wazuh api command to retrieve details of multiple agents/agent groups
118 views
Skip to first unread message
Amal m das
Dec 16, 2023, 2:43:40 AM12/16/23
to Wazuh | Mailing List
Hi team,
For instance "GET /syscollector/005/processes?name=w3wp.exe" this is a wazuh api command to get details of single agent.In the same context how to retrieve details of multiple agents or all agents in this command,Any Idea?
Nicolas Osvaldo Fernandez
Dec 17, 2023, 6:42:46 PM12/17/23
to Wazuh | Mailing List
Hello, nice to greet you.
According to the official documentation, you cannot do what you want using the same Wazuh API endpoint.
However, you could put together a script that performs this task by obtaining the IDs of the installed agents with a script.
You could get the installed agents with the following API query:
TOKEN=$(curl -u <user>:<password> -k -X POST "https://localhost:55000/security/user/authenticate?raw=true")
curl -k -X GET "https://localhost:55000/agents" -H "Authorization: Bearer $TOKEN" | jq | grep id
You could filter the IDs of the agents with a python or bash script, with these IDs, you could make a query with the service you are currently using and obtain the desired information on all or the agents you need.
Let me know if the help provided was helpful to you.
Greetings,
Nicolas
According to the official documentation, you cannot do what you want using the same Wazuh API endpoint.
However, you could put together a script that performs this task by obtaining the IDs of the installed agents with a script.
You could get the installed agents with the following API query:
TOKEN=$(curl -u <user>:<password> -k -X POST "https://localhost:55000/security/user/authenticate?raw=true")
curl -k -X GET "https://localhost:55000/agents" -H "Authorization: Bearer $TOKEN" | jq | grep id
You could filter the IDs of the agents with a python or bash script, with these IDs, you could make a query with the service you are currently using and obtain the desired information on all or the agents you need.
Let me know if the help provided was helpful to you.
Greetings,
Nicolas
Reply all
Reply to author
Forward
0 new messages