Skip to content

mrtc0/wazuh-ruby-client

master
Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
Code

Latest commit

 

Git stats

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
 
 
lib
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Wazuh Ruby Client

License: MIT Yard Docs

A Ruby client for the wazuh APIs.

Installation

Add this line to your application's Gemfile:

gem 'wazuh-ruby-client'

Usage

Wazuh.configure do |config|
  config.endpoint = "https://wazuh.local:55000"
  config.basic_user = "foo"
  config.basic_password = "bar"
  config.verify_ssl = false
  # if you are using the Wazuh version 4
  # config.api_version = 4
end

client = Wazuh::Client.new
client.all_agents
# => {"error"=>0, "data"=>{"items"=>[{"os"=>{"arch"=>"x86_64", "codename"=>"Xenial Xerus", "major"=>"16", "minor"=>"04", "name"=>"Ubuntu", "platform"=>"ubuntu", "uname"=>"Linux |wazuh-manager-master-0 |4.14.138+ |#1 SMP Tue Sep 3 02:58:08 PDT 2019 |x86_64", "version"=>"16.04.6 LTS"}, "status"=>"Active", "name"=>"wazuh-manager-master-0", "registerIP"=>"127.0.0.1", "manager"=>"wazuh-manager-master-0", "dateAdd"=>"2020-01-07 16:13:05", "ip"=>"127.0.0.1", "node_name"=>"wazuh-manager-master", "version"=>"Wazuh v3.11.1", "lastKeepAlive"=>"9999-12-31 23:59:59", "id"=>"000"}], "totalItems"=>1}}

Authorization

Set basic_user and basic_password for basic authentication.
If you using self-signed certificate, verify_ssl must be set to false .

Wazuh.configure do |config|
  config.endpoint = "https://wazuh.local:55000"
  config.basic_user = "foo"
  config.basic_password = "bar"
  config.verify_ssl = false
end

If you are using client certificate authentication, set client_key and client_cert .

require 'openssl'

Wazuh.configure do |config|
  config.endpoint = "https://wazuh.local:55000"
  config.client_key = OpenSSL::PKey::RSA.new(File.read("./wazuh.key"))
  config.client_cert = OpenSSL::X509::Certificate.new(File.read("./wazuh.crt"))
end

Global Settings

The following global settings are supported via Wazuh.configure .

setting description
user_agent User-Agent
ca_file CA file (if use Client Certificate Authentication and specify CA file)
client_cert Client certificate (if use Client Certificate Authentication)
client_key Client Key (if use Client Certificate Authentication)
basic_user Basic Authentication user name
basic_password Basic Authentication password
verify_ssl Skip the SSL/TLS verify
logger loggeer object
endpoint Wazuh API endpoint URL
ignore_env_proxy Ignores ENV proxy settings
api_version Wazuh API Version (3 or 4)

Agents

Get all agents list.

> client.all_agents
=> [
      {
        :os=>{
          :arch=>"x86_64",
          :codename=>"Xenial Xerus",
          :major=>"16",
          :minor=>"04",
          :name=>"Ubuntu",
          :platform=>"ubuntu",
          :uname=>"Linux |wazuh-manager |4.15.0-60-generic |#67-Ubuntu SMP Thu Aug 22 16:55:30 UTC 2019 |x86_64",
          :version=>"16.04.6 LTS"
        },
        :manager=>"wazuh-manager",
        :id=>"000",
        :registerIP=>"127.0.0.1",
        :name=>"wazuh-manager",
        :version=>"Wazuh v3.11.0",
        :ip=>"127.0.0.1",
        :dateAdd=>"2020-01-27 17:02:18",
        :status=>"Active",
        :lastKeepAlive=>"9999-12-31 23:59:59",
        :node_name=>"wazuh-master-1"
      },
      ...
  ]

> agents.first.os.name
=> "Ubuntu"

> agents.first.id
=> "000"

filter by options. (see https://mrtc0.github.io/wazuh-ruby-client/Wazuh/Api/Endpoints/Agents.html#all_agents-instance_method )

# Filter by status is active
> client.all_agents({ status: 'active' })
# Filter by agent os.name is ubuntu
> client.all_agents({ 'os.name' => 'ubuntu' })

Syscollector

List agent's packages.

> client.packages('000').map { |package| package.name }
=> ["python-apt-common",
 "python-idna",
 "libedit2",
 "libncurses5",
 "libpam-runtime",
 "python3.5",
 "libgsasl7",
 "vim-tiny",
 ...

List agents' processes.

> client.packages('000').map { |package| package.name }
=> ["entrypoint.sh",
 "my_init",
 "syslog-ng",
 "runsvdir",
 "runsv",
 ...

Vulnerability

> client.vulnerabilities('000')
=> [{:architecture=>"amd64", :cve=>"CVE-2016-4802", :name=>"curl", :version=>"7.47.0-1ubuntu2.14"}, {:architecture=>"amd64", :cve=>"CVE-2016-8620", :name=>"curl", :version=>"7.47.0-1ubun...

Other

wazuh-ruby-client is supports some of the Wazuh API.
The v4 API is not yet supported.

  • Active Response
  • Agents
  • Cache
  • Ciscat
  • Cluster
  • Decoders
  • Experimental
  • Groups
  • Lists
  • Logtest
  • Mitre
  • Manager
  • Rootcheck
  • Rules
  • Security
  • Security Configuration Assessment
  • Summary
  • Syscheck
  • Syscollector
  • Tasks
  • Vulnerability

Refer to the document of wazuh-ruby-client and Wazuh API Reference for the list of all available methods.

Contributing

Bug reports and pull requests are welcome on GitHub at https://github.com/mrtc0/wazuh-ruby-client.

Copyright and License

Copyright (c) 2015-2019, Kohei Morita

This project is licensed under the MIT License .

About

Wazuh API client for Ruby

Topics

Resources

License

Security policy

Stars

Watchers

Forks

Sponsor this project

Packages

No packages published

Languages