Adapt the commands event generator to job-scheduler changes

[QU3B1M]

Description

Update the commands' event_generator to work with the last changes for the job-scheduler plugin
Now it sends a commands array on the body for bulk indexing through API post request.

Add a new argument --protocol [https|http] to select the required protocol, defaults on https
Example usage:

python command/event-generator/event_generator.py --protocol=http

Related Issues

Resolves wazuh/wazuh-indexer-plugins#87

Check List

• Functionality includes testing.
• API changes companion pull request created, if applicable.
• Public documentation issue/PR created, if applicable.

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
For more information on following Developer Certificate of Origin and signing off your commits, please check here.

[AlexRuiz7]

This change to the event generator has a regression, in which it fails to correctly store the generated events to the generatedData.json file.

• On master, run python event_generator.py. The file contains

{"source": "Engine", "user": "user4", "target": {"id": "target5", "type": "agent"}, "action": {"name": "restart", "args": ["/path/to/executable/arg1"], "version": "v3"}, "timeout": 87}
{"source": "Content manager", "user": "user68", "target": {"id": "target4", "type": "server"}, "action": {"name": "update", "args": ["/path/to/executable/arg2"], "version": "v4"}, "timeout": 21}
{"source": "Engine", "user": "user80", "target": {"id": "target8", "type": "server"}, "action": {"name": "apply_policy", "args": ["/path/to/executable/arg3"], "version": "v3"}, "timeout": 10}
{"source": "Users/Services", "user": "user62", "target": {"id": "target7", "type": "agent"}, "action": {"name": "apply_policy", "args": ["/path/to/executable/arg9"], "version": "v2"}, "timeout": 78}
{"source": "Engine", "user": "user32", "target": {"id": "target2", "type": "agent"}, "action": {"name": "change_group", "args": ["/path/to/executable/arg4"], "version": "v4"}, "timeout": 95}
{"source": "Engine", "user": "user68", "target": {"id": "target9", "type": "server"}, "action": {"name": "update", "args": ["/path/to/executable/arg1"], "version": "v4"}, "timeout": 15}
{"source": "Engine", "user": "user39", "target": {"id": "target7", "type": "server"}, "action": {"name": "change_group", "args": ["/path/to/executable/arg5"], "version": "v2"}, "timeout": 66}
{"source": "Content manager", "user": "user34", "target": {"id": "target2", "type": "group"}, "action": {"name": "apply_policy", "args": ["/path/to/executable/arg7"], "version": "v1"}, "timeout": 24}
{"source": "Content manager", "user": "user40", "target": {"id": "target4", "type": "server"}, "action": {"name": "apply_policy", "args": ["/path/to/executable/arg3"], "version": "v1"}, "timeout": 91}
{"source": "Content manager", "user": "user94", "target": {"id": "target1", "type": "server"}, "action": {"name": "restart", "args": ["/path/to/executable/arg8"], "version": "v3"}, "timeout": 81}

• On this branch, run the same command. The file contains:

"commands"

[QU3B1M]

Fixed the dump of the generated data into the .json log file

• Running the tool generating one event:

  python command/event-generator/event_generator.py   
  How many events do you want to generate? 1
  Do you want to inject the generated data into your indexer/command manager? (y/n) 

  The data is correctly saved

  cat generatedData.json 
  {"commands": [{"source": "Engine", "user": "user82", "target": {"id": "target5", "type": "agent"}, "action": {"name": "change_group", "args": ["/path/to/executable/arg2"], "version": "v3"}, "timeout": 51}]}

• With more events to generate

  python command/event-generator/event_generator.py 
  How many events do you want to generate? 10
  Do you want to inject the generated data into your indexer/command manager? (y/n) 

  Both data (from the previous and current execution) is saved into the file

  cat generatedData.json                            
  {"commands": [{"source": "Engine", "user": "user82", "target": {"id": "target5", "type": "agent"}, "action": {"name": "change_group", "args": ["/path/to/executable/arg2"], "version": "v3"}, "timeout": 51}]}
  {"commands": [{"source": "Engine", "user": "user71", "target": {"id": "target2", "type": "group"}, "action": {"name": "apply_policy", "args": ["/path/to/executable/arg8"], "version": "v1"}, "timeout": 37}, {"source": "Engine", "user": "user90", "target": {"id": "target3", "type": "server"}, "action": {"name": "restart", "args": ["/path/to/executable/arg8"], "version": "v2"}, "timeout": 34}, {"source": "Content manager", "user": "user22", "target": {"id": "target5", "type": "group"}, "action": {"name": "apply_policy", "args": ["/path/to/executable/arg3"], "version": "v1"}, "timeout": 51}, {"source": "Engine", "user": "user3", "target": {"id": "target4", "type": "agent"}, "action": {"name": "apply_policy", "args": ["/path/to/executable/arg1"], "version": "v3"}, "timeout": 62}, {"source": "Content manager", "user": "user5", "target": {"id": "target1", "type": "server"}, "action": {"name": "change_group", "args": ["/path/to/executable/arg5"], "version": "v2"}, "timeout": 15}, {"source": "Users/Services", "user": "user88", "target": {"id": "target1", "type": "server"}, "action": {"name": "update", "args": ["/path/to/executable/arg6"], "version": "v2"}, "timeout": 78}, {"source": "Engine", "user": "user72", "target": {"id": "target9", "type": "server"}, "action": {"name": "change_group", "args": ["/path/to/executable/arg6"], "version": "v5"}, "timeout": 98}, {"source": "Users/Services", "user": "user48", "target": {"id": "target3", "type": "agent"}, "action": {"name": "apply_policy", "args": ["/path/to/executable/arg7"], "version": "v1"}, "timeout": 35}, {"source": "Users/Services", "user": "user74", "target": {"id": "target10", "type": "server"}, "action": {"name": "change_group", "args": ["/path/to/executable/arg3"], "version": "v5"}, "timeout": 90}, {"source": "Content manager", "user": "user94", "target": {"id": "target10", "type": "server"}, "action": {"name": "restart", "args": ["/path/to/executable/arg1"], "version": "v2"}, "timeout": 41}]}

[AlexRuiz7]

Documents can be indexed using the --index

And also using the automated ingestion

@alex-MS-7D25 ➜ event-generator git:(87-job-scheduler-adaptations) ✗ python event_generator.py --index
How many events do you want to generate? 10
Do you want to inject the generated data into your indexer/command manager? (y/n) y
Enter the IP of your Indexer (default: '127.0.0.1'): 172.28.128.44
Enter the port of your Indexer (default: '9200'): 
Enter the index name (default: '.commands'): 
Username (default: 'admin'): 
Password (default: 'admin'): 

INFO:root:Generating 10 events...
INFO:root:Data generation completed.
INFO:root:Data injection completed successfully.

The generated data can be sent to our API endpoint too:

@alex-MS-7D25 ➜ event-generator git:(87-job-scheduler-adaptations) ✗ curl -X POST https://172.28.128.44:9200/_plugins/_command_manager/commands -k -u "admin:admin" -H "Content-Type: application/json" -d '
{"commands": [{"source": "Content manager", "user": "user59", "target": {"id": "target8", "type": "group"}, "action": {"name": "change_group", "args": ["/path/to/executable/arg3"], "version": "v2"}, "timeout": 62}, {"source": "Engine", "user": "user18", "target": {"id": "target2", "type": "agent"}, "action": {"name": "restart", "args": ["/path/to/executable/arg9"], "version": "v2"}, "timeout": 41}, {"source": "Users/Services", "user": "user72", "target": {"id": "target5", "type": "group"}, "action": {"name": "apply_policy", "args": ["/path/to/executable/arg9"], "version": "v4"}, "timeout": 29}, {"source": "Engine", "user": "user67", "target": {"id": "target9", "type": "agent"}, "action": {"name": "update", "args": ["/path/to/executable/arg6"], "version": "v2"}, "timeout": 99}, {"source": "Engine", "user": "user78", "target": {"id": "target1", "type": "group"}, "action": {"name": "update", "args": ["/path/to/executable/arg3"], "version": "v2"}, "timeout": 24}, {"source": "Users/Services", "user": "user3", "target": {"id": "target4", "type": "server"}, "action": {"name": "restart", "args": ["/path/to/executable/arg9"], "version": "v2"}, "timeout": 11}, {"source": "Content manager", "user": "user65", "target": {"id": "target3", "type": "agent"}, "action": {"name": "apply_policy", "args": ["/path/to/executable/arg7"], "version": "v5"}, "timeout": 16}, {"source": "Engine", "user": "user14", "target": {"id": "target5", "type": "server"}, "action": {"name": "update", "args": ["/path/to/executable/arg4"], "version": "v4"}, "timeout": 18}, {"source": "Engine", "user": "user4", "target": {"id": "target9", "type": "group"}, "action": {"name": "update", "args": ["/path/to/executable/arg4"], "version": "v2"}, "timeout": 28}, {"source": "Content manager", "user": "user26", "target": {"id": "target6", "type": "server"}, "action": {"name": "restart", "args": ["/path/to/executable/arg9"], "version": "v2"}, "timeout": 14}]}'
{"_index":".commands","_documents":[{"_id":"ebG335MBp3bSh5fwX5YK"},{"_id":"erG335MBp3bSh5fwX5YL"},{"_id":"e7G335MBp3bSh5fwX5YL"},{"_id":"fLG335MBp3bSh5fwX5YL"},{"_id":"fbG335MBp3bSh5fwX5YL"},{"_id":"frG335MBp3bSh5fwX5YL"},{"_id":"f7G335MBp3bSh5fwX5YL"},{"_id":"gLG335MBp3bSh5fwX5YL"},{"_id":"gbG335MBp3bSh5fwX5YL"},{"_id":"grG335MBp3bSh5fwX5YL"}],"result":"OK"}