async def get_tasks_status(request,
pretty=False,
wait_for_complete=False,
offset=0,
limit=database_limit,
tasks_list=None,
agents_list=None,
command=None,
node=None,
module=None,
status=None,
q=None,
search=None,
select=None,
sort=None):
"""Check the status of the specified tasks
Parameters
----------
tasks_list : list
List of task's IDs
pretty : bool, optional
Show results in human-readable format
wait_for_complete : bool, optional
Disable timeout response
Returns
-------
Tasks's status
"""
f_kwargs = {
'select': select,
'search': parse_api_param(search, 'search'),
'offset': offset,
'limit': limit,
'filters': {
'task_list': tasks_list,
'agent_list': agents_list,
'status': status,
'module': module,
'command': command,
'node': node
},
'sort': parse_api_param(sort, 'sort'),
'q': q
}
dapi = DistributedAPI(
f=get_task_status,
f_kwargs=remove_nones_to_dict(f_kwargs),
request_type='local_master',
is_async=False,
wait_for_complete=wait_for_complete,
logger=logger,
rbac_permissions=request['token_info']['rbac_policies'])
data = raise_if_exc(await dapi.distribute_function())
return web.json_response(data=data,
status=200,
dumps=prettify if pretty else dumps)
async def get_group_files(request, group_id, pretty=False, wait_for_complete=False, offset=0, limit=None, sort=None,
search=None):
"""Get the files placed under the group directory
:param pretty: Show results in human-readable format
:param wait_for_complete: Disable timeout response
:param group_id: Group ID.
:param offset: First element to return in the collection
:param limit: Maximum number of elements to return
:param sort: Sorts the collection by a field or fields (separated by comma). Use +/- at the beginning to list in
ascending or descending order.
:param search: Looks for elements with the specified string
:return: GroupFile
"""
hash_ = request.query.get('hash', 'md5') # Select algorithm to generate the returned checksums.
f_kwargs = {'group_list': [group_id],
'offset': offset,
'limit': limit,
'sort_by': parse_api_param(sort, 'sort')['fields'] if sort is not None else ["filename"],
'sort_ascending': True if sort is None or parse_api_param(sort, 'sort')['order'] == 'asc' else False,
'search_text': parse_api_param(search, 'search')['value'] if search is not None else None,
'complementary_search': parse_api_param(search, 'search')['negation'] if search is not None else None,
'hash_algorithm': hash_}
dapi = DistributedAPI(f=agent.get_group_files,
f_kwargs=remove_nones_to_dict(f_kwargs),
request_type='local_master',
is_async=False,
wait_for_complete=wait_for_complete,
logger=logger,
rbac_permissions=request['token_info']['rbac_policies']
)
data = raise_if_exc(await dapi.distribute_function())
return web.json_response(data=data, status=200, dumps=prettify if pretty else dumps)
async def get_agent_outdated(request, pretty=False, wait_for_complete=False, offset=0, limit=database_limit, sort=None,
search=None, q=None):
"""Get outdated agents.
:param pretty: Show results in human-readable format
:param wait_for_complete: Disable timeout response
:param offset: First element to return in the collection
:param limit: Maximum number of elements to return
:param sort: Sorts the collection by a field or fields (separated by comma). Use +/- at the beginning to list in
ascending or descending order.
:param search: Looks for elements with the specified string
:param q: Query to filter results by. For example q="status=active"
:return: AllItemsResponseAgentsSimple
"""
f_kwargs = {'offset': offset,
'limit': limit,
'sort': parse_api_param(sort, 'sort'),
'search': parse_api_param(search, 'search'),
'q': q}
dapi = DistributedAPI(f=agent.get_outdated_agents,
f_kwargs=remove_nones_to_dict(f_kwargs),
request_type='local_master',
is_async=False,
wait_for_complete=wait_for_complete,
logger=logger,
rbac_permissions=request['token_info']['rbac_policies']
)
data = raise_if_exc(await dapi.distribute_function())
return web.json_response(data=data, status=200, dumps=prettify if pretty else dumps)
async def get_list_group(request, pretty=False, wait_for_complete=False, groups_list=None, offset=0, limit=None,
sort=None, search=None):
"""Get groups.
Returns a list containing basic information about each agent group such as number of agents belonging to the group
and the checksums of the configuration and shared files.
:param pretty: Show results in human-readable format
:param wait_for_complete: Disable timeout response
:param groups_list: Array of group's IDs.
:param offset: First element to return in the collection
:param limit: Maximum number of elements to return
:param sort: Sorts the collection by a field or fields (separated by comma). Use +/- at the beginning to list in
ascending or descending order.
:param search: Looks for elements with the specified string
:return: AllItemsResponseGroups
"""
hash_ = request.query.get('hash', 'md5') # Select algorithm to generate the returned checksums.
f_kwargs = {'offset': offset,
'limit': limit,
'group_list': groups_list,
'sort': parse_api_param(sort, 'sort'),
'search': parse_api_param(search, 'search'),
'hash_algorithm': hash_}
dapi = DistributedAPI(f=agent.get_agent_groups,
f_kwargs=remove_nones_to_dict(f_kwargs),
request_type='local_master',
is_async=False,
wait_for_complete=wait_for_complete,
logger=logger,
rbac_permissions=request['token_info']['rbac_policies']
)
data = raise_if_exc(await dapi.distribute_function())
return web.json_response(data=data, status=200, dumps=prettify if pretty else dumps)
async def get_rules_groups(request, pretty=False, wait_for_complete=False, offset=0, limit=None, sort=None,
search=None):
"""Get all rule groups names.
