forked from mrtc0/wazuh
/
syscheck.go
138 lines (111 loc) · 4.41 KB
/
syscheck.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
package wazuh
import (
"context"
"path"
. "github.com/AtlasInsideCorp/UTMStackCloudWazuhApi/define/syscheck"
)
// Get syscheck files
// Returns the syscheck files of an agent.
// https://documentation.wazuh.com/3.x/user-manual/api/reference.html#get-syscheck-files
func (client *Client) GetSyscheckFiles(agentId string) (*[]SyscheckFiles, error) {
return client.GetSyscheckFilesContext(context.Background(), agentId)
}
func (client *Client) GetSyscheckFilesContext(ctx context.Context, agentId string) (*[]SyscheckFiles, error) {
response, err := GetSyscheckFilesRequest(ctx, client, path.Join("syscheck", agentId))
if err != nil {
return nil, err
}
return &response.Data.Items, nil
}
func GetSyscheckFilesRequest(ctx context.Context, client *Client, path string) (*GetSyscheckFilesResponse, error) {
response := &GetSyscheckFilesResponse{}
err := GetJson(ctx, client, path, response)
if err != nil {
return nil, err
}
return response, nil
}
// Run sys check scan in all agents
// Runs syscheck and rootcheck on all agents (Wazuh launches both processes simultaneously).
// https://documentation.wazuh.com/3.x/user-manual/api/reference.html#id22
func (client *Client) RunSyscheckAllAgents() (*string, error) {
return client.RunSyscheckAllAgentsContext(context.Background())
}
func (client *Client) RunSyscheckAllAgentsContext(ctx context.Context) (*string, error) {
response, err := RunSyscheckAllAgentsRequest(ctx, client, path.Join("syscheck"))
if err != nil {
return nil, err
}
return &response.Data, nil
}
func RunSyscheckAllAgentsRequest(ctx context.Context, client *Client, path string) (*RunSyscheckAllAgentsResponse, error) {
response := &RunSyscheckAllAgentsResponse{}
err := PutJson(ctx, client, path, []byte{}, response)
if err != nil {
return nil, err
}
return response, nil
}
// Run syscheck scan in an agent
// Runs syscheck and rootcheck on an agent (Wazuh launches both processes simultaneously).
// https://documentation.wazuh.com/3.x/user-manual/api/reference.html#run-syscheck-scan-in-an-agent
func (client *Client) RunSyscheckAgent(agentId string) (*string, error) {
return client.RunSyscheckAgentContext(context.Background(), agentId)
}
func (client *Client) RunSyscheckAgentContext(ctx context.Context, agentId string) (*string, error) {
response, err := RunSyscheckAgentRequest(ctx, client, path.Join("syscheck", agentId))
if err != nil {
return nil, err
}
return &response.Data, nil
}
func RunSyscheckAgentRequest(ctx context.Context, client *Client, path string) (*RunSyscheckAgentResponse, error) {
response := &RunSyscheckAgentResponse{}
err := PutJson(ctx, client, path, []byte{}, response)
if err != nil {
return nil, err
}
return response, nil
}
// Get last syscheck scan
// Return the timestamp of the last syscheck scan.
// https://documentation.wazuh.com/3.x/user-manual/api/reference.html#get-last-syscheck-scan
func (client *Client) GetLastSyscheckScan(agentId string) (*LastSyscheckScan, error) {
return client.GetLastSyscheckScanContext(context.Background(), agentId)
}
func (client *Client) GetLastSyscheckScanContext(ctx context.Context, agentId string) (*LastSyscheckScan, error) {
response, err := GetLastSyscheckScanRequest(ctx, client, path.Join("syscheck", agentId, "last_scan"))
if err != nil {
return nil, err
}
return &response.Data, nil
}
func GetLastSyscheckScanRequest(ctx context.Context, client *Client, path string) (*GetLastSyscheckScanResponse, error) {
response := &GetLastSyscheckScanResponse{}
err := GetJson(ctx, client, path, response)
if err != nil {
return nil, err
}
return response, nil
}
// Clear syscheck database of an agent
// Clears the syscheck database for the specified agent.
// https://documentation.wazuh.com/3.x/user-manual/api/reference.html#id20
func (client *Client) ClearSyscheckDatabase(agentId string) (*string, error) {
return client.ClearSyscheckDatabaseContext(context.Background(), agentId)
}
func (client *Client) ClearSyscheckDatabaseContext(ctx context.Context, agentId string) (*string, error) {
response, err := ClearSyscheckDatabaseRequest(ctx, client, path.Join("syscheck", agentId))
if err != nil {
return nil, err
}
return &response.Data, nil
}
func ClearSyscheckDatabaseRequest(ctx context.Context, client *Client, path string) (*ClearSyscheckDatabaseResponse, error) {
response := &ClearSyscheckDatabaseResponse{}
err := DoDelete(ctx, client, path, response)
if err != nil {
return nil, err
}
return response, nil
}