message builder refactor

wazuh-notify-go/notification/discord.go

@@ -6,46 +6,17 @@ import (
 	"log"
 	"net/http"
 	"os"
-	"slices"
 	"strconv"
-	"strings"
+	"wazuh-notify/services"
-	"time"
 	"wazuh-notify/types"
 )
 
 func SendDiscord(params types.Params) {
 
-	var embedDescription string
+	embedDescription := services.BuildMessage(params, "discord", params.MarkdownEmphasis.Discord) +
-
+		"**Priority:** " + strconv.Itoa(params.Priority) + "\n" +
-	if slices.Contains(strings.Split(params.General.FullAlert, ","), "discord") {
+		"**Tags:** " + params.Tags + "\n\n" +
-		fullAlert, _ := json.MarshalIndent(params.WazuhMessage, "", "  ")
+		params.General.Click
-		fullAlertString := strings.ReplaceAll(string(fullAlert), `"`, "")
-		fullAlertString = strings.ReplaceAll(fullAlertString, "{", "")
-		fullAlertString = strings.ReplaceAll(fullAlertString, "}", "")
-		fullAlertString = strings.ReplaceAll(fullAlertString, "[", "")
-		fullAlertString = strings.ReplaceAll(fullAlertString, "]", "")
-		fullAlertString = strings.ReplaceAll(fullAlertString, " ,", "")
-
-		embedDescription = "\n\n ```" +
-			fullAlertString +
-			"```\n\n" +
-			"Priority: " + strconv.Itoa(params.Priority) + "\n" +
-			"Tags: " + params.Tags + "\n\n" +
-			params.General.Click
-	} else {
-		embedDescription = "\n\n" +
-			"**Timestamp: **" + time.Now().Format(time.DateTime) + "\n" +
-			"**Agent:** " + params.WazuhMessage.Parameters.Alert.Agent.Name + "\n" +
-			"**Event id:** " + params.WazuhMessage.Parameters.Alert.Rule.ID + "\n" +
-			"**Rule:** " + params.WazuhMessage.Parameters.Alert.Rule.Description + "\n" +
-			"**Description: **" + params.WazuhMessage.Parameters.Alert.FullLog + "\n" +
-			"**Threat level:** " + strconv.Itoa(params.WazuhMessage.Parameters.Alert.Rule.Level) + "\n" +
-			"**Times fired:** " + strconv.Itoa(params.WazuhMessage.Parameters.Alert.Rule.Firedtimes) +
-			"\n\n" +
-			"**Priority:** " + strconv.Itoa(params.Priority) + "\n" +
-			"**Tags:** " + params.Tags + "\n\n" +
-			params.General.Click
-	}
 
 	message := types.DiscordMessage{
 		Username: params.General.Sender,

wazuh-notify-go/notification/ntfy.go

@@ -1,42 +1,21 @@
 package notification
 
 import (
-	"encoding/json"
 	"net/http"
 	"os"
-	"slices"
 	"strconv"
 	"strings"
-	"time"
+	"wazuh-notify/services"
 	"wazuh-notify/types"
 )
 
 func SendNtfy(params types.Params) {
 
-	var payload string
+	req, _ := http.NewRequest(
+		"POST",
+		os.Getenv("NTFY_URL"),
+		strings.NewReader(services.BuildMessage(params, "ntfy", params.MarkdownEmphasis.Ntfy)))
 
