CLI

The Wazuh Cloud Command Line Interface (wcloud-cli) is a tool that allows you to interact with Wazuh Cloud using commands in your command-line shell.

Requirements

To use wcloud-cli, you need to install the following components:

  • Python 3.x

  • boto3 Python package

  • request Python package

Installation

  1. Use the following command to download the CLI tool.

# curl -so ~/wcloud-cli https://packages.wazuh.com/resources/cloud/wcloud-cli && chmod 500  ~/wcloud-cli
  1. Run it with the version argument to confirm that the installation was successful.

# wcloud-cli version
Wazuh Cloud CLI - "version": "1.0.0"

Configuration

You can configure the settings that the Wazuh Cloud CLI (wcloud-cli) uses to interact with Wazuh Cloud.

By default, the Wazuh Cloud CLI reads the credential information from a local file named credentials, located in the .wazuh-cloud folder of your home directory. The location of your home directory varies based on the operating system, but you can find it using the environment variables %UserProfile% in Windows, and $HOME or ~ (tilde) in Unix-based systems.

A non-default location can be specified for the config file by setting the WAZUH_CLOUD_CREDENTIALS_FILE environment variable to another local path.

  1. Create the credentials file and add your API key.

~/.wazuh-cloud/credentials

[default]
wazuh_cloud_api_key_name = Test
wazuh_cloud_api_key_secret = MDAwMDAwMDQ2T047Q4JVY1Sm5dDOqpDtkCQiY89fHjuZT3c90zs2

The file is organized in profiles, a collection of credentials. When you specify a profile to run a command, the credentials are used to run that command. You can specify one default profile that is used when no profile is explicitly referenced.

  1. Use the following command to test your credentials. Optionally, you can specify the profile.

# wcloud-cli test-credentials --profile <profile-name>
The API key 'Test' in the profile 'default' is valid.

Examples

Getting S3 token for cold storage

This command generates an AWS token to access the cold storage of the environment with Cloud ID 012345678ab.

# wcloud-cli cold-storage get-aws-s3-token 012345678ab
The following AWS credentials will be valid until 2021-05-07 13:45:24:
[wazuh_cloud_storage]
aws_access_key_id = A...Q
aws_secret_access_key = A...E
aws_session_token = F...Q==

Listing cold storage

This command lists the cold storage files of the environment 012345678ab between the specified dates.

# wcloud-cli cold-storage list 012345678ab --start 2021-05-07 --end 2021-05-07
Environment '012345678ab' files from 2021-05-07 to 2021-05-07:
012345678ab/output/alerts/2021/05/07/012345678ab_output_alerts_20210507T1040_mXSoDTf5Pgyr8b8D.json.gz
012345678ab/config/2021/05/07/012345678ab_config_20210507T1021_TzLKCLZp4E8BUmPV.tar.gz

Downloading cold storage

This command downloads in the /home/test directory the cold storage files of the environment 012345678ab between the specified dates.

# wcloud-cli cold-storage download 012345678ab /home/test --start 2021-05-07 --end 2021-05-07
Environment '012345678ab' files from 2021-05-07 to 2021-05-07:
Downloading object 012345678ab/output/alerts/2021/05/07/012345678ab_output_alerts_20210507T1040_mXSoDTf5Pgyr8b8D.json.gz
Downloaded object 012345678ab/output/alerts/2021/05/07/012345678ab_output_alerts_20210507T1040_mXSoDTf5Pgyr8b8D.json.gz
Downloading object 012345678ab/config/2021/05/07/012345678ab_config_20210507T1021_TzLKCLZp4E8BUmPV.tar.gz
Downloaded object 012345678ab/config/2021/05/07/012345678ab_config_20210507T1021_TzLKCLZp4E8BUmPV.tar.gz