Skip to content

Inventory Category - Browser Extensions #805

New issue
New issue
Open
Feature
0 of 3 issues completed
Open
Inventory Category - Browser Extensions#805
Feature
0 of 3 issues completed
Assignees
cborla
Labels
level/epicEpic issuemodule/inventoryInventory moduletype/enhancementEnhancement issue
@cborla

Description

@cborla
cborla
opened on May 26, 2025

Description

This epic tracks the design and implementation of a unified inventory model for Browser Extensions within the Wazuh architecture. The objective is to define a cross-component contract that governs how browser extension data is collected, normalized, synchronized, and indexed. This enables Wazuh to monitor browser-level artifacts across supported platforms (Windows, macOS, Linux) and browsers (e.g., Chrome, Firefox, Safari), providing visibility for security auditing and compliance.

Functional Requirements

  • Propose and agree on the data model (fields and structure) for:
    • Browser extension entities across supported platforms and browsers.
  • Ensure compatibility with ECS (Elastic Common Schema) and define any custom wazuh.* fields when needed.
  • Prefer a single inventory index in the Indexer (e.g. wazuh-inventory-browser-extensions).

Non-Functional Requirements

  • The design must be optimized for synchronization and querying efficiency.
  • Normalize extension metadata regardless of browser vendor or operating system.
  • Support API consumption and global queries with consistent structure and performance.

Plan

Indexer

  • Define the document structure for browser extensions
  • Prefer storing everything in one index, if feasible.

Agent

  • DBSync
    • Choose a structure aligned with the expected Indexer format:
      • A single table browser_extensions_inventory with all relevant fields.
    • Integrate collection into syscollector via extended_sources.

Issues:

Server

  • Wazuh-DB
    • Use Rsync protocol and inventory table to store the extension data.

Dashboard

  • Define how the browser extension data will be presented:
    • Summary views per host or user.
    • Grouping and filtering by browser, vendor, or extension type.

Deliverables

  • Define and document the ECS/WCS field set for browser_extensions.
  • Propose table schema for dbsync (1 table).
  • Define the Wazuh-DB schema and Rsync format for synchronization.
  • Align syscollector outputs with the agreed model.
  • Validate and test the schema on all Tier 1 platforms (Linux, Windows, macOS).

Acceptance Criteria

  • A formal document or JSON schema exists defining the fields and structure for browser extensions.
  • Agent generates inventory data in the agreed format, using syscollector.
  • Wazuh-DB stores and synchronizes the information correctly via Rsync.
  • Indexer receives structured inventory data with correct mappings and searchable fields.
  • Dashboard is capable of querying and visualizing the new browser extension inventory fields.

Sub-issues

Metadata

Metadata

Assignees

Labels

level/epicEpic issuemodule/inventoryInventory moduletype/enhancementEnhancement issue

Type

Feature

Projects

XDR+SIEM/Release 4.14.0

Status

In progress

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions