From a7cc235dedddf1e1ba0a67f99049e565e325b77b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C3=81lex=20Ruiz?= Date: Tue, 4 Feb 2025 15:37:09 +0100 Subject: [PATCH] Merge 4.11.0 into 4.12.0 (#670) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * Merge 4.10.0 into 4.10.1 (#470) * Upgrade integrations to the last version (#447) * Upgrade third-party integrations to latest product versions (#368) * Upgrade third-party integrations to latest product versions * Improve comtability matrix * Change versions in /integrations/.env Signed-off-by: Malena Casas * Fix Splunk integrations (#362) * Add table with the version of the integrations * Update CHANGELOG.md Signed-off-by: Álex Ruiz --------- Signed-off-by: Malena Casas Signed-off-by: Álex Ruiz Co-authored-by: Álex Ruiz Co-authored-by: JuanGarriuz * Merge 4.9.1 into 4.10.0 (#454) * Prepare 4.9.1-rc2 (#436) * Update docker/README.md (#438) * Support new stage 4.9.1-rc3 (#443) * Update operational--integrations_maintenance_request.md (#449) Signed-off-by: Álex Ruiz --------- Signed-off-by: Álex Ruiz * Fix Github Actions build process dependency errors (#457) * Switch from latest to 22.04 runner * Remove non-existant packages from workflow provisioner * Remove freeglut3 from provision.sh * Update calendarTime and scan_date fields type (#458) * Merge 4.9.1 into 4.10.0 (#469) * Support for v4.9.1-alpha4 (#461) * Prepare final release notes for 4.9.1 --------- Signed-off-by: Malena Casas Signed-off-by: Álex Ruiz Co-authored-by: Malena Casas Co-authored-by: JuanGarriuz Co-authored-by: Fede Galland <99492720+f-galland@users.noreply.github.com> Co-authored-by: Kevin Ledesma * Fix release date for 4.10.0 in RPM spec file Signed-off-by: Álex Ruiz * Merge 4.10.0 into 4.10.1 (#511) * Upgrade integrations to the last version (#447) * Upgrade third-party integrations to latest product versions (#368) * Upgrade third-party integrations to latest product versions * Improve comtability matrix * Change versions in /integrations/.env Signed-off-by: Malena Casas * Fix Splunk integrations (#362) * Add table with the version of the integrations * Update CHANGELOG.md Signed-off-by: Álex Ruiz --------- Signed-off-by: Malena Casas Signed-off-by: Álex Ruiz Co-authored-by: Álex Ruiz Co-authored-by: JuanGarriuz * Merge 4.9.1 into 4.10.0 (#454) * Prepare 4.9.1-rc2 (#436) * Update docker/README.md (#438) * Support new stage 4.9.1-rc3 (#443) * Update operational--integrations_maintenance_request.md (#449) Signed-off-by: Álex Ruiz --------- Signed-off-by: Álex Ruiz * Fix Github Actions build process dependency errors (#457) * Switch from latest to 22.04 runner * Remove non-existant packages from workflow provisioner * Remove freeglut3 from provision.sh * Update calendarTime and scan_date fields type (#458) * Merge 4.9.1 into 4.10.0 (#469) * Support for v4.9.1-alpha4 (#461) * Prepare final release notes for 4.9.1 * Fix release date for 4.10.0 in RPM spec file (#471) * Preserve status of wazuh-indexer on upgrade (#498) * Update pre and post inst scripts for deb and rpm to store and restore service status * Update prerm script to avoid stopping the service on upgrade * Remove extra spaces and update rpm restart command * Merge 4.9.2 into 4.10.0 (#510) * Support for v4.9.1-alpha4 (#461) * Prepare final release notes for 4.9.1 * Support new version 4.9.2 (#494) * Support new version 4.9.2 * Add estimated release date for 4.9.2 * Fix estimates release date for 4.9.2 * Fix 4.9.1 release notes title --------- Signed-off-by: Álex Ruiz --------- Signed-off-by: Malena Casas Signed-off-by: Álex Ruiz Co-authored-by: Malena Casas Co-authored-by: JuanGarriuz Co-authored-by: Fede Galland <99492720+f-galland@users.noreply.github.com> Co-authored-by: Kevin Ledesma Signed-off-by: Álex Ruiz * Merge 4.10.0 into 4.10.1 (#596) * Upgrade integrations to the last version (#447) * Upgrade third-party integrations to latest product versions (#368) * Upgrade third-party integrations to latest product versions * Improve comtability matrix * Change versions in /integrations/.env Signed-off-by: Malena Casas * Fix Splunk integrations (#362) * Add table with the version of the integrations * Update CHANGELOG.md Signed-off-by: Álex Ruiz --------- Signed-off-by: Malena Casas Signed-off-by: Álex Ruiz Co-authored-by: Álex Ruiz Co-authored-by: JuanGarriuz * Merge 4.9.1 into 4.10.0 (#454) * Prepare 4.9.1-rc2 (#436) * Update docker/README.md (#438) * Support new stage 4.9.1-rc3 (#443) * Update operational--integrations_maintenance_request.md (#449) Signed-off-by: Álex Ruiz --------- Signed-off-by: Álex Ruiz * Fix Github Actions build process dependency errors (#457) * Switch from latest to 22.04 runner * Remove non-existant packages from workflow provisioner * Remove freeglut3 from provision.sh * Update calendarTime and scan_date fields type (#458) * Merge 4.9.1 into 4.10.0 (#469) * Support for v4.9.1-alpha4 (#461) * Prepare final release notes for 4.9.1 * Fix release date for 4.10.0 in RPM spec file (#471) * Preserve status of wazuh-indexer on upgrade (#498) * Update pre and post inst scripts for deb and rpm to store and restore service status * Update prerm script to avoid stopping the service on upgrade * Remove extra spaces and update rpm restart command * Merge 4.9.2 into 4.10.0 (#510) * Support for v4.9.1-alpha4 (#461) * Prepare final release notes for 4.9.1 * Support new version 4.9.2 (#494) * Support new version 4.9.2 * Add estimated release date for 4.9.2 * Fix estimates release date for 4.9.2 * Fix 4.9.1 release notes title --------- Signed-off-by: Álex Ruiz * Update Changelog and release date (#595) --------- Signed-off-by: Malena Casas Signed-off-by: Álex Ruiz Co-authored-by: Malena Casas Co-authored-by: JuanGarriuz Co-authored-by: Fede Galland <99492720+f-galland@users.noreply.github.com> Co-authored-by: Kevin Ledesma * Support new Wazuh version 4.11.0 (#616) * Merge 4.10.1 into 4.11.0 (#634) * Upgrade integrations to the last version (#447) * Upgrade third-party integrations to latest product versions (#368) * Upgrade third-party integrations to latest product versions * Improve compatibility matrix * Change versions in /integrations/.env Signed-off-by: Malena Casas * Fix Splunk integrations (#362) * Add table with the version of the integrations * Update CHANGELOG.md Signed-off-by: Álex Ruiz --------- Signed-off-by: Malena Casas Signed-off-by: Álex Ruiz Co-authored-by: Álex Ruiz Co-authored-by: JuanGarriuz * Merge 4.9.1 into 4.10.0 (#454) * Prepare 4.9.1-rc2 (#436) * Update docker/README.md (#438) * Support new stage 4.9.1-rc3 (#443) * Update operational--integrations_maintenance_request.md (#449) Signed-off-by: Álex Ruiz --------- Signed-off-by: Álex Ruiz * Fix GitHub Actions build process dependency errors (#457) * Switch from latest to 22.04 runner * Remove nonexistent packages from workflow provisioner * Remove freeglut3 from provision.sh * Update calendarTime and scan_date fields type (#458) * Merge 4.9.1 into 4.10.0 (#469) * Support for v4.9.1-alpha4 (#461) * Prepare final release notes for 4.9.1 * Fix release date for 4.10.0 in RPM spec file (#471) * Preserve status of wazuh-indexer on upgrade (#498) * Update pre- and post-inst scripts for deb and rpm to store and restore service status * Update prerm script to avoid stopping the service on upgrade * Remove extra spaces and update rpm restart command * Merge 4.9.2 into 4.10.0 (#510) * Support for v4.9.1-alpha4 (#461) * Prepare final release notes for 4.9.1 * Support new version 4.9.2 (#494) * Support new version 4.9.2 * Add estimated release date for 4.9.2 * Fix estimates release date for 4.9.2 * Fix 4.9.1 release notes title --------- Signed-off-by: Álex Ruiz * Update Changelog and release date (#595) * Support new Wazuh version 4.10.1 (#615) * Support new stage RC3 for 4.10.0 (#629) (#633) * Clear Changelog * Remove new line in VERSION --------- Signed-off-by: Malena Casas Signed-off-by: Álex Ruiz Co-authored-by: Malena Casas Co-authored-by: JuanGarriuz Co-authored-by: Fede Galland <99492720+f-galland@users.noreply.github.com> Co-authored-by: Kevin Ledesma * Merge 4.10.2 into 4.11.0 (#646) * Upgrade integrations to the last version (#447) * Upgrade third-party integrations to latest product versions (#368) * Upgrade third-party integrations to latest product versions * Improve comtability matrix * Change versions in /integrations/.env Signed-off-by: Malena Casas * Fix Splunk integrations (#362) * Add table with the version of the integrations * Update CHANGELOG.md Signed-off-by: Álex Ruiz --------- Signed-off-by: Malena Casas Signed-off-by: Álex Ruiz Co-authored-by: Álex Ruiz Co-authored-by: JuanGarriuz * Merge 4.9.1 into 4.10.0 (#454) * Prepare 4.9.1-rc2 (#436) * Update docker/README.md (#438) * Support new stage 4.9.1-rc3 (#443) * Update operational--integrations_maintenance_request.md (#449) Signed-off-by: Álex Ruiz --------- Signed-off-by: Álex Ruiz * Fix Github Actions build process dependency errors (#457) * Switch from latest to 22.04 runner * Remove non-existant packages from workflow provisioner * Remove freeglut3 from provision.sh * Update calendarTime and scan_date fields type (#458) * Merge 4.9.1 into 4.10.0 (#469) * Support for v4.9.1-alpha4 (#461) * Prepare final release notes for 4.9.1 * Fix release date for 4.10.0 in RPM spec file (#471) * Preserve status of wazuh-indexer on upgrade (#498) * Update pre and post inst scripts for deb and rpm to store and restore service status * Update prerm script to avoid stopping the service on upgrade * Remove extra spaces and update rpm restart command * Merge 4.9.2 into 4.10.0 (#510) * Support for v4.9.1-alpha4 (#461) * Prepare final release notes for 4.9.1 * Support new version 4.9.2 (#494) * Support new version 4.9.2 * Add estimated release date for 4.9.2 * Fix estimates release date for 4.9.2 * Fix 4.9.1 release notes title --------- Signed-off-by: Álex Ruiz * Update Changelog and release date (#595) * Support new Wazuh version 4.10.1 (#615) * Support new stage RC3 for 4.10.0 (#629) (#633) * Fix Changelog (#640) * Fix Changelog * Update CHANGELOG.md Signed-off-by: Álex Ruiz --------- Signed-off-by: Álex Ruiz * Fix release date for 4.10.1 (#643) (#645) --------- Signed-off-by: Malena Casas Signed-off-by: Álex Ruiz Co-authored-by: Malena Casas Co-authored-by: JuanGarriuz Co-authored-by: Fede Galland <99492720+f-galland@users.noreply.github.com> Co-authored-by: Kevin Ledesma * Merge 4.10.2 into 4.11.0 (#668) * Upgrade integrations to the last version (#447) * Upgrade third-party integrations to latest product versions (#368) * Upgrade third-party integrations to latest product versions * Improve comtability matrix * Change versions in /integrations/.env Signed-off-by: Malena Casas * Fix Splunk integrations (#362) * Add table with the version of the integrations * Update CHANGELOG.md Signed-off-by: Álex Ruiz --------- Signed-off-by: Malena Casas Signed-off-by: Álex Ruiz Co-authored-by: Álex Ruiz Co-authored-by: JuanGarriuz * Merge 4.9.1 into 4.10.0 (#454) * Prepare 4.9.1-rc2 (#436) * Update docker/README.md (#438) * Support new stage 4.9.1-rc3 (#443) * Update operational--integrations_maintenance_request.md (#449) Signed-off-by: Álex Ruiz --------- Signed-off-by: Álex Ruiz * Fix Github Actions build process dependency errors (#457) * Switch from latest to 22.04 runner * Remove non-existant packages from workflow provisioner * Remove freeglut3 from provision.sh * Update calendarTime and scan_date fields type (#458) * Merge 4.9.1 into 4.10.0 (#469) * Support for v4.9.1-alpha4 (#461) * Prepare final release notes for 4.9.1 * Fix release date for 4.10.0 in RPM spec file (#471) * Preserve status of wazuh-indexer on upgrade (#498) * Update pre and post inst scripts for deb and rpm to store and restore service status * Update prerm script to avoid stopping the service on upgrade * Remove extra spaces and update rpm restart command * Merge 4.9.2 into 4.10.0 (#510) * Support for v4.9.1-alpha4 (#461) * Prepare final release notes for 4.9.1 * Support new version 4.9.2 (#494) * Support new version 4.9.2 * Add estimated release date for 4.9.2 * Fix estimates release date for 4.9.2 * Fix 4.9.1 release notes title --------- Signed-off-by: Álex Ruiz * Update Changelog and release date (#595) * Support new Wazuh version 4.10.1 (#615) * Support new stage RC3 for 4.10.0 (#629) (#633) * Fix Changelog (#640) * Fix Changelog * Update CHANGELOG.md Signed-off-by: Álex Ruiz --------- Signed-off-by: Álex Ruiz * Fix release date for 4.10.1 (#643) (#645) * Support new Wazuh version 4.10.2 (#649) * Remove dangling file for ASL integration (#665) (#666) --------- Signed-off-by: Malena Casas Signed-off-by: Álex Ruiz Co-authored-by: Malena Casas Co-authored-by: JuanGarriuz Co-authored-by: Fede Galland <99492720+f-galland@users.noreply.github.com> Co-authored-by: Kevin Ledesma * Remove references to 4.10.2 (#669) * Fix startup errors on STIG compliant systems due to noexec filesystems (#533) (#672) * Update packaging scripts to avoid failures when /var/log is noexec Moved tmp dir creation from postinst to preinst Update .restart tmp file to be stored in the new tmp dir * Update OPENASEARCH_TMPDIR pointing to new tmp directory's path Co-authored-by: Kevin Ledesma --------- Signed-off-by: Malena Casas Signed-off-by: Álex Ruiz Co-authored-by: Malena Casas Co-authored-by: JuanGarriuz Co-authored-by: Fede Galland <99492720+f-galland@users.noreply.github.com> Co-authored-by: Kevin Ledesma --- .../packages/src/rpm/wazuh-indexer.rpm.spec | 6 ++-- .../amazon-security-lake/CONTRIBUTING.md | 6 ++++ integrations/amazon-security-lake/Dockerfile | 2 +- .../aws-lambda.dockerfile | 17 ---------- .../logstash/pipeline/indexer-to-file.conf | 34 ------------------- 5 files changed, 10 insertions(+), 55 deletions(-) delete mode 100644 integrations/amazon-security-lake/aws-lambda.dockerfile delete mode 100644 integrations/amazon-security-lake/logstash/pipeline/indexer-to-file.conf diff --git a/distribution/packages/src/rpm/wazuh-indexer.rpm.spec b/distribution/packages/src/rpm/wazuh-indexer.rpm.spec index b719210ba4d37..4843031db82c6 100644 --- a/distribution/packages/src/rpm/wazuh-indexer.rpm.spec +++ b/distribution/packages/src/rpm/wazuh-indexer.rpm.spec @@ -276,10 +276,10 @@ exit 0 %attr(750, %{name}, %{name}) %{product_dir}/performance-analyzer-rca/bin/* %changelog -* Wed Feb 21 2025 support - 4.12.0 +* Wed Mar 26 2025 support - 4.12.0 - More info: https://documentation.wazuh.com/current/release-notes/release-4-12-0.html -* Tue Jan 28 2025 support - 4.11.0 -- More info: https://documentation.wazuh.com/current/release-notes/release-4-10-1.html +* Wed Feb 19 2025 support - 4.11.0 +- More info: https://documentation.wazuh.com/current/release-notes/release-4-11-0.html * Thu Jan 16 2025 support - 4.10.1 - More info: https://documentation.wazuh.com/current/release-notes/release-4-10-1.html * Wed Jan 08 2025 support - 4.10.0 diff --git a/integrations/amazon-security-lake/CONTRIBUTING.md b/integrations/amazon-security-lake/CONTRIBUTING.md index 1d8132d814c73..e819fac2f6c7e 100644 --- a/integrations/amazon-security-lake/CONTRIBUTING.md +++ b/integrations/amazon-security-lake/CONTRIBUTING.md @@ -16,6 +16,12 @@ This Docker Compose project will bring up these services: - our [events generator](../tools/events-generator/README.md) - an AWS Lambda Python container. +| Service | Address | Credentials | +| ------------- | ------------------------ | --------------- | +| Wazuh Indexer | https://localhost:9200 | admin:admin | +| Dashboards | https://localhost:5601 | admin:admin | +| S3 Ninja | http://localhost:9444/ui | | + On the one hand, the event generator will push events constantly to the indexer, to the `wazuh-alerts-4.x-sample` index by default (refer to the [events generator](../tools/events-generator/README.md) documentation for customization options). On the other hand, Logstash will query for new data and deliver it to output configured in the pipeline `indexer-to-s3`. This pipeline delivers the data to an S3 bucket, from which the data is processed using a Lambda function, to finally be sent to the Amazon Security Lake bucket in Parquet format. The pipeline starts automatically, but if you need to start it manually, attach a terminal to the Logstash container and start the integration using the command below: diff --git a/integrations/amazon-security-lake/Dockerfile b/integrations/amazon-security-lake/Dockerfile index 2a5420e4bcfef..6670f31cee453 100644 --- a/integrations/amazon-security-lake/Dockerfile +++ b/integrations/amazon-security-lake/Dockerfile @@ -1,4 +1,4 @@ -# docker build --platform linux/amd64 --no-cache -f aws-lambda.dockerfile -t docker-image:test . +# docker build --platform linux/amd64 --no-cache -f Dockerfile -t docker-image:test . # docker run --platform linux/amd64 -p 9000:8080 docker-image:test # FROM public.ecr.aws/lambda/python:3.9 diff --git a/integrations/amazon-security-lake/aws-lambda.dockerfile b/integrations/amazon-security-lake/aws-lambda.dockerfile deleted file mode 100644 index 7039c2b935de8..0000000000000 --- a/integrations/amazon-security-lake/aws-lambda.dockerfile +++ /dev/null @@ -1,17 +0,0 @@ -# docker build --platform linux/amd64 --no-cache -f aws-lambda.dockerfile -t docker-image:test . -# docker run --platform linux/amd64 -p 9000:8080 docker-image:test - -# FROM public.ecr.aws/lambda/python:3.9 -FROM amazon/aws-lambda-python:3.12 - -# Copy requirements.txt -COPY requirements.aws.txt ${LAMBDA_TASK_ROOT} - -# Install the specified packages -RUN pip install -r requirements.aws.txt - -# Copy function code -COPY src ${LAMBDA_TASK_ROOT} - -# Set the CMD to your handler (could also be done as a parameter override outside of the Dockerfile) -CMD [ "lambda_function.lambda_handler" ] \ No newline at end of file diff --git a/integrations/amazon-security-lake/logstash/pipeline/indexer-to-file.conf b/integrations/amazon-security-lake/logstash/pipeline/indexer-to-file.conf deleted file mode 100644 index 1bee9afc62450..0000000000000 --- a/integrations/amazon-security-lake/logstash/pipeline/indexer-to-file.conf +++ /dev/null @@ -1,34 +0,0 @@ -input { - opensearch { - hosts => ["wazuh.indexer:9200"] - user => "${INDEXER_USERNAME}" - password => "${INDEXER_PASSWORD}" - ssl => true - ca_file => "/usr/share/logstash/root-ca.pem" - index => "wazuh-alerts-4.x-*" - query => '{ - "query": { - "range": { - "@timestamp": { - "gt": "now-1m" - } - } - } - }' - schedule => "* * * * *" - } -} - - -output { - stdout { - id => "output.stdout" - codec => json_lines - } - file { - id => "output.file" - path => "/var/log/logstash/indexer-to-file-%{+YYYY-MM-dd-HH}.log" - file_mode => 0644 - codec => json_lines - } -}