wazuh-notify/wazuh_notifier_lib.py

import os
import time

import yaml


# Set structured timestamp for logging and discord/ntfy message.


def set_time():
    now_message = time.strftime('%a, %d %b %Y %H:%M:%S')
    now_logging = time.strftime('%Y/%m/%d %H:%M:%S')
    return now_message, now_logging


# Define paths: wazuh_path = wazuh root directory
#               ar_path = active-responses.log path,
#               config_path = wazuh-notifier-config.yaml

def set_env():

    wazuh_path = os.path.abspath(os.path.join(__file__, "../../.."))
    ar_path = '{0}/logs/active-responses.log'.format(wazuh_path)
    config_path = '{0}/etc/wazuh-notifier-config.yaml'.format(wazuh_path)

    return wazuh_path, ar_path, config_path


# Import configuration settings from wazuh-notifier-config.yaml


def import_config(key):
    try:
        _, _, config_path = set_env()

        with open(config_path, 'r') as ntfier_config:
            config: dict = yaml.safe_load(ntfier_config)
            value: str = config.get(key)
            return value
    except (FileNotFoundError, PermissionError, OSError):
        return None


# Show configuration settings from wazuh-notifier-config.yaml


def view_config():

    _, _, config_path = set_env()

    try:
        with open(config_path, 'r') as ntfier_config:
            print(ntfier_config.read())
    except (FileNotFoundError, PermissionError, OSError):
        print(config_path + " does not exist or is not accessible")
        return


# Logging the Wazuh active Response request


def ar_log():
    now = set_time()
    _, ar_path, _ = set_env()
    msg = '{0} {1} {2}'.format(now, os.path.realpath(__file__), 'Post JSON Alert')
    f = open(ar_path, 'a')
    f.write(msg + '\n')
    f.close()
first commit 2024-04-28 20:27:23 +02:00			`import os`
			`import time`
test 2024-04-29 19:35:12 +02:00
first commit 2024-04-28 20:27:23 +02:00			`import yaml`


expanded fields 2024-04-30 21:50:03 +02:00			`# Set structured timestamp for logging and discord/ntfy message.`
first commit 2024-04-28 20:27:23 +02:00

			`def set_time():`
			`now_message = time.strftime('%a, %d %b %Y %H:%M:%S')`
			`now_logging = time.strftime('%Y/%m/%d %H:%M:%S')`
			`return now_message, now_logging`


expanded fields 2024-04-30 21:50:03 +02:00			`# Define paths: wazuh_path = wazuh root directory`
			`# ar_path = active-responses.log path,`
			`# config_path = wazuh-notifier-config.yaml`
first commit 2024-04-28 20:27:23 +02:00
			`def set_env():`

			`wazuh_path = os.path.abspath(os.path.join(__file__, "../../.."))`
			`ar_path = '{0}/logs/active-responses.log'.format(wazuh_path)`
after fix 2024-04-29 19:28:48 +02:00			`config_path = '{0}/etc/wazuh-notifier-config.yaml'.format(wazuh_path)`
first commit 2024-04-28 20:27:23 +02:00
			`return wazuh_path, ar_path, config_path`


expanded fields 2024-04-30 21:50:03 +02:00			`# Import configuration settings from wazuh-notifier-config.yaml`


first commit 2024-04-28 20:27:23 +02:00			`def import_config(key):`
			`try:`
			`_, _, config_path = set_env()`

			`with open(config_path, 'r') as ntfier_config:`
			`config: dict = yaml.safe_load(ntfier_config)`
			`value: str = config.get(key)`
			`return value`
			`except (FileNotFoundError, PermissionError, OSError):`
			`return None`


expanded fields 2024-04-30 21:50:03 +02:00			`# Show configuration settings from wazuh-notifier-config.yaml`

first commit 2024-04-28 20:27:23 +02:00
			`def view_config():`

			`_, _, config_path = set_env()`

			`try:`
			`with open(config_path, 'r') as ntfier_config:`
			`print(ntfier_config.read())`
			`except (FileNotFoundError, PermissionError, OSError):`
			`print(config_path + " does not exist or is not accessible")`
			`return`


			`# Logging the Wazuh active Response request`


			`def ar_log():`
			`now = set_time()`
			`_, ar_path, _ = set_env()`
			`msg = '{0} {1} {2}'.format(now, os.path.realpath(__file__), 'Post JSON Alert')`
			`f = open(ar_path, 'a')`
			`f.write(msg + '\n')`
			`f.close()`