diff --git a/.eslintrc.js b/.eslintrc.js
index 3309297533..28118e1374 100644
--- a/.eslintrc.js
+++ b/.eslintrc.js
@@ -28,6 +28,7 @@ module.exports = {
'react-hooks',
'@typescript-eslint',
'unicorn',
+ 'import',
'prettier',
'@stylistic',
],
@@ -210,6 +211,12 @@ module.exports = {
'@typescript-eslint/naming-convention': [
'error',
{ selector: 'default', format: ['camelCase'] },
+ { selector: 'import', format: ['camelCase', 'PascalCase'] },
+ {
+ selector: 'variable',
+ types: ['function'],
+ format: ['camelCase', 'PascalCase'],
+ },
{
selector: ['objectLiteralProperty', 'typeProperty'],
format: null,
@@ -225,6 +232,7 @@ module.exports = {
{
selector: ['variable'],
modifiers: ['global'],
+ types: ['number', 'string'],
format: ['UPPER_CASE'],
},
{
diff --git a/CHANGELOG.md b/CHANGELOG.md
index 6eb7cf1177..ace26016b6 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -8,6 +8,7 @@ All notable changes to the Wazuh app project will be documented in this file.
- Support for Wazuh 5.0.0
- Added creation of report definition when creating dashboard by reference and the button to reset the report [#7091](https://github.com/wazuh/wazuh-dashboard-plugins/pull/7091)
+- Added an initilization service to core plugin to run the initilization tasks related to user scope [#7145](https://github.com/wazuh/wazuh-dashboard-plugins/pull/7145)
### Removed
diff --git a/plugins/main/public/components/overview/vulnerabilities/common/hocs/validate-vulnerabilities-states-index-pattern.tsx b/plugins/main/public/components/overview/vulnerabilities/common/hocs/validate-vulnerabilities-states-index-pattern.tsx
index 5e47789b24..98aa57da9d 100644
--- a/plugins/main/public/components/overview/vulnerabilities/common/hocs/validate-vulnerabilities-states-index-pattern.tsx
+++ b/plugins/main/public/components/overview/vulnerabilities/common/hocs/validate-vulnerabilities-states-index-pattern.tsx
@@ -1,15 +1,15 @@
import React from 'react';
import { compose } from 'redux';
import { connect } from 'react-redux';
+import { EuiButton, EuiEmptyPrompt, EuiLink } from '@elastic/eui';
import { withGuardAsync } from '../../../../common/hocs';
import { getSavedObjects } from '../../../../../kibana-services';
import { SavedObject } from '../../../../../react-services';
import { NOT_TIME_FIELD_NAME_INDEX_PATTERN } from '../../../../../../common/constants';
-import { EuiButton, EuiEmptyPrompt, EuiLink } from '@elastic/eui';
import { webDocumentationLink } from '../../../../../../common/services/web_documentation';
import { vulnerabilityDetection } from '../../../../../utils/applications';
import { LoadingSpinnerDataSource } from '../../../../common/loading/loading-spinner-data-source';
-import NavigationService from '../../../../../react-services/navigation-service';
+import { NavigationService } from '../../../../../react-services/navigation-service';
const INDEX_PATTERN_CREATION_NO_INDEX = 'INDEX_PATTERN_CREATION_NO_INDEX';
@@ -20,15 +20,16 @@ async function checkExistenceIndexPattern(indexPatternID: string) {
async function checkExistenceIndices(indexPatternId: string) {
try {
const fields = await SavedObject.getIndicesFields(indexPatternId);
+
return { exist: true, fields };
- } catch (error) {
+ } catch {
return { exist: false };
}
}
async function createIndexPattern(indexPattern, fields: any) {
try {
- await SavedObject.createSavedObjectIndexPattern(
+ await SavedObject.createSavedObject(
'index-pattern',
indexPattern,
{
@@ -51,7 +52,7 @@ export async function validateVulnerabilitiesStateDataSources({
try {
// Check the existence of related index pattern
const existIndexPattern = await checkExistenceIndexPattern(indexPatternID);
- let indexPattern = existIndexPattern;
+ const indexPattern = existIndexPattern;
// If the idnex pattern does not exist, then check the existence of index
if (existIndexPattern?.error?.statusCode === 404) {
@@ -70,11 +71,13 @@ export async function validateVulnerabilitiesStateDataSources({
},
};
}
+
// If the some index match the index pattern, then create the index pattern
const resultCreateIndexPattern = await createIndexPattern(
indexPatternID,
fields,
);
+
if (resultCreateIndexPattern?.error) {
return {
ok: true,
@@ -86,6 +89,7 @@ export async function validateVulnerabilitiesStateDataSources({
},
};
}
+
/* WORKAROUND: Redirect to the root of Vulnerabilities Detection application that should
redirects to the Dashboard tab. We want to redirect to this view, because we need the
component is visible (visualizations) to ensure the process that defines the filters for the
@@ -95,6 +99,7 @@ export async function validateVulnerabilitiesStateDataSources({
*/
NavigationService.getInstance().navigateToApp(vulnerabilityDetection.id);
}
+
return {
ok: false,
data: { indexPattern },
@@ -127,10 +132,13 @@ const errorPromptBody = {
),
};
-export const PromptCheckIndex = props => {
+export const PromptCheckIndex = (props: {
+ error: { title: string; message: string; type?: string };
+ refresh: () => void;
+}) => {
const { refresh } = props;
- const { title, message } = props?.error;
- const body = errorPromptBody?.[props?.error?.type] || {message}
;
+ const { title, message } = props.error;
+ const body = errorPromptBody?.[props.error?.type] || {message}
;
return (
{
);
};
-const mapStateToProps = state => ({
- vulnerabilitiesStatesindexPatternID:
- state.appConfig.data['vulnerabilities.pattern'],
-});
+const mapStateToProps = state => {
+ return {
+ vulnerabilitiesStatesindexPatternID:
+ state.appConfig.data['vulnerabilities.pattern'],
+ };
+};
export const withVulnerabilitiesStateDataSource = compose(
connect(mapStateToProps),
diff --git a/plugins/main/public/react-services/navigation-service.tsx b/plugins/main/public/react-services/navigation-service.tsx
index 8c0a032e51..5e001a9ecd 100644
--- a/plugins/main/public/react-services/navigation-service.tsx
+++ b/plugins/main/public/react-services/navigation-service.tsx
@@ -1,13 +1,14 @@
import { Location, Action, History } from 'history';
+import rison from 'rison-node';
import { getCore } from '../kibana-services';
import { NavigateToAppOptions } from '../../../../src/core/public';
-import { getIndexPattern } from './elastic_helpers';
import { buildPhraseFilter } from '../../../../src/plugins/data/common';
-import rison from 'rison-node';
+import { getIndexPattern } from './elastic_helpers';
class NavigationService {
+ // eslint-disable-next-line no-use-before-define
private static instance: NavigationService;
- private history: History;
+ private readonly history: History;
private constructor(history: History) {
this.history = history;
@@ -19,6 +20,7 @@ class NavigationService {
} else if (!NavigationService.instance) {
throw new Error('NavigationService must be initialized with a history.');
}
+
return NavigationService.instance;
}
@@ -56,30 +58,31 @@ class NavigationService {
? this.buildSearch(params)
: this.buildSearch(this.getParams());
const locationHash = this.getHash();
+
this.navigate(
`${newPath}${queryParams ? `?${queryParams}` : ''}${locationHash}`,
);
}
public navigate(path: string, state?: any): void {
- if (!state) {
- this.history.push(path);
- } else {
+ if (state) {
this.history.push({
pathname: path,
state,
});
+ } else {
+ this.history.push(path);
}
}
public replace(path: string, state?: any): void {
- if (!state) {
- this.history.replace(path);
- } else {
+ if (state) {
this.history.replace({
pathname: path,
state,
});
+ } else {
+ this.history.replace(path);
}
}
@@ -96,13 +99,14 @@ class NavigationService {
}
public reload(): void {
- window.location.reload();
+ globalThis.location.reload();
}
public listen(
listener: (location: Location, action: Action) => void,
): () => void {
const unlisten = this.history.listen(listener);
+
return unlisten;
}
@@ -125,26 +129,27 @@ class NavigationService {
}
public buildSearch(search: URLSearchParams) {
- return Array.from(search.entries())
+ return [...search.entries()]
.map(([key, value]) => `${key}=${value}`)
.join('&');
}
- public updateAndNavigateSearchParams(params: {
- [key: string]: string | null;
- }): void {
+ public updateAndNavigateSearchParams(
+ params: Record,
+ ): void {
const urlParams = this.getParams();
// Update or delete parameters according to their value
- Object.entries(params).forEach(([key, value]) => {
+ for (const [key, value] of Object.entries(params)) {
if (value === null) {
urlParams.delete(key);
} else {
urlParams.set(key, value);
}
- });
+ }
const queryString = this.buildSearch(urlParams);
+
this.navigate(`${this.getPathname()}?${queryString}`);
}
@@ -152,16 +157,17 @@ class NavigationService {
this.updateAndNavigateSearchParams({ tab: newTab });
}
- public switchSubTab = (subTab: string): void => {
+ public switchSubTab(subTab: string): void {
this.updateAndNavigateSearchParams({ tabView: subTab });
- };
+ }
/*
- TODO: Analyze and improve this function taking into account whether buildFilter_w is still used and whether the implementation with respect to the middle button is correct in navigateToModule
+ TODO: Analyze and improve this function taking into account whether buildFilterW is still used and whether the implementation with respect to the middle button is correct in navigateToModule
*/
- private buildFilter_w(filters, indexPattern) {
+ private buildFilterW(filters, indexPattern) {
const filtersArray: any[] = [];
- Object.keys(filters).forEach(currentFilter => {
+
+ for (const currentFilter of Object.keys(filters)) {
filtersArray.push({
...buildPhraseFilter(
{ name: currentFilter, type: 'text' },
@@ -170,41 +176,51 @@ class NavigationService {
),
$state: { isImplicit: false, store: 'appState' },
});
- });
+ }
+
return rison.encode({ filters: filtersArray });
}
- navigateToModule(e: any, section: string, params: any, navigateMethod?: any) {
- e.persist(); // needed to access this event asynchronously
- if (e.button == 0) {
- // left button clicked
- if (navigateMethod) {
- navigateMethod();
- return;
- }
+ navigateToModule(
+ event: any,
+ section: string,
+ params: any,
+ navigateMethod?: any,
+ ) {
+ event.persist(); // needed to access this event asynchronously
+
+ if (
+ event.button === 0 && // left button clicked
+ navigateMethod
+ ) {
+ navigateMethod();
+
+ return;
}
+
getIndexPattern().then(indexPattern => {
const urlParams = {};
- if (Object.keys(params).length) {
- Object.keys(params).forEach(key => {
+ if (Object.keys(params).length > 0) {
+ for (const key of Object.keys(params)) {
if (key === 'filters') {
- urlParams['_w'] = this.buildFilter_w(params[key], indexPattern);
+ urlParams['_w'] = this.buildFilterW(params[key], indexPattern);
} else {
urlParams[key] = params[key];
}
- });
+ }
}
+
const url = Object.entries(urlParams)
- .map(e => e.join('='))
+ .map(urlParam => urlParam.join('='))
.join('&');
- const currentUrl = window.location.href.split('#/')[0];
+ const currentUrl = globalThis.location.href.split('#/')[0];
const newUrl = currentUrl + `#/${section}?` + url;
- if (e && (e.which == 2 || e.button == 1)) {
+ if (event && (event.which === 2 || event.button === 1)) {
// middlebutton clicked
window.open(newUrl, '_blank', 'noreferrer');
- } else if (e.button == 0) {
+ } else if (event.button === 0) {
// left button clicked
if (navigateMethod) {
navigateMethod();
@@ -217,3 +233,4 @@ class NavigationService {
}
export default NavigationService;
+export { NavigationService };
diff --git a/plugins/wazuh-core/common/services/initialization/constants.ts b/plugins/wazuh-core/common/services/initialization/constants.ts
new file mode 100644
index 0000000000..336fb7f41e
--- /dev/null
+++ b/plugins/wazuh-core/common/services/initialization/constants.ts
@@ -0,0 +1,16 @@
+export const initializationTask = {
+ RUN_STATUS: {
+ NOT_STARTED: 'not_started',
+ RUNNING: 'running',
+ FINISHED: 'finished',
+ },
+ RUN_RESULT: {
+ NULL: null,
+ SUCCESS: 'success',
+ FAIL: 'fail',
+ },
+ CONTEXT: {
+ INTERNAL: 'internal',
+ USER: 'user',
+ },
+} as const;
diff --git a/plugins/wazuh-core/common/services/initialization/types.ts b/plugins/wazuh-core/common/services/initialization/types.ts
new file mode 100644
index 0000000000..0118a181de
--- /dev/null
+++ b/plugins/wazuh-core/common/services/initialization/types.ts
@@ -0,0 +1,13 @@
+import { initializationTask } from './constants';
+
+type RunStatusEnum = (typeof initializationTask)['RUN_STATUS'];
+
+export type InitializationTaskRunStatus = RunStatusEnum[keyof RunStatusEnum];
+
+type RunResultEnum = (typeof initializationTask)['RUN_RESULT'];
+
+export type InitializationTaskRunResult = RunResultEnum[keyof RunResultEnum];
+
+type ContextEnum = (typeof initializationTask)['CONTEXT'];
+
+export type InitializationTaskContext = ContextEnum[keyof ContextEnum];
diff --git a/plugins/wazuh-core/server/index.ts b/plugins/wazuh-core/server/index.ts
index adf9ef623d..26e39fdf47 100644
--- a/plugins/wazuh-core/server/index.ts
+++ b/plugins/wazuh-core/server/index.ts
@@ -8,5 +8,5 @@ export function plugin(initializerContext: PluginInitializerContext) {
return new WazuhCorePlugin(initializerContext);
}
-export type { WazuhCorePluginSetup, WazuhCorePluginStart } from './types';
+export * from './types';
export type { IConfigurationEnhanced } from './services/enhance-configuration';
diff --git a/plugins/wazuh-core/server/initialization/index-patterns-fields/alerts-fields.json b/plugins/wazuh-core/server/initialization/index-patterns-fields/alerts-fields.json
new file mode 100644
index 0000000000..56048c13d6
--- /dev/null
+++ b/plugins/wazuh-core/server/initialization/index-patterns-fields/alerts-fields.json
@@ -0,0 +1,3473 @@
+[
+ {
+ "name": "_id",
+ "type": "string",
+ "esTypes": ["_id"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": false
+ },
+ {
+ "name": "_index",
+ "type": "string",
+ "esTypes": ["_index"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": false
+ },
+ {
+ "name": "_score",
+ "type": "number",
+ "searchable": false,
+ "aggregatable": false,
+ "readFromDocValues": false
+ },
+ {
+ "name": "_source",
+ "type": "_source",
+ "esTypes": ["_source"],
+ "searchable": false,
+ "aggregatable": false,
+ "readFromDocValues": false
+ },
+ {
+ "name": "_type",
+ "type": "string",
+ "esTypes": ["_type"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": false
+ },
+ {
+ "name": "@timestamp",
+ "type": "date",
+ "esTypes": ["date"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "@version",
+ "type": "string",
+ "esTypes": ["text"],
+ "searchable": true,
+ "aggregatable": false,
+ "readFromDocValues": false
+ },
+ {
+ "name": "GeoLocation.area_code",
+ "type": "number",
+ "esTypes": ["long"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "GeoLocation.city_name",
+ "type": "string",
+ "esTypes": ["keyword"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "GeoLocation.continent_code",
+ "type": "string",
+ "esTypes": ["text"],
+ "searchable": true,
+ "aggregatable": false,
+ "readFromDocValues": false
+ },
+ {
+ "name": "GeoLocation.coordinates",
+ "type": "number",
+ "esTypes": ["double"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "GeoLocation.country_code2",
+ "type": "string",
+ "esTypes": ["text"],
+ "searchable": true,
+ "aggregatable": false,
+ "readFromDocValues": false
+ },
+ {
+ "name": "GeoLocation.country_code3",
+ "type": "string",
+ "esTypes": ["text"],
+ "searchable": true,
+ "aggregatable": false,
+ "readFromDocValues": false
+ },
+ {
+ "name": "GeoLocation.country_name",
+ "type": "string",
+ "esTypes": ["keyword"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "GeoLocation.dma_code",
+ "type": "number",
+ "esTypes": ["long"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "GeoLocation.ip",
+ "type": "string",
+ "esTypes": ["keyword"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "GeoLocation.latitude",
+ "type": "number",
+ "esTypes": ["double"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "GeoLocation.location",
+ "type": "geo_point",
+ "esTypes": ["geo_point"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "GeoLocation.longitude",
+ "type": "number",
+ "esTypes": ["double"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "GeoLocation.postal_code",
+ "type": "string",
+ "esTypes": ["keyword"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "GeoLocation.real_region_name",
+ "type": "string",
+ "esTypes": ["keyword"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "GeoLocation.region_name",
+ "type": "string",
+ "esTypes": ["keyword"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "GeoLocation.timezone",
+ "type": "string",
+ "esTypes": ["text"],
+ "searchable": true,
+ "aggregatable": false,
+ "readFromDocValues": false
+ },
+ {
+ "name": "agent.id",
+ "type": "string",
+ "esTypes": ["keyword"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "agent.ip",
+ "type": "string",
+ "esTypes": ["keyword"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "agent.name",
+ "type": "string",
+ "esTypes": ["keyword"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "cluster.name",
+ "type": "string",
+ "esTypes": ["keyword"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "cluster.node",
+ "type": "string",
+ "esTypes": ["keyword"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "command",
+ "type": "string",
+ "esTypes": ["keyword"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "data.action",
+ "type": "string",
+ "esTypes": ["keyword"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "data.audit.acct",
+ "type": "string",
+ "esTypes": ["keyword"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "data.audit.arch",
+ "type": "string",
+ "esTypes": ["keyword"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "data.audit.auid",
+ "type": "string",
+ "esTypes": ["keyword"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "data.audit.command",
+ "type": "string",
+ "esTypes": ["keyword"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "data.audit.cwd",
+ "type": "string",
+ "esTypes": ["keyword"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "data.audit.dev",
+ "type": "string",
+ "esTypes": ["keyword"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "data.audit.directory.inode",
+ "type": "string",
+ "esTypes": ["keyword"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "data.audit.directory.mode",
+ "type": "string",
+ "esTypes": ["keyword"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "data.audit.directory.name",
