From 68166a49e1465319dd0d45ec5c4b92d6fe3a15b6 Mon Sep 17 00:00:00 2001
From: limitup <17516880+limitup@users.noreply.github.com>
Date: Mon, 14 Oct 2019 17:01:56 -0500
Subject: [PATCH] Update Manager templates for integrations

---
 .../ansible-wazuh-manager/defaults/main.yml   | 20 ++++++++
 .../ansible-wazuh-manager/tasks/main.yml      | 10 ++++
 .../var-ossec-etc-ossec-server.conf.j2        | 49 +++++++++++++++++++
 .../ansible-wazuh-manager/vars/aws_creds.yml  | 11 +++++
 .../vars/external_API_creds.yml               |  9 ++++
 5 files changed, 99 insertions(+)
 create mode 100644 roles/wazuh/ansible-wazuh-manager/vars/aws_creds.yml
 create mode 100644 roles/wazuh/ansible-wazuh-manager/vars/external_API_creds.yml

diff --git a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml
index 170a8da5..f1ad3826 100644
--- a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml
+++ b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml
@@ -260,6 +260,26 @@ wazuh_manager_config:
     - server: null
       port: null
       format: null
+  integrations:
+    - name: 'slack'
+      hook_url: <hook_url>
+      alert_level: 10
+      alert_format: 'json'
+    - name: 'pagerduty'
+      api_key: <api_key>
+      alert_level: 10
+  monitor_aws:
+    disable: 'no'
+    internal: '10m'
+    run_on_start: 'yes'
+    skip_on_error: 'yes'
+    s3:
+      - name: 's3-bucket-example-name'
+        bucket_type: 'guardduty'
+        path: 'path'
+        only_logs_after: '1970-JAN-01'
+        access_key: <access key>
+        secret_key: <secret key>
   labels:
     enable: false
     list:
diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/main.yml b/roles/wazuh/ansible-wazuh-manager/tasks/main.yml
index a1afbb4c..c247e60f 100644
--- a/roles/wazuh/ansible-wazuh-manager/tasks/main.yml
+++ b/roles/wazuh/ansible-wazuh-manager/tasks/main.yml
@@ -200,6 +200,16 @@
   tags:
     - config
 
+- name: Retrieving external API Credentials
+  include_vars: external_API_creds.yml
+  tags:
+    - config
+
+- name: Retrieving AWS Credentials
+  include_vars: aws_creds.yml
+  tags:
+    - config
+
 - name: Retrieving Wazuh-API User Credentials
   include_vars: wazuh_api_creds.yml
   when:
diff --git a/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2 b/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2
index 65ae38fb..5995d79a 100644
--- a/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2
+++ b/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2
@@ -530,6 +530,55 @@
 {% endfor %}
 {% endif %}
 
+{% if wazuh_manager_config.integrations is defined %}
+{% for integration in wazuh_manager_config.integrations %}
+{% if integration.name is not none %}
+  <!-- Integration with {{ integration.name }} -->
+  <integration>
+    <name>{{ integration.name }}</name>
+    {% if integration.hook_url is defined %}
+    <hook_url>{{ integration.hook_url }}</hook_url>
+    {% endif %}
+    {% if integration.api_key is defined %}
+    <api_key>{{ integration.api_key }}</api_key>
+    {% endif %}
+    {% if integration.alert_format is defined %}
+    <alert_format>{{ integration.alert_format }}</alert_format>
+    {% endif %}
+    {% if integration.alert_level is defined %}
+    <level>{{ integration.alert_level }}</level>
+    {% endif %}
+    {% if integration.rule_id is defined %}
+    <rule_id>{{ integration.rule_id }}</rule_id>
+    {% endif %}
+  </integration>
+{% endif %}
+{% endfor %}
+{% endif %}
+
+{% if monitor_aws is defined %}
+  <!-- S3 -->
+  <wodle name="aws-s3">
+    <disabled>{{ monitor_aws.disable }}</disabled>
+    <interval>{{ monitor_aws.interval }}</interval>
+    <run_on_start>{{ monitor_aws.run_on_start }}</run_on_start>
+    <skip_on_error>{{ monitor_aws.skip_on_error }}</skip_on_error>
+    {% for bucket in monitor_aws.s3 %}
+    <bucket type="{{ bucket.bucket_type }}">
+      <name>{{ bucket.name }}</name>
+      {% if bucket.path is defined %}
+      <path>{{ bucket.path }}</path>
+      {% endif %}
+      {% if bucket.only_logs_after is defined %}
+      <only_logs_after>{{ bucket.only_logs_after }}</only_logs_after>
+      {% endif %}
+      <access_key>{{ bucket.access_key }}</access_key>
+      <secret_key>{{ bucket.secret_key }}</secret_key>
+    </bucket>
+    {% endfor %}
+  </wodle>
+{% endif %}
+
 {% if wazuh_manager_config.labels.enable == true %}
   <labels>
   {% for label in wazuh_manager_config.labels.list %}
diff --git a/roles/wazuh/ansible-wazuh-manager/vars/aws_creds.yml b/roles/wazuh/ansible-wazuh-manager/vars/aws_creds.yml
new file mode 100644
index 00000000..1a164900
--- /dev/null
+++ b/roles/wazuh/ansible-wazuh-manager/vars/aws_creds.yml
@@ -0,0 +1,11 @@
+---
+monitor_aws:
+    disable: 'no'
+    interval: '10m'
+    run_on_start: 'yes'
+    skip_on_error: 'yes'
+    s3:
+      - name: 'S3_bucket'
+        bucket_type: 'guardduty'
+        access_key: ''
+        secret_key: ''
diff --git a/roles/wazuh/ansible-wazuh-manager/vars/external_API_creds.yml b/roles/wazuh/ansible-wazuh-manager/vars/external_API_creds.yml
new file mode 100644
index 00000000..2d743af0
--- /dev/null
+++ b/roles/wazuh/ansible-wazuh-manager/vars/external_API_creds.yml
@@ -0,0 +1,9 @@
+#---
+#integrations:
+#  - name: 'slack'
+#    hook_url: <hook_url>
+#    alert_level: 10
+#    alert_format: 'json'
+#  - name: 'pagerduty'
+#    api_key: <api_key>
+#    alert_level: 10