diff --git a/.gitignore b/.gitignore index 877bef2..8e4a16e 100644 --- a/.gitignore +++ b/.gitignore @@ -34,3 +34,8 @@ _testmain.go # Dependency directories (remove the comment below to include it) # vendor/ + + +.vscode +.vscode/settings.json +generator/spec.yaml.old diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml old mode 100755 new mode 100644 diff --git a/.golangci.yml b/.golangci.yml old mode 100755 new mode 100644 diff --git a/.travis.yml b/.travis.yml old mode 100755 new mode 100644 diff --git a/.vscode/launch.json b/.vscode/launch.json old mode 100755 new mode 100644 diff --git a/.vscode/settings.json b/.vscode/settings.json deleted file mode 100644 index a4100eb..0000000 --- a/.vscode/settings.json +++ /dev/null @@ -1,20 +0,0 @@ -{ - "cSpell.words": [ - "authd", - "cfga", - "db", - "dbsync", - "dump", - "execd", - "header", - "mq" - ], - - "go.testEnvVars": { - "WAZUH_URL": "https://wazuh.test.internal.exanio.net:55000", - "WAZUH_USER": "autonubil.automation", - "WAZUH_PASSWORD": "T1skq!r7UolH0vMAgsDv0", - "WAZUH_INSECURE": "true" - }, - -} \ No newline at end of file diff --git a/generator/generation.md b/generator/generation.md old mode 100755 new mode 100644 diff --git a/generator/spec.yaml b/generator/spec.yaml old mode 100755 new mode 100644 diff --git a/generator/spec.yaml.old b/generator/spec.yaml.old deleted file mode 100755 index 3b1f701..0000000 --- a/generator/spec.yaml.old +++ /dev/null @@ -1,14712 +0,0 @@ ---- -openapi: '3.0.0' -info: - description: | - The Wazuh API is an open source RESTful API that allows for interaction with the Wazuh manager from a web browser, - command line tool like cURL or any script or program that can make web requests. The Wazuh WUI relies on this - heavily and Wazuh’s goal is to accommodate complete remote management of the Wazuh infrastructure via the Wazuh WUI. - Use the Wazuh API to easily perform everyday actions like adding an agent, restarting the manager(s) or agent(s) - or looking up syscheck details. - - # Authentication - - Wazuh API endpoints require authentication in order to be used. Therefore, all calls must include a JSON Web Token. - JWT is an open standard (RFC 7519) that defines a compact and self-contained way for securely transmitting - information between parties as a JSON object. Perform a call with `basicAuth` to `GET /security/user/authenticate` - and obtain a JWT token in order to run any endpoint. - - Login with USER and PASSWORD: - - `curl -u : -k -X GET "https://:55000/security/user/authenticate` - ```json - { - "data": { - "token": "" - }, - "error": 0 - } - ``` - Use the token from previous response to perform any endpoint request: - - `curl -k -X "https://:55000/" -H "Authorization: Bearer "` - - - - version: '4.0.4' - x-revision: '40011' - title: 'Wazuh API REST' - license: - name: 'GPL 2.0' - url: 'https://github.com/wazuh/wazuh/blob/4.0/LICENSE' - -servers: - - url: '{protocol}://{host}:{port}' - variables: - protocol: - default: https - enum: - - http - - https - host: - default: localhost - port: - default: '55000' - -x-rbac-catalog: - resources: - '*:*': - description: "Resource applied in functions acting on resources that do not yet exist in the system. We call these - functions, resourceless functions" - 'agent:group': - description: "Reference agents via group name (i.e. agent:group:web)" - 'agent:id': - description: "Reference agents via agent ID (i.e. agent:id:001)" - 'group:id': - description: "Reference agent groups via group ID (i.e. group:id:default)" - 'node:id': - description: "Reference cluster nodes via node ID (i.e. node:id:worker1)" - 'file:path': - description: "Reference files via its path (i.e. file:path:etc/rules/new_rule.xml)" - 'decoder:file': - description: "Reference decoder files via its path (i.e. decoder:file:0005-wazuh_decoders.xml)" - 'list:path': - description: "Reference list files via its path (i.e. list:path:etc/lists/audit-keys)" - 'rule:file': - description: "Reference rule files via its path (i.e. rule:file:0610-win-ms_logs_rules.xml)" - 'policy:id': - description: "Reference security policies via its id (i.e. policy:id:1)" - 'role:id': - description: "Reference security roles via its id (i.e. role:id:1)" - 'rule:id': - description: "Reference security rules via its id (i.e. rule:id:1)" - 'user:id': - description: "Reference security users via its id (i.e. user:id:1)" - actions: - 'active-response:command': - description: "Execute active response commands in the agents" - resources: - - $ref: '#/x-rbac-catalog/resources/agent:id' - - $ref: '#/x-rbac-catalog/resources/agent:group' - example: - actions: ['active-response:command'] - resources: ['agent:id:001', 'agent:group:atlantic'] - effect: "allow" - 'agent:create': - description: "Create new agents" - resources: - - $ref: '#/x-rbac-catalog/resources/*:*' - example: - actions: ['agent:create'] - resources: ['*:*:*'] - effect: "allow" - 'agent:read': - description: "Access agents information (id, name, group, last keep alive, etc)" - resources: - - $ref: '#/x-rbac-catalog/resources/agent:id' - - $ref: '#/x-rbac-catalog/resources/agent:group' - example: - actions: ['agent:read'] - resources: ['agent:id:*'] - effect: "allow" - 'agent:delete': - description: "Delete agents" - resources: - - $ref: '#/x-rbac-catalog/resources/agent:id' - - $ref: '#/x-rbac-catalog/resources/agent:group' - example: - actions: ['agent:delete'] - resources: ['agent:id:010', 'agent:group:pacific'] - effect: "allow" - 'agent:modify_group': - description: "Change the group of agents" - resources: - - $ref: '#/x-rbac-catalog/resources/agent:id' - - $ref: '#/x-rbac-catalog/resources/agent:group' - example: - actions: ['agent:modify_group'] - resources: ['agent:id:004', 'agent:group:us-east'] - effect: "allow" - 'group:modify_assignments': - description: "Change the agents assigned to the group" - resources: - - $ref: '#/x-rbac-catalog/resources/group:id' - example: - actions: ['group:modify_assignments'] - resources: ['group:id:*'] - effect: "allow" - 'agent:upgrade': - description: "Upgrade the version of the agents" - resources: - - $ref: '#/x-rbac-catalog/resources/agent:id' - - $ref: '#/x-rbac-catalog/resources/agent:group' - example: - actions: ['agent:upgrade'] - resources: ['agent:id:001', 'agent:group:mediterranean'] - effect: "allow" - 'agent:restart': - description: "Restart agents" - resources: - - $ref: '#/x-rbac-catalog/resources/agent:id' - - $ref: '#/x-rbac-catalog/resources/agent:group' - example: - actions: ['agent:restart'] - resources: ['agent:id:050', 'agent:id:049'] - effect: "deny" - 'group:create': - description: "Create new agent groups" - resources: - - $ref: '#/x-rbac-catalog/resources/*:*' - example: - actions: ['group:create'] - resources: ['*:*:*'] - effect: "allow" - 'group:read': - description: "Access agent groups information (id, name, agents, etc)" - resources: - - $ref: '#/x-rbac-catalog/resources/*:*' - example: - actions: ['group:create'] - resources: ['*:*:*'] - effect: "allow" - 'group:update_config': - description: "Change the configuration of agent groups" - resources: - - $ref: '#/x-rbac-catalog/resources/group:id' - example: - actions: ['group:update_config'] - resources: ['group:id:*'] - effect: "deny" - 'group:delete': - description: "Delete agent groups" - resources: - - $ref: '#/x-rbac-catalog/resources/group:id' - example: - actions: ['group:delete'] - resources: ['group:id:*'] - effect: "allow" - 'ciscat:read': - description: "Access CIS-CAT results for agents" - resources: - - $ref: '#/x-rbac-catalog/resources/agent:id' - - $ref: '#/x-rbac-catalog/resources/agent:group' - example: - actions: ['ciscat:read'] - resources: ['agent:id:001', 'agent:id:003', 'agent:group:default'] - effect: "deny" - 'cluster:read': - description: "Read Wazuh's cluster nodes configuration" - resources: - - $ref: '#/x-rbac-catalog/resources/node:id' - example: - actions: ['cluster:read'] - resources: ['node:id:worker1', 'node:id:worker3'] - effect: "deny" - 'cluster:read_api_config': - description: "Check Wazuh's cluster nodes API configuration" - resources: - - $ref: '#/x-rbac-catalog/resources/*:*' - example: - actions: ['cluster:read_api_config'] - resources: ['node:id:worker1', 'node:id:worker3'] - effect: "allow" - 'cluster:read_file': - description: "Read Wazuh's cluster nodes files" - resources: - - $ref: '#/x-rbac-catalog/resources/node:id' - - $ref: '#/x-rbac-catalog/resources/file:path' - example: - actions: ['cluster:read_file'] - resources: ['node:id:worker1', 'file:path:etc/rules/new-rules.xml'] - effect: "allow" - 'cluster:delete_file': - description: "Delete Wazuh's cluster nodes files" - resources: - - $ref: '#/x-rbac-catalog/resources/node:id' - - $ref: '#/x-rbac-catalog/resources/file:path' - example: - actions: ['cluster:delete_file'] - resources: ['node:id:worker1', 'file:path:etc/rules/new-rules.xml'] - effect: "deny" - 'cluster:upload_file': - description: "Upload files to Wazuh's cluster nodes" - resources: - - $ref: '#/x-rbac-catalog/resources/node:id' - example: - actions: ['cluster:upload_file'] - resources: ['node:id:worker1'] - effect: "allow" - 'cluster:restart': - description: "Restart Wazuh's cluster nodes" - resources: - - $ref: '#/x-rbac-catalog/resources/node:id' - example: - actions: ['cluster:restart'] - resources: ['node:id:worker1'] - effect: "allow" - 'cluster:status': - description: "Check Wazuh's cluster general status" - resources: - - $ref: '#/x-rbac-catalog/resources/*:*' - example: - actions: ['cluster:status'] - resources: ['*:*:*'] - effect: "allow" - 'manager:read': - description: "Read Wazuh manager configuration" - resources: - - $ref: '#/x-rbac-catalog/resources/*:*' - example: - actions: ['manager:read'] - resources: ['*:*:*'] - effect: "allow" - 'manager:read_api_config': - description: "Read Wazuh manager API configuration" - resources: - - $ref: '#/x-rbac-catalog/resources/*:*' - example: - actions: ['manager:read_api_config'] - resources: ['*:*:*'] - effect: "allow" - 'manager:read_file': - description: "Read Wazuh manager files" - resources: - - $ref: '#/x-rbac-catalog/resources/file:path' - example: - actions: ['manager:read_file'] - resources: ['file:path:etc/rules/new-rules.xml'] - effect: "allow" - 'manager:delete_file': - description: "Delete Wazuh manager files" - resources: - - $ref: '#/x-rbac-catalog/resources/file:path' - example: - actions: ['manager:delete_file'] - resources: ['file:path:etc/rules/new-rules.xml'] - effect: "allow" - 'manager:upload_file': - description: "Upload files to Wazuh manager" - resources: - - $ref: '#/x-rbac-catalog/resources/*:*' - example: - actions: ['manager:upload_file'] - resources: ['*:*:*'] - effect: "deny" - 'manager:restart': - description: "Restart Wazuh managers" - resources: - - $ref: '#/x-rbac-catalog/resources/*:*' - example: - actions: ['manager:restart'] - resources: ['*:*:*'] - effect: "deny" - 'mitre:read': - description: "Access attacks information from MITRE database" - resources: - - $ref: '#/x-rbac-catalog/resources/*:*' - example: - actions: ['mitre:read'] - resources: ['*:*:*'] - effect: "allow" - 'decoders:read': - description: "Read decoders files" - resources: - - $ref: '#/x-rbac-catalog/resources/decoder:file' - example: - actions: ['decoders:read'] - resources: ['decoder:file:*'] - effect: "allow" - 'lists:read': - description: "Read cdb lists files" - resources: - - $ref: '#/x-rbac-catalog/resources/list:path' - example: - actions: ['lists:read'] - resources: ['list:path:etc/lists/audit-keys'] - effect: "deny" - 'rules:read': - description: "Read rules files" - resources: - - $ref: '#/x-rbac-catalog/resources/rule:file' - example: - actions: ['rules:read'] - resources: ['rule:file:0610-win-ms_logs_rules.xml'] - effect: "allow" - 'sca:read': - description: "Access agents security configuration assessment" - resources: - - $ref: '#/x-rbac-catalog/resources/agent:id' - - $ref: '#/x-rbac-catalog/resources/agent:group' - example: - actions: ['sca:read'] - resources: ['agent:id:*'] - effect: "allow" - 'security:create': - description: "Create new system security resources" - resources: - - $ref: '#/x-rbac-catalog/resources/*:*' - example: - actions: ['security:create'] - resources: ['*:*:*'] - effect: "deny" - 'security:create_user': - description: "Create new system users" - resources: - - $ref: '#/x-rbac-catalog/resources/*:*' - example: - actions: ['security:create_user'] - resources: ['*:*:*'] - effect: "allow" - 'security:read': - description: "Access information about system security resources" - resources: - - $ref: '#/x-rbac-catalog/resources/policy:id' - - $ref: '#/x-rbac-catalog/resources/role:id' - - $ref: '#/x-rbac-catalog/resources/user:id' - - $ref: '#/x-rbac-catalog/resources/rule:id' - example: - actions: ['security:read'] - resources: ['policy:id:*', 'role:id:2', 'user:id:5', 'rule:id:3'] - effect: "allow" - 'security:update': - description: "Update the information of system security resources" - resources: - - $ref: '#/x-rbac-catalog/resources/policy:id' - - $ref: '#/x-rbac-catalog/resources/role:id' - - $ref: '#/x-rbac-catalog/resources/user:id' - - $ref: '#/x-rbac-catalog/resources/rule:id' - example: - actions: ['security:update'] - resources: ['policy:id:*', 'role:id:4', 'user:id:3', 'rule:id:4'] - effect: "deny" - 'security:delete': - description: "Delete system security resources" - resources: - - $ref: '#/x-rbac-catalog/resources/policy:id' - - $ref: '#/x-rbac-catalog/resources/role:id' - - $ref: '#/x-rbac-catalog/resources/user:id' - - $ref: '#/x-rbac-catalog/resources/rule:id' - example: - actions: ['security:update'] - resources: ['policy:id:*', 'role:id:3', 'user:id:4', 'rule:id:2'] - effect: "deny" - 'security:read_config': - description: "Read current system security configuration" - resources: - - $ref: '#/x-rbac-catalog/resources/*:*' - example: - actions: ['security:read_config'] - resources: ['*:*:*'] - effect: "allow" - 'security:update_config': - description: "Update current system security configuration" - resources: - - $ref: '#/x-rbac-catalog/resources/*:*' - example: - actions: ['security:update_config'] - resources: ['*:*:*'] - effect: "allow" - 'syscheck:read': - description: "Access information from agents syscheck database" - resources: - - $ref: '#/x-rbac-catalog/resources/agent:id' - - $ref: '#/x-rbac-catalog/resources/agent:group' - example: - actions: ['syscheck:read'] - resources: ['agent:id:011', 'agent:group:us-west'] - effect: "allow" - 'syscheck:clear': - description: "Clear the agents syscheck database" - resources: - - $ref: '#/x-rbac-catalog/resources/agent:id' - - $ref: '#/x-rbac-catalog/resources/agent:group' - example: - actions: ['syscheck:clear'] - resources: ['agent:id:*'] - effect: "deny" - 'syscheck:run': - description: "Run agents syscheck scan" - resources: - - $ref: '#/x-rbac-catalog/resources/agent:id' - - $ref: '#/x-rbac-catalog/resources/agent:group' - example: - actions: ['syscheck:run'] - resources: ['agent:id:*'] - effect: "allow" - 'syscollector:read': - description: "Access agents syscollector information" - resources: - - $ref: '#/x-rbac-catalog/resources/agent:id' - - $ref: '#/x-rbac-catalog/resources/agent:group' - example: - actions: ['syscollector:read'] - resources: ['agent:id:*'] - effect: "allow" - -components: - responses: - ResponseError: - description: "Response to report a bad request" - content: - application/json: - schema: - $ref: '#/components/schemas/RequestError' - example: - title: "Bad Request" - detail: "'{invalid_param}' is not a '{expected_type}'. Failed validating 'format' in schema['items']: - {'description': '{parameter_name}', 'format': '{expected_format}', 'minLength': {expected_length}, 'type': - '{expected_type}', 'x-scope': ['', '#/components/parameters/{parameter_name}']}" - - PermissionDeniedResponse: - description: "Response to report a permission denied request" - content: - application/json: - schema: - $ref: '#/components/schemas/ApiError' - example: - title: "Permission Denied" - detail: "Permission denied: Resource type: *:*" - remediation: "Please, make sure you have permissions to execute the current request. For more information - on how to set up permissions, please visit - https://documentation.wazuh.com/4.0/user-manual/api/rbac/configuration.html" - error: 4000 - dapi_errors: - unknown-node: - error: "Permission denied: Resource type: *:*" - - UnauthorizedResponse: - description: "Response to report an unauthorized request" - content: - application/json: - schema: - $ref: '#/components/schemas/RequestError' - example: - title: "Unauthorized" - detail: "No authorization token provided" - - InvalidCredentialsResponse: - description: "Response to report a problem with authentication" - content: - application/json: - schema: - $ref: '#/components/schemas/RequestError' - example: - title: "Unauthorized" - detail: "Invalid credentials" - - InvalidHTTPMethodResponse: - description: "Response to report an invalid HTTP method" - content: - application/json: - schema: - $ref: '#/components/schemas/RequestError' - example: - title: "Method Not Allowed" - detail: "Specified method is invalid for this resource" - - WrongContentTypeResponse: - description: "Response to report an invalid content-type" - content: - application/json: - schema: - $ref: '#/components/schemas/RequestError' - example: - title: "Wazuh Error" - detail: "The body type is not the one specified in the content-type" - error: 6002 - - RequestTooLargeResponse: - description: "Maximum request body size exceeded" - content: - application/json: - schema: - $ref: '#/components/schemas/RequestError' - example: - title: "Request Entity Too Large" - detail: "Maximum request body size 1048576 exceeded, actual body size 1225245" - - TooManyRequestsResponse: - description: "Maximum number of request per minute reached" - content: - application/json: - schema: - $ref: '#/components/schemas/RequestError' - example: - title: "Wazuh Error" - detail: "Maximum number of request per minute reached" - remediation: "This limit can be changed in security.yaml file. More information here: - https://documentation.wazuh.com/4.0/user-manual/api/security/configuration.html" - code: 6001 - - ResourceNotFoundResponse: - description: "Resource not found" - content: - application/json: - schema: - $ref: '#/components/schemas/ApiError' - example: - title: "Resource Not Found" - detail: "The group does not exist" - remediation: "Please, use `GET /groups` to find all available groups: - https://documentation.wazuh.com/4.0/user-manual/api/rbac/configuration.html" - code: 1710 - dapi_errors: - unknown-node: - error: "The group does not exist" - - schemas: - ## Common models - ApiResponse: - type: object - properties: - message: - type: string - description: "Human readable description to explain the result of the request" - - SimpleApiError: - type: object - required: - - error - properties: - error: - type: object - additionalProperties: - properties: - code: - type: integer - format: int32 - message: - type: string - remediation: - type: string - id: - type: array - items: - oneOf: - - type: string - - type: integer - - ApiError: - type: object - required: - - title - - detail - nullable: true - properties: - title: - type: string - detail: - type: string - instance: - type: string - format: uri - code: - type: integer - format: int32 - remediation: - type: string - dapi_errors: - type: object - additionalProperties: - type: object - properties: - error: - type: string - logfile: - type: string - format: path - - RequestError: - type: object - required: - - title - - detail - nullable: true - properties: - title: - type: string - detail: - type: string - error: - type: integer - format: int32 - - ScanIdTime: - type: object - properties: - id: - type: integer - format: int64 - description: "Scan ID" - time: - type: string - format: date-time - description: "Date when the scan was performed" - - ItemAffected: - type: object - required: - - affected_items - properties: - affected_items: - type: array - description: "Items that successfully applied the API call action" - items: - oneOf: - - type: string - - type: object - - AllItemsResponse: - type: object - required: - - total_affected_items - - failed_items - - total_failed_items - properties: - total_affected_items: - type: integer - format: int32 - description: "Number of items that have successfully applied the requested operation" - failed_items: - type: array - description: "List of items that have failed applying the requested operation" - items: - $ref: '#/components/schemas/SimpleApiError' - total_failed_items: - type: integer - format: int32 - description: "Number of items that have failed applying the requested operation" - - AllItemsResponseAgents: - allOf: - - $ref: '#/components/schemas/AllItemsResponse' - - type: object - required: - - affected_items - properties: - affected_items: - type: array - description: "Items that successfully applied the API call action" - items: - $ref: '#/components/schemas/Agent' - - AllItemsResponseAgentsDistinct: - allOf: - - $ref: '#/components/schemas/AllItemsResponse' - - type: object - required: - - affected_items - properties: - affected_items: - type: array - description: "Items that successfully applied the API call action" - items: - $ref: '#/components/schemas/AgentDistinct' - - AllItemsResponseGroups: - allOf: - - type: object - required: - - affected_items - properties: - affected_items: - type: array - description: "Items that successfully applied the API call action" - items: - $ref: '#/components/schemas/AgentGroup' - - $ref: '#/components/schemas/AllItemsResponse' - - AllItemsResponseAgentIDs: - allOf: - - type: object - required: - - affected_items - properties: - affected_items: - type: array - description: "Items that successfully applied the API call action" - items: - $ref: '#/components/schemas/AgentID' - - $ref: '#/components/schemas/AllItemsResponse' - - AllItemsResponseNodeIDs: - allOf: - - type: object - required: - - affected_items - properties: - affected_items: - type: array - description: "Items that successfully applied the API call action" - items: - $ref: '#/components/schemas/NodeID' - - $ref: '#/components/schemas/AllItemsResponse' - - AllItemsResponseNodeHealthcheck: - allOf: - - type: object - required: - - affected_items - properties: - affected_items: - type: array - description: "Items that successfully applied the API call action" - items: - $ref: '#/components/schemas/NodeHealthcheck' - - $ref: '#/components/schemas/AllItemsResponse' - - AllItemsResponseGroupIDs: - allOf: - - type: object - required: - - affected_items - properties: - affected_items: - type: array - description: "Items that successfully applied the API call action" - items: - $ref: '#/components/schemas/GroupID' - - $ref: '#/components/schemas/AllItemsResponse' - - AllItemsResponseAgentsSimple: - allOf: - - $ref: '#/components/schemas/AllItemsResponse' - - type: object - required: - - affected_items - properties: - affected_items: - type: array - description: "Items that successfully applied the API call action" - items: - $ref: '#/components/schemas/AgentSimple' - - AllItemsResponseAgentsSynced: - allOf: - - $ref: '#/components/schemas/AllItemsResponse' - - type: object - required: - - affected_items - properties: - affected_items: - type: array - description: "Items that successfully applied the API call action" - items: - $ref: '#/components/schemas/AgentSynced' - - AllItemsResponseAgentsKeys: - allOf: - - $ref: '#/components/schemas/AllItemsResponse' - - type: object - required: - - affected_items - properties: - affected_items: - type: array - description: "Items that successfully applied the API call action" - items: - $ref: '#/components/schemas/AgentIdKey' - - AllItemsResponseRules: - allOf: - - $ref: '#/components/schemas/AllItemsResponse' - - type: object - required: - - affected_items - properties: - affected_items: - type: array - description: "Items that successfully applied the API call action" - items: - $ref: '#/components/schemas/Rule' - - AllItemsResponseRulesFiles: - allOf: - - $ref: '#/components/schemas/AllItemsResponse' - - type: object - required: - - affected_items - properties: - affected_items: - type: array - description: "Items that successfully applied the API call action" - items: - $ref: '#/components/schemas/RuleFile' - - AllItemsResponseDecoders: - allOf: - - $ref: '#/components/schemas/AllItemsResponse' - - type: object - required: - - affected_items - properties: - affected_items: - type: array - description: "Items that successfully applied the API call action" - items: - $ref: '#/components/schemas/Decoder' - - AllItemsResponseDecodersFiles: - allOf: - - $ref: '#/components/schemas/AllItemsResponse' - - type: object - required: - - affected_items - properties: - affected_items: - type: array - description: "Items that successfully applied the API call action" - items: - $ref: '#/components/schemas/DecoderFile' - - AllItemsResponseLists: - allOf: - - $ref: '#/components/schemas/AllItemsResponse' - - type: object - required: - - affected_items - properties: - affected_items: - type: array - description: "Items that successfully applied the API call action" - items: - $ref: '#/components/schemas/CDBList' - - AllItemsResponseListsFiles: - allOf: - - $ref: '#/components/schemas/AllItemsResponse' - - type: object - required: - - affected_items - properties: - affected_items: - type: array - description: "Items that successfully applied the API call action" - items: - $ref: '#/components/schemas/CDBListFile' - - AllItemsResponseRoles: - allOf: - - $ref: '#/components/schemas/AllItemsResponse' - - type: object - required: - - affected_items - properties: - affected_items: - type: array - description: "Items that successfully applied the API call action" - items: - $ref: '#/components/schemas/RolesResponse' - - AllItemsResponsePolicies: - allOf: - - $ref: '#/components/schemas/AllItemsResponse' - - type: object - required: - - affected_items - properties: - affected_items: - type: array - description: "Items that successfully applied the API call action" - items: - oneOf: - - $ref: '#/components/schemas/PoliciesResponse' - - type: integer - - AllItemsResponseSyscollectorHardware: - allOf: - - $ref: '#/components/schemas/AllItemsResponse' - - type: object - required: - - affected_items - properties: - affected_items: - type: array - description: "Items that successfully applied the API call action" - items: - $ref: '#/components/schemas/SyscollectorHardware' - - AllItemsResponseSyscollectorHotfixes: - allOf: - - $ref: '#/components/schemas/AllItemsResponse' - - type: object - required: - - affected_items - properties: - affected_items: - type: array - description: "Items that successfully applied the API call action" - items: - $ref: '#/components/schemas/SyscollectorHotfix' - - AllItemsResponseSyscollectorInterface: - allOf: - - $ref: '#/components/schemas/AllItemsResponse' - - type: object - required: - - affected_items - properties: - affected_items: - type: array - description: "Items that successfully applied the API call action" - items: - $ref: '#/components/schemas/SyscollectorInterface' - - AllItemsResponseSyscollectorOS: - allOf: - - $ref: '#/components/schemas/AllItemsResponse' - - type: object - required: - - affected_items - properties: - affected_items: - type: array - description: "Items that successfully applied the API call action" - items: - $ref: '#/components/schemas/SyscollectorOS' - - AllItemsResponseSyscollectorPackages: - allOf: - - $ref: '#/components/schemas/AllItemsResponse' - - type: object - required: - - affected_items - properties: - affected_items: - type: array - description: "Items that successfully applied the API call action" - items: - $ref: '#/components/schemas/SyscollectorPackages' - - AllItemsResponseSyscollectorPorts: - allOf: - - $ref: '#/components/schemas/AllItemsResponse' - - type: object - required: - - affected_items - properties: - affected_items: - type: array - description: "Items that successfully applied the API call action" - items: - $ref: '#/components/schemas/SyscollectorPorts' - - AllItemsResponseSyscollectorProcesses: - allOf: - - $ref: '#/components/schemas/AllItemsResponse' - - type: object - required: - - affected_items - properties: - affected_items: - type: array - description: "Items that successfully applied the API call action" - items: - $ref: '#/components/schemas/SyscollectorProcess' - - AllItemsResponseSyscollectorProtocol: - allOf: - - $ref: '#/components/schemas/AllItemsResponse' - - type: object - required: - - affected_items - properties: - affected_items: - type: array - description: "Items that successfully applied the API call action" - items: - $ref: '#/components/schemas/SyscollectorProtocol' - - AllItemsResponseSyscollectorNetwork: - allOf: - - $ref: '#/components/schemas/AllItemsResponse' - - type: object - required: - - affected_items - properties: - affected_items: - type: array - description: "Items that successfully applied the API call action" - items: - $ref: '#/components/schemas/SyscollectorNetwork' - - AllItemsResponseUsers: - allOf: - - $ref: '#/components/schemas/AllItemsResponse' - - type: object - required: - - affected_items - properties: - affected_items: - type: array - description: "Items that successfully applied the API call action" - items: - $ref: '#/components/schemas/UsersResponse' - - AllItemsResponseCiscatResult: - allOf: - - $ref: '#/components/schemas/AllItemsResponse' - - type: object - required: - - affected_items - properties: - affected_items: - type: array - description: "Items that successfully applied the API call action" - items: - $ref: '#/components/schemas/CiscatResults' - - AllItemsResponseSyscheckResult: - allOf: - - $ref: '#/components/schemas/AllItemsResponse' - - type: object - required: - - affected_items - properties: - affected_items: - type: array - description: "Items that successfully applied the API call action" - items: - $ref: '#/components/schemas/SyscheckDatabase' - - AllItemsResponseSyscheckLastScan: - allOf: - - $ref: '#/components/schemas/AllItemsResponse' - - type: object - required: - - affected_items - properties: - affected_items: - type: array - description: "Items that successfully applied the API call action" - items: - $ref: '#/components/schemas/LastScan' - - AllItemsResponseSCADatabase: - allOf: - - $ref: '#/components/schemas/AllItemsResponse' - - type: object - required: - - affected_items - properties: - affected_items: - type: array - description: "Items that successfully applied the API call action" - items: - $ref: '#/components/schemas/SCADatabase' - - AllItemsResponseSCAChecks: - allOf: - - $ref: '#/components/schemas/AllItemsResponse' - - type: object - required: - - affected_items - properties: - affected_items: - type: array - description: "Items that successfully applied the API call action" - items: - $ref: '#/components/schemas/SCAChecks' - - AllItemsResponseClusterNodes: - allOf: - - $ref: '#/components/schemas/AllItemsResponse' - - type: object - required: - - affected_items - properties: - affected_items: - type: array - description: "Items that successfully applied the API call action" - items: - $ref: '#/components/schemas/ClusterNode' - - AllItemsResponseWazuhLogs: - allOf: - - $ref: '#/components/schemas/AllItemsResponse' - - type: object - required: - - affected_items - properties: - affected_items: - type: array - description: "Items that successfully applied the API call action" - items: - $ref: '#/components/schemas/WazuhLogs' - - AllItemsResponseValidationStatus: - allOf: - - $ref: '#/components/schemas/AllItemsResponse' - - type: object - required: - - affected_items - properties: - affected_items: - type: array - description: "Items that successfully applied the API call action" - items: - $ref: '#/components/schemas/ValidationStatus' - - AllItemsResponseWazuhStats: - allOf: - - type: object - required: - - affected_items - properties: - affected_items: - type: array - description: "Items that successfully applied the API call action" - items: - anyOf: - - $ref: '#/components/schemas/WazuhStats' - - $ref: '#/components/schemas/WazuhHourlyStats' - - $ref: '#/components/schemas/WazuhWeeklyStats' - - $ref: '#/components/schemas/WazuhAnalysisdStats' - - $ref: '#/components/schemas/WazuhRemotedStats' - - $ref: '#/components/schemas/AllItemsResponse' - - BasicInfo: - type: object - properties: - title: - type: string - description: "API title name" - api_version: - type: string - description: "API version in the manager" - revision: - type: integer - description: "API revision" - format: int32 - license_name: - type: string - description: "API license name" - license_url: - type: string - description: "API license url" - hostname: - type: string - description: "Server hostname" - timestamp: - type: string - - ## Ruleset models - - RulesetFile: - type: object - properties: - filename: - type: string - description: "Name of the file" - relative_dirname: - type: string - format: paths - description: "Folder path where the file is located. This path is relative to the Wazuh installation path" - - RulesetStatus: - type: object - properties: - status: - type: string - description: "Whether the specified ruleset file is enabled or disabled in Wazuh manager configuration" - enum: - - enabled - - disabled - - ## Active-response models - ActiveResponseBody: - type: object - properties: - arguments: - description: "Command arguments" - type: array - items: - type: string - command: - description: "Command running in the agent. If this value starts by `!`, then it refers to a script name - instead of a command name" - type: string - custom: - description: "Whether the specified command is a custom command or not" - type: boolean - default: false - required: - - command - - ## Agents models - ExtraAgentFields: - type: object - properties: - status: - $ref: '#/components/schemas/AgentStatus' - configSum: - type: string - description: "MD5 checksum of the group configuration file (agent.conf)" - group: - type: array - description: "List of groups the agent belongs to" - items: - type: string - mergedSum: - type: string - description: "MD5 checksum of all group shared files merged in a single one (merged.mg)" - ip: - type: string - description: "IP where the agent communicates with the manager. If the manager can't get this information, it - will be the same as registerIP field" - registerIP: - type: string - description: "IP used at agent registration process" - manager: - type: string - description: "Hostname of the manager where the agent is reporting to" - node_name: - type: string - description: "Node ID where the agent is reporting to" - dateAdd: - type: string - description: "Date when the agent was registered" - lastKeepAlive: - type: string - description: "Date when the last keepalive was received from the agent" - os: - type: object - properties: - major: - type: string - name: - type: string - uname: - type: string - platform: - type: string - version: - type: string - codename: - type: string - arch: - type: string - minor: - type: string - description: "Agent OS information" - - Agent: - allOf: - - $ref: '#/components/schemas/AgentSimple' - - $ref: '#/components/schemas/ExtraAgentFields' - - AgentGroup: - type: object - required: - - count - - name - - configSum - properties: - count: - type: integer - minimum: 0 - description: "Number of agents belonging to that group" - name: - type: string - mergedSum: - type: string - format: hash - description: "MD5 checksum of all group shared files merged in a single one (merged.mg)" - configSum: - type: string - format: hash - description: "MD5 checksum of the group configuration file (agent.conf)" - - AgentGroupDeleted: - type: object - required: - - affected_agents - properties: - affected_agents: - type: array - description: "List of agents which belonged to the group and might have been reassigned to group default" - items: - $ref: '#/components/schemas/AgentID' - - AgentIdKey: - type: object - required: - - id - - key - properties: - id: - $ref: '#/components/schemas/AgentID' - key: - type: string - format: base64 - - AgentSimple: - type: object - properties: - version: - type: string - description: "Wazuh version the agent has installed" - id: - $ref: '#/components/schemas/AgentID' - name: - type: string - description: "Agent name used at registration process" - - AgentStatus: - type: string - enum: - - active - - pending - - never_connected - - disconnected - description: "Agent status. It is calculated based on the last keepalive and the Wazuh version" - - AgentsSummaryStatus: - type: object - properties: - total: - type: integer - format: int32 - active: - type: integer - format: int32 - disconnected: - type: integer - format: int32 - never_connected: - type: integer - format: int32 - pending: - type: integer - format: int32 - - AgentDistinct: - allOf: - - $ref: '#/components/schemas/AgentSimple' - - $ref: '#/components/schemas/ExtraAgentFields' - - type: object - properties: - count: - type: integer - format: int32 - description: "Number of agents with the specified unique fields" - - AgentSynced: - type: object - properties: - id: - type: string - description: "Agent ID" - synced: - type: boolean - description: "Sync info" - - AgentID: - type: string - minLength: 3 - description: "Agent ID" - format: numbers - - AgentID_DELETE: - type: string - minLength: 3 - description: "Agent ID|all" - format: numbers_delete - - NodeID: - type: string - description: "Node ID" - format: string - - GroupID: - type: string - description: "Group name" - format: group_names - - GroupID_DELETE: - type: string - minLength: 1 - description: "Group name|all" - format: group_names_delete - - AgentConfiguration: - type: object - description: "Current agent's configuration. The output varies with requested component and the agent - configuration" - - GroupConfiguration: - type: object - required: - - filters - - config - properties: - filters: - type: object - properties: - os: - type: string - description: "OS family where the configuration is being applied" - name: - type: string - description: "The name of the agent where that configuration is being applied" - profile: - type: string - description: "Profile name. Any agent configured to use the defined profile may use the block" - config: - type: object - description: "Group configuration. The fields on this object depend on the actual group configuration" - - ## CisCat models - CiscatResults: - type: object - properties: - benchmark: - type: string - description: "CIS-CAT benchmark where the profile is defined" - error: - type: integer - format: int32 - description: "Number of checks that CIS-CAT was not able to run" - fail: - type: integer - format: int32 - description: "Number of failed checks. If this number is higher than 0 the host will probably have a - vulnerability" - notchecked: - type: integer - format: int32 - description: "Number of not passed checks" - pass: - type: integer - format: int32 - description: "Number of passed checks" - profile: - type: string - description: "CIS-CAT profile scanned" - scan: - $ref: '#/components/schemas/ScanIdTime' - score: - type: integer - format: int32 - description: "Percentage of passed checks" - unknown: - type: integer - format: int32 - description: "Number of checks which status CIS-CAT was not able to determine" - - ## Cluster models - ClusterNodeBasic: - type: object - properties: - type: - type: string - enum: - - worker - - master - description: "Node type" - version: - type: string - format: \d+\.\d+\.\d+ - description: "Wazuh version installed in the node" - ip: - type: string - description: "IP the node is using to communicate with other nodes in the cluster" - - ClusterNodeName: - type: string - description: "Node ID" - - ClusterNode: - allOf: - - $ref: '#/components/schemas/ClusterNodeBasic' - - type: object - properties: - name: - $ref: '#/components/schemas/ClusterNodeName' - - NodeHealthcheck: - type: object - properties: - name: - type: object - properties: - info: - type: object - properties: - name: - $ref: '#/components/schemas/ClusterNodeName' - info: - allOf: - - $ref: '#/components/schemas/ClusterNodeBasic' - - type: object - properties: - totalActiveAgents: - type: integer - format: int32 - minimum: 0 - description: "Number of agents currently reporting to that node" - status: - type: object - properties: - last_keep_alive: - type: string - last_sync_agent_groups: - type: object - properties: - date_start_master: - type: string - date_end_master: - type: string - total_agentgroups: - type: integer - format: int32 - last_sync_agentinfo: - type: object - properties: - date_start_master: - type: string - date_end_master: - type: string - total_agentinfo: - type: integer - format: int32 - last_sync_integrity: - type: object - properties: - date_start_master: - type: string - date_end_master: - type: string - total_files: - type: object - properties: - extra: - type: integer - format: int32 - extra_valid: - type: integer - format: int32 - missing: - type: integer - format: int32 - shared: - type: integer - format: int32 - sync_agentinfo_free: - type: boolean - sync_extravalid_free: - type: boolean - sync_integrity_free: - type: boolean - - DaemonStatus: - type: string - enum: - - stopped - - running - - # Security models - Role_id: - type: string - format: numbers - description: "Role ID" - Role_id_DELETE: - type: string - description: "Role ID|all" - format: numbers_delete - Security_rule_id: - type: string - format: numbers - description: "Security rule ID" - Security_rule_id_DELETE: - type: string - format: numbers_delete - description: "Security rule ID|all" - Policy_id: - type: string - format: numbers - description: "Policy ID" - Policy_id_DELETE: - type: string - description: "Policy ID|all" - format: numbers_delete - User_id: - type: string - format: numbers - description: "User ID" - User_id_DELETE: - type: string - format: numbers_delete - description: "User ID|all" - PoliciesRequest: - type: object - required: - - name - - policy - properties: - name: - description: "Policy name" - type: string - maxLength: 64 - format: names - policy: - description: "New policy definition" - type: object - properties: - actions: - type: array - description: "Actions to perform" - items: - type: string - resources: - type: array - description: "Resources to apply the actions on" - items: - type: string - effect: - type: string - description: "Effect of the policy" - required: - - actions - - resources - - effect - PoliciesRequest_no_required: - type: object - properties: - name: - description: "Policy name" - type: string - maxLength: 64 - format: names - policy: - description: "New policy definition" - type: object - properties: - actions: - type: array - description: "Actions to perform" - items: - type: string - resources: - type: array - description: "Resources to apply the actions on" - items: - type: string - effect: - type: string - description: "Effect of the policy" - required: - - actions - - resources - - effect - PoliciesResponse: - type: object - properties: - id: - description: "Policy id" - type: integer - name: - description: "Policy name" - type: string - policy: - description: "New policy definition" - type: object - properties: - actions: - type: array - description: "Actions to perform" - items: - type: string - resources: - type: array - description: "Resources to apply the actions on" - items: - type: string - effect: - type: string - description: "Effect of the policy" - RolesResponse: - type: object - properties: - id: - type: integer - description: "Role id" - name: - type: string - description: "Role name" - rule: - type: object - description: "Role rule" - RolesRequest: - type: object - required: - - name - properties: - name: - type: string - description: "Role name" - maxLength: 64 - format: names - RolesRequest_no_required: - type: object - properties: - name: - type: string - description: "Role name" - maxLength: 64 - format: names - SecurityRulesRequest: - type: object - required: - - name - - rule - properties: - name: - type: string - description: "Rule name" - maxLength: 64 - format: names - rule: - type: object - description: "Rule body" - SecurityRulesRequest_no_required: - type: object - properties: - name: - type: string - description: "Rule name" - maxLength: 64 - format: names - rule: - type: object - description: "Rule body" - UsersResponse: - type: object - properties: - id: - type: integer - description: "User's id" - username: - type: string - allow_run_as: - type: boolean - description: "Flag to enable the user to log in using authorization context" - roles: - type: array - description: "User's roles" - Token: - type: object - properties: - token: - type: string - description: "User's JWT token" - - # Cluster and manager models - WazuhDaemonsStatus: - type: object - properties: - ossec-agentlessd: - $ref: '#/components/schemas/DaemonStatus' - ossec-analysisd: - $ref: '#/components/schemas/DaemonStatus' - ossec-authd: - $ref: '#/components/schemas/DaemonStatus' - ossec-csyslogd: - $ref: '#/components/schemas/DaemonStatus' - ossec-dbd: - $ref: '#/components/schemas/DaemonStatus' - ossec-execd: - $ref: '#/components/schemas/DaemonStatus' - ossec-integratord: - $ref: '#/components/schemas/DaemonStatus' - ossec-logcollector: - $ref: '#/components/schemas/DaemonStatus' - ossec-maild: - $ref: '#/components/schemas/DaemonStatus' - ossec-monitord: - $ref: '#/components/schemas/DaemonStatus' - ossec-remoted: - $ref: '#/components/schemas/DaemonStatus' - ossec-reportd: - $ref: '#/components/schemas/DaemonStatus' - ossec-syscheckd: - $ref: '#/components/schemas/DaemonStatus' - wazuh-apid: - $ref: '#/components/schemas/DaemonStatus' - wazuh-clusterd: - $ref: '#/components/schemas/DaemonStatus' - wazuh-db: - $ref: '#/components/schemas/DaemonStatus' - wazuh-modulesd: - $ref: '#/components/schemas/DaemonStatus' - - WazuhInfo: - type: object - properties: - path: - type: string - format: paths - description: "Wazuh installation path" - version: - type: string - description: "Wazuh version" - compilation_date: - type: string - format: date-time - type: - type: string - description: "Wazuh installation type" - enum: - - server - - local - - hybrid - max_agents: - type: string - minimum: 0 - description: "Maximum number of agents that can be registered. This variable is defined at compilation time" - openssl_support: - type: string - ruleset_version: - type: string - tz_offset: - type: string - tz_name: - type: string - - WazuhMangerConfiguration: - type: object - properties: - active-response: - type: array - items: - type: object - agentless: - type: array - items: - type: object - alerts: - type: object - auth: - type: object - cluster: - type: object - command: - type: array - items: - type: object - database_output: - type: object - email_alerts: - type: object - gcp-pubsub: - type: object - global: - type: object - integration: - type: array - items: - type: object - labels: - type: object - localfile: - type: array - items: - type: object - logging: - type: object - remote: - type: array - items: - type: object - reports: - type: object - rootcheck: - type: object - ruleset: - type: object - sca: - type: object - socket: - type: object - syscheck: - type: object - syslog_output: - type: array - items: - type: object - - #Wodle sections inside WazuhConfiguration(ossec.conf) - agent-key-polling: - type: object - aws-s3: - type: object - azure-logs: - type: object - cis-cat: - type: object - docker-listener: - type: object - open-scap: - type: object - osquery: - type: object - syscollector: - type: object - - WazuhStats: - type: object - items: - type: object - properties: - alerts: - type: array - items: - type: object - properties: - sigid: - type: integer - format: int32 - description: "Rule ID that matched the event" - level: - type: integer - format: int32 - minimum: 0 - maximum: 15 - description: "Alert level" - times: - type: integer - format: int32 - description: "Number of times the alert was raised during the specified hour" - events: - type: integer - format: int32 - description: "Number of events processed during the specified hour" - firewall: - type: integer - format: int32 - description: "Number of firewall alerts raised during the specified hour" - hour: - type: integer - format: int32 - description: "Hour of the day in 24h format" - syscheck: - type: integer - format: int32 - description: "Number of syscheck alerts raised during the specified hour" - totalAlerts: - type: integer - format: int32 - description: "Number of alerts raised during the specified hour" - - WazuhHourlyStats: - type: object - properties: - averages: - type: array - maxLength: 24 - minLength: 24 - description: "Array containing the number of alerts for every hour" - items: - type: integer - interactions: - type: integer - format: int32 - - WazuhWeeklyStats: - type: object - properties: - Sun: - $ref: '#/components/schemas/WazuhHourlyStats' - Mon: - $ref: '#/components/schemas/WazuhHourlyStats' - Tue: - $ref: '#/components/schemas/WazuhHourlyStats' - Wed: - $ref: '#/components/schemas/WazuhHourlyStats' - Thu: - $ref: '#/components/schemas/WazuhHourlyStats' - Fri: - $ref: '#/components/schemas/WazuhHourlyStats' - Sat: - $ref: '#/components/schemas/WazuhHourlyStats' - - WazuhAnalysisdStats: - type: object - properties: - alerts_queue_size: - type: number - format: float - description: "Pending to write in disk alerts queue size" - alerts_queue_usage: - type: number - format: float - description: "If an event matches a rule, an alert is raised. The alerts are pushed to a _pending to write in - disk alerts_ queue. This variable shows usage of that queue" - alerts_written: - type: number - format: float - description: "Total of alerts written in disk during the last 5 seconds" - archives_queue_size: - type: number - format: float - description: "_Events to write in the archives.log_ queue size" - archives_queue_usage: - type: number - format: float - description: "_Events to write in the archives.log_ queue usage" - event_queue_size: - type: number - format: float - description: "Non catalogued events queue size" - event_queue_usage: - type: number - format: float - description: "Same as `syscheck_queue_usage` but for events not catalogued in any of the previously mentioned - queues" - events_dropped: - type: number - format: float - description: "Discarded events because they didn't match any rule in the ruleset" - events_edps: - type: number - format: float - description: "Same as `events_processed` but per second" - events_processed: - type: number - format: float - description: "Total of events processed (i.e. matched against Wazuh ruleset) in the last 5 seconds" - events_received: - type: number - format: float - description: "Events received in `analysisd` from the rest of modules in the last 5 seconds" - firewall_queue_size: - type: number - format: float - description: "_Events to write in the firewall log_ queue size" - firewall_queue_usage: - type: number - format: float - description: "Percentage of use in the queue of events to write in the firewall log" - firewall_written: - type: number - format: float - description: "Same as `alerts_written` but focusing in firewall alerts" - fts_written: - type: number - format: float - description: "Same as `alerts_written` but focusing in [FTS alerts] - (https://documentation.wazuh.com/4.0/user-manual/ruleset/ruleset-xml-syntax/decoders.html?highlight=fts - #fts)" - hostinfo_edps: - type: number - format: float - description: "Hostinfo events decoded per second" - hostinfo_events_decoded: - type: number - format: float - description: "Same as `total_events_decoded` but for hostinfo events" - hostinfo_queue_size: - type: number - format: float - description: "Hostinfo events queue size" - hostinfo_queue_usage: - type: number - format: float - description: "Same as `syscheck_queue_usage` but for hostinfo events" - other_events_decoded: - type: number - format: float - description: "Same as `total_events_decoded` but for non catalogued events" - other_events_edps: - type: number - format: float - description: "Non catalogued events decoded per second" - rootcheck_edps: - type: number - format: float - description: "Rootcheck events decoded per second" - rootcheck_events_decoded: - type: number - format: float - description: "Same as `total_events_decoded` but for rootcheck events" - rootcheck_queue_size: - type: number - format: float - description: "Rootcheck events queue size" - rootcheck_queue_usage: - type: number - format: float - description: "Same as `syscheck_queue_usage` but for rootcheck events" - rule_matching_queue_size: - type: number - format: float - description: "Pending to process events queue size" - rule_matching_queue_usage: - type: number - format: float - description: "After decoding, events are pushed to a _pending to process_ queue which will match the events - against the Wazuh ruleset to raise alerts. This variable shows usage of that queue" - sca_edps: - type: number - format: float - description: "Policy monitoring events decoded per second" - sca_events_decoded: - type: number - format: float - description: "Same as `total_events_decoded` but for policy monitoring events" - sca_queue_size: - type: number - format: float - description: "Policy monitoring events queue size" - sca_queue_usage: - type: number - format: float - description: "Same as `syscheck_queue_usage` but for policy monitoring events" - statistical_queue_size: - type: number - format: float - description: "Stats log queue size" - statistical_queue_usage: - type: number - format: float - description: "Stats log queue usage" - syscheck_edps: - type: number - format: float - description: "FIM events decoded per second (EDPS = Events Decoded Per Second)" - syscheck_events_decoded: - type: number - format: float - description: "Same as `total_events_decoded` but for FIM events" - syscheck_queue_size: - type: number - format: float - description: "Syscheck events queue size" - syscheck_queue_usage: - type: number - format: float - description: "Percentage of use in the syscheck events queue pending to be decoded. Events are discarded when - the queue is full" - syscollector_edps: - type: number - format: float - description: "System inventory events decoded per second" - syscollector_events_decoded: - type: number - format: float - description: "Same as `total_events_decoded` but for system inventory events" - syscollector_queue_size: - type: number - format: float - description: "System inventory events queue size" - syscollector_queue_usage: - type: number - format: float - description: "Same as `syscheck_queue_usage` but for system inventory events" - total_events_decoded: - type: number - format: float - description: "Total events decoded in the last 5 seconds. This number is not accumulative, the number in the - following 5 seconds can be lower than the previous one" - winevt_edps: - type: number - format: float - description: "Windows events decoded per second" - winevt_events_decoded: - type: number - format: float - description: "Same as `total_events_decoded` but for Windows events" - winevt_queue_size: - type: number - format: float - description: "Windows events queue size" - winevt_queue_usage: - type: number - format: float - description: "Same as `syscheck_queue_usage` but for Windows events" - - WazuhRemotedStats: - type: object - properties: - ctrl_msg_count: - type: number - format: float - description: "Number of control messages received from all agents during the last five seconds" - discarded_count: - type: number - format: float - description: "Number of discarded events received from agents during the last five seconds" - evt_count: - type: number - format: float - description: "Number of events sent to analysisd during the last five seconds" - msg_sent: - type: number - format: float - description: "Number of messages sent to the agents during the last five seconds" - queue_size: - type: number - format: float - description: "Usage of the queue to storage events from agents" - recv_bytes: - type: number - format: float - description: "Number of received bytes from all agents during the last five seconds" - tcp_sessions: - type: number - format: float - description: "Number of TCP active sessions during the last five seconds" - total_queue_size: - type: number - format: float - description: "Total queue size to store events from agents" - - WazuhLogs: - type: object - properties: - description: - type: string - description: "Log message" - level: - type: string - description: "Log level" - enum: - - critical - - debug - - debug2 - - error - - info - - warning - tag: - type: string - description: "Wazuh component that logged the event" - enum: - - agent_control - - ossec-agentlessd - - ossec-analysisd - - ossec-authd - - ossec-csyslogd - - ossec-dbd - - ossec-execd - - ossec-integratord - - ossec-maild - - ossec-monitord - - ossec-logcollector - - ossec-remoted - - ossec-reportd - - ossec-rootcheck - - ossec-syscheckd - - ossec-testrule - - sca - - verify-agent-conf - - wazuh-db - - wazuh-modulesd - - wazuh-modulesd:agent-key-polling - - wazuh-modulesd:aws-s3 - - wazuh-modulesd:azure-logs - - wazuh-modulesd:ciscat - - wazuh-modulesd:control - - wazuh-modulesd:command - - wazuh-modulesd:database - - wazuh-modulesd:docker-listener - - wazuh-modulesd:download - - wazuh-modulesd:oscap - - wazuh-modulesd:osquery - - wazuh-modulesd:syscollector - - wazuh-modulesd:vulnerability-detector - timestamp: - type: string - format: date-time - - ValidationStatus: - type: object - properties: - name: - type: string - description: "Node name" - status: - type: string - description: "Status value" - - LogSummary: - type: object - properties: - all: - type: integer - format: int32 - minimum: 0 - critical: - type: integer - format: int32 - minimum: 0 - debug: - type: integer - format: int32 - minimum: 0 - error: - type: integer - format: int32 - minimum: 0 - info: - type: integer - format: int32 - minimum: 0 - warning: - type: integer - format: int32 - minimum: 0 - - WazuhLogsSummary: - type: object - properties: - ossec-agentlessd: - $ref: '#/components/schemas/LogSummary' - ossec-analysisd: - $ref: '#/components/schemas/LogSummary' - ossec-authd: - $ref: '#/components/schemas/LogSummary' - ossec-csyslogd: - $ref: '#/components/schemas/LogSummary' - ossec-dbd: - $ref: '#/components/schemas/LogSummary' - ossec-execd: - $ref: '#/components/schemas/LogSummary' - ossec-integratord: - $ref: '#/components/schemas/LogSummary' - ossec-maild: - $ref: '#/components/schemas/LogSummary' - ossec-monitord: - $ref: '#/components/schemas/LogSummary' - ossec-logcollector: - $ref: '#/components/schemas/LogSummary' - ossec-remoted: - $ref: '#/components/schemas/LogSummary' - ossec-reportd: - $ref: '#/components/schemas/LogSummary' - ossec-rootcheck: - $ref: '#/components/schemas/LogSummary' - ossec-syscheckd: - $ref: '#/components/schemas/LogSummary' - ossec-testrule: - $ref: '#/components/schemas/LogSummary' - sca: - $ref: '#/components/schemas/LogSummary' - wazuh-db: - $ref: '#/components/schemas/LogSummary' - wazuh-modulesd: - $ref: '#/components/schemas/LogSummary' - wazuh-modulesd:agent-key-polling: - $ref: '#/components/schemas/LogSummary' - wazuh-modulesd:aws-s3: - $ref: '#/components/schemas/LogSummary' - wazuh-modulesd:azure-logs: - $ref: '#/components/schemas/LogSummary' - wazuh-modulesd:ciscat: - $ref: '#/components/schemas/LogSummary' - wazuh-modulesd:command: - $ref: '#/components/schemas/LogSummary' - wazuh-modulesd:database: - $ref: '#/components/schemas/LogSummary' - wazuh-modulesd:docker-listener: - $ref: '#/components/schemas/LogSummary' - wazuh-modulesd:download: - $ref: '#/components/schemas/LogSummary' - wazuh-modulesd:oscap: - $ref: '#/components/schemas/LogSummary' - wazuh-modulesd:osquery: - $ref: '#/components/schemas/LogSummary' - wazuh-modulesd:syscollector: - $ref: '#/components/schemas/LogSummary' - wazuh-modulesd:vulnerability-detector: - $ref: '#/components/schemas/LogSummary' - - ConfirmationMessage: - type: object - properties: - message: - type: string - description: "Confirmation message" - - ConfigurationValidation: - type: object - properties: - status: - type: string - description: "Configuration