Create AWS Security Hub Rules

.github/actions/vulnerability_scanner/compile/action.yml

@@ -0,0 +1,37 @@
+name: "Vulnerability Scanner Content generation"
+description: "Executes the vulnerability scanner tools to generate the content and compress it."
+
+runs:
+  using: "composite"
+  steps:
+  # Dependencies
+  - name: Project dependencies
+    uses: ./.github/actions/vulnerability_scanner_deps
+
+  # Router
+  - name: Router - Compilation
+    uses: ./.github/actions/compile_and_test
+    with:
+      path: src/shared_modules/router
+      test: false
+
+  # Indexer connector
+  - name: Indexer connector - Compilation
+    uses: ./.github/actions/compile_and_test
+    with:
+      path: src/shared_modules/indexer_connector
+      test: false
+
+  # Content manager
+  - name: Content manager - Compilation
+    uses: ./.github/actions/compile_and_test
+    with:
+      path: src/shared_modules/content_manager
+      test: false
+
+  # Vulnerability scanner
+  - name: Vulnerability scanner - Compilation
+    uses: ./.github/actions/compile_and_test
+    with:
+      path: src/wazuh_modules/vulnerability_scanner
+      test: false

.github/actions/vulnerability_scanner/content_generation/action.yml

@@ -0,0 +1,82 @@
+name: "Vulnerability Scanner Content generation"
+description: "Executes the vulnerability scanner tools to generate the content and compress it."
+
+inputs:
+  vulnerability_scanner_path:
+    required: true
+    description: "Path to the vulnerability scanner tool"
+    default: src/wazuh_modules/vulnerability_scanner/build/testtool/scanner/vd_scanner_testtool
+
+  config_path:
+    required: true
+    description: "Path to the configuration file"
+    default: src/wazuh_modules/vulnerability_scanner/testtool/scanner/config.content_generation.json
+
+  indexer_template_path:
+    required: true
+    description: "Path to the indexer template file"
+    default: src/wazuh_modules/vulnerability_scanner/indexer/template/index-template.json
+
+  wazuh_version:
+    required: true
+    description: "Identifier for the generated content. The content will be compressed into a file named 'vd_1.0.0_vd_<wazuh_version>.tar.xz'"
+
+runs:
+  using: "composite"
+  steps:
+  - name: Generate Vulnerability Scanner Content
+    run: |
+      VULNERABILITY_SCANNER_PATH=./${{ inputs.vulnerability_scanner_path }}
+      CONFIG_PATH=${{ inputs.config_path }}
+      TEMPLATE_PATH=${{ inputs.indexer_template_path }}
+
+      #TODO: Remove this logic once 4.8.0 is merged into master
+      if [ ! -f "${TEMPLATE_PATH}" ]; then
+        TEMPLATE_PATH=src/wazuh_modules/vulnerability_scanner/indexer/template/legacy-template.json
+      fi
+      # END TODO
+
+      if [ ! -f "${VULNERABILITY_SCANNER_PATH}" ]; then
+        echo "Error: The file '${VULNERABILITY_SCANNER_PATH}' does not exist."
+        exit 1
+      fi
+
+      if [ ! -f "${CONFIG_PATH}" ]; then
+        echo "Error: The file '${CONFIG_PATH}' does not exist."
+        exit 1
+      fi
+
+      if [ ! -f "${TEMPLATE_PATH}" ]; then
+        echo "Error: The file '${TEMPLATE_PATH}' does not exist."
+        exit 1
+      fi
+
+      echo "Running '${TEST_TOOL_PATH}'..."
+      ${VULNERABILITY_SCANNER_PATH} -c ${CONFIG_PATH} -t ${TEMPLATE_PATH} -d
+    shell: bash
+
+  - name: Compress Vulnerability Scanner Content
+    run: |
+      rm -rf queue/indexer
+      rm -rf queue/sockets
+      rm -rf queue/router
+      rm -rf queue/vd_updater/tmp
+      rm -rf queue/vd/reports
+      rm -rf queue/vd/sync
+      rm -rf queue/vd/deltas
+      rm -rf queue/vd/state_track
+      rm -rf queue/keystore
+
+      VD_FILENAME=vd_1.0.0_vd_${{ inputs.wazuh_version }}.tar.xz
+
+      echo "Compressing into '${VD_FILENAME}' ..."
+      tar -cJf ${VD_FILENAME} --owner=0 --group=0 --no-same-owner --no-same-permissions queue
+
+      if [ ! -f "${VD_FILENAME}" ]; then
+        echo "Error: The file '${VD_FILENAME}' doesn't exist or could not be generated."
+        exit 1
+      else
+          echo "File '${VD_FILENAME}' generated successfully."
+          echo "Size of '${VD_FILENAME}': $(du -h "${VD_FILENAME}" | cut -f1)"
+      fi
+    shell: bash

.github/actions/vulnerability_scanner_deps/action.yml

@@ -18,6 +18,12 @@ runs:
           # Update packages
           sudo apt-get update
           sudo apt-get install -y cmake
+
+      - name: General dependencies
+        shell: bash
+        run: |
+          sudo apt-get update
+          sudo apt-get install -y libc6-dbg
 
       - name: Build external deps
         run: |

.github/workflows/integration-tests-analysisd-tier-0-1.yml

@@ -72,9 +72,9 @@ jobs:
       # Download and install integration tests framework.
       - name: Download and install integration tests framework
         run: |
-          if [ "X`git ls-remote --heads https://github.com/wazuh/qa-integration-framework.git ${BRANCH_NAME}`" != "X" ]; then
+          if [ "X`git ls-remote https://github.com/wazuh/qa-integration-framework.git ${BRANCH_NAME}`" != "X" ]; then
               QA_BRANCH=${BRANCH_NAME}
-          elif [ "X`git ls-remote --heads https://github.com/wazuh/qa-integration-framework.git ${BRANCH_BASE}`" != "X" ]; then
+          elif [ "X`git ls-remote https://github.com/wazuh/qa-integration-framework.git ${BRANCH_BASE}`" != "X" ]; then
               QA_BRANCH=${BRANCH_BASE}
           else
               QA_BRANCH="main"

.github/workflows/integration-tests-analysisd-tier-2.yml

@@ -61,9 +61,9 @@ jobs:
       # Download and install integration tests framework.
       - name: Download and install integration tests framework
         run: |
-          if [ "X`git ls-remote --heads https://github.com/wazuh/qa-integration-framework.git ${BRANCH_NAME}`" != "X" ]; then
+          if [ "X`git ls-remote https://github.com/wazuh/qa-integration-framework.git ${BRANCH_NAME}`" != "X" ]; then
               QA_BRANCH=${BRANCH_NAME}
-          elif [ "X`git ls-remote --heads https://github.com/wazuh/qa-integration-framework.git ${BRANCH_BASE}`" != "X" ]; then
+          elif [ "X`git ls-remote https://github.com/wazuh/qa-integration-framework.git ${BRANCH_BASE}`" != "X" ]; then
               QA_BRANCH=${BRANCH_BASE}
           else
               QA_BRANCH="main"

.github/workflows/integration-tests-api-tier-0-1.yml

@@ -68,9 +68,9 @@ jobs:
       # Download and install integration tests framework.
       - name: Download and install integration tests framework
         run: |
-          if [ "X`git ls-remote --heads https://github.com/wazuh/qa-integration-framework.git ${BRANCH_NAME}`" != "X" ]; then
+          if [ "X`git ls-remote https://github.com/wazuh/qa-integration-framework.git ${BRANCH_NAME}`" != "X" ]; then
               QA_BRANCH=${BRANCH_NAME}
-          elif [ "X`git ls-remote --heads https://github.com/wazuh/qa-integration-framework.git ${BRANCH_BASE}`" != "X" ]; then
+          elif [ "X`git ls-remote https://github.com/wazuh/qa-integration-framework.git ${BRANCH_BASE}`" != "X" ]; then
               QA_BRANCH=${BRANCH_BASE}
           else
               QA_BRANCH="main"

.github/workflows/integration-tests-api-tier-2.yml

@@ -61,9 +61,9 @@ jobs:
       # Download and install integration tests framework.
       - name: Download and install integration tests framework
         run: |
-          if [ "X`git ls-remote --heads https://github.com/wazuh/qa-integration-framework.git ${BRANCH_NAME}`" != "X" ]; then
+          if [ "X`git ls-remote https://github.com/wazuh/qa-integration-framework.git ${BRANCH_NAME}`" != "X" ]; then
               QA_BRANCH=${BRANCH_NAME}
-          elif [ "X`git ls-remote --heads https://github.com/wazuh/qa-integration-framework.git ${BRANCH_BASE}`" != "X" ]; then
+          elif [ "X`git ls-remote https://github.com/wazuh/qa-integration-framework.git ${BRANCH_BASE}`" != "X" ]; then
               QA_BRANCH=${BRANCH_BASE}
           else
               QA_BRANCH="main"

.github/workflows/integration-tests-execd-tier-0-1-lin.yml

@@ -70,9 +70,9 @@ jobs:
       # Download and install integration tests framework.
       - name: Download and install integration tests framework
         run: |
-          if [ "X`git ls-remote --heads https://github.com/wazuh/qa-integration-framework.git ${BRANCH_NAME}`" != "X" ]; then
+          if [ "X`git ls-remote https://github.com/wazuh/qa-integration-framework.git ${BRANCH_NAME}`" != "X" ]; then
               QA_BRANCH=${BRANCH_NAME}
-          elif [ "X`git ls-remote --heads https://github.com/wazuh/qa-integration-framework.git ${BRANCH_BASE}`" != "X" ]; then
+          elif [ "X`git ls-remote https://github.com/wazuh/qa-integration-framework.git ${BRANCH_BASE}`" != "X" ]; then
               QA_BRANCH=${BRANCH_BASE}
           else
               QA_BRANCH="main"

.github/workflows/integration-tests-execd-tier-0-1-win.yml

@@ -87,9 +87,9 @@ jobs:
       # Download and install integration tests framework.
       - name: Download and install qa-integration-framework
         run: |
-          if (git ls-remote --heads https://github.com/wazuh/qa-integration-framework.git $env:BRANCH_NAME) {
+          if (git ls-remote https://github.com/wazuh/qa-integration-framework.git $env:BRANCH_NAME) {
               $QA_BRANCH = $env:BRANCH_NAME
-          } elseif (git ls-remote --heads https://github.com/wazuh/qa-integration-framework.git $env:BRANCH_BASE) {
+          } elseif (git ls-remote https://github.com/wazuh/qa-integration-framework.git $env:BRANCH_BASE) {
               $QA_BRANCH = $env:BRANCH_BASE
           } else {
               $QA_BRANCH = "main"

.github/workflows/integration-tests-fim-tier-0-1-macos.yml

@@ -22,7 +22,7 @@ jobs:
     env:
       BRANCH_NAME: ${{ github.head_ref || github.ref_name }}
       BRANCH_BASE: ${{ github.base_ref || inputs.base_branch }}
-    runs-on: macos-latest
+    runs-on: macos-13
     steps:
       - name: Checkout Repo
         uses: actions/checkout@v3

.github/workflows/integration-tests-github-tier-0-1-lin.yml

@@ -70,9 +70,9 @@ jobs:
       # Download and install integration tests framework.
       - name: Download and install integration tests framework
         run: |
-          if [ "X`git ls-remote --heads https://github.com/wazuh/qa-integration-framework.git ${BRANCH_NAME}`" != "X" ]; then
+          if [ "X`git ls-remote https://github.com/wazuh/qa-integration-framework.git ${BRANCH_NAME}`" != "X" ]; then
               QA_BRANCH=${BRANCH_NAME}
-          elif [ "X`git ls-remote --heads https://github.com/wazuh/qa-integration-framework.git ${BRANCH_BASE}`" != "X" ]; then
+          elif [ "X`git ls-remote https://github.com/wazuh/qa-integration-framework.git ${BRANCH_BASE}`" != "X" ]; then
               QA_BRANCH=${BRANCH_BASE}
           else
               QA_BRANCH="main"

.github/workflows/integration-tests-github-tier-0-1-win.yml

@@ -87,9 +87,9 @@ jobs:
       # Download and install integration tests framework.
       - name: Download and install qa-integration-framework
         run: |
-          if (git ls-remote --heads https://github.com/wazuh/qa-integration-framework.git $env:BRANCH_NAME) {
+          if (git ls-remote https://github.com/wazuh/qa-integration-framework.git $env:BRANCH_NAME) {
               $QA_BRANCH = $env:BRANCH_NAME
-          } elseif (git ls-remote --heads https://github.com/wazuh/qa-integration-framework.git $env:BRANCH_BASE) {
+          } elseif (git ls-remote https://github.com/wazuh/qa-integration-framework.git $env:BRANCH_BASE) {
               $QA_BRANCH = $env:BRANCH_BASE
           } else {
               $QA_BRANCH = "main"

.github/workflows/integration-tests-logcollector-tier-0-1-macos.yml

@@ -22,7 +22,7 @@ jobs:
     env:
       BRANCH_NAME: ${{ github.head_ref || github.ref_name }}
       BRANCH_BASE: ${{ github.base_ref || inputs.base_branch }}
-    runs-on: macos-latest
+    runs-on: macos-13
     steps:
       - name: Checkout Repo
         uses: actions/checkout@v3

.github/workflows/integration-tests-msgraph-tier-0-1-lin.yml

@@ -80,9 +80,9 @@ jobs:
       # Download and install integration tests framework.
       - name: Download and install integration tests framework
         run: |
-          if [ "X`git ls-remote --heads https://github.com/wazuh/qa-integration-framework.git ${BRANCH_NAME}`" != "X" ]; then
+          if [ "X`git ls-remote https://github.com/wazuh/qa-integration-framework.git ${BRANCH_NAME}`" != "X" ]; then
               QA_BRANCH=${BRANCH_NAME}
-          elif [ "X`git ls-remote --heads https://github.com/wazuh/qa-integration-framework.git ${BRANCH_BASE}`" != "X" ]; then
+          elif [ "X`git ls-remote https://github.com/wazuh/qa-integration-framework.git ${BRANCH_BASE}`" != "X" ]; then
               QA_BRANCH=${BRANCH_BASE}
           else
               QA_BRANCH="main"

.github/workflows/integration-tests-office365-tier-0-1-lin.yml

@@ -70,9 +70,9 @@ jobs:
       # Download and install integration tests framework.
       - name: Download and install integration tests framework
         run: |
-          if [ "X`git ls-remote --heads https://github.com/wazuh/qa-integration-framework.git ${BRANCH_NAME}`" != "X" ]; then
+          if [ "X`git ls-remote https://github.com/wazuh/qa-integration-framework.git ${BRANCH_NAME}`" != "X" ]; then
               QA_BRANCH=${BRANCH_NAME}
-          elif [ "X`git ls-remote --heads https://github.com/wazuh/qa-integration-framework.git ${BRANCH_BASE}`" != "X" ]; then
+          elif [ "X`git ls-remote https://github.com/wazuh/qa-integration-framework.git ${BRANCH_BASE}`" != "X" ]; then
               QA_BRANCH=${BRANCH_BASE}
           else
               QA_BRANCH="main"

.github/workflows/integration-tests-office365-tier-0-1-win.yml

@@ -87,9 +87,9 @@ jobs:
       # Download and install integration tests framework.
       - name: Download and install qa-integration-framework
         run: |
-          if (git ls-remote --heads https://github.com/wazuh/qa-integration-framework.git $env:BRANCH_NAME) {
+          if (git ls-remote https://github.com/wazuh/qa-integration-framework.git $env:BRANCH_NAME) {
               $QA_BRANCH = $env:BRANCH_NAME
-          } elseif (git ls-remote --heads https://github.com/wazuh/qa-integration-framework.git $env:BRANCH_BASE) {
+          } elseif (git ls-remote https://github.com/wazuh/qa-integration-framework.git $env:BRANCH_BASE) {
               $QA_BRANCH = $env:BRANCH_BASE
           } else {
               $QA_BRANCH = "main"

.github/workflows/integration-tests-rbac-tier-0-1.yml

@@ -68,9 +68,9 @@ jobs:
       # Download and install integration tests framework.
       - name: Download and install integration tests framework
         run: |
-          if [ "X`git ls-remote --heads https://github.com/wazuh/qa-integration-framework.git ${BRANCH_NAME}`" != "X" ]; then
+          if [ "X`git ls-remote https://github.com/wazuh/qa-integration-framework.git ${BRANCH_NAME}`" != "X" ]; then
               QA_BRANCH=${BRANCH_NAME}
-          elif [ "X`git ls-remote --heads https://github.com/wazuh/qa-integration-framework.git ${BRANCH_BASE}`" != "X" ]; then
+          elif [ "X`git ls-remote https://github.com/wazuh/qa-integration-framework.git ${BRANCH_BASE}`" != "X" ]; then
               QA_BRANCH=${BRANCH_BASE}
           else
               QA_BRANCH="main"

.github/workflows/integration-tests-vulnerability_detector-tier-0-1.yml

@@ -70,9 +70,9 @@ jobs:
       # Download and install integration tests framework.
       - name: Download and install integration tests framework
         run: |
-          if [ "X`git ls-remote --heads https://github.com/wazuh/qa-integration-framework.git ${BRANCH_NAME}`" != "X" ]; then
+          if [ "X`git ls-remote https://github.com/wazuh/qa-integration-framework.git ${BRANCH_NAME}`" != "X" ]; then
               QA_BRANCH=${BRANCH_NAME}
-          elif [ "X`git ls-remote --heads https://github.com/wazuh/qa-integration-framework.git ${BRANCH_BASE}`" != "X" ]; then
+          elif [ "X`git ls-remote https://github.com/wazuh/qa-integration-framework.git ${BRANCH_BASE}`" != "X" ]; then
               QA_BRANCH=${BRANCH_BASE}
           else
               QA_BRANCH="main"

.github/workflows/integration-tests-vulnerability_detector-tier-2.yml

@@ -61,9 +61,9 @@ jobs:
       # Download and install integration tests framework.
       - name: Download and install integration tests framework
         run: |
-          if [ "X`git ls-remote --heads https://github.com/wazuh/qa-integration-framework.git ${BRANCH_NAME}`" != "X" ]; then
+          if [ "X`git ls-remote https://github.com/wazuh/qa-integration-framework.git ${BRANCH_NAME}`" != "X" ]; then
               QA_BRANCH=${BRANCH_NAME}
-          elif [ "X`git ls-remote --heads https://github.com/wazuh/qa-integration-framework.git ${BRANCH_BASE}`" != "X" ]; then
+          elif [ "X`git ls-remote https://github.com/wazuh/qa-integration-framework.git ${BRANCH_BASE}`" != "X" ]; then
               QA_BRANCH=${BRANCH_BASE}
           else
               QA_BRANCH="main"

.github/workflows/scan-build.yml

@@ -63,7 +63,7 @@ jobs:
         run: exit 1
 
   scan-build-macos-agent:
-    runs-on: macos-latest
+    runs-on: macos-13
     steps:
       - uses: actions/checkout@v3
       - name: Install dependencies