + "fmt" "github.com/joho/godotenv" "gopkg.in/yaml.v2" "os" @@ -19,22 +20,23 @@ var wazuhData types.WazuhMessage var BasePath string func InitNotify() types.Params { - BasePath, _ := os.Executable() + BaseFilePath, _ := os.Executable() + BaseDirPath := path.Dir(BaseFilePath) + + log.OpenLogFile(BaseDirPath) - log.OpenLogFile(BasePath) - - err := godotenv.Load(path.Join(BasePath, "../../etc/.env")) + err := godotenv.Load(path.Join(BaseDirPath, "../../etc/.env")) if err != nil { log.Log("env failed to load") - godotenv.Load(path.Join(BasePath, ".env")) + godotenv.Load(path.Join(BaseDirPath, ".env")) } else { log.Log("env loaded") } - yamlFile, err := os.ReadFile(path.Join(BasePath, "../../etc/wazuh-notify-config.yaml")) + yamlFile, err := os.ReadFile(path.Join(BaseDirPath, "../../etc/wazuh-notify-config.yaml")) if err != nil { log.Log("yaml failed to load") - yamlFile, err = os.ReadFile(path.Join(BasePath, "wazuh-notify-config.yaml")) + yamlFile, err = os.ReadFile(path.Join(BaseDirPath, "wazuh-notify-config.yaml")) } yaml.Unmarshal(yamlFile, &configParams) From ee13db3b07c9f77f24940f8676a9a71b4fa3dc46 Mon Sep 17 00:00:00 2001 From: Darius Date: Thu, 9 May 2024 23:20:52 +0200 Subject: [PATCH 5/7] import fix --- wazuh-notify-go/services/init.go | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/wazuh-notify-go/services/init.go b/wazuh-notify-go/services/init.go index 4111836..82ac9b5 100644 --- a/wazuh-notify-go/services/init.go +++ b/wazuh-notify-go/services/init.go @@ -4,7 +4,6 @@ import ( "bufio" "encoding/json" "flag" - "fmt" "github.com/joho/godotenv" "gopkg.in/yaml.v2" "os" @@ -22,7 +21,7 @@ var BasePath string func InitNotify() types.Params { BaseFilePath, _ := os.Executable() BaseDirPath := path.Dir(BaseFilePath) - + log.OpenLogFile(BaseDirPath) err := godotenv.Load(path.Join(BaseDirPath, "../../etc/.env")) From 7ac4686344d5eef380edc55681540747b756d2f8 Mon Sep 17 00:00:00 2001 From: darius Date: Thu, 9 May 2024 23:27:21 +0200 Subject: [PATCH 6/7] log improve --- wazuh-notify-go/services/init.go | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/wazuh-notify-go/services/init.go b/wazuh-notify-go/services/init.go index 82ac9b5..f6f14a7 100644 --- a/wazuh-notify-go/services/init.go +++ b/wazuh-notify-go/services/init.go @@ -16,7 +16,6 @@ import ( var inputParams types.Params var configParams types.Params var wazuhData types.WazuhMessage -var BasePath string func InitNotify() types.Params { BaseFilePath, _ := os.Executable() @@ -40,6 +39,8 @@ func InitNotify() types.Params { yaml.Unmarshal(yamlFile, &configParams) log.Log("yaml loaded") + configParamString, _ := json.Marshal(configParams) + log.Log(string(configParamString)) flag.StringVar(&inputParams.Url, "url", "", "is the webhook URL of the Discord server. It is stored in .env.") flag.StringVar(&inputParams.Click, "click", configParams.Click, "is a link (URL) that can be followed by tapping/clicking inside the message. Default is https://google.com.") @@ -51,6 +52,9 @@ func InitNotify() types.Params { flag.Parse() log.Log("params loaded") + inputParamString, _ := json.Marshal(inputParams) + log.Log(string(inputParamString)) + inputParams.Targets = configParams.Targets wazuhInput() @@ -68,4 +72,8 @@ func wazuhInput() { inputParams.Tags += strings.Join(wazuhData.Parameters.Alert.Rule.Groups, ",") inputParams.WazuhMessage = wazuhData + + log.Log("Wazuh data loaded") + inputParamString, _ := json.Marshal(inputParams) + log.Log(string(inputParamString)) } From 184622988d92c0baad45cd82dc317875869aef1b Mon Sep 17 00:00:00 2001 From: Darius Date: Thu, 9 May 2024 23:34:39 +0200 Subject: [PATCH 7/7] add log file close back --- wazuh-notify-go/log/log.go | 12 ++++++++++++ wazuh-notify-go/main.go | 1 + 2 files changed, 13 insertions(+) diff --git a/wazuh-notify-go/log/log.go b/wazuh-notify-go/log/log.go index 3ebf948..6597be4 100644 --- a/wazuh-notify-go/log/log.go +++ b/wazuh-notify-go/log/log.go @@ -20,6 +20,18 @@ func OpenLogFile(BasePath string) { } } +func CloseLogFile() { + _, err := logFile.WriteString( + "\n\n#######################################\n## CLOSE ##" + + "\n" + time.Now().String() + + "\n#######################################\n", + ) + if err != nil { + panic(err) + } + logFile.Close() +} + func Log(message string) { if _, err := logFile.WriteString("\n" + message + ": " + time.Now().String()); err != nil { panic(err) diff --git a/wazuh-notify-go/main.go b/wazuh-notify-go/main.go index 807af23..d0a2980 100644 --- a/wazuh-notify-go/main.go +++ b/wazuh-notify-go/main.go @@ -20,4 +20,5 @@ func main() { notification.SendNtfy(inputParams) } } + log.CloseLogFile() }