wazuh-ruby-client 0.1.0

data/lib/wazuh/api/endpoints/decoders.rb

@@ -0,0 +1,91 @@
+module Wazuh
+  module Api
+    module Endpoints
+      module Decoders
+        #
+        # Get all decoders
+        # Returns all decoders included in ossec.conf.
+        #
+        # @option options [offset] :offset
+        #   First element to return in the collection.
+        # @option options [limit] :limit
+        #   Maximum number of elements to return.
+        # @option options [sort] :sort
+        #   Sorts the collection by a field or fields (separated by comma). Use +/- at the beginning to list in ascending or descending order.
+        # @option options [search] :search
+        #   Looks for elements with the specified string.
+        # @option options [file] :file
+        #   Filters by filename.
+        # @option options [path] :path
+        #   Filters by path.
+        # @option options [status] :status
+        #   Filters the decoders by status.
+        #   Allowed values: enabled, disabled, all
+        # @see https://documentation.wazuh.com/3.10/user-manual/api/reference.html#get-all-decoders
+        def all_decoders(options = {})
+          get '/decoders', options
+        end
+
+        # Get all decoders files
+        # Returns all decoders files included in ossec.conf.
+        #
+        #
+        # @option options [offset] :offset
+        #   First element to return in the collection.
+        # @option options [limit] :limit
+        #   Maximum number of elements to return.
+        # @option options [sort] :sort
+        #   Sorts the collection by a field or fields (separated by comma). Use +/- at the beginning to list in ascending or descending order.
+        # @option options [search] :search
+        #   Looks for elements with the specified string.
+        # @option options [file] :file
+        #   Filters by filename.
+        # @option options [path] :path
+        #   Filters by path.
+        # @option options [status] :status
+        #   Filters the decoders by status.
+        #   Allowed values: enabled, disabled, all
+        # @option options [download] :download
+        #   Name of the decoder file to download.
+        # @see https://documentation.wazuh.com/3.10/user-manual/api/reference.html#get-all-decoders-files
+        def all_decoders_files(options = {})
+          get '/decoders/files', options
+        end
+
+        # Get all parent decoders
+        # Returns all parent decoders included in ossec.conf.
+        #
+        # @option options [offset] :offset
+        #   First element to return in the collection.
+        # @option options [limit] :limit
+        #   Maximum number of elements to return.
+        # @option options [sort] :sort
+        #   Sorts the collection by a field or fields (separated by comma). Use +/- at the beginning to list in ascending or descending order.
+        # @option options [search] :search
+        #   Looks for elements with the specified string.
+        # @see https://documentation.wazuh.com/3.10/user-manual/api/reference.html#get-all-parent-decoders
+        def all_parent_decoders(options = {})
+          get '/decoders/parents', options
+        end
+
+        # Get decoders by name
+        # Returns the decoders with the specified name.
+        #
+        # @param [String] decoder_name
+        #   Decoder name
+        # @option options [offset] :offset
+        #   First element to return in the collection.
+        # @option options [limit] :limit
+        #   Maximum number of elements to return.
+        # @option options [sort] :sort
+        #   Sorts the collection by a field or fields (separated by comma). Use +/- at the beginning to list in ascending or descending order.
+        # @option options [search] :search
+        #   Looks for elements with the specified string.
+        # @see https://documentation.wazuh.com/3.10/user-manual/api/reference.html#get-decoders-by-name
+        def decoders_by_name(decoder_name, options = {})
+          get "/decoders/#{decoder_name}", options
+        end
+      end
+    end
+  end
+end

data/lib/wazuh/api/endpoints/experimental.rb

@@ -0,0 +1,309 @@
+module Wazuh
+  module Api
+    module Endpoints
+      module Experimental
+        # These methods are experimental API wrapper and
+        # requires `experimental_*` prefix.
+
+        #
+        # Clear syscheck database
+        # Clears the syscheck database for all agents.
+        #
+        def experimental_clear_syscheck_database
+          delete '/experimental/syscheck'
+        end
+
+        # Get hardware info of all agents
+        # Returns the agent’s hardware info.
+        #
+        # @option options [agent_id] :agent_id
+        #   Agent ID
+        # @option options [offset] :offset
+        #   First element to return in the collection.
+        # @option options [limit] :limit
+        #   Maximum number of elements to return.
+        # @option options [sort] :sort
+        #   Sorts the collection by a field or fields (separated by comma). Use +/- at the beginning to list in ascending or descending order.
+        # @option options [search] :search
+        #   Looks for elements with the specified string.
+        # @option options [select] :select
+        #   List of selected fields separated by commas.
