Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Initialization of the wazuh-context index #257

Closed
f-galland opened this issue Jan 29, 2025 · 0 comments · Fixed by #263
Closed

Initialization of the wazuh-context index #257

f-galland opened this issue Jan 29, 2025 · 0 comments · Fixed by #263
Assignees
@mcasas993
Labels
level/subtask Subtask issue type/enhancement Enhancement issue

Comments

@f-galland
Copy link
Member

f-galland commented Jan 29, 2025
edited by AlexRuiz7
Loading

Description

On start, the Content Manager will initialize the internal index to manage the context's metadata. The index name will be wazuh-context for now. This index will be read and written by other modules of the Content Manager:

  • The CTI client writes the latest offset and the snapshot URL for the given context.
  • The Content Updater reads the latest offset and the current offset to fetch the changes on the context. It updates the context's offset on each successful update.
  • The Snapshot handler reads the snapshot URL.
[
  {
    "_index": "wazuh-context",
    "_id": "vd_1.0.0",
    "_source": {
      "vd_4.8.0": {
        "offset": 75019,
        "last_offset": 85729
      }
    }
  },
  {
    "_index": "wazuh-context",
    "_id": "vd_1.0.0",
    "_source": {
      "vd_4.8.0": {
        "offset": 0,
        "snapshot": "uri-to-snapshot",
        "hash": "snapshot-hash"
      }
    }
  }
]

On initialization, the context's offset is set to 0, to force an initialization from a snapshot. The context name is used as the document's ID (vd_1.0.0), and the consumer name as the object key for the metadata (vd_4.8.0).

Functional requirements

  • The Content Manager initializes the wazuh-context index on start up, if it does not exist.
  • The context's name is used as the document's ID.

Implementation restrictions

  • The context and consumer names are set as constants in the code.
  • JSON schema (mappings):
    • offset --> int
    • last_offset --> int
    • snapshot --> URL
    • hash --> string
@f-galland f-galland mentioned this issue Jan 29, 2025
Closed
@f-galland f-galland added level/subtask Subtask issue type/enhancement Enhancement issue labels Jan 29, 2025
@wazuhci wazuhci moved this to Backlog in XDR+SIEM/Release 5.0.0 Jan 30, 2025
@AlexRuiz7 AlexRuiz7 changed the title Add a context and consumer configuration API endpoint to the Content Manager plugin Context and Consumer registration Jan 30, 2025
@AlexRuiz7 AlexRuiz7 changed the title Context and Consumer registration Initialization of the wazuh-content index Jan 31, 2025
@mcasas993 mcasas993 self-assigned this Feb 3, 2025
@wazuhci wazuhci moved this from Backlog to In progress in XDR+SIEM/Release 5.0.0 Feb 4, 2025
@mcasas993 mcasas993 mentioned this issue Feb 5, 2025
Merged
6 tasks
@mcasas993 mcasas993 linked a pull request Feb 5, 2025 that will close this issue
Create CommandIndex and ContextIndex #263
Merged
6 tasks
@AlexRuiz7 AlexRuiz7 changed the title Initialization of the wazuh-content index Initialization of the wazuh-context index Feb 14, 2025
@wazuhci wazuhci moved this from In progress to Pending review in XDR+SIEM/Release 5.0.0 Feb 14, 2025
@wazuhci wazuhci moved this from Pending review to Done in XDR+SIEM/Release 5.0.0 Feb 17, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@mcasas993 mcasas993

Labels
level/subtask Subtask issue type/enhancement Enhancement issue
Projects
XDR+SIEM/Release 5.0.0
Status: Done
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Create CommandIndex and ContextIndex wazuh/wazuh-indexer-plugins
2 participants
@mcasas993 @f-galland