From 851e043414f9442d57d000b478b3f93555b9a2af Mon Sep 17 00:00:00 2001 From: Fede Galland <99492720+f-galland@users.noreply.github.com> Date: Fri, 15 Nov 2024 14:03:02 -0300 Subject: [PATCH] Migrate event generators for 5.x indices to master (#553) --- ecs/agent/event-generator/event_generator.py | 102 ++++++-- .../event-generator/event_generator.py | 57 +++-- .../event-generator/event_generator.py | 212 ++++++++++++++++ .../event-generator/event_generator.py | 202 +++++++++++++++ .../event-generator/event_generator.py | 194 ++++++++++++++ .../event-generator/event_generator.py | 215 ++++++++++++++++ .../event-generator/event_generator.py | 199 +++++++++++++++ .../event-generator/event_generator.py | 232 +++++++++++++++++ .../event-generator/event_generator.py | 219 ++++++++++++++++ .../event-generator/event_generator.py | 183 ++++++++++++++ .../event-generator/event_generator.py | 238 +++++++++--------- test-tools/.gitignore | 1 + 12 files changed, 1885 insertions(+), 169 deletions(-) create mode 100644 ecs/states-fim/event-generator/event_generator.py create mode 100644 ecs/states-inventory-hardware/event-generator/event_generator.py create mode 100644 ecs/states-inventory-hotfixes/event-generator/event_generator.py create mode 100644 ecs/states-inventory-networks/event-generator/event_generator.py create mode 100644 ecs/states-inventory-packages/event-generator/event_generator.py create mode 100644 ecs/states-inventory-ports/event-generator/event_generator.py create mode 100644 ecs/states-inventory-processes/event-generator/event_generator.py create mode 100644 ecs/states-inventory-system/event-generator/event_generator.py create mode 100644 test-tools/.gitignore diff --git a/ecs/agent/event-generator/event_generator.py b/ecs/agent/event-generator/event_generator.py index f676f0176d444..81f53bf393c5f 100644 --- a/ecs/agent/event-generator/event_generator.py +++ b/ecs/agent/event-generator/event_generator.py @@ -1,22 +1,28 @@ #!/bin/python3 import datetime -import random import json -import requests -import warnings import logging +import random +import requests +import urllib3 # Constants and Configuration LOG_FILE = 'generate_data.log' GENERATED_DATA_FILE = 'generatedData.json' DATE_FORMAT = "%Y-%m-%dT%H:%M:%S.%fZ" +# Default values +INDEX_NAME = ".agents" +USERNAME = "admin" +PASSWORD = "admin" +IP = "127.0.0.1" +PORT = "9200" # Configure logging logging.basicConfig(filename=LOG_FILE, level=logging.INFO) # Suppress warnings -warnings.filterwarnings("ignore") +urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning) def generate_random_date(): @@ -32,22 +38,86 @@ def generate_random_agent(): 'name': f'Agent{random.randint(0, 99)}', 'type': random.choice(['filebeat', 'windows', 'linux', 'macos']), 'version': f'v{random.randint(0, 9)}-stable', - 'is_connected': random.choice([True, False]), + 'status': random.choice(['active', 'inactive']), 'last_login': generate_random_date(), 'groups': [f'group{random.randint(0, 99)}', f'group{random.randint(0, 99)}'], - 'key': f'key{random.randint(0, 999)}' + 'key': f'key{random.randint(0, 999)}', + 'host': generate_random_host() } return agent def generate_random_host(): - family = random.choice(['debian', 'ubuntu', 'macos', 'ios', 'android', 'RHEL']) + family = random.choice( + ['debian', 'ubuntu', 'macos', 'ios', 'android', 'RHEL']) version = f'{random.randint(0, 99)}.{random.randint(0, 99)}' host = { + 'architecture': random.choice(['x86_64', 'arm64']), + 'boot': { + 'id': f'boot{random.randint(0, 9999)}' + }, + 'cpu': { + 'usage': random.uniform(0, 100) + }, + 'disk': { + 'read': { + 'bytes': random.randint(0, 1000000) + }, + 'write': { + 'bytes': random.randint(0, 1000000) + } + }, + 'domain': f'domain{random.randint(0, 999)}', + 'geo': { + 'city_name': random.choice(['San Francisco', 'New York', 'Berlin', 'Tokyo']), + 'continent_code': random.choice(['NA', 'EU', 'AS']), + 'continent_name': random.choice(['North America', 'Europe', 'Asia']), + 'country_iso_code': random.choice(['US', 'DE', 'JP']), + 'country_name': random.choice(['United States', 'Germany', 'Japan']), + 'location': { + 'lat': round(random.uniform(-90.0, 90.0), 6), + 'lon': round(random.uniform(-180.0, 180.0), 6) + }, + 'name': f'geo{random.randint(0, 999)}', + 'postal_code': f'{random.randint(10000, 99999)}', + 'region_iso_code': f'region{random.randint(0, 999)}', + 'region_name': f'Region {random.randint(0, 999)}', + 'timezone': random.choice(['PST', 'EST', 'CET', 'JST']) + }, + 'hostname': f'host{random.randint(0, 9999)}', + 'id': f'hostid{random.randint(0, 9999)}', 'ip': f'{random.randint(1, 255)}.{random.randint(1, 255)}.{random.randint(1, 255)}.{random.randint(1, 255)}', + 'mac': f'{random.randint(0, 255):02x}:{random.randint(0, 255):02x}:{random.randint(0, 255):02x}:{random.randint(0, 255):02x}:{random.randint(0, 255):02x}:{random.randint(0, 255):02x}', + 'name': f'hostname{random.randint(0, 9999)}', + 'network': { + 'egress': { + 'bytes': random.randint(0, 1000000), + 'packets': random.randint(0, 1000000) + }, + 'ingress': { + 'bytes': random.randint(0, 1000000), + 'packets': random.randint(0, 1000000) + } + }, 'os': { + 'family': family, 'full': f'{family} {version}', - } + 'kernel': f'kernel{random.randint(0, 999)}', + 'name': family, + 'platform': random.choice(['linux', 'windows', 'macos']), + 'type': family, + 'version': version + }, + 'pid_ns_ino': f'{random.randint(1000000, 9999999)}', + 'risk': { + 'calculated_level': random.choice(['low', 'medium', 'high']), + 'calculated_score': random.uniform(0, 100), + 'calculated_score_norm': random.uniform(0, 1), + 'static_level': random.choice(['low', 'medium', 'high']), + 'static_score': random.uniform(0, 100), + 'static_score_norm': random.uniform(0, 1) + }, + 'uptime': random.randint(0, 1000000) } return host @@ -56,8 +126,7 @@ def generate_random_data(number): data = [] for _ in range(number): event_data = { - 'agent': generate_random_agent(), - 'host': generate_random_host(), + 'agent': generate_random_agent() } data.append(event_data) return data @@ -99,14 +168,13 @@ def main(): logging.info('Data generation completed.') - inject = input( - "Do you want to inject the generated data into your indexer? (y/n) ").strip().lower() + inject = input("Do you want to inject the generated data into your indexer? (y/n) ").strip().lower() if inject == 'y': - ip = input("Enter the IP of your Indexer: ") - port = input("Enter the port of your Indexer: ") - index = input("Enter the index name: ") - username = input("Username: ") - password = input("Password: ") + ip = input(f"Enter the IP of your Indexer (default: '{IP}'): ") or IP + port = input(f"Enter the port of your Indexer (default: '{PORT}'): ") or PORT + index = input(f"Enter the index name (default: '{INDEX_NAME}'): ") or INDEX_NAME + username = input(f"Username (default: '{USERNAME}'): ") or USERNAME + password = input(f"Password (default: '{PASSWORD}'): ") or PASSWORD inject_events(ip, port, index, username, password, data) diff --git a/ecs/command/event-generator/event_generator.py b/ecs/command/event-generator/event_generator.py index f8bafa11f0921..7a214bcc16264 100644 --- a/ecs/command/event-generator/event_generator.py +++ b/ecs/command/event-generator/event_generator.py @@ -1,39 +1,43 @@ #!/bin/python3 -import random +import argparse import json -import requests -import warnings import logging -import argparse +import random +import requests +import urllib3 import uuid LOG_FILE = 'generate_data.log' GENERATED_DATA_FILE = 'generatedData.json' +# Default values +INDEX_NAME = ".commands" +USERNAME = "admin" +PASSWORD = "admin" +IP = "127.0.0.1" +PORT = "9200" # Configure logging logging.basicConfig(filename=LOG_FILE, level=logging.INFO) # Suppress warnings -warnings.filterwarnings("ignore") +urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning) def generate_random_command(include_all_fields=False): document = { - "command": { - "source": random.choice(["Users/Services", "Engine", "Content manager"]), - "user": f"user{random.randint(1, 100)}", - "target": { - "id": f"target{random.randint(1, 10)}", - "type": random.choice(["agent", "group", "server"]) - }, - "action": { - "name": random.choice(["restart", "update", "change_group", "apply_policy"]), - "args": [f"/path/to/executable/arg{random.randint(1, 10)}"], - "version": f"v{random.randint(1, 5)}" - }, - "timeout": random.randint(10, 100) - } + "source": random.choice(["Users/Services", "Engine", "Content manager"]), + "user": f"user{random.randint(1, 100)}", + "target": { + "id": f"target{random.randint(1, 10)}", + "type": random.choice(["agent", "group", "server"]) + }, + "action": { + "name": random.choice(["restart", "update", "change_group", "apply_policy"]), + "args": [f"/path/to/executable/arg{random.randint(1, 10)}"], + "version": f"v{random.randint(1, 5)}" + }, + "timeout": random.randint(10, 100) } if include_all_fields: @@ -73,8 +77,7 @@ def inject_events(ip, port, index, username, password, data, use_index=False): url = f'https://{ip}:{port}/{index}/_doc/{doc_id}' else: # Default URL for command manager API without the index - url = f'https://{ip}:{port}/_plugins/_commandmanager' - + url = f'https://{ip}:{port}/_plugins/_command_manager/commands' response = session.post(url, json=event_data, headers=headers) if response.status_code != 201: logging.error(f'Error: {response.status_code}') @@ -116,19 +119,19 @@ def main(): "Do you want to inject the generated data into your indexer/command manager? (y/n) " ).strip().lower() if inject == 'y': - ip = input("Enter the IP of your Indexer: ") - port = input("Enter the port of your Indexer: ") + ip = input(f"Enter the IP of your Indexer (default: '{IP}'): ") or IP + port = input(f"Enter the port of your Indexer (default: '{PORT}'): ") or PORT if args.index: - index = input("Enter the index name: ") + index = input(f"Enter the index name (default: '{INDEX_NAME}'): ") or INDEX_NAME else: index = None - username = input("Username: ") - password = input("Password: ") + username = input(f"Username (default: '{USERNAME}'): ") or USERNAME + password = input(f"Password (default: '{PASSWORD}'): ") or PASSWORD inject_events(ip, port, index, username, password, - data, use_index=args.index) + data, use_index=bool(args.index)) if __name__ == "__main__": diff --git a/ecs/states-fim/event-generator/event_generator.py b/ecs/states-fim/event-generator/event_generator.py new file mode 100644 index 0000000000000..9c733c286bd43 --- /dev/null +++ b/ecs/states-fim/event-generator/event_generator.py @@ -0,0 +1,212 @@ +#!/bin/python3 + +import datetime +import json +import logging +import random +import requests +import urllib3 + +# Constants and Configuration +LOG_FILE = 'generate_data.log' +GENERATED_DATA_FILE = 'generatedData.json' +DATE_FORMAT = "%Y-%m-%dT%H:%M:%S.%fZ" +# Default values +INDEX_NAME = "wazuh-states-fim" +USERNAME = "admin" +PASSWORD = "admin" +IP = "127.0.0.1" +PORT = "9200" + +# Configure logging +logging.basicConfig(filename=LOG_FILE, level=logging.INFO) + +# Suppress warnings +urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning) + + +def generate_random_date(): + start_date = datetime.datetime.now() + end_date = start_date - datetime.timedelta(days=10) + random_date = start_date + (end_date - start_date) * random.random() + return random_date.strftime(DATE_FORMAT) + + +def generate_random_agent(): + agent = { + 'id': f'agent{random.randint(0, 99)}', + 'name': f'Agent{random.randint(0, 99)}', + 'type': random.choice(['filebeat', 'windows', 'linux', 'macos']), + 'version': f'v{random.randint(0, 9)}-stable', + 'groups': [f'group{random.randint(0, 99)}', f'group{random.randint(0, 99)}'], + 'host': generate_random_host() + } + return agent + + +def generate_random_host(): + host = { + 'architecture': random.choice(['x86_64', 'arm64']), + 'boot': { + 'id': f'bootid{random.randint(0, 9999)}' + }, + 'cpu': { + 'usage': random.uniform(0, 100) + }, + 'disk': { + 'read': { + 'bytes': random.randint(1000, 1000000) + }, + 'write': { + 'bytes': random.randint(1000, 1000000) + } + }, + 'domain': f'domain{random.randint(0, 1000)}', + 'geo': { + 'city_name': 'CityName', + 'continent_code': 'NA', + 'continent_name': 'North America', + 'country_iso_code': 'US', + 'country_name': 'United States', + 'location': { + 'lat': round(random.uniform(-90, 90), 6), + 'lon': round(random.uniform(-180, 180), 6) + }, + 'name': f'hostname{random.randint(0, 999)}', + 'postal_code': f'{random.randint(10000, 99999)}', + 'region_iso_code': 'US-CA', + 'region_name': 'California', + 'timezone': 'America/Los_Angeles' + }, + 'hostname': f'host{random.randint(0, 1000)}', + 'id': f'id{random.randint(0, 1000)}', + 'ip': f'{random.randint(1, 255)}.{random.randint(0, 255)}.{random.randint(0, 255)}.{random.randint(0, 255)}', + 'mac': f'{random.randint(0, 255):02x}:{random.randint(0, 255):02x}:{random.randint(0, 255):02x}:{random.randint(0, 255):02x}:{random.randint(0, 255):02x}:{random.randint(0, 255):02x}', + 'name': f'host{random.randint(0, 1000)}', + 'network': { + 'egress': { + 'bytes': random.randint(1000, 1000000), + 'packets': random.randint(100, 10000) + }, + 'ingress': { + 'bytes': random.randint(1000, 1000000), + 'packets': random.randint(100, 10000) + } + }, + 'os': { + 'family': random.choice(['debian', 'ubuntu', 'macos', 'ios', 'android', 'RHEL']), + 'full': f'{random.choice(["debian", "ubuntu", "macos", "ios", "android", "RHEL"])} {random.randint(0, 99)}.{random.randint(0, 99)}', + 'kernel': f'{random.randint(0, 9)}.{random.randint(0, 9)}.{random.randint(0, 9)}', + 'name': random.choice(['Linux', 'Windows', 'macOS']), + 'platform': random.choice(['platform1', 'platform2']), + 'type': random.choice(['os_type1', 'os_type2']), + 'version': f'{random.randint(0, 9)}.{random.randint(0, 9)}.{random.randint(0, 9)}' + }, + 'pid_ns_ino': f'pid_ns{random.randint(0, 9999)}', + 'risk': { + 'calculated_level': random.choice(['low', 'medium', 'high']), + 'calculated_score': random.uniform(0, 10), + 'calculated_score_norm': random.uniform(0, 1), + 'static_level': random.choice(['low', 'medium', 'high']), + 'static_score': random.uniform(0, 10), + 'static_score_norm': random.uniform(0, 1) + }, + 'type': random.choice(['type1', 'type2']), + 'uptime': random.randint(1000, 1000000) + } + return host + + +def generate_random_file(): + file = { + 'attributes': random.choice(['attribute1', 'attribute2']), + 'gid': f'gid{random.randint(0, 1000)}', + 'group': f'group{random.randint(0, 1000)}', + 'hash': { + 'md5': f'{random.randint(0, 9999)}', + 'sha1': f'{random.randint(0, 9999)}', + 'sha256': f'{random.randint(0, 9999)}' + }, + 'inode': f'inode{random.randint(0, 1000)}', + 'mode': f'mode{random.randint(0, 1000)}', + 'mtime': generate_random_date(), + 'name': f'name{random.randint(0, 1000)}', + 'owner': f'owner{random.randint(0, 1000)}', + 'path': f'/path/to/file', + 'size': random.randint(1000, 1000000), + 'target_path': f'/path/to/target{random.randint(0, 1000)}', + 'type': random.choice(['file_type1', 'file_type2']), + 'uid': f'uid{random.randint(0, 1000)}' + } + return file + + +def generate_random_registry(): + registry = { + 'key': f'registry_key{random.randint(0, 1000)}', + 'value': f'registry_value{random.randint(0, 1000)}' + } + return registry + + +def generate_random_data(number): + data = [] + for _ in range(number): + event_data = { + 'agent': generate_random_agent(), + 'file': generate_random_file(), + 'host': generate_random_host(), + 'registry': generate_random_registry() + } + data.append(event_data) + return data + + +def inject_events(ip, port, index, username, password, data): + url = f'https://{ip}:{port}/{index}/_doc' + session = requests.Session() + session.auth = (username, password) + session.verify = False + headers = {'Content-Type': 'application/json'} + + try: + for event_data in data: + response = session.post(url, json=event_data, headers=headers) + if response.status_code != 201: + logging.error(f'Error: {response.status_code}') + logging.error(response.text) + break + logging.info('Data injection completed successfully.') + except Exception as e: + logging.error(f'Error: {str(e)}') + + +def main(): + try: + number = int(input("How many events do you want to generate? ")) + except ValueError: + logging.error("Invalid input. Please enter a valid number.") + return + + logging.info(f"Generating {number} events...") + data = generate_random_data(number) + + with open(GENERATED_DATA_FILE, 'a') as outfile: + for event_data in data: + json.dump(event_data, outfile) + outfile.write('\n') + + logging.info('Data generation completed.') + + inject = input("Do you want to inject the generated data into your indexer? (y/n) ").strip().lower() + if inject == 'y': + ip = input(f"Enter the IP of your Indexer (default: '{IP}'): ") or IP + port = input(f"Enter the port of your Indexer (default: '{PORT}'): ") or PORT + index = input(f"Enter the index name (default: '{INDEX_NAME}'): ") or INDEX_NAME + username = input(f"Username (default: '{USERNAME}'): ") or USERNAME + password = input(f"Password (default: '{PASSWORD}'): ") or PASSWORD + inject_events(ip, port, index, username, password, data) + + +if __name__ == "__main__": + main() diff --git a/ecs/states-inventory-hardware/event-generator/event_generator.py b/ecs/states-inventory-hardware/event-generator/event_generator.py new file mode 100644 index 0000000000000..779272592da66 --- /dev/null +++ b/ecs/states-inventory-hardware/event-generator/event_generator.py @@ -0,0 +1,202 @@ +#!/bin/python3 + +import datetime +import json +import logging +import random +import requests +import urllib3 + +# Constants and Configuration +LOG_FILE = 'generate_data.log' +GENERATED_DATA_FILE = 'generatedData.json' +DATE_FORMAT = "%Y-%m-%dT%H:%M:%S.%fZ" +# Default values +INDEX_NAME = "wazuh-states-inventory-hardware" +USERNAME = "admin" +PASSWORD = "admin" +IP = "127.0.0.1" +PORT = "9200" + +# Configure logging +logging.basicConfig(filename=LOG_FILE, level=logging.INFO) + +# Suppress warnings +urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning) + + +def generate_random_date(): + start_date = datetime.datetime.now() + end_date = start_date - datetime.timedelta(days=10) + random_date = start_date + (end_date - start_date) * random.random() + return random_date.strftime(DATE_FORMAT) + + +def generate_random_agent(): + agent = { + 'id': f'agent{random.randint(0, 99)}', + 'name': f'Agent{random.randint(0, 99)}', + 'type': random.choice(['filebeat', 'windows', 'linux', 'macos']), + 'version': f'v{random.randint(0, 9)}-stable', + 'groups': [f'group{random.randint(0, 99)}', f'group{random.randint(0, 99)}'], + 'host': generate_random_host() + } + return agent + + +def generate_random_host(): + host = { + 'architecture': random.choice(['x86_64', 'arm64']), + 'boot': { + 'id': f'bootid{random.randint(0, 9999)}' + }, + 'cpu': { + 'cores': random.randint(1, 16), + 'name': f'CPU{random.randint(1, 999)}', + 'speed': random.randint(1000, 5000), + 'usage': random.uniform(0, 100) + }, + 'disk': { + 'read': { + 'bytes': random.randint(1000, 1000000) + }, + 'write': { + 'bytes': random.randint(1000, 1000000) + } + }, + 'domain': f'domain{random.randint(0, 1000)}', + 'geo': generate_random_geo(), + 'hostname': f'host{random.randint(0, 1000)}', + 'id': f'id{random.randint(0, 1000)}', + 'ip': f'{random.randint(1, 255)}.{random.randint(0, 255)}.{random.randint(0, 255)}.{random.randint(0, 255)}', + 'mac': f'{random.randint(0, 255):02x}:{random.randint(0, 255):02x}:{random.randint(0, 255):02x}:{random.randint(0, 255):02x}:{random.randint(0, 255):02x}:{random.randint(0, 255):02x}', + 'memory': { + 'free': random.randint(1000, 100000), + 'total': random.randint(1000, 100000), + 'used': { + 'percentage': random.uniform(0, 100) + } + }, + 'name': f'host{random.randint(0, 1000)}', + 'network': { + 'egress': { + 'bytes': random.randint(1000, 1000000), + 'packets': random.randint(100, 10000) + }, + 'ingress': { + 'bytes': random.randint(1000, 1000000), + 'packets': random.randint(100, 10000) + } + }, + 'os': { + 'family': random.choice(['debian', 'ubuntu', 'macos', 'ios', 'android', 'RHEL']), + 'full': f'{random.choice(["debian", "ubuntu", "macos", "ios", "android", "RHEL"])} {random.randint(0, 99)}.{random.randint(0, 99)}', + 'kernel': f'{random.randint(0, 9)}.{random.randint(0, 9)}.{random.randint(0, 9)}', + 'name': random.choice(['Linux', 'Windows', 'macOS']), + 'platform': random.choice(['platform1', 'platform2']), + 'type': random.choice(['os_type1', 'os_type2']), + 'version': f'{random.randint(0, 9)}.{random.randint(0, 9)}.{random.randint(0, 9)}' + }, + 'pid_ns_ino': f'pid_ns{random.randint(0, 9999)}', + 'risk': { + 'calculated_level': random.choice(['low', 'medium', 'high']), + 'calculated_score': random.uniform(0, 10), + 'calculated_score_norm': random.uniform(0, 1), + 'static_level': random.choice(['low', 'medium', 'high']), + 'static_score': random.uniform(0, 10), + 'static_score_norm': random.uniform(0, 1) + }, + 'type': random.choice(['type1', 'type2']), + 'uptime': random.randint(1000, 1000000) + } + return host + + +def generate_random_geo(): + geo = { + 'city_name': 'CityName', + 'continent_code': 'NA', + 'continent_name': 'North America', + 'country_iso_code': 'US', + 'country_name': 'United States', + 'location': { + 'lat': round(random.uniform(-90, 90), 6), + 'lon': round(random.uniform(-180, 180), 6) + }, + 'name': f'location{random.randint(0, 999)}', + 'postal_code': f'{random.randint(10000, 99999)}', + 'region_iso_code': 'US-CA', + 'region_name': 'California', + 'timezone': 'America/Los_Angeles' + } + return geo + + +def generate_random_observer(): + observer = { + 'serial_number': f'serial{random.randint(0, 9999)}' + } + return observer + + +def generate_random_data(number): + data = [] + for _ in range(number): + event_data = { + '@timestamp': generate_random_date(), + 'agent': generate_random_agent(), + 'host': generate_random_host(), + 'observer': generate_random_observer() + } + data.append(event_data) + return data + + +def inject_events(ip, port, index, username, password, data): + url = f'https://{ip}:{port}/{index}/_doc' + session = requests.Session() + session.auth = (username, password) + session.verify = False + headers = {'Content-Type': 'application/json'} + + try: + for event_data in data: + response = session.post(url, json=event_data, headers=headers) + if response.status_code != 201: + logging.error(f'Error: {response.status_code}') + logging.error(response.text) + break + logging.info('Data injection completed successfully.') + except Exception as e: + logging.error(f'Error: {str(e)}') + + +def main(): + try: + number = int(input("How many events do you want to generate? ")) + except ValueError: + logging.error("Invalid input. Please enter a valid number.") + return + + logging.info(f"Generating {number} events...") + data = generate_random_data(number) + + with open(GENERATED_DATA_FILE, 'a') as outfile: + for event_data in data: + json.dump(event_data, outfile) + outfile.write('\n') + + logging.info('Data generation completed.') + + inject = input("Do you want to inject the generated data into your indexer? (y/n) ").strip().lower() + if inject == 'y': + ip = input(f"Enter the IP of your Indexer (default: '{IP}'): ") or IP + port = input(f"Enter the port of your Indexer (default: '{PORT}'): ") or PORT + index = input(f"Enter the index name (default: '{INDEX_NAME}'): ") or INDEX_NAME + username = input(f"Username (default: '{USERNAME}'): ") or USERNAME + password = input(f"Password (default: '{PASSWORD}'): ") or PASSWORD + inject_events(ip, port, index, username, password, data) + + +if __name__ == "__main__": + main() diff --git a/ecs/states-inventory-hotfixes/event-generator/event_generator.py b/ecs/states-inventory-hotfixes/event-generator/event_generator.py new file mode 100644 index 0000000000000..88cfdd0c76d82 --- /dev/null +++ b/ecs/states-inventory-hotfixes/event-generator/event_generator.py @@ -0,0 +1,194 @@ +#!/bin/python3 + +import datetime +import json +import logging +import random +import requests +import urllib3 + +# Constants and Configuration +LOG_FILE = 'generate_data.log' +GENERATED_DATA_FILE = 'generatedData.json' +DATE_FORMAT = "%Y-%m-%dT%H:%M:%S.%fZ" +# Default values +INDEX_NAME = "wazuh-states-inventory-hotfixes" +USERNAME = "admin" +PASSWORD = "admin" +IP = "127.0.0.1" +PORT = "9200" + +# Configure logging +logging.basicConfig(filename=LOG_FILE, level=logging.INFO) + +# Suppress warnings +urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning) + + +def generate_random_date(): + start_date = datetime.datetime.now() + end_date = start_date - datetime.timedelta(days=10) + random_date = start_date + (end_date - start_date) * random.random() + return random_date.strftime(DATE_FORMAT) + + +def generate_random_agent(): + agent = { + 'id': f'agent{random.randint(0, 99)}', + 'name': f'Agent{random.randint(0, 99)}', + 'type': random.choice(['filebeat', 'windows', 'linux', 'macos']), + 'version': f'v{random.randint(0, 9)}-stable', + 'groups': [f'group{random.randint(0, 99)}', f'group{random.randint(0, 99)}'], + 'host': generate_random_host() + } + return agent + + +def generate_random_host(): + host = { + 'architecture': random.choice(['x86_64', 'arm64']), + 'boot': { + 'id': f'bootid{random.randint(0, 9999)}' + }, + 'cpu': { + 'usage': random.uniform(0, 100) + }, + 'disk': { + 'read': { + 'bytes': random.randint(1000, 1000000) + }, + 'write': { + 'bytes': random.randint(1000, 1000000) + } + }, + 'domain': f'domain{random.randint(0, 1000)}', + 'geo': generate_random_geo(), + 'hostname': f'host{random.randint(0, 1000)}', + 'id': f'id{random.randint(0, 1000)}', + 'ip': f'{random.randint(1, 255)}.{random.randint(0, 255)}.{random.randint(0, 255)}.{random.randint(0, 255)}', + 'mac': f'{random.randint(0, 255):02x}:{random.randint(0, 255):02x}:{random.randint(0, 255):02x}:{random.randint(0, 255):02x}:{random.randint(0, 255):02x}:{random.randint(0, 255):02x}', + 'name': f'host{random.randint(0, 1000)}', + 'network': { + 'egress': { + 'bytes': random.randint(1000, 1000000), + 'packets': random.randint(100, 10000) + }, + 'ingress': { + 'bytes': random.randint(1000, 1000000), + 'packets': random.randint(100, 10000) + } + }, + 'os': { + 'family': random.choice(['debian', 'ubuntu', 'macos', 'ios', 'android', 'RHEL']), + 'full': f'{random.choice(["debian", "ubuntu", "macos", "ios", "android", "RHEL"])} {random.randint(0, 99)}.{random.randint(0, 99)}', + 'kernel': f'{random.randint(0, 9)}.{random.randint(0, 9)}.{random.randint(0, 9)}', + 'name': random.choice(['Linux', 'Windows', 'macOS']), + 'platform': random.choice(['platform1', 'platform2']), + 'type': random.choice(['os_type1', 'os_type2']), + 'version': f'{random.randint(0, 9)}.{random.randint(0, 9)}.{random.randint(0, 9)}' + }, + 'pid_ns_ino': f'pid_ns{random.randint(0, 9999)}', + 'risk': { + 'calculated_level': random.choice(['low', 'medium', 'high']), + 'calculated_score': random.uniform(0, 10), + 'calculated_score_norm': random.uniform(0, 1), + 'static_level': random.choice(['low', 'medium', 'high']), + 'static_score': random.uniform(0, 10), + 'static_score_norm': random.uniform(0, 1) + }, + 'type': random.choice(['type1', 'type2']), + 'uptime': random.randint(1000, 1000000) + } + return host + + +def generate_random_geo(): + geo = { + 'city_name': 'CityName', + 'continent_code': 'NA', + 'continent_name': 'North America', + 'country_iso_code': 'US', + 'country_name': 'United States', + 'location': { + 'lat': round(random.uniform(-90, 90), 6), + 'lon': round(random.uniform(-180, 180), 6) + }, + 'name': f'location{random.randint(0, 999)}', + 'postal_code': f'{random.randint(10000, 99999)}', + 'region_iso_code': 'US-CA', + 'region_name': 'California', + 'timezone': 'America/Los_Angeles' + } + return geo + + +def generate_random_package(): + package = { + 'hotfix': { + 'name': f'hotfix{random.randint(0, 9999)}' + } + } + return package + + +def generate_random_data(number): + data = [] + for _ in range(number): + event_data = { + '@timestamp': generate_random_date(), + 'agent': generate_random_agent(), + 'host': generate_random_host(), + 'package': generate_random_package() + } + data.append(event_data) + return data + + +def inject_events(ip, port, index, username, password, data): + url = f'https://{ip}:{port}/{index}/_doc' + session = requests.Session() + session.auth = (username, password) + session.verify = False + headers = {'Content-Type': 'application/json'} + + try: + for event_data in data: + response = session.post(url, json=event_data, headers=headers) + if response.status_code != 201: + logging.error(f'Error: {response.status_code}') + logging.error(response.text) + break + logging.info('Data injection completed successfully.') + except Exception as e: + logging.error(f'Error: {str(e)}') + + +def main(): + try: + number = int(input("How many events do you want to generate? ")) + except ValueError: + logging.error("Invalid input. Please enter a valid number.") + return + + logging.info(f"Generating {number} events...") + data = generate_random_data(number) + + with open(GENERATED_DATA_FILE, 'a') as outfile: + for event_data in data: + json.dump(event_data, outfile) + outfile.write('\n') + + logging.info('Data generation completed.') + + inject = input("Do you want to inject the generated data into your indexer? (y/n) ").strip().lower() + if inject == 'y': + ip = input(f"Enter the IP of your Indexer (default: '{IP}'): ") or IP + port = input(f"Enter the port of your Indexer (default: '{PORT}'): ") or PORT + index = input(f"Enter the index name (default: '{INDEX_NAME}'): ") or INDEX_NAME + username = input(f"Username (default: '{USERNAME}'): ") or USERNAME + password = input(f"Password (default: '{PASSWORD}'): ") or PASSWORD + inject_events(ip, port, index, username, password, data) + + +if __name__ == "__main__": + main() diff --git a/ecs/states-inventory-networks/event-generator/event_generator.py b/ecs/states-inventory-networks/event-generator/event_generator.py new file mode 100644 index 0000000000000..c9ec2c2fd363f --- /dev/null +++ b/ecs/states-inventory-networks/event-generator/event_generator.py @@ -0,0 +1,215 @@ +#!/bin/python3 + +import datetime +import json +import logging +import random +import requests +import urllib3 + +# Constants and Configuration +LOG_FILE = 'generate_data.log' +GENERATED_DATA_FILE = 'generatedData.json' +DATE_FORMAT = "%Y-%m-%dT%H:%M:%S.%fZ" +# Default values +INDEX_NAME = "wazuh-states-inventory-networks" +USERNAME = "admin" +PASSWORD = "admin" +IP = "127.0.0.1" +PORT = "9200" + +# Configure logging +logging.basicConfig(filename=LOG_FILE, level=logging.INFO) + +# Suppress warnings +urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning) + + +def generate_random_date(): + start_date = datetime.datetime.now() + end_date = start_date - datetime.timedelta(days=10) + random_date = start_date + (end_date - start_date) * random.random() + return random_date.strftime(DATE_FORMAT) + + +def generate_random_agent(): + agent = { + 'id': f'agent{random.randint(0, 99)}', + 'name': f'Agent{random.randint(0, 99)}', + 'type': random.choice(['filebeat', 'windows', 'linux', 'macos']), + 'version': f'v{random.randint(0, 9)}-stable', + 'groups': [f'group{random.randint(0, 99)}', f'group{random.randint(0, 99)}'], + 'host': generate_random_host() + } + return agent + + +def generate_random_host(): + host = { + 'architecture': random.choice(['x86_64', 'arm64']), + 'boot': { + 'id': f'bootid{random.randint(0, 9999)}' + }, + 'cpu': { + 'usage': random.uniform(0, 100) + }, + 'disk': { + 'read': { + 'bytes': random.randint(1000, 1000000) + }, + 'write': { + 'bytes': random.randint(1000, 1000000) + } + }, + 'domain': f'domain{random.randint(0, 1000)}', + 'geo': generate_random_geo(), + 'hostname': f'host{random.randint(0, 1000)}', + 'id': f'id{random.randint(0, 1000)}', + 'ip': f'{random.randint(1, 255)}.{random.randint(0, 255)}.{random.randint(0, 255)}.{random.randint(0, 255)}', + 'mac': f'{random.randint(0, 255):02x}:{random.randint(0, 255):02x}:{random.randint(0, 255):02x}:{random.randint(0, 255):02x}:{random.randint(0, 255):02x}:{random.randint(0, 255):02x}', + 'name': f'host{random.randint(0, 1000)}', + 'network': { + 'egress': { + 'bytes': random.randint(1000, 1000000), + 'drops': random.randint(0, 100), + 'errors': random.randint(0, 100), + 'packets': random.randint(100, 10000) + }, + 'ingress': { + 'bytes': random.randint(1000, 1000000), + 'drops': random.randint(0, 100), + 'errors': random.randint(0, 100), + 'packets': random.randint(100, 10000) + } + }, + 'os': { + 'family': random.choice(['debian', 'ubuntu', 'macos', 'ios', 'android', 'RHEL']), + 'full': f'{random.choice(["debian", "ubuntu", "macos", "ios", "android", "RHEL"])} {random.randint(0, 99)}.{random.randint(0, 99)}', + 'kernel': f'{random.randint(0, 9)}.{random.randint(0, 9)}.{random.randint(0, 9)}', + 'name': random.choice(['Linux', 'Windows', 'macOS']), + 'platform': random.choice(['platform1', 'platform2']), + 'type': random.choice(['os_type1', 'os_type2']), + 'version': f'{random.randint(0, 9)}.{random.randint(0, 9)}.{random.randint(0, 9)}' + }, + 'pid_ns_ino': f'pid_ns{random.randint(0, 9999)}', + 'risk': { + 'calculated_level': random.choice(['low', 'medium', 'high']), + 'calculated_score': random.uniform(0, 10), + 'calculated_score_norm': random.uniform(0, 1), + 'static_level': random.choice(['low', 'medium', 'high']), + 'static_score': random.uniform(0, 10), + 'static_score_norm': random.uniform(0, 1) + }, + 'type': random.choice(['type1', 'type2']), + 'uptime': random.randint(1000, 1000000) + } + return host + + +def generate_random_geo(): + geo = { + 'city_name': 'CityName', + 'continent_code': 'NA', + 'continent_name': 'North America', + 'country_iso_code': 'US', + 'country_name': 'United States', + 'location': { + 'lat': round(random.uniform(-90, 90), 6), + 'lon': round(random.uniform(-180, 180), 6) + }, + 'name': f'location{random.randint(0, 999)}', + 'postal_code': f'{random.randint(10000, 99999)}', + 'region_iso_code': 'US-CA', + 'region_name': 'California', + 'timezone': 'America/Los_Angeles' + } + return geo + + +def generate_random_network(): + network = { + 'broadcast': f'{random.randint(1, 255)}.{random.randint(0, 255)}.{random.randint(0, 255)}.{random.randint(0, 255)}', + 'dhcp': f'dhcp{random.randint(0, 9999)}', + 'gateway': f'{random.randint(1, 255)}.{random.randint(0, 255)}.{random.randint(0, 255)}.{random.randint(0, 255)}', + 'metric': random.randint(1, 100), + 'netmask': f'{random.randint(1, 255)}.{random.randint(0, 255)}.{random.randint(0, 255)}.{random.randint(0, 255)}', + 'protocol': random.choice(['TCP', 'UDP', 'ICMP']), + 'type': random.choice(['wired', 'wireless']) + } + return network + + +def generate_random_observer(): + observer = { + 'ingress': { + 'interface': { + 'alias': f'alias{random.randint(0, 9999)}', + 'name': f'name{random.randint(0, 9999)}' + } + } + } + return observer + + +def generate_random_data(number): + data = [] + for _ in range(number): + event_data = { + '@timestamp': generate_random_date(), + 'agent': generate_random_agent(), + 'host': generate_random_host(), + 'network': generate_random_network(), + 'observer': generate_random_observer() + } + data.append(event_data) + return data + + +def inject_events(ip, port, index, username, password, data): + url = f'https://{ip}:{port}/{index}/_doc' + session = requests.Session() + session.auth = (username, password) + session.verify = False + headers = {'Content-Type': 'application/json'} + + try: + for event_data in data: + response = session.post(url, json=event_data, headers=headers) + if response.status_code != 201: + logging.error(f'Error: {response.status_code}') + logging.error(response.text) + break + logging.info('Data injection completed successfully.') + except Exception as e: + logging.error(f'Error: {str(e)}') + + +def main(): + try: + number = int(input("How many events do you want to generate? ")) + except ValueError: + logging.error("Invalid input. Please enter a valid number.") + return + + logging.info(f"Generating {number} events...") + data = generate_random_data(number) + + with open(GENERATED_DATA_FILE, 'a') as outfile: + for event_data in data: + json.dump(event_data, outfile) + outfile.write('\n') + + logging.info('Data generation completed.') + + inject = input("Do you want to inject the generated data into your indexer? (y/n) ").strip().lower() + if inject == 'y': + ip = input(f"Enter the IP of your Indexer (default: '{IP}'): ") or IP + port = input(f"Enter the port of your Indexer (default: '{PORT}'): ") or PORT + index = input(f"Enter the index name (default: '{INDEX_NAME}'): ") or INDEX_NAME + username = input(f"Username (default: '{USERNAME}'): ") or USERNAME + password = input(f"Password (default: '{PASSWORD}'): ") or PASSWORD + inject_events(ip, port, index, username, password, data) + + +if __name__ == "__main__": + main() diff --git a/ecs/states-inventory-packages/event-generator/event_generator.py b/ecs/states-inventory-packages/event-generator/event_generator.py new file mode 100644 index 0000000000000..fda9227d7c826 --- /dev/null +++ b/ecs/states-inventory-packages/event-generator/event_generator.py @@ -0,0 +1,199 @@ +#!/bin/python3 + +import datetime +import json +import logging +import random +import requests +import urllib3 + +# Constants and Configuration +LOG_FILE = 'generate_data.log' +GENERATED_DATA_FILE = 'generatedData.json' +DATE_FORMAT = "%Y-%m-%dT%H:%M:%S.%fZ" +# Default values +INDEX_NAME = "wazuh-states-inventory-packages" +USERNAME = "admin" +PASSWORD = "admin" +IP = "127.0.0.1" +PORT = "9200" + +# Configure logging +logging.basicConfig(filename=LOG_FILE, level=logging.INFO) + +# Suppress warnings +urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning) + + +def generate_random_date(): + start_date = datetime.datetime.now() + end_date = start_date - datetime.timedelta(days=10) + random_date = start_date + (end_date - start_date) * random.random() + return random_date.strftime(DATE_FORMAT) + + +def generate_random_agent(): + agent = { + 'id': f'agent{random.randint(0, 99)}', + 'name': f'Agent{random.randint(0, 99)}', + 'type': random.choice(['filebeat', 'windows', 'linux', 'macos']), + 'version': f'v{random.randint(0, 9)}-stable', + 'groups': [f'group{random.randint(0, 99)}', f'group{random.randint(0, 99)}'], + 'host': generate_random_host() + } + return agent + + +def generate_random_host(): + host = { + 'architecture': random.choice(['x86_64', 'arm64']), + 'boot': { + 'id': f'bootid{random.randint(0, 9999)}' + }, + 'cpu': { + 'usage': random.uniform(0, 100) + }, + 'disk': { + 'read': { + 'bytes': random.randint(1000, 1000000) + }, + 'write': { + 'bytes': random.randint(1000, 1000000) + } + }, + 'domain': f'domain{random.randint(0, 1000)}', + 'geo': generate_random_geo(), + 'hostname': f'host{random.randint(0, 1000)}', + 'id': f'id{random.randint(0, 1000)}', + 'ip': f'{random.randint(1, 255)}.{random.randint(0, 255)}.{random.randint(0, 255)}.{random.randint(0, 255)}', + 'mac': f'{random.randint(0, 255):02x}:{random.randint(0, 255):02x}:{random.randint(0, 255):02x}:{random.randint(0, 255):02x}:{random.randint(0, 255):02x}:{random.randint(0, 255):02x}', + 'name': f'host{random.randint(0, 1000)}', + 'network': { + 'egress': { + 'bytes': random.randint(1000, 1000000), + 'packets': random.randint(100, 10000) + }, + 'ingress': { + 'bytes': random.randint(1000, 1000000), + 'packets': random.randint(100, 10000) + } + }, + 'os': { + 'family': random.choice(['debian', 'ubuntu', 'macos', 'ios', 'android', 'RHEL']), + 'full': f'{random.choice(["debian", "ubuntu", "macos", "ios", "android", "RHEL"])} {random.randint(0, 99)}.{random.randint(0, 99)}', + 'kernel': f'{random.randint(0, 9)}.{random.randint(0, 9)}.{random.randint(0, 9)}', + 'name': random.choice(['Linux', 'Windows', 'macOS']), + 'platform': random.choice(['platform1', 'platform2']), + 'type': random.choice(['os_type1', 'os_type2']), + 'version': f'{random.randint(0, 9)}.{random.randint(0, 9)}.{random.randint(0, 9)}' + }, + 'pid_ns_ino': f'pid_ns{random.randint(0, 9999)}', + 'risk': { + 'calculated_level': random.choice(['low', 'medium', 'high']), + 'calculated_score': random.uniform(0, 10), + 'calculated_score_norm': random.uniform(0, 1), + 'static_level': random.choice(['low', 'medium', 'high']), + 'static_score': random.uniform(0, 10), + 'static_score_norm': random.uniform(0, 1) + }, + 'type': random.choice(['type1', 'type2']), + 'uptime': random.randint(1000, 1000000) + } + return host + + +def generate_random_geo(): + geo = { + 'city_name': 'CityName', + 'continent_code': 'NA', + 'continent_name': 'North America', + 'country_iso_code': 'US', + 'country_name': 'United States', + 'location': { + 'lat': round(random.uniform(-90, 90), 6), + 'lon': round(random.uniform(-180, 180), 6) + }, + 'name': f'location{random.randint(0, 999)}', + 'postal_code': f'{random.randint(10000, 99999)}', + 'region_iso_code': 'US-CA', + 'region_name': 'California', + 'timezone': 'America/Los_Angeles' + } + return geo + + +def generate_random_package(): + package = { + 'architecture': random.choice(['x86_64', 'arm64']), + 'description': f'description{random.randint(0, 9999)}', + 'installed': generate_random_date(), + 'name': f'package{random.randint(0, 9999)}', + 'path': f'/path/to/package{random.randint(0, 9999)}', + 'size': random.randint(1000, 100000), + 'type': random.choice(['deb', 'rpm']), + 'version': f'{random.randint(0, 9)}.{random.randint(0, 9)}.{random.randint(0, 9)}' + } + return package + + +def generate_random_data(number): + data = [] + for _ in range(number): + event_data = { + '@timestamp': generate_random_date(), + 'agent': generate_random_agent(), + 'host': generate_random_host(), + 'package': generate_random_package() + } + data.append(event_data) + return data + + +def inject_events(ip, port, index, username, password, data): + url = f'https://{ip}:{port}/{index}/_doc' + session = requests.Session() + session.auth = (username, password) + session.verify = False + headers = {'Content-Type': 'application/json'} + + try: + for event_data in data: + response = session.post(url, json=event_data, headers=headers) + if response.status_code != 201: + logging.error(f'Error: {response.status_code}') + logging.error(response.text) + break + logging.info('Data injection completed successfully.') + except Exception as e: + logging.error(f'Error: {str(e)}') + + +def main(): + try: + number = int(input("How many events do you want to generate? ")) + except ValueError: + logging.error("Invalid input. Please enter a valid number.") + return + + logging.info(f"Generating {number} events...") + data = generate_random_data(number) + + with open(GENERATED_DATA_FILE, 'a') as outfile: + for event_data in data: + json.dump(event_data, outfile) + outfile.write('\n') + + logging.info('Data generation completed.') + + inject = input("Do you want to inject the generated data into your indexer? (y/n) ").strip().lower() + if inject == 'y': + ip = input(f"Enter the IP of your Indexer (default: '{IP}'): ") or IP + port = input(f"Enter the port of your Indexer (default: '{PORT}'): ") or PORT + index = input(f"Enter the index name (default: '{INDEX_NAME}'): ") or INDEX_NAME + username = input(f"Username (default: '{USERNAME}'): ") or USERNAME + password = input(f"Password (default: '{PASSWORD}'): ") or PASSWORD + inject_events(ip, port, index, username, password, data) + + +if __name__ == "__main__": + main() diff --git a/ecs/states-inventory-ports/event-generator/event_generator.py b/ecs/states-inventory-ports/event-generator/event_generator.py new file mode 100644 index 0000000000000..bede09340b104 --- /dev/null +++ b/ecs/states-inventory-ports/event-generator/event_generator.py @@ -0,0 +1,232 @@ +#!/bin/python3 + +import datetime +import json +import logging +import random +import requests +import urllib3 + +# Constants and Configuration +LOG_FILE = 'generate_data.log' +GENERATED_DATA_FILE = 'generatedData.json' +DATE_FORMAT = "%Y-%m-%dT%H:%M:%S.%fZ" +# Default values +INDEX_NAME = "wazuh-states-inventory-ports" +USERNAME = "admin" +PASSWORD = "admin" +IP = "127.0.0.1" +PORT = "9200" + +# Configure logging +logging.basicConfig(filename=LOG_FILE, level=logging.INFO) + +# Suppress warnings +urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning) + + +def generate_random_date(): + start_date = datetime.datetime.now() + end_date = start_date - datetime.timedelta(days=10) + random_date = start_date + (end_date - start_date) * random.random() + return random_date.strftime(DATE_FORMAT) + + +def generate_random_agent(): + agent = { + 'id': f'agent{random.randint(0, 99)}', + 'name': f'Agent{random.randint(0, 99)}', + 'type': random.choice(['filebeat', 'windows', 'linux', 'macos']), + 'version': f'v{random.randint(0, 9)}-stable', + 'groups': [f'group{random.randint(0, 99)}', f'group{random.randint(0, 99)}'], + 'host': generate_random_host() + } + return agent + + +def generate_random_host(): + host = { + 'architecture': random.choice(['x86_64', 'arm64']), + 'boot': { + 'id': f'bootid{random.randint(0, 9999)}' + }, + 'cpu': { + 'usage': random.uniform(0, 100) + }, + 'disk': { + 'read': { + 'bytes': random.randint(1000, 1000000) + }, + 'write': { + 'bytes': random.randint(1000, 1000000) + } + }, + 'domain': f'domain{random.randint(0, 1000)}', + 'geo': generate_random_geo(), + 'hostname': f'host{random.randint(0, 1000)}', + 'id': f'id{random.randint(0, 1000)}', + 'ip': f'{random.randint(1, 255)}.{random.randint(0, 255)}.{random.randint(0, 255)}.{random.randint(0, 255)}', + 'mac': f'{random.randint(0, 255):02x}:{random.randint(0, 255):02x}:{random.randint(0, 255):02x}:{random.randint(0, 255):02x}:{random.randint(0, 255):02x}:{random.randint(0, 255):02x}', + 'name': f'host{random.randint(0, 1000)}', + 'network': { + 'egress': { + 'bytes': random.randint(1000, 1000000), + 'packets': random.randint(100, 10000), + 'queue': random.randint(0, 1000) + }, + 'ingress': { + 'bytes': random.randint(1000, 1000000), + 'packets': random.randint(100, 10000), + 'queue': random.randint(0, 1000) + } + }, + 'os': { + 'family': random.choice(['debian', 'ubuntu', 'macos', 'ios', 'android', 'RHEL']), + 'full': f'{random.choice(["debian", "ubuntu", "macos", "ios", "android", "RHEL"])} {random.randint(0, 99)}.{random.randint(0, 99)}', + 'kernel': f'{random.randint(0, 9)}.{random.randint(0, 9)}.{random.randint(0, 9)}', + 'name': random.choice(['Linux', 'Windows', 'macOS']), + 'platform': random.choice(['platform1', 'platform2']), + 'type': random.choice(['os_type1', 'os_type2']), + 'version': f'{random.randint(0, 9)}.{random.randint(0, 9)}.{random.randint(0, 9)}' + }, + 'pid_ns_ino': f'pid_ns{random.randint(0, 9999)}', + 'risk': { + 'calculated_level': random.choice(['low', 'medium', 'high']), + 'calculated_score': random.uniform(0, 10), + 'calculated_score_norm': random.uniform(0, 1), + 'static_level': random.choice(['low', 'medium', 'high']), + 'static_score': random.uniform(0, 10), + 'static_score_norm': random.uniform(0, 1) + }, + 'type': random.choice(['type1', 'type2']), + 'uptime': random.randint(1000, 1000000) + } + return host + + +def generate_random_geo(): + geo = { + 'city_name': 'CityName', + 'continent_code': 'NA', + 'continent_name': 'North America', + 'country_iso_code': 'US', + 'country_name': 'United States', + 'location': { + 'lat': round(random.uniform(-90, 90), 6), + 'lon': round(random.uniform(-180, 180), 6) + }, + 'name': f'location{random.randint(0, 999)}', + 'postal_code': f'{random.randint(10000, 99999)}', + 'region_iso_code': 'US-CA', + 'region_name': 'California', + 'timezone': 'America/Los_Angeles' + } + return geo + + +def generate_random_destination(): + destination = { + 'ip': f'{random.randint(1, 255)}.{random.randint(0, 255)}.{random.randint(0, 255)}.{random.randint(0, 255)}', + 'port': random.randint(0, 65535) + } + return destination + + +def generate_random_device(): + device = { + 'id': f'device{random.randint(0, 9999)}' + } + return device + + +def generate_random_file(): + file = { + 'inode': f'inode{random.randint(0, 9999)}' + } + return file + + +def generate_random_process(): + process = { + 'name': f'process{random.randint(0, 9999)}', + 'pid': random.randint(0, 99999) + } + return process + + +def generate_random_source(): + source = { + 'ip': f'{random.randint(1, 255)}.{random.randint(0, 255)}.{random.randint(0, 255)}.{random.randint(0, 255)}', + 'port': random.randint(0, 65535) + } + return source + + +def generate_random_data(number): + data = [] + for _ in range(number): + event_data = { + '@timestamp': generate_random_date(), + 'agent': generate_random_agent(), + 'destination': generate_random_destination(), + 'device': generate_random_device(), + 'file': generate_random_file(), + 'host': generate_random_host(), + 'network': { + 'protocol': random.choice(['TCP', 'UDP', 'ICMP']) + }, + 'process': generate_random_process(), + 'source': generate_random_source() + } + data.append(event_data) + return data + + +def inject_events(ip, port, index, username, password, data): + url = f'https://{ip}:{port}/{index}/_doc' + session = requests.Session() + session.auth = (username, password) + session.verify = False + headers = {'Content-Type': 'application/json'} + + try: + for event_data in data: + response = session.post(url, json=event_data, headers=headers) + if response.status_code != 201: + logging.error(f'Error: {response.status_code}') + logging.error(response.text) + break + logging.info('Data injection completed successfully.') + except Exception as e: + logging.error(f'Error: {str(e)}') + + +def main(): + try: + number = int(input("How many events do you want to generate? ")) + except ValueError: + logging.error("Invalid input. Please enter a valid number.") + return + + logging.info(f"Generating {number} events...") + data = generate_random_data(number) + + with open(GENERATED_DATA_FILE, 'a') as outfile: + for event_data in data: + json.dump(event_data, outfile) + outfile.write('\n') + + logging.info('Data generation completed.') + + inject = input("Do you want to inject the generated data into your indexer? (y/n) ").strip().lower() + if inject == 'y': + ip = input(f"Enter the IP of your Indexer (default: '{IP}'): ") or IP + port = input(f"Enter the port of your Indexer (default: '{PORT}'): ") or PORT + index = input(f"Enter the index name (default: '{INDEX_NAME}'): ") or INDEX_NAME + username = input(f"Username (default: '{USERNAME}'): ") or USERNAME + password = input(f"Password (default: '{PASSWORD}'): ") or PASSWORD + inject_events(ip, port, index, username, password, data) + + +if __name__ == "__main__": + main() diff --git a/ecs/states-inventory-processes/event-generator/event_generator.py b/ecs/states-inventory-processes/event-generator/event_generator.py new file mode 100644 index 0000000000000..3395616d104c9 --- /dev/null +++ b/ecs/states-inventory-processes/event-generator/event_generator.py @@ -0,0 +1,219 @@ +#!/bin/python3 + +import datetime +import json +import logging +import random +import requests +import urllib3 + +# Constants and Configuration +LOG_FILE = 'generate_data.log' +GENERATED_DATA_FILE = 'generatedData.json' +DATE_FORMAT = "%Y-%m-%dT%H:%M:%S.%fZ" +# Default values +INDEX_NAME = "wazuh-states-inventory-processes" +USERNAME = "admin" +PASSWORD = "admin" +IP = "127.0.0.1" +PORT = "9200" + +# Configure logging +logging.basicConfig(filename=LOG_FILE, level=logging.INFO) + +# Suppress warnings +urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning) + + +def generate_random_date(): + start_date = datetime.datetime.now() + end_date = start_date - datetime.timedelta(days=10) + random_date = start_date + (end_date - start_date) * random.random() + return random_date.strftime(DATE_FORMAT) + + +def generate_random_agent(): + agent = { + 'id': f'agent{random.randint(0, 99)}', + 'name': f'Agent{random.randint(0, 99)}', + 'type': random.choice(['filebeat', 'windows', 'linux', 'macos']), + 'version': f'v{random.randint(0, 9)}-stable', + 'groups': [f'group{random.randint(0, 99)}', f'group{random.randint(0, 99)}'], + 'host': generate_random_host() + } + return agent + + +def generate_random_host(): + host = { + 'architecture': random.choice(['x86_64', 'arm64']), + 'boot': { + 'id': f'bootid{random.randint(0, 9999)}' + }, + 'cpu': { + 'usage': random.uniform(0, 100) + }, + 'disk': { + 'read': { + 'bytes': random.randint(1000, 1000000) + }, + 'write': { + 'bytes': random.randint(1000, 1000000) + } + }, + 'domain': f'domain{random.randint(0, 1000)}', + 'geo': generate_random_geo(), + 'hostname': f'host{random.randint(0, 1000)}', + 'id': f'id{random.randint(0, 1000)}', + 'ip': f'{random.randint(1, 255)}.{random.randint(0, 255)}.{random.randint(0, 255)}.{random.randint(0, 255)}', + 'mac': f'{random.randint(0, 255):02x}:{random.randint(0, 255):02x}:{random.randint(0, 255):02x}:{random.randint(0, 255):02x}:{random.randint(0, 255):02x}:{random.randint(0, 255):02x}', + 'name': f'host{random.randint(0, 1000)}', + 'network': { + 'egress': { + 'bytes': random.randint(1000, 1000000), + 'packets': random.randint(100, 10000) + }, + 'ingress': { + 'bytes': random.randint(1000, 1000000), + 'packets': random.randint(100, 10000) + } + }, + 'os': { + 'family': random.choice(['debian', 'ubuntu', 'macos', 'ios', 'android', 'RHEL']), + 'full': f'{random.choice(["debian", "ubuntu", "macos", "ios", "android", "RHEL"])} {random.randint(0, 99)}.{random.randint(0, 99)}', + 'kernel': f'{random.randint(0, 9)}.{random.randint(0, 9)}.{random.randint(0, 9)}', + 'name': random.choice(['Linux', 'Windows', 'macOS']), + 'platform': random.choice(['platform1', 'platform2']), + 'type': random.choice(['os_type1', 'os_type2']), + 'version': f'{random.randint(0, 9)}.{random.randint(0, 9)}.{random.randint(0, 9)}' + }, + 'pid_ns_ino': f'pid_ns{random.randint(0, 9999)}', + 'risk': { + 'calculated_level': random.choice(['low', 'medium', 'high']), + 'calculated_score': random.uniform(0, 10), + 'calculated_score_norm': random.uniform(0, 1), + 'static_level': random.choice(['low', 'medium', 'high']), + 'static_score': random.uniform(0, 10), + 'static_score_norm': random.uniform(0, 1) + }, + 'type': random.choice(['type1', 'type2']), + 'uptime': random.randint(1000, 1000000) + } + return host + + +def generate_random_geo(): + geo = { + 'city_name': 'CityName', + 'continent_code': 'NA', + 'continent_name': 'North America', + 'country_iso_code': 'US', + 'country_name': 'United States', + 'location': { + 'lat': round(random.uniform(-90, 90), 6), + 'lon': round(random.uniform(-180, 180), 6) + }, + 'name': f'location{random.randint(0, 999)}', + 'postal_code': f'{random.randint(10000, 99999)}', + 'region_iso_code': 'US-CA', + 'region_name': 'California', + 'timezone': 'America/Los_Angeles' + } + return geo + + +def generate_random_process(): + process = { + 'args': f'arg{random.randint(0, 9999)}', + 'command_line': f'command{random.randint(0, 9999)}', + 'group': { + 'id': f'groupid{random.randint(0, 9999)}' + }, + 'name': f'process{random.randint(0, 9999)}', + 'parent': { + 'pid': random.randint(1, 9999) + }, + 'pid': random.randint(1, 9999), + 'real_group': { + 'id': f'realgroupid{random.randint(0, 9999)}' + }, + 'real_user': { + 'id': f'realuserid{random.randint(0, 9999)}' + }, + 'saved_group': { + 'id': f'savedgroupid{random.randint(0, 9999)}' + }, + 'saved_user': { + 'id': f'saveduserid{random.randint(0, 9999)}' + }, + 'start': generate_random_date(), + 'thread': { + 'id': random.randint(1, 9999) + }, + 'user': { + 'id': f'userid{random.randint(0, 9999)}' + } + } + return process + + +def generate_random_data(number): + data = [] + for _ in range(number): + event_data = { + '@timestamp': generate_random_date(), + 'agent': generate_random_agent(), + 'host': generate_random_host(), + 'process': generate_random_process() + } + data.append(event_data) + return data + +def inject_events(ip, port, index, username, password, data): + url = f'https://{ip}:{port}/{index}/_doc' + session = requests.Session() + session.auth = (username, password) + session.verify = False + headers = {'Content-Type': 'application/json'} + + try: + for event_data in data: + response = session.post(url, json=event_data, headers=headers) + if response.status_code != 201: + logging.error(f'Error: {response.status_code}') + logging.error(response.text) + break + logging.info('Data injection completed successfully.') + except Exception as e: + logging.error(f'Error: {str(e)}') + + +def main(): + try: + number = int(input("How many events do you want to generate? ")) + except ValueError: + logging.error("Invalid input. Please enter a valid number.") + return + + logging.info(f"Generating {number} events...") + data = generate_random_data(number) + + with open(GENERATED_DATA_FILE, 'a') as outfile: + for event_data in data: + json.dump(event_data, outfile) + outfile.write('\n') + + logging.info('Data generation completed.') + + inject = input("Do you want to inject the generated data into your indexer? (y/n) ").strip().lower() + if inject == 'y': + ip = input(f"Enter the IP of your Indexer (default: '{IP}'): ") or IP + port = input(f"Enter the port of your Indexer (default: '{PORT}'): ") or PORT + index = input(f"Enter the index name (default: '{INDEX_NAME}'): ") or INDEX_NAME + username = input(f"Username (default: '{USERNAME}'): ") or USERNAME + password = input(f"Password (default: '{PASSWORD}'): ") or PASSWORD + inject_events(ip, port, index, username, password, data) + + +if __name__ == "__main__": + main() diff --git a/ecs/states-inventory-system/event-generator/event_generator.py b/ecs/states-inventory-system/event-generator/event_generator.py new file mode 100644 index 0000000000000..0eeae886ec8f4 --- /dev/null +++ b/ecs/states-inventory-system/event-generator/event_generator.py @@ -0,0 +1,183 @@ +#!