Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Content Manager refactor I #316

Open
1 of 8 tasks
f-galland opened this issue Mar 12, 2025 · 0 comments · May be fixed by #317
Open
1 of 8 tasks

Content Manager refactor I #316

f-galland opened this issue Mar 12, 2025 · 0 comments · May be fixed by #317
Assignees
@f-galland
Labels
level/task Task issue type/enhancement Enhancement issue

Comments

@f-galland
Copy link
Member

f-galland commented Mar 12, 2025
edited by AlexRuiz7
Loading

Description

We are facing some problems to continue the development of the Content Manager due to some missing pieces of code and missing features, such as the initialization of the snapshot link into the wazuh-context index.

Functional requirements

  • The Content Manager initializes the wazuh-context index on start.
    • The snapshot value is set to a valid link.
    • The offset value is set to 0.
    • The last_offset value is set to the offset value returned by the request to the CTI API.

Implementation restrictions

  • The wazuh-context index is initialized with the content returned by the CTI API, by performing an HTTP request.

Plan

  • Rename ContextConsumerCatalog to ConsumerInfo
  • Get the consumer info from the CTI API and index the data at onNodeStarted()
  • Remove all test-related code (endpoints). Move the logic inside the plugin or unit tests
  • Rename CTIclient::getConsumerInfo() to ConsumerInfo (a model representing the response from API Documentation)
  • Simplify methods in the ContentIndex class. Keep only the method ContextIndex::set(consumerInfo: ConsumerInfo): FutureComplete, which:
    • Writes consumerInfo into the index.
    • Stores the fields: context, name, last_offset, and last_snapshot_link
  • Reduce the model to only the fields that will be used; the rest can be ignored for now
  • Review, simplify, and unify the models
    • Remove Document, GenericDocument, Offset, Offsets / Unify them into a new model ContextChanges

Sample document:

[
  {
    "_index": "wazuh-context",
    "_id": "foo",
    "_source": {
      "bar": {
        "offset": 0,
        "last_offset": 44,
        "snapshot": "uri-to-snapshot"
      }
    }
  }
]
@f-galland f-galland self-assigned this Mar 12, 2025
@wazuhci wazuhci moved this to In progress in XDR+SIEM/Release 5.0.0 Mar 12, 2025
@f-galland f-galland changed the title Content Manager Consumer Index Add consumer indexing functionality to Content Manager Mar 12, 2025
@AlexRuiz7 AlexRuiz7 added level/task Task issue type/enhancement Enhancement issue labels Mar 12, 2025
@AlexRuiz7 AlexRuiz7 changed the title Add consumer indexing functionality to Content Manager Content Manager refactor I Mar 12, 2025
@f-galland f-galland linked a pull request Mar 12, 2025 that will close this issue
Draft
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@f-galland f-galland

Labels
level/task Task issue type/enhancement Enhancement issue
Projects
XDR+SIEM/Release 5.0.0
Status: In progress
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Refactor Content Manager's code and fix Catalog info indexing wazuh/wazuh-indexer-plugins
2 participants
@AlexRuiz7 @f-galland