feat(providers): Wazuh Provider

[traceroute42]

Closes #2702

📑 Description

The PR is intended to be the first version of integration with Wazuh.
It integrates with usage of the Wazuh custom integrations feature

✅ Checks

• My pull request adheres to the code style of this project
• My code requires changes to the documentation
• I have updated the documentation as required
• All the tests have passed

[vercel]

@Motii1 is attempting to deploy a commit to the KeepHQ Team on Vercel.

A member of the Team first needs to authorize it.

[CLAassistant]

All committers have signed the CLA.

[talboren]

Looks great, awesome work!
@traceroute42 mind adding a screenshot of an alert that Keep received from Wazuh in the alerts feed? Cool stuff!

[talboren]

@traceroute42 can you also sign the CLA so we can further push that in?

[vercel]

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name	Status	Preview	Comments	Updated (UTC)
keep	✅ Ready (Inspect)	Visit Preview	💬 Add feedback	Feb 4, 2025 7:39am

[talboren]

NICE!

[codecov]

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 43.07%. Comparing base (e8cbcb3) to head (4ddd276).
Report is 5 commits behind head on main.

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #3065      +/-   ##
==========================================
+ Coverage   43.06%   43.07%   +0.01%     
==========================================
  Files         166      167       +1     
  Lines       16685    16741      +56     
==========================================
+ Hits         7186     7212      +26     
- Misses       9499     9529      +30     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[shahargl]

can you add some docker-compose.yml that spins up Wazuh with the custom-keep.py? so I can re-run it locally and check everything good?

[Matvey-Kuk]

I fixed it, let's merge

[Matvey-Kuk]

@Motii1 reached out to me that he would love to test this one more. Thank you!

[Motii1]

Looks great, awesome work! @traceroute42 mind adding a screenshot of an alert that Keep received from Wazuh in the alerts feed? Cool stuff!

No problem. I have generated some simple events:

[gitguardian]

⚠️ GitGuardian has uncovered 1 secret following the scan of your pull request.

Please consider investigating the findings and remediating the incidents. Failure to do so may lead to compromising the associated services or software components.

Since your pull request originates from a forked repository, GitGuardian is not able to associate the secrets uncovered with secret incidents on your GitGuardian dashboard.
Skipping this check run and merging your pull request will create secret incidents on your GitGuardian dashboard.

🔎 Detected hardcoded secret in your pull request

GitGuardian id	GitGuardian status	Secret	Commit	Filename
15359980	Triggered	Generic Private Key	db918c7	keep/providers/clickhouse_provider/clickhouse-secure/certs/server.key	View secret

🛠 Guidelines to remediate hardcoded secrets

1. Understand the implications of revoking this secret by investigating where it is used in your code.
2. Replace and store your secret safely. Learn here the best practices.
3. Revoke and rotate this secret.
4. If possible, rewrite git history. Rewriting git history is not a trivial act. You might completely break other contributing developers' workflow and you risk accidentally deleting legitimate data.

To avoid such incidents in the future consider

• following these best practices for managing and storing secrets including API keys and other credentials
• install secret detection on pre-commit to catch secret before it leaves your machine and ease remediation.

---

^{🦉 GitGuardian detects secrets in your source code to help developers and security teams secure the modern development process. You are seeing this because you or someone else with access to this repository has authorized GitGuardian to scan your pull request.}

[shahargl]

lgtm

[shahargl]

lgtm

[github-actions]

🏆 Fantastic work @traceroute42! Your very first PR to keep has been merged! 🎉🥳

You've just taken your first step into open-source, and we couldn't be happier to have you onboard. 🙌
If you're feeling adventurous, why not dive into another issue and keep contributing? The community would love to see more from you! 🚀

For any support, feel free to reach out on the community: https://slack.keephq.dev. Happy coding! 👩‍💻👨‍💻