From 1544ac351ebf5078806f6baee88f7a45124cdd5a Mon Sep 17 00:00:00 2001 From: Darius Date: Mon, 27 May 2024 11:36:33 +0200 Subject: [PATCH] notification update --- wazuh-notify-go/notification/discord.go | 2 ++ wazuh-notify-go/notification/ntfy.go | 30 ++++++++++++++++++++----- wazuh-notify-go/notification/slack.go | 1 + 3 files changed, 27 insertions(+), 6 deletions(-) create mode 100644 wazuh-notify-go/notification/slack.go diff --git a/wazuh-notify-go/notification/discord.go b/wazuh-notify-go/notification/discord.go index 43160fa..4241b36 100644 --- a/wazuh-notify-go/notification/discord.go +++ b/wazuh-notify-go/notification/discord.go @@ -9,6 +9,7 @@ import ( "slices" "strconv" "strings" + "time" "wazuh-notify/types" ) @@ -33,6 +34,7 @@ func SendDiscord(params types.Params) { params.Click } else { embedDescription = "\n\n" + + "**Timestamp: **" + time.Now().Format(time.DateTime) + "\n" + "**Agent:** " + params.WazuhMessage.Parameters.Alert.Agent.Name + "\n" + "**Event id:** " + params.WazuhMessage.Parameters.Alert.Rule.ID + "\n" + "**Rule:** " + params.WazuhMessage.Parameters.Alert.Rule.Description + "\n" + diff --git a/wazuh-notify-go/notification/ntfy.go b/wazuh-notify-go/notification/ntfy.go index 995a102..c408d95 100644 --- a/wazuh-notify-go/notification/ntfy.go +++ b/wazuh-notify-go/notification/ntfy.go @@ -1,8 +1,10 @@ package notification import ( + "encoding/json" "net/http" "os" + "slices" "strconv" "strings" "time" @@ -11,12 +13,28 @@ import ( func SendNtfy(params types.Params) { - payload := time.Now().Format(time.RFC3339) + "\n\n" + - "Agent: " + params.WazuhMessage.Parameters.Alert.Agent.Name + "\n" + - "Event id: " + params.WazuhMessage.Parameters.Alert.Rule.ID + "\n" + - "Description: " + params.WazuhMessage.Parameters.Alert.Rule.Description + "\n" + - "Threat level: " + strconv.Itoa(params.WazuhMessage.Parameters.Alert.Rule.Level) + "\n" + - "Times fired: " + strconv.Itoa(params.WazuhMessage.Parameters.Alert.Rule.Firedtimes) + "\n" + var payload string + + if slices.Contains(strings.Split(params.FullAlert, ","), "discord") { + fullAlert, _ := json.MarshalIndent(params.WazuhMessage, "", " ") + fullAlertString := strings.ReplaceAll(string(fullAlert), `"`, "") + fullAlertString = strings.ReplaceAll(fullAlertString, "{", "") + fullAlertString = strings.ReplaceAll(fullAlertString, "}", "") + fullAlertString = strings.ReplaceAll(fullAlertString, "[", "") + fullAlertString = strings.ReplaceAll(fullAlertString, "]", "") + fullAlertString = strings.ReplaceAll(fullAlertString, " ,", "") + + payload = "\n\n ```" + + fullAlertString + + "```" + } else { + payload = time.Now().Format(time.RFC3339) + "\n\n" + + "Agent: " + params.WazuhMessage.Parameters.Alert.Agent.Name + "\n" + + "Event id: " + params.WazuhMessage.Parameters.Alert.Rule.ID + "\n" + + "Description: " + params.WazuhMessage.Parameters.Alert.Rule.Description + "\n" + + "Threat level: " + strconv.Itoa(params.WazuhMessage.Parameters.Alert.Rule.Level) + "\n" + + "Times fired: " + strconv.Itoa(params.WazuhMessage.Parameters.Alert.Rule.Firedtimes) + "\n" + } req, _ := http.NewRequest("POST", os.Getenv("NTFY_URL"), strings.NewReader(payload)) req.Header.Set("Content-Type", "text/plain") diff --git a/wazuh-notify-go/notification/slack.go b/wazuh-notify-go/notification/slack.go new file mode 100644 index 0000000..4306c87 --- /dev/null +++ b/wazuh-notify-go/notification/slack.go @@ -0,0 +1 @@ +package notification