Aggregated report of Inventory data from all Wazuh Agents
1,062 views
Skip to first unread message
A B
Apr 22, 2021, 7:33:41 AM4/22/21
to Wazuh mailing list
Hi All,
Is there a way to get the collated response from all Wazuh agents regarding the Inventory data?
Is there a way to get the collated response from all Wazuh agents regarding the Inventory data?
Regards
Ashish
Federico Garcia Cruz
Apr 22, 2021, 10:12:25 AM4/22/21
to A B, Wazuh mailing list
Hi Ashis!
Thanks for contacting us.
Currently an agent's inventory data can only be queried for a single agent through the API and from Kibana the inventory report can only be downloaded for a single agent.
An alternative way of getting agents inventories is loop over the agents dbs and execute a sqlite3 shell command to retrieve the inventory and append it to an output file.
I made a simple script that can help you to achieve your goal:
#!/bin/bash
FILES=/var/ossec/queue/db/*
FILENAME=agents_inv
if [ -f $FILENAME ]; then
rm $FILENAME
fi
for f in $FILES
do
if [[ $f =~ ^.*[0-9]+.db$ ]]; then
echo "Inventory for $f" >> $FILENAME
sqlite3 $f 'select * from sys_osinfo' >> $FILENAME
sqlite3 $f 'select * from sys_hwinfo' >> $FILENAME
sqlite3 $f 'select * from sys_processes' >> $FILENAME
sqlite3 $f 'select * from sys_programs' >> $FILENAME
sqlite3 $f 'select * from sys_hotfixes' >> $FILENAME
sqlite3 $f 'select * from sys_netiface' >> $FILENAME
sqlite3 $f 'select * from sys_netproto' >> $FILENAME
sqlite3 $f 'select * from sys_netaddr' >> $FILENAME
sqlite3 $f 'select * from sys_ports' >> $FILENAME
fi
done
Hope it helps!
--
You received this message because you are subscribed to the Google Groups "Wazuh mailing list" group.
To unsubscribe from this group and stop receiving emails from it, send an email to wazuh+un...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/wazuh/e1fead3c-455b-4f43-b220-45d756272f90n%40googlegroups.com.
Federico Garcia Cruz
Core engineer | federic...@wazuh.com
Core engineer | federic...@wazuh.com
A B
Apr 22, 2021, 10:52:41 AM4/22/21
to Wazuh mailing list
Thanks for the quick turn around Federico, awesome approach but unfortunately I don't have sqlite setup on my server so will get it setup after approval and will share the findings.
Also, I have seen the API option, so will try to come up with iterative python script that fetches the name of agents and then uses it to get the inventory data with proper formatted report. (I will raise this as Wazuh PR soon)
Also, I have seen the API option, so will try to come up with iterative python script that fetches the name of agents and then uses it to get the inventory data with proper formatted report. (I will raise this as Wazuh PR soon)
A B
Apr 29, 2021, 6:00:59 AM4/29/21
to Wazuh mailing list
Hi Federico/Everyone,
I have created the Python script that will fetch the Inventory data of all Wazuh agents by using Wazuh Api and will export the required data (Process Name, PID, Agent ID) in CSV sheet.
I have created the Python script that will fetch the Inventory data of all Wazuh agents by using Wazuh Api and will export the required data (Process Name, PID, Agent ID) in CSV sheet.
Also, I am planning to add this feature under Wazuh dashboard with enhanced GUI options.(refer to attached demo image)
I hope this will help everyone who are using Wazuh extensively as endpoint security.
Regards
Ashish Bansal
Reply all
Reply to author
Forward
0 new messages