diff --git a/CHANGELOG.md b/CHANGELOG.md index 6eb7cf1177..ace26016b6 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -8,6 +8,7 @@ All notable changes to the Wazuh app project will be documented in this file. - Support for Wazuh 5.0.0 - Added creation of report definition when creating dashboard by reference and the button to reset the report [#7091](https://github.com/wazuh/wazuh-dashboard-plugins/pull/7091) +- Added an initilization service to core plugin to run the initilization tasks related to user scope [#7145](https://github.com/wazuh/wazuh-dashboard-plugins/pull/7145) ### Removed diff --git a/plugins/main/public/components/overview/vulnerabilities/common/hocs/validate-vulnerabilities-states-index-pattern.tsx b/plugins/main/public/components/overview/vulnerabilities/common/hocs/validate-vulnerabilities-states-index-pattern.tsx index 5e47789b24..c5c819eab2 100644 --- a/plugins/main/public/components/overview/vulnerabilities/common/hocs/validate-vulnerabilities-states-index-pattern.tsx +++ b/plugins/main/public/components/overview/vulnerabilities/common/hocs/validate-vulnerabilities-states-index-pattern.tsx @@ -28,7 +28,7 @@ async function checkExistenceIndices(indexPatternId: string) { async function createIndexPattern(indexPattern, fields: any) { try { - await SavedObject.createSavedObjectIndexPattern( + await SavedObject.createSavedObject( 'index-pattern', indexPattern, { diff --git a/plugins/wazuh-core/common/services/initialization/constants.ts b/plugins/wazuh-core/common/services/initialization/constants.ts new file mode 100644 index 0000000000..42f427a5ea --- /dev/null +++ b/plugins/wazuh-core/common/services/initialization/constants.ts @@ -0,0 +1,16 @@ +export const INITIALIZATION_TASK = { + RUN_STATUS: { + NOT_STARTED: 'not_started', + RUNNING: 'running', + FINISHED: 'finished', + }, + RUN_RESULT: { + NULL: null, + SUCCESS: 'success', + FAIL: 'fail', + }, + CONTEXT: { + INTERNAL: 'internal', + USER: 'user', + }, +} as const; diff --git a/plugins/wazuh-core/common/services/initialization/types.ts b/plugins/wazuh-core/common/services/initialization/types.ts new file mode 100644 index 0000000000..93894a003e --- /dev/null +++ b/plugins/wazuh-core/common/services/initialization/types.ts @@ -0,0 +1,13 @@ +import { INITIALIZATION_TASK } from './constants'; + +type RunStatusEnum = (typeof INITIALIZATION_TASK)['RUN_STATUS']; + +export type InitializationTaskRunStatus = RunStatusEnum[keyof RunStatusEnum]; + +type RunResultEnum = (typeof INITIALIZATION_TASK)['RUN_RESULT']; + +export type InitializationTaskRunResult = RunResultEnum[keyof RunResultEnum]; + +type ContextEnum = (typeof INITIALIZATION_TASK)['CONTEXT']; + +export type InitializationTaskContext = ContextEnum[keyof ContextEnum]; diff --git a/plugins/wazuh-core/server/index.ts b/plugins/wazuh-core/server/index.ts index adf9ef623d..26e39fdf47 100644 --- a/plugins/wazuh-core/server/index.ts +++ b/plugins/wazuh-core/server/index.ts @@ -8,5 +8,5 @@ export function plugin(initializerContext: PluginInitializerContext) { return new WazuhCorePlugin(initializerContext); } -export type { WazuhCorePluginSetup, WazuhCorePluginStart } from './types'; +export * from './types'; export type { IConfigurationEnhanced } from './services/enhance-configuration'; diff --git a/plugins/wazuh-core/server/initialization/index-patterns-fields/alerts-fields.json b/plugins/wazuh-core/server/initialization/index-patterns-fields/alerts-fields.json new file mode 100644 index 0000000000..56048c13d6 --- /dev/null +++ b/plugins/wazuh-core/server/initialization/index-patterns-fields/alerts-fields.json @@ -0,0 +1,3473 @@ +[ + { + "name": "_id", + "type": "string", + "esTypes": ["_id"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": false + }, + { + "name": "_index", + "type": "string", + "esTypes": ["_index"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": false + }, + { + "name": "_score", + "type": "number", + "searchable": false, + "aggregatable": false, + "readFromDocValues": false + }, + { + "name": "_source", + "type": "_source", + "esTypes": ["_source"], + "searchable": false, + "aggregatable": false, + "readFromDocValues": false + }, + { + "name": "_type", + "type": "string", + "esTypes": ["_type"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": false + }, + { + "name": "@timestamp", + "type": "date", + "esTypes": ["date"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "@version", + "type": "string", + "esTypes": ["text"], + "searchable": true, + "aggregatable": false, + "readFromDocValues": false + }, + { + "name": "GeoLocation.area_code", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "GeoLocation.city_name", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "GeoLocation.continent_code", + "type": "string", + "esTypes": ["text"], + "searchable": true, + "aggregatable": false, + "readFromDocValues": false + }, + { + "name": "GeoLocation.coordinates", + "type": "number", + "esTypes": ["double"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "GeoLocation.country_code2", + "type": "string", + "esTypes": ["text"], + "searchable": true, + "aggregatable": false, + "readFromDocValues": false + }, + { + "name": "GeoLocation.country_code3", + "type": "string", + "esTypes": ["text"], + "searchable": true, + "aggregatable": false, + "readFromDocValues": false + }, + { + "name": "GeoLocation.country_name", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "GeoLocation.dma_code", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "GeoLocation.ip", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "GeoLocation.latitude", + "type": "number", + "esTypes": ["double"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "GeoLocation.location", + "type": "geo_point", + "esTypes": ["geo_point"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "GeoLocation.longitude", + "type": "number", + "esTypes": ["double"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "GeoLocation.postal_code", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "GeoLocation.real_region_name", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "GeoLocation.region_name", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "GeoLocation.timezone", + "type": "string", + "esTypes": ["text"], + "searchable": true, + "aggregatable": false, + "readFromDocValues": false + }, + { + "name": "agent.id", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.ip", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.name", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "cluster.name", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "cluster.node", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "command", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "data.action", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "data.audit.acct", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "data.audit.arch", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "data.audit.auid", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "data.audit.command", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "data.audit.cwd", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "data.audit.dev", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "data.audit.directory.inode", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "data.audit.directory.mode", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "data.audit.directory.name", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "data.audit.egid", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "data.audit.enforcing", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "data.audit.euid", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "data.audit.exe", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "data.audit.execve.a0", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "data.audit.execve.a1", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "data.audit.execve.a2", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "data.audit.execve.a3", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "data.audit.exit", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "data.audit.file.inode", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "data.audit.file.mode", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "data.audit.file.name", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "data.audit.fsgid", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "data.audit.fsuid", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "data.audit.gid", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "data.audit.id", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "data.audit.key", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "data.audit.list", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "data.audit.old-auid", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "data.audit.old-ses", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "data.audit.old_enforcing", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "data.audit.old_prom", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "data.audit.op", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "data.audit.pid", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "data.audit.ppid", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "data.audit.prom", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "data.audit.res", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "data.audit.session", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "data.audit.sgid", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "data.audit.srcip", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "data.audit.subj", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "data.audit.success", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "data.audit.suid", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "data.audit.syscall", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "data.audit.tty", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "data.audit.type", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "data.audit.uid", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "data.aws.bytes", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "data.aws.createdAt", + "type": "date", + "esTypes": ["date"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "data.aws.dstaddr", + "type": "ip", + "esTypes": ["ip"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "data.aws.end", + "type": "date", + "esTypes": ["date"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "data.aws.resource.instanceDetails.launchTime", + "type": "date", + "esTypes": ["date"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "data.aws.resource.instanceDetails.networkInterfaces.privateIpAddress", + "type": "ip", + "esTypes": ["ip"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "data.aws.resource.instanceDetails.networkInterfaces.publicIp", + "type": "ip", + "esTypes": ["ip"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "data.aws.service.action.networkConnectionAction.remoteIpDetails.geoLocation", + "type": "geo_point", + "esTypes": ["geo_point"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "data.aws.service.action.networkConnectionAction.remoteIpDetails.ipAddressV4", + "type": "ip", + "esTypes": ["ip"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "data.aws.service.count", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "data.aws.service.eventFirstSeen", + "type": "date", + "esTypes": ["date"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "data.aws.service.eventLastSeen", + "type": "date", + "esTypes": ["date"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "data.aws.source_ip_address", + "type": "ip", + "esTypes": ["ip"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "data.aws.srcaddr", + "type": "ip", + "esTypes": ["ip"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "data.aws.start", + "type": "date", + "esTypes": ["date"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "data.aws.updatedAt", + "type": "date", + "esTypes": ["date"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "data.aws.log_info.s3bucket", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "data.aws.source", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "data.aws.accountId", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "data.aws.region", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "data.cis.benchmark", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "data.cis.error", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "data.cis.fail", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "data.cis.group", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "data.cis.notchecked", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "data.cis.pass", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "data.cis.result", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "data.cis.rule_title", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "data.cis.score", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "data.cis.timestamp", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "data.cis.unknown", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "data.command", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "data.data", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "data.docker.Action", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "data.docker.Actor.Attributes.image", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "data.docker.Actor.Attributes.name", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "data.docker.Type", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "data.dstip", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "data.dstport", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "data.dstuser", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "data.extra_data", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "data.file", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "data.gcp.jsonPayload.authAnswer", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "data.gcp.jsonPayload.queryName", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "data.gcp.jsonPayload.responseCode", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "data.gcp.jsonPayload.vmInstanceId", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "data.gcp.jsonPayload.vmInstanceName", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "data.gcp.resource.labels.location", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "data.gcp.resource.labels.project_id", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "data.gcp.resource.labels.source_type", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "data.gcp.resource.type", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "data.gcp.severity", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "data.github.action", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "data.github.actor", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "data.github.actor_location.country_code", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "data.github.org", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "data.github.repo", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "data.hardware.cpu_cores", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "data.hardware.cpu_mhz", + "type": "number", + "esTypes": ["double"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "data.hardware.cpu_name", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "data.hardware.ram_free", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "data.hardware.ram_total", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "data.hardware.ram_usage", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "data.hardware.serial", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "data.id", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "data.integration", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "data.netinfo.iface.adapter", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "data.netinfo.iface.ipv4.address", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "data.netinfo.iface.ipv4.broadcast", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "data.netinfo.iface.ipv4.dhcp", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "data.netinfo.iface.ipv4.gateway", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "data.netinfo.iface.ipv4.metric", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "data.netinfo.iface.ipv4.netmask", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "data.netinfo.iface.ipv6.address", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "data.netinfo.iface.ipv6.broadcast", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "data.netinfo.iface.ipv6.dhcp", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "data.netinfo.iface.ipv6.gateway", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "data.netinfo.iface.ipv6.metric", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "data.netinfo.iface.ipv6.netmask", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "data.netinfo.iface.mac", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "data.netinfo.iface.mtu", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "data.netinfo.iface.name", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "data.netinfo.iface.rx_bytes", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "data.netinfo.iface.rx_dropped", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "data.netinfo.iface.rx_errors", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "data.netinfo.iface.rx_packets", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "data.netinfo.iface.state", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "data.netinfo.iface.tx_bytes", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "data.netinfo.iface.tx_dropped", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "data.netinfo.iface.tx_errors", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "data.netinfo.iface.tx_packets", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "data.netinfo.iface.type", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "data.office365.Actor.ID", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "data.office365.ClientIP", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "data.office365.Operation", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "data.office365.ResultStatus", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "data.office365.Subscription", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "data.office365.UserId", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "data.os.architecture", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "data.os.build", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "data.os.codename", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "data.os.hostname", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "data.os.major", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "data.os.minor", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "data.os.name", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "data.os.platform", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "data.os.release", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "data.os.release_version", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "data.os.sysname", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "data.os.version", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "data.oscap.check.description", + "type": "string", + "esTypes": ["text"], + "searchable": true, + "aggregatable": false, + "readFromDocValues": false + }, + { + "name": "data.oscap.check.id", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "data.oscap.check.identifiers", + "type": "string", + "esTypes": ["text"], + "searchable": true, + "aggregatable": false, + "readFromDocValues": false + }, + { + "name": "data.oscap.check.oval.id", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "data.oscap.check.rationale", + "type": "string", + "esTypes": ["text"], + "searchable": true, + "aggregatable": false, + "readFromDocValues": false + }, + { + "name": "data.oscap.check.references", + "type": "string", + "esTypes": ["text"], + "searchable": true, + "aggregatable": false, + "readFromDocValues": false + }, + { + "name": "data.oscap.check.result", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "data.oscap.check.severity", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "data.oscap.check.title", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "data.oscap.scan.benchmark.id", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "data.oscap.scan.content", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "data.oscap.scan.id", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "data.oscap.scan.profile.id", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "data.oscap.scan.profile.title", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "data.oscap.scan.return_code", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "data.oscap.scan.score", + "type": "number", + "esTypes": ["double"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "data.osquery.action", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "data.osquery.calendarTime", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "data.osquery.name", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "data.osquery.pack", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "data.port.inode", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "data.port.local_ip", + "type": "ip", + "esTypes": ["ip"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "data.port.local_port", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "data.port.pid", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "data.port.process", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "data.port.protocol", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "data.port.remote_ip", + "type": "ip", + "esTypes": ["ip"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "data.port.remote_port", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "data.port.rx_queue", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "data.port.state", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "data.port.tx_queue", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "data.process.args", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "data.process.cmd", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "data.process.egroup", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "data.process.euser", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "data.process.fgroup", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "data.process.name", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "data.process.nice", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "data.process.nlwp", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "data.process.pgrp", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "data.process.pid", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "data.process.ppid", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "data.process.priority", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "data.process.processor", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "data.process.resident", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "data.process.rgroup", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "data.process.ruser", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "data.process.session", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "data.process.sgroup", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "data.process.share", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "data.process.size", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "data.process.start_time", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "data.process.state", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "data.process.stime", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "data.process.suser", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "data.process.tgid", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "data.process.tty", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "data.process.utime", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "data.process.vm_size", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "data.program.architecture", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "data.program.description", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "data.program.format", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "data.program.install_time", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "data.program.location", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "data.program.multiarch", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "data.program.name", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "data.program.priority", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "data.program.section", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "data.program.size", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "data.program.source", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "data.program.vendor", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "data.program.version", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "data.protocol", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "data.sca.check.command", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "data.sca.check.compliance.cis", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "data.sca.check.compliance.cis_csc", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "data.sca.check.compliance.hipaa", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "data.sca.check.compliance.nist_800_53", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "data.sca.check.compliance.pci_dss", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "data.sca.check.description", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "data.sca.check.directory", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "data.sca.check.file", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "data.sca.check.id", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "data.sca.check.previous_result", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "data.sca.check.process", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "data.sca.check.rationale", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "data.sca.check.reason", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "data.sca.check.references", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "data.sca.check.registry", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "data.sca.check.remediation", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "data.sca.check.result", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "data.sca.check.status", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "data.sca.check.title", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "data.sca.description", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "data.sca.failed", + "type": "number", + "esTypes": ["integer"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "data.sca.file", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "data.sca.invalid", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "data.sca.name", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "data.sca.passed", + "type": "number", + "esTypes": ["integer"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "data.sca.policy", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "data.sca.policy_id", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "data.sca.scan_id", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "data.sca.score", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "data.sca.total_checks", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "data.sca.type", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "data.srcip", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "data.srcport", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "data.srcuser", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "data.status", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "data.system_name", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "data.timestamp", + "type": "date", + "esTypes": ["date"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "data.title", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "data.type", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "data.uid", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "data.url", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "data.virustotal.description", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "data.virustotal.error", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "data.virustotal.found", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "data.virustotal.malicious", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "data.virustotal.permalink", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "data.virustotal.positives", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "data.virustotal.scan_date", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "data.virustotal.sha1", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "data.virustotal.source.alert_id", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "data.virustotal.source.file", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "data.virustotal.source.md5", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "data.virustotal.source.sha1", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "data.virustotal.total", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "data.vulnerability.assigner", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "data.vulnerability.cve", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "data.vulnerability.cve_version", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "data.vulnerability.cvss.cvss2.base_score", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "data.vulnerability.cvss.cvss2.exploitability_score", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "data.vulnerability.cvss.cvss2.impact_score", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "data.vulnerability.cvss.cvss2.vector.access_complexity", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "data.vulnerability.cvss.cvss2.vector.attack_vector", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "data.vulnerability.cvss.cvss2.vector.authentication", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "data.vulnerability.cvss.cvss2.vector.availability", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "data.vulnerability.cvss.cvss2.vector.confidentiality_impact", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "data.vulnerability.cvss.cvss2.vector.integrity_impact", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "data.vulnerability.cvss.cvss2.vector.privileges_required", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "data.vulnerability.cvss.cvss2.vector.scope", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "data.vulnerability.cvss.cvss2.vector.user_interaction", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "data.vulnerability.cvss.cvss3.base_score", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "data.vulnerability.cvss.cvss3.exploitability_score", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "data.vulnerability.cvss.cvss3.impact_score", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "data.vulnerability.cvss.cvss3.vector.access_complexity", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "data.vulnerability.cvss.cvss3.vector.attack_vector", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "data.vulnerability.cvss.cvss3.vector.authentication", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "data.vulnerability.cvss.cvss3.vector.availability", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "data.vulnerability.cvss.cvss3.vector.confidentiality_impact", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "data.vulnerability.cvss.cvss3.vector.integrity_impact", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "data.vulnerability.cvss.cvss3.vector.privileges_required", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "data.vulnerability.cvss.cvss3.vector.scope", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "data.vulnerability.cvss.cvss3.vector.user_interaction", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "data.vulnerability.cwe_reference", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "data.vulnerability.package.architecture", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "data.vulnerability.package.condition", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "data.vulnerability.package.generated_cpe", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "data.vulnerability.package.name", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "data.vulnerability.package.source", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "data.vulnerability.package.version", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "data.vulnerability.published", + "type": "date", + "esTypes": ["date"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "data.vulnerability.rationale", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "data.vulnerability.severity", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "data.vulnerability.title", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "data.vulnerability.updated", + "type": "date", + "esTypes": ["date"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "decoder.accumulate", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "decoder.fts", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "decoder.ftscomment", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "decoder.name", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "decoder.parent", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "full_log", + "type": "string", + "esTypes": ["text"], + "searchable": true, + "aggregatable": false, + "readFromDocValues": false + }, + { + "name": "host", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "id", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "input.type", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "location", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "manager.name", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "message", + "type": "string", + "esTypes": ["text"], + "searchable": true, + "aggregatable": false, + "readFromDocValues": false + }, + { + "name": "offset", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "predecoder.hostname", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "predecoder.program_name", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "predecoder.timestamp", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "previous_log", + "type": "string", + "esTypes": ["text"], + "searchable": true, + "aggregatable": false, + "readFromDocValues": false + }, + { + "name": "previous_output", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "program_name", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "rule.cis", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "rule.cis_csc", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "rule.cve", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "rule.description", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "rule.firedtimes", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "rule.frequency", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "rule.gdpr", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "rule.gpg13", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "rule.groups", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "rule.hipaa", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "rule.id", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "rule.info", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "rule.level", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "rule.mail", + "type": "boolean", + "esTypes": ["boolean"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "rule.mitre.id", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "rule.mitre.tactic", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "rule.mitre.technique", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "rule.nist_800_53", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "rule.pci_dss", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "rule.tsc", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "syscheck.audit.effective_user.id", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "syscheck.audit.effective_user.name", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "syscheck.audit.group.id", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "syscheck.audit.group.name", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "syscheck.audit.login_user.id", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "syscheck.audit.login_user.name", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "syscheck.audit.process.id", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "syscheck.audit.process.name", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "syscheck.audit.process.ppid", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "syscheck.audit.user.id", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "syscheck.audit.user.name", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "syscheck.diff", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "syscheck.event", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "syscheck.gid_after", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "syscheck.gid_before", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "syscheck.gname_after", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "syscheck.gname_before", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "syscheck.hard_links", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "syscheck.inode_after", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "syscheck.inode_before", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "syscheck.md5_after", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "syscheck.md5_before", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "syscheck.mode", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "syscheck.mtime_after", + "type": "date", + "esTypes": ["date"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "syscheck.mtime_before", + "type": "date", + "esTypes": ["date"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "syscheck.path", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "syscheck.perm_after", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "syscheck.perm_before", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "syscheck.sha1_after", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "syscheck.sha1_before", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "syscheck.sha256_after", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "syscheck.sha256_before", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "syscheck.size_after", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "syscheck.size_before", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "syscheck.tags", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "syscheck.uid_after", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "syscheck.uid_before", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "syscheck.uname_after", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "syscheck.uname_before", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "timestamp", + "type": "date", + "esTypes": ["date"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "title", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "type", + "type": "string", + "esTypes": ["text"], + "searchable": true, + "aggregatable": false, + "readFromDocValues": false + } +] diff --git a/plugins/wazuh-core/server/initialization/index-patterns-fields/monitoring-fields.json b/plugins/wazuh-core/server/initialization/index-patterns-fields/monitoring-fields.json new file mode 100644 index 0000000000..6b82becbdf --- /dev/null +++ b/plugins/wazuh-core/server/initialization/index-patterns-fields/monitoring-fields.json @@ -0,0 +1,245 @@ +[ + { + "name": "timestamp", + "type": "date", + "count": 0, + "scripted": false, + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "_id", + "type": "string", + "count": 0, + "scripted": false, + "searchable": true, + "aggregatable": true, + "readFromDocValues": false + }, + { + "name": "_index", + "type": "string", + "count": 0, + "scripted": false, + "searchable": true, + "aggregatable": true, + "readFromDocValues": false + }, + { + "name": "_score", + "type": "number", + "count": 0, + "scripted": false, + "searchable": false, + "aggregatable": false, + "readFromDocValues": false + }, + { + "name": "_source", + "type": "_source", + "count": 0, + "scripted": false, + "searchable": false, + "aggregatable": false, + "readFromDocValues": false + }, + { + "name": "_type", + "type": "string", + "count": 0, + "scripted": false, + "searchable": true, + "aggregatable": true, + "readFromDocValues": false + }, + { + "name": "dateAdd", + "type": "string", + "count": 0, + "scripted": false, + "searchable": true, + "aggregatable": false, + "readFromDocValues": false + }, + { + "name": "group", + "type": "string", + "count": 0, + "scripted": false, + "searchable": true, + "aggregatable": false, + "readFromDocValues": false + }, + { + "name": "host", + "type": "string", + "count": 0, + "scripted": false, + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "id", + "type": "string", + "count": 0, + "scripted": false, + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "ip", + "type": "string", + "count": 0, + "scripted": false, + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "lastKeepAlive", + "type": "string", + "count": 0, + "scripted": false, + "searchable": true, + "aggregatable": false, + "readFromDocValues": false + }, + { + "name": "cluster.name", + "type": "string", + "count": 0, + "scripted": false, + "searchable": true, + "aggregatable": false, + "readFromDocValues": false + }, + { + "name": "mergedSum", + "type": "string", + "count": 0, + "scripted": false, + "searchable": true, + "aggregatable": false, + "readFromDocValues": false + }, + { + "name": "configSum", + "type": "string", + "count": 0, + "scripted": false, + "searchable": true, + "aggregatable": false, + "readFromDocValues": false + }, + { + "name": "node_name", + "type": "string", + "count": 0, + "scripted": false, + "searchable": true, + "aggregatable": false, + "readFromDocValues": false + }, + { + "name": "manager", + "type": "string", + "count": 0, + "scripted": false, + "searchable": true, + "aggregatable": false, + "readFromDocValues": false + }, + { + "name": "name", + "type": "string", + "count": 