Skip to content

Commit

Permalink
Remove virustotal feature and dashboards in favor of malware dashboard (
Browse files Browse the repository at this point in the history
#7038)

* Remove Virustotal from Applications list

* Remove Virustotal feature and dashboards

* Remove Virustotal feature and dashboards as they are obsolete

* Remove VirusTotal

* Fix Prettier issues

* Update CHANGELOG.md

Co-authored-by: Antonio <[email protected]>

* Add VirusTotal integration for threat detection capabilities

* Restore plugins/main/public/controllers/management/components/management/configuration/configuration-settings.js

* Restore plugins/main/public/controllers/management/components/management/configuration/integrations/integrations.js

* Restore test/cypress

* Restore scripts/wazuh-alerts-generator/cli.js

* Restore plugins/main/public/components/add-modules-data/sample-data.tsx

* Add Virustotal application to Applications list

* fix: error registering unwanted application and move VirusTotal sample data to Malware detection category

* fix: move VirusTotal sample data to Malware detection category in script

* fix: enhance variable name

---------

Co-authored-by: Federico Rodriguez <[email protected]>
Co-authored-by: Antonio <[email protected]>
Co-authored-by: Antonio David Gutiérrez <[email protected]>
  • Loading branch information
4 people authored Oct 11, 2024
1 parent f9784c8 commit 2c08f43
Show file tree
Hide file tree
Showing 20 changed files with 202 additions and 1,781 deletions.
1 change: 1 addition & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -35,6 +35,7 @@ All notable changes to the Wazuh app project will be documented in this file.

- Removed agent RBAC filters from dashboard queries [#6945](https://github.com/wazuh/wazuh-dashboard-plugins/pull/6945)
- Removed GET /elastic/statistics API endpoint [#7001](https://github.com/wazuh/wazuh-dashboard-plugins/pull/7001)
- Removed VirusTotal application in favor of Malware Detection [#7038](https://github.com/wazuh/wazuh-dashboard-plugins/pull/7038)

## Wazuh v4.9.1 - OpenSearch Dashboards 2.13.0 - Revision 03

Expand Down
4 changes: 1 addition & 3 deletions plugins/main/common/constants.ts
Original file line number Diff line number Diff line change
Expand Up @@ -81,11 +81,11 @@ export const WAZUH_SAMPLE_ALERTS_CATEGORIES_TYPE_ALERTS = {
{ audit: true },
{ openscap: true },
{ ciscat: true },
{ virustotal: true },
{ yara: true },
],
[WAZUH_SAMPLE_ALERTS_CATEGORY_THREAT_DETECTION]: [
{ vulnerabilities: true },
{ virustotal: true },
{ osquery: true },
{ docker: true },
{ mitre: true },
Expand Down Expand Up @@ -243,8 +243,6 @@ export const DATA_SOURCE_FILTER_CONTROLLED_MITRE_ATTACK_RULE =
'mitre-attack-rule';
export const DATA_SOURCE_FILTER_CONTROLLED_MITRE_ATTACK_RULE_ID =
'hidden-mitre-attack-rule-id';
export const DATA_SOURCE_FILTER_CONTROLLED_VIRUSTOTAL_RULE_GROUP =
'virustotal-rule-group';
export const DATA_SOURCE_FILTER_CONTROLLED_GOOGLE_CLOUD_RULE_GROUP =
'gcp-rule-group';
export const DATA_SOURCE_FILTER_CONTROLLED_MALWARE_DETECTION_RULE_GROUP =
Expand Down
6 changes: 0 additions & 6 deletions plugins/main/common/wazuh-modules.ts
Original file line number Diff line number Diff line change
Expand Up @@ -99,12 +99,6 @@ export const WAZUH_MODULES = {
description:
'Security events related to your Google Cloud Platform services, collected directly via GCP API.', // TODO GCP
},
virustotal: {
title: 'VirusTotal',
appId: 'virustotal',
description:
'Alerts resulting from VirusTotal analysis of suspicious files via an integration with their API.',
},
mitre: {
title: 'MITRE ATT&CK',
appId: 'mitre-attack',
Expand Down
21 changes: 10 additions & 11 deletions plugins/main/public/components/add-modules-data/sample-data.tsx
Original file line number Diff line number Diff line change
Expand Up @@ -37,7 +37,6 @@ import {
malwareDetection,
mitreAttack,
office365,
virustotal,
vulnerabilityDetection,
} from '../../utils/applications';

