adapded the vulnerability indexer changes in version 4.11

Author: czeumer

go.mod

@@ -56,7 +56,7 @@ require (
 	github.com/goccy/go-json v0.10.5 // indirect
 	github.com/gofrs/flock v0.12.1 // indirect
 	github.com/golang/snappy v1.0.0 // indirect
-	github.com/gomarkdown/markdown v0.0.0-20250207164621-7a1f277a159e // indirect
+	github.com/gomarkdown/markdown v0.0.0-20250311123330-531bef5e742b // indirect
 	github.com/google/uuid v1.6.0 // indirect
 	github.com/gorilla/css v1.0.1 // indirect
 	github.com/iris-contrib/schema v0.0.6 // indirect

go.sum

@@ -38,6 +38,7 @@ github.com/bytedance/sonic v1.13.1/go.mod h1:o68xyaF9u2gvVBuGHPlUVCy+ZfmNNO5ETf1
 github.com/bytedance/sonic/loader v0.1.1/go.mod h1:ncP89zfokxS5LZrJxl5z0UJcsk4M4yY2JpfqGeCtNLU=
 github.com/bytedance/sonic/loader v0.2.4 h1:ZWCw4stuXUsn1/+zQDqeE7JKP+QO47tz7QCNan80NzY=
 github.com/bytedance/sonic/loader v0.2.4/go.mod h1:N8A3vUdtUebEY2/VQC0MyhYeKUFosQU6FxH2JmUe6VI=
+github.com/cespare/xxhash v1.1.0 h1:a6HrQnmkObjyL+Gs60czilIUGqrzKutQD6XZog3p+ko=
 github.com/cespare/xxhash/v2 v2.3.0 h1:UL815xU9SqsFlibzuggzjXhog7bL6oX9BbNZnL2UFvs=
 github.com/cespare/xxhash/v2 v2.3.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
 github.com/cloudwego/base64x v0.1.5 h1:XPciSp1xaq2VCSt6lF0phncD4koWyULpl5bUxbfCyP4=
@@ -84,12 +85,15 @@ github.com/goccy/go-json v0.10.5/go.mod h1:oq7eo15ShAhp70Anwd5lgX2pLfOS3QCiwU/PU
 github.com/gofrs/flock v0.7.1/go.mod h1:F1TvTiK9OcQqauNUHlbJvyl9Qa1QvF/gOUDKA14jxHU=
 github.com/gofrs/flock v0.12.1 h1:MTLVXXHf8ekldpJk3AKicLij9MdwOWkZ+a/jHHZby9E=
 github.com/gofrs/flock v0.12.1/go.mod h1:9zxTsyu5xtJ9DK+1tFZyibEV7y3uwDxPPfbxeeHCoD0=
+github.com/golang-jwt/jwt v3.2.2+incompatible h1:IfV12K8xAKAnZqdXVzCZ+TOjboZ2keLg81eXfW3O+oY=
 github.com/golang-jwt/jwt/v4 v4.5.1 h1:JdqV9zKUdtaa9gdPlywC3aeoEsR681PlKC+4F5gQgeo=
 github.com/golang-jwt/jwt/v4 v4.5.1/go.mod h1:m21LjoU+eqJr34lmDMbreY2eSTRJ1cv77w39/MY0Ch0=
 github.com/golang/snappy v1.0.0 h1:Oy607GVXHs7RtbggtPBnr2RmDArIsAefDwvrdWvRhGs=
 github.com/golang/snappy v1.0.0/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q=
 github.com/gomarkdown/markdown v0.0.0-20250207164621-7a1f277a159e h1:ESHlT0RVZphh4JGBz49I5R6nTdC8Qyc08vU25GQHzzQ=
 github.com/gomarkdown/markdown v0.0.0-20250207164621-7a1f277a159e/go.mod h1:JDGcbDT52eL4fju3sZ4TeHGsQwhG9nbDV21aMyhwPoA=
+github.com/gomarkdown/markdown v0.0.0-20250311123330-531bef5e742b h1:EY/KpStFl60qA17CptGXhwfZ+k1sFNJIUNR8DdbcuUk=
+github.com/gomarkdown/markdown v0.0.0-20250311123330-531bef5e742b/go.mod h1:JDGcbDT52eL4fju3sZ4TeHGsQwhG9nbDV21aMyhwPoA=
 github.com/google/go-cmp v0.7.0 h1:wk8382ETsv4JYUZwIsn6YpYiWiBsYLSJiTsyBybVuN8=
 github.com/google/go-cmp v0.7.0/go.mod h1:pXiqmnSA92OHEEa9HXL2W4E7lf9JzCmGVUdgjX3N/iU=
 github.com/google/go-querystring v1.1.0 h1:AnCroh3fv4ZBgVIf1Iwtovgjaw/GiKJo8M8yD/fhyJ8=
@@ -177,6 +181,7 @@ github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8m
 github.com/niemeyer/pretty v0.0.0-20200227124842-a10e7caefd8e/go.mod h1:zD1mROLANZcx1PVRCS0qkT7pwLkGfwJo4zjcN/Tysno=
 github.com/opensearch-project/opensearch-go v1.1.0 h1:eG5sh3843bbU1itPRjA9QXbxcg8LaZ+DjEzQH9aLN3M=
 github.com/opensearch-project/opensearch-go v1.1.0/go.mod h1:+6/XHCuTH+fwsMJikZEWsucZ4eZMma3zNSeLrTtVGbo=
+github.com/pelletier/go-toml v1.9.5 h1:4yBQzkHv+7BHq2PQUZF3Mx0IYxG7LsP222s7Agd3ve8=
 github.com/pelletier/go-toml/v2 v2.2.3 h1:YmeHyLY8mFWbdkNWwpr+qIL2bEqT0o95WSdkNHvL12M=
 github.com/pelletier/go-toml/v2 v2.2.3/go.mod h1:MfCQTFTvCcUyyvvwm1+G6H/jORL20Xlb6rzQu9GuUkc=
 github.com/pingcap/errors v0.11.4 h1:lFuQV/oaUMGcD2tqt+01ROSmJs75VG1ToEOkZIZ4nE4=

indexer/indexer.go

@@ -51,7 +51,7 @@ func (i *Indexer) GetAgentVulnerabilities(agentId string, ctx context.Context) (
 		i.client.Search.WithFrom(0),
 		i.client.Search.WithSize(2500),
 		i.client.Search.WithRequestCache(true),
-		i.client.Search.WithSort("vulnerability.cve:asc"),
+		i.client.Search.WithSort("vulnerability.id:asc"),
 	)
 	if err != nil {
 		return nil, err
@@ -76,5 +76,4 @@ func (i *Indexer) GetAgentVulnerabilities(agentId string, ctx context.Context) (
 		vulns = append(vulns, hit.Vulnerability)
 	}
 	return vulns, nil
-
 }

indexer/vulneranility.go

@@ -1,16 +1,34 @@
 package indexer
 
+import (
+	"time"
+)
+
+// Helper functions for non-string primitives
+func BoolPtr(b bool) *bool           { return &b }
+func Int64Ptr(i int64) *int64        { return &i }
+func Float64Ptr(f float64) *float64  { return &f }
+func TimePtr(t time.Time) *time.Time { return &t }
+
 type Build struct {
-	Original string `json:"original"`
+	Original string `json:"original,omitempty"`
 }
 
-type Agent struct {
-	Build       Build  `json:"build,omitempty"`
-	EphemeralID string `json:"ephemeral_id,omitempty"`
-	ID          string `json:"id"`
-	Name        string `json:"name"`
-	Type        string `json:"type"`
-	Version     string `json:"version"`
+type AgentHostBoot struct {
+	ID string `json:"id,omitempty"`
+}
+
+type AgentHostCPU struct {
+	Usage *float64 `json:"usage,omitempty"`
+}
+
+type DiskIO struct {
+	Bytes *int64 `json:"bytes,omitempty"`
+}
+
+type AgentHostDisk struct {
+	Read  *DiskIO `json:"read,omitempty"`
+	Write *DiskIO `json:"write,omitempty"`
 }
 
