initial

.gitignore

+__pycache__/
+*.pyc
+*$py.class
+.idea/

verifier.py

+from wazuhclient import WazuhClient
+
+
+wc = WazuhClient('192.168.33.10', 55000, 'wazuh-wui', 'wazuh-wui')
+
+agents = wc.req('GET', 'agents')
+rules = wc.req('GET', 'rules')
+print(agents)
+print(rules)
+
+syscheck1 = wc.req('GET', 'manager/configuration/mail/global') # check if mail or any integration service (integrator/integrations) are enabled -> automatic monitoring
+print(syscheck1)
+rules1 = wc.req('GET', 'agents/001/config/syscheck/internal') # SYSCHECK
+print(rules1)
+print(wc.req('GET', 'agents/001/config/syscheck/rootcheck')) # ROOTCHECK
+
+print(wc.req('GET', 'sca/001'))
+
+# TODO how to check integration with virustotal and/or ClamAV ??
\ No newline at end of file

wazuhclient.py

+import json
+import urllib3
+
+
+class WazuhClient:
+	
+	def __init__(self, ip, port, username, password):
+		self._ip = ip
+		self._port = port
+		self._username = username
+		self._password = password
+		self._auth_token = None
+	
+	def req(self, method, resource, data=None, headers={}, auth_retry=True):
+		# TODO add cert verification
+		c = urllib3.HTTPSConnectionPool(self._ip, port=self._port, cert_reqs='CERT_NONE', assert_hostname=False)
+		url = "https://%s:%i/%s" % (self._ip, self._port, resource)
+		
+		headers['Content-Type'] = 'application/json'
+		if self._auth_token:
+			headers['Authorization'] = 'Bearer %s' % self._auth_token
+		
+		resp = c.request(method, url, headers=headers, body=data)
+		if resp.status == 401:
+			if not auth_retry:
+				raise Exception("Authentication Error")
+			self._auth_token = None
+			self._login()
+			return self.req(method, resource, data, headers, auth_retry=False)
+		
+		return json.loads(resp.data)
+	
+	def _login(self):
+		login_endpoint = 'security/user/authenticate'
+		basic_auth = "%s:%s" % (self._username, self._password)
+		resp = self.req('GET', login_endpoint, headers=urllib3.make_headers(basic_auth=basic_auth), auth_retry=False)
+		self._auth_token = resp['data']['token']