async def get_network_address_info(request,
pretty=False,
wait_for_complete=False,
agents_list='*',
offset=0,
limit=None,
select=None,
sort=None,
search=None,
iface_name=None,
proto=None,
address=None,
broadcast=None,
netmask=None):
""" Get the IPv4 and IPv6 addresses associated to all network interfaces
:param pretty: Show results in human-readable format
:param wait_for_complete: Disable timeout response
:param agents_list: List of agent's IDs.
:param offset: First element to return in the collection
:param limit: Maximum number of elements to return
:param select: Select which fields to return (separated by comma)
:param sort: Sorts the collection by a field or fields (separated by comma). Use +/- at the beginning to list in
ascending or descending order.
:param search: Looks for elements with the specified string
:param iface_name: Filters by interface name
:param proto: Filters by IP protocol
:param address: IP address associated with the network interface
:param broadcast: Filters by broadcast direction
:param netmask: Filters by netmask
:return: AllItemsResponseSyscollectorNetwork
"""
f_kwargs = {
'agent_list': agents_list,
'offset': offset,
'limit': limit,
'select': select,
'sort': parse_api_param(sort, 'sort'),
'search': parse_api_param(search, 'search'),
'filters': {
'iface_name': iface_name,
'proto': proto,
'address': address,
'broadcast': broadcast,
'netmask': netmask
},
'element_type': 'netaddr'
}
dapi = DistributedAPI(
f=syscollector.get_item_agent,
f_kwargs=remove_nones_to_dict(f_kwargs),
request_type='distributed_master',
is_async=False,
wait_for_complete=wait_for_complete,
logger=logger,
broadcasting=agents_list == '*',
rbac_permissions=request['token_info']['rbac_policies'])
data = raise_if_exc(await dapi.distribute_function())
return web.json_response(data=data,
status=200,
dumps=prettify if pretty else dumps)
async def get_network_interface_info(request,
pretty=False,
wait_for_complete=False,
agents_list='*',
offset=0,
limit=None,
select=None,
sort=None,
search=None,
adapter=None,
state=None,
mtu=None):
""" Get all network interfaces from all agents or a list of them.
:param pretty: Show results in human-readable format
:param wait_for_complete: Disable timeout response
:param agents_list: List of agent's IDs.
:param offset: First element to return in the collection
:param limit: Maximum number of elements to return
:param select: Select which fields to return (separated by comma)
:param sort: Sorts the collection by a field or fields (separated by comma). Use +/- at the beginning to list in
ascending or descending order.
:param search: Looks for elements with the specified string
:param adapter: Filters by adapter
:param state: Filters by state
:param mtu: Filters by mtu
:return: AllItemsResponseSyscollectorInterface
"""
filters = {
'adapter': adapter,
'type': request.query.get('type', None),
'state': state,
'mtu': mtu
}
# Add nested fields to kwargs filters
nested = [
'tx.packets', 'rx.packets', 'tx.bytes', 'rx.bytes', 'tx.errors',
'rx.errors', 'tx.dropped', 'rx.dropped'
]
for field in nested:
filters[field] = request.query.get(field, None)
f_kwargs = {
'agent_list': agents_list,
'offset': offset,
'limit': limit,
'select': select,
'sort': parse_api_param(sort, 'sort'),
'search': parse_api_param(search, 'search'),
'filters': filters,
'element_type': 'netiface'
}
dapi = DistributedAPI(
f=syscollector.get_item_agent,
f_kwargs=remove_nones_to_dict(f_kwargs),
request_type='distributed_master',
is_async=False,
wait_for_complete=wait_for_complete,
logger=logger,
broadcasting=agents_list == '*',
rbac_permissions=request['token_info']['rbac_policies'])
data = raise_if_exc(await dapi.distribute_function())
return web.json_response(data=data,
status=200,
dumps=prettify if pretty else dumps)
async def get_syscheck_agent(request,
agent_id,
pretty=False,
wait_for_complete=False,
offset=0,
limit=None,
select=None,
sort=None,
search=None,
distinct=False,
summary=False,
md5=None,
sha1=None,
sha256=None,
q=None,
arch=None):
"""Get file integrity monitoring scan result from an agent.
Parameters
----------
agent_id : str
Agent ID.
pretty : bool
Show results in human-readable format.
wait_for_complete : bool
Disable timeout response.
offset : int
First element to return in the collection.
limit : int
Maximum number of elements to return.
select : list[str]
Select which fields to return (separated by comma).
sort : str
Sorts the collection by a field or fields (separated by comma). Use +/- at the beginning to list in ascending or descending order.
search : str
Looks for elements with the specified string.
summary : bool
Returns a summary grouping by filename.
md5 : str
Filters files with the specified MD5 checksum.
sha1 : str
Filters files with the specified SHA1 checksum.
sha256 : str
Filters files with the specified SHA256 checksum.
distinct : bool
Look for distinct values.
q : str
Query to filter results by.
arch : str
Specify whether the associated entry is 32 or 64 bits. Allowed values: '[x32]' and '[x64]'.
Returns
-------
result : json_response
Json response with the API response.
"""
# get type parameter from query
type_ = request.query.get('type', None)
# get hash parameter from query
hash_ = request.query.get('hash', None)
# get file parameter from query
file_ = request.query.get('file', None)
filters = {
'type': type_,
'md5': md5,
'sha1': sha1,
'sha256': sha256,
'hash': hash_,
'file': file_,
'arch': arch,
'value.name': request.query.get('value.name', None),
'value.type': request.query.get('value.type', None)
}
f_kwargs = {
'agent_list': [agent_id],
'offset': offset,
'limit': limit,
'select': select,
'sort': parse_api_param(sort, 'sort'),
'search': parse_api_param(search, 'search'),
'summary': summary,
'filters': filters,
'distinct': distinct,
'q': q
}
dapi = DistributedAPI(
f=files,
f_kwargs=remove_nones_to_dict(f_kwargs),
request_type='distributed_master',
is_async=False,
wait_for_complete=wait_for_complete,
logger=logger,
rbac_permissions=request['token_info']['rbac_policies'])
data = raise_if_exc(await dapi.distribute_function())
return web.json_response(data=data,
status=200,
dumps=prettify if pretty else dumps)
async def get_agents_ciscat_results(request,
agent_id: str,
pretty: bool = False,
wait_for_complete: bool = False,
offset: int = 0,
limit: int = None,
select: List[str] = None,
sort: str = None,
search: str = None,
benchmark: str = None,
profile: str = None,
fail: int = None,
error: int = None,
notchecked: int = None,
unknown: int = None,
score: int = None,
q: str = None):
"""Get CIS-CAT results from an agent
Returns the agent's ciscat results info.
:param agent_id: Agent ID. All posible values since 000 onwards.
:param pretty: Show results in human-readable format
:param wait_for_complete: Disable timeout response
:param offset: First element to return in the collection
:param limit: Maximum number of elements to return
:param select: Select which fields to return (separated by comma)
:param sort: Sorts the collection by a field or fields (separated by comma). Use +/- at the beginning to list in
ascending or descending order.
:param search: Looks for elements with the specified string
:param benchmark: Filters by benchmark type.
:param profile: Filters by evaluated profile.
:param fail: Filters by failed checks
:param error: Filters by encountered errors
:param notchecked: Filters by not checked
:param unknown: Filters by unknown results.
:param score: Filters by final score
:param q: Query to filter results by.
:return: Data
"""
f_kwargs = {
'agent_list': [agent_id],
'offset': offset,
'limit': limit,
'sort': parse_api_param(sort, 'sort'),
'search': parse_api_param(search, 'search'),
'select': select,
'filters': {
'benchmark': benchmark,
'profile': profile,
'pass': request.query.get('pass', None),
'fail': fail,
'error': error,
'notchecked': notchecked,
'unknown': unknown,
'score': score
},
'q': q
}
dapi = DistributedAPI(
f=ciscat.get_ciscat_results,
f_kwargs=remove_nones_to_dict(f_kwargs),
request_type='distributed_master',
is_async=False,
wait_for_complete=wait_for_complete,
logger=logger,
rbac_permissions=request['token_info']['rbac_policies'])
response = raise_if_exc(await dapi.distribute_function())
return web.json_response(data=response,
status=200,
dumps=prettify if pretty else dumps)
async def get_rootcheck_agent(request,
pretty=False,
wait_for_complete=False,
agent_id=None,
offset=0,
limit=None,
sort=None,
search=None,
select=None,
q='',
distinct=None,
status='all',
pci_dss=None,
cis=None):
"""Return a list of events from the rootcheck database.
Parameters
----------
pretty : bool
Show results in human-readable format.
wait_for_complete : bool
Disable timeout response.
agent_id : str
ID of the agent's rootcheck info to retrieve.
offset : int
First element to return in the collection.
limit : int
Maximum number of elements to return.
sort : str
Sort the collection by a field or fields (separated by comma). Use +/- at the beginning to list in
ascending or descending order.
search : str
Look for elements with the specified string.
select : str
Select which fields to return (separated by comma).
q : str
Query to filter results by.
distinct : bool
Look for distinct values.
status : str
Filter by scan status.
pci_dss : str
Filter by PCI requirement.
cis : str
Filter by CIS requirement.
"""
f_kwargs = {
'agent_list': [agent_id],
'offset': offset,
'limit': limit,
'sort': parse_api_param(sort, 'sort'),
'search': parse_api_param(search, 'search'),
'select': select,
'q': q,
'distinct': distinct,
'filters': {
'status': status,
'pci_dss': pci_dss,
'cis': cis
},
}
dapi = DistributedAPI(
f=rootcheck.get_rootcheck_agent,
f_kwargs=remove_nones_to_dict(f_kwargs),
request_type='distributed_master',
is_async=False,
wait_for_complete=wait_for_complete,
logger=logger,
rbac_permissions=request['token_info']['rbac_policies'])
data = raise_if_exc(await dapi.distribute_function())
return web.json_response(data=data,
status=200,
dumps=prettify if pretty else dumps)
async def get_agents(request,
pretty=False,
wait_for_complete=False,
agents_list=None,
offset=0,
limit=database_limit,
select=None,
sort=None,
search=None,
status=None,
q=None,
older_than=None,
manager=None,
version=None,
group=None,
node_name=None,
name=None,
ip=None):
"""Get information about all agents or a list of them
:param pretty: Show results in human-readable format
:param wait_for_complete: Disable timeout response
:param agents_list: List of agent's IDs.
:param offset: First element to return in the collection
:param limit: Maximum number of elements to return
:param select: Select which fields to return (separated by comma)
:param sort: Sorts the collection by a field or fields (separated by comma). Use +/- at the beginning to list in
ascending or descending order.
:param search: Looks for elements with the specified string
:param status: Filters by agent status. Use commas to enter multiple statuses.
:param q: Query to filter results by. For example q="status=active"
:param older_than: Filters out disconnected agents for longer than specified. Time in seconds, ‘[n_days]d’,
‘[n_hours]h’, ‘[n_minutes]m’ or ‘[n_seconds]s’. For never_connected agents, uses the register date.
:param manager: Filters by manager hostname to which agents are connected.
:param version: Filters by agents version.
:param group: Filters by group of agents.
:param node_name: Filters by node name.
:param name: Filters by agent name.
:param ip: Filters by agent IP
:return: AllItemsResponseAgents
"""
f_kwargs = {
'agent_list': agents_list,
'offset': offset,
'limit': limit,
'sort': parse_api_param(sort, 'sort'),
'search': parse_api_param(search, 'search'),
'select': select,
'filters': {
'status': status,
'older_than': older_than,
'manager': manager,
'version': version,
'group': group,
'node_name': node_name,
'name': name,
'ip': ip,
'registerIP': request.query.get('registerIP', None)
},
'q': q
}
# Add nested fields to kwargs filters
nested = ['os.version', 'os.name', 'os.platform']
for field in nested:
f_kwargs['filters'][field] = request.query.get(field, None)
dapi = DistributedAPI(
f=agent.get_agents,
f_kwargs=remove_nones_to_dict(f_kwargs),
request_type='local_master',
is_async=False,
wait_for_complete=wait_for_complete,
logger=logger,
rbac_permissions=request['token_info']['rbac_policies'])
data = raise_if_exc(await dapi.distribute_function())
return web.json_response(data=data,
status=200,
dumps=prettify if pretty else dumps)
async def get_decoders(request,
decoder_names: list = None,
pretty: bool = False,
wait_for_complete: bool = False,
offset: int = 0,
limit: int = None,
select: list = None,
sort: str = None,
search: str = None,
q: str = None,
filename: str = None,
relative_dirname: str = None,
status: str = None):
"""Get all decoders
Returns information about all decoders included in ossec.conf. This information include decoder's route,
decoder's name, decoder's file among others
:param decoder_names: Filters by decoder name.
:param pretty: Show results in human-readable format
:param wait_for_complete: Disable timeout response
:param offset: First element to return in the collection
:param limit: Maximum number of elements to return
:param select: List of selected fields to return
:param sort: Sorts the collection by a field or fields (separated by comma). Use +/- at the beginning to list in
ascending or descending order.
:param search: Looks for elements with the specified string
:param q: Query to filter results by. For example q="status=active"
:param filename: List of filenames to filter by.
:param relative_dirname: Filters by relative dirname.
:param status: Filters by list status.
:return: Data object
"""
f_kwargs = {
'names':
decoder_names,
'offset':
offset,
'limit':
limit,
'select':
select,
'sort_by':
parse_api_param(sort, 'sort')['fields']
if sort is not None else ['filename', 'position'],
'sort_ascending':
True if sort is None or parse_api_param(sort, 'sort')['order'] == 'asc'
else False,
'search_text':
parse_api_param(search, 'search')['value']
if search is not None else None,
'complementary_search':
parse_api_param(search, 'search')['negation']
if search is not None else None,
'q':
q,
'filename':
filename,
'status':
status,
'relative_dirname':
relative_dirname
}
dapi = DistributedAPI(
f=decoder_framework.get_decoders,
f_kwargs=remove_nones_to_dict(f_kwargs),
request_type='local_any',
is_async=False,
wait_for_complete=wait_for_complete,
logger=logger,
rbac_permissions=request['token_info']['rbac_policies'])
data = raise_if_exc(await dapi.distribute_function())
return web.json_response(data=data,
status=200,
dumps=prettify if pretty else dumps)
async def get_processes_info(request,
pretty=False,
wait_for_complete=False,
agents_list='*',
offset=0,
limit=None,
select=None,
sort=None,
search=None,
pid=None,
state=None,
ppid=None,
egroup=None,
euser=None,
fgroup=None,
name=None,
nlwp=None,
pgrp=None,
priority=None,
rgroup=None,
ruser=None,
sgroup=None,
suser=None):
""" Get processes info from all agents or a list of them.
