Release 4.3.9 - Release Candidate 1 - E2E UX tests - Wazuh Indexer #15092

AdriiiPRodri · 2022-10-07T08:07:36Z

The following issue aims to run the specified test for the current release candidate, report the results, and open new issues for any encountered errors.

Test information


Test name	Wazuh Indexer
Category	Installation
Deployment option	Step by step
Main release issue	#15090
Main E2E UX issue	#15091
Release candidate #	RC1

Test description

Best effort to test Wazuh indexer package. Think critically and at least review/test:

Wazuh indexer package specs
Indexer package size
Indexer package metadata (description)
Indexer package digital signature
Installed files location, size, and permissions
Installation footprint (check that no unnecessary files are modified/broken in the file system. For example, that operating system files do keep their right owner/permissions and that the installer did not break the system.)
Installed Wazuh indexer service
Wazuh indexer logs when installed
Wazuh indexer templates and indices created
Wazuh indexer configuration (e.g. replicas are expected to be zero by default, how many shards per index, …) Try to compare and find anomalies with the previous Wazuh indexer version using appropriate E2E UX issue. Write down and report as much information as possible to allow comparison between versions using this issue.
Wazuh indexer cluster node communication and configuration
Wazuh indexer cluster status
Wazuh indexer packages uninstallation procedure

Test report procedure

All test results must have one of the following statuses:


🟢	All checks passed.
🔴	There is at least one failed result.
🟡	There is at least one expected failure or skipped test and no failures.

Any failing test must be properly addressed with a new issue, detailing the error and the possible cause.

An extended report of the test results must be attached as a ZIP or TXT file. Please attach any documents, screenshots, or tables to the issue update with the results. This report can be used by the auditors to dig deeper into any possible failures and details.

Conclusions

All tests have been executed and the results can be found here.


Status	Test	Failure type	Notes
🟢	Environment installation
🟢	Wazuh Indexer package
🟢	Wazuh Indexer installed files location, size and permissions
🟢	Wazuh Indexer installation footprint
🟢	Wazuh Indexer installed service		(Known) Warning messages when checking Indexer status: wazuh/wazuh-packages#1749
🟢	Wazuh Indexer installation logs
🟢	Wazuh Indexer templates and indices created
🟢	Wazuh Indexer configuration
🟢	Wazuh Indexer cluster node communication and configuration
🟢	Wazuh Indexer cluster status
🟢	Wazuh Indexer packages uninstallation procedure
🟢	User experience

All tests have passed and the fails have been reported or justified. Therefore, I conclude that this issue is finished and OK for this release candidate.

Auditors validation

The definition of done for this one is the validation of the conclusions and the test results from all auditors.

All checks from below must be accepted in order to close this issue.

@davidjiglesias

AdriiiPRodri · 2022-10-10T07:08:14Z

Installation 🟢

The installation of all components follows the step-by-step guides in the documentation. Example: https://documentation.wazuh.com/current/installation-guide/wazuh-indexer/step-by-step.html

Wazuh Indexer 🟢

Deploying certificates 🟢

[root@ip-172-31-27-153 /]# curl -sO https://packages.wazuh.com/4.3/wazuh-certs-tool.sh
[root@ip-172-31-27-153 /]# curl -sO https://packages.wazuh.com/4.3/config.yml

Names for certificate generation, node-1 (indexer), wazuh-1 (manager), dashboard (dashboard):

[root@ip-172-31-27-153 /]# cat config.yml | grep "  - name:"
    - name: node-1
    - name: wazuh-1
    - name: dashboard

[root@ip-172-31-27-153 /]# cat config.yml 
nodes:
  # Wazuh indexer nodes
  indexer:
    - name: node-1
      ip: 172.31.27.153
    # - name: node-2
    #   ip: <indexer-node-ip>
    # - name: node-3
    #   ip: <indexer-node-ip>

  # Wazuh server nodes
  # Use node_type only with more than one Wazuh manager
  server:
    - name: wazuh-1
      ip: 172.31.27.153
      node_type: master
    - name: wazuh-2
      ip: 172.31.21.252
      node_type: worker

  # Wazuh dashboard nodes
  dashboard:
    - name: dashboard
      ip: 172.31.17.218

Generate certificates:

[root@ip-172-31-27-153 /]# bash ./wazuh-certs-tool.sh -A
07/10/2022 09:43:08 INFO: Admin certificates created.
07/10/2022 09:43:08 INFO: Wazuh indexer certificates created.
07/10/2022 09:43:08 INFO: Wazuh server certificates created.
07/10/2022 09:43:08 INFO: Wazuh dashboard certificates created.

Compress certificates:

[root@ip-172-31-27-153 /]# tar -cvf ./wazuh-certificates.tar -C ./wazuh-certificates/ .
./
./root-ca.key
./root-ca.pem
./admin-key.pem
./admin.pem
./node-1-key.pem
./node-1.pem
./wazuh-1-key.pem
./wazuh-1.pem
./wazuh-2-key.pem
./wazuh-2.pem
./dashboard-key.pem
./dashboard.pem
[root@ip-172-31-27-153 /]# rm -rf ./wazuh-certificates

Copy certificates to other machines:

(Local) scp -i Framework-team.pem [email protected]:/home/ec2-user/wazuh-certificates.tar .
wazuh-certificates.tar                                                                                                                                                              100%   30KB 139.1KB/s   00:00   

(Master) scp -i Framework-team.pem wazuh-certificates.tar [email protected]:/home/ec2-user
wazuh-certificates.tar                                                                                                                                                              100%   30KB 135.8KB/s   00:00    
(Worker) scp -i Framework-team.pem wazuh-certificates.tar [email protected]:/home/ec2-user
wazuh-certificates.tar                                                                                                                                                              100%   30KB 122.3KB/s   00:00    
(Dashboard) scp -i Framework-team.pem wazuh-certificates.tar [email protected]:/home/ec2-user
wazuh-certificates.tar

Installation 🟢

Dependencies:

[root@ip-172-31-27-153 /]# yum install coreutils
Loaded plugins: extras_suggestions, langpacks, priorities, update-motd
amzn2-core                                                                                                                                                                                     | 3.7 kB  00:00:00     
Package coreutils-8.22-24.amzn2.x86_64 already installed and latest version
Nothing to do

Wazuh Indexer download:

[root@ip-172-31-27-153 /]# wget https://packages-dev.wazuh.com/pre-release/yum/wazuh-indexer-4.3.9-1.x86_64.rpm
--2022-10-07 09:03:28--  https://packages-dev.wazuh.com/pre-release/yum/wazuh-indexer-4.3.9-1.x86_64.rpm
Resolving packages-dev.wazuh.com (packages-dev.wazuh.com)... 18.160.37.32, 18.160.37.73, 18.160.37.91, ...
Connecting to packages-dev.wazuh.com (packages-dev.wazuh.com)|18.160.37.32|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 378833512 (361M) [application/x-rpm]
Saving to: ‘wazuh-indexer-4.3.9-1.x86_64.rpm’

100%[============================================================================================================================================================================>] 378,833,512  289MB/s   in 1.3s   

2022-10-07 09:03:29 (289 MB/s) - ‘wazuh-indexer-4.3.9-1.x86_64.rpm’ saved [378833512/378833512]

Installation:

[root@ip-172-31-27-153 /]# yum -y install ./wazuh-indexer-4.3.9-1.x86_64.rpm 
Loaded plugins: extras_suggestions, langpacks, priorities, update-motd
Examining ./wazuh-indexer-4.3.9-1.x86_64.rpm: wazuh-indexer-4.3.9-1.x86_64
Marking ./wazuh-indexer-4.3.9-1.x86_64.rpm to be installed
Resolving Dependencies
--> Running transaction check
---> Package wazuh-indexer.x86_64 0:4.3.9-1 will be installed
--> Finished Dependency Resolution

Dependencies Resolved

======================================================================================================================================================================================================================
 Package                                            Arch                                        Version                                      Repository                                                          Size
======================================================================================================================================================================================================================
Installing:
 wazuh-indexer                                      x86_64                                      4.3.9-1                                      /wazuh-indexer-4.3.9-1.x86_64                                      614 M

Transaction Summary
======================================================================================================================================================================================================================
Install  1 Package

Total size: 614 M
Installed size: 614 M
Downloading packages:
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
  Installing : wazuh-indexer-4.3.9-1.x86_64                                                                                                                                                                       1/1 
Created opensearch keystore in /etc/wazuh-indexer/opensearch.keystore
  Verifying  : wazuh-indexer-4.3.9-1.x86_64                                                                                                                                                                       1/1 

Installed:
  wazuh-indexer.x86_64 0:4.3.9-1                                                                                                                                                                                      

Complete!

Setup 🟢

Configuring the Wazuh indexer:

[root@ip-172-31-27-153 /]# cat /etc/wazuh-indexer/opensearch.yml
network.host: "172.31.27.153"
node.name: "node-1"
cluster.initial_master_nodes:
- "node-1"
#- "node-2"
#- "node-3"
cluster.name: "wazuh-cluster"
#discovery.seed_hosts:
#  - "node-1-ip"
#  - "node-2-ip"
#  - "node-3-ip"
node.max_local_storage_nodes: "3"
path.data: /var/lib/wazuh-indexer
path.logs: /var/log/wazuh-indexer

plugins.security.ssl.http.pemcert_filepath: /etc/wazuh-indexer/certs/indexer.pem
plugins.security.ssl.http.pemkey_filepath: /etc/wazuh-indexer/certs/indexer-key.pem
plugins.security.ssl.http.pemtrustedcas_filepath: /etc/wazuh-indexer/certs/root-ca.pem
plugins.security.ssl.transport.pemcert_filepath: /etc/wazuh-indexer/certs/indexer.pem
plugins.security.ssl.transport.pemkey_filepath: /etc/wazuh-indexer/certs/indexer-key.pem
plugins.security.ssl.transport.pemtrustedcas_filepath: /etc/wazuh-indexer/certs/root-ca.pem
plugins.security.ssl.http.enabled: true
plugins.security.ssl.transport.enforce_hostname_verification: false
plugins.security.ssl.transport.resolve_hostname: false

plugins.security.authcz.admin_dn:
- "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
plugins.security.check_snapshot_restore_write_privileges: true
plugins.security.enable_snapshot_restore_privilege: true
plugins.security.nodes_dn:
- "CN=node-1,OU=Wazuh,O=Wazuh,L=California,C=US"
#- "CN=node-2,OU=Wazuh,O=Wazuh,L=California,C=US"
#- "CN=node-3,OU=Wazuh,O=Wazuh,L=California,C=US"
plugins.security.restapi.roles_enabled:
- "all_access"
- "security_rest_api_access"

plugins.security.system_indices.enabled: true
plugins.security.system_indices.indices: [".opendistro-alerting-config", ".opendistro-alerting-alert*", ".opendistro-anomaly-results*", ".opendistro-anomaly-detector*", ".opendistro-anomaly-checkpoints", ".opendistro-anomaly-detection-state", ".opendistro-reports-*", ".opendistro-notifications-*", ".opendistro-notebooks", ".opensearch-observability", ".opendistro-asynchronous-search-response*", ".replication-metadata-store"]

### Option to allow Filebeat-oss 7.10.2 to work ###
compatibility.override_main_response_version: true

Deploying certificates:

[root@ip-172-31-27-153 /]# NODE_NAME=node-1
[root@ip-172-31-27-153 /]# mkdir /etc/wazuh-indexer/certs
[root@ip-172-31-27-153 /]# tar -xf ./wazuh-certificates.tar -C /etc/wazuh-indexer/certs/ ./$NODE_NAME.pem ./$NODE_NAME-key.pem ./admin.pem ./admin-key.pem ./root-ca.pem
[root@ip-172-31-27-153 /]# mv -n /etc/wazuh-indexer/certs/$NODE_NAME.pem /etc/wazuh-indexer/certs/indexer.pem
[root@ip-172-31-27-153 /]# mv -n /etc/wazuh-indexer/certs/$NODE_NAME-key.pem /etc/wazuh-indexer/certs/indexer-key.pem
[root@ip-172-31-27-153 /]# chmod 500 /etc/wazuh-indexer/certs
[root@ip-172-31-27-153 /]# chmod 400 /etc/wazuh-indexer/certs/*
[root@ip-172-31-27-153 /]# chown -R wazuh-indexer:wazuh-indexer /etc/wazuh-indexer/certs

Starting the service:

[root@ip-172-31-27-153 /]# systemctl daemon-reload
[root@ip-172-31-27-153 /]# systemctl enable wazuh-indexer
Created symlink from /etc/systemd/system/multi-user.target.wants/wazuh-indexer.service to /usr/lib/systemd/system/wazuh-indexer.service.
[root@ip-172-31-27-153 /]# systemctl start wazuh-indexer

Status:

[root@ip-172-31-27-153 /]# systemctl status wazuh-indexer
● wazuh-indexer.service - Wazuh-indexer
   Loaded: loaded (/usr/lib/systemd/system/wazuh-indexer.service; enabled; vendor preset: disabled)
   Active: active (running) since Fri 2022-10-07 14:07:17 UTC; 22min ago
     Docs: https://documentation.wazuh.com
 Main PID: 3463 (java)
   CGroup: /system.slice/wazuh-indexer.service
           └─3463 /usr/share/wazuh-indexer/jdk/bin/java -Xshare:auto -Dopensearch.networkaddress.cache.ttl=60 -Dopensearch.networkaddress.cache.negative.ttl=10 -XX:+AlwaysPreTouch -Xss1m -Djava.awt.headless=true...

Cluster initizalization:

[root@ip-172-31-27-153 /]# /usr/share/wazuh-indexer/bin/indexer-security-init.sh
Security Admin v7
Will connect to 172.31.27.153:9300 ... done
Connected as CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US
OpenSearch Version: 1.2.4
OpenSearch Security Version: 1.2.4.0
Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ...
Clustername: wazuh-cluster
Clusterstate: GREEN
Number of nodes: 1
Number of data nodes: 1
.opendistro_security index does not exists, attempt to create it ... done (0-all replicas)
Populate config from /usr/share/wazuh-indexer/plugins/opensearch-security/securityconfig/
Will update '_doc/config' with /usr/share/wazuh-indexer/plugins/opensearch-security/securityconfig/config.yml 
   SUCC: Configuration for 'config' created or updated
Will update '_doc/roles' with /usr/share/wazuh-indexer/plugins/opensearch-security/securityconfig/roles.yml 
   SUCC: Configuration for 'roles' created or updated
Will update '_doc/rolesmapping' with /usr/share/wazuh-indexer/plugins/opensearch-security/securityconfig/roles_mapping.yml 
   SUCC: Configuration for 'rolesmapping' created or updated
Will update '_doc/internalusers' with /usr/share/wazuh-indexer/plugins/opensearch-security/securityconfig/internal_users.yml 
   SUCC: Configuration for 'internalusers' created or updated
Will update '_doc/actiongroups' with /usr/share/wazuh-indexer/plugins/opensearch-security/securityconfig/action_groups.yml 
   SUCC: Configuration for 'actiongroups' created or updated
Will update '_doc/tenants' with /usr/share/wazuh-indexer/plugins/opensearch-security/securityconfig/tenants.yml 
   SUCC: Configuration for 'tenants' created or updated
Will update '_doc/nodesdn' with /usr/share/wazuh-indexer/plugins/opensearch-security/securityconfig/nodes_dn.yml 
   SUCC: Configuration for 'nodesdn' created or updated
Will update '_doc/whitelist' with /usr/share/wazuh-indexer/plugins/opensearch-security/securityconfig/whitelist.yml 
   SUCC: Configuration for 'whitelist' created or updated
Will update '_doc/audit' with /usr/share/wazuh-indexer/plugins/opensearch-security/securityconfig/audit.yml 
   SUCC: Configuration for 'audit' created or updated
Done with success

Testing 🟢

Testing the cluster configuration:

[root@ip-172-31-27-153 /]# curl -k -u admin:admin https://172.31.27.153:9200
{
  "name" : "node-1",
  "cluster_name" : "wazuh-cluster",
  "cluster_uuid" : "K927C6CYSviFTeNViKE2jA",
  "version" : {
    "number" : "7.10.2",
    "build_type" : "rpm",
    "build_hash" : "e505b10357c03ae8d26d675172402f2f2144ef0f",
    "build_date" : "2022-01-14T03:38:06.881862Z",
    "build_snapshot" : false,
    "lucene_version" : "8.10.1",
    "minimum_wire_compatibility_version" : "6.8.0",
    "minimum_index_compatibility_version" : "6.0.0-beta1"
  },
  "tagline" : "The OpenSearch Project: https://opensearch.org/"
}

[root@ip-172-31-27-153 /]# curl -k -u admin:admin https://172.31.27.153:9200/_cat/nodes?v
ip            heap.percent ram.percent cpu load_1m load_5m load_15m node.role master name
172.31.27.153           36          37   5    0.07    0.13     0.07 dimr      *      node-1

Wazuh Master 🟢

Installation 🟢

[root@ip-172-31-31-229 /]# curl -sO https://packages-dev.wazuh.com/pre-release/yum/wazuh-manager-4.3.9-1.x86_64.rpm
[root@ip-172-31-31-229 /]# yum install ./wazuh-manager-4.3.9-1.x86_64.rpm -y
Loaded plugins: extras_suggestions, langpacks, priorities, update-motd
Examining ./wazuh-manager-4.3.9-1.x86_64.rpm: wazuh-manager-4.3.9-1.x86_64
Marking ./wazuh-manager-4.3.9-1.x86_64.rpm to be installed
Resolving Dependencies
--> Running transaction check
---> Package wazuh-manager.x86_64 0:4.3.9-1 will be installed
--> Finished Dependency Resolution

Dependencies Resolved

======================================================================================================================================================================================================================
 Package                                            Arch                                        Version                                      Repository                                                          Size
======================================================================================================================================================================================================================
Installing:
 wazuh-manager                                      x86_64                                      4.3.9-1                                      /wazuh-manager-4.3.9-1.x86_64                                      438 M

Transaction Summary
======================================================================================================================================================================================================================
Install  1 Package

Total size: 438 M
Installed size: 438 M
Downloading packages:
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
  Installing : wazuh-manager-4.3.9-1.x86_64                                                                                                                                                                       1/1 
  Verifying  : wazuh-manager-4.3.9-1.x86_64                                                                                                                                                                       1/1 

Installed:
  wazuh-manager.x86_64 0:4.3.9-1                                                                                                                                                                                      

Complete!

Enable and start the Wazuh manager service 🟢

[root@ip-172-31-31-229 /]# systemctl daemon-reload
[root@ip-172-31-31-229 /]# systemctl enable wazuh-manager
Created symlink from /etc/systemd/system/multi-user.target.wants/wazuh-manager.service to /usr/lib/systemd/system/wazuh-manager.service.
[root@ip-172-31-31-229 /]# systemctl start wazuh-manager

Status:

[root@ip-172-31-31-229 /]# systemctl status wazuh-manager
● wazuh-manager.service - Wazuh manager
   Loaded: loaded (/usr/lib/systemd/system/wazuh-manager.service; enabled; vendor preset: disabled)
   Active: active (running) since Fri 2022-10-07 08:49:43 UTC; 31s ago
  Process: 4502 ExecStart=/usr/bin/env /var/ossec/bin/wazuh-control start (code=exited, status=0/SUCCESS)
   CGroup: /system.slice/wazuh-manager.service
           ├─4558 /var/ossec/framework/python/bin/python3 /var/ossec/api/scripts/wazuh-apid.py
           ├─4600 /var/ossec/bin/wazuh-authd
           ├─4617 /var/ossec/bin/wazuh-db
           ├─4629 /var/ossec/framework/python/bin/python3 /var/ossec/api/scripts/wazuh-apid.py
           ├─4632 /var/ossec/framework/python/bin/python3 /var/ossec/api/scripts/wazuh-apid.py
           ├─4647 /var/ossec/bin/wazuh-execd
           ├─4662 /var/ossec/bin/wazuh-analysisd
           ├─4706 /var/ossec/bin/wazuh-syscheckd
           ├─4721 /var/ossec/bin/wazuh-remoted
           ├─4755 /var/ossec/bin/wazuh-logcollector
           ├─4777 /var/ossec/bin/wazuh-monitord
           └─4800 /var/ossec/bin/wazuh-modulesd

Oct 07 08:49:33 ip-172-31-31-229.ec2.internal env[4502]: Started wazuh-db...
Oct 07 08:49:34 ip-172-31-31-229.ec2.internal env[4502]: Started wazuh-execd...
Oct 07 08:49:35 ip-172-31-31-229.ec2.internal env[4502]: Started wazuh-analysisd...
Oct 07 08:49:36 ip-172-31-31-229.ec2.internal env[4502]: Started wazuh-syscheckd...
Oct 07 08:49:37 ip-172-31-31-229.ec2.internal env[4502]: Started wazuh-remoted...
Oct 07 08:49:39 ip-172-31-31-229.ec2.internal env[4502]: Started wazuh-logcollector...
Oct 07 08:49:40 ip-172-31-31-229.ec2.internal env[4502]: Started wazuh-monitord...
Oct 07 08:49:41 ip-172-31-31-229.ec2.internal env[4502]: Started wazuh-modulesd...
Oct 07 08:49:43 ip-172-31-31-229.ec2.internal env[4502]: Completed.
Oct 07 08:49:43 ip-172-31-31-229.ec2.internal systemd[1]: Started Wazuh manager.

Install filebeat 🟢

[root@ip-172-31-31-229 /]# yum -y install filebeat
Loaded plugins: extras_suggestions, langpacks, priorities, update-motd
amzn2-core                                                                                                                                                                                     | 3.7 kB  00:00:00     
Resolving Dependencies
--> Running transaction check
---> Package filebeat.x86_64 0:7.10.2-1 will be installed
--> Finished Dependency Resolution

Dependencies Resolved

======================================================================================================================================================================================================================
 Package                                              Arch                                               Version                                              Repository                                         Size
======================================================================================================================================================================================================================
Installing:
 filebeat                                             x86_64                                             7.10.2-1                                             wazuh                                              21 M

Transaction Summary
======================================================================================================================================================================================================================
Install  1 Package

Total download size: 21 M
Installed size: 70 M
Downloading packages:
filebeat-oss-7.10.2-x86_64.rpm                                                                                                                                                                 |  21 MB  00:00:00     
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
  Installing : filebeat-7.10.2-1.x86_64                                                                                                                                                                           1/1 
  Verifying  : filebeat-7.10.2-1.x86_64                                                                                                                                                                           1/1 

Installed:
  filebeat.x86_64 0:7.10.2-1                                                                                                                                                                                          

Complete!

Configuring Filebeat 🟢

Download preconfigured Filebeat configuration file, add Wazuh-indexer IP (172.31.27.153) to hosts value

[root@ip-172-31-31-229 /]# curl -so /etc/filebeat/filebeat.yml https://packages.wazuh.com/4.3/tpl/wazuh/filebeat/filebeat.yml
[root@ip-172-31-31-229 /]# vi /etc/filebeat/filebeat.yml
[root@ip-172-31-31-229 /]# cat /etc/filebeat/filebeat.yml
# Wazuh - Filebeat configuration file
output.elasticsearch:
  hosts: ["172.31.27.153:9200"]
  protocol: https
  username: ${username}
  password: ${password}
  ssl.certificate_authorities:
    - /etc/filebeat/certs/root-ca.pem
  ssl.certificate: "/etc/filebeat/certs/filebeat.pem"
  ssl.key: "/etc/filebeat/certs/filebeat-key.pem"
setup.template.json.enabled: true
setup.template.json.path: '/etc/filebeat/wazuh-template.json'
setup.template.json.name: 'wazuh'
setup.ilm.overwrite: true
setup.ilm.enabled: false

filebeat.modules:
  - module: wazuh
    alerts:
      enabled: true
    archives:
      enabled: false

logging.level: info
logging.to_files: true
logging.files:
  path: /var/log/filebeat
  name: filebeat
  keepfiles: 7
  permissions: 0644

logging.metrics.enabled: false

seccomp:
  default_action: allow
  syscalls:
  - action: allow
    names:
    - rseq

Create Filebeat keystore:

[root@ip-172-31-31-229 /]# filebeat keystore create
Created filebeat keystore

Add the username and password admin:admin to the secrets keystore:

[root@ip-172-31-31-229 /]# echo admin | filebeat keystore add username --stdin --force
Successfully updated the keystore
[root@ip-172-31-31-229 /]# echo admin | filebeat keystore add password --stdin --force
Successfully updated the keystore

Download the alerts template:

[root@ip-172-31-31-229 /]# curl -so /etc/filebeat/wazuh-template.json https://raw.githubusercontent.com/wazuh/wazuh/4.3/extensions/elasticsearch/7.x/wazuh-template.json
[root@ip-172-31-31-229 /]# chmod go+r /etc/filebeat/wazuh-template.json

Install the Wazuh module for Filebeat 🟢

[root@ip-172-31-31-229 /]# curl -s https://packages.wazuh.com/4.x/filebeat/wazuh-filebeat-0.2.tar.gz | tar -xvz -C /usr/share/filebeat/module
wazuh/alerts/
wazuh/alerts/config/
wazuh/alerts/config/alerts.yml
wazuh/alerts/manifest.yml
wazuh/alerts/ingest/
wazuh/alerts/ingest/pipeline.json
wazuh/archives/
wazuh/archives/config/
wazuh/archives/config/archives.yml
wazuh/archives/manifest.yml
wazuh/archives/ingest/
wazuh/archives/ingest/pipeline.json
wazuh/module.yml

Deploying certificates 🟢

[root@ip-172-31-31-229 /]# NODE_NAME=wazuh-1
[root@ip-172-31-31-229 /]# tar -xf ./wazuh-certificates.tar -C /etc/filebeat/certs/ ./$NODE_NAME.pem ./$NODE_NAME-key.pem ./root-ca.pem
[root@ip-172-31-31-229 /]# mv -n /etc/filebeat/certs/$NODE_NAME.pem /etc/filebeat/certs/filebeat.pem
[root@ip-172-31-31-229 /]# mv -n /etc/filebeat/certs/$NODE_NAME-key.pem /etc/filebeat/certs/filebeat-key.pem
[root@ip-172-31-31-229 /]# chmod 500 /etc/filebeat/certs
[root@ip-172-31-31-229 /]# chmod 400 /etc/filebeat/certs/*
[root@ip-172-31-31-229 /]# chown -R root:root /etc/filebeat/certs

Starting Filebeat service 🟢

[root@ip-172-31-31-229 /]# systemctl daemon-reload
[root@ip-172-31-31-229 /]# systemctl enable filebeat
Created symlink from /etc/systemd/system/multi-user.target.wants/filebeat.service to /usr/lib/systemd/system/filebeat.service.
[root@ip-172-31-31-229 /]# systemctl start filebeat

Test command

[root@ip-172-31-31-229 /]# filebeat test output
elasticsearch: https://172.31.27.153:9200...
  parse url... OK
  connection...
    parse host... OK
    dns lookup... OK
    addresses: 172.31.27.153
    dial up... OK
  TLS...
    security: server's certificate chain verification is enabled
    handshake... OK
    TLS version: TLSv1.3
    dial up... OK
  talk to server... OK
  version: 7.10.2

Cluster config 🟢

  <cluster>
    <name>wazuh</name>
    <node_name>wazuh-1</node_name>
    <node_type>master</node_type>
    <key>iqpjc2mggmu7timrjuev3wuvqntrq5yx</key>
    <port>1516</port>
    <bind_addr>0.0.0.0</bind_addr>
    <nodes>
        <node>172.31.31.229</node>
    </nodes>
    <hidden>no</hidden>
    <disabled>no</disabled>
  </cluster>

[root@ip-172-31-31-229 /]# service wazuh-manager restart
Restarting wazuh-manager (via systemctl):                  [  OK  ]

[root@ip-172-31-31-229 /]# /var/ossec/bin/cluster_control -l
NAME     TYPE    VERSION  ADDRESS        
wazuh-1  master  4.3.9    172.31.31.229  
wazuh-2  worker  4.3.9    172.31.21.252

Wazuh Worker 🟢

Installation 🟢

Install

[root@ip-172-31-21-252 /]# curl -sO https://packages-dev.wazuh.com/pre-release/yum/wazuh-manager-4.3.9-1.x86_64.rpm
[root@ip-172-31-21-252 /]# yum install -y ./wazuh-manager-4.3.9-1.x86_64.rpm 
Loaded plugins: extras_suggestions, langpacks, priorities, update-motd
Examining ./wazuh-manager-4.3.9-1.x86_64.rpm: wazuh-manager-4.3.9-1.x86_64
Marking ./wazuh-manager-4.3.9-1.x86_64.rpm to be installed
Resolving Dependencies
--> Running transaction check
---> Package wazuh-manager.x86_64 0:4.3.9-1 will be installed
--> Finished Dependency Resolution

Dependencies Resolved

======================================================================================================================================================================================================================
 Package                                            Arch                                        Version                                      Repository                                                          Size
======================================================================================================================================================================================================================
Installing:
 wazuh-manager                                      x86_64                                      4.3.9-1                                      /wazuh-manager-4.3.9-1.x86_64                                      438 M

Transaction Summary
======================================================================================================================================================================================================================
Install  1 Package

Total size: 438 M
Installed size: 438 M
Downloading packages:
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
  Installing : wazuh-manager-4.3.9-1.x86_64                                                                                                                                                                       1/1 
  Verifying  : wazuh-manager-4.3.9-1.x86_64                                                                                                                                                                       1/1 

Installed:
  wazuh-manager.x86_64 0:4.3.9-1                                                                                                                                                                                      

Complete!

Enable and start the Wazuh manager service 🟢

[root@ip-172-31-21-252 /]# systemctl daemon-reload
[root@ip-172-31-21-252 /]# systemctl enable wazuh-manager
Created symlink from /etc/systemd/system/multi-user.target.wants/wazuh-manager.service to /usr/lib/systemd/system/wazuh-manager.service.
[root@ip-172-31-21-252 /]# systemctl start wazuh-manager

Status:

[root@ip-172-31-21-252 /]# systemctl status wazuh-manager
● wazuh-manager.service - Wazuh manager
   Loaded: loaded (/usr/lib/systemd/system/wazuh-manager.service; enabled; vendor preset: disabled)
   Active: active (running) since Fri 2022-10-07 09:34:15 UTC; 35s ago
  Process: 4426 ExecStart=/usr/bin/env /var/ossec/bin/wazuh-control start (code=exited, status=0/SUCCESS)
   CGroup: /system.slice/wazuh-manager.service
           ├─4482 /var/ossec/framework/python/bin/python3 /var/ossec/api/scripts/wazuh-apid.py
           ├─4524 /var/ossec/bin/wazuh-authd
           ├─4541 /var/ossec/bin/wazuh-db
           ├─4553 /var/ossec/framework/python/bin/python3 /var/ossec/api/scripts/wazuh-apid.py
           ├─4556 /var/ossec/framework/python/bin/python3 /var/ossec/api/scripts/wazuh-apid.py
           ├─4571 /var/ossec/bin/wazuh-execd
           ├─4586 /var/ossec/bin/wazuh-analysisd
           ├─4630 /var/ossec/bin/wazuh-syscheckd
           ├─4646 /var/ossec/bin/wazuh-remoted
           ├─4678 /var/ossec/bin/wazuh-logcollector
           ├─4701 /var/ossec/bin/wazuh-monitord
           └─4724 /var/ossec/bin/wazuh-modulesd

Oct 07 09:34:07 ip-172-31-21-252.ec2.internal env[4426]: Started wazuh-execd...
Oct 07 09:34:08 ip-172-31-21-252.ec2.internal env[4426]: Started wazuh-analysisd...
Oct 07 09:34:09 ip-172-31-21-252.ec2.internal env[4426]: Started wazuh-syscheckd...
Oct 07 09:34:10 ip-172-31-21-252.ec2.internal env[4426]: Started wazuh-remoted...
Oct 07 09:34:11 ip-172-31-21-252.ec2.internal env[4426]: Started wazuh-logcollector...
Oct 07 09:34:12 ip-172-31-21-252.ec2.internal env[4426]: Started wazuh-monitord...
Oct 07 09:34:13 ip-172-31-21-252.ec2.internal crontab[4805]: (root) LIST (root)
Oct 07 09:34:13 ip-172-31-21-252.ec2.internal env[4426]: Started wazuh-modulesd...
Oct 07 09:34:15 ip-172-31-21-252.ec2.internal env[4426]: Completed.
Oct 07 09:34:15 ip-172-31-21-252.ec2.internal systemd[1]: Started Wazuh manager.

Install filebeat 🟢

[root@ip-172-31-21-252 /]# yum -y install filebeat
Loaded plugins: extras_suggestions, langpacks, priorities, update-motd
wazuh                                                                                                                                                                                          | 3.4 kB  00:00:00     
wazuh/primary_db                                                                                                                                                                               | 247 kB  00:00:00     
Resolving Dependencies
--> Running transaction check
---> Package filebeat.x86_64 0:7.10.2-1 will be installed
--> Finished Dependency Resolution

Dependencies Resolved

======================================================================================================================================================================================================================
 Package                                              Arch                                               Version                                              Repository                                         Size
======================================================================================================================================================================================================================
Installing:
 filebeat                                             x86_64                                             7.10.2-1                                             wazuh                                              21 M

Transaction Summary
======================================================================================================================================================================================================================
Install  1 Package

Total download size: 21 M
Installed size: 70 M
Downloading packages:
filebeat-oss-7.10.2-x86_64.rpm                                                                                                                                                                 |  21 MB  00:00:00     
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
  Installing : filebeat-7.10.2-1.x86_64                                                                                                                                                                           1/1 
  Verifying  : filebeat-7.10.2-1.x86_64                                                                                                                                                                           1/1 

Installed:
  filebeat.x86_64 0:7.10.2-1                                                                                                                                                                                          

Complete!

Configuring Filebeat 🟢

Download preconfigured Filebeat configuration file, add Wazuh-indexer IP (172.31.27.153) to hosts value

[root@ip-172-31-21-252 /]# curl -so /etc/filebeat/filebeat.yml https://packages.wazuh.com/4.3/tpl/wazuh/filebeat/filebeat.yml
[root@ip-172-31-21-252 /]# vi /etc/filebeat/filebeat.yml
[root@ip-172-31-21-252 /]# cat /etc/filebeat/filebeat.yml
# Wazuh - Filebeat configuration file
output.elasticsearch:
  hosts: ["172.31.27.153:9200"]
  protocol: https
  username: ${username}
  password: ${password}
  ssl.certificate_authorities:
    - /etc/filebeat/certs/root-ca.pem
  ssl.certificate: "/etc/filebeat/certs/filebeat.pem"
  ssl.key: "/etc/filebeat/certs/filebeat-key.pem"
setup.template.json.enabled: true
setup.template.json.path: '/etc/filebeat/wazuh-template.json'
setup.template.json.name: 'wazuh'
setup.ilm.overwrite: true
setup.ilm.enabled: false

filebeat.modules:
  - module: wazuh
    alerts:
      enabled: true
    archives:
      enabled: false

logging.level: info
logging.to_files: true
logging.files:
  path: /var/log/filebeat
  name: filebeat
  keepfiles: 7
  permissions: 0644

logging.metrics.enabled: false

seccomp:
  default_action: allow
  syscalls:
  - action: allow
    names:
    - rseq

Create Filebeat keystore:

[root@ip-172-31-21-252 /]# filebeat keystore create
Created filebeat keystore

Add the username and password admin:admin to the secrets keystore:

[root@ip-172-31-21-252 /]# echo admin | filebeat keystore add username --stdin --force
Successfully updated the keystore
[root@ip-172-31-21-252 /]# echo admin | filebeat keystore add password --stdin --force
Successfully updated the keystore

Download the alerts template:

[root@ip-172-31-21-252 /]# curl -so /etc/filebeat/wazuh-template.json https://raw.githubusercontent.com/wazuh/wazuh/4.3/extensions/elasticsearch/7.x/wazuh-template.json
[root@ip-172-31-21-252 /]# chmod go+r /etc/filebeat/wazuh-template.json

Install the Wazuh module for Filebeat 🟢

[root@ip-172-31-21-252 /]# curl -s https://packages.wazuh.com/4.x/filebeat/wazuh-filebeat-0.2.tar.gz | tar -xvz -C /usr/share/filebeat/module
wazuh/alerts/
wazuh/alerts/config/
wazuh/alerts/config/alerts.yml
wazuh/alerts/manifest.yml
wazuh/alerts/ingest/
wazuh/alerts/ingest/pipeline.json
wazuh/archives/
wazuh/archives/config/
wazuh/archives/config/archives.yml
wazuh/archives/manifest.yml
wazuh/archives/ingest/
wazuh/archives/ingest/pipeline.json
wazuh/module.yml

Deploying certificates 🟢

[root@ip-172-31-21-252 /]# NODE_NAME=wazuh-2
[root@ip-172-31-21-252 /]# mkdir /etc/filebeat/certs
[root@ip-172-31-21-252 /]# tar -xf ./wazuh-certificates.tar -C /etc/filebeat/certs/ ./$NODE_NAME.pem ./$NODE_NAME-key.pem ./root-ca.pem
[root@ip-172-31-21-252 /]# mv -n /etc/filebeat/certs/$NODE_NAME.pem /etc/filebeat/certs/filebeat.pem
[root@ip-172-31-21-252 /]# mv -n /etc/filebeat/certs/$NODE_NAME-key.pem /etc/filebeat/certs/filebeat-key.pem
[root@ip-172-31-21-252 /]# chmod 500 /etc/filebeat/certs
[root@ip-172-31-21-252 /]# chmod 400 /etc/filebeat/certs/*
[root@ip-172-31-21-252 /]# chown -R root:root /etc/filebeat/certs

Starting Filebeat service 🟢

[root@ip-172-31-21-252 /]# systemctl daemon-reload
[root@ip-172-31-21-252 /]# systemctl enable filebeat
Created symlink from /etc/systemd/system/multi-user.target.wants/filebeat.service to /usr/lib/systemd/system/filebeat.service.
[root@ip-172-31-21-252 /]# systemctl start filebeat

Test command

[root@ip-172-31-21-252 /]# filebeat test output
elasticsearch: https://172.31.27.153:9200...
  parse url... OK
  connection...
    parse host... OK
    dns lookup... OK
    addresses: 172.31.27.153
    dial up... OK
  TLS...
    security: server's certificate chain verification is enabled
    handshake... OK
    TLS version: TLSv1.3
    dial up... OK
  talk to server... OK
  version: 7.10.2

Cluster config 🟢

  <cluster>
    <name>wazuh</name>
    <node_name>wazuh-2</node_name>
    <node_type>worker</node_type>
    <key>iqpjc2mggmu7timrjuev3wuvqntrq5yx</key>
    <port>1516</port>
    <bind_addr>0.0.0.0</bind_addr>
    <nodes>
        <node>172.31.31.229</node>
    </nodes>
    <hidden>no</hidden>
    <disabled>no</disabled>
  </cluster>

[root@ip-172-31-21-252 /]# service wazuh-manager restart
Restarting wazuh-manager (via systemctl):                  [  OK  ]

root@ip-172-31-21-252 /]# tail -n100 /var/ossec/logs/cluster.log 
2022/10/07 10:16:18 INFO: [Local Server] [Main] Serving on /var/ossec/queue/cluster/c-internal.sock
2022/10/07 10:16:18 INFO: [Worker wazuh-2] [Main] Sucessfully connected to master.

Wazuh Dashboard 🟢

Installation 🟢

[root@ip-172-31-17-218 /]# yum install -y libcap
Loaded plugins: extras_suggestions, langpacks, priorities, update-motd
Package libcap-2.54-1.amzn2.0.1.x86_64 already installed and latest version
Nothing to do
[root@ip-172-31-17-218 /]# wget https://packages-dev.wazuh.com/pre-release/yum/wazuh-dashboard-4.3.9-1.x86_64.rpm
--2022-10-07 11:46:34--  https://packages-dev.wazuh.com/pre-release/yum/wazuh-dashboard-4.3.9-1.x86_64.rpm
Resolving packages-dev.wazuh.com (packages-dev.wazuh.com)... 18.160.37.32, 18.160.37.73, 18.160.37.91, ...
Connecting to packages-dev.wazuh.com (packages-dev.wazuh.com)|18.160.37.32|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 157887292 (151M) [application/x-rpm]
Saving to: ‘wazuh-dashboard-4.3.9-1.x86_64.rpm’

100%[============================================================================================================================================================================>] 157,887,292 61.0MB/s   in 2.5s   

2022-10-07 11:46:37 (61.0 MB/s) - ‘wazuh-dashboard-4.3.9-1.x86_64.rpm’ saved [157887292/157887292]

[root@ip-172-31-17-218 /]# yum install -y ./wazuh-dashboard-4.3.9-1.x86_64.rpm
Loaded plugins: extras_suggestions, langpacks, priorities, update-motd
Examining ./wazuh-dashboard-4.3.9-1.x86_64.rpm: wazuh-dashboard-4.3.9-1.x86_64
Marking ./wazuh-dashboard-4.3.9-1.x86_64.rpm to be installed
Resolving Dependencies
--> Running transaction check
---> Package wazuh-dashboard.x86_64 0:4.3.9-1 will be installed
--> Finished Dependency Resolution

Dependencies Resolved

======================================================================================================================================================================================================================
 Package                                             Arch                                       Version                                     Repository                                                           Size
======================================================================================================================================================================================================================
Installing:
 wazuh-dashboard                                     x86_64                                     4.3.9-1                                     /wazuh-dashboard-4.3.9-1.x86_64                                     589 M

Transaction Summary
======================================================================================================================================================================================================================
Install  1 Package

Total size: 589 M
Installed size: 589 M
Downloading packages:
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
  Installing : wazuh-dashboard-4.3.9-1.x86_64                                                                                                                                                                     1/1 
  Verifying  : wazuh-dashboard-4.3.9-1.x86_64                                                                                                                                                                     1/1 

Installed:
  wazuh-dashboard.x86_64 0:4.3.9-1                                                                                                                                                                                    

Complete!

Configuring the Wazuh dashboard, add Indexer IP (172.31.27.153) to opensearch.hosts 🟢

[root@ip-172-31-17-218 /]# vi /etc/wazuh-dashboard/opensearch_dashboards.yml
[root@ip-172-31-17-218 /]# cat /etc/wazuh-dashboard/opensearch_dashboards.yml
server.host: 0.0.0.0
server.port: 443
opensearch.hosts: https://172.31.27.153:9200
opensearch.ssl.verificationMode: certificate
#opensearch.username:
#opensearch.password:
opensearch.requestHeadersWhitelist: ["securitytenant","Authorization"]
opensearch_security.multitenancy.enabled: false
opensearch_security.readonly_mode.roles: ["kibana_read_only"]
server.ssl.enabled: true
server.ssl.key: "/etc/wazuh-dashboard/certs/dashboard-key.pem"
server.ssl.certificate: "/etc/wazuh-dashboard/certs/dashboard.pem"
opensearch.ssl.certificateAuthorities: ["/etc/wazuh-dashboard/certs/root-ca.pem"]
uiSettings.overrides.defaultRoute: /app/wazuh

Deploying certificates 🟢

[root@ip-172-31-17-218 /]# NODE_NAME=dashboard
[root@ip-172-31-17-218 /]# mkdir /etc/wazuh-dashboard/certs
[root@ip-172-31-17-218 /]# tar -xf ./wazuh-certificates.tar -C /etc/wazuh-dashboard/certs/ ./$NODE_NAME.pem ./$NODE_NAME-key.pem ./root-ca.pem
[root@ip-172-31-17-218 /]# mv -n /etc/wazuh-dashboard/certs/$NODE_NAME.pem /etc/wazuh-dashboard/certs/dashboard.pem
mv: ‘/etc/wazuh-dashboard/certs/dashboard.pem’ and ‘/etc/wazuh-dashboard/certs/dashboard.pem’ are the same file
[root@ip-172-31-17-218 /]# mv -n /etc/wazuh-dashboard/certs/$NODE_NAME-key.pem /etc/wazuh-dashboard/certs/dashboard-key.pem
mv: ‘/etc/wazuh-dashboard/certs/dashboard-key.pem’ and ‘/etc/wazuh-dashboard/certs/dashboard-key.pem’ are the same file
[root@ip-172-31-17-218 /]# chmod 500 /etc/wazuh-dashboard/certs
[root@ip-172-31-17-218 /]# chmod 400 /etc/wazuh-dashboard/certs/*
[root@ip-172-31-17-218 /]# chown -R wazuh-dashboard:wazuh-dashboard /etc/wazuh-dashboard/certs

Service status 🟢

[root@ip-172-31-17-218 /]# systemctl daemon-reload
[root@ip-172-31-17-218 /]# systemctl enable wazuh-dashboard
Created symlink from /etc/systemd/system/multi-user.target.wants/wazuh-dashboard.service to /etc/systemd/system/wazuh-dashboard.service.
[root@ip-172-31-17-218 /]# systemctl start wazuh-dashboard

Status

[root@ip-172-31-17-218 /]# systemctl status wazuh-dashboard
● wazuh-dashboard.service - wazuh-dashboard
   Loaded: loaded (/etc/systemd/system/wazuh-dashboard.service; enabled; vendor preset: disabled)
   Active: active (running) since Fri 2022-10-07 11:54:57 UTC; 4s ago
 Main PID: 3789 (node)
   CGroup: /system.slice/wazuh-dashboard.service
           └─3789 /usr/share/wazuh-dashboard/bin/../node/bin/node --no-warnings --max-http-header-size=65536 --unhandled-rejections=warn /usr/share/wazuh-dashboard/bin/../src/cli/dist -c /etc/wazuh-dashboard/ope...

Oct 07 11:54:57 ip-172-31-17-218.ec2.internal systemd[1]: Started wazuh-dashboard.
Oct 07 11:55:01 ip-172-31-17-218.ec2.internal opensearch-dashboards[3789]: {"type":"log","@timestamp":"2022-10-07T11:55:01Z","tags":["info","plugins-service"],"pid":3789,"message":"Plugin \"visTypeXy\...disabled."}
Oct 07 11:55:01 ip-172-31-17-218.ec2.internal opensearch-dashboards[3789]: {"type":"log","@timestamp":"2022-10-07T11:55:01Z","tags":["info","plugins-system"],"pid":3789,"message":"Setting up [42] plug...ddable,expr
Hint: Some lines were ellipsized, use -l to show in full.

API config 🟢

[root@ip-172-31-17-218 /]# tail -n7 /usr/share/wazuh-dashboard/data/wazuh/config/wazuh.yml
hosts:
  - default:
      url: https://172.31.31.229
      port: 55000
      username: wazuh-wui
      password: wazuh-wui
      run_as: false

AdriiiPRodri · 2022-10-10T07:09:03Z

Wazuh indexer package 🟢

[root@ip-172-31-27-153 /]# rpm -qa | grep wazuh-indexer
wazuh-indexer-4.3.9-1.x86_64
[root@ip-172-31-27-153 /]# rpm -qi wazuh-indexer-4.3.9-1.x86_64
Name        : wazuh-indexer
Version     : 4.3.9
Release     : 1
Architecture: x86_64
Install Date: Fri 07 Oct 2022 09:53:26 AM UTC
Group       : System Environment/Daemons
Size        : 644016042
License     : GPL
Signature   : RSA/SHA256, Thu 06 Oct 2022 06:45:20 PM UTC, Key ID 96b3ee5f29111145
Source RPM  : wazuh-indexer-4.3.9-1.src.rpm
Build Date  : Thu 06 Oct 2022 06:34:05 PM UTC
Build Host  : ip-172-31-55-34.ec2.internal
Relocations : (not relocatable)
Packager    : Wazuh, Inc <[email protected]>
Vendor      : Wazuh, Inc <[email protected]>
URL         : https://www.wazuh.com/
Summary     : Wazuh indexer is a search and analytics engine for security-related data. Documentation can be found at https://documentation.wazuh.com/current/getting-started/components/wazuh-indexer.html
Description :
Wazuh indexer is a near real-time full-text search and analytics engine that gathers security-related data into one platform. This Wazuh central component indexes and stores alerts generated by the Wazuh server. Wazuh indexer can be configured as a single-node or multi-node cluster, providing scalability and high availability. Documentation can be found at https://documentation.wazuh.com/current/getting-started/components/wazuh-indexer.html

