wazuh / wazuh-indexer-plugins

GNU Affero General Public License v3.0
1 stars 3 forks source link

Implement commands index template creation #82

Closed AlexRuiz7 closed 2 months ago

AlexRuiz7 commented 2 months ago

Description

This PR implements the creation of the command's index template before indexing data to the index.

curl -XPOST "http://127.0.0.1:9200/_plugins/_commandmanager" -H 'Content-Type: application/json' -d'
{
  "command": {
    "source": "UsersServices",
    "user": "user13",
    "target": "WazuhServerCluster5",
    "type": "agent_group",
    "action": {
        "type": "Server cluster",
        "args": [
            "/path/to/executable/arg8"
        ],
        "version": "v4"
    },
    "timeout": 100
  }
}'

{"_index":".commands","_id":"Ez2tQ5IBwhioaNePRF5F","result":"CREATED"}% 
{
  ".commands": {
    "aliases": {

    },
    "mappings": {
      "date_detection": false,
      "properties": {
        "command": {
          "properties": {
            "action": {
              "properties": {
                "args": {
                  "type": "keyword",
                  "ignore_above": 1024
                },
                "type": {
                  "type": "keyword",
                  "ignore_above": 1024
                },
                "version": {
                  "type": "keyword",
                  "ignore_above": 1024
                }
              }
            },
            "order_id": {
              "type": "keyword",
              "ignore_above": 1024
            },
            "request_id": {
              "type": "keyword",
              "ignore_above": 1024
            },
            "result": {
              "properties": {
                "code": {
                  "type": "short"
                },
                "data": {
                  "type": "keyword",
                  "ignore_above": 1024
                },
                "message": {
                  "type": "keyword",
                  "ignore_above": 1024
                }
              }
            },
            "source": {
              "type": "keyword",
              "ignore_above": 1024
            },
            "status": {
              "type": "keyword",
              "ignore_above": 1024
            },
            "target": {
              "type": "keyword",
              "ignore_above": 1024
            },
            "timeout": {
              "type": "short"
            },
            "type": {
              "type": "keyword",
              "ignore_above": 1024
            },
            "user": {
              "type": "keyword",
              "ignore_above": 1024
            }
          }
        }
      }
    },
    "settings": {
      "index": {
        "replication": {
          "type": "DOCUMENT"
        },
        "refresh_interval": "5s",
        "hidden": "true",
        "number_of_shards": "1",
        "provided_name": ".commands",
        "query": {
          "default_field": [
            "command.source",
            "command.target",
            "command.status",
            "command.type"
          ]
        },
        "creation_date": "1727712281860",
        "number_of_replicas": "0",
        "uuid": "_DVNVtJnQN2K64lBd-BuZw",
        "version": {
          "created": "136377827"
        }
      }
    }
  }
}

Issues Resolved

Closes #42

AlexRuiz7 commented 2 months ago

Superseded by #83.