From c2b00fd177dd349a19c4d002603ce8b57731014e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C3=81lex=20Ruiz?= Date: Tue, 4 Feb 2025 14:55:05 +0100 Subject: [PATCH] Merge 4.10.2 into 4.11.0 (#668) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * Upgrade integrations to the last version (#447) * Upgrade third-party integrations to latest product versions (#368) * Upgrade third-party integrations to latest product versions * Improve comtability matrix * Change versions in /integrations/.env Signed-off-by: Malena Casas * Fix Splunk integrations (#362) * Add table with the version of the integrations * Update CHANGELOG.md Signed-off-by: Álex Ruiz --------- Signed-off-by: Malena Casas Signed-off-by: Álex Ruiz Co-authored-by: Álex Ruiz Co-authored-by: JuanGarriuz * Merge 4.9.1 into 4.10.0 (#454) * Prepare 4.9.1-rc2 (#436) * Update docker/README.md (#438) * Support new stage 4.9.1-rc3 (#443) * Update operational--integrations_maintenance_request.md (#449) Signed-off-by: Álex Ruiz --------- Signed-off-by: Álex Ruiz * Fix Github Actions build process dependency errors (#457) * Switch from latest to 22.04 runner * Remove non-existant packages from workflow provisioner * Remove freeglut3 from provision.sh * Update calendarTime and scan_date fields type (#458) * Merge 4.9.1 into 4.10.0 (#469) * Support for v4.9.1-alpha4 (#461) * Prepare final release notes for 4.9.1 * Fix release date for 4.10.0 in RPM spec file (#471) * Preserve status of wazuh-indexer on upgrade (#498) * Update pre and post inst scripts for deb and rpm to store and restore service status * Update prerm script to avoid stopping the service on upgrade * Remove extra spaces and update rpm restart command * Merge 4.9.2 into 4.10.0 (#510) * Support for v4.9.1-alpha4 (#461) * Prepare final release notes for 4.9.1 * Support new version 4.9.2 (#494) * Support new version 4.9.2 * Add estimated release date for 4.9.2 * Fix estimates release date for 4.9.2 * Fix 4.9.1 release notes title --------- Signed-off-by: Álex Ruiz * Update Changelog and release date (#595) * Support new Wazuh version 4.10.1 (#615) * Support new stage RC3 for 4.10.0 (#629) (#633) * Fix Changelog (#640) * Fix Changelog * Update CHANGELOG.md Signed-off-by: Álex Ruiz --------- Signed-off-by: Álex Ruiz * Fix release date for 4.10.1 (#643) (#645) * Support new Wazuh version 4.10.2 (#649) * Remove dangling file for ASL integration (#665) (#666) --------- Signed-off-by: Malena Casas Signed-off-by: Álex Ruiz Co-authored-by: Malena Casas Co-authored-by: JuanGarriuz Co-authored-by: Fede Galland <99492720+f-galland@users.noreply.github.com> Co-authored-by: Kevin Ledesma --- .../packages/src/rpm/wazuh-indexer.rpm.spec | 4 ++- .../amazon-security-lake/CONTRIBUTING.md | 6 ++++ .../aws-lambda.dockerfile | 17 ---------- .../logstash/pipeline/indexer-to-file.conf | 34 ------------------- release-notes/wazuh.release-notes-4.10.2.md | 19 +++++++++++ 5 files changed, 28 insertions(+), 52 deletions(-) delete mode 100644 integrations/amazon-security-lake/aws-lambda.dockerfile delete mode 100644 integrations/amazon-security-lake/logstash/pipeline/indexer-to-file.conf create mode 100644 release-notes/wazuh.release-notes-4.10.2.md diff --git a/distribution/packages/src/rpm/wazuh-indexer.rpm.spec b/distribution/packages/src/rpm/wazuh-indexer.rpm.spec index 8ee30d1dd4eed..fa9481d618b9a 100644 --- a/distribution/packages/src/rpm/wazuh-indexer.rpm.spec +++ b/distribution/packages/src/rpm/wazuh-indexer.rpm.spec @@ -277,7 +277,9 @@ exit 0 %changelog * Tue Jan 28 2025 support - 4.11.0 -- More info: https://documentation.wazuh.com/current/release-notes/release-4-10-1.html +- More info: https://documentation.wazuh.com/current/release-notes/release-4-11-0.html +* Thu Jan 23 2025 support - 4.10.2 +- More info: https://documentation.wazuh.com/current/release-notes/release-4-10-2.html * Thu Jan 16 2025 support - 4.10.1 - More info: https://documentation.wazuh.com/current/release-notes/release-4-10-1.html * Wed Jan 08 2025 support - 4.10.0 diff --git a/integrations/amazon-security-lake/CONTRIBUTING.md b/integrations/amazon-security-lake/CONTRIBUTING.md index 1d8132d814c73..e819fac2f6c7e 100644 --- a/integrations/amazon-security-lake/CONTRIBUTING.md +++ b/integrations/amazon-security-lake/CONTRIBUTING.md @@ -16,6 +16,12 @@ This Docker Compose project will bring up these services: - our [events generator](../tools/events-generator/README.md) - an AWS Lambda Python container. +| Service | Address | Credentials | +| ------------- | ------------------------ | --------------- | +| Wazuh Indexer | https://localhost:9200 | admin:admin | +| Dashboards | https://localhost:5601 | admin:admin | +| S3 Ninja | http://localhost:9444/ui | | + On the one hand, the event generator will push events constantly to the indexer, to the `wazuh-alerts-4.x-sample` index by default (refer to the [events generator](../tools/events-generator/README.md) documentation for customization options). On the other hand, Logstash will query for new data and deliver it to output configured in the pipeline `indexer-to-s3`. This pipeline delivers the data to an S3 bucket, from which the data is processed using a Lambda function, to finally be sent to the Amazon Security Lake bucket in Parquet format. The pipeline starts automatically, but if you need to start it manually, attach a terminal to the Logstash container and start the integration using the command below: diff --git a/integrations/amazon-security-lake/aws-lambda.dockerfile b/integrations/amazon-security-lake/aws-lambda.dockerfile deleted file mode 100644 index 7039c2b935de8..0000000000000 --- a/integrations/amazon-security-lake/aws-lambda.dockerfile +++ /dev/null @@ -1,17 +0,0 @@ -# docker build --platform linux/amd64 --no-cache -f aws-lambda.dockerfile -t docker-image:test . -# docker run --platform linux/amd64 -p 9000:8080 docker-image:test - -# FROM public.ecr.aws/lambda/python:3.9 -FROM amazon/aws-lambda-python:3.12 - -# Copy requirements.txt -COPY requirements.aws.txt ${LAMBDA_TASK_ROOT} - -# Install the specified packages -RUN pip install -r requirements.aws.txt - -# Copy function code -COPY src ${LAMBDA_TASK_ROOT} - -# Set the CMD to your handler (could also be done as a parameter override outside of the Dockerfile) -CMD [ "lambda_function.lambda_handler" ] \ No newline at end of file diff --git a/integrations/amazon-security-lake/logstash/pipeline/indexer-to-file.conf b/integrations/amazon-security-lake/logstash/pipeline/indexer-to-file.conf deleted file mode 100644 index 1bee9afc62450..0000000000000 --- a/integrations/amazon-security-lake/logstash/pipeline/indexer-to-file.conf +++ /dev/null @@ -1,34 +0,0 @@ -input { - opensearch { - hosts => ["wazuh.indexer:9200"] - user => "${INDEXER_USERNAME}" - password => "${INDEXER_PASSWORD}" - ssl => true - ca_file => "/usr/share/logstash/root-ca.pem" - index => "wazuh-alerts-4.x-*" - query => '{ - "query": { - "range": { - "@timestamp": { - "gt": "now-1m" - } - } - } - }' - schedule => "* * * * *" - } -} - - -output { - stdout { - id => "output.stdout" - codec => json_lines - } - file { - id => "output.file" - path => "/var/log/logstash/indexer-to-file-%{+YYYY-MM-dd-HH}.log" - file_mode => 0644 - codec => json_lines - } -} diff --git a/release-notes/wazuh.release-notes-4.10.2.md b/release-notes/wazuh.release-notes-4.10.2.md new file mode 100644 index 0000000000000..d5115f8379982 --- /dev/null +++ b/release-notes/wazuh.release-notes-4.10.2.md @@ -0,0 +1,19 @@ +## 2025-01-23 Version 4.10.2 Release Notes + +## [4.10.2] + +### Added + +- + +### Dependencies + +- + +### Changed + +- + +### Fixed + +-