wazuh/wazuh-indexer-plugins
1
0
Fork 0
mirror of https://github.com/wazuh/wazuh-indexer-plugins.git synced 2025-12-10 14:32:28 -06:00
Code Issues Packages Projects Releases Wiki Activity

Replace time-series indices with data streams (#652)

Browse Source 
* Use v2 index templates

* Replace stateless indices with data streams

Replace legacy index template with v2 index templates

* Clean-up and document code

* Update 5_builderpackage_plugins_onpush.yml

Signed-off-by: Álex Ruiz Becerra <alejandro.ruiz.becerra@wazuh.com>

* Downgrade jackson to 2.18.2 to match OpenSearch's version

* Adapt tests

* Divide testClusters into two separates one to fix the test and allow the run

* Format files

* Fix index patterns and data streams creation

---------

Signed-off-by: Álex Ruiz Becerra <alejandro.ruiz.becerra@wazuh.com>
Co-authored-by: Jorge Sanchez <jorge.sanchez@wazuh.com>
This commit is contained in:
Álex Ruiz Becerra 2025-11-14 11:58:26 +01:00 committed by GitHub
parent daa70b6e0b
commit b8879394b8
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
71 changed files with 122542 additions and 122314 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
CHANGELOG.md
View File

@ -55,6 +55,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
- Restructuring of the repository tooling [(#625)](https://github.com/wazuh/wazuh-indexer-plugins/pull/625) - Restructuring of the repository tooling [(#625)](https://github.com/wazuh/wazuh-indexer-plugins/pull/625)
- Fix mdbook to version 0.4.x [(#627)](https://github.com/wazuh/wazuh-indexer-plugins/pull/627) - Fix mdbook to version 0.4.x [(#627)](https://github.com/wazuh/wazuh-indexer-plugins/pull/627)
- Adapt WCS generation script to save the ECS flat of stateless module [(#646)](https://github.com/wazuh/wazuh-indexer-plugins/pull/646) - Adapt WCS generation script to save the ECS flat of stateless module [(#646)](https://github.com/wazuh/wazuh-indexer-plugins/pull/646)
- Replace time-series indices with data streams [(#562)](https://github.com/wazuh/wazuh-indexer-plugins/pull/562)
### Deprecated ### Deprecated
- -

6
docs/ref/modules/setup/index.md
View File

@ -3,9 +3,9 @@
The `wazuh-indexer-setup` plugin is a module composing the Wazuh Indexer responsible for the initialization of the indices required by Wazuh to store all the data gathered and generated by other Central Components, such as the agents and the server (engine). The `wazuh-indexer-setup` plugin is a module composing the Wazuh Indexer responsible for the initialization of the indices required by Wazuh to store all the data gathered and generated by other Central Components, such as the agents and the server (engine).
The Wazuh Indexer Setup Plugin in responsible for: The Wazuh Indexer Setup Plugin in responsible for:
- Create the index templates, to define the mappings and settings of the indices. - Create the index templates, to define the mappings and settings for the indices.
- Create the initial indices. We distinguish between **stateful** and **stateless** indices. Stateful indices are unique, and its data is update over time (agents' inventory), stateless indices are rotated and static (alerts). - Create the initial indices. We distinguish between **stateful** and **stream** indices. While stream indices contain immutable time-series data and are rolled over periodically, stateful indices store dynamic data that can change over time and reside in a single index.
- For stateless indices, it creates the indices aliases and lifecycle policies for rollover. - Stream indices are created with a data stream configuration and an ISM rollover policy.
## Indices ## Indices

4
ecs/generator/generate_schema.sh
View File

@ -53,12 +53,10 @@ function detect_modified_modules() {
modified_files=$(git diff --name-only origin/"$BASE_BRANCH") modified_files=$(git diff --name-only origin/"$BASE_BRANCH")
for file in $modified_files; do for file in $modified_files; do
if [[ $file == ecs/state* && ( $file == *.yml || $file == *.json ) ]]; then if [[ $file == ecs/state* && ( $file == *.yml || $file == *.json ) ]]; then
matched=false
# Try to match the file to one of the known module keys for exact detection # Try to match the file to one of the known module keys for exact detection
for key in "${!module_to_file[@]}"; do for key in "${!module_to_file[@]}"; do
if [[ $file == ecs/$key/* || $file == ecs/$key ]]; then if [[ $file == ecs/$key/* || $file == ecs/$key ]]; then
ecs_module="$key" ecs_module="$key"
matched=true
break break
fi fi
done done
@ -157,7 +155,7 @@ function copy_files() {
echo "---> Index templates" echo "---> Index templates"
local destination_file local destination_file
local resources_path="plugins/setup/src/main/resources" local resources_path="plugins/setup/src/main/resources"
local mappings_path="mappings/${ECS_VERSION}/generated/elasticsearch/legacy/template.json" local mappings_path="mappings/${ECS_VERSION}/generated/elasticsearch/legacy/opensearch-template.json"
for ecs_module in "${modules_to_update[@]}"; do for ecs_module in "${modules_to_update[@]}"; do
# Copying index templates to the initialization plugin resources folder # Copying index templates to the initialization plugin resources folder
destination_file=${module_to_file[$ecs_module]} destination_file=${module_to_file[$ecs_module]}

30
ecs/generator/images/generator.sh
View File

@ -74,14 +74,28 @@ generate_mappings() {
fi fi
# Transform legacy index template for OpenSearch compatibility # Transform legacy index template for OpenSearch compatibility
jq '{ if [[ "$ecs_module" =~ "stateless/" ]]; then
"index_patterns": .index_patterns, # Transform time-series templates to use data streams
"priority": .order, jq '{
"template": { "index_patterns": .index_patterns,
"settings": .settings, "priority": .order,
"mappings": .mappings "data_stream": {},
} "template": {
}' "$in_file" >"$out_dir/generated/elasticsearch/legacy/opensearch-template.json" "settings": .settings,
"mappings": .mappings
}
}' "$in_file" >"$out_dir/generated/elasticsearch/legacy/opensearch-template.json"
else
# Stateful templates remain unchanged except for the formatting
jq '{
"index_patterns": .index_patterns,
"priority": .order,
"template": {
"settings": .settings,
"mappings": .mappings
}
}' "$in_file" >"$out_dir/generated/elasticsearch/legacy/opensearch-template.json"
fi
echo "Mappings saved to $out_dir" echo "Mappings saved to $out_dir"
} }

2
ecs/stateless/access-management/fields/template-settings-legacy.json
View File

@ -1,6 +1,6 @@
{ {
"index_patterns": [ "index_patterns": [
"wazuh-events-v5-access-management-*" "wazuh-events-v5-access-management*"
], ],
"order": 1, "order": 1,
"settings": { "settings": {

3
ecs/stateless/access-management/fields/template-settings.json
View File

@ -1,8 +1,9 @@
{ {
"index_patterns": [ "index_patterns": [
"wazuh-events-v5-access-management-*" "wazuh-events-v5-access-management*"
], ],
"priority": 1, "priority": 1,
"data_stream": {},
"template": { "template": {
"settings": { "settings": {
"plugins.index_state_management.rollover_alias": "wazuh-events-v5-access-management", "plugins.index_state_management.rollover_alias": "wazuh-events-v5-access-management",

2
ecs/stateless/applications/fields/template-settings-legacy.json
View File

@ -1,6 +1,6 @@
{ {
"index_patterns": [ "index_patterns": [
"wazuh-events-v5-applications-*" "wazuh-events-v5-applications*"
], ],
"order": 1, "order": 1,
"settings": { "settings": {

3
ecs/stateless/applications/fields/template-settings.json
View File

@ -1,8 +1,9 @@
{ {
"index_patterns": [ "index_patterns": [
"wazuh-events-v5-applications-*" "wazuh-events-v5-applications*"
], ],
"priority": 1, "priority": 1,
"data_stream": {},
"template": { "template": {
"settings": { "settings": {
"plugins.index_state_management.rollover_alias": "wazuh-events-v5-applications", "plugins.index_state_management.rollover_alias": "wazuh-events-v5-applications",

2
ecs/stateless/cloud-services/aws/fields/template-settings-legacy.json
View File

@ -1,6 +1,6 @@
{ {
"index_patterns": [ "index_patterns": [
"wazuh-events-v5-cloud-services-aws-*" "wazuh-events-v5-cloud-services-aws*"
], ],
"order": 10, "order": 10,
"settings": { "settings": {

3
ecs/stateless/cloud-services/aws/fields/template-settings.json
View File

@ -1,8 +1,9 @@
{ {
"index_patterns": [ "index_patterns": [
"wazuh-events-v5-cloud-services-aws-*" "wazuh-events-v5-cloud-services-aws*"
], ],
"priority": 10, "priority": 10,
"data_stream": {},
"template": { "template": {
"settings": { "settings": {
"plugins.index_state_management.rollover_alias": "wazuh-events-v5-cloud-services-aws", "plugins.index_state_management.rollover_alias": "wazuh-events-v5-cloud-services-aws",

2
ecs/stateless/cloud-services/azure/fields/template-settings-legacy.json
View File

@ -1,6 +1,6 @@
{ {
"index_patterns": [ "index_patterns": [
"wazuh-events-v5-cloud-services-azure-*" "wazuh-events-v5-cloud-services-azure*"
], ],
"order": 10, "order": 10,
"settings": { "settings": {

3
ecs/stateless/cloud-services/azure/fields/template-settings.json
View File

@ -1,8 +1,9 @@
{ {
"index_patterns": [ "index_patterns": [
"wazuh-events-v5-cloud-services-azure-*" "wazuh-events-v5-cloud-services-azure*"
], ],
"priority": 10, "priority": 10,
"data_stream": {},
"template": { "template": {
"settings": { "settings": {
"plugins.index_state_management.rollover_alias": "wazuh-events-v5-cloud-services-azure", "plugins.index_state_management.rollover_alias": "wazuh-events-v5-cloud-services-azure",

2
ecs/stateless/cloud-services/gcp/fields/template-settings-legacy.json
View File

@ -1,6 +1,6 @@
{ {
"index_patterns": [ "index_patterns": [
"wazuh-events-v5-cloud-services-gcp-*" "wazuh-events-v5-cloud-services-gcp*"
], ],
"order": 10, "order": 10,
"settings": { "settings": {

3
ecs/stateless/cloud-services/gcp/fields/template-settings.json
View File

@ -1,8 +1,9 @@
{ {
"index_patterns": [ "index_patterns": [
"wazuh-events-v5-cloud-services-gcp-*" "wazuh-events-v5-cloud-services-gcp*"
], ],
"priority": 10, "priority": 10,
"data_stream": {},
"template": { "template": {
"settings": { "settings": {
"plugins.index_state_management.rollover_alias": "wazuh-events-v5-cloud-services-gcp", "plugins.index_state_management.rollover_alias": "wazuh-events-v5-cloud-services-gcp",

2
ecs/stateless/cloud-services/main/fields/template-settings-legacy.json
View File

@ -1,6 +1,6 @@
{ {
"index_patterns": [ "index_patterns": [
"wazuh-events-v5-cloud-services-*" "wazuh-events-v5-cloud-services*"
], ],
"order": 1, "order": 1,
"settings": { "settings": {

3
ecs/stateless/cloud-services/main/fields/template-settings.json
View File

@ -1,8 +1,9 @@
{ {
"index_patterns": [ "index_patterns": [
"wazuh-events-v5-cloud-services-*" "wazuh-events-v5-cloud-services*"
], ],
"priority": 1, "priority": 1,
"data_stream": {},
"template": { "template": {
"settings": { "settings": {
"plugins.index_state_management.rollover_alias": "wazuh-events-v5-cloud-services", "plugins.index_state_management.rollover_alias": "wazuh-events-v5-cloud-services",

2
ecs/stateless/main/fields/template-settings-legacy.json
View File

@ -1,6 +1,6 @@
{ {
"index_patterns": [ "index_patterns": [
"wazuh-alerts-v5-*" "wazuh-alerts-v5*"
], ],
"order": 1, "order": 1,
"settings": { "settings": {

3
ecs/stateless/main/fields/template-settings.json
View File

@ -1,8 +1,9 @@
{ {
"index_patterns": [ "index_patterns": [
"wazuh-alerts-v5-*" "wazuh-alerts-v5*"
], ],
"priority": 1, "priority": 1,
"data_stream": {},
"template": { "template": {
"settings": { "settings": {
"plugins.index_state_management.rollover_alias": "wazuh-alerts-v5", "plugins.index_state_management.rollover_alias": "wazuh-alerts-v5",

2
ecs/stateless/network-activity/fields/template-settings-legacy.json
View File

@ -1,6 +1,6 @@
{ {
"index_patterns": [ "index_patterns": [
"wazuh-events-v5-network-activity-*" "wazuh-events-v5-network-activity*"
], ],
"order": 1, "order": 1,
"settings": { "settings": {

3
ecs/stateless/network-activity/fields/template-settings.json
View File

@ -1,8 +1,9 @@
{ {
"index_patterns": [ "index_patterns": [
"wazuh-events-v5-network-activity-*" "wazuh-events-v5-network-activity*"
], ],
"priority": 1, "priority": 1,
"data_stream": {},
"template": { "template": {
"settings": { "settings": {
"plugins.index_state_management.rollover_alias": "wazuh-events-v5-network-activity", "plugins.index_state_management.rollover_alias": "wazuh-events-v5-network-activity",

2
ecs/stateless/other/fields/template-settings-legacy.json
View File

@ -1,6 +1,6 @@
{ {
"index_patterns": [ "index_patterns": [
"wazuh-events-v5-other-*" "wazuh-events-v5-other*"
], ],
"order": 1, "order": 1,
"settings": { "settings": {

3
ecs/stateless/other/fields/template-settings.json
View File

@ -1,8 +1,9 @@
{ {
"index_patterns": [ "index_patterns": [
"wazuh-events-v5-other-*" "wazuh-events-v5-other*"
], ],
"priority": 1, "priority": 1,
"data_stream": {},
"template": { "template": {
"settings": { "settings": {
"plugins.index_state_management.rollover_alias": "wazuh-events-v5-other", "plugins.index_state_management.rollover_alias": "wazuh-events-v5-other",

2
ecs/stateless/security/fields/template-settings-legacy.json
View File

@ -1,6 +1,6 @@
{ {
"index_patterns": [ "index_patterns": [
"wazuh-events-v5-security-*" "wazuh-events-v5-security*"
], ],
"order": 1, "order": 1,
"settings": { "settings": {

3
ecs/stateless/security/fields/template-settings.json
View File

@ -1,8 +1,9 @@
{ {
"index_patterns": [ "index_patterns": [
"wazuh-events-v5-security-*" "wazuh-events-v5-security*"
], ],
"priority": 1, "priority": 1,
"data_stream": {},
"template": { "template": {
"settings": { "settings": {
"plugins.index_state_management.rollover_alias": "wazuh-events-v5-security", "plugins.index_state_management.rollover_alias": "wazuh-events-v5-security",

2
ecs/stateless/system-activity/fields/template-settings-legacy.json
View File

@ -1,6 +1,6 @@
{ {
"index_patterns": [ "index_patterns": [
"wazuh-events-v5-system-activity-*" "wazuh-events-v5-system-activity*"
], ],
"order": 1, "order": 1,
"settings": { "settings": {

3
ecs/stateless/system-activity/fields/template-settings.json
View File

@ -1,8 +1,9 @@
{ {
"index_patterns": [ "index_patterns": [
"wazuh-events-v5-system-activity-*" "wazuh-events-v5-system-activity*"
], ],
"priority": 1, "priority": 1,
"data_stream": {},
"template": { "template": {
"settings": { "settings": {
"plugins.index_state_management.rollover_alias": "wazuh-events-v5-system-activity", "plugins.index_state_management.rollover_alias": "wazuh-events-v5-system-activity",

2
ecs/stateless/template/fields/template-settings-legacy.json
View File

@ -1,5 +1,5 @@
{ {
"index_patterns": ["wazuh-events-v5-<integration-name>-*"], "index_patterns": ["wazuh-events-v5-<integration-name>*"],
"order": "<priority>", "order": "<priority>",
"settings": { "settings": {
"plugins.index_state_management.rollover_alias": "wazuh-events-v5-<integration-name>", "plugins.index_state_management.rollover_alias": "wazuh-events-v5-<integration-name>",

3
ecs/stateless/template/fields/template-settings.json
View File

@ -1,6 +1,7 @@
{ {
"index_patterns": ["wazuh-events-v5-<integration-name>-*"], "index_patterns": ["wazuh-events-v5-<integration-name>*"],
"priority": "<priority>", "priority": "<priority>",
"data_stream": {},
"template": { "template": {
"settings": { "settings": {
"plugins.index_state_management.rollover_alias": "wazuh-events-v5-<integration-name>", "plugins.index_state_management.rollover_alias": "wazuh-events-v5-<integration-name>",

184
plugins/setup/build.gradle
View File

@ -1,24 +1,25 @@
import org.opensearch.gradle.test.RestIntegTestTask import org.opensearch.gradle.test.RestIntegTestTask
import java.util.concurrent.Callable import java.util.concurrent.Callable
buildscript { buildscript {
ext { ext {
opensearch_version = System.getProperty("opensearch.version", "3.3.2-SNAPSHOT") opensearch_version = System.getProperty("opensearch.version", "3.3.2-SNAPSHOT")
opensearch_build = opensearch_version.replace("-SNAPSHOT","") + ".0" opensearch_build = opensearch_version.replace("-SNAPSHOT", "") + ".0"
wazuh_version = System.getProperty("version", "5.0.0") wazuh_version = System.getProperty("version", "5.0.0")
revision = System.getProperty("revision", "0") revision = System.getProperty("revision", "0")
} }
repositories { repositories {
mavenLocal() mavenLocal()
maven { url "https://ci.opensearch.org/ci/dbc/snapshots/maven/" } maven { url "https://ci.opensearch.org/ci/dbc/snapshots/maven/" }
mavenCentral() mavenCentral()
maven { url "https://plugins.gradle.org/m2/" } maven { url "https://plugins.gradle.org/m2/" }
} }
dependencies { dependencies {
classpath "org.opensearch.gradle:build-tools:${opensearch_version}" classpath "org.opensearch.gradle:build-tools:${opensearch_version}"
} }
} }
apply plugin: 'java' apply plugin: 'java'
@ -37,56 +38,61 @@ def pathToPlugin = 'setup'
def pluginClassName = 'SetupPlugin' def pluginClassName = 'SetupPlugin'
publishing { publishing {
publications { publications {
pluginZip(MavenPublication) { publication -> pluginZip(MavenPublication) { publication ->
pom { pom {
name = pluginName name = pluginName
description = pluginDescription description = pluginDescription
licenses { licenses {
license { license {
name = "GNU Affero General Public License (AGPL) version 3.0" name = "GNU Affero General Public License (AGPL) version 3.0"
url = "http://www.gnu.org/licenses/agpl-3.0.txt" url = "http://www.gnu.org/licenses/agpl-3.0.txt"
} }
}
developers {
developer {
name = "Wazuh"
url = "https://wazuh.com"
}
}
}
} }
developers {
developer {
name = "Wazuh"
url = "https://wazuh.com"
}
}
}
} }
}
} }
allprojects { allprojects {
group = "${projectPath}" group = "${projectPath}"
version = "${wazuh_version}" + ".${revision}" version = "${wazuh_version}" + ".${revision}"
targetCompatibility = JavaVersion.VERSION_21 targetCompatibility = JavaVersion.VERSION_21
sourceCompatibility = JavaVersion.VERSION_21 sourceCompatibility = JavaVersion.VERSION_21
} }
opensearchplugin { opensearchplugin {
name pluginName name pluginName
description pluginDescription description pluginDescription
classname "${projectPath}.${pathToPlugin}.${pluginClassName}" classname "${projectPath}.${pathToPlugin}.${pluginClassName}"
extendedPlugins = ['opensearch-index-management'] extendedPlugins = ['opensearch-index-management']
licenseFile rootProject.file('LICENSE.txt') licenseFile rootProject.file('LICENSE.txt')
noticeFile rootProject.file('NOTICE.txt') noticeFile rootProject.file('NOTICE.txt')
} }
configurations { configurations {
zipArchive zipArchive
} }
dependencies { dependencies {
implementation "org.apache.logging.log4j:log4j-slf4j-impl:2.25.2" implementation "org.apache.logging.log4j:log4j-slf4j-impl:2.25.2"
implementation "org.slf4j:slf4j-api:2.0.17" implementation "org.slf4j:slf4j-api:2.0.17"
// Job Scheduler & ISM stuff (required for the initialization of ISM policies) // Use Jackson provided by OpenSearch (2.18.2) - only for compile time
zipArchive group: 'org.opensearch.plugin', name: 'opensearch-job-scheduler', version: opensearch_build compileOnly 'com.fasterxml.jackson.core:jackson-core:2.18.2'
zipArchive group: 'org.opensearch.plugin', name: 'opensearch-index-management', version: opensearch_build implementation 'com.fasterxml.jackson.core:jackson-databind:2.18.2'
compileOnly "org.opensearch:opensearch-job-scheduler-spi:${opensearch_build}" implementation 'com.fasterxml.jackson.core:jackson-annotations:2.18.2'
// Job Scheduler & ISM stuff (required for the initialization of ISM policies)
zipArchive group: 'org.opensearch.plugin', name: 'opensearch-job-scheduler', version: opensearch_build
zipArchive group: 'org.opensearch.plugin', name: 'opensearch-index-management', version: opensearch_build
compileOnly "org.opensearch:opensearch-job-scheduler-spi:${opensearch_build}"
} }
// No need to validate license headers since spotless checks and applies it // No need to validate license headers since spotless checks and applies it
@ -102,30 +108,30 @@ validateNebulaPom.enabled = false
dependencyLicenses.enabled = false dependencyLicenses.enabled = false
repositories { repositories {
mavenLocal() mavenLocal()
maven { url "https://ci.opensearch.org/ci/dbc/snapshots/maven/" } maven { url "https://ci.opensearch.org/ci/dbc/snapshots/maven/" }
mavenCentral() mavenCentral()
maven { url "https://plugins.gradle.org/m2/" } maven { url "https://plugins.gradle.org/m2/" }
} }
test { test {
include '**/*Tests.class' include '**/*Tests.class'
} }
def getPlugin(pluginName) { def getPlugin(pluginName) {
provider(new Callable<RegularFile>() { provider(new Callable<RegularFile>() {
@Override
RegularFile call() throws Exception {
return new RegularFile() {
@Override @Override
RegularFile call() throws Exception { File getAsFile() {
return new RegularFile() { return configurations.zipArchive.asFileTree.matching {
@Override include String.format("**/%s*", pluginName)
File getAsFile() { }.singleFile
return configurations.zipArchive.asFileTree.matching {
include String.format("**/%s*", pluginName)
}.singleFile
}
}
} }
}) }
}
})
} }
task integTest(type: RestIntegTestTask) { task integTest(type: RestIntegTestTask) {
@ -136,40 +142,54 @@ task integTest(type: RestIntegTestTask) {
tasks.named("check").configure { dependsOn(integTest) } tasks.named("check").configure { dependsOn(integTest) }
integTest { integTest {
// The --debug-jvm command-line option makes the cluster debuggable; this makes the tests debuggable // The --debug-jvm command-line option makes the cluster debuggable; this makes the tests debuggable
if (System.getProperty("test.debug") != null) { if (System.getProperty("test.debug") != null) {
jvmArgs '-agentlib:jdwp=transport=dt_socket,server=y,suspend=y,address=*:5005' jvmArgs '-agentlib:jdwp=transport=dt_socket,server=y,suspend=y,address=*:5005'
} }
} }
testClusters {
testClusters.integTest { integTest {
plugin(getPlugin("opensearch-job-scheduler")) plugin(getPlugin("opensearch-job-scheduler"))
plugin(getPlugin("opensearch-index-management")) plugin(getPlugin("opensearch-index-management"))
testDistribution = "INTEG_TEST" testDistribution = "INTEG_TEST"
// This installs our plugin into the testClusters // This installs our plugin into the testClusters
plugin(project.tasks.bundlePlugin.archiveFile) plugin(project.tasks.bundlePlugin.archiveFile)
// The --debug-jvm command-line option makes the cluster debuggable; this makes the tests debuggable // The --debug-jvm command-line option makes the cluster debuggable; this makes the tests debuggable
if (System.getProperty("cluster.debug") != null) { if (System.getProperty("cluster.debug") != null) {
jvmArgs '-agentlib:jdwp=transport=dt_socket,server=y,suspend=y,address=*:5005' jvmArgs '-agentlib:jdwp=transport=dt_socket,server=y,suspend=y,address=*:5005'
} }
}
runCluster {
plugin(getPlugin("opensearch-job-scheduler"))
plugin(getPlugin("opensearch-index-management"))
testDistribution = "ARCHIVE"
plugin(project.tasks.bundlePlugin.archiveFile)
if (System.getProperty("run.cluster.debug") != null) {
jvmArgs '-agentlib:jdwp=transport=dt_socket,server=y,suspend=y,address=*:5005'
}
}
} }
run { run {
useCluster testClusters.integTest useCluster testClusters.runCluster
} }
// updateVersion: Task to auto update version to the next development iteration // updateVersion: Task to auto update version to the next development iteration
task updateVersion { task updateVersion {
onlyIf { System.getProperty('newVersion') } onlyIf { System.getProperty('newVersion') }
doLast { doLast {
ext.newVersion = System.getProperty('newVersion') ext.newVersion = System.getProperty('newVersion')
println "Setting version to ${newVersion}." println "Setting version to ${newVersion}."
// String tokenization to support -SNAPSHOT // String tokenization to support -SNAPSHOT
ant.replaceregexp(file: 'build.gradle', match: '"opensearch.version", "\\d.*"', replace: '"opensearch.version", "' + newVersion.tokenize('-')[0] + '-SNAPSHOT"', flags: 'g', byline: true) ant.replaceregexp(file: 'build.gradle', match: '"opensearch.version", "\\d.*"', replace: '"opensearch.version", "' + newVersion.tokenize('-')[0] + '-SNAPSHOT"', flags: 'g', byline: true)
} }
} }

15
plugins/setup/src/main/java/com/wazuh/setup/SetupPlugin.java
View File

@ -43,7 +43,7 @@ import com.wazuh.setup.index.IndexStateManagement;
import com.wazuh.setup.index.StateIndex; import com.wazuh.setup.index.StateIndex;
import com.wazuh.setup.index.StreamIndex; import com.wazuh.setup.index.StreamIndex;
import com.wazuh.setup.settings.PluginSettings; import com.wazuh.setup.settings.PluginSettings;
import com.wazuh.setup.utils.IndexUtils; import com.wazuh.setup.utils.JsonUtils;
/** /**
* Main class of the Indexer Setup plugin. This plugin is responsible for the creation of the index * Main class of the Indexer Setup plugin. This plugin is responsible for the creation of the index
@ -87,14 +87,13 @@ public class SetupPlugin extends Plugin implements ClusterPlugin {
// ISM index // ISM index
this.indices.add(new IndexStateManagement(IndexStateManagement.ISM_INDEX_NAME, "templates/ism-config")); this.indices.add(new IndexStateManagement(IndexStateManagement.ISM_INDEX_NAME, "templates/ism-config"));
// Stream indices // Stream indices
this.indices.add(new StreamIndex("wazuh-alerts-v5-000001", "templates/streams/alerts", "wazuh-alerts-v5")); this.indices.add(new StreamIndex("wazuh-alerts-v5", "templates/streams/alerts"));
this.indices.add(new StreamIndex("wazuh-archives-v5-000001", "templates/streams/archives", "wazuh-archives-v5")); this.indices.add(new StreamIndex("wazuh-archives-v5", "templates/streams/archives"));
// Decoder indices // Decoder indices
for (String category : this.categories) { for (String category : this.categories) {
this.indices.add(new StreamIndex( this.indices.add(new StreamIndex(
"wazuh-events-v5-" + category + "-000001", "wazuh-events-v5-" + category,
"templates/streams/" + category, "templates/streams/" + category
"wazuh-events-v5-" + category
)); ));
} }
@ -122,12 +121,12 @@ public class SetupPlugin extends Plugin implements ClusterPlugin {
// spotless:on // spotless:on
// Inject dependencies // Inject dependencies
IndexUtils utils = new IndexUtils(); JsonUtils utils = new JsonUtils();
this.indices.forEach( this.indices.forEach(
index -> { index -> {
index.setClient(client); index.setClient(client);
index.setClusterService(clusterService); index.setClusterService(clusterService);
index.setIndexUtils(utils); index.setUtils(utils);
}); });
return Collections.emptyList(); return Collections.emptyList();

86
plugins/setup/src/main/java/com/wazuh/setup/index/Index.java
View File

@ -16,22 +16,26 @@
*/ */
package com.wazuh.setup.index; package com.wazuh.setup.index;
import com.fasterxml.jackson.databind.ObjectMapper;
import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger; import org.apache.logging.log4j.Logger;
import org.opensearch.ResourceAlreadyExistsException; import org.opensearch.ResourceAlreadyExistsException;
import org.opensearch.action.admin.indices.create.CreateIndexRequest; import org.opensearch.action.admin.indices.create.CreateIndexRequest;
import org.opensearch.action.admin.indices.create.CreateIndexResponse; import org.opensearch.action.admin.indices.create.CreateIndexResponse;
import org.opensearch.action.admin.indices.template.put.PutIndexTemplateRequest; import org.opensearch.action.admin.indices.template.put.PutComposableIndexTemplateAction;
import org.opensearch.action.support.clustermanager.AcknowledgedResponse; import org.opensearch.cluster.metadata.ComposableIndexTemplate;
import org.opensearch.cluster.service.ClusterService; import org.opensearch.cluster.service.ClusterService;
import org.opensearch.common.compress.CompressedXContent;
import org.opensearch.common.settings.Settings;
import org.opensearch.transport.client.Client; import org.opensearch.transport.client.Client;
import java.io.IOException; import java.io.IOException;
import java.util.List; import java.io.InputStream;
import java.util.Map;
import com.wazuh.setup.model.IndexTemplate;
import com.wazuh.setup.settings.PluginSettings; import com.wazuh.setup.settings.PluginSettings;
import com.wazuh.setup.utils.IndexUtils; import com.wazuh.setup.utils.JsonUtils;
/** /**
* Abstract class with the required logic to create indices. In our context, an index always require * Abstract class with the required logic to create indices. In our context, an index always require
@ -45,7 +49,7 @@ public abstract class Index implements IndexInitializer {
// Dependencies. // Dependencies.
Client client; Client client;
ClusterService clusterService; ClusterService clusterService;
IndexUtils indexUtils; JsonUtils jsonUtils;
// Properties. // Properties.
String index; String index;
@ -87,12 +91,12 @@ public abstract class Index implements IndexInitializer {
} }
/** /**
* Sets the IndexUtils instance. * Sets the JsonUtils instance.
* *
* @param indexUtils the IndexUtils instance to set. * @param jsonUtils the JsonUtils instance to set.
*/ */
public void setIndexUtils(IndexUtils indexUtils) { public void setUtils(JsonUtils jsonUtils) {
this.indexUtils = indexUtils; this.jsonUtils = jsonUtils;
} }
/** /**
@ -137,42 +141,45 @@ public abstract class Index implements IndexInitializer {
} }
log.warn("Operation to create the index [{}] timed out. Retrying...", index); log.warn("Operation to create the index [{}] timed out. Retrying...", index);
this.retry_index_creation = false; this.retry_index_creation = false;
this.indexUtils.sleep(PluginSettings.getBackoff(this.clusterService.getSettings())); this.sleep(PluginSettings.getBackoff(this.clusterService.getSettings()));
this.createIndex(index); this.createIndex(index);
} }
} }
/** /**
* Creates an index template. * Creates an index template (v2).
* *
* @param template name of the index template to create. * @param template name of the index template to create.
*/ */
public void createTemplate(String template) { public void createTemplate(String template) {
try { try {
Map<String, Object> templateFile = this.indexUtils.fromFile(template + ".json"); // Read JSON index template
ObjectMapper mapper = new ObjectMapper();
InputStream is = this.getClass().getClassLoader().getResourceAsStream(template + ".json");
IndexTemplate indexTemplate = mapper.readValue(is, IndexTemplate.class);
PutIndexTemplateRequest putIndexTemplateRequest = // Create a V2 template (ComposableIndexTemplate)
new PutIndexTemplateRequest() String indexMappings = mapper.writeValueAsString(indexTemplate.getMappings());
.mapping(this.indexUtils.get(templateFile, "mappings")) CompressedXContent compressedMapping = new CompressedXContent(indexMappings);
.settings(this.indexUtils.get(templateFile, "settings")) Settings settings = Settings.builder().loadFromMap(indexTemplate.getSettings()).build();
.order((int) templateFile.getOrDefault("order", 0)) ComposableIndexTemplate composableTemplate =
.name(template) indexTemplate.getComposableIndexTemplate(settings, compressedMapping);
.patterns((List<String>) templateFile.get("index_patterns"));
AcknowledgedResponse createIndexTemplateResponse = // Use the V2 API to put the template
this.client PutComposableIndexTemplateAction.Request request =
.admin() new PutComposableIndexTemplateAction.Request(template)
.indices() .indexTemplate(composableTemplate)
.putTemplate(putIndexTemplateRequest) .create(false);
.actionGet(PluginSettings.getTimeout(this.clusterService.getSettings()));
log.info(
"Index template created successfully: {} {}",
template,
createIndexTemplateResponse.isAcknowledged());
// Put index template
this.client
.execute(PutComposableIndexTemplateAction.INSTANCE, request)
.actionGet(PluginSettings.getTimeout(this.clusterService.getSettings()));
} catch (IOException e) { } catch (IOException e) {
log.error("Error reading index template from filesystem {}", template); log.error(
"Error reading index template from filesystem [{}]. Caused by: {}",
template,
e.toString());
} catch (ResourceAlreadyExistsException e) { } catch (ResourceAlreadyExistsException e) {
log.info("Index template {} already exists. Skipping.", template); log.info("Index template {} already exists. Skipping.", template);
} catch ( } catch (
@ -188,7 +195,7 @@ public abstract class Index implements IndexInitializer {
} }
log.warn("Operation to create the index template [{}] timed out. Retrying...", template); log.warn("Operation to create the index template [{}] timed out. Retrying...", template);
this.retry_template_creation = false; this.retry_template_creation = false;
this.indexUtils.sleep(PluginSettings.getBackoff(this.clusterService.getSettings())); this.sleep(PluginSettings.getBackoff(this.clusterService.getSettings()));
this.createTemplate(template); this.createTemplate(template);
} }
} }
@ -201,4 +208,17 @@ public abstract class Index implements IndexInitializer {
this.createTemplate(this.template); this.createTemplate(this.template);
this.createIndex(this.index); this.createIndex(this.index);
} }
/**
* Utility method to wrap up the call to {@link Thread#sleep(long)} on a try-catch block.
*
* @param millis sleep interval in milliseconds.
*/
void sleep(long millis) {
try {
Thread.sleep(millis);
} catch (InterruptedException ex) {
throw new RuntimeException(ex);
}
}
} }

32
plugins/setup/src/main/java/com/wazuh/setup/index/IndexStateManagement.java
View File

@ -16,6 +16,8 @@
*/ */
package com.wazuh.setup.index; package com.wazuh.setup.index;
import com.fasterxml.jackson.databind.ObjectMapper;
import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger; import org.apache.logging.log4j.Logger;
import org.opensearch.ResourceAlreadyExistsException; import org.opensearch.ResourceAlreadyExistsException;
@ -25,10 +27,12 @@ import org.opensearch.action.index.IndexRequest;
import org.opensearch.core.xcontent.MediaTypeRegistry; import org.opensearch.core.xcontent.MediaTypeRegistry;
import java.io.IOException; import java.io.IOException;
import java.io.InputStream;
import java.util.ArrayList; import java.util.ArrayList;
import java.util.List; import java.util.List;
import java.util.Map; import java.util.Map;
import com.wazuh.setup.model.IndexTemplate;
import com.wazuh.setup.settings.PluginSettings; import com.wazuh.setup.settings.PluginSettings;
/** /**
@ -38,7 +42,7 @@ import com.wazuh.setup.settings.PluginSettings;
public class IndexStateManagement extends Index { public class IndexStateManagement extends Index {
private static final Logger log = LogManager.getLogger(IndexStateManagement.class); private static final Logger log = LogManager.getLogger(IndexStateManagement.class);
// ISM index name /** ISM index name */
public static final String ISM_INDEX_NAME = ".opendistro-ism-config"; public static final String ISM_INDEX_NAME = ".opendistro-ism-config";
// ISM policies names (filename without extension) // ISM policies names (filename without extension)
@ -74,10 +78,11 @@ public class IndexStateManagement extends Index {
* *
* @param policy policy name to create. * @param policy policy name to create.
*/ */
private void indexPolicy(String policy) { void indexPolicy(String policy) {
try { try {
Map<String, Object> policyFile; Map<String, Object> policyFile;
policyFile = this.indexUtils.fromFile(STREAM_ROLLOVER_POLICY_PATH);
policyFile = this.jsonUtils.fromFile(STREAM_ROLLOVER_POLICY_PATH);
IndexRequest indexRequest = IndexRequest indexRequest =
new IndexRequest(this.index) new IndexRequest(this.index)
@ -102,7 +107,7 @@ public class IndexStateManagement extends Index {
} }
log.warn("Operation to create the policy [{}] timed out. Retrying...", policy); log.warn("Operation to create the policy [{}] timed out. Retrying...", policy);
this.retry_index_creation = false; this.retry_index_creation = false;
this.indexUtils.sleep(PluginSettings.getBackoff(this.clusterService.getSettings())); this.sleep(PluginSettings.getBackoff(this.clusterService.getSettings()));
this.indexPolicy(policy); this.indexPolicy(policy);
} }
} }
@ -119,12 +124,16 @@ public class IndexStateManagement extends Index {
// For some reason the index template is not applied to the ISM internal index // For some reason the index template is not applied to the ISM internal index
// ".opendistro-ism-config", so we explicitly set the index mappings and settings // ".opendistro-ism-config", so we explicitly set the index mappings and settings
// as part of the CreateIndexRequest. // as part of the CreateIndexRequest.
Map<String, Object> templateFile = this.indexUtils.fromFile(this.template + ".json"); // Read JSON index template
ObjectMapper mapper = new ObjectMapper();
InputStream is =
this.getClass().getClassLoader().getResourceAsStream(this.template + ".json");
IndexTemplate indexTemplate = mapper.readValue(is, IndexTemplate.class);
CreateIndexRequest request = CreateIndexRequest request =
new CreateIndexRequest(index) new CreateIndexRequest(index)
.mapping(this.indexUtils.get(templateFile, "mappings")) .mapping(indexTemplate.getMappings())
.settings(this.indexUtils.get(templateFile, "settings")); .settings(indexTemplate.getSettings());
CreateIndexResponse createIndexResponse = CreateIndexResponse createIndexResponse =
this.client this.client
.admin() .admin()
@ -136,10 +145,13 @@ public class IndexStateManagement extends Index {
createIndexResponse.index(), createIndexResponse.index(),
createIndexResponse.isAcknowledged()); createIndexResponse.isAcknowledged());
} }
} catch (IOException e) {
log.error("Error reading index template from filesystem {}", this.template);
} catch (ResourceAlreadyExistsException e) { } catch (ResourceAlreadyExistsException e) {
log.info("Index {} already exists. Skipping.", index); log.info("Index {} already exists. Skipping.", index);
} catch (IOException e) {
log.error(
"Error reading index template from filesystem [{}]. Caused by: {}",
this.template,
e.toString());
} catch ( } catch (
Exception Exception
e) { // TimeoutException may be raised by actionGet(), but we cannot catch that one. e) { // TimeoutException may be raised by actionGet(), but we cannot catch that one.
@ -150,7 +162,7 @@ public class IndexStateManagement extends Index {
} }
log.warn("Operation to create the index [{}] timed out. Retrying...", index); log.warn("Operation to create the index [{}] timed out. Retrying...", index);
this.retry_index_creation = false; this.retry_index_creation = false;
this.indexUtils.sleep(PluginSettings.getBackoff(this.clusterService.getSettings())); this.sleep(PluginSettings.getBackoff(this.clusterService.getSettings()));
this.createIndex(index); this.createIndex(index);
} }
} }

67
plugins/setup/src/main/java/com/wazuh/setup/index/StreamIndex.java
View File

@ -19,9 +19,8 @@ package com.wazuh.setup.index;
import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger; import org.apache.logging.log4j.Logger;
import org.opensearch.ResourceAlreadyExistsException; import org.opensearch.ResourceAlreadyExistsException;
import org.opensearch.action.admin.indices.alias.Alias; import org.opensearch.action.admin.indices.datastream.CreateDataStreamAction;
import org.opensearch.action.admin.indices.create.CreateIndexRequest; import org.opensearch.action.support.clustermanager.AcknowledgedResponse;
import org.opensearch.action.admin.indices.create.CreateIndexResponse;
import com.wazuh.setup.settings.PluginSettings; import com.wazuh.setup.settings.PluginSettings;
@ -32,58 +31,58 @@ import com.wazuh.setup.settings.PluginSettings;
public class StreamIndex extends WazuhIndex { public class StreamIndex extends WazuhIndex {
private static final Logger log = LogManager.getLogger(StreamIndex.class); private static final Logger log = LogManager.getLogger(StreamIndex.class);
private final String alias;
/** /**
* Constructor. * Constructor.
* *
* @param index index name. * @param index index name.
* @param template index template name. * @param template index template name.
* @param alias index alias name for advanced management such as automatic rollover.
*/ */
public StreamIndex(String index, String template, String alias) { public StreamIndex(String index, String template) {
super(index, template); super(index, template);
this.alias = alias;
} }
/** /**
* Overrides {@link Index#createIndex(String)} to include the {@link #alias} to the index creation * Overrides {@link Index#createIndex(String)} to create a Data Stream instead.
* request.
* *
* @param index Name of the index to create. * @param index Name of the data stream to create.
* @see Alias
*/ */
@Override @Override
public void createIndex(String index) { public void createIndex(String index) {
try { try {
if (!this.indexExists(index)) { this.createDataStream(index);
CreateIndexRequest request =
new CreateIndexRequest(index).alias(new Alias(this.alias).writeIndex(true));
CreateIndexResponse createIndexResponse =
this.client
.admin()
.indices()
.create(request)
.actionGet(PluginSettings.getTimeout(this.clusterService.getSettings()));
log.info(
"Index created successfully: {} {}",
createIndexResponse.index(),
createIndexResponse.isAcknowledged());
}
} catch (ResourceAlreadyExistsException e) { } catch (ResourceAlreadyExistsException e) {
log.info("Index {} already exists. Skipping.", index); log.info("Data stream {} already exists. Skipping.", index);
} catch ( } catch (Exception e) {
Exception // TimeoutException may be raised by actionGet(), but we cannot catch that one.
e) { // TimeoutException may be raised by actionGet(), but we cannot catch that one. // Exit condition. Re-attempt to create the data stream also failed. Original exception is
// Exit condition. Re-attempt to create the index also failed. Original exception is rethrown. // rethrown.
if (!this.retry_index_creation) { if (!this.retry_index_creation) {
log.error("Initialization of index [{}] finally failed. The node will shut down.", index); log.error(
"Initialization of data stream [{}] finally failed. The node will shut down.", index);
throw e; throw e;
} }
log.warn("Operation to create the index [{}] timed out. Retrying...", index); log.warn("Operation to create the data stream [{}] timed out. Retrying...", index);
this.retry_index_creation = false; this.retry_index_creation = false;
this.indexUtils.sleep(PluginSettings.getBackoff(this.clusterService.getSettings())); this.sleep(PluginSettings.getBackoff(this.clusterService.getSettings()));
this.createIndex(index); this.createIndex(index);
} }
} }
/**
* Creates a Data Stream.
*
* @param name name of the data stream to create.
*/
public void createDataStream(String name) {
CreateDataStreamAction.Request request = new CreateDataStreamAction.Request(name);
AcknowledgedResponse response =
this.client
.admin()
.indices()
.createDataStream(request)
.actionGet(PluginSettings.getTimeout(this.clusterService.getSettings()));
log.info("Data Stream created successfully: {} {}", name, response.isAcknowledged());
}
} }

123
plugins/setup/src/main/java/com/wazuh/setup/model/IndexTemplate.java Normal file
View File

@ -0,0 +1,123 @@
/*
* Copyright (C) 2024, Wazuh Inc.
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as
* published by the Free Software Foundation, either version 3 of the
* License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <https://www.gnu.org/licenses/>.
*/
package com.wazuh.setup.model;
import com.fasterxml.jackson.annotation.JsonProperty;
import org.opensearch.cluster.metadata.ComposableIndexTemplate;
import org.opensearch.cluster.metadata.Template;
import org.opensearch.common.compress.CompressedXContent;
import org.opensearch.common.settings.Settings;
import java.util.List;
import java.util.Map;
/**
* Index Template Data Transfer Object.
*
* <p>Fill-in values automatically using Jackson Databind.
*/
public class IndexTemplate {
/** Default constructor */
public IndexTemplate() {}
@JsonProperty("index_patterns")
private List<String> indexPatterns;
private long priority;
private Map<String, Object> settings;
private Map<String, Object> mappings;
@JsonProperty("data_stream")
private Map<String, Object> dataStream;
@SuppressWarnings("unchecked")
@JsonProperty("template")
private void unpackNested(Map<String, Object> template) {
this.settings = (Map<String, Object>) template.get("settings");
this.mappings = (Map<String, Object>) template.get("mappings");
}
/**
* Index pattern getter.
*
* @return returns the list of index patters this index template applies to, or null.
*/
public List<String> getIndexPatterns() {
return this.indexPatterns;
}
/**
* Index template priority getter.
*
* @return returns the priority of the index template, or null.
*/
public long getPriority() {
return this.priority;
}
/**
* Index settings getter.
*
* @return returns the index settings to apply to indices matching the index pattern, or null.
*/
public Map<String, Object> getSettings() {
return this.settings;
}
/**
* Index mappings getter.
*
* @return returns the index mappings for the indices matching the index pattern, or null.
*/
public Map<String, Object> getMappings() {
return this.mappings;
}
/**
* Data Stream getter.
*
* @return returns the "data_stream" property of the index template, or null.
*/
public Map<String, Object> getDataStream() {
return this.dataStream;
}
/**
* Builds up a ComposableIndexTemplate resulting from the properties of the index template.
*
* @param settings index template settings as a string.
* @param compressedMapping index template mappings a CompressedXContent instance.
* @return instance of ComposableIndexTemplate.
*/
public ComposableIndexTemplate getComposableIndexTemplate(
Settings settings, CompressedXContent compressedMapping) {
ComposableIndexTemplate.DataStreamTemplate dataStreamTemplate =
this.getDataStream() != null ? new ComposableIndexTemplate.DataStreamTemplate() : null;
// Create the composable template
return new ComposableIndexTemplate(
this.getIndexPatterns(),
new Template(settings, compressedMapping, null),
null,
this.getPriority(),
null,
null,
dataStreamTemplate);
}
}

50
plugins/setup/src/main/java/com/wazuh/setup/utils/IndexUtils.java → plugins/setup/src/main/java/com/wazuh/setup/utils/JsonUtils.java
View File

@ -27,35 +27,24 @@ import java.util.Map;
import reactor.util.annotation.NonNull; import reactor.util.annotation.NonNull;
/** Util functions to parse and manage index templates files. */ /** Util functions to parse and manage JSON files. */
public class IndexUtils { public class JsonUtils {
/** Default constructor */ /** Default constructor */
public IndexUtils() {} public JsonUtils() {}
/** /**
* Read index template file from the resources folder and returns its JSON content as a map. * Read JSON file from the resources folder and returns its JSON content as a map.
* *
* @param filename name of the index template to read from the resources folder * @param filename name of the JSON file to read from the resources folder
* @return the JSON index template as a map * @return the JSON file as a map
* @throws IOException file not found or could not be read * @throws IOException file not found or could not be read
* @deprecated Use jackson's ObjectMapper instead.
*/ */
@Deprecated
public Map<String, Object> fromFile(@NonNull String filename) throws IOException { public Map<String, Object> fromFile(@NonNull String filename) throws IOException {
InputStream is = IndexUtils.class.getClassLoader().getResourceAsStream(filename); InputStream is = JsonUtils.class.getClassLoader().getResourceAsStream(filename);
return this.toMap(is);
}
/**
* Convert from a JSON InputStream into a String, Object map.
*
* <p>Used to convert the JSON index templates to the required format.
*
* @param is: the JSON formatted InputStream
* @return a map with the json string contents.
* @throws IOException thrown by {@link JsonXContent#createParser(NamedXContentRegistry,
* DeprecationHandler, InputStream)}
*/
public Map<String, Object> toMap(InputStream is) throws IOException {
XContentParser parser = XContentParser parser =
JsonXContent.jsonXContent.createParser( JsonXContent.jsonXContent.createParser(
NamedXContentRegistry.EMPTY, DeprecationHandler.THROW_UNSUPPORTED_OPERATION, is); NamedXContentRegistry.EMPTY, DeprecationHandler.THROW_UNSUPPORTED_OPERATION, is);
@ -64,29 +53,14 @@ public class IndexUtils {
} }
/** /**
* Cast map's element to a String, Object map. * Return JSON node by key.
* *
* <p>Used to retrieve the settings and mappings from the index templates, which are a JSON object * @param map the parent JSON node where the key to retrieve is.
* themselves.
*
* @param map the index template as a map.
* @param key the element's key to retrieve and cast. * @param key the element's key to retrieve and cast.
* @return a String, Object map * @return a String, Object map
*/ */
@SuppressWarnings("unchecked")
public Map<String, Object> get(Map<String, Object> map, String key) { public Map<String, Object> get(Map<String, Object> map, String key) {
return (Map<String, Object>) map.get(key); return (Map<String, Object>) map.get(key);
} }
/**
* Utility method to wrap up the call to {@link Thread#sleep(long)} on a try-catch block.
*
* @param millis sleep interval in milliseconds.
*/
public void sleep(long millis) {
try {
Thread.sleep(millis);
} catch (InterruptedException ex) {
throw new RuntimeException(ex);
}
}
} }

3060
plugins/setup/src/main/resources/templates/ism-config.json
View File

File diff suppressed because it is too large Load Diff

68
plugins/setup/src/main/resources/templates/monitoring.json
View File

@ -1,40 +1,42 @@
{ {
"order": 1,
"index_patterns": [ "index_patterns": [
"wazuh-monitoring*" "wazuh-monitoring*"
], ],
"settings": { "priority": 1,
"index": { "template": {
"number_of_replicas": "0", "settings": {
"number_of_shards": "1", "index": {
"refresh_interval": "5s" "number_of_replicas": "0",
} "number_of_shards": "1",
}, "refresh_interval": "5s"
"mappings": { }
"properties": { },
"timestamp": { "mappings": {
"type": "date", "properties": {
"format": "date" "timestamp": {
}, "type": "date",
"status": { "format": "date"
"type": "keyword" },
}, "status": {
"ip": { "type": "keyword"
"type": "keyword" },
}, "ip": {
"host": { "type": "keyword"
"type": "keyword" },
}, "host": {
"name": { "type": "keyword"
"type": "keyword" },
}, "name": {
"id": { "type": "keyword"
"type": "keyword" },
}, "id": {
"cluster": { "type": "keyword"
"properties": { },
"name": { "cluster": {
"type": "keyword" "properties": {
"name": {
"type": "keyword"
}
} }
} }
} }

392
plugins/setup/src/main/resources/templates/states/fim-files.json
View File

@ -2,219 +2,221 @@
"index_patterns": [ "index_patterns": [
"wazuh-states-fim-files*" "wazuh-states-fim-files*"
], ],
"mappings": { "priority": 1,
"date_detection": false, "template": {
"dynamic": "strict", "settings": {
"properties": { "index": {
"agent": { "number_of_replicas": "0",
"properties": { "number_of_shards": "1",
"groups": { "query.default_field": [
"ignore_above": 1024, "agent.groups ",
"type": "keyword" "agent.host.architecture ",
}, "agent.host.hostname ",
"host": { "agent.host.ip ",
"properties": { "agent.host.os.name ",
"architecture": { "agent.host.os.platform ",
"ignore_above": 1024, "agent.host.os.type ",
"type": "keyword" "agent.host.os.version ",
}, "agent.id ",
"hostname": { "agent.name ",
"ignore_above": 1024, "agent.version ",
"type": "keyword" "checksum.hash.sha1",
}, "file.attributes",
"ip": { "file.device",
"type": "ip" "file.gid",
}, "file.group",
"os": { "file.hash.md5",
"properties": { "file.hash.sha1",
"name": { "file.hash.sha256",
"ignore_above": 1024, "file.inode",
"type": "keyword" "file.mtime",
}, "file.owner",
"platform": { "file.path",
"ignore_above": 1024, "file.path.fields.text",
"type": "keyword" "file.permissions",
}, "file.size",
"type": { "file.uid",
"ignore_above": 1024, "state.document_version",
"type": "keyword" "state.modified_at",
}, "wazuh.cluster.name",
"version": { "wazuh.cluster.node",
"ignore_above": 1024, "wazuh.schema.version"
"type": "keyword" ],
"refresh_interval": "2s"
}
},
"mappings": {
"date_detection": false,
"dynamic": "strict",
"properties": {
"agent": {
"properties": {
"groups": {
"ignore_above": 1024,
"type": "keyword"
},
"host": {
"properties": {
"architecture": {
"ignore_above": 1024,
"type": "keyword"
},
"hostname": {
"ignore_above": 1024,
"type": "keyword"
},
"ip": {
"type": "ip"
},
"os": {
"properties": {
"name": {
"ignore_above": 1024,
"type": "keyword"
},
"platform": {
"ignore_above": 1024,
"type": "keyword"
},
"type": {
"ignore_above": 1024,
"type": "keyword"
},
"version": {
"ignore_above": 1024,
"type": "keyword"
}
} }
} }
} }
},
"id": {
"ignore_above": 1024,
"type": "keyword"
},
"name": {
"ignore_above": 1024,
"type": "keyword"
},
"version": {
"ignore_above": 1024,
"type": "keyword"
} }
},
"id": {
"ignore_above": 1024,
"type": "keyword"
},
"name": {
"ignore_above": 1024,
"type": "keyword"
},
"version": {
"ignore_above": 1024,
"type": "keyword"
} }
} },
}, "checksum": {
"checksum": { "properties": {
"properties": { "hash": {
"hash": { "properties": {
"properties": { "sha1": {
"sha1": { "ignore_above": 1024,
"ignore_above": 1024, "type": "keyword"
"type": "keyword" }
} }
} }
} }
} },
}, "file": {
"file": { "properties": {
"properties": { "attributes": {
"attributes": { "ignore_above": 1024,
"ignore_above": 1024, "type": "keyword"
"type": "keyword" },
}, "device": {
"device": { "ignore_above": 1024,
"ignore_above": 1024, "type": "keyword"
"type": "keyword" },
}, "gid": {
"gid": { "ignore_above": 1024,
"ignore_above": 1024, "type": "keyword"
"type": "keyword" },
}, "group": {
"group": { "ignore_above": 1024,
"ignore_above": 1024, "type": "keyword"
"type": "keyword" },
}, "hash": {
"hash": { "properties": {
"properties": { "md5": {
"md5": { "ignore_above": 1024,
"ignore_above": 1024, "type": "keyword"
"type": "keyword" },
}, "sha1": {
"sha1": { "ignore_above": 1024,
"ignore_above": 1024, "type": "keyword"
"type": "keyword" },
}, "sha256": {
"sha256": { "ignore_above": 1024,
"ignore_above": 1024, "type": "keyword"
"type": "keyword" }
} }
},
"inode": {
"ignore_above": 1024,
"type": "keyword"
},
"mtime": {
"type": "date"
},
"owner": {
"ignore_above": 1024,
"type": "keyword"
},
"path": {
"ignore_above": 1024,
"type": "keyword"
},
"permissions": {
"ignore_above": 1024,
"type": "keyword"
},
"size": {
"type": "long"
},
"uid": {
"ignore_above": 1024,
"type": "keyword"
} }
},
"inode": {
"ignore_above": 1024,
"type": "keyword"
},
"mtime": {
"type": "date"
},
"owner": {
"ignore_above": 1024,
"type": "keyword"
},
"path": {
"ignore_above": 1024,
"type": "keyword"
},
"permissions": {
"ignore_above": 1024,
"type": "keyword"
},
"size": {
"type": "long"
},
"uid": {
"ignore_above": 1024,
"type": "keyword"
} }
} },
}, "message": {
"message": { "ignore_above": 1024,
"ignore_above": 1024, "type": "keyword"
"type": "keyword" },
}, "state": {
"state": { "properties": {
"properties": { "document_version": {
"document_version": { "type": "integer"
"type": "integer" },
}, "modified_at": {
"modified_at": { "type": "date"
"type": "date" }
} }
} },
}, "wazuh": {
"wazuh": { "properties": {
"properties": { "cluster": {
"cluster": { "properties": {
"properties": { "name": {
"name": { "ignore_above": 1024,
"ignore_above": 1024, "type": "keyword"
"type": "keyword" },
}, "node": {
"node": { "ignore_above": 1024,
"ignore_above": 1024, "type": "keyword"
"type": "keyword" }
} }
} },
}, "schema": {
"schema": { "properties": {
"properties": { "version": {
"version": { "ignore_above": 1024,
"ignore_above": 1024, "type": "keyword"
"type": "keyword" }
} }
} }
} }
} }
} }
} }
},
"order": 1,
"settings": {
"index": {
"number_of_replicas": "0",
"number_of_shards": "1",
"query.default_field": [
"agent.groups ",
"agent.host.architecture ",
"agent.host.hostname ",
"agent.host.ip ",
"agent.host.os.name ",
"agent.host.os.platform ",
"agent.host.os.type ",
"agent.host.os.version ",
"agent.id ",
"agent.name ",
"agent.version ",
"checksum.hash.sha1",
"file.attributes",
"file.device",
"file.gid",
"file.group",
"file.hash.md5",
"file.hash.sha1",
"file.hash.sha256",
"file.inode",
"file.mtime",
"file.owner",
"file.path",
"file.path.fields.text",
"file.permissions",
"file.size",
"file.uid",
"state.document_version",
"state.modified_at",
"wazuh.cluster.name",
"wazuh.cluster.node",
"wazuh.schema.version"
],
"refresh_interval": "2s"
}
} }
} }

338
plugins/setup/src/main/resources/templates/states/fim-registry-keys.json
View File

@ -2,188 +2,190 @@
"index_patterns": [ "index_patterns": [
"wazuh-states-fim-registry-keys*" "wazuh-states-fim-registry-keys*"
], ],
"mappings": { "priority": 1,
"date_detection": false, "template": {
"dynamic": "strict", "settings": {
"properties": { "index": {
"agent": { "number_of_replicas": "0",
"properties": { "number_of_shards": "1",
"groups": { "query.default_field": [
"ignore_above": 1024, "agent.host.architecture",
"type": "keyword" "agent.host.ip",
}, "agent.id",
"host": { "agent.name",
"properties": { "agent.version",
"architecture": { "checksum.hash.sha1",
"ignore_above": 1024, "registry.architecture",
"type": "keyword" "registry.gid",
}, "registry.group",
"hostname": { "registry.hive",
"ignore_above": 1024, "registry.key",
"type": "keyword" "registry.mtime",
}, "registry.owner",
"ip": { "registry.path",
"type": "ip" "registry.permissions",
}, "registry.uid",
"os": { "state.modified_at",
"properties": { "wazuh.cluster.name",
"name": { "wazuh.cluster.node",
"ignore_above": 1024, "wazuh.schema.version"
"type": "keyword" ],
}, "refresh_interval": "2s"
"platform": { }
"ignore_above": 1024, },
"type": "keyword" "mappings": {
}, "date_detection": false,
"type": { "dynamic": "strict",
"ignore_above": 1024, "properties": {
"type": "keyword" "agent": {
}, "properties": {
"version": { "groups": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword"
},
"host": {
"properties": {
"architecture": {
"ignore_above": 1024,
"type": "keyword"
},
"hostname": {
"ignore_above": 1024,
"type": "keyword"
},
"ip": {
"type": "ip"
},
"os": {
"properties": {
"name": {
"ignore_above": 1024,
"type": "keyword"
},
"platform": {
"ignore_above": 1024,
"type": "keyword"
},
"type": {
"ignore_above": 1024,
"type": "keyword"
},
"version": {
"ignore_above": 1024,
"type": "keyword"
}
} }
} }
} }
},
"id": {
"ignore_above": 1024,
"type": "keyword"
},
"name": {
"ignore_above": 1024,
"type": "keyword"
},
"version": {
"ignore_above": 1024,
"type": "keyword"
} }
},
"id": {
"ignore_above": 1024,
"type": "keyword"
},
"name": {
"ignore_above": 1024,
"type": "keyword"
},
"version": {
"ignore_above": 1024,
"type": "keyword"
} }
} },
}, "checksum": {
"checksum": { "properties": {
"properties": { "hash": {
"hash": { "properties": {
"properties": { "sha1": {
"sha1": { "ignore_above": 1024,
"ignore_above": 1024, "type": "keyword"
"type": "keyword" }
} }
} }
} }
} },
}, "message": {
"message": { "ignore_above": 1024,
"ignore_above": 1024, "type": "keyword"
"type": "keyword" },
}, "registry": {
"registry": { "properties": {
"properties": { "architecture": {
"architecture": { "ignore_above": 1024,
"ignore_above": 1024, "type": "keyword"
"type": "keyword" },
}, "gid": {
"gid": { "ignore_above": 1024,
"ignore_above": 1024, "type": "keyword"
"type": "keyword" },
}, "group": {
"group": { "ignore_above": 1024,
"ignore_above": 1024, "type": "keyword"
"type": "keyword" },
}, "hive": {
"hive": { "ignore_above": 1024,
"ignore_above": 1024, "type": "keyword"
"type": "keyword" },
}, "key": {
"key": { "ignore_above": 1024,
"ignore_above": 1024, "type": "keyword"
"type": "keyword" },
}, "mtime": {
"mtime": { "type": "date"
"type": "date" },
}, "owner": {
"owner": { "ignore_above": 1024,
"ignore_above": 1024, "type": "keyword"
"type": "keyword" },
}, "path": {
"path": { "ignore_above": 1024,
"ignore_above": 1024, "type": "keyword"
"type": "keyword" },
}, "permissions": {
"permissions": { "ignore_above": 1024,
"ignore_above": 1024, "type": "keyword"
"type": "keyword" },
}, "uid": {
"uid": { "ignore_above": 1024,
"ignore_above": 1024, "type": "keyword"
"type": "keyword"
}
}
},
"state": {
"properties": {
"document_version": {
"type": "integer"
},
"modified_at": {
"type": "date"
}
}
},
"wazuh": {
"properties": {
"cluster": {
"properties": {
"name": {
"ignore_above": 1024,
"type": "keyword"
},
"node": {
"ignore_above": 1024,
"type": "keyword"
}
} }
}, }
"schema": { },
"properties": { "state": {
"version": { "properties": {
"ignore_above": 1024, "document_version": {
"type": "keyword" "type": "integer"
},
"modified_at": {
"type": "date"
}
}
},
"wazuh": {
"properties": {
"cluster": {
"properties": {
"name": {
"ignore_above": 1024,
"type": "keyword"
},
"node": {
"ignore_above": 1024,
"type": "keyword"
}
}
},
"schema": {
"properties": {
"version": {
"ignore_above": 1024,
"type": "keyword"
}
} }
} }
} }
} }
} }
} }
},
"order": 1,
"settings": {
"index": {
"number_of_replicas": "0",
"number_of_shards": "1",
"query.default_field": [
"agent.host.architecture",
"agent.host.ip",
"agent.id",
"agent.name",
"agent.version",
"checksum.hash.sha1",
"registry.architecture",
"registry.gid",
"registry.group",
"registry.hive",
"registry.key",
"registry.mtime",
"registry.owner",
"registry.path",
"registry.permissions",
"registry.uid",
"state.modified_at",
"wazuh.cluster.name",
"wazuh.cluster.node",
"wazuh.schema.version"
],
"refresh_interval": "2s"
}
} }
} }

350
plugins/setup/src/main/resources/templates/states/fim-registry-values.json
View File

@ -2,196 +2,198 @@
"index_patterns": [ "index_patterns": [
"wazuh-states-fim-registry-values*" "wazuh-states-fim-registry-values*"
], ],
"mappings": { "priority": 1,
"date_detection": false, "template": {
"dynamic": "strict", "settings": {
"properties": { "index": {
"agent": { "number_of_replicas": "0",
"properties": { "number_of_shards": "1",
"groups": { "query.default_field": [
"ignore_above": 1024, "agent.host.architecture",
"type": "keyword" "agent.host.ip",
}, "agent.id",
"host": { "agent.name",
"properties": { "agent.version",
"architecture": { "checksum.hash.sha1",
"ignore_above": 1024, "registry.architecture",
"type": "keyword" "registry.data.hash.md5",
}, "registry.data.hash.sha1",
"hostname": { "registry.data.hash.sha256",
"ignore_above": 1024, "registry.data.type",
"type": "keyword" "registry.hive",
}, "registry.key",
"ip": { "registry.path",
"type": "ip" "registry.size",
}, "registry.value",
"os": { "state.modified_at",
"properties": { "wazuh.cluster.name",
"name": { "wazuh.cluster.node",
"ignore_above": 1024, "wazuh.schema.version"
"type": "keyword" ],
}, "refresh_interval": "2s"
"platform": { }
"ignore_above": 1024, },
"type": "keyword" "mappings": {
}, "date_detection": false,
"type": { "dynamic": "strict",
"ignore_above": 1024, "properties": {
"type": "keyword" "agent": {
}, "properties": {
"version": { "groups": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword"
},
"host": {
"properties": {
"architecture": {
"ignore_above": 1024,
"type": "keyword"
},
"hostname": {
"ignore_above": 1024,
"type": "keyword"
},
"ip": {
"type": "ip"
},
"os": {
"properties": {
"name": {
"ignore_above": 1024,
"type": "keyword"
},
"platform": {
"ignore_above": 1024,
"type": "keyword"
},
"type": {
"ignore_above": 1024,
"type": "keyword"
},
"version": {
"ignore_above": 1024,
"type": "keyword"
}
} }
} }
} }
} },
}, "id": {
"id": { "ignore_above": 1024,
"ignore_above": 1024, "type": "keyword"
"type": "keyword" },
}, "name": {
"name": { "ignore_above": 1024,
"ignore_above": 1024, "type": "keyword"
"type": "keyword" },
}, "version": {
"version": { "ignore_above": 1024,
"ignore_above": 1024, "type": "keyword"
"type": "keyword"
}
}
},
"checksum": {
"properties": {
"hash": {
"properties": {
"sha1": {
"ignore_above": 1024,
"type": "keyword"
}
} }
} }
} },
}, "checksum": {
"message": { "properties": {
"ignore_above": 1024, "hash": {
"type": "keyword" "properties": {
}, "sha1": {
"registry": { "ignore_above": 1024,
"properties": { "type": "keyword"
"architecture": {
"ignore_above": 1024,
"type": "keyword"
},
"data": {
"properties": {
"hash": {
"properties": {
"md5": {
"ignore_above": 1024,
"type": "keyword"
},
"sha1": {
"ignore_above": 1024,
"type": "keyword"
},
"sha256": {
"ignore_above": 1024,
"type": "keyword"
}
} }
},
"type": {
"ignore_above": 1024,
"type": "keyword"
} }
} }
},
"hive": {
"ignore_above": 1024,
"type": "keyword"
},
"key": {
"ignore_above": 1024,
"type": "keyword"
},
"path": {
"ignore_above": 1024,
"type": "keyword"
},
"size": {
"type": "long"
},
"value": {
"ignore_above": 1024,
"type": "keyword"
} }
} },
}, "message": {
"state": { "ignore_above": 1024,
"properties": { "type": "keyword"
"document_version": { },
"type": "integer" "registry": {
}, "properties": {
"modified_at": { "architecture": {
"type": "date" "ignore_above": 1024,
} "type": "keyword"
} },
}, "data": {
"wazuh": { "properties": {
"properties": { "hash": {
"cluster": { "properties": {
"properties": { "md5": {
"name": { "ignore_above": 1024,
"ignore_above": 1024, "type": "keyword"
"type": "keyword" },
}, "sha1": {
"node": { "ignore_above": 1024,
"ignore_above": 1024, "type": "keyword"
"type": "keyword" },
"sha256": {
"ignore_above": 1024,
"type": "keyword"
}
}
},
"type": {
"ignore_above": 1024,
"type": "keyword"
}
} }
},
"hive": {
"ignore_above": 1024,
"type": "keyword"
},
"key": {
"ignore_above": 1024,
"type": "keyword"
},
"path": {
"ignore_above": 1024,
"type": "keyword"
},
"size": {
"type": "long"
},
"value": {
"ignore_above": 1024,
"type": "keyword"
} }
}, }
"schema": { },
"properties": { "state": {
"version": { "properties": {
"ignore_above": 1024, "document_version": {
"type": "keyword" "type": "integer"
},
"modified_at": {
"type": "date"
}
}
},
"wazuh": {
"properties": {
"cluster": {
"properties": {
"name": {
"ignore_above": 1024,
"type": "keyword"
},
"node": {
"ignore_above": 1024,
"type": "keyword"
}
}
},
"schema": {
"properties": {
"version": {
"ignore_above": 1024,
"type": "keyword"
}
} }
} }
} }
} }
} }
} }
},
"order": 1,
"settings": {
"index": {
"number_of_replicas": "0",
"number_of_shards": "1",
"query.default_field": [
"agent.host.architecture",
"agent.host.ip",
"agent.id",
"agent.name",
"agent.version",
"checksum.hash.sha1",
"registry.architecture",
"registry.data.hash.md5",
"registry.data.hash.sha1",
"registry.data.hash.sha256",
"registry.data.type",
"registry.hive",
"registry.key",
"registry.path",
"registry.size",
"registry.value",
"state.modified_at",
"wazuh.cluster.name",
"wazuh.cluster.node",
"wazuh.schema.version"
],
"refresh_interval": "2s"
}
} }
} }

442
plugins/setup/src/main/resources/templates/states/inventory-browser-extensions.json
View File

@ -2,246 +2,248 @@
"index_patterns": [ "index_patterns": [
"wazuh-states-inventory-browser-extensions*" "wazuh-states-inventory-browser-extensions*"
], ],
"mappings": { "priority": 1,
"date_detection": false, "template": {
"dynamic": "strict", "settings": {
"properties": { "index": {
"agent": { "number_of_replicas": "0",
"properties": { "number_of_shards": "1",
"groups": { "query.default_field": [
"ignore_above": 1024, "agent.host.architecture",
"type": "keyword" "agent.host.ip",
}, "agent.id",
"host": { "agent.name",
"properties": { "agent.version",
"architecture": { "browser.name",
"ignore_above": 1024, "user.id",
"type": "keyword" "package.name",
}, "package.id",
"hostname": { "package.version",
"ignore_above": 1024, "package.vendor",
"type": "keyword" "package.type",
}, "state.modified_at",
"ip": { "wazuh.cluster.name",
"type": "ip" "wazuh.cluster.node",
}, "wazuh.schema.version"
"os": { ],
"properties": { "refresh_interval": "2s"
"name": { }
"ignore_above": 1024, },
"type": "keyword" "mappings": {
}, "date_detection": false,
"platform": { "dynamic": "strict",
"ignore_above": 1024, "properties": {
"type": "keyword" "agent": {
}, "properties": {
"type": { "groups": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword"
}, },
"version": { "host": {
"ignore_above": 1024, "properties": {
"type": "keyword" "architecture": {
"ignore_above": 1024,
"type": "keyword"
},
"hostname": {
"ignore_above": 1024,
"type": "keyword"
},
"ip": {
"type": "ip"
},
"os": {
"properties": {
"name": {
"ignore_above": 1024,
"type": "keyword"
},
"platform": {
"ignore_above": 1024,
"type": "keyword"
},
"type": {
"ignore_above": 1024,
"type": "keyword"
},
"version": {
"ignore_above": 1024,
"type": "keyword"
}
} }
} }
} }
},
"id": {
"ignore_above": 1024,
"type": "keyword"
},
"name": {
"ignore_above": 1024,
"type": "keyword"
},
"version": {
"ignore_above": 1024,
"type": "keyword"
} }
},
"id": {
"ignore_above": 1024,
"type": "keyword"
},
"name": {
"ignore_above": 1024,
"type": "keyword"
},
"version": {
"ignore_above": 1024,
"type": "keyword"
} }
} },
}, "browser": {
"browser": { "properties": {
"properties": { "name": {
"name": { "ignore_above": 1024,
"ignore_above": 1024, "type": "keyword"
"type": "keyword" },
}, "profile": {
"profile": { "properties": {
"properties": { "name": {
"name": { "ignore_above": 1024,
"ignore_above": 1024, "type": "keyword"
"type": "keyword" },
}, "path": {
"path": { "ignore_above": 1024,
"ignore_above": 1024, "type": "keyword"
"type": "keyword" },
}, "referenced": {
"referenced": { "type": "boolean"
"type": "boolean" }
} }
} }
} }
} },
}, "checksum": {
"checksum": { "properties": {
"properties": { "hash": {
"hash": { "properties": {
"properties": { "sha1": {
"sha1": { "ignore_above": 1024,
"ignore_above": 1024, "type": "keyword"
"type": "keyword" }
} }
} }
} }
} },
}, "file": {
"file": { "properties": {
"properties": { "hash": {
"hash": { "properties": {
"properties": { "sha256": {
"sha256": { "ignore_above": 1024,
"ignore_above": 1024, "type": "keyword"
"type": "keyword" }
} }
} }
} }
} },
}, "message": {
"message": { "ignore_above": 1024,
"ignore_above": 1024, "type": "keyword"
"type": "keyword" },
}, "package": {
"package": { "properties": {
"properties": { "autoupdate": {
"autoupdate": { "type": "boolean"
"type": "boolean" },
}, "build_version": {
"build_version": { "ignore_above": 1024,
"ignore_above": 1024, "type": "keyword"
"type": "keyword" },
}, "description": {
"description": { "ignore_above": 1024,
"ignore_above": 1024, "type": "keyword"
"type": "keyword" },
}, "enabled": {
"enabled": { "type": "boolean"
"type": "boolean" },
}, "from_webstore": {
"from_webstore": { "type": "boolean"
"type": "boolean" },
}, "id": {
"id": { "ignore_above": 1024,
"ignore_above": 1024, "type": "keyword"
"type": "keyword" },
}, "installed": {
"installed": { "type": "date"
"type": "date" },
}, "name": {
"name": { "ignore_above": 1024,
"ignore_above": 1024, "type": "keyword"
"type": "keyword" },
}, "path": {
"path": { "ignore_above": 1024,
"ignore_above": 1024, "type": "keyword"
"type": "keyword" },
}, "permissions": {
"permissions": { "ignore_above": 1024,
"ignore_above": 1024, "type": "keyword"
"type": "keyword" },
}, "persistent": {
"persistent": { "type": "boolean"
"type": "boolean" },
}, "reference": {
"reference": { "ignore_above": 1024,
"ignore_above": 1024, "type": "keyword"
"type": "keyword" },
}, "type": {
"type": { "ignore_above": 1024,
"ignore_above": 1024, "type": "keyword"
"type": "keyword" },
}, "vendor": {
"vendor": { "ignore_above": 1024,
"ignore_above": 1024, "type": "keyword"
"type": "keyword" },
}, "version": {
"version": { "ignore_above": 1024,
"ignore_above": 1024, "type": "keyword"
"type": "keyword" },
}, "visible": {
"visible": { "type": "boolean"
"type": "boolean"
}
}
},
"state": {
"properties": {
"document_version": {
"type": "integer"
},
"modified_at": {
"type": "date"
}
}
},
"user": {
"properties": {
"id": {
"ignore_above": 1024,
"type": "keyword"
}
}
},
"wazuh": {
"properties": {
"cluster": {
"properties": {
"name": {
"ignore_above": 1024,
"type": "keyword"
},
"node": {
"ignore_above": 1024,
"type": "keyword"
}
} }
}, }
"schema": { },
"properties": { "state": {
"version": { "properties": {
"ignore_above": 1024, "document_version": {
"type": "keyword" "type": "integer"
},
"modified_at": {
"type": "date"
}
}
},
"user": {
"properties": {
"id": {
"ignore_above": 1024,
"type": "keyword"
}
}
},
"wazuh": {
"properties": {
"cluster": {
"properties": {
"name": {
"ignore_above": 1024,
"type": "keyword"
},
"node": {
"ignore_above": 1024,
"type": "keyword"
}
}
},
"schema": {
"properties": {
"version": {
"ignore_above": 1024,
"type": "keyword"
}
} }
} }
} }
} }
} }
} }
},
"order": 1,
"settings": {
"index": {
"number_of_replicas": "0",
"number_of_shards": "1",
"query.default_field": [
"agent.host.architecture",
"agent.host.ip",
"agent.id",
"agent.name",
"agent.version",
"browser.name",
"user.id",
"package.name",
"package.id",
"package.version",
"package.vendor",
"package.type",
"state.modified_at",
"wazuh.cluster.name",
"wazuh.cluster.node",
"wazuh.schema.version"
],
"refresh_interval": "2s"
}
} }
} }

280
plugins/setup/src/main/resources/templates/states/inventory-groups.json
View File

@ -2,159 +2,161 @@
"index_patterns": [ "index_patterns": [
"wazuh-states-inventory-groups*" "wazuh-states-inventory-groups*"
], ],
"mappings": { "priority": 1,
"date_detection": false, "template": {
"dynamic": "strict", "settings": {
"properties": { "index": {
"agent": { "number_of_replicas": "0",
"properties": { "number_of_shards": "1",
"groups": { "query.default_field": [
"ignore_above": 1024, "group.name",
"type": "keyword" "group.description",
}, "group.id_signed",
"host": { "group.uuid",
"properties": { "group.users",
"architecture": { "state.modified_at"
"ignore_above": 1024, ],
"type": "keyword" "refresh_interval": "2s"
}, }
"hostname": { },
"ignore_above": 1024, "mappings": {
"type": "keyword" "date_detection": false,
}, "dynamic": "strict",
"ip": { "properties": {
"type": "ip" "agent": {
}, "properties": {
"os": { "groups": {
"properties": { "ignore_above": 1024,
"name": { "type": "keyword"
"ignore_above": 1024, },
"type": "keyword" "host": {
}, "properties": {
"platform": { "architecture": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword"
}, },
"type": { "hostname": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword"
}, },
"version": { "ip": {
"ignore_above": 1024, "type": "ip"
"type": "keyword" },
"os": {
"properties": {
"name": {
"ignore_above": 1024,
"type": "keyword"
},
"platform": {
"ignore_above": 1024,
"type": "keyword"
},
"type": {
"ignore_above": 1024,
"type": "keyword"
},
"version": {
"ignore_above": 1024,
"type": "keyword"
}
} }
} }
} }
},
"id": {
"ignore_above": 1024,
"type": "keyword"
},
"name": {
"ignore_above": 1024,
"type": "keyword"
},
"version": {
"ignore_above": 1024,
"type": "keyword"
} }
},
"id": {
"ignore_above": 1024,
"type": "keyword"
},
"name": {
"ignore_above": 1024,
"type": "keyword"
},
"version": {
"ignore_above": 1024,
"type": "keyword"
} }
} },
}, "checksum": {
"checksum": { "properties": {
"properties": { "hash": {
"hash": { "properties": {
"properties": { "sha1": {
"sha1": { "ignore_above": 1024,
"ignore_above": 1024, "type": "keyword"
"type": "keyword" }
} }
} }
} }
} },
}, "group": {
"group": { "properties": {
"properties": { "description": {
"description": { "type": "match_only_text"
"type": "match_only_text" },
}, "id": {
"id": { "type": "unsigned_long"
"type": "unsigned_long" },
}, "id_signed": {
"id_signed": { "type": "long"
"type": "long" },
}, "is_hidden": {
"is_hidden": { "type": "boolean"
"type": "boolean" },
}, "name": {
"name": { "ignore_above": 1024,
"ignore_above": 1024, "type": "keyword"
"type": "keyword" },
}, "users": {
"users": { "ignore_above": 1024,
"ignore_above": 1024, "type": "keyword"
"type": "keyword" },
}, "uuid": {
"uuid": { "ignore_above": 1024,
"ignore_above": 1024, "type": "keyword"
"type": "keyword"
}
}
},
"message": {
"ignore_above": 1024,
"type": "keyword"
},
"state": {
"properties": {
"document_version": {
"type": "integer"
},
"modified_at": {
"type": "date"
}
}
},
"wazuh": {
"properties": {
"cluster": {
"properties": {
"name": {
"ignore_above": 1024,
"type": "keyword"
},
"node": {
"ignore_above": 1024,
"type": "keyword"
}
} }
}, }
"schema": { },
"properties": { "message": {
"version": { "ignore_above": 1024,
"ignore_above": 1024, "type": "keyword"
"type": "keyword" },
"state": {
"properties": {
"document_version": {
"type": "integer"
},
"modified_at": {
"type": "date"
}
}
},
"wazuh": {
"properties": {
"cluster": {
"properties": {
"name": {
"ignore_above": 1024,
"type": "keyword"
},
"node": {
"ignore_above": 1024,
"type": "keyword"
}
}
},
"schema": {
"properties": {
"version": {
"ignore_above": 1024,
"type": "keyword"
}
} }
} }
} }
} }
} }
} }
},
"order": 1,
"settings": {
"index": {
"number_of_replicas": "0",
"number_of_shards": "1",
"query.default_field": [
"group.name",
"group.description",
"group.id_signed",
"group.uuid",
"group.users",
"state.modified_at"
],
"refresh_interval": "2s"
}
} }
} }

304
plugins/setup/src/main/resources/templates/states/inventory-hardware.json
View File

@ -2,175 +2,177 @@
"index_patterns": [ "index_patterns": [
"wazuh-states-inventory-hardware*" "wazuh-states-inventory-hardware*"
], ],
"mappings": { "priority": 1,
"date_detection": false, "template": {
"dynamic": "strict", "settings": {
"properties": { "index": {
"agent": { "number_of_replicas": "0",
"properties": { "number_of_shards": "1",
"groups": { "query.default_field": [
"ignore_above": 1024, "agent.host.architecture",
"type": "keyword" "agent.host.ip",
}, "agent.id",
"host": { "agent.name",
"properties": { "agent.version",
"architecture": { "agent.host.ip",
"ignore_above": 1024, "host.serial_number",
"type": "keyword" "state.modified_at",
}, "wazuh.cluster.name",
"hostname": { "wazuh.cluster.node",
"ignore_above": 1024, "wazuh.schema.version"
"type": "keyword" ],
}, "refresh_interval": "2s"
"ip": { }
"type": "ip" },
}, "mappings": {
"os": { "date_detection": false,
"properties": { "dynamic": "strict",
"name": { "properties": {
"ignore_above": 1024, "agent": {
"type": "keyword" "properties": {
}, "groups": {
"platform": { "ignore_above": 1024,
"ignore_above": 1024, "type": "keyword"
"type": "keyword" },
}, "host": {
"type": { "properties": {
"ignore_above": 1024, "architecture": {
"type": "keyword" "ignore_above": 1024,
}, "type": "keyword"
"version": { },
"ignore_above": 1024, "hostname": {
"type": "keyword" "ignore_above": 1024,
"type": "keyword"
},
"ip": {
"type": "ip"
},
"os": {
"properties": {
"name": {
"ignore_above": 1024,
"type": "keyword"
},
"platform": {
"ignore_above": 1024,
"type": "keyword"
},
"type": {
"ignore_above": 1024,
"type": "keyword"
},
"version": {
"ignore_above": 1024,
"type": "keyword"
}
} }
} }
} }
},
"id": {
"ignore_above": 1024,
"type": "keyword"
},
"name": {
"ignore_above": 1024,
"type": "keyword"
},
"version": {
"ignore_above": 1024,
"type": "keyword"
} }
},
"id": {
"ignore_above": 1024,
"type": "keyword"
},
"name": {
"ignore_above": 1024,
"type": "keyword"
},
"version": {
"ignore_above": 1024,
"type": "keyword"
} }
} },
}, "checksum": {
"checksum": { "properties": {
"properties": { "hash": {
"hash": { "properties": {
"properties": { "sha1": {
"sha1": { "ignore_above": 1024,
"ignore_above": 1024, "type": "keyword"
"type": "keyword" }
} }
} }
} }
} },
}, "host": {
"host": { "properties": {
"properties": { "cpu": {
"cpu": { "properties": {
"properties": { "cores": {
"cores": { "type": "short"
"type": "short" },
}, "name": {
"name": { "ignore_above": 1024,
"ignore_above": 1024, "type": "keyword"
"type": "keyword" },
}, "speed": {
"speed": { "type": "long"
"type": "long" }
} }
} },
}, "memory": {
"memory": { "properties": {
"properties": { "free": {
"free": { "type": "long"
"type": "long" },
}, "total": {
"total": { "type": "long"
"type": "long" },
}, "usage": {
"usage": { "scaling_factor": 100,
"scaling_factor": 100, "type": "scaled_float"
"type": "scaled_float" },
}, "used": {
"used": { "type": "long"
"type": "long" }
} }
},
"serial_number": {
"ignore_above": 1024,
"type": "keyword"
} }
},
"serial_number": {
"ignore_above": 1024,
"type": "keyword"
} }
} },
}, "message": {
"message": { "ignore_above": 1024,
"ignore_above": 1024, "type": "keyword"
"type": "keyword" },
}, "state": {
"state": { "properties": {
"properties": { "document_version": {
"document_version": { "type": "integer"
"type": "integer" },
}, "modified_at": {
"modified_at": { "type": "date"
"type": "date"
}
}
},
"wazuh": {
"properties": {
"cluster": {
"properties": {
"name": {
"ignore_above": 1024,
"type": "keyword"
},
"node": {
"ignore_above": 1024,
"type": "keyword"
}
} }
}, }
"schema": { },
"properties": { "wazuh": {
"version": { "properties": {
"ignore_above": 1024, "cluster": {
"type": "keyword" "properties": {
"name": {
"ignore_above": 1024,
"type": "keyword"
},
"node": {
"ignore_above": 1024,
"type": "keyword"
}
}
},
"schema": {
"properties": {
"version": {
"ignore_above": 1024,
"type": "keyword"
}
} }
} }
} }
} }
} }
} }
},
"order": 1,
"settings": {
"index": {
"number_of_replicas": "0",
"number_of_shards": "1",
"query.default_field": [
"agent.host.architecture",
"agent.host.ip",
"agent.id",
"agent.name",
"agent.version",
"agent.host.ip",
"host.serial_number",
"state.modified_at",
"wazuh.cluster.name",
"wazuh.cluster.node",
"wazuh.schema.version"
],
"refresh_interval": "2s"
}
} }
} }

256
plugins/setup/src/main/resources/templates/states/inventory-hotfixes.json
View File

@ -2,148 +2,150 @@
"index_patterns": [ "index_patterns": [
"wazuh-states-inventory-hotfixes*" "wazuh-states-inventory-hotfixes*"
], ],
"mappings": { "priority": 1,
"date_detection": false, "template": {
"dynamic": "strict", "settings": {
"properties": { "index": {
"agent": { "number_of_replicas": "0",
"properties": { "number_of_shards": "1",
"groups": { "query.default_field": [
"ignore_above": 1024, "agent.host.architecture",
"type": "keyword" "agent.host.ip",
}, "agent.id",
"host": { "agent.name",
"properties": { "agent.version",
"architecture": { "package.hotfix.name",
"ignore_above": 1024, "state.modified_at",
"type": "keyword" "wazuh.cluster.name",
}, "wazuh.cluster.node",
"hostname": { "wazuh.schema.version"
"ignore_above": 1024, ],
"type": "keyword" "refresh_interval": "2s"
}, }
"ip": { },
"type": "ip" "mappings": {
}, "date_detection": false,
"os": { "dynamic": "strict",
"properties": { "properties": {
"name": { "agent": {
"ignore_above": 1024, "properties": {
"type": "keyword" "groups": {
}, "ignore_above": 1024,
"platform": { "type": "keyword"
"ignore_above": 1024, },
"type": "keyword" "host": {
}, "properties": {
"type": { "architecture": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword"
}, },
"version": { "hostname": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword"
},
"ip": {
"type": "ip"
},
"os": {
"properties": {
"name": {
"ignore_above": 1024,
"type": "keyword"
},
"platform": {
"ignore_above": 1024,
"type": "keyword"
},
"type": {
"ignore_above": 1024,
"type": "keyword"
},
"version": {
"ignore_above": 1024,
"type": "keyword"
}
} }
} }
} }
},
"id": {
"ignore_above": 1024,
"type": "keyword"
},
"name": {
"ignore_above": 1024,
"type": "keyword"
},
"version": {
"ignore_above": 1024,
"type": "keyword"
} }
},
"id": {
"ignore_above": 1024,
"type": "keyword"
},
"name": {
"ignore_above": 1024,
"type": "keyword"
},
"version": {
"ignore_above": 1024,
"type": "keyword"
} }
} },
}, "checksum": {
"checksum": { "properties": {
"properties": { "hash": {
"hash": { "properties": {
"properties": { "sha1": {
"sha1": { "ignore_above": 1024,
"ignore_above": 1024, "type": "keyword"
"type": "keyword" }
} }
} }
} }
} },
}, "message": {
"message": { "ignore_above": 1024,
"ignore_above": 1024, "type": "keyword"
"type": "keyword" },
}, "package": {
"package": { "properties": {
"properties": { "hotfix": {
"hotfix": { "properties": {
"properties": { "name": {
"name": { "ignore_above": 1024,
"ignore_above": 1024, "type": "keyword"
"type": "keyword" }
},
"type": "object"
}
}
},
"state": {
"properties": {
"document_version": {
"type": "integer"
},
"modified_at": {
"type": "date"
}
}
},
"wazuh": {
"properties": {
"cluster": {
"properties": {
"name": {
"ignore_above": 1024,
"type": "keyword"
},
"node": {
"ignore_above": 1024,
"type": "keyword"
}
} }
}, },
"type": "object" "schema": {
} "properties": {
} "version": {
}, "ignore_above": 1024,
"state": { "type": "keyword"
"properties": { }
"document_version": {
"type": "integer"
},
"modified_at": {
"type": "date"
}
}
},
"wazuh": {
"properties": {
"cluster": {
"properties": {
"name": {
"ignore_above": 1024,
"type": "keyword"
},
"node": {
"ignore_above": 1024,
"type": "keyword"
}
}
},
"schema": {
"properties": {
"version": {
"ignore_above": 1024,
"type": "keyword"
} }
} }
} }
} }
} }
} }
},
"order": 1,
"settings": {
"index": {
"number_of_replicas": "0",
"number_of_shards": "1",
"query.default_field": [
"agent.host.architecture",
"agent.host.ip",
"agent.id",
"agent.name",
"agent.version",
"package.hotfix.name",
"state.modified_at",
"wazuh.cluster.name",
"wazuh.cluster.node",
"wazuh.schema.version"
],
"refresh_interval": "2s"
}
} }
} }

354
plugins/setup/src/main/resources/templates/states/inventory-interfaces.json
View File

@ -2,202 +2,204 @@
"index_patterns": [ "index_patterns": [
"wazuh-states-inventory-interfaces*" "wazuh-states-inventory-interfaces*"
], ],
"mappings": { "priority": 1,
"date_detection": false, "template": {
"dynamic": "strict", "settings": {
"properties": { "index": {
"agent": { "number_of_replicas": "0",
"properties": { "number_of_shards": "1",
"groups": { "query.default_field": [
"ignore_above": 1024, "agent.id",
"type": "keyword" "agent.name",
}, "agent.version",
"host": { "agent.host.ip",
"properties": { "host.mac",
"architecture": { "interface.name",
"ignore_above": 1024, "interface.alias",
"type": "keyword" "state.modified_at",
}, "wazuh.cluster.name",
"hostname": { "wazuh.cluster.node"
"ignore_above": 1024, ],
"type": "keyword" "refresh_interval": "2s"
}, }
"ip": { },
"type": "ip" "mappings": {
}, "date_detection": false,
"os": { "dynamic": "strict",
"properties": { "properties": {
"name": { "agent": {
"ignore_above": 1024, "properties": {
"type": "keyword" "groups": {
}, "ignore_above": 1024,
"platform": { "type": "keyword"
"ignore_above": 1024, },
"type": "keyword" "host": {
}, "properties": {
"type": { "architecture": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword"
}, },
"version": { "hostname": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword"
},
"ip": {
"type": "ip"
},
"os": {
"properties": {
"name": {
"ignore_above": 1024,
"type": "keyword"
},
"platform": {
"ignore_above": 1024,
"type": "keyword"
},
"type": {
"ignore_above": 1024,
"type": "keyword"
},
"version": {
"ignore_above": 1024,
"type": "keyword"
}
} }
} }
} }
},
"id": {
"ignore_above": 1024,
"type": "keyword"
},
"name": {
"ignore_above": 1024,
"type": "keyword"
},
"version": {
"ignore_above": 1024,
"type": "keyword"
} }
},
"id": {
"ignore_above": 1024,
"type": "keyword"
},
"name": {
"ignore_above": 1024,
"type": "keyword"
},
"version": {
"ignore_above": 1024,
"type": "keyword"
} }
} },
}, "checksum": {
"checksum": { "properties": {
"properties": { "hash": {
"hash": { "properties": {
"properties": { "sha1": {
"sha1": { "ignore_above": 1024,
"ignore_above": 1024, "type": "keyword"
"type": "keyword" }
} }
} }
} }
} },
}, "host": {
"host": { "properties": {
"properties": { "mac": {
"mac": { "ignore_above": 1024,
"ignore_above": 1024, "type": "keyword"
"type": "keyword" },
}, "network": {
"network": { "properties": {
"properties": { "egress": {
"egress": { "properties": {
"properties": { "bytes": {
"bytes": { "type": "long"
"type": "long" },
}, "drops": {
"drops": { "type": "long"
"type": "long" },
}, "errors": {
"errors": { "type": "long"
"type": "long" },
}, "packets": {
"packets": { "type": "long"
"type": "long" }
} }
} },
}, "ingress": {
"ingress": { "properties": {
"properties": { "bytes": {
"bytes": { "type": "long"
"type": "long" },
}, "drops": {
"drops": { "type": "long"
"type": "long" },
}, "errors": {
"errors": { "type": "long"
"type": "long" },
}, "packets": {
"packets": { "type": "long"
"type": "long" }
} }
} }
} }
} }
} }
} },
}, "interface": {
"interface": { "properties": {
"properties": { "alias": {
"alias": { "ignore_above": 1024,
"ignore_above": 1024, "type": "keyword"
"type": "keyword" },
}, "mtu": {
"mtu": { "type": "long"
"type": "long" },
}, "name": {
"name": { "ignore_above": 1024,
"ignore_above": 1024, "type": "keyword"
"type": "keyword" },
}, "state": {
"state": { "ignore_above": 1024,
"ignore_above": 1024, "type": "keyword"
"type": "keyword" },
}, "type": {
"type": { "ignore_above": 1024,
"ignore_above": 1024, "type": "keyword"
"type": "keyword"
}
}
},
"message": {
"ignore_above": 1024,
"type": "keyword"
},
"state": {
"properties": {
"document_version": {
"type": "integer"
},
"modified_at": {
"type": "date"
}
}
},
"wazuh": {
"properties": {
"cluster": {
"properties": {
"name": {
"ignore_above": 1024,
"type": "keyword"
},
"node": {
"ignore_above": 1024,
"type": "keyword"
}
} }
}, }
"schema": { },
"properties": { "message": {
"version": { "ignore_above": 1024,
"ignore_above": 1024, "type": "keyword"
"type": "keyword" },
"state": {
"properties": {
"document_version": {
"type": "integer"
},
"modified_at": {
"type": "date"
}
}
},
"wazuh": {
"properties": {
"cluster": {
"properties": {
"name": {
"ignore_above": 1024,
"type": "keyword"
},
"node": {
"ignore_above": 1024,
"type": "keyword"
}
}
},
"schema": {
"properties": {
"version": {
"ignore_above": 1024,
"type": "keyword"
}
} }
} }
} }
} }
} }
} }
},
"order": 1,
"settings": {
"index": {
"number_of_replicas": "0",
"number_of_shards": "1",
"query.default_field": [
"agent.id",
"agent.name",
"agent.version",
"agent.host.ip",
"host.mac",
"interface.name",
"interface.alias",
"state.modified_at",
"wazuh.cluster.name",
"wazuh.cluster.node"
],
"refresh_interval": "2s"
}
} }
} }

294
plugins/setup/src/main/resources/templates/states/inventory-networks.json
View File

@ -2,166 +2,168 @@
"index_patterns": [ "index_patterns": [
"wazuh-states-inventory-networks*" "wazuh-states-inventory-networks*"
], ],
"mappings": { "priority": 1,
"date_detection": false, "template": {
"dynamic": "strict", "settings": {
"properties": { "index": {
"agent": { "number_of_replicas": "0",
"properties": { "number_of_shards": "1",
"groups": { "query.default_field": [
"ignore_above": 1024, "agent.id",
"type": "keyword" "agent.name",
}, "agent.version",
"host": { "agent.host.ip",
"properties": { "interface.name",
"architecture": { "network.ip",
"ignore_above": 1024, "network.name",
"type": "keyword" "state.modified_at",
}, "wazuh.cluster.name",
"hostname": { "wazuh.cluster.node"
"ignore_above": 1024, ],
"type": "keyword" "refresh_interval": "2s"
}, }
"ip": { },
"type": "ip" "mappings": {
}, "date_detection": false,
"os": { "dynamic": "strict",
"properties": { "properties": {
"name": { "agent": {
"ignore_above": 1024, "properties": {
"type": "keyword" "groups": {
}, "ignore_above": 1024,
"platform": { "type": "keyword"
"ignore_above": 1024, },
"type": "keyword" "host": {
}, "properties": {
"type": { "architecture": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword"
}, },
"version": { "hostname": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword"
},
"ip": {
"type": "ip"
},
"os": {
"properties": {
"name": {
"ignore_above": 1024,
"type": "keyword"
},
"platform": {
"ignore_above": 1024,
"type": "keyword"
},
"type": {
"ignore_above": 1024,
"type": "keyword"
},
"version": {
"ignore_above": 1024,
"type": "keyword"
}
} }
} }
} }
},
"id": {
"ignore_above": 1024,
"type": "keyword"
},
"name": {
"ignore_above": 1024,
"type": "keyword"
},
"version": {
"ignore_above": 1024,
"type": "keyword"
} }
},
"id": {
"ignore_above": 1024,
"type": "keyword"
},
"name": {
"ignore_above": 1024,
"type": "keyword"
},
"version": {
"ignore_above": 1024,
"type": "keyword"
} }
} },
}, "checksum": {
"checksum": { "properties": {
"properties": { "hash": {
"hash": { "properties": {
"properties": { "sha1": {
"sha1": { "ignore_above": 1024,
"ignore_above": 1024, "type": "keyword"
"type": "keyword" }
} }
} }
} }
} },
}, "interface": {
"interface": { "properties": {
"properties": { "name": {
"name": { "ignore_above": 1024,
"ignore_above": 1024, "type": "keyword"
"type": "keyword"
}
}
},
"message": {
"ignore_above": 1024,
"type": "keyword"
},
"network": {
"properties": {
"broadcast": {
"type": "ip"
},
"dhcp": {
"type": "boolean"
},
"ip": {
"type": "ip"
},
"metric": {
"type": "long"
},
"netmask": {
"type": "ip"
},
"type": {
"ignore_above": 1024,
"type": "keyword"
}
}
},
"state": {
"properties": {
"document_version": {
"type": "integer"
},
"modified_at": {
"type": "date"
}
}
},
"wazuh": {
"properties": {
"cluster": {
"properties": {
"name": {
"ignore_above": 1024,
"type": "keyword"
},
"node": {
"ignore_above": 1024,
"type": "keyword"
}
} }
}, }
"schema": { },
"properties": { "message": {
"version": { "ignore_above": 1024,
"ignore_above": 1024, "type": "keyword"
"type": "keyword" },
"network": {
"properties": {
"broadcast": {
"type": "ip"
},
"dhcp": {
"type": "boolean"
},
"ip": {
"type": "ip"
},
"metric": {
"type": "long"
},
"netmask": {
"type": "ip"
},
"type": {
"ignore_above": 1024,
"type": "keyword"
}
}
},
"state": {
"properties": {
"document_version": {
"type": "integer"
},
"modified_at": {
"type": "date"
}
}
},
"wazuh": {
"properties": {
"cluster": {
"properties": {
"name": {
"ignore_above": 1024,
"type": "keyword"
},
"node": {
"ignore_above": 1024,
"type": "keyword"
}
}
},
"schema": {
"properties": {
"version": {
"ignore_above": 1024,
"type": "keyword"
}
} }
} }
} }
} }
} }
} }
},
"order": 1,
"settings": {
"index": {
"number_of_replicas": "0",
"number_of_shards": "1",
"query.default_field": [
"agent.id",
"agent.name",
"agent.version",
"agent.host.ip",
"interface.name",
"network.ip",
"network.name",
"state.modified_at",
"wazuh.cluster.name",
"wazuh.cluster.node"
],
"refresh_interval": "2s"
}
} }
} }

364
plugins/setup/src/main/resources/templates/states/inventory-packages.json
View File

@ -2,201 +2,203 @@
"index_patterns": [ "index_patterns": [
"wazuh-states-inventory-packages*" "wazuh-states-inventory-packages*"
], ],
"mappings": { "priority": 1,
"date_detection": false, "template": {
"dynamic": "strict", "settings": {
"properties": { "index": {
"agent": { "number_of_replicas": "0",
"properties": { "number_of_shards": "1",
"groups": { "query.default_field": [
"ignore_above": 1024, "agent.host.architecture",
"type": "keyword" "agent.host.ip",
}, "agent.id",
"host": { "agent.name",
"properties": { "agent.version",
"architecture": { "package.architecture",
"ignore_above": 1024, "package.category",
"type": "keyword" "package.description",
}, "package.installed",
"hostname": { "package.multiarch",
"ignore_above": 1024, "package.name",
"type": "keyword" "package.path",
}, "package.priority",
"ip": { "package.size",
"type": "ip" "package.source",
}, "package.type",
"os": { "package.vendor",
"properties": { "package.version",
"name": { "state.modified_at",
"ignore_above": 1024, "wazuh.cluster.name",
"type": "keyword" "wazuh.cluster.node",
}, "wazuh.schema.version"
"platform": { ],
"ignore_above": 1024, "refresh_interval": "2s"
"type": "keyword" }
}, },
"type": { "mappings": {
"ignore_above": 1024, "date_detection": false,
"type": "keyword" "dynamic": "strict",
}, "properties": {
"version": { "agent": {
"ignore_above": 1024, "properties": {
"type": "keyword" "groups": {
"ignore_above": 1024,
"type": "keyword"
},
"host": {
"properties": {
"architecture": {
"ignore_above": 1024,
"type": "keyword"
},
"hostname": {
"ignore_above": 1024,
"type": "keyword"
},
"ip": {
"type": "ip"
},
"os": {
"properties": {
"name": {
"ignore_above": 1024,
"type": "keyword"
},
"platform": {
"ignore_above": 1024,
"type": "keyword"
},
"type": {
"ignore_above": 1024,
"type": "keyword"
},
"version": {
"ignore_above": 1024,
"type": "keyword"
}
} }
} }
} }
},
"id": {
"ignore_above": 1024,
"type": "keyword"
},
"name": {
"ignore_above": 1024,
"type": "keyword"
},
"version": {
"ignore_above": 1024,
"type": "keyword"
} }
},
"id": {
"ignore_above": 1024,
"type": "keyword"
},
"name": {
"ignore_above": 1024,
"type": "keyword"
},
"version": {
"ignore_above": 1024,
"type": "keyword"
} }
} },
}, "checksum": {
"checksum": { "properties": {
"properties": { "hash": {
"hash": { "properties": {
"properties": { "sha1": {
"sha1": { "ignore_above": 1024,
"ignore_above": 1024, "type": "keyword"
"type": "keyword" }
} }
} }
} }
} },
}, "message": {
"message": { "ignore_above": 1024,
"ignore_above": 1024, "type": "keyword"
"type": "keyword" },
}, "package": {
"package": { "properties": {
"properties": { "architecture": {
"architecture": { "ignore_above": 1024,
"ignore_above": 1024, "type": "keyword"
"type": "keyword" },
}, "category": {
"category": { "ignore_above": 1024,
"ignore_above": 1024, "type": "keyword"
"type": "keyword" },
}, "description": {
"description": { "ignore_above": 1024,
"ignore_above": 1024, "type": "keyword"
"type": "keyword" },
}, "installed": {
"installed": { "type": "date"
"type": "date" },
}, "multiarch": {
"multiarch": { "ignore_above": 1024,
"ignore_above": 1024, "type": "keyword"
"type": "keyword" },
}, "name": {
"name": { "ignore_above": 1024,
"ignore_above": 1024, "type": "keyword"
"type": "keyword" },
}, "path": {
"path": { "ignore_above": 1024,
"ignore_above": 1024, "type": "keyword"
"type": "keyword" },
}, "priority": {
"priority": { "ignore_above": 1024,
"ignore_above": 1024, "type": "keyword"
"type": "keyword" },
}, "size": {
"size": { "type": "long"
"type": "long" },
}, "source": {
"source": { "ignore_above": 1024,
"ignore_above": 1024, "type": "keyword"
"type": "keyword" },
}, "type": {
"type": { "ignore_above": 1024,
"ignore_above": 1024, "type": "keyword"
"type": "keyword" },
}, "vendor": {
"vendor": { "ignore_above": 1024,
"ignore_above": 1024, "type": "keyword"
"type": "keyword" },
}, "version": {
"version": { "ignore_above": 1024,
"ignore_above": 1024, "type": "keyword"
"type": "keyword"
}
}
},
"state": {
"properties": {
"document_version": {
"type": "integer"
},
"modified_at": {
"type": "date"
}
}
},
"wazuh": {
"properties": {
"cluster": {
"properties": {
"name": {
"ignore_above": 1024,
"type": "keyword"
},
"node": {
"ignore_above": 1024,
"type": "keyword"
}
} }
}, }
"schema": { },
"properties": { "state": {
"version": { "properties": {
"ignore_above": 1024, "document_version": {
"type": "keyword" "type": "integer"
},
"modified_at": {
"type": "date"
}
}
},
"wazuh": {
"properties": {
"cluster": {
"properties": {
"name": {
"ignore_above": 1024,
"type": "keyword"
},
"node": {
"ignore_above": 1024,
"type": "keyword"
}
}
},
"schema": {
"properties": {
"version": {
"ignore_above": 1024,
"type": "keyword"
}
} }
} }
} }
} }
} }
} }
},
"order": 1,
"settings": {
"index": {
"number_of_replicas": "0",
"number_of_shards": "1",
"query.default_field": [
"agent.host.architecture",
"agent.host.ip",
"agent.id",
"agent.name",
"agent.version",
"package.architecture",
"package.category",
"package.description",
"package.installed",
"package.multiarch",
"package.name",
"package.path",
"package.priority",
"package.size",
"package.source",
"package.type",
"package.vendor",
"package.version",
"state.modified_at",
"wazuh.cluster.name",
"wazuh.cluster.node",
"wazuh.schema.version"
],
"refresh_interval": "2s"
}
} }
} }

386
plugins/setup/src/main/resources/templates/states/inventory-ports.json
View File

@ -2,220 +2,222 @@
"index_patterns": [ "index_patterns": [
"wazuh-states-inventory-ports*" "wazuh-states-inventory-ports*"
], ],
"mappings": { "priority": 1,
"date_detection": false, "template": {
"dynamic": "strict", "settings": {
"properties": { "index": {
"agent": { "number_of_replicas": "0",
"properties": { "number_of_shards": "1",
"groups": { "query.default_field": [
"ignore_above": 1024, "agent.host.architecture",
"type": "keyword" "agent.host.ip",
}, "agent.id",
"host": { "agent.name",
"properties": { "agent.version",
"architecture": { "host.network.egress.queue",
"ignore_above": 1024, "host.network.ingress.queue",
"type": "keyword" "file.inode",
}, "interface.state",
"hostname": { "network.transport",
"ignore_above": 1024, "process.name",
"type": "keyword" "process.pid",
}, "source.ip",
"ip": { "destination.ip",
"type": "ip" "state.modified_at",
}, "wazuh.cluster.name",
"os": { "wazuh.cluster.node",
"properties": { "wazuh.schema.version"
"name": { ],
"ignore_above": 1024, "refresh_interval": "2s"
"type": "keyword" }
}, },
"platform": { "mappings": {
"ignore_above": 1024, "date_detection": false,
"type": "keyword" "dynamic": "strict",
}, "properties": {
"type": { "agent": {
"ignore_above": 1024, "properties": {
"type": "keyword" "groups": {
}, "ignore_above": 1024,
"version": { "type": "keyword"
"ignore_above": 1024, },
"type": "keyword" "host": {
"properties": {
"architecture": {
"ignore_above": 1024,
"type": "keyword"
},
"hostname": {
"ignore_above": 1024,
"type": "keyword"
},
"ip": {
"type": "ip"
},
"os": {
"properties": {
"name": {
"ignore_above": 1024,
"type": "keyword"
},
"platform": {
"ignore_above": 1024,
"type": "keyword"
},
"type": {
"ignore_above": 1024,
"type": "keyword"
},
"version": {
"ignore_above": 1024,
"type": "keyword"
}
} }
} }
} }
},
"id": {
"ignore_above": 1024,
"type": "keyword"
},
"name": {
"ignore_above": 1024,
"type": "keyword"
},
"version": {
"ignore_above": 1024,
"type": "keyword"
} }
},
"id": {
"ignore_above": 1024,
"type": "keyword"
},
"name": {
"ignore_above": 1024,
"type": "keyword"
},
"version": {
"ignore_above": 1024,
"type": "keyword"
} }
} },
}, "checksum": {
"checksum": { "properties": {
"properties": { "hash": {
"hash": { "properties": {
"properties": { "sha1": {
"sha1": { "ignore_above": 1024,
"ignore_above": 1024, "type": "keyword"
"type": "keyword" }
} }
} }
} }
} },
}, "destination": {
"destination": { "properties": {
"properties": { "ip": {
"ip": { "type": "ip"
"type": "ip" },
}, "port": {
"port": { "type": "long"
"type": "long" }
} }
} },
}, "file": {
"file": { "properties": {
"properties": { "inode": {
"inode": { "ignore_above": 1024,
"ignore_above": 1024, "type": "keyword"
"type": "keyword" }
} }
} },
}, "host": {
"host": { "properties": {
"properties": { "network": {
"network": { "properties": {
"properties": { "egress": {
"egress": { "properties": {
"properties": { "queue": {
"queue": { "type": "long"
"type": "long" }
} }
} },
}, "ingress": {
"ingress": { "properties": {
"properties": { "queue": {
"queue": { "type": "long"
"type": "long" }
} }
} }
} }
} }
} }
} },
}, "interface": {
"interface": { "properties": {
"properties": { "state": {
"state": { "ignore_above": 1024,
"ignore_above": 1024, "type": "keyword"
"type": "keyword"
}
}
},
"message": {
"ignore_above": 1024,
"type": "keyword"
},
"network": {
"properties": {
"transport": {
"ignore_above": 1024,
"type": "keyword"
}
}
},
"process": {
"properties": {
"name": {
"ignore_above": 1024,
"type": "keyword"
},
"pid": {
"type": "long"
}
}
},
"source": {
"properties": {
"ip": {
"type": "ip"
},
"port": {
"type": "long"
}
}
},
"state": {
"properties": {
"document_version": {
"type": "integer"
},
"modified_at": {
"type": "date"
}
}
},
"wazuh": {
"properties": {
"cluster": {
"properties": {
"name": {
"ignore_above": 1024,
"type": "keyword"
},
"node": {
"ignore_above": 1024,
"type": "keyword"
}
} }
}, }
"schema": { },
"properties": { "message": {
"version": { "ignore_above": 1024,
"ignore_above": 1024, "type": "keyword"
"type": "keyword" },
"network": {
"properties": {
"transport": {
"ignore_above": 1024,
"type": "keyword"
}
}
},
"process": {
"properties": {
"name": {
"ignore_above": 1024,
"type": "keyword"
},
"pid": {
"type": "long"
}
}
},
"source": {
"properties": {
"ip": {
"type": "ip"
},
"port": {
"type": "long"
}
}
},
"state": {
"properties": {
"document_version": {
"type": "integer"
},
"modified_at": {
"type": "date"
}
}
},
"wazuh": {
"properties": {
"cluster": {
"properties": {
"name": {
"ignore_above": 1024,
"type": "keyword"
},
"node": {
"ignore_above": 1024,
"type": "keyword"
}
}
},
"schema": {
"properties": {
"version": {
"ignore_above": 1024,
"type": "keyword"
}
} }
} }
} }
} }
} }
} }
},
"order": 1,
"settings": {
"index": {
"number_of_replicas": "0",
"number_of_shards": "1",
"query.default_field": [
"agent.host.architecture",
"agent.host.ip",
"agent.id",
"agent.name",
"agent.version",
"host.network.egress.queue",
"host.network.ingress.queue",
"file.inode",
"interface.state",
"network.transport",
"process.name",
"process.pid",
"source.ip",
"destination.ip",
"state.modified_at",
"wazuh.cluster.name",
"wazuh.cluster.node",
"wazuh.schema.version"
],
"refresh_interval": "2s"
}
} }
} }

326
plugins/setup/src/main/resources/templates/states/inventory-processes.json
View File

@ -2,186 +2,188 @@
"index_patterns": [ "index_patterns": [
"wazuh-states-inventory-processes*" "wazuh-states-inventory-processes*"
], ],
"mappings": { "priority": 1,
"date_detection": false, "template": {
"dynamic": "strict", "settings": {
"properties": { "index": {
"agent": { "number_of_replicas": "0",
"properties": { "number_of_shards": "1",
"groups": { "query.default_field": [
"ignore_above": 1024, "agent.host.architecture",
"type": "keyword" "agent.host.ip",
}, "agent.id",
"host": { "agent.name",
"properties": { "agent.version",
"architecture": { "process.args",
"ignore_above": 1024, "process.args_count",
"type": "keyword" "process.command_line",
}, "process.name",
"hostname": { "process.parent.pid",
"ignore_above": 1024, "process.pid",
"type": "keyword" "process.start",
}, "process.state",
"ip": { "process.stime",
"type": "ip" "process.utime",
}, "state.modified_at",
"os": { "wazuh.cluster.name",
"properties": { "wazuh.cluster.node",
"name": { "wazuh.schema.version"
"ignore_above": 1024, ],
"type": "keyword" "refresh_interval": "2s"
}, }
"platform": { },
"ignore_above": 1024, "mappings": {
"type": "keyword" "date_detection": false,
}, "dynamic": "strict",
"type": { "properties": {
"ignore_above": 1024, "agent": {
"type": "keyword" "properties": {
}, "groups": {
"version": { "ignore_above": 1024,
"ignore_above": 1024, "type": "keyword"
"type": "keyword" },
"host": {
"properties": {
"architecture": {
"ignore_above": 1024,
"type": "keyword"
},
"hostname": {
"ignore_above": 1024,
"type": "keyword"
},
"ip": {
"type": "ip"
},
"os": {
"properties": {
"name": {
"ignore_above": 1024,
"type": "keyword"
},
"platform": {
"ignore_above": 1024,
"type": "keyword"
},
"type": {
"ignore_above": 1024,
"type": "keyword"
},
"version": {
"ignore_above": 1024,
"type": "keyword"
}
} }
} }
} }
},
"id": {
"ignore_above": 1024,
"type": "keyword"
},
"name": {
"ignore_above": 1024,
"type": "keyword"
},
"version": {
"ignore_above": 1024,
"type": "keyword"
} }
},
"id": {
"ignore_above": 1024,
"type": "keyword"
},
"name": {
"ignore_above": 1024,
"type": "keyword"
},
"version": {
"ignore_above": 1024,
"type": "keyword"
} }
} },
}, "checksum": {
"checksum": { "properties": {
"properties": { "hash": {
"hash": { "properties": {
"properties": { "sha1": {
"sha1": { "ignore_above": 1024,
"ignore_above": 1024, "type": "keyword"
"type": "keyword" }
} }
} }
} }
} },
}, "message": {
"message": { "ignore_above": 1024,
"ignore_above": 1024, "type": "keyword"
"type": "keyword" },
}, "process": {
"process": { "properties": {
"properties": { "args": {
"args": { "ignore_above": 1024,
"ignore_above": 1024, "type": "keyword"
"type": "keyword" },
}, "args_count": {
"args_count": { "type": "long"
"type": "long" },
}, "command_line": {
"command_line": { "ignore_above": 1024,
"ignore_above": 1024, "type": "keyword"
"type": "keyword" },
}, "name": {
"name": { "ignore_above": 1024,
"ignore_above": 1024, "type": "keyword"
"type": "keyword" },
}, "parent": {
"parent": { "properties": {
"properties": { "pid": {
"pid": { "type": "long"
"type": "long" }
} }
},
"pid": {
"type": "long"
},
"start": {
"type": "date"
},
"state": {
"ignore_above": 1024,
"type": "keyword"
},
"stime": {
"type": "long"
},
"utime": {
"type": "long"
} }
},
"pid": {
"type": "long"
},
"start": {
"type": "date"
},
"state": {
"ignore_above": 1024,
"type": "keyword"
},
"stime": {
"type": "long"
},
"utime": {
"type": "long"
} }
} },
}, "state": {
"state": { "properties": {
"properties": { "document_version": {
"document_version": { "type": "integer"
"type": "integer" },
}, "modified_at": {
"modified_at": { "type": "date"
"type": "date" }
} }
} },
}, "wazuh": {
"wazuh": { "properties": {
"properties": { "cluster": {
"cluster": { "properties": {
"properties": { "name": {
"name": { "ignore_above": 1024,
"ignore_above": 1024, "type": "keyword"
"type": "keyword" },
}, "node": {
"node": { "ignore_above": 1024,
"ignore_above": 1024, "type": "keyword"
"type": "keyword" }
} }
} },
}, "schema": {
"schema": { "properties": {
"properties": { "version": {
"version": { "ignore_above": 1024,
"ignore_above": 1024, "type": "keyword"
"type": "keyword" }
} }
} }
} }
} }
} }
} }
},
"order": 1,
"settings": {
"index": {
"number_of_replicas": "0",
"number_of_shards": "1",
"query.default_field": [
"agent.host.architecture",
"agent.host.ip",
"agent.id",
"agent.name",
"agent.version",
"process.args",
"process.args_count",
"process.command_line",
"process.name",
"process.parent.pid",
"process.pid",
"process.start",
"process.state",
"process.stime",
"process.utime",
"state.modified_at",
"wazuh.cluster.name",
"wazuh.cluster.node",
"wazuh.schema.version"
],
"refresh_interval": "2s"
}
} }
} }

284
plugins/setup/src/main/resources/templates/states/inventory-protocols.json
View File

@ -2,161 +2,163 @@
"index_patterns": [ "index_patterns": [
"wazuh-states-inventory-protocols*" "wazuh-states-inventory-protocols*"
], ],
"mappings": { "priority": 1,
"date_detection": false, "template": {
"dynamic": "strict", "settings": {
"properties": { "index": {
"agent": { "number_of_replicas": "0",
"properties": { "number_of_shards": "1",
"groups": { "query.default_field": [
"ignore_above": 1024, "agent.host.architecture",
"type": "keyword" "agent.host.ip",
}, "agent.id",
"host": { "agent.name",
"properties": { "agent.version",
"architecture": { "network.type",
"ignore_above": 1024, "interface.name",
"type": "keyword" "state.modified_at",
}, "wazuh.cluster.name",
"hostname": { "wazuh.cluster.node",
"ignore_above": 1024, "wazuh.schema.version"
"type": "keyword" ],
}, "refresh_interval": "2s"
"ip": { }
"type": "ip" },
}, "mappings": {
"os": { "date_detection": false,
"properties": { "dynamic": "strict",
"name": { "properties": {
"ignore_above": 1024, "agent": {
"type": "keyword" "properties": {
}, "groups": {
"platform": { "ignore_above": 1024,
"ignore_above": 1024, "type": "keyword"
"type": "keyword" },
}, "host": {
"type": { "properties": {
"ignore_above": 1024, "architecture": {
"type": "keyword" "ignore_above": 1024,
}, "type": "keyword"
"version": { },
"ignore_above": 1024, "hostname": {
"type": "keyword" "ignore_above": 1024,
"type": "keyword"
},
"ip": {
"type": "ip"
},
"os": {
"properties": {
"name": {
"ignore_above": 1024,
"type": "keyword"
},
"platform": {
"ignore_above": 1024,
"type": "keyword"
},
"type": {
"ignore_above": 1024,
"type": "keyword"
},
"version": {
"ignore_above": 1024,
"type": "keyword"
}
} }
} }
} }
},
"id": {
"ignore_above": 1024,
"type": "keyword"
},
"name": {
"ignore_above": 1024,
"type": "keyword"
},
"version": {
"ignore_above": 1024,
"type": "keyword"
} }
},
"id": {
"ignore_above": 1024,
"type": "keyword"
},
"name": {
"ignore_above": 1024,
"type": "keyword"
},
"version": {
"ignore_above": 1024,
"type": "keyword"
} }
} },
}, "checksum": {
"checksum": { "properties": {
"properties": { "hash": {
"hash": { "properties": {
"properties": { "sha1": {
"sha1": { "ignore_above": 1024,
"ignore_above": 1024, "type": "keyword"
"type": "keyword" }
} }
} }
} }
} },
}, "interface": {
"interface": { "properties": {
"properties": { "name": {
"name": { "ignore_above": 1024,
"ignore_above": 1024, "type": "keyword"
"type": "keyword"
}
}
},
"message": {
"ignore_above": 1024,
"type": "keyword"
},
"network": {
"properties": {
"dhcp": {
"type": "boolean"
},
"gateway": {
"type": "ip"
},
"metric": {
"type": "long"
},
"type": {
"ignore_above": 1024,
"type": "keyword"
}
}
},
"state": {
"properties": {
"document_version": {
"type": "integer"
},
"modified_at": {
"type": "date"
}
}
},
"wazuh": {
"properties": {
"cluster": {
"properties": {
"name": {
"ignore_above": 1024,
"type": "keyword"
},
"node": {
"ignore_above": 1024,
"type": "keyword"
}
} }
}, }
"schema": { },
"properties": { "message": {
"version": { "ignore_above": 1024,
"ignore_above": 1024, "type": "keyword"
"type": "keyword" },
"network": {
"properties": {
"dhcp": {
"type": "boolean"
},
"gateway": {
"type": "ip"
},
"metric": {
"type": "long"
},
"type": {
"ignore_above": 1024,
"type": "keyword"
}
}
},
"state": {
"properties": {
"document_version": {
"type": "integer"
},
"modified_at": {
"type": "date"
}
}
},
"wazuh": {
"properties": {
"cluster": {
"properties": {
"name": {
"ignore_above": 1024,
"type": "keyword"
},
"node": {
"ignore_above": 1024,
"type": "keyword"
}
}
},
"schema": {
"properties": {
"version": {
"ignore_above": 1024,
"type": "keyword"
}
} }
} }
} }
} }
} }
} }
},
"order": 1,
"settings": {
"index": {
"number_of_replicas": "0",
"number_of_shards": "1",
"query.default_field": [
"agent.host.architecture",
"agent.host.ip",
"agent.id",
"agent.name",
"agent.version",
"network.type",
"interface.name",
"state.modified_at",
"wazuh.cluster.name",
"wazuh.cluster.node",
"wazuh.schema.version"
],
"refresh_interval": "2s"
}
} }
} }

570
plugins/setup/src/main/resources/templates/states/inventory-services.json
View File

@ -2,321 +2,323 @@
"index_patterns": [ "index_patterns": [
"wazuh-states-inventory-services*" "wazuh-states-inventory-services*"
], ],
"mappings": { "priority": 1,
"date_detection": false, "template": {
"dynamic": "strict", "settings": {
"properties": { "index": {
"agent": { "number_of_replicas": "0",
"properties": { "number_of_shards": "1",
"groups": { "query.default_field": [
"ignore_above": 1024, "agent.host.architecture",
"type": "keyword" "agent.host.ip",
}, "agent.id",
"host": { "agent.name",
"properties": { "agent.version",
"architecture": { "service.name",
"ignore_above": 1024, "service.id",
"type": "keyword" "service.description",
}, "service.enabled",
"hostname": { "service.restart",
"ignore_above": 1024, "service.state",
"type": "keyword" "service.sub_state",
}, "service.type",
"ip": { "service.start_type",
"type": "ip" "process.executable",
}, "file.path",
"os": { "log.file.path",
"properties": { "error.log.file.path",
"name": { "process.args",
"ignore_above": 1024, "process.user.name",
"type": "keyword" "process.group.name",
}, "service.address",
"platform": { "state.modified_at",
"ignore_above": 1024, "wazuh.cluster.name",
"type": "keyword" "wazuh.cluster.node",
}, "wazuh.schema.version"
"type": { ],
"ignore_above": 1024, "refresh_interval": "2s"
"type": "keyword" }
}, },
"version": { "mappings": {
"ignore_above": 1024, "date_detection": false,
"type": "keyword" "dynamic": "strict",
"properties": {
"agent": {
"properties": {
"groups": {
"ignore_above": 1024,
"type": "keyword"
},
"host": {
"properties": {
"architecture": {
"ignore_above": 1024,
"type": "keyword"
},
"hostname": {
"ignore_above": 1024,
"type": "keyword"
},
"ip": {
"type": "ip"
},
"os": {
"properties": {
"name": {
"ignore_above": 1024,
"type": "keyword"
},
"platform": {
"ignore_above": 1024,
"type": "keyword"
},
"type": {
"ignore_above": 1024,
"type": "keyword"
},
"version": {
"ignore_above": 1024,
"type": "keyword"
}
} }
} }
} }
},
"id": {
"ignore_above": 1024,
"type": "keyword"
},
"name": {
"ignore_above": 1024,
"type": "keyword"
},
"version": {
"ignore_above": 1024,
"type": "keyword"
} }
},
"id": {
"ignore_above": 1024,
"type": "keyword"
},
"name": {
"ignore_above": 1024,
"type": "keyword"
},
"version": {
"ignore_above": 1024,
"type": "keyword"
} }
} },
}, "checksum": {
"checksum": { "properties": {
"properties": { "hash": {
"hash": { "properties": {
"properties": { "sha1": {
"sha1": { "ignore_above": 1024,
"ignore_above": 1024, "type": "keyword"
"type": "keyword" }
} }
} }
} }
} },
}, "error": {
"error": { "properties": {
"properties": { "log": {
"log": { "properties": {
"properties": { "file": {
"file": { "properties": {
"properties": { "path": {
"path": { "ignore_above": 1024,
"ignore_above": 1024, "type": "keyword"
"type": "keyword" }
} }
} }
} }
} }
} }
} },
}, "file": {
"file": { "properties": {
"properties": { "path": {
"path": { "ignore_above": 1024,
"ignore_above": 1024, "type": "keyword"
"type": "keyword" }
} }
} },
}, "log": {
"log": { "properties": {
"properties": { "file": {
"file": { "properties": {
"properties": { "path": {
"path": { "ignore_above": 1024,
"ignore_above": 1024, "type": "keyword"
"type": "keyword" }
} }
} }
} }
} },
}, "message": {
"message": { "ignore_above": 1024,
"ignore_above": 1024, "type": "keyword"
"type": "keyword" },
}, "process": {
"process": { "properties": {
"properties": { "args": {
"args": { "ignore_above": 1024,
"ignore_above": 1024, "type": "keyword"
"type": "keyword" },
}, "executable": {
"executable": { "ignore_above": 1024,
"ignore_above": 1024, "type": "keyword"
"type": "keyword" },
}, "group": {
"group": { "properties": {
"properties": { "name": {
"name": { "ignore_above": 1024,
"ignore_above": 1024, "type": "keyword"
"type": "keyword" }
} }
} },
}, "pid": {
"pid": { "type": "long"
"type": "long" },
}, "root_directory": {
"root_directory": { "ignore_above": 1024,
"ignore_above": 1024, "type": "keyword"
"type": "keyword" },
}, "user": {
"user": { "properties": {
"properties": { "name": {
"name": { "ignore_above": 1024,
"ignore_above": 1024, "type": "keyword"
"type": "keyword" }
} }
},
"working_directory": {
"ignore_above": 1024,
"type": "keyword"
} }
},
"working_directory": {
"ignore_above": 1024,
"type": "keyword"
} }
} },
}, "service": {
"service": { "properties": {
"properties": { "address": {
"address": { "ignore_above": 1024,
"ignore_above": 1024, "type": "keyword"
"type": "keyword" },
}, "description": {
"description": { "ignore_above": 1024,
"ignore_above": 1024, "type": "keyword"
"type": "keyword" },
}, "enabled": {
"enabled": { "ignore_above": 1024,
"ignore_above": 1024, "type": "keyword"
"type": "keyword" },
}, "exit_code": {
"exit_code": { "type": "integer"
"type": "integer" },
}, "following": {
"following": { "ignore_above": 1024,
"ignore_above": 1024, "type": "keyword"
"type": "keyword" },
}, "frequency": {
"frequency": { "type": "long"
"type": "long" },
}, "id": {
"id": { "ignore_above": 1024,
"ignore_above": 1024, "type": "keyword"
"type": "keyword" },
}, "inetd_compatibility": {
"inetd_compatibility": { "type": "boolean"
"type": "boolean" },
}, "name": {
"name": { "ignore_above": 1024,
"ignore_above": 1024, "type": "keyword"
"type": "keyword" },
}, "object_path": {
"object_path": { "ignore_above": 1024,
"ignore_above": 1024, "type": "keyword"
"type": "keyword" },
}, "restart": {
"restart": { "ignore_above": 1024,
"ignore_above": 1024, "type": "keyword"
"type": "keyword" },
}, "start_type": {
"start_type": { "ignore_above": 1024,
"ignore_above": 1024, "type": "keyword"
"type": "keyword" },
}, "starts": {
"starts": { "properties": {
"properties": { "on_mount": {
"on_mount": { "type": "boolean"
"type": "boolean" },
}, "on_not_empty_directory": {
"on_not_empty_directory": { "ignore_above": 1024,
"ignore_above": 1024, "type": "keyword"
"type": "keyword" },
}, "on_path_modified": {
"on_path_modified": { "ignore_above": 1024,
"ignore_above": 1024, "type": "keyword"
"type": "keyword" }
} }
} },
}, "state": {
"state": { "ignore_above": 1024,
"ignore_above": 1024, "type": "keyword"
"type": "keyword" },
}, "sub_state": {
"sub_state": { "ignore_above": 1024,
"ignore_above": 1024, "type": "keyword"
"type": "keyword" },
}, "target": {
"target": { "properties": {
"properties": { "address": {
"address": { "ignore_above": 1024,
"ignore_above": 1024, "type": "keyword"
"type": "keyword" },
}, "ephemeral_id": {
"ephemeral_id": { "ignore_above": 1024,
"ignore_above": 1024, "type": "keyword"
"type": "keyword" },
}, "type": {
"type": { "ignore_above": 1024,
"ignore_above": 1024, "type": "keyword"
"type": "keyword" }
} }
},
"type": {
"ignore_above": 1024,
"type": "keyword"
},
"win32_exit_code": {
"type": "integer"
} }
},
"type": {
"ignore_above": 1024,
"type": "keyword"
},
"win32_exit_code": {
"type": "integer"
} }
} },
}, "state": {
"state": { "properties": {
"properties": { "document_version": {
"document_version": { "type": "integer"
"type": "integer" },
}, "modified_at": {
"modified_at": { "type": "date"
"type": "date"
}
}
},
"wazuh": {
"properties": {
"cluster": {
"properties": {
"name": {
"ignore_above": 1024,
"type": "keyword"
},
"node": {
"ignore_above": 1024,
"type": "keyword"
}
} }
}, }
"schema": { },
"properties": { "wazuh": {
"version": { "properties": {
"ignore_above": 1024, "cluster": {
"type": "keyword" "properties": {
"name": {
"ignore_above": 1024,
"type": "keyword"
},
"node": {
"ignore_above": 1024,
"type": "keyword"
}
}
},
"schema": {
"properties": {
"version": {
"ignore_above": 1024,
"type": "keyword"
}
} }
} }
} }
} }
} }
} }
},
"order": 1,
"settings": {
"index": {
"number_of_replicas": "0",
"number_of_shards": "1",
"query.default_field": [
"agent.host.architecture",
"agent.host.ip",
"agent.id",
"agent.name",
"agent.version",
"service.name",
"service.id",
"service.description",
"service.enabled",
"service.restart",
"service.state",
"service.sub_state",
"service.type",
"service.start_type",
"process.executable",
"file.path",
"log.file.path",
"error.log.file.path",
"process.args",
"process.user.name",
"process.group.name",
"service.address",
"state.modified_at",
"wazuh.cluster.name",
"wazuh.cluster.node",
"wazuh.schema.version"
],
"refresh_interval": "2s"
}
} }
} }

416
plugins/setup/src/main/resources/templates/states/inventory-system.json
View File

@ -2,230 +2,232 @@
"index_patterns": [ "index_patterns": [
"wazuh-states-inventory-system*" "wazuh-states-inventory-system*"
], ],
"mappings": { "priority": 1,
"date_detection": false, "template": {
"dynamic": "strict", "settings": {
"properties": { "index": {
"agent": { "number_of_replicas": "0",
"properties": { "number_of_shards": "1",
"groups": { "query.default_field": [
"ignore_above": 1024, "agent.host.architecture",
"type": "keyword" "agent.host.ip",
}, "agent.id",
"host": { "agent.name",
"properties": { "agent.version",
"architecture": { "host.architecture",
"ignore_above": 1024, "host.hostname",
"type": "keyword" "host.os.build",
}, "host.os.codename",
"hostname": { "host.os.distribution.release",
"ignore_above": 1024, "host.os.full",
"type": "keyword" "host.os.kernel.name",
}, "host.os.kernel.release",
"ip": { "host.os.kernel.version",
"type": "ip" "host.os.major",
}, "host.os.minor",
"os": { "host.os.name",
"properties": { "host.os.patch",
"name": { "host.os.platform",
"ignore_above": 1024, "host.os.type",
"type": "keyword" "host.os.version",
}, "state.modified_at",
"platform": { "wazuh.cluster.name",
"ignore_above": 1024, "wazuh.cluster.node",
"type": "keyword" "wazuh.schema.version"
}, ],
"type": { "refresh_interval": "2s"
"ignore_above": 1024, }
"type": "keyword" },
}, "mappings": {
"version": { "date_detection": false,
"ignore_above": 1024, "dynamic": "strict",
"type": "keyword" "properties": {
"agent": {
"properties": {
"groups": {
"ignore_above": 1024,
"type": "keyword"
},
"host": {
"properties": {
"architecture": {
"ignore_above": 1024,
"type": "keyword"
},
"hostname": {
"ignore_above": 1024,
"type": "keyword"
},
"ip": {
"type": "ip"
},
"os": {
"properties": {
"name": {
"ignore_above": 1024,
"type": "keyword"
},
"platform": {
"ignore_above": 1024,
"type": "keyword"
},
"type": {
"ignore_above": 1024,
"type": "keyword"
},
"version": {
"ignore_above": 1024,
"type": "keyword"
}
} }
} }
} }
} },
}, "id": {
"id": { "ignore_above": 1024,
"ignore_above": 1024, "type": "keyword"
"type": "keyword" },
}, "name": {
"name": { "ignore_above": 1024,
"ignore_above": 1024, "type": "keyword"
"type": "keyword" },
}, "version": {
"version": { "ignore_above": 1024,
"ignore_above": 1024, "type": "keyword"
"type": "keyword"
}
}
},
"checksum": {
"properties": {
"hash": {
"properties": {
"sha1": {
"ignore_above": 1024,
"type": "keyword"
}
} }
} }
} },
}, "checksum": {
"host": { "properties": {
"properties": { "hash": {
"architecture": { "properties": {
"ignore_above": 1024, "sha1": {
"type": "keyword" "ignore_above": 1024,
}, "type": "keyword"
"hostname": {
"ignore_above": 1024,
"type": "keyword"
},
"os": {
"properties": {
"build": {
"ignore_above": 1024,
"type": "keyword"
},
"codename": {
"ignore_above": 1024,
"type": "keyword"
},
"distribution": {
"properties": {
"release": {
"ignore_above": 1024,
"type": "keyword"
}
} }
}, }
"full": { }
"ignore_above": 1024, }
"type": "keyword" },
}, "host": {
"kernel": { "properties": {
"properties": { "architecture": {
"name": { "ignore_above": 1024,
"ignore_above": 1024, "type": "keyword"
"type": "keyword" },
}, "hostname": {
"release": { "ignore_above": 1024,
"ignore_above": 1024, "type": "keyword"
"type": "keyword" },
}, "os": {
"version": { "properties": {
"ignore_above": 1024, "build": {
"type": "keyword" "ignore_above": 1024,
"type": "keyword"
},
"codename": {
"ignore_above": 1024,
"type": "keyword"
},
"distribution": {
"properties": {
"release": {
"ignore_above": 1024,
"type": "keyword"
}
} }
},
"full": {
"ignore_above": 1024,
"type": "keyword"
},
"kernel": {
"properties": {
"name": {
"ignore_above": 1024,
"type": "keyword"
},
"release": {
"ignore_above": 1024,
"type": "keyword"
},
"version": {
"ignore_above": 1024,
"type": "keyword"
}
}
},
"major": {
"ignore_above": 1024,
"type": "keyword"
},
"minor": {
"ignore_above": 1024,
"type": "keyword"
},
"name": {
"ignore_above": 1024,
"type": "keyword"
},
"patch": {
"ignore_above": 1024,
"type": "keyword"
},
"platform": {
"ignore_above": 1024,
"type": "keyword"
},
"type": {
"ignore_above": 1024,
"type": "keyword"
},
"version": {
"ignore_above": 1024,
"type": "keyword"
} }
},
"major": {
"ignore_above": 1024,
"type": "keyword"
},
"minor": {
"ignore_above": 1024,
"type": "keyword"
},
"name": {
"ignore_above": 1024,
"type": "keyword"
},
"patch": {
"ignore_above": 1024,
"type": "keyword"
},
"platform": {
"ignore_above": 1024,
"type": "keyword"
},
"type": {
"ignore_above": 1024,
"type": "keyword"
},
"version": {
"ignore_above": 1024,
"type": "keyword"
} }
} }
} }
} },
}, "message": {
"message": { "ignore_above": 1024,
"ignore_above": 1024, "type": "keyword"
"type": "keyword" },
}, "state": {
"state": { "properties": {
"properties": { "document_version": {
"document_version": { "type": "integer"
"type": "integer" },
}, "modified_at": {
"modified_at": { "type": "date"
"type": "date"
}
}
},
"wazuh": {
"properties": {
"cluster": {
"properties": {
"name": {
"ignore_above": 1024,
"type": "keyword"
},
"node": {
"ignore_above": 1024,
"type": "keyword"
}
} }
}, }
"schema": { },
"properties": { "wazuh": {
"version": { "properties": {
"ignore_above": 1024, "cluster": {
"type": "keyword" "properties": {
"name": {
"ignore_above": 1024,
"type": "keyword"
},
"node": {
"ignore_above": 1024,
"type": "keyword"
}
}
},
"schema": {
"properties": {
"version": {
"ignore_above": 1024,
"type": "keyword"
}
} }
} }
} }
} }
} }
} }
},
"order": 1,
"settings": {
"index": {
"number_of_replicas": "0",
"number_of_shards": "1",
"query.default_field": [
"agent.host.architecture",
"agent.host.ip",
"agent.id",
"agent.name",
"agent.version",
"host.architecture",
"host.hostname",
"host.os.build",
"host.os.codename",
"host.os.distribution.release",
"host.os.full",
"host.os.kernel.name",
"host.os.kernel.release",
"host.os.kernel.version",
"host.os.major",
"host.os.minor",
"host.os.name",
"host.os.patch",
"host.os.platform",
"host.os.type",
"host.os.version",
"state.modified_at",
"wazuh.cluster.name",
"wazuh.cluster.node",
"wazuh.schema.version"
],
"refresh_interval": "2s"
}
} }
} }

530
plugins/setup/src/main/resources/templates/states/inventory-users.json
View File

@ -2,286 +2,288 @@
"index_patterns": [ "index_patterns": [
"wazuh-states-inventory-users*" "wazuh-states-inventory-users*"
], ],
"mappings": { "priority": 1,
"date_detection": false, "template": {
"dynamic": "strict", "settings": {
"properties": { "index": {
"agent": { "number_of_replicas": "0",
"properties": { "number_of_shards": "1",
"groups": { "query.default_field": [
"ignore_above": 1024, "user.id",
"type": "keyword" "user.name",
}, "user.home",
"host": { "user.type",
"properties": { "user.created",
"architecture": { "user.groups",
"ignore_above": 1024, "user.uuid",
"type": "keyword" "user.auth_failures.timestamp",
}, "user.auth_failures.count",
"hostname": { "user.group.id_signed",
"ignore_above": 1024, "user.login.status",
"type": "keyword" "user.login.type",
}, "user.login.tty",
"ip": { "user.password.status",
"type": "ip" "user.password.last_change",
}, "user.password.expiration_date",
"os": { "user.roles",
"properties": { "user.last_login",
"name": { "process.pid",
"ignore_above": 1024, "host.ip",
"type": "keyword" "state.modified_at",
}, "wazuh.cluster.name",
"platform": { "wazuh.cluster.node",
"ignore_above": 1024, "wazuh.schema.version"
"type": "keyword" ],
}, "refresh_interval": "2s"
"type": { }
"ignore_above": 1024, },
"type": "keyword" "mappings": {
}, "date_detection": false,
"version": { "dynamic": "strict",
"ignore_above": 1024, "properties": {
"type": "keyword" "agent": {
"properties": {
"groups": {
"ignore_above": 1024,
"type": "keyword"
},
"host": {
"properties": {
"architecture": {
"ignore_above": 1024,
"type": "keyword"
},
"hostname": {
"ignore_above": 1024,
"type": "keyword"
},
"ip": {
"type": "ip"
},
"os": {
"properties": {
"name": {
"ignore_above": 1024,
"type": "keyword"
},
"platform": {
"ignore_above": 1024,
"type": "keyword"
},
"type": {
"ignore_above": 1024,
"type": "keyword"
},
"version": {
"ignore_above": 1024,
"type": "keyword"
}
} }
} }
} }
},
"id": {
"ignore_above": 1024,
"type": "keyword"
},
"name": {
"ignore_above": 1024,
"type": "keyword"
},
"version": {
"ignore_above": 1024,
"type": "keyword"
} }
},
"id": {
"ignore_above": 1024,
"type": "keyword"
},
"name": {
"ignore_above": 1024,
"type": "keyword"
},
"version": {
"ignore_above": 1024,
"type": "keyword"
} }
} },
}, "checksum": {
"checksum": { "properties": {
"properties": { "hash": {
"hash": { "properties": {
"properties": { "sha1": {
"sha1": { "ignore_above": 1024,
"ignore_above": 1024, "type": "keyword"
"type": "keyword" }
} }
} }
} }
} },
}, "host": {
"host": { "properties": {
"properties": { "ip": {
"ip": { "type": "ip"
"type": "ip"
}
}
},
"login": {
"properties": {
"status": {
"type": "boolean"
},
"tty": {
"ignore_above": 1024,
"type": "keyword"
},
"type": {
"ignore_above": 1024,
"type": "keyword"
}
}
},
"message": {
"ignore_above": 1024,
"type": "keyword"
},
"process": {
"properties": {
"pid": {
"type": "long"
}
}
},
"state": {
"properties": {
"document_version": {
"type": "integer"
},
"modified_at": {
"type": "date"
}
}
},
"user": {
"properties": {
"auth_failures": {
"properties": {
"count": {
"type": "integer"
},
"timestamp": {
"type": "date"
}
} }
},
"created": {
"type": "date"
},
"full_name": {
"ignore_above": 1024,
"type": "keyword"
},
"group": {
"properties": {
"id": {
"type": "unsigned_long"
},
"id_signed": {
"type": "long"
}
}
},
"groups": {
"ignore_above": 1024,
"type": "keyword"
},
"home": {
"ignore_above": 1024,
"type": "keyword"
},
"id": {
"ignore_above": 1024,
"type": "keyword"
},
"is_hidden": {
"type": "boolean"
},
"is_remote": {
"type": "boolean"
},
"last_login": {
"type": "date"
},
"name": {
"ignore_above": 1024,
"type": "keyword"
},
"password": {
"properties": {
"expiration_date": {
"type": "date"
},
"hash_algorithm": {
"ignore_above": 1024,
"type": "keyword"
},
"inactive_days": {
"type": "integer"
},
"last_change": {
"type": "integer"
},
"last_set_time": {
"type": "date"
},
"max_days_between_changes": {
"type": "integer"
},
"min_days_between_changes": {
"type": "integer"
},
"status": {
"ignore_above": 1024,
"type": "keyword"
},
"warning_days_before_expiration": {
"type": "integer"
}
}
},
"roles": {
"ignore_above": 1024,
"type": "keyword"
},
"shell": {
"ignore_above": 1024,
"type": "keyword"
},
"type": {
"ignore_above": 1024,
"type": "keyword"
},
"uid_signed": {
"type": "long"
},
"uuid": {
"ignore_above": 1024,
"type": "keyword"
} }
} },
}, "login": {
"wazuh": { "properties": {
"properties": { "status": {
"cluster": { "type": "boolean"
"properties": { },
"name": { "tty": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword"
}, },
"node": { "type": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword"
}
} }
}, }
"schema": { },
"properties": { "message": {
"version": { "ignore_above": 1024,
"ignore_above": 1024, "type": "keyword"
"type": "keyword" },
"process": {
"properties": {
"pid": {
"type": "long"
}
}
},
"state": {
"properties": {
"document_version": {
"type": "integer"
},
"modified_at": {
"type": "date"
}
}
},
"user": {
"properties": {
"auth_failures": {
"properties": {
"count": {
"type": "integer"
},
"timestamp": {
"type": "date"
}
}
},
"created": {
"type": "date"
},
"full_name": {
"ignore_above": 1024,
"type": "keyword"
},
"group": {
"properties": {
"id": {
"type": "unsigned_long"
},
"id_signed": {
"type": "long"
}
}
},
"groups": {
"ignore_above": 1024,
"type": "keyword"
},
"home": {
"ignore_above": 1024,
"type": "keyword"
},
"id": {
"ignore_above": 1024,
"type": "keyword"
},
"is_hidden": {
"type": "boolean"
},
"is_remote": {
"type": "boolean"
},
"last_login": {
"type": "date"
},
"name": {
"ignore_above": 1024,
"type": "keyword"
},
"password": {
"properties": {
"expiration_date": {
"type": "date"
},
"hash_algorithm": {
"ignore_above": 1024,
"type": "keyword"
},
"inactive_days": {
"type": "integer"
},
"last_change": {
"type": "integer"
},
"last_set_time": {
"type": "date"
},
"max_days_between_changes": {
"type": "integer"
},
"min_days_between_changes": {
"type": "integer"
},
"status": {
"ignore_above": 1024,
"type": "keyword"
},
"warning_days_before_expiration": {
"type": "integer"
}
}
},
"roles": {
"ignore_above": 1024,
"type": "keyword"
},
"shell": {
"ignore_above": 1024,
"type": "keyword"
},
"type": {
"ignore_above": 1024,
"type": "keyword"
},
"uid_signed": {
"type": "long"
},
"uuid": {
"ignore_above": 1024,
"type": "keyword"
}
}
},
"wazuh": {
"properties": {
"cluster": {
"properties": {
"name": {
"ignore_above": 1024,
"type": "keyword"
},
"node": {
"ignore_above": 1024,
"type": "keyword"
}
}
},
"schema": {
"properties": {
"version": {
"ignore_above": 1024,
"type": "keyword"
}
} }
} }
} }
} }
} }
} }
},
"order": 1,
"settings": {
"index": {
"number_of_replicas": "0",
"number_of_shards": "1",
"query.default_field": [
"user.id",
"user.name",
"user.home",
"user.type",
"user.created",
"user.groups",
"user.uuid",
"user.auth_failures.timestamp",
"user.auth_failures.count",
"user.group.id_signed",
"user.login.status",
"user.login.type",
"user.login.tty",
"user.password.status",
"user.password.last_change",
"user.password.expiration_date",
"user.roles",
"user.last_login",
"process.pid",
"host.ip",
"state.modified_at",
"wazuh.cluster.name",
"wazuh.cluster.node",
"wazuh.schema.version"
],
"refresh_interval": "2s"
}
} }
} }

384
plugins/setup/src/main/resources/templates/states/sca.json
View File

@ -2,212 +2,214 @@
"index_patterns": [ "index_patterns": [
"wazuh-states-sca*" "wazuh-states-sca*"
], ],
"mappings": { "priority": 1,
"date_detection": false, "template": {
"dynamic": "strict", "settings": {
"properties": { "index": {
"agent": { "number_of_replicas": "0",
"properties": { "number_of_shards": "1",
"groups": { "query.default_field": [
"ignore_above": 1024, "agent.id",
"type": "keyword" "agent.groups",
}, "check.name",
"host": { "check.id",
"properties": { "checksum.hash.sha1",
"architecture": { "host.name",
"ignore_above": 1024, "host.os.type",
"type": "keyword" "host.os.version",
}, "policy.id",
"hostname": { "policy.name",
"ignore_above": 1024, "policy.file",
"type": "keyword" "state.modified_at",
}, "wazuh.cluster.name",
"ip": { "wazuh.cluster.node",
"type": "ip" "wazuh.schema.version"
}, ],
"os": { "refresh_interval": "5s"
"properties": { }
"name": { },
"ignore_above": 1024, "mappings": {
"type": "keyword" "date_detection": false,
}, "dynamic": "strict",
"platform": { "properties": {
"ignore_above": 1024, "agent": {
"type": "keyword" "properties": {
}, "groups": {
"type": { "ignore_above": 1024,
"ignore_above": 1024, "type": "keyword"
"type": "keyword" },
}, "host": {
"version": { "properties": {
"ignore_above": 1024, "architecture": {
"type": "keyword" "ignore_above": 1024,
"type": "keyword"
},
"hostname": {
"ignore_above": 1024,
"type": "keyword"
},
"ip": {
"type": "ip"
},
"os": {
"properties": {
"name": {
"ignore_above": 1024,
"type": "keyword"
},
"platform": {
"ignore_above": 1024,
"type": "keyword"
},
"type": {
"ignore_above": 1024,
"type": "keyword"
},
"version": {
"ignore_above": 1024,
"type": "keyword"
}
} }
} }
} }
},
"id": {
"ignore_above": 1024,
"type": "keyword"
},
"name": {
"ignore_above": 1024,
"type": "keyword"
},
"version": {
"ignore_above": 1024,
"type": "keyword"
} }
},
"id": {
"ignore_above": 1024,
"type": "keyword"
},
"name": {
"ignore_above": 1024,
"type": "keyword"
},
"version": {
"ignore_above": 1024,
"type": "keyword"
} }
} },
}, "check": {
"check": { "properties": {
"properties": { "compliance": {
"compliance": { "ignore_above": 1024,
"ignore_above": 1024, "type": "keyword"
"type": "keyword" },
}, "condition": {
"condition": { "ignore_above": 1024,
"ignore_above": 1024, "type": "keyword"
"type": "keyword" },
}, "description": {
"description": { "ignore_above": 1024,
"ignore_above": 1024, "type": "keyword"
"type": "keyword" },
}, "id": {
"id": { "ignore_above": 1024,
"ignore_above": 1024, "type": "keyword"
"type": "keyword" },
}, "name": {
"name": { "ignore_above": 1024,
"ignore_above": 1024, "type": "keyword"
"type": "keyword" },
}, "rationale": {
"rationale": { "ignore_above": 1024,
"ignore_above": 1024, "type": "keyword"
"type": "keyword" },
}, "reason": {
"reason": { "ignore_above": 1024,
"ignore_above": 1024, "type": "keyword"
"type": "keyword" },
}, "references": {
"references": { "ignore_above": 1024,
"ignore_above": 1024, "type": "keyword"
"type": "keyword" },
}, "remediation": {
"remediation": { "ignore_above": 1024,
"ignore_above": 1024, "type": "keyword"
"type": "keyword" },
}, "result": {
"result": { "ignore_above": 1024,
"ignore_above": 1024, "type": "keyword"
"type": "keyword" },
}, "rules": {
"rules": { "ignore_above": 1024,
"ignore_above": 1024, "type": "keyword"
"type": "keyword" }
} }
} },
}, "checksum": {
"checksum": { "properties": {
"properties": { "hash": {
"hash": { "properties": {
"properties": { "sha1": {
"sha1": { "ignore_above": 1024,
"ignore_above": 1024, "type": "keyword"
"type": "keyword" }
} }
} }
} }
} },
}, "message": {
"message": { "ignore_above": 1024,
"ignore_above": 1024, "type": "keyword"
"type": "keyword" },
}, "policy": {
"policy": { "properties": {
"properties": { "description": {
"description": { "ignore_above": 1024,
"ignore_above": 1024, "type": "keyword"
"type": "keyword" },
}, "file": {
"file": { "ignore_above": 1024,
"ignore_above": 1024, "type": "keyword"
"type": "keyword" },
}, "id": {
"id": { "ignore_above": 1024,
"ignore_above": 1024, "type": "keyword"
"type": "keyword" },
}, "name": {
"name": { "ignore_above": 1024,
"ignore_above": 1024, "type": "keyword"
"type": "keyword" },
}, "references": {
"references": { "ignore_above": 1024,
"ignore_above": 1024, "type": "keyword"
"type": "keyword"
}
}
},
"state": {
"properties": {
"document_version": {
"type": "integer"
},
"modified_at": {
"type": "date"
}
}
},
"wazuh": {
"properties": {
"cluster": {
"properties": {
"name": {
"ignore_above": 1024,
"type": "keyword"
},
"node": {
"ignore_above": 1024,
"type": "keyword"
}
} }
}, }
"schema": { },
"properties": { "state": {
"version": { "properties": {
"ignore_above": 1024, "document_version": {
"type": "keyword" "type": "integer"
},
"modified_at": {
"type": "date"
}
}
},
"wazuh": {
"properties": {
"cluster": {
"properties": {
"name": {
"ignore_above": 1024,
"type": "keyword"
},
"node": {
"ignore_above": 1024,
"type": "keyword"
}
}
},
"schema": {
"properties": {
"version": {
"ignore_above": 1024,
"type": "keyword"
}
} }
} }
} }
} }
} }
} }
},
"order": 1,
"settings": {
"index": {
"number_of_replicas": "0",
"number_of_shards": "1",
"query.default_field": [
"agent.id",
"agent.groups",
"check.name",
"check.id",
"checksum.hash.sha1",
"host.name",
"host.os.type",
"host.os.version",
"policy.id",
"policy.name",
"policy.file",
"state.modified_at",
"wazuh.cluster.name",
"wazuh.cluster.node",
"wazuh.schema.version"
],
"refresh_interval": "5s"
}
} }
} }

622
plugins/setup/src/main/resources/templates/states/vulnerabilities.json
View File

@ -2,336 +2,338 @@
"index_patterns": [ "index_patterns": [
"wazuh-states-vulnerabilities*" "wazuh-states-vulnerabilities*"
], ],
"mappings": { "priority": 1,
"date_detection": false, "template": {
"dynamic": "strict", "settings": {
"properties": { "index": {
"agent": { "auto_expand_replicas": "0-1",
"properties": { "codec": "best_compression",
"build": { "number_of_replicas": "0",
"properties": { "number_of_shards": "1",
"original": { "query.default_field": [
"ignore_above": 1024, "agent.host.architecture",
"type": "keyword" "agent.host.ip",
"agent.id",
"agent.name",
"agent.version",
"package.architecture",
"package.category",
"package.description",
"package.installed",
"package.multiarch",
"package.name",
"package.path",
"package.priority",
"package.size",
"package.source",
"package.type",
"package.vendor",
"package.version",
"vulnerability.id",
"vulnerability.description",
"vulnerability.severity",
"state.modified_at",
"wazuh.cluster.name",
"wazuh.cluster.node",
"wazuh.schema.version"
],
"refresh_interval": "2s"
}
},
"mappings": {
"date_detection": false,
"dynamic": "strict",
"properties": {
"agent": {
"properties": {
"build": {
"properties": {
"original": {
"ignore_above": 1024,
"type": "keyword"
}
} }
} },
}, "ephemeral_id": {
"ephemeral_id": { "ignore_above": 1024,
"ignore_above": 1024, "type": "keyword"
"type": "keyword" },
}, "groups": {
"groups": { "ignore_above": 1024,
"ignore_above": 1024, "type": "keyword"
"type": "keyword" },
}, "host": {
"host": { "properties": {
"properties": { "architecture": {
"architecture": { "ignore_above": 1024,
"ignore_above": 1024, "type": "keyword"
"type": "keyword" },
}, "hostname": {
"hostname": { "ignore_above": 1024,
"ignore_above": 1024, "type": "keyword"
"type": "keyword" },
}, "ip": {
"ip": { "type": "ip"
"type": "ip" },
}, "os": {
"os": { "properties": {
"properties": { "name": {
"name": { "ignore_above": 1024,
"ignore_above": 1024, "type": "keyword"
"type": "keyword" },
}, "platform": {
"platform": { "ignore_above": 1024,
"ignore_above": 1024, "type": "keyword"
"type": "keyword" },
}, "type": {
"type": { "ignore_above": 1024,
"ignore_above": 1024, "type": "keyword"
"type": "keyword" },
}, "version": {
"version": { "ignore_above": 1024,
"ignore_above": 1024, "type": "keyword"
"type": "keyword" }
} }
} }
} }
},
"id": {
"ignore_above": 1024,
"type": "keyword"
},
"name": {
"ignore_above": 1024,
"type": "keyword"
},
"type": {
"ignore_above": 1024,
"type": "keyword"
},
"version": {
"ignore_above": 1024,
"type": "keyword"
} }
},
"id": {
"ignore_above": 1024,
"type": "keyword"
},
"name": {
"ignore_above": 1024,
"type": "keyword"
},
"type": {
"ignore_above": 1024,
"type": "keyword"
},
"version": {
"ignore_above": 1024,
"type": "keyword"
} }
} },
}, "checksum": {
"checksum": { "properties": {
"properties": { "hash": {
"hash": { "properties": {
"properties": { "sha1": {
"sha1": { "ignore_above": 1024,
"ignore_above": 1024, "type": "keyword"
"type": "keyword" }
} }
} }
} }
} },
}, "host": {
"host": { "properties": {
"properties": { "os": {
"os": { "properties": {
"properties": { "full": {
"full": { "ignore_above": 1024,
"ignore_above": 1024, "type": "keyword"
"type": "keyword" },
}, "kernel": {
"kernel": { "ignore_above": 1024,
"ignore_above": 1024, "type": "keyword"
"type": "keyword" },
}, "name": {
"name": { "ignore_above": 1024,
"ignore_above": 1024, "type": "keyword"
"type": "keyword" },
}, "platform": {
"platform": { "ignore_above": 1024,
"ignore_above": 1024, "type": "keyword"
"type": "keyword" },
}, "type": {
"type": { "ignore_above": 1024,
"ignore_above": 1024, "type": "keyword"
"type": "keyword" },
}, "version": {
"version": { "ignore_above": 1024,
"ignore_above": 1024, "type": "keyword"
"type": "keyword" }
} }
} }
} }
} },
}, "message": {
"message": { "ignore_above": 1024,
"ignore_above": 1024, "type": "keyword"
"type": "keyword" },
}, "package": {
"package": { "properties": {
"properties": { "architecture": {
"architecture": { "ignore_above": 1024,
"ignore_above": 1024, "type": "keyword"
"type": "keyword" },
}, "build_version": {
"build_version": { "ignore_above": 1024,
"ignore_above": 1024, "type": "keyword"
"type": "keyword" },
}, "checksum": {
"checksum": { "ignore_above": 1024,
"ignore_above": 1024, "type": "keyword"
"type": "keyword" },
}, "description": {
"description": { "ignore_above": 1024,
"ignore_above": 1024, "type": "keyword"
"type": "keyword" },
}, "install_scope": {
"install_scope": { "ignore_above": 1024,
"ignore_above": 1024, "type": "keyword"
"type": "keyword" },
}, "installed": {
"installed": { "type": "date"
"type": "date" },
}, "license": {
"license": { "ignore_above": 1024,
"ignore_above": 1024, "type": "keyword"
"type": "keyword" },
}, "name": {
"name": { "ignore_above": 1024,
"ignore_above": 1024, "type": "keyword"
"type": "keyword" },
}, "path": {
"path": { "ignore_above": 1024,
"ignore_above": 1024, "type": "keyword"
"type": "keyword" },
}, "reference": {
"reference": { "ignore_above": 1024,
"ignore_above": 1024, "type": "keyword"
"type": "keyword" },
}, "size": {
"size": { "type": "long"
"type": "long" },
}, "type": {
"type": { "ignore_above": 1024,
"ignore_above": 1024, "type": "keyword"
"type": "keyword" },
}, "version": {
"version": { "ignore_above": 1024,
"ignore_above": 1024, "type": "keyword"
"type": "keyword"
}
}
},
"state": {
"properties": {
"document_version": {
"type": "integer"
},
"modified_at": {
"type": "date"
}
}
},
"vulnerability": {
"properties": {
"category": {
"ignore_above": 1024,
"type": "keyword"
},
"classification": {
"ignore_above": 1024,
"type": "keyword"
},
"description": {
"ignore_above": 1024,
"type": "keyword"
},
"detected_at": {
"type": "date"
},
"enumeration": {
"ignore_above": 1024,
"type": "keyword"
},
"id": {
"ignore_above": 1024,
"type": "keyword"
},
"published_at": {
"type": "date"
},
"reference": {
"ignore_above": 1024,
"type": "keyword"
},
"report_id": {
"ignore_above": 1024,
"type": "keyword"
},
"scanner": {
"properties": {
"condition": {
"ignore_above": 1024,
"type": "keyword"
},
"reference": {
"ignore_above": 1024,
"type": "keyword"
},
"source": {
"ignore_above": 1024,
"type": "keyword"
},
"vendor": {
"ignore_above": 1024,
"type": "keyword"
}
} }
},
"score": {
"properties": {
"base": {
"type": "float"
},
"environmental": {
"type": "float"
},
"temporal": {
"type": "float"
},
"version": {
"ignore_above": 1024,
"type": "keyword"
}
}
},
"severity": {
"ignore_above": 1024,
"type": "keyword"
},
"under_evaluation": {
"type": "boolean"
} }
} },
}, "state": {
"wazuh": { "properties": {
"properties": { "document_version": {
"cluster": { "type": "integer"
"properties": { },
"name": { "modified_at": {
"ignore_above": 1024, "type": "date"
"type": "keyword"
},
"node": {
"ignore_above": 1024,
"type": "keyword"
}
} }
}, }
"schema": { },
"properties": { "vulnerability": {
"version": { "properties": {
"ignore_above": 1024, "category": {
"type": "keyword" "ignore_above": 1024,
"type": "keyword"
},
"classification": {
"ignore_above": 1024,
"type": "keyword"
},
"description": {
"ignore_above": 1024,
"type": "keyword"
},
"detected_at": {
"type": "date"
},
"enumeration": {
"ignore_above": 1024,
"type": "keyword"
},
"id": {
"ignore_above": 1024,
"type": "keyword"
},
"published_at": {
"type": "date"
},
"reference": {
"ignore_above": 1024,
"type": "keyword"
},
"report_id": {
"ignore_above": 1024,
"type": "keyword"
},
"scanner": {
"properties": {
"condition": {
"ignore_above": 1024,
"type": "keyword"
},
"reference": {
"ignore_above": 1024,
"type": "keyword"
},
"source": {
"ignore_above": 1024,
"type": "keyword"
},
"vendor": {
"ignore_above": 1024,
"type": "keyword"
}
}
},
"score": {
"properties": {
"base": {
"type": "float"
},
"environmental": {
"type": "float"
},
"temporal": {
"type": "float"
},
"version": {
"ignore_above": 1024,
"type": "keyword"
}
}
},
"severity": {
"ignore_above": 1024,
"type": "keyword"
},
"under_evaluation": {
"type": "boolean"
}
}
},
"wazuh": {
"properties": {
"cluster": {
"properties": {
"name": {
"ignore_above": 1024,
"type": "keyword"
},
"node": {
"ignore_above": 1024,
"type": "keyword"
}
}
},
"schema": {
"properties": {
"version": {
"ignore_above": 1024,
"type": "keyword"
}
} }
} }
} }
} }
} }
} }
},
"order": 1,
"settings": {
"index": {
"auto_expand_replicas": "0-1",
"codec": "best_compression",
"number_of_replicas": "0",
"number_of_shards": "1",
"query.default_field": [
"agent.host.architecture",
"agent.host.ip",
"agent.id",
"agent.name",
"agent.version",
"package.architecture",
"package.category",
"package.description",
"package.installed",
"package.multiarch",
"package.name",
"package.path",
"package.priority",
"package.size",
"package.source",
"package.type",
"package.vendor",
"package.version",
"vulnerability.id",
"vulnerability.description",
"vulnerability.severity",
"state.modified_at",
"wazuh.cluster.name",
"wazuh.cluster.node",
"wazuh.schema.version"
],
"refresh_interval": "2s"
}
} }
} }

480
plugins/setup/src/main/resources/templates/statistics.json
View File

@ -1,254 +1,256 @@
{ {
"order": 1,
"index_patterns": [ "index_patterns": [
"wazuh-statistics*" "wazuh-statistics*"
], ],
"settings": { "priority": 1,
"index": { "template": {
"number_of_replicas": "0", "settings": {
"number_of_shards": "1", "index": {
"refresh_interval": "5s" "number_of_replicas": "0",
} "number_of_shards": "1",
}, "refresh_interval": "5s"
"mappings" : {
"dynamic_templates" : [
{
"string_as_keyword" : {
"match_mapping_type" : "string",
"mapping" : {
"type" : "keyword"
}
}
} }
], },
"properties" : { "mappings" : {
"analysisd" : { "dynamic_templates" : [
"properties" : { {
"alerts_queue_size" : { "string_as_keyword" : {
"type" : "long" "match_mapping_type" : "string",
}, "mapping" : {
"alerts_queue_usage" : { "type" : "keyword"
"type" : "long" }
},
"alerts_written" : {
"type" : "long"
},
"archives_queue_size" : {
"type" : "long"
},
"archives_queue_usage" : {
"type" : "long"
},
"dbsync_mdps" : {
"type" : "long"
},
"dbsync_messages_dispatched" : {
"type" : "long"
},
"dbsync_queue_size" : {
"type" : "long"
},
"dbsync_queue_usage" : {
"type" : "long"
},
"event_queue_size" : {
"type" : "long"
},
"event_queue_usage" : {
"type" : "long"
},
"events_dropped" : {
"type" : "long"
},
"events_edps" : {
"type" : "long"
},
"events_processed" : {
"type" : "long"
},
"events_received" : {
"type" : "long"
},
"firewall_queue_size" : {
"type" : "long"
},
"firewall_queue_usage" : {
"type" : "long"
},
"firewall_written" : {
"type" : "long"
},
"fts_written" : {
"type" : "long"
},
"hostinfo_edps" : {
"type" : "long"
},
"hostinfo_events_decoded" : {
"type" : "long"
},
"hostinfo_queue_size" : {
"type" : "long"
},
"hostinfo_queue_usage" : {
"type" : "long"
},
"other_events_decoded" : {
"type" : "long"
},
"other_events_edps" : {
"type" : "long"
},
"rootcheck_edps" : {
"type" : "long"
},
"rootcheck_events_decoded" : {
"type" : "long"
},
"rootcheck_queue_size" : {
"type" : "long"
},
"rootcheck_queue_usage" : {
"type" : "long"
},
"rule_matching_queue_size" : {
"type" : "long"
},
"rule_matching_queue_usage" : {
"type" : "long"
},
"sca_edps" : {
"type" : "long"
},
"sca_events_decoded" : {
"type" : "long"
},
"sca_queue_size" : {
"type" : "long"
},
"sca_queue_usage" : {
"type" : "long"
},
"statistical_queue_size" : {
"type" : "long"
},
"statistical_queue_usage" : {
"type" : "long"
},
"syscheck_edps" : {
"type" : "long"
},
"syscheck_events_decoded" : {
"type" : "long"
},
"syscheck_queue_size" : {
"type" : "long"
},
"syscheck_queue_usage" : {
"type" : "long"
},
"syscollector_edps" : {
"type" : "long"
},
"syscollector_events_decoded" : {
"type" : "long"
},
"syscollector_queue_size" : {
"type" : "long"
},
"syscollector_queue_usage" : {
"type" : "long"
},
"total_events_decoded" : {
"type" : "long"
},
"upgrade_queue_size" : {
"type" : "long"
},
"upgrade_queue_usage" : {
"type" : "long"
},
"winevt_edps" : {
"type" : "long"
},
"winevt_events_decoded" : {
"type" : "long"
},
"winevt_queue_size" : {
"type" : "long"
},
"winevt_queue_usage" : {
"type" : "long"
} }
} }
}, ],
"apiName" : { "properties" : {
"type" : "text", "analysisd" : {
"fields" : { "properties" : {
"keyword" : { "alerts_queue_size" : {
"type" : "keyword", "type" : "long"
"ignore_above" : 256 },
"alerts_queue_usage" : {
"type" : "long"
},
"alerts_written" : {
"type" : "long"
},
"archives_queue_size" : {
"type" : "long"
},
"archives_queue_usage" : {
"type" : "long"
},
"dbsync_mdps" : {
"type" : "long"
},
"dbsync_messages_dispatched" : {
"type" : "long"
},
"dbsync_queue_size" : {
"type" : "long"
},
"dbsync_queue_usage" : {
"type" : "long"
},
"event_queue_size" : {
"type" : "long"
},
"event_queue_usage" : {
"type" : "long"
},
"events_dropped" : {
"type" : "long"
},
"events_edps" : {
"type" : "long"
},
"events_processed" : {
"type" : "long"
},
"events_received" : {
"type" : "long"
},
"firewall_queue_size" : {
"type" : "long"
},
"firewall_queue_usage" : {
"type" : "long"
},
"firewall_written" : {
"type" : "long"
},
"fts_written" : {
"type" : "long"
},
"hostinfo_edps" : {
"type" : "long"
},
"hostinfo_events_decoded" : {
"type" : "long"
},
"hostinfo_queue_size" : {
"type" : "long"
},
"hostinfo_queue_usage" : {
"type" : "long"
},
"other_events_decoded" : {
"type" : "long"
},
"other_events_edps" : {
"type" : "long"
},
"rootcheck_edps" : {
"type" : "long"
},
"rootcheck_events_decoded" : {
"type" : "long"
},
"rootcheck_queue_size" : {
"type" : "long"
},
"rootcheck_queue_usage" : {
"type" : "long"
},
"rule_matching_queue_size" : {
"type" : "long"
},
"rule_matching_queue_usage" : {
"type" : "long"
},
"sca_edps" : {
"type" : "long"
},
"sca_events_decoded" : {
"type" : "long"
},
"sca_queue_size" : {
"type" : "long"
},
"sca_queue_usage" : {
"type" : "long"
},
"statistical_queue_size" : {
"type" : "long"
},
"statistical_queue_usage" : {
"type" : "long"
},
"syscheck_edps" : {
"type" : "long"
},
"syscheck_events_decoded" : {
"type" : "long"
},
"syscheck_queue_size" : {
"type" : "long"
},
"syscheck_queue_usage" : {
"type" : "long"
},
"syscollector_edps" : {
"type" : "long"
},
"syscollector_events_decoded" : {
"type" : "long"
},
"syscollector_queue_size" : {
"type" : "long"
},
"syscollector_queue_usage" : {
"type" : "long"
},
"total_events_decoded" : {
"type" : "long"
},
"upgrade_queue_size" : {
"type" : "long"
},
"upgrade_queue_usage" : {
"type" : "long"
},
"winevt_edps" : {
"type" : "long"
},
"winevt_events_decoded" : {
"type" : "long"
},
"winevt_queue_size" : {
"type" : "long"
},
"winevt_queue_usage" : {
"type" : "long"
}
} }
} },
}, "apiName" : {
"cluster" : { "type" : "text",
"type" : "text", "fields" : {
"fields" : { "keyword" : {
"keyword" : { "type" : "keyword",
"type" : "keyword", "ignore_above" : 256
"ignore_above" : 256 }
} }
} },
}, "cluster" : {
"nodeName" : { "type" : "text",
"type" : "text", "fields" : {
"fields" : { "keyword" : {
"keyword" : { "type" : "keyword",
"type" : "keyword", "ignore_above" : 256
"ignore_above" : 256 }
} }
} },
}, "nodeName" : {
"name" : { "type" : "text",
"type" : "keyword" "fields" : {
}, "keyword" : {
"remoted" : { "type" : "keyword",
"properties" : { "ignore_above" : 256
"ctrl_msg_count" : { }
"type" : "long"
},
"dequeued_after_close" : {
"type" : "long"
},
"discarded_count" : {
"type" : "long"
},
"evt_count" : {
"type" : "long"
},
"msg_sent" : {
"type" : "long"
},
"queue_size" : {
"type" : "keyword"
},
"recv_bytes" : {
"type" : "long"
},
"tcp_sessions" : {
"type" : "long"
},
"total_queue_size" : {
"type" : "long"
} }
},
"name" : {
"type" : "keyword"
},
"remoted" : {
"properties" : {
"ctrl_msg_count" : {
"type" : "long"
},
"dequeued_after_close" : {
"type" : "long"
},
"discarded_count" : {
"type" : "long"
},
"evt_count" : {
"type" : "long"
},
"msg_sent" : {
"type" : "long"
},
"queue_size" : {
"type" : "keyword"
},
"recv_bytes" : {
"type" : "long"
},
"tcp_sessions" : {
"type" : "long"
},
"total_queue_size" : {
"type" : "long"
}
}
},
"status" : {
"type" : "keyword"
},
"timestamp" : {
"type" : "date",
"format" : "dateOptionalTime"
} }
},
"status" : {
"type" : "keyword"
},
"timestamp" : {
"type" : "date",
"format" : "dateOptionalTime"
} }
} }
} }

16229
plugins/setup/src/main/resources/templates/streams/access-management.json
View File

File diff suppressed because it is too large Load Diff

16279
plugins/setup/src/main/resources/templates/streams/alerts.json
View File

File diff suppressed because it is too large Load Diff

20299
plugins/setup/src/main/resources/templates/streams/applications.json
View File

File diff suppressed because it is too large Load Diff

16279
plugins/setup/src/main/resources/templates/streams/archives.json
View File

File diff suppressed because it is too large Load Diff

23893
plugins/setup/src/main/resources/templates/streams/cloud-services-aws.json
View File

File diff suppressed because it is too large Load Diff

20995
plugins/setup/src/main/resources/templates/streams/cloud-services-azure.json
View File

File diff suppressed because it is too large Load Diff

19393
plugins/setup/src/main/resources/templates/streams/cloud-services-gcp.json
View File

File diff suppressed because it is too large Load Diff

16585
plugins/setup/src/main/resources/templates/streams/cloud-services.json
View File

File diff suppressed because it is too large Load Diff

27315
plugins/setup/src/main/resources/templates/streams/network-activity.json
View File

File diff suppressed because it is too large Load Diff

16229
plugins/setup/src/main/resources/templates/streams/other.json
View File

File diff suppressed because it is too large Load Diff

20123
plugins/setup/src/main/resources/templates/streams/security.json
View File

File diff suppressed because it is too large Load Diff

19897
plugins/setup/src/main/resources/templates/streams/system-activity.json
View File

File diff suppressed because it is too large Load Diff

53
plugins/setup/src/test/java/com/wazuh/setup/index/IndexStateManagementTests.java
View File

@ -29,10 +29,9 @@ import org.opensearch.transport.client.Client;
import org.opensearch.transport.client.IndicesAdminClient; import org.opensearch.transport.client.IndicesAdminClient;
import java.io.IOException; import java.io.IOException;
import java.util.HashMap;
import java.util.Map; import java.util.Map;
import com.wazuh.setup.utils.IndexUtils; import com.wazuh.setup.utils.JsonUtils;
import static org.mockito.Mockito.*; import static org.mockito.Mockito.*;
@ -42,7 +41,7 @@ public class IndexStateManagementTests extends OpenSearchTestCase {
private IndexStateManagement ismIndex; private IndexStateManagement ismIndex;
private Client client; private Client client;
private IndicesAdminClient indicesAdminClient; private IndicesAdminClient indicesAdminClient;
private IndexUtils indexUtils; private JsonUtils jsonUtils;
@Override @Override
public void setUp() throws Exception { public void setUp() throws Exception {
@ -51,7 +50,7 @@ public class IndexStateManagementTests extends OpenSearchTestCase {
this.client = mock(Client.class); this.client = mock(Client.class);
AdminClient adminClient = mock(AdminClient.class); AdminClient adminClient = mock(AdminClient.class);
this.indicesAdminClient = mock(IndicesAdminClient.class); this.indicesAdminClient = mock(IndicesAdminClient.class);
this.indexUtils = mock(IndexUtils.class); this.jsonUtils = mock(JsonUtils.class);
// Default settings // Default settings
ClusterService clusterService = mock(ClusterService.class); ClusterService clusterService = mock(ClusterService.class);
@ -62,9 +61,9 @@ public class IndexStateManagementTests extends OpenSearchTestCase {
doReturn(this.indicesAdminClient).when(adminClient).indices(); doReturn(this.indicesAdminClient).when(adminClient).indices();
this.ismIndex = this.ismIndex =
spy(new IndexStateManagement(IndexStateManagement.ISM_INDEX_NAME, "ism-template")); spy(new IndexStateManagement(IndexStateManagement.ISM_INDEX_NAME, "templates/ism-config"));
this.ismIndex.setClient(this.client); this.ismIndex.setClient(this.client);
this.ismIndex.setIndexUtils(this.indexUtils); this.ismIndex.setUtils(this.jsonUtils);
this.ismIndex.setClusterService(clusterService); this.ismIndex.setClusterService(clusterService);
} }
@ -75,33 +74,33 @@ public class IndexStateManagementTests extends OpenSearchTestCase {
* @throws IOException if an error occurs while reading the policy file * @throws IOException if an error occurs while reading the policy file
*/ */
public void testInitialize_CreatesIndexAndPolicies() throws IOException { public void testInitialize_CreatesIndexAndPolicies() throws IOException {
Map<String, Object> template = new HashMap<>(); // Mock indexExists to return false so createIndex is called
template.put("settings", Settings.builder().build());
template.put("mappings", Map.of());
doReturn(false).when(this.ismIndex).indexExists(IndexStateManagement.ISM_INDEX_NAME); doReturn(false).when(this.ismIndex).indexExists(IndexStateManagement.ISM_INDEX_NAME);
doReturn(template).when(this.indexUtils).fromFile("ism-template.json");
doReturn(template.get("mappings")).when(this.indexUtils).get(template, "mappings");
// Mock the CreateIndexResponse
CreateIndexResponse createResponse = mock(CreateIndexResponse.class); CreateIndexResponse createResponse = mock(CreateIndexResponse.class);
doReturn(IndexStateManagement.ISM_INDEX_NAME).when(createResponse).index(); doReturn(IndexStateManagement.ISM_INDEX_NAME).when(createResponse).index();
ActionFuture actionFuture = mock(ActionFuture.class); ActionFuture<CreateIndexResponse> createIndexFuture = mock(ActionFuture.class);
doReturn(createResponse).when(createIndexFuture).actionGet(anyLong());
doReturn(actionFuture).when(this.indicesAdminClient).create(any(CreateIndexRequest.class)); doReturn(createIndexFuture).when(this.indicesAdminClient).create(any(CreateIndexRequest.class));
// Mock the policy file loading
Map<String, Object> policyFile = Map.of("policy", "definition"); Map<String, Object> policyFile = Map.of("policy", "definition");
doReturn(policyFile) doReturn(policyFile)
.when(this.indexUtils) .when(this.jsonUtils)
.fromFile(IndexStateManagement.STREAM_ROLLOVER_POLICY_PATH); .fromFile(IndexStateManagement.STREAM_ROLLOVER_POLICY_PATH);
doReturn(actionFuture).when(this.client).index(any(IndexRequest.class)); // Mock the policy indexing
ActionFuture indexFuture = mock(ActionFuture.class);
doReturn(createResponse).when(actionFuture).actionGet(anyLong()); doReturn(indexFuture).when(this.client).index(any(IndexRequest.class));
doReturn(null).when(indexFuture).actionGet(anyLong());
this.ismIndex.initialize(); this.ismIndex.initialize();
// Verify that the index was created with the correct request
verify(this.indicesAdminClient).create(any(CreateIndexRequest.class)); verify(this.indicesAdminClient).create(any(CreateIndexRequest.class));
// Verify that the policy was indexed
verify(this.client).index(any(IndexRequest.class)); verify(this.client).index(any(IndexRequest.class));
} }
@ -128,7 +127,7 @@ public class IndexStateManagementTests extends OpenSearchTestCase {
public void testPolicyFileMissing_LogsError() throws IOException { public void testPolicyFileMissing_LogsError() throws IOException {
doReturn(true).when(this.ismIndex).indexExists(IndexStateManagement.ISM_INDEX_NAME); doReturn(true).when(this.ismIndex).indexExists(IndexStateManagement.ISM_INDEX_NAME);
doThrow(new IOException("file not found")) doThrow(new IOException("file not found"))
.when(indexUtils) .when(jsonUtils)
.fromFile(IndexStateManagement.STREAM_ROLLOVER_POLICY_PATH); .fromFile(IndexStateManagement.STREAM_ROLLOVER_POLICY_PATH);
this.ismIndex.initialize(); this.ismIndex.initialize();
@ -147,9 +146,7 @@ public class IndexStateManagementTests extends OpenSearchTestCase {
doReturn(true).when(this.ismIndex).indexExists(IndexStateManagement.ISM_INDEX_NAME); doReturn(true).when(this.ismIndex).indexExists(IndexStateManagement.ISM_INDEX_NAME);
Map<String, Object> policyFile = Map.of("policy", "definition"); Map<String, Object> policyFile = Map.of("policy", "definition");
doReturn(policyFile) doReturn(policyFile).when(jsonUtils).fromFile(IndexStateManagement.STREAM_ROLLOVER_POLICY_PATH);
.when(indexUtils)
.fromFile(IndexStateManagement.STREAM_ROLLOVER_POLICY_PATH);
doThrow(new ResourceAlreadyExistsException("already exists")) doThrow(new ResourceAlreadyExistsException("already exists"))
.when(this.client) .when(this.client)
.index(any(IndexRequest.class)); .index(any(IndexRequest.class));
@ -158,4 +155,14 @@ public class IndexStateManagementTests extends OpenSearchTestCase {
// Verifies that exception is caught and logged // Verifies that exception is caught and logged
} }
/**
* Verifies that IOException while reading a file is caught and logged.
*
* @throws IOException if there is an error reading the file
*/
public void testFileIOException() throws IOException {
doThrow(new IOException("Test failed successfully")).when(this.jsonUtils).fromFile(anyString());
this.ismIndex.indexPolicy("test-template");
}
} }

60
plugins/setup/src/test/java/com/wazuh/setup/index/IndexTests.java
View File

@ -18,7 +18,6 @@ package com.wazuh.setup.index;
import org.opensearch.action.admin.indices.create.CreateIndexRequest; import org.opensearch.action.admin.indices.create.CreateIndexRequest;
import org.opensearch.action.admin.indices.create.CreateIndexResponse; import org.opensearch.action.admin.indices.create.CreateIndexResponse;
import org.opensearch.action.admin.indices.template.put.PutIndexTemplateRequest;
import org.opensearch.action.support.clustermanager.AcknowledgedResponse; import org.opensearch.action.support.clustermanager.AcknowledgedResponse;
import org.opensearch.cluster.ClusterState; import org.opensearch.cluster.ClusterState;
import org.opensearch.cluster.routing.RoutingTable; import org.opensearch.cluster.routing.RoutingTable;
@ -30,11 +29,7 @@ import org.opensearch.transport.client.AdminClient;
import org.opensearch.transport.client.Client; import org.opensearch.transport.client.Client;
import org.opensearch.transport.client.IndicesAdminClient; import org.opensearch.transport.client.IndicesAdminClient;
import java.io.IOException; import com.wazuh.setup.utils.JsonUtils;
import java.util.List;
import java.util.Map;
import com.wazuh.setup.utils.IndexUtils;
import static org.mockito.Mockito.*; import static org.mockito.Mockito.*;
@ -42,21 +37,22 @@ import static org.mockito.Mockito.*;
public class IndexTests extends OpenSearchTestCase { public class IndexTests extends OpenSearchTestCase {
private Index index; private Index index;
private Client client;
private IndicesAdminClient indicesAdminClient; private IndicesAdminClient indicesAdminClient;
private RoutingTable routingTable; private RoutingTable routingTable;
private IndexUtils indexUtils; private JsonUtils jsonUtils;
@Override @Override
public void setUp() throws Exception { public void setUp() throws Exception {
super.setUp(); super.setUp();
Client client = mock(Client.class); this.client = mock(Client.class);
AdminClient adminClient = mock(AdminClient.class); AdminClient adminClient = mock(AdminClient.class);
this.indicesAdminClient = mock(IndicesAdminClient.class); this.indicesAdminClient = mock(IndicesAdminClient.class);
ClusterService clusterService = mock(ClusterService.class); ClusterService clusterService = mock(ClusterService.class);
this.routingTable = mock(RoutingTable.class); this.routingTable = mock(RoutingTable.class);
ClusterState clusterState = mock(ClusterState.class); ClusterState clusterState = mock(ClusterState.class);
this.indexUtils = mock(IndexUtils.class); this.jsonUtils = mock(JsonUtils.class);
// Default settings // Default settings
Settings settings = Settings.builder().build(); Settings settings = Settings.builder().build();
@ -64,11 +60,11 @@ public class IndexTests extends OpenSearchTestCase {
// Concrete implementation of abstract class // Concrete implementation of abstract class
this.index = new Index("test-index", "test-template") {}; this.index = new Index("test-index", "test-template") {};
this.index.setClient(client); this.index.setClient(this.client);
this.index.setClusterService(clusterService); this.index.setClusterService(clusterService);
this.index.setIndexUtils(indexUtils); this.index.setUtils(jsonUtils);
doReturn(adminClient).when(client).admin(); doReturn(adminClient).when(this.client).admin();
doReturn(this.indicesAdminClient).when(adminClient).indices(); doReturn(this.indicesAdminClient).when(adminClient).indices();
doReturn(clusterState).when(clusterService).state(); doReturn(clusterState).when(clusterService).state();
doReturn(this.routingTable).when(clusterState).getRoutingTable(); doReturn(this.routingTable).when(clusterState).getRoutingTable();
@ -98,43 +94,21 @@ public class IndexTests extends OpenSearchTestCase {
verify(this.indicesAdminClient, never()).create(any()); verify(this.indicesAdminClient, never()).create(any());
} }
/** /** Verifies that template creation is successful when valid data is returned from file. */
* Verifies that template creation is successful when valid data is returned from file. public void testCreateTemplateSuccess() {
* // Mock the response for client.execute()
* @throws IOException if there is an error reading the template file
*/
public void testCreateTemplateSuccess() throws IOException {
Map<String, Object> templateMap =
Map.of(
"settings", Settings.builder().build(),
"mappings", Map.of(),
"index_patterns", List.of("test-*"));
doReturn(templateMap).when(this.indexUtils).fromFile("test-template.json");
doReturn(templateMap.get("mappings")).when(this.indexUtils).get(templateMap, "mappings");
AcknowledgedResponse ackResponse = mock(AcknowledgedResponse.class); AcknowledgedResponse ackResponse = mock(AcknowledgedResponse.class);
ActionFuture actionFuture = mock(ActionFuture.class); ActionFuture actionFuture = mock(ActionFuture.class);
doReturn(ackResponse).when(actionFuture).actionGet(anyLong()); doReturn(ackResponse).when(actionFuture).actionGet(anyLong());
doReturn(actionFuture)
.when(this.indicesAdminClient)
.putTemplate(any(PutIndexTemplateRequest.class));
this.index.createTemplate("test-template");
verify(this.indicesAdminClient).putTemplate(any(PutIndexTemplateRequest.class)); // Mock client.execute() which is what createTemplate actually uses
} doReturn(actionFuture).when(this.client).execute(any(), any());
/** // Call createTemplate with a real template file that exists
* Verifies that IOException while reading template file is caught and logged. this.index.createTemplate("templates/ism-config");
*
* @throws IOException if there is an error reading the template file
*/
public void testCreateTemplateIOException() throws IOException {
doThrow(new IOException("test")).when(this.indexUtils).fromFile("test-template.json");
this.index.createTemplate("test-template"); // Verify that client.execute was called
verify(this.client).execute(any(), any());
// Expect error to be logged but not thrown
} }
/** Verifies that initialize() invokes both createTemplate and createIndex in order. */ /** Verifies that initialize() invokes both createTemplate and createIndex in order. */

69
plugins/setup/src/test/java/com/wazuh/setup/index/StreamIndexTests.java
View File

@ -16,9 +16,7 @@
*/ */
package com.wazuh.setup.index; package com.wazuh.setup.index;
import org.opensearch.action.admin.indices.alias.Alias; import org.opensearch.action.support.clustermanager.AcknowledgedResponse;
import org.opensearch.action.admin.indices.create.CreateIndexRequest;
import org.opensearch.action.admin.indices.create.CreateIndexResponse;
import org.opensearch.cluster.ClusterState; import org.opensearch.cluster.ClusterState;
import org.opensearch.cluster.routing.RoutingTable; import org.opensearch.cluster.routing.RoutingTable;
import org.opensearch.cluster.service.ClusterService; import org.opensearch.cluster.service.ClusterService;
@ -29,7 +27,7 @@ import org.opensearch.transport.client.AdminClient;
import org.opensearch.transport.client.Client; import org.opensearch.transport.client.Client;
import org.opensearch.transport.client.IndicesAdminClient; import org.opensearch.transport.client.IndicesAdminClient;
import com.wazuh.setup.utils.IndexUtils; import com.wazuh.setup.utils.JsonUtils;
import static org.mockito.ArgumentMatchers.any; import static org.mockito.ArgumentMatchers.any;
import static org.mockito.Mockito.*; import static org.mockito.Mockito.*;
@ -37,9 +35,9 @@ import static org.mockito.Mockito.*;
/** Unit tests for the {@link StreamIndex} class. */ /** Unit tests for the {@link StreamIndex} class. */
public class StreamIndexTests extends OpenSearchTestCase { public class StreamIndexTests extends OpenSearchTestCase {
private static final String STREAM_INDEX = "stream-index";
private StreamIndex streamIndex; private StreamIndex streamIndex;
private IndicesAdminClient indicesAdminClient; private IndicesAdminClient indicesAdminClient;
private RoutingTable routingTable;
@Override @Override
public void setUp() throws Exception { public void setUp() throws Exception {
@ -49,57 +47,56 @@ public class StreamIndexTests extends OpenSearchTestCase {
AdminClient adminClient = mock(AdminClient.class); AdminClient adminClient = mock(AdminClient.class);
this.indicesAdminClient = mock(IndicesAdminClient.class); this.indicesAdminClient = mock(IndicesAdminClient.class);
ClusterService clusterService = mock(ClusterService.class); ClusterService clusterService = mock(ClusterService.class);
this.routingTable = mock(RoutingTable.class); RoutingTable routingTable = mock(RoutingTable.class);
ClusterState clusterState = mock(ClusterState.class); ClusterState clusterState = mock(ClusterState.class);
// Default settings // Default settings
Settings settings = Settings.builder().build(); Settings settings = Settings.builder().build();
doReturn(settings).when(clusterService).getSettings(); doReturn(settings).when(clusterService).getSettings();
this.streamIndex = new StreamIndex("stream-index", "stream-template", "stream-alias"); this.streamIndex = new StreamIndex(STREAM_INDEX, "stream-template");
this.streamIndex.setClient(client); this.streamIndex.setClient(client);
this.streamIndex.setClusterService(clusterService); this.streamIndex.setClusterService(clusterService);
this.streamIndex.setIndexUtils(mock(IndexUtils.class)); this.streamIndex.setUtils(mock(JsonUtils.class));
doReturn(adminClient).when(client).admin(); doReturn(adminClient).when(client).admin();
doReturn(this.indicesAdminClient).when(adminClient).indices(); doReturn(this.indicesAdminClient).when(adminClient).indices();
doReturn(clusterState).when(clusterService).state(); doReturn(clusterState).when(clusterService).state();
doReturn(this.routingTable).when(clusterState).getRoutingTable(); doReturn(routingTable).when(clusterState).getRoutingTable();
} }
/** /**
* Verifies that createIndex adds the alias and calls the create method when the index does not * Verifies that createIndex handles ResourceAlreadyExistsException gracefully when the data
* exist. * stream already exists.
*/ */
public void testCreateIndexWithAlias() { public void testCreateIndexWhenAlreadyExists() {
doReturn(false).when(this.routingTable).hasIndex("stream-index"); // Mock createDataStream to throw ResourceAlreadyExistsException
ActionFuture actionFuture = mock(ActionFuture.class);
doThrow(new org.opensearch.ResourceAlreadyExistsException("Data stream already exists"))
.when(actionFuture)
.actionGet(anyLong());
doReturn(actionFuture).when(this.indicesAdminClient).createDataStream(any());
// Should not throw exception - it should be caught and logged
this.streamIndex.createIndex(STREAM_INDEX);
// Verify createDataStream was called once
verify(this.indicesAdminClient).createDataStream(any());
}
/** Verifies that createIndex successfully creates a data stream when it doesn't exist. */
public void testCreateIndexSuccess() {
// Mock successful data stream creation
AcknowledgedResponse response = mock(AcknowledgedResponse.class);
// doReturn(true).when(response).isAcknowledged();
CreateIndexResponse response = mock(CreateIndexResponse.class);
doReturn("stream-index").when(response).index();
ActionFuture actionFuture = mock(ActionFuture.class); ActionFuture actionFuture = mock(ActionFuture.class);
doReturn(response).when(actionFuture).actionGet(anyLong()); doReturn(response).when(actionFuture).actionGet(anyLong());
doReturn(actionFuture).when(this.indicesAdminClient).create(any(CreateIndexRequest.class)); doReturn(actionFuture).when(this.indicesAdminClient).createDataStream(any());
this.streamIndex.createIndex("stream-index"); this.streamIndex.createIndex(STREAM_INDEX);
verify(this.indicesAdminClient) // Verify createDataStream was called
.create( verify(this.indicesAdminClient).createDataStream(any());
argThat(
req -> {
Alias alias = req.aliases().stream().findFirst().orElse(null);
return req.index().equals("stream-index")
&& alias != null
&& "stream-alias".equals(alias.name())
&& Boolean.TRUE.equals(alias.writeIndex());
}));
}
/** Verifies that createIndex skips index creation if the index already exists. */
public void testCreateIndexWhenAlreadyExists() {
doReturn(true).when(this.routingTable).hasIndex("stream-index");
this.streamIndex.createIndex("stream-index");
verify(this.indicesAdminClient, never()).create(any());
} }
} }