Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Implement the Rest API on the Indexer #69

Closed
3 of 4 tasks
Tracked by #349
AlexRuiz7 opened this issue Sep 18, 2024 · 1 comment · Fixed by #72
Closed
3 of 4 tasks
Tracked by #349

Implement the Rest API on the Indexer #69

AlexRuiz7 opened this issue Sep 18, 2024 · 1 comment · Fixed by #72
Assignees
@f-galland
Labels
level/task Task issue type/enhancement Enhancement issue

Comments

@AlexRuiz7
Copy link
Member

AlexRuiz7 commented Sep 18, 2024
edited
Loading

Description

We need to create a new HTTP Rest API to the Command Manager plugin, exposing a POST endpoint that receives the command action request from the Management API on the Wazuh Server node, or from the Content Manager plugin (this is yet to be defined). Independently of the source, the Command Manager endpoint must receive this information, fit it into the Command index data model and persist the data on the index.

The endpoint must define the endpoint and its parameters, validate the data and persist it as the Commands index data model requires.

Be aware of any security concerns. On a next iteration, we want to secure the endpoint, so only allowed clients are allowed to use the endpoint.

Tasks

  • Implement the ActionPlugin interface
  • Implement the Rest endpoint (resthandler, model, ...)
  • Validate the data
  • Persist the data into the commands index.
@AlexRuiz7 AlexRuiz7 added level/task Task issue type/enhancement Enhancement issue labels Sep 18, 2024
@f-galland f-galland mentioned this issue Sep 18, 2024
Closed
4 tasks
@AlexRuiz7 AlexRuiz7 mentioned this issue Sep 18, 2024
Open
15 tasks
@wazuhci wazuhci moved this to In progress in Release 5.0.0 Sep 18, 2024
@f-galland f-galland mentioned this issue Sep 18, 2024
Merged
@wazuhci wazuhci moved this from In progress to Pending review in Release 5.0.0 Sep 20, 2024
@wazuhci wazuhci moved this from Pending review to In review in Release 5.0.0 Sep 23, 2024
@wazuhci wazuhci moved this from In review to In progress in Release 5.0.0 Sep 25, 2024
@AlexRuiz7 AlexRuiz7 mentioned this issue Sep 26, 2024
Merged
8 tasks
@AlexRuiz7
Copy link
Member Author

The API endpoint is already functional, we are polishing some details for the MVP delivery.

To test the endpoint with sample data, we have generated an events generator (see wazuh/wazuh-indexer#433). We can see a demo of the endpoint in action below.

curl -XPOST "http://127.0.0.1:9200/test/_doc" -H 'Content-Type: application/json' -d'
{
  "source": "Users/Services",
  "user": "user13",
  "target": "WazuhServerCluster5",
  "type": "agent_group",
  "action": {
      "type": "Server cluster",
      "args": [
          "/path/to/executable/arg8"
      ],
      "version": "v4"
  },
  "timeout": 100
}'

The API replies with the following schema:

{"_index":".commands","_id":"<document_id>","result":"created"}

If we query the index for result, we get:

http://localhost:9200/command-manager/_search

{
  "took": 37,
  "timed_out": false,
  "_shards": {
    "total": 1,
    "successful": 1,
    "skipped": 0,
    "failed": 0
  },
  "hits": {
    "total": {
      "value": 1,
      "relation": "eq"
    },
    "max_score": 1,
    "hits": [
      {
        "_index": "command-manager",
        "_id": "1618514298767712625",
        "_score": 1,
        "_source": {
          "source": "Users/Services",
          "user": "user53",
          "target": "WazuhServerCluster5",
          "type": "agent",
          "action": {
            "type": "Agent groups",
            "args": [
              "/path/to/executable/arg8"
            ],
            "version": "v5"
          },
          "timeout": 92,
          "status": "PENDING",
          "order_id": "1618514298",
          "request_id": "767712625"
        }
      }
    ]
  }
}

@AlexRuiz7 AlexRuiz7 mentioned this issue Sep 27, 2024
Closed
5 tasks
@wazuhci wazuhci moved this from In progress to Pending review in Release 5.0.0 Sep 27, 2024
@AlexRuiz7 AlexRuiz7 mentioned this issue Sep 30, 2024
Closed
@wazuhci wazuhci moved this from Pending review to Done in Release 5.0.0 Sep 30, 2024
@AlexRuiz7 AlexRuiz7 changed the title Create new endpoint on the Command Manager plugin Implement the Rest API on the Indexer Oct 2, 2024
This issue is being transferred. Timeline may not be complete until it finishes.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@f-galland f-galland

Labels
level/task Task issue type/enhancement Enhancement issue
Projects
Release 5.0.0
Status: Done
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Add command management endpoints wazuh/wazuh-indexer-plugins
1 participant
@AlexRuiz7