Wazuh Ruby Client
A Ruby client for the wazuh APIs.
Installation
Add this line to your application's Gemfile:
gem 'wazuh-ruby-client'
Usage
Wazuh.configure do |config|
config.endpoint = "https://wazuh.local:55000"
config.basic_user = "foo"
config.basic_password = "bar"
config.verify_ssl = false
# if you are using the Wazuh version 4
# config.api_version = 4
end
client = Wazuh::Client.new
client.all_agents
# => {"error"=>0, "data"=>{"items"=>[{"os"=>{"arch"=>"x86_64", "codename"=>"Xenial Xerus", "major"=>"16", "minor"=>"04", "name"=>"Ubuntu", "platform"=>"ubuntu", "uname"=>"Linux |wazuh-manager-master-0 |4.14.138+ |#1 SMP Tue Sep 3 02:58:08 PDT 2019 |x86_64", "version"=>"16.04.6 LTS"}, "status"=>"Active", "name"=>"wazuh-manager-master-0", "registerIP"=>"127.0.0.1", "manager"=>"wazuh-manager-master-0", "dateAdd"=>"2020-01-07 16:13:05", "ip"=>"127.0.0.1", "node_name"=>"wazuh-manager-master", "version"=>"Wazuh v3.11.1", "lastKeepAlive"=>"9999-12-31 23:59:59", "id"=>"000"}], "totalItems"=>1}}
Authorization
Set basic_user
and basic_password
for basic authentication.
If you using self-signed certificate, verify_ssl
must be set to false
.
Wazuh.configure do |config|
config.endpoint = "https://wazuh.local:55000"
config.basic_user = "foo"
config.basic_password = "bar"
config.verify_ssl = false
end
If you are using client certificate authentication, set client_key
and client_cert
.
require 'openssl'
Wazuh.configure do |config|
config.endpoint = "https://wazuh.local:55000"
config.client_key = OpenSSL::PKey::RSA.new(File.read("./wazuh.key"))
config.client_cert = OpenSSL::X509::Certificate.new(File.read("./wazuh.crt"))
end
Global Settings
The following global settings are supported via Wazuh.configure
.
setting | description |
---|---|
user_agent | User-Agent |
ca_file | CA file (if use Client Certificate Authentication and specify CA file) |
client_cert | Client certificate (if use Client Certificate Authentication) |
client_key | Client Key (if use Client Certificate Authentication) |
basic_user | Basic Authentication user name |
basic_password | Basic Authentication password |
verify_ssl | Skip the SSL/TLS verify |
logger | loggeer object |
endpoint | Wazuh API endpoint URL |
ignore_env_proxy | Ignores ENV proxy settings |
api_version | Wazuh API Version (3 or 4) |
Agents
Get all agents list.
> client.all_agents
=> [
{
:os=>{
:arch=>"x86_64",
:codename=>"Xenial Xerus",
:major=>"16",
:minor=>"04",
:name=>"Ubuntu",
:platform=>"ubuntu",
:uname=>"Linux |wazuh-manager |4.15.0-60-generic |#67-Ubuntu SMP Thu Aug 22 16:55:30 UTC 2019 |x86_64",
:version=>"16.04.6 LTS"
},
:manager=>"wazuh-manager",
:id=>"000",
:registerIP=>"127.0.0.1",
:name=>"wazuh-manager",
:version=>"Wazuh v3.11.0",
:ip=>"127.0.0.1",
:dateAdd=>"2020-01-27 17:02:18",
:status=>"Active",
:lastKeepAlive=>"9999-12-31 23:59:59",
:node_name=>"wazuh-master-1"
},
...
]
> agents.first.os.name
=> "Ubuntu"
> agents.first.id
=> "000"
filter by options. (see https://mrtc0.github.io/wazuh-ruby-client/Wazuh/Api/Endpoints/Agents.html#all_agents-instance_method )
# Filter by status is active
> client.all_agents({ status: 'active' })
# Filter by agent os.name is ubuntu
> client.all_agents({ 'os.name' => 'ubuntu' })
Syscollector
List agent's packages.
> client.packages('000').map { |package| package.name }
=> ["python-apt-common",
"python-idna",
"libedit2",
"libncurses5",
"libpam-runtime",
"python3.5",
"libgsasl7",
"vim-tiny",
...
List agents' processes.
> client.packages('000').map { |package| package.name }
=> ["entrypoint.sh",
"my_init",
"syslog-ng",
"runsvdir",
"runsv",
...
Vulnerability
> client.vulnerabilities('000')
=> [{:architecture=>"amd64", :cve=>"CVE-2016-4802", :name=>"curl", :version=>"7.47.0-1ubuntu2.14"}, {:architecture=>"amd64", :cve=>"CVE-2016-8620", :name=>"curl", :version=>"7.47.0-1ubun...
Other
wazuh-ruby-client is supports some of the Wazuh API.
The v4 API is not yet supported.
- Active Response
- Agents
- Cache
- Ciscat
- Cluster
- Decoders
- Experimental
- Groups
- Lists
- Logtest
- Mitre
- Manager
- Rootcheck
- Rules
- Security
- Security Configuration Assessment
- Summary
- Syscheck
- Syscollector
- Tasks
- Vulnerability
Refer to the document of wazuh-ruby-client and Wazuh API Reference for the list of all available methods.
- https://mrtc0.github.io/wazuh-ruby-client/Wazuh/Api/Endpoints.html
- https://documentation.wazuh.com/3.10/user-manual/api/reference.html
Contributing
Bug reports and pull requests are welcome on GitHub at https://github.com/mrtc0/wazuh-ruby-client.
Copyright and License
Copyright (c) 2015-2019, Kohei Morita
This project is licensed under the MIT License .