diff --git a/evidence.py b/evidence.py index 16d50529ccf6202f8372a3eb701004d07c60857e..d3229b0d82dfd9752fd65aff054f72aaa26ea2a1 100644 --- a/evidence.py +++ b/evidence.py @@ -13,8 +13,9 @@ class Evidence: self.measurement_result = measurement_result self.body = body - def get_json(self): + def toJson(self): return json.dumps(self.__dict__) def simple_evidence(evidence_id, timestamp, measurement_result, body): return Evidence(evidence_id, timestamp, None, None, None, None, None, measurement_result, body) + \ No newline at end of file diff --git a/verifier.py b/verifier.py index eb190bd6b09128cdb2f97f42b79e0acbbd52503b..bd33d20d1d6f93e6232f32326e6255d528c15a28 100644 --- a/verifier.py +++ b/verifier.py @@ -2,11 +2,19 @@ from wazuhclient import WazuhClient from evidence import Evidence, simple_evidence from random import randint from sys import maxsize -import json -import pprint +from datetime import datetime wc = WazuhClient('192.168.33.10', 55000, 'wazuh-wui', 'wazuh-wui') +# Get (temporary) ID +def get_id(reqId): + return reqId + '-' + str(randint(0, maxsize)) + +# Get timestamp (can be changed according to our preferences) +def get_timestamp(): + ts = datetime.utcnow() + + return ts.strftime('%Y-%m-%dT%H:%M:%SZ') # Get list of all agent ids (including manager's) def get_agents(wc): @@ -18,27 +26,28 @@ def get_agents(wc): return body, agents_ids - # Check if syscheck enabled -def get_syscheck(wc, agent_id): +def check_syscheck(wc, agent_id): body = wc.req('GET', 'agents/' + agent_id + '/config/syscheck/syscheck') measurement_result = ('true' if body['data']['syscheck']['disabled'] == 'no' else 'false') - return body, measurement_result + evidence = simple_evidence(get_id('05.3'), get_timestamp(), measurement_result, body) + return evidence # Check if rootcheck enabled -def get_rootcheck(wc, agent_id): +def check_rootcheck(wc, agent_id): body = wc.req('GET', 'agents/' + agent_id + '/config/syscheck/rootcheck') measurement_result = ('true' if body['data']['rootcheck']['disabled'] == 'no' else 'false') - return body, measurement_result + evidence = simple_evidence(get_id('05.3'), get_timestamp(), measurement_result, body) + return evidence # Check if there's at least one valid alerting service -def get_alert_integrations(wc): +def check_alert_integrations(wc): body = wc.req('GET', 'manager/configuration') # Check email notifications integration @@ -64,7 +73,43 @@ def get_alert_integrations(wc): measurement_result = ('true' if email_notifications or slack_notifications or pagerduty_notifications else 'false') - return body, measurement_result + evidence = simple_evidence(get_id('05.3'), get_timestamp(), measurement_result, body) + + return evidence + +# Check for VirusTotal integration +def check_virus_total_integration(wc): + body = wc.req('GET', 'manager/configuration') + + # Check VirusTotal integration + try: + integrations = body['data']['affected_items'][0]['integration'] + + measurement_result = 'false' + + for integration in integrations: + if integration['name'] == 'virustotal': + measurement_result = 'true' + break + except: + measurement_result = 'false' + + evidence = simple_evidence(get_id('05.3'), get_timestamp(), measurement_result, body) + + return evidence + +# Check last Syscheck & Rootcheck scan times +def check_last_scan_time(wc, agent_id): + body = wc.req('GET', 'syscheck/' + agent_id + '/last_scan') + + measurement_result = body['data']['affected_items'][0]['end'] + + evidence1 = simple_evidence(get_id('05.4'), get_timestamp(), measurement_result, body) + + body = wc.req('GET', 'rootcheck/' + agent_id + '/last_scan') + + measurement_result = body['data']['affected_items'][0]['end'] + evidence2 = simple_evidence(get_id('05.4'), get_timestamp(), measurement_result, body) -#pprint.pprint(wc.req('GET', 'sca/000')) \ No newline at end of file + return evidence1, evidence2 diff --git a/wazuhclient.py b/wazuhclient.py index 6f75b32beeeb7b4968fb48c3e555eb612d1cc6c2..fe1eb310a7388ba59f2973ef864d12093b85b260 100644 --- a/wazuhclient.py +++ b/wazuhclient.py @@ -1,7 +1,6 @@ import json import urllib3 - class WazuhClient: def __init__(self, ip, port, username, password):