async def get_network_address_info(request, pretty=False, wait_for_complete=False, agents_list='*', offset=0, limit=None, select=None, sort=None, search=None, iface_name=None, proto=None, address=None, broadcast=None, netmask=None): """ Get the IPv4 and IPv6 addresses associated to all network interfaces :param pretty: Show results in human-readable format :param wait_for_complete: Disable timeout response :param agents_list: List of agent's IDs. :param offset: First element to return in the collection :param limit: Maximum number of elements to return :param select: Select which fields to return (separated by comma) :param sort: Sorts the collection by a field or fields (separated by comma). Use +/- at the beginning to list in ascending or descending order. :param search: Looks for elements with the specified string :param iface_name: Filters by interface name :param proto: Filters by IP protocol :param address: IP address associated with the network interface :param broadcast: Filters by broadcast direction :param netmask: Filters by netmask :return: AllItemsResponseSyscollectorNetwork """ f_kwargs = { 'agent_list': agents_list, 'offset': offset, 'limit': limit, 'select': select, 'sort': parse_api_param(sort, 'sort'), 'search': parse_api_param(search, 'search'), 'filters': { 'iface_name': iface_name, 'proto': proto, 'address': address, 'broadcast': broadcast, 'netmask': netmask }, 'element_type': 'netaddr' } dapi = DistributedAPI( f=syscollector.get_item_agent, f_kwargs=remove_nones_to_dict(f_kwargs), request_type='distributed_master', is_async=False, wait_for_complete=wait_for_complete, logger=logger, broadcasting=agents_list == '*', rbac_permissions=request['token_info']['rbac_policies']) data = raise_if_exc(await dapi.distribute_function()) return web.json_response(data=data, status=200, dumps=prettify if pretty else dumps)
async def get_network_interface_info(request, pretty=False, wait_for_complete=False, agents_list='*', offset=0, limit=None, select=None, sort=None, search=None, adapter=None, state=None, mtu=None): """ Get all network interfaces from all agents or a list of them. :param pretty: Show results in human-readable format :param wait_for_complete: Disable timeout response :param agents_list: List of agent's IDs. :param offset: First element to return in the collection :param limit: Maximum number of elements to return :param select: Select which fields to return (separated by comma) :param sort: Sorts the collection by a field or fields (separated by comma). Use +/- at the beginning to list in ascending or descending order. :param search: Looks for elements with the specified string :param adapter: Filters by adapter :param state: Filters by state :param mtu: Filters by mtu :return: AllItemsResponseSyscollectorInterface """ filters = { 'adapter': adapter, 'type': request.query.get('type', None), 'state': state, 'mtu': mtu } # Add nested fields to kwargs filters nested = [ 'tx.packets', 'rx.packets', 'tx.bytes', 'rx.bytes', 'tx.errors', 'rx.errors', 'tx.dropped', 'rx.dropped' ] for field in nested: filters[field] = request.query.get(field, None) f_kwargs = { 'agent_list': agents_list, 'offset': offset, 'limit': limit, 'select': select, 'sort': parse_api_param(sort, 'sort'), 'search': parse_api_param(search, 'search'), 'filters': filters, 'element_type': 'netiface' } dapi = DistributedAPI( f=syscollector.get_item_agent, f_kwargs=remove_nones_to_dict(f_kwargs), request_type='distributed_master', is_async=False, wait_for_complete=wait_for_complete, logger=logger, broadcasting=agents_list == '*', rbac_permissions=request['token_info']['rbac_policies']) data = raise_if_exc(await dapi.distribute_function()) return web.json_response(data=data, status=200, dumps=prettify if pretty else dumps)
async def get_syscheck_agent(request, agent_id, pretty=False, wait_for_complete=False, offset=0, limit=None, select=None, sort=None, search=None, distinct=False, summary=False, md5=None, sha1=None, sha256=None, q=None, arch=None): """Get file integrity monitoring scan result from an agent. Parameters ---------- agent_id : str Agent ID. pretty : bool Show results in human-readable format. wait_for_complete : bool Disable timeout response. offset : int First element to return in the collection. limit : int Maximum number of elements to return. select : list[str] Select which fields to return (separated by comma). sort : str Sorts the collection by a field or fields (separated by comma). Use +/- at the beginning to list in ascending or descending order. search : str Looks for elements with the specified string. summary : bool Returns a summary grouping by filename. md5 : str Filters files with the specified MD5 checksum. sha1 : str Filters files with the specified SHA1 checksum. sha256 : str Filters files with the specified SHA256 checksum. distinct : bool Look for distinct values. q : str Query to filter results by. arch : str Specify whether the associated entry is 32 or 64 bits. Allowed values: '[x32]' and '[x64]'. Returns ------- result : json_response Json response with the API response. """ # get type parameter from query type_ = request.query.get('type', None) # get hash parameter from query hash_ = request.query.get('hash', None) # get file parameter from query file_ = request.query.get('file', None) filters = { 'type': type_, 'md5': md5, 'sha1': sha1, 'sha256': sha256, 'hash': hash_, 'file': file_, 'arch': arch, 'value.name': request.query.get('value.name', None), 'value.type': request.query.get('value.type', None) } f_kwargs = { 'agent_list': [agent_id], 'offset': offset, 'limit': limit, 'select': select, 'sort': parse_api_param(sort, 'sort'), 'search': parse_api_param(search, 'search'), 'summary': summary, 'filters': filters, 'distinct': distinct, 'q': q } dapi = DistributedAPI( f=files, f_kwargs=remove_nones_to_dict(f_kwargs), request_type='distributed_master', is_async=False, wait_for_complete=wait_for_complete, logger=logger, rbac_permissions=request['token_info']['rbac_policies']) data = raise_if_exc(await dapi.distribute_function()) return web.json_response(data=data, status=200, dumps=prettify if pretty else dumps)
async def get_agents_ciscat_results(request, agent_id: str, pretty: bool = False, wait_for_complete: bool = False, offset: int = 0, limit: int = None, select: List[str] = None, sort: str = None, search: str = None, benchmark: str = None, profile: str = None, fail: int = None, error: int = None, notchecked: int = None, unknown: int = None, score: int = None, q: str = None): """Get CIS-CAT results from an agent Returns the agent's ciscat results info. :param agent_id: Agent ID. All posible values since 000 onwards. :param pretty: Show results in human-readable format :param wait_for_complete: Disable timeout response :param offset: First element to return in the collection :param limit: Maximum number of elements to return :param select: Select which fields to return (separated by comma) :param sort: Sorts the collection by a field or fields (separated by comma). Use +/- at the beginning to list in ascending or descending order. :param search: Looks for elements with the specified string :param benchmark: Filters by benchmark type. :param profile: Filters by evaluated profile. :param fail: Filters by failed checks :param error: Filters by encountered errors :param notchecked: Filters by not checked :param unknown: Filters by unknown results. :param score: Filters by final score :param q: Query to filter results by. :return: Data """ f_kwargs = { 'agent_list': [agent_id], 'offset': offset, 'limit': limit, 'sort': parse_api_param(sort, 'sort'), 'search': parse_api_param(search, 'search'), 'select': select, 'filters': { 'benchmark': benchmark, 'profile': profile, 'pass': request.query.get('pass', None), 'fail': fail, 'error': error, 'notchecked': notchecked, 'unknown': unknown, 'score': score }, 'q': q } dapi = DistributedAPI( f=ciscat.get_ciscat_results, f_kwargs=remove_nones_to_dict(f_kwargs), request_type='distributed_master', is_async=False, wait_for_complete=wait_for_complete, logger=logger, rbac_permissions=request['token_info']['rbac_policies']) response = raise_if_exc(await dapi.distribute_function()) return web.json_response(data=response, status=200, dumps=prettify if pretty else dumps)
async def get_rootcheck_agent(request, pretty=False, wait_for_complete=False, agent_id=None, offset=0, limit=None, sort=None, search=None, select=None, q='', distinct=None, status='all', pci_dss=None, cis=None): """Return a list of events from the rootcheck database. Parameters ---------- pretty : bool Show results in human-readable format. wait_for_complete : bool Disable timeout response. agent_id : str ID of the agent's rootcheck info to retrieve. offset : int First element to return in the collection. limit : int Maximum number of elements to return. sort : str Sort the collection by a field or fields (separated by comma). Use +/- at the beginning to list in ascending or descending order. search : str Look for elements with the specified string. select : str Select which fields to return (separated by comma). q : str Query to filter results by. distinct : bool Look for distinct values. status : str Filter by scan status. pci_dss : str Filter by PCI requirement. cis : str Filter by CIS requirement. """ f_kwargs = { 'agent_list': [agent_id], 'offset': offset, 'limit': limit, 'sort': parse_api_param(sort, 'sort'), 'search': parse_api_param(search, 'search'), 'select': select, 'q': q, 'distinct': distinct, 'filters': { 'status': status, 'pci_dss': pci_dss, 'cis': cis }, } dapi = DistributedAPI( f=rootcheck.get_rootcheck_agent, f_kwargs=remove_nones_to_dict(f_kwargs), request_type='distributed_master', is_async=False, wait_for_complete=wait_for_complete, logger=logger, rbac_permissions=request['token_info']['rbac_policies']) data = raise_if_exc(await dapi.distribute_function()) return web.json_response(data=data, status=200, dumps=prettify if pretty else dumps)
async def get_agents(request, pretty=False, wait_for_complete=False, agents_list=None, offset=0, limit=database_limit, select=None, sort=None, search=None, status=None, q=None, older_than=None, manager=None, version=None, group=None, node_name=None, name=None, ip=None): """Get information about all agents or a list of them :param pretty: Show results in human-readable format :param wait_for_complete: Disable timeout response :param agents_list: List of agent's IDs. :param offset: First element to return in the collection :param limit: Maximum number of elements to return :param select: Select which fields to return (separated by comma) :param sort: Sorts the collection by a field or fields (separated by comma). Use +/- at the beginning to list in ascending or descending order. :param search: Looks for elements with the specified string :param status: Filters by agent status. Use commas to enter multiple statuses. :param q: Query to filter results by. For example q="status=active" :param older_than: Filters out disconnected agents for longer than specified. Time in seconds, ‘[n_days]d’, ‘[n_hours]h’, ‘[n_minutes]m’ or ‘[n_seconds]s’. For never_connected agents, uses the register date. :param manager: Filters by manager hostname to which agents are connected. :param version: Filters by agents version. :param group: Filters by group of agents. :param node_name: Filters by node name. :param name: Filters by agent name. :param ip: Filters by agent IP :return: AllItemsResponseAgents """ f_kwargs = { 'agent_list': agents_list, 'offset': offset, 'limit': limit, 'sort': parse_api_param(sort, 'sort'), 'search': parse_api_param(search, 'search'), 'select': select, 'filters': { 'status': status, 'older_than': older_than, 'manager': manager, 'version': version, 'group': group, 'node_name': node_name, 'name': name, 'ip': ip, 'registerIP': request.query.get('registerIP', None) }, 'q': q } # Add nested fields to kwargs filters nested = ['os.version', 'os.name', 'os.platform'] for field in nested: f_kwargs['filters'][field] = request.query.get(field, None) dapi = DistributedAPI( f=agent.get_agents, f_kwargs=remove_nones_to_dict(f_kwargs), request_type='local_master', is_async=False, wait_for_complete=wait_for_complete, logger=logger, rbac_permissions=request['token_info']['rbac_policies']) data = raise_if_exc(await dapi.distribute_function()) return web.json_response(data=data, status=200, dumps=prettify if pretty else dumps)
async def get_decoders(request, decoder_names: list = None, pretty: bool = False, wait_for_complete: bool = False, offset: int = 0, limit: int = None, select: list = None, sort: str = None, search: str = None, q: str = None, filename: str = None, relative_dirname: str = None, status: str = None): """Get all decoders Returns information about all decoders included in ossec.conf. This information include decoder's route, decoder's name, decoder's file among others :param decoder_names: Filters by decoder name. :param pretty: Show results in human-readable format :param wait_for_complete: Disable timeout response :param offset: First element to return in the collection :param limit: Maximum number of elements to return :param select: List of selected fields to return :param sort: Sorts the collection by a field or fields (separated by comma). Use +/- at the beginning to list in ascending or descending order. :param search: Looks for elements with the specified string :param q: Query to filter results by. For example q="status=active" :param filename: List of filenames to filter by. :param relative_dirname: Filters by relative dirname. :param status: Filters by list status. :return: Data object """ f_kwargs = { 'names': decoder_names, 'offset': offset, 'limit': limit, 'select': select, 'sort_by': parse_api_param(sort, 'sort')['fields'] if sort is not None else ['filename', 'position'], 'sort_ascending': True if sort is None or parse_api_param(sort, 'sort')['order'] == 'asc' else False, 'search_text': parse_api_param(search, 'search')['value'] if search is not None else None, 'complementary_search': parse_api_param(search, 'search')['negation'] if search is not None else None, 'q': q, 'filename': filename, 'status': status, 'relative_dirname': relative_dirname } dapi = DistributedAPI( f=decoder_framework.get_decoders, f_kwargs=remove_nones_to_dict(f_kwargs), request_type='local_any', is_async=False, wait_for_complete=wait_for_complete, logger=logger, rbac_permissions=request['token_info']['rbac_policies']) data = raise_if_exc(await dapi.distribute_function()) return web.json_response(data=data, status=200, dumps=prettify if pretty else dumps)
async def get_processes_info(request, pretty=False, wait_for_complete=False, agents_list='*', offset=0, limit=None, select=None, sort=None, search=None, pid=None, state=None, ppid=None, egroup=None, euser=None, fgroup=None, name=None, nlwp=None, pgrp=None, priority=None, rgroup=None, ruser=None, sgroup=None, suser=None): """ Get processes info from all agents or a list of them. :param pretty: Show results in human-readable format :param wait_for_complete: Disable timeout response :param agents_list: List of agent's IDs. :param offset: First element to return in the collection :param limit: Maximum number of elements to return :param select: Select which fields to return (separated by comma) :param sort: Sorts the collection by a field or fields (separated by comma). Use +/- at the beginning to list in ascending or descending order. :param search: Looks for elements with the specified string :param pid: Filters by process pid :param state: Filters by process state :param ppid: Filters by process parent pid :param egroup: Filters by process egroup :param euser Filters by process euser :param fgroup: Filters by process fgroup :param name: Filters by process name :param nlwp: Filters by process nlwp :param pgrp: Filters by process pgrp :param priority: Filters by process priority :param rgroup: Filters by process rgroup :param ruser: Filters by process ruser :param sgroup: Filters by process sgroup :param suser: Filters by process suser :return: AllItemsResponseSyscollectorProcesses """ f_kwargs = { 'agent_list': agents_list, 'offset': offset, 'limit': limit, 'select': select, 'sort': parse_api_param(sort, 'sort'), 'search': parse_api_param(search, 'search'), 'filters': { 'state': state, 'pid': pid, 'ppid': ppid, 'egroup': egroup, 'euser': euser, 'fgroup': fgroup, 'name': name, 'nlwp': nlwp, 'pgrp': pgrp, 'priority': priority, 'rgroup': rgroup, 'ruser': ruser, 'sgroup': sgroup, 'suser': suser }, 'element_type': 'processes' } dapi = DistributedAPI( f=syscollector.get_item_agent, f_kwargs=remove_nones_to_dict(f_kwargs), request_type='distributed_master', is_async=False, wait_for_complete=wait_for_complete, logger=logger, broadcasting=agents_list == '*', rbac_permissions=request['token_info']['rbac_policies']) data = raise_if_exc(await dapi.distribute_function()) return web.json_response(data=data, status=200, dumps=prettify if pretty else dumps)
async def get_policies(request, policy_ids: list = None, pretty: bool = False, wait_for_complete: bool = False, offset: int = 0, limit: int = None, search: str = None, sort: str = None): """Returns information from all system policies. Parameters ---------- request : connexion.request policy_ids : list, optional List of policies pretty : bool, optional Show results in human-readable format wait_for_complete : bool, optional Disable timeout response offset : int, optional First item to return limit : int, optional Maximum number of items to return search : str, optional Looks for elements with the specified string sort : str, optional Sorts the collection by a field or fields (separated by comma). Use +/- at the beginning to list in ascending or descending order Returns ------- Policies information """ f_kwargs = { 'policy_ids': policy_ids, 'offset': offset, 'limit': limit, 'sort_by': parse_api_param(sort, 'sort')['fields'] if sort is not None else ['id'], 'sort_ascending': True if sort is None or parse_api_param(sort, 'sort')['order'] == 'asc' else False, 'search_text': parse_api_param(search, 'search')['value'] if search is not None else None, 'complementary_search': parse_api_param(search, 'search')['negation'] if search is not None else None } dapi = DistributedAPI( f=security.get_policies, f_kwargs=remove_nones_to_dict(f_kwargs), request_type='local_master', is_async=False, wait_for_complete=wait_for_complete, logger=logger, rbac_permissions=request['token_info']['rbac_policies']) data = raise_if_exc(await dapi.distribute_function()) return web.json_response(data=data, status=200, dumps=prettify if pretty else dumps)
async def get_lists_files(request, pretty: bool = False, wait_for_complete: bool = False, offset: int = 0, limit: int = None, sort: str = None, search: str = None, filename: str = None, relative_dirname: str = None): """Get paths from all CDB lists. Parameters ---------- pretty : bool Show results in human-readable format. wait_for_complete : bool Disable timeout response. offset : int First element to return in the collection. limit : int Maximum number of elements to return. sort : str Sort the collection by a field or fields (separated by comma). Use +/- at the beginning to list in ascending or descending order. search : str Look for elements with the specified string. filename : str Filenames to filter by (separated by comma). relative_dirname : str Filter by relative dirname. Returns ------- web.json_response """ f_kwargs = { 'offset': offset, 'limit': limit, 'sort_by': parse_api_param(sort, 'sort')['fields'] if sort is not None else ['relative_dirname', 'filename'], 'sort_ascending': True if sort is None or parse_api_param(sort, 'sort')['order'] == 'asc' else False, 'search_text': parse_api_param(search, 'search')['value'] if search is not None else None, 'complementary_search': parse_api_param(search, 'search')['negation'] if search is not None else None, 'search_in_fields': ['filename', 'relative_dirname'], 'filename': filename, 'relative_dirname': relative_dirname, } dapi = DistributedAPI( f=cdb_list.get_path_lists, f_kwargs=remove_nones_to_dict(f_kwargs), request_type='local_master', is_async=False, wait_for_complete=wait_for_complete, logger=logger, rbac_permissions=request['token_info']['rbac_policies']) data = raise_if_exc(await dapi.distribute_function()) return web.json_response(data=data, status=200, dumps=prettify if pretty else dumps)
async def get_vulnerability_agent(request, pretty=False, wait_for_complete=False, agent_id=None, offset=0, limit=None, sort=None, search=None, select=None, q='', distinct=None, architecture=None, cve=None, name=None, version=None): """Get agents' vulnerabilities. Parameters ---------- pretty : bool Show results in human-readable format. wait_for_complete : bool Disable timeout response. agent_id : str ID of the agent to retrieve CVE info. offset : int First element to return in the collection. limit : int Maximum number of elements to return. sort : str Sort the collection by a field or fields (separated by comma). Use +/- at the beginning to list in ascending or descending order. search : str Look for elements with the specified string. select : list Fields to return. q : str Query to filter results by. distinct : bool Look for distinct values. architecture : str Filter by architecture. cve : str Filter by CVE ID. name : str Filter by package ID. version : str Filter by version. Returns ------- web.json_response """ f_kwargs = { 'agent_list': [agent_id], 'offset': offset, 'limit': limit, 'sort': parse_api_param(sort, 'sort'), 'search': parse_api_param(search, 'search'), 'select': select, 'q': q, 'distinct': distinct, 'filters': { 'architecture': architecture, 'cve': cve, 'name': name, 'version': version } } dapi = DistributedAPI( f=vulnerability.get_agent_cve, f_kwargs=remove_nones_to_dict(f_kwargs), request_type='distributed_master', is_async=False, wait_for_complete=wait_for_complete, logger=logger, rbac_permissions=request['token_info']['rbac_policies']) data = raise_if_exc(await dapi.distribute_function()) return web.json_response(data=data, status=200, dumps=prettify if pretty else dumps)
async def get_sca_checks(request, agent_id=None, pretty=False, wait_for_complete=False, policy_id=None, title=None, description=None, rationale=None, remediation=None, file=None, process=None, directory=None, registry=None, references=None, result=None, condition=None, offset=0, limit=database_limit, sort=None, search=None, q=None): """Get policy monitoring alerts for a given policy :param agent_id: Agent ID. All possible values since 000 onwards :param pretty: Show results in human-readable format :param wait_for_complete: Disable timeout response :param policy_id: Filters by policy id :param title: Filters by title :param description: Filters by policy description :param rationale: Filters by rationale :param remediation: Filters by remediation :param file: Filters by file :param process: Filters by process :param directory: Filters by directory :param registry: Filters by registry :param references: Filters by references :param result: Filters by result :param condition: Filters by condition :param offset:First element to return in the collection :param limit: Maximum number of elements to return :param sort: Sorts the collection by a field or fields (separated by comma). Use +/- at the beginning to list in ascending or descending order :param search: Looks for elements with the specified string :param q: Query to filter results by. This is specially useful to filter by total checks passed, failed or total score (fields pass, fail, score) """ filters = { 'title': title, 'description': description, 'rationale': rationale, 'remediation': remediation, 'file': file, 'process': process, 'directory': directory, 'registry': registry, 'references': references, 'result': result, 'condition': condition } f_kwargs = { 'policy_id': policy_id, 'agent_list': [agent_id], 'offset': offset, 'limit': limit, 'sort': parse_api_param(sort, 'sort'), 'search': parse_api_param(search, 'search'), 'q': q, 'filters': filters } dapi = DistributedAPI( f=sca.get_sca_checks, f_kwargs=remove_nones_to_dict(f_kwargs), request_type='distributed_master', is_async=False, wait_for_complete=wait_for_complete, logger=logger, rbac_permissions=request['token_info']['rbac_policies']) data = raise_if_exc(await dapi.distribute_function()) return web.json_response(data=data, status=200, dumps=prettify if pretty else dumps)
async def get_log(request, pretty=False, wait_for_complete=False, offset=0, limit=None, sort=None, search=None, tag=None, level=None, q=None): """Get manager's or local_node's last 2000 wazuh log entries. :param pretty: Show results in human-readable format :param wait_for_complete: Disable timeout response :param offset: First element to return in the collection :param limit: Maximum number of elements to return :param sort: Sorts the collection by a field or fields (separated by comma). Use +/- at the beginning to list in ascending or descending order. :param search: Looks for elements with the specified string :param tag: Filter by category/tag of log. :param level: Filters by log level. :param q: Query to filter results by. """ f_kwargs = { 'offset': offset, 'limit': limit, 'sort_by': parse_api_param(sort, 'sort')['fields'] if sort is not None else ['timestamp'], 'sort_ascending': False if sort is None or parse_api_param(sort, 'sort')['order'] == 'desc' else True, 'search_text': parse_api_param(search, 'search')['value'] if search is not None else None, 'complementary_search': parse_api_param(search, 'search')['negation'] if search is not None else None, 'tag': tag, 'level': level, 'q': q } dapi = DistributedAPI( f=manager.ossec_log, f_kwargs=remove_nones_to_dict(f_kwargs), request_type='local_any', is_async=False, wait_for_complete=wait_for_complete, logger=logger, rbac_permissions=request['token_info']['rbac_policies']) data = raise_if_exc(await dapi.distribute_function()) return web.json_response(data=data, status=200, dumps=prettify if pretty else dumps)
async def get_packages_info(request, pretty=False, wait_for_complete=False, agents_list='*', offset=0, limit=None, select=None, sort=None, search=None, vendor=None, name=None, architecture=None, version=None): """ Get packages info from all agents or a list of them. :param pretty: Show results in human-readable format :param wait_for_complete: Disable timeout response :param agents_list: List of agent's IDs. :param offset: First element to return in the collection :param limit: Maximum number of elements to return :param select: Select which fields to return (separated by comma) :param sort: Sorts the collection by a field or fields (separated by comma). Use +/- at the beginning to list in ascending or descending order. :param search: Looks for elements with the specified string :param vendor: Filters by vendor :param name: Filters by name :param architecture: Filters by architecture :param version: Filters by format :return: AllItemsResponseSyscollectorPackages """ f_kwargs = { 'agent_list': agents_list, 'offset': offset, 'limit': limit, 'select': select, 'sort': parse_api_param(sort, 'sort'), 'search': parse_api_param(search, 'search'), 'filters': { 'vendor': vendor, 'name': name, 'architecture': architecture, 'format': request.query.get('format', None), 'version': version }, 'element_type': 'packages' } dapi = DistributedAPI( f=syscollector.get_item_agent, f_kwargs=remove_nones_to_dict(f_kwargs), request_type='distributed_master', is_async=False, wait_for_complete=wait_for_complete, logger=logger, broadcasting=agents_list == '*', rbac_permissions=request['token_info']['rbac_policies']) data = raise_if_exc(await dapi.distribute_function()) return web.json_response(data=data, status=200, dumps=prettify if pretty else dumps)
async def get_rules(request, rule_ids=None, pretty=False, wait_for_complete=False, offset=0, select=None, limit=None, sort=None, search=None, q=None, status=None, group=None, level=None, filename=None, relative_dirname=None, pci_dss=None, gdpr=None, gpg13=None, hipaa=None, tsc=None, mitre=None): """Get information about all Wazuh rules. :param rule_ids: Filters by rule ID :param pretty: Show results in human-readable format :param wait_for_complete: Disable timeout response :param offset: First element to return in the collection :param select: List of selected fields to return :param limit: Maximum number of elements to return :param sort: Sorts the collection by a field or fields (separated by comma). Use +/- at the beginning to list in ascending or descending order. :param search: Looks for elements with the specified string :param q: Query to filter results by. For example q="status=active" :param status: Filters by rules status. :param group: Filters by rule group. :param level: Filters by rule level. Can be a single level (4) or an interval (2-4) :param filename: List of filenames to filter by. :param relative_dirname: Filters by relative dirname. :param pci_dss: Filters by PCI_DSS requirement name. :param gdpr: Filters by GDPR requirement. :param gpg13: Filters by GPG13 requirement. :param hipaa: Filters by HIPAA requirement. :param tsc: Filters by TSC requirement. :param mitre: Filters by mitre attack ID. :return: Data object """ f_kwargs = { 'rule_ids': rule_ids, 'offset': offset, 'limit': limit, 'select': select, 'sort_by': parse_api_param(sort, 'sort')['fields'] if sort is not None else ['id'], 'sort_ascending': True if sort is None or parse_api_param(sort, 'sort')['order'] == 'asc' else False, 'search_text': parse_api_param(search, 'search')['value'] if search is not None else None, 'complementary_search': parse_api_param(search, 'search')['negation'] if search is not None else None, 'q': q, 'status': status, 'group': group, 'level': level, 'filename': filename, 'relative_dirname': relative_dirname, 'pci_dss': pci_dss, 'gdpr': gdpr, 'gpg13': gpg13, 'hipaa': hipaa, 'nist_800_53': request.query.get('nist-800-53', None), 'tsc': tsc, 'mitre': mitre } dapi = DistributedAPI( f=rule_framework.get_rules, f_kwargs=remove_nones_to_dict(f_kwargs), request_type='local_any', is_async=False, wait_for_complete=wait_for_complete, logger=logger, rbac_permissions=request['token_info']['rbac_policies']) data = raise_if_exc(await dapi.distribute_function()) return web.json_response(data=data, status=200, dumps=prettify if pretty else dumps)
async def get_ports_info(request, pretty=False, wait_for_complete=False, agents_list='*', offset=0, limit=None, select=None, sort=None, search=None, pid=None, protocol=None, tx_queue=None, state=None, process=None): """ Get ports info from all agents or a list of them. :param pretty: Show results in human-readable format :param wait_for_complete: Disable timeout response :param agents_list: List of agent's IDs. :param offset: First element to return in the collection :param limit: Maximum number of elements to return :param select: Select which fields to return (separated by comma) :param sort: Sorts the collection by a field or fields (separated by comma). Use +/- at the beginning to list in ascending or descending order. :param search: Looks for elements with the specified string :param pid: Filters by pid :param protocol: Filters by protocol :param tx_queue: Filters by tx_queue :param state: Filters by state :param process: Filters by process :return: AllItemsResponseSyscollectorPorts """ filters = { 'pid': pid, 'protocol': protocol, 'tx_queue': tx_queue, 'state': state, 'process': process } # Add nested fields to kwargs filters nested = ['local.ip', 'local.port', 'remote.ip'] for field in nested: filters[field] = request.query.get(field, None) f_kwargs = { 'agent_list': agents_list, 'offset': offset, 'limit': limit, 'select': select, 'sort': parse_api_param(sort, 'sort'), 'search': parse_api_param(search, 'search'), 'filters': filters, 'element_type': 'ports' } dapi = DistributedAPI( f=syscollector.get_item_agent, f_kwargs=remove_nones_to_dict(f_kwargs), request_type='distributed_master', is_async=False, wait_for_complete=wait_for_complete, logger=logger, broadcasting=agents_list == '*', rbac_permissions=request['token_info']['rbac_policies']) data = raise_if_exc(await dapi.distribute_function()) return web.json_response(data=data, status=200, dumps=prettify if pretty else dumps)
async def get_rules_files(request, pretty=False, wait_for_complete=False, offset=0, limit=None, sort=None, search=None, status=None, filename=None, relative_dirname=None): """Get all files which defines rules :param pretty: Show results in human-readable format :param wait_for_complete: Disable timeout response :param offset: First element to return in the collection :param limit: Maximum number of elements to return :param sort: Sorts the collection by a field or fields (separated by comma). Use +/- at the beginning to list in ascending or descending order. :param search: Looks for elements with the specified string :param status: Filters by rules status. :param filename: List of filenames to filter by.. :param relative_dirname: Filters by relative dirname. :return: Data object """ f_kwargs = { 'offset': offset, 'limit': limit, 'sort_by': parse_api_param(sort, 'sort')['fields'] if sort is not None else ['filename'], 'sort_ascending': True if sort is None or parse_api_param(sort, 'sort')['order'] == 'asc' else False, 'search_text': parse_api_param(search, 'search')['value'] if search is not None else None, 'complementary_search': parse_api_param(search, 'search')['negation'] if search is not None else None, 'status': status, 'filename': filename, 'relative_dirname': relative_dirname } dapi = DistributedAPI( f=rule_framework.get_rules_files, f_kwargs=remove_nones_to_dict(f_kwargs), request_type='local_any', is_async=False, wait_for_complete=wait_for_complete, logger=logger, rbac_permissions=request['token_info']['rbac_policies']) data = raise_if_exc(await dapi.distribute_function()) return web.json_response(data=data, status=200, dumps=prettify if pretty else dumps)
async def get_cis_cat_results(request, pretty=False, wait_for_complete=False, agents_list='*', offset=0, limit=None, select=None, sort=None, search=None, benchmark=None, profile=None, fail=None, error=None, notchecked=None, unknown=None, score=None): """ Get ciscat results info from all agents or a list of them. :param pretty: Show results in human-readable format :param wait_for_complete: Disable timeout response :param agents_list: List of agent's IDs. :param offset: First element to return in the collection :param limit: Maximum number of elements to return :param select: Select which fields to return (separated by comma) :param sort: Sorts the collection by a field or fields (separated by comma). Use +/- at the beginning to list in ascending or descending order. :param search: Looks for elements with the specified string :param benchmark: Filters by benchmark :param profile: Filters by evaluated profile :param fail: Filters by failed checks :param error: Filters by encountered errors :param notchecked: Filters by not checked :param unknown: Filters by unknown results. :param score: Filters by final score :return: AllItemsResponseCiscatResult """ f_kwargs = { 'agent_list': agents_list, 'offset': offset, 'limit': limit, 'select': select, 'sort': parse_api_param(sort, 'sort'), 'search': parse_api_param(search, 'search'), 'filters': { 'benchmark': benchmark, 'profile': profile, 'fail': fail, 'error': error, 'notchecked': notchecked, 'unknown': unknown, 'score': score, 'pass': request.query.get('pass', None) } } dapi = DistributedAPI( f=ciscat.get_ciscat_results, f_kwargs=remove_nones_to_dict(f_kwargs), request_type='distributed_master', is_async=False, wait_for_complete=wait_for_complete, logger=logger, broadcasting=agents_list == '*', rbac_permissions=request['token_info']['rbac_policies']) data = raise_if_exc(await dapi.distribute_function()) return web.json_response(data=data, status=200, dumps=prettify if pretty else dumps)
async def get_syscheck_agent(request, agent_id, pretty=False, wait_for_complete=False, offset=0, limit=None, select=None, sort=None, search=None, distinct=False, summary=False, md5=None, sha1=None, sha256=None, q=None): """ :param agent_id: Agent ID :type agent_id: str :param pretty: Show results in human-readable format :type pretty: bool :param wait_for_complete: Disable timeout response :type wait_for_complete: bool :param offset: First element to return in the collection :type offset: int :param limit: Maximum number of elements to return :type limit: int :param select: Select which fields to return (separated by comma) :type select: List[str] :param sort: Sorts the collection by a field or fields (separated by comma). Use +/- at the beginning to list in ascending or descending order. :type sort: str :param search: Looks for elements with the specified string :type search: str :param summary: Returns a summary grouping by filename. :type summary: bool :param md5: Filters files with the specified MD5 checksum. :type md5: str :param sha1: Filters files with the specified SHA1 checksum. :type sha1: str :param sha256: Filters files with the specified SHA256 checksum. :type sha256: str :param distinct: Look for distinct values. :type distinct: bool :param q: Query to filter results by. :type q: str """ # get type parameter from query type_ = request.query.get('type', None) # get hash parameter from query hash_ = request.query.get('hash', None) # get file parameter from query file_ = request.query.get('file', None) filters = { 'type': type_, 'md5': md5, 'sha1': sha1, 'sha256': sha256, 'hash': hash_, 'file': file_ } f_kwargs = { 'agent_list': [agent_id], 'offset': offset, 'limit': limit, 'select': select, 'sort': parse_api_param(sort, 'sort'), 'search': parse_api_param(search, 'search'), 'summary': summary, 'filters': filters, 'distinct': distinct, 'q': q } dapi = DistributedAPI( f=files, f_kwargs=remove_nones_to_dict(f_kwargs), request_type='distributed_master', is_async=False, wait_for_complete=wait_for_complete, logger=logger, rbac_permissions=request['token_info']['rbac_policies']) data = raise_if_exc(await dapi.distribute_function()) return web.json_response(data=data, status=200, dumps=prettify if pretty else dumps)