Merge branch 'threats-count' into 'master'

Threats count See merge request medina/security-monitoring!10

Merge branch 'threats-count' into 'master'
6fa1b60d · Zitnik, Anze · 6f70c67d · 4977d68f · 6fa1b60d · 6fa1b60d
Commit 6fa1b60d authored 3 years ago by Zitnik, Anze
--- a/ansible/globals/globals.yml
+++ b/ansible/globals/globals.yml
@@ -4,3 +4,4 @@ custom_integration_alert_level: 10
 custom_integration_alert_format: 'json'
 elasticsearch_host_ip: '192.168.33.10'
 wazuh_manager_ip: '192.168.33.10'
+wazuh_check_interval: 300
\ No newline at end of file
--- a/ansible/provision-managers.yml
+++ b/ansible/provision-managers.yml
@@ -13,9 +13,7 @@
      - role: custom-integration
    vars:
      single_node: true
-      ## Set-up integrations
      wazuh_manager_integrations:
-        # custom-integration
        - name: custom-integration
          hook_url: "{{ custom_integration_hook }}"
          alert_level: "{{ custom_integration_alert_level }}"
@@ -27,6 +25,35 @@
      elasticsearch_network_host: "0.0.0.0"
      filebeat_node_name: node-1
      filebeat_output_elasticsearch_hosts: "{{ elasticsearch_host_ip }}"
+      wazuh_manager_vulnerability_detector:
+        enabled: 'yes'
+        interval: "{{ wazuh_check_interval }}"
+        ignore_time: "{{ wazuh_check_interval }}"
+        run_on_start: 'yes'
+        providers:
+          - enabled: 'yes'
+            os:
+              - 'trusty'
+              - 'xenial'
+              - 'bionic'
+            update_interval: "{{ wazuh_check_interval }}"
+            name: '"canonical"'
+          - enabled: 'yes'
+            os:
+              - 'wheezy'
+              - 'stretch'
+              - 'jessie'
+              - 'buster'
+            update_interval: "{{ wazuh_check_interval }}"
+            name: '"debian"'
+          - enabled: 'yes'
+            update_from_year: '2010'
+            update_interval: "{{ wazuh_check_interval }}"
+            name: '"redhat"'
+          - enabled: 'yes'
+            update_from_year: '2010'
+            update_interval: "{{ wazuh_check_interval }}"
+            name: '"nvd"'
      instances:
        node1:
          name: node-1       # Important: must be equal to elasticsearch_node_name.
@@ -52,3 +79,4 @@
          - {port: "1515", proto: "tcp", state: "enabled", zone: "public"}
          - {port: "55000", proto: "tcp", state: "enabled", zone: "public"}
          - {port: "5601", proto: "tcp", state: "enabled", zone: "public"}
+          - {port: "9200", proto: "tcp", state: "enabled", zone: "public"}
\ No newline at end of file
--- a/custom-provision/.env
+++ b/custom-provision/.env
@@ -15,3 +15,4 @@ clouditor_port=9090
 clouditor_oauth2_port=8080
 clouditor_client_id=clouditor
 clouditor_client_secret=clouditor
+wazuh_check_interval=300
\ No newline at end of file
--- a/environments/full-setup/.env
+++ b/environments/full-setup/.env
@@ -15,3 +15,4 @@ clouditor_port=9090
 clouditor_oauth2_port=8080
 clouditor_client_id=clouditor
 clouditor_client_secret=clouditor
+wazuh_check_interval=300
\ No newline at end of file