Skip to content

Commit

Permalink
Update wazuh-states-vulnerabilities index mapping (#191)
Browse files Browse the repository at this point in the history
* Update wazuh-states-vulnerabilities index mapping

* Extend ECS Vulnerability fields
  • Loading branch information
AlexRuiz7 authored Mar 26, 2024
1 parent 0958ec3 commit 1229b53
Show file tree
Hide file tree
Showing 5 changed files with 26 additions and 6 deletions.
2 changes: 1 addition & 1 deletion ecs/generate.sh
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,7 @@ generate_mappings() {

# Generate mappings
python scripts/generator.py --strict --ref "$ECS_VERSION" \
--include "$IN_FILES_DIR/custom/wazuh.yml" \
--include "$IN_FILES_DIR/custom/" \
--subset "$IN_FILES_DIR/subset.yml" \
--template-settings "$IN_FILES_DIR/template-settings.json" \
--template-settings-legacy "$IN_FILES_DIR/template-settings-legacy.json" \
Expand Down
8 changes: 5 additions & 3 deletions ecs/vulnerability-detector/event-generator/event_generator.py
Original file line number Diff line number Diff line change
Expand Up @@ -163,7 +163,9 @@ def generate_random_vulnerability():
'temporal': round(random.uniform(0, 10), 1),
'version': round(random.uniform(0, 10), 1)
},
'severity': random.choice(['Low', 'Medium', 'High', 'Critical'])
'severity': random.choice(['Low', 'Medium', 'High', 'Critical']),
'detected_at': generate_random_date(),
'published_at': generate_random_date(),
}
return vulnerability

Expand All @@ -179,7 +181,7 @@ def generate_random_wazuh():
},
'schema': {
'version': '1.7.0'
}
},
}
return wazuh

Expand All @@ -188,7 +190,7 @@ def generate_random_data(number):
data = []
for _ in range(number):
event_data = {
'@timestamp': generate_random_date(),
# '@timestamp': generate_random_date(),
'agent': generate_random_agent(),
# 'ecs': {'version': '1.7.0'},
# 'event': generate_random_event(),
Expand Down
19 changes: 19 additions & 0 deletions ecs/vulnerability-detector/fields/custom/vulnerability.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,19 @@
- name: vulnerability
title: Vulnerability
group: 2
short: Fields to describe the vulnerability relevant to an event.
description: >
The vulnerability fields describe information about a vulnerability that is
relevant to an event.
type: group
fields:
- name: detected_at
type: date
level: custom
description: >
Vulnerability's detection date.
- name: published_at
type: date
level: custom
description: >
Vulnerability's publication date.
2 changes: 1 addition & 1 deletion ecs/vulnerability-detector/fields/custom/wazuh.yml
Original file line number Diff line number Diff line change
Expand Up @@ -23,4 +23,4 @@
type: keyword
level: custom
description: >
Wazuh schema version.
Wazuh schema version.
1 change: 0 additions & 1 deletion ecs/vulnerability-detector/fields/subset.yml
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,6 @@ name: vulnerability_detector
fields:
base:
fields:
"@timestamp": {}
tags: []
message: ""
agent:
Expand Down

0 comments on commit 1229b53

Please sign in to comment.