From 2872f88a25070c4a30bd4c5623434e0062dae6c9 Mon Sep 17 00:00:00 2001 From: darius Date: Mon, 27 May 2024 15:29:39 +0200 Subject: [PATCH 1/3] go mod fix --- wazuh-notify-go/go.mod | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/wazuh-notify-go/go.mod b/wazuh-notify-go/go.mod index 463f281..817cce4 100644 --- a/wazuh-notify-go/go.mod +++ b/wazuh-notify-go/go.mod @@ -3,8 +3,6 @@ module wazuh-notify go 1.22 require ( + github.com/BurntSushi/toml v1.4.0 github.com/joho/godotenv v1.5.1 - gopkg.in/yaml.v2 v2.4.0 ) - -require github.com/BurntSushi/toml v1.4.0 // indirect From af2887edc23f5a31070de7c3ecf91c1a73599c92 Mon Sep 17 00:00:00 2001 From: darius Date: Mon, 27 May 2024 15:39:50 +0200 Subject: [PATCH 2/3] useless flags removed --- wazuh-notify-go/services/flags.go | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/wazuh-notify-go/services/flags.go b/wazuh-notify-go/services/flags.go index a95d16b..160a56b 100644 --- a/wazuh-notify-go/services/flags.go +++ b/wazuh-notify-go/services/flags.go @@ -8,16 +8,13 @@ import ( func ParseFlags(params types.Params) types.Params { - flag.StringVar(¶ms.Url, "url", "", "is the webhook URL of the Discord server. It is stored in .env.") flag.StringVar(¶ms.General.Click, "click", params.General.Click, "is a link (URL) that can be followed by tapping/clicking inside the message. Default is https://google.com.") - flag.IntVar(¶ms.Priority, "priority", 0, "is the priority of the message, ranging from 1 (highest), to 5 (lowest). Default is 5.") flag.StringVar(¶ms.General.Sender, "sender", params.General.Sender+" Golang", "is the sender of the message, either an app name or a person. The default is \"Security message\".") - flag.StringVar(¶ms.Tags, "tags", "", "is an arbitrary strings of tags (keywords), seperated by a \",\" (comma). Default is \"informational,testing,hard-coded\".") flag.StringVar(¶ms.General.Targets, "targets", params.General.Targets, "is a list of targets to send notifications to. Default is \"discord\".") flag.Parse() - log.Log("params loaded") + log.Log("flags loaded") return params } From 7377fdda65c6f081e096737e7cb0fb6b54b5bef8 Mon Sep 17 00:00:00 2001 From: darius Date: Mon, 27 May 2024 15:49:04 +0200 Subject: [PATCH 3/3] comments added --- wazuh-notify-go/main.go | 5 +++-- wazuh-notify-go/services/config.go | 8 ++++---- wazuh-notify-go/services/flags.go | 4 ++-- wazuh-notify-go/services/wazuhData.go | 13 ++++++++----- wazuh-notify-go/targets/discord/discord.go | 8 ++++---- wazuh-notify-go/targets/ntfy/ntfy.go | 6 +++--- wazuh-notify-go/targets/slack/slack.go | 6 +++--- 7 files changed, 27 insertions(+), 23 deletions(-) diff --git a/wazuh-notify-go/main.go b/wazuh-notify-go/main.go index c11eb57..87e2bdc 100644 --- a/wazuh-notify-go/main.go +++ b/wazuh-notify-go/main.go @@ -10,10 +10,11 @@ import ( ) func main() { + //Read config file and .env configParams := services.ReadConfig() - + //Parse command line flags inputParams := services.ParseFlags(configParams) - + //Parse wazuh input data from stdin Params := services.ParseWazuhInput(inputParams) for _, target := range strings.Split(Params.General.Targets, ", ") { diff --git a/wazuh-notify-go/services/config.go b/wazuh-notify-go/services/config.go index 89f0b36..a0285ee 100644 --- a/wazuh-notify-go/services/config.go +++ b/wazuh-notify-go/services/config.go @@ -12,12 +12,12 @@ import ( func ReadConfig() types.Params { var configParams types.Params - + //Get Path of executable location baseFilePath, _ := os.Executable() baseDirPath := path.Dir(baseFilePath) - + //Open log file and set first message log.OpenLogFile(baseDirPath) - + //Load .env into environment variables err := godotenv.Load(path.Join(baseDirPath, "../../etc/.env")) if err != nil { log.Log("env failed to load") @@ -25,7 +25,7 @@ func ReadConfig() types.Params { } else { log.Log("env loaded") } - + //Read config file tomlFile, err := os.ReadFile(path.Join(baseDirPath, "../../etc/wazuh-notify-config.toml")) if err != nil { log.Log("toml failed to load") diff --git a/wazuh-notify-go/services/flags.go b/wazuh-notify-go/services/flags.go index 160a56b..39aa301 100644 --- a/wazuh-notify-go/services/flags.go +++ b/wazuh-notify-go/services/flags.go @@ -7,11 +7,11 @@ import ( ) func ParseFlags(params types.Params) types.Params { - + //Set command line flags flag.StringVar(¶ms.General.Click, "click", params.General.Click, "is a link (URL) that can be followed by tapping/clicking inside the message. Default is https://google.com.") flag.StringVar(¶ms.General.Sender, "sender", params.General.Sender+" Golang", "is the sender of the message, either an app name or a person. The default is \"Security message\".") flag.StringVar(¶ms.General.Targets, "targets", params.General.Targets, "is a list of targets to send notifications to. Default is \"discord\".") - + //Get flag values flag.Parse() log.Log("flags loaded") diff --git a/wazuh-notify-go/services/wazuhData.go b/wazuh-notify-go/services/wazuhData.go index 8e7a220..ac24a7f 100644 --- a/wazuh-notify-go/services/wazuhData.go +++ b/wazuh-notify-go/services/wazuhData.go @@ -13,23 +13,26 @@ import ( func ParseWazuhInput(params types.Params) types.Params { var wazuhData types.WazuhMessage - + //Read stdin reader := bufio.NewReader(os.Stdin) - + //Decode stdin to wazuhData json.NewDecoder(reader).Decode(&wazuhData) - + //Parse tags params.Tags += strings.Join(wazuhData.Parameters.Alert.Rule.Groups, ",") params.WazuhMessage = wazuhData - + //Map priority and color based on config for i := range params.PriorityMap { if slices.Contains(params.PriorityMap[i].ThreatMap, wazuhData.Parameters.Alert.Rule.Level) { + //Check notify threshold if params.WazuhMessage.Parameters.Alert.Rule.Firedtimes%params.PriorityMap[i].NotifyThreshold != 0 { log.Log("threshold not met") log.CloseLogFile() os.Exit(0) } + //Set color based on config map params.Color = params.PriorityMap[i].Color + //Check mention threshold if params.WazuhMessage.Parameters.Alert.Rule.Firedtimes >= params.PriorityMap[i].MentionThreshold { params.Mention = "@here" } @@ -38,7 +41,7 @@ func ParseWazuhInput(params types.Params) types.Params { } log.Log("Wazuh data loaded") - + //Filter messages based on rules defined in config Filter(params) return params diff --git a/wazuh-notify-go/targets/discord/discord.go b/wazuh-notify-go/targets/discord/discord.go index 734bf5f..fced433 100644 --- a/wazuh-notify-go/targets/discord/discord.go +++ b/wazuh-notify-go/targets/discord/discord.go @@ -11,11 +11,11 @@ import ( ) func SendDiscord(params types.Params) { - + //Build message content embedDescription := services.BuildMessage(params, "discord", params.MarkdownEmphasis.Discord) + "**Tags:** " + params.Tags + "\n\n" + params.General.Click - + //Build message message := DiscordMessage{ Username: params.General.Sender, Content: params.Mention, @@ -29,12 +29,12 @@ func SendDiscord(params types.Params) { } payload := new(bytes.Buffer) - + //Parse message to json err := json.NewEncoder(payload).Encode(message) if err != nil { return } - + //Send message to webhook _, err = http.Post(os.Getenv("DISCORD_URL"), "application/json", payload) if err != nil { log.Fatalf("An Error Occured %v", err) diff --git a/wazuh-notify-go/targets/ntfy/ntfy.go b/wazuh-notify-go/targets/ntfy/ntfy.go index d6a0dfd..1d27848 100644 --- a/wazuh-notify-go/targets/ntfy/ntfy.go +++ b/wazuh-notify-go/targets/ntfy/ntfy.go @@ -10,14 +10,14 @@ import ( ) func SendNtfy(params types.Params) { - + //Create request and build message req, _ := http.NewRequest( "POST", os.Getenv("NTFY_URL"), strings.NewReader(" "+services.BuildMessage(params, "ntfy", params.MarkdownEmphasis.Ntfy))) req.Header.Set("Content-Type", "text/markdown") - + //Set headers if not empty if params.General.Sender != "" { req.Header.Add("Title", params.General.Sender) } @@ -30,6 +30,6 @@ func SendNtfy(params types.Params) { if params.Priority != 0 { req.Header.Add("Priority", strconv.Itoa(params.Priority)) } - + //Send request http.DefaultClient.Do(req) } diff --git a/wazuh-notify-go/targets/slack/slack.go b/wazuh-notify-go/targets/slack/slack.go index 3aa6f4c..d8c0351 100644 --- a/wazuh-notify-go/targets/slack/slack.go +++ b/wazuh-notify-go/targets/slack/slack.go @@ -11,7 +11,7 @@ import ( ) func SendSlack(params types.Params) { - + //Build message message := SlackMessage{ Text: services.BuildMessage(params, "slack", params.MarkdownEmphasis.Slack) + "*Tags:* " + params.Tags + "\n\n" + @@ -19,12 +19,12 @@ func SendSlack(params types.Params) { } payload := new(bytes.Buffer) - + //Parse message to json err := json.NewEncoder(payload).Encode(message) if err != nil { return } - + //Send message to webhook _, err = http.Post(os.Getenv("SLACK_URL"), "application/json", payload) if err != nil { log.Fatalf("An Error Occured %v", err)