Merge branch 'master' into 404-add-states-inventory-vulnerabilities-i…

…ndex-template-definition

.github/ISSUE_TEMPLATE/compatibility_request.md

@@ -2,7 +2,7 @@
 name: Compatibility request
 about: Suggest supporting a new version of OpenSearch
 title: 'Compatibility with OpenSearch (version)'
-labels: compatibility, level/task, type/research
+labels: request/operational, level/task, type/research
 assignees: ''
 
 ---
@@ -15,9 +15,10 @@ For that, we need to:
 
 - [ ] Review opensearch's release notes. 
 - [ ] Identify improvements and potential impact.
+- [ ] Identify changes on upstream files (listed on https://github.com/wazuh/wazuh-indexer/issues/94)
 - [ ] Create new development branch.
 - [ ] Develop a testing environment to verify our components would work under this new build.
-
+- [ ] Indexer-Dashboard compatibility testing (open issue using the [template](https://github.com/wazuh/wazuh-indexer/issues/new/choose)).
 
 ## Issues
 -  _List here the detected issues_

.github/ISSUE_TEMPLATE/compatibility_test.md

@@ -0,0 +1,27 @@
+---
+name: Indexer-Dashboard compatibility testing with OpenSearch
+about: Issue to perform internal testing of Indexer-Dashboard packages under a new version of OpenSearch
+title: 'Indexer-Dashboard testing under OpenSearch (version)'
+labels: request/operational, level/task, type/test
+assignees: ''
+
+---
+
+
+## Description
+
+We need to ensure our components work under the new version of OpenSearch. The goal of this issue is to test our packages, their lifecycle and the main correct communication of Indexer and Dashboard.
+
+For that, we need to:
+
+- [x] (Prerequisite) \<indexer-opensearch-compatibility-issue> 
+- [x] (Prerequisite) \<dashboard-opensearch-compatibility-issue>
+- [ ] Verify the packages installs
+- [ ] Verify the package upgrades: \<from-version> ⇾ \<to-version>
+- [ ] Indexer-Dashboard communication works
+
+
+Tests must be performed following the official documentation under RHEL 9 and Ubuntu 22.04 operating systems, or newer versions if available and supported.
+
+## Issues
+-  _List here the detected issues_

ecs/generate.sh

@@ -43,9 +43,19 @@ generate_mappings() {
     --mapping-settings "$IN_FILES_DIR/mapping-settings.json" \
     --out "$OUT_DIR" || exit 1
 
-  # Replace "match_only_text" type (not supported by OpenSearch) with "text"
-  echo "Replacing \"match_only_text\" type with \"text\""
-  find "$OUT_DIR" -type f -exec sed -i 's/match_only_text/text/g' {} \;
+  # Replace "constant_keyword" type (not supported by OpenSearch) with "keyword"
+  echo "Replacing \"constant_keyword\" type with \"keyword\""
+  find "$OUT_DIR" -type f -exec sed -i 's/constant_keyword/keyword/g' {} \;
+
+  # Replace "flattened" type (not supported by OpenSearch) with "flat_object"
+  echo "Replacing \"flattened\" type with \"flat_object\""
+  find "$OUT_DIR" -type f -exec sed -i 's/flattened/flat_object/g' {} \;
+
+  # Replace "scaled_float" type with "float"
+  echo "Replacing \"scaled_float\" type with \"float\""
+  find "$OUT_DIR" -type f -exec sed -i 's/scaled_float/float/g' {} \;
+  echo "Removing scaling_factor lines"
+  find "$OUT_DIR" -type f -exec sed -i '/scaling_factor/d' {} \;
 
   # Replace "constant_keyword" type (not supported by OpenSearch) with "keyword"
   echo "Replacing \"constant_keyword\" type with \"keyword\""

ecs/states-inventory-packages/fields/custom/agent.yml

@@ -0,0 +1,12 @@
+---
+- name: agent
+  title: Wazuh Agents
+  short: Wazuh Inc. custom fields.
+  type: group
+  group: 2
+  fields:
+    - name: groups
+      type: keyword
+      level: custom
+      description: >
+        The groups the agent belongs to.

ecs/states-inventory-packages/fields/mapping-settings.json

@@ -0,0 +1,4 @@
+{
+    "dynamic": "strict",
+    "date_detection": false
+}

ecs/states-inventory-packages/fields/subset.yml

@@ -0,0 +1,21 @@
+---
+name: wazuh-states-inventory-packages
+fields:
+  base:
+    fields:
+      "@timestamp": {}
+      tags: []
+  agent:
+    fields:
+      id: {}
+      groups: {}
+  package:
+    fields:
+      architecture: ""
+      description: ""
+      installed: {}
+      name: ""
+      path: ""
+      size: {}
+      type: ""
+      version: ""

ecs/states-inventory-packages/fields/template-settings-legacy.json

@@ -0,0 +1,19 @@
+{
+  "index_patterns": ["wazuh-states-inventory-packages*"],
+  "order": 1,
+  "settings": {
+    "index": {
+      "number_of_shards": "1",
+      "number_of_replicas": "0",
+      "refresh_interval": "5s",
+      "query.default_field": [
+        "agent.id",
+        "agent.groups",
+        "package.architecture",
+        "package.name",
+        "package.version",
+        "package.type"
+      ]
+    }
+  }
+}

ecs/states-inventory-packages/fields/template-settings.json

@@ -0,0 +1,21 @@
+{
+  "index_patterns": ["wazuh-states-inventory-packages*"],
+  "priority": 1,
+  "template": {
+    "settings": {
+      "index": {
+        "number_of_shards": "1",
+        "number_of_replicas": "0",
+        "refresh_interval": "5s",
+        "query.default_field": [
+          "agent.id",
+          "agent.groups",
+          "package.architecture",
+          "package.name",
+          "package.version",
+          "package.type"
+        ]
+      }
+    }
+  }
+}

ecs/states-inventory-processes/fields/custom/agent.yml

@@ -0,0 +1,12 @@
+---
+- name: agent
+  title: Wazuh Agents
+  short: Wazuh Inc. custom fields.
+  type: group
+  group: 2
+  fields:
+    - name: groups
+      type: keyword
+      level: custom
+      description: >
+        The groups the agent belongs to.

ecs/states-inventory-processes/fields/mapping-settings.json

@@ -0,0 +1,4 @@
+{
+    "dynamic": "strict",
+    "date_detection": false
+}

ecs/states-inventory-processes/fields/subset.yml

@@ -0,0 +1,42 @@
+---
+name: wazuh-states-inventory-processes
+fields:
+  base:
+    fields:
+      "@timestamp": {}
+      tags: []
+  agent:
+    fields:
+      id: {}
+      groups: {}
+  process:
+    fields:
+      pid: {}
+      name: ""
+      parent:
+        fields:
+          pid: {}
+      command_line: ""
+      args: ""
+      user:
+        fields:
+          id: ""
+      real_user:
+        fields:
+          id: ""
+      saved_user:
+        fields:
+          id: ""
+      group:
+        fields:
+          id: ""
+      real_group:
+        fields:
+          id: ""
+      saved_group:
+        fields:
+          id: ""
+      start: {}
+      thread:
+        fields:
+          id: ""

ecs/states-inventory-processes/fields/template-settings-legacy.json

@@ -0,0 +1,18 @@
+{
+  "index_patterns": ["wazuh-states-inventory-processes*"],
+  "order": 1,
+  "settings": {
+    "index": {
+      "number_of_shards": "1",
+      "number_of_replicas": "0",
+      "refresh_interval": "5s",
+      "query.default_field": [
+        "agent.id",
+        "agent.groups",
+        "process.name",
+        "process.pid",
+        "process.command_line"
+      ]
+    }
+  }
+}

ecs/states-inventory-processes/fields/template-settings.json

@@ -0,0 +1,20 @@
+{
+  "index_patterns": ["wazuh-states-inventory-processes*"],
+  "priority": 1,
+  "template": {
+    "settings": {
+      "index": {
+        "number_of_shards": "1",
+        "number_of_replicas": "0",
+        "refresh_interval": "5s",
+        "query.default_field": [
+          "agent.id",
+          "agent.groups",
+          "process.name",
+          "process.pid",
+          "process.command_line"
+        ]
+      }
+    }
+  }
+}