wazuh · asteriscos · Nov 27, 2023 · Nov 14, 2023 · Nov 14, 2023 · Nov 14, 2023
diff --git a/.github/workflows/wazuh-build-push-docker-action.yml b/.github/workflows/wazuh-build-push-docker-action.yml
@@ -69,7 +69,7 @@ jobs:
         --build-arg WAZUH_VERSION=${{ github.event.inputs.wazuh-manager-version }} \
         --build-arg FILEBEAT_VERSION=${{ github.event.inputs.elastic-manager-version }} \
         --build-arg FILEBEAT_WAZUH_TEMPLATE_URL=https://raw.githubusercontent.com/wazuh/wazuh/4.0/extensions/elasticsearch/7.x/wazuh-template.json \
-        --build-arg FILEBEAT_WAZUH_MODULE_URL=https://packages.wazuh.com/4.x/filebeat/wazuh-filebeat-0.1.tar.gz .
+        --build-arg FILEBEAT_WAZUH_MODULE_URL=https://packages.wazuh.com/4.x/filebeat/wazuh-filebeat-0.3.tar.gz .
      - name: Step 04 - Push image to quay.io
        run: |
         docker push quay.io/wazuh/wazuh-manager-image:${{ github.event.inputs.wazuh-manager-version }}-${{ github.event.inputs.elastic-manager-version }}

diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -37,7 +37,7 @@ All notable changes to the Wazuh app project will be documented in this file.
 - Removed the `disabled_roles` and `customization.logo.sidebar` settings [#5840](https://github.com/wazuh/wazuh-dashboard-plugins/pull/5840)
 - Removed the ability to configure the visibility of modules and removed `extensions.*` settings [#5840](https://github.com/wazuh/wazuh-dashboard-plugins/pull/5840)
 
-## Wazuh v4.7.1 - OpenSearch Dashboards 2.8.0 - Revision 00
+## Wazuh v4.7.1 - OpenSearch Dashboards 2.8.0 - Revision 01
 
 ### Added
 
@@ -49,7 +49,7 @@ All notable changes to the Wazuh app project will be documented in this file.
 - Fixed UI crash on retrieving log collection configuration for macos agent. [#6104](https://github.com/wazuh/wazuh-dashboard-plugins/pull/6104)
 - Fixed incorrect validation of the agent name on the Deploy new agent window [#6105](https://github.com/wazuh/wazuh-dashboard-plugins/pull/6105)
 
-## Wazuh v4.7.0 - OpenSearch Dashboards 2.8.0 - Revision 03
+## Wazuh v4.7.0 - OpenSearch Dashboards 2.8.0 - Revision 04
 
 ### Added
 

diff --git a/RELEASING.md b/RELEASING.md
@@ -18,7 +18,7 @@ The following files must be updated:
   - `version`: Combination of version and revision of the plugin: `{version}-{revision}`.
 - `CHANGELOG.md`: Changelog of the new release.
 - `plugins/main/common/api-info/endpoints.json`: Data related to endpoints and extracted from server's API specification file
-- `plugins/maincommon/api-info/security-actions.json`: Data related to security actions of extracted from server's API specification file
+- `plugins/main/common/api-info/security-actions.json`: Data related to security actions of extracted from server's API specification file
 - Unit tests (when bumping the minor version could fail some tests due to snapshots)
 
 To bump the version, see [# Bump](#Bump)

diff --git a/docker/kbn-dev/dev.yml b/docker/kbn-dev/dev.yml
@@ -54,7 +54,7 @@ services:
         echo admin | filebeat keystore add username --stdin --force
         echo ${ELASTIC_PASSWORD}| filebeat keystore add password --stdin --force
         curl -so /etc/filebeat/wazuh-template.json https://raw.githubusercontent.com/wazuh/wazuh/4.3/extensions/elasticsearch/7.x/wazuh-template.json
-        curl -s https://packages.wazuh.com/4.x/filebeat/wazuh-filebeat-0.2.tar.gz | tar -xvz -C /usr/share/filebeat/module
+        curl -s https://packages.wazuh.com/4.x/filebeat/wazuh-filebeat-0.3.tar.gz | tar -xvz -C /usr/share/filebeat/module
         # copy filebeat to preserve correct permissions without
         # affecting host filesystem
         cp /tmp/filebeat.yml /usr/share/filebeat/filebeat.yml

diff --git a/docker/osd-dev/dev.yml b/docker/osd-dev/dev.yml
@@ -1,15 +1,15 @@
 version: '2.2'
 
-x-logging: &logging
-  logging:
-    driver: loki
-    options:
-      loki-url: 'http://host.docker.internal:3100/loki/api/v1/push'
+# x-logging: &logging
+#   logging:
+#     driver: loki
+#     options:
+#       loki-url: 'http://host.docker.internal:3100/loki/api/v1/push'
 
 services:
   exporter:
     image: quay.io/prometheuscommunity/elasticsearch-exporter:latest
-    <<: *logging
+    # <<: *logging
     hostname: exporter-osd-${OS_VERSION}
     profiles:
       - 'saml'
@@ -24,7 +24,7 @@ services:
 
   imposter:
     image: outofcoffee/imposter
-    <<: *logging
+    # <<: *logging
     hostname: imposter-osd-${OS_VERSION}
     networks:
       - os-dev
@@ -37,7 +37,7 @@ services:
 
   generator:
     image: cfssl/cfssl
-    <<: *logging
+    # <<: *logging
     profiles:
       - 'saml'
       - 'standard'
@@ -128,7 +128,7 @@ services:
         condition: service_completed_successfully
         required: false
     image: opensearchproject/opensearch:${OS_VERSION}
-    <<: *logging
+    # <<: *logging
     profiles:
       - 'saml'
       - 'standard'
@@ -183,7 +183,7 @@ services:
     networks:
       - os-dev
       - mon
-    <<: *logging
+    # <<: *logging
     # restart: always
     entrypoint:
       - '/bin/bash'
@@ -193,7 +193,7 @@ services:
         echo admin | filebeat keystore add username --stdin --force
         echo ${PASSWORD}| filebeat keystore add password --stdin --force
         curl -so /etc/filebeat/wazuh-template.json https://raw.githubusercontent.com/wazuh/wazuh/4.3/extensions/elasticsearch/7.x/wazuh-template.json
-        curl -s https://packages.wazuh.com/4.x/filebeat/wazuh-filebeat-0.2.tar.gz | tar -xvz -C /usr/share/filebeat/module
+        curl -s https://packages.wazuh.com/4.x/filebeat/wazuh-filebeat-0.3.tar.gz | tar -xvz -C /usr/share/filebeat/module
         # copy filebeat to preserve correct permissions without
         # affecting host filesystem
         cp /tmp/filebeat.yml /usr/share/filebeat/filebeat.yml
@@ -220,7 +220,7 @@ services:
       - devel
       - mon
     user: '1000:1000'
-    <<: *logging
+    # <<: *logging
     ports:
       - ${OSD_PORT}:5601
     environment:
@@ -274,7 +274,7 @@ services:
     profiles:
       - 'saml'
     hostname: idp
-    <<: *logging
+    # <<: *logging
     networks:
       - os-dev
       - mon
@@ -303,7 +303,7 @@ services:
     profiles:
       - 'saml'
     hostname: idpsetup
-    <<: *logging
+    # <<: *logging
     networks:
       - os-dev
       - mon

