2024-05-08 01:56:48 +02:00
|
|
|
---
|
|
|
|
|
#start of yaml
|
|
|
|
|
|
|
|
|
|
# This is the yaml config file for both the wazuh-ntfy-notifier.py and wazuh-discord-notifier.py.
|
|
|
|
|
# The yaml needs to be in the same folder as the wazuh-ntfy-notifier.py and wazuh-discord-notifier.py
|
|
|
|
|
|
|
|
|
|
targets: "discord,ntfy"
|
2024-05-13 14:44:32 +02:00
|
|
|
full_message: "ntfy"
|
2024-05-08 01:56:48 +02:00
|
|
|
|
|
|
|
|
# Exclude rules that are listed in the ossec.conf active response definition.
|
|
|
|
|
|
2024-05-10 14:23:54 +02:00
|
|
|
excluded_rules: "5401,5403"
|
2024-05-08 01:56:48 +02:00
|
|
|
excluded_agents: "999"
|
|
|
|
|
|
|
|
|
|
# Priority mapping from 1-12 (Wazuh events) to 1-5 (Discord and ntfy notification)
|
2024-05-13 14:44:32 +02:00
|
|
|
# Discord mention after x amount of event fired times
|
|
|
|
|
|
|
|
|
|
priority_map:
|
|
|
|
|
-
|
|
|
|
|
threat_map: [15,14,13,12]
|
|
|
|
|
mention_threshold: 1
|
2024-05-13 14:52:42 +02:00
|
|
|
color: 0xcc3300
|
2024-05-13 14:44:32 +02:00
|
|
|
-
|
|
|
|
|
threat_map: [11,10,9]
|
|
|
|
|
mention_threshold: 1
|
2024-05-13 14:52:42 +02:00
|
|
|
color: 0xff9966
|
2024-05-13 14:44:32 +02:00
|
|
|
-
|
|
|
|
|
threat_map: [8,7,6]
|
|
|
|
|
mention_threshold: 5
|
2024-05-13 14:52:42 +02:00
|
|
|
color: 0xffcc00
|
2024-05-13 14:44:32 +02:00
|
|
|
-
|
|
|
|
|
threat_map: [5,4]
|
|
|
|
|
mention_threshold: 5
|
2024-05-13 14:52:42 +02:00
|
|
|
color: 0x99cc33
|
2024-05-13 14:44:32 +02:00
|
|
|
-
|
|
|
|
|
threat_map: [3,2,1,0]
|
|
|
|
|
mention_threshold: 5
|
2024-05-13 14:52:42 +02:00
|
|
|
color: 0x339900
|
2024-05-08 01:56:48 +02:00
|
|
|
|
|
|
|
|
|
2024-05-08 15:09:35 +02:00
|
|
|
sender: "Wazuh (IDS)"
|
|
|
|
|
click: "https://google.com"
|
2024-05-08 01:56:48 +02:00
|
|
|
|
|
|
|
|
|
|
|
|
|
#end of yaml
|
2024-05-24 17:07:46 +02:00
|
|
|
...
|
