wazuh-ruby-client 0.1.0

data/lib/wazuh/api/endpoints/rootcheck.rb

@@ -0,0 +1,93 @@
+module Wazuh
+  module Api
+    module Endpoints
+      module Rootcheck
+        #
+        # Clear rootcheck database
+        # Clears the rootcheck database for all agents.
+        #
+        # @see https://documentation.wazuh.com/3.10/user-manual/api/reference.html#clear-rootcheck-database
+        def clear_rootcheck_database
+          delete '/rootcheck'
+        end
+
+        # Clear rootcheck database of an agent
+        # Clears the rootcheck database for a specific agent.
+        #
+        # @param [String] agent_id
+        # @see https://documentation.wazuh.com/3.10/user-manual/api/reference.html#clear-rootcheck-database-of-an-agent
+        def cleak_rootcheck_database_for_agent(agent_id)
+          delete "/rootcheck/#{agent_id}"
+        end
+
+        # Get last rootcheck scan
+        # Returns the timestamp of the last rootcheck scan. 
+        #
+        # @param [String] agent_id
+        # @see https://documentation.wazuh.com/3.10/user-manual/api/reference.html#get-last-rootcheck-scan
+        def rootcheck_last_scan(agent_id)
+          get "/rootcheck/#{agent_id}/last_scan"
+        end
+
+        # Get rootcheck CIS requirements
+        # Returns the CIS requirements of all rootchecks of the specified agent.
+        #
+        # @param [String] agent_id
+        # @option options [offset] :offset
+        # @option options [limit] :limit
+        # @option options [sort] :sort
+        # @option options [search] :search
+        # @see https://documentation.wazuh.com/3.10/user-manual/api/reference.html#get-rootcheck-cis-requirements
+        def rootcheck_cis_requirements(agent_id, options = {})
+          get "/rootcheck/#{agent_id}/cis", options
+        end
+
+        # Get rootcheck database
+        # Returns the rootcheck database of an agent.
+        #
+        # @param [String] agent_id
+        # @option options [pci] :pci
+        # @option options [cis] :cis
+        # @option options [offset] :offset
+        # @option options [limit] :limit
+        # @option options [sort] :sort
+        # @option options [search] :search
+        # @option options [status] :status
+        # @see https://documentation.wazuh.com/3.10/user-manual/api/reference.html#get-rootcheck-database
+        def rootcheck_database(agent_id, options = {})
+          get "/rootcheck/#{agent_id}", options
+        end
+
+        # Get rootcheck pci requirements
+        # Returns the PCI requirements of all rootchecks of the agent.
+        #
+        # @param [String] agent_id
+        # @option options [offset] :offset
+        # @option options [limit] :limit
+        # @option options [sort] :sort
+        # @option options [search] :search
+        # @see https://documentation.wazuh.com/3.10/user-manual/api/reference.html#get-rootcheck-pci-requirements
+        def rootcheck_pic_requirements(agent_id, options = {})
+          get "/rootcheck/#{agent_id}/pci", options
+        end
+
+        # Run rootcheck scan in all agents
+        # Runs syscheck and rootcheck on all agents (Wazuh launches both processes simultaneously).
+        #
+        # @see https://documentation.wazuh.com/3.10/user-manual/api/reference.html#run-rootcheck-scan-in-all-agents
+        def run_rootcheck_all_agents
+          put '/rootcheck'
+        end
+
+        # Run rootcheck scan in an agent
+        # Runs syscheck and rootcheck on a specified agent (Wazuh launches both processes simultaneously)
+        #
+        # @param [String] agent_id
+        # @see https://documentation.wazuh.com/3.10/user-manual/api/reference.html#run-rootcheck-scan-in-an-agent
+        def run_rootcheck(agent_id)
+          put "/rootcheck/#{agent_id}"
+        end
+      end
+    end
+  end
+end

data/lib/wazuh/api/endpoints/rules.rb

@@ -0,0 +1,80 @@
+module Wazuh
+  module Api
+    module Endpoints
+      module Rules
+        #
+        # Returns all rules.
+        #
+        # @see https://documentation.wazuh.com/3.10/user-manual/api/reference.html#get-all-rules
+        def all_rules(options = {})
+          get '/rules', options
+        end
+
+        # Returns the files of all rules.
+        #
+        # @see https://documentation.wazuh.com/3.10/user-manual/api/reference.html#get-files-of-rules
+        def rule_files(options = {})
+          get '/rules/files', options
+        end
+
+        # Returns the GDPR requirements of all rules.
+        #
+        # @see https://documentation.wazuh.com/3.10/user-manual/api/reference.html#get-rule-gdpr-requirements
+        def gdpr_rules(options = {})
+          get '/rules/gdpr', options
+        end
+
+        # Returns the GPG13 requirements of all rules.
+        #
+        # @see https://documentation.wazuh.com/3.10/user-manual/api/reference.html#get-rule-gpg13-requirements
+        def gpg13_rules(options = {})
+          get '/rules/gpg13', options
+        end
+
+        # Returns the groups of all rules.
+        #
+        # @see https://documentation.wazuh.com/3.10/user-manual/api/reference.html#get-rule-groups
+        def rules_groups(options = {})
+          get '/rules/groups', options
+        end
+
+        # Returns the HIPAA requirements of all rules.
+        #
+        # @see https://documentation.wazuh.com/3.10/user-manual/api/reference.html#get-rule-hipaa-requirements
+        def hipaa_rules(options = {})
+          get '/rules/hipaa', options
+        end
+
+        # Returns the NIST-800-53 requirements of all rules.
+        #
+        # @see https://documentation.wazuh.com/3.10/user-manual/api/reference.html#get-rule-nist-800-53-requirements
+        def nist_800_53_rules(options = {})
+          get '/rules/nist-800-53', options
+        end
+
+        # Returns the PCI requirements of all rules
+        #
+        # @see https://documentation.wazuh.com/3.10/user-manual/api/reference.html#get-rule-pci-requirements
+        def pic_rules(options = {})
+          get '/rules/pci', options
+        end
+
+        # Returns the rules with the specified id.
+        #
+        # @param [String] rule_id
+        # @option options [offset] :offset
+        #   First element to return in the collection.
+        # @option options [limit] :limit
+        #   Maximum number of elements to return.
+        # @option options [sort] :sort
+        #   Sorts the collection by a field or fields (separated by comma). Use +/- at the beginning to list in ascending or descending order.
+        # @option options [search] :search
+        #   Looks for elements with the specified string.
+        # @see https://documentation.wazuh.com/3.10/user-manual/api/reference.html#get-rules-by-id
+        def rule_by_id(rule_id, options = {})
+          get "/rules/#{rule_id}", options
+        end
+      end
+    end
+  end
+end

data/lib/wazuh/api/endpoints/security_configuration_assessment.rb

@@ -0,0 +1,73 @@
+module Wazuh
+  module Api
+    module Endpoints
+      module SecurityConfigurationAssessment
+        #
+        # Get security configuration assessment (SCA) checks database
+        # Returns the sca checks of an agent.
+        # @param [String] agent_id
+        #   ID to agent
+        # @param [String] policy_id
+        #   ID to policy
+        # @option options [title] :title
+        #   Filters by title
+        # @option options [description] :description
+        #   Filters by policy description
+        # @option options [rationale] :rationale
+        #   Filters by rationale
+        # @option options [remediation] :remediation 
+        #   Filters by remediation
+        # @option options [file] :file
+        #   Filters by file
+        # @option options [process] :process
+        #   Filters by process
+        # @option options [directory] :directory
+        #   Filters by directory
+        # @option options [registry] :registry
+        #   Filters by registry
+        # @option options [references] :references
+        #   Filters by references
+        # @option options [result] :result
+        #   Filters by result
+        # @option options [offset] :offset
+        #   First element to return in the collection.
+        # @option options [limit] :limit
+        #   Maximum number of elements to return.
+        # @option options [sort] :sort
+        #   Sorts the collection by a field or fields (separated by comma). Use +/- at the beginning to list in ascending or descending order.
+        # @option options [search] :search
+        #   Looks for elements with the specified string.
+        # @see https://documentation.wazuh.com/3.10/user-manual/api/reference.html#get-security-configuration-assessment-sca-checks-database
+        def checks_sca_database(agent_id, policy_id, options = {})
+          get "/sca/#{agent_id}/checks/#{policy_id}", options
+        end
+
+        # Get security configuration assessment (SCA) database
+        # Returns the sca database of an agent
+        #
+        # @param [String] agent_id
+        #   ID to agent
+        # @option options [name] :name
+        #   Filters by policy name.
+        # @option options [description] :description
+        #   Filters by policy description
+        # @option options [references] :references
+        #   Filters by references
+        # @option options [offset] :offset
+        #   First element to return in the collection.
+        # @option options [limit] :limit
+        #   Maximum number of elements to return.
+        # @option options [sort] :sort
+        #   Sorts the collection by a field or fields (separated by comma). Use +/- at the beginning to list in ascending or descending order.
+        # @option options [search] :search
+        #   Looks for elements with the specified string.
+        # @option options [q] :q
+        #   Query to filter results by. This is specially useful to filter by total checks passed, failed or total score (fields pass, fail, score).
+        # @see https://documentation.wazuh.com/3.10/user-manual/api/reference.html#get-security-configuration-assessment-sca-database
+        def sca_database(agent_id, options = {})
+          get "/sca/#{agent_id}", options
+        end
+      end
+    end
+  end
+end

