Provides the WazuhApiClient class, which abstracts api calls and translates response json dictionaries to objects.

class WazuhApiClient(wazuh_api_connection: WazuhApiConnection)

Bases: object

Abstraction which allows to interact with the Wazuh API without the need to forge requests and parse responses. Tasks such as authentication and rate limiting are handled by the underlying WazuhApiConnection class.

active_response_run_command(command: WazuhActiveResponseCommand, agents_list: list[str] = None) → WazuhBulkResponse[str, str]

Run an Active Response command on all or a list of agents.

Parameters:

• command (WazuhActiveResponseCommand) – The command specification that will be executed on the agents.

• agents_list (list[str], optional) –

  List of agents the command will be executed on.

  Default: None (Command will be executed on all agents)

Returns:

Summary of agents on which the command has been triggered successfully (affected_items: list[agent_id: str]) and agents on which the execution of the command failed (failed_items: list[agent_id: str]).

Return type:

WazuhBulkResponse

agent_add(name: str, ip: str = None) → WazuhAgentCredentials

Registers a new Wazuh agent.

Parameters:

• name (str) – Name of the new Wazuh agent.

• ip (str, optional) –

  Optional IP address of the new Wazuh agent. Not providing the IP address will instruct the Wazuh manager/worker to fetch the missing information automatically.

  Default: None

Returns:

ID and key of the new registered Wazuh agent.

Return type:

WazuhAgentCredentials

agent_delete(agent_list: list[str], status: str = 'all', older_than: str = '0d', purge: bool = False) → WazuhBulkResponse[str, str]

Delete a single or multiple Wazuh agents.

Parameters:

• agent_list (list[str]) – List of the agent’s ids which will be deleted. Alternatively a list with only the keyword all may be used to select all agents.

• status (AgentStatus) –

  Acceptable status of agents for deletion. Accepted values: [“all”, “active”, “pending”, “never_connected”, “disconnected”]

  Default: “all”

• older_than (str, optional) –

  Minimum required age of the wazuh agent to be eligible for deletion.

  Default: 0d

• purge (bool, optional) –

  Delete the agent permanently.

  Default: False

Returns:

Summary of the deleted agents (affected_items: list[agent_id: str]) and agents which could not be deleted (failed_items: list[agent_id: str]).

Return type:

WazuhBulkResponse

agent_get_active_configuration_raw(agent_id: str, component: Literal['agent', 'agentless', 'analysis', 'auth', 'com', 'csyslog', 'integrator', 'logcollector', 'mail', 'monitor', 'request', 'syscheck', 'wazuh-db', 'wmodules'], configuration: Literal['client', 'buffer', 'labels', 'internal', 'anti_tampering', 'agentless', 'global', 'active_response', 'alerts', 'command', 'rules', 'decoders', 'auth', 'logging', 'reports', 'active-response', 'cluster', 'csyslog', 'integration', 'localfile', 'socket', 'remote', 'syscheck', 'rootcheck', 'wdb', 'wmodules', 'rule_test']) → dict[slice(<class 'str'>, <built-in function any>, None)]

Request the raw configuration of a wazuh agent for a specific component.

Parameters:

• agent_id (str) – The id of the agent whose configuration will be requested.

• component (WazuhAgentComponent) – The component the configuration will be requested for.

• configuration (WazuhAgentConfiguration) – The configuration section of the component that will be requested.

Raises:

WazuhApiError {http_status_code = 400} – The requested component configuration could not be fetched for the agent. This may indicate that the configuration is not present for the agent.

Returns:

dict[str – The raw configuration dictionary of the components configuration section.

Return type:

any]

agent_get_agent_anti_tampering_configuration(agent_id: str) → WazuhAgentAntiTamperingConfiguration

Request the anti_tampering configuration section of a wazuh agent’s local configuration.

Parameters:

agent_id (str) – The id of the agent whose configuration will be requested. The id may not be “000” (manager id).

Raises:

• ValueError – The agent_id argument must not be “000” (manager id).

• WazuhApiError {http_status_code = 400} – The requested agent:anti_tampering configuration could not be fetched for the agent. This may indicate that the configuration is not present for the agent.

Returns:

The anti_tampering configuration section of the wazuh agent’s local configuration.

[wazuh reference](https://documentation.wazuh.com/current/user-manual/reference/ossec-conf/anti-tampering.html)

Return type:

WazuhAgentAntiTamperingConfiguration

agent_get_agent_buffer_configuration(agent_id: str) → WazuhAgentBufferConfiguration

Request the client_buffer configuration section of a wazuh agent’s local configuration.

Parameters:

agent_id (str) – The id of the agent whose configuration will be requested. The id may not be “000” (manager id).

Raises:

• ValueError – The agent_id argument must not be “000” (manager id).

• WazuhApiError {http_status_code = 400} – The requested agent:buffer configuration could not be fetched for the agent. This may indicate that the configuration is not present for the agent.

Returns:

The client_buffer configuration section of the wazuh agent’s local configuration.

