fix(iwooos): add wazuh alert verifier readback
Some checks failed
CD Pipeline / workflow-shape (push) Successful in 0s
CD Pipeline / cancel-stale-cd (push) Has been skipped
CD Pipeline / build-and-deploy (push) Has been cancelled
CD Pipeline / post-deploy-checks (push) Has been cancelled
CD Pipeline / tests (push) Has been cancelled

This commit is contained in:
ogt
2026-07-10 17:48:14 +08:00
parent 05033c5a29
commit aceee39b4a
5 changed files with 1004 additions and 15 deletions

View File

@@ -19,6 +19,9 @@ from src.services.iwooos_security_operating_system import (
from src.services.iwooos_wazuh_allowlisted_check_mode_dry_run import (
load_latest_iwooos_wazuh_allowlisted_check_mode_dry_run,
)
from src.services.iwooos_wazuh_fim_vulnerability_alert_verifier import (
load_latest_iwooos_wazuh_fim_vulnerability_alert_verifier,
)
from src.services.iwooos_wazuh_managed_host_coverage import (
load_latest_iwooos_wazuh_managed_host_coverage,
)
@@ -52,6 +55,9 @@ def load_latest_iwooos_security_tool_closure_readback(
controlled_apply = load_latest_iwooos_wazuh_runtime_controlled_apply_preflight()
owner_review = load_latest_iwooos_wazuh_runtime_gate_owner_review_readback()
dry_run = load_latest_iwooos_wazuh_allowlisted_check_mode_dry_run()
wazuh_verifier = load_latest_iwooos_wazuh_fim_vulnerability_alert_verifier(
alert_receipt_readback=alert_receipt_readback
)
source_payloads = [
coverage,
@@ -61,6 +67,7 @@ def load_latest_iwooos_security_tool_closure_readback(
controlled_apply,
owner_review,
dry_run,
wazuh_verifier,
]
_require_runtime_boundaries(source_payloads)
@@ -72,6 +79,7 @@ def load_latest_iwooos_security_tool_closure_readback(
"controlled_apply": _summary(controlled_apply),
"owner_review": _summary(owner_review),
"dry_run": _summary(dry_run),
"wazuh_verifier": _summary(wazuh_verifier),
}
tracks = _tool_tracks(source_summaries)
summary = _summary_rollup(source_summaries, tracks)
@@ -122,6 +130,7 @@ def load_latest_iwooos_security_tool_closure_readback(
*controlled_apply.get("source_refs", []),
*owner_review.get("source_refs", []),
*dry_run.get("source_refs", []),
*wazuh_verifier.get("source_refs", []),
],
}
@@ -134,6 +143,7 @@ def _tool_tracks(source_summaries: dict[str, dict[str, Any]]) -> list[dict[str,
controlled_apply = source_summaries["controlled_apply"]
owner_review = source_summaries["owner_review"]
dry_run = source_summaries["dry_run"]
wazuh_verifier = source_summaries["wazuh_verifier"]
expected_hosts = max(
_int(managed_hosts.get("expected_host_scope_count")),
@@ -148,6 +158,9 @@ def _tool_tracks(source_summaries: dict[str, dict[str, Any]]) -> list[dict[str,
)
registry_ready = expected_hosts > 0 and accepted_hosts >= expected_hosts
alert_ready = _int(security_os.get("alert_receipt_accepted_count")) > 0
wazuh_verifier_ready_signals = _int(
wazuh_verifier.get("verifier_ready_signal_count")
)
controlled_apply_ready_signals = sum(
1
@@ -196,13 +209,17 @@ def _tool_tracks(source_summaries: dict[str, dict[str, Any]]) -> list[dict[str,
priority="P0",
label="Wazuh detection and response",
tool_ids=["wazuh"],
ready_signal_count=(1 if registry_ready else 0) + (1 if alert_ready else 0),
ready_signal_count=max(
(1 if registry_ready else 0) + (1 if alert_ready else 0),
wazuh_verifier_ready_signals,
),
required_signal_count=6,
next_executable_action="close_fim_vulnerability_alert_receipt_then_keep_active_response_gated",
next_executable_action="attach_incident_case_and_active_response_dry_run_receipts_without_runtime_gate",
required_verifier="wazuh_registry_fim_vulnerability_alert_receipt_post_verifier",
source_refs=[
"docs/security/wazuh-managed-host-coverage-gate.snapshot.json",
"docs/security/iwooos-security-operating-system.snapshot.json",
"apps/api/src/services/iwooos_wazuh_fim_vulnerability_alert_verifier.py",
],
),
_track(
@@ -348,6 +365,7 @@ def _summary_rollup(
controlled_apply = source_summaries["controlled_apply"]
owner_review = source_summaries["owner_review"]
dry_run = source_summaries["dry_run"]
wazuh_verifier = source_summaries["wazuh_verifier"]
expected_hosts = max(
_int(managed_hosts.get("expected_host_scope_count")),
@@ -387,7 +405,15 @@ def _summary_rollup(
"wazuh_expected_host_scope_count": expected_hosts,
"wazuh_manager_registry_accepted_count": accepted_hosts,
"wazuh_registry_complete_count": 1 if expected_hosts > 0 and accepted_hosts >= expected_hosts else 0,
"wazuh_fim_vulnerability_alert_closed_count": 0,
"wazuh_fim_vulnerability_alert_closed_count": _int(
wazuh_verifier.get("wazuh_fim_vulnerability_alert_closed_count")
),
"wazuh_fim_vulnerability_alert_verifier_ready_count": _int(
wazuh_verifier.get("wazuh_fim_vulnerability_alert_verifier_ready_count")
),
"wazuh_fim_vulnerability_alert_verifier_ready_signal_count": _int(
wazuh_verifier.get("verifier_ready_signal_count")
),
"alert_receipt_observed_count": _int(
security_os.get("alert_receipt_observed_count")
),
@@ -425,6 +451,7 @@ def _next_executable_queue(
) -> list[dict[str, Any]]:
managed_hosts = source_summaries["managed_hosts"]
registry = source_summaries["registry"]
wazuh_verifier = source_summaries["wazuh_verifier"]
controlled_apply = source_summaries["controlled_apply"]
dry_run = source_summaries["dry_run"]
expected_hosts = max(
@@ -435,18 +462,28 @@ def _next_executable_queue(
_int(managed_hosts.get("manager_registry_accepted_count")),
_int(registry.get("manager_registry_accepted_count")),
)
registry_gate = (
"wazuh_registry_complete_move_to_fim_vulnerability_alert"
if expected_hosts > 0 and accepted_hosts >= expected_hosts
else "complete_wazuh_manager_registry_alias_matrix"
verifier_closed = (
_int(wazuh_verifier.get("wazuh_fim_vulnerability_alert_closed_count")) > 0
)
if verifier_closed:
registry_gate = "wazuh_fim_vulnerability_alert_verifier_ready_keep_runtime_gated"
wazuh_next_action = "attach_incident_case_and_active_response_dry_run_receipts_without_runtime_gate"
elif expected_hosts > 0 and accepted_hosts >= expected_hosts:
registry_gate = "wazuh_registry_complete_move_to_fim_vulnerability_alert"
wazuh_next_action = "attach_fim_vulnerability_alert_receipt_post_verifier"
else:
registry_gate = "complete_wazuh_manager_registry_alias_matrix"
wazuh_next_action = "complete_wazuh_manager_registry_alias_matrix"
return [
{
"queue_id": "P0-03",
"track_id": "wazuh_detection_response",
"state": registry_gate,
"next_action": "attach_fim_vulnerability_alert_receipt_post_verifier",
"next_action": wazuh_next_action,
"ready_signal_count": _int(
wazuh_verifier.get("verifier_ready_signal_count")
),
"controlled_apply_policy_allowed": True,
},
{