Duplicated vulnerabilities when changing agent manager

[juliamagan]

Wazuh version	Component	Install type	Install method	Platform
4.8.0-beta5	Vulnerability Detection and Cluster	Manager	Packages	Ubuntu Jammy

Description

During the tests performed at #22828, one of the tests to be performed was Change agents' manager and install a vulnerable package. In this test it could be seen that when changing the agent manager, the vulnerabilities were duplicated, indicating the same vulnerabilities for the agent from two managers.

Agent ID	Vulnerabilities with the original manager	Vulnerabilities after the change
001	001_vulns_before.json	001_vulns_after.json
002	002_vulns_before.json	002_vulns_after.json

After installing the vulnerable package we can see that the vulnerabilities expected by the package are only reported once.

Steps to reproduce

• Deploy a Wazuh cluster and two agents.
• Enable vulnerability detector in the managers.
• Register the agents to each manager host.
• Wait until feeds are updated.
• Wait until first scan is performed.
• Check the reported vulnerabilities.
• Check that the agents are scanned and the vulnerable packages are detected.
• Change the manager of the agents.
• Wait until the next scan is performed.
• Check the reported vulnerabilities.
• Install a vulnerable package in both agents.
• Wait until the next scan is performed.
• Check that the vulnerable package is detected in both agents

[Dwordcito]

The main part of this issue will be resolved by #23058

For the core team, we expect two things:

• Each manager sends a different index. wazuh-states-vulnerabilities-cluster_name-node_name change this in:

  wazuh/src/wazuh_modules/vulnerability_scanner/src/policyManager/policyManager.hpp

  Line 118 in 60a48dc

  newPolicy["indexer"]["name"] = STATES_VD_INDEX_NAME;

• You have to wait between consecutive bulks from the same manager. -> Use https://opensearch.org/docs/latest/api-reference/document-apis/bulk/#url-parameters refresh = wait_for
  Change this in:

  wazuh/src/shared_modules/indexer_connector/src/indexerConnector.cpp

  Line 166 in 60a48dc

  HTTPRequest::instance().post(

[pereyra-m]

@Dwordcito CC @sebasfalcone

Now the branch has the requested changes implemented.

It was confirmed that indexes are created with the required names (by default and custom).

[Dwordcito]

https://github.com/wazuh/wazuh/tree/fix/22867-duplicated-indexed-vulnerabilities its the branch with the desired changes to test the #23058 development @Selutario