Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Investigate the possibility of using the workload benchmarks metrics pipeline in agents mode to send syscollector events #20777

Closed
Tracked by #20776
GGP1 opened this issue Dec 13, 2023 · 4 comments
Closed
Tracked by #20776

Investigate the possibility of using the workload benchmarks metrics pipeline in agents mode to send syscollector events #20777

GGP1 opened this issue Dec 13, 2023 · 4 comments
Assignees
@GGP1
Labels
level/task type/enhancement New feature or request

Comments

@GGP1
Copy link
Member

GGP1 commented Dec 13, 2023

Description

Investigate the possibility of using the workload benchmarks metrics pipeline in the agents mode to send syscollector events that trigger vulnerability detection alerts.

The pipeline should generate several mocked events that force the vulnerability detection module to populate its database.
@GGP1 GGP1 added type/enhancement New feature or request level/task labels Dec 13, 2023
@GGP1 GGP1 mentioned this issue Dec 13, 2023
Closed
9 tasks
@wazuhci wazuhci moved this to Backlog in Release 4.8.0 Dec 13, 2023
@GGP1 GGP1 self-assigned this Dec 13, 2023
@wazuhci wazuhci moved this from Backlog to In progress in Release 4.8.0 Dec 13, 2023
@GGP1
Copy link
Member Author

GGP1 commented Dec 13, 2023

Update

Started analyzing the workload benchmarks metrics pipeline and agent simulator tool source code.

@GGP1
Copy link
Member Author

GGP1 commented Dec 14, 2023
edited
Loading

Investigation

The workload benchmarks metrics pipeline can be executed using one of three modes:

  • AGENTS: deploys n agents
  • EPS: deploys a single agent that generates n events per second on the configured modules
  • HYBRID: is a mix between the two modes above. It deploys n agents that each generate 2 EPS on the modules fim, syscollector, winevt, logcollector and sca.

The desired functionality could be achieved by using the HYBRID mode. However, we would need to modify the pipeline so the modules and the number of events generated can be selected by the user when launching the workflow.

Furthermore, additional changes may be required to the agent_simulator script to generate syscollector events that trigger specific rules. The templates of the generated events can be found here.

These changes will be carried out in #20779.

@wazuhci wazuhci moved this from In progress to Pending review in Release 4.8.0 Dec 14, 2023
@wazuhci wazuhci moved this from Pending review to In review in Release 4.8.0 Dec 14, 2023
@Rebits
Copy link
Member

Rebits commented Dec 14, 2023

LGTM

@wazuhci wazuhci moved this from In review to Pending final review in Release 4.8.0 Dec 14, 2023
@davidjiglesias
Copy link
Member

LGTM

@wazuhci wazuhci moved this from Pending final review to Done in Release 4.8.0 Dec 15, 2023
@juliamagan juliamagan mentioned this issue Apr 17, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@GGP1 GGP1

Labels
level/task type/enhancement New feature or request
Projects
No open projects
Release 4.8.0
Status: Done
Milestone
No milestone
Development

No branches or pull requests
3 participants
@Rebits @davidjiglesias @GGP1