Add guide to upgrade using the installation assistant

.github/pull_request_template.md

@@ -1,38 +1,23 @@
 <!--
 This template reflects sections that must be included in new Pull requests.
-Contributions from the community are really appreciated. If this is the case, please add the
-"contribution" to properly track the Pull Request.
-
+Contributions from the community are really appreciated. If this is the case, please add the "contribution" to properly track the Pull Request.
 Please fill the table below. Feel free to extend it at your convenience.
 -->
 <!--
 ## Community contributions advice
-
-We love our community contributions. First, we work with the numbered branches. The `master` branch is only updated when a new Wazuh release is done. We recommend making PRs from the actual branch. For instance, if Wazuh 3.11.4 is the latest release, the branch to be used is 3.11.
-
-Anyway, if you contribute from the master branch, we will `cherry-pick` your commits to the numerated branch for you. 
-
+We love our community contributions. We recommend making PRs from the current branch. For instance, if Wazuh 4.3.7 is the latest release, the branch to be used is 4.3.
 Thanks!
 -->
-
 ## Description
-
 <!--
-Add a clear description of how the problem has been solved. 
-If your PR closes an issue, please use the "closes" keyword indicating the issue. 
+Add a clear description of how the problem has been solved.
+If your PR closes an issue, please use the "closes" keyword indicating the issue.
 -->
-
 ## Checks
-- [ ] It compiles without warnings.
-- [ ] Spelling and grammar. 
-- [ ] Used impersonal speech. 
-- [ ] Used uppercase only on nouns. 
-- [ ] Updated the `redirect.js` script if necessary (check [this guide](https://github.com/wazuh/wazuh-documentation/blob/master/NEW_RELEASE.md)).
-
-<!--
-Leave the following note if you made any changes to the redirect.js script. Remove it otherwise.
--->
-
-## Note to the reviewer
-
-This PR includes changes to the `redirect.js` script that need to be included in all production branches.
+- [ ] Compiles without warnings.
+- [ ] Uses present tense, active voice, and semi-formal registry.
+- [ ] Uses short, simple sentences.
+- [ ] Uses **bold** for user interface elements, _italics_ for key terms or emphasis, and `code` font for Bash commands, file names, REST paths, and code.
+- [ ] Uses three spaces indentation.
+- [ ] Adds or updates meta descriptions accordingly.
+- [ ] Updates the `redirects.js` script if necessary (check [this guide](https://github.com/wazuh/wazuh-documentation/blob/master/NEW_RELEASE.md)).

source/_static/js/redirects.js

@@ -104,6 +104,8 @@ newUrls['4.4'] = [
   '/amazon/services/supported-services/elastic-load-balancing/alb.html',
   '/amazon/services/supported-services/elastic-load-balancing/nlb.html',
   '/amazon/services/supported-services/elastic-load-balancing/clb.html',
+  '/development/rbac-database-integrity.html',
+  '/user-manual/reference/tools/rbac-control.html',
   '/user-manual/agents/key-request.html',
   '/user-manual/manager/manual-backup-restore.html',
   '/user-manual/reference/ossec-conf/wazuh-db-config.html',

source/amazon/services/prerequisites/considerations.rst

@@ -33,24 +33,23 @@ On the other hand, the ``CloudWatch Logs`` module can process logs older than th
 
 
 Reparse
-~~~~~~~
-
-.. note::
-  Option not available for CloudWatch Logs.
+-------
 
 .. warning::
-  Using the ``reparse`` option will fetch and process every log from the starting date until the present. This process may generate duplicate alerts.
+
+   Using the ``reparse`` option will fetch and process all the logs from the starting date until the present. This process may generate duplicate alerts.
+
+To fetch and process older logs, you need to manually run the module using the ``--reparse`` option.
 
-To process older logs, it's necessary to manually execute the module using the ``--reparse`` or ``-o`` option. Executing the module with this option will use the ``only_logs_after`` value provided to fetch and process every log from that date until the present. If no ``only_logs_after`` value was provided, it will use the date of the first file processed.
+The ``only_logs_after`` value sets the time for the starting point. If you don't provide an ``only_logs_after`` value, the module uses the date of the first file processed.
 
-Below there is an example of a manual execution of the module using the ``--reparse`` option on a manager, being ``/var/ossec`` the Wazuh installation path:
+Find an example of running the module on a manager using the ``--reparse`` option. ``/var/ossec`` is the Wazuh installation path.
 
 .. code-block:: console
 
-  # cd /var/ossec/wodles/aws
-  # ./aws-s3 -b 'wazuh-example-bucket' --reparse --only_logs_after '2021-Jun-10' --debug 2
+  # /var/ossec/wodles/aws/aws-s3 -b 'wazuh-example-bucket' --reparse --only_logs_after '2021-Jun-10' --debug 2
 
-The ``--debug 2`` parameter was used to get a verbose output since by default the script won't print anything on the terminal, and it could seem like it's not working when it could be handling a great amount of data instead.
+The ``--debug 2`` parameter gets a verbose output. This is useful to show the script is working, specially when handling a large amount of data.
 
 
 Connection configuration for retries

source/amazon/services/supported-services/ecr-image-scanning.rst

@@ -27,7 +27,148 @@ The following sections cover how to configure AWS to store the scan findings in
 AWS configuration
 -----------------
 
-AWS provides a `template <https://github.com/aws-samples/ecr-image-scan-findings-logger/blob/main/Template-ECR-SFL.yml>`_ for creating a stack in CloudFormation that loads the image scan findings from Amazon ECR in CloudWatch using an AWS Lambda function.
+AWS provides a `template <https://github.com/aws-samples/ecr-image-scan-findings-logger/blob/main/Template-ECR-SFL.yml>`__ that logs to CloudWatch the findings of Amazon ECR scans of images. The template uses an AWS Lambda function to accomplish this.
+
+Uploading the template and creating a stack, uploading the images to Amazon ECR, scanning the images, and using the logger all require specific permissions. Because of this, you need to create a custom policy granting these permissions.
+
+.. include:: /_templates/cloud/amazon/create_policy.rst
+
+IAM permissions
+^^^^^^^^^^^^^^^
+
+You need the permissions listed below inside the sections for  ``RoleCreator`` and ``PassRole`` to create and delete the stack based on the template.
+
+.. warning::
+
+   These permissions must be bound to the specific resources due to overly permissive actions.
+
+.. code-block:: json
+
+   {
+      "Sid": "RoleCreator",
+      "Effect": "Allow",
+      "Action": [
+         "iam:CreateRole",
+         "iam:PutRolePolicy",
+         "iam:AttachRolePolicy",
+         "iam:DeleteRolePolicy",
+         "iam:DeleteRole",
+         "iam:GetRole",
+         "iam:GetRolePolicy",
+         "iam:PassRole"
+      ],
+      "Resource": "arn:aws:iam::<account-ID>:role/*"
+   },
+   {
+      "Sid": "PassRole",
+      "Effect": "Allow",
+      "Action": "iam:PassRole",
+      "Resource": "arn:aws:iam::<account-ID>:role/*-LambdaExecutionRole*"
+   }
+
+CloudFormation stack permissions
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+You need the following permissions to create and delete any template-based CloudFormation stack.
+
+.. code-block:: json
+
+   {
+      "Sid": "CloudFormationStackCreation",
+      "Effect": "Allow",
+      "Action": [
+         "cloudformation:CreateStack",
+         "cloudformation:ValidateTemplate",
+         "cloudformation:CreateUploadBucket",
+         "cloudformation:GetTemplateSummary",
+         "cloudformation:DescribeStackEvents",
+         "cloudformation:DescribeStackResources",
+         "cloudformation:ListStacks",
+         "cloudformation:DeleteStack",
+         "s3:PutObject",
+         "s3:ListBucket",
+         "s3:GetObject",
+         "s3:CreateBucket"
+      ],
+      "Resource": "*"   
+   }
+
+ECR registry and repository permissions
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+This `Amazon ECR <https://docs.aws.amazon.com/AmazonECR/latest/userguide/set-repository-policy.html>`__ permission allows calls to the API through an IAM policy.
+
+.. note::
+
+   Before authenticating to a registry and pushing or pulling any images from any Amazon ECR repository, you need  ``ecr:GetAuthorizationToken``. 
+
+.. code-block:: json
+
+   { 
+      "Sid": "ECRUtilities",
+      "Effect": "Allow",
+      "Action": [
+         "ecr:GetAuthorizationToken",  
+         "ecr:DescribeRepositories"    
+      ],
+      "Resource": "*"
+   }
+
+Image pushing and scanning permissions
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+You need the following Amazon ECR permissions to `push images <https://docs.aws.amazon.com/AmazonECR/latest/userguide/image-push.html#image-push-iam>`__. They are scoped down to a specific repository. The steps to push Docker images are described in the `Amazon ECR - Pushing a Docker image <https://docs.aws.amazon.com/AmazonECR/latest/userguide/docker-push-ecr-image.html>`_ documentation.
+
+.. code-block:: json
+
+   {
+      "Sid": "ScanPushImage",
+      "Effect": "Allow",
+      "Action": [
+         "ecr:CompleteLayerUpload",
+         "ecr:UploadLayerPart",
+         "ecr:InitiateLayerUpload",
+         "ecr:BatchCheckLayerAvailability",
+         "ecr:PutImage",
+         "ecr:ListImages",
+         "ecr:DescribeImages",
+         "ecr:DescribeImageScanFindings",
+         "ecr:StartImageScan"
+      ],
+      "Resource": "arn:aws:ecr:<region>:<account-ID>:repository/<repository-name>"
+   }
+
+Amazon Lambda and Amazon EventBridge permissions
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+You need the following permissions to create and delete the resources handled by the Scan Findings Logger template.
+
+.. code-block:: json
+
+   {
+      "Sid": "TemplateRequired0",
+      "Effect": "Allow",
+      "Action": [
+         "lambda:RemovePermission",
+         "lambda:DeleteFunction",
+         "lambda:GetFunction",
+         "lambda:CreateFunction",
+         "lambda:AddPermission"
+      ],
+      "Resource": "arn:aws:lambda:<region>:<account-ID>:*"
+   },
+   {
+      "Sid": "TemplateRequired1",
+      "Effect": "Allow",
+      "Action": [
+         "events:RemoveTargets",
+         "events:DeleteRule",
+         "events:PutRule",
+         "events:DescribeRule",
+         "events:PutTargets"
+      ],
+      "Resource": "arn:aws:events:<region>:<account-ID>:*"
+    }
 
 How to create the CloudFormation Stack
 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

source/amazon/services/troubleshooting.rst

@@ -2,7 +2,7 @@
 
 .. meta::
   :description: Frequently asked questions about the Wazuh module for Amazon. Learn more about it in this section of the documentation.
-  
+
 .. _amazon_troubleshooting:
 
 Troubleshooting
@@ -65,7 +65,7 @@ Follow these steps to enable debug mode:
         wazuh_modules.debug=2
 
 
-#. Restart the Wazuh service. 
+#. Restart the Wazuh service.
 
 .. include:: ../../_templates/common/restart_manager_or_agent.rst
 
@@ -191,7 +191,7 @@ Take into account that Wazuh does not provide default rules for the different lo
 Interval overtaken message is present in the ossec.log
 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
 
-The ``Interval overtaken`` message is present in the ``ossec.log`` file. 
+The ``Interval overtaken`` message is present in the ``ossec.log`` file.
 
 **Solution**
 
@@ -211,7 +211,7 @@ Error codes reference
     | 1         | Unknown error                                                     | Programming error. Please, open an issue in the `Wazuh GitHub repository <https://github.com/wazuh/wazuh/issues/new/choose>`_ with the trace of the  |
     |           |                                                                   | error.                                                                                                                                               |
     +-----------+-------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------+
-    | 2         | Error parsing configuration (bucket name, keys, etc.)             | Check the wodle configuration in ``ossec.conf`` file.                                                                                                |
+    | 2         | SIGINT                                                            | The module stopped due to an interrupt signal.                                                                                                       |
     +-----------+-------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------+
     | 3         | Invalid credentials to access S3 bucket                           | Make sure that your credentials are OK. For more information, see the :ref:`Configuring AWS credentials <amazon_credentials>` section.               |
     +-----------+-------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------+
@@ -225,11 +225,11 @@ Error codes reference
     +-----------+-------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------+
     | 8         | Failed to decompress file                                         | Only ``.gz`` and ``.zip`` compression formats are supported.                                                                                         |
     +-----------+-------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------+
-    | 9         | Failed to parse file                                              | Check the type of the bucket.                                                                                                                        |
+    | 9         | Failed to parse file                                              | Ensure that the log file contents have the expected structure.                                                                                       |
     +-----------+-------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------+
     | 11        | Unable to connect to Wazuh                                        | Ensure that Wazuh is running.                                                                                                                        |
     +-----------+-------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------+
-    | 12        | SIGINT                                                            | The module stopped due to an interrupt signal.                                                                                                       |
+    | 12        | Invalid type of bucket                                            | Check if the type of bucket is one of the :ref:`supported <amazon_supported_services>`.                                                              |
     +-----------+-------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------+
     | 13        | Error sending message to Wazuh                                    | Make sure that Wazuh is running.                                                                                                                     |
     +-----------+-------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------+
@@ -239,6 +239,9 @@ Error codes reference
     +-----------+-------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------+
     | 16        | Throttling error                                                  | AWS is receiving more than 10 requests per second. Try to run the module again when the number of requests to AWS has decreased.                     |
     +-----------+-------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------+
-    | 17        | Invalid file key format                                           | Ensure that the file path follows the format specified in the                                                                                        |
-    |           |                                                                   | `Wazuh documentation <https://documentation.wazuh.com/current/amazon/services/supported-services/index.html>`_.                                      |
+    | 17        | Invalid file key format                                           | Ensure that the file path follows the format specified in the :ref:`Wazuh documentation <amazon_supported_services>`.                                |
+    +-----------+-------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------+
+    | 18        | Invalid prefix                                                    | Make sure that the indicated path exists in the S3 bucket.                                                                                           |
     +-----------+-------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------+
+    | 19        | The server datetime and datetime of the AWS environment differ    | Make sure that the server datetime is correctly set.                                                                                                 |
+    +-----------+-------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------+

source/azure/activity-services/prerequisites/considerations.rst

@@ -8,6 +8,26 @@
 Considerations for configuration
 ================================
 
+Reparse
+-------
+
+.. warning::
+
+   Using the ``reparse`` option will fetch and process all the logs from the starting date until the present. This process may generate duplicate alerts.
+
+To fetch and process older logs, you need to manually run the module using the ``--reparse`` option.
+
+The ``la_time_offset`` value sets the time as an offset for the starting point. If you don't provide an ``la_time_offset`` value, the module goes back to the date of the first file processed.
+
+Find an example of running the module on a manager using the ``--reparse`` option. ``/var/ossec`` is the Wazuh installation path.
+
+.. code-block:: console
+
+  # /var/ossec/wodles/azure/azure-logs --log_analytics --la_auth_path credentials_example --la_tenant_domain 'wazuh.example.domain' --la_tag azure-activity --la_query "AzureActivity" --workspace example-workspace --la_time_offset 50d --debug 2 --reparse
+
+The ``--debug 2`` parameter gets a verbose output. This is useful to show the script is working, specially when handling a large amount of data.
+
+
 Configuring multiple services
 -----------------------------