Skip to content

Commit

Permalink
Merge 4.10.1 into 4.10.2 (#473)
Browse files Browse the repository at this point in the history
* Merge 4.10.0 into 4.10.1 (#470)

* Upgrade integrations to the last version (#447)

* Upgrade third-party integrations to latest product versions (#368)

* Upgrade third-party integrations to latest product versions

* Improve comtability matrix

* Change versions in /integrations/.env

Signed-off-by: Malena Casas <[email protected]>

* Fix Splunk integrations (#362)

* Add table with the version of the integrations

* Update CHANGELOG.md

Signed-off-by: Álex Ruiz <[email protected]>

---------

Signed-off-by: Malena Casas <[email protected]>
Signed-off-by: Álex Ruiz <[email protected]>
Co-authored-by: Álex Ruiz <[email protected]>
Co-authored-by: JuanGarriuz <[email protected]>

* Merge 4.9.1 into 4.10.0 (#454)

* Prepare 4.9.1-rc2 (#436)

* Update docker/README.md (#438)

* Support new stage 4.9.1-rc3 (#443)

* Update operational--integrations_maintenance_request.md (#449)

Signed-off-by: Álex Ruiz <[email protected]>

---------

Signed-off-by: Álex Ruiz <[email protected]>

* Fix Github Actions build process dependency errors (#457)

* Switch from latest to 22.04 runner

* Remove non-existant packages from workflow provisioner

* Remove freeglut3 from provision.sh

* Update calendarTime and scan_date fields type (#458)

* Merge 4.9.1 into 4.10.0 (#469)

* Support for v4.9.1-alpha4 (#461)

* Prepare final release notes for 4.9.1

---------

Signed-off-by: Malena Casas <[email protected]>
Signed-off-by: Álex Ruiz <[email protected]>
Co-authored-by: Malena Casas <[email protected]>
Co-authored-by: JuanGarriuz <[email protected]>
Co-authored-by: Fede Galland <[email protected]>
Co-authored-by: Kevin Ledesma <[email protected]>

* Fix release date for 4.10.0 in RPM spec file

* Fix release date for 4.10.0 in RPM spec file

---------

Signed-off-by: Malena Casas <[email protected]>
Signed-off-by: Álex Ruiz <[email protected]>
Co-authored-by: Malena Casas <[email protected]>
Co-authored-by: JuanGarriuz <[email protected]>
Co-authored-by: Fede Galland <[email protected]>
Co-authored-by: Kevin Ledesma <[email protected]>
  • Loading branch information
5 people authored Oct 17, 2024
1 parent abe5f5f commit e6e60cd
Show file tree
Hide file tree
Showing 17 changed files with 72 additions and 101 deletions.
Original file line number Diff line number Diff line change
@@ -0,0 +1,30 @@
---
name: Integrations maintenance request
about: Used by the Indexer team to maintain third-party software integrations and track the results.
title: Integrations maintenance request
labels: level/task, request/operational, type/maintenance
assignees: ""
---

## Description

The Wazuh Indexer team is responsible for the maintenance of the third-party integrations hosted in the wazuh/wazuh-indexer repository. We must ensure these integrations work under new releases of the third-party software (Splunk, Elastic, Logstash, …) and our own.

For that, we need to:

- [ ] Create a pull request that upgrades the components to the latest version.
- [ ] Update our testing environments to verify the integrations work under new versions.
- [ ] Test the integrations, checking that:
- The Docker Compose project starts without errors.
- The data arrives to the destination.
- All the dashboards can be imported successfully.
- All the dashboards are populated with data.
- [ ] Finally, upgrade the compatibility matrix in integrations/README.md with the new versions.

> [!NOTE]
> * For Logstash, we use the logstash-oss image.
> * For Wazuh Indexer and Wazuh Dashboard, we use the opensearch and opensearch-dashboards images. These must match the opensearch version that we support (e.g: for Wazuh 4.9.0 it is OpenSearch 2.13.0).
## Issues

- _List here the detected issues_
1 change: 1 addition & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
### Dependencies

### Changed
- Upgrade third-party integrations to the latest versions ([#447](https://github.com/wazuh/wazuh-indexer/pull/447))

### Deprecated

Expand Down
6 changes: 3 additions & 3 deletions distribution/packages/src/rpm/wazuh-indexer.rpm.spec
Original file line number Diff line number Diff line change
Expand Up @@ -268,11 +268,11 @@ exit 0
%changelog
* Tue Feb 20 2025 support <[email protected]> - 4.10.2
- More info: https://documentation.wazuh.com/current/release-notes/release-4-10-2.html
* Fri Nov 06 2024 support <[email protected]> - 4.10.1
* Tue Jan 28 2025 support <[email protected]> - 4.10.1
- More info: https://documentation.wazuh.com/current/release-notes/release-4-10-1.html
* Mon Sep 23 2024 support <[email protected]> - 4.10.0
* Tue Nov 26 2024 support <[email protected]> - 4.10.0
- More info: https://documentation.wazuh.com/current/release-notes/release-4-10-0.html
* Fri Sep 20 2024 support <[email protected]> - 4.9.1
* Tue Oct 15 2024 support <[email protected]> - 4.9.1
- More info: https://documentation.wazuh.com/current/release-notes/release-4-9-1.html
* Thu Aug 15 2024 support <[email protected]> - 4.9.0
- More info: https://documentation.wazuh.com/current/release-notes/release-4-9-0.html
Expand Down
61 changes: 11 additions & 50 deletions docker/README.md
Original file line number Diff line number Diff line change
@@ -1,55 +1,19 @@
# Indexer development environments
# Docker environments

Install [Docker Desktop][docker-desktop] as per its instructions, available for Windows, Mac
and Linux (Ubuntu, Debian & Fedora).
This ensures that the development experience between Linux, Mac and Windows is as
similar as possible.

> IMPORTANT: be methodic during the installation of Docker Desktop, and proceed
> step by step as described in their documentation. Make sure that your system
> meets the system requirements before installing Docker Desktop, and read any
> post-installation note, specially on Linux: [Differences between
> Docker Desktop for Linux and Docker Engine][docker-variant].
Multipurpose Docker environments to run, test and build `wazuh-indexer`.

## Pre-requisites

1. Assign resources to [Docker Desktop][docker-desktop]. The requirements for the
environments are:
1. Install [Docker][docker] as per its instructions.

1. Your workstation must meet the minimum hardware requirements:

- 8 GB of RAM (minimum)
- 4 cores

The more resources the better ☺

2. Clone the [wazuh-indexer][wi-repo].

3. Set up user permissions

The Docker volumes will be created by the internal Docker user, making them
read-only. To prevent this, a new group named `docker-desktop` and GUID 100999
needs to be created, then added to your user and the source code folder:

```bash
sudo groupadd -g 100999 docker-desktop
sudo useradd -u 100999 -g 100999 -M docker-desktop
sudo chown -R docker-desktop:docker-desktop $WZD_HOME
sudo usermod -aG docker-desktop $USER
```

## Understanding Docker contexts

Before we begin starting Docker containers, we need to understand the
differences between Docker Engine and Docker Desktop, more precisely, that the
use different contexts.

Carefully read these two sections of the Docker documentation:

- [Differences between Docker Desktop for Linux and Docker Engine][docker-variant].
- [Switch between Docker Desktop and Docker Engine][docker-context].

Docker Desktop will change to its context automatically at start, so be sure
that any existing Docker container using the default context is **stopped**
before starting Docker Desktop and any of the environments in this folder.
1. Clone the [wazuh-indexer][wi-repo].

## Development environments

Expand All @@ -61,27 +25,24 @@ Example:
Usage: ./dev.sh {up|down|stop}
```

Once the `wi-dev:x.y.z` container is up, attach a shell to it and run `./gradlew run`
to start the application.
Once the `wi-dev:x.y.z` container is up, attach a shell to it and run `./gradlew run` to start the application.

## Containers to generate packages

Use the `ci/ci.sh` script to start provisioned containers to generate packages.

