wazuh-ruby-client 0.1.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +7 -0
- data/.gitignore +20 -0
- data/.rspec +3 -0
- data/.travis.yml +7 -0
- data/CHANGELOG.md +0 -0
- data/Gemfile +5 -0
- data/LICENSE +21 -0
- data/README.md +74 -0
- data/Rakefile +6 -0
- data/docs/.nojekyll +0 -0
- data/docs/Wazuh/Api/Endpoints/ActiveResponse.html +278 -0
- data/docs/Wazuh/Api/Endpoints/Agents.html +1877 -0
- data/docs/Wazuh/Api/Endpoints/Cache.html +415 -0
- data/docs/Wazuh/Api/Endpoints/Ciscat.html +418 -0
- data/docs/Wazuh/Api/Endpoints/Cluster.html +2270 -0
- data/docs/Wazuh/Api/Endpoints/Decoders.html +860 -0
- data/docs/Wazuh/Api/Endpoints/Experimental.html +2610 -0
- data/docs/Wazuh/Api/Endpoints/Lists.html +452 -0
- data/docs/Wazuh/Api/Endpoints/Manager.html +1596 -0
- data/docs/Wazuh/Api/Endpoints/Rootcheck.html +1025 -0
- data/docs/Wazuh/Api/Endpoints/Rules.html +872 -0
- data/docs/Wazuh/Api/Endpoints/SecurityConfigurationAssessment.html +680 -0
- data/docs/Wazuh/Api/Endpoints/Summary.html +199 -0
- data/docs/Wazuh/Api/Endpoints/Syscheck.html +755 -0
- data/docs/Wazuh/Api/Endpoints/Syscollector.html +2069 -0
- data/docs/Wazuh/Api/Endpoints.html +292 -0
- data/docs/Wazuh/Api/Errors/TooManyRequestsError.html +398 -0
- data/docs/Wazuh/Api/Errors/WazuhError.html +290 -0
- data/docs/Wazuh/Api/Errors.html +117 -0
- data/docs/Wazuh/Api.html +133 -0
- data/docs/Wazuh/Client.html +521 -0
- data/docs/Wazuh/Config.html +223 -0
- data/docs/Wazuh/Faraday/Connection.html +110 -0
- data/docs/Wazuh/Faraday/Request.html +335 -0
- data/docs/Wazuh/Faraday/Response/RaiseError.html +191 -0
- data/docs/Wazuh/Faraday/Response.html +115 -0
- data/docs/Wazuh/Faraday.html +117 -0
- data/docs/Wazuh/Logger.html +201 -0
- data/docs/Wazuh.html +256 -0
- data/docs/WazuhRubyClient.html +121 -0
- data/docs/_index.html +391 -0
- data/docs/class_list.html +51 -0
- data/docs/css/common.css +1 -0
- data/docs/css/full_list.css +58 -0
- data/docs/css/style.css +496 -0
- data/docs/file.README.html +142 -0
- data/docs/file_list.html +56 -0
- data/docs/frames.html +17 -0
- data/docs/index.html +142 -0
- data/docs/js/app.js +292 -0
- data/docs/js/full_list.js +216 -0
- data/docs/js/jquery.js +4 -0
- data/docs/method_list.html +1059 -0
- data/docs/top-level-namespace.html +110 -0
- data/lib/tasks/api.rake +78 -0
- data/lib/wazuh/api/endpoints/active_response.rb +22 -0
- data/lib/wazuh/api/endpoints/agents.rb +175 -0
- data/lib/wazuh/api/endpoints/cache.rb +38 -0
- data/lib/wazuh/api/endpoints/ciscat.rb +43 -0
- data/lib/wazuh/api/endpoints/cluster.rb +199 -0
- data/lib/wazuh/api/endpoints/decoders.rb +91 -0
- data/lib/wazuh/api/endpoints/experimental.rb +309 -0
- data/lib/wazuh/api/endpoints/lists.rb +42 -0
- data/lib/wazuh/api/endpoints/manager.rb +156 -0
- data/lib/wazuh/api/endpoints/rootcheck.rb +93 -0
- data/lib/wazuh/api/endpoints/rules.rb +80 -0
- data/lib/wazuh/api/endpoints/security_configuration_assessment.rb +73 -0
- data/lib/wazuh/api/endpoints/summary.rb +15 -0
- data/lib/wazuh/api/endpoints/syscheck.rb +75 -0
- data/lib/wazuh/api/endpoints/syscollector.rb +227 -0
- data/lib/wazuh/api/endpoints.rb +37 -0
- data/lib/wazuh/api/error.rb +6 -0
- data/lib/wazuh/api/errors/too_many_requests_error.rb +22 -0
- data/lib/wazuh/api/errors/wazuh_error.rb +14 -0
- data/lib/wazuh/client.rb +27 -0
- data/lib/wazuh/config.rb +42 -0
- data/lib/wazuh/faraday/connection.rb +38 -0
- data/lib/wazuh/faraday/request.rb +38 -0
- data/lib/wazuh/faraday/response/raise_error.rb +11 -0
- data/lib/wazuh/logger.rb +13 -0
- data/lib/wazuh/version.rb +4 -0
- data/lib/wazuh-ruby-client/version.rb +3 -0
- data/lib/wazuh-ruby-client.rb +17 -0
- data/lib/wazuh_ruby_client.rb +2 -0
- data/wazuh-ruby-client.gemspec +43 -0
- metadata +200 -0
@@ -0,0 +1,93 @@
|
|
1
|
+
module Wazuh
|
2
|
+
module Api
|
3
|
+
module Endpoints
|
4
|
+
module Rootcheck
|
5
|
+
#
|
6
|
+
# Clear rootcheck database
|
7
|
+
# Clears the rootcheck database for all agents.
|
8
|
+
#
|
9
|
+
# @see https://documentation.wazuh.com/3.10/user-manual/api/reference.html#clear-rootcheck-database
|
10
|
+
def clear_rootcheck_database
|
11
|
+
delete '/rootcheck'
|
12
|
+
end
|
13
|
+
|
14
|
+
# Clear rootcheck database of an agent
|
15
|
+
# Clears the rootcheck database for a specific agent.
|
16
|
+
#
|
17
|
+
# @param [String] agent_id
|
18
|
+
# @see https://documentation.wazuh.com/3.10/user-manual/api/reference.html#clear-rootcheck-database-of-an-agent
|
19
|
+
def cleak_rootcheck_database_for_agent(agent_id)
|
20
|
+
delete "/rootcheck/#{agent_id}"
|
21
|
+
end
|
22
|
+
|
23
|
+
# Get last rootcheck scan
|
24
|
+
# Returns the timestamp of the last rootcheck scan.
|
25
|
+
#
|
26
|
+
# @param [String] agent_id
|
27
|
+
# @see https://documentation.wazuh.com/3.10/user-manual/api/reference.html#get-last-rootcheck-scan
|
28
|
+
def rootcheck_last_scan(agent_id)
|
29
|
+
get "/rootcheck/#{agent_id}/last_scan"
|
30
|
+
end
|
31
|
+
|
32
|
+
# Get rootcheck CIS requirements
|
33
|
+
# Returns the CIS requirements of all rootchecks of the specified agent.
|
34
|
+
#
|
35
|
+
# @param [String] agent_id
|
36
|
+
# @option options [offset] :offset
|
37
|
+
# @option options [limit] :limit
|
38
|
+
# @option options [sort] :sort
|
39
|
+
# @option options [search] :search
|
40
|
+
# @see https://documentation.wazuh.com/3.10/user-manual/api/reference.html#get-rootcheck-cis-requirements
|
41
|
+
def rootcheck_cis_requirements(agent_id, options = {})
|
42
|
+
get "/rootcheck/#{agent_id}/cis", options
|
43
|
+
end
|
44
|
+
|
45
|
+
# Get rootcheck database
|
46
|
+
# Returns the rootcheck database of an agent.
|
47
|
+
#
|
48
|
+
# @param [String] agent_id
|
49
|
+
# @option options [pci] :pci
|
50
|
+
# @option options [cis] :cis
|
51
|
+
# @option options [offset] :offset
|
52
|
+
# @option options [limit] :limit
|
53
|
+
# @option options [sort] :sort
|
54
|
+
# @option options [search] :search
|
55
|
+
# @option options [status] :status
|
56
|
+
# @see https://documentation.wazuh.com/3.10/user-manual/api/reference.html#get-rootcheck-database
|
57
|
+
def rootcheck_database(agent_id, options = {})
|
58
|
+
get "/rootcheck/#{agent_id}", options
|
59
|
+
end
|
60
|
+
|
61
|
+
# Get rootcheck pci requirements
|
62
|
+
# Returns the PCI requirements of all rootchecks of the agent.
|
63
|
+
#
|
64
|
+
# @param [String] agent_id
|
65
|
+
# @option options [offset] :offset
|
66
|
+
# @option options [limit] :limit
|
67
|
+
# @option options [sort] :sort
|
68
|
+
# @option options [search] :search
|
69
|
+
# @see https://documentation.wazuh.com/3.10/user-manual/api/reference.html#get-rootcheck-pci-requirements
|
70
|
+
def rootcheck_pic_requirements(agent_id, options = {})
|
71
|
+
get "/rootcheck/#{agent_id}/pci", options
|
72
|
+
end
|
73
|
+
|
74
|
+
# Run rootcheck scan in all agents
|
75
|
+
# Runs syscheck and rootcheck on all agents (Wazuh launches both processes simultaneously).
|
76
|
+
#
|
77
|
+
# @see https://documentation.wazuh.com/3.10/user-manual/api/reference.html#run-rootcheck-scan-in-all-agents
|
78
|
+
def run_rootcheck_all_agents
|
79
|
+
put '/rootcheck'
|
80
|
+
end
|
81
|
+
|
82
|
+
# Run rootcheck scan in an agent
|
83
|
+
# Runs syscheck and rootcheck on a specified agent (Wazuh launches both processes simultaneously)
|
84
|
+
#
|
85
|
+
# @param [String] agent_id
|
86
|
+
# @see https://documentation.wazuh.com/3.10/user-manual/api/reference.html#run-rootcheck-scan-in-an-agent
|
87
|
+
def run_rootcheck(agent_id)
|
88
|
+
put "/rootcheck/#{agent_id}"
|
89
|
+
end
|
90
|
+
end
|
91
|
+
end
|
92
|
+
end
|
93
|
+
end
|
@@ -0,0 +1,80 @@
|
|
1
|
+
module Wazuh
|
2
|
+
module Api
|
3
|
+
module Endpoints
|
4
|
+
module Rules
|
5
|
+
#
|
6
|
+
# Returns all rules.
|
7
|
+
#
|
8
|
+
# @see https://documentation.wazuh.com/3.10/user-manual/api/reference.html#get-all-rules
|
9
|
+
def all_rules(options = {})
|
10
|
+
get '/rules', options
|
11
|
+
end
|
12
|
+
|
13
|
+
# Returns the files of all rules.
|
14
|
+
#
|
15
|
+
# @see https://documentation.wazuh.com/3.10/user-manual/api/reference.html#get-files-of-rules
|
16
|
+
def rule_files(options = {})
|
17
|
+
get '/rules/files', options
|
18
|
+
end
|
19
|
+
|
20
|
+
# Returns the GDPR requirements of all rules.
|
21
|
+
#
|
22
|
+
# @see https://documentation.wazuh.com/3.10/user-manual/api/reference.html#get-rule-gdpr-requirements
|
23
|
+
def gdpr_rules(options = {})
|
24
|
+
get '/rules/gdpr', options
|
25
|
+
end
|
26
|
+
|
27
|
+
# Returns the GPG13 requirements of all rules.
|
28
|
+
#
|
29
|
+
# @see https://documentation.wazuh.com/3.10/user-manual/api/reference.html#get-rule-gpg13-requirements
|
30
|
+
def gpg13_rules(options = {})
|
31
|
+
get '/rules/gpg13', options
|
32
|
+
end
|
33
|
+
|
34
|
+
# Returns the groups of all rules.
|
35
|
+
#
|
36
|
+
# @see https://documentation.wazuh.com/3.10/user-manual/api/reference.html#get-rule-groups
|
37
|
+
def rules_groups(options = {})
|
38
|
+
get '/rules/groups', options
|
39
|
+
end
|
40
|
+
|
41
|
+
# Returns the HIPAA requirements of all rules.
|
42
|
+
#
|
43
|
+
# @see https://documentation.wazuh.com/3.10/user-manual/api/reference.html#get-rule-hipaa-requirements
|
44
|
+
def hipaa_rules(options = {})
|
45
|
+
get '/rules/hipaa', options
|
46
|
+
end
|
47
|
+
|
48
|
+
# Returns the NIST-800-53 requirements of all rules.
|
49
|
+
#
|
50
|
+
# @see https://documentation.wazuh.com/3.10/user-manual/api/reference.html#get-rule-nist-800-53-requirements
|
51
|
+
def nist_800_53_rules(options = {})
|
52
|
+
get '/rules/nist-800-53', options
|
53
|
+
end
|
54
|
+
|
55
|
+
# Returns the PCI requirements of all rules
|
56
|
+
#
|
57
|
+
# @see https://documentation.wazuh.com/3.10/user-manual/api/reference.html#get-rule-pci-requirements
|
58
|
+
def pic_rules(options = {})
|
59
|
+
get '/rules/pci', options
|
60
|
+
end
|
61
|
+
|
62
|
+
# Returns the rules with the specified id.
|
63
|
+
#
|
64
|
+
# @param [String] rule_id
|
65
|
+
# @option options [offset] :offset
|
66
|
+
# First element to return in the collection.
|
67
|
+
# @option options [limit] :limit
|
68
|
+
# Maximum number of elements to return.
|
69
|
+
# @option options [sort] :sort
|
70
|
+
# Sorts the collection by a field or fields (separated by comma). Use +/- at the beginning to list in ascending or descending order.
