diff --git a/evidence.py b/evidence.py
index 16d50529ccf6202f8372a3eb701004d07c60857e..d3229b0d82dfd9752fd65aff054f72aaa26ea2a1 100644
--- a/evidence.py
+++ b/evidence.py
@@ -13,8 +13,9 @@ class Evidence:
self.measurement_result = measurement_result
self.body = body
- def get_json(self):
+ def toJson(self):
return json.dumps(self.__dict__)
def simple_evidence(evidence_id, timestamp, measurement_result, body):
return Evidence(evidence_id, timestamp, None, None, None, None, None, measurement_result, body)
+
\ No newline at end of file
diff --git a/verifier.py b/verifier.py
index eb190bd6b09128cdb2f97f42b79e0acbbd52503b..bd33d20d1d6f93e6232f32326e6255d528c15a28 100644
--- a/verifier.py
+++ b/verifier.py
@@ -2,11 +2,19 @@ from wazuhclient import WazuhClient
from evidence import Evidence, simple_evidence
from random import randint
from sys import maxsize
-import json
-import pprint
+from datetime import datetime
wc = WazuhClient('192.168.33.10', 55000, 'wazuh-wui', 'wazuh-wui')
+# Get (temporary) ID
+def get_id(reqId):
+ return reqId + '-' + str(randint(0, maxsize))
+
+# Get timestamp (can be changed according to our preferences)
+def get_timestamp():
+ ts = datetime.utcnow()
+
+ return ts.strftime('%Y-%m-%dT%H:%M:%SZ')
# Get list of all agent ids (including manager's)
def get_agents(wc):
@@ -18,27 +26,28 @@ def get_agents(wc):
return body, agents_ids
-
# Check if syscheck enabled
-def get_syscheck(wc, agent_id):
+def check_syscheck(wc, agent_id):
body = wc.req('GET', 'agents/' + agent_id + '/config/syscheck/syscheck')
measurement_result = ('true' if body['data']['syscheck']['disabled'] == 'no' else 'false')
- return body, measurement_result
+ evidence = simple_evidence(get_id('05.3'), get_timestamp(), measurement_result, body)
+ return evidence
# Check if rootcheck enabled
-def get_rootcheck(wc, agent_id):
+def check_rootcheck(wc, agent_id):
body = wc.req('GET', 'agents/' + agent_id + '/config/syscheck/rootcheck')
measurement_result = ('true' if body['data']['rootcheck']['disabled'] == 'no' else 'false')
- return body, measurement_result
+ evidence = simple_evidence(get_id('05.3'), get_timestamp(), measurement_result, body)
+ return evidence
# Check if there's at least one valid alerting service
-def get_alert_integrations(wc):
+def check_alert_integrations(wc):
body = wc.req('GET', 'manager/configuration')
# Check email notifications integration
@@ -64,7 +73,43 @@ def get_alert_integrations(wc):
measurement_result = ('true' if email_notifications or slack_notifications or pagerduty_notifications else 'false')
- return body, measurement_result
+ evidence = simple_evidence(get_id('05.3'), get_timestamp(), measurement_result, body)
+
+ return evidence
+
+# Check for VirusTotal integration
+def check_virus_total_integration(wc):
+ body = wc.req('GET', 'manager/configuration')
+
+ # Check VirusTotal integration
+ try:
+ integrations = body['data']['affected_items'][0]['integration']
+
+ measurement_result = 'false'
+
+ for integration in integrations:
+ if integration['name'] == 'virustotal':
+ measurement_result = 'true'
+ break
+ except:
+ measurement_result = 'false'
+
+ evidence = simple_evidence(get_id('05.3'), get_timestamp(), measurement_result, body)
+
+ return evidence
+
+# Check last Syscheck & Rootcheck scan times
+def check_last_scan_time(wc, agent_id):
+ body = wc.req('GET', 'syscheck/' + agent_id + '/last_scan')
+
+ measurement_result = body['data']['affected_items'][0]['end']
+
+ evidence1 = simple_evidence(get_id('05.4'), get_timestamp(), measurement_result, body)
+
+ body = wc.req('GET', 'rootcheck/' + agent_id + '/last_scan')
+
+ measurement_result = body['data']['affected_items'][0]['end']
+ evidence2 = simple_evidence(get_id('05.4'), get_timestamp(), measurement_result, body)
-#pprint.pprint(wc.req('GET', 'sca/000'))
\ No newline at end of file
+ return evidence1, evidence2
diff --git a/wazuhclient.py b/wazuhclient.py
index 6f75b32beeeb7b4968fb48c3e555eb612d1cc6c2..fe1eb310a7388ba59f2973ef864d12093b85b260 100644
--- a/wazuhclient.py
+++ b/wazuhclient.py
@@ -1,7 +1,6 @@
import json
import urllib3
-
class WazuhClient:
def __init__(self, ip, port, username, password):