Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fine tuning permissions on assembled packages #137

Merged
merged 8 commits into from
Jan 30, 2024

Conversation

f-galland
Copy link
Member

Description

This PR fixes file permissions in installed packages.

Issues Resolved

Resolves #124

Check List

  • New functionality includes testing.
    • All tests pass
  • New functionality has been documented.
    • New functionality has javadoc added
  • Commits are signed per the DCO using --signoff
  • Commit changes are listed out in CHANGELOG.md file (See: Changelog)
  • GitHub issue/PR created in OpenSearch documentation repo for the required public documentation changes (#[Issue/PR number])

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
For more information on following Developer Certificate of Origin and signing off your commits, please check here.

@f-galland f-galland marked this pull request as ready for review January 22, 2024 19:02
@f-galland f-galland requested a review from a team as a code owner January 22, 2024 19:02
@f-galland
Copy link
Member Author

Defining file attributes through the %attr directive under the %files section of the wazuh-indexer.rpm.spec file caused a number of File listed twice warnings when running the assemble.sh script.

After considering various alternatives, I ended up putting together a list of files with find, and cropping out the few files that needed special permissions off of it, and then declaring those with %attr under %files.

If more files need non 640 permissions, they can be appended after wazuh-indexer.rpm.spec's line 104.

The list of exclussions was put together by means of set -- "$@" "$FILENAME" because the %install phase uses the minimalistic dash shell.

@f-galland f-galland changed the title Fine tuning permissions on RPM spec file Fine tuning permissions on assembled packages Jan 24, 2024
@f-galland
Copy link
Member Author

f-galland commented Jan 24, 2024

.deb package file permissions:

find {/usr/share/wazuh-indexer,/etc/wazuh-indexer,/var/log/wazuh-indexer} -printf "%m %h/%f\n" | sort -n

output:

440 /usr/share/wazuh-indexer/VERSION
640 /etc/wazuh-indexer/opensearch-notifications-core/notifications-core.yml
640 /etc/wazuh-indexer/opensearch-notifications/notifications.yml
640 /etc/wazuh-indexer/opensearch-performance-analyzer/agent-stats-metadata
640 /etc/wazuh-indexer/opensearch-performance-analyzer/log4j2.xml
640 /etc/wazuh-indexer/opensearch-performance-analyzer/opensearch_security.policy
640 /etc/wazuh-indexer/opensearch-performance-analyzer/performance-analyzer.properties
640 /etc/wazuh-indexer/opensearch-performance-analyzer/plugin-stats-metadata
640 /etc/wazuh-indexer/opensearch-performance-analyzer/rca_cluster_manager.conf
640 /etc/wazuh-indexer/opensearch-performance-analyzer/rca.conf
640 /etc/wazuh-indexer/opensearch-performance-analyzer/rca_idle_cluster_manager.conf
640 /etc/wazuh-indexer/opensearch-performance-analyzer/supervisord.conf
640 /etc/wazuh-indexer/opensearch-security/action_groups.yml
640 /etc/wazuh-indexer/opensearch-security/allowlist.yml
640 /etc/wazuh-indexer/opensearch-security/audit.yml
640 /etc/wazuh-indexer/opensearch-security/config.yml
640 /etc/wazuh-indexer/opensearch-security/internal_users.yml
640 /etc/wazuh-indexer/opensearch-security/nodes_dn.yml
640 /etc/wazuh-indexer/opensearch-security/opensearch.yml.example
640 /etc/wazuh-indexer/opensearch-security/roles_mapping.yml
640 /etc/wazuh-indexer/opensearch-security/roles.yml
640 /etc/wazuh-indexer/opensearch-security/tenants.yml
640 /etc/wazuh-indexer/opensearch-security/whitelist.yml
640 /usr/share/wazuh-indexer/bin/opensearch-performance-analyzer/performance-analyzer-agent
640 /usr/share/wazuh-indexer/bin/opensearch-performance-analyzer/performance-analyzer-agent-cli
640 /usr/share/wazuh-indexer/jdk/conf/logging.properties
640 /usr/share/wazuh-indexer/jdk/conf/management/jmxremote.access
640 /usr/share/wazuh-indexer/jdk/conf/management/jmxremote.password.template
640 /usr/share/wazuh-indexer/jdk/conf/management/management.properties
640 /usr/share/wazuh-indexer/jdk/conf/net.properties
640 /usr/share/wazuh-indexer/jdk/conf/sdp/sdp.conf.template
640 /usr/share/wazuh-indexer/jdk/conf/security/java.policy
640 /usr/share/wazuh-indexer/jdk/conf/security/java.security
640 /usr/share/wazuh-indexer/jdk/conf/security/policy/limited/default_local.policy
640 /usr/share/wazuh-indexer/jdk/conf/security/policy/limited/default_US_export.policy
640 /usr/share/wazuh-indexer/jdk/conf/security/policy/limited/exempt_local.policy
640 /usr/share/wazuh-indexer/jdk/conf/security/policy/README.txt
640 /usr/share/wazuh-indexer/jdk/conf/security/policy/unlimited/default_local.policy
640 /usr/share/wazuh-indexer/jdk/conf/security/policy/unlimited/default_US_export.policy
640 /usr/share/wazuh-indexer/jdk/conf/sound.properties
640 /usr/share/wazuh-indexer/jdk/include/classfile_constants.h
640 /usr/share/wazuh-indexer/jdk/include/jawt.h
640 /usr/share/wazuh-indexer/jdk/include/jdwpTransport.h
640 /usr/share/wazuh-indexer/jdk/include/jni.h
640 /usr/share/wazuh-indexer/jdk/include/jvmticmlr.h
640 /usr/share/wazuh-indexer/jdk/include/jvmti.h
640 /usr/share/wazuh-indexer/jdk/include/linux/jawt_md.h
640 /usr/share/wazuh-indexer/jdk/include/linux/jni_md.h
640 /usr/share/wazuh-indexer/jdk/jmods/java.base.jmod
640 /usr/share/wazuh-indexer/jdk/jmods/java.compiler.jmod
640 /usr/share/wazuh-indexer/jdk/jmods/java.datatransfer.jmod
640 /usr/share/wazuh-indexer/jdk/jmods/java.desktop.jmod
640 /usr/share/wazuh-indexer/jdk/jmods/java.instrument.jmod
640 /usr/share/wazuh-indexer/jdk/jmods/java.logging.jmod
640 /usr/share/wazuh-indexer/jdk/jmods/java.management.jmod
640 /usr/share/wazuh-indexer/jdk/jmods/java.management.rmi.jmod
640 /usr/share/wazuh-indexer/jdk/jmods/java.naming.jmod
640 /usr/share/wazuh-indexer/jdk/jmods/java.net.http.jmod
640 /usr/share/wazuh-indexer/jdk/jmods/java.prefs.jmod
640 /usr/share/wazuh-indexer/jdk/jmods/java.rmi.jmod
640 /usr/share/wazuh-indexer/jdk/jmods/java.scripting.jmod
640 /usr/share/wazuh-indexer/jdk/jmods/java.security.jgss.jmod
640 /usr/share/wazuh-indexer/jdk/jmods/java.security.sasl.jmod
640 /usr/share/wazuh-indexer/jdk/jmods/java.se.jmod
640 /usr/share/wazuh-indexer/jdk/jmods/java.smartcardio.jmod
640 /usr/share/wazuh-indexer/jdk/jmods/java.sql.jmod
640 /usr/share/wazuh-indexer/jdk/jmods/java.sql.rowset.jmod
640 /usr/share/wazuh-indexer/jdk/jmods/java.transaction.xa.jmod
640 /usr/share/wazuh-indexer/jdk/jmods/java.xml.crypto.jmod
640 /usr/share/wazuh-indexer/jdk/jmods/java.xml.jmod
640 /usr/share/wazuh-indexer/jdk/jmods/jdk.accessibility.jmod
640 /usr/share/wazuh-indexer/jdk/jmods/jdk.attach.jmod
640 /usr/share/wazuh-indexer/jdk/jmods/jdk.charsets.jmod
640 /usr/share/wazuh-indexer/jdk/jmods/jdk.compiler.jmod
640 /usr/share/wazuh-indexer/jdk/jmods/jdk.crypto.cryptoki.jmod
640 /usr/share/wazuh-indexer/jdk/jmods/jdk.crypto.ec.jmod
640 /usr/share/wazuh-indexer/jdk/jmods/jdk.dynalink.jmod
640 /usr/share/wazuh-indexer/jdk/jmods/jdk.editpad.jmod
640 /usr/share/wazuh-indexer/jdk/jmods/jdk.hotspot.agent.jmod
640 /usr/share/wazuh-indexer/jdk/jmods/jdk.httpserver.jmod
640 /usr/share/wazuh-indexer/jdk/jmods/jdk.incubator.foreign.jmod
640 /usr/share/wazuh-indexer/jdk/jmods/jdk.incubator.vector.jmod
640 /usr/share/wazuh-indexer/jdk/jmods/jdk.internal.ed.jmod
640 /usr/share/wazuh-indexer/jdk/jmods/jdk.internal.jvmstat.jmod
640 /usr/share/wazuh-indexer/jdk/jmods/jdk.internal.le.jmod
640 /usr/share/wazuh-indexer/jdk/jmods/jdk.internal.opt.jmod
640 /usr/share/wazuh-indexer/jdk/jmods/jdk.internal.vm.ci.jmod
640 /usr/share/wazuh-indexer/jdk/jmods/jdk.internal.vm.compiler.jmod
640 /usr/share/wazuh-indexer/jdk/jmods/jdk.internal.vm.compiler.management.jmod
640 /usr/share/wazuh-indexer/jdk/jmods/jdk.jartool.jmod
640 /usr/share/wazuh-indexer/jdk/jmods/jdk.javadoc.jmod
640 /usr/share/wazuh-indexer/jdk/jmods/jdk.jcmd.jmod
640 /usr/share/wazuh-indexer/jdk/jmods/jdk.jconsole.jmod
640 /usr/share/wazuh-indexer/jdk/jmods/jdk.jdeps.jmod
640 /usr/share/wazuh-indexer/jdk/jmods/jdk.jdi.jmod
640 /usr/share/wazuh-indexer/jdk/jmods/jdk.jdwp.agent.jmod
640 /usr/share/wazuh-indexer/jdk/jmods/jdk.jfr.jmod
640 /usr/share/wazuh-indexer/jdk/jmods/jdk.jlink.jmod
640 /usr/share/wazuh-indexer/jdk/jmods/jdk.jpackage.jmod
640 /usr/share/wazuh-indexer/jdk/jmods/jdk.jshell.jmod
640 /usr/share/wazuh-indexer/jdk/jmods/jdk.jsobject.jmod
640 /usr/share/wazuh-indexer/jdk/jmods/jdk.jstatd.jmod
640 /usr/share/wazuh-indexer/jdk/jmods/jdk.localedata.jmod
640 /usr/share/wazuh-indexer/jdk/jmods/jdk.management.agent.jmod
640 /usr/share/wazuh-indexer/jdk/jmods/jdk.management.jfr.jmod
640 /usr/share/wazuh-indexer/jdk/jmods/jdk.management.jmod
640 /usr/share/wazuh-indexer/jdk/jmods/jdk.naming.dns.jmod
640 /usr/share/wazuh-indexer/jdk/jmods/jdk.naming.rmi.jmod
640 /usr/share/wazuh-indexer/jdk/jmods/jdk.net.jmod
640 /usr/share/wazuh-indexer/jdk/jmods/jdk.nio.mapmode.jmod
640 /usr/share/wazuh-indexer/jdk/jmods/jdk.random.jmod
640 /usr/share/wazuh-indexer/jdk/jmods/jdk.sctp.jmod
640 /usr/share/wazuh-indexer/jdk/jmods/jdk.security.auth.jmod
640 /usr/share/wazuh-indexer/jdk/jmods/jdk.security.jgss.jmod
640 /usr/share/wazuh-indexer/jdk/jmods/jdk.unsupported.desktop.jmod
640 /usr/share/wazuh-indexer/jdk/jmods/jdk.unsupported.jmod
640 /usr/share/wazuh-indexer/jdk/jmods/jdk.xml.dom.jmod
640 /usr/share/wazuh-indexer/jdk/jmods/jdk.zipfs.jmod
640 /usr/share/wazuh-indexer/jdk/legal/java.base/ADDITIONAL_LICENSE_INFO
640 /usr/share/wazuh-indexer/jdk/legal/java.base/aes.md
640 /usr/share/wazuh-indexer/jdk/legal/java.base/asm.md
640 /usr/share/wazuh-indexer/jdk/legal/java.base/ASSEMBLY_EXCEPTION
640 /usr/share/wazuh-indexer/jdk/legal/java.base/cldr.md
640 /usr/share/wazuh-indexer/jdk/legal/java.base/c-libutl.md
640 /usr/share/wazuh-indexer/jdk/legal/java.base/icu.md
640 /usr/share/wazuh-indexer/jdk/legal/java.base/LICENSE
640 /usr/share/wazuh-indexer/jdk/legal/java.base/public_suffix.md
640 /usr/share/wazuh-indexer/jdk/legal/java.base/unicode.md
640 /usr/share/wazuh-indexer/jdk/legal/java.desktop/colorimaging.md
640 /usr/share/wazuh-indexer/jdk/legal/java.desktop/giflib.md
640 /usr/share/wazuh-indexer/jdk/legal/java.desktop/harfbuzz.md
640 /usr/share/wazuh-indexer/jdk/legal/java.desktop/jpeg.md
640 /usr/share/wazuh-indexer/jdk/legal/java.desktop/lcms.md
640 /usr/share/wazuh-indexer/jdk/legal/java.desktop/libpng.md
640 /usr/share/wazuh-indexer/jdk/legal/java.desktop/mesa3d.md
640 /usr/share/wazuh-indexer/jdk/legal/java.desktop/xwd.md
640 /usr/share/wazuh-indexer/jdk/legal/java.smartcardio/pcsclite.md
640 /usr/share/wazuh-indexer/jdk/legal/java.xml/bcel.md
640 /usr/share/wazuh-indexer/jdk/legal/java.xml.crypto/santuario.md
640 /usr/share/wazuh-indexer/jdk/legal/java.xml/dom.md
640 /usr/share/wazuh-indexer/jdk/legal/java.xml/jcup.md
640 /usr/share/wazuh-indexer/jdk/legal/java.xml/xalan.md
640 /usr/share/wazuh-indexer/jdk/legal/java.xml/xerces.md
640 /usr/share/wazuh-indexer/jdk/legal/jdk.crypto.cryptoki/pkcs11cryptotoken.md
640 /usr/share/wazuh-indexer/jdk/legal/jdk.crypto.cryptoki/pkcs11wrapper.md
640 /usr/share/wazuh-indexer/jdk/legal/jdk.dynalink/dynalink.md
640 /usr/share/wazuh-indexer/jdk/legal/jdk.internal.le/jline.md
640 /usr/share/wazuh-indexer/jdk/legal/jdk.internal.opt/jopt-simple.md
640 /usr/share/wazuh-indexer/jdk/legal/jdk.javadoc/jquery.md
640 /usr/share/wazuh-indexer/jdk/legal/jdk.javadoc/jqueryUI.md
640 /usr/share/wazuh-indexer/jdk/legal/jdk.localedata/thaidict.md
640 /usr/share/wazuh-indexer/jdk/lib/classlist
640 /usr/share/wazuh-indexer/jdk/lib/ct.sym
640 /usr/share/wazuh-indexer/jdk/lib/jexec
640 /usr/share/wazuh-indexer/jdk/lib/jfr/default.jfc
640 /usr/share/wazuh-indexer/jdk/lib/jfr/profile.jfc
640 /usr/share/wazuh-indexer/jdk/lib/jrt-fs.jar
640 /usr/share/wazuh-indexer/jdk/lib/jvm.cfg
640 /usr/share/wazuh-indexer/jdk/lib/libattach.so
640 /usr/share/wazuh-indexer/jdk/lib/libawt_headless.so
640 /usr/share/wazuh-indexer/jdk/lib/libawt.so
640 /usr/share/wazuh-indexer/jdk/lib/libawt_xawt.so
640 /usr/share/wazuh-indexer/jdk/lib/libdt_socket.so
640 /usr/share/wazuh-indexer/jdk/lib/libextnet.so
640 /usr/share/wazuh-indexer/jdk/lib/libfontmanager.so
640 /usr/share/wazuh-indexer/jdk/lib/libinstrument.so
640 /usr/share/wazuh-indexer/jdk/lib/libj2gss.so
640 /usr/share/wazuh-indexer/jdk/lib/libj2pcsc.so
640 /usr/share/wazuh-indexer/jdk/lib/libj2pkcs11.so
640 /usr/share/wazuh-indexer/jdk/lib/libjaas.so
640 /usr/share/wazuh-indexer/jdk/lib/libjavajpeg.so
640 /usr/share/wazuh-indexer/jdk/lib/libjava.so
640 /usr/share/wazuh-indexer/jdk/lib/libjawt.so
640 /usr/share/wazuh-indexer/jdk/lib/libjdwp.so
640 /usr/share/wazuh-indexer/jdk/lib/libjimage.so
640 /usr/share/wazuh-indexer/jdk/lib/libjli.so
640 /usr/share/wazuh-indexer/jdk/lib/libjsig.so
640 /usr/share/wazuh-indexer/jdk/lib/libjsound.so
640 /usr/share/wazuh-indexer/jdk/lib/libjsvml.so
640 /usr/share/wazuh-indexer/jdk/lib/liblcms.so
640 /usr/share/wazuh-indexer/jdk/lib/libmanagement_agent.so
640 /usr/share/wazuh-indexer/jdk/lib/libmanagement_ext.so
640 /usr/share/wazuh-indexer/jdk/lib/libmanagement.so
640 /usr/share/wazuh-indexer/jdk/lib/libmlib_image.so
640 /usr/share/wazuh-indexer/jdk/lib/libnet.so
640 /usr/share/wazuh-indexer/jdk/lib/libnio.so
640 /usr/share/wazuh-indexer/jdk/lib/libprefs.so
640 /usr/share/wazuh-indexer/jdk/lib/librmi.so
640 /usr/share/wazuh-indexer/jdk/lib/libsaproc.so
640 /usr/share/wazuh-indexer/jdk/lib/libsctp.so
640 /usr/share/wazuh-indexer/jdk/lib/libsplashscreen.so
640 /usr/share/wazuh-indexer/jdk/lib/libsyslookup.so
640 /usr/share/wazuh-indexer/jdk/lib/libverify.so
640 /usr/share/wazuh-indexer/jdk/lib/libzip.so
640 /usr/share/wazuh-indexer/jdk/lib/psfontj2d.properties
640 /usr/share/wazuh-indexer/jdk/lib/psfont.properties.ja
640 /usr/share/wazuh-indexer/jdk/lib/security/blocked.certs
640 /usr/share/wazuh-indexer/jdk/lib/security/cacerts
640 /usr/share/wazuh-indexer/jdk/lib/security/default.policy
640 /usr/share/wazuh-indexer/jdk/lib/security/public_suffix_list.dat
640 /usr/share/wazuh-indexer/jdk/lib/server/classes.jsa
640 /usr/share/wazuh-indexer/jdk/lib/server/classes_nocoops.jsa
640 /usr/share/wazuh-indexer/jdk/lib/server/libjsig.so
640 /usr/share/wazuh-indexer/jdk/lib/server/libjvm.so
640 /usr/share/wazuh-indexer/jdk/lib/tzdb.dat
640 /usr/share/wazuh-indexer/jdk/man/man1/jar.1
640 /usr/share/wazuh-indexer/jdk/man/man1/jarsigner.1
640 /usr/share/wazuh-indexer/jdk/man/man1/java.1
640 /usr/share/wazuh-indexer/jdk/man/man1/javac.1
640 /usr/share/wazuh-indexer/jdk/man/man1/javadoc.1
640 /usr/share/wazuh-indexer/jdk/man/man1/javap.1
640 /usr/share/wazuh-indexer/jdk/man/man1/jcmd.1
640 /usr/share/wazuh-indexer/jdk/man/man1/jconsole.1
640 /usr/share/wazuh-indexer/jdk/man/man1/jdb.1
640 /usr/share/wazuh-indexer/jdk/man/man1/jdeprscan.1
640 /usr/share/wazuh-indexer/jdk/man/man1/jdeps.1
640 /usr/share/wazuh-indexer/jdk/man/man1/jfr.1
640 /usr/share/wazuh-indexer/jdk/man/man1/jhsdb.1
640 /usr/share/wazuh-indexer/jdk/man/man1/jinfo.1
640 /usr/share/wazuh-indexer/jdk/man/man1/jlink.1
640 /usr/share/wazuh-indexer/jdk/man/man1/jmap.1
640 /usr/share/wazuh-indexer/jdk/man/man1/jmod.1
640 /usr/share/wazuh-indexer/jdk/man/man1/jpackage.1
640 /usr/share/wazuh-indexer/jdk/man/man1/jps.1
640 /usr/share/wazuh-indexer/jdk/man/man1/jrunscript.1
640 /usr/share/wazuh-indexer/jdk/man/man1/jshell.1
640 /usr/share/wazuh-indexer/jdk/man/man1/jstack.1
640 /usr/share/wazuh-indexer/jdk/man/man1/jstat.1
640 /usr/share/wazuh-indexer/jdk/man/man1/jstatd.1
640 /usr/share/wazuh-indexer/jdk/man/man1/keytool.1
640 /usr/share/wazuh-indexer/jdk/man/man1/rmiregistry.1
640 /usr/share/wazuh-indexer/jdk/man/man1/serialver.1
640 /usr/share/wazuh-indexer/jdk/NOTICE
640 /usr/share/wazuh-indexer/jdk/release
640 /usr/share/wazuh-indexer/lib/HdrHistogram-2.1.12.jar
640 /usr/share/wazuh-indexer/lib/jackson-core-2.15.2.jar
640 /usr/share/wazuh-indexer/lib/jackson-dataformat-cbor-2.15.2.jar
640 /usr/share/wazuh-indexer/lib/jackson-dataformat-smile-2.15.2.jar
640 /usr/share/wazuh-indexer/lib/jackson-dataformat-yaml-2.15.2.jar
640 /usr/share/wazuh-indexer/lib/jakarta.annotation-api-1.3.5.jar
640 /usr/share/wazuh-indexer/lib/java-version-checker-2.11.1.jar
640 /usr/share/wazuh-indexer/lib/jna-5.13.0.jar
640 /usr/share/wazuh-indexer/lib/joda-time-2.12.2.jar
640 /usr/share/wazuh-indexer/lib/jopt-simple-5.0.4.jar
640 /usr/share/wazuh-indexer/lib/jts-core-1.15.0.jar
640 /usr/share/wazuh-indexer/lib/jzlib-1.1.3.jar
640 /usr/share/wazuh-indexer/lib/log4j-api-2.20.0.jar
640 /usr/share/wazuh-indexer/lib/log4j-core-2.20.0.jar
640 /usr/share/wazuh-indexer/lib/log4j-jul-2.20.0.jar
640 /usr/share/wazuh-indexer/lib/lucene-analysis-common-9.7.0.jar
640 /usr/share/wazuh-indexer/lib/lucene-backward-codecs-9.7.0.jar
640 /usr/share/wazuh-indexer/lib/lucene-core-9.7.0.jar
640 /usr/share/wazuh-indexer/lib/lucene-grouping-9.7.0.jar
640 /usr/share/wazuh-indexer/lib/lucene-highlighter-9.7.0.jar
640 /usr/share/wazuh-indexer/lib/lucene-join-9.7.0.jar
640 /usr/share/wazuh-indexer/lib/lucene-memory-9.7.0.jar
640 /usr/share/wazuh-indexer/lib/lucene-misc-9.7.0.jar
640 /usr/share/wazuh-indexer/lib/lucene-queries-9.7.0.jar
640 /usr/share/wazuh-indexer/lib/lucene-queryparser-9.7.0.jar
640 /usr/share/wazuh-indexer/lib/lucene-sandbox-9.7.0.jar
640 /usr/share/wazuh-indexer/lib/lucene-spatial3d-9.7.0.jar
640 /usr/share/wazuh-indexer/lib/lucene-spatial-extras-9.7.0.jar
640 /usr/share/wazuh-indexer/lib/lucene-suggest-9.7.0.jar
640 /usr/share/wazuh-indexer/lib/opensearch-2.11.1.jar
640 /usr/share/wazuh-indexer/lib/opensearch-cli-2.11.1.jar
640 /usr/share/wazuh-indexer/lib/opensearch-common-2.11.1.jar
640 /usr/share/wazuh-indexer/lib/opensearch-compress-2.11.1.jar
640 /usr/share/wazuh-indexer/lib/opensearch-core-2.11.1.jar
640 /usr/share/wazuh-indexer/lib/opensearch-geo-2.11.1.jar
640 /usr/share/wazuh-indexer/lib/opensearch-launchers-2.11.1.jar
640 /usr/share/wazuh-indexer/lib/opensearch-plugin-classloader-2.11.1.jar
640 /usr/share/wazuh-indexer/lib/opensearch-secure-sm-2.11.1.jar
640 /usr/share/wazuh-indexer/lib/opensearch-telemetry-2.11.1.jar
640 /usr/share/wazuh-indexer/lib/opensearch-x-content-2.11.1.jar
640 /usr/share/wazuh-indexer/lib/protobuf-java-3.22.3.jar
640 /usr/share/wazuh-indexer/lib/snakeyaml-2.1.jar
640 /usr/share/wazuh-indexer/lib/spatial4j-0.7.jar
640 /usr/share/wazuh-indexer/lib/t-digest-3.2.jar
640 /usr/share/wazuh-indexer/lib/tools/keystore-cli/keystore-cli-2.11.1.jar
640 /usr/share/wazuh-indexer/lib/tools/plugin-cli/bc-fips-1.0.2.3.jar
640 /usr/share/wazuh-indexer/lib/tools/plugin-cli/bcpg-fips-1.0.7.1.jar
640 /usr/share/wazuh-indexer/lib/tools/plugin-cli/commons-compress-1.24.0.jar
640 /usr/share/wazuh-indexer/lib/tools/plugin-cli/opensearch-plugin-cli-2.11.1.jar
640 /usr/share/wazuh-indexer/lib/tools/upgrade-cli/jackson-annotations-2.15.2.jar
640 /usr/share/wazuh-indexer/lib/tools/upgrade-cli/jackson-core-2.15.2.jar
640 /usr/share/wazuh-indexer/lib/tools/upgrade-cli/jackson-databind-2.15.2.jar
640 /usr/share/wazuh-indexer/lib/tools/upgrade-cli/opensearch-upgrade-cli-2.11.1.jar
640 /usr/share/wazuh-indexer/lib/zstd-jni-1.5.5-5.jar
640 /usr/share/wazuh-indexer/modules/aggs-matrix-stats/aggs-matrix-stats-client-2.11.1.jar
640 /usr/share/wazuh-indexer/modules/aggs-matrix-stats/plugin-descriptor.properties
640 /usr/share/wazuh-indexer/modules/analysis-common/analysis-common-2.11.1.jar
640 /usr/share/wazuh-indexer/modules/analysis-common/plugin-descriptor.properties
640 /usr/share/wazuh-indexer/modules/geo/geo-2.11.1.jar
640 /usr/share/wazuh-indexer/modules/geo/plugin-descriptor.properties
640 /usr/share/wazuh-indexer/modules/ingest-common/ingest-common-2.11.1.jar
640 /usr/share/wazuh-indexer/modules/ingest-common/jcodings-1.0.58.jar
640 /usr/share/wazuh-indexer/modules/ingest-common/joni-2.2.1.jar
640 /usr/share/wazuh-indexer/modules/ingest-common/opensearch-dissect-2.11.1.jar
640 /usr/share/wazuh-indexer/modules/ingest-common/opensearch-grok-2.11.1.jar
640 /usr/share/wazuh-indexer/modules/ingest-common/plugin-descriptor.properties
640 /usr/share/wazuh-indexer/modules/ingest-geoip/geoip2-4.1.0.jar
640 /usr/share/wazuh-indexer/modules/ingest-geoip/GeoLite2-ASN.mmdb
640 /usr/share/wazuh-indexer/modules/ingest-geoip/GeoLite2-City.mmdb
640 /usr/share/wazuh-indexer/modules/ingest-geoip/GeoLite2-Country.mmdb
640 /usr/share/wazuh-indexer/modules/ingest-geoip/ingest-geoip-2.11.1.jar
640 /usr/share/wazuh-indexer/modules/ingest-geoip/jackson-annotations-2.15.2.jar
640 /usr/share/wazuh-indexer/modules/ingest-geoip/jackson-databind-2.15.2.jar
640 /usr/share/wazuh-indexer/modules/ingest-geoip/maxmind-db-3.0.0.jar
640 /usr/share/wazuh-indexer/modules/ingest-geoip/plugin-descriptor.properties
640 /usr/share/wazuh-indexer/modules/ingest-geoip/plugin-security.policy
640 /usr/share/wazuh-indexer/modules/ingest-user-agent/ingest-user-agent-2.11.1.jar
640 /usr/share/wazuh-indexer/modules/ingest-user-agent/plugin-descriptor.properties
640 /usr/share/wazuh-indexer/modules/lang-expression/antlr4-runtime-4.11.1.jar
640 /usr/share/wazuh-indexer/modules/lang-expression/asm-9.6.jar
640 /usr/share/wazuh-indexer/modules/lang-expression/asm-commons-9.6.jar
640 /usr/share/wazuh-indexer/modules/lang-expression/asm-tree-9.6.jar
640 /usr/share/wazuh-indexer/modules/lang-expression/lang-expression-2.11.1.jar
640 /usr/share/wazuh-indexer/modules/lang-expression/lucene-expressions-9.7.0.jar
640 /usr/share/wazuh-indexer/modules/lang-expression/plugin-descriptor.properties
640 /usr/share/wazuh-indexer/modules/lang-expression/plugin-security.policy
640 /usr/share/wazuh-indexer/modules/lang-mustache/compiler-0.9.10.jar
640 /usr/share/wazuh-indexer/modules/lang-mustache/lang-mustache-client-2.11.1.jar
640 /usr/share/wazuh-indexer/modules/lang-mustache/plugin-descriptor.properties
640 /usr/share/wazuh-indexer/modules/lang-mustache/plugin-security.policy
640 /usr/share/wazuh-indexer/modules/lang-painless/antlr4-runtime-4.11.1.jar
640 /usr/share/wazuh-indexer/modules/lang-painless/asm-9.6.jar
640 /usr/share/wazuh-indexer/modules/lang-painless/asm-analysis-9.6.jar
640 /usr/share/wazuh-indexer/modules/lang-painless/asm-commons-9.6.jar
640 /usr/share/wazuh-indexer/modules/lang-painless/asm-tree-9.6.jar
640 /usr/share/wazuh-indexer/modules/lang-painless/asm-util-9.6.jar
640 /usr/share/wazuh-indexer/modules/lang-painless/lang-painless-2.11.1.jar
640 /usr/share/wazuh-indexer/modules/lang-painless/opensearch-scripting-painless-spi-2.11.1.jar
640 /usr/share/wazuh-indexer/modules/lang-painless/plugin-descriptor.properties
640 /usr/share/wazuh-indexer/modules/lang-painless/plugin-security.policy
640 /usr/share/wazuh-indexer/modules/mapper-extras/mapper-extras-client-2.11.1.jar
640 /usr/share/wazuh-indexer/modules/mapper-extras/plugin-descriptor.properties
640 /usr/share/wazuh-indexer/modules/opensearch-dashboards/commons-codec-1.15.jar
640 /usr/share/wazuh-indexer/modules/opensearch-dashboards/commons-logging-1.2.jar
640 /usr/share/wazuh-indexer/modules/opensearch-dashboards/httpasyncclient-4.1.5.jar
640 /usr/share/wazuh-indexer/modules/opensearch-dashboards/httpclient-4.5.14.jar
640 /usr/share/wazuh-indexer/modules/opensearch-dashboards/httpcore-4.4.16.jar
640 /usr/share/wazuh-indexer/modules/opensearch-dashboards/httpcore-nio-4.4.16.jar
640 /usr/share/wazuh-indexer/modules/opensearch-dashboards/opensearch-dashboards-2.11.1.jar
640 /usr/share/wazuh-indexer/modules/opensearch-dashboards/opensearch-rest-client-2.11.1.jar
640 /usr/share/wazuh-indexer/modules/opensearch-dashboards/opensearch-ssl-config-2.11.1.jar
640 /usr/share/wazuh-indexer/modules/opensearch-dashboards/plugin-descriptor.properties
640 /usr/share/wazuh-indexer/modules/opensearch-dashboards/reindex-client-2.11.1.jar
640 /usr/share/wazuh-indexer/modules/parent-join/parent-join-client-2.11.1.jar
640 /usr/share/wazuh-indexer/modules/parent-join/plugin-descriptor.properties
640 /usr/share/wazuh-indexer/modules/percolator/percolator-client-2.11.1.jar
640 /usr/share/wazuh-indexer/modules/percolator/plugin-descriptor.properties
640 /usr/share/wazuh-indexer/modules/rank-eval/plugin-descriptor.properties
640 /usr/share/wazuh-indexer/modules/rank-eval/rank-eval-client-2.11.1.jar
640 /usr/share/wazuh-indexer/modules/reindex/commons-codec-1.15.jar
640 /usr/share/wazuh-indexer/modules/reindex/commons-logging-1.2.jar
640 /usr/share/wazuh-indexer/modules/reindex/httpasyncclient-4.1.5.jar
640 /usr/share/wazuh-indexer/modules/reindex/httpclient-4.5.14.jar
640 /usr/share/wazuh-indexer/modules/reindex/httpcore-4.4.16.jar
640 /usr/share/wazuh-indexer/modules/reindex/httpcore-nio-4.4.16.jar
640 /usr/share/wazuh-indexer/modules/reindex/opensearch-rest-client-2.11.1.jar
640 /usr/share/wazuh-indexer/modules/reindex/opensearch-ssl-config-2.11.1.jar
640 /usr/share/wazuh-indexer/modules/reindex/parent-join/plugin-descriptor.properties
640 /usr/share/wazuh-indexer/modules/reindex/plugin-descriptor.properties
640 /usr/share/wazuh-indexer/modules/reindex/plugin-security.policy
640 /usr/share/wazuh-indexer/modules/reindex/reindex-client-2.11.1.jar
640 /usr/share/wazuh-indexer/modules/reindex/transport-netty4/plugin-descriptor.properties
640 /usr/share/wazuh-indexer/modules/reindex/transport-netty4/plugin-security.policy
640 /usr/share/wazuh-indexer/modules/repository-url/plugin-descriptor.properties
640 /usr/share/wazuh-indexer/modules/repository-url/plugin-security.policy
640 /usr/share/wazuh-indexer/modules/repository-url/repository-url-2.11.1.jar
640 /usr/share/wazuh-indexer/modules/search-pipeline-common/plugin-descriptor.properties
640 /usr/share/wazuh-indexer/modules/search-pipeline-common/search-pipeline-common-2.11.1.jar
640 /usr/share/wazuh-indexer/modules/systemd/plugin-descriptor.properties
640 /usr/share/wazuh-indexer/modules/systemd/plugin-security.policy
640 /usr/share/wazuh-indexer/modules/systemd/systemd-2.11.1.jar
640 /usr/share/wazuh-indexer/modules/transport-netty4/netty-buffer-4.1.100.Final.jar
640 /usr/share/wazuh-indexer/modules/transport-netty4/netty-codec-4.1.100.Final.jar
640 /usr/share/wazuh-indexer/modules/transport-netty4/netty-codec-http-4.1.100.Final.jar
640 /usr/share/wazuh-indexer/modules/transport-netty4/netty-common-4.1.100.Final.jar
640 /usr/share/wazuh-indexer/modules/transport-netty4/netty-handler-4.1.100.Final.jar
640 /usr/share/wazuh-indexer/modules/transport-netty4/netty-resolver-4.1.100.Final.jar
640 /usr/share/wazuh-indexer/modules/transport-netty4/netty-transport-4.1.100.Final.jar
640 /usr/share/wazuh-indexer/modules/transport-netty4/netty-transport-native-unix-common-4.1.100.Final.jar
640 /usr/share/wazuh-indexer/modules/transport-netty4/plugin-descriptor.properties
640 /usr/share/wazuh-indexer/modules/transport-netty4/plugin-security.policy
640 /usr/share/wazuh-indexer/modules/transport-netty4/transport-netty4-client-2.11.1.jar
640 /usr/share/wazuh-indexer/NOTICE.txt
640 /usr/share/wazuh-indexer/performance-analyzer-rca/config/agent-stats-metadata
640 /usr/share/wazuh-indexer/performance-analyzer-rca/config/log4j2.xml
640 /usr/share/wazuh-indexer/performance-analyzer-rca/config/opensearch_security.policy
640 /usr/share/wazuh-indexer/performance-analyzer-rca/config/performance-analyzer.properties
640 /usr/share/wazuh-indexer/performance-analyzer-rca/config/plugin-stats-metadata
640 /usr/share/wazuh-indexer/performance-analyzer-rca/config/rca_cluster_manager.conf
640 /usr/share/wazuh-indexer/performance-analyzer-rca/config/rca.conf
640 /usr/share/wazuh-indexer/performance-analyzer-rca/config/rca_idle_cluster_manager.conf
640 /usr/share/wazuh-indexer/performance-analyzer-rca/config/supervisord.conf
640 /usr/share/wazuh-indexer/performance-analyzer-rca/lib/animal-sniffer-annotations-1.23.jar
640 /usr/share/wazuh-indexer/performance-analyzer-rca/lib/annotations-4.1.1.4.jar
640 /usr/share/wazuh-indexer/performance-analyzer-rca/lib/bcpkix-jdk15to18-1.74.jar
640 /usr/share/wazuh-indexer/performance-analyzer-rca/lib/bcprov-jdk15to18-1.74.jar
640 /usr/share/wazuh-indexer/performance-analyzer-rca/lib/bcutil-jdk15to18-1.74.jar
640 /usr/share/wazuh-indexer/performance-analyzer-rca/lib/byte-buddy-1.9.0.jar
640 /usr/share/wazuh-indexer/performance-analyzer-rca/lib/byte-buddy-agent-1.9.0.jar
640 /usr/share/wazuh-indexer/performance-analyzer-rca/lib/checker-qual-3.33.0.jar
640 /usr/share/wazuh-indexer/performance-analyzer-rca/lib/commons-io-2.7.jar
640 /usr/share/wazuh-indexer/performance-analyzer-rca/lib/commons-lang3-3.13.0.jar
640 /usr/share/wazuh-indexer/performance-analyzer-rca/lib/error_prone_annotations-2.18.0.jar
640 /usr/share/wazuh-indexer/performance-analyzer-rca/lib/failureaccess-1.0.1.jar
640 /usr/share/wazuh-indexer/performance-analyzer-rca/lib/grpc-api-1.56.1.jar
640 /usr/share/wazuh-indexer/performance-analyzer-rca/lib/grpc-context-1.56.1.jar
640 /usr/share/wazuh-indexer/performance-analyzer-rca/lib/grpc-core-1.56.1.jar
640 /usr/share/wazuh-indexer/performance-analyzer-rca/lib/grpc-netty-1.56.1.jar
640 /usr/share/wazuh-indexer/performance-analyzer-rca/lib/grpc-protobuf-1.56.1.jar
640 /usr/share/wazuh-indexer/performance-analyzer-rca/lib/grpc-protobuf-lite-1.56.1.jar
640 /usr/share/wazuh-indexer/performance-analyzer-rca/lib/grpc-stub-1.52.1.jar
640 /usr/share/wazuh-indexer/performance-analyzer-rca/lib/gson-2.10.1.jar
640 /usr/share/wazuh-indexer/performance-analyzer-rca/lib/guava-32.1.1-jre.jar
640 /usr/share/wazuh-indexer/performance-analyzer-rca/lib/jackson-annotations-2.15.2.jar
640 /usr/share/wazuh-indexer/performance-analyzer-rca/lib/jackson-core-2.15.2.jar
640 /usr/share/wazuh-indexer/performance-analyzer-rca/lib/jackson-databind-2.15.2.jar
640 /usr/share/wazuh-indexer/performance-analyzer-rca/lib/jakarta.activation-2.0.0.jar
640 /usr/share/wazuh-indexer/performance-analyzer-rca/lib/jakarta.annotation-api-1.3.5.jar
640 /usr/share/wazuh-indexer/performance-analyzer-rca/lib/jakarta.xml.bind-api-3.0.0.jar
640 /usr/share/wazuh-indexer/performance-analyzer-rca/lib/jooq-3.16.20.jar
640 /usr/share/wazuh-indexer/performance-analyzer-rca/lib/jsr305-3.0.2.jar
640 /usr/share/wazuh-indexer/performance-analyzer-rca/lib/log4j-api-2.20.0.jar
640 /usr/share/wazuh-indexer/performance-analyzer-rca/lib/log4j-core-2.20.0.jar
640 /usr/share/wazuh-indexer/performance-analyzer-rca/lib/mockito-core-2.23.0.jar
640 /usr/share/wazuh-indexer/performance-analyzer-rca/lib/netty-buffer-4.1.100.Final.jar
640 /usr/share/wazuh-indexer/performance-analyzer-rca/lib/netty-codec-4.1.100.Final.jar
640 /usr/share/wazuh-indexer/performance-analyzer-rca/lib/netty-codec-http2-4.1.100.Final.jar
640 /usr/share/wazuh-indexer/performance-analyzer-rca/lib/netty-codec-http-4.1.100.Final.jar
640 /usr/share/wazuh-indexer/performance-analyzer-rca/lib/netty-codec-socks-4.1.100.Final.jar
640 /usr/share/wazuh-indexer/performance-analyzer-rca/lib/netty-common-4.1.100.Final.jar
640 /usr/share/wazuh-indexer/performance-analyzer-rca/lib/netty-handler-4.1.100.Final.jar
640 /usr/share/wazuh-indexer/performance-analyzer-rca/lib/netty-handler-proxy-4.1.100.Final.jar
640 /usr/share/wazuh-indexer/performance-analyzer-rca/lib/netty-resolver-4.1.100.Final.jar
640 /usr/share/wazuh-indexer/performance-analyzer-rca/lib/netty-transport-4.1.100.Final.jar
640 /usr/share/wazuh-indexer/performance-analyzer-rca/lib/netty-transport-native-unix-common-4.1.100.Final.jar
640 /usr/share/wazuh-indexer/performance-analyzer-rca/lib/objenesis-2.6.jar
640 /usr/share/wazuh-indexer/performance-analyzer-rca/lib/perfmark-api-0.26.0.jar
640 /usr/share/wazuh-indexer/performance-analyzer-rca/lib/performance-analyzer-commons-1.2.0.jar
640 /usr/share/wazuh-indexer/performance-analyzer-rca/lib/performance-analyzer-rca-2.11.1.0.jar
640 /usr/share/wazuh-indexer/performance-analyzer-rca/lib/protobuf-java-3.22.3.jar
640 /usr/share/wazuh-indexer/performance-analyzer-rca/lib/proto-google-common-protos-2.17.0.jar
640 /usr/share/wazuh-indexer/performance-analyzer-rca/lib/r2dbc-spi-0.9.0.RELEASE.jar
640 /usr/share/wazuh-indexer/performance-analyzer-rca/lib/reactive-streams-1.0.3.jar
640 /usr/share/wazuh-indexer/performance-analyzer-rca/lib/sqlite-jdbc-3.41.2.2.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-alerting/alerting-core-2.11.1.0.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-alerting/annotations-13.0.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-alerting/checker-qual-3.33.0.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-alerting/commons-beanutils-1.9.4.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-alerting/commons-codec-1.13.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-alerting/commons-collections-3.2.2.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-alerting/commons-digester-2.1.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-alerting/commons-logging-1.2.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-alerting/commons-validator-1.7.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-alerting/common-utils-2.11.1.0.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-alerting/cron-utils-9.1.6.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-alerting/error_prone_annotations-2.18.0.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-alerting/failureaccess-1.0.1.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-alerting/google-java-format-1.10.0.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-alerting/guava-32.0.1-jre.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-alerting/httpasyncclient-4.1.5.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-alerting/httpclient-4.5.14.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-alerting/httpcore-4.4.16.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-alerting/httpcore-nio-4.4.16.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-alerting/ipaddress-5.3.3.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-alerting/j2objc-annotations-2.8.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-alerting/javassist-3.27.0-GA.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-alerting/javax.el-3.0.0.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-alerting/jsr305-3.0.2.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-alerting/kotlin-stdlib-1.8.21.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-alerting/kotlin-stdlib-common-1.8.21.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-alerting/kotlin-stdlib-jdk7-1.8.21.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-alerting/kotlin-stdlib-jdk8-1.8.21.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-alerting/kotlinx-coroutines-core-1.1.1.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-alerting/kotlinx-coroutines-core-common-1.1.1.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-alerting/listenablefuture-9999.0-empty-to-avoid-conflict-with-guava.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-alerting/opensearch-alerting-2.11.1.0.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-alerting/opensearch-rest-client-2.11.1.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-alerting/percolator-client-2.11.1.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-alerting/plugin-descriptor.properties
640 /usr/share/wazuh-indexer/plugins/opensearch-alerting/plugin-security.policy
640 /usr/share/wazuh-indexer/plugins/opensearch-alerting/slf4j-api-1.7.30.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-anomaly-detection/commons-codec-1.15.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-anomaly-detection/commons-lang-2.6.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-anomaly-detection/commons-lang3-3.13.0.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-anomaly-detection/commons-logging-1.2.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-anomaly-detection/commons-math3-3.6.1.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-anomaly-detection/commons-pool2-2.10.0.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-anomaly-detection/common-utils-2.11.1.0.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-anomaly-detection/gson-2.8.9.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-anomaly-detection/httpasyncclient-4.1.5.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-anomaly-detection/httpclient-4.5.14.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-anomaly-detection/httpcore-4.4.16.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-anomaly-detection/httpcore-nio-4.4.16.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-anomaly-detection/jackson-annotations-2.14.1.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-anomaly-detection/jackson-databind-2.14.1.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-anomaly-detection/javassist-3.28.0-GA.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-anomaly-detection/memory-0.12.2.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-anomaly-detection/opensearch-anomaly-detection-2.11.1.0.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-anomaly-detection/opensearch-rest-client-2.11.1.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-anomaly-detection/org.jacoco.agent-0.8.5.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-anomaly-detection/org.jacoco.ant-0.8.5.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-anomaly-detection/plugin-descriptor.properties
640 /usr/share/wazuh-indexer/plugins/opensearch-anomaly-detection/plugin-security.policy
640 /usr/share/wazuh-indexer/plugins/opensearch-anomaly-detection/protostuff-api-1.8.0.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-anomaly-detection/protostuff-collectionschema-1.8.0.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-anomaly-detection/protostuff-core-1.8.0.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-anomaly-detection/protostuff-runtime-1.8.0.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-anomaly-detection/randomcutforest-core-3.8.0.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-anomaly-detection/randomcutforest-parkservices-3.8.0.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-anomaly-detection/randomcutforest-serialization-3.8.0.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-anomaly-detection/sketches-core-0.13.4.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-asynchronous-search/common-utils-2.11.1.0.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-asynchronous-search/opensearch-asynchronous-search-2.11.1.0.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-asynchronous-search/plugin-descriptor.properties
640 /usr/share/wazuh-indexer/plugins/opensearch-asynchronous-search/plugin-security.policy
640 /usr/share/wazuh-indexer/plugins/opensearch-cross-cluster-replication/annotations-13.0.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-cross-cluster-replication/common-utils-2.11.1.0.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-cross-cluster-replication/ipaddress-5.3.3.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-cross-cluster-replication/kotlin-stdlib-1.8.21.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-cross-cluster-replication/kotlin-stdlib-common-1.8.21.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-cross-cluster-replication/kotlin-stdlib-jdk7-1.8.21.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-cross-cluster-replication/kotlin-stdlib-jdk8-1.8.21.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-cross-cluster-replication/kotlinx-coroutines-core-jvm-1.6.0.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-cross-cluster-replication/opensearch-cross-cluster-replication-2.11.1.0.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-cross-cluster-replication/plugin-descriptor.properties
640 /usr/share/wazuh-indexer/plugins/opensearch-geospatial/commons-csv-1.10.0.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-geospatial/commons-lang3-3.13.0.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-geospatial/geo-2.11.1.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-geospatial/h3-2.11.1.0.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-geospatial/ipaddress-5.4.0.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-geospatial/LICENSE.txt
640 /usr/share/wazuh-indexer/plugins/opensearch-geospatial/NOTICE.txt
640 /usr/share/wazuh-indexer/plugins/opensearch-geospatial/opensearch-geospatial-2.11.1.0.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-geospatial/plugin-descriptor.properties
640 /usr/share/wazuh-indexer/plugins/opensearch-geospatial/plugin-security.policy
640 /usr/share/wazuh-indexer/plugins/opensearch-index-management/annotations-13.0.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-index-management/commons-codec-1.13.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-index-management/common-utils-2.11.1.0.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-index-management/httpclient-4.5.14.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-index-management/httpcore-4.4.16.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-index-management/ipaddress-5.3.3.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-index-management/kotlin-stdlib-1.8.21.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-index-management/kotlin-stdlib-common-1.8.21.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-index-management/kotlin-stdlib-jdk7-1.8.21.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-index-management/kotlinx-coroutines-core-jvm-1.3.9.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-index-management/LICENSE.txt
640 /usr/share/wazuh-indexer/plugins/opensearch-index-management/NOTICE.txt
640 /usr/share/wazuh-indexer/plugins/opensearch-index-management/opensearch-index-management-2.11.1.0.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-index-management/opensearch-index-management-spi-2.11.1.0.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-index-management/plugin-descriptor.properties
640 /usr/share/wazuh-indexer/plugins/opensearch-index-management/plugin-security.policy
640 /usr/share/wazuh-indexer/plugins/opensearch-job-scheduler/failureaccess-1.0.1.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-job-scheduler/google-java-format-1.17.0.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-job-scheduler/guava-32.1.2-jre.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-job-scheduler/opensearch-job-scheduler-2.11.1.0.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-job-scheduler/opensearch-job-scheduler-spi-2.11.1.0.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-job-scheduler/plugin-descriptor.properties
640 /usr/share/wazuh-indexer/plugins/opensearch-knn/commons-lang-2.6.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-knn/failureaccess-1.0.1.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-knn/guava-32.0.1-jre.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-knn/LICENSE.txt
640 /usr/share/wazuh-indexer/plugins/opensearch-knn/NOTICE.txt
640 /usr/share/wazuh-indexer/plugins/opensearch-knn/opensearch-knn-2.11.1.0.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-knn/plugin-descriptor.properties
640 /usr/share/wazuh-indexer/plugins/opensearch-knn/plugin-security.policy
640 /usr/share/wazuh-indexer/plugins/opensearch-ml/accessors-smart-2.4.9.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-ml/annotations-2.20.19.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-ml/apache-client-2.20.19.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-ml/api-0.21.0.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-ml/asm-9.3.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-ml/auth-2.20.19.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-ml/aws-encryption-sdk-java-2.4.1.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-ml/bcprov-ext-jdk18on-1.75.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-ml/checker-qual-3.33.0.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-ml/commons-beanutils-1.9.4.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-ml/commons-codec-1.15.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-ml/commons-collections-3.2.2.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-ml/commons-collections4-4.4.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-ml/commons-compress-1.22.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-ml/commons-io-2.11.0.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-ml/commons-lang3-3.10.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-ml/commons-logging-1.2.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-ml/commons-math3-3.6.1.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-ml/commons-text-1.10.0.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-ml/common-utils-2.11.1.0.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-ml/endpoints-spi-2.20.19.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-ml/error_prone_annotations-2.18.0.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-ml/eventstream-1.0.1.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-ml/failureaccess-1.0.1.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-ml/gson-2.10.1.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-ml/guava-32.0.1-jre.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-ml/httpasyncclient-4.1.5.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-ml/httpclient-4.5.14.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-ml/http-client-spi-2.20.19.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-ml/httpcore-4.4.15.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-ml/httpcore5-5.2.1.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-ml/httpcore-nio-4.4.16.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-ml/j2objc-annotations-2.8.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-ml/jackson-annotations-2.15.2.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-ml/jackson-databind-2.15.2.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-ml/jansi-2.4.0.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-ml/javassist-3.26.0-GA.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-ml/jline-builtins-3.21.0.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-ml/jline-reader-3.21.0.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-ml/jline-style-3.21.0.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-ml/jline-terminal-3.21.0.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-ml/jline-terminal-jansi-3.21.0.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-ml/json-20231013.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-ml/json-path-2.8.0.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-ml/json-smart-2.4.10.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-ml/json-utils-2.20.19.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-ml/jsr305-3.0.2.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-ml/libsvm-3.25.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-ml/listenablefuture-9999.0-empty-to-avoid-conflict-with-guava.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-ml/log4j-slf4j-impl-2.19.0.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-ml/metrics-spi-2.20.19.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-ml/olcut-config-protobuf-5.2.1.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-ml/olcut-core-5.2.1.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-ml/onnxruntime-engine-0.21.0.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-ml/onnxruntime_gpu-1.14.0.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-ml/opencsv-5.4.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-ml/opensearch-ml-2.11.1.0.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-ml/opensearch-ml-algorithms-2.11.1.0.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-ml/opensearch-ml-common-2.11.1.0.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-ml/opensearch-ml-memory-2.11.1.0.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-ml/opensearch-ml-search-processors-2.11.1.0.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-ml/opensearch-rest-client-2.11.1.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-ml/plugin-descriptor.properties
640 /usr/share/wazuh-indexer/plugins/opensearch-ml/plugin-security.policy
640 /usr/share/wazuh-indexer/plugins/opensearch-ml/profiles-2.20.19.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-ml/protostuff-api-1.8.0.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-ml/protostuff-collectionschema-1.8.0.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-ml/protostuff-core-1.8.0.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-ml/protostuff-runtime-1.8.0.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-ml/pytorch-engine-0.21.0.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-ml/pytorch-model-zoo-0.21.0.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-ml/randomcutforest-core-3.0-rc3.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-ml/randomcutforest-parkservices-3.0-rc3.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-ml/randomcutforest-testutils-3.0-rc3.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-ml/reactive-streams-1.0.3.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-ml/reflections-0.9.12.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-ml/regions-2.20.19.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-ml/sdk-core-2.20.19.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-ml/slf4j-api-1.7.36.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-ml/third-party-jackson-core-2.20.19.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-ml/tokenizers-0.21.0.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-ml/tribuo-anomaly-core-4.2.1.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-ml/tribuo-anomaly-libsvm-4.2.1.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-ml/tribuo-classification-core-4.2.1.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-ml/tribuo-classification-sgd-4.2.1.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-ml/tribuo-clustering-core-4.2.1.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-ml/tribuo-clustering-kmeans-4.2.1.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-ml/tribuo-common-libsvm-4.2.1.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-ml/tribuo-common-sgd-4.2.1.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-ml/tribuo-common-tree-4.2.1.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-ml/tribuo-core-4.2.1.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-ml/tribuo-data-4.2.1.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-ml/tribuo-math-4.2.1.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-ml/tribuo-regression-core-4.2.1.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-ml/tribuo-regression-sgd-4.2.1.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-ml/tribuo-util-infotheory-4.2.1.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-ml/tribuo-util-onnx-4.2.1.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-ml/tribuo-util-tokenization-4.2.1.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-ml/utils-2.20.19.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-neural-search/commons-lang3-3.10.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-neural-search/commons-text-1.10.0.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-neural-search/common-utils-2.11.1.0.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-neural-search/gson-2.10.1.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-neural-search/javassist-3.29.2-GA.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-neural-search/json-20230227.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-neural-search/LICENSE.txt
640 /usr/share/wazuh-indexer/plugins/opensearch-neural-search/NOTICE.txt
640 /usr/share/wazuh-indexer/plugins/opensearch-neural-search/opensearch-ml-client-2.11.1.0.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-neural-search/opensearch-neural-search-2.11.1.0.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-neural-search/plugin-descriptor.properties
640 /usr/share/wazuh-indexer/plugins/opensearch-neural-search/plugin-security.policy
640 /usr/share/wazuh-indexer/plugins/opensearch-neural-search/reflections-0.9.12.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-notifications/common-utils-2.11.1.0.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-notifications-core/activation-1.1.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-notifications-core/aws-java-sdk-core-1.12.48.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-notifications-core/aws-java-sdk-ses-1.12.48.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-notifications-core/aws-java-sdk-sns-1.12.48.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-notifications-core/aws-java-sdk-sts-1.12.48.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-notifications-core/commons-logging-1.2.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-notifications-core/httpclient-4.5.14.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-notifications-core/httpcore-4.4.16.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-notifications-core/jackson-annotations-2.15.2.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-notifications-core/jackson-databind-2.15.2.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-notifications-core/javax.mail-1.6.2.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-notifications-core/kotlin-stdlib-1.8.21.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-notifications-core/kotlin-stdlib-common-1.8.21.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-notifications-core/opensearch-notifications-core-2.11.1.0.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-notifications-core/opensearch-notifications-core-spi-2.11.1.0.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-notifications-core/plugin-descriptor.properties
640 /usr/share/wazuh-indexer/plugins/opensearch-notifications-core/plugin-security.policy
640 /usr/share/wazuh-indexer/plugins/opensearch-notifications/kotlin-stdlib-common-1.8.21.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-notifications/kotlinx-coroutines-core-jvm-1.4.3.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-notifications/opensearch-notifications-2.11.1.0.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-notifications/plugin-descriptor.properties
640 /usr/share/wazuh-indexer/plugins/opensearch-notifications/plugin-security.policy
640 /usr/share/wazuh-indexer/plugins/opensearch-observability/common-utils-2.11.1.0.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-observability/jackson-annotations-2.14.1.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-observability/jackson-databind-2.14.1.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-observability/json-20231013.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-observability/json-base-2.2.1.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-observability/json-flattener-0.15.1.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-observability/kotlin-stdlib-1.8.21.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-observability/kotlin-stdlib-common-1.8.21.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-observability/kotlinx-coroutines-core-jvm-1.3.9.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-observability/opensearch-observability-2.11.1.0.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-observability/plugin-descriptor.properties
640 /usr/share/wazuh-indexer/plugins/opensearch-observability/plugin-security.policy
640 /usr/share/wazuh-indexer/plugins/opensearch-performance-analyzer/bcpkix-jdk15on-1.70.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-performance-analyzer/bcprov-jdk15to18-1.75.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-performance-analyzer/byte-buddy-1.9.7.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-performance-analyzer/byte-buddy-agent-1.9.7.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-performance-analyzer/checker-qual-3.29.0.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-performance-analyzer/commons-lang3-3.13.0.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-performance-analyzer/error_prone_annotations-2.9.0.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-performance-analyzer/failureaccess-1.0.1.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-performance-analyzer/gson-2.9.0.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-performance-analyzer/guava-32.1.1-jre.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-performance-analyzer/jackson-annotations-2.15.2.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-performance-analyzer/jackson-databind-2.15.2.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-performance-analyzer/jackson-module-paranamer-2.15.2.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-performance-analyzer/jooq-3.10.8.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-performance-analyzer/jsr305-3.0.2.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-performance-analyzer/mockito-core-2.23.0.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-performance-analyzer/netty-buffer-4.1.100.Final.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-performance-analyzer/netty-codec-4.1.100.Final.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-performance-analyzer/netty-codec-http2-4.1.100.Final.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-performance-analyzer/netty-codec-http-4.1.100.Final.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-performance-analyzer/netty-codec-socks-4.1.100.Final.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-performance-analyzer/netty-common-4.1.100.Final.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-performance-analyzer/netty-handler-4.1.100.Final.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-performance-analyzer/netty-handler-proxy-4.1.100.Final.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-performance-analyzer/netty-resolver-4.1.100.Final.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-performance-analyzer/netty-transport-4.1.100.Final.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-performance-analyzer/netty-transport-native-unix-common-4.1.100.Final.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-performance-analyzer/objenesis-3.0.1.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-performance-analyzer/opensearch-performance-analyzer-2.11.1.0.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-performance-analyzer/performance-analyzer-commons-1.2.0.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-performance-analyzer/plugin-descriptor.properties
640 /usr/share/wazuh-indexer/plugins/opensearch-performance-analyzer/plugin-security.policy
640 /usr/share/wazuh-indexer/plugins/opensearch-reports-scheduler/common-utils-2.11.1.0.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-reports-scheduler/gson-2.8.9.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-reports-scheduler/jackson-annotations-2.14.1.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-reports-scheduler/jackson-databind-2.14.1.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-reports-scheduler/json-20231013.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-reports-scheduler/json-base-2.2.1.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-reports-scheduler/json-flattener-0.15.1.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-reports-scheduler/jsoup-1.15.3.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-reports-scheduler/kotlin-stdlib-1.8.21.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-reports-scheduler/kotlin-stdlib-common-1.8.21.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-reports-scheduler/kotlin-test-1.8.21.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-reports-scheduler/kotlinx-coroutines-core-jvm-1.3.9.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-reports-scheduler/opensearch-reports-scheduler-2.11.1.0.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-reports-scheduler/plugin-descriptor.properties
640 /usr/share/wazuh-indexer/plugins/opensearch-reports-scheduler/plugin-security.policy
640 /usr/share/wazuh-indexer/plugins/opensearch-security/accessors-smart-2.4.7.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-security/aggs-matrix-stats-client-2.11.1.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-security-analytics/antlr4-runtime-4.10.1.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-security-analytics/commons-codec-1.15.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-security-analytics/commons-lang3-3.13.0.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-security-analytics/commons-logging-1.2.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-security-analytics/common-utils-2.11.1.0.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-security-analytics/cron-utils-9.1.6.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-security-analytics/google-java-format-1.17.0.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-security-analytics/guava-32.0.1-jre.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-security-analytics/httpasyncclient-4.1.5.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-security-analytics/httpclient-4.5.14.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-security-analytics/httpcore-4.4.16.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-security-analytics/httpcore-nio-4.4.16.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-security-analytics/kotlin-stdlib-1.6.10.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-security-analytics/opensearch-rest-client-2.11.1.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-security-analytics/opensearch-security-analytics-2.11.1.0.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-security-analytics/plugin-descriptor.properties
640 /usr/share/wazuh-indexer/plugins/opensearch-security-analytics/plugin-security.policy
640 /usr/share/wazuh-indexer/plugins/opensearch-security/asm-9.6.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-security/bcpkix-jdk15to18-1.76.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-security/bcprov-jdk15to18-1.76.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-security/checker-qual-3.38.0.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-security/commons-cli-1.5.0.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-security/commons-codec-1.16.0.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-security/commons-collections4-4.4.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-security/commons-io-2.13.0.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-security/commons-lang3-3.13.0.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-security/commons-logging-1.2.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-security/commons-text-1.10.0.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-security/compiler-0.9.10.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-security/cryptacular-1.2.5.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-security/cxf-core-4.0.3.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-security/cxf-rt-rs-json-basic-4.0.3.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-security/cxf-rt-rs-security-jose-4.0.3.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-security/cxf-rt-security-4.0.3.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-security/error_prone_annotations-2.22.0.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-security/eventbus-java-3.3.1.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-security/failureaccess-1.0.1.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-security/google-java-format-1.17.0.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-security/guava-32.1.2-jre.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-security/httpasyncclient-4.1.5.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-security/httpclient-4.5.13.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-security/httpclient-cache-4.5.13.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-security/httpcore-4.4.16.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-security/httpcore-nio-4.4.16.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-security/istack-commons-runtime-4.2.0.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-security/j2objc-annotations-2.8.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-security/jackson-annotations-2.15.2.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-security/jackson-databind-2.15.2.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-security/jakarta.activation-1.2.2.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-security/jakarta.xml.bind-api-4.0.0.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-security/java-saml-2.9.0.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-security/java-saml-core-2.9.0.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-security/java-support-7.5.1.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-security/jaxb-runtime-2.3.8.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-security/jjwt-api-0.11.5.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-security/jjwt-impl-0.11.5.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-security/jjwt-jackson-0.11.5.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-security/json-base-2.4.3.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-security/json-flattener-0.16.6.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-security/jsr305-3.0.2.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-security/kafka-clients-3.5.1.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-security/lang-mustache-client-2.11.1.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-security/ldaptive-1.2.3.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-security/log4j-slf4j-impl-2.20.0.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-security/lz4-java-1.8.0.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-security/mapper-extras-client-2.11.1.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-security/metrics-core-4.2.19.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-security/minimal-json-0.9.5.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-security/netty-buffer-4.1.100.Final.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-security/netty-codec-4.1.100.Final.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-security/netty-codec-http-4.1.100.Final.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-security/netty-common-4.1.100.Final.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-security/netty-handler-4.1.100.Final.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-security/netty-resolver-4.1.100.Final.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-security/netty-transport-4.1.100.Final.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-security/netty-transport-native-unix-common-4.1.100.Final.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-security/opensaml-core-3.4.5.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-security/opensaml-messaging-api-3.4.5.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-security/opensaml-profile-api-3.4.5.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-security/opensaml-saml-api-3.4.5.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-security/opensaml-saml-impl-3.4.5.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-security/opensaml-security-api-3.4.5.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-security/opensaml-security-impl-3.4.5.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-security/opensaml-soap-api-3.4.5.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-security/opensaml-soap-impl-3.4.5.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-security/opensaml-storage-api-3.4.5.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-security/opensaml-xmlsec-api-3.4.5.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-security/opensaml-xmlsec-impl-3.4.5.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-security/opensearch-rest-client-2.11.1.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-security/opensearch-rest-high-level-client-2.11.1.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-security/opensearch-security-2.11.1.0.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-security/parent-join-client-2.11.1.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-security/passay-1.6.4.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-security/plugin-descriptor.properties
640 /usr/share/wazuh-indexer/plugins/opensearch-security/plugin-security.policy
640 /usr/share/wazuh-indexer/plugins/opensearch-security/rank-eval-client-2.11.1.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-security/scala-java8-compat_3-1.0.2.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-security/slf4j-api-1.7.36.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-security/snappy-java-1.1.10.5.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-security/stax2-api-4.2.1.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-security/tools/config.yml
640 /usr/share/wazuh-indexer/plugins/opensearch-security/tools/SECURITY_ADMIN_TESTS.md
640 /usr/share/wazuh-indexer/plugins/opensearch-security/transport-netty4-client-2.11.1.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-security/txw2-2.3.8.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-security/woodstox-core-6.5.1.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-security/xmlschema-core-2.3.1.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-security/xmlsec-2.3.3.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-security/zjsonpatch-0.4.14.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-security/zxcvbn-1.8.2.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-sql/annotations-13.0.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-sql/antlr4-4.7.1.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-sql/antlr4-runtime-4.7.1.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-sql/antlr-runtime-3.5.2.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-sql/aws-encryption-sdk-java-2.4.1.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-sql/aws-java-sdk-core-1.12.545.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-sql/aws-java-sdk-emr-1.12.545.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-sql/aws-java-sdk-emrserverless-1.12.545.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-sql/aws-java-sdk-sts-1.12.545.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-sql/bcprov-ext-jdk18on-1.75.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-sql/checker-qual-3.33.0.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-sql/common-2.11.1.0.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-sql/commons-beanutils-1.9.4.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-sql/commons-codec-1.13.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-sql/commons-collections-3.2.2.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-sql/commons-digester-2.1.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-sql/commons-io-2.8.0.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-sql/commons-lang3-3.12.0.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-sql/commons-logging-1.2.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-sql/commons-math3-3.6.1.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-sql/commons-validator-1.7.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-sql/common-utils-2.11.1.0.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-sql/core-2.11.1.0.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-sql/datasources-2.11.1.0.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-sql/druid-1.0.15.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-sql/error_prone_annotations-2.18.0.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-sql/failureaccess-1.0.1.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-sql/geo-2.11.1.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-sql/gson-2.8.9.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-sql/guava-32.0.1-jre.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-sql/httpasyncclient-4.1.5.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-sql/httpclient-4.5.14.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-sql/httpcore-4.4.15.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-sql/httpcore-nio-4.4.16.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-sql/icu4j-58.2.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-sql/ion-java-1.0.2.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-sql/ipaddress-5.4.0.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-sql/j2objc-annotations-2.8.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-sql/jackson-annotations-2.15.2.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-sql/jackson-databind-2.15.2.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-sql/javassist-3.26.0-GA.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-sql/javax.json-1.0.4.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-sql/jmespath-java-1.12.545.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-sql/json-20230227.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-sql/jsr305-3.0.2.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-sql/kotlin-reflect-1.4.30.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-sql/kotlin-stdlib-1.9.0.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-sql/kotlin-stdlib-common-1.6.0.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-sql/kotlin-stdlib-jdk7-1.9.0.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-sql/kotlin-stdlib-jdk8-1.8.0.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-sql/legacy-2.11.1.0.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-sql/LICENSE.txt
640 /usr/share/wazuh-indexer/plugins/opensearch-sql/listenablefuture-9999.0-empty-to-avoid-conflict-with-guava.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-sql/NOTICE.txt
640 /usr/share/wazuh-indexer/plugins/opensearch-sql/okhttp-4.10.0.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-sql/okhttp-aws-signer-1.0.2.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-sql/okio-jvm-3.4.0.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-sql/opensearch-2.11.1.0.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-sql/opensearch-ml-client-2.11.1.0.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-sql/opensearch-rest-client-2.11.1.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-sql/opensearch-sql-2.11.1.0.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-sql/opensearch-ssl-config-2.11.1.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-sql/org.abego.treelayout.core-1.0.3.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-sql/parent-join-client-2.11.1.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-sql/plugin-descriptor.properties
640 /usr/share/wazuh-indexer/plugins/opensearch-sql/plugin-security.policy
640 /usr/share/wazuh-indexer/plugins/opensearch-sql/ppl-2.11.1.0.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-sql/presto-matching-0.240.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-sql/prometheus-2.11.1.0.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-sql/protocol-2.11.1.0.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-sql/reflections-0.9.12.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-sql/reindex-client-2.11.1.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-sql/resilience4j-core-1.5.0.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-sql/resilience4j-retry-1.5.0.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-sql/slf4j-api-1.7.36.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-sql/spark-2.11.1.0.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-sql/sql-2.11.1.0.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-sql/ST4-4.0.8.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-sql/vavr-0.10.2.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-sql/vavr-match-0.10.2.jar
640 /usr/share/wazuh-indexer/README.md
660 /etc/wazuh-indexer/jvm.options
660 /etc/wazuh-indexer/log4j2.properties
660 /etc/wazuh-indexer/opensearch-observability/observability.yml
660 /etc/wazuh-indexer/opensearch-reports-scheduler/reports-scheduler.yml
660 /etc/wazuh-indexer/opensearch.yml
660 /etc/wazuh-indexer/wazuh-template.json
740 /usr/share/wazuh-indexer/plugins/opensearch-security/tools/audit_config_migrater.sh
740 /usr/share/wazuh-indexer/plugins/opensearch-security/tools/hash.sh
740 /usr/share/wazuh-indexer/plugins/opensearch-security/tools/securityadmin.sh
740 /usr/share/wazuh-indexer/plugins/opensearch-security/tools/wazuh-certs-tool.sh
740 /usr/share/wazuh-indexer/plugins/opensearch-security/tools/wazuh-passwords-tool.sh
750 /etc/wazuh-indexer
750 /etc/wazuh-indexer/jvm.options.d
750 /etc/wazuh-indexer/opensearch-notifications
750 /etc/wazuh-indexer/opensearch-notifications-core
750 /etc/wazuh-indexer/opensearch-observability
750 /etc/wazuh-indexer/opensearch-performance-analyzer
750 /etc/wazuh-indexer/opensearch-reports-scheduler
750 /etc/wazuh-indexer/opensearch-security
750 /usr/share/wazuh-indexer
750 /usr/share/wazuh-indexer/bin
750 /usr/share/wazuh-indexer/bin/indexer-init.sh
750 /usr/share/wazuh-indexer/bin/indexer-ism-init.sh
750 /usr/share/wazuh-indexer/bin/indexer-security-init.sh
750 /usr/share/wazuh-indexer/bin/opensearch
750 /usr/share/wazuh-indexer/bin/opensearch-cli
750 /usr/share/wazuh-indexer/bin/opensearch-env
750 /usr/share/wazuh-indexer/bin/opensearch-env-from-file
750 /usr/share/wazuh-indexer/bin/opensearch-keystore
750 /usr/share/wazuh-indexer/bin/opensearch-node
750 /usr/share/wazuh-indexer/bin/opensearch-performance-analyzer
750 /usr/share/wazuh-indexer/bin/opensearch-plugin
750 /usr/share/wazuh-indexer/bin/opensearch-shard
750 /usr/share/wazuh-indexer/bin/opensearch-upgrade
750 /usr/share/wazuh-indexer/bin/systemd-entrypoint
750 /usr/share/wazuh-indexer/jdk
750 /usr/share/wazuh-indexer/jdk/bin
750 /usr/share/wazuh-indexer/jdk/bin/jar
750 /usr/share/wazuh-indexer/jdk/bin/jarsigner
750 /usr/share/wazuh-indexer/jdk/bin/java
750 /usr/share/wazuh-indexer/jdk/bin/javac
750 /usr/share/wazuh-indexer/jdk/bin/javadoc
750 /usr/share/wazuh-indexer/jdk/bin/javap
750 /usr/share/wazuh-indexer/jdk/bin/jcmd
750 /usr/share/wazuh-indexer/jdk/bin/jconsole
750 /usr/share/wazuh-indexer/jdk/bin/jdb
750 /usr/share/wazuh-indexer/jdk/bin/jdeprscan
750 /usr/share/wazuh-indexer/jdk/bin/jdeps
750 /usr/share/wazuh-indexer/jdk/bin/jfr
750 /usr/share/wazuh-indexer/jdk/bin/jhsdb
750 /usr/share/wazuh-indexer/jdk/bin/jimage
750 /usr/share/wazuh-indexer/jdk/bin/jinfo
750 /usr/share/wazuh-indexer/jdk/bin/jlink
750 /usr/share/wazuh-indexer/jdk/bin/jmap
750 /usr/share/wazuh-indexer/jdk/bin/jmod
750 /usr/share/wazuh-indexer/jdk/bin/jpackage
750 /usr/share/wazuh-indexer/jdk/bin/jps
750 /usr/share/wazuh-indexer/jdk/bin/jrunscript
750 /usr/share/wazuh-indexer/jdk/bin/jshell
750 /usr/share/wazuh-indexer/jdk/bin/jstack
750 /usr/share/wazuh-indexer/jdk/bin/jstat
750 /usr/share/wazuh-indexer/jdk/bin/jstatd
750 /usr/share/wazuh-indexer/jdk/bin/keytool
750 /usr/share/wazuh-indexer/jdk/bin/rmiregistry
750 /usr/share/wazuh-indexer/jdk/bin/serialver
750 /usr/share/wazuh-indexer/jdk/conf
750 /usr/share/wazuh-indexer/jdk/conf/management
750 /usr/share/wazuh-indexer/jdk/conf/sdp
750 /usr/share/wazuh-indexer/jdk/conf/security
750 /usr/share/wazuh-indexer/jdk/conf/security/policy
750 /usr/share/wazuh-indexer/jdk/conf/security/policy/limited
750 /usr/share/wazuh-indexer/jdk/conf/security/policy/unlimited
750 /usr/share/wazuh-indexer/jdk/include
750 /usr/share/wazuh-indexer/jdk/include/linux
750 /usr/share/wazuh-indexer/jdk/jmods
750 /usr/share/wazuh-indexer/jdk/legal
750 /usr/share/wazuh-indexer/jdk/legal/java.base
750 /usr/share/wazuh-indexer/jdk/legal/java.compiler
750 /usr/share/wazuh-indexer/jdk/legal/java.datatransfer
750 /usr/share/wazuh-indexer/jdk/legal/java.desktop
750 /usr/share/wazuh-indexer/jdk/legal/java.instrument
750 /usr/share/wazuh-indexer/jdk/legal/java.logging
750 /usr/share/wazuh-indexer/jdk/legal/java.management
750 /usr/share/wazuh-indexer/jdk/legal/java.management.rmi
750 /usr/share/wazuh-indexer/jdk/legal/java.naming
750 /usr/share/wazuh-indexer/jdk/legal/java.net.http
750 /usr/share/wazuh-indexer/jdk/legal/java.prefs
750 /usr/share/wazuh-indexer/jdk/legal/java.rmi
750 /usr/share/wazuh-indexer/jdk/legal/java.scripting
750 /usr/share/wazuh-indexer/jdk/legal/java.se
750 /usr/share/wazuh-indexer/jdk/legal/java.security.jgss
750 /usr/share/wazuh-indexer/jdk/legal/java.security.sasl
750 /usr/share/wazuh-indexer/jdk/legal/java.smartcardio
750 /usr/share/wazuh-indexer/jdk/legal/java.sql
750 /usr/share/wazuh-indexer/jdk/legal/java.sql.rowset
750 /usr/share/wazuh-indexer/jdk/legal/java.transaction.xa
750 /usr/share/wazuh-indexer/jdk/legal/java.xml
750 /usr/share/wazuh-indexer/jdk/legal/java.xml.crypto
750 /usr/share/wazuh-indexer/jdk/legal/jdk.accessibility
750 /usr/share/wazuh-indexer/jdk/legal/jdk.attach
750 /usr/share/wazuh-indexer/jdk/legal/jdk.charsets
750 /usr/share/wazuh-indexer/jdk/legal/jdk.compiler
750 /usr/share/wazuh-indexer/jdk/legal/jdk.crypto.cryptoki
750 /usr/share/wazuh-indexer/jdk/legal/jdk.crypto.ec
750 /usr/share/wazuh-indexer/jdk/legal/jdk.dynalink
750 /usr/share/wazuh-indexer/jdk/legal/jdk.editpad
750 /usr/share/wazuh-indexer/jdk/legal/jdk.hotspot.agent
750 /usr/share/wazuh-indexer/jdk/legal/jdk.httpserver
750 /usr/share/wazuh-indexer/jdk/legal/jdk.incubator.foreign
750 /usr/share/wazuh-indexer/jdk/legal/jdk.incubator.vector
750 /usr/share/wazuh-indexer/jdk/legal/jdk.internal.ed
750 /usr/share/wazuh-indexer/jdk/legal/jdk.internal.jvmstat
750 /usr/share/wazuh-indexer/jdk/legal/jdk.internal.le
750 /usr/share/wazuh-indexer/jdk/legal/jdk.internal.opt
750 /usr/share/wazuh-indexer/jdk/legal/jdk.internal.vm.ci
750 /usr/share/wazuh-indexer/jdk/legal/jdk.internal.vm.compiler
750 /usr/share/wazuh-indexer/jdk/legal/jdk.internal.vm.compiler.management
750 /usr/share/wazuh-indexer/jdk/legal/jdk.jartool
750 /usr/share/wazuh-indexer/jdk/legal/jdk.javadoc
750 /usr/share/wazuh-indexer/jdk/legal/jdk.jcmd
750 /usr/share/wazuh-indexer/jdk/legal/jdk.jconsole
750 /usr/share/wazuh-indexer/jdk/legal/jdk.jdeps
750 /usr/share/wazuh-indexer/jdk/legal/jdk.jdi
750 /usr/share/wazuh-indexer/jdk/legal/jdk.jdwp.agent
750 /usr/share/wazuh-indexer/jdk/legal/jdk.jfr
750 /usr/share/wazuh-indexer/jdk/legal/jdk.jlink
750 /usr/share/wazuh-indexer/jdk/legal/jdk.jpackage
750 /usr/share/wazuh-indexer/jdk/legal/jdk.jshell
750 /usr/share/wazuh-indexer/jdk/legal/jdk.jsobject
750 /usr/share/wazuh-indexer/jdk/legal/jdk.jstatd
750 /usr/share/wazuh-indexer/jdk/legal/jdk.localedata
750 /usr/share/wazuh-indexer/jdk/legal/jdk.management
750 /usr/share/wazuh-indexer/jdk/legal/jdk.management.agent
750 /usr/share/wazuh-indexer/jdk/legal/jdk.management.jfr
750 /usr/share/wazuh-indexer/jdk/legal/jdk.naming.dns
750 /usr/share/wazuh-indexer/jdk/legal/jdk.naming.rmi
750 /usr/share/wazuh-indexer/jdk/legal/jdk.net
750 /usr/share/wazuh-indexer/jdk/legal/jdk.nio.mapmode
750 /usr/share/wazuh-indexer/jdk/legal/jdk.random
750 /usr/share/wazuh-indexer/jdk/legal/jdk.sctp
750 /usr/share/wazuh-indexer/jdk/legal/jdk.security.auth
750 /usr/share/wazuh-indexer/jdk/legal/jdk.security.jgss
750 /usr/share/wazuh-indexer/jdk/legal/jdk.unsupported
750 /usr/share/wazuh-indexer/jdk/legal/jdk.unsupported.desktop
750 /usr/share/wazuh-indexer/jdk/legal/jdk.xml.dom
750 /usr/share/wazuh-indexer/jdk/legal/jdk.zipfs
750 /usr/share/wazuh-indexer/jdk/lib
750 /usr/share/wazuh-indexer/jdk/lib/jfr
750 /usr/share/wazuh-indexer/jdk/lib/jspawnhelper
750 /usr/share/wazuh-indexer/jdk/lib/modules
750 /usr/share/wazuh-indexer/jdk/lib/security
750 /usr/share/wazuh-indexer/jdk/lib/server
750 /usr/share/wazuh-indexer/jdk/man
750 /usr/share/wazuh-indexer/jdk/man/man1
750 /usr/share/wazuh-indexer/lib
750 /usr/share/wazuh-indexer/lib/tools
750 /usr/share/wazuh-indexer/lib/tools/keystore-cli
750 /usr/share/wazuh-indexer/lib/tools/plugin-cli
750 /usr/share/wazuh-indexer/lib/tools/upgrade-cli
750 /usr/share/wazuh-indexer/modules
750 /usr/share/wazuh-indexer/modules/aggs-matrix-stats
750 /usr/share/wazuh-indexer/modules/analysis-common
750 /usr/share/wazuh-indexer/modules/geo
750 /usr/share/wazuh-indexer/modules/ingest-common
750 /usr/share/wazuh-indexer/modules/ingest-geoip
750 /usr/share/wazuh-indexer/modules/ingest-user-agent
750 /usr/share/wazuh-indexer/modules/lang-expression
750 /usr/share/wazuh-indexer/modules/lang-mustache
750 /usr/share/wazuh-indexer/modules/lang-painless
750 /usr/share/wazuh-indexer/modules/mapper-extras
750 /usr/share/wazuh-indexer/modules/opensearch-dashboards
750 /usr/share/wazuh-indexer/modules/parent-join
750 /usr/share/wazuh-indexer/modules/percolator
750 /usr/share/wazuh-indexer/modules/rank-eval
750 /usr/share/wazuh-indexer/modules/reindex
750 /usr/share/wazuh-indexer/modules/reindex/parent-join
750 /usr/share/wazuh-indexer/modules/reindex/transport-netty4
750 /usr/share/wazuh-indexer/modules/repository-url
750 /usr/share/wazuh-indexer/modules/search-pipeline-common
750 /usr/share/wazuh-indexer/modules/systemd
750 /usr/share/wazuh-indexer/modules/transport-netty4
750 /usr/share/wazuh-indexer/performance-analyzer-rca
750 /usr/share/wazuh-indexer/performance-analyzer-rca/bin
750 /usr/share/wazuh-indexer/performance-analyzer-rca/bin/performance-analyzer-agent
750 /usr/share/wazuh-indexer/performance-analyzer-rca/bin/performance-analyzer-rca
750 /usr/share/wazuh-indexer/performance-analyzer-rca/config
750 /usr/share/wazuh-indexer/performance-analyzer-rca/lib
750 /usr/share/wazuh-indexer/plugins
750 /usr/share/wazuh-indexer/plugins/opensearch-alerting
750 /usr/share/wazuh-indexer/plugins/opensearch-anomaly-detection
750 /usr/share/wazuh-indexer/plugins/opensearch-asynchronous-search
750 /usr/share/wazuh-indexer/plugins/opensearch-cross-cluster-replication
750 /usr/share/wazuh-indexer/plugins/opensearch-geospatial
750 /usr/share/wazuh-indexer/plugins/opensearch-index-management
750 /usr/share/wazuh-indexer/plugins/opensearch-job-scheduler
750 /usr/share/wazuh-indexer/plugins/opensearch-knn
750 /usr/share/wazuh-indexer/plugins/opensearch-ml
750 /usr/share/wazuh-indexer/plugins/opensearch-neural-search
750 /usr/share/wazuh-indexer/plugins/opensearch-notifications
750 /usr/share/wazuh-indexer/plugins/opensearch-notifications-core
750 /usr/share/wazuh-indexer/plugins/opensearch-observability
750 /usr/share/wazuh-indexer/plugins/opensearch-performance-analyzer
750 /usr/share/wazuh-indexer/plugins/opensearch-reports-scheduler
750 /usr/share/wazuh-indexer/plugins/opensearch-security
750 /usr/share/wazuh-indexer/plugins/opensearch-security-analytics
750 /usr/share/wazuh-indexer/plugins/opensearch-security/tools
750 /usr/share/wazuh-indexer/plugins/opensearch-sql
750 /var/log/wazuh-indexer

@f-galland
Copy link
Member Author

.rpm package file permissions:

find {/usr/share/wazuh-indexer,/etc/wazuh-indexer,/var/log/wazuh-indexer} -printf "%m %h/%f\n" | sort -n

output:

440 /usr/share/wazuh-indexer/VERSION
600 /etc/wazuh-indexer/.opensearch.keystore.initial_md5sum
640 /etc/wazuh-indexer/opensearch-notifications-core/notifications-core.yml
640 /etc/wazuh-indexer/opensearch-notifications/notifications.yml
640 /etc/wazuh-indexer/opensearch-performance-analyzer/agent-stats-metadata
640 /etc/wazuh-indexer/opensearch-performance-analyzer/log4j2.xml
640 /etc/wazuh-indexer/opensearch-performance-analyzer/opensearch_security.policy
640 /etc/wazuh-indexer/opensearch-performance-analyzer/performance-analyzer.properties
640 /etc/wazuh-indexer/opensearch-performance-analyzer/plugin-stats-metadata
640 /etc/wazuh-indexer/opensearch-performance-analyzer/rca_cluster_manager.conf
640 /etc/wazuh-indexer/opensearch-performance-analyzer/rca.conf
640 /etc/wazuh-indexer/opensearch-performance-analyzer/rca_idle_cluster_manager.conf
640 /etc/wazuh-indexer/opensearch-performance-analyzer/supervisord.conf
640 /etc/wazuh-indexer/opensearch-security/action_groups.yml
640 /etc/wazuh-indexer/opensearch-security/allowlist.yml
640 /etc/wazuh-indexer/opensearch-security/audit.yml
640 /etc/wazuh-indexer/opensearch-security/config.yml
640 /etc/wazuh-indexer/opensearch-security/internal_users.yml
640 /etc/wazuh-indexer/opensearch-security/nodes_dn.yml
640 /etc/wazuh-indexer/opensearch-security/opensearch.yml.example
640 /etc/wazuh-indexer/opensearch-security/roles_mapping.yml
640 /etc/wazuh-indexer/opensearch-security/roles.yml
640 /etc/wazuh-indexer/opensearch-security/tenants.yml
640 /etc/wazuh-indexer/opensearch-security/whitelist.yml
640 /usr/share/wazuh-indexer/jdk/conf/logging.properties
640 /usr/share/wazuh-indexer/jdk/conf/management/jmxremote.access
640 /usr/share/wazuh-indexer/jdk/conf/management/jmxremote.password.template
640 /usr/share/wazuh-indexer/jdk/conf/management/management.properties
640 /usr/share/wazuh-indexer/jdk/conf/net.properties
640 /usr/share/wazuh-indexer/jdk/conf/sdp/sdp.conf.template
640 /usr/share/wazuh-indexer/jdk/conf/security/java.policy
640 /usr/share/wazuh-indexer/jdk/conf/security/java.security
640 /usr/share/wazuh-indexer/jdk/conf/security/policy/limited/default_local.policy
640 /usr/share/wazuh-indexer/jdk/conf/security/policy/limited/default_US_export.policy
640 /usr/share/wazuh-indexer/jdk/conf/security/policy/limited/exempt_local.policy
640 /usr/share/wazuh-indexer/jdk/conf/security/policy/README.txt
640 /usr/share/wazuh-indexer/jdk/conf/security/policy/unlimited/default_local.policy
640 /usr/share/wazuh-indexer/jdk/conf/security/policy/unlimited/default_US_export.policy
640 /usr/share/wazuh-indexer/jdk/conf/sound.properties
640 /usr/share/wazuh-indexer/jdk/include/classfile_constants.h
640 /usr/share/wazuh-indexer/jdk/include/jawt.h
640 /usr/share/wazuh-indexer/jdk/include/jdwpTransport.h
640 /usr/share/wazuh-indexer/jdk/include/jni.h
640 /usr/share/wazuh-indexer/jdk/include/jvmticmlr.h
640 /usr/share/wazuh-indexer/jdk/include/jvmti.h
640 /usr/share/wazuh-indexer/jdk/include/linux/jawt_md.h
640 /usr/share/wazuh-indexer/jdk/include/linux/jni_md.h
640 /usr/share/wazuh-indexer/jdk/jmods/java.base.jmod
640 /usr/share/wazuh-indexer/jdk/jmods/java.compiler.jmod
640 /usr/share/wazuh-indexer/jdk/jmods/java.datatransfer.jmod
640 /usr/share/wazuh-indexer/jdk/jmods/java.desktop.jmod
640 /usr/share/wazuh-indexer/jdk/jmods/java.instrument.jmod
640 /usr/share/wazuh-indexer/jdk/jmods/java.logging.jmod
640 /usr/share/wazuh-indexer/jdk/jmods/java.management.jmod
640 /usr/share/wazuh-indexer/jdk/jmods/java.management.rmi.jmod
640 /usr/share/wazuh-indexer/jdk/jmods/java.naming.jmod
640 /usr/share/wazuh-indexer/jdk/jmods/java.net.http.jmod
640 /usr/share/wazuh-indexer/jdk/jmods/java.prefs.jmod
640 /usr/share/wazuh-indexer/jdk/jmods/java.rmi.jmod
640 /usr/share/wazuh-indexer/jdk/jmods/java.scripting.jmod
640 /usr/share/wazuh-indexer/jdk/jmods/java.security.jgss.jmod
640 /usr/share/wazuh-indexer/jdk/jmods/java.security.sasl.jmod
640 /usr/share/wazuh-indexer/jdk/jmods/java.se.jmod
640 /usr/share/wazuh-indexer/jdk/jmods/java.smartcardio.jmod
640 /usr/share/wazuh-indexer/jdk/jmods/java.sql.jmod
640 /usr/share/wazuh-indexer/jdk/jmods/java.sql.rowset.jmod
640 /usr/share/wazuh-indexer/jdk/jmods/java.transaction.xa.jmod
640 /usr/share/wazuh-indexer/jdk/jmods/java.xml.crypto.jmod
640 /usr/share/wazuh-indexer/jdk/jmods/java.xml.jmod
640 /usr/share/wazuh-indexer/jdk/jmods/jdk.accessibility.jmod
640 /usr/share/wazuh-indexer/jdk/jmods/jdk.attach.jmod
640 /usr/share/wazuh-indexer/jdk/jmods/jdk.charsets.jmod
640 /usr/share/wazuh-indexer/jdk/jmods/jdk.compiler.jmod
640 /usr/share/wazuh-indexer/jdk/jmods/jdk.crypto.cryptoki.jmod
640 /usr/share/wazuh-indexer/jdk/jmods/jdk.crypto.ec.jmod
640 /usr/share/wazuh-indexer/jdk/jmods/jdk.dynalink.jmod
640 /usr/share/wazuh-indexer/jdk/jmods/jdk.editpad.jmod
640 /usr/share/wazuh-indexer/jdk/jmods/jdk.hotspot.agent.jmod
640 /usr/share/wazuh-indexer/jdk/jmods/jdk.httpserver.jmod
640 /usr/share/wazuh-indexer/jdk/jmods/jdk.incubator.foreign.jmod
640 /usr/share/wazuh-indexer/jdk/jmods/jdk.incubator.vector.jmod
640 /usr/share/wazuh-indexer/jdk/jmods/jdk.internal.ed.jmod
640 /usr/share/wazuh-indexer/jdk/jmods/jdk.internal.jvmstat.jmod
640 /usr/share/wazuh-indexer/jdk/jmods/jdk.internal.le.jmod
640 /usr/share/wazuh-indexer/jdk/jmods/jdk.internal.opt.jmod
640 /usr/share/wazuh-indexer/jdk/jmods/jdk.internal.vm.ci.jmod
640 /usr/share/wazuh-indexer/jdk/jmods/jdk.internal.vm.compiler.jmod
640 /usr/share/wazuh-indexer/jdk/jmods/jdk.internal.vm.compiler.management.jmod
640 /usr/share/wazuh-indexer/jdk/jmods/jdk.jartool.jmod
640 /usr/share/wazuh-indexer/jdk/jmods/jdk.javadoc.jmod
640 /usr/share/wazuh-indexer/jdk/jmods/jdk.jcmd.jmod
640 /usr/share/wazuh-indexer/jdk/jmods/jdk.jconsole.jmod
640 /usr/share/wazuh-indexer/jdk/jmods/jdk.jdeps.jmod
640 /usr/share/wazuh-indexer/jdk/jmods/jdk.jdi.jmod
640 /usr/share/wazuh-indexer/jdk/jmods/jdk.jdwp.agent.jmod
640 /usr/share/wazuh-indexer/jdk/jmods/jdk.jfr.jmod
640 /usr/share/wazuh-indexer/jdk/jmods/jdk.jlink.jmod
640 /usr/share/wazuh-indexer/jdk/jmods/jdk.jpackage.jmod
640 /usr/share/wazuh-indexer/jdk/jmods/jdk.jshell.jmod
640 /usr/share/wazuh-indexer/jdk/jmods/jdk.jsobject.jmod
640 /usr/share/wazuh-indexer/jdk/jmods/jdk.jstatd.jmod
640 /usr/share/wazuh-indexer/jdk/jmods/jdk.localedata.jmod
640 /usr/share/wazuh-indexer/jdk/jmods/jdk.management.agent.jmod
640 /usr/share/wazuh-indexer/jdk/jmods/jdk.management.jfr.jmod
640 /usr/share/wazuh-indexer/jdk/jmods/jdk.management.jmod
640 /usr/share/wazuh-indexer/jdk/jmods/jdk.naming.dns.jmod
640 /usr/share/wazuh-indexer/jdk/jmods/jdk.naming.rmi.jmod
640 /usr/share/wazuh-indexer/jdk/jmods/jdk.net.jmod
640 /usr/share/wazuh-indexer/jdk/jmods/jdk.nio.mapmode.jmod
640 /usr/share/wazuh-indexer/jdk/jmods/jdk.random.jmod
640 /usr/share/wazuh-indexer/jdk/jmods/jdk.sctp.jmod
640 /usr/share/wazuh-indexer/jdk/jmods/jdk.security.auth.jmod
640 /usr/share/wazuh-indexer/jdk/jmods/jdk.security.jgss.jmod
640 /usr/share/wazuh-indexer/jdk/jmods/jdk.unsupported.desktop.jmod
640 /usr/share/wazuh-indexer/jdk/jmods/jdk.unsupported.jmod
640 /usr/share/wazuh-indexer/jdk/jmods/jdk.xml.dom.jmod
640 /usr/share/wazuh-indexer/jdk/jmods/jdk.zipfs.jmod
640 /usr/share/wazuh-indexer/jdk/legal/java.base/ADDITIONAL_LICENSE_INFO
640 /usr/share/wazuh-indexer/jdk/legal/java.base/aes.md
640 /usr/share/wazuh-indexer/jdk/legal/java.base/asm.md
640 /usr/share/wazuh-indexer/jdk/legal/java.base/ASSEMBLY_EXCEPTION
640 /usr/share/wazuh-indexer/jdk/legal/java.base/cldr.md
640 /usr/share/wazuh-indexer/jdk/legal/java.base/c-libutl.md
640 /usr/share/wazuh-indexer/jdk/legal/java.base/icu.md
640 /usr/share/wazuh-indexer/jdk/legal/java.base/LICENSE
640 /usr/share/wazuh-indexer/jdk/legal/java.base/public_suffix.md
640 /usr/share/wazuh-indexer/jdk/legal/java.base/unicode.md
640 /usr/share/wazuh-indexer/jdk/legal/java.desktop/colorimaging.md
640 /usr/share/wazuh-indexer/jdk/legal/java.desktop/giflib.md
640 /usr/share/wazuh-indexer/jdk/legal/java.desktop/harfbuzz.md
640 /usr/share/wazuh-indexer/jdk/legal/java.desktop/jpeg.md
640 /usr/share/wazuh-indexer/jdk/legal/java.desktop/lcms.md
640 /usr/share/wazuh-indexer/jdk/legal/java.desktop/libpng.md
640 /usr/share/wazuh-indexer/jdk/legal/java.desktop/mesa3d.md
640 /usr/share/wazuh-indexer/jdk/legal/java.desktop/xwd.md
640 /usr/share/wazuh-indexer/jdk/legal/java.smartcardio/pcsclite.md
640 /usr/share/wazuh-indexer/jdk/legal/java.xml/bcel.md
640 /usr/share/wazuh-indexer/jdk/legal/java.xml.crypto/santuario.md
640 /usr/share/wazuh-indexer/jdk/legal/java.xml/dom.md
640 /usr/share/wazuh-indexer/jdk/legal/java.xml/jcup.md
640 /usr/share/wazuh-indexer/jdk/legal/java.xml/xalan.md
640 /usr/share/wazuh-indexer/jdk/legal/java.xml/xerces.md
640 /usr/share/wazuh-indexer/jdk/legal/jdk.crypto.cryptoki/pkcs11cryptotoken.md
640 /usr/share/wazuh-indexer/jdk/legal/jdk.crypto.cryptoki/pkcs11wrapper.md
640 /usr/share/wazuh-indexer/jdk/legal/jdk.dynalink/dynalink.md
640 /usr/share/wazuh-indexer/jdk/legal/jdk.internal.le/jline.md
640 /usr/share/wazuh-indexer/jdk/legal/jdk.internal.opt/jopt-simple.md
640 /usr/share/wazuh-indexer/jdk/legal/jdk.javadoc/jquery.md
640 /usr/share/wazuh-indexer/jdk/legal/jdk.javadoc/jqueryUI.md
640 /usr/share/wazuh-indexer/jdk/legal/jdk.localedata/thaidict.md
640 /usr/share/wazuh-indexer/jdk/lib/classlist
640 /usr/share/wazuh-indexer/jdk/lib/ct.sym
640 /usr/share/wazuh-indexer/jdk/lib/jexec
640 /usr/share/wazuh-indexer/jdk/lib/jfr/default.jfc
640 /usr/share/wazuh-indexer/jdk/lib/jfr/profile.jfc
640 /usr/share/wazuh-indexer/jdk/lib/jrt-fs.jar
640 /usr/share/wazuh-indexer/jdk/lib/jvm.cfg
640 /usr/share/wazuh-indexer/jdk/lib/libattach.so
640 /usr/share/wazuh-indexer/jdk/lib/libawt_headless.so
640 /usr/share/wazuh-indexer/jdk/lib/libawt.so
640 /usr/share/wazuh-indexer/jdk/lib/libawt_xawt.so
640 /usr/share/wazuh-indexer/jdk/lib/libdt_socket.so
640 /usr/share/wazuh-indexer/jdk/lib/libextnet.so
640 /usr/share/wazuh-indexer/jdk/lib/libfontmanager.so
640 /usr/share/wazuh-indexer/jdk/lib/libinstrument.so
640 /usr/share/wazuh-indexer/jdk/lib/libj2gss.so
640 /usr/share/wazuh-indexer/jdk/lib/libj2pcsc.so
640 /usr/share/wazuh-indexer/jdk/lib/libj2pkcs11.so
640 /usr/share/wazuh-indexer/jdk/lib/libjaas.so
640 /usr/share/wazuh-indexer/jdk/lib/libjavajpeg.so
640 /usr/share/wazuh-indexer/jdk/lib/libjava.so
640 /usr/share/wazuh-indexer/jdk/lib/libjawt.so
640 /usr/share/wazuh-indexer/jdk/lib/libjdwp.so
640 /usr/share/wazuh-indexer/jdk/lib/libjimage.so
640 /usr/share/wazuh-indexer/jdk/lib/libjli.so
640 /usr/share/wazuh-indexer/jdk/lib/libjsig.so
640 /usr/share/wazuh-indexer/jdk/lib/libjsound.so
640 /usr/share/wazuh-indexer/jdk/lib/libjsvml.so
640 /usr/share/wazuh-indexer/jdk/lib/liblcms.so
640 /usr/share/wazuh-indexer/jdk/lib/libmanagement_agent.so
640 /usr/share/wazuh-indexer/jdk/lib/libmanagement_ext.so
640 /usr/share/wazuh-indexer/jdk/lib/libmanagement.so
640 /usr/share/wazuh-indexer/jdk/lib/libmlib_image.so
640 /usr/share/wazuh-indexer/jdk/lib/libnet.so
640 /usr/share/wazuh-indexer/jdk/lib/libnio.so
640 /usr/share/wazuh-indexer/jdk/lib/libprefs.so
640 /usr/share/wazuh-indexer/jdk/lib/librmi.so
640 /usr/share/wazuh-indexer/jdk/lib/libsaproc.so
640 /usr/share/wazuh-indexer/jdk/lib/libsctp.so
640 /usr/share/wazuh-indexer/jdk/lib/libsplashscreen.so
640 /usr/share/wazuh-indexer/jdk/lib/libsyslookup.so
640 /usr/share/wazuh-indexer/jdk/lib/libverify.so
640 /usr/share/wazuh-indexer/jdk/lib/libzip.so
640 /usr/share/wazuh-indexer/jdk/lib/psfontj2d.properties
640 /usr/share/wazuh-indexer/jdk/lib/psfont.properties.ja
640 /usr/share/wazuh-indexer/jdk/lib/security/blocked.certs
640 /usr/share/wazuh-indexer/jdk/lib/security/cacerts
640 /usr/share/wazuh-indexer/jdk/lib/security/default.policy
640 /usr/share/wazuh-indexer/jdk/lib/security/public_suffix_list.dat
640 /usr/share/wazuh-indexer/jdk/lib/server/classes.jsa
640 /usr/share/wazuh-indexer/jdk/lib/server/classes_nocoops.jsa
640 /usr/share/wazuh-indexer/jdk/lib/server/libjsig.so
640 /usr/share/wazuh-indexer/jdk/lib/server/libjvm.so
640 /usr/share/wazuh-indexer/jdk/lib/tzdb.dat
640 /usr/share/wazuh-indexer/jdk/man/man1/jar.1
640 /usr/share/wazuh-indexer/jdk/man/man1/jarsigner.1
640 /usr/share/wazuh-indexer/jdk/man/man1/java.1
640 /usr/share/wazuh-indexer/jdk/man/man1/javac.1
640 /usr/share/wazuh-indexer/jdk/man/man1/javadoc.1
640 /usr/share/wazuh-indexer/jdk/man/man1/javap.1
640 /usr/share/wazuh-indexer/jdk/man/man1/jcmd.1
640 /usr/share/wazuh-indexer/jdk/man/man1/jconsole.1
640 /usr/share/wazuh-indexer/jdk/man/man1/jdb.1
640 /usr/share/wazuh-indexer/jdk/man/man1/jdeprscan.1
640 /usr/share/wazuh-indexer/jdk/man/man1/jdeps.1
640 /usr/share/wazuh-indexer/jdk/man/man1/jfr.1
640 /usr/share/wazuh-indexer/jdk/man/man1/jhsdb.1
640 /usr/share/wazuh-indexer/jdk/man/man1/jinfo.1
640 /usr/share/wazuh-indexer/jdk/man/man1/jlink.1
640 /usr/share/wazuh-indexer/jdk/man/man1/jmap.1
640 /usr/share/wazuh-indexer/jdk/man/man1/jmod.1
640 /usr/share/wazuh-indexer/jdk/man/man1/jpackage.1
640 /usr/share/wazuh-indexer/jdk/man/man1/jps.1
640 /usr/share/wazuh-indexer/jdk/man/man1/jrunscript.1
640 /usr/share/wazuh-indexer/jdk/man/man1/jshell.1
640 /usr/share/wazuh-indexer/jdk/man/man1/jstack.1
640 /usr/share/wazuh-indexer/jdk/man/man1/jstat.1
640 /usr/share/wazuh-indexer/jdk/man/man1/jstatd.1
640 /usr/share/wazuh-indexer/jdk/man/man1/keytool.1
640 /usr/share/wazuh-indexer/jdk/man/man1/rmiregistry.1
640 /usr/share/wazuh-indexer/jdk/man/man1/serialver.1
640 /usr/share/wazuh-indexer/jdk/NOTICE
640 /usr/share/wazuh-indexer/jdk/release
640 /usr/share/wazuh-indexer/lib/HdrHistogram-2.1.12.jar
640 /usr/share/wazuh-indexer/lib/jackson-core-2.15.2.jar
640 /usr/share/wazuh-indexer/lib/jackson-dataformat-cbor-2.15.2.jar
640 /usr/share/wazuh-indexer/lib/jackson-dataformat-smile-2.15.2.jar
640 /usr/share/wazuh-indexer/lib/jackson-dataformat-yaml-2.15.2.jar
640 /usr/share/wazuh-indexer/lib/jakarta.annotation-api-1.3.5.jar
640 /usr/share/wazuh-indexer/lib/java-version-checker-2.11.1.jar
640 /usr/share/wazuh-indexer/lib/jna-5.13.0.jar
640 /usr/share/wazuh-indexer/lib/joda-time-2.12.2.jar
640 /usr/share/wazuh-indexer/lib/jopt-simple-5.0.4.jar
640 /usr/share/wazuh-indexer/lib/jts-core-1.15.0.jar
640 /usr/share/wazuh-indexer/lib/jzlib-1.1.3.jar
640 /usr/share/wazuh-indexer/lib/log4j-api-2.20.0.jar
640 /usr/share/wazuh-indexer/lib/log4j-core-2.20.0.jar
640 /usr/share/wazuh-indexer/lib/log4j-jul-2.20.0.jar
640 /usr/share/wazuh-indexer/lib/lucene-analysis-common-9.7.0.jar
640 /usr/share/wazuh-indexer/lib/lucene-backward-codecs-9.7.0.jar
640 /usr/share/wazuh-indexer/lib/lucene-core-9.7.0.jar
640 /usr/share/wazuh-indexer/lib/lucene-grouping-9.7.0.jar
640 /usr/share/wazuh-indexer/lib/lucene-highlighter-9.7.0.jar
640 /usr/share/wazuh-indexer/lib/lucene-join-9.7.0.jar
640 /usr/share/wazuh-indexer/lib/lucene-memory-9.7.0.jar
640 /usr/share/wazuh-indexer/lib/lucene-misc-9.7.0.jar
640 /usr/share/wazuh-indexer/lib/lucene-queries-9.7.0.jar
640 /usr/share/wazuh-indexer/lib/lucene-queryparser-9.7.0.jar
640 /usr/share/wazuh-indexer/lib/lucene-sandbox-9.7.0.jar
640 /usr/share/wazuh-indexer/lib/lucene-spatial3d-9.7.0.jar
640 /usr/share/wazuh-indexer/lib/lucene-spatial-extras-9.7.0.jar
640 /usr/share/wazuh-indexer/lib/lucene-suggest-9.7.0.jar
640 /usr/share/wazuh-indexer/lib/opensearch-2.11.1.jar
640 /usr/share/wazuh-indexer/lib/opensearch-cli-2.11.1.jar
640 /usr/share/wazuh-indexer/lib/opensearch-common-2.11.1.jar
640 /usr/share/wazuh-indexer/lib/opensearch-compress-2.11.1.jar
640 /usr/share/wazuh-indexer/lib/opensearch-core-2.11.1.jar
640 /usr/share/wazuh-indexer/lib/opensearch-geo-2.11.1.jar
640 /usr/share/wazuh-indexer/lib/opensearch-launchers-2.11.1.jar
640 /usr/share/wazuh-indexer/lib/opensearch-plugin-classloader-2.11.1.jar
640 /usr/share/wazuh-indexer/lib/opensearch-secure-sm-2.11.1.jar
640 /usr/share/wazuh-indexer/lib/opensearch-telemetry-2.11.1.jar
640 /usr/share/wazuh-indexer/lib/opensearch-x-content-2.11.1.jar
640 /usr/share/wazuh-indexer/lib/protobuf-java-3.22.3.jar
640 /usr/share/wazuh-indexer/lib/snakeyaml-2.1.jar
640 /usr/share/wazuh-indexer/lib/spatial4j-0.7.jar
640 /usr/share/wazuh-indexer/lib/t-digest-3.2.jar
640 /usr/share/wazuh-indexer/lib/tools/keystore-cli/keystore-cli-2.11.1.jar
640 /usr/share/wazuh-indexer/lib/tools/plugin-cli/bc-fips-1.0.2.3.jar
640 /usr/share/wazuh-indexer/lib/tools/plugin-cli/bcpg-fips-1.0.7.1.jar
640 /usr/share/wazuh-indexer/lib/tools/plugin-cli/commons-compress-1.24.0.jar
640 /usr/share/wazuh-indexer/lib/tools/plugin-cli/opensearch-plugin-cli-2.11.1.jar
640 /usr/share/wazuh-indexer/lib/tools/upgrade-cli/jackson-annotations-2.15.2.jar
640 /usr/share/wazuh-indexer/lib/tools/upgrade-cli/jackson-core-2.15.2.jar
640 /usr/share/wazuh-indexer/lib/tools/upgrade-cli/jackson-databind-2.15.2.jar
640 /usr/share/wazuh-indexer/lib/tools/upgrade-cli/opensearch-upgrade-cli-2.11.1.jar
640 /usr/share/wazuh-indexer/lib/zstd-jni-1.5.5-5.jar
640 /usr/share/wazuh-indexer/LICENSE.txt
640 /usr/share/wazuh-indexer/modules/aggs-matrix-stats/aggs-matrix-stats-client-2.11.1.jar
640 /usr/share/wazuh-indexer/modules/aggs-matrix-stats/plugin-descriptor.properties
640 /usr/share/wazuh-indexer/modules/analysis-common/analysis-common-2.11.1.jar
640 /usr/share/wazuh-indexer/modules/analysis-common/plugin-descriptor.properties
640 /usr/share/wazuh-indexer/modules/geo/geo-2.11.1.jar
640 /usr/share/wazuh-indexer/modules/geo/plugin-descriptor.properties
640 /usr/share/wazuh-indexer/modules/ingest-common/ingest-common-2.11.1.jar
640 /usr/share/wazuh-indexer/modules/ingest-common/jcodings-1.0.58.jar
640 /usr/share/wazuh-indexer/modules/ingest-common/joni-2.2.1.jar
640 /usr/share/wazuh-indexer/modules/ingest-common/opensearch-dissect-2.11.1.jar
640 /usr/share/wazuh-indexer/modules/ingest-common/opensearch-grok-2.11.1.jar
640 /usr/share/wazuh-indexer/modules/ingest-common/plugin-descriptor.properties
640 /usr/share/wazuh-indexer/modules/ingest-geoip/geoip2-4.1.0.jar
640 /usr/share/wazuh-indexer/modules/ingest-geoip/GeoLite2-ASN.mmdb
640 /usr/share/wazuh-indexer/modules/ingest-geoip/GeoLite2-City.mmdb
640 /usr/share/wazuh-indexer/modules/ingest-geoip/GeoLite2-Country.mmdb
640 /usr/share/wazuh-indexer/modules/ingest-geoip/ingest-geoip-2.11.1.jar
640 /usr/share/wazuh-indexer/modules/ingest-geoip/jackson-annotations-2.15.2.jar
640 /usr/share/wazuh-indexer/modules/ingest-geoip/jackson-databind-2.15.2.jar
640 /usr/share/wazuh-indexer/modules/ingest-geoip/maxmind-db-3.0.0.jar
640 /usr/share/wazuh-indexer/modules/ingest-geoip/plugin-descriptor.properties
640 /usr/share/wazuh-indexer/modules/ingest-geoip/plugin-security.policy
640 /usr/share/wazuh-indexer/modules/ingest-user-agent/ingest-user-agent-2.11.1.jar
640 /usr/share/wazuh-indexer/modules/ingest-user-agent/plugin-descriptor.properties
640 /usr/share/wazuh-indexer/modules/lang-expression/antlr4-runtime-4.11.1.jar
640 /usr/share/wazuh-indexer/modules/lang-expression/asm-9.6.jar
640 /usr/share/wazuh-indexer/modules/lang-expression/asm-commons-9.6.jar
640 /usr/share/wazuh-indexer/modules/lang-expression/asm-tree-9.6.jar
640 /usr/share/wazuh-indexer/modules/lang-expression/lang-expression-2.11.1.jar
640 /usr/share/wazuh-indexer/modules/lang-expression/lucene-expressions-9.7.0.jar
640 /usr/share/wazuh-indexer/modules/lang-expression/plugin-descriptor.properties
640 /usr/share/wazuh-indexer/modules/lang-expression/plugin-security.policy
640 /usr/share/wazuh-indexer/modules/lang-mustache/compiler-0.9.10.jar
640 /usr/share/wazuh-indexer/modules/lang-mustache/lang-mustache-client-2.11.1.jar
640 /usr/share/wazuh-indexer/modules/lang-mustache/plugin-descriptor.properties
640 /usr/share/wazuh-indexer/modules/lang-mustache/plugin-security.policy
640 /usr/share/wazuh-indexer/modules/lang-painless/antlr4-runtime-4.11.1.jar
640 /usr/share/wazuh-indexer/modules/lang-painless/asm-9.6.jar
640 /usr/share/wazuh-indexer/modules/lang-painless/asm-analysis-9.6.jar
640 /usr/share/wazuh-indexer/modules/lang-painless/asm-commons-9.6.jar
640 /usr/share/wazuh-indexer/modules/lang-painless/asm-tree-9.6.jar
640 /usr/share/wazuh-indexer/modules/lang-painless/asm-util-9.6.jar
640 /usr/share/wazuh-indexer/modules/lang-painless/lang-painless-2.11.1.jar
640 /usr/share/wazuh-indexer/modules/lang-painless/opensearch-scripting-painless-spi-2.11.1.jar
640 /usr/share/wazuh-indexer/modules/lang-painless/plugin-descriptor.properties
640 /usr/share/wazuh-indexer/modules/lang-painless/plugin-security.policy
640 /usr/share/wazuh-indexer/modules/mapper-extras/mapper-extras-client-2.11.1.jar
640 /usr/share/wazuh-indexer/modules/mapper-extras/plugin-descriptor.properties
640 /usr/share/wazuh-indexer/modules/opensearch-dashboards/commons-codec-1.15.jar
640 /usr/share/wazuh-indexer/modules/opensearch-dashboards/commons-logging-1.2.jar
640 /usr/share/wazuh-indexer/modules/opensearch-dashboards/httpasyncclient-4.1.5.jar
640 /usr/share/wazuh-indexer/modules/opensearch-dashboards/httpclient-4.5.14.jar
640 /usr/share/wazuh-indexer/modules/opensearch-dashboards/httpcore-4.4.16.jar
640 /usr/share/wazuh-indexer/modules/opensearch-dashboards/httpcore-nio-4.4.16.jar
640 /usr/share/wazuh-indexer/modules/opensearch-dashboards/opensearch-dashboards-2.11.1.jar
640 /usr/share/wazuh-indexer/modules/opensearch-dashboards/opensearch-rest-client-2.11.1.jar
640 /usr/share/wazuh-indexer/modules/opensearch-dashboards/opensearch-ssl-config-2.11.1.jar
640 /usr/share/wazuh-indexer/modules/opensearch-dashboards/plugin-descriptor.properties
640 /usr/share/wazuh-indexer/modules/opensearch-dashboards/reindex-client-2.11.1.jar
640 /usr/share/wazuh-indexer/modules/parent-join/parent-join-client-2.11.1.jar
640 /usr/share/wazuh-indexer/modules/parent-join/plugin-descriptor.properties
640 /usr/share/wazuh-indexer/modules/percolator/percolator-client-2.11.1.jar
640 /usr/share/wazuh-indexer/modules/percolator/plugin-descriptor.properties
640 /usr/share/wazuh-indexer/modules/rank-eval/plugin-descriptor.properties
640 /usr/share/wazuh-indexer/modules/rank-eval/rank-eval-client-2.11.1.jar
640 /usr/share/wazuh-indexer/modules/reindex/commons-codec-1.15.jar
640 /usr/share/wazuh-indexer/modules/reindex/commons-logging-1.2.jar
640 /usr/share/wazuh-indexer/modules/reindex/httpasyncclient-4.1.5.jar
640 /usr/share/wazuh-indexer/modules/reindex/httpclient-4.5.14.jar
640 /usr/share/wazuh-indexer/modules/reindex/httpcore-4.4.16.jar
640 /usr/share/wazuh-indexer/modules/reindex/httpcore-nio-4.4.16.jar
640 /usr/share/wazuh-indexer/modules/reindex/opensearch-rest-client-2.11.1.jar
640 /usr/share/wazuh-indexer/modules/reindex/opensearch-ssl-config-2.11.1.jar
640 /usr/share/wazuh-indexer/modules/reindex/parent-join/plugin-descriptor.properties
640 /usr/share/wazuh-indexer/modules/reindex/plugin-descriptor.properties
640 /usr/share/wazuh-indexer/modules/reindex/plugin-security.policy
640 /usr/share/wazuh-indexer/modules/reindex/reindex-client-2.11.1.jar
640 /usr/share/wazuh-indexer/modules/reindex/transport-netty4/plugin-descriptor.properties
640 /usr/share/wazuh-indexer/modules/reindex/transport-netty4/plugin-security.policy
640 /usr/share/wazuh-indexer/modules/repository-url/plugin-descriptor.properties
640 /usr/share/wazuh-indexer/modules/repository-url/plugin-security.policy
640 /usr/share/wazuh-indexer/modules/repository-url/repository-url-2.11.1.jar
640 /usr/share/wazuh-indexer/modules/search-pipeline-common/plugin-descriptor.properties
640 /usr/share/wazuh-indexer/modules/search-pipeline-common/search-pipeline-common-2.11.1.jar
640 /usr/share/wazuh-indexer/modules/systemd/plugin-descriptor.properties
640 /usr/share/wazuh-indexer/modules/systemd/plugin-security.policy
640 /usr/share/wazuh-indexer/modules/systemd/systemd-2.11.1.jar
640 /usr/share/wazuh-indexer/modules/transport-netty4/netty-buffer-4.1.100.Final.jar
640 /usr/share/wazuh-indexer/modules/transport-netty4/netty-codec-4.1.100.Final.jar
640 /usr/share/wazuh-indexer/modules/transport-netty4/netty-codec-http-4.1.100.Final.jar
640 /usr/share/wazuh-indexer/modules/transport-netty4/netty-common-4.1.100.Final.jar
640 /usr/share/wazuh-indexer/modules/transport-netty4/netty-handler-4.1.100.Final.jar
640 /usr/share/wazuh-indexer/modules/transport-netty4/netty-resolver-4.1.100.Final.jar
640 /usr/share/wazuh-indexer/modules/transport-netty4/netty-transport-4.1.100.Final.jar
640 /usr/share/wazuh-indexer/modules/transport-netty4/netty-transport-native-unix-common-4.1.100.Final.jar
640 /usr/share/wazuh-indexer/modules/transport-netty4/plugin-descriptor.properties
640 /usr/share/wazuh-indexer/modules/transport-netty4/plugin-security.policy
640 /usr/share/wazuh-indexer/modules/transport-netty4/transport-netty4-client-2.11.1.jar
640 /usr/share/wazuh-indexer/NOTICE.txt
640 /usr/share/wazuh-indexer/performance-analyzer-rca/config/agent-stats-metadata
640 /usr/share/wazuh-indexer/performance-analyzer-rca/config/log4j2.xml
640 /usr/share/wazuh-indexer/performance-analyzer-rca/config/opensearch_security.policy
640 /usr/share/wazuh-indexer/performance-analyzer-rca/config/performance-analyzer.properties
640 /usr/share/wazuh-indexer/performance-analyzer-rca/config/plugin-stats-metadata
640 /usr/share/wazuh-indexer/performance-analyzer-rca/config/rca_cluster_manager.conf
640 /usr/share/wazuh-indexer/performance-analyzer-rca/config/rca.conf
640 /usr/share/wazuh-indexer/performance-analyzer-rca/config/rca_idle_cluster_manager.conf
640 /usr/share/wazuh-indexer/performance-analyzer-rca/config/supervisord.conf
640 /usr/share/wazuh-indexer/performance-analyzer-rca/lib/animal-sniffer-annotations-1.23.jar
640 /usr/share/wazuh-indexer/performance-analyzer-rca/lib/annotations-4.1.1.4.jar
640 /usr/share/wazuh-indexer/performance-analyzer-rca/lib/bcpkix-jdk15to18-1.74.jar
640 /usr/share/wazuh-indexer/performance-analyzer-rca/lib/bcprov-jdk15to18-1.74.jar
640 /usr/share/wazuh-indexer/performance-analyzer-rca/lib/bcutil-jdk15to18-1.74.jar
640 /usr/share/wazuh-indexer/performance-analyzer-rca/lib/byte-buddy-1.9.0.jar
640 /usr/share/wazuh-indexer/performance-analyzer-rca/lib/byte-buddy-agent-1.9.0.jar
640 /usr/share/wazuh-indexer/performance-analyzer-rca/lib/checker-qual-3.33.0.jar
640 /usr/share/wazuh-indexer/performance-analyzer-rca/lib/commons-io-2.7.jar
640 /usr/share/wazuh-indexer/performance-analyzer-rca/lib/commons-lang3-3.13.0.jar
640 /usr/share/wazuh-indexer/performance-analyzer-rca/lib/error_prone_annotations-2.18.0.jar
640 /usr/share/wazuh-indexer/performance-analyzer-rca/lib/failureaccess-1.0.1.jar
640 /usr/share/wazuh-indexer/performance-analyzer-rca/lib/grpc-api-1.56.1.jar
640 /usr/share/wazuh-indexer/performance-analyzer-rca/lib/grpc-context-1.56.1.jar
640 /usr/share/wazuh-indexer/performance-analyzer-rca/lib/grpc-core-1.56.1.jar
640 /usr/share/wazuh-indexer/performance-analyzer-rca/lib/grpc-netty-1.56.1.jar
640 /usr/share/wazuh-indexer/performance-analyzer-rca/lib/grpc-protobuf-1.56.1.jar
640 /usr/share/wazuh-indexer/performance-analyzer-rca/lib/grpc-protobuf-lite-1.56.1.jar
640 /usr/share/wazuh-indexer/performance-analyzer-rca/lib/grpc-stub-1.52.1.jar
640 /usr/share/wazuh-indexer/performance-analyzer-rca/lib/gson-2.10.1.jar
640 /usr/share/wazuh-indexer/performance-analyzer-rca/lib/guava-32.1.1-jre.jar
640 /usr/share/wazuh-indexer/performance-analyzer-rca/lib/jackson-annotations-2.15.2.jar
640 /usr/share/wazuh-indexer/performance-analyzer-rca/lib/jackson-core-2.15.2.jar
640 /usr/share/wazuh-indexer/performance-analyzer-rca/lib/jackson-databind-2.15.2.jar
640 /usr/share/wazuh-indexer/performance-analyzer-rca/lib/jakarta.activation-2.0.0.jar
640 /usr/share/wazuh-indexer/performance-analyzer-rca/lib/jakarta.annotation-api-1.3.5.jar
640 /usr/share/wazuh-indexer/performance-analyzer-rca/lib/jakarta.xml.bind-api-3.0.0.jar
640 /usr/share/wazuh-indexer/performance-analyzer-rca/lib/jooq-3.16.20.jar
640 /usr/share/wazuh-indexer/performance-analyzer-rca/lib/jsr305-3.0.2.jar
640 /usr/share/wazuh-indexer/performance-analyzer-rca/lib/log4j-api-2.20.0.jar
640 /usr/share/wazuh-indexer/performance-analyzer-rca/lib/log4j-core-2.20.0.jar
640 /usr/share/wazuh-indexer/performance-analyzer-rca/lib/mockito-core-2.23.0.jar
640 /usr/share/wazuh-indexer/performance-analyzer-rca/lib/netty-buffer-4.1.100.Final.jar
640 /usr/share/wazuh-indexer/performance-analyzer-rca/lib/netty-codec-4.1.100.Final.jar
640 /usr/share/wazuh-indexer/performance-analyzer-rca/lib/netty-codec-http2-4.1.100.Final.jar
640 /usr/share/wazuh-indexer/performance-analyzer-rca/lib/netty-codec-http-4.1.100.Final.jar
640 /usr/share/wazuh-indexer/performance-analyzer-rca/lib/netty-codec-socks-4.1.100.Final.jar
640 /usr/share/wazuh-indexer/performance-analyzer-rca/lib/netty-common-4.1.100.Final.jar
640 /usr/share/wazuh-indexer/performance-analyzer-rca/lib/netty-handler-4.1.100.Final.jar
640 /usr/share/wazuh-indexer/performance-analyzer-rca/lib/netty-handler-proxy-4.1.100.Final.jar
640 /usr/share/wazuh-indexer/performance-analyzer-rca/lib/netty-resolver-4.1.100.Final.jar
640 /usr/share/wazuh-indexer/performance-analyzer-rca/lib/netty-transport-4.1.100.Final.jar
640 /usr/share/wazuh-indexer/performance-analyzer-rca/lib/netty-transport-native-unix-common-4.1.100.Final.jar
640 /usr/share/wazuh-indexer/performance-analyzer-rca/lib/objenesis-2.6.jar
640 /usr/share/wazuh-indexer/performance-analyzer-rca/lib/perfmark-api-0.26.0.jar
640 /usr/share/wazuh-indexer/performance-analyzer-rca/lib/performance-analyzer-commons-1.2.0.jar
640 /usr/share/wazuh-indexer/performance-analyzer-rca/lib/performance-analyzer-rca-2.11.1.0.jar
640 /usr/share/wazuh-indexer/performance-analyzer-rca/lib/protobuf-java-3.22.3.jar
640 /usr/share/wazuh-indexer/performance-analyzer-rca/lib/proto-google-common-protos-2.17.0.jar
640 /usr/share/wazuh-indexer/performance-analyzer-rca/lib/r2dbc-spi-0.9.0.RELEASE.jar
640 /usr/share/wazuh-indexer/performance-analyzer-rca/lib/reactive-streams-1.0.3.jar
640 /usr/share/wazuh-indexer/performance-analyzer-rca/lib/sqlite-jdbc-3.41.2.2.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-alerting/alerting-core-2.11.1.0.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-alerting/annotations-13.0.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-alerting/checker-qual-3.33.0.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-alerting/commons-beanutils-1.9.4.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-alerting/commons-codec-1.13.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-alerting/commons-collections-3.2.2.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-alerting/commons-digester-2.1.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-alerting/commons-logging-1.2.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-alerting/commons-validator-1.7.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-alerting/common-utils-2.11.1.0.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-alerting/cron-utils-9.1.6.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-alerting/error_prone_annotations-2.18.0.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-alerting/failureaccess-1.0.1.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-alerting/google-java-format-1.10.0.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-alerting/guava-32.0.1-jre.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-alerting/httpasyncclient-4.1.5.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-alerting/httpclient-4.5.14.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-alerting/httpcore-4.4.16.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-alerting/httpcore-nio-4.4.16.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-alerting/ipaddress-5.3.3.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-alerting/j2objc-annotations-2.8.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-alerting/javassist-3.27.0-GA.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-alerting/javax.el-3.0.0.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-alerting/jsr305-3.0.2.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-alerting/kotlin-stdlib-1.8.21.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-alerting/kotlin-stdlib-common-1.8.21.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-alerting/kotlin-stdlib-jdk7-1.8.21.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-alerting/kotlin-stdlib-jdk8-1.8.21.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-alerting/kotlinx-coroutines-core-1.1.1.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-alerting/kotlinx-coroutines-core-common-1.1.1.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-alerting/listenablefuture-9999.0-empty-to-avoid-conflict-with-guava.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-alerting/opensearch-alerting-2.11.1.0.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-alerting/opensearch-rest-client-2.11.1.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-alerting/percolator-client-2.11.1.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-alerting/plugin-descriptor.properties
640 /usr/share/wazuh-indexer/plugins/opensearch-alerting/plugin-security.policy
640 /usr/share/wazuh-indexer/plugins/opensearch-alerting/slf4j-api-1.7.30.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-anomaly-detection/commons-codec-1.15.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-anomaly-detection/commons-lang-2.6.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-anomaly-detection/commons-lang3-3.13.0.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-anomaly-detection/commons-logging-1.2.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-anomaly-detection/commons-math3-3.6.1.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-anomaly-detection/commons-pool2-2.10.0.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-anomaly-detection/common-utils-2.11.1.0.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-anomaly-detection/gson-2.8.9.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-anomaly-detection/httpasyncclient-4.1.5.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-anomaly-detection/httpclient-4.5.14.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-anomaly-detection/httpcore-4.4.16.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-anomaly-detection/httpcore-nio-4.4.16.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-anomaly-detection/jackson-annotations-2.14.1.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-anomaly-detection/jackson-databind-2.14.1.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-anomaly-detection/javassist-3.28.0-GA.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-anomaly-detection/memory-0.12.2.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-anomaly-detection/opensearch-anomaly-detection-2.11.1.0.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-anomaly-detection/opensearch-rest-client-2.11.1.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-anomaly-detection/org.jacoco.agent-0.8.5.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-anomaly-detection/org.jacoco.ant-0.8.5.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-anomaly-detection/plugin-descriptor.properties
640 /usr/share/wazuh-indexer/plugins/opensearch-anomaly-detection/plugin-security.policy
640 /usr/share/wazuh-indexer/plugins/opensearch-anomaly-detection/protostuff-api-1.8.0.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-anomaly-detection/protostuff-collectionschema-1.8.0.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-anomaly-detection/protostuff-core-1.8.0.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-anomaly-detection/protostuff-runtime-1.8.0.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-anomaly-detection/randomcutforest-core-3.8.0.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-anomaly-detection/randomcutforest-parkservices-3.8.0.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-anomaly-detection/randomcutforest-serialization-3.8.0.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-anomaly-detection/sketches-core-0.13.4.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-asynchronous-search/common-utils-2.11.1.0.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-asynchronous-search/opensearch-asynchronous-search-2.11.1.0.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-asynchronous-search/plugin-descriptor.properties
640 /usr/share/wazuh-indexer/plugins/opensearch-asynchronous-search/plugin-security.policy
640 /usr/share/wazuh-indexer/plugins/opensearch-cross-cluster-replication/annotations-13.0.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-cross-cluster-replication/common-utils-2.11.1.0.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-cross-cluster-replication/ipaddress-5.3.3.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-cross-cluster-replication/kotlin-stdlib-1.8.21.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-cross-cluster-replication/kotlin-stdlib-common-1.8.21.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-cross-cluster-replication/kotlin-stdlib-jdk7-1.8.21.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-cross-cluster-replication/kotlin-stdlib-jdk8-1.8.21.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-cross-cluster-replication/kotlinx-coroutines-core-jvm-1.6.0.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-cross-cluster-replication/opensearch-cross-cluster-replication-2.11.1.0.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-cross-cluster-replication/plugin-descriptor.properties
640 /usr/share/wazuh-indexer/plugins/opensearch-geospatial/commons-csv-1.10.0.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-geospatial/commons-lang3-3.13.0.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-geospatial/geo-2.11.1.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-geospatial/h3-2.11.1.0.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-geospatial/ipaddress-5.4.0.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-geospatial/LICENSE.txt
640 /usr/share/wazuh-indexer/plugins/opensearch-geospatial/NOTICE.txt
640 /usr/share/wazuh-indexer/plugins/opensearch-geospatial/opensearch-geospatial-2.11.1.0.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-geospatial/plugin-descriptor.properties
640 /usr/share/wazuh-indexer/plugins/opensearch-geospatial/plugin-security.policy
640 /usr/share/wazuh-indexer/plugins/opensearch-index-management/annotations-13.0.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-index-management/commons-codec-1.13.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-index-management/common-utils-2.11.1.0.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-index-management/httpclient-4.5.14.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-index-management/httpcore-4.4.16.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-index-management/ipaddress-5.3.3.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-index-management/kotlin-stdlib-1.8.21.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-index-management/kotlin-stdlib-common-1.8.21.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-index-management/kotlin-stdlib-jdk7-1.8.21.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-index-management/kotlinx-coroutines-core-jvm-1.3.9.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-index-management/LICENSE.txt
640 /usr/share/wazuh-indexer/plugins/opensearch-index-management/NOTICE.txt
640 /usr/share/wazuh-indexer/plugins/opensearch-index-management/opensearch-index-management-2.11.1.0.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-index-management/opensearch-index-management-spi-2.11.1.0.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-index-management/plugin-descriptor.properties
640 /usr/share/wazuh-indexer/plugins/opensearch-index-management/plugin-security.policy
640 /usr/share/wazuh-indexer/plugins/opensearch-job-scheduler/failureaccess-1.0.1.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-job-scheduler/google-java-format-1.17.0.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-job-scheduler/guava-32.1.2-jre.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-job-scheduler/opensearch-job-scheduler-2.11.1.0.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-job-scheduler/opensearch-job-scheduler-spi-2.11.1.0.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-job-scheduler/plugin-descriptor.properties
640 /usr/share/wazuh-indexer/plugins/opensearch-knn/commons-lang-2.6.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-knn/failureaccess-1.0.1.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-knn/guava-32.0.1-jre.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-knn/LICENSE.txt
640 /usr/share/wazuh-indexer/plugins/opensearch-knn/NOTICE.txt
640 /usr/share/wazuh-indexer/plugins/opensearch-knn/opensearch-knn-2.11.1.0.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-knn/plugin-descriptor.properties
640 /usr/share/wazuh-indexer/plugins/opensearch-knn/plugin-security.policy
640 /usr/share/wazuh-indexer/plugins/opensearch-ml/accessors-smart-2.4.9.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-ml/annotations-2.20.19.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-ml/apache-client-2.20.19.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-ml/api-0.21.0.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-ml/asm-9.3.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-ml/auth-2.20.19.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-ml/aws-encryption-sdk-java-2.4.1.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-ml/bcprov-ext-jdk18on-1.75.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-ml/checker-qual-3.33.0.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-ml/commons-beanutils-1.9.4.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-ml/commons-codec-1.15.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-ml/commons-collections-3.2.2.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-ml/commons-collections4-4.4.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-ml/commons-compress-1.22.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-ml/commons-io-2.11.0.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-ml/commons-lang3-3.10.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-ml/commons-logging-1.2.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-ml/commons-math3-3.6.1.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-ml/commons-text-1.10.0.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-ml/common-utils-2.11.1.0.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-ml/endpoints-spi-2.20.19.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-ml/error_prone_annotations-2.18.0.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-ml/eventstream-1.0.1.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-ml/failureaccess-1.0.1.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-ml/gson-2.10.1.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-ml/guava-32.0.1-jre.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-ml/httpasyncclient-4.1.5.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-ml/httpclient-4.5.14.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-ml/http-client-spi-2.20.19.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-ml/httpcore-4.4.15.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-ml/httpcore5-5.2.1.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-ml/httpcore-nio-4.4.16.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-ml/j2objc-annotations-2.8.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-ml/jackson-annotations-2.15.2.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-ml/jackson-databind-2.15.2.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-ml/jansi-2.4.0.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-ml/javassist-3.26.0-GA.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-ml/jline-builtins-3.21.0.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-ml/jline-reader-3.21.0.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-ml/jline-style-3.21.0.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-ml/jline-terminal-3.21.0.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-ml/jline-terminal-jansi-3.21.0.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-ml/json-20231013.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-ml/json-path-2.8.0.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-ml/json-smart-2.4.10.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-ml/json-utils-2.20.19.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-ml/jsr305-3.0.2.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-ml/libsvm-3.25.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-ml/listenablefuture-9999.0-empty-to-avoid-conflict-with-guava.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-ml/log4j-slf4j-impl-2.19.0.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-ml/metrics-spi-2.20.19.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-ml/olcut-config-protobuf-5.2.1.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-ml/olcut-core-5.2.1.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-ml/onnxruntime-engine-0.21.0.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-ml/onnxruntime_gpu-1.14.0.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-ml/opencsv-5.4.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-ml/opensearch-ml-2.11.1.0.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-ml/opensearch-ml-algorithms-2.11.1.0.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-ml/opensearch-ml-common-2.11.1.0.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-ml/opensearch-ml-memory-2.11.1.0.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-ml/opensearch-ml-search-processors-2.11.1.0.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-ml/opensearch-rest-client-2.11.1.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-ml/plugin-descriptor.properties
640 /usr/share/wazuh-indexer/plugins/opensearch-ml/plugin-security.policy
640 /usr/share/wazuh-indexer/plugins/opensearch-ml/profiles-2.20.19.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-ml/protostuff-api-1.8.0.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-ml/protostuff-collectionschema-1.8.0.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-ml/protostuff-core-1.8.0.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-ml/protostuff-runtime-1.8.0.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-ml/pytorch-engine-0.21.0.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-ml/pytorch-model-zoo-0.21.0.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-ml/randomcutforest-core-3.0-rc3.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-ml/randomcutforest-parkservices-3.0-rc3.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-ml/randomcutforest-testutils-3.0-rc3.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-ml/reactive-streams-1.0.3.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-ml/reflections-0.9.12.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-ml/regions-2.20.19.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-ml/sdk-core-2.20.19.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-ml/slf4j-api-1.7.36.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-ml/third-party-jackson-core-2.20.19.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-ml/tokenizers-0.21.0.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-ml/tribuo-anomaly-core-4.2.1.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-ml/tribuo-anomaly-libsvm-4.2.1.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-ml/tribuo-classification-core-4.2.1.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-ml/tribuo-classification-sgd-4.2.1.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-ml/tribuo-clustering-core-4.2.1.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-ml/tribuo-clustering-kmeans-4.2.1.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-ml/tribuo-common-libsvm-4.2.1.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-ml/tribuo-common-sgd-4.2.1.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-ml/tribuo-common-tree-4.2.1.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-ml/tribuo-core-4.2.1.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-ml/tribuo-data-4.2.1.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-ml/tribuo-math-4.2.1.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-ml/tribuo-regression-core-4.2.1.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-ml/tribuo-regression-sgd-4.2.1.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-ml/tribuo-util-infotheory-4.2.1.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-ml/tribuo-util-onnx-4.2.1.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-ml/tribuo-util-tokenization-4.2.1.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-ml/utils-2.20.19.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-neural-search/commons-lang3-3.10.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-neural-search/commons-text-1.10.0.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-neural-search/common-utils-2.11.1.0.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-neural-search/gson-2.10.1.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-neural-search/javassist-3.29.2-GA.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-neural-search/json-20230227.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-neural-search/LICENSE.txt
640 /usr/share/wazuh-indexer/plugins/opensearch-neural-search/NOTICE.txt
640 /usr/share/wazuh-indexer/plugins/opensearch-neural-search/opensearch-ml-client-2.11.1.0.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-neural-search/opensearch-neural-search-2.11.1.0.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-neural-search/plugin-descriptor.properties
640 /usr/share/wazuh-indexer/plugins/opensearch-neural-search/plugin-security.policy
640 /usr/share/wazuh-indexer/plugins/opensearch-neural-search/reflections-0.9.12.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-notifications/common-utils-2.11.1.0.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-notifications-core/activation-1.1.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-notifications-core/aws-java-sdk-core-1.12.48.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-notifications-core/aws-java-sdk-ses-1.12.48.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-notifications-core/aws-java-sdk-sns-1.12.48.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-notifications-core/aws-java-sdk-sts-1.12.48.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-notifications-core/commons-logging-1.2.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-notifications-core/httpclient-4.5.14.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-notifications-core/httpcore-4.4.16.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-notifications-core/jackson-annotations-2.15.2.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-notifications-core/jackson-databind-2.15.2.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-notifications-core/javax.mail-1.6.2.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-notifications-core/kotlin-stdlib-1.8.21.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-notifications-core/kotlin-stdlib-common-1.8.21.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-notifications-core/opensearch-notifications-core-2.11.1.0.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-notifications-core/opensearch-notifications-core-spi-2.11.1.0.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-notifications-core/plugin-descriptor.properties
640 /usr/share/wazuh-indexer/plugins/opensearch-notifications-core/plugin-security.policy
640 /usr/share/wazuh-indexer/plugins/opensearch-notifications/kotlin-stdlib-common-1.8.21.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-notifications/kotlinx-coroutines-core-jvm-1.4.3.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-notifications/opensearch-notifications-2.11.1.0.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-notifications/plugin-descriptor.properties
640 /usr/share/wazuh-indexer/plugins/opensearch-notifications/plugin-security.policy
640 /usr/share/wazuh-indexer/plugins/opensearch-observability/common-utils-2.11.1.0.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-observability/jackson-annotations-2.14.1.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-observability/jackson-databind-2.14.1.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-observability/json-20231013.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-observability/json-base-2.2.1.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-observability/json-flattener-0.15.1.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-observability/kotlin-stdlib-1.8.21.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-observability/kotlin-stdlib-common-1.8.21.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-observability/kotlinx-coroutines-core-jvm-1.3.9.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-observability/opensearch-observability-2.11.1.0.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-observability/plugin-descriptor.properties
640 /usr/share/wazuh-indexer/plugins/opensearch-observability/plugin-security.policy
640 /usr/share/wazuh-indexer/plugins/opensearch-performance-analyzer/bcpkix-jdk15on-1.70.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-performance-analyzer/bcprov-jdk15to18-1.75.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-performance-analyzer/byte-buddy-1.9.7.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-performance-analyzer/byte-buddy-agent-1.9.7.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-performance-analyzer/checker-qual-3.29.0.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-performance-analyzer/commons-lang3-3.13.0.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-performance-analyzer/error_prone_annotations-2.9.0.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-performance-analyzer/failureaccess-1.0.1.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-performance-analyzer/gson-2.9.0.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-performance-analyzer/guava-32.1.1-jre.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-performance-analyzer/jackson-annotations-2.15.2.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-performance-analyzer/jackson-databind-2.15.2.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-performance-analyzer/jackson-module-paranamer-2.15.2.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-performance-analyzer/jooq-3.10.8.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-performance-analyzer/jsr305-3.0.2.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-performance-analyzer/mockito-core-2.23.0.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-performance-analyzer/netty-buffer-4.1.100.Final.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-performance-analyzer/netty-codec-4.1.100.Final.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-performance-analyzer/netty-codec-http2-4.1.100.Final.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-performance-analyzer/netty-codec-http-4.1.100.Final.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-performance-analyzer/netty-codec-socks-4.1.100.Final.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-performance-analyzer/netty-common-4.1.100.Final.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-performance-analyzer/netty-handler-4.1.100.Final.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-performance-analyzer/netty-handler-proxy-4.1.100.Final.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-performance-analyzer/netty-resolver-4.1.100.Final.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-performance-analyzer/netty-transport-4.1.100.Final.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-performance-analyzer/netty-transport-native-unix-common-4.1.100.Final.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-performance-analyzer/objenesis-3.0.1.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-performance-analyzer/opensearch-performance-analyzer-2.11.1.0.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-performance-analyzer/performance-analyzer-commons-1.2.0.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-performance-analyzer/plugin-descriptor.properties
640 /usr/share/wazuh-indexer/plugins/opensearch-performance-analyzer/plugin-security.policy
640 /usr/share/wazuh-indexer/plugins/opensearch-reports-scheduler/common-utils-2.11.1.0.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-reports-scheduler/gson-2.8.9.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-reports-scheduler/jackson-annotations-2.14.1.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-reports-scheduler/jackson-databind-2.14.1.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-reports-scheduler/json-20231013.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-reports-scheduler/json-base-2.2.1.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-reports-scheduler/json-flattener-0.15.1.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-reports-scheduler/jsoup-1.15.3.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-reports-scheduler/kotlin-stdlib-1.8.21.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-reports-scheduler/kotlin-stdlib-common-1.8.21.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-reports-scheduler/kotlin-test-1.8.21.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-reports-scheduler/kotlinx-coroutines-core-jvm-1.3.9.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-reports-scheduler/opensearch-reports-scheduler-2.11.1.0.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-reports-scheduler/plugin-descriptor.properties
640 /usr/share/wazuh-indexer/plugins/opensearch-reports-scheduler/plugin-security.policy
640 /usr/share/wazuh-indexer/plugins/opensearch-security/accessors-smart-2.4.7.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-security/aggs-matrix-stats-client-2.11.1.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-security-analytics/antlr4-runtime-4.10.1.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-security-analytics/commons-codec-1.15.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-security-analytics/commons-lang3-3.13.0.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-security-analytics/commons-logging-1.2.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-security-analytics/common-utils-2.11.1.0.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-security-analytics/cron-utils-9.1.6.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-security-analytics/google-java-format-1.17.0.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-security-analytics/guava-32.0.1-jre.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-security-analytics/httpasyncclient-4.1.5.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-security-analytics/httpclient-4.5.14.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-security-analytics/httpcore-4.4.16.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-security-analytics/httpcore-nio-4.4.16.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-security-analytics/kotlin-stdlib-1.6.10.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-security-analytics/opensearch-rest-client-2.11.1.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-security-analytics/opensearch-security-analytics-2.11.1.0.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-security-analytics/plugin-descriptor.properties
640 /usr/share/wazuh-indexer/plugins/opensearch-security-analytics/plugin-security.policy
640 /usr/share/wazuh-indexer/plugins/opensearch-security/asm-9.6.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-security/bcpkix-jdk15to18-1.76.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-security/bcprov-jdk15to18-1.76.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-security/checker-qual-3.38.0.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-security/commons-cli-1.5.0.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-security/commons-codec-1.16.0.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-security/commons-collections4-4.4.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-security/commons-io-2.13.0.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-security/commons-lang3-3.13.0.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-security/commons-logging-1.2.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-security/commons-text-1.10.0.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-security/compiler-0.9.10.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-security/cryptacular-1.2.5.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-security/cxf-core-4.0.3.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-security/cxf-rt-rs-json-basic-4.0.3.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-security/cxf-rt-rs-security-jose-4.0.3.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-security/cxf-rt-security-4.0.3.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-security/error_prone_annotations-2.22.0.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-security/eventbus-java-3.3.1.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-security/failureaccess-1.0.1.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-security/google-java-format-1.17.0.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-security/guava-32.1.2-jre.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-security/httpasyncclient-4.1.5.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-security/httpclient-4.5.13.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-security/httpclient-cache-4.5.13.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-security/httpcore-4.4.16.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-security/httpcore-nio-4.4.16.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-security/istack-commons-runtime-4.2.0.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-security/j2objc-annotations-2.8.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-security/jackson-annotations-2.15.2.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-security/jackson-databind-2.15.2.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-security/jakarta.activation-1.2.2.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-security/jakarta.xml.bind-api-4.0.0.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-security/java-saml-2.9.0.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-security/java-saml-core-2.9.0.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-security/java-support-7.5.1.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-security/jaxb-runtime-2.3.8.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-security/jjwt-api-0.11.5.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-security/jjwt-impl-0.11.5.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-security/jjwt-jackson-0.11.5.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-security/json-base-2.4.3.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-security/json-flattener-0.16.6.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-security/jsr305-3.0.2.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-security/kafka-clients-3.5.1.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-security/lang-mustache-client-2.11.1.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-security/ldaptive-1.2.3.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-security/log4j-slf4j-impl-2.20.0.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-security/lz4-java-1.8.0.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-security/mapper-extras-client-2.11.1.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-security/metrics-core-4.2.19.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-security/minimal-json-0.9.5.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-security/netty-buffer-4.1.100.Final.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-security/netty-codec-4.1.100.Final.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-security/netty-codec-http-4.1.100.Final.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-security/netty-common-4.1.100.Final.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-security/netty-handler-4.1.100.Final.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-security/netty-resolver-4.1.100.Final.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-security/netty-transport-4.1.100.Final.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-security/netty-transport-native-unix-common-4.1.100.Final.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-security/opensaml-core-3.4.5.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-security/opensaml-messaging-api-3.4.5.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-security/opensaml-profile-api-3.4.5.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-security/opensaml-saml-api-3.4.5.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-security/opensaml-saml-impl-3.4.5.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-security/opensaml-security-api-3.4.5.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-security/opensaml-security-impl-3.4.5.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-security/opensaml-soap-api-3.4.5.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-security/opensaml-soap-impl-3.4.5.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-security/opensaml-storage-api-3.4.5.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-security/opensaml-xmlsec-api-3.4.5.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-security/opensaml-xmlsec-impl-3.4.5.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-security/opensearch-rest-client-2.11.1.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-security/opensearch-rest-high-level-client-2.11.1.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-security/opensearch-security-2.11.1.0.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-security/parent-join-client-2.11.1.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-security/passay-1.6.4.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-security/plugin-descriptor.properties
640 /usr/share/wazuh-indexer/plugins/opensearch-security/plugin-security.policy
640 /usr/share/wazuh-indexer/plugins/opensearch-security/rank-eval-client-2.11.1.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-security/scala-java8-compat_3-1.0.2.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-security/slf4j-api-1.7.36.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-security/snappy-java-1.1.10.5.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-security/stax2-api-4.2.1.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-security/tools/config.yml
640 /usr/share/wazuh-indexer/plugins/opensearch-security/tools/SECURITY_ADMIN_TESTS.md
640 /usr/share/wazuh-indexer/plugins/opensearch-security/transport-netty4-client-2.11.1.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-security/txw2-2.3.8.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-security/woodstox-core-6.5.1.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-security/xmlschema-core-2.3.1.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-security/xmlsec-2.3.3.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-security/zjsonpatch-0.4.14.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-security/zxcvbn-1.8.2.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-sql/annotations-13.0.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-sql/antlr4-4.7.1.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-sql/antlr4-runtime-4.7.1.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-sql/antlr-runtime-3.5.2.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-sql/aws-encryption-sdk-java-2.4.1.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-sql/aws-java-sdk-core-1.12.545.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-sql/aws-java-sdk-emr-1.12.545.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-sql/aws-java-sdk-emrserverless-1.12.545.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-sql/aws-java-sdk-sts-1.12.545.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-sql/bcprov-ext-jdk18on-1.75.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-sql/checker-qual-3.33.0.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-sql/common-2.11.1.0.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-sql/commons-beanutils-1.9.4.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-sql/commons-codec-1.13.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-sql/commons-collections-3.2.2.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-sql/commons-digester-2.1.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-sql/commons-io-2.8.0.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-sql/commons-lang3-3.12.0.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-sql/commons-logging-1.2.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-sql/commons-math3-3.6.1.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-sql/commons-validator-1.7.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-sql/common-utils-2.11.1.0.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-sql/core-2.11.1.0.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-sql/datasources-2.11.1.0.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-sql/druid-1.0.15.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-sql/error_prone_annotations-2.18.0.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-sql/failureaccess-1.0.1.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-sql/geo-2.11.1.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-sql/gson-2.8.9.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-sql/guava-32.0.1-jre.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-sql/httpasyncclient-4.1.5.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-sql/httpclient-4.5.14.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-sql/httpcore-4.4.15.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-sql/httpcore-nio-4.4.16.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-sql/icu4j-58.2.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-sql/ion-java-1.0.2.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-sql/ipaddress-5.4.0.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-sql/j2objc-annotations-2.8.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-sql/jackson-annotations-2.15.2.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-sql/jackson-databind-2.15.2.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-sql/javassist-3.26.0-GA.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-sql/javax.json-1.0.4.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-sql/jmespath-java-1.12.545.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-sql/json-20230227.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-sql/jsr305-3.0.2.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-sql/kotlin-reflect-1.4.30.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-sql/kotlin-stdlib-1.9.0.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-sql/kotlin-stdlib-common-1.6.0.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-sql/kotlin-stdlib-jdk7-1.9.0.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-sql/kotlin-stdlib-jdk8-1.8.0.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-sql/legacy-2.11.1.0.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-sql/LICENSE.txt
640 /usr/share/wazuh-indexer/plugins/opensearch-sql/listenablefuture-9999.0-empty-to-avoid-conflict-with-guava.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-sql/NOTICE.txt
640 /usr/share/wazuh-indexer/plugins/opensearch-sql/okhttp-4.10.0.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-sql/okhttp-aws-signer-1.0.2.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-sql/okio-jvm-3.4.0.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-sql/opensearch-2.11.1.0.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-sql/opensearch-ml-client-2.11.1.0.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-sql/opensearch-rest-client-2.11.1.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-sql/opensearch-sql-2.11.1.0.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-sql/opensearch-ssl-config-2.11.1.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-sql/org.abego.treelayout.core-1.0.3.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-sql/parent-join-client-2.11.1.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-sql/plugin-descriptor.properties
640 /usr/share/wazuh-indexer/plugins/opensearch-sql/plugin-security.policy
640 /usr/share/wazuh-indexer/plugins/opensearch-sql/ppl-2.11.1.0.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-sql/presto-matching-0.240.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-sql/prometheus-2.11.1.0.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-sql/protocol-2.11.1.0.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-sql/reflections-0.9.12.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-sql/reindex-client-2.11.1.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-sql/resilience4j-core-1.5.0.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-sql/resilience4j-retry-1.5.0.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-sql/slf4j-api-1.7.36.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-sql/spark-2.11.1.0.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-sql/sql-2.11.1.0.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-sql/ST4-4.0.8.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-sql/vavr-0.10.2.jar
640 /usr/share/wazuh-indexer/plugins/opensearch-sql/vavr-match-0.10.2.jar
640 /usr/share/wazuh-indexer/README.md
640 /var/log/wazuh-indexer/wazuh-cluster_deprecation.json
640 /var/log/wazuh-indexer/wazuh-cluster_deprecation.log
640 /var/log/wazuh-indexer/wazuh-cluster_index_indexing_slowlog.json
640 /var/log/wazuh-indexer/wazuh-cluster_index_indexing_slowlog.log
640 /var/log/wazuh-indexer/wazuh-cluster_index_search_slowlog.json
640 /var/log/wazuh-indexer/wazuh-cluster_index_search_slowlog.log
640 /var/log/wazuh-indexer/wazuh-cluster.log
640 /var/log/wazuh-indexer/wazuh-cluster_server.json
640 /var/log/wazuh-indexer/wazuh-cluster_task_detailslog.json
640 /var/log/wazuh-indexer/wazuh-cluster_task_detailslog.log
644 /var/log/wazuh-indexer/gc.log
644 /var/log/wazuh-indexer/gc.log.00
644 /var/log/wazuh-indexer/install_demo_configuration.log
660 /etc/wazuh-indexer/jvm.options
660 /etc/wazuh-indexer/log4j2.properties
660 /etc/wazuh-indexer/opensearch.keystore
660 /etc/wazuh-indexer/opensearch-observability/observability.yml
660 /etc/wazuh-indexer/opensearch-reports-scheduler/reports-scheduler.yml
660 /etc/wazuh-indexer/opensearch.yml
660 /etc/wazuh-indexer/wazuh-template.json
740 /usr/share/wazuh-indexer/plugins/opensearch-security/tools/audit_config_migrater.sh
740 /usr/share/wazuh-indexer/plugins/opensearch-security/tools/hash.sh
740 /usr/share/wazuh-indexer/plugins/opensearch-security/tools/securityadmin.sh
740 /usr/share/wazuh-indexer/plugins/opensearch-security/tools/wazuh-certs-tool.sh
740 /usr/share/wazuh-indexer/plugins/opensearch-security/tools/wazuh-passwords-tool.sh
750 /etc/wazuh-indexer
750 /etc/wazuh-indexer/jvm.options.d
750 /etc/wazuh-indexer/opensearch-notifications
750 /etc/wazuh-indexer/opensearch-notifications-core
750 /etc/wazuh-indexer/opensearch-observability
750 /etc/wazuh-indexer/opensearch-performance-analyzer
750 /etc/wazuh-indexer/opensearch-reports-scheduler
750 /etc/wazuh-indexer/opensearch-security
750 /usr/share/wazuh-indexer
750 /usr/share/wazuh-indexer/bin
750 /usr/share/wazuh-indexer/bin/indexer-init.sh
750 /usr/share/wazuh-indexer/bin/indexer-ism-init.sh
750 /usr/share/wazuh-indexer/bin/indexer-security-init.sh
750 /usr/share/wazuh-indexer/bin/opensearch
750 /usr/share/wazuh-indexer/bin/opensearch-cli
750 /usr/share/wazuh-indexer/bin/opensearch-env
750 /usr/share/wazuh-indexer/bin/opensearch-env-from-file
750 /usr/share/wazuh-indexer/bin/opensearch-keystore
750 /usr/share/wazuh-indexer/bin/opensearch-node
750 /usr/share/wazuh-indexer/bin/opensearch-performance-analyzer
750 /usr/share/wazuh-indexer/bin/opensearch-performance-analyzer/performance-analyzer-agent
750 /usr/share/wazuh-indexer/bin/opensearch-performance-analyzer/performance-analyzer-agent-cli
750 /usr/share/wazuh-indexer/bin/opensearch-plugin
750 /usr/share/wazuh-indexer/bin/opensearch-shard
750 /usr/share/wazuh-indexer/bin/opensearch-upgrade
750 /usr/share/wazuh-indexer/bin/systemd-entrypoint
750 /usr/share/wazuh-indexer/jdk
750 /usr/share/wazuh-indexer/jdk/bin
750 /usr/share/wazuh-indexer/jdk/bin/jar
750 /usr/share/wazuh-indexer/jdk/bin/jarsigner
750 /usr/share/wazuh-indexer/jdk/bin/java
750 /usr/share/wazuh-indexer/jdk/bin/javac
750 /usr/share/wazuh-indexer/jdk/bin/javadoc
750 /usr/share/wazuh-indexer/jdk/bin/javap
750 /usr/share/wazuh-indexer/jdk/bin/jcmd
750 /usr/share/wazuh-indexer/jdk/bin/jconsole
750 /usr/share/wazuh-indexer/jdk/bin/jdb
750 /usr/share/wazuh-indexer/jdk/bin/jdeprscan
750 /usr/share/wazuh-indexer/jdk/bin/jdeps
750 /usr/share/wazuh-indexer/jdk/bin/jfr
750 /usr/share/wazuh-indexer/jdk/bin/jhsdb
750 /usr/share/wazuh-indexer/jdk/bin/jimage
750 /usr/share/wazuh-indexer/jdk/bin/jinfo
750 /usr/share/wazuh-indexer/jdk/bin/jlink
750 /usr/share/wazuh-indexer/jdk/bin/jmap
750 /usr/share/wazuh-indexer/jdk/bin/jmod
750 /usr/share/wazuh-indexer/jdk/bin/jpackage
750 /usr/share/wazuh-indexer/jdk/bin/jps
750 /usr/share/wazuh-indexer/jdk/bin/jrunscript
750 /usr/share/wazuh-indexer/jdk/bin/jshell
750 /usr/share/wazuh-indexer/jdk/bin/jstack
750 /usr/share/wazuh-indexer/jdk/bin/jstat
750 /usr/share/wazuh-indexer/jdk/bin/jstatd
750 /usr/share/wazuh-indexer/jdk/bin/keytool
750 /usr/share/wazuh-indexer/jdk/bin/rmiregistry
750 /usr/share/wazuh-indexer/jdk/bin/serialver
750 /usr/share/wazuh-indexer/jdk/conf
750 /usr/share/wazuh-indexer/jdk/conf/management
750 /usr/share/wazuh-indexer/jdk/conf/sdp
750 /usr/share/wazuh-indexer/jdk/conf/security
750 /usr/share/wazuh-indexer/jdk/conf/security/policy
750 /usr/share/wazuh-indexer/jdk/conf/security/policy/limited
750 /usr/share/wazuh-indexer/jdk/conf/security/policy/unlimited
750 /usr/share/wazuh-indexer/jdk/include
750 /usr/share/wazuh-indexer/jdk/include/linux
750 /usr/share/wazuh-indexer/jdk/jmods
750 /usr/share/wazuh-indexer/jdk/legal
750 /usr/share/wazuh-indexer/jdk/legal/java.base
750 /usr/share/wazuh-indexer/jdk/legal/java.compiler
750 /usr/share/wazuh-indexer/jdk/legal/java.datatransfer
750 /usr/share/wazuh-indexer/jdk/legal/java.desktop
750 /usr/share/wazuh-indexer/jdk/legal/java.instrument
750 /usr/share/wazuh-indexer/jdk/legal/java.logging
750 /usr/share/wazuh-indexer/jdk/legal/java.management
750 /usr/share/wazuh-indexer/jdk/legal/java.management.rmi
750 /usr/share/wazuh-indexer/jdk/legal/java.naming
750 /usr/share/wazuh-indexer/jdk/legal/java.net.http
750 /usr/share/wazuh-indexer/jdk/legal/java.prefs
750 /usr/share/wazuh-indexer/jdk/legal/java.rmi
750 /usr/share/wazuh-indexer/jdk/legal/java.scripting
750 /usr/share/wazuh-indexer/jdk/legal/java.se
750 /usr/share/wazuh-indexer/jdk/legal/java.security.jgss
750 /usr/share/wazuh-indexer/jdk/legal/java.security.sasl
750 /usr/share/wazuh-indexer/jdk/legal/java.smartcardio
750 /usr/share/wazuh-indexer/jdk/legal/java.sql
750 /usr/share/wazuh-indexer/jdk/legal/java.sql.rowset
750 /usr/share/wazuh-indexer/jdk/legal/java.transaction.xa
750 /usr/share/wazuh-indexer/jdk/legal/java.xml
750 /usr/share/wazuh-indexer/jdk/legal/java.xml.crypto
750 /usr/share/wazuh-indexer/jdk/legal/jdk.accessibility
750 /usr/share/wazuh-indexer/jdk/legal/jdk.attach
750 /usr/share/wazuh-indexer/jdk/legal/jdk.charsets
750 /usr/share/wazuh-indexer/jdk/legal/jdk.compiler
750 /usr/share/wazuh-indexer/jdk/legal/jdk.crypto.cryptoki
750 /usr/share/wazuh-indexer/jdk/legal/jdk.crypto.ec
750 /usr/share/wazuh-indexer/jdk/legal/jdk.dynalink
750 /usr/share/wazuh-indexer/jdk/legal/jdk.editpad
750 /usr/share/wazuh-indexer/jdk/legal/jdk.hotspot.agent
750 /usr/share/wazuh-indexer/jdk/legal/jdk.httpserver
750 /usr/share/wazuh-indexer/jdk/legal/jdk.incubator.foreign
750 /usr/share/wazuh-indexer/jdk/legal/jdk.incubator.vector
750 /usr/share/wazuh-indexer/jdk/legal/jdk.internal.ed
750 /usr/share/wazuh-indexer/jdk/legal/jdk.internal.jvmstat
750 /usr/share/wazuh-indexer/jdk/legal/jdk.internal.le
750 /usr/share/wazuh-indexer/jdk/legal/jdk.internal.opt
750 /usr/share/wazuh-indexer/jdk/legal/jdk.internal.vm.ci
750 /usr/share/wazuh-indexer/jdk/legal/jdk.internal.vm.compiler
750 /usr/share/wazuh-indexer/jdk/legal/jdk.internal.vm.compiler.management
750 /usr/share/wazuh-indexer/jdk/legal/jdk.jartool
750 /usr/share/wazuh-indexer/jdk/legal/jdk.javadoc
750 /usr/share/wazuh-indexer/jdk/legal/jdk.jcmd
750 /usr/share/wazuh-indexer/jdk/legal/jdk.jconsole
750 /usr/share/wazuh-indexer/jdk/legal/jdk.jdeps
750 /usr/share/wazuh-indexer/jdk/legal/jdk.jdi
750 /usr/share/wazuh-indexer/jdk/legal/jdk.jdwp.agent
750 /usr/share/wazuh-indexer/jdk/legal/jdk.jfr
750 /usr/share/wazuh-indexer/jdk/legal/jdk.jlink
750 /usr/share/wazuh-indexer/jdk/legal/jdk.jpackage
750 /usr/share/wazuh-indexer/jdk/legal/jdk.jshell
750 /usr/share/wazuh-indexer/jdk/legal/jdk.jsobject
750 /usr/share/wazuh-indexer/jdk/legal/jdk.jstatd
750 /usr/share/wazuh-indexer/jdk/legal/jdk.localedata
750 /usr/share/wazuh-indexer/jdk/legal/jdk.management
750 /usr/share/wazuh-indexer/jdk/legal/jdk.management.agent
750 /usr/share/wazuh-indexer/jdk/legal/jdk.management.jfr
750 /usr/share/wazuh-indexer/jdk/legal/jdk.naming.dns
750 /usr/share/wazuh-indexer/jdk/legal/jdk.naming.rmi
750 /usr/share/wazuh-indexer/jdk/legal/jdk.net
750 /usr/share/wazuh-indexer/jdk/legal/jdk.nio.mapmode
750 /usr/share/wazuh-indexer/jdk/legal/jdk.random
750 /usr/share/wazuh-indexer/jdk/legal/jdk.sctp
750 /usr/share/wazuh-indexer/jdk/legal/jdk.security.auth
750 /usr/share/wazuh-indexer/jdk/legal/jdk.security.jgss
750 /usr/share/wazuh-indexer/jdk/legal/jdk.unsupported
750 /usr/share/wazuh-indexer/jdk/legal/jdk.unsupported.desktop
750 /usr/share/wazuh-indexer/jdk/legal/jdk.xml.dom
750 /usr/share/wazuh-indexer/jdk/legal/jdk.zipfs
750 /usr/share/wazuh-indexer/jdk/lib
750 /usr/share/wazuh-indexer/jdk/lib/jfr
750 /usr/share/wazuh-indexer/jdk/lib/jspawnhelper
750 /usr/share/wazuh-indexer/jdk/lib/modules
750 /usr/share/wazuh-indexer/jdk/lib/security
750 /usr/share/wazuh-indexer/jdk/lib/server
750 /usr/share/wazuh-indexer/jdk/man
750 /usr/share/wazuh-indexer/jdk/man/man1
750 /usr/share/wazuh-indexer/lib
750 /usr/share/wazuh-indexer/lib/tools
750 /usr/share/wazuh-indexer/lib/tools/keystore-cli
750 /usr/share/wazuh-indexer/lib/tools/plugin-cli
750 /usr/share/wazuh-indexer/lib/tools/upgrade-cli
750 /usr/share/wazuh-indexer/modules
750 /usr/share/wazuh-indexer/modules/aggs-matrix-stats
750 /usr/share/wazuh-indexer/modules/analysis-common
750 /usr/share/wazuh-indexer/modules/geo
750 /usr/share/wazuh-indexer/modules/ingest-common
750 /usr/share/wazuh-indexer/modules/ingest-geoip
750 /usr/share/wazuh-indexer/modules/ingest-user-agent
750 /usr/share/wazuh-indexer/modules/lang-expression
750 /usr/share/wazuh-indexer/modules/lang-mustache
750 /usr/share/wazuh-indexer/modules/lang-painless
750 /usr/share/wazuh-indexer/modules/mapper-extras
750 /usr/share/wazuh-indexer/modules/opensearch-dashboards
750 /usr/share/wazuh-indexer/modules/parent-join
750 /usr/share/wazuh-indexer/modules/percolator
750 /usr/share/wazuh-indexer/modules/rank-eval
750 /usr/share/wazuh-indexer/modules/reindex
750 /usr/share/wazuh-indexer/modules/reindex/parent-join
750 /usr/share/wazuh-indexer/modules/reindex/transport-netty4
750 /usr/share/wazuh-indexer/modules/repository-url
750 /usr/share/wazuh-indexer/modules/search-pipeline-common
750 /usr/share/wazuh-indexer/modules/systemd
750 /usr/share/wazuh-indexer/modules/transport-netty4
750 /usr/share/wazuh-indexer/performance-analyzer-rca
750 /usr/share/wazuh-indexer/performance-analyzer-rca/bin
750 /usr/share/wazuh-indexer/performance-analyzer-rca/bin/performance-analyzer-agent
750 /usr/share/wazuh-indexer/performance-analyzer-rca/bin/performance-analyzer-rca
750 /usr/share/wazuh-indexer/performance-analyzer-rca/config
750 /usr/share/wazuh-indexer/performance-analyzer-rca/lib
750 /usr/share/wazuh-indexer/plugins
750 /usr/share/wazuh-indexer/plugins/opensearch-alerting
750 /usr/share/wazuh-indexer/plugins/opensearch-anomaly-detection
750 /usr/share/wazuh-indexer/plugins/opensearch-asynchronous-search
750 /usr/share/wazuh-indexer/plugins/opensearch-cross-cluster-replication
750 /usr/share/wazuh-indexer/plugins/opensearch-geospatial
750 /usr/share/wazuh-indexer/plugins/opensearch-index-management
750 /usr/share/wazuh-indexer/plugins/opensearch-job-scheduler
750 /usr/share/wazuh-indexer/plugins/opensearch-knn
750 /usr/share/wazuh-indexer/plugins/opensearch-ml
750 /usr/share/wazuh-indexer/plugins/opensearch-neural-search
750 /usr/share/wazuh-indexer/plugins/opensearch-notifications
750 /usr/share/wazuh-indexer/plugins/opensearch-notifications-core
750 /usr/share/wazuh-indexer/plugins/opensearch-observability
750 /usr/share/wazuh-indexer/plugins/opensearch-performance-analyzer
750 /usr/share/wazuh-indexer/plugins/opensearch-reports-scheduler
750 /usr/share/wazuh-indexer/plugins/opensearch-security
750 /usr/share/wazuh-indexer/plugins/opensearch-security-analytics
750 /usr/share/wazuh-indexer/plugins/opensearch-security/tools
750 /usr/share/wazuh-indexer/plugins/opensearch-sql
750 /var/log/wazuh-indexer

@AlexRuiz7 AlexRuiz7 merged commit a87a6fb into 4.9.0 Jan 30, 2024
17 checks passed
@AlexRuiz7 AlexRuiz7 deleted the ci/124-incorrect-file-permissions branch January 30, 2024 14:26
AlexRuiz7 added a commit that referenced this pull request Mar 8, 2024
* Fine tuning permissions on RPM spec file

* Build a list of files to be packaged excluding items that need special permissions

* Fix bad permissions on directories

* Remove system directories from packaging definition

* Changing permissions on deb packages

* Skip unneeded dh_fixperms stage in debian/rules

* Clean & format

---------

Co-authored-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>
AlexRuiz7 added a commit that referenced this pull request Apr 24, 2024
* Fine tuning permissions on RPM spec file

* Build a list of files to be packaged excluding items that need special permissions

* Fix bad permissions on directories

* Remove system directories from packaging definition

* Changing permissions on deb packages

* Skip unneeded dh_fixperms stage in debian/rules

* Clean & format

---------

Co-authored-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>
AlexRuiz7 added a commit that referenced this pull request Jun 28, 2024
* Fine tuning permissions on RPM spec file

* Build a list of files to be packaged excluding items that need special permissions

* Fix bad permissions on directories

* Remove system directories from packaging definition

* Changing permissions on deb packages

* Skip unneeded dh_fixperms stage in debian/rules

* Clean & format

---------

Co-authored-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>
AlexRuiz7 added a commit that referenced this pull request Aug 20, 2024
* Fine tuning permissions on RPM spec file

* Build a list of files to be packaged excluding items that need special permissions

* Fix bad permissions on directories

* Remove system directories from packaging definition

* Changing permissions on deb packages

* Skip unneeded dh_fixperms stage in debian/rules

* Clean & format

---------

Co-authored-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>
AlexRuiz7 added a commit that referenced this pull request Sep 9, 2024
* Fine tuning permissions on RPM spec file

* Build a list of files to be packaged excluding items that need special permissions

* Fix bad permissions on directories

* Remove system directories from packaging definition

* Changing permissions on deb packages

* Skip unneeded dh_fixperms stage in debian/rules

* Clean & format

---------

Co-authored-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>
AlexRuiz7 added a commit that referenced this pull request Sep 9, 2024
* Fine tuning permissions on RPM spec file

* Build a list of files to be packaged excluding items that need special permissions

* Fix bad permissions on directories

* Remove system directories from packaging definition

* Changing permissions on deb packages

* Skip unneeded dh_fixperms stage in debian/rules

* Clean & format

---------

Co-authored-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>
AlexRuiz7 added a commit that referenced this pull request Oct 18, 2024
* Init wazuh-indexer (#3)

* Update CODEOWNERS

* Update README.md and SECURITY.md

* Add Wazuh configuration files

* Update README.md

Signed-off-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

* Create codeql.yml

Signed-off-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

* Update dependabot.yml

Signed-off-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

* Update SECURITY.md (#30)

Signed-off-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

* Add ECS mappings generator (#36)

* Add ECS mappings generator, documentation and files for vulnerability detector

* Add event generator script

* Update template settings

---------

Signed-off-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

* Add default query fields to vulnerability detector index (#40)

* Add ECS mappings generator, documentation and files for vulnerability detector

* Add event generator script

* Add default query fields

---------

Signed-off-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

* Create gradle_build.yml

Signed-off-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

* Update gradle_build.yml

Signed-off-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

* Add a script to configure the rollover policy (#49)

* Update ISM init script (#50)

* Fix bug with -i option (#51)

* Fix bug with -i option

* Improve error handling

* Update min_doc_count value (#52)

* Improve ISM init script (#57)

* Improve ISM init script

* Change log file path

* Update distribution files (#59)

* Update config files

* Add VERSION file

* Update documentation of the ECS tooling (#67)

* Add workflow for package generation (#65)

* Ignore artifacts folder

* Update build script

- Updated to v2.11.0 version.
- Skipped compilation of the plugins
- The artifact nameis sent to a text file, to access it easily in
GitHub Actions.

* Add GH action to build min packages

* Remove commented code

* Remove unused code

* Add docker compose environment (#66)

* Add very basic Docker environment

That will do for now

* Add latest changes

* Update Docker environment

- Remove build.md which was included by mistake.
- Improve dev.sh script.
- Update .gitignore to exclude artifacts folder.
- Create .dockerignore file.
- Replace get_version.sh script with inline command.
- Reduce image size by using alpine as base image.

---------

Signed-off-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

* Rename packages to wazuh-indexer (#69)

* Rename packages to wazuh-indexer

* Include VERSION file into packages

* Apply Wazuh version to packages names

* Improve build.sh script

Apply suggestions from ShellCheck

* Update vulnerability index mappings (#75)

* Remove 'events' ECS field

* Add 'wazuh' custom field

* Update event_generator.py for vulnerability detector

* Update `indexer-ism-init.sh` (#81)

Updates the script to upload the wazuh-template.json to the indexer.

Signed-off-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

* Add workflow to assemble packages (#85)

* Add script to assemble arm64 and x64 archives (tar)

* Cleanup

* Update config file with latest upstream changes

* Change packages maintainer information

* Fix wrong substitution of config files

* Update dockerignore to ignore git folder

* Update wazuh-indexer.rpm.spec

Remove unnecessary echo commands

* Add wazuh-indexer-performance-analyzer.service

Required to assembly RPM. The plugin does not install this file, so it needs to be added manually.

* Update assemble.sh

Successfully assemble RPM x64. Runner needed to arm64

* Update `build.yml`

* Add WIP documentation for packages' generation

* Test new approach using reusable workflows

* Fix errors

* Restructure reusable workflow

* Fix upload and download paths

* New try

- Adds a reusable workflow to return the version of Wazuh set in source code.
- Attempt to dynamically generate artifacts name to normalize them for usage between jobs.
- Adds revision as input for the workflow.
- Cleanup

* Emulate assemble to test upload of the reusable assembly workflow

* Add Caching Gradle dependencies

* Remove extra '-' in the packages names on the assembly job

* Final cleanup

* Enable RPM package assemble

Remove unused code

* Fix regex to get package name

* Fix download-artifact destination path

* Exclude unimplemented deb assembly

Extend example to run with Act

* Fix yellow cluster state (#95)

* Add template and settings to disable replicas on ISM plugin internal indices

* Fix documentation

Replaces exit 1 statements with return 1

* Fix uncommented comment line

* Update ism-init script  (#97)

* Update ism-init script to parametrize the path of the wazuh-template

---------

Signed-off-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

* Add tools to assemble DEB packages (#96)

* Add tools to assemble DEB packages

* Move wazuh-indexer-performance-analyzer.service to common

* Enable assembly of DEB packages

* Enable full set of plugins

* Actually skip tar assembly

* Add installation of dependencies for DEB assembly

* Install dependencies using sudo

* Format files

* Refactor assemble script

* Update README.md

Signed-off-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

* Build scripts and GH workflows artifacts naming fix (#112)

* Build scripts and GH workflows artifacts naming fix

* Add git to dev docker image

* Fixing jobs' inputs and outputs

* remove name input from r_assemble.yml

* Setting qualifier to 1 when not specified

* Add revision flag to scripts and workflow

* Fix copying of packages at assemble.sh

* Use suffix variable instead of architecture

* Fix suffix name in assemble.sh

* Mix solutions to comply with the package naming convention

* Remove unused code

* Use correct name for assembled package

Remove code no longer needed

* Remove outdated comments

---------

Co-authored-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

* Use short SHA as Git reference in packages naming (#100)

* Switching to short SHA commit form in package names

Signed-off-by: Fede Tux <federico.galland@wazuh.com>

* Update r_commit_sha.yml

Signed-off-by: Federico Gustavo Galland <99492720+f-galland@users.noreply.github.com>

* Update r_commit_sha.yml

Signed-off-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

---------

Signed-off-by: Fede Tux <federico.galland@wazuh.com>
Signed-off-by: Federico Gustavo Galland <99492720+f-galland@users.noreply.github.com>
Signed-off-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>
Co-authored-by: Fede Tux <fede@fernetcave.com>
Co-authored-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

* Remove unneeded files from assembled packages (#115)

* add remove files function to assemble.sh

* Remove unneeded files on assembled tar packages

* Remove duplicated function

Fix wrong variable assignment

---------

Co-authored-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

* Add missing tools and files back into Wazuh Indexer packages (#117)

* add remove files function to assemble.sh

* Remove unneeded files on assembled tar packages

* Remove duplicated function

Fix wrong variable assignment

* Adding function to package Wazuh`s tools to assemble.sh

* Make the files' versions follow the repo's VERSION file

* Fix download of Wazuh tools for packages assembly

---------

Signed-off-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>
Co-authored-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

* Remove unneeded symbolic links from assembled packages (#121)

* Update issue templates (#127)

* Fix RPM package references to /var/run (#119)

* Switch /var/run references to /run

* Remove unneeded files from assembled packages (#115)

* add remove files function to assemble.sh

* Remove unneeded files on assembled tar packages

* Remove duplicated function

Fix wrong variable assignment

---------

Co-authored-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

* Add missing tools and files back into Wazuh Indexer packages (#117)

* add remove files function to assemble.sh

* Remove unneeded files on assembled tar packages

* Remove duplicated function

Fix wrong variable assignment

* Adding function to package Wazuh`s tools to assemble.sh

* Make the files' versions follow the repo's VERSION file

* Fix download of Wazuh tools for packages assembly

---------

Signed-off-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>
Co-authored-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

* Remove unneeded symbolic links from assembled packages (#121)

* Remove reference to install_demo_configuration.sh

---------

Signed-off-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>
Co-authored-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

* Removing post-install message from wazuh-indexer.rpm.spec (#131)

* Add tests to the packages building process (#132)

Runs the workflow on pull request changes

* Get Wazuh version from VERSION file (#122)

* Add function to look for VERSION in the correct path

* Update assemble.sh

Adds wget as dependency

* Download files using curl instead of wget

* Update assemble.sh

Revert assembly with minimal plugins for testing

Signed-off-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

* Add Dockerfile and docker-compose for the package assembly stage

* Assemble packages with minimal plugin set when "test" variable is set to "true"

* Update README with assemble.sh docker image

* Fixing env variable naming convention and removing wget dependency

* Improve Docker environments

Adds environments to build packages

* Fix small typos

* More fixes

* Add documentation

* Adding -p flag to mkdir so it doesnt fail when the folder is already present

* Format files

---------

Signed-off-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>
Co-authored-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

* Removing /usr/share/lintian/overrides/wazuh-indexer from deb packages (#130)

Co-authored-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

* Add `wazuh-template.json` to packages (#116)

* Download wazuh-template.json from wazuh/wazuh repo

* Add wazuh-template.json to RPM package spec

* Setting wazuh-template.json attributes to 660

* Change wazuh-template.json attributes in debmake_install.sh

* Put template download command within a function

* Small fixes and format

* Apply correct file permissions to the wazuh-template.json

---------

Co-authored-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

* Adding Debian packaging config files from Opensearch (#118)

* Adding debian packaging config files from Opensearch

* Copy debian/ folder to the build dir for debmake to parse

* Remove redundant steps from debian/postinst

---------

Co-authored-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

* Fix Build workflow to run on push events  (#134)

* Run workflow on push

* Set build workflow inputs to required

* Normalize the use of quotes for the build workflow inputs

* Add ternary operator

* Add missing ternary operator

* Use maven for plugin download (#139)

* Fine tuning permissions on RPM spec file

* Get plugins using maven

* Rolling back changes to spec file

* Format files

---------

Co-authored-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

* Add new custom field to the vulnerability detector index (#141)

* Add new custom field to the vulnerability detector index

* Update event generator tool

* Remove base.labels ECS field from wazuh-states-vulnerabilities index mappings

* Fine tuning permissions on assembled packages (#137)

* Fine tuning permissions on RPM spec file

* Build a list of files to be packaged excluding items that need special permissions

* Fix bad permissions on directories

* Remove system directories from packaging definition

* Changing permissions on deb packages

* Skip unneeded dh_fixperms stage in debian/rules

* Clean & format

---------

Co-authored-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

* Init. Amazon Security Lake integration (#143)

* Init. Amazon Security Lake integration

Signed-off-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

* Add events generator tool for `wazuh-alerts` (#152)

* Add events generator tool for wazuh-alerts

* Fix typo in README.md

Signed-off-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

* Make timestamps timezone aware

---------

Signed-off-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>
Co-authored-by: Fede Tux <federico.galland@wazuh.com>

* Add `wazuh.manager.name` to VD mappings (#158)

* Create compatibility_request.md (#163)

Signed-off-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

* Add Python module to accomplish OCSF compliant events (#159)

* Adding Python script that receives a continuous json stream over stdin and outputs parquet to Security Lake

* Adding logstash pipeline for python script

* encode_parquet() function fixed to handle lists of dictionaries

* Correct error in encode_parquet()

* Avoid storing the block ending in the output buffer

* Add comments on handling files and streams with pyarrow for future reference

* Add s3 handling reference links

* Write parquet directly to bucket

* Added basics of map_to_ocsf() function

* Minor fixes

* Map alerts to OCSF as they are read

* Add script to convert Wazuh events to OCSF

Also adds a simple test script

* Add OCSF converter + Parquet encoder + test scripts

* Update .gitignore

* Include the contents of the alert under unmapped

* Add support for different OCSF schema versions

* Use custom ocsf module to map alerts

* Modify script to use converter class

* Code polish and fix errors

* Remove unnecessary type declaration from debug flag

* Improved parquet encoding

* Initial commit for test env's docker-compose.yml

* Remove sudo references from docker-compose.yml

* Add operational Python module to transform events to OCSF

* Create minimal Docker environment to test and develop the integration.

* Fix events-generator's Inventory starvation

* Remove files present in #147

* Cleanup

* Add FQDN hostnames to services for certificates creation

* Add S3 Ninja (Mock) (#165)

* Setup certificates in Wazuh Indexer and Logstash containers (#166)

* Add certificate generator service

* Add certificate config to docker compose file

* Use secrets for certificates

* Disable permission handling inside cert's generator entrypoint.sh

* Back to using a bind mount for certs

* Have entrypoint.sh generate certs with 1000:1000 ownership

* Correct certificate permissions and bind mounting

* Add security initialization variable to compose file

* Fix permissions on certs generator entrypoint

* Add cert generator config file

* Remove old cert generator dir

* Set indexer hostname right in pipeline file

* Roll back commented code

---------

Signed-off-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>
Co-authored-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

* Fix Logstash pipelines

* Remove unused file

* Implement OCSF severity normalize function

---------

Signed-off-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>
Co-authored-by: Fede Tux <federico.galland@wazuh.com>
Co-authored-by: Federico Gustavo Galland <99492720+f-galland@users.noreply.github.com>

* Update Gradle setup action (#182)

* Attemtp to automate package's testing

* Fix typo

* Update setup gradle action

* Remove file from another PR

* Update build.yml

Signed-off-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

---------

Signed-off-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

* Update vulnerability-states fields (#177)

* Update vulnerability-states fields

Adds wazuh.schema.version

* Update events generator

* Automate package's testing (#178)

* Attemtp to automate package's testing

* Fix typo

* Add sudo

* Split test steps and manage errors

* Add --no-pager to journalctl

* Add certs generator

* Improve error handling

* Update r_test.yml

Fix indentation

Signed-off-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

* Fix error handling

* Add testing of RPM packages

* Improve multi-os testing

* Add TEST env var

* Add braces to if conditionals

* Remove all curly braches from if conditionals

* braces again

* Install RPM package in Docker

* Remove sudo for RPM installation

* Bind artifacts/dist to RPM docker test container

* Bind artifacts/dist to RPM docker test container

* Avoid prompt during yum install

* Fix bind volume

---------

Signed-off-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

* Remove ecs.version from query.default_fields (#184)

* Upload packages to S3 (#179)

* Attemtp to automate package's testing

* Add workflow file to upload packages to S3

* Skip testing to test whether the upload works

* Fix package names

* Fix upload workflow name

* Pass secrets to the reusable workflow

* Fix indentation

* Fix indentation

* Remove test workflow from this PR

* Add boolean input to control when the package is uploaded to the S3 bucket

* [UI/UX] Improve inputs description

---------

Signed-off-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

* Add bash to Docker dev image (#185)

* Update wazuh-states-vulnerabilities index mapping (#191)

* Update wazuh-states-vulnerabilities index mapping

* Extend ECS Vulnerability fields

* Add pipeline to generate release packages (#193)

* Add script to get the version of OpenSearch

* Set revision to 0 by default.

- Reduce inputs for scripts.
- Add script to generate packages' naming convention.
- Make scripts self-aware of the OpenSearch version.

* Fix assemble

* Smoke test new pipeline to build packages

* Fix syntax errors

* Update build.yml

Signed-off-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

* Add workflow to build packages on push

* Run actionlint

* Fix jq argjson

* Fix set matrix output ?

* Try new approach using a single workflow

* Fix GITHUB_OUTPUT

* Fix baptizer invocation

* Add testing and upload to new approach

* Fix hard coded revision number on RPM assembly

* New attempt

* Skip upload unless specified

* Install plugins on RPM

* Promote new approach

Removes previous workflows to generate packages

* Fix workflow name

* Attempt to fix release package naming

* Fix build.sh invocation from workflow

* Use min package name in workflow

* Use min package name for release naming convention in workflow

* Attemtp to fix regex

* Upgrade to aws-actions/configure-aws-credentials@v4

Clean up

* Apply latest requirements

Add workflow with single matrix for QA use. Rename inputs. Add checksum input.

* Add checksum generation and upload

* Use choice as input types for system and architecture

* Invoke build single packages with upload option

* Add documentation and clean up

* Rename scripts folder to packaging_scripts

---------

Signed-off-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

* Build Docker images (#194)

* Assemble tar packages

* Add files to generate Docker images

First working version

* Fix certs path

* clean up

* Working indexer in Docker

* Add documentation to build Docker images

Simplify names of Docker build args

* Remove unused Docker dependencies

---------

Signed-off-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

* Add on.workflow_call to build_single.yml workflow (#200)

Allows invocation usin the GH API

* Add Pyhton module to implement Amazon Security Lake integration (#186)

* Migrate from #147

* Update amazon-security-lake integration

- Improved documentation.
- Python code has been moved to `wazuh-indexer/integrations/amazon-security-lake/src`.
- Development environment now uses OpenSearch 2.12.0.
- The `wazuh.integration.security.lake` container now displays logs, by watching logstash's log file.
- [**NEEDS FIX**] As a temporary solution, the `INDEXER_USERNAME` and `INDEXER_PASSWORD` values have been added as an environment variable to the `wazuh.integration.security.lake` container. These values should be set at Dockerfile level, but isn't working, probably due to permission denied on invocation of the `setup.sh` script.
- [**NEEDS FIX**] As a temporary solution, the output file of the `indexer-to-file` pipeline as been moved to `/var/log/logstash/indexer-to-file`. Previous path `/usr/share/logstash/pipeline/indexer-to-file.json` results in permission denied.
- [**NEEDS FIX**] As a temporary solution, the input.opensearch.query has been replaced with `match_all`, as the previous one does not return any data, probably to the use of time filters `gt: now-1m`.
- Standard output enable for `/usr/share/logstash/pipeline/indexer-to-file.json`.
- [**NEEDS FIX**] ECS compatibility disabled: `echo "pipeline.ecs_compatibility: disabled" >> /etc/logstash/logstash.yml` -- to be included automatically
- Python3 environment path added to the `indexer-to-integrator` pipeline.

* Disable ECS compatibility (auto)

-  Adds pipeline.ecs_compatibility: disabled at Dockerfile level.
- Removes `INDEXER_USERNAME` and `INDEXER_PASSWORD` as environment variables on the `wazuh.integration.security.lake` container.

* Add @timestamp field to sample alerts

* Fix Logstash pipelines

* Add working indexer-to-s3 pipeline

* Add working Python script up to S3 upload

* Add latest changes

* Remove duplicated line

* Replace choice with string on workflow_call (#207)

* Use AWS_REGION secret (#209)

* Add Lambda function for the Amazon Security Lake integration (#189)

* Migrate from #147

* Update amazon-security-lake integration

- Improved documentation.
- Python code has been moved to `wazuh-indexer/integrations/amazon-security-lake/src`.
- Development environment now uses OpenSearch 2.12.0.
- The `wazuh.integration.security.lake` container now displays logs, by watching logstash's log file.
- [**NEEDS FIX**] As a temporary solution, the `INDEXER_USERNAME` and `INDEXER_PASSWORD` values have been added as an environment variable to the `wazuh.integration.security.lake` container. These values should be set at Dockerfile level, but isn't working, probably due to permission denied on invocation of the `setup.sh` script.
- [**NEEDS FIX**] As a temporary solution, the output file of the `indexer-to-file` pipeline as been moved to `/var/log/logstash/indexer-to-file`. Previous path `/usr/share/logstash/pipeline/indexer-to-file.json` results in permission denied.
- [**NEEDS FIX**] As a temporary solution, the input.opensearch.query has been replaced with `match_all`, as the previous one does not return any data, probably to the use of time filters `gt: now-1m`.
- Standard output enable for `/usr/share/logstash/pipeline/indexer-to-file.json`.
- [**NEEDS FIX**] ECS compatibility disabled: `echo "pipeline.ecs_compatibility: disabled" >> /etc/logstash/logstash.yml` -- to be included automatically
- Python3 environment path added to the `indexer-to-integrator` pipeline.

* Disable ECS compatibility (auto)

-  Adds pipeline.ecs_compatibility: disabled at Dockerfile level.
- Removes `INDEXER_USERNAME` and `INDEXER_PASSWORD` as environment variables on the `wazuh.integration.security.lake` container.

* Add @timestamp field to sample alerts

* Fix Logstash pipelines

* Add working indexer-to-s3 pipeline

* Add working Python script up to S3 upload

* Add latest changes

* Remove duplicated line

* Add working environment with minimal AWS lambda function

* Mount src folder to Lambda's workdir

* Add first functional lambda function

Tested on local environment, using S3 Ninja and a Lambda container

* Working state

* Add documentation

* Improve code

* Improve code

* Clean up

* Add instructions to build a deployment package

* Make zip file lighter

* Use default name for aws_region

* Add destination bucket validation

* Add env var validation and full destination S3 path

* Add AWS_ENDPOINT environment variable

* Rename AWS_DEFAULT_REGION

* Remove unused env vars

* Remove unused file and improve documentation a bit.

* Makefile improvements

* Use dummy env variables

---------

Signed-off-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

* Bump Java version in Docker environments (#210)

* Fix access denied error during log rotation (#212)

* Save intermediate OCSF files to an S3 bucket (#218)

* Fix Parquet files format (#217)

* Fix mapping to Detection Finding OCSF class (#220)

* Map events to OCSF's Security Finding class (#221)

* Map events to OCSF's Security Finding class

* Improve models (inheritance). Add OCSF_CLASS env variable

* Move constants to the models

* Fix validation error

* Add ID input to workflows (#229)

* Added id input

* Changed name to run-name

* Add OPENSEARCH_TMPDIR variable to service and create directory in packages accordingly (#231)

* Improve workflow's run-name with tagret system and architeture (#237)

* Add documentation for the Amazon Security Lake integration (#226)

* Add documentation for the Amazon Security Lake integration

* Add images via upload

Signed-off-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

* Add files via upload

Signed-off-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

* Use jpeg

* Add files via upload

Signed-off-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

* Fix some typos

* Add CONTRIBUTING.md

* Apply improvements to the ASL docu

---------

Signed-off-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

* Rename  environment variable (#240)

* Remove maintainer-approval.yml (#241)

* Improve logging and error handling on ASL Lambda function (#242)

* Update .gitattributes (#243)

* Change . for : in debian's postinst (#245)

* Add integration with Elastic (#248)

* Add integration with Elastic

Draft

* Update Elastic integration

Draft

* Add Elastic integration folder

Draft

* Changing the kibana system user

* Add Elastic integration

Working

---------

Co-authored-by: Fede Tux <federico.galland@wazuh.com>

* Added S3 URI output to package generation upload (#249)

* Added S3 URI output

* Added ID input and S3 URI output

* Improved workflow run name

* Added name statement

* Added name statement

* Removed file

* Added ID input description

* Update build.yml

---------

Co-authored-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

* Add OpenSearch integration (#258)

* Add docker environment

* Add README

Move files to the corresponding folde

* Enable TLS in dashboards

---------

Co-authored-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

* Add Splunk integration (#257)

* Add Splunk integration

Draft

* Fix certificate errors

* Add cfssl container to generate and sign splunk certs

* Add cfssl configuration fiels

* Update Splunk integration

---------

Signed-off-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>
Co-authored-by: Fede Tux <federico.galland@wazuh.com>

* Add Manager to Elastic integration (#266)

* Init commit

[DRAFT] Adds a Compose environment

* Mount alerts as shared volume instead of file

* Update documentation and clean up files

---------

Co-authored-by: Fede Tux <federico.galland@wazuh.com>

* Add Manager to Splunk integration (#268)

* Add Manager to OpenSearch integration (#267)

* Add Manager to OpenSearch integreation

Also fixes small issues on other integrations

* Add changes to README

* Attempt nr.2 to fix #277  (#280)

* Testy test test

* Update artifact name

Skip lintian

* Update Mantainers for Debian package metadata

* Remove references to indexer-ism-init.sh and wazuh-template.json (#281)

* Remove references to indexer-ism-init.sh and wazuh-template.json

* Roll back remaining content from ISM rollover+alias feature

* Remove commented code

---------

Co-authored-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

* Bump 4.10.0 (#272)

* Merge 4.9.1 into 4.10.0 (#358)

* Merge 4.9.1 into 4.10.0 (#358)

---------

Signed-off-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

* Merge 4.9.2 into 4.10.0 (#378)

* Fix build.gradle (#381)

* Fix build.gradle

* Fix build.gradle

* Undo changes

* Remove old compose files for integrations (#386)

* Delete integrations/docker/amazon-security-lake.yml

Signed-off-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

* Delete integrations/docker/config directory

Signed-off-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

* Update vulnerability detector index template (#383)

* Update VD index template

* Remove host.os.family

* Merge 4.9.1 into 4.10.0 (#426)

* Fix Performance Analyzer service file (#391)

* Update SECURITY.md (#411)

* Remove prompt about configuration file overwrites on package upgrade (#410)

* Make new config files install with .new prefix

* Fix errors and add .new prefix to /etc/init.d/wazuh-indexer

* Fix errors in build.sh and assemble.sh

* Revert "Fix errors in build.sh and assemble.sh"

This reverts commit 5dc3500.

* Using noreplace on config files for rpm

* Fix issues in debmake.sh

* Revert changes to Debian packages

---------

Co-authored-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

* Update SECURITY.md (#415)

Signed-off-by: Raul Del Pozo Moreno <raul.delpozo@wazuh.com>

* Add Release Notes 4.9.1-rc1 (#421)

---------

Signed-off-by: Raul Del Pozo Moreno <raul.delpozo@wazuh.com>
Co-authored-by: Fede Galland <99492720+f-galland@users.noreply.github.com>
Co-authored-by: Raul Del Pozo Moreno <raul.delpozo@wazuh.com>

* Bump version to 4.10.1 (#430)

* Support new version 4.10.2 (#441)

* Enable assembly of ARM packages (#444)

* Merge 4.10.1 into 4.10.2 (#473)

* Merge 4.10.0 into 4.10.1 (#470)

* Upgrade integrations to the last version (#447)

* Upgrade third-party integrations to latest product versions (#368)

* Upgrade third-party integrations to latest product versions

* Improve comtability matrix

* Change versions in /integrations/.env

Signed-off-by: Malena Casas <malena.casas@wazuh.com>

* Fix Splunk integrations (#362)

* Add table with the version of the integrations

* Update CHANGELOG.md

Signed-off-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

---------

Signed-off-by: Malena Casas <malena.casas@wazuh.com>
Signed-off-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>
Co-authored-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>
Co-authored-by: JuanGarriuz <juangarriuz@gmail.com>

* Merge 4.9.1 into 4.10.0 (#454)

* Prepare 4.9.1-rc2 (#436)

* Update docker/README.md (#438)

* Support new stage 4.9.1-rc3 (#443)

* Update operational--integrations_maintenance_request.md (#449)

Signed-off-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

---------

Signed-off-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

* Fix Github Actions build process dependency errors (#457)

* Switch from latest to 22.04 runner

* Remove non-existant packages from workflow provisioner

* Remove freeglut3 from provision.sh

* Update calendarTime and scan_date fields type (#458)

* Merge 4.9.1 into 4.10.0 (#469)

* Support for v4.9.1-alpha4 (#461)

* Prepare final release notes for 4.9.1

---------

Signed-off-by: Malena Casas <malena.casas@wazuh.com>
Signed-off-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>
Co-authored-by: Malena Casas <malena.casas@wazuh.com>
Co-authored-by: JuanGarriuz <juangarriuz@gmail.com>
Co-authored-by: Fede Galland <99492720+f-galland@users.noreply.github.com>
Co-authored-by: Kevin Ledesma <kevinledesmam95@gmail.com>

* Fix release date for 4.10.0 in RPM spec file

* Fix release date for 4.10.0 in RPM spec file

---------

Signed-off-by: Malena Casas <malena.casas@wazuh.com>
Signed-off-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>
Co-authored-by: Malena Casas <malena.casas@wazuh.com>
Co-authored-by: JuanGarriuz <juangarriuz@gmail.com>
Co-authored-by: Fede Galland <99492720+f-galland@users.noreply.github.com>
Co-authored-by: Kevin Ledesma <kevinledesmam95@gmail.com>

* Remove packaging_scripts folder

* Remove duplicated files

* Fix build.yml

---------

Signed-off-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>
Signed-off-by: Fede Tux <federico.galland@wazuh.com>
Signed-off-by: Federico Gustavo Galland <99492720+f-galland@users.noreply.github.com>
Signed-off-by: Raul Del Pozo Moreno <raul.delpozo@wazuh.com>
Signed-off-by: Malena Casas <malena.casas@wazuh.com>
Co-authored-by: Federico Gustavo Galland <99492720+f-galland@users.noreply.github.com>
Co-authored-by: Fede Tux <fede@fernetcave.com>
Co-authored-by: Fede Tux <federico.galland@wazuh.com>
Co-authored-by: Raul Del Pozo Moreno <raul.delpozo@wazuh.com>
Co-authored-by: Malena Casas <malena.casas@wazuh.com>
Co-authored-by: JuanGarriuz <juangarriuz@gmail.com>
Co-authored-by: Kevin Ledesma <kevinledesmam95@gmail.com>
AlexRuiz7 added a commit that referenced this pull request Oct 22, 2024
* Init wazuh-indexer (#3)

* Update CODEOWNERS

* Update README.md and SECURITY.md

* Add Wazuh configuration files

* Update README.md

Signed-off-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

* Create codeql.yml

Signed-off-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

* Update dependabot.yml

Signed-off-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

* Update SECURITY.md (#30)

Signed-off-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

* Add ECS mappings generator (#36)

* Add ECS mappings generator, documentation and files for vulnerability detector

* Add event generator script

* Update template settings

---------

Signed-off-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

* Add default query fields to vulnerability detector index (#40)

* Add ECS mappings generator, documentation and files for vulnerability detector

* Add event generator script

* Add default query fields

---------

Signed-off-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

* Create gradle_build.yml

Signed-off-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

* Update gradle_build.yml

Signed-off-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

* Add a script to configure the rollover policy (#49)

* Update ISM init script (#50)

* Fix bug with -i option (#51)

* Fix bug with -i option

* Improve error handling

* Update min_doc_count value (#52)

* Improve ISM init script (#57)

* Improve ISM init script

* Change log file path

* Update distribution files (#59)

* Update config files

* Add VERSION file

* Update documentation of the ECS tooling (#67)

* Add workflow for package generation (#65)

* Ignore artifacts folder

* Update build script

- Updated to v2.11.0 version.
- Skipped compilation of the plugins
- The artifact nameis sent to a text file, to access it easily in
GitHub Actions.

* Add GH action to build min packages

* Remove commented code

* Remove unused code

* Add docker compose environment (#66)

* Add very basic Docker environment

That will do for now

* Add latest changes

* Update Docker environment

- Remove build.md which was included by mistake.
- Improve dev.sh script.
- Update .gitignore to exclude artifacts folder.
- Create .dockerignore file.
- Replace get_version.sh script with inline command.
- Reduce image size by using alpine as base image.

---------

Signed-off-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

* Rename packages to wazuh-indexer (#69)

* Rename packages to wazuh-indexer

* Include VERSION file into packages

* Apply Wazuh version to packages names

* Improve build.sh script

Apply suggestions from ShellCheck

* Update vulnerability index mappings (#75)

* Remove 'events' ECS field

* Add 'wazuh' custom field

* Update event_generator.py for vulnerability detector

* Update `indexer-ism-init.sh` (#81)

Updates the script to upload the wazuh-template.json to the indexer.

Signed-off-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

* Add workflow to assemble packages (#85)

* Add script to assemble arm64 and x64 archives (tar)

* Cleanup

* Update config file with latest upstream changes

* Change packages maintainer information

* Fix wrong substitution of config files

* Update dockerignore to ignore git folder

* Update wazuh-indexer.rpm.spec

Remove unnecessary echo commands

* Add wazuh-indexer-performance-analyzer.service

Required to assembly RPM. The plugin does not install this file, so it needs to be added manually.

* Update assemble.sh

Successfully assemble RPM x64. Runner needed to arm64

* Update `build.yml`

* Add WIP documentation for packages' generation

* Test new approach using reusable workflows

* Fix errors

* Restructure reusable workflow

* Fix upload and download paths

* New try

- Adds a reusable workflow to return the version of Wazuh set in source code.
- Attempt to dynamically generate artifacts name to normalize them for usage between jobs.
- Adds revision as input for the workflow.
- Cleanup

* Emulate assemble to test upload of the reusable assembly workflow

* Add Caching Gradle dependencies

* Remove extra '-' in the packages names on the assembly job

* Final cleanup

* Enable RPM package assemble

Remove unused code

* Fix regex to get package name

* Fix download-artifact destination path

* Exclude unimplemented deb assembly

Extend example to run with Act

* Fix yellow cluster state (#95)

* Add template and settings to disable replicas on ISM plugin internal indices

* Fix documentation

Replaces exit 1 statements with return 1

* Fix uncommented comment line

* Update ism-init script  (#97)

* Update ism-init script to parametrize the path of the wazuh-template

---------

Signed-off-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

* Add tools to assemble DEB packages (#96)

* Add tools to assemble DEB packages

* Move wazuh-indexer-performance-analyzer.service to common

* Enable assembly of DEB packages

* Enable full set of plugins

* Actually skip tar assembly

* Add installation of dependencies for DEB assembly

* Install dependencies using sudo

* Format files

* Refactor assemble script

* Update README.md

Signed-off-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

* Build scripts and GH workflows artifacts naming fix (#112)

* Build scripts and GH workflows artifacts naming fix

* Add git to dev docker image

* Fixing jobs' inputs and outputs

* remove name input from r_assemble.yml

* Setting qualifier to 1 when not specified

* Add revision flag to scripts and workflow

* Fix copying of packages at assemble.sh

* Use suffix variable instead of architecture

* Fix suffix name in assemble.sh

* Mix solutions to comply with the package naming convention

* Remove unused code

* Use correct name for assembled package

Remove code no longer needed

* Remove outdated comments

---------

Co-authored-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

* Use short SHA as Git reference in packages naming (#100)

* Switching to short SHA commit form in package names

Signed-off-by: Fede Tux <federico.galland@wazuh.com>

* Update r_commit_sha.yml

Signed-off-by: Federico Gustavo Galland <99492720+f-galland@users.noreply.github.com>

* Update r_commit_sha.yml

Signed-off-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

---------

Signed-off-by: Fede Tux <federico.galland@wazuh.com>
Signed-off-by: Federico Gustavo Galland <99492720+f-galland@users.noreply.github.com>
Signed-off-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>
Co-authored-by: Fede Tux <fede@fernetcave.com>
Co-authored-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

* Remove unneeded files from assembled packages (#115)

* add remove files function to assemble.sh

* Remove unneeded files on assembled tar packages

* Remove duplicated function

Fix wrong variable assignment

---------

Co-authored-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

* Add missing tools and files back into Wazuh Indexer packages (#117)

* add remove files function to assemble.sh

* Remove unneeded files on assembled tar packages

* Remove duplicated function

Fix wrong variable assignment

* Adding function to package Wazuh`s tools to assemble.sh

* Make the files' versions follow the repo's VERSION file

* Fix download of Wazuh tools for packages assembly

---------

Signed-off-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>
Co-authored-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

* Remove unneeded symbolic links from assembled packages (#121)

* Update issue templates (#127)

* Fix RPM package references to /var/run (#119)

* Switch /var/run references to /run

* Remove unneeded files from assembled packages (#115)

* add remove files function to assemble.sh

* Remove unneeded files on assembled tar packages

* Remove duplicated function

Fix wrong variable assignment

---------

Co-authored-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

* Add missing tools and files back into Wazuh Indexer packages (#117)

* add remove files function to assemble.sh

* Remove unneeded files on assembled tar packages

* Remove duplicated function

Fix wrong variable assignment

* Adding function to package Wazuh`s tools to assemble.sh

* Make the files' versions follow the repo's VERSION file

* Fix download of Wazuh tools for packages assembly

---------

Signed-off-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>
Co-authored-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

* Remove unneeded symbolic links from assembled packages (#121)

* Remove reference to install_demo_configuration.sh

---------

Signed-off-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>
Co-authored-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

* Removing post-install message from wazuh-indexer.rpm.spec (#131)

* Add tests to the packages building process (#132)

Runs the workflow on pull request changes

* Get Wazuh version from VERSION file (#122)

* Add function to look for VERSION in the correct path

* Update assemble.sh

Adds wget as dependency

* Download files using curl instead of wget

* Update assemble.sh

Revert assembly with minimal plugins for testing

Signed-off-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

* Add Dockerfile and docker-compose for the package assembly stage

* Assemble packages with minimal plugin set when "test" variable is set to "true"

* Update README with assemble.sh docker image

* Fixing env variable naming convention and removing wget dependency

* Improve Docker environments

Adds environments to build packages

* Fix small typos

* More fixes

* Add documentation

* Adding -p flag to mkdir so it doesnt fail when the folder is already present

* Format files

---------

Signed-off-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>
Co-authored-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

* Removing /usr/share/lintian/overrides/wazuh-indexer from deb packages (#130)

Co-authored-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

* Add `wazuh-template.json` to packages (#116)

* Download wazuh-template.json from wazuh/wazuh repo

* Add wazuh-template.json to RPM package spec

* Setting wazuh-template.json attributes to 660

* Change wazuh-template.json attributes in debmake_install.sh

* Put template download command within a function

* Small fixes and format

* Apply correct file permissions to the wazuh-template.json

---------

Co-authored-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

* Adding Debian packaging config files from Opensearch (#118)

* Adding debian packaging config files from Opensearch

* Copy debian/ folder to the build dir for debmake to parse

* Remove redundant steps from debian/postinst

---------

Co-authored-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

* Fix Build workflow to run on push events  (#134)

* Run workflow on push

* Set build workflow inputs to required

* Normalize the use of quotes for the build workflow inputs

* Add ternary operator

* Add missing ternary operator

* Use maven for plugin download (#139)

* Fine tuning permissions on RPM spec file

* Get plugins using maven

* Rolling back changes to spec file

* Format files

---------

Co-authored-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

* Add new custom field to the vulnerability detector index (#141)

* Add new custom field to the vulnerability detector index

* Update event generator tool

* Remove base.labels ECS field from wazuh-states-vulnerabilities index mappings

* Fine tuning permissions on assembled packages (#137)

* Fine tuning permissions on RPM spec file

* Build a list of files to be packaged excluding items that need special permissions

* Fix bad permissions on directories

* Remove system directories from packaging definition

* Changing permissions on deb packages

* Skip unneeded dh_fixperms stage in debian/rules

* Clean & format

---------

Co-authored-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

* Init. Amazon Security Lake integration (#143)

* Init. Amazon Security Lake integration

Signed-off-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

* Add events generator tool for `wazuh-alerts` (#152)

* Add events generator tool for wazuh-alerts

* Fix typo in README.md

Signed-off-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

* Make timestamps timezone aware

---------

Signed-off-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>
Co-authored-by: Fede Tux <federico.galland@wazuh.com>

* Add `wazuh.manager.name` to VD mappings (#158)

* Create compatibility_request.md (#163)

Signed-off-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

* Add Python module to accomplish OCSF compliant events (#159)

* Adding Python script that receives a continuous json stream over stdin and outputs parquet to Security Lake

* Adding logstash pipeline for python script

* encode_parquet() function fixed to handle lists of dictionaries

* Correct error in encode_parquet()

* Avoid storing the block ending in the output buffer

* Add comments on handling files and streams with pyarrow for future reference

* Add s3 handling reference links

* Write parquet directly to bucket

* Added basics of map_to_ocsf() function

* Minor fixes

* Map alerts to OCSF as they are read

* Add script to convert Wazuh events to OCSF

Also adds a simple test script

* Add OCSF converter + Parquet encoder + test scripts

* Update .gitignore

* Include the contents of the alert under unmapped

* Add support for different OCSF schema versions

* Use custom ocsf module to map alerts

* Modify script to use converter class

* Code polish and fix errors

* Remove unnecessary type declaration from debug flag

* Improved parquet encoding

* Initial commit for test env's docker-compose.yml

* Remove sudo references from docker-compose.yml

* Add operational Python module to transform events to OCSF

* Create minimal Docker environment to test and develop the integration.

* Fix events-generator's Inventory starvation

* Remove files present in #147

* Cleanup

* Add FQDN hostnames to services for certificates creation

* Add S3 Ninja (Mock) (#165)

* Setup certificates in Wazuh Indexer and Logstash containers (#166)

* Add certificate generator service

* Add certificate config to docker compose file

* Use secrets for certificates

* Disable permission handling inside cert's generator entrypoint.sh

* Back to using a bind mount for certs

* Have entrypoint.sh generate certs with 1000:1000 ownership

* Correct certificate permissions and bind mounting

* Add security initialization variable to compose file

* Fix permissions on certs generator entrypoint

* Add cert generator config file

* Remove old cert generator dir

* Set indexer hostname right in pipeline file

* Roll back commented code

---------

Signed-off-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>
Co-authored-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

* Fix Logstash pipelines

* Remove unused file

* Implement OCSF severity normalize function

---------

Signed-off-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>
Co-authored-by: Fede Tux <federico.galland@wazuh.com>
Co-authored-by: Federico Gustavo Galland <99492720+f-galland@users.noreply.github.com>

* Update Gradle setup action (#182)

* Attemtp to automate package's testing

* Fix typo

* Update setup gradle action

* Remove file from another PR

* Update build.yml

Signed-off-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

---------

Signed-off-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

* Update vulnerability-states fields (#177)

* Update vulnerability-states fields

Adds wazuh.schema.version

* Update events generator

* Automate package's testing (#178)

* Attemtp to automate package's testing

* Fix typo

* Add sudo

* Split test steps and manage errors

* Add --no-pager to journalctl

* Add certs generator

* Improve error handling

* Update r_test.yml

Fix indentation

Signed-off-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

* Fix error handling

* Add testing of RPM packages

* Improve multi-os testing

* Add TEST env var

* Add braces to if conditionals

* Remove all curly braches from if conditionals

* braces again

* Install RPM package in Docker

* Remove sudo for RPM installation

* Bind artifacts/dist to RPM docker test container

* Bind artifacts/dist to RPM docker test container

* Avoid prompt during yum install

* Fix bind volume

---------

Signed-off-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

* Remove ecs.version from query.default_fields (#184)

* Upload packages to S3 (#179)

* Attemtp to automate package's testing

* Add workflow file to upload packages to S3

* Skip testing to test whether the upload works

* Fix package names

* Fix upload workflow name

* Pass secrets to the reusable workflow

* Fix indentation

* Fix indentation

* Remove test workflow from this PR

* Add boolean input to control when the package is uploaded to the S3 bucket

* [UI/UX] Improve inputs description

---------

Signed-off-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

* Add bash to Docker dev image (#185)

* Update wazuh-states-vulnerabilities index mapping (#191)

* Update wazuh-states-vulnerabilities index mapping

* Extend ECS Vulnerability fields

* Add pipeline to generate release packages (#193)

* Add script to get the version of OpenSearch

* Set revision to 0 by default.

- Reduce inputs for scripts.
- Add script to generate packages' naming convention.
- Make scripts self-aware of the OpenSearch version.

* Fix assemble

* Smoke test new pipeline to build packages

* Fix syntax errors

* Update build.yml

Signed-off-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

* Add workflow to build packages on push

* Run actionlint

* Fix jq argjson

* Fix set matrix output ?

* Try new approach using a single workflow

* Fix GITHUB_OUTPUT

* Fix baptizer invocation

* Add testing and upload to new approach

* Fix hard coded revision number on RPM assembly

* New attempt

* Skip upload unless specified

* Install plugins on RPM

* Promote new approach

Removes previous workflows to generate packages

* Fix workflow name

* Attempt to fix release package naming

* Fix build.sh invocation from workflow

* Use min package name in workflow

* Use min package name for release naming convention in workflow

* Attemtp to fix regex

* Upgrade to aws-actions/configure-aws-credentials@v4

Clean up

* Apply latest requirements

Add workflow with single matrix for QA use. Rename inputs. Add checksum input.

* Add checksum generation and upload

* Use choice as input types for system and architecture

* Invoke build single packages with upload option

* Add documentation and clean up

* Rename scripts folder to packaging_scripts

---------

Signed-off-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

* Build Docker images (#194)

* Assemble tar packages

* Add files to generate Docker images

First working version

* Fix certs path

* clean up

* Working indexer in Docker

* Add documentation to build Docker images

Simplify names of Docker build args

* Remove unused Docker dependencies

---------

Signed-off-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

* Add on.workflow_call to build_single.yml workflow (#200)

Allows invocation usin the GH API

* Add Pyhton module to implement Amazon Security Lake integration (#186)

* Migrate from #147

* Update amazon-security-lake integration

- Improved documentation.
- Python code has been moved to `wazuh-indexer/integrations/amazon-security-lake/src`.
- Development environment now uses OpenSearch 2.12.0.
- The `wazuh.integration.security.lake` container now displays logs, by watching logstash's log file.
- [**NEEDS FIX**] As a temporary solution, the `INDEXER_USERNAME` and `INDEXER_PASSWORD` values have been added as an environment variable to the `wazuh.integration.security.lake` container. These values should be set at Dockerfile level, but isn't working, probably due to permission denied on invocation of the `setup.sh` script.
- [**NEEDS FIX**] As a temporary solution, the output file of the `indexer-to-file` pipeline as been moved to `/var/log/logstash/indexer-to-file`. Previous path `/usr/share/logstash/pipeline/indexer-to-file.json` results in permission denied.
- [**NEEDS FIX**] As a temporary solution, the input.opensearch.query has been replaced with `match_all`, as the previous one does not return any data, probably to the use of time filters `gt: now-1m`.
- Standard output enable for `/usr/share/logstash/pipeline/indexer-to-file.json`.
- [**NEEDS FIX**] ECS compatibility disabled: `echo "pipeline.ecs_compatibility: disabled" >> /etc/logstash/logstash.yml` -- to be included automatically
- Python3 environment path added to the `indexer-to-integrator` pipeline.

* Disable ECS compatibility (auto)

-  Adds pipeline.ecs_compatibility: disabled at Dockerfile level.
- Removes `INDEXER_USERNAME` and `INDEXER_PASSWORD` as environment variables on the `wazuh.integration.security.lake` container.

* Add @timestamp field to sample alerts

* Fix Logstash pipelines

* Add working indexer-to-s3 pipeline

* Add working Python script up to S3 upload

* Add latest changes

* Remove duplicated line

* Replace choice with string on workflow_call (#207)

* Use AWS_REGION secret (#209)

* Add Lambda function for the Amazon Security Lake integration (#189)

* Migrate from #147

* Update amazon-security-lake integration

- Improved documentation.
- Python code has been moved to `wazuh-indexer/integrations/amazon-security-lake/src`.
- Development environment now uses OpenSearch 2.12.0.
- The `wazuh.integration.security.lake` container now displays logs, by watching logstash's log file.
- [**NEEDS FIX**] As a temporary solution, the `INDEXER_USERNAME` and `INDEXER_PASSWORD` values have been added as an environment variable to the `wazuh.integration.security.lake` container. These values should be set at Dockerfile level, but isn't working, probably due to permission denied on invocation of the `setup.sh` script.
- [**NEEDS FIX**] As a temporary solution, the output file of the `indexer-to-file` pipeline as been moved to `/var/log/logstash/indexer-to-file`. Previous path `/usr/share/logstash/pipeline/indexer-to-file.json` results in permission denied.
- [**NEEDS FIX**] As a temporary solution, the input.opensearch.query has been replaced with `match_all`, as the previous one does not return any data, probably to the use of time filters `gt: now-1m`.
- Standard output enable for `/usr/share/logstash/pipeline/indexer-to-file.json`.
- [**NEEDS FIX**] ECS compatibility disabled: `echo "pipeline.ecs_compatibility: disabled" >> /etc/logstash/logstash.yml` -- to be included automatically
- Python3 environment path added to the `indexer-to-integrator` pipeline.

* Disable ECS compatibility (auto)

-  Adds pipeline.ecs_compatibility: disabled at Dockerfile level.
- Removes `INDEXER_USERNAME` and `INDEXER_PASSWORD` as environment variables on the `wazuh.integration.security.lake` container.

* Add @timestamp field to sample alerts

* Fix Logstash pipelines

* Add working indexer-to-s3 pipeline

* Add working Python script up to S3 upload

* Add latest changes

* Remove duplicated line

* Add working environment with minimal AWS lambda function

* Mount src folder to Lambda's workdir

* Add first functional lambda function

Tested on local environment, using S3 Ninja and a Lambda container

* Working state

* Add documentation

* Improve code

* Improve code

* Clean up

* Add instructions to build a deployment package

* Make zip file lighter

* Use default name for aws_region

* Add destination bucket validation

* Add env var validation and full destination S3 path

* Add AWS_ENDPOINT environment variable

* Rename AWS_DEFAULT_REGION

* Remove unused env vars

* Remove unused file and improve documentation a bit.

* Makefile improvements

* Use dummy env variables

---------

Signed-off-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

* Bump Java version in Docker environments (#210)

* Fix access denied error during log rotation (#212)

* Save intermediate OCSF files to an S3 bucket (#218)

* Fix Parquet files format (#217)

* Fix mapping to Detection Finding OCSF class (#220)

* Map events to OCSF's Security Finding class (#221)

* Map events to OCSF's Security Finding class

* Improve models (inheritance). Add OCSF_CLASS env variable

* Move constants to the models

* Fix validation error

* Add ID input to workflows (#229)

* Added id input

* Changed name to run-name

* Add OPENSEARCH_TMPDIR variable to service and create directory in packages accordingly (#231)

* Improve workflow's run-name with tagret system and architeture (#237)

* Add documentation for the Amazon Security Lake integration (#226)

* Add documentation for the Amazon Security Lake integration

* Add images via upload

Signed-off-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

* Add files via upload

Signed-off-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

* Use jpeg

* Add files via upload

Signed-off-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

* Fix some typos

* Add CONTRIBUTING.md

* Apply improvements to the ASL docu

---------

Signed-off-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

* Rename  environment variable (#240)

* Remove maintainer-approval.yml (#241)

* Improve logging and error handling on ASL Lambda function (#242)

* Update .gitattributes (#243)

* Change . for : in debian's postinst (#245)

* Add integration with Elastic (#248)

* Add integration with Elastic

Draft

* Update Elastic integration

Draft

* Add Elastic integration folder

Draft

* Changing the kibana system user

* Add Elastic integration

Working

---------

Co-authored-by: Fede Tux <federico.galland@wazuh.com>

* Added S3 URI output to package generation upload (#249)

* Added S3 URI output

* Added ID input and S3 URI output

* Improved workflow run name

* Added name statement

* Added name statement

* Removed file

* Added ID input description

* Update build.yml

---------

Co-authored-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

* Add OpenSearch integration (#258)

* Add docker environment

* Add README

Move files to the corresponding folde

* Enable TLS in dashboards

---------

Co-authored-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

* Add Splunk integration (#257)

* Add Splunk integration

Draft

* Fix certificate errors

* Add cfssl container to generate and sign splunk certs

* Add cfssl configuration fiels

* Update Splunk integration

---------

Signed-off-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>
Co-authored-by: Fede Tux <federico.galland@wazuh.com>

* Add Manager to Elastic integration (#266)

* Init commit

[DRAFT] Adds a Compose environment

* Mount alerts as shared volume instead of file

* Update documentation and clean up files

---------

Co-authored-by: Fede Tux <federico.galland@wazuh.com>

* Add Manager to Splunk integration (#268)

* Add Manager to OpenSearch integration (#267)

* Add Manager to OpenSearch integreation

Also fixes small issues on other integrations

* Add changes to README

* Attempt nr.2 to fix #277  (#280)

* Testy test test

* Update artifact name

Skip lintian

* Update Mantainers for Debian package metadata

* Remove references to indexer-ism-init.sh and wazuh-template.json (#281)

* Remove references to indexer-ism-init.sh and wazuh-template.json

* Roll back remaining content from ISM rollover+alias feature

* Remove commented code

---------

Co-authored-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

* Bump 4.10.0 (#272)

* Merge 4.9.1 into 4.10.0 (#358)

* Merge 4.9.1 into 4.10.0 (#358)

---------

Signed-off-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

* Merge 4.9.2 into 4.10.0 (#378)

* Fix build.gradle (#381)

* Fix build.gradle

* Fix build.gradle

* Undo changes

* Remove old compose files for integrations (#386)

* Delete integrations/docker/amazon-security-lake.yml

Signed-off-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

* Delete integrations/docker/config directory

Signed-off-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

* Update vulnerability detector index template (#383)

* Update VD index template

* Remove host.os.family

* Merge 4.9.1 into 4.10.0 (#426)

* Fix Performance Analyzer service file (#391)

* Update SECURITY.md (#411)

* Remove prompt about configuration file overwrites on package upgrade (#410)

* Make new config files install with .new prefix

* Fix errors and add .new prefix to /etc/init.d/wazuh-indexer

* Fix errors in build.sh and assemble.sh

* Revert "Fix errors in build.sh and assemble.sh"

This reverts commit 5dc3500.

* Using noreplace on config files for rpm

* Fix issues in debmake.sh

* Revert changes to Debian packages

---------

Co-authored-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

* Update SECURITY.md (#415)

Signed-off-by: Raul Del Pozo Moreno <raul.delpozo@wazuh.com>

* Add Release Notes 4.9.1-rc1 (#421)

---------

Signed-off-by: Raul Del Pozo Moreno <raul.delpozo@wazuh.com>
Co-authored-by: Fede Galland <99492720+f-galland@users.noreply.github.com>
Co-authored-by: Raul Del Pozo Moreno <raul.delpozo@wazuh.com>

* Bump version to 4.10.1 (#430)

* Support new version 4.10.2 (#441)

* Enable assembly of ARM packages (#444)

* Merge 4.10.1 into 4.10.2 (#473)

* Merge 4.10.0 into 4.10.1 (#470)

* Upgrade integrations to the last version (#447)

* Upgrade third-party integrations to latest product versions (#368)

* Upgrade third-party integrations to latest product versions

* Improve comtability matrix

* Change versions in /integrations/.env

Signed-off-by: Malena Casas <malena.casas@wazuh.com>

* Fix Splunk integrations (#362)

* Add table with the version of the integrations

* Update CHANGELOG.md

Signed-off-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

---------

Signed-off-by: Malena Casas <malena.casas@wazuh.com>
Signed-off-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>
Co-authored-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>
Co-authored-by: JuanGarriuz <juangarriuz@gmail.com>

* Merge 4.9.1 into 4.10.0 (#454)

* Prepare 4.9.1-rc2 (#436)

* Update docker/README.md (#438)

* Support new stage 4.9.1-rc3 (#443)

* Update operational--integrations_maintenance_request.md (#449)

Signed-off-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

---------

Signed-off-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

* Fix Github Actions build process dependency errors (#457)

* Switch from latest to 22.04 runner

* Remove non-existant packages from workflow provisioner

* Remove freeglut3 from provision.sh

* Update calendarTime and scan_date fields type (#458)

* Merge 4.9.1 into 4.10.0 (#469)

* Support for v4.9.1-alpha4 (#461)

* Prepare final release notes for 4.9.1

---------

Signed-off-by: Malena Casas <malena.casas@wazuh.com>
Signed-off-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>
Co-authored-by: Malena Casas <malena.casas@wazuh.com>
Co-authored-by: JuanGarriuz <juangarriuz@gmail.com>
Co-authored-by: Fede Galland <99492720+f-galland@users.noreply.github.com>
Co-authored-by: Kevin Ledesma <kevinledesmam95@gmail.com>

* Fix release date for 4.10.0 in RPM spec file

* Fix release date for 4.10.0 in RPM spec file

---------

Signed-off-by: Malena Casas <malena.casas@wazuh.com>
Signed-off-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>
Co-authored-by: Malena Casas <malena.casas@wazuh.com>
Co-authored-by: JuanGarriuz <juangarriuz@gmail.com>
Co-authored-by: Fede Galland <99492720+f-galland@users.noreply.github.com>
Co-authored-by: Kevin Ledesma <kevinledesmam95@gmail.com>

* Remove packaging_scripts folder

* Remove duplicated files

* Fix build.yml

---------

Signed-off-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>
Signed-off-by: Fede Tux <federico.galland@wazuh.com>
Signed-off-by: Federico Gustavo Galland <99492720+f-galland@users.noreply.github.com>
Signed-off-by: Raul Del Pozo Moreno <raul.delpozo@wazuh.com>
Signed-off-by: Malena Casas <malena.casas@wazuh.com>
Co-authored-by: Federico Gustavo Galland <99492720+f-galland@users.noreply.github.com>
Co-authored-by: Fede Tux <fede@fernetcave.com>
Co-authored-by: Fede Tux <federico.galland@wazuh.com>
Co-authored-by: Raul Del Pozo Moreno <raul.delpozo@wazuh.com>
Co-authored-by: Malena Casas <malena.casas@wazuh.com>
Co-authored-by: JuanGarriuz <juangarriuz@gmail.com>
Co-authored-by: Kevin Ledesma <kevinledesmam95@gmail.com>
AlexRuiz7 added a commit that referenced this pull request Nov 5, 2024
* Init wazuh-indexer (#3)

* Update CODEOWNERS

* Update README.md and SECURITY.md

* Add Wazuh configuration files

* Update README.md

Signed-off-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

* Create codeql.yml

Signed-off-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

* Update dependabot.yml

Signed-off-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

* Update SECURITY.md (#30)

Signed-off-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

* Add ECS mappings generator (#36)

* Add ECS mappings generator, documentation and files for vulnerability detector

* Add event generator script

* Update template settings

---------

Signed-off-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

* Add default query fields to vulnerability detector index (#40)

* Add ECS mappings generator, documentation and files for vulnerability detector

* Add event generator script

* Add default query fields

---------

Signed-off-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

* Create gradle_build.yml

Signed-off-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

* Update gradle_build.yml

Signed-off-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

* Add a script to configure the rollover policy (#49)

* Update ISM init script (#50)

* Fix bug with -i option (#51)

* Fix bug with -i option

* Improve error handling

* Update min_doc_count value (#52)

* Improve ISM init script (#57)

* Improve ISM init script

* Change log file path

* Update distribution files (#59)

* Update config files

* Add VERSION file

* Update documentation of the ECS tooling (#67)

* Add workflow for package generation (#65)

* Ignore artifacts folder

* Update build script

- Updated to v2.11.0 version.
- Skipped compilation of the plugins
- The artifact nameis sent to a text file, to access it easily in
GitHub Actions.

* Add GH action to build min packages

* Remove commented code

* Remove unused code

* Add docker compose environment (#66)

* Add very basic Docker environment

That will do for now

* Add latest changes

* Update Docker environment

- Remove build.md which was included by mistake.
- Improve dev.sh script.
- Update .gitignore to exclude artifacts folder.
- Create .dockerignore file.
- Replace get_version.sh script with inline command.
- Reduce image size by using alpine as base image.

---------

Signed-off-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

* Rename packages to wazuh-indexer (#69)

* Rename packages to wazuh-indexer

* Include VERSION file into packages

* Apply Wazuh version to packages names

* Improve build.sh script

Apply suggestions from ShellCheck

* Update vulnerability index mappings (#75)

* Remove 'events' ECS field

* Add 'wazuh' custom field

* Update event_generator.py for vulnerability detector

* Update `indexer-ism-init.sh` (#81)

Updates the script to upload the wazuh-template.json to the indexer.

Signed-off-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

* Add workflow to assemble packages (#85)

* Add script to assemble arm64 and x64 archives (tar)

* Cleanup

* Update config file with latest upstream changes

* Change packages maintainer information

* Fix wrong substitution of config files

* Update dockerignore to ignore git folder

* Update wazuh-indexer.rpm.spec

Remove unnecessary echo commands

* Add wazuh-indexer-performance-analyzer.service

Required to assembly RPM. The plugin does not install this file, so it needs to be added manually.

* Update assemble.sh

Successfully assemble RPM x64. Runner needed to arm64

* Update `build.yml`

* Add WIP documentation for packages' generation

* Test new approach using reusable workflows

* Fix errors

* Restructure reusable workflow

* Fix upload and download paths

* New try

- Adds a reusable workflow to return the version of Wazuh set in source code.
- Attempt to dynamically generate artifacts name to normalize them for usage between jobs.
- Adds revision as input for the workflow.
- Cleanup

* Emulate assemble to test upload of the reusable assembly workflow

* Add Caching Gradle dependencies

* Remove extra '-' in the packages names on the assembly job

* Final cleanup

* Enable RPM package assemble

Remove unused code

* Fix regex to get package name

* Fix download-artifact destination path

* Exclude unimplemented deb assembly

Extend example to run with Act

* Fix yellow cluster state (#95)

* Add template and settings to disable replicas on ISM plugin internal indices

* Fix documentation

Replaces exit 1 statements with return 1

* Fix uncommented comment line

* Update ism-init script  (#97)

* Update ism-init script to parametrize the path of the wazuh-template

---------

Signed-off-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

* Add tools to assemble DEB packages (#96)

* Add tools to assemble DEB packages

* Move wazuh-indexer-performance-analyzer.service to common

* Enable assembly of DEB packages

* Enable full set of plugins

* Actually skip tar assembly

* Add installation of dependencies for DEB assembly

* Install dependencies using sudo

* Format files

* Refactor assemble script

* Update README.md

Signed-off-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

* Build scripts and GH workflows artifacts naming fix (#112)

* Build scripts and GH workflows artifacts naming fix

* Add git to dev docker image

* Fixing jobs' inputs and outputs

* remove name input from r_assemble.yml

* Setting qualifier to 1 when not specified

* Add revision flag to scripts and workflow

* Fix copying of packages at assemble.sh

* Use suffix variable instead of architecture

* Fix suffix name in assemble.sh

* Mix solutions to comply with the package naming convention

* Remove unused code

* Use correct name for assembled package

Remove code no longer needed

* Remove outdated comments

---------

Co-authored-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

* Use short SHA as Git reference in packages naming (#100)

* Switching to short SHA commit form in package names

Signed-off-by: Fede Tux <federico.galland@wazuh.com>

* Update r_commit_sha.yml

Signed-off-by: Federico Gustavo Galland <99492720+f-galland@users.noreply.github.com>

* Update r_commit_sha.yml

Signed-off-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

---------

Signed-off-by: Fede Tux <federico.galland@wazuh.com>
Signed-off-by: Federico Gustavo Galland <99492720+f-galland@users.noreply.github.com>
Signed-off-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>
Co-authored-by: Fede Tux <fede@fernetcave.com>
Co-authored-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

* Remove unneeded files from assembled packages (#115)

* add remove files function to assemble.sh

* Remove unneeded files on assembled tar packages

* Remove duplicated function

Fix wrong variable assignment

---------

Co-authored-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

* Add missing tools and files back into Wazuh Indexer packages (#117)

* add remove files function to assemble.sh

* Remove unneeded files on assembled tar packages

* Remove duplicated function

Fix wrong variable assignment

* Adding function to package Wazuh`s tools to assemble.sh

* Make the files' versions follow the repo's VERSION file

* Fix download of Wazuh tools for packages assembly

---------

Signed-off-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>
Co-authored-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

* Remove unneeded symbolic links from assembled packages (#121)

* Update issue templates (#127)

* Fix RPM package references to /var/run (#119)

* Switch /var/run references to /run

* Remove unneeded files from assembled packages (#115)

* add remove files function to assemble.sh

* Remove unneeded files on assembled tar packages

* Remove duplicated function

Fix wrong variable assignment

---------

Co-authored-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

* Add missing tools and files back into Wazuh Indexer packages (#117)

* add remove files function to assemble.sh

* Remove unneeded files on assembled tar packages

* Remove duplicated function

Fix wrong variable assignment

* Adding function to package Wazuh`s tools to assemble.sh

* Make the files' versions follow the repo's VERSION file

* Fix download of Wazuh tools for packages assembly

---------

Signed-off-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>
Co-authored-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

* Remove unneeded symbolic links from assembled packages (#121)

* Remove reference to install_demo_configuration.sh

---------

Signed-off-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>
Co-authored-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

* Removing post-install message from wazuh-indexer.rpm.spec (#131)

* Add tests to the packages building process (#132)

Runs the workflow on pull request changes

* Get Wazuh version from VERSION file (#122)

* Add function to look for VERSION in the correct path

* Update assemble.sh

Adds wget as dependency

* Download files using curl instead of wget

* Update assemble.sh

Revert assembly with minimal plugins for testing

Signed-off-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

* Add Dockerfile and docker-compose for the package assembly stage

* Assemble packages with minimal plugin set when "test" variable is set to "true"

* Update README with assemble.sh docker image

* Fixing env variable naming convention and removing wget dependency

* Improve Docker environments

Adds environments to build packages

* Fix small typos

* More fixes

* Add documentation

* Adding -p flag to mkdir so it doesnt fail when the folder is already present

* Format files

---------

Signed-off-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>
Co-authored-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

* Removing /usr/share/lintian/overrides/wazuh-indexer from deb packages (#130)

Co-authored-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

* Add `wazuh-template.json` to packages (#116)

* Download wazuh-template.json from wazuh/wazuh repo

* Add wazuh-template.json to RPM package spec

* Setting wazuh-template.json attributes to 660

* Change wazuh-template.json attributes in debmake_install.sh

* Put template download command within a function

* Small fixes and format

* Apply correct file permissions to the wazuh-template.json

---------

Co-authored-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

* Adding Debian packaging config files from Opensearch (#118)

* Adding debian packaging config files from Opensearch

* Copy debian/ folder to the build dir for debmake to parse

* Remove redundant steps from debian/postinst

---------

Co-authored-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

* Fix Build workflow to run on push events  (#134)

* Run workflow on push

* Set build workflow inputs to required

* Normalize the use of quotes for the build workflow inputs

* Add ternary operator

* Add missing ternary operator

* Use maven for plugin download (#139)

* Fine tuning permissions on RPM spec file

* Get plugins using maven

* Rolling back changes to spec file

* Format files

---------

Co-authored-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

* Add new custom field to the vulnerability detector index (#141)

* Add new custom field to the vulnerability detector index

* Update event generator tool

* Remove base.labels ECS field from wazuh-states-vulnerabilities index mappings

* Fine tuning permissions on assembled packages (#137)

* Fine tuning permissions on RPM spec file

* Build a list of files to be packaged excluding items that need special permissions

* Fix bad permissions on directories

* Remove system directories from packaging definition

* Changing permissions on deb packages

* Skip unneeded dh_fixperms stage in debian/rules

* Clean & format

---------

Co-authored-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

* Init. Amazon Security Lake integration (#143)

* Init. Amazon Security Lake integration

Signed-off-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

* Add events generator tool for `wazuh-alerts` (#152)

* Add events generator tool for wazuh-alerts

* Fix typo in README.md

Signed-off-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

* Make timestamps timezone aware

---------

Signed-off-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>
Co-authored-by: Fede Tux <federico.galland@wazuh.com>

* Add `wazuh.manager.name` to VD mappings (#158)

* Create compatibility_request.md (#163)

Signed-off-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

* Add Python module to accomplish OCSF compliant events (#159)

* Adding Python script that receives a continuous json stream over stdin and outputs parquet to Security Lake

* Adding logstash pipeline for python script

* encode_parquet() function fixed to handle lists of dictionaries

* Correct error in encode_parquet()

* Avoid storing the block ending in the output buffer

* Add comments on handling files and streams with pyarrow for future reference

* Add s3 handling reference links

* Write parquet directly to bucket

* Added basics of map_to_ocsf() function

* Minor fixes

* Map alerts to OCSF as they are read

* Add script to convert Wazuh events to OCSF

Also adds a simple test script

* Add OCSF converter + Parquet encoder + test scripts

* Update .gitignore

* Include the contents of the alert under unmapped

* Add support for different OCSF schema versions

* Use custom ocsf module to map alerts

* Modify script to use converter class

* Code polish and fix errors

* Remove unnecessary type declaration from debug flag

* Improved parquet encoding

* Initial commit for test env's docker-compose.yml

* Remove sudo references from docker-compose.yml

* Add operational Python module to transform events to OCSF

* Create minimal Docker environment to test and develop the integration.

* Fix events-generator's Inventory starvation

* Remove files present in #147

* Cleanup

* Add FQDN hostnames to services for certificates creation

* Add S3 Ninja (Mock) (#165)

* Setup certificates in Wazuh Indexer and Logstash containers (#166)

* Add certificate generator service

* Add certificate config to docker compose file

* Use secrets for certificates

* Disable permission handling inside cert's generator entrypoint.sh

* Back to using a bind mount for certs

* Have entrypoint.sh generate certs with 1000:1000 ownership

* Correct certificate permissions and bind mounting

* Add security initialization variable to compose file

* Fix permissions on certs generator entrypoint

* Add cert generator config file

* Remove old cert generator dir

* Set indexer hostname right in pipeline file

* Roll back commented code

---------

Signed-off-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>
Co-authored-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

* Fix Logstash pipelines

* Remove unused file

* Implement OCSF severity normalize function

---------

Signed-off-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>
Co-authored-by: Fede Tux <federico.galland@wazuh.com>
Co-authored-by: Federico Gustavo Galland <99492720+f-galland@users.noreply.github.com>

* Update Gradle setup action (#182)

* Attemtp to automate package's testing

* Fix typo

* Update setup gradle action

* Remove file from another PR

* Update build.yml

Signed-off-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

---------

Signed-off-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

* Update vulnerability-states fields (#177)

* Update vulnerability-states fields

Adds wazuh.schema.version

* Update events generator

* Automate package's testing (#178)

* Attemtp to automate package's testing

* Fix typo

* Add sudo

* Split test steps and manage errors

* Add --no-pager to journalctl

* Add certs generator

* Improve error handling

* Update r_test.yml

Fix indentation

Signed-off-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

* Fix error handling

* Add testing of RPM packages

* Improve multi-os testing

* Add TEST env var

* Add braces to if conditionals

* Remove all curly braches from if conditionals

* braces again

* Install RPM package in Docker

* Remove sudo for RPM installation

* Bind artifacts/dist to RPM docker test container

* Bind artifacts/dist to RPM docker test container

* Avoid prompt during yum install

* Fix bind volume

---------

Signed-off-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

* Remove ecs.version from query.default_fields (#184)

* Upload packages to S3 (#179)

* Attemtp to automate package's testing

* Add workflow file to upload packages to S3

* Skip testing to test whether the upload works

* Fix package names

* Fix upload workflow name

* Pass secrets to the reusable workflow

* Fix indentation

* Fix indentation

* Remove test workflow from this PR

* Add boolean input to control when the package is uploaded to the S3 bucket

* [UI/UX] Improve inputs description

---------

Signed-off-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

* Add bash to Docker dev image (#185)

* Update wazuh-states-vulnerabilities index mapping (#191)

* Update wazuh-states-vulnerabilities index mapping

* Extend ECS Vulnerability fields

* Add pipeline to generate release packages (#193)

* Add script to get the version of OpenSearch

* Set revision to 0 by default.

- Reduce inputs for scripts.
- Add script to generate packages' naming convention.
- Make scripts self-aware of the OpenSearch version.

* Fix assemble

* Smoke test new pipeline to build packages

* Fix syntax errors

* Update build.yml

Signed-off-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

* Add workflow to build packages on push

* Run actionlint

* Fix jq argjson

* Fix set matrix output ?

* Try new approach using a single workflow

* Fix GITHUB_OUTPUT

* Fix baptizer invocation

* Add testing and upload to new approach

* Fix hard coded revision number on RPM assembly

* New attempt

* Skip upload unless specified

* Install plugins on RPM

* Promote new approach

Removes previous workflows to generate packages

* Fix workflow name

* Attempt to fix release package naming

* Fix build.sh invocation from workflow

* Use min package name in workflow

* Use min package name for release naming convention in workflow

* Attemtp to fix regex

* Upgrade to aws-actions/configure-aws-credentials@v4

Clean up

* Apply latest requirements

Add workflow with single matrix for QA use. Rename inputs. Add checksum input.

* Add checksum generation and upload

* Use choice as input types for system and architecture

* Invoke build single packages with upload option

* Add documentation and clean up

* Rename scripts folder to packaging_scripts

---------

Signed-off-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

* Build Docker images (#194)

* Assemble tar packages

* Add files to generate Docker images

First working version

* Fix certs path

* clean up

* Working indexer in Docker

* Add documentation to build Docker images

Simplify names of Docker build args

* Remove unused Docker dependencies

---------

Signed-off-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

* Add on.workflow_call to build_single.yml workflow (#200)

Allows invocation usin the GH API

* Add Pyhton module to implement Amazon Security Lake integration (#186)

* Migrate from #147

* Update amazon-security-lake integration

- Improved documentation.
- Python code has been moved to `wazuh-indexer/integrations/amazon-security-lake/src`.
- Development environment now uses OpenSearch 2.12.0.
- The `wazuh.integration.security.lake` container now displays logs, by watching logstash's log file.
- [**NEEDS FIX**] As a temporary solution, the `INDEXER_USERNAME` and `INDEXER_PASSWORD` values have been added as an environment variable to the `wazuh.integration.security.lake` container. These values should be set at Dockerfile level, but isn't working, probably due to permission denied on invocation of the `setup.sh` script.
- [**NEEDS FIX**] As a temporary solution, the output file of the `indexer-to-file` pipeline as been moved to `/var/log/logstash/indexer-to-file`. Previous path `/usr/share/logstash/pipeline/indexer-to-file.json` results in permission denied.
- [**NEEDS FIX**] As a temporary solution, the input.opensearch.query has been replaced with `match_all`, as the previous one does not return any data, probably to the use of time filters `gt: now-1m`.
- Standard output enable for `/usr/share/logstash/pipeline/indexer-to-file.json`.
- [**NEEDS FIX**] ECS compatibility disabled: `echo "pipeline.ecs_compatibility: disabled" >> /etc/logstash/logstash.yml` -- to be included automatically
- Python3 environment path added to the `indexer-to-integrator` pipeline.

* Disable ECS compatibility (auto)

-  Adds pipeline.ecs_compatibility: disabled at Dockerfile level.
- Removes `INDEXER_USERNAME` and `INDEXER_PASSWORD` as environment variables on the `wazuh.integration.security.lake` container.

* Add @timestamp field to sample alerts

* Fix Logstash pipelines

* Add working indexer-to-s3 pipeline

* Add working Python script up to S3 upload

* Add latest changes

* Remove duplicated line

* Replace choice with string on workflow_call (#207)

* Use AWS_REGION secret (#209)

* Add Lambda function for the Amazon Security Lake integration (#189)

* Migrate from #147

* Update amazon-security-lake integration

- Improved documentation.
- Python code has been moved to `wazuh-indexer/integrations/amazon-security-lake/src`.
- Development environment now uses OpenSearch 2.12.0.
- The `wazuh.integration.security.lake` container now displays logs, by watching logstash's log file.
- [**NEEDS FIX**] As a temporary solution, the `INDEXER_USERNAME` and `INDEXER_PASSWORD` values have been added as an environment variable to the `wazuh.integration.security.lake` container. These values should be set at Dockerfile level, but isn't working, probably due to permission denied on invocation of the `setup.sh` script.
- [**NEEDS FIX**] As a temporary solution, the output file of the `indexer-to-file` pipeline as been moved to `/var/log/logstash/indexer-to-file`. Previous path `/usr/share/logstash/pipeline/indexer-to-file.json` results in permission denied.
- [**NEEDS FIX**] As a temporary solution, the input.opensearch.query has been replaced with `match_all`, as the previous one does not return any data, probably to the use of time filters `gt: now-1m`.
- Standard output enable for `/usr/share/logstash/pipeline/indexer-to-file.json`.
- [**NEEDS FIX**] ECS compatibility disabled: `echo "pipeline.ecs_compatibility: disabled" >> /etc/logstash/logstash.yml` -- to be included automatically
- Python3 environment path added to the `indexer-to-integrator` pipeline.

* Disable ECS compatibility (auto)

-  Adds pipeline.ecs_compatibility: disabled at Dockerfile level.
- Removes `INDEXER_USERNAME` and `INDEXER_PASSWORD` as environment variables on the `wazuh.integration.security.lake` container.

* Add @timestamp field to sample alerts

* Fix Logstash pipelines

* Add working indexer-to-s3 pipeline

* Add working Python script up to S3 upload

* Add latest changes

* Remove duplicated line

* Add working environment with minimal AWS lambda function

* Mount src folder to Lambda's workdir

* Add first functional lambda function

Tested on local environment, using S3 Ninja and a Lambda container

* Working state

* Add documentation

* Improve code

* Improve code

* Clean up

* Add instructions to build a deployment package

* Make zip file lighter

* Use default name for aws_region

* Add destination bucket validation

* Add env var validation and full destination S3 path

* Add AWS_ENDPOINT environment variable

* Rename AWS_DEFAULT_REGION

* Remove unused env vars

* Remove unused file and improve documentation a bit.

* Makefile improvements

* Use dummy env variables

---------

Signed-off-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

* Bump Java version in Docker environments (#210)

* Fix access denied error during log rotation (#212)

* Save intermediate OCSF files to an S3 bucket (#218)

* Fix Parquet files format (#217)

* Fix mapping to Detection Finding OCSF class (#220)

* Map events to OCSF's Security Finding class (#221)

* Map events to OCSF's Security Finding class

* Improve models (inheritance). Add OCSF_CLASS env variable

* Move constants to the models

* Fix validation error

* Add ID input to workflows (#229)

* Added id input

* Changed name to run-name

* Add OPENSEARCH_TMPDIR variable to service and create directory in packages accordingly (#231)

* Improve workflow's run-name with tagret system and architeture (#237)

* Add documentation for the Amazon Security Lake integration (#226)

* Add documentation for the Amazon Security Lake integration

* Add images via upload

Signed-off-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

* Add files via upload

Signed-off-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

* Use jpeg

* Add files via upload

Signed-off-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

* Fix some typos

* Add CONTRIBUTING.md

* Apply improvements to the ASL docu

---------

Signed-off-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

* Rename  environment variable (#240)

* Remove maintainer-approval.yml (#241)

* Improve logging and error handling on ASL Lambda function (#242)

* Update .gitattributes (#243)

* Change . for : in debian's postinst (#245)

* Add integration with Elastic (#248)

* Add integration with Elastic

Draft

* Update Elastic integration

Draft

* Add Elastic integration folder

Draft

* Changing the kibana system user

* Add Elastic integration

Working

---------

Co-authored-by: Fede Tux <federico.galland@wazuh.com>

* Added S3 URI output to package generation upload (#249)

* Added S3 URI output

* Added ID input and S3 URI output

* Improved workflow run name

* Added name statement

* Added name statement

* Removed file

* Added ID input description

* Update build.yml

---------

Co-authored-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

* Add OpenSearch integration (#258)

* Add docker environment

* Add README

Move files to the corresponding folde

* Enable TLS in dashboards

---------

Co-authored-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

* Add Splunk integration (#257)

* Add Splunk integration

Draft

* Fix certificate errors

* Add cfssl container to generate and sign splunk certs

* Add cfssl configuration fiels

* Update Splunk integration

---------

Signed-off-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>
Co-authored-by: Fede Tux <federico.galland@wazuh.com>

* Add Manager to Elastic integration (#266)

* Init commit

[DRAFT] Adds a Compose environment

* Mount alerts as shared volume instead of file

* Update documentation and clean up files

---------

Co-authored-by: Fede Tux <federico.galland@wazuh.com>

* Add Manager to Splunk integration (#268)

* Add Manager to OpenSearch integration (#267)

* Add Manager to OpenSearch integreation

Also fixes small issues on other integrations

* Add changes to README

* Attempt nr.2 to fix #277  (#280)

* Testy test test

* Update artifact name

Skip lintian

* Update Mantainers for Debian package metadata

* Remove references to indexer-ism-init.sh and wazuh-template.json (#281)

* Remove references to indexer-ism-init.sh and wazuh-template.json

* Roll back remaining content from ISM rollover+alias feature

* Remove commented code

---------

Co-authored-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

* Bump 4.10.0 (#272)

* Merge 4.9.1 into 4.10.0 (#358)

* Merge 4.9.1 into 4.10.0 (#358)

---------

Signed-off-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

* Merge 4.9.2 into 4.10.0 (#378)

* Fix build.gradle (#381)

* Fix build.gradle

* Fix build.gradle

* Undo changes

* Remove old compose files for integrations (#386)

* Delete integrations/docker/amazon-security-lake.yml

Signed-off-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

* Delete integrations/docker/config directory

Signed-off-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

* Update vulnerability detector index template (#383)

* Update VD index template

* Remove host.os.family

* Merge 4.9.1 into 4.10.0 (#426)

* Fix Performance Analyzer service file (#391)

* Update SECURITY.md (#411)

* Remove prompt about configuration file overwrites on package upgrade (#410)

* Make new config files install with .new prefix

* Fix errors and add .new prefix to /etc/init.d/wazuh-indexer

* Fix errors in build.sh and assemble.sh

* Revert "Fix errors in build.sh and assemble.sh"

This reverts commit 5dc3500.

* Using noreplace on config files for rpm

* Fix issues in debmake.sh

* Revert changes to Debian packages

---------

Co-authored-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

* Update SECURITY.md (#415)

Signed-off-by: Raul Del Pozo Moreno <raul.delpozo@wazuh.com>

* Add Release Notes 4.9.1-rc1 (#421)

---------

Signed-off-by: Raul Del Pozo Moreno <raul.delpozo@wazuh.com>
Co-authored-by: Fede Galland <99492720+f-galland@users.noreply.github.com>
Co-authored-by: Raul Del Pozo Moreno <raul.delpozo@wazuh.com>

* Bump version to 4.10.1 (#430)

* Support new version 4.10.2 (#441)

* Enable assembly of ARM packages (#444)

* Merge 4.10.1 into 4.10.2 (#473)

* Merge 4.10.0 into 4.10.1 (#470)

* Upgrade integrations to the last version (#447)

* Upgrade third-party integrations to latest product versions (#368)

* Upgrade third-party integrations to latest product versions

* Improve comtability matrix

* Change versions in /integrations/.env

Signed-off-by: Malena Casas <malena.casas@wazuh.com>

* Fix Splunk integrations (#362)

* Add table with the version of the integrations

* Update CHANGELOG.md

Signed-off-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

---------

Signed-off-by: Malena Casas <malena.casas@wazuh.com>
Signed-off-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>
Co-authored-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>
Co-authored-by: JuanGarriuz <juangarriuz@gmail.com>

* Merge 4.9.1 into 4.10.0 (#454)

* Prepare 4.9.1-rc2 (#436)

* Update docker/README.md (#438)

* Support new stage 4.9.1-rc3 (#443)

* Update operational--integrations_maintenance_request.md (#449)

Signed-off-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

---------

Signed-off-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

* Fix Github Actions build process dependency errors (#457)

* Switch from latest to 22.04 runner

* Remove non-existant packages from workflow provisioner

* Remove freeglut3 from provision.sh

* Update calendarTime and scan_date fields type (#458)

* Merge 4.9.1 into 4.10.0 (#469)

* Support for v4.9.1-alpha4 (#461)

* Prepare final release notes for 4.9.1

---------

Signed-off-by: Malena Casas <malena.casas@wazuh.com>
Signed-off-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>
Co-authored-by: Malena Casas <malena.casas@wazuh.com>
Co-authored-by: JuanGarriuz <juangarriuz@gmail.com>
Co-authored-by: Fede Galland <99492720+f-galland@users.noreply.github.com>
Co-authored-by: Kevin Ledesma <kevinledesmam95@gmail.com>

* Fix release date for 4.10.0 in RPM spec file

* Fix release date for 4.10.0 in RPM spec file

---------

Signed-off-by: Malena Casas <malena.casas@wazuh.com>
Signed-off-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>
Co-authored-by: Malena Casas <malena.casas@wazuh.com>
Co-authored-by: JuanGarriuz <juangarriuz@gmail.com>
Co-authored-by: Fede Galland <99492720+f-galland@users.noreply.github.com>
Co-authored-by: Kevin Ledesma <kevinledesmam95@gmail.com>

* Merge 4.10.1 into 4.10.2 (#513)

* Merge 4.10.0 into 4.10.1 (#470)

* Upgrade integrations to the last version (#447)

* Upgrade third-party integrations to latest product versions (#368)

* Upgrade third-party integrations to latest product versions

* Improve comtability matrix

* Change versions in /integrations/.env

Signed-off-by: Malena Casas <malena.casas@wazuh.com>

* Fix Splunk integrations (#362)

* Add table with the version of the integrations

* Update CHANGELOG.md

Signed-off-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

---------

Signed-off-by: Malena Casas <malena.casas@wazuh.com>
Signed-off-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>
Co-authored-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>
Co-authored-by: JuanGarriuz <juangarriuz@gmail.com>

* Merge 4.9.1 into 4.10.0 (#454)

* Prepare 4.9.1-rc2 (#436)

* Update docker/README.md (#438)

* Support new stage 4.9.1-rc3 (#443)

* Update operational--integrations_maintenance_request.md (#449)

Signed-off-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

---------

Signed-off-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

* Fix Github Actions build process dependency errors (#457)

* Switch from latest to 22.04 runner

* Remove non-existant packages from workflow provisioner

* Remove freeglut3 from provision.sh

* Update calendarTime and scan_date fields type (#458)

* Merge 4.9.1 into 4.10.0 (#469)

* Support for v4.9.1-alpha4 (#461)

* Prepare final release notes for 4.9.1

---------

Signed-off-by: Malena Casas <malena.casas@wazuh.com>
Signed-off-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>
Co-authored-by: Malena Casas <malena.casas@wazuh.com>
Co-authored-by: JuanGarriuz <juangarriuz@gmail.com>
Co-authored-by: Fede Galland <99492720+f-galland@users.noreply.github.com>
Co-authored-by: Kevin Ledesma <kevinledesmam95@gmail.com>

* Fix release date for 4.10.0 in RPM spec file

Signed-off-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

* Merge 4.10.0 into 4.10.1 (#511)

* Upgrade integrations to the last version (#447)

* Upgrade third-party integrations to latest product versions (#368)

* Upgrade third-party integrations to latest product versions

* Improve comtability matrix

* Change versions in /integrations/.env

Signed-off-by: Malena Casas <malena.casas@wazuh.com>

* Fix Splunk integrations (#362)

* Add table with the version of the integrations

* Update CHANGELOG.md

Signed-off-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

---------

Signed-off-by: Malena Casas <malena.casas@wazuh.com>
Signed-off-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>
Co-authored-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>
Co-authored-by: JuanGarriuz <juangarriuz@gmail.com>

* Merge 4.9.1 into 4.10.0 (#454)

* Prepare 4.9.1-rc2 (#436)

* Update docker/README.md (#438)

* Support new stage 4.9.1-rc3 (#443)

* Update operational--integrations_maintenance_request.md (#449)

Signed-off-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

---------

Signed-off-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

* Fix Github Actions build process dependency errors (#457)

* Switch from latest to 22.04 runner

* Remove non-existant packages from workflow provisioner

* Remove freeglut3 from provision.sh

* Update calendarTime and scan_date fields type (#458)

* Merge 4.9.1 into 4.10.0 (#469)

* Support for v4.9.1-alpha4 (#461)

* Prepare final release notes for 4.9.1

* Fix release date for 4.10.0 in RPM spec file (#471)

* Preserve status of wazuh-indexer on upgrade (#498)

* Update pre and post inst scripts for deb and rpm to store and restore service status

* Update prerm script to avoid stopping the service on upgrade

* Remove extra spaces and update rpm restart command

* Merge 4.9.2 into 4.10.0 (#510)

* Support for v4.9.1-alpha4 (#461)

* Prepare final release notes for 4.9.1

* Support new version 4.9.2 (#494)

* Support new version 4.9.2

* Add estimated release date for 4.9.2

* Fix estimates release date for 4.9.2

* Fix 4.9.1 release notes title

---------

Signed-off-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

---------

Signed-off-by: Malena Casas <malena.casas@wazuh.com>
Signed-off-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>
Co-authored-by: Malena Casas <malena.casas@wazuh.com>
Co-authored-by: JuanGarriuz <juangarriuz@gmail.com>
Co-authored-by: Fede Galland <99492720+f-galland@users.noreply.github.com>
Co-authored-by: Kevin Ledesma <kevinledesmam95@gmail.com>
Signed-off-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

---------

Signed-off-by: Malena Casas <malena.casas@wazuh.com>
Signed-off-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>
Co-authored-by: Malena Casas <malena.casas@wazuh.com>
Co-authored-by: JuanGarriuz <juangarriuz@gmail.com>
Co-authored-by: Fede Galland <99492720+f-galland@users.noreply.github.com>
Co-authored-by: Kevin Ledesma <kevinledesmam95@gmail.com>

---------

Signed-off-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>
Signed-off-by: Fede Tux <federico.galland@wazuh.com>
Signed-off-by: Federico Gustavo Galland <99492720+f-galland@users.noreply.github.com>
Signed-off-by: Raul Del Pozo Moreno <raul.delpozo@wazuh.com>
Signed-off-by: Malena Casas <malena.casas@wazuh.com>
Co-authored-by: Federico Gustavo Galland <99492720+f-galland@users.noreply.github.com>
Co-authored-by: Fede Tux <fede@fernetcave.com>
Co-authored-by: Fede Tux <federico.galland@wazuh.com>
Co-authored-by: Raul Del Pozo Moreno <raul.delpozo@wazuh.com>
Co-authored-by: Malena Casas <malena.casas@wazuh.com>
Co-authored-by: JuanGarriuz <juangarriuz@gmail.com>
Co-authored-by: Kevin Ledesma <kevinledesmam95@gmail.com>
AlexRuiz7 added a commit that referenced this pull request Nov 8, 2024
* Fine tuning permissions on RPM spec file

* Build a list of files to be packaged excluding items that need special permissions

* Fix bad permissions on directories

* Remove system directories from packaging definition

* Changing permissions on deb packages

* Skip unneeded dh_fixperms stage in debian/rules

* Clean & format

---------

Co-authored-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>
AlexRuiz7 added a commit that referenced this pull request Nov 8, 2024
* Init wazuh-indexer (#3)

* Update CODEOWNERS

* Update README.md and SECURITY.md

* Add Wazuh configuration files

* Update README.md

Signed-off-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

* Create codeql.yml

Signed-off-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

* Update dependabot.yml

Signed-off-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

* Update SECURITY.md (#30)

Signed-off-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

* Add ECS mappings generator (#36)

* Add ECS mappings generator, documentation and files for vulnerability detector

* Add event generator script

* Update template settings

---------

Signed-off-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

* Add default query fields to vulnerability detector index (#40)

* Add ECS mappings generator, documentation and files for vulnerability detector

* Add event generator script

* Add default query fields

---------

Signed-off-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

* Create gradle_build.yml

Signed-off-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

* Update gradle_build.yml

Signed-off-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

* Add a script to configure the rollover policy (#49)

* Update ISM init script (#50)

* Fix bug with -i option (#51)

* Fix bug with -i option

* Improve error handling

* Update min_doc_count value (#52)

* Improve ISM init script (#57)

* Improve ISM init script

* Change log file path

* Update distribution files (#59)

* Update config files

* Add VERSION file

* Update documentation of the ECS tooling (#67)

* Add workflow for package generation (#65)

* Ignore artifacts folder

* Update build script

- Updated to v2.11.0 version.
- Skipped compilation of the plugins
- The artifact nameis sent to a text file, to access it easily in
GitHub Actions.

* Add GH action to build min packages

* Remove commented code

* Remove unused code

* Add docker compose environment (#66)

* Add very basic Docker environment

That will do for now

* Add latest changes

* Update Docker environment

- Remove build.md which was included by mistake.
- Improve dev.sh script.
- Update .gitignore to exclude artifacts folder.
- Create .dockerignore file.
- Replace get_version.sh script with inline command.
- Reduce image size by using alpine as base image.

---------

Signed-off-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

* Rename packages to wazuh-indexer (#69)

* Rename packages to wazuh-indexer

* Include VERSION file into packages

* Apply Wazuh version to packages names

* Improve build.sh script

Apply suggestions from ShellCheck

* Update vulnerability index mappings (#75)

* Remove 'events' ECS field

* Add 'wazuh' custom field

* Update event_generator.py for vulnerability detector

* Update `indexer-ism-init.sh` (#81)

Updates the script to upload the wazuh-template.json to the indexer.

Signed-off-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

* Add workflow to assemble packages (#85)

* Add script to assemble arm64 and x64 archives (tar)

* Cleanup

* Update config file with latest upstream changes

* Change packages maintainer information

* Fix wrong substitution of config files

* Update dockerignore to ignore git folder

* Update wazuh-indexer.rpm.spec

Remove unnecessary echo commands

* Add wazuh-indexer-performance-analyzer.service

Required to assembly RPM. The plugin does not install this file, so it needs to be added manually.

* Update assemble.sh

Successfully assemble RPM x64. Runner needed to arm64

* Update `build.yml`

* Add WIP documentation for packages' generation

* Test new approach using reusable workflows

* Fix errors

* Restructure reusable workflow

* Fix upload and download paths

* New try

- Adds a reusable workflow to return the version of Wazuh set in source code.
- Attempt to dynamically generate artifacts name to normalize them for usage between jobs.
- Adds revision as input for the workflow.
- Cleanup

* Emulate assemble to test upload of the reusable assembly workflow

* Add Caching Gradle dependencies

* Remove extra '-' in the packages names on the assembly job

* Final cleanup

* Enable RPM package assemble

Remove unused code

* Fix regex to get package name

* Fix download-artifact destination path

* Exclude unimplemented deb assembly

Extend example to run with Act

* Fix yellow cluster state (#95)

* Add template and settings to disable replicas on ISM plugin internal indices

* Fix documentation

Replaces exit 1 statements with return 1

* Fix uncommented comment line

* Update ism-init script  (#97)

* Update ism-init script to parametrize the path of the wazuh-template

---------

Signed-off-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

* Add tools to assemble DEB packages (#96)

* Add tools to assemble DEB packages

* Move wazuh-indexer-performance-analyzer.service to common

* Enable assembly of DEB packages

* Enable full set of plugins

* Actually skip tar assembly

* Add installation of dependencies for DEB assembly

* Install dependencies using sudo

* Format files

* Refactor assemble script

* Update README.md

Signed-off-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

* Build scripts and GH workflows artifacts naming fix (#112)

* Build scripts and GH workflows artifacts naming fix

* Add git to dev docker image

* Fixing jobs' inputs and outputs

* remove name input from r_assemble.yml

* Setting qualifier to 1 when not specified

* Add revision flag to scripts and workflow

* Fix copying of packages at assemble.sh

* Use suffix variable instead of architecture

* Fix suffix name in assemble.sh

* Mix solutions to comply with the package naming convention

* Remove unused code

* Use correct name for assembled package

Remove code no longer needed

* Remove outdated comments

---------

Co-authored-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

* Use short SHA as Git reference in packages naming (#100)

* Switching to short SHA commit form in package names

Signed-off-by: Fede Tux <federico.galland@wazuh.com>

* Update r_commit_sha.yml

Signed-off-by: Federico Gustavo Galland <99492720+f-galland@users.noreply.github.com>

* Update r_commit_sha.yml

Signed-off-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

---------

Signed-off-by: Fede Tux <federico.galland@wazuh.com>
Signed-off-by: Federico Gustavo Galland <99492720+f-galland@users.noreply.github.com>
Signed-off-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>
Co-authored-by: Fede Tux <fede@fernetcave.com>
Co-authored-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

* Remove unneeded files from assembled packages (#115)

* add remove files function to assemble.sh

* Remove unneeded files on assembled tar packages

* Remove duplicated function

Fix wrong variable assignment

---------

Co-authored-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

* Add missing tools and files back into Wazuh Indexer packages (#117)

* add remove files function to assemble.sh

* Remove unneeded files on assembled tar packages

* Remove duplicated function

Fix wrong variable assignment

* Adding function to package Wazuh`s tools to assemble.sh

* Make the files' versions follow the repo's VERSION file

* Fix download of Wazuh tools for packages assembly

---------

Signed-off-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>
Co-authored-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

* Remove unneeded symbolic links from assembled packages (#121)

* Update issue templates (#127)

* Fix RPM package references to /var/run (#119)

* Switch /var/run references to /run

* Remove unneeded files from assembled packages (#115)

* add remove files function to assemble.sh

* Remove unneeded files on assembled tar packages

* Remove duplicated function

Fix wrong variable assignment

---------

Co-authored-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

* Add missing tools and files back into Wazuh Indexer packages (#117)

* add remove files function to assemble.sh

* Remove unneeded files on assembled tar packages

* Remove duplicated function

Fix wrong variable assignment

* Adding function to package Wazuh`s tools to assemble.sh

* Make the files' versions follow the repo's VERSION file

* Fix download of Wazuh tools for packages assembly

---------

Signed-off-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>
Co-authored-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

* Remove unneeded symbolic links from assembled packages (#121)

* Remove reference to install_demo_configuration.sh

---------

Signed-off-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>
Co-authored-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

* Removing post-install message from wazuh-indexer.rpm.spec (#131)

* Add tests to the packages building process (#132)

Runs the workflow on pull request changes

* Get Wazuh version from VERSION file (#122)

* Add function to look for VERSION in the correct path

* Update assemble.sh

Adds wget as dependency

* Download files using curl instead of wget

* Update assemble.sh

Revert assembly with minimal plugins for testing

Signed-off-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

* Add Dockerfile and docker-compose for the package assembly stage

* Assemble packages with minimal plugin set when "test" variable is set to "true"

* Update README with assemble.sh docker image

* Fixing env variable naming convention and removing wget dependency

* Improve Docker environments

Adds environments to build packages

* Fix small typos

* More fixes

* Add documentation

* Adding -p flag to mkdir so it doesnt fail when the folder is already present

* Format files

---------

Signed-off-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>
Co-authored-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

* Removing /usr/share/lintian/overrides/wazuh-indexer from deb packages (#130)

Co-authored-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

* Add `wazuh-template.json` to packages (#116)

* Download wazuh-template.json from wazuh/wazuh repo

* Add wazuh-template.json to RPM package spec

* Setting wazuh-template.json attributes to 660

* Change wazuh-template.json attributes in debmake_install.sh

* Put template download command within a function

* Small fixes and format

* Apply correct file permissions to the wazuh-template.json

---------

Co-authored-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

* Adding Debian packaging config files from Opensearch (#118)

* Adding debian packaging config files from Opensearch

* Copy debian/ folder to the build dir for debmake to parse

* Remove redundant steps from debian/postinst

---------

Co-authored-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

* Fix Build workflow to run on push events  (#134)

* Run workflow on push

* Set build workflow inputs to required

* Normalize the use of quotes for the build workflow inputs

* Add ternary operator

* Add missing ternary operator

* Use maven for plugin download (#139)

* Fine tuning permissions on RPM spec file

* Get plugins using maven

* Rolling back changes to spec file

* Format files

---------

Co-authored-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

* Add new custom field to the vulnerability detector index (#141)

* Add new custom field to the vulnerability detector index

* Update event generator tool

* Remove base.labels ECS field from wazuh-states-vulnerabilities index mappings

* Fine tuning permissions on assembled packages (#137)

* Fine tuning permissions on RPM spec file

* Build a list of files to be packaged excluding items that need special permissions

* Fix bad permissions on directories

* Remove system directories from packaging definition

* Changing permissions on deb packages

* Skip unneeded dh_fixperms stage in debian/rules

* Clean & format

---------

Co-authored-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

* Init. Amazon Security Lake integration (#143)

* Init. Amazon Security Lake integration

Signed-off-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

* Add events generator tool for `wazuh-alerts` (#152)

* Add events generator tool for wazuh-alerts

* Fix typo in README.md

Signed-off-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

* Make timestamps timezone aware

---------

Signed-off-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>
Co-authored-by: Fede Tux <federico.galland@wazuh.com>

* Add `wazuh.manager.name` to VD mappings (#158)

* Create compatibility_request.md (#163)

Signed-off-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

* Add Python module to accomplish OCSF compliant events (#159)

* Adding Python script that receives a continuous json stream over stdin and outputs parquet to Security Lake

* Adding logstash pipeline for python script

* encode_parquet() function fixed to handle lists of dictionaries

* Correct error in encode_parquet()

* Avoid storing the block ending in the output buffer

* Add comments on handling files and streams with pyarrow for future reference

* Add s3 handling reference links

* Write parquet directly to bucket

* Added basics of map_to_ocsf() function

* Minor fixes

* Map alerts to OCSF as they are read

* Add script to convert Wazuh events to OCSF

Also adds a simple test script

* Add OCSF converter + Parquet encoder + test scripts

* Update .gitignore

* Include the contents of the alert under unmapped

* Add support for different OCSF schema versions

* Use custom ocsf module to map alerts

* Modify script to use converter class

* Code polish and fix errors

* Remove unnecessary type declaration from debug flag

* Improved parquet encoding

* Initial commit for test env's docker-compose.yml

* Remove sudo references from docker-compose.yml

* Add operational Python module to transform events to OCSF

* Create minimal Docker environment to test and develop the integration.

* Fix events-generator's Inventory starvation

* Remove files present in #147

* Cleanup

* Add FQDN hostnames to services for certificates creation

* Add S3 Ninja (Mock) (#165)

* Setup certificates in Wazuh Indexer and Logstash containers (#166)

* Add certificate generator service

* Add certificate config to docker compose file

* Use secrets for certificates

* Disable permission handling inside cert's generator entrypoint.sh

* Back to using a bind mount for certs

* Have entrypoint.sh generate certs with 1000:1000 ownership

* Correct certificate permissions and bind mounting

* Add security initialization variable to compose file

* Fix permissions on certs generator entrypoint

* Add cert generator config file

* Remove old cert generator dir

* Set indexer hostname right in pipeline file

* Roll back commented code

---------

Signed-off-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>
Co-authored-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

* Fix Logstash pipelines

* Remove unused file

* Implement OCSF severity normalize function

---------

Signed-off-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>
Co-authored-by: Fede Tux <federico.galland@wazuh.com>
Co-authored-by: Federico Gustavo Galland <99492720+f-galland@users.noreply.github.com>

* Update Gradle setup action (#182)

* Attemtp to automate package's testing

* Fix typo

* Update setup gradle action

* Remove file from another PR

* Update build.yml

Signed-off-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

---------

Signed-off-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

* Update vulnerability-states fields (#177)

* Update vulnerability-states fields

Adds wazuh.schema.version

* Update events generator

* Automate package's testing (#178)

* Attemtp to automate package's testing

* Fix typo

* Add sudo

* Split test steps and manage errors

* Add --no-pager to journalctl

* Add certs generator

* Improve error handling

* Update r_test.yml

Fix indentation

Signed-off-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

* Fix error handling

* Add testing of RPM packages

* Improve multi-os testing

* Add TEST env var

* Add braces to if conditionals

* Remove all curly braches from if conditionals

* braces again

* Install RPM package in Docker

* Remove sudo for RPM installation

* Bind artifacts/dist to RPM docker test container

* Bind artifacts/dist to RPM docker test container

* Avoid prompt during yum install

* Fix bind volume

---------

Signed-off-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

* Remove ecs.version from query.default_fields (#184)

* Upload packages to S3 (#179)

* Attemtp to automate package's testing

* Add workflow file to upload packages to S3

* Skip testing to test whether the upload works

* Fix package names

* Fix upload workflow name

* Pass secrets to the reusable workflow

* Fix indentation

* Fix indentation

* Remove test workflow from this PR

* Add boolean input to control when the package is uploaded to the S3 bucket

* [UI/UX] Improve inputs description

---------

Signed-off-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

* Add bash to Docker dev image (#185)

* Update wazuh-states-vulnerabilities index mapping (#191)

* Update wazuh-states-vulnerabilities index mapping

* Extend ECS Vulnerability fields

* Add pipeline to generate release packages (#193)

* Add script to get the version of OpenSearch

* Set revision to 0 by default.

- Reduce inputs for scripts.
- Add script to generate packages' naming convention.
- Make scripts self-aware of the OpenSearch version.

* Fix assemble

* Smoke test new pipeline to build packages

* Fix syntax errors

* Update build.yml

Signed-off-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

* Add workflow to build packages on push

* Run actionlint

* Fix jq argjson

* Fix set matrix output ?

* Try new approach using a single workflow

* Fix GITHUB_OUTPUT

* Fix baptizer invocation

* Add testing and upload to new approach

* Fix hard coded revision number on RPM assembly

* New attempt

* Skip upload unless specified

* Install plugins on RPM

* Promote new approach

Removes previous workflows to generate packages

* Fix workflow name

* Attempt to fix release package naming

* Fix build.sh invocation from workflow

* Use min package name in workflow

* Use min package name for release naming convention in workflow

* Attemtp to fix regex

* Upgrade to aws-actions/configure-aws-credentials@v4

Clean up

* Apply latest requirements

Add workflow with single matrix for QA use. Rename inputs. Add checksum input.

* Add checksum generation and upload

* Use choice as input types for system and architecture

* Invoke build single packages with upload option

* Add documentation and clean up

* Rename scripts folder to packaging_scripts

---------

Signed-off-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

* Build Docker images (#194)

* Assemble tar packages

* Add files to generate Docker images

First working version

* Fix certs path

* clean up

* Working indexer in Docker

* Add documentation to build Docker images

Simplify names of Docker build args

* Remove unused Docker dependencies

---------

Signed-off-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

* Add on.workflow_call to build_single.yml workflow (#200)

Allows invocation usin the GH API

* Add Pyhton module to implement Amazon Security Lake integration (#186)

* Migrate from #147

* Update amazon-security-lake integration

- Improved documentation.
- Python code has been moved to `wazuh-indexer/integrations/amazon-security-lake/src`.
- Development environment now uses OpenSearch 2.12.0.
- The `wazuh.integration.security.lake` container now displays logs, by watching logstash's log file.
- [**NEEDS FIX**] As a temporary solution, the `INDEXER_USERNAME` and `INDEXER_PASSWORD` values have been added as an environment variable to the `wazuh.integration.security.lake` container. These values should be set at Dockerfile level, but isn't working, probably due to permission denied on invocation of the `setup.sh` script.
- [**NEEDS FIX**] As a temporary solution, the output file of the `indexer-to-file` pipeline as been moved to `/var/log/logstash/indexer-to-file`. Previous path `/usr/share/logstash/pipeline/indexer-to-file.json` results in permission denied.
- [**NEEDS FIX**] As a temporary solution, the input.opensearch.query has been replaced with `match_all`, as the previous one does not return any data, probably to the use of time filters `gt: now-1m`.
- Standard output enable for `/usr/share/logstash/pipeline/indexer-to-file.json`.
- [**NEEDS FIX**] ECS compatibility disabled: `echo "pipeline.ecs_compatibility: disabled" >> /etc/logstash/logstash.yml` -- to be included automatically
- Python3 environment path added to the `indexer-to-integrator` pipeline.

* Disable ECS compatibility (auto)

-  Adds pipeline.ecs_compatibility: disabled at Dockerfile level.
- Removes `INDEXER_USERNAME` and `INDEXER_PASSWORD` as environment variables on the `wazuh.integration.security.lake` container.

* Add @timestamp field to sample alerts

* Fix Logstash pipelines

* Add working indexer-to-s3 pipeline

* Add working Python script up to S3 upload

* Add latest changes

* Remove duplicated line

* Replace choice with string on workflow_call (#207)

* Use AWS_REGION secret (#209)

* Add Lambda function for the Amazon Security Lake integration (#189)

* Migrate from #147

* Update amazon-security-lake integration

- Improved documentation.
- Python code has been moved to `wazuh-indexer/integrations/amazon-security-lake/src`.
- Development environment now uses OpenSearch 2.12.0.
- The `wazuh.integration.security.lake` container now displays logs, by watching logstash's log file.
- [**NEEDS FIX**] As a temporary solution, the `INDEXER_USERNAME` and `INDEXER_PASSWORD` values have been added as an environment variable to the `wazuh.integration.security.lake` container. These values should be set at Dockerfile level, but isn't working, probably due to permission denied on invocation of the `setup.sh` script.
- [**NEEDS FIX**] As a temporary solution, the output file of the `indexer-to-file` pipeline as been moved to `/var/log/logstash/indexer-to-file`. Previous path `/usr/share/logstash/pipeline/indexer-to-file.json` results in permission denied.
- [**NEEDS FIX**] As a temporary solution, the input.opensearch.query has been replaced with `match_all`, as the previous one does not return any data, probably to the use of time filters `gt: now-1m`.
- Standard output enable for `/usr/share/logstash/pipeline/indexer-to-file.json`.
- [**NEEDS FIX**] ECS compatibility disabled: `echo "pipeline.ecs_compatibility: disabled" >> /etc/logstash/logstash.yml` -- to be included automatically
- Python3 environment path added to the `indexer-to-integrator` pipeline.

* Disable ECS compatibility (auto)

-  Adds pipeline.ecs_compatibility: disabled at Dockerfile level.
- Removes `INDEXER_USERNAME` and `INDEXER_PASSWORD` as environment variables on the `wazuh.integration.security.lake` container.

* Add @timestamp field to sample alerts

* Fix Logstash pipelines

* Add working indexer-to-s3 pipeline

* Add working Python script up to S3 upload

* Add latest changes

* Remove duplicated line

* Add working environment with minimal AWS lambda function

* Mount src folder to Lambda's workdir

* Add first functional lambda function

Tested on local environment, using S3 Ninja and a Lambda container

* Working state

* Add documentation

* Improve code

* Improve code

* Clean up

* Add instructions to build a deployment package

* Make zip file lighter

* Use default name for aws_region

* Add destination bucket validation

* Add env var validation and full destination S3 path

* Add AWS_ENDPOINT environment variable

* Rename AWS_DEFAULT_REGION

* Remove unused env vars

* Remove unused file and improve documentation a bit.

* Makefile improvements

* Use dummy env variables

---------

Signed-off-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

* Bump Java version in Docker environments (#210)

* Fix access denied error during log rotation (#212)

* Save intermediate OCSF files to an S3 bucket (#218)

* Fix Parquet files format (#217)

* Fix mapping to Detection Finding OCSF class (#220)

* Map events to OCSF's Security Finding class (#221)

* Map events to OCSF's Security Finding class

* Improve models (inheritance). Add OCSF_CLASS env variable

* Move constants to the models

* Fix validation error

* Add ID input to workflows (#229)

* Added id input

* Changed name to run-name

* Add OPENSEARCH_TMPDIR variable to service and create directory in packages accordingly (#231)

* Improve workflow's run-name with tagret system and architeture (#237)

* Add documentation for the Amazon Security Lake integration (#226)

* Add documentation for the Amazon Security Lake integration

* Add images via upload

Signed-off-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

* Add files via upload

Signed-off-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

* Use jpeg

* Add files via upload

Signed-off-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

* Fix some typos

* Add CONTRIBUTING.md

* Apply improvements to the ASL docu

---------

Signed-off-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

* Rename  environment variable (#240)

* Remove maintainer-approval.yml (#241)

* Improve logging and error handling on ASL Lambda function (#242)

* Update .gitattributes (#243)

* Change . for : in debian's postinst (#245)

* Add integration with Elastic (#248)

* Add integration with Elastic

Draft

* Update Elastic integration

Draft

* Add Elastic integration folder

Draft

* Changing the kibana system user

* Add Elastic integration

Working

---------

Co-authored-by: Fede Tux <federico.galland@wazuh.com>

* Added S3 URI output to package generation upload (#249)

* Added S3 URI output

* Added ID input and S3 URI output

* Improved workflow run name

* Added name statement

* Added name statement

* Removed file

* Added ID input description

* Update build.yml

---------

Co-authored-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

* Add OpenSearch integration (#258)

* Add docker environment

* Add README

Move files to the corresponding folde

* Enable TLS in dashboards

---------

Co-authored-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

* Add Splunk integration (#257)

* Add Splunk integration

Draft

* Fix certificate errors

* Add cfssl container to generate and sign splunk certs

* Add cfssl configuration fiels

* Update Splunk integration

---------

Signed-off-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>
Co-authored-by: Fede Tux <federico.galland@wazuh.com>

* Add Manager to Elastic integration (#266)

* Init commit

[DRAFT] Adds a Compose environment

* Mount alerts as shared volume instead of file

* Update documentation and clean up files

---------

Co-authored-by: Fede Tux <federico.galland@wazuh.com>

* Add Manager to Splunk integration (#268)

* Add Manager to OpenSearch integration (#267)

* Add Manager to OpenSearch integreation

Also fixes small issues on other integrations

* Add changes to README

* Attempt nr.2 to fix #277  (#280)

* Testy test test

* Update artifact name

Skip lintian

* Update Mantainers for Debian package metadata

* Remove references to indexer-ism-init.sh and wazuh-template.json (#281)

* Remove references to indexer-ism-init.sh and wazuh-template.json

* Roll back remaining content from ISM rollover+alias feature

* Remove commented code

---------

Co-authored-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

* Bump 4.10.0 (#272)

* Merge 4.9.1 into 4.10.0 (#358)

* Merge 4.9.1 into 4.10.0 (#358)

---------

Signed-off-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

* Merge 4.9.2 into 4.10.0 (#378)

* Fix build.gradle (#381)

* Fix build.gradle

* Fix build.gradle

* Undo changes

* Remove old compose files for integrations (#386)

* Delete integrations/docker/amazon-security-lake.yml

Signed-off-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

* Delete integrations/docker/config directory

Signed-off-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

* Update vulnerability detector index template (#383)

* Update VD index template

* Remove host.os.family

* Merge 4.9.1 into 4.10.0 (#426)

* Fix Performance Analyzer service file (#391)

* Update SECURITY.md (#411)

* Remove prompt about configuration file overwrites on package upgrade (#410)

* Make new config files install with .new prefix

* Fix errors and add .new prefix to /etc/init.d/wazuh-indexer

* Fix errors in build.sh and assemble.sh

* Revert "Fix errors in build.sh and assemble.sh"

This reverts commit 5dc3500.

* Using noreplace on config files for rpm

* Fix issues in debmake.sh

* Revert changes to Debian packages

---------

Co-authored-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

* Update SECURITY.md (#415)

Signed-off-by: Raul Del Pozo Moreno <raul.delpozo@wazuh.com>

* Add Release Notes 4.9.1-rc1 (#421)

---------

Signed-off-by: Raul Del Pozo Moreno <raul.delpozo@wazuh.com>
Co-authored-by: Fede Galland <99492720+f-galland@users.noreply.github.com>
Co-authored-by: Raul Del Pozo Moreno <raul.delpozo@wazuh.com>

* Bump version to 4.10.1 (#430)

* Support new version 4.10.2 (#441)

* Enable assembly of ARM packages (#444)

* Merge 4.10.1 into 4.10.2 (#473)

* Merge 4.10.0 into 4.10.1 (#470)

* Upgrade integrations to the last version (#447)

* Upgrade third-party integrations to latest product versions (#368)

* Upgrade third-party integrations to latest product versions

* Improve comtability matrix

* Change versions in /integrations/.env

Signed-off-by: Malena Casas <malena.casas@wazuh.com>

* Fix Splunk integrations (#362)

* Add table with the version of the integrations

* Update CHANGELOG.md

Signed-off-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

---------

Signed-off-by: Malena Casas <malena.casas@wazuh.com>
Signed-off-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>
Co-authored-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>
Co-authored-by: JuanGarriuz <juangarriuz@gmail.com>

* Merge 4.9.1 into 4.10.0 (#454)

* Prepare 4.9.1-rc2 (#436)

* Update docker/README.md (#438)

* Support new stage 4.9.1-rc3 (#443)

* Update operational--integrations_maintenance_request.md (#449)

Signed-off-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

---------

Signed-off-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

* Fix Github Actions build process dependency errors (#457)

* Switch from latest to 22.04 runner

* Remove non-existant packages from workflow provisioner

* Remove freeglut3 from provision.sh

* Update calendarTime and scan_date fields type (#458)

* Merge 4.9.1 into 4.10.0 (#469)

* Support for v4.9.1-alpha4 (#461)

* Prepare final release notes for 4.9.1

---------

Signed-off-by: Malena Casas <malena.casas@wazuh.com>
Signed-off-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>
Co-authored-by: Malena Casas <malena.casas@wazuh.com>
Co-authored-by: JuanGarriuz <juangarriuz@gmail.com>
Co-authored-by: Fede Galland <99492720+f-galland@users.noreply.github.com>
Co-authored-by: Kevin Ledesma <kevinledesmam95@gmail.com>

* Fix release date for 4.10.0 in RPM spec file

* Fix release date for 4.10.0 in RPM spec file

---------

Signed-off-by: Malena Casas <malena.casas@wazuh.com>
Signed-off-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>
Co-authored-by: Malena Casas <malena.casas@wazuh.com>
Co-authored-by: JuanGarriuz <juangarriuz@gmail.com>
Co-authored-by: Fede Galland <99492720+f-galland@users.noreply.github.com>
Co-authored-by: Kevin Ledesma <kevinledesmam95@gmail.com>

* Remove packaging_scripts folder

* Remove duplicated files

* Fix build.yml

---------

Signed-off-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>
Signed-off-by: Fede Tux <federico.galland@wazuh.com>
Signed-off-by: Federico Gustavo Galland <99492720+f-galland@users.noreply.github.com>
Signed-off-by: Raul Del Pozo Moreno <raul.delpozo@wazuh.com>
Signed-off-by: Malena Casas <malena.casas@wazuh.com>
Co-authored-by: Federico Gustavo Galland <99492720+f-galland@users.noreply.github.com>
Co-authored-by: Fede Tux <fede@fernetcave.com>
Co-authored-by: Fede Tux <federico.galland@wazuh.com>
Co-authored-by: Raul Del Pozo Moreno <raul.delpozo@wazuh.com>
Co-authored-by: Malena Casas <malena.casas@wazuh.com>
Co-authored-by: JuanGarriuz <juangarriuz@gmail.com>
Co-authored-by: Kevin Ledesma <kevinledesmam95@gmail.com>
AlexRuiz7 added a commit that referenced this pull request Nov 8, 2024
* Init wazuh-indexer (#3)

* Update CODEOWNERS

* Update README.md and SECURITY.md

* Add Wazuh configuration files

* Update README.md

Signed-off-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

* Create codeql.yml

Signed-off-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

* Update dependabot.yml

Signed-off-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

* Update SECURITY.md (#30)

Signed-off-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

* Add ECS mappings generator (#36)

* Add ECS mappings generator, documentation and files for vulnerability detector

* Add event generator script

* Update template settings

---------

Signed-off-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

* Add default query fields to vulnerability detector index (#40)

* Add ECS mappings generator, documentation and files for vulnerability detector

* Add event generator script

* Add default query fields

---------

Signed-off-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

* Create gradle_build.yml

Signed-off-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

* Update gradle_build.yml

Signed-off-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

* Add a script to configure the rollover policy (#49)

* Update ISM init script (#50)

* Fix bug with -i option (#51)

* Fix bug with -i option

* Improve error handling

* Update min_doc_count value (#52)

* Improve ISM init script (#57)

* Improve ISM init script

* Change log file path

* Update distribution files (#59)

* Update config files

* Add VERSION file

* Update documentation of the ECS tooling (#67)

* Add workflow for package generation (#65)

* Ignore artifacts folder

* Update build script

- Updated to v2.11.0 version.
- Skipped compilation of the plugins
- The artifact nameis sent to a text file, to access it easily in
GitHub Actions.

* Add GH action to build min packages

* Remove commented code

* Remove unused code

* Add docker compose environment (#66)

* Add very basic Docker environment

That will do for now

* Add latest changes

* Update Docker environment

- Remove build.md which was included by mistake.
- Improve dev.sh script.
- Update .gitignore to exclude artifacts folder.
- Create .dockerignore file.
- Replace get_version.sh script with inline command.
- Reduce image size by using alpine as base image.

---------

Signed-off-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

* Rename packages to wazuh-indexer (#69)

* Rename packages to wazuh-indexer

* Include VERSION file into packages

* Apply Wazuh version to packages names

* Improve build.sh script

Apply suggestions from ShellCheck

* Update vulnerability index mappings (#75)

* Remove 'events' ECS field

* Add 'wazuh' custom field

* Update event_generator.py for vulnerability detector

* Update `indexer-ism-init.sh` (#81)

Updates the script to upload the wazuh-template.json to the indexer.

Signed-off-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

* Add workflow to assemble packages (#85)

* Add script to assemble arm64 and x64 archives (tar)

* Cleanup

* Update config file with latest upstream changes

* Change packages maintainer information

* Fix wrong substitution of config files

* Update dockerignore to ignore git folder

* Update wazuh-indexer.rpm.spec

Remove unnecessary echo commands

* Add wazuh-indexer-performance-analyzer.service

Required to assembly RPM. The plugin does not install this file, so it needs to be added manually.

* Update assemble.sh

Successfully assemble RPM x64. Runner needed to arm64

* Update `build.yml`

* Add WIP documentation for packages' generation

* Test new approach using reusable workflows

* Fix errors

* Restructure reusable workflow

* Fix upload and download paths

* New try

- Adds a reusable workflow to return the version of Wazuh set in source code.
- Attempt to dynamically generate artifacts name to normalize them for usage between jobs.
- Adds revision as input for the workflow.
- Cleanup

* Emulate assemble to test upload of the reusable assembly workflow

* Add Caching Gradle dependencies

* Remove extra '-' in the packages names on the assembly job

* Final cleanup

* Enable RPM package assemble

Remove unused code

* Fix regex to get package name

* Fix download-artifact destination path

* Exclude unimplemented deb assembly

Extend example to run with Act

* Fix yellow cluster state (#95)

* Add template and settings to disable replicas on ISM plugin internal indices

* Fix documentation

Replaces exit 1 statements with return 1

* Fix uncommented comment line

* Update ism-init script  (#97)

* Update ism-init script to parametrize the path of the wazuh-template

---------

Signed-off-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

* Add tools to assemble DEB packages (#96)

* Add tools to assemble DEB packages

* Move wazuh-indexer-performance-analyzer.service to common

* Enable assembly of DEB packages

* Enable full set of plugins

* Actually skip tar assembly

* Add installation of dependencies for DEB assembly

* Install dependencies using sudo

* Format files

* Refactor assemble script

* Update README.md

Signed-off-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

* Build scripts and GH workflows artifacts naming fix (#112)

* Build scripts and GH workflows artifacts naming fix

* Add git to dev docker image

* Fixing jobs' inputs and outputs

* remove name input from r_assemble.yml

* Setting qualifier to 1 when not specified

* Add revision flag to scripts and workflow

* Fix copying of packages at assemble.sh

* Use suffix variable instead of architecture

* Fix suffix name in assemble.sh

* Mix solutions to comply with the package naming convention

* Remove unused code

* Use correct name for assembled package

Remove code no longer needed

* Remove outdated comments

---------

Co-authored-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

* Use short SHA as Git reference in packages naming (#100)

* Switching to short SHA commit form in package names

Signed-off-by: Fede Tux <federico.galland@wazuh.com>

* Update r_commit_sha.yml

Signed-off-by: Federico Gustavo Galland <99492720+f-galland@users.noreply.github.com>

* Update r_commit_sha.yml

Signed-off-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

---------

Signed-off-by: Fede Tux <federico.galland@wazuh.com>
Signed-off-by: Federico Gustavo Galland <99492720+f-galland@users.noreply.github.com>
Signed-off-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>
Co-authored-by: Fede Tux <fede@fernetcave.com>
Co-authored-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

* Remove unneeded files from assembled packages (#115)

* add remove files function to assemble.sh

* Remove unneeded files on assembled tar packages

* Remove duplicated function

Fix wrong variable assignment

---------

Co-authored-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

* Add missing tools and files back into Wazuh Indexer packages (#117)

* add remove files function to assemble.sh

* Remove unneeded files on assembled tar packages

* Remove duplicated function

Fix wrong variable assignment

* Adding function to package Wazuh`s tools to assemble.sh

* Make the files' versions follow the repo's VERSION file

* Fix download of Wazuh tools for packages assembly

---------

Signed-off-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>
Co-authored-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

* Remove unneeded symbolic links from assembled packages (#121)

* Update issue templates (#127)

* Fix RPM package references to /var/run (#119)

* Switch /var/run references to /run

* Remove unneeded files from assembled packages (#115)

* add remove files function to assemble.sh

* Remove unneeded files on assembled tar packages

* Remove duplicated function

Fix wrong variable assignment

---------

Co-authored-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

* Add missing tools and files back into Wazuh Indexer packages (#117)

* add remove files function to assemble.sh

* Remove unneeded files on assembled tar packages

* Remove duplicated function

Fix wrong variable assignment

* Adding function to package Wazuh`s tools to assemble.sh

* Make the files' versions follow the repo's VERSION file

* Fix download of Wazuh tools for packages assembly

---------

Signed-off-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>
Co-authored-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

* Remove unneeded symbolic links from assembled packages (#121)

* Remove reference to install_demo_configuration.sh

---------

Signed-off-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>
Co-authored-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

* Removing post-install message from wazuh-indexer.rpm.spec (#131)

* Add tests to the packages building process (#132)

Runs the workflow on pull request changes

* Get Wazuh version from VERSION file (#122)

* Add function to look for VERSION in the correct path

* Update assemble.sh

Adds wget as dependency

* Download files using curl instead of wget

* Update assemble.sh

Revert assembly with minimal plugins for testing

Signed-off-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

* Add Dockerfile and docker-compose for the package assembly stage

* Assemble packages with minimal plugin set when "test" variable is set to "true"

* Update README with assemble.sh docker image

* Fixing env variable naming convention and removing wget dependency

* Improve Docker environments

Adds environments to build packages

* Fix small typos

* More fixes

* Add documentation

* Adding -p flag to mkdir so it doesnt fail when the folder is already present

* Format files

---------

Signed-off-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>
Co-authored-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

* Removing /usr/share/lintian/overrides/wazuh-indexer from deb packages (#130)

Co-authored-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

* Add `wazuh-template.json` to packages (#116)

* Download wazuh-template.json from wazuh/wazuh repo

* Add wazuh-template.json to RPM package spec

* Setting wazuh-template.json attributes to 660

* Change wazuh-template.json attributes in debmake_install.sh

* Put template download command within a function

* Small fixes and format

* Apply correct file permissions to the wazuh-template.json

---------

Co-authored-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

* Adding Debian packaging config files from Opensearch (#118)

* Adding debian packaging config files from Opensearch

* Copy debian/ folder to the build dir for debmake to parse

* Remove redundant steps from debian/postinst

---------

Co-authored-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

* Fix Build workflow to run on push events  (#134)

* Run workflow on push

* Set build workflow inputs to required

* Normalize the use of quotes for the build workflow inputs

* Add ternary operator

* Add missing ternary operator

* Use maven for plugin download (#139)

* Fine tuning permissions on RPM spec file

* Get plugins using maven

* Rolling back changes to spec file

* Format files

---------

Co-authored-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

* Add new custom field to the vulnerability detector index (#141)

* Add new custom field to the vulnerability detector index

* Update event generator tool

* Remove base.labels ECS field from wazuh-states-vulnerabilities index mappings

* Fine tuning permissions on assembled packages (#137)

* Fine tuning permissions on RPM spec file

* Build a list of files to be packaged excluding items that need special permissions

* Fix bad permissions on directories

* Remove system directories from packaging definition

* Changing permissions on deb packages

* Skip unneeded dh_fixperms stage in debian/rules

* Clean & format

---------

Co-authored-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

* Init. Amazon Security Lake integration (#143)

* Init. Amazon Security Lake integration

Signed-off-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

* Add events generator tool for `wazuh-alerts` (#152)

* Add events generator tool for wazuh-alerts

* Fix typo in README.md

Signed-off-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

* Make timestamps timezone aware

---------

Signed-off-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>
Co-authored-by: Fede Tux <federico.galland@wazuh.com>

* Add `wazuh.manager.name` to VD mappings (#158)

* Create compatibility_request.md (#163)

Signed-off-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

* Add Python module to accomplish OCSF compliant events (#159)

* Adding Python script that receives a continuous json stream over stdin and outputs parquet to Security Lake

* Adding logstash pipeline for python script

* encode_parquet() function fixed to handle lists of dictionaries

* Correct error in encode_parquet()

* Avoid storing the block ending in the output buffer

* Add comments on handling files and streams with pyarrow for future reference

* Add s3 handling reference links

* Write parquet directly to bucket

* Added basics of map_to_ocsf() function

* Minor fixes

* Map alerts to OCSF as they are read

* Add script to convert Wazuh events to OCSF

Also adds a simple test script

* Add OCSF converter + Parquet encoder + test scripts

* Update .gitignore

* Include the contents of the alert under unmapped

* Add support for different OCSF schema versions

* Use custom ocsf module to map alerts

* Modify script to use converter class

* Code polish and fix errors

* Remove unnecessary type declaration from debug flag

* Improved parquet encoding

* Initial commit for test env's docker-compose.yml

* Remove sudo references from docker-compose.yml

* Add operational Python module to transform events to OCSF

* Create minimal Docker environment to test and develop the integration.

* Fix events-generator's Inventory starvation

* Remove files present in #147

* Cleanup

* Add FQDN hostnames to services for certificates creation

* Add S3 Ninja (Mock) (#165)

* Setup certificates in Wazuh Indexer and Logstash containers (#166)

* Add certificate generator service

* Add certificate config to docker compose file

* Use secrets for certificates

* Disable permission handling inside cert's generator entrypoint.sh

* Back to using a bind mount for certs

* Have entrypoint.sh generate certs with 1000:1000 ownership

* Correct certificate permissions and bind mounting

* Add security initialization variable to compose file

* Fix permissions on certs generator entrypoint

* Add cert generator config file

* Remove old cert generator dir

* Set indexer hostname right in pipeline file

* Roll back commented code

---------

Signed-off-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>
Co-authored-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

* Fix Logstash pipelines

* Remove unused file

* Implement OCSF severity normalize function

---------

Signed-off-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>
Co-authored-by: Fede Tux <federico.galland@wazuh.com>
Co-authored-by: Federico Gustavo Galland <99492720+f-galland@users.noreply.github.com>

* Update Gradle setup action (#182)

* Attemtp to automate package's testing

* Fix typo

* Update setup gradle action

* Remove file from another PR

* Update build.yml

Signed-off-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

---------

Signed-off-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

* Update vulnerability-states fields (#177)

* Update vulnerability-states fields

Adds wazuh.schema.version

* Update events generator

* Automate package's testing (#178)

* Attemtp to automate package's testing

* Fix typo

* Add sudo

* Split test steps and manage errors

* Add --no-pager to journalctl

* Add certs generator

* Improve error handling

* Update r_test.yml

Fix indentation

Signed-off-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

* Fix error handling

* Add testing of RPM packages

* Improve multi-os testing

* Add TEST env var

* Add braces to if conditionals

* Remove all curly braches from if conditionals

* braces again

* Install RPM package in Docker

* Remove sudo for RPM installation

* Bind artifacts/dist to RPM docker test container

* Bind artifacts/dist to RPM docker test container

* Avoid prompt during yum install

* Fix bind volume

---------

Signed-off-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

* Remove ecs.version from query.default_fields (#184)

* Upload packages to S3 (#179)

* Attemtp to automate package's testing

* Add workflow file to upload packages to S3

* Skip testing to test whether the upload works

* Fix package names

* Fix upload workflow name

* Pass secrets to the reusable workflow

* Fix indentation

* Fix indentation

* Remove test workflow from this PR

* Add boolean input to control when the package is uploaded to the S3 bucket

* [UI/UX] Improve inputs description

---------

Signed-off-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

* Add bash to Docker dev image (#185)

* Update wazuh-states-vulnerabilities index mapping (#191)

* Update wazuh-states-vulnerabilities index mapping

* Extend ECS Vulnerability fields

* Add pipeline to generate release packages (#193)

* Add script to get the version of OpenSearch

* Set revision to 0 by default.

- Reduce inputs for scripts.
- Add script to generate packages' naming convention.
- Make scripts self-aware of the OpenSearch version.

* Fix assemble

* Smoke test new pipeline to build packages

* Fix syntax errors

* Update build.yml

Signed-off-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

* Add workflow to build packages on push

* Run actionlint

* Fix jq argjson

* Fix set matrix output ?

* Try new approach using a single workflow

* Fix GITHUB_OUTPUT

* Fix baptizer invocation

* Add testing and upload to new approach

* Fix hard coded revision number on RPM assembly

* New attempt

* Skip upload unless specified

* Install plugins on RPM

* Promote new approach

Removes previous workflows to generate packages

* Fix workflow name

* Attempt to fix release package naming

* Fix build.sh invocation from workflow

* Use min package name in workflow

* Use min package name for release naming convention in workflow

* Attemtp to fix regex

* Upgrade to aws-actions/configure-aws-credentials@v4

Clean up

* Apply latest requirements

Add workflow with single matrix for QA use. Rename inputs. Add checksum input.

* Add checksum generation and upload

* Use choice as input types for system and architecture

* Invoke build single packages with upload option

* Add documentation and clean up

* Rename scripts folder to packaging_scripts

---------

Signed-off-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

* Build Docker images (#194)

* Assemble tar packages

* Add files to generate Docker images

First working version

* Fix certs path

* clean up

* Working indexer in Docker

* Add documentation to build Docker images

Simplify names of Docker build args

* Remove unused Docker dependencies

---------

Signed-off-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

* Add on.workflow_call to build_single.yml workflow (#200)

Allows invocation usin the GH API

* Add Pyhton module to implement Amazon Security Lake integration (#186)

* Migrate from #147

* Update amazon-security-lake integration

- Improved documentation.
- Python code has been moved to `wazuh-indexer/integrations/amazon-security-lake/src`.
- Development environment now uses OpenSearch 2.12.0.
- The `wazuh.integration.security.lake` container now displays logs, by watching logstash's log file.
- [**NEEDS FIX**] As a temporary solution, the `INDEXER_USERNAME` and `INDEXER_PASSWORD` values have been added as an environment variable to the `wazuh.integration.security.lake` container. These values should be set at Dockerfile level, but isn't working, probably due to permission denied on invocation of the `setup.sh` script.
- [**NEEDS FIX**] As a temporary solution, the output file of the `indexer-to-file` pipeline as been moved to `/var/log/logstash/indexer-to-file`. Previous path `/usr/share/logstash/pipeline/indexer-to-file.json` results in permission denied.
- [**NEEDS FIX**] As a temporary solution, the input.opensearch.query has been replaced with `match_all`, as the previous one does not return any data, probably to the use of time filters `gt: now-1m`.
- Standard output enable for `/usr/share/logstash/pipeline/indexer-to-file.json`.
- [**NEEDS FIX**] ECS compatibility disabled: `echo "pipeline.ecs_compatibility: disabled" >> /etc/logstash/logstash.yml` -- to be included automatically
- Python3 environment path added to the `indexer-to-integrator` pipeline.

* Disable ECS compatibility (auto)

-  Adds pipeline.ecs_compatibility: disabled at Dockerfile level.
- Removes `INDEXER_USERNAME` and `INDEXER_PASSWORD` as environment variables on the `wazuh.integration.security.lake` container.

* Add @timestamp field to sample alerts

* Fix Logstash pipelines

* Add working indexer-to-s3 pipeline

* Add working Python script up to S3 upload

* Add latest changes

* Remove duplicated line

* Replace choice with string on workflow_call (#207)

* Use AWS_REGION secret (#209)

* Add Lambda function for the Amazon Security Lake integration (#189)

* Migrate from #147

* Update amazon-security-lake integration

- Improved documentation.
- Python code has been moved to `wazuh-indexer/integrations/amazon-security-lake/src`.
- Development environment now uses OpenSearch 2.12.0.
- The `wazuh.integration.security.lake` container now displays logs, by watching logstash's log file.
- [**NEEDS FIX**] As a temporary solution, the `INDEXER_USERNAME` and `INDEXER_PASSWORD` values have been added as an environment variable to the `wazuh.integration.security.lake` container. These values should be set at Dockerfile level, but isn't working, probably due to permission denied on invocation of the `setup.sh` script.
- [**NEEDS FIX**] As a temporary solution, the output file of the `indexer-to-file` pipeline as been moved to `/var/log/logstash/indexer-to-file`. Previous path `/usr/share/logstash/pipeline/indexer-to-file.json` results in permission denied.
- [**NEEDS FIX**] As a temporary solution, the input.opensearch.query has been replaced with `match_all`, as the previous one does not return any data, probably to the use of time filters `gt: now-1m`.
- Standard output enable for `/usr/share/logstash/pipeline/indexer-to-file.json`.
- [**NEEDS FIX**] ECS compatibility disabled: `echo "pipeline.ecs_compatibility: disabled" >> /etc/logstash/logstash.yml` -- to be included automatically
- Python3 environment path added to the `indexer-to-integrator` pipeline.

* Disable ECS compatibility (auto)

-  Adds pipeline.ecs_compatibility: disabled at Dockerfile level.
- Removes `INDEXER_USERNAME` and `INDEXER_PASSWORD` as environment variables on the `wazuh.integration.security.lake` container.

* Add @timestamp field to sample alerts

* Fix Logstash pipelines

* Add working indexer-to-s3 pipeline

* Add working Python script up to S3 upload

* Add latest changes

* Remove duplicated line

* Add working environment with minimal AWS lambda function

* Mount src folder to Lambda's workdir

* Add first functional lambda function

Tested on local environment, using S3 Ninja and a Lambda container

* Working state

* Add documentation

* Improve code

* Improve code

* Clean up

* Add instructions to build a deployment package

* Make zip file lighter

* Use default name for aws_region

* Add destination bucket validation

* Add env var validation and full destination S3 path

* Add AWS_ENDPOINT environment variable

* Rename AWS_DEFAULT_REGION

* Remove unused env vars

* Remove unused file and improve documentation a bit.

* Makefile improvements

* Use dummy env variables

---------

Signed-off-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

* Bump Java version in Docker environments (#210)

* Fix access denied error during log rotation (#212)

* Save intermediate OCSF files to an S3 bucket (#218)

* Fix Parquet files format (#217)

* Fix mapping to Detection Finding OCSF class (#220)

* Map events to OCSF's Security Finding class (#221)

* Map events to OCSF's Security Finding class

* Improve models (inheritance). Add OCSF_CLASS env variable

* Move constants to the models

* Fix validation error

* Add ID input to workflows (#229)

* Added id input

* Changed name to run-name

* Add OPENSEARCH_TMPDIR variable to service and create directory in packages accordingly (#231)

* Improve workflow's run-name with tagret system and architeture (#237)

* Add documentation for the Amazon Security Lake integration (#226)

* Add documentation for the Amazon Security Lake integration

* Add images via upload

Signed-off-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

* Add files via upload

Signed-off-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

* Use jpeg

* Add files via upload

Signed-off-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

* Fix some typos

* Add CONTRIBUTING.md

* Apply improvements to the ASL docu

---------

Signed-off-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

* Rename  environment variable (#240)

* Remove maintainer-approval.yml (#241)

* Improve logging and error handling on ASL Lambda function (#242)

* Update .gitattributes (#243)

* Change . for : in debian's postinst (#245)

* Add integration with Elastic (#248)

* Add integration with Elastic

Draft

* Update Elastic integration

Draft

* Add Elastic integration folder

Draft

* Changing the kibana system user

* Add Elastic integration

Working

---------

Co-authored-by: Fede Tux <federico.galland@wazuh.com>

* Added S3 URI output to package generation upload (#249)

* Added S3 URI output

* Added ID input and S3 URI output

* Improved workflow run name

* Added name statement

* Added name statement

* Removed file

* Added ID input description

* Update build.yml

---------

Co-authored-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

* Add OpenSearch integration (#258)

* Add docker environment

* Add README

Move files to the corresponding folde

* Enable TLS in dashboards

---------

Co-authored-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

* Add Splunk integration (#257)

* Add Splunk integration

Draft

* Fix certificate errors

* Add cfssl container to generate and sign splunk certs

* Add cfssl configuration fiels

* Update Splunk integration

---------

Signed-off-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>
Co-authored-by: Fede Tux <federico.galland@wazuh.com>

* Add Manager to Elastic integration (#266)

* Init commit

[DRAFT] Adds a Compose environment

* Mount alerts as shared volume instead of file

* Update documentation and clean up files

---------

Co-authored-by: Fede Tux <federico.galland@wazuh.com>

* Add Manager to Splunk integration (#268)

* Add Manager to OpenSearch integration (#267)

* Add Manager to OpenSearch integreation

Also fixes small issues on other integrations

* Add changes to README

* Attempt nr.2 to fix #277  (#280)

* Testy test test

* Update artifact name

Skip lintian

* Update Mantainers for Debian package metadata

* Remove references to indexer-ism-init.sh and wazuh-template.json (#281)

* Remove references to indexer-ism-init.sh and wazuh-template.json

* Roll back remaining content from ISM rollover+alias feature

* Remove commented code

---------

Co-authored-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

* Bump 4.10.0 (#272)

* Merge 4.9.1 into 4.10.0 (#358)

* Merge 4.9.1 into 4.10.0 (#358)

---------

Signed-off-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

* Merge 4.9.2 into 4.10.0 (#378)

* Fix build.gradle (#381)

* Fix build.gradle

* Fix build.gradle

* Undo changes

* Remove old compose files for integrations (#386)

* Delete integrations/docker/amazon-security-lake.yml

Signed-off-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

* Delete integrations/docker/config directory

Signed-off-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

* Update vulnerability detector index template (#383)

* Update VD index template

* Remove host.os.family

* Merge 4.9.1 into 4.10.0 (#426)

* Fix Performance Analyzer service file (#391)

* Update SECURITY.md (#411)

* Remove prompt about configuration file overwrites on package upgrade (#410)

* Make new config files install with .new prefix

* Fix errors and add .new prefix to /etc/init.d/wazuh-indexer

* Fix errors in build.sh and assemble.sh

* Revert "Fix errors in build.sh and assemble.sh"

This reverts commit 5dc3500.

* Using noreplace on config files for rpm

* Fix issues in debmake.sh

* Revert changes to Debian packages

---------

Co-authored-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

* Update SECURITY.md (#415)

Signed-off-by: Raul Del Pozo Moreno <raul.delpozo@wazuh.com>

* Add Release Notes 4.9.1-rc1 (#421)

---------

Signed-off-by: Raul Del Pozo Moreno <raul.delpozo@wazuh.com>
Co-authored-by: Fede Galland <99492720+f-galland@users.noreply.github.com>
Co-authored-by: Raul Del Pozo Moreno <raul.delpozo@wazuh.com>

* Bump version to 4.10.1 (#430)

* Support new version 4.10.2 (#441)

* Enable assembly of ARM packages (#444)

* Merge 4.10.1 into 4.10.2 (#473)

* Merge 4.10.0 into 4.10.1 (#470)

* Upgrade integrations to the last version (#447)

* Upgrade third-party integrations to latest product versions (#368)

* Upgrade third-party integrations to latest product versions

* Improve comtability matrix

* Change versions in /integrations/.env

Signed-off-by: Malena Casas <malena.casas@wazuh.com>

* Fix Splunk integrations (#362)

* Add table with the version of the integrations

* Update CHANGELOG.md

Signed-off-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

---------

Signed-off-by: Malena Casas <malena.casas@wazuh.com>
Signed-off-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>
Co-authored-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>
Co-authored-by: JuanGarriuz <juangarriuz@gmail.com>

* Merge 4.9.1 into 4.10.0 (#454)

* Prepare 4.9.1-rc2 (#436)

* Update docker/README.md (#438)

* Support new stage 4.9.1-rc3 (#443)

* Update operational--integrations_maintenance_request.md (#449)

Signed-off-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

---------

Signed-off-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

* Fix Github Actions build process dependency errors (#457)

* Switch from latest to 22.04 runner

* Remove non-existant packages from workflow provisioner

* Remove freeglut3 from provision.sh

* Update calendarTime and scan_date fields type (#458)

* Merge 4.9.1 into 4.10.0 (#469)

* Support for v4.9.1-alpha4 (#461)

* Prepare final release notes for 4.9.1

---------

Signed-off-by: Malena Casas <malena.casas@wazuh.com>
Signed-off-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>
Co-authored-by: Malena Casas <malena.casas@wazuh.com>
Co-authored-by: JuanGarriuz <juangarriuz@gmail.com>
Co-authored-by: Fede Galland <99492720+f-galland@users.noreply.github.com>
Co-authored-by: Kevin Ledesma <kevinledesmam95@gmail.com>

* Fix release date for 4.10.0 in RPM spec file

* Fix release date for 4.10.0 in RPM spec file

---------

Signed-off-by: Malena Casas <malena.casas@wazuh.com>
Signed-off-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>
Co-authored-by: Malena Casas <malena.casas@wazuh.com>
Co-authored-by: JuanGarriuz <juangarriuz@gmail.com>
Co-authored-by: Fede Galland <99492720+f-galland@users.noreply.github.com>
Co-authored-by: Kevin Ledesma <kevinledesmam95@gmail.com>

* Merge 4.10.1 into 4.10.2 (#513)

* Merge 4.10.0 into 4.10.1 (#470)

* Upgrade integrations to the last version (#447)

* Upgrade third-party integrations to latest product versions (#368)

* Upgrade third-party integrations to latest product versions

* Improve comtability matrix

* Change versions in /integrations/.env

Signed-off-by: Malena Casas <malena.casas@wazuh.com>

* Fix Splunk integrations (#362)

* Add table with the version of the integrations

* Update CHANGELOG.md

Signed-off-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

---------

Signed-off-by: Malena Casas <malena.casas@wazuh.com>
Signed-off-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>
Co-authored-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>
Co-authored-by: JuanGarriuz <juangarriuz@gmail.com>

* Merge 4.9.1 into 4.10.0 (#454)

* Prepare 4.9.1-rc2 (#436)

* Update docker/README.md (#438)

* Support new stage 4.9.1-rc3 (#443)

* Update operational--integrations_maintenance_request.md (#449)

Signed-off-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

---------

Signed-off-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

* Fix Github Actions build process dependency errors (#457)

* Switch from latest to 22.04 runner

* Remove non-existant packages from workflow provisioner

* Remove freeglut3 from provision.sh

* Update calendarTime and scan_date fields type (#458)

* Merge 4.9.1 into 4.10.0 (#469)

* Support for v4.9.1-alpha4 (#461)

* Prepare final release notes for 4.9.1

---------

Signed-off-by: Malena Casas <malena.casas@wazuh.com>
Signed-off-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>
Co-authored-by: Malena Casas <malena.casas@wazuh.com>
Co-authored-by: JuanGarriuz <juangarriuz@gmail.com>
Co-authored-by: Fede Galland <99492720+f-galland@users.noreply.github.com>
Co-authored-by: Kevin Ledesma <kevinledesmam95@gmail.com>

* Fix release date for 4.10.0 in RPM spec file

Signed-off-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

* Merge 4.10.0 into 4.10.1 (#511)

* Upgrade integrations to the last version (#447)

* Upgrade third-party integrations to latest product versions (#368)

* Upgrade third-party integrations to latest product versions

* Improve comtability matrix

* Change versions in /integrations/.env

Signed-off-by: Malena Casas <malena.casas@wazuh.com>

* Fix Splunk integrations (#362)

* Add table with the version of the integrations

* Update CHANGELOG.md

Signed-off-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

---------

Signed-off-by: Malena Casas <malena.casas@wazuh.com>
Signed-off-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>
Co-authored-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>
Co-authored-by: JuanGarriuz <juangarriuz@gmail.com>

* Merge 4.9.1 into 4.10.0 (#454)

* Prepare 4.9.1-rc2 (#436)

* Update docker/README.md (#438)

* Support new stage 4.9.1-rc3 (#443)

* Update operational--integrations_maintenance_request.md (#449)

Signed-off-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

---------

Signed-off-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

* Fix Github Actions build process dependency errors (#457)

* Switch from latest to 22.04 runner

* Remove non-existant packages from workflow provisioner

* Remove freeglut3 from provision.sh

* Update calendarTime and scan_date fields type (#458)

* Merge 4.9.1 into 4.10.0 (#469)

* Support for v4.9.1-alpha4 (#461)

* Prepare final release notes for 4.9.1

* Fix release date for 4.10.0 in RPM spec file (#471)

* Preserve status of wazuh-indexer on upgrade (#498)

* Update pre and post inst scripts for deb and rpm to store and restore service status

* Update prerm script to avoid stopping the service on upgrade

* Remove extra spaces and update rpm restart command

* Merge 4.9.2 into 4.10.0 (#510)

* Support for v4.9.1-alpha4 (#461)

* Prepare final release notes for 4.9.1

* Support new version 4.9.2 (#494)

* Support new version 4.9.2

* Add estimated release date for 4.9.2

* Fix estimates release date for 4.9.2

* Fix 4.9.1 release notes title

---------

Signed-off-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

---------

Signed-off-by: Malena Casas <malena.casas@wazuh.com>
Signed-off-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>
Co-authored-by: Malena Casas <malena.casas@wazuh.com>
Co-authored-by: JuanGarriuz <juangarriuz@gmail.com>
Co-authored-by: Fede Galland <99492720+f-galland@users.noreply.github.com>
Co-authored-by: Kevin Ledesma <kevinledesmam95@gmail.com>
Signed-off-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

---------

Signed-off-by: Malena Casas <malena.casas@wazuh.com>
Signed-off-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>
Co-authored-by: Malena Casas <malena.casas@wazuh.com>
Co-authored-by: JuanGarriuz <juangarriuz@gmail.com>
Co-authored-by: Fede Galland <99492720+f-galland@users.noreply.github.com>
Co-authored-by: Kevin Ledesma <kevinledesmam95@gmail.com>

---------

Signed-off-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>
Signed-off-by: Fede Tux <federico.galland@wazuh.com>
Signed-off-by: Federico Gustavo Galland <99492720+f-galland@users.noreply.github.com>
Signed-off-by: Raul Del Pozo Moreno <raul.delpozo@wazuh.com>
Signed-off-by: Malena Casas <malena.casas@wazuh.com>
Co-authored-by: Federico Gustavo Galland <99492720+f-galland@users.noreply.github.com>
Co-authored-by: Fede Tux <fede@fernetcave.com>
Co-authored-by: Fede Tux <federico.galland@wazuh.com>
Co-authored-by: Raul Del Pozo Moreno <raul.delpozo@wazuh.com>
Co-authored-by: Malena Casas <malena.casas@wazuh.com>
Co-authored-by: JuanGarriuz <juangarriuz@gmail.com>
Co-authored-by: Kevin Ledesma <kevinledesmam95@gmail.com>
AlexRuiz7 added a commit that referenced this pull request Nov 12, 2024
* Init wazuh-indexer (#3)

* Update CODEOWNERS

* Update README.md and SECURITY.md

* Add Wazuh configuration files

* Update README.md

Signed-off-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

* Create codeql.yml

Signed-off-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

* Update dependabot.yml

Signed-off-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

* Update SECURITY.md (#30)

Signed-off-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

* Add ECS mappings generator (#36)

* Add ECS mappings generator, documentation and files for vulnerability detector

* Add event generator script

* Update template settings

---------

Signed-off-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

* Add default query fields to vulnerability detector index (#40)

* Add ECS mappings generator, documentation and files for vulnerability detector

* Add event generator script

* Add default query fields

---------

Signed-off-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

* Create gradle_build.yml

Signed-off-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

* Update gradle_build.yml

Signed-off-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

* Add a script to configure the rollover policy (#49)

* Update ISM init script (#50)

* Fix bug with -i option (#51)

* Fix bug with -i option

* Improve error handling

* Update min_doc_count value (#52)

* Improve ISM init script (#57)

* Improve ISM init script

* Change log file path

* Update distribution files (#59)

* Update config files

* Add VERSION file

* Update documentation of the ECS tooling (#67)

* Add workflow for package generation (#65)

* Ignore artifacts folder

* Update build script

- Updated to v2.11.0 version.
- Skipped compilation of the plugins
- The artifact nameis sent to a text file, to access it easily in
GitHub Actions.

* Add GH action to build min packages

* Remove commented code

* Remove unused code

* Add docker compose environment (#66)

* Add very basic Docker environment

That will do for now

* Add latest changes

* Update Docker environment

- Remove build.md which was included by mistake.
- Improve dev.sh script.
- Update .gitignore to exclude artifacts folder.
- Create .dockerignore file.
- Replace get_version.sh script with inline command.
- Reduce image size by using alpine as base image.

---------

Signed-off-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

* Rename packages to wazuh-indexer (#69)

* Rename packages to wazuh-indexer

* Include VERSION file into packages

* Apply Wazuh version to packages names

* Improve build.sh script

Apply suggestions from ShellCheck

* Update vulnerability index mappings (#75)

* Remove 'events' ECS field

* Add 'wazuh' custom field

* Update event_generator.py for vulnerability detector

* Update `indexer-ism-init.sh` (#81)

Updates the script to upload the wazuh-template.json to the indexer.

Signed-off-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

* Add workflow to assemble packages (#85)

* Add script to assemble arm64 and x64 archives (tar)

* Cleanup

* Update config file with latest upstream changes

* Change packages maintainer information

* Fix wrong substitution of config files

* Update dockerignore to ignore git folder

* Update wazuh-indexer.rpm.spec

Remove unnecessary echo commands

* Add wazuh-indexer-performance-analyzer.service

Required to assembly RPM. The plugin does not install this file, so it needs to be added manually.

* Update assemble.sh

Successfully assemble RPM x64. Runner needed to arm64

* Update `build.yml`

* Add WIP documentation for packages' generation

* Test new approach using reusable workflows

* Fix errors

* Restructure reusable workflow

* Fix upload and download paths

* New try

- Adds a reusable workflow to return the version of Wazuh set in source code.
- Attempt to dynamically generate artifacts name to normalize them for usage between jobs.
- Adds revision as input for the workflow.
- Cleanup

* Emulate assemble to test upload of the reusable assembly workflow

* Add Caching Gradle dependencies

* Remove extra '-' in the packages names on the assembly job

* Final cleanup

* Enable RPM package assemble

Remove unused code

* Fix regex to get package name

* Fix download-artifact destination path

* Exclude unimplemented deb assembly

Extend example to run with Act

* Fix yellow cluster state (#95)

* Add template and settings to disable replicas on ISM plugin internal indices

* Fix documentation

Replaces exit 1 statements with return 1

* Fix uncommented comment line

* Update ism-init script  (#97)

* Update ism-init script to parametrize the path of the wazuh-template

---------

Signed-off-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

* Add tools to assemble DEB packages (#96)

* Add tools to assemble DEB packages

* Move wazuh-indexer-performance-analyzer.service to common

* Enable assembly of DEB packages

* Enable full set of plugins

* Actually skip tar assembly

* Add installation of dependencies for DEB assembly

* Install dependencies using sudo

* Format files

* Refactor assemble script

* Update README.md

Signed-off-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

* Build scripts and GH workflows artifacts naming fix (#112)

* Build scripts and GH workflows artifacts naming fix

* Add git to dev docker image

* Fixing jobs' inputs and outputs

* remove name input from r_assemble.yml

* Setting qualifier to 1 when not specified

* Add revision flag to scripts and workflow

* Fix copying of packages at assemble.sh

* Use suffix variable instead of architecture

* Fix suffix name in assemble.sh

* Mix solutions to comply with the package naming convention

* Remove unused code

* Use correct name for assembled package

Remove code no longer needed

* Remove outdated comments

---------

Co-authored-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

* Use short SHA as Git reference in packages naming (#100)

* Switching to short SHA commit form in package names

Signed-off-by: Fede Tux <federico.galland@wazuh.com>

* Update r_commit_sha.yml

Signed-off-by: Federico Gustavo Galland <99492720+f-galland@users.noreply.github.com>

* Update r_commit_sha.yml

Signed-off-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

---------

Signed-off-by: Fede Tux <federico.galland@wazuh.com>
Signed-off-by: Federico Gustavo Galland <99492720+f-galland@users.noreply.github.com>
Signed-off-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>
Co-authored-by: Fede Tux <fede@fernetcave.com>
Co-authored-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

* Remove unneeded files from assembled packages (#115)

* add remove files function to assemble.sh

* Remove unneeded files on assembled tar packages

* Remove duplicated function

Fix wrong variable assignment

---------

Co-authored-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

* Add missing tools and files back into Wazuh Indexer packages (#117)

* add remove files function to assemble.sh

* Remove unneeded files on assembled tar packages

* Remove duplicated function

Fix wrong variable assignment

* Adding function to package Wazuh`s tools to assemble.sh

* Make the files' versions follow the repo's VERSION file

* Fix download of Wazuh tools for packages assembly

---------

Signed-off-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>
Co-authored-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

* Remove unneeded symbolic links from assembled packages (#121)

* Update issue templates (#127)

* Fix RPM package references to /var/run (#119)

* Switch /var/run references to /run

* Remove unneeded files from assembled packages (#115)

* add remove files function to assemble.sh

* Remove unneeded files on assembled tar packages

* Remove duplicated function

Fix wrong variable assignment

---------

Co-authored-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

* Add missing tools and files back into Wazuh Indexer packages (#117)

* add remove files function to assemble.sh

* Remove unneeded files on assembled tar packages

* Remove duplicated function

Fix wrong variable assignment

* Adding function to package Wazuh`s tools to assemble.sh

* Make the files' versions follow the repo's VERSION file

* Fix download of Wazuh tools for packages assembly

---------

Signed-off-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>
Co-authored-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

* Remove unneeded symbolic links from assembled packages (#121)

* Remove reference to install_demo_configuration.sh

---------

Signed-off-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>
Co-authored-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

* Removing post-install message from wazuh-indexer.rpm.spec (#131)

* Add tests to the packages building process (#132)

Runs the workflow on pull request changes

* Get Wazuh version from VERSION file (#122)

* Add function to look for VERSION in the correct path

* Update assemble.sh

Adds wget as dependency

* Download files using curl instead of wget

* Update assemble.sh

Revert assembly with minimal plugins for testing

Signed-off-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

* Add Dockerfile and docker-compose for the package assembly stage

* Assemble packages with minimal plugin set when "test" variable is set to "true"

* Update README with assemble.sh docker image

* Fixing env variable naming convention and removing wget dependency

* Improve Docker environments

Adds environments to build packages

* Fix small typos

* More fixes

* Add documentation

* Adding -p flag to mkdir so it doesnt fail when the folder is already present

* Format files

---------

Signed-off-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>
Co-authored-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

* Removing /usr/share/lintian/overrides/wazuh-indexer from deb packages (#130)

Co-authored-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

* Add `wazuh-template.json` to packages (#116)

* Download wazuh-template.json from wazuh/wazuh repo

* Add wazuh-template.json to RPM package spec

* Setting wazuh-template.json attributes to 660

* Change wazuh-template.json attributes in debmake_install.sh

* Put template download command within a function

* Small fixes and format

* Apply correct file permissions to the wazuh-template.json

---------

Co-authored-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

* Adding Debian packaging config files from Opensearch (#118)

* Adding debian packaging config files from Opensearch

* Copy debian/ folder to the build dir for debmake to parse

* Remove redundant steps from debian/postinst

---------

Co-authored-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

* Fix Build workflow to run on push events  (#134)

* Run workflow on push

* Set build workflow inputs to required

* Normalize the use of quotes for the build workflow inputs

* Add ternary operator

* Add missing ternary operator

* Use maven for plugin download (#139)

* Fine tuning permissions on RPM spec file

* Get plugins using maven

* Rolling back changes to spec file

* Format files

---------

Co-authored-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

* Add new custom field to the vulnerability detector index (#141)

* Add new custom field to the vulnerability detector index

* Update event generator tool

* Remove base.labels ECS field from wazuh-states-vulnerabilities index mappings

* Fine tuning permissions on assembled packages (#137)

* Fine tuning permissions on RPM spec file

* Build a list of files to be packaged excluding items that need special permissions

* Fix bad permissions on directories

* Remove system directories from packaging definition

* Changing permissions on deb packages

* Skip unneeded dh_fixperms stage in debian/rules

* Clean & format

---------

Co-authored-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

* Init. Amazon Security Lake integration (#143)

* Init. Amazon Security Lake integration

Signed-off-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

* Add events generator tool for `wazuh-alerts` (#152)

* Add events generator tool for wazuh-alerts

* Fix typo in README.md

Signed-off-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

* Make timestamps timezone aware

---------

Signed-off-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>
Co-authored-by: Fede Tux <federico.galland@wazuh.com>

* Add `wazuh.manager.name` to VD mappings (#158)

* Create compatibility_request.md (#163)

Signed-off-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

* Add Python module to accomplish OCSF compliant events (#159)

* Adding Python script that receives a continuous json stream over stdin and outputs parquet to Security Lake

* Adding logstash pipeline for python script

* encode_parquet() function fixed to handle lists of dictionaries

* Correct error in encode_parquet()

* Avoid storing the block ending in the output buffer

* Add comments on handling files and streams with pyarrow for future reference

* Add s3 handling reference links

* Write parquet directly to bucket

* Added basics of map_to_ocsf() function

* Minor fixes

* Map alerts to OCSF as they are read

* Add script to convert Wazuh events to OCSF

Also adds a simple test script

* Add OCSF converter + Parquet encoder + test scripts

* Update .gitignore

* Include the contents of the alert under unmapped

* Add support for different OCSF schema versions

* Use custom ocsf module to map alerts

* Modify script to use converter class

* Code polish and fix errors

* Remove unnecessary type declaration from debug flag

* Improved parquet encoding

* Initial commit for test env's docker-compose.yml

* Remove sudo references from docker-compose.yml

* Add operational Python module to transform events to OCSF

* Create minimal Docker environment to test and develop the integration.

* Fix events-generator's Inventory starvation

* Remove files present in #147

* Cleanup

* Add FQDN hostnames to services for certificates creation

* Add S3 Ninja (Mock) (#165)

* Setup certificates in Wazuh Indexer and Logstash containers (#166)

* Add certificate generator service

* Add certificate config to docker compose file

* Use secrets for certificates

* Disable permission handling inside cert's generator entrypoint.sh

* Back to using a bind mount for certs

* Have entrypoint.sh generate certs with 1000:1000 ownership

* Correct certificate permissions and bind mounting

* Add security initialization variable to compose file

* Fix permissions on certs generator entrypoint

* Add cert generator config file

* Remove old cert generator dir

* Set indexer hostname right in pipeline file

* Roll back commented code

---------

Signed-off-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>
Co-authored-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

* Fix Logstash pipelines

* Remove unused file

* Implement OCSF severity normalize function

---------

Signed-off-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>
Co-authored-by: Fede Tux <federico.galland@wazuh.com>
Co-authored-by: Federico Gustavo Galland <99492720+f-galland@users.noreply.github.com>

* Update Gradle setup action (#182)

* Attemtp to automate package's testing

* Fix typo

* Update setup gradle action

* Remove file from another PR

* Update build.yml

Signed-off-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

---------

Signed-off-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

* Update vulnerability-states fields (#177)

* Update vulnerability-states fields

Adds wazuh.schema.version

* Update events generator

* Automate package's testing (#178)

* Attemtp to automate package's testing

* Fix typo

* Add sudo

* Split test steps and manage errors

* Add --no-pager to journalctl

* Add certs generator

* Improve error handling

* Update r_test.yml

Fix indentation

Signed-off-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

* Fix error handling

* Add testing of RPM packages

* Improve multi-os testing

* Add TEST env var

* Add braces to if conditionals

* Remove all curly braches from if conditionals

* braces again

* Install RPM package in Docker

* Remove sudo for RPM installation

* Bind artifacts/dist to RPM docker test container

* Bind artifacts/dist to RPM docker test container

* Avoid prompt during yum install

* Fix bind volume

---------

Signed-off-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

* Remove ecs.version from query.default_fields (#184)

* Upload packages to S3 (#179)

* Attemtp to automate package's testing

* Add workflow file to upload packages to S3

* Skip testing to test whether the upload works

* Fix package names

* Fix upload workflow name

* Pass secrets to the reusable workflow

* Fix indentation

* Fix indentation

* Remove test workflow from this PR

* Add boolean input to control when the package is uploaded to the S3 bucket

* [UI/UX] Improve inputs description

---------

Signed-off-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

* Add bash to Docker dev image (#185)

* Update wazuh-states-vulnerabilities index mapping (#191)

* Update wazuh-states-vulnerabilities index mapping

* Extend ECS Vulnerability fields

* Add pipeline to generate release packages (#193)

* Add script to get the version of OpenSearch

* Set revision to 0 by default.

- Reduce inputs for scripts.
- Add script to generate packages' naming convention.
- Make scripts self-aware of the OpenSearch version.

* Fix assemble

* Smoke test new pipeline to build packages

* Fix syntax errors

* Update build.yml

Signed-off-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

* Add workflow to build packages on push

* Run actionlint

* Fix jq argjson

* Fix set matrix output ?

* Try new approach using a single workflow

* Fix GITHUB_OUTPUT

* Fix baptizer invocation

* Add testing and upload to new approach

* Fix hard coded revision number on RPM assembly

* New attempt

* Skip upload unless specified

* Install plugins on RPM

* Promote new approach

Removes previous workflows to generate packages

* Fix workflow name

* Attempt to fix release package naming

* Fix build.sh invocation from workflow

* Use min package name in workflow

* Use min package name for release naming convention in workflow

* Attemtp to fix regex

* Upgrade to aws-actions/configure-aws-credentials@v4

Clean up

* Apply latest requirements

Add workflow with single matrix for QA use. Rename inputs. Add checksum input.

* Add checksum generation and upload

* Use choice as input types for system and architecture

* Invoke build single packages with upload option

* Add documentation and clean up

* Rename scripts folder to packaging_scripts

---------

Signed-off-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

* Build Docker images (#194)

* Assemble tar packages

* Add files to generate Docker images

First working version

* Fix certs path

* clean up

* Working indexer in Docker

* Add documentation to build Docker images

Simplify names of Docker build args

* Remove unused Docker dependencies

---------

Signed-off-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

* Add on.workflow_call to build_single.yml workflow (#200)

Allows invocation usin the GH API

* Add Pyhton module to implement Amazon Security Lake integration (#186)

* Migrate from #147

* Update amazon-security-lake integration

- Improved documentation.
- Python code has been moved to `wazuh-indexer/integrations/amazon-security-lake/src`.
- Development environment now uses OpenSearch 2.12.0.
- The `wazuh.integration.security.lake` container now displays logs, by watching logstash's log file.
- [**NEEDS FIX**] As a temporary solution, the `INDEXER_USERNAME` and `INDEXER_PASSWORD` values have been added as an environment variable to the `wazuh.integration.security.lake` container. These values should be set at Dockerfile level, but isn't working, probably due to permission denied on invocation of the `setup.sh` script.
- [**NEEDS FIX**] As a temporary solution, the output file of the `indexer-to-file` pipeline as been moved to `/var/log/logstash/indexer-to-file`. Previous path `/usr/share/logstash/pipeline/indexer-to-file.json` results in permission denied.
- [**NEEDS FIX**] As a temporary solution, the input.opensearch.query has been replaced with `match_all`, as the previous one does not return any data, probably to the use of time filters `gt: now-1m`.
- Standard output enable for `/usr/share/logstash/pipeline/indexer-to-file.json`.
- [**NEEDS FIX**] ECS compatibility disabled: `echo "pipeline.ecs_compatibility: disabled" >> /etc/logstash/logstash.yml` -- to be included automatically
- Python3 environment path added to the `indexer-to-integrator` pipeline.

* Disable ECS compatibility (auto)

-  Adds pipeline.ecs_compatibility: disabled at Dockerfile level.
- Removes `INDEXER_USERNAME` and `INDEXER_PASSWORD` as environment variables on the `wazuh.integration.security.lake` container.

* Add @timestamp field to sample alerts

* Fix Logstash pipelines

* Add working indexer-to-s3 pipeline

* Add working Python script up to S3 upload

* Add latest changes

* Remove duplicated line

* Replace choice with string on workflow_call (#207)

* Use AWS_REGION secret (#209)

* Add Lambda function for the Amazon Security Lake integration (#189)

* Migrate from #147

* Update amazon-security-lake integration

- Improved documentation.
- Python code has been moved to `wazuh-indexer/integrations/amazon-security-lake/src`.
- Development environment now uses OpenSearch 2.12.0.
- The `wazuh.integration.security.lake` container now displays logs, by watching logstash's log file.
- [**NEEDS FIX**] As a temporary solution, the `INDEXER_USERNAME` and `INDEXER_PASSWORD` values have been added as an environment variable to the `wazuh.integration.security.lake` container. These values should be set at Dockerfile level, but isn't working, probably due to permission denied on invocation of the `setup.sh` script.
- [**NEEDS FIX**] As a temporary solution, the output file of the `indexer-to-file` pipeline as been moved to `/var/log/logstash/indexer-to-file`. Previous path `/usr/share/logstash/pipeline/indexer-to-file.json` results in permission denied.
- [**NEEDS FIX**] As a temporary solution, the input.opensearch.query has been replaced with `match_all`, as the previous one does not return any data, probably to the use of time filters `gt: now-1m`.
- Standard output enable for `/usr/share/logstash/pipeline/indexer-to-file.json`.
- [**NEEDS FIX**] ECS compatibility disabled: `echo "pipeline.ecs_compatibility: disabled" >> /etc/logstash/logstash.yml` -- to be included automatically
- Python3 environment path added to the `indexer-to-integrator` pipeline.

* Disable ECS compatibility (auto)

-  Adds pipeline.ecs_compatibility: disabled at Dockerfile level.
- Removes `INDEXER_USERNAME` and `INDEXER_PASSWORD` as environment variables on the `wazuh.integration.security.lake` container.

* Add @timestamp field to sample alerts

* Fix Logstash pipelines

* Add working indexer-to-s3 pipeline

* Add working Python script up to S3 upload

* Add latest changes

* Remove duplicated line

* Add working environment with minimal AWS lambda function

* Mount src folder to Lambda's workdir

* Add first functional lambda function

Tested on local environment, using S3 Ninja and a Lambda container

* Working state

* Add documentation

* Improve code

* Improve code

* Clean up

* Add instructions to build a deployment package

* Make zip file lighter

* Use default name for aws_region

* Add destination bucket validation

* Add env var validation and full destination S3 path

* Add AWS_ENDPOINT environment variable

* Rename AWS_DEFAULT_REGION

* Remove unused env vars

* Remove unused file and improve documentation a bit.

* Makefile improvements

* Use dummy env variables

---------

Signed-off-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

* Bump Java version in Docker environments (#210)

* Fix access denied error during log rotation (#212)

* Save intermediate OCSF files to an S3 bucket (#218)

* Fix Parquet files format (#217)

* Fix mapping to Detection Finding OCSF class (#220)

* Map events to OCSF's Security Finding class (#221)

* Map events to OCSF's Security Finding class

* Improve models (inheritance). Add OCSF_CLASS env variable

* Move constants to the models

* Fix validation error

* Add ID input to workflows (#229)

* Added id input

* Changed name to run-name

* Add OPENSEARCH_TMPDIR variable to service and create directory in packages accordingly (#231)

* Improve workflow's run-name with tagret system and architeture (#237)

* Add documentation for the Amazon Security Lake integration (#226)

* Add documentation for the Amazon Security Lake integration

* Add images via upload

Signed-off-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

* Add files via upload

Signed-off-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

* Use jpeg

* Add files via upload

Signed-off-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

* Fix some typos

* Add CONTRIBUTING.md

* Apply improvements to the ASL docu

---------

Signed-off-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

* Rename  environment variable (#240)

* Remove maintainer-approval.yml (#241)

* Improve logging and error handling on ASL Lambda function (#242)

* Update .gitattributes (#243)

* Change . for : in debian's postinst (#245)

* Add integration with Elastic (#248)

* Add integration with Elastic

Draft

* Update Elastic integration

Draft

* Add Elastic integration folder

Draft

* Changing the kibana system user

* Add Elastic integration

Working

---------

Co-authored-by: Fede Tux <federico.galland@wazuh.com>

* Added S3 URI output to package generation upload (#249)

* Added S3 URI output

* Added ID input and S3 URI output

* Improved workflow run name

* Added name statement

* Added name statement

* Removed file

* Added ID input description

* Update build.yml

---------

Co-authored-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

* Add OpenSearch integration (#258)

* Add docker environment

* Add README

Move files to the corresponding folde

* Enable TLS in dashboards

---------

Co-authored-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

* Add Splunk integration (#257)

* Add Splunk integration

Draft

* Fix certificate errors

* Add cfssl container to generate and sign splunk certs

* Add cfssl configuration fiels

* Update Splunk integration

---------

Signed-off-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>
Co-authored-by: Fede Tux <federico.galland@wazuh.com>

* Add Manager to Elastic integration (#266)

* Init commit

[DRAFT] Adds a Compose environment

* Mount alerts as shared volume instead of file

* Update documentation and clean up files

---------

Co-authored-by: Fede Tux <federico.galland@wazuh.com>

* Add Manager to Splunk integration (#268)

* Add Manager to OpenSearch integration (#267)

* Add Manager to OpenSearch integreation

Also fixes small issues on other integrations

* Add changes to README

* Attempt nr.2 to fix #277  (#280)

* Testy test test

* Update artifact name

Skip lintian

* Update Mantainers for Debian package metadata

* Remove references to indexer-ism-init.sh and wazuh-template.json (#281)

* Remove references to indexer-ism-init.sh and wazuh-template.json

* Roll back remaining content from ISM rollover+alias feature

* Remove commented code

---------

Co-authored-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

* Bump 4.10.0 (#272)

* Merge 4.9.1 into 4.10.0 (#358)

* Merge 4.9.1 into 4.10.0 (#358)

---------

Signed-off-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

* Create branch 5.0.0 (#154)

* Create branch 5.0.0

* Fix CHANGELOG.md

* Update `build` workflow to build indexer plugins (#360)

* Update build workflow to include Wazuh plugins

* Try new approach to build wazuh-indexer with plugins

* Remove old code

* Remove ADMINS.md
artifacts
benchmarks
build
build.gradle
buildSrc
CHANGELOG.md
client
codecov.yml
CODE_OF_CONDUCT.md
CONTRIBUTING.md
DEVELOPER_GUIDE.md
dev-tools
distribution
docker
docs
doc-tools
ecs
gradle
gradle.properties
gradlew
gradlew.bat
integrations
libs
licenses
LICENSE.txt
MAINTAINERS.md
modules
NOTICE.txt
packaging_scripts
plugins
protobuf-java-NOTICE.txt
qa
README.md
release-notes
RELEASING.md
rest-api-spec
sandbox
SECURITY.md
server
settings.gradle
test
TESTING.md
Vagrantfile
VERSION
whitesource.config step

* Sync mavel local path across jobs

* Fix versioning of wazuh-indexer-plugins

* Fix versioning of wazuh-indexer-plugins

* Pass version and revision to publishToMavenLocal

* Add version check test

* Format files

* Use upload-artifact and download-artifact to share the plugins' zips between jobs

* Add repo path

* Fix plugin name

* Roll back

* Remove exit 1

* Fix relative path to the plugins

* List plugins folder

* Fix relative path

* again

* Change relative path to absolute

* Clean code

* Update README.ms

* Apply naming convention

* Add breif steps to build wazuh-indexer with plugins

* Skip job to build plugins on no input

* Improve conditional

* Remove build-plugins job from build's job dependencies

* Roll back

* Add tooling to generate the agents index template (#370)

* Merge 4.10.0 into master (#379)

* Merge 4.9.2 into 4.10.0 (#378)

* Update changelog

* Remove `alerts.json` references and manager integrations (#385)

* Remove references to alerts.json and filebeat off events generator

* Remove compose files and logstash pipelines

* Remove ossec references from sample events

* Remove old compose files for integrations

---------

Co-authored-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

* Fix build.gradle (#381) (#384)

* Fix build.gradle

* Fix build.gradle

* Undo changes

* Add issue template for Indexer-Dashboard packages testing (#393)

* Add stateless index template definition (#395)

* Add stateless index template definition

Event generator is pending

* Update to 8.11.0

* Update ECS generator

* Remove event generator for stateless ECS module

* Remove commented code

* Fix typo

* Add states-inventory-packages index template definition (#399)

* Add stateless index template definition

Event generator is pending

* Update to 8.11.0

* Adding template mappings and settings for states-inventory-packages index

* Fix indentation issue in subset.yml

* Remove event generators

* Remove duplicated code con ECS generator

* Add custom fields for states-inventory-packages

* Remove hidden flag on index template

---------

Co-authored-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

* Add states-inventory-processes index template definition (#401)

* Add stateless index template definition

Event generator is pending

* Update to 8.11.0

* Adding template mappings and settings for states-inventory-processes index

* Fix indentation issue in subset.yml

* Add process.tty as a custom field

* Update states-inventory-processes index template definition

* Remove events generators

* Remove duplicated code

* Remove hidden flag on index template

---------

Co-authored-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

* Add states-inventory-system index template definition (#403)

* Add stateless index template definition

Event generator is pending

* Update to 8.11.0

* Adding template mappings and settings for states-inventory-system index

* Remove hidden flag, correct subset.yml indentation

* Fix stuff

---------

Co-authored-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

* Add states-vulnerabilities index template definition (#405)

* Add stateless index template definition

Event generator is pending

* Update to 8.11.0

* Adding template mappings and settings for states-inventory-vulnerabilities index

* Remove event generator script

* Remove hidden flag

* Fix subset.yml indentation

* Recycle ecs/vulnerability-detector

* Add yaml header

---------

Co-authored-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

* Add states-fim index template definition (#397)

* Add stateless index template definition

Event generator is pending

* Update to 8.11.0

* Adding ecs mapping files for FIM index

* Fix indentation issue in subset.yml

* Remove hidden flag and event_generator

* Rename states-inventory-fim folder

* Fix subset.yml names

---------

Co-authored-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

* Include Command Manager plugin to the build workflow (#408)

* Include Command Manager plugin to the build workflow

* Remove 'github.event.'

* Remove double slash

* Update artifact path

* Add commands index template definition (#413)

* Add commands index template definition

* Change oreder_id data type

* Build & Assemble reporting plugin (#431)

* Build & Assemble reporting plugin

* Add working-directto ls

* Swap reporting plugin in wazuh-indexer package (specs)

* Fix changelog chronological order

* Normalize artifact names

* Use env.plugin_name

* Add events generator for the Commands Manager plugin (#433)

The event generator can gencreate and push sample events to the Command Manager API or to the Indexer API

* Update commands index defition (#437)

Change ID types to keywords

* Update commands index data model (#453)

* Update commands index data model

* Update commands event generator

* Move agent fields as extended

* Merge 4.10.2 into master (#475)

* Init wazuh-indexer (#3)

* Update CODEOWNERS

* Update README.md and SECURITY.md

* Add Wazuh configuration files

* Update README.md

Signed-off-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

* Create codeql.yml

Signed-off-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

* Update dependabot.yml

Signed-off-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

* Update SECURITY.md (#30)

Signed-off-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

* Add ECS mappings generator (#36)

* Add ECS mappings generator, documentation and files for vulnerability detector

* Add event generator script

* Update template settings

---------

Signed-off-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

* Add default query fields to vulnerability detector index (#40)

* Add ECS mappings generator, documentation and files for vulnerability detector

* Add event generator script

* Add default query fields

---------

Signed-off-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

* Create gradle_build.yml

Signed-off-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

* Update gradle_build.yml

Signed-off-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

* Add a script to configure the rollover policy (#49)

* Update ISM init script (#50)

* Fix bug with -i option (#51)

* Fix bug with -i option

* Improve error handling

* Update min_doc_count value (#52)

* Improve ISM init script (#57)

* Improve ISM init script

* Change log file path

* Update distribution files (#59)

* Update config files

* Add VERSION file

* Update documentation of the ECS tooling (#67)

* Add workflow for package generation (#65)

* Ignore artifacts folder

* Update build script

- Updated to v2.11.0 version.
- Skipped compilation of the plugins
- The artifact nameis sent to a text file, to access it easily in
GitHub Actions.

* Add GH action to build min packages

* Remove commented code

* Remove unused code

* Add docker compose environment (#66)

* Add very basic Docker environment

That will do for now

* Add latest changes

* Update Docker environment

- Remove build.md which was included by mistake.
- Improve dev.sh script.
- Update .gitignore to exclude artifacts folder.
- Create .dockerignore file.
- Replace get_version.sh script with inline command.
- Reduce image size by using alpine as base image.

---------

Signed-off-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

* Rename packages to wazuh-indexer (#69)

* Rename packages to wazuh-indexer

* Include VERSION file into packages

* Apply Wazuh version to packages names

* Improve build.sh script

Apply suggestions from ShellCheck

* Update vulnerability index mappings (#75)

* Remove 'events' ECS field

* Add 'wazuh' custom field

* Update event_generator.py for vulnerability detector

* Update `indexer-ism-init.sh` (#81)

Updates the script to upload the wazuh-template.json to the indexer.

Signed-off-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

* Add workflow to assemble packages (#85)

* Add script to assemble arm64 and x64 archives (tar)

* Cleanup

* Update config file with latest upstream changes

* Change packages maintainer information

* Fix wrong substitution of config files

* Update dockerignore to ignore git folder

* Update wazuh-indexer.rpm.spec

Remove unnecessary echo commands

* Add wazuh-indexer-performance-analyzer.service

Required to assembly RPM. The plugin does not install this file, so it needs to be added manually.

* Update assemble.sh

Successfully assemble RPM x64. Runner needed to arm64

* Update `build.yml`

* Add WIP documentation for packages' generation

* Test new approach using reusable workflows

* Fix errors

* Restructure reusable workflow

* Fix upload and download paths

* New try

- Adds a reusable workflow to return the version of Wazuh set in source code.
- Attempt to dynamically generate artifacts name to normalize them for usage between jobs.
- Adds revision as input for the workflow.
- Cleanup

* Emulate assemble to test upload of the reusable assembly workflow

* Add Caching Gradle dependencies

* Remove extra '-' in the packages names on the assembly job

* Final cleanup

* Enable RPM package assemble

Remove unused code

* Fix regex to get package name

* Fix download-artifact destination path

* Exclude unimplemented deb assembly

Extend example to run with Act

* Fix yellow cluster state (#95)

* Add template and settings to disable replicas on ISM plugin internal indices

* Fix documentation

Replaces exit 1 statements with return 1

* Fix uncommented comment line

* Update ism-init script  (#97)

* Update ism-init script to parametrize the path of the wazuh-template

---------

Signed-off-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

* Add tools to assemble DEB packages (#96)

* Add tools to assemble DEB packages

* Move wazuh-indexer-performance-analyzer.service to common

* Enable assembly of DEB packages

* Enable full set of plugins

* Actually skip tar assembly

* Add installation of dependencies for DEB assembly

* Install dependencies using sudo

* Format files

* Refactor assemble script

* Update README.md

Signed-off-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

* Build scripts and GH workflows artifacts naming fix (#112)

* Build scripts and GH workflows artifacts naming fix

* Add git to dev docker image

* Fixing jobs' inputs and outputs

* remove name input from r_assemble.yml

* Setting qualifier to 1 when not specified

* Add revision flag to scripts and workflow

* Fix copying of packages at assemble.sh

* Use suffix variable instead of architecture

* Fix suffix name in assemble.sh

* Mix solutions to comply with the package naming convention

* Remove unused code

* Use correct name for assembled package

Remove code no longer needed

* Remove outdated comments

---------

Co-authored-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

* Use short SHA as Git reference in packages naming (#100)

* Switching to short SHA commit form in package names

Signed-off-by: Fede Tux <federico.galland@wazuh.com>

* Update r_commit_sha.yml

Signed-off-by: Federico Gustavo Galland <99492720+f-galland@users.noreply.github.com>

* Update r_commit_sha.yml

Signed-off-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

---------

Signed-off-by: Fede Tux <federico.galland@wazuh.com>
Signed-off-by: Federico Gustavo Galland <99492720+f-galland@users.noreply.github.com>
Signed-off-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>
Co-authored-by: Fede Tux <fede@fernetcave.com>
Co-authored-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

* Remove unneeded files from assembled packages (#115)

* add remove files function to assemble.sh

* Remove unneeded files on assembled tar packages

* Remove duplicated function

Fix wrong variable assignment

---------

Co-authored-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

* Add missing tools and files back into Wazuh Indexer packages (#117)

* add remove files function to assemble.sh

* Remove unneeded files on assembled tar packages

* Remove duplicated function

Fix wrong variable assignment

* Adding function to package Wazuh`s tools to assemble.sh

* Make the files' versions follow the repo's VERSION file

* Fix download of Wazuh tools for packages assembly

---------

Signed-off-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>
Co-authored-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

* Remove unneeded symbolic links from assembled packages (#121)

* Update issue templates (#127)

* Fix RPM package references to /var/run (#119)

* Switch /var/run references to /run

* Remove unneeded files from assembled packages (#115)

* add remove files function to assemble.sh

* Remove unneeded files on assembled tar packages

* Remove duplicated function

Fix wrong variable assignment

---------

Co-authored-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

* Add missing tools and files back into Wazuh Indexer packages (#117)

* add remove files function to assemble.sh

* Remove unneeded files on assembled tar packages

* Remove duplicated function

Fix wrong variable assignment

* Adding function to package Wazuh`s tools to assemble.sh

* Make the files' versions follow the repo's VERSION file

* Fix download of Wazuh tools for packages assembly

---------

Signed-off-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>
Co-authored-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

* Remove unneeded symbolic links from assembled packages (#121)

* Remove reference to install_demo_configuration.sh

---------

Signed-off-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>
Co-authored-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

* Removing post-install message from wazuh-indexer.rpm.spec (#131)

* Add tests to the packages building process (#132)

Runs the workflow on pull request changes

* Get Wazuh version from VERSION file (#122)

* Add function to look for VERSION in the correct path

* Update assemble.sh

Adds wget as dependency

* Download files using curl instead of wget

* Update assemble.sh

Revert assembly with minimal plugins for testing

Signed-off-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

* Add Dockerfile and docker-compose for the package assembly stage

* Assemble packages with minimal plugin set when "test" variable is set to "true"

* Update README with assemble.sh docker image

* Fixing env variable naming convention and removing wget dependency

* Improve Docker environments

Adds environments to build packages

* Fix small typos

* More fixes

* Add documentation

* Adding -p flag to mkdir so it doesnt fail when the folder is already present

* Format files

---------

Signed-off-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>
Co-authored-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

* Removing /usr/share/lintian/overrides/wazuh-indexer from deb packages (#130)

Co-authored-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

* Add `wazuh-template.json` to packages (#116)

* Download wazuh-template.json from wazuh/wazuh repo

* Add wazuh-template.json to RPM package spec

* Setting wazuh-template.json attributes to 660

* Change wazuh-template.json attributes in debmake_install.sh

* Put template download command within a function

* Small fixes and format

* Apply correct file permissions to the wazuh-template.json

---------

Co-authored-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

* Adding Debian packaging config files from Opensearch (#118)

* Adding debian packaging config files from Opensearch

* Copy debian/ folder to the build dir for debmake to parse

* Remove redundant steps from debian/postinst

---------

Co-authored-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

* Fix Build workflow to run on push events  (#134)

* Run workflow on push

* Set build workflow inputs to required

* Normalize the use of quotes for the build workflow inputs

* Add ternary operator

* Add missing ternary operator

* Use maven for plugin download (#139)

* Fine tuning permissions on RPM spec file

* Get plugins using maven

* Rolling back changes to spec file

* Format files

---------

Co-authored-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

* Add new custom field to the vulnerability detector index (#141)

* Add new custom field to the vulnerability detector index

* Update event generator tool

* Remove base.labels ECS field from wazuh-states-vulnerabilities index mappings

* Fine tuning permissions on assembled packages (#137)

* Fine tuning permissions on RPM spec file

* Build a list of files to be packaged excluding items that need special permissions

* Fix bad permissions on directories

* Remove system directories from packaging definition

* Changing permissions on deb packages

* Skip unneeded dh_fixperms stage in debian/rules

* Clean & format

---------

Co-authored-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

* Init. Amazon Security Lake integration (#143)

* Init. Amazon Security Lake integration

Signed-off-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

* Add events generator tool for `wazuh-alerts` (#152)

* Add events generator tool for wazuh-alerts

* Fix typo in README.md

Signed-off-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

* Make timestamps timezone aware

---------

Signed-off-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>
Co-authored-by: Fede Tux <federico.galland@wazuh.com>

* Add `wazuh.manager.name` to VD mappings (#158)

* Create compatibility_request.md (#163)

Signed-off-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

* Add Python module to accomplish OCSF compliant events (#159)

* Adding Python script that receives a continuous json stream over stdin and outputs parquet to Security Lake

* Adding logstash pipeline for python script

* encode_parquet() function fixed to handle lists of dictionaries

* Correct error in encode_parquet()

* Avoid storing the block ending in the output buffer

* Add comments on handling files and streams with pyarrow for future reference

* Add s3 handling reference links

* Write parquet directly to bucket

* Added basics of map_to_ocsf() function

* Minor fixes

* Map alerts to OCSF as they are read

* Add script to convert Wazuh events to OCSF

Also adds a simple test script

* Add OCSF converter + Parquet encoder + test scripts

* Update .gitignore

* Include the contents of the alert under unmapped

* Add support for different OCSF schema versions

* Use custom ocsf module to map alerts

* Modify script to use converter class

* Code polish and fix errors

* Remove unnecessary type declaration from debug flag

* Improved parquet encoding

* Initial commit for test env's docker-compose.yml

* Remove sudo references from docker-compose.yml

* Add operational Python module to transform events to OCSF

* Create minimal Docker environment to test and develop the integration.

* Fix events-generator's Inventory starvation

* Remove files present in #147

* Cleanup

* Add FQDN hostnames to services for certificates creation

* Add S3 Ninja (Mock) (#165)

* Setup certificates in Wazuh Indexer and Logstash containers (#166)

* Add certificate generator service

* Add certificate config to docker compose file

* Use secrets for certificates

* Disable permission handling inside cert's generator entrypoint.sh

* Back to using a bind mount for certs

* Have entrypoint.sh generate certs with 1000:1000 ownership

* Correct certificate permissions and bind mounting

* Add security initialization variable to compose file

* Fix permissions on certs generator entrypoint

* Add cert generator config file

* Remove old cert generator dir

* Set indexer hostname right in pipeline file

* Roll back commented code

---------

Signed-off-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>
Co-authored-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

* Fix Logstash pipelines

* Remove unused file

* Implement OCSF severity normalize function

---------

Signed-off-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>
Co-authored-by: Fede Tux <federico.galland@wazuh.com>
Co-authored-by: Federico Gustavo Galland <99492720+f-galland@users.noreply.github.com>

* Update Gradle setup action (#182)

* Attemtp to automate package's testing

* Fix typo

* Update setup gradle action

* Remove file from another PR

* Update build.yml

Signed-off-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

---------

Signed-off-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

* Update vulnerability-states fields (#177)

* Update vulnerability-states fields

Adds wazuh.schema.version

* Update events generator

* Automate package's testing (#178)

* Attemtp to automate package's testing

* Fix typo

* Add sudo

* Split test steps and manage errors

* Add --no-pager to journalctl

* Add certs generator

* Improve error handling

* Update r_test.yml

Fix indentation

Signed-off-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

* Fix error handling

* Add testing of RPM packages

* Improve multi-os testing

* Add TEST env var

* Add braces to if conditionals

* Remove all curly braches from if conditionals

* braces again

* Install RPM package in Docker

* Remove sudo for RPM installation

* Bind artifacts/dist to RPM docker test container

* Bind artifacts/dist to RPM docker test container

* Avoid prompt during yum install

* Fix bind volume

---------

Signed-off-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

* Remove ecs.version from query.default_fields (#184)

* Upload packages to S3 (#179)

* Attemtp to automate package's testing

* Add workflow file to upload packages to S3

* Skip testing to test whether the upload works

* Fix package names

* Fix upload workflow name

* Pass secrets to the reusable workflow

* Fix indentation

* Fix indentation

* Remove test workflow from this PR

* Add boolean input to control when the package is uploaded to the S3 bucket

* [UI/UX] Improve inputs description

---------

Signed-off-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

* Add bash to Docker dev image (#185)

* Update wazuh-states-vulnerabilities index mapping (#191)

* Update wazuh-states-vulnerabilities index mapping

* Extend ECS Vulnerability fields

* Add pipeline to generate release packages (#193)

* Add script to get the version of OpenSearch

* Set revision to 0 by default.

- Reduce inputs for scripts.
- Add script to generate packages' naming convention.
- Make scripts self-aware of the OpenSearch version.

* Fix assemble

* Smoke test new pipeline to build packages

* Fix syntax errors

* Update build.yml

Signed-off-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

* Add workflow to build packages on push

* Run actionlint

* Fix jq argjson

* Fix set matrix output ?

* Try new approach using a single workflow

* Fix GITHUB_OUTPUT

* Fix baptizer invocation

* Add testing and upload to new approach

* Fix hard coded revision number on RPM assembly

* New attempt

* Skip upload unless specified

* Install plugins on RPM

* Promote new approach

Removes previous workflows to generate packages

* Fix workflow name

* Attempt to fix release package naming

* Fix build.sh invocation from workflow

* Use min package name in workflow

* Use min package name for release naming convention in workflow

* Attemtp to fix regex

* Upgrade to aws-actions/configure-aws-credentials@v4

Clean up

* Apply latest requirements

Add workflow with single matrix for QA use. Rename inputs. Add checksum input.

* Add checksum generation and upload

* Use choice as input types for system and architecture

* Invoke build single packages with upload option

* Add documentation and clean up

* Rename scripts folder to packaging_scripts

---------

Signed-off-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

* Build Docker images (#194)

* Assemble tar packages

* Add files to generate Docker images

First working version

* Fix certs path

* clean up

* Working indexer in Docker

* Add documentation to build Docker images

Simplify names of Docker build args

* Remove unused Docker dependencies

---------

Signed-off-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

* Add on.workflow_call to build_single.yml workflow (#200)

Allows invocation usin the GH API

* Add Pyhton module to implement Amazon Security Lake integration (#186)

* Migrate from #147

* Update amazon-security-lake integration

- Improved documentation.
- Python code has been moved to `wazuh-indexer/integrations/amazon-security-lake/src`.
- Development environment now uses OpenSearch 2.12.0.
- The `wazuh.integration.security.lake` container now displays logs, by watching logstash's log file.
- [**NEEDS FIX**] As a temporary solution, the `INDEXER_USERNAME` and `INDEXER_PASSWORD` values have been added as an environment variable to the `wazuh.integration.security.lake` container. These values should be set at Dockerfile level, but isn't working, probably due to permission denied on invocation of the `setup.sh` script.
- [**NEEDS FIX**] As a temporary solution, the output file of the `indexer-to-file` pipeline as been moved to `/var/log/logstash/indexer-to-file`. Previous path `/usr/share/logstash/pipeline/indexer-to-file.json` results in permission denied.
- [**NEEDS FIX**] As a temporary solution, the input.opensearch.query has been replaced with `match_all`, as the previous one does not return any data, probably to the use of time filters `gt: now-1m`.
- Standard output enable for `/usr/share/logstash/pipeline/indexer-to-file.json`.
- [**NEEDS FIX**] ECS compatibility disabled: `echo "pipeline.ecs_compatibility: disabled" >> /etc/logstash/logstash.yml` -- to be included automatically
- Python3 environment path added to the `indexer-to-integrator` pipeline.

* Disable ECS compatibility (auto)

-  Adds pipeline.ecs_compatibility: disabled at Dockerfile level.
- Removes `INDEXER_USERNAME` and `INDEXER_PASSWORD` as environment variables on the `wazuh.integration.security.lake` container.

* Add @timestamp field to sample alerts

* Fix Logstash pipelines

* Add working indexer-to-s3 pipeline

* Add working Python script up to S3 upload

* Add latest changes

* Remove duplicated line

* Replace choice with string on workflow_call (#207)

* Use AWS_REGION secret (#209)

* Add Lambda function for the Amazon Security Lake integration (#189)

* Migrate from #147

* Update amazon-security-lake integration

- Improved documentation.
- Python code has been moved to `wazuh-indexer/integrations/amazon-security-lake/src`.
- Development environment now uses OpenSearch 2.12.0.
- The `wazuh.integration.security.lake` container now displays logs, by watching logstash's log file.
- [**NEEDS FIX**] As a temporary solution, the `INDEXER_USERNAME` and `INDEXER_PASSWORD` values have been added as an environment variable to the `wazuh.integration.security.lake` container. These values should be set at Dockerfile level, but isn't working, probably due to permission denied on invocation of the `setup.sh` script.
- [**NEEDS FIX**] As a temporary solution, the output file of the `indexer-to-file` pipeline as been moved to `/var/log/logstash/indexer-to-file`. Previous path `/usr/share/logstash/pipeline/indexer-to-file.json` results in permission denied.
- [**NEEDS FIX**] As a temporary solution, the input.opensearch.query has been replaced with `match_all`, as the previous one does not return any data, probably to the use of time filters `gt: now-1m`.
- Standard output enable for `/usr/share/logstash/pipeline/indexer-to-file.json`.
- [**NEEDS FIX**] ECS compatibility disabled: `echo "pipeline.ecs_compatibility: disabled" >> /etc/logstash/logstash.yml` -- to be included automatically
- Python3 environment path added to the `indexer-to-integrator` pipeline.

* Disable ECS compatibility (auto)

-  Adds pipeline.ecs_compatibility: disabled at Dockerfile level.
- Removes `INDEXER_USERNAME` and `INDEXER_PASSWORD` as environment variables on the `wazuh.integration.security.lake` container.

* Add @timestamp field to sample alerts

* Fix Logstash pipelines

* Add working indexer-to-s3 pipeline

* Add working Python script up to S3 upload

* Add latest changes

* Remove duplicated line

* Add working environment with minimal AWS lambda function

* Mount src folder to Lambda's workdir

* Add first functional lambda function

Tested on local environment, using S3 Ninja and a Lambda container

* Working state

* Add documentation

* Improve code

* Improve code

* Clean up

* Add instructions to build a deployment package

* Make zip file lighter

* Use default name for aws_region

* Add destination bucket validation

* Add env var validation and full destination S3 path

* Add AWS_ENDPOINT environment variable

* Rename AWS_DEFAULT_REGION

* Remove unused env vars

* Remove unused file and improve documentation a bit.

* Makefile improvements

* Use dummy env variables

---------

Signed-off-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

* Bump Java version in Docker environments (#210)

* Fix access denied error during log rotation (#212)

* Save intermediate OCSF files to an S3 bucket (#218)

* Fix Parquet files format (#217)

* Fix mapping to Detection Finding OCSF class (#220)

* Map events to OCSF's Security Finding class (#221)

* Map events to OCSF's Security Finding class

* Improve models (inheritance). Add OCSF_CLASS env variable

* Move constants to the models

* Fix validation error

* Add ID input to workflows (#229)

* Added id input

* Changed name to run-name

* Add OPENSEARCH_TMPDIR variable to service and create directory in packages accordingly (#231)

* Improve workflow's run-name with tagret system and architeture (#237)

* Add documentation for the Amazon Security Lake integration (#226)

* Add documentation for the Amazon Security Lake integration

* Add images via upload

Signed-off-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

* Add files via upload

Signed-off-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

* Use jpeg

* Add files via upload

Signed-off-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

* Fix some typos

* Add CONTRIBUTING.md

* Apply improvements to the ASL docu

---------

Signed-off-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

* Rename  environment variable (#240)

* Remove maintainer-approval.yml (#241)

* Improve logging and error handling on ASL Lambda function (#242)

* Update .gitattributes (#243)

* Change . for : in debian's postinst (#245)

* Add integration with Elastic (#248)

* Add integration with Elastic

Draft

* Update Elastic integration

Draft

* Add Elastic integration folder

Draft

* Changing the kibana system user

* Add Elastic integration

Working

---------

Co-authored-by: Fede Tux <federico.galland@wazuh.com>

* Added S3 URI output to package generation upload (#249)

* Added S3 URI output

* Added ID input and S3 URI output

* Improved workflow run name

* Added name statement

* Added name statement

* Removed file

* Added ID input description

* Update build.yml

---------

Co-authored-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

* Add OpenSearch integration (#258)

* Add docker environment

* Add README

Move files to the corresponding folde

* Enable TLS in dashboards

---------

Co-authored-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

* Add Splunk integration (#257)

* Add Splunk integration

Draft

* Fix certificate errors

* Add cfssl container to generate and sign splunk certs

* Add cfssl configuration fiels

* Update Splunk integration

---------

Signed-off-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>
Co-authored-by: Fede Tux <federico.galland@wazuh.com>

* Add Manager to Elastic integration (#266)

* Init commit

[DRAFT] Adds a Compose environment

* Mount alerts as shared volume instead of file

* Update documentation and clean up files

---------

Co-authored-by: Fede Tux <federico.galland@wazuh.com>

* Add Manager to Splunk integration (#268)

* Add Manager to OpenSearch integration (#267)

* Add Manager to OpenSearch integreation

Also fixes small issues on other integrations

* Add changes to README

* Attempt nr.2 to fix #277  (#280)

* Testy test test

* Update artifact name

Skip lintian

* Update Mantainers for Debian package metadata

* Remove references to indexer-ism-init.sh and wazuh-template.json (#281)

* Remove references to indexer-ism-init.sh and wazuh-template.json

* Roll back remaining content from ISM rollover+alias feature

* Remove commented code

---------

Co-authored-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

* Bump 4.10.0 (#272)

* Merge 4.9.1 into 4.10.0 (#358)

* Merge 4.9.1 into 4.10.0 (#358)

---------

Signed-off-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

* Merge 4.9.2 into 4.10.0 (#378)

* Fix build.gradle (#381)

* Fix build.gradle

* Fix build.gradle

* Undo changes

* Remove old compose files for integrations (#386)

* Delete integrations/docker/amazon-security-lake.yml

Signed-off-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

* Delete integrations/docker/config directory

Signed-off-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

* Update vulnerability detector index template (#383)

* Update VD index template

* Remove host.os.family

* Merge 4.9.1 into 4.10.0 (#426)

* Fix Performance Analyzer service file (#391)

* Update SECURITY.md (#411)

* Remove prompt about configuration file overwrites on package upgrade (#410)

* Make new config files install with .new prefix

* Fix errors and add .new prefix to /etc/init.d/wazuh-indexer

* Fix errors in build.sh and assemble.sh

* Revert "Fix errors in build.sh and assemble.sh"

This reverts commit 5dc35007c0fbd8c6f0a54d35e9118a1936fd08f1.

* Using noreplace on config files for rpm

* Fix issues in debmake.sh

* Revert changes to Debian packages

---------

Co-authored-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

* Update SECURITY.md (#415)

Signed-off-by: Raul Del Pozo Moreno <raul.delpozo@wazuh.com>

* Add Release Notes 4.9.1-rc1 (#421)

---------

Signed-off-by: Raul Del Pozo Moreno <raul.delpozo@wazuh.com>
Co-authored-by: Fede Galland <99492720+f-galland@users.noreply.github.com>
Co-authored-by: Raul Del Pozo Moreno <raul.delpozo@wazuh.com>

* Bump version to 4.10.1 (#430)

* Support new version 4.10.2 (#441)

* Enable assembly of ARM packages (#444)

* Merge 4.10.1 into 4.10.2 (#473)

* Merge 4.10.0 into 4.10.1 (#470)

* Upgrade integrations to the last version (#447)

* Upgrade third-party integrations to latest product versions (#368)

* Upgrade third-party integrations to latest product versions

* Improve comtability ma…
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Incorrect files permissions in packages
2 participants