Merge branch 'master' into ci/183-add-demo-certificates

wazuh · Nov 12, 2024 · 41ed09a · 41ed09a
2 parents 594f7b5 + e773599
commit 41ed09a
Show file tree

Hide file tree

Showing 47 changed files with 2,640 additions and 13 deletions.
diff --git a/.github/ISSUE_TEMPLATE/compatibility_request.md b/.github/ISSUE_TEMPLATE/compatibility_request.md
@@ -2,7 +2,7 @@
 name: Compatibility request
 about: Suggest supporting a new version of OpenSearch
 title: 'Compatibility with OpenSearch (version)'
-labels: request/operational, level/task, type/research
+labels: request/operational, level/task, type/maintenance
 assignees: ''
 
 ---

diff --git a/ecs/agent/fields/custom/wazuh-agent.yml → ecs/agent/fields/custom/agent.yml b/ecs/agent/fields/custom/wazuh-agent.yml → ecs/agent/fields/custom/agent.yml
@@ -9,17 +9,17 @@
       type: keyword
       level: custom
       description: >
-        The groups the agent belongs to.
+        List of groups the agent belong to.
     - name: key
       type: keyword
       level: custom
       description: >
-        The agent's registration key.
+        The registration key of the agent.
     - name: last_login
       type: date
       level: custom
       description: >
-        The agent's last login.
+        The last time the agent logged in.
     - name: is_connected
       type: boolean
       level: custom

diff --git a/ecs/command/fields/custom/agent.yml b/ecs/command/fields/custom/agent.yml
@@ -9,4 +9,4 @@
       type: keyword
       level: custom
       description: >
-        The groups the agent belongs to.
+        List of groups the agent belong to.
diff --git a/ecs/docs/agents.md b/ecs/docs/agents.md
@@ -0,0 +1,109 @@
+## `agents` index data model
+
+### Fields summary
+
+The fields are based on https://github.com/wazuh/wazuh/issues/23396#issuecomment-2176402993
+
+Based on ECS [Agent Fields](https://www.elastic.co/guide/en/ecs/current/ecs-agent.html).
+
+|     | Field                | Type    | Description                                                            | Example                            |
+| --- | -------------------- | ------- | ---------------------------------------------------------------------- | ---------------------------------- |
+|     | `agent.id`           | keyword | Unique identifier of this agent.                                       | `8a4f500d`                         |
+|     | `agent.name`         | keyword | Custom name of the agent.                                              | `foo`                              |
+| \*  | `agent.groups`       | keyword | List of groups the agent belong to.                                    | `["group1", "group2"]`             |
+| \*  | `agent.key`          | keyword | The registration key of the agent.                                     | `BfDbq0PpcLl9iWatJjY1shGvuQ4KXyOR` |
+|     | `agent.type`         | keyword | Type of agent.                                                         | `endpoint`                         |
+|     | `agent.version`      | keyword | Version of the agent.                                                  | `6.0.0-rc2`                        |
+| \*  | `agent.is_connected` | boolean | Agents' interpreted connection status depending on `agent.last_login`. |                                    |
+| \*  | `agent.last_login`   | date    | The last time the agent logged in.                                     | `11/11/2024 00:00:00`              |
+|     | `host.ip`            | ip      | Host IP addresses. Note: this field should contain an array of values. | `["192.168.56.11", "10.54.27.1"]`  |
+|     | `host.os.full`       | keyword | Operating system name, including the version or code name.             | `Mac OS Mojave`                    |
+
+\* Custom field.
+
+### ECS mapping
+
+```yml
+---
+name: agent
+fields:
+  base:
+    fields:
+      tags: []
+  agent:
+    fields:
+      id: {}
+      name: {}
+      type: {}
+      version: {}
+      groups: {}
+      key: {}
+      last_login: {}
+      is_connected: {}
+  host:
+    fields:
+      ip: {}
+      os:
+        fields:
+          full: {}
+```
+
+```yml
+---
+---
+- name: agent
+  title: Wazuh Agents
+  short: Wazuh Inc. custom fields.
+  type: group
+  group: 2
+  fields:
+    - name: groups
+      type: keyword
+      level: custom
+      description: >
+        The groups the agent belongs to.
+    - name: key
+      type: keyword
+      level: custom
+      description: >
+        The agent's registration key.
+    - name: last_login
+      type: date
+      level: custom
+      description: >
+        The agent's last login.
+    - name: is_connected
+      type: boolean
+      level: custom
+      description: >
+        Agents' interpreted connection status depending on `agent.last_login`.
+```
+
+### Index settings
+
+```json
+{
+  "index_patterns": [".agents*"],
+  "priority": 1,
+  "template": {
+    "settings": {
+      "index": {
+        "hidden": true,
+        "number_of_shards": "1",
+        "number_of_replicas": "0",
+        "refresh_interval": "5s",
+        "query.default_field": [
+          "agent.id",
+          "agent.groups",
+          "agent.name",
+          "agent.type",
+          "agent.version",
+          "agent.name",
+          "host.os.full",
+          "host.ip"
+        ]
+      }
+    }
+  }
+}
+```