diff --git a/evidence.py b/evidence.py
new file mode 100644
index 0000000000000000000000000000000000000000..16d50529ccf6202f8372a3eb701004d07c60857e
--- /dev/null
+++ b/evidence.py
@@ -0,0 +1,20 @@
+import json 
+
+class Evidence:
+
+    def __init__(self, evidence_id, timestamp, resource_id, tool, resource_type, feature_type, feature_property, measurement_result, body):
+        self.evidence_id = evidence_id
+        self.timestamp = timestamp
+        self.resource_id = resource_id
+        self.tool = tool
+        self.resource_type = resource_type
+        self.feature_type = feature_type
+        self.feature_property = feature_property
+        self.measurement_result = measurement_result
+        self.body = body
+
+    def get_json(self):
+        return json.dumps(self.__dict__)
+
+def simple_evidence(evidence_id, timestamp, measurement_result, body):
+    return Evidence(evidence_id, timestamp, None, None, None, None, None, measurement_result, body)
diff --git a/verifier.py b/verifier.py
index d0ec9726e4e06c109aae6c6e4bb536a58e639f16..eb190bd6b09128cdb2f97f42b79e0acbbd52503b 100644
--- a/verifier.py
+++ b/verifier.py
@@ -1,19 +1,70 @@
 from wazuhclient import WazuhClient
-
+from evidence import Evidence, simple_evidence
+from random import randint
+from sys import maxsize
+import json
+import pprint
 
 wc = WazuhClient('192.168.33.10', 55000, 'wazuh-wui', 'wazuh-wui')
 
-agents = wc.req('GET', 'agents')
-rules = wc.req('GET', 'rules')
-print(agents)
-print(rules)
 
-syscheck1 = wc.req('GET', 'manager/configuration/mail/global') # check if mail or any integration service (integrator/integrations) are enabled -> automatic monitoring
-print(syscheck1)
-rules1 = wc.req('GET', 'agents/001/config/syscheck/internal') # SYSCHECK
-print(rules1)
-print(wc.req('GET', 'agents/001/config/syscheck/rootcheck')) # ROOTCHECK
+# Get list of all agent ids (including manager's)
+def get_agents(wc):
+    body = wc.req('GET', 'agents')
+    
+    agents_ids = []
+    for agent in body['data']['affected_items']:
+        agents_ids.append(agent['id'])
+
+    return body, agents_ids
+
+
+# Check if syscheck enabled
+def get_syscheck(wc, agent_id):
+    body = wc.req('GET', 'agents/' + agent_id + '/config/syscheck/syscheck')
+
+    measurement_result = ('true' if body['data']['syscheck']['disabled'] == 'no' else 'false')
+
+    return body, measurement_result
+
+
+# Check if rootcheck enabled
+def get_rootcheck(wc, agent_id):
+    body = wc.req('GET', 'agents/' + agent_id + '/config/syscheck/rootcheck')
+
+    measurement_result = ('true' if body['data']['rootcheck']['disabled'] == 'no' else 'false')
+
+    return body, measurement_result
+
+
+# Check if there's at least one valid alerting service
+def get_alert_integrations(wc):
+    body = wc.req('GET', 'manager/configuration')
+
+    # Check email notifications integration
+    try:
+        email_notifications = (True if body['data']['affected_items'][0]['global']['email_notification'] == 'yes' else False)
+    except:
+        email_notifications = False
+
+    # Check Slack and PagerDuty notifications integration
+    try:
+        integrations = body['data']['affected_items'][0]['integration']
+
+        slack_notifications = pagerduty_notifications = False
+        
+        for integration in integrations:
+            if integration['name'] == 'slack':
+                slack_notifications = True
+
+            if integration['name'] == 'pagerduty':
+                pagerduty_notifications = True
+    except:
+        slack_notifications = pagerduty_notifications = False
+
+    measurement_result = ('true' if email_notifications or slack_notifications or pagerduty_notifications else 'false')
+
+    return body, measurement_result
 
-print(wc.req('GET', 'sca/001'))
 
-# TODO how to check integration with virustotal and/or ClamAV ??
\ No newline at end of file
+#pprint.pprint(wc.req('GET', 'sca/000'))
\ No newline at end of file