:param pretty: Show results in human-readable format
:param wait_for_complete: Disable timeout response
:param offset: First element to return in the collection
:param limit: Maximum number of elements to return
:param sort: Sorts the collection by a field or fields (separated by comma). Use +/- at the beginning to list in
ascending or descending order.
:param search: Looks for elements with the specified string
:return: Data object
"""
f_kwargs = {'offset': offset,
'limit': limit,
'sort_by': parse_api_param(sort, 'sort')['fields'] if sort is not None else [''],
'sort_ascending': True if sort is None or parse_api_param(sort, 'sort')['order'] == 'asc' else False,
'search_text': parse_api_param(search, 'search')['value'] if search is not None else None,
'complementary_search': parse_api_param(search, 'search')['negation'] if search is not None else None,
}
dapi = DistributedAPI(f=rule_framework.get_groups,
f_kwargs=remove_nones_to_dict(f_kwargs),
request_type='local_any',
is_async=False,
wait_for_complete=wait_for_complete,
logger=logger,
rbac_permissions=request['token_info']['rbac_policies']
)
data = raise_if_exc(await dapi.distribute_function())
return web.json_response(data=data, status=200, dumps=prettify if pretty else dumps)
async def get_syscheck_agent(request, agent_id, pretty=False, wait_for_complete=False, offset=0,
limit=None, select=None, sort=None, search=None, distinct=False,
summary=False, md5=None, sha1=None, sha256=None, q=None):
"""
:param agent_id: Agent ID
:type agent_id: str
:param pretty: Show results in human-readable format
:type pretty: bool
:param wait_for_complete: Disable timeout response
:type wait_for_complete: bool
:param offset: First element to return in the collection
:type offset: int
:param limit: Maximum number of elements to return
:type limit: int
:param select: Select which fields to return (separated by comma)
:type select: List[str]
:param sort: Sorts the collection by a field or fields (separated by comma). Use +/- at the beginning to list in ascending or descending order.
:type sort: str
:param search: Looks for elements with the specified string
:type search: str
:param summary: Returns a summary grouping by filename.
:type summary: bool
:param md5: Filters files with the specified MD5 checksum.
:type md5: str
:param sha1: Filters files with the specified SHA1 checksum.
:type sha1: str
:param sha256: Filters files with the specified SHA256 checksum.
:type sha256: str
:param distinct: Look for distinct values.
:type distinct: bool
:param q: Query to filter results by.
:type q: str
"""
# get type parameter from query
type_ = request.query.get('type', None)
# get hash parameter from query
hash_ = request.query.get('hash', None)
# get file parameter from query
file_ = request.query.get('file', None)
filters = {'type': type_, 'md5': md5, 'sha1': sha1,
'sha256': sha256, 'hash': hash_, 'file': file_}
f_kwargs = {'agent_list': [agent_id], 'offset': offset, 'limit': limit,
'select': select, 'sort': parse_api_param(sort, 'sort'), 'search': parse_api_param(search, 'search'),
'summary': summary, 'filters': filters, 'distinct': distinct, 'q': q}
dapi = DistributedAPI(f=files,
f_kwargs=remove_nones_to_dict(f_kwargs),
request_type='distributed_master',
is_async=False,
wait_for_complete=wait_for_complete,
logger=logger,
rbac_permissions=request['token_info']['rbac_policies']
)
data = raise_if_exc(await dapi.distribute_function())
return web.json_response(data=data, status=200, dumps=prettify if pretty else dumps)
async def get_network_protocol_info(request,
agent_id,
pretty=False,
wait_for_complete=False,
offset=0,
limit=None,
select=None,
sort=None,
search=None,
iface=None,
gateway=None,
dhcp=None):
""" Get network protocol info of an agent
:param agent_id: Agent ID
:param pretty: Show results in human-readable format
:param wait_for_complete: Disable timeout response
:param offset: First element to return in the collection
:param limit: Maximum number of elements to return
:param select: Select which fields to return (separated by comma)
:param sort: Sorts the collection by a field or fields (separated by comma). Use +/- at the beginning to list in
ascending or descending order.
:param search: Looks for elements with the specified string
:param iface: Filters by iface
:param gateway: Filters by gateway
:param dhcp: Filters by dhcp
:return: Data
"""
filters = {
'iface': iface,
'type': request.query.get('type', None),
'gateway': gateway,
'dhcp': dhcp
}
f_kwargs = {
'agent_list': [agent_id],
'offset': offset,
'limit': limit,
'select': select,
'sort': parse_api_param(sort, 'sort'),
'search': parse_api_param(search, 'search'),
'filters': filters,
'element_type': 'netproto'
}
dapi = DistributedAPI(
f=syscollector.get_item_agent,
f_kwargs=remove_nones_to_dict(f_kwargs),
request_type='distributed_master',
is_async=False,
wait_for_complete=wait_for_complete,
logger=logger,
rbac_permissions=request['token_info']['rbac_policies'])
data = raise_if_exc(await dapi.distribute_function())
return web.json_response(data=data,
status=200,
dumps=prettify if pretty else dumps)
async def get_sca_agent(request,
agent_id=None,
pretty=False,
wait_for_complete=False,
name=None,
description=None,
references=None,
offset=0,
limit=database_limit,
sort=None,
search=None,
q=None):
"""Get security configuration assessment (SCA) database of an agent
:param agent_id: Agent ID. All possible values since 000 onwards.
:param pretty: Show results in human-readable format
:param wait_for_complete: Disable timeout response
:param name: Filters by policy name
:param description: Filters by policy description
:param references: Filters by references
:param offset:First element to return in the collection
:param limit: Maximum number of elements to return
:param sort: Sorts the collection by a field or fields (separated by comma). Use +/- at the beginning to list in
ascending or descending order
:param search: Looks for elements with the specified string
:param q: Query to filter results by. This is specially useful to filter by total checks passed, failed or total
score (fields pass, fail, score)
:return: AllItemsResponseSCADatabase
"""
filters = {
'name': name,
'description': description,
'references': references
}
f_kwargs = {
'agent_list': [agent_id],
'offset': offset,
'limit': limit,
'sort': parse_api_param(sort, 'sort'),
'search': parse_api_param(search, 'search'),
'q': q,
'filters': filters
}
dapi = DistributedAPI(
f=sca.get_sca_list,
f_kwargs=remove_nones_to_dict(f_kwargs),
request_type='distributed_master',
is_async=False,
wait_for_complete=wait_for_complete,
logger=logger,
rbac_permissions=request['token_info']['rbac_policies'])
data = raise_if_exc(await dapi.distribute_function())
return web.json_response(data=data,
status=200,
dumps=prettify if pretty else dumps)
async def get_rules(request, rule_ids=None, pretty=False, wait_for_complete=False, offset=0, select=None,
limit=None, sort=None, search=None, q=None, status=None, group=None, level=None, filename=None,
relative_dirname=None, pci_dss=None, gdpr=None, gpg13=None, hipaa=None, tsc=None, mitre=None):
"""Get information about all Wazuh rules.
:param rule_ids: Filters by rule ID
:param pretty: Show results in human-readable format
:param wait_for_complete: Disable timeout response
:param offset: First element to return in the collection
:param select: List of selected fields to return
:param limit: Maximum number of elements to return
:param sort: Sorts the collection by a field or fields (separated by comma). Use +/- at the beginning to list in
ascending or descending order.
:param search: Looks for elements with the specified string
:param q: Query to filter results by. For example q="status=active"
:param status: Filters by rules status.
:param group: Filters by rule group.
:param level: Filters by rule level. Can be a single level (4) or an interval (2-4)
:param filename: List of filenames to filter by.
:param relative_dirname: Filters by relative dirname.
:param pci_dss: Filters by PCI_DSS requirement name.
:param gdpr: Filters by GDPR requirement.
:param gpg13: Filters by GPG13 requirement.
:param hipaa: Filters by HIPAA requirement.
:param tsc: Filters by TSC requirement.
:param mitre: Filters by mitre attack ID.
:return: Data object
"""
f_kwargs = {'rule_ids': rule_ids, 'offset': offset, 'limit': limit, 'select': select,
'sort_by': parse_api_param(sort, 'sort')['fields'] if sort is not None else ['id'],
'sort_ascending': True if sort is None or parse_api_param(sort, 'sort')['order'] == 'asc' else False,
'search_text': parse_api_param(search, 'search')['value'] if search is not None else None,
'complementary_search': parse_api_param(search, 'search')['negation'] if search is not None else None,
'q': q,
'status': status,
'group': group,
'level': level,
'filename': filename,
'relative_dirname': relative_dirname,
'pci_dss': pci_dss,
'gdpr': gdpr,
'gpg13': gpg13,
'hipaa': hipaa,
'nist_800_53': request.query.get('nist-800-53', None),
'tsc': tsc,
'mitre': mitre}
dapi = DistributedAPI(f=rule_framework.get_rules,
f_kwargs=remove_nones_to_dict(f_kwargs),
request_type='local_any',
is_async=False,
wait_for_complete=wait_for_complete,
logger=logger,
rbac_permissions=request['token_info']['rbac_policies']
)
data = raise_if_exc(await dapi.distribute_function())
return web.json_response(data=data, status=200, dumps=prettify if pretty else dumps)
async def get_log(request,
pretty=False,
wait_for_complete=False,
offset=0,
limit=None,
sort=None,
search=None,
category=None,
type_log=None):
"""Get manager's or local_node's last 2000 wazuh log entries.
:param pretty: Show results in human-readable format
:param wait_for_complete: Disable timeout response
:param offset: First element to return in the collection
:param limit: Maximum number of elements to return
:param sort: Sorts the collection by a field or fields (separated by comma). Use +/- at the beginning to list in
ascending or descending order.
:param search: Looks for elements with the specified string
:param category: Filter by category of log.
:param type_log: Filters by log level.
"""
f_kwargs = {
'offset':
offset,
'limit':
limit,
'sort_by':
parse_api_param(sort, 'sort')['fields']
if sort is not None else ['timestamp'],
'sort_ascending':
False if sort is None
or parse_api_param(sort, 'sort')['order'] == 'desc' else True,
'search_text':
parse_api_param(search, 'search')['value']
if search is not None else None,
'complementary_search':
parse_api_param(search, 'search')['negation']
if search is not None else None,
'category':
category,
'type_log':
type_log
}
dapi = DistributedAPI(
f=manager.ossec_log,
f_kwargs=remove_nones_to_dict(f_kwargs),
request_type='local_any',
is_async=False,
wait_for_complete=wait_for_complete,
logger=logger,
rbac_permissions=request['token_info']['rbac_policies'])
data = raise_if_exc(await dapi.distribute_function())
return web.json_response(data=data,
status=200,
dumps=prettify if pretty else dumps)
async def get_agents_ciscat_results(request, agent_id: str, pretty: bool = False, wait_for_complete: bool = False,
offset: int = 0, limit: int = None, select: List[str] = None, sort: str = None,
search: str = None, benchmark: str = None, profile: str = None, fail: int = None,
error: int = None, notchecked: int = None, unknown: int = None, score: int = None):
"""Get CIS-CAT results from an agent
Returns the agent's ciscat results info.
:param agent_id: Agent ID. All posible values since 000 onwards.
:param pretty: Show results in human-readable format
:param wait_for_complete: Disable timeout response
:param offset: First element to return in the collection
:param limit: Maximum number of elements to return
:param select: Select which fields to return (separated by comma)
:param sort: Sorts the collection by a field or fields (separated by comma). Use +/- at the beginning to list in
ascending or descending order.
:param search: Looks for elements with the specified string
:param benchmark: Filters by benchmark type.
:param profile: Filters by evaluated profile.
:param fail: Filters by failed checks
:param error: Filters by encountered errors
:param notchecked: Filters by not checked
:param unknown: Filters by unknown results.
:param score: Filters by final score
:return: Data
"""
f_kwargs = {
'agent_list': [agent_id],
'offset': offset,
'limit': limit,
'sort': parse_api_param(sort, 'sort'),
'search': parse_api_param(search, 'search'),
'select': select,
'filters': {
'benchmark': benchmark,
'profile': profile,
'pass': request.query.get('pass', None),
'fail': fail,
'error': error,
'notchecked': notchecked,
'unknown': unknown,
'score': score
}
}
dapi = DistributedAPI(f=ciscat.get_ciscat_results,
f_kwargs=remove_nones_to_dict(f_kwargs),
request_type='distributed_master',
is_async=False,
wait_for_complete=wait_for_complete,
logger=logger,
rbac_permissions=request['token_info']['rbac_policies']
)
response = raise_if_exc(await dapi.distribute_function())
return web.json_response(data=response, status=200, dumps=prettify if pretty else dumps)
async def get_ports_info(request, pretty=False, wait_for_complete=False, agents_list='*', offset=0, limit=None,
select=None, sort=None, search=None, pid=None, protocol=None, tx_queue=None, state=None,
process=None):
""" Get ports info from all agents or a list of them.
:param pretty: Show results in human-readable format
:param wait_for_complete: Disable timeout response
:param agents_list: List of agent's IDs.
:param offset: First element to return in the collection
:param limit: Maximum number of elements to return
:param select: Select which fields to return (separated by comma)
:param sort: Sorts the collection by a field or fields (separated by comma). Use +/- at the beginning to list in
ascending or descending order.
:param search: Looks for elements with the specified string
:param pid: Filters by pid
:param protocol: Filters by protocol
:param tx_queue: Filters by tx_queue
:param state: Filters by state
:param process: Filters by process
:return: AllItemsResponseSyscollectorPorts
"""
filters = {
'pid': pid,
'protocol': protocol,
'tx_queue': tx_queue,
'state': state,
'process': process
}
# Add nested fields to kwargs filters
nested = ['local.ip', 'local.port', 'remote.ip']
for field in nested:
filters[field] = request.query.get(field, None)
f_kwargs = {'agent_list': agents_list,
'offset': offset,
'limit': limit,
'select': select,
'sort': parse_api_param(sort, 'sort'),
'search': parse_api_param(search, 'search'),
'filters': filters,
'element_type': 'ports'
}
dapi = DistributedAPI(f=syscollector.get_item_agent,
f_kwargs=remove_nones_to_dict(f_kwargs),
request_type='distributed_master',
is_async=False,
wait_for_complete=wait_for_complete,
logger=logger,
broadcasting=agents_list == '*',
rbac_permissions=request['token_info']['rbac_policies']
)
data = raise_if_exc(await dapi.distribute_function())
return web.json_response(data=data, status=200, dumps=prettify if pretty else dumps)
async def get_hotfix_info(request,
agent_id,
pretty=False,
wait_for_complete=False,
offset=0,
limit=None,
sort=None,
search=None,
select=None,
hotfix=None,
q=None):
""" Get info about an agent's hotfixes
:param agent_id: Agent ID
:param pretty: Show results in human-readable format
:param wait_for_complete: Disable timeout response
:param offset: First element to return in the collection
:param limit: Maximum number of elements to return
:param sort: Sorts the collection by a field or fields (separated by comma). Use +/. at the beginning to list in
ascending or descending order.
:param search: Looks for elements with the specified string
:param select: Select which fields to return (separated by comma)
:param hotfix: Filters by hotfix in Windows agents
:param q: Query to filter results by.
:return:
"""
filters = {'hotfix': hotfix}
f_kwargs = {
'agent_list': [agent_id],
'offset': offset,
'limit': limit,
'select': select,
'sort': parse_api_param(sort, 'sort'),
'search': parse_api_param(search, 'search'),
'filters': filters,
'element_type': 'hotfixes',
'q': q
}
dapi = DistributedAPI(
f=syscollector.get_item_agent,
f_kwargs=remove_nones_to_dict(f_kwargs),
request_type='distributed_master',
is_async=False,
wait_for_complete=wait_for_complete,
logger=logger,
rbac_permissions=request['token_info']['rbac_policies'])
data = raise_if_exc(await dapi.distribute_function())
return web.json_response(data=data,
status=200,
dumps=prettify if pretty else dumps)
async def get_hardware_info(request,
pretty=False,
wait_for_complete=False,
list_agents='*',
offset=0,
limit=None,
select=None,
sort=None,
search=None,
board_serial=None):
""" Get hardware info from all agents or a list of them.
:param pretty: Show results in human-readable format
:param wait_for_complete: Disable timeout response
:param list_agents: List of agent's IDs.
:param offset: First element to return in the collection
:param limit: Maximum number of elements to return
:param select: Select which fields to return (separated by comma)
:param sort: Sorts the collection by a field or fields (separated by comma). Use +/- at the beginning to list in
ascending or descending order.