0, + "scripted": false, + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "os.arch", + "type": "string", + "count": 0, + "scripted": false, + "searchable": true, + "aggregatable": false, + "readFromDocValues": false + }, + { + "name": "os.codename", + "type": "string", + "count": 0, + "scripted": false, + "searchable": true, + "aggregatable": false, + "readFromDocValues": false + }, + { + "name": "os.major", + "type": "string", + "count": 0, + "scripted": false, + "searchable": true, + "aggregatable": false, + "readFromDocValues": false + }, + { + "name": "os.name", + "type": "string", + "count": 0, + "scripted": false, + "searchable": true, + "aggregatable": false, + "readFromDocValues": false + }, + { + "name": "os.platform", + "type": "string", + "count": 0, + "scripted": false, + "searchable": true, + "aggregatable": false, + "readFromDocValues": false + }, + { + "name": "os.uname", + "type": "string", + "count": 0, + "scripted": false, + "searchable": true, + "aggregatable": false, + "readFromDocValues": false + }, + { + "name": "os.version", + "type": "string", + "count": 0, + "scripted": false, + "searchable": true, + "aggregatable": false, + "readFromDocValues": false + }, + { + "name": "status", + "type": "string", + "count": 0, + "scripted": false, + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "version", + "type": "string", + "count": 0, + "scripted": false, + "searchable": true, + "aggregatable": false, + "readFromDocValues": false + } +] diff --git a/plugins/wazuh-core/server/initialization/index-patterns-fields/statistics-fields.json b/plugins/wazuh-core/server/initialization/index-patterns-fields/statistics-fields.json new file mode 100644 index 0000000000..c89d99d72f --- /dev/null +++ b/plugins/wazuh-core/server/initialization/index-patterns-fields/statistics-fields.json @@ -0,0 +1,710 @@ +[ + { + "name": "analysisd.alerts_queue_size", + "type": "number", + "esTypes": ["long"], + "count": 0, + "scripted": false, + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "analysisd.alerts_queue_usage", + "type": "number", + "esTypes": ["long"], + "count": 0, + "scripted": false, + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "analysisd.alerts_written", + "type": "number", + "esTypes": ["long"], + "count": 0, + "scripted": false, + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "analysisd.archives_queue_size", + "type": "number", + "esTypes": ["long"], + "count": 0, + "scripted": false, + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "analysisd.archives_queue_usage", + "type": "number", + "esTypes": ["long"], + "count": 0, + "scripted": false, + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "analysisd.dbsync_mdps", + "type": "number", + "esTypes": ["long"], + "count": 0, + "scripted": false, + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "analysisd.dbsync_messages_dispatched", + "type": "number", + "esTypes": ["long"], + "count": 0, + "scripted": false, + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "analysisd.dbsync_queue_size", + "type": "number", + "esTypes": ["long"], + "count": 0, + "scripted": false, + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "analysisd.dbsync_queue_usage", + "type": "number", + "esTypes": ["long"], + "count": 0, + "scripted": false, + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "analysisd.event_queue_size", + "type": "number", + "esTypes": ["long"], + "count": 0, + "scripted": false, + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "analysisd.event_queue_usage", + "type": "number", + "esTypes": ["long"], + "count": 0, + "scripted": false, + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "analysisd.events_dropped", + "type": "number", + "esTypes": ["long"], + "count": 0, + "scripted": false, + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "analysisd.events_edps", + "type": "number", + "esTypes": ["long"], + "count": 0, + "scripted": false, + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "analysisd.events_processed", + "type": "number", + "esTypes": ["long"], + "count": 0, + "scripted": false, + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "analysisd.events_received", + "type": "number", + "esTypes": ["long"], + "count": 0, + "scripted": false, + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "analysisd.firewall_queue_size", + "type": "number", + "esTypes": ["long"], + "count": 0, + "scripted": false, + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "analysisd.firewall_queue_usage", + "type": "number", + "esTypes": ["long"], + "count": 0, + "scripted": false, + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "analysisd.firewall_written", + "type": "number", + "esTypes": ["long"], + "count": 0, + "scripted": false, + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "analysisd.fts_written", + "type": "number", + "esTypes": ["long"], + "count": 0, + "scripted": false, + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "analysisd.hostinfo_edps", + "type": "number", + "esTypes": ["long"], + "count": 0, + "scripted": false, + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "analysisd.hostinfo_events_decoded", + "type": "number", + "esTypes": ["long"], + "count": 0, + "scripted": false, + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "analysisd.hostinfo_queue_size", + "type": "number", + "esTypes": ["long"], + "count": 0, + "scripted": false, + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "analysisd.hostinfo_queue_usage", + "type": "number", + "esTypes": ["long"], + "count": 0, + "scripted": false, + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "analysisd.other_events_decoded", + "type": "number", + "esTypes": ["long"], + "count": 0, + "scripted": false, + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "analysisd.other_events_edps", + "type": "number", + "esTypes": ["long"], + "count": 0, + "scripted": false, + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "analysisd.rootcheck_edps", + "type": "number", + "esTypes": ["long"], + "count": 0, + "scripted": false, + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "analysisd.rootcheck_events_decoded", + "type": "number", + "esTypes": ["long"], + "count": 0, + "scripted": false, + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "analysisd.rootcheck_queue_size", + "type": "number", + "esTypes": ["long"], + "count": 0, + "scripted": false, + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "analysisd.rootcheck_queue_usage", + "type": "number", + "esTypes": ["long"], + "count": 0, + "scripted": false, + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "analysisd.rule_matching_queue_size", + "type": "number", + "esTypes": ["long"], + "count": 0, + "scripted": false, + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "analysisd.rule_matching_queue_usage", + "type": "number", + "esTypes": ["long"], + "count": 0, + "scripted": false, + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "analysisd.sca_edps", + "type": "number", + "esTypes": ["long"], + "count": 0, + "scripted": false, + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "analysisd.sca_events_decoded", + "type": "number", + "esTypes": ["long"], + "count": 0, + "scripted": false, + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "analysisd.sca_queue_size", + "type": "number", + "esTypes": ["long"], + "count": 0, + "scripted": false, + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "analysisd.sca_queue_usage", + "type": "number", + "esTypes": ["long"], + "count": 0, + "scripted": false, + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "analysisd.statistical_queue_size", + "type": "number", + "esTypes": ["long"], + "count": 0, + "scripted": false, + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "analysisd.statistical_queue_usage", + "type": "number", + "esTypes": ["long"], + "count": 0, + "scripted": false, + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "analysisd.syscheck_edps", + "type": "number", + "esTypes": ["long"], + "count": 0, + "scripted": false, + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "analysisd.syscheck_events_decoded", + "type": "number", + "esTypes": ["long"], + "count": 0, + "scripted": false, + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "analysisd.syscheck_queue_size", + "type": "number", + "esTypes": ["long"], + "count": 0, + "scripted": false, + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "analysisd.syscheck_queue_usage", + "type": "number", + "esTypes": ["long"], + "count": 0, + "scripted": false, + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "analysisd.syscollector_edps", + "type": "number", + "esTypes": ["long"], + "count": 0, + "scripted": false, + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "analysisd.syscollector_events_decoded", + "type": "number", + "esTypes": ["long"], + "count": 0, + "scripted": false, + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "analysisd.syscollector_queue_size", + "type": "number", + "esTypes": ["long"], + "count": 0, + "scripted": false, + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "analysisd.syscollector_queue_usage", + "type": "number", + "esTypes": ["long"], + "count": 0, + "scripted": false, + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "analysisd.total_events_decoded", + "type": "number", + "esTypes": ["long"], + "count": 0, + "scripted": false, + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "analysisd.winevt_edps", + "type": "number", + "esTypes": ["long"], + "count": 0, + "scripted": false, + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "analysisd.winevt_events_decoded", + "type": "number", + "esTypes": ["long"], + "count": 0, + "scripted": false, + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "analysisd.winevt_queue_size", + "type": "number", + "esTypes": ["long"], + "count": 0, + "scripted": false, + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "analysisd.winevt_queue_usage", + "type": "number", + "esTypes": ["long"], + "count": 0, + "scripted": false, + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "apiName", + "type": "string", + "esTypes": ["text"], + "count": 0, + "scripted": false, + "searchable": true, + "aggregatable": false, + "readFromDocValues": false + }, + { + "name": "apiName.keyword", + "type": "string", + "esTypes": ["keyword"], + "count": 0, + "scripted": false, + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { "multi": { "parent": "apiName" } } + }, + { + "name": "cluster", + "type": "string", + "esTypes": ["text"], + "count": 0, + "scripted": false, + "searchable": true, + "aggregatable": false, + "readFromDocValues": false + }, + { + "name": "cluster.keyword", + "type": "string", + "esTypes": ["keyword"], + "count": 0, + "scripted": false, + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { "multi": { "parent": "cluster" } } + }, + { + "name": "nodeName", + "type": "string", + "esTypes": ["text"], + "count": 0, + "scripted": false, + "searchable": true, + "aggregatable": false, + "readFromDocValues": false + }, + { + "name": "nodeName.keyword", + "type": "string", + "esTypes": ["keyword"], + "count": 0, + "scripted": false, + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { "multi": { "parent": "nodeName" } } + }, + { + "name": "remoted.ctrl_msg_count", + "type": "number", + "esTypes": ["long"], + "count": 0, + "scripted": false, + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "remoted.dequeued_after_close", + "type": "number", + "esTypes": ["long"], + "count": 0, + "scripted": false, + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "remoted.discarded_count", + "type": "number", + "esTypes": ["long"], + "count": 0, + "scripted": false, + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "remoted.evt_count", + "type": "number", + "esTypes": ["long"], + "count": 0, + "scripted": false, + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "remoted.msg_sent", + "type": "number", + "esTypes": ["long"], + "count": 0, + "scripted": false, + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "remoted.queue_size", + "type": "number", + "esTypes": ["long"], + "count": 0, + "scripted": false, + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "remoted.recv_bytes", + "type": "number", + "esTypes": ["long"], + "count": 0, + "scripted": false, + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "remoted.tcp_sessions", + "type": "number", + "esTypes": ["long"], + "count": 0, + "scripted": false, + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "remoted.total_queue_size", + "type": "number", + "esTypes": ["long"], + "count": 0, + "scripted": false, + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "timestamp", + "type": "date", + "esTypes": ["date"], + "count": 0, + "scripted": false, + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "_id", + "type": "string", + "count": 0, + "scripted": false, + "searchable": true, + "aggregatable": true, + "readFromDocValues": false + }, + { + "name": "_index", + "type": "string", + "count": 0, + "scripted": false, + "searchable": true, + "aggregatable": true, + "readFromDocValues": false + }, + { + "name": "_score", + "type": "number", + "count": 0, + "scripted": false, + "searchable": false, + "aggregatable": false, + "readFromDocValues": false + }, + { + "name": "_source", + "type": "_source", + "count": 0, + "scripted": false, + "searchable": false, + "aggregatable": false, + "readFromDocValues": false + }, + { + "name": "_type", + "type": "string", + "count": 0, + "scripted": false, + "searchable": true, + "aggregatable": true, + "readFromDocValues": false + } +] diff --git a/plugins/wazuh-core/server/initialization/index-patterns-fields/vulnerabibility-states-fields.json b/plugins/wazuh-core/server/initialization/index-patterns-fields/vulnerabibility-states-fields.json new file mode 100644 index 0000000000..216cfdc68f --- /dev/null +++ b/plugins/wazuh-core/server/initialization/index-patterns-fields/vulnerabibility-states-fields.json @@ -0,0 +1,515 @@ +[ + { + "count": 0, + "name": "_index", + "type": "string", + "esTypes": ["_index"], + "scripted": false, + "searchable": true, + "aggregatable": true, + "readFromDocValues": false + }, + { + "count": 0, + "name": "_source", + "type": "_source", + "esTypes": ["_source"], + "scripted": false, + "searchable": false, + "aggregatable": false, + "readFromDocValues": false + }, + { + "count": 