From 693aca2840ebea74dfbf5b39df1469a0f62081e8 Mon Sep 17 00:00:00 2001
From: Greg Elin <greg.elin@govready.com>
Date: Sun, 4 Jul 2021 11:02:34 -0500
Subject: [PATCH 1/6] Add Wazuh info via end-user form

---
 CHANGELOG.md                    |  1 +
 controls/forms.py               |  1 +
 controls/urls.py                |  1 +
 controls/views.py               | 60 +++++++++++++++++++++++++-
 templates/systems/sar_list.html | 76 ++++++++++++++++++++++++++++++++-
 5 files changed, 137 insertions(+), 2 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index d9b681bfe..615f46c24 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -8,6 +8,7 @@ v0.9.6-dev (June XX, 2021)
 * Display legacy control implementation statements within system's statements.
 * Added compare components button to compare one component's statements to other selected components.
 * Added a Select/Deselect button for component comparison choice
+* Add accordion to assessment page to provide information on getting data from Wazuh.
 
 **Bug fixes**
 
diff --git a/controls/forms.py b/controls/forms.py
index dcb7abb64..2e1beeef3 100644
--- a/controls/forms.py
+++ b/controls/forms.py
@@ -155,3 +155,4 @@ def clean(self):
 
     assessment_results = forms.CharField(label='System assessment result items (JSON)', required=False, widget=forms.Textarea(),
             help_text="Listing of assessment items in JSON")
+
diff --git a/controls/urls.py b/controls/urls.py
index 8cb91d766..dacd1a137 100644
--- a/controls/urls.py
+++ b/controls/urls.py
@@ -43,6 +43,7 @@
 
     # Systems Assessment Results
     url(r'^(?P<system_id>.*)/assessments$', views.system_assessment_results_list, name="system_assessment_results_list"),
+    url(r'^(?P<system_id>.*)/assessments/new/wazuh$', views.new_system_assessment_result_wazuh, name="new_system_assessment_result_wazuh"),
     url(r'^(?P<system_id>.*)/assessment/new$', views.manage_system_assessment_result, name="new_system_assessment_result"),
     url(r'^(?P<system_id>.*)/sar/(?P<sar_id>.*)/view$', views.view_system_assessment_result_summary, name="view_system_assessment_result_summary"),
     url(r'^(?P<system_id>.*)/sar/(?P<sar_id>.*)/edit$', views.manage_system_assessment_result, name="manage_system_assessment_result"),
diff --git a/controls/views.py b/controls/views.py
index 72bc10ef8..644e57e51 100644
--- a/controls/views.py
+++ b/controls/views.py
@@ -40,6 +40,7 @@
 from .utilities import *
 from simple_history.utils import update_change_reason
 import functools
+import subprocess
 logging.basicConfig()
 import structlog
 from structlog import get_logger
@@ -3172,11 +3173,16 @@ def system_assessment_results_list(request, system_id=None):
         project = system.projects.all()[0]
         sars = system.system_assessment_result.all().order_by('created').reverse()
 
-        # Return the controls
+        # Retrieve user's API keys
+        api_keys = request.user.get_api_keys()
+
         context = {
             "system": system,
             "project": project,
             "sars": sars,
+            "api_key_ro": api_keys['ro'],
+            "api_key_rw": api_keys['rw'],
+            "api_key_wo": api_keys['wo']
         }
         return render(request, "systems/sar_list.html", context)
 
@@ -3271,3 +3277,55 @@ def system_assessment_result_history(request, system_id, sar_id=None):
         "deployment": full_sar_history,
     }
     return render(request, "systems/sar_history.html", context)
+
+@login_required
+def new_system_assessment_result_wazuh(request, system_id):
+    """Returns a SAR info from Wazuh and adds to system"""
+
+    if request.method != "POST":
+        return HttpResponseNotAllowed(["POST"])
+
+    else:
+        print("Getting Wazuh information")
+        # Validate data
+        valid = True
+        for param in ["wazuhhost_val", "user_val", "passwd_val", "agents_val"]:
+            if param not in request.POST:
+                valid = False
+                messages.add_message(request, messages.WARNING, f"Please complete field {param.replace('_val','')}")
+        if not valid:
+            return HttpResponseRedirect(f"/systems/{system_id}/assessments")
+
+        # Check user permissions
+        system = System.objects.get(pk=system_id)
+        if not request.user.has_perm('change_system', system):
+            # User does not have write permissions
+            # Log permission to save answer denied
+            logger.info(
+                event="delete_smt permission_denied",
+                object={"object": "statement", "id": statement.id},
+                user={"id": request.user.id, "username": request.user.username}
+            )
+            return HttpResponseForbidden(
+                "Permission denied. {} does not have change privileges to system and/or project.".format(
+                    request.user.username))
+
+        #python tools/simple_sar_server/wazuh_etl.py N6auqvmM44aq9mkktZiGo72cZTIXQQPG https://wazuh-1.govready.com -s 269 --agents 001,002,0003,004
+        #if subprocess.run(["python", "tools/simple_sar_server/wazuh_etl.py", "N6auqvmM44aq9mkktZiGo72cZTIXQQPG", "https://wazuh-1.govready.com", "-s", "269", "--agents", "001,002,0003,004"]):
+        if subprocess.run(["python", "tools/simple_sar_server/wazuh_etl.py", "N6auqvmM44aq9mkktZiGo72cZTIXQQPG", f"{request.POST['wazuhhost_val']}", "-s", f"{system_id}", "--agents", f"{request.POST['agents_val']}"]):
+            # see https://stackoverflow.com/questions/3878624/how-do-i-programmatically-determine-if-there-are-uncommitted-changes
+            print("Wazuh command executed")
+            messages.add_message(request, messages.INFO, f'OK. I hit the Wazuh API and added results to {system.root_element.name}.')
+        else:
+            messages.add_message(request, messages.INFO, f'Darn. There was a problem with the subprocess.')
+            print("Wazuh command failed")
+
+    # Redirect
+        return HttpResponseRedirect(f"/systems/{system_id}/assessments")
+
+
+
+
+
+
+
diff --git a/templates/systems/sar_list.html b/templates/systems/sar_list.html
index e1cef875d..52f165518 100644
--- a/templates/systems/sar_list.html
+++ b/templates/systems/sar_list.html
@@ -11,6 +11,18 @@
 
 {% block head %}
 {{block.super}}
+
+<style>
+
+    details > summary::before {
+        content: '▶ ';
+    }
+
+    details[open] > summary::before {
+        content: '▼ ';
+    }
+
+</style>
 {% include "controls/_style-controls.html" %}
 {% endblock %}
 
@@ -18,7 +30,69 @@
 <!-- authoring_tool_enabled included from project-base.html -->
 
 {% block body_content %}
-<div class="systems-top">
+
+<div>
+    <form method="post" action="{% url 'new_system_assessment_result_wazuh' project.system.id %}"
+          style="border: 1px solid #999; padding:12px 12px 12px 12px; border-radius:12px; margin-bottom: 12px;">
+        <div style="">Retrieve data from Wazuh</div>
+        {% csrf_token %}
+        <div class="form-inline">
+            <label for="wazuhhost_val">Wazuh host: </label>
+            <input id="wazuhhost_val" class="form-control"  type="text" name="wazuhhost_val" class="form-control" placeholder="https://wazuh.example.com:5500" onchange="update_wazuhhost(this.value); return false;" style="width: 250px;"/>
+            &nbsp;&nbsp;
+            <label for="user_val">User: </label>
+            <input id="user_val" class="form-control"  type="text" name="user_val" class="form-control" placeholder="seabiscuit" onchange="update_user(this.value); return false;"/>
+            &nbsp;&nbsp;
+            <label for="passwd_val"> Password: </label>
+            <input id="passwd_val" class="form-control"  type="password" name="passwd_val" class="form-control" placeholder="secretword" onchange="update_passwd(this.value)"/>
+            &nbsp;&nbsp;
+            <label for="agents_val"> Agents: </label>
+            <input id="agents_val" class="form-control"  type="text" name="agents_val" class="form-control" placeholder="001,002,003,004" onchange="update_agents(this.value)"/>
+            <button type="submit" id="create-object-button" class="btn btn-success">Execute &raquo;</button>
+        </div>
+
+        <details style="margin-left: 100px; margin-right: 24px; margin-top:8px;">
+            <summary>View Wazuh Commandline</summary>
+            <div>
+<pre>
+# Run wazuht_etl.py
+python tools/simple_sar_server/wazuh_etl.py {{api_key_wo}} <span class="wazuhhost_val">https://wazuh.example.com:55000</span> -s {{project.system.id}} --agents <span class="agents_val">001,002,003,004</span>
+
+# Authenticate and get Bearer token
+TOKEN=$(curl -u <span class="user_val">seabisbuit</span>:<span class="passwd_val">secret</span> -k -X GET "<span class="wazuhhost_val">https://wazuh.example.com:55000</span>/security/user/authenticate?raw=true")
+
+# Retrieve agent (e.g. monitored host) information
+curl -k -X GET "<span class="wazuhhost_val">WAZUH_HOST</span>/agents?pretty=true&sort=-ip,name" -H "Authorization: Bearer $TOKEN"
+</pre>
+
+            </div>
+        </details>
+
+    </div>
+
+    <script type="text/javascript">
+        // Change target values
+        function update_wazuhhost(value) {
+            $(".wazuhhost_val").html(value);
+            return false;
+        }
+        function update_user(value) {
+            $(".user_val").html(value);
+            return false;
+        }
+        function update_passwd(value) {
+            var str = new Array(value.length + 1).join( "X" );
+            $(".passwd_val").html(str);
+            return false;
+        }
+        function update_agents(value) {
+            $(".agents_val").html(value);
+            return false;
+        }
+    </script>
+    </form>
+
+
     <div id="tab-content" class="row rows-header">
         <div id="" class="col-xs-4 col-sm-4 col-md-4 col-lg-4 col-xl-4 systems-poam">System Assessment Results</div>
         <div id="" class="col-xs-5 col-sm-5 col-md-5 col-lg-5 col-xl-5">&nbsp;</div>

