MVP Data Persistence checkpoint #588

AlexRuiz7 · 2024-12-10T16:57:33Z

Checklist

Stream indices, mappings and ingest
- Ingestion of stateless events
  - alerts
  - commands
States indices, mappings and ingest
- Ingestion of stateful events
  - inventory-hardware
  - inventory-hotfixes
  - inventory-networks
  - inventory-packages
  - inventory-ports
  - inventory-processes
  - inventory-system
  - states-vulnerabilities
Agent list, mappings and ingest
- Test agent registration.
Command Manager development
- Commands are executed on the agent and its status updated in the index.
  - restart
  - set-group
  - update-group

Related issues

Testing E2E mvp agent wazuh-agent#403

The text was updated successfully, but these errors were encountered:

mcasas993 · 2025-01-06T16:09:33Z

Installation

The following vagrant environment was used:

5.zip

Dashboard

Indexer

Server

Configuration:

server:
  nodes:
   - master
  node:
    name: manager_01
    type: master
    ssl:
      key:  "/etc/wazuh-server/certs/server.key"
      cert: "/etc/wazuh-server/certs/server.cert"
      ca:  "/etc/wazuh-server/certs/server.ca"
management_api:
  host:
    - "0.0.0.0"
    - "::"
    - "::1"
  port: 55000
  ssl:
    key: "etc/wazuh-server/certs/server.key"
    cert: "etc/wazuh-server/certs/server.cert"
    use_ca: false
    ca: "etc/wazuh-server/certs/server.ca"
communications_api:
  host: "0.0.0.0"
  port: 27000
  ssl:
    key: "etc/wazuh-server/certs/server.key"
    cert: "etc/wazuh-server/certs/server.cert"
    use_ca: false
    ca: "etc/wazuh-server/certs/server.ca"
indexer:
  hosts:
    - host: "127.0.0.1"
      port: 9200
  username: "admin"
  password: "admin"
  ssl:
    use_ssl: true
    key: "/etc/wazuh-server/certs/admin-key.pem"
    certificate: "/etc/wazuh-server/certs/admin.pem"
    certificate_authorities:
      - "/etc/wazuh-server/certs/server.ca"
# engine:
#   client:
#     api_socket_path: "/run/wazuh-server/engine.socket"

Agents

Agent registration

/usr/share/wazuh-agent/bin/wazuh-agent --register-agent --url https://192.168.121.88:55000 --user wazuh --password wazuh --verification-mode none

curl -X GET "https://192.168.121.88:55000/agents" -k -H "Authorization: Bearer $TOKEN"

{
    "data": {
        "affected_items": [
            {
                "id": "8812baa1-3b66-436f-a1b3-9abcb08027bc",
                "name": "alma-agent",
                "key": "6fKZOd+Q/na8PCIGDYJwiNhIkLr9jufkw1KD4wmsNZRk5aj0Adpd5hQqTX+nANko",
                "type": "Endpoint",
                "version": "5.0.0",
                "groups": [
                    "default"
                ],
                "host": {
                    "hostname": "alma-agent",
                    "os": {
                        "name": "AlmaLinux",
                        "type": "Linux",
                        "version": "9.3 (Shamrock Pampas Cat)"
                    },
                    "ip": [
                        "192.168.121.161",
                        "fe80::5054:ff:fe91:ed3c",
                        "172.28.128.24",
                        "fe80::5054:ff:fed3:5caa"
                    ],
                    "architecture": "x86_64"
                }
            },
            {
                "id": "a975c387-05cd-4320-b80d-c288f0cfdac8",
                "name": "rhel-agent",
                "key": "MWHk3PvgYJzrtckWVr+ITXN1/mQSf+gJ7drQEYYTa3JvKk2AX6ASRLwc1pjLIzpe",
                "type": "Endpoint",
                "version": "5.0.0",
                "groups": [
                    "default"
                ],
                "last_login": "2025-01-05T19:46:57.715936+00:00",
                "status": "active",
                "host": {
                    "hostname": "rhel-agent",
                    "os": {
                        "name": "AlmaLinux",
                        "type": "Linux",
                        "version": "9.3 (Shamrock Pampas Cat)"
                    },
                    "ip": [
                        "192.168.121.54",
                        "fe80::5054:ff:febc:d81d",
                        "172.28.128.29",
                        "fe80::5054:ff:feb5:f4e5"
                    ],
                    "architecture": "x86_64"
                }
            }
        ],
        "total_affected_items": 2,
        "total_failed_items": 0,
        "failed_items": []
    },
    "message": "All selected agents information was returned",
    "error": 0
}

Agent "rhel-agent"

Configuration

agent:
  thread_count: 4
  server_url: https://192.168.121.88:27000
  retry_interval: 30s
events:
  batch_interval: 10s
  batch_size: 1000
inventory:
  enabled: true
  interval: 1h
  scan_on_start: true
  hardware: true
  system: true
  networks: true
  packages: true
  ports: true
  ports_all: true
  processes: true
  hotfixes: true
logcollector:
  enabled: true
  localfiles:
    - /var/log/auth.log
    - /tmp/test.log
  reload_interval: 1m
  file_wait: 500ms

Agent "alma-agent"

Configuration

agent:
  thread_count: 4
  server_url: https://192.168.121.88:27000
  retry_interval: 30s
  verification_mode: none # TODO: change this setting to full
events:
  batch_interval: 10s
  batch_size: 1000
inventory:
  enabled: true
  interval: 1h
  scan_on_start: true
  hardware: true
  system: true
  networks: true
  packages: true
  ports: true
  ports_all: true
  processes: true
  hotfixes: true
logcollector:
  enabled: true
  localfiles:
    - /var/log/auth.log
    - /tmp/test.log
  reload_interval: 1m
  file_wait: 500ms####

mcasas993 · 2025-01-06T17:54:53Z

Set-ups

Server

Set engine rules

git clone https://github.com/wazuh/wazuh.git
cd wazuh
pip3 install src/engine/tools/api-communication
pip3 install src/engine/tools/engine-suite
pip3 install src/engine/test/engine-test-utils

engine-router delete default
engine-clear -f
engine-clear -f

/usr/local/bin/engine-catalog -n system create decoder < ./_minimal_ruleset/d-core-wazuh-message.yml
/usr/local/bin/engine-catalog -n system create decoder < ./_minimal_ruleset/d-integratios.yml
/usr/local/bin/engine-catalog -n wazuh create decoder < ./_minimal_ruleset/d-syslog.yml
/usr/local/bin/engine-catalog -n wazuh create decoder < ./_minimal_ruleset/d-system-auth.yml
/usr/local/bin/engine-catalog -n system create filter < ./_minimal_ruleset/f-allow-all.yml
/usr/local/bin/engine-catalog -n system create output < ./_minimal_ruleset/o-file-output-integrations.yml
/usr/local/bin/engine-catalog -n system create output < ./_minimal_ruleset/o-indexer.yml/usr/local/bin/

/usr/local/bin/engine-policy create -p policy/wazuh/0
/usr/local/bin/engine-policy parent-set decoder/integrations/0
/usr/local/bin/engine-policy parent-set -n wazuh decoder/integrations/0/usr/local/bin/

/usr/local/bin/engine-policy asset-add -n system decoder/core-wazuh-message/0
/usr/local/bin/engine-policy asset-add -n system decoder/integrations/0
/usr/local/bin/engine-policy asset-add -n wazuh decoder/syslog/0
/usr/local/bin/engine-policy asset-add -n wazuh decoder/system-auth/0
/usr/local/bin/engine-policy asset-add -n system output/file-output-integrations/0
/usr/local/bin/engine-policy asset-add -n system output/indexer/0/usr/local/bin/

/usr/local/bin/engine-router add default filter/allow-all/0 100 policy/wazuh/0

minimal_ruleset.tar.gz
store.tar.gz

Disable strict mode

curl -u admin:admin -X PUT "https://localhost:9200/wazuh-alerts-5.x-0001/_mappings" -k -H 'Content-Type: application/json' -d 
'{
    "dynamic": "true"
}'