0, + "name": "agent.build.original", + "type": "string", + "esTypes": ["keyword"], + "scripted": false, + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "count": 0, + "name": "agent.ephemeral_id", + "type": "string", + "esTypes": ["keyword"], + "scripted": false, + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "count": 0, + "name": "agent.id", + "type": "string", + "esTypes": ["keyword"], + "scripted": false, + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "count": 0, + "name": "agent.name", + "type": "string", + "esTypes": ["keyword"], + "scripted": false, + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "count": 0, + "name": "agent.type", + "type": "string", + "esTypes": ["keyword"], + "scripted": false, + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "count": 0, + "name": "agent.version", + "type": "string", + "esTypes": ["keyword"], + "scripted": false, + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "count": 0, + "name": "host.os.family", + "type": "string", + "esTypes": ["keyword"], + "scripted": false, + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "count": 0, + "name": "host.os.full", + "type": "string", + "esTypes": ["keyword"], + "scripted": false, + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "count": 0, + "name": "host.os.full.text", + "type": "string", + "esTypes": ["text"], + "scripted": false, + "searchable": true, + "aggregatable": false, + "readFromDocValues": false, + "subType": { "multi": { "parent": "host.os.full" } } + }, + { + "count": 0, + "name": "host.os.kernel", + "type": "string", + "esTypes": ["keyword"], + "scripted": false, + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "count": 0, + "name": "host.os.name", + "type": "string", + "esTypes": ["keyword"], + "scripted": false, + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "count": 0, + "name": "host.os.name.text", + "type": "string", + "esTypes": ["text"], + "scripted": false, + "searchable": true, + "aggregatable": false, + "readFromDocValues": false, + "subType": { "multi": { "parent": "host.os.name" } } + }, + { + "count": 0, + "name": "host.os.platform", + "type": "string", + "esTypes": ["keyword"], + "scripted": false, + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "count": 0, + "name": "host.os.type", + "type": "string", + "esTypes": ["keyword"], + "scripted": false, + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "count": 0, + "name": "host.os.version", + "type": "string", + "esTypes": ["keyword"], + "scripted": false, + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "count": 0, + "name": "message", + "type": "string", + "esTypes": ["text"], + "scripted": false, + "searchable": true, + "aggregatable": false, + "readFromDocValues": false + }, + { + "count": 0, + "name": "package.architecture", + "type": "string", + "esTypes": ["keyword"], + "scripted": false, + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "count": 0, + "name": "package.build_version", + "type": "string", + "esTypes": ["keyword"], + "scripted": false, + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "count": 0, + "name": "package.checksum", + "type": "string", + "esTypes": ["keyword"], + "scripted": false, + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "count": 0, + "name": "package.description", + "type": "string", + "esTypes": ["keyword"], + "scripted": false, + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "count": 0, + "name": "package.install_scope", + "type": "string", + "esTypes": ["keyword"], + "scripted": false, + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "count": 0, + "name": "package.installed", + "type": "date", + "esTypes": ["date"], + "scripted": false, + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "count": 0, + "name": "package.license", + "type": "string", + "esTypes": ["keyword"], + "scripted": false, + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "count": 0, + "name": "package.name", + "type": "string", + "esTypes": ["keyword"], + "scripted": false, + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "count": 0, + "name": "package.path", + "type": "string", + "esTypes": ["keyword"], + "scripted": false, + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "count": 0, + "name": "package.reference", + "type": "string", + "esTypes": ["keyword"], + "scripted": false, + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "count": 0, + "name": "package.size", + "type": "number", + "esTypes": ["long"], + "scripted": false, + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "count": 0, + "name": "package.type", + "type": "string", + "esTypes": ["keyword"], + "scripted": false, + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "count": 0, + "name": "package.version", + "type": "string", + "esTypes": ["keyword"], + "scripted": false, + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "count": 0, + "name": "tags", + "type": "string", + "esTypes": ["keyword"], + "scripted": false, + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "count": 0, + "name": "vulnerability.category", + "type": "string", + "esTypes": ["keyword"], + "scripted": false, + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "count": 0, + "name": "vulnerability.classification", + "type": "string", + "esTypes": ["keyword"], + "scripted": false, + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "count": 0, + "name": "vulnerability.description", + "type": "string", + "esTypes": ["keyword"], + "scripted": false, + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "count": 0, + "name": "vulnerability.description.text", + "type": "string", + "esTypes": ["text"], + "scripted": false, + "searchable": true, + "aggregatable": false, + "readFromDocValues": false, + "subType": { "multi": { "parent": "vulnerability.description" } } + }, + { + "count": 0, + "name": "vulnerability.detected_at", + "type": "date", + "esTypes": ["date"], + "scripted": false, + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "count": 0, + "name": "vulnerability.enumeration", + "type": "string", + "esTypes": ["keyword"], + "scripted": false, + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "count": 0, + "name": "vulnerability.id", + "type": "string", + "esTypes": ["keyword"], + "scripted": false, + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "count": 0, + "name": "vulnerability.published_at", + "type": "date", + "esTypes": ["date"], + "scripted": false, + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "count": 0, + "name": "vulnerability.reference", + "type": "string", + "esTypes": ["keyword"], + "scripted": false, + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "count": 0, + "name": "vulnerability.report_id", + "type": "string", + "esTypes": ["keyword"], + "scripted": false, + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "count": 0, + "name": "vulnerability.scanner.vendor", + "type": "string", + "esTypes": ["keyword"], + "scripted": false, + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "count": 0, + "name": "vulnerability.score.base", + "type": "number", + "esTypes": ["float"], + "scripted": false, + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "count": 0, + "name": "vulnerability.score.environmental", + "type": "number", + "esTypes": ["float"], + "scripted": false, + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "count": 0, + "name": "vulnerability.score.temporal", + "type": "number", + "esTypes": ["float"], + "scripted": false, + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "count": 0, + "name": "vulnerability.score.version", + "type": "string", + "esTypes": ["keyword"], + "scripted": false, + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "count": 0, + "name": "vulnerability.severity", + "type": "string", + "esTypes": ["keyword"], + "scripted": false, + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "count": 0, + "name": "wazuh.cluster.name", + "type": "string", + "esTypes": ["keyword"], + "scripted": false, + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "count": 0, + "name": "wazuh.cluster.node", + "type": "string", + "esTypes": ["keyword"], + "scripted": false, + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "count": 0, + "name": "wazuh.schema.version", + "type": "string", + "esTypes": ["keyword"], + "scripted": false, + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + } +] diff --git a/plugins/wazuh-core/server/initialization/index-patterns.ts b/plugins/wazuh-core/server/initialization/index-patterns.ts new file mode 100644 index 0000000000..012f8be2a8 --- /dev/null +++ b/plugins/wazuh-core/server/initialization/index-patterns.ts @@ -0,0 +1,231 @@ +import { IndexPatternsFetcher } from '../../../../src/plugins/data/server'; +import { + InitializationTaskContext, + InitializationTaskRunContext, +} from '../services'; + +interface ensureIndexPatternExistenceContextTask { + indexPatternID: string; + options: any; +} + +interface ensureIndexPatternExistenceContextTaskWithConfigurationSetting + extends ensureIndexPatternExistenceContextTask { + configurationSettingKey: string; +} + +const decoratorCheckIsEnabled = fn => { + return async ( + ctx: InitializationTaskRunContext, + { + configurationSettingKey, + ...ctxTask + }: ensureIndexPatternExistenceContextTaskWithConfigurationSetting, + ) => { + if (await ctx.configuration.get(configurationSettingKey)) { + await fn(ctx, ctxTask); + } else { + ctx.logger.info(`Check [${configurationSettingKey}]: disabled. Skipped.`); + } + }; +}; + +export const ensureIndexPatternExistence = async ( + { logger, savedObjectsClient, indexPatternsClient }, + { indexPatternID, options = {} }: ensureIndexPatternExistenceContextTask, +) => { + try { + logger.debug( + `Checking existence of index pattern with ID [${indexPatternID}]`, + ); + const response = await savedObjectsClient.get( + 'index-pattern', + indexPatternID, + ); + logger.debug(`Index pattern with ID [${indexPatternID}] exists`); + return response; + } catch (error) { + // Get not found saved object + if (error?.output?.statusCode === 404) { + // Create index pattern + logger.info(`Index pattern with ID [${indexPatternID}] does not exist`); + return await createIndexPattern( + { logger, savedObjectsClient, indexPatternsClient }, + indexPatternID, + options, + ); + } else { + throw new Error( + `index pattern with ID [${indexPatternID}] existence could not be checked due to: ${error.message}`, + ); + } + } +}; + +async function getFieldMappings( + { logger, indexPatternsClient }, + indexPatternTitle: string, +) { + logger.debug(`Getting index pattern fields for title [${indexPatternTitle}]`); + + // https://github.com/opensearch-project/OpenSearch-Dashboards/blob/2.16.0/src/plugins/data/server/index_patterns/routes.ts#L74 + const fields = await indexPatternsClient.getFieldsForWildcard({ + pattern: indexPatternTitle, + // meta_fields=_source&meta_fields=_id&meta_fields=_type&meta_fields=_index&meta_fields=_score + metaFields: ['_source', '_id', '_type', '_index', '_score'], + }); + logger.debug( + `Fields for index pattern with title [${indexPatternTitle}]: ${JSON.stringify( + fields, + )}`, + ); + return fields; +} + +async function createIndexPattern( + { logger, savedObjectsClient, indexPatternsClient }, + indexPatternID, + options: { + fieldsNoIndices?: any; + savedObjectOverwrite?: { [key: string]: any }; + } = {}, +) { + try { + let fields; + try { + fields = await getFieldMappings( + { logger, indexPatternsClient }, + indexPatternID, + ); + } catch (e) { + if (e?.output?.statusCode === 404 && options.fieldsNoIndices) { + const message = `Fields for index pattern with ID [${indexPatternID}] could not be obtained. This could indicate there are not matching indices because they were not generated or there is some error in the process that generates and indexes that data. The index pattern will be created with a set of pre-defined fields.`; + logger.warn(message); + fields = options.fieldsNoIndices; + } else { + throw e; + } + } + + const savedObjectData = { + title: indexPatternID, + fields: JSON.stringify(fields), + ...(options?.savedObjectOverwrite || {}), + }; + + logger.debug( + `Creating index pattern with ID [${indexPatternID}] title [${savedObjectData.title}]`, + ); + + const response = await savedObjectsClient.create( + 'index-pattern', + savedObjectData, + { + id: indexPatternID, + overwrite: true, + refresh: true, + }, + ); + + const indexPatternCreatedMessage = `Created index pattern with ID [${response.id}] title [${response.attributes.title}]`; + logger.info(indexPatternCreatedMessage); + return response; + } catch (error) { + throw new Error( + `index pattern with ID [${indexPatternID}] could not be created due to: ${error.message}`, + ); + } +} + +function getSavedObjectsClient( + ctx: InitializationTaskRunContext, + scope: InitializationTaskContext, +) { + switch (scope) { + case 'internal': + return ctx.core.savedObjects.createInternalRepository(); + break; + case 'user': + return ctx.core.savedObjects.savedObjectsStart.getScopedClient( + ctx.request, + ); + break; + default: + break; + } +} + +function getIndexPatternsClient( + ctx: InitializationTaskRunContext, + scope: InitializationTaskContext, +) { + switch (scope) { + case 'internal': + return new IndexPatternsFetcher( + ctx.core.opensearch.legacy.client.callAsInternalUser, + ); + break; + case 'user': + return new IndexPatternsFetcher( + ctx.core.opensearch.legacy.client.callAsCurrentUser, + ); + break; + default: + break; + } +} + +function getIndexPatternID( + ctx: InitializationTaskRunContext, + scope: string, + rest: any, +) { + switch (scope) { + case 'internal': + return rest.getIndexPatternID(ctx); + break; + case 'user': + return ctx.getIndexPatternID(ctx); + break; + default: + break; + } +} + +export const initializationTaskCreatorIndexPattern = ({ + taskName, + options = {}, + configurationSettingKey, + ...rest +}: { + getIndexPatternID: (ctx: any) => Promise; + taskName: string; + options: {}; + configurationSettingKey: string; +}) => ({ + name: taskName, + async run(ctx: InitializationTaskRunContext) { + let indexPatternID; + try { + ctx.logger.debug('Starting index pattern saved object'); + indexPatternID = await getIndexPatternID(ctx, ctx.scope, rest); + + // Get clients depending on the scope + const savedObjectsClient = getSavedObjectsClient(ctx, ctx.scope); + const indexPatternsClient = getIndexPatternsClient(ctx, ctx.scope); + + return