data/lib/wazuh/api/endpoints/summary.rb

@@ -0,0 +1,15 @@
+module Wazuh
+  module Api
+    module Endpoints
+      module Summary
+        #
+        # Returns a dictionary with a full summary of agents.
+        #
+        # @see https://documentation.wazuh.com/3.10/user-manual/api/reference.html#get-a-full-summary-of-agents
+        def summary
+          get '/summary/agents'
+        end
+      end
+    end
+  end
+end

data/lib/wazuh/api/endpoints/syscheck.rb

@@ -0,0 +1,75 @@
+module Wazuh
+  module Api
+    module Endpoints
+      module Syscheck
+        #
+        # Clears the syscheck database for the specified agent.
+        #
+        # @param [String] agent_id
+        #   ID to agent
+        # @see https://documentation.wazuh.com/3.10/user-manual/api/reference.html#clear-syscheck-database-of-an-agent
+        def clear_syscheck_database(agent_id)
+          delete "/syscheck/#{agent_id}"
+        end
+
+        # Return the timestamp of the last syscheck scan.
+        #
+        # @param [String] agent_id
+        #   ID to agent
+        # @see https://documentation.wazuh.com/3.10/user-manual/api/reference.html#get-last-syscheck-scan
+        def last_syscheck_scan(agent_id)
+          get "/syscheck/#{agent_id}/last_scan"
+        end
+
+        # Returns the syscheck files of an agent.
+        #
+        # @param [String] agent_id
+        #   ID to agent
+        # @option options [offset] :offset
+        #   First element to return in the collection.
+        # @option options [limit] :limit
+        #   Maximum number of elements to return.
+        # @option options [sort] :sort
+        #   Sorts the collection by a field or fields (separated by comma). Use +/- at the beginning to list in ascending or descending order.
+        # @option options [search] :search
+        #   Looks for elements with the specified string.
+        # @option options [file] :file
+        #   Filters file by filename.
+        # @option options [type] :type
+        #   Selects type of file. Allowed values: file, registry
+        # @option options [summary] :summary
+        #   Returns a summary grouping by filename. Allowed values: yes, no
+        # @option options [select] :select
+        #   List of selected fields separated by commas.
+        # @option options [md5] :md5
+        #   Returns the files with the specified md5 hash.
+        # @option options [sha1] :sha1
+        #   Returns the files with the specified sha1 hash.
+        # @option options [sha256] :sha256
+        #   Returns the files with the specified sha256 hash.
+        # @option options [hash] :hash
+        #   Returns the files with the specified hash (md5, sha1 or sha256).
+        # @see https://documentation.wazuh.com/3.10/user-manual/api/reference.html#get-syscheck-files
+        def syscheck_files(agent_id, options)
+          get "/syscheck/#{agent_id}", options
+        end
+
+        # Runs syscheck and rootcheck on all agents (Wazuh launches both processes simultaneously).
+        #
+        # @see https://documentation.wazuh.com/3.10/user-manual/api/reference.html#run-syscheck-scan-in-all-agents
+        def run_syscheck_all_agents
+          put '/syscheck'
+        end
+
+        # Runs syscheck and rootcheck on an agent (Wazuh launches both processes simultaneously).
+        #
+        # @param [String] agent_id
+        #   ID to agent
+        # @see https://documentation.wazuh.com/3.10/user-manual/api/reference.html#run-syscheck-scan-in-an-agent
+        def run_syscheck(agent_id)
+          put "/syscheck/#{agent_id}"
+        end
+      end
+    end
+  end
+end