+ "type": "string",
+ "esTypes": ["keyword"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "data.audit.egid",
+ "type": "string",
+ "esTypes": ["keyword"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "data.audit.enforcing",
+ "type": "string",
+ "esTypes": ["keyword"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "data.audit.euid",
+ "type": "string",
+ "esTypes": ["keyword"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "data.audit.exe",
+ "type": "string",
+ "esTypes": ["keyword"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "data.audit.execve.a0",
+ "type": "string",
+ "esTypes": ["keyword"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "data.audit.execve.a1",
+ "type": "string",
+ "esTypes": ["keyword"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "data.audit.execve.a2",
+ "type": "string",
+ "esTypes": ["keyword"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "data.audit.execve.a3",
+ "type": "string",
+ "esTypes": ["keyword"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "data.audit.exit",
+ "type": "string",
+ "esTypes": ["keyword"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "data.audit.file.inode",
+ "type": "string",
+ "esTypes": ["keyword"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "data.audit.file.mode",
+ "type": "string",
+ "esTypes": ["keyword"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "data.audit.file.name",
+ "type": "string",
+ "esTypes": ["keyword"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "data.audit.fsgid",
+ "type": "string",
+ "esTypes": ["keyword"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "data.audit.fsuid",
+ "type": "string",
+ "esTypes": ["keyword"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "data.audit.gid",
+ "type": "string",
+ "esTypes": ["keyword"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "data.audit.id",
+ "type": "string",
+ "esTypes": ["keyword"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "data.audit.key",
+ "type": "string",
+ "esTypes": ["keyword"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "data.audit.list",
+ "type": "string",
+ "esTypes": ["keyword"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "data.audit.old-auid",
+ "type": "string",
+ "esTypes": ["keyword"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "data.audit.old-ses",
+ "type": "string",
+ "esTypes": ["keyword"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "data.audit.old_enforcing",
+ "type": "string",
+ "esTypes": ["keyword"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "data.audit.old_prom",
+ "type": "string",
+ "esTypes": ["keyword"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "data.audit.op",
+ "type": "string",
+ "esTypes": ["keyword"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "data.audit.pid",
+ "type": "string",
+ "esTypes": ["keyword"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "data.audit.ppid",
+ "type": "string",
+ "esTypes": ["keyword"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "data.audit.prom",
+ "type": "string",
+ "esTypes": ["keyword"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "data.audit.res",
+ "type": "string",
+ "esTypes": ["keyword"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "data.audit.session",
+ "type": "string",
+ "esTypes": ["keyword"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "data.audit.sgid",
+ "type": "string",
+ "esTypes": ["keyword"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "data.audit.srcip",
+ "type": "string",
+ "esTypes": ["keyword"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "data.audit.subj",
+ "type": "string",
+ "esTypes": ["keyword"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "data.audit.success",
+ "type": "string",
+ "esTypes": ["keyword"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "data.audit.suid",
+ "type": "string",
+ "esTypes": ["keyword"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "data.audit.syscall",
+ "type": "string",
+ "esTypes": ["keyword"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "data.audit.tty",
+ "type": "string",
+ "esTypes": ["keyword"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "data.audit.type",
+ "type": "string",
+ "esTypes": ["keyword"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "data.audit.uid",
+ "type": "string",
+ "esTypes": ["keyword"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "data.aws.bytes",
+ "type": "number",
+ "esTypes": ["long"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "data.aws.createdAt",
+ "type": "date",
+ "esTypes": ["date"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "data.aws.dstaddr",
+ "type": "ip",
+ "esTypes": ["ip"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "data.aws.end",
+ "type": "date",
+ "esTypes": ["date"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "data.aws.resource.instanceDetails.launchTime",
+ "type": "date",
+ "esTypes": ["date"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "data.aws.resource.instanceDetails.networkInterfaces.privateIpAddress",
+ "type": "ip",
+ "esTypes": ["ip"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "data.aws.resource.instanceDetails.networkInterfaces.publicIp",
+ "type": "ip",
+ "esTypes": ["ip"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "data.aws.service.action.networkConnectionAction.remoteIpDetails.geoLocation",
+ "type": "geo_point",
+ "esTypes": ["geo_point"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "data.aws.service.action.networkConnectionAction.remoteIpDetails.ipAddressV4",
+ "type": "ip",
+ "esTypes": ["ip"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "data.aws.service.count",
+ "type": "number",
+ "esTypes": ["long"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "data.aws.service.eventFirstSeen",
+ "type": "date",
+ "esTypes": ["date"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "data.aws.service.eventLastSeen",
+ "type": "date",
+ "esTypes": ["date"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "data.aws.source_ip_address",
+ "type": "ip",
+ "esTypes": ["ip"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "data.aws.srcaddr",
+ "type": "ip",
+ "esTypes": ["ip"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "data.aws.start",
+ "type": "date",
+ "esTypes": ["date"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "data.aws.updatedAt",
+ "type": "date",
+ "esTypes": ["date"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "data.aws.log_info.s3bucket",
+ "type": "string",
+ "esTypes": ["keyword"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "data.aws.source",
+ "type": "string",
+ "esTypes": ["keyword"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "data.aws.accountId",
+ "type": "string",
+ "esTypes": ["keyword"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "data.aws.region",
+ "type": "string",
+ "esTypes": ["keyword"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "data.cis.benchmark",
+ "type": "string",
+ "esTypes": ["keyword"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "data.cis.error",
+ "type": "number",
+ "esTypes": ["long"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "data.cis.fail",
+ "type": "number",
+ "esTypes": ["long"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "data.cis.group",
+ "type": "string",
+ "esTypes": ["keyword"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "data.cis.notchecked",
+ "type": "number",
+ "esTypes": ["long"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "data.cis.pass",
+ "type": "number",
+ "esTypes": ["long"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "data.cis.result",
+ "type": "string",
+ "esTypes": ["keyword"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "data.cis.rule_title",
+ "type": "string",
+ "esTypes": ["keyword"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "data.cis.score",
+ "type": "number",
+ "esTypes": ["long"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "data.cis.timestamp",
+ "type": "string",
+ "esTypes": ["keyword"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "data.cis.unknown",
+ "type": "number",
+ "esTypes": ["long"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "data.command",
+ "type": "string",
+ "esTypes": ["keyword"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "data.data",
+ "type": "string",
+ "esTypes": ["keyword"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "data.docker.Action",
+ "type": "string",
+ "esTypes": ["keyword"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "data.docker.Actor.Attributes.image",
+ "type": "string",
+ "esTypes": ["keyword"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "data.docker.Actor.Attributes.name",
+ "type": "string",
+ "esTypes": ["keyword"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "data.docker.Type",
+ "type": "string",
+ "esTypes": ["keyword"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "data.dstip",
+ "type": "string",
+ "esTypes": ["keyword"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "data.dstport",
+ "type": "string",
+ "esTypes": ["keyword"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "data.dstuser",
+ "type": "string",
+ "esTypes": ["keyword"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "data.extra_data",
+ "type": "string",
+ "esTypes": ["keyword"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "data.file",
+ "type": "string",
+ "esTypes": ["keyword"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "data.gcp.jsonPayload.authAnswer",
+ "type": "string",
+ "esTypes": ["keyword"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "data.gcp.jsonPayload.queryName",
+ "type": "string",
+ "esTypes": ["keyword"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "data.gcp.jsonPayload.responseCode",
+ "type": "string",
+ "esTypes": ["keyword"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "data.gcp.jsonPayload.vmInstanceId",
+ "type": "string",
+ "esTypes": ["keyword"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "data.gcp.jsonPayload.vmInstanceName",
+ "type": "string",
+ "esTypes": ["keyword"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "data.gcp.resource.labels.location",
+ "type": "string",
+ "esTypes": ["keyword"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "data.gcp.resource.labels.project_id",
+ "type": "string",
+ "esTypes": ["keyword"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "data.gcp.resource.labels.source_type",
+ "type": "string",
+ "esTypes": ["keyword"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "data.gcp.resource.type",
+ "type": "string",
+ "esTypes": ["keyword"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "data.gcp.severity",
+ "type": "string",
+ "esTypes": ["keyword"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "data.github.action",
+ "type": "string",
+ "esTypes": ["keyword"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "data.github.actor",
+ "type": "string",
+ "esTypes": ["keyword"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "data.github.actor_location.country_code",
+ "type": "string",
+ "esTypes": ["keyword"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "data.github.org",
+ "type": "string",
+ "esTypes": ["keyword"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "data.github.repo",
+ "type": "string",
+ "esTypes": ["keyword"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "data.hardware.cpu_cores",
+ "type": "number",
+ "esTypes": ["long"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "data.hardware.cpu_mhz",
+ "type": "number",
+ "esTypes": ["double"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "data.hardware.cpu_name",
+ "type": "string",
+ "esTypes": ["keyword"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "data.hardware.ram_free",
+ "type": "number",
+ "esTypes": ["long"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "data.hardware.ram_total",
+ "type": "number",
+ "esTypes": ["long"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "data.hardware.ram_usage",
+ "type": "number",
+ "esTypes": ["long"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "data.hardware.serial",
+ "type": "string",
+ "esTypes": ["keyword"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "data.id",
+ "type": "string",
+ "esTypes": ["keyword"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "data.integration",
+ "type": "string",
+ "esTypes": ["keyword"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "data.netinfo.iface.adapter",
+ "type": "string",
+ "esTypes": ["keyword"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "data.netinfo.iface.ipv4.address",
+ "type": "string",
+ "esTypes": ["keyword"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "data.netinfo.iface.ipv4.broadcast",
+ "type": "string",
+ "esTypes": ["keyword"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "data.netinfo.iface.ipv4.dhcp",
+ "type": "string",
+ "esTypes": ["keyword"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "data.netinfo.iface.ipv4.gateway",
+ "type": "string",
+ "esTypes": ["keyword"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "data.netinfo.iface.ipv4.metric",
+ "type": "number",
+ "esTypes": ["long"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "data.netinfo.iface.ipv4.netmask",
+ "type": "string",
+ "esTypes": ["keyword"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "data.netinfo.iface.ipv6.address",
+ "type": "string",
+ "esTypes": ["keyword"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "data.netinfo.iface.ipv6.broadcast",
+ "type": "string",
+ "esTypes": ["keyword"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "data.netinfo.iface.ipv6.dhcp",
+ "type": "string",
+ "esTypes": ["keyword"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "data.netinfo.iface.ipv6.gateway",
+ "type": "string",
+ "esTypes": ["keyword"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "data.netinfo.iface.ipv6.metric",
+ "type": "number",
+ "esTypes": ["long"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "data.netinfo.iface.ipv6.netmask",
+ "type": "string",
+ "esTypes": ["keyword"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "data.netinfo.iface.mac",
+ "type": "string",
+ "esTypes": ["keyword"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "data.netinfo.iface.mtu",
+ "type": "number",
+ "esTypes": ["long"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "data.netinfo.iface.name",
+ "type": "string",
+ "esTypes": ["keyword"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "data.netinfo.iface.rx_bytes",
+ "type": "number",
+ "esTypes": ["long"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "data.netinfo.iface.rx_dropped",
+ "type": "number",
+ "esTypes": ["long"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "data.netinfo.iface.rx_errors",
+ "type": "number",
+ "esTypes": ["long"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "data.netinfo.iface.rx_packets",
+ "type": "number",
+ "esTypes": ["long"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "data.netinfo.iface.state",
+ "type": "string",
+ "esTypes": ["keyword"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "data.netinfo.iface.tx_bytes",
+ "type": "number",
+ "esTypes": ["long"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "data.netinfo.iface.tx_dropped",
+ "type": "number",
+ "esTypes": ["long"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "data.netinfo.iface.tx_errors",
+ "type": "number",
+ "esTypes": ["long"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "data.netinfo.iface.tx_packets",
+ "type": "number",
+ "esTypes": ["long"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "data.netinfo.iface.type",
+ "type": "string",
+ "esTypes": ["keyword"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "data.office365.Actor.ID",
+ "type": "string",
+ "esTypes": ["keyword"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "data.office365.ClientIP",
+ "type": "string",
+ "esTypes": ["keyword"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "data.office365.Operation",
+ "type": "string",
+ "esTypes": ["keyword"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "data.office365.ResultStatus",
+ "type": "string",
+ "esTypes": ["keyword"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "data.office365.Subscription",
+ "type": "string",
+ "esTypes": ["keyword"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "data.office365.UserId",
+ "type": "string",
+ "esTypes": ["keyword"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "data.os.architecture",
+ "type": "string",
+ "esTypes": ["keyword"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "data.os.build",
+ "type": "string",
+ "esTypes": ["keyword"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "data.os.codename",
+ "type": "string",
+ "esTypes": ["keyword"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "data.os.hostname",
+ "type": "string",
+ "esTypes": ["keyword"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "data.os.major",
+ "type": "string",
+ "esTypes": ["keyword"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "data.os.minor",
+ "type": "string",
+ "esTypes": ["keyword"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "data.os.name",
+ "type": "string",
+ "esTypes": ["keyword"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "data.os.platform",
+ "type": "string",
+ "esTypes": ["keyword"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "data.os.release",
+ "type": "string",
+ "esTypes": ["keyword"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "data.os.release_version",
+ "type": "string",
+ "esTypes": ["keyword"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "data.os.sysname",
+ "type": "string",
+ "esTypes": ["keyword"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "data.os.version",
+ "type": "string",
+ "esTypes": ["keyword"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "data.oscap.check.description",
+ "type": "string",
+ "esTypes": ["text"],
+ "searchable": true,
+ "aggregatable": false,
+ "readFromDocValues": false
+ },
+ {
+ "name": "data.oscap.check.id",
+ "type": "string",
+ "esTypes": ["keyword"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "data.oscap.check.identifiers",
+ "type": "string",
+ "esTypes": ["text"],
+ "searchable": true,
+ "aggregatable": false,
+ "readFromDocValues": false
+ },
+ {
+ "name": "data.oscap.check.oval.id",
+ "type": "string",
+ "esTypes": ["keyword"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "data.oscap.check.rationale",
+ "type": "string",
+ "esTypes": ["text"],
+ "searchable": true,
+ "aggregatable": false,
+ "readFromDocValues": false
+ },
+ {
+ "name": "data.oscap.check.references",
+ "type": "string",
+ "esTypes": ["text"],
+ "searchable": true,
+ "aggregatable": false,
+ "readFromDocValues": false
+ },
+ {
+ "name": "data.oscap.check.result",
+ "type": "string",
+ "esTypes": ["keyword"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "data.oscap.check.severity",
+ "type": "string",
+ "esTypes": ["keyword"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "data.oscap.check.title",
+ "type": "string",
+ "esTypes": ["keyword"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "data.oscap.scan.benchmark.id",
+ "type": "string",
+ "esTypes": ["keyword"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "data.oscap.scan.content",
+ "type": "string",
+ "esTypes": ["keyword"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "data.oscap.scan.id",
+ "type": "string",
+ "esTypes": ["keyword"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "data.oscap.scan.profile.id",
+ "type": "string",
+ "esTypes": ["keyword"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "data.oscap.scan.profile.title",
+ "type": "string",
+ "esTypes": ["keyword"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "data.oscap.scan.return_code",
+ "type": "number",
+ "esTypes": ["long"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "data.oscap.scan.score",
+ "type": "number",
+ "esTypes": ["double"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "data.osquery.action",
+ "type": "string",
+ "esTypes": ["keyword"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "data.osquery.calendarTime",
+ "type": "string",
+ "esTypes": ["keyword"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "data.osquery.name",
+ "type": "string",
+ "esTypes": ["keyword"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "data.osquery.pack",
+ "type": "string",
+ "esTypes": ["keyword"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "data.port.inode",
+ "type": "number",
+ "esTypes": ["long"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "data.port.local_ip",
+ "type": "ip",
+ "esTypes": ["ip"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "data.port.local_port",
+ "type": "number",
+ "esTypes": ["long"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "data.port.pid",
+ "type": "number",
+ "esTypes": ["long"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "data.port.process",
+ "type": "string",
+ "esTypes": ["keyword"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "data.port.protocol",
+ "type": "string",
+ "esTypes": ["keyword"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "data.port.remote_ip",
+ "type": "ip",
+ "esTypes": ["ip"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "data.port.remote_port",
+ "type": "number",
+ "esTypes": ["long"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "data.port.rx_queue",
+ "type": "number",
+ "esTypes": ["long"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "data.port.state",
+ "type": "string",
+ "esTypes": ["keyword"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "data.port.tx_queue",
+ "type": "number",
+ "esTypes": ["long"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "data.process.args",
+ "type": "string",
+ "esTypes": ["keyword"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "data.process.cmd",
+ "type": "string",
+ "esTypes": ["keyword"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "data.process.egroup",
+ "type": "string",
+ "esTypes": ["keyword"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "data.process.euser",
+ "type": "string",
+ "esTypes": ["keyword"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "data.process.fgroup",
+ "type": "string",
+ "esTypes": ["keyword"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "data.process.name",
+ "type": "string",
+ "esTypes": ["keyword"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "data.process.nice",
+ "type": "number",
+ "esTypes": ["long"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "data.process.nlwp",
+ "type": "number",
+ "esTypes": ["long"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "data.process.pgrp",
+ "type": "number",
+ "esTypes": ["long"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "data.process.pid",
+ "type": "number",
+ "esTypes": ["long"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "data.process.ppid",
+ "type": "number",
+ "esTypes": ["long"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "data.process.priority",
+ "type": "number",
+ "esTypes": ["long"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "data.process.processor",
+ "type": "number",
+ "esTypes": ["long"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "data.process.resident",
+ "type": "number",
+ "esTypes": ["long"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "data.process.rgroup",
+ "type": "string",
+ "esTypes": ["keyword"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "data.process.ruser",
+ "type": "string",
+ "esTypes": ["keyword"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "data.process.session",
+ "type": "number",
+ "esTypes": ["long"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "data.process.sgroup",
+ "type": "string",
+ "esTypes": ["keyword"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "data.process.share",
+ "type": "number",
+ "esTypes": ["long"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "data.process.size",
+ "type": "number",
+ "esTypes": ["long"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "data.process.start_time",
+ "type": "number",
+ "esTypes": ["long"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "data.process.state",
+ "type": "string",
+ "esTypes": ["keyword"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "data.process.stime",
+ "type": "number",
+ "esTypes": ["long"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "data.process.suser",
+ "type": "string",
+ "esTypes": ["keyword"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "data.process.tgid",
+ "type": "number",
+ "esTypes": ["long"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "data.process.tty",
+ "type": "number",
+ "esTypes": ["long"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "data.process.utime",
+ "type": "number",
+ "esTypes": ["long"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "data.process.vm_size",
+ "type": "number",
+ "esTypes": ["long"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "data.program.architecture",
+ "type": "string",
+ "esTypes": ["keyword"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "data.program.description",
+ "type": "string",
+ "esTypes": ["keyword"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "data.program.format",
+ "type": "string",
+ "esTypes": ["keyword"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "data.program.install_time",
+ "type": "string",
+ "esTypes": ["keyword"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "data.program.location",
+ "type": "string",
+ "esTypes": ["keyword"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "data.program.multiarch",
+ "type": "string",
+ "esTypes": ["keyword"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "data.program.name",
+ "type": "string",
+ "esTypes": ["keyword"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "data.program.priority",
+ "type": "string",
+ "esTypes": ["keyword"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "data.program.section",
+ "type": "string",
+ "esTypes": ["keyword"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "data.program.size",
+ "type": "number",
+ "esTypes": ["long"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "data.program.source",
+ "type": "string",
+ "esTypes": ["keyword"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "data.program.vendor",
+ "type": "string",
+ "esTypes": ["keyword"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "data.program.version",
+ "type": "string",
+ "esTypes": ["keyword"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "data.protocol",
+ "type": "string",
+ "esTypes": ["keyword"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "data.sca.check.command",
+ "type": "string",
+ "esTypes": ["keyword"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "data.sca.check.compliance.cis",
+ "type": "string",
+ "esTypes": ["keyword"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "data.sca.check.compliance.cis_csc",
+ "type": "string",
+ "esTypes": ["keyword"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "data.sca.check.compliance.hipaa",
+ "type": "string",
+ "esTypes": ["keyword"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "data.sca.check.compliance.nist_800_53",
+ "type": "string",
+ "esTypes": ["keyword"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "data.sca.check.compliance.pci_dss",
+ "type": "string",
+ "esTypes": ["keyword"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "data.sca.check.description",
+ "type": "string",
+ "esTypes": ["keyword"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "data.sca.check.directory",
+ "type": "string",
+ "esTypes": ["keyword"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "data.sca.check.file",
+ "type": "string",
+ "esTypes": ["keyword"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "data.sca.check.id",
+ "type": "string",
+ "esTypes": ["keyword"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "data.sca.check.previous_result",
+ "type": "string",
+ "esTypes": ["keyword"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "data.sca.check.process",
+ "type": "string",
+ "esTypes": ["keyword"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "data.sca.check.rationale",
+ "type": "string",
+ "esTypes": ["keyword"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "data.sca.check.reason",
+ "type": "string",
+ "esTypes": ["keyword"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "data.sca.check.references",
+ "type": "string",
+ "esTypes": ["keyword"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "data.sca.check.registry",
+ "type": "string",
+ "esTypes": ["keyword"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "data.sca.check.remediation",
+ "type": "string",
+ "esTypes": ["keyword"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "data.sca.check.result",
+ "type": "string",
+ "esTypes": ["keyword"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "data.sca.check.status",
+ "type": "string",
+ "esTypes": ["keyword"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "data.sca.check.title",
+ "type": "string",
+ "esTypes": ["keyword"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "data.sca.description",
+ "type": "string",
+ "esTypes": ["keyword"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "data.sca.failed",
+ "type": "number",
+ "esTypes": ["integer"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "data.sca.file",
+ "type": "string",
+ "esTypes": ["keyword"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "data.sca.invalid",
+ "type": "string",
+ "esTypes": ["keyword"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "data.sca.name",
+ "type": "string",
+ "esTypes": ["keyword"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "data.sca.passed",
+ "type": "number",
+ "esTypes": ["integer"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "data.sca.policy",
+ "type": "string",
+ "esTypes": ["keyword"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "data.sca.policy_id",
+ "type": "string",
+ "esTypes": ["keyword"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "data.sca.scan_id",
+ "type": "string",
+ "esTypes": ["keyword"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "data.sca.score",
+ "type": "number",
+ "esTypes": ["long"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "data.sca.total_checks",
+ "type": "string",
+ "esTypes": ["keyword"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "data.sca.type",
+ "type": "string",
+ "esTypes": ["keyword"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "data.srcip",
+ "type": "string",
+ "esTypes": ["keyword"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "data.srcport",
+ "type": "string",
+ "esTypes": ["keyword"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "data.srcuser",
+ "type": "string",
+ "esTypes": ["keyword"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "data.status",
+ "type": "string",
+ "esTypes": ["keyword"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "data.system_name",
+ "type": "string",
+ "esTypes": ["keyword"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "data.timestamp",
+ "type": "date",
+ "esTypes": ["date"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "data.title",
+ "type": "string",
+ "esTypes": ["keyword"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "data.type",
+ "type": "string",
+ "esTypes": ["keyword"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "data.uid",
+ "type": "string",
+ "esTypes": ["keyword"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "data.url",
+ "type": "string",
+ "esTypes": ["keyword"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "data.virustotal.description",
+ "type": "string",
+ "esTypes": ["keyword"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "data.virustotal.error",
+ "type": "string",
+ "esTypes": ["keyword"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "data.virustotal.found",
+ "type": "string",
+ "esTypes": ["keyword"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "data.virustotal.malicious",
+ "type": "string",
+ "esTypes": ["keyword"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "data.virustotal.permalink",
+ "type": "string",
+ "esTypes": ["keyword"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "data.virustotal.positives",
+ "type": "string",
+ "esTypes": ["keyword"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "data.virustotal.scan_date",
+ "type": "string",
+ "esTypes": ["keyword"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "data.virustotal.sha1",
+ "type": "string",
+ "esTypes": ["keyword"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "data.virustotal.source.alert_id",
+ "type": "string",
+ "esTypes": ["keyword"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "data.virustotal.source.file",
+ "type": "string",
+ "esTypes": ["keyword"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "data.virustotal.source.md5",
+ "type": "string",
+ "esTypes": ["keyword"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "data.virustotal.source.sha1",
+ "type": "string",
+ "esTypes": ["keyword"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "data.virustotal.total",
+ "type": "string",
+ "esTypes": ["keyword"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "data.vulnerability.assigner",
+ "type": "string",
+ "esTypes": ["keyword"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "data.vulnerability.cve",
+ "type": "string",
+ "esTypes": ["keyword"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "data.vulnerability.cve_version",
+ "type": "string",
+ "esTypes": ["keyword"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "data.vulnerability.cvss.cvss2.base_score",
+ "type": "string",
+ "esTypes": ["keyword"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "data.vulnerability.cvss.cvss2.exploitability_score",
+ "type": "string",
+ "esTypes": ["keyword"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "data.vulnerability.cvss.cvss2.impact_score",
+ "type": "string",
+ "esTypes": ["keyword"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "data.vulnerability.cvss.cvss2.vector.access_complexity",
+ "type": "string",
+ "esTypes": ["keyword"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "data.vulnerability.cvss.cvss2.vector.attack_vector",
+ "type": "string",
+ "esTypes": ["keyword"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "data.vulnerability.cvss.cvss2.vector.authentication",
+ "type": "string",
+ "esTypes": ["keyword"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "data.vulnerability.cvss.cvss2.vector.availability",
+ "type": "string",
+ "esTypes": ["keyword"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "data.vulnerability.cvss.cvss2.vector.confidentiality_impact",
+ "type": "string",
+ "esTypes": ["keyword"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "data.vulnerability.cvss.cvss2.vector.integrity_impact",
+ "type": "string",
+ "esTypes": ["keyword"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "data.vulnerability.cvss.cvss2.vector.privileges_required",
+ "type": "string",
+ "esTypes": ["keyword"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "data.vulnerability.cvss.cvss2.vector.scope",
+ "type": "string",
+ "esTypes": ["keyword"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "data.vulnerability.cvss.cvss2.vector.user_interaction",
+ "type": "string",
+ "esTypes": ["keyword"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "data.vulnerability.cvss.cvss3.base_score",
+ "type": "string",
+ "esTypes": ["keyword"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "data.vulnerability.cvss.cvss3.exploitability_score",
+ "type": "string",
+ "esTypes": ["keyword"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "data.vulnerability.cvss.cvss3.impact_score",
+ "type": "string",
+ "esTypes": ["keyword"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "data.vulnerability.cvss.cvss3.vector.access_complexity",
+ "type": "string",
+ "esTypes": ["keyword"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "data.vulnerability.cvss.cvss3.vector.attack_vector",
+ "type": "string",
+ "esTypes": ["keyword"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "data.vulnerability.cvss.cvss3.vector.authentication",
+ "type": "string",
+ "esTypes": ["keyword"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "data.vulnerability.cvss.cvss3.vector.availability",
+ "type": "string",
