98 lines
3.0 KiB
Go
98 lines
3.0 KiB
Go
package services
|
|
|
|
import (
|
|
"bufio"
|
|
"encoding/json"
|
|
"flag"
|
|
"github.com/joho/godotenv"
|
|
"gopkg.in/yaml.v2"
|
|
"os"
|
|
"path"
|
|
"slices"
|
|
"strings"
|
|
"wazuh-notify/log"
|
|
"wazuh-notify/types"
|
|
)
|
|
|
|
var inputParams types.Params
|
|
var configParams types.Params
|
|
var wazuhData types.WazuhMessage
|
|
|
|
func InitNotify() types.Params {
|
|
BaseFilePath, _ := os.Executable()
|
|
BaseDirPath := path.Dir(BaseFilePath)
|
|
|
|
log.OpenLogFile(BaseDirPath)
|
|
|
|
err := godotenv.Load(path.Join(BaseDirPath, "../../etc/.env"))
|
|
if err != nil {
|
|
log.Log("env failed to load")
|
|
godotenv.Load(path.Join(BaseDirPath, ".env"))
|
|
} else {
|
|
log.Log("env loaded")
|
|
}
|
|
|
|
yamlFile, err := os.ReadFile(path.Join(BaseDirPath, "../../etc/wazuh-notify-config.yaml"))
|
|
if err != nil {
|
|
log.Log("yaml failed to load")
|
|
yamlFile, err = os.ReadFile(path.Join(BaseDirPath, "wazuh-notify-config.yaml"))
|
|
}
|
|
err = yaml.Unmarshal(yamlFile, &configParams)
|
|
if err != nil {
|
|
print(err)
|
|
}
|
|
|
|
log.Log("yaml loaded")
|
|
configParamString, _ := json.Marshal(configParams)
|
|
log.Log(string(configParamString))
|
|
|
|
flag.StringVar(&inputParams.Url, "url", "", "is the webhook URL of the Discord server. It is stored in .env.")
|
|
flag.StringVar(&inputParams.Click, "click", configParams.Click, "is a link (URL) that can be followed by tapping/clicking inside the message. Default is https://google.com.")
|
|
flag.IntVar(&inputParams.Priority, "priority", 0, "is the priority of the message, ranging from 1 (highest), to 5 (lowest). Default is 5.")
|
|
flag.StringVar(&inputParams.Sender, "sender", configParams.Sender, "is the sender of the message, either an app name or a person. The default is \"Security message\".")
|
|
flag.StringVar(&inputParams.Tags, "tags", "", "is an arbitrary strings of tags (keywords), seperated by a \",\" (comma). Default is \"informational,testing,hard-coded\".")
|
|
flag.StringVar(&inputParams.Targets, "targets", "", "is a list of targets to send notifications to. Default is \"discord\".")
|
|
|
|
flag.Parse()
|
|
|
|
log.Log("params loaded")
|
|
inputParamString, _ := json.Marshal(inputParams)
|
|
log.Log(string(inputParamString))
|
|
|
|
inputParams.Targets = configParams.Targets
|
|
inputParams.FullMessage = configParams.FullMessage
|
|
inputParams.ExcludedAgents = configParams.ExcludedAgents
|
|
inputParams.ExcludedRules = configParams.ExcludedRules
|
|
inputParams.PriorityMaps = configParams.PriorityMaps
|
|
|
|
wazuhInput()
|
|
|
|
return inputParams
|
|
}
|
|
|
|
func wazuhInput() {
|
|
reader := bufio.NewReader(os.Stdin)
|
|
|
|
json.NewDecoder(reader).Decode(&wazuhData)
|
|
|
|
inputParams.Tags += strings.Join(wazuhData.Parameters.Alert.Rule.Groups, ",")
|
|
|
|
inputParams.WazuhMessage = wazuhData
|
|
|
|
for i, _ := range configParams.PriorityMaps {
|
|
if slices.Contains(configParams.PriorityMaps[i].ThreatMap, wazuhData.Parameters.Alert.Rule.Level) {
|
|
inputParams.Color = inputParams.PriorityMaps[i].Color
|
|
if inputParams.WazuhMessage.Parameters.Alert.Rule.Firedtimes >= inputParams.PriorityMaps[i].MentionThreshold {
|
|
inputParams.Mention = "@here"
|
|
}
|
|
inputParams.Priority = 5 - i
|
|
}
|
|
}
|
|
|
|
Filter()
|
|
|
|
log.Log("Wazuh data loaded")
|
|
inputParamString, _ := json.Marshal(inputParams)
|
|
log.Log(string(inputParamString))
|
|
}
|