Skip to content
Snippets Groups Projects
Commit 2eb0fa06 authored by Matevz Erzen's avatar Matevz Erzen
Browse files

Merge branch 'resource-id-mapping' into 'master'

Resource ID mapping

See merge request medina/evidence-collector!11
parents a8a65509 2a3f602f
No related branches found
No related tags found
No related merge requests found
......@@ -11,3 +11,4 @@ test/
venv/
env/
.env
resource_id_map.json
\ No newline at end of file
VERSION=v0.0.12
VERSION=v0.0.13
SERVICE=evidence-collector
......@@ -2,4 +2,9 @@ build:
docker build -t evidence-collector .
run:
docker run --env-file .env evidence-collector
docker run --env-file .env -v ${PWD}/resource_id_map.json:/evidence-collector/resource_id_map.json --name evidence-collector evidence-collector
stop-and-clean:
docker stop evidence-collector || \
docker rm evidence-collector || \
docker volume rm resource_id_map.json
\ No newline at end of file
......@@ -104,6 +104,22 @@ All of the following environment variables have to be set (or passed to containe
| `clouditor_client_id` | Clouditor OAuth2 default id. Default value `clouditor`. |
| `clouditor_client_secret` | Clouditor OAuth2 default secret. Default value `clouditor`. |
### Medina resource ID mapping
Resource IDs used to generate evidence resources can be easily mapped to required values. In case ID isn't set, Evidence collector will use `name` parameter acquired from Wazuh - which is set to machine's hostname, unless explicitly set to something else.
IDs can be set as `key:value` pairs inside `resource_id_map.json` file, that is later passed to Docker container:
```
{
"manager": "wazuh_manager",
"agent1": "test_agent_1",
"agent2": "test_agent_2"
}
```
Where `key` represents Wazuh's `name` parameter (machine's hostname) and `value` equals to string `name` will be mapped to.
### Generate gRPC code from `.proto` files
```
......
import json
from forward_evidence.resource_id_mapper import map_resource_id
from grpc_gen.assessment_pb2 import AssessEvidenceRequest
# Used if user doesn't provide other
_default_resource_type = ["VirtualMachine", "Compute", "Resource"]
def create_resource(id, name, type, property_list):
def create_resource(name, type, property_list):
resource = {
"id": str(id),
"id": str(map_resource_id(name)),
"name": str(name),
"type": type if type is not None else _default_resource_type
}
......
import json
try:
f = open('resource_id_map.json')
map = json.load(f)
f.close()
except:
map = {}
def map_resource_id(name):
if name in map:
return map[name]
else:
return name
{
"manager": "wazuh_manager",
"agent1": "test_agent_1",
"agent2": "test_agent_2"
}
\ No newline at end of file
......@@ -133,8 +133,7 @@ def generate_evidence(agent, checker):
else:
malware_protection["malwareProtection"].update({ "applicationLogging": { "enabled": False, "loggingService": [], "retentionPeriod": None }})
# TODO: change ID
resource = create_resource(agent[0], agent[1], None, malware_protection)
resource = create_resource(agent[1], None, malware_protection)
return create_assessevidence_request(get_id(), "evidence_collector_service", get_tool_id(), raw_evidence, resource)
if __name__ == "__main__":
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment