klein-projects/wazuh-notify
2
0
Fork 0
Code Issues 1 Pull Requests Actions Packages Projects Releases 2 Wiki Activity

yaml update

Browse Source
This commit is contained in:
Rudi klein 2024-05-08 15:09:35 +02:00
parent 9e0d5b22d2
commit 3a7ad4941a
3 changed files with 15 additions and 93 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

57
wazuh-notify-go/config.yaml
View File

@ -7,8 +7,6 @@
# COMMON (custom-wazuh-notifiers.py) configuration settings start here. # COMMON (custom-wazuh-notifiers.py) configuration settings start here.
# 1 = messages will be sent through this message server. 0 = messages will NOT be sent through this message server. # 1 = messages will be sent through this message server. 0 = messages will NOT be sent through this message server.
discord_enabled: 1
ntfy_enabled: 1
targets: "discord,ntfy" targets: "discord,ntfy"
# Exclude rules that are listed in the ossec.conf active response definition. # Exclude rules that are listed in the ossec.conf active response definition.
@ -24,61 +22,10 @@ notifier_priority_3: 7, 6
notifier_priority_4: 5, 4 notifier_priority_4: 5, 4
notifier_priority_5: 3 ,2, 1 notifier_priority_5: 3 ,2, 1
# COMMON configuration settings end here. sender: "Wazuh (IDS)"
click: "https://google.com"
# NTFY configuration settings start here.
# The default values refer to the hard-coded defaults, if no yaml configuration is found.
#
# -u, --server is the URL of the NTFY server, ending with a "/". Default is https://ntfy.sh/.
# -s, --sender is the sender of the message, either an app name or a person. Default is "Wazuh (IDS)".
# -d, --destination is the NTFY subscription, to send the message to. Default is none.
# -p, --priority is the priority of the message, ranging from 1 (highest), to 5 (lowest). Default is 5.
# -m, --message is the text of the message to be sent. Default is "Test message".
# -t, --tags is an arbitrary strings of tags (keywords), seperated by a "," (comma). Default is "informational, testing, hard-coded".
# -c, --click is a link (URL) that can be followed by tapping/clicking inside the message. Default is https://google.com.
# -h, --help shows this help message. Must have no value argument.
# -v, --view show config.
ntfy_server: "https://ntfy.sh/"
ntfy_sender: "Wazuh (IDS)"
ntfy_destination: "__KleinTest"
ntfy_priority: "3"
ntfy_message: "Test message"
ntfy_tags: "information, testing, yaml"
ntfy_click: "https://google.com"
# 1 to send the full event data with the message. 0 only sends the message with basic details
ntfy_full_message: "0"
# NTFY configuration settings end here.
# DISCORD configuration settings start here.
# The default values refer to the hard-coded defaults, if no yaml configuration is found.
# -u, --server is the webhook URL of the Discord server. It is stored in .env.
# -s, --sender is the sender of the message, either an app name or a person. The default is "Security message".
# -d, --destination is the destination (actually the originator) of the message, either an app name or a person. Default is "Wazuh (IDS)"
# -p, --priority is the priority of the message, ranging from 1 (highest), to 5 (lowest). Default is 5.
# -m, --message is the text of the message to be sent. Default is "Test message", but may include --tags and/or --click.
# -t, --tags is an arbitrary strings of tags (keywords), seperated by a "," (comma). Default is "informational, testing, hard-coded".
# -c, --click is a link (URL) that can be followed by tapping/clicking inside the message. Default is https://google.com.
# -h, --help shows this help message. Must have no value argument.
# -v, --view show config.
discord_server: "not used! The webhook (server) is a secret stored in .env"
discord_sender: "Security message"
discord_destination: "WAZUH (IDS)"
discord_priority: 3
discord_message: "Test message"
discord_tags: "informational, testing, yaml"
discord_click: "https://google.com"
# 1 to send the full event data with the message. 0 only sends the message with basic details
discord_full_message: "0"
# DISCORD configuration settings ends here.
#end of yaml #end of yaml
... ...