-	if slices.Contains(strings.Split(params.General.FullAlert, ","), "discord") {
-		fullAlert, _ := json.MarshalIndent(params.WazuhMessage, "", "  ")
-		fullAlertString := strings.ReplaceAll(string(fullAlert), `"`, "")
-		fullAlertString = strings.ReplaceAll(fullAlertString, "{", "")
-		fullAlertString = strings.ReplaceAll(fullAlertString, "}", "")
-		fullAlertString = strings.ReplaceAll(fullAlertString, "[", "")
-		fullAlertString = strings.ReplaceAll(fullAlertString, "]", "")
-		fullAlertString = strings.ReplaceAll(fullAlertString, " ,", "")
-
-		payload = "\n\n ```" +
-			fullAlertString +
-			"```"
-	} else {
-		payload = time.Now().Format(time.RFC3339) + "\n\n" +
-			"**Agent:** " + params.WazuhMessage.Parameters.Alert.Agent.Name + "\n" +
-			"**Event id:** " + params.WazuhMessage.Parameters.Alert.Rule.ID + "\n" +
-			"**Description:** " + params.WazuhMessage.Parameters.Alert.Rule.Description + "\n" +
-			"**Threat level:** " + strconv.Itoa(params.WazuhMessage.Parameters.Alert.Rule.Level) + "\n" +
-			"**Times fired:** " + strconv.Itoa(params.WazuhMessage.Parameters.Alert.Rule.Firedtimes) + "\n"
-	}
-
-	req, _ := http.NewRequest("POST", os.Getenv("NTFY_URL"), strings.NewReader(payload))
 	req.Header.Set("Content-Type", "text/markdown")
 
 	if params.General.Sender != "" {

wazuh-notify-go/notification/slack.go

@@ -6,49 +6,18 @@ import (
 	"log"
 	"net/http"
 	"os"
-	"slices"
 	"strconv"
-	"strings"
+	"wazuh-notify/services"
-	"time"
 	"wazuh-notify/types"
 )
 
 func SendSlack(params types.Params) {
 
-	var embedDescription string
+	message := types.SlackMessage{
-
+		Text: services.BuildMessage(params, "slack", params.MarkdownEmphasis.Slack) +
-	if slices.Contains(strings.Split(params.General.FullAlert, ","), "slack") {
-		fullAlert, _ := json.MarshalIndent(params.WazuhMessage, "", "  ")
-		fullAlertString := strings.ReplaceAll(string(fullAlert), `"`, "")
-		fullAlertString = strings.ReplaceAll(fullAlertString, "{", "")
-		fullAlertString = strings.ReplaceAll(fullAlertString, "}", "")
-		fullAlertString = strings.ReplaceAll(fullAlertString, "[", "")
-		fullAlertString = strings.ReplaceAll(fullAlertString, "]", "")
-		fullAlertString = strings.ReplaceAll(fullAlertString, " ,", "")
-
-		embedDescription = "\n\n ```" +
-			fullAlertString +
-			"```\n\n" +
-			"Priority: " + strconv.Itoa(params.Priority) + "\n" +
-			"Tags: " + params.Tags + "\n\n" +
-			params.General.Click
-	} else {
-		embedDescription = "\n\n" +
-			"*Timestamp:* " + time.Now().Format(time.DateTime) + "\n" +
-			"*Agent:* " + params.WazuhMessage.Parameters.Alert.Agent.Name + "\n" +
-			"*Event id:* " + params.WazuhMessage.Parameters.Alert.Rule.ID + "\n" +
-			"*Rule:* " + params.WazuhMessage.Parameters.Alert.Rule.Description + "\n" +
-			"*Description:* " + params.WazuhMessage.Parameters.Alert.FullLog + "\n" +
-			"*Threat level:* " + strconv.Itoa(params.WazuhMessage.Parameters.Alert.Rule.Level) + "\n" +
-			"*Times fired:* " + strconv.Itoa(params.WazuhMessage.Parameters.Alert.Rule.Firedtimes) +
-			"\n\n" +
 			"*Priority:* " + strconv.Itoa(params.Priority) + "\n" +
 			"*Tags:* " + params.Tags + "\n\n" +
-			params.General.Click
+			params.General.Click,
-	}
-
-	message := types.SlackMessage{
-		Text: embedDescription,
 	}
 
 	payload := new(bytes.Buffer)

