As part of the new data persistence model to be implemented across Wazuh, we need to define the data model that is going to be used and shared by the Wazuh Central Components. While the Wazuh Indexer team is in charge of the creation and maintenance of the index templates, the indices and their fields, we believe their semantics depend on the context where they are being generated, hence the significance of these fields needs to be provided by the source of the data.
This new data model needs to be well documented, written and visually, by the use of diagrams, to make its understanding and maintenance as easy as possible. The data model needs to ensure that the data can be filtered using consistent criteria, such as the groups of agent they belong to.
As a result, we'll generate not only the documentation of this new data model, but the index templates that effectively represent the data model in the Indexer.
Functional requirements
The data model must cover all the indices planned for 5.0 (stateful and stateless. See parent issue).
The data model must allow Role-Based access control consistently. The data can be filtered, at least, by the groups of agents it belongs to.
Non-functional requirements
The data model must be represented in an E/R diagram.
The fields of the data model need to be well documented, indicating their meaning in the context of the source where they are generated, and providing any relevant information about their lifecycle, for example, under which conditions the data is generated or changes.
The data model must outline the visibility of the indices.
Plan
[ ] #345
[ ] #270
[x] Automate the removal of multi-fields on the generated templates
[ ] Fields semantics (provided by the sources: agent, vulnerability detector, ...)
Description
As part of the new data persistence model to be implemented across Wazuh, we need to define the data model that is going to be used and shared by the Wazuh Central Components. While the Wazuh Indexer team is in charge of the creation and maintenance of the index templates, the indices and their fields, we believe their semantics depend on the context where they are being generated, hence the significance of these fields needs to be provided by the source of the data.
This new data model needs to be well documented, written and visually, by the use of diagrams, to make its understanding and maintenance as easy as possible. The data model needs to ensure that the data can be filtered using consistent criteria, such as the groups of agent they belong to.
As a result, we'll generate not only the documentation of this new data model, but the index templates that effectively represent the data model in the Indexer.
Functional requirements
Non-functional requirements
Plan