Merge 4.10.1 into 4.10.2 (#473)

* Merge 4.10.0 into 4.10.1 (#470)

* Upgrade integrations to the last version (#447)

* Upgrade third-party integrations to latest product versions (#368)

* Upgrade third-party integrations to latest product versions

* Improve comtability matrix

* Change versions in /integrations/.env

Signed-off-by: Malena Casas <[email protected]>

* Fix Splunk integrations (#362)

* Add table with the version of the integrations

* Update CHANGELOG.md

Signed-off-by: Álex Ruiz <[email protected]>

---------

Signed-off-by: Malena Casas <[email protected]>
Signed-off-by: Álex Ruiz <[email protected]>
Co-authored-by: Álex Ruiz <[email protected]>
Co-authored-by: JuanGarriuz <[email protected]>

* Merge 4.9.1 into 4.10.0 (#454)

* Prepare 4.9.1-rc2 (#436)

* Update docker/README.md (#438)

* Support new stage 4.9.1-rc3 (#443)

* Update operational--integrations_maintenance_request.md (#449)

Signed-off-by: Álex Ruiz <[email protected]>

---------

Signed-off-by: Álex Ruiz <[email protected]>

* Fix Github Actions build process dependency errors (#457)

* Switch from latest to 22.04 runner

* Remove non-existant packages from workflow provisioner

* Remove freeglut3 from provision.sh

* Update calendarTime and scan_date fields type (#458)

* Merge 4.9.1 into 4.10.0 (#469)

* Support for v4.9.1-alpha4 (#461)

* Prepare final release notes for 4.9.1

---------

Signed-off-by: Malena Casas <[email protected]>
Signed-off-by: Álex Ruiz <[email protected]>
Co-authored-by: Malena Casas <[email protected]>
Co-authored-by: JuanGarriuz <[email protected]>
Co-authored-by: Fede Galland <[email protected]>
Co-authored-by: Kevin Ledesma <[email protected]>

* Fix release date for 4.10.0 in RPM spec file

* Fix release date for 4.10.0 in RPM spec file

---------

Signed-off-by: Malena Casas <[email protected]>
Signed-off-by: Álex Ruiz <[email protected]>
Co-authored-by: Malena Casas <[email protected]>
Co-authored-by: JuanGarriuz <[email protected]>
Co-authored-by: Fede Galland <[email protected]>
Co-authored-by: Kevin Ledesma <[email protected]>

Author: 5 people

.github/ISSUE_TEMPLATE/operational--integrations_maintenance_request.md

@@ -0,0 +1,30 @@
+---
+name: Integrations maintenance request
+about: Used by the Indexer team to maintain third-party software integrations and track the results.
+title: Integrations maintenance request
+labels: level/task, request/operational, type/maintenance
+assignees: ""
+---
+
+## Description
+
+The Wazuh Indexer team is responsible for the maintenance of the third-party integrations hosted in the wazuh/wazuh-indexer repository. We must ensure these integrations work under new releases of the third-party software (Splunk, Elastic, Logstash, …) and our own.
+
+For that, we need to:
+
+-   [ ] Create a pull request that upgrades the components to the latest version.
+-   [ ] Update our testing environments to verify the integrations work under new versions.
+-   [ ] Test the integrations, checking that:
+  - The Docker Compose project starts without errors.
+  - The data arrives to the destination.
+  - All the dashboards can be imported successfully.
+  - All the dashboards are populated with data.
+-   [ ] Finally, upgrade the compatibility matrix in integrations/README.md with the new versions.
+
+> [!NOTE]
+> * For Logstash, we use the logstash-oss image.
+> * For Wazuh Indexer and Wazuh Dashboard, we use the opensearch and opensearch-dashboards images. These must match the opensearch version that we support (e.g: for Wazuh 4.9.0 it is OpenSearch 2.13.0). 
+
+## Issues
+
+-   _List here the detected issues_

CHANGELOG.md

@@ -9,6 +9,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 ### Dependencies
 
 ### Changed
+- Upgrade third-party integrations to the latest versions ([#447](https://github.com/wazuh/wazuh-indexer/pull/447))
 
 ### Deprecated
 

distribution/packages/src/rpm/wazuh-indexer.rpm.spec

@@ -268,11 +268,11 @@ exit 0
 %changelog
 * Tue Feb 20 2025 support <[email protected]> - 4.10.2
 - More info: https://documentation.wazuh.com/current/release-notes/release-4-10-2.html
-* Fri Nov 06 2024 support <[email protected]> - 4.10.1
+* Tue Jan 28 2025 support <[email protected]> - 4.10.1
 - More info: https://documentation.wazuh.com/current/release-notes/release-4-10-1.html
-* Mon Sep 23 2024 support <[email protected]> - 4.10.0
+* Tue Nov 26 2024 support <[email protected]> - 4.10.0
 - More info: https://documentation.wazuh.com/current/release-notes/release-4-10-0.html
-* Fri Sep 20 2024 support <[email protected]> - 4.9.1
+* Tue Oct 15 2024 support <[email protected]> - 4.9.1
 - More info: https://documentation.wazuh.com/current/release-notes/release-4-9-1.html
 * Thu Aug 15 2024 support <[email protected]> - 4.9.0
 - More info: https://documentation.wazuh.com/current/release-notes/release-4-9-0.html

docker/README.md

@@ -1,55 +1,19 @@
-# Indexer development environments
+# Docker environments
 
-Install [Docker Desktop][docker-desktop] as per its instructions, available for Windows, Mac
-and Linux (Ubuntu, Debian & Fedora).
-This ensures that the development experience between Linux, Mac and Windows is as
-similar as possible.
-
-> IMPORTANT: be methodic during the installation of Docker Desktop, and proceed
-> step by step as described in their documentation. Make sure that your system
-> meets the system requirements before installing Docker Desktop, and read any
-> post-installation note, specially on Linux: [Differences between
-> Docker Desktop for Linux and Docker Engine][docker-variant].
+Multipurpose Docker environments to run, test and build `wazuh-indexer`.
 
 ## Pre-requisites
 
-1. Assign resources to [Docker Desktop][docker-desktop]. The requirements for the
-   environments are:
+1. Install [Docker][docker] as per its instructions.
+
+1. Your workstation must meet the minimum hardware requirements:
 
    - 8 GB of RAM (minimum)
    - 4 cores
 
    The more resources the better ☺
 
-2. Clone the [wazuh-indexer][wi-repo].
-
-3. Set up user permissions
-
-   The Docker volumes will be created by the internal Docker user, making them
-   read-only. To prevent this, a new group named `docker-desktop` and GUID 100999
-   needs to be created, then added to your user and the source code folder:
-
-   ```bash
-   sudo groupadd -g 100999 docker-desktop
-   sudo useradd -u 100999 -g 100999 -M docker-desktop
-   sudo chown -R docker-desktop:docker-desktop $WZD_HOME
-   sudo usermod -aG docker-desktop $USER
-   ```
-
-## Understanding Docker contexts
-
-Before we begin starting Docker containers, we need to understand the
-differences between Docker Engine and Docker Desktop, more precisely, that the
-use different contexts.
-
-Carefully read these two sections of the Docker documentation:
-
-- [Differences between Docker Desktop for Linux and Docker Engine][docker-variant].
-- [Switch between Docker Desktop and Docker Engine][docker-context].
-
-Docker Desktop will change to its context automatically at start, so be sure
-that any existing Docker container using the default context is **stopped**
-before starting Docker Desktop and any of the environments in this folder.
+1. Clone the [wazuh-indexer][wi-repo].
 
 ## Development environments
 
@@ -61,27 +25,24 @@ Example:
 Usage: ./dev.sh {up|down|stop}
 ```
 
-Once the `wi-dev:x.y.z` container is up, attach a shell to it and run `./gradlew run`
-to start the application.
+Once the `wi-dev:x.y.z` container is up, attach a shell to it and run `./gradlew run` to start the application.
 
 ## Containers to generate packages
 
 Use the `ci/ci.sh` script to start provisioned containers to generate packages.
 
 ```bash
-Usage: ./ci.sh {up|down|stop} [ci]
+Usage: ./ci.sh {up|down|stop}
 ```
 
-Refer to [scripts/README.md](../scripts/README.md) for details about how to build packages.
+Refer to [packaging_scripts/README.md](../packaging_scripts/README.md) for details about how to build packages.
 
-[docker-desktop]: https://docs.docker.com/get-docker
-[docker-variant]: https://docs.docker.com/desktop/install/linux-install/#differences-between-docker-desktop-for-linux-and-docker-engine
-[docker-context]: https://docs.docker.com/desktop/install/linux-install/#context
+[docker]: https://docs.docker.com/engine/install
 [wi-repo]: https://github.com/wazuh/wazuh-indexer
 
 ## Building Docker images
 
-The [prod](./prod) folder contains the code to build Docker images. A tarball of `wazuh-indexer` needs to be located at the same level that the Dockerfile. Below there is example of the command needed to build the image. Set the build arguments and the image tag accordingly.
+The [prod](./prod) folder contains the code to build Docker images. A tarball of `wazuh-indexer` needs to be located at the same level that the Dockerfile. Below there is an example of the command needed to build the image. Set the build arguments and the image tag accordingly.
 
 ```console
 docker build --build-arg="VERSION=4.10.2" --build-arg="INDEXER_TAR_NAME=wazuh-indexer-4.10.2-1_linux-x64_cfca84f.tar.gz" --tag=wazuh-indexer:4.10.2 --progress=plain --no-cache .

docker/ci/ci.yml

@@ -1,5 +1,3 @@
-version: "3.9"
-
 services:
   # Essentially wi-dev, but doesn't expose port 9200
   wi-build:

docker/dev/dev.yml

@@ -1,5 +1,3 @@
-version: "3.9"
-
 services:
   wi-dev:
     image: wi-dev:${VERSION}

integrations/README.md

@@ -24,3 +24,10 @@ We host development environments to support the following integrations:
 - [Splunk](./splunk/README.md).
 - [Elasticsearch](./elastic/README.md).
 - [OpenSearch](./opensearch/README.md).
+
+**Compatibility matrix**
+
+|                | Wazuh | Logstash | OpenSearch | Elastic | Splunk |
+| -------------- | ----- | -------- | ---------- | ------- | ------ |
+| v1.0           | 4.8.1 | 8.9.0    | 2.14.0     | 8.14.3  | 9.1.4  |
+| Latest version | 4.9.0 | 8.9.0    | 2.17.1     | 8.15.2  | 9.3.1  |

integrations/docker/.env

@@ -20,25 +20,25 @@ KIBANA_PORT=5602
 MEM_LIMIT=1073741824
 
 # Wazuh version
-WAZUH_VERSION=4.8.1
+WAZUH_VERSION=4.9.0
 
 # Wazuh Indexer version (Provisionally using OpenSearch)
-WAZUH_INDEXER_VERSION=2.14.0
+WAZUH_INDEXER_VERSION=2.13.0
 
 # Wazuh Dashboard version (Provisionally using OpenSearch Dashboards)
-WAZUH_DASHBOARD_VERSION=2.14.0
+WAZUH_DASHBOARD_VERSION=2.13.0
 
 # Wazuh certs generator version
 WAZUH_CERTS_GENERATOR_VERSION=0.0.1
 
 # OpenSearch destination cluster version
-OS_VERSION=2.14.0
+OS_VERSION=2.17.1
 
 # Logstash version:
 LOGSTASH_OSS_VERSION=8.9.0
 
 # Splunk version:
-SPLUNK_VERSION=9.1.4
+SPLUNK_VERSION=9.3.1
 
 # Version of Elastic products
-STACK_VERSION=8.14.3
+STACK_VERSION=8.15.2

integrations/opensearch/dashboards.ndjson

@@ -83,11 +83,7 @@
       "type": "input.timerange",
       "options": {
         "token": "global_time",
-        "defaultValue": "-60m@m,now",
-        "queryParameters": {
-          "latest": "$global_time.latest$",
-          "earliest": "$global_time.earliest$"
-        }
+        "defaultValue": "-60m@m,now"
       },
       "title": "Global Time Range"
     }

integrations/splunk/wazuh-amazon-aws

@@ -82,11 +82,7 @@
       "type": "input.timerange",
       "options": {
         "token": "global_time",
-        "defaultValue": "-60m@m,now",
-        "queryParameters": {
-          "latest": "$global_time.latest$",
-          "earliest": "$global_time.earliest$"
-        }
+        "defaultValue": "-60m@m,now"
       },
       "title": "Global Time Range"
     }

integrations/splunk/wazuh-incident-response

@@ -83,11 +83,7 @@
       "type": "input.timerange",
       "options": {
         "token": "global_time",
-        "defaultValue": "-60m@m,now",
-        "queryParameters": {
-          "latest": "$global_time.latest$",
-          "earliest": "$global_time.earliest$"
-        }
+        "defaultValue": "-60m@m,now"
       },
       "title": "Global Time Range"
     }

integrations/splunk/wazuh-malware-detection

@@ -83,11 +83,7 @@
       "type": "input.timerange",
       "options": {
         "token": "global_time",
-        "defaultValue": "-60m@m,now",
-        "queryParameters": {
-          "latest": "$global_time.latest$",
-          "earliest": "$global_time.earliest$"
-        }
+        "defaultValue": "-60m@m,now"
       },
       "title": "Global Time Range"
     }
@@ -133,4 +129,4 @@
   },
   "description": "",
   "title": "wazuh-pci-dss-v1.0"
-}
+}

integrations/splunk/wazuh-pci-dss

@@ -203,11 +203,7 @@
       "type": "input.timerange",
       "options": {
         "token": "global_time",
-        "defaultValue": "-60m@m,now",
-        "queryParameters": {
-          "latest": "$global_time.latest$",
-          "earliest": "$global_time.earliest$"
-        }
+        "defaultValue": "-60m@m,now"
       },
       "title": "Global Time Range"
     }
@@ -293,4 +289,4 @@
   },
   "description": "",
   "title": "wazuh-security-events-v1.0"
-}
+}

integrations/splunk/wazuh-security-events

@@ -178,11 +178,7 @@
       "type": "input.timerange",
       "options": {
         "token": "global_time",
-        "defaultValue": "-60m@m,now",
-        "queryParameters": {
-          "latest": "$global_time.latest$",
-          "earliest": "$global_time.earliest$"
-        }
+        "defaultValue": "-60m@m,now"
       },
       "title": "Global Time Range"
     }

integrations/splunk/wazuh-vulnerabilities

@@ -5,6 +5,6 @@
 # Install necessary packages
 apt-get update -y && apt-get upgrade -y && apt-get install -y curl build-essential &&
    apt-get install -y debmake debhelper-compat &&
-   apt-get install -y libxrender1 libxtst6 libasound2 libxi6 libgconf-2-4 &&
-   apt-get install -y libatk1.0-0 libatk-bridge2.0-0 libcups2 libdrm2 libatspi2.0-dev libxcomposite-dev libxdamage1 libxfixes3 libxfixes-dev libxrandr2 libgbm-dev libxkbcommon-x11-0 libpangocairo-1.0-0 libcairo2 libcairo2-dev libnss3 libnspr4 libnspr4-dev freeglut3 &&
+   apt-get install -y libxrender1 libxtst6 libxi6 &&
+   apt-get install -y libatk1.0-0 libatk-bridge2.0-0 libcups2 libdrm2 libatspi2.0-dev libxcomposite-dev libxdamage1 libxfixes3 libxfixes-dev libxrandr2 libgbm-dev libxkbcommon-x11-0 libpangocairo-1.0-0 libcairo2 libcairo2-dev libnss3 libnspr4 libnspr4-dev &&
    apt-get clean -y

packaging_scripts/provision.sh

@@ -1,6 +1,6 @@
-## 2024-09-20 Version 4.9.1-rc1 Release Notes
+## 2024-09-27 Version 4.9.1-rc2 Release Notes
 
-## [4.9.1-rc1]
+## [4.9.1]
 ### Added
 -