wazuh · AlexRuiz7 · Sep 19, 2024 · Sep 18, 2024 · Sep 18, 2024
@@ -0,0 +1,79 @@
+---
+- name: command
+  title: Wazuh commands
+  short: Wazuh Inc. custom fields.
+  description: >
+    This index stores information about the Wazuh's commands. These commands can be sent to agents or Wazuh servers.
+  type: group
+  group: 2
+  fields:
+    - name: source
+      type: keyword
+      level: custom
+      description: >
+        Origin of the request.
+    - name: user
+      type: keyword
+      level: custom
+      description: >
+        The user that originated the request.
+    - name: target
+      type: keyword
+      level: custom
+      description: >
+        Wazuh Server Cluster name to send the command to.
+    - name: type
+      type: keyword
+      level: custom
+      description: >
+        The requested action type. One of 'agent_group', 'agent', 'wazuh_server'.
+    - name: action.type
+      type: keyword
+      level: custom
+      description: >
+        The actual requested action. One of Agent groups, Agent, Server cluster.
+    - name: action.args
+      type: keyword
+      level: custom
+      description: >
+        Array of command arguments, starting with the absolute path to the executable.
+    - name: action.version
+      type: keyword
+      level: custom
+      description: >
+        Version of the command's schema.
+    - name: timeout
+      type: short
+      level: custom
+      description: >
+        Time window in which the command has to be sent to its target.
+    - name: status
+      type: keyword
+      level: custom
+      description: >
+        Status within the Command Manager's context. One of 'pending', 'sent', 'success', 'failure'.
+    - name: result.code
+      type: short
+      level: custom
+      description: >
+        Status code returned by the target.
+    - name: result.message
+      type: keyword
+      level: custom
+      description: >
+        Result message returned by the target.
+    - name: result.data
+      type: keyword
+      level: custom
+      description: >
+        Result data returned by the target.
+    - name: request_id
+      type: short
+      level: custom
+      description: >
+        Unique identifier generated by the Command Manager. Auto-incremental.
+    - name: order_id
+      type: short
+      level: custom
+      description: >
+        Unique identifier generated by the Command Manager. Auto-incremental within the same Command Request ID.
@@ -0,0 +1,4 @@
+{
+    "dynamic": "strict",
+    "date_detection": false
+}
@@ -0,0 +1,8 @@
+---
+name: command
+fields:
+  base:
+    fields:
+      tags: []
+  command:
+    fields: "*"
@@ -0,0 +1,20 @@
+{
+  "index_patterns": [
+    ".commands*"
+  ],
+  "order": 1,
+  "settings": {
+    "index": {
+      "hidden": true,
+      "number_of_shards": "1",
+      "number_of_replicas": "0",
+      "refresh_interval": "5s",
+      "query.default_field": [
+        "command.source", 
+        "command.target", 
+        "command.status", 
+        "command.type"
+      ]
+    }
+  }
+}
@@ -0,0 +1,22 @@
+{
+  "index_patterns": [
+    ".commands*"
+  ],
+  "priority": 1,
+  "template": {
+    "settings": {
+      "index": {
+        "hidden": true,
+        "number_of_shards": "1",
+        "number_of_replicas": "0",
+        "refresh_interval": "5s",
+        "query.default_field": [
+          "command.source",
+          "command.target",
+          "command.status",
+          "command.type"
+        ]
+      }
+    }
+  }
+}