Add malwareProtectionOutput metric

Separate malware protection evidence

Data combined in single evidence, updated output struct

Fixed Python image in Dockerfile

wazuh_evidence_collector/wazuh_evidence_collector.py

@@ -90,15 +90,13 @@ def run_collector():
 def generate_evidence(agent, checker):
     raw_evidence = []
 
+    # MalwareProtectionEnabled
     evidence, result_syscheck = checker.check_syscheck(agent)
     raw_evidence.append(evidence)
 
     evidence, result_rootcheck = checker.check_rootcheck(agent)
     raw_evidence.append(evidence)
 
-    evidence, result_alert_integration = checker.check_alert_integrations()
-    raw_evidence.append(evidence)
-
     evidence, result_virus_total = checker.check_virus_total_integration()
     raw_evidence.append(evidence)
 
@@ -108,13 +106,21 @@ def generate_evidence(agent, checker):
     evidence, result_clamd_logs = checker.check_clamd_logs_elastic(agent)
     raw_evidence.append(evidence)
 
-    # TODO: 
-    if result_syscheck and result_rootcheck and result_alert_integration and \
+    if result_syscheck and result_rootcheck and \
         (result_virus_total or (result_clamd_process and result_clamd_logs)):
         malware_protection = { "malwareProtection": { "enabled": True }}
     else: 
         malware_protection = { "malwareProtection": { "enabled": False }}
 
+    # MalwareProtectionOutput
+    evidence, result_alert_integration = checker.check_alert_integrations()
+    raw_evidence.append(evidence)
+
+    if result_alert_integration:
+        malware_protection["malwareProtection"].update({ "output": [agent[0]] })
+    else: 
+        malware_protection["malwareProtection"].update({ "output": [] })
+
     # TODO: change ID
     resource = create_resource(agent[0], agent[1], None, malware_protection)
     return create_assessevidence_request(get_id(), "evidence_collector_service", get_tool_id(), raw_evidence, resource)