Indexer

Add the Management API credentials and IP address to the keystore

echo 'https://127.0.0.1:55000' | /usr/share/wazuh-indexer/bin/opensearch-keystore add m_api.uri
echo 'wazuh' | /usr/share/wazuh-indexer/bin/opensearch-keystore add m_api.auth.username
echo 'wazuh' | /usr/share/wazuh-indexer/bin/opensearch-keystore add m_api.auth.password
sudo chown wazuh-indexer:wazuh-indexer /etc/wazuh-indexer/opensearch.keystore

Add the Management API credentials and IP address to the keystore

On the UI Dev Tools, run:

PUT /_cluster/settings
{
 "persistent" : {
   "logger.org.opensearch.action.search" : "ERROR"
 }
}

Enable debug logs for the Wazuh Indexer Command Manager plugin

On the UI Dev Tools, run:

PUT /_cluster/settings
{
 "persistent" : {
   "logger.com.wazuh.commandmanager" : "DEBUG"
 }
}

On the terminal:

echo "" > /var/log/wazuh-indexer/wazuh-cluster.log

mcasas993 · 2025-01-07T02:38:18Z

Ingestion of stateless events

Alerts

{
        "_index": "wazuh-alerts-5.x-0001",
        "_id": "6x-iLZQBQMr1AfchpGMj",
        "_score": 1,
        "_source": {
          "agent": {
            "groups": [],
            "host": {
              "architecture": "x86_64",
              "hostname": "rhel-agent",
              "ip": [
                "192.168.121.54",
                "fe80::5054:ff:febc:d81d",
                "172.28.128.29",
                "fe80::5054:ff:feb5:f4e5"
              ],
              "os": {
                "name": "AlmaLinux",
                "type": "Linux",
                "version": "9.3 (Shamrock Pampas Cat)"
              }
            },
            "id": "a975c387-05cd-4320-b80d-c288f0cfdac8",
            "name": "rhel-agent",
            "type": "Endpoint",
            "version": "5.0.0"
          },
          "event": {
            "action": "ssh_login",
            "category": [
              "authentication",
              "session"
            ],
            "created": "2025-01-03T19:26:14.596Z",
            "dataset": "system-auth",
            "kind": "event",
            "module": "system",
            "original": "Feb 21 21:54:44 server01 sshd[1001]: Accepted publickey for user01 from 192.168.1.2 port 63673 ssh2: RSA 39:33:99:e9:a0:dc:f2:33:a3:e5:72:3b:7c:3a:56:84",
            "outcome": "success",
            "provider": "syslog",
            "start": "2025-02-21T21:54:44.000Z",
            "type": [
              "info"
            ]
          },
          "host": {
            "hostname": "server01"
          },
          "log": {
            "file": {
              "path": "/tmp/test.log"
            }
          },
          "message": "Accepted publickey for user01 from 192.168.1.2 port 63673 ssh2: RSA 39:33:99:e9:a0:dc:f2:33:a3:e5:72:3b:7c:3a:56:84",
          "process": {
            "name": "sshd",
            "pid": 1001
          },
          "related": {
            "hosts": [
              "server01"
            ],
            "ip": [
              "192.168.1.2"
            ],
            "user": [
              "user01"
            ]
          },
          "source": {
            "address": "192.168.1.2",
            "domain": "192.168.1.2",
            "ip": "192.168.1.2",
            "port": 63673
          },
          "tags": [
            "mvp"
          ],
          "user": {
            "name": "user01"
          },
          "wazuh": {
            "decoders": [
              "syslog",
              "system-auth"
            ]
          }
        }
      }

Commands

{
        "_index": ".commands",
        "_id": "0-fSPJQBVTJyC_ztRgGc",
        "_score": 1,
        "_source": {
          "agent": {
            "groups": [
              "groups000"
            ]
          },
          "@timestamp": "2025-01-06T18:13:21Z",
          "delivery_timestamp": "2025-01-06T18:13:41Z",
          "command": {
            "action": {
              "args": [
                "/path/to/executable/arg7"
              ],
              "name": "stop",
              "version": "v4"
            },
            "source": "Engine",
            "user": "user54",
            "order_id": "0efSPJQBVTJyC_ztRgGQ",
            "request_id": "0OfSPJQBVTJyC_ztRgGQ",
            "timeout": 20,
            "target": {
              "id": "target5",
              "type": "agent"
            },
            "status": "sent"
          }
        }
      }

mcasas993 · 2025-01-07T02:47:59Z

Ingestion of stateful events

Inventory-hardware

{
        "_index": "wazuh-states-inventory-hardware",
        "_id": "2ac4bc70a2eebd53d910b68199bcdcaa7eebc5af",
        "_score": 1,
        "_source": {
          "agent": {
            "id": "8812baa1-3b66-436f-a1b3-9abcb08027bc",
            "name": "alma-agent",
            "groups": [],
            "type": "Endpoint",
            "version": "5.0.0",
            "host": {
              "architecture": "x86_64",
              "hostname": "alma-agent",
              "ip": [
                "192.168.121.161",
                "fe80::5054:ff:fe91:ed3c",
                "172.28.128.24",
                "fe80::5054:ff:fed3:5caa"
              ],
              "os": {
                "name": "AlmaLinux",
                "type": "Linux",
                "version": "9.3 (Shamrock Pampas Cat)"
              }
            }
          },
          "@timestamp": "2025-01-07T02:04:49.769Z",
          "host": {
            "cpu": {
              "cores": 2,
              "name": "Intel Xeon Processor (Cooperlake)",
              "speed": 2612
            },
            "memory": {
              "free": 1651984,
              "total": 2002576,
              "used": {
                "percentage": 18
              }
            }
          },
          "observer": {
            "serial_number": " "
          }
        }
      }

Inventory-hotfixes

To generate such alerts, an agent is required on a Windows system, and 5.0.0.0 packages for Windows are not being generated at this time.

Inventory-networks

{
        "_index": "wazuh-states-inventory-networks",
        "_id": "545ad04cd895628df74d9079e2a10d7fab1fbc63",
        "_score": 1,
        "_source": {
          "agent": {
            "id": "a975c387-05cd-4320-b80d-c288f0cfdac8",
            "name": "rhel-agent",
            "groups": [],
            "type": "Endpoint",
            "version": "5.0.0",
            "host": {
              "architecture": "x86_64",
              "hostname": "rhel-agent",
              "ip": [
                "192.168.121.54",
                "fe80::5054:ff:febc:d81d",
                "172.28.128.29",
                "fe80::5054:ff:feb5:f4e5"
              ],
              "os": {
                "name": "AlmaLinux",
                "type": "Linux",
                "version": "9.3 (Shamrock Pampas Cat)"
              }
            }
          },
          "@timestamp": "2025-01-07T02:04:49.822Z",
          "host": {
            "ip": [
              "192.168.121.54"
            ],
            "mac": "52:54:00:bc:d8:1d",
            "network": {
              "egress": {
                "bytes": 2105763,
                "drops": 19279,
                "errors": 0,
                "packets": 13204
              },
              "ingress": {
                "bytes": 30171045,
                "drops": 0,
                "errors": 0,
                "packets": 32888
              }
            }
          },
          "interface": {
            "mtu": 1500,
            "state": "up",
            "type": "ethernet"
          },
          "network": {
            "broadcast": [
              "192.168.121.255"
            ],
            "dhcp": "unknown",
            "gateway": [
              "192.168.121.1"
            ],
            "metric": "100",
            "netmask": [
              "255.255.255.0"
            ],
            "protocol": "",
            "type": "ipv4"
          },
          "observer": {
            "ingress": {
              "interface": {
                "alias": "",
                "name": "eth0"
              }
            }
          }
        }
      }

Inventory-packages

{
        "_index": "wazuh-states-inventory-packages",
        "_id": "dc7379ce26a3d070e78243c100bf1e57a4a46af1",
        "_score": 1,
        "_source": {
          "agent": {
            "id": "a975c387-05cd-4320-b80d-c288f0cfdac8",
            "name": "rhel-agent",
            "groups": [],
            "type": "Endpoint",
            "version": "5.0.0",
            "host": {
              "architecture": "x86_64",
              "hostname": "rhel-agent",
              "ip": [
                "192.168.121.54",
                "fe80::5054:ff:febc:d81d",
                "172.28.128.29",
                "fe80::5054:ff:feb5:f4e5"
              ],
              "os": {
                "name": "AlmaLinux",
                "type": "Linux",
                "version": "9.3 (Shamrock Pampas Cat)"
              }
            }
          },
          "@timestamp": "2025-01-03T16:59:09.545Z",
          "package": {
            "architecture": "x86_64",
            "description": """The GNU Bourne Again shell (Bash) is a shell or command language
interpreter that is compatible with the Bourne shell (sh). Bash
incorporates useful features from the Korn shell (ksh) and the C shell
(csh). Most sh scripts can be run by bash without modification.""",
            "installed": "1704428423",
            "name": "bash",
            "path": " ",
            "size": 7738610,
            "type": "rpm",
            "version": "5.1.8-6.el9_1"
          }
        }
      }

Inventory-ports

{
        "_index": "wazuh-states-inventory-ports",
        "_id": "05097e94021f1cedfae2a40ac7897a757e827c40",
        "_score": 1,
        "_source": {
          "agent": {
            "id": "8812baa1-3b66-436f-a1b3-9abcb08027bc",
            "name": "alma-agent",
            "groups": [],
            "type": "Endpoint",
            "version": "5.0.0",
            "host": {
              "architecture": "x86_64",
              "hostname": "alma-agent",
              "ip": [
                "192.168.121.161",
                "fe80::5054:ff:fe91:ed3c",
                "172.28.128.24",
                "fe80::5054:ff:fed3:5caa"
              ],
              "os": {
                "name": "AlmaLinux",
                "type": "Linux",
                "version": "9.3 (Shamrock Pampas Cat)"
              }
            }
          },
          "@timestamp": "2025-01-07T02:04:49.769Z",
          "destination": {
            "ip": [
              "192.168.121.1"
            ],
            "port": 67
          },
          "device": {
            "id": "0fbd80dc478819324937823d50c9bf0313fc66ae"
          },
          "file": {
            "inode": 30933
          },
          "host": {
            "network": {
              "egress": {
                "queue": 0
              },
              "ingress": {
                "queue": 0
              }
            }
          },
          "interface": {
            "state": ""
          },
          "network": {
            "protocol": "udp"
          },
          "process": {
            "name": "NetworkManager",
            "pid": 679
          },
          "source": {
            "ip": [
              "192.168.121.161"
            ],
            "port": 68
          }
        }
      }

Inventory-processes

{
        "_index": "wazuh-states-inventory-processes",
        "_id": "863e159ac61bfe78b10c59752c790e89730b5583",
        "_score": 1,
        "_source": {
          "agent": {
            "id": "8812baa1-3b66-436f-a1b3-9abcb08027bc",
            "name": "alma-agent",
            "groups": [],
            "type": "Endpoint",
            "version": "5.0.0",
            "host": {
              "architecture": "x86_64",
              "hostname": "alma-agent",
              "ip": [
                "192.168.121.161",
                "fe80::5054:ff:fe91:ed3c",
                "172.28.128.24",
                "fe80::5054:ff:fed3:5caa"
              ],
              "os": {
                "name": "AlmaLinux",
                "type": "Linux",
                "version": "9.3 (Shamrock Pampas Cat)"
              }
            }
          },
          "@timestamp": "2025-01-06T16:38:27.961Z",
          "process": {
            "args": "",
            "command_line": "",
            "group": {
              "id": "root"
            },
            "name": "xfs-blockgc/vda",
            "parent": {
              "pid": 2
            },
            "pid": "616",
            "real_group": {
              "id": "root"
            },
            "real_user": {
              "id": "root"
            },
            "saved_group": {
              "id": "root"
            },
            "saved_user": {
              "id": "root"
            },
            "start": 1736181296,
            "thread": {
              "id": 616
            },
            "tty": {
              "char_device": {
                "major": 0
              }
            },
            "user": {
              "id": "root"
            }
          }
        }
      }

Inventory-system

{
        "_index": "wazuh-states-inventory-system",
        "_id": "8bf560716f017e946432e92bed6a8ab3b11be433",
        "_score": 1,
        "_source": {
          "agent": {
            "id": "8812baa1-3b66-436f-a1b3-9abcb08027bc",
            "name": "alma-agent",
            "groups": [],
            "type": "Endpoint",
            "version": "5.0.0",
            "host": {
              "architecture": "x86_64",
              "hostname": "alma-agent",
              "ip": [
                "192.168.121.161",
                "fe80::5054:ff:fe91:ed3c",
                "172.28.128.24",
                "fe80::5054:ff:fed3:5caa"
              ],
              "os": {
                "name": "AlmaLinux",
                "type": "Linux",
                "version": "9.3 (Shamrock Pampas Cat)"
              }
            }
          },
          "@timestamp": "2025-01-06T16:38:27.961Z",
          "host": {
            "architecture": "x86_64",
            "hostname": "alma-agent",
            "os": {
              "full": "",
              "kernel": "",
              "name": "AlmaLinux",
              "platform": "almalinux",
              "type": "Linux",
              "version": "9.3 (Shamrock Pampas Cat)"
            }
          }
        }
      }

States-vulnerabilities

mcasas993 · 2025-01-07T12:36:44Z

Test Commands are executed on the agent and its status updated in the index.

Restart and stop

curl -u admin:admin -X POST "https://localhost:9200/_plugins/_command_manager/commands" -k -H "Content-Type: application/json" -d '{"commands": [
    {
        "source": "Engine",
        "user": "admin",
        "target": {
            "type": "agent",
            "id": "8812baa1-3b66-436f-a1b3-9abcb08027bc"
        },
        "action": {
            "name": "restart",
            "args": [
                "/path/to/executable/arg6",
                "/path/to/executable/arg6"
            ],
            "version": "v4"
        },
        "timeout": 30
    },
    {
        "source": "Engine",
        "user": "admin",
        "target": {
            "type": "agent",
            "id": "a975c387-05cd-4320-b80d-c288f0cfdac8"
        },
        "action": {
            "name": "stop",
            "args": [
                "/path/to/executable/arg7"
            ],
            "version": "v4"
        },
        "timeout": 20
    }
]}'

The commands are executed but they not work:

Get groups

GET /groups

{
    "data": {
        "affected_items": [
            {
                "name": "test-group",
                "configSum": "65e363d76ef3e3b76f87b8eaa24cbff9"
            }
        ],
        "total_affected_items": 1,
        "total_failed_items": 0,
        "failed_items": []
    },
    "message": "All selected groups information was returned",
    "error": 0
}

Set group

curl -u admin:admin -X POST "https://localhost:9200/_plugins/_command_manager/commands" -k -H "Content-Type: application/json" -d '{"commands": [
    {
        "source": "Engine",
        "user": "admin",
        "target": {
            "type": "agent",
            "id": "8812baa1-3b66-436f-a1b3-9abcb08027bc"
        },
        "action": {
            "name": "set-group",
            "args": ["test-group"],
            "version": "v4"
        },
        "timeout": 30
    }
]}'

The agent did not change to the group that was attempted to be set up.

Update-group

curl -u admin:admin -X POST "https://localhost:9200/_plugins/_command_manager/commands" -k -H "Content-Type: application/json" -d '{"commands": [
    {
        "source": "Engine",
        "user": "admin",
        "target": {
            "type": "agent",
            "id": "8812baa1-3b66-436f-a1b3-9abcb08027bc"
        },
        "action": {
            "name": "update-group",
            "args": ["test-group"],
            "version": "v4"
        },
        "timeout": 30
    }
]}'

The agent did not change to the group that was attempted to be set up.

f-galland · 2025-01-08T11:35:10Z

The Vulnerability Detector engine is still in development for 5.0.0, so wazuh-states-vulnerabilities cannot be tested as of yet.

AlexRuiz7 added level/task Task issue type/enhancement Enhancement issue mvp Minimum Viable Product labels Dec 10, 2024

AlexRuiz7 mentioned this issue Dec 10, 2024

Data persistence model redesign wazuh/wazuh#22887

Open

25 tasks

AlexRuiz7 added type/test Test issue and removed type/enhancement Enhancement issue labels Dec 10, 2024

wazuhci added this to XDR+SIEM/Release 5.0.0 Dec 10, 2024

wazuhci moved this to Backlog in XDR+SIEM/Release 5.0.0 Dec 10, 2024

AlexRuiz7 mentioned this issue Dec 11, 2024

Data Persistence MVP refinement (II) #587

Closed

11 tasks

AlexRuiz7 assigned f-galland and mcasas993 and unassigned f-galland Dec 27, 2024

f-galland self-assigned this Dec 30, 2024

wazuhci moved this from Backlog to In progress in XDR+SIEM/Release 5.0.0 Dec 30, 2024

AlexRuiz7 closed this as completed Jan 8, 2025

wazuhci moved this from In progress to Done in XDR+SIEM/Release 5.0.0 Jan 8, 2025

AlexRuiz7 mentioned this issue Jan 9, 2025

Command manager development #349

Open

17 tasks

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

MVP Data Persistence checkpoint #588

MVP Data Persistence checkpoint #588

AlexRuiz7 commented Dec 10, 2024 •

edited

Loading

mcasas993 commented Jan 6, 2025 •

edited by AlexRuiz7

Loading

mcasas993 commented Jan 6, 2025 •

edited

Loading

mcasas993 commented Jan 7, 2025 •

edited

Loading

mcasas993 commented Jan 7, 2025 •

edited

Loading

mcasas993 commented Jan 7, 2025 •

edited

Loading

f-galland commented Jan 8, 2025 •

edited

Loading

MVP Data Persistence checkpoint #588

MVP Data Persistence checkpoint #588

Comments

AlexRuiz7 commented Dec 10, 2024 • edited Loading

Checklist

Related issues

mcasas993 commented Jan 6, 2025 • edited by AlexRuiz7 Loading

Installation

Dashboard

Indexer

Server

Configuration:

Agents

Agent registration

curl -X GET "https://192.168.121.88:55000/agents" -k -H "Authorization: Bearer $TOKEN"

Agent "rhel-agent"

Configuration

Agent "alma-agent"

Configuration

mcasas993 commented Jan 6, 2025 • edited Loading

Set-ups

Server

Set engine rules

Disable strict mode

Indexer

Add the Management API credentials and IP address to the keystore

Add the Management API credentials and IP address to the keystore

Enable debug logs for the Wazuh Indexer Command Manager plugin

mcasas993 commented Jan 7, 2025 • edited Loading

Ingestion of stateless events

Alerts

Commands

mcasas993 commented Jan 7, 2025 • edited Loading

Ingestion of stateful events

Inventory-hardware

Inventory-hotfixes

Inventory-networks

Inventory-packages

Inventory-ports

Inventory-processes

Inventory-system

States-vulnerabilities

mcasas993 commented Jan 7, 2025 • edited Loading

Test Commands are executed on the agent and its status updated in the index.

Restart and stop

Get groups

Set group

Update-group

f-galland commented Jan 8, 2025 • edited Loading

AlexRuiz7 commented Dec 10, 2024 •

edited

Loading

mcasas993 commented Jan 6, 2025 •

edited by AlexRuiz7

Loading

mcasas993 commented Jan 6, 2025 •

edited

Loading

mcasas993 commented Jan 7, 2025 •

edited

Loading

mcasas993 commented Jan 7, 2025 •

edited

Loading

mcasas993 commented Jan 7, 2025 •

edited

Loading

f-galland commented Jan 8, 2025 •

edited

Loading