await ensureIndexPatternExistence( + { ...ctx, indexPatternsClient, savedObjectsClient }, + { + indexPatternID, + options, + configurationSettingKey, + }, + ); + } catch (error) { + const message = `Error initilizating index pattern with ID [${indexPatternID}]: ${error.message}`; + ctx.logger.error(message); + throw new Error(message); + } + }, +}); diff --git a/plugins/wazuh-core/server/initialization/index.ts b/plugins/wazuh-core/server/initialization/index.ts new file mode 100644 index 0000000000..e7712b3abc --- /dev/null +++ b/plugins/wazuh-core/server/initialization/index.ts @@ -0,0 +1,3 @@ +export * from './index-patterns'; +export * from './settings'; +export * from './templates'; diff --git a/plugins/wazuh-core/server/initialization/server-api.test.ts b/plugins/wazuh-core/server/initialization/server-api.test.ts new file mode 100644 index 0000000000..dfe1e20c13 --- /dev/null +++ b/plugins/wazuh-core/server/initialization/server-api.test.ts @@ -0,0 +1,96 @@ +import { + PLUGIN_APP_NAME, + PLUGIN_PLATFORM_WAZUH_DOCUMENTATION_URL_PATH_TROUBLESHOOTING, +} from '../../common/constants'; +import { webDocumentationLink } from '../../common/services/web_documentation'; +import { version as appVersion } from '../../package.json'; +import { + ServerAPIConnectionCompatibility, + checkAppServerCompatibility, +} from './server-api'; + +describe('checkAppServerCompatibility', () => { + it.each` + appVersion | serverAPIVersion | isCompatible + ${'5.0.0'} | ${'5.0.0'} | ${true} + ${'5.0.0'} | ${'5.0.1'} | ${true} + ${'5.0.0'} | ${'5.0.10'} | ${true} + ${'5.0.0'} | ${'5.0.100'} | ${true} + ${'5.0.0'} | ${'4.9.1'} | ${false} + ${'5.0.0'} | ${'4.9.10'} | ${false} + ${'5.0.0'} | ${'4.9.100'} | ${false} + ${'5.0.0'} | ${'4.0.1'} | ${false} + ${'5.0.0'} | ${'4.0.10'} | ${false} + ${'5.0.0'} | ${'4.0.100'} | ${false} + ${'5.0.0'} | ${'4.10.1'} | ${false} + ${'5.0.0'} | ${'4.10.10'} | ${false} + ${'5.0.0'} | ${'4.10.100'} | ${false} + `( + `appVersion: $appVersion, serverAPIVersion: $serverAPIVersion, isCompatible: $isCompatible`, + ({ appVersion, serverAPIVersion, isCompatible }) => { + expect(checkAppServerCompatibility(appVersion, serverAPIVersion)).toBe( + isCompatible, + ); + }, + ); +}); + +describe('ServerAPIConnectionCompatibility', () => { + it.each` + apiHostID | apiVersionResponse | isCompatible + ${'server1'} | ${{ api_version: '5.0.0' }} | ${true} + ${'server2'} | ${{ api_version: '0.0.0' }} | ${false} + ${'server3'} | ${{ missing_api_version_field: null }} | ${false} + `( + `Check server API connection and compatibility for the server API hosts`, + async ({ apiHostID, apiVersionResponse, isCompatible }) => { + const loggerMock = jest.fn(); + await ServerAPIConnectionCompatibility( + { + manageHosts: { + get: () => hosts, + }, + logger: { + debug: loggerMock, + info: loggerMock, + warn: loggerMock, + error: loggerMock, + }, + serverAPIClient: { + asInternalUser: { + request: () => ({ + data: { + data: apiVersionResponse, + }, + }), + }, + }, + }, + apiHostID, + appVersion, + ); + expect(loggerMock).toHaveBeenCalledWith( + `Checking the connection and compatibility with server API [${apiHostID}]`, + ); + if (apiVersionResponse.api_version) { + if (isCompatible === true) { + expect(loggerMock).toHaveBeenCalledWith( + `Server API [${apiHostID}] version [${apiVersionResponse.api_version}] is compatible with the ${PLUGIN_APP_NAME} version`, + ); + } else if (isCompatible === false) { + expect(loggerMock).toHaveBeenCalledWith( + `Server API [${apiHostID}] version [${ + apiVersionResponse.api_version + }] is not compatible with the ${PLUGIN_APP_NAME} version [${appVersion}]. Major and minor number must match at least. It is recommended the server API and ${PLUGIN_APP_NAME} version are equals. Read more about this error in our troubleshooting guide: ${webDocumentationLink( + PLUGIN_PLATFORM_WAZUH_DOCUMENTATION_URL_PATH_TROUBLESHOOTING, + )}.`, + ); + } + } else { + expect(loggerMock).toHaveBeenCalledWith( + `Error checking the connection and compatibility with server API [${apiHostID}]: version is not found in the response of server API`, + ); + } + }, + ); +}); diff --git a/plugins/wazuh-core/server/initialization/server-api.ts b/plugins/wazuh-core/server/initialization/server-api.ts new file mode 100644 index 0000000000..ab92208203 --- /dev/null +++ b/plugins/wazuh-core/server/initialization/server-api.ts @@ -0,0 +1,117 @@ +import { + PLUGIN_APP_NAME, + PLUGIN_PLATFORM_WAZUH_DOCUMENTATION_URL_PATH_TROUBLESHOOTING, +} from '../../common/constants'; +import { webDocumentationLink } from '../../common/services/web_documentation'; +import { version as appVersion } from '../../package.json'; +import { InitializationTaskRunContext } from '../services'; + +export const initializationTaskCreatorServerAPIConnectionCompatibility = ({ + taskName, +}: { + taskName: string; +}) => ({ + name: taskName, + async run(ctx: InitializationTaskRunContext) { + try { + ctx.logger.debug( + 'Starting check server API connection and compatibility', + ); + const results = await ServersAPIConnectionCompatibility(ctx); + ctx.logger.info( + 'Start check server API connection and compatibility finished', + ); + return results; + } catch (error) { + const message = `Error checking server API connection and compatibility: ${error.message}`; + ctx.logger.error(message); + throw new Error(message); + } + }, +}); + +async function ServersAPIConnectionCompatibility( + ctx: InitializationTaskRunContext, +) { + if (ctx.scope === 'user' && ctx.request?.query?.apiHostID) { + const host = await ctx.manageHosts.get(ctx.request.query.apiHostID, { + excludePassword: true, + }); + + ctx.logger.debug(`APP version [${appVersion}]`); + + return await ServerAPIConnectionCompatibility(ctx, host.id, appVersion); + } else { + const hosts = await ctx.manageHosts.get(undefined, { + excludePassword: true, + }); + + ctx.logger.debug(`APP version [${appVersion}]`); + + return await Promise.all( + hosts.map(async ({ id: apiHostID }: { id: string }) => + ServerAPIConnectionCompatibility(ctx, apiHostID, appVersion), + ), + ); + } +} + +export async function ServerAPIConnectionCompatibility( + ctx: InitializationTaskRunContext, + apiHostID: string, + appVersion: string, +) { + let connection = null, + compatibility = null, + api_version = null; + try { + ctx.logger.debug( + `Checking the connection and compatibility with server API [${apiHostID}]`, + ); + const response = await ctx.serverAPIClient.asInternalUser.request( + 'GET', + '/', + {}, + { apiHostID }, + ); + connection = true; + api_version = response?.data?.data?.api_version; + if (!api_version) { + throw new Error('version is not found in the response of server API'); + } + ctx.logger.debug(`Server API version [${api_version}]`); + if (!checkAppServerCompatibility(appVersion, api_version)) { + compatibility = false; + ctx.logger.warn( + `Server API [${apiHostID}] version [${api_version}] is not compatible with the ${PLUGIN_APP_NAME} version [${appVersion}]. Major and minor number must match at least. It is recommended the server API and ${PLUGIN_APP_NAME} version are equals. Read more about this error in our troubleshooting guide: ${webDocumentationLink( + PLUGIN_PLATFORM_WAZUH_DOCUMENTATION_URL_PATH_TROUBLESHOOTING, + )}.`, + ); + } else { + compatibility = true; + ctx.logger.info( + `Server API [${apiHostID}] version [${api_version}] is compatible with the ${PLUGIN_APP_NAME} version`, + ); + } + } catch (error) { + ctx.logger.warn( + `Error checking the connection and compatibility with server API [${apiHostID}]: ${error.message}`, + ); + } finally { + return { connection, compatibility, api_version, id: apiHostID }; + } +} + +export function checkAppServerCompatibility( + appVersion: string, + serverAPIVersion: string, +) { + const api = /v?(?\d+)\.(?\d+)\.(?\d+)/.exec( + serverAPIVersion, + ); + const [appVersionMajor, appVersionMinor] = appVersion.split('.'); + return ( + api?.groups?.major === appVersionMajor && + api?.groups?.minor === appVersionMinor + ); +} diff --git a/plugins/wazuh-core/server/initialization/settings.ts b/plugins/wazuh-core/server/initialization/settings.ts new file mode 100644 index 0000000000..4c92d31663 --- /dev/null +++ b/plugins/wazuh-core/server/initialization/settings.ts @@ -0,0 +1,193 @@ +/* + * Wazuh app - Check PluginPlatform settings service + * + * Copyright (C) 2015-2024 Wazuh, Inc. + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * Find more information about this on the LICENSE file. + * + */ + +import { isEqual } from 'lodash'; +import { + InitializationTaskContext, + InitializationTaskRunContext, +} from '../services'; +import { IUiSettingsClient } from 'src/core/server'; + +const decoratorCheckIsEnabled = fn => { + return async ( + ctx: InitializationTaskRunContext, + { + configurationSetting, + ...ctxTask + }: { key: string; value: any; configurationSetting: string }, + ) => { + if (await ctx.configuration.get(configurationSetting)) { + await fn(ctx, ctxTask); + } else { + ctx.logger.info(`Check [${configurationSetting}]: disabled. Skipped.`); + } + }; +}; + +export const checkPluginPlatformSettings = decoratorCheckIsEnabled( + async ( + { + logger, + uiSettingsClient, + }: InitializationTaskRunContext & { uiSettingsClient: IUiSettingsClient }, + { + key: pluginPlatformSettingName, + value: defaultAppValue, + }: { key: string; value: any }, + ) => { + logger.debug(`Getting setting [${pluginPlatformSettingName}]...`); + const valuePluginPlatformSetting = await uiSettingsClient.get( + pluginPlatformSettingName, + ); + const settingsAreDifferent = !isEqual( + valuePluginPlatformSetting, + defaultAppValue, + ); + logger.debug( + `Check setting [${pluginPlatformSettingName}]: ${stringifySetting( + valuePluginPlatformSetting, + )}`, + ); + logger.debug( + `App setting [${pluginPlatformSettingName}]: ${stringifySetting( + defaultAppValue, + )}`, + ); + logger.debug( + `Setting mismatch [${pluginPlatformSettingName}]: ${ + settingsAreDifferent ? 'yes' : 'no' + }`, + ); + logger.debug( + `Setting is user defined [${pluginPlatformSettingName}]: ${ + valuePluginPlatformSetting ? 'yes' : 'no' + }`, + ); + if (!valuePluginPlatformSetting || settingsAreDifferent) { + logger.debug(`Updating [${pluginPlatformSettingName}] setting...`); + await updateSetting( + uiSettingsClient, + pluginPlatformSettingName, + defaultAppValue, + ); + logger.info( + `Updated [${pluginPlatformSettingName}] setting to: ${stringifySetting( + defaultAppValue, + )}`, + ); + } + }, +); + +async function updateSetting( + uiSettingsClient: IUiSettingsClient, + pluginPlatformSettingName: string, + defaultAppValue: any, + retries: number = 3, +): Promise { + return await uiSettingsClient + .set(pluginPlatformSettingName, defaultAppValue) + .catch(async error => { + if (retries > 0) { + return await updateSetting( + uiSettingsClient, + pluginPlatformSettingName, + defaultAppValue, + --retries, + ); + } + throw error; + }); +} + +function stringifySetting(setting: any) { + try { + return JSON.stringify(setting); + } catch (error) { + return setting; + } +} + +function getSavedObjectsClient( + ctx: InitializationTaskRunContext, + scope: InitializationTaskContext, +) { + switch (scope) { + case 'internal': + return ctx.core.savedObjects.createInternalRepository(); + case 'user': + return ctx.core.savedObjects.savedObjectsStart.getScopedClient( + ctx.request, + ); + default: + break; + } +} + +function getUiSettingsClient( + ctx: InitializationTaskRunContext, + scope: InitializationTaskContext, + client: any, +) { + switch (scope) { + case 'internal': + return ctx.core.uiSettings.asScopedToClient(client); + + case 'user': + return ctx.core.uiSettings.uiSettingsStart.asScopedToClient(client); + + default: + break; + } +} + +export const initializationTaskCreatorSetting = ( + setting: { key: string; value: any; configurationSetting: string }, + taskName: string, +) => ({ + name: taskName, + async run(ctx: InitializationTaskRunContext) { + try { + ctx.logger.debug('Starting setting'); + + // Get clients depending on the scope + const savedObjectsClient = getSavedObjectsClient(ctx, ctx.scope); + const uiSettingsClient = getUiSettingsClient( + ctx, + ctx.scope, + savedObjectsClient, + ); + + const { key, value, configurationSetting } = setting; + + await checkPluginPlatformSettings( + { + logger: ctx.logger, + uiSettingsClient, + configuration: ctx.configuration, + }, + { + key, + value, + configurationSetting, + }, + ); + ctx.logger.info('Start setting finished'); + } catch (error) { + const message = `Error initilizating setting [${setting.key}]: ${error.message}`; + ctx.logger.error(message); + throw new Error(message); + } + }, +}); diff --git a/plugins/wazuh-core/server/initialization/templates.test.ts b/plugins/wazuh-core/server/initialization/templates.test.ts new file mode 100644 index 0000000000..e00bba3548 --- /dev/null +++ b/plugins/wazuh-core/server/initialization/templates.test.ts @@ -0,0 +1,43 @@ +import { getTemplateForIndexPattern } from './templates'; + +const templates = [ + { + name: 'wazuh', + index_patterns: '[wazuh-alerts-4.x-*, wazuh-archives-4.x-*]', + order: '0', + version: '1', + composed_of: '', + }, + { + name: 'wazuh-agent', + index_patterns: '[wazuh-monitoring-*]', + order: '0', + version: null, + composed_of: '', + }, + { + name: 'wazuh-statistics', + index_patterns: '[wazuh-statistics-*]', + order: '0', + version: null, + composed_of: '', + }, +]; + +describe('getTemplateForIndexPattern', () => { + it.each` + indexPatternTitle | templateNameFound + ${'custom-alerts-*'} | ${[]} + ${'wazuh-alerts-*'} | ${['wazuh']} + ${'wazuh-alerts-'} | ${['wazuh']} + `( + `indexPatternTitle: $indexPatternTitle`, + ({ indexPatternTitle, templateNameFound }) => { + expect( + getTemplateForIndexPattern(indexPatternTitle, templates).map( + ({ name }) => name, + ), + ).toEqual(templateNameFound); + }, + ); +}); diff --git a/plugins/wazuh-core/server/initialization/templates.ts b/plugins/wazuh-core/server/initialization/templates.ts new file mode 100644 index 0000000000..085cfb8d2c --- /dev/null +++ b/plugins/wazuh-core/server/initialization/templates.ts @@ -0,0 +1,96 @@ +import { InitializationTaskRunContext } from '../services'; + +export const checkIndexPatternHasTemplate = async ( + { logger }: InitializationTaskRunContext, + { + indexPatternTitle, + opensearchClient, + }: { indexPatternTitle: string; opensearchClient: any }, +) => { + logger.debug('Getting templates'); + const data = await opensearchClient.cat.templates({ format: 'json' }); + + logger.debug( + 'Checking the index pattern with title [${indexPatternTitle}] has defined some template', + ); + const templatesFound = getTemplateForIndexPattern( + indexPatternTitle, + data.body, + ); + if (!templatesFound.length) { + throw new Error( + `No template found for index pattern with title [${indexPatternTitle}]`, + ); + } + + logger.info( + `Template [${templatesFound + .map(({ name }) => name) + .join( + ', ', + )}] found for index pattern with title [${indexPatternTitle}]: `, + ); +}; + +export function getTemplateForIndexPattern( + indexPatternTitle: string, + templates: { name: string; index_patterns: string }[], +) { + return templates.filter(({ index_patterns }: { index_patterns: string }) => { + const [, cleanIndexPatterns] = index_patterns.match(/\[(.