From cffba0df19fb2bfc396ad41cb08b00cdb0dc1e07 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?David=20Correa=20Rodr=C3=ADguez?= <david.correa@wazuh.com>
Date: Fri, 15 Dec 2023 16:38:58 +0100
Subject: [PATCH 1/7] Changed configuration to new VD and indexer

---
 .../ansible-filebeat-oss/defaults/main.yml    |  2 +-
 .../ansible-wazuh-manager/defaults/main.yml   | 80 ++++---------------
 .../var-ossec-etc-ossec-server.conf.j2        | 55 ++++++-------
 3 files changed, 42 insertions(+), 95 deletions(-)

diff --git a/roles/wazuh/ansible-filebeat-oss/defaults/main.yml b/roles/wazuh/ansible-filebeat-oss/defaults/main.yml
index ab43f3839..2fb39ab69 100644
--- a/roles/wazuh/ansible-filebeat-oss/defaults/main.yml
+++ b/roles/wazuh/ansible-filebeat-oss/defaults/main.yml
@@ -6,7 +6,7 @@ wazuh_template_branch: v4.8.0
 filebeat_node_name: node-1
 
 filebeat_output_indexer_hosts:
-  - "localhost:9200"
+  - "localhost"
 
 filebeat_module_package_name: wazuh-filebeat-0.3.tar.gz
 filebeat_module_package_path: /tmp/
diff --git a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml
index 43c3958d7..7ffcd9701 100644
--- a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml
+++ b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml
@@ -144,69 +144,23 @@ wazuh_manager_sca:
   time: ''
 
 ## Vulnerability Detector
-wazuh_manager_vulnerability_detector:
-  enabled: 'no'
-  interval: '5m'
-  min_full_scan_interval: '6h'
-  run_on_start: 'yes'
-  providers:
-    - enabled: 'no'
-      os:
-        - 'trusty'
-        - 'xenial'
-        - 'bionic'
-        - 'focal'
-        - 'jammy'
-      update_interval: '1h'
-      name: '"canonical"'
-    - enabled: 'no'
-      os:
-        - 'buster'
-        - 'bullseye'
-        - 'bookworm'
-      update_interval: '1h'
-      name: '"debian"'
-    - enabled: 'no'
-      os:
-        - '5'
-        - '6'
-        - '7'
-        - '8'
-        - '9'
-      update_interval: '1h'
-      name: '"redhat"'
-    - enabled: 'no'
-      os:
-        - '8'
-        - '9'
-      update_interval: '1h'
-      name: '"almalinux"'
-    - enabled: 'no'
-      os:
-        - 'amazon-linux'
-        - 'amazon-linux-2'
-        - 'amazon-linux-2023'
-      update_interval: '1h'
-      name: '"alas"'
-    - enabled: 'no'
-      os:
-        - '11-server'
-        - '11-desktop'
-        - '12-server'
-        - '12-desktop'
-        - '15-server'
-        - '15-desktop'
-      update_interval: '1h'
-      name: '"suse"'
-    - enabled: 'no'
-      update_interval: '1h'
-      name: '"arch"'
-    - enabled: 'no'
-      update_interval: '1h'
-      name: '"msu"'
-    - enabled: 'no'
-      update_interval: '1h'
-      name: '"nvd"'
+filebeat_node_name: node-1
+filebeat_output_indexer_hosts:
+  - "localhost"
+filebeat_output_indexer_port: 9200
+indexer_security_user: admin
+indexer_security_password: changeme
+filebeat_ssl_dir: /etc/pki/filebeat
+
+wazuh_manager_vulnerability_detection:
+  enabled: 'yes'
+  indexer_status: 'yes'
+  feed_update_interval: '60m'
+
+wazuh_manager_indexer:
+  enabled: 'yes'
+  hosts:
+    - "{{ filebeat_output_indexer_hosts }}"
 
 ## Syscheck
 wazuh_manager_syscheck:
diff --git a/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2 b/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2
index c83dd4fdb..d951c80f8 100644
--- a/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2
+++ b/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2
@@ -258,37 +258,30 @@
   {% endif %}
   </sca>
 
-  <vulnerability-detector>
-  {% if wazuh_manager_config.vulnerability_detector.enabled is defined %}
-    <enabled>{{ wazuh_manager_config.vulnerability_detector.enabled }}</enabled>
-  {% endif %}
-  {% if wazuh_manager_config.vulnerability_detector.interval is defined %}
-    <interval>{{ wazuh_manager_config.vulnerability_detector.interval }}</interval>
-  {% endif %}
-  {% if wazuh_manager_config.vulnerability_detector.min_full_scan_interval is defined %}
-    <min_full_scan_interval>{{ wazuh_manager_config.vulnerability_detector.min_full_scan_interval }}</min_full_scan_interval>
-  {% endif %}
-  {% if wazuh_manager_config.vulnerability_detector.run_on_start is defined %}
-    <run_on_start>{{ wazuh_manager_config.vulnerability_detector.run_on_start }}</run_on_start>
-  {% endif %}
-  {% if wazuh_manager_config.vulnerability_detector.providers is defined %}
-  {% for provider_ in wazuh_manager_config.vulnerability_detector.providers %}
-    <provider name={{ provider_.name }}>
-      {% if provider_.enabled is defined %}
-      <enabled>{{ provider_.enabled }}</enabled>
-      {% endif %}
-      {% if provider_.os is defined %}
-      {% for os_ in provider_.os %}
-      <os>{{ os_ }}</os>
-      {% endfor %}
-      {% endif %}
-      {% if provider_.update_interval is defined %}
-      <update_interval>{{ provider_.update_interval }}</update_interval>
-      {% endif %}
-    </provider>
-  {% endfor %}
-  {% endif %}
-  </vulnerability-detector>
+  <vulnerability-detection>
+    <enabled>{{ wazuh_manager_config.vulnerability_detection.enabled }}</enabled>
+    <indexer-status>{{ wazuh_manager_config.vulnerability_detection.indexer_status }}</indexer-status>
+    <feed-update-interval>{{ wazuh_manager_config.vulnerability_detection.feed_update_interval }}</feed-update-interval>
+  </vulnerability-detection>
+
+  <indexer>
+    <enabled>{{ wazuh_manager_config.wazuh_manager_indexer.enabled }}</enabled>
+    <hosts>
+    {% for item in wazuh_manager_indexer.hosts %} 
+      <host>https://{{ item }}:{{filebeat_output_indexer_port}}</host> 
+    {% endfor %} 
+    </hosts>
+
+    <username>{{ indexer_security_user }}</username> 
+    <password>"{{ indexer_security_password }}"</password> 
+    <ssl> 
+      <certificate_authorities> 
+        <ca>{{ filebeat_ssl_dir }}/root-ca.pem</ca> 
+      </certificate_authorities> 
+      <certificate>{{ filebeat_ssl_dir }}/{{ filebeat_node_name }}.pem</certificate> 
+      <key>{{ filebeat_ssl_dir }}/{{ filebeat_node_name }}-key.pem</key> 
+    </ssl> 
+  </indexer>
 
   <!-- File integrity monitoring -->
   <syscheck>

From 56d627aacfba6b8230b3d3d489d02bc3feae90ac Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?David=20Correa=20Rodr=C3=ADguez?= <david.correa@wazuh.com>
Date: Mon, 18 Dec 2023 11:28:00 +0100
Subject: [PATCH 2/7] Indexer and VD must coincide in config

---
 .../templates/var-ossec-etc-ossec-server.conf.j2              | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2 b/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2
index d951c80f8..42283cf1d 100644
--- a/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2
+++ b/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2
@@ -259,13 +259,13 @@
   </sca>
 
