Skip to content
Snippets Groups Projects
Commit 2a3f602f authored by Matevz Erzen's avatar Matevz Erzen
Browse files

Resource ID mapping

parent a8a65509
No related branches found
No related tags found
No related merge requests found
......@@ -10,4 +10,5 @@ dump.rdb
test/
venv/
env/
.env
\ No newline at end of file
.env
resource_id_map.json
\ No newline at end of file
VERSION=v0.0.12
VERSION=v0.0.13
SERVICE=evidence-collector
......@@ -2,4 +2,9 @@ build:
docker build -t evidence-collector .
run:
docker run --env-file .env evidence-collector
docker run --env-file .env -v ${PWD}/resource_id_map.json:/evidence-collector/resource_id_map.json --name evidence-collector evidence-collector
stop-and-clean:
docker stop evidence-collector || \
docker rm evidence-collector || \
docker volume rm resource_id_map.json
\ No newline at end of file
......@@ -104,6 +104,22 @@ All of the following environment variables have to be set (or passed to containe
| `clouditor_client_id` | Clouditor OAuth2 default id. Default value `clouditor`. |
| `clouditor_client_secret` | Clouditor OAuth2 default secret. Default value `clouditor`. |
### Medina resource ID mapping
Resource IDs used to generate evidence resources can be easily mapped to required values. In case ID isn't set, Evidence collector will use `name` parameter acquired from Wazuh - which is set to machine's hostname, unless explicitly set to something else.
IDs can be set as `key:value` pairs inside `resource_id_map.json` file, that is later passed to Docker container:
```
{
"manager": "wazuh_manager",
"agent1": "test_agent_1",
"agent2": "test_agent_2"
}
```
Where `key` represents Wazuh's `name` parameter (machine's hostname) and `value` equals to string `name` will be mapped to.
### Generate gRPC code from `.proto` files
```
......
import json
from forward_evidence.resource_id_mapper import map_resource_id
from grpc_gen.assessment_pb2 import AssessEvidenceRequest
# Used if user doesn't provide other
_default_resource_type = ["VirtualMachine", "Compute", "Resource"]
def create_resource(id, name, type, property_list):
def create_resource(name, type, property_list):
resource = {
"id": str(id),
"id": str(map_resource_id(name)),
"name": str(name),
"type": type if type is not None else _default_resource_type
}
......
import json
try:
f = open('resource_id_map.json')
map = json.load(f)
f.close()
except:
map = {}
def map_resource_id(name):
if name in map:
return map[name]
else:
return name
{
"manager": "wazuh_manager",
"agent1": "test_agent_1",
"agent2": "test_agent_2"
}
\ No newline at end of file
......@@ -133,8 +133,7 @@ def generate_evidence(agent, checker):
else:
malware_protection["malwareProtection"].update({ "applicationLogging": { "enabled": False, "loggingService": [], "retentionPeriod": None }})
# TODO: change ID
resource = create_resource(agent[0], agent[1], None, malware_protection)
resource = create_resource(agent[1], None, malware_protection)
return create_assessevidence_request(get_id(), "evidence_collector_service", get_tool_id(), raw_evidence, resource)
if __name__ == "__main__":
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment