Merge pull request #1 from ADORSYS-GIS/develop

Feat: Slack integration
ADORSYS-GIS · Dec 10, 2024 · b52d0b6 · b52d0b6
2 parents fd36ff5 + 7c4729a
commit b52d0b6
Show file tree

Hide file tree

Showing 9 changed files with 69 additions and 4 deletions.
diff --git a/charts/wazuh/Chart.yaml b/charts/wazuh/Chart.yaml
@@ -15,7 +15,7 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.2.21-rc.1
+version: 0.2.21-rc.2
 
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to

diff --git a/charts/wazuh/files/configs/template.config.conf.xml b/charts/wazuh/files/configs/template.config.conf.xml
@@ -355,4 +355,6 @@
         <location>/var/log/owasp-zap/*.jsonl</location>
         <log_format>json</log_format>
     </localfile>
+
+    ${SLACK_CONFIG}
 </ossec_config>
diff --git a/charts/wazuh/templates/helpers/_secrets.tpl b/charts/wazuh/templates/helpers/_secrets.tpl
@@ -40,4 +40,15 @@ Dashboard credentials
 {{- else -}}
 {{- $.Values.dashboard.authSecret -}}
 {{- end -}}
+{{- end -}}
+
+{{/*
+Slack notification credentials
+*/}}
+{{- define "secret.notification-slack" -}}
+{{- if not $.Values.notification.slack.externalSecret -}}
+{{ include "common.names.fullname" $ }}-slack-cred
+{{- else -}}
+{{- $.Values.notification.slack.externalSecret -}}
+{{- end -}}
 {{- end -}}
diff --git a/charts/wazuh/templates/manager/secret.manager-common.yaml b/charts/wazuh/templates/manager/secret.manager-common.yaml
@@ -14,8 +14,8 @@ stringData:
   SMTP_TO: "{{ .config.smtp.to }}"
   SMTP_MAX_PER_HOUR: "{{ .config.smtp.max_per_hour }}"
   QUEUE_SIZE: '131072'
-  AGENTS_DISCONNECTION_TIME: '20s'
-  AGENTS_DISCONNECTION_ALERT_TIME: '100s'
+  AGENTS_DISCONNECTION_TIME: '10m'
+  AGENTS_DISCONNECTION_ALERT_TIME: '1h'
 
   INDEXER_URL: 'https://{{ include "common.names.fullname" $ }}-indexer-api:9200'
 

diff --git a/charts/wazuh/templates/manager/secret.slack-notification.yaml b/charts/wazuh/templates/manager/secret.slack-notification.yaml
@@ -0,0 +1,20 @@
+{{ with .Values.notification.slack -}}
+{{- if and .enabled (not .externalSecret) -}}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ include "secret.notification-slack" $ }}
+  annotations:
+    {{- include "common.annotations.standard" ( dict "customAnnotations" .additionalAnnotations "context" $ ) | nindent 4 }}
+  labels:
+    {{- include "common.labels.standard" ( dict "customLabels" .additionalLabels "context" $ ) | nindent 4 }}
+stringData:
+  SLACK_CONFIG: |
+    <integration>
+        <name>slack</name>
+        <hook_url>{{ include "common.tplvalues.render" (dict "value" .webhookUrl "context" $) }}</hook_url>
+        <alert_format>json</alert_format>
+    </integration>
+
+{{- end -}}
+{{- end }}
diff --git a/charts/wazuh/templates/manager/sts.wazuh-master.yaml b/charts/wazuh/templates/manager/sts.wazuh-master.yaml
@@ -225,6 +225,11 @@ spec:
                 name: '{{ include "secret.indexer-auth" $ }}'
             - secretRef:
                 name: '{{ include "secret.common" $ }}'
+            {{ if and $.Values.notification $.Values.notification.slack $.Values.notification.slack.enabled $.Values.notification.slack.externalSecret -}}
+            - secretRef:
+                name: '{{ include "secret.notification-slack" $ }}'
+            {{- end }}
+
           {{ with .envFrom -}}
           {{ include "common.tplvalues.render" (dict "value" . "context" $) | nindent 12}}
           {{- end }}

diff --git a/charts/wazuh/templates/manager/sts.wazuh-worker.yaml b/charts/wazuh/templates/manager/sts.wazuh-worker.yaml
@@ -218,6 +218,12 @@ spec:
                 name: '{{ include "secret.indexer-auth" $ }}'
             - secretRef:
                 name: '{{ include "secret.common" $ }}'
+
+            {{ if and $.Values.notification $.Values.notification.slack $.Values.notification.slack.enabled $.Values.notification.slack.externalSecret -}}
+            - secretRef:
+                name: '{{ include "secret.notification-slack" $ }}'
+            {{- end }}
+
           {{ with .envFrom -}}
           {{ include "common.tplvalues.render" (dict "value" . "context" $) | nindent 12}}
           {{- end }}

diff --git a/charts/wazuh/values-remote-secrets.yaml b/charts/wazuh/values-remote-secrets.yaml
@@ -15,4 +15,8 @@ dashboard:
   auth: ~
   authSecret: "<example>-dashboard-secrets"
 
+notification:
+  slack:
+    externalSecret: "<example>-slack-secrets"
+
 secrets: ~
diff --git a/charts/wazuh/values.yaml b/charts/wazuh/values.yaml
@@ -798,4 +798,21 @@ configmaps: { }
 
 ##
 ##
-secrets: { }
+secrets: { }
+
+
+##
+##
+notification:
+  ##
+  ##
+  slack:
+    ##
+    ##
+    enabled: true
+    ##
+    ##
+    webhookUrl: https://<example1>.slack.com/services/hooks/<example2>
+    ##
+    ##
+    externalSecret: ~