status" - enum: - - OK - - APIconfiguration: - type: object - minProperties: 1 - additionalProperties: false - properties: - access: - description: API Security Options - type: object - additionalProperties: false - properties: - max_login_attempts: - description: "Maximum number of login attempts in {block_time} seconds" - type: integer - format: int32 - minimum: 1 - example: 50 - block_time: - description: "Blocking time for IPs that have exceeded {max_login_attempts}. Time counts from the first - attempt" - type: integer - format: int32 - minimum: 0 - example: 300 - max_request_per_minute: - description: "Maximum number of requests allowed per minute" - type: integer - format: int32 - minimum: 1 - example: 300 - behind_proxy_server: - description: "Set this option to 'yes' in case the API is running behind a proxy server" - type: boolean - default: false - logs: - type: object - additionalProperties: false - properties: - level: - description: "Verbosity level of API logs" - default: info - type: string - enum: [disabled, info, warning, error, debug, debug2] - cache: - type: object - additionalProperties: false - properties: - enabled: - description: "Enable cache" - type: boolean - default: true - time: - description: "Cache expiration time in seconds" - type: number - format: double - minimum: 0 - example: 0.75 - cors: - type: object - additionalProperties: false - properties: - enabled: - description: "Enable CORS" - type: boolean - default: false - source_route: - description: "Sources for which the resources will be available. For example 'http://client.example.org'" - type: string - example: '*' - expose_headers: - description: "Which headers can be exposed as part of the response" - type: string - example: '*' - allow_headers: - description: "Which HTTP headers can be used during the actual request" - type: string - example: '*' - allow_credentials: - description: "Browsers will only expose the response to frontend JavaScript code if this is enabled" - type: boolean - default: false - use_only_authd: - description: "Force the use of authd when adding and removing agents" - type: boolean - default: false - experimental_features: - description: "Enable features under development" - type: boolean - default: false - - LastScan: - type: object - properties: - end: - type: string - nullable: true - format: date-time - description: "Date when the latest scan finished. If it is in progress, or no scans have been run, null will - be returned" - start: - type: string - nullable: true - format: date-time - description: "Date when the latest scan started. If no scans have been run, null will be returned" - - # Rules models - RuleFile: - allOf: - - $ref: '#/components/schemas/RulesetFile' - - $ref: '#/components/schemas/RulesetStatus' - - Rule: - allOf: - - $ref: '#/components/schemas/RuleFile' - - type: object - properties: - description: - type: string - description: "Rule description. This description is shown when an alert matching the rule is raised" - details: - type: object - description: "Rule definition details" - gdpr: - type: array - description: "GDPR checks the rule is checking" - items: - type: string - gpg13: - type: array - description: "GPG13 checks the rule is checking" - items: - type: string - groups: - type: array - description: "Groups the rule belongs to" - items: - type: string - hipaa: - type: array - description: "HIPAA checks the rule is checking" - items: - type: string - id: - type: integer - format: int32 - description: "Rule ID" - level: - type: integer - format: int32 - minimum: 0 - maximum: 15 - description: "Rule level" - nist-800-53: - type: array - description: "NIST-800-53 checks the rule is checking" - items: - type: string - tsc: - type: array - description: "TSC checks the rule is checking" - items: - type: string - pci: - type: array - description: "PCI DSS checks the rule is checking" - items: - type: string - - SecurityConfiguration: - type: object - minProperties: 1 - properties: - auth_token_exp_timeout: - description: "Time in seconds until the token expires" - type: integer - format: int32 - minimum: 30 - example: 900 - rbac_mode: - description: "RBAC mode (white/black)" - type: string - enum: [white, black] - example: white - - # SCA models - SCAChecks: - type: object - properties: - description: - type: string - description: "A description of what is being checked" - directory: - type: string - description: "Analyzed directories" - file: - type: string - description: "Analyzed file path" - id: - type: integer - format: int32 - description: "Policy check ID. A policy contains multiple checks" - policy_id: - type: string - description: "Scanned policy ID" - process: - type: string - description: "Check whether a process is running or not. It's only returned when the checked process is - running" - rationale: - type: string - description: "Explain why this check is necessary" - references: - type: string - description: "A link to a documentation page about the check" - registry: - type: string - description: "Analyzed registry" - remediation: - type: string - description: "Explain how to fix the check, this field is very useful in case the check failed" - result: - type: string - description: "Check result" - enum: - - passed - - failed - - "" - title: - type: string - description: "A brief description of what is being checked" - condition: - type: string - description: "Specify how rule results are aggregated in order to calculate the final value of a check" - enum: - - all - - any - - none - SCADatabase: - type: object - properties: - description: - type: string - description: "Brief description of what the policy is checking" - end_scan: - type: string - format: date-time - description: "When the last scan finished" - fail: - type: integer - format: int32 - description: "Number of failed checks. If this number is higher than 0 the host has a vulnerability" - name: - type: string - description: "Policy name" - pass: - type: integer - format: int32 - description: "Number of passed checks" - policy_id: - type: string - description: "Policy ID" - references: - type: string - description: "A link to a documentation page about the policy" - score: - type: integer - format: int32 - description: "Percentage of passed checks" - start_scan: - type: string - format: date-time - description: "When the last scan started" - - # Syscheck models - SyscheckDatabase: - type: object - properties: - sha1: - type: string - format: hash_or_empty - description: "SHA1 checksum of the file" - file: - type: string - description: "File name that raised the alert" - md5: - type: string - format: hash_or_empty - description: "MD5 checksum of the file" - inode: - type: integer - format: int32 - description: "Inode of the file. Only available in Linux agents" - uid: - type: string - format: numbers_or_empty - description: "UID of the file" - date: - type: string - format: date-time - description: "Date when the alert was raised" - perm: - type: string - format: names_or_empty - description: "File permissions" - type: - type: string - description: "File type. Registry type only available in Windows agents" - enum: - - file - - registry - gname: - type: string - format: names_or_empty - description: "Group name. Only available in Linux agents" - uname: - type: string - format: names_or_empty - description: "User name of the file" - size: - type: integer - format: int64 - description: "File size in bytes" - gid: - type: string - format: numbers_or_empty - description: "GID of the file. Only available in Linux agents" - mtime: - type: string - format: date-time_or_empty - description: "Last modification date of the file" - sha256: - type: string - format: hash_or_empty - description: "SHA256 checksum of the file" - - # Decoders models - Decoder: - type: object - allOf: - - $ref: '#/components/schemas/DecoderFile' - properties: - name: - type: string - description: "Decoder name" - position: - type: integer - format: int32 - minimum: 0 - description: "Position of this decoder in the decoder file. The parent decoder will have position 0, the - following defined decoder will have position 1, and so on" - details: - type: object - description: "Decoder definition fields" - properties: - program_name: - type: string - nullable: true - parent: - type: string - prematch: - type: string - regex: - type: array - items: - type: string - order: - type: string - accumulate: - type: boolean - nullable: true - - DecoderFile: - allOf: - - $ref: '#/components/schemas/RulesetFile' - - $ref: '#/components/schemas/RulesetStatus' - - # Syscollector models - SyscollectorHardware: - type: object - properties: - board_serial: - type: string - description: "Motherboard serial number. This value will be empty in virtual machines" - cpu: - type: object - properties: - cores: - type: integer - format: int32 - minimum: 0 - description: "Number of cores the CPU has" - mhz: - type: number - format: float - minimum: 0 - description: "Mhz the CPU has" - name: - type: string - description: "CPU name" - ram: - type: object - properties: - free: - type: integer - format: int32 - minimum: 0 - description: "Current free RAM memory" - total: - type: integer - format: int32 - minimum: 0 - description: "Total RAM memory" - usage: - type: integer - format: int32 - minimum: 0 - maximum: 100 - description: "RAM memory currently used" - scan: - $ref: '#/components/schemas/ScanIdTime' - agent_id: - $ref: '#/components/schemas/AgentID' - - SyscollectorHotfix: - type: object - properties: - scan: - $ref: '#/components/schemas/ScanIdTime' - hotfix: - type: string - description: "Hotfixes for windows agents" - - SyscollectorNetwork: - type: object - properties: - address: - type: string - description: "IP address associated with the network interface" - broadcast: - type: string - description: "IP address associated with the broadcast" - iface: - type: string - description: "Network interface name" - netmask: - type: string - description: "Netmask associated with the network interface" - proto: - type: string - description: "Protocol associated with the network interface" - scan_id: - type: integer - format: int64 - description: "Scan ID" - agent_id: - $ref: '#/components/schemas/AgentID' - - NetworkInterfaceSentPackets: - description: "Information related to sent packets in the network interface" - type: object - properties: - bytes: - type: integer - format: int32 - minimum: 0 - description: "Number of bytes in the network interface" - dropped: - type: integer - format: int32 - minimum: 0 - description: "Number of dropped packages in the network interface" - error: - type: integer - format: int32 - minimum: 0 - description: "Number of packages containing any error in the network interface" - packets: - type: integer - format: int32 - minimum: 0 - description: "Number of packages in the network interface" - - NetworkInterfaceReceivedPackets: - description: "Information related to received packets in the network interface" - type: object - properties: - bytes: - type: integer - format: int32 - minimum: 0 - description: "Number of bytes in the network interface" - dropped: - type: integer - format: int32 - minimum: 0 - description: "Number of dropped packages in the network interface" - error: - type: integer - format: int32 - minimum: 0 - description: "Number of packages containing any error in the network interface" - packets: - type: integer - format: int32 - minimum: 0 - description: "Number of packages in the network interface" - - SyscollectorInterface: - type: object - properties: - mac: - type: string - description: "MAC Address of the network interface" - mtu: - type: integer - format: int32 - minimum: 0 - description: "Network interface's Maximum Transfer Unit" - name: - type: string - description: "Network interface name" - rx: - $ref: '#/components/schemas/NetworkInterfaceReceivedPackets' - scan: - $ref: '#/components/schemas/ScanIdTime' - state: - type: string - description: "Network interface state" - enum: - - up - - down - tx: - $ref: '#/components/schemas/NetworkInterfaceSentPackets' - type: - type: string - description: "Network interface type" - agent_id: - $ref: '#/components/schemas/AgentID' - - SyscollectorProtocol: - type: object - properties: - dhcp: - $ref: '#/components/schemas/DHCPStatus' - gateway: - description: "Gateway IP" - type: string - iface: - description: "Network interface name" - type: string - scan_id: - type: integer - format: int64 - description: "Scan ID" - type: - type: string - description: "Protocol of the interface data" - enum: - - ipv4 - - ipv6 - agent_id: - $ref: '#/components/schemas/AgentID' - - DHCPStatus: - type: string - description: "DHCP status" - enum: - - enabled - - disabled - - unknown - - BOOTP - - SyscollectorOS: - type: object - properties: - architecture: - type: string - description: "OS architecture" - hostname: - type: string - description: "Machine's hostname" - os: - type: object - properties: - codename: - type: string - description: "OS version codename" - major: - type: string - description: "Major release version" - minor: - type: string - description: "Minor release version" - name: - type: string - description: "OS name" - platform: - type: string - description: "OS platform name" - version: - type: string - description: "Full version name" - release: - type: string - description: "Release name" - scan: - $ref: '#/components/schemas/ScanIdTime' - sysname: - type: string - description: "System name" - version: - type: string - description: "Release version" - agent_id: - $ref: '#/components/schemas/AgentID' - - SyscollectorPackages: - type: object - properties: - architecture: - type: string - description: "Package architecture" - description: - type: string - description: "Brief package description" - format: - type: string - description: "Package format" - enum: - - deb - - rpm - - win - - pkg - multiarch: - type: string - description: "Whether the package has multi architecture support" - enum: - - allowed - - same - - foreign - name: - type: string - description: "Package name" - priority: - type: string - description: "Package priority" - scan: - $ref: '#/components/schemas/ScanIdTime' - section: - type: string - description: "Package section" - source: - type: string - description: "Source section" - size: - type: integer - description: "Installed package size in bytes" - vendor: - type: string - description: "Vendor name" - version: - type: string - description: "Release version installed" - agent_id: - $ref: '#/components/schemas/AgentID' - - LocalPortInfo: - description: "Information regarding local opened port" - type: object - properties: - ip: - type: string - description: "Bind IP" - port: - type: integer - minimum: 0 - format: int32 - description: "Port used" - - RemotePortInfo: - description: "Information regarding the remote port the machine is connected to" - type: object - properties: - ip: - type: string - description: "Bind IP" - port: - type: integer - minimum: 0 - format: int32 - description: "Port used" - - SyscollectorPorts: - type: object - properties: - inode: - type: integer - format: int64 - description: "Port inode" - local: - $ref: '#/components/schemas/LocalPortInfo' - protocol: - type: string - description: "Protocol used in the communication" - enum: - - tcp - - udp - - tcp6 - - udp6 - remote: - $ref: '#/components/schemas/RemotePortInfo' - rx_queue: - type: integer - format: int32 - minimum: 0 - description: "Packets at the receiver queue" - scan: - $ref: '#/components/schemas/ScanIdTime' - state: - type: string - description: "Communication status" - enum: - - established - - syn_sent - - syn_recv - - fin_wait1 - - fin_wait2 - - time_wait - - close - - close_wait - - last_ack - - listening - - closing - - delete_tcp - - unknown - tx_queue: - type: integer - format: int32 - minimum: 0 - description: "Packets pending to be transmitted" - agent_id: - $ref: '#/components/schemas/AgentID' - pid: - type: integer - format: int32 - description: "PID owner of the opened port" - process: - type: string - format: alphanumeric - description: "Name of the PID" - - SyscollectorProcess: - type: object - properties: - argvs: - type: string - description: "Process received arguments" - cmd: - type: string - description: "Executed command" - egroup: - type: string - description: "Effective group" - euser: - type: string - description: "Effective user" - fgroup: - type: string - description: "Filesystem group name" - name: - type: string - description: "Process name" - nice: - type: integer - format: int32 - description: "Nice value of the process" - nlwp: - type: integer - format: int32 - description: "Number of light weight processes" - pgrp: - type: integer - format: int32 - description: "Process group" - pid: - type: string - description: "Process PID" - ppid: - type: integer - format: int32 - minimum: 0 - description: "Process parent PID" - priority: - type: integer - format: int32 - description: "Kernel scheduling priority" - processor: - type: integer - format: int32 - minimum: 0 - description: "Processor number which is running the process" - resident: - type: integer - format: int32 - description: "Process resident size in bytes" - rgroup: - type: string - description: "Real group" - ruser: - type: string - description: "Real user" - scan: - $ref: '#/components/schemas/ScanIdTime' - session: - type: integer - format: int32 - description: "Process session" - sgroup: - type: string - description: "Saved-set group" - share: - type: integer - format: int32 - minimum: 0 - description: "Shared memory" - size: - type: integer - format: int32 - minimum: 0 - description: "Process size in bytes" - start_time: - type: integer - format: int64 - description: "Time when the process started" - state: - type: string - description: "Process state" - stime: - type: integer - format: int32 - minimum: 0 - description: "Time spent executing system code" - suser: - type: string - description: "Saved-set user" - tgid: - type: integer - format: int32 - description: "Thread Group ID" - tty: - type: integer - format: int32 - description: "Process TTY number" - utime: - type: integer - format: int32 - description: "Time spent executing user code" - vm_size: - type: integer - format: int32 - minimum: 0 - description: "Total VM size (KB)" - agent_id: - $ref: '#/components/schemas/AgentID' - - # Lists models - CDBList: - allOf: - - $ref: '#/components/schemas/RulesetFile' - - type: object - properties: - items: - type: array - items: - $ref: '#/components/schemas/CDBListPair' - - CDBListPair: - type: object - required: - - key - - value - properties: - key: - type: string - description: "Value of the CDB list item key" - value: - type: string - description: "Value of the CDB list item value" - - CDBListFile: - $ref: '#/components/schemas/RulesetFile' - - # Overview models - OverviewAgents: - type: object - required: - - agent_os - - agent_status - - agent_version - - groups - - last_registered_agent - - nodes - properties: - nodes: - type: array - description: "Active nodes in the cluster" - items: - type: object - properties: - count: - type: integer - format: int32 - node_name: - type: string - groups: - type: array - description: "Recount of the number of Wazuh agents group by Wazuh groups" - items: - $ref: '#/components/schemas/AgentGroup' - agent_os: - type: array - description: "Recount of the number of Wazuh agents group by OS" - items: - type: object - properties: - count: - type: integer - format: int32 - os: - type: object - properties: - name: - type: string - format: alphanumeric_symbols - platform: - type: string - format: alphanumeric - version: - type: string - format: alphanumeric - agent_status: - $ref: '#/components/schemas/AgentsSummaryStatus' - agent_version: - type: array - description: "Recount of the number of Wazuh agents group by version" - items: - type: object - properties: - count: - type: integer - format: int32 - version: - type: string - format: alphanumeric - last_registered_agent: - type: array - items: - $ref: '#/components/schemas/Agent' - - securitySchemes: - basicAuth: - type: http - scheme: basic - description: "Intended method to get a token" - x-basicInfoFunc: api.authentication.check_user - jwt: - type: http - scheme: bearer - bearerFormat: JWT - x-bearerInfoFunc: api.authentication.decode_token - - parameters: - attack_id: - in: query - name: id - description: "MITRE attack ID" - schema: - type: string - format: alphanumeric - agent_id: - in: path - name: agent_id - description: "Agent ID. All possible values from 000 onwards" - required: true - schema: - $ref: '#/components/schemas/AgentID' - agent_name: - in: query - name: agent_name - description: "Agent name" - required: true - schema: - type: string - format: names - maxLength: 128 - benchmark: - in: query - name: benchmark - description: "Filter by benchmark type" - schema: - type: string - format: alphanumeric - command: - in: query - name: command - description: "Filter by command" - schema: - type: string - format: alphanumeric - component: - in: path - name: component - description: "Selected agent's component" - required: true - schema: - type: string - enum: - - agent - - agentless - - analysis - - auth - - com - - csyslog - - integrator - - logcollector - - mail - - monitor - - request - - syscheck - - wmodules - configuration: - in: path - name: configuration - description: | -

Selected agent's configuration to read. The configuration to read depends on the selected component. - The following table shows all available combinations of component and configuration values:

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
ComponentConfigurationTag
agentclient<client>
agentbuffer<client_buffer>
agentlabels<labels>
agentinternal<agent>, <monitord>, <remoted>
agentlessagentless<agentless>
analysisglobal<global>
analysisactive_response<active-response>
analysisalerts<alerts>
analysiscommand<command>
analysisrules<rule>
analysisdecoders<decoder>
analysisinternal<analysisd>
authauth<auth>
comactive-response<active-response>
comlogging<logging>
cominternal<execd>
comcluster<cluster>
csyslogcsyslog<csyslog_output>
integratorintegration<integration>
logcollectorlocalfile<localfile>
logcollectorsocket<socket>
logcollectorinternal<logcollector>
mailglobal<global><email...>
mailalerts<email_alerts>
mailinternal<maild>
monitorinternal<monitord>
monitorinternal<reports>
requestremote<remote>
requestinternal<remoted>
syschecksyscheck<syscheck>
syscheckrootcheck<rootcheck>
syscheckinternal<syscheck>, <rootcheck>
wmoduleswmodules<wodle>
- required: true - schema: - type: string - enum: - - client - - buffer - - labels - - internal - - agentless - - global - - active_response - - alerts - - command - - rules - - decoders - - auth - - logging - - reports - - active-response - - cluster - - csyslog - - integration - - localfile - - socket - - remote - - syscheck - - rootcheck - - wmodules - decoder_name: - in: query - name: decoder_names - description: "Decoder name" - schema: - type: array - items: - type: string - format: names - description: - in: query - name: description - description: "Filter by policy description" - schema: - type: string - format: alphanumeric_symbols - directory: - in: query - name: directory - description: "Filter by directory" - schema: - type: string - downloadFile: - in: path - name: filename - required: True - description: "Filename to download" - schema: - type: string - format: alphanumeric - error: - in: query - name: error - description: "Filter by encountered errors" - schema: - type: integer - format: int32 - minimum: 0 - fail: - in: query - name: fail - description: "Filter by failed checks" - schema: - type: integer - format: int32 - minimum: 0 - fields: - in: query - name: fields - description: "List of fields affecting the operation" - schema: - type: array - items: - type: string - format: names - filename: - in: query - name: filename - description: "Filter by filename" - schema: - type: array - items: - type: string - format: alphanumeric - full_path_filter: - in: query - name: file - description: "Filter by full path" - schema: - type: string - format: paths - file_name: - in: path - name: file_name - description: "Filename" - required: true - schema: - type: string - format: alphanumeric - file_format: - in: query - name: format - description: "Filter by file format. For example 'deb' will output deb files" - schema: - type: string - format: alphanumeric - group_id: - in: path - name: group_id - description: "Group ID. (Name of the group)" - required: true - schema: - $ref: '#/components/schemas/GroupID' - group_id_query: - in: query - name: group_id - description: "Group ID. (Name of the group)" - required: true - schema: - $ref: '#/components/schemas/GroupID' - agent_group: - in: query - name: group - description: "Filter by group of agents" - schema: - $ref: '#/components/schemas/GroupID' - hash: - in: query - name: hash - description: "Select algorithm to generate the returned checksums" - schema: - type: string - enum: - - md5 - - sha1 - - sha224 - - sha256 - - sha384 - - sha512 - - blake2b - - blake2s - - sha3_224 - - sha3_256 - - sha3_384 - - sha3_512 - hotfix: - in: query - name: hotfix - description: "Filter by hotfix" - schema: - type: string - limit: - in: query - name: limit - description: "Maximum number of elements to return" - schema: - type: integer - format: int32 - default: 500 - minimum: 1 - maximum: 500 - agents_list: - in: query - name: agents_list - description: "List of agent IDs (separated by comma), all agents selected by default if not specified" - schema: - type: array - items: - $ref: '#/components/schemas/AgentID' - agents_list_delete: - in: query - name: agents_list - description: "List of agent IDs (separated by comma), use the keyword `all` to select all agents" - required: true - schema: - type: array - items: - $ref: '#/components/schemas/AgentID_DELETE' - groups_list: - in: query - name: groups_list - description: "List of group IDs (separated by comma), all groups selected by default if not specified" - schema: - type: array - items: - $ref: '#/components/schemas/GroupID' - groups_list_delete: - in: query - name: groups_list - description: "List of group IDs (separated by comma), use the keyword 'all' to select all groups" - required: true - schema: - type: array - items: - $ref: '#/components/schemas/GroupID_DELETE' - nodes_list: - in: query - name: nodes_list - description: "List of node IDs (separated by comma), all nodes selected by default if not specified" - schema: - type: array - items: - type: string - manager_host: - in: query - name: manager - description: "Filter by manager hostname where agents are connected to" - schema: - type: string - format: alphanumeric - name: - in: query - name: name - description: "Filter by agent name" - schema: - type: string - format: alphanumeric - sca_name: - in: query - name: name - description: "Filter by policy name" - schema: - type: string - notchecked: - in: query - name: notchecked - description: "Filter by not checked" - schema: - type: integer - format: int32 - minimum: 0 - offset: - in: query - name: offset - description: "First element to return in the collection" - schema: - type: integer - format: int32 - default: 0 - minimum: 0 - olderThanParam: - in: query - name: older_than - description: "Filter out agents whose time lapse from last keep alive signal is longer than specified. Time in - seconds, ‘[n_days]d’, ‘[n_hours]h’, ‘[n_minutes]m’ or ‘[n_seconds]s’. For never_connected agents, uses the - register date. For example, `7d`, `10s` and `10` are valid values. If no time unit is specified, seconds are used" - schema: - type: string - format: timeframe - pass: - in: query - name: pass - description: "Filter by passed checks" - schema: - type: integer - format: int32 - minimum: 0 - phase_name: - in: query - name: phase_name - description: "Show results filtered by phase" - schema: - type: string - format: alphanumeric - platform_name: - in: query - name: platform_name - description: "Show results filtered by platform" - schema: - type: string - format: alphanumeric - pretty: - in: query - name: pretty - description: "Show results in human-readable format" - schema: - type: boolean - default: false - process: - in: query - name: process - description: "Filter by process name" - schema: - type: string - format: alphanumeric - profile: - in: query - name: profile - description: "Filter by evaluated profile" - schema: - type: string - format: alphanumeric - policy_id: - in: path - name: policy_id - description: "Filter by policy id" - required: true - schema: - type: string - format: alphanumeric - policy_id_rbac: - in: path - name: policy_id - description: "Specify a policy id" - required: true - schema: - $ref: '#/components/schemas/Policy_id' - policy_ids_rbac: - in: query - name: 'policy_ids' - description: "List of policy IDs" - schema: - type: array - items: - $ref: '#/components/schemas/Policy_id' - policy_ids_rbac_delete: - in: query - name: 'policy_ids' - description: "List of policy IDs (separated by comma), use the keyword 'all' to select all policies" - required: true - schema: - type: array - items: - $ref: '#/components/schemas/Policy_id_DELETE' - policy_ids_rbac_required: - in: query - name: 'policy_ids' - description: "List of policy IDs" - required: true - schema: - type: array - items: - $ref: '#/components/schemas/Policy_id' - endpoint: - in: query - name: endpoint - description: "Look for the RBAC actions which are related to the specified endpoint" - schema: - type: string - purge: - in: query - name: purge - description: "Permanently delete an agent from the key store" - schema: - type: boolean - default: false - query: - in: query - name: q - description: "Query to filter results by. For example q="status=active"" - schema: - type: string - rationale: - in: query - name: rationale - description: "Filter by rationale" - schema: - type: string - format: alphanumeric_symbols - raw: - in: query - name: raw - description: "Format response in plain text" - required: False - schema: - type: boolean - registry: - in: query - name: registry - description: "Filter by registry" - schema: - type: string - format: alphanumeric - references: - in: query - name: references - description: "Filter by references" - schema: - type: string - remediation: - in: query - name: remediation - description: "Filter by remediation" - schema: - type: string - format: alphanumeric_symbols - rule_requirement: - in: path - name: requirement - required: true - schema: - type: string - enum: [pci_dss, gdpr, hipaa, nist-800-53, gpg13, tsc, mitre] - result: - in: query - name: result - description: "Filter by result" - schema: - type: string - format: alphanumeric - condition: - in: query - name: condition - description: "Filter by condition" - schema: - type: string - role_id: - in: path - name: role_id - description: "Specify a role ID" - required: true - schema: - $ref: '#/components/schemas/Role_id' - role_ids: - in: query - name: 'role_ids' - description: "List of role IDs (separated by comma)" - schema: - type: array - items: - $ref: '#/components/schemas/Role_id' - role_ids_delete: - in: query - name: 'role_ids' - description: "List of role IDs (separated by comma), use the keyword 'all' to select all roles" - required: true - schema: - type: array - items: - $ref: '#/components/schemas/Role_id_DELETE' - role_ids_required: - in: query - name: 'role_ids' - description: "List of role IDs (separated by comma)" - required: True - schema: - type: array - items: - $ref: '#/components/schemas/Role_id_DELETE' - security_rule_id: - in: path - name: 'rule_id' - description: "Specify a rule ID" - required: true - schema: - $ref: '#/components/schemas/Security_rule_id' - security_rule_ids: - in: query - name: 'rule_ids' - description: "List of rule IDs (separated by comma)" - schema: - type: array - items: - $ref: '#/components/schemas/Security_rule_id' - security_rule_ids_required: - in: query - name: 'rule_ids' - description: "List of rule IDs (separated by comma)" - required: true - schema: - type: array - items: - $ref: '#/components/schemas/Security_rule_id' - security_rule_ids_delete: - in: query - name: 'rule_ids' - description: "List of rule IDs (separated by comma), use the keyword 'all' to select all rules" - required: true - schema: - type: array - items: - $ref: '#/components/schemas/Security_rule_id_DELETE' - security_position: - in: query - name: 'position' - description: "Security position for roles/policies" - required: False - schema: - type: integer - minimum: 0 - reason: - in: query - name: reason - description: "Filter by reason" - schema: - type: string - format: alphanumeric_symbols - rule_ids: - in: query - name: rule_ids - description: "List of rule IDs" - schema: - type: array - items: - type: integer - format: int32 - minimum: 1 - score: - in: query - name: score - description: "Filter by final score" - schema: - type: integer - format: int32 - minimum: 0 - search: - in: query - name: search - description: "Look for elements containing the specified string. To obtain a complementary search, use '-' at the - beggining" - schema: - type: string - format: search - select: - in: query - name: select - description: "Select which fields to return (separated by comma). Use '.' for nested fields. For example, - '{field1: field2}' may be selected with 'field1.field2'" - schema: - type: array - items: - type: string - format: names - # It'd be more appropriate to be an array of strings, and separate the ascending or descending order in another param - sort: - in: query - name: sort - description: "Sort the collection by a field or fields (separated by comma). Use +/- at the beggining to list in - ascending or descending order. Use '.' for nested fields. For example, '{field1: field2}' may be selected with - 'field1.field2'" - schema: - type: string - format: sort - status: - in: query - name: status - description: "Filter by status" - schema: - type: string - format: alphanumeric - statusAgentParam: - in: query - name: status - description: "Filter by agent status (use commas to enter multiple statuses)" - schema: - type: array - items: - type: string - enum: - - active - - pending - - never_connected - - disconnected - minItems: 1 - - statusRLDParam: - in: query - name: status - description: "Filter by list status. Use commas to enter multiple statuses" - schema: - type: string - enum: - - enabled - - disabled - - all - minItems: 1 - title: - in: query - name: title - description: "Filter by title" - schema: - type: string - format: alphanumeric_symbols - type_agents: - in: query - name: type - description: "Type of file" - schema: - type: array - items: - type: string - enum: - - conf - - rootkit_files - - rootkit_trojans - - rcl - type_syscollector: - in: query - name: type - description: "Type of network" - schema: - type: string - format: alphanumeric - typesys: - in: query - name: type - description: "Type of file" - schema: - type: string - user_ids: - in: query - name: 'user_ids' - description: "List of user IDs (separated by comma)" - schema: - type: array - items: - $ref: '#/components/schemas/User_id' - user_ids_delete: - in: query - name: 'user_ids' - description: "List of user IDs (separated by comma), use the keyword 'all' to select all users" - required: true - schema: - type: array - items: - $ref: '#/components/schemas/User_id_DELETE' - user_id_required: - in: path - name: 'user_id' - description: "User ID" - required: True - schema: - $ref: '#/components/schemas/User_id' - unknown: - in: query - name: unknown - description: "Filter by unknown results" - schema: - type: integer - format: int32 - version: - in: query - name: version - description: "Filter by agents version" - schema: - type: string - format: alphanumeric - wait_for_complete: - in: query - name: wait_for_complete - description: "Disable timeout response" - schema: - type: boolean - default: false - node_type: - in: query - name: type - description: "Filter by node type" - schema: - type: string - enum: - - worker - - master - node_id: - in: path - name: node_id - description: "Cluster node name" - required: true - schema: - type: string - format: names - node_name: - in: query - name: node_name - description: "Filter by node name" - schema: - type: string - format: names - section: - in: query - name: section - description: "Indicates the wazuh configuration section" - schema: - type: string - enum: - - active-response - - agentless - - alerts - - auth - - client - - client_buffer - - cluster - - command - - database_output - - email_alerts - - global - - integration - - labels - - localfile - - logging - - remote - - reports - - rootcheck - - ruleset - - sca - - socket - - syscheck - - syslog_output - # Wodle sections - - agent-key-polling - - aws-s3 - - azure-logs - - cis-cat - - docker-listener - - open-scap - - osquery - - syscollector - - vulnerability-detector - field: - in: query - name: field - description: "Indicate a section child. E.g, fields for *ruleset* section are: decoder_dir, rule_dir, etc" - schema: - type: string - format: names - date: - in: query - name: date - description: "Date to obtain statistical information from. Format YYYY-MM-DD" - schema: - type: string - format: date - tag: - in: query - name: tag - description: "Wazuh component that logged the event" - schema: - type: string - enum: - - ossec-agentlessd - - ossec-analysisd - - ossec-authd - - ossec-csyslogd - - ossec-dbd - - ossec-execd - - ossec-integratord - - ossec-maild - - ossec-monitord - - ossec-logcollector - - ossec-remoted - - ossec-reportd - - ossec-rootcheck - - ossec-syscheckd - - ossec-testrule - - sca - - wazuh-db - - wazuh-modulesd - - wazuh-modulesd:agent-key-polling - - wazuh-modulesd:aws-s3 - - wazuh-modulesd:azure-logs - - wazuh-modulesd:ciscat - - wazuh-modulesd:control - - wazuh-modulesd:command - - wazuh-modulesd:database - - wazuh-modulesd:docker-listener - - wazuh-modulesd:download - - wazuh-modulesd:oscap - - wazuh-modulesd:osquery - - wazuh-modulesd:syscollector - - wazuh-modulesd:vulnerability-detector - log_level: - in: query - name: level - description: "Filter by log level" - schema: - type: string - enum: - - critical - - debug - - debug2 - - error - - info - - warning - edit_files_path: - in: query - name: path - description: "Filepath to upload/edit file. (Relative to wazuh installation folder)" - required: true - schema: - type: string - format: edit_files_path - delete_files_path: - in: query - name: path - description: "Filepath to delete file. (Relative to wazuh installation folder)" - required: true - schema: - type: string - format: delete_files_path - get_files_path: - in: query - name: path - description: "Filepath to return file. (Relative to wazuh installation folder)" - required: true - schema: - type: string - format: get_files_path - get_dirnames_path: - in: query - name: relative_dirname - description: "Filter by relative directory name" - schema: - type: string - format: get_dirnames_path - overwrite: - in: query - name: overwrite - description: "If set to false, an exception will be raised when updating contents of an already existing filename" - schema: - type: boolean - default: false - group: - in: query - name: group - description: "Filter by rule group" - schema: - type: string - format: alphanumeric - level: - in: query - name: level - description: "Filter by rule level. Can be a single level (4) or an interval (2-4)" - schema: - type: string - format: range - pci_dss: - in: query - name: pci_dss - description: "Filter by PCI_DSS requirement name" - schema: - type: string - format: alphanumeric - gdpr: - in: query - name: gdpr - description: "Filter by GDPR requirement" - schema: - type: string - format: alphanumeric - gpg13: - in: query - name: gpg13 - description: "Filter by GPG13 requirement" - schema: - type: string - format: alphanumeric - hipaa: - in: query - name: hipaa - description: "Filter by HIPAA requirement" - schema: - type: string - format: alphanumeric - nist-800-53: - in: query - name: nist-800-53 - description: "Filter by NIST-800-53 requirement" - schema: - type: string - format: alphanumeric - tsc: - in: query - name: tsc - description: "Filters by TSC requirement" - schema: - type: string - format: alphanumeric - mitre: - in: query - name: mitre - description: "Filters by MITRE attack ID" - schema: - type: string - format: alphanumeric - filetype: - in: query - name: type - description: "Filter by file type" - schema: - type: string - enum: - - file - - registry - summary: - in: query - name: summary - description: "Return a summary grouping by filename" - schema: - type: boolean - default: false - md5: - in: query - name: md5 - description: "Filter files with the specified MD5 checksum" - schema: - type: string - format: hash - sha1: - in: query - name: sha1 - description: "Filter files with the specified SHA1 checksum" - schema: - type: string - format: hash - sha256: - in: query - name: sha256 - description: "Filter files with the specified SHA256 checksum" - schema: - type: string - format: hash - hashfilter: - in: query - name: hash - description: "Filter files with the specified hash (md5, sha256 or sha1)" - schema: - type: string - format: hash - distinct: - in: query - name: distinct - description: Look for distinct values. - schema: - type: boolean - default: false - ram.free: - in: query - name: ram.free - description: "Filter by ram.free" - schema: - type: integer - format: int64 - minimum: 0 - ram.total: - in: query - name: ram.total - description: "Filter by ram.total" - schema: - type: integer - format: int64 - minimum: 0 - cpu.cores: - in: query - name: cpu.cores - description: "Filter by cpu.cores" - schema: - type: integer - format: int32 - minimum: 1 - cpu.mhz: - in: query - name: cpu.mhz - description: "Filter by cpu.mhz" - schema: - type: number - format: float - minimum: 1 - cpu.name: - in: query - name: cpu.name - description: "Filter by cpu.name" - schema: - type: string - board_serial: - in: query - name: board_serial - description: "Filter by board_serial" - schema: - type: string - format: alphanumeric - proto: - in: query - name: proto - description: "Filter by IP protocol" - schema: - type: string - format: alphanumeric - address: - in: query - name: address - description: "Filter by IP address" - schema: - type: string - format: alphanumeric - broadcast: - in: query - name: broadcast - description: "Filter by broadcast direction" - schema: - type: string - format: alphanumeric - netmask: - in: query - name: netmask - description: "Filter by netmask" - schema: - type: string - format: alphanumeric - adapter: - in: query - name: adapter - description: "Filter by adapter" - schema: - type: string - format: alphanumeric - state: - in: query - name: state - description: "Filter by state" - schema: - type: string - format: alphanumeric - mtu: - in: query - name: mtu - description: "Filter by mtu" - schema: - type: integer - format: int32 - minimum: 0 - tx.packets: - in: query - name: tx.packets - description: "Filter by tx.packets" - schema: - type: integer - format: int32 - minimum: 0 - rx.packets: - in: query - name: rx.packets - description: "Filter by rx.packets" - schema: - type: integer - format: int32 - minimum: 0 - tx.bytes: - in: query - name: tx.bytes - description: "Filter by tx.bytes" - schema: - type: integer - format: int32 - minimum: 0 - rx.bytes: - in: query - name: rx.bytes - description: "Filter by rx.bytes" - schema: - type: integer - format: int32 - minimum: 0 - tx.errors: - in: query - name: tx.errors - description: "Filter by tx.errors" - schema: - type: integer - format: int32 - minimum: 0 - rx.errors: - in: query - name: rx.errors - description: "Filter by rx.errors" - schema: - type: integer - format: int32 - minimum: 0 - tx.dropped: - in: query - name: tx.dropped - description: "Filter by tx.dropped" - schema: - type: integer - format: int32 - minimum: 0 - rx.dropped: - in: query - name: rx.dropped - description: "Filter by rx.dropped" - schema: - type: integer - format: int32 - minimum: 0 - iface: - in: query - name: iface - description: "Filter by network interface" - schema: - type: string - format: alphanumeric - gateway: - in: query - name: gateway - description: "Filter by network gateway" - schema: - type: string - format: alphanumeric - dhcp: - in: query - name: dhcp - description: "Filter by network dhcp (enabled or disabled)" - schema: - $ref: '#/components/schemas/DHCPStatus' - os.name: - in: query - name: os.name - description: "Filter by OS name" - schema: - type: string - format: alphanumeric - os.platform: - in: query - name: os.platform - description: "Filter by OS platform" - schema: - type: string - format: alphanumeric - architecture: - in: query - name: architecture - description: "Filter by architecture" - schema: - type: string - format: alphanumeric - os.version: - in: query - name: os.version - description: "Filter by OS version" - schema: - type: string - format: alphanumeric - release: - in: query - name: release - description: "Filter by release" - schema: - type: string - format: alphanumeric - vendor: - in: query - name: vendor - description: "Filter by vendor" - schema: - type: string - pid: - in: query - name: pid - description: "Filter by pid" - schema: - type: string - format: numbers - protocol: - in: query - name: protocol - description: "Filter by protocol" - schema: - type: string - format: alphanumeric - local.ip: - in: query - name: local.ip - description: "Filter by Local IP" - schema: - type: string - format: alphanumeric - local.port: - in: query - name: local.port - description: "Filter by Local Port" - schema: - type: string - format: numbers - remote.ip: - in: query - name: remote.ip - description: "Filter by Remote IP" - schema: - type: string - format: alphanumeric - tx_queue: - in: query - name: tx_queue - description: "Filter by tx_queue" - schema: - type: string - format: numbers - process_pid: - in: query - name: pid - description: "Filter by process pid" - schema: - type: string - format: numbers - process_state: - in: query - name: state - description: "Filter by process state" - schema: - type: string - format: alphanumeric - ppid: - in: query - name: ppid - description: "Filter by process parent pid" - schema: - type: string - format: numbers - egroup: - in: query - name: egroup - description: "Filter by process egroup" - schema: - type: string - format: alphanumeric - euser: - in: query - name: euser - description: "Filter by process euser" - schema: - type: string - format: alphanumeric - fgroup: - in: query - name: fgroup - description: "Filter by process fgroup" - schema: - type: string - format: alphanumeric - process_name: - in: query - name: name - description: "Filter by process name" - schema: - type: string - format: alphanumeric - nlwp: - in: query - name: nlwp - description: "Filter by process nlwp" - schema: - type: string - format: numbers - pgrp: - in: query - name: pgrp - description: "Filter by process pgrp" - schema: - type: string - format: numbers - priority: - in: query - name: priority - description: "Filter by process priority" - schema: - type: string - format: numbers - rgroup: - in: query - name: rgroup - description: "Filter by process rgroup" - schema: - type: string - format: alphanumeric - ruser: - in: query - name: ruser - description: "Filter by process ruser" - schema: - type: string - format: alphanumeric - sgroup: - in: query - name: sgroup - description: "Filter by process sgroup" - schema: - type: string - format: alphanumeric - suser: - in: query - name: suser - description: "Filter by process suser" - schema: - type: string - format: alphanumeric - package_version: - in: query - name: version - description: "Filter by version name" - schema: - type: string - older_than: - in: query - name: older_than - description: "Consider only agents whose last keep alive is older than the specified time frame. For - never_connected agents, register date is considered instead of last keep alive. For example, `7d`, `10s` and `10` - are valid values. When no time unit is specified, seconds are assumed. Use 0s to select all agents" - schema: - type: string - format: timeframe - default: 7d - ip: - in: query - name: ip - description: "Filter by the IP used by the agent to communicate with the manager. If it's not available, it will - have the same value as registerIP" - schema: - type: string - format: alphanumeric - registerIP: - in: query - name: registerIP - description: "Filter by the IP used when registering the agent" - schema: - type: string - format: alphanumeric - force_single_group: - in: query - name: force_single_group - description: "Whether to append the new group to current agent's multigroup or replace it" - schema: - type: boolean - wpk_repo: - in: query - name: wpk_repo - description: "WPK repository" - schema: - type: string - format: path - use_http: - in: query - name: use_http - description: "Use http protocol. If it's false use https. By default the value is set to false" - schema: - type: boolean - default: false - upgrade_version: - in: query - name: version - description: "Wazuh version to upgrade to" - schema: - type: string - force: - in: query - name: force - description: "Force upgrade" - schema: - type: boolean - default: false - file_path: - in: query - name: file_path - description: "Full path to the WPK file. The file must be on a folder on the Wazuh's installation directory - (by default, /var/ossec)" - required: True - schema: - type: string - format: wazuh_path - installer: - in: query - name: installer - description: "Installation script. Default is upgrade.sh or upgrade.bat for windows - agents" - schema: - type: string - format: alphanumeric - resource_list: - in: query - name: resource - description: List of current RBAC's resources. - schema: - type: string - enum: - - '*:*' - - 'agent:group' - - 'agent:id' - - 'group:id' - - 'node:id' - - 'file:path' - - 'decoder:file' - - 'list:path' - - 'rule:file' - - 'policy:id' - - 'role:id' - - 'user:id' - -tags: - - name: API Info - description: "Wazuh API information" - - name: Active-response - description: "Agents Active Response" - - name: Agents - description: "Agents management related operations" - - name: Ciscat - description: "Retrieve information from CIS-CAT scans" - - name: Cluster - description: "Wazuh cluster and nodes management" - - name: Decoders - description: "Decoders management" - - name: Experimental - description: "Not ready for production endpoints. Use with caution" - - name: Groups - description: "Group of agents and centralized configurations" - - name: Lists - description: "CDB lists management" - - name: Manager - description: "Wazuh manager management" - - name: Mitre - description: "Attacks information from MITRE database" - - name: Overview - description: "Overview of Wazuh" - - name: Rules - description: "Rules management" - - name: SCA - description: "Policy monitoring" - - name: Security - description: "Roles administration and user authentication management" - - name: Syscheck - description: "File integrity monitoring" - - name: Syscollector - description: "Syscollector information" - -security: - - jwt: [] - -paths: - /: - get: - tags: - - API Info - summary: 'Get API info' - description: "Return basic information about the API" - operationId: api.controllers.default_controller.default_info - parameters: - - $ref: '#/components/parameters/pretty' - responses: - '200': - description: "API default info" - content: - application/json: - schema: - type: object - properties: - data: - $ref: '#/components/schemas/BasicInfo' - example: - title: "Wazuh API" - api_version: "v4.0.0" - revision: '40003' - license_name: "GPL 2.0" - license_url: "https://github.com/wazuh/wazuh/blob/4.0/LICENSE" - hostname: "wazuh" - timestamp: "2019-04-02T08:08:11+0000" - - /active-response: - put: - tags: - - Active-response - summary: "Run command" - description: "Run an Active Response command on all agents or a list of them" - operationId: api.controllers.active_response_controller.run_command - x-rbac-actions: - - $ref: '#/x-rbac-catalog/actions/active-response:command' - parameters: - - $ref: '#/components/parameters/agents_list' - - $ref: '#/components/parameters/pretty' - - $ref: '#/components/parameters/wait_for_complete' - requestBody: - content: - application/json: - schema: - $ref: '#/components/schemas/ActiveResponseBody' - responses: - '200': - description: "Command sent to agents" - content: - application/json: - schema: - $ref: '#/components/schemas/ApiResponse' - example: - data: - affected_items: - - "001" - - "002" - total_affected_items: 2 - failed_items: [] - total_failed_items: 0 - message: 'AR command was sent to all agents' - error: 0 - '400': - $ref: '#/components/responses/ResponseError' - '401': - $ref: '#/components/responses/UnauthorizedResponse' - '403': - $ref: '#/components/responses/PermissionDeniedResponse' - '405': - $ref: '#/components/responses/InvalidHTTPMethodResponse' - '406': - $ref: '#/components/responses/WrongContentTypeResponse' - '413': - $ref: '#/components/responses/RequestTooLargeResponse' - '429': - $ref: '#/components/responses/TooManyRequestsResponse' - - /agents: - delete: - tags: - - Agents - summary: "Delete agents" - description: "Delete agents with optional criteria based on the status or time of the last - connection" - operationId: api.controllers.agents_controller.delete_agents - x-rbac-actions: - - $ref: '#/x-rbac-catalog/actions/agent:delete' - parameters: - - $ref: '#/components/parameters/pretty' - - $ref: '#/components/parameters/wait_for_complete' - - $ref: '#/components/parameters/agents_list_delete' - - $ref: '#/components/parameters/purge' - - $ref: '#/components/parameters/statusAgentParam' - - $ref: '#/components/parameters/older_than' - responses: - '200': - description: "Delete agents" - content: - application/json: - schema: - allOf: - - $ref: '#/components/schemas/ApiResponse' - - type: object - properties: - data: - allOf: - - $ref: '#/components/schemas/AllItemsResponseAgentIDs' - - type: object - properties: - older_than: - type: string - format: timeframe - description: "Return older than parameter used. It can be the default value or the - parameter sent by the user" - example: - data: - affected_items: - - '001' - - '002' - - '003' - older_than: 1s - total_affected_items: 3 - message: 'All selected agents were deleted' - error: 0 - '400': - $ref: '#/components/responses/ResponseError' - '401': - $ref: '#/components/responses/UnauthorizedResponse' - '403': - $ref: '#/components/responses/PermissionDeniedResponse' - '405': - $ref: '#/components/responses/InvalidHTTPMethodResponse' - '429': - $ref: '#/components/responses/TooManyRequestsResponse' - get: - tags: - - Agents - summary: "List agents" - description: "Return information about all available agents or a list of them" - operationId: api.controllers.agents_controller.get_agents - x-rbac-actions: - - $ref: '#/x-rbac-catalog/actions/agent:read' - parameters: - - $ref: '#/components/parameters/pretty' - - $ref: '#/components/parameters/wait_for_complete' - - $ref: '#/components/parameters/agents_list' - - $ref: '#/components/parameters/offset' - - $ref: '#/components/parameters/limit' - - $ref: '#/components/parameters/select' - - $ref: '#/components/parameters/sort' - - $ref: '#/components/parameters/search' - - $ref: '#/components/parameters/statusAgentParam' - - $ref: '#/components/parameters/query' - - $ref: '#/components/parameters/olderThanParam' - - $ref: '#/components/parameters/os.platform' - - $ref: '#/components/parameters/os.version' - - $ref: '#/components/parameters/os.name' - - $ref: '#/components/parameters/manager_host' - - $ref: '#/components/parameters/version' - - $ref: '#/components/parameters/agent_group' - - $ref: '#/components/parameters/node_name' - - $ref: '#/components/parameters/name' - - $ref: '#/components/parameters/ip' - - $ref: '#/components/parameters/registerIP' - responses: - '200': - description: "List of agents or error description" - content: - application/json: - schema: - allOf: - - $ref: '#/components/schemas/ApiResponse' - - type: object - properties: - data: - $ref: '#/components/schemas/AllItemsResponseAgents' - example: - data: - affected_items: - - configSum: 29e0926e5a77442212e824868a2a61df - dateAdd: '1970-01-01T00:00:00Z' - group: - - default - - group1 - id: '001' - ip: 172.18.0.6 - lastKeepAlive: '2019-10-16T09:13:34Z' - manager: wazuh-worker2 - mergedSum: a13d9b2edc5bdd5ef7331c0d5b9ecf34 - name: wazuh-agent1 - node_name: worker2 - os: - arch: x86_64 - codename: Xenial Xerus - major: '16' - minor: '04' - name: Ubuntu - platform: ubuntu - uname: Linux |wazuh-agent1 |4.18.0-16-generic |#17~18.04.1-Ubuntu SMP Tue Feb - 12 13:35:51 UTC 2019 |x86_64 - version: 16.04.6 LTS - registerIP: any - status: active - version: Wazuh v3.10.0 - - configSum: e2f47d482da37c099fa1d6e4c43b523c - dateAdd: '1970-01-01T00:00:00Z' - group: - - default - - group2 - id: '002' - ip: 172.18.0.7 - lastKeepAlive: '2019-10-16T09:13:28Z' - manager: wazuh-worker2 - mergedSum: d6fde33dc232d8f91359b2e98994c933 - name: wazuh-agent2 - node_name: worker2 - os: - arch: x86_64 - codename: Xenial Xerus - major: '16' - minor: '04' - name: Ubuntu - platform: ubuntu - uname: Linux |wazuh-agent2 |4.18.0-16-generic |#17~18.04.1-Ubuntu SMP Tue Feb - 12 13:35:51 UTC 2019 |x86_64 - version: 16.04.6 LTS - registerIP: any - status: active - version: Wazuh v3.10.0 - - configSum: dadc074e9a4f036c5d905c280c3b5bcc - dateAdd: '1970-01-01T00:00:00Z' - group: - - default - - group3 - id: '003' - ip: 172.18.0.8 - lastKeepAlive: '2019-10-16T09:13:29Z' - manager: wazuh-master - mergedSum: e40515ffa928c72ee167ed41d88245c4 - name: wazuh-agent3 - node_name: master-node - os: - arch: x86_64 - codename: Xenial Xerus - major: '16' - minor: '04' - name: Ubuntu - platform: ubuntu - uname: Linux |wazuh-agent3 |4.18.0-16-generic |#17~18.04.1-Ubuntu SMP Tue Feb - 12 13:35:51 UTC 2019 |x86_64 - version: 16.04.6 LTS - registerIP: any - status: active - version: Wazuh v3.10.0 - total_affected_items: 3 - message: 'All selected agents information was returned' - error: 0 - '400': - $ref: '#/components/responses/ResponseError' - '401': - $ref: '#/components/responses/UnauthorizedResponse' - '403': - $ref: '#/components/responses/PermissionDeniedResponse' - '405': - $ref: '#/components/responses/InvalidHTTPMethodResponse' - '429': - $ref: '#/components/responses/TooManyRequestsResponse' - post: - tags: - - Agents - summary: "Add agent" - description: "Add a new agent" - operationId: api.controllers.agents_controller.add_agent - x-rbac-actions: - - $ref: '#/x-rbac-catalog/actions/agent:create' - parameters: - - $ref: '#/components/parameters/pretty' - - $ref: '#/components/parameters/wait_for_complete' - requestBody: - content: - application/json: - schema: - properties: - name: - description: "Agent name" - type: string - format: names - ip: - description: "If this is not included, the API will get the IP automatically. If you are behind a - proxy, you must set the option behind_proxy_server to yes at api.yaml and make sure the proxy is - setting HTTP header 'X-Forwarded-For' with origin IP address. Allowed values: IP, IP/NET, ANY" - type: string - format: alphanumeric - force_time: - description: "Remove the old agent with the same IP if disconnected since seconds" - type: integer - format: int32 - minimum: 0 - required: - - name - example: - name: NewHost_2 - ip: 10.0.10.11 - responses: - '200': - description: "Add an agent" - content: - application/json: - schema: - allOf: - - $ref: '#/components/schemas/ApiResponse' - - type: object - properties: - data: - $ref: '#/components/schemas/AgentIdKey' - example: - data: - id: "007" - key: "MDA3IE5ld0hvc3QgMTAuMC4wLjkgZTk5MDE2ZTkzMjMyZDBjZDYyMGIyZTZmMTM2ZjMzMDQxMjY3M2E0NGRmOTNmODk1NzFj - MGQyYzczY2VlYzRhZQ==" - '400': - $ref: '#/components/responses/ResponseError' - '401': - $ref: '#/components/responses/UnauthorizedResponse' - '403': - $ref: '#/components/responses/PermissionDeniedResponse' - '405': - $ref: '#/components/responses/InvalidHTTPMethodResponse' - '406': - $ref: '#/components/responses/WrongContentTypeResponse' - '413': - $ref: '#/components/responses/RequestTooLargeResponse' - '429': - $ref: '#/components/responses/TooManyRequestsResponse' - - /agents/{agent_id}/config/{component}/{configuration}: - get: - tags: - - Agents - summary: "Get active configuration" - description: "Return the active configuration the agent is currently using. This can be different from the - configuration present in the configuration file, if it has been modified and the agent has not been restarted yet" - operationId: api.controllers.agents_controller.get_agent_config - x-rbac-actions: - - $ref: '#/x-rbac-catalog/actions/agent:read' - parameters: - - $ref: '#/components/parameters/pretty' - - $ref: '#/components/parameters/wait_for_complete' - - $ref: '#/components/parameters/agent_id' - - $ref: '#/components/parameters/component' - - $ref: '#/components/parameters/configuration' - responses: - '200': - description: "Get agent configuration" - content: - application/json: - schema: - allOf: - - $ref: '#/components/schemas/ApiResponse' - - type: object - properties: - data: - $ref: '#/components/schemas/AgentConfiguration' - example: - data: - client: - config-profile: "ubuntu, ubuntu18, ubuntu18.04" - notify_time: 10 - time-reconnect: 60 - auto_restart: "yes" - remote_conf: "yes" - crypto_method: "aes" - server: - - address: "nginx-lb/172.18.0.2" - port: 1514 - protocol: tcp - '400': - $ref: '#/components/responses/ResponseError' - '401': - $ref: '#/components/responses/UnauthorizedResponse' - '403': - $ref: '#/components/responses/PermissionDeniedResponse' - '405': - $ref: '#/components/responses/InvalidHTTPMethodResponse' - '429': - $ref: '#/components/responses/TooManyRequestsResponse' - - /agents/{agent_id}/group: - delete: - tags: - - Agents - summary: "Remove agent from groups" - description: 'Remove the agent from all groups or a list of them. The agent will automatically revert to the - default group if it is removed from all its assigned groups' - operationId: api.controllers.agents_controller.delete_single_agent_multiple_groups - x-rbac-actions: - - $ref: '#/x-rbac-catalog/actions/agent:modify_group' - - $ref: '#/x-rbac-catalog/actions/group:modify_assignments' - parameters: - - $ref: '#/components/parameters/pretty' - - $ref: '#/components/parameters/wait_for_complete' - - $ref: '#/components/parameters/agent_id' - - $ref: '#/components/parameters/groups_list' - responses: - '200': - description: "Remove the agent from all groups" - content: - application/json: - schema: - allOf: - - $ref: '#/components/schemas/ApiResponse' - - type: object - properties: - data: - allOf: - - $ref: '#/components/schemas/AllItemsResponseGroupIDs' - example: - data: - affected_items: - - group1 - total_affected_items: 1 - failed_items: [] - total_failed_items: 0 - message: 'Specified agent was removed from returned groups' - error: 0 - '400': - $ref: '#/components/responses/ResponseError' - '401': - $ref: '#/components/responses/UnauthorizedResponse' - '403': - $ref: '#/components/responses/PermissionDeniedResponse' - '405': - $ref: '#/components/responses/InvalidHTTPMethodResponse' - '429': - $ref: '#/components/responses/TooManyRequestsResponse' - - /agents/{agent_id}/group/is_sync: - get: - tags: - - Agents - summary: "Get configuration sync status" - description: "Return whether the agent configuration has been synchronized with the agent or not. This can be - useful to check after updating a group configuration" - operationId: api.controllers.agents_controller.get_sync_agent - x-rbac-actions: - - $ref: '#/x-rbac-catalog/actions/agent:read' - parameters: - - $ref: '#/components/parameters/pretty' - - $ref: '#/components/parameters/wait_for_complete' - - $ref: '#/components/parameters/agent_id' - responses: - '200': - description: "Get agent sync" - content: - application/json: - schema: - allOf: - - $ref: '#/components/schemas/ApiResponse' - - type: object - properties: - data: - $ref: '#/components/schemas/AllItemsResponseAgentsSynced' - example: - data: - affected_items: - - id: '002' - synced: true - failed_items: [] - total_affected_items: 1 - total_failed_items: 0 - message: 'Sync info was returned for all selected agents' - error: 0 - '400': - $ref: '#/components/responses/ResponseError' - '401': - $ref: '#/components/responses/UnauthorizedResponse' - '403': - $ref: '#/components/responses/PermissionDeniedResponse' - '405': - $ref: '#/components/responses/InvalidHTTPMethodResponse' - '429': - $ref: '#/components/responses/TooManyRequestsResponse' - - /agents/{agent_id}/group/{group_id}: - delete: - tags: - - Agents - summary: "Remove agent from group" - description: "Remove an agent from an specified group. If the agent has multigroups, it will preserve all - previous groups except the last one" - operationId: api.controllers.agents_controller.delete_single_agent_single_group - x-rbac-actions: - - $ref: '#/x-rbac-catalog/actions/agent:modify_group' - - $ref: '#/x-rbac-catalog/actions/group:modify_assignments' - parameters: - - $ref: '#/components/parameters/pretty' - - $ref: '#/components/parameters/wait_for_complete' - - $ref: '#/components/parameters/agent_id' - - $ref: '#/components/parameters/group_id' - responses: - '200': - description: "Remove agent from a group" - content: - application/json: - schema: - $ref: '#/components/schemas/ApiResponse' - example: - message: "Agent '004' removed from group 'dmz'" - error: 0 - '400': - $ref: '#/components/responses/ResponseError' - '401': - $ref: '#/components/responses/UnauthorizedResponse' - '403': - $ref: '#/components/responses/PermissionDeniedResponse' - '404': - $ref: '#/components/responses/ResourceNotFoundResponse' - '405': - $ref: '#/components/responses/InvalidHTTPMethodResponse' - '429': - $ref: '#/components/responses/TooManyRequestsResponse' - - put: - tags: - - Agents - summary: "Assign agent to group" - description: "Assign an agent to a specified group" - operationId: api.controllers.agents_controller.put_agent_single_group - x-rbac-actions: - - $ref: '#/x-rbac-catalog/actions/agent:modify_group' - - $ref: '#/x-rbac-catalog/actions/group:modify_assignments' - parameters: - - $ref: '#/components/parameters/pretty' - - $ref: '#/components/parameters/wait_for_complete' - - $ref: '#/components/parameters/agent_id' - - $ref: '#/components/parameters/group_id' - - $ref: '#/components/parameters/force_single_group' - responses: - '200': - description: "Add agent to group" - content: - application/json: - schema: - $ref: '#/components/schemas/ApiResponse' - example: - data: - affected_items: - - "003" - total_affected_items: 1 - failed_items: [] - total_failed_items: 0 - message: "All selected agents were assigned to group3" - error: 0 - '400': - $ref: '#/components/responses/ResponseError' - '401': - $ref: '#/components/responses/UnauthorizedResponse' - '403': - $ref: '#/components/responses/PermissionDeniedResponse' - '404': - $ref: '#/components/responses/ResourceNotFoundResponse' - '405': - $ref: '#/components/responses/InvalidHTTPMethodResponse' - '429': - $ref: '#/components/responses/TooManyRequestsResponse' - - /agents/{agent_id}/key: - get: - tags: - - Agents - summary: "Get key" - description: "Return the key of an agent" - operationId: api.controllers.agents_controller.get_agent_key - x-rbac-actions: - - $ref: '#/x-rbac-catalog/actions/agent:read' - parameters: - - $ref: '#/components/parameters/pretty' - - $ref: '#/components/parameters/wait_for_complete' - - $ref: '#/components/parameters/agent_id' - responses: - '200': - description: "Get agent key" - content: - application/json: - schema: - allOf: - - $ref: '#/components/schemas/ApiResponse' - - type: object - properties: - data: - $ref: '#/components/schemas/AllItemsResponseAgentsKeys' - example: - data: - affected_items: - - id: '002' - key: "MDAyIHdhenVoLWFnZW50MiBhbnkgMzAxYzk0Y2I3NDc5MzliMjAyYTg0OGE3NGIwMTNkODQwZWJkNWUyZmIxMjQ3Nzhl - NDhjYzUxOGE4MWQyNDFkYw==" - total_affected_items: 1 - failed_items: [] - total_failed_items: 0 - message: "Obtained keys for all selected agents" - error: 0 - '400': - $ref: '#/components/responses/ResponseError' - '401': - $ref: '#/components/responses/UnauthorizedResponse' - '403': - $ref: '#/components/responses/PermissionDeniedResponse' - '405': - $ref: '#/components/responses/InvalidHTTPMethodResponse' - '429': - $ref: '#/components/responses/TooManyRequestsResponse' - - /agents/{agent_id}/restart: - put: - tags: - - Agents - summary: "Restart agent" - description: "Restart the specified agent" - operationId: api.controllers.agents_controller.restart_agent - x-rbac-actions: - - $ref: '#/x-rbac-catalog/actions/agent:restart' - parameters: - - $ref: '#/components/parameters/pretty' - - $ref: '#/components/parameters/wait_for_complete' - - $ref: '#/components/parameters/agent_id' - responses: - '200': - description: "Agent restarted" - content: - application/json: - schema: - allOf: - - $ref: '#/components/schemas/ApiResponse' - - type: object - properties: - data: - $ref: '#/components/schemas/ItemAffected' - example: - data: - affected_items: - - "002" - total_affected_items: 1 - failed_items: [] - total_failed_items: 0 - message: "Restart command sent to all agents" - error: 0 - '400': - $ref: '#/components/responses/ResponseError' - '401': - $ref: '#/components/responses/UnauthorizedResponse' - '403': - $ref: '#/components/responses/PermissionDeniedResponse' - '405': - $ref: '#/components/responses/InvalidHTTPMethodResponse' - '429': - $ref: '#/components/responses/TooManyRequestsResponse' - - /agents/{agent_id}/upgrade: - put: - tags: - - Agents - summary: "Upgrade agent" - description: "Upgrade the agent using a WPK file from online repository" - operationId: api.controllers.agents_controller.put_upgrade_agent - x-rbac-actions: - - $ref: '#/x-rbac-catalog/actions/agent:upgrade' - parameters: - - $ref: '#/components/parameters/pretty' - - $ref: '#/components/parameters/wait_for_complete' - - $ref: '#/components/parameters/agent_id' - - $ref: '#/components/parameters/wpk_repo' - - $ref: '#/components/parameters/upgrade_version' - - $ref: '#/components/parameters/use_http' - - $ref: '#/components/parameters/force' - responses: - '200': - description: "Agent upgraded" - content: - application/json: - schema: - $ref: '#/components/schemas/ApiResponse' - example: - message: "Upgrade procedure started" - error: 0 - '400': - $ref: '#/components/responses/ResponseError' - '401': - $ref: '#/components/responses/UnauthorizedResponse' - '403': - $ref: '#/components/responses/PermissionDeniedResponse' - '405': - $ref: '#/components/responses/InvalidHTTPMethodResponse' - '429': - $ref: '#/components/responses/TooManyRequestsResponse' - - /agents/{agent_id}/upgrade_custom: - put: - tags: - - Agents - summary: "Upgrade agent custom" - description: "Upgrade the agent using a local WPK file" - operationId: api.controllers.agents_controller.put_upgrade_custom_agent - x-rbac-actions: - - $ref: '#/x-rbac-catalog/actions/agent:upgrade' - parameters: - - $ref: '#/components/parameters/pretty' - - $ref: '#/components/parameters/wait_for_complete' - - $ref: '#/components/parameters/agent_id' - - $ref: '#/components/parameters/file_path' - - $ref: '#/components/parameters/installer' - responses: - '200': - description: "Agent upgraded" - content: - application/json: - schema: - $ref: '#/components/schemas/ApiResponse' - example: - message: "Installation started" - error: 0 - '400': - $ref: '#/components/responses/ResponseError' - '401': - $ref: '#/components/responses/UnauthorizedResponse' - '403': - $ref: '#/components/responses/PermissionDeniedResponse' - '405': - $ref: '#/components/responses/InvalidHTTPMethodResponse' - '429': - $ref: '#/components/responses/TooManyRequestsResponse' - - /agents/{agent_id}/upgrade_result: - get: - tags: - - Agents - summary: "Get upgrade result" - description: "Return the upgrade result after updating an agent" - operationId: api.controllers.agents_controller.get_agent_upgrade - x-rbac-actions: - - $ref: '#/x-rbac-catalog/actions/agent:upgrade' - parameters: - - $ref: '#/components/parameters/pretty' - - $ref: '#/components/parameters/wait_for_complete' - - $ref: '#/components/parameters/agent_id' - - in: query - name: timeout - description: "Seconds to wait for the agent to respond" - schema: - type: integer - format: int32 - responses: - '200': - description: "Get agent upgrade result" - content: - application/json: - schema: - $ref: '#/components/schemas/ApiResponse' - example: - message: Agent was successfully upgraded - error: 0 - '400': - $ref: '#/components/responses/ResponseError' - '401': - $ref: '#/components/responses/UnauthorizedResponse' - '403': - $ref: '#/components/responses/PermissionDeniedResponse' - '405': - $ref: '#/components/responses/InvalidHTTPMethodResponse' - '429': - $ref: '#/components/responses/TooManyRequestsResponse' - - /agents/group: - delete: - tags: - - Agents - summary: "Remove agents from group" - description: "Remove all agents assignment or a list of them from the specified group" - operationId: api.controllers.agents_controller.delete_multiple_agent_single_group - x-rbac-actions: - - $ref: '#/x-rbac-catalog/actions/agent:modify_group' - - $ref: '#/x-rbac-catalog/actions/group:modify_assignments' - parameters: - - $ref: '#/components/parameters/pretty' - - $ref: '#/components/parameters/wait_for_complete' - - $ref: '#/components/parameters/agents_list_delete' - - $ref: '#/components/parameters/group_id_query' - responses: - '200': - description: "Remove multiple agents assignment from a single group" - content: - application/json: - schema: - allOf: - - $ref: '#/components/schemas/ApiResponse' - - type: object - properties: - data: - allOf: - - $ref: '#/components/schemas/AllItemsResponseAgentIDs' - example: - data: - affected_items: - - '002' - - '006' - - '008' - - '010' - total_affected_items: 4 - failed_items: [] - total_failed_items: 0 - message: All selected agents were removed from group group1 - error: 0 - '400': - $ref: '#/components/responses/ResponseError' - '401': - $ref: '#/components/responses/UnauthorizedResponse' - '403': - $ref: '#/components/responses/PermissionDeniedResponse' - '404': - $ref: '#/components/responses/ResourceNotFoundResponse' - '405': - $ref: '#/components/responses/InvalidHTTPMethodResponse' - '429': - $ref: '#/components/responses/TooManyRequestsResponse' - - put: - tags: - - Agents - summary: "Assign agents to group" - description: "Assign all agents or a list of them to the specified group" - operationId: api.controllers.agents_controller.put_multiple_agent_single_group - x-rbac-actions: - - $ref: '#/x-rbac-catalog/actions/agent:modify_group' - - $ref: '#/x-rbac-catalog/actions/group:modify_assignments' - parameters: - - $ref: '#/components/parameters/pretty' - - $ref: '#/components/parameters/wait_for_complete' - - $ref: '#/components/parameters/agents_list' - - $ref: '#/components/parameters/group_id_query' - - $ref: '#/components/parameters/force_single_group' - responses: - '200': - description: "Assign multiple agents to a single group" - content: - application/json: - schema: - allOf: - - $ref: '#/components/schemas/ApiResponse' - - type: object - properties: - data: - allOf: - - $ref: '#/components/schemas/AllItemsResponseAgentIDs' - example: - data: - affected_items: - - '001' - - '002' - failed_items: - - error: - code: 1701 - message: Agent does not exist - remediation: Please, use `GET /agents?select=id,name` to find all available agents - id: - - '999' - - error: - code: 1753 - message: Could not assign group. Agent status is never_connected - remediation: Please select another agent or connect your agent before assigning groups - id: - - '011' - total_affected_items: 2 - total_failed_items: 2 - message: Some agents were not assigned to group2 and removed from the other groups - error: 2 - '400': - $ref: '#/components/responses/ResponseError' - '401': - $ref: '#/components/responses/UnauthorizedResponse' - '403': - $ref: '#/components/responses/PermissionDeniedResponse' - '404': - $ref: '#/components/responses/ResourceNotFoundResponse' - '405': - $ref: '#/components/responses/InvalidHTTPMethodResponse' - '429': - $ref: '#/components/responses/TooManyRequestsResponse' - - /agents/group/{group_id}/restart: - put: - tags: - - Agents - summary: 'Restart agents in group' - description: 'Restart all agents which belong to a given group' - operationId: api.controllers.agents_controller.restart_agents_by_group - x-rbac-actions: - - $ref: '#/x-rbac-catalog/actions/agent:restart' - parameters: - - $ref: '#/components/parameters/pretty' - - $ref: '#/components/parameters/wait_for_complete' - - $ref: '#/components/parameters/group_id' - responses: - '200': - description: Agents restarted - content: - application/json: - schema: - allOf: - - $ref: '#/components/schemas/ApiResponse' - - type: object - properties: - data: - $ref: '#/components/schemas/AllItemsResponseAgentIDs' - example: - message: "Restart command sent to all agents" - error: 0 - '400': - $ref: '#/components/responses/ResponseError' - '401': - $ref: '#/components/responses/UnauthorizedResponse' - '403': - $ref: '#/components/responses/PermissionDeniedResponse' - '404': - $ref: '#/components/responses/ResourceNotFoundResponse' - '405': - $ref: '#/components/responses/InvalidHTTPMethodResponse' - '429': - $ref: '#/components/responses/TooManyRequestsResponse' - - /groups: - delete: - tags: - - Groups - summary: "Delete groups" - description: "Delete all groups or a list of them" - operationId: api.controllers.agents_controller.delete_groups - x-rbac-actions: - - $ref: '#/x-rbac-catalog/actions/agent:modify_group' - - $ref: '#/x-rbac-catalog/actions/group:delete' - - $ref: '#/x-rbac-catalog/actions/group:modify_assignments' - parameters: - - $ref: '#/components/parameters/pretty' - - $ref: '#/components/parameters/wait_for_complete' - - $ref: '#/components/parameters/groups_list_delete' - responses: - '200': - description: "Remove multiple group of multiple agents" - content: - application/json: - schema: - allOf: - - $ref: '#/components/schemas/ApiResponse' - - type: object - properties: - data: - allOf: - - $ref: '#/components/schemas/AllItemsResponseGroupIDs' - - $ref: '#/components/schemas/AgentGroupDeleted' - example: - data: - affected_agents: - - '002' - - '005' - - '003' - affected_items: - - 'webserver' - - 'dataserver' - total_affected_items: 2 - total_failed_items: 0 - message: "All selected groups were deleted" - error: 0 - '400': - $ref: '#/components/responses/ResponseError' - '401': - $ref: '#/components/responses/UnauthorizedResponse' - '403': - $ref: '#/components/responses/PermissionDeniedResponse' - '405': - $ref: '#/components/responses/InvalidHTTPMethodResponse' - '429': - $ref: '#/components/responses/TooManyRequestsResponse' - - get: - tags: - - Groups - summary: "Get groups" - description: "Get information about all groups or a list of them. Returns a list containing basic information - about each group such as number of agents belonging to the group and the checksums of the configuration and - shared files" - operationId: api.controllers.agents_controller.get_list_group - x-rbac-actions: - - $ref: '#/x-rbac-catalog/actions/group:read' - parameters: - - $ref: '#/components/parameters/pretty' - - $ref: '#/components/parameters/wait_for_complete' - - $ref: '#/components/parameters/groups_list' - - $ref: '#/components/parameters/offset' - - $ref: '#/components/parameters/limit' - - $ref: '#/components/parameters/sort' - - $ref: '#/components/parameters/search' - - $ref: '#/components/parameters/hash' - responses: - '200': - description: "List all groups" - content: - application/json: - schema: - allOf: - - $ref: '#/components/schemas/ApiResponse' - - type: object - properties: - data: - $ref: '#/components/schemas/AllItemsResponseGroups' - example: - data: - affected_items: - - count: 2 - name: default - mergedSum: f8d49771911ed9d5c45b03a40babd065 - configSum: ab73af41699f13fdd81903b5f23d8d00 - - count: 3 - name: dmz - mergedSum: 220d6c5fc253f251827ee7487341c0fc - configSum: cfbae9ecc10eb15f1b4fc736de6758cc - - count: 0 - name: pciserver - mergedSum: 220d6c5fc253f251827ee7487341c0fc - configSum: ab73af41699f13fdd81903b5f23d8d00 - total_affected_items: 3 - failed_items: [] - total_failed_items: 0 - message: "All selected groups information was returned" - error: 0 - '400': - $ref: '#/components/responses/ResponseError' - '401': - $ref: '#/components/responses/UnauthorizedResponse' - '403': - $ref: '#/components/responses/PermissionDeniedResponse' - '405': - $ref: '#/components/responses/InvalidHTTPMethodResponse' - '429': - $ref: '#/components/responses/TooManyRequestsResponse' - - post: - tags: - - Groups - summary: "Create a group" - description: "Create a new group" - operationId: api.controllers.agents_controller.post_group - x-rbac-actions: - - $ref: '#/x-rbac-catalog/actions/group:create' - parameters: - - $ref: '#/components/parameters/pretty' - - $ref: '#/components/parameters/wait_for_complete' - - $ref: '#/components/parameters/group_id_query' - responses: - '200': - description: "Add new agent" - content: - application/json: - schema: - $ref: '#/components/schemas/ApiResponse' - example: - message: "Group 'pciserver' created" - error: 0 - '400': - $ref: '#/components/responses/ResponseError' - '401': - $ref: '#/components/responses/UnauthorizedResponse' - '403': - $ref: '#/components/responses/PermissionDeniedResponse' - '405': - $ref: '#/components/responses/InvalidHTTPMethodResponse' - '429': - $ref: '#/components/responses/TooManyRequestsResponse' - - /groups/{group_id}/agents: - get: - tags: - - Groups - summary: "Get agents in a group" - description: "Return the list of agents that belong to the specified group" - operationId: api.controllers.agents_controller.get_agents_in_group - x-rbac-actions: - - $ref: '#/x-rbac-catalog/actions/agent:read' - - $ref: '#/x-rbac-catalog/actions/group:read' - parameters: - - $ref: '#/components/parameters/pretty' - - $ref: '#/components/parameters/wait_for_complete' - - $ref: '#/components/parameters/group_id' - - $ref: '#/components/parameters/offset' - - $ref: '#/components/parameters/limit' - - $ref: '#/components/parameters/select' - - $ref: '#/components/parameters/sort' - - $ref: '#/components/parameters/search' - - $ref: '#/components/parameters/statusAgentParam' - - $ref: '#/components/parameters/query' - responses: - '200': - description: "List of agents or error description" - content: - application/json: - schema: - allOf: - - $ref: '#/components/schemas/ApiResponse' - - type: object - properties: - data: - $ref: '#/components/schemas/AllItemsResponseAgents' - example: - data: - affected_items: - - configSum: 29e0926e5a77442212e824868a2a61df - dateAdd: '1970-01-01T00:00:00Z' - group: - - default - - group1 - id: '001' - ip: 172.18.0.6 - lastKeepAlive: '2019-10-16T09:13:34Z' - manager: wazuh-worker2 - mergedSum: a13d9b2edc5bdd5ef7331c0d5b9ecf34 - name: wazuh-agent1 - node_name: worker2 - os: - arch: x86_64 - codename: Xenial Xerus - major: '16' - minor: '04' - name: Ubuntu - platform: ubuntu - uname: Linux |wazuh-agent1 |4.18.0-16-generic |#17~18.04.1-Ubuntu SMP Tue Feb - 12 13:35:51 UTC 2019 |x86_64 - version: 16.04.6 LTS - registerIP: any - status: active - version: Wazuh v3.10.0 - - configSum: e2f47d482da37c099fa1d6e4c43b523c - dateAdd: '1970-01-01T00:00:00Z' - group: - - default - - group2 - id: '002' - ip: 172.18.0.7 - lastKeepAlive: '2019-10-16T09:13:28Z' - manager: wazuh-worker2 - mergedSum: d6fde33dc232d8f91359b2e98994c933 - name: wazuh-agent2 - node_name: worker2 - os: - arch: x86_64 - codename: Xenial Xerus - major: '16' - minor: '04' - name: Ubuntu - platform: ubuntu - uname: Linux |wazuh-agent2 |4.18.0-16-generic |#17~18.04.1-Ubuntu SMP Tue Feb - 12 13:35:51 UTC 2019 |x86_64 - version: 16.04.6 LTS - registerIP: any - status: active - version: Wazuh v3.10.0 - - configSum: dadc074e9a4f036c5d905c280c3b5bcc - dateAdd: '1970-01-01T00:00:00Z' - group: - - default - - group3 - id: '003' - ip: 172.18.0.8 - lastKeepAlive: '2019-10-16T09:13:29Z' - manager: wazuh-master - mergedSum: e40515ffa928c72ee167ed41d88245c4 - name: wazuh-agent3 - node_name: master-node - os: - arch: x86_64 - codename: Xenial Xerus - major: '16' - minor: '04' - name: Ubuntu - platform: ubuntu - uname: Linux |wazuh-agent3 |4.18.0-16-generic |#17~18.04.1-Ubuntu SMP Tue Feb - 12 13:35:51 UTC 2019 |x86_64 - version: 16.04.6 LTS - registerIP: any - status: active - version: Wazuh v3.10.0 - total_affected_items: 3 - failed_items: [] - total_failed_items: 0 - message: "All selected agents information is shown" - error: 0 - '400': - $ref: '#/components/responses/ResponseError' - '401': - $ref: '#/components/responses/UnauthorizedResponse' - '403': - $ref: '#/components/responses/PermissionDeniedResponse' - '404': - $ref: '#/components/responses/ResourceNotFoundResponse' - '405': - $ref: '#/components/responses/InvalidHTTPMethodResponse' - '429': - $ref: '#/components/responses/TooManyRequestsResponse' - - /groups/{group_id}/configuration: - get: - tags: - - Groups - summary: "Get group configuration" - description: "Return the group configuration defined in the `agent.conf` file" - operationId: api.controllers.agents_controller.get_group_config - x-rbac-actions: - - $ref: '#/x-rbac-catalog/actions/group:read' - parameters: - - $ref: '#/components/parameters/pretty' - - $ref: '#/components/parameters/wait_for_complete' - - $ref: '#/components/parameters/group_id' - - $ref: '#/components/parameters/offset' - - $ref: '#/components/parameters/limit' - responses: - '200': - description: "Get group configuration" - content: - application/json: - schema: - type: object - properties: - data: - type: object - properties: - affected_items: - type: array - items: - $ref: '#/components/schemas/GroupConfiguration' - total_affected_items: - type: integer - format: int32 - example: - data: - affected_items: - - filters: - name: agent_name - config: - localfile: - - location: "/var/log/my.log" - log_format: syslog - - filters: - os: Linux - config: - localfile: - - location: "/var/log/linux.log" - log_format: syslog - - filters: - profile: database - config: - localfile: - - location: "/var/log/database.log" - log_format: syslog - total_affected_items: 3 - failed_items: [] - total_failed_items: 0 - '400': - $ref: '#/components/responses/ResponseError' - '401': - $ref: '#/components/responses/UnauthorizedResponse' - '403': - $ref: '#/components/responses/PermissionDeniedResponse' - '404': - $ref: '#/components/responses/ResourceNotFoundResponse' - '405': - $ref: '#/components/responses/InvalidHTTPMethodResponse' - '429': - $ref: '#/components/responses/TooManyRequestsResponse' - put: - tags: - - Groups - summary: "Update group configuration" - description: "Update an specified group's configuration. This API call expects a full valid XML file with the - shared configuration tags/syntax" - operationId: api.controllers.agents_controller.put_group_config - x-rbac-actions: - - $ref: '#/x-rbac-catalog/actions/group:update_config' - parameters: - - $ref: '#/components/parameters/pretty' - - $ref: '#/components/parameters/wait_for_complete' - - $ref: '#/components/parameters/group_id' - requestBody: - required: true - content: - application/xml: - schema: - properties: - tmp_file: - description: "File to update" - type: string - responses: - '200': - description: "Upload configuration" - content: - application/json: - schema: - $ref: '#/components/schemas/ApiResponse' - example: - message: Agent configuration was successfully updated - error: 0 - '400': - $ref: '#/components/responses/ResponseError' - '401': - $ref: '#/components/responses/UnauthorizedResponse' - '403': - $ref: '#/components/responses/PermissionDeniedResponse' - '404': - $ref: '#/components/responses/ResourceNotFoundResponse' - '405': - $ref: '#/components/responses/InvalidHTTPMethodResponse' - '406': - $ref: '#/components/responses/WrongContentTypeResponse' - '413': - $ref: '#/components/responses/RequestTooLargeResponse' - '429': - $ref: '#/components/responses/TooManyRequestsResponse' - - /groups/{group_id}/files: - get: - tags: - - Groups - summary: "Get group files" - description: "Return the files placed under the group directory" - operationId: api.controllers.agents_controller.get_group_files - x-rbac-actions: - - $ref: '#/x-rbac-catalog/actions/group:read' - parameters: - - $ref: '#/components/parameters/pretty' - - $ref: '#/components/parameters/wait_for_complete' - - $ref: '#/components/parameters/group_id' - - $ref: '#/components/parameters/offset' - - $ref: '#/components/parameters/limit' - - $ref: '#/components/parameters/sort' - - $ref: '#/components/parameters/search' - - $ref: '#/components/parameters/hash' - responses: - '200': - description: "Get group files" - content: - application/json: - schema: - allOf: - - $ref: '#/components/schemas/ApiResponse' - - type: object - properties: - data: - $ref: '#/components/schemas/AllItemsResponse' - example: - data: - affected_items: - - filename: agent.conf - hash: ab73af41699f13fdd81903b5f23d8d00 - - filename: ar.conf - hash: 76d8be9b97d8eae4c239e530ee7e71c8 - - filename: merged.mg - hash: f8d49771911ed9d5c45b03a40babd065 - - filename: rootkit_files.txt - hash: e5ddcac443143cef6237d5f9b8d48585 - - filename: rootkit_trojans.txt - hash: 6bcf7016d3e6b4c7faa62cf265c24dcc - - filename: system_audit_rcl.txt - hash: be69b84dd5ee73200bb903a46270e18c - - filename: system_audit_ssh.txt - hash: 407c1f5e103f0cb58249eb7252a84797 - - filename: win_applications_rcl.txt - hash: 0a4ad12c8145aca8a28d31de5c448b48 - - filename: win_audit_rcl.txt - hash: 92d8011facc8b921ece301ea4ce6a616 - - filename: win_malware_rcl.txt - hash: f5e0305e248bd00e05445f329bd1dd5e - total_affected_items: 10 - failed_items: [] - total_failed_items: 0 - message: 'All selected groups files were returned' - error: 0 - '400': - $ref: '#/components/responses/ResponseError' - '401': - $ref: '#/components/responses/UnauthorizedResponse' - '403': - $ref: '#/components/responses/PermissionDeniedResponse' - '404': - $ref: '#/components/responses/ResourceNotFoundResponse' - '405': - $ref: '#/components/responses/InvalidHTTPMethodResponse' - '429': - $ref: '#/components/responses/TooManyRequestsResponse' - - /groups/{group_id}/files/{file_name}/json: - get: - tags: - - Groups - summary: "Get a file in group" - description: "Return the contents of the specified group file parsed to JSON" - operationId: api.controllers.agents_controller.get_group_file_json - x-rbac-actions: - - $ref: '#/x-rbac-catalog/actions/group:read' - parameters: - - $ref: '#/components/parameters/pretty' - - $ref: '#/components/parameters/wait_for_complete' - - $ref: '#/components/parameters/group_id' - - $ref: '#/components/parameters/file_name' - - $ref: '#/components/parameters/type_agents' - responses: - '200': - description: "Get group file in json format" - content: - application/json: - schema: - properties: - data: - oneOf: - - type: array - - type: object - description: "The output format depends on the type of file that has been requested: rootkit - file, rootkit trojans or rcl" - example: - data: - vars: None - controls: - - condition: all required - name: CIS - Testing against the CIS Debian Linux Benchmark v1 - reference: CIS_Debian_Benchmark_v1.0pdf - checks: - - f:/etc/debian_version - - name: "CIS - Debian Linux - 1.4 - Robust partition scheme - /tmp is not on its own partition" - condition: "any" - reference: "https://benchmarks.cisecurity.org/tools2/linux/CIS_Debian_Benchmark_v1.0.pdf" - checks: - - "f:/etc/fstab -> !r:/tmp;" - '400': - $ref: '#/components/responses/ResponseError' - '401': - $ref: '#/components/responses/UnauthorizedResponse' - '403': - $ref: '#/components/responses/PermissionDeniedResponse' - '404': - $ref: '#/components/responses/ResourceNotFoundResponse' - '405': - $ref: '#/components/responses/InvalidHTTPMethodResponse' - '429': - $ref: '#/components/responses/TooManyRequestsResponse' - - /groups/{group_id}/files/{file_name}/xml: - get: - tags: - - Groups - summary: "Get a file in group" - description: "Return the contents of the specified group file parsed to XML" - operationId: api.controllers.agents_controller.get_group_file_xml - x-rbac-actions: - - $ref: '#/x-rbac-catalog/actions/group:read' - parameters: - - $ref: '#/components/parameters/pretty' - - $ref: '#/components/parameters/wait_for_complete' - - $ref: '#/components/parameters/group_id' - - $ref: '#/components/parameters/file_name' - - $ref: '#/components/parameters/type_agents' - responses: - '200': - description: "Get group file in xml format" - content: - application/xml: - schema: - type: string - example: | - - - - - /var/log/linux.log - syslog - - - - '400': - $ref: '#/components/responses/ResponseError' - '401': - $ref: '#/components/responses/UnauthorizedResponse' - '403': - $ref: '#/components/responses/PermissionDeniedResponse' - '404': - $ref: '#/components/responses/ResourceNotFoundResponse' - '405': - $ref: '#/components/responses/InvalidHTTPMethodResponse' - '429': - $ref: '#/components/responses/TooManyRequestsResponse' - - /agents/insert: - post: - tags: - - Agents - summary: "Add agent full" - description: "Add an agent specifying its name, ID and IP. If an agent with the same ID already exists, replace - it using `force` parameter" - operationId: api.controllers.agents_controller.insert_agent - x-rbac-actions: - - $ref: '#/x-rbac-catalog/actions/agent:create' - parameters: - - $ref: '#/components/parameters/pretty' - - $ref: '#/components/parameters/wait_for_complete' - requestBody: - content: - application/json: - schema: - properties: - id: - $ref: '#/components/schemas/AgentID' - key: - type: string - maxLength: 64 - minLength: 64 - format: wazuh_key - description: "Key to use when communicating with the manager. The agent must have the same key on - its `client.keys` file" - name: - description: "Agent name" - type: string - format: names - ip: - description: "If this is not included, the API will get the IP automatically. If you are behind a - proxy, you must set the option behind_proxy_server to yes at api.yaml and make sure the proxy is - setting HTTP header 'X-Forwarded-For' with origin IP address. Allowed values: IP, IP/NET, ANY" - type: string - format: alphanumeric - force_time: - description: "Remove the old agent with the same IP if disconnected for seconds" - type: integer - format: int32 - minimum: 0 - required: - - name - example: - name: NewHost_2 - ip: 10.0.10.11 - id: "123" - key: 1abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcdefghi64 - responses: - '200': - description: "Insert new agent" - content: - application/json: - schema: - allOf: - - $ref: '#/components/schemas/ApiResponse' - - type: object - properties: - data: - $ref: '#/components/schemas/AgentIdKey' - example: - data: - id: "001" - key: "MTIzIE5ld0hvc3RfMiAxMC4wLjEwLjEwIDFhYmNkZWZnaGlqa2xtbm9wcXJzdHV2d3h5emFiY2RlZmdoaWprbG1ub3BxcnN0 - dXZ3eHl6YWJjZGVmZ2hpNjQ=" - '400': - $ref: '#/components/responses/ResponseError' - '401': - $ref: '#/components/responses/UnauthorizedResponse' - '403': - $ref: '#/components/responses/PermissionDeniedResponse' - '405': - $ref: '#/components/responses/InvalidHTTPMethodResponse' - '406': - $ref: '#/components/responses/WrongContentTypeResponse' - '413': - $ref: '#/components/responses/RequestTooLargeResponse' - '429': - $ref: '#/components/responses/TooManyRequestsResponse' - - /agents/insert/quick: - post: - tags: - - Agents - summary: "Add agent quick" - description: "Add a new agent with name `agent_name`. This agent will use `any` as IP" - operationId: api.controllers.agents_controller.post_new_agent - x-rbac-actions: - - $ref: '#/x-rbac-catalog/actions/agent:create' - parameters: - - $ref: '#/components/parameters/pretty' - - $ref: '#/components/parameters/wait_for_complete' - - $ref: '#/components/parameters/agent_name' - responses: - '200': - description: "Agent added" - content: - application/json: - schema: - allOf: - - $ref: '#/components/schemas/ApiResponse' - - type: object - properties: - data: - $ref: '#/components/schemas/AgentIdKey' - example: - data: - id: "008" - key: "MDA4IG15TmV3QWdlbnQgYW55IDIyNGVmNmI4NjYyMDk5OTc5NzdiZWJhNDRmZTAyNDI0NjU2ZDM1NjhjNWJiZWI4Njk0M2Jk - MzdjZjA5YjZlM2M=" - '400': - $ref: '#/components/responses/ResponseError' - '401': - $ref: '#/components/responses/UnauthorizedResponse' - '403': - $ref: '#/components/responses/PermissionDeniedResponse' - '405': - $ref: '#/components/responses/InvalidHTTPMethodResponse' - '429': - $ref: '#/components/responses/TooManyRequestsResponse' - - /agents/no_group: - get: - tags: - - Agents - summary: "List agents without group" - description: "Return a list with all the available agents without an assigned group" - operationId: api.controllers.agents_controller.get_agent_no_group - x-rbac-actions: - - $ref: '#/x-rbac-catalog/actions/agent:read' - parameters: - - $ref: '#/components/parameters/pretty' - - $ref: '#/components/parameters/wait_for_complete' - - $ref: '#/components/parameters/offset' - - $ref: '#/components/parameters/limit' - - $ref: '#/components/parameters/select' - - $ref: '#/components/parameters/sort' - - $ref: '#/components/parameters/search' - - $ref: '#/components/parameters/query' - responses: - '200': - description: "Get agents without group" - content: - application/json: - schema: - allOf: - - $ref: '#/components/schemas/ApiResponse' - - type: object - properties: - data: - $ref: '#/components/schemas/AllItemsResponseAgents' - example: - data: - affected_items: - - configSum: 29e0926e5a77442212e824868a2a61df - dateAdd: '1970-01-01T00:00:00Z' - group: - - default - - group1 - id: '001' - ip: 172.18.0.6 - lastKeepAlive: '2019-10-16T09:13:34Z' - manager: wazuh-worker2 - mergedSum: a13d9b2edc5bdd5ef7331c0d5b9ecf34 - name: wazuh-agent1 - node_name: worker2 - os: - arch: x86_64 - codename: Xenial Xerus - major: '16' - minor: '04' - name: Ubuntu - platform: ubuntu - uname: Linux |wazuh-agent1 |4.18.0-16-generic |#17~18.04.1-Ubuntu SMP Tue Feb - 12 13:35:51 UTC 2019 |x86_64 - version: 16.04.6 LTS - registerIP: any - status: active - version: Wazuh v3.10.0 - - configSum: e2f47d482da37c099fa1d6e4c43b523c - dateAdd: '1970-01-01T00:00:00Z' - group: - - default - - group2 - id: '002' - ip: 172.18.0.7 - lastKeepAlive: '2019-10-16T09:13:28Z' - manager: wazuh-worker2 - mergedSum: d6fde33dc232d8f91359b2e98994c933 - name: wazuh-agent2 - node_name: worker2 - os: - arch: x86_64 - codename: Xenial Xerus - major: '16' - minor: '04' - name: Ubuntu - platform: ubuntu - uname: Linux |wazuh-agent2 |4.18.0-16-generic |#17~18.04.1-Ubuntu SMP Tue Feb - 12 13:35:51 UTC 2019 |x86_64 - version: 16.04.6 LTS - registerIP: any - status: active - version: Wazuh v3.10.0 - - configSum: dadc074e9a4f036c5d905c280c3b5bcc - dateAdd: '1970-01-01T00:00:00Z' - group: - - default - - group3 - id: '003' - ip: 172.18.0.8 - lastKeepAlive: '2019-10-16T09:13:29Z' - manager: wazuh-master - mergedSum: e40515ffa928c72ee167ed41d88245c4 - name: wazuh-agent3 - node_name: master-node - os: - arch: x86_64 - codename: Xenial Xerus - major: '16' - minor: '04' - name: Ubuntu - platform: ubuntu - uname: Linux |wazuh-agent3 |4.18.0-16-generic |#17~18.04.1-Ubuntu SMP Tue Feb - 12 13:35:51 UTC 2019 |x86_64 - version: 16.04.6 LTS - registerIP: any - status: active - version: Wazuh v3.10.0 - total_affected_items: 3 - failed_items: [] - total_failed_items: 0 - message: All selected agents information is shown - error: 0 - '400': - $ref: '#/components/responses/ResponseError' - '401': - $ref: '#/components/responses/UnauthorizedResponse' - '403': - $ref: '#/components/responses/PermissionDeniedResponse' - '405': - $ref: '#/components/responses/InvalidHTTPMethodResponse' - '429': - $ref: '#/components/responses/TooManyRequestsResponse' - - /agents/node/{node_id}/restart: - put: - tags: - - Agents - summary: "Restart agents in node" - description: "Restart all agents which belong to a specific given node" - operationId: api.controllers.agents_controller.restart_agents_by_node - x-rbac-actions: - - $ref: '#/x-rbac-catalog/actions/cluster:read' - - $ref: '#/x-rbac-catalog/actions/agent:restart' - parameters: - - $ref: '#/components/parameters/pretty' - - $ref: '#/components/parameters/wait_for_complete' - - $ref: '#/components/parameters/node_id' - responses: - '200': - description: 'Agents restarted' - content: - application/json: - schema: - allOf: - - $ref: '#/components/schemas/ApiResponse' - - type: object - properties: - data: - $ref: '#/components/schemas/AllItemsResponseAgentIDs' - example: - data: - affected_items: - - "002" - - "003" - - "007" - total_affected_items: 3 - failed_items: [] - total_failed_items: 0 - message: "Restart command sent to all agents" - error: 0 - '400': - $ref: '#/components/responses/ResponseError' - '401': - $ref: '#/components/responses/UnauthorizedResponse' - '403': - $ref: '#/components/responses/PermissionDeniedResponse' - '405': - $ref: '#/components/responses/InvalidHTTPMethodResponse' - '429': - $ref: '#/components/responses/TooManyRequestsResponse' - - /agents/outdated: - get: - tags: - - Agents - summary: "List outdated agents" - description: "Return the list of outdated agents" - operationId: api.controllers.agents_controller.get_agent_outdated - x-rbac-actions: - - $ref: '#/x-rbac-catalog/actions/agent:read' - parameters: - - $ref: '#/components/parameters/pretty' - - $ref: '#/components/parameters/wait_for_complete' - - $ref: '#/components/parameters/offset' - - $ref: '#/components/parameters/limit' - - $ref: '#/components/parameters/sort' - - $ref: '#/components/parameters/search' - - $ref: '#/components/parameters/query' - responses: - '200': - description: "Get outdated agents" - content: - application/json: - schema: - allOf: - - $ref: '#/components/schemas/ApiResponse' - - type: object - properties: - data: - $ref: '#/components/schemas/AllItemsResponseAgentsSimple' - example: - data: - affected_items: - - version: Wazuh v3.0.0 - id: "003" - name: main_database - - version: Wazuh v3.0.0 - id: "004" - name: dmz002 - total_affected_items: 2 - failed_items: [] - total_failed_items: 0 - message: 'All selected agents information was returned' - error: 0 - '400': - $ref: '#/components/responses/ResponseError' - '401': - $ref: '#/components/responses/UnauthorizedResponse' - '403': - $ref: '#/components/responses/PermissionDeniedResponse' - '405': - $ref: '#/components/responses/InvalidHTTPMethodResponse' - '429': - $ref: '#/components/responses/TooManyRequestsResponse' - - /agents/restart: - put: - tags: - - Agents - summary: "Restart agents" - description: "Restart all agents or a list of them" - operationId: api.controllers.agents_controller.restart_agents - x-rbac-actions: - - $ref: '#/x-rbac-catalog/actions/agent:restart' - parameters: - - $ref: '#/components/parameters/pretty' - - $ref: '#/components/parameters/wait_for_complete' - - $ref: '#/components/parameters/agents_list' - responses: - '200': - description: "Agents restarted" - content: - application/json: - schema: - allOf: - - $ref: '#/components/schemas/ApiResponse' - - type: object - properties: - data: - $ref: '#/components/schemas/AllItemsResponseAgentIDs' - example: - message: 'Restart command was sent to all agents' - error: 0 - data: - affected_items: - - '002' - - '004' - total_affected_items: 2 - failed_items: [] - total_failed_items: 0 - '400': - $ref: '#/components/responses/ResponseError' - '401': - $ref: '#/components/responses/UnauthorizedResponse' - '403': - $ref: '#/components/responses/PermissionDeniedResponse' - '405': - $ref: '#/components/responses/InvalidHTTPMethodResponse' - '429': - $ref: '#/components/responses/TooManyRequestsResponse' - - /agents/stats/distinct: - get: - tags: - - Agents - summary: "List agents distinct" - description: "Return all the different combinations that agents have for the selected fields. It also indicates - the total number of agents that have each combination" - operationId: api.controllers.agents_controller.get_agent_fields - x-rbac-actions: - - $ref: '#/x-rbac-catalog/actions/agent:read' - parameters: - - $ref: '#/components/parameters/pretty' - - $ref: '#/components/parameters/wait_for_complete' - - $ref: '#/components/parameters/fields' - - $ref: '#/components/parameters/offset' - - $ref: '#/components/parameters/limit' - - $ref: '#/components/parameters/sort' - - $ref: '#/components/parameters/search' - - $ref: '#/components/parameters/select' - - $ref: '#/components/parameters/query' - responses: - '200': - description: "Get fields in agents" - content: - application/json: - schema: - allOf: - - $ref: '#/components/schemas/ApiResponse' - - type: object - properties: - data: - $ref: '#/components/schemas/AllItemsResponseAgentsDistinct' - example: - data: - affected_items: - - os: - arch: x86_64 - codename: Bionic Beaver - major: '18' - minor: '04' - name: Ubuntu - platform: ubuntu - uname: Linux |wazuh-master |5.3.0-7642-generic |#34~1584408018~19.10~21df4b1-Ubuntu - SMP Tue Mar 17 13:38:51 UTC |x86_64 - version: 18.04.4 LTS - registerIP: 127.0.0.1 - count: 1 - name: wazuh-master - version: Wazuh v3.12.0 - ip: 127.0.0.1 - lastKeepAlive: '9999-12-31T23:59:59Z' - dateAdd: '2020-04-14T10:14:16Z' - node_name: master-node - status: active - manager: wazuh-master - id: '000' - - os: - arch: x86_64 - codename: Xenial Xerus - major: '16' - minor: '04' - name: Ubuntu - platform: ubuntu - uname: Linux |wazuh-agent1 |5.3.0-7642-generic |#34~1584408018~19.10~21df4b1-Ubuntu - SMP Tue Mar 17 13:38:51 UTC |x86_64 - version: 16.04.6 LTS - group: - - default - - group1 - registerIP: any - count: 1 - name: wazuh-agent1 - mergedSum: a13d9b2edc5bdd5ef7331c0d5b9ecf34 - version: Wazuh v3.12.0 - ip: 172.24.0.6 - lastKeepAlive: '2020-04-15T11:33:31Z' - internal_key: b7efaafcde1bb0f3d3cbbf5b32e6335878305f4e6a19bec2d065f5e53e134e65 - dateAdd: '1970-01-01T00:00:00Z' - configSum: 29e0926e5a77442212e824868a2a61df - node_name: master-node - status: active - manager: wazuh-master - id: '001' - total_affected_items: 13 - total_failed_items: 0 - failed_items: [] - message: 'All selected agents information was returned' - error: 0 - '400': - $ref: '#/components/responses/ResponseError' - '401': - $ref: '#/components/responses/UnauthorizedResponse' - '403': - $ref: '#/components/responses/PermissionDeniedResponse' - '405': - $ref: '#/components/responses/InvalidHTTPMethodResponse' - '429': - $ref: '#/components/responses/TooManyRequestsResponse' - - /agents/summary/os: - get: - tags: - - Agents - summary: "Summarize agents OS" - description: "Return a summary of the OS of available agents" - operationId: api.controllers.agents_controller.get_agent_summary_os - x-rbac-actions: - - $ref: '#/x-rbac-catalog/actions/agent:read' - parameters: - - $ref: '#/components/parameters/pretty' - - $ref: '#/components/parameters/wait_for_complete' - responses: - '200': - description: "Get summary of agents OS" - content: - application/json: - schema: - allOf: - - $ref: '#/components/schemas/ApiResponse' - example: - data: - affected_items: - - ubuntu - totalItems: 1 - total_affected_items: 1 - failed_items: [] - total_failed_items: 0 - message: Showing the operative system of all specified agents - error: 0 - '400': - $ref: '#/components/responses/ResponseError' - '401': - $ref: '#/components/responses/UnauthorizedResponse' - '403': - $ref: '#/components/responses/PermissionDeniedResponse' - '405': - $ref: '#/components/responses/InvalidHTTPMethodResponse' - '429': - $ref: '#/components/responses/TooManyRequestsResponse' - - /agents/summary/status: - get: - tags: - - Agents - summary: "Summarize agents status" - description: "Return a summary of the status of available agents" - operationId: api.controllers.agents_controller.get_agent_summary_status - x-rbac-actions: - - $ref: '#/x-rbac-catalog/actions/agent:read' - parameters: - - $ref: '#/components/parameters/pretty' - - $ref: '#/components/parameters/wait_for_complete' - responses: - '200': - description: "Get summary of agents" - content: - application/json: - schema: - allOf: - - $ref: '#/components/schemas/ApiResponse' - - type: object - properties: - data: - $ref: '#/components/schemas/AgentsSummaryStatus' - example: - data: - active: 2 - disconnected: 0 - never_connected: 5 - pending: 0 - total: 7 - '400': - $ref: '#/components/responses/ResponseError' - '401': - $ref: '#/components/responses/UnauthorizedResponse' - '403': - $ref: '#/components/responses/PermissionDeniedResponse' - '405': - $ref: '#/components/responses/InvalidHTTPMethodResponse' - '429': - $ref: '#/components/responses/TooManyRequestsResponse' - - /ciscat/{agent_id}/results: - get: - tags: - - Ciscat - summary: "Get results" - description: "Return the agent's ciscat results info" - operationId: api.controllers.ciscat_controller.get_agents_ciscat_results - x-rbac-actions: - - $ref: '#/x-rbac-catalog/actions/ciscat:read' - parameters: - - $ref: '#/components/parameters/pretty' - - $ref: '#/components/parameters/wait_for_complete' - - $ref: '#/components/parameters/agent_id' - - $ref: '#/components/parameters/offset' - - $ref: '#/components/parameters/limit' - - $ref: '#/components/parameters/sort' - - $ref: '#/components/parameters/search' - - $ref: '#/components/parameters/select' - - $ref: '#/components/parameters/benchmark' - - $ref: '#/components/parameters/profile' - - $ref: '#/components/parameters/pass' - - $ref: '#/components/parameters/fail' - - $ref: '#/components/parameters/error' - - $ref: '#/components/parameters/notchecked' - - $ref: '#/components/parameters/unknown' - - $ref: '#/components/parameters/score' - - $ref: '#/components/parameters/query' - responses: - '200': - description: "List of agents or error description" - content: - application/json: - schema: - allOf: - - $ref: '#/components/schemas/ApiResponse' - - type: object - properties: - data: - $ref: '#/components/schemas/AllItemsResponseCiscatResult' - example: - data: - affected_items: - - benchmark: CIS Ubuntu Linux 16.04 LTS Benchmark - error: 0 - fail: 82 - notchecked: 36 - pass: 102 - profile: xccdf_org.cisecurity.benchmarks_profile_Level_2_-_Server - scan: - id: 23487414 - time: '2019-10-24T14:30:20.768Z' - score: 55 - unknown: 0 - failed_items: [] - total_affected_items: 1 - total_failed_items: 0 - message: 'All CISCAT results were returned' - error: 0 - '400': - $ref: '#/components/responses/ResponseError' - '401': - $ref: '#/components/responses/UnauthorizedResponse' - '403': - $ref: '#/components/responses/PermissionDeniedResponse' - '405': - $ref: '#/components/responses/InvalidHTTPMethodResponse' - '429': - $ref: '#/components/responses/TooManyRequestsResponse' - - /cluster/local/info: - get: - tags: - - Cluster - summary: "Get local node info" - description: "Return basic information about the cluster node receiving the request" - operationId: api.controllers.cluster_controller.get_cluster_node - x-rbac-actions: - - $ref: '#/x-rbac-catalog/actions/cluster:read' - parameters: - - $ref: '#/components/parameters/pretty' - - $ref: '#/components/parameters/wait_for_complete' - responses: - '200': - description: "Node basic information" - content: - application/json: - schema: - allOf: - - $ref: '#/components/schemas/ApiResponse' - - type: object - properties: - data: - properties: - node: - description: "Node name" - type: string - cluster: - description: "Cluster name the node belongs to" - type: string - type: - description: "Node type" - type: string - example: - data: - affected_items: - - node: "master-node" - cluster: "wazuh" - type: "master" - total_affected_items: 1 - failed_items: [] - total_failed_items: 0 - message: "All selected information was returned" - error: 0 - '400': - $ref: '#/components/responses/ResponseError' - '401': - $ref: '#/components/responses/UnauthorizedResponse' - '403': - $ref: '#/components/responses/PermissionDeniedResponse' - '405': - $ref: '#/components/responses/InvalidHTTPMethodResponse' - '429': - $ref: '#/components/responses/TooManyRequestsResponse' - - /cluster/nodes: - get: - tags: - - Cluster - summary: "Get nodes info" - description: "Get information about all nodes in the cluster or a list of them" - operationId: api.controllers.cluster_controller.get_cluster_nodes - x-rbac-actions: - - $ref: '#/x-rbac-catalog/actions/cluster:read' - parameters: - - $ref: '#/components/parameters/pretty' - - $ref: '#/components/parameters/wait_for_complete' - - $ref: '#/components/parameters/offset' - - $ref: '#/components/parameters/limit' - - $ref: '#/components/parameters/sort' - - $ref: '#/components/parameters/search' - - $ref: '#/components/parameters/select' - - $ref: '#/components/parameters/node_type' - - $ref: '#/components/parameters/nodes_list' - - $ref: '#/components/parameters/query' - responses: - '200': - description: "List of connected nodes" - content: - application/json: - schema: - allOf: - - $ref: '#/components/schemas/ApiResponse' - - type: object - properties: - data: - $ref: '#/components/schemas/AllItemsResponseClusterNodes' - example: - data: - affected_items: - - name: master-node - type: master - version: 3.12.0 - ip: wazuh-master - - name: worker1 - type: worker - version: 3.12.0 - ip: 172.26.0.5 - - name: worker2 - type: worker - version: 3.12.0 - ip: 172.26.0.4 - total_affected_items: 3 - total_failed_items: 0 - failed_items: [] - message: "All selected information was returned" - error: 0 - '400': - $ref: '#/components/responses/ResponseError' - '401': - $ref: '#/components/responses/UnauthorizedResponse' - '403': - $ref: '#/components/responses/PermissionDeniedResponse' - '405': - $ref: '#/components/responses/InvalidHTTPMethodResponse' - '429': - $ref: '#/components/responses/TooManyRequestsResponse' - - /cluster/healthcheck: - get: - tags: - - Cluster - summary: "Get nodes healthcheck" - description: "Return cluster healthcheck information for all nodes or a list of them. Such information includes - last keep alive, last synchronization time and number of agents reporting on each node" - operationId: api.controllers.cluster_controller.get_healthcheck - x-rbac-actions: - - $ref: '#/x-rbac-catalog/actions/cluster:read' - parameters: - - $ref: '#/components/parameters/pretty' - - $ref: '#/components/parameters/wait_for_complete' - - $ref: '#/components/parameters/nodes_list' - responses: - '200': - description: "Health information for cluster nodes" - content: - application/json: - schema: - allOf: - - $ref: '#/components/schemas/ApiResponse' - - type: object - properties: - data: - $ref: '#/components/schemas/AllItemsResponseNodeHealthcheck' - example: - data: - affected_items: - - info: - ip: "172.17.0.100" - version: "3.9.0" - type: "master" - totalActiveAgents: 2 - - info: - ip: "172.17.0.101" - version: "3.9.0" - type: "worker" - totalActiveAgents: 5 - status: - last_sync_agentinfo: - date_start_master: "2019-01-11T18:52:57.72Z" - date_end_master: "2019-01-11T18:52:57.73Z" - total_agentinfo: 1 - sync_integrity_free: true - last_sync_agentgroups: - date_end_master: "2019-01-11T18:52:51.56Z" - total_agentgroups: 0 - date_start_master: "2019-01-11T18:52:51.56Z" - last_sync_integrity: - total_files: - shared: 2 - missing: 4 - extra_valid: 0 - extra: 0 - date_end_master: "2019-01-11T18:52:45.47Z" - date_start_master: "2019-01-11T18:52:44.36Z" - last_keep_alive: "2019-01-11T18:52:16.66Z" - sync_agentinfo_free: true - sync_extravalid_free: true - message: "All selected nodes healthcheck information was returned" - error: 0 - '400': - $ref: '#/components/responses/ResponseError' - '401': - $ref: '#/components/responses/UnauthorizedResponse' - '403': - $ref: '#/components/responses/PermissionDeniedResponse' - '405': - $ref: '#/components/responses/InvalidHTTPMethodResponse' - '429': - $ref: '#/components/responses/TooManyRequestsResponse' - - /cluster/status: - get: - tags: - - Cluster - summary: "Get cluster status" - description: "Return information about the cluster status" - operationId: api.controllers.cluster_controller.get_status - x-rbac-actions: - - $ref: '#/x-rbac-catalog/actions/cluster:status' - parameters: - - $ref: '#/components/parameters/pretty' - - $ref: '#/components/parameters/wait_for_complete' - responses: - '200': - description: "Cluster status" - content: - application/json: - schema: - allOf: - - $ref: '#/components/schemas/ApiResponse' - - type: object - properties: - data: - properties: - enabled: - description: "Whether the cluster is enabled in the Wazuh configuration" - type: string - enum: - - "yes" - - "no" - running: - description: "Whether the cluster daemon is running" - type: string - enum: - - "yes" - - "no" - example: - data: - enabled: "yes" - running: "yes" - '400': - $ref: '#/components/responses/ResponseError' - '401': - $ref: '#/components/responses/UnauthorizedResponse' - '403': - $ref: '#/components/responses/PermissionDeniedResponse' - '405': - $ref: '#/components/responses/InvalidHTTPMethodResponse' - '429': - $ref: '#/components/responses/TooManyRequestsResponse' - - /cluster/local/config: - get: - tags: - - Cluster - summary: "Get local node config" - description: "Return the current node cluster configuration" - operationId: api.controllers.cluster_controller.get_config - x-rbac-actions: - - $ref: '#/x-rbac-catalog/actions/cluster:read' - parameters: - - $ref: '#/components/parameters/pretty' - - $ref: '#/components/parameters/wait_for_complete' - responses: - '200': - description: "Cluster configuration" - content: - application/json: - schema: - allOf: - - $ref: '#/components/schemas/ApiResponse' - - type: object - properties: - data: - properties: - name: - description: "Cluster name" - type: string - node_name: - description: "Node name" - type: string - node_type: - description: "Node type" - type: string - enum: - - master - - worker - key: - description: "Cluster key used to encrypt messages" - type: string - port: - description: "Port used by the **master** node to communicate with workers" - type: integer - bind_addr: - description: "Network interface used by the **master** to listen to incoming connections" - type: string - nodes: - description: "List of cluster master nodes. This list is used by **worker** nodes to connect - to the master" - type: array - items: - type: string - hidden: - description: "Whether to hide the cluster information in the alerts" - type: string - disabled: - description: "Whether the cluster is enabled or not" - type: boolean - example: - data: - affected_items: - - name: wazuh - node_name: node02 - node_type: worker - key: 9d273b53510fef702b54a92e9cffc82e - port: 1516 - bind_addr: 0.0.0.0 - nodes: - - 172.17.0.100 - hidden: no - disabled: false - total_affected_items: 1 - failed_items: [] - total_failed_items: 0 - message: "All selected information was returned" - error: 0 - '400': - $ref: '#/components/responses/ResponseError' - '401': - $ref: '#/components/responses/UnauthorizedResponse' - '403': - $ref: '#/components/responses/PermissionDeniedResponse' - '405': - $ref: '#/components/responses/InvalidHTTPMethodResponse' - '429': - $ref: '#/components/responses/TooManyRequestsResponse' - - /cluster/api/config: - get: - tags: - - Cluster - summary: "Get nodes API config" - description: "Return the API configuration of all nodes (or a list of them) in JSON format" - operationId: api.controllers.cluster_controller.get_api_config - x-rbac-actions: - - $ref: '#/x-rbac-catalog/actions/cluster:read_api_config' - parameters: - - $ref: '#/components/parameters/pretty' - - $ref: '#/components/parameters/wait_for_complete' - - $ref: '#/components/parameters/nodes_list' - responses: - '200': - description: Current API configuration - content: - application/json: - schema: - type: object - additionalProperties: true - example: - data: - affected_items: - - node_name: "master_node" - node_api_config: - host: 0.0.0.0 - port: 55000 - behind_proxy_server: false - https: - enabled: true - key: "/var/ossec/api/configuration/ssl/server.key" - cert: "/var/ossec/api/configuration/ssl/server.crt" - use_ca: false - ca: "/var/ossec/api/configuration/ssl/ca.crt" - access: - max_login_attempts: 50 - block_time: 300 - max_request_per_minute: 300 - logs: - path: /var/ossec/logs/api.log - level: info - cors: - enabled: false - source_route: "*" - allow_headers: "*" - allow_credentials: false - cache: - enabled: true - time: 0.75 - use_only_authd: false - drop_privileges: true - experimental_features: false - - node_name: "worker1" - node_api_config: - host: 0.0.0.0 - port: 55000 - behind_proxy_server: false - https: - enabled: true - key: "/var/ossec/api/configuration/ssl/server.key" - cert: "/var/ossec/api/configuration/ssl/server.crt" - use_ca: false - ca: "/var/ossec/api/configuration/ssl/ca.crt" - logs: - path: /var/ossec/logs/api.log - level: info - cors: - enabled: false - source_route: "*" - allow_headers: "*" - allow_credentials: false - cache: - enabled: true - time: 0.75 - use_only_authd: false - drop_privileges: true - experimental_features: false - total_affected_items: 2 - total_failed_items: 0 - failed_items: [] - message: "API configuration was successfully read in all specified nodes" - error: 0 - '400': - $ref: '#/components/responses/ResponseError' - '401': - $ref: '#/components/responses/UnauthorizedResponse' - '403': - $ref: '#/components/responses/PermissionDeniedResponse' - '405': - $ref: '#/components/responses/InvalidHTTPMethodResponse' - '429': - $ref: '#/components/responses/TooManyRequestsResponse' - - /cluster/{node_id}/status: - get: - tags: - - Cluster - summary: "Get node status" - description: "Return the status of all Wazuh daemons in node node_id" - operationId: api.controllers.cluster_controller.get_status_node - x-rbac-actions: - - $ref: '#/x-rbac-catalog/actions/cluster:read' - parameters: - - $ref: '#/components/parameters/pretty' - - $ref: '#/components/parameters/wait_for_complete' - - $ref: '#/components/parameters/node_id' - responses: - '200': - description: "Node wazuh daemons statuses" - content: - application/json: - schema: - allOf: - - $ref: '#/components/schemas/ApiResponse' - - type: object - properties: - data: - $ref: '#/components/schemas/WazuhDaemonsStatus' - example: - data: - affected_items: - - ossec-agentlessd: stopped - ossec-analysisd: running - ossec-authd: stopped - ossec-csyslogd: stopped - ossec-dbd: stopped - ossec-execd: running - ossec-integratord: stopped - ossec-logcollector: running - ossec-maild: stopped - ossec-monitord: running - ossec-remoted: running - ossec-reportd: stopped - ossec-syscheckd: running - wazuh-apid: running - wazuh-clusterd: running - wazuh-db: running - wazuh-modulesd: running - total_affected_items: 1 - failed_items: [] - total_failed_items: 0 - message: "Processes status was successfully read" - error: 0 - '400': - $ref: '#/components/responses/ResponseError' - '401': - $ref: '#/components/responses/UnauthorizedResponse' - '403': - $ref: '#/components/responses/PermissionDeniedResponse' - '405': - $ref: '#/components/responses/InvalidHTTPMethodResponse' - '429': - $ref: '#/components/responses/TooManyRequestsResponse' - - /cluster/{node_id}/info: - get: - tags: - - Cluster - summary: "Get node info" - description: "Return basic information about a specified node such as version, compilation date, installation - path" - operationId: api.controllers.cluster_controller.get_info_node - x-rbac-actions: - - $ref: '#/x-rbac-catalog/actions/cluster:read' - parameters: - - $ref: '#/components/parameters/pretty' - - $ref: '#/components/parameters/wait_for_complete' - - $ref: '#/components/parameters/node_id' - responses: - '200': - description: "Node information" - content: - application/json: - schema: - allOf: - - $ref: '#/components/schemas/ApiResponse' - - type: object - properties: - data: - $ref: '#/components/schemas/WazuhInfo' - example: - data: - affected_items: - - path: /var/ossec - version: v3.9.0 - compilation_date: "2019-03-06T11:24:59Z" - type: manager - max_agents: 14000 - openssl_support: yes - ruleset_version: 3905 - tz_offset: +0000 - tz_name: UTC - total_affected_items: 1 - failed_items: [] - total_failed_items: 0 - message: "Basic information was successfully read" - error: 0 - '400': - $ref: '#/components/responses/ResponseError' - '401': - $ref: '#/components/responses/UnauthorizedResponse' - '403': - $ref: '#/components/responses/PermissionDeniedResponse' - '405': - $ref: '#/components/responses/InvalidHTTPMethodResponse' - '429': - $ref: '#/components/responses/TooManyRequestsResponse' - - /cluster/{node_id}/configuration: - get: - tags: - - Cluster - summary: "Get node config" - description: "Return wazuh configuration used in node {node_id}" - operationId: api.controllers.cluster_controller.get_configuration_node - x-rbac-actions: - - $ref: '#/x-rbac-catalog/actions/cluster:read' - parameters: - - $ref: '#/components/parameters/pretty' - - $ref: '#/components/parameters/wait_for_complete' - - $ref: '#/components/parameters/node_id' - - $ref: '#/components/parameters/section' - - $ref: '#/components/parameters/field' - responses: - '200': - description: "Node configuration" - content: - application/json: - schema: - allOf: - - $ref: '#/components/schemas/ApiResponse' - - type: object - properties: - data: - $ref: '#/components/schemas/WazuhMangerConfiguration' - example: - data: - affected_items: - - global: - jsonout_output: yes - alerts_log: yes - logall: no - logall_json: no - email_notification: no - smtp_server: smtp.example.wazuh.com - email_from: ossecm@example.wazuh.com - email_to: recipient@example.wazuh.com - email_maxperhour: 12 - email_log_source: alerts.log - queue_size: 131072 - white_list: - - 127.0.0.1 - - ^localhost.localdomain$ - - 127.0.0.53 - alerts: - log_alert_level: "3" - email_alert_level: "12" - cis-cat: - disabled: yes - timeout: 1800 - interval: 1d - scan-on-start: yes - java_path: wodles/java - ciscat_path: wodles/ciscat - command: - - name: disable-account - executable: disable-account.sh - expect: user - timeout_allowed: yes - - name: restart-ossec - executable: restart-ossec.sh - total_affected_items: 1 - failed_items: [] - total_failed_items: 0 - message: "Configuration was successfully read" - error: 0 - '400': - $ref: '#/components/responses/ResponseError' - '401': - $ref: '#/components/responses/UnauthorizedResponse' - '403': - $ref: '#/components/responses/PermissionDeniedResponse' - '405': - $ref: '#/components/responses/InvalidHTTPMethodResponse' - '429': - $ref: '#/components/responses/TooManyRequestsResponse' - - /cluster/{node_id}/stats: - get: - tags: - - Cluster - summary: "Get node stats" - description: "Return Wazuh statistical information in node {node_id} for the current or specified date" - operationId: api.controllers.cluster_controller.get_stats_node - x-rbac-actions: - - $ref: '#/x-rbac-catalog/actions/cluster:read' - parameters: - - $ref: '#/components/parameters/pretty' - - $ref: '#/components/parameters/wait_for_complete' - - $ref: '#/components/parameters/node_id' - - $ref: '#/components/parameters/date' - responses: - '200': - description: "Wazuh node stats" - content: - application/json: - schema: - allOf: - - $ref: '#/components/schemas/ApiResponse' - - type: object - properties: - data: - $ref: '#/components/schemas/AllItemsResponseWazuhStats' - example: - data: - affected_items: - - hour: 15 - alerts: - - sigid: 5303 - level: 3 - times: 1 - - sigid: 5501 - level: 3 - times: 4 - - sigid: 221 - level: 0 - times: 653 - totalAlerts: 658 - events: 4387 - firewall: 0 - - hour: 16 - alerts: - - sigid: 5521 - level: 0 - times: 1 - - sigid: 530 - level: 0 - times: 120 - totalAlerts: 121 - events: 4379 - syscheck: 0 - firewall: 0 - total_affected_items: 2 - failed_items: [] - total_failed_items: 0 - '400': - $ref: '#/components/responses/ResponseError' - '401': - $ref: '#/components/responses/UnauthorizedResponse' - '403': - $ref: '#/components/responses/PermissionDeniedResponse' - '405': - $ref: '#/components/responses/InvalidHTTPMethodResponse' - '429': - $ref: '#/components/responses/TooManyRequestsResponse' - - /cluster/{node_id}/stats/hourly: - get: - tags: - - Cluster - summary: "Get node stats hour" - description: "Return Wazuh statistical information in node {node_id} per hour. Each number in the averages field - represents the average of alerts per hour" - operationId: api.controllers.cluster_controller.get_stats_hourly_node - x-rbac-actions: - - $ref: '#/x-rbac-catalog/actions/cluster:read' - parameters: - - $ref: '#/components/parameters/pretty' - - $ref: '#/components/parameters/wait_for_complete' - - $ref: '#/components/parameters/node_id' - responses: - '200': - description: "Wazuh node hourly stats" - content: - application/json: - schema: - allOf: - - $ref: '#/components/schemas/ApiResponse' - - type: object - properties: - data: - $ref: '#/components/schemas/AllItemsResponseWazuhStats' - example: - data: - affected_items: - - averages: - - 40 - - 24 - - 67 - - 234 - - 66 - - 24 - - 634 - - 66 - - 123 - - 56 - - 65 - - 23 - - 666 - - 233 - - 646 - - 44 - - 64 - - 99 - - 34 - - 235 - - 653 - - 25 - - 65 - - 23 - interactions: 0 - total_affected_items: 1 - failed_items: [] - total_failed_items: 0 - '400': - $ref: '#/components/responses/ResponseError' - '401': - $ref: '#/components/responses/UnauthorizedResponse' - '403': - $ref: '#/components/responses/PermissionDeniedResponse' - '405': - $ref: '#/components/responses/InvalidHTTPMethodResponse' - '429': - $ref: '#/components/responses/TooManyRequestsResponse' - - /cluster/{node_id}/stats/weekly: - get: - tags: - - Cluster - summary: "Get node stats week" - description: "Return Wazuh statistical information in node {node_id} per week. Each number in the averages field - represents the average of alerts per hour for that specific day" - operationId: api.controllers.cluster_controller.get_stats_weekly_node - x-rbac-actions: - - $ref: '#/x-rbac-catalog/actions/cluster:read' - parameters: - - $ref: '#/components/parameters/pretty' - - $ref: '#/components/parameters/wait_for_complete' - - $ref: '#/components/parameters/node_id' - responses: - '200': - description: "Wazuh node weekly stats" - content: - application/json: - schema: - allOf: - - $ref: '#/components/schemas/ApiResponse' - - type: object - properties: - data: - $ref: '#/components/schemas/AllItemsResponseWazuhStats' - example: - data: - affected_items: - - Sun: - averages: - - 40 - - 24 - - 67 - - 234 - - 66 - - 24 - - 634 - - 66 - - 123 - - 56 - - 65 - - 23 - - 666 - - 233 - - 646 - - 44 - - 64 - - 99 - - 34 - - 235 - - 653 - - 25 - - 65 - - 23 - interactions: 0 - - Mon: - averages: - - 40 - - 24 - - 67 - - 234 - - 66 - - 24 - - 634 - - 66 - - 123 - - 56 - - 65 - - 23 - - 666 - - 233 - - 646 - - 44 - - 64 - - 99 - - 34 - - 235 - - 653 - - 25 - - 65 - - 23 - interactions: 0 - - Tue: - averages: - - 40 - - 24 - - 67 - - 234 - - 66 - - 24 - - 634 - - 66 - - 123 - - 56 - - 65 - - 23 - - 666 - - 233 - - 646 - - 44 - - 64 - - 99 - - 34 - - 235 - - 653 - - 25 - - 65 - - 23 - interactions: 0 - - Wed: - averages: - - 40 - - 24 - - 67 - - 234 - - 66 - - 24 - - 634 - - 66 - - 123 - - 56 - - 65 - - 23 - - 666 - - 233 - - 646 - - 44 - - 64 - - 99 - - 34 - - 235 - - 653 - - 25 - - 65 - - 23 - interactions: 0 - - Thu: - averages: - - 40 - - 24 - - 67 - - 234 - - 66 - - 24 - - 634 - - 66 - - 123 - - 56 - - 65 - - 23 - - 666 - - 233 - - 646 - - 44 - - 64 - - 99 - - 34 - - 235 - - 653 - - 25 - - 65 - - 23 - interactions: 0 - - Fri: - averages: - - 40 - - 24 - - 67 - - 234 - - 66 - - 24 - - 634 - - 66 - - 123 - - 56 - - 65 - - 23 - - 666 - - 233 - - 646 - - 44 - - 64 - - 99 - - 34 - - 235 - - 653 - - 25 - - 65 - - 23 - interactions: 0 - - Sat: - averages: - - 40 - - 24 - - 67 - - 234 - - 66 - - 24 - - 634 - - 66 - - 123 - - 56 - - 65 - - 23 - - 666 - - 233 - - 646 - - 44 - - 64 - - 99 - - 34 - - 235 - - 653 - - 25 - - 65 - - 23 - interactions: 0 - total_affected_items: 7 - failed_items: [] - total_failed_items: 0 - '400': - $ref: '#/components/responses/ResponseError' - '401': - $ref: '#/components/responses/UnauthorizedResponse' - '403': - $ref: '#/components/responses/PermissionDeniedResponse' - '405': - $ref: '#/components/responses/InvalidHTTPMethodResponse' - '429': - $ref: '#/components/responses/TooManyRequestsResponse' - - /cluster/{node_id}/stats/analysisd: - get: - tags: - - Cluster - summary: "Get node stats analysisd" - description: "Return Wazuh analysisd statistical information in node {node_id}" - operationId: api.controllers.cluster_controller.get_stats_analysisd_node - x-rbac-actions: - - $ref: '#/x-rbac-catalog/actions/cluster:read' - parameters: - - $ref: '#/components/parameters/pretty' - - $ref: '#/components/parameters/wait_for_complete' - - $ref: '#/components/parameters/node_id' - responses: - '200': - description: "Wazuh node analysisd stats" - content: - application/json: - schema: - allOf: - - $ref: '#/components/schemas/ApiResponse' - - type: object - properties: - data: - $ref: '#/components/schemas/AllItemsResponseWazuhStats' - example: - data: - affected_items: - - total_events_decoded: 5 - syscheck_events_decoded: 0 - syscheck_edps: 0 - syscollector_events_decoded: 0 - syscollector_edps: 0 - rootcheck_events_decoded: 0 - rootcheck_edps: 0 - sca_events_decoded: 0 - sca_edps: 0 - hostinfo_events_decoded: 0 - hostinfo_edps: 0 - winevt_events_decoded: 0 - winevt_edps: 0 - other_events_decoded: 5 - other_events_edps: 1 - events_processed: 5 - events_edps: 1 - events_received: 5 - events_dropped: 0 - alerts_written: 0 - firewall_written: 0 - fts_written: 0 - syscheck_queue_usage: 0 - syscheck_queue_size: 16384 - syscollector_queue_usage: 0 - syscollector_queue_size: 16384 - rootcheck_queue_usage: 0 - rootcheck_queue_size: 16384 - sca_queue_usage: 0 - sca_queue_size: 16384 - hostinfo_queue_usage: 0 - hostinfo_queue_size: 16384 - winevt_queue_usage: 0 - winevt_queue_size: 16384 - event_queue_usage: 0 - event_queue_size: 16384 - rule_matching_queue_usage: 0 - rule_matching_queue_size: 16384 - alerts_queue_usage: 0 - alerts_queue_size: 16384 - firewall_queue_usage: 0 - firewall_queue_size: 16384 - statistical_queue_usage: 0 - statistical_queue_size: 16384 - archives_queue_usage: 0 - archives_queue_size: 16384 - total_affected_items: 1 - failed_items: [] - total_failed_items: 0 - '400': - $ref: '#/components/responses/ResponseError' - '401': - $ref: '#/components/responses/UnauthorizedResponse' - '403': - $ref: '#/components/responses/PermissionDeniedResponse' - '405': - $ref: '#/components/responses/InvalidHTTPMethodResponse' - '429': - $ref: '#/components/responses/TooManyRequestsResponse' - - /cluster/{node_id}/stats/remoted: - get: - tags: - - Cluster - summary: "Get node stats remoted" - description: "Return Wazuh remoted statistical information in node {node_id}" - operationId: api.controllers.cluster_controller.get_stats_remoted_node - x-rbac-actions: - - $ref: '#/x-rbac-catalog/actions/cluster:read' - parameters: - - $ref: '#/components/parameters/pretty' - - $ref: '#/components/parameters/wait_for_complete' - - $ref: '#/components/parameters/node_id' - responses: - '200': - description: "Wazuh node remoted stats" - content: - application/json: - schema: - allOf: - - $ref: '#/components/schemas/ApiResponse' - - type: object - properties: - data: - $ref: '#/components/schemas/AllItemsResponseWazuhStats' - example: - data: - affected_items: - - queue_size: 0 - total_queue_size: 131072 - tcp_sessions: 0 - evt_count: 0 - ctrl_msg_count: 0 - discarded_count: 0 - msg_sent: 0 - recv_bytes: 0 - total_affected_items: 0 - failed_items: [] - total_failed_items: 0 - '400': - $ref: '#/components/responses/ResponseError' - '401': - $ref: '#/components/responses/UnauthorizedResponse' - '403': - $ref: '#/components/responses/PermissionDeniedResponse' - '405': - $ref: '#/components/responses/InvalidHTTPMethodResponse' - '429': - $ref: '#/components/responses/TooManyRequestsResponse' - - /cluster/{node_id}/logs: - get: - tags: - - Cluster - summary: "Get node logs" - description: "Return the last 2000 wazuh log entries in the specified node" - operationId: api.controllers.cluster_controller.get_log_node - x-rbac-actions: - - $ref: '#/x-rbac-catalog/actions/cluster:read' - parameters: - - $ref: '#/components/parameters/pretty' - - $ref: '#/components/parameters/wait_for_complete' - - $ref: '#/components/parameters/node_id' - - $ref: '#/components/parameters/offset' - - $ref: '#/components/parameters/limit' - - $ref: '#/components/parameters/sort' - - $ref: '#/components/parameters/search' - - $ref: '#/components/parameters/tag' - - $ref: '#/components/parameters/log_level' - - $ref: '#/components/parameters/query' - responses: - '200': - description: "Wazuh node logs" - content: - application/json: - schema: - allOf: - - $ref: '#/components/schemas/ApiResponse' - - type: object - properties: - data: - $ref: '#/components/schemas/AllItemsResponseWazuhLogs' - example: - data: - affected_items: - - timestamp: '2020-04-15T13:43:38+00:00' - tag: ossec-analysisd - level: error - description: " (1277): Invalid syscheck message received" - - timestamp: '2020-04-15T13:43:38+00:00' - tag: ossec-analysisd - level: error - description: " (1277): Invalid syscheck message received" - - timestamp: '2020-04-15T13:43:30+00:00' - tag: ossec-analysisd - level: error - description: " (1277): Invalid syscheck message received" - total_affected_items: 3 - failed_items: [] - total_failed_items: 0 - message: "Logs were successfully read in specified node" - error: 0 - '400': - $ref: '#/components/responses/ResponseError' - '401': - $ref: '#/components/responses/UnauthorizedResponse' - '403': - $ref: '#/components/responses/PermissionDeniedResponse' - '405': - $ref: '#/components/responses/InvalidHTTPMethodResponse' - '429': - $ref: '#/components/responses/TooManyRequestsResponse' - - /cluster/{node_id}/logs/summary: - get: - tags: - - Cluster - summary: "Get node logs summary" - description: "Return a summary of the last 2000 wazuh log entries in the specified node" - operationId: api.controllers.cluster_controller.get_log_summary_node - x-rbac-actions: - - $ref: '#/x-rbac-catalog/actions/cluster:read' - parameters: - - $ref: '#/components/parameters/pretty' - - $ref: '#/components/parameters/wait_for_complete' - - $ref: '#/components/parameters/node_id' - responses: - '200': - description: "Wazuh node logs summary" - content: - application/json: - schema: - allOf: - - $ref: '#/components/schemas/ApiResponse' - - type: object - properties: - data: - $ref: '#/components/schemas/WazuhLogsSummary' - example: - data: - affected_items: - - wazuh-modulesd: - info: 2 - all: 2 - critical: 0 - debug: 0 - error: 0 - warning: 0 - - wazuh-db: - info: 1 - all: 4 - critical: 0 - debug: 0 - error: 3 - warning: 0 - - ossec-rootcheck: - info: 8 - all: 8 - critical: 0 - debug: 0 - error: 0 - warning: 0 - total_affected_items: 3 - failed_items: [] - total_failed_items: 0 - '400': - $ref: '#/components/responses/ResponseError' - '401': - $ref: '#/components/responses/UnauthorizedResponse' - '403': - $ref: '#/components/responses/PermissionDeniedResponse' - '405': - $ref: '#/components/responses/InvalidHTTPMethodResponse' - '429': - $ref: '#/components/responses/TooManyRequestsResponse' - - /cluster/{node_id}/files: - get: - tags: - - Cluster - summary: "Get node file content" - description: "Return file contents from any file in the specified node" - operationId: api.controllers.cluster_controller.get_files_node - x-rbac-actions: - - $ref: '#/x-rbac-catalog/actions/cluster:read' - - $ref: '#/x-rbac-catalog/actions/cluster:read_file' - parameters: - - $ref: '#/components/parameters/pretty' - - $ref: '#/components/parameters/wait_for_complete' - - $ref: '#/components/parameters/node_id' - - $ref: '#/components/parameters/get_files_path' - responses: - '200': - description: "File contents" - content: - application/json: - schema: - allOf: - - $ref: '#/components/schemas/ApiResponse' - - type: object - properties: - data: - type: object - properties: - contents: - description: "File contents" - type: string - example: - data: - contents: '\n\n\n\n\n\n\n\n \n \n 5716\n 1.1.1.1\n sshd: - authentication failed from IP 1.1.1.1.\n authentication_failed,pci_dss_10.2.4, - pci_dss_10.2.5,\n \n\n\n' - '400': - $ref: '#/components/responses/ResponseError' - '401': - $ref: '#/components/responses/UnauthorizedResponse' - '403': - $ref: '#/components/responses/PermissionDeniedResponse' - '405': - $ref: '#/components/responses/InvalidHTTPMethodResponse' - '429': - $ref: '#/components/responses/TooManyRequestsResponse' - - put: - tags: - - Cluster - summary: "Update node file content" - description: "Replace file contents with the data contained in the API request for the specified node" - operationId: api.controllers.cluster_controller.put_files_node - x-rbac-actions: - - $ref: '#/x-rbac-catalog/actions/cluster:read' - - $ref: '#/x-rbac-catalog/actions/cluster:delete_file' - - $ref: '#/x-rbac-catalog/actions/cluster:upload_file' - parameters: - - $ref: '#/components/parameters/pretty' - - $ref: '#/components/parameters/wait_for_complete' - - $ref: '#/components/parameters/node_id' - - $ref: '#/components/parameters/edit_files_path' - - $ref: '#/components/parameters/overwrite' - requestBody: - description: "Content of the file to be uploaded" - required: true - content: - application/octet-stream: - schema: - type: string - format: binary - responses: - '200': - description: "Confirmation message" - content: - application/json: - schema: - $ref: '#/components/schemas/ApiResponse' - example: - data: - affected_items: - - "etc/ossec.conf" - total_affected_items: 1 - failed_items: [] - total_failed_items: 0 - message: "File was successfully updated" - error: 0 - '400': - $ref: '#/components/responses/ResponseError' - '401': - $ref: '#/components/responses/UnauthorizedResponse' - '403': - $ref: '#/components/responses/PermissionDeniedResponse' - '405': - $ref: '#/components/responses/InvalidHTTPMethodResponse' - '406': - $ref: '#/components/responses/WrongContentTypeResponse' - '429': - $ref: '#/components/responses/TooManyRequestsResponse' - - delete: - tags: - - Cluster - summary: "Delete node file" - description: "Delete a file in the specified node" - operationId: api.controllers.cluster_controller.delete_files_node - x-rbac-actions: - - $ref: '#/x-rbac-catalog/actions/cluster:read' - - $ref: '#/x-rbac-catalog/actions/cluster:delete_file' - parameters: - - $ref: '#/components/parameters/pretty' - - $ref: '#/components/parameters/wait_for_complete' - - $ref: '#/components/parameters/node_id' - - $ref: '#/components/parameters/delete_files_path' - responses: - '200': - description: "Confirmation message" - content: - application/json: - schema: - $ref: '#/components/schemas/ApiResponse' - example: - data: - affected_items: - - "etc/rules/custom_rules.xml" - total_affected_items: 1 - failed_items: [] - total_failed_items: 0 - message: File was successfully deleted - error: 0 - '400': - $ref: '#/components/responses/ResponseError' - '401': - $ref: '#/components/responses/UnauthorizedResponse' - '403': - $ref: '#/components/responses/PermissionDeniedResponse' - '405': - $ref: '#/components/responses/InvalidHTTPMethodResponse' - '429': - $ref: '#/components/responses/TooManyRequestsResponse' - - /cluster/restart: - put: - tags: - - Cluster - summary: "Restart nodes" - description: "Restart all nodes in the cluster or a list of them" - operationId: api.controllers.cluster_controller.put_restart - x-rbac-actions: - - $ref: '#/x-rbac-catalog/actions/cluster:read' - - $ref: '#/x-rbac-catalog/actions/cluster:restart' - parameters: - - $ref: '#/components/parameters/pretty' - - $ref: '#/components/parameters/wait_for_complete' - - $ref: '#/components/parameters/nodes_list' - responses: - '200': - description: "List of affected nodes" - content: - application/json: - schema: - allOf: - - $ref: '#/components/schemas/ApiResponse' - - type: object - properties: - data: - $ref: '#/components/schemas/AllItemsResponseNodeIDs' - example: - message: "Restart request sent to all specified nodes" - error: 0 - data: - affected_items: - - 'master-node' - - 'worker1' - total_affected_items: 2 - failed_items: [] - total_failed_items: 0 - '400': - $ref: '#/components/responses/ResponseError' - '401': - $ref: '#/components/responses/UnauthorizedResponse' - '403': - $ref: '#/components/responses/PermissionDeniedResponse' - '405': - $ref: '#/components/responses/InvalidHTTPMethodResponse' - '429': - $ref: '#/components/responses/TooManyRequestsResponse' - - /cluster/configuration/validation: - get: - tags: - - Cluster - summary: "Check nodes config" - description: "Return whether the Wazuh configuration is correct or not in all cluster nodes or a list of them" - operationId: api.controllers.cluster_controller.get_conf_validation - x-rbac-actions: - - $ref: '#/x-rbac-catalog/actions/cluster:read' - parameters: - - $ref: '#/components/parameters/pretty' - - $ref: '#/components/parameters/wait_for_complete' - - $ref: '#/components/parameters/nodes_list' - responses: - '200': - description: "Configuration status" - content: - application/json: - schema: - allOf: - - $ref: '#/components/schemas/ApiResponse' - - type: object - properties: - data: - $ref: '#/components/schemas/AllItemsResponseValidationStatus' - example: - data: - affected_items: - - name: master-node - status: OK - - name: worker1 - status: OK - - name: worker2 - status: OK - total_affected_items: 3 - failed_items: [] - total_failed_items: 0 - message: Validation was successfully checked in all nodes - error: 0 - '400': - $ref: '#/components/responses/ResponseError' - '401': - $ref: '#/components/responses/UnauthorizedResponse' - '403': - $ref: '#/components/responses/PermissionDeniedResponse' - '405': - $ref: '#/components/responses/InvalidHTTPMethodResponse' - '429': - $ref: '#/components/responses/TooManyRequestsResponse' - - /cluster/{node_id}/configuration/{component}/{configuration}: - get: - tags: - - Cluster - summary: "Get node active configuration" - description: "Return the requested configuration in JSON format for the specified node" - operationId: api.controllers.cluster_controller.get_node_config - x-rbac-actions: - - $ref: '#/x-rbac-catalog/actions/cluster:read' - parameters: - - $ref: '#/components/parameters/pretty' - - $ref: '#/components/parameters/wait_for_complete' - - $ref: '#/components/parameters/node_id' - - $ref: '#/components/parameters/component' - - $ref: '#/components/parameters/configuration' - - responses: - '200': - description: "Cluster configuration on-demand" - content: - application/json: - schema: - allOf: - - $ref: '#/components/schemas/ApiResponse' - - example: - data: - affected_items: - - bind_addr: "0.0.0.0" - disabled: "false" - hidden: "no" - key: "9d273b53510fef702b54a92e9cffc82e" - name: "wazuh" - node_name: "master-node" - node_type: "master" - nodes: [ - "wazuh-master" - ] - port: 1516 - total_affected_items: 1 - failed_items: [] - total_failed_items: 0 - '400': - $ref: '#/components/responses/ResponseError' - '401': - $ref: '#/components/responses/UnauthorizedResponse' - '403': - $ref: '#/components/responses/PermissionDeniedResponse' - '405': - $ref: '#/components/responses/InvalidHTTPMethodResponse' - '429': - $ref: '#/components/responses/TooManyRequestsResponse' - - /lists: - get: - tags: - - Lists - summary: "Get CDB lists" - description: "Return the contents of all CDB lists. Optionally, the result can be filtered by several criteria. - See available parameters for more details" - operationId: api.controllers.lists_controller.get_lists - x-rbac-actions: - - $ref: '#/x-rbac-catalog/actions/lists:read' - parameters: - - $ref: '#/components/parameters/pretty' - - $ref: '#/components/parameters/wait_for_complete' - - $ref: '#/components/parameters/offset' - - $ref: '#/components/parameters/limit' - - $ref: '#/components/parameters/select' - - $ref: '#/components/parameters/sort' - - $ref: '#/components/parameters/search' - - $ref: '#/components/parameters/get_dirnames_path' - - $ref: '#/components/parameters/filename' - responses: - '200': - description: "Successfully got all CDB lists and the files where they are defined" - content: - application/json: - schema: - allOf: - - $ref: '#/components/schemas/ApiResponse' - - type: object - properties: - data: - $ref: '#/components/schemas/AllItemsResponseLists' - example: - data: - affected_items: - - items: - - key: AttachLoadBalancers - value: Autoscaling - - key: DetachLoadBalancers - value: Autoscaling - - key: PutScalingPolicy - value: Autoscaling - - key: TerminateInstanceInAutoScalingGroup - value: Autoscaling - relative_dirname: etc/lists/amazon - filename: aws-eventnames - - items: [] - relative_dirname: etc/lists/amazon - filename: aws-sources - - items: - - key: audit-wazuh-w - value: write - - key: audit-wazuh-r - value: read - - key: audit-wazuh-a - value: attribute - - key: audit-wazuh-x - value: execute - - key: audit-wazuh-c - value: command - relative_dirname: etc/lists - filename: audit-keys - - items: - - key: '200' - value: '' - - key: '201' - value: '' - - key: '203' - value: '' - - key: '202' - value: '' - relative_dirname: etc/lists - filename: security-eventchannel - total_affected_items: 4 - failed_items: [] - total_failed_items: 0 - message: 'All specified lists were returned' - error: 0 - '400': - $ref: '#/components/responses/ResponseError' - '401': - $ref: '#/components/responses/UnauthorizedResponse' - '403': - $ref: '#/components/responses/PermissionDeniedResponse' - '405': - $ref: '#/components/responses/InvalidHTTPMethodResponse' - '429': - $ref: '#/components/responses/TooManyRequestsResponse' - - /lists/files: - get: - tags: - - Lists - summary: "Get CDB lists files" - description: "Return the path from all CDB lists. Use this method to know all the CDB lists and their location in - the filesystem relative to Wazuh installation folder" - operationId: api.controllers.lists_controller.get_lists_files - x-rbac-actions: - - $ref: '#/x-rbac-catalog/actions/lists:read' - parameters: - - $ref: '#/components/parameters/pretty' - - $ref: '#/components/parameters/wait_for_complete' - - $ref: '#/components/parameters/offset' - - $ref: '#/components/parameters/limit' - - $ref: '#/components/parameters/sort' - - $ref: '#/components/parameters/search' - - $ref: '#/components/parameters/get_dirnames_path' - - $ref: '#/components/parameters/filename' - responses: - '200': - description: "Successfully got CDB lists" - content: - application/json: - schema: - allOf: - - $ref: '#/components/schemas/ApiResponse' - - type: object - properties: - data: - $ref: '#/components/schemas/AllItemsResponseListsFiles' - example: - data: - affected_items: - - relative_dirname: etc/lists/amazon - filename: aws-eventnames - - relative_dirname: etc/lists/amazon - filename: aws-sources - - relative_dirname: etc/lists - filename: audit-keys - - relative_dirname: etc/lists - filename: security-eventchannel - total_affected_items: 4 - failed_items: [] - total_failed_items: 0 - message: 'All specified paths were returned' - error: 0 - '400': - $ref: '#/components/responses/ResponseError' - '401': - $ref: '#/components/responses/UnauthorizedResponse' - '403': - $ref: '#/components/responses/PermissionDeniedResponse' - '405': - $ref: '#/components/responses/InvalidHTTPMethodResponse' - '429': - $ref: '#/components/responses/TooManyRequestsResponse' - - /manager/status: - get: - tags: - - Manager - summary: "Get status" - description: "Return the status of all Wazuh daemons" - operationId: api.controllers.manager_controller.get_status - x-rbac-actions: - - $ref: '#/x-rbac-catalog/actions/manager:read' - parameters: - - $ref: '#/components/parameters/pretty' - - $ref: '#/components/parameters/wait_for_complete' - responses: - '200': - description: "Wazuh manager daemons statuses" - content: - application/json: - schema: - allOf: - - $ref: '#/components/schemas/ApiResponse' - - type: object - properties: - data: - $ref: '#/components/schemas/WazuhDaemonsStatus' - example: - data: - affected_items: - - ossec-agentlessd: stopped - ossec-analysisd: running - ossec-authd: stopped - ossec-csyslogd: stopped - ossec-dbd: stopped - ossec-execd: running - ossec-integratord: stopped - ossec-logcollector: running - ossec-maild: stopped - ossec-monitord: running - ossec-remoted: running - ossec-reportd: stopped - ossec-syscheckd: running - wazuh-apid: running - wazuh-clusterd: running - wazuh-db: running - wazuh-modulesd: running - total_affected_items: 1 - failed_items: [] - total_failed_items: 0 - message: "Processes status successfully read" - error: 0 - '400': - $ref: '#/components/responses/ResponseError' - '401': - $ref: '#/components/responses/UnauthorizedResponse' - '403': - $ref: '#/components/responses/PermissionDeniedResponse' - '405': - $ref: '#/components/responses/InvalidHTTPMethodResponse' - '429': - $ref: '#/components/responses/TooManyRequestsResponse' - - /manager/info: - get: - tags: - - Manager - summary: "Get information" - description: "Return basic information such as version, compilation date, installation path" - operationId: api.controllers.manager_controller.get_info - x-rbac-actions: - - $ref: '#/x-rbac-catalog/actions/manager:read' - parameters: - - $ref: '#/components/parameters/pretty' - - $ref: '#/components/parameters/wait_for_complete' - responses: - '200': - description: "Manager information" - content: - application/json: - schema: - allOf: - - $ref: '#/components/schemas/ApiResponse' - - type: object - properties: - data: - $ref: '#/components/schemas/WazuhInfo' - example: - data: - affected_items: - - path: /var/ossec - version: v3.9.0 - compilation_date: "2019-03-06T11:24:59Z" - type: manager - max_agents: 14000 - openssl_support: yes - ruleset_version: 3905 - tz_offset: +0000 - tz_name: UTC - total_affected_items: 1 - failed_items: [] - total_failed_items: 0 - message: "Basic information was successfully read" - error: 0 - '400': - $ref: '#/components/responses/ResponseError' - '401': - $ref: '#/components/responses/UnauthorizedResponse' - '403': - $ref: '#/components/responses/PermissionDeniedResponse' - '405': - $ref: '#/components/responses/InvalidHTTPMethodResponse' - '429': - $ref: '#/components/responses/TooManyRequestsResponse' - - /manager/configuration: - get: - tags: - - Manager - summary: "Get configuration" - description: "Return wazuh configuration used" - operationId: api.controllers.manager_controller.get_configuration - x-rbac-actions: - - $ref: '#/x-rbac-catalog/actions/manager:read' - parameters: - - $ref: '#/components/parameters/pretty' - - $ref: '#/components/parameters/wait_for_complete' - - $ref: '#/components/parameters/section' - - $ref: '#/components/parameters/field' - responses: - '200': - description: "Wazuh configuration" - content: - application/json: - schema: - allOf: - - $ref: '#/components/schemas/ApiResponse' - - type: object - properties: - data: - $ref: '#/components/schemas/WazuhMangerConfiguration' - example: - data: - affected_items: - - global: - jsonout_output: yes - alerts_log: yes - logall: no - logall_json: no - email_notification: no - smtp_server: smtp.example.wazuh.com - email_from: ossecm@example.wazuh.com - email_to: recipient@example.wazuh.com - email_maxperhour: 12 - email_log_source: alerts.log - queue_size: 131072 - white_list: - - 127.0.0.1 - - ^localhost.localdomain$ - - 127.0.0.53 - alerts: - log_alert_level: "3" - email_alert_level: "12" - cis-cat: - disabled: yes - timeout: 1800 - interval: 1d - scan-on-start: yes - java_path: wodles/java - ciscat_path: wodles/ciscat - command: - - name: disable-account - executable: disable-account.sh - expect: user - timeout_allowed: yes - - name: restart-ossec - executable: restart-ossec.sh - total_affected_items: 1 - failed_items: [] - total_failed_items: 0 - message: "Configuration was successfully read" - error: 0 - '400': - $ref: '#/components/responses/ResponseError' - '401': - $ref: '#/components/responses/UnauthorizedResponse' - '403': - $ref: '#/components/responses/PermissionDeniedResponse' - '405': - $ref: '#/components/responses/InvalidHTTPMethodResponse' - '429': - $ref: '#/components/responses/TooManyRequestsResponse' - - /manager/stats: - get: - tags: - - Manager - summary: "Get stats" - description: "Return Wazuh statistical information for the current or specified date" - operationId: api.controllers.manager_controller.get_stats - x-rbac-actions: - - $ref: '#/x-rbac-catalog/actions/manager:read' - parameters: - - $ref: '#/components/parameters/pretty' - - $ref: '#/components/parameters/wait_for_complete' - - $ref: '#/components/parameters/date' - responses: - '200': - description: "Wazuh stats" - content: - application/json: - schema: - allOf: - - $ref: '#/components/schemas/ApiResponse' - - type: object - properties: - data: - $ref: '#/components/schemas/AllItemsResponseWazuhStats' - example: - data: - affected_items: - - hour: 15 - alerts: - - sigid: 5303 - level: 3 - times: 1 - - sigid: 5501 - level: 3 - times: 4 - - sigid: 221 - level: 0 - times: 653 - totalAlerts: 658 - events: 4387 - firewall: 0 - - hour: 16 - alerts: - - sigid: 5521 - level: 0 - times: 1 - - sigid: 530 - level: 0 - times: 120 - totalAlerts: 121 - events: 4379 - syscheck: 0 - firewall: 0 - total_affected_items: 2 - failed_items: [] - total_failed_items: 0 - '400': - $ref: '#/components/responses/ResponseError' - '401': - $ref: '#/components/responses/UnauthorizedResponse' - '403': - $ref: '#/components/responses/PermissionDeniedResponse' - '405': - $ref: '#/components/responses/InvalidHTTPMethodResponse' - '429': - $ref: '#/components/responses/TooManyRequestsResponse' - - /manager/stats/hourly: - get: - tags: - - Manager - summary: "Get stats hour" - description: "Return Wazuh statistical information per hour. Each number in the averages field represents the - average of alerts per hour" - operationId: api.controllers.manager_controller.get_stats_hourly - x-rbac-actions: - - $ref: '#/x-rbac-catalog/actions/manager:read' - parameters: - - $ref: '#/components/parameters/pretty' - - $ref: '#/components/parameters/wait_for_complete' - responses: - '200': - description: "Wazuh hourly stats" - content: - application/json: - schema: - allOf: - - $ref: '#/components/schemas/ApiResponse' - - type: object - properties: - data: - $ref: '#/components/schemas/AllItemsResponseWazuhStats' - example: - data: - affected_items: - - averages: - - 40 - - 24 - - 67 - - 234 - - 66 - - 24 - - 634 - - 66 - - 123 - - 56 - - 65 - - 23 - - 666 - - 233 - - 646 - - 44 - - 64 - - 99 - - 34 - - 235 - - 653 - - 25 - - 65 - - 23 - interactions: 0 - total_affected_items: 1 - failed_items: [] - total_failed_items: 0 - '400': - $ref: '#/components/responses/ResponseError' - '401': - $ref: '#/components/responses/UnauthorizedResponse' - '403': - $ref: '#/components/responses/PermissionDeniedResponse' - '405': - $ref: '#/components/responses/InvalidHTTPMethodResponse' - '429': - $ref: '#/components/responses/TooManyRequestsResponse' - - /manager/stats/weekly: - get: - tags: - - Manager - summary: "Get stats week" - description: "Return Wazuh statistical information per week. Each number in the averages field represents the - average of alerts per hour for that specific day" - operationId: api.controllers.manager_controller.get_stats_weekly - x-rbac-actions: - - $ref: '#/x-rbac-catalog/actions/manager:read' - parameters: - - $ref: '#/components/parameters/pretty' - - $ref: '#/components/parameters/wait_for_complete' - responses: - '200': - description: "Wazuh weekly stats" - content: - application/json: - schema: - allOf: - - $ref: '#/components/schemas/ApiResponse' - - type: object - properties: - data: - $ref: '#/components/schemas/AllItemsResponseWazuhStats' - example: - data: - affected_items: - - Sun: - averages: - - 40 - - 24 - - 67 - - 234 - - 66 - - 24 - - 634 - - 66 - - 123 - - 56 - - 65 - - 23 - - 666 - - 233 - - 646 - - 44 - - 64 - - 99 - - 34 - - 235 - - 653 - - 25 - - 65 - - 23 - interactions: 0 - - Mon: - averages: - - 40 - - 24 - - 67 - - 234 - - 66 - - 24 - - 634 - - 66 - - 123 - - 56 - - 65 - - 23 - - 666 - - 233 - - 646 - - 44 - - 64 - - 99 - - 34 - - 235 - - 653 - - 25 - - 65 - - 23 - interactions: 0 - - Tue: - averages: - - 40 - - 24 - - 67 - - 234 - - 66 - - 24 - - 634 - - 66 - - 123 - - 56 - - 65 - - 23 - - 666 - - 233 - - 646 - - 44 - - 64 - - 99 - - 34 - - 235 - - 653 - - 25 - - 65 - - 23 - interactions: 0 - - Wed: - averages: - - 40 - - 24 - - 67 - - 234 - - 66 - - 24 - - 634 - - 66 - - 123 - - 56 - - 65 - - 23 - - 666 - - 233 - - 646 - - 44 - - 64 - - 99 - - 34 - - 235 - - 653 - - 25 - - 65 - - 23 - interactions: 0 - - Thu: - averages: - - 40 - - 24 - - 67 - - 234 - - 66 - - 24 - - 634 - - 66 - - 123 - - 56 - - 65 - - 23 - - 666 - - 233 - - 646 - - 44 - - 64 - - 99 - - 34 - - 235 - - 653 - - 25 - - 65 - - 23 - interactions: 0 - - Fri: - averages: - - 40 - - 24 - - 67 - - 234 - - 66 - - 24 - - 634 - - 66 - - 123 - - 56 - - 65 - - 23 - - 666 - - 233 - - 646 - - 44 - - 64 - - 99 - - 34 - - 235 - - 653 - - 25 - - 65 - - 23 - interactions: 0 - - Sat: - averages: - - 40 - - 24 - - 67 - - 234 - - 66 - - 24 - - 634 - - 66 - - 123 - - 56 - - 65 - - 23 - - 666 - - 233 - - 646 - - 44 - - 64 - - 99 - - 34 - - 235 - - 653 - - 25 - - 65 - - 23 - interactions: 0 - total_affected_items: 7 - failed_items: [] - total_failed_items: 0 - '400': - $ref: '#/components/responses/ResponseError' - '401': - $ref: '#/components/responses/UnauthorizedResponse' - '403': - $ref: '#/components/responses/PermissionDeniedResponse' - '405': - $ref: '#/components/responses/InvalidHTTPMethodResponse' - '429': - $ref: '#/components/responses/TooManyRequestsResponse' - - /manager/stats/analysisd: - get: - tags: - - Manager - summary: "Get stats analysisd" - description: "Return Wazuh analysisd statistical information" - operationId: api.controllers.manager_controller.get_stats_analysisd - x-rbac-actions: - - $ref: '#/x-rbac-catalog/actions/manager:read' - parameters: - - $ref: '#/components/parameters/pretty' - - $ref: '#/components/parameters/wait_for_complete' - responses: - '200': - description: "Wazuh analysisd stats" - content: - application/json: - schema: - allOf: - - $ref: '#/components/schemas/ApiResponse' - - type: object - properties: - data: - $ref: '#/components/schemas/AllItemsResponseWazuhStats' - example: - data: - affected_items: - - total_events_decoded: 5 - syscheck_events_decoded: 0 - syscheck_edps: 0 - syscollector_events_decoded: 0 - syscollector_edps: 0 - rootcheck_events_decoded: 0 - rootcheck_edps: 0 - sca_events_decoded: 0 - sca_edps: 0 - hostinfo_events_decoded: 0 - hostinfo_edps: 0 - winevt_events_decoded: 0 - winevt_edps: 0 - other_events_decoded: 5 - other_events_edps: 1 - events_processed: 5 - events_edps: 1 - events_received: 5 - events_dropped: 0 - alerts_written: 0 - firewall_written: 0 - fts_written: 0 - syscheck_queue_usage: 0 - syscheck_queue_size: 16384 - syscollector_queue_usage: 0 - syscollector_queue_size: 16384 - rootcheck_queue_usage: 0 - rootcheck_queue_size: 16384 - sca_queue_usage: 0 - sca_queue_size: 16384 - hostinfo_queue_usage: 0 - hostinfo_queue_size: 16384 - winevt_queue_usage: 0 - winevt_queue_size: 16384 - event_queue_usage: 0 - event_queue_size: 16384 - rule_matching_queue_usage: 0 - rule_matching_queue_size: 16384 - alerts_queue_usage: 0 - alerts_queue_size: 16384 - firewall_queue_usage: 0 - firewall_queue_size: 16384 - statistical_queue_usage: 0 - statistical_queue_size: 16384 - archives_queue_usage: 0 - archives_queue_size: 16384 - total_affected_items: 1 - failed_items: [] - total_failed_items: 0 - '400': - $ref: '#/components/responses/ResponseError' - '401': - $ref: '#/components/responses/UnauthorizedResponse' - '403': - $ref: '#/components/responses/PermissionDeniedResponse' - '405': - $ref: '#/components/responses/InvalidHTTPMethodResponse' - '429': - $ref: '#/components/responses/TooManyRequestsResponse' - - /manager/stats/remoted: - get: - tags: - - Manager - summary: "Get stats remoted" - description: "Return Wazuh remoted statistical information" - operationId: api.controllers.manager_controller.get_stats_remoted - x-rbac-actions: - - $ref: '#/x-rbac-catalog/actions/manager:read' - parameters: - - $ref: '#/components/parameters/pretty' - - $ref: '#/components/parameters/wait_for_complete' - responses: - '200': - description: "Wazuh remoted stats" - content: - application/json: - schema: - allOf: - - $ref: '#/components/schemas/ApiResponse' - - type: object - properties: - data: - $ref: '#/components/schemas/AllItemsResponseWazuhStats' - example: - data: - affected_items: - - queue_size: 0 - total_queue_size: 131072 - tcp_sessions: 0 - evt_count: 0 - ctrl_msg_count: 0 - discarded_count: 0 - msg_sent: 0 - recv_bytes: 0 - total_affected_items: 0 - failed_items: [] - total_failed_items: 0 - '400': - $ref: '#/components/responses/ResponseError' - '401': - $ref: '#/components/responses/UnauthorizedResponse' - '403': - $ref: '#/components/responses/PermissionDeniedResponse' - '405': - $ref: '#/components/responses/InvalidHTTPMethodResponse' - '429': - $ref: '#/components/responses/TooManyRequestsResponse' - - /manager/logs: - get: - tags: - - Manager - summary: "Get logs" - description: "Return the last 2000 wazuh log entries" - operationId: api.controllers.manager_controller.get_log - x-rbac-actions: - - $ref: '#/x-rbac-catalog/actions/manager:read' - parameters: - - $ref: '#/components/parameters/pretty' - - $ref: '#/components/parameters/wait_for_complete' - - $ref: '#/components/parameters/offset' - - $ref: '#/components/parameters/limit' - - $ref: '#/components/parameters/sort' - - $ref: '#/components/parameters/search' - - $ref: '#/components/parameters/tag' - - $ref: '#/components/parameters/log_level' - - $ref: '#/components/parameters/query' - responses: - '200': - description: "Wazuh logs" - content: - application/json: - schema: - allOf: - - $ref: '#/components/schemas/ApiResponse' - - type: object - properties: - data: - $ref: '#/components/schemas/AllItemsResponseWazuhLogs' - example: - data: - affected_items: - - timestamp: '2020-04-15T14:47:54+00:00' - tag: wazuh-modulesd:syscollector - level: info - description: "Start syscheck scan" - - timestamp: '2020-04-15T14:47:51+00:00' - tag: wazuh-modulesd:syscollector - level: info - description: "Starting evaluation" - - timestamp: '2020-04-15T13:50:24+00:00' - tag: ossec-maild - level: error - description: " (1223): Error Sending email to 69.172.200.109 (smtp server)" - total_affected_items: 3 - failed_items: [] - total_failed_items: 0 - message: Logs read successfully in specified node - error: 0 - '400': - $ref: '#/components/responses/ResponseError' - '401': - $ref: '#/components/responses/UnauthorizedResponse' - '403': - $ref: '#/components/responses/PermissionDeniedResponse' - '405': - $ref: '#/components/responses/InvalidHTTPMethodResponse' - '429': - $ref: '#/components/responses/TooManyRequestsResponse' - - /manager/logs/summary: - get: - tags: - - Manager - summary: "Get logs summary" - description: "Return a summary of the last 2000 wazuh log entries" - operationId: api.controllers.manager_controller.get_log_summary - x-rbac-actions: - - $ref: '#/x-rbac-catalog/actions/manager:read' - parameters: - - $ref: '#/components/parameters/pretty' - - $ref: '#/components/parameters/wait_for_complete' - responses: - '200': - description: "Wazuh logs summary" - content: - application/json: - schema: - allOf: - - $ref: '#/components/schemas/ApiResponse' - - type: object - properties: - data: - $ref: '#/components/schemas/WazuhLogsSummary' - example: - data: - affected_items: - - wazuh-modulesd: - info: 2 - all: 2 - critical: 0 - debug: 0 - error: 0 - warning: 0 - - wazuh-db: - info: 1 - all: 4 - critical: 0 - debug: 0 - error: 3 - warning: 0 - - ossec-rootcheck: - info: 8 - all: 8 - critical: 0 - debug: 0 - error: 0 - warning: 0 - total_affected_items: 3 - failed_items: [] - total_failed_items: 0 - message: "Log was successfully summarized" - error: 0 - '400': - $ref: '#/components/responses/ResponseError' - '401': - $ref: '#/components/responses/UnauthorizedResponse' - '403': - $ref: '#/components/responses/PermissionDeniedResponse' - '405': - $ref: '#/components/responses/InvalidHTTPMethodResponse' - '429': - $ref: '#/components/responses/TooManyRequestsResponse' - - /manager/files: - get: - tags: - - Manager - summary: "Get file content" - description: "Return file contents from any file" - operationId: api.controllers.manager_controller.get_files - x-rbac-actions: - - $ref: '#/x-rbac-catalog/actions/manager:read' - - $ref: '#/x-rbac-catalog/actions/manager:read_file' - parameters: - - $ref: '#/components/parameters/pretty' - - $ref: '#/components/parameters/wait_for_complete' - - $ref: '#/components/parameters/get_files_path' - responses: - '200': - description: "File contents" - content: - application/json: - schema: - allOf: - - $ref: '#/components/schemas/ApiResponse' - - type: object - properties: - data: - type: object - properties: - contents: - description: "File contents" - type: string - example: - data: - contents: '\n\n\n\n\n\n\n\n \n \n 5716\n 1.1.1.1\n - sshd: authentication failed from IP 1.1.1.1.\n - authentication_failed,pci_dss_10.2.4,pci_dss_10.2.5,\n \n\n\n' - '400': - $ref: '#/components/responses/ResponseError' - '401': - $ref: '#/components/responses/UnauthorizedResponse' - '403': - $ref: '#/components/responses/PermissionDeniedResponse' - '405': - $ref: '#/components/responses/InvalidHTTPMethodResponse' - '429': - $ref: '#/components/responses/TooManyRequestsResponse' - - put: - tags: - - Manager - summary: "Update file content" - description: "Replace file contents with the data contained in the API request" - operationId: api.controllers.manager_controller.put_files - x-rbac-actions: - - $ref: '#/x-rbac-catalog/actions/manager:read' - - $ref: '#/x-rbac-catalog/actions/manager:delete_file' - - $ref: '#/x-rbac-catalog/actions/manager:upload_file' - parameters: - - $ref: '#/components/parameters/pretty' - - $ref: '#/components/parameters/wait_for_complete' - - $ref: '#/components/parameters/edit_files_path' - - $ref: '#/components/parameters/overwrite' - requestBody: - description: "Content of the file to be uploaded" - required: true - content: - application/octet-stream: - schema: - type: string - format: binary - responses: - '200': - description: "Confirmation message" - content: - application/json: - schema: - allOf: - - $ref: '#/components/schemas/ApiResponse' - - $ref: '#/components/schemas/ConfirmationMessage' - example: - message: "File was uploaded successfully" - error: 0 - '400': - $ref: '#/components/responses/ResponseError' - '401': - $ref: '#/components/responses/UnauthorizedResponse' - '403': - $ref: '#/components/responses/PermissionDeniedResponse' - '405': - $ref: '#/components/responses/InvalidHTTPMethodResponse' - '406': - $ref: '#/components/responses/WrongContentTypeResponse' - '429': - $ref: '#/components/responses/TooManyRequestsResponse' - - delete: - tags: - - Manager - summary: "Delete file" - description: "Delete a specified file" - operationId: api.controllers.manager_controller.delete_files - x-rbac-actions: - - $ref: '#/x-rbac-catalog/actions/manager:read' - - $ref: '#/x-rbac-catalog/actions/manager:delete_file' - parameters: - - $ref: '#/components/parameters/pretty' - - $ref: '#/components/parameters/wait_for_complete' - - $ref: '#/components/parameters/delete_files_path' - responses: - '200': - description: "Confirmation message" - content: - application/json: - schema: - allOf: - - $ref: '#/components/schemas/ApiResponse' - - $ref: '#/components/schemas/ConfirmationMessage' - example: - data: - affected_items: - - "etc/rules/custom_rule.xml" - total_affected_items: 1 - failed_items: [] - total_failed_items: 0 - message: File was deleted successfully - error: 0 - '400': - $ref: '#/components/responses/ResponseError' - '401': - $ref: '#/components/responses/UnauthorizedResponse' - '403': - $ref: '#/components/responses/PermissionDeniedResponse' - '405': - $ref: '#/components/responses/InvalidHTTPMethodResponse' - '429': - $ref: '#/components/responses/TooManyRequestsResponse' - - /manager/api/config: - get: - tags: - - Manager - summary: "Get API config" - description: "Return the local API configuration in JSON format" - operationId: api.controllers.manager_controller.get_api_config - x-rbac-actions: - - $ref: '#/x-rbac-catalog/actions/manager:read_api_config' - parameters: - - $ref: '#/components/parameters/pretty' - - $ref: '#/components/parameters/wait_for_complete' - responses: - '200': - description: "Current API configuration" - content: - application/json: - schema: - $ref: '#/components/schemas/ApiResponse' - example: - data: - affected_items: - - node_name: "manager" - node_api_config: - host: 0.0.0.0 - port: 55000 - behind_proxy_server: false - https: - enabled: true - key: "/var/ossec/api/configuration/ssl/server.key" - cert: "/var/ossec/api/configuration/ssl/server.crt" - use_ca: false - ca: "/var/ossec/api/configuration/ssl/ca.crt" - ssl_cipher: "TLSv1.2" - access: - max_login_attempts: 50 - block_time: 300 - max_request_per_minute: 300 - logs: - path: /var/ossec/logs/api.log - level: info - cors: - enabled: false - source_route: "*" - allow_headers: "*" - allow_credentials: false - cache: - enabled: true - time: 0.75 - use_only_authd: false - drop_privileges: true - experimental_features: false - total_affected_items: 1 - total_failed_items: 0 - failed_items: [] - message: "API configuration was successfully read" - error: 0 - '400': - $ref: '#/components/responses/ResponseError' - '401': - $ref: '#/components/responses/UnauthorizedResponse' - '403': - $ref: '#/components/responses/PermissionDeniedResponse' - '405': - $ref: '#/components/responses/InvalidHTTPMethodResponse' - '429': - $ref: '#/components/responses/TooManyRequestsResponse' - - /manager/restart: - put: - tags: - - Manager - summary: "Restart manager" - description: "Restart the wazuh manager" - operationId: api.controllers.manager_controller.put_restart - x-rbac-actions: - - $ref: '#/x-rbac-catalog/actions/manager:read' - - $ref: '#/x-rbac-catalog/actions/manager:restart' - parameters: - - $ref: '#/components/parameters/pretty' - - $ref: '#/components/parameters/wait_for_complete' - responses: - '200': - description: "Confirmation message" - content: - application/json: - schema: - $ref: '#/components/schemas/ApiResponse' - example: - data: - affected_items: - - master-node - total_affected_items: 1 - failed_items: [] - total_failed_items: 0 - message: "Restart request sent to all specified nodes" - error: 0 - '400': - $ref: '#/components/responses/ResponseError' - '401': - $ref: '#/components/responses/UnauthorizedResponse' - '403': - $ref: '#/components/responses/PermissionDeniedResponse' - '405': - $ref: '#/components/responses/InvalidHTTPMethodResponse' - '429': - $ref: '#/components/responses/TooManyRequestsResponse' - - /manager/configuration/validation: - get: - tags: - - Manager - summary: "Check config" - description: "Return whether the Wazuh configuration is correct" - operationId: api.controllers.manager_controller.get_conf_validation - x-rbac-actions: - - $ref: '#/x-rbac-catalog/actions/manager:read' - parameters: - - $ref: '#/components/parameters/pretty' - - $ref: '#/components/parameters/wait_for_complete' - responses: - '200': - description: "OK message if configuration is right" - content: - application/json: - schema: - $ref: '#/components/schemas/ConfigurationValidation' - example: - data: - affected_items: - - name: "master-node" - status: "OK" - total_affected_items: 1 - failed_items: [] - total_failed_items: 0 - message: "Validation was successfully checked in all nodes" - error: 0 - '400': - $ref: '#/components/responses/ResponseError' - '401': - $ref: '#/components/responses/UnauthorizedResponse' - '403': - $ref: '#/components/responses/PermissionDeniedResponse' - '405': - $ref: '#/components/responses/InvalidHTTPMethodResponse' - '429': - $ref: '#/components/responses/TooManyRequestsResponse' - - /manager/configuration/{component}/{configuration}: - get: - tags: - - Manager - summary: "Get active configuration" - description: "Return the requested active configuration in JSON format" - operationId: api.controllers.manager_controller.get_manager_config_ondemand - x-rbac-actions: - - $ref: '#/x-rbac-catalog/actions/manager:read' - parameters: - - $ref: '#/components/parameters/pretty' - - $ref: '#/components/parameters/wait_for_complete' - - $ref: '#/components/parameters/component' - - $ref: '#/components/parameters/configuration' - responses: - '200': - description: "Manager configuration on-demand" - content: - application/json: - schema: - allOf: - - $ref: '#/components/schemas/ApiResponse' - example: - data: - affected_items: - - remote: - connection: "secure" - ipv6: "no" - protocol: "tcp" - port: 1514 - queue_size: 131072 - total_affected_items: 1 - failed_items: [] - total_failed_items: 0 - message: "Active configuration was successfully read in specified node" - error: 0 - '400': - $ref: '#/components/responses/ResponseError' - '401': - $ref: '#/components/responses/UnauthorizedResponse' - '403': - $ref: '#/components/responses/PermissionDeniedResponse' - '405': - $ref: '#/components/responses/InvalidHTTPMethodResponse' - '429': - $ref: '#/components/responses/TooManyRequestsResponse' - - /mitre: - get: - tags: - - Mitre - summary: "Get MITRE attacks" - description: "Return the requested attacks from MITRE database" - operationId: api.controllers.mitre_controller.get_attack - x-rbac-actions: - - $ref: '#/x-rbac-catalog/actions/mitre:read' - parameters: - - $ref: '#/components/parameters/pretty' - - $ref: '#/components/parameters/wait_for_complete' - - $ref: '#/components/parameters/attack_id' - - $ref: '#/components/parameters/phase_name' - - $ref: '#/components/parameters/platform_name' - - $ref: '#/components/parameters/offset' - - $ref: '#/components/parameters/limit' - - $ref: '#/components/parameters/query' - - $ref: '#/components/parameters/search' - - $ref: '#/components/parameters/select' - - $ref: '#/components/parameters/sort' - responses: - '200': - description: "List of attacks or error description" - content: - application/json: - schema: - $ref: '#/components/schemas/ApiResponse' - example: - data: - affected_items: - json: - x_mitre_data_sources: - - "Packet capture" - - "Process use of network" - name: "Data Obfuscation" - description: "Command and control (C2) communications are hidden (but not necessarily encrypted) - ..." - id: "attack-pattern--ad255bfe-a9e6-4b52-a258-8d3462abe842" - x_mitre_platforms: - - "Linux" - - "macOS" - - "Windows" - object_marking_refs": - - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - x_mitre_version: "1.0" - type: "attack-pattern" - x_mitre_detection: "Analyze network data for uncommon data flows (e.g., a client sending cious..." - created_by_ref: "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - x_mitre_network_requirements: true - created: "2017-05-31T21:30:18.931Z" - kill_chain_phases: - - kill_chain_name: "mitre-attack" - - phase_name: "Command and Control" - external_references": - - external_id: "T1001" - source_name: "mitre-attack" - url: "https://attack.mitre.org/techniques/T1001" - - source_name: "University of Birmingham C2" - description: "Gardiner, J., Cova, M., Nagaraja, S. (2014, February)..." - url: "https://arxiv.org/ftp/arxiv/papers/1408/1408.1136.pdf" - modified: "2019-07-17T18:54:32.478Z" - phase_name: - - "Command and Control" - platform_name: - - "Linux" - - "Windows" - - "macOS" - id: "T1001" - total_affected_items: 1 - failed_items: [] - total_failed_items: 0 - message: "All selected MITRE information was returned" - error: 0 - '400': - $ref: '#/components/responses/ResponseError' - '401': - $ref: '#/components/responses/UnauthorizedResponse' - '403': - $ref: '#/components/responses/PermissionDeniedResponse' - '405': - $ref: '#/components/responses/InvalidHTTPMethodResponse' - '429': - $ref: '#/components/responses/TooManyRequestsResponse' - - /rules: - get: - tags: - - Rules - summary: "List rules" - description: "Return a list containing information about each rule such as file where it's defined, description, - rule group, status, etc" - operationId: api.controllers.rules_controller.get_rules - x-rbac-actions: - - $ref: '#/x-rbac-catalog/actions/rules:read' - parameters: - - $ref: '#/components/parameters/rule_ids' - - $ref: '#/components/parameters/pretty' - - $ref: '#/components/parameters/wait_for_complete' - - $ref: '#/components/parameters/offset' - - $ref: '#/components/parameters/limit' - - $ref: '#/components/parameters/select' - - $ref: '#/components/parameters/sort' - - $ref: '#/components/parameters/search' - - $ref: '#/components/parameters/query' - - $ref: '#/components/parameters/statusRLDParam' - - $ref: '#/components/parameters/group' - - $ref: '#/components/parameters/level' - - $ref: '#/components/parameters/filename' - - $ref: '#/components/parameters/get_dirnames_path' - - $ref: '#/components/parameters/pci_dss' - - $ref: '#/components/parameters/gdpr' - - $ref: '#/components/parameters/gpg13' - - $ref: '#/components/parameters/hipaa' - - $ref: '#/components/parameters/nist-800-53' - - $ref: '#/components/parameters/tsc' - - $ref: '#/components/parameters/mitre' - responses: - '200': - description: "Rule" - content: - application/json: - schema: - allOf: - - $ref: '#/components/schemas/ApiResponse' - - type: object - properties: - data: - $ref: '#/components/schemas/AllItemsResponseRules' - example: - data: - affected_items: - - description: "Generic template for all syslog rules" - details: - category: syslog - noalert: '1' - file: 0010-rules_config.xml - gdpr: [] - gpg13: [] - groups: - - syslog - hipaa: [] - id: 1 - level: 0 - nist_800_53: [] - tsc: [] - path: ruleset/rules - pci_dss: [] - status: enabled - - description: "Generic template for all web proxy rules" - details: - category: squid - noalert: '1' - file: 0010-rules_config.xml - gdpr: [] - gpg13: [] - groups: - - squid - hipaa: [] - id: 5 - level: 0 - nist_800_53: [] - tsc: [] - path: ruleset/rules - pci_dss: [] - status: enabled - total_affected_items: 54 - failed_items: [] - total_failed_items: 0 - message: "All selected rules were returned" - error: 0 - '400': - $ref: '#/components/responses/ResponseError' - '401': - $ref: '#/components/responses/UnauthorizedResponse' - '403': - $ref: '#/components/responses/PermissionDeniedResponse' - '405': - $ref: '#/components/responses/InvalidHTTPMethodResponse' - '429': - $ref: '#/components/responses/TooManyRequestsResponse' - - /rules/groups: - get: - tags: - - Rules - summary: "Get groups" - description: "Return a list containing all rule groups names" - operationId: api.controllers.rules_controller.get_rules_groups - x-rbac-actions: - - $ref: '#/x-rbac-catalog/actions/rules:read' - parameters: - - $ref: '#/components/parameters/pretty' - - $ref: '#/components/parameters/wait_for_complete' - - $ref: '#/components/parameters/offset' - - $ref: '#/components/parameters/limit' - - $ref: '#/components/parameters/sort' - - $ref: '#/components/parameters/search' - responses: - '200': - description: "Rule groups names" - content: - application/json: - schema: - allOf: - - $ref: '#/components/schemas/ApiResponse' - - type: object - properties: - data: - $ref: '#/components/schemas/AllItemsResponse' - example: - data: - affected_items: - - active_response - - agentless - - attacks - - firewall - - gdpr_II_5.1.f - - gdpr_IV_30.1.g - total_affected_items: 6 - failed_items: [] - total_failed_items: 0 - message: "All groups in rules were returned" - error: 0 - '400': - $ref: '#/components/responses/ResponseError' - '401': - $ref: '#/components/responses/UnauthorizedResponse' - '403': - $ref: '#/components/responses/PermissionDeniedResponse' - '405': - $ref: '#/components/responses/InvalidHTTPMethodResponse' - '429': - $ref: '#/components/responses/TooManyRequestsResponse' - - /rules/requirement/{requirement}: - get: - tags: - - Rules - summary: "Get requirements" - description: "Return all specified requirement names defined in the Wazuh ruleset" - operationId: api.controllers.rules_controller.get_rules_requirement - x-rbac-actions: - - $ref: '#/x-rbac-catalog/actions/rules:read' - parameters: - - $ref: '#/components/parameters/rule_requirement' - - $ref: '#/components/parameters/pretty' - - $ref: '#/components/parameters/wait_for_complete' - - $ref: '#/components/parameters/offset' - - $ref: '#/components/parameters/limit' - - $ref: '#/components/parameters/sort' - - $ref: '#/components/parameters/search' - responses: - '200': - description: "Requirements names" - content: - application/json: - schema: - allOf: - - $ref: '#/components/schemas/ApiResponse' - - type: object - properties: - data: - $ref: '#/components/schemas/AllItemsResponse' - example: - data: - affected_items: - - 10.2.6 - - 10.2.7 - - 10.5.2 - - 10.5.5 - - 10.6.1 - - 11.4 - - 11.5 - total_affected_items: 7 - failed_items: [] - total_failed_items: 0 - message: "All selected rules were returned" - error: 0 - '400': - $ref: '#/components/responses/ResponseError' - '401': - $ref: '#/components/responses/UnauthorizedResponse' - '403': - $ref: '#/components/responses/PermissionDeniedResponse' - '405': - $ref: '#/components/responses/InvalidHTTPMethodResponse' - '429': - $ref: '#/components/responses/TooManyRequestsResponse' - - /rules/files: - get: - tags: - - Rules - summary: "Get files" - description: "Return a list containing all files used to define rules and their status" - operationId: api.controllers.rules_controller.get_rules_files - x-rbac-actions: - - $ref: '#/x-rbac-catalog/actions/rules:read' - parameters: - - $ref: '#/components/parameters/pretty' - - $ref: '#/components/parameters/wait_for_complete' - - $ref: '#/components/parameters/offset' - - $ref: '#/components/parameters/limit' - - $ref: '#/components/parameters/sort' - - $ref: '#/components/parameters/search' - - $ref: '#/components/parameters/get_dirnames_path' - - $ref: '#/components/parameters/filename' - - $ref: '#/components/parameters/statusRLDParam' - responses: - '200': - description: "Rule" - content: - application/json: - schema: - allOf: - - $ref: '#/components/schemas/ApiResponse' - - type: object - properties: - data: - $ref: '#/components/schemas/AllItemsResponseRulesFiles' - example: - data: - affected_items: - - file: 0010-rules_config.xml - path: ruleset/rules - status: enabled - - file: 0015-ossec_rules.xml - path: ruleset/rules - status: enabled - - file: 0016-wazuh_rules.xml - path: ruleset/rules - status: enabled - - file: 0020-syslog_rules.xml - path: ruleset/rules - status: enabled - total_affected_items: 4 - failed_items: [] - total_failed_items: 0 - message: "All rules files were returned" - error: 0 - '400': - $ref: '#/components/responses/ResponseError' - '401': - $ref: '#/components/responses/UnauthorizedResponse' - '403': - $ref: '#/components/responses/PermissionDeniedResponse' - '405': - $ref: '#/components/responses/InvalidHTTPMethodResponse' - '429': - $ref: '#/components/responses/TooManyRequestsResponse' - - /rules/files/{filename}/download: - get: - tags: - - Rules - summary: "Download rule" - description: "Download an specified rule file" - operationId: api.controllers.rules_controller.get_download_file - x-rbac-actions: - - $ref: '#/x-rbac-catalog/actions/rules:read' - parameters: - - $ref: '#/components/parameters/pretty' - - $ref: '#/components/parameters/wait_for_complete' - - $ref: '#/components/parameters/downloadFile' - responses: - '200': - description: "Rule contents" - content: - application/xml: - schema: - type: string - example: | - - - - syslog - Generic template for all syslog rules. - - - - - firewall - Generic template for all firewall rules. - - - - - ids - Generic template for all ids rules. - - - - - web-log - Generic template for all web rules. - - - - - squid - Generic template for all web proxy rules. - - - - - windows - Generic template for all windows rules. - - - - - ossec - Generic template for all ossec rules. - - - '400': - $ref: '#/components/responses/ResponseError' - '401': - $ref: '#/components/responses/UnauthorizedResponse' - '403': - $ref: '#/components/responses/PermissionDeniedResponse' - '405': - $ref: '#/components/responses/InvalidHTTPMethodResponse' - '429': - $ref: '#/components/responses/TooManyRequestsResponse' - - /sca/{agent_id}: - get: - tags: - - SCA - summary: "Get results" - description: "Return the security SCA database of an agent" - operationId: api.controllers.sca_controller.get_sca_agent - x-rbac-actions: - - $ref: '#/x-rbac-catalog/actions/sca:read' - parameters: - - $ref: '#/components/parameters/pretty' - - $ref: '#/components/parameters/wait_for_complete' - - $ref: '#/components/parameters/agent_id' - - $ref: '#/components/parameters/sca_name' - - $ref: '#/components/parameters/description' - - $ref: '#/components/parameters/references' - - $ref: '#/components/parameters/offset' - - $ref: '#/components/parameters/limit' - - $ref: '#/components/parameters/sort' - - $ref: '#/components/parameters/search' - - $ref: '#/components/parameters/query' - responses: - '200': - description: "SCA database elements" - content: - application/json: - schema: - allOf: - - $ref: '#/components/schemas/ApiResponse' - - type: object - properties: - data: - $ref: '#/components/schemas/AllItemsResponseSCADatabase' - example: - data: - affected_items: - - description: "This document provides prescriptive guidance for establishing a secure - configuration posture for Debian Linux 9" - end_scan: '2019-11-13T10:57:09Z' - fail: 26 - hash_file: c5ada687e0c2ae9504be13b965074cc262e62be4e68fe550d464018def4af61c - invalid: 1 - name: CIS benchmark for Debian/Linux 9 L2 - pass: 2 - policy_id: cis_debian9_L2 - references: https://www.cisecurity.org/cis-benchmarks/ - score: 7 - start_scan: '2019-11-13T10:57:09Z' - total_checks: 29 - - description: "This document provides prescriptive guidance for establishing a secure - configuration posture for Debian Linux 9" - end_scan: '2019-11-13T10:57:06Z' - fail: 48 - hash_file: b44ecda10d854ecad25476ed99b5dfd9481e8a846c8d8a7684a1cc3b29f12993 - invalid: 16 - name: CIS benchmark for Debian/Linux 9 L1 - pass: 35 - policy_id: cis_debian9_L1 - references: https://www.cisecurity.org/cis-benchmarks/ - score: 42 - start_scan: '2019-11-13T10:57:06Z' - total_checks: 99 - total_affected_items: 2 - failed_items: [] - total_failed_items: 0 - message: "All selected sca information was returned" - error: 0 - '400': - $ref: '#/components/responses/ResponseError' - '401': - $ref: '#/components/responses/UnauthorizedResponse' - '403': - $ref: '#/components/responses/PermissionDeniedResponse' - '405': - $ref: '#/components/responses/InvalidHTTPMethodResponse' - '429': - $ref: '#/components/responses/TooManyRequestsResponse' - - /sca/{agent_id}/checks/{policy_id}: - get: - tags: - - SCA - summary: "Get policy checks" - description: "Return the policy monitoring alerts for a given policy" - operationId: api.controllers.sca_controller.get_sca_checks - x-rbac-actions: - - $ref: '#/x-rbac-catalog/actions/sca:read' - parameters: - - $ref: '#/components/parameters/pretty' - - $ref: '#/components/parameters/wait_for_complete' - - $ref: '#/components/parameters/agent_id' - - $ref: '#/components/parameters/policy_id' - - $ref: '#/components/parameters/title' - - $ref: '#/components/parameters/description' - - $ref: '#/components/parameters/rationale' - - $ref: '#/components/parameters/remediation' - - $ref: '#/components/parameters/command' - - $ref: '#/components/parameters/status' - - $ref: '#/components/parameters/reason' - - $ref: '#/components/parameters/full_path_filter' - - $ref: '#/components/parameters/process' - - $ref: '#/components/parameters/directory' - - $ref: '#/components/parameters/registry' - - $ref: '#/components/parameters/references' - - $ref: '#/components/parameters/result' - - $ref: '#/components/parameters/condition' - - $ref: '#/components/parameters/offset' - - $ref: '#/components/parameters/limit' - - $ref: '#/components/parameters/sort' - - $ref: '#/components/parameters/search' - - $ref: '#/components/parameters/query' - responses: - '200': - description: "List of SCA Checks for a given policy ID" - content: - application/json: - schema: - allOf: - - $ref: '#/components/schemas/ApiResponse' - - type: object - properties: - data: - $ref: '#/components/schemas/AllItemsResponseSCAChecks' - example: - data: - affected_items: - - remediation: "For new installations, during installation create a custom partition setup and specify - a separate partition for /var. For systems that were previously installed, create a new partition and - configure /etc/fstab as appropriate" - rationale: "Since the /var directory may contain world-writable files and directories, there is a - risk of resource exhaustion if it is not bound to a separate partition" - title: "Ensure separate partition exists for /var" - policy_id: cis_debian - file: /etc/fstab - description: "The /var directory is used by daemons and other system services to temporarily store - dynamic data. Some directories created by these processes may be world-writable" - id: 5003 - result: failed - condition: all - references: "https://tldp.org/HOWTO/LVM-HOWTO/" - compliance: - - key: cis - value: "1.1.6" - - key: cis_csc - value: "5" - - remediation: "Run the following commands to remove exim: # apt-get remove exim4; # apt-get purge - exim4" - rationale: "Unless POP3 and/or IMAP servers are to be provided by this system, it is recommended - that the package be removed to reduce the potential attack surface" - title: "Ensure IMAP and POP3 server is not enabled (POP3)" - policy_id: cis_debian - file: /etc/inetd.conf - description: "Exim is an open source IMAP and POP3 server for Linux based systems" - id: 5022 - result: passed - condition: all - compliance: - - key: cis - value: "2.2.11" - - key: cis_csc - value: "9" - - key: pci_dss - value: "2.2.2" - failed_items: [] - total_affected_items: 2 - total_failed_items: 0 - message: "All selected sca/policy information was returned" - error: 0 - '400': - $ref: '#/components/responses/ResponseError' - '401': - $ref: '#/components/responses/UnauthorizedResponse' - '403': - $ref: '#/components/responses/PermissionDeniedResponse' - '405': - $ref: '#/components/responses/InvalidHTTPMethodResponse' - '429': - $ref: '#/components/responses/TooManyRequestsResponse' - - /syscheck: - put: - tags: - - Syscheck - summary: "Run scan" - description: "Run FIM scan in all agents" - operationId: api.controllers.syscheck_controller.put_syscheck - x-rbac-actions: - - $ref: '#/x-rbac-catalog/actions/syscheck:run' - parameters: - - $ref: '#/components/parameters/agents_list' - - $ref: '#/components/parameters/pretty' - - $ref: '#/components/parameters/wait_for_complete' - responses: - '200': - description: "Confirmation message" - content: - application/json: - schema: - allOf: - - $ref: '#/components/schemas/ApiResponse' - - type: object - properties: - data: - $ref: '#/components/schemas/AllItemsResponseAgentIDs' - example: - data: - affected_items: - - '000' - - '001' - - '002' - - '003' - failed_items: [] - total_affected_items: 4 - total_failed_items: 0 - message: "Syscheck scan was restarted on returned agents" - error: 0 - '400': - $ref: '#/components/responses/ResponseError' - '401': - $ref: '#/components/responses/UnauthorizedResponse' - '403': - $ref: '#/components/responses/PermissionDeniedResponse' - '405': - $ref: '#/components/responses/InvalidHTTPMethodResponse' - '429': - $ref: '#/components/responses/TooManyRequestsResponse' - - /syscheck/{agent_id}: - get: - tags: - - Syscheck - summary: "Get results" - description: "Return FIM findings in the specified agent" - operationId: api.controllers.syscheck_controller.get_syscheck_agent - x-rbac-actions: - - $ref: '#/x-rbac-catalog/actions/syscheck:read' - parameters: - - $ref: '#/components/parameters/agent_id' - - $ref: '#/components/parameters/pretty' - - $ref: '#/components/parameters/wait_for_complete' - - $ref: '#/components/parameters/offset' - - $ref: '#/components/parameters/limit' - - $ref: '#/components/parameters/sort' - - $ref: '#/components/parameters/search' - - $ref: '#/components/parameters/select' - - $ref: '#/components/parameters/full_path_filter' - - $ref: '#/components/parameters/filetype' - - $ref: '#/components/parameters/summary' - - $ref: '#/components/parameters/md5' - - $ref: '#/components/parameters/sha1' - - $ref: '#/components/parameters/sha256' - - $ref: '#/components/parameters/hashfilter' - - $ref: '#/components/parameters/distinct' - - $ref: '#/components/parameters/query' - responses: - '200': - description: "Latest syscheck scan result" - content: - application/json: - schema: - allOf: - - $ref: '#/components/schemas/ApiResponse' - - type: object - properties: - data: - $ref: '#/components/schemas/AllItemsResponseSyscheckResult' - example: - data: - affected_items: - - changes: 1 - date: '2019-11-22T10:24:52Z' - file: "/etc/dpkg/origins/debian" - gid: '0' - gname: root - inode: 1459742 - md5: 731423fa8ba067262f8ef37882d1e742 - mtime: '2009-02-02T23:06:58Z' - perm: '100644' - sha1: b65f7f2af66c53b51765877bbe91a22bc6fca1e2 - sha256: 50f35af8ac4a5df3690991a4b428fa49d56580b0020fcc6e38283b3b1b2e6c74 - size: 82 - type: file - uid: '0' - uname: root - - changes: 1 - date: '2019-11-22T10:24:56Z' - file: "/etc/sgml/xml-core.cat" - gid: '0' - gname: root - inode: 2896763 - md5: 055ba0bd3154c0a58b9bf8a0c9ecf2fa - mtime: '2012-11-07T21:44:21Z' - perm: '100644' - sha1: 3dec5570307472381671ff18bbe4d4be09951690 - sha256: 3c46704b553c4b55ce928ffe89badfcfd08a02f0e6558211dfd57d9ae1e72aa4 - size: 45 - type: file - uid: '0' - uname: root - total_affected_items: 1433 - failed_items: [] - total_failed_items: 0 - message: "FIM findings of the agent were returned" - error: 0 - '400': - $ref: '#/components/responses/ResponseError' - '401': - $ref: '#/components/responses/UnauthorizedResponse' - '403': - $ref: '#/components/responses/PermissionDeniedResponse' - '405': - $ref: '#/components/responses/InvalidHTTPMethodResponse' - '429': - $ref: '#/components/responses/TooManyRequestsResponse' - - delete: - tags: - - Syscheck - summary: "Clear results" - description: "Clear file integrity monitoring scan results for a specified agent" - operationId: api.controllers.syscheck_controller.delete_syscheck_agent - x-rbac-actions: - - $ref: '#/x-rbac-catalog/actions/syscheck:clear' - parameters: - - $ref: '#/components/parameters/agent_id' - - $ref: '#/components/parameters/pretty' - - $ref: '#/components/parameters/wait_for_complete' - responses: - '200': - description: "Confirmation message" - content: - application/json: - schema: - allOf: - - $ref: '#/components/schemas/ApiResponse' - - type: object - properties: - data: - $ref: '#/components/schemas/AllItemsResponse' - example: - data: - affected_items: - - '000' - total_affected_items: 1 - failed_items: [] - total_failed_items: 0 - message: "Syscheck database was cleared on returned agents" - error: 0 - '400': - $ref: '#/components/responses/ResponseError' - '401': - $ref: '#/components/responses/UnauthorizedResponse' - '403': - $ref: '#/components/responses/PermissionDeniedResponse' - '405': - $ref: '#/components/responses/InvalidHTTPMethodResponse' - '429': - $ref: '#/components/responses/TooManyRequestsResponse' - - /syscheck/{agent_id}/last_scan: - get: - tags: - - Syscheck - summary: "Get last scan datetime" - description: "Return when the last syscheck scan started and ended. If the scan is still in progress the end date - will be unknown" - operationId: api.controllers.syscheck_controller.get_last_scan_agent - x-rbac-actions: - - $ref: '#/x-rbac-catalog/actions/syscheck:read' - parameters: - - $ref: '#/components/parameters/pretty' - - $ref: '#/components/parameters/wait_for_complete' - - $ref: '#/components/parameters/agent_id' - responses: - '200': - description: "Scan dates" - content: - application/json: - schema: - allOf: - - $ref: '#/components/schemas/ApiResponse' - - type: object - properties: - data: - $ref: '#/components/schemas/AllItemsResponseSyscheckLastScan' - example: - data: - affected_items: - - end: '2019-11-22T10:47:56Z' - start: '2019-11-22T10:47:32Z' - total_affected_items: 1 - failed_items: [] - total_failed_items: 0 - message: "Last syscheck scan of the agent was returned" - error: 0 - '400': - $ref: '#/components/responses/ResponseError' - '401': - $ref: '#/components/responses/UnauthorizedResponse' - '403': - $ref: '#/components/responses/PermissionDeniedResponse' - '405': - $ref: '#/components/responses/InvalidHTTPMethodResponse' - '429': - $ref: '#/components/responses/TooManyRequestsResponse' - - /decoders: - get: - tags: - - Decoders - summary: "List decoders" - description: "Return information about all decoders included in ossec.conf. This information include decoder's - route, decoder's name, decoder's file among others" - operationId: api.controllers.decoders_controller.get_decoders - x-rbac-actions: - - $ref: '#/x-rbac-catalog/actions/decoders:read' - parameters: - - $ref: '#/components/parameters/decoder_name' - - $ref: '#/components/parameters/pretty' - - $ref: '#/components/parameters/wait_for_complete' - - $ref: '#/components/parameters/offset' - - $ref: '#/components/parameters/limit' - - $ref: '#/components/parameters/select' - - $ref: '#/components/parameters/sort' - - $ref: '#/components/parameters/search' - - $ref: '#/components/parameters/query' - - $ref: '#/components/parameters/filename' - - $ref: '#/components/parameters/get_dirnames_path' - - $ref: '#/components/parameters/statusRLDParam' - responses: - '200': - description: "List of decoders included in ossec.conf" - content: - application/json: - schema: - allOf: - - $ref: '#/components/schemas/ApiResponse' - - type: object - properties: - data: - $ref: '#/components/schemas/AllItemsResponseDecoders' - example: - data: - affected_items: - - filename: 0005-wazuh_decoders.xml - relative_dirname: ruleset/decoders - status: enabled - name: wazuh - position: 0 - details: - prematch: "^wazuh: " - - filename: 0005-wazuh_decoders.xml - relative_dirname: ruleset/decoders - status: enabled - name: agent-buffer - position: 1 - details: - parent: wazuh - prematch: "^Agent buffer:" - regex: - - "^ '(\\S+)'." - order: level - total_affected_items: 2 - failed_items: [] - total_failed_items: 0 - message: "All selected decoders were returned" - error: 0 - '400': - $ref: '#/components/responses/ResponseError' - '401': - $ref: '#/components/responses/UnauthorizedResponse' - '403': - $ref: '#/components/responses/PermissionDeniedResponse' - '405': - $ref: '#/components/responses/InvalidHTTPMethodResponse' - '429': - $ref: '#/components/responses/TooManyRequestsResponse' - - /decoders/files: - get: - tags: - - Decoders - summary: "Get files" - description: "Return information about all decoders files used in Wazuh. This information include decoder's file, - decoder's route and decoder's status among others" - operationId: api.controllers.decoders_controller.get_decoders_files - x-rbac-actions: - - $ref: '#/x-rbac-catalog/actions/decoders:read' - parameters: - - $ref: '#/components/parameters/pretty' - - $ref: '#/components/parameters/wait_for_complete' - - $ref: '#/components/parameters/offset' - - $ref: '#/components/parameters/limit' - - $ref: '#/components/parameters/sort' - - $ref: '#/components/parameters/search' - - $ref: '#/components/parameters/filename' - - $ref: '#/components/parameters/get_dirnames_path' - - $ref: '#/components/parameters/statusRLDParam' - responses: - '200': - description: "List of decoders files" - content: - application/json: - schema: - allOf: - - $ref: '#/components/schemas/ApiResponse' - - type: object - properties: - data: - $ref: '#/components/schemas/AllItemsResponseDecodersFiles' - example: - data: - affected_items: - - filename: 0005-wazuh_decoders.xml - relative_dirname: ruleset/decoders - status: enabled - - filename: 0006-json_decoders.xml - relative_dirname: ruleset/decoders - status: enabled - - filename: 0010-active-response_decoders.xml - relative_dirname: ruleset/decoders - status: enabled - total_affected_items: 3 - failed_items: [] - total_failed_items: 0 - message: "All decoder files were returned" - error: 0 - '400': - $ref: '#/components/responses/ResponseError' - '401': - $ref: '#/components/responses/UnauthorizedResponse' - '403': - $ref: '#/components/responses/PermissionDeniedResponse' - '405': - $ref: '#/components/responses/InvalidHTTPMethodResponse' - '429': - $ref: '#/components/responses/TooManyRequestsResponse' - - /decoders/files/{filename}/download: - get: - tags: - - Decoders - summary: "Download decoder" - description: "Download an specified decoder file" - operationId: api.controllers.decoders_controller.get_download_file - x-rbac-actions: - - $ref: '#/x-rbac-catalog/actions/decoders:read' - parameters: - - $ref: '#/components/parameters/pretty' - - $ref: '#/components/parameters/wait_for_complete' - - $ref: '#/components/parameters/downloadFile' - responses: - '200': - description: "Decoder contents" - content: - application/xml: - schema: - type: string - example: | - - - ^{\s*" - JSON_Decoder - - '400': - $ref: '#/components/responses/ResponseError' - '401': - $ref: '#/components/responses/UnauthorizedResponse' - '403': - $ref: '#/components/responses/PermissionDeniedResponse' - '405': - $ref: '#/components/responses/InvalidHTTPMethodResponse' - '429': - $ref: '#/components/responses/TooManyRequestsResponse' - - /decoders/parents: - get: - tags: - - Decoders - summary: "Get parent decoders" - description: "Return information about all parent decoders. A parent decoder is a decoder used as base of other - decoders" - operationId: api.controllers.decoders_controller.get_decoders_parents - x-rbac-actions: - - $ref: '#/x-rbac-catalog/actions/decoders:read' - parameters: - - $ref: '#/components/parameters/pretty' - - $ref: '#/components/parameters/wait_for_complete' - - $ref: '#/components/parameters/offset' - - $ref: '#/components/parameters/limit' - - $ref: '#/components/parameters/select' - - $ref: '#/components/parameters/sort' - - $ref: '#/components/parameters/search' - responses: - '200': - description: "List of parent decoders" - content: - application/json: - schema: - allOf: - - $ref: '#/components/schemas/ApiResponse' - - type: object - properties: - data: - $ref: '#/components/schemas/AllItemsResponse' - example: - data: - affected_items: - - filename: 0005-wazuh_decoders.xml - relative_dirname: ruleset/decoders - status: enabled - name: wazuh - position: 0 - details: - prematch: "^wazuh: " - - filename: 0006-json_decoders.xml - relative_dirname: ruleset/decoders - status: enabled - name: json - position: 0 - details: - prematch: ^{\s*" - plugin_decoder: JSON_Decoder - total_affected_items: 2 - failed_items: [] - total_failed_items: 0 - message: "All selected decoders were returned" - error: 0 - '400': - $ref: '#/components/responses/ResponseError' - '401': - $ref: '#/components/responses/UnauthorizedResponse' - '403': - $ref: '#/components/responses/PermissionDeniedResponse' - '405': - $ref: '#/components/responses/InvalidHTTPMethodResponse' - '429': - $ref: '#/components/responses/TooManyRequestsResponse' - - /experimental/syscheck: - delete: - tags: - - Experimental - summary: "Clear agents FIM results" - description: "Clear the syscheck database for all agents or a list of them" - operationId: api.controllers.experimental_controller.clear_syscheck_database - x-rbac-actions: - - $ref: '#/x-rbac-catalog/actions/syscheck:clear' - parameters: - - $ref: '#/components/parameters/pretty' - - $ref: '#/components/parameters/wait_for_complete' - - $ref: '#/components/parameters/agents_list_delete' - responses: - '200': - description: "Delete syscheck database" - content: - application/json: - schema: - allOf: - - $ref: '#/components/schemas/ApiResponse' - - type: object - properties: - data: - $ref: '#/components/schemas/AllItemsResponseAgentIDs' - example: - data: - affected_items: - - '000' - - '001' - - '002' - - '003' - - '004' - - '005' - - '006' - - '007' - - '008' - - '009' - - '010' - - '011' - - '012' - failed_items: [] - total_affected_items: 13 - total_failed_items: 0 - message: Cleared syscheck database on shown agents - error: 0 - '400': - $ref: '#/components/responses/ResponseError' - '401': - $ref: '#/components/responses/UnauthorizedResponse' - '403': - $ref: '#/components/responses/PermissionDeniedResponse' - '405': - $ref: '#/components/responses/InvalidHTTPMethodResponse' - '429': - $ref: '#/components/responses/TooManyRequestsResponse' - - /experimental/ciscat/results: - get: - tags: - - Experimental - summary: "Get agents CIS-CAT results" - description: "Return CIS-CAT results for all agents or a list of them" - operationId: api.controllers.experimental_controller.get_cis_cat_results - x-rbac-actions: - - $ref: '#/x-rbac-catalog/actions/ciscat:read' - parameters: - - $ref: '#/components/parameters/pretty' - - $ref: '#/components/parameters/wait_for_complete' - - $ref: '#/components/parameters/agents_list' - - $ref: '#/components/parameters/offset' - - $ref: '#/components/parameters/limit' - - $ref: '#/components/parameters/sort' - - $ref: '#/components/parameters/search' - - $ref: '#/components/parameters/select' - - $ref: '#/components/parameters/benchmark' - - $ref: '#/components/parameters/profile' - - $ref: '#/components/parameters/pass' - - $ref: '#/components/parameters/fail' - - $ref: '#/components/parameters/error' - - $ref: '#/components/parameters/notchecked' - - $ref: '#/components/parameters/unknown' - - $ref: '#/components/parameters/score' - responses: - '200': - description: "Return a list of CIS-CAT results" - content: - application/json: - schema: - allOf: - - $ref: '#/components/schemas/ApiResponse' - - type: object - properties: - data: - $ref: '#/components/schemas/AllItemsResponseCiscatResult' - example: - data: - affected_items: - - agent_id: '001' - benchmark: CIS Ubuntu Linux 16.04 LTS Benchmark - error: 0 - fail: 82 - notchecked: 36 - pass: 102 - profile: xccdf_org.cisecurity.benchmarks_profile_Level_2_-_Server - scan: - id: 1422619291 - time: '2019-12-03T08:38:35.230Z' - score: 55 - unknown: 0 - - agent_id: '002' - benchmark: CIS Ubuntu Linux 16.04 LTS Benchmark - error: 0 - fail: 82 - notchecked: 36 - pass: 102 - profile: xccdf_org.cisecurity.benchmarks_profile_Level_2_-_Server - scan: - id: 1794774880 - time: '2019-12-03T08:38:27.743Z' - score: 55 - unknown: 0 - - agent_id: '003' - benchmark: CIS Ubuntu Linux 16.04 LTS Benchmark - error: 0 - fail: 82 - notchecked: 36 - pass: 102 - profile: xccdf_org.cisecurity.benchmarks_profile_Level_2_-_Server - scan: - id: 622382213 - time: '2019-12-03T08:39:02.569Z' - score: 55 - unknown: 0 - failed_items: [] - total_affected_items: 3 - total_failed_items: 0 - message: 'All CISCAT results were returned' - error: 0 - '400': - $ref: '#/components/responses/ResponseError' - '401': - $ref: '#/components/responses/UnauthorizedResponse' - '403': - $ref: '#/components/responses/PermissionDeniedResponse' - '405': - $ref: '#/components/responses/InvalidHTTPMethodResponse' - '429': - $ref: '#/components/responses/TooManyRequestsResponse' - - /experimental/syscollector/hardware: - get: - tags: - - Experimental - summary: "Get agents hardware" - description: "Return all agents (or a list of them) hardware info. This information include cpu, ram, scan info - among others of all agents" - operationId: api.controllers.experimental_controller.get_hardware_info - x-rbac-actions: - - $ref: '#/x-rbac-catalog/actions/syscollector:read' - parameters: - - $ref: '#/components/parameters/pretty' - - $ref: '#/components/parameters/wait_for_complete' - - $ref: '#/components/parameters/agents_list' - - $ref: '#/components/parameters/offset' - - $ref: '#/components/parameters/limit' - - $ref: '#/components/parameters/sort' - - $ref: '#/components/parameters/search' - - $ref: '#/components/parameters/select' - - $ref: '#/components/parameters/ram.free' - - $ref: '#/components/parameters/ram.total' - - $ref: '#/components/parameters/cpu.cores' - - $ref: '#/components/parameters/cpu.mhz' - - $ref: '#/components/parameters/cpu.name' - - $ref: '#/components/parameters/board_serial' - responses: - '200': - description: "Return a list of agent's hardware results" - content: - application/json: - schema: - allOf: - - $ref: '#/components/schemas/ApiResponse' - - type: object - properties: - data: - $ref: '#/components/schemas/AllItemsResponseSyscollectorHardware' - example: - data: - affected_items: - - agent_id: '000' - board_serial: BSS-0123456789 - cpu: - cores: 12 - mhz: 3094.875 - name: Intel(R) Core(TM) i7-8750H CPU @ 2.20GHz - ram: - free: 6958480 - total: 16263580 - usage: 58 - scan: - id: 1452382474 - time: '2019-12-03T08:37:42Z' - - agent_id: '001' - board_serial: BSS-0123456789 - cpu: - cores: 12 - mhz: 2688.144 - name: Intel(R) Core(TM) i7-8750H CPU @ 2.20GHz - ram: - free: 5793604 - total: 16263580 - usage: 65 - scan: - id: 1317471702 - time: '2019-12-03T08:38:29Z' - - agent_id: '002' - board_serial: BSS-0123456789 - cpu: - cores: 12 - mhz: 2896.127 - name: Intel(R) Core(TM) i7-8750H CPU @ 2.20GHz - ram: - free: 5844192 - total: 16263580 - usage: 65 - scan: - id: 2069790203 - time: '2019-12-03T08:38:21Z' - failed_items: [] - total_affected_items: 3 - total_failed_items: 0 - message: "All specified syscollector information was returned" - error: 0 - '400': - $ref: '#/components/responses/ResponseError' - '401': - $ref: '#/components/responses/UnauthorizedResponse' - '403': - $ref: '#/components/responses/PermissionDeniedResponse' - '405': - $ref: '#/components/responses/InvalidHTTPMethodResponse' - '429': - $ref: '#/components/responses/TooManyRequestsResponse' - - /experimental/syscollector/netaddr: - get: - tags: - - Experimental - summary: "Get agents netaddr" - description: "Return all agents (or a list of them) IPv4 and IPv6 addresses associated to their network - interfaces. This information include used IP protocol, interface, and IP address among others" - operationId: api.controllers.experimental_controller.get_network_address_info - x-rbac-actions: - - $ref: '#/x-rbac-catalog/actions/syscollector:read' - parameters: - - $ref: '#/components/parameters/pretty' - - $ref: '#/components/parameters/wait_for_complete' - - $ref: '#/components/parameters/agents_list' - - $ref: '#/components/parameters/offset' - - $ref: '#/components/parameters/limit' - - $ref: '#/components/parameters/sort' - - $ref: '#/components/parameters/search' - - $ref: '#/components/parameters/select' - - $ref: '#/components/parameters/proto' - - $ref: '#/components/parameters/address' - - $ref: '#/components/parameters/broadcast' - - $ref: '#/components/parameters/netmask' - responses: - '200': - description: "Return a list of agent's network results" - content: - application/json: - schema: - allOf: - - $ref: '#/components/schemas/ApiResponse' - - type: object - properties: - data: - $ref: '#/components/schemas/AllItemsResponseSyscollectorNetwork' - example: - data: - affected_items: - - address: 172.23.0.3 - agent_id: '000' - broadcast: 172.23.255.255 - iface: eth0 - netmask: 255.255.0.0 - proto: ipv4 - scan: - id: 1921972007 - - address: 172.23.0.6 - agent_id: '001' - broadcast: 172.23.255.255 - iface: eth0 - netmask: 255.255.0.0 - proto: ipv4 - scan: - id: 1704225423 - - address: 172.23.0.7 - agent_id: '002' - broadcast: 172.23.255.255 - iface: eth0 - netmask: 255.255.0.0 - proto: ipv4 - scan: - id: 1393900138 - failed_items: [] - total_affected_items: 3 - total_failed_items: 0 - message: "All specified syscollector information was returned" - error: 0 - '400': - $ref: '#/components/responses/ResponseError' - '401': - $ref: '#/components/responses/UnauthorizedResponse' - '403': - $ref: '#/components/responses/PermissionDeniedResponse' - '405': - $ref: '#/components/responses/InvalidHTTPMethodResponse' - '429': - $ref: '#/components/responses/TooManyRequestsResponse' - - /experimental/syscollector/netiface: - get: - tags: - - Experimental - summary: "Get agents netiface" - description: "Return all agents (or a list of them) network interfaces. This information includes rx, scan, tx - info and some network information among other" - operationId: api.controllers.experimental_controller.get_network_interface_info - x-rbac-actions: - - $ref: '#/x-rbac-catalog/actions/syscollector:read' - parameters: - - $ref: '#/components/parameters/pretty' - - $ref: '#/components/parameters/wait_for_complete' - - $ref: '#/components/parameters/agents_list' - - $ref: '#/components/parameters/offset' - - $ref: '#/components/parameters/limit' - - $ref: '#/components/parameters/sort' - - $ref: '#/components/parameters/search' - - $ref: '#/components/parameters/select' - - $ref: '#/components/parameters/name' - - $ref: '#/components/parameters/adapter' - - $ref: '#/components/parameters/type_syscollector' - - $ref: '#/components/parameters/state' - - $ref: '#/components/parameters/mtu' - - $ref: '#/components/parameters/tx.packets' - - $ref: '#/components/parameters/rx.packets' - - $ref: '#/components/parameters/tx.bytes' - - $ref: '#/components/parameters/rx.bytes' - - $ref: '#/components/parameters/tx.errors' - - $ref: '#/components/parameters/rx.errors' - - $ref: '#/components/parameters/tx.dropped' - - $ref: '#/components/parameters/rx.dropped' - responses: - '200': - description: "Return a list of agent's network interfaces results" - content: - application/json: - schema: - allOf: - - $ref: '#/components/schemas/ApiResponse' - - type: object - properties: - data: - $ref: '#/components/schemas/AllItemsResponseSyscollectorInterface' - example: - data: - affected_items: - - agent_id: '000' - mac: 02:42:ac:17:00:03 - mtu: 1500 - name: eth0 - rx: - bytes: 7161 - dropped: 0 - errors: 0 - packets: 58 - scan: - id: 1921972007 - time: '2019-12-03T09:57:04Z' - state: up - tx: - bytes: 115 - dropped: 0 - errors: 0 - packets: 2 - type: ethernet - - agent_id: '001' - mac: 02:42:ac:17:00:06 - mtu: 1500 - name: eth0 - rx: - bytes: 868555 - dropped: 0 - errors: 0 - packets: 1037 - scan: - id: 1704225423 - time: '2019-12-03T09:57:42Z' - state: up - tx: - bytes: 231924 - dropped: 0 - errors: 0 - packets: 910 - type: ethernet - - agent_id: '002' - mac: 02:42:ac:17:00:07 - mtu: 1500 - name: eth0 - rx: - bytes: 876071 - dropped: 0 - errors: 0 - packets: 1152 - scan: - id: 1393900138 - time: '2019-12-03T09:57:43Z' - state: up - tx: - bytes: 232396 - dropped: 0 - errors: 0 - packets: 906 - type: ethernet - failed_items: [] - total_affected_items: 3 - total_failed_items: 0 - message: "All specified syscollector information was returned" - error: 0 - '400': - $ref: '#/components/responses/ResponseError' - '401': - $ref: '#/components/responses/UnauthorizedResponse' - '403': - $ref: '#/components/responses/PermissionDeniedResponse' - '405': - $ref: '#/components/responses/InvalidHTTPMethodResponse' - '429': - $ref: '#/components/responses/TooManyRequestsResponse' - - /experimental/syscollector/netproto: - get: - tags: - - Experimental - summary: "Get agents netproto" - description: "Return all agents (or a list of them) routing configuration for each network interface. This - information includes interface, type protocol information among other" - operationId: api.controllers.experimental_controller.get_network_protocol_info - x-rbac-actions: - - $ref: '#/x-rbac-catalog/actions/syscollector:read' - parameters: - - $ref: '#/components/parameters/pretty' - - $ref: '#/components/parameters/wait_for_complete' - - $ref: '#/components/parameters/agents_list' - - $ref: '#/components/parameters/offset' - - $ref: '#/components/parameters/limit' - - $ref: '#/components/parameters/sort' - - $ref: '#/components/parameters/search' - - $ref: '#/components/parameters/select' - - $ref: '#/components/parameters/iface' - - $ref: '#/components/parameters/type_syscollector' - - $ref: '#/components/parameters/gateway' - - $ref: '#/components/parameters/dhcp' - responses: - '200': - description: "Return a list of agent's network protocol results" - content: - application/json: - schema: - allOf: - - $ref: '#/components/schemas/ApiResponse' - - type: object - properties: - data: - $ref: '#/components/schemas/AllItemsResponseSyscollectorProtocol' - example: - data: - affected_items: - - scan: - id: 1248412797 - iface: eth0 - type: ipv4 - gateway: 172.24.0.1 - dhcp: "enabled" - agent_id: '000' - - scan: - id: 1213296763 - iface: eth0 - type: ipv4 - gateway: 172.24.0.1 - dhcp: "enabled" - agent_id: '001' - - scan: - id: 341262067 - type: ipv4 - iface: eth0 - dhcp: "enabled" - gateway: 172.24.0.1 - agent_id: '002' - total_affected_items: 3 - total_failed_items: 0 - failed_items: [] - message: "All specified syscollector information was returned" - error: 0 - '400': - $ref: '#/components/responses/ResponseError' - '401': - $ref: '#/components/responses/UnauthorizedResponse' - '403': - $ref: '#/components/responses/PermissionDeniedResponse' - '405': - $ref: '#/components/responses/InvalidHTTPMethodResponse' - '429': - $ref: '#/components/responses/TooManyRequestsResponse' - - /experimental/syscollector/os: - get: - tags: - - Experimental - summary: "Get agents OS" - description: "Return all agents (or a list of them) OS info. This information includes os information, - architecture information among other" - operationId: api.controllers.experimental_controller.get_os_info - x-rbac-actions: - - $ref: '#/x-rbac-catalog/actions/syscollector:read' - parameters: - - $ref: '#/components/parameters/pretty' - - $ref: '#/components/parameters/wait_for_complete' - - $ref: '#/components/parameters/agents_list' - - $ref: '#/components/parameters/offset' - - $ref: '#/components/parameters/limit' - - $ref: '#/components/parameters/sort' - - $ref: '#/components/parameters/search' - - $ref: '#/components/parameters/select' - - $ref: '#/components/parameters/os.name' - - $ref: '#/components/parameters/architecture' - - $ref: '#/components/parameters/os.version' - - $ref: '#/components/parameters/version' - - $ref: '#/components/parameters/release' - responses: - '200': - description: "Return a list of agent's OS results" - content: - application/json: - schema: - allOf: - - $ref: '#/components/schemas/ApiResponse' - - type: object - properties: - data: - $ref: '#/components/schemas/AllItemsResponseSyscollectorOS' - example: - data: - affected_items: - - os: - codename: Bionic Beaver - major: '18' - minor: '04' - name: Ubuntu - platform: ubuntu - version: 18.04.4 LTS (Bionic Beaver) - scan: - id: 496386874 - time: '2020-04-15T11:02:03Z' - sysname: Linux - hostname: wazuh-master - version: "#34~1584408018~19.10~21df4b1-Ubuntu SMP Tue Mar 17 13:38:51 UTC " - release: 5.3.0-7642-generic - architecture: x86_64 - agent_id: '000' - - os: - codename: Xenial Xerus - major: '16' - minor: '04' - name: Ubuntu - platform: ubuntu - version: 16.04.6 LTS (Xenial Xerus) - scan: - id: 196194860 - time: '2020-04-15T11:02:23Z' - sysname: Linux - hostname: wazuh-agent1 - version: "#34~1584408018~19.10~21df4b1-Ubuntu SMP Tue Mar 17 13:38:51 UTC " - release: 5.3.0-7642-generic - architecture: x86_64 - agent_id: '001' - - os: - codename: Xenial Xerus - major: '16' - minor: '04' - name: Ubuntu - platform: ubuntu - version: 16.04.6 LTS (Xenial Xerus) - scan: - id: 763390318 - time: '2020-04-15T11:02:52Z' - hostname: wazuh-agent2 - release: 5.3.0-7642-generic - version: "#34~1584408018~19.10~21df4b1-Ubuntu SMP Tue Mar 17 13:38:51 UTC " - architecture: x86_64 - sysname: Linux - agent_id: '002' - total_affected_items: 3 - total_failed_items: 0 - failed_items: [] - message: "All specified syscollector information was returned" - error: 0 - '400': - $ref: '#/components/responses/ResponseError' - '401': - $ref: '#/components/responses/UnauthorizedResponse' - '403': - $ref: '#/components/responses/PermissionDeniedResponse' - '405': - $ref: '#/components/responses/InvalidHTTPMethodResponse' - '429': - $ref: '#/components/responses/TooManyRequestsResponse' - - /experimental/syscollector/packages: - get: - tags: - - Experimental - summary: "Get agents packages" - description: "Return all agents (or a list of them) packages info. This information includes name, section, size, - and priority information of all packages among other" - operationId: api.controllers.experimental_controller.get_packages_info - x-rbac-actions: - - $ref: '#/x-rbac-catalog/actions/syscollector:read' - parameters: - - $ref: '#/components/parameters/pretty' - - $ref: '#/components/parameters/wait_for_complete' - - $ref: '#/components/parameters/agents_list' - - $ref: '#/components/parameters/offset' - - $ref: '#/components/parameters/limit' - - $ref: '#/components/parameters/sort' - - $ref: '#/components/parameters/search' - - $ref: '#/components/parameters/select' - - $ref: '#/components/parameters/vendor' - - $ref: '#/components/parameters/name' - - $ref: '#/components/parameters/architecture' - - $ref: '#/components/parameters/file_format' - - $ref: '#/components/parameters/package_version' - responses: - '200': - description: "Return a list of agent's packages results" - content: - application/json: - schema: - allOf: - - $ref: '#/components/schemas/ApiResponse' - - type: object - properties: - data: - $ref: '#/components/schemas/AllItemsResponseSyscollectorPackages' - example: - data: - affected_items: - - scan: - id: 1137251326 - time: '2020-04-15T11:02:03Z' - name: libquadmath0 - size: 269 - version: 8.4.0-1ubuntu1~18.04 - source: gcc-8 - format: deb - section: libs - architecture: amd64 - multiarch: same - description: GCC Quad-Precision Math Library - priority: optional - vendor: Ubuntu Core developers - agent_id: '000' - - scan: - id: 1137251326 - time: '2020-04-15T11:02:03Z' - name: libnpth0 - size: 32 - version: 1.5-3 - source: npth - format: deb - section: libs - architecture: amd64 - multiarch: same - description: replacement for GNU Pth using system threads - priority: optional - vendor: Ubuntu Developers - agent_id: '000' - - scan: - id: 1137251326 - time: '2020-04-15T11:02:03Z' - name: fdisk - size: 427 - version: 2.31.1-0.4ubuntu3.5 - source: util-linux - format: deb - section: utils - architecture: amd64 - multiarch: foreign - description: collection of partitioning utilities - priority: important - vendor: Ubuntu Developers - agent_id: '000' - total_affected_items: 3 - total_failed_items: 0 - failed_items: [] - message: "All specified syscollector information was returned" - error: 0 - '400': - $ref: '#/components/responses/ResponseError' - '401': - $ref: '#/components/responses/UnauthorizedResponse' - '403': - $ref: '#/components/responses/PermissionDeniedResponse' - '405': - $ref: '#/components/responses/InvalidHTTPMethodResponse' - '429': - $ref: '#/components/responses/TooManyRequestsResponse' - - /experimental/syscollector/ports: - get: - tags: - - Experimental - summary: "Get agents ports" - description: "Return all agents (or a list of them) ports info. This information includes local IP, Remote IP, - protocol information among other" - operationId: api.controllers.experimental_controller.get_ports_info - x-rbac-actions: - - $ref: '#/x-rbac-catalog/actions/syscollector:read' - parameters: - - $ref: '#/components/parameters/pretty' - - $ref: '#/components/parameters/wait_for_complete' - - $ref: '#/components/parameters/agents_list' - - $ref: '#/components/parameters/offset' - - $ref: '#/components/parameters/limit' - - $ref: '#/components/parameters/sort' - - $ref: '#/components/parameters/search' - - $ref: '#/components/parameters/select' - - $ref: '#/components/parameters/pid' - - $ref: '#/components/parameters/protocol' - - $ref: '#/components/parameters/local.ip' - - $ref: '#/components/parameters/local.port' - - $ref: '#/components/parameters/remote.ip' - - $ref: '#/components/parameters/tx_queue' - - $ref: '#/components/parameters/state' - - $ref: '#/components/parameters/process' - responses: - '200': - description: "Return a list of agent's packages results" - content: - application/json: - schema: - allOf: - - $ref: '#/components/schemas/ApiResponse' - - type: object - properties: - data: - $ref: '#/components/schemas/AllItemsResponseSyscollectorPorts' - example: - data: - affected_items: - - local: - ip: 127.0.0.11 - port: 46841 - remote: - ip: 0.0.0.0 - port: 0 - scan: - id: 315935312 - time: '2020-04-15T11:02:07Z' - rx_queue: 0 - state: listening - protocol: tcp - inode: 12387152 - tx_queue: 0 - agent_id: '000' - - local: - ip: 0.0.0.0 - port: 1514 - remote: - ip: 0.0.0.0 - port: 0 - scan: - id: 315935312 - time: '2020-04-15T11:02:07Z' - rx_queue: 0 - state: listening - protocol: tcp - inode: 12397927 - tx_queue: 0 - agent_id: '000' - - local: - ip: 0.0.0.0 - port: 1515 - remote: - ip: 0.0.0.0 - port: 0 - scan: - id: 315935312 - time: '2020-04-15T11:02:07Z' - rx_queue: 0 - state: listening - protocol: tcp - inode: 12397153 - tx_queue: 0 - agent_id: '000' - total_affected_items: 3 - total_failed_items: 0 - failed_items: [] - message: "All specified syscollector information was returned" - error: 0 - '400': - $ref: '#/components/responses/ResponseError' - '401': - $ref: '#/components/responses/UnauthorizedResponse' - '403': - $ref: '#/components/responses/PermissionDeniedResponse' - '405': - $ref: '#/components/responses/InvalidHTTPMethodResponse' - '429': - $ref: '#/components/responses/TooManyRequestsResponse' - - /experimental/syscollector/processes: - get: - tags: - - Experimental - summary: "Get agents processes" - description: "Return all agents (or a list of them) processes info" - operationId: api.controllers.experimental_controller.get_processes_info - x-rbac-actions: - - $ref: '#/x-rbac-catalog/actions/syscollector:read' - parameters: - - $ref: '#/components/parameters/pretty' - - $ref: '#/components/parameters/wait_for_complete' - - $ref: '#/components/parameters/agents_list' - - $ref: '#/components/parameters/offset' - - $ref: '#/components/parameters/limit' - - $ref: '#/components/parameters/sort' - - $ref: '#/components/parameters/search' - - $ref: '#/components/parameters/select' - - $ref: '#/components/parameters/process_pid' - - $ref: '#/components/parameters/process_state' - - $ref: '#/components/parameters/ppid' - - $ref: '#/components/parameters/egroup' - - $ref: '#/components/parameters/euser' - - $ref: '#/components/parameters/fgroup' - - $ref: '#/components/parameters/process_name' - - $ref: '#/components/parameters/nlwp' - - $ref: '#/components/parameters/pgrp' - - $ref: '#/components/parameters/priority' - - $ref: '#/components/parameters/rgroup' - - $ref: '#/components/parameters/ruser' - - $ref: '#/components/parameters/sgroup' - - $ref: '#/components/parameters/suser' - responses: - '200': - description: "Return a list of agent's processes results" - content: - application/json: - schema: - allOf: - - $ref: '#/components/schemas/ApiResponse' - - type: object - properties: - data: - $ref: '#/components/schemas/AllItemsResponseSyscollectorProcesses' - example: - data: - affected_items: - - scan: - id: 28643647 - time: '2020-04-15T11:02:07Z' - name: bash - suser: root - nlwp: 1 - pgrp: 1 - state: S - session: 1 - utime: 23 - egroup: root - ruser: root - argvs: "/scripts/entrypoint.sh,wazuh-master,master-node,master" - size: 4593 - euser: root - processor: 3 - resident: 793 - tty: 0 - nice: 0 - pid: '1' - vm_size: 18372 - sgroup: root - rgroup: root - fgroup: root - start_time: 1093372 - tgid: 1 - stime: 1 - ppid: 0 - share: 726 - priority: 20 - cmd: bash - agent_id: '000' - - scan: - id: 28643647 - time: '2020-04-15T11:02:07Z' - name: ossec-control - suser: root - nlwp: 1 - pgrp: 1 - state: S - session: 1 - utime: 0 - egroup: root - ruser: root - argvs: "/var/ossec/bin/ossec-control,restart" - size: 1156 - euser: root - processor: 6 - resident: 457 - tty: 0 - nice: 0 - pid: '15' - vm_size: 4624 - sgroup: root - rgroup: root - fgroup: root - start_time: 1093547 - tgid: 15 - stime: 3 - ppid: 1 - share: 417 - priority: 20 - cmd: "/bin/sh" - agent_id: '000' - total_affected_items: 2 - total_failed_items: 0 - failed_items: [] - message: "All specified syscollector information was returned" - error: 0 - '400': - $ref: '#/components/responses/ResponseError' - '401': - $ref: '#/components/responses/UnauthorizedResponse' - '403': - $ref: '#/components/responses/PermissionDeniedResponse' - '405': - $ref: '#/components/responses/InvalidHTTPMethodResponse' - '429': - $ref: '#/components/responses/TooManyRequestsResponse' - - /experimental/syscollector/hotfixes: - get: - tags: - - Experimental - summary: "Get agents hotfixes" - description: "Return all agents (or a list of them) hotfixes info" - operationId: api.controllers.experimental_controller.get_hotfixes_info - x-rbac-actions: - - $ref: '#/x-rbac-catalog/actions/syscollector:read' - parameters: - - $ref: '#/components/parameters/pretty' - - $ref: '#/components/parameters/wait_for_complete' - - $ref: '#/components/parameters/agents_list' - - $ref: '#/components/parameters/offset' - - $ref: '#/components/parameters/limit' - - $ref: '#/components/parameters/sort' - - $ref: '#/components/parameters/search' - - $ref: '#/components/parameters/select' - - $ref: '#/components/parameters/hotfix' - responses: - '200': - description: "Return a list of agent's hotfix results" - content: - application/json: - schema: - allOf: - - $ref: '#/components/schemas/ApiResponse' - - type: object - properties: - data: - $ref: '#/components/schemas/AllItemsResponseSyscollectorHotfixes' - example: - data: - affected_items: - - hotfix: 'KB2978691' - scan: - id: 1708048540 - time: '2019-10-30T16:09:35Z' - - hotfix: 'KC2978693' - scan: - id: 1708048541 - time: '2019-10-30T16:19:39Z' - failed_items: [] - total_affected_items: 2 - total_failed_items: 0 - message: "All specified syscollector information was returned" - error: 0 - '400': - $ref: '#/components/responses/ResponseError' - '401': - $ref: '#/components/responses/UnauthorizedResponse' - '403': - $ref: '#/components/responses/PermissionDeniedResponse' - '405': - $ref: '#/components/responses/InvalidHTTPMethodResponse' - '429': - $ref: '#/components/responses/TooManyRequestsResponse' - - /syscollector/{agent_id}/hardware: - get: - tags: - - Syscollector - summary: "Get agent hardware" - description: "Return the agent's hardware info. This information include cpu, ram, scan info among others" - operationId: api.controllers.syscollector_controller.get_hardware_info - x-rbac-actions: - - $ref: '#/x-rbac-catalog/actions/syscollector:read' - parameters: - - $ref: '#/components/parameters/pretty' - - $ref: '#/components/parameters/wait_for_complete' - - $ref: '#/components/parameters/agent_id' - - $ref: '#/components/parameters/select' - responses: - '200': - description: "Return a list of agent's hardware results" - content: - application/json: - schema: - allOf: - - $ref: '#/components/schemas/ApiResponse' - - type: object - properties: - data: - $ref: '#/components/schemas/AllItemsResponseSyscollectorHardware' - example: - data: - affected_items: - - inode: 15952431 - local: - ip: 127.0.0.11 - port: 45363 - protocol: tcp - remote: - ip: 0.0.0.0 - port: 0 - rx_queue: 0 - scan: - id: 1708048540 - time: '2019-10-30T16:09:35Z' - state: listening - tx_queue: 0 - total_affected_items: 1 - failed_items: [] - total_failed_items: 0 - message: "All specified syscollector information was returned" - error: 0 - '400': - $ref: '#/components/responses/ResponseError' - '401': - $ref: '#/components/responses/UnauthorizedResponse' - '403': - $ref: '#/components/responses/PermissionDeniedResponse' - '405': - $ref: '#/components/responses/InvalidHTTPMethodResponse' - '429': - $ref: '#/components/responses/TooManyRequestsResponse' - - /syscollector/{agent_id}/hotfixes: - get: - tags: - - Syscollector - summary: "Get agent hotfixes" - description: "Return all hotfixes installed by Microsoft(R) in Windows(R) systems (KB... fixes)" - operationId: api.controllers.syscollector_controller.get_hotfix_info - x-rbac-actions: - - $ref: '#/x-rbac-catalog/actions/syscollector:read' - parameters: - - $ref: '#/components/parameters/agent_id' - - $ref: '#/components/parameters/pretty' - - $ref: '#/components/parameters/wait_for_complete' - - $ref: '#/components/parameters/offset' - - $ref: '#/components/parameters/limit' - - $ref: '#/components/parameters/sort' - - $ref: '#/components/parameters/search' - - $ref: '#/components/parameters/select' - - $ref: '#/components/parameters/hotfix' - - $ref: '#/components/parameters/query' - responses: - '200': - description: "Return an agent's hotfix results" - content: - application/json: - schema: - allOf: - - $ref: '#/components/schemas/ApiResponse' - - type: object - properties: - data: - $ref: '#/components/schemas/AllItemsResponseSyscollectorHotfixes' - example: - data: - affected_items: - - hotfix: 'KB2978691' - scan: - id: 1708048540 - time: '2019-10-30T16:09:35Z' - total_affected_items: 1 - failed_items: [] - total_failed_items: 0 - message: "All specified syscollector information was returned" - error: 0 - '400': - $ref: '#/components/responses/ResponseError' - '401': - $ref: '#/components/responses/UnauthorizedResponse' - '403': - $ref: '#/components/responses/PermissionDeniedResponse' - '405': - $ref: '#/components/responses/InvalidHTTPMethodResponse' - '429': - $ref: '#/components/responses/TooManyRequestsResponse' - - /syscollector/{agent_id}/netaddr: - get: - tags: - - Syscollector - summary: "Get agent netaddr" - description: "Return the agent's network address info. This information include used IP protocol, interface, IP - address among others" - operationId: api.controllers.syscollector_controller.get_network_address_info - x-rbac-actions: - - $ref: '#/x-rbac-catalog/actions/syscollector:read' - parameters: - - $ref: '#/components/parameters/pretty' - - $ref: '#/components/parameters/wait_for_complete' - - $ref: '#/components/parameters/agent_id' - - $ref: '#/components/parameters/offset' - - $ref: '#/components/parameters/limit' - - $ref: '#/components/parameters/sort' - - $ref: '#/components/parameters/search' - - $ref: '#/components/parameters/select' - - $ref: '#/components/parameters/iface' - - $ref: '#/components/parameters/proto' - - $ref: '#/components/parameters/address' - - $ref: '#/components/parameters/broadcast' - - $ref: '#/components/parameters/netmask' - - $ref: '#/components/parameters/query' - responses: - '200': - description: "Return a list of agent's network results" - content: - application/json: - schema: - allOf: - - $ref: '#/components/schemas/ApiResponse' - - type: object - properties: - data: - $ref: '#/components/schemas/AllItemsResponseSyscollectorNetwork' - example: - data: - affected_items: - - address: 172.26.0.7 - broadcast: 172.26.255.255 - iface: eth0 - netmask: 255.255.0.0 - proto: ipv4 - scan: - id: 476539860 - total_affected_items: 1 - failed_items: [] - total_failed_items: 0 - message: "All specified syscollector information was returned" - error: 0 - '400': - $ref: '#/components/responses/ResponseError' - '401': - $ref: '#/components/responses/UnauthorizedResponse' - '403': - $ref: '#/components/responses/PermissionDeniedResponse' - '405': - $ref: '#/components/responses/InvalidHTTPMethodResponse' - '429': - $ref: '#/components/responses/TooManyRequestsResponse' - - /syscollector/{agent_id}/netiface: - get: - tags: - - Syscollector - summary: "Get agent netiface" - description: "Return the agent's network interface info. This information include rx, scan, tx info and some - network information among others" - operationId: api.controllers.syscollector_controller.get_network_interface_info - x-rbac-actions: - - $ref: '#/x-rbac-catalog/actions/syscollector:read' - parameters: - - $ref: '#/components/parameters/pretty' - - $ref: '#/components/parameters/wait_for_complete' - - $ref: '#/components/parameters/agent_id' - - $ref: '#/components/parameters/offset' - - $ref: '#/components/parameters/limit' - - $ref: '#/components/parameters/sort' - - $ref: '#/components/parameters/search' - - $ref: '#/components/parameters/select' - - $ref: '#/components/parameters/name' - - $ref: '#/components/parameters/adapter' - - $ref: '#/components/parameters/typesys' - - $ref: '#/components/parameters/state' - - $ref: '#/components/parameters/mtu' - - $ref: '#/components/parameters/tx.packets' - - $ref: '#/components/parameters/rx.packets' - - $ref: '#/components/parameters/tx.bytes' - - $ref: '#/components/parameters/rx.bytes' - - $ref: '#/components/parameters/tx.errors' - - $ref: '#/components/parameters/rx.errors' - - $ref: '#/components/parameters/tx.dropped' - - $ref: '#/components/parameters/rx.dropped' - - $ref: '#/components/parameters/query' - responses: - '200': - description: "Return a list of agent's network interfaces results" - content: - application/json: - schema: - allOf: - - $ref: '#/components/schemas/ApiResponse' - - type: object - properties: - data: - $ref: '#/components/schemas/AllItemsResponseSyscollectorInterface' - example: - data: - affected_items: - - rx: - bytes: 7774 - dropped: 0 - errors: 0 - packets: 59 - scan: - id: 1248412797 - time: '2020-04-15T11:02:03Z' - tx: - bytes: 211 - dropped: 0 - errors: 0 - packets: 4 - name: eth0 - state: up - type: ethernet - mac: 02:42:ac:18:00:02 - mtu: 1500 - agent_id: '000' - total_affected_items: 1 - failed_items: [] - total_failed_items: 0 - message: "All specified syscollector information was returned" - error: 0 - '400': - $ref: '#/components/responses/ResponseError' - '401': - $ref: '#/components/responses/UnauthorizedResponse' - '403': - $ref: '#/components/responses/PermissionDeniedResponse' - '405': - $ref: '#/components/responses/InvalidHTTPMethodResponse' - '429': - $ref: '#/components/responses/TooManyRequestsResponse' - - /syscollector/{agent_id}/netproto: - get: - tags: - - Syscollector - summary: "Get agent netproto" - description: "Return the agent's routing configuration for each network interface" - operationId: api.controllers.syscollector_controller.get_network_protocol_info - x-rbac-actions: - - $ref: '#/x-rbac-catalog/actions/syscollector:read' - parameters: - - $ref: '#/components/parameters/pretty' - - $ref: '#/components/parameters/wait_for_complete' - - $ref: '#/components/parameters/agent_id' - - $ref: '#/components/parameters/offset' - - $ref: '#/components/parameters/limit' - - $ref: '#/components/parameters/sort' - - $ref: '#/components/parameters/search' - - $ref: '#/components/parameters/select' - - $ref: '#/components/parameters/iface' - - $ref: '#/components/parameters/type_syscollector' - - $ref: '#/components/parameters/gateway' - - $ref: '#/components/parameters/dhcp' - - $ref: '#/components/parameters/query' - responses: - '200': - description: "Return a list of agent's network protocol results" - content: - application/json: - schema: - allOf: - - $ref: '#/components/schemas/ApiResponse' - - type: object - properties: - data: - $ref: '#/components/schemas/AllItemsResponseSyscollectorProtocol' - example: - data: - affected_items: - - scan: - id: 1248412797 - iface: eth0 - type: ipv4 - gateway: 172.24.0.1 - dhcp: "enabled" - agent_id: '000' - total_affected_items: 1 - failed_items: [] - total_failed_items: 0 - message: "All specified syscollector information was returned" - error: 0 - '400': - $ref: '#/components/responses/ResponseError' - '401': - $ref: '#/components/responses/UnauthorizedResponse' - '403': - $ref: '#/components/responses/PermissionDeniedResponse' - '405': - $ref: '#/components/responses/InvalidHTTPMethodResponse' - '429': - $ref: '#/components/responses/TooManyRequestsResponse' - - /syscollector/{agent_id}/os: - get: - tags: - - Syscollector - summary: "Get agent OS" - description: "Return the agent's OS info. This information include os information, architecture information among - others of all agents" - operationId: api.controllers.syscollector_controller.get_os_info - x-rbac-actions: - - $ref: '#/x-rbac-catalog/actions/syscollector:read' - parameters: - - $ref: '#/components/parameters/pretty' - - $ref: '#/components/parameters/wait_for_complete' - - $ref: '#/components/parameters/agent_id' - - $ref: '#/components/parameters/select' - responses: - '200': - description: "Return a list of agent's OS results" - content: - application/json: - schema: - allOf: - - $ref: '#/components/schemas/ApiResponse' - - type: object - properties: - data: - $ref: '#/components/schemas/AllItemsResponseSyscollectorOS' - example: - data: - affected_items: - - os: - codename: Bionic Beaver - major: '18' - minor: '04' - name: Ubuntu - platform: ubuntu - version: 18.04.4 LTS (Bionic Beaver) - scan: - id: 496386874 - time: '2020-04-15T11:02:03Z' - sysname: Linux - hostname: wazuh-master - version: "#34~1584408018~19.10~21df4b1-Ubuntu SMP Tue Mar 17 13:38:51 UTC " - release: 5.3.0-7642-generic - architecture: x86_64 - agent_id: '000' - total_affected_items: 1 - failed_items: [] - total_failed_items: 0 - message: "All specified syscollector information was returned" - error: 0 - '400': - $ref: '#/components/responses/ResponseError' - '401': - $ref: '#/components/responses/UnauthorizedResponse' - '403': - $ref: '#/components/responses/PermissionDeniedResponse' - '405': - $ref: '#/components/responses/InvalidHTTPMethodResponse' - '429': - $ref: '#/components/responses/TooManyRequestsResponse' - - /syscollector/{agent_id}/packages: - get: - tags: - - Syscollector - summary: "Get agent packages" - description: "Return the agent's packages info. This information include name, section, size, priority - information of all packages among others" - operationId: api.controllers.syscollector_controller.get_packages_info - x-rbac-actions: - - $ref: '#/x-rbac-catalog/actions/syscollector:read' - parameters: - - $ref: '#/components/parameters/pretty' - - $ref: '#/components/parameters/wait_for_complete' - - $ref: '#/components/parameters/agent_id' - - $ref: '#/components/parameters/offset' - - $ref: '#/components/parameters/limit' - - $ref: '#/components/parameters/sort' - - $ref: '#/components/parameters/search' - - $ref: '#/components/parameters/select' - - $ref: '#/components/parameters/vendor' - - $ref: '#/components/parameters/name' - - $ref: '#/components/parameters/architecture' - - $ref: '#/components/parameters/file_format' - - $ref: '#/components/parameters/package_version' - - $ref: '#/components/parameters/query' - responses: - '200': - description: "Return a list of agent's packages results" - content: - application/json: - schema: - allOf: - - $ref: '#/components/schemas/ApiResponse' - - type: object - properties: - data: - $ref: '#/components/schemas/AllItemsResponseSyscollectorPackages' - example: - data: - affected_items: - - scan: - id: 1137251326 - time: '2020-04-15T11:02:03Z' - name: libquadmath0 - size: 269 - version: 8.4.0-1ubuntu1~18.04 - source: gcc-8 - format: deb - section: libs - architecture: amd64 - multiarch: same - description: GCC Quad-Precision Math Library - priority: optional - vendor: Ubuntu Core developers - agent_id: '000' - - scan: - id: 1137251326 - time: '2020-04-15T11:02:03Z' - name: libnpth0 - size: 32 - version: 1.5-3 - source: npth - format: deb - section: libs - architecture: amd64 - multiarch: same - description: replacement for GNU Pth using system threads - priority: optional - vendor: Ubuntu Developers - agent_id: '000' - - scan: - id: 1137251326 - time: '2020-04-15T11:02:03Z' - name: fdisk - size: 427 - version: 2.31.1-0.4ubuntu3.5 - source: util-linux - format: deb - section: utils - architecture: amd64 - multiarch: foreign - description: collection of partitioning utilities - priority: important - vendor: Ubuntu Developers - agent_id: '000' - total_affected_items: 3 - failed_items: [] - total_failed_items: 0 - message: "All specified syscollector information was returned" - error: 0 - '400': - $ref: '#/components/responses/ResponseError' - '401': - $ref: '#/components/responses/UnauthorizedResponse' - '403': - $ref: '#/components/responses/PermissionDeniedResponse' - '405': - $ref: '#/components/responses/InvalidHTTPMethodResponse' - '429': - $ref: '#/components/responses/TooManyRequestsResponse' - - /syscollector/{agent_id}/ports: - get: - tags: - - Syscollector - summary: "Get agent ports" - description: "Return the agent's ports info. This information include local IP, Remote IP, protocol information - among others" - operationId: api.controllers.syscollector_controller.get_ports_info - x-rbac-actions: - - $ref: '#/x-rbac-catalog/actions/syscollector:read' - parameters: - - $ref: '#/components/parameters/pretty' - - $ref: '#/components/parameters/wait_for_complete' - - $ref: '#/components/parameters/agent_id' - - $ref: '#/components/parameters/offset' - - $ref: '#/components/parameters/limit' - - $ref: '#/components/parameters/sort' - - $ref: '#/components/parameters/search' - - $ref: '#/components/parameters/select' - - $ref: '#/components/parameters/pid' - - $ref: '#/components/parameters/protocol' - - $ref: '#/components/parameters/local.ip' - - $ref: '#/components/parameters/local.port' - - $ref: '#/components/parameters/remote.ip' - - $ref: '#/components/parameters/tx_queue' - - $ref: '#/components/parameters/state' - - $ref: '#/components/parameters/process' - - $ref: '#/components/parameters/query' - responses: - '200': - description: "Return a list of agent's packages results" - content: - application/json: - schema: - allOf: - - $ref: '#/components/schemas/ApiResponse' - - type: object - properties: - data: - $ref: '#/components/schemas/AllItemsResponseSyscollectorPorts' - example: - data: - affected_items: - - local: - ip: 127.0.0.11 - port: 46841 - remote: - ip: 0.0.0.0 - port: 0 - scan: - id: 315935312 - time: '2020-04-15T11:02:07Z' - rx_queue: 0 - state: listening - protocol: tcp - inode: 12387152 - tx_queue: 0 - agent_id: '000' - - local: - ip: 0.0.0.0 - port: 1514 - remote: - ip: 0.0.0.0 - port: 0 - scan: - id: 315935312 - time: '2020-04-15T11:02:07Z' - rx_queue: 0 - state: listening - protocol: tcp - inode: 12397927 - tx_queue: 0 - agent_id: '000' - - local: - ip: 0.0.0.0 - port: 1515 - remote: - ip: 0.0.0.0 - port: 0 - scan: - id: 315935312 - time: '2020-04-15T11:02:07Z' - rx_queue: 0 - state: listening - protocol: tcp - inode: 12397153 - tx_queue: 0 - agent_id: '000' - total_affected_items: 3 - failed_items: [] - total_failed_items: 0 - message: "All specified syscollector information was returned" - error: 0 - '400': - $ref: '#/components/responses/ResponseError' - '401': - $ref: '#/components/responses/UnauthorizedResponse' - '403': - $ref: '#/components/responses/PermissionDeniedResponse' - '405': - $ref: '#/components/responses/InvalidHTTPMethodResponse' - '429': - $ref: '#/components/responses/TooManyRequestsResponse' - - /syscollector/{agent_id}/processes: - get: - tags: - - Syscollector - summary: "Get agent processes" - description: "Return the agent's processes info" - operationId: api.controllers.syscollector_controller.get_processes_info - x-rbac-actions: - - $ref: '#/x-rbac-catalog/actions/syscollector:read' - parameters: - - $ref: '#/components/parameters/pretty' - - $ref: '#/components/parameters/wait_for_complete' - - $ref: '#/components/parameters/agent_id' - - $ref: '#/components/parameters/offset' - - $ref: '#/components/parameters/limit' - - $ref: '#/components/parameters/sort' - - $ref: '#/components/parameters/search' - - $ref: '#/components/parameters/select' - - $ref: '#/components/parameters/process_pid' - - $ref: '#/components/parameters/process_state' - - $ref: '#/components/parameters/ppid' - - $ref: '#/components/parameters/egroup' - - $ref: '#/components/parameters/euser' - - $ref: '#/components/parameters/fgroup' - - $ref: '#/components/parameters/process_name' - - $ref: '#/components/parameters/nlwp' - - $ref: '#/components/parameters/pgrp' - - $ref: '#/components/parameters/priority' - - $ref: '#/components/parameters/rgroup' - - $ref: '#/components/parameters/ruser' - - $ref: '#/components/parameters/sgroup' - - $ref: '#/components/parameters/suser' - - $ref: '#/components/parameters/query' - responses: - '200': - description: "Return a list of agent's processes results" - content: - application/json: - schema: - allOf: - - $ref: '#/components/schemas/ApiResponse' - - type: object - properties: - data: - $ref: '#/components/schemas/AllItemsResponseSyscollectorProcesses' - example: - data: - affected_items: - - scan: - id: 28643647 - time: '2020-04-15T11:02:07Z' - name: bash - suser: root - nlwp: 1 - pgrp: 1 - state: S - session: 1 - utime: 23 - egroup: root - ruser: root - argvs: "/scripts/entrypoint.sh,wazuh-master,master-node,master" - size: 4593 - euser: root - processor: 3 - resident: 793 - tty: 0 - nice: 0 - pid: '1' - vm_size: 18372 - sgroup: root - rgroup: root - fgroup: root - start_time: 1093372 - tgid: 1 - stime: 1 - ppid: 0 - share: 726 - priority: 20 - cmd: bash - agent_id: '000' - - scan: - id: 28643647 - time: '2020-04-15T11:02:07Z' - name: ossec-control - suser: root - nlwp: 1 - pgrp: 1 - state: S - session: 1 - utime: 0 - egroup: root - ruser: root - argvs: "/var/ossec/bin/ossec-control,restart" - size: 1156 - euser: root - processor: 6 - resident: 457 - tty: 0 - nice: 0 - pid: '15' - vm_size: 4624 - sgroup: root - rgroup: root - fgroup: root - start_time: 1093547 - tgid: 15 - stime: 3 - ppid: 1 - share: 417 - priority: 20 - cmd: "/bin/sh" - agent_id: '000' - total_affected_items: 2 - failed_items: [] - total_failed_items: 0 - message: "All specified syscollector information was returned" - error: 0 - '400': - $ref: '#/components/responses/ResponseError' - '401': - $ref: '#/components/responses/UnauthorizedResponse' - '403': - $ref: '#/components/responses/PermissionDeniedResponse' - '405': - $ref: '#/components/responses/InvalidHTTPMethodResponse' - '429': - $ref: '#/components/responses/TooManyRequestsResponse' - - /security/user/authenticate: - get: - tags: - - Security - summary: "Login" - description: "This method should be called to get an API token. This token will expire after - auth_token_exp_timeout seconds (default: 900). This value can be changed using PUT /security/config" - operationId: api.controllers.security_controller.login_user - parameters: - - $ref: '#/components/parameters/raw' - security: - - basicAuth: [] - responses: - '200': - description: "Login successful" - content: - application/json: - schema: - allOf: - - $ref: '#/components/schemas/ApiResponse' - - type: object - properties: - data: - $ref: '#/components/schemas/Token' - example: - token: "" - text/plain: - schema: - type: string - example: "" - '400': - $ref: '#/components/responses/ResponseError' - '401': - $ref: '#/components/responses/InvalidCredentialsResponse' - '403': - $ref: '#/components/responses/PermissionDeniedResponse' - '405': - $ref: '#/components/responses/InvalidHTTPMethodResponse' - '429': - $ref: '#/components/responses/TooManyRequestsResponse' - - delete: - tags: - - Security - summary: "Logout current user" - description: "This method should be called to invalidate all the current user's tokens" - operationId: api.controllers.security_controller.logout_user - responses: - '200': - description: "Logout successful" - content: - application/json: - schema: - $ref: '#/components/schemas/ApiResponse' - example: - message: "User wazuh was successfully logged out" - error: 0 - '400': - $ref: '#/components/responses/ResponseError' - '401': - $ref: '#/components/responses/UnauthorizedResponse' - '403': - $ref: '#/components/responses/PermissionDeniedResponse' - '405': - $ref: '#/components/responses/InvalidHTTPMethodResponse' - '429': - $ref: '#/components/responses/TooManyRequestsResponse' - - /security/user/authenticate/run_as: - post: - tags: - - Security - summary: "Login auth_context" - description: "This method should be called to get an API token using an authorization context body. This token - will expire after auth_token_exp_timeout seconds (default: 900). This value can be changed using PUT - /security/config" - operationId: api.controllers.security_controller.login_user_run_as - parameters: - - $ref: '#/components/parameters/raw' - security: - - basicAuth: [] - requestBody: - content: - application/json: - schema: - type: object - responses: - '200': - description: "Login successful" - content: - application/json: - schema: - type: object - properties: - token: - type: string - example: - token: "" - '400': - $ref: '#/components/responses/ResponseError' - '401': - $ref: '#/components/responses/InvalidCredentialsResponse' - '403': - $ref: '#/components/responses/PermissionDeniedResponse' - '405': - $ref: '#/components/responses/InvalidHTTPMethodResponse' - '429': - $ref: '#/components/responses/TooManyRequestsResponse' - - /security/users/me: - get: - tags: - - Security - summary: "Get current user info" - description: "Get the information of the current user" - operationId: api.controllers.security_controller.get_user_me - parameters: - - $ref: '#/components/parameters/pretty' - - $ref: '#/components/parameters/wait_for_complete' - responses: - '200': - description: "Information about current user" - content: - application/json: - schema: - allOf: - - $ref: '#/components/schemas/ApiResponse' - - type: object - properties: - data: - $ref: '#/components/schemas/AllItemsResponseUsers' - example: - data: - affected_items: - - id: 1 - username: wazuh - allow_run_as: true - roles: - - id: 1 - name: administrator - rule: - FIND: - r'^auth[a-zA-Z]+$': - - full_admin - policies: - - id: 1 - name: agents_all_resourceless - policy: - actions: - - agent:create - - group:create - resources: - - "*:*:*" - effect: allow - - id: 2 - name: agents_all_agents - policy: - actions: - - agent:read - - agent:delete - - agent:modify_group - - agent:restart - - agent:upgrade - resources: - - agent:id:* - - agent:group:* - effect: allow - total_affected_items: 1 - total_failed_items: 0 - failed_items: [] - message: "Current user information was returned" - error: 0 - '400': - $ref: '#/components/responses/ResponseError' - '401': - $ref: '#/components/responses/UnauthorizedResponse' - '403': - $ref: '#/components/responses/PermissionDeniedResponse' - '405': - $ref: '#/components/responses/InvalidHTTPMethodResponse' - '429': - $ref: '#/components/responses/TooManyRequestsResponse' - - /security/users/me/policies: - get: - tags: - - Security - summary: "Get current user processed policies" - description: "Get the processed policies information for the current user" - operationId: api.controllers.security_controller.get_user_me_policies - parameters: - - $ref: '#/components/parameters/pretty' - responses: - '200': - description: "Information about current user processed policies" - content: - application/json: - schema: - $ref: "#/components/schemas/ApiResponse" - example: - data: - syscheck:run: - agent:id:*: allow - syscollector:read: - agent:id:*: allow - rbac_mode: black - message: "Current user processed policies information was returned" - error: 0 - '400': - $ref: '#/components/responses/ResponseError' - '401': - $ref: '#/components/responses/UnauthorizedResponse' - '405': - $ref: '#/components/responses/InvalidHTTPMethodResponse' - '429': - $ref: '#/components/responses/TooManyRequestsResponse' - - /security/user/revoke: - put: - tags: - - Security - summary: "Revoke JWT tokens" - description: "This method should be called to revoke all active JWT tokens" - operationId: api.controllers.security_controller.revoke_all_tokens - responses: - '200': - description: "Tokens were successfully revoked" - content: - application/json: - schema: - type: object - example: - message: "Tokens were successfully revoked" - error: 0 - '400': - $ref: '#/components/responses/ResponseError' - '401': - $ref: '#/components/responses/UnauthorizedResponse' - '403': - $ref: '#/components/responses/PermissionDeniedResponse' - '405': - $ref: '#/components/responses/InvalidHTTPMethodResponse' - '429': - $ref: '#/components/responses/TooManyRequestsResponse' - - /security/actions: - get: - tags: - - Security - summary: 'List RBAC actions' - description: 'Get all RBAC actions, including the potential related resources and endpoints.' - operationId: api.controllers.security_controller.get_rbac_actions - parameters: - - $ref: '#/components/parameters/endpoint' - - $ref: '#/components/parameters/pretty' - responses: - '200': - description: "Return a list of RBAC actions" - content: - application/json: - schema: - allOf: - - $ref: '#/components/schemas/ApiResponse' - - type: object - example: - active-response:command: - description: Allow to execute active response commands in the agents - resources: - - "agent:id" - example: - actions: - - active-response:command - resources: - - agent:id:001 - effect: allow - related_endpoints: - - PUT /active-response - agent:create: - description: Create new agents - resources: - - "*:*" - example: - actions: - - agent:create - resources: - - "*:*:*" - effect: allow - related_endpoints: - - POST /agents - - POST /agents/insert - - POST /agents/insert/quick - '400': - $ref: '#/components/responses/ResponseError' - '401': - $ref: '#/components/responses/UnauthorizedResponse' - '403': - $ref: '#/components/responses/PermissionDeniedResponse' - '405': - $ref: '#/components/responses/InvalidHTTPMethodResponse' - '429': - $ref: '#/components/responses/TooManyRequestsResponse' - - /security/resources: - get: - tags: - - Security - summary: 'List RBAC resources' - description: 'This method should be called to get all current defined RBAC resources.' - operationId: api.controllers.security_controller.get_rbac_resources - parameters: - - $ref: '#/components/parameters/resource_list' - - $ref: '#/components/parameters/pretty' - responses: - '200': - description: "Return all RBAC resources" - content: - application/json: - schema: - allOf: - - $ref: '#/components/schemas/ApiResponse' - - type: object - example: - "*:*": - description: "Resource applied in functions acting on resources that do not yet exist in the system. - We call these functions, resourceless functions" - 'agent:group': - description: "Reference agents via group name (i.e. agent:group:web)" - agent:id: - description: 'Reference agents via agent ID (i.e. agent:id:001)' - group:id: - description: 'Reference agent groups via group ID (i.e. group:id:default)' - node:id: - description: 'Reference cluster node via node ID (i.e. node:id:worker1)' - file:path: - description: 'Reference file via its path (i.e. file:path:etc/rules/new_rule.xml)' - decoder:file: - description: 'Reference decoder file via its path (i.e. decoder:file:0005-wazuh_decoders.xml)' - list:path: - description: 'Reference list file via its path (i.e. list:path:etc/lists/audit-keys)' - rule:file: - description: 'Reference rule file via its path (i.e. rule:file:0610-win-ms_logs_rules.xml)' - policy:id: - description: 'Reference security policy via its id (i.e. policy:id:1)' - role:id: - description: 'Reference security role via its id (i.e. role:id:1)' - user:id: - description: 'Reference security user via its id (i.e. user:id:1)' - '400': - $ref: '#/components/responses/ResponseError' - '401': - $ref: '#/components/responses/UnauthorizedResponse' - '403': - $ref: '#/components/responses/PermissionDeniedResponse' - '405': - $ref: '#/components/responses/InvalidHTTPMethodResponse' - '429': - $ref: '#/components/responses/TooManyRequestsResponse' - - /security/users: - get: - tags: - - Security - summary: "List users" - description: "Get the information of a specified user" - operationId: api.controllers.security_controller.get_users - x-rbac-actions: - - $ref: '#/x-rbac-catalog/actions/security:read' - parameters: - - $ref: '#/components/parameters/user_ids' - - $ref: '#/components/parameters/limit' - - $ref: '#/components/parameters/offset' - - $ref: '#/components/parameters/pretty' - - $ref: '#/components/parameters/search' - - $ref: '#/components/parameters/sort' - - $ref: '#/components/parameters/wait_for_complete' - responses: - '200': - description: "Information about user" - content: - application/json: - schema: - allOf: - - $ref: '#/components/schemas/ApiResponse' - - type: object - properties: - data: - $ref: '#/components/schemas/AllItemsResponseUsers' - example: - data: - affected_items: - - id: 3 - username: administrator - allow_run_as: true - roles: - - 2 - - id: 4 - username: guest - allow_run_as: false - roles: [] - - id: 5 - username: normal - allow_run_as: false - roles: - - 4 - - 5 - - 6 - - id: 6 - username: ossec - allow_run_as: true - roles: - - 2 - - 5 - - username: python - allow_run_as: true - roles: [] - - id: 7 - username: rbac - allow_run_as: false - roles: - - 3 - - 4 - - 5 - - id: 1 - username: wazuh - allow_run_as: true - roles: - - 1 - - id: 2 - username: wazuh-wui - allow_run_as: true - roles: [] - failed_items: [] - total_affected_items: 8 - total_failed_items: 0 - message: "All specified users were returned" - error: 0 - '400': - $ref: '#/components/responses/ResponseError' - '401': - $ref: '#/components/responses/UnauthorizedResponse' - '403': - $ref: '#/components/responses/PermissionDeniedResponse' - '405': - $ref: '#/components/responses/InvalidHTTPMethodResponse' - '429': - $ref: '#/components/responses/TooManyRequestsResponse' - - post: - tags: - - Security - summary: "Add user" - description: "Add a new API user to the system" - operationId: api.controllers.security_controller.create_user - x-rbac-actions: - - $ref: '#/x-rbac-catalog/actions/security:create_user' - parameters: - - $ref: '#/components/parameters/pretty' - - $ref: '#/components/parameters/wait_for_complete' - requestBody: - content: - application/json: - schema: - type: object - properties: - username: - type: string - minLength: 4 - maxLength: 64 - format: names - password: - type: string - format: password - allow_run_as: - type: boolean - default: False - required: - - username - - password - responses: - '200': - description: "User created successfully" - content: - application/json: - schema: - allOf: - - $ref: '#/components/schemas/ApiResponse' - - type: object - properties: - data: - $ref: '#/components/schemas/AllItemsResponseUsers' - example: - data: - affected_items: - - roles: [] - username: wazuh1 - failed_items: [] - total_affected_items: 1 - total_failed_items: 0 - message: "User was successfully created" - error: 0 - '400': - $ref: '#/components/responses/ResponseError' - '401': - $ref: '#/components/responses/UnauthorizedResponse' - '405': - $ref: '#/components/responses/InvalidHTTPMethodResponse' - '406': - $ref: '#/components/responses/WrongContentTypeResponse' - '429': - $ref: '#/components/responses/TooManyRequestsResponse' - - delete: - tags: - - Security - summary: "Delete users" - description: "Delete a list of users by specifying their IDs" - operationId: api.controllers.security_controller.delete_users - x-rbac-actions: - - $ref: '#/x-rbac-catalog/actions/security:delete' - parameters: - - $ref: '#/components/parameters/user_ids_delete' - - $ref: '#/components/parameters/pretty' - - $ref: '#/components/parameters/wait_for_complete' - responses: - '200': - description: "User deleted successful" - content: - application/json: - schema: - allOf: - - $ref: '#/components/schemas/ApiResponse' - - type: object - properties: - data: - $ref: '#/components/schemas/AllItemsResponseUsers' - example: - data: - affected_items: - - id: 100 - username: new_user - allow_run_as: false - roles: [] - - id: 102 - username: another_user - allow_run_as: true - roles: - - 6 - total_affected_items: 2 - failed_items: [] - total_failed_items: 0 - message: "Users were successfully deleted" - error: 0 - '400': - $ref: '#/components/responses/ResponseError' - '401': - $ref: '#/components/responses/UnauthorizedResponse' - '405': - $ref: '#/components/responses/InvalidHTTPMethodResponse' - '406': - $ref: '#/components/responses/WrongContentTypeResponse' - '429': - $ref: '#/components/responses/TooManyRequestsResponse' - - /security/users/{user_id}: - put: - tags: - - Security - summary: "Update users" - description: "Modify a user's password by specifying their ID" - operationId: api.controllers.security_controller.update_user - x-rbac-actions: - - $ref: '#/x-rbac-catalog/actions/security:update' - parameters: - - $ref: '#/components/parameters/user_id_required' - - $ref: '#/components/parameters/pretty' - - $ref: '#/components/parameters/wait_for_complete' - requestBody: - content: - application/json: - schema: - type: object - properties: - password: - type: string - format: password - allow_run_as: - type: boolean - default: False - responses: - '200': - description: "User updated successful" - content: - application/json: - schema: - allOf: - - $ref: '#/components/schemas/ApiResponse' - - type: object - properties: - data: - $ref: '#/components/schemas/AllItemsResponseUsers' - example: - data: - affected_items: - - id: 100 - username: wazuh-test - allow_run_as: false - roles: - - 2 - total_affected_items: 1 - failed_items: [] - total_failed_items: 0 - message: "User was successfully updated" - error: 0 - '400': - $ref: '#/components/responses/ResponseError' - '401': - $ref: '#/components/responses/UnauthorizedResponse' - '405': - $ref: '#/components/responses/InvalidHTTPMethodResponse' - '406': - $ref: '#/components/responses/WrongContentTypeResponse' - '429': - $ref: '#/components/responses/TooManyRequestsResponse' - - /security/roles: - get: - tags: - - Security - summary: "List roles" - description: "For a specific list, indicate the ids separated by commas. Example: ?role_ids=1,2,3" - operationId: api.controllers.security_controller.get_roles - x-rbac-actions: - - $ref: '#/x-rbac-catalog/actions/security:read' - parameters: - - $ref: '#/components/parameters/role_ids' - - $ref: '#/components/parameters/limit' - - $ref: '#/components/parameters/offset' - - $ref: '#/components/parameters/pretty' - - $ref: '#/components/parameters/search' - - $ref: '#/components/parameters/sort' - - $ref: '#/components/parameters/wait_for_complete' - responses: - '200': - description: "Return a list of roles" - content: - application/json: - schema: - allOf: - - $ref: '#/components/schemas/ApiResponse' - - type: object - properties: - data: - $ref: '#/components/schemas/AllItemsResponseRoles' - example: - data: - affected_items: - - id: 1 - name: 'administrator' - policies: - - 1 - users: - - 1 - rules: - - 1 - - id: 2 - name: 'normal_user' - policies: - - 4 - - 5 - users: - - 3 - rules: - - 3 - total_affected_items: 2 - message: "All specified roles were returned" - error: 0 - '400': - $ref: '#/components/responses/ResponseError' - '401': - $ref: '#/components/responses/UnauthorizedResponse' - '403': - $ref: '#/components/responses/PermissionDeniedResponse' - '405': - $ref: '#/components/responses/InvalidHTTPMethodResponse' - '429': - $ref: '#/components/responses/TooManyRequestsResponse' - - post: - tags: - - Security - summary: "Add role" - description: "Add a new role, all fields need to be specified" - operationId: api.controllers.security_controller.add_role - x-rbac-actions: - - $ref: '#/x-rbac-catalog/actions/security:create' - parameters: - - $ref: '#/components/parameters/pretty' - - $ref: '#/components/parameters/wait_for_complete' - requestBody: - content: - application/json: - schema: - $ref: '#/components/schemas/RolesRequest' - example: - name: "normal" - responses: - '200': - description: "Return the information of the new role" - content: - application/json: - schema: - allOf: - - $ref: '#/components/schemas/ApiResponse' - - type: object - properties: - data: - $ref: '#/components/schemas/AllItemsResponseRoles' - example: - data: - affected_items: - - id: 2 - name: normal_user - total_affected_items: 1 - message: "Role was successfully created" - error: 0 - '400': - $ref: '#/components/responses/ResponseError' - '401': - $ref: '#/components/responses/UnauthorizedResponse' - '403': - $ref: '#/components/responses/PermissionDeniedResponse' - '405': - $ref: '#/components/responses/InvalidHTTPMethodResponse' - '406': - $ref: '#/components/responses/WrongContentTypeResponse' - '413': - $ref: '#/components/responses/RequestTooLargeResponse' - '429': - $ref: '#/components/responses/TooManyRequestsResponse' - - delete: - tags: - - Security - summary: "Delete roles" - description: "Policies linked to roles are not going to be removed" - operationId: api.controllers.security_controller.remove_roles - x-rbac-actions: - - $ref: '#/x-rbac-catalog/actions/security:delete' - parameters: - - $ref: '#/components/parameters/role_ids_delete' - - $ref: '#/components/parameters/pretty' - - $ref: '#/components/parameters/wait_for_complete' - responses: - '200': - description: "Remove result" - content: - application/json: - schema: - allOf: - - $ref: '#/components/schemas/ApiResponse' - - type: object - properties: - data: - $ref: '#/components/schemas/AllItemsResponseRoles' - example: - data: - affected_items: - - id: 4 - name: administrator - policies: - - 4 - - 5 - rules: - - 8 - users: - - 101 - - 104 - failed_items: [] - total_affected_items: 1 - total_failed_items: 0 - message: All specified roles were deleted - error: 0 - - '400': - $ref: '#/components/responses/ResponseError' - '401': - $ref: '#/components/responses/UnauthorizedResponse' - '403': - $ref: '#/components/responses/PermissionDeniedResponse' - '405': - $ref: '#/components/responses/InvalidHTTPMethodResponse' - '429': - $ref: '#/components/responses/TooManyRequestsResponse' - - /security/roles/{role_id}: - put: - tags: - - Security - summary: "Update role" - description: "Modify a role, cannot modify associated policies in this endpoint, at least one property must be - indicated" - operationId: api.controllers.security_controller.update_role - x-rbac-actions: - - $ref: '#/x-rbac-catalog/actions/security:update' - parameters: - - $ref: '#/components/parameters/role_id' - - $ref: '#/components/parameters/pretty' - - $ref: '#/components/parameters/wait_for_complete' - requestBody: - content: - application/json: - schema: - $ref: '#/components/schemas/RolesRequest_no_required' - example: - name: "normal" - responses: - '200': - description: "Information of role modified" - content: - application/json: - schema: - allOf: - - $ref: '#/components/schemas/ApiResponse' - - type: object - properties: - data: - $ref: '#/components/schemas/AllItemsResponseRoles' - example: - data: - affected_items: - - id: 5 - name: normal8 - policies: [] - rules: - - 100 - total_affected_items: 1 - message: "Role was successfully updated" - error: 0 - '400': - $ref: '#/components/responses/ResponseError' - '401': - $ref: '#/components/responses/UnauthorizedResponse' - '403': - $ref: '#/components/responses/PermissionDeniedResponse' - '405': - $ref: '#/components/responses/InvalidHTTPMethodResponse' - '406': - $ref: '#/components/responses/WrongContentTypeResponse' - '413': - $ref: '#/components/responses/RequestTooLargeResponse' - '429': - $ref: '#/components/responses/TooManyRequestsResponse' - - /security/rules: - get: - tags: - - Security - summary: "List security rules" - description: "Get a list of security rules from the system or all of them. These rules must be mapped with roles - to obtain certain access privileges. For a specific list, indicate the ids separated by commas. - Example: ?rule_ids=1,2,3" - operationId: api.controllers.security_controller.get_rules - x-rbac-actions: - - $ref: '#/x-rbac-catalog/actions/security:read' - parameters: - - $ref: '#/components/parameters/security_rule_ids' - - $ref: '#/components/parameters/limit' - - $ref: '#/components/parameters/offset' - - $ref: '#/components/parameters/pretty' - - $ref: '#/components/parameters/search' - - $ref: '#/components/parameters/sort' - - $ref: '#/components/parameters/wait_for_complete' - responses: - '200': - description: "Return a list of security rules" - content: - application/json: - schema: - allOf: - - $ref: '#/components/schemas/ApiResponse' - - type: object - properties: - data: - $ref: '#/components/schemas/AllItemsResponseRoles' - example: - data: - affected_items: - - id: 1 - name: "admin_rule" - rule: - FIND: - r'^auth[a-zA-Z]+$': - - "administrator" - - id: 2 - name: "limit_access_rule" - rule: - MATCH: - privileges: 'limit_access' - total_affected_items: 2 - message: "All specified security rules were returned" - error: 0 - '400': - $ref: '#/components/responses/ResponseError' - '401': - $ref: '#/components/responses/UnauthorizedResponse' - '403': - $ref: '#/components/responses/PermissionDeniedResponse' - '405': - $ref: '#/components/responses/InvalidHTTPMethodResponse' - '429': - $ref: '#/components/responses/TooManyRequestsResponse' - - post: - tags: - - Security - summary: "Add security rule" - description: "Add a new security rule" - operationId: api.controllers.security_controller.add_rule - x-rbac-actions: - - $ref: '#/x-rbac-catalog/actions/security:create' - parameters: - - $ref: '#/components/parameters/pretty' - - $ref: '#/components/parameters/wait_for_complete' - requestBody: - content: - application/json: - schema: - $ref: '#/components/schemas/SecurityRulesRequest' - example: - name: - "New_Rule" - rule: - MATCH: - definition: "normalRule" - responses: - '200': - description: "Return the information of the new security rule" - content: - application/json: - schema: - allOf: - - $ref: '#/components/schemas/ApiResponse' - - type: object - properties: - data: - $ref: '#/components/schemas/AllItemsResponseRoles' - example: - data: - affected_items: - - id: 3 - name: "new_rule" - rule: - MATCH: - definition: "normalRule" - roles: [] - total_affected_items: 1 - failed_items: [] - total_failed_items: 0 - message: "Security rule was successfully created" - error: 0 - '400': - $ref: '#/components/responses/ResponseError' - '401': - $ref: '#/components/responses/UnauthorizedResponse' - '403': - $ref: '#/components/responses/PermissionDeniedResponse' - '405': - $ref: '#/components/responses/InvalidHTTPMethodResponse' - '406': - $ref: '#/components/responses/WrongContentTypeResponse' - '413': - $ref: '#/components/responses/RequestTooLargeResponse' - '429': - $ref: '#/components/responses/TooManyRequestsResponse' - - delete: - tags: - - Security - summary: "Delete security rules" - description: "Delete a list of security rules or all security rules in the system, roles linked to rules are not - going to be deleted" - operationId: api.controllers.security_controller.remove_rules - x-rbac-actions: - - $ref: '#/x-rbac-catalog/actions/security:delete' - parameters: - - $ref: '#/components/parameters/security_rule_ids_delete' - - $ref: '#/components/parameters/pretty' - - $ref: '#/components/parameters/wait_for_complete' - responses: - '200': - description: "Remove result" - content: - application/json: - schema: - allOf: - - $ref: '#/components/schemas/ApiResponse' - - type: object - properties: - data: - $ref: '#/components/schemas/AllItemsResponseRoles' - example: - data: - affected_items: - - id: 3 - name: "new_rule" - rule: - MATCH: - definition: "normalRule" - roles: [] - total_affected_items: 1 - failed_items: [] - total_failed_items: 0 - message: "All specified security rules were deleted" - error: 0 - '400': - $ref: '#/components/responses/ResponseError' - '401': - $ref: '#/components/responses/UnauthorizedResponse' - '403': - $ref: '#/components/responses/PermissionDeniedResponse' - '405': - $ref: '#/components/responses/InvalidHTTPMethodResponse' - '429': - $ref: '#/components/responses/TooManyRequestsResponse' - - /security/rules/{rule_id}: - put: - tags: - - Security - summary: "Update security rule" - description: "Modify a security rule by specifying its ID" - operationId: api.controllers.security_controller.update_rule - x-rbac-actions: - - $ref: '#/x-rbac-catalog/actions/security:update' - parameters: - - $ref: '#/components/parameters/pretty' - - $ref: '#/components/parameters/wait_for_complete' - - $ref: '#/components/parameters/security_rule_id' - requestBody: - content: - application/json: - schema: - $ref: '#/components/schemas/SecurityRulesRequest_no_required' - example: - name: "new_name" - rule: - MATCH: - definition: "normalRule" - responses: - '200': - description: "Security rule updated successfully" - content: - application/json: - schema: - allOf: - - $ref: '#/components/schemas/ApiResponse' - - type: object - properties: - data: - $ref: '#/components/schemas/AllItemsResponseUsers' - example: - data: - affected_items: - - id: 3 - name: "new_name" - rule: - MATCH: - definition: "updated_rule" - roles: [] - total_affected_items: 1 - failed_items: [] - total_failed_items: 0 - message: "Security rule was successfully updated" - error: 0 - '400': - $ref: '#/components/responses/ResponseError' - '401': - $ref: '#/components/responses/UnauthorizedResponse' - '405': - $ref: '#/components/responses/InvalidHTTPMethodResponse' - '406': - $ref: '#/components/responses/WrongContentTypeResponse' - '429': - $ref: '#/components/responses/TooManyRequestsResponse' - - /security/policies: - get: - tags: - - Security - summary: "List policies" - description: "Get all policies in the system, including the administrator policy" - operationId: api.controllers.security_controller.get_policies - x-rbac-actions: - - $ref: '#/x-rbac-catalog/actions/security:read' - parameters: - - $ref: '#/components/parameters/policy_ids_rbac' - - $ref: '#/components/parameters/limit' - - $ref: '#/components/parameters/offset' - - $ref: '#/components/parameters/pretty' - - $ref: '#/components/parameters/search' - - $ref: '#/components/parameters/sort' - - $ref: '#/components/parameters/wait_for_complete' - responses: - '200': - description: "Return a list of policies" - content: - application/json: - schema: - allOf: - - $ref: '#/components/schemas/ApiResponse' - - type: object - properties: - data: - $ref: '#/components/schemas/AllItemsResponsePolicies' - example: - data: - affected_items: - - id: 1 - name: wazuhPolicy - policy: - actions: - - "*:*" - effect: allow - resources: - - "*:*" - - id: 2 - name: test_i - policy: - actions: - - agent:delete - effect: allow - resources: - - agent:id:004 - - agent:id:005 - - agent:id:006 - total_affected_items: 2 - message: "All specified policies were returned" - error: 0 - '400': - $ref: '#/components/responses/ResponseError' - '401': - $ref: '#/components/responses/UnauthorizedResponse' - '403': - $ref: '#/components/responses/PermissionDeniedResponse' - '405': - $ref: '#/components/responses/InvalidHTTPMethodResponse' - '429': - $ref: '#/components/responses/TooManyRequestsResponse' - - post: - tags: - - Security - summary: "Add policy" - description: "Add a new policy, all fields need to be specified" - operationId: api.controllers.security_controller.add_policy - x-rbac-actions: - - $ref: '#/x-rbac-catalog/actions/security:create' - parameters: - - $ref: '#/components/parameters/pretty' - - $ref: '#/components/parameters/wait_for_complete' - requestBody: - content: - application/json: - schema: - $ref: '#/components/schemas/PoliciesRequest' - example: - name: 'normal_policy' - policy: - actions: - - "agent:delete" - resources: - - "agent:id:001" - - "agent:id:002" - - "agent:id:003" - effect: "allow" - responses: - '200': - description: "Add a policy" - content: - application/json: - schema: - allOf: - - $ref: '#/components/schemas/ApiResponse' - - type: object - properties: - data: - $ref: '#/components/schemas/AllItemsResponsePolicies' - example: - data: - affected_items: - - id: 2 - name: 'normal_policy' - policy: - actions: - - "agent:delete" - resources: - - "agent:id:001" - effect: "allow" - roles: [] - total_affected_items: 1 - failed_items: [] - total_failed_items: 0 - message: "Policy was successfully created" - error: 0 - '400': - $ref: '#/components/responses/ResponseError' - '401': - $ref: '#/components/responses/UnauthorizedResponse' - '403': - $ref: '#/components/responses/PermissionDeniedResponse' - '405': - $ref: '#/components/responses/InvalidHTTPMethodResponse' - '406': - $ref: '#/components/responses/WrongContentTypeResponse' - '413': - $ref: '#/components/responses/RequestTooLargeResponse' - '429': - $ref: '#/components/responses/TooManyRequestsResponse' - - delete: - tags: - - Security - summary: "Delete policies" - description: "Delete a list of policies or all policies in the system, roles linked to policies are not going to - be removed" - operationId: api.controllers.security_controller.remove_policies - x-rbac-actions: - - $ref: '#/x-rbac-catalog/actions/security:delete' - parameters: - - $ref: '#/components/parameters/policy_ids_rbac_delete' - - $ref: '#/components/parameters/pretty' - - $ref: '#/components/parameters/wait_for_complete' - responses: - '200': - description: "Operation result" - content: - application/json: - schema: - allOf: - - $ref: '#/components/schemas/ApiResponse' - - type: object - properties: - data: - $ref: '#/components/schemas/AllItemsResponsePolicies' - example: - data: - affected_items: - - id: 8 - name: policy2 - policy: - actions: - - role:read - effect: allow - resources: - - role:id:1 - roles: - - 3 - - 6 - failed_items: [] - total_affected_items: 1 - total_failed_items: 0 - message: "All specified policies were deleted" - error: 0 - '400': - $ref: '#/components/responses/ResponseError' - '401': - $ref: '#/components/responses/UnauthorizedResponse' - '403': - $ref: '#/components/responses/PermissionDeniedResponse' - '405': - $ref: '#/components/responses/InvalidHTTPMethodResponse' - '429': - $ref: '#/components/responses/TooManyRequestsResponse' - - /security/policies/{policy_id}: - put: - tags: - - Security - summary: "Update policy" - description: "Modify a policy, at least one property must be indicated" - operationId: api.controllers.security_controller.update_policy - x-rbac-actions: - - $ref: '#/x-rbac-catalog/actions/security:update' - parameters: - - $ref: '#/components/parameters/policy_id_rbac' - - $ref: '#/components/parameters/pretty' - - $ref: '#/components/parameters/wait_for_complete' - requestBody: - content: - application/json: - schema: - $ref: '#/components/schemas/PoliciesRequest_no_required' - example: - name: 'wazuhPolicy' - policy: - actions: - - "agent:delete" - resources: - - "agent:id:001" - - "agent:id:002" - - "agent:id:003" - effect: 'allow' - responses: - '200': - description: "Information of policy modified" - content: - application/json: - schema: - allOf: - - $ref: '#/components/schemas/ApiResponse' - - type: object - properties: - data: - $ref: '#/components/schemas/AllItemsResponsePolicies' - example: - data: - affected_items: - - id: 2 - name: wazuhPolicy - policy: - actions: - - agent:delete - effect: allow - resources: - - agent:id:001 - - agent:id:002 - - agent:id:003 - roles: [] - total_affected_items: 1 - message: "Policy was successfully updated" - error: 0 - - '400': - $ref: '#/components/responses/ResponseError' - '401': - $ref: '#/components/responses/UnauthorizedResponse' - '403': - $ref: '#/components/responses/PermissionDeniedResponse' - '405': - $ref: '#/components/responses/InvalidHTTPMethodResponse' - '406': - $ref: '#/components/responses/WrongContentTypeResponse' - '413': - $ref: '#/components/responses/RequestTooLargeResponse' - '429': - $ref: '#/components/responses/TooManyRequestsResponse' - - /security/users/{user_id}/roles: - post: - tags: - - Security - summary: "Add roles to user" - description: "Create a specified relation role-policy, one user may have multiples roles" - operationId: api.controllers.security_controller.set_user_role - x-rbac-actions: - - $ref: '#/x-rbac-catalog/actions/security:update' - parameters: - - $ref: '#/components/parameters/user_id_required' - - $ref: '#/components/parameters/role_ids_required' - - $ref: '#/components/parameters/security_position' - - $ref: '#/components/parameters/pretty' - - $ref: '#/components/parameters/wait_for_complete' - responses: - '200': - description: "Role information" - content: - application/json: - schema: - allOf: - - $ref: '#/components/schemas/ApiResponse' - - type: object - properties: - data: - $ref: '#/components/schemas/AllItemsResponseUsers' - example: - data: - affected_items: - - id: 3 - username: string - roles: - - 9 - - 8 - total_affected_items: 2 - total_failed_items: 0 - failed_items: [] - message: All roles were linked to user 3 - error: 0 - '400': - $ref: '#/components/responses/ResponseError' - '401': - $ref: '#/components/responses/UnauthorizedResponse' - '403': - $ref: '#/components/responses/PermissionDeniedResponse' - '405': - $ref: '#/components/responses/InvalidHTTPMethodResponse' - '429': - $ref: '#/components/responses/TooManyRequestsResponse' - - delete: - tags: - - Security - summary: "Remove roles from user" - description: "Delete a specified relation user-roles" - operationId: api.controllers.security_controller.remove_user_role - x-rbac-actions: - - $ref: '#/x-rbac-catalog/actions/security:delete' - parameters: - - $ref: '#/components/parameters/user_id_required' - - $ref: '#/components/parameters/role_ids_delete' - - $ref: '#/components/parameters/pretty' - - $ref: '#/components/parameters/wait_for_complete' - responses: - '200': - description: "Role information" - content: - application/json: - schema: - allOf: - - $ref: '#/components/schemas/ApiResponse' - - type: object - properties: - data: - $ref: '#/components/schemas/AllItemsResponseUsers' - example: - data: - affected_items: - - id: 3 - username: string - roles: [] - total_affected_items: 1 - total_failed_items: 0 - failed_items: [] - message: All roles were unlinked from user 3 - error: 0 - '400': - $ref: '#/components/responses/ResponseError' - '401': - $ref: '#/components/responses/UnauthorizedResponse' - '403': - $ref: '#/components/responses/PermissionDeniedResponse' - '405': - $ref: '#/components/responses/InvalidHTTPMethodResponse' - '429': - $ref: '#/components/responses/TooManyRequestsResponse' - - /security/roles/{role_id}/policies: - post: - tags: - - Security - summary: "Add policies to role" - description: "Create a specified relation role-policy, one role may have multiples policies" - operationId: api.controllers.security_controller.set_role_policy - x-rbac-actions: - - $ref: '#/x-rbac-catalog/actions/security:update' - parameters: - - $ref: '#/components/parameters/role_id' - - $ref: '#/components/parameters/policy_ids_rbac_required' - - $ref: '#/components/parameters/security_position' - - $ref: '#/components/parameters/pretty' - - $ref: '#/components/parameters/wait_for_complete' - responses: - '200': - description: "Role information" - content: - application/json: - schema: - allOf: - - $ref: '#/components/schemas/ApiResponse' - example: - data: - affected_items: - - id: 3 - name: normal - policies: - - 2 - - 3 - rules: - - 5 - users: [] - failed_items: [] - total_affected_items: 2 - total_failed_items: 0 - message: All policies were linked to role 3 - error: 0 - - '400': - $ref: '#/components/responses/ResponseError' - '401': - $ref: '#/components/responses/UnauthorizedResponse' - '403': - $ref: '#/components/responses/PermissionDeniedResponse' - '405': - $ref: '#/components/responses/InvalidHTTPMethodResponse' - '429': - $ref: '#/components/responses/TooManyRequestsResponse' - - delete: - tags: - - Security - summary: "Remove policies from role" - description: "Delete a specified relation role-policy" - operationId: api.controllers.security_controller.remove_role_policy - x-rbac-actions: - - $ref: '#/x-rbac-catalog/actions/security:delete' - parameters: - - $ref: '#/components/parameters/role_id' - - $ref: '#/components/parameters/policy_ids_rbac_delete' - - $ref: '#/components/parameters/pretty' - - $ref: '#/components/parameters/wait_for_complete' - responses: - '200': - description: "Role information" - content: - application/json: - schema: - allOf: - - $ref: '#/components/schemas/ApiResponse' - example: - data: - affected_items: - - id: 3 - name: normal - policies: [] - rules: - - 1 - users: [] - failed_items: [] - total_affected_items: 2 - total_failed_items: 0 - message: All policies were unlinked from role 3 - error: 0 - '400': - $ref: '#/components/responses/ResponseError' - '401': - $ref: '#/components/responses/UnauthorizedResponse' - '403': - $ref: '#/components/responses/PermissionDeniedResponse' - '405': - $ref: '#/components/responses/InvalidHTTPMethodResponse' - '429': - $ref: '#/components/responses/TooManyRequestsResponse' - - /security/roles/{role_id}/rules: - post: - tags: - - Security - summary: "Add security rules to role" - description: "Create a specific role-rule relation. One role may have multiple security rules" - operationId: api.controllers.security_controller.set_role_rule - x-rbac-actions: - - $ref: '#/x-rbac-catalog/actions/security:update' - parameters: - - $ref: '#/components/parameters/role_id' - - $ref: '#/components/parameters/security_rule_ids_required' - - $ref: '#/components/parameters/pretty' - - $ref: '#/components/parameters/wait_for_complete' - responses: - '200': - description: "Role information" - content: - application/json: - schema: - allOf: - - $ref: '#/components/schemas/ApiResponse' - example: - data: - affected_items: - - id: 5 - name: normal - policies: - - 2 - - 3 - rules: - - 3 - users: [] - failed_items: [] - total_affected_items: 1 - total_failed_items: 0 - message: "All security rules were linked to role 5" - error: 0 - - '400': - $ref: '#/components/responses/ResponseError' - '401': - $ref: '#/components/responses/UnauthorizedResponse' - '403': - $ref: '#/components/responses/PermissionDeniedResponse' - '405': - $ref: '#/components/responses/InvalidHTTPMethodResponse' - '429': - $ref: '#/components/responses/TooManyRequestsResponse' - - delete: - tags: - - Security - summary: "Remove security rules from role" - description: "Delete a specific role-rule relation" - operationId: api.controllers.security_controller.remove_role_rule - x-rbac-actions: - - $ref: '#/x-rbac-catalog/actions/security:delete' - parameters: - - $ref: '#/components/parameters/role_id' - - $ref: '#/components/parameters/security_rule_ids_delete' - - $ref: '#/components/parameters/pretty' - - $ref: '#/components/parameters/wait_for_complete' - responses: - '200': - description: "Role information" - content: - application/json: - schema: - allOf: - - $ref: '#/components/schemas/ApiResponse' - example: - data: - affected_items: - - id: 3 - name: normal - policies: [] - rules: [] - users: [] - failed_items: [] - total_affected_items: 2 - total_failed_items: 0 - message: "All security rules were unlinked from role 3" - error: 0 - '400': - $ref: '#/components/responses/ResponseError' - '401': - $ref: '#/components/responses/UnauthorizedResponse' - '403': - $ref: '#/components/responses/PermissionDeniedResponse' - '405': - $ref: '#/components/responses/InvalidHTTPMethodResponse' - '429': - $ref: '#/components/responses/TooManyRequestsResponse' - - /overview/agents: - get: - tags: - - Overview - summary: "Get agents overview" - description: "Return a dictionary with a full agents overview" - operationId: api.controllers.overview_controller.get_overview_agents - x-rbac-actions: - - $ref: '#/x-rbac-catalog/actions/agent:read' - - $ref: '#/x-rbac-catalog/actions/group:read' - parameters: - - $ref: '#/components/parameters/pretty' - - $ref: '#/components/parameters/wait_for_complete' - responses: - '200': - description: "Overview of agents" - content: - application/json: - schema: - allOf: - - $ref: '#/components/schemas/ApiResponse' - - type: object - properties: - data: - $ref: '#/components/schemas/OverviewAgents' - example: - data: - nodes: - items: - - count: 1 - node_name: master-node - - count: 1 - node_name: worker1 - totalItems: 2 - groups: - items: - - count: 5 - name: default - mergedSum: 8cf9a9972b793548a1bb6fbb00e58af6 - configSum: ab73af41699f13fdd81903b5f23d8d00 - totalItems: 1 - agent_os: - items: - - os: - name: Ubuntu - platform: ubuntu - version: 18.04.2 LTS - count: 6 - totalItems: 6 - agent_status: - total: 6 - active: 6 - disconnected: 0 - never_connected: 0 - pending: 0 - agent_version: - items: - - version: Wazuh v4.0.0 - count: 1 - - version: Wazuh v3.11.0 - count: 5 - totalItems: 6 - last_registered_agent: - os: - arch: x86_64 - codename: Bionic Beaver - minor: "18" - major: "04" - name: Ubuntu - platform: ubuntu - uname: "Linux |ee7d4f51c0ae |4.18.0-16-generic |#17~18.04.1-Ubuntu SMP Tue Feb 12 13:35:51 UTC - 2019 |x86_64" - version: 18.04.2 LTS - version: Wazuh v3.9.5 - dateAdd: "2019-08-20 11:42:14" - node_name: master-node - status: active - group: - - default - mergedSum: 8cf9a9972b793548a1bb6fbb00e58af6 - name: ee7d4f51c0ae - lastKeepAlive: "2019-08-20 11:48:20" - configSum: ab73af41699f13fdd81903b5f23d8d00 - registerIP: any - ip: "172.20.0.8" - id: "005" - manager: 1a683501f77f - '400': - $ref: '#/components/responses/ResponseError' - '401': - $ref: '#/components/responses/UnauthorizedResponse' - '403': - $ref: '#/components/responses/PermissionDeniedResponse' - '405': - $ref: '#/components/responses/InvalidHTTPMethodResponse' - '429': - $ref: '#/components/responses/TooManyRequestsResponse' - - /security/config: - get: - tags: - - Security - summary: "Get security config" - description: "Return the security configuration in JSON format" - operationId: api.controllers.security_controller.get_security_config - x-rbac-actions: - - $ref: "#/x-rbac-catalog/actions/security:read_config" - parameters: - - $ref: "#/components/parameters/pretty" - - $ref: "#/components/parameters/wait_for_complete" - responses: - '200': - description: "Current security configuration" - content: - application/json: - schema: - $ref: "#/components/schemas/ApiResponse" - example: - auth_token_exp_timeout: 900 - rbac_mode: white - '400': - $ref: '#/components/responses/ResponseError' - '401': - $ref: '#/components/responses/UnauthorizedResponse' - '403': - $ref: '#/components/responses/PermissionDeniedResponse' - '405': - $ref: '#/components/responses/InvalidHTTPMethodResponse' - '429': - $ref: '#/components/responses/TooManyRequestsResponse' - - put: - tags: - - Security - summary: "Update security config" - description: "Update the security configuration with the data contained in the API request" - operationId: api.controllers.security_controller.put_security_config - x-rbac-actions: - - $ref: "#/x-rbac-catalog/actions/security:update_config" - parameters: - - $ref: "#/components/parameters/pretty" - - $ref: "#/components/parameters/wait_for_complete" - requestBody: - content: - application/json: - schema: - $ref: "#/components/schemas/SecurityConfiguration" - responses: - '200': - description: 'Configuration successfully updated' - content: - application/json: - schema: - type: object - example: - message: 'Configuration successfully updated' - error: 0 - '400': - $ref: '#/components/responses/ResponseError' - '401': - $ref: '#/components/responses/UnauthorizedResponse' - '405': - $ref: '#/components/responses/InvalidHTTPMethodResponse' - '406': - $ref: '#/components/responses/WrongContentTypeResponse' - '429': - $ref: '#/components/responses/TooManyRequestsResponse' - - delete: - tags: - - Security - summary: "Restore default security config" - description: "Replaces the security configuration with the original one" - operationId: api.controllers.security_controller.delete_security_config - x-rbac-actions: - - $ref: "#/x-rbac-catalog/actions/security:update_config" - parameters: - - $ref: "#/components/parameters/pretty" - - $ref: "#/components/parameters/wait_for_complete" - responses: - '200': - description: 'Configuration successfully updated' - content: - application/json: - schema: - type: object - example: - message: 'Configuration successfully updated' - error: 0 - '400': - $ref: '#/components/responses/ResponseError' - '401': - $ref: '#/components/responses/UnauthorizedResponse' - '405': - $ref: '#/components/responses/InvalidHTTPMethodResponse' - '429': - $ref: '#/components/responses/TooManyRequestsResponse' - -externalDocs: - description: "Find more about Wazuh API usage" - url: 'https://documentation.wazuh.com/4.0/user-manual/api/index.html' diff --git a/go.mod b/go.mod index 033a80c..002f9cf 100644 --- a/go.mod +++ b/go.mod @@ -1,24 +1,41 @@ module github.com/autonubil/go-wazuh require ( - github.com/4kills/go-zlib v1.1.0 github.com/StackExchange/wmi v1.2.1 // indirect github.com/coreos/go-semver v0.3.0 - github.com/deepmap/oapi-codegen v1.8.3 - github.com/getsentry/sentry-go v0.11.0 + github.com/deepmap/oapi-codegen v1.10.1 github.com/google/martian v2.1.0+incompatible - github.com/joncrlsn/dque v0.0.0-20200702023911-3e80e3146ce5 // indirect + github.com/joncrlsn/dque v0.0.0-20211108142734-c2ef48c5192a github.com/kr/text v0.2.0 // indirect - github.com/matishsiao/goInfo v0.0.0-20210923090445-da2e3fa8d45f // indirect + github.com/matishsiao/goInfo v0.0.0-20210923090445-da2e3fa8d45f github.com/niemeyer/pretty v0.0.0-20200227124842-a10e7caefd8e // indirect - github.com/shirou/gopsutil v3.21.6+incompatible - github.com/tklauser/go-sysconf v0.3.9 // indirect + github.com/shirou/gopsutil v3.21.11+incompatible + github.com/tklauser/go-sysconf v0.3.10 // indirect go.uber.org/ratelimit v0.2.0 - go.uber.org/zap v1.19.1 - golang.org/x/crypto v0.0.0-20201221181555-eec23a3978ad - golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1 // indirect - gopkg.in/check.v1 v1.0.0-20200227125254-8fa46927fb4f // indirect + go.uber.org/zap v1.21.0 + golang.org/x/crypto v0.0.0-20220507011949-2cf3adece122 +) + +require ( + github.com/4kills/go-libdeflate v1.3.1 + github.com/getsentry/sentry-go v0.13.0 + github.com/golang-jwt/jwt v3.2.2+incompatible + github.com/iancoleman/strcase v0.2.0 + github.com/pkg/errors v0.9.1 +) + +require ( + github.com/andres-erbsen/clock v0.0.0-20160526145045-9e14626cd129 // indirect + github.com/go-ole/go-ole v1.2.6 // indirect + github.com/gofrs/flock v0.8.1 // indirect + github.com/google/uuid v1.3.0 // indirect + github.com/tklauser/numcpus v0.4.0 // indirect + github.com/yusufpapurcu/wmi v1.2.2 // indirect + go.uber.org/atomic v1.9.0 // indirect + go.uber.org/multierr v1.8.0 // indirect + golang.org/x/sys v0.0.0-20220503163025-988cb79eb6c6 // indirect + gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c // indirect gopkg.in/yaml.v2 v2.4.0 // indirect ) -go 1.16 +go 1.17 diff --git a/go.sum b/go.sum index b814e52..4eb428f 100644 --- a/go.sum +++ b/go.sum @@ -1,5 +1,5 @@ -github.com/4kills/go-zlib v1.1.0 h1:16INsJZ1+9ClgPbWh3eOBd8lKAK1FRemTwYgtmwcCQQ= -github.com/4kills/go-zlib v1.1.0/go.mod h1:ngBUonyN1YJBHSknfLPNtWokAjYhHsaZDio8yS+BqSo= +github.com/4kills/go-libdeflate v1.3.1 h1:kSjLD3TsjP0534eAk9CGPV50JXmqs5ROCidHlC+Qhhw= +github.com/4kills/go-libdeflate v1.3.1/go.mod h1:TYJr1Fgfl+WYg0H5ib0SYT57dkUwOs5ujNA+xvcvh8s= github.com/AndreasBriese/bbloom v0.0.0-20190306092124-e2d15f34fcf9/go.mod h1:bOvUY6CB00SOBii9/FifXqc0awNKxLFCL/+pkDPuyl8= github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU= github.com/CloudyKit/fastprinter v0.0.0-20200109182630-33d98a066a53/go.mod h1:+3IMCy2vIlbG1XG/0ggNQv0SvxCAIpPM5b1nCz56Xno= @@ -13,6 +13,7 @@ github.com/andres-erbsen/clock v0.0.0-20160526145045-9e14626cd129 h1:MzBOUgng9or github.com/andres-erbsen/clock v0.0.0-20160526145045-9e14626cd129/go.mod h1:rFgpPQZYZ8vdbc+48xibu8ALc3yeyd64IhHS+PU6Yyg= github.com/armon/consul-api v0.0.0-20180202201655-eb2c6b5be1b6/go.mod h1:grANhF5doyWs3UAsr3K4I6qtAmlQcZDesFNEHPZAzj8= github.com/aymerick/raymond v2.0.3-0.20180322193309-b565731e1464+incompatible/go.mod h1:osfaiScAUVup+UC9Nfq76eWqDhXlp+4UYaA8uhTBO6g= +github.com/benbjohnson/clock v1.1.0 h1:Q92kusRqC1XV2MjkWETPvjJVqKetz1OzxZB7mHJLju8= github.com/benbjohnson/clock v1.1.0/go.mod h1:J11/hYXuz8f4ySSvYwY0FKfm+ezbsZBKZxNJlLklBHA= github.com/codegangsta/inject v0.0.0-20150114235600-33e0aa1cb7c0/go.mod h1:4Zcjuz89kmFXt9morQgcfYZAYZ5n8WHjt81YYWIwtTM= github.com/coreos/etcd v3.3.10+incompatible/go.mod h1:uF7uidLiAD3TWHmW31ZFd/JWoc32PjwdhPthX9715RE= @@ -26,8 +27,13 @@ github.com/cyberdelia/templates v0.0.0-20141128023046-ca7fffd4298c/go.mod h1:GyV github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= +github.com/decred/dcrd/crypto/blake256 v1.0.0/go.mod h1:sQl2p6Y26YV+ZOcSTP6thNdn47hh8kt6rqSlvmrXFAc= +github.com/decred/dcrd/dcrec/secp256k1/v4 v4.0.0-20210816181553-5444fa50b93d/go.mod h1:tmAIfUFEirG/Y8jhZ9M+h36obRZAk/1fcSpXwAVlfqE= +github.com/decred/dcrd/dcrec/secp256k1/v4 v4.0.1/go.mod h1:hyedUtir6IdtD/7lIxGeCxkaw7y45JueMRL4DIyJDKs= github.com/deepmap/oapi-codegen v1.8.3 h1:0TkiSYTJGD1GU+CTyiKT5XqFZfrxkaTlFGxE1J69VAY= github.com/deepmap/oapi-codegen v1.8.3/go.mod h1:WG64zU4J1vxgkwgXq1ysfi9eayMH9y1g2aXNdCXr/i0= +github.com/deepmap/oapi-codegen v1.10.1 h1:xybuJUR6D8l7P+LAuxOm5SD7nTlFKHWvOPl31q+DDVs= +github.com/deepmap/oapi-codegen v1.10.1/go.mod h1:TvVmDQlUkFli9gFij/gtW1o+tFBr4qCHyv2zG+R0YZY= github.com/dgraph-io/badger v1.6.0/go.mod h1:zwt7syl517jmP8s94KqSxTlM6IMsdhYy6psNgSztDR4= github.com/dgrijalva/jwt-go v3.2.0+incompatible/go.mod h1:E3ru+11k8xSBh+hMPgOLZmtrrCbhqsmaPHjLKYnJCaQ= github.com/dgryski/go-farm v0.0.0-20190423205320-6a90982ecee2/go.mod h1:SqUrOPUnsFjfmXRMNPybcSiG0BgUW2AuFH8PAnS2iTw= @@ -39,27 +45,51 @@ github.com/fatih/structs v1.1.0/go.mod h1:9NiDSp5zOcgEDl+j00MP/WkGVPOlPRLejGD8Ga github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo= github.com/gavv/httpexpect v2.0.0+incompatible/go.mod h1:x+9tiU1YnrOvnB725RkpoLv1M62hOWzwo5OXotisrKc= github.com/getkin/kin-openapi v0.61.0/go.mod h1:7Yn5whZr5kJi6t+kShccXS8ae1APpYTW6yheSwk8Yi4= -github.com/getsentry/sentry-go v0.11.0 h1:qro8uttJGvNAMr5CLcFI9CHR0aDzXl0Vs3Pmw/oTPg8= -github.com/getsentry/sentry-go v0.11.0/go.mod h1:KBQIxiZAetw62Cj8Ri964vAEWVdgfaUCn30Q3bCvANo= +github.com/getkin/kin-openapi v0.94.0/go.mod h1:LWZfzOd7PRy8GJ1dJ6mCU6tNdSfOwRac1BUPam4aw6Q= +github.com/getsentry/sentry-go v0.12.0 h1:era7g0re5iY13bHSdN/xMkyV+5zZppjRVQhZrXCaEIk= +github.com/getsentry/sentry-go v0.12.0/go.mod h1:NSap0JBYWzHND8oMbyi0+XZhUalc1TBdRL1M71JZW2c= +github.com/getsentry/sentry-go v0.13.0 h1:20dgTiUSfxRB/EhMPtxcL9ZEbM1ZdR+W/7f7NWD+xWo= +github.com/getsentry/sentry-go v0.13.0/go.mod h1:EOsfu5ZdvKPfeHYV6pTVQnsjfp30+XA7//UooKNumH0= github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04= github.com/gin-contrib/sse v0.0.0-20190301062529-5545eab6dad3/go.mod h1:VJ0WA2NBN22VlZ2dKZQPAPnyWw5XTlK1KymzLKsr59s= +github.com/gin-contrib/sse v0.1.0/go.mod h1:RHrZQHXnP2xjPF+u1gW/2HnVO7nvIa9PG3Gm+fLHvGI= github.com/gin-gonic/gin v1.4.0/go.mod h1:OW2EZn3DO8Ln9oIKOvM++LBO+5UPHJJDH72/q/3rZdM= +github.com/gin-gonic/gin v1.7.7/go.mod h1:axIBovoeJpVj8S3BwE0uPMTeReE4+AfFtqpqaZ1qq1U= github.com/go-check/check v0.0.0-20180628173108-788fd7840127/go.mod h1:9ES+weclKsC9YodN5RgxqK/VD9HM9JsCSh7rNhMZE98= github.com/go-chi/chi/v5 v5.0.0/go.mod h1:BBug9lr0cqtdAhsu6R4AAdvufI0/XBzAQSsUqJpoZOs= +github.com/go-chi/chi/v5 v5.0.7/go.mod h1:DslCQbL2OYiznFReuXYUmQ2hGd1aDpCnlMNITLSKoi8= github.com/go-errors/errors v1.0.1 h1:LUHzmkK3GUKUrL/1gfBUxAHzcev3apQlezX/+O7ma6w= github.com/go-errors/errors v1.0.1/go.mod h1:f4zRHt4oKfwPJE5k8C9vpYG+aDHdBFUsgrm6/TyX73Q= github.com/go-martini/martini v0.0.0-20170121215854-22fa46961aab/go.mod h1:/P9AEU963A2AYjv4d1V5eVL1CQbEJq6aCNHDDjibzu8= github.com/go-ole/go-ole v1.2.5 h1:t4MGB5xEDZvXI+0rMjjsfBsD7yAgp/s9ZDkL1JndXwY= github.com/go-ole/go-ole v1.2.5/go.mod h1:pprOEPIfldk/42T2oK7lQ4v4JSDwmV0As9GaiUsvbm0= +github.com/go-ole/go-ole v1.2.6 h1:/Fpf6oFPoeFik9ty7siob0G6Ke8QvQEuVcuChpwXzpY= +github.com/go-ole/go-ole v1.2.6/go.mod h1:pprOEPIfldk/42T2oK7lQ4v4JSDwmV0As9GaiUsvbm0= github.com/go-openapi/jsonpointer v0.19.5/go.mod h1:Pl9vOtqEWErmShwVjC8pYs9cog34VGT37dQOVbmoatg= github.com/go-openapi/swag v0.19.5/go.mod h1:POnQmlKehdgb5mhVOsnJFsivZCEZ/vjK9gh66Z9tfKk= +github.com/go-openapi/swag v0.21.1/go.mod h1:QYRuS/SOXUCsnplDa677K7+DxSOj6IPNl/eQntq43wQ= +github.com/go-playground/assert/v2 v2.0.1/go.mod h1:VDjEfimB/XKnb+ZQfWdccd7VUvScMdVu0Titje2rxJ4= +github.com/go-playground/locales v0.13.0/go.mod h1:taPMhCMXrRLJO55olJkUXHZBHCxTMfnGwq/HNwmWNS8= +github.com/go-playground/locales v0.14.0/go.mod h1:sawfccIbzZTqEDETgFXqTho0QybSa7l++s0DH+LDiLs= +github.com/go-playground/universal-translator v0.17.0/go.mod h1:UkSxE5sNxxRwHyU+Scu5vgOQjsIJAF8j9muTVoKLVtA= +github.com/go-playground/universal-translator v0.18.0/go.mod h1:UvRDBj+xPUEGrFYl+lu/H90nyDXpg0fqeB/AQUGNTVA= +github.com/go-playground/validator/v10 v10.4.1/go.mod h1:nlOn6nFhuKACm19sB/8EGNn9GlaMV7XkbRSipzJ0Ii4= +github.com/go-playground/validator/v10 v10.10.1/go.mod h1:i+3WkQ1FvaUjjxh1kSvIA4dMGDBiPU55YFDl0WbKdWU= github.com/gobwas/httphead v0.0.0-20180130184737-2c6c146eadee/go.mod h1:L0fX3K22YWvt/FAX9NnzrNzcI4wNYi9Yku4O0LKYflo= github.com/gobwas/pool v0.2.0/go.mod h1:q8bcK0KcYlCgd9e7WYLm9LpyS+YeLd8JVDW6WezmKEw= github.com/gobwas/ws v1.0.2/go.mod h1:szmBTxLgaFppYjEmNtny/v3w89xOydFnnZMcgRRu/EM= +github.com/goccy/go-json v0.9.6/go.mod h1:6MelG93GURQebXPDq3khkgXZkazVtN9CRI+MGFi0w8I= github.com/gofrs/flock v0.7.1 h1:DP+LD/t0njgoPBvT5MJLeliUIVQR03hiKR6vezdwHlc= github.com/gofrs/flock v0.7.1/go.mod h1:F1TvTiK9OcQqauNUHlbJvyl9Qa1QvF/gOUDKA14jxHU= +github.com/gofrs/flock v0.8.1 h1:+gYjHKf32LDeiEEFhQaotPbLuUXjY5ZqxKgXy7n59aw= +github.com/gofrs/flock v0.8.1/go.mod h1:F1TvTiK9OcQqauNUHlbJvyl9Qa1QvF/gOUDKA14jxHU= +github.com/golang-jwt/jwt v3.2.2+incompatible h1:IfV12K8xAKAnZqdXVzCZ+TOjboZ2keLg81eXfW3O+oY= +github.com/golang-jwt/jwt v3.2.2+incompatible/go.mod h1:8pz2t5EyA70fFQQSrl6XZXzqecmYZeUEB8OUGHkxJ+I= github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= github.com/golang/protobuf v1.3.1/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= +github.com/golang/protobuf v1.3.3/go.mod h1:vzj43D7+SQXF/4pzW/hwtAqwc6iTitCiVSaWz5lYuqw= +github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaSAoJOfIk= +github.com/golang/protobuf v1.5.2/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY= github.com/golangci/lint-1 v0.0.0-20181222135242-d2cdd8c08219/go.mod h1:/X8TswGSh1pIozq4ZwCfxS0WA5JGXguxk94ar/4c87Y= github.com/gomodule/redigo v1.7.1-0.20190724094224-574c33c3df38/go.mod h1:B4C85qUVwatsJoIUNIfCRsp7qO0iAmpGFZ4EELWSbC4= github.com/google/go-cmp v0.5.5 h1:Khx7svrCpmxxtHBq5j2mp/xVjsi8hQMfNLvJFAlrGgU= @@ -68,12 +98,15 @@ github.com/google/go-querystring v1.0.0/go.mod h1:odCYkC5MyYFN7vkCjXpyrEuKhc/BUO github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= github.com/google/martian v2.1.0+incompatible h1:/CP5g8u/VJHijgedC/Legn3BAbAaWPgecwXBIDzw5no= github.com/google/martian v2.1.0+incompatible/go.mod h1:9I4somxYTbIHy5NJKHRl3wXiIaQGbYVAs8BPL6v8lEs= +github.com/google/uuid v1.3.