Inventory Category - WiFi

[cborla]

Description

This epic tracks the design and implementation of a unified inventory model for WiFi information within the Wazuh architecture. The goal is to define a schema for collecting and indexing wireless network data on macOS systems. The inventory will provide visibility into available networks, interface status, and recent connection data using platform-specific collectors.

As WiFi data is only available on macOS through the current collection mechanisms, the implementation must gracefully handle unsupported platforms like Linux and Windows. The output should follow ECS-compatible structure where possible and emit normalized, stateful events.

Functional Requirements

• Propose and agree on the data model for:
  • Available wireless networks (SSID, BSSID, signal strength, channel, etc.)
  • Interface status (connected/disconnected, IP address, MAC address)
  • Recent connection or scan results
• Ensure compatibility with ECS and define wazuh.* extensions where needed.
• Store all WiFi-related inventory data in a single index (e.g., wazuh-inventory-wifi).

Non-Functional Requirements

• Ensure consistent output structure for supported platforms.
• Support dashboard-level filtering by SSID, signal, security, or interface.
• Component must detect and handle unsupported OSes without errors.

Plan

Indexer

• Define a flat document format for WiFi inventory entries.
• Store documents under a single index for unified querying and visualization.

Agent

• DBSync
  • Create a unified table to store WiFi data from:
    • wifi_networks, wifi_status, wifi_survey (macOS only)
  • Normalize and merge data into a consistent structure.
  • Integrate with syscollector through extended_sources.

Related Collector Issues

• Integrate WiFi inventory into syscollector wazuh#29695

Server

• Wazuh-DB
  • Use Rsync to synchronize wifi_inventory entries.
  • Maintain a schema compatible with the agent-side structure.
  • Provide API access for querying wireless data per host.

Dashboard

• Define how WiFi data is presented:
  • Show list of available SSIDs and their signal strength.

Deliverables

• Define and document the ECS/WCS field set for wifi_inventory.
• Propose table schema for dbsync (1 table).
• Define the Wazuh-DB schema and Rsync format for synchronization.
• Align syscollector outputs with the agreed model.
• Validate and test the schema on macOS and ensure fallback behavior on unsupported platforms.

Acceptance Criteria

• A formal document or JSON schema exists defining the fields and structure for WiFi inventory.
• Agent generates inventory data in the agreed format, using syscollector.
• Wazuh-DB stores and synchronizes the information correctly via Rsync.
• Indexer receives structured inventory data with correct mappings and searchable fields.
• Dashboard is capable of querying and visualizing WiFi data from macOS, and unsupported platforms are handled gracefully.