Merge branch '4.10.2' into merge-4.10.2-into-master

.github/ISSUE_TEMPLATE/operational--integrations_maintenance_request.md

@@ -0,0 +1,30 @@
+---
+name: Integrations maintenance request
+about: Used by the Indexer team to maintain third-party software integrations and track the results.
+title: Integrations maintenance request
+labels: level/task, request/operational, type/maintenance
+assignees: ""
+---
+
+## Description
+
+The Wazuh Indexer team is responsible for the maintenance of the third-party integrations hosted in the wazuh/wazuh-indexer repository. We must ensure these integrations work under new releases of the third-party software (Splunk, Elastic, Logstash, …) and our own.
+
+For that, we need to:
+
+-   [ ] Create a pull request that upgrades the components to the latest version.
+-   [ ] Update our testing environments to verify the integrations work under new versions.
+-   [ ] Test the integrations, checking that:
+  - The Docker Compose project starts without errors.
+  - The data arrives to the destination.
+  - All the dashboards can be imported successfully.
+  - All the dashboards are populated with data.
+-   [ ] Finally, upgrade the compatibility matrix in integrations/README.md with the new versions.
+
+> [!NOTE]
+> * For Logstash, we use the logstash-oss image.
+> * For Wazuh Indexer and Wazuh Dashboard, we use the opensearch and opensearch-dashboards images. These must match the opensearch version that we support (e.g: for Wazuh 4.9.0 it is OpenSearch 2.13.0). 
+
+## Issues
+
+-   _List here the detected issues_

.github/workflows/build.yml

@@ -26,7 +26,7 @@ on:
       architecture:
         description: '[ "x64", "arm64" ]'
         type: string
-        default: '[ "x64" ]'
+        default: '[ "x64", "arm64"  ]'
       checksum:
         description: "Checksum ?"
         type: boolean
@@ -64,7 +64,7 @@ on:
       architecture:
         description: '[ "x64", "arm64" ]'
         type: string
-        default: '[ "x64" ]'
+        default: '[ "x64", "arm64"  ]'
       checksum:
         description: "Checksum ?"
         type: boolean
@@ -104,7 +104,7 @@ on:
 jobs:
   matrix:
     name: Set up matrix
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-22.04
     outputs:
       matrix: ${{ steps.setup.outputs.matrix }}
     steps:
@@ -194,8 +194,8 @@ jobs:
           if-no-files-found: error
 
   build:
-    needs: [matrix, build-wazuh-plugins, build-reporting-plugin]
-    runs-on: ubuntu-latest
+    needs: [matrix]
+    runs-on: ${{ matrix.architecture == 'arm64' && 'wz-linux-arm64' || 'ubuntu-22.04' }}
     strategy:
       fail-fast: false
       matrix: ${{ fromJson(needs.matrix.outputs.matrix) }}

CHANGELOG.md

@@ -9,6 +9,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 ### Dependencies
 
 ### Changed
+- Upgrade third-party integrations to the latest versions ([#447](https://github.com/wazuh/wazuh-indexer/pull/447))
 
 ### Deprecated
 
@@ -18,4 +19,4 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 
 ### Security
 
-[Unreleased 5.0.x]: https://github.com/wazuh/wazuh-indexer/compare/92ffe2ed8a743c07a1170960d5949fcd6ed12e89...master
+[Unreleased 5.0.x]: https://github.com/wazuh/wazuh-indexer/compare/4.10.2...master

SECURITY.md

@@ -6,24 +6,20 @@ Version: 2023-06-12
 This document outlines the Security Policy for Wazuh's open source projects. It emphasizes our commitment to maintain a secure environment for our users and contributors, and reflects our belief in the power of collaboration to identify and resolve security vulnerabilities.
 
 ## Scope
-This policy applies to all open source projects developed, maintained, or hosted by Wazuh. In this case, as this project is a fork, we may forward the reported vulnerability to the upstream.
+This policy applies to all open source projects developed, maintained, or hosted by Wazuh.
 
 ## Reporting Security Vulnerabilities
 If you believe you've discovered a potential security vulnerability in one of our open source projects, we strongly encourage you to report it to us responsibly.
 
-Please submit your findings as security advisories under the "Security" tab in the relevant GitHub repository. Alternatively, you may send the details of your findings to [email protected].
+Please submit your findings as security advisories under the "Security" tab in the relevant GitHub repository. Alternatively, you may send the details of your findings to [[email protected]](mailto:[email protected]).
 
 ## Vulnerability Disclosure Policy
 Upon receiving a report of a potential vulnerability, our team will initiate an investigation. If the reported issue is confirmed as a vulnerability, we will take the following steps:
 
 1. Acknowledgment: We will acknowledge the receipt of your vulnerability report and begin our investigation.
-
 2. Validation: We will validate the issue and work on reproducing it in our environment.
-
-3. Remediation: We will work on a fix and thoroughly test it
-
+3. Remediation: We will work on a fix and thoroughly test it.
 4. Release & Disclosure: After 90 days from the discovery of the vulnerability, or as soon as a fix is ready and thoroughly tested (whichever comes first), we will release a security update for the affected project. We will also publicly disclose the vulnerability by publishing a CVE (Common Vulnerabilities and Exposures) and acknowledging the discovering party.
-
 5. Exceptions: In order to preserve the security of the Wazuh community at large, we might extend the disclosure period to allow users to patch their deployments.
 
 This 90-day period allows for end-users to update their systems and minimizes the risk of widespread exploitation of the vulnerability.
@@ -37,7 +33,7 @@ We believe in giving credit where credit is due. If you report a security vulner
 We do appreciate and encourage feedback from our community, but currently we do not have a bounty program. We might start bounty programs in the future.
 
 ## Compliance with this Policy
-We consider the discovery and reporting of security vulnerabilities an important public service. We encourage responsible reporting of any vulnerabilities that may be found in our site or applications. 
+We consider the discovery and reporting of security vulnerabilities an important public service. We encourage responsible reporting of any vulnerabilities that may be found in our site or applications.
 
 Furthermore, we will not take legal action against or suspend or terminate access to the site or services of those who discover and report security vulnerabilities in accordance with this policy because of the fact.
 
@@ -46,4 +42,4 @@ We ask that all users and contributors respect this policy and the security of o
 ## Changes to this Security Policy
 This policy may be revised from time to time. Each version of the policy will be identified at the top of the page by its effective date.
 
-If you have any questions about this Security Policy, please contact us at [email protected]
+If you have any questions about this Security Policy, please contact us at [[email protected]](mailto:[email protected])

distribution/packages/src/common/wazuh-indexer-performance-analyzer.service

@@ -6,15 +6,16 @@
 # compatible open source license.
 
 [Unit]
-Description=wazuh-indexer Performance Analyzer
+Description=OpenSearch Performance Analyzer
 
 [Service]
 Type=simple
-ExecStart=/usr/share/wazuh-indexer/bin/wazuh-indexer-performance-analyzer/performance-analyzer-agent-cli
+ExecStart=/usr/share/wazuh-indexer/bin/opensearch-performance-analyzer/performance-analyzer-agent-cli
 Restart=on-failure
 User=wazuh-indexer
 Group=wazuh-indexer
-EnvironmentFile=-/etc/sysconfig/wazuh-indexer
+Environment=OPENSEARCH_HOME=/usr/share/wazuh-indexer
+Environment=OPENSEARCH_PATH_CONF=/etc/wazuh-indexer/
 WorkingDirectory=/usr/share/wazuh-indexer
 
 [Install]

distribution/packages/src/deb/debmake_install.sh

@@ -90,5 +90,4 @@ for i in "${binary_files[@]}"; do
 	chmod -c 750 "$i"
 done
 
-
 exit 0

distribution/packages/src/rpm/wazuh-indexer.rpm.spec

@@ -244,6 +244,7 @@ exit 0
 %config(noreplace) %attr(660, %{name}, %{name}) %{config_dir}/log4j2.properties
 %config(noreplace) %attr(660, %{name}, %{name}) %{config_dir}/jvm.options
 %config(noreplace) %attr(660, %{name}, %{name}) %{config_dir}/opensearch.yml
+%config(noreplace) %attr(640, %{name}, %{name}) %{config_dir}/opensearch-security/*
 
 
 %if %observability_plugin
@@ -265,13 +266,15 @@ exit 0
 %attr(750, %{name}, %{name}) %{product_dir}/performance-analyzer-rca/bin/*
 
 %changelog
-* Fri Dec 06 2024 support <[email protected]> - 5.0.0
+* Mon Jun 23 2025 support <[email protected]> - 5.0.0
 - More info: https://documentation.wazuh.com/current/release-notes/release-5.0.0-0.html
-* Fri Nov 06 2024 support <[email protected]> - 4.10.1
+* Tue Feb 20 2025 support <[email protected]> - 4.10.2
+- More info: https://documentation.wazuh.com/current/release-notes/release-4-10-2.html
+* Tue Jan 28 2025 support <[email protected]> - 4.10.1
 - More info: https://documentation.wazuh.com/current/release-notes/release-4-10-1.html
-* Mon Sep 23 2024 support <[email protected]> - 4.10.0
+* Tue Nov 26 2024 support <[email protected]> - 4.10.0
 - More info: https://documentation.wazuh.com/current/release-notes/release-4-10-0.html
-* Fri Sep 20 2024 support <[email protected]> - 4.9.1
+* Tue Oct 15 2024 support <[email protected]> - 4.9.1
 - More info: https://documentation.wazuh.com/current/release-notes/release-4-9-1.html
 * Thu Aug 15 2024 support <[email protected]> - 4.9.0
 - More info: https://documentation.wazuh.com/current/release-notes/release-4-9-0.html

docker/README.md

@@ -1,55 +1,19 @@
-# Indexer development environments
+# Docker environments
 
-Install [Docker Desktop][docker-desktop] as per its instructions, available for Windows, Mac
-and Linux (Ubuntu, Debian & Fedora).
-This ensures that the development experience between Linux, Mac and Windows is as
-similar as possible.
-
-> IMPORTANT: be methodic during the installation of Docker Desktop, and proceed
-> step by step as described in their documentation. Make sure that your system
-> meets the system requirements before installing Docker Desktop, and read any
-> post-installation note, specially on Linux: [Differences between
-> Docker Desktop for Linux and Docker Engine][docker-variant].
+Multipurpose Docker environments to run, test and build `wazuh-indexer`.
 
 ## Pre-requisites
 
-1. Assign resources to [Docker Desktop][docker-desktop]. The requirements for the
-   environments are:
+1. Install [Docker][docker] as per its instructions.
+
+1. Your workstation must meet the minimum hardware requirements:
 
    - 8 GB of RAM (minimum)
    - 4 cores
 
    The more resources the better ☺
 
-2. Clone the [wazuh-indexer][wi-repo].
-
-3. Set up user permissions
-
-   The Docker volumes will be created by the internal Docker user, making them
-   read-only. To prevent this, a new group named `docker-desktop` and GUID 100999
-   needs to be created, then added to your user and the source code folder:
-
-   ```bash
-   sudo groupadd -g 100999 docker-desktop
-   sudo useradd -u 100999 -g 100999 -M docker-desktop
-   sudo chown -R docker-desktop:docker-desktop $WZD_HOME
-   sudo usermod -aG docker-desktop $USER
-   ```
-
-## Understanding Docker contexts
-
-Before we begin starting Docker containers, we need to understand the
-differences between Docker Engine and Docker Desktop, more precisely, that the
-use different contexts.
-
-Carefully read these two sections of the Docker documentation:
-
-- [Differences between Docker Desktop for Linux and Docker Engine][docker-variant].
-- [Switch between Docker Desktop and Docker Engine][docker-context].
-
-Docker Desktop will change to its context automatically at start, so be sure
-that any existing Docker container using the default context is **stopped**
-before starting Docker Desktop and any of the environments in this folder.
+1. Clone the [wazuh-indexer][wi-repo].
 
 ## Development environments
 
@@ -61,34 +25,31 @@ Example:
 Usage: ./dev.sh {up|down|stop}
 ```
 
-Once the `wi-dev:x.y.z` container is up, attach a shell to it and run `./gradlew run`
-to start the application.
+Once the `wi-dev:x.y.z` container is up, attach a shell to it and run `./gradlew run` to start the application.
 
 ## Containers to generate packages
 
 Use the `ci/ci.sh` script to start provisioned containers to generate packages.
 
 ```bash
-Usage: ./ci.sh {up|down|stop} [ci]
+Usage: ./ci.sh {up|down|stop}
 ```
 
-Refer to [scripts/README.md](../scripts/README.md) for details about how to build packages.
+Refer to [build-scripts/README.md](../build-scripts/README.md) for details about how to build packages.
 
-[docker-desktop]: https://docs.docker.com/get-docker
-[docker-variant]: https://docs.docker.com/desktop/install/linux-install/#differences-between-docker-desktop-for-linux-and-docker-engine
-[docker-context]: https://docs.docker.com/desktop/install/linux-install/#context
+[docker]: https://docs.docker.com/engine/install
 [wi-repo]: https://github.com/wazuh/wazuh-indexer
 
 ## Building Docker images
 
-The [prod](./prod) folder contains the code to build Docker images. A tarball of `wazuh-indexer` needs to be located at the same level that the Dockerfile. Below there is example of the command needed to build the image. Set the build arguments and the image tag accordingly.
+The [prod](./prod) folder contains the code to build Docker images. A tarball of `wazuh-indexer` needs to be located at the same level that the Dockerfile. Below there is an example of the command needed to build the image. Set the build arguments and the image tag accordingly.
 
 ```console
-docker build --build-arg="VERSION=4.10.0" --build-arg="INDEXER_TAR_NAME=wazuh-indexer-4.10.0-1_linux-x64_cfca84f.tar.gz" --tag=wazuh-indexer:4.10.0 --progress=plain --no-cache .
+docker build --build-arg="VERSION=5.0.0" --build-arg="INDEXER_TAR_NAME=wazuh-indexer-5.0.0-1_linux-x64_cfca84f.tar.gz" --tag=wazuh-indexer:5.0.0 --progress=plain --no-cache .
 ```
 
 Then, start a container with:
 
 ```console
-docker run -it --rm wazuh-indexer:4.10.0 
+docker run -it --rm wazuh-indexer:5.0.0 
 ```

docker/ci/ci.yml

@@ -1,5 +1,3 @@
-version: "3.9"
-
 services:
   # Essentially wi-dev, but doesn't expose port 9200
   wi-build:

docker/dev/dev.yml

@@ -1,5 +1,3 @@
-version: "3.9"
-
 services:
   wi-dev:
     image: wi-dev:${VERSION}

ecs/README.md

@@ -62,7 +62,6 @@ are generated. For example, to generate the mappings for the `vulnerability-dete
     ```console
     Loading schemas from git ref v8.11.0
     Running generator. ECS version 8.11.0
-    Replacing "match_only_text" type with "text"
     Mappings saved to ~/wazuh/wazuh-indexer/ecs/vulnerability-detector/mappings/v8.11.0
     ```