:param search: Looks for elements with the specified string
:param board_serial: Filters by board_serial
:return: AllItemsResponseSyscollectorHardware
"""
filters = {'board_serial': board_serial}
# Add nested fields to kwargs filters
nested = ['ram.free', 'ram.total', 'cpu.cores', 'cpu.mhz', 'cpu.name']
for field in nested:
filters[field] = request.query.get(field, None)
f_kwargs = {
'agent_list': list_agents,
'offset': offset,
'limit': limit,
'select': select,
'sort': parse_api_param(sort, 'sort'),
'search': parse_api_param(search, 'search'),
'filters': filters,
'element_type': 'hardware'
}
dapi = DistributedAPI(
f=syscollector.get_item_agent,
f_kwargs=remove_nones_to_dict(f_kwargs),
request_type='distributed_master',
is_async=False,
wait_for_complete=wait_for_complete,
logger=logger,
broadcasting=list_agents == '*',
rbac_permissions=request['token_info']['rbac_policies'])
data = raise_if_exc(await dapi.distribute_function())
return web.json_response(data=data,
status=200,
dumps=prettify if pretty else dumps)
async def get_cis_cat_results(request, pretty=False, wait_for_complete=False, agents_list='*', offset=0, limit=None,
select=None, sort=None, search=None, benchmark=None, profile=None, fail=None, error=None,
notchecked=None, unknown=None, score=None):
""" Get ciscat results info from all agents or a list of them.
:param pretty: Show results in human-readable format
:param wait_for_complete: Disable timeout response
:param agents_list: List of agent's IDs.
:param offset: First element to return in the collection
:param limit: Maximum number of elements to return
:param select: Select which fields to return (separated by comma)
:param sort: Sorts the collection by a field or fields (separated by comma). Use +/- at the beginning to list in
ascending or descending order.
:param search: Looks for elements with the specified string
:param benchmark: Filters by benchmark
:param profile: Filters by evaluated profile
:param fail: Filters by failed checks
:param error: Filters by encountered errors
:param notchecked: Filters by not checked
:param unknown: Filters by unknown results.
:param score: Filters by final score
:return: AllItemsResponseCiscatResult
"""
f_kwargs = {'agent_list': agents_list,
'offset': offset,
'limit': limit,
'select': select,
'sort': parse_api_param(sort, 'sort'),
'search': parse_api_param(search, 'search'),
'filters': {
'benchmark': benchmark,
'profile': profile,
'fail': fail,
'error': error,
'notchecked': notchecked,
'unknown': unknown,
'score': score,
'pass': request.query.get('pass', None)
}
}
dapi = DistributedAPI(f=ciscat.get_ciscat_results,
f_kwargs=remove_nones_to_dict(f_kwargs),
request_type='distributed_master',
is_async=False,
wait_for_complete=wait_for_complete,
logger=logger,
broadcasting=agents_list == '*',
rbac_permissions=request['token_info']['rbac_policies']
)
data = raise_if_exc(await dapi.distribute_function())
return web.json_response(data=data, status=200, dumps=prettify if pretty else dumps)
async def get_cluster_nodes(request,
pretty=False,
wait_for_complete=False,
offset=0,
limit=None,
sort=None,
search=None,
select=None,
nodes_list=None,
q=None):
"""Get information about all nodes in the cluster or a list of them
:param pretty: Show results in human-readable format
:param wait_for_complete: Disable timeout response
:param offset: First element to return in the collection
:param limit: Maximum number of elements to return
:param sort: Sorts the collection by a field or fields (separated by comma). Use +/- at the beginning to list in
ascending or descending order.
:param search: Looks for elements with the specified string
:param select: Select which fields to return (separated by comma)
:param nodes_list: List of node ids
:param q: Query to filter results by.
"""
# Get type parameter from query
type_ = request.query.get('type', 'all')
f_kwargs = {
'filter_node': nodes_list,
'offset': offset,
'limit': limit,
'sort': parse_api_param(sort, 'sort'),
'search': parse_api_param(search, 'search'),
'select': select,
'filter_type': type_,
'q': q
}
nodes = raise_if_exc(await get_system_nodes())
dapi = DistributedAPI(
f=cluster.get_nodes_info,
f_kwargs=remove_nones_to_dict(f_kwargs),
request_type='local_master',
is_async=True,
wait_for_complete=wait_for_complete,
logger=logger,
local_client_arg='lc',
rbac_permissions=request['token_info']['rbac_policies'],
nodes=nodes)
data = raise_if_exc(await dapi.distribute_function())
return web.json_response(data=data,
status=200,
dumps=prettify if pretty else dumps)
async def get_network_interface_info(request, pretty=False, wait_for_complete=False, agents_list='*', offset=0,
limit=None, select=None, sort=None, search=None, adapter=None, state=None,
mtu=None):
""" Get all network interfaces from all agents or a list of them.
:param pretty: Show results in human-readable format
:param wait_for_complete: Disable timeout response
:param agents_list: List of agent's IDs.
:param offset: First element to return in the collection
:param limit: Maximum number of elements to return
:param select: Select which fields to return (separated by comma)
:param sort: Sorts the collection by a field or fields (separated by comma). Use +/- at the beginning to list in
ascending or descending order.
