Merge pull request #5962 from wazuh/5927_custom_notifications_in_inte…

…grations

Options section for integrations.

source/user-manual/manager/manual-integration.rst

@@ -21,13 +21,14 @@ The integrations are configured on the Wazuh manager ``ossec.conf`` file. You ca
     <name> </name>
     <hook_url> </hook_url> <!-- Required for Slack, Shuffle, and Maltiverse -->
     <api_key> </api_key> <!-- Required for PagerDuty, VirusTotal, and Maltiverse -->
-    <alert_format>json</alert_format> <!-- Required for Slack, VirusTotal, Shuffle, and Maltiverse -->
+    <alert_format>json</alert_format> <!-- Required for Slack, PagerDuty, VirusTotal, Shuffle, and Maltiverse -->
 
     <!-- Optional filters -->
     <rule_id> </rule_id>
     <level> </level>
     <group> </group>
     <event_location> </event_location>
+    <options> </options>
   </integration>
 
 
@@ -71,6 +72,10 @@ To set up this integration, follow these steps.
        <alert_format>json</alert_format>
      </integration>
 
+   .. note::
+
+      You can set a JSON object with customization fields using the :ref:`options <integration_options_tag>` tag. Visit the `Slack API reference <https://api.slack.com/reference/messaging/attachments#legacy_fields>`__ for information about available customization fields.
+
 #. Restart the Wazuh manager to apply the changes.
 
    .. include:: /_templates/common/restart_manager.rst
@@ -101,8 +106,13 @@ To set up this integration, do the following.
         <name>pagerduty</name>
         <api_key>API_KEY</api_key> <!-- Replace with your PagerDuty API key -->
         <level>10</level>
+        <alert_format>json</alert_format> <!-- New mandatory parameter since v4.7.0 -->
       </integration>
 
+   .. note::
+
+      You can set a JSON object with customization fields using the :ref:`options <integration_options_tag>` tag. Visit the `PagerDuty API reference <https://developer.pagerduty.com/docs/ZG9jOjExMDI5NTgx-send-an-alert-event>`__ for information about available customization fields.
+
 #. Restart the Wazuh manager to apply the changes.
 
    .. include:: /_templates/common/restart_manager.rst
@@ -167,6 +177,10 @@ To set up this integration, do the following.
          <alert_format>json</alert_format>
       </integration>
 
+   .. note::
+
+      You can set a JSON object with customization fields using the :ref:`options <integration_options_tag>` tag. Visit the `Shuffle API reference <https://shuffler.io/docs/API>`__ for information about available customization fields.
+
 #. Restart the Wazuh manager to apply the changes.
 
    .. include:: /_templates/common/restart_manager.rst
@@ -233,4 +247,5 @@ Below, you can find an example of a configuration block in the ``ossec.conf`` fi
     <group>multiple_drops,authentication_failures</group>
     <api_key>APIKEY</api_key> <!-- Replace with your external service API key -->
     <alert_format>json</alert_format>
+    <options>{"data": "Custom data"}</options> <!-- Replace with your custom JSON object -->
   </integration>

source/user-manual/reference/ossec-conf/integration.rst

@@ -1,8 +1,8 @@
 .. Copyright (C) 2015, Wazuh, Inc.
 
 .. meta::
-  :description: Learn how to configure the manager to connect Wazuh to external APIs. Check out the options, optional filters, and configuration examples. 
-  
+  :description: Learn how to configure the manager to connect Wazuh to external APIs. Check out the options, optional filters, and configuration examples.
+
 .. _reference_ossec_integration:
 
 integration
@@ -17,18 +17,8 @@ integration
 
 This configures the manager to :ref:`connect Wazuh to external APIs <manual_integration>` and alerting tools such as Slack, PagerDuty, VirusTotal, Shuffle, and Maltiverse.
 
-Options
--------
-
-- `name`_
-- `hook_url`_
-- `api_key`_
-- `level`_
-- `rule_id`_
-- `group`_
-- `event_location`_
-- `alert_format`_
-- `max_log`_
+Integration options
+-------------------
 
 name
 ^^^^
@@ -139,6 +129,19 @@ The maximum length of an alert snippet that will be sent to the Integrator.  Lon
 
 .. note:: This option only applies if ``alert_format`` is not set to ``json``.
 
+.. _integration_options_tag:
+
+options
+^^^^^^^
+
+This overwrites the previous fields or adds customization fields according to the information provided in the JSON object.
+
++--------------------+-----------------------------------------------------------+
+| **Default value**  | n/a                                                       |
++--------------------+-----------------------------------------------------------+
+| **Allowed values** | json                                                      |
++--------------------+-----------------------------------------------------------+
+
 Configuration example
 ---------------------
 
@@ -151,12 +154,15 @@ Configuration example
     <level>10</level>
     <group>multiple_drops,authentication_failures</group>
     <alert_format>json</alert_format>
+    <options>{"pretext": "Custom Title"}</options> <!-- Replace with your custom JSON object -->
   </integration>
 
   <!-- Integration with PagerDuty -->
   <integration>
     <name>pagerduty</name>
     <api_key>API_KEY</api_key> <!-- Replace with your PagerDuty API key -->
+    <options>{"pretext": "Custom title"}</options> <!-- Replace with your custom JSON object -->
+    <alert_format>json</alert_format> <!-- With the new script this is mandatory -->
   </integration>
 
   <!-- Integration with VirusTotal -->
@@ -173,6 +179,7 @@ Configuration example
     <hook_url>http://IP:3001/api/v1/hooks/HOOK_ID</hook_url> <!-- Replace with your Shuffle hook URL -->
     <level>3</level>
     <alert_format>json</alert_format>
+    <options>{"data": {"title": "Custom title"}}</options> <!-- Replace with your custom JSON object -->
   </integration>
 
   <!-- Integration with Maltiverse -->
@@ -191,4 +198,5 @@ Configuration example
     <group>multiple_drops,authentication_failures</group>
     <api_key>APIKEY</api_key> <!-- Replace with your external service API key -->
     <alert_format>json</alert_format>
-  </integration>
+    <options>{"data": "Custom data"}</options> <!-- Replace with your custom JSON object -->
+  </integration>