Inventory Category - Packages #824
Description
Description
This epic tracks the extension of the existing Packages inventory table in syscollector. The goal is to improve the visibility and normalization of installed software across all platforms, incorporating additional sources and supporting both system-level and user-level packages.
This update must maintain compatibility with previously indexed versions of the Packages table to ensure seamless behavior on the Wazuh server side.
Functional Requirements
- Extend the current schema to include new fields for package metadata such as source, type, and scope.
- Merge and normalize data from multiple collection points into a single, stateful inventory model.
- Align output with the Wazuh Common Schema (WCS), preserving ECS compatibility where applicable.
- Maintain support for existing database and index structures.
Non-Functional Requirements
- Output must remain consistent across all platforms.
- Compatibility with legacy Wazuh-DB entries and index mappings must be preserved.
- Fallback behavior must exist for unsupported sources per platform.
Plan
Agent
- Extend the current package inventory table.
- Normalize and emit enriched inventory data from available sources.
Related Collector Issues
Server
- Ensure backward compatibility with existing schema versions.
- Synchronize updated data format via Rsync and expose via the Wazuh API.
Dashboard
- Preserve current visualizations and enable filtering by new fields when present.
Deliverables
- Updated schema definition for packages.
- New fields supported and integrated with syscollector.
- Validated compatibility with older index and API formats.
Acceptance Criteria
- Updated inventory data is emitted by the agent across platforms.
- The Wazuh server accepts and stores updated data without breaking compatibility.
- Existing dashboards and API queries continue working with both old and new formats.