Global queries FIM - Make the necessary changes in wazuh-virtual-machines

[c-bordon]

Description

After analyzing the code of the AMI and the OVA, no changes were detected in general. This is because the installation is done in a standard way through packages.
What is detected is that a cleaning of the indexes is done in both cases.

OVA:

The provisioner has the following:

INDEXES=("wazuh-alerts-*" "wazuh-archives-*" "wazuh-states-vulnerabilities-*" "wazuh-statistics-*" "wazuh-monitoring-*")

.....

# Delete indexes
echo "Deleting indexes"
for index in "${INDEXES[@]}"; do
curl -u admin:admin -XDELETE "https://127.0.0.1:9200/$index" -k
done

In this case, it may be necessary to perform a regex on the new indexes to clean them up.

AMI:

In the AMI playbook, the following steps were detected:

- name: Define list of Indexer indices
set_fact:
indexer_indices:
- wazuh-alerts
- wazuh-archives
- wazuh-states-vulnerabilities
- wazuh-statistics
- wazuh-monitoring

- name: Delete Indexer indices
uri:
url: "https://localhost:9200/{{ item }}-*"
method: DELETE
user: admin
password: "{{ old_password }}"
validate_certs: no
status_code: 200
loop: "{{ indexer_indices }}"
register: delete_response

This is a similar case to the OVA, it may be necessary to add the new states indexes.
Both modifications, if necessary, are very simple changes with a low impact. Otherwise, there are no further modifications or references to the states.
Once the changes, packages and branches are ready, it would be important to perform some tests to validate that everything is generated correctly. The issue is moved to pending review, and the tests can be performed in a new one.

Tasks

• Add cleanup the new indices
• Test after builds the OVA and AMI

DRI

• @c-bordon