exclude rules added

full message added
2024-05-10 14:23:54 +02:00 · 2024-05-10 14:23:54 +02:00 · cc7f93ba64
commit cc7f93ba64
parent 7e95376a22
5 changed files with 82 additions and 28 deletions
--- a/wazuh-notify-go/notification/discord.go
+++ b/wazuh-notify-go/notification/discord.go
@ -6,12 +6,33 @@ import (
 	"log"
 	"net/http"
 	"os"
+	"slices"
 	"strconv"
+	"strings"
 	"wazuh-notify/types"
 )

 func SendDiscord(params types.Params) {
-	embedDescription := "\n\n" +
+
+	var embedDescription string
+
+	if slices.Contains(strings.Split(params.FullMessage, ","), "discord") {
+		fullMessage, _ := json.MarshalIndent(params.WazuhMessage, "", "  ")
+		fullMessageString := strings.ReplaceAll(string(fullMessage), `"`, "")
+		fullMessageString = strings.ReplaceAll(fullMessageString, "{", "")
+		fullMessageString = strings.ReplaceAll(fullMessageString, "}", "")
+		fullMessageString = strings.ReplaceAll(fullMessageString, "[", "")
+		fullMessageString = strings.ReplaceAll(fullMessageString, "]", "")
+		fullMessageString = strings.ReplaceAll(fullMessageString, " ,", "")
+
+		embedDescription = "\n\n ```" +
+			fullMessageString +
+			"```\n\n" +
+			"Priority: " + strconv.Itoa(params.Priority) + "\n" +
+			"Tags: " + params.Tags + "\n\n" +
+			params.Click
+	} else {
+		embedDescription = "\n\n" +
 			"**Agent:** " + params.WazuhMessage.Parameters.Alert.Agent.Name + "\n" +
 			"**Event id:** " + params.WazuhMessage.Parameters.Alert.Rule.ID + "\n" +
 			"**Description:** " + params.WazuhMessage.Parameters.Alert.Rule.Description + "\n" +
@ -21,6 +42,7 @@ func SendDiscord(params types.Params) {
 			"Priority: " + strconv.Itoa(params.Priority) + "\n" +
 			"Tags: " + params.Tags + "\n\n" +
 			params.Click
+	}

 	var color int

--- a/wazuh-notify-go/services/filters.go
+++ b/wazuh-notify-go/services/filters.go
@ -0,0 +1,24 @@
+package services
+
+import (
+	"os"
+	"strings"
+	"wazuh-notify/log"
+)
+
+func Filter() {
+	for _, rule := range strings.Split(inputParams.ExcludedRules, ",") {
+		if rule == inputParams.WazuhMessage.Parameters.Alert.Rule.ID {
+			log.Log("rule excluded")
+			log.CloseLogFile()
+			os.Exit(0)
+		}
+	}
+	for _, agent := range strings.Split(inputParams.ExcludedAgents, ",") {
+		if agent == inputParams.WazuhMessage.Parameters.Alert.Agent.ID {
+			log.Log("agent excluded")
+			log.CloseLogFile()
+			os.Exit(0)
+		}
+	}
+}
--- a/wazuh-notify-go/services/init.go
+++ b/wazuh-notify-go/services/init.go
@ -56,6 +56,9 @@ func InitNotify() types.Params {
 	log.Log(string(inputParamString))

 	inputParams.Targets = configParams.Targets
+	inputParams.FullMessage = configParams.FullMessage
+	inputParams.ExcludedAgents = configParams.ExcludedAgents
+	inputParams.ExcludedRules = configParams.ExcludedRules

 	wazuhInput()

@ -73,6 +76,8 @@ func wazuhInput() {

 	inputParams.WazuhMessage = wazuhData

+	Filter()
+
 	log.Log("Wazuh data loaded")
 	inputParamString, _ := json.Marshal(inputParams)
 	log.Log(string(inputParamString))
--- a/wazuh-notify-go/types/types.go
+++ b/wazuh-notify-go/types/types.go
@ -7,6 +7,9 @@ type Params struct {
 	Tags           string
 	Click          string `yaml:"click,omitempty"`
 	Targets        string `yaml:"targets,omitempty"`
+	FullMessage    string `yaml:"full_message,omitempty"`
+	ExcludedRules  string `yaml:"excluded_rules,omitempty"`
+	ExcludedAgents string `yaml:"excluded_agents,omitempty"`
 	WazuhMessage   WazuhMessage
 	Priority1      []int `yaml:"priority_1"`
 	Priority2      []int `yaml:"priority_2"`