Open Source Security Blogs

Get notified when Elasticsearch/Wazuh Indexer/ OpenSearch stops indexing data

Prerequisites:

Use case:

Monitor Wazuh indexer/Elasticsearch/Opensearch Indexing and get a discord notification if no events indexed for the last 5 minutes.

Monitoring Script: 

#!/var/ossec/framework/python/bin/python3
import json
import requests
from requests.auth import HTTPBasicAuth
from socket import socket, AF_UNIX, SOCK_DGRAM


SOCKET_ADDR = '/var/ossec/queue/sockets/queue'
AUTH = HTTPBasicAuth('Username', 'YourWazuhIndexer/ElasticsearchPassword')
WazuhIndexer_URL = 'https://WazuhIndexer.ElasticsearchIP:9200'
#query data for the last 5 mins
QUERY = {
    "query": {
        "bool": {
            "must": [],
            "filter": [
                {"match_all": {}},
                {"range": {"timestamp": {"gte": "now-5m/m"}}}
            ]
        }
    }
}

def send_event(sock, msg):
    try:
        string = f'1:WazuhIndexer_query:{msg}'
        sock.send(string.encode())
    except Exception as e:
        print(f"Error sending event: {e}")

def fetch_hits(url, query):
    try:
        response = requests.get(url, auth=AUTH, verify=False, json=query)
        response.raise_for_status()  # Raise an error for bad status codes
        return json.loads(response.text)['hits']['total']['value']
    except requests.exceptions.RequestException as e:
        print(f"Error fetching data from Elasticsearch: {e}")
        return None

def main():
    try:
        sock = socket(AF_UNIX, SOCK_DGRAM)
        sock.connect(SOCKET_ADDR)

        # Fetch Wazuh alerts events hits
        wazuh_hits = fetch_hits(f'{WazuhIndexer_URL}/wazuh-alerts*/_search', QUERY)
        if wazuh_hits is not None:
            send_event(sock, f'All Wazuh Alerts Events indexed retruns:  {wazuh_hits} hits')

        # Fetch all events hits
        all_hits = fetch_hits(f'{WazuhIndexer_URL}/*/_search', QUERY)
        if all_hits is not None:
            send_event(sock, f'All Indexed Events returns: {all_hits} hits')

    except Exception as e:
        print(f"Error with socket operations: {e}")
    finally:
        sock.close()

if __name__ == "__main__":
    main()

Wazuh Manager Configuration:

Place the script in the Wazuh manager under the path /var/ossec/integrations assigning the following permissions and ownership: 

chown :wazuh /var/ossec/integrations/monitorIndexing.py
chmod 750 /var/ossec/integrations/monitorIndexing.py

Add the configuration to run the script and the rules to trigger the alerts in your Wazuh manager: 

 <wodle name="command">
  <disabled>no</disabled>
  <command>/var/ossec/integrations/monitorIndexing.py</command>
  <interval>1m</interval>
  <ignore_output>yes</ignore_output>
  <run_on_start>yes</run_on_start>
  <timeout>0</timeout>
</wodle>

<integration>
        <name>custom-discord</name>
        <group>monitoring</group>
        <hook_url>https://discord.com/api/webhooks/125309xxxx</hook_url>
        <api_key>https://192.168.121.97</api_key>
        <alert_format>json</alert_format>
</integration>

 <group name="monitoring,">
  <rule id="100302" level="8">
    <location>WazuhIndexer_query</location>
    <match>All Wazuh Alerts Events indexed retruns:  0 hits</match>
    <description>No Wazuh alerts indexed for the last 5 minutes</description>
  </rule>
  <rule id="100303" level="10">
    <location>WazuhIndexer_query</location>
    <match>All Indexed Events returns: 0 hits</match>
    <description>No events indexed for the last 5 minutes</description>
  </rule>
</group>

Make sure to restart the Wazuh manager to apply the changes: systemctl restart wazuh-manager

Result:

Hope this helps 😀

EL WALI KARKOUB

, , ,

62 responses to “Get notified when Elasticsearch/Wazuh Indexer/ OpenSearch stops indexing data”

  19. Can you be more specific about the content of your article? After reading it, I still have some doubts. Hope you can help me.

  49. I am no longer sure the place you’re getting your info, but good topic. I needs to spend a while studying more or working out more. Thanks for great info I used to be in search of this info for my mission.

  52. If you’re trying to bulk up, Anavar is at all times a sensible choice for lean muscle.
    For newbies, it’s instructed you go for mg with
    a cycle size of 8-10 weeks. If you’re more experienced, you can play around with the dosages
    a bit.
    Thoroughly analysis reputable sources, confirm product authenticity, and prioritize products that bear rigorous high quality testing.
    Additionally, seek the guidance of with healthcare professionals or experienced health advisors to make sure Anavar
    aligns with your targets, overall well being, and individual circumstances.
    Implementing a post-cycle therapy (PCT) protocol after finishing an Anavar (Oxandrolone) cycle is important for
    restoring pure hormone production and sustaining optimum health.

    Hair loss is possible from testosterone because of a
    considerable rise in DHT ranges, which may result in shrinkage and damage to hair follicles
    on the scalp. Generally, it isn’t beneficial for bodybuilders to block DHT, as
    it’s a highly effective anabolic hormone. Anecdotally,
    we’ve seen decreased DHT ranges inhibit will increase
    in muscle hypertrophy and energy. Bodybuilders have referred to testosterone as
    the “safest steroid.” Nonetheless, no anabolic steroids are protected when taken in supraphysiological doses and
    without medical steering. However, if a consumer abuses Anavar with extreme dosages, endogenous testosterone recovery just isn’t certain. By leveraging its advantages alongside proper coaching and nutrition, you can maximize muscle progress and overcome plateaus, regardless
    of your health level. TRT dosages for testosterone alternative remedy are determined primarily based on particular person hormone levels and desires.

    Oxandrolone and Nandrolone are just about at complete opposite
    ends of the spectrum. The former is used for chopping, recomping, and
    getting lean, whereas the latter is often used to bulk up and add mass.
    As A Outcome Of of this, it’s unlikely that you’d
    ever want to use them together. Men ought to start an Anavar dosage with mg
    a day, preferably 30 mg if you’re new to the world of steroids.
    This should be greater than enough to correctly stimulate muscle
    positive aspects, and it’s good for those just beginning out.
    They don’t offer the bodybuilding and performance-enhancing
    results that you can derive from utilizing genuine oral Anavar
    steroids.
    Nonetheless, it’s sensible to watch liver enzymes throughout utilization as a precaution. Anavar is broadly
    utilized in managing muscle-wasting ailments, corresponding to
    these brought on by HIV/AIDS and certain cancers. These conditions usually
    lead to cachexia, a syndrome marked by extreme muscle atrophy and weight
    reduction.
    A descriptive examine of opposed occasions from clenbuterol misuse and abuse for weight loss and
    bodybuilding. (17) Malhotra, A., Poon, E., Tse, W.
    Y., Pringle, P. J., Hindmarsh, P. C., & Brook, C. G.
    The results of oxandrolone on the growth hormone and gonadal axes in boys with
    constitutional delay of progress and puberty.
    If a person’s physique fat share appears to have increased on Anavar
    they usually have not been overeating, then the active substance could additionally be Dianabol.
    This is extra widespread with Instagram models or folks often showing on magazine covers.
    There is high strain on these individuals to continually look in glorious situation, in order that
    they utilize Anavar as somebody would with testosterone on TRT (testosterone substitute therapy).
    If a consumer has no choice and equally wants to construct muscle
    and burn fats on the same time, upkeep calories could additionally be optimal.

    This supplementation strives to maintain up a balance, forestall issues such as fatigue,
    mood swings, and lowered libido that may be associated to low
    testosterone ranges. Users normally begin this supplemental administration per
    week before beginning the steroid and proceed it till a few weeks after discontinuation to regain regular hormonal stability.

    Open the door to the transformative effect of the anabolic steroid,
    generally known by its popular name, Anavar. Primarily used for chopping
    cycles, this compound is famend worldwide for its influence on muscle development and strength whereas maintaining a lean physique.
    Embracing this progression stage involves careful consideration,
    with this versatile possibility gaining attention due to minimal undesirable outcomes and strength-enhancing talents.
    Anavar features by mimicking testosterone, promoting muscle
    development and enhancing masculine physical attributes.

    From the FDA’s standpoint, this occasion appeared to be the final straw that broke the camel’s back.