|
71
|
+
# @option options [search] :search
|
72
|
+
# Looks for elements with the specified string.
|
73
|
+
# @see https://documentation.wazuh.com/3.10/user-manual/api/reference.html#get-rules-by-id
|
74
|
+
def rule_by_id(rule_id, options = {})
|
75
|
+
get "/rules/#{rule_id}", options
|
76
|
+
end
|
77
|
+
end
|
78
|
+
end
|
79
|
+
end
|
80
|
+
end
|
@@ -0,0 +1,73 @@
|
|
1
|
+
module Wazuh
|
2
|
+
module Api
|
3
|
+
module Endpoints
|
4
|
+
module SecurityConfigurationAssessment
|
5
|
+
#
|
6
|
+
# Get security configuration assessment (SCA) checks database
|
7
|
+
# Returns the sca checks of an agent.
|
8
|
+
# @param [String] agent_id
|
9
|
+
# ID to agent
|
10
|
+
# @param [String] policy_id
|
11
|
+
# ID to policy
|
12
|
+
# @option options [title] :title
|
13
|
+
# Filters by title
|
14
|
+
# @option options [description] :description
|
15
|
+
# Filters by policy description
|
16
|
+
# @option options [rationale] :rationale
|
17
|
+
# Filters by rationale
|
18
|
+
# @option options [remediation] :remediation
|
19
|
+
# Filters by remediation
|
20
|
+
# @option options [file] :file
|
21
|
+
# Filters by file
|
22
|
+
# @option options [process] :process
|
23
|
+
# Filters by process
|
24
|
+
# @option options [directory] :directory
|
25
|
+
# Filters by directory
|
26
|
+
# @option options [registry] :registry
|
27
|
+
# Filters by registry
|
28
|
+
# @option options [references] :references
|
29
|
+
# Filters by references
|
30
|
+
# @option options [result] :result
|
31
|
+
# Filters by result
|
32
|
+
# @option options [offset] :offset
|
33
|
+
# First element to return in the collection.
|
34
|
+
# @option options [limit] :limit
|
35
|
+
# Maximum number of elements to return.
|
36
|
+
# @option options [sort] :sort
|
37
|
+
# Sorts the collection by a field or fields (separated by comma). Use +/- at the beginning to list in ascending or descending order.
|
38
|
+
# @option options [search] :search
|
39
|
+
# Looks for elements with the specified string.
|
40
|
+
# @see https://documentation.wazuh.com/3.10/user-manual/api/reference.html#get-security-configuration-assessment-sca-checks-database
|
41
|
+
def checks_sca_database(agent_id, policy_id, options = {})
|
42
|
+
get "/sca/#{agent_id}/checks/#{policy_id}", options
|
43
|
+
end
|
44
|
+
|
45
|
+
# Get security configuration assessment (SCA) database
|
46
|
+
# Returns the sca database of an agent
|
47
|
+
#
|
48
|
+
# @param [String] agent_id
|
49
|
+
# ID to agent
|
50
|
+
# @option options [name] :name
|
51
|
+
# Filters by policy name.
|
52
|
+
# @option options [description] :description
|
53
|
+
# Filters by policy description
|
54
|
+
# @option options [references] :references
|
55
|
+
# Filters by references
|
56
|
+
# @option options [offset] :offset
|
57
|
+
# First element to return in the collection.
|
58
|
+
# @option options [limit] :limit
|
59
|
+
# Maximum number of elements to return.
|
60
|
+
# @option options [sort] :sort
|
61
|
+
# Sorts the collection by a field or fields (separated by comma). Use +/- at the beginning to list in ascending or descending order.
|
62
|
+
# @option options [search] :search
|
63
|
+
# Looks for elements with the specified string.
|
64
|
+
# @option options [q] :q
|
65
|
+
# Query to filter results by. This is specially useful to filter by total checks passed, failed or total score (fields pass, fail, score).
|
66
|
+
# @see https://documentation.wazuh.com/3.10/user-manual/api/reference.html#get-security-configuration-assessment-sca-database
|
67
|
+
def sca_database(agent_id, options = {})
|
68
|
+
get "/sca/#{agent_id}", options
|
69
|
+
end
|
70
|
+
end
|
71
|
+
end
|
72
|
+
end
|
73
|
+
end
|
@@ -0,0 +1,15 @@
|
|
1
|
+
module Wazuh
|
2
|
+
module Api
|
3
|
+
module Endpoints
|
4
|
+
module Summary
|
5
|
+
#
|
6
|
+
# Returns a dictionary with a full summary of agents.
|
7
|
+
#
|
8
|
+
# @see https://documentation.wazuh.com/3.10/user-manual/api/reference.html#get-a-full-summary-of-agents
|
9
|
+
def summary
|
10
|
+
get '/summary/agents'
|
11
|
+
end
|
12
|
+
end
|
13
|
+
end
|
14
|
+
end
|
15
|
+
end
|
@@ -0,0 +1,75 @@
|
|
1
|
+
module Wazuh
|
2
|
+
module Api
|
3
|
+
module Endpoints
|
4
|
+
module Syscheck
|
5
|
+
#
|
6
|
+
# Clears the syscheck database for the specified agent.
|
7
|
+
#
|
8
|
+
# @param [String] agent_id
|
9
|
+
# ID to agent
|
10
|
+
# @see https://documentation.wazuh.com/3.10/user-manual/api/reference.html#clear-syscheck-database-of-an-agent
|
11
|
+
def clear_syscheck_database(agent_id)
|
12
|
+
delete "/syscheck/#{agent_id}"
|
13
|
+
end
|
14
|
+
|
15
|
+
# Return the timestamp of the last syscheck scan.
|
16
|
+
#
|
17
|
+
# @param [String] agent_id
|
18
|
+
# ID to agent
|
19
|
+
# @see https://documentation.wazuh.com/3.10/user-manual/api/reference.html#get-last-syscheck-scan
|
20
|
+
def last_syscheck_scan(agent_id)
|
21
|
+
get "/syscheck/#{agent_id}/last_scan"
|
22
|
+
end
|
23
|
+
|
24
|
+
# Returns the syscheck files of an agent.
|
25
|
+
#
|
26
|
+
# @param [String] agent_id
|
27
|
+
# ID to agent
|
28
|
+
# @option options [offset] :offset
|
29
|
+
# First element to return in the collection.
|
30
|
+
# @option options [limit] :limit
|
31
|
+
# Maximum number of elements to return.
|
32
|
+
# @option options [sort] :sort
|
33
|
+
# Sorts the collection by a field or fields (separated by comma). Use +/- at the beginning to list in ascending or descending order.
|
34
|
+
# @option options [search] :search
|
35
|
+
# Looks for elements with the specified string.
|
36
|
+
# @option options [file] :file
|
37
|
+
# Filters file by filename.
|
38
|
+
# @option options [type] :type
|
39
|
+
# Selects type of file. Allowed values: file, registry
|
40
|
+
# @option options [summary] :summary
|
41
|
+
# Returns a summary grouping by filename. Allowed values: yes, no
|
42
|
+
# @option options [select] :select
|
43
|
+
# List of selected fields separated by commas.
|
44
|
+
# @option options [md5] :md5
|
45
|
+
# Returns the files with the specified md5 hash.
|
46
|
+
# @option options [sha1] :sha1
|
47
|
+
# Returns the files with the specified sha1 hash.
|
48
|
+
# @option options [sha256] :sha256
|
49
|
+
# Returns the files with the specified sha256 hash.
|
50
|
+
# @option options [hash] :hash
|
51
|
+
# Returns the files with the specified hash (md5, sha1 or sha256).
|
52
|
+
# @see https://documentation.wazuh.com/3.10/user-manual/api/reference.html#get-syscheck-files
|
53
|
+
def syscheck_files(agent_id, options)
|
54
|
+
get "/syscheck/#{agent_id}", options
|
55
|
+
end
|
56
|
+
|
57
|
+
# Runs syscheck and rootcheck on all agents (Wazuh launches both processes simultaneously).
|
58
|
+
#
|
59
|
+
# @see https://documentation.wazuh.com/3.10/user-manual/api/reference.html#run-syscheck-scan-in-all-agents
|
60
|
+
def run_syscheck_all_agents
|
61
|
+
put '/syscheck'
|
62
|
+
end
|
63
|
+
|
64
|
+
# Runs syscheck and rootcheck on an agent (Wazuh launches both processes simultaneously).
|
65
|
+
#
|
66
|
+
# @param [String] agent_id
|
67
|
+
# ID to agent
|
68
|
+
# @see https://documentation.wazuh.com/3.10/user-manual/api/reference.html#run-syscheck-scan-in-an-agent
|
69
|
+
def run_syscheck(agent_id)
|
70
|
+
put "/syscheck/#{agent_id}"
|
71
|
+
end
|
72
|
+
end
|
73
|
+
end
|
74
|
+
end
|
75
|
+
end
|
@@ -0,0 +1,227 @@
|
|
1
|
+
module Wazuh
|
2
|
+
module Api
|
3
|
+
module Endpoints
|
4
|
+
module Syscollector
|
5
|
+
#
|
6
|
+
# Returns the agent’s hardware info.
|
7
|
+
#
|
8
|
+
# @param [String] agent_id
|
9
|
+
# @option options [select] :select
|
10
|
+
# List of selected fields separated by commas.
|
11
|
+
# @see https://documentation.wazuh.com/3.10/user-manual/api/reference.html#get-hardware-info
|
12
|
+
def hardware(agent_id, options = {})
|
13
|
+
get "/syscollector/#{agent_id}/hardware", options
|
14
|
+
end
|
15
|
+
|
16
|
+
# Returns the agent’s network address info.
|
17
|
+
#
|
18
|
+
# @param [String] agent_id
|
19
|
+
# @option options [offset] :offset
|
20
|
+
# First element to return in the collection.
|
21
|
+
# @option options [limit] :limit
|
22
|
+
# Maximum number of elements to return.
|
23
|
+
# @option options [sort] :sort
|
24
|
+
# Sorts the collection by a field or fields (separated by comma). Use +/- at the beginning to list in ascending or descending order.
|
25
|
+
# @option options [search] :search
|
26
|
+
# Looks for elements with the specified string.
|
27
|
+
# @option options [select] :select
|
28
|
+
# List of selected fields separated by commas.
|
29
|
+
# @option options [iface] :iface
|
30
|
+
# Filters by interface name.
|
31
|
+
# @option options [proto] :proto
|
32
|
+
# Filters by proto.
|
33
|
+
# @option options [address] :address
|
34
|
+
# Filters by address.
|
35
|
+
# @option options [broadcast] :broadcast
|
36
|
+
# Filters by broadcast.
|
37
|
+
# @option options [netmask] :netmask
|
38
|
+
# Filters by netmask.
|
39
|
+
# @see https://documentation.wazuh.com/3.10/user-manual/api/reference.html#get-network-address-info-of-an-agent
|
40
|
+
def netaddr(agent_id, options = {})
|
41
|
+
get "/syscollector/#{agent_id}/netaddr", options
|
42
|
+
end
|
43
|
+
|
44
|
+
# Returns the agent’s network interface info
|
45
|
+
#
|
46
|
+
# @param [String] agent_id
|
47
|
+
# @option options [offset] :offset
|
48
|
+
# First element to return in the collection.
|
49
|
+
# @option options [limit] :limit
|
50
|
+
# Maximum number of elements to return.
|
51
|
+
# @option options [sort] :sort
|
52
|
+
# Sorts the collection by a field or fields (separated by comma). Use +/- at the beginning to list in ascending or descending order.
|
53
|
+
# @option options [search] :search
|
54
|
+
# Looks for elements with the specified string.
|
55
|
+
# @option options [select] :select
|
56
|
+
# List of selected fields separated by commas.
|
57
|
+
# @option options [name] :name
|
58
|
+
# Filters by name.
|
59
|
+
# @option options [adapter] :adapter
|
60
|
+
# Filters by adapter.
|
61
|
+
# @option options [type] :type
|
62
|
+
# Filters by type.
|
63
|
+
# @option options [state] :state
|
64
|
+
# Filters by state.
|
65
|
+
# @option options [mtu] :mtu
|
66
|
+
# Filters by mtu.
|
67
|
+
# @option options [tx_packets] :tx_packets
|
68
|
+
# @option options [rx_packets] :rx_packets
|
69
|
+
# @option options [tx_bytes] :tx_bytes
|
70
|
+
# @option options [rx_bytes] :rx_bytes
|
71
|
+
# @option options [tx_errors] :tx_errors
|
72
|
+
# @option options [rx_errors] :rx_errors
|
73
|
+
# @option options [tx_dropped] :tx_dropped
|
74
|
+
# @option options [rx_dropped] :rx_dropped
|
75
|
+
# @see https://documentation.wazuh.com/3.10/user-manual/api/reference.html#get-network-interface-info-of-an-agent
|
76
|
+
def netiface(agent_id, options = {})
|
77
|
+
get "/syscollector/#{agent_id}/netiface", options
|
78
|
+
end
|
79
|
+
|
80
|
+
# Returns the agent’s network protocol info.
|
81
|
+
#
|
82
|
+
# @param [String] agent_id
|
83
|
+
# @option options [offset] :offset
|
84
|
+
# First element to return in the collection.
|
85
|
+
# @option options [limit] :limit
|
86
|
+
# Maximum number of elements to return.
|
87
|
+
# @option options [sort] :sort
|
88
|
+
# Sorts the collection by a field or fields (separated by comma). Use +/- at the beginning to list in ascending or descending order.
|
89
|
+
# @option options [search] :search
|
90
|
+
# Looks for elements with the specified string.
|
91
|
+
# @option options [select] :select
|
92
|
+
# List of selected fields separated by commas.
|
93
|
+
# @option options [iface] :iface
|
94
|
+
# Filters by interface name.
|
95
|
+
# @option options [type] :type
|
96
|
+
# Filters by type.
|
97
|
+
# @option options [gateway] :gateway
|
98
|
+
# Filters by gateway.
|
99
|
+
# @option options [dhcp] :dhcp
|
100
|
+
# Filters by dhcp.
|
101
|
+
# @see https://documentation.wazuh.com/3.10/user-manual/api/reference.html#get-network-protocol-info-of-an-agent
|
102
|
+
def netproto(agent_id, options = {})
|
103
|
+
get "/syscollector/#{agent_id}/netproto", options
|
104
|
+
end
|
105
|
+
|
106
|
+
# Returns the agent’s OS info.
|
107
|
+
#
|
108
|
+
# @param [String] agent_id
|
109
|
+
# @option options [select] :select
|
110
|
+
# List of selected fields separated by commas.
|
111
|
+
# @see https://documentation.wazuh.com/3.10/user-manual/api/reference.html#get-os-info
|
112
|
+
def os(agent_id, options = {})
|
113
|
+
get "/syscollector/#{agent_id}/os", options
|
114
|
+
end
|
115
|
+
|
116
|
+
# Returns the agent’s packages info.
|
117
|
+
#
|
118
|
+
# @param [String] agent_id
|
119
|
+
# @option options [offset] :offset
|
120
|
+
# First element to return in the collection.
|
121
|
+
# @option options [limit] :limit
|
122
|
+
# Maximum number of elements to return.
|
123
|
+
# @option options [sort] :sort
|
124
|
+
# Sorts the collection by a field or fields (separated by comma). Use +/- at the beginning to list in ascending or descending order.
|
125
|
+
# @option options [search] :search
|
126
|
+
# Looks for elements with the specified string.
|
127
|
+
# @option options [select] :select
|
128
|
+
# List of selected fields separated by commas.
|
129
|
+
# @option options [vendor] :vendor
|
130
|
+
# Filters by vendor.
|
131
|
+
# @option options [name] :name
|
132
|
+
# Filters by name.
|
133
|
+
# @option options [architecture] :architecture
|
134
|
+
# Filters by architecture.
|
135
|
+
# @option options [format] :format
|
136
|
+
# Filters by format.
|
137
|
+
# @option options [version] :version
|
138
|
+
# Filters by format.
|
139
|
+
# @see https://documentation.wazuh.com/3.10/user-manual/api/reference.html#get-packages-info
|
140
|
+
def packages(agent_id, options = {})
|
141
|
+
get "/syscollector/#{agent_id}/packages", options
|
142
|
+
end
|
143
|
+
|
144
|
+
# Get ports info of an agent
|
145
|
+
# Returns the agent’s ports info.
|
146
|
+
#
|
147
|
+
# @param [String] agent_id
|
148
|
+
# @option options [offset] :offset
|
149
|
+
# First element to return in the collection.
|
150
|
+
# @option options [limit] :limit
|
151
|
+
# Maximum number of elements to return.
|
152
|
+
# @option options [sort] :sort
|
153
|
+
# Sorts the collection by a field or fields (separated by comma). Use +/- at the beginning to list in ascending or descending order.
|
154
|
+
# @option options [search] :search
|
155
|
+
# Looks for elements with the specified string.
|
156
|
+
# @option options [select] :select
|
157
|
+
# List of selected fields separated by commas.
|
158
|
+
# @option options [pid] :pid
|
159
|
+
# Filters by pid.
|
160
|
+
# @option options [protocol] :protocol
|
161
|
+
# Filters by protocol.
|
162
|
+
# @option options [local_ip] :local_ip
|
163
|
+
# Filters by local_ip.
|
164
|
+
# @option options [local_port] :local_port
|
165
|
+
# Filters by local_port.
|
166
|
+
# @option options [remote_ip] :remote_ip
|
167
|
+
# Filters by remote_ip.
|
168
|
+
# @option options [tx_queue] :tx_queue
|
169
|
+
# Filters by tx_queue.
|
170
|
+
# @option options [state] :state
|
171
|
+
# Filters by state.
|
172
|
+
# @see https://documentation.wazuh.com/3.10/user-manual/api/reference.html#get-ports-info-of-an-agent
|
173
|
+
def ports(agent_id, options = {})
|
174
|
+
get "/syscollector/#{agent_id}/ports", options
|
175
|
+
end
|
176
|
+
|
177
|
+
# Get processes info
|
178
|
+
# Returns the agent's processes info.
|
179
|
+
#
|
180
|
+
# @param [String] agent_id
|
181
|
+
# @option options [offset] :offset
|
182
|
+
# First element to return in the collection.
|
183
|
+
# @option options [limit] :limit
|
184
|
+
# Maximum number of elements to return.
|
185
|
+
# @option options [sort] :sort
|
186
|
+
# Sorts the collection by a field or fields (separated by comma). Use +/- at the beginning to list in ascending or descending order.