:param search: Looks for elements with the specified string
:param adapter: Filters by adapter
:param state: Filters by state
:param mtu: Filters by mtu
:return: AllItemsResponseSyscollectorInterface
"""
filters = {
'adapter': adapter,
'type': request.query.get('type', None),
'state': state,
'mtu': mtu
}
# Add nested fields to kwargs filters
nested = ['tx.packets', 'rx.packets', 'tx.bytes', 'rx.bytes', 'tx.errors', 'rx.errors', 'tx.dropped', 'rx.dropped']
for field in nested:
filters[field] = request.query.get(field, None)
f_kwargs = {'agent_list': agents_list,
'offset': offset,
'limit': limit,
'select': select,
'sort': parse_api_param(sort, 'sort'),
'search': parse_api_param(search, 'search'),
'filters': filters,
'element_type': 'netiface'
}
dapi = DistributedAPI(f=syscollector.get_item_agent,
f_kwargs=remove_nones_to_dict(f_kwargs),
request_type='distributed_master',
is_async=False,
wait_for_complete=wait_for_complete,
logger=logger,
broadcasting=agents_list == '*',
rbac_permissions=request['token_info']['rbac_policies']
)
data = raise_if_exc(await dapi.distribute_function())
return web.json_response(data=data, status=200, dumps=prettify if pretty else dumps)
async def get_attack(request,
pretty=False,
wait_for_complete=False,
offset=0,
limit=database_limit,
phase_name=None,
platform_name=None,
q=None,
search=None,
select=None,
sort=None):
"""Get information from MITRE ATT&CK database
:param pretty: Show results in human-readable format
:param wait_for_complete: Disable timeout response
:param phase_name: Filters by phase
:param platform_name: Filters by platform
:param search: Search if the string is contained in the db
:param offset: First item to return
:param limit: Maximum number of items to return
:param sort: Sort the items. Format: {'fields': ['field1', 'field2'], 'order': 'asc|desc'}
:param select: Select fields to return. Format: {"fields":["field1","field2"]}.
:param q: Query to filter by
:return: Data
"""
f_kwargs = {
'id_': request.query.get('id', None),
'phase_name': phase_name,
'platform_name': platform_name,
'select': select,
'search': parse_api_param(search, 'search'),
'offset': offset,
'limit': limit,
'sort': parse_api_param(sort, 'sort'),
'q': q
}
dapi = DistributedAPI(
f=mitre.get_attack,
f_kwargs=remove_nones_to_dict(f_kwargs),
request_type='local_master',
is_async=False,
wait_for_complete=wait_for_complete,
logger=logger,
rbac_permissions=request['token_info']['rbac_policies'])
data = raise_if_exc(await dapi.distribute_function())
return web.json_response(data=data,
status=200,
dumps=prettify if pretty else dumps)
async def get_os_info(request, pretty=False, wait_for_complete=False, agents_list='*', offset=0, limit=None,
select=None, sort=None, search=None, os_name=None, architecture=None, os_version=None,
version=None, release=None):
""" Get OS info from all agents or a list of them.
:param pretty: Show results in human-readable format
:param wait_for_complete: Disable timeout response
:param agents_list: List of agent's IDs.
:param offset: First element to return in the collection
:param limit: Maximum number of elements to return
:param select: Select which fields to return (separated by comma)
:param sort: Sorts the collection by a field or fields (separated by comma). Use +/- at the beginning to list in
ascending or descending order.
:param search: Looks for elements with the specified string
:param os_name: Filters by os_name
:param architecture: Filters by architecture
:param os_version: Filters by os_version
:param version: Filters by version
:param release: Filters by release
:return: AllItemsResponseSyscollectorOS
"""
f_kwargs = {'agent_list': agents_list,
'offset': offset,
'limit': limit,
'select': select,
'sort': parse_api_param(sort, 'sort'),
'search': parse_api_param(search, 'search'),
'filters': {
'os_name': os_name,
'architecture': architecture,
'os_version': os_version,
'version': version,
'release': release
},
'element_type': 'os'
}
dapi = DistributedAPI(f=syscollector.get_item_agent,
f_kwargs=remove_nones_to_dict(f_kwargs),
request_type='distributed_master',
is_async=False,
wait_for_complete=wait_for_complete,
logger=logger,
broadcasting=agents_list == '*',
rbac_permissions=request['token_info']['rbac_policies']
)
data = raise_if_exc(await dapi.distribute_function())
return web.json_response(data=data, status=200, dumps=prettify if pretty else dumps)
async def get_network_address_info(request, pretty=False, wait_for_complete=False, agents_list='*', offset=0,
limit=None, select=None, sort=None, search=None, iface_name=None, proto=None,
address=None, broadcast=None, netmask=None):
""" Get the IPv4 and IPv6 addresses associated to all network interfaces
:param pretty: Show results in human-readable format
:param wait_for_complete: Disable timeout response
:param agents_list: List of agent's IDs.
:param offset: First element to return in the collection
:param limit: Maximum number of elements to return
:param select: Select which fields to return (separated by comma)
:param sort: Sorts the collection by a field or fields (separated by comma). Use +/- at the beginning to list in
ascending or descending order.
:param search: Looks for elements with the specified string
:param iface_name: Filters by interface name
:param proto: Filters by IP protocol
:param address: IP address associated with the network interface
:param broadcast: Filters by broadcast direction
:param netmask: Filters by netmask
:return: AllItemsResponseSyscollectorNetwork
"""
f_kwargs = {'agent_list': agents_list,
'offset': offset,
'limit': limit,
'select': select,
'sort': parse_api_param(sort, 'sort'),
'search': parse_api_param(search, 'search'),
'filters': {
'iface_name': iface_name,
'proto': proto,
'address': address,
'broadcast': broadcast,
'netmask': netmask
},
'element_type': 'netaddr'
}
dapi = DistributedAPI(f=syscollector.get_item_agent,
f_kwargs=remove_nones_to_dict(f_kwargs),
request_type='distributed_master',
is_async=False,
wait_for_complete=wait_for_complete,
logger=logger,
broadcasting=agents_list == '*',
rbac_permissions=request['token_info']['rbac_policies']
)
data = raise_if_exc(await dapi.distribute_function())
return web.json_response(data=data, status=200, dumps=prettify if pretty else dumps)
def wrapper(request):
def coerce_dict(md):
""" MultiDict -> dict of lists
"""
try:
return md.to_dict(flat=False)
except AttributeError:
return dict(md.items())
# Raise exception if semicolon is used in q parameter
if 'q' in request.query.keys():
q = parse_api_param(request.url, 'q')
if q:
if ';' in q:
raise_if_exc(APIError(code=2009))
query = coerce_dict(request.query)
path_params = coerce_dict(request.path_params)
form = coerce_dict(request.form)
request.query = self.resolve_query(query)
request.path_params = self.resolve_path(path_params)
request.form = self.resolve_form(form)
response = function(request)
return response
def wrapper(request):
def coerce_dict(md):
""" MultiDict -> dict of lists
"""
try:
return md.to_dict(flat=False)
except AttributeError:
return dict(md.items())
# Raise exception if semicolon is used in q parameter
if 'q' in request.query.keys():
q = parse_api_param(request.url, 'q')
if q:
if ';' in q:
raise_if_exc(APIError(code=2009))
# Transform to lowercase the values for query parameter's spec.yaml enums
lower_fields = ['component', 'configuration', 'hash', 'requirement', 'status', 'type', 'section', 'tag',
'level', 'resource']
request.query.update(
{k.lower(): [list_item.lower() for list_item in v] if isinstance(v, list) else v.lower()
for k, v in request.query.items() if k in lower_fields})
query = coerce_dict(request.query)
path_params = coerce_dict(request.path_params)
form = coerce_dict(request.form)
request.query = self.resolve_query(query)
request.path_params = self.resolve_path(path_params)
request.form = self.resolve_form(form)
response = function(request)
return response
async def get_decoders(request, decoder_names: list = None, pretty: bool = False, wait_for_complete: bool = False,
offset: int = 0, limit: int = None, select: list = None, sort: str = None, search: str = None,
q: str = None, filename: str = None, relative_dirname: str = None, status: str = None):
"""Get all decoders
Returns information about all decoders included in ossec.conf. This information include decoder's route,
decoder's name, decoder's file among others
:param decoder_names: Filters by decoder name.
:param pretty: Show results in human-readable format
:param wait_for_complete: Disable timeout response
:param offset: First element to return in the collection
:param limit: Maximum number of elements to return
:param select: List of selected fields to return
:param sort: Sorts the collection by a field or fields (separated by comma). Use +/- at the beginning to list in
ascending or descending order.
:param search: Looks for elements with the specified string
:param q: Query to filter results by. For example q="status=active"
:param filename: List of filenames to filter by.
:param relative_dirname: Filters by relative dirname.
:param status: Filters by list status.
:return: Data object
"""
f_kwargs = {'names': decoder_names,
'offset': offset,
'limit': limit,
'select': select,
'sort_by': parse_api_param(sort, 'sort')['fields'] if sort is not None else ['filename', 'position'],
'sort_ascending': True if sort is None or parse_api_param(sort, 'sort')['order'] == 'asc' else False,
'search_text': parse_api_param(search, 'search')['value'] if search is not None else None,
'complementary_search': parse_api_param(search, 'search')['negation'] if search is not None else None,
'q': q,
'filename': filename,
'status': status,
'relative_dirname': relative_dirname}
dapi = DistributedAPI(f=decoder_framework.get_decoders,
f_kwargs=remove_nones_to_dict(f_kwargs),
request_type='local_any',
is_async=False,
wait_for_complete=wait_for_complete,
logger=logger,
rbac_permissions=request['token_info']['rbac_policies']
)
data = raise_if_exc(await dapi.distribute_function())
return web.json_response(data=data, status=200, dumps=prettify if pretty else dumps)
async def get_policies(request, policy_ids: list = None, pretty: bool = False, wait_for_complete: bool = False,
offset: int = 0, limit: int = None, search: str = None, select: str = None, sort: str = None):
"""Returns information from all system policies.
Parameters
----------
request : connexion.request
policy_ids : list, optional
List of policies
pretty : bool, optional
Show results in human-readable format
wait_for_complete : bool, optional
Disable timeout response
offset : int, optional
First item to return
limit : int, optional
Maximum number of items to return
search : str, optional
Looks for elements with the specified string
select : str
Select which fields to return (separated by comma)
sort : str, optional
Sorts the collection by a field or fields (separated by comma). Use +/- at the beginning to list in
ascending or descending order
Returns
-------
Policies information
"""
f_kwargs = {'policy_ids': policy_ids, 'offset': offset, 'limit': limit, 'select': select,
'sort_by': parse_api_param(sort, 'sort')['fields'] if sort is not None else ['id'],
'sort_ascending': True if sort is None or parse_api_param(sort, 'sort')['order'] == 'asc' else False,
'search_text': parse_api_param(search, 'search')['value'] if search is not None else None,
'complementary_search': parse_api_param(search, 'search')['negation'] if search is not None else None
}
dapi = DistributedAPI(f=security.get_policies,
f_kwargs=remove_nones_to_dict(f_kwargs),
request_type='local_master',
is_async=False,
wait_for_complete=wait_for_complete,
logger=logger,
rbac_permissions=request['token_info']['rbac_policies']
)
data = raise_if_exc(await dapi.distribute_function())
return web.json_response(data=data, status=200, dumps=prettify if pretty else dumps)
async def get_log_node(request, node_id, pretty=False, wait_for_complete=False, offset=0, limit=None, sort=None,
search=None, tag=None, level=None, q=None):
"""Get a specified node's wazuh logs.
Returns the last 2000 wazuh log entries in node {node_id}.
:param node_id: Cluster node name.
:param pretty: Show results in human-readable format
:param wait_for_complete: Disable timeout response
:param offset: First element to return in the collection
:param limit: Maximum number of elements to return
:param sort: Sorts the collection by a field or fields (separated by comma). Use +/- at the beginning to list in
ascending or descending order.
:param search: Looks for elements with the specified string
:param tag: Filter by category/tag of log.
:param level: Filters by log level.
:param q: Query to filter results by.
"""
f_kwargs = {'node_id': node_id,
'offset': offset,
'limit': limit,
'sort_by': parse_api_param(sort, 'sort')['fields'] if sort is not None else ['timestamp'],
'sort_ascending': False if sort is None or parse_api_param(sort, 'sort')['order'] == 'desc' else True,
'search_text': parse_api_param(search, 'search')['value'] if search is not None else None,
'complementary_search': parse_api_param(search, 'search')['negation'] if search is not None else None,
'tag': tag,
'level': level,
'q': q}
nodes = raise_if_exc(await get_system_nodes())
dapi = DistributedAPI(f=manager.ossec_log,
f_kwargs=remove_nones_to_dict(f_kwargs),
request_type='distributed_master',
is_async=False,
wait_for_complete=wait_for_complete,
logger=logger,
rbac_permissions=request['token_info']['rbac_policies'],
nodes=nodes
)
data = raise_if_exc(await dapi.distribute_function())
return web.json_response(data=data, status=200, dumps=prettify if pretty else dumps)
async def get_lists(request, pretty: bool = False, wait_for_complete: bool = False, offset: int = 0, limit: int = None,
select: list = None, sort: str = None, search: str = None, filename: str = None,
relative_dirname: str = None):
""" Get all CDB lists
:param pretty: Show results in human-readable format.
:param wait_for_complete: Disable timeout response.
:param offset: First element to return in the collection.
:param limit: Maximum number of elements to return.
:param select: List of selected fields to return
:param sort: Sorts the collection by a field or fields (separated by comma). Use +/- at the beginning to list in
ascending or descending order.
:param search: Looks for elements with the specified string.
:param filename: List of filenames to filter by.
:param relative_dirname: Filters by relative dirname
:return: Data object
"""
path = [os.path.join(relative_dirname, item) for item in filename] if filename and relative_dirname else None
f_kwargs = {'offset': offset,
'select': select,
'limit': limit,
'sort_by': parse_api_param(sort, 'sort')['fields'] if sort is not None else ['relative_dirname',
'filename'],
'sort_ascending': True if sort is None or parse_api_param(sort, 'sort')['order'] == 'asc' else False,
'search_text': parse_api_param(search, 'search')['value'] if search is not None else None,
'complementary_search': parse_api_param(search, 'search')['negation'] if search is not None else None,
'filename': filename,
'relative_dirname': relative_dirname,
'path': path
}
dapi = DistributedAPI(f=cdb_list.get_lists,
f_kwargs=remove_nones_to_dict(f_kwargs),
request_type='local_any',
is_async=False,
wait_for_complete=wait_for_complete,
logger=logger,
rbac_permissions=request['token_info']['rbac_policies']
)
data = raise_if_exc(await dapi.distribute_function())
return web.json_response(data=data, status=200, dumps=prettify if pretty else dumps)
def test_get_ciscat_results_search(agents_info_mock, socket_mock, search,
total_expected_items):
"""Check if the number of items returned is as expected when using the search parameter.
Parameters
----------
search : str
String to be searched in the database.
total_expected_items : int
Number of expected items to be returned.
"""
with patch('wazuh.core.utils.WazuhDBConnection') as mock_wdb:
mock_wdb.return_value = InitWDBSocketMock(sql_schema_file=db_file)
result = get_ciscat_results(agent_list=['001'],
search=parse_api_param(
search, 'search')).render()['data']
assert result['total_affected_items'] == total_expected_items
def test_get_ciscat_results_sort(agents_info_mock, socket_mock, sort,
first_item):
"""Check if the the first item returned is expected when using sort parameter
Parameters
----------
sort : str
Field and order to sort by
first_item : int
Expected string to be contained in the log of the first returned element.
"""
with patch('wazuh.core.utils.WazuhDBConnection') as mock_wdb:
mock_wdb.return_value = InitWDBSocketMock(sql_schema_file=db_file)
result = get_ciscat_results(agent_list=['001'],
sort=parse_api_param(
sort, 'sort')).render()['data']
assert result['affected_items'][0]['scan']['id'] == first_item
def test_get_rootcheck_agent_search(mock_connect, mock_send, mock_info, search,
total_expected_items):
"""Checks if the number of items returned is as expected when using the search parameter.
Parameters
----------
search : str
String to be searched in the database.
total_expected_items : int
Number of expected items to be returned.
"""
result = rootcheck.get_rootcheck_agent(agent_list=['001'],
search=parse_api_param(
search, 'search'),
filters={
'status': 'all'
}).render()['data']
assert result['total_affected_items'] == total_expected_items
def test_get_rootcheck_agent_sort(mock_connect, mock_send, mock_info, sort,
first_item):
"""Checks if the the first item returned is expected when using sort parameter
Parameters
----------
sort : str
Field and order to sort by
first_item : int
Expected string to be contained in the log of the first returned element.
"""
result = rootcheck.get_rootcheck_agent(agent_list=['001'],
sort=parse_api_param(sort, 'sort'),
filters={
'status': 'all'
}).render()['data']
assert first_item in result['affected_items'][0]['log']