+        # @option options [ram_free] :ram_free
+        #   Filters by ram_free.
+        # @option options [ram_total] :ram_total
+        #   Filters by ram_total.
+        # @option options [cpu_cores] :cpu_cores
+        #   Filters by cpu_cores.
+        # @option options [cpu_mhz] :cpu_mhz
+        #   Filters by cpu_mhz.
+        # @option options [cpu_name] :cpu_name
+        #   Filters by cpu_name.
+        # @option options [board_serial] :board_serial
+        #   Filters by board_serial.
+        # @see https://documentation.wazuh.com/3.10/user-manual/api/reference.html#get-hardware-info-of-all-agents
+        def experimental_hardware(options = {})
+          get '/experimental/syscollector/hardware', options
+        end
+
+        # Get network address info of all agents
+        # Returns the agent’s network address info.
+        #
+        # @option options [agent_id] :agent_id
+        # @option options [offset] :offset
+        #   First element to return in the collection.
+        # @option options [limit] :limit
+        #   Maximum number of elements to return.
+        # @option options [sort] :sort
+        #   Sorts the collection by a field or fields (separated by comma). Use +/- at the beginning to list in ascending or descending order.
+        # @option options [search] :search
+        #   Looks for elements with the specified string.
+        # @option options [select] :select
+        #   List of selected fields separated by commas.
+        # @option options [iface] :iface
+        #   Filters by interface name.
+        # @option options [proto] :proto
+        #   Filters by proto.
+        # @option options [address] :address
+        #   Filters by address.
+        # @option options [broadcast] :broadcast
+        #   Filters by broadcast.
+        # @option options [netmask] :netmask
+        #   Filters by netmask.
+        # @see https://documentation.wazuh.com/3.10/user-manual/api/reference.html#get-network-address-info-of-all-agents
+        def experimental_netaddr(options = {})
+          get '/experimental/syscollector/netaddr', options
+        end
+
+        # Get network interface info of all agents
+        # Returns the agent’s network interface info.
+        #
+        # @option options [offset] :offset
+        #   First element to return in the collection.
+        # @option options [limit] :limit
+        #   Maximum number of elements to return.
+        # @option options [sort] :sort
+        #   Sorts the collection by a field or fields (separated by comma). Use +/- at the beginning to list in ascending or descending order.
+        # @option options [search] :search
+        #   Looks for elements with the specified string.
+        # @option options [select] :select
+        #   List of selected fields separated by commas.
+        # @option options [name] :name
+        #   Filters by name.
+        # @option options [adapter] :adapter
+        #   Filters by adapter.
+        # @option options [type] :type
+        #   Filters by type.
+        # @option options [state] :state
+        #   Filters by state.
+        # @option options [mtu] :mtu
+        #   Filters by mtu.
+        # @option options [tx_packets] :tx_packets
+        # @option options [rx_packets] :rx_packets
+        # @option options [tx_bytes] :tx_bytes
+        # @option options [rx_bytes] :rx_bytes
+        # @option options [tx_errors] :tx_errors
+        # @option options [rx_errors] :rx_errors
+        # @option options [tx_dropped] :tx_dropped
+        # @option options [rx_dropped] :rx_dropped
+        # @see https://documentation.wazuh.com/3.10/user-manual/api/reference.html#get-network-interface-info-of-all-agents
+        def experimental_netiface(options = {})
+          get '/experimental/syscollector/netiface', options
+        end
+
+        # Get network protocol info of all agents
+        # Returns the agent’s network protocol info.
+        #
+        # @option options [agent_id] :agent_id
+        # @option options [offset] :offset
+        #   First element to return in the collection.
+        # @option options [limit] :limit
+        #   Maximum number of elements to return.
+        # @option options [sort] :sort
+        #   Sorts the collection by a field or fields (separated by comma). Use +/- at the beginning to list in ascending or descending order.
+        # @option options [search] :search
+        #   Looks for elements with the specified string.
+        # @option options [select] :select
+        #   List of selected fields separated by commas.
+        # @option options [iface] :iface
+        #   Filters by interface name.
+        # @option options [type] :type
+        #   Filters by type.
+        # @option options [gateway] :gateway
+        #   Filters by gateway.
+        # @option options [dhcp] :dhcp
+        #   Filters by dhcp.
+        # @see https://documentation.wazuh.com/3.10/user-manual/api/reference.html#get-network-protocol-info-of-all-agents
+        def experimental_netproto(options = {})
+          get '/experimental/syscollector/netproto', options
+        end
+
+        # Get os info of all agents
+        # Returns the agent’s os info.
+        #
+        # @option options [agent_id] :agent_id
+        #   ID to agent
+        # @option options [limit] :limit
+        #   Maximum number of elements to return.
+        # @option options [sort] :sort
+        #   Sorts the collection by a field or fields (separated by comma). Use +/- at the beginning to list in ascending or descending order.
+        # @option options [search] :search
+        #   Looks for elements with the specified string.
+        # @option options [offset] :offset
+        #   First element to return in the collection.
+        # @option options [select] :select
+        #   List of selected fields separated by commas.
+        # @option options [os_name] :os_name
+        #   Filters by os_name.
+        # @option options [architecture] :architecture
+        #   Filters by architecture.
+        # @option options [os_version] :os_version
+        #   Filters by os_version.
+        # @option options [version] :version
+        #   Filters by version.
+        # @option options [release] :release
+        #   Filters by release.
+        # @see https://documentation.wazuh.com/3.10/user-manual/api/reference.html#get-os-info-of-all-agents
+        def experimental_os(options = {})
+          get '/experimentalsyscollector/os', options
+        end
+
+        # Get packages info of all agents
+        # Returns the agent’s packages info.
+        #
+        # @option options [agent_id] :agent_id
+        # @option options [offset] :offset
+        #   First element to return in the collection.
+        # @option options [limit] :limit
+        #   Maximum number of elements to return.
+        # @option options [sort] :sort
+        #   Sorts the collection by a field or fields (separated by comma). Use +/- at the beginning to list in ascending or descending order.
+        # @option options [search] :search
+        #   Looks for elements with the specified string.
+        # @option options [select] :select
+        #   List of selected fields separated by commas.
+        # @option options [vendor] :vendor
+        #   Filters by vendor.
+        # @option options [name] :name
+        #   Filters by name.
+        # @option options [architecture] :architecture
+        #   Filters by architecture.
+        # @option options [format] :format
+        #   Filters by format.
+        # @option options [version] :version
+        #   Filters by format.
+        # @see https://documentation.wazuh.com/3.10/user-manual/api/reference.html#get-packages-info-of-all-agents
+        def experimental_packages(options = {})
+          get '/experimental/syscollector/packages', options
+        end
+
+        # Get ports info of all agents
+        # Returns the agent’s ports info.
+        #
+        # @option options [agent_id] :agent_id
+        # @option options [offset] :offset
+        #   First element to return in the collection.
+        # @option options [limit] :limit
+        #   Maximum number of elements to return.
+        # @option options [sort] :sort
+        #   Sorts the collection by a field or fields (separated by comma). Use +/- at the beginning to list in ascending or descending order.
+        # @option options [search] :search
+        #   Looks for elements with the specified string.
+        # @option options [select] :select
+        #   List of selected fields separated by commas.
+        # @option options [pid] :pid
+        #   Filters by pid.
+        # @option options [protocol] :protocol
+        #   Filters by protocol.
+        # @option options [local_ip] :local_ip
+        #   Filters by local_ip.
+        # @option options [local_port] :local_port
+        #   Filters by local_port.
+        # @option options [remote_ip] :remote_ip
+        #   Filters by remote_ip.
+        # @option options [tx_queue] :tx_queue
+        #   Filters by tx_queue.
+        # @option options [state] :state
+        #   Filters by state.
+        # @see https://documentation.wazuh.com/3.10/user-manual/api/reference.html#get-ports-info-of-all-agents
+        def experimental_ports(options = {})
+          get '/experimental/syscollector/ports', options
+        end
+
+        # Get processes info of all agents
+        # Returns the agent’s processes info.
+        #
+        # @option options [agent_id] :agent_id
+        # @option options [offset] :offset
+        #   First element to return in the collection.
+        # @option options [limit] :limit
+        #   Maximum number of elements to return.
+        # @option options [sort] :sort
+        #   Sorts the collection by a field or fields (separated by comma). Use +/- at the beginning to list in ascending or descending order.
+        # @option options [search] :search
+        #   Looks for elements with the specified string.
+        # @option options [select] :select
+        #   List of selected fields separated by commas.
+        # @option options [pid] :pid
+        #   Filters by pid.
+        # @option options [state] :state
+        #   Filters by process state.
+        # @option options [ppid] :ppid
+        #   Filters by process parent pid.
+        # @option options [egroup] :egroup
+        #   Filters by process egroup.
+        # @option options [euser] :euser
+        #   Filters by process euser.
+        # @option options [fgroup] :fgroup
+        #   Filters by process fgroup.
+        # @option options [name] :name
+        #   Filters by process name.
+        # @option options [nlwp] :nlwp
+        #   Filters by process nlwp.
+        # @option options [pgrp] :pgrp
+        #   Filters by process pgrp.
+        # @option options [priority] :priority
+        #   Filters by process priority.
+        # @option options [rgroup] :rgroup
+        #   Filters by process rgroup.
+        # @option options [ruser] :ruser
+        #   Filters by process ruser.
+        # @option options [sgroup] :sgroup
+        #   Filters by process sgroup.
+        # @option options [suser] :suser
+        #   Filters by process suser.
+        # @see https://documentation.wazuh.com/3.10/user-manual/api/reference.html#get-processes-info-of-all-agents
+        def experimental_processes(options = {})
+          get '/experimental/syscollector/processes', options
+        end
+
+        # Get CIS-CAT results
+        # Returns the agent’s ciscat results info.
+        #
+        # @option options [agent_id] :agent_id
+        #   ID to agent
+        # @option options [offset] :offset
+        #   First element to return in the collection.
+        # @option options [limit] :limit
+        #   Maximum number of elements to return.
+        # @option options [sort] :sort
+        #   Sorts the collection by a field or fields (separated by comma). Use +/- at the beginning to list in ascending or descending order.
+        # @option options [search] :search
+        #   Looks for elements with the specified string.
+        # @option options [select] :select
+        #   List of selected fields separated by commas.
+        # @option options [benchmark] :benchmark
+        # @option options [profile] :profile
+        # @option options [pass] :pass
+        # @option options [fail] :fail
+        # @option options [error] :error
+        # @option options [notchecked] :notchecked
+        # @option options [unknown] :unkown
+        # @option options [score] :score
+        # @see https://documentation.wazuh.com/3.10/user-manual/api/reference.html#get-cis-cat-results
+        def experimental_ciscat_results(options = {})
+          get '/experimental/ciscat/results', options
+        end
+      end
+    end
+  end
+end

data/lib/wazuh/api/endpoints/lists.rb

@@ -0,0 +1,42 @@
+module Wazuh
+  module Api
+    module Endpoints
+      module Lists
+        #
+        # Get all lists
+        # Returns the content of all CDB lists.
+        #
+        # @option options [offset] :offset
+        #   First element to return in the collection.
+        # @option options [limit] :limit
+        #   Maximum number of elements to return.
+        # @option options [sort] :sort
+        #   Sorts the collection by a field or fields (separated by comma). Use +/- at the beginning to list in ascending or descending order.
+        # @option options [search] :search
+        #   Looks for elements with the specified string.
+        # @option options [path] :path
+        #   Filters by path.
+        # @see https://documentation.wazuh.com/3.10/user-manual/api/reference.html#get-all-lists
+        def cdb_lists(options = {})
+          get '/lists', options
+        end
+
+        # Get paths from all lists
+        # Returns the path from all lists.
+        #
+        # @option options [offset] :offset
+        #   First element to return in the collection.
+        # @option options [limit] :limit
+        #   Maximum number of elements to return.
+        # @option options [sort] :sort
+        #   Sorts the collection by a field or fields (separated by comma). Use +/- at the beginning to list in ascending or descending order.
+        # @option options [search] :search
+        #   Looks for elements with the specified string.
+        # @see https://documentation.wazuh.com/3.10/user-manual/api/reference.html#get-paths-from-all-lists
+        def cdb_files(options = {})
+          get '/lists/files', options
+        end
+      end
+    end
+  end
+end

data/lib/wazuh/api/endpoints/manager.rb

@@ -0,0 +1,156 @@
+module Wazuh
+  module Api
+    module Endpoints
+      module Manager
+        # Get manager active configuration
+        # Returns the requested configuration in JSON format.
+        #
+        # @param [String] component
+        #   Selected component.
+        # @param [String] configuration
+        #   Configuration to read.
+        # @see https://documentation.wazuh.com/3.10/user-manual/api/reference.html#get-manager-active-configuration
+        def manager_active_configuration(component, configuration)
+          get "/manager/config/#{component}/#{configuration}"
+        end
+
+        # Get manager configuration
+        # Returns ossec.conf in JSON format.
+        #
+        # @option options [section] :section
+        #   Indicates the ossec.conf section: global, rules, syscheck, rootcheck, remote, alerts, command, active-response, localfile.
+        # @option options [field] :field
+        #   Indicates a section child, e.g, fields for rule section are: include, decoder_dir, etc.
+        def manager_configuration(options = {})
+          get '/manager/configuration', options
+        end
+
+        # Check Wazuh configuration
+        # Returns if Wazuh configuration is OK.
+        #
+        # @see https://documentation.wazuh.com/3.10/user-manual/api/reference.html#check-wazuh-configuration
+        def check_manager_configuration
+          get '/manager/configuration/validation'
+        end
+
+        # Delete a local file
+        # Confirmation message.
+        #
+        # @option options [path] :path
+        #   Relative path of file. This parameter is mandatory.
+        # @see https://documentation.wazuh.com/3.10/user-manual/api/reference.html#delete-a-local-file
+        def delete_manager_local_file(options = {})
+          delete '/manager/files', options
+        end
+
+        # Get local file
+        # Returns the content of a local file (rules, decoders and lists).
+        #
+        # @option options [path] :path
+        #   Relative path of file. This parameter is mandatory.
+        # @option options [validation] :validation
+        #   Validates the content of the file. An error will be returned if file content is not strictly correct. False by default.
+        # @see https://documentation.wazuh.com/3.10/user-manual/api/reference.html#get-local-file
+        def get_manager_local_file(options = {})
+          get '/manager/files', options
+        end
+
+        # Update local file
+        # Upload a local file (rules, decoders and lists).
+        #
+        # @option options [path] :path
+        #   Relative path of file. This parameter is mandatory.
+        # @option options [validation] :validation
+        #   Validates the content of the file. An error will be returned if file content is not strictly correct. False by default.
+        # @option options [overwrite] :overwrite
+        #   Replaces the existing file. False by default.
+        # @see https://documentation.wazuh.com/3.10/user-manual/api/reference.html#update-local-file
+        def update_manager_local_file(options = {})
+          post '/manager/files', options
+        end
+
+        # Get manager information
+        # Returns basic information about manager.
+        #
+        # @see https://documentation.wazuh.com/3.10/user-manual/api/reference.html#get-manager-information
+        def manager_information
+          get '/manager/info'
+        end
+
+        # Get manager status
+        # Returns the status of the manager processes.
+        #
+        # @see https://documentation.wazuh.com/3.10/user-manual/api/reference.html#get-manager-status
+        def manager_status
+          get '/manager/status'
+        end
+
+        # Get ossec.log
+        # Returns the three last months of ossec.log.
+        #
+        # @see https://documentation.wazuh.com/3.10/user-manual/api/reference.html#get-ossec-log
+        def manager_log
+          get '/manager/logs'
+        end
+
+        # Get summary of ossec.log
+        # Returns a summary of the last three months of the <code>ossec.log</code> file.
+        #
+        # @see https://documentation.wazuh.com/3.10/user-manual/api/reference.html#get-summary-of-ossec-log
+        def manager_summary_log
+          get '/manager/logs/summary'
+        end
+
+        # Restart Wazuh manager
+        # Restarts Wazuh manager.
+        #
+        # @see https://documentation.wazuh.com/3.10/user-manual/api/reference.html#restart-wazuh-manager
+        def restart_manager
+          put '/manager/restart'
+        end
+
+        # Get analysisd stats
+        # Returns a summary of the current analysisd stats.
+        #
+        # @see https://documentation.wazuh.com/3.10/user-manual/api/reference.html#get-analysisd-stats
+        def manager_analysisd_stats
+          get '/manager/stats/analysisd'
+        end
+
+        # Get manager stats
+        # Returns Wazuh statistical information for the current or specified date.
+        #
+        # @option options [date] :date
+        #   Selects the date for getting the statistical information. Format: YYYYMMDD
+        # @see https://documentation.wazuh.com/3.10/user-manual/api/reference.html#get-manager-stats
+        def manager_stats(options = {})
+          get '/manager/stats', options
+        end
+
+        # Get manager stats by hour
+        # Returns Wazuh statistical information per hour. Each number in the averages field represents the average of alerts per hour.
+        #
+        # @see https://documentation.wazuh.com/3.10/user-manual/api/reference.html#get-manager-stats-by-hour
+        def manager_stats_by_hour
+          get '/manager/stats/hourly'
+        end
+
+        # Get manager stats by weekly
+        # Returns Wazuh statistical information per week. Each number in the hours field represents the average alerts per hour for that specific day.
+        #
+        # @see https://documentation.wazuh.com/3.10/user-manual/api/reference.html#get-manager-stats-by-week
+        def manager_stats_by_weekly
+          get '/manager/stats/weekly'
+        end
+
+        # Get remoted stats
+        # Returns a summary of the current remoted stats.
+        #
+        # @see https://documentation.wazuh.com/3.10/user-manual/api/reference.html#get-remoted-stats
+        def manager_remoted_stats
+          get '/manager/stats/remoted'
+        end
+      end
+    end
+  end
+end