Wazuh Ruby Client
A Ruby client for the wazuh APIs.
Installation
Add this line to your application’s Gemfile:
ruby
gem 'wazuh-ruby-client'
Usage
```ruby Wazuh.configure do |config| config.endpoint = “https://wazuh.local:55000” config.basic_user = “foo” config.basic_password = “bar” config.verify_ssl = false # if you are using the Wazuh version 4 # config.api_version = 4 end
client = Wazuh::Client.new client.all_agents # => “data”=>{“items”=>[{“os”=>{“arch”=>”x86_64”, “codename”=>”Xenial Xerus”, “major”=>”16”, “minor”=>”04”, “name”=>”Ubuntu”, “platform”=>”ubuntu”, “uname”=>”Linux |wazuh-manager-master-0 |4.14.138+ |#1 SMP Tue Sep 3 02:58:08 PDT 2019 |x86_64”, “version”=>”16.04.6 LTS”, “status”=>”Active”, “name”=>”wazuh-manager-master-0”, “registerIP”=>”127.0.0.1”, “manager”=>”wazuh-manager-master-0”, “dateAdd”=>”2020-01-07 16:13:05”, “ip”=>”127.0.0.1”, “node_name”=>”wazuh-manager-master”, “version”=>”Wazuh v3.11.1”, “lastKeepAlive”=>”9999-12-31 23:59:59”, “id”=>”000”}], “totalItems”=>1}} ```
Authorization
Set basic_user and basic_password for basic authentication.
If you using self-signed certificate, verify_ssl must be set to false .
ruby
Wazuh.configure do |config|
config.endpoint = "https://wazuh.local:55000"
config.basic_user = "foo"
config.basic_password = "bar"
config.verify_ssl = false
end
If you are using client certificate authentication, set client_key and client_cert .
```ruby require ‘openssl’
Wazuh.configure do |config| config.endpoint = “https://wazuh.local:55000” config.client_key = OpenSSL::PKey::RSA.new(File.read(“./wazuh.key”)) config.client_cert = OpenSSL::X509::Certificate.new(File.read(“./wazuh.crt”)) end ```
Global Settings
The following global settings are supported via Wazuh.configure .
| setting | description |
|---|---|
| user_agent | User-Agent |
| ca_file | CA file (if use Client Certificate Authentication and specify CA file) |
| client_cert | Client certificate (if use Client Certificate Authentication) |
| client_key | Client Key (if use Client Certificate Authentication) |
| basic_user | Basic Authentication user name |
| basic_password | Basic Authentication password |
| verify_ssl | Skip the SSL/TLS verify |
| logger | loggeer object |
| endpoint | Wazuh API endpoint URL |
| ignore_env_proxy | Ignores ENV proxy settings |
| api_version | Wazuh API Version (3 or 4) |
Agents
Get all agents list.
```ruby > client.all_agents => [ { :os=>{ :arch=>”x86_64”, :codename=>”Xenial Xerus”, :major=>”16”, :minor=>”04”, :name=>”Ubuntu”, :platform=>”ubuntu”, :uname=>”Linux |wazuh-manager |4.15.0-60-generic |#67-Ubuntu SMP Thu Aug 22 16:55:30 UTC 2019 |x86_64”, :version=>”16.04.6 LTS” }, :manager=>”wazuh-manager”, :id=>”000”, :registerIP=>”127.0.0.1”, :name=>”wazuh-manager”, :version=>”Wazuh v3.11.0”, :ip=>”127.0.0.1”, :dateAdd=>”2020-01-27 17:02:18”, :status=>”Active”, :lastKeepAlive=>”9999-12-31 23:59:59”, :node_name=>”wazuh-master-1” }, … ]
agents.first.os.name => “Ubuntu”
agents.first.id => “000” ```
filter by options. (see https://mrtc0.github.io/wazuh-ruby-client/Wazuh/Api/Endpoints/Agents.html#all_agents-instance_method )
ruby
# Filter by status is active
> client.all_agents({ status: 'active' })
# Filter by agent os.name is ubuntu
> client.all_agents({ 'os.name' => 'ubuntu' })
Syscollector
List agent’s packages.
ruby
> client.packages('000').map { |package| package.name }
=> ["python-apt-common",
"python-idna",
"libedit2",
"libncurses5",
"libpam-runtime",
"python3.5",
"libgsasl7",
"vim-tiny",
...
List agents’ processes.
ruby
> client.packages('000').map { |package| package.name }
=> ["entrypoint.sh",
"my_init",
"syslog-ng",
"runsvdir",
"runsv",
...
Vulnerability
ruby
> client.vulnerabilities('000')
=> [{:architecture=>"amd64", :cve=>"CVE-2016-4802", :name=>"curl", :version=>"7.47.0-1ubuntu2.14"}, {:architecture=>"amd64", :cve=>"CVE-2016-8620", :name=>"curl", :version=>"7.47.0-1ubun...
Other
wazuh-ruby-client is supports some of the Wazuh API.
The v4 API is not yet supported.
- [x] Active Response
- [x] Agents
- [x] Cache
- [x] Ciscat
- [x] Cluster
- [x] Decoders
- [x] Experimental
- [ ] Groups
- [x] Lists
- [ ] Logtest
- [ ] Mitre
- [x] Manager
- [x] Rootcheck
- [x] Rules
- [ ] Security
- [x] Security Configuration Assessment
- [x] Summary
- [x] Syscheck
- [x] Syscollector
- [ ] Tasks
- [x] Vulnerability
Refer to the document of wazuh-ruby-client and Wazuh API Reference for the list of all available methods.
- https://mrtc0.github.io/wazuh-ruby-client/Wazuh/Api/Endpoints.html
- https://documentation.wazuh.com/3.10/user-manual/api/reference.html
Contributing
Bug reports and pull requests are welcome on GitHub at https://github.com/mrtc0/wazuh-ruby-client.
Copyright and License
Copyright (c) 2015-2019, Kohei Morita
This project is licensed under the MIT License .