35
wazuh-notify-go/init.go
View File

@ -18,42 +18,17 @@ func initNotify() {
return return
} }
yamlFile, err := os.ReadFile("./config.yaml")
yaml.Unmarshal(yamlFile, &configParams)
flag.StringVar(&inputParams.Server, "server", "", "is the webhook URL of the Discord server. It is stored in .env.") flag.StringVar(&inputParams.Server, "server", "", "is the webhook URL of the Discord server. It is stored in .env.")
flag.StringVar(&inputParams.Click, "click", "", "is a link (URL) that can be followed by tapping/clicking inside the message. Default is https://google.com.") flag.StringVar(&inputParams.Click, "click", configParams.Click, "is a link (URL) that can be followed by tapping/clicking inside the message. Default is https://google.com.")
flag.StringVar(&inputParams.Destination, "destination", "", "is the destination (actually the originator) of the message, either an app name or a person. Default is \"Wazuh (IDS)\"") flag.StringVar(&inputParams.Destination, "destination", "", "is the destination (actually the originator) of the message, either an app name or a person. Default is \"Wazuh (IDS)\"")
flag.StringVar(&inputParams.Message, "message", "", "is the text of the message to be sent. Default is \"Test message\", but may include --tags and/or --click.") flag.StringVar(&inputParams.Message, "message", "", "is the text of the message to be sent. Default is \"Test message\", but may include --tags and/or --click.")
flag.IntVar(&inputParams.Priority, "priority", 0, "is the priority of the message, ranging from 1 (highest), to 5 (lowest). Default is 5.") flag.IntVar(&inputParams.Priority, "priority", 0, "is the priority of the message, ranging from 1 (highest), to 5 (lowest). Default is 5.")
flag.StringVar(&inputParams.Sender, "sender", "", "is the sender of the message, either an app name or a person. The default is \"Security message\".") flag.StringVar(&inputParams.Sender, "sender", configParams.Sender, "is the sender of the message, either an app name or a person. The default is \"Security message\".")
flag.StringVar(&inputParams.Tags, "tags", "", "is an arbitrary strings of tags (keywords), seperated by a \",\" (comma). Default is \"informational,testing,hard-coded\".") flag.StringVar(&inputParams.Tags, "tags", "", "is an arbitrary strings of tags (keywords), seperated by a \",\" (comma). Default is \"informational,testing,hard-coded\".")
flag.StringVar(&inputParams.Targets, "targets", "", "is a list of targets to send notifications to. Default is \"discord\".") flag.StringVar(&inputParams.Targets, "targets", "", "is a list of targets to send notifications to. Default is \"discord\".")
flag.Parse() flag.Parse()
yamlFile, err := os.ReadFile("./config.yaml")
yaml.Unmarshal(yamlFile, &configParams)
if inputParams.Server == "" {
inputParams.Server = configParams.Server
}
if inputParams.Click == "" {
inputParams.Click = configParams.Click
}
if inputParams.Destination == "" {
inputParams.Destination = configParams.Destination
}
if inputParams.Message == "" {
inputParams.Message = configParams.Message
}
if inputParams.Priority == 0 {
inputParams.Priority = configParams.Priority
}
if inputParams.Sender == "" {
inputParams.Sender = configParams.Sender
}
if inputParams.Tags == "" {
inputParams.Tags = configParams.Tags
}
if inputParams.Targets == "" {
inputParams.Targets = configParams.Targets
}
} }

16
wazuh-notify-go/types/types.go
View File

@ -1,14 +1,14 @@
package types package types
type Params struct { type Params struct {
Server string `yaml:"discord_server"` Server string
Sender string `yaml:"discord_sender"` Sender string `yaml:"sender,omitempty"`
Destination string `yaml:"discord_destination"` Destination string
Priority int `yaml:"discord_priority"` Priority int
Message string `yaml:"discord_message"` Message string
Tags string `yaml:"discord_tags"` Tags string
Click string `yaml:"discord_click"` Click string `yaml:"click,omitempty"`
Targets string `yaml:"targets"` Targets string `yaml:"targets,omitempty"`
} }
type Message struct { type Message struct {