def load_decoders_from_file(decoder_file, decoder_path, decoder_status):
try:
decoders = list()
position = 0
root = load_wazuh_xml(os.path.join(common.wazuh_path, decoder_path, decoder_file))
for xml_decoder in list(root):
# New decoder
if xml_decoder.tag.lower() == "decoder":
decoder = {'filename': decoder_file, 'relative_dirname': decoder_path, 'status': decoder_status,
'name': xml_decoder.attrib['name'], 'position': position, 'details': dict()}
position += 1
for k in xml_decoder.attrib:
if k != 'name':
decoder['details'][k] = xml_decoder.attrib[k]
for xml_decoder_tags in list(xml_decoder):
tag = xml_decoder_tags.tag.lower()
value = xml_decoder_tags.text
attribs = xml_decoder_tags.attrib
if tag in DYNAMIC_OPTIONS:
add_dynamic_detail(tag, value, attribs, decoder['details'])
else:
decoder['details'][tag] = value
decoders.append(decoder)
except OSError:
raise WazuhError(1502, extra_message=os.path.join('WAZUH_HOME', decoder_path, decoder_file))
except Exception:
raise WazuhInternalError(1501, extra_message=os.path.join('WAZUH_HOME', decoder_path, decoder_file))
return decoders
def load_rules_from_file(rule_filename, rule_relative_path, rule_status):
try:
rules = list()
root = load_wazuh_xml(
os.path.join(common.wazuh_path, rule_relative_path, rule_filename))
for xml_group in list(root):
if xml_group.tag.lower() == "group":
general_groups = xml_group.attrib['name'].split(',')
for xml_rule in list(xml_group):
# New rule
if xml_rule.tag.lower() == "rule":
groups = list()
rule = {
'filename': rule_filename,
'relative_dirname': rule_relative_path,
'id': int(xml_rule.attrib['id']),
'level': int(xml_rule.attrib['level']),
'status': rule_status,
'details': dict(),
'pci_dss': list(),
'gpg13': list(),
'gdpr': list(),
'hipaa': list(),
'nist_800_53': list(),
'tsc': list(),
'mitre': list(),
'groups': list(),
'description': ''
}
for k in xml_rule.attrib:
if k != 'id' and k != 'level':
rule['details'][k] = xml_rule.attrib[k]
for xml_rule_tags in list(xml_rule):
tag = xml_rule_tags.tag.lower()
value = xml_rule_tags.text
attribs = xml_rule_tags.attrib
if value is None:
value = ''
if tag == "group":
groups.extend(value.split(","))
elif tag == "mitre":
for mitre_id in list(xml_rule_tags):
groups.append(f'mitre_{mitre_id.text}')
elif tag == "description":
rule['description'] += value
elif tag in ("list", "info"):
list_detail = {'name': value}
for attrib, attrib_value in attribs.items():
list_detail[attrib] = attrib_value
add_detail(tag, list_detail, rule['details'])
# show rule variables
elif tag in DYNAMIC_OPTIONS:
if value != '' and value[0] == '$':
for variable in filter(
lambda x: x.get('name') == value[1:
],
root.findall('var')):
value = variable.text
if tag == 'field':
tag = xml_rule_tags.attrib.pop('name')
add_dynamic_detail(tag, value, attribs,
rule['details'])
else:
add_detail(tag, value, rule['details'])
# Set groups
set_groups(groups=groups,
general_groups=general_groups,
rule=rule)
rules.append(rule)
except OSError as e:
if e.errno == 2:
raise WazuhError(1201)
elif e.errno == 13:
raise WazuhError(1207)
else:
raise e
return rules