Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Attach agent information in communication to the server #256

Closed
Tracked by #241
vikman90 opened this issue Oct 28, 2024 · 4 comments · Fixed by #277
Closed
Tracked by #241

Attach agent information in communication to the server #256

vikman90 opened this issue Oct 28, 2024 · 4 comments · Fixed by #277
Assignees
Labels
level/task Task issue module/agent mvp Minimum Viable Product refinement type/enhancement Enhancement issue

Comments

@vikman90
Copy link
Member

vikman90 commented Oct 28, 2024

Parent Issue: #241

When the agent registers, it must send information about itself to the server:

  • IP address
  • Operating system
  • Agent version

This information must also be attached to the metadata headers in stateful and stateless messages.

@wazuhci wazuhci moved this to Backlog in Release 5.0.0 Oct 28, 2024
@vikman90 vikman90 added mvp Minimum Viable Product refinement and removed mvp labels Oct 29, 2024
@TomasTurina TomasTurina self-assigned this Oct 31, 2024
@wazuhci wazuhci moved this from Backlog to In progress in Release 5.0.0 Oct 31, 2024
@TomasTurina
Copy link
Member

Update

Working on new definition (new message structure). The structure of the registration request is still missing.

@TomasTurina
Copy link
Member

TomasTurina commented Nov 5, 2024

Messages format

Registration request

  • API: Server Management

Authentication:

  • Endpoint: /security/user/authenticate

  • Method: POST

  • Headers:

    • Authorization: Basic base64(user:pass)
    • User_agent:
      • version: VERSION
      • type: Endpoint
      • arch: ARCH
      • platform: PLATFORM

Example: WazuhXDR/5.0.0 (Endpoint; x86_64; Linux)

  • Body: empty

Registration

  • Endpoint: /agents

  • Method: POST

  • Headers:

    • Authorization: Bearer token
    • User_agent:
      • version: VERSION
      • type: Endpoint
      • arch: ARCH
      • platform: PLATFORM

Example: WazuhXDR/5.0.0 (Endpoint; x86_64; Linux)

  • Body: json
    • id: UUID
    • key: alphanumeric (32 characters)
    • type: Endpoint
    • version: VERSION
    • groups: [GROUPS]
    • hosts:
      • os:
        • name: OS
        • platform: PLATFORM
      • arch: ARCH
      • hostname: HOSTNAME
      • ip: IP (primary)

Example:

{
    "agent": {
        "groups": [],
        "host": {
            "architecture": "aarch64",
            "hostname": "tomas",
            "ip": "172.20.0.1",
            "os": {
                "name": "Ubuntu",
                "platform": "Linux"
            }
        },
        "id": "sldkfjoqwvnskdsoif",
        "key": "oiefsakjndwreoguiweo",
        "type": "Endpoint",
        "version": "5.0.0"
    }
}

Stateful/stateless requests

  • API: Agent Comms

Authentication:

  • Endpoint: /api/v1/authentication

  • Method: POST

  • Headers:

    • User_agent:
      • version: VERSION
      • type: Endpoint
      • arch: ARCH
      • platform: PLATFORM

Example: WazuhXDR/5.0.0 (Endpoint; x86_64; Linux)

  • Body: json
    • uuid: UUID
    • key: alphanumeric (32 characters)

Example:

{ 
    "uuid": "UUID", 
    "key": "7b8276c3bf96aff5709346d368f04fed"
} 

Sateful/stateless

  • Endpoint: /api/v1/events/stateful /api/v1/events/stateless

  • Method: POST

  • Headers:

    • Authorization: Bearer token
    • User_agent:
      • version: VERSION
      • type: Endpoint
      • arch: ARCH
      • platform: PLATFORM

Example: WazuhXDR/5.0.0 (Endpoint; x86_64; Linux)

  • Body: json
    • id: UUID
    • type: Endpoint
    • version: VERSION
    • groups: [GROUPS]
    • hosts:
      • os:
        • name: OS
        • platform: PLATFORM
      • arch: ARCH
      • hostname: HOSTNAME
      • ip: IP (primary)

Example:

{
    "agent": {
        "groups": [],
        "host": {
            "architecture": "aarch64",
            "hostname": "tomas",
            "ip": "172.20.0.1",
            "os": {
                "name": "Ubuntu",
                "platform": "Linux"
            }
        },
        "id": "sldkfjoqwvnskdsoif",
        "type": "Endpoint",
        "version": "5.0.0"
    }
}

@Nicogp
Copy link
Member

Nicogp commented Nov 6, 2024

Work update

2024/11/05

  • I added the changes to the AgentInfo class to obtain and return the necessary information for the queries.

2024/11/06

  • I have been doing manual tests
  • I have been trying to mock the server, so far without much success.
  • I have been reviewing the changes

2024/11/07

  • I created a mock of the server
  • PR created and in review

2024/11/08

  • I have made the changes requested in the review.
  • I added more functionalities
    • Save received queries in a file and delete already sent responses to avoid duplication of events.
  • I performed manual testing of this issue with the mock

@TomasTurina
Copy link
Member

PR ready for review. Pending some tests.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
level/task Task issue module/agent mvp Minimum Viable Product refinement type/enhancement Enhancement issue
Projects
Status: Done
Development

Successfully merging a pull request may close this issue.

3 participants