def _add_search_to_query(self):
# since id are stored in database as integers, id searches must be turned into integers to work as expected.
if self.search:
del self.fields['id']
WazuhDBQuery._add_search_to_query(self)
self.fields['id'] = 'id'
self.query = self.query[:-1] + ' OR id LIKE :search_id)'
self.request['search_id'] = int(self.search['value']) if self.search['value'].isdigit() \
else re.sub(f"[{self.special_characters}]", '_', self.search['value'])
def __init__(self, agent_id, offset=0, limit=common.database_limit, sort=None, search=None, select=None, query='',
count=True, get_data=True, distinct=False, default_sort_field='name', filters=None, fields=fields):
if filters is None:
filters = {}
# Check if the agent exists
Agent(agent_id).get_basic_information()
backend = WazuhDBBackend(agent_id)
WazuhDBQuery.__init__(self, offset=offset, limit=limit, table='vuln_cves', sort=sort, search=search,
select=select, fields=fields, default_sort_field=default_sort_field,
default_sort_order='ASC', filters=filters, query=query, backend=backend,
min_select_fields=set(), count=count, get_data=get_data, distinct=distinct)
def __init__(self, agent_id, offset, limit, sort, search, select, query, count,
get_data, default_sort_field='policy_id', filters=None, fields=fields_translation_sca,
default_query=default_query_sca, count_field='policy_id'):
self.agent_id = agent_id
self.default_query = default_query
self.count_field = count_field
Agent(agent_id).get_basic_information() # check if the agent exists
filters = {} if filters is None else filters
WazuhDBQuery.__init__(self, offset=offset, limit=limit, table='sca_policy', sort=sort,
search=search, select=select, fields=fields, default_sort_field=default_sort_field,
default_sort_order='DESC', filters=filters, query=query, count=count, get_data=get_data,
date_fields={'end_scan', 'start_scan'}, backend=WazuhDBBackend(agent_id))
def __init__(self, agent_id, offset, limit, sort, search, select, query, count, get_data, distinct,
default_sort_field='date_last', filters=None, fields=fields):
if filters is None:
filters = {}
# Check if the agent exists
Agent(agent_id).get_basic_information()
backend = WazuhDBBackend(agent_id)
WazuhDBQuery.__init__(self, offset=offset, limit=limit, table='pm_event', sort=sort, search=search,
select=select, fields=fields, default_sort_field=default_sort_field,
default_sort_order='DESC', filters=filters, query=query, backend=backend,
min_select_fields=set(), count=count, get_data=get_data, distinct=distinct,
date_fields={'date_first', 'date_last'})
def __init__(self, offset: int = 0, limit: int = common.database_limit, query: str = '', count: bool = True,
get_data: bool = True, table: str = 'tasks', sort: dict = None, default_sort_field: str = 'task_id',
fields=None, search: dict = None, select: dict = None, min_select_fields=None, filters=None):
"""Create an instance of WazuhDBQueryTasks query."""
if filters is None:
filters = {}
if min_select_fields is None:
min_select_fields = {'task_id', 'agent_id', 'status', 'command', 'create_time'}
if fields is None:
fields = tasks_fields
WazuhDBQuery.__init__(self, offset=offset, limit=limit, table=table, sort=sort, search=search, select=select,
fields=fields, default_sort_field=default_sort_field, default_sort_order='ASC',
filters=filters, query=query, count=count, get_data=get_data,
min_select_fields=min_select_fields, backend=WazuhDBBackend(query_format='task'))
def _format_data_into_dictionary(self):
# Add <field>: 'unknown' when filter field is not within the response.
for result in self._data:
for field in self.filter_fields['fields']:
if field not in result.keys():
result[field] = 'unknown'
fields_to_nest, non_nested = get_fields_to_nest(
self.fields.keys(), ['os'], '.')
# compute 'status' field, format id with zero padding and remove non-user-requested fields.
# Also remove, extra fields (internal key and registration IP)
selected_fields = self.select - self.extra_fields if self.remove_extra_fields else self.select
aux = list()
for item in self._data:
aux_dict = dict()
for key, value in item.items():
if key in selected_fields:
aux_dict[key] = format_fields(key, value)
aux.append(aux_dict)
self._data = aux
self._data = [
plain_dict_to_nested_dict(d, fields_to_nest, non_nested, ['os'],
'.') for d in self._data
]
return WazuhDBQuery._format_data_into_dictionary(self)
def __init__(self, offset: int = 0, limit: Union[int, None] = common.database_limit, query: str = '',
count: bool = True, table: str = '', sort: dict = None, default_sort_field: str = 'id',
default_sort_order='ASC', fields=None, search: dict = None, select: list = None,
min_select_fields=None, filters=None, request_slice=500):
"""Create an instance of WazuhDBQueryMitre query."""
if filters is None:
filters = {}
WazuhDBQuery.__init__(self, offset=offset, limit=limit, table=table, sort=sort, search=search, select=select,
fields=fields, default_sort_field=default_sort_field,
default_sort_order=default_sort_order, filters=filters, query=query, count=count,
get_data=True, min_select_fields=min_select_fields,
date_fields={'created_time', 'modified_time'},
backend=WazuhDBBackend(query_format='mitre', request_slice=request_slice))
self.relation_fields = set() # This variable contains valid fields not included in the database (relations)
def __init__(self,
offset=0,
limit=common.database_limit,
sort=None,
search=None,
select=None,
count=True,
get_data=True,
query='',
filters=None,
default_sort_field='id',
min_select_fields=None,
remove_extra_fields=True,
distinct=False,
rbac_negate=True):
if filters is None:
filters = {}
if min_select_fields is None:
min_select_fields = {'id'}
backend = WazuhDBBackend(query_format='global')
WazuhDBQuery.__init__(self,
offset=offset,
limit=limit,
table='agent',
sort=sort,
search=search,
select=select,
filters=filters,
fields=Agent.fields,
default_sort_field=default_sort_field,
default_sort_order='ASC',
query=query,
backend=backend,
min_select_fields=min_select_fields,
count=count,
get_data=get_data,
date_fields={'lastKeepAlive', 'dateAdd'},
extra_fields={'internal_key'},
distinct=distinct,
rbac_negate=rbac_negate)
self.remove_extra_fields = remove_extra_fields
def _process_filter(self, field_name, field_filter, q_filter):
if field_name == 'group' and q_filter['value'] is not None:
valid_group_operators = {'=', '!=', '~'}
if q_filter['operator'] == '=':
self.query += f"(',' || {self.fields[field_name]} || ',') LIKE :{field_filter}"
self.request[field_filter] = f"%,{q_filter['value']},%"
elif q_filter['operator'] == '!=':
self.query += f"NOT (',' || {self.fields[field_name]} || ',') LIKE :{field_filter}"
self.request[field_filter] = f"%,{q_filter['value']},%"
elif q_filter['operator'] == 'LIKE':
self.query += f"{self.fields[field_name]} LIKE :{field_filter}"
self.request[field_filter] = f"%{q_filter['value']}%"
else:
raise WazuhError(
1409,
f"Valid operators for 'group' field: {', '.join(valid_group_operators)}. "
f"Used operator: {q_filter['operator']}")
else:
WazuhDBQuery._process_filter(self, field_name, field_filter,
q_filter)
def __init__(self,
offset=0,
limit=common.database_limit,
sort=None,
search=None,
select=None,
get_data=True,
query='',
filters=None,
count=True,
default_sort_field='name',
min_select_fields=None,
remove_extra_fields=True,
rbac_negate=True):
if filters is None:
filters = {}
if min_select_fields is None:
min_select_fields = {'name'}
backend = WazuhDBBackend(query_format='global')
WazuhDBQuery.__init__(self,
offset=offset,
limit=limit,
table='`group`',
sort=sort,
search=search,
select=select,
filters=filters,
fields={'name': 'name'},
default_sort_field=default_sort_field,
default_sort_order='ASC',
query=query,
backend=backend,
min_select_fields=min_select_fields,
count=count,
get_data=get_data,
rbac_negate=rbac_negate)
self.remove_extra_fields = remove_extra_fields
def __init__(self,
offset: int = 0,
limit: int = 10,
query: str = '',
count: bool = True,
get_data: bool = True,
table: str = 'attack',
sort: dict = None,
default_sort_field: str = 'id',
fields=None,
search: dict = None,
select: dict = None,
min_select_fields=None):
"""Create an instance of WazuhDBQueryMitre query."""
if min_select_fields is None:
min_select_fields = {'id'}
if fields is None:
fields = mitre_fields
WazuhDBQuery.__init__(self,
offset=offset,
limit=limit,
table=table,
sort=sort,
search=search,
select=select,
fields=fields,
default_sort_field=default_sort_field,
default_sort_order='ASC',
filters=None,
query=query,
count=count,
get_data=get_data,
min_select_fields=min_select_fields,
backend=WazuhDBBackend(query_format='mitre'))
def _sort_query(self, field):
if field == 'os.version':
# Order by os major version and os minor version
return "CAST(os_major AS INTEGER) {0}, CAST(os_minor AS INTEGER) {0}".format(
self.sort['order'])
return WazuhDBQuery._sort_query(self, field)
def _filter_date(self, date_filter, filter_db_name):
WazuhDBQuery._filter_date(self, date_filter, filter_db_name)
self.query += ' AND id != 0'