From b90f299441d05732bd1e2f9881cd236af1399246 Mon Sep 17 00:00:00 2001 From: MaxBish Date: Wed, 27 May 2026 13:23:46 -0700 Subject: [PATCH 01/19] Add Wazuh inbound custom integration --- README.md | 1 + docs/integrations.json | 210 +++++----- wazuh/README.md | 45 +++ wazuh/config.json | 1 + wazuh/custom-integration-wazuh.star | 573 ++++++++++++++++++++++++++++ 5 files changed, 728 insertions(+), 102 deletions(-) create mode 100644 wazuh/README.md create mode 100644 wazuh/config.json create mode 100644 wazuh/custom-integration-wazuh.star diff --git a/README.md b/README.md index 078e56e..d4c0394 100644 --- a/README.md +++ b/README.md @@ -52,6 +52,7 @@ If you need help setting up a custom integration, you can create an [issue](http - [Tailscale](https://github.com/runZeroInc/runzero-custom-integrations/blob/main/tailscale/) - [Tanium](https://github.com/runZeroInc/runzero-custom-integrations/blob/main/tanium/) - [Ubiquiti Unifi Network](https://github.com/runZeroInc/runzero-custom-integrations/blob/main/ubiquiti-unifi-network/) +- [Wazuh](https://github.com/runZeroInc/runzero-custom-integrations/blob/main/wazuh/) ## Export from runZero - [Audit Log to Webhook](https://github.com/runZeroInc/runzero-custom-integrations/blob/main/audit-events-to-webhook/) - [Sumo Logic](https://github.com/runZeroInc/runzero-custom-integrations/blob/main/sumo-logic/) diff --git a/docs/integrations.json b/docs/integrations.json index 64d1dc4..215d3f7 100644 --- a/docs/integrations.json +++ b/docs/integrations.json @@ -1,36 +1,48 @@ { - "lastUpdated": "2026-05-21T17:58:30.540507Z", - "totalIntegrations": 37, + "lastUpdated": "2026-05-27T20:23:16.506605Z", + "totalIntegrations": 38, "integrationDetails": [ { - "name": "Moysle", + "name": "Tanium", "type": "inbound", - "readme": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/moysle/README.md", - "integration": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/moysle/custom-integration-moysle.star" + "readme": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/tanium/README.md", + "integration": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/tanium/custom-integration-tanium.star" }, { - "name": "Automox", + "name": "Scan Passive Assets", + "type": "internal", + "readme": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/scan-passive-assets/README.md", + "integration": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/scan-passive-assets/custom-integration-scan-passive-assets.star" + }, + { + "name": "Snipe-IT", "type": "inbound", - "readme": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/automox/README.md", - "integration": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/automox/custom-integration-automox.star" + "readme": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/snipe-it/README.md", + "integration": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/snipe-it/snipeit.star" }, { - "name": "Netskope", + "name": "runZero Task Sync", "type": "inbound", - "readme": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/netskope/README.md", - "integration": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/netskope/custom-integration-netskope.star" + "readme": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/task-sync/README.md", + "integration": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/task-sync/custom-integration-task-sync.star" }, { - "name": "Device42", + "name": "Nexthink", "type": "inbound", - "readme": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/device42/README.md", - "integration": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/device42/custom-integration-device42.star" + "readme": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/nexthink/README.md", + "integration": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/nexthink/custom-integration-nexthink.star" }, { - "name": "Ghost Security", + "name": "Cisco-ISE", "type": "inbound", - "readme": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/ghost/README.md", - "integration": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/ghost/custom-integration-ghost.star" + "readme": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/cisco-ise/README.md", + "integration": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/cisco-ise/custom_integration_cisco-ise.star" + }, + { + "name": "Scale Computing", + "type": "inbound", + "readme": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/scale-computing/README.md", + "integration": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/scale-computing/custom-integration-scale-computing.star" }, { "name": "Cortex XDR", @@ -39,22 +51,28 @@ "integration": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/cortex-xdr/custom-integration-cortex-xdr.star" }, { - "name": "Bitsight", + "name": "Drata", "type": "inbound", - "readme": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/bitsight/README.md", - "integration": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/bitsight/custom-integration-bitsight.star" + "readme": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/drata/README.md", + "integration": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/drata/custom-integration-drata.star" }, { - "name": "Carbon Black", + "name": "Akamai Guardicore Centra", "type": "inbound", - "readme": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/carbon-black/README.md", - "integration": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/carbon-black/custom-integration-carbon-black.star" + "readme": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/akamai-guardicore-centra/README.md", + "integration": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/akamai-guardicore-centra/custom-integration-centra-v4-api.star" }, { - "name": "Snipe-IT", + "name": "Extreme Networks CloudIQ", "type": "inbound", - "readme": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/snipe-it/README.md", - "integration": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/snipe-it/snipeit.star" + "readme": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/extreme-cloud-iq/README.md", + "integration": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/extreme-cloud-iq/custom-integrations-extreme-cloud-iq.star" + }, + { + "name": "Proxmox", + "type": "inbound", + "readme": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/proxmox/README.md", + "integration": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/proxmox/custom-integration-proxmox.star" }, { "name": "Vunerability Workflow", @@ -63,34 +81,28 @@ "integration": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/vulnerability-workflow/custom-integration-vulnerability-workflow.star" }, { - "name": "Tanium", - "type": "inbound", - "readme": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/tanium/README.md", - "integration": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/tanium/custom-integration-tanium.star" - }, - { - "name": "Digital Ocean", + "name": "JAMF", "type": "inbound", - "readme": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/digital-ocean/README.md", - "integration": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/digital-ocean/custom-integration-digital-ocean.star" + "readme": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/jamf/README.md", + "integration": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/jamf/custom-integration-jamf.star" }, { - "name": "Ubiquiti Unifi Network", - "type": "inbound", - "readme": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/ubiquiti-unifi-network/README.md", - "integration": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/ubiquiti-unifi-network/custom-integration-ubiquiti-unifi-network.star" + "name": "Audit Log to Webhook", + "type": "outbound", + "readme": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/audit-events-to-webhook/README.md", + "integration": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/audit-events-to-webhook/custom-integration-audit-events.star" }, { - "name": "JAMF", + "name": "Stairwell", "type": "inbound", - "readme": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/jamf/README.md", - "integration": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/jamf/custom-integration-jamf.star" + "readme": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/stairwell/README.md", + "integration": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/stairwell/custom-integration-stairwell.star" }, { - "name": "Proxmox", + "name": "Manage Engine Endpoint Central", "type": "inbound", - "readme": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/proxmox/README.md", - "integration": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/proxmox/custom-integration-proxmox.star" + "readme": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/manage-engine-endpoint-central/README.md", + "integration": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/manage-engine-endpoint-central/custom-integration-endpoint-central.star" }, { "name": "Cyberint", @@ -105,40 +117,40 @@ "integration": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/lima-charlie/custom-integration-lima-charlie.star" }, { - "name": "Nexthink", + "name": "Automox", "type": "inbound", - "readme": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/nexthink/README.md", - "integration": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/nexthink/custom-integration-nexthink.star" + "readme": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/automox/README.md", + "integration": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/automox/custom-integration-automox.star" }, { - "name": "Kandji", + "name": "Device42", "type": "inbound", - "readme": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/kandji/README.md", - "integration": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/kandji/custom-integration-kandji.star" + "readme": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/device42/README.md", + "integration": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/device42/custom-integration-device42.star" }, { - "name": "Ivanti Neurons", + "name": "Ubiquiti Unifi Network", "type": "inbound", - "readme": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/ivanti_neurons/README.md", - "integration": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/ivanti_neurons/custom-integration-neurons.star" + "readme": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/ubiquiti-unifi-network/README.md", + "integration": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/ubiquiti-unifi-network/custom-integration-ubiquiti-unifi-network.star" }, { - "name": "Scale Computing", + "name": "Ghost Security", "type": "inbound", - "readme": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/scale-computing/README.md", - "integration": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/scale-computing/custom-integration-scale-computing.star" + "readme": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/ghost/README.md", + "integration": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/ghost/custom-integration-ghost.star" }, { - "name": "Extreme Networks CloudIQ", + "name": "Carbon Black", "type": "inbound", - "readme": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/extreme-cloud-iq/README.md", - "integration": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/extreme-cloud-iq/custom-integrations-extreme-cloud-iq.star" + "readme": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/carbon-black/README.md", + "integration": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/carbon-black/custom-integration-carbon-black.star" }, { - "name": "Drata", + "name": "pfSense", "type": "inbound", - "readme": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/drata/README.md", - "integration": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/drata/custom-integration-drata.star" + "readme": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/pfsense/README.md", + "integration": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/pfsense/custom-integration-pfsense.star" }, { "name": "Snow License Manager", @@ -147,40 +159,28 @@ "integration": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/snow-license-manager/custom-integration-snow.star" }, { - "name": "Stairwell", - "type": "inbound", - "readme": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/stairwell/README.md", - "integration": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/stairwell/custom-integration-stairwell.star" - }, - { - "name": "Akamai Guardicore Centra", + "name": "Tailscale", "type": "inbound", - "readme": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/akamai-guardicore-centra/README.md", - "integration": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/akamai-guardicore-centra/custom-integration-centra-v4-api.star" + "readme": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/tailscale/README.md", + "integration": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/tailscale/custom-integration-tailscale.star" }, { - "name": "Solarwinds Information Service", + "name": "Ivanti Neurons", "type": "inbound", - "readme": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/solarwinds-information-service/README.md", - "integration": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/solarwinds-information-service/custom-integration-swis.star" - }, - { - "name": "Scan Passive Assets", - "type": "internal", - "readme": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/scan-passive-assets/README.md", - "integration": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/scan-passive-assets/custom-integration-scan-passive-assets.star" + "readme": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/ivanti_neurons/README.md", + "integration": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/ivanti_neurons/custom-integration-neurons.star" }, { - "name": "pfSense", + "name": "Kandji", "type": "inbound", - "readme": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/pfsense/README.md", - "integration": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/pfsense/custom-integration-pfsense.star" + "readme": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/kandji/README.md", + "integration": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/kandji/custom-integration-kandji.star" }, { - "name": "Cisco-ISE", + "name": "Digital Ocean", "type": "inbound", - "readme": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/cisco-ise/README.md", - "integration": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/cisco-ise/custom_integration_cisco-ise.star" + "readme": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/digital-ocean/README.md", + "integration": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/digital-ocean/custom-integration-digital-ocean.star" }, { "name": "Sumo Logic", @@ -189,22 +189,16 @@ "integration": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/sumo-logic/custom-integration-sumo.star" }, { - "name": "Manage Engine Endpoint Central", + "name": "Bitsight", "type": "inbound", - "readme": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/manage-engine-endpoint-central/README.md", - "integration": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/manage-engine-endpoint-central/custom-integration-endpoint-central.star" + "readme": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/bitsight/README.md", + "integration": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/bitsight/custom-integration-bitsight.star" }, { - "name": "Tailscale", + "name": "Wazuh", "type": "inbound", - "readme": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/tailscale/README.md", - "integration": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/tailscale/custom-integration-tailscale.star" - }, - { - "name": "Audit Log to Webhook", - "type": "outbound", - "readme": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/audit-events-to-webhook/README.md", - "integration": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/audit-events-to-webhook/custom-integration-audit-events.star" + "readme": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/wazuh/README.md", + "integration": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/wazuh/custom-integration-wazuh.star" }, { "name": "Halycon", @@ -213,16 +207,28 @@ "integration": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/halycon/custom-integration-halycon.star" }, { - "name": "runZero Task Sync", + "name": "Moysle", "type": "inbound", - "readme": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/task-sync/README.md", - "integration": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/task-sync/custom-integration-task-sync.star" + "readme": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/moysle/README.md", + "integration": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/moysle/custom-integration-moysle.star" }, { "name": "NinjaOne", "type": "inbound", "readme": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/ninjaone/README.md", "integration": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/ninjaone/custom-integration-ninjaone.star" + }, + { + "name": "Netskope", + "type": "inbound", + "readme": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/netskope/README.md", + "integration": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/netskope/custom-integration-netskope.star" + }, + { + "name": "Solarwinds Information Service", + "type": "inbound", + "readme": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/solarwinds-information-service/README.md", + "integration": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/solarwinds-information-service/custom-integration-swis.star" } ] } \ No newline at end of file diff --git a/wazuh/README.md b/wazuh/README.md new file mode 100644 index 0000000..6feb36a --- /dev/null +++ b/wazuh/README.md @@ -0,0 +1,45 @@ +# Custom Integration: Wazuh + +## runZero requirements + +- Superuser access to the [Custom Integrations configuration](https://console.runzero.com/custom-integrations) in runZero. + +## Wazuh requirements + +- Wazuh API endpoint reachable on port 55000 (for example: https://wazuh-manager.example.com:55000). +- Wazuh API user credentials with permission to authenticate and read agent/syscollector data. + +## Steps + +### Wazuh configuration + +1. Confirm API access to your Wazuh manager endpoint over HTTPS on port 55000. +2. Create or identify an API user with access to authentication, agents, and syscollector endpoints. +3. Validate the credentials by testing an API login to /security/user/authenticate. + +### runZero configuration + +1. (OPTIONAL) - Make any necessary changes to the script to align with your environment. + - Modify API calls as needed to filter inventory data. + - Modify datapoints uploaded to runZero as needed. +2. [Create the Credential for the Custom Integration](https://console.runzero.com/credentials). + - Select the type `Custom Integration Script Secrets`. + - Set `access_key` to your Wazuh hostname or IP (do not include protocol or port). + - Set `access_secret` to `username::password`. +3. [Create the Custom Integration](https://console.runzero.com/custom-integrations/new). + - Add a Name and Icon for the integration (for example: wazuh). + - Toggle `Enable custom integration script` to input the finalized script. + - Click `Validate` to ensure it has valid syntax. + - Click `Save` to create the Custom Integration. +4. [Create the Custom Integration task](https://console.runzero.com/ingest/custom/). + - Select the Credential and Custom Integration created in steps 2 and 3. + - Update the task schedule to recur at the desired timeframes. + - Select the Explorer you would like the Custom Integration to run from. + - Click `Save` to kick off the first task. + +### What's next? + +- You will see the task kick off on the [tasks](https://console.runzero.com/tasks) page like any other integration. +- The task will update existing assets with the data pulled from the custom integration source. +- The task will create new assets when there are no existing assets that meet merge criteria (hostname, MAC, etc). +- You can search for assets enriched by this custom integration with the runZero search `custom_integration:wazuh`. diff --git a/wazuh/config.json b/wazuh/config.json new file mode 100644 index 0000000..2e5db23 --- /dev/null +++ b/wazuh/config.json @@ -0,0 +1 @@ +{ "name": "Wazuh", "type": "inbound" } diff --git a/wazuh/custom-integration-wazuh.star b/wazuh/custom-integration-wazuh.star new file mode 100644 index 0000000..b641248 --- /dev/null +++ b/wazuh/custom-integration-wazuh.star @@ -0,0 +1,573 @@ +load('runzero.types', 'ImportAsset', 'NetworkInterface', 'Software') +load('json', json_decode='decode') +load('net', 'ip_address') +load('http', http_post='post', http_get='get') +load('uuid', 'new_uuid') +load('base64', base64_encode='encode') +load('time', 'parse_time') + +# --- Existing functions (no changes) --- + +def authenticate_wazuh(host, username, password): + """ + Authenticate with Wazuh API and retrieve JWT token. + + Args: + host: Wazuh host URL (e.g., https://wazuh-manager:55000) + username: Wazuh username + password: Wazuh password + + Returns: + JWT token string or None if authentication fails + """ + auth_url = "{}/security/user/authenticate".format(host) + + # Create basic auth header + credentials = "{}:{}".format(username, password) + auth_header = "Basic {}".format(base64_encode(credentials)) + + headers = { + 'Authorization': auth_header, + 'Content-Type': 'application/json' + } + + response = http_post(auth_url, headers=headers, insecure_skip_verify=True, timeout=600) + + if response.status_code != 200: + print("Wazuh authentication failed. Status:", response.status_code) + return None + + auth_data = json_decode(response.body) + + if auth_data.get('error', 1) != 0: + print("Wazuh API error:", auth_data.get('message', 'Unknown error')) + return None + + token = auth_data.get('data', {}).get('token', "") + if not token: + print("No token received from Wazuh API") + return None + + print("Successfully authenticated with Wazuh API") + return token + +def get_wazuh_agents(host, token): + """ + Retrieve up to 10000 agents from Wazuh using pagination. + + Args: + host: Wazuh host URL + token: JWT authentication token + + Returns: + List of agent dictionaries (limited to 10000) + """ + agents_url = "{}/agents".format(host) + headers = { + 'Authorization': 'Bearer {}'.format(token), + 'Content-Type': 'application/json' + } + + all_agents = [] + offset = 0 + hasNextPage = True + limit = 500 # Maximum items per request + + while hasNextPage: + + params = { + 'offset': offset, + 'limit': limit + } + + response = http_get(agents_url, headers=headers, params=params, insecure_skip_verify=True, timeout=600) + + if response.status_code != 200: + print("Failed to fetch agents from Wazuh. Status:", response.status_code) + hasNextPage = False + + response_data = json_decode(response.body) + + if response_data.get('error', 1) != 0: + print("Wazuh API error:", response_data.get('message', 'Unknown error')) + hasNextPage = False + + agents_batch = response_data.get('data', {}).get('affected_items', []) + + if not agents_batch: + hasNextPage = False # No more agents to fetch + + all_agents.extend(agents_batch) + + offset += limit + + print("Retrieved {} agents from Wazuh".format(len(all_agents))) + return all_agents + +# NEW FUNCTION: get network interfaces with MAC addresses +def get_agent_network_interfaces(host, token, agent_id): + """ + Retrieve network interfaces for a specific agent. + + Args: + host: Wazuh host URL + token: JWT authentication token + agent_id: The ID of the agent + + Returns: + Tuple of (list of network interface dictionaries, status_code) + Returns ([], status_code) if fails + """ + netiface_url = "{}/syscollector/{}/netiface".format(host, agent_id) + headers = { + 'Authorization': 'Bearer {}'.format(token), + 'Content-Type': 'application/json' + } + + response = http_get(netiface_url, headers=headers, insecure_skip_verify=True, timeout=600) + + if response.status_code != 200: + if response.status_code != 401: # Don't print for 401, we'll handle that + print("Failed to fetch network interfaces for agent {}. Status: {}".format(agent_id, response.status_code)) + return [], response.status_code + + response_data = json_decode(response.body) + + if response_data.get('error', 1) != 0: + print("Wazuh API error for agent {}: {}".format(agent_id, response_data.get('message', 'Unknown error'))) + return [], response.status_code + + return response_data.get('data', {}).get('affected_items', []), response.status_code + + +# NEW FUNCTION: get network addresses (IPs) for interfaces +def get_agent_network_addresses(host, token, agent_id): + """ + Retrieve network addresses (IP addresses) for a specific agent. + + Args: + host: Wazuh host URL + token: JWT authentication token + agent_id: The ID of the agent + + Returns: + Tuple of (list of network address dictionaries, status_code) + Returns ([], status_code) if fails + """ + netaddr_url = "{}/syscollector/{}/netaddr".format(host, agent_id) + headers = { + 'Authorization': 'Bearer {}'.format(token), + 'Content-Type': 'application/json' + } + + response = http_get(netaddr_url, headers=headers, insecure_skip_verify=True, timeout=600) + + if response.status_code != 200: + if response.status_code != 401: # Don't print for 401, we'll handle that + print("Failed to fetch network addresses for agent {}. Status: {}".format(agent_id, response.status_code)) + return [], response.status_code + + response_data = json_decode(response.body) + + if response_data.get('error', 1) != 0: + print("Wazuh API error for agent {}: {}".format(agent_id, response_data.get('message', 'Unknown error'))) + return [], response.status_code + + return response_data.get('data', {}).get('affected_items', []), response.status_code + + +# --- NEW: Helper function to validate MAC addresses --- +def is_valid_mac(mac_address): + """ + Checks if a MAC address is not a known invalid value. + """ + if not mac_address: + return False + # List of known invalid MAC addresses + invalid_macs = ["00:00:00:00:00:00", "ee:ee:ee:ee:ee:ee"] + return mac_address.lower() not in invalid_macs + + +def is_kubernetes_interface(iface_name): + """ + Checks if an interface name belongs to Kubernetes networking. + These interfaces should be excluded as they contain virtual IPs + for pods/services, not the actual host addresses. + + Args: + iface_name: The name of the network interface + + Returns: + True if the interface is a Kubernetes-related interface, False otherwise + """ + if not iface_name: + return False + + iface_lower = iface_name.lower() + + # Kubernetes IPVS interface - contains all service virtual IPs + if iface_lower == "kube-ipvs0": + return True + + # Kubernetes local DNS interface + if iface_lower == "nodelocaldns": + return True + + # Calico CNI interfaces (container networking) + # These start with "cali" followed by a hash + if iface_lower.startswith("cali"): + return True + + # Calico VXLAN overlay interface + if iface_lower.startswith("vxlan.calico"): + return True + + # Flannel CNI interfaces + if iface_lower.startswith("flannel"): + return True + if iface_lower == "cni0": + return True + + # Docker bridge interface + if iface_lower == "docker0": + return True + + # Kubernetes bridge interfaces + if iface_lower.startswith("cbr"): + return True + + # Cilium CNI interfaces + if iface_lower.startswith("cilium"): + return True + if iface_lower.startswith("lxc"): + return True + + # Weave CNI interfaces + if iface_lower.startswith("weave"): + return True + if iface_lower.startswith("vethwe"): + return True + + # Generic veth interfaces (container virtual ethernet) + if iface_lower.startswith("veth"): + return True + + # Kubernetes dummy interfaces + if iface_lower.startswith("kube-"): + return True + + # IPVS-related interfaces + if iface_lower.startswith("ipvs"): + return True + + return False + + +def build_network_interface(network_interfaces_data, network_addresses_data, primary_ip_str): + """ + Create a list of NetworkInterface objects from Wazuh network interface data. + + Args: + network_interfaces_data: List of network interface dictionaries from Wazuh API (netiface endpoint). + network_addresses_data: List of network address dictionaries from Wazuh API (netaddr endpoint). + primary_ip_str: The primary IP address from the main agent data, as fallback. + + Returns: + List of NetworkInterface objects + """ + interfaces = [] + + # Build a mapping of interface name to IP addresses + # Skip Kubernetes-related interfaces to avoid adding virtual IPs + iface_to_ips = {} + for addr_data in network_addresses_data: + iface_name = addr_data.get('iface', '') + ip_addr_str = addr_data.get('address', '') + + # Skip Kubernetes interfaces (kube-ipvs0, cali*, nodelocaldns, etc.) + if is_kubernetes_interface(iface_name): + continue + + if iface_name and ip_addr_str: + if iface_name not in iface_to_ips: + iface_to_ips[iface_name] = [] + iface_to_ips[iface_name].append(ip_addr_str) + + # Process interfaces from syscollector data + for interface_data in network_interfaces_data: + iface_name = interface_data.get('name', '') + + # Skip Kubernetes interfaces (kube-ipvs0, cali*, nodelocaldns, etc.) + if is_kubernetes_interface(iface_name): + continue + + mac_address_string = interface_data.get('mac', "") + + # Split by space to handle multiple MACs + macs = mac_address_string.split() + + for mac_address in macs: + # Filter out invalid MAC addresses + if is_valid_mac(mac_address): + ip4s = [] + ip6s = [] + + # Get IPs for this interface from netaddr data + ip_addresses = iface_to_ips.get(iface_name, []) + + # If no IPs found for this interface, use primary IP as fallback + if not ip_addresses and primary_ip_str: + ip_addresses = [primary_ip_str] + + # Parse and categorize IPs + for ip_addr_str in ip_addresses: + if ip_addr_str: + ip_addr = ip_address(ip_addr_str) + if ip_addr.version == 4: + ip4s.append(ip_addr) + elif ip_addr.version == 6: + ip6s.append(ip_addr) + + interfaces.append(NetworkInterface( + macAddress=mac_address, + ipv4Addresses=ip4s, + ipv6Addresses=ip6s + )) + + return interfaces + +def extract_environment_from_node_name(node_name): + """ + Extract environment from node name. + Takes the 3rd element from the end when split by '-'. + + Examples: + 'wazuh3-worker-prod-sc2-03' -> 'prod' + 'wazuh3-worker-pp-rs-01' -> 'pp' + 'wazuh3-manager-pp-rs-01' -> 'pp' + + Args: + node_name: The Wazuh node name string + + Returns: + Environment string or empty string if not found + """ + if not node_name: + return "" + + parts = node_name.split('-') + + # Environment is the 3rd element from the end + if len(parts) >= 3: + return parts[-3] + + return "" + +def parse_os_info(os_data): + """ + Parse Wazuh OS information into standardized format. + """ + if not os_data: + return "Unknown", "Unknown" + + os_name = os_data.get('name', "") + os_platform = os_data.get('platform', "") + os_version = os_data.get('version', "") + + # Combine name and platform for better identification + if os_platform and os_platform.lower() != os_name.lower(): + full_os_name = "{} ({})".format(os_name, os_platform) + else: + full_os_name = os_name + + return full_os_name, os_version + +# REVISED FUNCTION: build_assets to use the new network interface data +def build_assets(agents, agent_net_interfaces, agent_net_addresses): + """ + Convert Wazuh agent data into RunZero ImportAsset objects. + + Args: + agents: List of agent dictionaries from Wazuh API + agent_net_interfaces: A dictionary mapping agent ID to a list of its network interfaces. + agent_net_addresses: A dictionary mapping agent ID to a list of its network addresses. + + Returns: + List of ImportAsset objects + """ + assets = [] + + for agent in agents: + print(agent) + agent_id = agent.get('id', "") + agent_name = agent.get('name', "") + node_name = agent.get('node_name', '') + + # Get the primary IP from the main agent data + agent_ip = agent.get('ip', "") + agent_status = agent.get('status', "") + + # Parse OS information + os_data = agent.get('os', {}) + os_name, os_version = parse_os_info(os_data) + + # Build network interface from the detailed network data + net_interfaces_data = agent_net_interfaces.get(agent_id, []) + net_addresses_data = agent_net_addresses.get(agent_id, []) + network_interfaces = build_network_interface(net_interfaces_data, net_addresses_data, agent_ip) + + # Parse timestamps + first_seen_ts = agent.get('dateAdd', '') + last_seen_ts = agent.get('lastKeepAlive', '') + + # Build hostnames list with length validation + hostnames = [] + if agent_name and agent_name != 'unknown-agent': + hostname = agent_name + if hostname: + hostnames.append(hostname) + + # Prepare custom attributes with all available Wazuh data + custom_attrs = { + 'wazuh_agent_id': str(agent_id), + 'wazuh_agent_status': agent_status, + 'wazuh_agent_version': agent.get('version', ''), + 'wazuh_agent_manager': agent.get('manager', ''), + 'wazuh_node_name': node_name, + 'wazuh_date_add': agent.get('dateAdd', ''), + 'wazuh_last_keep_alive': agent.get('lastKeepAlive', ''), + 'wazuh_group_config_status': agent.get('group_config_status', ''), + 'wazuh_groups': str(agent.get('group', [])), + 'wazuh_merged_sum': agent.get('mergedSum', ''), + 'wazuh_config_sum': agent.get('configSum', ''), + } + + if first_seen_ts: + custom_attrs['first_seen_timestamp'] = first_seen_ts + if last_seen_ts: + custom_attrs['last_seen_timestamp'] = last_seen_ts + + if os_data: + custom_attrs.update({ + 'os_arch': os_data.get('arch', ''), + 'os_codename': os_data.get('codename', ''), + 'os_major': os_data.get('major', ''), + 'os_minor': os_data.get('minor', ''), + 'os_platform': os_data.get('platform', ''), + 'os_uname': os_data.get('uname', ''), + }) + + # Create composite ID from environment and agent ID + environment = extract_environment_from_node_name(node_name) + if environment: + composite_id = "{}-{}".format(environment, agent_id) + else: + composite_id = str(agent_id) + + asset_params = { + 'id': composite_id, + 'networkInterfaces': network_interfaces, + 'hostnames': hostnames, + 'os': os_name, + 'osVersion': os_version, + 'customAttributes': custom_attrs + } + + asset = ImportAsset(**asset_params) + if agent_status == "active": + assets.append(asset) + + return assets + +def main(**kwargs): + """ + Main function to retrieve and return Wazuh asset data. + + Expected kwargs: + access_key: Wazuh hostname or IP address (e.g., wazuh-manager or 10.1.2.3) + access_secret: Wazuh credentials in format "username::password" + + Returns: + List of ImportAsset objects + """ + wazuh_hostname = kwargs.get('access_key') + credentials = kwargs.get('access_secret') + + if not wazuh_hostname: + print("Error: Wazuh hostname/IP not provided in access_key") + return [] + + if not credentials: + print("Error: Wazuh credentials not provided in access_secret") + return [] + + if '::' not in credentials: + print("Error: Credentials should be in format 'username::password'") + return [] + + username, password = credentials.split('::', 1) + + if not username or not password: + print("Error: Invalid credentials format") + return [] + + wazuh_host = "https://{}:55000".format(wazuh_hostname) + + print("Connecting to Wazuh at:", wazuh_host) + + # Authenticate with Wazuh + token = authenticate_wazuh(wazuh_host, username, password) + + # Retrieve agents + agents = get_wazuh_agents(wazuh_host, token) + if not agents: + print("No agents retrieved from Wazuh") + return [] + + agent_net_interfaces = {} + agent_net_addresses = {} + print("Retrieving detailed network information for each agent...") + + for agent in agents: + agent_id = agent.get('id') + if agent_id: + # Get network interfaces + interfaces, status_code = get_agent_network_interfaces(wazuh_host, token, agent_id) + + # Check if token expired (401), re-authenticate and retry + if status_code == 401: + print("Token expired, re-authenticating...") + token = authenticate_wazuh(wazuh_host, username, password) + if not token: + print("Re-authentication failed, stopping network data collection") + break + # Retry with new token + interfaces, status_code = get_agent_network_interfaces(wazuh_host, token, agent_id) + + if interfaces: + agent_net_interfaces[agent_id] = interfaces + + # Get network addresses + addresses, status_code = get_agent_network_addresses(wazuh_host, token, agent_id) + + # Check if token expired (401), re-authenticate and retry + if status_code == 401: + print("Token expired, re-authenticating...") + token = authenticate_wazuh(wazuh_host, username, password) + if not token: + print("Re-authentication failed, stopping network data collection") + break + # Retry with new token + addresses, status_code = get_agent_network_addresses(wazuh_host, token, agent_id) + + if addresses: + agent_net_addresses[agent_id] = addresses + + print("Retrieved network interfaces for {} agents".format(len(agent_net_interfaces))) + print("Retrieved network addresses for {} agents".format(len(agent_net_addresses))) + + # Convert to RunZero assets + assets = build_assets(agents, agent_net_interfaces, agent_net_addresses) + + print("Successfully processed {} Wazuh agents into RunZero assets".format(len(assets))) + return assets \ No newline at end of file From d2ed830c8607750d739529a0c95a37f3ea19ae06 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" Date: Wed, 27 May 2026 20:30:06 +0000 Subject: [PATCH 02/19] Auto: update integrations JSON and README --- docs/integrations.json | 214 ++++++++++++++++++++--------------------- 1 file changed, 107 insertions(+), 107 deletions(-) diff --git a/docs/integrations.json b/docs/integrations.json index 215d3f7..565b87d 100644 --- a/docs/integrations.json +++ b/docs/integrations.json @@ -1,5 +1,5 @@ { - "lastUpdated": "2026-05-27T20:23:16.506605Z", + "lastUpdated": "2026-05-27T20:30:06.545838Z", "totalIntegrations": 38, "integrationDetails": [ { @@ -9,34 +9,34 @@ "integration": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/tanium/custom-integration-tanium.star" }, { - "name": "Scan Passive Assets", - "type": "internal", - "readme": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/scan-passive-assets/README.md", - "integration": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/scan-passive-assets/custom-integration-scan-passive-assets.star" + "name": "Extreme Networks CloudIQ", + "type": "inbound", + "readme": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/extreme-cloud-iq/README.md", + "integration": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/extreme-cloud-iq/custom-integrations-extreme-cloud-iq.star" }, { - "name": "Snipe-IT", + "name": "Carbon Black", "type": "inbound", - "readme": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/snipe-it/README.md", - "integration": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/snipe-it/snipeit.star" + "readme": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/carbon-black/README.md", + "integration": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/carbon-black/custom-integration-carbon-black.star" }, { - "name": "runZero Task Sync", + "name": "Ghost Security", "type": "inbound", - "readme": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/task-sync/README.md", - "integration": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/task-sync/custom-integration-task-sync.star" + "readme": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/ghost/README.md", + "integration": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/ghost/custom-integration-ghost.star" }, { - "name": "Nexthink", + "name": "Proxmox", "type": "inbound", - "readme": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/nexthink/README.md", - "integration": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/nexthink/custom-integration-nexthink.star" + "readme": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/proxmox/README.md", + "integration": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/proxmox/custom-integration-proxmox.star" }, { - "name": "Cisco-ISE", - "type": "inbound", - "readme": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/cisco-ise/README.md", - "integration": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/cisco-ise/custom_integration_cisco-ise.star" + "name": "Vunerability Workflow", + "type": "internal", + "readme": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/vulnerability-workflow/README.md", + "integration": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/vulnerability-workflow/custom-integration-vulnerability-workflow.star" }, { "name": "Scale Computing", @@ -45,76 +45,82 @@ "integration": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/scale-computing/custom-integration-scale-computing.star" }, { - "name": "Cortex XDR", - "type": "inbound", - "readme": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/cortex-xdr/README.md", - "integration": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/cortex-xdr/custom-integration-cortex-xdr.star" + "name": "Sumo Logic", + "type": "outbound", + "readme": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/sumo-logic/README.md", + "integration": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/sumo-logic/custom-integration-sumo.star" }, { - "name": "Drata", + "name": "Netskope", "type": "inbound", - "readme": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/drata/README.md", - "integration": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/drata/custom-integration-drata.star" + "readme": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/netskope/README.md", + "integration": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/netskope/custom-integration-netskope.star" }, { - "name": "Akamai Guardicore Centra", + "name": "Halycon", "type": "inbound", - "readme": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/akamai-guardicore-centra/README.md", - "integration": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/akamai-guardicore-centra/custom-integration-centra-v4-api.star" + "readme": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/halycon/README.md", + "integration": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/halycon/custom-integration-halycon.star" }, { - "name": "Extreme Networks CloudIQ", + "name": "Bitsight", "type": "inbound", - "readme": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/extreme-cloud-iq/README.md", - "integration": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/extreme-cloud-iq/custom-integrations-extreme-cloud-iq.star" + "readme": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/bitsight/README.md", + "integration": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/bitsight/custom-integration-bitsight.star" }, { - "name": "Proxmox", + "name": "Cortex XDR", "type": "inbound", - "readme": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/proxmox/README.md", - "integration": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/proxmox/custom-integration-proxmox.star" + "readme": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/cortex-xdr/README.md", + "integration": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/cortex-xdr/custom-integration-cortex-xdr.star" }, { - "name": "Vunerability Workflow", - "type": "internal", - "readme": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/vulnerability-workflow/README.md", - "integration": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/vulnerability-workflow/custom-integration-vulnerability-workflow.star" + "name": "Moysle", + "type": "inbound", + "readme": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/moysle/README.md", + "integration": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/moysle/custom-integration-moysle.star" }, { - "name": "JAMF", + "name": "Wazuh", "type": "inbound", - "readme": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/jamf/README.md", - "integration": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/jamf/custom-integration-jamf.star" + "readme": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/wazuh/README.md", + "integration": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/wazuh/custom-integration-wazuh.star" }, { - "name": "Audit Log to Webhook", - "type": "outbound", - "readme": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/audit-events-to-webhook/README.md", - "integration": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/audit-events-to-webhook/custom-integration-audit-events.star" + "name": "pfSense", + "type": "inbound", + "readme": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/pfsense/README.md", + "integration": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/pfsense/custom-integration-pfsense.star" }, { - "name": "Stairwell", + "name": "Digital Ocean", "type": "inbound", - "readme": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/stairwell/README.md", - "integration": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/stairwell/custom-integration-stairwell.star" + "readme": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/digital-ocean/README.md", + "integration": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/digital-ocean/custom-integration-digital-ocean.star" }, { - "name": "Manage Engine Endpoint Central", + "name": "JAMF", "type": "inbound", - "readme": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/manage-engine-endpoint-central/README.md", - "integration": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/manage-engine-endpoint-central/custom-integration-endpoint-central.star" + "readme": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/jamf/README.md", + "integration": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/jamf/custom-integration-jamf.star" }, { - "name": "Cyberint", + "name": "Drata", "type": "inbound", - "readme": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/cyberint/README.md", - "integration": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/cyberint/custom-integration-cyberint.star" + "readme": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/drata/README.md", + "integration": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/drata/custom-integration-drata.star" }, { - "name": "Lima Charlie", + "name": "Audit Log to Webhook", + "type": "outbound", + "readme": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/audit-events-to-webhook/README.md", + "integration": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/audit-events-to-webhook/custom-integration-audit-events.star" + }, + { + "name": "Solarwinds Information Service", "type": "inbound", - "readme": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/lima-charlie/README.md", - "integration": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/lima-charlie/custom-integration-lima-charlie.star" + "readme": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/solarwinds-information-service/README.md", + "integration": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/solarwinds-information-service/custom-integration-swis.star" }, { "name": "Automox", @@ -123,10 +129,10 @@ "integration": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/automox/custom-integration-automox.star" }, { - "name": "Device42", + "name": "Snow License Manager", "type": "inbound", - "readme": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/device42/README.md", - "integration": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/device42/custom-integration-device42.star" + "readme": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/snow-license-manager/README.md", + "integration": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/snow-license-manager/custom-integration-snow.star" }, { "name": "Ubiquiti Unifi Network", @@ -135,28 +141,22 @@ "integration": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/ubiquiti-unifi-network/custom-integration-ubiquiti-unifi-network.star" }, { - "name": "Ghost Security", - "type": "inbound", - "readme": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/ghost/README.md", - "integration": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/ghost/custom-integration-ghost.star" - }, - { - "name": "Carbon Black", + "name": "Manage Engine Endpoint Central", "type": "inbound", - "readme": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/carbon-black/README.md", - "integration": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/carbon-black/custom-integration-carbon-black.star" + "readme": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/manage-engine-endpoint-central/README.md", + "integration": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/manage-engine-endpoint-central/custom-integration-endpoint-central.star" }, { - "name": "pfSense", + "name": "runZero Task Sync", "type": "inbound", - "readme": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/pfsense/README.md", - "integration": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/pfsense/custom-integration-pfsense.star" + "readme": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/task-sync/README.md", + "integration": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/task-sync/custom-integration-task-sync.star" }, { - "name": "Snow License Manager", + "name": "Stairwell", "type": "inbound", - "readme": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/snow-license-manager/README.md", - "integration": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/snow-license-manager/custom-integration-snow.star" + "readme": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/stairwell/README.md", + "integration": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/stairwell/custom-integration-stairwell.star" }, { "name": "Tailscale", @@ -165,52 +165,52 @@ "integration": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/tailscale/custom-integration-tailscale.star" }, { - "name": "Ivanti Neurons", + "name": "Nexthink", "type": "inbound", - "readme": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/ivanti_neurons/README.md", - "integration": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/ivanti_neurons/custom-integration-neurons.star" + "readme": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/nexthink/README.md", + "integration": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/nexthink/custom-integration-nexthink.star" }, { - "name": "Kandji", + "name": "Akamai Guardicore Centra", "type": "inbound", - "readme": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/kandji/README.md", - "integration": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/kandji/custom-integration-kandji.star" + "readme": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/akamai-guardicore-centra/README.md", + "integration": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/akamai-guardicore-centra/custom-integration-centra-v3-api.star" }, { - "name": "Digital Ocean", + "name": "Snipe-IT", "type": "inbound", - "readme": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/digital-ocean/README.md", - "integration": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/digital-ocean/custom-integration-digital-ocean.star" + "readme": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/snipe-it/README.md", + "integration": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/snipe-it/snipeit.star" }, { - "name": "Sumo Logic", - "type": "outbound", - "readme": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/sumo-logic/README.md", - "integration": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/sumo-logic/custom-integration-sumo.star" + "name": "Kandji", + "type": "inbound", + "readme": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/kandji/README.md", + "integration": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/kandji/custom-integration-kandji.star" }, { - "name": "Bitsight", + "name": "Ivanti Neurons", "type": "inbound", - "readme": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/bitsight/README.md", - "integration": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/bitsight/custom-integration-bitsight.star" + "readme": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/ivanti_neurons/README.md", + "integration": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/ivanti_neurons/custom-integration-neurons.star" }, { - "name": "Wazuh", + "name": "Cisco-ISE", "type": "inbound", - "readme": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/wazuh/README.md", - "integration": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/wazuh/custom-integration-wazuh.star" + "readme": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/cisco-ise/README.md", + "integration": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/cisco-ise/custom_integration_cisco-ise.star" }, { - "name": "Halycon", - "type": "inbound", - "readme": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/halycon/README.md", - "integration": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/halycon/custom-integration-halycon.star" + "name": "Scan Passive Assets", + "type": "internal", + "readme": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/scan-passive-assets/README.md", + "integration": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/scan-passive-assets/custom-integration-scan-passive-assets.star" }, { - "name": "Moysle", + "name": "Cyberint", "type": "inbound", - "readme": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/moysle/README.md", - "integration": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/moysle/custom-integration-moysle.star" + "readme": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/cyberint/README.md", + "integration": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/cyberint/custom-integration-cyberint.star" }, { "name": "NinjaOne", @@ -219,16 +219,16 @@ "integration": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/ninjaone/custom-integration-ninjaone.star" }, { - "name": "Netskope", + "name": "Lima Charlie", "type": "inbound", - "readme": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/netskope/README.md", - "integration": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/netskope/custom-integration-netskope.star" + "readme": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/lima-charlie/README.md", + "integration": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/lima-charlie/custom-integration-lima-charlie.star" }, { - "name": "Solarwinds Information Service", + "name": "Device42", "type": "inbound", - "readme": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/solarwinds-information-service/README.md", - "integration": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/solarwinds-information-service/custom-integration-swis.star" + "readme": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/device42/README.md", + "integration": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/device42/custom-integration-device42.star" } ] } \ No newline at end of file From 5a9fa2654fe9ab6f31a1a7bd78f20e02e0fd5506 Mon Sep 17 00:00:00 2001 From: Max Bishop <35214898+MaxBish@users.noreply.github.com> Date: Wed, 27 May 2026 13:36:58 -0700 Subject: [PATCH 03/19] Potential fix for pull request finding Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com> --- wazuh/custom-integration-wazuh.star | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/wazuh/custom-integration-wazuh.star b/wazuh/custom-integration-wazuh.star index b641248..0f4f0da 100644 --- a/wazuh/custom-integration-wazuh.star +++ b/wazuh/custom-integration-wazuh.star @@ -31,7 +31,7 @@ def authenticate_wazuh(host, username, password): 'Content-Type': 'application/json' } - response = http_post(auth_url, headers=headers, insecure_skip_verify=True, timeout=600) + response = http_post(auth_url, headers=headers, timeout=600) if response.status_code != 200: print("Wazuh authentication failed. Status:", response.status_code) From 6794e1b597e094324d5df02dab2fd75073dfd7ce Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" Date: Wed, 27 May 2026 20:37:09 +0000 Subject: [PATCH 04/19] Auto: update integrations JSON and README --- docs/integrations.json | 234 ++++++++++++++++++++--------------------- 1 file changed, 117 insertions(+), 117 deletions(-) diff --git a/docs/integrations.json b/docs/integrations.json index 565b87d..e5cada2 100644 --- a/docs/integrations.json +++ b/docs/integrations.json @@ -1,66 +1,42 @@ { - "lastUpdated": "2026-05-27T20:30:06.545838Z", + "lastUpdated": "2026-05-27T20:37:09.894156Z", "totalIntegrations": 38, "integrationDetails": [ { - "name": "Tanium", - "type": "inbound", - "readme": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/tanium/README.md", - "integration": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/tanium/custom-integration-tanium.star" - }, - { - "name": "Extreme Networks CloudIQ", - "type": "inbound", - "readme": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/extreme-cloud-iq/README.md", - "integration": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/extreme-cloud-iq/custom-integrations-extreme-cloud-iq.star" - }, - { - "name": "Carbon Black", + "name": "Moysle", "type": "inbound", - "readme": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/carbon-black/README.md", - "integration": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/carbon-black/custom-integration-carbon-black.star" + "readme": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/moysle/README.md", + "integration": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/moysle/custom-integration-moysle.star" }, { - "name": "Ghost Security", + "name": "Automox", "type": "inbound", - "readme": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/ghost/README.md", - "integration": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/ghost/custom-integration-ghost.star" + "readme": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/automox/README.md", + "integration": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/automox/custom-integration-automox.star" }, { - "name": "Proxmox", + "name": "Netskope", "type": "inbound", - "readme": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/proxmox/README.md", - "integration": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/proxmox/custom-integration-proxmox.star" - }, - { - "name": "Vunerability Workflow", - "type": "internal", - "readme": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/vulnerability-workflow/README.md", - "integration": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/vulnerability-workflow/custom-integration-vulnerability-workflow.star" + "readme": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/netskope/README.md", + "integration": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/netskope/custom-integration-netskope.star" }, { - "name": "Scale Computing", + "name": "Device42", "type": "inbound", - "readme": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/scale-computing/README.md", - "integration": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/scale-computing/custom-integration-scale-computing.star" - }, - { - "name": "Sumo Logic", - "type": "outbound", - "readme": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/sumo-logic/README.md", - "integration": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/sumo-logic/custom-integration-sumo.star" + "readme": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/device42/README.md", + "integration": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/device42/custom-integration-device42.star" }, { - "name": "Netskope", + "name": "Ghost Security", "type": "inbound", - "readme": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/netskope/README.md", - "integration": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/netskope/custom-integration-netskope.star" + "readme": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/ghost/README.md", + "integration": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/ghost/custom-integration-ghost.star" }, { - "name": "Halycon", + "name": "Cortex XDR", "type": "inbound", - "readme": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/halycon/README.md", - "integration": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/halycon/custom-integration-halycon.star" + "readme": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/cortex-xdr/README.md", + "integration": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/cortex-xdr/custom-integration-cortex-xdr.star" }, { "name": "Bitsight", @@ -69,28 +45,28 @@ "integration": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/bitsight/custom-integration-bitsight.star" }, { - "name": "Cortex XDR", + "name": "Carbon Black", "type": "inbound", - "readme": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/cortex-xdr/README.md", - "integration": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/cortex-xdr/custom-integration-cortex-xdr.star" + "readme": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/carbon-black/README.md", + "integration": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/carbon-black/custom-integration-carbon-black.star" }, { - "name": "Moysle", + "name": "Snipe-IT", "type": "inbound", - "readme": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/moysle/README.md", - "integration": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/moysle/custom-integration-moysle.star" + "readme": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/snipe-it/README.md", + "integration": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/snipe-it/snipeit.star" }, { - "name": "Wazuh", - "type": "inbound", - "readme": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/wazuh/README.md", - "integration": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/wazuh/custom-integration-wazuh.star" + "name": "Vunerability Workflow", + "type": "internal", + "readme": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/vulnerability-workflow/README.md", + "integration": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/vulnerability-workflow/custom-integration-vulnerability-workflow.star" }, { - "name": "pfSense", + "name": "Tanium", "type": "inbound", - "readme": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/pfsense/README.md", - "integration": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/pfsense/custom-integration-pfsense.star" + "readme": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/tanium/README.md", + "integration": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/tanium/custom-integration-tanium.star" }, { "name": "Digital Ocean", @@ -98,6 +74,12 @@ "readme": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/digital-ocean/README.md", "integration": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/digital-ocean/custom-integration-digital-ocean.star" }, + { + "name": "Ubiquiti Unifi Network", + "type": "inbound", + "readme": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/ubiquiti-unifi-network/README.md", + "integration": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/ubiquiti-unifi-network/custom-integration-ubiquiti-unifi-network.star" + }, { "name": "JAMF", "type": "inbound", @@ -105,94 +87,94 @@ "integration": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/jamf/custom-integration-jamf.star" }, { - "name": "Drata", + "name": "Proxmox", "type": "inbound", - "readme": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/drata/README.md", - "integration": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/drata/custom-integration-drata.star" + "readme": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/proxmox/README.md", + "integration": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/proxmox/custom-integration-proxmox.star" }, { - "name": "Audit Log to Webhook", - "type": "outbound", - "readme": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/audit-events-to-webhook/README.md", - "integration": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/audit-events-to-webhook/custom-integration-audit-events.star" + "name": "Cyberint", + "type": "inbound", + "readme": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/cyberint/README.md", + "integration": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/cyberint/custom-integration-cyberint.star" }, { - "name": "Solarwinds Information Service", + "name": "Lima Charlie", "type": "inbound", - "readme": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/solarwinds-information-service/README.md", - "integration": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/solarwinds-information-service/custom-integration-swis.star" + "readme": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/lima-charlie/README.md", + "integration": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/lima-charlie/custom-integration-lima-charlie.star" }, { - "name": "Automox", + "name": "Nexthink", "type": "inbound", - "readme": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/automox/README.md", - "integration": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/automox/custom-integration-automox.star" + "readme": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/nexthink/README.md", + "integration": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/nexthink/custom-integration-nexthink.star" }, { - "name": "Snow License Manager", + "name": "Kandji", "type": "inbound", - "readme": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/snow-license-manager/README.md", - "integration": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/snow-license-manager/custom-integration-snow.star" + "readme": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/kandji/README.md", + "integration": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/kandji/custom-integration-kandji.star" }, { - "name": "Ubiquiti Unifi Network", + "name": "Ivanti Neurons", "type": "inbound", - "readme": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/ubiquiti-unifi-network/README.md", - "integration": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/ubiquiti-unifi-network/custom-integration-ubiquiti-unifi-network.star" + "readme": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/ivanti_neurons/README.md", + "integration": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/ivanti_neurons/custom-integration-neurons.star" }, { - "name": "Manage Engine Endpoint Central", + "name": "Scale Computing", "type": "inbound", - "readme": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/manage-engine-endpoint-central/README.md", - "integration": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/manage-engine-endpoint-central/custom-integration-endpoint-central.star" + "readme": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/scale-computing/README.md", + "integration": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/scale-computing/custom-integration-scale-computing.star" }, { - "name": "runZero Task Sync", + "name": "Extreme Networks CloudIQ", "type": "inbound", - "readme": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/task-sync/README.md", - "integration": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/task-sync/custom-integration-task-sync.star" + "readme": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/extreme-cloud-iq/README.md", + "integration": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/extreme-cloud-iq/custom-integrations-extreme-cloud-iq.star" }, { - "name": "Stairwell", + "name": "Drata", "type": "inbound", - "readme": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/stairwell/README.md", - "integration": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/stairwell/custom-integration-stairwell.star" + "readme": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/drata/README.md", + "integration": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/drata/custom-integration-drata.star" }, { - "name": "Tailscale", + "name": "Snow License Manager", "type": "inbound", - "readme": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/tailscale/README.md", - "integration": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/tailscale/custom-integration-tailscale.star" + "readme": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/snow-license-manager/README.md", + "integration": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/snow-license-manager/custom-integration-snow.star" }, { - "name": "Nexthink", + "name": "Stairwell", "type": "inbound", - "readme": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/nexthink/README.md", - "integration": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/nexthink/custom-integration-nexthink.star" + "readme": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/stairwell/README.md", + "integration": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/stairwell/custom-integration-stairwell.star" }, { "name": "Akamai Guardicore Centra", "type": "inbound", "readme": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/akamai-guardicore-centra/README.md", - "integration": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/akamai-guardicore-centra/custom-integration-centra-v3-api.star" + "integration": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/akamai-guardicore-centra/custom-integration-centra-v4-api.star" }, { - "name": "Snipe-IT", + "name": "Solarwinds Information Service", "type": "inbound", - "readme": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/snipe-it/README.md", - "integration": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/snipe-it/snipeit.star" + "readme": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/solarwinds-information-service/README.md", + "integration": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/solarwinds-information-service/custom-integration-swis.star" }, { - "name": "Kandji", - "type": "inbound", - "readme": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/kandji/README.md", - "integration": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/kandji/custom-integration-kandji.star" + "name": "Scan Passive Assets", + "type": "internal", + "readme": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/scan-passive-assets/README.md", + "integration": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/scan-passive-assets/custom-integration-scan-passive-assets.star" }, { - "name": "Ivanti Neurons", + "name": "pfSense", "type": "inbound", - "readme": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/ivanti_neurons/README.md", - "integration": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/ivanti_neurons/custom-integration-neurons.star" + "readme": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/pfsense/README.md", + "integration": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/pfsense/custom-integration-pfsense.star" }, { "name": "Cisco-ISE", @@ -201,34 +183,52 @@ "integration": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/cisco-ise/custom_integration_cisco-ise.star" }, { - "name": "Scan Passive Assets", - "type": "internal", - "readme": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/scan-passive-assets/README.md", - "integration": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/scan-passive-assets/custom-integration-scan-passive-assets.star" + "name": "Sumo Logic", + "type": "outbound", + "readme": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/sumo-logic/README.md", + "integration": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/sumo-logic/custom-integration-sumo.star" }, { - "name": "Cyberint", + "name": "Wazuh", "type": "inbound", - "readme": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/cyberint/README.md", - "integration": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/cyberint/custom-integration-cyberint.star" + "readme": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/wazuh/README.md", + "integration": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/wazuh/custom-integration-wazuh.star" }, { - "name": "NinjaOne", + "name": "Manage Engine Endpoint Central", "type": "inbound", - "readme": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/ninjaone/README.md", - "integration": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/ninjaone/custom-integration-ninjaone.star" + "readme": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/manage-engine-endpoint-central/README.md", + "integration": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/manage-engine-endpoint-central/custom-integration-endpoint-central.star" }, { - "name": "Lima Charlie", + "name": "Tailscale", "type": "inbound", - "readme": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/lima-charlie/README.md", - "integration": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/lima-charlie/custom-integration-lima-charlie.star" + "readme": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/tailscale/README.md", + "integration": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/tailscale/custom-integration-tailscale.star" }, { - "name": "Device42", + "name": "Audit Log to Webhook", + "type": "outbound", + "readme": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/audit-events-to-webhook/README.md", + "integration": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/audit-events-to-webhook/custom-integration-audit-events.star" + }, + { + "name": "Halycon", "type": "inbound", - "readme": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/device42/README.md", - "integration": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/device42/custom-integration-device42.star" + "readme": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/halycon/README.md", + "integration": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/halycon/custom-integration-halycon.star" + }, + { + "name": "runZero Task Sync", + "type": "inbound", + "readme": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/task-sync/README.md", + "integration": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/task-sync/custom-integration-task-sync.star" + }, + { + "name": "NinjaOne", + "type": "inbound", + "readme": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/ninjaone/README.md", + "integration": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/ninjaone/custom-integration-ninjaone.star" } ] } \ No newline at end of file From ffac5237fc3a7a0a61bcc26cb1b03616d71d9c34 Mon Sep 17 00:00:00 2001 From: Max Bishop <35214898+MaxBish@users.noreply.github.com> Date: Wed, 27 May 2026 13:37:21 -0700 Subject: [PATCH 05/19] Potential fix for pull request finding Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com> --- wazuh/custom-integration-wazuh.star | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/wazuh/custom-integration-wazuh.star b/wazuh/custom-integration-wazuh.star index 0f4f0da..b2886b6 100644 --- a/wazuh/custom-integration-wazuh.star +++ b/wazuh/custom-integration-wazuh.star @@ -80,18 +80,17 @@ def get_wazuh_agents(host, token): 'limit': limit } - response = http_get(agents_url, headers=headers, params=params, insecure_skip_verify=True, timeout=600) + response = http_get(agents_url, headers=headers, params=params, timeout=600) if response.status_code != 200: print("Failed to fetch agents from Wazuh. Status:", response.status_code) - hasNextPage = False + break response_data = json_decode(response.body) if response_data.get('error', 1) != 0: print("Wazuh API error:", response_data.get('message', 'Unknown error')) - hasNextPage = False - + break agents_batch = response_data.get('data', {}).get('affected_items', []) if not agents_batch: From fce5de0949bfb4cfcd4891d98566fda98a05ac88 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" Date: Wed, 27 May 2026 20:37:32 +0000 Subject: [PATCH 06/19] Auto: update integrations JSON and README --- docs/integrations.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/integrations.json b/docs/integrations.json index e5cada2..f63a2d6 100644 --- a/docs/integrations.json +++ b/docs/integrations.json @@ -1,5 +1,5 @@ { - "lastUpdated": "2026-05-27T20:37:09.894156Z", + "lastUpdated": "2026-05-27T20:37:32.893589Z", "totalIntegrations": 38, "integrationDetails": [ { From b9f03fd2ccab2c8b03e978cd11cacb5a850453c7 Mon Sep 17 00:00:00 2001 From: Max Bishop <35214898+MaxBish@users.noreply.github.com> Date: Wed, 27 May 2026 13:37:36 -0700 Subject: [PATCH 07/19] Potential fix for pull request finding Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com> --- wazuh/custom-integration-wazuh.star | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/wazuh/custom-integration-wazuh.star b/wazuh/custom-integration-wazuh.star index b2886b6..3f761af 100644 --- a/wazuh/custom-integration-wazuh.star +++ b/wazuh/custom-integration-wazuh.star @@ -516,7 +516,10 @@ def main(**kwargs): # Authenticate with Wazuh token = authenticate_wazuh(wazuh_host, username, password) - + if not token: + print("Authentication to Wazuh failed; no token returned") + return [] + # Retrieve agents agents = get_wazuh_agents(wazuh_host, token) if not agents: From 0b6d221944ba6a5d52f752e8db5b25b41db8fc30 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" Date: Wed, 27 May 2026 20:37:45 +0000 Subject: [PATCH 08/19] Auto: update integrations JSON and README --- docs/integrations.json | 234 ++++++++++++++++++++--------------------- 1 file changed, 117 insertions(+), 117 deletions(-) diff --git a/docs/integrations.json b/docs/integrations.json index f63a2d6..5e81a6e 100644 --- a/docs/integrations.json +++ b/docs/integrations.json @@ -1,30 +1,24 @@ { - "lastUpdated": "2026-05-27T20:37:32.893589Z", + "lastUpdated": "2026-05-27T20:37:45.964760Z", "totalIntegrations": 38, "integrationDetails": [ { - "name": "Moysle", - "type": "inbound", - "readme": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/moysle/README.md", - "integration": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/moysle/custom-integration-moysle.star" - }, - { - "name": "Automox", + "name": "Tanium", "type": "inbound", - "readme": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/automox/README.md", - "integration": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/automox/custom-integration-automox.star" + "readme": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/tanium/README.md", + "integration": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/tanium/custom-integration-tanium.star" }, { - "name": "Netskope", + "name": "Extreme Networks CloudIQ", "type": "inbound", - "readme": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/netskope/README.md", - "integration": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/netskope/custom-integration-netskope.star" + "readme": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/extreme-cloud-iq/README.md", + "integration": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/extreme-cloud-iq/custom-integrations-extreme-cloud-iq.star" }, { - "name": "Device42", + "name": "Carbon Black", "type": "inbound", - "readme": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/device42/README.md", - "integration": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/device42/custom-integration-device42.star" + "readme": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/carbon-black/README.md", + "integration": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/carbon-black/custom-integration-carbon-black.star" }, { "name": "Ghost Security", @@ -33,10 +27,40 @@ "integration": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/ghost/custom-integration-ghost.star" }, { - "name": "Cortex XDR", + "name": "Proxmox", "type": "inbound", - "readme": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/cortex-xdr/README.md", - "integration": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/cortex-xdr/custom-integration-cortex-xdr.star" + "readme": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/proxmox/README.md", + "integration": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/proxmox/custom-integration-proxmox.star" + }, + { + "name": "Vunerability Workflow", + "type": "internal", + "readme": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/vulnerability-workflow/README.md", + "integration": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/vulnerability-workflow/custom-integration-vulnerability-workflow.star" + }, + { + "name": "Scale Computing", + "type": "inbound", + "readme": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/scale-computing/README.md", + "integration": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/scale-computing/custom-integration-scale-computing.star" + }, + { + "name": "Sumo Logic", + "type": "outbound", + "readme": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/sumo-logic/README.md", + "integration": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/sumo-logic/custom-integration-sumo.star" + }, + { + "name": "Netskope", + "type": "inbound", + "readme": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/netskope/README.md", + "integration": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/netskope/custom-integration-netskope.star" + }, + { + "name": "Halycon", + "type": "inbound", + "readme": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/halycon/README.md", + "integration": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/halycon/custom-integration-halycon.star" }, { "name": "Bitsight", @@ -45,28 +69,28 @@ "integration": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/bitsight/custom-integration-bitsight.star" }, { - "name": "Carbon Black", + "name": "Cortex XDR", "type": "inbound", - "readme": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/carbon-black/README.md", - "integration": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/carbon-black/custom-integration-carbon-black.star" + "readme": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/cortex-xdr/README.md", + "integration": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/cortex-xdr/custom-integration-cortex-xdr.star" }, { - "name": "Snipe-IT", + "name": "Moysle", "type": "inbound", - "readme": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/snipe-it/README.md", - "integration": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/snipe-it/snipeit.star" + "readme": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/moysle/README.md", + "integration": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/moysle/custom-integration-moysle.star" }, { - "name": "Vunerability Workflow", - "type": "internal", - "readme": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/vulnerability-workflow/README.md", - "integration": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/vulnerability-workflow/custom-integration-vulnerability-workflow.star" + "name": "Wazuh", + "type": "inbound", + "readme": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/wazuh/README.md", + "integration": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/wazuh/custom-integration-wazuh.star" }, { - "name": "Tanium", + "name": "pfSense", "type": "inbound", - "readme": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/tanium/README.md", - "integration": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/tanium/custom-integration-tanium.star" + "readme": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/pfsense/README.md", + "integration": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/pfsense/custom-integration-pfsense.star" }, { "name": "Digital Ocean", @@ -74,12 +98,6 @@ "readme": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/digital-ocean/README.md", "integration": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/digital-ocean/custom-integration-digital-ocean.star" }, - { - "name": "Ubiquiti Unifi Network", - "type": "inbound", - "readme": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/ubiquiti-unifi-network/README.md", - "integration": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/ubiquiti-unifi-network/custom-integration-ubiquiti-unifi-network.star" - }, { "name": "JAMF", "type": "inbound", @@ -87,94 +105,94 @@ "integration": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/jamf/custom-integration-jamf.star" }, { - "name": "Proxmox", + "name": "Drata", "type": "inbound", - "readme": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/proxmox/README.md", - "integration": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/proxmox/custom-integration-proxmox.star" + "readme": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/drata/README.md", + "integration": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/drata/custom-integration-drata.star" }, { - "name": "Cyberint", - "type": "inbound", - "readme": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/cyberint/README.md", - "integration": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/cyberint/custom-integration-cyberint.star" + "name": "Audit Log to Webhook", + "type": "outbound", + "readme": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/audit-events-to-webhook/README.md", + "integration": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/audit-events-to-webhook/custom-integration-audit-events.star" }, { - "name": "Lima Charlie", + "name": "Solarwinds Information Service", "type": "inbound", - "readme": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/lima-charlie/README.md", - "integration": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/lima-charlie/custom-integration-lima-charlie.star" + "readme": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/solarwinds-information-service/README.md", + "integration": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/solarwinds-information-service/custom-integration-swis.star" }, { - "name": "Nexthink", + "name": "Automox", "type": "inbound", - "readme": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/nexthink/README.md", - "integration": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/nexthink/custom-integration-nexthink.star" + "readme": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/automox/README.md", + "integration": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/automox/custom-integration-automox.star" }, { - "name": "Kandji", + "name": "Snow License Manager", "type": "inbound", - "readme": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/kandji/README.md", - "integration": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/kandji/custom-integration-kandji.star" + "readme": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/snow-license-manager/README.md", + "integration": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/snow-license-manager/custom-integration-snow.star" }, { - "name": "Ivanti Neurons", + "name": "Ubiquiti Unifi Network", "type": "inbound", - "readme": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/ivanti_neurons/README.md", - "integration": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/ivanti_neurons/custom-integration-neurons.star" + "readme": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/ubiquiti-unifi-network/README.md", + "integration": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/ubiquiti-unifi-network/custom-integration-ubiquiti-unifi-network.star" }, { - "name": "Scale Computing", + "name": "Manage Engine Endpoint Central", "type": "inbound", - "readme": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/scale-computing/README.md", - "integration": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/scale-computing/custom-integration-scale-computing.star" + "readme": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/manage-engine-endpoint-central/README.md", + "integration": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/manage-engine-endpoint-central/custom-integration-endpoint-central.star" }, { - "name": "Extreme Networks CloudIQ", + "name": "runZero Task Sync", "type": "inbound", - "readme": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/extreme-cloud-iq/README.md", - "integration": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/extreme-cloud-iq/custom-integrations-extreme-cloud-iq.star" + "readme": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/task-sync/README.md", + "integration": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/task-sync/custom-integration-task-sync.star" }, { - "name": "Drata", + "name": "Stairwell", "type": "inbound", - "readme": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/drata/README.md", - "integration": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/drata/custom-integration-drata.star" + "readme": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/stairwell/README.md", + "integration": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/stairwell/custom-integration-stairwell.star" }, { - "name": "Snow License Manager", + "name": "Tailscale", "type": "inbound", - "readme": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/snow-license-manager/README.md", - "integration": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/snow-license-manager/custom-integration-snow.star" + "readme": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/tailscale/README.md", + "integration": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/tailscale/custom-integration-tailscale.star" }, { - "name": "Stairwell", + "name": "Nexthink", "type": "inbound", - "readme": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/stairwell/README.md", - "integration": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/stairwell/custom-integration-stairwell.star" + "readme": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/nexthink/README.md", + "integration": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/nexthink/custom-integration-nexthink.star" }, { "name": "Akamai Guardicore Centra", "type": "inbound", "readme": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/akamai-guardicore-centra/README.md", - "integration": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/akamai-guardicore-centra/custom-integration-centra-v4-api.star" + "integration": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/akamai-guardicore-centra/custom-integration-centra-v3-api.star" }, { - "name": "Solarwinds Information Service", + "name": "Snipe-IT", "type": "inbound", - "readme": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/solarwinds-information-service/README.md", - "integration": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/solarwinds-information-service/custom-integration-swis.star" + "readme": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/snipe-it/README.md", + "integration": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/snipe-it/snipeit.star" }, { - "name": "Scan Passive Assets", - "type": "internal", - "readme": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/scan-passive-assets/README.md", - "integration": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/scan-passive-assets/custom-integration-scan-passive-assets.star" + "name": "Kandji", + "type": "inbound", + "readme": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/kandji/README.md", + "integration": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/kandji/custom-integration-kandji.star" }, { - "name": "pfSense", + "name": "Ivanti Neurons", "type": "inbound", - "readme": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/pfsense/README.md", - "integration": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/pfsense/custom-integration-pfsense.star" + "readme": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/ivanti_neurons/README.md", + "integration": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/ivanti_neurons/custom-integration-neurons.star" }, { "name": "Cisco-ISE", @@ -183,52 +201,34 @@ "integration": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/cisco-ise/custom_integration_cisco-ise.star" }, { - "name": "Sumo Logic", - "type": "outbound", - "readme": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/sumo-logic/README.md", - "integration": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/sumo-logic/custom-integration-sumo.star" - }, - { - "name": "Wazuh", - "type": "inbound", - "readme": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/wazuh/README.md", - "integration": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/wazuh/custom-integration-wazuh.star" - }, - { - "name": "Manage Engine Endpoint Central", - "type": "inbound", - "readme": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/manage-engine-endpoint-central/README.md", - "integration": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/manage-engine-endpoint-central/custom-integration-endpoint-central.star" + "name": "Scan Passive Assets", + "type": "internal", + "readme": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/scan-passive-assets/README.md", + "integration": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/scan-passive-assets/custom-integration-scan-passive-assets.star" }, { - "name": "Tailscale", + "name": "Cyberint", "type": "inbound", - "readme": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/tailscale/README.md", - "integration": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/tailscale/custom-integration-tailscale.star" - }, - { - "name": "Audit Log to Webhook", - "type": "outbound", - "readme": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/audit-events-to-webhook/README.md", - "integration": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/audit-events-to-webhook/custom-integration-audit-events.star" + "readme": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/cyberint/README.md", + "integration": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/cyberint/custom-integration-cyberint.star" }, { - "name": "Halycon", + "name": "NinjaOne", "type": "inbound", - "readme": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/halycon/README.md", - "integration": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/halycon/custom-integration-halycon.star" + "readme": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/ninjaone/README.md", + "integration": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/ninjaone/custom-integration-ninjaone.star" }, { - "name": "runZero Task Sync", + "name": "Lima Charlie", "type": "inbound", - "readme": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/task-sync/README.md", - "integration": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/task-sync/custom-integration-task-sync.star" + "readme": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/lima-charlie/README.md", + "integration": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/lima-charlie/custom-integration-lima-charlie.star" }, { - "name": "NinjaOne", + "name": "Device42", "type": "inbound", - "readme": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/ninjaone/README.md", - "integration": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/ninjaone/custom-integration-ninjaone.star" + "readme": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/device42/README.md", + "integration": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/device42/custom-integration-device42.star" } ] } \ No newline at end of file From 18e480ba64ee5e4ff6bbb36ce0c427309aa32ca9 Mon Sep 17 00:00:00 2001 From: Max Bishop <35214898+MaxBish@users.noreply.github.com> Date: Wed, 27 May 2026 13:38:20 -0700 Subject: [PATCH 09/19] Potential fix for pull request finding Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com> --- wazuh/custom-integration-wazuh.star | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/wazuh/custom-integration-wazuh.star b/wazuh/custom-integration-wazuh.star index 3f761af..efbe665 100644 --- a/wazuh/custom-integration-wazuh.star +++ b/wazuh/custom-integration-wazuh.star @@ -397,7 +397,7 @@ def build_assets(agents, agent_net_interfaces, agent_net_addresses): assets = [] for agent in agents: - print(agent) + # print(agent) # Uncomment for debugging agent_id = agent.get('id', "") agent_name = agent.get('name', "") node_name = agent.get('node_name', '') From 15b8e477a05c0694cdf6237318582f3dca6325f6 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" Date: Wed, 27 May 2026 20:38:34 +0000 Subject: [PATCH 10/19] Auto: update integrations JSON and README --- docs/integrations.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/integrations.json b/docs/integrations.json index 5e81a6e..28471a5 100644 --- a/docs/integrations.json +++ b/docs/integrations.json @@ -1,5 +1,5 @@ { - "lastUpdated": "2026-05-27T20:37:45.964760Z", + "lastUpdated": "2026-05-27T20:38:34.311654Z", "totalIntegrations": 38, "integrationDetails": [ { From f4e18ee8a6975f3f21921c63611b3590d9a919e9 Mon Sep 17 00:00:00 2001 From: Max Bishop <35214898+MaxBish@users.noreply.github.com> Date: Wed, 27 May 2026 13:39:51 -0700 Subject: [PATCH 11/19] Potential fix for pull request finding Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com> --- wazuh/custom-integration-wazuh.star | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/wazuh/custom-integration-wazuh.star b/wazuh/custom-integration-wazuh.star index efbe665..8133379 100644 --- a/wazuh/custom-integration-wazuh.star +++ b/wazuh/custom-integration-wazuh.star @@ -123,7 +123,7 @@ def get_agent_network_interfaces(host, token, agent_id): 'Content-Type': 'application/json' } - response = http_get(netiface_url, headers=headers, insecure_skip_verify=True, timeout=600) + response = http_get(netiface_url, headers=headers, timeout=600) if response.status_code != 200: if response.status_code != 401: # Don't print for 401, we'll handle that From d5f349e0b3a9170d08897c53cc010ca30d792bfe Mon Sep 17 00:00:00 2001 From: Max Bishop <35214898+MaxBish@users.noreply.github.com> Date: Wed, 27 May 2026 13:40:02 -0700 Subject: [PATCH 12/19] Potential fix for pull request finding Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com> --- wazuh/custom-integration-wazuh.star | 2 ++ 1 file changed, 2 insertions(+) diff --git a/wazuh/custom-integration-wazuh.star b/wazuh/custom-integration-wazuh.star index 8133379..fce0d7a 100644 --- a/wazuh/custom-integration-wazuh.star +++ b/wazuh/custom-integration-wazuh.star @@ -531,6 +531,8 @@ def main(**kwargs): print("Retrieving detailed network information for each agent...") for agent in agents: + if agent.get('status') != "active": + continue agent_id = agent.get('id') if agent_id: # Get network interfaces From 6eca3fa767e822bc6145fe3a0318bbf96464524b Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" Date: Wed, 27 May 2026 20:40:17 +0000 Subject: [PATCH 13/19] Auto: update integrations JSON and README --- docs/integrations.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/integrations.json b/docs/integrations.json index 28471a5..ed3c629 100644 --- a/docs/integrations.json +++ b/docs/integrations.json @@ -1,5 +1,5 @@ { - "lastUpdated": "2026-05-27T20:38:34.311654Z", + "lastUpdated": "2026-05-27T20:40:17.131123Z", "totalIntegrations": 38, "integrationDetails": [ { From b90a6e99241be84d4218b544033c642202394700 Mon Sep 17 00:00:00 2001 From: Max Bishop <35214898+MaxBish@users.noreply.github.com> Date: Wed, 27 May 2026 13:40:21 -0700 Subject: [PATCH 14/19] Potential fix for pull request finding Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com> --- wazuh/custom-integration-wazuh.star | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/wazuh/custom-integration-wazuh.star b/wazuh/custom-integration-wazuh.star index fce0d7a..ee9356e 100644 --- a/wazuh/custom-integration-wazuh.star +++ b/wazuh/custom-integration-wazuh.star @@ -6,8 +6,7 @@ load('uuid', 'new_uuid') load('base64', base64_encode='encode') load('time', 'parse_time') -# --- Existing functions (no changes) --- - +# --- Wazuh API helpers --- def authenticate_wazuh(host, username, password): """ Authenticate with Wazuh API and retrieve JWT token. From 339a59242022ff81f6b1488eb4ea6ea49e10c707 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" Date: Wed, 27 May 2026 20:40:31 +0000 Subject: [PATCH 15/19] Auto: update integrations JSON and README --- docs/integrations.json | 234 ++++++++++++++++++++--------------------- 1 file changed, 117 insertions(+), 117 deletions(-) diff --git a/docs/integrations.json b/docs/integrations.json index ed3c629..73730cf 100644 --- a/docs/integrations.json +++ b/docs/integrations.json @@ -1,66 +1,42 @@ { - "lastUpdated": "2026-05-27T20:40:17.131123Z", + "lastUpdated": "2026-05-27T20:40:31.134733Z", "totalIntegrations": 38, "integrationDetails": [ { - "name": "Tanium", - "type": "inbound", - "readme": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/tanium/README.md", - "integration": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/tanium/custom-integration-tanium.star" - }, - { - "name": "Extreme Networks CloudIQ", - "type": "inbound", - "readme": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/extreme-cloud-iq/README.md", - "integration": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/extreme-cloud-iq/custom-integrations-extreme-cloud-iq.star" - }, - { - "name": "Carbon Black", + "name": "Moysle", "type": "inbound", - "readme": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/carbon-black/README.md", - "integration": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/carbon-black/custom-integration-carbon-black.star" + "readme": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/moysle/README.md", + "integration": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/moysle/custom-integration-moysle.star" }, { - "name": "Ghost Security", + "name": "Automox", "type": "inbound", - "readme": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/ghost/README.md", - "integration": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/ghost/custom-integration-ghost.star" + "readme": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/automox/README.md", + "integration": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/automox/custom-integration-automox.star" }, { - "name": "Proxmox", + "name": "Netskope", "type": "inbound", - "readme": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/proxmox/README.md", - "integration": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/proxmox/custom-integration-proxmox.star" - }, - { - "name": "Vunerability Workflow", - "type": "internal", - "readme": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/vulnerability-workflow/README.md", - "integration": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/vulnerability-workflow/custom-integration-vulnerability-workflow.star" + "readme": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/netskope/README.md", + "integration": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/netskope/custom-integration-netskope.star" }, { - "name": "Scale Computing", + "name": "Device42", "type": "inbound", - "readme": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/scale-computing/README.md", - "integration": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/scale-computing/custom-integration-scale-computing.star" - }, - { - "name": "Sumo Logic", - "type": "outbound", - "readme": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/sumo-logic/README.md", - "integration": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/sumo-logic/custom-integration-sumo.star" + "readme": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/device42/README.md", + "integration": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/device42/custom-integration-device42.star" }, { - "name": "Netskope", + "name": "Ghost Security", "type": "inbound", - "readme": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/netskope/README.md", - "integration": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/netskope/custom-integration-netskope.star" + "readme": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/ghost/README.md", + "integration": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/ghost/custom-integration-ghost.star" }, { - "name": "Halycon", + "name": "Cortex XDR", "type": "inbound", - "readme": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/halycon/README.md", - "integration": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/halycon/custom-integration-halycon.star" + "readme": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/cortex-xdr/README.md", + "integration": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/cortex-xdr/custom-integration-cortex-xdr.star" }, { "name": "Bitsight", @@ -69,28 +45,28 @@ "integration": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/bitsight/custom-integration-bitsight.star" }, { - "name": "Cortex XDR", + "name": "Carbon Black", "type": "inbound", - "readme": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/cortex-xdr/README.md", - "integration": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/cortex-xdr/custom-integration-cortex-xdr.star" + "readme": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/carbon-black/README.md", + "integration": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/carbon-black/custom-integration-carbon-black.star" }, { - "name": "Moysle", + "name": "Snipe-IT", "type": "inbound", - "readme": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/moysle/README.md", - "integration": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/moysle/custom-integration-moysle.star" + "readme": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/snipe-it/README.md", + "integration": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/snipe-it/snipeit.star" }, { - "name": "Wazuh", - "type": "inbound", - "readme": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/wazuh/README.md", - "integration": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/wazuh/custom-integration-wazuh.star" + "name": "Vunerability Workflow", + "type": "internal", + "readme": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/vulnerability-workflow/README.md", + "integration": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/vulnerability-workflow/custom-integration-vulnerability-workflow.star" }, { - "name": "pfSense", + "name": "Tanium", "type": "inbound", - "readme": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/pfsense/README.md", - "integration": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/pfsense/custom-integration-pfsense.star" + "readme": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/tanium/README.md", + "integration": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/tanium/custom-integration-tanium.star" }, { "name": "Digital Ocean", @@ -98,6 +74,12 @@ "readme": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/digital-ocean/README.md", "integration": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/digital-ocean/custom-integration-digital-ocean.star" }, + { + "name": "Ubiquiti Unifi Network", + "type": "inbound", + "readme": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/ubiquiti-unifi-network/README.md", + "integration": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/ubiquiti-unifi-network/custom-integration-ubiquiti-unifi-network.star" + }, { "name": "JAMF", "type": "inbound", @@ -105,94 +87,94 @@ "integration": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/jamf/custom-integration-jamf.star" }, { - "name": "Drata", + "name": "Proxmox", "type": "inbound", - "readme": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/drata/README.md", - "integration": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/drata/custom-integration-drata.star" + "readme": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/proxmox/README.md", + "integration": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/proxmox/custom-integration-proxmox.star" }, { - "name": "Audit Log to Webhook", - "type": "outbound", - "readme": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/audit-events-to-webhook/README.md", - "integration": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/audit-events-to-webhook/custom-integration-audit-events.star" + "name": "Cyberint", + "type": "inbound", + "readme": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/cyberint/README.md", + "integration": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/cyberint/custom-integration-cyberint.star" }, { - "name": "Solarwinds Information Service", + "name": "Lima Charlie", "type": "inbound", - "readme": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/solarwinds-information-service/README.md", - "integration": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/solarwinds-information-service/custom-integration-swis.star" + "readme": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/lima-charlie/README.md", + "integration": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/lima-charlie/custom-integration-lima-charlie.star" }, { - "name": "Automox", + "name": "Nexthink", "type": "inbound", - "readme": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/automox/README.md", - "integration": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/automox/custom-integration-automox.star" + "readme": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/nexthink/README.md", + "integration": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/nexthink/custom-integration-nexthink.star" }, { - "name": "Snow License Manager", + "name": "Kandji", "type": "inbound", - "readme": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/snow-license-manager/README.md", - "integration": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/snow-license-manager/custom-integration-snow.star" + "readme": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/kandji/README.md", + "integration": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/kandji/custom-integration-kandji.star" }, { - "name": "Ubiquiti Unifi Network", + "name": "Ivanti Neurons", "type": "inbound", - "readme": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/ubiquiti-unifi-network/README.md", - "integration": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/ubiquiti-unifi-network/custom-integration-ubiquiti-unifi-network.star" + "readme": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/ivanti_neurons/README.md", + "integration": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/ivanti_neurons/custom-integration-neurons.star" }, { - "name": "Manage Engine Endpoint Central", + "name": "Scale Computing", "type": "inbound", - "readme": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/manage-engine-endpoint-central/README.md", - "integration": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/manage-engine-endpoint-central/custom-integration-endpoint-central.star" + "readme": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/scale-computing/README.md", + "integration": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/scale-computing/custom-integration-scale-computing.star" }, { - "name": "runZero Task Sync", + "name": "Extreme Networks CloudIQ", "type": "inbound", - "readme": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/task-sync/README.md", - "integration": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/task-sync/custom-integration-task-sync.star" + "readme": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/extreme-cloud-iq/README.md", + "integration": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/extreme-cloud-iq/custom-integrations-extreme-cloud-iq.star" }, { - "name": "Stairwell", + "name": "Drata", "type": "inbound", - "readme": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/stairwell/README.md", - "integration": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/stairwell/custom-integration-stairwell.star" + "readme": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/drata/README.md", + "integration": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/drata/custom-integration-drata.star" }, { - "name": "Tailscale", + "name": "Snow License Manager", "type": "inbound", - "readme": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/tailscale/README.md", - "integration": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/tailscale/custom-integration-tailscale.star" + "readme": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/snow-license-manager/README.md", + "integration": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/snow-license-manager/custom-integration-snow.star" }, { - "name": "Nexthink", + "name": "Stairwell", "type": "inbound", - "readme": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/nexthink/README.md", - "integration": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/nexthink/custom-integration-nexthink.star" + "readme": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/stairwell/README.md", + "integration": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/stairwell/custom-integration-stairwell.star" }, { "name": "Akamai Guardicore Centra", "type": "inbound", "readme": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/akamai-guardicore-centra/README.md", - "integration": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/akamai-guardicore-centra/custom-integration-centra-v3-api.star" + "integration": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/akamai-guardicore-centra/custom-integration-centra-v4-api.star" }, { - "name": "Snipe-IT", + "name": "Solarwinds Information Service", "type": "inbound", - "readme": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/snipe-it/README.md", - "integration": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/snipe-it/snipeit.star" + "readme": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/solarwinds-information-service/README.md", + "integration": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/solarwinds-information-service/custom-integration-swis.star" }, { - "name": "Kandji", - "type": "inbound", - "readme": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/kandji/README.md", - "integration": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/kandji/custom-integration-kandji.star" + "name": "Scan Passive Assets", + "type": "internal", + "readme": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/scan-passive-assets/README.md", + "integration": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/scan-passive-assets/custom-integration-scan-passive-assets.star" }, { - "name": "Ivanti Neurons", + "name": "pfSense", "type": "inbound", - "readme": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/ivanti_neurons/README.md", - "integration": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/ivanti_neurons/custom-integration-neurons.star" + "readme": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/pfsense/README.md", + "integration": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/pfsense/custom-integration-pfsense.star" }, { "name": "Cisco-ISE", @@ -201,34 +183,52 @@ "integration": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/cisco-ise/custom_integration_cisco-ise.star" }, { - "name": "Scan Passive Assets", - "type": "internal", - "readme": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/scan-passive-assets/README.md", - "integration": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/scan-passive-assets/custom-integration-scan-passive-assets.star" + "name": "Sumo Logic", + "type": "outbound", + "readme": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/sumo-logic/README.md", + "integration": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/sumo-logic/custom-integration-sumo.star" }, { - "name": "Cyberint", + "name": "Wazuh", "type": "inbound", - "readme": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/cyberint/README.md", - "integration": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/cyberint/custom-integration-cyberint.star" + "readme": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/wazuh/README.md", + "integration": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/wazuh/custom-integration-wazuh.star" }, { - "name": "NinjaOne", + "name": "Manage Engine Endpoint Central", "type": "inbound", - "readme": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/ninjaone/README.md", - "integration": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/ninjaone/custom-integration-ninjaone.star" + "readme": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/manage-engine-endpoint-central/README.md", + "integration": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/manage-engine-endpoint-central/custom-integration-endpoint-central.star" }, { - "name": "Lima Charlie", + "name": "Tailscale", "type": "inbound", - "readme": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/lima-charlie/README.md", - "integration": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/lima-charlie/custom-integration-lima-charlie.star" + "readme": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/tailscale/README.md", + "integration": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/tailscale/custom-integration-tailscale.star" }, { - "name": "Device42", + "name": "Audit Log to Webhook", + "type": "outbound", + "readme": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/audit-events-to-webhook/README.md", + "integration": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/audit-events-to-webhook/custom-integration-audit-events.star" + }, + { + "name": "Halycon", "type": "inbound", - "readme": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/device42/README.md", - "integration": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/device42/custom-integration-device42.star" + "readme": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/halycon/README.md", + "integration": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/halycon/custom-integration-halycon.star" + }, + { + "name": "runZero Task Sync", + "type": "inbound", + "readme": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/task-sync/README.md", + "integration": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/task-sync/custom-integration-task-sync.star" + }, + { + "name": "NinjaOne", + "type": "inbound", + "readme": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/ninjaone/README.md", + "integration": "https://github.com/runZeroInc/runzero-custom-integrations/blob/main/ninjaone/custom-integration-ninjaone.star" } ] } \ No newline at end of file From c3ff4de45c6822233d487375490c976448183b50 Mon Sep 17 00:00:00 2001 From: Max Bishop <35214898+MaxBish@users.noreply.github.com> Date: Wed, 27 May 2026 13:40:39 -0700 Subject: [PATCH 16/19] Potential fix for pull request finding Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com> --- wazuh/custom-integration-wazuh.star | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/wazuh/custom-integration-wazuh.star b/wazuh/custom-integration-wazuh.star index ee9356e..ee3c384 100644 --- a/wazuh/custom-integration-wazuh.star +++ b/wazuh/custom-integration-wazuh.star @@ -52,14 +52,14 @@ def authenticate_wazuh(host, username, password): def get_wazuh_agents(host, token): """ - Retrieve up to 10000 agents from Wazuh using pagination. + Retrieve agents from Wazuh using pagination. Args: host: Wazuh host URL token: JWT authentication token Returns: - List of agent dictionaries (limited to 10000) + List of agent dictionaries """ agents_url = "{}/agents".format(host) headers = { From 6d643aad31cb81356b1bd280c7a989d9e28973f7 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" Date: Wed, 27 May 2026 20:40:53 +0000 Subject: [PATCH 17/19] Auto: update integrations JSON and README --- docs/integrations.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/integrations.json b/docs/integrations.json index 73730cf..dcac931 100644 --- a/docs/integrations.json +++ b/docs/integrations.json @@ -1,5 +1,5 @@ { - "lastUpdated": "2026-05-27T20:40:31.134733Z", + "lastUpdated": "2026-05-27T20:40:53.570258Z", "totalIntegrations": 38, "integrationDetails": [ { From 60e01de903140420829c4a05321d6e75cc7327a4 Mon Sep 17 00:00:00 2001 From: Max Bishop <35214898+MaxBish@users.noreply.github.com> Date: Wed, 27 May 2026 13:41:26 -0700 Subject: [PATCH 18/19] Potential fix for pull request finding Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com> --- wazuh/custom-integration-wazuh.star | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/wazuh/custom-integration-wazuh.star b/wazuh/custom-integration-wazuh.star index ee3c384..4664a54 100644 --- a/wazuh/custom-integration-wazuh.star +++ b/wazuh/custom-integration-wazuh.star @@ -158,7 +158,7 @@ def get_agent_network_addresses(host, token, agent_id): 'Content-Type': 'application/json' } - response = http_get(netaddr_url, headers=headers, insecure_skip_verify=True, timeout=600) + response = http_get(netaddr_url, headers=headers, timeout=600) if response.status_code != 200: if response.status_code != 401: # Don't print for 401, we'll handle that From 8fe993ae2f4473d28cb4fdcf95edb698c2d706e4 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" Date: Wed, 27 May 2026 20:41:38 +0000 Subject: [PATCH 19/19] Auto: update integrations JSON and README --- docs/integrations.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/integrations.json b/docs/integrations.json index dcac931..c7d3ec6 100644 --- a/docs/integrations.json +++ b/docs/integrations.json @@ -1,5 +1,5 @@ { - "lastUpdated": "2026-05-27T20:40:53.570258Z", + "lastUpdated": "2026-05-27T20:41:38.578027Z", "totalIntegrations": 38, "integrationDetails": [ {