Make agents and commands indexes visible (#653)

* Make agents and commands indexes visible Rename commands and agents indexes templates to wazuh-agents and wazuh-commands accordingly Update ECS documents Update .commands and .agents references * Fix command ECS definitions not being applied * Add revision note after changes on the commands index --------- Co-authored-by: Álex Ruiz <[email protected]>
wazuh · Jan 24, 2025 · 75a45e8 · 75a45e8
1 parent bdc2b0b
commit 75a45e8
Show file tree

Hide file tree

Showing 10 changed files with 18 additions and 25 deletions.
diff --git a/ecs/agent/event-generator/event_generator.py b/ecs/agent/event-generator/event_generator.py
@@ -12,7 +12,7 @@
 GENERATED_DATA_FILE = 'generatedData.json'
 DATE_FORMAT = "%Y-%m-%dT%H:%M:%S.%fZ"
 # Default values
-INDEX_NAME = ".agents"
+INDEX_NAME = "wazuh-agents"
 USERNAME = "admin"
 PASSWORD = "admin"
 IP = "127.0.0.1"

diff --git a/ecs/agent/fields/template-settings-legacy.json b/ecs/agent/fields/template-settings-legacy.json
@@ -1,11 +1,10 @@
 {
   "index_patterns": [
-    ".agents*"
+    "wazuh-agents*"
   ],
   "order": 1,
   "settings": {
     "index": {
-      "hidden": true,
       "number_of_shards": "1",
       "number_of_replicas": "0",
       "refresh_interval": "5s",
@@ -20,4 +19,4 @@
       ]
     }
   }
-}
+}
diff --git a/ecs/agent/fields/template-settings.json b/ecs/agent/fields/template-settings.json
@@ -1,12 +1,11 @@
 {
   "index_patterns": [
-    ".agents*"
+    "wazuh-agents*"
   ],
   "priority": 1,
   "template": {
     "settings": {
       "index": {
-        "hidden": true,
         "number_of_shards": "1",
         "number_of_replicas": "0",
         "refresh_interval": "5s",
@@ -22,4 +21,4 @@
       }
     }
   }
-}
+}
diff --git a/ecs/command/event-generator/event_generator.py b/ecs/command/event-generator/event_generator.py
@@ -13,7 +13,7 @@
 GENERATED_DATA_FILE = 'generatedData.json'
 DATE_FORMAT = "%Y-%m-%dT%H:%M:%S.%fZ"
 # Default values
-INDEX_NAME = ".commands"
+INDEX_NAME = "wazuh-commands"
 USERNAME = "admin"
 PASSWORD = "admin"
 IP = "127.0.0.1"

diff --git a/ecs/command/fields/template-settings-legacy.json b/ecs/command/fields/template-settings-legacy.json
@@ -1,11 +1,8 @@
 {
-  "index_patterns": [
-    ".commands*"
-  ],
+  "index_patterns": ["wazuh-commands*"],
   "order": 1,
   "settings": {
     "index": {
-      "hidden": true,
       "number_of_shards": "1",
       "number_of_replicas": "0",
       "refresh_interval": "5s",
@@ -17,4 +14,4 @@
       ]
     }
   }
-}
+}
diff --git a/ecs/command/fields/template-settings.json b/ecs/command/fields/template-settings.json
@@ -1,12 +1,11 @@
 {
   "index_patterns": [
-    ".commands*"
+    "wazuh-commands*"
   ],
   "priority": 1,
   "template": {
     "settings": {
       "index": {
-        "hidden": true,
         "number_of_shards": "1",
         "number_of_replicas": "0",
         "refresh_interval": "5s",
@@ -19,4 +18,4 @@
       }
     }
   }
-}
+}
diff --git a/ecs/docs/agents.md b/ecs/docs/agents.md
@@ -83,12 +83,11 @@ fields:
 
 ```json
 {
-  "index_patterns": [".agents*"],
+  "index_patterns": ["wazuh-agents*"],
   "priority": 1,
   "template": {
     "settings": {
       "index": {
-        "hidden": true,
         "number_of_shards": "1",
         "number_of_replicas": "0",
         "refresh_interval": "5s",

diff --git a/ecs/docs/commands.md b/ecs/docs/commands.md
@@ -5,7 +5,8 @@
 > rev 0.2 - September 30th, 2024: Change type of `request_id`, `order_id` and `id` to keyword.
 > rev 0.3 - October 3rd, 2024: Change descriptions for `command.type`, `command.action.type`, `command.request_id`, `command.order_id`.
 > rev 0.4 - October 9th, 2024: Apply changes described in https://github.com/wazuh/wazuh-indexer-plugins/issues/96#issue-2576028654.
-> rev 0.5 - December 3rd, 2024: Added `@timestamp` and `delivery_timestamp` date fields. 
+> rev 0.5 - December 3rd, 2024: Added `@timestamp` and `delivery_timestamp` date fields.
+> rev 0.6 - January 24th, 2025: Rename index to `wazuh-commands`. The index is now visible to users.
 
 ### Fields summary
 
@@ -146,12 +147,11 @@ fields:
 
 ```json
 {
-  "index_patterns": [".commands*"],
+  "index_patterns": ["wazuh-commands*"],
   "priority": 1,
   "template": {
     "settings": {
       "index": {
-        "hidden": true,
         "number_of_shards": "1",
         "number_of_replicas": "0",
         "refresh_interval": "5s",

diff --git a/ecs/scripts/generate-pr-to-plugins.sh b/ecs/scripts/generate-pr-to-plugins.sh
@@ -68,7 +68,7 @@ detect_modified_modules() {
     module_to_file=(
         [agent]="index-template-agent.json"
         [alerts]="index-template-alerts.json"
-        [commands]="index-template-commands.json"
+        [command]="index-template-commands.json"
         [states-fim]="index-template-fim.json"
         [states-inventory-hardware]="index-template-hardware.json"
         [states-inventory-hotfixes]="index-template-hotfixes.json"

diff --git a/test-tools/scripts/07_validate_command_manager.sh b/test-tools/scripts/07_validate_command_manager.sh
@@ -48,7 +48,7 @@ while [[ "$#" -gt 0 ]]; do
     shift
 done
 
-COMMANDS_INDEX=".commands"
+COMMANDS_INDEX="wazuh-commands"
 SRC="Engine"
 USR="TestUser"
 TRG_ID="TestTarget"
@@ -81,7 +81,7 @@ curl -s -k -u "$USERNAME:$PASSWORD" -X POST "https://$CLUSTER_IP:9200/_forcemerg
 sleep 2
 
 # Fetch the indices
-echo "Validating .commands index is created..."
+echo "Validating $COMMANDS_INDEX index is created..."
 INDICES_RESPONSE=$(curl -s -k -u "$USERNAME:$PASSWORD" "https://$CLUSTER_IP:9200/_cat/indices/.*?v")
 # shellcheck disable=SC2181
 if [ $? -ne 0 ]; then
@@ -98,7 +98,7 @@ fi
 sleep 5
 echo "Validate the command is created"
 # Validate the command was created
-SEARCH_RESPONSE=$(curl -s -k -u "$USERNAME:$PASSWORD" "https://$CLUSTER_IP:9200/.commands/_search")
+SEARCH_RESPONSE=$(curl -s -k -u "$USERNAME:$PASSWORD" "https://$CLUSTER_IP:9200/$COMMANDS_INDEX/_search")
 # Check if the request was successful
 # shellcheck disable=SC2181
 if [ $? -ne 0 ]; then