/bin/python3 + +import datetime +import json +import logging +import random +import requests +import urllib3 + +# Constants and Configuration +LOG_FILE = 'generate_data.log' +GENERATED_DATA_FILE = 'generatedData.json' +DATE_FORMAT = "%Y-%m-%dT%H:%M:%S.%fZ" +# Default values +INDEX_NAME = "wazuh-states-inventory-system" +USERNAME = "admin" +PASSWORD = "admin" +IP = "127.0.0.1" +PORT = "9200" + +# Configure logging +logging.basicConfig(filename=LOG_FILE, level=logging.INFO) + +# Suppress warnings +urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning) + + +def generate_random_date(): + start_date = datetime.datetime.now() + end_date = start_date - datetime.timedelta(days=10) + random_date = start_date + (end_date - start_date) * random.random() + return random_date.strftime(DATE_FORMAT) + + +def generate_random_agent(): + agent = { + 'id': f'agent{random.randint(0, 99)}', + 'name': f'Agent{random.randint(0, 99)}', + 'type': random.choice(['filebeat', 'windows', 'linux', 'macos']), + 'version': f'v{random.randint(0, 9)}-stable', + 'groups': [f'group{random.randint(0, 99)}', f'group{random.randint(0, 99)}'], + 'host': generate_random_host() + } + return agent + + +def generate_random_host(): + host = { + 'architecture': random.choice(['x86_64', 'arm64']), + 'boot': { + 'id': f'bootid{random.randint(0, 9999)}' + }, + 'cpu': { + 'usage': random.uniform(0, 100) + }, + 'disk': { + 'read': { + 'bytes': random.randint(1000, 1000000) + }, + 'write': { + 'bytes': random.randint(1000, 1000000) + } + }, + 'domain': f'domain{random.randint(0, 1000)}', + 'geo': generate_random_geo(), + 'hostname': f'host{random.randint(0, 1000)}', + 'id': f'id{random.randint(0, 1000)}', + 'ip': f'{random.randint(1, 255)}.{random.randint(0, 255)}.{random.randint(0, 255)}.{random.randint(0, 255)}', + 'mac': f'{random.randint(0, 255):02x}:{random.randint(0, 255):02x}:{random.randint(0, 255):02x}:{random.randint(0, 255):02x}:{random.randint(0, 255):02x}:{random.randint(0, 255):02x}', + 'name': f'host{random.randint(0, 1000)}', + 'network': { + 'egress': { + 'bytes': random.randint(1000, 1000000), + 'packets': random.randint(100, 10000) + }, + 'ingress': { + 'bytes': random.randint(1000, 1000000), + 'packets': random.randint(100, 10000) + } + }, + 'os': { + 'family': random.choice(['debian', 'ubuntu', 'macos', 'ios', 'android', 'RHEL']), + 'full': f'{random.choice(["debian", "ubuntu", "macos", "ios", "android", "RHEL"])} {random.randint(0, 99)}.{random.randint(0, 99)}', + 'kernel': f'{random.randint(0, 9)}.{random.randint(0, 9)}.{random.randint(0, 9)}', + 'name': random.choice(['Linux', 'Windows', 'macOS']), + 'platform': random.choice(['platform1', 'platform2']), + 'type': random.choice(['os_type1', 'os_type2']), + 'version': f'{random.randint(0, 9)}.{random.randint(0, 9)}.{random.randint(0, 9)}' + }, + 'pid_ns_ino': f'pid_ns{random.randint(0, 9999)}', + 'risk': { + 'calculated_level': random.choice(['low', 'medium', 'high']), + 'calculated_score': random.uniform(0, 10), + 'calculated_score_norm': random.uniform(0, 1), + 'static_level': random.choice(['low', 'medium', 'high']), + 'static_score': random.uniform(0, 10), + 'static_score_norm': random.uniform(0, 1) + }, + 'type': random.choice(['type1', 'type2']), + 'uptime': random.randint(1000, 1000000) + } + return host + + +def generate_random_geo(): + geo = { + 'city_name': 'CityName', + 'continent_code': 'NA', + 'continent_name': 'North America', + 'country_iso_code': 'US', + 'country_name': 'United States', + 'location': { + 'lat': round(random.uniform(-90, 90), 6), + 'lon': round(random.uniform(-180, 180), 6) + }, + 'name': f'location{random.randint(0, 999)}', + 'postal_code': f'{random.randint(10000, 99999)}', + 'region_iso_code': 'US-CA', + 'region_name': 'California', + 'timezone': 'America/Los_Angeles' + } + return geo + + +def generate_random_data(number): + data = [] + for _ in range(number): + event_data = { + '@timestamp': generate_random_date(), + 'agent': generate_random_agent(), + 'host': generate_random_host() + } + data.append(event_data) + return data + + +def inject_events(ip, port, index, username, password, data): + url = f'https://{ip}:{port}/{index}/_doc' + session = requests.Session() + session.auth = (username, password) + session.verify = False + headers = {'Content-Type': 'application/json'} + + try: + for event_data in data: + response = session.post(url, json=event_data, headers=headers) + if response.status_code != 201: + logging.error(f'Error: {response.status_code}') + logging.error(response.text) + break + logging.info('Data injection completed successfully.') + except Exception as e: + logging.error(f'Error: {str(e)}') + + +def main(): + try: + number = int(input("How many events do you want to generate? ")) + except ValueError: + logging.error("Invalid input. Please enter a valid number.") + return + + logging.info(f"Generating {number} events...") + data = generate_random_data(number) + + with open(GENERATED_DATA_FILE, 'a') as outfile: + for event_data in data: + json.dump(event_data, outfile) + outfile.write('\n') + + logging.info('Data generation completed.') + + inject = input("Do you want to inject the generated data into your indexer? (y/n) ").strip().lower() + if inject == 'y': + ip = input(f"Enter the IP of your Indexer (default: '{IP}'): ") or IP + port = input(f"Enter the port of your Indexer (default: '{PORT}'): ") or PORT + index = input(f"Enter the index name (default: '{INDEX_NAME}'): ") or INDEX_NAME + username = input(f"Username (default: '{USERNAME}'): ") or USERNAME + password = input(f"Password (default: '{PASSWORD}'): ") or PASSWORD + inject_events(ip, port, index, username, password, data) + +if __name__ == "__main__": + main() diff --git a/ecs/states-vulnerabilities/event-generator/event_generator.py b/ecs/states-vulnerabilities/event-generator/event_generator.py index c973123666baa..de80c8bf49e92 100644 --- a/ecs/states-vulnerabilities/event-generator/event_generator.py +++ b/ecs/states-vulnerabilities/event-generator/event_generator.py @@ -1,32 +1,28 @@ #!/bin/python3 -# This script generates sample events and injects them into the Wazuh Indexer. -# The events follow the Elastic Common Schema (ECS) format, and contains the following fields: -# - agent -# - package -# - host -# - vulnerability -# - wazuh (custom) -# -# This is an ad-hoc script for the vulnerability module. Extend to support other modules. - import datetime -import random import json -import requests -import warnings import logging +import random +import requests +import urllib3 # Constants and Configuration LOG_FILE = 'generate_data.log' GENERATED_DATA_FILE = 'generatedData.json' DATE_FORMAT = "%Y-%m-%dT%H:%M:%S.%fZ" +# Default values +INDEX_NAME = "wazuh-states-vulnerabilities" +USERNAME = "admin" +PASSWORD = "admin" +IP = "127.0.0.1" +PORT = "9200" # Configure logging logging.basicConfig(filename=LOG_FILE, level=logging.INFO) # Suppress warnings -warnings.filterwarnings("ignore") +urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning) def generate_random_date(): @@ -38,147 +34,140 @@ def generate_random_date(): def generate_random_agent(): agent = { - 'build': {'original': f'build{random.randint(0, 9999)}'}, 'id': f'agent{random.randint(0, 99)}', 'name': f'Agent{random.randint(0, 99)}', + 'type': random.choice(['filebeat', 'windows', 'linux', 'macos']), 'version': f'v{random.randint(0, 9)}-stable', - 'ephemeral_id': f'{random.randint(0, 99999)}', - 'type': random.choice(['filebeat', 'windows', 'linux', 'macos']) + 'groups': [f'group{random.randint(0, 99)}', f'group{random.randint(0, 99)}'], + 'host': generate_random_host() } return agent -def generate_random_event(): - event = { - 'action': random.choice(['login', 'logout', 'create', 'delete', 'modify', 'read', 'write', 'upload', 'download', - 'copy', 'paste', 'cut', 'move', 'rename', 'open', 'close', 'execute', 'run', 'install', - 'uninstall', 'start', 'stop', 'kill', 'suspend', 'resume', 'sleep', 'wake', 'lock', - 'unlock', 'encrypt', 'decrypt', 'compress', 'decompress', 'archive', 'unarchive', - 'mount', 'unmount', 'eject', 'connect', 'disconnect', 'send', 'receive']), - 'agent_id_status': random.choice(['verified', 'mismatch', 'missing', 'auth_metadata_missing']), - 'category': random.choice(['authentication', 'authorization', 'configuration', 'communication', 'file', - 'network', 'process', 'registry', 'storage', 'system', 'web']), - 'code': f'{random.randint(0, 99999)}', - 'created': generate_random_date(), - 'dataset': random.choice(['process', 'file', 'registry', 'socket', 'dns', 'http', 'tls', 'alert', - 'authentication', 'authorization', 'configuration', 'communication', 'file', - 'network', 'process', 'registry', 'storage', 'system', 'web']), - 'duration': random.randint(0, 99999), - 'end': generate_random_date(), - 'hash': str(hash(f'hash{random.randint(0, 99999)}')), - 'id': f'{random.randint(0, 99999)}', - 'ingested': generate_random_date(), - 'kind': random.choice(['alert', 'asset', 'enrichment', 'event', 'metric', - 'state', 'pipeline_error', 'signal']), - 'module': random.choice(['process', 'file', 'registry', 'socket', 'dns', 'http', 'tls', 'alert', - 'authentication', 'authorization', 'configuration', 'communication', 'file', - 'network', 'process', 'registry', 'storage', 'system', 'web']), - 'original': f'original{random.randint(0, 99999)}', - 'outcome': random.choice(['success', 'failure', 'unknown']), - 'provider': random.choice(['process', 'file', 'registry', 'socket', 'dns', 'http', 'tls', 'alert', - 'authentication', 'authorization', 'configuration', 'communication', 'file', - 'network', 'process', 'registry', 'storage', 'system', 'web']), - 'reason': f'This event happened due to reason{random.randint(0, 99999)}', - 'reference': f'https://system.example.com/event/#{random.randint(0, 99999)}', - 'risk_score': round(random.uniform(0, 10), 1), - 'risk_score_norm': round(random.uniform(0, 10), 1), - 'sequence': random.randint(0, 10), - 'severity': random.randint(0, 10), - 'start': generate_random_date(), - 'timezone': random.choice(['UTC', 'GMT', 'PST', 'EST', 'CST', 'MST', 'PDT', 'EDT', 'CDT', 'MDT']), - 'type': random.choice(['access', 'admin', 'allowed', 'change', 'connection', 'creation', 'deletion', - 'denied', 'end', 'error', 'group', 'indicator', 'info', 'installation', 'protocol', - 'start', 'user']), - 'url': f'http://mysystem.example.com/alert/{random.randint(0, 99999)}' - } - return event - - def generate_random_host(): - family = random.choice( - ['debian', 'ubuntu', 'macos', 'ios', 'android', 'RHEL']) - version = f'{random.randint(0, 99)}.{random.randint(0, 99)}' host = { + 'architecture': random.choice(['x86_64', 'arm64']), + 'boot': { + 'id': f'bootid{random.randint(0, 9999)}' + }, + 'cpu': { + 'usage': random.uniform(0, 100) + }, + 'disk': { + 'read': { + 'bytes': random.randint(1000, 1000000) + }, + 'write': { + 'bytes': random.randint(1000, 1000000) + } + }, + 'domain': f'domain{random.randint(0, 1000)}', + 'geo': generate_random_geo(), + 'hostname': f'host{random.randint(0, 1000)}', + 'id': f'id{random.randint(0, 1000)}', + 'ip': f'{random.randint(1, 255)}.{random.randint(0, 255)}.{random.randint(0, 255)}.{random.randint(0, 255)}', + 'mac': f'{random.randint(0, 255):02x}:{random.randint(0, 255):02x}:{random.randint(0, 255):02x}:{random.randint(0, 255):02x}:{random.randint(0, 255):02x}:{random.randint(0, 255):02x}', + 'name': f'host{random.randint(0, 1000)}', + 'network': { + 'egress': { + 'bytes': random.randint(1000, 1000000), + 'packets': random.randint(100, 10000) + }, + 'ingress': { + 'bytes': random.randint(1000, 1000000), + 'packets': random.randint(100, 10000) + } + }, 'os': { - 'full': f'{family} {version}', - 'kernel': f'{version}kernel{random.randint(0, 99)}', - 'name': f'{family} {version}', - 'platform': family, - 'type': random.choice(['windows', 'linux', 'macos', 'ios', 'android', 'unix']), - 'version': version - } + 'family': random.choice(['debian', 'ubuntu', 'macos', 'ios', 'android', 'RHEL']), + 'full': f'{random.choice(["debian", "ubuntu", "macos", "ios", "android", "RHEL"])} {random.randint(0, 99)}.{random.randint(0, 99)}', + 'kernel': f'{random.randint(0, 9)}.{random.randint(0, 9)}.{random.randint(0, 9)}', + 'name': random.choice(['Linux', 'Windows', 'macOS']), + 'platform': random.choice(['platform1', 'platform2']), + 'type': random.choice(['os_type1', 'os_type2']), + 'version': f'{random.randint(0, 9)}.{random.randint(0, 9)}.{random.randint(0, 9)}' + }, + 'pid_ns_ino': f'pid_ns{random.randint(0, 9999)}', + 'risk': { + 'calculated_level': random.choice(['low', 'medium', 'high']), + 'calculated_score': random.uniform(0, 10), + 'calculated_score_norm': random.uniform(0, 1), + 'static_level': random.choice(['low', 'medium', 'high']), + 'static_score': random.uniform(0, 10), + 'static_score_norm': random.uniform(0, 1) + }, + 'type': random.choice(['type1', 'type2']), + 'uptime': random.randint(1000, 1000000) } return host -def generate_random_labels(): - labels = { - 'label1': f'label{random.randint(0, 99)}', 'label2': f'label{random.randint(0, 99)}'} - return labels +def generate_random_geo(): + geo = { + 'city_name': 'CityName', + 'continent_code': 'NA', + 'continent_name': 'North America', + 'country_iso_code': 'US', + 'country_name': 'United States', + 'location': { + 'lat': round(random.uniform(-90, 90), 6), + 'lon': round(random.uniform(-180, 180), 6) + }, + 'name': f'location{random.randint(0, 999)}', + 'postal_code': f'{random.randint(10000, 99999)}', + 'region_iso_code': 'US-CA', + 'region_name': 'California', + 'timezone': 'America/Los_Angeles' + } + return geo def generate_random_package(): package = { - 'architecture': random.choice(['x86', 'x64', 'arm', 'arm64']), + 'architecture': random.choice(['x86_64', 'arm64']), 'build_version': f'build{random.randint(0, 9999)}', 'checksum': f'checksum{random.randint(0, 9999)}', 'description': f'description{random.randint(0, 9999)}', - 'install_scope': random.choice(['user', 'system']), + 'install_scope': random.choice(['system', 'user']), 'installed': generate_random_date(), - 'license': f'license{random.randint(0, 9)}', - 'name': f'name{random.randint(0, 99)}', - 'path': f'/path/to/package{random.randint(0, 99)}', - 'reference': f'package-reference-{random.randint(0, 99)}', - 'size': random.randint(0, 99999), - 'type': random.choice(['deb', 'rpm', 'msi', 'pkg', 'app', 'apk', 'exe', 'zip', 'tar', 'gz', '7z', - 'rar', 'cab', 'iso', 'dmg', 'tar.gz', 'tar.bz2', 'tar.xz', 'tar.Z', 'tar.lz4', - 'tar.sz', 'tar.zst']), - 'version': f'v{random.randint(0, 9)}-stable' + 'license': random.choice(['GPL', 'MIT', 'Apache']), + 'name': f'package{random.randint(0, 9999)}', + 'path': f'/path/to/package{random.randint(0, 9999)}', + 'reference': f'reference{random.randint(0, 9999)}', + 'size': random.randint(1000, 100000), + 'type': random.choice(['deb', 'rpm']), + 'version': f'{random.randint(0, 9)}.{random.randint(0, 9)}.{random.randint(0, 9)}' } return package def generate_random_vulnerability(): - id = random.randint(0, 9999) vulnerability = { - 'category': random.choice(['security', 'config', 'os', 'package', 'custom']), - 'classification': [f'classification{random.randint(0, 9999)}'], + 'category': random.choice(['security', 'compliance']), + 'classification': f'classification{random.randint(0, 9999)}', 'description': f'description{random.randint(0, 9999)}', - 'enumeration': 'CVE', - 'id': f'CVE-{id}', - 'reference': f'https://mycve.test.org/cgi-bin/cvename.cgi?name={id}', - 'report_id': f'report-{random.randint(0, 9999)}', + 'detected_at': generate_random_date(), + 'enumeration': f'enumeration{random.randint(0, 9999)}', + 'id': f'id{random.randint(0, 9999)}', + 'published_at': generate_random_date(), + 'reference': f'reference{random.randint(0, 9999)}', + 'report_id': f'report{random.randint(0, 9999)}', 'scanner': { - 'vendor': f'vendor-{random.randint(0, 9)}', - 'source': random.choice(['NVD', 'OpenCVE', 'OpenVAS', 'Tenable']) + 'source': random.choice(['Nessus', 'OpenVAS']), + 'vendor': random.choice(['Tenable', 'Greenbone']) }, 'score': { - 'base': round(random.uniform(0, 10), 1), - 'environmental': round(random.uniform(0, 10), 1), - 'temporal': round(random.uniform(0, 10), 1), - 'version': round(random.uniform(0, 10), 1) + 'base': random.uniform(0, 10), + 'environmental': random.uniform(0, 10), + 'temporal': random.uniform(0, 10), + 'version': random.choice(['v2', 'v3']) }, - 'severity': random.choice(['Low', 'Medium', 'High', 'Critical']), - 'detected_at': generate_random_date(), - 'published_at': generate_random_date(), + 'severity': random.choice(['low', 'medium', 'high']), 'under_evaluation': random.choice([True, False]) } return vulnerability -def generate_random_wazuh(): - wazuh = { - 'cluster': { - 'name': f'wazuh-cluster-{random.randint(0,10)}', - 'node': f'wazuh-cluster-node-{random.randint(0,10)}' - }, - 'schema': { - 'version': '1.7.0' - }, - } - return wazuh - - def generate_random_data(number): data = [] for _ in range(number): @@ -186,8 +175,7 @@ def generate_random_data(number): 'agent': generate_random_agent(), 'host': generate_random_host(), 'package': generate_random_package(), - 'vulnerability': generate_random_vulnerability(), - 'wazuh': generate_random_wazuh() + 'vulnerability': generate_random_vulnerability() } data.append(event_data) return data @@ -214,7 +202,7 @@ def inject_events(ip, port, index, username, password, data): def main(): try: - number = int(input("How many events do you want to generate? ").strip() or 50) + number = int(input("How many events do you want to generate? ")) except ValueError: logging.error("Invalid input. Please enter a valid number.") return @@ -232,11 +220,11 @@ def main(): inject = input( "Do you want to inject the generated data into your indexer? (y/n) ").strip().lower() if inject == 'y': - ip = input("Enter the IP of your Indexer: ").strip() or "localhost" - port = input("Enter the port of your Indexer: ").strip() or 9200 - index = input("Enter the index name: ").strip() or "wazuh-states-vulnerability-test" - username = input("Username: ").strip() or "admin" - password = input("Password: ").strip() + ip = input(f"Enter the IP of your Indexer (default: '{IP}'): ") or IP + port = input(f"Enter the port of your Indexer (default: '{PORT}'): ") or PORT + index = input(f"Enter the index name (default: '{INDEX_NAME}'): ") or INDEX_NAME + username = input(f"Username (default: '{USERNAME}'): ") or USERNAME + password = input(f"Password (default: '{PASSWORD}'): ") or PASSWORD inject_events(ip, port, index, username, password, data) diff --git a/test-tools/.gitignore b/test-tools/.gitignore new file mode 100644 index 0000000000000..2fba045aa1ba5 --- /dev/null +++ b/test-tools/.gitignore @@ -0,0 +1 @@ +wazuh-certificates.tar \ No newline at end of file