https://github.com/mrtc0/wazuh-ruby-client
Wazuh API client for Ruby
https://github.com/mrtc0/wazuh-ruby-client
wazuh
Last synced: 6 months ago
JSON representation
Wazuh API client for Ruby
- Host: GitHub
- URL: https://github.com/mrtc0/wazuh-ruby-client
- Owner: mrtc0
- License: mit
- Created: 2020-01-23T15:49:42.000Z (over 5 years ago)
- Default Branch: master
- Last Pushed: 2024-10-24T06:09:53.000Z (7 months ago)
- Last Synced: 2024-12-17T06:38:23.285Z (6 months ago)
- Topics: wazuh
- Language: Ruby
- Homepage: https://mrtc0.github.io/wazuh-ruby-client
- Size: 360 KB
- Stars: 9
- Watchers: 4
- Forks: 6
- Open Issues: 5
-
Metadata Files:
- Readme: README.md
- Changelog: CHANGELOG.md
- License: LICENSE
Awesome Lists containing this project
README
# Wazuh Ruby Client
[](https://github.com/mrtc0/wazuh-ruby-client/blob/master/LICENSE.txt)
[](https://mrtc0.github.io/wazuh-ruby-client)
A Ruby client for the wazuh APIs.
## Installation
Add this line to your application's Gemfile:
```ruby
gem 'wazuh-ruby-client'
```
## Usage
```ruby
Wazuh.configure do |config|
config.endpoint = "https://wazuh.local:55000"
config.basic_user = "foo"
config.basic_password = "bar"
config.verify_ssl = false
# if you are using the Wazuh version 4
# config.api_version = 4
end
client = Wazuh::Client.new
client.all_agents
# => {"error"=>0, "data"=>{"items"=>[{"os"=>{"arch"=>"x86_64", "codename"=>"Xenial Xerus", "major"=>"16", "minor"=>"04", "name"=>"Ubuntu", "platform"=>"ubuntu", "uname"=>"Linux |wazuh-manager-master-0 |4.14.138+ |#1 SMP Tue Sep 3 02:58:08 PDT 2019 |x86_64", "version"=>"16.04.6 LTS"}, "status"=>"Active", "name"=>"wazuh-manager-master-0", "registerIP"=>"127.0.0.1", "manager"=>"wazuh-manager-master-0", "dateAdd"=>"2020-01-07 16:13:05", "ip"=>"127.0.0.1", "node_name"=>"wazuh-manager-master", "version"=>"Wazuh v3.11.1", "lastKeepAlive"=>"9999-12-31 23:59:59", "id"=>"000"}], "totalItems"=>1}}
```
### Authorization
Set `basic_user` and `basic_password` for basic authentication.
If you using self-signed certificate, `verify_ssl` must be set to `false` .
```ruby
Wazuh.configure do |config|
config.endpoint = "https://wazuh.local:55000"
config.basic_user = "foo"
config.basic_password = "bar"
config.verify_ssl = false
end
```
If you are using client certificate authentication, set `client_key` and `client_cert` .
```ruby
require 'openssl'
Wazuh.configure do |config|
config.endpoint = "https://wazuh.local:55000"
config.client_key = OpenSSL::PKey::RSA.new(File.read("./wazuh.key"))
config.client_cert = OpenSSL::X509::Certificate.new(File.read("./wazuh.crt"))
end
```
### Global Settings
The following global settings are supported via `Wazuh.configure` .
| setting | description |
|:--------|:------------|
| user_agent | User-Agent |
| ca_file | CA file (if use Client Certificate Authentication and specify CA file) |
| client_cert | Client certificate (if use Client Certificate Authentication) |
| client_key | Client Key (if use Client Certificate Authentication) |
| basic_user | Basic Authentication user name |
| basic_password | Basic Authentication password |
| verify_ssl | Skip the SSL/TLS verify |
| logger | loggeer object |
| endpoint | Wazuh API endpoint URL |
| ignore_env_proxy | Ignores ENV proxy settings |
| api_version | Wazuh API Version (3 or 4) |
### Agents
Get all agents list.
```ruby
> client.all_agents
=> [
{
:os=>{
:arch=>"x86_64",
:codename=>"Xenial Xerus",
:major=>"16",
:minor=>"04",
:name=>"Ubuntu",
:platform=>"ubuntu",
:uname=>"Linux |wazuh-manager |4.15.0-60-generic |#67-Ubuntu SMP Thu Aug 22 16:55:30 UTC 2019 |x86_64",
:version=>"16.04.6 LTS"
},
:manager=>"wazuh-manager",
:id=>"000",
:registerIP=>"127.0.0.1",
:name=>"wazuh-manager",
:version=>"Wazuh v3.11.0",
:ip=>"127.0.0.1",
:dateAdd=>"2020-01-27 17:02:18",
:status=>"Active",
:lastKeepAlive=>"9999-12-31 23:59:59",
:node_name=>"wazuh-master-1"
},
...
]
> agents.first.os.name
=> "Ubuntu"
> agents.first.id
=> "000"
```
filter by options. (see https://mrtc0.github.io/wazuh-ruby-client/Wazuh/Api/Endpoints/Agents.html#all_agents-instance_method )
```ruby
# Filter by status is active
> client.all_agents({ status: 'active' })
# Filter by agent os.name is ubuntu
> client.all_agents({ 'os.name' => 'ubuntu' })
```
### Syscollector
List agent's packages.
```ruby
> client.packages('000').map { |package| package.name }
=> ["python-apt-common",
"python-idna",
"libedit2",
"libncurses5",
"libpam-runtime",
"python3.5",
"libgsasl7",
"vim-tiny",
...
```
List agents' processes.
```ruby
> client.packages('000').map { |package| package.name }
=> ["entrypoint.sh",
"my_init",
"syslog-ng",
"runsvdir",
"runsv",
...
```
### Vulnerability
```ruby
> client.vulnerabilities('000')
=> [{:architecture=>"amd64", :cve=>"CVE-2016-4802", :name=>"curl", :version=>"7.47.0-1ubuntu2.14"}, {:architecture=>"amd64", :cve=>"CVE-2016-8620", :name=>"curl", :version=>"7.47.0-1ubun...
```
### Other
wazuh-ruby-client is supports some of the Wazuh API.
The v4 API is not yet supported.
- [x] Active Response
- [x] Agents
- [x] Cache
- [x] Ciscat
- [x] Cluster
- [x] Decoders
- [x] Experimental
- [ ] Groups
- [x] Lists
- [ ] Logtest
- [ ] Mitre
- [x] Manager
- [x] Rootcheck
- [x] Rules
- [ ] Security
- [x] Security Configuration Assessment
- [x] Summary
- [x] Syscheck
- [x] Syscollector
- [ ] Tasks
- [x] Vulnerability
Refer to the document of wazuh-ruby-client and Wazuh API Reference for the list of all available methods.
- https://mrtc0.github.io/wazuh-ruby-client/Wazuh/Api/Endpoints.html
- https://documentation.wazuh.com/3.10/user-manual/api/reference.html
## Contributing
Bug reports and pull requests are welcome on GitHub at https://github.com/mrtc0/wazuh-ruby-client.
## Copyright and License
Copyright (c) 2015-2019, [Kohei Morita](https://blog.ssrf.in)
This project is licensed under the [MIT License](https://github.com/mrtc0/wazuh-ruby-client/blob/master/LICENSE) .