Merge branch 'master' into 396-add-states-inventory-fim-index-templat…

…e-definition

.github/ISSUE_TEMPLATE/compatibility_request.md

@@ -2,7 +2,7 @@
 name: Compatibility request
 about: Suggest supporting a new version of OpenSearch
 title: 'Compatibility with OpenSearch (version)'
-labels: compatibility, level/task, type/research
+labels: request/operational, level/task, type/research
 assignees: ''
 
 ---
@@ -15,9 +15,10 @@ For that, we need to:
 
 - [ ] Review opensearch's release notes. 
 - [ ] Identify improvements and potential impact.
+- [ ] Identify changes on upstream files (listed on https://github.com/wazuh/wazuh-indexer/issues/94)
 - [ ] Create new development branch.
 - [ ] Develop a testing environment to verify our components would work under this new build.
-
+- [ ] Indexer-Dashboard compatibility testing (open issue using the [template](https://github.com/wazuh/wazuh-indexer/issues/new/choose)).
 
 ## Issues
 -  _List here the detected issues_

.github/ISSUE_TEMPLATE/compatibility_test.md

@@ -0,0 +1,27 @@
+---
+name: Indexer-Dashboard compatibility testing with OpenSearch
+about: Issue to perform internal testing of Indexer-Dashboard packages under a new version of OpenSearch
+title: 'Indexer-Dashboard testing under OpenSearch (version)'
+labels: request/operational, level/task, type/test
+assignees: ''
+
+---
+
+
+## Description
+
+We need to ensure our components work under the new version of OpenSearch. The goal of this issue is to test our packages, their lifecycle and the main correct communication of Indexer and Dashboard.
+
+For that, we need to:
+
+- [x] (Prerequisite) \<indexer-opensearch-compatibility-issue> 
+- [x] (Prerequisite) \<dashboard-opensearch-compatibility-issue>
+- [ ] Verify the packages installs
+- [ ] Verify the package upgrades: \<from-version> ⇾ \<to-version>
+- [ ] Indexer-Dashboard communication works
+
+
+Tests must be performed following the official documentation under RHEL 9 and Ubuntu 22.04 operating systems, or newer versions if available and supported.
+
+## Issues
+-  _List here the detected issues_

ecs/generate.sh

@@ -43,9 +43,19 @@ generate_mappings() {
     --mapping-settings "$IN_FILES_DIR/mapping-settings.json" \
     --out "$OUT_DIR" || exit 1
 
-  # Replace "match_only_text" type (not supported by OpenSearch) with "text"
-  echo "Replacing \"match_only_text\" type with \"text\""
-  find "$OUT_DIR" -type f -exec sed -i 's/match_only_text/text/g' {} \;
+  # Replace "constant_keyword" type (not supported by OpenSearch) with "keyword"
+  echo "Replacing \"constant_keyword\" type with \"keyword\""
+  find "$OUT_DIR" -type f -exec sed -i 's/constant_keyword/keyword/g' {} \;
+
+  # Replace "flattened" type (not supported by OpenSearch) with "flat_object"
+  echo "Replacing \"flattened\" type with \"flat_object\""
+  find "$OUT_DIR" -type f -exec sed -i 's/flattened/flat_object/g' {} \;
+
+  # Replace "scaled_float" type with "float"
+  echo "Replacing \"scaled_float\" type with \"float\""
+  find "$OUT_DIR" -type f -exec sed -i 's/scaled_float/float/g' {} \;
+  echo "Removing scaling_factor lines"
+  find "$OUT_DIR" -type f -exec sed -i '/scaling_factor/d' {} \;
 
   # Replace "constant_keyword" type (not supported by OpenSearch) with "keyword"
   echo "Replacing \"constant_keyword\" type with \"keyword\""

ecs/states-inventory-packages/fields/custom/agent.yml

@@ -0,0 +1,12 @@
+---
+- name: agent
+  title: Wazuh Agents
+  short: Wazuh Inc. custom fields.
+  type: group
+  group: 2
+  fields:
+    - name: groups
+      type: keyword
+      level: custom
+      description: >
+        The groups the agent belongs to.

ecs/states-inventory-packages/fields/subset.yml

@@ -0,0 +1,21 @@
+---
+name: wazuh-states-inventory-packages
+fields:
+  base:
+    fields:
+      "@timestamp": {}
+      tags: []
+  agent:
+    fields:
+      id: {}
+      groups: {}
+  package:
+    fields:
+      architecture: ""
+      description: ""
+      installed: {}
+      name: ""
+      path: ""
+      size: {}
+      type: ""
+      version: ""

ecs/states-inventory-packages/fields/template-settings-legacy.json

@@ -0,0 +1,19 @@
+{
+  "index_patterns": ["wazuh-states-inventory-packages*"],
+  "order": 1,
+  "settings": {
+    "index": {
+      "number_of_shards": "1",
+      "number_of_replicas": "0",
+      "refresh_interval": "5s",
+      "query.default_field": [
+        "agent.id",
+        "agent.groups",
+        "package.architecture",
+        "package.name",
+        "package.version",
+        "package.type"
+      ]
+    }
+  }
+}

ecs/states-inventory-packages/fields/template-settings.json

@@ -0,0 +1,21 @@
+{
+  "index_patterns": ["wazuh-states-inventory-packages*"],
+  "priority": 1,
+  "template": {
+    "settings": {
+      "index": {
+        "number_of_shards": "1",
+        "number_of_replicas": "0",
+        "refresh_interval": "5s",
+        "query.default_field": [
+          "agent.id",
+          "agent.groups",
+          "package.architecture",
+          "package.name",
+          "package.version",
+          "package.type"
+        ]
+      }
+    }
+  }
+}

ecs/states-inventory-processes/fields/custom/agent.yml

@@ -0,0 +1,12 @@
+---
+- name: agent
+  title: Wazuh Agents
+  short: Wazuh Inc. custom fields.
+  type: group
+  group: 2
+  fields:
+    - name: groups
+      type: keyword
+      level: custom
+      description: >
+        The groups the agent belongs to.

ecs/states-inventory-processes/fields/mapping-settings.json

@@ -0,0 +1,4 @@
+{
+    "dynamic": "strict",
+    "date_detection": false
+}

ecs/states-inventory-processes/fields/subset.yml

@@ -0,0 +1,42 @@
+---
+name: wazuh-states-inventory-processes
+fields:
+  base:
+    fields:
+      "@timestamp": {}
+      tags: []
+  agent:
+    fields:
+      id: {}
+      groups: {}
+  process:
+    fields:
+      pid: {}
+      name: ""
+      parent:
+        fields:
+          pid: {}
+      command_line: ""
+      args: ""
+      user:
+        fields:
+          id: ""
+      real_user:
+        fields:
+          id: ""
+      saved_user:
+        fields:
+          id: ""
+      group:
+        fields:
+          id: ""
+      real_group:
+        fields:
+          id: ""
+      saved_group:
+        fields:
+          id: ""
+      start: {}
+      thread:
+        fields:
+          id: ""

ecs/states-inventory-processes/fields/template-settings-legacy.json

@@ -0,0 +1,18 @@
+{
+  "index_patterns": ["wazuh-states-inventory-processes*"],
+  "order": 1,
+  "settings": {
+    "index": {
+      "number_of_shards": "1",
+      "number_of_replicas": "0",
+      "refresh_interval": "5s",
+      "query.default_field": [
+        "agent.id",
+        "agent.groups",
+        "process.name",
+        "process.pid",
+        "process.command_line"
+      ]
+    }
+  }
+}

ecs/states-inventory-processes/fields/template-settings.json

@@ -0,0 +1,20 @@
+{
+  "index_patterns": ["wazuh-states-inventory-processes*"],
+  "priority": 1,
+  "template": {
+    "settings": {
+      "index": {
+        "number_of_shards": "1",
+        "number_of_replicas": "0",
+        "refresh_interval": "5s",
+        "query.default_field": [
+          "agent.id",
+          "agent.groups",
+          "process.name",
+          "process.pid",
+          "process.command_line"
+        ]
+      }
+    }
+  }
+}

ecs/states-inventory-system/fields/custom/agent.yml

@@ -0,0 +1,12 @@
+---
+- name: agent
+  title: Wazuh Agents
+  short: Wazuh Inc. custom fields.
+  type: group
+  group: 2
+  fields:
+    - name: groups
+      type: keyword
+      level: custom
+      description: >
+        The groups the agent belongs to.

ecs/states-inventory-system/fields/mapping-settings.json

@@ -0,0 +1,4 @@
+{
+    "dynamic": "strict",
+    "date_detection": false
+}

ecs/states-inventory-system/fields/subset.yml

@@ -0,0 +1,23 @@
+---
+name: wazuh-states-inventory-system
+fields:
+  base:
+    fields:
+      tags: []
+      "@timestamp": {}
+  agent:
+    fields:
+      id: {}
+      groups: {}
+  host:
+    fields:
+      architecture: {}
+      hostname: {}
+      name: {}
+      os:
+        fields:
+          kernel: {}
+          full: {}
+          platform: {}
+          version: {}
+          type: {}

ecs/states-inventory-system/fields/template-settings-legacy.json

@@ -0,0 +1,18 @@
+{
+  "index_patterns": ["wazuh-states-inventory-system*"],
+  "order": 1,
+  "settings": {
+    "index": {
+      "number_of_shards": "1",
+      "number_of_replicas": "0",
+      "refresh_interval": "5s",
+      "query.default_field": [
+        "agent.id",
+        "agent.groups",
+        "host.name",
+        "host.os.type",
+        "host.os.version"
+      ]
+    }
+  }
+}

ecs/states-inventory-system/fields/template-settings.json

@@ -0,0 +1,20 @@
+{
+  "index_patterns": ["wazuh-states-inventory-system*"],
+  "priority": 1,
+  "template": {
+    "settings": {
+      "index": {
+        "number_of_shards": "1",
+        "number_of_replicas": "0",
+        "refresh_interval": "5s",
+        "query.default_field": [
+          "agent.id",
+          "agent.groups",
+          "host.name",
+          "host.os.type",
+          "host.os.version"
+        ]
+      }
+    }
+  }
+}

ecs/vulnerability-detector/fields/custom/vulnerability.yml → ecs/states-vulnerabilities/fields/custom/vulnerability.yml

@@ -1,3 +1,4 @@
+---
 - name: vulnerability
   title: Vulnerability
   group: 2
@@ -16,4 +17,14 @@
       type: date
       level: custom
       description: >
-        Vulnerability's publication date.
+        Vulnerability's publication date.
+    - name: under_evaluation
+      type: boolean
+      level: custom
+      description: >
+        Indicates if the vulnerability is awaiting analysis by the NVD.
+    - name: scanner.source
+      type: keyword
+      level: custom
+      description: >
+        The origin of the decision of the scanner (AKA feed used to detect the vulnerability).

ecs/vulnerability-detector/fields/custom/wazuh.yml → ecs/states-vulnerabilities/fields/custom/wazuh.yml

@@ -14,13 +14,8 @@
       level: custom
       description: >
         Wazuh cluster node name.
-    - name: manager.name
-      type: keyword
-      level: custom
-      description: >
-        Wazuh manager name. Used by dashboards to filter results on single node deployments.
     - name: schema.version
       type: keyword
       level: custom
       description: >
-        Wazuh schema version.
+        Wazuh schema version.

ecs/states-vulnerabilities/fields/mapping-settings.json

@@ -0,0 +1,4 @@
+{
+    "dynamic": "strict",
+    "date_detection": false
+}