Resource ID mapping

2a3f602f · Matevz Erzen · a8a65509 · 2a3f602f · 2a3f602f · 2a3f602f
Commit 2a3f602f authored 3 years ago by Matevz Erzen
--- a/.dockerignore
+++ b/.dockerignore
@@ -10,4 +10,5 @@ dump.rdb
 test/
 venv/
 env/
-.env
\ No newline at end of file
+.env
+resource_id_map.json
\ No newline at end of file
--- a/MANIFEST
+++ b/MANIFEST
-VERSION=v0.0.12
+VERSION=v0.0.13
 SERVICE=evidence-collector
--- a/Makefile
+++ b/Makefile
@@ -2,4 +2,9 @@ build:
 	docker build -t evidence-collector .

 run:
-	docker run --env-file .env evidence-collector
+	docker run --env-file .env -v ${PWD}/resource_id_map.json:/evidence-collector/resource_id_map.json --name evidence-collector evidence-collector
+
+stop-and-clean:
+	docker stop evidence-collector || \
+	docker rm evidence-collector || \
+	docker volume rm resource_id_map.json
\ No newline at end of file
--- a/README.md
+++ b/README.md
@@ -104,6 +104,22 @@ All of the following environment variables have to be set (or passed to containe
 | `clouditor_client_id` | Clouditor OAuth2 default id. Default value `clouditor`. |
 | `clouditor_client_secret` | Clouditor OAuth2 default secret. Default value `clouditor`. |

+### Medina resource ID mapping
+
+Resource IDs used to generate evidence resources can be easily mapped to required values. In case ID isn't set, Evidence collector will use `name` parameter acquired from Wazuh - which is set to machine's hostname, unless explicitly set to something else.
+
+IDs can be set as `key:value` pairs inside `resource_id_map.json` file, that is later passed to Docker container:
+
+```
+{
+    "manager": "wazuh_manager",
+    "agent1": "test_agent_1",
+    "agent2": "test_agent_2"
+}
+```
+
+Where `key` represents Wazuh's `name` parameter (machine's hostname) and `value` equals to string `name` will be mapped to.
+
 ### Generate gRPC code from `.proto` files

 ```

--- a/forward_evidence/generate_evidence.py
+++ b/forward_evidence/generate_evidence.py
 import json
+from forward_evidence.resource_id_mapper import map_resource_id
 from grpc_gen.assessment_pb2 import AssessEvidenceRequest

 # Used if user doesn't provide other
 _default_resource_type = ["VirtualMachine", "Compute", "Resource"]

-def create_resource(id, name, type, property_list):
+def create_resource(name, type, property_list):
    resource = {
-        "id": str(id),
+        "id": str(map_resource_id(name)),
        "name": str(name),
        "type": type if type is not None else _default_resource_type
    }

--- a/forward_evidence/resource_id_mapper.py
+++ b/forward_evidence/resource_id_mapper.py
+import json
+
+try:
+    f = open('resource_id_map.json')
+    map = json.load(f)
+    f.close()
+except:
+    map = {}
+
+def map_resource_id(name):
+    if name in map:
+        return map[name]
+    else:
+        return name
--- a/resource_id_map.json
+++ b/resource_id_map.json
+{
+    "manager": "wazuh_manager",
+    "agent1": "test_agent_1",
+    "agent2": "test_agent_2"
+}
\ No newline at end of file
--- a/wazuh_evidence_collector/wazuh_evidence_collector.py
+++ b/wazuh_evidence_collector/wazuh_evidence_collector.py
@@ -133,8 +133,7 @@ def generate_evidence(agent, checker):
    else: 
        malware_protection["malwareProtection"].update({ "applicationLogging": { "enabled": False, "loggingService": [], "retentionPeriod": None }})

-    # TODO: change ID
-    resource = create_resource(agent[0], agent[1], None, malware_protection)
+    resource = create_resource(agent[1], None, malware_protection)
    return create_assessevidence_request(get_id(), "evidence_collector_service", get_tool_id(), raw_evidence, resource)

 if __name__ == "__main__":