fix(iwooos): add wazuh alert verifier readback
Some checks failed
CD Pipeline / workflow-shape (push) Successful in 0s
CD Pipeline / cancel-stale-cd (push) Has been skipped
CD Pipeline / build-and-deploy (push) Has been cancelled
CD Pipeline / post-deploy-checks (push) Has been cancelled
CD Pipeline / tests (push) Has been cancelled
Some checks failed
CD Pipeline / workflow-shape (push) Successful in 0s
CD Pipeline / cancel-stale-cd (push) Has been skipped
CD Pipeline / build-and-deploy (push) Has been cancelled
CD Pipeline / post-deploy-checks (push) Has been cancelled
CD Pipeline / tests (push) Has been cancelled
This commit is contained in:
@@ -19,6 +19,9 @@ from src.services.iwooos_security_operating_system import (
|
||||
from src.services.iwooos_wazuh_allowlisted_check_mode_dry_run import (
|
||||
load_latest_iwooos_wazuh_allowlisted_check_mode_dry_run,
|
||||
)
|
||||
from src.services.iwooos_wazuh_fim_vulnerability_alert_verifier import (
|
||||
load_latest_iwooos_wazuh_fim_vulnerability_alert_verifier,
|
||||
)
|
||||
from src.services.iwooos_wazuh_managed_host_coverage import (
|
||||
load_latest_iwooos_wazuh_managed_host_coverage,
|
||||
)
|
||||
@@ -52,6 +55,9 @@ def load_latest_iwooos_security_tool_closure_readback(
|
||||
controlled_apply = load_latest_iwooos_wazuh_runtime_controlled_apply_preflight()
|
||||
owner_review = load_latest_iwooos_wazuh_runtime_gate_owner_review_readback()
|
||||
dry_run = load_latest_iwooos_wazuh_allowlisted_check_mode_dry_run()
|
||||
wazuh_verifier = load_latest_iwooos_wazuh_fim_vulnerability_alert_verifier(
|
||||
alert_receipt_readback=alert_receipt_readback
|
||||
)
|
||||
|
||||
source_payloads = [
|
||||
coverage,
|
||||
@@ -61,6 +67,7 @@ def load_latest_iwooos_security_tool_closure_readback(
|
||||
controlled_apply,
|
||||
owner_review,
|
||||
dry_run,
|
||||
wazuh_verifier,
|
||||
]
|
||||
_require_runtime_boundaries(source_payloads)
|
||||
|
||||
@@ -72,6 +79,7 @@ def load_latest_iwooos_security_tool_closure_readback(
|
||||
"controlled_apply": _summary(controlled_apply),
|
||||
"owner_review": _summary(owner_review),
|
||||
"dry_run": _summary(dry_run),
|
||||
"wazuh_verifier": _summary(wazuh_verifier),
|
||||
}
|
||||
tracks = _tool_tracks(source_summaries)
|
||||
summary = _summary_rollup(source_summaries, tracks)
|
||||
@@ -122,6 +130,7 @@ def load_latest_iwooos_security_tool_closure_readback(
|
||||
*controlled_apply.get("source_refs", []),
|
||||
*owner_review.get("source_refs", []),
|
||||
*dry_run.get("source_refs", []),
|
||||
*wazuh_verifier.get("source_refs", []),
|
||||
],
|
||||
}
|
||||
|
||||
@@ -134,6 +143,7 @@ def _tool_tracks(source_summaries: dict[str, dict[str, Any]]) -> list[dict[str,
|
||||
controlled_apply = source_summaries["controlled_apply"]
|
||||
owner_review = source_summaries["owner_review"]
|
||||
dry_run = source_summaries["dry_run"]
|
||||
wazuh_verifier = source_summaries["wazuh_verifier"]
|
||||
|
||||
expected_hosts = max(
|
||||
_int(managed_hosts.get("expected_host_scope_count")),
|
||||
@@ -148,6 +158,9 @@ def _tool_tracks(source_summaries: dict[str, dict[str, Any]]) -> list[dict[str,
|
||||
)
|
||||
registry_ready = expected_hosts > 0 and accepted_hosts >= expected_hosts
|
||||
alert_ready = _int(security_os.get("alert_receipt_accepted_count")) > 0
|
||||
wazuh_verifier_ready_signals = _int(
|
||||
wazuh_verifier.get("verifier_ready_signal_count")
|
||||
)
|
||||
|
||||
controlled_apply_ready_signals = sum(
|
||||
1
|
||||
@@ -196,13 +209,17 @@ def _tool_tracks(source_summaries: dict[str, dict[str, Any]]) -> list[dict[str,
|
||||
priority="P0",
|
||||
label="Wazuh detection and response",
|
||||
tool_ids=["wazuh"],
|
||||
ready_signal_count=(1 if registry_ready else 0) + (1 if alert_ready else 0),
|
||||
ready_signal_count=max(
|
||||
(1 if registry_ready else 0) + (1 if alert_ready else 0),
|
||||
wazuh_verifier_ready_signals,