 type OS struct {
@@ -27,66 +45,144 @@ type Host struct {
 	OS OS `json:"os"`
 }
 
+type Geo struct {
+	CityName       string `json:"city_name,omitempty"`
+	ContinentCode  string `json:"continent_code,omitempty"`
+	ContinentName  string `json:"continent_name,omitempty"`
+	CountryIsoCode string `json:"country_iso_code,omitempty"`
+	CountryName    string `json:"country_name,omitempty"`
+	Location       string `json:"location,omitempty"` // geo_point
+	Name           string `json:"name,omitempty"`
+	PostalCode     string `json:"postal_code,omitempty"`
+	RegionIsoCode  string `json:"region_iso_code,omitempty"`
+	RegionName     string `json:"region_name,omitempty"`
+	Timezone       string `json:"timezone,omitempty"`
+}
+
+type NetworkTraffic struct {
+	Bytes   *int64 `json:"bytes,omitempty"`
+	Packets *int64 `json:"packets,omitempty"`
+}
+
+type AgentHostNetwork struct {
+	Egress  *NetworkTraffic `json:"egress,omitempty"`
+	Ingress *NetworkTraffic `json:"ingress,omitempty"`
+}
+
+type HostOS struct {
+	Family   string `json:"family,omitempty"`
+	Full     string `json:"full,omitempty"`
+	Kernel   string `json:"kernel,omitempty"`
+	Name     string `json:"name,omitempty"`
+	Platform string `json:"platform,omitempty"`
+	Type     string `json:"type,omitempty"`
+	Version  string `json:"version,omitempty"`
+}
+
+type RiskScores struct {
+	CalculatedLevel     string   `json:"calculated_level,omitempty"`
+	CalculatedScore     *float64 `json:"calculated_score,omitempty"`
+	CalculatedScoreNorm *float64 `json:"calculated_score_norm,omitempty"`
+	StaticLevel         string   `json:"static_level,omitempty"`
+	StaticScore         *float64 `json:"static_score,omitempty"`
+	StaticScoreNorm     *float64 `json:"static_score_norm,omitempty"`
+}
+
+type AgentHost struct {
+	Architecture string            `json:"architecture,omitempty"`
+	Boot         *AgentHostBoot    `json:"boot,omitempty"`
+	CPU          *AgentHostCPU     `json:"cpu,omitempty"`
+	Disk         *AgentHostDisk    `json:"disk,omitempty"`
+	Domain       string            `json:"domain,omitempty"`
+	Geo          *Geo              `json:"geo,omitempty"`
+	Hostname     string            `json:"hostname,omitempty"`
+	ID           string            `json:"id,omitempty"`
+	IP           string            `json:"ip,omitempty"`
+	MAC          string            `json:"mac,omitempty"`
+	Name         string            `json:"name,omitempty"`
+	Network      *AgentHostNetwork `json:"network,omitempty"`
+	OS           *HostOS           `json:"os,omitempty"`
+	PidNSIno     string            `json:"pid_ns_ino,omitempty"`
+	Risk         *RiskScores       `json:"risk,omitempty"`
+	Type         string            `json:"type,omitempty"`
+	Uptime       *int64            `json:"uptime,omitempty"`
+}
+
+type Agent struct {
+	Build       *Build     `json:"build,omitempty"`
+	EphemeralID string     `json:"ephemeral_id,omitempty"`
+	Groups      []string   `json:"groups,omitempty"`
+	Host        *AgentHost `json:"host,omitempty"`
+	ID          string     `json:"id,omitempty"`
+	Name        string     `json:"name,omitempty"`
+	Type        string     `json:"type,omitempty"`
+	Version     string     `json:"version,omitempty"`
+}
+
 type Package struct {
-	Architecture string `json:"architecture"`
-	BuildVersion string `json:"build_version,omitempty"`
-	Checksum     string `json:"checksum,omitempty"`
-	Description  string `json:"description"`
-	InstallScope string `json:"install_scope,omitempty"`
-	Installed    string `json:"installed,omitempty"` // assuming installed date is a string in ISO format
-	License      string `json:"license,omitempty"`
-	Name         string `json:"name"`
-	Path         string `json:"path,omitempty"`
-	Reference    string `json:"reference,omitempty"`
-	Size         int64  `json:"size"`
-	Type         string `json:"type"`
-	Version      string `json:"version"`
+	Architecture string     `json:"architecture,omitempty"`
+	BuildVersion string     `json:"build_version,omitempty"`
+	Checksum     string     `json:"checksum,omitempty"`
+	Description  string     `json:"description,omitempty"`
+	InstallScope string     `json:"install_scope,omitempty"`
+	Installed    *time.Time `json:"installed,omitempty"`
+	License      string     `json:"license,omitempty"`
+	Name         string     `json:"name,omitempty"`
+	Path         string     `json:"path,omitempty"`
+	Reference    string     `json:"reference,omitempty"`
+	Size         *int64     `json:"size,omitempty"`
+	Type         string     `json:"type,omitempty"`
+	Version      string     `json:"version,omitempty"`
 }
 
