From 2f9c2c19698ad7dc9491a4dec2981a203dd36204 Mon Sep 17 00:00:00 2001 From: Nik Rozman Date: Fri, 27 Oct 2023 18:05:58 +0200 Subject: [PATCH] Add alert handling --- ignored.txt | 2 +- main.go | 2 +- src/alert_channel.go | 63 ++++++++++++++++++++++++++++++++++++++++++++ src/event_counter.go | 3 ++- 4 files changed, 67 insertions(+), 3 deletions(-) create mode 100644 src/alert_channel.go diff --git a/ignored.txt b/ignored.txt index 757d890..dbad150 100644 --- a/ignored.txt +++ b/ignored.txt @@ -1 +1 @@ -192.168.1.191/32 \ No newline at end of file +192.168.1.190/32 \ No newline at end of file diff --git a/main.go b/main.go index c5509e8..f243449 100644 --- a/main.go +++ b/main.go @@ -80,7 +80,7 @@ func main() { fmt.Printf("Loaded %d ignored subnets: %v\n", len(ignored), ignored) // Create an instance of EventCounter to track events. - eventCounter := src.NewEventCounter(1*time.Minute, src.HandleAlert) + eventCounter := src.NewEventCounter(10*time.Second, src.HandleAlert) go eventCounter.StartMonitoring() // Open the named pipe for reading. diff --git a/src/alert_channel.go b/src/alert_channel.go new file mode 100644 index 0000000..034c30c --- /dev/null +++ b/src/alert_channel.go @@ -0,0 +1,63 @@ +package src + +import ( + "bytes" + "encoding/json" + "fmt" + "net/http" +) + +// WebhookURL is the URL of the Discord webhook. +const WebhookURL = "https://discord.com/api/webhooks/1116824798421594233/ARw2KQvPPIt2wLlw4Ssp98o0VWkjr-FdZ2kpFono8zu5UC-N1Uyysy73wbL_DvYJutya" + +// AlertData represents the data to be sent in the alert. +type AlertData struct { + Embeds []Embed `json:"embeds"` +} + +// Embed represents an embedded message in the alert. +type Embed struct { + Title string `json:"title"` + Description string `json:"description"` + Color int `json:"color"` +} + +// SendAlert sends an alert to the specified Discord webhook. +func SendAlert(alert string) error { + url := WebhookURL + + alertData := AlertData{ + Embeds: []Embed{ + { + Title: "IP Abuse alert", + Description: alert, + Color: 15258703, // Color in decimal (corresponding to a certain color) + }, + }, + } + + jsonData, err := json.Marshal(alertData) + if err != nil { + return err + } + + client := &http.Client{} + req, err := http.NewRequest("POST", url, bytes.NewBuffer(jsonData)) + if err != nil { + return err + } + req.Header.Set("Content-Type", "application/json") + + resp, err := client.Do(req) + if err != nil { + return err + } + defer resp.Body.Close() + + if resp.StatusCode < 200 || resp.StatusCode >= 300 { + fmt.Printf("non-2xx status code: %d\n", resp.StatusCode) + return fmt.Errorf("non-2xx status code") + } + + return nil +} diff --git a/src/event_counter.go b/src/event_counter.go index e6131c4..7d4fc13 100644 --- a/src/event_counter.go +++ b/src/event_counter.go @@ -39,7 +39,7 @@ func (ec *EventCounter) StartMonitoring() { for range ec.resetTimer.C { ec.mutex.Lock() for key, count := range ec.counts { - if count >= 100 { + if count >= 10 { ip, port := parseKey(key) ec.alertHandler(ip, port, count) } @@ -68,5 +68,6 @@ func (ec *EventCounter) StopMonitoring() { // HandleAlert is a placeholder for alert handling logic. func HandleAlert(ip, port string, count int) { + SendAlert(fmt.Sprintf("Alert: Source IP %s, Port %s exceeded the threshold with a count of %d\n", ip, port, count)) fmt.Printf("Alert: Source IP %s, Port %s exceeded the threshold with a count of %d\n", ip, port, count) }