[wazuh reference](https://documentation.wazuh.com/current/user-manual/reference/ossec-conf/client-buffer.html)

Return type:

WazuhAgentBufferConfiguration

agent_get_agent_client_configuration(agent_id: str) → WazuhAgentClientConfiguration

Request the client configuration section of a wazuh agent’s local configuration.

Parameters:

agent_id (str) – The id of the agent whose configuration will be requested. The id may not be “000” (manager id).

Raises:

• ValueError – The agent_id argument must not be “000” (manager id).

• WazuhApiError {http_status_code = 400} – The requested agent:client configuration could not be fetched for the agent. This may indicate that the configuration is not present for the agent.

Returns:

The client configuration section of the wazuh agent’s local configuration.

[wazuh reference](https://documentation.wazuh.com/current/user-manual/reference/ossec-conf/client.html)

Return type:

WazuhAgentClientConfiguration

agent_get_agent_internal_configuration(agent_id: str) → WazuhInternalConfiguration

Request the internal configuration of a wazuh agent.

Parameters:

agent_id (str) – The id of the agent whose configuration will be requested. The id may not be “000” (manager id).

Raises:

• ValueError – The agent_id argument must not be “000” (manager id).

• WazuhApiError {http_status_code = 400} – The requested agent:internal configuration could not be fetched for the agent. This may indicate that the configuration is not present for the agent.

Returns:

The internal configuration of the wazuh agent.

[wazuh reference](https://documentation.wazuh.com/current/user-manual/reference/internal-options.html)

Return type:

WazuhInternalConfiguration

agent_get_agent_labels_configuration(agent_id: str) → WazuhAgentLabelsConfiguration

Request the labels configuration section of a wazuh agent’s local configuration.

Parameters:

agent_id (str) – The id of the agent whose configuration will be requested. The id may not be “000” (manager id).

Raises:

• ValueError – The agent_id argument must not be “000” (manager id).

• WazuhApiError {http_status_code = 400} – The requested agent:labels configuration could not be fetched for the agent. This may indicate that the configuration is not present for the agent.

Returns:

The labels configuration section of the wazuh agent’s local configuration.

[wazuh reference](https://documentation.wazuh.com/current/user-manual/reference/ossec-conf/labels.html)

Return type:

WazuhAgentLabelsConfiguration

agent_get_com_internal_configuration(agent_id: str) → WazuhInternalExecdConfiguration

Request the execd configuration section of a wazuh agent’s internal configuration.

Parameters:

agent_id (str) – The id of the agent whose configuration will be requested. The id may not be “000” (manager id).

Raises:

• ValueError – The agent_id argument must not be “000” (manager id).

• WazuhApiError {http_status_code = 400} – The requested com:internal configuration could not be fetched for the agent. This may indicate that the configuration is not present for the agent.

Returns:

The execd section of the wazuh agent’s internal configuration.

[wazuh reference](https://documentation.wazuh.com/current/user-manual/reference/internal-options.html#execd)

Return type:

WazuhInternalExecdConfiguration

agent_get_com_logging_configuration(agent_id: str) → WazuhAgentLoggingConfiguration

Request the logging configuration section of a wazuh agent’s local configuration.

Parameters:

agent_id (str) – The id of the agent whose configuration will be requested. The id may not be “000” (manager id).

Raises:

• ValueError – The agent_id argument must not be “000” (manager id).

• WazuhApiError {http_status_code = 400} – The requested com:logging configuration could not be fetched for the agent. This may indicate that the configuration is not present for the agent.

Returns:

The logging configuration section of the wazuh agent’s local configuration.

[wazuh reference](https://documentation.wazuh.com/current/user-manual/reference/ossec-conf/logging.html)

Return type:

WazuhAgentLoggingConfiguration

agent_get_logcollector_internal_configuration(agent_id: str) → WazuhInternalLogcollectorConfiguration

Request the logcollector configuration section of a wazuh agent’s internal configuration.

Parameters:

agent_id (str) – The id of the agent whose configuration will be requested. The id may not be “000” (manager id).

Raises:

• ValueError – The agent_id argument must not be “000” (manager id).

• WazuhApiError {http_status_code = 400} – The requested logcollector:internal configuration could not be fetched for the agent. This may indicate that the configuration is not present for the agent.

Returns:

The logcollector section of the wazuh agent’s internal configuration.

[wazuh reference](https://documentation.wazuh.com/current/user-manual/reference/internal-options.html#logcollector)

Return type:

WazuhInternalLogcollectorConfiguration

agent_get_logcollector_localfile_configuration(agent_id: str) → list[WazuhAgentLocalfileConfiguration]

Request the localfile configuration section of a wazuh agent’s local configuration.

WARNING! Use with caution. Wazuh does not escape the command and query.value fields which may raise a JSONDecodeError

Parameters:

agent_id (str) – The id of the agent whose configuration will be requested. The id may not be “000” (manager id).

Raises:

• ValueError – The agent_id argument must not be “000” (manager id).

• WazuhApiError {http_status_code = 400} – The requested logcollector:localfile configuration could not be fetched for the agent. This may indicate that the configuration is not present for the agent.

Returns:

• WazuhAgentLocalfileConfiguration – The localfile configuration section of the wazuh agent’s local configuration.

  [wazuh reference](https://documentation.wazuh.com/current/user-manual/reference/ossec-conf/localfile.html)

• JSONDecodeError – The wazuh API responded with malformed json.

agent_get_logcollector_socket_configuration(agent_id: str) → list[WazuhAgentSocketConfiguration]

Request the socket configuration section of a wazuh agent’s local configuration.

Parameters:

agent_id (str) – The id of the agent whose configuration will be requested. The id may not be “000” (manager id).

Raises:

• ValueError – The agent_id argument must not be “000” (manager id).

• WazuhApiError {http_status_code = 400} – The requested logcollector:socket configuration could not be fetched for the agent. This may indicate that the configuration is not present for the agent.

Returns:

The socket configuration section of the wazuh agent’s local configuration.

[wazuh reference](https://documentation.wazuh.com/current/user-manual/reference/ossec-conf/socket.html)

Return type:

WazuhAgentSocketConfiguration

agent_get_syscheck_configuration(agent_id: str) → WazuhAgentSyscheckConfiguration

Request the syscheck configuration section of a wazuh agent’s local configuration.

Parameters:

agent_id (str) – The id of the agent whose configuration will be requested. The id may not be “000” (manager id).

Raises:

• ValueError – The agent_id argument must not be “000” (manager id).

• WazuhApiError {http_status_code = 400} – The requested syscheck:syscheck configuration could not be fetched for the agent. This may indicate that the configuration is not present for the agent.

Returns:

The syscheck configuration section of the wazuh agent’s local configuration.

[wazuh reference](https://documentation.wazuh.com/current/user-manual/reference/ossec-conf/syscheck.html)

Return type:

WazuhAgentSyscheckConfiguration

agent_get_syscheck_internal_configuration(agent_id: str) → WazuhInternalSyscheckConfiguration

Request the syscheck configuration section of a wazuh agent’s internal configuration.

Parameters:

agent_id (str) – The id of the agent whose configuration will be requested. The id may not be “000” (manager id).

Raises:

• ValueError – The agent_id argument must not be “000” (manager id).

• WazuhApiError {http_status_code = 400} – The requested syscheck:internal configuration could not be fetched for the agent. This may indicate that the configuration is not present for the agent.

Returns:

The syscheck section of the wazuh agent’s internal configuration.

[wazuh reference](https://documentation.wazuh.com/current/user-manual/reference/internal-options.html#syscheck)

Return type:

WazuhInternalSyscheckConfiguration

agent_get_syscheck_rootcheck_configuration(agent_id: str) → WazuhAgentRootcheckConfiguration

Request the rootcheck configuration section of a wazuh agent’s local configuration.

Parameters:

agent_id (str) – The id of the agent whose configuration will be requested. The id may not be “000” (manager id).

Raises:

• ValueError – The agent_id argument must not be “000” (manager id).

• WazuhApiError {http_status_code = 400} – The requested syscheck:rootcheck configuration could not be fetched for the agent. This may indicate that the configuration is not present for the agent.

Returns:

The rootcheck configuration section of the wazuh agent’s local configuration.

[wazuh reference](https://documentation.wazuh.com/current/user-manual/reference/ossec-conf/rootcheck.html)

Return type:

WazuhAgentRootcheckConfiguration

agent_get_wmodules_configuration(agent_id: str) → WazuhAgentModules

Request the configuration of the wmodules of a wazuh agent.

Parameters:

agent_id (str) – The id of the agent whose configuration will be requested. The id may not be “000” (manager id).

Raises:

• ValueError – The agent_id argument must not be “000” (manager id).

• WazuhApiError {http_status_code = 400} – The requested wmodules:wmodules configuration could not be fetched for the agent. This may indicate that the configuration is not present for the agent.

Returns:

The configuration of the various wmodules of the wazuh agent

Return type:

WazuhAgentModules

agents_list(page_size: int = 500, agent_list: list[str] | None = None, status: Literal['active', 'pending', 'never_connected', 'disconnected'] | None = None) → Iterable[WazuhAgent]

List all or a subset of agents.

Parameters:

• page_size (int, optional) –

  Limits the amount of Wazuh agents that will be responded with each request.

  Default: 500

• agent_list (list[str], optional) –

  Optional agent id filter which ensures that the response only contains agents whose identifier is a member of the list.

  Default: None

• status (AgentStatus, optional) –

  Optional agent status filter. Accepted values: [“active”, “pending”, “never_connected”, “disconnected”]

  Default: None

api_info_get() → WazuhApiInfo

Fetches Wazuh API information.

Returns:

The requested Wazuh API information object.

Return type:

WazuhApiInfo

Raises:

• WazuhApiError – Exception which contains the error response’s details.

• HTTPError – Non Wazuh API related exception.

On this page