   <vulnerability-detection>
-    <enabled>{{ wazuh_manager_config.vulnerability_detection.enabled }}</enabled>
+    <enabled>{% if wazuh_manager_config.vulnerability_detection.enabled == 'yes' and wazuh_manager_config.wazuh_manager_indexer.enabled == 'yes' %}yes{% else %}no{% endif %}</enabled>
     <indexer-status>{{ wazuh_manager_config.vulnerability_detection.indexer_status }}</indexer-status>
     <feed-update-interval>{{ wazuh_manager_config.vulnerability_detection.feed_update_interval }}</feed-update-interval>
   </vulnerability-detection>
 
   <indexer>
-    <enabled>{{ wazuh_manager_config.wazuh_manager_indexer.enabled }}</enabled>
+    <enabled>{% if wazuh_manager_config.vulnerability_detection.enabled == 'yes' and wazuh_manager_config.wazuh_manager_indexer.enabled == 'yes' %}yes{% else %}no{% endif %}</enabled>
     <hosts>
     {% for item in wazuh_manager_indexer.hosts %} 
       <host>https://{{ item }}:{{filebeat_output_indexer_port}}</host> 

From 29b78076e5a4ce75785975bf7033c0bf1496ce9a Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?David=20Correa=20Rodr=C3=ADguez?= <david.correa@wazuh.com>
Date: Mon, 18 Dec 2023 12:47:20 +0100
Subject: [PATCH 3/7] Modify indexer variables

---
 .../templates/var-ossec-etc-ossec-server.conf.j2          | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2 b/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2
index 42283cf1d..cef65c8d2 100644
--- a/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2
+++ b/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2
@@ -259,21 +259,21 @@
   </sca>
 
   <vulnerability-detection>
-    <enabled>{% if wazuh_manager_config.vulnerability_detection.enabled == 'yes' and wazuh_manager_config.wazuh_manager_indexer.enabled == 'yes' %}yes{% else %}no{% endif %}</enabled>
+    <enabled>{% if wazuh_manager_config.vulnerability_detection.enabled == 'yes' and wazuh_manager_config.indexer.enabled == 'yes' %}yes{% else %}no{% endif %}</enabled>
     <indexer-status>{{ wazuh_manager_config.vulnerability_detection.indexer_status }}</indexer-status>
     <feed-update-interval>{{ wazuh_manager_config.vulnerability_detection.feed_update_interval }}</feed-update-interval>
   </vulnerability-detection>
 
   <indexer>
-    <enabled>{% if wazuh_manager_config.vulnerability_detection.enabled == 'yes' and wazuh_manager_config.wazuh_manager_indexer.enabled == 'yes' %}yes{% else %}no{% endif %}</enabled>
+    <enabled>{% if wazuh_manager_config.vulnerability_detection.enabled == 'yes' and wazuh_manager_config.indexer.enabled == 'yes' %}yes{% else %}no{% endif %}</enabled>
     <hosts>
-    {% for item in wazuh_manager_indexer.hosts %} 
+    {% for item in wazuh_manager_config.indexer.hosts %} 
       <host>https://{{ item }}:{{filebeat_output_indexer_port}}</host> 
     {% endfor %} 
     </hosts>
 
     <username>{{ indexer_security_user }}</username> 
-    <password>"{{ indexer_security_password }}"</password> 
+    <password>{{ indexer_security_password }}</password> 
     <ssl> 
       <certificate_authorities> 
         <ca>{{ filebeat_ssl_dir }}/root-ca.pem</ca> 

From 57c70de47f08b9ec249926cd7227d4997ac5ea5c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?David=20Correa=20Rodr=C3=ADguez?= <david.correa@wazuh.com>
Date: Mon, 18 Dec 2023 14:55:13 +0100
Subject: [PATCH 4/7] Added spaces between variable

---
 .../templates/var-ossec-etc-ossec-server.conf.j2                | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2 b/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2
index cef65c8d2..77305ee6c 100644
--- a/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2
+++ b/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2
@@ -268,7 +268,7 @@
     <enabled>{% if wazuh_manager_config.vulnerability_detection.enabled == 'yes' and wazuh_manager_config.indexer.enabled == 'yes' %}yes{% else %}no{% endif %}</enabled>
     <hosts>
     {% for item in wazuh_manager_config.indexer.hosts %} 
-      <host>https://{{ item }}:{{filebeat_output_indexer_port}}</host> 
+      <host>https://{{ item }}:{{ filebeat_output_indexer_port }}</host> 
     {% endfor %} 
     </hosts>
 

