Files
awoooi/docs/security/wazuh-agent-visibility-runtime-gate.snapshot.json

134 lines
4.1 KiB
JSON
Raw Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
{
"schema_version": "wazuh_agent_visibility_runtime_gate_v1",
"generated_at": "2026-06-24T23:35:00+08:00",
"status": "blocked_waiting_manager_agent_registry_readback",
"mode": "snapshot_only_no_runtime_no_secret_collection",
"incident_id": "wazuh-agent-visibility-20260624",
"runtime_gate_count": 0,
"manager_agent_registry_readback_passed": false,
"iwooos_live_route_readback_passed": false,
"dashboard_agent_list_recovered": false,
"active_response_authorized": false,
"host_write_authorized": false,
"secret_value_collection_allowed": false,
"manager_services_active_observed": true,
"agent_transport_connected_observed": true,
"dashboard_api_degraded_observed": true,
"production_route_http_status": 404,
"observed_at_taipei": "2026-06-24T23:29:22+08:00",
"observed_layers": {
"iwooos_production_route": {
"status": "blocked",
"evidence": "正式站 Wazuh 只讀 API 路由在部署前仍回 404",
"completion_percent": 0
},
"wazuh_control_plane": {
"status": "observed_active",
"evidence": "112 上 manager、indexer、dashboard 服務已只讀觀察為 active",
"completion_percent": 70
},
"host_agent_transport": {
"status": "observed_connected",
"evidence": "110 與 188 agent 已只讀觀察為 active且到 112 的 1514 transport 已建立",
"completion_percent": 75
},
"manager_agent_registry": {
"status": "blocked_no_readonly_registry_access",
"evidence": "kali 使用者無法以一般權限讀 manager registryWazuh API 需要正式只讀認證",
"completion_percent": 0
},
"dashboard_api_check": {
"status": "degraded_observed",
"evidence": "dashboard plugin 在 stored API 與 API check 期間觀察到 429 或 500",
"completion_percent": 35
}
},
"registry_counts": {
"agent_total": null,
"agent_active": null,
"agent_disconnected": null,
"agent_never_connected": null,
"last_seen_window_verified": false
},
"dashboard_error_codes_observed": [
429,
500
],
"required_evidence_before_green": [
{
"evidence_id": "manager_agent_registry_counts",
"accepted": false,
"required_fields": [
"agent_total",
"agent_active",
"agent_disconnected",
"agent_never_connected",
"last_seen_window"
],
"allowed_source": "Wazuh API 只讀中繼資料或 owner 提供的脫敏證據"
},
{
"evidence_id": "iwooos_live_route_readback",
"accepted": false,
"required_fields": [
"schema_version",
"status",
"aggregate_counts",
"runtime_gate_count"
],
"allowed_source": "正式站 /api/iwooos/wazuh 讀回"
},
{
"evidence_id": "dashboard_api_check_repaired_or_explained",
"accepted": false,
"required_fields": [
"stored_api_status",
"api_check_status",
"rate_limit_status",
"tls_trust_status"
],
"allowed_source": "已脫敏 dashboard 讀回或 owner 維修證據"
},
{
"evidence_id": "readonly_account_scope",
"accepted": false,
"required_fields": [
"secret_name_only",
"read_scope",
"rotation_owner",
"rollback_owner"
],
"allowed_source": "不含 secret value 的 server-side secret metadata"
},
{
"evidence_id": "owner_response",
"accepted": false,
"required_fields": [
"owner_role",
"team",
"decision",
"decision_reason",
"affected_scope",
"redacted_evidence_refs",
"followup_owner",
"rollback_owner"
],
"allowed_source": "owner response 封包"
}
],
"forbidden_completion_claims": [
"Wazuh 用戶端已恢復",
"Wazuh agent registry 已驗收",
"IwoooS 已能偵測 agent 消失",
"active response 已授權",
"host write 已授權"
],
"next_priority_order": [
"P0-A manager agent registry 只讀計數",
"P0-B dashboard stored API 與 rate-limit 根因",
"P0-C IwoooS 正式站 Wazuh 路由讀回",
"P0-D dashboard/API mismatch 的 AI 自動化告警卡",
"P0-E owner response 與 rollback owner"
]
}