data/lib/wazuh/api/endpoints/syscollector.rb

@@ -0,0 +1,227 @@
+module Wazuh
+  module Api
+    module Endpoints
+      module Syscollector
+        #
+        # Returns the agent’s hardware info.
+        #
+        # @param [String] agent_id
+        # @option options [select] :select
+        #   List of selected fields separated by commas.
+        # @see https://documentation.wazuh.com/3.10/user-manual/api/reference.html#get-hardware-info
+        def hardware(agent_id, options = {})
+          get "/syscollector/#{agent_id}/hardware", options
+        end
+
+        # Returns the agent’s network address info.
+        #
+        # @param [String] agent_id
+        # @option options [offset] :offset
+        #   First element to return in the collection.
+        # @option options [limit] :limit
+        #   Maximum number of elements to return.
+        # @option options [sort] :sort
+        #   Sorts the collection by a field or fields (separated by comma). Use +/- at the beginning to list in ascending or descending order.
+        # @option options [search] :search
+        #   Looks for elements with the specified string.
+        # @option options [select] :select
+        #   List of selected fields separated by commas.
+        # @option options [iface] :iface
+        #   Filters by interface name.
+        # @option options [proto] :proto
+        #   Filters by proto.
+        # @option options [address] :address
+        #   Filters by address.
+        # @option options [broadcast] :broadcast
+        #   Filters by broadcast.
+        # @option options [netmask] :netmask
+        #   Filters by netmask.
+        # @see https://documentation.wazuh.com/3.10/user-manual/api/reference.html#get-network-address-info-of-an-agent
+        def netaddr(agent_id, options = {})
+          get "/syscollector/#{agent_id}/netaddr", options
+        end
+
+        # Returns the agent’s network interface info
+        #
+        # @param [String] agent_id
+        # @option options [offset] :offset
+        #   First element to return in the collection.
+        # @option options [limit] :limit
+        #   Maximum number of elements to return.
+        # @option options [sort] :sort
+        #   Sorts the collection by a field or fields (separated by comma). Use +/- at the beginning to list in ascending or descending order.
+        # @option options [search] :search
+        #   Looks for elements with the specified string.
+        # @option options [select] :select
+        #   List of selected fields separated by commas.
+        # @option options [name] :name
+        #   Filters by name.
+        # @option options [adapter] :adapter
+        #   Filters by adapter.
+        # @option options [type] :type
+        #   Filters by type.
+        # @option options [state] :state
+        #   Filters by state.
+        # @option options [mtu] :mtu
+        #   Filters by mtu.
+        # @option options [tx_packets] :tx_packets
+        # @option options [rx_packets] :rx_packets
+        # @option options [tx_bytes] :tx_bytes
+        # @option options [rx_bytes] :rx_bytes
+        # @option options [tx_errors] :tx_errors
+        # @option options [rx_errors] :rx_errors
+        # @option options [tx_dropped] :tx_dropped
+        # @option options [rx_dropped] :rx_dropped
+        # @see https://documentation.wazuh.com/3.10/user-manual/api/reference.html#get-network-interface-info-of-an-agent
+        def netiface(agent_id, options = {})
+          get "/syscollector/#{agent_id}/netiface", options
+        end
+
+        # Returns the agent’s network protocol info.
+        #
+        # @param [String] agent_id
+        # @option options [offset] :offset
+        #   First element to return in the collection.
+        # @option options [limit] :limit
+        #   Maximum number of elements to return.
+        # @option options [sort] :sort
+        #   Sorts the collection by a field or fields (separated by comma). Use +/- at the beginning to list in ascending or descending order.
+        # @option options [search] :search
+        #   Looks for elements with the specified string.
+        # @option options [select] :select
+        #   List of selected fields separated by commas.
+        # @option options [iface] :iface
+        #   Filters by interface name.
+        # @option options [type] :type
+        #   Filters by type.
+        # @option options [gateway] :gateway
+        #   Filters by gateway.
+        # @option options [dhcp] :dhcp
+        #   Filters by dhcp.
+        # @see https://documentation.wazuh.com/3.10/user-manual/api/reference.html#get-network-protocol-info-of-an-agent
+        def netproto(agent_id, options = {})
+          get "/syscollector/#{agent_id}/netproto", options
+        end
+
+        # Returns the agent’s OS info.
+        #
+        # @param [String] agent_id
+        # @option options [select] :select
+        #   List of selected fields separated by commas.
+        # @see https://documentation.wazuh.com/3.10/user-manual/api/reference.html#get-os-info
+        def os(agent_id, options = {})
+          get "/syscollector/#{agent_id}/os", options
+        end
+
+        # Returns the agent’s packages info.
+        #
+        # @param [String] agent_id
+        # @option options [offset] :offset
+        #   First element to return in the collection.
+        # @option options [limit] :limit
+        #   Maximum number of elements to return.
+        # @option options [sort] :sort
+        #   Sorts the collection by a field or fields (separated by comma). Use +/- at the beginning to list in ascending or descending order.
+        # @option options [search] :search
+        #   Looks for elements with the specified string.
+        # @option options [select] :select
+        #   List of selected fields separated by commas.
+        # @option options [vendor] :vendor
+        #   Filters by vendor.
+        # @option options [name] :name
+        #   Filters by name.
+        # @option options [architecture] :architecture
+        #   Filters by architecture.
+        # @option options [format] :format
+        #   Filters by format.
+        # @option options [version] :version
+        #   Filters by format.
+        # @see https://documentation.wazuh.com/3.10/user-manual/api/reference.html#get-packages-info
+        def packages(agent_id, options = {})
+          get "/syscollector/#{agent_id}/packages", options
+        end
+
+        # Get ports info of an agent
+        # Returns the agent’s ports info.
+        #
+        # @param [String] agent_id
+        # @option options [offset] :offset
+        #   First element to return in the collection.
+        # @option options [limit] :limit
+        #   Maximum number of elements to return.
+        # @option options [sort] :sort
+        #   Sorts the collection by a field or fields (separated by comma). Use +/- at the beginning to list in ascending or descending order.
+        # @option options [search] :search
+        #   Looks for elements with the specified string.
+        # @option options [select] :select
+        #   List of selected fields separated by commas.
+        # @option options [pid] :pid
+        #   Filters by pid.
+        # @option options [protocol] :protocol
+        #   Filters by protocol.
+        # @option options [local_ip] :local_ip
+        #   Filters by local_ip.
+        # @option options [local_port] :local_port
+        #   Filters by local_port.
+        # @option options [remote_ip] :remote_ip
+        #   Filters by remote_ip.
+        # @option options [tx_queue] :tx_queue
+        #   Filters by tx_queue.
+        # @option options [state] :state
+        #   Filters by state.
+        # @see https://documentation.wazuh.com/3.10/user-manual/api/reference.html#get-ports-info-of-an-agent
+        def ports(agent_id, options = {})
+          get "/syscollector/#{agent_id}/ports", options
+        end
+
+        # Get processes info
+        # Returns the agent's processes info.
+        #
+        # @param [String] agent_id
+        # @option options [offset] :offset
+        #   First element to return in the collection.
+        # @option options [limit] :limit
+        #   Maximum number of elements to return.
+        # @option options [sort] :sort
+        #   Sorts the collection by a field or fields (separated by comma). Use +/- at the beginning to list in ascending or descending order.
+        # @option options [search] :search
+        #   Looks for elements with the specified string.
+        # @option options [select] :select
+        #   List of selected fields separated by commas.
+        # @option options [pid] :pid
+        #   Filters by pid.
+        # @option options [state] :state
+        #   Filters by process state.
+        # @option options [ppid] :ppid
+        #   Filters by process parent pid.
+        # @option options [egroup] :egroup
+        #   Filters by process egroup.
+        # @option options [euser] :euser
+        #   Filters by process euser.
+        # @option options [fgroup] :fgroup
+        #   Filters by process fgroup.
+        # @option options [name] :name
+        #   Filters by process name.
+        # @option options [nlwp] :nlwp
+        #   Filters by process nlwp.
+        # @option options [pgrp] :pgrp
+        #   Filters by process pgrp.
+        # @option options [priority] :priority
+        #   Filters by process priority.
+        # @option options [rgroup] :rgroup
+        #   Filters by process rgroup.
+        # @option options [ruser] :ruser
+        #   Filters by process ruser.
+        # @option options [sgroup] :sgroup
+        #   Filters by process sgroup.
+        # @option options [suser] :suser
+        #   Filters by process suser.
+        # 
+        # @see https://documentation.wazuh.com/3.10/user-manual/api/reference.html#get-processes-info
+        def processes(agent_id, options = {})
+          get "/syscollector/#{agent_id}/processes", options
+        end
+      end
+    end
+  end
+end

