Wazuh-API + Android / iOS + Apple Watch
2,070 views
Skip to first unread message
Fabio Sbano
May 15, 2017, 6:56:47 PM5/15/17
to Wazuh mailing list
Hello Everyone,
I am develop one interface with the wazuh-api mobile version (management/info).
Is path secure using Wazuh-Api ?
I getting objects by json response putting inside the one (ListView / TableView)
Best Regards,
Fabio Sbano
Jesus Linares
May 16, 2017, 5:12:09 AM5/16/17
to Wazuh mailing list
Hi Fabio,
if you are developing an app using Wazuh API you must take into account the following considerations:
- Change default credentials and use HTTPS: https://documentation.wazuh.com/current/installation-guide/optional-configurations/securing-api.html
- The API doesn't support user roles yet, so in my opinion, the API must be reachable only from the internal network (even only from a specific subnet).
- Be aware that the API can leak a lot of confidential information (IPs, configurations, etc) and it can perform "dangerous" actions like remove an agent.
- It is possible to use a proxy (Nginx) to limit the access to a few request (a workaround while we develop user roles for the API).
Good luck with the App. It will be nice to see a Wazuh UI running in Android / iOS.
Regards.
Fabio Sbano
May 16, 2017, 5:30:46 AM5/16/17
to Jesus Linares, Wazuh mailing list
Thank you very much!!
- Https
- Proxy with auth
- only menthod readonly in wazuh-api then
Are they right?
Best Regards,
Fábio Sbano
--
You received this message because you are subscribed to the Google Groups "Wazuh mailing list" group.
To unsubscribe from this group and stop receiving emails from it, send an email to wazuh+unsubscribe@googlegroups.com.
To post to this group, send email to wa...@googlegroups.com.
Visit this group at https://groups.google.com/group/wazuh.
To view this discussion on the web visit https://groups.google.com/d/msgid/wazuh/f4945e18-649a-40ba-85b7-7b03378dfa57%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Pedro Sanchez
May 16, 2017, 3:27:04 PM5/16/17
to Fabio Sbano, Jesus Linares, Wazuh mailing list
Hi Fabio! That sounds spectacular.
I have been working with iOS SDK on the past, I think you will find very useful the parameters we have on the API for sorting / limiting / searching / paginate. I am sure you already read it but.. take a look at:
Update us with your progress! I really want to watch some screenshots :D
Best,
Pedro.
To view this discussion on the web visit https://groups.google.com/d/msgid/wazuh/CANfOmJF9Sg_bMCvupKMJrf2%3D58gGz_PzRVhD6Rv%3DP-SnZk%3DZAg%40mail.gmail.com.
Fabio Sbano
May 16, 2017, 3:39:10 PM5/16/17
to Pedro Sanchez, Wazuh mailing list, Jesus Linares
Pedro,
The code is stopped?.. i can make one fork this project or the code is private only?
Are you using objective-c ou swift?
Best Regards,
Fábio Sbano
Santiago Bassett
May 16, 2017, 3:44:03 PM5/16/17
to Fabio Sbano, Pedro Sanchez, Wazuh mailing list, Jesus Linares
Hi Fabio,
I don't think Pedro meant he did this work for Wazuh. We haven't done anything for iOS afaik.
Best regards
To view this discussion on the web visit https://groups.google.com/d/msgid/wazuh/CANfOmJFmr30bv78jhknLT9rx7769KULCy_gkGq-m1idR9EooxA%40mail.gmail.com.
Fabio Sbano
May 16, 2017, 4:12:59 PM5/16/17
to Santiago Bassett, Wazuh mailing list, Jesus Linares, Pedro Sanchez
oh.. okay another apps.. i am sorry
Pedro Sanchez
May 16, 2017, 4:33:45 PM5/16/17
to Fabio Sbano, Santiago Bassett, Wazuh mailing list, Jesus Linares, Pedro Sanchez
Sorry about that! My english is getting worse instead of better :(.
Santiago is right, I just worked with iOS on the past but not for a Wazuh project just poking around.
What I meant is I think Wazuh RestFul API is ready and prepared to be use with objective-c/swift and Java/Android SDK.
Reply all
Reply to author
Forward
0 new messages