From 09eb6b13bd99962b956034f33759b213a640c38c Mon Sep 17 00:00:00 2001
From: Rudi Klein <rudi.klein@rudiklein.nl>
Date: Thu, 23 May 2024 17:32:58 +0200
Subject: [PATCH 1/4] improved installation doc

---
 Writerside/topics/Tutorial.md       |  49 -----
 Writerside/topics/Wazuh-notifier.md | 300 ++++++++++++++++++----------
 2 files changed, 196 insertions(+), 153 deletions(-)
 delete mode 100644 Writerside/topics/Tutorial.md

diff --git a/Writerside/topics/Tutorial.md b/Writerside/topics/Tutorial.md
deleted file mode 100644
index 1ced58f..0000000
--- a/Writerside/topics/Tutorial.md
+++ /dev/null
@@ -1,49 +0,0 @@
-# Tutorial
-
-Tutorials are learning-oriented articles that help users to go through a process and achieve a deliverable.
-Start with an introduction: for whom is this tutorial and what the reader will achieve by reading it.
-Answer the question: "Why should I follow this?"
-
-Provide a short outline for the tutorial.
-In this tutorial, you will learn how to:
-* Do this
-* Deal with that
-
-## Before you start
-
-List the prerequisites that are required or recommended.
-
-Make sure that:
-- First prerequisite
-- Second prerequisite
-
-## Part 1
-
-Describe what the user will learn and accomplish in the first part,
-then write a step-by-step procedure but on a real-world example.
-
-1. Execute the following command in the terminal:
-
-   ```bash
-    run this --that
-   ```
-
-2. Step with a [link](https://www.jetbrains.com)
-
-3. Final step in part 1.
-
-## Part 2
-
-This is the second part of the tutorial:
-
-1. Step 1
-2. Step 2
-3. Step n
-
-## What you've learned {id="what-learned"}
-
-Summarize what the reader achieved by completing this tutorial.
-
-<seealso>
-<!--Give some related links to how-to articles-->
-</seealso>
diff --git a/Writerside/topics/Wazuh-notifier.md b/Writerside/topics/Wazuh-notifier.md
index 77af421..22996e6 100644
--- a/Writerside/topics/Wazuh-notifier.md
+++ b/Writerside/topics/Wazuh-notifier.md
@@ -1,178 +1,264 @@
 # Wazuh notify
 
-Wazuh notifier enables the Wazuh manager to be notified when selected events occur, using 3 messaging platforms: ntfy.sh, Discord and Slack.
+## Table of Contents
 
-## Contents
+- [Introduction](#introduction)
+- [Installation](#installation)
+- [Configuration](#configuration)
+- [The YAML configuration](#the-yaml-configuration)
 
-There are 2 implementations of Wazuh notify. One written in Golang and the other in Python. Both implementations have similar functionality, but the Python version is slightly more configurable.
 
-Wazuh notify is a stateless implementation and only notifies, triggered by selected rules.
+## Introduction
+
+Wazuh notifier enables the Wazuh manager to be notified when selected events occur, using 3 messaging platforms:
+ntfy.sh, Discord and Slack.  
+
+There are 2 implementations of Wazuh notify. One written in Golang and the other in Python. Both implementations have
+similar functionality, but the Python version is slightly more configurable.
+
+Wazuh notify is a stateless implementation and only notifies, triggered by selected rules, agents, or threat levels.
 
 Wazuh notify is triggered by configuring the **ossec.conf** and adding an **active response configuration.**
 
-## Installation ##
+## Installation
 
-### Step 1 ###
+### Step 1: download
 
 Download the files from https://github.com/kleinprojects/wazuh-notify to your server.
 
-### Step 2 ###
+### Step 2: copy files
+
+#### _Python_ {id="python_1"}
+
+##### Copy the 2 Python scripts to the /var/ossec/active-response/bin/ folder
 
-#### Python ####
-Copy the 2 Python scripts to the /var/ossec/active-response/bin/ folder
 ``` 
-$ cp <download folder>/wazuh-*.py /var/ossec/active-response/bin/
+$ sudo cp <download folder>/wazuh-*.py /var/ossec/active-response/bin/
 ```
-Set the correct ownership
-```
-$ chown root:wazuh /var/ossec/active-response/bin/wazuh-notify.py
-$ chown root:wazuh /var/ossec/active-response/bin/wazuh_notify_module.py
-```
-Set the correct permissions
-```
-$ chmod uog+rx /var/ossec/active-response/bin/wazuh-notify.py
-$ chmod uog+rx /var/ossec/active-response/bin/wazuh_notify_module.py
-```
-#### Golang ####
 
-Copy the Go executable to the /var/ossec/active-response/bin/ folder
+##### Set the correct ownership {id="set-the-correct-ownership_1"}
+
+```
+$ sudo chown root:wazuh /var/ossec/active-response/bin/wazuh-notify.py
+$ sudo chown root:wazuh /var/ossec/active-response/bin/wazuh_notify_module.py
+```
+
+##### Set the correct permissions {id="set-the-correct-permissions_1"}
+
+```
+$ sudo chmod uog+rx /var/ossec/active-response/bin/wazuh-notify.py
+$ sudo chmod uog+rx /var/ossec/active-response/bin/wazuh_notify_module.py
+```
+
+#### _Golang_ {id="golang_1"}
+
+##### Copy the Go executable to the /var/ossec/active-response/bin/ folder
+
 ``` 
-$ cp <download folder>/wazuh-notify /var/ossec/active-response/bin/
-```
-Set the correct ownership
-```
-$ chown root:wazuh /var/ossec/active-response/bin/wazuh-notify
-```
-Set the correct permissions
-```
-$ chmod uog+rx /var/ossec/active-response/bin/wazuh-notify
+$ sudo cp <download folder>/wazuh-notify /var/ossec/active-response/bin/
 ```
 
-### Step 3 ###
-Copy the YAML file to /var/ossec/etc/
+##### the correct ownership {id="set-the-correct-ownership_2"}
+
 ```
-$ cp <download folder>/wazuh-notify-config.yaml /var/ossec/etc/
+$ sudo chown root:wazuh /var/ossec/active-response/bin/wazuh-notify
 ```
 
-Set the correct ownership
+##### Set the correct permissions {id="set-the-correct-permissions_2"}
+
 ```
-$ chown root:wazuh /var/ossec/etc/wazuh-notify-config.yaml
+$ sudo chmod uog+rx /var/ossec/active-response/bin/wazuh-notify
 ```
 
-Set the correct permissions
+### Step 3
+
+##### Copy the YAML file to /var/ossec/etc/
+
 ```
-$ chmod uog+r /var/ossec/etc/wazuh-notify-config.yaml
+$ sudo cp <download folder>/wazuh-notify-config.yaml /var/ossec/etc/
 ```
 
-### Step 4 ###
+##### Set the correct ownership {id="set-the-correct-ownership_3"}
 
-#### for Golang ####
+```
+$ sudo chown root:wazuh /var/ossec/etc/wazuh-notify-config.yaml
+```
+
+##### Set the correct permissions {id="set-the-correct-permissions_3"}
+
+```
+$ sudo chmod uog+r /var/ossec/etc/wazuh-notify-config.yaml
+```
+
+### Step 4
+
+##### Create an .env file in /var/ossec/etc/
+
+```
+$ sudo touch /var/ossec/etc/.env
+```
+
+#### Set the correct ownership {id="set-the-correct-ownership_4"}
+
+```
+$ sudo chown root:wazuh /var/ossec/etc/wazuh-notify-config.yaml
+```
+
+#### Set the correct permissions {id="set-the-correct-permissions_4"}
+
+```
+$ sudo chmod uog+r /var/ossec/etc/wazuh-notify-config.yaml
+```
+
+## Configuration
+
+#### Golang {id="golang_2"}
 
 Modify the /var/ossec/etc/ossec.conf configuration file and add the following<br/>
-```
-  <command>
-    <name>wazuh-notify-go</name>
-    <executable>wazuh-notify</executable>
-    <timeout_allowed>yes</timeout_allowed>
-  </command>
-```
+
+Command section
 
 ```
-  <active-response>
-    <command>wazuh-notify-go</command>
-    <location>server</location>
-    <level></level>
-    <rules_id></rules_id>
-  </active-response>
-```
-#### for Python ####
-```
-  <command>
-    <name>wazuh-notify-py</name>
-    <executable>wazuh-notify.py</executable>
-    <timeout_allowed>yes</timeout_allowed>
-  </command>
+<command>
+<name>wazuh-notify-go</name>
+<executable>wazuh-notify</executable>
+<timeout_allowed>yes</timeout_allowed>
+</command>
 ```
 
-```
-  <active-response>
-    <command>wazuh-notify-py</command>
-    <location>server</location>
-    <level></level>
-    <rules_id></rules_id>
-  </active-response>
-```
-NOTE: The ```<name>``` in the ```<command>``` section needs to be the same as the ```<command>``` in the ```<active-response>``` section.
-The ```<command>``` section describes the program that is executed. The ```<active-response>``` section describes the trigger that runs the ```<command>```.
+Active response section
 
-Add the rules you want to be informed about between the ```<rules_id></rules_id>```, with the rules id's separated by comma's.
+```
+<active-response>
+<command>wazuh-notify-go</command>
+<location>server</location>
+<level></level>
+<rules_id></rules_id>
+</active-response>
+```
+
+#### Python {id="python_2"}
+
+Command section
+
+```
+<command>
+<name>wazuh-notify-py</name>
+<executable>wazuh-notify.py</executable>
+<timeout_allowed>yes</timeout_allowed>
+</command>
+```
+
+Active response section
+
+```
+<active-response>
+<command>wazuh-notify-py</command>
+<location>server</location>
+<level></level>
+<rules_id></rules_id>
+</active-response>
+```
+
+### NOTE: 
+
+The ```<name>``` in the ```<command>``` section needs to be the same as the ```<command>``` in
+the ```<active-response>``` section.
+The ```<command>``` section describes the program that is executed. The ```<active-response>``` section describes the
+trigger that runs the ```<command>```.
+
+Add the rules you want to be informed about between the ```<rules_id></rules_id>```, with the rules id's separated by
+comma's.
 Example: ```<rules_id>5402, 3461, 8777</rules_id><br/>```
 (Please refer to the Wazuh online documentation for more information [^Wazuh docs])
 
 [^Wazuh docs]: https://documentation.wazuh.com/current/user-manual/capabilities/active-response/index.html
 
-
-## The YAML configuration ##
+## The YAML configuration
 
 This is the yaml config file for wazuh-active-response (for both the Python and Go version)
 
