diff --git a/CHANGELOG.md b/CHANGELOG.md index 9848a025b8..662ce5ff43 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -26,6 +26,11 @@ All notable changes to the Wazuh app project will be documented in this file. - Removed the `disabled_roles` and `customization.logo.sidebar` settings [#5840](https://github.com/wazuh/wazuh-dashboard-plugins/pull/5840) - Removed the ability to configure the visibility of modules and removed `extensions.*` settings [#5840](https://github.com/wazuh/wazuh-dashboard-plugins/pull/5840) +### Changed + +- Changed dashboards. [#6035](https://github.com/wazuh/wazuh-dashboard-plugins/pull/6035) +- Change the display order of tabs in all modules. [#6067](https://github.com/wazuh/wazuh-dashboard-plugins/pull/6067) + ## Wazuh v4.7.1 - OpenSearch Dashboards 2.8.0 - Revision 00 ### Added diff --git a/plugins/main/public/components/agents/sca/dashboard/dashboard.scss b/plugins/main/public/components/agents/sca/dashboard/dashboard.scss new file mode 100644 index 0000000000..7da10308c3 --- /dev/null +++ b/plugins/main/public/components/agents/sca/dashboard/dashboard.scss @@ -0,0 +1,27 @@ +@media (max-width: 767px) { + .sca-module-wrapper-donut { + width: 100%; + margin-right: 0; + } + .sca-module-card-visualization { + margin-right: 0; + } + + .sca-module-panel-policies-table { + margin-right: 0; + } +} + +@media (min-width: 768px) { + .sca-module-wrapper-donut { + width: 50%; + } + .sca-module-card-visualization { + margin-right: 16px; + } + + .sca-module-panel-policies-table { + margin-right: 16px; + padding-bottom: 16px; + } +} diff --git a/plugins/main/public/components/agents/sca/dashboard/dashboard.tsx b/plugins/main/public/components/agents/sca/dashboard/dashboard.tsx new file mode 100644 index 0000000000..1f9cdca4ff --- /dev/null +++ b/plugins/main/public/components/agents/sca/dashboard/dashboard.tsx @@ -0,0 +1,339 @@ +import React, { useState, useEffect } from 'react'; +import { + EuiFlexItem, + EuiFlexGroup, + EuiPanel, + EuiPage, + EuiSpacer, + EuiText, + EuiProgress, + EuiTitle, + EuiButton, + EuiStat, + EuiButtonEmpty, + EuiToolTip, + EuiCallOut, + EuiPopover, + EuiCard, +} from '@elastic/eui'; +import { WzRequest } from '../../../../react-services/wz-request'; +import { formatUIDate } from '../../../../react-services/time-service'; +import { UI_ERROR_SEVERITIES } from '../../../../react-services/error-orchestrator/types'; +import { + API_NAME_AGENT_STATUS, + MODULE_SCA_CHECK_RESULT_LABEL, + UI_LOGGER_LEVELS, +} from '../../../../../common/constants'; +import { getErrorOrchestrator } from '../../../../react-services/common-services'; +import { VisualizationBasic } from '../../../common/charts/visualizations/basic'; +import SCAPoliciesTable from '../inventory/agent-policies-table'; +import { InventoryPolicyChecksTable } from '../inventory/checks-table'; +import { connect } from 'react-redux'; +import './dashboard.scss'; + +const Dashboard = ({ currentAgentData }) => { + const [showMoreInfo, setShowMoreInfo] = useState(false); + const [loading, setLoading] = useState(false); + const [checksIsLoading, setChecksIsLoading] = useState(false); + const [filters, setFilters] = useState({}); + const [lookingPolicy, setLookingPolicy] = useState(null); + + const columnsPolicies = [ + { + field: 'name', + name: 'Policy', + sortable: true, + }, + ]; + const updateGraphs = policy => { + setLookingPolicy(policy); + }; + const buttonStat = (text, field, value) => { + const handleButtonClick = () => { + setFilters({ q: `${field}=${value}` }); + }; + + return ; + }; + + const fetchData = async () => { + setLoading(true); + try { + if (!!currentAgentData?.id) { + const { + data: { + data: { affected_items: fetchedPolicies }, + }, + } = await WzRequest.apiReq('GET', `/sca/${currentAgentData.id}`, {}); + + fetchedPolicies.sort((a, b) => a.policy_id.localeCompare(b.policy_id)); + if (fetchedPolicies.length > 0) { + await loadScaPolicy(fetchedPolicies[0].policy_id, false); + } + } + } catch (error) { + handleApiError(error); + } finally { + setLoading(false); + } + }; + + useEffect(() => { + let storedPolicies = JSON.parse(localStorage.getItem('scaPolicies')) || []; + let lastStoredPolicy = storedPolicies[storedPolicies.length - 1]; + setLookingPolicy(lastStoredPolicy); + + if (lastStoredPolicy === undefined) { + fetchData(); + } + + return () => { + localStorage.clear(); + }; + }, [currentAgentData]); + + const handleApiError = error => { + setLoading(false); + setLookingPolicy(null); + const options = { + level: UI_LOGGER_LEVELS.ERROR, + severity: UI_ERROR_SEVERITIES.BUSINESS, + error: { + error: error, + message: error.message || error, + title: error.name, + }, + }; + getErrorOrchestrator().handleError(options); + }; + + const loadScaPolicy = async policyId => { + try { + setLookingPolicy(null); + setChecksIsLoading(true); + const policyResponse = await WzRequest.apiReq( + 'GET', + `/sca/${currentAgentData.id}`, + { + params: { + q: 'policy_id=' + policyId, + }, + }, + ); + const [policyData] = policyResponse.data.data.affected_items; + setLookingPolicy(policyData); + setChecksIsLoading(false); + } catch (error) { + setLookingPolicy(policyId); + setChecksIsLoading(false); + handleApiError(error); + } + }; + + const buttonPopover = ( + setShowMoreInfo(!showMoreInfo)} + /> + ); + + if (currentAgentData.id === undefined) { + return
Loading...
; + } + + const { status, os } = currentAgentData || {}; + + return ( +
+ {(loading || checksIsLoading) && ( +
+ + +
+ )} + + {status !== API_NAME_AGENT_STATUS.NEVER_CONNECTED && + !lookingPolicy && + !loading && ( + + + Refresh' + + + )} + {lookingPolicy && ( +
+ { + + + + + + + + + + + + + + + } +
+ )} + {os && lookingPolicy && (!loading || !checksIsLoading) && ( +
+ + + + +

+ {lookingPolicy.name}  + + setShowMoreInfo(false)} + > + + + + Policy description:{' '} + {lookingPolicy.description} +

+ Policy checksum: {lookingPolicy.hash_file} + + + + +

+ + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+ )} + +
+ ); +}; + +const mapStateToProps = state => ({ + currentAgentData: state.appStateReducers.currentAgentData, +}); + +export default connect(mapStateToProps)(Dashboard); diff --git a/plugins/main/public/components/agents/sca/inventory.tsx b/plugins/main/public/components/agents/sca/inventory.tsx index 4540f2f0c1..df392ee4b2 100644 --- a/plugins/main/public/components/agents/sca/inventory.tsx +++ b/plugins/main/public/components/agents/sca/inventory.tsx @@ -10,87 +10,37 @@ * Find more information about this on the LICENSE file. */ -import React, { Component, Fragment } from 'react'; +import React, { Component } from 'react'; import { EuiFlexItem, EuiFlexGroup, EuiPanel, EuiPage, EuiSpacer, - EuiText, EuiProgress, - EuiTitle, - EuiButton, - EuiButtonIcon, - EuiStat, - EuiButtonEmpty, - EuiToolTip, - EuiCallOut, - EuiPopover, - EuiCard, } from '@elastic/eui'; -import { WzRequest } from '../../../react-services/wz-request'; import { formatUIDate } from '../../../react-services/time-service'; -import { getToasts } from '../../../kibana-services'; import _ from 'lodash'; -import { - UI_ERROR_SEVERITIES, - UIErrorLog, - UIErrorSeverity, - UILogLevel, -} from '../../../react-services/error-orchestrator/types'; -import { - API_NAME_AGENT_STATUS, - MODULE_SCA_CHECK_RESULT_LABEL, - UI_LOGGER_LEVELS, -} from '../../../../common/constants'; -import { getErrorOrchestrator } from '../../../react-services/common-services'; -import { VisualizationBasic } from '../../common/charts/visualizations/basic'; -import { AppNavigate } from '../../../react-services/app-navigate'; +import { MODULE_SCA_CHECK_RESULT_LABEL } from '../../../../common/constants'; import SCAPoliciesTable from './inventory/agent-policies-table'; -import { InventoryPolicyChecksTable } from './inventory/checks-table'; -import { RuleText } from './components'; type InventoryProps = { agent: { [key: string]: any }; }; type InventoryState = { - itemIdToExpandedRowMap: object; - showMoreInfo: boolean; loading: boolean; checksIsLoading: boolean; - redirect: boolean; - filters: object; - pageTableChecks: { pageIndex: number; pageSize?: number }; - policies: object[]; - checks: object[]; - lookingPolicy: { [key: string]: any } | boolean; - loadingPolicy: boolean; - secondTable: boolean; - secondTableBack: boolean; }; export class Inventory extends Component { _isMount = false; agent: { [key: string]: any } = {}; columnsPolicies: object[]; - lookingPolicy: { [key: string]: any } | false = false; constructor(props) { super(props); this.state = { - itemIdToExpandedRowMap: {}, - showMoreInfo: false, loading: false, - filters: {}, - pageTableChecks: { pageIndex: 0 }, - policies: [], - checks: [], - redirect: false, - secondTable: false, - secondTableBack: false, checksIsLoading: false, - lookingPolicy: false, - loadingPolicy: false, }; this.columnsPolicies = [ @@ -141,495 +91,33 @@ export class Inventory extends Component { ]; } - async componentDidMount() { - this._isMount = true; - await this.initialize(); - const regex = new RegExp('redirectPolicy=' + '[^&]*'); - const match = window.location.href.match(regex); - try { - if (match && match[0]) { - this.setState({ loading: true }); - const id = match[0].split('=')[1]; - const policy = await WzRequest.apiReq( - 'GET', - `/sca/${this.props.agent.id}`, - { - q: 'policy_id=' + id, - }, - ); - await this.loadScaPolicy( - ((((policy || {}).data || {}).data || {}).items || [])[0], - ); - window.location.href = window.location.href.replace( - new RegExp('redirectPolicy=' + '[^&]*'), - '', - ); - this.setState({ loading: false }); - } - } catch (error) { - this.setState({ loading: false }); - - const options: UIErrorLog = { - context: `${Inventory.name}.componentDidMount`, - level: UI_LOGGER_LEVELS.ERROR as UILogLevel, - severity: UI_ERROR_SEVERITIES.BUSINESS as UIErrorSeverity, - error: { - error: error, - message: error.message || error, - title: error.name, - }, - }; - getErrorOrchestrator().handleError(options); - } - } - - async componentDidUpdate(prevProps, prevState) { - if (!_.isEqual(this.props.agent, prevProps.agent)) { - this.setState( - { lookingPolicy: false }, - async () => await this.initialize(), - ); - } - if (!_.isEqual(this.state.filters, prevState.filters)) { - this.setState({ - itemIdToExpandedRowMap: {}, - pageTableChecks: { - pageIndex: 0, - pageSize: this.state.pageTableChecks.pageSize, - }, - }); - } - - const regex = new RegExp('redirectPolicyTable=' + '[^&]*'); - const match = window.location.href.match(regex); - if ( - match && - match[0] && - !this.state.secondTable && - !this.state.secondTableBack - ) { - this.loadScaPolicy(match[0].split('=')[1], true); - this.setState({ secondTableBack: true, checksIsLoading: true }); - } - } - - componentWillUnmount() { - this._isMount = false; - } - - async initialize() { - try { - this._isMount && this.setState({ loading: true }); - this.lookingPolicy = false; - const { - data: { - data: { affected_items: policies }, - }, - } = await WzRequest.apiReq('GET', `/sca/${this.props.agent.id}`, {}); - this._isMount && this.setState({ loading: false, policies }); - } catch (error) { - this.setState({ loading: false, policies: [] }); - - const options: UIErrorLog = { - context: `${Inventory.name}.initialize`, - level: UI_LOGGER_LEVELS.ERROR as UILogLevel, - severity: UI_ERROR_SEVERITIES.BUSINESS as UIErrorSeverity, - error: { - error: error, - message: error.message || error, - title: error.name, - }, - }; - getErrorOrchestrator().handleError(options); - } - } - - handleBack(ev) { - AppNavigate.navigateToModule(ev, 'agents', { - tab: 'welcome', - agent: this.props.agent.id, - }); - ev.stopPropagation(); - } - - async loadScaPolicy(policy, secondTable?) { - this._isMount && - this.setState({ - loadingPolicy: true, - itemIdToExpandedRowMap: {}, - pageTableChecks: { pageIndex: 0 }, - secondTable: secondTable ? secondTable : false, - }); - if (policy) { - try { - const policyResponse = await WzRequest.apiReq( - 'GET', - `/sca/${this.props.agent.id}`, - { - params: { - q: 'policy_id=' + policy, - }, - }, - ); - const [policyData] = policyResponse.data.data.affected_items; - this._isMount && - this.setState({ - lookingPolicy: policyData, - loadingPolicy: false, - checksIsLoading: false, - }); - } catch (error) { - this.setState({ - lookingPolicy: policy, - loadingPolicy: false, - checksIsLoading: false, - }); - const options: UIErrorLog = { - context: `${Inventory.name}.loadScaPolicy`, - level: UI_LOGGER_LEVELS.ERROR as UILogLevel, - severity: UI_ERROR_SEVERITIES.BUSINESS as UIErrorSeverity, - error: { - error: error, - message: `The filter contains invalid characters` || error.message, - title: error.name, - }, - }; - getErrorOrchestrator().handleError(options); - } - } else { - this._isMount && - this.setState({ - lookingPolicy: policy, - loadingPolicy: false, - items: [], - checksIsLoading: false, - }); - } - } - - toggleDetails = item => { - const itemIdToExpandedRowMap = { ...this.state.itemIdToExpandedRowMap }; - - if (itemIdToExpandedRowMap[item.id]) { - delete itemIdToExpandedRowMap[item.id]; - } else { - let checks = ''; - checks += (item.rules || []).length > 1 ? 'Checks' : 'Check'; - checks += item.condition ? ` (Condition: ${item.condition})` : ''; - const complianceText = - item.compliance && item.compliance.length - ? item.compliance.map(el => `${el.key}: ${el.value}`).join('\n') - : ''; - const listItems = [ - { - title: 'Check not applicable due to:', - description: item.reason, - }, - { - title: 'Rationale', - description: item.rationale || '-', - }, - { - title: 'Remediation', - description: item.remediation || '-', - }, - { - title: 'Description', - description: item.description || '-', - }, - { - title: (item.directory || '').includes(',') ? 'Paths' : 'Path', - description: item.directory, - }, - { - title: checks, - description: , - }, - { - title: 'Compliance', - description: , - }, - ]; - const itemsToShow = listItems.filter(x => { - return x.description; - }); - itemIdToExpandedRowMap[item.id] = ( - - ); - } - this.setState({ itemIdToExpandedRowMap }); - }; - - showToast = (color, title, time) => { - getToasts().add({ - color: color, - title: title, - toastLifeTimeMs: time, - }); - }; - - buttonStat(text, field, value) { - return ( - - ); - } - - onChangeTableChecks({ page: { index: pageIndex, size: pageSize } }) { - this.setState({ pageTableChecks: { pageIndex, pageSize } }); - } - render() { - const { onClickRow } = this.props; - - const handlePoliciesTableClickRow = async policy => { - onClickRow - ? onClickRow(policy) - : await this.loadScaPolicy(policy.policy_id); - this.setState({ loading: false, redirect: true }); - }; - - const buttonPopover = ( - - this.setState({ showMoreInfo: !this.state.showMoreInfo }) - } - > - ); - const { agent } = this.props; - return ( - + <>
- {this.state.loading || - (this.state.checksIsLoading && ( -
- - -
- ))} -
- - {agent && - (agent || {}).status !== API_NAME_AGENT_STATUS.NEVER_CONNECTED && - !this.state.policies.length && - !this.state.loading && ( - - this.initialize()}> - Refresh - - - )} - - {agent && - (agent || {}).status === API_NAME_AGENT_STATUS.NEVER_CONNECTED && - !this.state.loading && ( - - this.initialize()}> - Refresh - - - )} - {agent && - (agent || {}).os && - !this.state.lookingPolicy && - this.state.policies.length > 0 && - !this.state.loading && - !this.state.checksIsLoading && ( -
- {this.state.policies.length && ( - - {this.state.policies.map((policy: any, idx) => ( - - - - - - - ))} - - )} + {this.state.loading && ( +
- - - - - - - -
- )} - {agent && - (agent || {}).os && - this.state.lookingPolicy && - (!this.state.loading || !this.state.checksIsLoading) && ( -
- - - - this.handleBack(ev) - : () => this.loadScaPolicy(false) - } - iconType='arrowLeft' - aria-label='Back to policies' - {...{ iconSize: 'l' }} - /> - - - -

- {this.state.lookingPolicy.name}  - - - this.setState({ showMoreInfo: false }) - } - > - - - - Policy description:{' '} - {this.state.lookingPolicy.description} -

- Policy checksum:{' '} - {this.state.lookingPolicy.hash_file} - - - - -

- - - - - - - - - - - - - - - - - - - - - - - - - - - - +
)} +
+ +
+ + + + + + + + +
- + ); } } - -Inventory.defaultProps = { - onClickRow: undefined -} diff --git a/plugins/main/public/components/agents/sca/inventory/agent-policies-table.tsx b/plugins/main/public/components/agents/sca/inventory/agent-policies-table.tsx index 5327d08fc2..c011c63f21 100644 --- a/plugins/main/public/components/agents/sca/inventory/agent-policies-table.tsx +++ b/plugins/main/public/components/agents/sca/inventory/agent-policies-table.tsx @@ -15,18 +15,18 @@ export default function SCAPoliciesTable(props: Props) { return { 'data-test-subj': `sca-row-${idx}`, className: 'customRowClass', - onClick: rowProps ? () => rowProps(item) : null + onClick: rowProps ? () => rowProps(item) : null, }; }; return ( <> ); diff --git a/plugins/main/public/components/agents/sca/main.tsx b/plugins/main/public/components/agents/sca/main.tsx index ddcbcbd6b9..713a3ec7ae 100644 --- a/plugins/main/public/components/agents/sca/main.tsx +++ b/plugins/main/public/components/agents/sca/main.tsx @@ -15,10 +15,15 @@ import { Inventory } from './index'; import { connect } from 'react-redux'; import { compose } from 'redux'; import { PromptSelectAgent, PromptNoSelectedAgent } from '../prompts'; -import { withGuard, withUserAuthorizationPrompt, withAgentSupportModule } from '../../common/hocs'; +import { + withGuard, + withUserAuthorizationPrompt, + withAgentSupportModule, +} from '../../common/hocs'; import { API_NAME_AGENT_STATUS } from '../../../../common/constants'; +import Dashboard from './dashboard/dashboard'; -const mapStateToProps = (state) => ({ +const mapStateToProps = state => ({ currentAgentData: state.appStateReducers.currentAgentData, }); @@ -26,49 +31,68 @@ export const MainSca = compose( withAgentSupportModule, withUserAuthorizationPrompt([ [ - {action: 'agent:read', resource: 'agent:id:*'}, - {action: 'agent:read', resource: 'agent:group:*'} + { action: 'agent:read', resource: 'agent:id:*' }, + { action: 'agent:read', resource: 'agent:group:*' }, ], [ - {action: 'sca:read', resource: 'agent:id:*'}, - {action: 'sca:read', resource: 'agent:group:*'} - ] + { action: 'sca:read', resource: 'agent:id:*' }, + { action: 'sca:read', resource: 'agent:group:*' }, + ], ]), connect(mapStateToProps), withGuard( - (props) => !(props.currentAgentData && props.currentAgentData.id && props.agent), + props => + !(props.currentAgentData && props.currentAgentData.id && props.agent), () => ( - - ) + + ), ), withGuard( ({ currentAgentData, agent }) => { - const agentData = currentAgentData && currentAgentData.id ? currentAgentData : agent; + const agentData = + currentAgentData && currentAgentData.id ? currentAgentData : agent; return agentData.status === API_NAME_AGENT_STATUS.NEVER_CONNECTED; }, () => ( - - ) + + ), ), - withUserAuthorizationPrompt((props) => { + withUserAuthorizationPrompt(props => { const agentData = - props.currentAgentData && props.currentAgentData.id ? props.currentAgentData : props.agent; + props.currentAgentData && props.currentAgentData.id + ? props.currentAgentData + : props.agent; return [ [ { action: 'agent:read', resource: `agent:id:${agentData.id}` }, - ...(agentData.group || []).map(group => ({ action: 'agent:read', resource: `agent:group:${group}` })) + ...(agentData.group || []).map(group => ({ + action: 'agent:read', + resource: `agent:group:${group}`, + })), ], [ { action: 'sca:read', resource: `agent:id:${agentData.id}` }, - ...(agentData.group || []).map(group => ({ action: 'sca:read', resource: `agent:group:${group}` })) - ] + ...(agentData.group || []).map(group => ({ + action: 'sca:read', + resource: `agent:group:${group}`, + })), + ], ]; - }) + }), )(function MainSca({ selectView, currentAgentData, agent, ...rest }) { - const agentData = currentAgentData && currentAgentData.id ? currentAgentData : agent; + const agentData = + currentAgentData && currentAgentData.id ? currentAgentData : agent; + return ( -
- -
+ <> + {selectView === 'inventory' ? ( + + ) : ( + + )} + ); }); diff --git a/plugins/main/public/components/common/modules/modules-defaults.js b/plugins/main/public/components/common/modules/modules-defaults.js index 517eeb84d6..24b3b2b421 100644 --- a/plugins/main/public/components/common/modules/modules-defaults.js +++ b/plugins/main/public/components/common/modules/modules-defaults.js @@ -37,13 +37,13 @@ const EventsTab = { component: Events, }; const RegulatoryComplianceTabs = [ + DashboardTab, { id: 'inventory', name: 'Controls', buttons: [ButtonModuleExploreAgent], component: ComplianceTable, }, - DashboardTab, EventsTab, ]; @@ -56,13 +56,13 @@ export const ModulesDefaults = { fim: { init: 'dashboard', tabs: [ + DashboardTab, { id: 'inventory', name: 'Inventory', buttons: [ButtonModuleExploreAgent], component: MainFim, }, - DashboardTab, EventsTab, ], availableFor: ['manager', 'agent'], @@ -88,8 +88,14 @@ export const ModulesDefaults = { availableFor: ['manager', 'agent'], }, sca: { - init: 'inventory', + init: 'dashboard', tabs: [ + { + id: 'dashboard', + name: 'Dashboard', + buttons: [ButtonModuleExploreAgent], + component: MainSca, + }, { id: 'inventory', name: 'Inventory', @@ -104,26 +110,35 @@ export const ModulesDefaults = { office: { init: 'dashboard', tabs: [ - { - id: 'inventory', - name: 'Panel', - buttons: [ButtonModuleExploreAgent], - component: withModuleNotForAgent(OfficePanel), - }, { id: 'dashboard', name: 'Dashboard', buttons: [ButtonModuleExploreAgent, ButtonModuleGenerateReport], component: withModuleNotForAgent(Dashboard), }, + { + id: 'inventory', + name: 'Panel', + buttons: [ButtonModuleExploreAgent], + component: withModuleNotForAgent(OfficePanel), + }, { ...EventsTab, component: withModuleNotForAgent(Events) }, ], availableFor: ['manager'], }, github: { init: 'dashboard', - tabs: [{ id: 'inventory', name: 'Panel', buttons: [ButtonModuleExploreAgent], component: GitHubPanel }, DashboardTab, EventsTab], - availableFor: ['manager', 'agent'] + tabs: [ + DashboardTab, + { + id: 'inventory', + name: 'Panel', + buttons: [ButtonModuleExploreAgent], + component: GitHubPanel, + }, + EventsTab, + ], + availableFor: ['manager', 'agent'], }, ciscat: { init: 'dashboard', @@ -151,14 +166,18 @@ export const ModulesDefaults = { mitre: { init: 'dashboard', tabs: [ - { id: 'intelligence', name: 'Intelligence', component: ModuleMitreAttackIntelligence }, + DashboardTab, + { + id: 'intelligence', + name: 'Intelligence', + component: ModuleMitreAttackIntelligence, + }, { id: 'inventory', name: 'Framework', buttons: [ButtonModuleExploreAgent], component: MainMitre, }, - DashboardTab, EventsTab, ], availableFor: ['manager', 'agent'], diff --git a/plugins/main/public/components/common/welcome/components/sca_scan/sca_scan.tsx b/plugins/main/public/components/common/welcome/components/sca_scan/sca_scan.tsx index 68f4b20f95..9814642042 100644 --- a/plugins/main/public/components/common/welcome/components/sca_scan/sca_scan.tsx +++ b/plugins/main/public/components/common/welcome/components/sca_scan/sca_scan.tsx @@ -80,6 +80,10 @@ export const ScaScan = compose( } async componentDidMount() { + const storedPolicies = localStorage.getItem('scaPolicies'); + if (storedPolicies) { + this.setState({ policies: JSON.parse(storedPolicies) }); + } this._isMount = true; const $injector = getAngularModule().$injector; this.router = $injector.get('$route'); @@ -134,9 +138,14 @@ export const ScaScan = compose( } onClickRow = policy => { - window.location.href = `#/overview?tab=sca&redirectPolicyTable=${policy.policy_id}`; - store.dispatch(updateCurrentAgentData(this.props.agent)); - this.router.reload(); + const updatedPolicies = [...this.state.policies, policy]; + this.setState({ policies: updatedPolicies }, () => { + localStorage.setItem( + 'scaPolicies', + JSON.stringify(this.state.policies), + ); + window.location.href = `#/overview?tab=sca&redirectPolicy=${policy.policy_id}`; + }); }; renderScanDetails() { diff --git a/plugins/main/public/components/overview/metrics/metrics.tsx b/plugins/main/public/components/overview/metrics/metrics.tsx index ce2f26aa59..e997371e53 100644 --- a/plugins/main/public/components/overview/metrics/metrics.tsx +++ b/plugins/main/public/components/overview/metrics/metrics.tsx @@ -148,7 +148,9 @@ export const Metrics = withAllowedAgents( }, { name: 'Total', type: 'total' }, ], - osquery: [{ name: 'Agents reporting', type: 'unique-count', field: 'agent.id' }], + osquery: [ + { name: 'Agents reporting', type: 'unique-count', field: 'agent.id' }, + ], ciscat: [ { name: 'Last scan not checked', @@ -156,8 +158,14 @@ export const Metrics = withAllowedAgents( filter: { phrase: 'ciscat', field: 'rule.groups' }, agg: { customAggResult: { - terms: { field: 'timestamp', order: { _term: 'desc' }, size: 1 }, - aggs: { aggResult: { terms: { field: 'data.cis.notchecked' } } }, + terms: { + field: 'timestamp', + order: { _term: 'desc' }, + size: 1, + }, + aggs: { + aggResult: { terms: { field: 'data.cis.notchecked' } }, + }, }, }, color: 'subdued', @@ -168,7 +176,11 @@ export const Metrics = withAllowedAgents( filter: { phrase: 'ciscat', field: 'rule.groups' }, agg: { customAggResult: { - terms: { field: 'timestamp', order: { _term: 'desc' }, size: 1 }, + terms: { + field: 'timestamp', + order: { _term: 'desc' }, + size: 1, + }, aggs: { aggResult: { terms: { field: 'data.cis.pass' } } }, }, }, @@ -180,7 +192,11 @@ export const Metrics = withAllowedAgents( filter: { phrase: 'ciscat', field: 'rule.groups' }, agg: { customAggResult: { - terms: { field: 'timestamp', order: { _term: 'desc' }, size: 1 }, + terms: { + field: 'timestamp', + order: { _term: 'desc' }, + size: 1, + }, aggs: { aggResult: { terms: { field: 'data.cis.score' } } }, }, }, @@ -191,7 +207,11 @@ export const Metrics = withAllowedAgents( filter: { phrase: 'ciscat', field: 'rule.groups' }, agg: { customAggResult: { - terms: { field: 'timestamp', order: { _term: 'desc' }, size: 1 }, + terms: { + field: 'timestamp', + order: { _term: 'desc' }, + size: 1, + }, aggs: { aggResult: { terms: { field: 'data.cis.timestamp' } } }, }, }, @@ -204,7 +224,11 @@ export const Metrics = withAllowedAgents( filter: { phrase: 'ciscat', field: 'rule.groups' }, agg: { customAggResult: { - terms: { field: 'timestamp', order: { _term: 'desc' }, size: 1 }, + terms: { + field: 'timestamp', + order: { _term: 'desc' }, + size: 1, + }, aggs: { aggResult: { terms: { field: 'data.cis.error' } } }, }, }, @@ -216,7 +240,11 @@ export const Metrics = withAllowedAgents( filter: { phrase: 'ciscat', field: 'rule.groups' }, agg: { customAggResult: { - terms: { field: 'timestamp', order: { _term: 'desc' }, size: 1 }, + terms: { + field: 'timestamp', + order: { _term: 'desc' }, + size: 1, + }, aggs: { aggResult: { terms: { field: 'data.cis.fail' } } }, }, }, @@ -228,7 +256,11 @@ export const Metrics = withAllowedAgents( filter: { phrase: 'ciscat', field: 'rule.groups' }, agg: { customAggResult: { - terms: { field: 'timestamp', order: { _term: 'desc' }, size: 1 }, + terms: { + field: 'timestamp', + order: { _term: 'desc' }, + size: 1, + }, aggs: { aggResult: { terms: { field: 'data.cis.unknown' } } }, }, }, @@ -242,8 +274,14 @@ export const Metrics = withAllowedAgents( filter: { phrase: 'oscap-report', field: 'rule.groups' }, agg: { customAggResult: { - terms: { field: 'timestamp', order: { _term: 'desc' }, size: 1 }, - aggs: { aggResult: { terms: { field: 'data.oscap.scan.score' } } }, + terms: { + field: 'timestamp', + order: { _term: 'desc' }, + size: 1, + }, + aggs: { + aggResult: { terms: { field: 'data.oscap.scan.score' } }, + }, }, }, }, @@ -253,8 +291,14 @@ export const Metrics = withAllowedAgents( filter: { phrase: 'oscap-report', field: 'rule.groups' }, agg: { customAggResult: { - terms: { field: 'data.oscap.scan.score', order: { _term: 'desc' }, size: 1 }, - aggs: { aggResult: { terms: { field: 'data.oscap.scan.score' } } }, + terms: { + field: 'data.oscap.scan.score', + order: { _term: 'desc' }, + size: 1, + }, + aggs: { + aggResult: { terms: { field: 'data.oscap.scan.score' } }, + }, }, }, color: 'secondary', @@ -265,24 +309,75 @@ export const Metrics = withAllowedAgents( filter: { phrase: 'oscap-report', field: 'rule.groups' }, agg: { customAggResult: { - terms: { field: 'data.oscap.scan.score', order: { _term: 'asc' }, size: 1 }, - aggs: { aggResult: { terms: { field: 'data.oscap.scan.score' } } }, + terms: { + field: 'data.oscap.scan.score', + order: { _term: 'asc' }, + size: 1, + }, + aggs: { + aggResult: { terms: { field: 'data.oscap.scan.score' } }, + }, }, }, color: 'danger', }, ], office: [ - { name: "Max Rule Level", type: "custom", filter: { phrase: "office365", field: "rule.groups" }, agg: { "customAggResult": { "terms": { "field": "rule.level", "order": { "_term": "desc" }, "size": 1 }, "aggs": { "aggResult": { "terms": { "field": "rule.level" } } } } } }, - { name: "Suspicious Downloads", type: "phrase", value: "91724", field: "rule.id", color: "danger" }, - { name: "Full Access Permissions", type: "phrase", value: "91725", field: "rule.id" }, - { name: "Phishing and Malware", type: "phrases", values: ["91556", "91575", "91700"], field: "rule.id", color: "danger" }, + { + name: 'Max Rule Level', + type: 'custom', + filter: { phrase: 'office365', field: 'rule.groups' }, + agg: { + customAggResult: { + terms: { + field: 'rule.level', + order: { _term: 'desc' }, + size: 1, + }, + aggs: { aggResult: { terms: { field: 'rule.level' } } }, + }, + }, + }, + { + name: 'Suspicious Downloads', + type: 'phrase', + value: '91724', + field: 'rule.id', + color: 'danger', + }, + { + name: 'Full Access Permissions', + type: 'phrase', + value: '91725', + field: 'rule.id', + }, + { + name: 'Phishing and Malware', + type: 'phrases', + values: ['91556', '91575', '91700'], + field: 'rule.id', + color: 'danger', + }, ], github: [ - { name: "Organizations", type: "unique-count", field: "data.github.org"}, - { name: "Repositories", type: "unique-count", field: "data.github.repo", color: "secondary"}, - { name: "Actors", type: "unique-count", field: "data.github.actor", color: "danger"}, - ] + { + name: 'Organizations', + type: 'unique-count', + field: 'data.github.org', + }, + { + name: 'Repositories', + type: 'unique-count', + field: 'data.github.repo', + color: 'secondary', + }, + { + name: 'Actors', + type: 'unique-count', + field: 'data.github.actor', + color: 'danger', + }, + ], }; } @@ -295,7 +390,12 @@ export const Metrics = withAllowedAgents( async getResults(filterParams, aggs = {}) { const params = { size: 0, track_total_hits: true }; - const result = await getElasticAlerts(this.indexPattern, filterParams, aggs, params); + const result = await getElasticAlerts( + this.indexPattern, + filterParams, + aggs, + params, + ); let totalHits = 0; if (Object.keys(aggs).length) { const agg = (result.data || {}).aggregations || {}; @@ -303,8 +403,10 @@ export const Metrics = withAllowedAgents( //CUSTOM AGG totalHits = ( - (((((agg.customAggResult || {}).buckets || [])[0] || {}).aggResult || {}).buckets || - [])[0] || {} + (( + (((agg.customAggResult || {}).buckets || [])[0] || {}) + .aggResult || {} + ).buckets || [])[0] || {} ).key || 0; } else { totalHits = (agg.aggResult || {}).value || 0; @@ -327,7 +429,7 @@ export const Metrics = withAllowedAgents( this.setState({ filterParams, loading: true }); const newOnClick = {}; - const result = this.metricsList[this.props.section].map(async (item) => { + const result = this.metricsList[this.props.section].map(async item => { let filters = []; if (item.type === 'range') { const results = {}; @@ -337,7 +439,7 @@ export const Metrics = withAllowedAgents( ...buildRangeFilter( { name: item.field, type: 'integer' }, valuesArray, - this.indexPattern + this.indexPattern, ), $state: { store: 'appState' }, }; @@ -357,7 +459,7 @@ export const Metrics = withAllowedAgents( ...buildPhrasesFilter( { name: item.field, type: 'string' }, item.values, - this.indexPattern + this.indexPattern, ), $state: { store: 'appState' }, }; @@ -382,7 +484,7 @@ export const Metrics = withAllowedAgents( ...buildPhraseFilter( { name: item.filter.field, type: 'string' }, item.filter.phrase, - this.indexPattern + this.indexPattern, ), $state: { store: 'appState' }, }; @@ -394,7 +496,10 @@ export const Metrics = withAllowedAgents( const results = {}; const existsFilters = {}; const filters = { - ...buildExistsFilter({ name: item.field, type: 'nested' }, this.indexPattern), + ...buildExistsFilter( + { name: item.field, type: 'nested' }, + this.indexPattern, + ), $state: { store: 'appState' }, }; existsFilters['filters'] = [...filterParams['filters']]; @@ -429,7 +534,7 @@ export const Metrics = withAllowedAgents( ...buildPhraseFilter( { name: item.field, type: 'string' }, item.value, - this.indexPattern + this.indexPattern, ), $state: { store: 'appState' }, }; @@ -455,7 +560,7 @@ export const Metrics = withAllowedAgents( try { const completed = await Promise.all(result); const newResults = {}; - completed.forEach((item) => { + completed.forEach(item => { const key = Object.keys(item)[0]; newResults[key] = item[key]; }); @@ -489,21 +594,28 @@ export const Metrics = withAllowedAgents( this.props.resultState === 'ready' && this.state.resultState === 'loading' ) { - this.setState({ buildingMetrics: true, resultState: this.props.resultState }, () => { - this.stats = this.buildMetric(); - }); + this.setState( + { buildingMetrics: true, resultState: this.props.resultState }, + () => { + this.stats = this.buildMetric(); + }, + ); } else if (this.props.resultState !== this.state.resultState) { - const isLoading = this.props.resultState === 'loading' ? { loading: true } : {}; + const isLoading = + this.props.resultState === 'loading' ? { loading: true } : {}; this.setState({ resultState: this.props.resultState, ...isLoading }); } } buildTitleButton = (count, itemName) => { return ( - + 20 ? '2rem' : '2.25rem' }} + style={{ + cursor: 'pointer', + fontSize: count > 20 ? '2rem' : '2.25rem', + }} onClick={this.state.metricsOnClicks[itemName]} > {this.state.results[itemName]} @@ -534,7 +646,7 @@ export const Metrics = withAllowedAgents( description={item.name} titleColor={this.metricsList[section][idx].color || 'primary'} isLoading={this.state.loading} - textAlign="center" + textAlign='center' /> ); @@ -552,5 +664,5 @@ export const Metrics = withAllowedAgents( ); } - } + }, ); diff --git a/plugins/main/public/components/visualize/agent-visualizations.js b/plugins/main/public/components/visualize/agent-visualizations.js index f174013cc3..ce0e677efb 100644 --- a/plugins/main/public/components/visualize/agent-visualizations.js +++ b/plugins/main/public/components/visualize/agent-visualizations.js @@ -19,10 +19,10 @@ export const agentVisualizations = { { title: 'Alert groups evolution', id: 'Wazuh-App-Agents-General-Alert-groups-evolution', - width: 50 + width: 50, }, - { title: 'Alerts', id: 'Wazuh-App-Agents-General-Alerts', width: 50 } - ] + { title: 'Alerts', id: 'Wazuh-App-Agents-General-Alerts', width: 50 }, + ], }, { height: 300, @@ -30,21 +30,21 @@ export const agentVisualizations = { { title: 'Top 5 alerts', id: 'Wazuh-App-Agents-General-Top-5-alerts', - width: 33 + width: 33, }, { title: 'Top 5 rule groups', id: 'Wazuh-App-Agents-General-Top-10-groups', - width: 33 + width: 33, }, { title: 'Top 5 PCI DSS Requirements', id: 'Wazuh-App-Agents-General-Top-5-PCI-DSS-Requirements', - width: 34 - } - ] + width: 34, + }, + ], }, - ] + ], }, aws: { rows: [ @@ -54,24 +54,24 @@ export const agentVisualizations = { { title: 'Sources', id: 'Wazuh-App-Agents-AWS-Top-sources', - width: 25 + width: 25, }, { title: 'Accounts', id: 'Wazuh-App-Agents-AWS-Top-accounts', - width: 25 + width: 25, }, { title: 'S3 buckets', id: 'Wazuh-App-Agents-AWS-Top-buckets', - width: 25 + width: 25, }, { title: 'Regions', id: 'Wazuh-App-Agents-AWS-Top-regions', - width: 25 - } - ] + width: 25, + }, + ], }, { height: 300, @@ -79,25 +79,25 @@ export const agentVisualizations = { { title: 'Events by source over time', id: 'Wazuh-App-Agents-AWS-Events-by-source', - width: 50 + width: 50, }, { title: 'Events by S3 bucket over time', id: 'Wazuh-App-Agents-AWS-Events-by-s3-bucket', - width: 50 - } - ] + width: 50, + }, + ], }, { height: 570, vis: [ { title: 'Geolocation map', - id: 'Wazuh-App-Agents-AWS-geo' - } - ] + id: 'Wazuh-App-Agents-AWS-geo', + }, + ], }, - ] + ], }, fim: { rows: [ @@ -107,19 +107,19 @@ export const agentVisualizations = { { title: 'Most active users', id: 'Wazuh-App-Agents-FIM-Users', - width: 25 + width: 25, }, { title: 'Actions', id: 'Wazuh-App-Agents-FIM-Actions', - width: 25 + width: 25, }, { title: 'Events', id: 'Wazuh-App-Agents-FIM-Events', - width: 50 - } - ] + width: 50, + }, + ], }, { height: 230, @@ -127,21 +127,21 @@ export const agentVisualizations = { { title: 'Files added', id: 'Wazuh-App-Agents-FIM-Files-added', - width: 33 + width: 33, }, { title: 'Files modified', id: 'Wazuh-App-Agents-FIM-Files-modified', - width: 33 + width: 33, }, { title: 'Files deleted', id: 'Wazuh-App-Agents-FIM-Files-deleted', - width: 34 - } - ] + width: 34, + }, + ], }, - ] + ], }, gcp: { rows: [ @@ -151,19 +151,19 @@ export const agentVisualizations = { { title: 'Top 5 rules', id: 'Wazuh-App-Agents-GCP-Top-5-rules', - width: 50 + width: 50, }, { title: 'Top query events', id: 'Wazuh-App-Agents-GCP-Event-Query-Name', - width: 25 + width: 25, }, { title: 'Top 5 instances', id: 'Wazuh-App-Agents-GCP-Top-5-instances', - width: 25 + width: 25, }, - ] + ], }, { height: 300, @@ -171,14 +171,14 @@ export const agentVisualizations = { { title: 'Top project id by sourcetype', id: 'Wazuh-App-Agents-GCP-Top-ProjectId-By-SourceType', - width: 25 + width: 25, }, { title: 'GCP alerts evolution', id: 'Wazuh-App-Agents-GCP-Events-Over-Time', - width: 75 + width: 75, }, - ] + ], }, { height: 300, @@ -186,16 +186,16 @@ export const agentVisualizations = { { title: 'Auth answer count', id: 'Wazuh-App-Agents-GCP-authAnswer-Bar', - width: 40 + width: 40, }, { title: 'Resource type by project id', id: 'Wazuh-App-Agents-GCP-Top-ResourceType-By-Project-Id', - width: 60 + width: 60, }, - ] + ], }, - ] + ], }, pci: { rows: [ @@ -205,19 +205,19 @@ export const agentVisualizations = { { title: 'Top 5 rule groups', id: 'Wazuh-App-Agents-PCI-Groups', - width: 33 + width: 33, }, { title: 'Top 5 rules', id: 'Wazuh-App-Agents-PCI-Rule', - width: 33 + width: 33, }, { title: 'Top 5 PCI DSS requirements', id: 'Wazuh-App-Agents-PCI-Requirement', - width: 34 - } - ] + width: 34, + }, + ], }, { height: 300, @@ -225,16 +225,16 @@ export const agentVisualizations = { { title: 'PCI Requirements', id: 'Wazuh-App-Agents-PCI-Requirements', - width: 75 + width: 75, }, { title: 'Rule level distribution', id: 'Wazuh-App-Agents-PCI-Rule-level-distribution', - width: 25 - } - ] + width: 25, + }, + ], }, - ] + ], }, gdpr: { rows: [ @@ -244,19 +244,19 @@ export const agentVisualizations = { { title: 'Top 5 rule groups', id: 'Wazuh-App-Agents-GDPR-Groups', - width: 33 + width: 33, }, { title: 'Top 5 rules', id: 'Wazuh-App-Agents-GDPR-Rule', - width: 33 + width: 33, }, { title: 'Top 5 GDPR requirements', id: 'Wazuh-App-Agents-GDPR-Requirement', - width: 34 - } - ] + width: 34, + }, + ], }, { height: 300, @@ -264,16 +264,16 @@ export const agentVisualizations = { { title: 'GDPR Requirements', id: 'Wazuh-App-Agents-GDPR-Requirements', - width: 75 + width: 75, }, { title: 'Rule level distribution', id: 'Wazuh-App-Agents-GDPR-Rule-level-distribution', - width: 25 - } - ] + width: 25, + }, + ], }, - ] + ], }, nist: { rows: [ @@ -283,30 +283,30 @@ export const agentVisualizations = { { title: 'Stats', id: 'Wazuh-App-Agents-NIST-Stats', - width: 25 + width: 25, }, { title: 'Top 10 requirements', id: 'Wazuh-App-Agents-NIST-top-10-requirements', - width: 25 + width: 25, }, { title: 'Requirements distributed by level', id: 'Wazuh-App-Agents-NIST-Requirement-by-level', - width: 50 - } - ] + width: 50, + }, + ], }, { height: 300, vis: [ { title: 'Requirements over time', - id: 'Wazuh-App-Agents-NIST-Requirements-stacked-overtime' - } - ] + id: 'Wazuh-App-Agents-NIST-Requirements-stacked-overtime', + }, + ], }, - ] + ], }, tsc: { rows: [ @@ -316,19 +316,19 @@ export const agentVisualizations = { { title: 'Top 5 rule groups', id: 'Wazuh-App-Agents-TSC-Groups', - width: 33 + width: 33, }, { title: 'Top 5 rules', id: 'Wazuh-App-Agents-TSC-Rule', - width: 33 + width: 33, }, { title: 'Top 5 TSC requirements', id: 'Wazuh-App-Agents-TSC-Requirement', - width: 34 - } - ] + width: 34, + }, + ], }, { height: 300, @@ -336,16 +336,16 @@ export const agentVisualizations = { { title: 'TSC Requirements', id: 'Wazuh-App-Agents-TSC-Requirements', - width: 75 + width: 75, }, { title: 'Rule level distribution', id: 'Wazuh-App-Agents-TSC-Rule-level-distribution', - width: 25 - } - ] + width: 25, + }, + ], }, - ] + ], }, hipaa: { rows: [ @@ -355,14 +355,14 @@ export const agentVisualizations = { { title: 'Requirements over time', id: 'Wazuh-App-Agents-HIPAA-Requirements-Stacked-Overtime', - width: 50 + width: 50, }, { title: 'Top 10 requirements', id: 'Wazuh-App-Agents-HIPAA-top-10', - width: 50 - } - ] + width: 50, + }, + ], }, { height: 300, @@ -370,21 +370,21 @@ export const agentVisualizations = { { title: 'HIPAA requirements', id: 'Wazuh-App-Agents-HIPAA-Burbles', - width: 50 + width: 50, }, { title: 'Requirements distribution by level', id: 'Wazuh-App-Agents-HIPAA-Distributed-By-Level', - width: 25 + width: 25, }, { title: 'Most common alerts', id: 'Wazuh-App-Agents-HIPAA-Most-Common', - width: 25 - } - ] + width: 25, + }, + ], }, - ] + ], }, virustotal: { rows: [ @@ -394,25 +394,25 @@ export const agentVisualizations = { { title: 'Last scanned files', id: 'Wazuh-App-Agents-Virustotal-Last-Files-Pie', - width: 25 + width: 25, }, { title: 'Malicious files alerts Evolution', id: 'Wazuh-App-Agents-Virustotal-Malicious-Evolution', - width: 75 - } - ] + width: 75, + }, + ], }, { height: 570, vis: [ { title: 'Last files', - id: 'Wazuh-App-Agents-Virustotal-Files-Table' - } - ] + id: 'Wazuh-App-Agents-Virustotal-Files-Table', + }, + ], }, - ] + ], }, osquery: { rows: [ @@ -422,14 +422,14 @@ export const agentVisualizations = { { title: 'Most common Osquery actions', id: 'Wazuh-App-Agents-Osquery-most-common-osquery-actions', - width: 25 + width: 25, }, { title: 'Evolution of Osquery events per pack over time', id: 'Wazuh-App-Agents-Osquery-Evolution', - width: 75 - } - ] + width: 75, + }, + ], }, { height: 300, @@ -437,16 +437,16 @@ export const agentVisualizations = { { title: 'Most common Osquery packs being used', id: 'Wazuh-App-Agents-Osquery-top-5-packs-being-used', - width: 25 + width: 25, }, { title: 'Most common rules', id: 'Wazuh-App-Agents-Osquery-monst-common-rules-being-fired', - width: 75 - } - ] + width: 75, + }, + ], }, - ] + ], }, mitre: { rows: [ @@ -456,14 +456,14 @@ export const agentVisualizations = { { title: 'Alerts evolution over time', id: 'Wazuh-App-Agents-MITRE-Alerts-Evolution', - width: 70 + width: 70, }, { title: 'Top tactics', id: 'Wazuh-App-Agents-MITRE-Top-Tactics', - width: 30 - } - ] + width: 30, + }, + ], }, { height: 360, @@ -471,21 +471,21 @@ export const agentVisualizations = { { title: 'Rule level by attack', id: 'Wazuh-App-Agents-MITRE-Level-By-Attack', - width: 33 + width: 33, }, { title: 'MITRE attacks by tactic', id: 'Wazuh-App-Agents-MITRE-Attacks-By-Tactic', - width: 34 + width: 34, }, { title: 'Rule level by tactic', id: 'Wazuh-App-Agents-MITRE-Level-By-Tactic', - width: 34 - } - ] + width: 34, + }, + ], }, - ] + ], }, docker: { rows: [ @@ -495,30 +495,30 @@ export const agentVisualizations = { { title: 'Top 5 images', id: 'Wazuh-App-Agents-Docker-top-5-images', - width: 25 + width: 25, }, { title: 'Top 5 events', id: 'Wazuh-App-Agents-Docker-top-5-actions', - width: 25 + width: 25, }, { title: 'Resources usage over time', id: 'Wazuh-App-Agents-Docker-Types-over-time', - width: 50 - } - ] + width: 50, + }, + ], }, { height: 300, vis: [ { title: 'Events occurred evolution', - id: 'Wazuh-App-Agents-Docker-Actions-over-time' - } - ] + id: 'Wazuh-App-Agents-Docker-Actions-over-time', + }, + ], }, - ] + ], }, oscap: { rows: [ @@ -528,33 +528,33 @@ export const agentVisualizations = { { title: 'Top 5 Scans', id: 'Wazuh-App-Agents-OSCAP-Scans', - width: 25 + width: 25, }, { title: 'Top 5 Profiles', id: 'Wazuh-App-Agents-OSCAP-Profiles', - width: 25 + width: 25, }, { title: 'Top 5 Content', id: 'Wazuh-App-Agents-OSCAP-Content', - width: 25 + width: 25, }, { title: 'Top 5 Severity', id: 'Wazuh-App-Agents-OSCAP-Severity', - width: 25 - } - ] + width: 25, + }, + ], }, { height: 230, vis: [ { title: 'Daily scans evolution', - id: 'Wazuh-App-Agents-OSCAP-Daily-scans-evolution' - } - ] + id: 'Wazuh-App-Agents-OSCAP-Daily-scans-evolution', + }, + ], }, { height: 250, @@ -562,16 +562,16 @@ export const agentVisualizations = { { title: 'Top 5 - Alerts', id: 'Wazuh-App-Agents-OSCAP-Top-5-Alerts', - width: 50 + width: 50, }, { title: 'Top 5 - High risk alerts', id: 'Wazuh-App-Agents-OSCAP-Top-5-High-risk-alerts', - width: 50 - } - ] + width: 50, + }, + ], }, - ] + ], }, ciscat: { rows: [ @@ -581,16 +581,16 @@ export const agentVisualizations = { { title: 'Top 5 CIS-CAT groups', id: 'Wazuh-app-Agents-CISCAT-top-5-groups', - width: 60 + width: 60, }, { title: 'Scan result evolution', id: 'Wazuh-app-Agents-CISCAT-scan-result-evolution', - width: 40 - } - ] + width: 40, + }, + ], }, - ] + ], }, pm: { rows: [ @@ -600,25 +600,25 @@ export const agentVisualizations = { { title: 'Alerts over time', id: 'Wazuh-App-Agents-PM-Events-over-time', - width: 50 + width: 50, }, { title: 'Rule distribution', id: 'Wazuh-App-Agents-PM-Top-5-rules', - width: 50 - } - ] + width: 50, + }, + ], }, { height: 240, vis: [ { title: 'Events per control type evolution', - id: 'Wazuh-App-Agents-PM-Events-per-agent-evolution' - } - ] + id: 'Wazuh-App-Agents-PM-Events-per-agent-evolution', + }, + ], }, - ] + ], }, audit: { rows: [ @@ -628,30 +628,30 @@ export const agentVisualizations = { { title: 'Groups', id: 'Wazuh-App-Agents-Audit-Groups', - width: 33 + width: 33, }, { title: 'Commands', id: 'Wazuh-App-Agents-Audit-Commands', - width: 33 + width: 33, }, { title: 'Files', id: 'Wazuh-App-Agents-Audit-Files', - width: 34 - } - ] + width: 34, + }, + ], }, { height: 310, vis: [ { title: 'Alerts over time', - id: 'Wazuh-App-Agents-Audit-Alerts-over-time' - } - ] + id: 'Wazuh-App-Agents-Audit-Alerts-over-time', + }, + ], }, - ] + ], }, github: { rows: [ @@ -661,14 +661,14 @@ export const agentVisualizations = { { title: 'Alerts evolution by organization', id: 'Wazuh-App-Agents-GitHub-Alerts-Evolution-By-Organization', - width: 60 + width: 60, }, { title: 'Top 5 organizations by alerts', id: 'Wazuh-App-Agents-GitHub-Top-5-Organizations-By-Alerts', - width: 40 - } - ] + width: 40, + }, + ], }, { height: 360, @@ -676,15 +676,15 @@ export const agentVisualizations = { { title: 'Top alerts by action type and organization', id: 'Wazuh-App-Agents-GitHub-Alert-Action-Type-By-Organization', - width: 40 + width: 40, }, { title: 'Users with more alerts', id: 'Wazuh-App-Agents-GitHub-Users-With-More-Alerts', - width: 60 - } - ] + width: 60, + }, + ], }, - ] + ], }, }; diff --git a/plugins/main/public/components/visualize/visualizations.js b/plugins/main/public/components/visualize/visualizations.js index 28d3868fbe..63879c1a64 100644 --- a/plugins/main/public/components/visualize/visualizations.js +++ b/plugins/main/public/components/visualize/visualizations.js @@ -19,14 +19,14 @@ export const visualizations = { { title: 'Alert level evolution', id: 'Wazuh-App-Overview-General-Alert-level-evolution', - width: 60 + width: 60, }, { title: 'Top MITRE ATT&CKS', id: 'Wazuh-App-Overview-General-Alerts-Top-Mitre', - width: 40 - } - ] + width: 40, + }, + ], }, { height: 360, @@ -34,16 +34,16 @@ export const visualizations = { { title: 'Top 5 agents', id: 'Wazuh-App-Overview-General-Top-5-agents', - width: 30 + width: 30, }, { title: 'Alerts evolution - Top 5 agents', id: 'Wazuh-App-Overview-General-Alerts-evolution-Top-5-agents', - width: 70 + width: 70, }, - ] + ], }, - ] + ], }, fim: { rows: [ @@ -52,9 +52,9 @@ export const visualizations = { vis: [ { title: 'Alerts by action over time', - id: 'Wazuh-App-Agents-FIM-Alerts-by-action-over-time' - } - ] + id: 'Wazuh-App-Agents-FIM-Alerts-by-action-over-time', + }, + ], }, { height: 300, @@ -62,14 +62,14 @@ export const visualizations = { { title: 'Top 5 agents', id: 'Wazuh-App-Overview-FIM-Top-5-agents-pie', - width: 30 + width: 30, }, { title: 'Events summary', id: 'Wazuh-App-Overview-FIM-Events-summary', - width: 70 - } - ] + width: 70, + }, + ], }, { height: 350, @@ -77,21 +77,21 @@ export const visualizations = { { title: 'Rule distribution', id: 'Wazuh-App-Overview-FIM-Top-5-rules', - width: 33 + width: 33, }, { title: 'Actions', id: 'Wazuh-App-Overview-FIM-Common-actions', - width: 33 + width: 33, }, { title: 'Top 5 users', id: 'Wazuh-App-Overview-FIM-top-agents-user', - width: 34 - } - ] + width: 34, + }, + ], }, - ] + ], }, office: { rows: [ @@ -101,19 +101,19 @@ export const visualizations = { { title: 'Events by severity over time', id: 'Wazuh-App-Overview-Office-Rule-Level-Histogram', - width: 40 + width: 40, }, { title: 'IP address by Users', id: 'Wazuh-App-Overview-Office-IPs-By-User-Barchart', - width: 30 + width: 30, }, { title: 'Top Users By Subscription', id: 'Wazuh-App-Overview-Office-Top-Users-By-Subscription-Barchart', - width: 30 + width: 30, }, - ] + ], }, { height: 350, @@ -121,30 +121,30 @@ export const visualizations = { { title: 'Users by Operation Result', id: 'Wazuh-App-Overview-Office-User-By-Operation-Result', - width: 35 + width: 35, }, { title: 'Severity by User', id: 'Wazuh-App-Overview-Office-Severity-By-User-Barchart', - width: 30 + width: 30, }, { title: 'Rule Description by Level', id: 'Wazuh-App-Overview-Office-Rule-Description-Level-Table', - width: 35 + width: 35, }, - ] + ], }, { height: 570, vis: [ { title: 'Geolocation map', - id: 'Wazuh-App-Overview-Office-Location' - } - ] + id: 'Wazuh-App-Overview-Office-Location', + }, + ], }, - ] + ], }, aws: { rows: [ @@ -154,24 +154,24 @@ export const visualizations = { { title: 'Sources', id: 'Wazuh-App-Overview-AWS-Top-sources', - width: 25 + width: 25, }, { title: 'Accounts', id: 'Wazuh-App-Overview-AWS-Top-accounts', - width: 25 + width: 25, }, { title: 'S3 buckets', id: 'Wazuh-App-Overview-AWS-Top-buckets', - width: 25 + width: 25, }, { title: 'Regions', id: 'Wazuh-App-Overview-AWS-Top-regions', - width: 25 - } - ] + width: 25, + }, + ], }, { height: 300, @@ -179,25 +179,25 @@ export const visualizations = { { title: 'Events by source over time', id: 'Wazuh-App-Overview-AWS-Events-by-source', - width: 50 + width: 50, }, { title: 'Events by S3 bucket over time', id: 'Wazuh-App-Overview-AWS-Events-by-s3-bucket', - width: 50 - } - ] + width: 50, + }, + ], }, { height: 570, vis: [ { title: 'Geolocation map', - id: 'Wazuh-App-Overview-AWS-geo' - } - ] + id: 'Wazuh-App-Overview-AWS-geo', + }, + ], }, - ] + ], }, gcp: { rows: [ @@ -207,9 +207,9 @@ export const visualizations = { { title: 'Events over time by auth answer', id: 'Wazuh-App-Overview-GCP-Alerts-Evolution-By-AuthAnswer', - width: 100 - } - ] + width: 100, + }, + ], }, { height: 250, @@ -217,19 +217,19 @@ export const visualizations = { { title: 'Top instances by response code', id: 'Wazuh-App-Overview-GCP-Top-vmInstances-By-ResponseCode', - width: 25 + width: 25, }, { title: 'Resource type by project id', id: 'Wazuh-App-Overview-GCP-Top-ResourceType-By-Project-Id', - width: 50 + width: 50, }, { title: 'Top project id by sourcetype', id: 'Wazuh-App-Overview-GCP-Top-ProjectId-By-SourceType', - width: 25 + width: 25, }, - ] + ], }, { height: 450, @@ -237,11 +237,11 @@ export const visualizations = { { title: 'Top 5 Map by source IP address', id: 'Wazuh-App-Overview-GCP-Map-By-SourceIp', - width: 100 + width: 100, }, - ] + ], }, - ] + ], }, pci: { rows: [ @@ -251,43 +251,43 @@ export const visualizations = { { title: 'PCI DSS requirements', id: 'Wazuh-App-Overview-PCI-DSS-requirements', - width: 50 + width: 50, }, { title: 'Top 10 agents by alerts number', id: 'Wazuh-App-Overview-PCI-DSS-Agents', - width: 50 - } - ] + width: 50, + }, + ], }, { height: 300, vis: [ { title: 'Top requirements over time', - id: 'Wazuh-App-Overview-PCI-DSS-Requirements-over-time' - } - ] + id: 'Wazuh-App-Overview-PCI-DSS-Requirements-over-time', + }, + ], }, { height: 530, vis: [ { title: 'Last alerts', - id: 'Wazuh-App-Overview-PCI-DSS-Requirements-Agents-heatmap' - } - ] + id: 'Wazuh-App-Overview-PCI-DSS-Requirements-Agents-heatmap', + }, + ], }, { height: 255, vis: [ { title: 'Requirements by agent', - id: 'Wazuh-App-Overview-PCI-DSS-Requirements-by-agent' - } - ] + id: 'Wazuh-App-Overview-PCI-DSS-Requirements-by-agent', + }, + ], }, - ] + ], }, gdpr: { rows: [ @@ -297,43 +297,43 @@ export const visualizations = { { title: 'Top 10 agents by alerts number', id: 'Wazuh-App-Overview-GDPR-Agents', - width: 30 + width: 30, }, { title: 'GDPR requirements', id: 'Wazuh-App-Overview-GDPR-requirements', - width: 70 - } - ] + width: 70, + }, + ], }, { height: 300, vis: [ { title: 'Top requirements over time', - id: 'Wazuh-App-Overview-GDPR-Requirements-heatmap' - } - ] + id: 'Wazuh-App-Overview-GDPR-Requirements-heatmap', + }, + ], }, { height: 530, vis: [ { title: 'Last alerts', - id: 'Wazuh-App-Overview-GDPR-Requirements-Agents-heatmap' - } - ] + id: 'Wazuh-App-Overview-GDPR-Requirements-Agents-heatmap', + }, + ], }, { height: 255, vis: [ { title: 'Requirements by agent', - id: 'Wazuh-App-Overview-GDPR-Requirements-by-agent' - } - ] + id: 'Wazuh-App-Overview-GDPR-Requirements-by-agent', + }, + ], }, - ] + ], }, nist: { rows: [ @@ -343,19 +343,19 @@ export const visualizations = { { title: 'Most active agents', id: 'Wazuh-App-Overview-NIST-Agents', - width: 20 + width: 20, }, { title: 'Top requirements over time', id: 'Wazuh-App-Overview-NIST-Requirements-over-time', - width: 50 + width: 50, }, { title: 'Requirements distribution by agent', id: 'Wazuh-App-Overview-NIST-requirements-by-agents', - width: 30 - } - ] + width: 30, + }, + ], }, { height: 350, @@ -363,21 +363,21 @@ export const visualizations = { { title: 'Alerts volume by agent', id: 'Wazuh-App-Overview-NIST-Requirements-Agents-heatmap', - width: 50 + width: 50, }, { title: 'Stats', id: 'Wazuh-App-Overview-NIST-Metrics', - width: 20 + width: 20, }, { title: 'Top 10 requirements', id: 'Wazuh-App-Overview-NIST-Top-10-requirements', - width: 30 - } - ] + width: 30, + }, + ], }, - ] + ], }, tsc: { rows: [ @@ -387,43 +387,43 @@ export const visualizations = { { title: 'TSC requirements', id: 'Wazuh-App-Overview-TSC-requirements', - width: 50 + width: 50, }, { title: 'Top 10 agents by alerts number', id: 'Wazuh-App-Overview-TSC-Agents', - width: 50 - } - ] + width: 50, + }, + ], }, { height: 300, vis: [ { title: 'Top requirements over time', - id: 'Wazuh-App-Overview-TSC-Requirements-over-time' - } - ] + id: 'Wazuh-App-Overview-TSC-Requirements-over-time', + }, + ], }, { height: 530, vis: [ { title: 'Last alerts', - id: 'Wazuh-App-Overview-TSC-Requirements-Agents-heatmap' - } - ] + id: 'Wazuh-App-Overview-TSC-Requirements-Agents-heatmap', + }, + ], }, { height: 255, vis: [ { title: 'Requirements by agent', - id: 'Wazuh-App-Overview-TSC-Requirements-by-agent' - } - ] + id: 'Wazuh-App-Overview-TSC-Requirements-by-agent', + }, + ], }, - ] + ], }, hipaa: { rows: [ @@ -433,7 +433,7 @@ export const visualizations = { { title: 'Alerts volume by agent', id: 'Wazuh-App-Overview-HIPAA-Heatmap', - width: 50 + width: 50, }, { hasRows: true, @@ -445,14 +445,14 @@ export const visualizations = { { title: 'Most common alerts', id: 'Wazuh-App-Overview-HIPAA-Tag-cloud', - width: 50 + width: 50, }, { title: 'Top 10 requirements', id: 'Wazuh-App-Overview-HIPAA-Top-10-requirements', - width: 50 - } - ] + width: 50, + }, + ], }, { height: 285, @@ -461,18 +461,18 @@ export const visualizations = { { title: 'Most active agents', id: 'Wazuh-App-Overview-HIPAA-Top-10-agents', - width: 50 + width: 50, }, { title: 'Stats', id: 'Wazuh-App-Overview-HIPAA-Metrics', - width: 50 - } - ] - } - ] - } - ] + width: 50, + }, + ], + }, + ], + }, + ], }, { height: 400, @@ -480,17 +480,16 @@ export const visualizations = { { title: 'Requirements evolution over time', id: 'Wazuh-App-Overview-HIPAA-Top-requirements-over-time', - width: 50 + width: 50, }, { title: 'Requirements distribution by agent', - id: - 'Wazuh-App-Overview-HIPAA-Top-10-requirements-over-time-by-agent', - width: 50 - } - ] + id: 'Wazuh-App-Overview-HIPAA-Top-10-requirements-over-time-by-agent', + width: 50, + }, + ], }, - ] + ], }, vuls: { rows: [ @@ -500,14 +499,14 @@ export const visualizations = { { title: 'Most affected agents', id: 'Wazuh-App-Overview-vuls-Most-affected-agents', - width: 30 + width: 30, }, { title: 'Alerts severity', id: 'Wazuh-App-Overview-vuls-Alerts-severity', - width: 70 - } - ] + width: 70, + }, + ], }, { height: 330, @@ -515,19 +514,19 @@ export const visualizations = { { title: 'Most common CVEs', id: 'Wazuh-App-Overview-vuls-Most-common-CVEs', - width: 30 + width: 30, }, { title: 'TOP affected packages alerts Evolution', id: 'Wazuh-App-Overview-vuls-Vulnerability-evolution-affected-packages', - width: 40 + width: 40, }, { title: 'Most common CWEs', id: 'Wazuh-App-Overview-vuls-Most-common-CWEs', - width: 30 - } - ] + width: 30, + }, + ], }, { height: 450, @@ -535,16 +534,16 @@ export const visualizations = { { title: 'Top affected packages by CVEs', id: 'Wazuh-App-Overview-vuls-packages-CVEs', - width: 50 + width: 50, }, { title: 'Agents by severity', id: 'Wazuh-App-Overview-vuls-agents-severities', - width: 50 - } - ] + width: 50, + }, + ], }, - ] + ], }, virustotal: { rows: [ @@ -554,43 +553,43 @@ export const visualizations = { { title: 'Unique malicious files per agent', id: 'Wazuh-App-Overview-Virustotal-Malicious-Per-Agent', - width: 50 + width: 50, }, { title: 'Last scanned files', id: 'Wazuh-App-Overview-Virustotal-Last-Files-Pie', - width: 50 - } - ] + width: 50, + }, + ], }, { height: 550, vis: [ { title: 'Alerts evolution by agents', - id: 'Wazuh-App-Overview-Virustotal-Alerts-Evolution' - } - ] + id: 'Wazuh-App-Overview-Virustotal-Alerts-Evolution', + }, + ], }, { height: 250, vis: [ { title: 'Malicious files alerts evolution', - id: 'Wazuh-App-Overview-Virustotal-Malicious-Evolution' - } - ] + id: 'Wazuh-App-Overview-Virustotal-Malicious-Evolution', + }, + ], }, { height: 570, vis: [ { title: 'Last files', - id: 'Wazuh-App-Overview-Virustotal-Files-Table' - } - ] + id: 'Wazuh-App-Overview-Virustotal-Files-Table', + }, + ], }, - ] + ], }, osquery: { rows: [ @@ -600,19 +599,19 @@ export const visualizations = { { title: 'Top 5 Osquery events added', id: 'Wazuh-App-Overview-Osquery-Top-5-added', - width: 25 + width: 25, }, { title: 'Top 5 Osquery events removed', id: 'Wazuh-App-Overview-Osquery-Top-5-removed', - width: 25 + width: 25, }, { title: 'Evolution of Osquery events per pack over time', id: 'Wazuh-App-Agents-Osquery-Evolution', - width: 50 - } - ] + width: 50, + }, + ], }, { height: 300, @@ -620,16 +619,16 @@ export const visualizations = { { title: 'Most common packs', id: 'Wazuh-App-Overview-Osquery-Most-common-packs', - width: 30 + width: 30, }, { title: 'Top 5 rules', id: 'Wazuh-App-Overview-Osquery-Top-5-rules', - width: 70 - } - ] + width: 70, + }, + ], }, - ] + ], }, mitre: { rows: [ @@ -639,14 +638,14 @@ export const visualizations = { { title: 'Alerts evolution over time', id: 'Wazuh-App-Overview-MITRE-Alerts-Evolution', - width: 75 + width: 75, }, { title: 'Top tactics', id: 'Wazuh-App-Overview-MITRE-Top-Tactics', - width: 25 - } - ] + width: 25, + }, + ], }, { height: 360, @@ -654,21 +653,21 @@ export const visualizations = { { title: 'Attacks by technique', id: 'Wazuh-App-Overview-MITRE-Attacks-By-Technique', - width: 33 + width: 33, }, { title: 'Top tactics by agent', id: 'Wazuh-App-Overview-MITRE-Top-Tactics-By-Agent', - width: 34 + width: 34, }, { title: 'Mitre techniques by agent', id: 'Wazuh-App-Overview-MITRE-Attacks-By-Agent', - width: 33 - } - ] + width: 33, + }, + ], }, - ] + ], }, docker: { rows: [ @@ -678,30 +677,31 @@ export const visualizations = { { title: 'Top 5 images', id: 'Wazuh-App-Overview-Docker-top-5-images', - width: 25 + width: 33, }, { title: 'Top 5 events', - id: 'Wazuh-App-Overview-Docker-top-5-actions', - width: 25 + id: 'Wazuh-App-Overview-Docker-top-5-events', + width: 33, }, { - title: 'Resources usage over time', - id: 'Wazuh-App-Overview-Docker-Types-over-time', - width: 50 - } - ] + title: 'Events by source over time', + id: 'Wazuh-App-Overview-Docker-Events-By-Source-Over-Time', + width: 34, + }, + ], }, { - height: 300, + height: 400, vis: [ { - title: 'Events occurred evolution', - id: 'Wazuh-App-Overview-Docker-Actions-over-time' - } - ] + title: 'Events', + id: 'Wazuh-App-Overview-Docker-Events', + width: 100, + }, + ], }, - ] + ], }, oscap: { rows: [ @@ -711,33 +711,33 @@ export const visualizations = { { title: 'Top 5 Agents', id: 'Wazuh-App-Overview-OSCAP-Agents', - width: 25 + width: 25, }, { title: 'Top 5 Profiles', id: 'Wazuh-App-Overview-OSCAP-Profiles', - width: 25 + width: 25, }, { title: 'Top 5 Content', id: 'Wazuh-App-Overview-OSCAP-Content', - width: 25 + width: 25, }, { title: 'Top 5 Severity', id: 'Wazuh-App-Overview-OSCAP-Severity', - width: 25 - } - ] + width: 25, + }, + ], }, { height: 240, vis: [ { title: 'Top 5 Agents - Severity high', - id: 'Wazuh-App-Overview-OSCAP-Top-5-agents-Severity-high' - } - ] + id: 'Wazuh-App-Overview-OSCAP-Top-5-agents-Severity-high', + }, + ], }, { height: 320, @@ -745,16 +745,16 @@ export const visualizations = { { title: 'Top 10 - Alerts', id: 'Wazuh-App-Overview-OSCAP-Top-10-alerts', - width: 50 + width: 50, }, { title: 'Top 10 - High risk alerts', id: 'Wazuh-App-Overview-OSCAP-Top-10-high-risk-alerts', - width: 50 - } - ] + width: 50, + }, + ], }, - ] + ], }, ciscat: { rows: [ @@ -764,49 +764,46 @@ export const visualizations = { { title: 'Top 5 CIS-CAT groups', id: 'Wazuh-app-Overview-CISCAT-top-5-groups', - width: 60 + width: 60, }, { title: 'Scan result evolution', id: 'Wazuh-app-Overview-CISCAT-scan-result-evolution', - width: 40 - } - ] + width: 40, + }, + ], }, - ] + ], }, pm: { rows: [ { - height: 290, + height: 300, vis: [ { - title: 'Events over time', - id: 'Wazuh-App-Overview-PM-Events-over-time', - width: 50 + title: 'Emotet malware activity', + id: 'Wazuh-App-Overview-PM-Emotet-Malware-Activity', + width: 30, }, { - title: 'Rule distribution', - id: 'Wazuh-App-Overview-PM-Top-5-rules', - width: 25 + title: 'Rootkits activity over time', + id: 'Wazuh-App-Overview-PM-Rootkits-Activity-Over-Time', + width: 70, }, - { - title: 'Top 5 agents', - id: 'Wazuh-App-Overview-PM-Top-5-agents-pie', - width: 25 - } - ] + ], }, + { - height: 240, + height: 400, vis: [ { - title: 'Events per control type evolution', - id: 'Wazuh-App-Overview-PM-Events-per-agent-evolution' - } - ] + title: 'Security alerts', + id: 'Wazuh-App-Overview-PM-Security-Alerts', + width: 100, + }, + ], }, - ] + ], }, audit: { rows: [ @@ -816,35 +813,35 @@ export const visualizations = { { title: 'Groups', id: 'Wazuh-App-Overview-Audit-Groups', - width: 25 + width: 25, }, { title: 'Agents', id: 'Wazuh-App-Overview-Audit-Agents', - width: 25 + width: 25, }, { title: 'Commands', id: 'Wazuh-App-Overview-Audit-Commands', - width: 25 + width: 25, }, { title: 'Files', id: 'Wazuh-App-Overview-Audit-Files', - width: 25 - } - ] + width: 25, + }, + ], }, { height: 310, vis: [ { title: 'Alerts over time', - id: 'Wazuh-App-Overview-Audit-Alerts-over-time' - } - ] + id: 'Wazuh-App-Overview-Audit-Alerts-over-time', + }, + ], }, - ] + ], }, github: { rows: [ @@ -854,14 +851,14 @@ export const visualizations = { { title: 'Alerts evolution by organization', id: 'Wazuh-App-Overview-GitHub-Alerts-Evolution-By-Organization', - width: 60 + width: 60, }, { title: 'Top 5 organizations by alerts', id: 'Wazuh-App-Overview-GitHub-Top-5-Organizations-By-Alerts', - width: 40 - } - ] + width: 40, + }, + ], }, { height: 360, @@ -869,15 +866,15 @@ export const visualizations = { { title: 'Top alerts by action type and organization', id: 'Wazuh-App-Overview-GitHub-Alert-Action-Type-By-Organization', - width: 40 + width: 40, }, { title: 'Users with more alerts', id: 'Wazuh-App-Overview-GitHub-Users-With-More-Alerts', - width: 60 - } - ] + width: 60, + }, + ], }, - ] + ], }, }; diff --git a/plugins/main/public/components/visualize/wz-visualize.js b/plugins/main/public/components/visualize/wz-visualize.js index a2f9120ffe..80e1e427c9 100644 --- a/plugins/main/public/components/visualize/wz-visualize.js +++ b/plugins/main/public/components/visualize/wz-visualize.js @@ -39,12 +39,13 @@ import { UI_LOGGER_LEVELS } from '../../../common/constants'; import { UI_ERROR_SEVERITIES } from '../../react-services/error-orchestrator/types'; import { getErrorOrchestrator } from '../../react-services/common-services'; import { webDocumentationLink } from '../../../common/services/web_documentation'; +import Dashboard from '../../components/agents/sca/dashboard/dashboard'; const visHandler = new VisHandlers(); export const WzVisualize = compose( withErrorBoundary, - withReduxProvider + withReduxProvider, )( class WzVisualize extends Component { _isMount = false; @@ -64,7 +65,9 @@ export const WzVisualize = compose( const wazuhConfig = new WazuhConfig(); this.commonData = new CommonData(); const configuration = wazuhConfig.getConfig(); - this.monitoringEnabled = !!(configuration || {})['wazuh.monitoring.enabled']; + this.monitoringEnabled = !!(configuration || {})[ + 'wazuh.monitoring.enabled' + ]; this.newFields = {}; } @@ -96,7 +99,9 @@ export const WzVisualize = compose( ) { this._isMount && this.setState({ - visualizations: !!this.props.isAgent ? agentVisualizations : visualizations, + visualizations: !!this.props.isAgent + ? agentVisualizations + : visualizations, }); visHandler.removeAll(); } @@ -106,8 +111,10 @@ export const WzVisualize = compose( this._isMount = false; } - expand = (id) => { - this.setState({ expandedVis: this.state.expandedVis === id ? false : id }); + expand = id => { + this.setState({ + expandedVis: this.state.expandedVis === id ? false : id, + }); }; refreshKnownFields = async (newField = null) => { @@ -131,49 +138,56 @@ export const WzVisualize = compose( severity: UI_ERROR_SEVERITIES.BUSINESS, error: { error: error, - message: 'The index pattern could not be refreshed' || error.message || error, + message: + 'The index pattern could not be refreshed' || + error.message || + error, title: error.name || error, }, }; getErrorOrchestrator().handleError(options); } } else if (this.isRefreshing) { - await new Promise((r) => setTimeout(r, 150)); + await new Promise(r => setTimeout(r, 150)); await this.refreshKnownFields(); } }; reloadToast = () => { const toastLifeTimeMs = 300000; const urlTroubleShootingDocs = webDocumentationLink( - 'user-manual/elasticsearch/troubleshooting.html#index-pattern-was-refreshed-toast-keeps-popping-up' + 'user-manual/elasticsearch/troubleshooting.html#index-pattern-was-refreshed-toast-keeps-popping-up', ); getToasts().add({ color: 'success', title: 'The index pattern was refreshed successfully.', - text: toMountPoint( - - There were some unknown fields for the current index pattern. - You need to refresh the page to apply the changes. - - Troubleshooting - - - - window.location.reload()} size="s">Reload page - - ), - toastLifeTimeMs + text: toMountPoint( + + + There were some unknown fields for the current index pattern. You + need to refresh the page to apply the changes. + + Troubleshooting + + + + window.location.reload()} size='s'> + Reload page + + + , + ), + toastLifeTimeMs, }); }; render() { const { visualizations } = this.state; const { selectedTab } = this.props; - const renderVisualizations = (vis) => { + const renderVisualizations = vis => { return ( - - -

{vis.title}

+ + +

+ {vis.title} +

this.expand(vis.id)} - iconType="expand" - aria-label="Expand" + iconType='expand' + aria-label='Expand' />
@@ -227,7 +248,7 @@ export const WzVisualize = compose( marginBottom: visRow.noMargin ? '' : '4px', }} > - {visRow.vis.map((visualizeRow) => { + {visRow.vis.map(visualizeRow => { return renderVisualizations(visualizeRow); })} @@ -243,18 +264,25 @@ export const WzVisualize = compose( {this.props.resultState === 'ready' && } {this.props.resultState === 'none' && ( -
+
)} - + {this.props.resultState === 'ready' && ( - + )} {selectedTab && @@ -280,36 +308,52 @@ export const WzVisualize = compose( ); })} + + + {this.props.selectedTab === 'sca' && + this.props.resultState !== 'none' && ( + + + + )} + + - {this.props.selectedTab === 'general' && this.props.resultState !== 'none' && ( - - - -

Security Alerts

- this.expand('security-alerts')} - iconType="expand" - aria-label="Expand" - /> - - - - - )} + {this.props.selectedTab === 'general' && + this.props.resultState !== 'none' && ( + + + +

+ Security Alerts +

+ this.expand('security-alerts')} + iconType='expand' + aria-label='Expand' + /> + + + + + )} ); } - } + }, ); diff --git a/plugins/main/public/redux/store.js b/plugins/main/public/redux/store.js index 9e7ccb38a3..4244931cc1 100644 --- a/plugins/main/public/redux/store.js +++ b/plugins/main/public/redux/store.js @@ -10,7 +10,15 @@ * Find more information about this on the LICENSE file. */ -import { createStore } from 'redux'; -import rootReducers from './reducers/rootReducers'; +// import { createStore } from 'redux'; +// import rootReducers from './reducers/rootReducers'; -export default createStore(rootReducers); +// export default createStore(rootReducers); + +import { createStore, applyMiddleware } from 'redux'; +import thunk from 'redux-thunk'; +import rootReducer from './reducers/rootReducers'; + +const store = createStore(rootReducer, applyMiddleware(thunk)); + +export default store; diff --git a/plugins/main/public/templates/agents/visualizations.js b/plugins/main/public/templates/agents/visualizations.js index 169299fdf9..910d025044 100644 --- a/plugins/main/public/templates/agents/visualizations.js +++ b/plugins/main/public/templates/agents/visualizations.js @@ -19,10 +19,10 @@ export const visualizations = { { title: 'Alert groups evolution', id: 'Wazuh-App-Agents-General-Alert-groups-evolution', - width: 50 + width: 50, }, - { title: 'Alerts', id: 'Wazuh-App-Agents-General-Alerts', width: 50 } - ] + { title: 'Alerts', id: 'Wazuh-App-Agents-General-Alerts', width: 50 }, + ], }, { height: 300, @@ -30,21 +30,21 @@ export const visualizations = { { title: 'Top 5 agents', id: 'Wazuh-App-Agents-General-Top-5-alerts', - width: 33 + width: 33, }, { title: 'Top 5 rule groups', id: 'Wazuh-App-Agents-General-Top-10-groups', - width: 33 + width: 33, }, { title: 'Top 5 PCI DSS Requirements', id: 'Wazuh-App-Agents-General-Top-5-PCI-DSS-Requirements', - width: 33 - } - ] + width: 33, + }, + ], }, - ] + ], }, fim: { rows: [ @@ -54,19 +54,19 @@ export const visualizations = { { title: 'Most active users', id: 'Wazuh-App-Agents-FIM-Users', - width: 30 + width: 30, }, { title: 'Actions', id: 'Wazuh-App-Agents-FIM-Actions', - width: 30 + width: 30, }, { title: 'Events', id: 'Wazuh-App-Agents-FIM-Events', - width: 40 - } - ] + width: 40, + }, + ], }, { height: 230, @@ -74,21 +74,21 @@ export const visualizations = { { title: 'Files added', id: 'Wazuh-App-Agents-FIM-Files-added', - width: 33 + width: 33, }, { title: 'Files modified', id: 'Wazuh-App-Agents-FIM-Files-modified', - width: 33 + width: 33, }, { title: 'Files deleted', id: 'Wazuh-App-Agents-FIM-Files-deleted', - width: 33 - } - ] + width: 33, + }, + ], }, - ] + ], }, pci: { rows: [ @@ -98,19 +98,19 @@ export const visualizations = { { title: 'Top 5 rule groups', id: 'Wazuh-App-Agents-PCI-Groups', - width: 33 + width: 33, }, { title: 'Top 5 rules', id: 'Wazuh-App-Agents-PCI-Rule', - width: 33 + width: 33, }, { title: 'Top 5 PCI DSS requirements', id: 'Wazuh-App-Agents-PCI-Requirement', - width: 33 - } - ] + width: 33, + }, + ], }, { height: 300, @@ -118,16 +118,16 @@ export const visualizations = { { title: 'PCI Requirements', id: 'Wazuh-App-Agents-PCI-Requirements', - width: 70 + width: 70, }, { title: 'Rule level distribution', id: 'Wazuh-App-Agents-PCI-Rule-level-distribution', - width: 30 - } - ] + width: 30, + }, + ], }, - ] + ], }, gdpr: { rows: [ @@ -137,19 +137,19 @@ export const visualizations = { { title: 'Top 5 rule groups', id: 'Wazuh-App-Agents-GDPR-Groups', - width: 33 + width: 33, }, { title: 'Top 5 rules', id: 'Wazuh-App-Agents-GDPR-Rule', - width: 33 + width: 33, }, { title: 'Top 5 GDPR requirements', id: 'Wazuh-App-Agents-GDPR-Requirement', - width: 33 - } - ] + width: 33, + }, + ], }, { height: 300, @@ -157,16 +157,16 @@ export const visualizations = { { title: 'GDPR Requirements', id: 'Wazuh-App-Agents-GDPR-Requirements', - width: 70 + width: 70, }, { title: 'Rule level distribution', id: 'Wazuh-App-Agents-GDPR-Rule-level-distribution', - width: 30 - } - ] + width: 30, + }, + ], }, - ] + ], }, nist: { rows: [ @@ -176,30 +176,30 @@ export const visualizations = { { title: 'Stats', id: 'Wazuh-App-Agents-NIST-Stats', - width: 25 + width: 25, }, { title: 'Top 10 requirements', id: 'Wazuh-App-Agents-NIST-top-10-requirements', - width: 25 + width: 25, }, { title: 'Requirements distributed by level', id: 'Wazuh-App-Agents-NIST-Requirement-by-level', - width: 50 - } - ] + width: 50, + }, + ], }, { height: 300, vis: [ { title: 'Requirements over time', - id: 'Wazuh-App-Agents-NIST-Requirements-stacked-overtime' - } - ] + id: 'Wazuh-App-Agents-NIST-Requirements-stacked-overtime', + }, + ], }, - ] + ], }, tsc: { rows: [ @@ -209,43 +209,43 @@ export const visualizations = { { title: 'TSC requirements', id: 'Wazuh-App-Overview-TSC-requirements', - width: 50 + width: 50, }, { title: 'Top 10 agents by alerts number', id: 'Wazuh-App-Overview-TSC-Agents', - width: 50 - } - ] + width: 50, + }, + ], }, { height: 300, vis: [ { title: 'Top requirements over time', - id: 'Wazuh-App-Overview-TSC-Requirements-over-time' - } - ] + id: 'Wazuh-App-Overview-TSC-Requirements-over-time', + }, + ], }, { height: 530, vis: [ { title: 'Last alerts', - id: 'Wazuh-App-Overview-TSC-Requirements-Agents-heatmap' - } - ] + id: 'Wazuh-App-Overview-TSC-Requirements-Agents-heatmap', + }, + ], }, { height: 255, vis: [ { title: 'Requirements by agent', - id: 'Wazuh-App-Overview-TSC-Requirements-by-agent' - } - ] + id: 'Wazuh-App-Overview-TSC-Requirements-by-agent', + }, + ], }, - ] + ], }, hipaa: { rows: [ @@ -255,14 +255,14 @@ export const visualizations = { { title: 'Requirements over time', id: 'Wazuh-App-Agents-HIPAA-Requirements-Stacked-Overtime', - width: 50 + width: 50, }, { title: 'Top 10 requirements', id: 'Wazuh-App-Agents-HIPAA-top-10', - width: 50 - } - ] + width: 50, + }, + ], }, { height: 300, @@ -270,21 +270,21 @@ export const visualizations = { { title: 'HIPAA requirements', id: 'Wazuh-App-Agents-HIPAA-Burbles', - width: 45 + width: 45, }, { title: 'Requirements distribution by level', id: 'Wazuh-App-Agents-HIPAA-Distributed-By-Level', - width: 30 + width: 30, }, { title: 'Most common alerts', id: 'Wazuh-App-Agents-HIPAA-Most-Common', - width: 25 - } - ] + width: 25, + }, + ], }, - ] + ], }, virustotal: { rows: [ @@ -294,25 +294,25 @@ export const visualizations = { { title: 'Last scanned files', id: 'Wazuh-App-Agents-Virustotal-Last-Files-Pie', - width: 33 + width: 33, }, { title: 'Malicious files alerts Evolution', id: 'Wazuh-App-Agents-Virustotal-Malicious-Evolution', - width: 67 - } - ] + width: 67, + }, + ], }, { height: 570, vis: [ { title: 'Last files', - id: 'Wazuh-App-Agents-Virustotal-Files-Table' - } - ] + id: 'Wazuh-App-Agents-Virustotal-Files-Table', + }, + ], }, - ] + ], }, osquery: { rows: [ @@ -322,14 +322,14 @@ export const visualizations = { { title: 'Most common Osquery actions', id: 'Wazuh-App-Agents-Osquery-most-common-osquery-actions', - width: 30 + width: 30, }, { title: 'Evolution of Osquery events per pack over time', id: 'Wazuh-App-Agents-Osquery-Evolution', - width: 70 - } - ] + width: 70, + }, + ], }, { height: 300, @@ -337,16 +337,16 @@ export const visualizations = { { title: 'Most common Osquery packs being used', id: 'Wazuh-App-Agents-Osquery-top-5-packs-being-used', - width: 30 + width: 30, }, { title: 'Most common rules', id: 'Wazuh-App-Agents-Osquery-monst-common-rules-being-fired', - width: 70 - } - ] + width: 70, + }, + ], }, - ] + ], }, docker: { rows: [ @@ -356,30 +356,30 @@ export const visualizations = { { title: 'Top 5 images', id: 'Wazuh-App-Agents-Docker-top-5-images', - width: 25 + width: 25, }, { title: 'Top 5 events', id: 'Wazuh-App-Agents-Docker-top-5-actions', - width: 25 + width: 25, }, { title: 'Resources usage over time', id: 'Wazuh-App-Agents-Docker-Types-over-time', - width: 50 - } - ] + width: 50, + }, + ], }, { height: 300, vis: [ { title: 'Events occurred evolution', - id: 'Wazuh-App-Agents-Docker-Actions-over-time' - } - ] + id: 'Wazuh-App-Agents-Docker-Actions-over-time', + }, + ], }, - ] + ], }, oscap: { rows: [ @@ -389,33 +389,33 @@ export const visualizations = { { title: 'Top 5 Scans', id: 'Wazuh-App-Agents-OSCAP-Scans', - width: 25 + width: 25, }, { title: 'Top 5 Profiles', id: 'Wazuh-App-Agents-OSCAP-Profiles', - width: 25 + width: 25, }, { title: 'Top 5 Content', id: 'Wazuh-App-Agents-OSCAP-Content', - width: 25 + width: 25, }, { title: 'Top 5 Severity', id: 'Wazuh-App-Agents-OSCAP-Severity', - width: 25 - } - ] + width: 25, + }, + ], }, { height: 230, vis: [ { title: 'Daily scans evolution', - id: 'Wazuh-App-Agents-OSCAP-Daily-scans-evolution' - } - ] + id: 'Wazuh-App-Agents-OSCAP-Daily-scans-evolution', + }, + ], }, { height: 250, @@ -423,16 +423,16 @@ export const visualizations = { { title: 'Top 5 - Alerts', id: 'Wazuh-App-Agents-OSCAP-Top-5-Alerts', - width: 50 + width: 50, }, { title: 'Top 5 - High risk alerts', id: 'Wazuh-App-Agents-OSCAP-Top-5-High-risk-alerts', - width: 50 - } - ] + width: 50, + }, + ], }, - ] + ], }, ciscat: { rows: [ @@ -442,16 +442,16 @@ export const visualizations = { { title: 'Top 5 CIS-CAT groups', id: 'Wazuh-app-Agents-CISCAT-top-5-groups', - width: 60 + width: 60, }, { title: 'Scan result evolution', id: 'Wazuh-app-Agents-CISCAT-scan-result-evolution', - width: 40 - } - ] + width: 40, + }, + ], }, - ] + ], }, pm: { rows: [ @@ -461,25 +461,25 @@ export const visualizations = { { title: 'Alerts over time', id: 'Wazuh-App-Agents-PM-Events-over-time', - width: 50 + width: 50, }, { title: 'Rule distribution', id: 'Wazuh-App-Agents-PM-Top-5-rules', - width: 50 - } - ] + width: 50, + }, + ], }, { height: 240, vis: [ { title: 'Events per control type evolution', - id: 'Wazuh-App-Agents-PM-Events-per-agent-evolution' - } - ] + id: 'Wazuh-App-Agents-PM-Events-per-agent-evolution', + }, + ], }, - ] + ], }, audit: { rows: [ @@ -489,29 +489,29 @@ export const visualizations = { { title: 'Groups', id: 'Wazuh-App-Agents-Audit-Groups', - width: 33 + width: 33, }, { title: 'Commands', id: 'Wazuh-App-Agents-Audit-Commands', - width: 33 + width: 33, }, { title: 'Files', id: 'Wazuh-App-Agents-Audit-Files', - width: 33 - } - ] + width: 33, + }, + ], }, { height: 310, vis: [ { title: 'Alerts over time', - id: 'Wazuh-App-Agents-Audit-Alerts-over-time' - } - ] + id: 'Wazuh-App-Agents-Audit-Alerts-over-time', + }, + ], }, - ] - } + ], + }, }; diff --git a/plugins/main/server/integration-files/visualizations/overview/overview-aws.ts b/plugins/main/server/integration-files/visualizations/overview/overview-aws.ts index b0e0ffd5ca..7a84b7e084 100644 --- a/plugins/main/server/integration-files/visualizations/overview/overview-aws.ts +++ b/plugins/main/server/integration-files/visualizations/overview/overview-aws.ts @@ -28,7 +28,13 @@ export default [ totalFunc: 'sum', }, aggs: [ - { id: '1', enabled: true, type: 'count', schema: 'metric', params: {} }, + { + id: '1', + enabled: true, + type: 'count', + schema: 'metric', + params: {}, + }, { id: '3', enabled: true, @@ -96,9 +102,17 @@ export default [ legendPosition: 'bottomright', mapZoom: 1, mapCenter: [0, 0], - wms: { enabled: false, options: { format: 'image/png', transparent: true } }, + wms: { + enabled: false, + options: { format: 'image/png', transparent: true }, + }, dimensions: { - metric: { accessor: 1, format: { id: 'number' }, params: {}, aggType: 'count' }, + metric: { + accessor: 1, + format: { id: 'number' }, + params: {}, + aggType: 'count', + }, geohash: { accessor: 0, format: { id: 'string' }, @@ -114,7 +128,13 @@ export default [ }, }, aggs: [ - { id: '1', enabled: true, type: 'count', schema: 'metric', params: {} }, + { + id: '1', + enabled: true, + type: 'count', + schema: 'metric', + params: {}, + }, { id: '2', enabled: true, @@ -157,7 +177,11 @@ export default [ type: 'area', params: { type: 'area', - grid: { categoryLines: true, style: { color: '#eee' }, valueAxis: 'ValueAxis-1' }, + grid: { + categoryLines: true, + style: { color: '#eee' }, + valueAxis: 'ValueAxis-1', + }, categoryAxes: [ { id: 'CategoryAxis-1', @@ -202,7 +226,13 @@ export default [ addTimeMarker: false, }, aggs: [ - { id: '1', enabled: true, type: 'count', schema: 'metric', params: {} }, + { + id: '1', + enabled: true, + type: 'count', + schema: 'metric', + params: {}, + }, { id: '2', enabled: true, @@ -264,10 +294,21 @@ export default [ addLegend: true, legendPosition: 'right', isDonut: true, - labels: { show: false, values: true, last_level: true, truncate: 100 }, + labels: { + show: false, + values: true, + last_level: true, + truncate: 100, + }, }, aggs: [ - { id: '1', enabled: true, type: 'count', schema: 'metric', params: {} }, + { + id: '1', + enabled: true, + type: 'count', + schema: 'metric', + params: {}, + }, { id: '2', enabled: true, @@ -312,10 +353,21 @@ export default [ addLegend: true, legendPosition: 'right', isDonut: true, - labels: { show: false, values: true, last_level: true, truncate: 100 }, + labels: { + show: false, + values: true, + last_level: true, + truncate: 100, + }, }, aggs: [ - { id: '1', enabled: true, type: 'count', schema: 'metric', params: {} }, + { + id: '1', + enabled: true, + type: 'count', + schema: 'metric', + params: {}, + }, { id: '2', enabled: true, @@ -360,10 +412,21 @@ export default [ addLegend: true, legendPosition: 'right', isDonut: true, - labels: { show: false, values: true, last_level: true, truncate: 100 }, + labels: { + show: false, + values: true, + last_level: true, + truncate: 100, + }, }, aggs: [ - { id: '1', enabled: true, type: 'count', schema: 'metric', params: {} }, + { + id: '1', + enabled: true, + type: 'count', + schema: 'metric', + params: {}, + }, { id: '2', enabled: true, @@ -408,10 +471,21 @@ export default [ addLegend: true, legendPosition: 'right', isDonut: true, - labels: { show: false, values: true, last_level: true, truncate: 100 }, + labels: { + show: false, + values: true, + last_level: true, + truncate: 100, + }, }, aggs: [ - { id: '1', enabled: true, type: 'count', schema: 'metric', params: {} }, + { + id: '1', + enabled: true, + type: 'count', + schema: 'metric', + params: {}, + }, { id: '2', enabled: true, @@ -452,7 +526,11 @@ export default [ type: 'area', params: { type: 'area', - grid: { categoryLines: true, style: { color: '#eee' }, valueAxis: 'ValueAxis-1' }, + grid: { + categoryLines: true, + style: { color: '#eee' }, + valueAxis: 'ValueAxis-1', + }, categoryAxes: [ { id: 'CategoryAxis-1', @@ -497,7 +575,13 @@ export default [ addTimeMarker: false, }, aggs: [ - { id: '1', enabled: true, type: 'count', schema: 'metric', params: {} }, + { + id: '1', + enabled: true, + type: 'count', + schema: 'metric', + params: {}, + }, { id: '2', enabled: true, @@ -563,7 +647,13 @@ export default [ totalFunc: 'sum', }, aggs: [ - { id: '1', enabled: true, type: 'count', schema: 'metric', params: {} }, + { + id: '1', + enabled: true, + type: 'count', + schema: 'metric', + params: {}, + }, { id: '2', enabled: true, diff --git a/plugins/main/server/integration-files/visualizations/overview/overview-docker.ts b/plugins/main/server/integration-files/visualizations/overview/overview-docker.ts index e66d27bf8a..ff0743f5fd 100644 --- a/plugins/main/server/integration-files/visualizations/overview/overview-docker.ts +++ b/plugins/main/server/integration-files/visualizations/overview/overview-docker.ts @@ -11,40 +11,134 @@ */ export default [ { - _id: 'Wazuh-App-Overview-Docker-top-5-actions', + _id: 'Wazuh-App-Overview-Docker-Events-By-Source-Over-Time', _type: 'visualization', _source: { - title: 'Top 5 actions', + title: 'Events by source over time', visState: JSON.stringify({ - title: 'Top 5 actions', - type: 'pie', - params: { - type: 'pie', - addTooltip: true, - addLegend: true, - legendPosition: 'right', - isDonut: true, - labels: { show: false, values: true, last_level: true, truncate: 100 }, - }, + title: 'Events by source over time', + type: 'histogram', aggs: [ - { id: '1', enabled: true, type: 'count', schema: 'metric', params: {} }, + { + id: '1', + enabled: true, + type: 'count', + params: {}, + schema: 'metric', + }, { id: '2', enabled: true, - type: 'terms', + type: 'date_histogram', + params: { + field: 'timestamp', + timeRange: { + from: 'now-7d', + to: 'now', + }, + useNormalizedOpenSearchInterval: true, + scaleMetricValues: false, + interval: 'auto', + drop_partials: false, + min_doc_count: 1, + extended_bounds: {}, + }, schema: 'segment', + }, + { + id: '3', + enabled: true, + type: 'terms', params: { - field: 'data.docker.Action', - size: 5, - order: 'desc', + field: 'data.docker.Type', orderBy: '1', + order: 'desc', + size: 5, otherBucket: false, otherBucketLabel: 'Other', missingBucket: false, missingBucketLabel: 'Missing', }, + schema: 'group', }, ], + params: { + type: 'histogram', + grid: { + categoryLines: false, + }, + categoryAxes: [ + { + id: 'CategoryAxis-1', + type: 'category', + position: 'bottom', + show: true, + style: {}, + scale: { + type: 'linear', + }, + labels: { + show: true, + filter: true, + truncate: 100, + }, + title: {}, + }, + ], + valueAxes: [ + { + id: 'ValueAxis-1', + name: 'LeftAxis-1', + type: 'value', + position: 'left', + show: true, + style: {}, + scale: { + type: 'linear', + mode: 'normal', + }, + labels: { + show: true, + rotate: 0, + filter: false, + truncate: 100, + }, + title: { + text: 'Count', + }, + }, + ], + seriesParams: [ + { + show: true, + type: 'histogram', + mode: 'stacked', + data: { + label: 'Count', + id: '1', + }, + valueAxis: 'ValueAxis-1', + drawLinesBetweenPoints: true, + lineWidth: 2, + showCircles: true, + }, + ], + addTooltip: true, + addLegend: true, + legendPosition: 'right', + times: [], + addTimeMarker: false, + labels: { + show: false, + }, + thresholdLine: { + show: false, + value: 10, + width: 1, + style: 'full', + color: '#E7664C', + }, + }, }), uiStateJSON: '{}', description: '', @@ -72,10 +166,21 @@ export default [ addLegend: true, legendPosition: 'right', isDonut: true, - labels: { show: false, values: true, last_level: true, truncate: 100 }, + labels: { + show: false, + values: true, + last_level: true, + truncate: 100, + }, }, aggs: [ - { id: '1', enabled: true, type: 'count', schema: 'metric', params: {} }, + { + id: '1', + enabled: true, + type: 'count', + schema: 'metric', + params: {}, + }, { id: '2', enabled: true, @@ -106,6 +211,65 @@ export default [ }, }, }, + { + _id: 'Wazuh-App-Overview-Docker-top-5-events', + _type: 'visualization', + _source: { + title: 'Top 5 events', + visState: JSON.stringify({ + title: 'Top 5 events', + type: 'pie', + aggs: [ + { + id: '1', + enabled: true, + type: 'count', + params: {}, + schema: 'metric', + }, + { + id: '2', + enabled: true, + type: 'terms', + params: { + field: 'data.docker.Action', + orderBy: '1', + order: 'desc', + size: 5, + otherBucket: false, + otherBucketLabel: 'Other', + missingBucket: false, + missingBucketLabel: 'Missing', + }, + schema: 'segment', + }, + ], + params: { + type: 'pie', + addTooltip: true, + addLegend: true, + legendPosition: 'right', + isDonut: true, + labels: { + show: false, + values: true, + last_level: true, + truncate: 100, + }, + }, + }), + uiStateJSON: '{}', + description: '', + version: 1, + kibanaSavedObjectMeta: { + searchSourceJSON: JSON.stringify({ + index: 'wazuh-alerts', + query: { query: '', language: 'lucene' }, + filter: [], + }), + }, + }, + }, { _id: 'Wazuh-App-Overview-Docker-Events-summary', _type: 'visualization', @@ -124,7 +288,13 @@ export default [ totalFunc: 'sum', }, aggs: [ - { id: '1', enabled: true, type: 'count', schema: 'metric', params: {} }, + { + id: '1', + enabled: true, + type: 'count', + schema: 'metric', + params: {}, + }, { id: '2', enabled: true, @@ -178,7 +348,8 @@ export default [ }, ], }), - uiStateJSON: '{"vis":{"params":{"sort":{"columnIndex":3,"direction":"desc"}}}}', + uiStateJSON: + '{"vis":{"params":{"sort":{"columnIndex":3,"direction":"desc"}}}}', description: '', version: 1, kibanaSavedObjectMeta: { @@ -194,91 +365,149 @@ export default [ _id: 'Wazuh-App-Overview-Docker-Types-over-time', _type: 'visualization', _source: { - title: 'Types over time', + title: 'Events', visState: JSON.stringify({ - title: 'Types over time', - type: 'histogram', - params: { - type: 'histogram', - grid: { categoryLines: true, style: { color: '#eee' }, valueAxis: 'ValueAxis-1' }, - categoryAxes: [ - { - id: 'CategoryAxis-1', - type: 'category', - position: 'bottom', - show: true, - style: {}, - scale: { type: 'linear' }, - labels: { show: true, filter: true, truncate: 100 }, - title: {}, - }, - ], - valueAxes: [ - { - id: 'ValueAxis-1', - name: 'LeftAxis-1', - type: 'value', - position: 'left', - show: true, - style: {}, - scale: { type: 'linear', mode: 'normal' }, - labels: { show: true, rotate: 0, filter: false, truncate: 100 }, - title: { text: 'Count' }, - }, - ], - seriesParams: [ - { - show: 'true', - type: 'histogram', - mode: 'stacked', - data: { label: 'Count', id: '1' }, - valueAxis: 'ValueAxis-1', - drawLinesBetweenPoints: true, - showCircles: true, - }, - ], - addTooltip: true, - addLegend: true, - legendPosition: 'right', - times: [], - addTimeMarker: false, - }, + title: 'docker tabla', + type: 'table', aggs: [ - { id: '1', enabled: true, type: 'count', schema: 'metric', params: {} }, + { + id: '1', + enabled: true, + type: 'count', + params: {}, + schema: 'metric', + }, { id: '2', enabled: true, type: 'date_histogram', - schema: 'segment', params: { field: 'timestamp', - timeRange: { from: 'now-1h', to: 'now', mode: 'quick' }, - useNormalizedEsInterval: true, + timeRange: { + from: 'now-1M', + to: 'now', + }, + useNormalizedOpenSearchInterval: true, + scaleMetricValues: false, interval: 'auto', - time_zone: 'Europe/Berlin', drop_partials: false, - customInterval: '2h', min_doc_count: 1, extended_bounds: {}, + customLabel: 'timestamp', }, + schema: 'bucket', }, { id: '3', enabled: true, type: 'terms', - schema: 'group', + params: { + field: 'agent.name', + orderBy: '1', + order: 'desc', + size: 5, + otherBucket: false, + otherBucketLabel: 'Other', + missingBucket: false, + missingBucketLabel: 'Missing', + customLabel: 'agent.name', + }, + schema: 'bucket', + }, + { + id: '4', + enabled: true, + type: 'terms', params: { field: 'data.docker.Type', + orderBy: '1', + order: 'desc', size: 5, + otherBucket: false, + otherBucketLabel: 'Other', + missingBucket: false, + missingBucketLabel: 'Missing', + customLabel: 'data.docker.Type', + }, + schema: 'bucket', + }, + { + id: '5', + enabled: true, + type: 'terms', + params: { + field: 'data.docker.Action', + orderBy: '1', order: 'desc', + size: 5, + otherBucket: false, + otherBucketLabel: 'Other', + missingBucket: false, + missingBucketLabel: 'Missing', + customLabel: 'data.docker.action', + }, + schema: 'bucket', + }, + { + id: '6', + enabled: true, + type: 'terms', + params: { + field: 'rule.description', orderBy: '1', + order: 'desc', + size: 5, otherBucket: false, otherBucketLabel: 'Other', missingBucket: false, missingBucketLabel: 'Missing', + customLabel: 'rule.description', }, + schema: 'bucket', + }, + { + id: '7', + enabled: true, + type: 'terms', + params: { + field: 'rule.level', + orderBy: '1', + order: 'desc', + size: 5, + otherBucket: false, + otherBucketLabel: 'Other', + missingBucket: false, + missingBucketLabel: 'Missing', + customLabel: 'rule.level', + }, + schema: 'bucket', + }, + { + id: '8', + enabled: true, + type: 'terms', + params: { + field: 'rule.id', + orderBy: '1', + order: 'desc', + size: 5, + otherBucket: false, + otherBucketLabel: 'Other', + missingBucket: false, + missingBucketLabel: 'Missing', + customLabel: 'rule.id', + }, + schema: 'bucket', }, ], + params: { + perPage: 10, + showPartialRows: false, + showMetricsAtAllLevels: false, + showTotal: false, + totalFunc: 'sum', + percentageCol: '', + }, }), uiStateJSON: '{}', description: '', @@ -293,103 +522,152 @@ export default [ }, }, { - _id: 'Wazuh-App-Overview-Docker-Actions-over-time', + _id: 'Wazuh-App-Overview-Docker-Events', _type: 'visualization', _source: { - title: 'Actions over time', + title: 'Events', visState: JSON.stringify({ - title: 'Actions over time', - type: 'area', - params: { - type: 'area', - grid: { categoryLines: true, style: { color: '#eee' }, valueAxis: 'ValueAxis-1' }, - categoryAxes: [ - { - id: 'CategoryAxis-1', - type: 'category', - position: 'bottom', - show: true, - style: {}, - scale: { type: 'linear' }, - labels: { show: true, filter: true, truncate: 100 }, - title: {}, - }, - ], - valueAxes: [ - { - id: 'ValueAxis-1', - name: 'LeftAxis-1', - type: 'value', - position: 'left', - show: true, - style: {}, - scale: { type: 'linear', mode: 'normal' }, - labels: { show: true, rotate: 0, filter: false, truncate: 100 }, - title: { text: 'Events' }, - }, - ], - seriesParams: [ - { - show: 'true', - type: 'area', - mode: 'stacked', - data: { label: 'Events', id: '1' }, - drawLinesBetweenPoints: true, - showCircles: true, - interpolate: 'cardinal', - valueAxis: 'ValueAxis-1', - }, - ], - addTooltip: true, - addLegend: true, - legendPosition: 'right', - times: [], - addTimeMarker: false, - }, + title: 'Events', + type: 'table', aggs: [ { id: '1', enabled: true, type: 'count', + params: {}, schema: 'metric', - params: { customLabel: 'Events' }, }, { id: '2', enabled: true, type: 'date_histogram', - schema: 'segment', params: { field: 'timestamp', - timeRange: { from: 'now-1h', to: 'now', mode: 'quick' }, - useNormalizedEsInterval: true, + timeRange: { + from: 'now-1M', + to: 'now', + }, + useNormalizedOpenSearchInterval: true, + scaleMetricValues: false, interval: 'auto', - time_zone: 'Europe/Berlin', drop_partials: false, - customInterval: '2h', min_doc_count: 1, extended_bounds: {}, - customLabel: '', + customLabel: 'timestamp', }, + schema: 'bucket', }, { id: '3', enabled: true, type: 'terms', - schema: 'group', + params: { + field: 'agent.name', + orderBy: '1', + order: 'desc', + size: 5, + otherBucket: false, + otherBucketLabel: 'Other', + missingBucket: false, + missingBucketLabel: 'Missing', + customLabel: 'agent.name', + }, + schema: 'bucket', + }, + { + id: '4', + enabled: true, + type: 'terms', + params: { + field: 'data.docker.Type', + orderBy: '1', + order: 'desc', + size: 5, + otherBucket: false, + otherBucketLabel: 'Other', + missingBucket: false, + missingBucketLabel: 'Missing', + customLabel: 'data.docker.Type', + }, + schema: 'bucket', + }, + { + id: '5', + enabled: true, + type: 'terms', params: { field: 'data.docker.Action', - size: 10, + orderBy: '1', order: 'desc', + size: 5, + otherBucket: false, + otherBucketLabel: 'Other', + missingBucket: false, + missingBucketLabel: 'Missing', + customLabel: 'data.docker.action', + }, + schema: 'bucket', + }, + { + id: '6', + enabled: true, + type: 'terms', + params: { + field: 'rule.description', orderBy: '1', + order: 'desc', + size: 5, otherBucket: false, otherBucketLabel: 'Other', missingBucket: false, missingBucketLabel: 'Missing', - customLabel: 'Action', + customLabel: 'rule.description', + }, + schema: 'bucket', + }, + { + id: '7', + enabled: true, + type: 'terms', + params: { + field: 'rule.level', + orderBy: '1', + order: 'desc', + size: 5, + otherBucket: false, + otherBucketLabel: 'Other', + missingBucket: false, + missingBucketLabel: 'Missing', + customLabel: 'rule.level', + }, + schema: 'bucket', + }, + { + id: '8', + enabled: true, + type: 'terms', + params: { + field: 'rule.id', + orderBy: '1', + order: 'desc', + size: 5, + otherBucket: false, + otherBucketLabel: 'Other', + missingBucket: false, + missingBucketLabel: 'Missing', + customLabel: 'rule.id', }, + schema: 'bucket', }, ], + params: { + perPage: 10, + showPartialRows: false, + showMetricsAtAllLevels: false, + showTotal: false, + totalFunc: 'sum', + percentageCol: '', + }, }), uiStateJSON: '{}', description: '', diff --git a/plugins/main/server/integration-files/visualizations/overview/overview-fim.ts b/plugins/main/server/integration-files/visualizations/overview/overview-fim.ts index e3d3b83c95..5d9fab5385 100644 --- a/plugins/main/server/integration-files/visualizations/overview/overview-fim.ts +++ b/plugins/main/server/integration-files/visualizations/overview/overview-fim.ts @@ -106,7 +106,12 @@ export default [ addLegend: true, legendPosition: 'right', isDonut: true, - labels: { show: false, values: true, last_level: true, truncate: 100 }, + labels: { + show: false, + values: true, + last_level: true, + truncate: 100, + }, }, aggs: [ { @@ -160,10 +165,21 @@ export default [ addLegend: true, legendPosition: 'right', isDonut: true, - labels: { show: false, values: true, last_level: true, truncate: 100 }, + labels: { + show: false, + values: true, + last_level: true, + truncate: 100, + }, }, aggs: [ - { id: '1', enabled: true, type: 'count', schema: 'metric', params: {} }, + { + id: '1', + enabled: true, + type: 'count', + schema: 'metric', + params: {}, + }, { id: '2', enabled: true, @@ -208,10 +224,21 @@ export default [ addLegend: true, legendPosition: 'right', isDonut: false, - labels: { show: false, values: true, last_level: true, truncate: 100 }, + labels: { + show: false, + values: true, + last_level: true, + truncate: 100, + }, }, aggs: [ - { id: '1', enabled: true, type: 'count', schema: 'metric', params: {} }, + { + id: '1', + enabled: true, + type: 'count', + schema: 'metric', + params: {}, + }, { id: '2', enabled: true, @@ -251,7 +278,11 @@ export default [ type: 'area', params: { type: 'area', - grid: { categoryLines: true, style: { color: '#eee' }, valueAxis: 'ValueAxis-1' }, + grid: { + categoryLines: true, + style: { color: '#eee' }, + valueAxis: 'ValueAxis-1', + }, categoryAxes: [ { id: 'CategoryAxis-1', @@ -260,7 +291,7 @@ export default [ show: true, style: {}, scale: { type: 'linear' }, - labels: { show: true, filter: true,truncate: 100 }, + labels: { show: true, filter: true, truncate: 100 }, title: {}, }, ], @@ -296,7 +327,13 @@ export default [ addTimeMarker: false, }, aggs: [ - { id: '1', enabled: true, type: 'count', schema: 'metric', params: {} }, + { + id: '1', + enabled: true, + type: 'count', + schema: 'metric', + params: {}, + }, { id: '2', enabled: true, @@ -363,7 +400,13 @@ export default [ totalFunc: 'sum', }, aggs: [ - { id: '1', enabled: true, type: 'count', schema: 'metric', params: {} }, + { + id: '1', + enabled: true, + type: 'count', + schema: 'metric', + params: {}, + }, { id: '4', enabled: true, @@ -438,7 +481,9 @@ export default [ value: 'syscheck', params: { query: 'syscheck', type: 'phrase' }, }, - query: { match: { 'rule.groups': { query: 'syscheck', type: 'phrase' } } }, + query: { + match: { 'rule.groups': { query: 'syscheck', type: 'phrase' } }, + }, $state: { store: 'appState' }, }, ], @@ -464,7 +509,13 @@ export default [ totalFunc: 'sum', }, aggs: [ - { id: '1', enabled: true, type: 'count', schema: 'metric', params: {} }, + { + id: '1', + enabled: true, + type: 'count', + schema: 'metric', + params: {}, + }, { id: '2', enabled: true, diff --git a/plugins/main/server/integration-files/visualizations/overview/overview-general.ts b/plugins/main/server/integration-files/visualizations/overview/overview-general.ts index 3dc8cc759a..16723e1082 100644 --- a/plugins/main/server/integration-files/visualizations/overview/overview-general.ts +++ b/plugins/main/server/integration-files/visualizations/overview/overview-general.ts @@ -9,7 +9,7 @@ * * Find more information about this on the LICENSE file. */ -import { UI_COLOR_AGENT_STATUS } from "../../../../common/constants"; +import { UI_COLOR_AGENT_STATUS } from '../../../../common/constants'; export default [ { @@ -86,7 +86,12 @@ export default [ enabled: true, type: 'terms', schema: 'group', - params: { field: 'status', size: 5, order: 'desc', orderBy: '_term' }, + params: { + field: 'status', + size: 5, + order: 'desc', + orderBy: '_term', + }, }, { id: '4', @@ -98,7 +103,14 @@ export default [ ], }), uiStateJSON: JSON.stringify({ - vis: { colors: { active: UI_COLOR_AGENT_STATUS.active, disconnected: UI_COLOR_AGENT_STATUS.disconnected, pending: UI_COLOR_AGENT_STATUS.pending, never_connected: UI_COLOR_AGENT_STATUS.never_connected } }, + vis: { + colors: { + active: UI_COLOR_AGENT_STATUS.active, + disconnected: UI_COLOR_AGENT_STATUS.disconnected, + pending: UI_COLOR_AGENT_STATUS.pending, + never_connected: UI_COLOR_AGENT_STATUS.never_connected, + }, + }, }), description: '', version: 1, @@ -139,7 +151,12 @@ export default [ labels: { show: true, color: 'black' }, scale: { show: false, labels: false, color: '#333', width: 2 }, type: 'simple', - style: { fontSize: 20, bgColor: false, labelColor: false, subText: '' }, + style: { + fontSize: 20, + bgColor: false, + labelColor: false, + subText: '', + }, }, }, aggs: [ @@ -152,7 +169,9 @@ export default [ }, ], }), - uiStateJSON: JSON.stringify({ vis: { defaultColors: { '0 - 100': 'rgb(0,104,55)' } } }), + uiStateJSON: JSON.stringify({ + vis: { defaultColors: { '0 - 100': 'rgb(0,104,55)' } }, + }), description: '', version: 1, kibanaSavedObjectMeta: { @@ -189,7 +208,12 @@ export default [ labels: { show: true, color: 'black' }, scale: { show: false, labels: false, color: '#333', width: 2 }, type: 'simple', - style: { fontSize: 20, bgColor: false, labelColor: false, subText: '' }, + style: { + fontSize: 20, + bgColor: false, + labelColor: false, + subText: '', + }, }, }, aggs: [ @@ -202,7 +226,9 @@ export default [ }, ], }), - uiStateJSON: JSON.stringify({ vis: { defaultColors: { '0 - 100': 'rgb(0,104,55)' } } }), + uiStateJSON: JSON.stringify({ + vis: { defaultColors: { '0 - 100': 'rgb(0,104,55)' } }, + }), description: '', version: 1, kibanaSavedObjectMeta: { @@ -267,7 +293,12 @@ export default [ labels: { show: true, color: 'black' }, scale: { show: false, labels: false, color: '#333', width: 2 }, type: 'simple', - style: { fontSize: 20, bgColor: false, labelColor: false, subText: '' }, + style: { + fontSize: 20, + bgColor: false, + labelColor: false, + subText: '', + }, }, }, aggs: [ @@ -280,7 +311,9 @@ export default [ }, ], }), - uiStateJSON: JSON.stringify({ vis: { defaultColors: { '0 - 100': 'rgb(0,104,55)' } } }), + uiStateJSON: JSON.stringify({ + vis: { defaultColors: { '0 - 100': 'rgb(0,104,55)' } }, + }), description: '', version: 1, kibanaSavedObjectMeta: { @@ -292,7 +325,8 @@ export default [ index: 'wazuh-alerts', type: 'phrases', key: 'rule.groups', - value: 'win_authentication_failed, authentication_failed, authentication_failures', + value: + 'win_authentication_failed, authentication_failed, authentication_failures', params: [ 'win_authentication_failed', 'authentication_failed', @@ -362,7 +396,12 @@ export default [ labels: { show: true, color: 'black' }, scale: { show: false, labels: false, color: '#333', width: 2 }, type: 'simple', - style: { fontSize: 20, bgColor: false, labelColor: false, subText: '' }, + style: { + fontSize: 20, + bgColor: false, + labelColor: false, + subText: '', + }, }, }, aggs: [ @@ -375,7 +414,9 @@ export default [ }, ], }), - uiStateJSON: JSON.stringify({ vis: { defaultColors: { '0 - 100': 'rgb(0,104,55)' } } }), + uiStateJSON: JSON.stringify({ + vis: { defaultColors: { '0 - 100': 'rgb(0,104,55)' } }, + }), description: '', version: 1, kibanaSavedObjectMeta: { @@ -424,7 +465,11 @@ export default [ type: 'area', params: { type: 'area', - grid: { categoryLines: true, style: { color: '#eee' }, valueAxis: 'ValueAxis-1' }, + grid: { + categoryLines: true, + style: { color: '#eee' }, + valueAxis: 'ValueAxis-1', + }, categoryAxes: [ { id: 'CategoryAxis-1', @@ -469,7 +514,13 @@ export default [ addTimeMarker: false, }, aggs: [ - { id: '1', enabled: true, type: 'count', schema: 'metric', params: {} }, + { + id: '1', + enabled: true, + type: 'count', + schema: 'metric', + params: {}, + }, { id: '2', enabled: true, @@ -525,7 +576,13 @@ export default [ visState: JSON.stringify({ type: 'pie', aggs: [ - { id: '1', enabled: true, type: 'count', schema: 'metric', params: {} }, + { + id: '1', + enabled: true, + type: 'count', + schema: 'metric', + params: {}, + }, { id: '2', enabled: true, @@ -549,7 +606,12 @@ export default [ addLegend: true, legendPosition: 'right', isDonut: true, - labels: { show: false, values: true, last_level: true, truncate: 100 }, + labels: { + show: false, + values: true, + last_level: true, + truncate: 100, + }, }, title: 'mitre top', }), @@ -579,10 +641,21 @@ export default [ addLegend: true, legendPosition: 'right', isDonut: true, - labels: { show: false, values: true, last_level: true, truncate: 100 }, + labels: { + show: false, + values: true, + last_level: true, + truncate: 100, + }, }, aggs: [ - { id: '1', enabled: true, type: 'count', schema: 'metric', params: {} }, + { + id: '1', + enabled: true, + type: 'count', + schema: 'metric', + params: {}, + }, { id: '2', enabled: true, @@ -621,7 +694,13 @@ export default [ visState: JSON.stringify({ type: 'histogram', aggs: [ - { id: '1', enabled: true, type: 'count', schema: 'metric', params: {} }, + { + id: '1', + enabled: true, + type: 'count', + schema: 'metric', + params: {}, + }, { id: '2', enabled: true, @@ -629,7 +708,10 @@ export default [ schema: 'segment', params: { field: 'timestamp', - timeRange: { from: '2020-07-19T16:18:13.637Z', to: '2020-07-28T13:58:33.357Z' }, + timeRange: { + from: '2020-07-19T16:18:13.637Z', + to: '2020-07-28T13:58:33.357Z', + }, useNormalizedEsInterval: true, scaleMetricValues: false, interval: 'auto', @@ -701,7 +783,13 @@ export default [ legendPosition: 'right', times: [], addTimeMarker: false, - thresholdLine: { show: false, value: 10, width: 1, style: 'full', color: '#E7664C' }, + thresholdLine: { + show: false, + value: 10, + width: 1, + style: 'full', + color: '#E7664C', + }, labels: {}, }, title: 'top 5 agents evolution', @@ -737,7 +825,13 @@ export default [ totalFunc: 'sum', }, aggs: [ - { id: '1', enabled: true, type: 'count', schema: 'metric', params: {} }, + { + id: '1', + enabled: true, + type: 'count', + schema: 'metric', + params: {}, + }, { id: '2', enabled: true, @@ -859,13 +953,24 @@ export default [ addTimeMarker: false, }, aggs: [ - { id: '1', enabled: true, type: 'count', schema: 'metric', params: {} }, + { + id: '1', + enabled: true, + type: 'count', + schema: 'metric', + params: {}, + }, { id: '3', enabled: true, type: 'terms', schema: 'group', - params: { field: 'agent.name', size: 5, order: 'desc', orderBy: '1' }, + params: { + field: 'agent.name', + size: 5, + order: 'desc', + orderBy: '1', + }, }, { id: '2', diff --git a/plugins/main/server/integration-files/visualizations/overview/overview-pci.ts b/plugins/main/server/integration-files/visualizations/overview/overview-pci.ts index bbdded7601..f133f5326c 100644 --- a/plugins/main/server/integration-files/visualizations/overview/overview-pci.ts +++ b/plugins/main/server/integration-files/visualizations/overview/overview-pci.ts @@ -19,7 +19,11 @@ export default [ type: 'area', params: { type: 'area', - grid: { categoryLines: true, style: { color: '#eee' }, valueAxis: 'ValueAxis-1' }, + grid: { + categoryLines: true, + style: { color: '#eee' }, + valueAxis: 'ValueAxis-1', + }, categoryAxes: [ { id: 'CategoryAxis-1', @@ -64,7 +68,13 @@ export default [ addTimeMarker: false, }, aggs: [ - { id: '1', enabled: true, type: 'count', schema: 'metric', params: {} }, + { + id: '1', + enabled: true, + type: 'count', + schema: 'metric', + params: {}, + }, { id: '2', enabled: true, @@ -140,12 +150,23 @@ export default [ id: 'ValueAxis-1', type: 'value', scale: { type: 'linear', defaultYExtents: false }, - labels: { show: false, rotate: 0, overwriteColor: false, color: '#555' }, + labels: { + show: false, + rotate: 0, + overwriteColor: false, + color: '#555', + }, }, ], }, aggs: [ - { id: '1', enabled: true, type: 'count', schema: 'metric', params: {} }, + { + id: '1', + enabled: true, + type: 'count', + schema: 'metric', + params: {}, + }, { id: '2', enabled: true, @@ -267,8 +288,22 @@ export default [ params: { date: true, interval: 'P1D', format: 'YYYY-MM-DD' }, aggType: 'date_histogram', }, - y: [{ accessor: 2, format: { id: 'number' }, params: {}, aggType: 'count' }], - z: [{ accessor: 3, format: { id: 'number' }, params: {}, aggType: 'count' }], + y: [ + { + accessor: 2, + format: { id: 'number' }, + params: {}, + aggType: 'count', + }, + ], + z: [ + { + accessor: 3, + format: { id: 'number' }, + params: {}, + aggType: 'count', + }, + ], series: [ { accessor: 1, @@ -288,7 +323,13 @@ export default [ radiusRatio: 50, }, aggs: [ - { id: '1', enabled: true, type: 'count', schema: 'metric', params: {} }, + { + id: '1', + enabled: true, + type: 'count', + schema: 'metric', + params: {}, + }, { id: '2', enabled: true, @@ -320,7 +361,13 @@ export default [ missingBucketLabel: 'Missing', }, }, - { id: '4', enabled: true, type: 'count', schema: 'radius', params: {} }, + { + id: '4', + enabled: true, + type: 'count', + schema: 'radius', + params: {}, + }, ], }), uiStateJSON: '{}', @@ -351,13 +398,24 @@ export default [ isDonut: false, }, aggs: [ - { id: '1', enabled: true, type: 'count', schema: 'metric', params: {} }, + { + id: '1', + enabled: true, + type: 'count', + schema: 'metric', + params: {}, + }, { id: '2', enabled: true, type: 'terms', schema: 'segment', - params: { field: 'agent.name', size: 10, order: 'desc', orderBy: '1' }, + params: { + field: 'agent.name', + size: 10, + order: 'desc', + orderBy: '1', + }, }, ], }), @@ -428,7 +486,13 @@ export default [ radiusRatio: 51, }, aggs: [ - { id: '1', enabled: true, type: 'count', schema: 'metric', params: {} }, + { + id: '1', + enabled: true, + type: 'count', + schema: 'metric', + params: {}, + }, { id: '2', enabled: true, @@ -447,7 +511,12 @@ export default [ enabled: true, type: 'terms', schema: 'group', - params: { field: 'agent.name', size: 5, order: 'desc', orderBy: '1' }, + params: { + field: 'agent.name', + size: 5, + order: 'desc', + orderBy: '1', + }, }, ], }), @@ -482,7 +551,13 @@ export default [ totalFunc: 'sum', }, aggs: [ - { id: '1', enabled: true, type: 'count', schema: 'metric', params: {} }, + { + id: '1', + enabled: true, + type: 'count', + schema: 'metric', + params: {}, + }, { id: '2', enabled: true, @@ -568,7 +643,13 @@ export default [ totalFunc: 'sum', }, aggs: [ - { id: '1', enabled: true, type: 'count', schema: 'metric', params: {} }, + { + id: '1', + enabled: true, + type: 'count', + schema: 'metric', + params: {}, + }, { id: '2', enabled: true, diff --git a/plugins/main/server/integration-files/visualizations/overview/overview-pm.ts b/plugins/main/server/integration-files/visualizations/overview/overview-pm.ts index 88c7a16ab8..613218fd42 100644 --- a/plugins/main/server/integration-files/visualizations/overview/overview-pm.ts +++ b/plugins/main/server/integration-files/visualizations/overview/overview-pm.ts @@ -11,28 +11,65 @@ */ export default [ { - _id: 'Wazuh-App-Overview-PM-Events-over-time', + _id: 'Wazuh-App-Overview-PM-Emotet-Malware-Activity', _type: 'visualization', _source: { - title: 'Events over time', + title: 'Emotet malware activity', visState: JSON.stringify({ - title: 'Events over time', + title: 'Emotet malware activity', type: 'area', + aggs: [ + { + id: '1', + enabled: true, + type: 'count', + params: { + customLabel: 'Count', + }, + schema: 'metric', + }, + { + id: '3', + enabled: true, + type: 'filters', + params: { + filters: [ + { + input: { + query: 'rule.groups : "rootcheck"', + language: 'kuery', + }, + label: '', + }, + ], + }, + schema: 'group', + }, + { + id: '2', + enabled: true, + type: 'date_histogram', + params: { + field: 'timestamp', + timeRange: { + from: 'now-24h', + to: 'now', + }, + useNormalizedOpenSearchInterval: true, + scaleMetricValues: false, + interval: 'auto', + drop_partials: false, + min_doc_count: 1, + extended_bounds: {}, + }, + schema: 'segment', + }, + ], params: { - scale: 'linear', - yAxis: {}, - smoothLines: true, - addTimeMarker: false, - interpolate: 'linear', - addLegend: true, - shareYAxis: true, - mode: 'overlap', - defaultYExtents: false, - setYExtents: false, - addTooltip: true, - times: [], type: 'area', - grid: { categoryLines: false, style: { color: '#eee' } }, + grid: { + categoryLines: false, + }, categoryAxes: [ { id: 'CategoryAxis-1', @@ -40,8 +77,14 @@ export default [ position: 'bottom', show: true, style: {}, - scale: { type: 'linear' }, - labels: { show: true, filter: true, truncate: 100 }, + scale: { + type: 'linear', + }, + labels: { + show: true, + filter: true, + truncate: 100, + }, title: {}, }, ], @@ -53,55 +96,52 @@ export default [ position: 'left', show: true, style: {}, - scale: { type: 'linear', mode: 'normal', setYExtents: false, defaultYExtents: false }, - labels: { show: true, rotate: 0, filter: false, truncate: 100 }, - title: { text: 'Count' }, + scale: { + type: 'linear', + mode: 'normal', + }, + labels: { + show: true, + rotate: 0, + filter: false, + truncate: 100, + }, + title: { + text: 'Count', + }, }, ], seriesParams: [ { - show: 'true', + show: true, type: 'area', - mode: 'normal', - data: { label: 'Count', id: '1' }, - interpolate: 'cardinal', + mode: 'stacked', + data: { + label: 'Count', + id: '1', + }, + drawLinesBetweenPoints: true, + lineWidth: 2, + showCircles: true, + interpolate: 'linear', valueAxis: 'ValueAxis-1', }, ], + addTooltip: true, + addLegend: true, legendPosition: 'right', - }, - aggs: [ - { id: '1', enabled: true, type: 'count', schema: 'metric', params: {} }, - { - id: '2', - enabled: true, - type: 'terms', - schema: 'group', - params: { - field: 'rule.description', - otherBucket: false, - otherBucketLabel: 'Other', - missingBucket: false, - missingBucketLabel: 'Missing', - size: 5, - order: 'desc', - orderBy: '1', - }, - }, - { - id: '3', - enabled: true, - type: 'date_histogram', - schema: 'segment', - params: { - field: 'timestamp', - interval: 'auto', - customInterval: '2h', - min_doc_count: 1, - extended_bounds: {}, - }, + times: [], + addTimeMarker: false, + thresholdLine: { + show: false, + value: 10, + width: 1, + style: 'full', + color: '#E7664C', }, - ], + labels: {}, + row: true, + }, }), uiStateJSON: '{}', description: '', @@ -115,118 +155,170 @@ export default [ }, }, }, + // { + // _id: 'Wazuh-App-Overview-PM-Events-over-time', + // _type: 'visualization', + // _source: { + // title: 'Events over time', + // visState: JSON.stringify({ + // title: 'Events over time', + // type: 'area', + // params: { + // scale: 'linear', + // yAxis: {}, + // smoothLines: true, + // addTimeMarker: false, + // interpolate: 'linear', + // addLegend: true, + // shareYAxis: true, + // mode: 'overlap', + // defaultYExtents: false, + // setYExtents: false, + // addTooltip: true, + // times: [], + // type: 'area', + // grid: { categoryLines: false, style: { color: '#eee' } }, + // categoryAxes: [ + // { + // id: 'CategoryAxis-1', + // type: 'category', + // position: 'bottom', + // show: true, + // style: {}, + // scale: { type: 'linear' }, + // labels: { show: true, filter: true, truncate: 100 }, + // title: {}, + // }, + // ], + // valueAxes: [ + // { + // id: 'ValueAxis-1', + // name: 'LeftAxis-1', + // type: 'value', + // position: 'left', + // show: true, + // style: {}, + // scale: { type: 'linear', mode: 'normal', setYExtents: false, defaultYExtents: false }, + // labels: { show: true, rotate: 0, filter: false, truncate: 100 }, + // title: { text: 'Count' }, + // }, + // ], + // seriesParams: [ + // { + // show: 'true', + // type: 'area', + // mode: 'normal', + // data: { label: 'Count', id: '1' }, + // interpolate: 'cardinal', + // valueAxis: 'ValueAxis-1', + // }, + // ], + // legendPosition: 'right', + // }, + // aggs: [ + // { id: '1', enabled: true, type: 'count', schema: 'metric', params: {} }, + // { + // id: '2', + // enabled: true, + // type: 'terms', + // schema: 'group', + // params: { + // field: 'rule.description', + // otherBucket: false, + // otherBucketLabel: 'Other', + // missingBucket: false, + // missingBucketLabel: 'Missing', + // size: 5, + // order: 'desc', + // orderBy: '1', + // }, + // }, + // { + // id: '3', + // enabled: true, + // type: 'date_histogram', + // schema: 'segment', + // params: { + // field: 'timestamp', + // interval: 'auto', + // customInterval: '2h', + // min_doc_count: 1, + // extended_bounds: {}, + // }, + // }, + // ], + // }), + // uiStateJSON: '{}', + // description: '', + // version: 1, + // kibanaSavedObjectMeta: { + // searchSourceJSON: JSON.stringify({ + // index: 'wazuh-alerts', + // filter: [], + // query: { query: '', language: 'lucene' }, + // }), + // }, + // }, + // }, { - _id: 'Wazuh-App-Overview-PM-Top-5-rules', + _id: 'Wazuh-App-Overview-PM-Rootkits-Activity-Over-Time', _type: 'visualization', _source: { title: 'Top 5 rules', visState: JSON.stringify({ - title: 'Export rule distr', - type: 'pie', - params: { - type: 'pie', - addTooltip: true, - addLegend: true, - legendPosition: 'right', - isDonut: true, - labels: { show: false, values: true, last_level: true, truncate: 100 }, - }, + title: 'Rootkits activity over time', + type: 'line', aggs: [ { id: '1', enabled: true, - type: 'sum', + type: 'count', + params: { + customLabel: 'Alerts', + }, schema: 'metric', - params: { field: 'rule.level' }, }, { - id: '2', + id: '4', enabled: true, type: 'terms', - schema: 'segment', params: { - field: 'rule.description', - size: 5, - order: 'desc', + field: 'data.title', orderBy: '1', + order: 'desc', + size: 5, otherBucket: false, otherBucketLabel: 'Other', missingBucket: false, missingBucketLabel: 'Missing', }, + schema: 'group', }, - ], - }), - uiStateJSON: '{}', - description: '', - version: 1, - kibanaSavedObjectMeta: { - searchSourceJSON: JSON.stringify({ - index: 'wazuh-alerts', - query: { query: '', language: 'lucene' }, - filter: [], - }), - }, - }, - }, - { - _id: 'Wazuh-App-Overview-PM-Top-5-agents-pie', - _type: 'visualization', - _source: { - title: 'Top 5 agents pie', - visState: JSON.stringify({ - title: 'Top 5 agents pie', - type: 'pie', - params: { - type: 'pie', - addTooltip: true, - addLegend: true, - legendPosition: 'right', - isDonut: true, - labels: { show: false, values: true, last_level: true, truncate: 100 }, - }, - aggs: [ - { id: '1', enabled: true, type: 'count', schema: 'metric', params: {} }, { id: '2', enabled: true, - type: 'terms', - schema: 'segment', + type: 'date_histogram', params: { - field: 'agent.name', - size: 5, - order: 'desc', - orderBy: '1', - otherBucket: false, - otherBucketLabel: 'Other', - missingBucket: false, - missingBucketLabel: 'Missing', + field: 'timestamp', + timeRange: { + from: 'now-1M', + to: 'now', + }, + useNormalizedOpenSearchInterval: true, + scaleMetricValues: false, + interval: 'auto', + drop_partials: false, + min_doc_count: 1, + extended_bounds: {}, }, + schema: 'segment', }, ], - }), - uiStateJSON: '{}', - description: '', - version: 1, - kibanaSavedObjectMeta: { - searchSourceJSON: JSON.stringify({ - index: 'wazuh-alerts', - query: { language: 'lucene', query: '' }, - filter: [], - }), - }, - }, - }, - { - _id: 'Wazuh-App-Overview-PM-Events-per-agent-evolution', - _source: { - title: 'Events per control type evolution', - visState: JSON.stringify({ - title: 'Events per control type evolution', - type: 'line', params: { type: 'line', - grid: { categoryLines: false, style: { color: '#eee' } }, + grid: { + categoryLines: false, + }, categoryAxes: [ { id: 'CategoryAxis-1', @@ -234,8 +326,14 @@ export default [ position: 'bottom', show: true, style: {}, - scale: { type: 'linear' }, - labels: { show: true, filter: true, truncate: 100 }, + scale: { + type: 'linear', + }, + labels: { + show: true, + filter: true, + truncate: 100, + }, title: {}, }, ], @@ -247,19 +345,34 @@ export default [ position: 'left', show: true, style: {}, - scale: { type: 'linear', mode: 'normal' }, - labels: { show: true, rotate: 0, filter: false, truncate: 100 }, - title: { text: 'Count' }, + scale: { + type: 'linear', + mode: 'normal', + }, + labels: { + show: true, + rotate: 0, + filter: false, + truncate: 100, + }, + title: { + text: 'Alerts', + }, }, ], seriesParams: [ { - show: 'true', + show: true, type: 'line', mode: 'normal', - data: { label: 'Count', id: '1' }, + data: { + label: 'Alerts', + id: '1', + }, valueAxis: 'ValueAxis-1', drawLinesBetweenPoints: true, + lineWidth: 2, + interpolate: 'linear', showCircles: true, }, ], @@ -268,30 +381,16 @@ export default [ legendPosition: 'right', times: [], addTimeMarker: false, - }, - aggs: [ - { id: '1', enabled: true, type: 'count', schema: 'metric', params: {} }, - { - id: '3', - enabled: true, - type: 'terms', - schema: 'group', - params: { field: 'data.title', size: 5, order: 'desc', orderBy: '1' }, + labels: {}, + thresholdLine: { + show: false, + value: 10, + width: 1, + style: 'full', + color: '#E7664C', }, - { - id: '2', - enabled: true, - type: 'date_histogram', - schema: 'segment', - params: { - field: 'timestamp', - interval: 'auto', - customInterval: '2h', - min_doc_count: 1, - extended_bounds: {}, - }, - }, - ], + row: true, + }, }), uiStateJSON: '{}', description: '', @@ -299,80 +398,407 @@ export default [ kibanaSavedObjectMeta: { searchSourceJSON: JSON.stringify({ index: 'wazuh-alerts', - filter: [], query: { query: '', language: 'lucene' }, + filter: [], }), }, }, - _type: 'visualization', }, + // { + // _id: 'Wazuh-App-Overview-PM-Top-5-agents-pie', + // _type: 'visualization', + // _source: { + // title: 'Top 5 agents pie', + // visState: JSON.stringify({ + // title: 'Top 5 agents pie', + // type: 'pie', + // params: { + // type: 'pie', + // addTooltip: true, + // addLegend: true, + // legendPosition: 'right', + // isDonut: true, + // labels: { + // show: false, + // values: true, + // last_level: true, + // truncate: 100, + // }, + // }, + // aggs: [ + // { + // id: '1', + // enabled: true, + // type: 'count', + // schema: 'metric', + // params: {}, + // }, + // { + // id: '2', + // enabled: true, + // type: 'terms', + // schema: 'segment', + // params: { + // field: 'agent.name', + // size: 5, + // order: 'desc', + // orderBy: '1', + // otherBucket: false, + // otherBucketLabel: 'Other', + // missingBucket: false, + // missingBucketLabel: 'Missing', + // }, + // }, + // ], + // }), + // uiStateJSON: '{}', + // description: '', + // version: 1, + // kibanaSavedObjectMeta: { + // searchSourceJSON: JSON.stringify({ + // index: 'wazuh-alerts', + // query: { language: 'lucene', query: '' }, + // filter: [], + // }), + // }, + // }, + // }, { - _id: 'Wazuh-App-Overview-PM-Alerts-summary', + _id: 'Wazuh-App-Overview-PM-Security-Alerts', _type: 'visualization', _source: { - title: 'Alerts summary', + title: 'Security alerts', visState: JSON.stringify({ - title: 'Alerts summary', + title: 'Security alerts', type: 'table', - params: { - perPage: 10, - showPartialRows: false, - showMeticsAtAllLevels: false, - sort: { columnIndex: 2, direction: 'desc' }, - showTotal: false, - showToolbar: true, - totalFunc: 'sum', - }, aggs: [ - { id: '1', enabled: true, type: 'count', schema: 'metric', params: {} }, + { + id: '1', + enabled: true, + type: 'count', + params: { + customLabel: '', + }, + schema: 'metric', + }, + { + id: '2', + enabled: true, + type: 'date_histogram', + params: { + field: 'timestamp', + timeRange: { + from: 'now-24h', + to: 'now', + }, + useNormalizedOpenSearchInterval: true, + scaleMetricValues: false, + interval: 'auto', + drop_partials: false, + min_doc_count: 1, + extended_bounds: {}, + customLabel: 'Time', + }, + schema: 'bucket', + }, { id: '3', enabled: true, type: 'terms', + params: { + field: 'agent.name', + orderBy: '_key', + order: 'desc', + size: 5, + otherBucket: false, + otherBucketLabel: 'Other', + missingBucket: false, + missingBucketLabel: 'Missing', + customLabel: 'agent.name', + }, schema: 'bucket', + }, + { + id: '4', + enabled: true, + type: 'terms', params: { - field: 'rule.description', + field: 'rule.mitre.id', + orderBy: '_key', + order: 'desc', + size: 5, otherBucket: false, otherBucketLabel: 'Other', missingBucket: false, missingBucketLabel: 'Missing', - size: 50, + customLabel: 'rule.mitre.id', + }, + schema: 'bucket', + }, + { + id: '5', + enabled: true, + type: 'terms', + params: { + field: 'rule.mitre.tactic', + orderBy: '_key', order: 'desc', - orderBy: '1', - customLabel: 'Rule description', + size: 5, + otherBucket: false, + otherBucketLabel: 'Other', + missingBucket: false, + missingBucketLabel: 'Missing', + customLabel: 'rule.mitre.tactic', }, + schema: 'bucket', }, { - id: '4', + id: '6', enabled: true, type: 'terms', + params: { + field: 'rule.description', + orderBy: '_key', + order: 'desc', + size: 5, + otherBucket: false, + otherBucketLabel: 'Other', + missingBucket: false, + missingBucketLabel: 'Missing', + customLabel: 'rule.description', + }, schema: 'bucket', + }, + { + id: '7', + enabled: true, + type: 'terms', params: { - field: 'data.title', + field: 'rule.level', + orderBy: '_key', + order: 'desc', + size: 5, otherBucket: false, otherBucketLabel: 'Other', missingBucket: false, missingBucketLabel: 'Missing', - size: 1000, + customLabel: 'rule.level', + }, + schema: 'bucket', + }, + { + id: '8', + enabled: true, + type: 'terms', + params: { + field: 'rule.id', + orderBy: '_key', order: 'desc', - orderBy: '1', - customLabel: 'Control', + size: 5, + otherBucket: false, + otherBucketLabel: 'Other', + missingBucket: false, + missingBucketLabel: 'Missing', + customLabel: 'rule.id', }, + schema: 'bucket', }, ], + params: { + perPage: 10, + showPartialRows: false, + showMetricsAtAllLevels: false, + showTotal: false, + totalFunc: 'sum', + percentageCol: '', + row: false, + }, }), - uiStateJSON: JSON.stringify({ - vis: { params: { sort: { columnIndex: 1, direction: 'desc' } } }, - }), + uiStateJSON: '{}', description: '', version: 1, kibanaSavedObjectMeta: { searchSourceJSON: JSON.stringify({ index: 'wazuh-alerts', - filter: [], query: { language: 'lucene', query: '' }, + filter: [], }), }, }, }, + // { + // _id: 'Wazuh-App-Overview-PM-Events-per-agent-evolution', + // _source: { + // title: 'Events per control type evolution', + // visState: JSON.stringify({ + // title: 'Events per control type evolution', + // type: 'line', + // params: { + // type: 'line', + // grid: { categoryLines: false, style: { color: '#eee' } }, + // categoryAxes: [ + // { + // id: 'CategoryAxis-1', + // type: 'category', + // position: 'bottom', + // show: true, + // style: {}, + // scale: { type: 'linear' }, + // labels: { show: true, filter: true, truncate: 100 }, + // title: {}, + // }, + // ], + // valueAxes: [ + // { + // id: 'ValueAxis-1', + // name: 'LeftAxis-1', + // type: 'value', + // position: 'left', + // show: true, + // style: {}, + // scale: { type: 'linear', mode: 'normal' }, + // labels: { show: true, rotate: 0, filter: false, truncate: 100 }, + // title: { text: 'Count' }, + // }, + // ], + // seriesParams: [ + // { + // show: 'true', + // type: 'line', + // mode: 'normal', + // data: { label: 'Count', id: '1' }, + // valueAxis: 'ValueAxis-1', + // drawLinesBetweenPoints: true, + // showCircles: true, + // }, + // ], + // addTooltip: true, + // addLegend: true, + // legendPosition: 'right', + // times: [], + // addTimeMarker: false, + // }, + // aggs: [ + // { + // id: '1', + // enabled: true, + // type: 'count', + // schema: 'metric', + // params: {}, + // }, + // { + // id: '3', + // enabled: true, + // type: 'terms', + // schema: 'group', + // params: { + // field: 'data.title', + // size: 5, + // order: 'desc', + // orderBy: '1', + // }, + // }, + // { + // id: '2', + // enabled: true, + // type: 'date_histogram', + // schema: 'segment', + // params: { + // field: 'timestamp', + // interval: 'auto', + // customInterval: '2h', + // min_doc_count: 1, + // extended_bounds: {}, + // }, + // }, + // ], + // }), + // uiStateJSON: '{}', + // description: '', + // version: 1, + // kibanaSavedObjectMeta: { + // searchSourceJSON: JSON.stringify({ + // index: 'wazuh-alerts', + // filter: [], + // query: { query: '', language: 'lucene' }, + // }), + // }, + // }, + // _type: 'visualization', + // }, + // { + // _id: 'Wazuh-App-Overview-PM-Alerts-summary', + // _type: 'visualization', + // _source: { + // title: 'Alerts summary', + // visState: JSON.stringify({ + // title: 'Alerts summary', + // type: 'table', + // params: { + // perPage: 10, + // showPartialRows: false, + // showMeticsAtAllLevels: false, + // sort: { columnIndex: 2, direction: 'desc' }, + // showTotal: false, + // showToolbar: true, + // totalFunc: 'sum', + // }, + // aggs: [ + // { + // id: '1', + // enabled: true, + // type: 'count', + // schema: 'metric', + // params: {}, + // }, + // { + // id: '3', + // enabled: true, + // type: 'terms', + // schema: 'bucket', + // params: { + // field: 'rule.description', + // otherBucket: false, + // otherBucketLabel: 'Other', + // missingBucket: false, + // missingBucketLabel: 'Missing', + // size: 50, + // order: 'desc', + // orderBy: '1', + // customLabel: 'Rule description', + // }, + // }, + // { + // id: '4', + // enabled: true, + // type: 'terms', + // schema: 'bucket', + // params: { + // field: 'data.title', + // otherBucket: false, + // otherBucketLabel: 'Other', + // missingBucket: false, + // missingBucketLabel: 'Missing', + // size: 1000, + // order: 'desc', + // orderBy: '1', + // customLabel: 'Control', + // }, + // }, + // ], + // }), + // uiStateJSON: JSON.stringify({ + // vis: { params: { sort: { columnIndex: 1, direction: 'desc' } } }, + // }), + // description: '', + // version: 1, + // kibanaSavedObjectMeta: { + // searchSourceJSON: JSON.stringify({ + // index: 'wazuh-alerts', + // filter: [], + // query: { language: 'lucene', query: '' }, + // }), + // }, + // }, + // }, ]; diff --git a/plugins/main/server/integration-files/visualizations/overview/overview-sca.ts b/plugins/main/server/integration-files/visualizations/overview/overview-sca.ts new file mode 100644 index 0000000000..2608684c84 --- /dev/null +++ b/plugins/main/server/integration-files/visualizations/overview/overview-sca.ts @@ -0,0 +1,126 @@ +/* + * Wazuh app - Module for Overview/GDPR visualizations + * Copyright (C) 2015-2022 Wazuh, Inc. + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * Find more information about this on the LICENSE file. + */ +export default [ + { + _id: 'Wazuh-App-Overview-SCA-Alert', + _type: 'visualization', + _source: { + title: 'Alerts', + visState: JSON.stringify({ + title: 'Alerts sca', + type: 'table', + aggs: [ + { + id: '1', + enabled: true, + type: 'count', + params: {}, + schema: 'metric', + }, + { + id: '2', + enabled: true, + type: 'date_histogram', + params: { + field: 'timestamp', + timeRange: { + from: 'now-4M', + to: 'now', + }, + useNormalizedOpenSearchInterval: true, + scaleMetricValues: false, + interval: 'auto', + drop_partials: false, + min_doc_count: 1, + extended_bounds: {}, + customLabel: 'Time', + }, + schema: 'bucket', + }, + { + id: '3', + enabled: true, + type: 'terms', + params: { + field: 'data.sca.check.title', + orderBy: '1', + order: 'desc', + size: 5, + otherBucket: false, + otherBucketLabel: 'Other', + missingBucket: false, + missingBucketLabel: 'Missing', + customLabel: 'data.sca.check.title', + }, + schema: 'bucket', + }, + { + id: '4', + enabled: false, + type: 'terms', + params: { + field: 'data.sca.check.file', + orderBy: '1', + order: 'desc', + size: 5, + otherBucket: false, + otherBucketLabel: 'Other', + missingBucket: false, + missingBucketLabel: 'Missing', + customLabel: 'data.sca.check.file', + }, + schema: 'bucket', + }, + { + id: '5', + enabled: true, + type: 'terms', + params: { + field: 'data.sca.policy', + orderBy: '1', + order: 'desc', + size: 5, + otherBucket: false, + otherBucketLabel: 'Other', + missingBucket: false, + missingBucketLabel: 'Missing', + customLabel: 'data.sca.policy', + }, + schema: 'bucket', + }, + ], + params: { + perPage: 10, + showPartialRows: false, + showMetricsAtAllLevels: false, + showTotal: false, + totalFunc: 'sum', + percentageCol: '', + query: { + language: 'kuery', + query: '', + }, + }, + }), + uiStateJSON: '{}', + description: '', + version: 1, + kibanaSavedObjectMeta: { + searchSourceJSON: JSON.stringify({ + index: 'wazuh-alerts', + filter: [], + query: { query: '', language: 'lucene' }, + }), + }, + }, + }, +];