From 5e5d3003929064f7f25f714c7ff447e54ee276f7 Mon Sep 17 00:00:00 2001 From: Rudi Klein Date: Thu, 9 May 2024 18:51:16 +0200 Subject: [PATCH] semi-final python go final --- wazuh-notify-go/.env | 2 +- wazuh-notify-go/log/log.go | 2 +- wazuh-notify-go/services/init.go | 4 +- .../{config.yaml => wazuh-notify-config.yaml} | 0 wazuh_notifier_module.py | 43 +++++++++++-------- 5 files changed, 29 insertions(+), 22 deletions(-) rename wazuh-notify-go/{config.yaml => wazuh-notify-config.yaml} (100%) diff --git a/wazuh-notify-go/.env b/wazuh-notify-go/.env index c7bbc35..cecf3fc 100644 --- a/wazuh-notify-go/.env +++ b/wazuh-notify-go/.env @@ -1,2 +1,2 @@ -DISCORD_WEBHOOK=https://discord.com/api/webhooks/1237526475306176572/kHGnaQiM8qWOfdLIN1LWqgq3dsfqiHtsfs-Z5FralJNdX5hdw-MOPf4zzIDiFVjcIat4 +DISCORD_URL=https://discord.com/api/webhooks/1237526475306176572/kHGnaQiM8qWOfdLIN1LWqgq3dsfqiHtsfs-Z5FralJNdX5hdw-MOPf4zzIDiFVjcIat4 NTFY_URL=https://ntfy.sh/__KleinTest \ No newline at end of file diff --git a/wazuh-notify-go/log/log.go b/wazuh-notify-go/log/log.go index fac490a..3ebf948 100644 --- a/wazuh-notify-go/log/log.go +++ b/wazuh-notify-go/log/log.go @@ -9,7 +9,7 @@ import ( var logFile *os.File func OpenLogFile(BasePath string) { - logFile, _ = os.OpenFile(path.Join(BasePath, "../../log/active-responses.log"), os.O_APPEND|os.O_WRONLY|os.O_CREATE, 0600) + logFile, _ = os.OpenFile(path.Join(BasePath, "../../logs/active-responses.log"), os.O_APPEND|os.O_WRONLY|os.O_CREATE, 0600) _, err := logFile.WriteString( "\n#######################################\n## START ##" + "\n" + time.Now().String() + diff --git a/wazuh-notify-go/services/init.go b/wazuh-notify-go/services/init.go index 4817740..163abdb 100644 --- a/wazuh-notify-go/services/init.go +++ b/wazuh-notify-go/services/init.go @@ -35,10 +35,10 @@ func InitNotify() types.Params { wazuhInput() - yamlFile, err := os.ReadFile(path.Join(BasePath, "../../etc/config.yaml")) + yamlFile, err := os.ReadFile(path.Join(BasePath, "../../etc/wazuh-notify-config.yaml")) if err != nil { log.Log("yaml failed to load") - yamlFile, err = os.ReadFile(path.Join(BasePath, "config.yaml")) + yamlFile, err = os.ReadFile(path.Join(BasePath, "wazuh-notify-config.yaml")) } yaml.Unmarshal(yamlFile, &configParams) diff --git a/wazuh-notify-go/config.yaml b/wazuh-notify-go/wazuh-notify-config.yaml similarity index 100% rename from wazuh-notify-go/config.yaml rename to wazuh-notify-go/wazuh-notify-config.yaml diff --git a/wazuh_notifier_module.py b/wazuh_notifier_module.py index e6de6ad..6e7a9b4 100755 --- a/wazuh_notifier_module.py +++ b/wazuh_notifier_module.py @@ -16,8 +16,8 @@ def get_env(): raise Exception(dotenv_path, "file not found") # Retrieve url from .env - discord_url = os.getenv("DISCORD_url") - ntfy_url = os.getenv("NTFY_url") + discord_url = os.getenv("DISCORD_URL") + ntfy_url = os.getenv("NTFY_URL") except Exception as err: # output error, and return with an error code @@ -26,6 +26,7 @@ def get_env(): return discord_url, ntfy_url + # Set structured timestamp for logging and discord/ntfy message. @@ -37,7 +38,7 @@ def set_time(): # Define paths: wazuh_path = wazuh root directory # ar_path = active-responses.log path, -# config_path = wazuh-notifier-config.yaml +# config_path = wazuh-notifier-wazuh-notify-config.yaml def set_environment(): # todo fix reference when running manually/in process @@ -45,12 +46,12 @@ def set_environment(): wazuh_path = "/var/ossec" # wazuh_path = os.path.abspath(os.path.join(__file__, "../../..")) ar_path = '{0}/logs/active-responses.log'.format(wazuh_path) - config_path = 'wazuh-notifier-conf.yaml'.format(wazuh_path) + config_path = 'wazuh-notifier-wazuh-notify-config.yaml'.format(wazuh_path) return wazuh_path, ar_path, config_path -# Import configuration settings from wazuh-notifier-config.yaml +# Import configuration settings from wazuh-notifier-wazuh-notify-config.yaml def import_config(): @@ -64,7 +65,7 @@ def import_config(): return None -# Show configuration settings from wazuh-notifier-config.yaml +# Show configuration settings from wazuh-notifier-wazuh-notify-config.yaml def view_config(): @@ -95,33 +96,39 @@ def threat_priority_mapping(threat_level, np_1, np_2, np_3, np_4, np_5): if threat_level in np_1: priority_mapping = "1" + priority_color = 0x339900 elif threat_level in np_2: priority_mapping = "2" + priority_color = 0x99cc33 elif threat_level in np_3: priority_mapping = "3" + priority_color = 0xffcc00 elif threat_level in np_4: priority_mapping = "4" + priority_color = 0xff9966 elif threat_level in np_5: priority_mapping = "5" + priority_color = 0xcc3300 else: priority_mapping = "3" + priority_color = 0xffcc00 - return priority_mapping + return priority_mapping, priority_color def get_yaml_config(): config = import_config() - config['np_1'] = "3, 3, 3" if (config.get("notifier_priority_1") is None) else config.get("notifier_priority_1") - config['np_2'] = "4, 5" if (config.get("notifier_priority_2") is None) else config.get("notifier_priority_2") - config['np_3'] = "6, 7" if (config.get("notifier_priority_3") is None) else config.get("notifier_priority_3") - config['np_4'] = "8, 9" if (config.get("notifier_priority_4") is None) else config.get("notifier_priority_4") - config['np_5'] = "10, 11, 12" if (config.get("notifier_priority_5") is None) else config.get("notifier_priority_5") - config['targets'] = "ntfy, discord" if (config.get("targets") is None) else config.get("targets") - config['excluded_rules'] = "" if (config.get("excluded_rules") is None) else config.get("excluded_rules") - config['excluded_agents'] = "" if (config.get("excluded_agents") is None) else config.get("excluded_agents") - config['sender'] = "Wazuh (IDS)" if (config.get("sender") is None) else config.get("sender") - config['click'] = "https://wazuh.org" if (config.get("click") is None) else config.get("click") + config['np_1'] = config.get('np_1', '1, 2, 3') + config['np_2'] = config.get('np_2', '4,5') + config['np_3'] = config.get('np_3', '6,7') + config['np_4'] = config.get('np_4', '8,9') + config['np_5'] = config.get('np_5', '10, 11, 12') + config['targets'] = config.get('targets', 'ntfy, discord') + config['excluded_rules'] = config.get('excluded_rules', '') + config['excluded_agents'] = config.get('excluded_agents', '') + config['sender'] = 'Wazuh (IDS)' + config['click'] = 'https://wazuh.org' return config @@ -154,7 +161,7 @@ def get_arguments(): argument_list: list = sys.argv[1:] if not argument_list: - pass + return url, sender, destination, message, priority, tags, click else: