New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Added selective agent software request in vulnerability-detector #404

Merged
merged 10 commits into from Mar 21, 2018

Conversation

Projects
2 participants
@crolopez
Member

crolopez commented Feb 19, 2018

Description

No vulnerabilities will be checked on packages that have already been scanned, unless no Syscollector scans are detected in a period longer than 24 hours.

The default interval field has changed from 1 day to 1 minute because with this change we can allow a more constant monitoring of the agent software.

Testing

To test the feature, you can launch wazuh-modulesd with -dd. With tail -f ossec.log | grep vulnerability you will see how in the first iteration all the packages that have coincided with any vulnerability, whether they are affected or not, will be displayed. In the next iterations you will no longer see new packages appearing unless the syscollector scan has detected new versions, candidate packages to be vulnerable, or the last scan reported is older than 24 hours.

Update

A new option (ignore_time) which allows to limit the time we will ignore packages that have already been checked has been added.

Added selective agent software request in vulnerability-detector
No vulnerabilities will be checked on packages that have already been scanned, unless no Syscollector scans are detected in a period longer than 24 hours

@crolopez crolopez requested a review from vikman90 Feb 19, 2018

crolopez added some commits Feb 19, 2018

Add ignore_time option to vulnerability-detector wodle
This option allows to limit the time we will ignore packages that have already been checked

@crolopez crolopez self-assigned this Feb 19, 2018

@vikman90 vikman90 added this to To do in Wazuh 3.5 Mar 7, 2018

@vikman90 vikman90 self-assigned this Mar 7, 2018

@crolopez crolopez requested a review from RaulMartinPineda Mar 14, 2018

@vikman90

I refactored "triggered" for "triaged" :)

@vikman90 vikman90 merged commit 4c986c6 into master Mar 21, 2018

Wazuh 3.5 automation moved this from To do to Done Mar 21, 2018

@vikman90

This comment has been minimized.

Show comment
Hide comment
@vikman90
Member

vikman90 commented Mar 21, 2018

GJ @crolopez !!

@crolopez crolopez deleted the dev-vuln-soft-upd branch Mar 22, 2018

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment