Wazuh mitre report setup pr devel 2.x

roles/debian/wazuh/tasks/main.yml

@@ -139,6 +139,10 @@
   ignore_errors: true
   changed_when: false
 
+- name: Set fact if wazuh-manager service exists
+  ansible.builtin.set_fact:
+    wazuh_manager_exists: "'wazuh-manager.service' in wazuh_service.stdout"
+
 - name: Deploy custom Wazuh local rules
   ansible.builtin.copy:
     src: custom_wazuh_rules.xml
@@ -149,7 +153,7 @@
   notify: restart wazuh-manager
   tags:
     - rules
-  when: "'wazuh-manager.service' in wazuh_service.stdout"
+  when: wazuh_manager_exists
 
 - name: Write the password to /var/ossec/etc/authd.pass
   ansible.builtin.copy:
@@ -158,16 +162,50 @@
     mode: '0640'
     owner: root
     group: wazuh
-  when: "'wazuh-manager.service' in wazuh_service.stdout or 'wazuh-agent.service' in wazuh_service.stdout"
+  when: wazuh_manager_exists or 'wazuh-agent.service' in wazuh_service.stdout"
 
-- name: Restart wazuh-manager to apply changes
+- name: Restart wazuh-manager to apply changes.
   ansible.builtin.systemd_service:
     name: wazuh-manager
     state: restarted
-  when: "'wazuh-manager.service' in wazuh_service.stdout"
+  when: wazuh_manager_exists
 
-- name: Restart wazuh-agent to apply changes
+- name: Restart wazuh-agent to apply changes.
   ansible.builtin.systemd_service:
     name: wazuh-agent
     state: restarted
   when: "'wazuh-agent.service' in wazuh_service.stdout"
+
+- name: Read filebeat.yml content (base64 encoded)
+  ansible.builtin.shell: |
+    set -o pipefail && awk -F'"' '/password:/ {print $2}' {{ wazuh.mitre_report.password_file }}
+  register: report_password
+  no_log: true
+  args:
+    executable: /bin/bash
+  when: wazuh_manager_exists
+
+- name: Set password fact
+  ansible.builtin.set_fact:
+    filebeat_password: "{{ report_password.stdout }}"
+  no_log: true
+  when: wazuh_manager_exists
+
+- name: Deploy the weekly report script
+  ansible.builtin.template:
+    src: generate_weekly_report.sh.j2
+    dest: /usr/local/bin/generate_weekly_report.sh
+    owner: root
+    group: root
+    mode: '0755'
+  when: wazuh_manager_exists
+
+- name: Ensure weekly report cron job is present
+  ansible.builtin.cron:
+    name: "Weekly OpenSearch report generation"
+    user: root
+    minute: 0
+    hour: 2
+    weekday: 1      # Monday
+    job: "/usr/local/bin/generate_weekly_report.sh >> /var/log/opensearch-reports.log 2>&1"
+  when: wazuh_manager_exists

roles/debian/wazuh/templates/generate_weekly_report.sh.j2

@@ -0,0 +1,46 @@
+#!/bin/bash
+
+# This script generates a PDF report from wazuh-dashboard visualization and emails it
+
+# Set variables
+REPORT_DATE=$(date +"%Y-%m-%d")
+REPORT_NAME="weekly-report-${REPORT_DATE}"
+LOG_FILE="/var/log/opensearch-reports.log"
+USERNAME= {{ wazuh.mitre_report.username }}
+PASSWORD= {{ filebeat_password }}
+
+# Function to log messages
+log_message() {
+    echo "$(date '+%Y-%m-%d %H:%M:%S') - $1" | tee -a "$LOG_FILE"
+}
+
+log_message "Starting weekly report generation"
+
+# Generate and send the report
+opensearch-reporting-cli \
+  -u "{{ wazuh.mitre_report.visualization_url }}" \
+  -a basic \
+  -c "$USERNAME:$PASSWORD" \
+  --selfsignedcerts true \
+  -f pdf \
+  -n "$REPORT_NAME" \
+  -e smtp \
+  -s "{{ wazuh.mitre_report.e-mail_from }}" \
+  -r "{{ wazuh.manager.wazuh_manager_mailto}}" \
+  --subject "Weekly OpenSearch Report - $(date '+%B %d, %Y')" \
+  --note "Hi,\n\nPlease find attached the weekly Wazuh Mitre report covering the last 7 days.\n\nReport generated on: $(date '+%Y-%m-%d %H:%M:%S')\n\nBest regards,\nAutomated Reporting System" \
+  --smtphost localhost \
+  --smtpport 25
+
+# Check if the command was successful
+if [ $? -eq 0 ]; then
+    log_message "Weekly report generated and sent successfully"
+else
+    log_message "ERROR: Failed to generate or send weekly report"
+    exit 1
+fi
+
+# Optional: Clean up old report files (keep last 2 weeks)
+find /tmp -name "weekly-report-*.pdf" -mtime +14 -delete 2>/dev/null
+
+log_message "Weekly report process completed"