AdriiiPRodri · 2022-10-10T07:10:30Z

Wazuh indexer installed files location, size and permissions 🟢

See output

[root@ip-172-31-27-153 /]# rpm -qp --dump wazuh-indexer-4.3.9-1.x86_64.rpm | awk '{ printf "%7s %8s %8s %8d %s %s\n", $5, $6, $7, $2, strftime("%c", $3), $1 }'
warning: wazuh-indexer-4.3.9-1.x86_64.rpm: Header V3 RSA/SHA256 Signature, key ID 29111145: NOKEY
0100750     root     root     3703 Thu 06 Oct 2022 02:28:41 PM UTC /etc/init.d/wazuh-indexer
0100660     root wazuh-indexer     1681 Thu 06 Oct 2022 02:28:41 PM UTC /etc/sysconfig/wazuh-indexer
 040750 wazuh-indexer wazuh-indexer        0 Thu 06 Oct 2022 02:28:41 PM UTC /etc/wazuh-indexer
0100660 wazuh-indexer wazuh-indexer     2352 Thu 06 Oct 2022 02:28:41 PM UTC /etc/wazuh-indexer/jvm.options
 040750 wazuh-indexer wazuh-indexer        0 Thu 06 Oct 2022 02:28:41 PM UTC /etc/wazuh-indexer/jvm.options.d
0100660 wazuh-indexer wazuh-indexer    11646 Thu 06 Oct 2022 02:28:41 PM UTC /etc/wazuh-indexer/log4j2.properties
 040750 wazuh-indexer wazuh-indexer        0 Thu 06 Oct 2022 02:28:41 PM UTC /etc/wazuh-indexer/opensearch-observability
0100660 wazuh-indexer wazuh-indexer     1349 Thu 06 Oct 2022 02:28:41 PM UTC /etc/wazuh-indexer/opensearch-observability/observability.yml
 040750 wazuh-indexer wazuh-indexer        0 Thu 06 Oct 2022 02:28:41 PM UTC /etc/wazuh-indexer/opensearch-reports-scheduler
0100660 wazuh-indexer wazuh-indexer      297 Thu 06 Oct 2022 02:28:41 PM UTC /etc/wazuh-indexer/opensearch-reports-scheduler/reports-scheduler.yml
0100660 wazuh-indexer wazuh-indexer     2040 Thu 06 Oct 2022 02:28:41 PM UTC /etc/wazuh-indexer/opensearch.yml
0100640     root     root       23 Thu 06 Oct 2022 02:28:41 PM UTC /usr/lib/sysctl.d/wazuh-indexer.conf
0100640     root     root      386 Thu 06 Oct 2022 02:28:41 PM UTC /usr/lib/systemd/system/wazuh-indexer-performance-analyzer.service
0100640     root     root     1827 Thu 06 Oct 2022 02:28:41 PM UTC /usr/lib/systemd/system/wazuh-indexer.service
0100640     root     root       62 Thu 06 Oct 2022 02:28:41 PM UTC /usr/lib/tmpfiles.d/wazuh-indexer.conf
 040750 wazuh-indexer wazuh-indexer        0 Thu 06 Oct 2022 06:33:55 PM UTC /usr/share/wazuh-indexer
0100640 wazuh-indexer wazuh-indexer    11358 Fri 14 Jan 2022 03:35:35 AM UTC /usr/share/wazuh-indexer/LICENSE.txt
0100640 wazuh-indexer wazuh-indexer   215355 Fri 14 Jan 2022 03:42:54 AM UTC /usr/share/wazuh-indexer/NOTICE.txt
0100440 wazuh-indexer wazuh-indexer        6 Thu 06 Oct 2022 02:28:41 PM UTC /usr/share/wazuh-indexer/VERSION
 040750 wazuh-indexer wazuh-indexer        0 Thu 06 Oct 2022 06:33:56 PM UTC /usr/share/wazuh-indexer/bin
0100750 wazuh-indexer wazuh-indexer     5770 Thu 06 Oct 2022 06:33:56 PM UTC /usr/share/wazuh-indexer/bin/indexer-security-init.sh
0100750 wazuh-indexer wazuh-indexer     3002 Fri 14 Jan 2022 03:35:35 AM UTC /usr/share/wazuh-indexer/bin/opensearch
0100750 wazuh-indexer wazuh-indexer     1082 Fri 14 Jan 2022 03:35:35 AM UTC /usr/share/wazuh-indexer/bin/opensearch-cli
0100750 wazuh-indexer wazuh-indexer     4841 Thu 06 Oct 2022 02:28:41 PM UTC /usr/share/wazuh-indexer/bin/opensearch-env
0100750 wazuh-indexer wazuh-indexer     1831 Fri 14 Jan 2022 03:35:35 AM UTC /usr/share/wazuh-indexer/bin/opensearch-env-from-file
0100750 wazuh-indexer wazuh-indexer      194 Fri 14 Jan 2022 03:35:35 AM UTC /usr/share/wazuh-indexer/bin/opensearch-keystore
0100750 wazuh-indexer wazuh-indexer      128 Fri 14 Jan 2022 03:35:35 AM UTC /usr/share/wazuh-indexer/bin/opensearch-node
0100750 wazuh-indexer wazuh-indexer      182 Fri 14 Jan 2022 03:35:35 AM UTC /usr/share/wazuh-indexer/bin/opensearch-plugin
0100750 wazuh-indexer wazuh-indexer      120 Fri 14 Jan 2022 03:35:35 AM UTC /usr/share/wazuh-indexer/bin/opensearch-shard
0100750 wazuh-indexer wazuh-indexer      184 Fri 14 Jan 2022 03:35:35 AM UTC /usr/share/wazuh-indexer/bin/opensearch-upgrade
0100750 wazuh-indexer wazuh-indexer      588 Fri 14 Jan 2022 03:58:52 AM UTC /usr/share/wazuh-indexer/bin/performance-analyzer-agent-cli
0100750 wazuh-indexer wazuh-indexer      583 Thu 06 Oct 2022 02:28:41 PM UTC /usr/share/wazuh-indexer/bin/systemd-entrypoint
 040750 wazuh-indexer wazuh-indexer        0 Fri 14 Jan 2022 03:43:04 AM UTC /usr/share/wazuh-indexer/jdk
 040750 wazuh-indexer wazuh-indexer        0 Thu 06 Oct 2022 06:33:59 PM UTC /usr/share/wazuh-indexer/jdk/bin
0100750 wazuh-indexer wazuh-indexer    12776 Thu 06 Oct 2022 06:33:59 PM UTC /usr/share/wazuh-indexer/jdk/bin/jaotc
0100750 wazuh-indexer wazuh-indexer    12664 Thu 06 Oct 2022 06:33:59 PM UTC /usr/share/wazuh-indexer/jdk/bin/jar
0100750 wazuh-indexer wazuh-indexer    12664 Thu 06 Oct 2022 06:33:59 PM UTC /usr/share/wazuh-indexer/jdk/bin/jarsigner
0100750 wazuh-indexer wazuh-indexer    12648 Thu 06 Oct 2022 06:33:59 PM UTC /usr/share/wazuh-indexer/jdk/bin/java
0100750 wazuh-indexer wazuh-indexer    12696 Thu 06 Oct 2022 06:33:59 PM UTC /usr/share/wazuh-indexer/jdk/bin/javac
0100750 wazuh-indexer wazuh-indexer    12696 Thu 06 Oct 2022 06:33:59 PM UTC /usr/share/wazuh-indexer/jdk/bin/javadoc
0100750 wazuh-indexer wazuh-indexer    12664 Thu 06 Oct 2022 06:33:59 PM UTC /usr/share/wazuh-indexer/jdk/bin/javap
0100750 wazuh-indexer wazuh-indexer    12664 Thu 06 Oct 2022 06:33:59 PM UTC /usr/share/wazuh-indexer/jdk/bin/jcmd
0100750 wazuh-indexer wazuh-indexer    12728 Thu 06 Oct 2022 06:33:59 PM UTC /usr/share/wazuh-indexer/jdk/bin/jconsole
0100750 wazuh-indexer wazuh-indexer    12664 Thu 06 Oct 2022 06:33:59 PM UTC /usr/share/wazuh-indexer/jdk/bin/jdb
0100750 wazuh-indexer wazuh-indexer    12664 Thu 06 Oct 2022 06:33:59 PM UTC /usr/share/wazuh-indexer/jdk/bin/jdeprscan
0100750 wazuh-indexer wazuh-indexer    12664 Thu 06 Oct 2022 06:33:59 PM UTC /usr/share/wazuh-indexer/jdk/bin/jdeps
0100750 wazuh-indexer wazuh-indexer    12664 Thu 06 Oct 2022 06:33:59 PM UTC /usr/share/wazuh-indexer/jdk/bin/jfr
0100750 wazuh-indexer wazuh-indexer    12664 Thu 06 Oct 2022 06:33:59 PM UTC /usr/share/wazuh-indexer/jdk/bin/jhsdb
0100750 wazuh-indexer wazuh-indexer    12664 Thu 06 Oct 2022 06:33:59 PM UTC /usr/share/wazuh-indexer/jdk/bin/jimage
0100750 wazuh-indexer wazuh-indexer    12696 Thu 06 Oct 2022 06:33:59 PM UTC /usr/share/wazuh-indexer/jdk/bin/jinfo
0100750 wazuh-indexer wazuh-indexer    12696 Thu 06 Oct 2022 06:33:59 PM UTC /usr/share/wazuh-indexer/jdk/bin/jlink
0100750 wazuh-indexer wazuh-indexer    12696 Thu 06 Oct 2022 06:33:59 PM UTC /usr/share/wazuh-indexer/jdk/bin/jmap
0100750 wazuh-indexer wazuh-indexer    12664 Thu 06 Oct 2022 06:33:59 PM UTC /usr/share/wazuh-indexer/jdk/bin/jmod
0100750 wazuh-indexer wazuh-indexer    12664 Thu 06 Oct 2022 06:33:59 PM UTC /usr/share/wazuh-indexer/jdk/bin/jpackage
0100750 wazuh-indexer wazuh-indexer    12664 Thu 06 Oct 2022 06:33:59 PM UTC /usr/share/wazuh-indexer/jdk/bin/jps
0100750 wazuh-indexer wazuh-indexer    12696 Thu 06 Oct 2022 06:33:59 PM UTC /usr/share/wazuh-indexer/jdk/bin/jrunscript
0100750 wazuh-indexer wazuh-indexer    12664 Thu 06 Oct 2022 06:33:59 PM UTC /usr/share/wazuh-indexer/jdk/bin/jshell
0100750 wazuh-indexer wazuh-indexer    12696 Thu 06 Oct 2022 06:33:59 PM UTC /usr/share/wazuh-indexer/jdk/bin/jstack
0100750 wazuh-indexer wazuh-indexer    12664 Thu 06 Oct 2022 06:33:59 PM UTC /usr/share/wazuh-indexer/jdk/bin/jstat
0100750 wazuh-indexer wazuh-indexer    12664 Thu 06 Oct 2022 06:33:59 PM UTC /usr/share/wazuh-indexer/jdk/bin/jstatd
0100750 wazuh-indexer wazuh-indexer    12664 Thu 06 Oct 2022 06:33:59 PM UTC /usr/share/wazuh-indexer/jdk/bin/keytool
0100750 wazuh-indexer wazuh-indexer    12664 Thu 06 Oct 2022 06:33:59 PM UTC /usr/share/wazuh-indexer/jdk/bin/rmid
0100750 wazuh-indexer wazuh-indexer    12664 Thu 06 Oct 2022 06:33:59 PM UTC /usr/share/wazuh-indexer/jdk/bin/rmiregistry
0100750 wazuh-indexer wazuh-indexer    12664 Thu 06 Oct 2022 06:33:59 PM UTC /usr/share/wazuh-indexer/jdk/bin/serialver
 040750 wazuh-indexer wazuh-indexer        0 Fri 14 Jan 2022 03:42:59 AM UTC /usr/share/wazuh-indexer/jdk/conf
0100640 wazuh-indexer wazuh-indexer     2733 Fri 14 Jan 2022 03:42:59 AM UTC /usr/share/wazuh-indexer/jdk/conf/logging.properties
 040750 wazuh-indexer wazuh-indexer        0 Fri 14 Jan 2022 03:42:59 AM UTC /usr/share/wazuh-indexer/jdk/conf/management
0100640 wazuh-indexer wazuh-indexer     3997 Fri 14 Jan 2022 03:42:59 AM UTC /usr/share/wazuh-indexer/jdk/conf/management/jmxremote.access
0100640 wazuh-indexer wazuh-indexer     5690 Fri 14 Jan 2022 03:42:59 AM UTC /usr/share/wazuh-indexer/jdk/conf/management/jmxremote.password.template
0100640 wazuh-indexer wazuh-indexer    14411 Fri 14 Jan 2022 03:42:59 AM UTC /usr/share/wazuh-indexer/jdk/conf/management/management.properties
0100640 wazuh-indexer wazuh-indexer     6171 Fri 14 Jan 2022 03:42:59 AM UTC /usr/share/wazuh-indexer/jdk/conf/net.properties
 040750 wazuh-indexer wazuh-indexer        0 Fri 14 Jan 2022 03:42:59 AM UTC /usr/share/wazuh-indexer/jdk/conf/sdp
0100640 wazuh-indexer wazuh-indexer     1455 Fri 14 Jan 2022 03:42:59 AM UTC /usr/share/wazuh-indexer/jdk/conf/sdp/sdp.conf.template
 040750 wazuh-indexer wazuh-indexer        0 Fri 14 Jan 2022 03:42:59 AM UTC /usr/share/wazuh-indexer/jdk/conf/security
0100640 wazuh-indexer wazuh-indexer     2180 Fri 14 Jan 2022 03:42:59 AM UTC /usr/share/wazuh-indexer/jdk/conf/security/java.policy
0100640 wazuh-indexer wazuh-indexer    55129 Fri 14 Jan 2022 03:42:59 AM UTC /usr/share/wazuh-indexer/jdk/conf/security/java.security
 040750 wazuh-indexer wazuh-indexer        0 Fri 14 Jan 2022 03:42:59 AM UTC /usr/share/wazuh-indexer/jdk/conf/security/policy
0100640 wazuh-indexer wazuh-indexer     2390 Fri 14 Jan 2022 03:42:59 AM UTC /usr/share/wazuh-indexer/jdk/conf/security/policy/README.txt
 040750 wazuh-indexer wazuh-indexer        0 Fri 14 Jan 2022 03:42:59 AM UTC /usr/share/wazuh-indexer/jdk/conf/security/policy/limited
0100640 wazuh-indexer wazuh-indexer      146 Fri 14 Jan 2022 03:42:59 AM UTC /usr/share/wazuh-indexer/jdk/conf/security/policy/limited/default_US_export.policy
0100640 wazuh-indexer wazuh-indexer      647 Fri 14 Jan 2022 03:42:59 AM UTC /usr/share/wazuh-indexer/jdk/conf/security/policy/limited/default_local.policy
0100640 wazuh-indexer wazuh-indexer      566 Fri 14 Jan 2022 03:42:59 AM UTC /usr/share/wazuh-indexer/jdk/conf/security/policy/limited/exempt_local.policy
 040750 wazuh-indexer wazuh-indexer        0 Fri 14 Jan 2022 03:42:59 AM UTC /usr/share/wazuh-indexer/jdk/conf/security/policy/unlimited
0100640 wazuh-indexer wazuh-indexer      146 Fri 14 Jan 2022 03:42:59 AM UTC /usr/share/wazuh-indexer/jdk/conf/security/policy/unlimited/default_US_export.policy
0100640 wazuh-indexer wazuh-indexer      193 Fri 14 Jan 2022 03:42:59 AM UTC /usr/share/wazuh-indexer/jdk/conf/security/policy/unlimited/default_local.policy
0100640 wazuh-indexer wazuh-indexer     1210 Fri 14 Jan 2022 03:42:59 AM UTC /usr/share/wazuh-indexer/jdk/conf/sound.properties
 040750 wazuh-indexer wazuh-indexer        0 Fri 14 Jan 2022 03:42:59 AM UTC /usr/share/wazuh-indexer/jdk/include
0100640 wazuh-indexer wazuh-indexer    22155 Fri 14 Jan 2022 03:42:59 AM UTC /usr/share/wazuh-indexer/jdk/include/classfile_constants.h
0100640 wazuh-indexer wazuh-indexer    12458 Fri 14 Jan 2022 03:42:59 AM UTC /usr/share/wazuh-indexer/jdk/include/jawt.h
0100640 wazuh-indexer wazuh-indexer     8151 Fri 14 Jan 2022 03:42:59 AM UTC /usr/share/wazuh-indexer/jdk/include/jdwpTransport.h
0100640 wazuh-indexer wazuh-indexer    75678 Fri 14 Jan 2022 03:42:59 AM UTC /usr/share/wazuh-indexer/jdk/include/jni.h
0100640 wazuh-indexer wazuh-indexer    81791 Fri 14 Jan 2022 03:42:59 AM UTC /usr/share/wazuh-indexer/jdk/include/jvmti.h
0100640 wazuh-indexer wazuh-indexer     4771 Fri 14 Jan 2022 03:42:59 AM UTC /usr/share/wazuh-indexer/jdk/include/jvmticmlr.h
 040750 wazuh-indexer wazuh-indexer        0 Fri 14 Jan 2022 03:42:59 AM UTC /usr/share/wazuh-indexer/jdk/include/linux
0100640 wazuh-indexer wazuh-indexer     1965 Fri 14 Jan 2022 03:42:59 AM UTC /usr/share/wazuh-indexer/jdk/include/linux/jawt_md.h
0100640 wazuh-indexer wazuh-indexer     2208 Fri 14 Jan 2022 03:42:59 AM UTC /usr/share/wazuh-indexer/jdk/include/linux/jni_md.h
 040750 wazuh-indexer wazuh-indexer        0 Fri 14 Jan 2022 03:42:57 AM UTC /usr/share/wazuh-indexer/jdk/jmods
0100640 wazuh-indexer wazuh-indexer 21817735 Fri 14 Jan 2022 03:42:57 AM UTC /usr/share/wazuh-indexer/jdk/jmods/java.base.jmod
0100640 wazuh-indexer wazuh-indexer   132059 Fri 14 Jan 2022 03:42:57 AM UTC /usr/share/wazuh-indexer/jdk/jmods/java.compiler.jmod
0100640 wazuh-indexer wazuh-indexer    59089 Fri 14 Jan 2022 03:42:57 AM UTC /usr/share/wazuh-indexer/jdk/jmods/java.datatransfer.jmod
0100640 wazuh-indexer wazuh-indexer 14023024 Fri 14 Jan 2022 03:42:57 AM UTC /usr/share/wazuh-indexer/jdk/jmods/java.desktop.jmod
0100640 wazuh-indexer wazuh-indexer    45895 Fri 14 Jan 2022 03:42:57 AM UTC /usr/share/wazuh-indexer/jdk/jmods/java.instrument.jmod
0100640 wazuh-indexer wazuh-indexer   127963 Fri 14 Jan 2022 03:42:57 AM UTC /usr/share/wazuh-indexer/jdk/jmods/java.logging.jmod
0100640 wazuh-indexer wazuh-indexer   899254 Fri 14 Jan 2022 03:42:57 AM UTC /usr/share/wazuh-indexer/jdk/jmods/java.management.jmod
0100640 wazuh-indexer wazuh-indexer    99784 Fri 14 Jan 2022 03:42:57 AM UTC /usr/share/wazuh-indexer/jdk/jmods/java.management.rmi.jmod
0100640 wazuh-indexer wazuh-indexer   468000 Fri 14 Jan 2022 03:42:57 AM UTC /usr/share/wazuh-indexer/jdk/jmods/java.naming.jmod
0100640 wazuh-indexer wazuh-indexer   726614 Fri 14 Jan 2022 03:42:57 AM UTC /usr/share/wazuh-indexer/jdk/jmods/java.net.http.jmod
0100640 wazuh-indexer wazuh-indexer    69392 Fri 14 Jan 2022 03:42:57 AM UTC /usr/share/wazuh-indexer/jdk/jmods/java.prefs.jmod
0100640 wazuh-indexer wazuh-indexer   393092 Fri 14 Jan 2022 03:42:57 AM UTC /usr/share/wazuh-indexer/jdk/jmods/java.rmi.jmod
0100640 wazuh-indexer wazuh-indexer    48480 Fri 14 Jan 2022 03:42:57 AM UTC /usr/share/wazuh-indexer/jdk/jmods/java.scripting.jmod
0100640 wazuh-indexer wazuh-indexer     9859 Fri 14 Jan 2022 03:42:57 AM UTC /usr/share/wazuh-indexer/jdk/jmods/java.se.jmod
0100640 wazuh-indexer wazuh-indexer   616284 Fri 14 Jan 2022 03:42:57 AM UTC /usr/share/wazuh-indexer/jdk/jmods/java.security.jgss.jmod
0100640 wazuh-indexer wazuh-indexer    89348 Fri 14 Jan 2022 03:42:57 AM UTC /usr/share/wazuh-indexer/jdk/jmods/java.security.sasl.jmod
0100640 wazuh-indexer wazuh-indexer    62938 Fri 14 Jan 2022 03:42:57 AM UTC /usr/share/wazuh-indexer/jdk/jmods/java.smartcardio.jmod
0100640 wazuh-indexer wazuh-indexer    83662 Fri 14 Jan 2022 03:42:57 AM UTC /usr/share/wazuh-indexer/jdk/jmods/java.sql.jmod
0100640 wazuh-indexer wazuh-indexer   221223 Fri 14 Jan 2022 03:42:57 AM UTC /usr/share/wazuh-indexer/jdk/jmods/java.sql.rowset.jmod
0100640 wazuh-indexer wazuh-indexer    11685 Fri 14 Jan 2022 03:42:57 AM UTC /usr/share/wazuh-indexer/jdk/jmods/java.transaction.xa.jmod
0100640 wazuh-indexer wazuh-indexer   684065 Fri 14 Jan 2022 03:42:57 AM UTC /usr/share/wazuh-indexer/jdk/jmods/java.xml.crypto.jmod
0100640 wazuh-indexer wazuh-indexer  5192910 Fri 14 Jan 2022 03:42:57 AM UTC /usr/share/wazuh-indexer/jdk/jmods/java.xml.jmod
0100640 wazuh-indexer wazuh-indexer    58033 Fri 14 Jan 2022 03:42:57 AM UTC /usr/share/wazuh-indexer/jdk/jmods/jdk.accessibility.jmod
0100640 wazuh-indexer wazuh-indexer   290075 Fri 14 Jan 2022 03:42:57 AM UTC /usr/share/wazuh-indexer/jdk/jmods/jdk.aot.jmod
0100640 wazuh-indexer wazuh-indexer    37918 Fri 14 Jan 2022 03:42:57 AM UTC /usr/share/wazuh-indexer/jdk/jmods/jdk.attach.jmod
0100640 wazuh-indexer wazuh-indexer  1147897 Fri 14 Jan 2022 03:42:57 AM UTC /usr/share/wazuh-indexer/jdk/jmods/jdk.charsets.jmod
0100640 wazuh-indexer wazuh-indexer  8712441 Fri 14 Jan 2022 03:42:57 AM UTC /usr/share/wazuh-indexer/jdk/jmods/jdk.compiler.jmod
0100640 wazuh-indexer wazuh-indexer   358119 Fri 14 Jan 2022 03:42:57 AM UTC /usr/share/wazuh-indexer/jdk/jmods/jdk.crypto.cryptoki.jmod
0100640 wazuh-indexer wazuh-indexer   415304 Fri 14 Jan 2022 03:42:57 AM UTC /usr/share/wazuh-indexer/jdk/jmods/jdk.crypto.ec.jmod
0100640 wazuh-indexer wazuh-indexer   171875 Fri 14 Jan 2022 03:42:57 AM UTC /usr/share/wazuh-indexer/jdk/jmods/jdk.dynalink.jmod
0100640 wazuh-indexer wazuh-indexer    15295 Fri 14 Jan 2022 03:42:57 AM UTC /usr/share/wazuh-indexer/jdk/jmods/jdk.editpad.jmod
0100640 wazuh-indexer wazuh-indexer  2230399 Fri 14 Jan 2022 03:42:57 AM UTC /usr/share/wazuh-indexer/jdk/jmods/jdk.hotspot.agent.jmod
0100640 wazuh-indexer wazuh-indexer   109768 Fri 14 Jan 2022 03:42:57 AM UTC /usr/share/wazuh-indexer/jdk/jmods/jdk.httpserver.jmod
0100640 wazuh-indexer wazuh-indexer    75640 Fri 14 Jan 2022 03:42:57 AM UTC /usr/share/wazuh-indexer/jdk/jmods/jdk.incubator.foreign.jmod
0100640 wazuh-indexer wazuh-indexer  2923058 Fri 14 Jan 2022 03:42:57 AM UTC /usr/share/wazuh-indexer/jdk/jmods/jdk.incubator.jpackage.jmod
0100640 wazuh-indexer wazuh-indexer    15168 Fri 14 Jan 2022 03:42:57 AM UTC /usr/share/wazuh-indexer/jdk/jmods/jdk.internal.ed.jmod
0100640 wazuh-indexer wazuh-indexer   102344 Fri 14 Jan 2022 03:42:57 AM UTC /usr/share/wazuh-indexer/jdk/jmods/jdk.internal.jvmstat.jmod
0100640 wazuh-indexer wazuh-indexer   394404 Fri 14 Jan 2022 03:42:57 AM UTC /usr/share/wazuh-indexer/jdk/jmods/jdk.internal.le.jmod
0100640 wazuh-indexer wazuh-indexer    90563 Fri 14 Jan 2022 03:42:57 AM UTC /usr/share/wazuh-indexer/jdk/jmods/jdk.internal.opt.jmod
0100640 wazuh-indexer wazuh-indexer   448942 Fri 14 Jan 2022 03:42:57 AM UTC /usr/share/wazuh-indexer/jdk/jmods/jdk.internal.vm.ci.jmod
0100640 wazuh-indexer wazuh-indexer  6401298 Fri 14 Jan 2022 03:42:57 AM UTC /usr/share/wazuh-indexer/jdk/jmods/jdk.internal.vm.compiler.jmod
0100640 wazuh-indexer wazuh-indexer    19949 Fri 14 Jan 2022 03:42:57 AM UTC /usr/share/wazuh-indexer/jdk/jmods/jdk.internal.vm.compiler.management.jmod
0100640 wazuh-indexer wazuh-indexer   262059 Fri 14 Jan 2022 03:42:57 AM UTC /usr/share/wazuh-indexer/jdk/jmods/jdk.jartool.jmod
0100640 wazuh-indexer wazuh-indexer  1227124 Fri 14 Jan 2022 03:42:57 AM UTC /usr/share/wazuh-indexer/jdk/jmods/jdk.javadoc.jmod
0100640 wazuh-indexer wazuh-indexer   138124 Fri 14 Jan 2022 03:42:57 AM UTC /usr/share/wazuh-indexer/jdk/jmods/jdk.jcmd.jmod
0100640 wazuh-indexer wazuh-indexer   473988 Fri 14 Jan 2022 03:42:57 AM UTC /usr/share/wazuh-indexer/jdk/jmods/jdk.jconsole.jmod
0100640 wazuh-indexer wazuh-indexer   744322 Fri 14 Jan 2022 03:42:57 AM UTC /usr/share/wazuh-indexer/jdk/jmods/jdk.jdeps.jmod
0100640 wazuh-indexer wazuh-indexer   850090 Fri 14 Jan 2022 03:42:57 AM UTC /usr/share/wazuh-indexer/jdk/jmods/jdk.jdi.jmod
0100640 wazuh-indexer wazuh-indexer   148139 Fri 14 Jan 2022 03:42:57 AM UTC /usr/share/wazuh-indexer/jdk/jmods/jdk.jdwp.agent.jmod
0100640 wazuh-indexer wazuh-indexer   535939 Fri 14 Jan 2022 03:42:57 AM UTC /usr/share/wazuh-indexer/jdk/jmods/jdk.jfr.jmod
0100640 wazuh-indexer wazuh-indexer   418231 Fri 14 Jan 2022 03:42:57 AM UTC /usr/share/wazuh-indexer/jdk/jmods/jdk.jlink.jmod
0100640 wazuh-indexer wazuh-indexer   677347 Fri 14 Jan 2022 03:42:57 AM UTC /usr/share/wazuh-indexer/jdk/jmods/jdk.jshell.jmod
0100640 wazuh-indexer wazuh-indexer    10749 Fri 14 Jan 2022 03:42:57 AM UTC /usr/share/wazuh-indexer/jdk/jmods/jdk.jsobject.jmod
0100640 wazuh-indexer wazuh-indexer    37559 Fri 14 Jan 2022 03:42:57 AM UTC /usr/share/wazuh-indexer/jdk/jmods/jdk.jstatd.jmod
0100640 wazuh-indexer wazuh-indexer 10161934 Fri 14 Jan 2022 03:42:57 AM UTC /usr/share/wazuh-indexer/jdk/jmods/jdk.localedata.jmod
0100640 wazuh-indexer wazuh-indexer    97344 Fri 14 Jan 2022 03:42:57 AM UTC /usr/share/wazuh-indexer/jdk/jmods/jdk.management.agent.jmod
0100640 wazuh-indexer wazuh-indexer    43492 Fri 14 Jan 2022 03:42:57 AM UTC /usr/share/wazuh-indexer/jdk/jmods/jdk.management.jfr.jmod
0100640 wazuh-indexer wazuh-indexer    74160 Fri 14 Jan 2022 03:42:57 AM UTC /usr/share/wazuh-indexer/jdk/jmods/jdk.management.jmod
0100640 wazuh-indexer wazuh-indexer    67733 Fri 14 Jan 2022 03:42:57 AM UTC /usr/share/wazuh-indexer/jdk/jmods/jdk.naming.dns.jmod
0100640 wazuh-indexer wazuh-indexer    26612 Fri 14 Jan 2022 03:42:57 AM UTC /usr/share/wazuh-indexer/jdk/jmods/jdk.naming.rmi.jmod
0100640 wazuh-indexer wazuh-indexer    29329 Fri 14 Jan 2022 03:42:57 AM UTC /usr/share/wazuh-indexer/jdk/jmods/jdk.net.jmod
0100640 wazuh-indexer wazuh-indexer    10223 Fri 14 Jan 2022 03:42:57 AM UTC /usr/share/wazuh-indexer/jdk/jmods/jdk.nio.mapmode.jmod
0100640 wazuh-indexer wazuh-indexer    93077 Fri 14 Jan 2022 03:42:57 AM UTC /usr/share/wazuh-indexer/jdk/jmods/jdk.sctp.jmod
0100640 wazuh-indexer wazuh-indexer    73368 Fri 14 Jan 2022 03:42:57 AM UTC /usr/share/wazuh-indexer/jdk/jmods/jdk.security.auth.jmod
0100640 wazuh-indexer wazuh-indexer    32719 Fri 14 Jan 2022 03:42:57 AM UTC /usr/share/wazuh-indexer/jdk/jmods/jdk.security.jgss.jmod
0100640 wazuh-indexer wazuh-indexer    21615 Fri 14 Jan 2022 03:42:57 AM UTC /usr/share/wazuh-indexer/jdk/jmods/jdk.unsupported.desktop.jmod
0100640 wazuh-indexer wazuh-indexer    25127 Fri 14 Jan 2022 03:42:57 AM UTC /usr/share/wazuh-indexer/jdk/jmods/jdk.unsupported.jmod
0100640 wazuh-indexer wazuh-indexer    49942 Fri 14 Jan 2022 03:42:57 AM UTC /usr/share/wazuh-indexer/jdk/jmods/jdk.xml.dom.jmod
0100640 wazuh-indexer wazuh-indexer   110312 Fri 14 Jan 2022 03:42:57 AM UTC /usr/share/wazuh-indexer/jdk/jmods/jdk.zipfs.jmod
 040750 wazuh-indexer wazuh-indexer        0 Fri 14 Jan 2022 03:42:59 AM UTC /usr/share/wazuh-indexer/jdk/legal
 040750 wazuh-indexer wazuh-indexer        0 Fri 14 Jan 2022 03:42:59 AM UTC /usr/share/wazuh-indexer/jdk/legal/java.base
0100640 wazuh-indexer wazuh-indexer     2114 Fri 14 Jan 2022 03:42:59 AM UTC /usr/share/wazuh-indexer/jdk/legal/java.base/ADDITIONAL_LICENSE_INFO
0100640 wazuh-indexer wazuh-indexer     1522 Fri 14 Jan 2022 03:42:59 AM UTC /usr/share/wazuh-indexer/jdk/legal/java.base/ASSEMBLY_EXCEPTION
0100640 wazuh-indexer wazuh-indexer    19274 Fri 14 Jan 2022 03:42:59 AM UTC /usr/share/wazuh-indexer/jdk/legal/java.base/LICENSE
0100640 wazuh-indexer wazuh-indexer     1444 Fri 14 Jan 2022 03:42:59 AM UTC /usr/share/wazuh-indexer/jdk/legal/java.base/aes.md
0100640 wazuh-indexer wazuh-indexer     1584 Fri 14 Jan 2022 03:42:59 AM UTC /usr/share/wazuh-indexer/jdk/legal/java.base/asm.md
0100640 wazuh-indexer wazuh-indexer     1556 Fri 14 Jan 2022 03:42:59 AM UTC /usr/share/wazuh-indexer/jdk/legal/java.base/c-libutl.md
0100640 wazuh-indexer wazuh-indexer     9130 Fri 14 Jan 2022 03:42:59 AM UTC /usr/share/wazuh-indexer/jdk/legal/java.base/cldr.md
0100640 wazuh-indexer wazuh-indexer    11086 Fri 14 Jan 2022 03:42:59 AM UTC /usr/share/wazuh-indexer/jdk/legal/java.base/icu.md
0100640 wazuh-indexer wazuh-indexer    17785 Fri 14 Jan 2022 03:42:59 AM UTC /usr/share/wazuh-indexer/jdk/legal/java.base/public_suffix.md
0100640 wazuh-indexer wazuh-indexer     2384 Fri 14 Jan 2022 03:42:59 AM UTC /usr/share/wazuh-indexer/jdk/legal/java.base/unicode.md
 040750 wazuh-indexer wazuh-indexer        0 Thu 06 Oct 2022 02:28:40 PM UTC /usr/share/wazuh-indexer/jdk/legal/java.compiler
 040750 wazuh-indexer wazuh-indexer        0 Thu 06 Oct 2022 02:28:40 PM UTC /usr/share/wazuh-indexer/jdk/legal/java.datatransfer
 040750 wazuh-indexer wazuh-indexer        0 Thu 06 Oct 2022 02:28:40 PM UTC /usr/share/wazuh-indexer/jdk/legal/java.desktop
0100640 wazuh-indexer wazuh-indexer      167 Fri 14 Jan 2022 03:42:59 AM UTC /usr/share/wazuh-indexer/jdk/legal/java.desktop/colorimaging.md
0100640 wazuh-indexer wazuh-indexer    28780 Fri 14 Jan 2022 03:42:59 AM UTC /usr/share/wazuh-indexer/jdk/legal/java.desktop/freetype.md
0100640 wazuh-indexer wazuh-indexer     1288 Fri 14 Jan 2022 03:42:59 AM UTC /usr/share/wazuh-indexer/jdk/legal/java.desktop/giflib.md
0100640 wazuh-indexer wazuh-indexer     2753 Fri 14 Jan 2022 03:42:59 AM UTC /usr/share/wazuh-indexer/jdk/legal/java.desktop/harfbuzz.md
0100640 wazuh-indexer wazuh-indexer     3475 Fri 14 Jan 2022 03:42:59 AM UTC /usr/share/wazuh-indexer/jdk/legal/java.desktop/jpeg.md
0100640 wazuh-indexer wazuh-indexer     1177 Fri 14 Jan 2022 03:42:59 AM UTC /usr/share/wazuh-indexer/jdk/legal/java.desktop/lcms.md
0100640 wazuh-indexer wazuh-indexer     5398 Fri 14 Jan 2022 03:42:59 AM UTC /usr/share/wazuh-indexer/jdk/legal/java.desktop/libpng.md
0100640 wazuh-indexer wazuh-indexer     5732 Fri 14 Jan 2022 03:42:59 AM UTC /usr/share/wazuh-indexer/jdk/legal/java.desktop/mesa3d.md
0100640 wazuh-indexer wazuh-indexer     1348 Fri 14 Jan 2022 03:42:59 AM UTC /usr/share/wazuh-indexer/jdk/legal/java.desktop/xwd.md
 040750 wazuh-indexer wazuh-indexer        0 Thu 06 Oct 2022 02:28:40 PM UTC /usr/share/wazuh-indexer/jdk/legal/java.instrument
 040750 wazuh-indexer wazuh-indexer        0 Thu 06 Oct 2022 02:28:40 PM UTC /usr/share/wazuh-indexer/jdk/legal/java.logging
 040750 wazuh-indexer wazuh-indexer        0 Thu 06 Oct 2022 02:28:40 PM UTC /usr/share/wazuh-indexer/jdk/legal/java.management
 040750 wazuh-indexer wazuh-indexer        0 Thu 06 Oct 2022 02:28:40 PM UTC /usr/share/wazuh-indexer/jdk/legal/java.management.rmi
 040750 wazuh-indexer wazuh-indexer        0 Thu 06 Oct 2022 02:28:40 PM UTC /usr/share/wazuh-indexer/jdk/legal/java.naming
 040750 wazuh-indexer wazuh-indexer        0 Thu 06 Oct 2022 02:28:40 PM UTC /usr/share/wazuh-indexer/jdk/legal/java.net.http
 040750 wazuh-indexer wazuh-indexer        0 Thu 06 Oct 2022 02:28:40 PM UTC /usr/share/wazuh-indexer/jdk/legal/java.prefs
 040750 wazuh-indexer wazuh-indexer        0 Thu 06 Oct 2022 02:28:40 PM UTC /usr/share/wazuh-indexer/jdk/legal/java.rmi
 040750 wazuh-indexer wazuh-indexer        0 Thu 06 Oct 2022 02:28:40 PM UTC /usr/share/wazuh-indexer/jdk/legal/java.scripting
 040750 wazuh-indexer wazuh-indexer        0 Thu 06 Oct 2022 02:28:40 PM UTC /usr/share/wazuh-indexer/jdk/legal/java.security.sasl
 040750 wazuh-indexer wazuh-indexer        0 Thu 06 Oct 2022 02:28:40 PM UTC /usr/share/wazuh-indexer/jdk/legal/java.smartcardio
0100640 wazuh-indexer wazuh-indexer     1649 Fri 14 Jan 2022 03:42:59 AM UTC /usr/share/wazuh-indexer/jdk/legal/java.smartcardio/pcsclite.md
 040750 wazuh-indexer wazuh-indexer        0 Thu 06 Oct 2022 02:28:40 PM UTC /usr/share/wazuh-indexer/jdk/legal/java.sql
 040750 wazuh-indexer wazuh-indexer        0 Thu 06 Oct 2022 02:28:40 PM UTC /usr/share/wazuh-indexer/jdk/legal/java.sql.rowset
 040750 wazuh-indexer wazuh-indexer        0 Thu 06 Oct 2022 02:28:40 PM UTC /usr/share/wazuh-indexer/jdk/legal/java.transaction.xa
 040750 wazuh-indexer wazuh-indexer        0 Thu 06 Oct 2022 02:28:40 PM UTC /usr/share/wazuh-indexer/jdk/legal/java.xml
 040750 wazuh-indexer wazuh-indexer        0 Thu 06 Oct 2022 02:28:40 PM UTC /usr/share/wazuh-indexer/jdk/legal/java.xml.crypto
0100640 wazuh-indexer wazuh-indexer    11436 Fri 14 Jan 2022 03:42:59 AM UTC /usr/share/wazuh-indexer/jdk/legal/java.xml.crypto/santuario.md
0100640 wazuh-indexer wazuh-indexer    11503 Fri 14 Jan 2022 03:42:59 AM UTC /usr/share/wazuh-indexer/jdk/legal/java.xml/bcel.md
0100640 wazuh-indexer wazuh-indexer     3028 Fri 14 Jan 2022 03:42:59 AM UTC /usr/share/wazuh-indexer/jdk/legal/java.xml/dom.md
0100640 wazuh-indexer wazuh-indexer     1158 Fri 14 Jan 2022 03:42:59 AM UTC /usr/share/wazuh-indexer/jdk/legal/java.xml/jcup.md
0100640 wazuh-indexer wazuh-indexer    13494 Fri 14 Jan 2022 03:42:59 AM UTC /usr/share/wazuh-indexer/jdk/legal/java.xml/xalan.md
0100640 wazuh-indexer wazuh-indexer    11852 Fri 14 Jan 2022 03:42:59 AM UTC /usr/share/wazuh-indexer/jdk/legal/java.xml/xerces.md
0100640 wazuh-indexer wazuh-indexer     1858 Fri 14 Jan 2022 03:42:59 AM UTC /usr/share/wazuh-indexer/jdk/legal/jdk.crypto.cryptoki/pkcs11cryptotoken.md
0100640 wazuh-indexer wazuh-indexer     2131 Fri 14 Jan 2022 03:42:59 AM UTC /usr/share/wazuh-indexer/jdk/legal/jdk.crypto.cryptoki/pkcs11wrapper.md
0100640 wazuh-indexer wazuh-indexer    29672 Fri 14 Jan 2022 03:42:59 AM UTC /usr/share/wazuh-indexer/jdk/legal/jdk.crypto.ec/ecc.md
0100640 wazuh-indexer wazuh-indexer     1502 Fri 14 Jan 2022 03:42:59 AM UTC /usr/share/wazuh-indexer/jdk/legal/jdk.dynalink/dynalink.md
0100640 wazuh-indexer wazuh-indexer     1579 Fri 14 Jan 2022 03:42:59 AM UTC /usr/share/wazuh-indexer/jdk/legal/jdk.internal.le/jline.md
0100640 wazuh-indexer wazuh-indexer     1122 Fri 14 Jan 2022 03:42:59 AM UTC /usr/share/wazuh-indexer/jdk/legal/jdk.internal.opt/jopt-simple.md
0100640 wazuh-indexer wazuh-indexer     2934 Fri 14 Jan 2022 03:42:59 AM UTC /usr/share/wazuh-indexer/jdk/legal/jdk.javadoc/jquery.md
0100640 wazuh-indexer wazuh-indexer     1870 Fri 14 Jan 2022 03:42:59 AM UTC /usr/share/wazuh-indexer/jdk/legal/jdk.javadoc/jqueryUI.md
0100640 wazuh-indexer wazuh-indexer     1346 Fri 14 Jan 2022 03:42:59 AM UTC /usr/share/wazuh-indexer/jdk/legal/jdk.localedata/thaidict.md
 040750 wazuh-indexer wazuh-indexer        0 Thu 06 Oct 2022 06:33:59 PM UTC /usr/share/wazuh-indexer/jdk/lib
0100640 wazuh-indexer wazuh-indexer    39929 Fri 14 Jan 2022 03:42:58 AM UTC /usr/share/wazuh-indexer/jdk/lib/classlist
0100640 wazuh-indexer wazuh-indexer  7459316 Fri 14 Jan 2022 03:42:57 AM UTC /usr/share/wazuh-indexer/jdk/lib/ct.sym
0100640 wazuh-indexer wazuh-indexer    12880 Thu 06 Oct 2022 06:33:59 PM UTC /usr/share/wazuh-indexer/jdk/lib/jexec
 040750 wazuh-indexer wazuh-indexer        0 Fri 14 Jan 2022 03:42:58 AM UTC /usr/share/wazuh-indexer/jdk/lib/jfr
0100640 wazuh-indexer wazuh-indexer    33448 Fri 14 Jan 2022 03:42:58 AM UTC /usr/share/wazuh-indexer/jdk/lib/jfr/default.jfc
0100640 wazuh-indexer wazuh-indexer    33397 Fri 14 Jan 2022 03:42:58 AM UTC /usr/share/wazuh-indexer/jdk/lib/jfr/profile.jfc
0100640 wazuh-indexer wazuh-indexer   107515 Fri 14 Jan 2022 03:42:58 AM UTC /usr/share/wazuh-indexer/jdk/lib/jrt-fs.jar
0100750 wazuh-indexer wazuh-indexer    18200 Thu 06 Oct 2022 06:33:58 PM UTC /usr/share/wazuh-indexer/jdk/lib/jspawnhelper
0100640 wazuh-indexer wazuh-indexer       29 Fri 14 Jan 2022 03:42:58 AM UTC /usr/share/wazuh-indexer/jdk/lib/jvm.cfg
0100640 wazuh-indexer wazuh-indexer    13168 Thu 06 Oct 2022 06:33:59 PM UTC /usr/share/wazuh-indexer/jdk/lib/libattach.so
0100640 wazuh-indexer wazuh-indexer   749792 Thu 06 Oct 2022 06:33:59 PM UTC /usr/share/wazuh-indexer/jdk/lib/libawt.so
0100640 wazuh-indexer wazuh-indexer    43576 Thu 06 Oct 2022 06:33:59 PM UTC /usr/share/wazuh-indexer/jdk/lib/libawt_headless.so
0100640 wazuh-indexer wazuh-indexer   467960 Thu 06 Oct 2022 06:33:59 PM UTC /usr/share/wazuh-indexer/jdk/lib/libawt_xawt.so
0100640 wazuh-indexer wazuh-indexer    28192 Thu 06 Oct 2022 06:33:59 PM UTC /usr/share/wazuh-indexer/jdk/lib/libdt_socket.so
0100640 wazuh-indexer wazuh-indexer    12968 Thu 06 Oct 2022 06:33:59 PM UTC /usr/share/wazuh-indexer/jdk/lib/libextnet.so
0100640 wazuh-indexer wazuh-indexer  1479072 Thu 06 Oct 2022 06:33:58 PM UTC /usr/share/wazuh-indexer/jdk/lib/libfontmanager.so
0100640 wazuh-indexer wazuh-indexer   784840 Thu 06 Oct 2022 06:33:59 PM UTC /usr/share/wazuh-indexer/jdk/lib/libfreetype.so
0100640 wazuh-indexer wazuh-indexer    50760 Thu 06 Oct 2022 06:33:59 PM UTC /usr/share/wazuh-indexer/jdk/lib/libinstrument.so
0100640 wazuh-indexer wazuh-indexer    47256 Thu 06 Oct 2022 06:33:59 PM UTC /usr/share/wazuh-indexer/jdk/lib/libj2gss.so
0100640 wazuh-indexer wazuh-indexer    17824 Thu 06 Oct 2022 06:33:59 PM UTC /usr/share/wazuh-indexer/jdk/lib/libj2pcsc.so
0100640 wazuh-indexer wazuh-indexer    88352 Thu 06 Oct 2022 06:33:59 PM UTC /usr/share/wazuh-indexer/jdk/lib/libj2pkcs11.so
0100640 wazuh-indexer wazuh-indexer     7896 Thu 06 Oct 2022 06:33:59 PM UTC /usr/share/wazuh-indexer/jdk/lib/libjaas.so
0100640 wazuh-indexer wazuh-indexer   188368 Thu 06 Oct 2022 06:33:59 PM UTC /usr/share/wazuh-indexer/jdk/lib/libjava.so
0100640 wazuh-indexer wazuh-indexer   261008 Thu 06 Oct 2022 06:33:58 PM UTC /usr/share/wazuh-indexer/jdk/lib/libjavajpeg.so
0100640 wazuh-indexer wazuh-indexer     7824 Thu 06 Oct 2022 06:33:59 PM UTC /usr/share/wazuh-indexer/jdk/lib/libjawt.so
0100640 wazuh-indexer wazuh-indexer   291160 Thu 06 Oct 2022 06:33:59 PM UTC /usr/share/wazuh-indexer/jdk/lib/libjdwp.so
0100640 wazuh-indexer wazuh-indexer   140560 Thu 06 Oct 2022 06:33:59 PM UTC /usr/share/wazuh-indexer/jdk/lib/libjimage.so
0100640 wazuh-indexer wazuh-indexer    78096 Thu 06 Oct 2022 06:33:59 PM UTC /usr/share/wazuh-indexer/jdk/lib/libjli.so
0100640 wazuh-indexer wazuh-indexer    13096 Thu 06 Oct 2022 06:33:59 PM UTC /usr/share/wazuh-indexer/jdk/lib/libjsig.so
0100640 wazuh-indexer wazuh-indexer    81920 Thu 06 Oct 2022 06:33:59 PM UTC /usr/share/wazuh-indexer/jdk/lib/libjsound.so
0100640 wazuh-indexer wazuh-indexer   571104 Thu 06 Oct 2022 06:33:59 PM UTC /usr/share/wazuh-indexer/jdk/lib/liblcms.so
0100640 wazuh-indexer wazuh-indexer    25624 Thu 06 Oct 2022 06:33:59 PM UTC /usr/share/wazuh-indexer/jdk/lib/libmanagement.so
0100640 wazuh-indexer wazuh-indexer     7864 Thu 06 Oct 2022 06:33:59 PM UTC /usr/share/wazuh-indexer/jdk/lib/libmanagement_agent.so
0100640 wazuh-indexer wazuh-indexer    33240 Thu 06 Oct 2022 06:33:59 PM UTC /usr/share/wazuh-indexer/jdk/lib/libmanagement_ext.so
0100640 wazuh-indexer wazuh-indexer   582552 Thu 06 Oct 2022 06:33:59 PM UTC /usr/share/wazuh-indexer/jdk/lib/libmlib_image.so
0100640 wazuh-indexer wazuh-indexer   105480 Thu 06 Oct 2022 06:33:59 PM UTC /usr/share/wazuh-indexer/jdk/lib/libnet.so
0100640 wazuh-indexer wazuh-indexer    92104 Thu 06 Oct 2022 06:33:59 PM UTC /usr/share/wazuh-indexer/jdk/lib/libnio.so
0100640 wazuh-indexer wazuh-indexer     8048 Thu 06 Oct 2022 06:33:59 PM UTC /usr/share/wazuh-indexer/jdk/lib/libprefs.so
0100640 wazuh-indexer wazuh-indexer     7584 Thu 06 Oct 2022 06:33:59 PM UTC /usr/share/wazuh-indexer/jdk/lib/librmi.so
0100640 wazuh-indexer wazuh-indexer    70624 Thu 06 Oct 2022 06:33:59 PM UTC /usr/share/wazuh-indexer/jdk/lib/libsaproc.so
0100640 wazuh-indexer wazuh-indexer    28264 Thu 06 Oct 2022 06:33:59 PM UTC /usr/share/wazuh-indexer/jdk/lib/libsctp.so
0100640 wazuh-indexer wazuh-indexer   371264 Thu 06 Oct 2022 06:33:59 PM UTC /usr/share/wazuh-indexer/jdk/lib/libsplashscreen.so
0100640 wazuh-indexer wazuh-indexer   324568 Thu 06 Oct 2022 06:33:59 PM UTC /usr/share/wazuh-indexer/jdk/lib/libsunec.so
0100640 wazuh-indexer wazuh-indexer    80920 Thu 06 Oct 2022 06:33:59 PM UTC /usr/share/wazuh-indexer/jdk/lib/libverify.so
0100640 wazuh-indexer wazuh-indexer    41808 Thu 06 Oct 2022 06:33:59 PM UTC /usr/share/wazuh-indexer/jdk/lib/libzip.so
0100640 wazuh-indexer wazuh-indexer 147650768 Fri 14 Jan 2022 03:42:59 AM UTC /usr/share/wazuh-indexer/jdk/lib/modules
0100640 wazuh-indexer wazuh-indexer     3793 Fri 14 Jan 2022 03:42:58 AM UTC /usr/share/wazuh-indexer/jdk/lib/psfont.properties.ja
0100640 wazuh-indexer wazuh-indexer    11390 Fri 14 Jan 2022 03:42:58 AM UTC /usr/share/wazuh-indexer/jdk/lib/psfontj2d.properties
 040750 wazuh-indexer wazuh-indexer        0 Fri 14 Jan 2022 03:42:58 AM UTC /usr/share/wazuh-indexer/jdk/lib/security
0100640 wazuh-indexer wazuh-indexer     2488 Fri 14 Jan 2022 03:42:58 AM UTC /usr/share/wazuh-indexer/jdk/lib/security/blacklisted.certs
0100640 wazuh-indexer wazuh-indexer   106474 Fri 14 Jan 2022 03:42:58 AM UTC /usr/share/wazuh-indexer/jdk/lib/security/cacerts
0100640 wazuh-indexer wazuh-indexer     9525 Fri 14 Jan 2022 03:42:58 AM UTC /usr/share/wazuh-indexer/jdk/lib/security/default.policy
0100640 wazuh-indexer wazuh-indexer   232578 Fri 14 Jan 2022 03:42:58 AM UTC /usr/share/wazuh-indexer/jdk/lib/security/public_suffix_list.dat
 040750 wazuh-indexer wazuh-indexer        0 Thu 06 Oct 2022 06:33:59 PM UTC /usr/share/wazuh-indexer/jdk/lib/server
0100640 wazuh-indexer wazuh-indexer 12767232 Fri 14 Jan 2022 03:42:57 AM UTC /usr/share/wazuh-indexer/jdk/lib/server/classes.jsa
0100640 wazuh-indexer wazuh-indexer 11829248 Fri 14 Jan 2022 03:42:57 AM UTC /usr/share/wazuh-indexer/jdk/lib/server/classes_nocoops.jsa
0100640 wazuh-indexer wazuh-indexer    13096 Thu 06 Oct 2022 06:33:58 PM UTC /usr/share/wazuh-indexer/jdk/lib/server/libjsig.so
0100640 wazuh-indexer wazuh-indexer 23479384 Thu 06 Oct 2022 06:33:59 PM UTC /usr/share/wazuh-indexer/jdk/lib/server/libjvm.so
0100640 wazuh-indexer wazuh-indexer   107821 Fri 14 Jan 2022 03:42:58 AM UTC /usr/share/wazuh-indexer/jdk/lib/tzdb.dat
 040750 wazuh-indexer wazuh-indexer        0 Fri 14 Jan 2022 03:42:59 AM UTC /usr/share/wazuh-indexer/jdk/man
 040750 wazuh-indexer wazuh-indexer        0 Fri 14 Jan 2022 03:42:59 AM UTC /usr/share/wazuh-indexer/jdk/man/man1
0100640 wazuh-indexer wazuh-indexer     5500 Fri 14 Jan 2022 03:42:59 AM UTC /usr/share/wazuh-indexer/jdk/man/man1/jaotc.1
0100640 wazuh-indexer wazuh-indexer    11664 Fri 14 Jan 2022 03:42:59 AM UTC /usr/share/wazuh-indexer/jdk/man/man1/jar.1
0100640 wazuh-indexer wazuh-indexer    54615 Fri 14 Jan 2022 03:42:59 AM UTC /usr/share/wazuh-indexer/jdk/man/man1/jarsigner.1
0100640 wazuh-indexer wazuh-indexer   198845 Fri 14 Jan 2022 03:42:59 AM UTC /usr/share/wazuh-indexer/jdk/man/man1/java.1
0100640 wazuh-indexer wazuh-indexer    85142 Fri 14 Jan 2022 03:42:59 AM UTC /usr/share/wazuh-indexer/jdk/man/man1/javac.1
0100640 wazuh-indexer wazuh-indexer    46556 Fri 14 Jan 2022 03:42:59 AM UTC /usr/share/wazuh-indexer/jdk/man/man1/javadoc.1
0100640 wazuh-indexer wazuh-indexer     7815 Fri 14 Jan 2022 03:42:59 AM UTC /usr/share/wazuh-indexer/jdk/man/man1/javap.1
0100640 wazuh-indexer wazuh-indexer    32991 Fri 14 Jan 2022 03:42:59 AM UTC /usr/share/wazuh-indexer/jdk/man/man1/jcmd.1
0100640 wazuh-indexer wazuh-indexer     3669 Fri 14 Jan 2022 03:42:59 AM UTC /usr/share/wazuh-indexer/jdk/man/man1/jconsole.1
0100640 wazuh-indexer wazuh-indexer     8901 Fri 14 Jan 2022 03:42:59 AM UTC /usr/share/wazuh-indexer/jdk/man/man1/jdb.1
0100640 wazuh-indexer wazuh-indexer     8142 Fri 14 Jan 2022 03:42:59 AM UTC /usr/share/wazuh-indexer/jdk/man/man1/jdeprscan.1
0100640 wazuh-indexer wazuh-indexer    12250 Fri 14 Jan 2022 03:42:59 AM UTC /usr/share/wazuh-indexer/jdk/man/man1/jdeps.1
0100640 wazuh-indexer wazuh-indexer     9037 Fri 14 Jan 2022 03:42:59 AM UTC /usr/share/wazuh-indexer/jdk/man/man1/jfr.1
0100640 wazuh-indexer wazuh-indexer     7341 Fri 14 Jan 2022 03:42:59 AM UTC /usr/share/wazuh-indexer/jdk/man/man1/jhsdb.1
0100640 wazuh-indexer wazuh-indexer     3500 Fri 14 Jan 2022 03:42:59 AM UTC /usr/share/wazuh-indexer/jdk/man/man1/jinfo.1
0100640 wazuh-indexer wazuh-indexer    11941 Fri 14 Jan 2022 03:42:59 AM UTC /usr/share/wazuh-indexer/jdk/man/man1/jlink.1
0100640 wazuh-indexer wazuh-indexer     3489 Fri 14 Jan 2022 03:42:59 AM UTC /usr/share/wazuh-indexer/jdk/man/man1/jmap.1
0100640 wazuh-indexer wazuh-indexer    12113 Fri 14 Jan 2022 03:42:59 AM UTC /usr/share/wazuh-indexer/jdk/man/man1/jmod.1
0100640 wazuh-indexer wazuh-indexer    13873 Fri 14 Jan 2022 03:42:59 AM UTC /usr/share/wazuh-indexer/jdk/man/man1/jpackage.1
0100640 wazuh-indexer wazuh-indexer     8457 Fri 14 Jan 2022 03:42:59 AM UTC /usr/share/wazuh-indexer/jdk/man/man1/jps.1
0100640 wazuh-indexer wazuh-indexer     5280 Fri 14 Jan 2022 03:42:59 AM UTC /usr/share/wazuh-indexer/jdk/man/man1/jrunscript.1
0100640 wazuh-indexer wazuh-indexer    43678 Fri 14 Jan 2022 03:42:59 AM UTC /usr/share/wazuh-indexer/jdk/man/man1/jshell.1
0100640 wazuh-indexer wazuh-indexer     3049 Fri 14 Jan 2022 03:42:59 AM UTC /usr/share/wazuh-indexer/jdk/man/man1/jstack.1
0100640 wazuh-indexer wazuh-indexer    24101 Fri 14 Jan 2022 03:42:59 AM UTC /usr/share/wazuh-indexer/jdk/man/man1/jstat.1
0100640 wazuh-indexer wazuh-indexer     7876 Fri 14 Jan 2022 03:42:59 AM UTC /usr/share/wazuh-indexer/jdk/man/man1/jstatd.1
0100640 wazuh-indexer wazuh-indexer   107137 Fri 14 Jan 2022 03:42:59 AM UTC /usr/share/wazuh-indexer/jdk/man/man1/keytool.1
0100640 wazuh-indexer wazuh-indexer    16391 Fri 14 Jan 2022 03:42:59 AM UTC /usr/share/wazuh-indexer/jdk/man/man1/rmid.1
0100640 wazuh-indexer wazuh-indexer     3257 Fri 14 Jan 2022 03:42:59 AM UTC /usr/share/wazuh-indexer/jdk/man/man1/rmiregistry.1
0100640 wazuh-indexer wazuh-indexer     2912 Fri 14 Jan 2022 03:42:59 AM UTC /usr/share/wazuh-indexer/jdk/man/man1/serialver.1
0100640 wazuh-indexer wazuh-indexer     1405 Fri 14 Jan 2022 03:42:57 AM UTC /usr/share/wazuh-indexer/jdk/release
 040750 wazuh-indexer wazuh-indexer        0 Fri 14 Jan 2022 03:43:03 AM UTC /usr/share/wazuh-indexer/lib
0100640 wazuh-indexer wazuh-indexer   114165 Fri 14 Jan 2022 03:38:24 AM UTC /usr/share/wazuh-indexer/lib/HdrHistogram-2.1.9.jar
0100640 wazuh-indexer wazuh-indexer  1159086 Fri 14 Jan 2022 03:38:24 AM UTC /usr/share/wazuh-indexer/lib/hppc-0.8.1.jar
0100640 wazuh-indexer wazuh-indexer   365536 Fri 14 Jan 2022 03:35:55 AM UTC /usr/share/wazuh-indexer/lib/jackson-core-2.12.5.jar
0100640 wazuh-indexer wazuh-indexer    61502 Fri 14 Jan 2022 03:38:24 AM UTC /usr/share/wazuh-indexer/lib/jackson-dataformat-cbor-2.12.5.jar
0100640 wazuh-indexer wazuh-indexer    93879 Fri 14 Jan 2022 03:38:24 AM UTC /usr/share/wazuh-indexer/lib/jackson-dataformat-smile-2.12.5.jar
0100640 wazuh-indexer wazuh-indexer    51466 Fri 14 Jan 2022 03:38:24 AM UTC /usr/share/wazuh-indexer/lib/jackson-dataformat-yaml-2.12.5.jar
0100640 wazuh-indexer wazuh-indexer     8787 Fri 14 Jan 2022 03:38:37 AM UTC /usr/share/wazuh-indexer/lib/java-version-checker-1.2.4.jar
0100640 wazuh-indexer wazuh-indexer   457339 Fri 14 Jan 2022 03:35:55 AM UTC /usr/share/wazuh-indexer/lib/jna-5.5.0.jar
0100640 wazuh-indexer wazuh-indexer   643037 Fri 14 Jan 2022 03:38:24 AM UTC /usr/share/wazuh-indexer/lib/joda-time-2.10.4.jar
0100640 wazuh-indexer wazuh-indexer    78074 Fri 14 Jan 2022 03:38:24 AM UTC /usr/share/wazuh-indexer/lib/jopt-simple-5.0.2.jar
0100640 wazuh-indexer wazuh-indexer   797736 Fri 14 Jan 2022 03:38:24 AM UTC /usr/share/wazuh-indexer/lib/jts-core-1.15.0.jar
0100640 wazuh-indexer wazuh-indexer   301872 Fri 14 Jan 2022 03:38:24 AM UTC /usr/share/wazuh-indexer/lib/log4j-api-2.17.1.jar
0100640 wazuh-indexer wazuh-indexer  1790452 Fri 14 Jan 2022 03:38:24 AM UTC /usr/share/wazuh-indexer/lib/log4j-core-2.17.1.jar
0100640 wazuh-indexer wazuh-indexer  1785889 Fri 14 Jan 2022 03:38:24 AM UTC /usr/share/wazuh-indexer/lib/lucene-analyzers-common-8.10.1.jar
0100640 wazuh-indexer wazuh-indexer   155064 Fri 14 Jan 2022 03:38:24 AM UTC /usr/share/wazuh-indexer/lib/lucene-backward-codecs-8.10.1.jar
0100640 wazuh-indexer wazuh-indexer  3604427 Fri 14 Jan 2022 03:38:24 AM UTC /usr/share/wazuh-indexer/lib/lucene-core-8.10.1.jar
0100640 wazuh-indexer wazuh-indexer    98339 Fri 14 Jan 2022 03:38:24 AM UTC /usr/share/wazuh-indexer/lib/lucene-grouping-8.10.1.jar
0100640 wazuh-indexer wazuh-indexer   209958 Fri 14 Jan 2022 03:38:24 AM UTC /usr/share/wazuh-indexer/lib/lucene-highlighter-8.10.1.jar
0100640 wazuh-indexer wazuh-indexer   152523 Fri 14 Jan 2022 03:38:24 AM UTC /usr/share/wazuh-indexer/lib/lucene-join-8.10.1.jar
0100640 wazuh-indexer wazuh-indexer    52140 Fri 14 Jan 2022 03:38:24 AM UTC /usr/share/wazuh-indexer/lib/lucene-memory-8.10.1.jar
0100640 wazuh-indexer wazuh-indexer   105983 Fri 14 Jan 2022 03:38:24 AM UTC /usr/share/wazuh-indexer/lib/lucene-misc-8.10.1.jar
0100640 wazuh-indexer wazuh-indexer   381807 Fri 14 Jan 2022 03:38:24 AM UTC /usr/share/wazuh-indexer/lib/lucene-queries-8.10.1.jar
0100640 wazuh-indexer wazuh-indexer   382659 Fri 14 Jan 2022 03:38:24 AM UTC /usr/share/wazuh-indexer/lib/lucene-queryparser-8.10.1.jar
0100640 wazuh-indexer wazuh-indexer   245123 Fri 14 Jan 2022 03:38:24 AM UTC /usr/share/wazuh-indexer/lib/lucene-sandbox-8.10.1.jar
0100640 wazuh-indexer wazuh-indexer   240653 Fri 14 Jan 2022 03:38:24 AM UTC /usr/share/wazuh-indexer/lib/lucene-spatial-extras-8.10.1.jar
0100640 wazuh-indexer wazuh-indexer   309295 Fri 14 Jan 2022 03:38:24 AM UTC /usr/share/wazuh-indexer/lib/lucene-spatial3d-8.10.1.jar
0100640 wazuh-indexer wazuh-indexer   249879 Fri 14 Jan 2022 03:38:24 AM UTC /usr/share/wazuh-indexer/lib/lucene-suggest-8.10.1.jar
0100640 wazuh-indexer wazuh-indexer 13131369 Fri 14 Jan 2022 03:39:53 AM UTC /usr/share/wazuh-indexer/lib/opensearch-1.2.4.jar
0100640 wazuh-indexer wazuh-indexer    17956 Fri 14 Jan 2022 03:38:28 AM UTC /usr/share/wazuh-indexer/lib/opensearch-cli-1.2.4.jar
0100640 wazuh-indexer wazuh-indexer    59742 Fri 14 Jan 2022 03:38:28 AM UTC /usr/share/wazuh-indexer/lib/opensearch-core-1.2.4.jar
0100640 wazuh-indexer wazuh-indexer    45275 Fri 14 Jan 2022 03:38:25 AM UTC /usr/share/wazuh-indexer/lib/opensearch-geo-1.2.4.jar
0100640 wazuh-indexer wazuh-indexer    21116 Fri 14 Jan 2022 03:38:38 AM UTC /usr/share/wazuh-indexer/lib/opensearch-launchers-1.2.4.jar
0100640 wazuh-indexer wazuh-indexer     6537 Fri 14 Jan 2022 03:38:31 AM UTC /usr/share/wazuh-indexer/lib/opensearch-plugin-classloader-1.2.4.jar
0100640 wazuh-indexer wazuh-indexer    10938 Fri 14 Jan 2022 03:38:25 AM UTC /usr/share/wazuh-indexer/lib/opensearch-secure-sm-1.2.4.jar
0100640 wazuh-indexer wazuh-indexer   142149 Fri 14 Jan 2022 03:38:30 AM UTC /usr/share/wazuh-indexer/lib/opensearch-x-content-1.2.4.jar
0100640 wazuh-indexer wazuh-indexer   309001 Fri 14 Jan 2022 03:37:46 AM UTC /usr/share/wazuh-indexer/lib/snakeyaml-1.26.jar
0100640 wazuh-indexer wazuh-indexer   204833 Fri 14 Jan 2022 03:38:24 AM UTC /usr/share/wazuh-indexer/lib/spatial4j-0.7.jar
0100640 wazuh-indexer wazuh-indexer    51208 Fri 14 Jan 2022 03:38:24 AM UTC /usr/share/wazuh-indexer/lib/t-digest-3.2.jar
 040750 wazuh-indexer wazuh-indexer        0 Fri 14 Jan 2022 03:43:04 AM UTC /usr/share/wazuh-indexer/lib/tools
 040750 wazuh-indexer wazuh-indexer        0 Fri 14 Jan 2022 03:43:04 AM UTC /usr/share/wazuh-indexer/lib/tools/keystore-cli
0100640 wazuh-indexer wazuh-indexer    16232 Fri 14 Jan 2022 03:42:03 AM UTC /usr/share/wazuh-indexer/lib/tools/keystore-cli/keystore-cli-1.2.4.jar
 040750 wazuh-indexer wazuh-indexer        0 Fri 14 Jan 2022 03:43:04 AM UTC /usr/share/wazuh-indexer/lib/tools/plugin-cli
0100640 wazuh-indexer wazuh-indexer  3777063 Fri 14 Jan 2022 03:42:01 AM UTC /usr/share/wazuh-indexer/lib/tools/plugin-cli/bc-fips-1.0.2.1.jar
0100640 wazuh-indexer wazuh-indexer   274120 Fri 14 Jan 2022 03:42:01 AM UTC /usr/share/wazuh-indexer/lib/tools/plugin-cli/bcpg-fips-1.0.5.1.jar
0100640 wazuh-indexer wazuh-indexer    36346 Fri 14 Jan 2022 03:42:16 AM UTC /usr/share/wazuh-indexer/lib/tools/plugin-cli/opensearch-plugin-cli-1.2.4.jar
 040750 wazuh-indexer wazuh-indexer        0 Fri 14 Jan 2022 03:43:04 AM UTC /usr/share/wazuh-indexer/lib/tools/upgrade-cli
0100640 wazuh-indexer wazuh-indexer    75704 Fri 14 Jan 2022 03:35:55 AM UTC /usr/share/wazuh-indexer/lib/tools/upgrade-cli/jackson-annotations-2.12.5.jar
0100640 wazuh-indexer wazuh-indexer   365536 Fri 14 Jan 2022 03:35:55 AM UTC /usr/share/wazuh-indexer/lib/tools/upgrade-cli/jackson-core-2.12.5.jar
0100640 wazuh-indexer wazuh-indexer  1515991 Fri 14 Jan 2022 03:35:55 AM UTC /usr/share/wazuh-indexer/lib/tools/upgrade-cli/jackson-databind-2.12.5.jar
0100640 wazuh-indexer wazuh-indexer    30652 Fri 14 Jan 2022 03:42:04 AM UTC /usr/share/wazuh-indexer/lib/tools/upgrade-cli/opensearch-upgrade-cli-1.2.4.jar
 040750 wazuh-indexer wazuh-indexer        0 Thu 06 Oct 2022 02:32:06 PM UTC /usr/share/wazuh-indexer/modules
 040750 wazuh-indexer wazuh-indexer        0 Fri 14 Jan 2022 03:42:01 AM UTC /usr/share/wazuh-indexer/modules/aggs-matrix-stats
0100640 wazuh-indexer wazuh-indexer    57835 Fri 14 Jan 2022 03:42:01 AM UTC /usr/share/wazuh-indexer/modules/aggs-matrix-stats/aggs-matrix-stats-client-1.2.4.jar
0100640 wazuh-indexer wazuh-indexer     1903 Fri 14 Jan 2022 03:42:01 AM UTC /usr/share/wazuh-indexer/modules/aggs-matrix-stats/plugin-descriptor.properties
 040750 wazuh-indexer wazuh-indexer        0 Fri 14 Jan 2022 03:42:01 AM UTC /usr/share/wazuh-indexer/modules/analysis-common
0100640 wazuh-indexer wazuh-indexer   198254 Fri 14 Jan 2022 03:42:01 AM UTC /usr/share/wazuh-indexer/modules/analysis-common/analysis-common-1.2.4.jar
0100640 wazuh-indexer wazuh-indexer     1852 Fri 14 Jan 2022 03:42:01 AM UTC /usr/share/wazuh-indexer/modules/analysis-common/plugin-descriptor.properties
 040750 wazuh-indexer wazuh-indexer        0 Fri 14 Jan 2022 03:42:01 AM UTC /usr/share/wazuh-indexer/modules/geo
0100640 wazuh-indexer wazuh-indexer     5860 Fri 14 Jan 2022 03:42:01 AM UTC /usr/share/wazuh-indexer/modules/geo/geo-1.2.4.jar
0100640 wazuh-indexer wazuh-indexer     1867 Fri 14 Jan 2022 03:42:01 AM UTC /usr/share/wazuh-indexer/modules/geo/plugin-descriptor.properties
 040750 wazuh-indexer wazuh-indexer        0 Fri 14 Jan 2022 03:42:02 AM UTC /usr/share/wazuh-indexer/modules/ingest-common
0100640 wazuh-indexer wazuh-indexer   119006 Fri 14 Jan 2022 03:42:01 AM UTC /usr/share/wazuh-indexer/modules/ingest-common/ingest-common-1.2.4.jar
0100640 wazuh-indexer wazuh-indexer  1682608 Fri 14 Jan 2022 03:42:02 AM UTC /usr/share/wazuh-indexer/modules/ingest-common/jcodings-1.0.44.jar
0100640 wazuh-indexer wazuh-indexer   214815 Fri 14 Jan 2022 03:42:02 AM UTC /usr/share/wazuh-indexer/modules/ingest-common/joni-2.1.29.jar
0100640 wazuh-indexer wazuh-indexer    24623 Fri 14 Jan 2022 03:42:02 AM UTC /usr/share/wazuh-indexer/modules/ingest-common/opensearch-dissect-1.2.4.jar
0100640 wazuh-indexer wazuh-indexer    48395 Fri 14 Jan 2022 03:42:02 AM UTC /usr/share/wazuh-indexer/modules/ingest-common/opensearch-grok-1.2.4.jar
0100640 wazuh-indexer wazuh-indexer     1927 Fri 14 Jan 2022 03:42:02 AM UTC /usr/share/wazuh-indexer/modules/ingest-common/plugin-descriptor.properties
 040750 wazuh-indexer wazuh-indexer        0 Fri 14 Jan 2022 03:42:09 AM UTC /usr/share/wazuh-indexer/modules/ingest-geoip
0100640 wazuh-indexer wazuh-indexer  6603852 Fri 14 Jan 2022 03:42:02 AM UTC /usr/share/wazuh-indexer/modules/ingest-geoip/GeoLite2-ASN.mmdb
0100640 wazuh-indexer wazuh-indexer 62898296 Fri 14 Jan 2022 03:42:08 AM UTC /usr/share/wazuh-indexer/modules/ingest-geoip/GeoLite2-City.mmdb
0100640 wazuh-indexer wazuh-indexer  3988184 Fri 14 Jan 2022 03:42:08 AM UTC /usr/share/wazuh-indexer/modules/ingest-geoip/GeoLite2-Country.mmdb
0100640 wazuh-indexer wazuh-indexer    49735 Fri 14 Jan 2022 03:42:09 AM UTC /usr/share/wazuh-indexer/modules/ingest-geoip/geoip2-2.13.1.jar
0100640 wazuh-indexer wazuh-indexer    27521 Fri 14 Jan 2022 03:42:09 AM UTC /usr/share/wazuh-indexer/modules/ingest-geoip/ingest-geoip-1.2.4.jar
0100640 wazuh-indexer wazuh-indexer    75704 Fri 14 Jan 2022 03:42:09 AM UTC /usr/share/wazuh-indexer/modules/ingest-geoip/jackson-annotations-2.12.5.jar
0100640 wazuh-indexer wazuh-indexer  1515991 Fri 14 Jan 2022 03:42:09 AM UTC /usr/share/wazuh-indexer/modules/ingest-geoip/jackson-databind-2.12.5.jar
0100640 wazuh-indexer wazuh-indexer    23384 Fri 14 Jan 2022 03:42:09 AM UTC /usr/share/wazuh-indexer/modules/ingest-geoip/maxmind-db-1.3.1.jar
0100640 wazuh-indexer wazuh-indexer     1885 Fri 14 Jan 2022 03:42:09 AM UTC /usr/share/wazuh-indexer/modules/ingest-geoip/plugin-descriptor.properties
0100640 wazuh-indexer wazuh-indexer     1764 Fri 14 Jan 2022 03:42:09 AM UTC /usr/share/wazuh-indexer/modules/ingest-geoip/plugin-security.policy
 040750 wazuh-indexer wazuh-indexer        0 Fri 14 Jan 2022 03:42:09 AM UTC /usr/share/wazuh-indexer/modules/ingest-user-agent
0100640 wazuh-indexer wazuh-indexer    65818 Fri 14 Jan 2022 03:42:09 AM UTC /usr/share/wazuh-indexer/modules/ingest-user-agent/ingest-user-agent-1.2.4.jar
0100640 wazuh-indexer wazuh-indexer     1863 Fri 14 Jan 2022 03:42:09 AM UTC /usr/share/wazuh-indexer/modules/ingest-user-agent/plugin-descriptor.properties
 040750 wazuh-indexer wazuh-indexer        0 Fri 14 Jan 2022 03:42:09 AM UTC /usr/share/wazuh-indexer/modules/lang-expression
0100640 wazuh-indexer wazuh-indexer   302034 Fri 14 Jan 2022 03:42:09 AM UTC /usr/share/wazuh-indexer/modules/lang-expression/antlr4-runtime-4.5.1-1.jar
0100640 wazuh-indexer wazuh-indexer    53297 Fri 14 Jan 2022 03:42:09 AM UTC /usr/share/wazuh-indexer/modules/lang-expression/asm-5.0.4.jar
0100640 wazuh-indexer wazuh-indexer    41796 Fri 14 Jan 2022 03:42:09 AM UTC /usr/share/wazuh-indexer/modules/lang-expression/asm-commons-5.0.4.jar
0100640 wazuh-indexer wazuh-indexer    29050 Fri 14 Jan 2022 03:42:09 AM UTC /usr/share/wazuh-indexer/modules/lang-expression/asm-tree-5.0.4.jar
0100640 wazuh-indexer wazuh-indexer    65125 Fri 14 Jan 2022 03:42:09 AM UTC /usr/share/wazuh-indexer/modules/lang-expression/lang-expression-1.2.4.jar
0100640 wazuh-indexer wazuh-indexer    76850 Fri 14 Jan 2022 03:42:09 AM UTC /usr/share/wazuh-indexer/modules/lang-expression/lucene-expressions-8.10.1.jar
0100640 wazuh-indexer wazuh-indexer     1842 Fri 14 Jan 2022 03:42:09 AM UTC /usr/share/wazuh-indexer/modules/lang-expression/plugin-descriptor.properties
0100640 wazuh-indexer wazuh-indexer     1754 Fri 14 Jan 2022 03:42:09 AM UTC /usr/share/wazuh-indexer/modules/lang-expression/plugin-security.policy
 040750 wazuh-indexer wazuh-indexer        0 Fri 14 Jan 2022 03:42:09 AM UTC /usr/share/wazuh-indexer/modules/lang-mustache
0100640 wazuh-indexer wazuh-indexer   100892 Fri 14 Jan 2022 03:42:09 AM UTC /usr/share/wazuh-indexer/modules/lang-mustache/compiler-0.9.6.jar
0100640 wazuh-indexer wazuh-indexer    63424 Fri 14 Jan 2022 03:42:09 AM UTC /usr/share/wazuh-indexer/modules/lang-mustache/lang-mustache-client-1.2.4.jar
0100640 wazuh-indexer wazuh-indexer     1836 Fri 14 Jan 2022 03:42:09 AM UTC /usr/share/wazuh-indexer/modules/lang-mustache/plugin-descriptor.properties
0100640 wazuh-indexer wazuh-indexer     1202 Fri 14 Jan 2022 03:42:09 AM UTC /usr/share/wazuh-indexer/modules/lang-mustache/plugin-security.policy
 040750 wazuh-indexer wazuh-indexer        0 Fri 14 Jan 2022 03:42:09 AM UTC /usr/share/wazuh-indexer/modules/lang-painless
0100640 wazuh-indexer wazuh-indexer   302248 Fri 14 Jan 2022 03:42:09 AM UTC /usr/share/wazuh-indexer/modules/lang-painless/antlr4-runtime-4.5.3.jar
0100640 wazuh-indexer wazuh-indexer   114873 Fri 14 Jan 2022 03:42:09 AM UTC /usr/share/wazuh-indexer/modules/lang-painless/asm-7.2.jar
0100640 wazuh-indexer wazuh-indexer    33444 Fri 14 Jan 2022 03:42:09 AM UTC /usr/share/wazuh-indexer/modules/lang-painless/asm-analysis-7.2.jar
0100640 wazuh-indexer wazuh-indexer    70051 Fri 14 Jan 2022 03:42:09 AM UTC /usr/share/wazuh-indexer/modules/lang-painless/asm-commons-7.2.jar
0100640 wazuh-indexer wazuh-indexer    50283 Fri 14 Jan 2022 03:42:09 AM UTC /usr/share/wazuh-indexer/modules/lang-painless/asm-tree-7.2.jar
0100640 wazuh-indexer wazuh-indexer    80707 Fri 14 Jan 2022 03:42:09 AM UTC /usr/share/wazuh-indexer/modules/lang-painless/asm-util-7.2.jar
0100640 wazuh-indexer wazuh-indexer   712187 Fri 14 Jan 2022 03:42:09 AM UTC /usr/share/wazuh-indexer/modules/lang-painless/lang-painless-1.2.4.jar
0100640 wazuh-indexer wazuh-indexer    29707 Fri 14 Jan 2022 03:42:09 AM UTC /usr/share/wazuh-indexer/modules/lang-painless/opensearch-scripting-painless-spi-1.2.4.jar
0100640 wazuh-indexer wazuh-indexer     1840 Fri 14 Jan 2022 03:42:09 AM UTC /usr/share/wazuh-indexer/modules/lang-painless/plugin-descriptor.properties
0100640 wazuh-indexer wazuh-indexer     1332 Fri 14 Jan 2022 03:42:09 AM UTC /usr/share/wazuh-indexer/modules/lang-painless/plugin-security.policy
 040750 wazuh-indexer wazuh-indexer        0 Fri 14 Jan 2022 03:42:09 AM UTC /usr/share/wazuh-indexer/modules/mapper-extras
0100640 wazuh-indexer wazuh-indexer    86065 Fri 14 Jan 2022 03:42:09 AM UTC /usr/share/wazuh-indexer/modules/mapper-extras/mapper-extras-client-1.2.4.jar
0100640 wazuh-indexer wazuh-indexer     1819 Fri 14 Jan 2022 03:42:09 AM UTC /usr/share/wazuh-indexer/modules/mapper-extras/plugin-descriptor.properties
 040750 wazuh-indexer wazuh-indexer        0 Fri 14 Jan 2022 03:42:09 AM UTC /usr/share/wazuh-indexer/modules/opensearch-dashboards
0100640 wazuh-indexer wazuh-indexer   344339 Fri 14 Jan 2022 03:42:09 AM UTC /usr/share/wazuh-indexer/modules/opensearch-dashboards/commons-codec-1.13.jar
0100640 wazuh-indexer wazuh-indexer    62050 Fri 14 Jan 2022 03:42:09 AM UTC /usr/share/wazuh-indexer/modules/opensearch-dashboards/commons-logging-1.1.3.jar
0100640 wazuh-indexer wazuh-indexer   179964 Fri 14 Jan 2022 03:42:09 AM UTC /usr/share/wazuh-indexer/modules/opensearch-dashboards/httpasyncclient-4.1.4.jar
0100640 wazuh-indexer wazuh-indexer   780321 Fri 14 Jan 2022 03:42:09 AM UTC /usr/share/wazuh-indexer/modules/opensearch-dashboards/httpclient-4.5.13.jar
0100640 wazuh-indexer wazuh-indexer   328347 Fri 14 Jan 2022 03:42:09 AM UTC /usr/share/wazuh-indexer/modules/opensearch-dashboards/httpcore-4.4.12.jar
0100640 wazuh-indexer wazuh-indexer   367672 Fri 14 Jan 2022 03:42:09 AM UTC /usr/share/wazuh-indexer/modules/opensearch-dashboards/httpcore-nio-4.4.12.jar
0100640 wazuh-indexer wazuh-indexer     9174 Fri 14 Jan 2022 03:42:09 AM UTC /usr/share/wazuh-indexer/modules/opensearch-dashboards/opensearch-dashboards-1.2.4.jar
0100640 wazuh-indexer wazuh-indexer    65915 Fri 14 Jan 2022 03:42:09 AM UTC /usr/share/wazuh-indexer/modules/opensearch-dashboards/opensearch-rest-client-1.2.4.jar
0100640 wazuh-indexer wazuh-indexer    67063 Fri 14 Jan 2022 03:42:09 AM UTC /usr/share/wazuh-indexer/modules/opensearch-dashboards/opensearch-ssl-config-1.2.4.jar
0100640 wazuh-indexer wazuh-indexer     1867 Fri 14 Jan 2022 03:42:09 AM UTC /usr/share/wazuh-indexer/modules/opensearch-dashboards/plugin-descriptor.properties
0100640 wazuh-indexer wazuh-indexer   120073 Fri 14 Jan 2022 03:42:09 AM UTC /usr/share/wazuh-indexer/modules/opensearch-dashboards/reindex-client-1.2.4.jar
 040750 wazuh-indexer wazuh-indexer        0 Fri 14 Jan 2022 03:42:09 AM UTC /usr/share/wazuh-indexer/modules/parent-join
0100640 wazuh-indexer wazuh-indexer    87384 Fri 14 Jan 2022 03:42:09 AM UTC /usr/share/wazuh-indexer/modules/parent-join/parent-join-client-1.2.4.jar
0100640 wazuh-indexer wazuh-indexer     1846 Fri 14 Jan 2022 03:42:09 AM UTC /usr/share/wazuh-indexer/modules/parent-join/plugin-descriptor.properties
 040750 wazuh-indexer wazuh-indexer        0 Fri 14 Jan 2022 03:42:09 AM UTC /usr/share/wazuh-indexer/modules/percolator
0100640 wazuh-indexer wazuh-indexer    77525 Fri 14 Jan 2022 03:42:09 AM UTC /usr/share/wazuh-indexer/modules/percolator/percolator-client-1.2.4.jar
0100640 wazuh-indexer wazuh-indexer     1883 Fri 14 Jan 2022 03:42:09 AM UTC /usr/share/wazuh-indexer/modules/percolator/plugin-descriptor.properties
 040750 wazuh-indexer wazuh-indexer        0 Fri 14 Jan 2022 03:42:09 AM UTC /usr/share/wazuh-indexer/modules/rank-eval
0100640 wazuh-indexer wazuh-indexer     1845 Fri 14 Jan 2022 03:42:09 AM UTC /usr/share/wazuh-indexer/modules/rank-eval/plugin-descriptor.properties
0100640 wazuh-indexer wazuh-indexer    82614 Fri 14 Jan 2022 03:42:09 AM UTC /usr/share/wazuh-indexer/modules/rank-eval/rank-eval-client-1.2.4.jar
 040750 wazuh-indexer wazuh-indexer        0 Fri 14 Jan 2022 03:42:09 AM UTC /usr/share/wazuh-indexer/modules/reindex
0100640 wazuh-indexer wazuh-indexer   344339 Fri 14 Jan 2022 03:42:09 AM UTC /usr/share/wazuh-indexer/modules/reindex/commons-codec-1.13.jar
0100640 wazuh-indexer wazuh-indexer    62050 Fri 14 Jan 2022 03:42:09 AM UTC /usr/share/wazuh-indexer/modules/reindex/commons-logging-1.1.3.jar
0100640 wazuh-indexer wazuh-indexer   179964 Fri 14 Jan 2022 03:42:09 AM UTC /usr/share/wazuh-indexer/modules/reindex/httpasyncclient-4.1.4.jar
0100640 wazuh-indexer wazuh-indexer   780321 Fri 14 Jan 2022 03:42:09 AM UTC /usr/share/wazuh-indexer/modules/reindex/httpclient-4.5.13.jar
0100640 wazuh-indexer wazuh-indexer   328347 Fri 14 Jan 2022 03:42:09 AM UTC /usr/share/wazuh-indexer/modules/reindex/httpcore-4.4.12.jar
0100640 wazuh-indexer wazuh-indexer   367672 Fri 14 Jan 2022 03:42:09 AM UTC /usr/share/wazuh-indexer/modules/reindex/httpcore-nio-4.4.12.jar
0100640 wazuh-indexer wazuh-indexer    65915 Fri 14 Jan 2022 03:42:09 AM UTC /usr/share/wazuh-indexer/modules/reindex/opensearch-rest-client-1.2.4.jar
0100640 wazuh-indexer wazuh-indexer    67063 Fri 14 Jan 2022 03:42:09 AM UTC /usr/share/wazuh-indexer/modules/reindex/opensearch-ssl-config-1.2.4.jar
0100640 wazuh-indexer wazuh-indexer     1877 Fri 14 Jan 2022 03:42:09 AM UTC /usr/share/wazuh-indexer/modules/reindex/plugin-descriptor.properties
0100640 wazuh-indexer wazuh-indexer     1577 Fri 14 Jan 2022 03:42:09 AM UTC /usr/share/wazuh-indexer/modules/reindex/plugin-security.policy
0100640 wazuh-indexer wazuh-indexer   120073 Fri 14 Jan 2022 03:42:09 AM UTC /usr/share/wazuh-indexer/modules/reindex/reindex-client-1.2.4.jar
 040750 wazuh-indexer wazuh-indexer        0 Fri 14 Jan 2022 03:42:09 AM UTC /usr/share/wazuh-indexer/modules/repository-url
0100640 wazuh-indexer wazuh-indexer     1828 Fri 14 Jan 2022 03:42:09 AM UTC /usr/share/wazuh-indexer/modules/repository-url/plugin-descriptor.properties
0100640 wazuh-indexer wazuh-indexer     1156 Fri 14 Jan 2022 03:42:09 AM UTC /usr/share/wazuh-indexer/modules/repository-url/plugin-security.policy
0100640 wazuh-indexer wazuh-indexer    15023 Fri 14 Jan 2022 03:42:09 AM UTC /usr/share/wazuh-indexer/modules/repository-url/repository-url-1.2.4.jar
 040750 wazuh-indexer wazuh-indexer        0 Thu 06 Oct 2022 02:32:06 PM UTC /usr/share/wazuh-indexer/modules/systemd
0100640 wazuh-indexer wazuh-indexer     1810 Thu 06 Oct 2022 02:32:06 PM UTC /usr/share/wazuh-indexer/modules/systemd/plugin-descriptor.properties
0100640 wazuh-indexer wazuh-indexer     1234 Thu 06 Oct 2022 02:32:06 PM UTC /usr/share/wazuh-indexer/modules/systemd/plugin-security.policy
0100640 wazuh-indexer wazuh-indexer     9249 Thu 06 Oct 2022 02:32:06 PM UTC /usr/share/wazuh-indexer/modules/systemd/systemd-1.2.4.jar
 040750 wazuh-indexer wazuh-indexer        0 Fri 14 Jan 2022 03:42:09 AM UTC /usr/share/wazuh-indexer/modules/transport-netty4
0100640 wazuh-indexer wazuh-indexer   302380 Fri 14 Jan 2022 03:42:09 AM UTC /usr/share/wazuh-indexer/modules/transport-netty4/netty-buffer-4.1.72.Final.jar
0100640 wazuh-indexer wazuh-indexer   337140 Fri 14 Jan 2022 03:42:09 AM UTC /usr/share/wazuh-indexer/modules/transport-netty4/netty-codec-4.1.72.Final.jar
0100640 wazuh-indexer wazuh-indexer   634468 Fri 14 Jan 2022 03:42:09 AM UTC /usr/share/wazuh-indexer/modules/transport-netty4/netty-codec-http-4.1.72.Final.jar
0100640 wazuh-indexer wazuh-indexer   645991 Fri 14 Jan 2022 03:42:09 AM UTC /usr/share/wazuh-indexer/modules/transport-netty4/netty-common-4.1.72.Final.jar
0100640 wazuh-indexer wazuh-indexer   522647 Fri 14 Jan 2022 03:42:09 AM UTC /usr/share/wazuh-indexer/modules/transport-netty4/netty-handler-4.1.72.Final.jar
0100640 wazuh-indexer wazuh-indexer    37039 Fri 14 Jan 2022 03:42:09 AM UTC /usr/share/wazuh-indexer/modules/transport-netty4/netty-resolver-4.1.72.Final.jar
0100640 wazuh-indexer wazuh-indexer   480837 Fri 14 Jan 2022 03:42:09 AM UTC /usr/share/wazuh-indexer/modules/transport-netty4/netty-transport-4.1.72.Final.jar
0100640 wazuh-indexer wazuh-indexer     1824 Fri 14 Jan 2022 03:42:09 AM UTC /usr/share/wazuh-indexer/modules/transport-netty4/plugin-descriptor.properties
0100640 wazuh-indexer wazuh-indexer     1893 Fri 14 Jan 2022 03:42:09 AM UTC /usr/share/wazuh-indexer/modules/transport-netty4/plugin-security.policy
0100640 wazuh-indexer wazuh-indexer    75614 Fri 14 Jan 2022 03:42:09 AM UTC /usr/share/wazuh-indexer/modules/transport-netty4/transport-netty4-client-1.2.4.jar
 040750 wazuh-indexer wazuh-indexer        0 Fri 14 Jan 2022 03:58:52 AM UTC /usr/share/wazuh-indexer/performance-analyzer-rca
 040750 wazuh-indexer wazuh-indexer        0 Thu 06 Oct 2022 06:34:00 PM UTC /usr/share/wazuh-indexer/performance-analyzer-rca/bin
0100750 wazuh-indexer wazuh-indexer     7263 Fri 14 Jan 2022 03:58:51 AM UTC /usr/share/wazuh-indexer/performance-analyzer-rca/bin/performance-analyzer-rca
 040750 wazuh-indexer wazuh-indexer        0 Fri 14 Jan 2022 03:58:52 AM UTC /usr/share/wazuh-indexer/performance-analyzer-rca/lib
0100640 wazuh-indexer wazuh-indexer     3452 Fri 14 Jan 2022 03:58:51 AM UTC /usr/share/wazuh-indexer/performance-analyzer-rca/lib/animal-sniffer-annotations-1.18.jar
0100640 wazuh-indexer wazuh-indexer     3120 Fri 14 Jan 2022 03:58:51 AM UTC /usr/share/wazuh-indexer/performance-analyzer-rca/lib/annotations-4.1.1.4.jar
0100640 wazuh-indexer wazuh-indexer   887800 Fri 14 Jan 2022 03:58:51 AM UTC /usr/share/wazuh-indexer/performance-analyzer-rca/lib/bcpkix-jdk15on-1.68.jar
0100640 wazuh-indexer wazuh-indexer  5961178 Fri 14 Jan 2022 03:58:51 AM UTC /usr/share/wazuh-indexer/performance-analyzer-rca/lib/bcprov-jdk15on-1.68.jar
0100640 wazuh-indexer wazuh-indexer   201216 Fri 14 Jan 2022 03:58:51 AM UTC /usr/share/wazuh-indexer/performance-analyzer-rca/lib/checker-qual-2.10.0.jar
0100640 wazuh-indexer wazuh-indexer   276413 Fri 14 Jan 2022 03:58:51 AM UTC /usr/share/wazuh-indexer/performance-analyzer-rca/lib/commons-io-2.7.jar
0100640 wazuh-indexer wazuh-indexer   503880 Fri 14 Jan 2022 03:58:51 AM UTC /usr/share/wazuh-indexer/performance-analyzer-rca/lib/commons-lang3-3.9.jar
0100640 wazuh-indexer wazuh-indexer    13879 Fri 14 Jan 2022 03:58:51 AM UTC /usr/share/wazuh-indexer/performance-analyzer-rca/lib/error_prone_annotations-2.3.4.jar
0100640 wazuh-indexer wazuh-indexer     4617 Fri 14 Jan 2022 03:58:51 AM UTC /usr/share/wazuh-indexer/performance-analyzer-rca/lib/failureaccess-1.0.1.jar
0100640 wazuh-indexer wazuh-indexer   224002 Fri 14 Jan 2022 03:58:51 AM UTC /usr/share/wazuh-indexer/performance-analyzer-rca/lib/grpc-api-1.28.0.jar
0100640 wazuh-indexer wazuh-indexer    30071 Fri 14 Jan 2022 03:58:51 AM UTC /usr/share/wazuh-indexer/performance-analyzer-rca/lib/grpc-context-1.28.0.jar
0100640 wazuh-indexer wazuh-indexer   588076 Fri 14 Jan 2022 03:58:51 AM UTC /usr/share/wazuh-indexer/performance-analyzer-rca/lib/grpc-core-1.28.0.jar
0100640 wazuh-indexer wazuh-indexer  7084268 Fri 14 Jan 2022 03:58:52 AM UTC /usr/share/wazuh-indexer/performance-analyzer-rca/lib/grpc-netty-shaded-1.28.0.jar
0100640 wazuh-indexer wazuh-indexer     5177 Fri 14 Jan 2022 03:58:52 AM UTC /usr/share/wazuh-indexer/performance-analyzer-rca/lib/grpc-protobuf-1.28.0.jar
0100640 wazuh-indexer wazuh-indexer     7627 Fri 14 Jan 2022 03:58:52 AM UTC /usr/share/wazuh-indexer/performance-analyzer-rca/lib/grpc-protobuf-lite-1.28.0.jar
0100640 wazuh-indexer wazuh-indexer    47564 Fri 14 Jan 2022 03:58:52 AM UTC /usr/share/wazuh-indexer/performance-analyzer-rca/lib/grpc-stub-1.28.0.jar
0100640 wazuh-indexer wazuh-indexer   240255 Fri 14 Jan 2022 03:58:52 AM UTC /usr/share/wazuh-indexer/performance-analyzer-rca/lib/gson-2.8.6.jar
0100640 wazuh-indexer wazuh-indexer  2788302 Fri 14 Jan 2022 03:58:52 AM UTC /usr/share/wazuh-indexer/performance-analyzer-rca/lib/guava-28.2-jre.jar
0100640 wazuh-indexer wazuh-indexer     8781 Fri 14 Jan 2022 03:58:52 AM UTC /usr/share/wazuh-indexer/performance-analyzer-rca/lib/j2objc-annotations-1.3.jar
0100640 wazuh-indexer wazuh-indexer    72086 Fri 14 Jan 2022 03:58:52 AM UTC /usr/share/wazuh-indexer/performance-analyzer-rca/lib/jackson-annotations-2.11.4.jar
0100640 wazuh-indexer wazuh-indexer   351519 Fri 14 Jan 2022 03:58:52 AM UTC /usr/share/wazuh-indexer/performance-analyzer-rca/lib/jackson-core-2.11.4.jar
0100640 wazuh-indexer wazuh-indexer  1421841 Fri 14 Jan 2022 03:58:52 AM UTC /usr/share/wazuh-indexer/performance-analyzer-rca/lib/jackson-databind-2.11.4.jar
0100640 wazuh-indexer wazuh-indexer    26586 Fri 14 Jan 2022 03:58:52 AM UTC /usr/share/wazuh-indexer/performance-analyzer-rca/lib/javax.annotation-api-1.3.2.jar
0100640 wazuh-indexer wazuh-indexer  2117677 Fri 14 Jan 2022 03:58:52 AM UTC /usr/share/wazuh-indexer/performance-analyzer-rca/lib/jooq-3.10.8.jar
0100640 wazuh-indexer wazuh-indexer    19936 Fri 14 Jan 2022 03:58:52 AM UTC /usr/share/wazuh-indexer/performance-analyzer-rca/lib/jsr305-3.0.2.jar
0100640 wazuh-indexer wazuh-indexer     2199 Fri 14 Jan 2022 03:58:52 AM UTC /usr/share/wazuh-indexer/performance-analyzer-rca/lib/listenablefuture-9999.0-empty-to-avoid-conflict-with-guava.jar
0100640 wazuh-indexer wazuh-indexer   301872 Fri 14 Jan 2022 03:58:52 AM UTC /usr/share/wazuh-indexer/performance-analyzer-rca/lib/log4j-api-2.17.1.jar
0100640 wazuh-indexer wazuh-indexer  1790452 Fri 14 Jan 2022 03:58:52 AM UTC /usr/share/wazuh-indexer/performance-analyzer-rca/lib/log4j-core-2.17.1.jar
0100640 wazuh-indexer wazuh-indexer     4693 Fri 14 Jan 2022 03:58:52 AM UTC /usr/share/wazuh-indexer/performance-analyzer-rca/lib/perfmark-api-0.19.0.jar
0100640 wazuh-indexer wazuh-indexer  1539094 Fri 14 Jan 2022 03:58:52 AM UTC /usr/share/wazuh-indexer/performance-analyzer-rca/lib/performance-analyzer-rca-1.2.4.0.jar
0100640 wazuh-indexer wazuh-indexer  1340328 Fri 14 Jan 2022 03:58:52 AM UTC /usr/share/wazuh-indexer/performance-analyzer-rca/lib/proto-google-common-protos-1.17.0.jar
0100640 wazuh-indexer wazuh-indexer  1660957 Fri 14 Jan 2022 03:58:52 AM UTC /usr/share/wazuh-indexer/performance-analyzer-rca/lib/protobuf-java-3.11.0.jar
0100640 wazuh-indexer wazuh-indexer  7210681 Fri 14 Jan 2022 03:58:52 AM UTC /usr/share/wazuh-indexer/performance-analyzer-rca/lib/sqlite-jdbc-3.32.3.2.jar
 040750 wazuh-indexer wazuh-indexer        0 Fri 14 Jan 2022 03:58:52 AM UTC /usr/share/wazuh-indexer/performance-analyzer-rca/pa_bin
0100750 wazuh-indexer wazuh-indexer     1320 Fri 14 Jan 2022 03:58:52 AM UTC /usr/share/wazuh-indexer/performance-analyzer-rca/pa_bin/performance-analyzer-agent
 040750 wazuh-indexer wazuh-indexer        0 Fri 14 Jan 2022 03:58:52 AM UTC /usr/share/wazuh-indexer/performance-analyzer-rca/pa_config
0100640 wazuh-indexer wazuh-indexer      104 Fri 14 Jan 2022 03:58:52 AM UTC /usr/share/wazuh-indexer/performance-analyzer-rca/pa_config/agent-stats-metadata
0100640 wazuh-indexer wazuh-indexer     2062 Fri 14 Jan 2022 03:58:52 AM UTC /usr/share/wazuh-indexer/performance-analyzer-rca/pa_config/log4j2.xml
0100640 wazuh-indexer wazuh-indexer      276 Fri 14 Jan 2022 03:58:52 AM UTC /usr/share/wazuh-indexer/performance-analyzer-rca/pa_config/opensearch_security.policy
0100640 wazuh-indexer wazuh-indexer     1668 Fri 14 Jan 2022 03:58:52 AM UTC /usr/share/wazuh-indexer/performance-analyzer-rca/pa_config/performance-analyzer.properties
0100640 wazuh-indexer wazuh-indexer      106 Fri 14 Jan 2022 03:58:52 AM UTC /usr/share/wazuh-indexer/performance-analyzer-rca/pa_config/plugin-stats-metadata
0100640 wazuh-indexer wazuh-indexer     2977 Fri 14 Jan 2022 03:58:52 AM UTC /usr/share/wazuh-indexer/performance-analyzer-rca/pa_config/rca.conf
0100640 wazuh-indexer wazuh-indexer     4394 Fri 14 Jan 2022 03:58:52 AM UTC /usr/share/wazuh-indexer/performance-analyzer-rca/pa_config/rca_idle_master.conf
0100640 wazuh-indexer wazuh-indexer     4389 Fri 14 Jan 2022 03:58:52 AM UTC /usr/share/wazuh-indexer/performance-analyzer-rca/pa_config/rca_master.conf
0100640 wazuh-indexer wazuh-indexer     1313 Fri 14 Jan 2022 03:58:52 AM UTC /usr/share/wazuh-indexer/performance-analyzer-rca/pa_config/supervisord.conf
 040750 wazuh-indexer wazuh-indexer        0 Fri 14 Jan 2022 03:59:04 AM UTC /usr/share/wazuh-indexer/plugins
 040750 wazuh-indexer wazuh-indexer        0 Fri 14 Jan 2022 03:58:40 AM UTC /usr/share/wazuh-indexer/plugins/opensearch-alerting
0100640 wazuh-indexer wazuh-indexer    62983 Fri 14 Jan 2022 03:58:40 AM UTC /usr/share/wazuh-indexer/plugins/opensearch-alerting/activation-1.1.jar
0100640 wazuh-indexer wazuh-indexer   137914 Fri 14 Jan 2022 03:58:40 AM UTC /usr/share/wazuh-indexer/plugins/opensearch-alerting/alerting-core-1.2.4.0.jar
0100640 wazuh-indexer wazuh-indexer    36406 Fri 14 Jan 2022 03:58:40 AM UTC /usr/share/wazuh-indexer/plugins/opensearch-alerting/alerting-notification-1.2.4.0.jar
0100640 wazuh-indexer wazuh-indexer    17536 Fri 14 Jan 2022 03:58:40 AM UTC /usr/share/wazuh-indexer/plugins/opensearch-alerting/annotations-13.0.jar
0100640 wazuh-indexer wazuh-indexer   214381 Fri 14 Jan 2022 03:58:40 AM UTC /usr/share/wazuh-indexer/plugins/opensearch-alerting/checker-qual-3.5.0.jar
0100640 wazuh-indexer wazuh-indexer   360771 Fri 14 Jan 2022 03:58:40 AM UTC /usr/share/wazuh-indexer/plugins/opensearch-alerting/common-utils-1.2.4.0.jar
0100640 wazuh-indexer wazuh-indexer   344339 Fri 14 Jan 2022 03:58:40 AM UTC /usr/share/wazuh-indexer/plugins/opensearch-alerting/commons-codec-1.13.jar
0100640 wazuh-indexer wazuh-indexer    62050 Fri 14 Jan 2022 03:58:40 AM UTC /usr/share/wazuh-indexer/plugins/opensearch-alerting/commons-logging-1.1.3.jar
0100640 wazuh-indexer wazuh-indexer   167731 Fri 14 Jan 2022 03:58:40 AM UTC /usr/share/wazuh-indexer/plugins/opensearch-alerting/cron-utils-9.1.6.jar
0100640 wazuh-indexer wazuh-indexer    13879 Fri 14 Jan 2022 03:58:40 AM UTC /usr/share/wazuh-indexer/plugins/opensearch-alerting/error_prone_annotations-2.3.4.jar
0100640 wazuh-indexer wazuh-indexer     4617 Fri 14 Jan 2022 03:58:40 AM UTC /usr/share/wazuh-indexer/plugins/opensearch-alerting/failureaccess-1.0.1.jar
0100640 wazuh-indexer wazuh-indexer   250108 Fri 14 Jan 2022 03:58:40 AM UTC /usr/share/wazuh-indexer/plugins/opensearch-alerting/google-java-format-1.10.0.jar
0100640 wazuh-indexer wazuh-indexer  2858426 Fri 14 Jan 2022 03:58:40 AM UTC /usr/share/wazuh-indexer/plugins/opensearch-alerting/guava-30.0-jre.jar
0100640 wazuh-indexer wazuh-indexer   179964 Fri 14 Jan 2022 03:58:40 AM UTC /usr/share/wazuh-indexer/plugins/opensearch-alerting/httpasyncclient-4.1.4.jar
0100640 wazuh-indexer wazuh-indexer   780321 Fri 14 Jan 2022 03:58:40 AM UTC /usr/share/wazuh-indexer/plugins/opensearch-alerting/httpclient-4.5.13.jar
0100640 wazuh-indexer wazuh-indexer   328347 Fri 14 Jan 2022 03:58:40 AM UTC /usr/share/wazuh-indexer/plugins/opensearch-alerting/httpcore-4.4.12.jar
0100640 wazuh-indexer wazuh-indexer   367672 Fri 14 Jan 2022 03:58:40 AM UTC /usr/share/wazuh-indexer/plugins/opensearch-alerting/httpcore-nio-4.4.12.jar
0100640 wazuh-indexer wazuh-indexer   869040 Fri 14 Jan 2022 03:58:40 AM UTC /usr/share/wazuh-indexer/plugins/opensearch-alerting/ipaddress-5.3.3.jar
0100640 wazuh-indexer wazuh-indexer     8781 Fri 14 Jan 2022 03:58:40 AM UTC /usr/share/wazuh-indexer/plugins/opensearch-alerting/j2objc-annotations-1.3.jar
0100640 wazuh-indexer wazuh-indexer   782774 Fri 14 Jan 2022 03:58:40 AM UTC /usr/share/wazuh-indexer/plugins/opensearch-alerting/javassist-3.27.0-GA.jar
0100640 wazuh-indexer wazuh-indexer   224014 Fri 14 Jan 2022 03:58:40 AM UTC /usr/share/wazuh-indexer/plugins/opensearch-alerting/javax.el-3.0.0.jar
0100640 wazuh-indexer wazuh-indexer   659031 Fri 14 Jan 2022 03:58:40 AM UTC /usr/share/wazuh-indexer/plugins/opensearch-alerting/javax.mail-1.6.2.jar
0100640 wazuh-indexer wazuh-indexer    19936 Fri 14 Jan 2022 03:58:40 AM UTC /usr/share/wazuh-indexer/plugins/opensearch-alerting/jsr305-3.0.2.jar
0100640 wazuh-indexer wazuh-indexer  1379873 Fri 14 Jan 2022 03:58:40 AM UTC /usr/share/wazuh-indexer/plugins/opensearch-alerting/kotlin-stdlib-1.3.72.jar
0100640 wazuh-indexer wazuh-indexer   179598 Fri 14 Jan 2022 03:58:40 AM UTC /usr/share/wazuh-indexer/plugins/opensearch-alerting/kotlin-stdlib-common-1.3.72.jar
0100640 wazuh-indexer wazuh-indexer     3130 Fri 14 Jan 2022 03:58:40 AM UTC /usr/share/wazuh-indexer/plugins/opensearch-alerting/kotlin-stdlib-jdk7-1.3.72.jar
0100640 wazuh-indexer wazuh-indexer    15479 Fri 14 Jan 2022 03:58:40 AM UTC /usr/share/wazuh-indexer/plugins/opensearch-alerting/kotlin-stdlib-jdk8-1.3.72.jar
0100640 wazuh-indexer wazuh-indexer   816013 Fri 14 Jan 2022 03:58:40 AM UTC /usr/share/wazuh-indexer/plugins/opensearch-alerting/kotlinx-coroutines-core-1.1.1.jar
0100640 wazuh-indexer wazuh-indexer    96495 Fri 14 Jan 2022 03:58:40 AM UTC /usr/share/wazuh-indexer/plugins/opensearch-alerting/kotlinx-coroutines-core-common-1.1.1.jar
0100640 wazuh-indexer wazuh-indexer     2199 Fri 14 Jan 2022 03:58:40 AM UTC /usr/share/wazuh-indexer/plugins/opensearch-alerting/listenablefuture-9999.0-empty-to-avoid-conflict-with-guava.jar
0100640 wazuh-indexer wazuh-indexer  1020424 Fri 14 Jan 2022 03:58:40 AM UTC /usr/share/wazuh-indexer/plugins/opensearch-alerting/opensearch-alerting-1.2.4.0.jar
0100640 wazuh-indexer wazuh-indexer    65915 Fri 14 Jan 2022 03:58:40 AM UTC /usr/share/wazuh-indexer/plugins/opensearch-alerting/opensearch-rest-client-1.2.4.jar
0100640 wazuh-indexer wazuh-indexer     1838 Fri 14 Jan 2022 03:58:40 AM UTC /usr/share/wazuh-indexer/plugins/opensearch-alerting/plugin-descriptor.properties
0100640 wazuh-indexer wazuh-indexer      327 Fri 14 Jan 2022 03:58:40 AM UTC /usr/share/wazuh-indexer/plugins/opensearch-alerting/plugin-security.policy
0100640 wazuh-indexer wazuh-indexer    41472 Fri 14 Jan 2022 03:58:40 AM UTC /usr/share/wazuh-indexer/plugins/opensearch-alerting/slf4j-api-1.7.30.jar
 040750 wazuh-indexer wazuh-indexer        0 Fri 14 Jan 2022 03:58:54 AM UTC /usr/share/wazuh-indexer/plugins/opensearch-anomaly-detection
0100640 wazuh-indexer wazuh-indexer   201116 Fri 14 Jan 2022 03:58:54 AM UTC /usr/share/wazuh-indexer/plugins/opensearch-anomaly-detection/checker-qual-2.11.1.jar
0100640 wazuh-indexer wazuh-indexer   360771 Fri 14 Jan 2022 03:58:54 AM UTC /usr/share/wazuh-indexer/plugins/opensearch-anomaly-detection/common-utils-1.2.4.0.jar
0100640 wazuh-indexer wazuh-indexer   344339 Fri 14 Jan 2022 03:58:54 AM UTC /usr/share/wazuh-indexer/plugins/opensearch-anomaly-detection/commons-codec-1.13.jar
0100640 wazuh-indexer wazuh-indexer   284220 Fri 14 Jan 2022 03:58:54 AM UTC /usr/share/wazuh-indexer/plugins/opensearch-anomaly-detection/commons-lang-2.6.jar
0100640 wazuh-indexer wazuh-indexer   587402 Fri 14 Jan 2022 03:58:54 AM UTC /usr/share/wazuh-indexer/plugins/opensearch-anomaly-detection/commons-lang3-3.12.0.jar
0100640 wazuh-indexer wazuh-indexer    62050 Fri 14 Jan 2022 03:58:54 AM UTC /usr/share/wazuh-indexer/plugins/opensearch-anomaly-detection/commons-logging-1.1.3.jar
0100640 wazuh-indexer wazuh-indexer  2213560 Fri 14 Jan 2022 03:58:54 AM UTC /usr/share/wazuh-indexer/plugins/opensearch-anomaly-detection/commons-math3-3.6.1.jar
0100640 wazuh-indexer wazuh-indexer   141192 Fri 14 Jan 2022 03:58:54 AM UTC /usr/share/wazuh-indexer/plugins/opensearch-anomaly-detection/commons-pool2-2.10.0.jar
0100640 wazuh-indexer wazuh-indexer    13879 Fri 14 Jan 2022 03:58:54 AM UTC /usr/share/wazuh-indexer/plugins/opensearch-anomaly-detection/error_prone_annotations-2.3.4.jar
0100640 wazuh-indexer wazuh-indexer     4617 Fri 14 Jan 2022 03:58:54 AM UTC /usr/share/wazuh-indexer/plugins/opensearch-anomaly-detection/failureaccess-1.0.1.jar
0100640 wazuh-indexer wazuh-indexer   258075 Fri 14 Jan 2022 03:58:54 AM UTC /usr/share/wazuh-indexer/plugins/opensearch-anomaly-detection/gson-2.8.9.jar
0100640 wazuh-indexer wazuh-indexer  2792264 Fri 14 Jan 2022 03:58:54 AM UTC /usr/share/wazuh-indexer/plugins/opensearch-anomaly-detection/guava-29.0-jre.jar
0100640 wazuh-indexer wazuh-indexer   179964 Fri 14 Jan 2022 03:58:54 AM UTC /usr/share/wazuh-indexer/plugins/opensearch-anomaly-detection/httpasyncclient-4.1.4.jar
0100640 wazuh-indexer wazuh-indexer   780321 Fri 14 Jan 2022 03:58:54 AM UTC /usr/share/wazuh-indexer/plugins/opensearch-anomaly-detection/httpclient-4.5.13.jar
0100640 wazuh-indexer wazuh-indexer   328347 Fri 14 Jan 2022 03:58:54 AM UTC /usr/share/wazuh-indexer/plugins/opensearch-anomaly-detection/httpcore-4.4.12.jar
0100640 wazuh-indexer wazuh-indexer   367672 Fri 14 Jan 2022 03:58:54 AM UTC /usr/share/wazuh-indexer/plugins/opensearch-anomaly-detection/httpcore-nio-4.4.12.jar
0100640 wazuh-indexer wazuh-indexer     8781 Fri 14 Jan 2022 03:58:54 AM UTC /usr/share/wazuh-indexer/plugins/opensearch-anomaly-detection/j2objc-annotations-1.3.jar
0100640 wazuh-indexer wazuh-indexer    72086 Fri 14 Jan 2022 03:58:54 AM UTC /usr/share/wazuh-indexer/plugins/opensearch-anomaly-detection/jackson-annotations-2.11.4.jar
0100640 wazuh-indexer wazuh-indexer  1421841 Fri 14 Jan 2022 03:58:54 AM UTC /usr/share/wazuh-indexer/plugins/opensearch-anomaly-detection/jackson-databind-2.11.4.jar
0100640 wazuh-indexer wazuh-indexer    19936 Fri 14 Jan 2022 03:58:54 AM UTC /usr/share/wazuh-indexer/plugins/opensearch-anomaly-detection/jsr305-3.0.2.jar
0100640 wazuh-indexer wazuh-indexer     2199 Fri 14 Jan 2022 03:58:54 AM UTC /usr/share/wazuh-indexer/plugins/opensearch-anomaly-detection/listenablefuture-9999.0-empty-to-avoid-conflict-with-guava.jar
0100640 wazuh-indexer wazuh-indexer   104254 Fri 14 Jan 2022 03:58:54 AM UTC /usr/share/wazuh-indexer/plugins/opensearch-anomaly-detection/memory-0.12.2.jar
0100640 wazuh-indexer wazuh-indexer   978335 Fri 14 Jan 2022 03:58:54 AM UTC /usr/share/wazuh-indexer/plugins/opensearch-anomaly-detection/opensearch-anomaly-detection-1.2.4.0.jar
0100640 wazuh-indexer wazuh-indexer    65915 Fri 14 Jan 2022 03:58:54 AM UTC /usr/share/wazuh-indexer/plugins/opensearch-anomaly-detection/opensearch-rest-client-1.2.4.jar
0100640 wazuh-indexer wazuh-indexer   257404 Fri 14 Jan 2022 03:58:54 AM UTC /usr/share/wazuh-indexer/plugins/opensearch-anomaly-detection/org.jacoco.agent-0.8.5.jar
0100640 wazuh-indexer wazuh-indexer    35400 Fri 14 Jan 2022 03:58:54 AM UTC /usr/share/wazuh-indexer/plugins/opensearch-anomaly-detection/org.jacoco.ant-0.8.5.jar
0100640 wazuh-indexer wazuh-indexer   195469 Fri 14 Jan 2022 03:58:54 AM UTC /usr/share/wazuh-indexer/plugins/opensearch-anomaly-detection/org.jacoco.core-0.8.5.jar
0100640 wazuh-indexer wazuh-indexer   128895 Fri 14 Jan 2022 03:58:54 AM UTC /usr/share/wazuh-indexer/plugins/opensearch-anomaly-detection/org.jacoco.report-0.8.5.jar
0100640 wazuh-indexer wazuh-indexer     1874 Fri 14 Jan 2022 03:58:54 AM UTC /usr/share/wazuh-indexer/plugins/opensearch-anomaly-detection/plugin-descriptor.properties
0100640 wazuh-indexer wazuh-indexer     1015 Fri 14 Jan 2022 03:58:54 AM UTC /usr/share/wazuh-indexer/plugins/opensearch-anomaly-detection/plugin-security.policy
0100640 wazuh-indexer wazuh-indexer    59334 Fri 14 Jan 2022 03:58:54 AM UTC /usr/share/wazuh-indexer/plugins/opensearch-anomaly-detection/protostuff-api-1.7.4.jar
0100640 wazuh-indexer wazuh-indexer    53597 Fri 14 Jan 2022 03:58:54 AM UTC /usr/share/wazuh-indexer/plugins/opensearch-anomaly-detection/protostuff-collectionschema-1.7.4.jar
0100640 wazuh-indexer wazuh-indexer    64631 Fri 14 Jan 2022 03:58:54 AM UTC /usr/share/wazuh-indexer/plugins/opensearch-anomaly-detection/protostuff-core-1.7.4.jar
0100640 wazuh-indexer wazuh-indexer   443130 Fri 14 Jan 2022 03:58:54 AM UTC /usr/share/wazuh-indexer/plugins/opensearch-anomaly-detection/protostuff-runtime-1.7.4.jar
0100640 wazuh-indexer wazuh-indexer   265097 Fri 14 Jan 2022 03:58:54 AM UTC /usr/share/wazuh-indexer/plugins/opensearch-anomaly-detection/randomcutforest-core-2.0.1.jar
0100640 wazuh-indexer wazuh-indexer    72442 Fri 14 Jan 2022 03:58:54 AM UTC /usr/share/wazuh-indexer/plugins/opensearch-anomaly-detection/randomcutforest-parkservices-2.0.1.jar
0100640 wazuh-indexer wazuh-indexer    15807 Fri 14 Jan 2022 03:58:54 AM UTC /usr/share/wazuh-indexer/plugins/opensearch-anomaly-detection/randomcutforest-serialization-2.0.1.jar
0100640 wazuh-indexer wazuh-indexer   673257 Fri 14 Jan 2022 03:58:54 AM UTC /usr/share/wazuh-indexer/plugins/opensearch-anomaly-detection/sketches-core-0.13.4.jar
0100640 wazuh-indexer wazuh-indexer    41203 Fri 14 Jan 2022 03:58:54 AM UTC /usr/share/wazuh-indexer/plugins/opensearch-anomaly-detection/slf4j-api-1.7.25.jar
 040750 wazuh-indexer wazuh-indexer        0 Fri 14 Jan 2022 03:58:42 AM UTC /usr/share/wazuh-indexer/plugins/opensearch-asynchronous-search
0100640 wazuh-indexer wazuh-indexer   360771 Fri 14 Jan 2022 03:58:42 AM UTC /usr/share/wazuh-indexer/plugins/opensearch-asynchronous-search/common-utils-1.2.4.0.jar
0100640 wazuh-indexer wazuh-indexer   168856 Fri 14 Jan 2022 03:58:42 AM UTC /usr/share/wazuh-indexer/plugins/opensearch-asynchronous-search/opensearch-asynchronous-search-1.2.4.0.jar
0100640 wazuh-indexer wazuh-indexer     1871 Fri 14 Jan 2022 03:58:42 AM UTC /usr/share/wazuh-indexer/plugins/opensearch-asynchronous-search/plugin-descriptor.properties
0100640 wazuh-indexer wazuh-indexer      326 Fri 14 Jan 2022 03:58:42 AM UTC /usr/share/wazuh-indexer/plugins/opensearch-asynchronous-search/plugin-security.policy
 040750 wazuh-indexer wazuh-indexer        0 Fri 14 Jan 2022 03:58:56 AM UTC /usr/share/wazuh-indexer/plugins/opensearch-cross-cluster-replication
0100640 wazuh-indexer wazuh-indexer    17536 Fri 14 Jan 2022 03:58:56 AM UTC /usr/share/wazuh-indexer/plugins/opensearch-cross-cluster-replication/annotations-13.0.jar
0100640 wazuh-indexer wazuh-indexer   360771 Fri 14 Jan 2022 03:58:56 AM UTC /usr/share/wazuh-indexer/plugins/opensearch-cross-cluster-replication/common-utils-1.2.4.0.jar
0100640 wazuh-indexer wazuh-indexer   869040 Fri 14 Jan 2022 03:58:56 AM UTC /usr/share/wazuh-indexer/plugins/opensearch-cross-cluster-replication/ipaddress-5.3.3.jar
0100640 wazuh-indexer wazuh-indexer  1379873 Fri 14 Jan 2022 03:58:56 AM UTC /usr/share/wazuh-indexer/plugins/opensearch-cross-cluster-replication/kotlin-stdlib-1.3.72.jar
0100640 wazuh-indexer wazuh-indexer   179598 Fri 14 Jan 2022 03:58:56 AM UTC /usr/share/wazuh-indexer/plugins/opensearch-cross-cluster-replication/kotlin-stdlib-common-1.3.72.jar
0100640 wazuh-indexer wazuh-indexer     3130 Fri 14 Jan 2022 03:58:56 AM UTC /usr/share/wazuh-indexer/plugins/opensearch-cross-cluster-replication/kotlin-stdlib-jdk7-1.3.72.jar
0100640 wazuh-indexer wazuh-indexer    15479 Fri 14 Jan 2022 03:58:56 AM UTC /usr/share/wazuh-indexer/plugins/opensearch-cross-cluster-replication/kotlin-stdlib-jdk8-1.3.72.jar
0100640 wazuh-indexer wazuh-indexer  1559331 Fri 14 Jan 2022 03:58:56 AM UTC /usr/share/wazuh-indexer/plugins/opensearch-cross-cluster-replication/kotlinx-coroutines-core-1.3.5.jar
0100640 wazuh-indexer wazuh-indexer  1311161 Fri 14 Jan 2022 03:58:56 AM UTC /usr/share/wazuh-indexer/plugins/opensearch-cross-cluster-replication/opensearch-cross-cluster-replication-1.2.4.0.jar
0100640 wazuh-indexer wazuh-indexer     1858 Fri 14 Jan 2022 03:58:56 AM UTC /usr/share/wazuh-indexer/plugins/opensearch-cross-cluster-replication/plugin-descriptor.properties
 040750 wazuh-indexer wazuh-indexer        0 Fri 14 Jan 2022 03:58:44 AM UTC /usr/share/wazuh-indexer/plugins/opensearch-index-management
0100640 wazuh-indexer wazuh-indexer    17536 Fri 14 Jan 2022 03:58:44 AM UTC /usr/share/wazuh-indexer/plugins/opensearch-index-management/annotations-13.0.jar
0100640 wazuh-indexer wazuh-indexer   360771 Fri 14 Jan 2022 03:58:44 AM UTC /usr/share/wazuh-indexer/plugins/opensearch-index-management/common-utils-1.2.4.0.jar
0100640 wazuh-indexer wazuh-indexer   869040 Fri 14 Jan 2022 03:58:44 AM UTC /usr/share/wazuh-indexer/plugins/opensearch-index-management/ipaddress-5.3.3.jar
0100640 wazuh-indexer wazuh-indexer  1487084 Fri 14 Jan 2022 03:58:44 AM UTC /usr/share/wazuh-indexer/plugins/opensearch-index-management/kotlin-stdlib-1.4.0.jar
0100640 wazuh-indexer wazuh-indexer   191212 Fri 14 Jan 2022 03:58:44 AM UTC /usr/share/wazuh-indexer/plugins/opensearch-index-management/kotlin-stdlib-common-1.4.0.jar
0100640 wazuh-indexer wazuh-indexer     3986 Fri 14 Jan 2022 03:58:44 AM UTC /usr/share/wazuh-indexer/plugins/opensearch-index-management/kotlin-stdlib-jdk7-1.4.0.jar
0100640 wazuh-indexer wazuh-indexer    16231 Fri 14 Jan 2022 03:58:44 AM UTC /usr/share/wazuh-indexer/plugins/opensearch-index-management/kotlin-stdlib-jdk8-1.4.0.jar
0100640 wazuh-indexer wazuh-indexer  1668476 Fri 14 Jan 2022 03:58:44 AM UTC /usr/share/wazuh-indexer/plugins/opensearch-index-management/kotlinx-coroutines-core-jvm-1.3.9.jar
0100640 wazuh-indexer wazuh-indexer  2333233 Fri 14 Jan 2022 03:58:44 AM UTC /usr/share/wazuh-indexer/plugins/opensearch-index-management/notification-1.2.4.0.jar
0100640 wazuh-indexer wazuh-indexer  2210475 Fri 14 Jan 2022 03:58:44 AM UTC /usr/share/wazuh-indexer/plugins/opensearch-index-management/opensearch-index-management-1.2.4.0.jar
0100640 wazuh-indexer wazuh-indexer     1872 Fri 14 Jan 2022 03:58:44 AM UTC /usr/share/wazuh-indexer/plugins/opensearch-index-management/plugin-descriptor.properties
0100640 wazuh-indexer wazuh-indexer      327 Fri 14 Jan 2022 03:58:44 AM UTC /usr/share/wazuh-indexer/plugins/opensearch-index-management/plugin-security.policy
 040750 wazuh-indexer wazuh-indexer        0 Fri 14 Jan 2022 03:58:38 AM UTC /usr/share/wazuh-indexer/plugins/opensearch-job-scheduler
0100640 wazuh-indexer wazuh-indexer    32116 Fri 14 Jan 2022 03:58:38 AM UTC /usr/share/wazuh-indexer/plugins/opensearch-job-scheduler/opensearch-job-scheduler-1.2.4.0.jar
0100640 wazuh-indexer wazuh-indexer  1252289 Fri 14 Jan 2022 03:58:38 AM UTC /usr/share/wazuh-indexer/plugins/opensearch-job-scheduler/opensearch-job-scheduler-spi-1.2.4.0.jar
0100640 wazuh-indexer wazuh-indexer     1836 Fri 14 Jan 2022 03:58:38 AM UTC /usr/share/wazuh-indexer/plugins/opensearch-job-scheduler/plugin-descriptor.properties
 040750 wazuh-indexer wazuh-indexer        0 Fri 14 Jan 2022 03:58:46 AM UTC /usr/share/wazuh-indexer/plugins/opensearch-knn
0100640 wazuh-indexer wazuh-indexer   201116 Fri 14 Jan 2022 03:58:46 AM UTC /usr/share/wazuh-indexer/plugins/opensearch-knn/checker-qual-2.11.1.jar
0100640 wazuh-indexer wazuh-indexer   284220 Fri 14 Jan 2022 03:58:46 AM UTC /usr/share/wazuh-indexer/plugins/opensearch-knn/commons-lang-2.6.jar
0100640 wazuh-indexer wazuh-indexer    13879 Fri 14 Jan 2022 03:58:46 AM UTC /usr/share/wazuh-indexer/plugins/opensearch-knn/error_prone_annotations-2.3.4.jar
0100640 wazuh-indexer wazuh-indexer     4617 Fri 14 Jan 2022 03:58:46 AM UTC /usr/share/wazuh-indexer/plugins/opensearch-knn/failureaccess-1.0.1.jar
0100640 wazuh-indexer wazuh-indexer  2792264 Fri 14 Jan 2022 03:58:46 AM UTC /usr/share/wazuh-indexer/plugins/opensearch-knn/guava-29.0-jre.jar
0100640 wazuh-indexer wazuh-indexer     8781 Fri 14 Jan 2022 03:58:46 AM UTC /usr/share/wazuh-indexer/plugins/opensearch-knn/j2objc-annotations-1.3.jar
0100640 wazuh-indexer wazuh-indexer    19936 Fri 14 Jan 2022 03:58:46 AM UTC /usr/share/wazuh-indexer/plugins/opensearch-knn/jsr305-3.0.2.jar
 040750 wazuh-indexer wazuh-indexer        0 Thu 06 Oct 2022 06:33:58 PM UTC /usr/share/wazuh-indexer/plugins/opensearch-knn/knnlib
0100640 wazuh-indexer wazuh-indexer   154840 Fri 14 Jan 2022 03:58:46 AM UTC /usr/share/wazuh-indexer/plugins/opensearch-knn/knnlib/libgomp.so.1
0100640 wazuh-indexer wazuh-indexer    58544 Thu 06 Oct 2022 06:33:58 PM UTC /usr/share/wazuh-indexer/plugins/opensearch-knn/knnlib/libopensearchknn_common.so
0100640 wazuh-indexer wazuh-indexer 27429016 Thu 06 Oct 2022 06:33:58 PM UTC /usr/share/wazuh-indexer/plugins/opensearch-knn/knnlib/libopensearchknn_faiss.so
0100640 wazuh-indexer wazuh-indexer  2403144 Thu 06 Oct 2022 06:33:58 PM UTC /usr/share/wazuh-indexer/plugins/opensearch-knn/knnlib/libopensearchknn_nmslib.so
0100640 wazuh-indexer wazuh-indexer     2199 Fri 14 Jan 2022 03:58:46 AM UTC /usr/share/wazuh-indexer/plugins/opensearch-knn/listenablefuture-9999.0-empty-to-avoid-conflict-with-guava.jar
0100640 wazuh-indexer wazuh-indexer   318564 Fri 14 Jan 2022 03:58:46 AM UTC /usr/share/wazuh-indexer/plugins/opensearch-knn/opensearch-knn-1.2.4.0.jar
0100640 wazuh-indexer wazuh-indexer     1819 Fri 14 Jan 2022 03:58:46 AM UTC /usr/share/wazuh-indexer/plugins/opensearch-knn/plugin-descriptor.properties
0100640 wazuh-indexer wazuh-indexer      233 Fri 14 Jan 2022 03:58:46 AM UTC /usr/share/wazuh-indexer/plugins/opensearch-knn/plugin-security.policy
 040750 wazuh-indexer wazuh-indexer        0 Fri 14 Jan 2022 03:59:04 AM UTC /usr/share/wazuh-indexer/plugins/opensearch-observability
0100640 wazuh-indexer wazuh-indexer    17536 Fri 14 Jan 2022 03:59:03 AM UTC /usr/share/wazuh-indexer/plugins/opensearch-observability/annotations-13.0.jar
0100640 wazuh-indexer wazuh-indexer   360771 Fri 14 Jan 2022 03:59:03 AM UTC /usr/share/wazuh-indexer/plugins/opensearch-observability/common-utils-1.2.4.0.jar
0100640 wazuh-indexer wazuh-indexer  2172168 Fri 14 Jan 2022 03:59:03 AM UTC /usr/share/wazuh-indexer/plugins/opensearch-observability/guava-15.0.jar
0100640 wazuh-indexer wazuh-indexer  1487084 Fri 14 Jan 2022 03:59:03 AM UTC /usr/share/wazuh-indexer/plugins/opensearch-observability/kotlin-stdlib-1.4.0.jar
0100640 wazuh-indexer wazuh-indexer   191212 Fri 14 Jan 2022 03:59:03 AM UTC /usr/share/wazuh-indexer/plugins/opensearch-observability/kotlin-stdlib-common-1.4.0.jar
0100640 wazuh-indexer wazuh-indexer  1668476 Fri 14 Jan 2022 03:59:03 AM UTC /usr/share/wazuh-indexer/plugins/opensearch-observability/kotlinx-coroutines-core-jvm-1.3.9.jar
0100640 wazuh-indexer wazuh-indexer   326138 Fri 14 Jan 2022 03:59:02 AM UTC /usr/share/wazuh-indexer/plugins/opensearch-observability/opensearch-observability-1.2.4.0.jar
0100640 wazuh-indexer wazuh-indexer     1864 Fri 14 Jan 2022 03:59:02 AM UTC /usr/share/wazuh-indexer/plugins/opensearch-observability/plugin-descriptor.properties
0100640 wazuh-indexer wazuh-indexer      411 Fri 14 Jan 2022 03:59:02 AM UTC /usr/share/wazuh-indexer/plugins/opensearch-observability/plugin-security.policy
 040750 wazuh-indexer wazuh-indexer        0 Fri 14 Jan 2022 03:58:53 AM UTC /usr/share/wazuh-indexer/plugins/opensearch-performance-analyzer
0100640 wazuh-indexer wazuh-indexer     3452 Fri 14 Jan 2022 03:58:51 AM UTC /usr/share/wazuh-indexer/plugins/opensearch-performance-analyzer/animal-sniffer-annotations-1.18.jar
0100640 wazuh-indexer wazuh-indexer     3120 Fri 14 Jan 2022 03:58:51 AM UTC /usr/share/wazuh-indexer/plugins/opensearch-performance-analyzer/annotations-4.1.1.4.jar
0100640 wazuh-indexer wazuh-indexer   887800 Fri 14 Jan 2022 03:58:51 AM UTC /usr/share/wazuh-indexer/plugins/opensearch-performance-analyzer/bcpkix-jdk15on-1.68.jar
0100640 wazuh-indexer wazuh-indexer  5961178 Fri 14 Jan 2022 03:58:51 AM UTC /usr/share/wazuh-indexer/plugins/opensearch-performance-analyzer/bcprov-jdk15on-1.68.jar
0100640 wazuh-indexer wazuh-indexer   201216 Fri 14 Jan 2022 03:58:51 AM UTC /usr/share/wazuh-indexer/plugins/opensearch-performance-analyzer/checker-qual-2.10.0.jar
0100640 wazuh-indexer wazuh-indexer   276413 Fri 14 Jan 2022 03:58:51 AM UTC /usr/share/wazuh-indexer/plugins/opensearch-performance-analyzer/commons-io-2.7.jar
0100640 wazuh-indexer wazuh-indexer   503880 Fri 14 Jan 2022 03:58:51 AM UTC /usr/share/wazuh-indexer/plugins/opensearch-performance-analyzer/commons-lang3-3.9.jar
0100640 wazuh-indexer wazuh-indexer    13879 Fri 14 Jan 2022 03:58:51 AM UTC /usr/share/wazuh-indexer/plugins/opensearch-performance-analyzer/error_prone_annotations-2.3.4.jar
 040750 wazuh-indexer wazuh-indexer        0 Fri 14 Jan 2022 03:58:51 AM UTC /usr/share/wazuh-indexer/plugins/opensearch-performance-analyzer/extensions
0100640 wazuh-indexer wazuh-indexer     1320 Fri 14 Jan 2022 03:58:51 AM UTC /usr/share/wazuh-indexer/plugins/opensearch-performance-analyzer/extensions/performance-analyzer-agent
0100640 wazuh-indexer wazuh-indexer     4617 Fri 14 Jan 2022 03:58:51 AM UTC /usr/share/wazuh-indexer/plugins/opensearch-performance-analyzer/failureaccess-1.0.1.jar
0100640 wazuh-indexer wazuh-indexer   224002 Fri 14 Jan 2022 03:58:51 AM UTC /usr/share/wazuh-indexer/plugins/opensearch-performance-analyzer/grpc-api-1.28.0.jar
0100640 wazuh-indexer wazuh-indexer    30071 Fri 14 Jan 2022 03:58:51 AM UTC /usr/share/wazuh-indexer/plugins/opensearch-performance-analyzer/grpc-context-1.28.0.jar
0100640 wazuh-indexer wazuh-indexer   588076 Fri 14 Jan 2022 03:58:51 AM UTC /usr/share/wazuh-indexer/plugins/opensearch-performance-analyzer/grpc-core-1.28.0.jar
0100640 wazuh-indexer wazuh-indexer  7084268 Fri 14 Jan 2022 03:58:51 AM UTC /usr/share/wazuh-indexer/plugins/opensearch-performance-analyzer/grpc-netty-shaded-1.28.0.jar
0100640 wazuh-indexer wazuh-indexer     5177 Fri 14 Jan 2022 03:58:51 AM UTC /usr/share/wazuh-indexer/plugins/opensearch-performance-analyzer/grpc-protobuf-1.28.0.jar
0100640 wazuh-indexer wazuh-indexer     7627 Fri 14 Jan 2022 03:58:51 AM UTC /usr/share/wazuh-indexer/plugins/opensearch-performance-analyzer/grpc-protobuf-lite-1.28.0.jar
0100640 wazuh-indexer wazuh-indexer    47564 Fri 14 Jan 2022 03:58:51 AM UTC /usr/share/wazuh-indexer/plugins/opensearch-performance-analyzer/grpc-stub-1.28.0.jar
0100640 wazuh-indexer wazuh-indexer   240255 Fri 14 Jan 2022 03:58:51 AM UTC /usr/share/wazuh-indexer/plugins/opensearch-performance-analyzer/gson-2.8.6.jar
0100640 wazuh-indexer wazuh-indexer  2788302 Fri 14 Jan 2022 03:58:51 AM UTC /usr/share/wazuh-indexer/plugins/opensearch-performance-analyzer/guava-28.2-jre.jar
0100640 wazuh-indexer wazuh-indexer     8781 Fri 14 Jan 2022 03:58:51 AM UTC /usr/share/wazuh-indexer/plugins/opensearch-performance-analyzer/j2objc-annotations-1.3.jar
0100640 wazuh-indexer wazuh-indexer    72086 Fri 14 Jan 2022 03:58:51 AM UTC /usr/share/wazuh-indexer/plugins/opensearch-performance-analyzer/jackson-annotations-2.11.4.jar
0100640 wazuh-indexer wazuh-indexer  1421841 Fri 14 Jan 2022 03:58:51 AM UTC /usr/share/wazuh-indexer/plugins/opensearch-performance-analyzer/jackson-databind-2.11.4.jar
0100640 wazuh-indexer wazuh-indexer    43669 Fri 14 Jan 2022 03:58:51 AM UTC /usr/share/wazuh-indexer/plugins/opensearch-performance-analyzer/jackson-module-paranamer-2.11.4.jar
0100640 wazuh-indexer wazuh-indexer    26586 Fri 14 Jan 2022 03:58:51 AM UTC /usr/share/wazuh-indexer/plugins/opensearch-performance-analyzer/javax.annotation-api-1.3.2.jar
0100640 wazuh-indexer wazuh-indexer  2117677 Fri 14 Jan 2022 03:58:51 AM UTC /usr/share/wazuh-indexer/plugins/opensearch-performance-analyzer/jooq-3.10.8.jar
0100640 wazuh-indexer wazuh-indexer    19936 Fri 14 Jan 2022 03:58:51 AM UTC /usr/share/wazuh-indexer/plugins/opensearch-performance-analyzer/jsr305-3.0.2.jar
0100640 wazuh-indexer wazuh-indexer     2199 Fri 14 Jan 2022 03:58:51 AM UTC /usr/share/wazuh-indexer/plugins/opensearch-performance-analyzer/listenablefuture-9999.0-empty-to-avoid-conflict-with-guava.jar
0100640 wazuh-indexer wazuh-indexer   159923 Fri 14 Jan 2022 03:58:51 AM UTC /usr/share/wazuh-indexer/plugins/opensearch-performance-analyzer/opensearch-performance-analyzer-1.2.4.0.jar
 040750 wazuh-indexer wazuh-indexer        0 Fri 14 Jan 2022 03:58:51 AM UTC /usr/share/wazuh-indexer/plugins/opensearch-performance-analyzer/pa_bin
0100640 wazuh-indexer wazuh-indexer     1320 Fri 14 Jan 2022 03:58:51 AM UTC /usr/share/wazuh-indexer/plugins/opensearch-performance-analyzer/pa_bin/performance-analyzer-agent
 040750 wazuh-indexer wazuh-indexer        0 Fri 14 Jan 2022 03:58:51 AM UTC /usr/share/wazuh-indexer/plugins/opensearch-performance-analyzer/pa_config
0100640 wazuh-indexer wazuh-indexer      104 Fri 14 Jan 2022 03:58:51 AM UTC /usr/share/wazuh-indexer/plugins/opensearch-performance-analyzer/pa_config/agent-stats-metadata
0100640 wazuh-indexer wazuh-indexer     2062 Fri 14 Jan 2022 03:58:51 AM UTC /usr/share/wazuh-indexer/plugins/opensearch-performance-analyzer/pa_config/log4j2.xml
0100640 wazuh-indexer wazuh-indexer      276 Fri 14 Jan 2022 03:58:51 AM UTC /usr/share/wazuh-indexer/plugins/opensearch-performance-analyzer/pa_config/opensearch_security.policy
0100640 wazuh-indexer wazuh-indexer     1668 Fri 14 Jan 2022 03:58:51 AM UTC /usr/share/wazuh-indexer/plugins/opensearch-performance-analyzer/pa_config/performance-analyzer.properties
0100640 wazuh-indexer wazuh-indexer      106 Fri 14 Jan 2022 03:58:51 AM UTC /usr/share/wazuh-indexer/plugins/opensearch-performance-analyzer/pa_config/plugin-stats-metadata
0100640 wazuh-indexer wazuh-indexer     2977 Fri 14 Jan 2022 03:58:51 AM UTC /usr/share/wazuh-indexer/plugins/opensearch-performance-analyzer/pa_config/rca.conf
0100640 wazuh-indexer wazuh-indexer     4394 Fri 14 Jan 2022 03:58:51 AM UTC /usr/share/wazuh-indexer/plugins/opensearch-performance-analyzer/pa_config/rca_idle_master.conf
0100640 wazuh-indexer wazuh-indexer     4389 Fri 14 Jan 2022 03:58:51 AM UTC /usr/share/wazuh-indexer/plugins/opensearch-performance-analyzer/pa_config/rca_master.conf
0100640 wazuh-indexer wazuh-indexer     1313 Fri 14 Jan 2022 03:58:51 AM UTC /usr/share/wazuh-indexer/plugins/opensearch-performance-analyzer/pa_config/supervisord.conf
0100640 wazuh-indexer wazuh-indexer    34654 Fri 14 Jan 2022 03:58:51 AM UTC /usr/share/wazuh-indexer/plugins/opensearch-performance-analyzer/paranamer-2.8.jar
0100640 wazuh-indexer wazuh-indexer     4693 Fri 14 Jan 2022 03:58:51 AM UTC /usr/share/wazuh-indexer/plugins/opensearch-performance-analyzer/perfmark-api-0.19.0.jar
0100640 wazuh-indexer wazuh-indexer  1539094 Fri 14 Jan 2022 03:58:51 AM UTC /usr/share/wazuh-indexer/plugins/opensearch-performance-analyzer/performanceanalyzer-rca-1.2.4.0.jar
0100640 wazuh-indexer wazuh-indexer     1864 Fri 14 Jan 2022 03:58:51 AM UTC /usr/share/wazuh-indexer/plugins/opensearch-performance-analyzer/plugin-descriptor.properties
0100640 wazuh-indexer wazuh-indexer     2110 Fri 14 Jan 2022 03:58:52 AM UTC /usr/share/wazuh-indexer/plugins/opensearch-performance-analyzer/plugin-security.policy
0100640 wazuh-indexer wazuh-indexer  1340328 Fri 14 Jan 2022 03:58:51 AM UTC /usr/share/wazuh-indexer/plugins/opensearch-performance-analyzer/proto-google-common-protos-1.17.0.jar
0100640 wazuh-indexer wazuh-indexer  1660957 Fri 14 Jan 2022 03:58:51 AM UTC /usr/share/wazuh-indexer/plugins/opensearch-performance-analyzer/protobuf-java-3.11.0.jar
0100640 wazuh-indexer wazuh-indexer  7210681 Fri 14 Jan 2022 03:58:51 AM UTC /usr/share/wazuh-indexer/plugins/opensearch-performance-analyzer/sqlite-jdbc-3.32.3.2.jar
 040750 wazuh-indexer wazuh-indexer        0 Fri 14 Jan 2022 03:59:01 AM UTC /usr/share/wazuh-indexer/plugins/opensearch-reports-scheduler
0100640 wazuh-indexer wazuh-indexer    17536 Fri 14 Jan 2022 03:59:00 AM UTC /usr/share/wazuh-indexer/plugins/opensearch-reports-scheduler/annotations-13.0.jar
0100640 wazuh-indexer wazuh-indexer   360771 Fri 14 Jan 2022 03:59:00 AM UTC /usr/share/wazuh-indexer/plugins/opensearch-reports-scheduler/common-utils-1.2.4.0.jar
0100640 wazuh-indexer wazuh-indexer  2172168 Fri 14 Jan 2022 03:59:00 AM UTC /usr/share/wazuh-indexer/plugins/opensearch-reports-scheduler/guava-15.0.jar
0100640 wazuh-indexer wazuh-indexer    64597 Fri 14 Jan 2022 03:59:00 AM UTC /usr/share/wazuh-indexer/plugins/opensearch-reports-scheduler/json-20180813.jar
0100640 wazuh-indexer wazuh-indexer     9946 Fri 14 Jan 2022 03:59:00 AM UTC /usr/share/wazuh-indexer/plugins/opensearch-reports-scheduler/json-flattener-0.1.0.jar
0100640 wazuh-indexer wazuh-indexer   423395 Fri 14 Jan 2022 03:59:00 AM UTC /usr/share/wazuh-indexer/plugins/opensearch-reports-scheduler/jsoup-1.14.3.jar
0100640 wazuh-indexer wazuh-indexer  1487084 Fri 14 Jan 2022 03:59:00 AM UTC /usr/share/wazuh-indexer/plugins/opensearch-reports-scheduler/kotlin-stdlib-1.4.0.jar
0100640 wazuh-indexer wazuh-indexer   191212 Fri 14 Jan 2022 03:59:00 AM UTC /usr/share/wazuh-indexer/plugins/opensearch-reports-scheduler/kotlin-stdlib-common-1.4.0.jar
0100640 wazuh-indexer wazuh-indexer  1668476 Fri 14 Jan 2022 03:59:00 AM UTC /usr/share/wazuh-indexer/plugins/opensearch-reports-scheduler/kotlinx-coroutines-core-jvm-1.3.9.jar
0100640 wazuh-indexer wazuh-indexer    30459 Fri 14 Jan 2022 03:59:00 AM UTC /usr/share/wazuh-indexer/plugins/opensearch-reports-scheduler/minimal-json-0.9.4.jar
0100640 wazuh-indexer wazuh-indexer   340823 Fri 14 Jan 2022 03:59:00 AM UTC /usr/share/wazuh-indexer/plugins/opensearch-reports-scheduler/opensearch-reports-scheduler-1.2.4.0.jar
0100640 wazuh-indexer wazuh-indexer     1880 Fri 14 Jan 2022 03:59:00 AM UTC /usr/share/wazuh-indexer/plugins/opensearch-reports-scheduler/plugin-descriptor.properties
0100640 wazuh-indexer wazuh-indexer      411 Fri 14 Jan 2022 03:59:00 AM UTC /usr/share/wazuh-indexer/plugins/opensearch-reports-scheduler/plugin-security.policy
 040750 wazuh-indexer wazuh-indexer        0 Fri 14 Jan 2022 03:58:49 AM UTC /usr/share/wazuh-indexer/plugins/opensearch-security
0100640 wazuh-indexer wazuh-indexer    29489 Fri 14 Jan 2022 03:58:49 AM UTC /usr/share/wazuh-indexer/plugins/opensearch-security/accessors-smart-2.4.7.jar
0100640 wazuh-indexer wazuh-indexer    57835 Fri 14 Jan 2022 03:58:49 AM UTC /usr/share/wazuh-indexer/plugins/opensearch-security/aggs-matrix-stats-client-1.2.4.jar
0100640 wazuh-indexer wazuh-indexer     3482 Fri 14 Jan 2022 03:58:49 AM UTC /usr/share/wazuh-indexer/plugins/opensearch-security/animal-sniffer-annotations-1.14.jar
0100640 wazuh-indexer wazuh-indexer   121790 Fri 14 Jan 2022 03:58:49 AM UTC /usr/share/wazuh-indexer/plugins/opensearch-security/asm-9.1.jar
0100640 wazuh-indexer wazuh-indexer  5961136 Fri 14 Jan 2022 03:58:49 AM UTC /usr/share/wazuh-indexer/plugins/opensearch-security/bcprov-jdk15on-1.67.jar
0100640 wazuh-indexer wazuh-indexer   343222 Fri 14 Jan 2022 03:58:49 AM UTC /usr/share/wazuh-indexer/plugins/opensearch-security/checker-qual-2.0.0.jar
0100640 wazuh-indexer wazuh-indexer    52988 Fri 14 Jan 2022 03:58:49 AM UTC /usr/share/wazuh-indexer/plugins/opensearch-security/commons-cli-1.3.1.jar
0100640 wazuh-indexer wazuh-indexer   347669 Fri 14 Jan 2022 03:58:49 AM UTC /usr/share/wazuh-indexer/plugins/opensearch-security/commons-codec-1.14.jar
0100640 wazuh-indexer wazuh-indexer   588337 Fri 14 Jan 2022 03:58:49 AM UTC /usr/share/wazuh-indexer/plugins/opensearch-security/commons-collections-3.2.2.jar
0100640 wazuh-indexer wazuh-indexer   261809 Fri 14 Jan 2022 03:58:49 AM UTC /usr/share/wazuh-indexer/plugins/opensearch-security/commons-lang-2.4.jar
0100640 wazuh-indexer wazuh-indexer   434678 Fri 14 Jan 2022 03:58:49 AM UTC /usr/share/wazuh-indexer/plugins/opensearch-security/commons-lang3-3.4.jar
0100640 wazuh-indexer wazuh-indexer    61829 Fri 14 Jan 2022 03:58:49 AM UTC /usr/share/wazuh-indexer/plugins/opensearch-security/commons-logging-1.2.jar
0100640 wazuh-indexer wazuh-indexer   136544 Fri 14 Jan 2022 03:58:49 AM UTC /usr/share/wazuh-indexer/plugins/opensearch-security/commons-text-1.2.jar
0100640 wazuh-indexer wazuh-indexer   100892 Fri 14 Jan 2022 03:58:49 AM UTC /usr/share/wazuh-indexer/plugins/opensearch-security/compiler-0.9.6.jar
0100640 wazuh-indexer wazuh-indexer   163225 Fri 14 Jan 2022 03:58:49 AM UTC /usr/share/wazuh-indexer/plugins/opensearch-security/cryptacular-1.1.4.jar
0100640 wazuh-indexer wazuh-indexer  1434086 Fri 14 Jan 2022 03:58:49 AM UTC /usr/share/wazuh-indexer/plugins/opensearch-security/cxf-core-3.4.5.jar
0100640 wazuh-indexer wazuh-indexer    22028 Fri 14 Jan 2022 03:58:49 AM UTC /usr/share/wazuh-indexer/plugins/opensearch-security/cxf-rt-rs-json-basic-3.4.5.jar
0100640 wazuh-indexer wazuh-indexer   234129 Fri 14 Jan 2022 03:58:49 AM UTC /usr/share/wazuh-indexer/plugins/opensearch-security/cxf-rt-rs-security-jose-3.4.5.jar
0100640 wazuh-indexer wazuh-indexer    41621 Fri 14 Jan 2022 03:58:49 AM UTC /usr/share/wazuh-indexer/plugins/opensearch-security/cxf-rt-security-3.4.5.jar
0100640 wazuh-indexer wazuh-indexer    13704 Fri 14 Jan 2022 03:58:49 AM UTC /usr/share/wazuh-indexer/plugins/opensearch-security/error_prone_annotations-2.1.3.jar
0100640 wazuh-indexer wazuh-indexer    60100 Fri 14 Jan 2022 03:58:49 AM UTC /usr/share/wazuh-indexer/plugins/opensearch-security/eventbus-3.2.0.jar
0100640 wazuh-indexer wazuh-indexer    16030 Fri 14 Jan 2022 03:58:49 AM UTC /usr/share/wazuh-indexer/plugins/opensearch-security/geronimo-jta_1.1_spec-1.1.1.jar
0100640 wazuh-indexer wazuh-indexer  2734339 Fri 14 Jan 2022 03:58:49 AM UTC /usr/share/wazuh-indexer/plugins/opensearch-security/guava-25.1-jre.jar
0100640 wazuh-indexer wazuh-indexer   179964 Fri 14 Jan 2022 03:58:49 AM UTC /usr/share/wazuh-indexer/plugins/opensearch-security/httpasyncclient-4.1.4.jar
0100640 wazuh-indexer wazuh-indexer   780321 Fri 14 Jan 2022 03:58:49 AM UTC /usr/share/wazuh-indexer/plugins/opensearch-security/httpclient-4.5.13.jar
0100640 wazuh-indexer wazuh-indexer   164090 Fri 14 Jan 2022 03:58:49 AM UTC /usr/share/wazuh-indexer/plugins/opensearch-security/httpclient-cache-4.5.13.jar
0100640 wazuh-indexer wazuh-indexer   328347 Fri 14 Jan 2022 03:58:49 AM UTC /usr/share/wazuh-indexer/plugins/opensearch-security/httpcore-4.4.12.jar
0100640 wazuh-indexer wazuh-indexer   367672 Fri 14 Jan 2022 03:58:49 AM UTC /usr/share/wazuh-indexer/plugins/opensearch-security/httpcore-nio-4.4.12.jar
0100640 wazuh-indexer wazuh-indexer    29807 Fri 14 Jan 2022 03:58:49 AM UTC /usr/share/wazuh-indexer/plugins/opensearch-security/istack-commons-runtime-3.0.12.jar
0100640 wazuh-indexer wazuh-indexer     8782 Fri 14 Jan 2022 03:58:49 AM UTC /usr/share/wazuh-indexer/plugins/opensearch-security/j2objc-annotations-1.1.jar
0100640 wazuh-indexer wazuh-indexer    68217 Fri 14 Jan 2022 03:58:49 AM UTC /usr/share/wazuh-indexer/plugins/opensearch-security/jackson-annotations-2.11.2.jar
0100640 wazuh-indexer wazuh-indexer  1420449 Fri 14 Jan 2022 03:58:49 AM UTC /usr/share/wazuh-indexer/plugins/opensearch-security/jackson-databind-2.11.2.jar
0100640 wazuh-indexer wazuh-indexer    68453 Fri 14 Jan 2022 03:58:49 AM UTC /usr/share/wazuh-indexer/plugins/opensearch-security/jakarta.activation-1.2.2.jar
0100640 wazuh-indexer wazuh-indexer    25058 Fri 14 Jan 2022 03:58:49 AM UTC /usr/share/wazuh-indexer/plugins/opensearch-security/jakarta.annotation-api-1.3.5.jar
0100640 wazuh-indexer wazuh-indexer    15558 Fri 14 Jan 2022 03:58:49 AM UTC /usr/share/wazuh-indexer/plugins/opensearch-security/jakarta.jws-api-2.1.0.jar
0100640 wazuh-indexer wazuh-indexer   115638 Fri 14 Jan 2022 03:58:49 AM UTC /usr/share/wazuh-indexer/plugins/opensearch-security/jakarta.xml.bind-api-2.3.3.jar
0100640 wazuh-indexer wazuh-indexer    36922 Fri 14 Jan 2022 03:58:49 AM UTC /usr/share/wazuh-indexer/plugins/opensearch-security/jakarta.xml.soap-api-1.4.2.jar
0100640 wazuh-indexer wazuh-indexer    57697 Fri 14 Jan 2022 03:58:49 AM UTC /usr/share/wazuh-indexer/plugins/opensearch-security/jakarta.xml.ws-api-2.3.3.jar
0100640 wazuh-indexer wazuh-indexer    12285 Fri 14 Jan 2022 03:58:49 AM UTC /usr/share/wazuh-indexer/plugins/opensearch-security/java-saml-2.5.0.jar
0100640 wazuh-indexer wazuh-indexer   113170 Fri 14 Jan 2022 03:58:49 AM UTC /usr/share/wazuh-indexer/plugins/opensearch-security/java-saml-core-2.5.0.jar
0100640 wazuh-indexer wazuh-indexer   272381 Fri 14 Jan 2022 03:58:49 AM UTC /usr/share/wazuh-indexer/plugins/opensearch-security/java-support-7.5.1.jar
0100640 wazuh-indexer wazuh-indexer  1037093 Fri 14 Jan 2022 03:58:49 AM UTC /usr/share/wazuh-indexer/plugins/opensearch-security/jaxb-runtime-2.3.4.jar
0100640 wazuh-indexer wazuh-indexer    74767 Fri 14 Jan 2022 03:58:49 AM UTC /usr/share/wazuh-indexer/plugins/opensearch-security/jjwt-api-0.10.5.jar
0100640 wazuh-indexer wazuh-indexer    68019 Fri 14 Jan 2022 03:58:49 AM UTC /usr/share/wazuh-indexer/plugins/opensearch-security/jjwt-impl-0.10.5.jar
0100640 wazuh-indexer wazuh-indexer     4714 Fri 14 Jan 2022 03:58:49 AM UTC /usr/share/wazuh-indexer/plugins/opensearch-security/jjwt-jackson-0.10.5.jar
0100640 wazuh-indexer wazuh-indexer    25211 Fri 14 Jan 2022 03:58:49 AM UTC /usr/share/wazuh-indexer/plugins/opensearch-security/json-flattener-0.5.0.jar
0100640 wazuh-indexer wazuh-indexer   223186 Fri 14 Jan 2022 03:58:49 AM UTC /usr/share/wazuh-indexer/plugins/opensearch-security/json-path-2.4.0.jar
0100640 wazuh-indexer wazuh-indexer   119227 Fri 14 Jan 2022 03:58:49 AM UTC /usr/share/wazuh-indexer/plugins/opensearch-security/json-smart-2.4.7.jar
0100640 wazuh-indexer wazuh-indexer    19936 Fri 14 Jan 2022 03:58:49 AM UTC /usr/share/wazuh-indexer/plugins/opensearch-security/jsr305-3.0.2.jar
0100640 wazuh-indexer wazuh-indexer  3351023 Fri 14 Jan 2022 03:58:49 AM UTC /usr/share/wazuh-indexer/plugins/opensearch-security/kafka-clients-2.5.0.jar
0100640 wazuh-indexer wazuh-indexer    63424 Fri 14 Jan 2022 03:58:49 AM UTC /usr/share/wazuh-indexer/plugins/opensearch-security/lang-mustache-client-1.2.4.jar
0100640 wazuh-indexer wazuh-indexer   802456 Fri 14 Jan 2022 03:58:49 AM UTC /usr/share/wazuh-indexer/plugins/opensearch-security/ldaptive-1.2.3.jar
0100640 wazuh-indexer wazuh-indexer    24279 Fri 14 Jan 2022 03:58:49 AM UTC /usr/share/wazuh-indexer/plugins/opensearch-security/log4j-slf4j-impl-2.17.1.jar
0100640 wazuh-indexer wazuh-indexer   649950 Fri 14 Jan 2022 03:58:49 AM UTC /usr/share/wazuh-indexer/plugins/opensearch-security/lz4-java-1.7.1.jar
0100640 wazuh-indexer wazuh-indexer    86065 Fri 14 Jan 2022 03:58:49 AM UTC /usr/share/wazuh-indexer/plugins/opensearch-security/mapper-extras-client-1.2.4.jar
0100640 wazuh-indexer wazuh-indexer   112558 Fri 14 Jan 2022 03:58:49 AM UTC /usr/share/wazuh-indexer/plugins/opensearch-security/metrics-core-3.1.2.jar
0100640 wazuh-indexer wazuh-indexer    34221 Fri 14 Jan 2022 03:58:49 AM UTC /usr/share/wazuh-indexer/plugins/opensearch-security/minimal-json-0.9.5.jar
0100640 wazuh-indexer wazuh-indexer   302380 Fri 14 Jan 2022 03:58:49 AM UTC /usr/share/wazuh-indexer/plugins/opensearch-security/netty-buffer-4.1.72.Final.jar
0100640 wazuh-indexer wazuh-indexer   337140 Fri 14 Jan 2022 03:58:49 AM UTC /usr/share/wazuh-indexer/plugins/opensearch-security/netty-codec-4.1.72.Final.jar
0100640 wazuh-indexer wazuh-indexer   634468 Fri 14 Jan 2022 03:58:49 AM UTC /usr/share/wazuh-indexer/plugins/opensearch-security/netty-codec-http-4.1.72.Final.jar
0100640 wazuh-indexer wazuh-indexer   645991 Fri 14 Jan 2022 03:58:49 AM UTC /usr/share/wazuh-indexer/plugins/opensearch-security/netty-common-4.1.72.Final.jar
0100640 wazuh-indexer wazuh-indexer   522647 Fri 14 Jan 2022 03:58:49 AM UTC /usr/share/wazuh-indexer/plugins/opensearch-security/netty-handler-4.1.72.Final.jar
0100640 wazuh-indexer wazuh-indexer    37039 Fri 14 Jan 2022 03:58:49 AM UTC /usr/share/wazuh-indexer/plugins/opensearch-security/netty-resolver-4.1.72.Final.jar
0100640 wazuh-indexer wazuh-indexer   480837 Fri 14 Jan 2022 03:58:49 AM UTC /usr/share/wazuh-indexer/plugins/opensearch-security/netty-transport-4.1.72.Final.jar
0100640 wazuh-indexer wazuh-indexer   181870 Fri 14 Jan 2022 03:58:49 AM UTC /usr/share/wazuh-indexer/plugins/opensearch-security/opensaml-core-3.4.5.jar
0100640 wazuh-indexer wazuh-indexer    56249 Fri 14 Jan 2022 03:58:49 AM UTC /usr/share/wazuh-indexer/plugins/opensearch-security/opensaml-messaging-api-3.4.5.jar
0100640 wazuh-indexer wazuh-indexer    31118 Fri 14 Jan 2022 03:58:49 AM UTC /usr/share/wazuh-indexer/plugins/opensearch-security/opensaml-profile-api-3.4.5.jar
0100640 wazuh-indexer wazuh-indexer   407731 Fri 14 Jan 2022 03:58:49 AM UTC /usr/share/wazuh-indexer/plugins/opensearch-security/opensaml-saml-api-3.4.5.jar
0100640 wazuh-indexer wazuh-indexer  1169221 Fri 14 Jan 2022 03:58:49 AM UTC /usr/share/wazuh-indexer/plugins/opensearch-security/opensaml-saml-impl-3.4.5.jar
0100640 wazuh-indexer wazuh-indexer    66957 Fri 14 Jan 2022 03:58:49 AM UTC /usr/share/wazuh-indexer/plugins/opensearch-security/opensaml-security-api-3.4.5.jar
0100640 wazuh-indexer wazuh-indexer   112079 Fri 14 Jan 2022 03:58:49 AM UTC /usr/share/wazuh-indexer/plugins/opensearch-security/opensaml-security-impl-3.4.5.jar
0100640 wazuh-indexer wazuh-indexer   169987 Fri 14 Jan 2022 03:58:49 AM UTC /usr/share/wazuh-indexer/plugins/opensearch-security/opensaml-soap-api-3.4.5.jar
0100640 wazuh-indexer wazuh-indexer   403255 Fri 14 Jan 2022 03:58:49 AM UTC /usr/share/wazuh-indexer/plugins/opensearch-security/opensaml-soap-impl-3.4.5.jar
0100640 wazuh-indexer wazuh-indexer    23813 Fri 14 Jan 2022 03:58:49 AM UTC /usr/share/wazuh-indexer/plugins/opensearch-security/opensaml-storage-api-3.4.5.jar
0100640 wazuh-indexer wazuh-indexer   209519 Fri 14 Jan 2022 03:58:49 AM UTC /usr/share/wazuh-indexer/plugins/opensearch-security/opensaml-xmlsec-api-3.4.5.jar
0100640 wazuh-indexer wazuh-indexer   297343 Fri 14 Jan 2022 03:58:49 AM UTC /usr/share/wazuh-indexer/plugins/opensearch-security/opensaml-xmlsec-impl-3.4.5.jar
0100640 wazuh-indexer wazuh-indexer    65915 Fri 14 Jan 2022 03:58:49 AM UTC /usr/share/wazuh-indexer/plugins/opensearch-security/opensearch-rest-client-1.2.4.jar
0100640 wazuh-indexer wazuh-indexer   319198 Fri 14 Jan 2022 03:58:49 AM UTC /usr/share/wazuh-indexer/plugins/opensearch-security/opensearch-rest-high-level-client-1.2.4.jar
0100640 wazuh-indexer wazuh-indexer  1123185 Fri 14 Jan 2022 03:58:49 AM UTC /usr/share/wazuh-indexer/plugins/opensearch-security/opensearch-security-1.2.4.0.jar
0100640 wazuh-indexer wazuh-indexer    87384 Fri 14 Jan 2022 03:58:49 AM UTC /usr/share/wazuh-indexer/plugins/opensearch-security/parent-join-client-1.2.4.jar
0100640 wazuh-indexer wazuh-indexer     1061 Fri 14 Jan 2022 03:58:49 AM UTC /usr/share/wazuh-indexer/plugins/opensearch-security/plugin-descriptor.properties
0100640 wazuh-indexer wazuh-indexer     3470 Fri 14 Jan 2022 03:58:49 AM UTC /usr/share/wazuh-indexer/plugins/opensearch-security/plugin-security.policy
0100640 wazuh-indexer wazuh-indexer    82614 Fri 14 Jan 2022 03:58:49 AM UTC /usr/share/wazuh-indexer/plugins/opensearch-security/rank-eval-client-1.2.4.jar
0100640 wazuh-indexer wazuh-indexer   456968 Fri 14 Jan 2022 03:58:49 AM UTC /usr/share/wazuh-indexer/plugins/opensearch-security/saaj-impl-1.5.3.jar
 040750 wazuh-indexer wazuh-indexer        0 Fri 14 Jan 2022 03:58:49 AM UTC /usr/share/wazuh-indexer/plugins/opensearch-security/securityconfig
0100640 wazuh-indexer wazuh-indexer       49 Fri 14 Jan 2022 03:58:49 AM UTC /usr/share/wazuh-indexer/plugins/opensearch-security/securityconfig/action_groups.yml
0100640 wazuh-indexer wazuh-indexer     2541 Fri 14 Jan 2022 03:58:49 AM UTC /usr/share/wazuh-indexer/plugins/opensearch-security/securityconfig/audit.yml
0100640 wazuh-indexer wazuh-indexer     9955 Fri 14 Jan 2022 03:58:49 AM UTC /usr/share/wazuh-indexer/plugins/opensearch-security/securityconfig/config.yml
0100640 wazuh-indexer wazuh-indexer     1320 Thu 06 Oct 2022 06:33:56 PM UTC /usr/share/wazuh-indexer/plugins/opensearch-security/securityconfig/internal_users.yml
0100640 wazuh-indexer wazuh-indexer      154 Fri 14 Jan 2022 03:58:49 AM UTC /usr/share/wazuh-indexer/plugins/opensearch-security/securityconfig/nodes_dn.yml
0100640 wazuh-indexer wazuh-indexer    12615 Fri 14 Jan 2022 03:58:49 AM UTC /usr/share/wazuh-indexer/plugins/opensearch-security/securityconfig/opensearch.yml.example
0100640 wazuh-indexer wazuh-indexer     4642 Thu 06 Oct 2022 06:33:56 PM UTC /usr/share/wazuh-indexer/plugins/opensearch-security/securityconfig/roles.yml
0100640 wazuh-indexer wazuh-indexer     1511 Thu 06 Oct 2022 06:33:56 PM UTC /usr/share/wazuh-indexer/plugins/opensearch-security/securityconfig/roles_mapping.yml
0100640 wazuh-indexer wazuh-indexer      170 Fri 14 Jan 2022 03:58:49 AM UTC /usr/share/wazuh-indexer/plugins/opensearch-security/securityconfig/tenants.yml
0100640 wazuh-indexer wazuh-indexer     1973 Fri 14 Jan 2022 03:58:49 AM UTC /usr/share/wazuh-indexer/plugins/opensearch-security/securityconfig/whitelist.yml
0100640 wazuh-indexer wazuh-indexer    41203 Fri 14 Jan 2022 03:58:49 AM UTC /usr/share/wazuh-indexer/plugins/opensearch-security/slf4j-api-1.7.25.jar
0100640 wazuh-indexer wazuh-indexer  2021167 Fri 14 Jan 2022 03:58:49 AM UTC /usr/share/wazuh-indexer/plugins/opensearch-security/snappy-java-1.1.7.3.jar
0100640 wazuh-indexer wazuh-indexer    38537 Fri 14 Jan 2022 03:58:49 AM UTC /usr/share/wazuh-indexer/plugins/opensearch-security/stax-ex-1.8.3.jar
0100640 wazuh-indexer wazuh-indexer   195909 Fri 14 Jan 2022 03:58:49 AM UTC /usr/share/wazuh-indexer/plugins/opensearch-security/stax2-api-4.2.1.jar
 040750 wazuh-indexer wazuh-indexer        0 Thu 06 Oct 2022 06:33:56 PM UTC /usr/share/wazuh-indexer/plugins/opensearch-security/tools
0100740 wazuh-indexer wazuh-indexer      868 Fri 14 Jan 2022 03:58:49 AM UTC /usr/share/wazuh-indexer/plugins/opensearch-security/tools/audit_config_migrater.sh
0100640 wazuh-indexer wazuh-indexer      522 Thu 06 Oct 2022 06:33:56 PM UTC /usr/share/wazuh-indexer/plugins/opensearch-security/tools/config.yml
0100740 wazuh-indexer wazuh-indexer      854 Fri 14 Jan 2022 03:58:49 AM UTC /usr/share/wazuh-indexer/plugins/opensearch-security/tools/hash.sh
0100740 wazuh-indexer wazuh-indexer      897 Fri 14 Jan 2022 03:58:49 AM UTC /usr/share/wazuh-indexer/plugins/opensearch-security/tools/securityadmin.sh
0100740 wazuh-indexer wazuh-indexer    26847 Thu 06 Oct 2022 06:33:56 PM UTC /usr/share/wazuh-indexer/plugins/opensearch-security/tools/wazuh-certs-tool.sh
0100740 wazuh-indexer wazuh-indexer    37937 Thu 06 Oct 2022 06:33:56 PM UTC /usr/share/wazuh-indexer/plugins/opensearch-security/tools/wazuh-passwords-tool.sh
0100640 wazuh-indexer wazuh-indexer    75614 Fri 14 Jan 2022 03:58:49 AM UTC /usr/share/wazuh-indexer/plugins/opensearch-security/transport-netty4-client-1.2.4.jar
0100640 wazuh-indexer wazuh-indexer    71975 Fri 14 Jan 2022 03:58:49 AM UTC /usr/share/wazuh-indexer/plugins/opensearch-security/txw2-2.3.4.jar
0100640 wazuh-indexer wazuh-indexer   449505 Fri 14 Jan 2022 03:58:49 AM UTC /usr/share/wazuh-indexer/plugins/opensearch-security/velocity-1.7.jar
0100640 wazuh-indexer wazuh-indexer  1584445 Fri 14 Jan 2022 03:58:49 AM UTC /usr/share/wazuh-indexer/plugins/opensearch-security/woodstox-core-6.2.6.jar
0100640 wazuh-indexer wazuh-indexer   173293 Fri 14 Jan 2022 03:58:49 AM UTC /usr/share/wazuh-indexer/plugins/opensearch-security/xmlschema-core-2.2.5.jar
0100640 wazuh-indexer wazuh-indexer  1123199 Fri 14 Jan 2022 03:58:49 AM UTC /usr/share/wazuh-indexer/plugins/opensearch-security/xmlsec-2.2.3.jar
0100640 wazuh-indexer wazuh-indexer    30476 Fri 14 Jan 2022 03:58:49 AM UTC /usr/share/wazuh-indexer/plugins/opensearch-security/zjsonpatch-0.4.4.jar
0100640 wazuh-indexer wazuh-indexer  4215261 Fri 14 Jan 2022 03:58:49 AM UTC /usr/share/wazuh-indexer/plugins/opensearch-security/zstd-jni-1.4.4-7.jar
 040750 wazuh-indexer wazuh-indexer        0 Fri 14 Jan 2022 03:58:58 AM UTC /usr/share/wazuh-indexer/plugins/opensearch-sql
0100640 wazuh-indexer wazuh-indexer    11356 Fri 14 Jan 2022 03:58:58 AM UTC /usr/share/wazuh-indexer/plugins/opensearch-sql/LICENSE.txt
0100640 wazuh-indexer wazuh-indexer      626 Fri 14 Jan 2022 03:58:58 AM UTC /usr/share/wazuh-indexer/plugins/opensearch-sql/NOTICE.txt
0100640 wazuh-indexer wazuh-indexer   336803 Fri 14 Jan 2022 03:58:58 AM UTC /usr/share/wazuh-indexer/plugins/opensearch-sql/antlr4-runtime-4.7.1.jar
0100640 wazuh-indexer wazuh-indexer   201116 Fri 14 Jan 2022 03:58:58 AM UTC /usr/share/wazuh-indexer/plugins/opensearch-sql/checker-qual-2.11.1.jar
0100640 wazuh-indexer wazuh-indexer    11414 Fri 14 Jan 2022 03:58:58 AM UTC /usr/share/wazuh-indexer/plugins/opensearch-sql/common-1.2.4.0.jar
0100640 wazuh-indexer wazuh-indexer   344339 Fri 14 Jan 2022 03:58:58 AM UTC /usr/share/wazuh-indexer/plugins/opensearch-sql/commons-codec-1.13.jar
0100640 wazuh-indexer wazuh-indexer   523372 Fri 14 Jan 2022 03:58:58 AM UTC /usr/share/wazuh-indexer/plugins/opensearch-sql/commons-lang3-3.10.jar
0100640 wazuh-indexer wazuh-indexer  2213560 Fri 14 Jan 2022 03:58:58 AM UTC /usr/share/wazuh-indexer/plugins/opensearch-sql/commons-math3-3.6.1.jar
0100640 wazuh-indexer wazuh-indexer   461034 Fri 14 Jan 2022 03:58:58 AM UTC /usr/share/wazuh-indexer/plugins/opensearch-sql/core-1.2.4.0.jar
0100640 wazuh-indexer wazuh-indexer  1952759 Fri 14 Jan 2022 03:58:58 AM UTC /usr/share/wazuh-indexer/plugins/opensearch-sql/druid-1.0.15.jar
0100640 wazuh-indexer wazuh-indexer    13879 Fri 14 Jan 2022 03:58:58 AM UTC /usr/share/wazuh-indexer/plugins/opensearch-sql/error_prone_annotations-2.3.4.jar
0100640 wazuh-indexer wazuh-indexer     4617 Fri 14 Jan 2022 03:58:58 AM UTC /usr/share/wazuh-indexer/plugins/opensearch-sql/failureaccess-1.0.1.jar
0100640 wazuh-indexer wazuh-indexer   258075 Fri 14 Jan 2022 03:58:58 AM UTC /usr/share/wazuh-indexer/plugins/opensearch-sql/gson-2.8.9.jar
0100640 wazuh-indexer wazuh-indexer  2792264 Fri 14 Jan 2022 03:58:58 AM UTC /usr/share/wazuh-indexer/plugins/opensearch-sql/guava-29.0-jre.jar
0100640 wazuh-indexer wazuh-indexer   179964 Fri 14 Jan 2022 03:58:58 AM UTC /usr/share/wazuh-indexer/plugins/opensearch-sql/httpasyncclient-4.1.4.jar
0100640 wazuh-indexer wazuh-indexer   780321 Fri 14 Jan 2022 03:58:58 AM UTC /usr/share/wazuh-indexer/plugins/opensearch-sql/httpclient-4.5.13.jar
0100640 wazuh-indexer wazuh-indexer   328347 Fri 14 Jan 2022 03:58:58 AM UTC /usr/share/wazuh-indexer/plugins/opensearch-sql/httpcore-4.4.12.jar
0100640 wazuh-indexer wazuh-indexer   367672 Fri 14 Jan 2022 03:58:58 AM UTC /usr/share/wazuh-indexer/plugins/opensearch-sql/httpcore-nio-4.4.12.jar
0100640 wazuh-indexer wazuh-indexer     8781 Fri 14 Jan 2022 03:58:58 AM UTC /usr/share/wazuh-indexer/plugins/opensearch-sql/j2objc-annotations-1.3.jar
0100640 wazuh-indexer wazuh-indexer    72086 Fri 14 Jan 2022 03:58:58 AM UTC /usr/share/wazuh-indexer/plugins/opensearch-sql/jackson-annotations-2.11.4.jar
0100640 wazuh-indexer wazuh-indexer  1421841 Fri 14 Jan 2022 03:58:58 AM UTC /usr/share/wazuh-indexer/plugins/opensearch-sql/jackson-databind-2.11.4.jar
0100640 wazuh-indexer wazuh-indexer    64597 Fri 14 Jan 2022 03:58:58 AM UTC /usr/share/wazuh-indexer/plugins/opensearch-sql/json-20180813.jar
0100640 wazuh-indexer wazuh-indexer    19936 Fri 14 Jan 2022 03:58:58 AM UTC /usr/share/wazuh-indexer/plugins/opensearch-sql/jsr305-3.0.2.jar
0100640 wazuh-indexer wazuh-indexer   968985 Fri 14 Jan 2022 03:58:58 AM UTC /usr/share/wazuh-indexer/plugins/opensearch-sql/legacy-1.2.4.0.jar
0100640 wazuh-indexer wazuh-indexer     2199 Fri 14 Jan 2022 03:58:58 AM UTC /usr/share/wazuh-indexer/plugins/opensearch-sql/listenablefuture-9999.0-empty-to-avoid-conflict-with-guava.jar
0100640 wazuh-indexer wazuh-indexer   182895 Fri 14 Jan 2022 03:58:58 AM UTC /usr/share/wazuh-indexer/plugins/opensearch-sql/opensearch-1.2.4.0.jar
0100640 wazuh-indexer wazuh-indexer    65915 Fri 14 Jan 2022 03:58:58 AM UTC /usr/share/wazuh-indexer/plugins/opensearch-sql/opensearch-rest-client-1.2.4.jar
0100640 wazuh-indexer wazuh-indexer    24331 Fri 14 Jan 2022 03:58:58 AM UTC /usr/share/wazuh-indexer/plugins/opensearch-sql/opensearch-sql-1.2.4.0.jar
0100640 wazuh-indexer wazuh-indexer    67063 Fri 14 Jan 2022 03:58:58 AM UTC /usr/share/wazuh-indexer/plugins/opensearch-sql/opensearch-ssl-config-1.2.4.jar
0100640 wazuh-indexer wazuh-indexer    87384 Fri 14 Jan 2022 03:58:58 AM UTC /usr/share/wazuh-indexer/plugins/opensearch-sql/parent-join-client-1.2.4.jar
0100640 wazuh-indexer wazuh-indexer     1798 Fri 14 Jan 2022 03:58:58 AM UTC /usr/share/wazuh-indexer/plugins/opensearch-sql/plugin-descriptor.properties
0100640 wazuh-indexer wazuh-indexer      836 Fri 14 Jan 2022 03:58:58 AM UTC /usr/share/wazuh-indexer/plugins/opensearch-sql/plugin-security.policy
0100640 wazuh-indexer wazuh-indexer   217671 Fri 14 Jan 2022 03:58:58 AM UTC /usr/share/wazuh-indexer/plugins/opensearch-sql/ppl-1.2.4.0.jar
0100640 wazuh-indexer wazuh-indexer    24068 Fri 14 Jan 2022 03:58:58 AM UTC /usr/share/wazuh-indexer/plugins/opensearch-sql/presto-matching-0.240.jar
0100640 wazuh-indexer wazuh-indexer    35985 Fri 14 Jan 2022 03:58:58 AM UTC /usr/share/wazuh-indexer/plugins/opensearch-sql/protocol-1.2.4.0.jar
0100640 wazuh-indexer wazuh-indexer   120073 Fri 14 Jan 2022 03:58:58 AM UTC /usr/share/wazuh-indexer/plugins/opensearch-sql/reindex-client-1.2.4.jar
0100640 wazuh-indexer wazuh-indexer    53736 Fri 14 Jan 2022 03:58:58 AM UTC /usr/share/wazuh-indexer/plugins/opensearch-sql/resilience4j-core-1.5.0.jar
0100640 wazuh-indexer wazuh-indexer    46326 Fri 14 Jan 2022 03:58:58 AM UTC /usr/share/wazuh-indexer/plugins/opensearch-sql/resilience4j-retry-1.5.0.jar
0100640 wazuh-indexer wazuh-indexer    41472 Fri 14 Jan 2022 03:58:58 AM UTC /usr/share/wazuh-indexer/plugins/opensearch-sql/slf4j-api-1.7.30.jar
0100640 wazuh-indexer wazuh-indexer   372325 Fri 14 Jan 2022 03:58:58 AM UTC /usr/share/wazuh-indexer/plugins/opensearch-sql/spring-aop-5.2.5.RELEASE.jar
0100640 wazuh-indexer wazuh-indexer   685311 Fri 14 Jan 2022 03:58:58 AM UTC /usr/share/wazuh-indexer/plugins/opensearch-sql/spring-beans-5.2.5.RELEASE.jar
0100640 wazuh-indexer wazuh-indexer  1227620 Fri 14 Jan 2022 03:58:58 AM UTC /usr/share/wazuh-indexer/plugins/opensearch-sql/spring-context-5.2.5.RELEASE.jar
0100640 wazuh-indexer wazuh-indexer  1440907 Fri 14 Jan 2022 03:58:58 AM UTC /usr/share/wazuh-indexer/plugins/opensearch-sql/spring-core-5.2.5.RELEASE.jar
0100640 wazuh-indexer wazuh-indexer   282183 Fri 14 Jan 2022 03:58:58 AM UTC /usr/share/wazuh-indexer/plugins/opensearch-sql/spring-expression-5.2.5.RELEASE.jar
0100640 wazuh-indexer wazuh-indexer    23961 Fri 14 Jan 2022 03:58:58 AM UTC /usr/share/wazuh-indexer/plugins/opensearch-sql/spring-jcl-5.2.5.RELEASE.jar
0100640 wazuh-indexer wazuh-indexer   282824 Fri 14 Jan 2022 03:58:58 AM UTC /usr/share/wazuh-indexer/plugins/opensearch-sql/sql-1.2.4.0.jar
0100640 wazuh-indexer wazuh-indexer   897876 Fri 14 Jan 2022 03:58:58 AM UTC /usr/share/wazuh-indexer/plugins/opensearch-sql/vavr-0.10.2.jar
0100640 wazuh-indexer wazuh-indexer     3039 Fri 14 Jan 2022 03:58:58 AM UTC /usr/share/wazuh-indexer/plugins/opensearch-sql/vavr-match-0.10.2.jar
 040750 wazuh-indexer wazuh-indexer        0 Thu 06 Oct 2022 06:33:22 PM UTC /var/lib/wazuh-indexer
 040750 wazuh-indexer wazuh-indexer        0 Thu 06 Oct 2022 06:33:22 PM UTC /var/log/wazuh-indexer

AdriiiPRodri · 2022-10-10T07:10:55Z

Wazuh Indexer installation footprint 🟢

[root@ip-172-31-27-153 /]# find /etc -user wazuh-indexer -not -regex ".*wazuh\-indexer.*" -name "*"
[root@ip-172-31-27-153 /]# find /usr -user wazuh-indexer -not -regex ".*wazuh\-indexer.*" -name "*"
[root@ip-172-31-27-153 /]# find /var -user wazuh-indexer -not -regex ".*wazuh\-indexer.*" -name "*"
[root@ip-172-31-27-153 /]# find /bin -user wazuh-indexer -not -regex ".*wazuh\-indexer.*" -name "*"
[root@ip-172-31-27-153 /]# find /etc -group wazuh-indexer -not -regex ".*wazuh\-indexer.*" -name "*"
[root@ip-172-31-27-153 /]# find /usr -group wazuh-indexer -not -regex ".*wazuh\-indexer.*" -name "*"
[root@ip-172-31-27-153 /]# find /var -group wazuh-indexer -not -regex ".*wazuh\-indexer.*" -name "*"
[root@ip-172-31-27-153 /]# find /bin -group wazuh-indexer -not -regex ".*wazuh\-indexer.*" -name "*"

AdriiiPRodri · 2022-10-10T07:11:22Z

Wazuh Indexer installed service 🟢

[root@ip-172-31-27-153 /]# systemctl status wazuh-indexer
● wazuh-indexer.service - Wazuh-indexer
   Loaded: loaded (/usr/lib/systemd/system/wazuh-indexer.service; enabled; vendor preset: disabled)
   Active: active (running) since Fri 2022-10-07 10:00:30 UTC; 3h 26min ago
     Docs: https://documentation.wazuh.com
 Main PID: 720 (java)
   CGroup: /system.slice/wazuh-indexer.service
           └─720 /usr/share/wazuh-indexer/jdk/bin/java -Xshare:auto -Dopensearch.networkaddress.cache.ttl=60 -Dopensearch.networkaddress.cache.negative.ttl=10 -XX:+AlwaysPreTouch -Xss1m -Djava.awt.headless=true ...

Oct 07 10:00:17 ip-172-31-27-153.ec2.internal systemd[1]: Starting Wazuh-indexer...
Oct 07 10:00:28 ip-172-31-27-153.ec2.internal systemd-entrypoint[720]: WARNING: An illegal reflective access operation has occurred
Oct 07 10:00:28 ip-172-31-27-153.ec2.internal systemd-entrypoint[720]: WARNING: Illegal reflective access by io.protostuff.runtime.PolymorphicThrowableSchema (file:/usr/share/wazuh-indexer/plugins/op...owable.cause
Oct 07 10:00:28 ip-172-31-27-153.ec2.internal systemd-entrypoint[720]: WARNING: Please consider reporting this to the maintainers of io.protostuff.runtime.PolymorphicThrowableSchema
Oct 07 10:00:28 ip-172-31-27-153.ec2.internal systemd-entrypoint[720]: WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations
Oct 07 10:00:28 ip-172-31-27-153.ec2.internal systemd-entrypoint[720]: WARNING: All illegal access operations will be denied in a future release
Oct 07 10:00:30 ip-172-31-27-153.ec2.internal systemd[1]: Started Wazuh-indexer.
Hint: Some lines were ellipsized, use -l to show in full.

[root@ip-172-31-27-153 /]# systemctl is-enabled wazuh-indexer
enabled

[root@ip-172-31-27-153 /]# systemctl cat wazuh-indexer.service
# /usr/lib/systemd/system/wazuh-indexer.service
[Unit]
Description=Wazuh-indexer
Documentation=https://documentation.wazuh.com
Wants=network-online.target
After=network-online.target

[Service]
Type=notify
RuntimeDirectory=wazuh-indexer
PrivateTmp=yes
Environment=OPENSEARCH_HOME=/usr/share/wazuh-indexer
Environment=OPENSEARCH_PATH_CONF=/etc/wazuh-indexer
Environment=PID_DIR=/run/wazuh-indexer
Environment=OPENSEARCH_SD_NOTIFY=true
EnvironmentFile=-/etc/sysconfig/wazuh-indexer

WorkingDirectory=/usr/share/wazuh-indexer

User=wazuh-indexer
Group=wazuh-indexer

ExecStart=/usr/share/wazuh-indexer/bin/systemd-entrypoint -p ${PID_DIR}/wazuh-indexer.pid --quiet

# StandardOutput is configured to redirect to journalctl since
# some error messages may be logged in standard output before
# wazuh-indexer logging system is initialized. Elasticsearch
# stores its logs in /var/log/wazuh-indexer and does not use
# journalctl by default. If you also want to enable journalctl
# logging, you can simply remove the "quiet" option from ExecStart.
StandardOutput=journal
StandardError=inherit

# Specifies the maximum file descriptor number that can be opened by this process
LimitNOFILE=65535

# Specifies the maximum number of processes
LimitNPROC=4096

# Specifies the maximum size of virtual memory
LimitAS=infinity

# Specifies the maximum file size
LimitFSIZE=infinity

# Disable timeout logic and wait until process is stopped
TimeoutStopSec=0

# SIGTERM signal is used to stop the Java process
KillSignal=SIGTERM

# Send the signal only to the JVM rather than its control group
KillMode=process

# Java process is never killed
SendSIGKILL=no

# When a JVM receives a SIGTERM signal it exits with code 143
SuccessExitStatus=143

# Allow a slow startup before the systemd notifier module kicks in to extend the timeout
TimeoutStartSec=75

[Install]
WantedBy=multi-user.target

AdriiiPRodri · 2022-10-10T07:11:52Z

Wazuh Indexer installation logs 🟢

[root@ip-172-31-27-153 /]# journalctl | grep -i indexer
Oct 07 09:52:50 ip-172-31-27-153.ec2.internal groupadd[460]: group added to /etc/group: name=wazuh-indexer, GID=993
Oct 07 09:52:50 ip-172-31-27-153.ec2.internal groupadd[460]: group added to /etc/gshadow: name=wazuh-indexer
Oct 07 09:52:50 ip-172-31-27-153.ec2.internal groupadd[460]: new group: name=wazuh-indexer, GID=993
Oct 07 09:52:50 ip-172-31-27-153.ec2.internal useradd[465]: new user: name=wazuh-indexer, UID=995, GID=993, home=/usr/share/wazuh-indexer, shell=/sbin/nologin
Oct 07 09:53:26 ip-172-31-27-153.ec2.internal yum[456]: Installed: wazuh-indexer-4.3.9-1.x86_64
Oct 07 10:00:12 ip-172-31-27-153.ec2.internal systemd[1]: Configuration file /usr/lib/systemd/system/wazuh-indexer.service is marked world-inaccessible. This has no effect as configuration data is accessible via APIs without restrictions. Proceeding anyway.
Oct 07 10:00:12 ip-172-31-27-153.ec2.internal systemd[1]: Configuration file /usr/lib/systemd/system/wazuh-indexer.service is marked world-inaccessible. This has no effect as configuration data is accessible via APIs without restrictions. Proceeding anyway.
Oct 07 10:00:12 ip-172-31-27-153.ec2.internal systemd[1]: Configuration file /usr/lib/systemd/system/wazuh-indexer.service is marked world-inaccessible. This has no effect as configuration data is accessible via APIs without restrictions. Proceeding anyway.
Oct 07 10:00:17 ip-172-31-27-153.ec2.internal systemd[1]: Starting Wazuh-indexer...
Oct 07 10:00:28 ip-172-31-27-153.ec2.internal systemd-entrypoint[720]: WARNING: Illegal reflective access by io.protostuff.runtime.PolymorphicThrowableSchema (file:/usr/share/wazuh-indexer/plugins/opensearch-anomaly-detection/protostuff-runtime-1.7.4.jar) to field java.lang.Throwable.cause
Oct 07 10:00:30 ip-172-31-27-153.ec2.internal systemd[1]: Started Wazuh-indexer.

AdriiiPRodri · 2022-10-10T07:12:13Z

Wazuh Indexer templates and indices created 🟢

[root@ip-172-31-27-153 /]# curl -u admin:admin -k https://172.31.27.153:9200/_cat/indices?v=true
health status index                       uuid                   pri rep docs.count docs.deleted store.size pri.store.size
green  open   wazuh-monitoring-2022.40w   EhCmDSreSSSrslf6-614Lw   1   0          0            0       208b           208b
green  open   wazuh-statistics-2022.40w   EqwVk5vbRF6RlhvbL5AU3w   1   0         12            0     77.7kb         77.7kb
green  open   .opendistro_security        mgkD8nvDTg6sZ0ARSb8b5A   1   0          9            0     59.6kb         59.6kb
green  open   .kibana_1                   E-w3cN0tSp2qwKqRGJOdDA   1   0          5            9    115.1kb        115.1kb
green  open   wazuh-alerts-4.x-2022.10.07 0IzORrVeRseGT9GnD01i-g   3   0       1129            0      1.9mb          1.9mb

[root@ip-172-31-27-153 /]# curl -u admin:admin -k https://172.31.27.153:9200/_cat/templates?pretty
wazuh            [wazuh-alerts-4.x-*, wazuh-archives-4.x-*] 0 1 
wazuh-agent      [wazuh-monitoring-*]                       0   
wazuh-statistics [wazuh-statistics-*]                       0

AdriiiPRodri · 2022-10-10T07:12:30Z

Wazuh indexer configuration 🟢

`opensearch.yml` file

[root@ip-172-31-27-153 /]# cat /etc/wazuh-indexer/opensearch.yml 
network.host: "172.31.27.153"
node.name: "node-1"
cluster.initial_master_nodes:
- "node-1"
#- "node-2"
#- "node-3"
cluster.name: "wazuh-cluster"
#discovery.seed_hosts:
#  - "node-1-ip"
#  - "node-2-ip"
#  - "node-3-ip"
node.max_local_storage_nodes: "3"
path.data: /var/lib/wazuh-indexer
path.logs: /var/log/wazuh-indexer

plugins.security.ssl.http.pemcert_filepath: /etc/wazuh-indexer/certs/indexer.pem
plugins.security.ssl.http.pemkey_filepath: /etc/wazuh-indexer/certs/indexer-key.pem
plugins.security.ssl.http.pemtrustedcas_filepath: /etc/wazuh-indexer/certs/root-ca.pem
plugins.security.ssl.transport.pemcert_filepath: /etc/wazuh-indexer/certs/indexer.pem
plugins.security.ssl.transport.pemkey_filepath: /etc/wazuh-indexer/certs/indexer-key.pem
plugins.security.ssl.transport.pemtrustedcas_filepath: /etc/wazuh-indexer/certs/root-ca.pem
plugins.security.ssl.http.enabled: true
plugins.security.ssl.transport.enforce_hostname_verification: false
plugins.security.ssl.transport.resolve_hostname: false

plugins.security.authcz.admin_dn:
- "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
plugins.security.check_snapshot_restore_write_privileges: true
plugins.security.enable_snapshot_restore_privilege: true
plugins.security.nodes_dn:
- "CN=node-1,OU=Wazuh,O=Wazuh,L=California,C=US"
#- "CN=node-2,OU=Wazuh,O=Wazuh,L=California,C=US"
#- "CN=node-3,OU=Wazuh,O=Wazuh,L=California,C=US"
plugins.security.restapi.roles_enabled:
- "all_access"
- "security_rest_api_access"

plugins.security.system_indices.enabled: true
plugins.security.system_indices.indices: [".opendistro-alerting-config", ".opendistro-alerting-alert*", ".opendistro-anomaly-results*", ".opendistro-anomaly-detector*", ".opendistro-anomaly-checkpoints", ".opendistro-anomaly-detection-state", ".opendistro-reports-*", ".opendistro-notifications-*", ".opendistro-notebooks", ".opensearch-observability", ".opendistro-asynchronous-search-response*", ".replication-metadata-store"]

### Option to allow Filebeat-oss 7.10.2 to work ###
compatibility.override_main_response_version: true

Shards

[root@ip-172-31-27-153 /]# curl -u admin:admin -k https://172.31.27.153:9200/_cat/shards?v=true
index                       shard prirep state   docs   store ip            node
.kibana_1                   0     p      STARTED    0    208b 172.31.27.153 node-1
wazuh-alerts-4.x-2022.10.07 2     p      STARTED  230 543.5kb 172.31.27.153 node-1
wazuh-alerts-4.x-2022.10.07 1     p      STARTED  210 419.4kb 172.31.27.153 node-1
wazuh-alerts-4.x-2022.10.07 0     p      STARTED  228 478.2kb 172.31.27.153 node-1
.opendistro_security        0     p      STARTED    9  59.6kb 172.31.27.153 node-1

AdriiiPRodri · 2022-10-10T07:14:09Z

Wazuh Indexer cluster node communication and configuration 🟢

Configuration

See output

[root@ip-172-31-27-153 /]# curl -u admin:admin -k https://172.31.27.153:9200/_nodes?pretty
{
  "_nodes" : {
    "total" : 1,
    "successful" : 1,
    "failed" : 0
  },
  "cluster_name" : "wazuh-cluster",
  "nodes" : {
    "znaXQHI3TCquLVkBjP-PcA" : {
      "name" : "node-1",
      "transport_address" : "172.31.27.153:9300",
      "host" : "172.31.27.153",
      "ip" : "172.31.27.153",
      "version" : "1.2.4",
      "build_type" : "rpm",
      "build_hash" : "e505b10357c03ae8d26d675172402f2f2144ef0f",
      "total_indexing_buffer" : 107374182,
      "roles" : [
        "data",
        "ingest",
        "master",
        "remote_cluster_client"
      ],
      "attributes" : {
        "shard_indexing_pressure_enabled" : "true"
      },
      "settings" : {
        "cluster" : {
          "initial_master_nodes" : [
            "node-1"
          ],
          "name" : "wazuh-cluster"
        },
        "node" : {
          "max_local_storage_nodes" : "3",
          "name" : "node-1",
          "pidfile" : "/run/wazuh-indexer/wazuh-indexer.pid",
          "attr" : {
            "shard_indexing_pressure_enabled" : "true"
          }
        },
        "path" : {
          "data" : [
            "/var/lib/wazuh-indexer"
          ],
          "logs" : "/var/log/wazuh-indexer",
          "home" : "/usr/share/wazuh-indexer"
        },
        "client" : {
          "type" : "node"
        },
        "http" : {
          "compression" : "false",
          "type" : "org.opensearch.security.http.SecurityHttpServerTransport",
          "type.default" : "netty4"
        },
        "transport" : {
          "type" : "org.opensearch.security.ssl.http.netty.SecuritySSLNettyTransport",
          "type.default" : "netty4"
        },
        "compatibility" : {
          "override_main_response_version" : "true"
        },
        "network" : {
          "host" : "172.31.27.153"
        }
      },
      "os" : {
        "refresh_interval_in_millis" : 1000,
        "name" : "Linux",
        "pretty_name" : "Amazon Linux 2",
        "arch" : "amd64",
        "version" : "5.10.135-122.509.amzn2.x86_64",
        "available_processors" : 2,
        "allocated_processors" : 2
      },
      "process" : {
        "refresh_interval_in_millis" : 1000,
        "id" : 720,
        "mlockall" : false
      },
      "jvm" : {
        "pid" : 720,
        "version" : "15.0.1",
        "vm_name" : "OpenJDK 64-Bit Server VM",
        "vm_version" : "15.0.1+9",
        "vm_vendor" : "AdoptOpenJDK",
        "bundled_jdk" : true,
        "using_bundled_jdk" : true,
        "start_time_in_millis" : 1665136819547,
        "mem" : {
          "heap_init_in_bytes" : 1073741824,
          "heap_max_in_bytes" : 1073741824,
          "non_heap_init_in_bytes" : 7667712,
          "non_heap_max_in_bytes" : 0,
          "direct_max_in_bytes" : 0
        },
        "gc_collectors" : [
          "G1 Young Generation",
          "G1 Old Generation"
        ],
        "memory_pools" : [
          "CodeHeap 'non-nmethods'",
          "Metaspace",
          "CodeHeap 'profiled nmethods'",
          "Compressed Class Space",
          "G1 Eden Space",
          "G1 Old Gen",
          "G1 Survivor Space",
          "CodeHeap 'non-profiled nmethods'"
        ],
        "using_compressed_ordinary_object_pointers" : "true",
        "input_arguments" : [
          "-Xshare:auto",
          "-Dopensearch.networkaddress.cache.ttl=60",
          "-Dopensearch.networkaddress.cache.negative.ttl=10",
          "-XX:+AlwaysPreTouch",
          "-Xss1m",
          "-Djava.awt.headless=true",
          "-Dfile.encoding=UTF-8",
          "-Djna.nosys=true",
          "-XX:-OmitStackTraceInFastThrow",
          "-XX:+ShowCodeDetailsInExceptionMessages",
          "-Dio.netty.noUnsafe=true",
          "-Dio.netty.noKeySetOptimization=true",
          "-Dio.netty.recycler.maxCapacityPerThread=0",
          "-Dio.netty.allocator.numDirectArenas=0",
          "-Dlog4j.shutdownHookEnabled=false",
          "-Dlog4j2.disable.jmx=true",
          "-Djava.locale.providers=SPI,COMPAT",
          "-Xms1g",
          "-Xmx1g",
          "-XX:+UseG1GC",
          "-XX:G1ReservePercent=25",
          "-XX:InitiatingHeapOccupancyPercent=30",
          "-Djava.io.tmpdir=/tmp/opensearch-11557176875446873401",
          "-XX:+HeapDumpOnOutOfMemoryError",
          "-XX:HeapDumpPath=data",
          "-XX:ErrorFile=/var/log/wazuh-indexer/hs_err_pid%p.log",
          "-Xlog:gc*,gc+age=trace,safepoint:file=/var/log/wazuh-indexer/gc.log:utctime,pid,tags:filecount=32,filesize=64m",
          "-XX:MaxDirectMemorySize=536870912",
          "-Dopensearch.path.home=/usr/share/wazuh-indexer",
          "-Dopensearch.path.conf=/etc/wazuh-indexer",
          "-Dopensearch.distribution.type=rpm",
          "-Dopensearch.bundled_jdk=true"
        ]
      },
      "thread_pool" : {
        "force_merge" : {
          "type" : "fixed",
          "size" : 1,
          "queue_size" : -1
        },
        "fetch_shard_started" : {
          "type" : "scaling",
          "core" : 1,
          "max" : 4,
          "keep_alive" : "5m",
          "queue_size" : -1
        },
        "listener" : {
          "type" : "fixed",
          "size" : 1,
          "queue_size" : -1
        },
        "training" : {
          "type" : "fixed",
          "size" : 1,
          "queue_size" : 1
        },
        "sql-worker" : {
          "type" : "fixed",
          "size" : 2,
          "queue_size" : 1000
        },
        "search" : {
          "type" : "fixed_auto_queue_size",
          "size" : 4,
          "queue_size" : 1000
        },
        "opensearch_asynchronous_search_generic" : {
          "type" : "scaling",
          "core" : 1,
          "max" : 4,
          "keep_alive" : "30m",
          "queue_size" : -1
        },
        "flush" : {
          "type" : "scaling",
          "core" : 1,
          "max" : 1,
          "keep_alive" : "5m",
          "queue_size" : -1
        },
        "fetch_shard_store" : {
          "type" : "scaling",
          "core" : 1,
          "max" : 4,
          "keep_alive" : "5m",
          "queue_size" : -1
        },
        "get" : {
          "type" : "fixed",
          "size" : 2,
          "queue_size" : 1000
        },
        "system_read" : {
          "type" : "fixed",
          "size" : 1,
          "queue_size" : 2000
        },
        "open_distro_job_scheduler" : {
          "type" : "fixed",
          "size" : 2,
          "queue_size" : 200
        },
        "write" : {
          "type" : "fixed",
          "size" : 2,
          "queue_size" : 10000
        },
        "replication_follower" : {
          "type" : "scaling",
          "core" : 1,
          "max" : 10,
          "keep_alive" : "1m",
          "queue_size" : -1
        },
        "refresh" : {
          "type" : "scaling",
          "core" : 1,
          "max" : 1,
          "keep_alive" : "5m",
          "queue_size" : -1
        },
        "replication_leader" : {
          "type" : "fixed",
          "size" : 4,
          "queue_size" : 1000
        },
        "system_write" : {
          "type" : "fixed",
          "size" : 1,
          "queue_size" : 1000
        },
        "generic" : {
          "type" : "scaling",
          "core" : 4,
          "max" : 128,
          "keep_alive" : "30s",
          "queue_size" : -1
        },
        "warmer" : {
          "type" : "scaling",
          "core" : 1,
          "max" : 1,
          "keep_alive" : "5m",
          "queue_size" : -1
        },
        "management" : {
          "type" : "scaling",
          "core" : 1,
          "max" : 5,
          "keep_alive" : "5m",
          "queue_size" : -1
        },
        "analyze" : {
          "type" : "fixed",
          "size" : 1,
          "queue_size" : 16
        },
        "ad-threadpool" : {
          "type" : "scaling",
          "core" : 1,
          "max" : 1,
          "keep_alive" : "10m",
          "queue_size" : -1
        },
        "snapshot" : {
          "type" : "scaling",
          "core" : 1,
          "max" : 1,
          "keep_alive" : "5m",
          "queue_size" : -1
        },
        "search_throttled" : {
          "type" : "fixed_auto_queue_size",
          "size" : 1,
          "queue_size" : 100
        },
        "ad-batch-task-threadpool" : {
          "type" : "scaling",
          "core" : 1,
          "max" : 1,
          "keep_alive" : "10m",
          "queue_size" : -1
        }
      },
      "transport" : {
        "bound_address" : [
          "172.31.27.153:9300"
        ],
        "publish_address" : "172.31.27.153:9300",
        "profiles" : { }
      },
      "http" : {
        "bound_address" : [
          "172.31.27.153:9200"
        ],
        "publish_address" : "172.31.27.153:9200",
        "max_content_length_in_bytes" : 104857600
      },
      "plugins" : [
        {
          "name" : "opensearch-alerting",
          "version" : "1.2.4.0",
          "opensearch_version" : "1.2.4",
          "java_version" : "1.8",
          "description" : "Amazon OpenSearch alerting plugin",
          "classname" : "org.opensearch.alerting.AlertingPlugin",
          "custom_foldername" : "",
          "extended_plugins" : [
            "lang-painless"
          ],
          "has_native_controller" : false
        },
        {
          "name" : "opensearch-anomaly-detection",
          "version" : "1.2.4.0",
          "opensearch_version" : "1.2.4",
          "java_version" : "1.8",
          "description" : "OpenSearch anomaly detector plugin",
          "classname" : "org.opensearch.ad.AnomalyDetectorPlugin",
          "custom_foldername" : "",
          "extended_plugins" : [
            "lang-painless",
            "opensearch-job-scheduler"
          ],
          "has_native_controller" : false
        },
        {
          "name" : "opensearch-asynchronous-search",
          "version" : "1.2.4.0",
          "opensearch_version" : "1.2.4",
          "java_version" : "1.8",
          "description" : "Provides support for asynchronous search",
          "classname" : "org.opensearch.search.asynchronous.plugin.AsynchronousSearchPlugin",
          "custom_foldername" : "",
          "extended_plugins" : [ ],
          "has_native_controller" : false
        },
        {
          "name" : "opensearch-cross-cluster-replication",
          "version" : "1.2.4.0",
          "opensearch_version" : "1.2.4",
          "java_version" : "1.8",
          "description" : "OpenSearch Cross Cluster Replication Plugin",
          "classname" : "org.opensearch.replication.ReplicationPlugin",
          "custom_foldername" : "",
          "extended_plugins" : [ ],
          "has_native_controller" : false
        },
        {
          "name" : "opensearch-index-management",
          "version" : "1.2.4.0",
          "opensearch_version" : "1.2.4",
          "java_version" : "1.8",
          "description" : "OpenSearch Index Management Plugin",
          "classname" : "org.opensearch.indexmanagement.IndexManagementPlugin",
          "custom_foldername" : "",
          "extended_plugins" : [
            "opensearch-job-scheduler"
          ],
          "has_native_controller" : false
        },
        {
          "name" : "opensearch-job-scheduler",
          "version" : "1.2.4.0",
          "opensearch_version" : "1.2.4",
          "java_version" : "1.8",
          "description" : "OpenSearch Job Scheduler plugin",
          "classname" : "org.opensearch.jobscheduler.JobSchedulerPlugin",
          "custom_foldername" : "",
          "extended_plugins" : [ ],
          "has_native_controller" : false
        },
        {
          "name" : "opensearch-knn",
          "version" : "1.2.4.0",
          "opensearch_version" : "1.2.4",
          "java_version" : "1.8",
          "description" : "OpenSearch k-NN plugin",
          "classname" : "org.opensearch.knn.plugin.KNNPlugin",
          "custom_foldername" : "",
          "extended_plugins" : [
            "lang-painless"
          ],
          "has_native_controller" : false
        },
        {
          "name" : "opensearch-observability",
          "version" : "1.2.4.0",
          "opensearch_version" : "1.2.4",
          "java_version" : "1.8",
          "description" : "OpenSearch Plugin for OpenSearch Dashboards Observability",
          "classname" : "org.opensearch.observability.ObservabilityPlugin",
          "custom_foldername" : "",
          "extended_plugins" : [ ],
          "has_native_controller" : false
        },
        {
          "name" : "opensearch-performance-analyzer",
          "version" : "1.2.4.0",
          "opensearch_version" : "1.2.4",
          "java_version" : "1.8",
          "description" : "OpenSearch Performance Analyzer Plugin",
          "classname" : "org.opensearch.performanceanalyzer.PerformanceAnalyzerPlugin",
          "custom_foldername" : "",
          "extended_plugins" : [ ],
          "has_native_controller" : false
        },
        {
          "name" : "opensearch-reports-scheduler",
          "version" : "1.2.4.0",
          "opensearch_version" : "1.2.4",
          "java_version" : "1.8",
          "description" : "Scheduler for Dashboards Reports Plugin",
          "classname" : "org.opensearch.reportsscheduler.ReportsSchedulerPlugin",
          "custom_foldername" : "",
          "extended_plugins" : [
            "opensearch-job-scheduler"
          ],
          "has_native_controller" : false
        },
        {
          "name" : "opensearch-security",
          "version" : "1.2.4.0",
          "opensearch_version" : "1.2.4",
          "java_version" : "1.8",
          "description" : "Provide access control related features for OpenSearch 1.0.0",
          "classname" : "org.opensearch.security.OpenSearchSecurityPlugin",
          "custom_foldername" : null,
          "extended_plugins" : [ ],
          "has_native_controller" : false
        },
        {
          "name" : "opensearch-sql",
          "version" : "1.2.4.0",
          "opensearch_version" : "1.2.4",
          "java_version" : "1.8",
          "description" : "OpenSearch SQL",
          "classname" : "org.opensearch.sql.plugin.SQLPlugin",
          "custom_foldername" : "",
          "extended_plugins" : [ ],
          "has_native_controller" : false
        }
      ],
      "modules" : [
        {
          "name" : "aggs-matrix-stats",
          "version" : "1.2.4",
          "opensearch_version" : "1.2.4",
          "java_version" : "1.8",
          "description" : "Adds aggregations whose input are a list of numeric fields and output includes a matrix.",
          "classname" : "org.opensearch.search.aggregations.matrix.MatrixAggregationPlugin",
          "custom_foldername" : "",
          "extended_plugins" : [ ],
          "has_native_controller" : false
        },
        {
          "name" : "analysis-common",
          "version" : "1.2.4",
          "opensearch_version" : "1.2.4",
          "java_version" : "1.8",
          "description" : "Adds \"built in\" analyzers to OpenSearch.",
          "classname" : "org.opensearch.analysis.common.CommonAnalysisPlugin",
          "custom_foldername" : "",
          "extended_plugins" : [
            "lang-painless"
          ],
          "has_native_controller" : false
        },
        {
          "name" : "geo",
          "version" : "1.2.4",
          "opensearch_version" : "1.2.4",
          "java_version" : "1.8",
          "description" : "Placeholder plugin for geospatial features in OpenSearch. only registers geo_shape field mapper for now",
          "classname" : "org.opensearch.geo.GeoPlugin",
          "custom_foldername" : "",
          "extended_plugins" : [ ],
          "has_native_controller" : false
        },
        {
          "name" : "ingest-common",
          "version" : "1.2.4",
          "opensearch_version" : "1.2.4",
          "java_version" : "1.8",
          "description" : "Module for ingest processors that do not require additional security permissions or have large dependencies and resources",
          "classname" : "org.opensearch.ingest.common.IngestCommonPlugin",
          "custom_foldername" : "",
          "extended_plugins" : [
            "lang-painless"
          ],
          "has_native_controller" : false
        },
        {
          "name" : "ingest-geoip",
          "version" : "1.2.4",
          "opensearch_version" : "1.2.4",
          "java_version" : "1.8",
          "description" : "Ingest processor that uses looksup geo data based on ip adresses using the Maxmind geo database",
          "classname" : "org.opensearch.ingest.geoip.IngestGeoIpPlugin",
          "custom_foldername" : "",
          "extended_plugins" : [ ],
          "has_native_controller" : false
        },
        {
          "name" : "ingest-user-agent",
          "version" : "1.2.4",
          "opensearch_version" : "1.2.4",
          "java_version" : "1.8",
          "description" : "Ingest processor that extracts information from a user agent",
          "classname" : "org.opensearch.ingest.useragent.IngestUserAgentPlugin",
          "custom_foldername" : "",
          "extended_plugins" : [ ],
          "has_native_controller" : false
        },
        {
          "name" : "lang-expression",
          "version" : "1.2.4",
          "opensearch_version" : "1.2.4",
          "java_version" : "1.8",
          "description" : "Lucene expressions integration for OpenSearch",
          "classname" : "org.opensearch.script.expression.ExpressionPlugin",
          "custom_foldername" : "",
          "extended_plugins" : [ ],
          "has_native_controller" : false
        },
        {
          "name" : "lang-mustache",
          "version" : "1.2.4",
          "opensearch_version" : "1.2.4",
          "java_version" : "1.8",
          "description" : "Mustache scripting integration for OpenSearch",
          "classname" : "org.opensearch.script.mustache.MustachePlugin",
          "custom_foldername" : "",
          "extended_plugins" : [ ],
          "has_native_controller" : false
        },
        {
          "name" : "lang-painless",
          "version" : "1.2.4",
          "opensearch_version" : "1.2.4",
          "java_version" : "1.8",
          "description" : "An easy, safe and fast scripting language for OpenSearch",
          "classname" : "org.opensearch.painless.PainlessPlugin",
          "custom_foldername" : "",
          "extended_plugins" : [ ],
          "has_native_controller" : false
        },
        {
          "name" : "mapper-extras",
          "version" : "1.2.4",
          "opensearch_version" : "1.2.4",
          "java_version" : "1.8",
          "description" : "Adds advanced field mappers",
          "classname" : "org.opensearch.index.mapper.MapperExtrasPlugin",
          "custom_foldername" : "",
          "extended_plugins" : [ ],
          "has_native_controller" : false
        },
        {
          "name" : "opensearch-dashboards",
          "version" : "1.2.4",
          "opensearch_version" : "1.2.4",
          "java_version" : "1.8",
          "description" : "Plugin exposing APIs for OpenSearch Dashboards system indices",
          "classname" : "org.opensearch.dashboards.OpenSearchDashboardsPlugin",
          "custom_foldername" : "",
          "extended_plugins" : [ ],
          "has_native_controller" : false
        },
        {
          "name" : "parent-join",
          "version" : "1.2.4",
          "opensearch_version" : "1.2.4",
          "java_version" : "1.8",
          "description" : "This module adds the support parent-child queries and aggregations",
          "classname" : "org.opensearch.join.ParentJoinPlugin",
          "custom_foldername" : "",
          "extended_plugins" : [ ],
          "has_native_controller" : false
        },
        {
          "name" : "percolator",
          "version" : "1.2.4",
          "opensearch_version" : "1.2.4",
          "java_version" : "1.8",
          "description" : "Percolator module adds capability to index queries and query these queries by specifying documents",
          "classname" : "org.opensearch.percolator.PercolatorPlugin",
          "custom_foldername" : "",
          "extended_plugins" : [ ],
          "has_native_controller" : false
        },
        {
          "name" : "rank-eval",
          "version" : "1.2.4",
          "opensearch_version" : "1.2.4",
          "java_version" : "1.8",
          "description" : "The Rank Eval module adds APIs to evaluate ranking quality.",
          "classname" : "org.opensearch.index.rankeval.RankEvalPlugin",
          "custom_foldername" : "",
          "extended_plugins" : [ ],
          "has_native_controller" : false
        },
        {
          "name" : "reindex",
          "version" : "1.2.4",
          "opensearch_version" : "1.2.4",
          "java_version" : "1.8",
          "description" : "The Reindex module adds APIs to reindex from one index to another or update documents in place.",
          "classname" : "org.opensearch.index.reindex.ReindexPlugin",
          "custom_foldername" : "",
          "extended_plugins" : [ ],
          "has_native_controller" : false
        },
        {
          "name" : "repository-url",
          "version" : "1.2.4",
          "opensearch_version" : "1.2.4",
          "java_version" : "1.8",
          "description" : "Module for URL repository",
          "classname" : "org.opensearch.plugin.repository.url.URLRepositoryPlugin",
          "custom_foldername" : "",
          "extended_plugins" : [ ],
          "has_native_controller" : false
        },
        {
          "name" : "systemd",
          "version" : "1.2.4",
          "opensearch_version" : "1.2.4",
          "java_version" : "1.8",
          "description" : "Integrates OpenSearch with systemd",
          "classname" : "org.opensearch.systemd.SystemdPlugin",
          "custom_foldername" : "",
          "extended_plugins" : [ ],
          "has_native_controller" : false
        },
        {
          "name" : "transport-netty4",
          "version" : "1.2.4",
          "opensearch_version" : "1.2.4",
          "java_version" : "1.8",
          "description" : "Netty 4 based transport implementation",
          "classname" : "org.opensearch.transport.Netty4Plugin",
          "custom_foldername" : "",
          "extended_plugins" : [ ],
          "has_native_controller" : false
        }
      ],
      "ingest" : {
        "processors" : [
          {
            "type" : "append"
          },
          {
            "type" : "bytes"
          },
          {
            "type" : "convert"
          },
          {
            "type" : "csv"
          },
          {
            "type" : "date"
          },
          {
            "type" : "date_index_name"
          },
          {
            "type" : "dissect"
          },
          {
            "type" : "dot_expander"
          },
          {
            "type" : "drop"
          },
          {
            "type" : "fail"
          },
          {
            "type" : "foreach"
          },
          {
            "type" : "geoip"
          },
          {
            "type" : "grok"
          },
          {
            "type" : "gsub"
          },
          {
            "type" : "html_strip"
          },
          {
            "type" : "join"
          },
          {
            "type" : "json"
          },
          {
            "type" : "kv"
          },
          {
            "type" : "lowercase"
          },
          {
            "type" : "pipeline"
          },
          {
            "type" : "remove"
          },
          {
            "type" : "rename"
          },
          {
            "type" : "script"
          },
          {
            "type" : "set"
          },
          {
            "type" : "sort"
          },
          {
            "type" : "split"
          },
          {
            "type" : "trim"
          },
          {
            "type" : "uppercase"
          },
          {
            "type" : "urldecode"
          },
          {
            "type" : "user_agent"
          }
        ]
      },
      "aggregations" : {
        "adjacency_matrix" : {
          "types" : [
            "other"
          ]
        },
        "auto_date_histogram" : {
          "types" : [
            "boolean",
            "date",
            "numeric"
          ]
        },
        "avg" : {
          "types" : [
            "boolean",
            "date",
            "numeric"
          ]
        },
        "cardinality" : {
          "types" : [
            "boolean",
            "bytes",
            "date",
            "geopoint",
            "ip",
            "numeric",
            "range"
          ]
        },
        "children" : {
          "types" : [
            "other"
          ]
        },
        "composite" : {
          "types" : [
            "other"
          ]
        },
        "date_histogram" : {
          "types" : [
            "boolean",
            "date",
            "numeric",
            "range"
          ]
        },
        "date_range" : {
          "types" : [
            "boolean",
            "date",
            "numeric"
          ]
        },
        "diversified_sampler" : {
          "types" : [
            "boolean",
            "bytes",
            "date",
            "numeric"
          ]
        },
        "extended_stats" : {
          "types" : [
            "boolean",
            "date",
            "numeric"
          ]
        },
        "filter" : {
          "types" : [
            "other"
          ]
        },
        "filters" : {
          "types" : [
            "other"
          ]
        },
        "geo_bounds" : {
          "types" : [
            "geopoint"
          ]
        },
        "geo_centroid" : {
          "types" : [
            "geopoint"
          ]
        },
        "geo_distance" : {
          "types" : [
            "geopoint"
          ]
        },
        "geohash_grid" : {
          "types" : [
            "geopoint"
          ]
        },
        "geotile_grid" : {
          "types" : [
            "geopoint"
          ]
        },
        "global" : {
          "types" : [
            "other"
          ]
        },
        "histogram" : {
          "types" : [
            "boolean",
            "date",
            "numeric",
            "range"
          ]
        },
        "ip_range" : {
          "types" : [
            "ip"
          ]
        },
        "matrix_stats" : {
          "types" : [
            "other"
          ]
        },
        "max" : {
          "types" : [
            "boolean",
            "date",
            "numeric"
          ]
        },
        "median_absolute_deviation" : {
          "types" : [
            "numeric"
          ]
        },
        "min" : {
          "types" : [
            "boolean",
            "date",
            "numeric"
          ]
        },
        "missing" : {
          "types" : [
            "boolean",
            "bytes",
            "date",
            "geopoint",
            "ip",
            "numeric",
            "range"
          ]
        },
        "nested" : {
          "types" : [
            "other"
          ]
        },
        "parent" : {
          "types" : [
            "other"
          ]
        },
        "percentile_ranks" : {
          "types" : [
            "boolean",
            "date",
            "numeric"
          ]
        },
        "percentiles" : {
          "types" : [
            "boolean",
            "date",
            "numeric"
          ]
        },
        "range" : {
          "types" : [
            "boolean",
            "date",
            "numeric"
          ]
        },
        "rare_terms" : {
          "types" : [
            "boolean",
            "bytes",
            "date",
            "ip",
            "numeric"
          ]
        },
        "reverse_nested" : {
          "types" : [
            "other"
          ]
        },
        "sampler" : {
          "types" : [
            "other"
          ]
        },
        "scripted_metric" : {
          "types" : [
            "other"
          ]
        },
        "significant_terms" : {
          "types" : [
            "boolean",
            "bytes",
            "date",
            "ip",
            "numeric"
          ]
        },
        "significant_text" : {
          "types" : [
            "other"
          ]
        },
        "stats" : {
          "types" : [
            "boolean",
            "date",
            "numeric"
          ]
        },
        "sum" : {
          "types" : [
            "boolean",
            "date",
            "numeric"
          ]
        },
        "terms" : {
          "types" : [
            "boolean",
            "bytes",
            "date",
            "ip",
            "numeric"
          ]
        },
        "top_hits" : {
          "types" : [
            "other"
          ]
        },
        "value_count" : {
          "types" : [
            "boolean",
            "bytes",
            "date",
            "geopoint",
            "ip",
            "numeric",
            "range"
          ]
        },
        "variable_width_histogram" : {
          "types" : [
            "numeric"
          ]
        },
        "weighted_avg" : {
          "types" : [
            "numeric"
          ]
        }
      }
    }
  }
}

Nodes state

[root@ip-172-31-27-153 /]# curl -u admin:admin -k https://172.31.27.153:9200/_cluster/state/nodes?pretty
{
  "cluster_name" : "wazuh-cluster",
  "cluster_uuid" : "K927C6CYSviFTeNViKE2jA",
  "nodes" : {
    "znaXQHI3TCquLVkBjP-PcA" : {
      "name" : "node-1",
      "ephemeral_id" : "iMVqClTRTpKvTI0wqR5zbw",
      "transport_address" : "172.31.27.153:9300",
      "attributes" : {
        "shard_indexing_pressure_enabled" : "true"
      }
    }
  }
}

AdriiiPRodri · 2022-10-10T07:14:28Z

Wazuh indexer cluster status 🟢

[root@ip-172-31-27-153 /]# curl -u admin:admin -k https://172.31.27.153:9200/_cluster/health?pretty
{
  "cluster_name" : "wazuh-cluster",
  "status" : "green",
  "timed_out" : false,
  "number_of_nodes" : 1,
  "number_of_data_nodes" : 1,
  "discovered_master" : true,
  "active_primary_shards" : 5,
  "active_shards" : 5,
  "relocating_shards" : 0,
  "initializing_shards" : 0,
  "unassigned_shards" : 0,
  "delayed_unassigned_shards" : 0,
  "number_of_pending_tasks" : 0,
  "number_of_in_flight_fetch" : 0,
  "task_max_waiting_in_queue_millis" : 0,
  "active_shards_percent_as_number" : 100.0
}

AdriiiPRodri · 2022-10-10T07:15:58Z

User experience 🟢

Wazuh dashboard works correctly, no problems detected.

AdriiiPRodri · 2022-10-10T07:16:29Z

Wazuh indexer packages uninstallation procedure 🟢

No problem has been detected in the uninstallation process.

[root@ip-172-31-27-153 /]# yum remove wazuh-indexer
Loaded plugins: extras_suggestions, langpacks, priorities, update-motd
Resolving Dependencies
--> Running transaction check
---> Package wazuh-indexer.x86_64 0:4.3.9-1 will be erased
--> Finished Dependency Resolution
amzn2-core/2/x86_64                                                                                                                                                                            | 3.7 kB  00:00:00     

Dependencies Resolved

======================================================================================================================================================================================================================
 Package                                                 Arch                                             Version                                           Repository                                           Size
======================================================================================================================================================================================================================
Removing:
 wazuh-indexer                                           x86_64                                           4.3.9-1                                           installed                                           614 M

Transaction Summary
======================================================================================================================================================================================================================
Remove  1 Package

Installed size: 614 M
Is this ok [y/N]: y
Downloading packages:
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
Stopping wazuh-indexer service... OK
  Erasing    : wazuh-indexer-4.3.9-1.x86_64                                                                                                                                                                       1/1 
warning: /etc/wazuh-indexer/opensearch.yml saved as /etc/wazuh-indexer/opensearch.yml.rpmsave
  Verifying  : wazuh-indexer-4.3.9-1.x86_64                                                                                                                                                                       1/1 

Removed:
  wazuh-indexer.x86_64 0:4.3.9-1                                                                                                                                                                                      

Complete!

[root@ip-172-31-27-153 /]# systemctl status wazuh-indexer
Unit wazuh-indexer.service could not be found.

[root@ip-172-31-27-153 /]# rpm -qa | grep wazuh
[root@ip-172-31-27-153 /]

AdriiiPRodri added type/test/manual release test/4.3.9 Issues related to testing for v4.3.9 labels Oct 7, 2022

AdriiiPRodri mentioned this issue Oct 7, 2022

Release 4.3.9 - Release Candidate 1 - E2E UX tests #15091

Closed

1 task

AdriiiPRodri self-assigned this Oct 7, 2022

AdriiiPRodri moved this to In Review in Release 4.3.9 Oct 10, 2022

AdriiiPRodri added this to Release 4.3.9 Oct 10, 2022

davidjiglesias closed this as completed Oct 10, 2022

Repository owner moved this from In Review to Done in Release 4.3.9 Oct 10, 2022

davidjiglesias mentioned this issue Nov 14, 2022

Release 4.3.10 - Release Candidate 1 - E2E UX tests #15373

Closed

1 task

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Release 4.3.9 - Release Candidate 1 - E2E UX tests - Wazuh Indexer #15092

Release 4.3.9 - Release Candidate 1 - E2E UX tests - Wazuh Indexer #15092

AdriiiPRodri commented Oct 7, 2022 •

edited by davidjiglesias

Loading

AdriiiPRodri commented Oct 10, 2022 •

edited

Loading

AdriiiPRodri commented Oct 10, 2022

AdriiiPRodri commented Oct 10, 2022

AdriiiPRodri commented Oct 10, 2022

AdriiiPRodri commented Oct 10, 2022

AdriiiPRodri commented Oct 10, 2022

AdriiiPRodri commented Oct 10, 2022

AdriiiPRodri commented Oct 10, 2022

AdriiiPRodri commented Oct 10, 2022

AdriiiPRodri commented Oct 10, 2022

AdriiiPRodri commented Oct 10, 2022

AdriiiPRodri commented Oct 10, 2022

Release 4.3.9 - Release Candidate 1 - E2E UX tests - Wazuh Indexer #15092

Release 4.3.9 - Release Candidate 1 - E2E UX tests - Wazuh Indexer #15092

Comments

AdriiiPRodri commented Oct 7, 2022 • edited by davidjiglesias Loading

Test information

Test description

Test report procedure

Conclusions

Conclusions

Auditors validation

AdriiiPRodri commented Oct 10, 2022 • edited Loading

Installation 🟢

Wazuh Indexer 🟢

Deploying certificates 🟢

Installation 🟢

Setup 🟢

Testing 🟢

Wazuh Master 🟢

Installation 🟢

Enable and start the Wazuh manager service 🟢

Install filebeat 🟢

Configuring Filebeat 🟢

Install the Wazuh module for Filebeat 🟢

Deploying certificates 🟢

Starting Filebeat service 🟢

Cluster config 🟢

Wazuh Worker 🟢

Installation 🟢

Enable and start the Wazuh manager service 🟢

Install filebeat 🟢

Configuring Filebeat 🟢

Install the Wazuh module for Filebeat 🟢

Deploying certificates 🟢

Starting Filebeat service 🟢

Cluster config 🟢

Wazuh Dashboard 🟢

Installation 🟢

Configuring the Wazuh dashboard, add Indexer IP (172.31.27.153) to opensearch.hosts 🟢

Deploying certificates 🟢

Service status 🟢

API config 🟢

AdriiiPRodri commented Oct 10, 2022

Wazuh indexer package 🟢

AdriiiPRodri commented Oct 10, 2022

Wazuh indexer installed files location, size and permissions 🟢

AdriiiPRodri commented Oct 10, 2022

Wazuh Indexer installation footprint 🟢

AdriiiPRodri commented Oct 10, 2022

Wazuh Indexer installed service 🟢

AdriiiPRodri commented Oct 10, 2022

Wazuh Indexer installation logs 🟢

AdriiiPRodri commented Oct 10, 2022

Wazuh Indexer templates and indices created 🟢

AdriiiPRodri commented Oct 10, 2022

Wazuh indexer configuration 🟢

opensearch.yml file

Shards

AdriiiPRodri commented Oct 10, 2022

Wazuh Indexer cluster node communication and configuration 🟢

Configuration

Nodes state

AdriiiPRodri commented Oct 10, 2022

Wazuh indexer cluster status 🟢

AdriiiPRodri commented Oct 10, 2022

User experience 🟢

AdriiiPRodri commented Oct 10, 2022

Wazuh indexer packages uninstallation procedure 🟢

AdriiiPRodri commented Oct 7, 2022 •

edited by davidjiglesias

Loading

AdriiiPRodri commented Oct 10, 2022 •

edited

Loading

`opensearch.yml` file