From 2a3f602fb67294226cc1fbf9c1650150fce25065 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Matev=C5=BE=20Er=C5=BEen?= <matevz.erzen@xlab.si>
Date: Fri, 25 Mar 2022 15:10:28 +0000
Subject: [PATCH] Resource ID mapping

---
 .dockerignore                                    |  3 ++-
 MANIFEST                                         |  2 +-
 Makefile                                         |  7 ++++++-
 README.md                                        | 16 ++++++++++++++++
 forward_evidence/generate_evidence.py            |  5 +++--
 forward_evidence/resource_id_mapper.py           | 14 ++++++++++++++
 resource_id_map.json                             |  5 +++++
 .../wazuh_evidence_collector.py                  |  3 +--
 8 files changed, 48 insertions(+), 7 deletions(-)
 create mode 100644 forward_evidence/resource_id_mapper.py
 create mode 100644 resource_id_map.json

diff --git a/.dockerignore b/.dockerignore
index 76be2e3..3a2b624 100644
--- a/.dockerignore
+++ b/.dockerignore
@@ -10,4 +10,5 @@ dump.rdb
 test/
 venv/
 env/
-.env
\ No newline at end of file
+.env
+resource_id_map.json
\ No newline at end of file
diff --git a/MANIFEST b/MANIFEST
index 2bde23d..ab96834 100644
--- a/MANIFEST
+++ b/MANIFEST
@@ -1,2 +1,2 @@
-VERSION=v0.0.12
+VERSION=v0.0.13
 SERVICE=evidence-collector
diff --git a/Makefile b/Makefile
index ea933d0..c4e391d 100644
--- a/Makefile
+++ b/Makefile
@@ -2,4 +2,9 @@ build:
 	docker build -t evidence-collector .
 
 run:
-	docker run --env-file .env evidence-collector
+	docker run --env-file .env -v ${PWD}/resource_id_map.json:/evidence-collector/resource_id_map.json --name evidence-collector evidence-collector
+
+stop-and-clean:
+	docker stop evidence-collector || \
+	docker rm evidence-collector || \
+	docker volume rm resource_id_map.json
\ No newline at end of file
diff --git a/README.md b/README.md
index 01e8f72..4d61a10 100644
--- a/README.md
+++ b/README.md
@@ -104,6 +104,22 @@ All of the following environment variables have to be set (or passed to containe
 | `clouditor_client_id` | Clouditor OAuth2 default id. Default value `clouditor`. |
 | `clouditor_client_secret` | Clouditor OAuth2 default secret. Default value `clouditor`. |
 
+### Medina resource ID mapping
+
+Resource IDs used to generate evidence resources can be easily mapped to required values. In case ID isn't set, Evidence collector will use `name` parameter acquired from Wazuh - which is set to machine's hostname, unless explicitly set to something else.
+
+IDs can be set as `key:value` pairs inside `resource_id_map.json` file, that is later passed to Docker container:
+
+```
+{
+    "manager": "wazuh_manager",
+    "agent1": "test_agent_1",
+    "agent2": "test_agent_2"
+}
+```
+
+Where `key` represents Wazuh's `name` parameter (machine's hostname) and `value` equals to string `name` will be mapped to.
+
 ### Generate gRPC code from `.proto` files
 
 ```
diff --git a/forward_evidence/generate_evidence.py b/forward_evidence/generate_evidence.py
index c8a5a6b..1375b67 100644
--- a/forward_evidence/generate_evidence.py
+++ b/forward_evidence/generate_evidence.py
@@ -1,12 +1,13 @@
 import json
+from forward_evidence.resource_id_mapper import map_resource_id
 from grpc_gen.assessment_pb2 import AssessEvidenceRequest
 
 # Used if user doesn't provide other
 _default_resource_type = ["VirtualMachine", "Compute", "Resource"]
 
-def create_resource(id, name, type, property_list):
+def create_resource(name, type, property_list):
     resource = {
-        "id": str(id),
+        "id": str(map_resource_id(name)),
         "name": str(name),
         "type": type if type is not None else _default_resource_type
     }
diff --git a/forward_evidence/resource_id_mapper.py b/forward_evidence/resource_id_mapper.py
new file mode 100644
index 0000000..ed38702
--- /dev/null
+++ b/forward_evidence/resource_id_mapper.py
@@ -0,0 +1,14 @@
+import json
+
+try:
+    f = open('resource_id_map.json')
+    map = json.load(f)
+    f.close()
+except:
+    map = {}
+
+def map_resource_id(name):
+    if name in map:
+        return map[name]
+    else:
+        return name
diff --git a/resource_id_map.json b/resource_id_map.json
new file mode 100644
index 0000000..71d7661
--- /dev/null
+++ b/resource_id_map.json
@@ -0,0 +1,5 @@
+{
+    "manager": "wazuh_manager",
+    "agent1": "test_agent_1",
+    "agent2": "test_agent_2"
+}
\ No newline at end of file
diff --git a/wazuh_evidence_collector/wazuh_evidence_collector.py b/wazuh_evidence_collector/wazuh_evidence_collector.py
index c13a063..4278cb1 100644
--- a/wazuh_evidence_collector/wazuh_evidence_collector.py
+++ b/wazuh_evidence_collector/wazuh_evidence_collector.py
@@ -133,8 +133,7 @@ def generate_evidence(agent, checker):
     else: 
         malware_protection["malwareProtection"].update({ "applicationLogging": { "enabled": False, "loggingService": [], "retentionPeriod": None }})
 
-    # TODO: change ID
-    resource = create_resource(agent[0], agent[1], None, malware_protection)
+    resource = create_resource(agent[1], None, malware_protection)
     return create_assessevidence_request(get_id(), "evidence_collector_service", get_tool_id(), raw_evidence, resource)
 
 if __name__ == "__main__":
-- 
GitLab