exclude rules added

full message added
2024-05-10 14:23:54 +02:00 · 2024-05-10 14:23:54 +02:00 · cc7f93ba64
commit cc7f93ba64
parent 7e95376a22
5 changed files with 82 additions and 28 deletions
--- a/wazuh-notify-go/notification/discord.go
+++ b/wazuh-notify-go/notification/discord.go
@ -6,21 +6,43 @@ import (
 	"log"
 	"net/http"
 	"os"
 	"slices"
 	"strconv"
 	"strings"
 	"wazuh-notify/types"
 )
 func SendDiscord(params types.Params) {
-	embedDescription := "\n\n" +
+
-		"**Agent:** " + params.WazuhMessage.Parameters.Alert.Agent.Name + "\n" +
+	var embedDescription string
-		"**Event id:** " + params.WazuhMessage.Parameters.Alert.Rule.ID + "\n" +
+
-		"**Description:** " + params.WazuhMessage.Parameters.Alert.Rule.Description + "\n" +
+	if slices.Contains(strings.Split(params.FullMessage, ","), "discord") {
-		"**Threat level:** " + strconv.Itoa(params.WazuhMessage.Parameters.Alert.Rule.Level) + "\n" +
+		fullMessage, _ := json.MarshalIndent(params.WazuhMessage, "", "  ")
-		"**Times fired:** " + strconv.Itoa(params.WazuhMessage.Parameters.Alert.Rule.Firedtimes) +
+		fullMessageString := strings.ReplaceAll(string(fullMessage), `"`, "")
-		"\n\n" +
+		fullMessageString = strings.ReplaceAll(fullMessageString, "{", "")
-		"Priority: " + strconv.Itoa(params.Priority) + "\n" +
+		fullMessageString = strings.ReplaceAll(fullMessageString, "}", "")
-		"Tags: " + params.Tags + "\n\n" +
+		fullMessageString = strings.ReplaceAll(fullMessageString, "[", "")
-		params.Click
+		fullMessageString = strings.ReplaceAll(fullMessageString, "]", "")
 		fullMessageString = strings.ReplaceAll(fullMessageString, " ,", "")
 		embedDescription = "\n\n ```" +
 			fullMessageString +
 			"```\n\n" +
 			"Priority: " + strconv.Itoa(params.Priority) + "\n" +
 			"Tags: " + params.Tags + "\n\n" +
 			params.Click
 	} else {
 		embedDescription = "\n\n" +
 			"**Agent:** " + params.WazuhMessage.Parameters.Alert.Agent.Name + "\n" +
 			"**Event id:** " + params.WazuhMessage.Parameters.Alert.Rule.ID + "\n" +
 			"**Description:** " + params.WazuhMessage.Parameters.Alert.Rule.Description + "\n" +
 			"**Threat level:** " + strconv.Itoa(params.WazuhMessage.Parameters.Alert.Rule.Level) + "\n" +
 			"**Times fired:** " + strconv.Itoa(params.WazuhMessage.Parameters.Alert.Rule.Firedtimes) +
 			"\n\n" +
 			"Priority: " + strconv.Itoa(params.Priority) + "\n" +
 			"Tags: " + params.Tags + "\n\n" +
 			params.Click
 	}
 	var color int
--- a/wazuh-notify-go/services/filters.go
+++ b/wazuh-notify-go/services/filters.go
@ -0,0 +1,24 @@
 package services
 import (
 	"os"
 	"strings"
 	"wazuh-notify/log"
 )
 func Filter() {
 	for _, rule := range strings.Split(inputParams.ExcludedRules, ",") {
 		if rule == inputParams.WazuhMessage.Parameters.Alert.Rule.ID {
 			log.Log("rule excluded")
 			log.CloseLogFile()
 			os.Exit(0)
 		}
 	}
 	for _, agent := range strings.Split(inputParams.ExcludedAgents, ",") {
 		if agent == inputParams.WazuhMessage.Parameters.Alert.Agent.ID {
 			log.Log("agent excluded")
 			log.CloseLogFile()
 			os.Exit(0)
 		}
 	}
 }
--- a/wazuh-notify-go/services/init.go
+++ b/wazuh-notify-go/services/init.go
@ -56,6 +56,9 @@ func InitNotify() types.Params {
 	log.Log(string(inputParamString))
 	inputParams.Targets = configParams.Targets
 	inputParams.FullMessage = configParams.FullMessage
 	inputParams.ExcludedAgents = configParams.ExcludedAgents
 	inputParams.ExcludedRules = configParams.ExcludedRules
 	wazuhInput()
@ -73,6 +76,8 @@ func wazuhInput() {
 	inputParams.WazuhMessage = wazuhData
 	Filter()
 	log.Log("Wazuh data loaded")
 	inputParamString, _ := json.Marshal(inputParams)
 	log.Log(string(inputParamString))
--- a/wazuh-notify-go/types/types.go
+++ b/wazuh-notify-go/types/types.go
@ -1,18 +1,21 @@
 package types
 type Params struct {
-	Url          string
+	Url            string
-	Sender       string `yaml:"sender,omitempty"`
+	Sender         string `yaml:"sender,omitempty"`
-	Priority     int
+	Priority       int
-	Tags         string
+	Tags           string
-	Click        string `yaml:"click,omitempty"`
+	Click          string `yaml:"click,omitempty"`
-	Targets      string `yaml:"targets,omitempty"`
+	Targets        string `yaml:"targets,omitempty"`
-	WazuhMessage WazuhMessage
+	FullMessage    string `yaml:"full_message,omitempty"`
-	Priority1    []int `yaml:"priority_1"`
+	ExcludedRules  string `yaml:"excluded_rules,omitempty"`
-	Priority2    []int `yaml:"priority_2"`
+	ExcludedAgents string `yaml:"excluded_agents,omitempty"`
-	Priority3    []int `yaml:"priority_3"`
+	WazuhMessage   WazuhMessage
-	Priority4    []int `yaml:"priority_4"`
+	Priority1      []int `yaml:"priority_1"`
-	Priority5    []int `yaml:"priority_5"`
+	Priority2      []int `yaml:"priority_2"`
 	Priority3      []int `yaml:"priority_3"`
 	Priority4      []int `yaml:"priority_4"`
 	Priority5      []int `yaml:"priority_5"`
 }
 type Message struct {
--- a/wazuh-notify-go/wazuh-notify-config.yaml
+++ b/wazuh-notify-go/wazuh-notify-config.yaml
@ -9,16 +9,16 @@ full_message: "discord,ntfy"
 # Exclude rules that are listed in the ossec.conf active response definition.
-excluded_rules: "5401, 5403"
+excluded_rules: "5401,5403"
 excluded_agents: "999"
 # Priority mapping from 1-12 (Wazuh events) to 1-5 (Discord and ntfy notification)
-priority_5: [ 15,14,13,12 ]
+priority_5: [15,14,13,12]
-priority_4: [ 11,10,9 ]
+priority_4: [11,10,9]
-priority_3: [ 8,7,6 ]
+priority_3: [8,7,6]
-priority_2: [ 5,4 ]
+priority_2: [5,4]
-priority_1: [ 3,2,1,0 ]
+priority_1: [3,2,1,0]
 sender: "Wazuh (IDS)"
 click: "https://google.com"