From da2ef32f4b7a6e8fcbcbeac3dde4d76a3e808ea8 Mon Sep 17 00:00:00 2001
From: Drazen <drazen.szep@codeenigma.com>
Date: Tue, 25 Jun 2024 11:21:55 +0200
Subject: [PATCH 1/5] Updating-wazuh-vars

---
 roles/debian/wazuh/defaults/main.yml | 14 +++++++++++++-
 roles/debian/wazuh/tasks/main.yml    |  1 +
 2 files changed, 14 insertions(+), 1 deletion(-)

diff --git a/roles/debian/wazuh/defaults/main.yml b/roles/debian/wazuh/defaults/main.yml
index d614bc565..6deee76fd 100644
--- a/roles/debian/wazuh/defaults/main.yml
+++ b/roles/debian/wazuh/defaults/main.yml
@@ -83,7 +83,19 @@ wazuh:
     wazuh_manager_email_log_source: alerts.log
     wazuh_manager_log_level: 3
     wazuh_manager_email_level: 12
-    wazuh_manager_globals: 1.1.1.1
+    wazuh_manager_active_responses:
+      - command: "firewall-drop"
+        location: "all"
+        rules_id: "31151,5712,104130,101071,101132,101238,101251,103011"
+        repeated_offenders: "30,60,120"
+        timeout: 600
+      - command: "firewall-drop"
+        location: "all"
+        rules_id: "100205"
+        repeated_offenders: "30,60,120"
+        timeout: 3600
+    wazuh_manager_globals:
+      - '1.1.1.1'
     agent_groups: [] # maps to `groups` string in agent config above
     wazuh_manager_extra_emails: [] # list of additional emails to send, e.g.
       #- enable: true
diff --git a/roles/debian/wazuh/tasks/main.yml b/roles/debian/wazuh/tasks/main.yml
index 3a4924cc9..e96550727 100644
--- a/roles/debian/wazuh/tasks/main.yml
+++ b/roles/debian/wazuh/tasks/main.yml
@@ -58,6 +58,7 @@
     wazuh_manager_email_log_source: "{{ wazuh.manager.wazuh_manager_email_log_source }}"
     wazuh_manager_log_level: "{{ wazuh.manager.wazuh_manager_log_level }}"
     wazuh_manager_globals: "{{ wazuh.manager.wazuh_manager_globals }}"
+    wazuh_manager_active_responses: "{{ wazuh.manager.wazuh_manager_active_responses }}"
     wazuh_manager_email_level: "{{ wazuh.manager.wazuh_manager_email_level }}"
     wazuh_manager_extra_emails: "{{ wazuh.manager.wazuh_manager_extra_emails }}"
     wazuh_manager_reports: "{{ wazuh.manager.wazuh_manager_reports }}"

From 3a3cf0995197fe66723aefbc63c500419334c502 Mon Sep 17 00:00:00 2001
From: Drazen <drazen.szep@codeenigma.com>
Date: Tue, 25 Jun 2024 13:02:41 +0200
Subject: [PATCH 2/5] Updating-manager-vars

---
 roles/debian/wazuh/tasks/main.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/roles/debian/wazuh/tasks/main.yml b/roles/debian/wazuh/tasks/main.yml
index e96550727..0bcdab5a2 100644
--- a/roles/debian/wazuh/tasks/main.yml
+++ b/roles/debian/wazuh/tasks/main.yml
@@ -58,7 +58,7 @@
     wazuh_manager_email_log_source: "{{ wazuh.manager.wazuh_manager_email_log_source }}"
     wazuh_manager_log_level: "{{ wazuh.manager.wazuh_manager_log_level }}"
     wazuh_manager_globals: "{{ wazuh.manager.wazuh_manager_globals }}"
-    wazuh_manager_active_responses: "{{ wazuh.manager.wazuh_manager_active_responses }}"
+    wazuh_manager_active_responses: "{{ wazuh.manager.wazuh_manager_config.active_responses }}"
     wazuh_manager_email_level: "{{ wazuh.manager.wazuh_manager_email_level }}"
     wazuh_manager_extra_emails: "{{ wazuh.manager.wazuh_manager_extra_emails }}"
     wazuh_manager_reports: "{{ wazuh.manager.wazuh_manager_reports }}"

From fec2cbe348f39d6b0be9cf9348141161132ee156 Mon Sep 17 00:00:00 2001
From: Drazen <drazen.szep@codeenigma.com>
Date: Tue, 25 Jun 2024 13:34:57 +0200
Subject: [PATCH 3/5] Updating-wazuh-manager-active-response

---
 roles/debian/wazuh/tasks/main.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/roles/debian/wazuh/tasks/main.yml b/roles/debian/wazuh/tasks/main.yml
index 0bcdab5a2..e810b026a 100644
--- a/roles/debian/wazuh/tasks/main.yml
+++ b/roles/debian/wazuh/tasks/main.yml
@@ -58,7 +58,7 @@
     wazuh_manager_email_log_source: "{{ wazuh.manager.wazuh_manager_email_log_source }}"
     wazuh_manager_log_level: "{{ wazuh.manager.wazuh_manager_log_level }}"
     wazuh_manager_globals: "{{ wazuh.manager.wazuh_manager_globals }}"
-    wazuh_manager_active_responses: "{{ wazuh.manager.wazuh_manager_config.active_responses }}"
+    wazuh_manager_config.active_responses: "{{ wazuh.manager.wazuh_manager_config.active_responses }}"
     wazuh_manager_email_level: "{{ wazuh.manager.wazuh_manager_email_level }}"
     wazuh_manager_extra_emails: "{{ wazuh.manager.wazuh_manager_extra_emails }}"
     wazuh_manager_reports: "{{ wazuh.manager.wazuh_manager_reports }}"

From 60d433d9d0f602ce6373787a41391ffdd91743ba Mon Sep 17 00:00:00 2001
From: Drazen <drazen.szep@codeenigma.com>
Date: Tue, 25 Jun 2024 13:36:33 +0200
Subject: [PATCH 4/5] Updating-wazuh-manager-active-response-2x

---
 roles/debian/wazuh/defaults/main.yml | 23 ++++++++++++-----------
 1 file changed, 12 insertions(+), 11 deletions(-)

diff --git a/roles/debian/wazuh/defaults/main.yml b/roles/debian/wazuh/defaults/main.yml
index 6deee76fd..d90f17991 100644
--- a/roles/debian/wazuh/defaults/main.yml
+++ b/roles/debian/wazuh/defaults/main.yml
@@ -83,17 +83,18 @@ wazuh:
     wazuh_manager_email_log_source: alerts.log
     wazuh_manager_log_level: 3
     wazuh_manager_email_level: 12
-    wazuh_manager_active_responses:
-      - command: "firewall-drop"
-        location: "all"
-        rules_id: "31151,5712,104130,101071,101132,101238,101251,103011"
-        repeated_offenders: "30,60,120"
-        timeout: 600
-      - command: "firewall-drop"
-        location: "all"
-        rules_id: "100205"
-        repeated_offenders: "30,60,120"
-        timeout: 3600
+    wazuh_manager_config:
+      active_responses:
+        - command: "firewall-drop"
+          location: "all"
+          rules_id: "31151,5712,104130,101071,101132,101238,101251,103011"
+          repeated_offenders: "30,60,120"
+          timeout: 600
+        - command: "firewall-drop"
+          location: "all"
+          rules_id: "100205"
+          repeated_offenders: "30,60,120"
+          timeout: 3600
     wazuh_manager_globals:
       - '1.1.1.1'
     agent_groups: [] # maps to `groups` string in agent config above

From 104d086b0f41afdeeaa5623d756e18126ae805d1 Mon Sep 17 00:00:00 2001
From: Drazen <drazen.szep@codeenigma.com>
Date: Tue, 25 Jun 2024 13:50:36 +0200
Subject: [PATCH 5/5] Fixing-wazuh-broken-pipeline

---
 roles/debian/wazuh/tasks/main.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/roles/debian/wazuh/tasks/main.yml b/roles/debian/wazuh/tasks/main.yml
index e810b026a..32e2e8ac3 100644
--- a/roles/debian/wazuh/tasks/main.yml
+++ b/roles/debian/wazuh/tasks/main.yml
@@ -58,7 +58,7 @@
     wazuh_manager_email_log_source: "{{ wazuh.manager.wazuh_manager_email_log_source }}"
     wazuh_manager_log_level: "{{ wazuh.manager.wazuh_manager_log_level }}"
     wazuh_manager_globals: "{{ wazuh.manager.wazuh_manager_globals }}"
-    wazuh_manager_config.active_responses: "{{ wazuh.manager.wazuh_manager_config.active_responses }}"
+    wazuh_manager_config_active_responses: "{{ wazuh.manager.wazuh_manager_config.active_responses }}"
     wazuh_manager_email_level: "{{ wazuh.manager.wazuh_manager_email_level }}"
     wazuh_manager_extra_emails: "{{ wazuh.manager.wazuh_manager_extra_emails }}"
     wazuh_manager_reports: "{{ wazuh.manager.wazuh_manager_reports }}"