Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Initialization of the wazuh-content index #257

Open
f-galland opened this issue Jan 29, 2025 · 0 comments
Open

Initialization of the wazuh-content index #257

f-galland opened this issue Jan 29, 2025 · 0 comments
Labels
level/subtask Subtask issue type/enhancement Enhancement issue

Comments

@f-galland
Copy link
Member

f-galland commented Jan 29, 2025
edited by AlexRuiz7
Loading

Description

On start, the Content Manager will initialize the internal index to manage the context's metadata. The index name will be wazuh-content for now. This index will be read and written by other modules of the Content Manager:

  • The CTI client writes the latest offset and the snapshot URL for the given context.
  • The Content Updater reads the latest offset and the current offset to fetch the changes on the context. It updates the context's offset on each successful update.
  • The Snapshot handler reads the snapshot URL.
[
  {
    "_index": "wazuh-content",
    "_id": "vd_1.0.0",
    "_source": {
      "vd_4.8.0": {
        "offset": 75019,
        "last_offset": 85729
      }
    }
  },
  {
    "_index": "wazuh-content",
    "_id": "vd_1.0.0",
    "_source": {
      "vd_4.8.0": {
        "offset": 0,
        "snapshot": "uri-to-snapshot",
        "hash": "snapshot-hash"
      }
    }
  }
]

On initialization, the context's offset is set to 0, to force an initialization from a snapshot. The context name is used as the document's ID (vd_1.0.0), and the consumer name as the object key for the metadata (vd_4.8.0).

Functional requirements

  • The Content Manager initializes the wazuh-content index on start up, if it does not exist.
  • The context's name is used as the document's ID.

Implementation restrictions

  • The context and consumer names are set as constants in the code.
  • JSON schema (mappings):
    • offset --> int
    • last_offset --> int
    • snapshot --> URL
    • hash --> string
@f-galland f-galland mentioned this issue Jan 29, 2025
Open
@f-galland f-galland added level/subtask Subtask issue type/enhancement Enhancement issue labels Jan 29, 2025
@wazuhci wazuhci moved this to Backlog in XDR+SIEM/Release 5.0.0 Jan 30, 2025
@AlexRuiz7 AlexRuiz7 changed the title Add a context and consumer configuration API endpoint to the Content Manager plugin Context and Consumer registration Jan 30, 2025
@AlexRuiz7 AlexRuiz7 changed the title Context and Consumer registration Initialization of the wazuh-content index Jan 31, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
level/subtask Subtask issue type/enhancement Enhancement issue
Projects
XDR+SIEM/Release 5.0.0
Status: Backlog
Milestone
No milestone
Development

No branches or pull requests
1 participant
@f-galland