+)\]/) || [ + null, + null, + ]; + if (!cleanIndexPatterns) { + return false; + } + const indexPatterns = cleanIndexPatterns.match(/([^\s,]+)/g); + + if (!indexPatterns) { + return false; + } + + const lastChar = indexPatternTitle[indexPatternTitle.length - 1]; + const indexPatternTitleCleaned = + lastChar === '*' ? indexPatternTitle.slice(0, -1) : indexPatternTitle; + return indexPatterns.some(indexPattern => { + const lastChar = indexPattern[indexPattern.length - 1]; + const indexPatternCleaned = + lastChar === '*' ? indexPattern.slice(0, -1) : indexPattern; + return ( + indexPatternCleaned.includes(indexPatternTitleCleaned) || + indexPatternTitleCleaned.includes(indexPatternCleaned) + ); + }); + }); +} + +export const initializationTaskCreatorExistTemplate = ({ + getOpenSearchClient, + getIndexPatternTitle, + taskName, +}: { + getOpenSearchClient: (ctx: InitializationTaskRunContext) => any; + getIndexPatternTitle: (ctx: InitializationTaskRunContext) => Promise; + taskName: string; +}) => ({ + name: taskName, + async run(ctx: InitializationTaskRunContext) { + let indexPatternTitle; + try { + ctx.logger.debug('Starting check of existent template'); + + const opensearchClient = getOpenSearchClient(ctx); + indexPatternTitle = await getIndexPatternTitle(ctx); + await checkIndexPatternHasTemplate(ctx, { + opensearchClient, + indexPatternTitle, + }); + ctx.logger.info('Start check of existent template finished'); + } catch (error) { + const message = `Error checking of existent template for index pattern with title [${indexPatternTitle}]: ${error.message}`; + ctx.logger.error(message); + throw new Error(message); + } + }, +}); diff --git a/plugins/wazuh-core/server/plugin.ts b/plugins/wazuh-core/server/plugin.ts index 4c1587ce50..afb08f0f1a 100644 --- a/plugins/wazuh-core/server/plugin.ts +++ b/plugins/wazuh-core/server/plugin.ts @@ -16,17 +16,33 @@ import { ManageHosts, createDashboardSecurity, ServerAPIClient, - UpdateRegistry, ConfigurationStore, + InitializationService, } from './services'; import { Configuration } from '../common/services/configuration'; import { + PLUGIN_PLATFORM_SETTING_NAME_MAX_BUCKETS, + PLUGIN_PLATFORM_SETTING_NAME_METAFIELDS, + PLUGIN_PLATFORM_SETTING_NAME_TIME_FILTER, PLUGIN_SETTINGS, PLUGIN_SETTINGS_CATEGORIES, WAZUH_CORE_CONFIGURATION_CACHE_SECONDS, WAZUH_DATA_CONFIG_APP_PATH, + WAZUH_PLUGIN_PLATFORM_SETTING_MAX_BUCKETS, + WAZUH_PLUGIN_PLATFORM_SETTING_METAFIELDS, + WAZUH_PLUGIN_PLATFORM_SETTING_TIME_FILTER, } from '../common/constants'; import { enhanceConfiguration } from './services/enhance-configuration'; +import { initializationTaskCreatorServerAPIConnectionCompatibility } from './initialization/server-api'; +import { + initializationTaskCreatorExistTemplate, + initializationTaskCreatorIndexPattern, + initializationTaskCreatorSetting, +} from './initialization'; +import AlertsIndexPatternDefaultFields from './initialization/index-patterns-fields/alerts-fields.json'; +import MonitoringIndexPatternDefaultFields from './initialization/index-patterns-fields/monitoring-fields.json'; +import StatisticsIndexPatternDefaultFields from './initialization/index-patterns-fields/statistics-fields.json'; +import VulnerabilitiesStatesFields from './initialization/index-patterns-fields/vulnerabibility-states-fields.json'; export class WazuhCorePlugin implements Plugin @@ -107,10 +123,133 @@ export class WazuhCorePlugin this.services.manageHosts.setServerAPIClient(this.services.serverAPIClient); + this.services.initialization = new InitializationService( + this.logger.get('initialization'), + this.services, + ); + + this.services.initialization.setup({ core }); + + // Register initialization tasks + this.services.initialization.register( + initializationTaskCreatorServerAPIConnectionCompatibility({ + taskName: 'check-server-api-connection-compatibility', + }), + ); + + // Index pattern: alerts + // TODO: this task should be registered by the related plugin + this.services.initialization.register( + initializationTaskCreatorIndexPattern({ + getIndexPatternID: ctx => ctx.configuration.get('pattern'), + taskName: 'index-pattern:alerts', + options: { + savedObjectOverwrite: { + timeFieldName: 'timestamp', + }, + fieldsNoIndices: AlertsIndexPatternDefaultFields, + }, + configurationSettingKey: 'checks.pattern', + }), + ); + // Index pattern: monitoring + // TODO: this task should be registered by the related plugin + this.services.initialization.register( + initializationTaskCreatorIndexPattern({ + getIndexPatternID: ctx => + ctx.configuration.get('wazuh.monitoring.pattern'), + taskName: 'index-pattern:monitoring', + options: { + savedObjectOverwrite: { + timeFieldName: 'timestamp', + }, + fieldsNoIndices: MonitoringIndexPatternDefaultFields, + }, + configurationSettingKey: 'checks.monitoring', // TODO: create new setting + }), + ); + // Index pattern: vulnerabilities + // TODO: this task should be registered by the related plugin + this.services.initialization.register( + initializationTaskCreatorIndexPattern({ + getIndexPatternID: ctx => + ctx.configuration.get('vulnerabilities.pattern'), + taskName: 'index-pattern:vulnerabilities-states', + options: { + fieldsNoIndices: VulnerabilitiesStatesFields, + }, + configurationSettingKey: 'checks.vulnerability', // TODO: create new setting + }), + ); + + // Index pattern: statistics + // TODO: this task should be registered by the related plugin + this.services.initialization.register( + initializationTaskCreatorIndexPattern({ + getIndexPatternID: async ctx => { + const appConfig = await ctx.configuration.get( + 'cron.prefix', + 'cron.statistics.index.name', + ); + + const prefixTemplateName = appConfig['cron.prefix']; + const statisticsIndicesTemplateName = + appConfig['cron.statistics.index.name']; + return `${prefixTemplateName}-${statisticsIndicesTemplateName}-*`; + }, + taskName: 'index-pattern:statistics', + options: { + savedObjectOverwrite: { + timeFieldName: 'timestamp', + }, + fieldsNoIndices: StatisticsIndexPatternDefaultFields, + }, + configurationSettingKey: 'checks.statistics', // TODO: create new setting + }), + ); + + // Settings + // TODO: this task should be registered by the related plugin + [ + { + key: PLUGIN_PLATFORM_SETTING_NAME_MAX_BUCKETS, + value: WAZUH_PLUGIN_PLATFORM_SETTING_MAX_BUCKETS, + configurationSetting: 'checks.maxBuckets', + }, + { + key: PLUGIN_PLATFORM_SETTING_NAME_METAFIELDS, + value: WAZUH_PLUGIN_PLATFORM_SETTING_METAFIELDS, + configurationSetting: 'checks.metaFields', + }, + { + key: PLUGIN_PLATFORM_SETTING_NAME_TIME_FILTER, + value: JSON.stringify(WAZUH_PLUGIN_PLATFORM_SETTING_TIME_FILTER), + configurationSetting: 'checks.timeFilter', + }, + ].forEach(setting => { + this.services.initialization.register( + initializationTaskCreatorSetting(setting, `setting:${setting.key}`), + ); + }); + + // Index pattern templates + // Index pattern template: alerts + // TODO: this task should be registered by the related plugin + this.services.initialization.register( + initializationTaskCreatorExistTemplate({ + getOpenSearchClient: ctx => ctx.core.opensearch.client.asInternalUser, + getIndexPatternTitle: ctx => ctx.configuration.get('pattern'), + taskName: 'index-pattern-template:alerts', + }), + ); + // Register a property to the context parameter of the endpoint handlers core.http.registerRouteHandlerContext('wazuh_core', (context, request) => { return { ...this.services, + logger: this.logger.get( + `${request.route.method.toUpperCase()} ${request.route.path}`, + ), api: { client: { asInternalUser: this.services.serverAPIClient.asInternalUser, @@ -141,6 +280,7 @@ export class WazuhCorePlugin await this.services.configuration.start(); await this.services.manageHosts.start(); + await this.services.initialization.start({ core }); return { ...this.services, diff --git a/plugins/wazuh-core/server/services/index.ts b/plugins/wazuh-core/server/services/index.ts index 8a794e559f..1cf09c22bf 100644 --- a/plugins/wazuh-core/server/services/index.ts +++ b/plugins/wazuh-core/server/services/index.ts @@ -16,3 +16,5 @@ export * from './filesystem'; export * from './manage-hosts'; export * from './security-factory'; export * from './server-api-client'; +export * from './initialization'; +export * from './types'; diff --git a/plugins/wazuh-core/server/services/initialization/README.md b/plugins/wazuh-core/server/services/initialization/README.md new file mode 100644 index 0000000000..a2f0cee064 --- /dev/null +++ b/plugins/wazuh-core/server/services/initialization/README.md @@ -0,0 +1,109 @@ +# InitializationService + +The `InitializationService` provides a mechanism to register and run tasks when the `wazuhCore` plugin starts (plugin lifecycle). + +Other plugins can register tasks in the plugin `setup` lifecycle that will be run on the `wazuhCore` plugin starts. + +The tasks run on parallel. + +Optionally the registered tasks could be retrieved to run in API endpoints or getting information about its status. + +There are 2 scopes: + +- `internal`: run through the internal user + - on plugin starts + - on demand +- `user`: run through the logged (requester) user + - on demand + +The scopes can be used to get a specific context (clients, parameters) that is set in the `scope` property of the task context. + +The `internal` scoped tasks keep the same execution data (see [Task execution data](#task-execution-data)), and the `user` scoped task are newly created on demand. + +# InitializationService tasks + +A task can be defined with: + +```ts +interface InitializationTaskDefinition { + name: string; + run: (ctx: any) => any; +} +``` + +The `ctx` is the context of the task execution and includes core services and task context services or dependencies. + +The `name` is used to identify the task and this is rendered in the context logger. + +For example, in the server log: + +``` +server log [11:57:39.648] [info][index-pattern-vulnerabilities-states][initialization][plugins][wazuhCore] Index pattern with ID [wazuh-states-vulnerabilities-*] does not exist + +``` + +the task name is `index-pattern-vulnerabilities-states`. + +## Task name convention + +- lowercase +- kebab case (`word1-word2`) +- use colon ( `:` ) for tasks related to some entity that have different subentities. + +``` +entity_identifier:entity_specific +``` + +For example: + +``` +index-pattern:alerts +index-pattern:statistics +index-pattern:vulnerabilities-states +``` + +## Register a task + +```ts +// plugin setup +setup(){ + + // Register a task + plugins.wazuhCore.initialization.register({ + name: 'custom-task', + run: (ctx) => { + console.log('Run from wazuhCore starts' ) + } + }); + +} +``` + +## Task execution data + +The task has the following data related to the execution: + +```ts +interface InitializationTaskRunData { + name: string; + status: 'not_started' | 'running' | 'finished'; + result: 'success' | 'fail'; + createdAt: string | null; + startedAt: string | null; + finishedAt: string | null; + duration: number | null; // seconds + data: any; + error: string | null; +} +``` + +## Create a task instance + +This is used to create the user scoped tasks. + +```ts +const newTask = + context.wazuh_core.initialization.createNewTaskFromRegisteredTask( + 'example-task', + ); +``` diff --git a/plugins/wazuh-core/server/services/initialization/index.ts b/plugins/wazuh-core/server/services/initialization/index.ts new file mode 100644 index 0000000000..c7f504bd7b --- /dev/null +++ b/plugins/wazuh-core/server/services/initialization/index.ts @@ -0,0 +1,2 @@ +export * from './initialization'; +export * from './types'; diff --git a/plugins/wazuh-core/server/services/initialization/initialization.ts b/plugins/wazuh-core/server/services/initialization/initialization.ts new file mode 100644 index 0000000000..636ef63192 --- /dev/null +++ b/plugins/wazuh-core/server/services/initialization/initialization.ts @@ -0,0 +1,107 @@ +import { Logger } from 'opensearch-dashboards/server'; +import { + InitializationTaskDefinition, + IInitializationService, + InitializationTaskContext, +} from './types'; +import { addRoutes } from './routes'; +import { INITIALIZATION_TASK } from '../../../common/services/initialization/constants'; +import { InitializationTask } from './lib/initialization-task'; + +export class InitializationService implements IInitializationService { + private items: Map; + private _coreStart: any; + constructor(private logger: Logger, private services: any) { + this.items = new Map(); + } + async setup({ core }) { + this.logger.debug('Setup starts'); + this.logger.debug('Adding routes'); + const router = core.http.createRouter(); + addRoutes(router, { initialization: this }); + this.logger.debug('Added routes'); + this.logger.debug('Setup finished'); + } + async start({ core }) { + this.logger.debug('Start starts'); + this._coreStart = core; + await this.runAsInternal(); + this.logger.debug('Start finished'); + } + async stop() { + this.logger.debug('Stop starts'); + this.logger.debug('Stop finished'); + } + register(task: InitializationTaskDefinition) { + this.logger.debug(`Registering ${task.name}`); + if (this.items.has(task.name)) { + throw new Error( + `[${task.name}] was already registered. Ensure the name is unique or remove the duplicated registration of same task.