New VD config update

build-docker-images/wazuh-manager/config/etc/cont-init.d/2-manager

@@ -112,6 +112,12 @@ function_entrypoint_scripts() {
   fi
 }
 
+function_configure_vulnerability_detection() {
+if [ "$INDEXER_PASSWORD" != "" ]; then
+  >&2 echo "Configuring password."
+  sed -i "s|<password>VDPass</password>|<password>'$INDEXER_PASSWORD'</password>|g" /var/ossec/etc/ossec.conf
+fi
+}
 
 # Migrate data from /wazuh-migration volume
 function_wazuh_migration
@@ -119,6 +125,9 @@ function_wazuh_migration
 # create API custom user
 function_create_custom_user
 
+# configure Vulnerabilty detection
+function_configure_vulnerability_detection
+
 # run entrypoint scripts
 function_entrypoint_scripts
 

multi-node/config/wazuh_cluster/wazuh_manager.conf

@@ -95,91 +95,29 @@
     <skip_nfs>yes</skip_nfs>
   </sca>
 
-  <vulnerability-detector>
-    <enabled>no</enabled>
-    <interval>5m</interval>
-    <min_full_scan_interval>6h</min_full_scan_interval>
-    <run_on_start>yes</run_on_start>
+  <vulnerability-detection>
+    <enabled>yes</enabled>
+    <index-status>yes</index-status>
+    <feed-update-interval>60m</feed-update-interval>
+  </vulnerability-detection>
 
-    <!-- Ubuntu OS vulnerabilities -->
-    <provider name="canonical">
-      <enabled>no</enabled>
-      <os>trusty</os>
-      <os>xenial</os>
-      <os>bionic</os>
-      <os>focal</os>
-      <os>jammy</os>
-      <update_interval>1h</update_interval>
-    </provider>
-
-    <!-- Debian OS vulnerabilities -->
-    <provider name="debian">
-      <enabled>no</enabled>
-      <os>buster</os>
-      <os>bullseye</os>
-      <os>bookworm</os>
-      <update_interval>1h</update_interval>
-    </provider>
-
-    <!-- RedHat OS vulnerabilities -->
-    <provider name="redhat">
-      <enabled>no</enabled>
-      <os>5</os>
-      <os>6</os>
-      <os>7</os>
-      <os>8</os>
-      <os>9</os>
-      <update_interval>1h</update_interval>
-    </provider>
-
-    <!-- Amazon Linux OS vulnerabilities -->
-    <provider name="alas">
-      <enabled>no</enabled>
-      <os>amazon-linux</os>
-      <os>amazon-linux-2</os>
-      <os>amazon-linux-2023</os>
-      <update_interval>1h</update_interval>
-    </provider>
-
-    <!-- SUSE Linux Enterprise OS vulnerabilities -->
-    <provider name="suse">
-      <enabled>no</enabled>
-      <os>11-server</os>
-      <os>11-desktop</os>
-      <os>12-server</os>
-      <os>12-desktop</os>
-      <os>15-server</os>
-      <os>15-desktop</os>
-      <update_interval>1h</update_interval>
-    </provider>
-
-    <!-- Arch OS vulnerabilities -->
-    <provider name="arch">
-      <enabled>no</enabled>
-      <update_interval>1h</update_interval>
-    </provider>
-
-    <!-- Windows OS vulnerabilities -->
-    <provider name="msu">
-      <enabled>yes</enabled>
-      <update_interval>1h</update_interval>
-    </provider>
-
-    <!-- Alma Linux OS vulnerabilities -->
-    <provider name="almalinux">
-      <enabled>no</enabled>
-      <os>8</os>
-      <os>9</os>
-      <update_interval>1h</update_interval>
-    </provider>
-
-    <!-- Aggregate vulnerabilities -->
-    <provider name="nvd">
-      <enabled>yes</enabled>
-      <update_interval>1h</update_interval>
-    </provider>
-
-  </vulnerability-detector>
+  <indexer>
+    <enabled>yes</enabled>
+    <hosts>
+      <host>https://wazuh1.indexer:9200</host>
+      <host>https://wazuh2.indexer:9200</host>
+      <host>https://wazuh3.indexer:9200</host>
+    </hosts>
+    <username>admin</username>
+    <password>VDPass</password>
+    <ssl>
+      <certificate_authorities>
+        <ca>/etc/ssl/root-ca.pem</ca>
+      </certificate_authorities>
+      <certificate>/etc/ssl/filebeat.pem</certificate>
+      <key>/etc/ssl/filebeat.key</key>
+    </ssl>
+  </indexer>
 
   <!-- File integrity monitoring -->
   <syscheck>

multi-node/config/wazuh_cluster/wazuh_worker.conf

@@ -95,91 +95,29 @@
     <skip_nfs>yes</skip_nfs>
   </sca>
 
-  <vulnerability-detector>
-    <enabled>no</enabled>
-    <interval>5m</interval>
-    <min_full_scan_interval>6h</min_full_scan_interval>
-    <run_on_start>yes</run_on_start>
+  <vulnerability-detection>
+    <enabled>yes</enabled>
+    <index-status>yes</index-status>
+    <feed-update-interval>60m</feed-update-interval>
+  </vulnerability-detection>
 
-    <!-- Ubuntu OS vulnerabilities -->
-    <provider name="canonical">
-      <enabled>no</enabled>
-      <os>trusty</os>
-      <os>xenial</os>
-      <os>bionic</os>
-      <os>focal</os>
-      <os>jammy</os>
-      <update_interval>1h</update_interval>
-    </provider>
-
-    <!-- Debian OS vulnerabilities -->
-    <provider name="debian">
-      <enabled>no</enabled>
-      <os>buster</os>
-      <os>bullseye</os>
-      <os>bookworm</os>
-      <update_interval>1h</update_interval>
-    </provider>
-
-    <!-- RedHat OS vulnerabilities -->
-    <provider name="redhat">
-      <enabled>no</enabled>
-      <os>5</os>
-      <os>6</os>
-      <os>7</os>
-      <os>8</os>
-      <os>9</os>
-      <update_interval>1h</update_interval>
-    </provider>
-
-    <!-- Amazon Linux OS vulnerabilities -->
-    <provider name="alas">
-      <enabled>no</enabled>
-      <os>amazon-linux</os>
-      <os>amazon-linux-2</os>
-      <os>amazon-linux-2023</os>
-      <update_interval>1h</update_interval>
-    </provider>
-
-    <!-- SUSE Linux Enterprise OS vulnerabilities -->
-    <provider name="suse">
-      <enabled>no</enabled>
-      <os>11-server</os>
-      <os>11-desktop</os>
-      <os>12-server</os>
-      <os>12-desktop</os>
-      <os>15-server</os>
-      <os>15-desktop</os>
-      <update_interval>1h</update_interval>
-    </provider>
-
-    <!-- Arch OS vulnerabilities -->
-    <provider name="arch">
-      <enabled>no</enabled>
-      <update_interval>1h</update_interval>
-    </provider>
-
-    <!-- Alma Linux OS vulnerabilities -->
-    <provider name="almalinux">
-      <enabled>no</enabled>
-      <os>8</os>
-      <os>9</os>
-      <update_interval>1h</update_interval>
-    </provider>
-
-    <!-- Windows OS vulnerabilities -->
-    <provider name="msu">
-      <enabled>yes</enabled>
-      <update_interval>1h</update_interval>
-    </provider>
-
-    <!-- Aggregate vulnerabilities -->
-    <provider name="nvd">
-      <enabled>yes</enabled>
-      <update_interval>1h</update_interval>
-    </provider>
-
-  </vulnerability-detector>
+  <indexer>
+    <enabled>yes</enabled>
+    <hosts>
+      <host>https://wazuh1.indexer:9200</host>
+      <host>https://wazuh2.indexer:9200</host>
+      <host>https://wazuh3.indexer:9200</host>
+    </hosts>
+    <username>admin</username>
+    <password>VDPass</password>
+    <ssl>
+      <certificate_authorities>
+        <ca>/etc/ssl/root-ca.pem</ca>
+      </certificate_authorities>
+      <certificate>/etc/ssl/filebeat.pem</certificate>
+      <key>/etc/ssl/filebeat.key</key>
+    </ssl>
+  </indexer>
 
   <!-- File integrity monitoring -->
   <syscheck>

single-node/config/wazuh_cluster/wazuh_manager.conf

@@ -95,91 +95,27 @@
     <skip_nfs>yes</skip_nfs>
   </sca>
 
-  <vulnerability-detector>
-    <enabled>no</enabled>
-    <interval>5m</interval>
-    <min_full_scan_interval>6h</min_full_scan_interval>
-    <run_on_start>yes</run_on_start>
+  <vulnerability-detection>
+    <enabled>yes</enabled>
+    <index-status>yes</index-status>
+    <feed-update-interval>60m</feed-update-interval>
+  </vulnerability-detection>
 
-    <!-- Ubuntu OS vulnerabilities -->
-    <provider name="canonical">
-      <enabled>no</enabled>
-      <os>trusty</os>
-      <os>xenial</os>
-      <os>bionic</os>
-      <os>focal</os>
-      <os>jammy</os>
-      <update_interval>1h</update_interval>
-    </provider>
-
-    <!-- Debian OS vulnerabilities -->
-    <provider name="debian">
-      <enabled>no</enabled>
-      <os>buster</os>
-      <os>bullseye</os>
-      <os>bookworm</os>
-      <update_interval>1h</update_interval>
-    </provider>
-
-    <!-- RedHat OS vulnerabilities -->
-    <provider name="redhat">
-      <enabled>no</enabled>
-      <os>5</os>
-      <os>6</os>
-      <os>7</os>
-      <os>8</os>
-      <os>9</os>
-      <update_interval>1h</update_interval>
-    </provider>
-
-    <!-- Amazon Linux OS vulnerabilities -->
-    <provider name="alas">
-      <enabled>no</enabled>
-      <os>amazon-linux</os>
-      <os>amazon-linux-2</os>
-      <os>amazon-linux-2023</os>
-      <update_interval>1h</update_interval>
-    </provider>
-
-    <!-- SUSE Linux Enterprise OS vulnerabilities -->
-    <provider name="suse">
-      <enabled>no</enabled>
-      <os>11-server</os>
-      <os>11-desktop</os>
-      <os>12-server</os>
-      <os>12-desktop</os>
-      <os>15-server</os>
-      <os>15-desktop</os>
-      <update_interval>1h</update_interval>
-    </provider>
-
-    <!-- Arch OS vulnerabilities -->
-    <provider name="arch">
-      <enabled>no</enabled>
-      <update_interval>1h</update_interval>
-    </provider>
-
-    <!-- Alma Linux OS vulnerabilities -->
-    <provider name="almalinux">
-      <enabled>no</enabled>
-      <os>8</os>
-      <os>9</os>
-      <update_interval>1h</update_interval>
-    </provider>
-
-    <!-- Windows OS vulnerabilities -->
-    <provider name="msu">
-      <enabled>yes</enabled>
-      <update_interval>1h</update_interval>
-    </provider>
-
-    <!-- Aggregate vulnerabilities -->
-    <provider name="nvd">
-      <enabled>yes</enabled>
-      <update_interval>1h</update_interval>
-    </provider>
-
-  </vulnerability-detector>
+  <indexer>
+    <enabled>yes</enabled>
+    <hosts>
+      <host>https://wazuh.indexer:9200</host>
+    </hosts>
+    <username>admin</username>
+    <password>VDPass</password>
+    <ssl>
+      <certificate_authorities>
+        <ca>/etc/ssl/root-ca.pem</ca>
+      </certificate_authorities>
+      <certificate>/etc/ssl/filebeat.pem</certificate>
+      <key>/etc/ssl/filebeat.key</key>
+    </ssl>
+  </indexer>
 
   <!-- File integrity monitoring -->
   <syscheck>