January 27, 2020

Wazuh API の Ruby クライアントを作った

作りました。https://github.com/mrtc0/wazuh-ruby-client

使い方は README や YARD に書いてあるとおりで、こんな感じで使えます。

Wazuh.configure do |config|
  config.endpoint = "https://wazuh.local:55000"
  config.basic_user = "foo"
  config.basic_password = "bar"
  config.verify_ssl = false
end

client = Wazuh::Client.new
client.all_agents
# => {"error"=>0,
#  "data"=>
#   {"items"=>
#     [{"os"=>
#        {"arch"=>"x86_64",
#         "codename"=>"Xenial Xerus",
#         "major"=>"16",
#         "minor"=>"04",
#         "name"=>"Ubuntu",
#         "platform"=>"ubuntu",
#         "uname"=>"Linux |wazuh-manager-master-0 |4.14.138+ |#1 SMP Tue Sep 3 02:58:08 PDT 2019 |x86_64",
#         "version"=>"16.04.6 LTS"},
#       "status"=>"Active",
#       "dateAdd"=>"2020-01-07 16:13:05",
#       "ip"=>"127.0.0.1",
#       "id"=>"000",
#       "registerIP"=>"127.0.0.1",
#       "node_name"=>"wazuh-manager-master",
#       "manager"=>"wazuh-manager-master-0",
#       "name"=>"wazuh-manager-master-0",
#       "lastKeepAlive"=>"9999-12-31 23:59:59",
#       "version"=>"Wazuh v3.11.1"}],
#     ...
#    "totalItems"=>5}}

フィルタはこんな感じで hash を渡します。

# Filter by status is active
> client.all_agents({ status: 'active' })
# Filter by agent os.name is ubuntu
> client.all_agents({ 'os.name' => 'ubuntu' })
このエントリーをはてなブックマークに追加

© Kouhei Morita 2018