Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update Network Inventory Format #294

Closed
vikman90 opened this issue Nov 13, 2024 · 3 comments · Fixed by #334
Closed

Update Network Inventory Format #294

vikman90 opened this issue Nov 13, 2024 · 3 comments · Fixed by #334
Assignees
@cborla
Labels
level/subtask Subtask issue module/inventory Inventory module mvp Minimum Viable Product refinement type/enhancement Enhancement issue
Milestone
MVP Agent refinement

Comments

@vikman90
Copy link
Member

vikman90 commented Nov 13, 2024
edited
Loading

Parent Issue: #292

Description

Update the network inventory format to comply with the Elastic Common Schema (ECS).

Data Fields

Field Type Example
agent.groups keyword
agent.id keyword
host.ip ip
host.mac keyword
host.network.egress.bytes long
host.network.egress.drops long
host.network.egress.errors long
host.network.egress.packets long
host.network.ingress.bytes long
host.network.ingress.drops long
host.network.ingress.errors long
host.network.ingress.packets long
network.broadcast ip
network.dhcp keyword
network.gateway ip
network.metric long
network.netmask ip
network.protocol keyword
network.type keyword
observer.ingress.interface.alias keyword
observer.ingress.interface.name keyword

Tasks

  • Update the unified network inventory structure (interface, protocol, and address) according to ECS.

Dependencies

References
@vikman90 vikman90 added the mvp Minimum Viable Product refinement label Nov 13, 2024
@vikman90 vikman90 mentioned this issue Nov 13, 2024
Closed
@vikman90 vikman90 added level/task Task issue type/enhancement Enhancement issue module/inventory Inventory module level/subtask Subtask issue and removed level/task Task issue labels Nov 13, 2024
@wazuhci wazuhci moved this to Backlog in XDR+SIEM/Release 5.0.0 Nov 13, 2024
@vikman90 vikman90 mentioned this issue Nov 14, 2024
Closed
@cborla cborla self-assigned this Nov 21, 2024
@wazuhci wazuhci moved this from Backlog to In progress in XDR+SIEM/Release 5.0.0 Nov 21, 2024
@cborla cborla mentioned this issue Nov 21, 2024
Merged
3 tasks
@cborla
Copy link
Member

cborla commented Nov 21, 2024
edited
Loading

Work report

November 21

  • PR created.
  • Adapt configuration tables names wazuh-agent.yml file.

November 21

@cborla
Copy link
Member

cborla commented Nov 22, 2024
edited
Loading

Tables Documentation

@cborla
Copy link
Member

cborla commented Nov 26, 2024
edited
Loading

Adapted table

{
    "id": "aW52ZW50b3J5Om5ldHdvcmtzOmVucDBzMzo6aXB2Njo6ZmU4MDo6MTVjMDo5MzQ4OjNlOTQ6Y2NjNA==",
    "module": "inventory",
    "operation": "create",
    "type": "networks"
}
{
    "@timestamp": "2024/11/27 01:48:43",
    "host":
    {
        "ip":
        [
            "fe80::15c0:9348:3e94:ccc4"
        ],
        "mac": "08:00:27:66:be:1e",
        "network":
        {
            "egress":
            {
                "bytes": 7163859,
                "drops": 0,
                "errors": 0,
                "packets": 81982
            },
            "ingress":
            {
                "bytes": 367712532,
                "drops": 0,
                "errors": 0,
                "packets": 269344
            }
        }
    },
    "interface":
    {
        "mtu": 1500,
        "state": "up",
        "type": "ethernet"
    },
    "network":
    {
        "broadcast":
        [
            ""
        ],
        "dhcp": "unknown",
        "gateway":
        [
            "10.0.2.1"
        ],
        "metric": "",
        "netmask":
        [
            "ffff:ffff:ffff:ffff::"
        ],
        "protocol": "",
        "type": "ipv6"
    },
    "observer":
    {
        "ingress":
        {
            "interface":
            {
                "alias": "",
                "name": "enp0s3"
            }
        }
    }
}

@wazuhci wazuhci moved this from In progress to Done in XDR+SIEM/Release 5.0.0 Nov 27, 2024
@vikman90 vikman90 mentioned this issue Nov 29, 2024
Closed
@vikman90 vikman90 added this to the MVP Agent refinement (I) milestone Jan 15, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@cborla cborla

Labels
level/subtask Subtask issue module/inventory Inventory module mvp Minimum Viable Product refinement type/enhancement Enhancement issue
Projects
XDR+SIEM/Release 5.0.0
Status: Done
Milestone
MVP Agent refinement
Development

Successfully merging a pull request may close this issue.

Update Network Inventory Format wazuh/wazuh-agent
2 participants
@vikman90 @cborla