diff --git a/build-scripts/assemble.sh b/build-scripts/assemble.sh index a699db4d86868..6d0d8fcb40857 100644 --- a/build-scripts/assemble.sh +++ b/build-scripts/assemble.sh @@ -159,9 +159,9 @@ function parse_args() { # ==== function add_configuration_files() { # Add our settings to the configuration files - cat "$PATH_CONF/security/roles.wazuh.yml" >> "$PATH_CONF/opensearch-security/roles.yml" - cat "$PATH_CONF/security/roles_mapping.wazuh.yml" >> "$PATH_CONF/opensearch-security/roles_mapping.yml" - + cat "$PATH_CONF/security/roles.wazuh.yml" >>"$PATH_CONF/opensearch-security/roles.yml" + cat "$PATH_CONF/security/roles_mapping.wazuh.yml" >>"$PATH_CONF/opensearch-security/roles_mapping.yml" + cp "$PATH_CONF/opensearch.prod.yml" "$PATH_CONF/opensearch.yml" rm -r "$PATH_CONF/security" @@ -188,9 +188,16 @@ function add_wazuh_tools() { local download_url download_url="https://packages-dev.wazuh.com/${version}" - curl -sL "${download_url}/config.yml" -o "$PATH_PLUGINS/opensearch-security/tools/config.yml" - curl -sL "${download_url}/wazuh-passwords-tool.sh" -o "$PATH_PLUGINS/opensearch-security/tools/wazuh-passwords-tool.sh" - curl -sL "${download_url}/wazuh-certs-tool.sh" -o "$PATH_PLUGINS/opensearch-security/tools/wazuh-certs-tool.sh" + curl -sL "${download_url}/config.yml" -o "$PATH_PLUGINS"/opensearch-security/tools/config.yml + curl -sL "${download_url}/wazuh-passwords-tool.sh" -o "$PATH_PLUGINS"/opensearch-security/tools/wazuh-passwords-tool.sh + curl -sL "${download_url}/wazuh-certs-tool.sh" -o "$PATH_PLUGINS"/opensearch-security/tools/wazuh-certs-tool.sh +} + +# ==== +# Add demo certificates installer +# ==== +function add_demo_certs_installer() { + cp install-demo-certificates.sh "$PATH_PLUGINS"/opensearch-security/tools/ } # ==== @@ -282,6 +289,7 @@ function assemble_tar() { # Install plugins install_plugins "${version}" fix_log_rotation "${PATH_CONF}" + add_demo_certs_installer # Swap configuration files add_configuration_files remove_unneeded_files @@ -322,6 +330,7 @@ function assemble_rpm() { install_plugins "${version}" fix_log_rotation ${PATH_CONF} enable_performance_analyzer_rca ${src_path} + add_demo_certs_installer # Swap configuration files add_configuration_files remove_unneeded_files @@ -376,6 +385,7 @@ function assemble_deb() { install_plugins "${version}" fix_log_rotation ${PATH_CONF} enable_performance_analyzer_rca ${src_path} + add_demo_certs_installer # Swap configuration files add_configuration_files remove_unneeded_files @@ -421,6 +431,8 @@ function main() { TMP_DIR="${OUTPUT}/tmp/${TARGET}" mkdir -p "$TMP_DIR" cp "${OUTPUT}/dist/$ARTIFACT_BUILD_NAME" "${TMP_DIR}" + # Copy the demo certificates generator + cp distribution/packages/src/common/scripts/install-demo-certificates.sh "$TMP_DIR" case $PACKAGE in tar) diff --git a/distribution/packages/src/common/scripts/install-demo-certificates.sh b/distribution/packages/src/common/scripts/install-demo-certificates.sh new file mode 100644 index 0000000000000..698724f390bf7 --- /dev/null +++ b/distribution/packages/src/common/scripts/install-demo-certificates.sh @@ -0,0 +1,54 @@ +#!/bin/sh +# +# SPDX-License-Identifier: Apache-2.0 +# +# The OpenSearch Contributors require contributions made to +# this file be licensed under the Apache-2.0 license or a +# compatible open source license. + +# Directories +TMP_DIR="/tmp/wazuh-indexer/certs" +CERTS_DIR="/etc/wazuh-indexer/certs" + +# Create directories +mkdir -p "$TMP_DIR" + +# Root CA +openssl genrsa -out "$TMP_DIR/root-ca-key-temp.pem" 2048 +openssl req -new -x509 -sha256 -key "$TMP_DIR/root-ca-key-temp.pem" -subj "/OU=Wazuh/O=Wazuh/L=California/" -out "$TMP_DIR/root-ca.pem" -days 3650 + +# Admin cert +openssl genrsa -out "$TMP_DIR/admin-key-temp.pem" 2048 +openssl pkcs8 -inform PEM -outform PEM -in "$TMP_DIR/admin-key-temp.pem" -topk8 -nocrypt -v1 PBE-SHA1-3DES -out "$TMP_DIR/admin-key.pem" +openssl req -new -key "$TMP_DIR/admin-key.pem" -subj "/C=US/L=California/O=Wazuh/OU=Wazuh/CN=admin" -out "$TMP_DIR/admin.csr" +openssl x509 -req -in "$TMP_DIR/admin.csr" -CA "$TMP_DIR/root-ca.pem" -CAkey "$TMP_DIR/root-ca-key-temp.pem" -CAcreateserial -sha256 -out "$TMP_DIR/admin.pem" -days 3650 + +# Node cert +openssl genrsa -out "$TMP_DIR/indexer-key-temp.pem" 2048 +openssl pkcs8 -inform PEM -outform PEM -in "$TMP_DIR/indexer-key-temp.pem" -topk8 -nocrypt -v1 PBE-SHA1-3DES -out "$TMP_DIR/indexer-key.pem" +openssl req -new -key "$TMP_DIR/indexer-key.pem" -subj "/C=US/L=California/O=Wazuh/OU=Wazuh/CN=node-0.wazuh.indexer" -out "$TMP_DIR/indexer.csr" +cat <<'INDEXER_EXT' >$TMP_DIR/indexer.ext +subjectAltName = @alt_names +[alt_names] +DNS.1 = localhost +DNS.2 = *.wazuh.indexer +RID.1 = 1.2.3.4.5 +IP.1 = 127.0.0.1 +IP.2 = 0:0:0:0:0:0:0:1 +INDEXER_EXT + +openssl x509 -req -in "$TMP_DIR/indexer.csr" -CA "$TMP_DIR/root-ca.pem" -CAkey "$TMP_DIR/root-ca-key-temp.pem" -CAcreateserial -sha256 -out "$TMP_DIR/indexer.pem" -days 3650 -extfile "$TMP_DIR/indexer.ext" + +# Cleanup temporary files +rm "$TMP_DIR/"*.csr "$TMP_DIR"/*.ext "$TMP_DIR"/*.srl "$TMP_DIR"/*-temp.pem + +# Move certs to permanent location +mkdir -p "$CERTS_DIR" +mv "$TMP_DIR"/* "$CERTS_DIR/" + +chmod 500 "$CERTS_DIR" +chmod 400 "$CERTS_DIR"/* +chown -R wazuh-indexer:wazuh-indexer "$CERTS_DIR" + +# Cleanup /tmp directory +rm -r "$TMP_DIR" diff --git a/distribution/packages/src/deb/debian/postinst b/distribution/packages/src/deb/debian/postinst index b2288e99da164..be4863ef556be 100644 --- a/distribution/packages/src/deb/debian/postinst +++ b/distribution/packages/src/deb/debian/postinst @@ -32,7 +32,6 @@ chown -R wazuh-indexer:wazuh-indexer ${data_dir} chown -R wazuh-indexer:wazuh-indexer ${pid_dir} chown -R wazuh-indexer:wazuh-indexer ${tmp_dir} - export OPENSEARCH_PATH_CONF=${OPENSEARCH_PATH_CONF:-${config_dir}} # Apply Performance Analyzer settings, as per https://github.com/opensearch-project/opensearch-build/blob/2.18.0/scripts/pkg/build_templates/current/opensearch/deb/debian/postinst#L28-L37 if ! grep -q '## OpenSearch Performance Analyzer' "$OPENSEARCH_PATH_CONF/jvm.options"; then @@ -44,28 +43,34 @@ if ! grep -q '## OpenSearch Performance Analyzer' "$OPENSEARCH_PATH_CONF/jvm.opt echo "-Djdk.attach.allowAttachSelf=true" echo "-Djava.security.policy=file://$OPENSEARCH_PATH_CONF/opensearch-performance-analyzer/opensearch_security.policy" echo "--add-opens=jdk.attach/sun.tools.attach=ALL-UNNAMED" - } >> "$OPENSEARCH_PATH_CONF/jvm.options" + } >>"$OPENSEARCH_PATH_CONF/jvm.options" fi # Reload systemctl daemon -if command -v systemctl > /dev/null; then +if command -v systemctl >/dev/null; then systemctl daemon-reload fi # Reload other configs -if command -v systemctl > /dev/null; then +if command -v systemctl >/dev/null; then systemctl restart systemd-sysctl.service || true fi -if command -v systemd-tmpfiles > /dev/null; then +if command -v systemd-tmpfiles >/dev/null; then systemd-tmpfiles --create wazuh-indexer.conf fi +if ! [ -d "${config_dir}/certs" ] && [ -f "${product_dir}/plugins/opensearch-security/tools/install-demo-certificates.sh" ]; then + echo "No certificates detected in ${config_dir}, installing demo certificates..." + echo "### If you are using a custom certificates path, ignore this message." + bash "${product_dir}/plugins/opensearch-security/tools/install-demo-certificates.sh" >"${log_dir}/install_demo_certificates.log" 2>&1 +fi + if [ -f $restart_service ]; then rm -f $restart_service echo "Restarting wazuh-indexer service..." - if command -v systemctl > /dev/null; then - systemctl restart wazuh-indexer.service > /dev/null 2>&1 + if command -v systemctl >/dev/null; then + systemctl restart wazuh-indexer.service >/dev/null 2>&1 fi exit 0 fi diff --git a/distribution/packages/src/rpm/wazuh-indexer.rpm.spec b/distribution/packages/src/rpm/wazuh-indexer.rpm.spec index ce9ede8879523..bd54d4220db54 100644 --- a/distribution/packages/src/rpm/wazuh-indexer.rpm.spec +++ b/distribution/packages/src/rpm/wazuh-indexer.rpm.spec @@ -207,6 +207,12 @@ if command -v systemd-tmpfiles > /dev/null; then systemd-tmpfiles --create %{name}.conf fi +if ! [ -d %{config_dir}/certs ] && [ -f %{product_dir}/plugins/opensearch-security/tools/install-demo-certificates.sh ]; then + echo "No certificates detected in %{config_dir}, installing demo certificates..." + echo "### If you are using a custom certificates path, ignore this message." + bash %{product_dir}/plugins/opensearch-security/tools/install-demo-certificates.sh > %{log_dir}/install_demo_certificates.log 2>&1 +fi + if [ -f %{tmp_dir}/wazuh-indexer.restart ]; then rm -f %{tmp_dir}/wazuh-indexer.restart if command -v systemctl > /dev/null; then diff --git a/ecs/docs/README.md b/ecs/docs/README.md new file mode 100644 index 0000000000000..a94635cbce67b --- /dev/null +++ b/ecs/docs/README.md @@ -0,0 +1,22 @@ +# Wazuh Common Schema + +The Wazuh Common Schema is a derivation of the [Elastic Common Schema](https://www.elastic.co/guide/en/ecs/current/ecs-field-reference.html) (ECS) providing a common data schema for the different central components of Wazuh. + +- [agent](./agent.md) +- [alerts](alerts.md) +- [command](commands.md) +- [states-fim](states-fim.md) +- [states-inventory-hardware](states-inventory-hardware.md) +- [states-inventory-hotfixes](states-inventory-hotfixes.md) +- [states-inventory-networks](states-inventory-networks.md) +- [states-inventory-packages](states-inventory-packages.md) +- [states-inventory-ports](states-inventory-ports.md) +- [states-inventory-processes](states-inventory-processes.md) +- [states-inventory-system](states-inventory-system.md) +- [states-vulnerabilities](states-vulnerabilities.md) + +--- + +### Useful resources +For more information and additional resources, please refer to the following links: +- [ECS schemas repository](https://github.com/elastic/ecs/tree/main/schemas) diff --git a/ecs/docs/inventory-hardware.md b/ecs/docs/inventory-hardware.md index 75baa484b83d1..832bacfbb1ae4 100644 --- a/ecs/docs/inventory-hardware.md +++ b/ecs/docs/inventory-hardware.md @@ -34,25 +34,17 @@ fields: "@timestamp": {} agent: fields: - id: {} groups: {} + id: {} + name: {} + type: {} + version: {} + host: + fields: "*" observer: fields: serial_number: {} - host: - fields: - memory: - fields: - total: {} - free: {} - used: - fields: - percentage: {} - cpu: - fields: - name: {} - cores: {} - speed: {} + ``` ### Index settings @@ -64,77 +56,12 @@ fields: "template": { "settings": { "index": { - "number_of_replicas": "0", "number_of_shards": "1", - "query.default_field": ["observer.board_serial"], - "refresh_interval": "5s" - } - }, - "mappings": { - "date_detection": false, - "dynamic": "strict", - "properties": { - "@timestamp": { - "type": "date" - }, - "agent": { - "properties": { - "groups": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "host": { - "properties": { - "cpu": { - "properties": { - "cores": { - "type": "long" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "speed": { - "type": "long" - } - }, - "type": "object" - }, - "memory": { - "properties": { - "free": { - "type": "long" - }, - "total": { - "type": "long" - }, - "used": { - "properties": { - "percentage": { - "type": "long" - } - }, - "type": "object" - } - }, - "type": "object" - } - } - }, - "observer": { - "properties": { - "serial_number": { - "ignore_above": 1024, - "type": "keyword" - } - } - } + "number_of_replicas": "0", + "refresh_interval": "5s", + "query.default_field": [ + "observer.board_serial" + ] } } } diff --git a/ecs/docs/inventory-hotfixes.md b/ecs/docs/inventory-hotfixes.md index fadc5377da19c..17606d9dba4ee 100644 --- a/ecs/docs/inventory-hotfixes.md +++ b/ecs/docs/inventory-hotfixes.md @@ -27,13 +27,19 @@ fields: "@timestamp": {} agent: fields: - id: {} groups: {} + id: {} + name: {} + type: {} + version: {} + host: + fields: "*" package: fields: hotfix: fields: name: {} + ``` ### Index settings @@ -45,44 +51,12 @@ fields: "template": { "settings": { "index": { - "number_of_replicas": "0", "number_of_shards": "1", - "query.default_field": ["package.hotfix.name"], - "refresh_interval": "5s" - } - }, - "mappings": { - "date_detection": false, - "dynamic": "strict", - "properties": { - "@timestamp": { - "type": "date" - }, - "agent": { - "properties": { - "groups": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "package": { - "properties": { - "hotfix": { - "properties": { - "name": { - "ignore_above": 1024, - "type": "keyword" - } - }, - "type": "object" - } - } - } + "number_of_replicas": "0", + "refresh_interval": "5s", + "query.default_field": [ + "package.hotfix.name" + ] } } } diff --git a/ecs/docs/inventory-networks.md b/ecs/docs/inventory-networks.md index 23f52bfda8558..87115fdc87608 100644 --- a/ecs/docs/inventory-networks.md +++ b/ecs/docs/inventory-networks.md @@ -58,8 +58,6 @@ fields: version: {} host: fields: "*" - host: - fields: "*" interface: fields: mtu: {} @@ -94,8 +92,9 @@ fields: "template": { "settings": { "index": { - "number_of_replicas": "0", "number_of_shards": "1", + "number_of_replicas": "0", + "refresh_interval": "5s", "query.default_field": [ "agent.id", "agent.groups", @@ -105,149 +104,7 @@ fields: "observer.ingress.interface.name", "observer.ingress.interface.alias", "process.name" - ], - "refresh_interval": "5s" - } - }, - "mappings": { - "date_detection": false, - "dynamic": "strict", - "properties": { - "@timestamp": { - "type": "date" - }, - "agent": { - "properties": { - "groups": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "destination": { - "properties": { - "ip": { - "type": "ip" - }, - "port": { - "type": "long" - } - } - }, - "device": { - "properties": { - "id": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "file": { - "properties": { - "inode": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "host": { - "properties": { - "ip": { - "type": "ip" - }, - "mac": { - "ignore_above": 1024, - "type": "keyword" - }, - "network": { - "properties": { - "egress": { - "properties": { - "bytes": { - "type": "long" - }, - "packets": { - "type": "long" - } - } - }, - "ingress": { - "properties": { - "bytes": { - "type": "long" - }, - "packets": { - "type": "long" - } - } - } - } - } - } - }, - "network": { - "properties": { - "protocol": { - "ignore_above": 1024, - "type": "keyword" - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "observer": { - "properties": { - "ingress": { - "properties": { - "interface": { - "properties": { - "alias": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - }, - "type": "object" - } - } - }, - "process": { - "properties": { - "name": { - "fields": { - "text": { - "type": "match_only_text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "pid": { - "type": "long" - } - } - }, - "source": { - "properties": { - "ip": { - "type": "ip" - }, - "port": { - "type": "long" - } - } - } + ] } } } diff --git a/ecs/docs/inventory-packages.md b/ecs/docs/inventory-packages.md index 8091da88b85fa..417b7bced0bc5 100644 --- a/ecs/docs/inventory-packages.md +++ b/ecs/docs/inventory-packages.md @@ -47,10 +47,16 @@ fields: base: fields: "@timestamp": {} + tags: [] agent: fields: - id: {} groups: {} + id: {} + name: {} + type: {} + version: {} + host: + fields: "*" package: fields: architecture: "" @@ -61,6 +67,7 @@ fields: size: {} type: "" version: "" + ``` ### Index settings @@ -78,7 +85,7 @@ fields: "query.default_field": [ "agent.id", "agent.groups", - "package.architecture" + "package.architecture", "package.name", "package.version", "package.type" diff --git a/ecs/docs/inventory-ports.md b/ecs/docs/inventory-ports.md index 863d2a000ac41..bbad0b8842f52 100644 --- a/ecs/docs/inventory-ports.md +++ b/ecs/docs/inventory-ports.md @@ -40,8 +40,13 @@ fields: "@timestamp": {} agent: fields: - id: {} groups: {} + id: {} + name: {} + type: {} + version: {} + host: + fields: "*" destination: fields: ip: {} @@ -52,16 +57,6 @@ fields: file: fields: inode: {} - host: - fields: - network: - fields: - egress: - fields: - queue: {} - ingress: - fields: - queue: {} network: fields: protocol: {} diff --git a/ecs/docs/inventory-processes.md b/ecs/docs/inventory-processes.md index 087838f7f9c46..81572b8979705 100644 --- a/ecs/docs/inventory-processes.md +++ b/ecs/docs/inventory-processes.md @@ -66,10 +66,16 @@ fields: base: fields: "@timestamp": {} + tags: [] agent: fields: - id: {} groups: {} + id: {} + name: {} + type: {} + version: {} + host: + fields: "*" process: fields: pid: {} @@ -101,7 +107,48 @@ fields: thread: fields: id: "" - tty: {} +``` + +```yml +--- +- name: agent + title: Wazuh Agents + short: Wazuh Inc. custom fields. + type: group + group: 2 + fields: + - name: groups + type: keyword + level: custom + description: > + List of groups the agent belong to. +``` + +```yml +--- +- name: host + reusable: + top_level: true + expected: + - { at: agent, as: host } +``` + +```yml +--- +- name: os + reusable: + top_level: false + expected: + - agent.host +``` + +```yml +--- +- name: risk + reusable: + top_level: false + expected: + - agent.host ``` ### Index settings diff --git a/ecs/docs/states-fim.md b/ecs/docs/states-fim.md index 129fcf9ec94a6..af48052fdfff2 100644 --- a/ecs/docs/states-fim.md +++ b/ecs/docs/states-fim.md @@ -38,12 +38,20 @@ Based on ECS: ```yml --- -name: fim +name: wazuh-states-fim fields: + base: + fields: + tags: [] agent: fields: - id: {} groups: {} + id: {} + name: {} + type: {} + version: {} + host: + fields: "*" file: fields: attributes: {} diff --git a/ecs/docs/states-vulnerability.md b/ecs/docs/states-vulnerability.md index 61718d1419873..c40a6e0709524 100644 --- a/ecs/docs/states-vulnerability.md +++ b/ecs/docs/states-vulnerability.md @@ -67,21 +67,19 @@ Based on ECS: name: wazuh-states-vulnerabilities fields: base: - tags: [] + fields: + tags: [] agent: - fields: "*" + fields: + groups: {} + id: {} + name: {} + type: {} + version: {} + host: + fields: "*" package: fields: "*" - host: - fields: - os: - fields: - full: "" - kernel: "" - name: "" - platform: "" - type: "" - version: "" vulnerability: fields: "*" wazuh: @@ -89,7 +87,6 @@ fields: ``` ```yml ---- - name: vulnerability title: Vulnerability group: 2 @@ -123,7 +120,6 @@ fields: ```yml --- ---- - name: wazuh title: Wazuh description: > @@ -151,26 +147,23 @@ fields: ```json { "index_patterns": ["wazuh-states-vulnerabilities*"], - "priority": 1, - "template": { - "settings": { - "index": { - "number_of_shards": "1", - "number_of_replicas": "0", - "refresh_interval": "5s", - "query.default_field": [ - "agent.id", - "agent.groups", - "host.os.full", - "host.os.version", - "package.name", - "package.version", - "vulnerability.id", - "vulnerability.description", - "vulnerability.severity", - "wazuh.cluster.name" - ] - } + "settings": { + "index": { + "number_of_shards": "1", + "number_of_replicas": "0", + "refresh_interval": "5s", + "query.default_field": [ + "agent.id", + "agent.groups", + "host.os.full", + "host.os.version", + "package.name", + "package.version", + "vulnerability.id", + "vulnerability.description", + "vulnerability.severity", + "wazuh.cluster.name" + ] } } } diff --git a/ecs/states-fim/event-generator/event_generator.py b/ecs/states-fim/event-generator/event_generator.py index 9c733c286bd43..5cd14d0b389c2 100644 --- a/ecs/states-fim/event-generator/event_generator.py +++ b/ecs/states-fim/event-generator/event_generator.py @@ -155,7 +155,6 @@ def generate_random_data(number): event_data = { 'agent': generate_random_agent(), 'file': generate_random_file(), - 'host': generate_random_host(), 'registry': generate_random_registry() } data.append(event_data) diff --git a/ecs/states-fim/fields/subset.yml b/ecs/states-fim/fields/subset.yml index a9e6f01ce45b0..7eab78e238a21 100644 --- a/ecs/states-fim/fields/subset.yml +++ b/ecs/states-fim/fields/subset.yml @@ -33,11 +33,7 @@ fields: type: {} uid: {} owner: {} - host: - fields: "*" registry: fields: key: {} value: {} - - diff --git a/ecs/states-inventory-hardware/event-generator/event_generator.py b/ecs/states-inventory-hardware/event-generator/event_generator.py index 779272592da66..a04151219aa3c 100644 --- a/ecs/states-inventory-hardware/event-generator/event_generator.py +++ b/ecs/states-inventory-hardware/event-generator/event_generator.py @@ -145,7 +145,6 @@ def generate_random_data(number): event_data = { '@timestamp': generate_random_date(), 'agent': generate_random_agent(), - 'host': generate_random_host(), 'observer': generate_random_observer() } data.append(event_data) diff --git a/ecs/states-inventory-hardware/fields/subset.yml b/ecs/states-inventory-hardware/fields/subset.yml index da5a194e26ddf..609d4a0050acd 100644 --- a/ecs/states-inventory-hardware/fields/subset.yml +++ b/ecs/states-inventory-hardware/fields/subset.yml @@ -17,5 +17,3 @@ fields: observer: fields: serial_number: {} - host: - fields: "*" diff --git a/ecs/states-inventory-hotfixes/event-generator/event_generator.py b/ecs/states-inventory-hotfixes/event-generator/event_generator.py index 88cfdd0c76d82..048315afb8313 100644 --- a/ecs/states-inventory-hotfixes/event-generator/event_generator.py +++ b/ecs/states-inventory-hotfixes/event-generator/event_generator.py @@ -137,7 +137,6 @@ def generate_random_data(number): event_data = { '@timestamp': generate_random_date(), 'agent': generate_random_agent(), - 'host': generate_random_host(), 'package': generate_random_package() } data.append(event_data) diff --git a/ecs/states-inventory-hotfixes/fields/subset.yml b/ecs/states-inventory-hotfixes/fields/subset.yml index 7bb4f66950326..3cbf6f38f132f 100644 --- a/ecs/states-inventory-hotfixes/fields/subset.yml +++ b/ecs/states-inventory-hotfixes/fields/subset.yml @@ -14,8 +14,6 @@ fields: version: {} host: fields: "*" - host: - fields: "*" package: fields: hotfix: diff --git a/ecs/states-inventory-networks/event-generator/event_generator.py b/ecs/states-inventory-networks/event-generator/event_generator.py index b934230344bd4..5377f30f13249 100644 --- a/ecs/states-inventory-networks/event-generator/event_generator.py +++ b/ecs/states-inventory-networks/event-generator/event_generator.py @@ -160,7 +160,6 @@ def generate_random_data(number): event_data = { '@timestamp': generate_random_date(), 'agent': generate_random_agent(), - 'host': generate_random_host(), 'network': generate_random_network(), 'observer': generate_random_observer(), 'interface': generate_random_interface() diff --git a/ecs/states-inventory-networks/fields/subset.yml b/ecs/states-inventory-networks/fields/subset.yml index 24392a19582a2..48d90261e03ac 100644 --- a/ecs/states-inventory-networks/fields/subset.yml +++ b/ecs/states-inventory-networks/fields/subset.yml @@ -14,8 +14,6 @@ fields: version: {} host: fields: "*" - host: - fields: "*" interface: fields: mtu: {} diff --git a/ecs/states-inventory-packages/event-generator/event_generator.py b/ecs/states-inventory-packages/event-generator/event_generator.py index fda9227d7c826..77034d735931e 100644 --- a/ecs/states-inventory-packages/event-generator/event_generator.py +++ b/ecs/states-inventory-packages/event-generator/event_generator.py @@ -142,7 +142,6 @@ def generate_random_data(number): event_data = { '@timestamp': generate_random_date(), 'agent': generate_random_agent(), - 'host': generate_random_host(), 'package': generate_random_package() } data.append(event_data) diff --git a/ecs/states-inventory-packages/fields/subset.yml b/ecs/states-inventory-packages/fields/subset.yml index f2fdfb2fad9a0..00ebd0b231be4 100644 --- a/ecs/states-inventory-packages/fields/subset.yml +++ b/ecs/states-inventory-packages/fields/subset.yml @@ -14,8 +14,6 @@ fields: version: {} host: fields: "*" - host: - fields: "*" package: fields: architecture: "" diff --git a/ecs/states-inventory-ports/event-generator/event_generator.py b/ecs/states-inventory-ports/event-generator/event_generator.py index bede09340b104..e409999521bb3 100644 --- a/ecs/states-inventory-ports/event-generator/event_generator.py +++ b/ecs/states-inventory-ports/event-generator/event_generator.py @@ -171,7 +171,6 @@ def generate_random_data(number): 'destination': generate_random_destination(), 'device': generate_random_device(), 'file': generate_random_file(), - 'host': generate_random_host(), 'network': { 'protocol': random.choice(['TCP', 'UDP', 'ICMP']) }, diff --git a/ecs/states-inventory-ports/fields/subset.yml b/ecs/states-inventory-ports/fields/subset.yml index 549917083aaa8..54a87eef42b81 100644 --- a/ecs/states-inventory-ports/fields/subset.yml +++ b/ecs/states-inventory-ports/fields/subset.yml @@ -24,8 +24,6 @@ fields: file: fields: inode: {} - host: - fields: "*" network: fields: protocol: {} diff --git a/ecs/states-inventory-processes/event-generator/event_generator.py b/ecs/states-inventory-processes/event-generator/event_generator.py index 3395616d104c9..3da0e29cd07a2 100644 --- a/ecs/states-inventory-processes/event-generator/event_generator.py +++ b/ecs/states-inventory-processes/event-generator/event_generator.py @@ -163,7 +163,6 @@ def generate_random_data(number): event_data = { '@timestamp': generate_random_date(), 'agent': generate_random_agent(), - 'host': generate_random_host(), 'process': generate_random_process() } data.append(event_data) diff --git a/ecs/states-inventory-processes/fields/custom/host.yml b/ecs/states-inventory-processes/fields/custom/host.yml index a0356d13da657..5bf50e3e3f675 100644 --- a/ecs/states-inventory-processes/fields/custom/host.yml +++ b/ecs/states-inventory-processes/fields/custom/host.yml @@ -3,4 +3,4 @@ reusable: top_level: true expected: - - { at: agent, as: host } \ No newline at end of file + - { at: agent, as: host } diff --git a/ecs/states-inventory-processes/fields/custom/os.yml b/ecs/states-inventory-processes/fields/custom/os.yml index 952c2d6e93a40..0181d44d62751 100644 --- a/ecs/states-inventory-processes/fields/custom/os.yml +++ b/ecs/states-inventory-processes/fields/custom/os.yml @@ -3,4 +3,4 @@ reusable: top_level: false expected: - - agent.host \ No newline at end of file + - agent.host diff --git a/ecs/states-inventory-processes/fields/custom/risk.yml b/ecs/states-inventory-processes/fields/custom/risk.yml index 1c06213bc6205..599a04a4f9d17 100644 --- a/ecs/states-inventory-processes/fields/custom/risk.yml +++ b/ecs/states-inventory-processes/fields/custom/risk.yml @@ -3,4 +3,4 @@ reusable: top_level: false expected: - - agent.host \ No newline at end of file + - agent.host diff --git a/ecs/states-inventory-processes/fields/subset.yml b/ecs/states-inventory-processes/fields/subset.yml index 55693facfee71..16ccccb2dfb9a 100644 --- a/ecs/states-inventory-processes/fields/subset.yml +++ b/ecs/states-inventory-processes/fields/subset.yml @@ -14,8 +14,6 @@ fields: version: {} host: fields: "*" - host: - fields: "*" process: fields: pid: {} diff --git a/ecs/states-vulnerabilities/event-generator/event_generator.py b/ecs/states-vulnerabilities/event-generator/event_generator.py index de80c8bf49e92..f3e0704ff1b3a 100644 --- a/ecs/states-vulnerabilities/event-generator/event_generator.py +++ b/ecs/states-vulnerabilities/event-generator/event_generator.py @@ -173,7 +173,6 @@ def generate_random_data(number): for _ in range(number): event_data = { 'agent': generate_random_agent(), - 'host': generate_random_host(), 'package': generate_random_package(), 'vulnerability': generate_random_vulnerability() } diff --git a/ecs/states-vulnerabilities/fields/subset.yml b/ecs/states-vulnerabilities/fields/subset.yml index d0b44d3a712f1..2981f226f774d 100644 --- a/ecs/states-vulnerabilities/fields/subset.yml +++ b/ecs/states-vulnerabilities/fields/subset.yml @@ -15,8 +15,6 @@ fields: fields: "*" package: fields: "*" - host: - fields: "*" vulnerability: fields: "*" wazuh: diff --git a/test-tools/Vagrantfile b/test-tools/Vagrantfile index b922ddc66cf21..b18aaa27177dc 100644 --- a/test-tools/Vagrantfile +++ b/test-tools/Vagrantfile @@ -19,7 +19,7 @@ Vagrant.configure("2") do |config| systemctl stop firewalld systemctl disable firewalld yum clean all - yum install curl jq unzip tar -y + yum install jq unzip tar -y # Add node-2 to /etc/hosts echo "192.168.56.11 node-2" >> /etc/hosts # Copy generated certificates