priority + tags fix

2024-05-09 21:00:24 +02:00 · 2024-05-09 21:00:24 +02:00 · 43999ff914
commit 43999ff914
parent 69ebc0fca3
3 changed files with 18 additions and 14 deletions
--- a/wazuh-notify-go/services/init.go
+++ b/wazuh-notify-go/services/init.go
@ -9,6 +9,7 @@ import (
 	"os"
 	"path"
 	"runtime"
+	"strings"
 	"wazuh-notify/log"
 	"wazuh-notify/types"
 )
@ -33,8 +34,6 @@ func InitNotify() types.Params {
 		log.Log("env loaded")
 	}

-	wazuhInput()
-
 	yamlFile, err := os.ReadFile(path.Join(BasePath, "../../etc/wazuh-notify-config.yaml"))
 	if err != nil {
 		log.Log("yaml failed to load")
@ -56,6 +55,8 @@ func InitNotify() types.Params {
 	log.Log("params loaded")
 	inputParams.Targets = configParams.Targets

+	wazuhInput()
+
 	return inputParams
 }

@ -64,7 +65,9 @@ func wazuhInput() {

 	json.NewDecoder(reader).Decode(&wazuhData)

-	mapPriority()
+	inputParams.Priority = mapPriority()
+
+	inputParams.Tags += strings.Join(wazuhData.Parameters.Alert.Rule.Groups, ",")

 	inputParams.WazuhMessage = wazuhData
 }
--- a/wazuh-notify-go/services/mapping.go
+++ b/wazuh-notify-go/services/mapping.go
@ -2,20 +2,21 @@ package services

 import "slices"

-func mapPriority() {
+func mapPriority() int {
 	if slices.Contains(configParams.Priority1, wazuhData.Parameters.Alert.Rule.Level) {
-		inputParams.Priority = wazuhData.Parameters.Alert.Rule.Level
+		return 1
 	}
 	if slices.Contains(configParams.Priority2, wazuhData.Parameters.Alert.Rule.Level) {
-		inputParams.Priority = wazuhData.Parameters.Alert.Rule.Level
+		return 2
 	}
 	if slices.Contains(configParams.Priority3, wazuhData.Parameters.Alert.Rule.Level) {
-		inputParams.Priority = wazuhData.Parameters.Alert.Rule.Level
+		return 3
 	}
 	if slices.Contains(configParams.Priority4, wazuhData.Parameters.Alert.Rule.Level) {
-		inputParams.Priority = wazuhData.Parameters.Alert.Rule.Level
+		return 4
 	}
 	if slices.Contains(configParams.Priority5, wazuhData.Parameters.Alert.Rule.Level) {
-		inputParams.Priority = wazuhData.Parameters.Alert.Rule.Level
+		return 5
 	}
+	return 0
 }
--- a/wazuh-notify-go/wazuh-notify-config.yaml
+++ b/wazuh-notify-go/wazuh-notify-config.yaml
@ -16,11 +16,11 @@ excluded_agents: "999"

 # Priority mapping from 1-12 (Wazuh events) to 1-5 (Discord and ntfy notification)

-priority_1: 12, 11, 10
-priority_2: 9, 8
-priority_3: 7, 6
-priority_4: 5, 4
-priority_5: 3 ,2, 1
+priority_5: [12,11,10]
+priority_4: [9,8]
+priority_3: [7,6]
+priority_2: [5,4]
+priority_1: [3,2,1]

 sender: "Wazuh (IDS)"
 click: "https://google.com"