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= github.com/gopherjs/gopherjs v0.0.0-20181017120253-0766667cb4d1/go.mod h1:wJfORRmW1u3UXTncJ5qlYoELFm8eSnnEO6hX4iZ3EWY= github.com/gorilla/mux v1.8.0/go.mod h1:DVbg23sWSpFRCP0SfiEN6jmj59UnW/n46BH5rLB71So= github.com/gorilla/websocket v1.4.1/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE= github.com/hashicorp/go-version v1.2.0/go.mod h1:fltr4n8CU8Ke44wwGCBoEymUuxUHl09ZGVZPK5anwXA= github.com/hashicorp/hcl v1.0.0/go.mod h1:E5yfLk+7swimpb2L/Alb/PJmXilQ/rhwaUYs4T20WEQ= github.com/hpcloud/tail v1.0.0/go.mod h1:ab1qPbhIpdTxEkNHXyeSf5vhxWSCs/tWer42PpOxQnU= +github.com/iancoleman/strcase v0.2.0 h1:05I4QRnGpI0m37iZQRuskXh+w77mr6Z41lwQzuHLwW0= +github.com/iancoleman/strcase v0.2.0/go.mod h1:iwCmte+B7n89clKwxIoIXy/HfoL7AsD47ZCWhYzw7ho= github.com/imkira/go-interpol v1.1.0/go.mod h1:z0h2/2T3XF8kyEPpRgJ3kmNv+C43p+I/CoI+jC3w2iA= github.com/inconshreveable/mousetrap v1.0.0/go.mod h1:PxqpIevigyE2G7u3NXJIT2ANytuPF1OarO4DADm73n8= github.com/iris-contrib/blackfriday v2.0.0+incompatible/go.mod h1:UzZ2bDEoaSGPbkg6SAB4att1aAwTmVIx/5gCVqeyUdI= @@ -83,8 +116,12 @@ github.com/iris-contrib/pongo2 v0.0.1/go.mod h1:Ssh+00+3GAZqSQb30AvBRNxBx7rf0Gqw github.com/iris-contrib/schema v0.0.1/go.mod h1:urYA3uvUNG1TIIjOSCzHr9/LmbQo8LrOcOqfqxa4hXw= github.com/joncrlsn/dque v0.0.0-20200702023911-3e80e3146ce5 h1:bo1aoO6l128nKJCBrFflOj9s+KPqMM7ErNyB5GGBNDs= github.com/joncrlsn/dque v0.0.0-20200702023911-3e80e3146ce5/go.mod h1:dNKs71rs2VJGBAmttu7fouEsRQlRjxy0p1Sx+T5wbpY= +github.com/joncrlsn/dque v0.0.0-20211108142734-c2ef48c5192a h1:sfe532Ipn7GX0V6mHdynBk393rDmqgI0QmjLK7ct7TU= +github.com/joncrlsn/dque v0.0.0-20211108142734-c2ef48c5192a/go.mod h1:dNKs71rs2VJGBAmttu7fouEsRQlRjxy0p1Sx+T5wbpY= +github.com/josharian/intern v1.0.0/go.mod h1:5DoeVV0s6jJacbCEi61lwdGj/aVlrQvzHFFd8Hwg//Y= github.com/json-iterator/go v1.1.6/go.mod h1:+SdeFBvtyEkXs7REEP0seUULqWtbJapLOCVDaaPEHmU= github.com/json-iterator/go v1.1.9/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4= +github.com/json-iterator/go v1.1.12/go.mod h1:e30LSqwooZae/UwlEbR2852Gd8hjQvJoHmT4TnhNGBo= github.com/jtolds/gls v4.20.0+incompatible/go.mod h1:QJZ7F/aHp+rZTRtaJ1ow/lLfFfVYBRgL+9YlvaHOwJU= github.com/k0kubun/colorstring v0.0.0-20150214042306-9440f1994b88/go.mod h1:3w7q1U84EfirKl04SVQ/s7nPm1ZPhiXd34z40TNz36k= github.com/kataras/golog v0.0.10/go.mod h1:yJ8YKCmyL+nWjERB90Qwn+bdyBZsaQwU3bTVFgkFIp8= @@ -97,28 +134,47 @@ github.com/klauspost/compress v1.9.7/go.mod h1:RyIbtBH6LamlWaDj8nUwkbUhJ87Yi3uG0 github.com/klauspost/cpuid v1.2.1/go.mod h1:Pj4uuM528wm8OyEC2QMXAi2YiTZ96dNQPGgoMS4s3ek= github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo= github.com/kr/pretty v0.2.0/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI= +github.com/kr/pretty v0.2.1/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI= +github.com/kr/pretty v0.3.0 h1:WgNl7dwNpEZ6jJ9k1snq4pZsg7DOEN8hP9Xw0Tsjwk0= +github.com/kr/pretty v0.3.0/go.mod h1:640gp4NfQd8pI5XOwp5fnNeVWj67G7CFk/SaSQn7NBk= github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ= github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI= github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY= github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE= -github.com/labstack/echo/v4 v4.1.11/go.mod h1:i541M3Fj6f76NZtHSj7TXnyM8n2gaodfvfxNnFqi74g= github.com/labstack/echo/v4 v4.2.1/go.mod h1:AA49e0DZ8kk5jTOOCKNuPR6oTnBS0dYiM4FW1e6jwpg= +github.com/labstack/echo/v4 v4.5.0/go.mod h1:czIriw4a0C1dFun+ObrXp7ok03xON0N1awStJ6ArI7Y= +github.com/labstack/echo/v4 v4.7.2/go.mod h1:xkCDAdFCIf8jsFQ5NnbK7oqaF/yU1A1X20Ltm0OvSks= github.com/labstack/gommon v0.3.0/go.mod h1:MULnywXg0yavhxWKc+lOruYdAhDwPK9wf0OL7NoOu+k= +github.com/labstack/gommon v0.3.1/go.mod h1:uW6kP17uPlLJsD3ijUYn3/M5bAxtlZhMI6m3MFxTMTM= +github.com/leodido/go-urn v1.2.0/go.mod h1:+8+nEpDfqqsY+g338gtMEUOtuK+4dEMhiQEgxpxOKII= +github.com/leodido/go-urn v1.2.1/go.mod h1:zt4jvISO2HfUBqxjfIshjdMTYS56ZS/qv49ictyFfxY= +github.com/lestrrat-go/backoff/v2 v2.0.8/go.mod h1:rHP/q/r9aT27n24JQLa7JhSQZCKBBOiM/uP402WwN8Y= +github.com/lestrrat-go/blackmagic v1.0.0/go.mod h1:TNgH//0vYSs8VXDCfkZLgIrVTTXQELZffUV0tz3MtdQ= +github.com/lestrrat-go/blackmagic v1.0.1/go.mod h1:UrEqBzIR2U6CnzVyUtfM6oZNMt/7O7Vohk2J0OGSAtU= +github.com/lestrrat-go/httpcc v1.0.1/go.mod h1:qiltp3Mt56+55GPVCbTdM9MlqhvzyuL6W/NMDA8vA5E= +github.com/lestrrat-go/iter v1.0.1/go.mod h1:zIdgO1mRKhn8l9vrZJZz9TUMMFbQbLeTsbqPDrJ/OJc= +github.com/lestrrat-go/iter v1.0.2/go.mod h1:Momfcq3AnRlRjI5b5O8/G5/BvpzrhoFTZcn06fEOPt4= +github.com/lestrrat-go/jwx v1.2.23/go.mod h1:sAXjRwzSvCN6soO4RLoWWm1bVPpb8iOuv0IYfH8OWd8= +github.com/lestrrat-go/option v1.0.0/go.mod h1:5ZHFbivi4xwXxhxY9XHDe2FHo6/Z7WWmtT7T5nBBp3I= github.com/magiconair/properties v1.8.0/go.mod h1:PppfXfuXeibc/6YijjN8zIbojt8czPbwD3XqdrwzmxQ= github.com/mailru/easyjson v0.0.0-20190614124828-94de47d64c63/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc= github.com/mailru/easyjson v0.0.0-20190626092158-b2ccc519800e/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc= -github.com/matishsiao/goInfo v0.0.0-20200404012835-b5f882ee2288 h1:cdM7et8/VlNnSBpq3KbyQWsYLCY0WsB7tvV8Fr0DUNE= -github.com/matishsiao/goInfo v0.0.0-20200404012835-b5f882ee2288/go.mod h1:yLZrFIhv+Z20hxHvcZpEyKVQp9HMsOJkXAxx7yDqtvg= +github.com/mailru/easyjson v0.7.6/go.mod h1:xzfreul335JAWq5oZzymOObrkdz5UnU4kGfJJLY9Nlc= +github.com/mailru/easyjson v0.7.7/go.mod h1:xzfreul335JAWq5oZzymOObrkdz5UnU4kGfJJLY9Nlc= github.com/matishsiao/goInfo v0.0.0-20210923090445-da2e3fa8d45f h1:B0OD7nYl2FPQEVrw8g2uyc1lGEzNbvrKh7fspGZcbvY= github.com/matishsiao/goInfo v0.0.0-20210923090445-da2e3fa8d45f/go.mod h1:aEt7p9Rvh67BYApmZwNDPpgircTO2kgdmDUoF/1QmwA= github.com/matryer/moq v0.0.0-20190312154309-6cfb0558e1bd/go.mod h1:9ELz6aaclSIGnZBoaSLZ3NAl1VTufbOrXBPvtcy6WiQ= +github.com/matryer/moq v0.2.7/go.mod h1:kITsx543GOENm48TUAQyJ9+SAvFSr7iGQXPoth/VUBk= github.com/mattn/go-colorable v0.1.2/go.mod h1:U0ppj6V5qS13XJ6of8GYAs25YV2eR4EVcfRqFIhoBtE= github.com/mattn/go-colorable v0.1.7/go.mod h1:u6P/XSegPjTcexA+o6vUJrdnUu04hMope9wVRipJSqc= github.com/mattn/go-colorable v0.1.8/go.mod h1:u6P/XSegPjTcexA+o6vUJrdnUu04hMope9wVRipJSqc= +github.com/mattn/go-colorable v0.1.11/go.mod h1:u5H1YNBxpqRaxsYJYSkiCWKzEfiAb1Gb520KVy5xxl4= +github.com/mattn/go-colorable v0.1.12/go.mod h1:u5H1YNBxpqRaxsYJYSkiCWKzEfiAb1Gb520KVy5xxl4= github.com/mattn/go-isatty v0.0.7/go.mod h1:Iq45c/XA43vh69/j3iqttzPXn0bhXyGjM0Hdxcsrc5s= github.com/mattn/go-isatty v0.0.8/go.mod h1:Iq45c/XA43vh69/j3iqttzPXn0bhXyGjM0Hdxcsrc5s= github.com/mattn/go-isatty v0.0.9/go.mod h1:YNRxwqDuOph6SZLI9vUUz6OYw3QyUt7WiY2yME+cCiQ= github.com/mattn/go-isatty v0.0.12/go.mod h1:cbi8OIDigv2wuxKPP5vlRcQ1OAZbq2CE4Kysco4FUpU= +github.com/mattn/go-isatty v0.0.14/go.mod h1:7GGIvUiUoEMVVmxf/4nioHXj79iQHKdU27kJ6hsGG94= github.com/mattn/goveralls v0.0.2/go.mod h1:8d1ZMHsd7fW6IRPKQh46F2WRpyib5/X4FOpevwGNQEw= github.com/mediocregopher/radix/v3 v3.4.2/go.mod h1:8FL3F6UQRXHXIBSPUs5h0RybMF8i4n7wVopoX3x7Bv8= github.com/microcosm-cc/bluemonday v1.0.2/go.mod h1:iVP4YcDBq+n/5fb23BhYFvIMq/leAFZyRl6bYmGDlGc= @@ -128,6 +184,7 @@ github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJ github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= github.com/modern-go/reflect2 v0.0.0-20180701023420-4b7aa43c6742/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0= github.com/modern-go/reflect2 v1.0.1/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0= +github.com/modern-go/reflect2 v1.0.2/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk= github.com/moul/http2curl v1.0.0/go.mod h1:8UbvGypXm98wA/IqH45anm5Y2Z6ep6O31QGOAZ3H0fQ= github.com/nats-io/jwt v0.3.0/go.mod h1:fRYCDE99xlTsqUzISS1Bi75UBJ6ljOJQOAAu5VglpSg= github.com/nats-io/nats.go v1.9.1/go.mod h1:ZjDU1L/7fJ09jvUSRVBR2e7+RnLiiIQyqyzEE/Zbp4w= @@ -141,17 +198,23 @@ github.com/onsi/gomega v1.7.1/go.mod h1:XdKZgCCFLUoM/7CFJVPcG8C1xQ1AJ0vpAezJrB7J github.com/pelletier/go-toml v1.2.0/go.mod h1:5z9KED0ma1S8pY6P1sdut58dfprrGBbd/94hg7ilaic= github.com/pingcap/errors v0.11.4 h1:lFuQV/oaUMGcD2tqt+01ROSmJs75VG1ToEOkZIZ4nE4= github.com/pingcap/errors v0.11.4/go.mod h1:Oi8TUi2kEtXXLMJk9l1cGmz20kV3TaQ0usTwv5KuLY8= +github.com/pkg/diff v0.0.0-20210226163009-20ebb0f2a09e/go.mod h1:pJLUxLENpZxwdsKMEsNbx1VGcRFpLqf3715MtcvvzbA= github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4= github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= +github.com/rogpeppe/go-internal v1.6.1/go.mod h1:xXDCJY+GAPziupqXw64V24skbSoqbTEfhy4qGm1nDQc= +github.com/rogpeppe/go-internal v1.8.0 h1:FCbCCtXNOY3UtUuHUYaghJg4y7Fd14rXifAYUAtL9R8= +github.com/rogpeppe/go-internal v1.8.0/go.mod h1:WmiCO8CzOY8rg0OYDC4/i/2WRWAB6poM+XZ2dLUbcbE= github.com/russross/blackfriday v1.5.2/go.mod h1:JO/DiYxRf+HjHt06OyowR9PTA263kcR/rfWxYHBV53g= github.com/ryanuber/columnize v2.1.0+incompatible/go.mod h1:sm1tb6uqfes/u+d4ooFouqFdy9/2g9QGwK3SQygK0Ts= github.com/schollz/closestmatch v2.1.0+incompatible/go.mod h1:RtP1ddjLong6gTkbtmuhtR2uUrrJOpYzYRvbcPAid+g= github.com/sergi/go-diff v1.0.0/go.mod h1:0CfEIISq7TuYL3j771MWULgwwjU+GofnZX9QAmXWZgo= github.com/shirou/gopsutil v3.21.6+incompatible h1:mmZtAlWSd8U2HeRTjswbnDLPxqsEoK01NK+GZ1P+nEM= github.com/shirou/gopsutil v3.21.6+incompatible/go.mod h1:5b4v6he4MtMOwMlS0TUMTu2PcXUg8+E1lC7eC3UO/RA= +github.com/shirou/gopsutil v3.21.11+incompatible h1:+1+c1VGhc88SSonWP6foOcLhvnKlUeu/erjjvaPEYiI= +github.com/shirou/gopsutil v3.21.11+incompatible/go.mod h1:5b4v6he4MtMOwMlS0TUMTu2PcXUg8+E1lC7eC3UO/RA= github.com/shurcooL/sanitized_anchor_name v1.0.0/go.mod h1:1NzhyTcUVG4SuEtjjoZeVRXNmyL/1OwPU0+IJeTBvfc= github.com/smartystreets/assertions v0.0.0-20180927180507-b2de0cb4f26d/go.mod h1:OnSkiWE9lh6wB0YB77sQom3nweQdgAjqCqsofrRNTgc= github.com/smartystreets/goconvey v1.6.4/go.mod h1:syvi0/a8iFYH4r/RixwvyeAJjdLS9QV7WQ/tjFTllLA= @@ -169,16 +232,21 @@ github.com/stretchr/testify v1.5.1/go.mod h1:5W2xD1RspED5o8YsWQXVCued0rvSQ+mT+I5 github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= github.com/stretchr/testify v1.7.0 h1:nwc3DEeHmmLAfoZucVR881uASk0Mfjw8xYJ99tb5CcY= github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= -github.com/tklauser/go-sysconf v0.3.7 h1:HT7h4+536gjqeq1ZIJPgOl1rg1XFatQGVZWp7Py53eg= -github.com/tklauser/go-sysconf v0.3.7/go.mod h1:JZIdXh4RmBvZDBZ41ld2bGxRV3n4daiiqA3skYhAoQ4= +github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= +github.com/tklauser/go-sysconf v0.3.9 h1:JeUVdAOWhhxVcU6Eqr/ATFHgXk/mmiItdKeJPev3vTo= github.com/tklauser/go-sysconf v0.3.9/go.mod h1:11DU/5sG7UexIrp/O6g35hrWzu0JxlwQ3LSFUzyeuhs= -github.com/tklauser/numcpus v0.2.3 h1:nQ0QYpiritP6ViFhrKYsiv6VVxOpum2Gks5GhnJbS/8= -github.com/tklauser/numcpus v0.2.3/go.mod h1:vpEPS/JC+oZGGQ/My/vJnNsvMDQL6PwOqt8dsCw5j+E= +github.com/tklauser/go-sysconf v0.3.10 h1:IJ1AZGZRWbY8T5Vfk04D9WOA5WSejdflXxP03OUqALw= +github.com/tklauser/go-sysconf v0.3.10/go.mod h1:C8XykCvCb+Gn0oNCWPIlcb0RuglQTYaQ2hGm7jmxEFk= +github.com/tklauser/numcpus v0.3.0 h1:ILuRUQBtssgnxw0XXIjKUC56fgnOrFoQQ/4+DeU2biQ= github.com/tklauser/numcpus v0.3.0/go.mod h1:yFGUr7TUHQRAhyqBcEg0Ge34zDBAsIvJJcyE6boqnA8= +github.com/tklauser/numcpus v0.4.0 h1:E53Dm1HjH1/R2/aoCtXtPgzmElmn51aOkhCFSuZq//o= +github.com/tklauser/numcpus v0.4.0/go.mod h1:1+UI3pD8NW14VMwdgJNJ1ESk2UnwhAnz5hMwiKKqXCQ= github.com/ugorji/go v1.1.4/go.mod h1:uQMGLiO92mf5W77hV/PUCpI3pbzQx3CRekS0kk+RGrc= github.com/ugorji/go v1.1.7/go.mod h1:kZn38zHttfInRq0xu/PH0az30d+z6vm202qpg1oXVMw= +github.com/ugorji/go v1.2.7/go.mod h1:nF9osbDWLy6bDVv/Rtoh6QgnvNDpmCalQV5urGCCS6M= github.com/ugorji/go/codec v0.0.0-20181204163529-d75b2dcb6bc8/go.mod h1:VFNgLljTbGfSG7qAOspJ7OScBnGdDN/yBr0sguwnwf0= github.com/ugorji/go/codec v1.1.7/go.mod h1:Ax+UKWsSmolVDwsd+7N3ZtXu+yMGCf907BLYF3GoBXY= +github.com/ugorji/go/codec v1.2.7/go.mod h1:WGN1fab3R1fzQlVQTkfxVtIBhWDRqOviHU95kRgeqEY= github.com/urfave/negroni v1.0.0/go.mod h1:Meg73S6kFm/4PpbYdq35yYWoCZ9mS/YSx+lKnmiohz4= github.com/valyala/bytebufferpool v1.0.0/go.mod h1:6bBcMArwyJ5K/AmCkWv1jt77kVWyCJ6HpOuEn7z0Csc= github.com/valyala/fasthttp v1.6.0/go.mod h1:FstJa9V+Pj9vQ7OJie2qMHdwemEDaDiSdBnvPM1Su9w= @@ -194,16 +262,24 @@ github.com/yudai/gojsondiff v1.0.0/go.mod h1:AY32+k2cwILAkW1fbgxQ5mUmMiZFgLIV+FB github.com/yudai/golcs v0.0.0-20170316035057-ecda9a501e82/go.mod h1:lgjkn3NuSvDfVJdfcVVdX+jpBxNmX4rDAzaS45IcYoM= github.com/yudai/pp v2.0.1+incompatible/go.mod h1:PuxR/8QJ7cyCkFp/aUDS+JY727OFEZkTdatxwunjIkc= github.com/yuin/goldmark v1.3.5/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k= +github.com/yuin/goldmark v1.4.1/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k= go.uber.org/atomic v1.7.0 h1:ADUqmZGgLDDfbSL9ZmPxKTybcoEYHgpYfELNoN+7hsw= go.uber.org/atomic v1.7.0/go.mod h1:fEN4uk6kAWBTFdckzkM89CLk9XfWZrxpCo0nPH17wJc= +go.uber.org/atomic v1.9.0 h1:ECmE8Bn/WFTYwEW/bpKD3M8VtR/zQVbavAoalC1PYyE= +go.uber.org/atomic v1.9.0/go.mod h1:fEN4uk6kAWBTFdckzkM89CLk9XfWZrxpCo0nPH17wJc= +go.uber.org/goleak v1.1.11-0.20210813005559-691160354723 h1:sHOAIxRGBp443oHZIPB+HsUGaksVCXVQENPxwTfQdH4= go.uber.org/goleak v1.1.11-0.20210813005559-691160354723/go.mod h1:cwTWslyiVhfpKIDGSZEM2HlOvcqm+tG4zioyIeLoqMQ= +go.uber.org/goleak v1.1.11/go.mod h1:cwTWslyiVhfpKIDGSZEM2HlOvcqm+tG4zioyIeLoqMQ= go.uber.org/multierr v1.6.0 h1:y6IPFStTAIT5Ytl7/XYmHvzXQ7S3g/IeZW9hyZ5thw4= go.uber.org/multierr v1.6.0/go.mod h1:cdWPpRnG4AhwMwsgIHip0KRBQjJy5kYEpYjJxpXp9iU= +go.uber.org/multierr v1.8.0 h1:dg6GjLku4EH+249NNmoIciG9N/jURbDG+pFlTkhzIC8= +go.uber.org/multierr v1.8.0/go.mod h1:7EAYxJLBy9rStEaz58O2t4Uvip6FSURkq8/ppBp95ak= go.uber.org/ratelimit v0.2.0 h1:UQE2Bgi7p2B85uP5dC2bbRtig0C+OeNRnNEafLjsLPA= go.uber.org/ratelimit v0.2.0/go.mod h1:YYBV4e4naJvhpitQrWJu1vCpgB7CboMe0qhltKt6mUg= -go.uber.org/zap v1.17.0 h1:MTjgFu6ZLKvY6Pvaqk97GlxNBuMpV4Hy/3P6tRGlI2U= -go.uber.org/zap v1.17.0/go.mod h1:MXVU+bhUf/A7Xi2HNOnopQOrmycQ5Ih87HtOu4q5SSo= +go.uber.org/zap v1.19.1 h1:ue41HOKd1vGURxrmeKIgELGb3jPW9DMUDGtsinblHwI= go.uber.org/zap v1.19.1/go.mod h1:j3DNczoxDZroyBnOT1L/Q79cfUMGZxlv/9dzN7SM1rI= +go.uber.org/zap v1.21.0 h1:WefMeulhovoZ2sYXz7st6K0sLj7bBhpiFaud4r4zST8= +go.uber.org/zap v1.21.0/go.mod h1:wjWOCqI0f2ZZrJF/UufIOkiC8ii6tm1iqIsLo76RfJw= golang.org/x/crypto v0.0.0-20181203042331-505ab145d0a9/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= golang.org/x/crypto v0.0.0-20190701094942-4def268fd1a4/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= @@ -211,10 +287,19 @@ golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8U golang.org/x/crypto v0.0.0-20191227163750-53104e6ec876/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/crypto v0.0.0-20200820211705-5c72a883971a/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= -golang.org/x/crypto v0.0.0-20201221181555-eec23a3978ad h1:DN0cp81fZ3njFcrLCytUHRSUkqBjfTo4Tx9RJTWs0EY= golang.org/x/crypto v0.0.0-20201221181555-eec23a3978ad/go.mod h1:jdWPYTVW3xRLrWPugEBEK3UY2ZEsg3UU495nc5E+M+I= +golang.org/x/crypto v0.0.0-20210322153248-0c34fe9e7dc2/go.mod h1:T9bdIzuCu7OtxOm1hfPfRQxPLYneinmdGuTeoZ9dtd4= +golang.org/x/crypto v0.0.0-20210817164053-32db794688a5/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= +golang.org/x/crypto v0.0.0-20210921155107-089bfa567519 h1:7I4JAnoQBe7ZtJcBaYHi5UtiO8tQHbUSXxL+pnGRANg= +golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= +golang.org/x/crypto v0.0.0-20211215153901-e495a2d5b3d3/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= +golang.org/x/crypto v0.0.0-20220214200702-86341886e292/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= +golang.org/x/crypto v0.0.0-20220411220226-7b82a4e95df4/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= +golang.org/x/crypto v0.0.0-20220507011949-2cf3adece122 h1:NvGWuYG8dkDHFSKksI1P9faiVJ9rayE6l0+ouWVIDs8= +golang.org/x/crypto v0.0.0-20220507011949-2cf3adece122/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= golang.org/x/lint v0.0.0-20190930215403-16217165b5de/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc= golang.org/x/mod v0.4.2/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= +golang.org/x/mod v0.6.0-dev.0.20220106191415-9b9b3d81d5e3/go.mod h1:3p9vT2HGsQu2K1YbXdKPJLVgG5VJdoTa1poYQBtP1AY= golang.org/x/net v0.0.0-20180906233101-161cd47e91fd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20181220203305-927f97764cc3/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= @@ -226,7 +311,12 @@ golang.org/x/net v0.0.0-20190827160401-ba9fcec4b297/go.mod h1:z5CRVTTTmAJ677TzLL golang.org/x/net v0.0.0-20191209160850-c0dbc17a3553/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20200822124328-c89045814202/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA= golang.org/x/net v0.0.0-20210119194325-5f4716e94777/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= +golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4/go.mod h1:p54w0d4576C0XHj96bSt6lcn1PtDYWL6XObtHCRCNQM= +golang.org/x/net v0.0.0-20211008194852-3b03d305991f/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= +golang.org/x/net v0.0.0-20211015210444-4f30a5c0130f/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= +golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= +golang.org/x/net v0.0.0-20220418201149-a630d4f3e7a2/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk= golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= @@ -247,18 +337,35 @@ golang.org/x/sys v0.0.0-20200826173525-f9321e4c35a6/go.mod h1:h1NjWce9XRLGQEsW7w golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210124154548-22da62e12c0c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210330210617-4fbd30eecc44/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20210403161142-5e06dd20ab57/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210510120138-977fb7262007/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20210630005230-0f9fa26af87c h1:F1jZWGFhYfh0Ci55sIpILtKKK8p3i2/krTr0H1rg74I= +golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210630005230-0f9fa26af87c/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20210806184541-e5e7981a1069/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210816074244-15123e1e1f71/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20210927094055-39ccf1dd6fa6/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20211007075335-d3039528d8ac h1:oN6lz7iLW/YC7un8pq+9bOLyXrprv2+DKfkJY+2LJJw= +golang.org/x/sys v0.0.0-20211007075335-d3039528d8ac/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20211019181941-9d821ace8654/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20211103235746-7861aae1554b/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20211216021012-1d35b9e2eb4e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20220128215802-99c3d69c2c27/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20220412211240-33da011f77ad/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20220503163025-988cb79eb6c6 h1:nonptSpoQ4vQjyraW20DXPAglgQfVnM9ZC6MmNLMR60= +golang.org/x/sys v0.0.0-20220503163025-988cb79eb6c6/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/term v0.0.0-20201117132131-f5c789dd3221/go.mod h1:Nr5EML6q2oocZ2LXRh80K7BxOlk5/8JxuGnuhpl+muw= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= +golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk= golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.5/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= +golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= +golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= golang.org/x/time v0.0.0-20201208040808-7e3f01d25324/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20210220033141-f8bda1e9f3ba/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= +golang.org/x/time v0.0.0-20220411224347-583f2d630306/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20181221001348-537d06c36207/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20190311212946-11955173bddd/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs= @@ -267,16 +374,24 @@ golang.org/x/tools v0.0.0-20190328211700-ab21143f2384/go.mod h1:LCzVGOaR6xXOjkQ3 golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20191125144606-a911d9008d1f/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.1.5/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= +golang.org/x/tools v0.1.10/go.mod h1:Uh6Zz+xoGYZom868N8YTex3t7RhtHDBrE8Gzo9bV56E= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1 h1:go1bK/D/BFZV2I8cIQd1NKEZ+0owSTG1fDTci4IqFcE= golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= +golang.org/x/xerrors v0.0.0-20220411194840-2f41105eb62f/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= +google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw= +google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc= +google.golang.org/protobuf v1.28.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20200227125254-8fa46927fb4f h1:BLraFXnmrev5lT+xlilqcH8XK9/i0At2xKjWk4p6zsU= gopkg.in/check.v1 v1.0.0-20200227125254-8fa46927fb4f/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= +gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk= +gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q= +gopkg.in/errgo.v2 v2.1.0/go.mod h1:hNsd1EY+bozCKY1Ytp96fpM3vjJbqLJn88ws8XvfDNI= gopkg.in/fsnotify.v1 v1.4.7/go.mod h1:Tz8NjZHkW78fSQdbUxIjBTcgA1z1m8ZHf0WmKUhAMys= gopkg.in/go-playground/assert.v1 v1.2.1/go.mod h1:9RXL0bg/zibRAgZUYszZSwO/z8Y/a8bDuhia5mkpMnE= gopkg.in/go-playground/validator.v8 v8.18.2/go.mod h1:RX2a/7Ha8BgOhfk7j780h4/u/RRjR0eouCJSH80/M2Y= @@ -291,5 +406,6 @@ gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY= gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ= gopkg.in/yaml.v3 v3.0.0-20191120175047-4206685974f2/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= +gopkg.in/yaml.v3 v3.0.0-20200615113413-eeeca48fe776/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b h1:h8qDotaEPuJATrMmW04NCwg7v22aHH28wwpauUhK9Oo= gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= diff --git a/ossec/agent.go b/ossec/agent.go old mode 100755 new mode 100644 index 23a642b..3674bea --- a/ossec/agent.go +++ b/ossec/agent.go @@ -1,6 +1,7 @@ package ossec import ( + "bufio" "bytes" "errors" "io/ioutil" @@ -40,7 +41,7 @@ const ( SendRateLimit = 450 // time between server pings - PingIntervall = 10 + NotifyTime = 10 SysinfoIntervall = 60 // each 60th ping -> 1/h ) @@ -75,6 +76,8 @@ const ( AUTH_MQ = 'c' SYSCOLLECTOR_MQ = 'd' + RIDS_DIR = "rids" + REMOTE_DIR = "remote" WM_SYS_LOCATION = "syscollector" maxBufferSize = 1024 * 1024 * 10 @@ -90,6 +93,7 @@ type Client struct { UDP bool basePath string remotePath string + ridsPath string localCount uint globalCount uint evtCount uint @@ -129,6 +133,10 @@ type RemoteFileInfo struct { func init() { gob.Register(map[string]interface{}{}) + gob.Register(FileUpdatedEvent{}) + gob.Register(AgentShutDownEvent{}) + gob.Register(RemoteFileInfo{}) + gob.Register(Client{}) } // AgentOption allows setting custom parameters during construction @@ -193,10 +201,6 @@ func WithPort(port uint16) AgentOption { // WithEncryptionMethod specify encryption method to use func WithEncryptionMethod(encryptionMethod EncryptionMethod) AgentOption { return func(c *Client) error { - /** if encryptionMethod == EncryptionMethodAES { - return errors.New("AES is currently not supported") - } - */ c.EncryptionMethod = encryptionMethod return nil } @@ -253,7 +257,7 @@ func NewAgent(server string, agentID string, agentName string, agentKey string, Server: server, Port: 1514, UDP: true, - EncryptionMethod: EncryptionMethodBlowFish, + EncryptionMethod: EncryptionMethodAES, ClientName: "go-wazuh", ClientVersion: "v1.0.0", ratelimit: ratelimit.New(SendRateLimit), // per second @@ -288,10 +292,21 @@ func NewAgent(server string, agentID string, agentName string, agentKey string, } } - a.remotePath = filepath.Join(a.basePath, "remote") + a.remotePath = filepath.Join(a.basePath, REMOTE_DIR) if _, err := os.Stat(a.remotePath); os.IsNotExist(err) { os.MkdirAll(a.remotePath, 0770) } + + a.ridsPath = filepath.Join(a.basePath, RIDS_DIR) + if _, err := os.Stat(a.ridsPath); os.IsNotExist(err) { + os.MkdirAll(a.ridsPath, 0770) + } + + err = a.ReadClientCounter() + if err != nil { + return nil, err + } + return a, nil } @@ -299,6 +314,61 @@ func (a *Client) IsConencted() bool { return a.connected } +// WriteClientCounter persist current counters +func (a *Client) WriteClientCounter() error { + ridsFile := filepath.Join(a.ridsPath, a.AgentID) + file, err := os.Create(ridsFile) + if err != nil { + return err + } + defer file.Close() + file.WriteString(fmt.Sprintf("%d:%d", a.globalCount, a.localCount)) + return nil +} + +// ReadClientCounter read counters from disk +func (a *Client) ReadClientCounter() error { + ridsFile := filepath.Join(a.ridsPath, a.AgentID) + _, err := os.Stat(ridsFile) + if os.IsNotExist(err) { + return nil + } + if err != nil { + return err + } + + file, err := os.Open(ridsFile) + if err != nil { + return err + } + defer file.Close() + scanner := bufio.NewScanner(file) + // optionally, resize scanner's capacity for lines over 64K, see next example + if scanner.Scan() { + strVal := scanner.Text() + if err := scanner.Err(); err != nil { + return err + } + parts := strings.Split(strVal, ":") + var gc int + var lc int + if len(parts) == 2 { + gc, err = strconv.Atoi(parts[0]) + if err == nil { + lc, err = strconv.Atoi(parts[1]) + } + } + + if err != nil { + return err + } + a.globalCount = uint(gc) + a.localCount = uint(lc) + return nil + } + return nil +} + func (a *Client) close(sendCloseMsg bool) error { if a.connected { if sendCloseMsg { @@ -348,44 +418,48 @@ func (a *Client) PingServer() error { return a.pingServer() } -func (a *Client) handleResponse(response string) error { - - if strings.HasPrefix(string(response), CONTROL_HEADER) { - a.logger.Debug("controlMsg", zap.Any("agentId", a.AgentID), zap.String("message", strings.Split(response, "\n")[0])) - if strings.HasPrefix(string(response), FILE_UPDATE_HEADER) { - fieleSpecs := strings.Split(strings.Trim(response[11:], "\n \t"), " ") - if len(fieleSpecs) == 2 { - if existingFile, ok := a.RemoteFiles[fieleSpecs[1]]; ok && existingFile.Hash == fieleSpecs[0] { - return nil - } - if a.logger != nil { - a.logger.Debug("receiveFile", zap.Any("agentId", a.AgentID), zap.String("fileName", fieleSpecs[1])) - } - a.CurrentRemoteFile = &RemoteFileInfo{ - Filename: fieleSpecs[1], - Hash: fieleSpecs[0], - Content: bytes.NewBuffer(nil), - } +func (a *Client) handleControlResponse(response string) error { + a.logger.Debug("controlMsg", zap.Any("agentId", a.AgentID), zap.String("message", strings.Split(response, "\n")[0])) + if strings.HasPrefix(string(response), FILE_UPDATE_HEADER) { + fieleSpecs := strings.Split(strings.Trim(response[11:], "\n \t"), " ") + if len(fieleSpecs) == 2 { + if existingFile, ok := a.RemoteFiles[fieleSpecs[1]]; ok && existingFile.Hash == fieleSpecs[0] { + return nil } - return nil - } else if strings.HasPrefix(string(response), FILE_CLOSE_HEADER) { if a.logger != nil { - a.logger.Debug("fileReceived", zap.Any("agentId", a.AgentID), zap.Int("len", a.CurrentRemoteFile.Content.Len())) + a.logger.Debug("receiveFile", zap.Any("agentId", a.AgentID), zap.String("fileName", fieleSpecs[1])) } - a.cacheFileHash(a.CurrentRemoteFile.Filename, a.CurrentRemoteFile.Hash, a.CurrentRemoteFile.Content.String()) - a.outChannel <- &FileUpdatedEvent{a.CurrentRemoteFile} - a.CurrentRemoteFile = nil - return nil - } else if string(response) == HC_ACK { - return nil - } else { - if a.CurrentRemoteFile != nil { - // close any open file - a.CurrentRemoteFile = nil + a.CurrentRemoteFile = &RemoteFileInfo{ + Filename: fieleSpecs[1], + Hash: fieleSpecs[0], + Content: bytes.NewBuffer(nil), } - a.logger.Warn("unhandledControlMessage", zap.Any("agentId", a.AgentID), zap.String("msg", string(response))) } + return nil + } else if strings.HasPrefix(string(response), FILE_CLOSE_HEADER) { + if a.logger != nil { + a.logger.Debug("fileReceived", zap.Any("agentId", a.AgentID), zap.Int("len", a.CurrentRemoteFile.Content.Len())) + } + a.cacheFileHash(a.CurrentRemoteFile.Filename, a.CurrentRemoteFile.Hash, a.CurrentRemoteFile.Content.String()) + a.outChannel <- &FileUpdatedEvent{a.CurrentRemoteFile} + a.CurrentRemoteFile = nil + return nil + } else if string(response) == HC_ACK { + return nil + } else { + if a.CurrentRemoteFile != nil { + // close any open file + a.CurrentRemoteFile = nil + } + a.logger.Warn("unhandledControlMessage", zap.Any("agentId", a.AgentID), zap.String("msg", string(response))) + } + return nil +} +func (a *Client) handleResponse(response string) error { + + if strings.HasPrefix(string(response), CONTROL_HEADER) { + return a.handleControlResponse(response) } else { if a.CurrentRemoteFile != nil { a.CurrentRemoteFile.Content.WriteString(response) @@ -508,7 +582,7 @@ func (a *Client) writeMessage(msg string) error { if err != nil { if a.logger != nil { - a.logger.Info("writeMessage", zap.Any("agentId", a.AgentID), zap.String("msg", msg), zap.Int("result", ret), zap.Int("sentBytes", a.sentBytes), zap.Int("sentBytesTotal", a.sentBytesTotal), zap.Duration("rateWait", now.Sub(prev)), zap.Uint("globalCount", a.globalCount), zap.Uint("localCount", a.localCount), zap.Uint("evtCount", a.evtCount), zap.Uint("sentCount", a.sentCount), zap.Uint("receivedCount", a.receivedCount), zap.Error(err)) + a.logger.Warn("writeMessage", zap.Any("agentId", a.AgentID), zap.String("msg", msg), zap.Int("result", ret), zap.Int("sentBytes", a.sentBytes), zap.Int("sentBytesTotal", a.sentBytesTotal), zap.Duration("rateWait", now.Sub(prev)), zap.Uint("globalCount", a.globalCount), zap.Uint("localCount", a.localCount), zap.Uint("evtCount", a.evtCount), zap.Uint("sentCount", a.sentCount), zap.Uint("receivedCount", a.receivedCount), zap.Error(err)) } err2 := a.close(false) if err2 != nil { @@ -663,14 +737,18 @@ func (a *Client) readServerResponse(timeout time.Duration) error { localCountU := uint(localCount) globalCountU := uint(globalCount) if globalCountU == a.globalCount && (localCountU == a.localCount) { + // normal status, nothing to report } else if globalCountU > a.globalCount || (globalCountU == a.globalCount && localCountU > a.localCount) { a.logger.Debug(fmt.Sprintf("Updated to remote counters %d:%d (%d:%d)", localCountU, globalCountU, a.localCount, a.globalCount), zap.Skip()) + // move one ahaed + localCountU++ } else { a.logger.Info(fmt.Sprintf("Unexpected counter %d:%d (%d:%d)", localCountU, globalCountU, a.localCount, a.globalCount), zap.Skip()) } a.localCount = localCountU a.globalCount = globalCountU + a.WriteClientCounter() // rand1 := msg[:5] //fmt.Printf("packet-received: bytes=%d (%s:%d:%d) '%s'\n", nRead, rand1, globalCount, localCount, msg) // empty buffer for next read @@ -758,7 +836,6 @@ func itemBuilder() interface{} { } func (a *Client) openQueue(ctx context.Context) (chan *QueuePosting, *dque.DQue, error) { - q, err := dque.NewOrOpen("event-queue", a.basePath, 500, itemBuilder) if err != nil { return nil, nil, err @@ -832,10 +909,10 @@ func (a *Client) AgentLoop(ctx context.Context, closeOnError bool) (chan *QueueP a.logger.Debug("fileTransfer", zap.Any("agentId", a.AgentID), zap.String("fileName", a.CurrentRemoteFile.Filename)) } else { loopEntry := time.Now() - loopExit := loopEntry.Add(time.Second * (PingIntervall - 1)) + loopExit := loopEntry.Add(time.Second * (NotifyTime - 1)) pingWait := ratelimit.New(1) // per second - for t := 0; t < PingIntervall; t++ { + for t := 0; t < NotifyTime; t++ { if ctx.Err() != nil { out <- err break @@ -870,7 +947,20 @@ func (a *Client) AgentLoop(ctx context.Context, closeOnError bool) (chan *QueueP } if msg, ok := item.(*QueuePosting); ok { - b, err := json.Marshal(msg.Raw) + var b []byte + var err error + + switch v := msg.Raw.(type) { + case int: + b = []byte(strconv.Itoa(v)) + case float64: + b = []byte(fmt.Sprintf("%f", v)) + case string: + b = []byte(v) + default: + b, err = json.Marshal(msg.Raw) + } + if err != nil { a.logger.Error("marshall", zap.Any("agentId", a.AgentID), zap.Error(err)) item = nil @@ -882,7 +972,13 @@ func (a *Client) AgentLoop(ctx context.Context, closeOnError bool) (chan *QueueP msg.TargetQueue = LOCALFILE_MQ } - wireMsg := fmt.Sprintf("%c:%s:%s %s %s:%s", msg.TargetQueue, msg.Location, msg.Timestamp.UTC().Format("Jan 02 15:04:05"), a.AgentName, msg.ProgramName, string(b)) + var wireMsg string + if msg.TargetQueue == LOCALFILE_MQ { + wireMsg = fmt.Sprintf("%c:%s:%s %s %s:%s", msg.TargetQueue, msg.Location, msg.Timestamp.UTC().Format("Jan 02 15:04:05"), a.AgentName, msg.ProgramName, string(b)) + } else { + wireMsg = fmt.Sprintf("%c:%s", msg.TargetQueue, string(b)) + } + err = a.WriteMessage(wireMsg) item = nil diff --git a/ossec/agent_keys.go b/ossec/agent_keys.go index 3046c68..30cb89c 100644 --- a/ossec/agent_keys.go +++ b/ossec/agent_keys.go @@ -59,7 +59,20 @@ func GetAgentKeyMap(filename string) (AgentKeyMap, error) { agentMap[agentID] = key return agentMap, nil } - return LoadAgentKeyMap("") + return LoadAgentKeyMap(filename) +} + +func GetAgentKeyFromFile(agentName string, filename string) (*AgentKey, error) { + keyMap, err := LoadAgentKeyMap(filename) + if err != nil { + return nil, err + } + for _, key := range keyMap { + if key.AgentName == agentName { + return key, nil + } + } + return nil, nil } // LoadAgentKeyMap read all agent infos from a file (/var/ossec/etc/client.keys) diff --git a/ossec/agent_test.go b/ossec/agent_test.go old mode 100755 new mode 100644 diff --git a/ossec/authd.go b/ossec/authd.go index 60f097e..04bc441 100644 --- a/ossec/authd.go +++ b/ossec/authd.go @@ -6,6 +6,7 @@ import ( "errors" "fmt" "os" + "path/filepath" "strings" "go.uber.org/zap" @@ -43,6 +44,74 @@ func (c *EnrollmentConfig) SetLogger(logger *zap.Logger) { c.logger = logger } +func DefaultAgentName() (string, error) { + hostname := os.Getenv("WAZUH_AGENT_NAME") + if hostname == "" { + var err error + hostname, err = os.Hostname() + if err != nil { + return "", err + } + } + return hostname, nil +} + +func InitAgent(cfg *EnrollmentConfig) (*AgentKey, error) { + var keyFile string + if LocalInitInfo != nil { + keyFile = fmt.Sprintf("%s/etc/client.keys", LocalInitInfo.Directory) + } else { + keyFile = "/var/ossec/etc/client.keys" + } + + hostname, err := DefaultAgentName() + if err != nil { + return nil, err + } + + if cfg.AuthPass != "" { + + agentKey, err := GetAgentKeyFromFile(hostname, keyFile) + keyMapValid := err == nil && agentKey != nil + + if !keyMapValid { + var err2 error + // Try to register agent + + //ensure path... + path := filepath.Dir(keyFile) + if _, err2 = os.Stat(path); os.IsNotExist(err2) { + err2 = os.MkdirAll(path, os.ModePerm) + if err2 != nil { + if cfg.logger != nil { + cfg.logger.Error("register agent - create path", zap.String("authdServer", cfg.ManagerName), zap.String("agentID", cfg.AgentName), zap.String("agentIP", cfg.AgentIP), zap.String("keyfile", keyFile), zap.Error(err2)) + } + return nil, err + } + } + + err2 = agentKey.WriteAgentKey(keyFile) + if err2 != nil { + if cfg.logger != nil { + cfg.logger.Error("register agent - write key file", zap.String("authdServer", cfg.ManagerName), zap.String("agentID", cfg.AgentName), zap.String("agentIP", cfg.AgentIP), zap.String("path", path), zap.String("keyfile", keyFile), zap.Error(err2)) + } + return nil, err + } + } + } + + agentInfo, err := GetAgentKeyFromFile(hostname, keyFile) + if err != nil { + return nil, err + } + + if agentInfo == nil { + return nil, errors.New("no agent key configured") + } + return agentInfo, nil + +} + // NewEnrollmentConfig initialize new enrolment config func NewEnrollmentConfig() (*EnrollmentConfig, error) { cfg := &EnrollmentConfig{ @@ -54,7 +123,7 @@ func NewEnrollmentConfig() (*EnrollmentConfig, error) { } var err error if cfg.AgentName == "" { - hostname, err := os.Hostname() + hostname, err := DefaultAgentName() if err != nil { return nil, err } @@ -114,14 +183,14 @@ func RegisterAgent(cfg *EnrollmentConfig) (*AgentKey, error) { } readBuf := make([]byte, 1024) - _, err = conn.Read(readBuf) + read, err := conn.Read(readBuf) if err != nil { return nil, err } defer conn.Close() - s := strings.Trim(string(readBuf), "\n\t ") + s := strings.Trim(string(readBuf[:read]), "\n\t ") if strings.HasPrefix(s, "OSSEC K:'") { s := s[9:] end := strings.LastIndex(s, "'") @@ -131,6 +200,5 @@ func RegisterAgent(cfg *EnrollmentConfig) (*AgentKey, error) { return ParseAgentKey(s) } } - return nil, fmt.Errorf("invalid result: %s", s) } diff --git a/ossec/crypt.go b/ossec/crypt.go index 314a7e7..8b5ec75 100644 --- a/ossec/crypt.go +++ b/ossec/crypt.go @@ -6,6 +6,7 @@ package ossec import ( "bytes" + "compress/zlib" "crypto/aes" "crypto/cipher" "crypto/md5" @@ -14,8 +15,7 @@ import ( "math/rand" "strings" - "github.com/4kills/go-zlib" - // "compress/zlib" + "github.com/4kills/go-libdeflate" "golang.org/x/crypto/blowfish" ) @@ -88,6 +88,7 @@ func aesEncrypt(ppt, key []byte) []byte { // create the encrypter // fmt.Println(aesCipher.BlockSize()) ivBytes := []byte("FEDCBA0987654321") + ecbc := cipher.NewCBCEncrypter(aesCipher, ivBytes) ppt = PKCS7Padding(ppt, ecbc.BlockSize()) @@ -171,7 +172,7 @@ func (a *Client) decryptMessage(encMsg []byte, msgSize uint32) (string, error) { compressed = compressed[1:] msgSize-- } - // fmt.Printf("%0x %s\n", compressed, string(compressed)) + b := bytes.NewReader(compressed[:msgSize]) r, err := zlib.NewReader(b) @@ -217,33 +218,29 @@ func (a *Client) cryptMsg(msg string) ([]byte, uint32) { /* Compress the message * We assign the first 8 bytes for padding */ - var b bytes.Buffer - w, err := zlib.NewWriterLevel(&b, 9) + + c, err := libdeflate.NewCompressorLevel(9) if err != nil { return nil, 0 } - // , _ := - w.Write([]byte(finMsg)) - - w.Close() - compressedMsg := b.Bytes() - cmpSize := uint(len(compressedMsg)) - // fmt.Printf("_tmpMsg: %d:%d:%d -> '%s'\n", len([]byte(finMsg)), written, cmpSize, tmpMsg) + compressedMsg := make([]byte, len(finMsg)+32) + cmp, _, err := c.Compress([]byte(finMsg), compressedMsg, libdeflate.ModeZlib) + if err != nil { + return nil, 0 + } + compressedMsg = compressedMsg[:cmp] + cmpSize := uint(cmp) /* Pad the message (needs to be div by 8) */ bfSize := 8 - (cmpSize % 8) if bfSize == 8 { bfSize = 0 + tmpMsg = string(compressedMsg) + } else { + tmpMsg = fmt.Sprintf("%s%s", "!!!!!!!!"[:bfSize], string(compressedMsg)) + cmpSize += bfSize } - // fmt.Printf("compressed: <%s>: %s (%d -> %d)\n", fmt.Sprintf("%00x", md5.Sum([]byte(compressedMsg))), compressedMsg, written, cmpSize) - // fmt.Printf("%00x", []byte(compressedMsg)) - // fmt.Printf("\n") - - tmpMsg = fmt.Sprintf("%s%s", "!!!!!!!!"[:bfSize], string(compressedMsg)) - cmpSize += bfSize - // fmt.Printf("tmpMsg: '%s' (%d)\n", tmpMsg, len(tmpMsg)) - /* Get average sizes */ a.cOrigSize += msgSize a.cCompSize += cmpSize @@ -257,6 +254,7 @@ func (a *Client) cryptMsg(msg string) ([]byte, uint32) { cryptoToken = ":" encrypted = blowfishEncrypt([]byte(tmpMsg), []byte(a.AgentHashedKey)) } + var msgEncrypted string if a.AgentAllowedIPs == "any" { msgEncrypted = fmt.Sprintf("!%s!%s%s", a.AgentID, cryptoToken, encrypted) @@ -268,10 +266,6 @@ func (a *Client) cryptMsg(msg string) ([]byte, uint32) { cmpSize = uint(len(msgEncrypted)) } - // fmt.Printf("encMsg: '%s' (%d)\n", msgEncrypted, cmpSize) - // decrypted, err := a.decryptMessage([]byte(msgEncrypted), (uint32)(cmpSize)) - - // fmt.Printf("decMsg: '%s' (%v)\n", decrypted, err) return []byte(msgEncrypted), (uint32)(cmpSize) } diff --git a/ossec/queue.go b/ossec/queue.go index 9ec781b..ceb8d34 100644 --- a/ossec/queue.go +++ b/ossec/queue.go @@ -7,6 +7,7 @@ import ( "net" "os" "path/filepath" + "strconv" "time" "go.uber.org/zap" @@ -145,9 +146,9 @@ type Event struct { // QueuePosting a massage for the queue type QueuePosting struct { + TargetQueue rune `json:"queue"` Location string `json:"location"` ProgramName string `json:"program"` - TargetQueue rune `json:"queue"` Timestamp time.Time `json:"timestamp,omitempty"` Raw interface{} `json:"raw,omitempty"` } @@ -163,9 +164,20 @@ func (w *Queue) SendMessage(event interface{}, location string, programName stri } func (w *Queue) sendMessage(event interface{}, location string, programName string) error { - b, err := json.Marshal(event) - if err != nil { - return err + var b []byte + var err error + switch v := event.(type) { + case int: + b = []byte(strconv.Itoa(v)) + case float64: + b = []byte(fmt.Sprintf("%f", v)) + case string: + b = []byte(v) + default: + b, err = json.Marshal(event) + if err != nil { + return err + } } s, e := net.Dial("unixgram", w.QueuePath) @@ -200,8 +212,8 @@ func (w *Queue) AgentLoop(ctx context.Context, closeOnError bool) (chan *QueuePo location = msg.Location if location == "" { location = "ossec" - } + programName = msg.ProgramName if location == "" { programName = filepath.Base(os.Args[0]) diff --git a/ossec/syscheck.go b/ossec/syscheck.go index 281c80e..b65555b 100644 --- a/ossec/syscheck.go +++ b/ossec/syscheck.go @@ -23,6 +23,20 @@ type FimMessage struct { Data FimData `json:"data"` } + + +/* Every syscheck message must be in the following format (OSSEC - Wazuh v3.10): + * 'checksum' 'filename' + * or + * 'checksum'!'extradata' 'filename' + * or + * |v2.1 |v3.4 |v3.4 |v3.6 |v3.9 |v1.0 + * |-> |-> |-> |-> |-> |-> + * "size:permision:uid:gid:md5:sha1:uname:gname:mtime:inode:sha256!w:h:o:d:a:t:a:tags:symbolic_path:silent filename\nreportdiff" + * ^^^^^^^^^^^^^^^^^^^^^^^^^^^checksum^^^^^^^^^^^^^^^^^^^^^^^^^^^!^^^^^^^^^^^^^^extradata^^^^^^^^^^^^^^^^ filename\n^^^diff^^^ + */ + + func NewFimMessage() (*FimMessage, error) { filename := filepath.Base(os.Args[0]) hasher := md5.New() diff --git a/renovate.json b/renovate.json new file mode 100644 index 0000000..39a2b6e --- /dev/null +++ b/renovate.json @@ -0,0 +1,6 @@ +{ + "$schema": "https://docs.renovatebot.com/renovate-schema.json", + "extends": [ + "config:base" + ] +} diff --git a/rest/client_interfaces.go b/rest/client_interfaces.go old mode 100755 new mode 100644 diff --git a/rest/controller_implementation.go b/rest/controller_implementation.go old mode 100755 new mode 100644 diff --git a/rest/types.go b/rest/types.go old mode 100755 new mode 100644 index bb80912..9b795b8 --- a/rest/types.go +++ b/rest/types.go @@ -6376,7 +6376,7 @@ func (a *ApiError_DapiErrors) UnmarshalJSON(b []byte) error { } err := json.Unmarshal(fieldBuf, &fieldVal) if err != nil { - return fmt.Errorf("error unmarshaling field %s: %w", fieldName, err) + return fmt.Errorf("error unmarshalling field %s: %w", fieldName, err) } a.AdditionalProperties[fieldName] = fieldVal } @@ -6392,7 +6392,7 @@ func (a ApiError_DapiErrors) MarshalJSON() ([]byte, error) { for fieldName, field := range a.AdditionalProperties { object[fieldName], err = json.Marshal(field) if err != nil { - return nil, fmt.Errorf("error marshaling '%s': %w", fieldName, err) + return nil, fmt.Errorf("error marshalling '%s': %w", fieldName, err) } } return json.Marshal(object) diff --git a/rest/wazuh.go b/rest/wazuh.go old mode 100755 new mode 100644 index 6619792..810f7a6 --- a/rest/wazuh.go +++ b/rest/wazuh.go @@ -388,6 +388,36 @@ func (c *ClientWithResponses) Authenticated() bool { return c.ClientInterface.(*Client).token != "" } +func (c *ClientWithResponses) Logout() error { + c.ClientInterface.(*Client).token = "" + return nil +} + +func (c *ClientWithResponses) RevokeAllTokens() error { + if !c.Authenticated() { + return fmt.Errorf("not authenticated") + } + + // Call Delete on Authenticate + sr, err := c.SecurityControllerRevokeAllTokensWithResponse(c.ClientInterface.(*Client).ctx) + if err != nil { + return err + } + if sr == nil { + return fmt.Errorf("revoke tokens failed") + } + if sr.StatusCode() > 399 { + if sr != nil { + _, err = getResponseObject(sr) + } + if err != nil { + return err + } + return fmt.Errorf("%s returned %s", c.ClientInterface.(*Client).Server, sr.Status()) + } + return nil +} + //Authenticate login using basic auth to optain a token func (c *ClientWithResponses) Authenticate() error { // Authenticate diff --git a/rest/wazuh_gen_code_test.go b/rest/wazuh_gen_code_test.go old mode 100755 new mode 100644 diff --git a/rest/wazuh_test.go b/rest/wazuh_test.go old mode 100755 new mode 100644 diff --git a/wazuh/alert.go b/wazuh/alert.go new file mode 100644 index 0000000..d3d2924 --- /dev/null +++ b/wazuh/alert.go @@ -0,0 +1,599 @@ +package wazuh + +type GeoPoint struct { + Lat float64 `json:"lat,omitempty"` + Long float64 `json:"long,omitempty"` +} + +type Manager struct { + Name *string `json:"name,omitempty"` +} + +type Cluster struct { + Name *string `json:"name,omitempty"` + Node *string `json:"node,omitempty"` +} + +type EffectiveUser struct { + ID *string `json:"id,omitempty"` + Name *string `json:"name,omitempty"` +} + +type Group struct { + ID *string `json:"id,omitempty"` + Name *string `json:"name,omitempty"` +} + +type LoginUser struct { + ID *string `json:"id,omitempty"` + Name *string `json:"name,omitempty"` +} + +type SyscheckAuditProcess struct { + ID *string `json:"id,omitempty"` + Name *string `json:"name,omitempty"` + Ppid *string `json:"ppid,omitempty"` +} + +type User struct { + ID *string `json:"id,omitempty"` + Name *string `json:"name,omitempty"` +} + +type SyscheckAudit struct { + EffectiveUser *EffectiveUser `json:"effective_user,omitempty"` + Group *Group `json:"group,omitempty"` + LoginUser *LoginUser `json:"login_user,omitempty"` + Process *SyscheckAuditProcess `json:"syscheck_audit_process,omitempty"` + User *User `json:"user,omitempty"` +} + +type Syscheck struct { + UidAfter *string `json:"uid_after,omitempty"` + Md5Before *string `json:"md5_before,omitempty"` + MtimeAfter *int64 `json:"mtime_after,omitempty"` + GidAfter *string `json:"gid_after,omitempty"` + Diff *string `json:"diff,omitempty"` + Path *string `json:"path,omitempty"` + PermAfter *string `json:"perm_after,omitempty"` + InodeAfter *string `json:"inode_after,omitempty"` + InodeBefore *string `json:"inode_before,omitempty"` + MtimeBefore *int64 `json:"mtime_before,omitempty"` + UnameBefore *string `json:"uname_before,omitempty"` + Sha256After *string `json:"sha256_after,omitempty"` + HardLinks *string `json:"hard_links,omitempty"` + UidBefore *string `json:"uid_before,omitempty"` + Event *string `json:"event,omitempty"` + Sha256Before *string `json:"sha256_before,omitempty"` + Sha1After *string `json:"sha1_after,omitempty"` + GnameBefore *string `json:"gname_before,omitempty"` + Tags *string `json:"tags,omitempty"` + Sha1Before *string `json:"sha1_before,omitempty"` + PermBefore *string `json:"perm_before,omitempty"` + GnameAfter *string `json:"gname_after,omitempty"` + UnameAfter *string `json:"uname_after,omitempty"` + SizeAfter *uint64 `json:"size_after,omitempty"` + Mode *string `json:"mode,omitempty"` + GidBefore *string `json:"gid_before,omitempty"` + Md5After *string `json:"md5_after,omitempty"` + SizeBefore *uint64 `json:"size_before,omitempty"` + Audit *SyscheckAudit `json:"syscheck_audit,omitempty"` +} + +type Decoder struct { + Accumulate *uint64 `json:"accumulate,omitempty"` + Parent *string `json:"parent,omitempty"` + Name *string `json:"name,omitempty"` + Ftscomment *string `json:"ftscomment,omitempty"` + Fts *uint64 `json:"fts,omitempty"` +} + +type Agent struct { + IP *string `json:"ip,omitempty"` + ID *string `json:"id,omitempty"` + Name *string `json:"name,omitempty"` +} + +type Input struct { + Type *string `json:"type,omitempty"` +} + +type Predecoder struct { + ProgramName *string `json:"program_name,omitempty"` + Timestamp *string `json:"timestamp,omitempty"` + Hostname *string `json:"hostname,omitempty"` +} + +type GeoLocation struct { + RegionName *string `json:"region_name,omitempty"` + Latitude *float64 `json:"latitude,omitempty"` + RealRegionName *string `json:"real_region_name,omitempty"` + DmaCode *uint64 `json:"dma_code,omitempty"` + Location *GeoPoint `json:"location,omitempty"` + Coordinates *float64 `json:"coordinates,omitempty"` + CountryCode3 *string `json:"country_code3,omitempty"` + CountryCode2 *string `json:"country_code2,omitempty"` + CountryName *string `json:"country_name,omitempty"` + IP *string `json:"ip,omitempty"` + Longitude *float64 `json:"longitude,omitempty"` + Timezone *string `json:"timezone,omitempty"` + AreaCode *uint64 `json:"area_code,omitempty"` + CityName *string `json:"city_name,omitempty"` + ContinentCode *string `json:"continent_code,omitempty"` + PostalCode *string `json:"postal_code,omitempty"` +} + +type Mitre struct { + ID *string `json:"id,omitempty"` + Tactic *string `json:"tactic,omitempty"` + Technique *string `json:"technique,omitempty"` +} + +type Rule struct { + Description *string `json:"description,omitempty"` + ID *string `json:"id,omitempty"` + Level *uint64 `json:"level,omitempty"` + Frequency *uint64 `json:"frequency,omitempty"` + Firedtimes *uint64 `json:"firedtimes,omitempty"` + Gdpr *string `json:"gdpr,omitempty"` + Gpg13 *string `json:"gpg13,omitempty"` + Mail *bool `json:"mail,omitempty"` + Groups *string `json:"groups,omitempty"` + Info *string `json:"info,omitempty"` + Cis *string `json:"cis,omitempty"` + PciDss *string `json:"pci_dss,omitempty"` + Hipaa *string `json:"hipaa,omitempty"` + Mitre *Mitre `json:"mitre,omitempty"` + Cve *string `json:"cve,omitempty"` + Nist80053 *string `json:"nist_800_53,omitempty"` +} + +type File struct { + Inode *string `json:"inode,omitempty"` + Mode *string `json:"mode,omitempty"` + Name *string `json:"name,omitempty"` +} + +type Directory struct { + Name *string `json:"name,omitempty"` + Inode *string `json:"inode,omitempty"` + Mode *string `json:"mode,omitempty"` +} + +type Execve struct { + A0 *string `json:"a0,omitempty"` + A1 *string `json:"a1,omitempty"` + A2 *string `json:"a2,omitempty"` + A3 *string `json:"a3,omitempty"` +} + +type DataAudit struct { + Dev *string `json:"dev,omitempty"` + Ppid *string `json:"ppid,omitempty"` + Subj *string `json:"subj,omitempty"` + OldProm *string `json:"old_prom,omitempty"` + Auid *string `json:"auid,omitempty"` + Egid *string `json:"egid,omitempty"` + Exe *string `json:"exe,omitempty"` + Exit *string `json:"exit,omitempty"` + Fsgid *string `json:"fsgid,omitempty"` + OldEnforcing *string `json:"old_enforcing,omitempty"` + Key *string `json:"key,omitempty"` + Res *string `json:"res,omitempty"` + Session *string `json:"session,omitempty"` + Success *string `json:"success,omitempty"` + Acct *string `json:"acct,omitempty"` + Command *string `json:"command,omitempty"` + File *File `json:"file,omitempty"` + Type *string `json:"type,omitempty"` + Cwd *string `json:"cwd,omitempty"` + Directory *Directory `json:"directory,omitempty"` + ID *string `json:"id,omitempty"` + Syscall *string `json:"syscall,omitempty"` + Arch *string `json:"arch,omitempty"` + Euid *string `json:"euid,omitempty"` + Fsuid *string `json:"fsuid,omitempty"` + List *string `json:"list,omitempty"` + Pid *string `json:"pid,omitempty"` + Suid *string `json:"suid,omitempty"` + Execve *Execve `json:"execve,omitempty"` + Prom *string `json:"prom,omitempty"` + Sgid *string `json:"sgid,omitempty"` + Srcip *string `json:"srcip,omitempty"` + Uid *string `json:"uid,omitempty"` + Enforcing *string `json:"enforcing,omitempty"` + Gid *string `json:"gid,omitempty"` + Op *string `json:"op,omitempty"` + Tty *string `json:"tty,omitempty"` +} + +type Hardware struct { + CpuName *string `json:"cpu_name,omitempty"` + CpuCores *uint64 `json:"cpu_cores,omitempty"` + CpuMhz *float64 `json:"cpu_mhz,omitempty"` + RamTotal *uint64 `json:"ram_total,omitempty"` + RamFree *uint64 `json:"ram_free,omitempty"` + RamUsage *uint64 `json:"ram_usage,omitempty"` + Serial *string `json:"serial,omitempty"` +} + +type Compliance struct { + Nist80053 *string `json:"nist_800_53,omitempty"` + Cis *string `json:"cis,omitempty"` + CisCsc *string `json:"cis_csc,omitempty"` + PciDss *string `json:"pci_dss,omitempty"` + Hipaa *string `json:"hipaa,omitempty"` +} + +type ScaCheck struct { + Title *string `json:"title,omitempty"` + Description *string `json:"description,omitempty"` + PreviousResult *string `json:"previous_result,omitempty"` + Reason *string `json:"reason,omitempty"` + Status *string `json:"status,omitempty"` + Rationale *string `json:"rationale,omitempty"` + Compliance *Compliance `json:"compliance,omitempty"` + References *string `json:"references,omitempty"` + Registry *string `json:"registry,omitempty"` + Result *string `json:"result,omitempty"` + ID *string `json:"id,omitempty"` + File *string `json:"file,omitempty"` + Directory *string `json:"directory,omitempty"` + Remediation *string `json:"remediation,omitempty"` + Process *string `json:"process,omitempty"` +} + +type Sca struct { + ScanId *string `json:"scan_id,omitempty"` + Name *string `json:"name,omitempty"` + Description *string `json:"description,omitempty"` + Passed *int64 `json:"passed,omitempty"` + Failed *int64 `json:"failed,omitempty"` + Score *uint64 `json:"score,omitempty"` + TotalChecks *string `json:"total_checks,omitempty"` + Type *string `json:"type,omitempty"` + Policy *string `json:"policy,omitempty"` + File *string `json:"file,omitempty"` + Check *ScaCheck `json:"sca_check,omitempty"` + Invalid *string `json:"invalid,omitempty"` + PolicyId *string `json:"policy_id,omitempty"` +} + +type Oval struct { + ID *string `json:"id,omitempty"` +} + +type OscapCheck struct { + Result *string `json:"result,omitempty"` + Identifiers *string `json:"identifiers,omitempty"` + Oval *Oval `json:"oval,omitempty"` + Rationale *string `json:"rationale,omitempty"` + Severity *string `json:"severity,omitempty"` + Title *string `json:"title,omitempty"` + Description *string `json:"description,omitempty"` + ID *string `json:"id,omitempty"` + References *string `json:"references,omitempty"` +} + +type Benchmark struct { + ID *string `json:"id,omitempty"` +} + +type Profile struct { + ID *string `json:"id,omitempty"` + Title *string `json:"title,omitempty"` +} + +type Scan struct { + Benchmark *Benchmark `json:"benchmark,omitempty"` + Content *string `json:"content,omitempty"` + ID *string `json:"id,omitempty"` + Profile *Profile `json:"profile,omitempty"` + ReturnCode *uint64 `json:"return_code,omitempty"` + Score *float64 `json:"score,omitempty"` +} +type Oscap struct { + Check *OscapCheck `json:"oscap_check,omitempty"` + Scan *Scan `json:"scan,omitempty"` +} + +type Package struct { + Version *string `json:"version,omitempty"` + Source *string `json:"source,omitempty"` + Architecture *string `json:"architecture,omitempty"` + Condition *string `json:"condition,omitempty"` + GeneratedCpe *string `json:"generated_cpe,omitempty"` + Name *string `json:"name,omitempty"` +} + +type Cvss2Vector struct { + AccessComplexity *string `json:"access_complexity,omitempty"` + Authentication *string `json:"authentication,omitempty"` + IntegrityImpact *string `json:"integrity_impact,omitempty"` + Scope *string `json:"scope,omitempty"` + AttackVector *string `json:"attack_vector,omitempty"` + Availability *string `json:"availability,omitempty"` + ConfidentialityImpact *string `json:"confidentiality_impact,omitempty"` + PrivilegesRequired *string `json:"privileges_required,omitempty"` + UserInteraction *string `json:"user_interaction,omitempty"` +} + +type Cvss2 struct { + BaseScore *string `json:"base_score,omitempty"` + ExploitabilityScore *string `json:"exploitability_score,omitempty"` + ImpactScore *string `json:"impact_score,omitempty"` + Vector *Cvss2Vector `json:"cvss2_vector,omitempty"` +} + +type Cvss3Vector struct { + AttackVector *string `json:"attack_vector,omitempty"` + Scope *string `json:"scope,omitempty"` + ConfidentialityImpact *string `json:"confidentiality_impact,omitempty"` + IntegrityImpact *string `json:"integrity_impact,omitempty"` + PrivilegesRequired *string `json:"privileges_required,omitempty"` + UserInteraction *string `json:"user_interaction,omitempty"` + AccessComplexity *string `json:"access_complexity,omitempty"` + Authentication *string `json:"authentication,omitempty"` + Availability *string `json:"availability,omitempty"` +} + +type Cvss3 struct { + ExploitabilityScore *string `json:"exploitability_score,omitempty"` + ImpactScore *string `json:"impact_score,omitempty"` + Vector *Cvss3Vector `json:"cvss3_vector,omitempty"` + BaseScore *string `json:"base_score,omitempty"` +} + +type Cvss struct { + Cvss2 *Cvss2 `json:"cvss2,omitempty"` + Cvss3 *Cvss3 `json:"cvss3,omitempty"` +} + +type Vulnerability struct { + Cve *string `json:"cve,omitempty"` + Package *Package `json:"package,omitempty"` + Published *int64 `json:"published,omitempty"` + Rationale *string `json:"rationale,omitempty"` + Severity *string `json:"severity,omitempty"` + Assigner *string `json:"assigner,omitempty"` + CveVersion *string `json:"cve_version,omitempty"` + Cvss *Cvss `json:"cvss,omitempty"` + CweReference *string `json:"cwe_reference,omitempty"` + Updated *int64 `json:"updated,omitempty"` + Title *string `json:"title,omitempty"` +} + +type NetworkInterfaces struct { + PrivateIpAddress *string `json:"privateIpAddress,omitempty"` + PublicIp *string `json:"publicIp,omitempty"` +} + +type ResourceInstanceDetails struct { + LaunchTime *int64 `json:"launchTime,omitempty"` + NetworkInterfaces *NetworkInterfaces `json:"networkInterfaces,omitempty"` +} + +type ActionNetworkConnectionActionRemoteIpDetails struct { + IpAddressV4 *string `json:"ipAddressV4,omitempty"` + GeoLocation *GeoPoint `json:"geoLocation,omitempty"` +} + +type Service struct { + Count *uint64 `json:"count,omitempty"` + ActionNetworkConnectionActionRemoteIpDetails *ActionNetworkConnectionActionRemoteIpDetails `json:"action.networkConnectionAction.remoteIpDetails,omitempty"` + EventFirstSeen *int64 `json:"eventFirstSeen,omitempty"` + EventLastSeen *int64 `json:"eventLastSeen,omitempty"` +} + +type Aws struct { + Bytes *uint64 `json:"bytes,omitempty"` + Srcaddr *string `json:"srcaddr,omitempty"` + End *int64 `json:"end,omitempty"` + Start *int64 `json:"start,omitempty"` + SourceIpAddress *string `json:"source_ip_address,omitempty"` + ResourceInstanceDetails *ResourceInstanceDetails `json:"resource.instanceDetails,omitempty"` + Dstaddr *string `json:"dstaddr,omitempty"` + Service *Service `json:"service,omitempty"` + CreatedAt *int64 `json:"createdAt,omitempty"` + UpdatedAt *int64 `json:"updatedAt,omitempty"` +} + +type Source struct { + AlertId *string `json:"alert_id,omitempty"` + File *string `json:"file,omitempty"` + Md5 *string `json:"md5,omitempty"` + Sha1 *string `json:"sha1,omitempty"` +} + +type Virustotal struct { + ScanDate *string `json:"scan_date,omitempty"` + Sha1 *string `json:"sha1,omitempty"` + Source *Source `json:"source,omitempty"` + Total *string `json:"total,omitempty"` + Description *string `json:"description,omitempty"` + Error *string `json:"error,omitempty"` + Malicious *string `json:"malicious,omitempty"` + Positives *string `json:"positives,omitempty"` + Found *string `json:"found,omitempty"` + Permalink *string `json:"permalink,omitempty"` +} + +type DataProcess struct { + Priority *uint64 `json:"priority,omitempty"` + Ppid *uint64 `json:"ppid,omitempty"` + Utime *uint64 `json:"utime,omitempty"` + Size *uint64 `json:"size,omitempty"` + VmSize *uint64 `json:"vm_size,omitempty"` + Session *uint64 `json:"session,omitempty"` + State *string `json:"state,omitempty"` + Stime *uint64 `json:"stime,omitempty"` + Pid *uint64 `json:"pid,omitempty"` + Fgroup *string `json:"fgroup,omitempty"` + Tgid *uint64 `json:"tgid,omitempty"` + Rgroup *string `json:"rgroup,omitempty"` + Share *uint64 `json:"share,omitempty"` + Nlwp *uint64 `json:"nlwp,omitempty"` + Tty *uint64 `json:"tty,omitempty"` + Args *string `json:"args,omitempty"` + Euser *string `json:"euser,omitempty"` + Suser *string `json:"suser,omitempty"` + StartTime *uint64 `json:"start_time,omitempty"` + Pgrp *uint64 `json:"pgrp,omitempty"` + Name *string `json:"name,omitempty"` + Cmd *string `json:"cmd,omitempty"` + Processor *uint64 `json:"processor,omitempty"` + Sgroup *string `json:"sgroup,omitempty"` + Resident *uint64 `json:"resident,omitempty"` + Nice *uint64 `json:"nice,omitempty"` + Ruser *string `json:"ruser,omitempty"` + Egroup *string `json:"egroup,omitempty"` +} + +type Ipv6 struct { + Netmask *string `json:"netmask,omitempty"` + Broadcast *string `json:"broadcast,omitempty"` + Metric *uint64 `json:"metric,omitempty"` + Gateway *string `json:"gateway,omitempty"` + Dhcp *string `json:"dhcp,omitempty"` + Address *string `json:"address,omitempty"` +} + +type Ipv4 struct { + Address *string `json:"address,omitempty"` + Netmask *string `json:"netmask,omitempty"` + Broadcast *string `json:"broadcast,omitempty"` + Metric *uint64 `json:"metric,omitempty"` + Gateway *string `json:"gateway,omitempty"` + Dhcp *string `json:"dhcp,omitempty"` +} + +type Iface struct { + Type *string `json:"type,omitempty"` + RxBytes *uint64 `json:"rx_bytes,omitempty"` + TxPackets *uint64 `json:"tx_packets,omitempty"` + Ipv6 *Ipv6 `json:"ipv6,omitempty"` + Name *string `json:"name,omitempty"` + State *string `json:"state,omitempty"` + Mtu *uint64 `json:"mtu,omitempty"` + RxPackets *uint64 `json:"rx_packets,omitempty"` + Ipv4 *Ipv4 `json:"ipv4,omitempty"` + Adapter *string `json:"adapter,omitempty"` + TxBytes *uint64 `json:"tx_bytes,omitempty"` + TxErrors *uint64 `json:"tx_errors,omitempty"` + RxErrors *uint64 `json:"rx_errors,omitempty"` + TxDropped *uint64 `json:"tx_dropped,omitempty"` + Mac *string `json:"mac,omitempty"` + RxDropped *uint64 `json:"rx_dropped,omitempty"` +} + +type Netinfo struct { + Iface *Iface `json:"iface,omitempty"` +} + +type Os struct { + Version *string `json:"version,omitempty"` + Major *string `json:"major,omitempty"` + Minor *string `json:"minor,omitempty"` + Platform *string `json:"platform,omitempty"` + Release *string `json:"release,omitempty"` + ReleaseVersion *string `json:"release_version,omitempty"` + Architecture *string `json:"architecture,omitempty"` + Name *string `json:"name,omitempty"` + Build *string `json:"build,omitempty"` + Sysname *string `json:"sysname,omitempty"` + Hostname *string `json:"hostname,omitempty"` + Codename *string `json:"codename,omitempty"` +} + +type Port struct { + RemoteIp *string `json:"remote_ip,omitempty"` + TxQueue *uint64 `json:"tx_queue,omitempty"` + Inode *uint64 `json:"inode,omitempty"` + State *string `json:"state,omitempty"` + Pid *uint64 `json:"pid,omitempty"` + Process *string `json:"process,omitempty"` + LocalPort *uint64 `json:"local_port,omitempty"` + LocalIp *string `json:"local_ip,omitempty"` + RemotePort *uint64 `json:"remote_port,omitempty"` + RxQueue *uint64 `json:"rx_queue,omitempty"` + Protocol *string `json:"protocol,omitempty"` +} + +type Program struct { + Version *string `json:"version,omitempty"` + Architecture *string `json:"architecture,omitempty"` + Multiarch *string `json:"multiarch,omitempty"` + Source *string `json:"source,omitempty"` + Description *string `json:"description,omitempty"` + Priority *string `json:"priority,omitempty"` + InstallTime *string `json:"install_time,omitempty"` + Section *string `json:"section,omitempty"` + Size *uint64 `json:"size,omitempty"` + Vendor *string `json:"vendor,omitempty"` + Location *string `json:"location,omitempty"` + Format *string `json:"format,omitempty"` + Name *string `json:"name,omitempty"` +} + +type Data struct { + Audit *DataAudit `json:"data_audit,omitempty"` + Status *string `json:"status,omitempty"` + Uid *string `json:"uid,omitempty"` + Dstip *string `json:"dstip,omitempty"` + Hardware *Hardware `json:"hardware,omitempty"` + Sca *Sca `json:"sca,omitempty"` + Command *string `json:"command,omitempty"` + Timestamp *int64 `json:"timestamp,omitempty"` + Title *string `json:"title,omitempty"` + Srcuser *string `json:"srcuser,omitempty"` + ID *string `json:"id,omitempty"` + SystemName *string `json:"system_name,omitempty"` + Oscap *Oscap `json:"oscap,omitempty"` + Dstport *string `json:"dstport,omitempty"` + Dstuser *string `json:"dstuser,omitempty"` + Vulnerability *Vulnerability `json:"vulnerability,omitempty"` + Aws *Aws `json:"aws,omitempty"` + Action *string `json:"action,omitempty"` + Virustotal *Virustotal `json:"virustotal,omitempty"` + Srcip *string `json:"srcip,omitempty"` + ExtraData *string `json:"extra_data,omitempty"` + Integration *string `json:"integration,omitempty"` + Process *DataProcess `json:"data_process,omitempty"` + Data *string `json:"data,omitempty"` + URL *string `json:"url,omitempty"` + Type *string `json:"type,omitempty"` + Netinfo *Netinfo `json:"netinfo,omitempty"` + Os *Os `json:"os,omitempty"` + Port *Port `json:"port,omitempty"` + Program *Program `json:"program,omitempty"` + Protocol *string `json:"protocol,omitempty"` + Srcport *string `json:"srcport,omitempty"` +} + +type Alert struct { + Manager *Manager `json:"manager,omitempty"` + Cluster *Cluster `json:"cluster,omitempty"` + Syscheck *Syscheck `json:"syscheck,omitempty"` + Location *string `json:"location,omitempty"` + Decoder *Decoder `json:"decoder,omitempty"` + Offset *string `json:"offset,omitempty"` + Command *string `json:"command,omitempty"` + Type *string `json:"type,omitempty"` + Timestamp_ *int64 `json:"@timestamp,omitempty"` + Agent *Agent `json:"agent,omitempty"` + FullLog *string `json:"full_log,omitempty"` + PreviousLog *string `json:"previous_log,omitempty"` + Message *string `json:"message,omitempty"` + Input *Input `json:"input,omitempty"` + Timestamp *int64 `json:"timestamp,omitempty"` + Version_ *string `json:"@version,omitempty"` + Host *string `json:"host,omitempty"` + Predecoder *Predecoder `json:"predecoder,omitempty"` + ID *string `json:"id,omitempty"` + PreviousOutput *string `json:"previous_output,omitempty"` + GeoLocation *GeoLocation `json:"GeoLocation,omitempty"` + Rule *Rule `json:"rule,omitempty"` + Data *Data `json:"data,omitempty"` + ProgramName *string `json:"program_name,omitempty"` + Title *string `json:"title,omitempty"` +} diff --git a/wazuh/import_test.go b/wazuh/import_test.go new file mode 100644 index 0000000..efb5180 --- /dev/null +++ b/wazuh/import_test.go @@ -0,0 +1,123 @@ +package wazuh + +import ( + "encoding/json" + "fmt" + "io/ioutil" + "strings" + "testing" + + "github.com/iancoleman/strcase" +) + +type Dict map[string]interface{} + +var Types []string = make([]string, 0) + +func mapType(name string, spec map[string]interface{}) string { + sb := strings.Builder{} + sb.WriteString(fmt.Sprintf("type %s struct {\n", strcase.ToCamel(name))) + + for jKey, v := range spec { + + if strings.Contains(jKey, "-") { + continue + } + + spec := v.(map[string]interface{}) + var gKey string + if strings.HasPrefix(jKey, "@") { + gKey = strcase.ToCamel(jKey[1:]) + "_" + } else { + gKey = strcase.ToCamel(jKey) + } + if jKey == "id" { + gKey = "ID" + } + if jKey == "url" { + gKey = "URL" + } + if jKey == "ip" { + gKey = "IP" + } + + if jType, ok := spec["type"]; ok { + var gType = "" + + if name == "rule" { + if jType == "pci_dss" || jType == "tsc" || jType == "groups" || jType == "gdpr" || jType == "gpg13" || jType == "hipaa" || jType == "nist_800_53" { + gType = "[]string" + } + } + if name == "vulnerability" { + if jType == "references" || jType == "bugzilla_references" { + gType = "[]string" + } + } + if name == "mitre" { + if jType == "id" || jType == "technique" || jType == "tactic" { + gType = "[]string" + } + } + + if gType == "" { + + switch t := jType; t { + case "ip": + gType = "*string" + case "text": + gType = "*string" + case "keyword": + gType = "*string" + case "date": + gType = "*int64" + case "integer": + gType = "*int64" + case "long": + gType = "*uint64" + case "boolean": + gType = "*bool" + case "double": + gType = "*float64" + case "geo_point": + gType = "*GeoPoint" + default: + gType = fmt.Sprintf("<%s>", jType) + } + } + sb.WriteString(fmt.Sprintf("\t%s %s `json:\"%s,omitempty\"`\n", gKey, gType, jKey)) + } else if jSubProps, ok := spec["properties"]; ok { + if jKey == "vector" || jKey == "process" || jKey == "check" || jKey == "audit" { + jKey = name + "_" + jKey + } + mapType(jKey, jSubProps.(map[string]interface{})) + sb.WriteString(fmt.Sprintf("\t%s *%s `json:\"%s,omitempty\"`\n", gKey, strcase.ToCamel(jKey), jKey)) + } + } + sb.WriteString("}\n") + + Types = append(Types, sb.String()) + return sb.String() +} + +func TestImport(t *testing.T) { + rawJson, err := ioutil.ReadFile("index-pattern.json") + if err != nil { + t.Fatal(err) + } + + var dict Dict + err = json.Unmarshal(rawJson, &dict) + if err != nil { + t.Fatal(err) + } + + rawMapping := dict["mappings"].(map[string]interface{}) + propertieDefs := rawMapping["properties"].(map[string]interface{}) + mapType("Alert", propertieDefs) + + for _, t := range Types { + fmt.Printf("%v\n", t) + } + +} diff --git a/wazuh/index-pattern.json b/wazuh/index-pattern.json new file mode 100644 index 0000000..4310605 --- /dev/null +++ b/wazuh/index-pattern.json @@ -0,0 +1,1817 @@ +{ + "order": 0, + "index_patterns": [ + "wazuh-alerts-3.x-*", + "wazuh-archives-3.x-*" + ], + "settings": { + "index.refresh_interval": "5s", + "index.number_of_shards": "3", + "index.number_of_replicas": "0", + "index.auto_expand_replicas": "0-1", + "index.mapping.total_fields.limit": 10000, + "index.query.default_field": [ + "GeoLocation.city_name", + "GeoLocation.continent_code", + "GeoLocation.country_code2", + "GeoLocation.country_code3", + "GeoLocation.country_name", + "GeoLocation.ip", + "GeoLocation.postal_code", + "GeoLocation.real_region_name", + "GeoLocation.region_name", + "GeoLocation.timezone", + "agent.id", + "agent.ip", + "agent.name", + "cluster.name", + "cluster.node", + "command", + "data", + "data.action", + "data.audit", + "data.audit.acct", + "data.audit.arch", + "data.audit.auid", + "data.audit.command", + "data.audit.cwd", + "data.audit.dev", + "data.audit.directory.inode", + "data.audit.directory.mode", + "data.audit.directory.name", + "data.audit.egid", + "data.audit.enforcing", + "data.audit.euid", + "data.audit.exe", + "data.audit.execve.a0", + "data.audit.execve.a1", + "data.audit.execve.a2", + "data.audit.execve.a3", + "data.audit.exit", + "data.audit.file.inode", + "data.audit.file.mode", + "data.audit.file.name", + "data.audit.fsgid", + "data.audit.fsuid", + "data.audit.gid", + "data.audit.id", + "data.audit.key", + "data.audit.list", + "data.audit.old-auid", + "data.audit.old-ses", + "data.audit.old_enforcing", + "data.audit.old_prom", + "data.audit.op", + "data.audit.pid", + "data.audit.ppid", + "data.audit.prom", + "data.audit.res", + "data.audit.session", + "data.audit.sgid", + "data.audit.srcip", + "data.audit.subj", + "data.audit.success", + "data.audit.suid", + "data.audit.syscall", + "data.audit.tty", + "data.audit.uid", + "data.aws.accountId", + "data.aws.account_id", + "data.aws.action", + "data.aws.actor", + "data.aws.aws_account_id", + "data.aws.description", + "data.aws.dstport", + "data.aws.errorCode", + "data.aws.errorMessage", + "data.aws.eventID", + "data.aws.eventName", + "data.aws.eventSource", + "data.aws.eventType", + "data.aws.id", + "data.aws.name", + "data.aws.requestParameters.accessKeyId", + "data.aws.requestParameters.bucketName", + "data.aws.requestParameters.gatewayId", + "data.aws.requestParameters.groupDescription", + "data.aws.requestParameters.groupId", + "data.aws.requestParameters.groupName", + "data.aws.requestParameters.host", + "data.aws.requestParameters.hostedZoneId", + "data.aws.requestParameters.instanceId", + "data.aws.requestParameters.instanceProfileName", + "data.aws.requestParameters.loadBalancerName", + "data.aws.requestParameters.loadBalancerPorts", + "data.aws.requestParameters.masterUserPassword", + "data.aws.requestParameters.masterUsername", + "data.aws.requestParameters.name", + "data.aws.requestParameters.natGatewayId", + "data.aws.requestParameters.networkAclId", + "data.aws.requestParameters.path", + "data.aws.requestParameters.policyName", + "data.aws.requestParameters.port", + "data.aws.requestParameters.stackId", + "data.aws.requestParameters.stackName", + "data.aws.requestParameters.subnetId", + "data.aws.requestParameters.subnetIds", + "data.aws.requestParameters.volumeId", + "data.aws.requestParameters.vpcId", + "data.aws.resource.accessKeyDetails.accessKeyId", + "data.aws.resource.accessKeyDetails.principalId", + "data.aws.resource.accessKeyDetails.userName", + "data.aws.resource.instanceDetails.instanceId", + "data.aws.resource.instanceDetails.instanceState", + "data.aws.resource.instanceDetails.networkInterfaces.privateDnsName", + "data.aws.resource.instanceDetails.networkInterfaces.publicDnsName", + "data.aws.resource.instanceDetails.networkInterfaces.subnetId", + "data.aws.resource.instanceDetails.networkInterfaces.vpcId", + "data.aws.resource.instanceDetails.tags.value", + "data.aws.responseElements.AssociateVpcCidrBlockResponse.vpcId", + "data.aws.responseElements.description", + "data.aws.responseElements.instanceId", + "data.aws.responseElements.instances.instanceId", + "data.aws.responseElements.instancesSet.items.instanceId", + "data.aws.responseElements.listeners.port", + "data.aws.responseElements.loadBalancerName", + "data.aws.responseElements.loadBalancers.vpcId", + "data.aws.responseElements.loginProfile.userName", + "data.aws.responseElements.networkAcl.vpcId", + "data.aws.responseElements.ownerId", + "data.aws.responseElements.publicIp", + "data.aws.responseElements.user.userId", + "data.aws.responseElements.user.userName", + "data.aws.responseElements.volumeId", + "data.aws.service.serviceName", + "data.aws.severity", + "data.aws.source", + "data.aws.sourceIPAddress", + "data.aws.srcport", + "data.aws.userIdentity.accessKeyId", + "data.aws.userIdentity.accountId", + "data.aws.userIdentity.userName", + "data.aws.vpcEndpointId", + "data.command", + "data.data", + "data.docker.Actor.Attributes.container", + "data.docker.Actor.Attributes.image", + "data.docker.Actor.Attributes.name", + "data.docker.Actor.ID", + "data.docker.id", + "data.docker.message", + "data.docker.status", + "data.dstip", + "data.dstport", + "data.dstuser", + "data.extra_data", + "data.hardware.serial", + "data.id", + "data.integration", + "data.netinfo.iface.adapter", + "data.netinfo.iface.ipv4.address", + "data.netinfo.iface.ipv6.address", + "data.netinfo.iface.mac", + "data.netinfo.iface.name", + "data.os.architecture", + "data.os.build", + "data.os.codename", + "data.os.hostname", + "data.os.major", + "data.os.minor", + "data.os.name", + "data.os.platform", + "data.os.release", + "data.os.release_version", + "data.os.sysname", + "data.os.version", + "data.oscap.check.description", + "data.oscap.check.id", + "data.oscap.check.identifiers", + "data.oscap.check.oval.id", + "data.oscap.check.rationale", + "data.oscap.check.references", + "data.oscap.check.result", + "data.oscap.check.severity", + "data.oscap.check.title", + "data.oscap.scan.benchmark.id", + "data.oscap.scan.content", + "data.oscap.scan.id", + "data.oscap.scan.profile.id", + "data.oscap.scan.profile.title", + "data.osquery.columns.address", + "data.osquery.columns.command", + "data.osquery.columns.description", + "data.osquery.columns.dst_ip", + "data.osquery.columns.gid", + "data.osquery.columns.hostname", + "data.osquery.columns.md5", + "data.osquery.columns.path", + "data.osquery.columns.sha1", + "data.osquery.columns.sha256", + "data.osquery.columns.src_ip", + "data.osquery.columns.user", + "data.osquery.columns.username", + "data.osquery.name", + "data.osquery.pack", + "data.port.process", + "data.port.protocol", + "data.port.state", + "data.process.args", + "data.process.cmd", + "data.process.egroup", + "data.process.euser", + "data.process.fgroup", + "data.process.name", + "data.process.rgroup", + "data.process.ruser", + "data.process.sgroup", + "data.process.state", + "data.process.suser", + "data.program.architecture", + "data.program.description", + "data.program.format", + "data.program.location", + "data.program.multiarch", + "data.program.name", + "data.program.priority", + "data.program.section", + "data.program.source", + "data.program.vendor", + "data.program.version", + "data.protocol", + "data.pwd", + "data.sca", + "data.sca.check.compliance.cis", + "data.sca.check.compliance.cis_csc", + "data.sca.check.compliance.pci_dss", + "data.sca.check.compliance.hipaa", + "data.sca.check.compliance.nist_800_53", + "data.sca.check.description", + "data.sca.check.directory", + "data.sca.check.file", + "data.sca.check.id", + "data.sca.check.previous_result", + "data.sca.check.process", + "data.sca.check.rationale", + "data.sca.check.reason", + "data.sca.check.references", + "data.sca.check.registry", + "data.sca.check.remediation", + "data.sca.check.result", + "data.sca.check.status", + "data.sca.check.title", + "data.sca.description", + "data.sca.file", + "data.sca.invalid", + "data.sca.name", + "data.sca.policy", + "data.sca.policy_id", + "data.sca.scan_id", + "data.sca.total_checks", + "data.script", + "data.src_ip", + "data.src_port", + "data.srcip", + "data.srcport", + "data.srcuser", + "data.status", + "data.system_name", + "data.title", + "data.tty", + "data.uid", + "data.url", + "data.virustotal.description", + "data.virustotal.error", + "data.virustotal.found", + "data.virustotal.permalink", + "data.virustotal.scan_date", + "data.virustotal.sha1", + "data.virustotal.source.alert_id", + "data.virustotal.source.file", + "data.virustotal.source.md5", + "data.virustotal.source.sha1", + "data.vulnerability.cve", + "data.vulnerability.cvss.cvss2.base_score", + "data.vulnerability.cvss.cvss2.exploitability_score", + "data.vulnerability.cvss.cvss2.impact_score", + "data.vulnerability.cvss.cvss2.vector.access_complexity", + "data.vulnerability.cvss.cvss2.vector.attack_vector", + "data.vulnerability.cvss.cvss2.vector.authentication", + "data.vulnerability.cvss.cvss2.vector.availability", + "data.vulnerability.cvss.cvss2.vector.confidentiality_impact", + "data.vulnerability.cvss.cvss2.vector.integrity_impact", + "data.vulnerability.cvss.cvss2.vector.privileges_required", + "data.vulnerability.cvss.cvss2.vector.scope", + "data.vulnerability.cvss.cvss2.vector.user_interaction", + "data.vulnerability.cvss.cvss3.base_score", + "data.vulnerability.cvss.cvss3.exploitability_score", + "data.vulnerability.cvss.cvss3.impact_score", + "data.vulnerability.cvss.cvss3.vector.access_complexity", + "data.vulnerability.cvss.cvss3.vector.attack_vector", + "data.vulnerability.cvss.cvss3.vector.authentication", + "data.vulnerability.cvss.cvss3.vector.availability", + "data.vulnerability.cvss.cvss3.vector.confidentiality_impact", + "data.vulnerability.cvss.cvss3.vector.integrity_impact", + "data.vulnerability.cvss.cvss3.vector.privileges_required", + "data.vulnerability.cvss.cvss3.vector.scope", + "data.vulnerability.cvss.cvss3.vector.user_interaction", + "data.vulnerability.cwe_reference", + "data.vulnerability.package.source", + "data.vulnerability.package.architecture", + "data.vulnerability.package.condition", + "data.vulnerability.package.generated_cpe", + "data.vulnerability.package.name", + "data.vulnerability.package.version", + "data.vulnerability.rationale", + "data.vulnerability.severity", + "data.vulnerability.title", + "data.vulnerability.assigner", + "data.vulnerability.cve_version", + "data.win.eventdata.auditPolicyChanges", + "data.win.eventdata.auditPolicyChangesId", + "data.win.eventdata.binary", + "data.win.eventdata.category", + "data.win.eventdata.categoryId", + "data.win.eventdata.data", + "data.win.eventdata.image", + "data.win.eventdata.ipAddress", + "data.win.eventdata.ipPort", + "data.win.eventdata.keyName", + "data.win.eventdata.logonGuid", + "data.win.eventdata.logonProcessName", + "data.win.eventdata.operation", + "data.win.eventdata.parentImage", + "data.win.eventdata.processId", + "data.win.eventdata.processName", + "data.win.eventdata.providerName", + "data.win.eventdata.returnCode", + "data.win.eventdata.service", + "data.win.eventdata.status", + "data.win.eventdata.subcategory", + "data.win.eventdata.subcategoryGuid", + "data.win.eventdata.subcategoryId", + "data.win.eventdata.subjectDomainName", + "data.win.eventdata.subjectLogonId", + "data.win.eventdata.subjectUserName", + "data.win.eventdata.subjectUserSid", + "data.win.eventdata.targetDomainName", + "data.win.eventdata.targetLinkedLogonId", + "data.win.eventdata.targetLogonId", + "data.win.eventdata.targetUserName", + "data.win.eventdata.targetUserSid", + "data.win.eventdata.workstationName", + "data.win.system.channel", + "data.win.system.computer", + "data.win.system.eventID", + "data.win.system.eventRecordID", + "data.win.system.eventSourceName", + "data.win.system.keywords", + "data.win.system.level", + "data.win.system.message", + "data.win.system.opcode", + "data.win.system.processID", + "data.win.system.providerGuid", + "data.win.system.providerName", + "data.win.system.securityUserID", + "data.win.system.severityValue", + "data.win.system.userID", + "decoder.ftscomment", + "decoder.name", + "decoder.parent", + "full_log", + "host", + "id", + "input", + "location", + "manager.name", + "message", + "offset", + "predecoder.hostname", + "predecoder.program_name", + "previous_log", + "previous_output", + "program_name", + "rule.cis", + "rule.cve", + "rule.description", + "rule.gdpr", + "rule.gpg13", + "rule.groups", + "rule.id", + "rule.info", + "rule.mitre.id", + "rule.mitre.tactic", + "rule.mitre.technique", + "rule.pci_dss", + "rule.hipaa", + "rule.nist_800_53", + "syscheck.audit.effective_user.id", + "syscheck.audit.effective_user.name", + "syscheck.audit.group.id", + "syscheck.audit.group.name", + "syscheck.audit.login_user.id", + "syscheck.audit.login_user.name", + "syscheck.audit.process.id", + "syscheck.audit.process.name", + "syscheck.audit.process.ppid", + "syscheck.audit.user.id", + "syscheck.audit.user.name", + "syscheck.diff", + "syscheck.event", + "syscheck.gid_after", + "syscheck.gid_before", + "syscheck.gname_after", + "syscheck.gname_before", + "syscheck.inode_after", + "syscheck.inode_before", + "syscheck.md5_after", + "syscheck.md5_before", + "syscheck.path", + "syscheck.mode", + "syscheck.perm_after", + "syscheck.perm_before", + "syscheck.sha1_after", + "syscheck.sha1_before", + "syscheck.sha256_after", + "syscheck.sha256_before", + "syscheck.tags", + "syscheck.uid_after", + "syscheck.uid_before", + "syscheck.uname_after", + "syscheck.uname_before", + "title", + "type" + ] + }, + "mappings": { + "dynamic_templates": [{ + "string_as_keyword": { + "mapping": { + "type": "keyword" + }, + "match_mapping_type": "string" + } + }], + "date_detection": false, + "properties": { + "@timestamp": { + "type": "date" + }, + "timestamp": { + "type": "date", + "format": "date_optional_time||epoch_millis" + }, + "@version": { + "type": "text" + }, + "agent": { + "properties": { + "ip": { + "type": "keyword" + }, + "id": { + "type": "keyword" + }, + "name": { + "type": "keyword" + } + } + }, + "manager": { + "properties": { + "name": { + "type": "keyword" + } + } + }, + "cluster": { + "properties": { + "name": { + "type": "keyword" + }, + "node": { + "type": "keyword" + } + } + }, + "full_log": { + "type": "text" + }, + "previous_log": { + "type": "text" + }, + "GeoLocation": { + "properties": { + "area_code": { + "type": "long" + }, + "city_name": { + "type": "keyword" + }, + "continent_code": { + "type": "text" + }, + "coordinates": { + "type": "double" + }, + "country_code2": { + "type": "text" + }, + "country_code3": { + "type": "text" + }, + "country_name": { + "type": "keyword" + }, + "dma_code": { + "type": "long" + }, + "ip": { + "type": "keyword" + }, + "latitude": { + "type": "double" + }, + "location": { + "type": "geo_point" + }, + "longitude": { + "type": "double" + }, + "postal_code": { + "type": "keyword" + }, + "real_region_name": { + "type": "keyword" + }, + "region_name": { + "type": "keyword" + }, + "timezone": { + "type": "text" + } + } + }, + "host": { + "type": "keyword" + }, + "syscheck": { + "properties": { + "path": { + "type": "keyword" + }, + "hard_links": { + "type": "keyword" + }, + "mode": { + "type": "keyword" + }, + "sha1_before": { + "type": "keyword" + }, + "sha1_after": { + "type": "keyword" + }, + "uid_before": { + "type": "keyword" + }, + "uid_after": { + "type": "keyword" + }, + "gid_before": { + "type": "keyword" + }, + "gid_after": { + "type": "keyword" + }, + "perm_before": { + "type": "keyword" + }, + "perm_after": { + "type": "keyword" + }, + "md5_after": { + "type": "keyword" + }, + "md5_before": { + "type": "keyword" + }, + "gname_after": { + "type": "keyword" + }, + "gname_before": { + "type": "keyword" + }, + "inode_after": { + "type": "keyword" + }, + "inode_before": { + "type": "keyword" + }, + "mtime_after": { + "type": "date", + "format": "date_optional_time" + }, + "mtime_before": { + "type": "date", + "format": "date_optional_time" + }, + "uname_after": { + "type": "keyword" + }, + "uname_before": { + "type": "keyword" + }, + "size_before": { + "type": "long" + }, + "size_after": { + "type": "long" + }, + "diff": { + "type": "keyword" + }, + "event": { + "type": "keyword" + }, + "audit": { + "properties": { + "effective_user": { + "properties": { + "id": { + "type": "keyword" + }, + "name": { + "type": "keyword" + } + } + }, + "group": { + "properties": { + "id": { + "type": "keyword" + }, + "name": { + "type": "keyword" + } + } + }, + "login_user": { + "properties": { + "id": { + "type": "keyword" + }, + "name": { + "type": "keyword" + } + } + }, + "process": { + "properties": { + "id": { + "type": "keyword" + }, + "name": { + "type": "keyword" + }, + "ppid": { + "type": "keyword" + } + } + }, + "user": { + "properties": { + "id": { + "type": "keyword" + }, + "name": { + "type": "keyword" + } + } + } + } + }, + "sha256_after": { + "type": "keyword" + }, + "sha256_before": { + "type": "keyword" + }, + "tags": { + "type": "keyword" + } + } + }, + "location": { + "type": "keyword" + }, + "message": { + "type": "text" + }, + "offset": { + "type": "keyword" + }, + "rule": { + "properties": { + "description": { + "type": "keyword" + }, + "groups": { + "type": "keyword" + }, + "level": { + "type": "long" + }, + "id": { + "type": "keyword" + }, + "cve": { + "type": "keyword" + }, + "info": { + "type": "keyword" + }, + "frequency": { + "type": "long" + }, + "firedtimes": { + "type": "long" + }, + "cis": { + "type": "keyword" + }, + "pci_dss": { + "type": "keyword" + }, + "gdpr": { + "type": "keyword" + }, + "gpg13": { + "type": "keyword" + }, + "hipaa": { + "type": "keyword" + }, + "nist_800_53": { + "type": "keyword" + }, + "mail": { + "type": "boolean" + }, + "mitre": { + "properties": { + "id": { + "type": "keyword" + }, + "tactic": { + "type": "keyword" + }, + "technique": { + "type": "keyword" + } + } + } + } + }, + "predecoder": { + "properties": { + "program_name": { + "type": "keyword" + }, + "timestamp": { + "type": "keyword" + }, + "hostname": { + "type": "keyword" + } + } + }, + "decoder": { + "properties": { + "parent": { + "type": "keyword" + }, + "name": { + "type": "keyword" + }, + "ftscomment": { + "type": "keyword" + }, + "fts": { + "type": "long" + }, + "accumulate": { + "type": "long" + } + } + }, + "data": { + "properties": { + "audit": { + "properties": { + "acct": { + "type": "keyword" + }, + "arch": { + "type": "keyword" + }, + "auid": { + "type": "keyword" + }, + "command": { + "type": "keyword" + }, + "cwd": { + "type": "keyword" + }, + "dev": { + "type": "keyword" + }, + "directory": { + "properties": { + "inode": { + "type": "keyword" + }, + "mode": { + "type": "keyword" + }, + "name": { + "type": "keyword" + } + } + }, + "egid": { + "type": "keyword" + }, + "enforcing": { + "type": "keyword" + }, + "euid": { + "type": "keyword" + }, + "exe": { + "type": "keyword" + }, + "execve": { + "properties": { + "a0": { + "type": "keyword" + }, + "a1": { + "type": "keyword" + }, + "a2": { + "type": "keyword" + }, + "a3": { + "type": "keyword" + } + } + }, + "exit": { + "type": "keyword" + }, + "file": { + "properties": { + "inode": { + "type": "keyword" + }, + "mode": { + "type": "keyword" + }, + "name": { + "type": "keyword" + } + } + }, + "fsgid": { + "type": "keyword" + }, + "fsuid": { + "type": "keyword" + }, + "gid": { + "type": "keyword" + }, + "id": { + "type": "keyword" + }, + "key": { + "type": "keyword" + }, + "list": { + "type": "keyword" + }, + "old-auid": { + "type": "keyword" + }, + "old-ses": { + "type": "keyword" + }, + "old_enforcing": { + "type": "keyword" + }, + "old_prom": { + "type": "keyword" + }, + "op": { + "type": "keyword" + }, + "pid": { + "type": "keyword" + }, + "ppid": { + "type": "keyword" + }, + "prom": { + "type": "keyword" + }, + "res": { + "type": "keyword" + }, + "session": { + "type": "keyword" + }, + "sgid": { + "type": "keyword" + }, + "srcip": { + "type": "keyword" + }, + "subj": { + "type": "keyword" + }, + "success": { + "type": "keyword" + }, + "suid": { + "type": "keyword" + }, + "syscall": { + "type": "keyword" + }, + "tty": { + "type": "keyword" + }, + "type": { + "type": "keyword" + }, + "uid": { + "type": "keyword" + } + } + }, + "protocol": { + "type": "keyword" + }, + "action": { + "type": "keyword" + }, + "srcip": { + "type": "keyword" + }, + "dstip": { + "type": "keyword" + }, + "srcport": { + "type": "keyword" + }, + "dstport": { + "type": "keyword" + }, + "srcuser": { + "type": "keyword" + }, + "dstuser": { + "type": "keyword" + }, + "id": { + "type": "keyword" + }, + "status": { + "type": "keyword" + }, + "data": { + "type": "keyword" + }, + "extra_data": { + "type": "keyword" + }, + "system_name": { + "type": "keyword" + }, + "url": { + "type": "keyword" + }, + "oscap": { + "properties": { + "check": { + "properties": { + "description": { + "type": "text" + }, + "id": { + "type": "keyword" + }, + "identifiers": { + "type": "text" + }, + "oval": { + "properties": { + "id": { + "type": "keyword" + } + } + }, + "rationale": { + "type": "text" + }, + "references": { + "type": "text" + }, + "result": { + "type": "keyword" + }, + "severity": { + "type": "keyword" + }, + "title": { + "type": "keyword" + } + } + }, + "scan": { + "properties": { + "benchmark": { + "properties": { + "id": { + "type": "keyword" + } + } + }, + "content": { + "type": "keyword" + }, + "id": { + "type": "keyword" + }, + "profile": { + "properties": { + "id": { + "type": "keyword" + }, + "title": { + "type": "keyword" + } + } + }, + "return_code": { + "type": "long" + }, + "score": { + "type": "double" + } + } + } + } + }, + "type": { + "type": "keyword" + }, + "netinfo": { + "properties": { + "iface": { + "properties": { + "name": { + "type": "keyword" + }, + "mac": { + "type": "keyword" + }, + "adapter": { + "type": "keyword" + }, + "type": { + "type": "keyword" + }, + "state": { + "type": "keyword" + }, + "mtu": { + "type": "long" + }, + "tx_bytes": { + "type": "long" + }, + "rx_bytes": { + "type": "long" + }, + "tx_errors": { + "type": "long" + }, + "rx_errors": { + "type": "long" + }, + "tx_dropped": { + "type": "long" + }, + "rx_dropped": { + "type": "long" + }, + "tx_packets": { + "type": "long" + }, + "rx_packets": { + "type": "long" + }, + "ipv4": { + "properties": { + "gateway": { + "type": "keyword" + }, + "dhcp": { + "type": "keyword" + }, + "address": { + "type": "keyword" + }, + "netmask": { + "type": "keyword" + }, + "broadcast": { + "type": "keyword" + }, + "metric": { + "type": "long" + } + } + }, + "ipv6": { + "properties": { + "gateway": { + "type": "keyword" + }, + "dhcp": { + "type": "keyword" + }, + "address": { + "type": "keyword" + }, + "netmask": { + "type": "keyword" + }, + "broadcast": { + "type": "keyword" + }, + "metric": { + "type": "long" + } + } + } + } + } + } + }, + "os": { + "properties": { + "hostname": { + "type": "keyword" + }, + "architecture": { + "type": "keyword" + }, + "name": { + "type": "keyword" + }, + "version": { + "type": "keyword" + }, + "codename": { + "type": "keyword" + }, + "major": { + "type": "keyword" + }, + "minor": { + "type": "keyword" + }, + "build": { + "type": "keyword" + }, + "platform": { + "type": "keyword" + }, + "sysname": { + "type": "keyword" + }, + "release": { + "type": "keyword" + }, + "release_version": { + "type": "keyword" + } + } + }, + "port": { + "properties": { + "protocol": { + "type": "keyword" + }, + "local_ip": { + "type": "ip" + }, + "local_port": { + "type": "long" + }, + "remote_ip": { + "type": "ip" + }, + "remote_port": { + "type": "long" + }, + "tx_queue": { + "type": "long" + }, + "rx_queue": { + "type": "long" + }, + "inode": { + "type": "long" + }, + "state": { + "type": "keyword" + }, + "pid": { + "type": "long" + }, + "process": { + "type": "keyword" + } + } + }, + "hardware": { + "properties": { + "serial": { + "type": "keyword" + }, + "cpu_name": { + "type": "keyword" + }, + "cpu_cores": { + "type": "long" + }, + "cpu_mhz": { + "type": "double" + }, + "ram_total": { + "type": "long" + }, + "ram_free": { + "type": "long" + }, + "ram_usage": { + "type": "long" + } + } + }, + "program": { + "properties": { + "format": { + "type": "keyword" + }, + "name": { + "type": "keyword" + }, + "priority": { + "type": "keyword" + }, + "section": { + "type": "keyword" + }, + "size": { + "type": "long" + }, + "vendor": { + "type": "keyword" + }, + "install_time": { + "type": "keyword" + }, + "version": { + "type": "keyword" + }, + "architecture": { + "type": "keyword" + }, + "multiarch": { + "type": "keyword" + }, + "source": { + "type": "keyword" + }, + "description": { + "type": "keyword" + }, + "location": { + "type": "keyword" + } + } + }, + "process": { + "properties": { + "pid": { + "type": "long" + }, + "name": { + "type": "keyword" + }, + "state": { + "type": "keyword" + }, + "ppid": { + "type": "long" + }, + "utime": { + "type": "long" + }, + "stime": { + "type": "long" + }, + "cmd": { + "type": "keyword" + }, + "args": { + "type": "keyword" + }, + "euser": { + "type": "keyword" + }, + "ruser": { + "type": "keyword" + }, + "suser": { + "type": "keyword" + }, + "egroup": { + "type": "keyword" + }, + "sgroup": { + "type": "keyword" + }, + "fgroup": { + "type": "keyword" + }, + "rgroup": { + "type": "keyword" + }, + "priority": { + "type": "long" + }, + "nice": { + "type": "long" + }, + "size": { + "type": "long" + }, + "vm_size": { + "type": "long" + }, + "resident": { + "type": "long" + }, + "share": { + "type": "long" + }, + "start_time": { + "type": "long" + }, + "pgrp": { + "type": "long" + }, + "session": { + "type": "long" + }, + "nlwp": { + "type": "long" + }, + "tgid": { + "type": "long" + }, + "tty": { + "type": "long" + }, + "processor": { + "type": "long" + } + } + }, + "sca": { + "properties": { + "type": { + "type": "keyword" + }, + "scan_id": { + "type": "keyword" + }, + "policy": { + "type": "keyword" + }, + "name": { + "type": "keyword" + }, + "file": { + "type": "keyword" + }, + "description": { + "type": "keyword" + }, + "passed": { + "type": "integer" + }, + "failed": { + "type": "integer" + }, + "score": { + "type": "long" + }, + "check": { + "properties": { + "id": { + "type": "keyword" + }, + "title": { + "type": "keyword" + }, + "description": { + "type": "keyword" + }, + "rationale": { + "type": "keyword" + }, + "remediation": { + "type": "keyword" + }, + "compliance": { + "properties": { + "cis": { + "type": "keyword" + }, + "cis_csc": { + "type": "keyword" + }, + "pci_dss": { + "type": "keyword" + }, + "hipaa": { + "type": "keyword" + }, + "nist_800_53": { + "type": "keyword" + } + } + }, + "references": { + "type": "keyword" + }, + "file": { + "type": "keyword" + }, + "directory": { + "type": "keyword" + }, + "registry": { + "type": "keyword" + }, + "process": { + "type": "keyword" + }, + "result": { + "type": "keyword" + }, + "previous_result": { + "type": "keyword" + }, + "reason": { + "type": "keyword" + }, + "status": { + "type": "keyword" + } + } + }, + "invalid": { + "type": "keyword" + }, + "policy_id": { + "type": "keyword" + }, + "total_checks": { + "type": "keyword" + } + } + }, + "command": { + "type": "keyword" + }, + "integration": { + "type": "keyword" + }, + "timestamp": { + "type": "date" + }, + "title": { + "type": "keyword" + }, + "uid": { + "type": "keyword" + }, + "virustotal": { + "properties": { + "description": { + "type": "keyword" + }, + "error": { + "type": "keyword" + }, + "found": { + "type": "keyword" + }, + "malicious": { + "type": "keyword" + }, + "permalink": { + "type": "keyword" + }, + "positives": { + "type": "keyword" + }, + "scan_date": { + "type": "keyword" + }, + "sha1": { + "type": "keyword" + }, + "source": { + "properties": { + "alert_id": { + "type": "keyword" + }, + "file": { + "type": "keyword" + }, + "md5": { + "type": "keyword" + }, + "sha1": { + "type": "keyword" + } + } + }, + "total": { + "type": "keyword" + } + } + }, + "vulnerability": { + "properties": { + "cve": { + "type": "keyword" + }, + "cvss": { + "properties": { + "cvss2": { + "properties": { + "base_score": { + "type": "keyword" + }, + "exploitability_score": { + "type": "keyword" + }, + "impact_score": { + "type": "keyword" + }, + "vector": { + "properties": { + "access_complexity": { + "type": "keyword" + }, + "attack_vector": { + "type": "keyword" + }, + "authentication": { + "type": "keyword" + }, + "availability": { + "type": "keyword" + }, + "confidentiality_impact": { + "type": "keyword" + }, + "integrity_impact": { + "type": "keyword" + }, + "privileges_required": { + "type": "keyword" + }, + "scope": { + "type": "keyword" + }, + "user_interaction": { + "type": "keyword" + } + } + } + } + }, + "cvss3": { + "properties": { + "base_score": { + "type": "keyword" + }, + "exploitability_score": { + "type": "keyword" + }, + "impact_score": { + "type": "keyword" + }, + "vector": { + "properties": { + "access_complexity": { + "type": "keyword" + }, + "attack_vector": { + "type": "keyword" + }, + "authentication": { + "type": "keyword" + }, + "availability": { + "type": "keyword" + }, + "confidentiality_impact": { + "type": "keyword" + }, + "integrity_impact": { + "type": "keyword" + }, + "privileges_required": { + "type": "keyword" + }, + "scope": { + "type": "keyword" + }, + "user_interaction": { + "type": "keyword" + } + } + } + } + } + } + }, + "cwe_reference": { + "type": "keyword" + }, + "package": { + "properties": { + "source": { + "type": "keyword" + }, + "architecture": { + "type": "keyword" + }, + "condition": { + "type": "keyword" + }, + "generated_cpe": { + "type": "keyword" + }, + "name": { + "type": "keyword" + }, + "version": { + "type": "keyword" + } + } + }, + "published": { + "type": "date" + }, + "updated": { + "type": "date" + }, + "rationale": { + "type": "keyword" + }, + "severity": { + "type": "keyword" + }, + "title": { + "type": "keyword" + }, + "assigner": { + "type": "keyword" + }, + "cve_version": { + "type": "keyword" + } + } + }, + "aws": { + "properties": { + "bytes": { + "type": "long" + }, + "dstaddr": { + "type": "ip" + }, + "srcaddr": { + "type": "ip" + }, + "end": { + "type": "date" + }, + "start": { + "type": "date" + }, + "source_ip_address": { + "type": "ip" + }, + "service": { + "properties": { + "count": { + "type": "long" + }, + "action.networkConnectionAction.remoteIpDetails": { + "properties": { + "ipAddressV4": { + "type": "ip" + }, + "geoLocation": { + "type": "geo_point" + } + } + }, + "eventFirstSeen": { + "type": "date" + }, + "eventLastSeen": { + "type": "date" + } + } + }, + "createdAt": { + "type": "date" + }, + "updatedAt": { + "type": "date" + }, + "resource.instanceDetails": { + "properties": { + "launchTime": { + "type": "date" + }, + "networkInterfaces": { + "properties": { + "privateIpAddress": { + "type": "ip" + }, + "publicIp": { + "type": "ip" + } + } + } + } + } + } + } + } + }, + "program_name": { + "type": "keyword" + }, + "command": { + "type": "keyword" + }, + "type": { + "type": "text" + }, + "title": { + "type": "keyword" + }, + "id": { + "type": "keyword" + }, + "input": { + "properties": { + "type": { + "type": "keyword" + } + } + }, + "previous_output": { + "type": "keyword" + } + } + }, + "version": 1 +} diff --git a/codexsentry/codexsentry.go b/wazuhsentry/wazuhsentry.go old mode 100755 new mode 100644 similarity index 55% rename from codexsentry/codexsentry.go rename to wazuhsentry/wazuhsentry.go index 5113b1f..642fc03 --- a/codexsentry/codexsentry.go +++ b/wazuhsentry/wazuhsentry.go @@ -1,197 +1,304 @@ -package wazuhsentry - -import ( - "encoding/gob" - "fmt" - "reflect" - "time" - - "github.com/autonubil/go-wazuh/ossec" - "github.com/getsentry/sentry-go" - "go.uber.org/zap/zapcore" -) - -type AgentTransport struct { - channel chan *ossec.QueuePosting - Project string - Version string -} - -type SentryIntegrationEvent struct { - ossec.IntegrationEvent - Sentry interface{} `json:"sentry"` -} -type SentryEvent struct { - *sentry.Event - Project string `json:"project,omitempty"` - Version string `json:"version,omitempty"` -} - -func init() { - gob.Register(SentryIntegrationEvent{}) - gob.Register(SentryEvent{}) -} - -func (t *AgentTransport) Flush(timeout time.Duration) bool { - return true -} - -var maxErrorDepth = 5 - -func (t *AgentTransport) Configure(options sentry.ClientOptions) { - -} - -var BeforeSend = func(event *sentry.Event, hint *sentry.EventHint) *sentry.Event { - if hint != nil { - if data, ok := hint.Data.(map[string]interface{}); ok { - event.Extra, ok = data["fields"].(map[string]interface{}) - event.Level, ok = data["level"].(sentry.Level) - } - if hint.OriginalException != nil { - err := hint.OriginalException - for i := 0; i < maxErrorDepth && err != nil; i++ { - event.Exception = append(event.Exception, sentry.Exception{ - Value: err.Error(), - Type: reflect.TypeOf(err).String(), - Stacktrace: sentry.ExtractStacktrace(err), - }) - switch previous := err.(type) { - case interface{ Unwrap() error }: - err = previous.Unwrap() - case interface{ Cause() error }: - err = previous.Cause() - default: - err = nil - } - } - } - } - return event -} - -func (t *AgentTransport) SendEvent(event *sentry.Event) { - meta := ossec.IntegrationMeta{ - SystemName: event.ServerName, - Protocol: "ossec", - } - - sentryMsg := SentryEvent{event, "", ""} - - msg := SentryIntegrationEvent{ - ossec.IntegrationEvent{ - Integration: "webhook", - Meta: meta, - }, - sentryMsg, - } - - t.channel <- &ossec.QueuePosting{ - Location: "internal", - ProgramName: "sentry", - TargetQueue: ossec.LOCALFILE_MQ, - Raw: msg, - } -} - -func NewAgentTransport(channel chan *ossec.QueuePosting) (*AgentTransport, error) { - - t := &AgentTransport{ - channel: channel, - } - return t, nil -} - -func Init(channel chan *ossec.QueuePosting, options sentry.ClientOptions) error { - var err error - options.Transport, err = NewAgentTransport(channel) - if err != nil { - return err - } - - err = sentry.Init(options) - return err -} - -type SentryCore struct { - innerCore zapcore.Core -} - -func NewWrappedCore(innerCore zapcore.Core) zapcore.Core { - return SentryCore{innerCore} -} - -func (c SentryCore) Enabled(level zapcore.Level) bool { - result := c.innerCore.Enabled(level) - return result -} - -func (c SentryCore) With(fld []zapcore.Field) zapcore.Core { return c.innerCore.With(fld) } - -func (c SentryCore) Check(ent zapcore.Entry, ce *zapcore.CheckedEntry) *zapcore.CheckedEntry { - if ent.Level > -1 { - ce = ce.AddCore(ent, c) - } - return c.innerCore.Check(ent, ce) -} - -func (c SentryCore) Write(entry zapcore.Entry, fields []zapcore.Field) error { - hub := sentry.CurrentHub() - client, scope := hub.Client(), hub.Scope() - if client == nil || scope == nil { - return nil - } - data := make(map[string]interface{}) - flds := make(map[string]interface{}) - switch entry.Level { - case zapcore.DebugLevel: - data["level"] = sentry.LevelDebug - case zapcore.InfoLevel: - data["level"] = sentry.LevelInfo - case zapcore.WarnLevel: - data["level"] = sentry.LevelWarning - case zapcore.ErrorLevel: - case zapcore.PanicLevel: - case zapcore.DPanicLevel: - data["level"] = sentry.LevelError - case zapcore.FatalLevel: - data["level"] = sentry.LevelFatal - default: - data["level"] = "debug" - } - data["fields"] = flds - hint := &sentry.EventHint{ - Data: data, - } - for _, fld := range fields { - if fld.Interface != nil { - if fld.Type == zapcore.ErrorType { - hint.OriginalException = fld.Interface.(error) - if _, ok := hint.OriginalException.(ossec.QueueError); ok { - // skip queue errors to avoid endless loop - return nil - } - - hint.RecoveredException = sentry.Exception{} - - } else if fld.Type == zapcore.StringerType { - flds[fld.Key] = fld.Interface.(fmt.Stringer).String() - } else { - flds[fld.Key] = fld.Interface - } - } else { - switch fld.Type { - case zapcore.StringType: - flds[fld.Key] = fld.String - default: - flds[fld.Key] = fld.Integer - } - } - } - - client.CaptureMessage(entry.Message, hint, scope) - - return nil -} - -func (c SentryCore) Sync() error { return c.innerCore.Sync() } +package wazuhsentry + +import ( + "crypto/x509" + "encoding/gob" + "encoding/pem" + "fmt" + "io/ioutil" + "os" + "os/user" + "reflect" + "strings" + "time" + + "github.com/autonubil/go-wazuh/ossec" + "github.com/getsentry/sentry-go" + "github.com/golang-jwt/jwt" + "github.com/pkg/errors" + "go.uber.org/zap" + "go.uber.org/zap/zapcore" +) + +type AgentTransport struct { + channel chan *ossec.QueuePosting + Project string + Version string + wrappedTransport *sentry.HTTPTransport +} + +type SentryIntegrationEvent struct { + ossec.IntegrationEvent + Sentry interface{} `json:"sentry"` +} +type SentryEvent struct { + *sentry.Event + Project string `json:"project,omitempty"` + Version string `json:"version,omitempty"` +} + +func init() { + gob.Register(SentryIntegrationEvent{}) + gob.Register(SentryEvent{}) + gob.Register(zap.Strings("reg", []string{""}).Interface) +} + +func (t *AgentTransport) Flush(timeout time.Duration) bool { + // forward to default tansport + t.wrappedTransport.Flush(timeout) + return true +} + +var maxErrorDepth = 5 + +func (t *AgentTransport) Configure(options sentry.ClientOptions) { + // forward to default tansport + t.wrappedTransport.Configure(options) +} + +func getUserFromJWT(tokenPath string, user *sentry.User) error { + rawToken, err := ioutil.ReadFile(tokenPath) + if err != nil { + return err + } + claims := jwt.MapClaims{} + _, err = jwt.ParseWithClaims(string(rawToken), claims, func(token *jwt.Token) (interface{}, error) { + return nil, nil + }) + + if err != nil { + return err + } + + if k8s, ok := claims["kubernetes.io"]; ok { + if pod, ok := k8s.(map[string]interface{})["pod"]; ok { + if pidID, ok := pod.(map[string]interface{})["uid"]; ok { + user.ID = pidID.(string) + } + if podName, ok := pod.(map[string]interface{})["name"]; ok { + user.Username = podName.(string) + return nil + } + } + } + return fmt.Errorf("name not resolved") +} + +func getEnvironmentFromCert(certName string) string { + // Create a CA certificate pool and add cert.pem to it + caCert, err := ioutil.ReadFile(certName) + if err != nil { + return "kubernetes" + } + block, _ := pem.Decode([]byte(caCert)) + if block == nil { + return "kubernetes" + } + + cert, err := x509.ParseCertificate(block.Bytes) + if err != nil { + return "kubernetes" + } + return strings.Split(cert.Subject.CommonName, " - ")[0] +} + +var BeforeSend = func(event *sentry.Event, hint *sentry.EventHint) *sentry.Event { + if hint != nil { + if data, ok := hint.Data.(map[string]interface{}); ok { + event.Extra, ok = data["fields"].(map[string]interface{}) + // event.Level, ok = hint. + } + if hint.OriginalException != nil { + err := hint.OriginalException + for i := 0; i < maxErrorDepth && err != nil; i++ { + stackErr := errors.WithStack(err) + trace := sentry.ExtractStacktrace(stackErr) + if len(trace.Frames) > 3 { + trace.Frames = trace.Frames[0 : len(trace.Frames)-3] + } + event.Exception = append(event.Exception, sentry.Exception{ + Value: err.Error(), + Type: reflect.TypeOf(err).String(), + Stacktrace: trace, + }) + switch previous := err.(type) { + case interface{ Unwrap() error }: + err = previous.Unwrap() + case interface{ Cause() error }: + err = previous.Cause() + default: + err = nil + } + } + } + } + + if event.Transaction == "" { + event.Transaction = "Zap.Logger" + } + + return event +} + +func (t *AgentTransport) SendEvent(event *sentry.Event) { + // forward to default tansport + t.wrappedTransport.SendEvent(event) + + meta := ossec.IntegrationMeta{ + SystemName: event.ServerName, + Protocol: "ossec", + } + + sentryMsg := SentryEvent{event, "", ""} + + msg := SentryIntegrationEvent{ + ossec.IntegrationEvent{ + Integration: "webhook", + Meta: meta, + }, + sentryMsg, + } + + t.channel <- &ossec.QueuePosting{ + Location: "internal", + ProgramName: "sentry", + TargetQueue: ossec.LOCALFILE_MQ, + Raw: msg, + } + +} + +func NewAgentTransport(channel chan *ossec.QueuePosting) (*AgentTransport, error) { + if channel == nil { + return nil, errors.New("no channel specified") + } + t := &AgentTransport{ + channel: channel, + wrappedTransport: sentry.NewHTTPTransport(), + } + return t, nil +} + +func Init(channel chan *ossec.QueuePosting, options sentry.ClientOptions) error { + var err error + if options.Environment == "" { + if _, err := os.Stat("/run/secrets/kubernetes.io/serviceaccount/ca.crt"); err == nil { + options.Environment = getEnvironmentFromCert("/run/secrets/kubernetes.io/serviceaccount/ca.crt") + } + } + options.Transport, err = NewAgentTransport(channel) + if err != nil { + return err + } + + err = sentry.Init(options) + return err +} + +type SentryCore struct { + innerCore zapcore.Core +} + +func NewWrappedCore(innerCore zapcore.Core) zapcore.Core { + return SentryCore{innerCore} +} + +func (c SentryCore) Enabled(level zapcore.Level) bool { + result := c.innerCore.Enabled(level) + return result +} + +func (c SentryCore) With(fld []zapcore.Field) zapcore.Core { return c.innerCore.With(fld) } + +func (c SentryCore) Check(ent zapcore.Entry, ce *zapcore.CheckedEntry) *zapcore.CheckedEntry { + if ent.Level > -1 { + ce = ce.AddCore(ent, c) + } + return c.innerCore.Check(ent, ce) +} + +func (c SentryCore) Write(entry zapcore.Entry, fields []zapcore.Field) error { + hub := sentry.CurrentHub() + client, scope := hub.Client(), hub.Scope() + if client == nil || scope == nil { + return nil + } + data := make(map[string]interface{}) + flds := make(map[string]interface{}) + switch entry.Level { + case zapcore.DebugLevel: + scope.SetLevel(sentry.LevelDebug) + case zapcore.InfoLevel: + scope.SetLevel(sentry.LevelInfo) + case zapcore.WarnLevel: + scope.SetLevel(sentry.LevelWarning) + case zapcore.ErrorLevel: + scope.SetLevel(sentry.LevelError) + case zapcore.PanicLevel: + scope.SetLevel(sentry.LevelError) + case zapcore.DPanicLevel: + scope.SetLevel(sentry.LevelError) + case zapcore.FatalLevel: + scope.SetLevel(sentry.LevelFatal) + default: + scope.SetLevel(sentry.LevelDebug) + } + + data["zapEntry"] = entry + data["fields"] = flds + hint := &sentry.EventHint{ + Data: data, + } + + sentryUser := sentry.User{} + _, err := os.Stat("/run/secrets/kubernetes.io/serviceaccount/token") + if err == nil { + err = getUserFromJWT("/run/secrets/kubernetes.io/serviceaccount/token", &sentryUser) + } + + if err != nil { + user, err := user.Current() + if err == nil { + sentryUser.Username = user.Username + sentryUser.ID = user.Uid + } else { + sentryUser.Username = "N/A" + } + } + + scope.SetUser(sentryUser) + var hn string + hn, err = os.Hostname() + if err != nil { + hn = "localhost" + } + scope.SetTransaction(fmt.Sprintf("%s@%s", sentryUser.Username, hn)) + + for _, fld := range fields { + if fld.Interface != nil { + if fld.Type == zapcore.ErrorType { + hint.OriginalException = fld.Interface.(error) + if _, ok := hint.OriginalException.(ossec.QueueError); ok { + // skip queue errors to avoid endless loop + return nil + } + hint.RecoveredException = sentry.Exception{} + } else if fld.Type == zapcore.StringerType { + flds[fld.Key] = fld.Interface.(fmt.Stringer).String() + } else { + flds[fld.Key] = fld.Interface + } + } else { + switch fld.Type { + case zapcore.StringType: + flds[fld.Key] = fld.String + default: + flds[fld.Key] = fld.Integer + } + } + } + client.CaptureMessage(entry.Message, hint, scope) + return nil +} + +func (c SentryCore) Sync() error { return c.innerCore.Sync() }