Add Stateless Messages to Inventory Module Indicating Detected Deltas #454
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
4 tasks
cborla
force-pushed
the
enhancement/437-add-stateless-messages-to-inventory
branch
2 times, most recently
from
f4c7d01 to
e03f483
Compare
cborla
force-pushed
the
enhancement/437-add-stateless-messages-to-inventory
branch
2 times, most recently
from
4ab9314 to
aad655f
Compare
ncvicchi
force-pushed
the
enhancement/437-add-stateless-messages-to-inventory
branch
8 times, most recently
from
2bbd0e3 to
c86a53d
Compare
nbertoldo
force-pushed
the
enhancement/437-add-stateless-messages-to-inventory
branch
from
d698dbf to
fe31e6f
Compare
cborla
force-pushed
the
enhancement/437-add-stateless-messages-to-inventory
branch
from
bb44387 to
736a8db
Compare
vikman90
previously requested changes
Jan 16, 2025
cborla
force-pushed
the
enhancement/437-add-stateless-messages-to-inventory
branch
from
8763302 to
7742e1c
Compare
cborla
force-pushed
the
enhancement/437-add-stateless-messages-to-inventory
branch
from
7742e1c to
0d51d26
Compare
cborla
force-pushed
the
enhancement/437-add-stateless-messages-to-inventory
branch
4 times, most recently
from
5d6c369 to
dc1ae90
Compare
cborla
force-pushed
the
enhancement/437-add-stateless-messages-to-inventory
branch
from
dc1ae90 to
2f0d25b
Compare
nbertoldo
force-pushed
the
enhancement/437-add-stateless-messages-to-inventory
branch
from
a5d6b82 to
84a69fe
Compare
cborla
dismissed
vikman90’s stale review
The changes suggested by @vikman90 were applied, only the method signature did not change and the inventory primary keys should remain as EMPTY_VALUE, the others changed.
TomasTurina
approved these changes
Jan 17, 2025
cborla
deleted the
enhancement/437-add-stateless-messages-to-inventory
branch
E2E Test Stateful EventsHardware{
"_index": "wazuh-states-inventory-hardware",
"_id": "390c253daf42673a999eb0727e3dfc384da2ec64",
"_version": 3,
"_score": null,
"_source": {
"agent": {
"id": "26353180-0a76-48b5-bc8b-9d317f1ed07b",
"name": "noble",
"groups": [],
"type": "Endpoint",
"version": "5.0.0",
"host": {
"architecture": "x86_64",
"hostname": "noble",
"ip": [
"10.0.2.15",
"fe80::a00:27ff:fe64:e1ff",
"192.168.56.132",
"fe80::a00:27ff:fecb:7200"
],
"os": {
"name": "Ubuntu",
"type": "Linux",
"version": "24.04.1 LTS (Noble Numbat)"
}
}
},
"@timestamp": "2025-01-17T17:46:48.960Z",
"host": {
"cpu": {
"cores": 8,
"name": "AMD Ryzen 7 5800X 8-Core Processor",
"speed": 3800
},
"memory": {
"free": 8124296,
"total": 12247076,
"used": {
"percentage": 34
}
}
},
"observer": {
"serial_number": "0"
}
},
"fields": {
"@timestamp": [
"2025-01-17T17:46:48.960Z"
]
},
"sort": [
1737136008960
]
}System{
"_index": "wazuh-states-inventory-system",
"_id": "61cefd485dfc039f9ed7b2cc875a9e3c60d2355f",
"_version": 1,
"_score": null,
"_source": {
"agent": {
"id": "26353180-0a76-48b5-bc8b-9d317f1ed07b",
"name": "noble",
"groups": [],
"type": "Endpoint",
"version": "5.0.0",
"host": {
"architecture": "x86_64",
"hostname": "noble",
"ip": [
"10.0.2.15",
"fe80::a00:27ff:fe64:e1ff",
"192.168.56.132",
"fe80::a00:27ff:fecb:7200"
],
"os": {
"name": "Ubuntu",
"type": "Linux",
"version": "24.04.1 LTS (Noble Numbat)"
}
}
},
"@timestamp": "2025-01-17T17:42:42.745Z",
"host": {
"architecture": "x86_64",
"hostname": "noble",
"os": {
"full": "noble",
"kernel": null,
"name": "Ubuntu",
"platform": "ubuntu",
"type": "Linux",
"version": "24.04.1 LTS (Noble Numbat)"
}
}
},
"fields": {
"@timestamp": [
"2025-01-17T17:42:42.745Z"
]
},
"sort": [
1737135762745
]
}Packages{
"_index": "wazuh-states-inventory-packages",
"_id": "a9b72cae89623be4614c7715f11004afa3701ba4",
"_version": 4,
"_score": null,
"_source": {
"agent": {
"id": "26353180-0a76-48b5-bc8b-9d317f1ed07b",
"name": "noble",
"groups": [],
"type": "Endpoint",
"version": "5.0.0",
"host": {
"architecture": "x86_64",
"hostname": "noble",
"ip": [
"10.0.2.15",
"fe80::a00:27ff:fe64:e1ff",
"192.168.56.132",
"fe80::a00:27ff:fecb:7200"
],
"os": {
"name": "Ubuntu",
"type": "Linux",
"version": "24.04.1 LTS (Noble Numbat)"
}
}
},
"@timestamp": "2025-01-17T17:49:50.252Z",
"package": {
"architecture": "all",
"description": "grep-like program specifically for large source trees",
"installed": null,
"name": "ack",
"path": "",
"size": 229376,
"type": "deb",
"version": "3.7.0-1"
}
},
"fields": {
"@timestamp": [
"2025-01-17T17:49:50.252Z"
]
},
"sort": [
1737136190252
]
}Processes{
"_index": "wazuh-states-inventory-processes",
"_id": "ecec94170c330df5df519cdb270b103cc4f962f0",
"_version": 3,
"_score": null,
"_source": {
"agent": {
"id": "26353180-0a76-48b5-bc8b-9d317f1ed07b",
"name": "noble",
"groups": [],
"type": "Endpoint",
"version": "5.0.0",
"host": {
"architecture": "x86_64",
"hostname": "noble",
"ip": [
"10.0.2.15",
"fe80::a00:27ff:fe64:e1ff",
"192.168.56.132",
"fe80::a00:27ff:fecb:7200"
],
"os": {
"name": "Ubuntu",
"type": "Linux",
"version": "24.04.1 LTS (Noble Numbat)"
}
}
},
"@timestamp": "2025-01-17T17:52:51.665Z",
"process": {
"args": null,
"command_line": null,
"group": {
"id": "root"
},
"name": "rcu_preempt",
"parent": {
"pid": 2
},
"pid": "17",
"real_group": {
"id": "root"
},
"real_user": {
"id": "root"
},
"saved_group": {
"id": "root"
},
"saved_user": {
"id": "root"
},
"start": 1737125336,
"thread": {
"id": 17
},
"tty": {
"char_device": {
"major": 0
}
},
"user": {
"id": "root"
}
}
},
"fields": {
"@timestamp": [
"2025-01-17T17:52:51.665Z"
],
"process.start": [
"1970-01-21T02:32:05.336Z"
]
},
"sort": [
1737136371665
]
}Networks{
"_index": "wazuh-states-inventory-networks",
"_id": "3d2d17f57ced6ce3d5892d46c4df2f491f27da52",
"_version": 5,
"_score": null,
"_source": {
"agent": {
"id": "26353180-0a76-48b5-bc8b-9d317f1ed07b",
"name": "noble",
"groups": [],
"type": "Endpoint",
"version": "5.0.0",
"host": {
"architecture": "x86_64",
"hostname": "noble",
"ip": [
"10.0.2.15",
"fe80::a00:27ff:fe64:e1ff",
"192.168.56.132",
"fe80::a00:27ff:fecb:7200"
],
"os": {
"name": "Ubuntu",
"type": "Linux",
"version": "24.04.1 LTS (Noble Numbat)"
}
}
},
"@timestamp": "2025-01-17T17:52:51.665Z",
"host": {
"ip": [
"10.0.2.15"
],
"mac": "08:00:27:64:e1:ff",
"network": {
"egress": {
"bytes": 9615193,
"drops": 0,
"errors": 0,
"packets": 41339
},
"ingress": {
"bytes": 192404085,
"drops": 0,
"errors": 0,
"packets": 153501
}
}
},
"interface": {
"mtu": 1500,
"state": "up",
"type": "ethernet"
},
"network": {
"broadcast": [
"10.0.2.255"
],
"dhcp": null,
"gateway": [
"10.0.2.2"
],
"metric": "100",
"netmask": [
"255.255.255.0"
],
"protocol": null,
"type": "ipv4"
},
"observer": {
"ingress": {
"interface": {
"alias": "",
"name": "eth0"
}
}
}
},
"fields": {
"@timestamp": [
"2025-01-17T17:52:51.665Z"
]
},
"sort": [
1737136371665
]
}Ports{
"_index": "wazuh-states-inventory-ports",
"_id": "0102439a966b9bcc7bb88daaa12c42320390ebb2",
"_version": 1,
"_score": null,
"_source": {
"agent": {
"id": "26353180-0a76-48b5-bc8b-9d317f1ed07b",
"name": "noble",
"groups": [],
"type": "Endpoint",
"version": "5.0.0",
"host": {
"architecture": "x86_64",
"hostname": "noble",
"ip": [
"10.0.2.15",
"fe80::a00:27ff:fe64:e1ff",
"192.168.56.132",
"fe80::a00:27ff:fecb:7200"
],
"os": {
"name": "Ubuntu",
"type": "Linux",
"version": "24.04.1 LTS (Noble Numbat)"
}
}
},
"@timestamp": "2025-01-17T17:52:51.665Z",
"destination": {
"ip": [
"192.168.56.125"
],
"port": 27000
},
"file": {
"inode": 192151
},
"host": {
"network": {
"egress": {
"queue": 0
},
"ingress": {
"queue": 510
}
}
},
"interface": {
"state": "established"
},
"network": {
"protocol": "tcp"
},
"process": {
"name": "wazuh-agent",
"pid": 42289
},
"source": {
"ip": [
"192.168.56.132"
],
"port": 45792
}
},
"fields": {
"@timestamp": [
"2025-01-17T17:52:51.665Z"
]
},
"sort": [
1737136371665
]
}
|
E2E Test Stateless EventsHardware{
"_index": "wazuh-alerts-5.x-0001",
"_id": "AKtZdZQBLzTJpoVmulSC",
"_version": 1,
"_score": 0,
"_source": {
"agent": {
"groups": [],
"host": {
"architecture": "x86_64",
"hostname": "noble",
"ip": [
"10.0.2.15",
"fe80::a00:27ff:fe64:e1ff",
"192.168.56.132",
"fe80::a00:27ff:fecb:7200"
],
"os": {
"name": "Ubuntu",
"type": "Linux",
"version": "24.04.1 LTS (Noble Numbat)"
}
},
"id": "26353180-0a76-48b5-bc8b-9d317f1ed07b",
"name": "noble",
"type": "Endpoint",
"version": "5.0.0"
},
"event": {
"action": "hardware-detected",
"category": [
"host"
],
"created": "2025-01-17T17:39:43.299Z",
"reason": "New hardware detected: AMD Ryzen 7 5800X 8-Core Processor with 11 GB memory",
"type": [
"start"
]
},
"host": {
"cpu": {
"cores": 8,
"name": "AMD Ryzen 7 5800X 8-Core Processor",
"speed": 3800
},
"memory": {
"free": 8120800,
"total": 12247076,
"used": {
"percentage": 34
}
}
},
"observer": {
"serial_number": "0"
}
},
"fields": {
"event.created": [
"2025-01-17T17:39:43.299Z"
]
}
}System{
"_index": "wazuh-alerts-5.x-0001",
"_id": "QqtcdZQBLzTJpoVmVlYw",
"_version": 1,
"_score": 0,
"_source": {
"agent": {
"groups": [],
"host": {
"architecture": "x86_64",
"hostname": "noble",
"ip": [
"10.0.2.15",
"fe80::a00:27ff:fe64:e1ff",
"192.168.56.132",
"fe80::a00:27ff:fecb:7200"
],
"os": {
"name": "Ubuntu",
"type": "Linux",
"version": "24.04.1 LTS (Noble Numbat)"
}
},
"id": "26353180-0a76-48b5-bc8b-9d317f1ed07b",
"name": "noble",
"type": "Endpoint",
"version": "5.0.0"
},
"event": {
"action": "system-detected",
"category": [
"host"
],
"created": "2025-01-17T17:42:42.745Z",
"reason": "System noble is running OS version 24.04.1 LTS (Noble Numbat)",
"type": [
"info"
]
},
"host": {
"architecture": "x86_64",
"hostname": "noble",
"os": {
"full": "noble",
"kernel": null,
"name": "Ubuntu",
"platform": "ubuntu",
"type": "Linux",
"version": "24.04.1 LTS (Noble Numbat)"
}
}
},
"fields": {
"event.created": [
"2025-01-17T17:42:42.745Z"
]
},
"highlight": {
"event.action": [
"@opensearch-dashboards-highlighted-field@system-detected@/opensearch-dashboards-highlighted-field@"
]
}
}Packages{
"_index": "wazuh-alerts-5.x-0001",
"_id": "P6tcdZQBLzTJpoVmd1rg",
"_version": 1,
"_score": 0,
"_source": {
"agent": {
"groups": [],
"host": {
"architecture": "x86_64",
"hostname": "noble",
"ip": [
"10.0.2.15",
"fe80::a00:27ff:fe64:e1ff",
"192.168.56.132",
"fe80::a00:27ff:fecb:7200"
],
"os": {
"name": "Ubuntu",
"type": "Linux",
"version": "24.04.1 LTS (Noble Numbat)"
}
},
"id": "26353180-0a76-48b5-bc8b-9d317f1ed07b",
"name": "noble",
"type": "Endpoint",
"version": "5.0.0"
},
"event": {
"action": "package-installed",
"category": [
"package"
],
"created": "2025-01-17T17:42:42.745Z",
"reason": "Package Pygments (version 2.17.2) was installed",
"type": [
"installation"
]
},
"package": {
"architecture": "",
"description": null,
"installed": null,
"name": "Pygments",
"path": "/usr/lib/python3/dist-packages/pygments-2.17.2.dist-info/METADATA",
"size": null,
"type": "pypi",
"version": "2.17.2"
}
},
"fields": {
"event.created": [
"2025-01-17T17:42:42.745Z"
]
},
"highlight": {
"event.action": [
"@opensearch-dashboards-highlighted-field@package-installed@/opensearch-dashboards-highlighted-field@"
]
}
}Processes{
"_index": "wazuh-alerts-5.x-0001",
"_id": "GatZdZQBLzTJpoVmulWC",
"_version": 1,
"_score": 0,
"_source": {
"agent": {
"groups": [],
"host": {
"architecture": "x86_64",
"hostname": "noble",
"ip": [
"10.0.2.15",
"fe80::a00:27ff:fe64:e1ff",
"192.168.56.132",
"fe80::a00:27ff:fecb:7200"
],
"os": {
"name": "Ubuntu",
"type": "Linux",
"version": "24.04.1 LTS (Noble Numbat)"
}
},
"id": "26353180-0a76-48b5-bc8b-9d317f1ed07b",
"name": "noble",
"type": "Endpoint",
"version": "5.0.0"
},
"event": {
"action": "process-started",
"category": [
"process"
],
"created": "2025-01-17T17:39:43.299Z",
"reason": "Process kworker/3:1-eve (PID: kworker/3:1-eve) was started",
"type": [
"start"
]
},
"process": {
"args": null,
"command_line": null,
"group": {
"id": "root"
},
"name": "kworker/3:1-eve",
"parent": {
"pid": 2
},
"pid": "41984",
"real_group": {
"id": "root"
},
"real_user": {
"id": "root"
},
"saved_group": {
"id": "root"
},
"saved_user": {
"id": "root"
},
"start": 1737135040,
"thread": {
"id": 41984
},
"tty": {
"char_device": {
"major": 0
}
},
"user": {
"id": "root"
}
}
},
"fields": {
"event.created": [
"2025-01-17T17:39:43.299Z"
],
"process.start": [
"1970-01-21T02:32:15.040Z"
]
},
"highlight": {
"event.action": [
"@opensearch-dashboards-highlighted-field@process-started@/opensearch-dashboards-highlighted-field@"
]
}
}Networks{
"_index": "wazuh-alerts-5.x-0001",
"_id": "M6tZdZQBLzTJpoVmulWC",
"_version": 1,
"_score": 0,
"_source": {
"agent": {
"groups": [],
"host": {
"architecture": "x86_64",
"hostname": "noble",
"ip": [
"10.0.2.15",
"fe80::a00:27ff:fe64:e1ff",
"192.168.56.132",
"fe80::a00:27ff:fecb:7200"
],
"os": {
"name": "Ubuntu",
"type": "Linux",
"version": "24.04.1 LTS (Noble Numbat)"
}
},
"id": "26353180-0a76-48b5-bc8b-9d317f1ed07b",
"name": "noble",
"type": "Endpoint",
"version": "5.0.0"
},
"event": {
"action": "network-interface-updated",
"category": [
"network"
],
"changed_fields": [
"host.network.ingress.bytes",
"host.network.ingress.packets",
"host.network.egress.bytes",
"host.network.egress.packets"
],
"created": "2025-01-17T17:39:43.299Z",
"reason": "Network interface eth0 updated",
"type": [
"change"
]
},
"host": {
"ip": [
"10.0.2.15"
],
"mac": "08:00:27:64:e1:ff",
"network": {
"egress": {
"bytes": 9507634,
"drops": 0,
"errors": 0,
"packets": 40761,
"previous": {
"bytes": 9183172,
"packets": 39051
}
},
"ingress": {
"bytes": 192028953,
"drops": 0,
"errors": 0,
"packets": 152720,
"previous": {
"bytes": 191335102,
"packets": 150235
}
}
}
},
"interface": {
"mtu": 1500,
"state": "up",
"type": "ethernet"
},
"network": {
"broadcast": [
"10.0.2.255"
],
"dhcp": null,
"gateway": [
"10.0.2.2"
],
"metric": "100",
"netmask": [
"255.255.255.0"
],
"protocol": null,
"type": "ipv4"
},
"observer": {
"ingress": {
"interface": {
"alias": "",
"name": "eth0"
}
}
}
},
"fields": {
"event.created": [
"2025-01-17T17:39:43.299Z"
]
},
"highlight": {
"event.action": [
"@opensearch-dashboards-highlighted-field@network-interface-updated@/opensearch-dashboards-highlighted-field@"
]
}
}Ports{
"_index": "wazuh-alerts-5.x-0001",
"_id": "I6tZdZQBLzTJpoVmulWC",
"_version": 1,
"_score": 0,
"_source": {
"agent": {
"groups": [],
"host": {
"architecture": "x86_64",
"hostname": "noble",
"ip": [
"10.0.2.15",
"fe80::a00:27ff:fe64:e1ff",
"192.168.56.132",
"fe80::a00:27ff:fecb:7200"
],
"os": {
"name": "Ubuntu",
"type": "Linux",
"version": "24.04.1 LTS (Noble Numbat)"
}
},
"id": "26353180-0a76-48b5-bc8b-9d317f1ed07b",
"name": "noble",
"type": "Endpoint",
"version": "5.0.0"
},
"destination": {
"ip": [
"0.0.0.0"
],
"port": 0
},
"event": {
"action": "port-updated",
"category": [
"network"
],
"changed_fields": [
"process.name",
"process.pid"
],
"created": "2025-01-17T17:39:43.299Z",
"reason": "Updated connection from source port 53 to destination port 0",
"type": [
"change"
]
},
"file": {
"inode": 11300
},
"host": {
"network": {
"egress": {
"queue": 0
},
"ingress": {
"queue": 0
}
}
},
"interface": {
"state": null
},
"network": {
"protocol": "udp"
},
"process": {
"name": "systemd-resolve",
"pid": 706,
"previous": {
"name": null,
"pid": null
}
},
"source": {
"ip": [
"127.0.0.54"
],
"port": 53
}
},
"fields": {
"event.created": [
"2025-01-17T17:39:43.299Z"
]
},
"highlight": {
"event.action": [
"@opensearch-dashboards-highlighted-field@port-updated@/opensearch-dashboards-highlighted-field@"
]
}
}
|
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description
This PR implements the generation of stateless messages in the Inventory module to report detected deltas (changes) during inventory scans. The main improvements include: