Skip to content

Commit

Permalink
Merge branch '4.10' into merge-4.10-into-4.10.1
Browse files Browse the repository at this point in the history
  • Loading branch information
@javimed
javimed committed Jan 15, 2025
2 parents 5e85503 + 7bc82a0 commit 48461fe
Show file tree
Hide file tree
Showing 71 changed files with 719 additions and 596 deletions.
53 changes: 53 additions & 0 deletions source/_static/js/redirects.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -66,6 +66,46 @@ removedUrls['x.y'] = [

/* *** RELEASE 4.10 ****/

/* Redirections from 4.9 to 4.10 */

redirections.push(
{
'target': ['4.9=>4.10', '4.10=>4.9'],
'4.9': '/user-manual/wazuh-indexer-cluster.html',
'4.10': '/user-manual/wazuh-indexer-cluster/index.html',
},
{
'target': ['4.9=>4.10', '4.10=>4.9'],
'4.9': '/user-manual/wazuh-indexer-cluster.html#certificates-deployment',
'4.10': '/user-manual/wazuh-indexer-cluster/certificate-deployment.html',
},
{
'target': ['4.9=>4.10', '4.10=>4.9'],
'4.9': '/user-manual/wazuh-indexer-cluster.html#adding-wazuh-indexer-nodes',
'4.10': '/user-manual/wazuh-indexer-cluster/add-wazuh-indexer-nodes.html',
},
{
'target': ['4.9=>4.10', '4.10=>4.9'],
'4.9': '/user-manual/wazuh-indexer-cluster.html#cluster-management',
'4.10': '/user-manual/wazuh-indexer-cluster/cluster-management.html',
},
{
'target': ['4.9=>4.10', '4.10=>4.9'],
'4.9': '/user-manual/wazuh-indexer/index-life-management.html',
'4.10': '/user-manual/wazuh-indexer-cluster/index-lifecycle-management.html',
},
{
'target': ['4.9=>4.10', '4.10=>4.9'],
'4.9': '/user-manual/wazuh-indexer/wazuh-indexer-tuning.html#configure-shard-allocation-awareness-or-forced-awareness',
'4.10': '/user-manual/wazuh-indexer-cluster/wazuh-indexer-cluster-tuning.html#configure-shard-allocation-awareness-or-forced-awareness',
},
{
'target': ['4.9=>4.10', '4.10=>4.9'],
'4.9': '/user-manual/wazuh-indexer/wazuh-indexer-tuning.html#set-node-attributes-for-each-node-in-a-cluster',
'4.10': '/user-manual/wazuh-indexer-cluster/wazuh-indexer-cluster-tuning.html#set-node-attributes-for-each-node-in-a-cluster',
},
);

/* Pages added in 4.10 */

newUrls['4.10'] = [
Expand All @@ -75,8 +115,21 @@ newUrls['4.10'] = [
'/user-manual/capabilities/vulnerability-detection/troubleshooting.html',
'/user-manual/capabilities/vulnerability-detection/FAQ.html',
'/user-manual/capabilities/vulnerability-detection/known-issues.html',
'/user-manual/wazuh-indexer-cluster/index.html',
'/user-manual/wazuh-indexer-cluster/certificate-deployment.html',
'/user-manual/wazuh-indexer-cluster/add-wazuh-indexer-nodes.html',
'/user-manual/wazuh-indexer-cluster/index-lifecycle-management.html',
'/user-manual/wazuh-indexer-cluster/wazuh-indexer-cluster-tuning.html',
'/user-manual/wazuh-indexer-cluster/cluster-management.html',
]

/* Pages no longer available in 4.10 */

removedUrls['4.10'] = [
'/user-manual/wazuh-indexer-cluster.html',
'/user-manual/wazuh-indexer/index-life-management.html',
];

/* *** RELEASE 4.9 ****/

/* Redirections from 4.8 to 4.9 */
Expand Down
4 changes: 2 additions & 2 deletions source/_templates/installations/indexer/common/deploy_certificates.rst
View file
Original file line number Diff line number Diff line change
@@ -1,11 +1,11 @@
.. Copyright (C) 2015, Wazuh, Inc.
#. Run the following commands replacing ``<indexer-node-name>`` with the name of the Wazuh indexer node you are configuring as defined in ``config.yml``. For example, ``node-1``. This deploys the SSL certificates to encrypt communications between the Wazuh central components.
#. Run the following commands replacing ``<INDEXER_NODE_NAME>`` with the name of the Wazuh indexer node you are configuring as defined in ``config.yml``. For example, ``node-1``. This deploys the SSL certificates to encrypt communications between the Wazuh central components.

.. code-block:: console
# NODE_NAME=<indexer-node-name>
# NODE_NAME=<INDEXER_NODE_NAME>
.. code-block:: console
Expand Down
2 changes: 1 addition & 1 deletion source/_templates/installations/manager/configure_wazuh_master_node.rst
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,7 @@
<port>1516</port>
<bind_addr>0.0.0.0</bind_addr>
<nodes>
<node>WAZUH-MASTER-ADDRESS</node>
<node><WAZUH_MASTER_ADDRESS></node>
</nodes>
<hidden>no</hidden>
<disabled>no</disabled>
Expand Down
2 changes: 1 addition & 1 deletion source/_templates/installations/manager/configure_wazuh_worker_node.rst
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,7 @@ Configure the cluster node by editing the following settings in the ``/var/ossec
<port>1516</port>
<bind_addr>0.0.0.0</bind_addr>
<nodes>
<node>WAZUH-MASTER-ADDRESS</node>
<node><WAZUH_MASTER_ADDRESS></node>
</nodes>
<hidden>no</hidden>
<disabled>no</disabled>
Expand Down
2 changes: 1 addition & 1 deletion source/cloud-security/amazon/services/prerequisites/considerations.rst
View file
Original file line number Diff line number Diff line change
Expand Up @@ -38,7 +38,7 @@ In the ``/var/ossec/etc/ossec.conf`` file of the Wazuh server or agent, the conf
<skip_on_error>yes</skip_on_error>
<!-- CloudTrail, two regions, path, account_id, organization_id and logs after January 2018 -->
<bucket type="cloudtrail">
<name>WAZUH_AWS_BUCKET</name>
<name><WAZUH_AWS_BUCKET></name>
<aws_profile>default</aws_profile>
<aws_account_id>123456789012</aws_account_id>
<regions>us-east-1,us-east-2</regions>
Expand Down
4 changes: 2 additions & 2 deletions source/cloud-security/amazon/services/supported-services/cloudtrail.rst
View file
Original file line number Diff line number Diff line change
Expand Up @@ -46,9 +46,9 @@ Amazon CloudTrail configuration

.. code-block:: xml
<WAZUH_AWS_BUCKET>/<prefix>/AWSLogs/<ACCOUNT_ID>/CloudTrail/<REGION>/<year>/<month>/<day>
<WAZUH_AWS_BUCKET>/<PREFIX>/AWSLogs/<ACCOUNT_ID>/CloudTrail/<REGION>/<YEAR>/<MONTH>/<DAY>
The structure may change depending on the different configurations of the services, or changing of the ``<WAZUH_AWS_BUCKET>`` & ``<prefix>`` values by the user.
The structure may change depending on the different configurations of the services, or changing of the ``<WAZUH_AWS_BUCKET>`` and ``<PREFIX>`` values by the user.

#. Choose log events to be recorded and click **Next**.

Expand Down
2 changes: 1 addition & 1 deletion source/cloud-security/amazon/services/supported-services/ecr-image-scanning.rst
View file
Original file line number Diff line number Diff line change
Expand Up @@ -141,7 +141,7 @@ You need the following Amazon ECR permissions to `push images <https://docs.aws.
"ecr:DescribeImageScanFindings",
"ecr:StartImageScan"
],
"Resource": "arn:aws:ecr:<REGION>:<ACCOUNT_ID>:repository/<repository-name>"
"Resource": "arn:aws:ecr:<REGION>:<ACCOUNT_ID>:repository/<REPOSITORY_NAME>"
}
Amazon Lambda and Amazon EventBridge permissions
Expand Down
20 changes: 10 additions & 10 deletions source/cloud-service/archive-data/filename-format.rst
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,34 +11,34 @@ The files are stored in a directory structure that indicates the date and time t

The main path follows this format:

``wazuh-cloud-cold-<region>/<CLOUD_ID>/<category>[/<subcategory>]/<year>/<month>/<day>``
``wazuh-cloud-cold-<REGION>/<CLOUD_ID>/<CATEGORY>[/<SUBCATEGORY>]/<YEAR>/<MONTH>/<DAY>``

Each file has the following name:

``<CLOUD_ID>_<category>[_<subcategory>]_<YYYYMMDDTHHmm>_<UniqueString>.<format>``
``<CLOUD_ID>_<CATEGORY>[_<SUBCATEGORY>]_<YYYYMMDDTHHmm>_<UniqueString>.<FORMAT>``

The files include the following fields:

+-------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| field | Description |
+===============================+==============================================================================================================================================================================================================================+
| ``<region>`` | The region where the environment is located. |
| ``<REGION>`` | The region where the environment is located. |
+-------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| ``<cloud_id>`` | Cloud ID of the environment. |
| ``<CLOUD_ID>`` | Cloud ID of the environment. |
+-------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| ``<category>`` | This field must be *output*. |
| ``<CATEGORY>`` | This field must be *output*. |
+-------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| ``<subcategory>`` | This field is only used by the output category and contains *alerts* or *archives* files. |
| ``<SUBCATEGORY>`` | This field is only used by the output category and contains *alerts* or *archives* files. |
+-------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| ``<year>`` | The year when the file was delivered. |
| ``<YEAR>`` | The year when the file was delivered. |
+-------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| ``<month>`` | The month when the file was delivered. |
| ``<MONTH>`` | The month when the file was delivered. |
+-------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| ``<day>`` | The day when the file was delivered. |
| ``<DAY>`` | The day when the file was delivered. |
+-------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| ``<YYYYMMDDTHHmm>`` | Digits of the year, month, day, hour, and minute when the file was delivered. Hours are in 24-hour format and in UTC. A log file delivered at a specific time can contain records written at any point before that time. |
+-------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| ``<UniqueString>`` | The 16-character UniqueString component of the file name prevents overwriting files. It has no meaning and log processing software should ignore it. |
+-------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| ``<format>`` | It is the encoding of the file. This field is *json.gz* for *output* files, which is a JSON text file in compressed gzip format, and *tar.gz* for *configuration* files. |
| ``<FORMAT>`` | It is the encoding of the file. This field is *json.gz* for *output* files, which is a JSON text file in compressed gzip format, and *tar.gz* for *configuration* files. |
+-------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
4 changes: 2 additions & 2 deletions source/cloud-service/cli/index.rst
View file
Original file line number Diff line number Diff line change
Expand Up @@ -49,7 +49,7 @@ By default, the Wazuh Cloud CLI reads the credential information from a local fi

A non-default location can be specified for the config file by setting the `WAZUH_CLOUD_CREDENTIALS_FILE` environment variable to another local path.

1. Create the credentials file and add your :ref:`API key <cloud_apis_auth>`.
1. Create the credentials file and add your :ref:`API key <CLOUD_APIS_AUTH>`.

``~/.wazuh-cloud/credentials``

Expand All @@ -65,7 +65,7 @@ A non-default location can be specified for the config file by setting the `WAZU

.. code-block:: console
# wcloud-cli test-credentials --profile <profile-name>
# wcloud-cli test-credentials --profile <PROFILE_NAME>
.. code-block:: none
:class: output
Expand Down
8 changes: 4 additions & 4 deletions source/cloud-service/your-environment/agents-without-internet.rst
View file
Original file line number Diff line number Diff line change
Expand Up @@ -78,7 +78,7 @@ To achieve this configuration, follow these steps:

.. code-block::
WAZUH_MANAGER_IP=<NGINX_IP> WAZUH_PROTOCOL="tcp" \
WAZUH_MANAGER_IP=<NGINX_IP_ADDRESS> WAZUH_PROTOCOL="tcp" \
WAZUH_PASSWORD="<PASSWORD>" \
yum install wazuh-agent|WAZUH_AGENT_RPM_PKG_INSTALL|
Expand All @@ -93,7 +93,7 @@ In case your agents are located in AWS, you can access our Wazuh Cloud service s

2. Go to the **Help** section to contact the Wazuh team requesting your VPC endpoint service name. It has this format:

``com.amazonaws.vpce.<region>.vpce-svc-<aws-service-id>``
``com.amazonaws.vpce.<REGION>.vpce-svc-<AWS_SERVICE_ID>``

3. Select your endpoints in AWS:

Expand All @@ -107,15 +107,15 @@ In case your agents are located in AWS, you can access our Wazuh Cloud service s

5. After the endpoint is created, Wazuh approves the connection and sends a notification when it is ready to use.

6. You can now enroll your Wazuh agent but replace the *WAZUH_MANAGER_IP* value with the endpoint's DNS (``vpce-<aws-endpoint-id>.vpce-svc-<aws-service-id>.<region>.vpce.amazonaws.com``).
6. You can now enroll your Wazuh agent but replace the *WAZUH_MANAGER_IP* value with the endpoint's DNS (``vpce-<AWS_ENDPOINT_ID>.vpce-svc-<AWS_SERVICE_ID>.<REGION>.vpce.amazonaws.com``).

If the agents are located in a different region than your endpoint, use VPC Peerings to connect them to the endpoint service.

Example:

.. code-block::
WAZUH_MANAGER_IP=vpce-<aws-endpoint-id>.vpce-svc-<aws-service-id>.<region>.vpce.amazonaws.com WAZUH_PROTOCOL="tcp" \
WAZUH_MANAGER_IP=vpce-<AWS_ENDPOINT_ID>.vpce-svc-<AWS_SERVICE_ID>.<REGION>.vpce.amazonaws.com WAZUH_PROTOCOL="tcp" \
WAZUH_PASSWORD="<PASSWORD>>" \
yum install wazuh-agent|WAZUH_AGENT_RPM_PKG_INSTALL|
Expand Down
2 changes: 1 addition & 1 deletion source/cloud-service/your-environment/settings.rst
View file
Original file line number Diff line number Diff line change
Expand Up @@ -37,7 +37,7 @@ Two settings define the behavior of the indexed data:

Data remains indexed until either the indexed data retention or the indexed data capacity is reached. In other words, once either of the settings' values is reached, data rotation will occur (removing the oldest data) until the settings' conditions are met.

To configure index management policies, see :doc:`Index life management </user-manual/wazuh-indexer/index-life-management>` documentation.
To configure index management policies, see :doc:`/user-manual/wazuh-indexer-cluster/index-lifecycle-management` documentation.

.. _cloud_settings_archive_data:

Expand Down
12 changes: 6 additions & 6 deletions source/compliance/nist/active-response.rst
View file
Original file line number Diff line number Diff line change
Expand Up @@ -53,16 +53,16 @@ Ubuntu endpoint

.. code-block:: console
# useradd <user1>
# useradd <user2>
# useradd <USER1>
# useradd <USER2>
In our use case, ``<user1>`` is ``kon``, while ``<user2>`` is ``jon``.
In our use case, ``<USER1>`` is ``kon``, while ``<USER2>`` is ``jon``.

#. Attempt to log in with the wrong credentials to the ``<user2>`` account using ``<user1>`` account:
#. Attempt to log in with the wrong credentials to the ``<USER2>`` account using ``<USER1>`` account:

.. code-block:: console
<user 1>:$ su <user2>
<USER1>:$ su <USER2>
The image below shows the related alerts on the Wazuh dashboard:

Expand All @@ -83,7 +83,7 @@ Ubuntu endpoint

.. code-block:: console
# passwd --status <user2>
# passwd --status <USER2>
Expand Down
2 changes: 1 addition & 1 deletion source/deployment-options/deploying-with-ansible/setup-remote-systems.rst
View file
Original file line number Diff line number Diff line change
Expand Up @@ -22,7 +22,7 @@ Ansible does most of the work via SSH, and uses SSH authentication mechanisms. I
.. code-block:: none
:class: output
-u <user> Set the connection user.
-u <USER> Set the connection user.
-k Ask the password of the connection user.
-b Execute task and operations with a privilege user.
-K Ask for sudo password, intended for privilege escalation.
Expand Down
Loading

0 comments on commit 48461fe

Please sign in to comment.