From 15a3ff48e3cb6dc266a53351eee1078cb7f2f7bb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C3=81lex=20Ruiz?= Date: Wed, 6 Mar 2024 17:10:40 +0100 Subject: [PATCH 1/2] Update vulnerability-states fields Adds wazuh.schema.version --- ecs/vulnerability-detector/fields/custom/wazuh.yml | 7 ++++++- ecs/vulnerability-detector/fields/subset.yml | 2 -- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/ecs/vulnerability-detector/fields/custom/wazuh.yml b/ecs/vulnerability-detector/fields/custom/wazuh.yml index abba5563e2c12..f7bcf4f897c07 100644 --- a/ecs/vulnerability-detector/fields/custom/wazuh.yml +++ b/ecs/vulnerability-detector/fields/custom/wazuh.yml @@ -18,4 +18,9 @@ type: keyword level: custom description: > - Wazuh manager name. Used by dashboards to filter results on single node deployments. \ No newline at end of file + Wazuh manager name. Used by dashboards to filter results on single node deployments. + - name: schema.version + type: keyword + level: custom + description: > + Wazuh schema version. \ No newline at end of file diff --git a/ecs/vulnerability-detector/fields/subset.yml b/ecs/vulnerability-detector/fields/subset.yml index 75e9d0b92686c..f5b0d60757794 100644 --- a/ecs/vulnerability-detector/fields/subset.yml +++ b/ecs/vulnerability-detector/fields/subset.yml @@ -8,8 +8,6 @@ fields: message: "" agent: fields: "*" - ecs: - fields: "*" package: fields: "*" host: From 2c65a0835dff261aad41edcb37b6af882b43e144 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C3=81lex=20Ruiz?= Date: Wed, 6 Mar 2024 17:22:41 +0100 Subject: [PATCH 2/2] Update events generator --- .../event-generator/event_generator.py | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/ecs/vulnerability-detector/event-generator/event_generator.py b/ecs/vulnerability-detector/event-generator/event_generator.py index 24ecf744b8272..0ed75ec9600a1 100755 --- a/ecs/vulnerability-detector/event-generator/event_generator.py +++ b/ecs/vulnerability-detector/event-generator/event_generator.py @@ -176,6 +176,9 @@ def generate_random_wazuh(): }, 'manager': { 'name': f'wazuh-manager-{random.randint(0,10)}' + }, + 'schema': { + 'version': '1.7.0' } } return wazuh @@ -187,7 +190,7 @@ def generate_random_data(number): event_data = { '@timestamp': generate_random_date(), 'agent': generate_random_agent(), - 'ecs': {'version': '1.7.0'}, + # 'ecs': {'version': '1.7.0'}, # 'event': generate_random_event(), 'host': generate_random_host(), # 'labels': generate_random_labels(),