---
# Start of wazuh notifier configuration yaml.

# This is the yaml config file for wazuh-active-response (for both the Python and Go version)

targets: "slack, ntfy, discord"  # Platforms in this string with comma seperated values are triggered.
full_message: ""                 # Platforms in this string will enable sending the full event information.
full_alert: ""                   # Platforms in this string will enable sending the full event information.

# Exclude rule events that are enabled in the ossec.conf active response definition.
# These settings provide an easier way to disable events from firing the notifiers.

excluded_rules: "99999, 00000"        # Enter as a string with comma seperated values
excluded_agents: "99999"              # Enter as a string with comma seperated values

# Priority mapping from 0-15 (Wazuh threat levels) to 1-5 (in notifications) and their respective colors (Discord)
# https://documentation.wazuh.com/current/user-manual/ruleset/rules-classification.html
# Enter threat_map as lists of integers, mention_threshold as integer and color as Hex integer

priority_map:
  - threat_map: [ 15,14,13,12 ]
    mention_threshold: 1
    color: 0xec3e40 # Red, SEVERE
  - threat_map: [ 11,10,9 ]
    mention_threshold: 1
    color: 0xff9b2b # Orange, HIGH
  - threat_map: [ 8,7,6 ]
    mention_threshold: 5
    color: 0xf5d800 # Yellow, ELEVATED
  - threat_map: [ 5,4 ]
    mention_threshold: 20
    color: 0x377fc7 # Blue, GUARDED
  - threat_map: [ 3,2,1,0 ]
    mention_threshold: 20
    color: 0x01a465 # Green, LOW

# The next 2 settings are used to add information to the messages.
sender: "Wazuh (IDS)"
click: "https://documentation.wazuh.com/"

###########################################################################################
# From here on the settings are ONLY used by the Python version of wazuh-active-response. #
###########################################################################################

# Below settings provide for a window that enable/disables events from firing the notifiers.
excluded_days: ""                   # Enter as a string with comma seperated values. Be aware of your regional settings.
excluded_hours: [ "23:59", "00:00" ]  # Enter as a tuple of string values. Be aware of your regional settings.

# Following parameter defines the markdown characters to emphasise the parameter names in the notification messages
markdown_emphasis:
  slack: "*"
  ntfy: "**"
  discord: "**"

# The next settings are used for testing. Test mode will add the example event in wazuh-notify-test-event.json instead of the
# message received through wazuh. This enables testing for particular events when the test event is customized.
test_mode: False

# Enabling this parameter provides more logging to the wazuh-notifier log.
extended_logging: 2

# Enabling this parameter provides extended logging to the console.
extended_print: 0

# End of wazuh notifier configuration yaml
...