Project

wazuh-ruby-client

0.01
Low commit activity in last 3 years
A long-lived project that still receives updates
wazuh-ruby-clientmrtc0/wazuh-ruby-clientHomepageDocumentationSource CodeBug TrackerWiki
Wazuh API client for Ruby
2005
2006
2007
2008
2009
2010
2011
2012
2013
2014
2015
2016
2017
2018
2019
2020
2021
2022
2023
2024
2025
 Popularity
Downloads
61,105
Stars
9
Forks
6
Watchers
3
 Releases
Current version
0.3.7
Total releases
21
First release
2020-01-24
Latest release
2024-10-24
 Issues
Open Issues
3
Closed Issues
1
Total Issues
4
Issue Closure Rate
25%
 Pull Requests
Open Pull Requests
2
Closed Pull Requests
3
Merged Pull Requests
41
Pull Request Acceptance Rate
89%
 Development
Primary Language
Ruby
Average date of last 50 commits
2022-04-27
Reverse Dependencies
0

 Dependencies

Development

bundler
~> 2.2
pry
>= 0
pry-byebug
>= 0
rake
>= 12.3.3
rspec
~> 3.0
vcr
>= 0
webmock
>= 0
timecop
>= 0

Runtime

faraday
>= 0
sawyer
>= 0
jwt
>= 0
 Project Readme

Wazuh Ruby Client

License: MIT Yard Docs

A Ruby client for the wazuh APIs.

Installation

Add this line to your application's Gemfile:

gem 'wazuh-ruby-client'

Usage

Wazuh.configure do |config|
  config.endpoint = "https://wazuh.local:55000"
  config.basic_user = "foo"
  config.basic_password = "bar"
  config.verify_ssl = false
  # if you are using the Wazuh version 4
  # config.api_version = 4
end

client = Wazuh::Client.new
client.all_agents
# => {"error"=>0, "data"=>{"items"=>[{"os"=>{"arch"=>"x86_64", "codename"=>"Xenial Xerus", "major"=>"16", "minor"=>"04", "name"=>"Ubuntu", "platform"=>"ubuntu", "uname"=>"Linux |wazuh-manager-master-0 |4.14.138+ |#1 SMP Tue Sep 3 02:58:08 PDT 2019 |x86_64", "version"=>"16.04.6 LTS"}, "status"=>"Active", "name"=>"wazuh-manager-master-0", "registerIP"=>"127.0.0.1", "manager"=>"wazuh-manager-master-0", "dateAdd"=>"2020-01-07 16:13:05", "ip"=>"127.0.0.1", "node_name"=>"wazuh-manager-master", "version"=>"Wazuh v3.11.1", "lastKeepAlive"=>"9999-12-31 23:59:59", "id"=>"000"}], "totalItems"=>1}}

Authorization

Set basic_user and basic_password for basic authentication.
If you using self-signed certificate, verify_ssl must be set to false .

Wazuh.configure do |config|
  config.endpoint = "https://wazuh.local:55000"
  config.basic_user = "foo"
  config.basic_password = "bar"
  config.verify_ssl = false
end

If you are using client certificate authentication, set client_key and client_cert .

require 'openssl'

Wazuh.configure do |config|
  config.endpoint = "https://wazuh.local:55000"
  config.client_key = OpenSSL::PKey::RSA.new(File.read("./wazuh.key"))
  config.client_cert = OpenSSL::X509::Certificate.new(File.read("./wazuh.crt"))
end

Global Settings

The following global settings are supported via Wazuh.configure .

setting description
user_agent User-Agent
ca_file CA file (if use Client Certificate Authentication and specify CA file)
client_cert Client certificate (if use Client Certificate Authentication)
client_key Client Key (if use Client Certificate Authentication)
basic_user Basic Authentication user name
basic_password Basic Authentication password
verify_ssl Skip the SSL/TLS verify
logger loggeer object
endpoint Wazuh API endpoint URL
ignore_env_proxy Ignores ENV proxy settings
api_version Wazuh API Version (3 or 4)

Agents

Get all agents list.

> client.all_agents
=> [
      {
        :os=>{
          :arch=>"x86_64",
          :codename=>"Xenial Xerus",
          :major=>"16",
          :minor=>"04",
          :name=>"Ubuntu",
          :platform=>"ubuntu",
          :uname=>"Linux |wazuh-manager |4.15.0-60-generic |#67-Ubuntu SMP Thu Aug 22 16:55:30 UTC 2019 |x86_64",
          :version=>"16.04.6 LTS"
        },
        :manager=>"wazuh-manager",
        :id=>"000",
        :registerIP=>"127.0.0.1",
        :name=>"wazuh-manager",
        :version=>"Wazuh v3.11.0",
        :ip=>"127.0.0.1",
        :dateAdd=>"2020-01-27 17:02:18",
        :status=>"Active",
        :lastKeepAlive=>"9999-12-31 23:59:59",
        :node_name=>"wazuh-master-1"
      },
      ...
  ]

> agents.first.os.name
=> "Ubuntu"

> agents.first.id
=> "000"

filter by options. (see https://mrtc0.github.io/wazuh-ruby-client/Wazuh/Api/Endpoints/Agents.html#all_agents-instance_method )

# Filter by status is active
> client.all_agents({ status: 'active' })
# Filter by agent os.name is ubuntu
> client.all_agents({ 'os.name' => 'ubuntu' })

Syscollector

List agent's packages.

> client.packages('000').map { |package| package.name }
=> ["python-apt-common",
 "python-idna",
 "libedit2",
 "libncurses5",
 "libpam-runtime",
 "python3.5",
 "libgsasl7",
 "vim-tiny",
 ...

List agents' processes.

> client.packages('000').map { |package| package.name }
=> ["entrypoint.sh",
 "my_init",
 "syslog-ng",
 "runsvdir",
 "runsv",
 ...

Vulnerability

> client.vulnerabilities('000')
=> [{:architecture=>"amd64", :cve=>"CVE-2016-4802", :name=>"curl", :version=>"7.47.0-1ubuntu2.14"}, {:architecture=>"amd64", :cve=>"CVE-2016-8620", :name=>"curl", :version=>"7.47.0-1ubun...

Other

wazuh-ruby-client is supports some of the Wazuh API.
The v4 API is not yet supported.

  • Active Response
  • Agents
  • Cache
  • Ciscat
  • Cluster
  • Decoders
  • Experimental
  • Groups
  • Lists
  • Logtest
  • Mitre
  • Manager
  • Rootcheck
  • Rules
  • Security
  • Security Configuration Assessment
  • Summary
  • Syscheck
  • Syscollector
  • Tasks
  • Vulnerability

Refer to the document of wazuh-ruby-client and Wazuh API Reference for the list of all available methods.

Contributing

Bug reports and pull requests are welcome on GitHub at https://github.com/mrtc0/wazuh-ruby-client.

Copyright and License

Copyright (c) 2015-2019, Kohei Morita

This project is licensed under the MIT License .