diff --git a/docker/wazuh-4.2-es/pre.yml b/docker/wazuh-4.2-es/pre.yml
@@ -51,7 +51,7 @@ services:
         echo admin | filebeat keystore add username --stdin --force
         echo ${ELASTIC_PASSWORD}| filebeat keystore add password --stdin --force
         curl -so /etc/filebeat/wazuh-template.json https://raw.githubusercontent.com/wazuh/wazuh/4.2/extensions/elasticsearch/7.x/wazuh-template.json
-        curl -s https://packages.wazuh.com/4.x/filebeat/wazuh-filebeat-0.2.tar.gz | tar -xvz -C /usr/share/filebeat/module
+        curl -s https://packages.wazuh.com/4.x/filebeat/wazuh-filebeat-0.3.tar.gz | tar -xvz -C /usr/share/filebeat/module
         # copy filebeat to preserve correct permissions without
         # affecting host filesystem
         cp /tmp/filebeat.yml /usr/share/filebeat/filebeat.yml

diff --git a/docker/wazuh-4.3-wz/pre.yml b/docker/wazuh-4.3-wz/pre.yml
@@ -123,7 +123,7 @@ services:
         echo admin | filebeat keystore add username --stdin --force
         echo SecretPassword| filebeat keystore add password --stdin --force
         curl -so /etc/filebeat/wazuh-template.json https://raw.githubusercontent.com/wazuh/wazuh/4.3/extensions/elasticsearch/7.x/wazuh-template.json
-        curl -s https://packages.wazuh.com/4.x/filebeat/wazuh-filebeat-0.2.tar.gz | tar -xvz -C /usr/share/filebeat/module
+        curl -s https://packages.wazuh.com/4.x/filebeat/wazuh-filebeat-0.3.tar.gz | tar -xvz -C /usr/share/filebeat/module
         # copy filebeat to preserve correct permissions without
         # affecting host filesystem
         cp /tmp/filebeat.yml /usr/share/filebeat/filebeat.yml

diff --git a/docker/wazuh-4.4-wz/pre.yml b/docker/wazuh-4.4-wz/pre.yml
@@ -123,7 +123,7 @@ services:
         echo admin | filebeat keystore add username --stdin --force
         echo SecretPassword| filebeat keystore add password --stdin --force
         curl -so /etc/filebeat/wazuh-template.json https://raw.githubusercontent.com/wazuh/wazuh/4.3/extensions/elasticsearch/7.x/wazuh-template.json
-        curl -s https://packages.wazuh.com/4.x/filebeat/wazuh-filebeat-0.2.tar.gz | tar -xvz -C /usr/share/filebeat/module
+        curl -s https://packages.wazuh.com/4.x/filebeat/wazuh-filebeat-0.3.tar.gz | tar -xvz -C /usr/share/filebeat/module
         # copy filebeat to preserve correct permissions without
         # affecting host filesystem
         cp /tmp/filebeat.yml /usr/share/filebeat/filebeat.yml

diff --git a/docker/wazuh-4.5-wz/pre.yml b/docker/wazuh-4.5-wz/pre.yml
@@ -123,7 +123,7 @@ services:
         echo admin | filebeat keystore add username --stdin --force
         echo SecretPassword| filebeat keystore add password --stdin --force
         curl -so /etc/filebeat/wazuh-template.json https://raw.githubusercontent.com/wazuh/wazuh/4.3/extensions/elasticsearch/7.x/wazuh-template.json
-        curl -s https://packages.wazuh.com/4.x/filebeat/wazuh-filebeat-0.2.tar.gz | tar -xvz -C /usr/share/filebeat/module
+        curl -s https://packages.wazuh.com/4.x/filebeat/wazuh-filebeat-0.3.tar.gz | tar -xvz -C /usr/share/filebeat/module
         # copy filebeat to preserve correct permissions without
         # affecting host filesystem
         cp /tmp/filebeat.yml /usr/share/filebeat/filebeat.yml

diff --git a/docker/wazuh-4.x-es/pre.yml b/docker/wazuh-4.x-es/pre.yml
@@ -51,7 +51,7 @@ services:
         echo admin | filebeat keystore add username --stdin --force
         echo ${ELASTIC_PASSWORD}| filebeat keystore add password --stdin --force
         curl -so /etc/filebeat/wazuh-template.json https://raw.githubusercontent.com/wazuh/wazuh/4.3/extensions/elasticsearch/7.x/wazuh-template.json
-        curl -s https://packages.wazuh.com/4.x/filebeat/wazuh-filebeat-0.2.tar.gz | tar -xvz -C /usr/share/filebeat/module
+        curl -s https://packages.wazuh.com/4.x/filebeat/wazuh-filebeat-0.3.tar.gz | tar -xvz -C /usr/share/filebeat/module
         # copy filebeat to preserve correct permissions without
         # affecting host filesystem
         cp /tmp/filebeat.yml /usr/share/filebeat/filebeat.yml

diff --git a/plugins/main/common/config-equivalences.js b/plugins/main/common/config-equivalences.js
@@ -58,6 +58,8 @@ export const configEquivalences = {
     'Define the number of replicas to use for the statistics indices.',
   'alerts.sample.prefix':
     'Define the index name prefix of sample alerts. It must match the template used by the index pattern to avoid unknown fields in dashboards.',
+  'vulnerabilities.pattern':
+    'Default index pattern to use for vulnerabilities.',
 };
 
 export const nameEquivalence = {
@@ -94,20 +96,24 @@ export const nameEquivalence = {
   'cron.statistics.index.shards': 'Index shards',
   'cron.statistics.index.replicas': 'Index replicas',
   'alerts.sample.prefix': 'Sample alerts prefix',
+  'vulnerabilities.pattern': 'Index pattern',
+  'checks.vulnerabilities.pattern': 'Vulnerabilities index pattern',
 };
 
 const HEALTH_CHECK = 'Health Check';
 const GENERAL = 'General';
 const SECURITY = 'Security';
 const MONITORING = 'Monitoring';
 const STATISTICS = 'Statistics';
+const VULNERABILITIES = 'Vulnerabilities';
 const CUSTOMIZATION = 'Logo Customization';
 export const categoriesNames = [
   HEALTH_CHECK,
   GENERAL,
   SECURITY,
   MONITORING,
   STATISTICS,
+  VULNERABILITIES,
   CUSTOMIZATION,
 ];
 
@@ -145,6 +151,8 @@ export const categoriesEquivalence = {
   'cron.statistics.index.shards': STATISTICS,
   'cron.statistics.index.replicas': STATISTICS,
   'alerts.sample.prefix': GENERAL,
+  'vulnerabilities.pattern': VULNERABILITIES,
+  'checks.vulnerabilities.pattern': HEALTH_CHECK,
 };
 
 const TEXT = 'text';
@@ -216,4 +224,6 @@ export const formEquivalence = {
   'cron.statistics.index.shards': { type: NUMBER },
   'cron.statistics.index.replicas': { type: NUMBER },
   'alerts.sample.prefix': { type: TEXT },
+  'vulnerabilities.pattern': { type: TEXT },
+  'checks.vulnerabilities.pattern': { type: BOOLEAN },
 };
diff --git a/plugins/main/common/constants.ts b/plugins/main/common/constants.ts
@@ -48,6 +48,9 @@ export const WAZUH_STATISTICS_DEFAULT_STATUS = true;
 export const WAZUH_STATISTICS_DEFAULT_FREQUENCY = 900;
 export const WAZUH_STATISTICS_DEFAULT_CRON_FREQ = '0 */5 * * * *';
 
+// Wazuh vulnerabilities
+export const WAZUH_VULNERABILITIES_PATTERN = 'wazuh-states-vulnerabilities';
+
 // Job - Wazuh initialize
 export const WAZUH_PLUGIN_PLATFORM_TEMPLATE_NAME = 'wazuh-kibana';
 
@@ -402,6 +405,10 @@ export const ELASTIC_NAME = 'elastic';
 // Default Wazuh indexer name
 export const WAZUH_INDEXER_NAME = 'Wazuh indexer';
 
+// Not timeFieldName on index pattern
+export const NOT_TIME_FIELD_NAME_INDEX_PATTERN =
+  'not_time_field_name_index_pattern';
+
 // Customization
 export const CUSTOMIZATION_ENDPOINT_PAYLOAD_UPLOAD_CUSTOM_FILE_MAXIMUM_BYTES = 1048576;
 
@@ -411,6 +418,7 @@ export enum SettingCategory {
   HEALTH_CHECK,
   MONITORING,
   STATISTICS,
+  VULNERABILITIES,
   SECURITY,
   CUSTOMIZATION,
 }
@@ -563,6 +571,12 @@ export const PLUGIN_SETTINGS_CATEGORIES: {
       'Options related to the daemons manager monitoring job and their storage in indexes.',
     renderOrder: SettingCategory.STATISTICS,
   },
+  [SettingCategory.VULNERABILITIES]: {
+    title: 'Vulnerabilities',
+    description:
+      'Options related to the agent vulnerabilities monitoring job and its storage in indexes.',
+    renderOrder: SettingCategory.VULNERABILITIES,
+  },
   [SettingCategory.CUSTOMIZATION]: {
     title: 'Custom branding',
     description:
@@ -820,6 +834,33 @@ export const PLUGIN_SETTINGS: { [key: string]: TPluginSetting } = {
       return schema.boolean();
     },
   },
+  'checks.vulnerabilities.pattern': {
+    title: 'Vulnerabilities index pattern',
+    description:
+      'Enable or disable the vulnerabilities index pattern health check when opening the app.',
+    category: SettingCategory.HEALTH_CHECK,
+    type: EpluginSettingType.switch,
+    defaultValue: true,
+    isConfigurableFromFile: true,
+    isConfigurableFromUI: true,
+    options: {
+      switch: {
+        values: {
+          disabled: { label: 'false', value: false },
+          enabled: { label: 'true', value: true },
+        },
+      },
+    },
+    uiFormTransformChangedInputValue: function (
+      value: boolean | string,
+    ): boolean {
+      return Boolean(value);
+    },
+    validate: SettingsValidator.isBoolean,
+    validateBackend: function (schema) {
+      return schema.boolean();
+    },
+  },
   'cron.prefix': {
     title: 'Cron prefix',
     description: 'Define the index prefix of predefined jobs.',
@@ -1108,7 +1149,7 @@ export const PLUGIN_SETTINGS: { [key: string]: TPluginSetting } = {
   },
   'customization.logo.app': {
     title: 'App main logo',
-    description: `This logo is used as loading indicator while the user is logging into Wazuh API`,
+    description: `This logo is used as loading indicator while the user is logging into Wazuh API.`,
     category: SettingCategory.CUSTOMIZATION,
     type: EpluginSettingType.filepicker,
     defaultValue: '',
@@ -1720,6 +1761,36 @@ export const PLUGIN_SETTINGS: { [key: string]: TPluginSetting } = {
       return schema.number({ validate: this.validate.bind(this) });
     },
   },
+  'vulnerabilities.pattern': {
+    title: 'Index pattern',
+    description: 'Default index pattern to use for vulnerabilities.',
+    category: SettingCategory.VULNERABILITIES,
+    type: EpluginSettingType.text,
+    defaultValue: WAZUH_VULNERABILITIES_PATTERN,
+    isConfigurableFromFile: true,
+    isConfigurableFromUI: true,
+    requiresRunningHealthCheck: false,
+    validate: SettingsValidator.compose(
+      SettingsValidator.isNotEmptyString,
+      SettingsValidator.hasNoSpaces,
+      SettingsValidator.noLiteralString('.', '..'),
+      SettingsValidator.noStartsWithString('-', '_', '+', '.'),
+      SettingsValidator.hasNotInvalidCharacters(
+        '\\',
+        '/',
+        '?',
+        '"',
+        '<',
+        '>',
+        '|',
+        ',',
+        '#',
+      ),
+    ),
+    validateBackend: function (schema) {
+      return schema.string({ minLength: 1, validate: this.validate });
+    },
+  },
 };
 
 export type TPluginSettingKey = keyof typeof PLUGIN_SETTINGS;

diff --git a/plugins/main/common/plugin-settings.test.ts b/plugins/main/common/plugin-settings.test.ts
@@ -34,6 +34,8 @@ describe('[settings] Input validation', () => {
     ${'checks.template'}                | ${0}                                                                   | ${'It should be a boolean. Allowed values: true or false.'}
     ${'checks.timeFilter'}              | ${true}                                                                | ${undefined}
     ${'checks.timeFilter'}              | ${0}                                                                   | ${'It should be a boolean. Allowed values: true or false.'}
+    ${'checks.vulnerabilities.pattern'} | ${true}                                                                | ${undefined}
+    ${'checks.vulnerabilities.pattern'} | ${0}                                                                   | ${'It should be a boolean. Allowed values: true or false.'}
     ${'cron.prefix'}                    | ${'test'}                                                              | ${undefined}
     ${'cron.prefix'}                    | ${'test space'}                                                        | ${'No whitespaces allowed.'}
     ${'cron.prefix'}                    | ${''}                                                                  | ${'Value can not be empty.'}
@@ -208,6 +210,22 @@ describe('[settings] Input validation', () => {
     ${'wazuh.monitoring.shards'}        | ${-1}                                                                  | ${'Value should be greater or equal than 1.'}
     ${'wazuh.monitoring.shards'}        | ${'1.2'}                                                               | ${'Number should be an integer.'}
     ${'wazuh.monitoring.shards'}        | ${1.2}                                                                 | ${'Number should be an integer.'}
+    ${'vulnerabilities.pattern'}        | ${'test'}                                                              | ${undefined}
+    ${'vulnerabilities.pattern'}        | ${'test*'}                                                             | ${undefined}
+    ${'vulnerabilities.pattern'}        | ${''}                                                                  | ${'Value can not be empty.'}
+    ${'vulnerabilities.pattern'}        | ${'-test'}                                                             | ${"It can't start with: -, _, +, .."}
+    ${'vulnerabilities.pattern'}        | ${'_test'}                                                             | ${"It can't start with: -, _, +, .."}
+    ${'vulnerabilities.pattern'}        | ${'+test'}                                                             | ${"It can't start with: -, _, +, .."}
+    ${'vulnerabilities.pattern'}        | ${'.test'}                                                             | ${"It can't start with: -, _, +, .."}
+    ${'vulnerabilities.pattern'}        | ${'test\\'}                                                            | ${'It can\'t contain invalid characters: \\, /, ?, ", <, >, |, ,, #.'}
+    ${'vulnerabilities.pattern'}        | ${'test/'}                                                             | ${'It can\'t contain invalid characters: \\, /, ?, ", <, >, |, ,, #.'}
+    ${'vulnerabilities.pattern'}        | ${'test?'}                                                             | ${'It can\'t contain invalid characters: \\, /, ?, ", <, >, |, ,, #.'}
+    ${'vulnerabilities.pattern'}        | ${'test"'}                                                             | ${'It can\'t contain invalid characters: \\, /, ?, ", <, >, |, ,, #.'}
+    ${'vulnerabilities.pattern'}        | ${'test<'}                                                             | ${'It can\'t contain invalid characters: \\, /, ?, ", <, >, |, ,, #.'}
+    ${'vulnerabilities.pattern'}        | ${'test>'}                                                             | ${'It can\'t contain invalid characters: \\, /, ?, ", <, >, |, ,, #.'}
+    ${'vulnerabilities.pattern'}        | ${'test|'}                                                             | ${'It can\'t contain invalid characters: \\, /, ?, ", <, >, |, ,, #.'}
+    ${'vulnerabilities.pattern'}        | ${'test,'}                                                             | ${'It can\'t contain invalid characters: \\, /, ?, ", <, >, |, ,, #.'}
+    ${'vulnerabilities.pattern'}        | ${'test#'}                                                             | ${'It can\'t contain invalid characters: \\, /, ?, ", <, >, |, ,, #.'}
   `(
     '$setting | $value | $expectedValidation',
     ({ setting, value, expectedValidation }) => {