Deactivate tests and update vulnerability-detector configuration

deps/wazuh_testing/wazuh_testing/data/all_disabled_ossec.conf

@@ -38,9 +38,13 @@
     <enabled>no</enabled>
   </sca>
 
-  <vulnerability-detector>
+  <vulnerability-detection>
     <enabled>no</enabled>
-  </vulnerability-detector>
+  </vulnerability-detection>
+
+  <indexer>
+    <enabled>no</enabled>
+  </indexer>
 
   <!-- File integrity monitoring -->
   <syscheck>

provisioning/roles/wazuh/ansible-wazuh-manager/defaults/main.yml

@@ -173,32 +173,11 @@ wazuh_manager_sca:
 ## Vulnerability Detector
 wazuh_manager_vulnerability_detector:
   enabled: 'no'
-  interval: '5m'
-  run_on_start: 'yes'
-  providers:
-    - enabled: 'no'
-      os:
-        - 'trusty'
-        - 'xenial'
-        - 'bionic'
-      update_interval: '1h'
-      name: '"canonical"'
-    - enabled: 'no'
-      os:
-        - 'wheezy'
-        - 'stretch'
-        - 'jessie'
-        - 'buster'
-      update_interval: '1h'
-      name: '"debian"'
-    - enabled: 'no'
-      update_from_year: '2010'
-      update_interval: '1h'
-      name: '"redhat"'
-    - enabled: 'no'
-      update_from_year: '2010'
-      update_interval: '1h'
-      name: '"nvd"'
+  index_status: 'no'
+  feed_update_interval: '60m'
+
+wazuh_manager_indexer:
+  enabled: 'no'
 
 ## Syscheck
 wazuh_manager_syscheck:
@@ -441,6 +420,7 @@ wazuh_manager_config_defaults:
   syscollector: '{{ wazuh_manager_syscollector }}'
   sca: '{{ wazuh_manager_sca }}'
   vulnerability_detector: '{{ wazuh_manager_vulnerability_detector }}'
+  indexer: '{{ wazuh_manager_indexer }}'
   log_level: '{{ wazuh_manager_log_level }}'
   email_level: '{{ wazuh_manager_email_level }}'
   localfiles: '{{ wazuh_manager_localfiles }}'

provisioning/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2

@@ -258,37 +258,23 @@
   {% endif %}
   </sca>
 
-  <vulnerability-detector>
+  <vulnerability-detection>
   {% if wazuh_manager_config.vulnerability_detector.enabled is defined %}
     <enabled>{{ wazuh_manager_config.vulnerability_detector.enabled }}</enabled>
   {% endif %}
-  {% if wazuh_manager_config.vulnerability_detector.interval is defined %}
-    <interval>{{ wazuh_manager_config.vulnerability_detector.interval }}</interval>
+  {% if wazuh_manager_config.vulnerability_detector.index_status is defined %}
+    <index-status>{{ wazuh_manager_config.vulnerability_detector.index_status }}</index-status>
   {% endif %}
-  {% if wazuh_manager_config.vulnerability_detector.run_on_start is defined %}
-    <run_on_start>{{ wazuh_manager_config.vulnerability_detector.run_on_start }}</run_on_start>
+  {% if wazuh_manager_config.vulnerability_detector.feed_update_interval is defined %}
+    <feed-update-interval>{{ wazuh_manager_config.vulnerability_detector.feed_update_interval }}</feed-update-interval>
   {% endif %}
-  {% if wazuh_manager_config.vulnerability_detector.providers is defined %}
-  {% for provider_ in wazuh_manager_config.vulnerability_detector.providers %}
-    <provider name={{ provider_.name }}>
-      {% if provider_.enabled is defined %}
-      <enabled>{{ provider_.enabled }}</enabled>
-      {% endif %}
-      {% if provider_.os is defined %}
-      {% for os_ in provider_.os %}
-      <os>{{ os_ }}</os>
-      {% endfor %}
-      {% endif %}
-      {% if provider_.update_from_year is defined %}
-      <update_from_year>{{ provider_.update_from_year }}</update_from_year>
-      {% endif %}
-      {% if provider_.update_interval is defined %}
-      <update_interval>{{ provider_.update_interval }}</update_interval>
-      {% endif %}
-    </provider>
-  {% endfor %}
+  </vulnerability-detection>
+
+  <indexer>
+  {% if wazuh_manager_config.indexer.enabled is defined %}
+    <enabled>{{ wazuh_manager_config.indexer.enabled }}</enabled>
   {% endif %}
-  </vulnerability-detector>
+  </indexer>
 
   <!-- File integrity monitoring -->
   <syscheck>

tests/end_to_end/test_basic_cases/test_vulnerability_detector/test_vulnerability_detector_linux/data/playbooks/configuration.yaml

@@ -37,25 +37,14 @@
         tasks_from: write_wazuh_config.yaml
       vars:
         config_block: |
-          <vulnerability-detector>
+          <vulnerability-detection>
           <enabled>yes</enabled>
-          <interval>60s</interval>
-          <min_full_scan_interval>60s</min_full_scan_interval>
-          <run_on_start>yes</run_on_start>
-
-          <!-- Ubuntu OS vulnerabilities -->
-          <provider name="canonical">
-          <enabled>yes</enabled>
-          <os>jammy</os>
-          <update_interval>1h</update_interval>
-          </provider>
-
-          <!-- Aggregate vulnerabilities -->
-          <provider name="nvd">
-          <enabled>yes</enabled>
-          <update_interval>1h</update_interval>
-          </provider>
-          </vulnerability-detector>
+          <index-status>no</index-status>
+          <feed-update-interval>60s</feed-update-interval>
+          </vulnerability-detection>
+          <indexer>
+          <enabled>no</enabled>
+          </indexer>
         os: linux
 
     - name: Restart wazuh-manager

tests/end_to_end/test_basic_cases/test_vulnerability_detector/test_vulnerability_detector_linux/test_vulnerability_detector_linux.py

@@ -67,6 +67,7 @@
 pytestmark = [TIER0, LINUX]
 
 
+@pytest.mark.skip(reason="Vulnerability Detector was refactored. Some tests are deprecated.")
 @pytest.mark.filterwarnings('ignore::urllib3.exceptions.InsecureRequestWarning')
 @pytest.mark.parametrize('metadata', configuration_metadata, ids=cases_ids)
 def test_vulnerability_detector_linux(configure_environment, metadata, get_indexer_credentials, get_manager_ip,

tests/end_to_end/test_basic_cases/test_vulnerability_detector/test_vulnerability_detector_windows/data/playbooks/configuration.yaml

@@ -51,24 +51,14 @@
         tasks_from: write_wazuh_config.yaml
       vars:
         config_block: |
-          <vulnerability-detector>
+          <vulnerability-detection>
           <enabled>yes</enabled>
-          <interval>60s</interval>
-          <min_full_scan_interval>60s</min_full_scan_interval>
-          <run_on_start>yes</run_on_start>
-
-          <!-- Windows OS vulnerabilities -->
-          <provider name="msu">
-          <enabled>yes</enabled>
-          <update_interval>1h</update_interval>
-          </provider>
-
-          <!-- Aggregate vulnerabilities -->
-          <provider name="nvd">
-          <enabled>yes</enabled>
-          <update_interval>1h</update_interval>
-          </provider>
-          </vulnerability-detector>
+          <index-status>no</index-status>
+          <feed-update-interval>60s</feed-update-interval>
+          </vulnerability-detection>
+          <indexer>
+          <enabled>no</enabled>
+          </indexer>
         os: linux
 
     - name: Restart wazuh-manager

tests/end_to_end/test_basic_cases/test_vulnerability_detector/test_vulnerability_detector_windows/test_vulnerability_detection_windows.py

@@ -68,6 +68,7 @@
 pytestmark = [TIER0, WINDOWS]
 
 
+@pytest.mark.skip(reason="Vulnerability Detector was refactored. Some tests are deprecated.")
 @pytest.mark.filterwarnings('ignore::urllib3.exceptions.InsecureRequestWarning')
 @pytest.mark.parametrize('metadata', configuration_metadata, ids=cases_ids)
 def test_vulnerability_detector_windows(configure_environment, metadata, get_indexer_credentials, get_manager_ip,

tests/integration/test_active_response/test_analysisd/data/configuration_template/configuration_overwritten_rules.yaml

@@ -26,7 +26,12 @@
         - log_format:
             value: syslog
 
-    - section: vulnerability-detector
+    - section: vulnerability-detection
+      elements:
+        - enabled:
+            value: 'no'
+
+    - section: indexer
       elements:
         - enabled:
             value: 'no'

tests/integration/test_analysisd/test_limit_eps/data/configuration_template/basic_test_module/configuration_disabled.yaml

@@ -1,5 +1,9 @@
 - sections:
-    - section: vulnerability-detector
+    - section: vulnerability-detection
+      elements:
+        - enabled:
+            value: 'no'
+    - section: indexer
       elements:
         - enabled:
             value: 'no'

tests/integration/test_analysisd/test_signature_id/data/configuration_template/configuration_signature_id_values.yaml

@@ -1,5 +1,10 @@
 - sections:
-    - section: vulnerability-detector
+    - section: vulnerability-detection
+      elements:
+        - enabled:
+            value: 'no'
+
+    - section: indexer
       elements:
         - enabled:
             value: 'no'

tests/integration/test_fim/test_files/test_audit/data/ossec.conf

@@ -108,25 +108,13 @@
     </policies>
   </sca>
 
-  <wodle name="vulnerability-detector">
-    <disabled>yes</disabled>
-    <interval>5m</interval>
-    <ignore_time>6h</ignore_time>
-    <run_on_start>yes</run_on_start>
-    <feed name="ubuntu-18">
-      <disabled>yes</disabled>
-      <update_interval>1h</update_interval>
-    </feed>
-    <feed name="redhat">
-      <disabled>yes</disabled>
-      <update_from_year>2010</update_from_year>
-      <update_interval>1h</update_interval>
-    </feed>
-    <feed name="debian-9">
-      <disabled>yes</disabled>
-      <update_interval>1h</update_interval>
-    </feed>
-  </wodle>
+  <vulnerability-detection>
+    <enabled>no</enabled>
+  </vulnerability-detection>
+
+  <indexer>
+    <enabled>no</enabled>
+  </indexer>
 
   <!-- File integrity monitoring -->
   <syscheck>

tests/integration/test_integratord/data/configuration/configuration_alerts_reading.yaml

@@ -22,12 +22,15 @@
         - disabled:
             value: 'yes'
 
-    - section: wodle
-      attributes:
-        - name: vulnerability-detector
+    - section: vulnerability-detection
       elements:
-        - disabled:
-            value: 'yes'
+        - enabled:
+            value: 'no'
+
+    - section: indexer
+      elements:
+        - enabled:
+            value: 'no'
 
     - section: rootcheck
       elements:

tests/integration/test_syscollector/data/configuration/configuration_syscollector.yaml

@@ -35,12 +35,15 @@
         - disabled:
             value: 'yes'
 
-    - section: wodle
-      attributes:
-        - name: vulnerability-detector
+    - section: vulnerability-detection
       elements:
-        - disabled:
-            value: 'yes'
+        - enabled:
+            value: 'no'
+
+    - section: indexer
+      elements:
+        - enabled:
+            value: 'no'
 
     - section: rootcheck
       elements:

tests/integration/test_syscollector/data/configuration/configuration_syscollector_no_tags.yaml

@@ -8,12 +8,15 @@
         - disabled:
             value: 'yes'
 
-    - section: wodle
-      attributes:
-        - name: vulnerability-detector
+    - section: vulnerability-detection
       elements:
-        - disabled:
-            value: 'yes'
+        - enabled:
+            value: 'no'
+
+    - section: indexer
+      elements:
+        - enabled:
+            value: 'no'
 
     - section: rootcheck
       elements:

tests/integration/test_syscollector/data/configuration/configuration_syscollector_scans_disabled.yaml

@@ -31,12 +31,15 @@
         - disabled:
             value: 'yes'
 
-    - section: wodle
-      attributes:
-        - name: vulnerability-detector
+    - section: vulnerability-detection
       elements:
-        - disabled:
-            value: 'yes'
+        - enabled:
+            value: 'no'
+
+    - section: indexer
+      elements:
+        - enabled:
+            value: 'no'
 
     - section: rootcheck
       elements:

tests/integration/test_vulnerability_detector/test_cpe_helper/test_cpe_helper.py

@@ -252,6 +252,7 @@ def prepare_environment(request, metadata, agent_system, agent_packages, mock_ag
     write_json_file(CPE_HELPER_PATH, cpe_helper_backup_data)
 
 
+@pytest.mark.skip(reason="Vulnerability Detector was refactored. Some tests are deprecated.")
 @pytest.mark.tier(level=2)
 @pytest.mark.parametrize('configuration, metadata, agent_system, agent_packages',
                          zip(t1_configurations, t1_configuration_metadata, t1_systems, t1_agent_packages),
@@ -342,6 +343,7 @@ def test_cpe_indexing_wrong_tags(configuration, metadata, agent_system, agent_pa
                 raise AttributeError('Unexpected log')
 
 
+@pytest.mark.skip(reason="Vulnerability Detector was refactored. Some tests are deprecated.")
 @pytest.mark.tier(level=2)
 @pytest.mark.parametrize('configuration, metadata, agent_system, agent_packages',
                          zip(t2_configurations, t2_configuration_metadata, t2_systems, t2_agent_packages),
@@ -432,6 +434,7 @@ def test_cpe_indexing_wrong_values(configuration, metadata, agent_system, agent_
                 raise AttributeError('Unexpected log')
 
 
+@pytest.mark.skip(reason="Vulnerability Detector was refactored. Some tests are deprecated.")
 @pytest.mark.tier(level=2)
 @pytest.mark.parametrize('configuration, metadata, agent_system, agent_packages',
                          zip(t3_configurations, t3_configuration_metadata, t3_systems, t3_agent_packages),
@@ -521,6 +524,7 @@ def test_cpe_indexing_missing_field(configuration, metadata, agent_system, agent
         evm.check_error_inserting_package(agent_id=prepare_environment)
 
 
+@pytest.mark.skip(reason="Vulnerability Detector was refactored. Some tests are deprecated.")
 @pytest.mark.tier(level=1)
 @pytest.mark.parametrize('configuration, metadata, agent_system, agent_packages',
                          zip(t4_configurations, t4_configuration_metadata, t4_systems, t4_agent_packages),
@@ -601,6 +605,7 @@ def test_cpe_indexing_empty_fields(configuration, metadata, agent_system, agent_
                                               package=metadata['values']['PRODUCT_T_VALUE_0'], cve=package['cveid'])
 
 
+@pytest.mark.skip(reason="Vulnerability Detector was refactored. Some tests are deprecated.")
 @pytest.mark.tier(level=1)
 @pytest.mark.parametrize('configuration, metadata, agent_system, agent_packages',
                          zip(t5_configurations, t5_configuration_metadata, t5_systems, t5_agent_packages),