Update wazuh-states-vulnerabilities index mapping (#191)

AlexRuiz7 · AlexRuiz7 · commit 4dc5d957e916 · 2024-06-28T12:10:30.000+02:00
* Update wazuh-states-vulnerabilities index mapping

* Extend ECS Vulnerability fields
diff --git a/ecs/generate.sh b/ecs/generate.sh
@@ -23,7 +23,7 @@ generate_mappings() {
 
   # Generate mappings
   python scripts/generator.py --strict --ref "$ECS_VERSION" \
-    --include "$IN_FILES_DIR/custom/wazuh.yml" \
+    --include "$IN_FILES_DIR/custom/" \
     --subset "$IN_FILES_DIR/subset.yml" \
     --template-settings "$IN_FILES_DIR/template-settings.json" \
     --template-settings-legacy "$IN_FILES_DIR/template-settings-legacy.json" \
diff --git a/ecs/vulnerability-detector/event-generator/event_generator.py b/ecs/vulnerability-detector/event-generator/event_generator.py
@@ -163,7 +163,9 @@ def generate_random_vulnerability():
             'temporal': round(random.uniform(0, 10), 1),
             'version': round(random.uniform(0, 10), 1)
         },
-        'severity': random.choice(['Low', 'Medium', 'High', 'Critical'])
+        'severity': random.choice(['Low', 'Medium', 'High', 'Critical']),
+        'detected_at': generate_random_date(),
+        'published_at': generate_random_date(),
     }
     return vulnerability
 
@@ -179,7 +181,7 @@ def generate_random_wazuh():
         },
         'schema': {
             'version': '1.7.0'
-        }
+        },
     }
     return wazuh
 
@@ -188,7 +190,7 @@ def generate_random_data(number):
     data = []
     for _ in range(number):
         event_data = {
-            '@timestamp': generate_random_date(),
+            # '@timestamp': generate_random_date(),
             'agent': generate_random_agent(),
             # 'ecs': {'version': '1.7.0'},
             # 'event': generate_random_event(),
diff --git a/ecs/vulnerability-detector/fields/custom/vulnerability.yml b/ecs/vulnerability-detector/fields/custom/vulnerability.yml
@@ -0,0 +1,19 @@
+- name: vulnerability
+  title: Vulnerability
+  group: 2
+  short: Fields to describe the vulnerability relevant to an event.
+  description: >
+    The vulnerability fields describe information about a vulnerability that is
+    relevant to an event.
+  type: group
+  fields:
+    - name: detected_at
+      type: date
+      level: custom
+      description: >
+        Vulnerability's detection date.
+    - name: published_at
+      type: date
+      level: custom
+      description: >
+        Vulnerability's publication date.
diff --git a/ecs/vulnerability-detector/fields/custom/wazuh.yml b/ecs/vulnerability-detector/fields/custom/wazuh.yml
@@ -23,4 +23,4 @@
       type: keyword
       level: custom
       description: >
-        Wazuh schema version.
+        Wazuh schema version.
diff --git a/ecs/vulnerability-detector/fields/subset.yml b/ecs/vulnerability-detector/fields/subset.yml
@@ -3,7 +3,6 @@ name: vulnerability_detector
 fields:
   base:
     fields: 
-      "@timestamp": {}
       tags: []
       message: ""
   agent:
