diff --git a/evidence.py b/evidence.py
new file mode 100644
index 0000000000000000000000000000000000000000..16d50529ccf6202f8372a3eb701004d07c60857e
--- /dev/null
+++ b/evidence.py
@@ -0,0 +1,20 @@
+import json
+
+class Evidence:
+
+ def __init__(self, evidence_id, timestamp, resource_id, tool, resource_type, feature_type, feature_property, measurement_result, body):
+ self.evidence_id = evidence_id
+ self.timestamp = timestamp
+ self.resource_id = resource_id
+ self.tool = tool
+ self.resource_type = resource_type
+ self.feature_type = feature_type
+ self.feature_property = feature_property
+ self.measurement_result = measurement_result
+ self.body = body
+
+ def get_json(self):
+ return json.dumps(self.__dict__)
+
+def simple_evidence(evidence_id, timestamp, measurement_result, body):
+ return Evidence(evidence_id, timestamp, None, None, None, None, None, measurement_result, body)
diff --git a/verifier.py b/verifier.py
index d0ec9726e4e06c109aae6c6e4bb536a58e639f16..eb190bd6b09128cdb2f97f42b79e0acbbd52503b 100644
--- a/verifier.py
+++ b/verifier.py
@@ -1,19 +1,70 @@
from wazuhclient import WazuhClient
-
+from evidence import Evidence, simple_evidence
+from random import randint
+from sys import maxsize
+import json
+import pprint
wc = WazuhClient('192.168.33.10', 55000, 'wazuh-wui', 'wazuh-wui')
-agents = wc.req('GET', 'agents')
-rules = wc.req('GET', 'rules')
-print(agents)
-print(rules)
-syscheck1 = wc.req('GET', 'manager/configuration/mail/global') # check if mail or any integration service (integrator/integrations) are enabled -> automatic monitoring
-print(syscheck1)
-rules1 = wc.req('GET', 'agents/001/config/syscheck/internal') # SYSCHECK
-print(rules1)
-print(wc.req('GET', 'agents/001/config/syscheck/rootcheck')) # ROOTCHECK
+# Get list of all agent ids (including manager's)
+def get_agents(wc):
+ body = wc.req('GET', 'agents')
+
+ agents_ids = []
+ for agent in body['data']['affected_items']:
+ agents_ids.append(agent['id'])
+
+ return body, agents_ids
+
+
+# Check if syscheck enabled
+def get_syscheck(wc, agent_id):
+ body = wc.req('GET', 'agents/' + agent_id + '/config/syscheck/syscheck')
+
+ measurement_result = ('true' if body['data']['syscheck']['disabled'] == 'no' else 'false')
+
+ return body, measurement_result
+
+
+# Check if rootcheck enabled
+def get_rootcheck(wc, agent_id):
+ body = wc.req('GET', 'agents/' + agent_id + '/config/syscheck/rootcheck')
+
+ measurement_result = ('true' if body['data']['rootcheck']['disabled'] == 'no' else 'false')
+
+ return body, measurement_result
+
+
+# Check if there's at least one valid alerting service
+def get_alert_integrations(wc):
+ body = wc.req('GET', 'manager/configuration')
+
+ # Check email notifications integration
+ try:
+ email_notifications = (True if body['data']['affected_items'][0]['global']['email_notification'] == 'yes' else False)
+ except:
+ email_notifications = False
+
+ # Check Slack and PagerDuty notifications integration
+ try:
+ integrations = body['data']['affected_items'][0]['integration']
+
+ slack_notifications = pagerduty_notifications = False
+
+ for integration in integrations:
+ if integration['name'] == 'slack':
+ slack_notifications = True
+
+ if integration['name'] == 'pagerduty':
+ pagerduty_notifications = True
+ except:
+ slack_notifications = pagerduty_notifications = False
+
+ measurement_result = ('true' if email_notifications or slack_notifications or pagerduty_notifications else 'false')
+
+ return body, measurement_result
-print(wc.req('GET', 'sca/001'))
-# TODO how to check integration with virustotal and/or ClamAV ??
\ No newline at end of file
+#pprint.pprint(wc.req('GET', 'sca/000'))
\ No newline at end of file