diff --git a/wazuh_evidence_collector/wazuh_evidence_collector.py b/wazuh_evidence_collector/wazuh_evidence_collector.py index a24c5c41aa25976da4012f68ae2203d0cc1d1b79..f9eed214d69f0bde4ff460e3703137d820875fe0 100644 --- a/wazuh_evidence_collector/wazuh_evidence_collector.py +++ b/wazuh_evidence_collector/wazuh_evidence_collector.py @@ -115,7 +115,7 @@ def generate_evidence(wc, es, agent): integrations = body['data']['affected_items'][0]['integration'] slack_notifications = pagerduty_notifications = False - + for integration in integrations: if integration['name'] == 'slack': slack_notifications = True @@ -138,7 +138,7 @@ def generate_evidence(wc, es, agent): integrations = body['data']['affected_items'][0]['integration'] measurement_result = False - + for integration in integrations: if integration['name'] == 'virustotal': measurement_result = True @@ -181,22 +181,22 @@ def generate_evidence(wc, es, agent): evidence, result_rootcheck = check_rootcheck(wc, agent) raw_evidence.append(evidence) - - evidence, result_aler_integration = check_alert_integrations(wc) + + evidence, result_alert_integration = check_alert_integrations(wc) raw_evidence.append(evidence) evidence, result_virus_total = check_virus_total_integration(wc) raw_evidence.append(evidence) - evidence, result_lamd_process = check_clamd_process(wc, agent) + evidence, result_clamd_process = check_clamd_process(wc, agent) raw_evidence.append(evidence) - + evidence, result_clamd_logs = check_clamd_logs_elastic(es, agent) raw_evidence.append(evidence) # TODO: - if result_syscheck and result_rootcheck and result_aler_integration and \ - (result_virus_total or (result_lamd_process and result_clamd_logs)): + if result_syscheck and result_rootcheck and result_alert_integration and \ + (result_virus_total or (result_clamd_process and result_clamd_logs)): malware_protection = { "malwareProtection": { "enabled": True }} else: malware_protection = { "malwareProtection": { "enabled": False }}