Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update indices with agents information #544

Merged
merged 19 commits into from
Nov 13, 2024
Merged

Update indices with agents information #544

merged 19 commits into from
Nov 13, 2024

Conversation

f-galland
Copy link
Member

Description

This PR renames the agent.is_connected field to agent.status. It also adds all the core fields from the host schema nested below the agent field in order to facilitate cross index correlation.

Related Issues

Resolves #525, resolves #539

@f-galland f-galland self-assigned this Nov 12, 2024
@AlexRuiz7 AlexRuiz7 mentioned this pull request Nov 12, 2024
Closed
@f-galland f-galland marked this pull request as ready for review November 12, 2024 18:02
@f-galland f-galland requested a review from a team as a code owner November 12, 2024 18:02
@AlexRuiz7 AlexRuiz7 changed the title Update .agents index data model Update indices with agents information Nov 12, 2024
AlexRuiz7
AlexRuiz7 requested changes Nov 12, 2024
View reviewed changes
Copy link
Member

@AlexRuiz7 AlexRuiz7 left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We also need to add these agents' related fields to the indices:

  • name
  • type
  • version

See the example in #525.

I also noticed the wazuh-states-vulnerabilities index uses all the agent fields. Let's make it consistent with the rest of the indices.

@AlexRuiz7 AlexRuiz7 mentioned this pull request Nov 12, 2024
Closed
@AlexRuiz7 AlexRuiz7 merged commit 9e0edb3 into master Nov 13, 2024
5 checks passed
@AlexRuiz7 AlexRuiz7 deleted the 525-update-agents-index-data-model branch November 13, 2024 11:31
@f-galland f-galland mentioned this pull request Nov 13, 2024
Merged
AlexRuiz7 added a commit that referenced this pull request Nov 18, 2024
@f-galland @AlexRuiz7
Update indices with agents information (#544)
e15bae8 
* Migrate 525 to 2.17.1

* Adding custom agent.host custom field definitions to remaining indices

* Add custom fields to index templates

* Fix host custom schema

* Fix host custom schema in networks template

* Fix host custom schema in ports template

* Fix host field in states-vulnerabilities

* Include specific agent fields in alerts index subset

* Add agent and host fields to states-fim

* Add host fields to alerts top level

* Add agent fields to states-inventory-hardware

* Add agent fields to states-inventory-hardware

* Add agent fields to states-inventory-hotfixes

* Add agent fields to states-inventory-packages

* Add agent fields to states-inventory-ports

* Add agent fields to states-inventory-processes

* Add agent fields to states-inventory-system

* Add all-in-one script

---------

Co-authored-by: Alex Ruiz <alejandro.ruiz.becerra@wazuh.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@AlexRuiz7 AlexRuiz7 AlexRuiz7 approved these changes

Assignees

@f-galland f-galland

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Nest ECS Host fields under Agent Enrich index templates with agents' information
2 participants
@f-galland @AlexRuiz7