Merge branch '4.10.0' into enhacement/7049-add-page-scroll-with-many-…

…events

CHANGELOG.md

@@ -2,7 +2,7 @@
 
 All notable changes to the Wazuh app project will be documented in this file.
 
-## Wazuh v4.10.0 - OpenSearch Dashboards 2.16.0 - Revision 01
+## Wazuh v4.10.0 - OpenSearch Dashboards 2.16.0 - Revision 02
 
 ## Fixed
 
@@ -24,20 +24,23 @@ All notable changes to the Wazuh app project will be documented in this file.
 - Changed the agents summary in overview with no results to an agent deployment help message. [#7041](https://github.com/wazuh/wazuh-dashboard-plugins/pull/7041)
 - Changed malware feature description [#7036](https://github.com/wazuh/wazuh-dashboard-plugins/pull/7036)
 - Changed the font size of the kpi subtitles and the features descriptions [#7033](https://github.com/wazuh/wazuh-dashboard-plugins/pull/7033)
+- Changed feature container margins to ensure consistent separation and uniform design. [#7034](https://github.com/wazuh/wazuh-dashboard-plugins/pull/7034)
 
 ### Fixed
 
 - Fixed read-only users could not access to Statistics application [#7001](https://github.com/wazuh/wazuh-dashboard-plugins/pull/7001)
 - Fixed no-agent-alert spawn with selected agent in agent-welcome view [#7029](https://github.com/wazuh/wazuh-dashboard-plugins/pull/7029)
 - Fixed security policy exception when it contained deprecated actions [#7042](https://github.com/wazuh/wazuh-dashboard-plugins/pull/7042)
-- Fix export formatted csv data with special characters from tables [#7048](https://github.com/wazuh/wazuh-dashboard-plugins/pull/7048)
+- Fixed export formatted csv data with special characters from tables [#7048](https://github.com/wazuh/wazuh-dashboard-plugins/pull/7048)
+- Fixed column reordering feature [#7072](https://github.com/wazuh/wazuh-dashboard-plugins/pull/7072)
 
 ### Removed
 
 - Removed agent RBAC filters from dashboard queries [#6945](https://github.com/wazuh/wazuh-dashboard-plugins/pull/6945)
 - Removed GET /elastic/statistics API endpoint [#7001](https://github.com/wazuh/wazuh-dashboard-plugins/pull/7001)
+- Removed VirusTotal application in favor of Malware Detection [#7038](https://github.com/wazuh/wazuh-dashboard-plugins/pull/7038)
 
-## Wazuh v4.9.1 - OpenSearch Dashboards 2.13.0 - Revision 01
+## Wazuh v4.9.1 - OpenSearch Dashboards 2.13.0 - Revision 03
 
 ### Added
 
@@ -56,6 +59,10 @@ All notable changes to the Wazuh app project will be documented in this file.
 - Fixed missing options depending on agent operating system in the agent configuration report [#6983](https://github.com/wazuh/wazuh-dashboard-plugins/pull/6983)
 - Fixed an style that affected the Discover plugin [#6989](https://github.com/wazuh/wazuh-dashboard-plugins/pull/6989)
 - Fixed a problem updating the API host registry in the GET /api/check-stored-api [#6995](https://github.com/wazuh/wazuh-dashboard-plugins/pull/6995)
+- Fixed the `Open report` button of the toast and the `Download report` icon of the reporting table in Safari [#7019](https://github.com/wazuh/wazuh-dashboard-plugins/pull/7019)
+- Fixed style when unnpinned an agent in endpoint summary section [#7015](https://github.com/wazuh/wazuh-dashboard-plugins/pull/7015)
+- Fixed overflow style on a long value filter [#7021](https://github.com/wazuh/wazuh-dashboard-plugins/pull/7021)
+- Fixed buttons enabled for a readonly user in `Endpoint groups` section [#7056](https://github.com/wazuh/wazuh-dashboard-plugins/pull/7056)
 
 ### Changed
 
@@ -69,6 +76,7 @@ All notable changes to the Wazuh app project will be documented in this file.
 
 ### Removed
 
+- Removed the PDF report footer year [#7023](https://github.com/wazuh/wazuh-dashboard-plugins/pull/7023)
 - Removed the XML autoformat function group configuration due to performance [#6999](https://github.com/wazuh/wazuh-dashboard-plugins/pull/6999)
 
 ## Wazuh v4.9.0 - OpenSearch Dashboards 2.13.0 - Revision 07

plugins/main/common/api-info/security-actions.json

@@ -551,6 +551,16 @@
       "DELETE /decoders/files/{filename}"
     ]
   },
+  "event:ingest": {
+    "description": "Ingest events",
+    "resources": ["*:*"],
+    "example": {
+      "actions": ["event:ingest"],
+      "resources": ["*:*:*"],
+      "effect": "allow"
+    },
+    "related_endpoints": ["POST /events"]
+  },
   "syscollector:read": {
     "description": "Access agents syscollector information",
     "resources": ["agent:id", "agent:group"],
@@ -694,15 +704,5 @@
       "effect": "deny"
     },
     "related_endpoints": ["GET /tasks/status"]
-  },
-  "event:ingest": {
-    "description": "Ingest events",
-    "resources": ["*:*"],
-    "example": {
-      "actions": ["event:ingest"],
-      "resources": ["*:*:*"],
-      "effect": "allow"
-    },
-    "related_endpoints": ["POST /events"]
   }
 }

plugins/main/common/constants.ts

@@ -81,11 +81,11 @@ export const WAZUH_SAMPLE_ALERTS_CATEGORIES_TYPE_ALERTS = {
     { audit: true },
     { openscap: true },
     { ciscat: true },
+    { virustotal: true },
     { yara: true },
   ],
   [WAZUH_SAMPLE_ALERTS_CATEGORY_THREAT_DETECTION]: [
     { vulnerabilities: true },
-    { virustotal: true },
     { osquery: true },
     { docker: true },
     { mitre: true },
@@ -243,8 +243,6 @@ export const DATA_SOURCE_FILTER_CONTROLLED_MITRE_ATTACK_RULE =
   'mitre-attack-rule';
 export const DATA_SOURCE_FILTER_CONTROLLED_MITRE_ATTACK_RULE_ID =
   'hidden-mitre-attack-rule-id';
-export const DATA_SOURCE_FILTER_CONTROLLED_VIRUSTOTAL_RULE_GROUP =
-  'virustotal-rule-group';
 export const DATA_SOURCE_FILTER_CONTROLLED_GOOGLE_CLOUD_RULE_GROUP =
   'gcp-rule-group';
 export const DATA_SOURCE_FILTER_CONTROLLED_MALWARE_DETECTION_RULE_GROUP =
@@ -303,7 +301,7 @@ export const ASSETS_PUBLIC_URL = '/plugins/wazuh/public/assets/';
 export const REPORTS_LOGO_IMAGE_ASSETS_RELATIVE_PATH =
   'images/logo_reports.png';
 export const REPORTS_PRIMARY_COLOR = '#256BD1';
-export const REPORTS_PAGE_FOOTER_TEXT = 'Copyright © 2024 Wazuh, Inc.';
+export const REPORTS_PAGE_FOOTER_TEXT = 'Copyright © Wazuh, Inc.';
 export const REPORTS_PAGE_HEADER_TEXT = '[email protected]\nhttps://wazuh.com';
 
 // Plugin platform

plugins/main/common/wazuh-modules.ts

@@ -99,12 +99,6 @@ export const WAZUH_MODULES = {
     description:
       'Security events related to your Google Cloud Platform services, collected directly via GCP API.', // TODO GCP
   },
-  virustotal: {
-    title: 'VirusTotal',
-    appId: 'virustotal',
-    description:
-      'Alerts resulting from VirusTotal analysis of suspicious files via an integration with their API.',
-  },
   mitre: {
     title: 'MITRE ATT&CK',
     appId: 'mitre-attack',

plugins/main/opensearch_dashboards.json

@@ -1,6 +1,6 @@
 {
   "id": "wazuh",
-  "version": "4.10.0-01",
+  "version": "4.10.0-02",
   "opensearchDashboardsVersion": "opensearchDashboards",
   "configPath": ["wazuh"],
   "requiredPlugins": [

plugins/main/package.json

@@ -1,7 +1,7 @@
 {
   "name": "wazuh",
   "version": "4.10.0",
-  "revision": "01",
+  "revision": "02",
   "pluginPlatform": {
     "version": "2.16.0"
   },

plugins/main/public/components/add-modules-data/sample-data.tsx

@@ -37,7 +37,6 @@ import {
   malwareDetection,
   mitreAttack,
   office365,
-  virustotal,
   vulnerabilityDetection,
 } from '../../utils/applications';
 
@@ -47,14 +46,18 @@ const sampleSecurityInformationApplication = [
   office365.title,
   googleCloud.title,
   github.title,
-];
+  'authorization',
+  'ssh',
+  'web',
+].join(', ');
 
 const sampleThreatDetectionApplication = [
   vulnerabilityDetection.title,
-  virustotal.title,
   docker.title,
   mitreAttack.title,
-];
+].join(', ');
+
+const sampleMalwareDetection = ['malware', 'VirusTotal', 'YARA'].join(', ');
 
 export default class WzSampleData extends Component {
   categories: {
@@ -77,23 +80,19 @@ export default class WzSampleData extends Component {
     this.categories = [
       {
         title: 'Sample security information',
-        description: `Sample data, visualizations and dashboards for security information (${sampleSecurityInformationApplication.join(
-          ', ',
-        )}, authorization, ssh, web).`,
+        description: `Sample data, visualizations and dashboards for security information (${sampleSecurityInformationApplication}).`,
         image: '',
         categorySampleAlertsIndex: 'security',
       },
       {
         title: `Sample ${malwareDetection.title}`,
-        description: `Sample data, visualizations and dashboards for events of ${malwareDetection.title} (${malwareDetection.title}).`,
+        description: `Sample data, visualizations and dashboards for events of ${malwareDetection.title} (${sampleMalwareDetection}).`,
         image: '',
         categorySampleAlertsIndex: 'auditing-policy-monitoring',
       },
       {
         title: 'Sample threat detection and response',
-        description: `Sample data, visualizations and dashboards for threat events of detection and response (${sampleThreatDetectionApplication.join(
-          ', ',
-        )}).`,
+        description: `Sample data, visualizations and dashboards for threat events of detection and response (${sampleThreatDetectionApplication}).`,
         image: '',
         categorySampleAlertsIndex: 'threat-detection',
       },

plugins/main/public/components/agents/__snapshots__/agent-status.test.tsx.snap

@@ -126,7 +126,8 @@ exports[`AgentStatus component Renders status indicator with the its color and t
       xmlns="http://www.w3.org/2000/svg"
     >
       <path
-        d="M8 14A6 6 0 1 1 8 2a6 6 0 0 1 0 12Zm0-1A5 5 0 1 0 8 3a5 5 0 0 0 0 10Zm-.186-1.065A.785.785 0 0 1 7 11.12c0-.48.34-.82.814-.82.475 0 .809.34.809.82 0 .475-.334.815-.809.815ZM5.9 6.317C5.96 5.168 6.755 4.4 8.048 4.4c1.218 0 2.091.759 2.091 1.8 0 .736-.36 1.304-1.03 1.707-.56.33-.717.56-.717 1.022v.305l-.1.1H7.47l-.1-.1v-.431c-.005-.646.302-1.104.987-1.514.527-.322.708-.59.708-1.047 0-.536-.416-.91-1.05-.91-.652 0-1.064.374-1.112.998l-.1.092H6l-.1-.105Z"
+        d="M7.5 11.508 7.468 8H6.25V7h2.401l.03 3.508H9.8v1H7.5Zm-.25-6.202a.83.83 0 0 1 .207-.577c.137-.153.334-.229.59-.229.256 0 .454.076.594.23.14.152.209.345.209.576 0 .228-.07.417-.21.568-.14.15-.337.226-.593.226-.256 0-.453-.075-.59-.226a.81.81 0 0 1-.207-.568ZM8 13A5 5 0 1 0 8 3a5 5 0 0 0 0 10Zm0 1A6 6 0 1 1 8 2a6 6 0 0 1 0 12Z"
+        fill-rule="evenodd"
       />
     </svg>
   </span>
@@ -193,7 +194,8 @@ exports[`AgentStatus component Renders status indicator with the its color and t
       xmlns="http://www.w3.org/2000/svg"
     >
       <path
-        d="M8 14A6 6 0 1 1 8 2a6 6 0 0 1 0 12Zm0-1A5 5 0 1 0 8 3a5 5 0 0 0 0 10Zm-.186-1.065A.785.785 0 0 1 7 11.12c0-.48.34-.82.814-.82.475 0 .809.34.809.82 0 .475-.334.815-.809.815ZM5.9 6.317C5.96 5.168 6.755 4.4 8.048 4.4c1.218 0 2.091.759 2.091 1.8 0 .736-.36 1.304-1.03 1.707-.56.33-.717.56-.717 1.022v.305l-.1.1H7.47l-.1-.1v-.431c-.005-.646.302-1.104.987-1.514.527-.322.708-.59.708-1.047 0-.536-.416-.91-1.05-.91-.652 0-1.064.374-1.112.998l-.1.092H6l-.1-.105Z"
+        d="M7.5 11.508 7.468 8H6.25V7h2.401l.03 3.508H9.8v1H7.5Zm-.25-6.202a.83.83 0 0 1 .207-.577c.137-.153.334-.229.59-.229.256 0 .454.076.594.23.14.152.209.345.209.576 0 .228-.07.417-.21.568-.14.15-.337.226-.593.226-.256 0-.453-.075-.59-.226a.81.81 0 0 1-.207-.568ZM8 13A5 5 0 1 0 8 3a5 5 0 0 0 0 10Zm0 1A6 6 0 1 1 8 2a6 6 0 0 1 0 12Z"
+        fill-rule="evenodd"
       />
     </svg>
   </span>
@@ -260,7 +262,8 @@ exports[`AgentStatus component Renders status indicator with the its color and t
       xmlns="http://www.w3.org/2000/svg"
     >
       <path
-        d="M8 14A6 6 0 1 1 8 2a6 6 0 0 1 0 12Zm0-1A5 5 0 1 0 8 3a5 5 0 0 0 0 10Zm-.186-1.065A.785.785 0 0 1 7 11.12c0-.48.34-.82.814-.82.475 0 .809.34.809.82 0 .475-.334.815-.809.815ZM5.9 6.317C5.96 5.168 6.755 4.4 8.048 4.4c1.218 0 2.091.759 2.091 1.8 0 .736-.36 1.304-1.03 1.707-.56.33-.717.56-.717 1.022v.305l-.1.1H7.47l-.1-.1v-.431c-.005-.646.302-1.104.987-1.514.527-.322.708-.59.708-1.047 0-.536-.416-.91-1.05-.91-.652 0-1.064.374-1.112.998l-.1.092H6l-.1-.105Z"
+        d="M7.5 11.508 7.468 8H6.25V7h2.401l.03 3.508H9.8v1H7.5Zm-.25-6.202a.83.83 0 0 1 .207-.577c.137-.153.334-.229.59-.229.256 0 .454.076.594.23.14.152.209.345.209.576 0 .228-.07.417-.21.568-.14.15-.337.226-.593.226-.256 0-.453-.075-.59-.226a.81.81 0 0 1-.207-.568ZM8 13A5 5 0 1 0 8 3a5 5 0 0 0 0 10Zm0 1A6 6 0 1 1 8 2a6 6 0 0 1 0 12Z"
+        fill-rule="evenodd"
       />
     </svg>
   </span>

plugins/main/public/components/agents/agent-status.tsx

@@ -26,7 +26,7 @@ export const AgentStatus = ({ status, children = null, style = {}, agent }) => {
         anchorClassName='wz-margin-left-10'
         aria-label='Description'
         size='m'
-        type='questionInCircle'
+        type='iInCircle'
         color='primary'
         content={statusCodeAgent?.STATUS_DESCRIPTION ?? 'Without information'}
       />

plugins/main/public/components/common/data-grid/use-data-grid.tsx

@@ -65,23 +65,23 @@ export const useDataGrid = (props: tDataGridProps): EuiDataGridProps => {
     indexPattern,
     DocViewInspectButton,
     results,
-    defaultColumns: columns,
+    defaultColumns,
     renderColumns,
     useDefaultPagination = false,
     pagination: paginationProps = {},
     filters = [],
     setFilters = () => {},
   } = props;
-  const [columnVisibility, setVisibility] = useState(() =>
-    columns.map(({ id }) => id),
+  const [visibleColumns, setVisibleColumns] = useState<string[]>(() =>
+    defaultColumns.map(({ id }) => id),
   );
   /** Rows */
   const [rows, setRows] = useState<any[]>([]);
   const rowCount = results ? (results?.hits?.total as number) : 0;
   /** Sorting **/
   // get default sorting from default columns
   const getDefaultSorting = () => {
-    const defaultSort = columns.find(
+    const defaultSort = defaultColumns.find(
       column => column.isSortable || column.defaultSortDirection,
     );
     return defaultSort
@@ -110,6 +110,53 @@ export const useDataGrid = (props: tDataGridProps): EuiDataGridProps => {
         },
   );
 
+  const sortFirstMatchedColumns = (
+    firstMatchedColumns: tDataGridColumn[],
+    visibleColumnsOrdered: string[],
+  ) => {
+    firstMatchedColumns.sort(
+      (a, b) =>
+        visibleColumnsOrdered.indexOf(a.id) -
+        visibleColumnsOrdered.indexOf(b.id),
+    );
+    return firstMatchedColumns;
+  };
+
+  const orderFirstMatchedColumns = (
+    columns: tDataGridColumn[],
+    visibleColumnsOrdered: string[],
+  ) => {
+    const firstMatchedColumns: tDataGridColumn[] = [];
+    const nonMatchedColumns: tDataGridColumn[] = [];
+    const visibleColumnsSet = new Set(visibleColumnsOrdered);
+
+    for (let i = 0; i < columns.length; i++) {
+      const column = columns[i];
+      if (visibleColumnsSet.has(column.id)) {
+        firstMatchedColumns.push(column);
+      } else {
+        nonMatchedColumns.push(column);
+      }
+    }
+
+    return [
+      ...sortFirstMatchedColumns(firstMatchedColumns, visibleColumnsOrdered),
+      ...nonMatchedColumns,
+    ];
+  };
+
+  const getColumns = useMemo(() => {
+    return parseColumns(
+      indexPattern?.fields || [],
+      defaultColumns,
+      indexPattern,
+      rows,
+      pagination.pageSize,
+      filters,
+      setFilters,
+    );
+  }, [indexPattern, rows, pagination.pageSize, filters, setFilters]);
+
   const onChangeItemsPerPage = useMemo(
     () => (pageSize: number) =>
       setPagination(pagination => ({
@@ -149,7 +196,7 @@ export const useDataGrid = (props: tDataGridProps): EuiDataGridProps => {
         rowsParsed,
       );
       // check if column have render method initialized
-      const column = columns.find(column => column.id === columnId);
+      const column = defaultColumns.find(column => column.id === columnId);
       if (column && column.render) {
         return column.render(fieldFormatted, rowsParsed[relativeRowIndex]);
       }
@@ -198,53 +245,16 @@ export const useDataGrid = (props: tDataGridProps): EuiDataGridProps => {
     ];
   }, [results]);
 
-  const filterColumns = () => {
-    const allColumns = parseColumns(
-      indexPattern?.fields || [],
-      columns,
-      indexPattern,
-      rows,
-      pagination.pageSize,
-      filters,
-      setFilters,
-    );
-    const columnMatch = [];
-    const columnNonMatch = [];
-
-    for (const item of allColumns) {
-      if (columnVisibility.includes(item.name)) {
-        columnMatch.push(item);
-      } else {
-        columnNonMatch.push(item);
-      }
-    }
-
-    return [...columnMatch, ...columnNonMatch];
-  };
-
-  const defaultColumnsPosition = (columnsVisibility, defaultColumns) => {
-    const defaults = defaultColumns
-      .map(item => item.id)
-      .filter(id => columnsVisibility.includes(id));
-
-    const nonDefaults = columnsVisibility.filter(
-      item => !defaultColumns.map(item => item.id).includes(item),
-    );
-
-    return [...defaults, ...nonDefaults];
-  };
-
   return {
     'aria-labelledby': props.ariaLabelledBy,
-    columns: filterColumns(),
+    columns: orderFirstMatchedColumns(getColumns, visibleColumns),
     columnVisibility: {
-      visibleColumns: defaultColumnsPosition(columnVisibility, columns),
-      setVisibleColumns: setVisibility,
+      visibleColumns,
+      setVisibleColumns,
     },
     renderCellValue: renderCellValue,
     leadingControlColumns: leadingControlColumns,
-    rowCount:
-      rowCount < MAX_ENTRIES_PER_QUERY ? rowCount : MAX_ENTRIES_PER_QUERY,
+    rowCount: Math.min(rowCount, MAX_ENTRIES_PER_QUERY),
     sorting: { columns: sortingColumns, onSort },
     pagination: {
       ...pagination,