    Even though this drug is sort of well-liked with ladies,
    there may be evidence that those who take Anavar can expertise sudden changes
    in their menstrual cycles [12]. There could be multiple explanations for this, together with that
    oxandrolone is not a well-liked PED among skilled athletes as a end result of intense workout pumps that it can cause.

    Beginners might want to contemplate beginning with 30 milligrams per day, but
    they want to be warned that such a small dose might don’t have any
    impact on certain individuals. Starting a discount cycle with 50 mg per
    day is an appropriate starting point. Because Anavar is a steroid that’s usually
    well-tolerated by men, your degree of experience won’t play a huge impact
    in choosing how a lot Anavar you want to take.
    It is rare for Anavar customers to expertise painful pumps when performing deadlifts, particularly
    within the lower again. Therefore, users must use
    warning while adding brief rest periods between units or doing high rep ranges when exercising.

    Anavar’s aesthetic benefits embrace a rise in glycogen storage
    capability. To forestall additional liver damage, Anavar shouldn’t be
    used with hepatotoxic substances like alcohol.

    As for the inhibition of glucocorticoid hormones, these are muscle
    losing hormones; cortisol being essentially the most
    well-known. Anavar® incorporates 4-Androstenolone can also be called four androstene-3b-ol,17-one or
    4-ANDRO by many in the bodybuilding community for brief.
    4-Androsterone products are nice stackers, and could be stacked with nearly any compound.
    Both experimental and anecdotal proof supports 4-Androstenolone’s capacity to boost testosterone levels and enhance efficiency.
    Anavar® additionally incorporates 1-Androstenolone that
    has a singular structure which makes it favorable to many individuals who wish
    to stability their hormones.
    By following a structured cycle, customers aim to maximize the advantages of Anavar whereas minimizing
    potential dangers and unwanted side effects. Understanding the vital
    thing elements and concerns of an Anavar cycle
    is crucial for reaching desired outcomes and maintaining
    general well being and well-being. Lastly, Anavar binds to androgen receptors
    within the body, triggering specific mobile responses. This activation can lead to elevated
    muscle energy, improved recovery, and enhanced athletic performance overall.
    In The End, the choice to use Anavar ought to be primarily based on an intensive assessment of your fitness targets,
    well being status, and willingness to adhere to protected utilization practices.
    Consulting with healthcare professionals, ideally these experienced
    with performance-enhancing substances, can present priceless insights and
    assist you to make an informed determination. Anavar is usually a highly
    effective device in reaching peak efficiency and a defined physique, but
    like all powerful software, it have to be used responsibly and with due diligence.

    In most cases, these side effects are reversible once the person stops taking Anavar.
    This can range from gentle discoloration to extra extreme
    changes, corresponding to patches of darker pores and
    skin. The different facet effect that is generally reported is
    changes in hair progress. Nevertheless, this should be
    approached with warning, and professional steering is really helpful.
    CrazyBulk is a reputable and well-known firm in the fitness trade, and their merchandise
    are formulated with high-quality elements to ensure efficient
    and protected outcomes.

    References:

    steroids for muscle gain

  55. 本来、電柱およびこれに添架される電線は空間としての道路を占有しているため、道路法に基づいて道路管理者に対して所定の手続きを踏む必要があるほか、電柱所有者に対しても利用許可の申請が必要になるが、無許可であっても一旦設置してしまえば撤去するには膨大な費用がかかるため行政も簡単には撤去できない隙間を突いたやり方で勢力を拡大。 ミャンマー、ラカイン州マウンドーでロヒンギャの武装集団が複数の治安施設を襲撃。治安部隊員12人が死亡。乗員10人が死亡、5人が負傷。兵士2人が負傷。深夜に見ている人は当直の人だけ、しかも経営者が現場に入っているとなるとサービスに入っていなくても入ったように出来る訳です。

  56. I believe what you wrote was very logical. But, consider this, what if you were to write aawesome headline? I ain’t suggesting your content is not good,but suppose you added a title to maybe grab people’s attention? I mean Et harum quidem rerum facilis est etexpedita distinctio – MTC Formation & Comptabilité: Martine Tremblay – Sage 50is a little vanilla. You could glance at Yahoo’s home page and see how they create newstitles to get viewers interested. You might add a video ora picture or two to grab people excited about everything’ve written.In my opinion, it might make your blog a little livelier.

Leave a Reply

Your email address will not be published. Required fields are marked *