+ "esTypes": ["keyword"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "data.vulnerability.cvss.cvss3.vector.confidentiality_impact",
+ "type": "string",
+ "esTypes": ["keyword"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "data.vulnerability.cvss.cvss3.vector.integrity_impact",
+ "type": "string",
+ "esTypes": ["keyword"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "data.vulnerability.cvss.cvss3.vector.privileges_required",
+ "type": "string",
+ "esTypes": ["keyword"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "data.vulnerability.cvss.cvss3.vector.scope",
+ "type": "string",
+ "esTypes": ["keyword"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "data.vulnerability.cvss.cvss3.vector.user_interaction",
+ "type": "string",
+ "esTypes": ["keyword"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "data.vulnerability.cwe_reference",
+ "type": "string",
+ "esTypes": ["keyword"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "data.vulnerability.package.architecture",
+ "type": "string",
+ "esTypes": ["keyword"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "data.vulnerability.package.condition",
+ "type": "string",
+ "esTypes": ["keyword"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "data.vulnerability.package.generated_cpe",
+ "type": "string",
+ "esTypes": ["keyword"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "data.vulnerability.package.name",
+ "type": "string",
+ "esTypes": ["keyword"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "data.vulnerability.package.source",
+ "type": "string",
+ "esTypes": ["keyword"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "data.vulnerability.package.version",
+ "type": "string",
+ "esTypes": ["keyword"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "data.vulnerability.published",
+ "type": "date",
+ "esTypes": ["date"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "data.vulnerability.rationale",
+ "type": "string",
+ "esTypes": ["keyword"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "data.vulnerability.severity",
+ "type": "string",
+ "esTypes": ["keyword"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "data.vulnerability.title",
+ "type": "string",
+ "esTypes": ["keyword"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "data.vulnerability.updated",
+ "type": "date",
+ "esTypes": ["date"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "decoder.accumulate",
+ "type": "number",
+ "esTypes": ["long"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "decoder.fts",
+ "type": "number",
+ "esTypes": ["long"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "decoder.ftscomment",
+ "type": "string",
+ "esTypes": ["keyword"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "decoder.name",
+ "type": "string",
+ "esTypes": ["keyword"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "decoder.parent",
+ "type": "string",
+ "esTypes": ["keyword"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "full_log",
+ "type": "string",
+ "esTypes": ["text"],
+ "searchable": true,
+ "aggregatable": false,
+ "readFromDocValues": false
+ },
+ {
+ "name": "host",
+ "type": "string",
+ "esTypes": ["keyword"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "id",
+ "type": "string",
+ "esTypes": ["keyword"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "input.type",
+ "type": "string",
+ "esTypes": ["keyword"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "location",
+ "type": "string",
+ "esTypes": ["keyword"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "manager.name",
+ "type": "string",
+ "esTypes": ["keyword"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "message",
+ "type": "string",
+ "esTypes": ["text"],
+ "searchable": true,
+ "aggregatable": false,
+ "readFromDocValues": false
+ },
+ {
+ "name": "offset",
+ "type": "string",
+ "esTypes": ["keyword"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "predecoder.hostname",
+ "type": "string",
+ "esTypes": ["keyword"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "predecoder.program_name",
+ "type": "string",
+ "esTypes": ["keyword"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "predecoder.timestamp",
+ "type": "string",
+ "esTypes": ["keyword"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "previous_log",
+ "type": "string",
+ "esTypes": ["text"],
+ "searchable": true,
+ "aggregatable": false,
+ "readFromDocValues": false
+ },
+ {
+ "name": "previous_output",
+ "type": "string",
+ "esTypes": ["keyword"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "program_name",
+ "type": "string",
+ "esTypes": ["keyword"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "rule.cis",
+ "type": "string",
+ "esTypes": ["keyword"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "rule.cis_csc",
+ "type": "string",
+ "esTypes": ["keyword"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "rule.cve",
+ "type": "string",
+ "esTypes": ["keyword"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "rule.description",
+ "type": "string",
+ "esTypes": ["keyword"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "rule.firedtimes",
+ "type": "number",
+ "esTypes": ["long"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "rule.frequency",
+ "type": "number",
+ "esTypes": ["long"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "rule.gdpr",
+ "type": "string",
+ "esTypes": ["keyword"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "rule.gpg13",
+ "type": "string",
+ "esTypes": ["keyword"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "rule.groups",
+ "type": "string",
+ "esTypes": ["keyword"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "rule.hipaa",
+ "type": "string",
+ "esTypes": ["keyword"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "rule.id",
+ "type": "string",
+ "esTypes": ["keyword"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "rule.info",
+ "type": "string",
+ "esTypes": ["keyword"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "rule.level",
+ "type": "number",
+ "esTypes": ["long"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "rule.mail",
+ "type": "boolean",
+ "esTypes": ["boolean"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "rule.mitre.id",
+ "type": "string",
+ "esTypes": ["keyword"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "rule.mitre.tactic",
+ "type": "string",
+ "esTypes": ["keyword"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "rule.mitre.technique",
+ "type": "string",
+ "esTypes": ["keyword"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "rule.nist_800_53",
+ "type": "string",
+ "esTypes": ["keyword"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "rule.pci_dss",
+ "type": "string",
+ "esTypes": ["keyword"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "rule.tsc",
+ "type": "string",
+ "esTypes": ["keyword"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "syscheck.audit.effective_user.id",
+ "type": "string",
+ "esTypes": ["keyword"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "syscheck.audit.effective_user.name",
+ "type": "string",
+ "esTypes": ["keyword"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "syscheck.audit.group.id",
+ "type": "string",
+ "esTypes": ["keyword"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "syscheck.audit.group.name",
+ "type": "string",
+ "esTypes": ["keyword"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "syscheck.audit.login_user.id",
+ "type": "string",
+ "esTypes": ["keyword"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "syscheck.audit.login_user.name",
+ "type": "string",
+ "esTypes": ["keyword"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "syscheck.audit.process.id",
+ "type": "string",
+ "esTypes": ["keyword"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "syscheck.audit.process.name",
+ "type": "string",
+ "esTypes": ["keyword"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "syscheck.audit.process.ppid",
+ "type": "string",
+ "esTypes": ["keyword"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "syscheck.audit.user.id",
+ "type": "string",
+ "esTypes": ["keyword"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "syscheck.audit.user.name",
+ "type": "string",
+ "esTypes": ["keyword"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "syscheck.diff",
+ "type": "string",
+ "esTypes": ["keyword"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "syscheck.event",
+ "type": "string",
+ "esTypes": ["keyword"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "syscheck.gid_after",
+ "type": "string",
+ "esTypes": ["keyword"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "syscheck.gid_before",
+ "type": "string",
+ "esTypes": ["keyword"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "syscheck.gname_after",
+ "type": "string",
+ "esTypes": ["keyword"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "syscheck.gname_before",
+ "type": "string",
+ "esTypes": ["keyword"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "syscheck.hard_links",
+ "type": "string",
+ "esTypes": ["keyword"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "syscheck.inode_after",
+ "type": "string",
+ "esTypes": ["keyword"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "syscheck.inode_before",
+ "type": "string",
+ "esTypes": ["keyword"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "syscheck.md5_after",
+ "type": "string",
+ "esTypes": ["keyword"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "syscheck.md5_before",
+ "type": "string",
+ "esTypes": ["keyword"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "syscheck.mode",
+ "type": "string",
+ "esTypes": ["keyword"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "syscheck.mtime_after",
+ "type": "date",
+ "esTypes": ["date"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "syscheck.mtime_before",
+ "type": "date",
+ "esTypes": ["date"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "syscheck.path",
+ "type": "string",
+ "esTypes": ["keyword"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "syscheck.perm_after",
+ "type": "string",
+ "esTypes": ["keyword"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "syscheck.perm_before",
+ "type": "string",
+ "esTypes": ["keyword"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "syscheck.sha1_after",
+ "type": "string",
+ "esTypes": ["keyword"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "syscheck.sha1_before",
+ "type": "string",
+ "esTypes": ["keyword"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "syscheck.sha256_after",
+ "type": "string",
+ "esTypes": ["keyword"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "syscheck.sha256_before",
+ "type": "string",
+ "esTypes": ["keyword"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "syscheck.size_after",
+ "type": "number",
+ "esTypes": ["long"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "syscheck.size_before",
+ "type": "number",
+ "esTypes": ["long"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "syscheck.tags",
+ "type": "string",
+ "esTypes": ["keyword"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "syscheck.uid_after",
+ "type": "string",
+ "esTypes": ["keyword"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "syscheck.uid_before",
+ "type": "string",
+ "esTypes": ["keyword"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "syscheck.uname_after",
+ "type": "string",
+ "esTypes": ["keyword"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "syscheck.uname_before",
+ "type": "string",
+ "esTypes": ["keyword"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "timestamp",
+ "type": "date",
+ "esTypes": ["date"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "title",
+ "type": "string",
+ "esTypes": ["keyword"],
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "type",
+ "type": "string",
+ "esTypes": ["text"],
+ "searchable": true,
+ "aggregatable": false,
+ "readFromDocValues": false
+ }
+]
diff --git a/plugins/wazuh-core/server/initialization/index-patterns-fields/monitoring-fields.json b/plugins/wazuh-core/server/initialization/index-patterns-fields/monitoring-fields.json
new file mode 100644
index 0000000000..6b82becbdf
--- /dev/null
+++ b/plugins/wazuh-core/server/initialization/index-patterns-fields/monitoring-fields.json
@@ -0,0 +1,245 @@
+[
+ {
+ "name": "timestamp",
+ "type": "date",
+ "count": 0,
+ "scripted": false,
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "_id",
+ "type": "string",
+ "count": 0,
+ "scripted": false,
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": false
+ },
+ {
+ "name": "_index",
+ "type": "string",
+ "count": 0,
+ "scripted": false,
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": false
+ },
+ {
+ "name": "_score",
+ "type": "number",
+ "count": 0,
+ "scripted": false,
+ "searchable": false,
+ "aggregatable": false,
+ "readFromDocValues": false
+ },
+ {
+ "name": "_source",
+ "type": "_source",
+ "count": 0,
+ "scripted": false,
+ "searchable": false,
+ "aggregatable": false,
+ "readFromDocValues": false
+ },
+ {
+ "name": "_type",
+ "type": "string",
+ "count": 0,
+ "scripted": false,
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": false
+ },
+ {
+ "name": "dateAdd",
+ "type": "string",
+ "count": 0,
+ "scripted": false,
+ "searchable": true,
+ "aggregatable": false,
+ "readFromDocValues": false
+ },
+ {
+ "name": "group",
+ "type": "string",
+ "count": 0,
+ "scripted": false,
+ "searchable": true,
+ "aggregatable": false,
+ "readFromDocValues": false
+ },
+ {
+ "name": "host",
+ "type": "string",
+ "count": 0,
+ "scripted": false,
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "id",
+ "type": "string",
+ "count": 0,
+ "scripted": false,
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "ip",
+ "type": "string",
+ "count": 0,
+ "scripted": false,
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "lastKeepAlive",
+ "type": "string",
+ "count": 0,
+ "scripted": false,
+ "searchable": true,
+ "aggregatable": false,
+ "readFromDocValues": false
+ },
+ {
+ "name": "cluster.name",
+ "type": "string",
+ "count": 0,
+ "scripted": false,
+ "searchable": true,
+ "aggregatable": false,
+ "readFromDocValues": false
+ },
+ {
+ "name": "mergedSum",
+ "type": "string",
+ "count": 0,
+ "scripted": false,
+ "searchable": true,
+ "aggregatable": false,
+ "readFromDocValues": false
+ },
+ {
+ "name": "configSum",
+ "type": "string",
+ "count": 0,
+ "scripted": false,
+ "searchable": true,
+ "aggregatable": false,
+ "readFromDocValues": false
+ },
+ {
+ "name": "node_name",
+ "type": "string",
+ "count": 0,
+ "scripted": false,
+ "searchable": true,
+ "aggregatable": false,
+ "readFromDocValues": false
+ },
+ {
+ "name": "manager",
+ "type": "string",
+ "count": 0,
+ "scripted": false,
+ "searchable": true,
+ "aggregatable": false,
+ "readFromDocValues": false
+ },
+ {
+ "name": "name",
+ "type": "string",
+ "count": 0,
+ "scripted": false,
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "os.arch",
+ "type": "string",
+ "count": 0,
+ "scripted": false,
+ "searchable": true,
+ "aggregatable": false,
+ "readFromDocValues": false
+ },
+ {
+ "name": "os.codename",
+ "type": "string",
+ "count": 0,
+ "scripted": false,
+ "searchable": true,
+ "aggregatable": false,
+ "readFromDocValues": false
+ },
+ {
+ "name": "os.major",
+ "type": "string",
+ "count": 0,
+ "scripted": false,
+ "searchable": true,
+ "aggregatable": false,
+ "readFromDocValues": false
+ },
+ {
+ "name": "os.name",
+ "type": "string",
+ "count": 0,
+ "scripted": false,
+ "searchable": true,
+ "aggregatable": false,
+ "readFromDocValues": false
+ },
+ {
+ "name": "os.platform",
+ "type": "string",
+ "count": 0,
+ "scripted": false,
+ "searchable": true,
+ "aggregatable": false,
+ "readFromDocValues": false
+ },
+ {
+ "name": "os.uname",
+ "type": "string",
+ "count": 0,
+ "scripted": false,
+ "searchable": true,
+ "aggregatable": false,
+ "readFromDocValues": false
+ },
+ {
+ "name": "os.version",
+ "type": "string",
+ "count": 0,
+ "scripted": false,
+ "searchable": true,
+ "aggregatable": false,
+ "readFromDocValues": false
+ },
+ {
+ "name": "status",
+ "type": "string",
+ "count": 0,
+ "scripted": false,
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "version",
+ "type": "string",
+ "count": 0,
+ "scripted": false,
+ "searchable": true,
+ "aggregatable": false,
+ "readFromDocValues": false
+ }
+]
diff --git a/plugins/wazuh-core/server/initialization/index-patterns-fields/statistics-fields.json b/plugins/wazuh-core/server/initialization/index-patterns-fields/statistics-fields.json
new file mode 100644
index 0000000000..c89d99d72f
--- /dev/null
+++ b/plugins/wazuh-core/server/initialization/index-patterns-fields/statistics-fields.json
@@ -0,0 +1,710 @@
+[
+ {
+ "name": "analysisd.alerts_queue_size",
+ "type": "number",
+ "esTypes": ["long"],
+ "count": 0,
+ "scripted": false,
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "analysisd.alerts_queue_usage",
+ "type": "number",
+ "esTypes": ["long"],
+ "count": 0,
+ "scripted": false,
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "analysisd.alerts_written",
+ "type": "number",
+ "esTypes": ["long"],
+ "count": 0,
+ "scripted": false,
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "analysisd.archives_queue_size",
+ "type": "number",
+ "esTypes": ["long"],
+ "count": 0,
+ "scripted": false,
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "analysisd.archives_queue_usage",
+ "type": "number",
+ "esTypes": ["long"],
+ "count": 0,
+ "scripted": false,
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "analysisd.dbsync_mdps",
+ "type": "number",
+ "esTypes": ["long"],
+ "count": 0,
+ "scripted": false,
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "analysisd.dbsync_messages_dispatched",
+ "type": "number",
+ "esTypes": ["long"],
+ "count": 0,
+ "scripted": false,
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "analysisd.dbsync_queue_size",
+ "type": "number",
+ "esTypes": ["long"],
+ "count": 0,
+ "scripted": false,
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "analysisd.dbsync_queue_usage",
+ "type": "number",
+ "esTypes": ["long"],
+ "count": 0,
+ "scripted": false,
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "analysisd.event_queue_size",
+ "type": "number",
+ "esTypes": ["long"],
+ "count": 0,
+ "scripted": false,
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "analysisd.event_queue_usage",
+ "type": "number",
+ "esTypes": ["long"],
+ "count": 0,
+ "scripted": false,
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "analysisd.events_dropped",
+ "type": "number",
+ "esTypes": ["long"],
+ "count": 0,
+ "scripted": false,
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "analysisd.events_edps",
+ "type": "number",
+ "esTypes": ["long"],
+ "count": 0,
+ "scripted": false,
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "analysisd.events_processed",
+ "type": "number",
+ "esTypes": ["long"],
+ "count": 0,
+ "scripted": false,
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "analysisd.events_received",
+ "type": "number",
+ "esTypes": ["long"],
+ "count": 0,
+ "scripted": false,
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "analysisd.firewall_queue_size",
+ "type": "number",
+ "esTypes": ["long"],
+ "count": 0,
+ "scripted": false,
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "analysisd.firewall_queue_usage",
+ "type": "number",
+ "esTypes": ["long"],
+ "count": 0,
+ "scripted": false,
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "analysisd.firewall_written",
+ "type": "number",
+ "esTypes": ["long"],
+ "count": 0,
+ "scripted": false,
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "analysisd.fts_written",
+ "type": "number",
+ "esTypes": ["long"],
+ "count": 0,
+ "scripted": false,
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "analysisd.hostinfo_edps",
+ "type": "number",
+ "esTypes": ["long"],
+ "count": 0,
+ "scripted": false,
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "analysisd.hostinfo_events_decoded",
+ "type": "number",
+ "esTypes": ["long"],
+ "count": 0,
+ "scripted": false,
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "analysisd.hostinfo_queue_size",
+ "type": "number",
+ "esTypes": ["long"],
+ "count": 0,
+ "scripted": false,
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "analysisd.hostinfo_queue_usage",
+ "type": "number",
+ "esTypes": ["long"],
+ "count": 0,
+ "scripted": false,
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "analysisd.other_events_decoded",
+ "type": "number",
+ "esTypes": ["long"],
+ "count": 0,
+ "scripted": false,
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "analysisd.other_events_edps",
+ "type": "number",
+ "esTypes": ["long"],
+ "count": 0,
+ "scripted": false,
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "analysisd.rootcheck_edps",
+ "type": "number",
+ "esTypes": ["long"],
+ "count": 0,
+ "scripted": false,
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "analysisd.rootcheck_events_decoded",
+ "type": "number",
+ "esTypes": ["long"],
+ "count": 0,
+ "scripted": false,
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "analysisd.rootcheck_queue_size",
+ "type": "number",
+ "esTypes": ["long"],
+ "count": 0,
+ "scripted": false,
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "analysisd.rootcheck_queue_usage",
+ "type": "number",
+ "esTypes": ["long"],
+ "count": 0,
+ "scripted": false,
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "analysisd.rule_matching_queue_size",
+ "type": "number",
+ "esTypes": ["long"],
+ "count": 0,
+ "scripted": false,
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "analysisd.rule_matching_queue_usage",
+ "type": "number",
+ "esTypes": ["long"],
+ "count": 0,
+ "scripted": false,
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "analysisd.sca_edps",
+ "type": "number",
+ "esTypes": ["long"],
+ "count": 0,
+ "scripted": false,
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "analysisd.sca_events_decoded",
+ "type": "number",
+ "esTypes": ["long"],
+ "count": 0,
+ "scripted": false,
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "analysisd.sca_queue_size",
+ "type": "number",
+ "esTypes": ["long"],
+ "count": 0,
+ "scripted": false,
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "analysisd.sca_queue_usage",
+ "type": "number",
+ "esTypes": ["long"],
+ "count": 0,
+ "scripted": false,
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "analysisd.statistical_queue_size",
+ "type": "number",
+ "esTypes": ["long"],
+ "count": 0,
+ "scripted": false,
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "analysisd.statistical_queue_usage",
+ "type": "number",
+ "esTypes": ["long"],
+ "count": 0,
+ "scripted": false,
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "analysisd.syscheck_edps",
+ "type": "number",
+ "esTypes": ["long"],
+ "count": 0,
+ "scripted": false,
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "analysisd.syscheck_events_decoded",
+ "type": "number",
+ "esTypes": ["long"],
+ "count": 0,
+ "scripted": false,
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "analysisd.syscheck_queue_size",
+ "type": "number",
+ "esTypes": ["long"],
+ "count": 0,
+ "scripted": false,
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "analysisd.syscheck_queue_usage",
+ "type": "number",
+ "esTypes": ["long"],
+ "count": 0,
+ "scripted": false,
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "analysisd.syscollector_edps",
+ "type": "number",
+ "esTypes": ["long"],
+ "count": 0,
+ "scripted": false,
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "analysisd.syscollector_events_decoded",
+ "type": "number",
+ "esTypes": ["long"],
+ "count": 0,
+ "scripted": false,
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "analysisd.syscollector_queue_size",
+ "type": "number",
+ "esTypes": ["long"],
+ "count": 0,
+ "scripted": false,
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "analysisd.syscollector_queue_usage",
+ "type": "number",
+ "esTypes": ["long"],
+ "count": 0,
+ "scripted": false,
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "analysisd.total_events_decoded",
+ "type": "number",
+ "esTypes": ["long"],
+ "count": 0,
+ "scripted": false,
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "analysisd.winevt_edps",
+ "type": "number",
+ "esTypes": ["long"],
+ "count": 0,
+ "scripted": false,
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "analysisd.winevt_events_decoded",
+ "type": "number",
+ "esTypes": ["long"],
+ "count": 0,
+ "scripted": false,
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "analysisd.winevt_queue_size",
+ "type": "number",
+ "esTypes": ["long"],
+ "count": 0,
+ "scripted": false,
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "analysisd.winevt_queue_usage",
+ "type": "number",
+ "esTypes": ["long"],
+ "count": 0,
+ "scripted": false,
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "apiName",
+ "type": "string",
+ "esTypes": ["text"],
+ "count": 0,
+ "scripted": false,
+ "searchable": true,
+ "aggregatable": false,
+ "readFromDocValues": false
+ },
+ {
+ "name": "apiName.keyword",
+ "type": "string",
+ "esTypes": ["keyword"],
+ "count": 0,
+ "scripted": false,
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true,
+ "subType": { "multi": { "parent": "apiName" } }
+ },
+ {
+ "name": "cluster",
+ "type": "string",
+ "esTypes": ["text"],
+ "count": 0,
+ "scripted": false,
+ "searchable": true,
+ "aggregatable": false,
+ "readFromDocValues": false
+ },
+ {
+ "name": "cluster.keyword",
+ "type": "string",
+ "esTypes": ["keyword"],
+ "count": 0,
+ "scripted": false,
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true,
+ "subType": { "multi": { "parent": "cluster" } }
+ },
+ {
+ "name": "nodeName",
+ "type": "string",
+ "esTypes": ["text"],
+ "count": 0,
+ "scripted": false,
+ "searchable": true,
+ "aggregatable": false,
+ "readFromDocValues": false
+ },
+ {
+ "name": "nodeName.keyword",
+ "type": "string",
+ "esTypes": ["keyword"],
+ "count": 0,
+ "scripted": false,
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true,
+ "subType": { "multi": { "parent": "nodeName" } }
+ },
+ {
+ "name": "remoted.ctrl_msg_count",
+ "type": "number",
+ "esTypes": ["long"],
+ "count": 0,
+ "scripted": false,
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "remoted.dequeued_after_close",
+ "type": "number",
+ "esTypes": ["long"],
+ "count": 0,
+ "scripted": false,
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "remoted.discarded_count",
+ "type": "number",
+ "esTypes": ["long"],
+ "count": 0,
+ "scripted": false,
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "remoted.evt_count",
+ "type": "number",
+ "esTypes": ["long"],
+ "count": 0,
+ "scripted": false,
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "remoted.msg_sent",
+ "type": "number",
+ "esTypes": ["long"],
+ "count": 0,
+ "scripted": false,
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "remoted.queue_size",
+ "type": "number",
+ "esTypes": ["long"],
+ "count": 0,
+ "scripted": false,
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "remoted.recv_bytes",
+ "type": "number",
+ "esTypes": ["long"],
+ "count": 0,
+ "scripted": false,
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "remoted.tcp_sessions",
+ "type": "number",
+ "esTypes": ["long"],
+ "count": 0,
+ "scripted": false,
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "remoted.total_queue_size",
+ "type": "number",
+ "esTypes": ["long"],
+ "count": 0,
+ "scripted": false,
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "timestamp",
+ "type": "date",
+ "esTypes": ["date"],
+ "count": 0,
+ "scripted": false,
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "name": "_id",
+ "type": "string",
+ "count": 0,
+ "scripted": false,
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": false
+ },
+ {
+ "name": "_index",
+ "type": "string",
+ "count": 0,
+ "scripted": false,
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": false
+ },
+ {
+ "name": "_score",
+ "type": "number",
+ "count": 0,
+ "scripted": false,
+ "searchable": false,
+ "aggregatable": false,
+ "readFromDocValues": false
+ },
+ {
+ "name": "_source",
+ "type": "_source",
+ "count": 0,
+ "scripted": false,
+ "searchable": false,
+ "aggregatable": false,
+ "readFromDocValues": false
+ },
+ {
+ "name": "_type",
+ "type": "string",
+ "count": 0,
+ "scripted": false,
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": false
+ }
+]
diff --git a/plugins/wazuh-core/server/initialization/index-patterns-fields/vulnerabibility-states-fields.json b/plugins/wazuh-core/server/initialization/index-patterns-fields/vulnerabibility-states-fields.json
new file mode 100644
index 0000000000..216cfdc68f
--- /dev/null
+++ b/plugins/wazuh-core/server/initialization/index-patterns-fields/vulnerabibility-states-fields.json
@@ -0,0 +1,515 @@
+[
+ {
+ "count": 0,
+ "name": "_index",
+ "type": "string",
+ "esTypes": ["_index"],
+ "scripted": false,
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": false
+ },
+ {
+ "count": 0,
+ "name": "_source",
+ "type": "_source",
+ "esTypes": ["_source"],
+ "scripted": false,
+ "searchable": false,
+ "aggregatable": false,
+ "readFromDocValues": false
+ },
+ {
+ "count": 0,
+ "name": "agent.build.original",
+ "type": "string",
+ "esTypes": ["keyword"],
+ "scripted": false,
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "count": 0,
+ "name": "agent.ephemeral_id",
+ "type": "string",
+ "esTypes": ["keyword"],
+ "scripted": false,
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "count": 0,
+ "name": "agent.id",
+ "type": "string",
+ "esTypes": ["keyword"],
+ "scripted": false,
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "count": 0,
+ "name": "agent.name",
+ "type": "string",
+ "esTypes": ["keyword"],
+ "scripted": false,
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "count": 0,
+ "name": "agent.type",
+ "type": "string",
+ "esTypes": ["keyword"],
+ "scripted": false,
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "count": 0,
+ "name": "agent.version",
+ "type": "string",
+ "esTypes": ["keyword"],
+ "scripted": false,
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "count": 0,
+ "name": "host.os.family",
+ "type": "string",
+ "esTypes": ["keyword"],
+ "scripted": false,
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "count": 0,
+ "name": "host.os.full",
+ "type": "string",
+ "esTypes": ["keyword"],
+ "scripted": false,
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "count": 0,
+ "name": "host.os.full.text",
+ "type": "string",
+ "esTypes": ["text"],
+ "scripted": false,
+ "searchable": true,
+ "aggregatable": false,
+ "readFromDocValues": false,
+ "subType": { "multi": { "parent": "host.os.full" } }
+ },
+ {
+ "count": 0,
+ "name": "host.os.kernel",
+ "type": "string",
+ "esTypes": ["keyword"],
+ "scripted": false,
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "count": 0,
+ "name": "host.os.name",
+ "type": "string",
+ "esTypes": ["keyword"],
+ "scripted": false,
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "count": 0,
+ "name": "host.os.name.text",
+ "type": "string",
+ "esTypes": ["text"],
+ "scripted": false,
+ "searchable": true,
+ "aggregatable": false,
+ "readFromDocValues": false,
+ "subType": { "multi": { "parent": "host.os.name" } }
+ },
+ {
+ "count": 0,
+ "name": "host.os.platform",
+ "type": "string",
+ "esTypes": ["keyword"],
+ "scripted": false,
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "count": 0,
+ "name": "host.os.type",
+ "type": "string",
+ "esTypes": ["keyword"],
+ "scripted": false,
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "count": 0,
+ "name": "host.os.version",
+ "type": "string",
+ "esTypes": ["keyword"],
+ "scripted": false,
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "count": 0,
+ "name": "message",
+ "type": "string",
+ "esTypes": ["text"],
+ "scripted": false,
+ "searchable": true,
+ "aggregatable": false,
+ "readFromDocValues": false
+ },
+ {
+ "count": 0,
+ "name": "package.architecture",
+ "type": "string",
+ "esTypes": ["keyword"],
+ "scripted": false,
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "count": 0,
+ "name": "package.build_version",
+ "type": "string",
+ "esTypes": ["keyword"],
+ "scripted": false,
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "count": 0,
+ "name": "package.checksum",
+ "type": "string",
+ "esTypes": ["keyword"],
+ "scripted": false,
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "count": 0,
+ "name": "package.description",
+ "type": "string",
+ "esTypes": ["keyword"],
+ "scripted": false,
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "count": 0,
+ "name": "package.install_scope",
+ "type": "string",
+ "esTypes": ["keyword"],
+ "scripted": false,
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "count": 0,
+ "name": "package.installed",
+ "type": "date",
+ "esTypes": ["date"],
+ "scripted": false,
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "count": 0,
+ "name": "package.license",
+ "type": "string",
+ "esTypes": ["keyword"],
+ "scripted": false,
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "count": 0,
+ "name": "package.name",
+ "type": "string",
+ "esTypes": ["keyword"],
+ "scripted": false,
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "count": 0,
+ "name": "package.path",
+ "type": "string",
+ "esTypes": ["keyword"],
+ "scripted": false,
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "count": 0,
+ "name": "package.reference",
+ "type": "string",
+ "esTypes": ["keyword"],
+ "scripted": false,
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "count": 0,
+ "name": "package.size",
+ "type": "number",
+ "esTypes": ["long"],
+ "scripted": false,
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "count": 0,
+ "name": "package.type",
+ "type": "string",
+ "esTypes": ["keyword"],
+ "scripted": false,
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "count": 0,
+ "name": "package.version",
+ "type": "string",
+ "esTypes": ["keyword"],
+ "scripted": false,
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "count": 0,
+ "name": "tags",
+ "type": "string",
+ "esTypes": ["keyword"],
+ "scripted": false,
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "count": 0,
+ "name": "vulnerability.category",
+ "type": "string",
+ "esTypes": ["keyword"],
+ "scripted": false,
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "count": 0,
+ "name": "vulnerability.classification",
+ "type": "string",
+ "esTypes": ["keyword"],
+ "scripted": false,
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "count": 0,
+ "name": "vulnerability.description",
+ "type": "string",
+ "esTypes": ["keyword"],
+ "scripted": false,
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "count": 0,
+ "name": "vulnerability.description.text",
+ "type": "string",
+ "esTypes": ["text"],
+ "scripted": false,
+ "searchable": true,
+ "aggregatable": false,
+ "readFromDocValues": false,
+ "subType": { "multi": { "parent": "vulnerability.description" } }
+ },
+ {
+ "count": 0,
+ "name": "vulnerability.detected_at",
+ "type": "date",
+ "esTypes": ["date"],
+ "scripted": false,
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "count": 0,
+ "name": "vulnerability.enumeration",
+ "type": "string",
+ "esTypes": ["keyword"],
+ "scripted": false,
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "count": 0,
+ "name": "vulnerability.id",
+ "type": "string",
+ "esTypes": ["keyword"],
+ "scripted": false,
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "count": 0,
+ "name": "vulnerability.published_at",
+ "type": "date",
+ "esTypes": ["date"],
+ "scripted": false,
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "count": 0,
+ "name": "vulnerability.reference",
+ "type": "string",
+ "esTypes": ["keyword"],
+ "scripted": false,
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "count": 0,
+ "name": "vulnerability.report_id",
+ "type": "string",
+ "esTypes": ["keyword"],
+ "scripted": false,
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "count": 0,
+ "name": "vulnerability.scanner.vendor",
+ "type": "string",
+ "esTypes": ["keyword"],
+ "scripted": false,
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "count": 0,
+ "name": "vulnerability.score.base",
+ "type": "number",
+ "esTypes": ["float"],
+ "scripted": false,
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "count": 0,
+ "name": "vulnerability.score.environmental",
+ "type": "number",
+ "esTypes": ["float"],
+ "scripted": false,
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "count": 0,
+ "name": "vulnerability.score.temporal",
+ "type": "number",
