Merge pull request #1162 from wazuh/1159-update-configuration-to-new-vulnerability-detector-and-indexer

Updated configuration to new VD and indexer

roles/wazuh/ansible-filebeat-oss/defaults/main.yml

@@ -6,7 +6,7 @@ wazuh_template_branch: v4.8.0
 filebeat_node_name: node-1
 
 filebeat_output_indexer_hosts:
-  - "localhost:9200"
+  - "localhost"
 
 filebeat_module_package_name: wazuh-filebeat-0.4.tar.gz
 filebeat_module_package_path: /tmp/

roles/wazuh/ansible-wazuh-manager/defaults/main.yml

@@ -144,69 +144,22 @@ wazuh_manager_sca:
   time: ''
 
 ## Vulnerability Detector
-wazuh_manager_vulnerability_detector:
+filebeat_node_name: node-1
-  enabled: 'no'
+filebeat_output_indexer_hosts:
-  interval: '5m'
+  - "localhost"
-  min_full_scan_interval: '6h'
+filebeat_output_indexer_port: 9200
-  run_on_start: 'yes'
+indexer_security_user: admin
-  providers:
+indexer_security_password: changeme
-    - enabled: 'no'
+filebeat_ssl_dir: /etc/pki/filebeat
-      os:
+
-        - 'trusty'
+wazuh_manager_vulnerability_detection:
-        - 'xenial'
+  enabled: 'yes'
-        - 'bionic'
+  indexer_status: 'yes'
-        - 'focal'
+  feed_update_interval: '60m'
-        - 'jammy'
+
-      update_interval: '1h'
+wazuh_manager_indexer:
-      name: '"canonical"'
+  enabled: 'yes'
-    - enabled: 'no'
+  hosts: "{{ filebeat_output_indexer_hosts }}"
-      os:
-        - 'buster'
-        - 'bullseye'
-        - 'bookworm'
-      update_interval: '1h'
-      name: '"debian"'
-    - enabled: 'no'
-      os:
-        - '5'
-        - '6'
-        - '7'
-        - '8'
-        - '9'
-      update_interval: '1h'
-      name: '"redhat"'
-    - enabled: 'no'
-      os:
-        - '8'
-        - '9'
-      update_interval: '1h'
-      name: '"almalinux"'
-    - enabled: 'no'
-      os:
-        - 'amazon-linux'
-        - 'amazon-linux-2'
-        - 'amazon-linux-2023'
-      update_interval: '1h'
-      name: '"alas"'
-    - enabled: 'no'
-      os:
-        - '11-server'
-        - '11-desktop'
-        - '12-server'
-        - '12-desktop'
-        - '15-server'
-        - '15-desktop'
-      update_interval: '1h'
-      name: '"suse"'
-    - enabled: 'no'
-      update_interval: '1h'
-      name: '"arch"'
-    - enabled: 'no'
-      update_interval: '1h'
-      name: '"msu"'
-    - enabled: 'no'
-      update_interval: '1h'
-      name: '"nvd"'
 
 ## Syscheck
 wazuh_manager_syscheck:
@@ -448,7 +401,8 @@ wazuh_manager_config_defaults:
   osquery: '{{ wazuh_manager_osquery }}'
   syscollector: '{{ wazuh_manager_syscollector }}'
   sca: '{{ wazuh_manager_sca }}'
-  vulnerability_detector: '{{ wazuh_manager_vulnerability_detector }}'
+  vulnerability_detection: '{{ wazuh_manager_vulnerability_detection }}'
+  indexer: '{{ wazuh_manager_indexer }}'
   log_level: '{{ wazuh_manager_log_level }}'
   email_level: '{{ wazuh_manager_email_level }}'
   localfiles: '{{ wazuh_manager_localfiles }}'

roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2

@@ -258,37 +258,30 @@
   {% endif %}
   </sca>
 
-  <vulnerability-detector>
+  <vulnerability-detection>
-  {% if wazuh_manager_config.vulnerability_detector.enabled is defined %}
+    <enabled>{{ wazuh_manager_config.vulnerability_detection.enabled }}</enabled>
-    <enabled>{{ wazuh_manager_config.vulnerability_detector.enabled }}</enabled>
+    <indexer-status>{{ wazuh_manager_config.vulnerability_detection.indexer_status }}</indexer-status>
-  {% endif %}
+    <feed-update-interval>{{ wazuh_manager_config.vulnerability_detection.feed_update_interval }}</feed-update-interval>
-  {% if wazuh_manager_config.vulnerability_detector.interval is defined %}
+  </vulnerability-detection>
-    <interval>{{ wazuh_manager_config.vulnerability_detector.interval }}</interval>
+
-  {% endif %}
+  <indexer>
-  {% if wazuh_manager_config.vulnerability_detector.min_full_scan_interval is defined %}
+    <enabled>{% if wazuh_manager_config.vulnerability_detection.enabled == 'yes' or wazuh_manager_config.indexer.enabled == 'yes' %}yes{% else %}no{% endif %}</enabled>
-    <min_full_scan_interval>{{ wazuh_manager_config.vulnerability_detector.min_full_scan_interval }}</min_full_scan_interval>
+    <hosts>
-  {% endif %}
+    {% for item in wazuh_manager_config.indexer.hosts %} 
-  {% if wazuh_manager_config.vulnerability_detector.run_on_start is defined %}
+      <host>https://{{ item }}:{{ filebeat_output_indexer_port }}</host> 
-    <run_on_start>{{ wazuh_manager_config.vulnerability_detector.run_on_start }}</run_on_start>
+    {% endfor %} 
-  {% endif %}
+    </hosts>
-  {% if wazuh_manager_config.vulnerability_detector.providers is defined %}
+
-  {% for provider_ in wazuh_manager_config.vulnerability_detector.providers %}
+    <username>{{ indexer_security_user }}</username> 
-    <provider name={{ provider_.name }}>
+    <password>{{ indexer_security_password }}</password> 
-      {% if provider_.enabled is defined %}
+    <ssl> 
-      <enabled>{{ provider_.enabled }}</enabled>
+      <certificate_authorities> 
-      {% endif %}
+        <ca>{{ filebeat_ssl_dir }}/root-ca.pem</ca> 
-      {% if provider_.os is defined %}
+      </certificate_authorities> 
-      {% for os_ in provider_.os %}
+      <certificate>{{ filebeat_ssl_dir }}/{{ filebeat_node_name }}.pem</certificate> 
-      <os>{{ os_ }}</os>
+      <key>{{ filebeat_ssl_dir }}/{{ filebeat_node_name }}-key.pem</key> 
-      {% endfor %}
+    </ssl> 
-      {% endif %}
+  </indexer>
-      {% if provider_.update_interval is defined %}
-      <update_interval>{{ provider_.update_interval }}</update_interval>
-      {% endif %}
-    </provider>
-  {% endfor %}
-  {% endif %}
-  </vulnerability-detector>
 
   <!-- File integrity monitoring -->
   <syscheck>