-Platforms in this string with comma separated values are triggered.
+The targets setting defines the platforms where notifications will be sent to.
+Platforms in this comma-separated string will receive notifications.
+
 ```
-targets: "slack, ntfy, discord"  
+targets: "slack, ntfy, discord"
 ```
-Platforms in this string will enable the sending of the full event information. 
+
+Platforms in this comma-separated string will receive the full event information.
+
 ```
-full_message: ""                 
+full_message: "" 
 ```
-Exclude rule events that are enabled in the ossec.conf active response definition.
+
+Exclude_rules and excluded_agents will disable notification for these particular events or agents that are enabled in
+the ossec.conf active response definition.
 These settings provide an easier way to disable events from firing. No need to restart Wazuh-manager.
+
+Enter rule numbers as a string with comma-separated values.
+Enter numeric agent id's as a string with comma-separated values.
+
 ```
-excluded_rules: "99999, 00000"        # Rule numbers. Enter as a string with comma separated values
-excluded_agents: "99999"              # Numeric agent id. Enter as a string with comma separated values
+excluded_rules: "99999, 00000"
+excluded_agents: "99999"
 ```
-Priority mapping from 0-15 (Wazuh threat levels) to 1-5 (in notifications).  
-https://documentation.wazuh.com/current/user-manual/ruleset/rules-classification.html 
-Enter the values for the threat_map as lists of integers, mention_thresholds as integers and colors as Hex integers
-The mention_threshold, combined with the number of times a rule is fired, will force a mention to the recipient.
+
+There is a mapping from Wazuh threat levels (0-15) to priorities (1-5) in notifications.
+https://documentation.wazuh.com/current/user-manual/ruleset/rules-classification.html
+Enter the values for the threat_map as lists of integers, mention_thresholds as integers and colors as Hex integers.
+The mention_threshold, relates to the number of times a rule has been fired. When the times fired is equal to or greater
+than the mention_threshold, the recipient will receive a Discord mention in addition to the normal message.
 This is a list notation.
+
 ```
 priority_map:
 - threat_map: [ 15,14,13,12 ]
-  mention_threshold: 1
-  color: 0xcc3300
+mention_threshold: 1
+color: 0xcc3300
 - threat_map: [ 11,10,9 ]
-  mention_threshold: 1
-  color: 0xff9966
+mention_threshold: 1
+color: 0xff9966
 - threat_map: [ 8,7,6 ]
-  mention_threshold: 5
-  color: 0xffcc00
+mention_threshold: 5
+color: 0xffcc00
 - threat_map: [ 5,4 ]
-  mention_threshold: 20
-  color: 0x99cc33
+mention_threshold: 20
+color: 0x99cc33
 - threat_map: [ 3,2,1,0 ]
-  mention_threshold: 20
-  color: 0x339900
+mention_threshold: 20
+color: 0x339900
 ```
+
 The next 2 settings are used to add information to the messages.
+Sender translate to the ``` username ``` field in Discord and to the ```title``` field in ntfy.sh. It is not used for
+Slack. 
+Click adds an arbitrary URL to the message.
+
 ```
 sender: "Wazuh (IDS)"
 click: "https://documentation.wazuh.com/"
 ```
-### From here on the settings are ONLY used by the Python version of wazuh-notify. ###
+
+### From here on the settings are ONLY used by the Python version of wazuh-notify.
 
 Below settings provide for a window that enable/disables events from firing the notifiers.
 
 Enter ```excluded_days``` as a string with comma separated values. Be aware of your regional settings.
+
 ```
 excluded_days: "" 
 ```
+
 Enter ```excluded_hours``` as a tuple of string values. Be aware of your regional settings.
+
 ```
-excluded_hours: [ "23:59", "00:00" ]  
+excluded_hours: [ "23:59", "00:00" ]
 ```
 
-The following parameters define the markdown characters used to emphasise the parameter names in the notification messages (Markdown style)
+The following parameters define the markdown characters used to emphasise the parameter names in the notification
+messages (Markdown style)
 This is a dictionary (object) notation.
+
 ```
 markdown_emphasis:
 slack: "*"
@@ -180,20 +266,26 @@ ntfy: "**"
 discord: "**"
 ```
 
-The next settings are used for testing. 
-Test mode will add an example event contained in wazuh-notify-test-event.json instead of the message received through Wazuh. 
-Changing this value to ```True``` enables testing for particular events when the test event is customized.
+The next settings are used for testing purposes.
+
+Test mode will add an example event (wazuh-notify-test-event.json) instead of the message received through Wazuh.
+This enables testing for particular events when the test event is customized.
+
 ```
 test_mode: False
 ```
-Setting this parameter provides more logging to the wazuh-notifier log. Possible values are 
-0 (almost no logging), 
-1 (basic logging) and 
+
+Setting this parameter provides more logging to the wazuh-notifier log. Possible values are
+0 (almost no logging),
+1 (basic logging) and
 2 (verbose logging)
+
 ```
 extended_logging: 2
 ```
+
 Enabling this parameter provides extended logging to the console (see extended logging).
+
 ```
 extended_print: 0
 ```

From da5658a99ada6eb773c06d39566b8dbcec6dcc42 Mon Sep 17 00:00:00 2001
From: Rudi Klein <rudi.klein@rudiklein.nl>
Date: Thu, 23 May 2024 18:51:30 +0200
Subject: [PATCH 2/4] build fix

---
 Writerside/notifier.tree            |  1 -
 Writerside/topics/Wazuh-notifier.md | 43 ++++++++++++++---------------
 2 files changed, 21 insertions(+), 23 deletions(-)

diff --git a/Writerside/notifier.tree b/Writerside/notifier.tree
index 3da815d..2482177 100644
--- a/Writerside/notifier.tree
+++ b/Writerside/notifier.tree
@@ -7,5 +7,4 @@
                  start-page="Wazuh-notifier.md">
 
     <toc-element topic="Wazuh-notifier.md"/>
-    <toc-element topic="Tutorial.md"/>
 </instance-profile>
\ No newline at end of file
diff --git a/Writerside/topics/Wazuh-notifier.md b/Writerside/topics/Wazuh-notifier.md
index 22996e6..600338a 100644
--- a/Writerside/topics/Wazuh-notifier.md
+++ b/Writerside/topics/Wazuh-notifier.md
@@ -7,7 +7,6 @@
 - [Configuration](#configuration)
 - [The YAML configuration](#the-yaml-configuration)
 
-
 ## Introduction
 
 Wazuh notifier enables the Wazuh manager to be notified when selected events occur, using 3 messaging platforms:
@@ -30,20 +29,20 @@ Download the files from https://github.com/kleinprojects/wazuh-notify to your se
 
 #### _Python_ {id="python_1"}
 
-##### Copy the 2 Python scripts to the /var/ossec/active-response/bin/ folder
+Copy the 2 Python scripts to the /var/ossec/active-response/bin/ folder
 
 ``` 
 $ sudo cp <download folder>/wazuh-*.py /var/ossec/active-response/bin/
 ```
 
-##### Set the correct ownership {id="set-the-correct-ownership_1"}
+Set the correct ownership {id="set-the-correct-ownership_1"}
 
 ```
 $ sudo chown root:wazuh /var/ossec/active-response/bin/wazuh-notify.py
 $ sudo chown root:wazuh /var/ossec/active-response/bin/wazuh_notify_module.py
 ```
 
-##### Set the correct permissions {id="set-the-correct-permissions_1"}
+Set the correct permissions {id="set-the-correct-permissions_1"}
 
 ```
 $ sudo chmod uog+rx /var/ossec/active-response/bin/wazuh-notify.py
@@ -52,19 +51,19 @@ $ sudo chmod uog+rx /var/ossec/active-response/bin/wazuh_notify_module.py
 
 #### _Golang_ {id="golang_1"}
 
-##### Copy the Go executable to the /var/ossec/active-response/bin/ folder
+Copy the Go executable to the /var/ossec/active-response/bin/ folder
 
 ``` 
 $ sudo cp <download folder>/wazuh-notify /var/ossec/active-response/bin/
 ```
 
-##### the correct ownership {id="set-the-correct-ownership_2"}
+Set the correct ownership {id="set-the-correct-ownership_2"}
 
 ```
 $ sudo chown root:wazuh /var/ossec/active-response/bin/wazuh-notify
 ```
 
-##### Set the correct permissions {id="set-the-correct-permissions_2"}
+Set the correct permissions {id="set-the-correct-permissions_2"}
 
 ```
 $ sudo chmod uog+rx /var/ossec/active-response/bin/wazuh-notify
@@ -72,19 +71,19 @@ $ sudo chmod uog+rx /var/ossec/active-response/bin/wazuh-notify
 
 ### Step 3
 
-##### Copy the YAML file to /var/ossec/etc/
+Copy the YAML file to /var/ossec/etc/
 
 ```
 $ sudo cp <download folder>/wazuh-notify-config.yaml /var/ossec/etc/
 ```
 
-##### Set the correct ownership {id="set-the-correct-ownership_3"}
+Set the correct ownership {id="set-the-correct-ownership_3"}
 
 ```
 $ sudo chown root:wazuh /var/ossec/etc/wazuh-notify-config.yaml
 ```
 
-##### Set the correct permissions {id="set-the-correct-permissions_3"}
+Set the correct permissions {id="set-the-correct-permissions_3"}
 
 ```
 $ sudo chmod uog+r /var/ossec/etc/wazuh-notify-config.yaml
@@ -92,19 +91,19 @@ $ sudo chmod uog+r /var/ossec/etc/wazuh-notify-config.yaml
 
 ### Step 4
 
-##### Create an .env file in /var/ossec/etc/
+Create an .env file in /var/ossec/etc/
 
 ```
 $ sudo touch /var/ossec/etc/.env
 ```
 
-#### Set the correct ownership {id="set-the-correct-ownership_4"}
+Set the correct ownership {id="set-the-correct-ownership_4"}
 
 ```
 $ sudo chown root:wazuh /var/ossec/etc/wazuh-notify-config.yaml
 ```
 
-#### Set the correct permissions {id="set-the-correct-permissions_4"}
+Set the correct permissions {id="set-the-correct-permissions_4"}
 
 ```
 $ sudo chmod uog+r /var/ossec/etc/wazuh-notify-config.yaml
@@ -112,11 +111,11 @@ $ sudo chmod uog+r /var/ossec/etc/wazuh-notify-config.yaml
 
 ## Configuration
 
-#### Golang {id="golang_2"}
+#### _Golang_ {id="golang_2"}
 
-Modify the /var/ossec/etc/ossec.conf configuration file and add the following<br/>
+Modify the /var/ossec/etc/ossec.conf configuration file and add the following:<br/>
 
-Command section
+*Command section*
 
 ```
 <command>
@@ -126,7 +125,7 @@ Command section
 </command>
 ```
 
-Active response section
+*Active response section*
 
 ```
 <active-response>
@@ -137,9 +136,9 @@ Active response section
 </active-response>
 ```
 
-#### Python {id="python_2"}
+#### _Python_ {id="python_2"}
 
-Command section
+*Command section*
 
 ```
 <command>
@@ -149,7 +148,7 @@ Command section
 </command>
 ```
 
-Active response section
+*Active response section*
 
 ```
 <active-response>
@@ -160,7 +159,7 @@ Active response section
 </active-response>
 ```
 
-### NOTE: 
+#### NOTE: 
 
 The ```<name>``` in the ```<command>``` section needs to be the same as the ```<command>``` in
 the ```<active-response>``` section.
@@ -170,7 +169,7 @@ trigger that runs the ```<command>```.
 Add the rules you want to be informed about between the ```<rules_id></rules_id>```, with the rules id's separated by
 comma's.
 Example: ```<rules_id>5402, 3461, 8777</rules_id><br/>```
-(Please refer to the Wazuh online documentation for more information [^Wazuh docs])
+(Please refer to the [Wazuh online documentation](https://documentation.wazuh.com/current/user-manual/capabilities/active-response/index.html) for more information [^Wazuh docs])
 
 [^Wazuh docs]: https://documentation.wazuh.com/current/user-manual/capabilities/active-response/index.html
 

From 1a2530b62734f4a9d886e10ee91cdba0b5361d3f Mon Sep 17 00:00:00 2001
From: Rudi Klein <rudi.klein@rudiklein.nl>
Date: Thu, 23 May 2024 19:43:33 +0200
Subject: [PATCH 3/4] additional doc improvement

---
 Writerside/topics/Wazuh-notifier.md | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/Writerside/topics/Wazuh-notifier.md b/Writerside/topics/Wazuh-notifier.md
index 600338a..e8f6ec9 100644
--- a/Writerside/topics/Wazuh-notifier.md
+++ b/Writerside/topics/Wazuh-notifier.md
@@ -192,7 +192,7 @@ full_message: ""
 
 Exclude_rules and excluded_agents will disable notification for these particular events or agents that are enabled in
 the ossec.conf active response definition.
-These settings provide an easier way to disable events from firing. No need to restart Wazuh-manager.
+These settings provide an easier way to disable event notifications from firing. No need to restart Wazuh-manager.
 
 Enter rule numbers as a string with comma-separated values.
 Enter numeric agent id's as a string with comma-separated values.
@@ -202,12 +202,14 @@ excluded_rules: "99999, 00000"
 excluded_agents: "99999"
 ```
 
-There is a mapping from Wazuh threat levels (0-15) to priorities (1-5) in notifications.
-https://documentation.wazuh.com/current/user-manual/ruleset/rules-classification.html
+There is a mapping from [Wazuh threat levels](https://documentation.wazuh.com/current/user-manual/ruleset/rules-classification.html) (0-15) to priorities (1-5) in notifications.
+
 Enter the values for the threat_map as lists of integers, mention_thresholds as integers and colors as Hex integers.
+
 The mention_threshold, relates to the number of times a rule has been fired. When the times fired is equal to or greater
 than the mention_threshold, the recipient will receive a Discord mention in addition to the normal message.
-This is a list notation.
+
+This setting is a list notation.
 
 ```
 priority_map:

From a694a37443b4f2d261645b52d39c3dc4add1db74 Mon Sep 17 00:00:00 2001
From: Rudi Klein <rudi.klein@rudiklein.nl>
Date: Thu, 23 May 2024 20:56:21 +0200
Subject: [PATCH 4/4] additional doc improvement

---
 Writerside/topics/Wazuh-notifier.md | 71 ++++++++++++++++++++---------
 1 file changed, 49 insertions(+), 22 deletions(-)

diff --git a/Writerside/topics/Wazuh-notifier.md b/Writerside/topics/Wazuh-notifier.md
index e8f6ec9..c171721 100644
--- a/Writerside/topics/Wazuh-notifier.md
+++ b/Writerside/topics/Wazuh-notifier.md
@@ -4,13 +4,23 @@
 
 - [Introduction](#introduction)
 - [Installation](#installation)
+    - [Step 1](#step-1-download)
+    - [Step 2](#step-2-copy-files)
+        - [Python](#python_1)
+        - [Golang](#golang_1)
+    - [Step 3](#step-3)
+    - [Step 4](#step-4)
 - [Configuration](#configuration)
+    - [Golang](#golang_2)
+    - [Python](#python_2)
+    - [Note](#note)
 - [The YAML configuration](#the-yaml-configuration)
+- [Setting up the platforms](#setting-up-the-platforms-receiving-the-notifications)
 
 ## Introduction
 
 Wazuh notifier enables the Wazuh manager to be notified when selected events occur, using 3 messaging platforms:
-ntfy.sh, Discord and Slack.  
+[ntfy.sh](https://ntfy.sh), [Discord](https://discord.com) and [Slack](https://slack.com).
 
 There are 2 implementations of Wazuh notify. One written in Golang and the other in Python. Both implementations have
 similar functionality, but the Python version is slightly more configurable.
@@ -159,7 +169,7 @@ Modify the /var/ossec/etc/ossec.conf configuration file and add the following:<b
 </active-response>
 ```
 
-#### NOTE: 
+#### NOTE:
 
 The ```<name>``` in the ```<command>``` section needs to be the same as the ```<command>``` in
 the ```<active-response>``` section.
@@ -169,9 +179,9 @@ trigger that runs the ```<command>```.
 Add the rules you want to be informed about between the ```<rules_id></rules_id>```, with the rules id's separated by
 comma's.
 Example: ```<rules_id>5402, 3461, 8777</rules_id><br/>```
-(Please refer to the [Wazuh online documentation](https://documentation.wazuh.com/current/user-manual/capabilities/active-response/index.html) for more information [^Wazuh docs])
-
-[^Wazuh docs]: https://documentation.wazuh.com/current/user-manual/capabilities/active-response/index.html
+Please refer to
+the [Wazuh online documentation](https://documentation.wazuh.com/current/user-manual/capabilities/active-response/index.html)
+for more information.
 
 ## The YAML configuration
 
@@ -202,7 +212,11 @@ excluded_rules: "99999, 00000"
 excluded_agents: "99999"
 ```
 
-There is a mapping from [Wazuh threat levels](https://documentation.wazuh.com/current/user-manual/ruleset/rules-classification.html) (0-15) to priorities (1-5) in notifications.
+There is a mapping
+from [Wazuh threat levels](https://documentation.wazuh.com/current/user-manual/ruleset/rules-classification.html) (0-15)
+to priorities (1-5) in notifications.
+The colors are derived from
+the [Homeland Security Advisory System](https://en.wikipedia.org/wiki/Homeland_Security_Advisory_System).
 
 Enter the values for the threat_map as lists of integers, mention_thresholds as integers and colors as Hex integers.
 
@@ -213,26 +227,26 @@ This setting is a list notation.
 
 ```
 priority_map:
-- threat_map: [ 15,14,13,12 ]
-mention_threshold: 1
-color: 0xcc3300
-- threat_map: [ 11,10,9 ]
-mention_threshold: 1
-color: 0xff9966
-- threat_map: [ 8,7,6 ]
-mention_threshold: 5
-color: 0xffcc00
-- threat_map: [ 5,4 ]
-mention_threshold: 20
-color: 0x99cc33
-- threat_map: [ 3,2,1,0 ]
-mention_threshold: 20
-color: 0x339900
+  - threat_map: [ 15,14,13,12 ]
+    mention_threshold: 1
+    color: 0xec3e40 # Red, SEVERE
+  - threat_map: [ 11,10,9 ]
+    mention_threshold: 1
+    color: 0xff9b2b # Orange, HIGH
+  - threat_map: [ 8,7,6 ]
+    mention_threshold: 5
+    color: 0xf5d800 # Yellow, ELEVATED
+  - threat_map: [ 5,4 ]
+    mention_threshold: 20
+    color: 0x377fc7 # Blue, GUARDED
+  - threat_map: [ 3,2,1,0 ]
+    mention_threshold: 20
+    color: 0x01a465 # Green, LOW
 ```
 
 The next 2 settings are used to add information to the messages.
 Sender translate to the ``` username ``` field in Discord and to the ```title``` field in ntfy.sh. It is not used for
-Slack. 
+Slack.
 Click adds an arbitrary URL to the message.
 
 ```
@@ -290,3 +304,16 @@ Enabling this parameter provides extended logging to the console (see extended l
 ```
 extended_print: 0
 ```
+
+## Setting up the platforms receiving the notifications
+
+Each of the 3 platforms make use of webhooks or similar API's. In order to have the right information in the ```.env```
+file, please refer to the platform's documentation.
+
+[Slack](https://api.slack.com/) API documentation
+
+[ntfy.sh](https://docs.ntfy.sh/subscribe/api/) API documentation
+
+[ntfy.sh](https://docs.ntfy.sh/examples/) examples
+
+[Discord](https://discord.com/developers/docs/intro) developers documentation
\ No newline at end of file