+ "esTypes": ["float"],
+ "scripted": false,
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "count": 0,
+ "name": "vulnerability.score.version",
+ "type": "string",
+ "esTypes": ["keyword"],
+ "scripted": false,
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "count": 0,
+ "name": "vulnerability.severity",
+ "type": "string",
+ "esTypes": ["keyword"],
+ "scripted": false,
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "count": 0,
+ "name": "wazuh.cluster.name",
+ "type": "string",
+ "esTypes": ["keyword"],
+ "scripted": false,
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "count": 0,
+ "name": "wazuh.cluster.node",
+ "type": "string",
+ "esTypes": ["keyword"],
+ "scripted": false,
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ },
+ {
+ "count": 0,
+ "name": "wazuh.schema.version",
+ "type": "string",
+ "esTypes": ["keyword"],
+ "scripted": false,
+ "searchable": true,
+ "aggregatable": true,
+ "readFromDocValues": true
+ }
+]
diff --git a/plugins/wazuh-core/server/initialization/index-patterns.ts b/plugins/wazuh-core/server/initialization/index-patterns.ts
new file mode 100644
index 0000000000..a6af4b3e25
--- /dev/null
+++ b/plugins/wazuh-core/server/initialization/index-patterns.ts
@@ -0,0 +1,254 @@
+import { IndexPatternsFetcher } from '../../../../src/plugins/data/server';
+import {
+ InitializationTaskContext,
+ InitializationTaskRunContext,
+} from '../services';
+
+interface EnsureIndexPatternExistenceContextTask {
+ indexPatternID: string;
+ options: any;
+}
+
+interface EnsureIndexPatternExistenceContextTaskWithConfigurationSetting
+ extends EnsureIndexPatternExistenceContextTask {
+ configurationSettingKey: string;
+}
+
+// eslint-disable-next-line @typescript-eslint/no-unused-vars
+const decoratorCheckIsEnabled =
+ callback =>
+ async (
+ ctx: InitializationTaskRunContext,
+ {
+ configurationSettingKey,
+ ...ctxTask
+ }: EnsureIndexPatternExistenceContextTaskWithConfigurationSetting,
+ ) => {
+ if (await ctx.configuration.get(configurationSettingKey)) {
+ await callback(ctx, ctxTask);
+ } else {
+ ctx.logger.info(`Check [${configurationSettingKey}]: disabled. Skipped.`);
+ }
+ };
+
+async function getFieldMappings(
+ { logger, indexPatternsClient },
+ indexPatternTitle: string,
+) {
+ logger.debug(`Getting index pattern fields for title [${indexPatternTitle}]`);
+
+ // https://github.com/opensearch-project/OpenSearch-Dashboards/blob/2.16.0/src/plugins/data/server/index_patterns/routes.ts#L74
+ const fields = await indexPatternsClient.getFieldsForWildcard({
+ pattern: indexPatternTitle,
+ // meta_fields=_source&meta_fields=_id&meta_fields=_type&meta_fields=_index&meta_fields=_score
+ metaFields: ['_source', '_id', '_type', '_index', '_score'],
+ });
+
+ logger.debug(
+ `Fields for index pattern with title [${indexPatternTitle}]: ${JSON.stringify(
+ fields,
+ )}`,
+ );
+
+ return fields;
+}
+
+async function createIndexPattern(
+ { logger, savedObjectsClient, indexPatternsClient },
+ indexPatternID,
+ options: {
+ fieldsNoIndices?: any;
+ savedObjectOverwrite?: Record;
+ } = {},
+) {
+ try {
+ let fields;
+
+ try {
+ fields = await getFieldMappings(
+ { logger, indexPatternsClient },
+ indexPatternID,
+ );
+ } catch (error) {
+ if (error?.output?.statusCode === 404 && options.fieldsNoIndices) {
+ const message = `Fields for index pattern with ID [${indexPatternID}] could not be obtained. This could indicate there are not matching indices because they were not generated or there is some error in the process that generates and indexes that data. The index pattern will be created with a set of pre-defined fields.`;
+
+ logger.warn(message);
+ fields = options.fieldsNoIndices;
+ } else {
+ throw error;
+ }
+ }
+
+ const savedObjectData = {
+ title: indexPatternID,
+ fields: JSON.stringify(fields),
+ ...options?.savedObjectOverwrite,
+ };
+
+ logger.debug(
+ `Creating index pattern with ID [${indexPatternID}] title [${savedObjectData.title}]`,
+ );
+
+ const response = await savedObjectsClient.create(
+ 'index-pattern',
+ savedObjectData,
+ {
+ id: indexPatternID,
+ overwrite: true,
+ refresh: true,
+ },
+ );
+ const indexPatternCreatedMessage = `Created index pattern with ID [${response.id}] title [${response.attributes.title}]`;
+
+ logger.info(indexPatternCreatedMessage);
+
+ return response;
+ } catch (error) {
+ throw new Error(
+ `index pattern with ID [${indexPatternID}] could not be created due to: ${error.message}`,
+ );
+ }
+}
+
+export const ensureIndexPatternExistence = async (
+ { logger, savedObjectsClient, indexPatternsClient },
+ { indexPatternID, options = {} }: EnsureIndexPatternExistenceContextTask,
+) => {
+ try {
+ logger.debug(
+ `Checking existence of index pattern with ID [${indexPatternID}]`,
+ );
+
+ const response = await savedObjectsClient.get(
+ 'index-pattern',
+ indexPatternID,
+ );
+
+ logger.debug(`Index pattern with ID [${indexPatternID}] exists`);
+
+ return response;
+ } catch (error) {
+ // Get not found saved object
+ if (error?.output?.statusCode === 404) {
+ // Create index pattern
+ logger.info(`Index pattern with ID [${indexPatternID}] does not exist`);
+
+ return await createIndexPattern(
+ { logger, savedObjectsClient, indexPatternsClient },
+ indexPatternID,
+ options,
+ );
+ } else {
+ throw new Error(
+ `index pattern with ID [${indexPatternID}] existence could not be checked due to: ${error.message}`,
+ );
+ }
+ }
+};
+
+function getSavedObjectsClient(
+ ctx: InitializationTaskRunContext,
+ scope: InitializationTaskContext,
+) {
+ switch (scope) {
+ case 'internal': {
+ return ctx.core.savedObjects.createInternalRepository();
+ }
+
+ case 'user': {
+ return ctx.core.savedObjects.savedObjectsStart.getScopedClient(
+ ctx.request,
+ );
+ }
+
+ default: {
+ break;
+ }
+ }
+}
+
+function getIndexPatternsClient(
+ ctx: InitializationTaskRunContext,
+ scope: InitializationTaskContext,
+) {
+ switch (scope) {
+ case 'internal': {
+ return new IndexPatternsFetcher(
+ ctx.core.opensearch.legacy.client.callAsInternalUser,
+ );
+ }
+
+ case 'user': {
+ return new IndexPatternsFetcher(
+ ctx.core.opensearch.legacy.client.callAsCurrentUser,
+ );
+ }
+
+ default: {
+ break;
+ }
+ }
+}
+
+function getIndexPatternID(
+ ctx: InitializationTaskRunContext,
+ scope: string,
+ rest: any,
+) {
+ switch (scope) {
+ case 'internal': {
+ return rest.getIndexPatternID(ctx);
+ }
+
+ case 'user': {
+ return ctx.getIndexPatternID(ctx);
+ }
+
+ default: {
+ break;
+ }
+ }
+}
+
+export const initializationTaskCreatorIndexPattern = ({
+ taskName,
+ options = {},
+ configurationSettingKey,
+ ...rest
+}: {
+ getIndexPatternID: (ctx: any) => Promise;
+ taskName: string;
+ options: object;
+ configurationSettingKey: string;
+}) => {
+ return {
+ name: taskName,
+ async run(ctx: InitializationTaskRunContext) {
+ let indexPatternID;
+
+ try {
+ ctx.logger.debug('Starting index pattern saved object');
+ indexPatternID = await getIndexPatternID(ctx, ctx.scope, rest);
+
+ // Get clients depending on the scope
+ const savedObjectsClient = getSavedObjectsClient(ctx, ctx.scope);
+ const indexPatternsClient = getIndexPatternsClient(ctx, ctx.scope);
+
+ return await ensureIndexPatternExistence(
+ { ...ctx, indexPatternsClient, savedObjectsClient },
+ {
+ indexPatternID,
+ options,
+ configurationSettingKey,
+ },
+ );
+ } catch (error) {
+ const message = `Error initilizating index pattern with ID [${indexPatternID}]: ${error.message}`;
+
+ ctx.logger.error(message);
+ throw new Error(message);
+ }
+ },
+ };
+};
diff --git a/plugins/wazuh-core/server/initialization/index.ts b/plugins/wazuh-core/server/initialization/index.ts
new file mode 100644
index 0000000000..e7712b3abc
--- /dev/null
+++ b/plugins/wazuh-core/server/initialization/index.ts
@@ -0,0 +1,3 @@
+export * from './index-patterns';
+export * from './settings';
+export * from './templates';
diff --git a/plugins/wazuh-core/server/initialization/server-api.test.ts b/plugins/wazuh-core/server/initialization/server-api.test.ts
new file mode 100644
index 0000000000..60aaffc99e
--- /dev/null
+++ b/plugins/wazuh-core/server/initialization/server-api.test.ts
@@ -0,0 +1,100 @@
+import {
+ PLUGIN_APP_NAME,
+ PLUGIN_PLATFORM_WAZUH_DOCUMENTATION_URL_PATH_TROUBLESHOOTING,
+} from '../../common/constants';
+import { webDocumentationLink } from '../../common/services/web_documentation';
+import { version as appVersion } from '../../package.json';
+import {
+ serverAPIConnectionCompatibility,
+ checkAppServerCompatibility,
+} from './server-api';
+
+describe('checkAppServerCompatibility', () => {
+ it.each`
+ appVersion | serverAPIVersion | isCompatible
+ ${'5.0.0'} | ${'5.0.0'} | ${true}
+ ${'5.0.0'} | ${'5.0.1'} | ${true}
+ ${'5.0.0'} | ${'5.0.10'} | ${true}
+ ${'5.0.0'} | ${'5.0.100'} | ${true}
+ ${'5.0.0'} | ${'4.9.1'} | ${false}
+ ${'5.0.0'} | ${'4.9.10'} | ${false}
+ ${'5.0.0'} | ${'4.9.100'} | ${false}
+ ${'5.0.0'} | ${'4.0.1'} | ${false}
+ ${'5.0.0'} | ${'4.0.10'} | ${false}
+ ${'5.0.0'} | ${'4.0.100'} | ${false}
+ ${'5.0.0'} | ${'4.10.1'} | ${false}
+ ${'5.0.0'} | ${'4.10.10'} | ${false}
+ ${'5.0.0'} | ${'4.10.100'} | ${false}
+ `(
+ `appVersion: $appVersion, serverAPIVersion: $serverAPIVersion, isCompatible: $isCompatible`,
+ ({ appVersion, serverAPIVersion, isCompatible }) => {
+ expect(checkAppServerCompatibility(appVersion, serverAPIVersion)).toBe(
+ isCompatible,
+ );
+ },
+ );
+});
+
+describe('serverAPIConnectionCompatibility', () => {
+ it.each`
+ apiHostID | apiVersionResponse | isCompatible
+ ${'server1'} | ${{ api_version: '5.0.0' }} | ${true}
+ ${'server2'} | ${{ api_version: '0.0.0' }} | ${false}
+ ${'server3'} | ${{ missing_api_version_field: null }} | ${false}
+ `(
+ `Check server API connection and compatibility for the server API hosts`,
+ async ({ apiHostID, apiVersionResponse, isCompatible }) => {
+ const loggerMock = jest.fn();
+
+ await serverAPIConnectionCompatibility(
+ {
+ manageHosts: {
+ get: () => hosts,
+ },
+ logger: {
+ debug: loggerMock,
+ info: loggerMock,
+ warn: loggerMock,
+ error: loggerMock,
+ },
+ serverAPIClient: {
+ asInternalUser: {
+ request: () => {
+ return {
+ data: {
+ data: apiVersionResponse,
+ },
+ };
+ },
+ },
+ },
+ },
+ apiHostID,
+ appVersion,
+ );
+ expect(loggerMock).toHaveBeenCalledWith(
+ `Checking the connection and compatibility with server API [${apiHostID}]`,
+ );
+
+ if (apiVersionResponse.api_version) {
+ if (isCompatible === true) {
+ expect(loggerMock).toHaveBeenCalledWith(
+ `Server API [${apiHostID}] version [${apiVersionResponse.api_version}] is compatible with the ${PLUGIN_APP_NAME} version`,
+ );
+ } else if (isCompatible === false) {
+ expect(loggerMock).toHaveBeenCalledWith(
+ `Server API [${apiHostID}] version [${
+ apiVersionResponse.api_version
+ }] is not compatible with the ${PLUGIN_APP_NAME} version [${appVersion}]. Major and minor number must match at least. It is recommended the server API and ${PLUGIN_APP_NAME} version are equals. Read more about this error in our troubleshooting guide: ${webDocumentationLink(
+ PLUGIN_PLATFORM_WAZUH_DOCUMENTATION_URL_PATH_TROUBLESHOOTING,
+ )}.`,
+ );
+ }
+ } else {
+ expect(loggerMock).toHaveBeenCalledWith(
+ `Error checking the connection and compatibility with server API [${apiHostID}]: version is not found in the response of server API`,
+ );
+ }
+ },
+ );
+});
diff --git a/plugins/wazuh-core/server/initialization/server-api.ts b/plugins/wazuh-core/server/initialization/server-api.ts
new file mode 100644
index 0000000000..8b3dbb3fe0
--- /dev/null
+++ b/plugins/wazuh-core/server/initialization/server-api.ts
@@ -0,0 +1,135 @@
+import {
+ PLUGIN_APP_NAME,
+ PLUGIN_PLATFORM_WAZUH_DOCUMENTATION_URL_PATH_TROUBLESHOOTING,
+} from '../../common/constants';
+import { webDocumentationLink } from '../../common/services/web_documentation';
+import { version as appVersion } from '../../package.json';
+import { InitializationTaskRunContext } from '../services';
+
+export function checkAppServerCompatibility(
+ appVersion: string,
+ serverAPIVersion: string,
+) {
+ const api = /v?(?\d+)\.(?\d+)\.(?\d+)/.exec(
+ serverAPIVersion,
+ );
+ const [appVersionMajor, appVersionMinor] = appVersion.split('.');
+
+ return (
+ api?.groups?.major === appVersionMajor &&
+ api?.groups?.minor === appVersionMinor
+ );
+}
+
+export async function serverAPIConnectionCompatibility(
+ ctx: InitializationTaskRunContext,
+ apiHostID: string,
+ appVersion: string,
+) {
+ let connection = null,
+ compatibility = null,
+ apiVersion = null;
+
+ try {
+ ctx.logger.debug(
+ `Checking the connection and compatibility with server API [${apiHostID}]`,
+ );
+
+ const response = await ctx.serverAPIClient.asInternalUser.request(
+ 'GET',
+ '/',
+ {},
+ { apiHostID },
+ );
+
+ connection = true;
+ apiVersion = response?.data?.data?.api_version;
+
+ if (!apiVersion) {
+ throw new Error('version is not found in the response of server API');
+ }
+
+ ctx.logger.debug(`Server API version [${apiVersion}]`);
+
+ if (checkAppServerCompatibility(appVersion, apiVersion)) {
+ compatibility = true;
+ ctx.logger.info(
+ `Server API [${apiHostID}] version [${apiVersion}] is compatible with the ${PLUGIN_APP_NAME} version`,
+ );
+ } else {
+ compatibility = false;
+ ctx.logger.warn(
+ `Server API [${apiHostID}] version [${apiVersion}] is not compatible with the ${PLUGIN_APP_NAME} version [${appVersion}]. Major and minor number must match at least. It is recommended the server API and ${PLUGIN_APP_NAME} version are equals. Read more about this error in our troubleshooting guide: ${webDocumentationLink(
+ PLUGIN_PLATFORM_WAZUH_DOCUMENTATION_URL_PATH_TROUBLESHOOTING,
+ )}.`,
+ );
+ }
+ } catch (error) {
+ ctx.logger.warn(
+ `Error checking the connection and compatibility with server API [${apiHostID}]: ${error.message}`,
+ );
+ }
+
+ return {
+ connection,
+ compatibility,
+ api_version: apiVersion,
+ id: apiHostID,
+ };
+}
+
+async function serversAPIConnectionCompatibility(
+ ctx: InitializationTaskRunContext,
+) {
+ if (ctx.scope === 'user' && ctx.request?.query?.apiHostID) {
+ const host = await ctx.manageHosts.get(ctx.request.query.apiHostID, {
+ excludePassword: true,
+ });
+
+ ctx.logger.debug(`APP version [${appVersion}]`);
+
+ return await serverAPIConnectionCompatibility(ctx, host.id, appVersion);
+ } else {
+ const hosts = await ctx.manageHosts.get(undefined, {
+ excludePassword: true,
+ });
+
+ ctx.logger.debug(`APP version [${appVersion}]`);
+
+ return await Promise.all(
+ hosts.map(async ({ id: apiHostID }: { id: string }) =>
+ serverAPIConnectionCompatibility(ctx, apiHostID, appVersion),
+ ),
+ );
+ }
+}
+
+export const initializationTaskCreatorServerAPIConnectionCompatibility = ({
+ taskName,
+}: {
+ taskName: string;
+}) => {
+ return {
+ name: taskName,
+ async run(ctx: InitializationTaskRunContext) {
+ try {
+ ctx.logger.debug(
+ 'Starting check server API connection and compatibility',
+ );
+
+ const results = await serversAPIConnectionCompatibility(ctx);
+
+ ctx.logger.info(
+ 'Start check server API connection and compatibility finished',
+ );
+
+ return results;
+ } catch (error) {
+ const message = `Error checking server API connection and compatibility: ${error.message}`;
+
+ ctx.logger.error(message);
+ throw new Error(message);
+ }
+ },
+ };
+};
diff --git a/plugins/wazuh-core/server/initialization/settings.ts b/plugins/wazuh-core/server/initialization/settings.ts
new file mode 100644
index 0000000000..2391cec165
--- /dev/null
+++ b/plugins/wazuh-core/server/initialization/settings.ts
@@ -0,0 +1,207 @@
+/*
+ * Wazuh app - Check PluginPlatform settings service
+ *
+ * Copyright (C) 2015-2024 Wazuh, Inc.
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * Find more information about this on the LICENSE file.
+ *
+ */
+
+import { isEqual } from 'lodash';
+import { IUiSettingsClient } from 'src/core/server';
+import {
+ InitializationTaskContext,
+ InitializationTaskRunContext,
+} from '../services';
+
+const decoratorCheckIsEnabled =
+ callback =>
+ async (
+ ctx: InitializationTaskRunContext,
+ {
+ configurationSetting,
+ ...ctxTask
+ }: { key: string; value: any; configurationSetting: string },
+ ) => {
+ if (await ctx.configuration.get(configurationSetting)) {
+ await callback(ctx, ctxTask);
+ } else {
+ ctx.logger.info(`Check [${configurationSetting}]: disabled. Skipped.`);
+ }
+ };
+
+function stringifySetting(setting: any) {
+ try {
+ return JSON.stringify(setting);
+ } catch {
+ return setting;
+ }
+}
+
+async function updateSetting(
+ uiSettingsClient: IUiSettingsClient,
+ pluginPlatformSettingName: string,
+ defaultAppValue: any,
+ retries = 3,
+): Promise {
+ return await uiSettingsClient
+ .set(pluginPlatformSettingName, defaultAppValue)
+ .catch(async error => {
+ if (retries > 0) {
+ return await updateSetting(
+ uiSettingsClient,
+ pluginPlatformSettingName,
+ defaultAppValue,
+ --retries,
+ );
+ }
+
+ throw error;
+ });
+}
+
+export const checkPluginPlatformSettings = decoratorCheckIsEnabled(
+ async (
+ {
+ logger,
+ uiSettingsClient,
+ }: InitializationTaskRunContext & { uiSettingsClient: IUiSettingsClient },
+ {
+ key: pluginPlatformSettingName,
+ value: defaultAppValue,
+ }: { key: string; value: any },
+ ) => {
+ logger.debug(`Getting setting [${pluginPlatformSettingName}]...`);
+
+ const valuePluginPlatformSetting = await uiSettingsClient.get(
+ pluginPlatformSettingName,
+ );
+ const settingsAreDifferent = !isEqual(
+ valuePluginPlatformSetting,
+ defaultAppValue,
+ );
+
+ logger.debug(
+ `Check setting [${pluginPlatformSettingName}]: ${stringifySetting(
+ valuePluginPlatformSetting,
+ )}`,
+ );
+ logger.debug(
+ `App setting [${pluginPlatformSettingName}]: ${stringifySetting(
+ defaultAppValue,
+ )}`,
+ );
+ logger.debug(
+ `Setting mismatch [${pluginPlatformSettingName}]: ${
+ settingsAreDifferent ? 'yes' : 'no'
+ }`,
+ );
+ logger.debug(
+ `Setting is user defined [${pluginPlatformSettingName}]: ${
+ valuePluginPlatformSetting ? 'yes' : 'no'
+ }`,
+ );
+
+ if (!valuePluginPlatformSetting || settingsAreDifferent) {
+ logger.debug(`Updating [${pluginPlatformSettingName}] setting...`);
+ await updateSetting(
+ uiSettingsClient,
+ pluginPlatformSettingName,
+ defaultAppValue,
+ );
+ logger.info(
+ `Updated [${pluginPlatformSettingName}] setting to: ${stringifySetting(
+ defaultAppValue,
+ )}`,
+ );
+ }
+ },
+);
+
+function getSavedObjectsClient(
+ ctx: InitializationTaskRunContext,
+ scope: InitializationTaskContext,
+) {
+ switch (scope) {
+ case 'internal': {
+ return ctx.core.savedObjects.createInternalRepository();
+ }
+
+ case 'user': {
+ return ctx.core.savedObjects.savedObjectsStart.getScopedClient(
+ ctx.request,
+ );
+ }
+
+ default: {
+ break;
+ }
+ }
+}
+
+function getUiSettingsClient(
+ ctx: InitializationTaskRunContext,
+ scope: InitializationTaskContext,
+ client: any,
+) {
+ switch (scope) {
+ case 'internal': {
+ return ctx.core.uiSettings.asScopedToClient(client);
+ }
+
+ case 'user': {
+ return ctx.core.uiSettings.uiSettingsStart.asScopedToClient(client);
+ }
+
+ default: {
+ break;
+ }
+ }
+}
+
+export const initializationTaskCreatorSetting = (
+ setting: { key: string; value: any; configurationSetting: string },
+ taskName: string,
+) => {
+ return {
+ name: taskName,
+ async run(ctx: InitializationTaskRunContext) {
+ try {
+ ctx.logger.debug('Starting setting');
+
+ // Get clients depending on the scope
+ const savedObjectsClient = getSavedObjectsClient(ctx, ctx.scope);
+ const uiSettingsClient = getUiSettingsClient(
+ ctx,
+ ctx.scope,
+ savedObjectsClient,
+ );
+ const { key, value, configurationSetting } = setting;
+
+ await checkPluginPlatformSettings(
+ {
+ logger: ctx.logger,
+ uiSettingsClient,
+ configuration: ctx.configuration,
+ },
+ {
+ key,
+ value,
+ configurationSetting,
+ },
+ );
+ ctx.logger.info('Start setting finished');
+ } catch (error) {
+ const message = `Error initilizating setting [${setting.key}]: ${error.message}`;
+
+ ctx.logger.error(message);
+ throw new Error(message);
+ }
+ },
+ };
+};
diff --git a/plugins/wazuh-core/server/initialization/templates.test.ts b/plugins/wazuh-core/server/initialization/templates.test.ts
new file mode 100644
index 0000000000..e00bba3548
--- /dev/null
+++ b/plugins/wazuh-core/server/initialization/templates.test.ts
@@ -0,0 +1,43 @@
+import { getTemplateForIndexPattern } from './templates';
+
+const templates = [
+ {
+ name: 'wazuh',
+ index_patterns: '[wazuh-alerts-4.x-*, wazuh-archives-4.x-*]',
+ order: '0',
+ version: '1',
+ composed_of: '',
+ },
+ {
+ name: 'wazuh-agent',
+ index_patterns: '[wazuh-monitoring-*]',
+ order: '0',
+ version: null,
+ composed_of: '',
+ },
+ {
+ name: 'wazuh-statistics',
+ index_patterns: '[wazuh-statistics-*]',
+ order: '0',
+ version: null,
+ composed_of: '',
+ },
+];
+
+describe('getTemplateForIndexPattern', () => {
+ it.each`
+ indexPatternTitle | templateNameFound
+ ${'custom-alerts-*'} | ${[]}
+ ${'wazuh-alerts-*'} | ${['wazuh']}
+ ${'wazuh-alerts-'} | ${['wazuh']}
+ `(
+ `indexPatternTitle: $indexPatternTitle`,
+ ({ indexPatternTitle, templateNameFound }) => {
+ expect(
+ getTemplateForIndexPattern(indexPatternTitle, templates).map(
+ ({ name }) => name,
+ ),
+ ).toEqual(templateNameFound);
+ },
+ );
+});
diff --git a/plugins/wazuh-core/server/initialization/templates.ts b/plugins/wazuh-core/server/initialization/templates.ts
new file mode 100644
index 0000000000..6dd288250a
--- /dev/null
+++ b/plugins/wazuh-core/server/initialization/templates.ts
@@ -0,0 +1,110 @@
+import { InitializationTaskRunContext } from '../services';
+
+export function getTemplateForIndexPattern(
+ indexPatternTitle: string,
+ templates: { name: string; index_patterns: string }[],
+) {
+ return templates.filter(
+ ({ index_patterns: indexPatternsTemplate }: { index_patterns: string }) => {
+ const [, cleanIndexPatterns] = indexPatternsTemplate.match(/\[(.+)]/) || [
+ null,
+ null,
+ ];
+
+ if (!cleanIndexPatterns) {
+ return false;
+ }
+
+ const indexPatterns = cleanIndexPatterns.match(/([^\s,]+)/g);
+
+ if (!indexPatterns) {
+ return false;
+ }
+
+ const lastChar = indexPatternTitle.at(-1);
+ const indexPatternTitleCleaned =
+ lastChar === '*' ? indexPatternTitle.slice(0, -1) : indexPatternTitle;
+
+ return indexPatterns.some(indexPattern => {
+ const lastChar = indexPattern.at(-1);
+ const indexPatternCleaned =
+ lastChar === '*' ? indexPattern.slice(0, -1) : indexPattern;
+
+ return (
+ indexPatternCleaned.includes(indexPatternTitleCleaned) ||
+ indexPatternTitleCleaned.includes(indexPatternCleaned)
+ );
+ });
+ },
+ );
+}
+
+export const checkIndexPatternHasTemplate = async (
+ { logger }: InitializationTaskRunContext,
+ {
+ indexPatternTitle,
+ opensearchClient,
+ }: { indexPatternTitle: string; opensearchClient: any },
+) => {
+ logger.debug('Getting templates');
+
+ const data = await opensearchClient.cat.templates({ format: 'json' });
+
+ logger.debug(
+ 'Checking the index pattern with title [${indexPatternTitle}] has defined some template',
+ );
+
+ const templatesFound = getTemplateForIndexPattern(
+ indexPatternTitle,
+ data.body,
+ );
+
+ if (templatesFound.length === 0) {
+ throw new Error(
+ `No template found for index pattern with title [${indexPatternTitle}]`,
+ );
+ }
+
+ logger.info(
+ `Template [${templatesFound
+ .map(({ name }) => name)
+ .join(
+ ', ',
+ )}] found for index pattern with title [${indexPatternTitle}]: `,
+ );
+};
+
+export const initializationTaskCreatorExistTemplate = ({
+ getOpenSearchClient,
+ getIndexPatternTitle,
+ taskName,
+}: {
+ getOpenSearchClient: (ctx: InitializationTaskRunContext) => any;
+ getIndexPatternTitle: (ctx: InitializationTaskRunContext) => Promise;
+ taskName: string;
+}) => {
+ return {
+ name: taskName,
+ async run(ctx: InitializationTaskRunContext) {
+ let indexPatternTitle;
+
+ try {
+ ctx.logger.debug('Starting check of existent template');
+
+ const opensearchClient = getOpenSearchClient(ctx);
+
+ indexPatternTitle = await getIndexPatternTitle(ctx);
+ await checkIndexPatternHasTemplate(ctx, {
+ opensearchClient,
+ indexPatternTitle,
+ });
+ ctx.logger.info('Start check of existent template finished');
+ } catch (error) {
+ const message = `Error checking of existent template for index pattern with title [${indexPatternTitle}]: ${error.message}`;
+
+ ctx.logger.error(message);
+ throw new Error(message);
+ }
+ },
+ };
+};
diff --git a/plugins/wazuh-core/server/plugin.ts b/plugins/wazuh-core/server/plugin.ts
index 4c1587ce50..cb1d53fcb2 100644
--- a/plugins/wazuh-core/server/plugin.ts
+++ b/plugins/wazuh-core/server/plugin.ts
@@ -6,6 +6,19 @@ import {
Logger,
} from 'opensearch-dashboards/server';
import { validate as validateNodeCronInterval } from 'node-cron';
+import { Configuration } from '../common/services/configuration';
+import {
+ PLUGIN_PLATFORM_SETTING_NAME_MAX_BUCKETS,
+ PLUGIN_PLATFORM_SETTING_NAME_METAFIELDS,
+ PLUGIN_PLATFORM_SETTING_NAME_TIME_FILTER,
+ PLUGIN_SETTINGS,
+ PLUGIN_SETTINGS_CATEGORIES,
+ WAZUH_CORE_CONFIGURATION_CACHE_SECONDS,
+ WAZUH_DATA_CONFIG_APP_PATH,
+ WAZUH_PLUGIN_PLATFORM_SETTING_MAX_BUCKETS,
+ WAZUH_PLUGIN_PLATFORM_SETTING_METAFIELDS,
+ WAZUH_PLUGIN_PLATFORM_SETTING_TIME_FILTER,
+} from '../common/constants';
import {
PluginSetup,
WazuhCorePluginSetup,
@@ -16,29 +29,32 @@ import {
ManageHosts,
createDashboardSecurity,
ServerAPIClient,
- UpdateRegistry,
ConfigurationStore,
+ InitializationService,
} from './services';
-import { Configuration } from '../common/services/configuration';
-import {
- PLUGIN_SETTINGS,
- PLUGIN_SETTINGS_CATEGORIES,
- WAZUH_CORE_CONFIGURATION_CACHE_SECONDS,
- WAZUH_DATA_CONFIG_APP_PATH,
-} from '../common/constants';
import { enhanceConfiguration } from './services/enhance-configuration';
+import { initializationTaskCreatorServerAPIConnectionCompatibility } from './initialization/server-api';
+import {
+ initializationTaskCreatorExistTemplate,
+ initializationTaskCreatorIndexPattern,
+ initializationTaskCreatorSetting,
+} from './initialization';
+import alertsIndexPatternDefaultFields from './initialization/index-patterns-fields/alerts-fields.json';
+import monitoringIndexPatternDefaultFields from './initialization/index-patterns-fields/monitoring-fields.json';
+import statisticsIndexPatternDefaultFields from './initialization/index-patterns-fields/statistics-fields.json';
+import vulnerabilitiesStatesFields from './initialization/index-patterns-fields/vulnerabibility-states-fields.json';
export class WazuhCorePlugin
implements Plugin
{
private readonly logger: Logger;
- private services: { [key: string]: any };
- private _internal: { [key: string]: any };
+ private readonly services: Record;
+ private readonly internal: Record;
- constructor(private initializerContext: PluginInitializerContext) {
+ constructor(private readonly initializerContext: PluginInitializerContext) {
this.logger = initializerContext.logger.get();
this.services = {};
- this._internal = {};
+ this.internal = {};
}
public async setup(
@@ -49,7 +65,7 @@ export class WazuhCorePlugin
this.services.dashboardSecurity = createDashboardSecurity(plugins);
- this._internal.configurationStore = new ConfigurationStore(
+ this.internal.configurationStore = new ConfigurationStore(
this.logger.get('configuration-store'),
{
cache_seconds: WAZUH_CORE_CONFIGURATION_CACHE_SECONDS,
@@ -58,21 +74,21 @@ export class WazuhCorePlugin
);
this.services.configuration = new Configuration(
this.logger.get('configuration'),
- this._internal.configurationStore,
+ this.internal.configurationStore,
);
// Enhance configuration service
enhanceConfiguration(this.services.configuration);
// Register the plugin settings
- Object.entries(PLUGIN_SETTINGS).forEach(([key, value]) =>
- this.services.configuration.register(key, value),
- );
+ for (const [key, value] of Object.entries(PLUGIN_SETTINGS)) {
+ this.services.configuration.register(key, value);
+ }
// Add categories to the configuration
- Object.entries(PLUGIN_SETTINGS_CATEGORIES).forEach(([key, value]) => {
+ for (const [key, value] of Object.entries(PLUGIN_SETTINGS_CATEGORIES)) {
this.services.configuration.registerCategory({ ...value, id: key });
- });
+ }
/* Workaround: Redefine the validation functions of cron.statistics.interval setting.
Because the settings are defined in the backend and frontend side using the same definitions,
@@ -81,16 +97,20 @@ export class WazuhCorePlugin
const setting = this.services.configuration._settings.get(
'cron.statistics.interval',
);
- !setting.validateUIForm &&
- (setting.validateUIForm = function (value) {
+
+ if (!setting.validateUIForm) {
+ setting.validateUIForm = function (value) {
return this.validate(value);
- });
- !setting.validate &&
- (setting.validate = function (value: string) {
+ };
+ }
+
+ if (!setting.validate) {
+ setting.validate = function (value: string) {
return validateNodeCronInterval(value)
? undefined
: 'Interval is not valid.';
- });
+ };
+ }
this.services.configuration.setup();
@@ -107,10 +127,133 @@ export class WazuhCorePlugin
this.services.manageHosts.setServerAPIClient(this.services.serverAPIClient);
+ this.services.initialization = new InitializationService(
+ this.logger.get('initialization'),
+ this.services,
+ );
+
+ this.services.initialization.setup({ core });
+
+ // Register initialization tasks
+ this.services.initialization.register(
+ initializationTaskCreatorServerAPIConnectionCompatibility({
+ taskName: 'check-server-api-connection-compatibility',
+ }),
+ );
+
+ // Index pattern: alerts
+ // TODO: this task should be registered by the related plugin
+ this.services.initialization.register(
+ initializationTaskCreatorIndexPattern({
+ getIndexPatternID: ctx => ctx.configuration.get('pattern'),
+ taskName: 'index-pattern:alerts',
+ options: {
+ savedObjectOverwrite: {
+ timeFieldName: 'timestamp',
+ },
+ fieldsNoIndices: alertsIndexPatternDefaultFields,
+ },
+ configurationSettingKey: 'checks.pattern',
+ }),
+ );
+ // Index pattern: monitoring
+ // TODO: this task should be registered by the related plugin
+ this.services.initialization.register(
+ initializationTaskCreatorIndexPattern({
+ getIndexPatternID: ctx =>
+ ctx.configuration.get('wazuh.monitoring.pattern'),
+ taskName: 'index-pattern:monitoring',
+ options: {
+ savedObjectOverwrite: {
+ timeFieldName: 'timestamp',
+ },
+ fieldsNoIndices: monitoringIndexPatternDefaultFields,
+ },
+ configurationSettingKey: 'checks.monitoring', // TODO: create new setting
+ }),
+ );
+ // Index pattern: vulnerabilities
+ // TODO: this task should be registered by the related plugin
+ this.services.initialization.register(
+ initializationTaskCreatorIndexPattern({
+ getIndexPatternID: ctx =>
+ ctx.configuration.get('vulnerabilities.pattern'),
+ taskName: 'index-pattern:vulnerabilities-states',
+ options: {
+ fieldsNoIndices: vulnerabilitiesStatesFields,
+ },
+ configurationSettingKey: 'checks.vulnerability', // TODO: create new setting
+ }),
+ );
+
+ // Index pattern: statistics
+ // TODO: this task should be registered by the related plugin
+ this.services.initialization.register(
+ initializationTaskCreatorIndexPattern({
+ getIndexPatternID: async ctx => {
+ const appConfig = await ctx.configuration.get(
+ 'cron.prefix',
+ 'cron.statistics.index.name',
+ );
+ const prefixTemplateName = appConfig['cron.prefix'];
+ const statisticsIndicesTemplateName =
+ appConfig['cron.statistics.index.name'];
+
+ return `${prefixTemplateName}-${statisticsIndicesTemplateName}-*`;
+ },
+ taskName: 'index-pattern:statistics',
+ options: {
+ savedObjectOverwrite: {
+ timeFieldName: 'timestamp',
+ },
+ fieldsNoIndices: statisticsIndexPatternDefaultFields,
+ },
+ configurationSettingKey: 'checks.statistics', // TODO: create new setting
+ }),
+ );
+
+ // Settings
+ // TODO: this task should be registered by the related plugin
+ for (const setting of [
+ {
+ key: PLUGIN_PLATFORM_SETTING_NAME_MAX_BUCKETS,
+ value: WAZUH_PLUGIN_PLATFORM_SETTING_MAX_BUCKETS,
+ configurationSetting: 'checks.maxBuckets',
+ },
+ {
+ key: PLUGIN_PLATFORM_SETTING_NAME_METAFIELDS,
+ value: WAZUH_PLUGIN_PLATFORM_SETTING_METAFIELDS,
+ configurationSetting: 'checks.metaFields',
+ },
+ {
+ key: PLUGIN_PLATFORM_SETTING_NAME_TIME_FILTER,
+ value: JSON.stringify(WAZUH_PLUGIN_PLATFORM_SETTING_TIME_FILTER),
+ configurationSetting: 'checks.timeFilter',
+ },
+ ]) {
+ this.services.initialization.register(
+ initializationTaskCreatorSetting(setting, `setting:${setting.key}`),
+ );
+ }
+
+ // Index pattern templates
+ // Index pattern template: alerts
+ // TODO: this task should be registered by the related plugin
+ this.services.initialization.register(
+ initializationTaskCreatorExistTemplate({
+ getOpenSearchClient: ctx => ctx.core.opensearch.client.asInternalUser,
+ getIndexPatternTitle: ctx => ctx.configuration.get('pattern'),
+ taskName: 'index-pattern-template:alerts',
+ }),
+ );
+
// Register a property to the context parameter of the endpoint handlers
core.http.registerRouteHandlerContext('wazuh_core', (context, request) => {
return {
...this.services,
+ logger: this.logger.get(
+ `${request.route.method.toUpperCase()} ${request.route.path}`,
+ ),
api: {
client: {
asInternalUser: this.services.serverAPIClient.asInternalUser,
@@ -141,6 +284,7 @@ export class WazuhCorePlugin
await this.services.configuration.start();
await this.services.manageHosts.start();
+ await this.services.initialization.start({ core });
return {
...this.services,
diff --git a/plugins/wazuh-core/server/services/index.ts b/plugins/wazuh-core/server/services/index.ts
index 8a794e559f..1cf09c22bf 100644
--- a/plugins/wazuh-core/server/services/index.ts
+++ b/plugins/wazuh-core/server/services/index.ts
@@ -16,3 +16,5 @@ export * from './filesystem';
export * from './manage-hosts';
export * from './security-factory';
export * from './server-api-client';
+export * from './initialization';
+export * from './types';
diff --git a/plugins/wazuh-core/server/services/initialization/README.md b/plugins/wazuh-core/server/services/initialization/README.md
new file mode 100644
index 0000000000..a2f0cee064
--- /dev/null
+++ b/plugins/wazuh-core/server/services/initialization/README.md
@@ -0,0 +1,109 @@
+# InitializationService
+
+The `InitializationService` provides a mechanism to register and run tasks when the `wazuhCore` plugin starts (plugin lifecycle).
+
+Other plugins can register tasks in the plugin `setup` lifecycle that will be run on the `wazuhCore` plugin starts.
+
+The tasks run on parallel.
+
+Optionally the registered tasks could be retrieved to run in API endpoints or getting information about its status.
+
+There are 2 scopes:
+
+- `internal`: run through the internal user
+ - on plugin starts
+ - on demand
+- `user`: run through the logged (requester) user
+ - on demand
+
+The scopes can be used to get a specific context (clients, parameters) that is set in the `scope` property of the task context.
+
+The `internal` scoped tasks keep the same execution data (see [Task execution data](#task-execution-data)), and the `user` scoped task are newly created on demand.
+
+# InitializationService tasks
+
+A task can be defined with:
+
+```ts
+interface InitializationTaskDefinition {
+ name: string;
+ run: (ctx: any) => any;
+}
+```
+
+The `ctx` is the context of the task execution and includes core services and task context services or dependencies.
+
+The `name` is used to identify the task and this is rendered in the context logger.
+
+For example, in the server log:
+
+```
+server log [11:57:39.648] [info][index-pattern-vulnerabilities-states][initialization][plugins][wazuhCore] Index pattern with ID [wazuh-states-vulnerabilities-*] does not exist
+
+```
+
+the task name is `index-pattern-vulnerabilities-states`.
+
+## Task name convention
+
+- lowercase
+- kebab case (`word1-word2`)
+- use colon ( `:` ) for tasks related to some entity that have different subentities.
+
+```
+entity_identifier:entity_specific
+```
+
+For example:
+
+```
+index-pattern:alerts
+index-pattern:statistics
+index-pattern:vulnerabilities-states
+```
+
+## Register a task
+
+```ts
+// plugin setup
+setup(){
+
+ // Register a task
+ plugins.wazuhCore.initialization.register({
+ name: 'custom-task',
+ run: (ctx) => {
+ console.log('Run from wazuhCore starts' )
+ }
+ });
+
+}
+```
+
+## Task execution data
+
+The task has the following data related to the execution:
+
+```ts
+interface InitializationTaskRunData {
+ name: string;
+ status: 'not_started' | 'running' | 'finished';
+ result: 'success' | 'fail';
+ createdAt: string | null;
+ startedAt: string | null;
+ finishedAt: string | null;
+ duration: number | null; // seconds
+ data: any;
+ error: string | null;
+}
+```
+
+## Create a task instance
+
+This is used to create the user scoped tasks.
