<no title> — wazuh-api-kit 1.0.0 documentation

#searchbox, #searchdesc { display: none; } @media (max-width: 768px) { #navbar-toggle { display: none; } #cs-mobile-menu { display: block; } #cs-layout { margin-top: 12rem; } #cs-ext-links { margin-right: 2rem!important; } }

Provides the WazuhAgentSyscheckConfiguration which allows to parse the syscheck section of the Wazuh local configuration (ossec.conf).

class WazuhAgentSyscheckConfiguration(**kwargs)#

Bases: object

Object representation of an agent’s syscheck configuration section.

Wazuh reference: https://documentation.wazuh.com/current/user-manual/reference/ossec-conf/syscheck.html

alert_new_files: bool = True#

bool Indicates whether the file integrity monitoring alerts the creation of new files.

Type:: alert_new_files

allow_remote_prefilter_cmd: bool = False#: Indicates whether prefilter commands are applied or not.

database: str | None#

Location of the database.

Possible Values: [“disk”, “memory”]

diff: WazuhAgentSyscheckDiffConfiguration | None#: Diff configuration.

directories: list[WazuhAgentSyscheckDirectoryConfiguration] | None#: List of directories that are being monitored.

disabled: bool = False#: Indicates whether the syscheck scan ist disabled or not.

file_limit: WazuhAgentSyscheckFileLimitConfiguration | None#: File limitation configuration.

frequency: int | None#: Frequency in seconds in which the syscheck is being performed.

ignore: list[str]#: List of files and directories which are ignored.

ignore_sregex: list[str]#: List of regular expression patterns of files and directories which are ignored.

max_eps: int | None#: The maximum amount of events that may be generated per second.

max_files_per_second: int | None#: The maximum amount of files that may be scanned per second. A value equal to 0 indicates that no limitation is being applied.

nodiff: list[str]#: List of files that are ignored for diffs.

prefilter_cmd: str | None#: Command which is being executed bevor every file check.

process_priority: int | None#: The nice value of the Syscheck process.

registry_limit: WazuhAgentSyscheckRegistryLimitConfiguration | None#: Registry entry limitation configuration.

scan_day: str | None#: Day of the week on which the scan will be performed.

scan_on_start: bool = True#: Indicates whether the scan will be performed on agent start.

scan_time: str | None#: Time of the day (hh:mm) the scan will be triggered at.

skip_dev: bool = True#: Indicates whether /dev will be skipped or not.

skip_nfs: bool = True#: Indicates whether network mounted filesystems will be skipped or not.

skip_proc: bool = True#: Indicates whether /proc will be skipped or not.

skip_sys: bool = True#: Indicates whether /sys will be skipped or not.

synchronization: WazuhAgentSyscheckSynchronizationConfiguration | None#: Database synchronization configuration.

whodata: WazuhAgentSyscheckWhodataConfiguration | None#: Whodata configuration.

windows_audit_interval: str | None#: Frequency in seconds in which the Windows Audit Policies and SACLs of the whodata monitored directories are checked.

On this page