|
||||
),
|
||||
required_signal_count=6,
|
||||
next_executable_action="close_fim_vulnerability_alert_receipt_then_keep_active_response_gated",
|
||||
next_executable_action="attach_incident_case_and_active_response_dry_run_receipts_without_runtime_gate",
|
||||
required_verifier="wazuh_registry_fim_vulnerability_alert_receipt_post_verifier",
|
||||
source_refs=[
|
||||
"docs/security/wazuh-managed-host-coverage-gate.snapshot.json",
|
||||
"docs/security/iwooos-security-operating-system.snapshot.json",
|
||||
"apps/api/src/services/iwooos_wazuh_fim_vulnerability_alert_verifier.py",
|
||||
],
|
||||
),
|
||||
_track(
|
||||
@@ -348,6 +365,7 @@ def _summary_rollup(
|
||||
controlled_apply = source_summaries["controlled_apply"]
|
||||
owner_review = source_summaries["owner_review"]
|
||||
dry_run = source_summaries["dry_run"]
|
||||
wazuh_verifier = source_summaries["wazuh_verifier"]
|
||||
|
||||
expected_hosts = max(
|
||||
_int(managed_hosts.get("expected_host_scope_count")),
|
||||
@@ -387,7 +405,15 @@ def _summary_rollup(
|
||||
"wazuh_expected_host_scope_count": expected_hosts,
|
||||
"wazuh_manager_registry_accepted_count": accepted_hosts,
|
||||
"wazuh_registry_complete_count": 1 if expected_hosts > 0 and accepted_hosts >= expected_hosts else 0,
|
||||
"wazuh_fim_vulnerability_alert_closed_count": 0,
|
||||
"wazuh_fim_vulnerability_alert_closed_count": _int(
|
||||
wazuh_verifier.get("wazuh_fim_vulnerability_alert_closed_count")
|
||||
),
|
||||
"wazuh_fim_vulnerability_alert_verifier_ready_count": _int(
|
||||
wazuh_verifier.get("wazuh_fim_vulnerability_alert_verifier_ready_count")
|
||||
),
|
||||
"wazuh_fim_vulnerability_alert_verifier_ready_signal_count": _int(
|
||||
wazuh_verifier.get("verifier_ready_signal_count")
|
||||
),
|
||||
"alert_receipt_observed_count": _int(
|
||||
security_os.get("alert_receipt_observed_count")
|
||||
),
|
||||
@@ -425,6 +451,7 @@ def _next_executable_queue(
|
||||
) -> list[dict[str, Any]]:
|
||||
managed_hosts = source_summaries["managed_hosts"]
|
||||
registry = source_summaries["registry"]
|
||||
wazuh_verifier = source_summaries["wazuh_verifier"]
|
||||
controlled_apply = source_summaries["controlled_apply"]
|
||||
dry_run = source_summaries["dry_run"]
|
||||
expected_hosts = max(
|
||||
@@ -435,18 +462,28 @@ def _next_executable_queue(
|
||||
_int(managed_hosts.get("manager_registry_accepted_count")),
|
||||
_int(registry.get("manager_registry_accepted_count")),
|
||||
)
|
||||
registry_gate = (
|
||||
"wazuh_registry_complete_move_to_fim_vulnerability_alert"
|
||||
if expected_hosts > 0 and accepted_hosts >= expected_hosts
|
||||
else "complete_wazuh_manager_registry_alias_matrix"
|
||||
verifier_closed = (
|
||||
_int(wazuh_verifier.get("wazuh_fim_vulnerability_alert_closed_count")) > 0
|
||||
)
|
||||
if verifier_closed:
|
||||
registry_gate = "wazuh_fim_vulnerability_alert_verifier_ready_keep_runtime_gated"
|
||||
wazuh_next_action = "attach_incident_case_and_active_response_dry_run_receipts_without_runtime_gate"
|
||||
elif expected_hosts > 0 and accepted_hosts >= expected_hosts:
|
||||
registry_gate = "wazuh_registry_complete_move_to_fim_vulnerability_alert"
|
||||
wazuh_next_action = "attach_fim_vulnerability_alert_receipt_post_verifier"
|
||||
else:
|
||||
registry_gate = "complete_wazuh_manager_registry_alias_matrix"
|
||||
wazuh_next_action = "complete_wazuh_manager_registry_alias_matrix"
|
||||
|
||||
return [
|
||||
{
|
||||
"queue_id": "P0-03",
|
||||
"track_id": "wazuh_detection_response",
|
||||
"state": registry_gate,
|
||||
"next_action": "attach_fim_vulnerability_alert_receipt_post_verifier",
|
||||
"next_action": wazuh_next_action,
|
||||
"ready_signal_count": _int(
|
||||
wazuh_verifier.get("verifier_ready_signal_count")
|
||||
),
|
||||
"controlled_apply_policy_allowed": True,
|
||||
},
|
||||
{
|
||||
|
||||
Reference in New Issue
Block a user