:param pretty: Show results in human-readable format
:param wait_for_complete: Disable timeout response
:param agents_list: List of agent's IDs.
:param offset: First element to return in the collection
:param limit: Maximum number of elements to return
:param select: Select which fields to return (separated by comma)
:param sort: Sorts the collection by a field or fields (separated by comma). Use +/- at the beginning to list in
ascending or descending order.
:param search: Looks for elements with the specified string
:param pid: Filters by process pid
:param state: Filters by process state
:param ppid: Filters by process parent pid
:param egroup: Filters by process egroup
:param euser Filters by process euser
:param fgroup: Filters by process fgroup
:param name: Filters by process name
:param nlwp: Filters by process nlwp
:param pgrp: Filters by process pgrp
:param priority: Filters by process priority
:param rgroup: Filters by process rgroup
:param ruser: Filters by process ruser
:param sgroup: Filters by process sgroup
:param suser: Filters by process suser
:return: AllItemsResponseSyscollectorProcesses
"""
f_kwargs = {
'agent_list': agents_list,
'offset': offset,
'limit': limit,
'select': select,
'sort': parse_api_param(sort, 'sort'),
'search': parse_api_param(search, 'search'),
'filters': {
'state': state,
'pid': pid,
'ppid': ppid,
'egroup': egroup,
'euser': euser,
'fgroup': fgroup,
'name': name,
'nlwp': nlwp,
'pgrp': pgrp,
'priority': priority,
'rgroup': rgroup,
'ruser': ruser,
'sgroup': sgroup,
'suser': suser
},
'element_type': 'processes'
}
dapi = DistributedAPI(
f=syscollector.get_item_agent,
f_kwargs=remove_nones_to_dict(f_kwargs),
request_type='distributed_master',
is_async=False,
wait_for_complete=wait_for_complete,
logger=logger,
broadcasting=agents_list == '*',
rbac_permissions=request['token_info']['rbac_policies'])
data = raise_if_exc(await dapi.distribute_function())
return web.json_response(data=data,
status=200,
dumps=prettify if pretty else dumps)
async def get_policies(request,
policy_ids: list = None,
pretty: bool = False,
wait_for_complete: bool = False,
offset: int = 0,
limit: int = None,
search: str = None,
sort: str = None):
"""Returns information from all system policies.
Parameters
----------
request : connexion.request
policy_ids : list, optional
List of policies
pretty : bool, optional
Show results in human-readable format
wait_for_complete : bool, optional
Disable timeout response
offset : int, optional
First item to return
limit : int, optional
Maximum number of items to return
search : str, optional
Looks for elements with the specified string
sort : str, optional
Sorts the collection by a field or fields (separated by comma). Use +/- at the beginning to list in
ascending or descending order
Returns
-------
Policies information
"""
f_kwargs = {
'policy_ids':
policy_ids,
'offset':
offset,
'limit':
limit,
'sort_by':
parse_api_param(sort, 'sort')['fields']
if sort is not None else ['id'],
'sort_ascending':
True if sort is None or parse_api_param(sort, 'sort')['order'] == 'asc'
else False,
'search_text':
parse_api_param(search, 'search')['value']
if search is not None else None,
'complementary_search':
parse_api_param(search, 'search')['negation']
if search is not None else None
}
dapi = DistributedAPI(
f=security.get_policies,
f_kwargs=remove_nones_to_dict(f_kwargs),
request_type='local_master',
is_async=False,
wait_for_complete=wait_for_complete,
logger=logger,
rbac_permissions=request['token_info']['rbac_policies'])
data = raise_if_exc(await dapi.distribute_function())
return web.json_response(data=data,
status=200,
dumps=prettify if pretty else dumps)
async def get_lists_files(request,
pretty: bool = False,
wait_for_complete: bool = False,
offset: int = 0,
limit: int = None,
sort: str = None,
search: str = None,
filename: str = None,
relative_dirname: str = None):
"""Get paths from all CDB lists.
Parameters
----------
pretty : bool
Show results in human-readable format.
wait_for_complete : bool
Disable timeout response.
offset : int
First element to return in the collection.
limit : int
Maximum number of elements to return.
sort : str
Sort the collection by a field or fields (separated by comma). Use +/- at the beginning
to list in ascending or descending order.
search : str
Look for elements with the specified string.
filename : str
Filenames to filter by (separated by comma).
relative_dirname : str
Filter by relative dirname.
Returns
-------
web.json_response
"""
f_kwargs = {
'offset':
offset,
'limit':
limit,
'sort_by':
parse_api_param(sort, 'sort')['fields']
if sort is not None else ['relative_dirname', 'filename'],
'sort_ascending':
True if sort is None or parse_api_param(sort, 'sort')['order'] == 'asc'
else False,
'search_text':
parse_api_param(search, 'search')['value']
if search is not None else None,
'complementary_search':
parse_api_param(search, 'search')['negation']
if search is not None else None,
'search_in_fields': ['filename', 'relative_dirname'],
'filename':
filename,
'relative_dirname':
relative_dirname,
}
dapi = DistributedAPI(
f=cdb_list.get_path_lists,
f_kwargs=remove_nones_to_dict(f_kwargs),
request_type='local_master',
is_async=False,
wait_for_complete=wait_for_complete,
logger=logger,
rbac_permissions=request['token_info']['rbac_policies'])
data = raise_if_exc(await dapi.distribute_function())
return web.json_response(data=data,
status=200,
dumps=prettify if pretty else dumps)
async def get_vulnerability_agent(request,
pretty=False,
wait_for_complete=False,
agent_id=None,
offset=0,
limit=None,
sort=None,
search=None,
select=None,
q='',
distinct=None,
architecture=None,
cve=None,
name=None,
version=None):
"""Get agents' vulnerabilities.
Parameters
----------
pretty : bool
Show results in human-readable format.
wait_for_complete : bool
Disable timeout response.
agent_id : str
ID of the agent to retrieve CVE info.
offset : int
First element to return in the collection.
limit : int
Maximum number of elements to return.
sort : str
Sort the collection by a field or fields (separated by comma). Use +/- at the beginning to list in
ascending or descending order.
search : str
Look for elements with the specified string.
select : list
Fields to return.
q : str
Query to filter results by.
distinct : bool
Look for distinct values.
architecture : str
Filter by architecture.
cve : str
Filter by CVE ID.
name : str
Filter by package ID.
version : str
Filter by version.
Returns
-------
web.json_response
"""
f_kwargs = {
'agent_list': [agent_id],
'offset': offset,
'limit': limit,
'sort': parse_api_param(sort, 'sort'),
'search': parse_api_param(search, 'search'),
'select': select,
'q': q,
'distinct': distinct,
'filters': {
'architecture': architecture,
'cve': cve,
'name': name,
'version': version
}
}
dapi = DistributedAPI(
f=vulnerability.get_agent_cve,
f_kwargs=remove_nones_to_dict(f_kwargs),
request_type='distributed_master',
is_async=False,
wait_for_complete=wait_for_complete,
logger=logger,
rbac_permissions=request['token_info']['rbac_policies'])
data = raise_if_exc(await dapi.distribute_function())
return web.json_response(data=data,
status=200,
dumps=prettify if pretty else dumps)
async def get_sca_checks(request,
agent_id=None,
pretty=False,
wait_for_complete=False,
policy_id=None,
title=None,
description=None,
rationale=None,
remediation=None,
file=None,
process=None,
directory=None,
registry=None,
references=None,
result=None,
condition=None,
offset=0,
limit=database_limit,
sort=None,
search=None,
q=None):
"""Get policy monitoring alerts for a given policy
:param agent_id: Agent ID. All possible values since 000 onwards
:param pretty: Show results in human-readable format
:param wait_for_complete: Disable timeout response
:param policy_id: Filters by policy id
:param title: Filters by title
:param description: Filters by policy description
:param rationale: Filters by rationale
:param remediation: Filters by remediation
:param file: Filters by file
:param process: Filters by process
:param directory: Filters by directory
:param registry: Filters by registry
:param references: Filters by references
:param result: Filters by result
:param condition: Filters by condition
:param offset:First element to return in the collection
:param limit: Maximum number of elements to return
:param sort: Sorts the collection by a field or fields (separated by comma). Use +/- at the beginning to list in
ascending or descending order
:param search: Looks for elements with the specified string
:param q: Query to filter results by. This is specially useful to filter by total checks passed, failed or total
score (fields pass, fail, score)
"""
filters = {
'title': title,
'description': description,
'rationale': rationale,
'remediation': remediation,
'file': file,
'process': process,
'directory': directory,
'registry': registry,
'references': references,
'result': result,
'condition': condition
}
f_kwargs = {
'policy_id': policy_id,
'agent_list': [agent_id],
'offset': offset,
'limit': limit,
'sort': parse_api_param(sort, 'sort'),
'search': parse_api_param(search, 'search'),
'q': q,
'filters': filters
}
dapi = DistributedAPI(
f=sca.get_sca_checks,
f_kwargs=remove_nones_to_dict(f_kwargs),
request_type='distributed_master',
is_async=False,
wait_for_complete=wait_for_complete,
logger=logger,
rbac_permissions=request['token_info']['rbac_policies'])
data = raise_if_exc(await dapi.distribute_function())
return web.json_response(data=data,
status=200,
dumps=prettify if pretty else dumps)
async def get_log(request,
pretty=False,
wait_for_complete=False,
offset=0,
limit=None,
sort=None,
search=None,
tag=None,
level=None,
q=None):
"""Get manager's or local_node's last 2000 wazuh log entries.