From fdeba46c3be484e203c8eba8ea6f1e37e0d000e0 Mon Sep 17 00:00:00 2001
From: Greg Elin <greg.elin@govready.com>
Date: Mon, 5 Jul 2021 18:19:28 -0500
Subject: [PATCH 2/6] Create SecurityService class to represent Security
 Service

Create `sec_srvc.SecurityService` class to represent a security service
from which data could be collected.

Add form to Assessments page to collect info from Wazuh SecurityService.
---
 CHANGELOG.md         |   7 +--
 controls/views.py    |  45 +++++++++++++----
 sec_srvc/__init__.py |   0
 sec_srvc/sec_srvc.py | 118 +++++++++++++++++++++++++++++++++++++++++++
 4 files changed, 157 insertions(+), 13 deletions(-)
 create mode 100644 sec_srvc/__init__.py
 create mode 100644 sec_srvc/sec_srvc.py

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 615f46c24..3d515564a 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -7,8 +7,9 @@ v0.9.6-dev (June XX, 2021)
 
 * Display legacy control implementation statements within system's statements.
 * Added compare components button to compare one component's statements to other selected components.
-* Added a Select/Deselect button for component comparison choice
+* Added a Select/Deselect button for component comparison choice.
 * Add accordion to assessment page to provide information on getting data from Wazuh.
+* Add form to Assessments page to collect Wazuh information.
 
 **Bug fixes**
 
@@ -17,12 +18,12 @@ v0.9.6-dev (June XX, 2021)
 **Developer changes**
 
 * Add custom Django command to batch import legacy control implementation statements from legacy SSPs Excel spreadsheet exports. Currently supports CSAM.
-* Added missing unit test for portfolio project endpoint
+* Added missing unit test for portfolio project endpoint.
+* Add `sec_srvc.SecurityService` class to represent a security service from which data could be collected.
 
 **Data changes**
 
 * Set all `StatementTypeEnum.<LABEL>.value` to `StatementTypeEnum.<LABEL>.name` in order for relevant label/term to show up in Django database admin interface.
-
 * Fisma impact level is now represented as Security Sensitivity level following OSCAL's schema.
 
 
diff --git a/controls/views.py b/controls/views.py
index 644e57e51..0d5f41245 100644
--- a/controls/views.py
+++ b/controls/views.py
@@ -3286,7 +3286,6 @@ def new_system_assessment_result_wazuh(request, system_id):
         return HttpResponseNotAllowed(["POST"])
 
     else:
-        print("Getting Wazuh information")
         # Validate data
         valid = True
         for param in ["wazuhhost_val", "user_val", "passwd_val", "agents_val"]:
@@ -3310,15 +3309,41 @@ def new_system_assessment_result_wazuh(request, system_id):
                 "Permission denied. {} does not have change privileges to system and/or project.".format(
                     request.user.username))
 
-        #python tools/simple_sar_server/wazuh_etl.py N6auqvmM44aq9mkktZiGo72cZTIXQQPG https://wazuh-1.govready.com -s 269 --agents 001,002,0003,004
-        #if subprocess.run(["python", "tools/simple_sar_server/wazuh_etl.py", "N6auqvmM44aq9mkktZiGo72cZTIXQQPG", "https://wazuh-1.govready.com", "-s", "269", "--agents", "001,002,0003,004"]):
-        if subprocess.run(["python", "tools/simple_sar_server/wazuh_etl.py", "N6auqvmM44aq9mkktZiGo72cZTIXQQPG", f"{request.POST['wazuhhost_val']}", "-s", f"{system_id}", "--agents", f"{request.POST['agents_val']}"]):
-            # see https://stackoverflow.com/questions/3878624/how-do-i-programmatically-determine-if-there-are-uncommitted-changes
-            print("Wazuh command executed")
-            messages.add_message(request, messages.INFO, f'OK. I hit the Wazuh API and added results to {system.root_element.name}.')
-        else:
-            messages.add_message(request, messages.INFO, f'Darn. There was a problem with the subprocess.')
-            print("Wazuh command failed")
+        from sec_srvc.sec_srvc import SecurityService
+        sec_srvc = SecurityService()
+
+        sec_srvc.setup(request.POST['wazuhhost_val'])
+
+        description = sec_srvc.description()
+
+        user = request.POST['user_val']
+        passwd = request.POST['passwd_val']
+        authentication = sec_srvc.authenticate(user, passwd)
+
+        identifiers = request.POST['agents_val']
+        extracted_data = sec_srvc.extract_data(authentication, identifiers)
+
+        # TODO: Set deployment id
+        deployment_uuid = "7e85e2af-20d4-4103-9a92-c4cfaa827293"
+        transformed_data = sec_srvc.transform_data(extracted_data, system_id, "Scan Title", "Scan description", deployment_uuid)
+
+        loaded_data = sec_srvc.load_data(transformed_data)
+
+        sar = SystemAssessmentResult(
+                name=transformed_data["metadata"]["title"],
+                description=transformed_data["metadata"]["description"],
+                system_id=transformed_data["metadata"]["system_id"],
+                deployment_id=transformed_data["metadata"]["system_id"],
+                assessment_results=transformed_data
+                # assessment_results=json.loads(request.FILES.get('data').read().decode("utf8", "replace"))
+            )
+        sar.save()
+        logger.info(
+            event="create_system_assessment_result",
+            object={"object": "system_assessment_result", "id": sar.id, "name":sar.name},
+            user={"id": request.user.id, "username": request.user.username}
+        )
+        messages.add_message(request, messages.INFO, "Data from Wazuh retrieved and loaded")
 
     # Redirect
         return HttpResponseRedirect(f"/systems/{system_id}/assessments")
diff --git a/sec_srvc/__init__.py b/sec_srvc/__init__.py
new file mode 100644
index 000000000..e69de29bb
diff --git a/sec_srvc/sec_srvc.py b/sec_srvc/sec_srvc.py
new file mode 100644
index 000000000..cb07897cd
--- /dev/null
+++ b/sec_srvc/sec_srvc.py
@@ -0,0 +1,118 @@
+from http.server import HTTPServer, BaseHTTPRequestHandler
+from urllib import request, parse
+
+import os
+import platform
+import re
+import signal
+import sys
+from base64 import b64encode
+import requests
+import urllib3
+
+import json
+import random
+import uuid
+
+class SecurityService:
+
+    def description(self):
+        description = {
+            "name": "Example Security Service",
+            "description": "Short description",
+            "version": "2.1"
+        }
+        return description
+
+    def setup(self, base_url):
+        self.base_url = base_url
+        return True
+
+    def get_response(self, url, headers=None, verify=False):
+        request_result = requests.get(url, headers=headers, verify=verify)
+        if request_result.status_code == 200:
+            return json.loads(request_result.content.decode())
+        else:
+            # TODO: better handling of response code; 401, 301, etc.
+            raise Exception(f"Error obtaining response: {request_result.json()}")
+
+    def authenticate(self, user=None, passwd=None):
+        """Authenticate with service"""
+
+        if user == None or passwd == None:
+            self.srvc_auth = { "authenticated": False,
+                "token": None,
+                "error": "Username and/or password not provided."
+            }
+            return self.srvc_auth
+        self.login_url = f"{self.base_url}/security/user/authenticate"
+        basic_auth = f"{user}:{passwd}".encode()
+        headers = {'Authorization': f'Basic {b64encode(basic_auth).decode()}'}
+        token = f'Bearer {self.get_response(self.login_url, headers)["data"]["token"]}'
+        self.srvc_auth = { "authenticated": True,
+            "token": token,
+            "error": None
+        }
+        return self.srvc_auth
+
+    def extract_data(self, authentication, identifiers):
+        """Extract data from Security Service using list of identifiers"""
+
+        identifier_ids = None
+        if identifiers is not None:
+            identifier_ids = identifiers.split(",")
+        description = self.description()["description"]
+        title = self.description()["name"]
+
+        sar_list = []
+        headers = {}
+
+        # Authorize
+        if self.srvc_auth and self.srvc_auth['authenticated']:
+            headers['Authorization'] = self.srvc_auth['token']
+        else:
+            # TODO: Handle no authentication on attempt to extract data
+            pass
+
+        # Extract data
+        for identifer_id in identifier_ids:
+            # Retrieve Wazuh SCA scan for each agent
+            endpoint = f'/sca/{identifer_id}?pretty=true'
+            response = self.get_response(self.base_url + endpoint, headers)
+
+            # Enhance data
+            # TODO: Should this be in transform?
+            if len(response["data"]["affected_items"]) == 1:
+                endpoint_result = response["data"]["affected_items"][0]
+                # Enhance agent result
+                endpoint_result['agent'] = identifer_id
+                endpoint_result['ip_address'] = None
+                endpoint_result['url_link'] = f"{PROTOCOL}://{HOST}/app/wazuh#/overview/?tab=sca&agentId={identifer_id}"
+                sar_list.append(endpoint_result)
+            else:
+                endpoint_result = None
+        data = sar_list
+        return data
+
+    def transform_data(self, data, system_id=None, title=None, description=None, deployment_uuid=None):
+        modified_items = data
+
+        # TODO: update data time fields
+        transformed_data = {'schema': 'GovReadySimpleSAR',
+           'version': '0.2',
+           "metadata": {
+                "deployment_uuid": f"{deployment_uuid}",
+                "description": f"{description}",
+                "last-modified": "dateTime-with-timezone",
+                "published": "dateTime-with-timezone",
+                "schema": "GovReadySimpleSAR",
+                "system_id": f"{system_id}",
+                "title": f"{title}",
+                "version": "0.2"
+            },
+           'sar': modified_items
+        }
+        return transformed_data
+
+    def load_data(self, data):
+        return "Load data"

From c4e37a6a30e77c173c47c92ba3dfe242a25be905 Mon Sep 17 00:00:00 2001
From: Greg Elin <greg.elin@govready.com>
Date: Tue, 6 Jul 2021 12:33:41 -0500
Subject: [PATCH 3/6] Fix sec_srvc.py

---
 sec_srvc/sec_srvc.py | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/sec_srvc/sec_srvc.py b/sec_srvc/sec_srvc.py
index cb07897cd..ba3367d77 100644
--- a/sec_srvc/sec_srvc.py
+++ b/sec_srvc/sec_srvc.py
@@ -14,6 +14,7 @@
 import random
 import uuid
 
+
 class SecurityService:
 
     def description(self):
@@ -87,7 +88,7 @@ def extract_data(self, authentication, identifiers):
                 # Enhance agent result
                 endpoint_result['agent'] = identifer_id
                 endpoint_result['ip_address'] = None
-                endpoint_result['url_link'] = f"{PROTOCOL}://{HOST}/app/wazuh#/overview/?tab=sca&agentId={identifer_id}"
+                endpoint_result['url_link'] = f"https://{self.base_url}/app/wazuh#/overview/?tab=sca&agentId={identifer_id}"
                 sar_list.append(endpoint_result)
             else:
                 endpoint_result = None

From 3a15dc6d91169e0c00107b3b9de572b306ac883e Mon Sep 17 00:00:00 2001
From: Alexander Ward <alexander.ward1@gmail.com>
Date: Tue, 6 Jul 2021 13:20:15 -0500
Subject: [PATCH 4/6] Abstracted and made a few improvements

---
 .gitignore                         |   3 +-
 controls/views.py                  |  64 ++++++++--------
 sec_srvc/security_service.py       |  39 ++++++++++
 sec_srvc/{sec_srvc.py => wazuh.py} | 119 ++++++++++++-----------------
 4 files changed, 123 insertions(+), 102 deletions(-)
 create mode 100644 sec_srvc/security_service.py
 rename sec_srvc/{sec_srvc.py => wazuh.py} (50%)

diff --git a/.gitignore b/.gitignore
index 3bafe74b6..86e5637c8 100644
--- a/.gitignore
+++ b/.gitignore
@@ -118,4 +118,5 @@ _notes/
 
 env_var.sh
 dev_env/docker/ssh/
-environment.json
\ No newline at end of file
+environment.json
+environment.okta.json
\ No newline at end of file
diff --git a/controls/views.py b/controls/views.py
index 0d5f41245..109a15f2a 100644
--- a/controls/views.py
+++ b/controls/views.py
@@ -3302,51 +3302,51 @@ def new_system_assessment_result_wazuh(request, system_id):
             # Log permission to save answer denied
             logger.info(
                 event="delete_smt permission_denied",
-                object={"object": "statement", "id": statement.id},
+                object={"object": "statement", "id": statement.id},  # todo - statement not defined anywhere - Greg
                 user={"id": request.user.id, "username": request.user.username}
             )
             return HttpResponseForbidden(
                 "Permission denied. {} does not have change privileges to system and/or project.".format(
                     request.user.username))
 
-        from sec_srvc.sec_srvc import SecurityService
-        sec_srvc = SecurityService()
-
-        sec_srvc.setup(request.POST['wazuhhost_val'])
-
-        description = sec_srvc.description()
+        from sec_srvc.wazuh import WazuhSecurityService
+        wazuh_sec_svc = WazuhSecurityService()
+        wazuh_sec_svc.setup(base_url=request.POST['wazuhhost_val'])
 
-        user = request.POST['user_val']
-        passwd = request.POST['passwd_val']
-        authentication = sec_srvc.authenticate(user, passwd)
+        authentication = wazuh_sec_svc.authenticate(request.POST['user_val'], request.POST['passwd_val'])
 
-        identifiers = request.POST['agents_val']
-        extracted_data = sec_srvc.extract_data(authentication, identifiers)
+        if wazuh_sec_svc.is_authenticated:
+            identifiers = request.POST['agents_val']
+            extracted_data = wazuh_sec_svc.extract_data(authentication, identifiers)
 
-        # TODO: Set deployment id
-        deployment_uuid = "7e85e2af-20d4-4103-9a92-c4cfaa827293"
-        transformed_data = sec_srvc.transform_data(extracted_data, system_id, "Scan Title", "Scan description", deployment_uuid)
+            # TODO: Set deployment id
+            deployment_uuid = "7e85e2af-20d4-4103-9a92-c4cfaa827293"
+            transformed_data = wazuh_sec_svc.transform_data(extracted_data, system_id, "Scan Title", "Scan description", deployment_uuid)
 
-        loaded_data = sec_srvc.load_data(transformed_data)
+            loaded_data = wazuh_sec_svc.load_data(transformed_data)
 
-        sar = SystemAssessmentResult(
-                name=transformed_data["metadata"]["title"],
-                description=transformed_data["metadata"]["description"],
-                system_id=transformed_data["metadata"]["system_id"],
-                deployment_id=transformed_data["metadata"]["system_id"],
-                assessment_results=transformed_data
-                # assessment_results=json.loads(request.FILES.get('data').read().decode("utf8", "replace"))
+            sar = SystemAssessmentResult(
+                    name=transformed_data["metadata"]["title"],
+                    description=transformed_data["metadata"]["description"],
+                    system_id=transformed_data["metadata"]["system_id"],
+                    deployment_id=transformed_data["metadata"]["system_id"],
+                    assessment_results=transformed_data
+                    # assessment_results=json.loads(request.FILES.get('data').read().decode("utf8", "replace"))
+                )
+            sar.save()
+            logger.info(
+                event="create_system_assessment_result",
+                object={"object": "system_assessment_result", "id": sar.id, "name":sar.name},
+                user={"id": request.user.id, "username": request.user.username}
             )
-        sar.save()
-        logger.info(
-            event="create_system_assessment_result",
-            object={"object": "system_assessment_result", "id": sar.id, "name":sar.name},
-            user={"id": request.user.id, "username": request.user.username}
-        )
-        messages.add_message(request, messages.INFO, "Data from Wazuh retrieved and loaded")
+            messages.add_message(request, messages.INFO, "Data from Wazuh retrieved and loaded")
 
-    # Redirect
-        return HttpResponseRedirect(f"/systems/{system_id}/assessments")
+        # Redirect
+            return HttpResponseRedirect(f"/systems/{system_id}/assessments")
+
+        else:
+            # TODO: better handling of response code; 401, 301, etc.
+            raise Exception(wazuh_sec_svc.error_msg['error'])
 
 
 
diff --git a/sec_srvc/security_service.py b/sec_srvc/security_service.py
new file mode 100644
index 000000000..167cc734b
--- /dev/null
+++ b/sec_srvc/security_service.py
@@ -0,0 +1,39 @@
+
+class SecurityService:
+    DESCRIPTION = {}
+
+    def __init__(self, **kwargs):
+        assert self.DESCRIPTION, "Developer must assign a description dict"
+        self.__is_authenticated = False
+        self.error_msg = {}
+        self.auth_dict = {}
+        self.data = None
+        self.base_url = None
+
+    def setup(self, **kwargs):
+        raise NotImplementedError()
+
+    def get_response(self, url, headers=None, verify=False):
+        raise NotImplementedError()
+
+    def authenticate(self, user=None, passwd=None):
+        """Authenticate with service"""
+        raise NotImplementedError()
+
+    @property
+    def is_authenticated(self):
+        return self.__is_authenticated
+
+    @is_authenticated.setter
+    def is_authenticated(self, value):
+        self.__is_authenticated = value
+
+    def extract_data(self, authentication, identifiers):
+        """Extract data from Security Service using list of identifiers"""
+        raise NotImplementedError()
+
+    def transform_data(self, data, system_id=None, title=None, description=None, deployment_uuid=None):
+        raise NotImplementedError()
+
+    def load_data(self, data):
+        raise NotImplementedError()
diff --git a/sec_srvc/sec_srvc.py b/sec_srvc/wazuh.py
similarity index 50%
rename from sec_srvc/sec_srvc.py
rename to sec_srvc/wazuh.py
index cb07897cd..280d5b11f 100644
--- a/sec_srvc/sec_srvc.py
+++ b/sec_srvc/wazuh.py
@@ -1,78 +1,50 @@
-from http.server import HTTPServer, BaseHTTPRequestHandler
-from urllib import request, parse
+import json
 
-import os
-import platform
-import re
-import signal
-import sys
-from base64 import b64encode
 import requests
-import urllib3
-
-import json
-import random
-import uuid
 
-class SecurityService:
+from sec_srvc.security_service import SecurityService
+from base64 import b64encode
+from urllib.parse import urlparse
 
-    def description(self):
-        description = {
-            "name": "Example Security Service",
-            "description": "Short description",
-            "version": "2.1"
-        }
-        return description
 
-    def setup(self, base_url):
-        self.base_url = base_url
-        return True
+class WazuhSecurityService(SecurityService):
+    DESCRIPTION = {
+        "name": "Example Security Service",
+        "description": "Short description",
+        "version": "2.1"
+    }
 
-    def get_response(self, url, headers=None, verify=False):
-        request_result = requests.get(url, headers=headers, verify=verify)
-        if request_result.status_code == 200:
-            return json.loads(request_result.content.decode())
-        else:
-            # TODO: better handling of response code; 401, 301, etc.
-            raise Exception(f"Error obtaining response: {request_result.json()}")
+    def setup(self, **kwargs):
+        self.base_url = kwargs.pop('base_url')
+        url_parts = urlparse(self.base_url)
+        if not (url_parts.scheme and url_parts.netloc):
+            raise Exception("Invalid base url")
 
     def authenticate(self, user=None, passwd=None):
         """Authenticate with service"""
-
-        if user == None or passwd == None:
-            self.srvc_auth = { "authenticated": False,
-                "token": None,
-                "error": "Username and/or password not provided."
-            }
-            return self.srvc_auth
-        self.login_url = f"{self.base_url}/security/user/authenticate"
+        if user is None or passwd is None:
+            self.error_msg = {"error": "Username and/or password not provided."}
+            return
+        login_url = f"{self.base_url}/security/user/authenticate"
         basic_auth = f"{user}:{passwd}".encode()
         headers = {'Authorization': f'Basic {b64encode(basic_auth).decode()}'}
-        token = f'Bearer {self.get_response(self.login_url, headers)["data"]["token"]}'
-        self.srvc_auth = { "authenticated": True,
-            "token": token,
-            "error": None
-        }
-        return self.srvc_auth
+        token = f'Bearer {self.get_response(login_url, headers)["data"]["token"]}'
+        self.auth_dict = {"token": token}
+        self.is_authenticated = True
 
     def extract_data(self, authentication, identifiers):
         """Extract data from Security Service using list of identifiers"""
+        if not self.is_authenticated:
+            raise Exception("User must be authenticated before making extraction request from Wazuh")
 
         identifier_ids = None
         if identifiers is not None:
             identifier_ids = identifiers.split(",")
-        description = self.description()["description"]
-        title = self.description()["name"]
+        description = self.DESCRIPTION["description"]
+        title = self.DESCRIPTION["name"]
 
         sar_list = []
-        headers = {}
-
-        # Authorize
-        if self.srvc_auth and self.srvc_auth['authenticated']:
-            headers['Authorization'] = self.srvc_auth['token']
-        else:
-            # TODO: Handle no authentication on attempt to extract data
-            pass
+        headers = dict(Authorization=self.auth_dict['token'])
 
         # Extract data
         for identifer_id in identifier_ids:
@@ -87,7 +59,8 @@ def extract_data(self, authentication, identifiers):
                 # Enhance agent result
                 endpoint_result['agent'] = identifer_id
                 endpoint_result['ip_address'] = None
-                endpoint_result['url_link'] = f"{PROTOCOL}://{HOST}/app/wazuh#/overview/?tab=sca&agentId={identifer_id}"
+                endpoint_result[
+                    'url_link'] = f"https://{self.base_url}/app/wazuh#/overview/?tab=sca&agentId={identifer_id}"
                 sar_list.append(endpoint_result)
             else:
                 endpoint_result = None
@@ -99,20 +72,28 @@ def transform_data(self, data, system_id=None, title=None, description=None, dep
 
         # TODO: update data time fields
         transformed_data = {'schema': 'GovReadySimpleSAR',
-           'version': '0.2',
-           "metadata": {
-                "deployment_uuid": f"{deployment_uuid}",
-                "description": f"{description}",
-                "last-modified": "dateTime-with-timezone",
-                "published": "dateTime-with-timezone",
-                "schema": "GovReadySimpleSAR",
-                "system_id": f"{system_id}",
-                "title": f"{title}",
-                "version": "0.2"
-            },
-           'sar': modified_items
-        }
+                            'version': '0.2',
+                            "metadata": {
+                                "deployment_uuid": f"{deployment_uuid}",
+                                "description": f"{description}",
+                                "last-modified": "dateTime-with-timezone",
+                                "published": "dateTime-with-timezone",
+                                "schema": "GovReadySimpleSAR",
+                                "system_id": f"{system_id}",
+                                "title": f"{title}",
+                                "version": "0.2"
+                            },
+                            'sar': modified_items
+                            }
         return transformed_data
 
+    def get_response(self, url, headers=None, verify=False):
+        request_result = requests.get(url, headers=headers, verify=verify)
+        if request_result.status_code == 200:
+            return json.loads(request_result.content.decode())
+        else:
+            # TODO: better handling of response code; 401, 301, etc.
+            raise Exception(f"Error obtaining response: {request_result.json()}")
+
     def load_data(self, data):
         return "Load data"

From 60bdaa36846f0a61998b315776789debb38700d8 Mon Sep 17 00:00:00 2001
From: Greg Elin <greg.elin@govready.com>
Date: Fri, 9 Jul 2021 08:06:27 -0400
Subject: [PATCH 5/6] Fix uuid error

---
 controls/views.py | 17 ++++++++++++++---
 sec_srvc/wazuh.py |  7 ++++++-
 2 files changed, 20 insertions(+), 4 deletions(-)

diff --git a/controls/views.py b/controls/views.py
index 109a15f2a..2112ea147 100644
--- a/controls/views.py
+++ b/controls/views.py
@@ -3320,16 +3320,27 @@ def new_system_assessment_result_wazuh(request, system_id):
             extracted_data = wazuh_sec_svc.extract_data(authentication, identifiers)
 
             # TODO: Set deployment id
-            deployment_uuid = "7e85e2af-20d4-4103-9a92-c4cfaa827293"
-            transformed_data = wazuh_sec_svc.transform_data(extracted_data, system_id, "Scan Title", "Scan description", deployment_uuid)
+            # deployment_uuid = "7e85e2af-20d4-4103-9a92-c4cfaa827293"
+            deployment_uuid = None
 
+            transformed_data = wazuh_sec_svc.transform_data(extracted_data, system_id, "Scan Title", "Scan description", deployment_uuid)
             loaded_data = wazuh_sec_svc.load_data(transformed_data)
 
+            # Determine deployment_id from deployment_uuid
+            # TODO: Make sure deployment is associated with system
+            if deployment_uuid is None or deployment_uuid == "None":
+                # When deployment is not defined, leave blank and attach SAR to system only
+                deployment = None
+                deployment_id = None
+            else:
+                deployment = Deployment.objects.get(uuid=deployment_uuid)
+                deployment_id = deployment.id
+
             sar = SystemAssessmentResult(
                     name=transformed_data["metadata"]["title"],
                     description=transformed_data["metadata"]["description"],
                     system_id=transformed_data["metadata"]["system_id"],
-                    deployment_id=transformed_data["metadata"]["system_id"],
+                    deployment_id=deployment_id,
                     assessment_results=transformed_data
                     # assessment_results=json.loads(request.FILES.get('data').read().decode("utf8", "replace"))
                 )
diff --git a/sec_srvc/wazuh.py b/sec_srvc/wazuh.py
index 4044cbed6..fc810bdbe 100644
--- a/sec_srvc/wazuh.py
+++ b/sec_srvc/wazuh.py
@@ -69,11 +69,16 @@ def extract_data(self, authentication, identifiers):
     def transform_data(self, data, system_id=None, title=None, description=None, deployment_uuid=None):
         modified_items = data
 
+        if deployment_uuid is not None:
+            d_uuid_uuid = uuid.UUID(f'urn:uuid:{deployment_uuid}')
+        else:
+            d_uuid_uuid = None
+
         # TODO: update data time fields
         transformed_data = {'schema': 'GovReadySimpleSAR',
                             'version': '0.2',
                             "metadata": {
-                                "deployment_uuid": f"{deployment_uuid}",
+                                "deployment_uuid": f"{d_uuid_uuid}",
                                 "description": f"{description}",
                                 "last-modified": "dateTime-with-timezone",
                                 "published": "dateTime-with-timezone",

From 71fafde9f649b7632fa21d5323eb8c2088bb82e5 Mon Sep 17 00:00:00 2001
From: Greg Elin <greg.elin@govready.com>
Date: Fri, 9 Jul 2021 09:43:17 -0400
Subject: [PATCH 6/6] Fix testing for fields

---
 controls/views.py | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/controls/views.py b/controls/views.py
index 2112ea147..4bbf12512 100644
--- a/controls/views.py
+++ b/controls/views.py
@@ -3289,7 +3289,7 @@ def new_system_assessment_result_wazuh(request, system_id):
         # Validate data
         valid = True
         for param in ["wazuhhost_val", "user_val", "passwd_val", "agents_val"]:
-            if param not in request.POST:
+            if param not in request.POST or request.POST[param] == "":
                 valid = False
                 messages.add_message(request, messages.WARNING, f"Please complete field {param.replace('_val','')}")
         if not valid:
@@ -3320,7 +3320,6 @@ def new_system_assessment_result_wazuh(request, system_id):
             extracted_data = wazuh_sec_svc.extract_data(authentication, identifiers)
 
             # TODO: Set deployment id
-            # deployment_uuid = "7e85e2af-20d4-4103-9a92-c4cfaa827293"
             deployment_uuid = None
 
             transformed_data = wazuh_sec_svc.transform_data(extracted_data, system_id, "Scan Title", "Scan description", deployment_uuid)