Module: Wazuh::Api::Endpoints::Syscheck

Included in:

Wazuh::Api::Endpoints, V4::Syscheck

Defined in:

lib/wazuh/api/endpoints/syscheck.rb

Instance Method Summary

• #clear_syscheck_database(agent_id) ⇒ Object

  Clears the syscheck database for the specified agent.

• #last_syscheck_scan(agent_id) ⇒ Object

  Return the timestamp of the last syscheck scan.

• #run_syscheck(agent_id) ⇒ Object

  Runs syscheck and rootcheck on an agent (Wazuh launches both processes simultaneously).

• #run_syscheck_all_agents ⇒ Object

  Runs syscheck and rootcheck on all agents (Wazuh launches both processes simultaneously).

• #syscheck_files(agent_id, options = {}) ⇒ Object

  Get syscheck files Returns the syscheck files of an agent.

Instance Method Details

#clear_syscheck_database(agent_id) ⇒ Object

Clears the syscheck database for the specified agent.

Parameters:

• agent_id (String) —

  ID to agent

See Also:

• https://documentation.wazuh.com/3.10/user-manual/api/reference.html#clear-syscheck-database-of-an-agent

# File 'lib/wazuh/api/endpoints/syscheck.rb', line 44

def clear_syscheck_database(agent_id)
  delete "/syscheck/#{agent_id}"
end

#last_syscheck_scan(agent_id) ⇒ Object

Return the timestamp of the last syscheck scan.

Parameters:

• agent_id (String) —

  ID to agent

See Also:

• https://documentation.wazuh.com/3.10/user-manual/api/reference.html#get-last-syscheck-scan

# File 'lib/wazuh/api/endpoints/syscheck.rb', line 53

def last_syscheck_scan(agent_id)
  get "/syscheck/#{agent_id}/last_scan"
end

#run_syscheck(agent_id) ⇒ Object

Runs syscheck and rootcheck on an agent (Wazuh launches both processes simultaneously).

Parameters:

• agent_id (String) —

  ID to agent

See Also:

• https://documentation.wazuh.com/3.10/user-manual/api/reference.html#run-syscheck-scan-in-an-agent

# File 'lib/wazuh/api/endpoints/syscheck.rb', line 69

def run_syscheck(agent_id)
  put "/syscheck/#{agent_id}"
end

#run_syscheck_all_agents ⇒ Object

Runs syscheck and rootcheck on all agents (Wazuh launches both processes simultaneously).

See Also:

• https://documentation.wazuh.com/3.10/user-manual/api/reference.html#run-syscheck-scan-in-all-agents

# File 'lib/wazuh/api/endpoints/syscheck.rb', line 60

def run_syscheck_all_agents
  put '/syscheck'
end

#syscheck_files(agent_id, options = {}) ⇒ Object

Get syscheck files Returns the syscheck files of an agent.

Parameters:

• agent_id (String)
• options (Hash) (defaults to: {}) —

  a customizable set of options

Options Hash (options):

• :offset (offset) —

  First element to return in the collection.

• :limit (limit) —

  Maximum number of elements to return.

• :sort (sort) —

  Sorts the collection by a field or fields (separated by comma). Use +/- at the beginning to list in ascending or descending order.

• :search (search) —

  Looks for elements with the specified string.

• :file (file) —

  Filters file by filename.

• :type (type) —

  Selects type of file. Allowed values: file, registry

• :summary (summary) —

  Returns a summary grouping by filename. Allowed values: yes, no

• :select (select) —

  List of selected fields separated by commas.

• :md5 (md5) —

  Returns the files with the specified md5 hash.

• :sha1 (sha1) —

  Returns the files with the specified sha1 hash.

• :sha256 (sha256) —

  Returns the files with the specified sha256 hash.

• :hash (hash) —

  Returns the files with the specified hash (md5, sha1 or sha256).

See Also:

• https://documentation.wazuh.com/3.10/user-manual/api/reference.html#get-syscheck-files

# File 'lib/wazuh/api/endpoints/syscheck.rb', line 35

def syscheck_files(agent_id, options = {})
  offset_request('get', "/syscheck/#{agent_id}", options)
end