Compliance rule groups to specific XML tag.

[danimegar]

Wazuh version	Component	Install type	Install method	Platform
3.11.0-rev	Ruleset	Manager	Packages/Sources	Linux

Goal

A feature we want to implement is to replace the XML tag 'group' for 'compliance' in rules. Rules XML structure will be as follows:

<rule id="100002" level="3">
    <description> Rule XML structure example.</description>
    <compliance>
      <pci_dss>10.2.5</pci_dss>
      <pci_dss>10.2.2</pci_dss>
      <gpg>13_7.6</gpg>
      <gpg>13_7.8</gpg>
      <gpg>13_7.13</gpg>
      <gdpr>IV_32.2</gdpr>
      <hipaa>164.312.b</hipaa>
      <nist>800_53_AU.3.1</nist>
      <nist>800_53_IA.10</nist>
    </compliance> 
</rule>

Sample of an alert related to this rule:

"rule":{
        "level":3,
        "description":" Rule XML structure example.",
        "id":"100002",
        "compliance":{
                  "pci_dss":["10.2.5","10.2.2"],
                  "gpg":["13_7.6","13_7.8","13_7.13"],
                  "gdpr":["IV_32.2"],
                  "hipaa":["164.312.b"],
                  "nist":["800_53_AU.3.1","800_53_IA.10"]
                    },
           },

Points to consider:

1. Ruleset shall replace group XML tag with compliance XML tags
2. Alerts will include such reference.
3. Wazuh API shall update an endpoint to query the different compliances so that Wazuh App will show the corresponding data for the alerts.

Subtasks

• Update ruleset with compliance XML tag, including documentation.
• Update alerts to show compliance information.
• Update/add an endpoint to the API to query an specific compliance.