Expand All @@ -47,14 +46,18 @@ const sampleSecurityInformationApplication = [
office365.title,
googleCloud.title,
github.title,
];
'authorization',
'ssh',
'web',
].join(', ');

const sampleThreatDetectionApplication = [
vulnerabilityDetection.title,
virustotal.title,
docker.title,
mitreAttack.title,
];
].join(', ');

const sampleMalwareDetection = ['malware', 'VirusTotal', 'YARA'].join(', ');

export default class WzSampleData extends Component {
categories: {
Expand All @@ -77,23 +80,19 @@ export default class WzSampleData extends Component {
this.categories = [
{
title: 'Sample security information',
description: `Sample data, visualizations and dashboards for security information (${sampleSecurityInformationApplication.join(
', ',
)}, authorization, ssh, web).`,
description: `Sample data, visualizations and dashboards for security information (${sampleSecurityInformationApplication}).`,
image: '',
categorySampleAlertsIndex: 'security',
},
{
title: `Sample ${malwareDetection.title}`,
description: `Sample data, visualizations and dashboards for events of ${malwareDetection.title} (${malwareDetection.title}).`,
description: `Sample data, visualizations and dashboards for events of ${malwareDetection.title} (${sampleMalwareDetection}).`,
image: '',
categorySampleAlertsIndex: 'auditing-policy-monitoring',
},
{
title: 'Sample threat detection and response',
description: `Sample data, visualizations and dashboards for threat events of detection and response (${sampleThreatDetectionApplication.join(
', ',
)}).`,
description: `Sample data, visualizations and dashboards for threat events of detection and response (${sampleThreatDetectionApplication}).`,
image: '',
categorySampleAlertsIndex: 'threat-detection',
},
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,6 @@ export * from './docker';
export * from './malware-detection';
export * from './vulnerabilities';
export * from './hipaa';
export * from './virustotal';
export * from './nist-800-53';
export * from './mitre-attack';
export * from './pci-dss';
Expand Down

This file was deleted.

This file was deleted.

18 changes: 0 additions & 18 deletions plugins/main/public/components/common/modules/modules-defaults.tsx
Original file line number Diff line number Diff line change
Expand Up @@ -38,7 +38,6 @@ import { gdprColumns } from '../../overview/gdpr/events/gdpr-columns';
import { tscColumns } from '../../overview/tsc/events/tsc-columns';
import { githubColumns } from '../../overview/github/events/github-columns';
import { mitreAttackColumns } from '../../overview/mitre/events/mitre-attack-columns';
import { virustotalColumns } from '../../overview/virustotal/events/virustotal-columns';
import { malwareDetectionColumns } from '../../overview/malware-detection/events/malware-detection-columns';
import { WAZUH_VULNERABILITIES_PATTERN } from '../../../../common/constants';
import {
Expand All @@ -55,7 +54,6 @@ import {
DashboardAWS,
DashboardOffice365,
DashboardThreatHunting,
DashboardVirustotal,
DashboardGoogleCloud,
DashboardVuls,
InventoryVuls,
Expand All @@ -64,7 +62,6 @@ import {
DockerDataSource,
AlertsVulnerabilitiesDataSource,
AWSDataSource,
VirusTotalDataSource,
FIMDataSource,
GitHubDataSource,
MalwareDetectionDataSource,
Expand Down Expand Up @@ -311,21 +308,6 @@ export const ModulesDefaults = {
],
availableFor: ['manager', 'agent'],
},
virustotal: {
tabs: [
{
id: 'dashboard',
name: 'Dashboard',
buttons: [ButtonExploreAgent, ButtonModuleGenerateReport],
component: DashboardVirustotal,
},
renderDiscoverTab({
tableColumns: virustotalColumns,
DataSource: VirusTotalDataSource,
}),
],
availableFor: ['manager', 'agent'],
},
docker: {
init: 'dashboard',
tabs: [
Expand Down
1 change: 0 additions & 1 deletion plugins/main/public/components/overview/index.ts
Original file line number Diff line number Diff line change
Expand Up @@ -12,5 +12,4 @@ export { DashboardPCIDSS } from './pci/dashboards';
export { DashboardOffice365 } from './office/dashboard';
export { DashboardThreatHunting } from './threat-hunting/dashboard';
export { DashboardTSC } from './tsc/dashboards';
export { DashboardVirustotal } from './virustotal/dashboard';
export { DashboardVuls, InventoryVuls } from './vulnerabilities';

This file was deleted.

Loading

0 comments on commit 2c08f43

Please sign in to comment.