Skip to content

Commit

Permalink
collect outdated wazuh and velo agents
Browse files Browse the repository at this point in the history
  • Loading branch information
@taylorwalton
taylorwalton committed Jul 17, 2023
1 parent 90fa126 commit d58fb72
Show file tree
Hide file tree
Showing 4 changed files with 122 additions and 1 deletion.
24 changes: 24 additions & 0 deletions backend/app/routes/agents.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -118,3 +118,27 @@ def get_agent_vulnerabilities(agent_id: str) -> Any:
agent_id=agent_id,
)
return jsonify(agent_vulnerabilities)


@bp.route("/agents/wazuh/outdated", methods=["GET"])
def get_outdated_wazuh_agents() -> Any:
"""
Endpoint to get the outdated Wazuh agents.
Returns:
json: A JSON response containing the list of outdated Wazuh agents.
"""
service = AgentService()
agents = service.get_outdated_agents_wazuh()
return jsonify(agents)


@bp.route("/agents/velociraptor/outdated", methods=["GET"])
def get_outdated_velociraptor_agents() -> Any:
"""
Endpoint to get the outdated Velociraptor agents.
Returns:
json: A JSON response containing the list of outdated Velociraptor agents.
"""
service = AgentService()
agents = service.get_outdated_agents_velociraptor()
return jsonify(agents)
12 changes: 12 additions & 0 deletions backend/app/services/Velociraptor/universal.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -211,6 +211,18 @@ def _get_client_version(self, vql: str):
"""
return self.execute_query(vql)["results"][0]["agent_information"]["version"]

def _get_server_version(self, vql: str):
"""
Executes the VQL query and returns the velociraptor server version.
Args:
vql (str): The VQL query.
Returns:
str: The server version.
"""
return self.execute_query(vql)["results"][0]["version"]["version"]

def _is_offline(self, last_seen_at: float):
"""
Determines if the client is offline based on the last_seen_at timestamp.
Expand Down
43 changes: 42 additions & 1 deletion backend/app/services/agents/agents.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -61,6 +61,47 @@ def get_agent(self, agent_id: str) -> Optional[AgentMetadata]:
"""
return db.session.query(AgentMetadata).filter_by(agent_id=agent_id).first()

def get_outdated_agents_wazuh(self) -> List[Dict[str, Union[str, bool]]]:
"""
Retrieves all agents with outdated Wazuh agent versions from the database.
Returns:
List[dict]: A list of dictionaries where each dictionary represents the serialized data of an outdated agent.
"""
wazuh_manager = self.get_agent("000")
if wazuh_manager is None:
logger.error("Wazuh Manager with agent_id '000' not found.")
return {"message": "Wazuh Manager with agent_id '000' not found.", "success": False}

outdated_wazuh_agents = []
agents = db.session.query(AgentMetadata).filter(AgentMetadata.agent_id != "000").all()
for agent in agents:
if agent.wazuh_agent_version != wazuh_manager.wazuh_agent_version:
outdated_wazuh_agents.append(agent_metadata_schema.dump(agent))

return {"message": "Outdated Wazuh agents retrieved successfully", "success": True, "outdated_wazuh_agents": outdated_wazuh_agents}

def get_outdated_agents_velociraptor(self) -> List[Dict[str, Union[str, bool]]]:
"""
Retrieves all agents with outdated Velociraptor client versions from the database.
Returns:
List[dict]: A list of dictionaries where each dictionary represents the serialized data of an outdated agent.
"""
outdated_velociraptor_agents = []
vql_server_version = "select * from config"
server_version = UniversalService()._get_server_version(vql_server_version)
agents = db.session.query(AgentMetadata).all()
for agent in agents:
if agent.velociraptor_client_version != server_version:
outdated_velociraptor_agents.append(agent_metadata_schema.dump(agent))

return {
"message": "Outdated Velociraptor agents retrieved successfully",
"success": True,
"outdated_velociraptor_agents": outdated_velociraptor_agents,
}

def mark_agent_criticality(self, agent_id: str, critical: bool) -> Dict[str, Union[str, bool]]:
"""
Marks a specific agent as critical or non-critical.
Expand Down Expand Up @@ -167,7 +208,7 @@ def delete_agent_db(self, agent_id: str) -> Dict[str, Union[str, bool]]:

def get_velo_metadata(self, agent_name: str) -> Optional[str]:
"""
Retrieves the client ID and last_seen_at based on the agent name from Velociraptor.
Retrieves the client ID, last_seen_at and client version based on the agent name from Velociraptor.
Args:
agent_name (str): The name of the agent.
Expand Down
44 changes: 44 additions & 0 deletions backend/app/static/swagger.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -560,6 +560,50 @@
}
}
},
"/agents/wazuh/outdated": {
"get": {
"tags": ["Agents"],
"summary": "Get outdated Wazuh agents",
"description": "Endpoint to get the outdated Wazuh agents.",
"responses": {
"200": {
"description": "Successful operation",
"content": {
"application/json": {
"schema": {
"type": "array",
"items": {
"$ref": "#/components/schemas/Agent"
}
}
}
}
}
}
}
},
"/agents/velociraptor/outdated": {
"get": {
"tags": ["Agents"],
"summary": "Get outdated Velociraptor agents",
"description": "Endpoint to get the outdated Velociraptor agents.",
"responses": {
"200": {
"description": "Successful operation",
"content": {
"application/json": {
"schema": {
"type": "array",
"items": {
"$ref": "#/components/schemas/Agent"
}
}
}
}
}
}
}
},
"/rule/disable": {
"post": {
"summary": "Disable a rule",
Expand Down

0 comments on commit d58fb72

Please sign in to comment.