 type Scanner struct {
-	Vendor string `json:"vendor"`
+	Condition string `json:"condition,omitempty"`
+	Reference string `json:"reference,omitempty"`
+	Source    string `json:"source,omitempty"`
+	Vendor    string `json:"vendor,omitempty"`
 }
 
 type Score struct {
-		Base          float64 `json:"base"`
-	Environmental float64 `json:"environmental,omitempty"`
-	Temporal      float64 `json:"temporal,omitempty"`
-	Version       string  `json:"version"`
+	Base          *float64 `json:"base,omitempty"`
+	Environmental *float64 `json:"environmental,omitempty"`
+	Temporal      *float64 `json:"temporal,omitempty"`
+	Version       string   `json:"version,omitempty"`
 }
 
 type Vulnerability struct {
-	Category       string  `json:"category"`
-	Classification string  `json:"classification"`
-	Description    string  `json:"description"`
-	DetectedAt     string  `json:"detected_at"` // assuming dates are in string format
-	Enumeration    string  `json:"enumeration"`
-	ID             string  `json:"id"`
-	PublishedAt    string  `json:"published_at"` // assuming dates are in string format
-	Reference      string  `json:"reference"`
-	ReportID       string  `json:"report_id,omitempty"`
-	Scanner        Scanner `json:"scanner"`
-	Score          Score   `json:"score"`
-	Severity       string  `json:"severity"`
+	Category        string     `json:"category,omitempty"`
+	Classification  string     `json:"classification,omitempty"`
+	Description     string     `json:"description,omitempty"`
+	DetectedAt      *time.Time `json:"detected_at,omitempty"`
+	Enumeration     string     `json:"enumeration,omitempty"`
+	ID              string     `json:"id,omitempty"`
+	PublishedAt     *time.Time `json:"published_at,omitempty"`
+	Reference       string     `json:"reference,omitempty"`
+	ReportID        string     `json:"report_id,omitempty"`
+	Scanner         *Scanner   `json:"scanner,omitempty"`
+	Score           *Score     `json:"score,omitempty"`
+	Severity        string     `json:"severity,omitempty"`
+	UnderEvaluation *bool      `json:"under_evaluation,omitempty"`
 }
 
 type Cluster struct {
-	Name string `json:"name"`
+	Name string `json:"name,omitempty"`
 	Node string `json:"node,omitempty"`
 }
 
 type Schema struct {
-	Version string `json:"version"`
+	Version string `json:"version,omitempty"`
 }
 
 type Wazuh struct {
-	Cluster Cluster `json:"cluster"`
-	Schema  Schema  `json:"schema"`
+	Cluster *Cluster `json:"cluster,omitempty"`
+	Schema  *Schema  `json:"schema,omitempty"`
 }
 
 type AgentVulnerability struct {
-	Agent         Agent         `json:"agent"`
-	Host          Host          `json:"host"`
-	Package       Package       `json:"package"`
-	Vulnerability Vulnerability `json:"vulnerability"`
-	Wazuh         Wazuh         `json:"wazuh"`
+	Agent         *Agent         `json:"agent,omitempty"`
+	Host          *Host          `json:"host,omitempty"`
+	Package       *Package       `json:"package,omitempty"`
+	Vulnerability *Vulnerability `json:"vulnerability,omitempty"`
+	Wazuh         *Wazuh         `json:"wazuh,omitempty"`
 }