src/engine/tools/README.md
This directory includes several bash packages and scripts designed to make development easier. and management of related tools. The following describes the directory structure and provides detailed information about each component.
tool/
│
├── api_communication/
├── engine-suite/
├── evtx2xml/
The api-communication package is a tool designed to facilitate communication with the engine API, allowing the execution of commands and operations on engine components.
Communication with the Engine API: Provides an interface to send requests to the engine API and receive responses efficiently, using messages in protobuf format.
API Command Management: Translates messages into specific commands that the engine API can process, allowing operations to be performed on engine components
pip3 install tools/api_communication
The engine-suite package is a comprehensive tool designed to manage, clean, and compare resources, as well as update decoders and manage integrations within the Wazuh environment.
Resource Management and Deletion: Allows the deletion of resources in specific namespaces, such as user, Wazuh, and system, ensuring that the environment remains clean and organized. It also includes the removal of policies and assets, ensuring that rules and configurations are aligned with the desired changes.
Decoder Update: Facilitates the massive update of auxiliary function names in decoders and allows listing all fields extracted by a specific decoder, helping in the administration and maintenance of the decoders.
File Comparison: Provides tools to compare event files in YAML or JSON format, detecting differences in keys and values. In addition, it integrates external tools such as Delta for a clear visualization of the differences.
Integrations Management: Centralizes the creation, addition, update and removal of integrations, and also generates documentation, charts and manifests to facilitate the administration and monitoring of these integrations.
pip3 install tools/engine_suite
This module converts event files in EVTX format (used by Windows for event logs) to XML format. This allows you to view and work with Windows event logs in a more accessible and standard format. By more information check herereadme
Usage: tools/check_Valgrind.sh [options] [arguments]
Options:
-h, --help Show this help message
-e, --exclude DIRS Colon-separated list of directories to exclude
-t, --test-dir DIR Directory to search for tests (default: build directory)
-r, --regex PATTERN Optional regular expression to filter tests (default: no filtering)
-o, --output FILE File to redirect output (default: /valgrindReport.log)
bash tools/check_Valgrind.sh -t build/source/router/ -r OrchestratorTesterTest*
bash tools/check_Valgrind.sh -e build/source/bk/:build/source/builder/:build/source/kvdb/
ctest to run tests in the specified directory and redirect the results to a file if indicated.Usage: tools/check_ASAN.sh [options] [arguments]
Options:
-h, --help Show this help message
-e, --exclude DIRS Colon-separated list of directories to exclude
-t, --test-dir DIR Directory to search for tests (default: build directory)
-r, --regex PATTERN Optional regular expression to filter tests (default: no filtering)
-o, --output FILE File to redirect output (default: stdout)
bash tools/check_ASAN.sh -t build/source/router/ --regex OrchestratorTest*
bash tools/check_ASAN.sh -e build/source/bk/:build/source/builder/:build/source/kvdb/