wazuh-notify-go/services/init.go

@@ -49,7 +49,7 @@ func InitNotify() types.Params {
 	flag.StringVar(&inputParams.Url, "url", "", "is the webhook URL of the Discord server. It is stored in .env.")
 	flag.StringVar(&inputParams.General.Click, "click", configParams.General.Click, "is a link (URL) that can be followed by tapping/clicking inside the message. Default is https://google.com.")
 	flag.IntVar(&inputParams.Priority, "priority", 0, "is the priority of the message, ranging from 1 (highest), to 5 (lowest). Default is 5.")
-	flag.StringVar(&inputParams.General.Sender, "sender", configParams.General.Sender + " Golang", "is the sender of the message, either an app name or a person. The default is \"Security message\".")
+	flag.StringVar(&inputParams.General.Sender, "sender", configParams.General.Sender+" Golang", "is the sender of the message, either an app name or a person. The default is \"Security message\".")
 	flag.StringVar(&inputParams.Tags, "tags", "", "is an arbitrary strings of tags (keywords), seperated by a \",\" (comma). Default is \"informational,testing,hard-coded\".")
 	flag.StringVar(&inputParams.General.Targets, "targets", "", "is a list of targets to send notifications to. Default is \"discord\".")
 
@@ -64,6 +64,7 @@ func InitNotify() types.Params {
 	inputParams.General.ExcludedAgents = configParams.General.ExcludedAgents
 	inputParams.General.ExcludedRules = configParams.General.ExcludedRules
 	inputParams.PriorityMap = configParams.PriorityMap
+	inputParams.MarkdownEmphasis = configParams.MarkdownEmphasis
 
 	wazuhInput()
 

wazuh-notify-go/services/messageBuilder.go

@@ -0,0 +1,39 @@
+package services
+
+import (
+	"encoding/json"
+	"fmt"
+	"slices"
+	"strconv"
+	"strings"
+	"time"
+	"wazuh-notify/types"
+)
+
+func BuildMessage(params types.Params, target string, emphasis string) string {
+
+	if slices.Contains(strings.Split(params.General.FullAlert, ","), target) {
+		fullAlert, _ := json.MarshalIndent(params.WazuhMessage, "", "  ")
+		fullAlertString := strings.ReplaceAll(string(fullAlert), `"`, "")
+		fullAlertString = strings.ReplaceAll(fullAlertString, "{", "")
+		fullAlertString = strings.ReplaceAll(fullAlertString, "}", "")
+		fullAlertString = strings.ReplaceAll(fullAlertString, "[", "")
+		fullAlertString = strings.ReplaceAll(fullAlertString, "]", "")
+		fullAlertString = strings.ReplaceAll(fullAlertString, " ,", "")
+
+		return "\n\n ```" +
+			fullAlertString +
+			"```\n\n"
+	} else {
+		return "\n\n" +
+			fmt.Sprintf("%sTimestamp:%s ", emphasis, emphasis) + time.Now().Format(time.DateTime) + "\n" +
+			fmt.Sprintf("%sAgent:%s ", emphasis, emphasis) + params.WazuhMessage.Parameters.Alert.Agent.Name + "\n" +
+			fmt.Sprintf("%sEvent id:%s ", emphasis, emphasis) + params.WazuhMessage.Parameters.Alert.Rule.ID + "\n" +
+			fmt.Sprintf("%sRule:%s ", emphasis, emphasis) + params.WazuhMessage.Parameters.Alert.Rule.Description + "\n" +
+			fmt.Sprintf("%sDescription:%s ", emphasis, emphasis) + params.WazuhMessage.Parameters.Alert.FullLog + "\n" +
+			fmt.Sprintf("%sThreat level:%s ", emphasis, emphasis) + strconv.Itoa(params.WazuhMessage.Parameters.Alert.Rule.Level) + "\n" +
+			fmt.Sprintf("%sTimes fired:%s ", emphasis, emphasis) + strconv.Itoa(params.WazuhMessage.Parameters.Alert.Rule.Firedtimes) +
+			"\n\n"
+
+	}
+}