diff --git a/.dockerignore b/.dockerignore index 76be2e3f6f0d3344c48464af151baa6dcbffdd4b..3a2b6248966cdb15a7052412832feb986f7f0b09 100644 --- a/.dockerignore +++ b/.dockerignore @@ -10,4 +10,5 @@ dump.rdb test/ venv/ env/ -.env \ No newline at end of file +.env +resource_id_map.json \ No newline at end of file diff --git a/MANIFEST b/MANIFEST index 2bde23df0a2173d6034bad9a93a9c6d4b948c8aa..ab968346af5f42372ec6f43df6fa07085d0bcb87 100644 --- a/MANIFEST +++ b/MANIFEST @@ -1,2 +1,2 @@ -VERSION=v0.0.12 +VERSION=v0.0.13 SERVICE=evidence-collector diff --git a/Makefile b/Makefile index ea933d047636462aa129883b6e8c7da12be83aaf..c4e391d3a2879cfc74e59b0382332b5593f98a54 100644 --- a/Makefile +++ b/Makefile @@ -2,4 +2,9 @@ build: docker build -t evidence-collector . run: - docker run --env-file .env evidence-collector + docker run --env-file .env -v ${PWD}/resource_id_map.json:/evidence-collector/resource_id_map.json --name evidence-collector evidence-collector + +stop-and-clean: + docker stop evidence-collector || \ + docker rm evidence-collector || \ + docker volume rm resource_id_map.json \ No newline at end of file diff --git a/README.md b/README.md index 01e8f72f433fe3e25848b15729769487127efd04..4d61a10022150dcbf47393e8e14aa285666d9354 100644 --- a/README.md +++ b/README.md @@ -104,6 +104,22 @@ All of the following environment variables have to be set (or passed to containe | `clouditor_client_id` | Clouditor OAuth2 default id. Default value `clouditor`. | | `clouditor_client_secret` | Clouditor OAuth2 default secret. Default value `clouditor`. | +### Medina resource ID mapping + +Resource IDs used to generate evidence resources can be easily mapped to required values. In case ID isn't set, Evidence collector will use `name` parameter acquired from Wazuh - which is set to machine's hostname, unless explicitly set to something else. + +IDs can be set as `key:value` pairs inside `resource_id_map.json` file, that is later passed to Docker container: + +``` +{ + "manager": "wazuh_manager", + "agent1": "test_agent_1", + "agent2": "test_agent_2" +} +``` + +Where `key` represents Wazuh's `name` parameter (machine's hostname) and `value` equals to string `name` will be mapped to. + ### Generate gRPC code from `.proto` files ``` diff --git a/forward_evidence/generate_evidence.py b/forward_evidence/generate_evidence.py index c8a5a6b3de7f2ad1e966e1cf6ff66b718f318d60..1375b6796ccfc6074a1057a3728f3c1e6c33eb2f 100644 --- a/forward_evidence/generate_evidence.py +++ b/forward_evidence/generate_evidence.py @@ -1,12 +1,13 @@ import json +from forward_evidence.resource_id_mapper import map_resource_id from grpc_gen.assessment_pb2 import AssessEvidenceRequest # Used if user doesn't provide other _default_resource_type = ["VirtualMachine", "Compute", "Resource"] -def create_resource(id, name, type, property_list): +def create_resource(name, type, property_list): resource = { - "id": str(id), + "id": str(map_resource_id(name)), "name": str(name), "type": type if type is not None else _default_resource_type } diff --git a/forward_evidence/resource_id_mapper.py b/forward_evidence/resource_id_mapper.py new file mode 100644 index 0000000000000000000000000000000000000000..ed38702290ac3269b63193f8a658362e98b26a5b --- /dev/null +++ b/forward_evidence/resource_id_mapper.py @@ -0,0 +1,14 @@ +import json + +try: + f = open('resource_id_map.json') + map = json.load(f) + f.close() +except: + map = {} + +def map_resource_id(name): + if name in map: + return map[name] + else: + return name diff --git a/resource_id_map.json b/resource_id_map.json new file mode 100644 index 0000000000000000000000000000000000000000..71d766133ab42d50c3dd02e916c20dee22c47087 --- /dev/null +++ b/resource_id_map.json @@ -0,0 +1,5 @@ +{ + "manager": "wazuh_manager", + "agent1": "test_agent_1", + "agent2": "test_agent_2" +} \ No newline at end of file diff --git a/wazuh_evidence_collector/wazuh_evidence_collector.py b/wazuh_evidence_collector/wazuh_evidence_collector.py index c13a063929527aae82c002c2b3bf3f44af90caf8..4278cb1e02ea483b60afa190262f263dcaedcd28 100644 --- a/wazuh_evidence_collector/wazuh_evidence_collector.py +++ b/wazuh_evidence_collector/wazuh_evidence_collector.py @@ -133,8 +133,7 @@ def generate_evidence(agent, checker): else: malware_protection["malwareProtection"].update({ "applicationLogging": { "enabled": False, "loggingService": [], "retentionPeriod": None }}) - # TODO: change ID - resource = create_resource(agent[0], agent[1], None, malware_protection) + resource = create_resource(agent[1], None, malware_protection) return create_assessevidence_request(get_id(), "evidence_collector_service", get_tool_id(), raw_evidence, resource) if __name__ == "__main__":