wazuh-notify/wazuh-notify-go/services/wazuhData.go

package services

import (
	"bufio"
	"encoding/json"
	"os"
	"slices"
	"strings"
	"wazuh-notify/services/log"
	"wazuh-notify/types"
)

func ParseWazuhInput(params types.Params) types.Params {

	var wazuhData types.WazuhMessage
	//Read stdin
	reader := bufio.NewReader(os.Stdin)
	//Decode stdin to wazuhData
	json.NewDecoder(reader).Decode(&wazuhData)
	//Parse tags
	params.Tags += strings.Join(wazuhData.Parameters.Alert.Rule.Groups, ",")

	params.WazuhMessage = wazuhData
	//Map priority and color based on config
	for i := range params.PriorityMap {
		if slices.Contains(params.PriorityMap[i].ThreatMap, wazuhData.Parameters.Alert.Rule.Level) {
			//Check notify threshold
			if params.WazuhMessage.Parameters.Alert.Rule.Firedtimes%params.PriorityMap[i].NotifyThreshold != 0 {
				log.Log("threshold not met")
				log.CloseLogFile()
				os.Exit(0)
			}
			//Set color based on config map
			params.Color = params.PriorityMap[i].Color
			//Check mention threshold
			if params.WazuhMessage.Parameters.Alert.Rule.Firedtimes >= params.PriorityMap[i].MentionThreshold {
				params.Mention = "@here"
			}
			params.Priority = 5 - i
		}
	}

	log.Log("Wazuh data loaded")
	//Filter messages based on rules defined in config
	Filter(params)

	return params
}
refactor init 2024-05-27 15:10:26 +02:00			`package services`

			`import (`
			`"bufio"`
			`"encoding/json"`
			`"os"`
			`"slices"`
			`"strings"`
refactor folders 2024-05-27 15:13:11 +02:00			`"wazuh-notify/services/log"`
refactor init 2024-05-27 15:10:26 +02:00			`"wazuh-notify/types"`
			`)`

			`func ParseWazuhInput(params types.Params) types.Params {`

			`var wazuhData types.WazuhMessage`
comments added 2024-05-27 15:49:04 +02:00			`//Read stdin`
refactor init 2024-05-27 15:10:26 +02:00			`reader := bufio.NewReader(os.Stdin)`
comments added 2024-05-27 15:49:04 +02:00			`//Decode stdin to wazuhData`
refactor init 2024-05-27 15:10:26 +02:00			`json.NewDecoder(reader).Decode(&wazuhData)`
comments added 2024-05-27 15:49:04 +02:00			`//Parse tags`
refactor init 2024-05-27 15:10:26 +02:00			`params.Tags += strings.Join(wazuhData.Parameters.Alert.Rule.Groups, ",")`

			`params.WazuhMessage = wazuhData`
comments added 2024-05-27 15:49:04 +02:00			`//Map priority and color based on config`
refactor init 2024-05-27 15:10:26 +02:00			`for i := range params.PriorityMap {`
			`if slices.Contains(params.PriorityMap[i].ThreatMap, wazuhData.Parameters.Alert.Rule.Level) {`
comments added 2024-05-27 15:49:04 +02:00			`//Check notify threshold`
refactor init 2024-05-27 15:10:26 +02:00			`if params.WazuhMessage.Parameters.Alert.Rule.Firedtimes%params.PriorityMap[i].NotifyThreshold != 0 {`
			`log.Log("threshold not met")`
			`log.CloseLogFile()`
			`os.Exit(0)`
			`}`
comments added 2024-05-27 15:49:04 +02:00			`//Set color based on config map`
refactor init 2024-05-27 15:10:26 +02:00			`params.Color = params.PriorityMap[i].Color`
comments added 2024-05-27 15:49:04 +02:00			`//Check mention threshold`
refactor init 2024-05-27 15:10:26 +02:00			`if params.WazuhMessage.Parameters.Alert.Rule.Firedtimes >= params.PriorityMap[i].MentionThreshold {`
			`params.Mention = "@here"`
			`}`
			`params.Priority = 5 - i`
			`}`
			`}`

			`log.Log("Wazuh data loaded")`
comments added 2024-05-27 15:49:04 +02:00			`//Filter messages based on rules defined in config`
refactor init 2024-05-27 15:10:26 +02:00			`Filter(params)`

			`return params`
			`}`