```bash
Usage: ./ci.sh {up|down|stop} [ci]
Usage: ./ci.sh {up|down|stop}
```

Refer to [scripts/README.md](../scripts/README.md) for details about how to build packages.
Refer to [packaging_scripts/README.md](../packaging_scripts/README.md) for details about how to build packages.

[docker-desktop]: https://docs.docker.com/get-docker
[docker-variant]: https://docs.docker.com/desktop/install/linux-install/#differences-between-docker-desktop-for-linux-and-docker-engine
[docker-context]: https://docs.docker.com/desktop/install/linux-install/#context
[docker]: https://docs.docker.com/engine/install
[wi-repo]: https://github.com/wazuh/wazuh-indexer

## Building Docker images

The [prod](./prod) folder contains the code to build Docker images. A tarball of `wazuh-indexer` needs to be located at the same level that the Dockerfile. Below there is example of the command needed to build the image. Set the build arguments and the image tag accordingly.
The [prod](./prod) folder contains the code to build Docker images. A tarball of `wazuh-indexer` needs to be located at the same level that the Dockerfile. Below there is an example of the command needed to build the image. Set the build arguments and the image tag accordingly.

```console
docker build --build-arg="VERSION=4.10.2" --build-arg="INDEXER_TAR_NAME=wazuh-indexer-4.10.2-1_linux-x64_cfca84f.tar.gz" --tag=wazuh-indexer:4.10.2 --progress=plain --no-cache .
Expand Down
2 changes: 0 additions & 2 deletions docker/ci/ci.yml
Original file line number Diff line number Diff line change
@@ -1,5 +1,3 @@
version: "3.9"

services:
# Essentially wi-dev, but doesn't expose port 9200
wi-build:
Expand Down
2 changes: 0 additions & 2 deletions docker/dev/dev.yml
Original file line number Diff line number Diff line change
@@ -1,5 +1,3 @@
version: "3.9"

services:
wi-dev:
image: wi-dev:${VERSION}
Expand Down
7 changes: 7 additions & 0 deletions integrations/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -24,3 +24,10 @@ We host development environments to support the following integrations:
- [Splunk](./splunk/README.md).
- [Elasticsearch](./elastic/README.md).
- [OpenSearch](./opensearch/README.md).

**Compatibility matrix**

| | Wazuh | Logstash | OpenSearch | Elastic | Splunk |
| -------------- | ----- | -------- | ---------- | ------- | ------ |
| v1.0 | 4.8.1 | 8.9.0 | 2.14.0 | 8.14.3 | 9.1.4 |
| Latest version | 4.9.0 | 8.9.0 | 2.17.1 | 8.15.2 | 9.3.1 |
12 changes: 6 additions & 6 deletions integrations/docker/.env
Original file line number Diff line number Diff line change
Expand Up @@ -20,25 +20,25 @@ KIBANA_PORT=5602
MEM_LIMIT=1073741824

# Wazuh version
WAZUH_VERSION=4.8.1
WAZUH_VERSION=4.9.0

# Wazuh Indexer version (Provisionally using OpenSearch)
WAZUH_INDEXER_VERSION=2.14.0
WAZUH_INDEXER_VERSION=2.13.0

# Wazuh Dashboard version (Provisionally using OpenSearch Dashboards)
WAZUH_DASHBOARD_VERSION=2.14.0
WAZUH_DASHBOARD_VERSION=2.13.0

# Wazuh certs generator version
WAZUH_CERTS_GENERATOR_VERSION=0.0.1

# OpenSearch destination cluster version
OS_VERSION=2.14.0
OS_VERSION=2.17.1

# Logstash version:
LOGSTASH_OSS_VERSION=8.9.0

# Splunk version:
SPLUNK_VERSION=9.1.4
SPLUNK_VERSION=9.3.1

# Version of Elastic products
STACK_VERSION=8.14.3
STACK_VERSION=8.15.2
4 changes: 2 additions & 2 deletions integrations/opensearch/dashboards.ndjson

Large diffs are not rendered by default.

6 changes: 1 addition & 5 deletions integrations/splunk/wazuh-amazon-aws
Original file line number Diff line number Diff line change
Expand Up @@ -83,11 +83,7 @@
"type": "input.timerange",
"options": {
"token": "global_time",
"defaultValue": "-60m@m,now",
"queryParameters": {
"latest": "$global_time.latest$",
"earliest": "$global_time.earliest$"
}
"defaultValue": "-60m@m,now"
},
"title": "Global Time Range"
}
Expand Down
6 changes: 1 addition & 5 deletions integrations/splunk/wazuh-incident-response
Original file line number Diff line number Diff line change
Expand Up @@ -82,11 +82,7 @@
"type": "input.timerange",
"options": {
"token": "global_time",
"defaultValue": "-60m@m,now",
"queryParameters": {
"latest": "$global_time.latest$",
"earliest": "$global_time.earliest$"
}
"defaultValue": "-60m@m,now"
},
"title": "Global Time Range"
}
Expand Down
6 changes: 1 addition & 5 deletions integrations/splunk/wazuh-malware-detection
Original file line number Diff line number Diff line change
Expand Up @@ -83,11 +83,7 @@
"type": "input.timerange",
"options": {
"token": "global_time",
"defaultValue": "-60m@m,now",
"queryParameters": {
"latest": "$global_time.latest$",
"earliest": "$global_time.earliest$"
}
"defaultValue": "-60m@m,now"
},
"title": "Global Time Range"
}
Expand Down
8 changes: 2 additions & 6 deletions integrations/splunk/wazuh-pci-dss
Original file line number Diff line number Diff line change
Expand Up @@ -83,11 +83,7 @@
"type": "input.timerange",
"options": {
"token": "global_time",
"defaultValue": "-60m@m,now",
"queryParameters": {
"latest": "$global_time.latest$",
"earliest": "$global_time.earliest$"
}
"defaultValue": "-60m@m,now"
},
"title": "Global Time Range"
}
Expand Down Expand Up @@ -133,4 +129,4 @@
},
"description": "",
"title": "wazuh-pci-dss-v1.0"
}
}
8 changes: 2 additions & 6 deletions integrations/splunk/wazuh-security-events
Original file line number Diff line number Diff line change
Expand Up @@ -203,11 +203,7 @@
"type": "input.timerange",
"options": {
"token": "global_time",
"defaultValue": "-60m@m,now",
"queryParameters": {
"latest": "$global_time.latest$",
"earliest": "$global_time.earliest$"
}
"defaultValue": "-60m@m,now"
},
"title": "Global Time Range"
}
Expand Down Expand Up @@ -293,4 +289,4 @@
},
"description": "",
"title": "wazuh-security-events-v1.0"
}
}
6 changes: 1 addition & 5 deletions integrations/splunk/wazuh-vulnerabilities
Original file line number Diff line number Diff line change
Expand Up @@ -178,11 +178,7 @@
"type": "input.timerange",
"options": {
"token": "global_time",
"defaultValue": "-60m@m,now",
"queryParameters": {
"latest": "$global_time.latest$",
"earliest": "$global_time.earliest$"
}
"defaultValue": "-60m@m,now"
},
"title": "Global Time Range"
}
Expand Down
4 changes: 2 additions & 2 deletions packaging_scripts/provision.sh
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,6 @@
# Install necessary packages
apt-get update -y && apt-get upgrade -y && apt-get install -y curl build-essential &&
apt-get install -y debmake debhelper-compat &&
apt-get install -y libxrender1 libxtst6 libasound2 libxi6 libgconf-2-4 &&
apt-get install -y libatk1.0-0 libatk-bridge2.0-0 libcups2 libdrm2 libatspi2.0-dev libxcomposite-dev libxdamage1 libxfixes3 libxfixes-dev libxrandr2 libgbm-dev libxkbcommon-x11-0 libpangocairo-1.0-0 libcairo2 libcairo2-dev libnss3 libnspr4 libnspr4-dev freeglut3 &&
apt-get install -y libxrender1 libxtst6 libxi6 &&
apt-get install -y libatk1.0-0 libatk-bridge2.0-0 libcups2 libdrm2 libatspi2.0-dev libxcomposite-dev libxdamage1 libxfixes3 libxfixes-dev libxrandr2 libgbm-dev libxkbcommon-x11-0 libpangocairo-1.0-0 libcairo2 libcairo2-dev libnss3 libnspr4 libnspr4-dev &&
apt-get clean -y
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
## 2024-09-20 Version 4.9.1-rc1 Release Notes
## 2024-09-27 Version 4.9.1-rc2 Release Notes

## [4.9.1-rc1]
## [4.9.1]
### Added
-

Expand Down

0 comments on commit e6e60cd

Please sign in to comment.