|
187
|
+
# @option options [search] :search
|
188
|
+
# Looks for elements with the specified string.
|
189
|
+
# @option options [select] :select
|
190
|
+
# List of selected fields separated by commas.
|
191
|
+
# @option options [pid] :pid
|
192
|
+
# Filters by pid.
|
193
|
+
# @option options [state] :state
|
194
|
+
# Filters by process state.
|
195
|
+
# @option options [ppid] :ppid
|
196
|
+
# Filters by process parent pid.
|
197
|
+
# @option options [egroup] :egroup
|
198
|
+
# Filters by process egroup.
|
199
|
+
# @option options [euser] :euser
|
200
|
+
# Filters by process euser.
|
201
|
+
# @option options [fgroup] :fgroup
|
202
|
+
# Filters by process fgroup.
|
203
|
+
# @option options [name] :name
|
204
|
+
# Filters by process name.
|
205
|
+
# @option options [nlwp] :nlwp
|
206
|
+
# Filters by process nlwp.
|
207
|
+
# @option options [pgrp] :pgrp
|
208
|
+
# Filters by process pgrp.
|
209
|
+
# @option options [priority] :priority
|
210
|
+
# Filters by process priority.
|
211
|
+
# @option options [rgroup] :rgroup
|
212
|
+
# Filters by process rgroup.
|
213
|
+
# @option options [ruser] :ruser
|
214
|
+
# Filters by process ruser.
|
215
|
+
# @option options [sgroup] :sgroup
|
216
|
+
# Filters by process sgroup.
|
217
|
+
# @option options [suser] :suser
|
218
|
+
# Filters by process suser.
|
219
|
+
#
|
220
|
+
# @see https://documentation.wazuh.com/3.10/user-manual/api/reference.html#get-processes-info
|
221
|
+
def processes(agent_id, options = {})
|
222
|
+
get "/syscollector/#{agent_id}/processes", options
|
223
|
+
end
|
224
|
+
end
|
225
|
+
end
|
226
|
+
end
|
227
|
+
end
|
@@ -0,0 +1,37 @@
|
|
1
|
+
require_relative 'endpoints/active_response'
|
2
|
+
require_relative 'endpoints/agents'
|
3
|
+
require_relative 'endpoints/cache'
|
4
|
+
require_relative 'endpoints/ciscat'
|
5
|
+
require_relative 'endpoints/cluster'
|
6
|
+
require_relative 'endpoints/decoders'
|
7
|
+
require_relative 'endpoints/experimental'
|
8
|
+
require_relative 'endpoints/lists'
|
9
|
+
require_relative 'endpoints/manager'
|
10
|
+
require_relative 'endpoints/rootcheck'
|
11
|
+
require_relative 'endpoints/rules'
|
12
|
+
require_relative 'endpoints/security_configuration_assessment'
|
13
|
+
require_relative 'endpoints/summary'
|
14
|
+
require_relative 'endpoints/syscheck'
|
15
|
+
require_relative 'endpoints/syscollector'
|
16
|
+
|
17
|
+
module Wazuh
|
18
|
+
module Api
|
19
|
+
module Endpoints
|
20
|
+
include ActiveResponse
|
21
|
+
include Agents
|
22
|
+
include Cache
|
23
|
+
include Ciscat
|
24
|
+
include Cluster
|
25
|
+
include Decoders
|
26
|
+
include Experimental
|
27
|
+
include Lists
|
28
|
+
include Manager
|
29
|
+
include Rootcheck
|
30
|
+
include Rules
|
31
|
+
include Summary
|
32
|
+
include Syscheck
|
33
|
+
include Syscollector
|
34
|
+
include SecurityConfigurationAssessment
|
35
|
+
end
|
36
|
+
end
|
37
|
+
end
|
@@ -0,0 +1,22 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
module Wazuh
|
3
|
+
module Api
|
4
|
+
module Errors
|
5
|
+
class TooManyRequestsError < ::Faraday::Error
|
6
|
+
attr_reader :response
|
7
|
+
|
8
|
+
def initialize(response)
|
9
|
+
@response = response
|
10
|
+
end
|
11
|
+
|
12
|
+
def message
|
13
|
+
"Retry after #{retry_after} seconds"
|
14
|
+
end
|
15
|
+
|
16
|
+
def retry_after
|
17
|
+
response.headers['retry-after'].to_i
|
18
|
+
end
|
19
|
+
end
|
20
|
+
end
|
21
|
+
end
|
22
|
+
end
|
data/lib/wazuh/client.rb
ADDED
@@ -0,0 +1,27 @@
|
|
1
|
+
module Wazuh
|
2
|
+
class Client
|
3
|
+
include Faraday::Connection
|
4
|
+
include Faraday::Request
|
5
|
+
include Api::Endpoints
|
6
|
+
|
7
|
+
attr_accessor(*Config::ATTRIBUTES)
|
8
|
+
|
9
|
+
def initialize(options = {})
|
10
|
+
Wazuh::Config::ATTRIBUTES.each do |key|
|
11
|
+
send("#{key}=", options[key] || Wazuh.config.send(key))
|
12
|
+
end
|
13
|
+
@logger ||= Wazuh::Config.logger || Wazuh::Logger.default
|
14
|
+
end
|
15
|
+
|
16
|
+
class << self
|
17
|
+
def configure
|
18
|
+
block_given? ? yield(Config) : Config
|
19
|
+
end
|
20
|
+
|
21
|
+
def config
|
22
|
+
Config
|
23
|
+
end
|
24
|
+
end
|
25
|
+
end
|
26
|
+
end
|
27
|
+
|