Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Migrate wazuh.yml configuration to opensearch_dashboard.yml #339

Open
Tracked by #164
, #408
...
asteriscos opened this issue Oct 2, 2024 · 7 comments · May be fixed by wazuh/wazuh-dashboard-plugins#7175
Open
Tracked by #164
, #408
...

Migrate wazuh.yml configuration to opensearch_dashboard.yml #339

asteriscos opened this issue Oct 2, 2024 · 7 comments · May be fixed by wazuh/wazuh-dashboard-plugins#7175
Assignees
@Machi3mfl
Labels
level/task Task issue type/enhancement New feature or request

Comments

@asteriscos
Copy link
Member

asteriscos commented Oct 2, 2024
edited by Desvelao
Loading

Description

As part of the Reporting revamp objective, we need to migrate wazuh.yml configuration to opensearch_dashboard.yml file. Moreover, we want to rename the opensearch_dashboard.yml file to wazuh_dashboard.yml.

Objective

References
@asteriscos asteriscos mentioned this issue Oct 2, 2024
Open
4 tasks
@asteriscos asteriscos added level/task Task issue type/enhancement New feature or request labels Oct 2, 2024
@wazuhci wazuhci moved this to Triage in Release 5.0.0 Oct 2, 2024
@wazuhci wazuhci moved this from Triage to Backlog in Release 5.0.0 Oct 21, 2024
@asteriscos asteriscos mentioned this issue Nov 12, 2024
Open
11 tasks
@Machi3mfl Machi3mfl self-assigned this Nov 22, 2024
@wazuhci wazuhci moved this from Backlog to In progress in Release 5.0.0 Nov 22, 2024
@Machi3mfl Machi3mfl linked a pull request Nov 25, 2024 that will close this issue
Draft
6 tasks
@Machi3mfl
Copy link
Member

Machi3mfl commented Nov 27, 2024
edited
Loading

Moving the host's config to the opensearch_dashboards.yml

When we move the config from wazuh.yml to opensearch_dashboard.yml, the plugin name must be placed before the configuration name. In this case, as the configuration will be used in the core plugin, the configuration will be preceded by the word wazuh_core (always must match with the plugin name).

After

wazuh_core.hosts:
  manager:
    url: 'https://wazuh.manager'
    port: 55000
    username: wazuh-wui
    password: API_PASSWORD
    run_as: false

Before

hosts:
  - manager:
      url: 'https://wazuh.manager'
      port: 55000
      username: wazuh-wui
      password: API_PASSWORD
      run_as: false

@Machi3mfl
Copy link
Member

Machi3mfl commented Dec 2, 2024
edited
Loading

Configuration Management

There are various types of configurations, including global and context-specific (plugin). Currently, the configuration located in the wazuh.yml file is centralized in one location, regardless of the context in which it is managed.

When transferring the configuration to the opensearch_dashboards.yml file, it is crucial to determine whether it will be defined in the core or within a specific plugin.

The configurations defined to date are as follows:

export const PLUGIN_SETTINGS = {
  'alerts.sample.prefix': {
    title: 'Sample alerts prefix',
    description: 'Define the index name prefix of sample alerts. It must match the template used by the index pattern to avoid unknown fields in dashboards.',
  },
  'checks.api': {
    title: 'API connection',
    description: 'Enable or disable the API health check when opening the app.',
  },
  'checks.fields': {
    title: 'Known fields',
    description: 'Enable or disable the known fields health check when opening the app.',
  },
  'checks.maxBuckets': {
    title: 'Set max buckets to 200000',
    description: 'Change the default value of the plugin platform max buckets configuration.',
  },
  'checks.metaFields': {
    title: 'Remove meta fields',
    description: 'Change the default value of the plugin platform metaField configuration.',
  },
  'checks.pattern': {
    title: 'Index pattern',
    description: 'Enable or disable the index pattern health check when opening the app.',
  },
  'checks.setup': {
    title: 'API version',
    description: 'Enable or disable the setup health check when opening the app.',
  },
  'checks.template': {
    title: 'Index template',
    description: 'Enable or disable the template health check when opening the app.',
  },
  'checks.timeFilter': {
    title: 'Set time filter to 24h',
    description: 'Change the default value of the plugin platform timeFilter configuration.',
  },
  'configuration.ui_api_editable': {
    title: 'Configuration UI editable',
    description: 'Enable or disable the ability to edit the configuration from UI or API endpoints. When disabled, this can only be edited from the configuration file, the related API endpoints are disabled, and the UI is inaccessible.',
  },
  'cron.prefix': {
    title: 'Cron prefix',
    description: 'Define the index prefix of predefined jobs.',
  },
  'cron.statistics.apis': {
    title: 'Includes APIs',
    description: 'Enter the ID of the hosts you want to save data from, leave this empty to run the task on every host.',
  },
  'customization.enabled': {
    title: 'Status',
    description: 'Enable or disable the customization.',
  },
  'enrollment.dns': {
    title: 'Enrollment DNS',
    description: 'Specifies the Wazuh registration server, used for the agent enrollment.',
  },
  'enrollment.password': {
    title: 'Enrollment password',
    description: 'Specifies the password used to authenticate during the agent enrollment.',
  },
  hideManagerAlerts: {
    title: 'Hide manager alerts',
    description: 'Hide the alerts of the manager in every dashboard.',
  },
  hosts: {
    title: 'Server hosts',
    description: 'Configure the API connections.',
  },
  'ip.ignore': {
    title: 'Index pattern ignore',
    description: 'Disable certain index pattern names from being available in index pattern selector.',
  },
  'ip.selector': {
    title: 'IP selector',
    description:  'Define if the user is allowed to change the selected index pattern directly from the top menu bar.'
  },
'wazuh.updates.disabled': {
    title: 'Check updates',
    description: 'Define if the check updates service is active.'
  },
  'timeout': {
    title: 'Request timeout'
  },
  'wazuh.monitoring.creation': {
    title: 'Index creation',
    description: 'Define the interval in which a new wazuh-monitoring index will be created.'
  },
  'wazuh.monitoring.enabled': {
    title: 'Status',
    description: 'Enable or disable the wazuh-monitoring index creation and/or visualization.'
  },
  'wazuh.monitoring.frequency': {
    title: 'Frequency',
    description: 'Frequency, in seconds, of API requests to get the state of the agents and create a new document in the wazuh-monitoring index with this data.'
  },
  'wazuh.monitoring.pattern': {
    title: 'Index pattern',
    description: 'Default index pattern to use for Wazuh monitoring.'
  },
  'wazuh.monitoring.replicas': {
    title: 'Index replicas',
    description: 'Define the number of replicas to use for the wazuh-monitoring-* indices.'
  },
  'wazuh.monitoring.shards': {
    title: 'Index shards',
    description: 'Define the number of shards to use for the wazuh-monitoring-* indices.'
  },
  'vulnerabilities.pattern': {
    title: 'Index pattern',
    description: 'Default index pattern to use for vulnerabilities.'
  }
}

Configuration Availability Types

It is also important to define the availability requirements for each type of configuration. We can categorize them into several types:

  • Static: Changes take effect only after a restart.
  • Dynamic: Modifications can be made at any time, and the configuration should take effect without requiring a restart.

Categorizing Configurations

These criteria necessitate categorizing all available configurations to decide which implementation approach to use. Here are some options:

  1. Using the initializerContext of OSD: This retrieves the configuration defined in opensearch_dashboards.yml and makes it available to plugins for use.

  2. Creating an Endpoint: This allows for obtaining the configuration at any time through an HTTP call. Performance considerations must be taken into account for this solution.

  3. Developing an Interface: This would create a hybrid solution between the aforementioned methods, facilitating easier resolution of issues when modifications are made to native OpenSearch methods (especially when using initializerContext).

Configuration Overview Table

Here’s a table summarizing the types of configurations and their characteristics:

Configuration Type Description Implementation Options
Static Requires restart for changes to take effect using OSD contextInitializer
Dynamic Takes effect immediately upon modification create custom solution

This table provides a clear overview of the different types of configurations, their descriptions, and possible implementation options, making it easier to understand and decide on the appropriate approach for configuration management.

@Machi3mfl
Copy link
Member

Machi3mfl commented Dec 2, 2024
edited
Loading

Configurations categorizations

Steps to transform the JSON into a Markdown table:

  1. Extract name, title and description from PLUGIN_SETTINGS
  2. Create table headers
  3. Format each entry as a row
  4. Leave type, deprecated and annotations columns empty
Config Title Description Type Deprecated Annotations
alerts.sample.prefix Sample alerts prefix Define the index name prefix of sample alerts. It must match the template used by the index pattern to avoid unknown fields in dashboards.
checks.api API connection Enable or disable the API health check when opening the app.
checks.fields Known fields Enable or disable the known fields health check when opening the app.
checks.maxBuckets Set max buckets to 200000 Change the default value of the plugin platform max buckets configuration.
checks.metaFields Remove meta fields Change the default value of the plugin platform metaField configuration.
checks.pattern Index pattern Enable or disable the index pattern health check when opening the app.
checks.setup API version Enable or disable the setup health check when opening the app.
checks.template Index template Enable or disable the template health check when opening the app.
checks.timeFilter Set time filter to 24h Change the default value of the plugin platform timeFilter configuration.
configuration.ui_api_editable Configuration UI editable Enable or disable the ability to edit the configuration from UI or API endpoints. When disabled, this can only be edited from the configuration file, the related API endpoints are disabled, and the UI is inaccessible.
cron.prefix Cron prefix Define the index prefix of predefined jobs.
cron.statistics.apis Includes APIs Enter the ID of the hosts you want to save data from, leave this empty to run the task on every host. 🚫
cron.statistics.index.creation Index creation Define the interval in which a new index will be created. 🚫
cron.statistics.index.name Index name Define the name of the index in which the documents will be saved. 🚫
cron.statistics.index.replicas Index replicas Define the number of replicas to use for the statistics indices. 🚫
cron.statistics.index.shards Index shards Define the number of shards to use for the statistics indices. 🚫
cron.statistics.interval Interval Define the frequency of task execution using cron schedule expressions. 🚫
cron.statistics.status Status Enable or disable the statistics tasks. 🚫
customization.enabled Status Enable or disable the customization.
customization.logo.app App main logo This logo is used as loading indicator while the user is logging into Wazuh API.
customization.logo.healthcheck Healthcheck logo This logo is displayed during the Healthcheck routine of the app.
customization.logo.reports PDF reports logo This logo is used in the PDF reports generated by the app. It's placed at the top left corner of every page of the PDF. Moved to reporting plugin
customization.reports.footer Reports footer Set the footer of the reports. Moved to reporting plugin
customization.reports.header Reports header Set the header of the reports. Moved to reporting plugin
enrollment.dns Enrollment DNS Specifies the Wazuh registration server, used for the agent enrollment.
enrollment.password Enrollment password Specifies the password used to authenticate during the agent enrollment.
hideManagerAlerts Hide manager alerts Hide the alerts of the manager in every dashboard.
hosts Server hosts Configure the API connections.
ip.ignore Index pattern ignore Disable certain index pattern names from being available in index pattern selector.
ip.selector IP selector Define if the user is allowed to change the selected index pattern directly from the top menu bar.
pattern Index pattern Default index pattern to use on the app. If there's no valid index pattern, the app will automatically create one with the name indicated in this option.
timeout Request timeout Maximum time, in milliseconds, the app will wait for an API response when making requests to it. It will be ignored if the value is set under 1500 milliseconds.
vulnerabilities.pattern Index pattern Default index pattern to use for vulnerabilities.
wazuh.monitoring.creation Index creation Define the interval in which a new wazuh-monitoring index will be created. 🚫
wazuh.monitoring.enabled Status Enable or disable the wazuh-monitoring index creation and/or visualization. 🚫
wazuh.monitoring.frequency Frequency Frequency, in seconds, of API requests to get the state of the agents and create a new document in the wazuh-monitoring index with this data. 🚫
wazuh.monitoring.pattern Index pattern Default index pattern to use for Wazuh monitoring. 🚫
wazuh.monitoring.replicas Index replicas Define the number of replicas to use for the wazuh-monitoring-* indices. 🚫
wazuh.monitoring.shards Index shards Define the number of shards to use for the wazuh-monitoring-* indices. 🚫
wazuh.updates.disabled Check updates Define if the check updates service is active. 🚫

@Machi3mfl
Copy link
Member

Machi3mfl commented Dec 4, 2024
edited
Loading

How to create configuration at the tenant level

The tenant configuration is displayed on the Dashboard Management > Advanced Settings section

Screenshot 2024-12-03 at 8 57 56 PM 
export const CONTEXT_DEFAULT_SIZE_SETTING = 'context:defaultSize';
export const CONTEXT_STEP_SETTING = 'context:step';
export const CONTEXT_TIE_BREAKER_FIELDS_SETTING = 'context:tieBreakerFields';

export const uiSettings: Record<string, UiSettingsParams> = {
  [CONTEXT_DEFAULT_SIZE_SETTING]: {
    name: i18n.translate('discover.advancedSettings.context.defaultSizeTitle', {
      defaultMessage: 'Context size',
    }),
    value: 5,
    description: i18n.translate('discover.advancedSettings.context.defaultSizeText', {
      defaultMessage: 'The number of surrounding entries to show in the context view',
    }),
    category: ['discover'],
    schema: schema.number(),
  },
  [CONTEXT_STEP_SETTING]: {
    name: i18n.translate('discover.advancedSettings.context.sizeStepTitle', {
      defaultMessage: 'Context size step',
    }),
    value: 5,
    description: i18n.translate('discover.advancedSettings.context.sizeStepText', {
      defaultMessage: 'The step size to increment or decrement the context size by',
    }),
    category: ['discover'],
    schema: schema.number(),
  },
  [CONTEXT_TIE_BREAKER_FIELDS_SETTING]: {
    name: i18n.translate('discover.advancedSettings.context.tieBreakerFieldsTitle', {
      defaultMessage: 'Tie breaker fields',
    }),
    value: ['_doc'],
    description: i18n.translate('discover.advancedSettings.context.tieBreakerFieldsText', {
      defaultMessage:
        'A comma-separated list of fields to use for tie-breaking between documents that have the same timestamp value. ' +
        'From this list the first field that is present and sortable in the current index pattern is used.',
    }),
    category: ['discover'],
    schema: schema.arrayOf(schema.string()),
  },
};

Register the uiSetting on the plugin lifecycle methods

export class DiscoverServerPlugin implements Plugin<object, object> {
  public setup(core: CoreSetup) {
    core.uiSettings.register(uiSettings);
    return {};
  }

  public start(core: CoreStart) {
    return {};
  }

  public stop() {}
}

Use the uiSettings

 core.uiSettings.get(CONTEXT_TIE_BREAKER_FIELDS_SETTING)

@Machi3mfl
Copy link
Member

Machi3mfl commented Dec 4, 2024
edited
Loading

Adding plugin advanced settings

Screenshot 2024-12-04 at 9 29 47 AM 
const HIDE_MANAGER_ALERTS_SETTING = 'hideManagerAlerts';

export const uiSettings: Record<string, UiSettingsParams> = {
    [HIDE_MANAGER_ALERTS_SETTING]: {
      name: i18n.translate('wazuhCore.advancedSettings.hideManagerAlerts', {
        defaultMessage: 'Hide manager alerts',
      }),
      type: 'boolean',
      value: true,
      description: i18n.translate('wazuhCore.advancedSettings.hideManagerAlertsText', {
        defaultMessage: 'Hide the alerts of the manager in every dashboard.',
      }),
      category: ['wazuhCore'],
      schema: schema.boolean()
    },
}

Get the settings values

 core.uiSettings.get('hideManagerAlerts')
Screenshot 2024-12-03 at 9 54 49 PM

@Machi3mfl
Copy link
Member

Machi3mfl commented Dec 11, 2024
edited
Loading

Tasks

Screenshot 2024-12-13 at 5 25 49 PM

@Machi3mfl
Copy link
Member

Machi3mfl commented Dec 16, 2024
edited
Loading

Transform the plugin settings to ui settings

  • Creating an adapter to reuse the constant already defined in the wazuh plugin
Screen.Recording.2024-12-16.at.6.31.37.PM.mov
  • Reuse the validate function to create the uiSettings definitions
Screen.Recording.2024-12-17.at.3.01.58.PM.mov

Details on: wazuh/wazuh-dashboard-plugins@bced596

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@Machi3mfl Machi3mfl

Labels
level/task Task issue type/enhancement New feature or request
Projects
Release 5.0.0
Status: In progress
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Migrate wazuh.yml configuration to opensearch_dashboards.yml wazuh/wazuh-dashboard-plugins
2 participants
@Machi3mfl @asteriscos