Applying RAG for Wazuh Documentation: A Step-by-Step Guide (Part 1)

Introduction to RAG

Retrieval-Augmented Generation (RAG) is a method that allows the use of information from various sources to generate more accurate and useful responses to questions.

In the context of Wazuh, RAG can be used to automate data processing, optimize access to information, and improve information retrieval.

Preparing for RAG Integration

Before integrating RAG with the Wazuh documentation, you need to complete the following steps:

• Evaluate the Current Documentation: Analyze the existing Wazuh documentation.
• Collect Data: Gather all necessary data and information sources that RAG will use to generate responses.
• Select Tools: Determine the appropriate tools and technologies for integrating RAG into your system.

Evaluating the Current Wazuh Documentation

The Wazuh documentation is available on Wazuh GitHub. This documentation contains essential information about Wazuh, its features, and capabilities.

The documentation uses a documentation generator based on Sphinx.

This allows you to compile the documentation locally and use it for Retrieval-Augmented Generation (RAG).

How to Compile Wazuh Documentation Locally

To compile the Wazuh documentation for subsequent use in RAG, follow these steps:

1. Ensure Python and pip are Installed: Check if Python and pip are installed on your computer.

2. Alternative: Using Docker: If you do not want to install Python and pip, you can use Docker for compilation.

3. Download the Wazuh Documentation: Use the command:

   git clone https://github.com/wazuh/wazuh-documentation.git -b <branch-name>
   

   📋

   Replace <branch-name> with the desired branch.

4. Navigate to the Documentation Directory: Run the command:

   cd wazuh-documentation
   

   📋

5. Install Dependencies: Run the command:

   pip install -r requirements.txt
   

   📋

6. Compile the Documentation: In the root directory of the repository, run the command:

   make output-format
   

   📋

   Replace output-format with the desired output format.

By following these steps, you can compile the Wazuh documentation for use in RAG.

Compiling Wazuh Documentation Using Docker

You can compile the Wazuh documentation using Docker by following these steps:

1. Install Docker: Ensure Docker is installed on your computer.

2. Download the Wazuh Documentation: Use the command:

   git clone https://github.com/wazuh/wazuh-documentation.git -b v4.11.0
   

   📋

3. Create a Dockerfile and docker-compose File: In the documentation directory, create the files Dockerfile and docker-compose.yml. In the Dockerfile, specify the necessary instructions for compilation, and in docker-compose.yml, configure the services for working with Docker.

4. Compile the Documentation:: Run the command to compile the documentation using Docker.

By following these steps, you can efficiently compile the Wazuh documentation using Docker.

Now let’s do it step by step:

1. Create a Compilation Directory:

   mkdir wazuh-documentation-rag
   cd wazuh-documentation-rag
   

   📋

2. Download the Wazuh Documentation Repository: In this example, the documentation for version 4.11.0 is used:

   git clone https://github.com/wazuh/wazuh-documentation.git -b v4.11.0
   

   📋

3. Create a Dockerfile: In the wazuh-documentation-rag directory, create a file named Dockerfile with the following content:

   # Use the base image with Python 3.9
   FROM python:3.9
   
   # Set the working directory
   WORKDIR /app
   
   # Copy the dependencies to the /tmp/requirements.txt folder
   COPY wazuh-documentation/requirements.txt /tmp/requirements.txt
   
   # Install the dependencies
   RUN pip install -r /tmp/requirements.txt
   
   CMD ["sleep", "infinity"]
   

   📋

4. Create a docker-compose.yml File: In the same directory, create a file named docker-compose.yml to manage the Docker container:

   services:
     wazuh-docs:
       build: .
       volumes:
         - ./wazuh-documentation:/app/wazuh-documentation
   

   📋

5. Run:

   docker compose up -d --build 
   

   📋

Unfortunately, it is currently not possible to compile the documentation directly into a PDF format.

However, you can compile the document into a single HTML format and then convert it to PDF.

To compile the single HTML, follow these commands:

1. Run docker compose up -d --build
2. Connect to the container using docker compose exec -it wazuh-docs bash
3. Compile the documentation with the command cd /app/wazuh-documentation && make singlehtml
4. Wait for the compilation to complete (it may take some times)
5. Exit the container: exit
6. Navigate to the directory with the compiled documentation: cd wazuh-documentation/build/singlehtml/
7. КConvert the single HTML to PDF using the command wkhtmltopdf index.html wazuh.pdf, ensuring that wkhtmltopdf installed.

To be continued in Part 2, stay tuned for updates.

Related Reading

• Enhancing Wazuh with Ollama: Part 1 - AI-powered cybersecurity with Ollama
• How to Set Up a Custom Integration between Wazuh and MARK - Custom Wazuh integrations
• Boosting Container Image Security Using Wazuh and Trivy - Container security monitoring

See also

• Two AI Assistants for Cybersecurity: Wazuh and AWS Under the LLM Microscope
• Introducing Wazuh LLM: Fine-Tuned Llama 3.1 for Security Event Analysis
• Building ML-Powered Threat Intelligence with Honeypot Datasets on Hugging Face
• Boosting Container Image Security Using Wazuh and Trivy
• Applying RAG for Working with Wazuh Documentation: A Step-by-Step Guide (Part 2)