`, + ); + } + this.items.set(task.name, new InitializationTask(task)); + this.logger.debug(`Registered ${task.name}`); + } + get(name: string) { + this.logger.debug(`Getting task: [${name}]`); + if (!this.items.has(name)) { + throw new Error(`Task [${name}] not found`); + } + return this.items.get(name); + } + getAll() { + this.logger.debug('Getting all tasks'); + return Array.from(this.items.values()); + } + createRunContext(scope: InitializationTaskContext, context: any = {}) { + return { ...this.services, ...context, scope }; + } + async runAsInternal(taskNames?: string[]) { + const ctx = this.createRunContext(INITIALIZATION_TASK.CONTEXT.INTERNAL, { + core: this._coreStart, + }); + return await this.run(ctx, taskNames); + } + createNewTaskFromRegisteredTask(name: string) { + const task = this.get(name) as InitializationTask; + if (!task) { + throw new Error(`Task [${name}] is not registered`); + } + return new InitializationTask({ name, run: task._run }); + } + private async run(ctx, taskNames?: string[]) { + try { + if (this.items.size) { + const allTasks = Array.from(this.items.values()); + const tasks = taskNames + ? allTasks.filter(({ name }) => + taskNames.some(taskName => taskName === name), + ) + : allTasks; + const results = await Promise.all( + tasks.map(async item => { + const logger = this.logger.get(item.name); + + try { + return await item.run({ + ...this.services, + ...ctx, + logger, + }); + } catch (error) { + logger.error( + `Error running task [${item.name}]: ${error.message}`, + ); + return item.getInfo(); + } + }), + ); + return results; + } else { + this.logger.info('No tasks'); + } + } catch (error) { + this.logger.error(`Error starting: ${error.message}`); + } + } +} diff --git a/plugins/wazuh-core/server/services/initialization/lib/initialization-task.ts b/plugins/wazuh-core/server/services/initialization/lib/initialization-task.ts new file mode 100644 index 0000000000..a6c00c71fd --- /dev/null +++ b/plugins/wazuh-core/server/services/initialization/lib/initialization-task.ts @@ -0,0 +1,80 @@ +import { + InitializationTaskDefinition, + InitializationTaskRunData, + IInitializationTask, +} from '../types'; +import { INITIALIZATION_TASK } from '../../../../common/services/initialization/constants'; + +export class InitializationTask implements IInitializationTask { + public name: string; + private _run: any; + public status: InitializationTaskRunData['status'] = + INITIALIZATION_TASK.RUN_STATUS.NOT_STARTED; + public result: InitializationTaskRunData['result'] = + INITIALIZATION_TASK.RUN_RESULT.NULL; + public data: any = null; + public createdAt: InitializationTaskRunData['createdAt'] = + new Date().toISOString(); + public startedAt: InitializationTaskRunData['startedAt'] = null; + public finishedAt: InitializationTaskRunData['finishedAt'] = null; + public duration: InitializationTaskRunData['duration'] = null; + public error = null; + constructor(task: InitializationTaskDefinition) { + this.name = task.name; + this._run = task.run; + } + private init() { + this.status = INITIALIZATION_TASK.RUN_STATUS.RUNNING; + this.result = null; + this.data = null; + this.startedAt = new Date().toISOString(); + this.finishedAt = null; + this.duration = null; + this.error = null; + } + async run(...params) { + if (this.status === INITIALIZATION_TASK.RUN_STATUS.RUNNING) { + throw new Error(`Another instance of task ${this.name} is running`); + } + let error; + try { + this.init(); + this.data = await this._run(...params); + this.result = INITIALIZATION_TASK.RUN_RESULT.SUCCESS; + } catch (e) { + error = e; + this.result = INITIALIZATION_TASK.RUN_RESULT.FAIL; + this.error = e.message; + } finally { + this.status = INITIALIZATION_TASK.RUN_STATUS.FINISHED; + this.finishedAt = new Date().toISOString(); + const dateStartedAt = new Date(this.startedAt!); + const dateFinishedAt = new Date(this.finishedAt); + this.duration = ((dateFinishedAt - dateStartedAt) as number) / 1000; + } + if (error) { + throw error; + } + return this.getInfo(); + } + + getInfo() { + return [ + 'name', + 'status', + 'result', + 'data', + 'createdAt', + 'startedAt', + 'finishedAt', + 'duration', + 'error', + ].reduce( + (accum, item) => ({ + ...accum, + [item]: this[item], + }), + {}, + ) as IInitializationTask; + } +} diff --git a/plugins/wazuh-core/server/services/initialization/routes.ts b/plugins/wazuh-core/server/services/initialization/routes.ts new file mode 100644 index 0000000000..568e0353a1 --- /dev/null +++ b/plugins/wazuh-core/server/services/initialization/routes.ts @@ -0,0 +1,242 @@ +import { schema } from '@osd/config-schema'; + +export function addRoutes(router, { initialization }) { + const getTaskList = (tasksAsString: string) => tasksAsString.split(','); + + const validateTaskList = schema.maybe( + schema.string({ + validate(value: string) { + const tasks = initialization.get(); + const requestTasks = getTaskList(value); + const invalidTasks = requestTasks.filter(requestTask => + tasks.every(({ name }) => requestTask !== name), + ); + if (invalidTasks.length) { + return `Invalid tasks: ${invalidTasks.join(', ')}`; + } + return undefined; + }, + }), + ); + + const apiEndpointBase = '/api/initialization'; + + // Get the status of internal initialization tasks + router.get( + { + path: `${apiEndpointBase}/internal`, + validate: { + tasks: schema.object({ + tasks: validateTaskList, + }), + }, + }, + async (context, request, response) => { + try { + const tasksNames = request.query.tasks + ? getTaskList(request.query.tasks) + : undefined; + const logger = context.wazuh_core.logger; + logger.debug(`Getting initialization tasks related to internal scope`); + const tasks = tasksNames + ? tasksNames.map(taskName => + context.wazuh_core.initialization.get(taskName), + ) + : context.wazuh_core.initialization.getAll(); + + const tasksData = tasks.map(task => task.getInfo()); + + logger.debug( + `Initialzation tasks related to internal scope: [${[...tasksData] + .map(({ name }) => name) + .join(', ')}]`, + ); + + return response.ok({ + body: { + message: `All initialization tasks are returned: ${tasks + .map(({ name }) => name) + .join(', ')}`, + tasks: tasksData, + }, + }); + } catch (e) { + return response.internalError({ + body: { + message: `Error getting the internal initialization tasks: ${e.message}`, + }, + }); + } + }, + ); + + // Run the internal initialization tasks + // TODO: protect with administrator privilegies + router.post( + { + path: `${apiEndpointBase}/internal`, + validate: { + query: schema.object({ + tasks: validateTaskList, + }), + }, + }, + async (context, request, response) => { + try { + const tasksNames = request.query.tasks + ? getTaskList(request.query.tasks) + : undefined; + const logger = context.wazuh_core.logger; + + logger.debug(`Running initialization tasks related to internal scope`); + const results = await context.wazuh_core.initialization.runAsInternal( + tasksNames, + ); + logger.info( + `Initialization tasks related to internal scope were executed`, + ); + + return response.ok({ + body: { + message: `All initialization tasks are returned: ${results + .map(({ name }) => name) + .join(', ')}`, + tasks: results, + }, + }); + } catch (e) { + return response.internalError({ + body: { + message: `Error running the internal initialization tasks: ${e.message}`, + }, + }); + } + }, + ); + + router.post( + { + path: `${apiEndpointBase}/user`, + validate: { + // TODO: restrict to user tasks + query: schema.object({ + tasks: validateTaskList, + }), + }, + }, + async (context, request, response) => { + try { + const tasksNames = request.query.tasks + ? getTaskList(request.query.tasks) + : undefined; + const logger = context.wazuh_core.logger; + const username = ''; // TODO: get value + const scope = 'user'; + logger.debug( + `Getting initialization tasks related to user [${username}] scope [${scope}]`, + ); + const initializationTasks = context.wazuh_core.initialization.get(); + + const indexPatternTasks = initializationTasks + .filter(({ name }) => name.startsWith('index-pattern:')) + .map(({ name }) => + context.wazuh_core.initialization.createNewTaskFromRegisteredTask( + name, + ), + ); + const settingsTasks = initializationTasks + .filter(({ name }) => name.startsWith('setting:')) + .map(({ name }) => + context.wazuh_core.initialization.createNewTaskFromRegisteredTask( + name, + ), + ); + + const allUserTasks = [...indexPatternTasks, ...settingsTasks]; + const tasks = tasksNames + ? allUserTasks.filter(({ name }) => + tasksNames.some(taskName => taskName === name), + ) + : allUserTasks; + + logger.debug( + `Initialzation tasks related to user [${username}] scope [${scope}]: [${tasks + .map(({ name }) => name) + .join(', ')}]`, + ); + + const taskContext = context.wazuh_core.initialization.createRunContext( + 'user', + { core: context.core, request }, + ); + + logger.debug(`Running tasks for user [${username}] scope [${scope}]`); + const results = await Promise.all( + tasks.map(async task => { + const taskLogger = enhanceTaskLogger(logger); + let data; + try { + data = await task.run({ + ...taskContext, + // TODO: use user selection index patterns + logger: taskLogger, + ...(task.name.includes('index-pattern:') + ? { + getIndexPatternID: () => + task.name /* TODO: use request parameters/body/cookies */, + } + : {}), + }); + } catch (e) { + } finally { + return { + logs: taskLogger.getLogs(), + ...task.getInfo(), + }; + } + }), + ); + + logger.debug(`All tasks for user [${username}] scope [${scope}] run`); + + const initialMessage = + 'All the initialization tasks related to user scope were executed.'; + + const message = [ + initialMessage, + results.some(({ error }) => error) && 'There was some errors.', + ] + .filter(v => v) + .join(' '); + + return response.ok({ + body: { + message, + tasks: results, + }, + }); + } catch (e) { + return response.internalError({ + body: { + message: `Error initializating the tasks: ${e.message}`, + }, + }); + } + }, + ); +} + +function enhanceTaskLogger(logger) { + const logs = []; + + return ['debug', 'info', 'warn', 'error'].reduce( + (accum, level) => ({ + ...accum, + [level]: message => { + logs.push({ timestamp: new Date().toISOString(), level, message }); + logger[level].message; + }, + }), + { getLogs: () => logs }, + ); +} diff --git a/plugins/wazuh-core/server/services/initialization/types.ts b/plugins/wazuh-core/server/services/initialization/types.ts new file mode 100644 index 0000000000..00eea6bb2b --- /dev/null +++ b/plugins/wazuh-core/server/services/initialization/types.ts @@ -0,0 +1,49 @@ +import { + InitializationTaskRunResult, + InitializationTaskRunStatus, +} from '../../../common/services/initialization/types'; +import { LifecycleService, WazuhCoreServices } from '../types'; +import { CoreStart, Logger } from '../../../../../core/server'; + +export interface InitializationTaskDefinition { + name: string; + run: (ctx: any) => any; +} + +export interface InitializationTaskRunData { + name: InitializationTaskDefinition['name']; + status: InitializationTaskRunStatus; + result: InitializationTaskRunResult; + createdAt: string | null; + startedAt: string | null; + finishedAt: string | null; + duration: number | null; // seconds + data: any; + error: string | null; +} + +export interface IInitializationTask extends InitializationTaskRunData { + run(ctx: Context): Promise; + getInfo(): InitializationTaskRunData; +} + +export type InitializationTaskContext = 'internal' | 'user'; +export interface IInitializationService + extends LifecycleService { + register(task: InitializationTaskDefinition): void; + get(taskName: string): InitializationTaskRunData; + getAll(): InitializationTaskRunData[]; + createRunContext( + scope: InitializationTaskContext, + context: ContextType, + ): { + scope: InitializationTaskContext; + }; + runAsInternal(tasks?: string[]): Promise; +} + +export interface InitializationTaskRunContext extends WazuhCoreServices { + core: CoreStart; + logger: Logger; + scope: InitializationTaskContext; +} diff --git a/plugins/wazuh-core/server/services/types.ts b/plugins/wazuh-core/server/services/types.ts new file mode 100644 index 0000000000..77a1c4fdf0 --- /dev/null +++ b/plugins/wazuh-core/server/services/types.ts @@ -0,0 +1,26 @@ +import { IConfigurationEnhanced } from './enhance-configuration'; +import { IInitializationService } from './initialization'; +import { ManageHosts } from './manage-hosts'; +import { ISecurityFactory } from './security-factory'; +import { ServerAPIClient } from './server-api-client'; + +export interface LifecycleService< + SetupDeps = any, + SetupReturn = any, + StartDeps = any, + StartReturn = any, + StopDeps = any, + StopReturn = any, +> { + setup: (deps: SetupDeps) => SetupReturn; + start: (deps: StartDeps) => StartReturn; + stop: (deps: StopDeps) => StopReturn; +} + +export interface WazuhCoreServices { + dashboardSecurity: ISecurityFactory; + configuration: IConfigurationEnhanced; + manageHosts: ManageHosts; + serverAPIClient: ServerAPIClient; + initialization: IInitializationService; +} diff --git a/plugins/wazuh-core/server/types.ts b/plugins/wazuh-core/server/types.ts index 509a74600f..998fd6f26a 100644 --- a/plugins/wazuh-core/server/types.ts +++ b/plugins/wazuh-core/server/types.ts @@ -1,18 +1,11 @@ import { - ISecurityFactory, - ManageHosts, - ServerAPIClient, ServerAPIInternalUserClient, ServerAPIScopedUserClient, + WazuhCoreServices, } from './services'; -import { IConfigurationEnhanced } from './services/enhance-configuration'; // eslint-disable-next-line @typescript-eslint/no-empty-interface -export interface WazuhCorePluginSetup { - dashboardSecurity: ISecurityFactory; - configuration: IConfigurationEnhanced; - manageHosts: ManageHosts; - serverAPIClient: ServerAPIClient; +export interface WazuhCorePluginSetup extends WazuhCoreServices { api: { client: { asInternalUser: ServerAPIInternalUserClient; @@ -21,11 +14,7 @@ export interface WazuhCorePluginSetup { }; } // eslint-disable-next-line @typescript-eslint/no-empty-interface -export interface WazuhCorePluginStart { - dashboardSecurity: ISecurityFactory; - configuration: IConfigurationEnhanced; - manageHosts: ManageHosts; - serverAPIClient: ServerAPIClient; +export interface WazuhCorePluginStart extends WazuhCoreServices { api: { client: { asInternalUser: ServerAPIInternalUserClient; @@ -37,3 +26,5 @@ export interface WazuhCorePluginStart { export type PluginSetup = { securityDashboards?: {}; // TODO: Add OpenSearch Dashboards Security interface }; + +export * from './services/initialization/types';