:param pretty: Show results in human-readable format
:param wait_for_complete: Disable timeout response
:param offset: First element to return in the collection
:param limit: Maximum number of elements to return
:param sort: Sorts the collection by a field or fields (separated by comma). Use +/- at the beginning to list in
ascending or descending order.
:param search: Looks for elements with the specified string
:param tag: Filter by category/tag of log.
:param level: Filters by log level.
:param q: Query to filter results by.
"""
f_kwargs = {
'offset':
offset,
'limit':
limit,
'sort_by':
parse_api_param(sort, 'sort')['fields']
if sort is not None else ['timestamp'],
'sort_ascending':
False if sort is None
or parse_api_param(sort, 'sort')['order'] == 'desc' else True,
'search_text':
parse_api_param(search, 'search')['value']
if search is not None else None,
'complementary_search':
parse_api_param(search, 'search')['negation']
if search is not None else None,
'tag':
tag,
'level':
level,
'q':
q
}
dapi = DistributedAPI(
f=manager.ossec_log,
f_kwargs=remove_nones_to_dict(f_kwargs),
request_type='local_any',
is_async=False,
wait_for_complete=wait_for_complete,
logger=logger,
rbac_permissions=request['token_info']['rbac_policies'])
data = raise_if_exc(await dapi.distribute_function())
return web.json_response(data=data,
status=200,
dumps=prettify if pretty else dumps)
async def get_packages_info(request,
pretty=False,
wait_for_complete=False,
agents_list='*',
offset=0,
limit=None,
select=None,
sort=None,
search=None,
vendor=None,
name=None,
architecture=None,
version=None):
""" Get packages info from all agents or a list of them.
:param pretty: Show results in human-readable format
:param wait_for_complete: Disable timeout response
:param agents_list: List of agent's IDs.
:param offset: First element to return in the collection
:param limit: Maximum number of elements to return
:param select: Select which fields to return (separated by comma)
:param sort: Sorts the collection by a field or fields (separated by comma). Use +/- at the beginning to list in
ascending or descending order.
:param search: Looks for elements with the specified string
:param vendor: Filters by vendor
:param name: Filters by name
:param architecture: Filters by architecture
:param version: Filters by format
:return: AllItemsResponseSyscollectorPackages
"""
f_kwargs = {
'agent_list': agents_list,
'offset': offset,
'limit': limit,
'select': select,
'sort': parse_api_param(sort, 'sort'),
'search': parse_api_param(search, 'search'),
'filters': {
'vendor': vendor,
'name': name,
'architecture': architecture,
'format': request.query.get('format', None),
'version': version
},
'element_type': 'packages'
}
dapi = DistributedAPI(
f=syscollector.get_item_agent,
f_kwargs=remove_nones_to_dict(f_kwargs),
request_type='distributed_master',
is_async=False,
wait_for_complete=wait_for_complete,
logger=logger,
broadcasting=agents_list == '*',
rbac_permissions=request['token_info']['rbac_policies'])
data = raise_if_exc(await dapi.distribute_function())
return web.json_response(data=data,
status=200,
dumps=prettify if pretty else dumps)
async def get_rules(request,
rule_ids=None,
pretty=False,
wait_for_complete=False,
offset=0,
select=None,
limit=None,
sort=None,
search=None,
q=None,
status=None,
group=None,
level=None,
filename=None,
relative_dirname=None,
pci_dss=None,
gdpr=None,
gpg13=None,
hipaa=None,
tsc=None,
mitre=None):
"""Get information about all Wazuh rules.
:param rule_ids: Filters by rule ID
:param pretty: Show results in human-readable format
:param wait_for_complete: Disable timeout response
:param offset: First element to return in the collection
:param select: List of selected fields to return
:param limit: Maximum number of elements to return
:param sort: Sorts the collection by a field or fields (separated by comma). Use +/- at the beginning to list in
ascending or descending order.
:param search: Looks for elements with the specified string
:param q: Query to filter results by. For example q="status=active"
:param status: Filters by rules status.
:param group: Filters by rule group.
:param level: Filters by rule level. Can be a single level (4) or an interval (2-4)
:param filename: List of filenames to filter by.
:param relative_dirname: Filters by relative dirname.
:param pci_dss: Filters by PCI_DSS requirement name.
:param gdpr: Filters by GDPR requirement.
:param gpg13: Filters by GPG13 requirement.
:param hipaa: Filters by HIPAA requirement.
:param tsc: Filters by TSC requirement.
:param mitre: Filters by mitre attack ID.
:return: Data object
"""
f_kwargs = {
'rule_ids':
rule_ids,
'offset':
offset,
'limit':
limit,
'select':
select,
'sort_by':
parse_api_param(sort, 'sort')['fields']
if sort is not None else ['id'],
'sort_ascending':
True if sort is None or parse_api_param(sort, 'sort')['order'] == 'asc'
else False,
'search_text':
parse_api_param(search, 'search')['value']
if search is not None else None,
'complementary_search':
parse_api_param(search, 'search')['negation']
if search is not None else None,
'q':
q,
'status':
status,
'group':
group,
'level':
level,
'filename':
filename,
'relative_dirname':
relative_dirname,
'pci_dss':
pci_dss,
'gdpr':
gdpr,
'gpg13':
gpg13,
'hipaa':
hipaa,
'nist_800_53':
request.query.get('nist-800-53', None),
'tsc':
tsc,
'mitre':
mitre
}
dapi = DistributedAPI(
f=rule_framework.get_rules,
f_kwargs=remove_nones_to_dict(f_kwargs),
request_type='local_any',
is_async=False,
wait_for_complete=wait_for_complete,
logger=logger,
rbac_permissions=request['token_info']['rbac_policies'])
data = raise_if_exc(await dapi.distribute_function())
return web.json_response(data=data,
status=200,
dumps=prettify if pretty else dumps)
async def get_ports_info(request,
pretty=False,
wait_for_complete=False,
agents_list='*',
offset=0,
limit=None,
select=None,
sort=None,
search=None,
pid=None,
protocol=None,
tx_queue=None,
state=None,
process=None):
""" Get ports info from all agents or a list of them.
:param pretty: Show results in human-readable format
:param wait_for_complete: Disable timeout response
:param agents_list: List of agent's IDs.
:param offset: First element to return in the collection
:param limit: Maximum number of elements to return
:param select: Select which fields to return (separated by comma)
:param sort: Sorts the collection by a field or fields (separated by comma). Use +/- at the beginning to list in
ascending or descending order.
:param search: Looks for elements with the specified string
:param pid: Filters by pid
:param protocol: Filters by protocol
:param tx_queue: Filters by tx_queue
:param state: Filters by state
:param process: Filters by process
:return: AllItemsResponseSyscollectorPorts
"""
filters = {
'pid': pid,
'protocol': protocol,
'tx_queue': tx_queue,
'state': state,
'process': process
}
# Add nested fields to kwargs filters
nested = ['local.ip', 'local.port', 'remote.ip']
for field in nested:
filters[field] = request.query.get(field, None)
f_kwargs = {
'agent_list': agents_list,
'offset': offset,
'limit': limit,
'select': select,
'sort': parse_api_param(sort, 'sort'),
'search': parse_api_param(search, 'search'),
'filters': filters,
'element_type': 'ports'
}
dapi = DistributedAPI(
f=syscollector.get_item_agent,
f_kwargs=remove_nones_to_dict(f_kwargs),
request_type='distributed_master',
is_async=False,
wait_for_complete=wait_for_complete,
logger=logger,
broadcasting=agents_list == '*',
rbac_permissions=request['token_info']['rbac_policies'])
data = raise_if_exc(await dapi.distribute_function())
return web.json_response(data=data,
status=200,
dumps=prettify if pretty else dumps)
async def get_rules_files(request,
pretty=False,
wait_for_complete=False,
offset=0,
limit=None,
sort=None,
search=None,
status=None,
filename=None,
relative_dirname=None):
"""Get all files which defines rules
:param pretty: Show results in human-readable format
:param wait_for_complete: Disable timeout response
:param offset: First element to return in the collection
:param limit: Maximum number of elements to return
:param sort: Sorts the collection by a field or fields (separated by comma). Use +/- at the beginning to list in
ascending or descending order.
:param search: Looks for elements with the specified string
:param status: Filters by rules status.
:param filename: List of filenames to filter by..
:param relative_dirname: Filters by relative dirname.
:return: Data object
"""
f_kwargs = {
'offset':
offset,
'limit':
limit,
'sort_by':
parse_api_param(sort, 'sort')['fields']
if sort is not None else ['filename'],
'sort_ascending':
True if sort is None or parse_api_param(sort, 'sort')['order'] == 'asc'
else False,
'search_text':
parse_api_param(search, 'search')['value']
if search is not None else None,
'complementary_search':
parse_api_param(search, 'search')['negation']
if search is not None else None,
'status':
status,
'filename':
filename,
'relative_dirname':
relative_dirname
}
dapi = DistributedAPI(
f=rule_framework.get_rules_files,
f_kwargs=remove_nones_to_dict(f_kwargs),
request_type='local_any',
is_async=False,
wait_for_complete=wait_for_complete,
logger=logger,
rbac_permissions=request['token_info']['rbac_policies'])
data = raise_if_exc(await dapi.distribute_function())
return web.json_response(data=data,
status=200,
dumps=prettify if pretty else dumps)
async def get_cis_cat_results(request,
pretty=False,
wait_for_complete=False,
agents_list='*',
offset=0,
limit=None,
select=None,
sort=None,
search=None,
benchmark=None,
profile=None,
fail=None,
error=None,
notchecked=None,
unknown=None,
score=None):
""" Get ciscat results info from all agents or a list of them.
:param pretty: Show results in human-readable format
:param wait_for_complete: Disable timeout response
:param agents_list: List of agent's IDs.
:param offset: First element to return in the collection
:param limit: Maximum number of elements to return
:param select: Select which fields to return (separated by comma)
:param sort: Sorts the collection by a field or fields (separated by comma). Use +/- at the beginning to list in
ascending or descending order.
:param search: Looks for elements with the specified string
:param benchmark: Filters by benchmark
:param profile: Filters by evaluated profile
:param fail: Filters by failed checks
:param error: Filters by encountered errors
:param notchecked: Filters by not checked
:param unknown: Filters by unknown results.
:param score: Filters by final score
:return: AllItemsResponseCiscatResult
"""
f_kwargs = {
'agent_list': agents_list,
'offset': offset,
'limit': limit,
'select': select,
'sort': parse_api_param(sort, 'sort'),
'search': parse_api_param(search, 'search'),
'filters': {
'benchmark': benchmark,
'profile': profile,
'fail': fail,
'error': error,
'notchecked': notchecked,
'unknown': unknown,
'score': score,
'pass': request.query.get('pass', None)
}
}
dapi = DistributedAPI(
f=ciscat.get_ciscat_results,
f_kwargs=remove_nones_to_dict(f_kwargs),
request_type='distributed_master',
is_async=False,
wait_for_complete=wait_for_complete,
logger=logger,
broadcasting=agents_list == '*',
rbac_permissions=request['token_info']['rbac_policies'])
data = raise_if_exc(await dapi.distribute_function())
return web.json_response(data=data,
status=200,
dumps=prettify if pretty else dumps)
async def get_syscheck_agent(request,
agent_id,
pretty=False,
wait_for_complete=False,
offset=0,
limit=None,
select=None,
sort=None,
search=None,
distinct=False,
summary=False,
md5=None,
sha1=None,
sha256=None,
q=None):
"""
:param agent_id: Agent ID
:type agent_id: str
:param pretty: Show results in human-readable format
:type pretty: bool
:param wait_for_complete: Disable timeout response
:type wait_for_complete: bool
:param offset: First element to return in the collection
:type offset: int
:param limit: Maximum number of elements to return
:type limit: int
:param select: Select which fields to return (separated by comma)
:type select: List[str]
:param sort: Sorts the collection by a field or fields (separated by comma). Use +/- at the beginning to list in ascending or descending order.
:type sort: str
:param search: Looks for elements with the specified string
:type search: str
:param summary: Returns a summary grouping by filename.
:type summary: bool
:param md5: Filters files with the specified MD5 checksum.
:type md5: str
:param sha1: Filters files with the specified SHA1 checksum.
:type sha1: str
:param sha256: Filters files with the specified SHA256 checksum.
:type sha256: str
:param distinct: Look for distinct values.
:type distinct: bool
:param q: Query to filter results by.
:type q: str
"""
# get type parameter from query
type_ = request.query.get('type', None)
# get hash parameter from query
hash_ = request.query.get('hash', None)
# get file parameter from query
file_ = request.query.get('file', None)
filters = {
'type': type_,
'md5': md5,
'sha1': sha1,
'sha256': sha256,
'hash': hash_,
'file': file_
}
f_kwargs = {
'agent_list': [agent_id],
'offset': offset,
'limit': limit,
'select': select,
'sort': parse_api_param(sort, 'sort'),
'search': parse_api_param(search, 'search'),
'summary': summary,
'filters': filters,
'distinct': distinct,
'q': q
}
dapi = DistributedAPI(
f=files,
f_kwargs=remove_nones_to_dict(f_kwargs),
request_type='distributed_master',
is_async=False,
wait_for_complete=wait_for_complete,
logger=logger,
rbac_permissions=request['token_info']['rbac_policies'])
data = raise_if_exc(await dapi.distribute_function())
return web.json_response(data=data,
status=200,
dumps=prettify if pretty else dumps)