From 4193cb0850a9365db5c72ee13a6f5363314af1aa Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?David=20Correa=20Rodr=C3=ADguez?= <david.correa@wazuh.com>
Date: Mon, 18 Dec 2023 18:28:09 +0100
Subject: [PATCH 5/7] Changed names in the default configuration

---
 roles/wazuh/ansible-wazuh-manager/defaults/main.yml | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml
index 7ffcd9701..517fc4552 100644
--- a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml
+++ b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml
@@ -402,7 +402,8 @@ wazuh_manager_config_defaults:
   osquery: '{{ wazuh_manager_osquery }}'
   syscollector: '{{ wazuh_manager_syscollector }}'
   sca: '{{ wazuh_manager_sca }}'
-  vulnerability_detector: '{{ wazuh_manager_vulnerability_detector }}'
+  vulnerability_detection: '{{ wazuh_manager_vulnerability_detection }}'
+  indexer: '{{ wazuh_manager_indexer }}'
   log_level: '{{ wazuh_manager_log_level }}'
   email_level: '{{ wazuh_manager_email_level }}'
   localfiles: '{{ wazuh_manager_localfiles }}'

From bac757cb69aefe1efd4f3896e7cb2dc77365cd88 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?David=20Correa=20Rodr=C3=ADguez?= <david.correa@wazuh.com>
Date: Mon, 18 Dec 2023 19:07:07 +0100
Subject: [PATCH 6/7] Fixed Filebeat node list

---
 roles/wazuh/ansible-wazuh-manager/defaults/main.yml | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml
index 517fc4552..1e650233b 100644
--- a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml
+++ b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml
@@ -159,8 +159,7 @@ wazuh_manager_vulnerability_detection:
 
 wazuh_manager_indexer:
   enabled: 'yes'
-  hosts:
-    - "{{ filebeat_output_indexer_hosts }}"
+  hosts: "{{ filebeat_output_indexer_hosts }}"
 
 ## Syscheck
 wazuh_manager_syscheck:

From f08c8930de6b34f6ebdbe9be02ebb769e4188d7f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?David=20Correa=20Rodr=C3=ADguez?= <david.correa@wazuh.com>
Date: Tue, 19 Dec 2023 15:00:35 +0100
Subject: [PATCH 7/7] Fixed manager template in VD config

---
 .../templates/var-ossec-etc-ossec-server.conf.j2              | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2 b/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2
index 77305ee6c..d14a7bf67 100644
--- a/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2
+++ b/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2
@@ -259,13 +259,13 @@
   </sca>
 
   <vulnerability-detection>
-    <enabled>{% if wazuh_manager_config.vulnerability_detection.enabled == 'yes' and wazuh_manager_config.indexer.enabled == 'yes' %}yes{% else %}no{% endif %}</enabled>
+    <enabled>{{ wazuh_manager_config.vulnerability_detection.enabled }}</enabled>
     <indexer-status>{{ wazuh_manager_config.vulnerability_detection.indexer_status }}</indexer-status>
     <feed-update-interval>{{ wazuh_manager_config.vulnerability_detection.feed_update_interval }}</feed-update-interval>
   </vulnerability-detection>
 
   <indexer>
-    <enabled>{% if wazuh_manager_config.vulnerability_detection.enabled == 'yes' and wazuh_manager_config.indexer.enabled == 'yes' %}yes{% else %}no{% endif %}</enabled>
+    <enabled>{% if wazuh_manager_config.vulnerability_detection.enabled == 'yes' or wazuh_manager_config.indexer.enabled == 'yes' %}yes{% else %}no{% endif %}</enabled>
     <hosts>
     {% for item in wazuh_manager_config.indexer.hosts %} 
       <host>https://{{ item }}:{{ filebeat_output_indexer_port }}</host>