Active-response Kaspersky is not parsing extra_args correctly. #16514
Labels
feed/active response
Active response scripts (not the module)
level/task
module/active response
type/bug
Something isn't working
During testing in the Security flaws issue investigation I found that the
kaspersky.py
script is not parsing the execution arguments correctly when executed fromactive-response
.To make debugging easier I added two logs to show me the variables "args" and "unknown".
Steps to reproduce
Configure the AR:
In the kaspersky AR configuration add the extra_args field with the --custom_flags parameter (this is a valid parameter according to the script).
Restart the wazuh-manager and generates the event that triggers AR
Check log messages:
When verifying the logs, we see, through the variable "args", that the argument --custom_flags could not be parsed, remaining inside the variable "unknown".
Running the script manually(expected behavior);
By running the script manually as follows:
python3 /var/ossec/active-response/bin/kaspersky.py --custom_flags this_is_an_arg
When we check the logs we see that the argument could be parsed correctly:
The text was updated successfully, but these errors were encountered: