Inventory Category – Hardware

[cborla]

Description

This epic focuses on improving the existing Hardware inventory table in syscollector. It aims to provide a more complete view of the system's physical and virtual components by including additional data fields and ensuring consistency across platforms.

The enhancement must preserve compatibility with previous versions of the hardware schema used by the Wazuh server and indexer.

Functional Requirements

• Extend the hardware table structure with new metadata for CPU, memory, battery, and system firmware.
• Normalize platform-specific differences into a unified, stateful format.
• Align with the Wazuh Common Schema (WCS), extending ECS where applicable.
• Ensure the new format is compatible with previous hardware inventory data.

Non-Functional Requirements

• Maintain consistent field structure across platforms.
• Handle unsupported fields gracefully.
• Preserve backwards compatibility with server-side schema and index mappings.

Plan

Agent

• Update the hardware inventory table to support new data fields.
• Generate stateful events in a normalized format.

Related Collector Issues

• Integrate extended Hardware table into syscollector wazuh#30207

Server

• Maintain legacy support while syncing new hardware structure via Rsync.
• Ensure queries and API behavior remain stable.

Dashboard

• Support new hardware fields while preserving existing dashboards and filters.

Deliverables

• Updated schema for hardware entries.
• Integration of new data sources into syscollector.
• Tests for schema validation and server compatibility.

Acceptance Criteria

• Agent emits updated hardware events without impacting existing deployments.
• Wazuh server synchronizes and indexes new data structure correctly.
• Dashboards and API remain compatible with old and new field sets.