From c6f365ff544be5b75875b9ff3eef5c8f0c427a99 Mon Sep 17 00:00:00 2001
From: Darius <darius.klein@student.hu.nl>
Date: Mon, 27 May 2024 13:59:28 +0200
Subject: [PATCH] ntfy change

---
 wazuh-notify-config.toml             |  5 +++++
 wazuh-notify-go/notification/ntfy.go | 12 ++++++------
 2 files changed, 11 insertions(+), 6 deletions(-)

diff --git a/wazuh-notify-config.toml b/wazuh-notify-config.toml
index ef0c386..6aeb34c 100644
--- a/wazuh-notify-config.toml
+++ b/wazuh-notify-config.toml
@@ -24,26 +24,31 @@ click = "https://documentation.wazuh.com/"
 [[priority_map]]
 threat_map = [15, 14, 13, 12]
 mention_threshold = 1
+notify_threshold = 1
 color = 0xec3e40 # Red, SEVERE
 
 [[priority_map]]
 threat_map = [11, 10, 9]
 mention_threshold = 1
+notify_threshold = 1
 color = 0xff9b2b # Orange, HIGH
 
 [[priority_map]]
 threat_map = [8, 7, 6]
 mention_threshold = 5
+notify_threshold = 5
 color = 0xf5d800 # Yellow, ELEVATED
 
 [[priority_map]]
 threat_map = [5, 4]
 mention_threshold = 20
+notify_threshold = 5
 color = 0x377fc7 # Blue, GUARDED
 
 [[priority_map]]
 threat_map = [3, 2, 1, 0]
 mention_threshold = 20
+notify_threshold = 5
 color = 0x01a465 # Green, LOW
 
 ################ End of priority mapping ##################################
diff --git a/wazuh-notify-go/notification/ntfy.go b/wazuh-notify-go/notification/ntfy.go
index f9eb109..456bc1f 100644
--- a/wazuh-notify-go/notification/ntfy.go
+++ b/wazuh-notify-go/notification/ntfy.go
@@ -29,15 +29,15 @@ func SendNtfy(params types.Params) {
 			"```"
 	} else {
 		payload = time.Now().Format(time.RFC3339) + "\n\n" +
-			"Agent: " + params.WazuhMessage.Parameters.Alert.Agent.Name + "\n" +
-			"Event id: " + params.WazuhMessage.Parameters.Alert.Rule.ID + "\n" +
-			"Description: " + params.WazuhMessage.Parameters.Alert.Rule.Description + "\n" +
-			"Threat level: " + strconv.Itoa(params.WazuhMessage.Parameters.Alert.Rule.Level) + "\n" +
-			"Times fired: " + strconv.Itoa(params.WazuhMessage.Parameters.Alert.Rule.Firedtimes) + "\n"
+			"**Agent:** " + params.WazuhMessage.Parameters.Alert.Agent.Name + "\n" +
+			"**Event id:** " + params.WazuhMessage.Parameters.Alert.Rule.ID + "\n" +
+			"**Description:** " + params.WazuhMessage.Parameters.Alert.Rule.Description + "\n" +
+			"**Threat level:** " + strconv.Itoa(params.WazuhMessage.Parameters.Alert.Rule.Level) + "\n" +
+			"**Times fired:** " + strconv.Itoa(params.WazuhMessage.Parameters.Alert.Rule.Firedtimes) + "\n"
 	}
 
 	req, _ := http.NewRequest("POST", os.Getenv("NTFY_URL"), strings.NewReader(payload))
-	req.Header.Set("Content-Type", "text/plain")
+	req.Header.Set("Content-Type", "text/markdown")
 
 	if params.General.Sender != "" {
 		req.Header.Add("Title", params.General.Sender)