data/lib/wazuh/api/endpoints.rb

@@ -0,0 +1,37 @@
+require_relative 'endpoints/active_response'
+require_relative 'endpoints/agents'
+require_relative 'endpoints/cache'
+require_relative 'endpoints/ciscat'
+require_relative 'endpoints/cluster'
+require_relative 'endpoints/decoders'
+require_relative 'endpoints/experimental'
+require_relative 'endpoints/lists'
+require_relative 'endpoints/manager'
+require_relative 'endpoints/rootcheck'
+require_relative 'endpoints/rules'
+require_relative 'endpoints/security_configuration_assessment'
+require_relative 'endpoints/summary'
+require_relative 'endpoints/syscheck'
+require_relative 'endpoints/syscollector'
+
+module Wazuh
+  module Api
+    module Endpoints
+      include ActiveResponse
+      include Agents
+      include Cache
+      include Ciscat
+      include Cluster
+      include Decoders
+      include Experimental
+      include Lists
+      include Manager
+      include Rootcheck
+      include Rules
+      include Summary
+      include Syscheck
+      include Syscollector
+      include SecurityConfigurationAssessment
+    end
+  end
+end

data/lib/wazuh/api/error.rb

@@ -0,0 +1,6 @@
+# frozen_string_literal: true
+module Wazuh
+  module Api
+    Error = Errors::WazuhError
+  end
+end

data/lib/wazuh/api/errors/too_many_requests_error.rb

@@ -0,0 +1,22 @@
+# frozen_string_literal: true
+module Wazuh
+  module Api
+    module Errors
+      class TooManyRequestsError < ::Faraday::Error
+        attr_reader :response
+
+        def initialize(response)
+          @response = response
+        end
+
+        def message
+          "Retry after #{retry_after} seconds"
+        end
+
+        def retry_after
+          response.headers['retry-after'].to_i
+        end
+      end
+    end
+  end
+end

data/lib/wazuh/api/errors/wazuh_error.rb

@@ -0,0 +1,14 @@
+module Wazuh
+  module Api
+    module Errors
+      class WazuhError < ::Faraday::Error
+        attr_reader :response
+
+        def initialize(message, response = nil)
+          @response = response
+          super message
+        end
+      end
+    end
+  end
+end

data/lib/wazuh/client.rb

@@ -0,0 +1,27 @@
+module Wazuh
+  class Client
+    include Faraday::Connection
+    include Faraday::Request
+    include Api::Endpoints
+
+    attr_accessor(*Config::ATTRIBUTES)
+
+    def initialize(options = {})
+      Wazuh::Config::ATTRIBUTES.each do |key|
+        send("#{key}=", options[key] || Wazuh.config.send(key))
+      end
+      @logger ||= Wazuh::Config.logger || Wazuh::Logger.default
+    end
+
+    class << self
+      def configure
+        block_given? ? yield(Config) : Config
+      end
+
+      def config
+        Config
+      end
+    end
+  end
+end
+