Network protocols global queries enhancement #28725

Dwordcito · 2025-03-20T19:09:04Z

Description

This issue aims develop the necessary steps to index the network protocols data with the suggested mapping template.

Expected changes

Add WCS required classes into src/wazuh_modules/inventory_harvester/src/wcsModel using string_views as possible.
Add indexer connector instances into systemInventoryOrchestrator.hpp
Populate required context src/wazuh_modules/inventory_harvester/src/systemInventory/systemContext.hpp minimizing the copies.
Add mapping implementation in src/wazuh_modules/inventory_harvester/src/systemInventory/elements

Expected reflectable json output.

{
  "@timestamp": "2025-03-19T22:05:30.123Z",
  "agent": {
    "host": {
      "architecture": "x86_64",
      "ip": "192.168.1.100"
    },
    "id": "010",
    "name": "agent-10",
    "version": "5.4.0"
  },
  "network": {
    "dhcp": true,
    "gateway": "192.168.1.1",
    "metric": 10,
    "type": "ethernet"
  },
  "observer": {
    "ingress": {
      "interface": {
        "name": "eth0"
      }
    }
  }
}

DoD

Development
Add tests
Documentation

The text was updated successfully, but these errors were encountered:

MiguelazoDS · 2025-03-27T18:26:21Z

Update

The reflactable JSON will have the following format

Where 92245c06b5120c62174799e7f531d4df81619672 is the item_id

{
  "id": "001_92245c06b5120c62174799e7f531d4df81619672",
  "operation": "INSERTED",
  "data": {
    "agent": {
      "ip": "any",
      "id": "001",
      "name": "agent-10",
      "version": "5.4.0"
    },
    "network": {
      "dhcp": true,
      "gateway": "192.168.1.1",
      "metric": 10,
      "type": "ethernet"
    },
    "observer": {
      "ingress": {
        "interface": {
          "name": "eth0"
        }
      }
    }
  }
}

MiguelazoDS · 2025-03-27T23:26:25Z

Update

On hold until finishing the e2e test for hotfixes. This PR still is under development, needs revision and QA tests are not yet implemented

MiguelazoDS · 2025-03-28T21:12:08Z

Update

Implementing QA tests, for some reason the network protocol item_id is empty during the rsync deletion

18:07:58 logger-helper:systemInventoryOrchestrator.hpp:42 run : SystemInventoryOrchestrator::run for agent: '001', operation: '1', component: '3'
18:07:58 logger-helper:upsertElement.hpp:63 handleRequest : UpsertSystemElement::build: {"id":"001_35c9b5749116035dea24e0c8797c8e01358081a0","operation":"INSERTED","data":{"network":{"dhcp":"disabled","gateway":" ","metric":"101","type":"ipv4"},"observer":{"ingress":{"interface":{"name":"eth1"}}},"agent":{"id":"001","name":"centos9","ip":"any","version":"v4.10.1"}}}
18:07:58 logger-helper:systemInventoryOrchestrator.hpp:75 processEvent : SystemInventoryOrchestrator::processEvent finished
18:07:59 logger-helper:systemInventoryOrchestrator.hpp:53 processEvent : SystemInventoryOrchestrator::processEvent
18:07:59 logger-helper:systemInventoryOrchestrator.hpp:42 run : SystemInventoryOrchestrator::run for agent: '001', operation: '0', component: '3'
18:07:59 logger-helper:inventoryHarvesterFacade.cpp:203 operator() : InventoryHarvesterFacade::initSystemEventDispatcher: Network Protocol ID is empty, cannot upsert network protocol element..

MiguelazoDS · 2025-03-31T16:30:56Z

Update

Added QA tests, e2e testing finished. Pending Review

MiguelazoDS · 2025-04-01T18:18:03Z

Update

Failing test.

https://github.com/wazuh/wazuh/actions/runs/14198122236/job/39778236509?pr=28854

Currently the workflows are not working. They are cancelled at the beginning

Dwordcito mentioned this issue Mar 20, 2025

Add Inventory system inventory support (Ports, Hardware, networks, hotfixes) #27899

Open

6 tasks

Dwordcito added type/enhancement New feature or request level/task labels Mar 20, 2025

wazuhci moved this to Triage in XDR+SIEM/Release 4.13.0 Mar 21, 2025

wazuhci added this to XDR+SIEM/Release 4.13.0 Mar 21, 2025

wazuhci moved this from Triage to Backlog in XDR+SIEM/Release 4.13.0 Mar 21, 2025

Dwordcito assigned MiguelazoDS Mar 27, 2025

wazuhci moved this from Backlog to In progress in XDR+SIEM/Release 4.13.0 Mar 27, 2025

MiguelazoDS linked a pull request Mar 27, 2025 that will close this issue

Network protocol global queries #28854

Open

wazuhci moved this from In progress to On hold in XDR+SIEM/Release 4.13.0 Mar 27, 2025

wazuhci moved this from On hold to In progress in XDR+SIEM/Release 4.13.0 Mar 28, 2025

wazuhci moved this from In progress to Pending review in XDR+SIEM/Release 4.13.0 Mar 31, 2025

wazuhci moved this from Pending review to In review in XDR+SIEM/Release 4.13.0 Mar 31, 2025

wazuhci moved this from In review to On hold in XDR+SIEM/Release 4.13.0 Apr 1, 2025

wazuhci moved this from On hold to In progress in XDR+SIEM/Release 4.13.0 Apr 1, 2025

wazuhci moved this from In progress to Pending review in XDR+SIEM/Release 4.13.0 Apr 1, 2025

wazuhci moved this from Pending review to In review in XDR+SIEM/Release 4.13.0 Apr 2, 2025

wazuhci moved this from In review to On hold in XDR+SIEM/Release 4.13.0 Apr 2, 2025

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Network protocols global queries enhancement #28725

Network protocols global queries enhancement #28725

Dwordcito commented Mar 20, 2025 •

edited by MiguelazoDS

Loading

MiguelazoDS commented Mar 27, 2025

MiguelazoDS commented Mar 27, 2025

MiguelazoDS commented Mar 28, 2025

MiguelazoDS commented Mar 31, 2025

MiguelazoDS commented Apr 1, 2025

Network protocols global queries enhancement #28725

Network protocols global queries enhancement #28725

Comments

Dwordcito commented Mar 20, 2025 • edited by MiguelazoDS Loading

Description

Expected changes

Expected reflectable json output.

DoD

MiguelazoDS commented Mar 27, 2025

Update

MiguelazoDS commented Mar 27, 2025

Update

MiguelazoDS commented Mar 28, 2025

Update

MiguelazoDS commented Mar 31, 2025

Update

MiguelazoDS commented Apr 1, 2025

Update

Dwordcito commented Mar 20, 2025 •

edited by MiguelazoDS

Loading