feat(iwooos): flag empty Wazuh agent registry

2026-06-25 09:55:19 +08:00
parent d4f3953847
commit 8698f8311e
8 changed files with 241 additions and 14 deletions
--- a/scripts/security/wazuh-readonly-production-readback.py
+++ b/scripts/security/wazuh-readonly-production-readback.py
@@ -26,6 +26,8 @@ ALLOWED_STATUSES = {
    "misconfigured_missing_server_side_wazuh_env",
    "wazuh_auth_token_missing",
    "wazuh_readonly_metadata_unavailable",
+    "wazuh_agent_registry_empty",
+    "wazuh_agent_registry_below_expected",
    "readonly_metadata_available",
 }
 FORBIDDEN_RESPONSE_PATTERNS = [
--- a/scripts/security/wazuh-readonly-route-boundary-guard.py
+++ b/scripts/security/wazuh-readonly-route-boundary-guard.py
@@ -33,6 +33,7 @@ class ForbiddenPattern:

 ROUTE_REQUIRED_TOKENS = [
    "IWOOOS_WAZUH_READONLY_ENABLED",
+    "IWOOOS_WAZUH_EXPECTED_MIN_AGENT_COUNT",
    "WAZUH_API_BASE_URL",
    "WAZUH_API_USERNAME",
    "WAZUH_API_PASSWORD",
@@ -49,12 +50,18 @@ ROUTE_REQUIRED_TOKENS = [
    "not_authorization: true",
    "redactedAgent",
    "alias: `agent-",
+    "wazuh_agent_registry_empty",
+    "wazuh_agent_registry_below_expected",
+    "agent_registry_empty_count",
+    "agent_below_expected_minimum_count",
+    "agent_visibility_no_false_green_count",
 ]

 BACKEND_REQUIRED_TOKENS = [
    "/api/iwooos/wazuh",
    "/api/v1/iwooos/wazuh",
    "IWOOOS_WAZUH_READONLY_ENABLED",
+    "IWOOOS_WAZUH_EXPECTED_MIN_AGENT_COUNT",
    "WAZUH_API_BASE_URL",
    "WAZUH_API_USERNAME",
    "WAZUH_API_PASSWORD",
@@ -65,6 +72,11 @@ BACKEND_REQUIRED_TOKENS = [
    "raw_wazuh_payload_storage_allowed",
    "internal_ip_public_display_allowed",
    "_redacted_agent",
+    "wazuh_agent_registry_empty",
+    "wazuh_agent_registry_below_expected",
+    "agent_registry_empty_count",
+    "agent_below_expected_minimum_count",
+    "agent_visibility_no_false_green_count",
 ]