Merge pull request #4834 from wazuh/merge-4.8.1-into-4.8.2

Merge 4.8.1 into 4.8.2

CHANGELOG.md

@@ -26,10 +26,11 @@ All notable changes to this project will be documented in this file.
 
 ### Changed
 
+- Deactivate tests and update vulnerability-detector configuration ([#4784](https://github.com/wazuh/wazuh-qa/pull/4784)) \- (Framework + Tests)
 - Fix body format for get_api_token ([#4797](https://github.com/wazuh/wazuh-qa/pull/4797)) \- (Framework)
 - Fix one_manager_agent_env pytest marker for System Tests ([#4782](https://github.com/wazuh/wazuh-qa/pull/4782)) \- (Tests)
 - Updated Filebeat module to 0.4 ([#4775](https://github.com/wazuh/wazuh-qa/pull/4775)) \- (Framework)
-- Include ATP repository update before the installation of Ubuntu E2E agent installation ([#4761](https://github.com/wazuh/wazuh-qa/pull/4761)) \- (Framework)
+- Include APT repository update before the installation of Ubuntu E2E agent installation ([#4761](https://github.com/wazuh/wazuh-qa/pull/4761)) \- (Framework)
 - Enhance macOS deployment ansible taks ([#4685](https://github.com/wazuh/wazuh-qa/pull/4685)) \- (Framework)
 - Updated Filebeat module to 0.3 ([#4700](https://github.com/wazuh/wazuh-qa/pull/4700)) \- (Framework)
 - Change database v13 to v12. ([#4677](https://github.com/wazuh/wazuh-qa/pull/4677)) \- (Tests)
@@ -43,6 +44,7 @@ All notable changes to this project will be documented in this file.
 
 ### Fixed
 
+- Fixed IT control_service Windows loop ([#4765](https://github.com/wazuh/wazuh-qa/pull/4765)) \- (Framework)
 - Fix macOS agents provision to enable registration and connection with managers. ([#4770](https://github.com/wazuh/wazuh-qa/pull/4770/)) \- (Framework)
 - Fix hardcoded python interpreter in qa_framework role. ([#4658](https://github.com/wazuh/wazuh-qa/pull/4658)) \- (Framework)
 - Fix duplicated jq dependency ([#4678](https://github.com/wazuh/wazuh-qa/pull/4678)) \- (Framework)

deps/wazuh_testing/wazuh_testing/data/all_disabled_ossec.conf

@@ -38,9 +38,13 @@
     <enabled>no</enabled>
   </sca>
 
-  <vulnerability-detector>
+  <vulnerability-detection>
     <enabled>no</enabled>
-  </vulnerability-detector>
+  </vulnerability-detection>
+
+  <indexer>
+    <enabled>no</enabled>
+  </indexer>
 
   <!-- File integrity monitoring -->
   <syscheck>

provisioning/roles/wazuh/ansible-wazuh-manager/defaults/main.yml

@@ -173,32 +173,11 @@ wazuh_manager_sca:
 ## Vulnerability Detector
 wazuh_manager_vulnerability_detector:
   enabled: 'no'
-  interval: '5m'
-  run_on_start: 'yes'
-  providers:
-    - enabled: 'no'
-      os:
-        - 'trusty'
-        - 'xenial'
-        - 'bionic'
-      update_interval: '1h'
-      name: '"canonical"'
-    - enabled: 'no'
-      os:
-        - 'wheezy'
-        - 'stretch'
-        - 'jessie'
-        - 'buster'
-      update_interval: '1h'
-      name: '"debian"'
-    - enabled: 'no'
-      update_from_year: '2010'
-      update_interval: '1h'
-      name: '"redhat"'
-    - enabled: 'no'
-      update_from_year: '2010'
-      update_interval: '1h'
-      name: '"nvd"'
+  index_status: 'no'
+  feed_update_interval: '60m'
+
+wazuh_manager_indexer:
+  enabled: 'no'
 
 ## Syscheck
 wazuh_manager_syscheck:
@@ -441,6 +420,7 @@ wazuh_manager_config_defaults:
   syscollector: '{{ wazuh_manager_syscollector }}'
   sca: '{{ wazuh_manager_sca }}'
   vulnerability_detector: '{{ wazuh_manager_vulnerability_detector }}'
+  indexer: '{{ wazuh_manager_indexer }}'
   log_level: '{{ wazuh_manager_log_level }}'
   email_level: '{{ wazuh_manager_email_level }}'
   localfiles: '{{ wazuh_manager_localfiles }}'

provisioning/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2

@@ -258,37 +258,23 @@
   {% endif %}
   </sca>
 
-  <vulnerability-detector>
+  <vulnerability-detection>
   {% if wazuh_manager_config.vulnerability_detector.enabled is defined %}
     <enabled>{{ wazuh_manager_config.vulnerability_detector.enabled }}</enabled>
   {% endif %}
-  {% if wazuh_manager_config.vulnerability_detector.interval is defined %}
-    <interval>{{ wazuh_manager_config.vulnerability_detector.interval }}</interval>
+  {% if wazuh_manager_config.vulnerability_detector.index_status is defined %}
+    <index-status>{{ wazuh_manager_config.vulnerability_detector.index_status }}</index-status>
   {% endif %}
-  {% if wazuh_manager_config.vulnerability_detector.run_on_start is defined %}
-    <run_on_start>{{ wazuh_manager_config.vulnerability_detector.run_on_start }}</run_on_start>
+  {% if wazuh_manager_config.vulnerability_detector.feed_update_interval is defined %}
+    <feed-update-interval>{{ wazuh_manager_config.vulnerability_detector.feed_update_interval }}</feed-update-interval>
   {% endif %}
-  {% if wazuh_manager_config.vulnerability_detector.providers is defined %}
-  {% for provider_ in wazuh_manager_config.vulnerability_detector.providers %}
-    <provider name={{ provider_.name }}>
-      {% if provider_.enabled is defined %}
-      <enabled>{{ provider_.enabled }}</enabled>
-      {% endif %}
-      {% if provider_.os is defined %}
-      {% for os_ in provider_.os %}
-      <os>{{ os_ }}</os>
-      {% endfor %}
-      {% endif %}
-      {% if provider_.update_from_year is defined %}
-      <update_from_year>{{ provider_.update_from_year }}</update_from_year>
-      {% endif %}
-      {% if provider_.update_interval is defined %}
-      <update_interval>{{ provider_.update_interval }}</update_interval>
-      {% endif %}
-    </provider>
-  {% endfor %}
+  </vulnerability-detection>
+
+  <indexer>
+  {% if wazuh_manager_config.indexer.enabled is defined %}
+    <enabled>{{ wazuh_manager_config.indexer.enabled }}</enabled>
   {% endif %}
-  </vulnerability-detector>
+  </indexer>
 
   <!-- File integrity monitoring -->
   <syscheck>

tests/end_to_end/test_basic_cases/test_vulnerability_detector/test_vulnerability_detector_linux/data/playbooks/configuration.yaml

@@ -37,25 +37,14 @@
         tasks_from: write_wazuh_config.yaml
       vars:
         config_block: |
-          <vulnerability-detector>
+          <vulnerability-detection>
           <enabled>yes</enabled>
-          <interval>60s</interval>
-          <min_full_scan_interval>60s</min_full_scan_interval>
-          <run_on_start>yes</run_on_start>
-
-          <!-- Ubuntu OS vulnerabilities -->
-          <provider name="canonical">
-          <enabled>yes</enabled>
-          <os>jammy</os>
-          <update_interval>1h</update_interval>
-          </provider>
-
-          <!-- Aggregate vulnerabilities -->
-          <provider name="nvd">
-          <enabled>yes</enabled>
-          <update_interval>1h</update_interval>
-          </provider>
-          </vulnerability-detector>
+          <index-status>no</index-status>
+          <feed-update-interval>60s</feed-update-interval>
+          </vulnerability-detection>
+          <indexer>
+          <enabled>no</enabled>
+          </indexer>
         os: linux
 
     - name: Restart wazuh-manager

tests/end_to_end/test_basic_cases/test_vulnerability_detector/test_vulnerability_detector_linux/test_vulnerability_detector_linux.py

@@ -67,6 +67,7 @@
 pytestmark = [TIER0, LINUX]
 
 
+@pytest.mark.skip(reason="Vulnerability Detector was refactored. Some tests are deprecated.")
 @pytest.mark.filterwarnings('ignore::urllib3.exceptions.InsecureRequestWarning')
 @pytest.mark.parametrize('metadata', configuration_metadata, ids=cases_ids)
 def test_vulnerability_detector_linux(configure_environment, metadata, get_indexer_credentials, get_manager_ip,

tests/end_to_end/test_basic_cases/test_vulnerability_detector/test_vulnerability_detector_windows/data/playbooks/configuration.yaml

@@ -51,24 +51,14 @@
         tasks_from: write_wazuh_config.yaml
       vars:
         config_block: |
-          <vulnerability-detector>
+          <vulnerability-detection>
           <enabled>yes</enabled>
-          <interval>60s</interval>
-          <min_full_scan_interval>60s</min_full_scan_interval>
-          <run_on_start>yes</run_on_start>
-
-          <!-- Windows OS vulnerabilities -->
-          <provider name="msu">
-          <enabled>yes</enabled>
-          <update_interval>1h</update_interval>
-          </provider>
-
-          <!-- Aggregate vulnerabilities -->
-          <provider name="nvd">
-          <enabled>yes</enabled>
-          <update_interval>1h</update_interval>
-          </provider>
-          </vulnerability-detector>
+          <index-status>no</index-status>
+          <feed-update-interval>60s</feed-update-interval>
+          </vulnerability-detection>
+          <indexer>
+          <enabled>no</enabled>
+          </indexer>
         os: linux
 
     - name: Restart wazuh-manager

tests/end_to_end/test_basic_cases/test_vulnerability_detector/test_vulnerability_detector_windows/test_vulnerability_detection_windows.py

@@ -68,6 +68,7 @@
 pytestmark = [TIER0, WINDOWS]
 
 
+@pytest.mark.skip(reason="Vulnerability Detector was refactored. Some tests are deprecated.")
 @pytest.mark.filterwarnings('ignore::urllib3.exceptions.InsecureRequestWarning')
 @pytest.mark.parametrize('metadata', configuration_metadata, ids=cases_ids)
 def test_vulnerability_detector_windows(configure_environment, metadata, get_indexer_credentials, get_manager_ip,

tests/integration/test_active_response/test_analysisd/data/configuration_template/configuration_overwritten_rules.yaml

@@ -26,7 +26,12 @@
         - log_format:
             value: syslog
 
-    - section: vulnerability-detector
+    - section: vulnerability-detection
+      elements:
+        - enabled:
+            value: 'no'
+
+    - section: indexer
       elements:
         - enabled:
             value: 'no'

tests/integration/test_analysisd/test_limit_eps/data/configuration_template/basic_test_module/configuration_disabled.yaml

@@ -1,5 +1,9 @@
 - sections:
-    - section: vulnerability-detector
+    - section: vulnerability-detection
+      elements:
+        - enabled:
+            value: 'no'
+    - section: indexer
       elements:
         - enabled:
             value: 'no'

tests/integration/test_analysisd/test_signature_id/data/configuration_template/configuration_signature_id_values.yaml

@@ -1,5 +1,10 @@
 - sections:
-    - section: vulnerability-detector
+    - section: vulnerability-detection
+      elements:
+        - enabled:
+            value: 'no'
+
+    - section: indexer
       elements:
         - enabled:
             value: 'no'

tests/integration/test_fim/test_files/test_audit/data/ossec.conf

@@ -108,25 +108,13 @@
     </policies>
   </sca>
 
-  <wodle name="vulnerability-detector">
-    <disabled>yes</disabled>
-    <interval>5m</interval>
-    <ignore_time>6h</ignore_time>
-    <run_on_start>yes</run_on_start>
-    <feed name="ubuntu-18">
-      <disabled>yes</disabled>
-      <update_interval>1h</update_interval>
-    </feed>
-    <feed name="redhat">
-      <disabled>yes</disabled>
-      <update_from_year>2010</update_from_year>
-      <update_interval>1h</update_interval>
-    </feed>
-    <feed name="debian-9">
-      <disabled>yes</disabled>
-      <update_interval>1h</update_interval>
-    </feed>
-  </wodle>
+  <vulnerability-detection>
+    <enabled>no</enabled>
+  </vulnerability-detection>
+
+  <indexer>
+    <enabled>no</enabled>
+  </indexer>
 
   <!-- File integrity monitoring -->
   <syscheck>

tests/integration/test_integratord/data/configuration/configuration_alerts_reading.yaml

@@ -22,12 +22,15 @@
         - disabled:
             value: 'yes'
 
-    - section: wodle
-      attributes:
-        - name: vulnerability-detector
+    - section: vulnerability-detection
       elements:
-        - disabled:
-            value: 'yes'
+        - enabled:
+            value: 'no'
+
+    - section: indexer
+      elements:
+        - enabled:
+            value: 'no'
 
     - section: rootcheck
       elements:

tests/integration/test_syscollector/data/configuration/configuration_syscollector.yaml

@@ -35,12 +35,15 @@
         - disabled:
             value: 'yes'
 
-    - section: wodle
-      attributes:
-        - name: vulnerability-detector
+    - section: vulnerability-detection
       elements:
-        - disabled:
-            value: 'yes'
+        - enabled:
+            value: 'no'
+
+    - section: indexer
+      elements:
+        - enabled:
+            value: 'no'
 
     - section: rootcheck
       elements:

tests/integration/test_syscollector/data/configuration/configuration_syscollector_no_tags.yaml

@@ -8,12 +8,15 @@
         - disabled:
             value: 'yes'
 
-    - section: wodle
-      attributes:
-        - name: vulnerability-detector
+    - section: vulnerability-detection
       elements:
-        - disabled:
-            value: 'yes'
+        - enabled:
+            value: 'no'
+
+    - section: indexer
+      elements:
+        - enabled:
+            value: 'no'
 
     - section: rootcheck
       elements:

tests/integration/test_syscollector/data/configuration/configuration_syscollector_scans_disabled.yaml

@@ -31,12 +31,15 @@
         - disabled:
             value: 'yes'
 
-    - section: wodle
-      attributes:
-        - name: vulnerability-detector
+    - section: vulnerability-detection
       elements:
-        - disabled:
-            value: 'yes'
+        - enabled:
+            value: 'no'
+
+    - section: indexer
+      elements:
+        - enabled:
+            value: 'no'
 
     - section: rootcheck
       elements: