wazuh-notify/wazuh-notify-go-v2/example.json

{
  "version":1,
  "origin":{
    "name":"worker01",
    "module":"wazuh-execd"
  },
  "command":"add",
  "parameters":{
    "extra_args":[],
    "alert":{
      "timestamp":"2021-02-01T20:58:44.830+0000",
      "rule":{
        "level":15,
        "description":"Shellshock attack detected",
        "id":"31168",
        "mitre":{
          "id":["T1068","T1190"],
          "tactic":["Privilege Escalation","Initial Access"],
          "technique":["Exploitation for Privilege Escalation","Exploit Public-Facing Application"]
        },
        "info":"CVE-2014-6271https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6271",
        "firedtimes":2,
        "mail":true,
        "groups":["web","accesslog","attack"],
        "pci_dss":["11.4"],
        "gdpr":["IV_35.7.d"],
        "nist_800_53":["SI.4"],
        "tsc":["CC6.1","CC6.8","CC7.2","CC7.3"]
      },
      "agent":{
        "id":"000",
        "name":"wazuh-server"
      },
      "manager":{
        "name":"wazuh-server"
      },
      "id":"1612213124.6448363",
      "full_log":"192.168.0.223 - - [01/Feb/2021:20:58:43 +0000] \"GET / HTTP/1.1\" 200 612 \"-\" \"() { :; }; /bin/cat /etc/passwd\"",
      "decoder":{
        "name":"web-accesslog"
      },
      "data":{
        "protocol":"GET",
        "srcip":"192.168.0.223",
        "id":"200",
        "url":"/"
      },
      "location":"/var/log/nginx/access.log"
    },
    "program":"/var/ossec/active-response/bin/firewall-drop"
  }
}
Added wazuh-notifier-v2 2025-11-15 23:00:03 +01:00			`{`
			`"version":1,`
			`"origin":{`
			`"name":"worker01",`
			`"module":"wazuh-execd"`
			`},`
			`"command":"add",`
			`"parameters":{`
			`"extra_args":[],`
			`"alert":{`
			`"timestamp":"2021-02-01T20:58:44.830+0000",`
			`"rule":{`
			`"level":15,`
			`"description":"Shellshock attack detected",`
			`"id":"31168",`
			`"mitre":{`
			`"id":["T1068","T1190"],`
			`"tactic":["Privilege Escalation","Initial Access"],`
			`"technique":["Exploitation for Privilege Escalation","Exploit Public-Facing Application"]`
			`},`
			`"info":"CVE-2014-6271https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6271",`
			`"firedtimes":2,`
			`"mail":true,`
			`"groups":["web","accesslog","attack"],`
			`"pci_dss":["11.4"],`
			`"gdpr":["IV_35.7.d"],`
			`"nist_800_53":["SI.4"],`
			`"tsc":["CC6.1","CC6.8","CC7.2","CC7.3"]`
			`},`
			`"agent":{`
			`"id":"000",`
			`"name":"wazuh-server"`
			`},`
			`"manager":{`
			`"name":"wazuh-server"`
			`},`
			`"id":"1612213124.6448363",`
			`"full_log":"192.168.0.223 - - [01/Feb/2021:20:58:43 +0000] \"GET / HTTP/1.1\" 200 612 \"-\" \"() { :; }; /bin/cat /etc/passwd\"",`
			`"decoder":{`
			`"name":"web-accesslog"`
			`},`
			`"data":{`
			`"protocol":"GET",`
			`"srcip":"192.168.0.223",`
			`"id":"200",`
			`"url":"/"`
			`},`
			`"location":"/var/log/nginx/access.log"`
			`},`
			`"program":"/var/ossec/active-response/bin/firewall-drop"`
			`}`
			`}`