+
+```ts
+const newTask =
+ context.wazuh_core.initialization.createNewTaskFromRegisteredTask(
+ 'example-task',
+ );
+```
diff --git a/plugins/wazuh-core/server/services/initialization/index.ts b/plugins/wazuh-core/server/services/initialization/index.ts
new file mode 100644
index 0000000000..c7f504bd7b
--- /dev/null
+++ b/plugins/wazuh-core/server/services/initialization/index.ts
@@ -0,0 +1,2 @@
+export * from './initialization';
+export * from './types';
diff --git a/plugins/wazuh-core/server/services/initialization/initialization.ts b/plugins/wazuh-core/server/services/initialization/initialization.ts
new file mode 100644
index 0000000000..f9df0d6471
--- /dev/null
+++ b/plugins/wazuh-core/server/services/initialization/initialization.ts
@@ -0,0 +1,131 @@
+import { Logger } from 'opensearch-dashboards/server';
+import { initializationTask } from '../../../common/services/initialization/constants';
+import {
+ InitializationTaskDefinition,
+ IInitializationService,
+ InitializationTaskContext,
+} from './types';
+import { addRoutes } from './routes';
+import { InitializationTask } from './lib/initialization-task';
+
+export class InitializationService implements IInitializationService {
+ private readonly items: Map;
+ private coreStart: any;
+
+ constructor(
+ private readonly logger: Logger,
+ private readonly services: any,
+ ) {
+ this.items = new Map();
+ }
+
+ async setup({ core }) {
+ this.logger.debug('Setup starts');
+ this.logger.debug('Adding routes');
+
+ const router = core.http.createRouter();
+
+ addRoutes(router, { initialization: this });
+ this.logger.debug('Added routes');
+ this.logger.debug('Setup finished');
+ }
+
+ async start({ core }) {
+ this.logger.debug('Start starts');
+ this.coreStart = core;
+ await this.runAsInternal();
+ this.logger.debug('Start finished');
+ }
+
+ async stop() {
+ this.logger.debug('Stop starts');
+ this.logger.debug('Stop finished');
+ }
+
+ register(task: InitializationTaskDefinition) {
+ this.logger.debug(`Registering ${task.name}`);
+
+ if (this.items.has(task.name)) {
+ throw new Error(
+ `[${task.name}] was already registered. Ensure the name is unique or remove the duplicated registration of same task.`,
+ );
+ }
+
+ this.items.set(task.name, new InitializationTask(task));
+ this.logger.debug(`Registered ${task.name}`);
+ }
+
+ get(name: string) {
+ this.logger.debug(`Getting task: [${name}]`);
+
+ if (!this.items.has(name)) {
+ throw new Error(`Task [${name}] not found`);
+ }
+
+ return this.items.get(name);
+ }
+
+ getAll() {
+ this.logger.debug('Getting all tasks');
+
+ return [...this.items.values()];
+ }
+
+ createRunContext(scope: InitializationTaskContext, context: any = {}) {
+ return { ...this.services, ...context, scope };
+ }
+
+ async runAsInternal(taskNames?: string[]) {
+ const ctx = this.createRunContext(initializationTask.CONTEXT.INTERNAL, {
+ core: this.coreStart,
+ });
+
+ return await this.run(ctx, taskNames);
+ }
+
+ createNewTaskFromRegisteredTask(name: string) {
+ const task = this.get(name) as InitializationTask;
+
+ if (!task) {
+ throw new Error(`Task [${name}] is not registered`);
+ }
+
+ return new InitializationTask({ name, run: task.runInternal });
+ }
+
+ private async run(ctx, taskNames?: string[]) {
+ try {
+ if (this.items.size > 0) {
+ const allTasks = [...this.items.values()];
+ const tasks = taskNames
+ ? allTasks.filter(({ name }) => taskNames.includes(name))
+ : allTasks;
+ const results = await Promise.all(
+ tasks.map(async item => {
+ const logger = this.logger.get(item.name);
+
+ try {
+ return await item.run({
+ ...this.services,
+ ...ctx,
+ logger,
+ });
+ } catch (error) {
+ logger.error(
+ `Error running task [${item.name}]: ${error.message}`,
+ );
+
+ return item.getInfo();
+ }
+ }),
+ );
+
+ return results;
+ } else {
+ this.logger.info('No tasks');
+ }
+ } catch (error) {
+ this.logger.error(`Error starting: ${error.message}`);
+ }
+ }
+}
diff --git a/plugins/wazuh-core/server/services/initialization/lib/initialization-task.ts b/plugins/wazuh-core/server/services/initialization/lib/initialization-task.ts
new file mode 100644
index 0000000000..82e69c84e7
--- /dev/null
+++ b/plugins/wazuh-core/server/services/initialization/lib/initialization-task.ts
@@ -0,0 +1,86 @@
+import {
+ InitializationTaskDefinition,
+ InitializationTaskRunData,
+ IInitializationTask,
+} from '../types';
+import { initializationTask } from '../../../../common/services/initialization/constants';
+
+export class InitializationTask implements IInitializationTask {
+ public name: string;
+ private readonly runInternal: any;
+ public status: InitializationTaskRunData['status'] =
+ initializationTask.RUN_STATUS.NOT_STARTED;
+ public result: InitializationTaskRunData['result'] =
+ initializationTask.RUN_RESULT.NULL;
+ public data: any = null;
+ public createdAt: InitializationTaskRunData['createdAt'] =
+ new Date().toISOString();
+ public startedAt: InitializationTaskRunData['startedAt'] = null;
+ public finishedAt: InitializationTaskRunData['finishedAt'] = null;
+ public duration: InitializationTaskRunData['duration'] = null;
+ public error = null;
+
+ constructor(task: InitializationTaskDefinition) {
+ this.name = task.name;
+ this.runInternal = task.run;
+ }
+
+ private init() {
+ this.status = initializationTask.RUN_STATUS.RUNNING;
+ this.result = null;
+ this.data = null;
+ this.startedAt = new Date().toISOString();
+ this.finishedAt = null;
+ this.duration = null;
+ this.error = null;
+ }
+
+ async run(...params) {
+ if (this.status === initializationTask.RUN_STATUS.RUNNING) {
+ throw new Error(`Another instance of task ${this.name} is running`);
+ }
+
+ let error;
+
+ try {
+ this.init();
+ this.data = await this.runInternal(...params);
+ this.result = initializationTask.RUN_RESULT.SUCCESS;
+ } catch (error_) {
+ error = error_;
+ this.result = initializationTask.RUN_RESULT.FAIL;
+ this.error = error_.message;
+ } finally {
+ this.status = initializationTask.RUN_STATUS.FINISHED;
+ this.finishedAt = new Date().toISOString();
+
+ const dateStartedAt = new Date(this.startedAt as string);
+ const dateFinishedAt = new Date(this.finishedAt);
+
+ this.duration =
+ ((dateFinishedAt.getTime() - dateStartedAt.getTime()) as number) / 1000;
+ }
+
+ if (error) {
+ throw error;
+ }
+
+ return this.getInfo();
+ }
+
+ getInfo() {
+ return Object.fromEntries(
+ [
+ 'name',
+ 'status',
+ 'result',
+ 'data',
+ 'createdAt',
+ 'startedAt',
+ 'finishedAt',
+ 'duration',
+ 'error',
+ ].map(item => [item, this[item]]),
+ ) as IInitializationTask;
+ }
+}
diff --git a/plugins/wazuh-core/server/services/initialization/routes.ts b/plugins/wazuh-core/server/services/initialization/routes.ts
new file mode 100644
index 0000000000..2be1b8905e
--- /dev/null
+++ b/plugins/wazuh-core/server/services/initialization/routes.ts
@@ -0,0 +1,254 @@
+import { schema } from '@osd/config-schema';
+
+const getTaskList = (tasksAsString: string) => tasksAsString.split(',');
+
+interface EnhancedLoggerLog {
+ timestamp: string;
+ level: string;
+ message: string;
+}
+
+function enhanceTaskLogger(logger) {
+ const logs: EnhancedLoggerLog[] = [];
+ const enhancedLogger = {
+ getLogs() {
+ return logs;
+ },
+ };
+
+ for (const level of ['debug', 'info', 'warn', 'error']) {
+ enhancedLogger[level] = (message: string) => {
+ logs.push({ timestamp: new Date().toISOString(), level, message });
+ logger[level](message);
+ };
+ }
+
+ return enhancedLogger;
+}
+
+export function addRoutes(router, { initialization }) {
+ const validateTaskList = schema.maybe(
+ schema.string({
+ validate(value: string) {
+ const tasks = initialization.get();
+ const requestTasks = getTaskList(value);
+ const invalidTasks = requestTasks.filter(requestTask =>
+ tasks.every(({ name }) => requestTask !== name),
+ );
+
+ if (invalidTasks.length > 0) {
+ return `Invalid tasks: ${invalidTasks.join(', ')}`;
+ }
+
+ return;
+ },
+ }),
+ );
+ const apiEndpointBase = '/api/initialization';
+
+ // Get the status of internal initialization tasks
+ router.get(
+ {
+ path: `${apiEndpointBase}/internal`,
+ validate: {
+ tasks: schema.object({
+ tasks: validateTaskList,
+ }),
+ },
+ },
+ async (context, request, response) => {
+ try {
+ const tasksNames = request.query.tasks
+ ? getTaskList(request.query.tasks)
+ : undefined;
+ const logger = context.wazuh_core.logger;
+
+ logger.debug(`Getting initialization tasks related to internal scope`);
+
+ const tasks = tasksNames
+ ? tasksNames.map(taskName =>
+ context.wazuh_core.initialization.get(taskName),
+ )
+ : context.wazuh_core.initialization.getAll();
+ const tasksData = tasks.map(task => task.getInfo());
+
+ logger.debug(
+ `Initialzation tasks related to internal scope: [${[...tasksData]
+ .map(({ name }) => name)
+ .join(', ')}]`,
+ );
+
+ return response.ok({
+ body: {
+ message: `All initialization tasks are returned: ${tasks
+ .map(({ name }) => name)
+ .join(', ')}`,
+ tasks: tasksData,
+ },
+ });
+ } catch (error) {
+ return response.internalError({
+ body: {
+ message: `Error getting the internal initialization tasks: ${error.message}`,
+ },
+ });
+ }
+ },
+ );
+
+ // Run the internal initialization tasks
+ // TODO: protect with administrator privilegies
+ router.post(
+ {
+ path: `${apiEndpointBase}/internal`,
+ validate: {
+ query: schema.object({
+ tasks: validateTaskList,
+ }),
+ },
+ },
+ async (context, request, response) => {
+ try {
+ const tasksNames = request.query.tasks
+ ? getTaskList(request.query.tasks)
+ : undefined;
+ const logger = context.wazuh_core.logger;
+
+ logger.debug(`Running initialization tasks related to internal scope`);
+
+ const results =
+ await context.wazuh_core.initialization.runAsInternal(tasksNames);
+
+ logger.info(
+ `Initialization tasks related to internal scope were executed`,
+ );
+
+ return response.ok({
+ body: {
+ message: `All initialization tasks are returned: ${results
+ .map(({ name }) => name)
+ .join(', ')}`,
+ tasks: results,
+ },
+ });
+ } catch (error) {
+ return response.internalError({
+ body: {
+ message: `Error running the internal initialization tasks: ${error.message}`,
+ },
+ });
+ }
+ },
+ );
+
+ router.post(
+ {
+ path: `${apiEndpointBase}/user`,
+ validate: {
+ // TODO: restrict to user tasks
+ query: schema.object({
+ tasks: validateTaskList,
+ }),
+ },
+ },
+ async (context, request, response) => {
+ try {
+ const tasksNames = request.query.tasks
+ ? getTaskList(request.query.tasks)
+ : undefined;
+ const logger = context.wazuh_core.logger;
+ const username = ''; // TODO: get value
+ const scope = 'user';
+
+ logger.debug(
+ `Getting initialization tasks related to user [${username}] scope [${scope}]`,
+ );
+
+ const initializationTasks = context.wazuh_core.initialization.get();
+ const indexPatternTasks = initializationTasks
+ .filter(({ name }) => name.startsWith('index-pattern:'))
+ .map(({ name }) =>
+ context.wazuh_core.initialization.createNewTaskFromRegisteredTask(
+ name,
+ ),
+ );
+ const settingsTasks = initializationTasks
+ .filter(({ name }) => name.startsWith('setting:'))
+ .map(({ name }) =>
+ context.wazuh_core.initialization.createNewTaskFromRegisteredTask(
+ name,
+ ),
+ );
+ const allUserTasks = [...indexPatternTasks, ...settingsTasks];
+ const tasks = tasksNames
+ ? allUserTasks.filter(({ name }) => tasksNames.includes(name))
+ : allUserTasks;
+
+ logger.debug(
+ `Initialzation tasks related to user [${username}] scope [${scope}]: [${tasks
+ .map(({ name }) => name)
+ .join(', ')}]`,
+ );
+
+ const taskContext = context.wazuh_core.initialization.createRunContext(
+ 'user',
+ { core: context.core, request },
+ );
+
+ logger.debug(`Running tasks for user [${username}] scope [${scope}]`);
+
+ const results = await Promise.all(
+ tasks.map(async task => {
+ const taskLogger = enhanceTaskLogger(logger);
+
+ try {
+ await task.run({
+ ...taskContext,
+ // TODO: use user selection index patterns
+ logger: taskLogger,
+ ...(task.name.includes('index-pattern:')
+ ? {
+ getIndexPatternID: () =>
+ task.name /* TODO: use request parameters/body/cookies */,
+ }
+ : {}),
+ });
+ } catch {
+ /* empty */
+ } finally {
+ // eslint-disable-next-line no-unsafe-finally
+ return {
+ logs: taskLogger.getLogs(),
+ ...task.getInfo(),
+ };
+ }
+ }),
+ );
+
+ logger.debug(`All tasks for user [${username}] scope [${scope}] run`);
+
+ const initialMessage =
+ 'All the initialization tasks related to user scope were executed.';
+ const message = [
+ initialMessage,
+ results.some(({ error }) => error) && 'There was some errors.',
+ ]
+ .filter(Boolean)
+ .join(' ');
+
+ return response.ok({
+ body: {
+ message,
+ tasks: results,
+ },
+ });
+ } catch (error) {
+ return response.internalError({
+ body: {
+ message: `Error initializating the tasks: ${error.message}`,
+ },
+ });
+ }
+ },
+ );
+}
diff --git a/plugins/wazuh-core/server/services/initialization/types.ts b/plugins/wazuh-core/server/services/initialization/types.ts
new file mode 100644
index 0000000000..254dae3af9
--- /dev/null
+++ b/plugins/wazuh-core/server/services/initialization/types.ts
@@ -0,0 +1,49 @@
+import {
+ InitializationTaskRunResult,
+ InitializationTaskRunStatus,
+} from '../../../common/services/initialization/types';
+import { LifecycleService, WazuhCoreServices } from '../types';
+import { CoreStart, Logger } from '../../../../../core/server';
+
+export interface InitializationTaskDefinition {
+ name: string;
+ run: (ctx: any) => any;
+}
+
+export interface InitializationTaskRunData {
+ name: InitializationTaskDefinition['name'];
+ status: InitializationTaskRunStatus;
+ result: InitializationTaskRunResult;
+ createdAt: string | null;
+ startedAt: string | null;
+ finishedAt: string | null;
+ duration: number | null; // seconds
+ data: any;
+ error: string | null;
+}
+
+export interface IInitializationTask extends InitializationTaskRunData {
+ run: (ctx: Context) => Promise;
+ getInfo: () => InitializationTaskRunData;
+}
+
+export type InitializationTaskContext = 'internal' | 'user';
+export interface IInitializationService
+ extends LifecycleService {
+ register: (task: InitializationTaskDefinition) => void;
+ get: (taskName: string) => InitializationTaskRunData;
+ getAll: () => InitializationTaskRunData[];
+ createRunContext: (
+ scope: InitializationTaskContext,
+ context: ContextType,
+ ) => {
+ scope: InitializationTaskContext;
+ };
+ runAsInternal: (tasks?: string[]) => Promise;
+}
+
+export interface InitializationTaskRunContext extends WazuhCoreServices {
+ core: CoreStart;
+ logger: Logger;
+ scope: InitializationTaskContext;
+}
diff --git a/plugins/wazuh-core/server/services/types.ts b/plugins/wazuh-core/server/services/types.ts
new file mode 100644
index 0000000000..77a1c4fdf0
--- /dev/null
+++ b/plugins/wazuh-core/server/services/types.ts
@@ -0,0 +1,26 @@
+import { IConfigurationEnhanced } from './enhance-configuration';
+import { IInitializationService } from './initialization';
+import { ManageHosts } from './manage-hosts';
+import { ISecurityFactory } from './security-factory';
+import { ServerAPIClient } from './server-api-client';
+
+export interface LifecycleService<
+ SetupDeps = any,
+ SetupReturn = any,
+ StartDeps = any,
+ StartReturn = any,
+ StopDeps = any,
+ StopReturn = any,
+> {
+ setup: (deps: SetupDeps) => SetupReturn;
+ start: (deps: StartDeps) => StartReturn;
+ stop: (deps: StopDeps) => StopReturn;
+}
+
+export interface WazuhCoreServices {
+ dashboardSecurity: ISecurityFactory;
+ configuration: IConfigurationEnhanced;
+ manageHosts: ManageHosts;
+ serverAPIClient: ServerAPIClient;
+ initialization: IInitializationService;
+}
diff --git a/plugins/wazuh-core/server/types.ts b/plugins/wazuh-core/server/types.ts
index 509a74600f..d2e7bf16fe 100644
--- a/plugins/wazuh-core/server/types.ts
+++ b/plugins/wazuh-core/server/types.ts
@@ -1,18 +1,11 @@
import {
- ISecurityFactory,
- ManageHosts,
- ServerAPIClient,
ServerAPIInternalUserClient,
ServerAPIScopedUserClient,
+ WazuhCoreServices,
} from './services';
-import { IConfigurationEnhanced } from './services/enhance-configuration';
// eslint-disable-next-line @typescript-eslint/no-empty-interface
-export interface WazuhCorePluginSetup {
- dashboardSecurity: ISecurityFactory;
- configuration: IConfigurationEnhanced;
- manageHosts: ManageHosts;
- serverAPIClient: ServerAPIClient;
+export interface WazuhCorePluginSetup extends WazuhCoreServices {
api: {
client: {
asInternalUser: ServerAPIInternalUserClient;
@@ -21,11 +14,7 @@ export interface WazuhCorePluginSetup {
};
}
// eslint-disable-next-line @typescript-eslint/no-empty-interface
-export interface WazuhCorePluginStart {
- dashboardSecurity: ISecurityFactory;
- configuration: IConfigurationEnhanced;
- manageHosts: ManageHosts;
- serverAPIClient: ServerAPIClient;
+export interface WazuhCorePluginStart extends WazuhCoreServices {
api: {
client: {
asInternalUser: ServerAPIInternalUserClient;
@@ -34,6 +23,8 @@ export interface WazuhCorePluginStart {
};
}
-export type PluginSetup = {
- securityDashboards?: {}; // TODO: Add OpenSearch Dashboards Security interface
-};
+export interface PluginSetup {
+ securityDashboards?: object; // TODO: Add OpenSearch Dashboards Security interface
+}
+
+export * from './services/initialization/types';