diff --git a/.github/workflows/wazuh-build-push-docker-action.yml b/.github/workflows/wazuh-build-push-docker-action.yml index f7bc1af27c..74c233c965 100644 --- a/.github/workflows/wazuh-build-push-docker-action.yml +++ b/.github/workflows/wazuh-build-push-docker-action.yml @@ -69,7 +69,7 @@ jobs: --build-arg WAZUH_VERSION=${{ github.event.inputs.wazuh-manager-version }} \ --build-arg FILEBEAT_VERSION=${{ github.event.inputs.elastic-manager-version }} \ --build-arg FILEBEAT_WAZUH_TEMPLATE_URL=https://raw.githubusercontent.com/wazuh/wazuh/4.0/extensions/elasticsearch/7.x/wazuh-template.json \ - --build-arg FILEBEAT_WAZUH_MODULE_URL=https://packages.wazuh.com/4.x/filebeat/wazuh-filebeat-0.1.tar.gz . + --build-arg FILEBEAT_WAZUH_MODULE_URL=https://packages.wazuh.com/4.x/filebeat/wazuh-filebeat-0.3.tar.gz . - name: Step 04 - Push image to quay.io run: | docker push quay.io/wazuh/wazuh-manager-image:${{ github.event.inputs.wazuh-manager-version }}-${{ github.event.inputs.elastic-manager-version }} diff --git a/CHANGELOG.md b/CHANGELOG.md index b4cb2d1a33..79a34c5c88 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -8,6 +8,12 @@ All notable changes to the Wazuh app project will be documented in this file. - Support for Wazuh 4.9.0 +## Wazuh v4.8.1 - OpenSearch Dashboards 2.10.0 - Revision 00 + +### Added + +- Support for Wazuh 4.8.1 + ## Wazuh v4.8.0 - OpenSearch Dashboards 2.10.0 - Revision 00 ### Added @@ -37,7 +43,7 @@ All notable changes to the Wazuh app project will be documented in this file. - Removed the `disabled_roles` and `customization.logo.sidebar` settings [#5840](https://github.com/wazuh/wazuh-dashboard-plugins/pull/5840) - Removed the ability to configure the visibility of modules and removed `extensions.*` settings [#5840](https://github.com/wazuh/wazuh-dashboard-plugins/pull/5840) -## Wazuh v4.7.1 - OpenSearch Dashboards 2.8.0 - Revision 00 +## Wazuh v4.7.1 - OpenSearch Dashboards 2.8.0 - Revision 01 ### Added @@ -49,7 +55,7 @@ All notable changes to the Wazuh app project will be documented in this file. - Fixed UI crash on retrieving log collection configuration for macos agent. [#6104](https://github.com/wazuh/wazuh-dashboard-plugins/pull/6104) - Fixed incorrect validation of the agent name on the Deploy new agent window [#6105](https://github.com/wazuh/wazuh-dashboard-plugins/pull/6105) -## Wazuh v4.7.0 - OpenSearch Dashboards 2.8.0 - Revision 03 +## Wazuh v4.7.0 - OpenSearch Dashboards 2.8.0 - Revision 04 ### Added diff --git a/RELEASING.md b/RELEASING.md index e7eed44c7b..148a649ad2 100644 --- a/RELEASING.md +++ b/RELEASING.md @@ -18,7 +18,7 @@ The following files must be updated: - `version`: Combination of version and revision of the plugin: `{version}-{revision}`. - `CHANGELOG.md`: Changelog of the new release. - `plugins/main/common/api-info/endpoints.json`: Data related to endpoints and extracted from server's API specification file -- `plugins/maincommon/api-info/security-actions.json`: Data related to security actions of extracted from server's API specification file +- `plugins/main/common/api-info/security-actions.json`: Data related to security actions of extracted from server's API specification file - Unit tests (when bumping the minor version could fail some tests due to snapshots) To bump the version, see [# Bump](#Bump) diff --git a/docker/kbn-dev/dev.yml b/docker/kbn-dev/dev.yml index a6ee5611df..f01c481224 100755 --- a/docker/kbn-dev/dev.yml +++ b/docker/kbn-dev/dev.yml @@ -54,7 +54,7 @@ services: echo admin | filebeat keystore add username --stdin --force echo ${ELASTIC_PASSWORD}| filebeat keystore add password --stdin --force curl -so /etc/filebeat/wazuh-template.json https://raw.githubusercontent.com/wazuh/wazuh/4.3/extensions/elasticsearch/7.x/wazuh-template.json - curl -s https://packages.wazuh.com/4.x/filebeat/wazuh-filebeat-0.2.tar.gz | tar -xvz -C /usr/share/filebeat/module + curl -s https://packages.wazuh.com/4.x/filebeat/wazuh-filebeat-0.3.tar.gz | tar -xvz -C /usr/share/filebeat/module # copy filebeat to preserve correct permissions without # affecting host filesystem cp /tmp/filebeat.yml /usr/share/filebeat/filebeat.yml diff --git a/docker/osd-dev/dev.yml b/docker/osd-dev/dev.yml index 1d73f28dd5..04a7c00266 100755 --- a/docker/osd-dev/dev.yml +++ b/docker/osd-dev/dev.yml @@ -1,15 +1,15 @@ version: '2.2' -x-logging: &logging - logging: - driver: loki - options: - loki-url: 'http://host.docker.internal:3100/loki/api/v1/push' +# x-logging: &logging +# logging: +# driver: loki +# options: +# loki-url: 'http://host.docker.internal:3100/loki/api/v1/push' services: exporter: image: quay.io/prometheuscommunity/elasticsearch-exporter:latest - <<: *logging + # <<: *logging hostname: exporter-osd-${OS_VERSION} profiles: - 'saml' @@ -24,7 +24,7 @@ services: imposter: image: outofcoffee/imposter - <<: *logging + # <<: *logging hostname: imposter-osd-${OS_VERSION} networks: - os-dev @@ -37,7 +37,7 @@ services: generator: image: cfssl/cfssl - <<: *logging + # <<: *logging profiles: - 'saml' - 'standard' @@ -128,7 +128,7 @@ services: condition: service_completed_successfully required: false image: opensearchproject/opensearch:${OS_VERSION} - <<: *logging + # <<: *logging profiles: - 'saml' - 'standard' @@ -183,7 +183,7 @@ services: networks: - os-dev - mon - <<: *logging + # <<: *logging # restart: always entrypoint: - '/bin/bash' @@ -193,7 +193,7 @@ services: echo admin | filebeat keystore add username --stdin --force echo ${PASSWORD}| filebeat keystore add password --stdin --force curl -so /etc/filebeat/wazuh-template.json https://raw.githubusercontent.com/wazuh/wazuh/4.3/extensions/elasticsearch/7.x/wazuh-template.json - curl -s https://packages.wazuh.com/4.x/filebeat/wazuh-filebeat-0.2.tar.gz | tar -xvz -C /usr/share/filebeat/module + curl -s https://packages.wazuh.com/4.x/filebeat/wazuh-filebeat-0.3.tar.gz | tar -xvz -C /usr/share/filebeat/module # copy filebeat to preserve correct permissions without # affecting host filesystem cp /tmp/filebeat.yml /usr/share/filebeat/filebeat.yml @@ -220,7 +220,7 @@ services: - devel - mon user: '1000:1000' - <<: *logging + # <<: *logging ports: - ${OSD_PORT}:5601 environment: @@ -274,7 +274,7 @@ services: profiles: - 'saml' hostname: idp - <<: *logging + # <<: *logging networks: - os-dev - mon @@ -303,7 +303,7 @@ services: profiles: - 'saml' hostname: idpsetup - <<: *logging + # <<: *logging networks: - os-dev - mon diff --git a/docker/wazuh-4.2-es/pre.yml b/docker/wazuh-4.2-es/pre.yml index 9a642ea5c3..273e304c95 100755 --- a/docker/wazuh-4.2-es/pre.yml +++ b/docker/wazuh-4.2-es/pre.yml @@ -51,7 +51,7 @@ services: echo admin | filebeat keystore add username --stdin --force echo ${ELASTIC_PASSWORD}| filebeat keystore add password --stdin --force curl -so /etc/filebeat/wazuh-template.json https://raw.githubusercontent.com/wazuh/wazuh/4.2/extensions/elasticsearch/7.x/wazuh-template.json - curl -s https://packages.wazuh.com/4.x/filebeat/wazuh-filebeat-0.2.tar.gz | tar -xvz -C /usr/share/filebeat/module + curl -s https://packages.wazuh.com/4.x/filebeat/wazuh-filebeat-0.3.tar.gz | tar -xvz -C /usr/share/filebeat/module # copy filebeat to preserve correct permissions without # affecting host filesystem cp /tmp/filebeat.yml /usr/share/filebeat/filebeat.yml diff --git a/docker/wazuh-4.3-wz/pre.yml b/docker/wazuh-4.3-wz/pre.yml index d71d7b1b5d..b203c39355 100755 --- a/docker/wazuh-4.3-wz/pre.yml +++ b/docker/wazuh-4.3-wz/pre.yml @@ -123,7 +123,7 @@ services: echo admin | filebeat keystore add username --stdin --force echo SecretPassword| filebeat keystore add password --stdin --force curl -so /etc/filebeat/wazuh-template.json https://raw.githubusercontent.com/wazuh/wazuh/4.3/extensions/elasticsearch/7.x/wazuh-template.json - curl -s https://packages.wazuh.com/4.x/filebeat/wazuh-filebeat-0.2.tar.gz | tar -xvz -C /usr/share/filebeat/module + curl -s https://packages.wazuh.com/4.x/filebeat/wazuh-filebeat-0.3.tar.gz | tar -xvz -C /usr/share/filebeat/module # copy filebeat to preserve correct permissions without # affecting host filesystem cp /tmp/filebeat.yml /usr/share/filebeat/filebeat.yml diff --git a/docker/wazuh-4.4-wz/pre.yml b/docker/wazuh-4.4-wz/pre.yml index 441e28c2a1..632a56405a 100755 --- a/docker/wazuh-4.4-wz/pre.yml +++ b/docker/wazuh-4.4-wz/pre.yml @@ -123,7 +123,7 @@ services: echo admin | filebeat keystore add username --stdin --force echo SecretPassword| filebeat keystore add password --stdin --force curl -so /etc/filebeat/wazuh-template.json https://raw.githubusercontent.com/wazuh/wazuh/4.3/extensions/elasticsearch/7.x/wazuh-template.json - curl -s https://packages.wazuh.com/4.x/filebeat/wazuh-filebeat-0.2.tar.gz | tar -xvz -C /usr/share/filebeat/module + curl -s https://packages.wazuh.com/4.x/filebeat/wazuh-filebeat-0.3.tar.gz | tar -xvz -C /usr/share/filebeat/module # copy filebeat to preserve correct permissions without # affecting host filesystem cp /tmp/filebeat.yml /usr/share/filebeat/filebeat.yml diff --git a/docker/wazuh-4.5-wz/pre.yml b/docker/wazuh-4.5-wz/pre.yml index 441e28c2a1..632a56405a 100755 --- a/docker/wazuh-4.5-wz/pre.yml +++ b/docker/wazuh-4.5-wz/pre.yml @@ -123,7 +123,7 @@ services: echo admin | filebeat keystore add username --stdin --force echo SecretPassword| filebeat keystore add password --stdin --force curl -so /etc/filebeat/wazuh-template.json https://raw.githubusercontent.com/wazuh/wazuh/4.3/extensions/elasticsearch/7.x/wazuh-template.json - curl -s https://packages.wazuh.com/4.x/filebeat/wazuh-filebeat-0.2.tar.gz | tar -xvz -C /usr/share/filebeat/module + curl -s https://packages.wazuh.com/4.x/filebeat/wazuh-filebeat-0.3.tar.gz | tar -xvz -C /usr/share/filebeat/module # copy filebeat to preserve correct permissions without # affecting host filesystem cp /tmp/filebeat.yml /usr/share/filebeat/filebeat.yml diff --git a/docker/wazuh-4.x-es/pre.yml b/docker/wazuh-4.x-es/pre.yml index 8a2c65c46b..fa1202432c 100755 --- a/docker/wazuh-4.x-es/pre.yml +++ b/docker/wazuh-4.x-es/pre.yml @@ -51,7 +51,7 @@ services: echo admin | filebeat keystore add username --stdin --force echo ${ELASTIC_PASSWORD}| filebeat keystore add password --stdin --force curl -so /etc/filebeat/wazuh-template.json https://raw.githubusercontent.com/wazuh/wazuh/4.3/extensions/elasticsearch/7.x/wazuh-template.json - curl -s https://packages.wazuh.com/4.x/filebeat/wazuh-filebeat-0.2.tar.gz | tar -xvz -C /usr/share/filebeat/module + curl -s https://packages.wazuh.com/4.x/filebeat/wazuh-filebeat-0.3.tar.gz | tar -xvz -C /usr/share/filebeat/module # copy filebeat to preserve correct permissions without # affecting host filesystem cp /tmp/filebeat.yml /usr/share/filebeat/filebeat.yml diff --git a/plugins/main/common/api-info/endpoints.json b/plugins/main/common/api-info/endpoints.json index 440a61fcf6..b36353c39f 100644 --- a/plugins/main/common/api-info/endpoints.json +++ b/plugins/main/common/api-info/endpoints.json @@ -7,7 +7,9 @@ "documentation": "https://documentation.wazuh.com/4.8/user-manual/api/reference.html#operation/api.controllers.default_controller.default_info", "description": "Return basic information about the API", "summary": "Get API info", - "tags": ["API Info"], + "tags": [ + "API Info" + ], "query": [ { "name": "pretty", @@ -24,7 +26,9 @@ "documentation": "https://documentation.wazuh.com/4.8/user-manual/api/reference.html#operation/api.controllers.agent_controller.get_agents", "description": "Return information about all available agents or a list of them", "summary": "List agents", - "tags": ["Agents"], + "tags": [ + "Agents" + ], "query": [ { "name": "agents_list", @@ -61,7 +65,10 @@ "description": "Agent groups configuration sync status", "schema": { "type": "string", - "enum": ["synced", "not synced"] + "enum": [ + "synced", + "not synced" + ] } }, { @@ -206,7 +213,12 @@ "type": "array", "items": { "type": "string", - "enum": ["active", "pending", "never_connected", "disconnected"] + "enum": [ + "active", + "pending", + "never_connected", + "disconnected" + ] }, "minItems": 1 } @@ -234,7 +246,9 @@ "documentation": "https://documentation.wazuh.com/4.8/user-manual/api/reference.html#operation/api.controllers.agent_controller.get_agent_config", "description": "Return the active configuration the agent is currently using. This can be different from the configuration present in the configuration file, if it has been modified and the agent has not been restarted yet", "summary": "Get active configuration", - "tags": ["Agents"], + "tags": [ + "Agents" + ], "args": [ { "name": ":agent_id", @@ -332,7 +346,9 @@ "documentation": "https://documentation.wazuh.com/4.8/user-manual/api/reference.html#operation/api.controllers.agent_controller.get_daemon_stats", "description": "Return Wazuh statistical information from specified daemons in a specified agent", "summary": "Get Wazuh daemon stats from an agent", - "tags": ["Agents"], + "tags": [ + "Agents" + ], "args": [ { "name": ":agent_id", @@ -354,7 +370,10 @@ "type": "array", "items": { "type": "string", - "enum": ["wazuh-analysisd", "wazuh-remoted"] + "enum": [ + "wazuh-analysisd", + "wazuh-remoted" + ] } } }, @@ -381,7 +400,9 @@ "documentation": "https://documentation.wazuh.com/4.8/user-manual/api/reference.html#operation/api.controllers.agent_controller.get_sync_agent", "description": "Return whether the agent configuration has been synchronized with the agent or not. This can be useful to check after updating a group configuration", "summary": "Get configuration sync status", - "tags": ["Agents"], + "tags": [ + "Agents" + ], "args": [ { "name": ":agent_id", @@ -419,7 +440,9 @@ "documentation": "https://documentation.wazuh.com/4.8/user-manual/api/reference.html#operation/api.controllers.agent_controller.get_agent_key", "description": "Return the key of an agent", "summary": "Get key", - "tags": ["Agents"], + "tags": [ + "Agents" + ], "args": [ { "name": ":agent_id", @@ -457,7 +480,9 @@ "documentation": "https://documentation.wazuh.com/4.8/user-manual/api/reference.html#operation/api.controllers.agent_controller.get_component_stats", "description": "Return Wazuh's {component} statistical information from agent {agent_id}", "summary": "Get agent's component stats", - "tags": ["Agents"], + "tags": [ + "Agents" + ], "args": [ { "name": ":agent_id", @@ -476,7 +501,10 @@ "required": true, "schema": { "type": "string", - "enum": ["logcollector", "agent"] + "enum": [ + "logcollector", + "agent" + ] } } ], @@ -504,7 +532,9 @@ "documentation": "https://documentation.wazuh.com/4.8/user-manual/api/reference.html#operation/api.controllers.agent_controller.get_agent_no_group", "description": "Return a list with all the available agents without an assigned group", "summary": "List agents without group", - "tags": ["Agents"], + "tags": [ + "Agents" + ], "query": [ { "name": "limit", @@ -584,7 +614,9 @@ "documentation": "https://documentation.wazuh.com/4.8/user-manual/api/reference.html#operation/api.controllers.agent_controller.get_agent_outdated", "description": "Return the list of outdated agents", "summary": "List outdated agents", - "tags": ["Agents"], + "tags": [ + "Agents" + ], "query": [ { "name": "limit", @@ -653,7 +685,9 @@ "documentation": "https://documentation.wazuh.com/4.8/user-manual/api/reference.html#operation/api.controllers.agent_controller.get_agent_fields", "description": "Return all the different combinations that agents have for the selected fields. It also indicates the total number of agents that have each combination", "summary": "List agents distinct", - "tags": ["Agents"], + "tags": [ + "Agents" + ], "query": [ { "name": "fields", @@ -733,7 +767,9 @@ "documentation": "https://documentation.wazuh.com/4.8/user-manual/api/reference.html#operation/api.controllers.agent_controller.get_agent_summary_os", "description": "Return a summary of the OS of available agents", "summary": "Summarize agents OS", - "tags": ["Agents"], + "tags": [ + "Agents" + ], "query": [ { "name": "pretty", @@ -758,7 +794,9 @@ "documentation": "https://documentation.wazuh.com/4.8/user-manual/api/reference.html#operation/api.controllers.agent_controller.get_agent_summary_status", "description": "Return a summary of the connection and groups configuration synchronization statuses of available agents", "summary": "Summarize agents status", - "tags": ["Agents"], + "tags": [ + "Agents" + ], "query": [ { "name": "pretty", @@ -783,7 +821,9 @@ "documentation": "https://documentation.wazuh.com/4.8/user-manual/api/reference.html#operation/api.controllers.agent_controller.get_agent_upgrade", "description": "Return the agents upgrade results", "summary": "Get upgrade results", - "tags": ["Agents"], + "tags": [ + "Agents" + ], "query": [ { "name": "agents_list", @@ -909,7 +949,9 @@ "documentation": "https://documentation.wazuh.com/4.8/user-manual/api/reference.html#operation/api.controllers.ciscat_controller.get_agents_ciscat_results", "description": "Return the agent's ciscat results info", "summary": "Get results", - "tags": ["Ciscat"], + "tags": [ + "Ciscat" + ], "args": [ { "name": ":agent_id", @@ -1071,7 +1113,9 @@ "documentation": "https://documentation.wazuh.com/4.8/user-manual/api/reference.html#operation/api.controllers.cluster_controller.get_configuration_node", "description": "Return wazuh configuration used in node {node_id}. The 'section' and 'field' parameters will be ignored if 'raw' parameter is provided.", "summary": "Get node config", - "tags": ["Cluster"], + "tags": [ + "Cluster" + ], "args": [ { "name": ":node_id", @@ -1163,7 +1207,9 @@ "documentation": "https://documentation.wazuh.com/4.8/user-manual/api/reference.html#operation/api.controllers.cluster_controller.get_node_config", "description": "Return the requested configuration in JSON format for the specified node", "summary": "Get node active configuration", - "tags": ["Cluster"], + "tags": [ + "Cluster" + ], "args": [ { "name": ":component", @@ -1259,7 +1305,9 @@ "documentation": "https://documentation.wazuh.com/4.8/user-manual/api/reference.html#operation/api.controllers.cluster_controller.get_daemon_stats_node", "description": "Return Wazuh statistical information from specified daemons in a specified cluster node", "summary": "Get Wazuh daemon stats from a cluster node", - "tags": ["Cluster"], + "tags": [ + "Cluster" + ], "args": [ { "name": ":node_id", @@ -1279,7 +1327,11 @@ "type": "array", "items": { "type": "string", - "enum": ["wazuh-analysisd", "wazuh-remoted", "wazuh-db"] + "enum": [ + "wazuh-analysisd", + "wazuh-remoted", + "wazuh-db" + ] } } }, @@ -1306,7 +1358,9 @@ "documentation": "https://documentation.wazuh.com/4.8/user-manual/api/reference.html#operation/api.controllers.cluster_controller.get_info_node", "description": "Return basic information about a specified node such as version, compilation date, installation path", "summary": "Get node info", - "tags": ["Cluster"], + "tags": [ + "Cluster" + ], "args": [ { "name": ":node_id", @@ -1342,7 +1396,9 @@ "documentation": "https://documentation.wazuh.com/4.8/user-manual/api/reference.html#operation/api.controllers.cluster_controller.get_log_node", "description": "Return the last 2000 wazuh log entries in the specified node", "summary": "Get node logs", - "tags": ["Cluster"], + "tags": [ + "Cluster" + ], "args": [ { "name": ":node_id", @@ -1464,7 +1520,9 @@ "documentation": "https://documentation.wazuh.com/4.8/user-manual/api/reference.html#operation/api.controllers.cluster_controller.get_log_summary_node", "description": "Return a summary of the last 2000 wazuh log entries in the specified node", "summary": "Get node logs summary", - "tags": ["Cluster"], + "tags": [ + "Cluster" + ], "args": [ { "name": ":node_id", @@ -1500,7 +1558,9 @@ "documentation": "https://documentation.wazuh.com/4.8/user-manual/api/reference.html#operation/api.controllers.cluster_controller.get_stats_node", "description": "Return Wazuh statistical information in node {node_id} for the current or specified date", "summary": "Get node stats", - "tags": ["Cluster"], + "tags": [ + "Cluster" + ], "args": [ { "name": ":node_id", @@ -1544,7 +1604,9 @@ "documentation": "https://documentation.wazuh.com/4.8/user-manual/api/reference.html#operation/api.controllers.cluster_controller.get_stats_analysisd_node", "description": "Return Wazuh analysisd statistical information in node {node_id}", "summary": "Get node stats analysisd", - "tags": ["Cluster"], + "tags": [ + "Cluster" + ], "args": [ { "name": ":node_id", @@ -1580,7 +1642,9 @@ "documentation": "https://documentation.wazuh.com/4.8/user-manual/api/reference.html#operation/api.controllers.cluster_controller.get_stats_hourly_node", "description": "Return Wazuh statistical information in node {node_id} per hour. Each number in the averages field represents the average of alerts per hour", "summary": "Get node stats hour", - "tags": ["Cluster"], + "tags": [ + "Cluster" + ], "args": [ { "name": ":node_id", @@ -1616,7 +1680,9 @@ "documentation": "https://documentation.wazuh.com/4.8/user-manual/api/reference.html#operation/api.controllers.cluster_controller.get_stats_remoted_node", "description": "Return Wazuh remoted statistical information in node {node_id}", "summary": "Get node stats remoted", - "tags": ["Cluster"], + "tags": [ + "Cluster" + ], "args": [ { "name": ":node_id", @@ -1652,7 +1718,9 @@ "documentation": "https://documentation.wazuh.com/4.8/user-manual/api/reference.html#operation/api.controllers.cluster_controller.get_stats_weekly_node", "description": "Return Wazuh statistical information in node {node_id} per week. Each number in the averages field represents the average of alerts per hour for that specific day", "summary": "Get node stats week", - "tags": ["Cluster"], + "tags": [ + "Cluster" + ], "args": [ { "name": ":node_id", @@ -1688,7 +1756,9 @@ "documentation": "https://documentation.wazuh.com/4.8/user-manual/api/reference.html#operation/api.controllers.cluster_controller.get_status_node", "description": "Return the status of all Wazuh daemons in node node_id", "summary": "Get node status", - "tags": ["Cluster"], + "tags": [ + "Cluster" + ], "args": [ { "name": ":node_id", @@ -1724,7 +1794,9 @@ "documentation": "https://documentation.wazuh.com/4.8/user-manual/api/reference.html#operation/api.controllers.cluster_controller.get_api_config", "description": "Return the API configuration of all nodes (or a list of them) in JSON format", "summary": "Get nodes API config", - "tags": ["Cluster"], + "tags": [ + "Cluster" + ], "query": [ { "name": "nodes_list", @@ -1759,7 +1831,9 @@ "documentation": "https://documentation.wazuh.com/4.8/user-manual/api/reference.html#operation/api.controllers.cluster_controller.get_conf_validation", "description": "Return whether the Wazuh configuration is correct or not in all cluster nodes or a list of them", "summary": "Check nodes config", - "tags": ["Cluster"], + "tags": [ + "Cluster" + ], "query": [ { "name": "nodes_list", @@ -1794,7 +1868,9 @@ "documentation": "https://documentation.wazuh.com/4.8/user-manual/api/reference.html#operation/api.controllers.cluster_controller.get_healthcheck", "description": "Return cluster healthcheck information for all nodes or a list of them. Such information includes last keep alive, last synchronization time and number of agents reporting on each node", "summary": "Get nodes healthcheck", - "tags": ["Cluster"], + "tags": [ + "Cluster" + ], "query": [ { "name": "nodes_list", @@ -1829,7 +1905,9 @@ "documentation": "https://documentation.wazuh.com/4.8/user-manual/api/reference.html#operation/api.controllers.cluster_controller.get_config", "description": "Return the current node cluster configuration", "summary": "Get local node config", - "tags": ["Cluster"], + "tags": [ + "Cluster" + ], "query": [ { "name": "pretty", @@ -1854,7 +1932,9 @@ "documentation": "https://documentation.wazuh.com/4.8/user-manual/api/reference.html#operation/api.controllers.cluster_controller.get_cluster_node", "description": "Return basic information about the cluster node receiving the request", "summary": "Get local node info", - "tags": ["Cluster"], + "tags": [ + "Cluster" + ], "query": [ { "name": "pretty", @@ -1879,7 +1959,9 @@ "documentation": "https://documentation.wazuh.com/4.8/user-manual/api/reference.html#operation/api.controllers.cluster_controller.get_cluster_nodes", "description": "Get information about all nodes in the cluster or a list of them", "summary": "Get nodes info", - "tags": ["Cluster"], + "tags": [ + "Cluster" + ], "query": [ { "name": "distinct", @@ -1967,7 +2049,10 @@ "description": "Filter by node type", "schema": { "type": "string", - "enum": ["worker", "master"] + "enum": [ + "worker", + "master" + ] } }, { @@ -1985,7 +2070,9 @@ "documentation": "https://documentation.wazuh.com/4.8/user-manual/api/reference.html#operation/api.controllers.cluster_controller.get_nodes_ruleset_sync_status", "description": "Return ruleset synchronization status for all nodes or a list of them. This synchronization only covers the user custom ruleset", "summary": "Get cluster nodes ruleset synchronization status", - "tags": ["Cluster"], + "tags": [ + "Cluster" + ], "query": [ { "name": "nodes_list", @@ -2020,7 +2107,9 @@ "documentation": "https://documentation.wazuh.com/4.8/user-manual/api/reference.html#operation/api.controllers.cluster_controller.get_status", "description": "Return information about the cluster status", "summary": "Get cluster status", - "tags": ["Cluster"], + "tags": [ + "Cluster" + ], "query": [ { "name": "pretty", @@ -2045,7 +2134,9 @@ "documentation": "https://documentation.wazuh.com/4.8/user-manual/api/reference.html#operation/api.controllers.decoder_controller.get_decoders", "description": "Return information about all decoders included in ossec.conf. This information include decoder's route, decoder's name, decoder's file among others", "summary": "List decoders", - "tags": ["Decoders"], + "tags": [ + "Decoders" + ], "query": [ { "name": "decoder_names", @@ -2153,7 +2244,11 @@ "description": "Filter by list status. Use commas to enter multiple statuses", "schema": { "type": "string", - "enum": ["enabled", "disabled", "all"], + "enum": [ + "enabled", + "disabled", + "all" + ], "minItems": 1 } }, @@ -2172,7 +2267,9 @@ "documentation": "https://documentation.wazuh.com/4.8/user-manual/api/reference.html#operation/api.controllers.decoder_controller.get_decoders_files", "description": "Return information about all decoders files used in Wazuh. This information include decoder's file, decoder's route and decoder's status among others", "summary": "Get files", - "tags": ["Decoders"], + "tags": [ + "Decoders" + ], "query": [ { "name": "distinct", @@ -2269,7 +2366,11 @@ "description": "Filter by list status. Use commas to enter multiple statuses", "schema": { "type": "string", - "enum": ["enabled", "disabled", "all"], + "enum": [ + "enabled", + "disabled", + "all" + ], "minItems": 1 } }, @@ -2288,7 +2389,9 @@ "documentation": "https://documentation.wazuh.com/4.8/user-manual/api/reference.html#operation/api.controllers.decoder_controller.get_file", "description": "Get the content of a specified decoder file", "summary": "Get decoders file content", - "tags": ["Decoders"], + "tags": [ + "Decoders" + ], "args": [ { "name": ":filename", @@ -2340,7 +2443,9 @@ "documentation": "https://documentation.wazuh.com/4.8/user-manual/api/reference.html#operation/api.controllers.decoder_controller.get_decoders_parents", "description": "Return information about all parent decoders. A parent decoder is a decoder used as base of other decoders", "summary": "Get parent decoders", - "tags": ["Decoders"], + "tags": [ + "Decoders" + ], "query": [ { "name": "limit", @@ -2413,7 +2518,9 @@ "documentation": "https://documentation.wazuh.com/4.8/user-manual/api/reference.html#operation/api.controllers.experimental_controller.get_cis_cat_results", "description": "Return CIS-CAT results for all agents or a list of them", "summary": "Get agents CIS-CAT results", - "tags": ["Experimental"], + "tags": [ + "Experimental" + ], "query": [ { "name": "agents_list", @@ -2568,7 +2675,9 @@ "documentation": "https://documentation.wazuh.com/4.8/user-manual/api/reference.html#operation/api.controllers.experimental_controller.get_hardware_info", "description": "Return all agents (or a list of them) hardware info. This information include cpu, ram, scan info among others of all agents", "summary": "Get agents hardware", - "tags": ["Experimental"], + "tags": [ + "Experimental" + ], "query": [ { "name": "agents_list", @@ -2705,7 +2814,9 @@ "documentation": "https://documentation.wazuh.com/4.8/user-manual/api/reference.html#operation/api.controllers.experimental_controller.get_hotfixes_info", "description": "Return all agents (or a list of them) hotfixes info", "summary": "Get agents hotfixes", - "tags": ["Experimental"], + "tags": [ + "Experimental" + ], "query": [ { "name": "agents_list", @@ -2798,7 +2909,9 @@ "documentation": "https://documentation.wazuh.com/4.8/user-manual/api/reference.html#operation/api.controllers.experimental_controller.get_network_address_info", "description": "Return all agents (or a list of them) IPv4 and IPv6 addresses associated to their network interfaces. This information include used IP protocol, interface, and IP address among others", "summary": "Get agents netaddr", - "tags": ["Experimental"], + "tags": [ + "Experimental" + ], "query": [ { "name": "address", @@ -2916,7 +3029,9 @@ "documentation": "https://documentation.wazuh.com/4.8/user-manual/api/reference.html#operation/api.controllers.experimental_controller.get_network_interface_info", "description": "Return all agents (or a list of them) network interfaces. This information includes rx, scan, tx info and some network information among other", "summary": "Get agents netiface", - "tags": ["Experimental"], + "tags": [ + "Experimental" + ], "query": [ { "name": "adapter", @@ -3115,7 +3230,9 @@ "documentation": "https://documentation.wazuh.com/4.8/user-manual/api/reference.html#operation/api.controllers.experimental_controller.get_network_protocol_info", "description": "Return all agents (or a list of them) routing configuration for each network interface. This information includes interface, type protocol information among other", "summary": "Get agents netproto", - "tags": ["Experimental"], + "tags": [ + "Experimental" + ], "query": [ { "name": "agents_list", @@ -3136,7 +3253,12 @@ "schema": { "type": "string", "description": "DHCP status", - "enum": ["enabled", "disabled", "unknown", "BOOTP"] + "enum": [ + "enabled", + "disabled", + "unknown", + "BOOTP" + ] } }, { @@ -3234,7 +3356,9 @@ "documentation": "https://documentation.wazuh.com/4.8/user-manual/api/reference.html#operation/api.controllers.experimental_controller.get_os_info", "description": "Return all agents (or a list of them) OS info. This information includes os information, architecture information among other", "summary": "Get agents OS", - "tags": ["Experimental"], + "tags": [ + "Experimental" + ], "query": [ { "name": "agents_list", @@ -3360,7 +3484,9 @@ "documentation": "https://documentation.wazuh.com/4.8/user-manual/api/reference.html#operation/api.controllers.experimental_controller.get_packages_info", "description": "Return all agents (or a list of them) packages info. This information includes name, section, size, and priority information of all packages among other", "summary": "Get agents packages", - "tags": ["Experimental"], + "tags": [ + "Experimental" + ], "query": [ { "name": "agents_list", @@ -3484,7 +3610,9 @@ "documentation": "https://documentation.wazuh.com/4.8/user-manual/api/reference.html#operation/api.controllers.experimental_controller.get_ports_info", "description": "Return all agents (or a list of them) ports info. This information includes local IP, Remote IP, protocol information among other", "summary": "Get agents ports", - "tags": ["Experimental"], + "tags": [ + "Experimental" + ], "query": [ { "name": "agents_list", @@ -3634,7 +3762,9 @@ "documentation": "https://documentation.wazuh.com/4.8/user-manual/api/reference.html#operation/api.controllers.experimental_controller.get_processes_info", "description": "Return all agents (or a list of them) processes info", "summary": "Get agents processes", - "tags": ["Experimental"], + "tags": [ + "Experimental" + ], "query": [ { "name": "agents_list", @@ -3832,7 +3962,9 @@ "documentation": "https://documentation.wazuh.com/4.8/user-manual/api/reference.html#operation/api.controllers.agent_controller.get_list_group", "description": "Get information about all groups or a list of them. Returns a list containing basic information about each group such as number of agents belonging to the group and the checksums of the configuration and shared files", "summary": "Get groups", - "tags": ["Groups"], + "tags": [ + "Groups" + ], "query": [ { "name": "distinct", @@ -3953,7 +4085,9 @@ "documentation": "https://documentation.wazuh.com/4.8/user-manual/api/reference.html#operation/api.controllers.agent_controller.get_agents_in_group", "description": "Return the list of agents that belong to the specified group", "summary": "Get agents in a group", - "tags": ["Groups"], + "tags": [ + "Groups" + ], "args": [ { "name": ":group_id", @@ -4045,7 +4179,12 @@ "type": "array", "items": { "type": "string", - "enum": ["active", "pending", "never_connected", "disconnected"] + "enum": [ + "active", + "pending", + "never_connected", + "disconnected" + ] }, "minItems": 1 } @@ -4065,7 +4204,9 @@ "documentation": "https://documentation.wazuh.com/4.8/user-manual/api/reference.html#operation/api.controllers.agent_controller.get_group_config", "description": "Return the group configuration defined in the `agent.conf` file", "summary": "Get group configuration", - "tags": ["Groups"], + "tags": [ + "Groups" + ], "args": [ { "name": ":group_id", @@ -4123,7 +4264,9 @@ "documentation": "https://documentation.wazuh.com/4.8/user-manual/api/reference.html#operation/api.controllers.agent_controller.get_group_files", "description": "Return the files placed under the group directory", "summary": "Get group files", - "tags": ["Groups"], + "tags": [ + "Groups" + ], "args": [ { "name": ":group_id", @@ -4244,7 +4387,9 @@ "documentation": "https://documentation.wazuh.com/4.8/user-manual/api/reference.html#operation/api.controllers.agent_controller.get_group_file_json", "description": "Return the content of the specified group file parsed to JSON", "summary": "Get a file in group", - "tags": ["Groups"], + "tags": [ + "Groups" + ], "args": [ { "name": ":file_name", @@ -4282,7 +4427,12 @@ "type": "array", "items": { "type": "string", - "enum": ["conf", "rootkit_files", "rootkit_trojans", "rcl"] + "enum": [ + "conf", + "rootkit_files", + "rootkit_trojans", + "rcl" + ] } } }, @@ -4301,7 +4451,9 @@ "documentation": "https://documentation.wazuh.com/4.8/user-manual/api/reference.html#operation/api.controllers.agent_controller.get_group_file_xml", "description": "Return the contents of the specified group file parsed to XML", "summary": "Get a file in group", - "tags": ["Groups"], + "tags": [ + "Groups" + ], "args": [ { "name": ":file_name", @@ -4339,7 +4491,12 @@ "type": "array", "items": { "type": "string", - "enum": ["conf", "rootkit_files", "rootkit_trojans", "rcl"] + "enum": [ + "conf", + "rootkit_files", + "rootkit_trojans", + "rcl" + ] } } }, @@ -4358,7 +4515,9 @@ "documentation": "https://documentation.wazuh.com/4.8/user-manual/api/reference.html#operation/api.controllers.cdb_list_controller.get_lists", "description": "Return the contents of all CDB lists. Optionally, the result can be filtered by several criteria. See available parameters for more details", "summary": "Get CDB lists info", - "tags": ["Lists"], + "tags": [ + "Lists" + ], "query": [ { "name": "distinct", @@ -4465,7 +4624,9 @@ "documentation": "https://documentation.wazuh.com/4.8/user-manual/api/reference.html#operation/api.controllers.cdb_list_controller.get_lists_files", "description": "Return the path from all CDB lists. Use this method to know all the CDB lists and their location in the filesystem relative to Wazuh installation folder", "summary": "Get CDB lists files", - "tags": ["Lists"], + "tags": [ + "Lists" + ], "query": [ { "name": "filename", @@ -4546,7 +4707,9 @@ "documentation": "https://documentation.wazuh.com/4.8/user-manual/api/reference.html#operation/api.controllers.cdb_list_controller.get_file", "description": "Return the content of a CDB list file. Only the filename can be specified. It will be searched recursively if not found", "summary": "Get CDB list file content", - "tags": ["Lists"], + "tags": [ + "Lists" + ], "args": [ { "name": ":filename", @@ -4590,7 +4753,9 @@ "documentation": "https://documentation.wazuh.com/4.8/user-manual/api/reference.html#operation/api.controllers.manager_controller.get_api_config", "description": "Return the local API configuration in JSON format", "summary": "Get API config", - "tags": ["Manager"], + "tags": [ + "Manager" + ], "query": [ { "name": "pretty", @@ -4615,7 +4780,9 @@ "documentation": "https://documentation.wazuh.com/4.8/user-manual/api/reference.html#operation/api.controllers.manager_controller.get_configuration", "description": "Return wazuh configuration used. The 'section' and 'field' parameters will be ignored if 'raw' parameter is provided.", "summary": "Get configuration", - "tags": ["Manager"], + "tags": [ + "Manager" + ], "query": [ { "name": "distinct", @@ -4704,7 +4871,9 @@ "documentation": "https://documentation.wazuh.com/4.8/user-manual/api/reference.html#operation/api.controllers.manager_controller.get_manager_config_ondemand", "description": "Return the requested active configuration in JSON format", "summary": "Get active configuration", - "tags": ["Manager"], + "tags": [ + "Manager" + ], "args": [ { "name": ":component", @@ -4791,7 +4960,9 @@ "documentation": "https://documentation.wazuh.com/4.8/user-manual/api/reference.html#operation/api.controllers.manager_controller.get_conf_validation", "description": "Return whether the Wazuh configuration is correct", "summary": "Check config", - "tags": ["Manager"], + "tags": [ + "Manager" + ], "query": [ { "name": "pretty", @@ -4816,7 +4987,9 @@ "documentation": "https://documentation.wazuh.com/4.8/user-manual/api/reference.html#operation/api.controllers.manager_controller.get_daemon_stats", "description": "Return Wazuh statistical information from specified daemons", "summary": "Get Wazuh daemon stats", - "tags": ["Manager"], + "tags": [ + "Manager" + ], "query": [ { "name": "daemons_list", @@ -4825,7 +4998,11 @@ "type": "array", "items": { "type": "string", - "enum": ["wazuh-analysisd", "wazuh-remoted", "wazuh-db"] + "enum": [ + "wazuh-analysisd", + "wazuh-remoted", + "wazuh-db" + ] } } }, @@ -4852,7 +5029,9 @@ "documentation": "https://documentation.wazuh.com/4.8/user-manual/api/reference.html#operation/api.controllers.manager_controller.get_info", "description": "Return basic information such as version, compilation date, installation path", "summary": "Get information", - "tags": ["Manager"], + "tags": [ + "Manager" + ], "query": [ { "name": "pretty", @@ -4877,7 +5056,9 @@ "documentation": "https://documentation.wazuh.com/4.8/user-manual/api/reference.html#operation/api.controllers.manager_controller.get_log", "description": "Return the last 2000 wazuh log entries", "summary": "Get logs", - "tags": ["Manager"], + "tags": [ + "Manager" + ], "query": [ { "name": "distinct", @@ -4988,7 +5169,9 @@ "documentation": "https://documentation.wazuh.com/4.8/user-manual/api/reference.html#operation/api.controllers.manager_controller.get_log_summary", "description": "Return a summary of the last 2000 wazuh log entries", "summary": "Get logs summary", - "tags": ["Manager"], + "tags": [ + "Manager" + ], "query": [ { "name": "pretty", @@ -5013,7 +5196,9 @@ "documentation": "https://documentation.wazuh.com/4.8/user-manual/api/reference.html#operation/api.controllers.manager_controller.get_stats", "description": "Return Wazuh statistical information for the current or specified date", "summary": "Get stats", - "tags": ["Manager"], + "tags": [ + "Manager" + ], "query": [ { "name": "date", @@ -5046,7 +5231,9 @@ "documentation": "https://documentation.wazuh.com/4.8/user-manual/api/reference.html#operation/api.controllers.manager_controller.get_stats_analysisd", "description": "Return Wazuh analysisd statistical information", "summary": "Get stats analysisd", - "tags": ["Manager"], + "tags": [ + "Manager" + ], "query": [ { "name": "pretty", @@ -5071,7 +5258,9 @@ "documentation": "https://documentation.wazuh.com/4.8/user-manual/api/reference.html#operation/api.controllers.manager_controller.get_stats_hourly", "description": "Return Wazuh statistical information per hour. Each number in the averages field represents the average of alerts per hour", "summary": "Get stats hour", - "tags": ["Manager"], + "tags": [ + "Manager" + ], "query": [ { "name": "pretty", @@ -5096,7 +5285,9 @@ "documentation": "https://documentation.wazuh.com/4.8/user-manual/api/reference.html#operation/api.controllers.manager_controller.get_stats_remoted", "description": "Return Wazuh remoted statistical information", "summary": "Get stats remoted", - "tags": ["Manager"], + "tags": [ + "Manager" + ], "query": [ { "name": "pretty", @@ -5121,7 +5312,9 @@ "documentation": "https://documentation.wazuh.com/4.8/user-manual/api/reference.html#operation/api.controllers.manager_controller.get_stats_weekly", "description": "Return Wazuh statistical information per week. Each number in the averages field represents the average of alerts per hour for that specific day", "summary": "Get stats week", - "tags": ["Manager"], + "tags": [ + "Manager" + ], "query": [ { "name": "pretty", @@ -5146,32 +5339,9 @@ "documentation": "https://documentation.wazuh.com/4.8/user-manual/api/reference.html#operation/api.controllers.manager_controller.get_status", "description": "Return the status of all Wazuh daemons", "summary": "Get status", - "tags": ["Manager"], - "query": [ - { - "name": "pretty", - "description": "Show results in human-readable format", - "schema": { - "type": "boolean", - "default": false - } - }, - { - "name": "wait_for_complete", - "description": "Disable timeout response", - "schema": { - "type": "boolean", - "default": false - } - } - ] - }, - { - "name": "/manager/version/check", - "documentation": "https://documentation.wazuh.com/4.8/user-manual/api/reference.html#operation/api_controllers_manager_controller_get_available_updates", - "description": "Return the version of the API and the available updates", - "summary": "Get available updates", - "tags": ["Manager"], + "tags": [ + "Manager" + ], "query": [ { "name": "pretty", @@ -5196,7 +5366,9 @@ "documentation": "https://documentation.wazuh.com/4.8/user-manual/api/reference.html#operation/api.controllers.mitre_controller.get_groups", "description": "Return the groups from MITRE database", "summary": "Get MITRE groups", - "tags": ["MITRE"], + "tags": [ + "MITRE" + ], "query": [ { "name": "distinct", @@ -5295,7 +5467,9 @@ "documentation": "https://documentation.wazuh.com/4.8/user-manual/api/reference.html#operation/api.controllers.mitre_controller.get_metadata", "description": "Return the metadata from MITRE database", "summary": "Get MITRE metadata", - "tags": ["MITRE"], + "tags": [ + "MITRE" + ], "query": [ { "name": "pretty", @@ -5320,7 +5494,9 @@ "documentation": "https://documentation.wazuh.com/4.8/user-manual/api/reference.html#operation/api.controllers.mitre_controller.get_mitigations", "description": "Return the mitigations from MITRE database", "summary": "Get MITRE mitigations", - "tags": ["MITRE"], + "tags": [ + "MITRE" + ], "query": [ { "name": "distinct", @@ -5419,7 +5595,9 @@ "documentation": "https://documentation.wazuh.com/4.8/user-manual/api/reference.html#operation/api.controllers.mitre_controller.get_references", "description": "Return the references from MITRE database", "summary": "Get MITRE references", - "tags": ["MITRE"], + "tags": [ + "MITRE" + ], "query": [ { "name": "limit", @@ -5510,7 +5688,9 @@ "documentation": "https://documentation.wazuh.com/4.8/user-manual/api/reference.html#operation/api.controllers.mitre_controller.get_software", "description": "Return the software from MITRE database", "summary": "Get MITRE software", - "tags": ["MITRE"], + "tags": [ + "MITRE" + ], "query": [ { "name": "distinct", @@ -5609,7 +5789,9 @@ "documentation": "https://documentation.wazuh.com/4.8/user-manual/api/reference.html#operation/api.controllers.mitre_controller.get_tactics", "description": "Return the tactics from MITRE database", "summary": "Get MITRE tactics", - "tags": ["MITRE"], + "tags": [ + "MITRE" + ], "query": [ { "name": "distinct", @@ -5708,7 +5890,9 @@ "documentation": "https://documentation.wazuh.com/4.8/user-manual/api/reference.html#operation/api.controllers.mitre_controller.get_techniques", "description": "Return the techniques from MITRE database", "summary": "Get MITRE techniques", - "tags": ["MITRE"], + "tags": [ + "MITRE" + ], "query": [ { "name": "distinct", @@ -5807,7 +5991,9 @@ "documentation": "https://documentation.wazuh.com/4.8/user-manual/api/reference.html#operation/api.controllers.overview_controller.get_overview_agents", "description": "Return a dictionary with a full agents overview", "summary": "Get agents overview", - "tags": ["Overview"], + "tags": [ + "Overview" + ], "query": [ { "name": "pretty", @@ -5832,7 +6018,9 @@ "documentation": "https://documentation.wazuh.com/4.8/user-manual/api/reference.html#operation/api.controllers.rootcheck_controller.get_rootcheck_agent", "description": "Return the rootcheck database of an agent", "summary": "Get results", - "tags": ["Rootcheck"], + "tags": [ + "Rootcheck" + ], "args": [ { "name": ":agent_id", @@ -5957,7 +6145,9 @@ "documentation": "https://documentation.wazuh.com/4.8/user-manual/api/reference.html#operation/api.controllers.rootcheck_controller.get_last_scan_agent", "description": "Return the timestamp of the last rootcheck scan of an agent", "summary": "Get last scan datetime", - "tags": ["Rootcheck"], + "tags": [ + "Rootcheck" + ], "args": [ { "name": ":agent_id", @@ -5995,7 +6185,9 @@ "documentation": "https://documentation.wazuh.com/4.8/user-manual/api/reference.html#operation/api.controllers.rule_controller.get_rules", "description": "Return a list containing information about each rule such as file where it's defined, description, rule group, status, etc", "summary": "List rules", - "tags": ["Rules"], + "tags": [ + "Rules" + ], "query": [ { "name": "distinct", @@ -6168,7 +6360,11 @@ "description": "Filter by list status. Use commas to enter multiple statuses", "schema": { "type": "string", - "enum": ["enabled", "disabled", "all"], + "enum": [ + "enabled", + "disabled", + "all" + ], "minItems": 1 } }, @@ -6195,7 +6391,9 @@ "documentation": "https://documentation.wazuh.com/4.8/user-manual/api/reference.html#operation/api.controllers.rule_controller.get_rules_files", "description": "Return a list containing all files used to define rules and their status", "summary": "Get files", - "tags": ["Rules"], + "tags": [ + "Rules" + ], "query": [ { "name": "distinct", @@ -6292,7 +6490,11 @@ "description": "Filter by list status. Use commas to enter multiple statuses", "schema": { "type": "string", - "enum": ["enabled", "disabled", "all"], + "enum": [ + "enabled", + "disabled", + "all" + ], "minItems": 1 } }, @@ -6311,7 +6513,9 @@ "documentation": "https://documentation.wazuh.com/4.8/user-manual/api/reference.html#operation/api.controllers.rule_controller.get_file", "description": "Get the content of a specified rule in the ruleset", "summary": "Get rules file content", - "tags": ["Rules"], + "tags": [ + "Rules" + ], "args": [ { "name": ":filename", @@ -6363,7 +6567,9 @@ "documentation": "https://documentation.wazuh.com/4.8/user-manual/api/reference.html#operation/api.controllers.rule_controller.get_rules_groups", "description": "Return a list containing all rule groups names", "summary": "Get groups", - "tags": ["Rules"], + "tags": [ + "Rules" + ], "query": [ { "name": "limit", @@ -6425,7 +6631,9 @@ "documentation": "https://documentation.wazuh.com/4.8/user-manual/api/reference.html#operation/api.controllers.rule_controller.get_rules_requirement", "description": "Return all specified requirement names defined in the Wazuh ruleset", "summary": "Get requirements", - "tags": ["Rules"], + "tags": [ + "Rules" + ], "args": [ { "name": ":requirement", @@ -6505,7 +6713,9 @@ "documentation": "https://documentation.wazuh.com/4.8/user-manual/api/reference.html#operation/api.controllers.sca_controller.get_sca_agent", "description": "Return the security SCA database of an agent", "summary": "Get results", - "tags": ["SCA"], + "tags": [ + "SCA" + ], "args": [ { "name": ":agent_id", @@ -6628,7 +6838,9 @@ "documentation": "https://documentation.wazuh.com/4.8/user-manual/api/reference.html#operation/api.controllers.sca_controller.get_sca_checks", "description": "Return the policy monitoring alerts for a given policy", "summary": "Get policy checks", - "tags": ["SCA"], + "tags": [ + "SCA" + ], "args": [ { "name": ":agent_id", @@ -6839,7 +7051,9 @@ "documentation": "https://documentation.wazuh.com/4.8/user-manual/api/reference.html#operation/api.controllers.security_controller.get_rbac_actions", "description": "Get all RBAC actions, including the potential related resources and endpoints.", "summary": "List RBAC actions", - "tags": ["Security"], + "tags": [ + "Security" + ], "query": [ { "name": "endpoint", @@ -6863,7 +7077,9 @@ "documentation": "https://documentation.wazuh.com/4.8/user-manual/api/reference.html#operation/api.controllers.security_controller.get_security_config", "description": "Return the security configuration in JSON format", "summary": "Get security config", - "tags": ["Security"], + "tags": [ + "Security" + ], "query": [ { "name": "pretty", @@ -6888,7 +7104,9 @@ "documentation": "https://documentation.wazuh.com/4.8/user-manual/api/reference.html#operation/api.controllers.security_controller.get_policies", "description": "Get all policies in the system, including the administrator policy", "summary": "List policies", - "tags": ["Security"], + "tags": [ + "Security" + ], "query": [ { "name": "distinct", @@ -6988,7 +7206,9 @@ "documentation": "https://documentation.wazuh.com/4.8/user-manual/api/reference.html#operation/api.controllers.security_controller.get_rbac_resources", "description": "This method should be called to get all current defined RBAC resources.", "summary": "List RBAC resources", - "tags": ["Security"], + "tags": [ + "Security" + ], "query": [ { "name": "pretty", @@ -7025,7 +7245,9 @@ "documentation": "https://documentation.wazuh.com/4.8/user-manual/api/reference.html#operation/api.controllers.security_controller.get_roles", "description": "For a specific list, indicate the ids separated by commas. Example: ?role_ids=1,2,3", "summary": "List roles", - "tags": ["Security"], + "tags": [ + "Security" + ], "query": [ { "name": "distinct", @@ -7125,7 +7347,9 @@ "documentation": "https://documentation.wazuh.com/4.8/user-manual/api/reference.html#operation/api.controllers.security_controller.get_rules", "description": "Get a list of security rules from the system or all of them. These rules must be mapped with roles to obtain certain access privileges. For a specific list, indicate the ids separated by commas. Example: ?rule_ids=1,2,3", "summary": "List security rules", - "tags": ["Security"], + "tags": [ + "Security" + ], "query": [ { "name": "distinct", @@ -7225,7 +7449,9 @@ "documentation": "https://documentation.wazuh.com/4.8/user-manual/api/reference.html#operation/api.controllers.security_controller.deprecated_login_user", "description": "This method should be called to get an API token. This token will expire after auth_token_exp_timeout seconds (default: 900). This value can be changed using PUT /security/config", "summary": "Login", - "tags": ["Security"], + "tags": [ + "Security" + ], "query": [ { "name": "raw", @@ -7242,7 +7468,9 @@ "documentation": "https://documentation.wazuh.com/4.8/user-manual/api/reference.html#operation/api.controllers.security_controller.get_users", "description": "Get the information of a specified user", "summary": "List users", - "tags": ["Security"], + "tags": [ + "Security" + ], "query": [ { "name": "distinct", @@ -7342,7 +7570,9 @@ "documentation": "https://documentation.wazuh.com/4.8/user-manual/api/reference.html#operation/api.controllers.security_controller.get_user_me", "description": "Get the information of the current user", "summary": "Get current user info", - "tags": ["Security"], + "tags": [ + "Security" + ], "query": [ { "name": "pretty", @@ -7367,7 +7597,9 @@ "documentation": "https://documentation.wazuh.com/4.8/user-manual/api/reference.html#operation/api.controllers.security_controller.get_user_me_policies", "description": "Get the processed policies information for the current user", "summary": "Get current user processed policies", - "tags": ["Security"], + "tags": [ + "Security" + ], "query": [ { "name": "pretty", @@ -7384,7 +7616,9 @@ "documentation": "https://documentation.wazuh.com/4.8/user-manual/api/reference.html#operation/api.controllers.syscheck_controller.get_syscheck_agent", "description": "Return FIM findings in the specified agent", "summary": "Get results", - "tags": ["Syscheck"], + "tags": [ + "Syscheck" + ], "args": [ { "name": ":agent_id", @@ -7404,7 +7638,10 @@ "description": "Filter by architecture", "schema": { "type": "string", - "enum": ["[x32]", "[x64]"] + "enum": [ + "[x32]", + "[x64]" + ] } }, { @@ -7531,7 +7768,11 @@ "description": "Filter by file type. Registry_key and registry_value types are only available in Windows agents", "schema": { "type": "string", - "enum": ["file", "registry_key", "registry_value"] + "enum": [ + "file", + "registry_key", + "registry_value" + ] } }, { @@ -7565,7 +7806,9 @@ "documentation": "https://documentation.wazuh.com/4.8/user-manual/api/reference.html#operation/api.controllers.syscheck_controller.get_last_scan_agent", "description": "Return when the last syscheck scan started and ended. If the scan is still in progress the end date will be unknown", "summary": "Get last scan datetime", - "tags": ["Syscheck"], + "tags": [ + "Syscheck" + ], "args": [ { "name": ":agent_id", @@ -7603,7 +7846,9 @@ "documentation": "https://documentation.wazuh.com/4.8/user-manual/api/reference.html#operation/api.controllers.syscollector_controller.get_hardware_info", "description": "Return the agent's hardware info. This information include cpu, ram, scan info among others", "summary": "Get agent hardware", - "tags": ["Syscollector"], + "tags": [ + "Syscollector" + ], "args": [ { "name": ":agent_id", @@ -7652,7 +7897,9 @@ "documentation": "https://documentation.wazuh.com/4.8/user-manual/api/reference.html#operation/api.controllers.syscollector_controller.get_hotfix_info", "description": "Return all hotfixes installed by Microsoft(R) in Windows(R) systems (KB... fixes)", "summary": "Get agent hotfixes", - "tags": ["Syscollector"], + "tags": [ + "Syscollector" + ], "args": [ { "name": ":agent_id", @@ -7760,7 +8007,9 @@ "documentation": "https://documentation.wazuh.com/4.8/user-manual/api/reference.html#operation/api.controllers.syscollector_controller.get_network_address_info", "description": "Return the agent's network address info. This information include used IP protocol, interface, IP address among others", "summary": "Get agent netaddr", - "tags": ["Syscollector"], + "tags": [ + "Syscollector" + ], "args": [ { "name": ":agent_id", @@ -7901,7 +8150,9 @@ "documentation": "https://documentation.wazuh.com/4.8/user-manual/api/reference.html#operation/api.controllers.syscollector_controller.get_network_interface_info", "description": "Return the agent's network interface info. This information include rx, scan, tx info and some network information among others", "summary": "Get agent netiface", - "tags": ["Syscollector"], + "tags": [ + "Syscollector" + ], "args": [ { "name": ":agent_id", @@ -8114,7 +8365,9 @@ "documentation": "https://documentation.wazuh.com/4.8/user-manual/api/reference.html#operation/api.controllers.syscollector_controller.get_network_protocol_info", "description": "Return the agent's routing configuration for each network interface", "summary": "Get agent netproto", - "tags": ["Syscollector"], + "tags": [ + "Syscollector" + ], "args": [ { "name": ":agent_id", @@ -8135,15 +8388,12 @@ "schema": { "type": "string", "description": "DHCP status", - "enum": ["enabled", "disabled", "unknown", "BOOTP"] - } - }, - { - "name": "distinct", - "description": "Look for distinct values.", - "schema": { - "type": "boolean", - "default": false + "enum": [ + "enabled", + "disabled", + "unknown", + "BOOTP" + ] } }, { @@ -8256,7 +8506,9 @@ "documentation": "https://documentation.wazuh.com/4.8/user-manual/api/reference.html#operation/api.controllers.syscollector_controller.get_os_info", "description": "Return the agent's OS info. This information include os information, architecture information among others of all agents", "summary": "Get agent OS", - "tags": ["Syscollector"], + "tags": [ + "Syscollector" + ], "args": [ { "name": ":agent_id", @@ -8305,7 +8557,9 @@ "documentation": "https://documentation.wazuh.com/4.8/user-manual/api/reference.html#operation/api.controllers.syscollector_controller.get_packages_info", "description": "Return the agent's packages info. This information include name, section, size, priority information of all packages among others", "summary": "Get agent packages", - "tags": ["Syscollector"], + "tags": [ + "Syscollector" + ], "args": [ { "name": ":agent_id", @@ -8444,7 +8698,9 @@ "documentation": "https://documentation.wazuh.com/4.8/user-manual/api/reference.html#operation/api.controllers.syscollector_controller.get_ports_info", "description": "Return the agent's ports info. This information include local IP, Remote IP, protocol information among others", "summary": "Get agent ports", - "tags": ["Syscollector"], + "tags": [ + "Syscollector" + ], "args": [ { "name": ":agent_id", @@ -8609,7 +8865,9 @@ "documentation": "https://documentation.wazuh.com/4.8/user-manual/api/reference.html#operation/api.controllers.syscollector_controller.get_processes_info", "description": "Return the agent's processes info", "summary": "Get agent processes", - "tags": ["Syscollector"], + "tags": [ + "Syscollector" + ], "args": [ { "name": ":agent_id", @@ -8822,7 +9080,9 @@ "documentation": "https://documentation.wazuh.com/4.8/user-manual/api/reference.html#operation/api.controllers.task_controller.get_tasks_status", "description": "Returns all available information about the specified tasks", "summary": "List tasks", - "tags": ["Tasks"], + "tags": [ + "Tasks" + ], "query": [ { "name": "agents_list", @@ -8959,7 +9219,9 @@ "documentation": "https://documentation.wazuh.com/4.8/user-manual/api/reference.html#operation/api.controllers.vulnerability_controller.get_vulnerability_agent", "description": "Return the vulnerabilities of an agent", "summary": "Get vulnerabilities", - "tags": ["Vulnerability"], + "tags": [ + "Vulnerability" + ], "args": [ { "name": ":agent_id", @@ -9082,7 +9344,11 @@ "description": "Filter by CVE status", "schema": { "type": "string", - "enum": ["valid", "pending", "obsolete"] + "enum": [ + "valid", + "pending", + "obsolete" + ] } }, { @@ -9090,7 +9356,10 @@ "description": "Filter by CVE type", "schema": { "type": "string", - "enum": ["os", "package"] + "enum": [ + "os", + "package" + ] } }, { @@ -9116,7 +9385,9 @@ "documentation": "https://documentation.wazuh.com/4.8/user-manual/api/reference.html#operation/api.controllers.vulnerability_controller.get_last_scan_agent", "description": "Return when the last full and partial vulnerability scan of a specified agent ended.", "summary": "Get last scan datetime", - "tags": ["Vulnerability"], + "tags": [ + "Vulnerability" + ], "args": [ { "name": ":agent_id", @@ -9154,7 +9425,9 @@ "documentation": "https://documentation.wazuh.com/4.8/user-manual/api/reference.html#operation/api.controllers.vulnerability_controller.get_vulnerabilities_field_summary", "description": "Return a summary of the vulnerabilities' field of an agent", "summary": "Get agent vulnerabilities' field summary", - "tags": ["Vulnerability"], + "tags": [ + "Vulnerability" + ], "args": [ { "name": ":agent_id", @@ -9233,7 +9506,9 @@ "documentation": "https://documentation.wazuh.com/4.8/user-manual/api/reference.html#operation/api.controllers.active_response_controller.run_command", "description": "Run an Active Response command on all agents or a list of them", "summary": "Run command", - "tags": ["Active-response"], + "tags": [ + "Active-response" + ], "query": [ { "name": "agents_list", @@ -9291,7 +9566,9 @@ } } }, - "required": ["command"] + "required": [ + "command" + ] } ] }, @@ -9300,7 +9577,9 @@ "documentation": "https://documentation.wazuh.com/4.8/user-manual/api/reference.html#operation/api.controllers.agent_controller.put_agent_single_group", "description": "Assign an agent to a specified group", "summary": "Assign agent to group", - "tags": ["Agents"], + "tags": [ + "Agents" + ], "args": [ { "name": ":agent_id", @@ -9355,7 +9634,9 @@ "documentation": "https://documentation.wazuh.com/4.8/user-manual/api/reference.html#operation/api.controllers.agent_controller.restart_agent", "description": "Restart the specified agent", "summary": "Restart agent", - "tags": ["Agents"], + "tags": [ + "Agents" + ], "args": [ { "name": ":agent_id", @@ -9393,7 +9674,9 @@ "documentation": "https://documentation.wazuh.com/4.8/user-manual/api/reference.html#operation/api.controllers.agent_controller.put_multiple_agent_single_group", "description": "Assign all agents or a list of them to the specified group", "summary": "Assign agents to group", - "tags": ["Agents"], + "tags": [ + "Agents" + ], "query": [ { "name": "agents_list", @@ -9448,7 +9731,9 @@ "documentation": "https://documentation.wazuh.com/4.8/user-manual/api/reference.html#operation/api.controllers.agent_controller.restart_agents_by_group", "description": "Restart all agents which belong to a given group", "summary": "Restart agents in group", - "tags": ["Agents"], + "tags": [ + "Agents" + ], "args": [ { "name": ":group_id", @@ -9485,7 +9770,9 @@ "documentation": "https://documentation.wazuh.com/4.8/user-manual/api/reference.html#operation/api.controllers.agent_controller.restart_agents_by_node", "description": "Restart all agents which belong to a specific given node", "summary": "Restart agents in node", - "tags": ["Agents"], + "tags": [ + "Agents" + ], "args": [ { "name": ":node_id", @@ -9521,7 +9808,9 @@ "documentation": "https://documentation.wazuh.com/4.8/user-manual/api/reference.html#operation/api.controllers.agent_controller.reconnect_agents", "description": "Force reconnect all agents or a list of them", "summary": "Force reconnect agents", - "tags": ["Agents"], + "tags": [ + "Agents" + ], "query": [ { "name": "agents_list", @@ -9559,7 +9848,9 @@ "documentation": "https://documentation.wazuh.com/4.8/user-manual/api/reference.html#operation/api.controllers.agent_controller.restart_agents", "description": "Restart all agents or a list of them", "summary": "Restart agents", - "tags": ["Agents"], + "tags": [ + "Agents" + ], "query": [ { "name": "agents_list", @@ -9597,7 +9888,9 @@ "documentation": "https://documentation.wazuh.com/4.8/user-manual/api/reference.html#operation/api.controllers.agent_controller.put_upgrade_agents", "description": "Upgrade agents using a WPK file from online repository. When upgrading more than 3000 agents at the same time, it's highly recommended to use the parameter `wait_for_complete` set to `true` to avoid a possible API timeout", "summary": "Upgrade agents", - "tags": ["Agents"], + "tags": [ + "Agents" + ], "query": [ { "name": "agents_list", @@ -9756,7 +10049,9 @@ "documentation": "https://documentation.wazuh.com/4.8/user-manual/api/reference.html#operation/api.controllers.agent_controller.put_upgrade_custom_agents", "description": "Upgrade the agents using a local WPK file. When upgrading more than 3000 agents at the same time, it's highly recommended to use the parameter `wait_for_complete` set to `true` to avoid a possible API timeout", "summary": "Upgrade agents custom", - "tags": ["Agents"], + "tags": [ + "Agents" + ], "query": [ { "name": "agents_list", @@ -9900,7 +10195,9 @@ "documentation": "https://documentation.wazuh.com/4.8/user-manual/api/reference.html#operation/api.controllers.cluster_controller.update_configuration", "description": "Replace wazuh configuration for the given node with the data contained in the API request", "summary": "Update node configuration", - "tags": ["Cluster"], + "tags": [ + "Cluster" + ], "args": [ { "name": ":node_id", @@ -9936,7 +10233,9 @@ "documentation": "https://documentation.wazuh.com/4.8/user-manual/api/reference.html#operation/api.controllers.cluster_controller.put_restart", "description": "Restart all nodes in the cluster or a list of them", "summary": "Restart nodes", - "tags": ["Cluster"], + "tags": [ + "Cluster" + ], "query": [ { "name": "nodes_list", @@ -9971,7 +10270,9 @@ "documentation": "https://documentation.wazuh.com/4.8/user-manual/api/reference.html#operation/api.controllers.decoder_controller.put_file", "description": "Upload or replace a user decoder file content", "summary": "Update decoders file", - "tags": ["Decoders"], + "tags": [ + "Decoders" + ], "args": [ { "name": ":filename", @@ -10023,7 +10324,9 @@ "documentation": "https://documentation.wazuh.com/4.8/user-manual/api/reference.html#operation/api.controllers.agent_controller.put_group_config", "description": "Update an specified group's configuration. This API call expects a full valid XML file with the shared configuration tags/syntax", "summary": "Update group configuration", - "tags": ["Groups"], + "tags": [ + "Groups" + ], "args": [ { "name": ":group_id", @@ -10060,7 +10363,9 @@ "documentation": "https://documentation.wazuh.com/4.8/user-manual/api/reference.html#operation/api.controllers.cdb_list_controller.put_file", "description": "Replace or upload a CDB list file with the data contained in the API request", "summary": "Update CDB list file", - "tags": ["Lists"], + "tags": [ + "Lists" + ], "args": [ { "name": ":filename", @@ -10104,7 +10409,9 @@ "documentation": "https://documentation.wazuh.com/4.8/user-manual/api/reference.html#operation/api.controllers.logtest_controller.run_logtest_tool", "description": "Run logtest tool to check if a specified log raises any alert among other information", "summary": "Run logtest", - "tags": ["Logtest"], + "tags": [ + "Logtest" + ], "query": [ { "name": "pretty", @@ -10126,7 +10433,11 @@ "body": [ { "type": "object", - "required": ["event", "log_format", "location"], + "required": [ + "event", + "log_format", + "location" + ], "properties": { "token": { "type": "string", @@ -10153,7 +10464,9 @@ "documentation": "https://documentation.wazuh.com/4.8/user-manual/api/reference.html#operation/api.controllers.manager_controller.update_configuration", "description": "Replace Wazuh configuration with the data contained in the API request", "summary": "Update Wazuh configuration", - "tags": ["Manager"], + "tags": [ + "Manager" + ], "query": [ { "name": "pretty", @@ -10178,7 +10491,9 @@ "documentation": "https://documentation.wazuh.com/4.8/user-manual/api/reference.html#operation/api.controllers.manager_controller.put_restart", "description": "Restart the wazuh manager", "summary": "Restart manager", - "tags": ["Manager"], + "tags": [ + "Manager" + ], "query": [ { "name": "pretty", @@ -10203,7 +10518,9 @@ "documentation": "https://documentation.wazuh.com/4.8/user-manual/api/reference.html#operation/api.controllers.rootcheck_controller.put_rootcheck", "description": "Run rootcheck scan in all agents or a list of them", "summary": "Run scan", - "tags": ["Rootcheck"], + "tags": [ + "Rootcheck" + ], "query": [ { "name": "agents_list", @@ -10241,7 +10558,9 @@ "documentation": "https://documentation.wazuh.com/4.8/user-manual/api/reference.html#operation/api.controllers.rule_controller.put_file", "description": "Upload or replace a user ruleset file content", "summary": "Update rules file", - "tags": ["Rules"], + "tags": [ + "Rules" + ], "args": [ { "name": ":filename", @@ -10293,7 +10612,9 @@ "documentation": "https://documentation.wazuh.com/4.8/user-manual/api/reference.html#operation/api.controllers.security_controller.put_security_config", "description": "Update the security configuration with the data contained in the API request", "summary": "Update security config", - "tags": ["Security"], + "tags": [ + "Security" + ], "query": [ { "name": "pretty", @@ -10327,7 +10648,10 @@ "rbac_mode": { "description": "RBAC mode (white/black)", "type": "string", - "enum": ["white", "black"], + "enum": [ + "white", + "black" + ], "example": "white" } } @@ -10339,7 +10663,9 @@ "documentation": "https://documentation.wazuh.com/4.8/user-manual/api/reference.html#operation/api.controllers.security_controller.update_policy", "description": "Modify a policy, at least one property must be indicated", "summary": "Update policy", - "tags": ["Security"], + "tags": [ + "Security" + ], "args": [ { "name": ":policy_id", @@ -10403,7 +10729,11 @@ "description": "Effect of the policy" } }, - "required": ["actions", "resources", "effect"] + "required": [ + "actions", + "resources", + "effect" + ] } } } @@ -10414,7 +10744,9 @@ "documentation": "https://documentation.wazuh.com/4.8/user-manual/api/reference.html#operation/api.controllers.security_controller.update_role", "description": "Modify a role, cannot modify associated policies in this endpoint, at least one property must be indicated", "summary": "Update role", - "tags": ["Security"], + "tags": [ + "Security" + ], "args": [ { "name": ":role_id", @@ -10464,7 +10796,9 @@ "documentation": "https://documentation.wazuh.com/4.8/user-manual/api/reference.html#operation/api.controllers.security_controller.update_rule", "description": "Modify a security rule by specifying its ID", "summary": "Update security rule", - "tags": ["Security"], + "tags": [ + "Security" + ], "args": [ { "name": ":rule_id", @@ -10518,14 +10852,18 @@ "documentation": "https://documentation.wazuh.com/4.8/user-manual/api/reference.html#operation/api.controllers.security_controller.revoke_all_tokens", "description": "This method should be called to revoke all active JWT tokens", "summary": "Revoke JWT tokens", - "tags": ["Security"] + "tags": [ + "Security" + ] }, { "name": "/security/users/:user_id", "documentation": "https://documentation.wazuh.com/4.8/user-manual/api/reference.html#operation/api.controllers.security_controller.update_user", "description": "Modify a user's password by specifying their ID", "summary": "Update users", - "tags": ["Security"], + "tags": [ + "Security" + ], "args": [ { "name": ":user_id", @@ -10573,7 +10911,9 @@ "documentation": "https://documentation.wazuh.com/4.8/user-manual/api/reference.html#operation/api.controllers.security_controller.edit_run_as", "description": "Modify a user's allow_run_as flag by specifying their ID", "summary": "Enable/Disable run_as", - "tags": ["Security"], + "tags": [ + "Security" + ], "args": [ { "name": ":user_id", @@ -10618,7 +10958,9 @@ "documentation": "https://documentation.wazuh.com/4.8/user-manual/api/reference.html#operation/api.controllers.syscheck_controller.put_syscheck", "description": "Run FIM scan in all agents", "summary": "Run scan", - "tags": ["Syscheck"], + "tags": [ + "Syscheck" + ], "query": [ { "name": "agents_list", @@ -10656,7 +10998,9 @@ "documentation": "https://documentation.wazuh.com/4.8/user-manual/api/reference.html#operation/api.controllers.vulnerability_controller.run_vulnerability_scan", "description": "Run a vulnerability detector scan in all nodes", "summary": "Run vulnerability detector scan", - "tags": ["Vulnerability"], + "tags": [ + "Vulnerability" + ], "query": [ { "name": "pretty", @@ -10686,7 +11030,9 @@ "documentation": "https://documentation.wazuh.com/4.8/user-manual/api/reference.html#operation/api.controllers.agent_controller.add_agent", "description": "Add a new agent", "summary": "Add agent", - "tags": ["Agents"], + "tags": [ + "Agents" + ], "query": [ { "name": "pretty", @@ -10720,7 +11066,9 @@ "format": "alphanumeric" } }, - "required": ["name"] + "required": [ + "name" + ] } ] }, @@ -10729,7 +11077,9 @@ "documentation": "https://documentation.wazuh.com/4.8/user-manual/api/reference.html#operation/api.controllers.agent_controller.insert_agent", "description": "Add an agent specifying its name, ID and IP. If an agent with the same name, the same ID or the same IP already exists, replace it using the `force` parameter", "summary": "Add agent full", - "tags": ["Agents"], + "tags": [ + "Agents" + ], "query": [ { "name": "pretty", @@ -10809,7 +11159,9 @@ } } }, - "required": ["name"] + "required": [ + "name" + ] } ] }, @@ -10818,7 +11170,9 @@ "documentation": "https://documentation.wazuh.com/4.8/user-manual/api/reference.html#operation/api.controllers.agent_controller.post_new_agent", "description": "Add a new agent with name `agent_name`. This agent will use `any` as IP", "summary": "Add agent quick", - "tags": ["Agents"], + "tags": [ + "Agents" + ], "query": [ { "name": "agent_name", @@ -10853,7 +11207,9 @@ "documentation": "https://documentation.wazuh.com/4.8/user-manual/api/reference.html#operation/api.controllers.event_controller.forward_event", "description": "Send security events to analysisd.\n\nThe endpoint is limited to receiving a max of 30 requests per minute and a max bulk size of 100 events per request.", "summary": "Ingest events", - "tags": ["Events"], + "tags": [ + "Events" + ], "query": [ { "name": "pretty", @@ -10884,7 +11240,9 @@ } } }, - "required": ["events"] + "required": [ + "events" + ] } ] }, @@ -10893,7 +11251,9 @@ "documentation": "https://documentation.wazuh.com/4.8/user-manual/api/reference.html#operation/api.controllers.agent_controller.post_group", "description": "Create a new group", "summary": "Create a group", - "tags": ["Groups"], + "tags": [ + "Groups" + ], "query": [ { "name": "pretty", @@ -10923,7 +11283,9 @@ "maxLength": 128 } }, - "required": ["group_id"] + "required": [ + "group_id" + ] } ] }, @@ -10932,7 +11294,9 @@ "documentation": "https://documentation.wazuh.com/4.8/user-manual/api/reference.html#operation/api.controllers.security_controller.add_policy", "description": "Add a new policy, all fields need to be specified", "summary": "Add policy", - "tags": ["Security"], + "tags": [ + "Security" + ], "query": [ { "name": "pretty", @@ -10954,7 +11318,10 @@ "body": [ { "type": "object", - "required": ["name", "policy"], + "required": [ + "name", + "policy" + ], "properties": { "name": { "description": "Policy name", @@ -10985,7 +11352,11 @@ "description": "Effect of the policy" } }, - "required": ["actions", "resources", "effect"] + "required": [ + "actions", + "resources", + "effect" + ] } } } @@ -10996,7 +11367,9 @@ "documentation": "https://documentation.wazuh.com/4.8/user-manual/api/reference.html#operation/api.controllers.security_controller.add_role", "description": "Add a new role, all fields need to be specified", "summary": "Add role", - "tags": ["Security"], + "tags": [ + "Security" + ], "query": [ { "name": "pretty", @@ -11018,7 +11391,9 @@ "body": [ { "type": "object", - "required": ["name"], + "required": [ + "name" + ], "properties": { "name": { "type": "string", @@ -11035,7 +11410,9 @@ "documentation": "https://documentation.wazuh.com/4.8/user-manual/api/reference.html#operation/api.controllers.security_controller.set_role_policy", "description": "Create a specified relation role-policy, one role may have multiples policies", "summary": "Add policies to role", - "tags": ["Security"], + "tags": [ + "Security" + ], "args": [ { "name": ":role_id", @@ -11094,7 +11471,9 @@ "documentation": "https://documentation.wazuh.com/4.8/user-manual/api/reference.html#operation/api.controllers.security_controller.set_role_rule", "description": "Create a specific role-rule relation. One role may have multiple security rules", "summary": "Add security rules to role", - "tags": ["Security"], + "tags": [ + "Security" + ], "args": [ { "name": ":role_id", @@ -11144,7 +11523,9 @@ "documentation": "https://documentation.wazuh.com/4.8/user-manual/api/reference.html#operation/api.controllers.security_controller.add_rule", "description": "Add a new security rule", "summary": "Add security rule", - "tags": ["Security"], + "tags": [ + "Security" + ], "query": [ { "name": "pretty", @@ -11166,7 +11547,10 @@ "body": [ { "type": "object", - "required": ["name", "rule"], + "required": [ + "name", + "rule" + ], "properties": { "name": { "type": "string", @@ -11187,7 +11571,9 @@ "documentation": "https://documentation.wazuh.com/4.8/user-manual/api/reference.html#operation/api.controllers.security_controller.login_user", "description": "This method should be called to get an API token. This token will expire after auth_token_exp_timeout seconds (default: 900). This value can be changed using PUT /security/config", "summary": "Login", - "tags": ["Security"], + "tags": [ + "Security" + ], "query": [ { "name": "raw", @@ -11204,7 +11590,9 @@ "documentation": "https://documentation.wazuh.com/4.8/user-manual/api/reference.html#operation/api.controllers.security_controller.run_as_login", "description": "This method should be called to get an API token using an authorization context body. This token will expire after auth_token_exp_timeout seconds (default: 900). This value can be changed using PUT /security/config", "summary": "Login auth_context", - "tags": ["Security"], + "tags": [ + "Security" + ], "query": [ { "name": "raw", @@ -11221,7 +11609,9 @@ "documentation": "https://documentation.wazuh.com/4.8/user-manual/api/reference.html#operation/api.controllers.security_controller.create_user", "description": "Add a new API user to the system", "summary": "Add user", - "tags": ["Security"], + "tags": [ + "Security" + ], "query": [ { "name": "pretty", @@ -11255,7 +11645,10 @@ "format": "password" } }, - "required": ["username", "password"] + "required": [ + "username", + "password" + ] } ] }, @@ -11264,7 +11657,9 @@ "documentation": "https://documentation.wazuh.com/4.8/user-manual/api/reference.html#operation/api.controllers.security_controller.set_user_role", "description": "Create a specified relation role-policy, one user may have multiples roles", "summary": "Add roles to user", - "tags": ["Security"], + "tags": [ + "Security" + ], "args": [ { "name": ":user_id", @@ -11328,7 +11723,9 @@ "documentation": "https://documentation.wazuh.com/4.8/user-manual/api/reference.html#operation/api.controllers.agent_controller.delete_agents", "description": "Delete all agents or a list of them based on optional criteria", "summary": "Delete agents", - "tags": ["Agents"], + "tags": [ + "Agents" + ], "query": [ { "name": "agents_list", @@ -11491,7 +11888,9 @@ "documentation": "https://documentation.wazuh.com/4.8/user-manual/api/reference.html#operation/api.controllers.agent_controller.delete_single_agent_multiple_groups", "description": "Remove the agent from all groups or a list of them. The agent will automatically revert to the default group if it is removed from all its assigned groups", "summary": "Remove agent from groups", - "tags": ["Agents"], + "tags": [ + "Agents" + ], "args": [ { "name": ":agent_id", @@ -11541,7 +11940,9 @@ "documentation": "https://documentation.wazuh.com/4.8/user-manual/api/reference.html#operation/api.controllers.agent_controller.delete_single_agent_single_group", "description": "Remove an agent from a specified group. If the agent belongs to several groups, only the specified group will be deleted.", "summary": "Remove agent from group", - "tags": ["Agents"], + "tags": [ + "Agents" + ], "args": [ { "name": ":agent_id", @@ -11589,7 +11990,9 @@ "documentation": "https://documentation.wazuh.com/4.8/user-manual/api/reference.html#operation/api.controllers.agent_controller.delete_multiple_agent_single_group", "description": "Remove all agents assignment or a list of them from the specified group", "summary": "Remove agents from group", - "tags": ["Agents"], + "tags": [ + "Agents" + ], "query": [ { "name": "agents_list", @@ -11638,7 +12041,9 @@ "documentation": "https://documentation.wazuh.com/4.8/user-manual/api/reference.html#operation/api.controllers.decoder_controller.delete_file", "description": "Delete a specified decoder file", "summary": "Delete decoders file", - "tags": ["Decoders"], + "tags": [ + "Decoders" + ], "args": [ { "name": ":filename", @@ -11682,7 +12087,9 @@ "documentation": "https://documentation.wazuh.com/4.8/user-manual/api/reference.html#operation/api.controllers.experimental_controller.clear_rootcheck_database", "description": "Clear rootcheck database for all agents or a list of them", "summary": "Clear rootcheck results", - "tags": ["Experimental"], + "tags": [ + "Experimental" + ], "query": [ { "name": "agents_list", @@ -11721,7 +12128,9 @@ "documentation": "https://documentation.wazuh.com/4.8/user-manual/api/reference.html#operation/api.controllers.experimental_controller.clear_syscheck_database", "description": "Clear the syscheck database for all agents or a list of them", "summary": "Clear agents FIM results", - "tags": ["Experimental"], + "tags": [ + "Experimental" + ], "query": [ { "name": "agents_list", @@ -11760,7 +12169,9 @@ "documentation": "https://documentation.wazuh.com/4.8/user-manual/api/reference.html#operation/api.controllers.agent_controller.delete_groups", "description": "Delete all groups or a list of them", "summary": "Delete groups", - "tags": ["Groups"], + "tags": [ + "Groups" + ], "query": [ { "name": "groups_list", @@ -11799,7 +12210,9 @@ "documentation": "https://documentation.wazuh.com/4.8/user-manual/api/reference.html#operation/api.controllers.cdb_list_controller.delete_file", "description": "Delete a specified CDB list file. Only the filename can be specified. It will be searched recursively if not found", "summary": "Delete CDB list file", - "tags": ["Lists"], + "tags": [ + "Lists" + ], "args": [ { "name": ":filename", @@ -11835,7 +12248,9 @@ "documentation": "https://documentation.wazuh.com/4.8/user-manual/api/reference.html#operation/api.controllers.logtest_controller.end_logtest_session", "description": "Delete the saved logtest session corresponding to {token}", "summary": "End session", - "tags": ["Logtest"], + "tags": [ + "Logtest" + ], "args": [ { "name": ":token", @@ -11871,7 +12286,9 @@ "documentation": "https://documentation.wazuh.com/4.8/user-manual/api/reference.html#operation/api.controllers.rootcheck_controller.delete_rootcheck", "description": "Clear an agent's rootcheck database", "summary": "Clear results", - "tags": ["Rootcheck"], + "tags": [ + "Rootcheck" + ], "args": [ { "name": ":agent_id", @@ -11909,7 +12326,9 @@ "documentation": "https://documentation.wazuh.com/4.8/user-manual/api/reference.html#operation/api.controllers.rule_controller.delete_file", "description": "Delete a specified rule file", "summary": "Delete rules file", - "tags": ["Rules"], + "tags": [ + "Rules" + ], "args": [ { "name": ":filename", @@ -11953,7 +12372,9 @@ "documentation": "https://documentation.wazuh.com/4.8/user-manual/api/reference.html#operation/api.controllers.security_controller.delete_security_config", "description": "Replaces the security configuration with the original one", "summary": "Restore default security config", - "tags": ["Security"], + "tags": [ + "Security" + ], "query": [ { "name": "pretty", @@ -11978,7 +12399,9 @@ "documentation": "https://documentation.wazuh.com/4.8/user-manual/api/reference.html#operation/api.controllers.security_controller.remove_policies", "description": "Delete a list of policies or all policies in the system, roles linked to policies are not going to be removed", "summary": "Delete policies", - "tags": ["Security"], + "tags": [ + "Security" + ], "query": [ { "name": "policy_ids", @@ -12016,7 +12439,9 @@ "documentation": "https://documentation.wazuh.com/4.8/user-manual/api/reference.html#operation/api.controllers.security_controller.remove_roles", "description": "Policies linked to roles are not going to be removed", "summary": "Delete roles", - "tags": ["Security"], + "tags": [ + "Security" + ], "query": [ { "name": "pretty", @@ -12054,7 +12479,9 @@ "documentation": "https://documentation.wazuh.com/4.8/user-manual/api/reference.html#operation/api.controllers.security_controller.remove_role_policy", "description": "Delete a specified relation role-policy", "summary": "Remove policies from role", - "tags": ["Security"], + "tags": [ + "Security" + ], "args": [ { "name": ":role_id", @@ -12104,7 +12531,9 @@ "documentation": "https://documentation.wazuh.com/4.8/user-manual/api/reference.html#operation/api.controllers.security_controller.remove_role_rule", "description": "Delete a specific role-rule relation", "summary": "Remove security rules from role", - "tags": ["Security"], + "tags": [ + "Security" + ], "args": [ { "name": ":role_id", @@ -12154,7 +12583,9 @@ "documentation": "https://documentation.wazuh.com/4.8/user-manual/api/reference.html#operation/api.controllers.security_controller.remove_rules", "description": "Delete a list of security rules or all security rules in the system, roles linked to rules are not going to be deleted", "summary": "Delete security rules", - "tags": ["Security"], + "tags": [ + "Security" + ], "query": [ { "name": "pretty", @@ -12192,14 +12623,18 @@ "documentation": "https://documentation.wazuh.com/4.8/user-manual/api/reference.html#operation/api.controllers.security_controller.logout_user", "description": "This method should be called to invalidate all the current user's tokens", "summary": "Logout current user", - "tags": ["Security"] + "tags": [ + "Security" + ] }, { "name": "/security/users", "documentation": "https://documentation.wazuh.com/4.8/user-manual/api/reference.html#operation/api.controllers.security_controller.delete_users", "description": "Delete a list of users by specifying their IDs", "summary": "Delete users", - "tags": ["Security"], + "tags": [ + "Security" + ], "query": [ { "name": "pretty", @@ -12237,7 +12672,9 @@ "documentation": "https://documentation.wazuh.com/4.8/user-manual/api/reference.html#operation/api.controllers.security_controller.remove_user_role", "description": "Delete a specified relation user-roles", "summary": "Remove roles from user", - "tags": ["Security"], + "tags": [ + "Security" + ], "args": [ { "name": ":user_id", @@ -12287,7 +12724,9 @@ "documentation": "https://documentation.wazuh.com/4.8/user-manual/api/reference.html#operation/api.controllers.syscheck_controller.delete_syscheck_agent", "description": "Clear file integrity monitoring scan results for a specified agent. Only available for agents < 3.12.0, it doesn't apply for more recent ones", "summary": "Clear results", - "tags": ["Syscheck"], + "tags": [ + "Syscheck" + ], "args": [ { "name": ":agent_id", @@ -12322,4 +12761,4 @@ } ] } -] +] \ No newline at end of file diff --git a/plugins/main/common/api-info/security-actions.json b/plugins/main/common/api-info/security-actions.json index 418600f6c4..37d13fe040 100644 --- a/plugins/main/common/api-info/security-actions.json +++ b/plugins/main/common/api-info/security-actions.json @@ -1,30 +1,57 @@ { "active-response:command": { "description": "Execute active response commands in the agents", - "resources": ["agent:id", "agent:group"], + "resources": [ + "agent:id", + "agent:group" + ], "example": { - "actions": ["active-response:command"], - "resources": ["agent:id:001", "agent:group:atlantic"], + "actions": [ + "active-response:command" + ], + "resources": [ + "agent:id:001", + "agent:group:atlantic" + ], "effect": "allow" }, - "related_endpoints": ["PUT /active-response"] + "related_endpoints": [ + "PUT /active-response" + ] }, "agent:delete": { "description": "Delete agents", - "resources": ["agent:id", "agent:group"], + "resources": [ + "agent:id", + "agent:group" + ], "example": { - "actions": ["agent:delete"], - "resources": ["agent:id:010", "agent:group:pacific"], + "actions": [ + "agent:delete" + ], + "resources": [ + "agent:id:010", + "agent:group:pacific" + ], "effect": "allow" }, - "related_endpoints": ["DELETE /agents"] + "related_endpoints": [ + "DELETE /agents" + ] }, "agent:read": { "description": "Access agents information (id, name, group, last keep alive, etc)", - "resources": ["agent:id", "agent:group"], + "resources": [ + "agent:id", + "agent:group" + ], "example": { - "actions": ["agent:read"], - "resources": ["agent:id:*"], + "actions": [ + "agent:read" + ], + "resources": [ + "agent:id:*" + ], "effect": "allow" }, "related_endpoints": [ @@ -45,20 +72,38 @@ }, "agent:create": { "description": "Create new agents", - "resources": ["*:*"], + "resources": [ + "*:*" + ], "example": { - "actions": ["agent:create"], - "resources": ["*:*:*"], + "actions": [ + "agent:create" + ], + "resources": [ + "*:*:*" + ], "effect": "allow" }, - "related_endpoints": ["POST /agents", "POST /agents/insert", "POST /agents/insert/quick"] + "related_endpoints": [ + "POST /agents", + "POST /agents/insert", + "POST /agents/insert/quick" + ] }, "agent:modify_group": { "description": "Change the group of agents", - "resources": ["agent:id", "agent:group"], + "resources": [ + "agent:id", + "agent:group" + ], "example": { - "actions": ["agent:modify_group"], - "resources": ["agent:id:004", "agent:group:us-east"], + "actions": [ + "agent:modify_group" + ], + "resources": [ + "agent:id:004", + "agent:group:us-east" + ], "effect": "allow" }, "related_endpoints": [ @@ -71,10 +116,16 @@ }, "group:modify_assignments": { "description": "Change the agents assigned to the group", - "resources": ["group:id"], + "resources": [ + "group:id" + ], "example": { - "actions": ["group:modify_assignments"], - "resources": ["group:id:*"], + "actions": [ + "group:modify_assignments" + ], + "resources": [ + "group:id:*" + ], "effect": "allow" }, "related_endpoints": [ @@ -87,10 +138,18 @@ }, "agent:restart": { "description": "Restart agents", - "resources": ["agent:id", "agent:group"], + "resources": [ + "agent:id", + "agent:group" + ], "example": { - "actions": ["agent:restart"], - "resources": ["agent:id:050", "agent:id:049"], + "actions": [ + "agent:restart" + ], + "resources": [ + "agent:id:050", + "agent:id:049" + ], "effect": "deny" }, "related_endpoints": [ @@ -102,10 +161,18 @@ }, "agent:upgrade": { "description": "Upgrade the version of the agents", - "resources": ["agent:id", "agent:group"], + "resources": [ + "agent:id", + "agent:group" + ], "example": { - "actions": ["agent:upgrade"], - "resources": ["agent:id:001", "agent:group:mediterranean"], + "actions": [ + "agent:upgrade" + ], + "resources": [ + "agent:id:001", + "agent:group:mediterranean" + ], "effect": "allow" }, "related_endpoints": [ @@ -116,20 +183,34 @@ }, "group:delete": { "description": "Delete agent groups", - "resources": ["group:id"], + "resources": [ + "group:id" + ], "example": { - "actions": ["group:delete"], - "resources": ["group:id:*"], + "actions": [ + "group:delete" + ], + "resources": [ + "group:id:*" + ], "effect": "allow" }, - "related_endpoints": ["DELETE /groups"] + "related_endpoints": [ + "DELETE /groups" + ] }, "group:read": { "description": "Access agent groups information (id, name, agents, etc)", - "resources": ["group:id"], + "resources": [ + "group:id" + ], "example": { - "actions": ["group:create"], - "resources": ["group:id:*"], + "actions": [ + "group:create" + ], + "resources": [ + "group:id:*" + ], "effect": "allow" }, "related_endpoints": [ @@ -144,30 +225,53 @@ }, "group:create": { "description": "Create new agent groups", - "resources": ["*:*"], + "resources": [ + "*:*" + ], "example": { - "actions": ["group:create"], - "resources": ["*:*:*"], + "actions": [ + "group:create" + ], + "resources": [ + "*:*:*" + ], "effect": "allow" }, - "related_endpoints": ["POST /groups"] + "related_endpoints": [ + "POST /groups" + ] }, "group:update_config": { "description": "Change the configuration of agent groups", - "resources": ["group:id"], + "resources": [ + "group:id" + ], "example": { - "actions": ["group:update_config"], - "resources": ["group:id:*"], + "actions": [ + "group:update_config" + ], + "resources": [ + "group:id:*" + ], "effect": "deny" }, - "related_endpoints": ["PUT /groups/{group_id}/configuration"] + "related_endpoints": [ + "PUT /groups/{group_id}/configuration" + ] }, "cluster:read": { "description": "Read Wazuh's cluster nodes configuration", - "resources": ["node:id"], + "resources": [ + "node:id" + ], "example": { - "actions": ["cluster:read"], - "resources": ["node:id:worker1", "node:id:worker3"], + "actions": [ + "cluster:read" + ], + "resources": [ + "node:id:worker1", + "node:id:worker3" + ], "effect": "deny" }, "related_endpoints": [ @@ -195,110 +299,207 @@ }, "agent:reconnect": { "description": "Force reconnect agents", - "resources": ["agent:id", "agent:group"], + "resources": [ + "agent:id", + "agent:group" + ], "example": { - "actions": ["agent:reconnect"], - "resources": ["agent:id:050", "agent:id:049"], + "actions": [ + "agent:reconnect" + ], + "resources": [ + "agent:id:050", + "agent:id:049" + ], "effect": "deny" }, - "related_endpoints": ["PUT /agents/reconnect"] + "related_endpoints": [ + "PUT /agents/reconnect" + ] }, "ciscat:read": { "description": "Access CIS-CAT results for agents", - "resources": ["agent:id", "agent:group"], + "resources": [ + "agent:id", + "agent:group" + ], "example": { - "actions": ["ciscat:read"], - "resources": ["agent:id:001", "agent:id:003", "agent:group:default"], + "actions": [ + "ciscat:read" + ], + "resources": [ + "agent:id:001", + "agent:id:003", + "agent:group:default" + ], "effect": "deny" }, - "related_endpoints": ["GET /ciscat/{agent_id}/results", "GET /experimental/ciscat/results"] + "related_endpoints": [ + "GET /ciscat/{agent_id}/results", + "GET /experimental/ciscat/results" + ] }, "cluster:status": { "description": "Check Wazuh's cluster general status", - "resources": ["*:*"], + "resources": [ + "*:*" + ], "example": { - "actions": ["cluster:status"], - "resources": ["*:*:*"], + "actions": [ + "cluster:status" + ], + "resources": [ + "*:*:*" + ], "effect": "allow" }, - "related_endpoints": ["GET /cluster/status"] + "related_endpoints": [ + "GET /cluster/status" + ] }, "cluster:read_api_config": { "description": "Check Wazuh's cluster nodes API configuration", - "resources": ["*:*"], + "resources": [ + "*:*" + ], "example": { - "actions": ["cluster:read_api_config"], - "resources": ["node:id:worker1", "node:id:worker3"], + "actions": [ + "cluster:read_api_config" + ], + "resources": [ + "node:id:worker1", + "node:id:worker3" + ], "effect": "allow" }, - "related_endpoints": ["GET /cluster/api/config"] + "related_endpoints": [ + "GET /cluster/api/config" + ] }, "cluster:update_config": { "description": "Change the Wazuh's cluster node configuration", - "resources": ["node:id"], + "resources": [ + "node:id" + ], "example": { - "actions": ["cluster:update_config"], - "resources": ["node:id:worker1"], + "actions": [ + "cluster:update_config" + ], + "resources": [ + "node:id:worker1" + ], "effect": "allow" }, - "related_endpoints": ["PUT /cluster/{node_id}/configuration"] + "related_endpoints": [ + "PUT /cluster/{node_id}/configuration" + ] }, "cluster:restart": { "description": "Restart Wazuh's cluster nodes", - "resources": ["node:id"], + "resources": [ + "node:id" + ], "example": { - "actions": ["cluster:restart"], - "resources": ["node:id:worker1"], + "actions": [ + "cluster:restart" + ], + "resources": [ + "node:id:worker1" + ], "effect": "allow" }, - "related_endpoints": ["PUT /cluster/restart"] + "related_endpoints": [ + "PUT /cluster/restart" + ] }, "lists:read": { "description": "Read cdb lists files", - "resources": ["list:file"], + "resources": [ + "list:file" + ], "example": { - "actions": ["lists:read"], - "resources": ["list:file:audit-keys"], + "actions": [ + "lists:read" + ], + "resources": [ + "list:file:audit-keys" + ], "effect": "deny" }, - "related_endpoints": ["GET /lists", "GET /lists/files/{filename}", "GET /lists/files"] + "related_endpoints": [ + "GET /lists", + "GET /lists/files/{filename}", + "GET /lists/files" + ] }, "lists:update": { "description": "Update or upload cdb lists files", - "resources": ["*:*"], + "resources": [ + "*:*" + ], "example": { - "actions": ["lists:update"], - "resources": ["*:*:*"], + "actions": [ + "lists:update" + ], + "resources": [ + "*:*:*" + ], "effect": "allow" }, - "related_endpoints": ["PUT /lists/files/{filename}"] + "related_endpoints": [ + "PUT /lists/files/{filename}" + ] }, "lists:delete": { "description": "Delete cdb lists files", - "resources": ["list:file"], + "resources": [ + "list:file" + ], "example": { - "actions": ["lists:delete"], - "resources": ["list:file:audit-keys"], + "actions": [ + "lists:delete" + ], + "resources": [ + "list:file:audit-keys" + ], "effect": "deny" }, - "related_endpoints": ["PUT /lists/files/{filename}", "DELETE /lists/files/{filename}"] + "related_endpoints": [ + "PUT /lists/files/{filename}", + "DELETE /lists/files/{filename}" + ] }, "logtest:run": { "description": "Run logtest tool or end a logtest session", - "resources": ["*:*"], + "resources": [ + "*:*" + ], "example": { - "actions": ["logtest:run"], - "resources": ["*:*:*"], + "actions": [ + "logtest:run" + ], + "resources": [ + "*:*:*" + ], "effect": "allow" }, - "related_endpoints": ["PUT /logtest", "DELETE /logtest/sessions/{token}"] + "related_endpoints": [ + "PUT /logtest", + "DELETE /logtest/sessions/{token}" + ] }, "manager:read": { "description": "Read Wazuh manager configuration", - "resources": ["*:*"], + "resources": [ + "*:*" + ], "example": { - "actions": ["manager:read"], - "resources": ["*:*:*"], + "actions": [ + "manager:read" + ], + "resources": [ + "*:*:*" + ], "effect": "allow" }, "related_endpoints": [ @@ -315,46 +516,75 @@ "GET /manager/logs/summary", "PUT /manager/restart", "GET /manager/configuration/validation", - "GET /manager/configuration/{component}/{configuration}", - "GET /manager/version/check" + "GET /manager/configuration/{component}/{configuration}" ] }, "manager:update_config": { "description": "Update current Wazuh manager configuration", - "resources": ["*:*"], + "resources": [ + "*:*" + ], "example": { - "actions": ["manager:update_config"], - "resources": ["*:*:*"], + "actions": [ + "manager:update_config" + ], + "resources": [ + "*:*:*" + ], "effect": "allow" }, - "related_endpoints": ["PUT /manager/configuration"] + "related_endpoints": [ + "PUT /manager/configuration" + ] }, "manager:read_api_config": { "description": "Read Wazuh manager API configuration", - "resources": ["*:*"], + "resources": [ + "*:*" + ], "example": { - "actions": ["manager:read_api_config"], - "resources": ["*:*:*"], + "actions": [ + "manager:read_api_config" + ], + "resources": [ + "*:*:*" + ], "effect": "allow" }, - "related_endpoints": ["GET /manager/api/config"] + "related_endpoints": [ + "GET /manager/api/config" + ] }, "manager:restart": { "description": "Restart Wazuh managers", - "resources": ["*:*"], + "resources": [ + "*:*" + ], "example": { - "actions": ["manager:restart"], - "resources": ["*:*:*"], + "actions": [ + "manager:restart" + ], + "resources": [ + "*:*:*" + ], "effect": "deny" }, - "related_endpoints": ["PUT /manager/restart"] + "related_endpoints": [ + "PUT /manager/restart" + ] }, "mitre:read": { "description": "Access information from MITRE database", - "resources": ["*:*"], + "resources": [ + "*:*" + ], "example": { - "actions": ["mitre:read"], - "resources": ["*:*:*"], + "actions": [ + "mitre:read" + ], + "resources": [ + "*:*:*" + ], "effect": "allow" }, "related_endpoints": [ @@ -369,40 +599,75 @@ }, "rootcheck:run": { "description": "Run agents rootcheck scan", - "resources": ["agent:id", "agent:group"], + "resources": [ + "agent:id", + "agent:group" + ], "example": { - "actions": ["rootcheck:run"], - "resources": ["agent:id:*"], + "actions": [ + "rootcheck:run" + ], + "resources": [ + "agent:id:*" + ], "effect": "allow" }, - "related_endpoints": ["PUT /rootcheck"] + "related_endpoints": [ + "PUT /rootcheck" + ] }, "rootcheck:read": { "description": "Access information from agents rootcheck database", - "resources": ["agent:id", "agent:group"], + "resources": [ + "agent:id", + "agent:group" + ], "example": { - "actions": ["rootcheck:read"], - "resources": ["agent:id:011"], + "actions": [ + "rootcheck:read" + ], + "resources": [ + "agent:id:011" + ], "effect": "allow" }, - "related_endpoints": ["GET /rootcheck/{agent_id}", "GET /rootcheck/{agent_id}/last_scan"] + "related_endpoints": [ + "GET /rootcheck/{agent_id}", + "GET /rootcheck/{agent_id}/last_scan" + ] }, "rootcheck:clear": { "description": "Clear the agents rootcheck database", - "resources": ["agent:id", "agent:group"], + "resources": [ + "agent:id", + "agent:group" + ], "example": { - "actions": ["rootcheck:clear"], - "resources": ["agent:id:*"], + "actions": [ + "rootcheck:clear" + ], + "resources": [ + "agent:id:*" + ], "effect": "deny" }, - "related_endpoints": ["DELETE /rootcheck/{agent_id}", "DELETE /experimental/rootcheck"] + "related_endpoints": [ + "DELETE /rootcheck/{agent_id}", + "DELETE /experimental/rootcheck" + ] }, "rules:read": { "description": "Read rules files", - "resources": ["rule:file"], + "resources": [ + "rule:file" + ], "example": { - "actions": ["rules:read"], - "resources": ["rule:file:0610-win-ms_logs_rules.xml"], + "actions": [ + "rules:read" + ], + "resources": [ + "rule:file:0610-win-ms_logs_rules.xml" + ], "effect": "allow" }, "related_endpoints": [ @@ -415,70 +680,133 @@ }, "rules:update": { "description": "Update or upload custom rule files", - "resources": ["*:*"], + "resources": [ + "*:*" + ], "example": { - "actions": ["rules:update"], - "resources": ["*:*:*"], + "actions": [ + "rules:update" + ], + "resources": [ + "*:*:*" + ], "effect": "allow" }, - "related_endpoints": ["PUT /rules/files/{filename}"] + "related_endpoints": [ + "PUT /rules/files/{filename}" + ] }, "rules:delete": { "description": "Delete custom rule files", - "resources": ["rule:file"], + "resources": [ + "rule:file" + ], "example": { - "actions": ["rules:delete"], - "resources": ["rule:file:0610-win-ms_logs_rules.xml"], + "actions": [ + "rules:delete" + ], + "resources": [ + "rule:file:0610-win-ms_logs_rules.xml" + ], "effect": "allow" }, - "related_endpoints": ["PUT /rules/files/{filename}", "DELETE /rules/files/{filename}"] + "related_endpoints": [ + "PUT /rules/files/{filename}", + "DELETE /rules/files/{filename}" + ] }, "sca:read": { "description": "Access agents security configuration assessment", - "resources": ["agent:id", "agent:group"], + "resources": [ + "agent:id", + "agent:group" + ], "example": { - "actions": ["sca:read"], - "resources": ["agent:id:*"], + "actions": [ + "sca:read" + ], + "resources": [ + "agent:id:*" + ], "effect": "allow" }, - "related_endpoints": ["GET /sca/{agent_id}", "GET /sca/{agent_id}/checks/{policy_id}"] + "related_endpoints": [ + "GET /sca/{agent_id}", + "GET /sca/{agent_id}/checks/{policy_id}" + ] }, "syscheck:run": { "description": "Run agents syscheck scan", - "resources": ["agent:id", "agent:group"], + "resources": [ + "agent:id", + "agent:group" + ], "example": { - "actions": ["syscheck:run"], - "resources": ["agent:id:*"], + "actions": [ + "syscheck:run" + ], + "resources": [ + "agent:id:*" + ], "effect": "allow" }, - "related_endpoints": ["PUT /syscheck"] + "related_endpoints": [ + "PUT /syscheck" + ] }, "syscheck:read": { "description": "Access information from agents syscheck database", - "resources": ["agent:id", "agent:group"], + "resources": [ + "agent:id", + "agent:group" + ], "example": { - "actions": ["syscheck:read"], - "resources": ["agent:id:011", "agent:group:us-west"], + "actions": [ + "syscheck:read" + ], + "resources": [ + "agent:id:011", + "agent:group:us-west" + ], "effect": "allow" }, - "related_endpoints": ["GET /syscheck/{agent_id}", "GET /syscheck/{agent_id}/last_scan"] + "related_endpoints": [ + "GET /syscheck/{agent_id}", + "GET /syscheck/{agent_id}/last_scan" + ] }, "syscheck:clear": { "description": "Clear the agents syscheck database", - "resources": ["agent:id", "agent:group"], + "resources": [ + "agent:id", + "agent:group" + ], "example": { - "actions": ["syscheck:clear"], - "resources": ["agent:id:*"], + "actions": [ + "syscheck:clear" + ], + "resources": [ + "agent:id:*" + ], "effect": "deny" }, - "related_endpoints": ["DELETE /syscheck/{agent_id}", "DELETE /experimental/syscheck"] + "related_endpoints": [ + "DELETE /syscheck/{agent_id}", + "DELETE /experimental/syscheck" + ] }, "decoders:read": { "description": "Read decoders files", - "resources": ["decoder:file"], + "resources": [ + "decoder:file" + ], "example": { - "actions": ["decoders:read"], - "resources": ["decoder:file:*"], + "actions": [ + "decoders:read" + ], + "resources": [ + "decoder:file:*" + ], "effect": "allow" }, "related_endpoints": [ @@ -490,30 +818,54 @@ }, "decoders:update": { "description": "Update or upload custom decoder files", - "resources": ["*:*"], + "resources": [ + "*:*" + ], "example": { - "actions": ["decoders:update"], - "resources": ["*:*:*"], + "actions": [ + "decoders:update" + ], + "resources": [ + "*:*:*" + ], "effect": "allow" }, - "related_endpoints": ["PUT /decoders/files/{filename}"] + "related_endpoints": [ + "PUT /decoders/files/{filename}" + ] }, "decoders:delete": { "description": "Delete custom decoder files", - "resources": ["decoder:file"], + "resources": [ + "decoder:file" + ], "example": { - "actions": ["decoders:delete"], - "resources": ["decoder:file:local_decoder.xml"], + "actions": [ + "decoders:delete" + ], + "resources": [ + "decoder:file:local_decoder.xml" + ], "effect": "allow" }, - "related_endpoints": ["PUT /decoders/files/{filename}", "DELETE /decoders/files/{filename}"] + "related_endpoints": [ + "PUT /decoders/files/{filename}", + "DELETE /decoders/files/{filename}" + ] }, "syscollector:read": { "description": "Access agents syscollector information", - "resources": ["agent:id", "agent:group"], + "resources": [ + "agent:id", + "agent:group" + ], "example": { - "actions": ["syscollector:read"], - "resources": ["agent:id:*"], + "actions": [ + "syscollector:read" + ], + "resources": [ + "agent:id:*" + ], "effect": "allow" }, "related_endpoints": [ @@ -539,20 +891,40 @@ }, "security:edit_run_as": { "description": "Change the value of the allow_run_as flag for a user", - "resources": ["*:*"], + "resources": [ + "*:*" + ], "example": { - "actions": ["security:edit_run_as"], - "resources": ["*:*:*"], + "actions": [ + "security:edit_run_as" + ], + "resources": [ + "*:*:*" + ], "effect": "allow" }, - "related_endpoints": ["PUT /security/users/{user_id}/run_as"] + "related_endpoints": [ + "PUT /security/users/{user_id}/run_as" + ] }, "security:read": { "description": "Access information about system security resources", - "resources": ["policy:id", "role:id", "user:id", "rule:id"], + "resources": [ + "policy:id", + "role:id", + "user:id", + "rule:id" + ], "example": { - "actions": ["security:read"], - "resources": ["policy:id:*", "role:id:2", "user:id:5", "rule:id:3"], + "actions": [ + "security:read" + ], + "resources": [ + "policy:id:*", + "role:id:2", + "user:id:5", + "rule:id:3" + ], "effect": "allow" }, "related_endpoints": [ @@ -564,20 +936,40 @@ }, "security:create_user": { "description": "Create new system users", - "resources": ["*:*"], + "resources": [ + "*:*" + ], "example": { - "actions": ["security:create_user"], - "resources": ["*:*:*"], + "actions": [ + "security:create_user" + ], + "resources": [ + "*:*:*" + ], "effect": "allow" }, - "related_endpoints": ["POST /security/users"] + "related_endpoints": [ + "POST /security/users" + ] }, "security:delete": { "description": "Delete system security resources", - "resources": ["policy:id", "role:id", "user:id", "rule:id"], + "resources": [ + "policy:id", + "role:id", + "user:id", + "rule:id" + ], "example": { - "actions": ["security:update"], - "resources": ["policy:id:*", "role:id:3", "user:id:4", "rule:id:2"], + "actions": [ + "security:update" + ], + "resources": [ + "policy:id:*", + "role:id:3", + "user:id:4", + "rule:id:2" + ], "effect": "deny" }, "related_endpoints": [ @@ -592,10 +984,22 @@ }, "security:update": { "description": "Update the information of system security resources", - "resources": ["policy:id", "role:id", "user:id", "rule:id"], + "resources": [ + "policy:id", + "role:id", + "user:id", + "rule:id" + ], "example": { - "actions": ["security:update"], - "resources": ["policy:id:*", "role:id:4", "user:id:3", "rule:id:4"], + "actions": [ + "security:update" + ], + "resources": [ + "policy:id:*", + "role:id:4", + "user:id:3", + "rule:id:4" + ], "effect": "deny" }, "related_endpoints": [ @@ -610,60 +1014,111 @@ }, "security:create": { "description": "Create new system security resources", - "resources": ["*:*"], + "resources": [ + "*:*" + ], "example": { - "actions": ["security:create"], - "resources": ["*:*:*"], + "actions": [ + "security:create" + ], + "resources": [ + "*:*:*" + ], "effect": "deny" }, - "related_endpoints": ["POST /security/roles", "POST /security/rules", "POST /security/policies"] + "related_endpoints": [ + "POST /security/roles", + "POST /security/rules", + "POST /security/policies" + ] }, "security:read_config": { "description": "Read current system security configuration", - "resources": ["*:*"], + "resources": [ + "*:*" + ], "example": { - "actions": ["security:read_config"], - "resources": ["*:*:*"], + "actions": [ + "security:read_config" + ], + "resources": [ + "*:*:*" + ], "effect": "allow" }, - "related_endpoints": ["GET /security/config"] + "related_endpoints": [ + "GET /security/config" + ] }, "security:update_config": { "description": "Update current system security configuration", - "resources": ["*:*"], + "resources": [ + "*:*" + ], "example": { - "actions": ["security:update_config"], - "resources": ["*:*:*"], + "actions": [ + "security:update_config" + ], + "resources": [ + "*:*:*" + ], "effect": "allow" }, - "related_endpoints": ["PUT /security/config", "DELETE /security/config"] + "related_endpoints": [ + "PUT /security/config", + "DELETE /security/config" + ] }, "task:status": { "description": "Access task's status information", - "resources": ["*:*"], + "resources": [ + "*:*" + ], "example": { - "actions": ["task:status"], - "resources": ["*:*:*"], + "actions": [ + "task:status" + ], + "resources": [ + "*:*:*" + ], "effect": "deny" }, - "related_endpoints": ["GET /tasks/status"] + "related_endpoints": [ + "GET /tasks/status" + ] }, "vulnerability:run": { "description": "Allow running a vulnerability detector scan", - "resources": ["*:*"], + "resources": [ + "*:*" + ], "example": { - "actions": ["vulnerability:run"], - "resources": ["*:*:*"], + "actions": [ + "vulnerability:run" + ], + "resources": [ + "*:*:*" + ], "effect": "allow" }, - "related_endpoints": ["PUT /vulnerability"] + "related_endpoints": [ + "PUT /vulnerability" + ] }, "vulnerability:read": { "description": "Allow reading agents' vulnerabilities information", - "resources": ["agent:id", "agent:group"], + "resources": [ + "agent:id", + "agent:group" + ], "example": { - "actions": ["vulnerability:read"], - "resources": ["agent:id:011", "agent:group:us-west"], + "actions": [ + "vulnerability:read" + ], + "resources": [ + "agent:id:011", + "agent:group:us-west" + ], "effect": "allow" }, "related_endpoints": [ @@ -690,4 +1145,4 @@ "POST /events" ] } -} +} \ No newline at end of file diff --git a/plugins/main/common/config-equivalences.js b/plugins/main/common/config-equivalences.js index e9c3a01bea..fcfd359454 100644 --- a/plugins/main/common/config-equivalences.js +++ b/plugins/main/common/config-equivalences.js @@ -58,6 +58,8 @@ export const configEquivalences = { 'Define the number of replicas to use for the statistics indices.', 'alerts.sample.prefix': 'Define the index name prefix of sample alerts. It must match the template used by the index pattern to avoid unknown fields in dashboards.', + 'vulnerabilities.pattern': + 'Default index pattern to use for vulnerabilities.', }; export const nameEquivalence = { @@ -94,6 +96,8 @@ export const nameEquivalence = { 'cron.statistics.index.shards': 'Index shards', 'cron.statistics.index.replicas': 'Index replicas', 'alerts.sample.prefix': 'Sample alerts prefix', + 'vulnerabilities.pattern': 'Index pattern', + 'checks.vulnerabilities.pattern': 'Vulnerabilities index pattern', }; const HEALTH_CHECK = 'Health Check'; @@ -101,6 +105,7 @@ const GENERAL = 'General'; const SECURITY = 'Security'; const MONITORING = 'Monitoring'; const STATISTICS = 'Statistics'; +const VULNERABILITIES = 'Vulnerabilities'; const CUSTOMIZATION = 'Logo Customization'; export const categoriesNames = [ HEALTH_CHECK, @@ -108,6 +113,7 @@ export const categoriesNames = [ SECURITY, MONITORING, STATISTICS, + VULNERABILITIES, CUSTOMIZATION, ]; @@ -145,6 +151,8 @@ export const categoriesEquivalence = { 'cron.statistics.index.shards': STATISTICS, 'cron.statistics.index.replicas': STATISTICS, 'alerts.sample.prefix': GENERAL, + 'vulnerabilities.pattern': VULNERABILITIES, + 'checks.vulnerabilities.pattern': HEALTH_CHECK, }; const TEXT = 'text'; @@ -216,4 +224,6 @@ export const formEquivalence = { 'cron.statistics.index.shards': { type: NUMBER }, 'cron.statistics.index.replicas': { type: NUMBER }, 'alerts.sample.prefix': { type: TEXT }, + 'vulnerabilities.pattern': { type: TEXT }, + 'checks.vulnerabilities.pattern': { type: BOOLEAN }, }; diff --git a/plugins/main/common/constants.ts b/plugins/main/common/constants.ts index 26d3e79ae1..4949a30685 100644 --- a/plugins/main/common/constants.ts +++ b/plugins/main/common/constants.ts @@ -48,6 +48,9 @@ export const WAZUH_STATISTICS_DEFAULT_STATUS = true; export const WAZUH_STATISTICS_DEFAULT_FREQUENCY = 900; export const WAZUH_STATISTICS_DEFAULT_CRON_FREQ = '0 */5 * * * *'; +// Wazuh vulnerabilities +export const WAZUH_VULNERABILITIES_PATTERN = 'wazuh-states-vulnerabilities'; + // Job - Wazuh initialize export const WAZUH_PLUGIN_PLATFORM_TEMPLATE_NAME = 'wazuh-kibana'; @@ -402,6 +405,10 @@ export const ELASTIC_NAME = 'elastic'; // Default Wazuh indexer name export const WAZUH_INDEXER_NAME = 'Wazuh indexer'; +// Not timeFieldName on index pattern +export const NOT_TIME_FIELD_NAME_INDEX_PATTERN = + 'not_time_field_name_index_pattern'; + // Customization export const CUSTOMIZATION_ENDPOINT_PAYLOAD_UPLOAD_CUSTOM_FILE_MAXIMUM_BYTES = 1048576; @@ -411,6 +418,7 @@ export enum SettingCategory { HEALTH_CHECK, MONITORING, STATISTICS, + VULNERABILITIES, SECURITY, CUSTOMIZATION, } @@ -563,6 +571,12 @@ export const PLUGIN_SETTINGS_CATEGORIES: { 'Options related to the daemons manager monitoring job and their storage in indexes.', renderOrder: SettingCategory.STATISTICS, }, + [SettingCategory.VULNERABILITIES]: { + title: 'Vulnerabilities', + description: + 'Options related to the agent vulnerabilities monitoring job and its storage in indexes.', + renderOrder: SettingCategory.VULNERABILITIES, + }, [SettingCategory.CUSTOMIZATION]: { title: 'Custom branding', description: @@ -820,6 +834,33 @@ export const PLUGIN_SETTINGS: { [key: string]: TPluginSetting } = { return schema.boolean(); }, }, + 'checks.vulnerabilities.pattern': { + title: 'Vulnerabilities index pattern', + description: + 'Enable or disable the vulnerabilities index pattern health check when opening the app.', + category: SettingCategory.HEALTH_CHECK, + type: EpluginSettingType.switch, + defaultValue: true, + isConfigurableFromFile: true, + isConfigurableFromUI: true, + options: { + switch: { + values: { + disabled: { label: 'false', value: false }, + enabled: { label: 'true', value: true }, + }, + }, + }, + uiFormTransformChangedInputValue: function ( + value: boolean | string, + ): boolean { + return Boolean(value); + }, + validate: SettingsValidator.isBoolean, + validateBackend: function (schema) { + return schema.boolean(); + }, + }, 'cron.prefix': { title: 'Cron prefix', description: 'Define the index prefix of predefined jobs.', @@ -1108,7 +1149,7 @@ export const PLUGIN_SETTINGS: { [key: string]: TPluginSetting } = { }, 'customization.logo.app': { title: 'App main logo', - description: `This logo is used as loading indicator while the user is logging into Wazuh API`, + description: `This logo is used as loading indicator while the user is logging into Wazuh API.`, category: SettingCategory.CUSTOMIZATION, type: EpluginSettingType.filepicker, defaultValue: '', @@ -1720,6 +1761,36 @@ export const PLUGIN_SETTINGS: { [key: string]: TPluginSetting } = { return schema.number({ validate: this.validate.bind(this) }); }, }, + 'vulnerabilities.pattern': { + title: 'Index pattern', + description: 'Default index pattern to use for vulnerabilities.', + category: SettingCategory.VULNERABILITIES, + type: EpluginSettingType.text, + defaultValue: WAZUH_VULNERABILITIES_PATTERN, + isConfigurableFromFile: true, + isConfigurableFromUI: true, + requiresRunningHealthCheck: false, + validate: SettingsValidator.compose( + SettingsValidator.isNotEmptyString, + SettingsValidator.hasNoSpaces, + SettingsValidator.noLiteralString('.', '..'), + SettingsValidator.noStartsWithString('-', '_', '+', '.'), + SettingsValidator.hasNotInvalidCharacters( + '\\', + '/', + '?', + '"', + '<', + '>', + '|', + ',', + '#', + ), + ), + validateBackend: function (schema) { + return schema.string({ minLength: 1, validate: this.validate }); + }, + }, }; export type TPluginSettingKey = keyof typeof PLUGIN_SETTINGS; diff --git a/plugins/main/common/plugin-settings.test.ts b/plugins/main/common/plugin-settings.test.ts index 936650a89d..2ede6f322f 100644 --- a/plugins/main/common/plugin-settings.test.ts +++ b/plugins/main/common/plugin-settings.test.ts @@ -34,6 +34,8 @@ describe('[settings] Input validation', () => { ${'checks.template'} | ${0} | ${'It should be a boolean. Allowed values: true or false.'} ${'checks.timeFilter'} | ${true} | ${undefined} ${'checks.timeFilter'} | ${0} | ${'It should be a boolean. Allowed values: true or false.'} + ${'checks.vulnerabilities.pattern'} | ${true} | ${undefined} + ${'checks.vulnerabilities.pattern'} | ${0} | ${'It should be a boolean. Allowed values: true or false.'} ${'cron.prefix'} | ${'test'} | ${undefined} ${'cron.prefix'} | ${'test space'} | ${'No whitespaces allowed.'} ${'cron.prefix'} | ${''} | ${'Value can not be empty.'} @@ -208,6 +210,22 @@ describe('[settings] Input validation', () => { ${'wazuh.monitoring.shards'} | ${-1} | ${'Value should be greater or equal than 1.'} ${'wazuh.monitoring.shards'} | ${'1.2'} | ${'Number should be an integer.'} ${'wazuh.monitoring.shards'} | ${1.2} | ${'Number should be an integer.'} + ${'vulnerabilities.pattern'} | ${'test'} | ${undefined} + ${'vulnerabilities.pattern'} | ${'test*'} | ${undefined} + ${'vulnerabilities.pattern'} | ${''} | ${'Value can not be empty.'} + ${'vulnerabilities.pattern'} | ${'-test'} | ${"It can't start with: -, _, +, .."} + ${'vulnerabilities.pattern'} | ${'_test'} | ${"It can't start with: -, _, +, .."} + ${'vulnerabilities.pattern'} | ${'+test'} | ${"It can't start with: -, _, +, .."} + ${'vulnerabilities.pattern'} | ${'.test'} | ${"It can't start with: -, _, +, .."} + ${'vulnerabilities.pattern'} | ${'test\\'} | ${'It can\'t contain invalid characters: \\, /, ?, ", <, >, |, ,, #.'} + ${'vulnerabilities.pattern'} | ${'test/'} | ${'It can\'t contain invalid characters: \\, /, ?, ", <, >, |, ,, #.'} + ${'vulnerabilities.pattern'} | ${'test?'} | ${'It can\'t contain invalid characters: \\, /, ?, ", <, >, |, ,, #.'} + ${'vulnerabilities.pattern'} | ${'test"'} | ${'It can\'t contain invalid characters: \\, /, ?, ", <, >, |, ,, #.'} + ${'vulnerabilities.pattern'} | ${'test<'} | ${'It can\'t contain invalid characters: \\, /, ?, ", <, >, |, ,, #.'} + ${'vulnerabilities.pattern'} | ${'test>'} | ${'It can\'t contain invalid characters: \\, /, ?, ", <, >, |, ,, #.'} + ${'vulnerabilities.pattern'} | ${'test|'} | ${'It can\'t contain invalid characters: \\, /, ?, ", <, >, |, ,, #.'} + ${'vulnerabilities.pattern'} | ${'test,'} | ${'It can\'t contain invalid characters: \\, /, ?, ", <, >, |, ,, #.'} + ${'vulnerabilities.pattern'} | ${'test#'} | ${'It can\'t contain invalid characters: \\, /, ?, ", <, >, |, ,, #.'} `( '$setting | $value | $expectedValidation', ({ setting, value, expectedValidation }) => { diff --git a/plugins/main/opensearch_dashboards.json b/plugins/main/opensearch_dashboards.json index 3ffff41bc5..ce02138f9d 100644 --- a/plugins/main/opensearch_dashboards.json +++ b/plugins/main/opensearch_dashboards.json @@ -2,7 +2,9 @@ "id": "wazuh", "version": "4.9.0-00", "opensearchDashboardsVersion": "opensearchDashboards", - "configPath": ["wazuh"], + "configPath": [ + "wazuh" + ], "requiredPlugins": [ "navigation", "data", @@ -19,7 +21,12 @@ "opensearchDashboardsLegacy", "wazuhCheckUpdates" ], - "optionalPlugins": ["security", "securityDashboards", "searchguard", "telemetry"], + "optionalPlugins": [ + "security", + "securityDashboards", + "searchguard", + "telemetry" + ], "server": true, "ui": true -} +} \ No newline at end of file diff --git a/plugins/main/package.json b/plugins/main/package.json index 21f6326f86..81563935b9 100644 --- a/plugins/main/package.json +++ b/plugins/main/package.json @@ -38,7 +38,7 @@ "test:ui:runner": "node ../../scripts/functional_test_runner.js", "test:server": "plugin-helpers test:server", "test:browser": "plugin-helpers test:browser", - "test:jest": "node scripts/jest", + "test:jest": "node scripts/jest --runInBand", "test:jest:runner": "node scripts/runner test", "generate:api-data": "node scripts/generate-api-data.js --spec https://raw.githubusercontent.com/wazuh/wazuh/$(node -e \"console.log(require('./package.json').version)\")/api/api/spec/spec.yaml --output file --output-directory common/api-info --display-configuration", "prebuild": "node scripts/generate-build-version" @@ -83,4 +83,4 @@ "redux-mock-store": "^1.5.4", "swagger-client": "^3.19.11" } -} +} \ No newline at end of file diff --git a/plugins/main/public/components/health-check/components/__snapshots__/check-result.test.tsx.snap b/plugins/main/public/components/health-check/components/__snapshots__/check-result.test.tsx.snap index 1eb1fbc457..8b1d3e8143 100644 --- a/plugins/main/public/components/health-check/components/__snapshots__/check-result.test.tsx.snap +++ b/plugins/main/public/components/health-check/components/__snapshots__/check-result.test.tsx.snap @@ -7,8 +7,10 @@ exports[`Check result component should render a Check result screen 1`] = ` check={true} checksReady={Object {}} cleanErrors={[MockFunction]} + cleanWarnings={[MockFunction]} handleCheckReady={[MockFunction]} handleErrors={[MockFunction]} + handleWarnings={[MockFunction]} isLoading={false} name="test" title="Check Test" diff --git a/plugins/main/public/components/health-check/components/check-result.test.tsx b/plugins/main/public/components/health-check/components/check-result.test.tsx index 1ce0be74ea..b235810c4e 100644 --- a/plugins/main/public/components/health-check/components/check-result.test.tsx +++ b/plugins/main/public/components/health-check/components/check-result.test.tsx @@ -18,13 +18,15 @@ import { act } from 'react-dom/test-utils'; describe('Check result component', () => { const validationService = jest.fn(); + const handleWarnings = jest.fn(); const handleErrors = jest.fn(); const handleCheckReady = jest.fn(); + const cleanWarnings = jest.fn(); const cleanErrors = jest.fn(); const awaitForMyComponent = async (wrapper: any) => { await act(async () => { - await new Promise((resolve) => setTimeout(resolve, 0)); + await new Promise(resolve => setTimeout(resolve, 0)); wrapper.update(); }); }; @@ -38,13 +40,15 @@ describe('Check result component', () => { awaitFor={[]} check={true} validationService={validationService} + handleWarnings={handleWarnings} handleErrors={handleErrors} isLoading={false} handleCheckReady={handleCheckReady} checksReady={{}} + cleanWarnings={cleanWarnings} cleanErrors={cleanErrors} canRetry={true} - /> + />, ); expect(component).toMatchSnapshot(); @@ -59,13 +63,15 @@ describe('Check result component', () => { awaitFor={[]} shouldCheck={true} validationService={validationService} + handleWarnings={handleWarnings} handleErrors={handleErrors} isLoading={false} handleCheckReady={handleCheckReady} checksReady={{}} + cleanWarnings={cleanWarnings} cleanErrors={cleanErrors} canRetry={true} - /> + />, ); await awaitForMyComponent(wrapper); @@ -85,13 +91,15 @@ describe('Check result component', () => { awaitFor={[]} shouldCheck={true} validationService={validationService} + handleWarnings={handleWarnings} handleErrors={handleErrors} isLoading={false} handleCheckReady={handleCheckReady} checksReady={{}} + cleanWarnings={cleanWarnings} cleanErrors={cleanErrors} canRetry={true} - /> + />, ); await awaitForMyComponent(wrapper); @@ -111,13 +119,15 @@ describe('Check result component', () => { awaitFor={[]} shouldCheck={true} validationService={validationService} + handleWarnings={handleWarnings} handleErrors={handleErrors} isLoading={false} handleCheckReady={handleCheckReady} checksReady={{}} + cleanWarnings={cleanWarnings} cleanErrors={cleanErrors} canRetry={false} - /> + />, ); expect(wrapper.find('ResultIcons').exists()).toBeTruthy(); diff --git a/plugins/main/public/components/health-check/components/check-result.tsx b/plugins/main/public/components/health-check/components/check-result.tsx index 814de4eb23..125a8badc1 100644 --- a/plugins/main/public/components/health-check/components/check-result.tsx +++ b/plugins/main/public/components/health-check/components/check-result.tsx @@ -11,7 +11,13 @@ * Find more information about this on the LICENSE file. * */ -import React, { useEffect, useState, useCallback, useMemo, useRef } from 'react'; +import React, { + useEffect, + useState, + useCallback, + useMemo, + useRef, +} from 'react'; import { EuiDescriptionListDescription, EuiDescriptionListTitle, @@ -20,8 +26,14 @@ import { import InspectLogButton from './inspect-logs-button'; import ResultIcons from './result-icons'; - -type Result = 'loading' | 'ready' | 'error' | 'error_retry' | 'disabled' | 'waiting'; +type Result = + | 'loading' + | 'ready' + | 'warning' + | 'error' + | 'error_retry' + | 'disabled' + | 'waiting'; export function CheckResult(props) { const [result, setResult] = useState('waiting'); @@ -32,7 +44,7 @@ export function CheckResult(props) { const verboseInfoWithNotificationWasOpened = useRef(false); useEffect(() => { - if (props.shouldCheck && !props.isLoading && awaitForIsReady()){ + if (props.shouldCheck && !props.isLoading && awaitForIsReady()) { initCheck(); } else if (props.shouldCheck === false && !props.checksReady[props.name]) { setResult('disabled'); @@ -41,18 +53,30 @@ export function CheckResult(props) { }, [props.shouldCheck, props.isLoading, props.checksReady]); useEffect(() => { - if (isCheckFinished){ + if (isCheckFinished) { + const warnings = verboseInfo.filter(log => log.type === 'warning'); const errors = verboseInfo.filter(log => log.type === 'error'); - if(errors.length){ + if (errors.length > 0) { props.canRetry ? setResult('error_retry') : setResult('error'); - props.handleErrors(props.name, errors.map(({message}) => message)); - }else{ - setResult('ready'); - setAsReady(); + props.handleErrors( + props.name, + errors.map(({ message }) => message), + ); + } else { + if (warnings.length > 0) { + props.handleWarnings( + props.name, + warnings.map(({ message }) => message), + ); + setResult('warning'); + setAsReady(); + } else { + setResult('ready'); + setAsReady(); + } } } - }, [isCheckFinished]) - + }, [isCheckFinished]); const setAsReady = () => { props.handleCheckReady(props.name, true); @@ -62,24 +86,36 @@ export function CheckResult(props) { * validate if the current check is not started and if the depending checks are ready */ const awaitForIsReady = () => { - return !isCheckStarted && (props.awaitFor.length === 0 || props.awaitFor.every((check) => { - return props.checksReady[check]; - })) - } + return ( + !isCheckStarted && + (props.awaitFor.length === 0 || + props.awaitFor.every(check => { + return props.checksReady[check]; + })) + ); + }; - const checkLogger = useMemo(() => ({ - _log: (message: string, type: 'info' | 'error' | 'action' ) => { - setVerboseInfo(state => [...state, {message, type}]); - }, - info: (message: string) => checkLogger._log(message, 'info'), - error: (message: string) => checkLogger._log(message, 'error'), - action: (message: string) => checkLogger._log(message, 'action') - }), []); + const checkLogger = useMemo( + () => ({ + _log: ( + message: string, + type: 'info' | 'warning' | 'error' | 'action', + ) => { + setVerboseInfo(state => [...state, { message, type }]); + }, + info: (message: string) => checkLogger._log(message, 'info'), + warning: (message: string) => checkLogger._log(message, 'warning'), + error: (message: string) => checkLogger._log(message, 'error'), + action: (message: string) => checkLogger._log(message, 'action'), + }), + [], + ); const initCheck = async () => { setIsCheckStarted(true); setResult('loading'); setVerboseInfo([]); + props.cleanWarnings(props.name); props.cleanErrors(props.name); setIsCheckFinished(false); try { @@ -90,39 +126,53 @@ export function CheckResult(props) { setIsCheckFinished(true); }; - - const checkDidSomeAction = useMemo(() => verboseInfo.some(log => log.type === 'action'), [verboseInfo]); - const shouldShowNotification = checkDidSomeAction && !verboseInfoWithNotificationWasOpened.current; + const checkDidSomeAction = useMemo( + () => verboseInfo.some(log => log.type === 'action'), + [verboseInfo], + ); + const shouldShowNotification = + checkDidSomeAction && !verboseInfoWithNotificationWasOpened.current; const haveLogs = verboseInfo.length > 0; const switchVerboseDetails = useCallback(() => { - if(checkDidSomeAction && !verboseInfoWithNotificationWasOpened.current){ + if (checkDidSomeAction && !verboseInfoWithNotificationWasOpened.current) { verboseInfoWithNotificationWasOpened.current = true; - }; + } setVerboseIsOpen(state => !state); - },[checkDidSomeAction]); + }, [checkDidSomeAction]); - const showLogButton = (props.showLogButton && isCheckStarted && haveLogs); + const showLogButton = props.showLogButton && isCheckStarted && haveLogs; return ( <> - - {props.title} - + {props.title} -

- {showLogButton ? :<>} -

+

+ + {showLogButton ? ( + + ) : ( + <> + )} + +

{verboseInfo.length > 0 && ( - {verboseInfo.map(log => `${log.type.toUpperCase()}: ${log.message}`).join('\n')} + {verboseInfo + .map(log => `${log.type.toUpperCase()}: ${log.message}`) + .join('\n')} )} diff --git a/plugins/main/public/components/health-check/container/__snapshots__/health-check.container.test.tsx.snap b/plugins/main/public/components/health-check/container/__snapshots__/health-check.container.test.tsx.snap index 0b2dfc191c..9b6a456c8f 100644 --- a/plugins/main/public/components/health-check/container/__snapshots__/health-check.container.test.tsx.snap +++ b/plugins/main/public/components/health-check/container/__snapshots__/health-check.container.test.tsx.snap @@ -22,8 +22,10 @@ exports[`Health Check container should render a Health check screen 1`] = ` canRetry={true} checksReady={Object {}} cleanErrors={[Function]} + cleanWarnings={[Function]} handleCheckReady={[Function]} handleErrors={[Function]} + handleWarnings={[Function]} isLoading={false} key="health_check_check_api" name="api" @@ -40,8 +42,10 @@ exports[`Health Check container should render a Health check screen 1`] = ` } checksReady={Object {}} cleanErrors={[Function]} + cleanWarnings={[Function]} handleCheckReady={[Function]} handleErrors={[Function]} + handleWarnings={[Function]} isLoading={false} key="health_check_check_setup" name="setup" @@ -55,8 +59,10 @@ exports[`Health Check container should render a Health check screen 1`] = ` canRetry={true} checksReady={Object {}} cleanErrors={[Function]} + cleanWarnings={[Function]} handleCheckReady={[Function]} handleErrors={[Function]} + handleWarnings={[Function]} isLoading={false} key="health_check_check_pattern" name="pattern" @@ -70,8 +76,10 @@ exports[`Health Check container should render a Health check screen 1`] = ` canRetry={true} checksReady={Object {}} cleanErrors={[Function]} + cleanWarnings={[Function]} handleCheckReady={[Function]} handleErrors={[Function]} + handleWarnings={[Function]} isLoading={false} key="health_check_check_patternMonitoring" name="patternMonitoring" @@ -85,8 +93,10 @@ exports[`Health Check container should render a Health check screen 1`] = ` canRetry={true} checksReady={Object {}} cleanErrors={[Function]} + cleanWarnings={[Function]} handleCheckReady={[Function]} handleErrors={[Function]} + handleWarnings={[Function]} isLoading={false} key="health_check_check_patternStatistics" name="patternStatistics" @@ -95,6 +105,23 @@ exports[`Health Check container should render a Health check screen 1`] = ` title="Check statistics index pattern" validationService={[Function]} /> + ({ 'checks.pattern': true, 'checks.template': true, 'checks.fields': true, + 'checks.vulnerabilities.pattern': true, }, }), useRootScope: () => ({}), @@ -108,4 +109,15 @@ describe('Health Check container', () => { const callOutError = component.find('EuiCallOut'); expect(callOutError.text()).toBe('[API version] Test error'); }); + + it('should render a Health check screen with warning', () => { + const component = mount(); + + component.find('CheckResult').at(1).invoke('handleWarnings')('setup', [ + 'Test warning', + ]); + + const callOutWarning = component.find('EuiCallOut'); + expect(callOutWarning.text()).toBe('[API version] Test warning'); + }); }); diff --git a/plugins/main/public/components/health-check/container/health-check.container.tsx b/plugins/main/public/components/health-check/container/health-check.container.tsx index 885408f292..29c1252545 100644 --- a/plugins/main/public/components/health-check/container/health-check.container.tsx +++ b/plugins/main/public/components/health-check/container/health-check.container.tsx @@ -33,8 +33,10 @@ import { withErrorBoundary, withReduxProvider } from '../../common/hocs'; import { getCore, getHttp, getWzCurrentAppID } from '../../../kibana-services'; import { HEALTH_CHECK_REDIRECTION_TIME, + NOT_TIME_FIELD_NAME_INDEX_PATTERN, WAZUH_INDEX_TYPE_MONITORING, WAZUH_INDEX_TYPE_STATISTICS, + WAZUH_INDEX_TYPE_VULNERABILITIES, } from '../../../../common/constants'; import { compose } from 'redux'; @@ -88,9 +90,23 @@ const checks = { shouldCheck: true, canRetry: true, }, + 'vulnerabilities.pattern': { + title: 'Check vulnerabilities index pattern', + label: 'Vulnerabilities index pattern', + validator: appConfig => + checkPatternSupportService( + appConfig.data['vulnerabilities.pattern'], + WAZUH_INDEX_TYPE_VULNERABILITIES, + NOT_TIME_FIELD_NAME_INDEX_PATTERN, + ), + awaitFor: [], + shouldCheck: false, + canRetry: true, + }, }; function HealthCheckComponent() { + const [checkWarnings, setCheckWarnings] = useState<{ [key: string]: [] }>({}); const [checkErrors, setCheckErrors] = useState<{ [key: string]: [] }>({}); const [checksReady, setChecksReady] = useState<{ [key: string]: boolean }>( {}, @@ -136,6 +152,18 @@ function HealthCheckComponent() { setIsDebugMode(window.location.href.includes('debug')); }, []); + const handleWarnings = (checkID, warnings, parsed) => { + const newWarnings = parsed + ? warnings.map(warning => + ErrorHandler.handle(warning, 'Health Check', { + warning: true, + silent: true, + }), + ) + : warnings; + setCheckWarnings(prev => ({ ...prev, [checkID]: newWarnings })); + }; + const handleErrors = (checkID, errors, parsed) => { const newErrors = parsed ? errors.map(error => @@ -148,6 +176,11 @@ function HealthCheckComponent() { setCheckErrors(prev => ({ ...prev, [checkID]: newErrors })); }; + const cleanWarnings = (checkID: string) => { + delete checkWarnings[checkID]; + setCheckWarnings({ ...checkWarnings }); + }; + const cleanErrors = (checkID: string) => { delete checkErrors[checkID]; setCheckErrors({ ...checkErrors }); @@ -164,9 +197,10 @@ function HealthCheckComponent() { : getThemeAssetURL('logo.svg'), ); const thereAreErrors = Object.keys(checkErrors).length > 0; + const thereAreWarnings = Object.keys(checkWarnings).length > 0; const renderChecks = () => { - const showLogButton = thereAreErrors || isDebugMode; + const showLogButton = thereAreErrors || thereAreWarnings || isDebugMode; return Object.keys(checks).map((check, index) => { return ( { + return Object.keys(checkWarnings).map(checkID => + checkWarnings[checkID].map((warning, index) => ( + + + {`[${checks[checkID].label}]`}{' '} + + + } + color='warning' + iconType='alert' + style={{ textAlign: 'left' }} + data-test-subj='callOutWarning' + > + + + )), + ); + }; + const renderErrors = () => { return Object.keys(checkErrors).map(checkID => checkErrors[checkID].map((error, index) => ( @@ -268,7 +328,13 @@ function HealthCheckComponent() { {renderErrors()} )} - {(thereAreErrors || isDebugMode) && ( + {thereAreWarnings && ( + <> + + {renderWarnings()} + + )} + {(thereAreErrors || thereAreWarnings || isDebugMode) && ( <> diff --git a/plugins/main/public/components/health-check/services/check-pattern-support.service.ts b/plugins/main/public/components/health-check/services/check-pattern-support.service.ts index 747a811ad4..611f6fd1a2 100644 --- a/plugins/main/public/components/health-check/services/check-pattern-support.service.ts +++ b/plugins/main/public/components/health-check/services/check-pattern-support.service.ts @@ -14,43 +14,67 @@ import { SavedObject } from '../../../react-services'; import { CheckLogger } from '../types/check_logger'; -export const checkPatternSupportService = (pattern: string, indexType : string) => async (checkLogger: CheckLogger) => { - checkLogger.info(`Checking index pattern id [${pattern}] exists...`); - const result = await SavedObject.existsIndexPattern(pattern); - checkLogger.info(`Exist index pattern id [${pattern}]: ${result.data ? 'yes' : 'no'}`); - - if (!result.data) { - checkLogger.info(`Getting indices fields for the index pattern id [${pattern}]...`); - const fields = await SavedObject.getIndicesFields(pattern, indexType); - checkLogger.info(`Fields for index pattern id [${pattern}] found: ${fields.length}`); - - try { - checkLogger.info(`Creating saved object for the index pattern with id [${pattern}]. +export const checkPatternSupportService = + (pattern: string, indexType: string, timeFieldName?: string) => + async (checkLogger: CheckLogger) => { + checkLogger.info(`Checking index pattern id [${pattern}] exists...`); + const result = await SavedObject.existsIndexPattern(pattern); + checkLogger.info( + `Exist index pattern id [${pattern}]: ${result.data ? 'yes' : 'no'}`, + ); + + if (!result.data) { + try { + checkLogger.info( + `Getting indices fields for the index pattern id [${pattern}]...`, + ); + const fields = await SavedObject.getIndicesFields(pattern, indexType); + if (fields) { + checkLogger.info( + `Fields for index pattern id [${pattern}] found: ${fields.length}`, + ); + checkLogger.info(`Creating saved object for the index pattern with id [${pattern}]. title: ${pattern} id: ${pattern} - timeFieldName: timestamp - ${fields ? `fields: ${fields.length}`: ''}`); - await SavedObject.createSavedObject( - 'index-pattern', - pattern, - { - attributes: { - title: pattern, - timeFieldName: 'timestamp' - } - }, - fields - ); - checkLogger.action(`Created the saved object for the index pattern id [${pattern}]`); - } catch (error) { - checkLogger.error(`Error creating index pattern id [${pattern}]: ${error.message || error}`); + timeFieldName: ${timeFieldName} + ${fields ? `fields: ${fields.length}` : ''}`); + await SavedObject.createSavedObject( + 'index-pattern', + pattern, + { + attributes: { + title: pattern, + timeFieldName, + }, + }, + fields, + ); + checkLogger.action( + `Created the saved object for the index pattern id [${pattern}]`, + ); + const indexPatternSavedObjectIDs = [pattern]; + // Check the index pattern saved objects can be found using `GET /api/saved_objects/_find` endpoint. + // Related issue: https://github.com/wazuh/wazuh-dashboard-plugins/issues/4293 + checkLogger.info( + `Checking the integrity of saved objects. Validating ${indexPatternSavedObjectIDs.join( + ',', + )} can be found...`, + ); + await SavedObject.validateIndexPatternSavedObjectCanBeFound( + indexPatternSavedObjectIDs, + ); + checkLogger.info('Integrity of saved objects: [ok]'); + } else { + checkLogger.warning( + `No indices fields found for index pattern id [${pattern}], it is necessary to check the index...`, + ); + } + } catch (error) { + checkLogger.error( + `Error creating index pattern id [${pattern}]: ${ + error.message || error + }`, + ); + } } }; - - const indexPatternSavedObjectIDs = [pattern]; - // Check the index pattern saved objects can be found using `GET /api/saved_objects/_find` endpoint. - // Related issue: https://github.com/wazuh/wazuh-dashboard-plugins/issues/4293 - checkLogger.info(`Checking the integrity of saved objects. Validating ${indexPatternSavedObjectIDs.join(',')} can be found...`); - await SavedObject.validateIndexPatternSavedObjectCanBeFound(indexPatternSavedObjectIDs); - checkLogger.info('Integrity of saved objects: [ok]'); -} diff --git a/plugins/main/public/components/health-check/types/check_logger.ts b/plugins/main/public/components/health-check/types/check_logger.ts index 75220289b4..e14c1893ae 100644 --- a/plugins/main/public/components/health-check/types/check_logger.ts +++ b/plugins/main/public/components/health-check/types/check_logger.ts @@ -1,7 +1,8 @@ export type CheckLog = (message: string) => void; export interface CheckLogger { - info: CheckLog - error: CheckLog - action: CheckLog -}; + info: CheckLog; + warning: CheckLog; + error: CheckLog; + action: CheckLog; +} diff --git a/plugins/main/public/components/health-check/types/result-icons-presets.ts b/plugins/main/public/components/health-check/types/result-icons-presets.ts index 09d457bd62..0151d88614 100644 --- a/plugins/main/public/components/health-check/types/result-icons-presets.ts +++ b/plugins/main/public/components/health-check/types/result-icons-presets.ts @@ -1,49 +1,55 @@ export type ResultIconProps = { - tooltipText?: string - iconColor?: string - iconType?: string - disabled?: boolean - spinner?: boolean - retry?: boolean + tooltipText?: string; + iconColor?: string; + iconType?: string; + disabled?: boolean; + spinner?: boolean; + retry?: boolean; }; export type ResultIconsPreset = { - disabled: ResultIconProps, - loading: ResultIconProps, - ready: ResultIconProps, - error: ResultIconProps, - error_retry: ResultIconProps, - waiting: ResultIconProps + disabled: ResultIconProps; + loading: ResultIconProps; + ready: ResultIconProps; + warning: ResultIconProps; + error: ResultIconProps; + error_retry: ResultIconProps; + waiting: ResultIconProps; }; export const resultsPreset: ResultIconsPreset = { - disabled: { - disabled: true - }, - loading: { - tooltipText: 'Checking...', - spinner: true, - iconType: '' - }, - ready: { - tooltipText: 'Ready', - iconColor: 'secondary', - iconType: 'check' - }, - error: { - tooltipText: 'Error', - iconColor: 'danger', - iconType: 'alert' - }, - error_retry: { - tooltipText: 'Error', - iconColor: 'danger', - iconType: 'alert', - retry: true - }, - waiting: { - tooltipText: 'On hold...', - iconColor: '#999999', - iconType: 'clock' - } -} \ No newline at end of file + disabled: { + disabled: true, + }, + loading: { + tooltipText: 'Checking...', + spinner: true, + iconType: '', + }, + ready: { + tooltipText: 'Ready', + iconColor: 'secondary', + iconType: 'check', + }, + warning: { + tooltipText: 'Warning', + iconColor: 'warning', + iconType: 'alert', + }, + error: { + tooltipText: 'Error', + iconColor: 'danger', + iconType: 'alert', + }, + error_retry: { + tooltipText: 'Error', + iconColor: 'danger', + iconType: 'alert', + retry: true, + }, + waiting: { + tooltipText: 'On hold...', + iconColor: '#999999', + iconType: 'clock', + }, +}; diff --git a/plugins/main/public/components/overview/vulnerabilities/common/constants.ts b/plugins/main/public/components/overview/vulnerabilities/common/constants.ts deleted file mode 100644 index 29536bb7f2..0000000000 --- a/plugins/main/public/components/overview/vulnerabilities/common/constants.ts +++ /dev/null @@ -1 +0,0 @@ -export const VULNERABILITIES_INDEX_PATTERN_ID = 'wazuh-states-vulnerabilities'; \ No newline at end of file diff --git a/plugins/main/public/components/overview/vulnerabilities/dashboards/inventory/inventory.tsx b/plugins/main/public/components/overview/vulnerabilities/dashboards/inventory/inventory.tsx index bdfb21ba0e..4f7cdc1518 100644 --- a/plugins/main/public/components/overview/vulnerabilities/dashboards/inventory/inventory.tsx +++ b/plugins/main/public/components/overview/vulnerabilities/dashboards/inventory/inventory.tsx @@ -1,6 +1,6 @@ import React, { useEffect, useMemo, useState } from 'react'; import { getPlugins } from '../../../../../kibana-services'; -import useSearchBarConfiguration from '../../search_bar/use_search_bar_configuration' +import useSearchBarConfiguration from '../../search_bar/use_search_bar_configuration'; import { IntlProvider } from 'react-intl'; import { EuiDataGrid, @@ -16,7 +16,7 @@ import { EuiTitle, EuiButtonEmpty, EuiCallOut, - EuiSpacer + EuiSpacer, } from '@elastic/eui'; import { IndexPattern } from '../../../../../../../../src/plugins/data/common'; import { SearchResponse } from '../../../../../../../../src/core/server'; @@ -27,31 +27,45 @@ import { useDataGrid } from '../../data_grid/use_data_grid'; import { MAX_ENTRIES_PER_QUERY, inventoryTableDefaultColumns } from './config'; import { useDocViewer } from '../../doc_viewer/use_doc_viewer'; import './inventory.scss'; -import { VULNERABILITIES_INDEX_PATTERN_ID } from '../../common/constants'; import { search, exportSearchToCSV } from './inventory_service'; -import { ErrorHandler, ErrorFactory, HttpError } from '../../../../../react-services/error-management'; +import { + ErrorHandler, + ErrorFactory, + HttpError, +} from '../../../../../react-services/error-management'; import { withErrorBoundary } from '../../../../common/hocs'; import { HitsCounter } from '../../../../../kibana-integrations/discover/application/components/hits_counter/hits_counter'; import { formatNumWithCommas } from '../../../../../kibana-integrations/discover/application/helpers'; +import { useAppConfig } from '../../../../common/hooks'; const InventoryVulsComponent = () => { + const appConfig = useAppConfig(); + const VULNERABILITIES_INDEX_PATTERN_ID = + appConfig.data['vulnerabilities.pattern']; const { searchBarProps } = useSearchBarConfiguration({ defaultIndexPatternID: VULNERABILITIES_INDEX_PATTERN_ID, - }) + }); const { isLoading, filters, query, indexPatterns } = searchBarProps; const SearchBar = getPlugins().data.ui.SearchBar; const [results, setResults] = useState({} as SearchResponse); const [inspectedHit, setInspectedHit] = useState(undefined); - const [indexPattern, setIndexPattern] = useState(undefined); + const [indexPattern, setIndexPattern] = useState( + undefined, + ); const [isSearching, setIsSearching] = useState(false); const [isExporting, setIsExporting] = useState(false); - const onClickInspectDoc = useMemo(() => (index: number) => { - const rowClicked = results.hits.hits[index]; - setInspectedHit(rowClicked); - }, [results]); + const onClickInspectDoc = useMemo( + () => (index: number) => { + const rowClicked = results.hits.hits[index]; + setInspectedHit(rowClicked); + }, + [results], + ); - const DocViewInspectButton = ({ rowIndex }: EuiDataGridCellValueElementProps) => { + const DocViewInspectButton = ({ + rowIndex, + }: EuiDataGridCellValueElementProps) => { const inspectHintMsg = 'Inspect document details'; return ( @@ -69,15 +83,15 @@ const InventoryVulsComponent = () => { defaultColumns: inventoryTableDefaultColumns, results, indexPattern: indexPattern as IndexPattern, - DocViewInspectButton - }) + DocViewInspectButton, + }); const { pagination, sorting, columnVisibility } = dataGridProps; const docViewerProps = useDocViewer({ doc: inspectedHit, indexPattern: indexPattern as IndexPattern, - }) + }); useEffect(() => { if (!isLoading) { @@ -87,19 +101,30 @@ const InventoryVulsComponent = () => { filters, query, pagination, - sorting - }).then((results) => { - setResults(results); - setIsSearching(false); - }).catch((error) => { - const searchError = ErrorFactory.create(HttpError, { error, message: 'Error fetching vulnerabilities' }) - ErrorHandler.handleError(searchError); - setIsSearching(false); + sorting, }) + .then(results => { + setResults(results); + setIsSearching(false); + }) + .catch(error => { + const searchError = ErrorFactory.create(HttpError, { + error, + message: 'Error fetching vulnerabilities', + }); + ErrorHandler.handleError(searchError); + setIsSearching(false); + }); } - }, [JSON.stringify(searchBarProps), JSON.stringify(pagination), JSON.stringify(sorting)]); + }, [ + JSON.stringify(searchBarProps), + JSON.stringify(pagination), + JSON.stringify(sorting), + ]); - const timeField = indexPattern?.timeFieldName ? indexPattern.timeFieldName : undefined; + const timeField = indexPattern?.timeFieldName + ? indexPattern.timeFieldName + : undefined; const onClickExportResults = async () => { const params = { @@ -109,43 +134,48 @@ const InventoryVulsComponent = () => { fields: columnVisibility.visibleColumns, pagination: { pageIndex: 0, - pageSize: results.hits.total + pageSize: results.hits.total, }, - sorting - } + sorting, + }; try { setIsExporting(true); await exportSearchToCSV(params); } catch (error) { - const searchError = ErrorFactory.create(HttpError, { error, message: 'Error downloading csv report' }) + const searchError = ErrorFactory.create(HttpError, { + error, + message: 'Error downloading csv report', + }); ErrorHandler.handleError(searchError); - }finally{ + } finally { setIsExporting(false); } - } + }; return ( - + <> - {isLoading ? - : + {isLoading ? ( + + ) : ( } - {isSearching ? - : null} - {!isLoading && !isSearching && results?.hits?.total === 0 ? - : null} + /> + )} + {isSearching ? : null} + {!isLoading && !isSearching && results?.hits?.total === 0 ? ( + + ) : null} {!isLoading && !isSearching && results?.hits?.total > 0 ? ( { { }} - tooltip={results?.hits?.total && results?.hits?.total > MAX_ENTRIES_PER_QUERY ? { - ariaLabel: 'Warning', - content: `The query results has exceeded the limit of 10,000 hits. To provide a better experience the table only shows the first ${formatNumWithCommas(MAX_ENTRIES_PER_QUERY)} hits.`, - iconType: 'alert', - position: 'top' - } : undefined} + onResetQuery={() => {}} + tooltip={ + results?.hits?.total && + results?.hits?.total > MAX_ENTRIES_PER_QUERY + ? { + ariaLabel: 'Warning', + content: `The query results has exceeded the limit of 10,000 hits. To provide a better experience the table only shows the first ${formatNumWithCommas( + MAX_ENTRIES_PER_QUERY, + )} hits.`, + iconType: 'alert', + position: 'top', + } + : undefined + } /> + className='euiDataGrid__controlBtn' + onClick={onClickExportResults} + > Export Formated - ) + ), }} - />) : null} - {inspectedHit && ( - setInspectedHit(undefined)} size="m"> - - -

Document Details

- - - - - - - - - - - )} - - - + /> + ) : null} + {inspectedHit && ( + setInspectedHit(undefined)} size='m'> + + +

Document Details

+ + + + + + + + + + + )} + + + ); -} +}; -export const InventoryVuls = withErrorBoundary(InventoryVulsComponent); \ No newline at end of file +export const InventoryVuls = withErrorBoundary(InventoryVulsComponent); diff --git a/plugins/main/public/components/overview/vulnerabilities/dashboards/overview/dashboard.tsx b/plugins/main/public/components/overview/vulnerabilities/dashboards/overview/dashboard.tsx index e3810319c5..5328214a06 100644 --- a/plugins/main/public/components/overview/vulnerabilities/dashboards/overview/dashboard.tsx +++ b/plugins/main/public/components/overview/vulnerabilities/dashboards/overview/dashboard.tsx @@ -4,10 +4,10 @@ import { ViewMode } from '../../../../../../../../src/plugins/embeddable/public' import { getDashboardPanels } from './dashboard_panels'; import { I18nProvider } from '@osd/i18n/react'; import useSearchBarConfiguration from '../../search_bar/use_search_bar_configuration'; -import { VULNERABILITIES_INDEX_PATTERN_ID } from '../../common/constants'; import { getDashboardFilters } from './dashboard_panels_filters'; import './vulnerability_detector_filters.scss'; import { getKPIsPanel } from './dashboard_panels_kpis'; +import { useAppConfig } from '../../../../common/hooks'; const plugins = getPlugins(); const SearchBar = getPlugins().data.ui.SearchBar; @@ -19,6 +19,10 @@ a wrapper for visual adjustments, while the Kpi, the Open vs Close visualization the rest of the visualizations have different configurations at the dashboard level. */ export const DashboardVuls: React.FC = () => { + const appConfig = useAppConfig(); + const VULNERABILITIES_INDEX_PATTERN_ID = + appConfig.data['vulnerabilities.pattern']; + const { searchBarProps } = useSearchBarConfiguration({ defaultIndexPatternID: VULNERABILITIES_INDEX_PATTERN_ID, filters: [], @@ -28,18 +32,18 @@ export const DashboardVuls: React.FC = () => { <> -
+
{ { { return { @@ -296,7 +295,9 @@ const getVisStateTopVulnerabilitiesEndpoints = (indexPatternId: string) => { }; }; -const getVisStateAccumulationMostDetectedVulnerabilities = (indexPatternId: string) => { +const getVisStateAccumulationMostDetectedVulnerabilities = ( + indexPatternId: string, +) => { return { id: 'accumulation_most_vulnerable_vulnerabilities', title: 'Accumulation of the most detected vulnerabilities', @@ -615,8 +616,12 @@ const getVisStateInventoryTable = (indexPatternId: string) => { }; }; -export const getDashboardPanels = (): { - [panelId: string]: DashboardPanelState; +export const getDashboardPanels = ( + indexPatternId: string, +): { + [panelId: string]: DashboardPanelState< + EmbeddableInput & { [k: string]: unknown } + >; } => { return { '6': { @@ -630,7 +635,7 @@ export const getDashboardPanels = (): { type: 'visualization', explicitInput: { id: '6', - savedVis: getVisStateTopVulnerabilities(VULNERABILITIES_INDEX_PATTERN_ID), + savedVis: getVisStateTopVulnerabilities(indexPatternId), }, }, '7': { @@ -644,7 +649,7 @@ export const getDashboardPanels = (): { type: 'visualization', explicitInput: { id: '7', - savedVis: getVisStateTopVulnerabilitiesEndpoints(VULNERABILITIES_INDEX_PATTERN_ID), + savedVis: getVisStateTopVulnerabilitiesEndpoints(indexPatternId), }, }, '8': { @@ -658,9 +663,8 @@ export const getDashboardPanels = (): { type: 'visualization', explicitInput: { id: '8', - savedVis: getVisStateAccumulationMostDetectedVulnerabilities( - VULNERABILITIES_INDEX_PATTERN_ID - ), + savedVis: + getVisStateAccumulationMostDetectedVulnerabilities(indexPatternId), }, }, '9': { @@ -674,7 +678,7 @@ export const getDashboardPanels = (): { type: 'visualization', explicitInput: { id: '9', - savedVis: getVisStateInventoryTable(VULNERABILITIES_INDEX_PATTERN_ID), + savedVis: getVisStateInventoryTable(indexPatternId), }, }, }; diff --git a/plugins/main/public/components/overview/vulnerabilities/dashboards/overview/dashboard_panels_filters.ts b/plugins/main/public/components/overview/vulnerabilities/dashboards/overview/dashboard_panels_filters.ts index 8e25e649f5..387d5d8f4f 100644 --- a/plugins/main/public/components/overview/vulnerabilities/dashboards/overview/dashboard_panels_filters.ts +++ b/plugins/main/public/components/overview/vulnerabilities/dashboards/overview/dashboard_panels_filters.ts @@ -1,6 +1,5 @@ import { DashboardPanelState } from '../../../../../../../../src/plugins/dashboard/public/application'; import { EmbeddableInput } from '../../../../../../../../src/plugins/embeddable/public'; -import { VULNERABILITIES_INDEX_PATTERN_ID } from '../../common/constants'; const getVisStateFilter = ( id: string, @@ -69,7 +68,9 @@ const getVisStateFilter = ( }; }; -export const getDashboardFilters = (): { +export const getDashboardFilters = ( + indexPatternId: string, +): { [panelId: string]: DashboardPanelState< EmbeddableInput & { [k: string]: unknown } >; @@ -88,7 +89,7 @@ export const getDashboardFilters = (): { id: 'topPackageSelector', savedVis: getVisStateFilter( 'topPackageSelector', - VULNERABILITIES_INDEX_PATTERN_ID, + indexPatternId, 'Top Packages vulnerabilities', 'Package', 'package.name', @@ -108,7 +109,7 @@ export const getDashboardFilters = (): { id: 'topOSVulnerabilities', savedVis: getVisStateFilter( 'topOSVulnerabilities', - VULNERABILITIES_INDEX_PATTERN_ID, + indexPatternId, 'Top Operating system vulnerabilities', 'Operating system', 'host.os.name', @@ -128,7 +129,7 @@ export const getDashboardFilters = (): { id: 'topAgentVulnerabilities', savedVis: getVisStateFilter( 'topAgentVulnerabilities', - VULNERABILITIES_INDEX_PATTERN_ID, + indexPatternId, 'Agent filter', 'Agent', 'agent.id', @@ -148,7 +149,7 @@ export const getDashboardFilters = (): { id: 'topVulnerabilities', savedVis: getVisStateFilter( 'topVulnerabilities', - VULNERABILITIES_INDEX_PATTERN_ID, + indexPatternId, 'Top vulnerabilities', 'Vulnerability', 'vulnerability.id', diff --git a/plugins/main/public/components/overview/vulnerabilities/dashboards/overview/dashboard_panels_kpis.ts b/plugins/main/public/components/overview/vulnerabilities/dashboards/overview/dashboard_panels_kpis.ts index d7950c46bd..e86749e9ec 100644 --- a/plugins/main/public/components/overview/vulnerabilities/dashboards/overview/dashboard_panels_kpis.ts +++ b/plugins/main/public/components/overview/vulnerabilities/dashboards/overview/dashboard_panels_kpis.ts @@ -1,6 +1,5 @@ import { DashboardPanelState } from '../../../../../../../../src/plugins/dashboard/public/application'; import { EmbeddableInput } from '../../../../../../../../src/plugins/embeddable/public'; -import { VULNERABILITIES_INDEX_PATTERN_ID } from '../../common/constants'; const getVisStateSeverityCritical = (indexPatternId: string) => { return { @@ -349,7 +348,9 @@ const getVisStateSeverityLow = (indexPatternId: string) => { }; }; -export const getKPIsPanel = (): { +export const getKPIsPanel = ( + indexPatternId: string, +): { [panelId: string]: DashboardPanelState< EmbeddableInput & { [k: string]: unknown } >; @@ -366,7 +367,7 @@ export const getKPIsPanel = (): { type: 'visualization', explicitInput: { id: '1', - savedVis: getVisStateSeverityCritical(VULNERABILITIES_INDEX_PATTERN_ID), + savedVis: getVisStateSeverityCritical(indexPatternId), }, }, '2': { @@ -380,7 +381,7 @@ export const getKPIsPanel = (): { type: 'visualization', explicitInput: { id: '2', - savedVis: getVisStateSeverityHigh(VULNERABILITIES_INDEX_PATTERN_ID), + savedVis: getVisStateSeverityHigh(indexPatternId), }, }, '3': { @@ -394,7 +395,7 @@ export const getKPIsPanel = (): { type: 'visualization', explicitInput: { id: '3', - savedVis: getVisStateSeverityMedium(VULNERABILITIES_INDEX_PATTERN_ID), + savedVis: getVisStateSeverityMedium(indexPatternId), }, }, '4': { @@ -408,7 +409,7 @@ export const getKPIsPanel = (): { type: 'visualization', explicitInput: { id: '4', - savedVis: getVisStateSeverityLow(VULNERABILITIES_INDEX_PATTERN_ID), + savedVis: getVisStateSeverityLow(indexPatternId), }, }, }; diff --git a/plugins/main/public/components/overview/vulnerabilities/search_bar/use_search_bar_configuration.tsx b/plugins/main/public/components/overview/vulnerabilities/search_bar/use_search_bar_configuration.tsx index 335f17be53..377f24930c 100644 --- a/plugins/main/public/components/overview/vulnerabilities/search_bar/use_search_bar_configuration.tsx +++ b/plugins/main/public/components/overview/vulnerabilities/search_bar/use_search_bar_configuration.tsx @@ -12,15 +12,21 @@ import { } from '../../../../../../../src/plugins/data/public'; import { getDataPlugin } from '../../../../kibana-services'; -import { useFilterManager, useQueryManager, useTimeFilter } from '../../../common/hooks'; +import { + useFilterManager, + useQueryManager, + useTimeFilter, +} from '../../../common/hooks'; import { AUTHORIZED_AGENTS } from '../../../../../common/constants'; -import { VULNERABILITIES_INDEX_PATTERN_ID } from '../common/constants'; // Input - types type tUseSearchBarCustomInputs = { - defaultIndexPatternID?: IIndexPattern['id']; + defaultIndexPatternID: IIndexPattern['id']; onFiltersUpdated?: (filters: Filter[]) => void; - onQuerySubmitted?: (payload: { dateRange: TimeRange; query?: Query }, isUpdate?: boolean) => void; + onQuerySubmitted?: ( + payload: { dateRange: TimeRange; query?: Query }, + isUpdate?: boolean, + ) => void; }; type tUseSearchBarProps = Partial & tUseSearchBarCustomInputs; @@ -34,24 +40,31 @@ type tUserSearchBarResponse = { * @param props * @returns */ -const useSearchBarConfiguration = (props?: tUseSearchBarProps): tUserSearchBarResponse => { +const useSearchBarConfiguration = ( + props?: tUseSearchBarProps, +): tUserSearchBarResponse => { // dependencies const filterManager = useFilterManager().filterManager as FilterManager; const { filters } = useFilterManager(); - const [query, setQuery] = props?.query ? useState(props?.query) : useQueryManager(); + const [query, setQuery] = props?.query + ? useState(props?.query) + : useQueryManager(); const { timeFilter, timeHistory, setTimeFilter } = useTimeFilter(); // states const [isLoading, setIsLoading] = useState(false); - const [indexPatternSelected, setIndexPatternSelected] = useState(); + const [indexPatternSelected, setIndexPatternSelected] = + useState(); useEffect(() => { initSearchBar(); }, []); useEffect(() => { - const defaultIndex = props?.defaultIndexPatternID ?? VULNERABILITIES_INDEX_PATTERN_ID; + const defaultIndex = props?.defaultIndexPatternID; /* Filters that do not belong to the default index are filtered */ - const cleanedFilters = filters.filter((filter) => filter.meta.index === defaultIndex); + const cleanedFilters = filters.filter( + filter => filter.meta.index === defaultIndex, + ); if (cleanedFilters.length !== filters.length) { filterManager.setFilters(cleanedFilters); } @@ -75,7 +88,8 @@ const useSearchBarConfiguration = (props?: tUseSearchBarProps): tUserSearchBarRe * @returns */ const getIndexPattern = async (indexPatternID?: string) => { - const indexPatternService = getDataPlugin().indexPatterns as IndexPatternsContract; + const indexPatternService = getDataPlugin() + .indexPatterns as IndexPatternsContract; if (indexPatternID) { try { return await indexPatternService.get(indexPatternID); @@ -96,7 +110,8 @@ const useSearchBarConfiguration = (props?: tUseSearchBarProps): tUserSearchBarRe * @returns */ const getInitialFilters = async (indexPattern: IIndexPattern) => { - const indexPatternService = getDataPlugin().indexPatterns as IndexPatternsContract; + const indexPatternService = getDataPlugin() + .indexPatterns as IndexPatternsContract; let initialFilters: Filter[] = []; if (props?.filters) { return props?.filters; @@ -105,8 +120,12 @@ const useSearchBarConfiguration = (props?: tUseSearchBarProps): tUserSearchBarRe // get filtermanager and filters // if the index is the same, get filters stored // else clear filters - const defaultIndexPattern = (await indexPatternService.getDefault()) as IIndexPattern; - initialFilters = defaultIndexPattern.id === indexPattern.id ? filterManager.getFilters() : []; + const defaultIndexPattern = + (await indexPatternService.getDefault()) as IIndexPattern; + initialFilters = + defaultIndexPattern.id === indexPattern.id + ? filterManager.getFilters() + : []; } else { initialFilters = []; } @@ -120,7 +139,9 @@ const useSearchBarConfiguration = (props?: tUseSearchBarProps): tUserSearchBarRe */ const getFilters = () => { const filters = filterManager ? filterManager.getFilters() : []; - return filters.filter((filter) => filter.meta.controlledBy !== AUTHORIZED_AGENTS); // remove auto loaded agent.id filters + return filters.filter( + filter => filter.meta.controlledBy !== AUTHORIZED_AGENTS, + ); // remove auto loaded agent.id filters }; /** @@ -141,7 +162,7 @@ const useSearchBarConfiguration = (props?: tUseSearchBarProps): tUserSearchBarRe }, onQuerySubmit: ( payload: { dateRange: TimeRange; query?: Query }, - _isUpdate?: boolean + _isUpdate?: boolean, ): void => { const { dateRange, query } = payload; // its necessary execute setter to apply query filters diff --git a/plugins/main/public/components/visualize/agent-visualizations.js b/plugins/main/public/components/visualize/agent-visualizations.js index ce0e677efb..0955cf27ec 100644 --- a/plugins/main/public/components/visualize/agent-visualizations.js +++ b/plugins/main/public/components/visualize/agent-visualizations.js @@ -17,7 +17,7 @@ export const agentVisualizations = { height: 400, vis: [ { - title: 'Alert groups evolution', + title: 'Top 10 Alert groups evolution', id: 'Wazuh-App-Agents-General-Alert-groups-evolution', width: 50, }, diff --git a/plugins/main/public/components/visualize/visualizations.js b/plugins/main/public/components/visualize/visualizations.js index 63879c1a64..e5b4291f79 100644 --- a/plugins/main/public/components/visualize/visualizations.js +++ b/plugins/main/public/components/visualize/visualizations.js @@ -17,12 +17,12 @@ export const visualizations = { height: 360, vis: [ { - title: 'Alert level evolution', + title: 'Top 10 Alert level evolution', id: 'Wazuh-App-Overview-General-Alert-level-evolution', width: 60, }, { - title: 'Top MITRE ATT&CKS', + title: 'Top 10 MITRE ATT&CKS', id: 'Wazuh-App-Overview-General-Alerts-Top-Mitre', width: 40, }, @@ -249,7 +249,7 @@ export const visualizations = { height: 400, vis: [ { - title: 'PCI DSS requirements', + title: 'Top 10 PCI DSS requirements', id: 'Wazuh-App-Overview-PCI-DSS-requirements', width: 50, }, @@ -346,7 +346,7 @@ export const visualizations = { width: 20, }, { - title: 'Top requirements over time', + title: 'Top 10 requirements over time', id: 'Wazuh-App-Overview-NIST-Requirements-over-time', width: 50, }, diff --git a/plugins/main/public/components/visualize/wz-visualize.js b/plugins/main/public/components/visualize/wz-visualize.js index 80e1e427c9..f15baad0eb 100644 --- a/plugins/main/public/components/visualize/wz-visualize.js +++ b/plugins/main/public/components/visualize/wz-visualize.js @@ -30,7 +30,7 @@ import { VisHandlers } from '../../factories/vis-handlers'; import { RawVisualizations } from '../../factories/raw-visualizations'; import { Metrics } from '../overview/metrics/metrics'; import { PatternHandler } from '../../react-services/pattern-handler'; -import { getToasts } from '../../kibana-services'; +import { getToasts, getPlugins } from '../../kibana-services'; import { SampleDataWarning, SecurityAlerts } from './components'; import { toMountPoint } from '../../../../../src/plugins/opensearch_dashboards_react/public'; import { withReduxProvider, withErrorBoundary } from '../common/hocs'; @@ -57,6 +57,12 @@ export const WzVisualize = compose( refreshingKnownFields: [], refreshingIndex: true, }; + // Reset the visualizations mapped colors when the type of Dashboard is changed. + // This is a workaround until the issue reported in Opensearch Dashboards is fixed. + // https://github.com/opensearch-project/OpenSearch-Dashboards/issues/5422 + // This should be reomved when the issue is fixed. Probably in OSD 2.12.0 + getPlugins().charts.colors.mappedColors.purge(); + this.hasRefreshedKnownFields = false; this.isRefreshing = false; this.metricValues = false; diff --git a/plugins/main/public/plugin.ts b/plugins/main/public/plugin.ts index 7cf6cfceb6..ab5ea70129 100644 --- a/plugins/main/public/plugin.ts +++ b/plugins/main/public/plugin.ts @@ -44,6 +44,7 @@ import { } from './services/request-handler'; import { Applications, Categories } from './utils/applications'; import { syncHistoryLocations } from './kibana-integrations/discover/kibana_services'; +import { euiPaletteColorBlind } from '@elastic/eui'; const innerAngularName = 'app/wazuh'; @@ -64,6 +65,56 @@ export class WazuhPlugin console.error('plugin.ts: Error getting logos configuration', error); } + // Redefine the mapKeys method to change the properties sent to euiPaletteColorBlind. + // This is a workaround until the issue reported in Opensearch Dashboards is fixed. + // https://github.com/opensearch-project/OpenSearch-Dashboards/issues/5422 + // This should be reomved when the issue is fixed. Probably in OSD 2.12.0 + plugins.charts.colors.mappedColors.mapKeys = function ( + keys: Array, + ) { + const configMapping = this.getConfigColorMapping(); + const configColors = _.values(configMapping); + const oldColors = _.values(this._oldMap); + + let alreadyUsedColors: string[] = []; + const keysToMap: Array = []; + _.each(keys, key => { + // If this key is mapped in the config, it's unnecessary to have it mapped here + if (configMapping[key as any]) { + delete this._mapping[key]; + alreadyUsedColors.push(configMapping[key]); + } + + // If this key is mapped to a color used by the config color mapping, we need to remap it + if (_.includes(configColors, this._mapping[key])) keysToMap.push(key); + + // if key exist in oldMap, move it to mapping + if (this._oldMap[key]) { + this._mapping[key] = this._oldMap[key]; + alreadyUsedColors.push(this._mapping[key]); + } + + // If this key isn't mapped, we need to map it + if (this.get(key) == null) keysToMap.push(key); + }); + + alreadyUsedColors.push(...Object.values(this._mapping)); + alreadyUsedColors = alreadyUsedColors.map(color => + color.toLocaleLowerCase(), + ); + // Choose colors from euiPaletteColorBlind and filter out any already assigned to keys + const colorPalette = euiPaletteColorBlind({ + rotations: Math.ceil( + (keysToMap.length + alreadyUsedColors.length) / 10, + ), + direction: core.uiSettings.get('theme:darkMode') ? 'darker' : 'lighter', + }) + .filter(color => !alreadyUsedColors.includes(color.toLowerCase())) + .slice(0, keysToMap.length); + + _.merge(this._mapping, _.zipObject(keysToMap, colorPalette)); + }; + // Register the applications Applications.forEach(app => { const { category, id, title, redirectTo, order } = app; diff --git a/plugins/main/public/react-services/saved-objects.js b/plugins/main/public/react-services/saved-objects.js index 992fe96efa..f66fc25321 100644 --- a/plugins/main/public/react-services/saved-objects.js +++ b/plugins/main/public/react-services/saved-objects.js @@ -16,6 +16,7 @@ import { FieldsStatistics } from '../utils/statistics-fields'; import { FieldsMonitoring } from '../utils/monitoring-fields'; import { HEALTH_CHECK, + NOT_TIME_FIELD_NAME_INDEX_PATTERN, PLUGIN_PLATFORM_NAME, WAZUH_INDEX_TYPE_ALERTS, WAZUH_INDEX_TYPE_MONITORING, @@ -32,11 +33,16 @@ export class SavedObject { static async getListOfIndexPatterns() { const savedObjects = await GenericRequest.request( 'GET', - `/api/saved_objects/_find?type=index-pattern&fields=title&fields=fields&per_page=9999` - ); + `/api/saved_objects/_find?type=index-pattern&fields=title&fields=fields&per_page=9999`, + ); const indexPatterns = ((savedObjects || {}).data || {}).saved_objects || []; - return indexPatterns.map((indexPattern) => ({...indexPattern, _fields: indexPattern?.attributes?.fields ? JSON.parse(indexPattern.attributes.fields) : []})); + return indexPatterns.map(indexPattern => ({ + ...indexPattern, + _fields: indexPattern?.attributes?.fields + ? JSON.parse(indexPattern.attributes.fields) + : [], + })); } /** @@ -49,8 +55,8 @@ export class SavedObject { if (where === HEALTH_CHECK) { const list = await Promise.all( defaultIndexPatterns.map( - async (pattern) => await SavedObject.getExistingIndexPattern(pattern) - ) + async pattern => await SavedObject.getExistingIndexPattern(pattern), + ), ); result = this.validateIndexPatterns(list); } @@ -60,7 +66,7 @@ export class SavedObject { result = this.validateIndexPatterns(list); } - return result.map((item) => { + return result.map(item => { return { id: item.id, title: item.attributes.title }; }); } @@ -72,13 +78,23 @@ export class SavedObject { 'manager.name', 'agent.id', ]; - return list.filter(item => item && item._fields && requiredFields.every((reqField => item._fields.some(field => field.name === reqField)))); + return list.filter( + item => + item && + item._fields && + requiredFields.every(reqField => + item._fields.some(field => field.name === reqField), + ), + ); } static async existsOrCreateIndexPattern(patternID) { const result = await SavedObject.existsIndexPattern(patternID); if (!result.data) { - const fields = await SavedObject.getIndicesFields(patternID, WAZUH_INDEX_TYPE_ALERTS); + const fields = await SavedObject.getIndicesFields( + patternID, + WAZUH_INDEX_TYPE_ALERTS, + ); await this.createSavedObject( 'index-pattern', patternID, @@ -88,7 +104,7 @@ export class SavedObject { timeFieldName: 'timestamp', }, }, - fields + fields, ); } } @@ -101,10 +117,11 @@ export class SavedObject { try { const indexPatternData = await GenericRequest.request( 'GET', - `/api/saved_objects/index-pattern/${patternID}?fields=title&fields=fields` + `/api/saved_objects/index-pattern/${patternID}?fields=title&fields=fields`, ); - const title = (((indexPatternData || {}).data || {}).attributes || {}).title; + const title = (((indexPatternData || {}).data || {}).attributes || {}) + .title; const id = ((indexPatternData || {}).data || {}).id; if (title) { @@ -133,16 +150,20 @@ export class SavedObject { 'GET', `/api/saved_objects/index-pattern/${patternID}?fields=title&fields=fields`, null, - true + true, ); - const indexPatternFields = indexPatternData?.data?.attributes?.fields ? JSON.parse(indexPatternData.data.attributes.fields) : []; + const indexPatternFields = indexPatternData?.data?.attributes?.fields + ? JSON.parse(indexPatternData.data.attributes.fields) + : []; return { ...indexPatternData.data, ...{ _fields: indexPatternFields } }; } catch (error) { if (error && error.response && error.response.status == 404) return false; return Promise.reject( ((error || {}).data || {}).message || false ? new Error(error.data.message) - : new Error(error.message || `Error getting the '${patternID}' index pattern`) + : new Error( + error.message || `Error getting the '${patternID}' index pattern`, + ), ); } } @@ -152,20 +173,42 @@ export class SavedObject { const result = await GenericRequest.request( 'POST', `/api/saved_objects/${type}/${id}`, - params + { + ...params, + attributes: { + ...params?.attributes, + timeFieldName: + params?.attributes?.timeFieldName !== + NOT_TIME_FIELD_NAME_INDEX_PATTERN + ? params?.attributes?.timeFieldName + : undefined, + }, + }, ); if (type === 'index-pattern') { - await this.refreshFieldsOfIndexPattern(id, params.attributes.title, fields); + await this.refreshFieldsOfIndexPattern( + id, + params.attributes.title, + fields, + params?.attributes?.timeFieldName, + ); } return result; } catch (error) { - throw ((error || {}).data || {}).message || false ? new Error(error.data.message) : error; + throw ((error || {}).data || {}).message || false + ? new Error(error.data.message) + : error; } } - static async refreshFieldsOfIndexPattern(id, title, fields) { + static async refreshFieldsOfIndexPattern( + id, + title, + fields, + timeFieldName = 'timestamp', + ) { try { // same logic as plugin platform when a new index is created, you need to refresh it to see its fields // we force the refresh of the index by requesting its fields and the assign these fields @@ -175,13 +218,18 @@ export class SavedObject { { attributes: { fields: JSON.stringify(fields), - timeFieldName: 'timestamp', - title: title + timeFieldName: + timeFieldName !== NOT_TIME_FIELD_NAME_INDEX_PATTERN + ? timeFieldName + : undefined, + title: title, }, - } + }, ); } catch (error) { - throw ((error || {}).data || {}).message || false ? new Error(error.data.message) : error; + throw ((error || {}).data || {}).message || false + ? new Error(error.data.message) + : error; } } @@ -191,11 +239,15 @@ export class SavedObject { */ static async refreshIndexPattern(pattern, newFields = null) { try { - const fields = await SavedObject.getIndicesFields(pattern.title, WAZUH_INDEX_TYPE_ALERTS); + const fields = await SavedObject.getIndicesFields( + pattern.title, + WAZUH_INDEX_TYPE_ALERTS, + ); if (newFields && typeof newFields == 'object') - Object.keys(newFields).forEach((fieldName) => { - if (this.isValidField(newFields[fieldName])) fields.push(newFields[fieldName]); + Object.keys(newFields).forEach(fieldName => { + if (this.isValidField(newFields[fieldName])) + fields.push(newFields[fieldName]); }); await this.refreshFieldsOfIndexPattern(pattern.id, pattern.title, fields); @@ -231,7 +283,10 @@ export class SavedObject { */ static async createWazuhIndexPattern(pattern) { try { - const fields = await SavedObject.getIndicesFields(pattern, WAZUH_INDEX_TYPE_ALERTS); + const fields = await SavedObject.getIndicesFields( + pattern, + WAZUH_INDEX_TYPE_ALERTS, + ); await this.createSavedObject( 'index-pattern', pattern, @@ -248,7 +303,7 @@ export class SavedObject { sourceFilters: '[{"value":"@timestamp"}]', }, }, - fields + fields, ); return; } catch (error) { @@ -264,7 +319,7 @@ export class SavedObject { //we check if indices exist before creating the index pattern 'GET', `/api/index_patterns/_fields_for_wildcard?pattern=${pattern}&meta_fields=_source&meta_fields=_id&meta_fields=_type&meta_fields=_index&meta_fields=_score`, - {} + {}, ); return response.data.fields; } catch { @@ -284,18 +339,24 @@ export class SavedObject { * It is usefull to validate if the endpoint works as expected. Related issue: https://github.com/wazuh/wazuh-dashboard-plugins/issues/4293 * @param {string[]} indexPatternIDs */ - static async validateIndexPatternSavedObjectCanBeFound(indexPatternIDs){ + static async validateIndexPatternSavedObjectCanBeFound(indexPatternIDs) { const indexPatternsSavedObjects = await getSavedObjects().client.find({ type: 'index-pattern', fields: ['title'], - perPage: 10000 + perPage: 10000, }); - const indexPatternsSavedObjectsCanBeFound = indexPatternIDs - .every(indexPatternID => indexPatternsSavedObjects.savedObjects.some(savedObject => savedObject.id === indexPatternID)); + const indexPatternsSavedObjectsCanBeFound = indexPatternIDs.every( + indexPatternID => + indexPatternsSavedObjects.savedObjects.some( + savedObject => savedObject.id === indexPatternID, + ), + ); if (!indexPatternsSavedObjectsCanBeFound) { throw new Error(`Saved object for index pattern not found. -Restart the ${PLUGIN_PLATFORM_NAME} service to initialize the index. More information in troubleshooting.` -)}; +Restart the ${PLUGIN_PLATFORM_NAME} service to initialize the index. More information in troubleshooting guide: ${webDocumentationLink( + 'user-manual/wazuh-dashboard/troubleshooting.html#saved-object-for-index-pattern-not-found', + )}.`); + } } } diff --git a/plugins/main/server/integration-files/visualizations/agents/agents-docker.ts b/plugins/main/server/integration-files/visualizations/agents/agents-docker.ts index 9e009c5fbd..78169a574b 100644 --- a/plugins/main/server/integration-files/visualizations/agents/agents-docker.ts +++ b/plugins/main/server/integration-files/visualizations/agents/agents-docker.ts @@ -24,10 +24,21 @@ export default [ addLegend: true, legendPosition: 'right', isDonut: true, - labels: { show: false, values: true, last_level: true, truncate: 100 }, + labels: { + show: false, + values: true, + last_level: true, + truncate: 100, + }, }, aggs: [ - { id: '1', enabled: true, type: 'count', schema: 'metric', params: {} }, + { + id: '1', + enabled: true, + type: 'count', + schema: 'metric', + params: {}, + }, { id: '2', enabled: true, @@ -72,10 +83,21 @@ export default [ addLegend: true, legendPosition: 'right', isDonut: true, - labels: { show: false, values: true, last_level: true, truncate: 100 }, + labels: { + show: false, + values: true, + last_level: true, + truncate: 100, + }, }, aggs: [ - { id: '1', enabled: true, type: 'count', schema: 'metric', params: {} }, + { + id: '1', + enabled: true, + type: 'count', + schema: 'metric', + params: {}, + }, { id: '2', enabled: true, @@ -124,7 +146,13 @@ export default [ totalFunc: 'sum', }, aggs: [ - { id: '1', enabled: true, type: 'count', schema: 'metric', params: {} }, + { + id: '1', + enabled: true, + type: 'count', + schema: 'metric', + params: {}, + }, { id: '2', enabled: true, @@ -202,7 +230,11 @@ export default [ type: 'histogram', params: { type: 'histogram', - grid: { categoryLines: true, style: { color: '#eee' }, valueAxis: 'ValueAxis-1' }, + grid: { + categoryLines: true, + style: { color: '#eee' }, + valueAxis: 'ValueAxis-1', + }, categoryAxes: [ { id: 'CategoryAxis-1', @@ -246,23 +278,12 @@ export default [ addTimeMarker: false, }, aggs: [ - { id: '1', enabled: true, type: 'count', schema: 'metric', params: {} }, { - id: '2', + id: '1', enabled: true, - type: 'date_histogram', - schema: 'segment', - params: { - field: 'timestamp', - timeRange: { from: 'now-1h', to: 'now', mode: 'quick' }, - useNormalizedEsInterval: true, - interval: 'auto', - time_zone: 'Europe/Berlin', - drop_partials: false, - customInterval: '2h', - min_doc_count: 1, - extended_bounds: {}, - }, + type: 'count', + schema: 'metric', + params: {}, }, { id: '3', @@ -280,6 +301,23 @@ export default [ missingBucketLabel: 'Missing', }, }, + { + id: '2', + enabled: true, + type: 'date_histogram', + schema: 'segment', + params: { + field: 'timestamp', + timeRange: { from: 'now-1h', to: 'now', mode: 'quick' }, + useNormalizedEsInterval: true, + interval: 'auto', + time_zone: 'Europe/Berlin', + drop_partials: false, + customInterval: '2h', + min_doc_count: 1, + extended_bounds: {}, + }, + }, ], }), uiStateJSON: '{}', @@ -304,7 +342,11 @@ export default [ type: 'area', params: { type: 'area', - grid: { categoryLines: true, style: { color: '#eee' }, valueAxis: 'ValueAxis-1' }, + grid: { + categoryLines: true, + style: { color: '#eee' }, + valueAxis: 'ValueAxis-1', + }, categoryAxes: [ { id: 'CategoryAxis-1', @@ -356,6 +398,23 @@ export default [ schema: 'metric', params: { customLabel: 'Events' }, }, + { + id: '3', + enabled: true, + type: 'terms', + schema: 'group', + params: { + field: 'data.docker.Action', + size: 10, + order: 'desc', + orderBy: '1', + otherBucket: false, + otherBucketLabel: 'Other', + missingBucket: false, + missingBucketLabel: 'Missing', + customLabel: 'Action', + }, + }, { id: '2', enabled: true, @@ -374,23 +433,6 @@ export default [ customLabel: '', }, }, - { - id: '3', - enabled: true, - type: 'terms', - schema: 'group', - params: { - field: 'data.docker.Action', - size: 10, - order: 'desc', - orderBy: '1', - otherBucket: false, - otherBucketLabel: 'Other', - missingBucket: false, - missingBucketLabel: 'Missing', - customLabel: 'Action', - }, - }, ], }), uiStateJSON: '{}', diff --git a/plugins/main/server/integration-files/visualizations/agents/agents-fim.ts b/plugins/main/server/integration-files/visualizations/agents/agents-fim.ts index fe808d8a6e..d903ed7bd8 100644 --- a/plugins/main/server/integration-files/visualizations/agents/agents-fim.ts +++ b/plugins/main/server/integration-files/visualizations/agents/agents-fim.ts @@ -26,7 +26,13 @@ export default [ labels: { show: true, values: true, last_level: true, truncate: 100 }, }, aggs: [ - { id: '1', enabled: true, type: 'count', schema: 'metric', params: {} }, + { + id: '1', + enabled: true, + type: 'count', + schema: 'metric', + params: {}, + }, { id: '2', enabled: true, @@ -74,7 +80,13 @@ export default [ labels: { show: true, values: true, last_level: true, truncate: 100 }, }, aggs: [ - { id: '1', enabled: true, type: 'count', schema: 'metric', params: {} }, + { + id: '1', + enabled: true, + type: 'count', + schema: 'metric', + params: {}, + }, { id: '2', enabled: true, @@ -162,12 +174,23 @@ export default [ accessor: 0, format: { id: 'terms', - params: { id: 'string', otherBucketLabel: 'Other', missingBucketLabel: 'Missing' }, + params: { + id: 'string', + otherBucketLabel: 'Other', + missingBucketLabel: 'Missing', + }, }, params: {}, aggType: 'terms', }, - y: [{ accessor: 2, format: { id: 'number' }, params: {}, aggType: 'count' }], + y: [ + { + accessor: 2, + format: { id: 'number' }, + params: {}, + aggType: 'count', + }, + ], series: [ { accessor: 1, @@ -186,20 +209,12 @@ export default [ }, }, aggs: [ - { id: '1', enabled: true, type: 'count', schema: 'metric', params: {} }, { - id: '2', + id: '1', enabled: true, - type: 'date_histogram', - schema: 'segment', - params: { - field: 'timestamp', - useNormalizedEsInterval: true, - interval: 'auto', - drop_partials: false, - min_doc_count: 1, - extended_bounds: {}, - }, + type: 'count', + schema: 'metric', + params: {}, }, { id: '3', @@ -217,6 +232,20 @@ export default [ missingBucketLabel: 'Missing', }, }, + { + id: '2', + enabled: true, + type: 'date_histogram', + schema: 'segment', + params: { + field: 'timestamp', + useNormalizedEsInterval: true, + interval: 'auto', + drop_partials: false, + min_doc_count: 1, + extended_bounds: {}, + }, + }, ], }), uiStateJSON: '{}', @@ -247,13 +276,24 @@ export default [ isDonut: true, }, aggs: [ - { id: '1', enabled: true, type: 'count', schema: 'metric', params: {} }, + { + id: '1', + enabled: true, + type: 'count', + schema: 'metric', + params: {}, + }, { id: '2', enabled: true, type: 'terms', schema: 'segment', - params: { field: 'syscheck.path', size: 5, order: 'desc', orderBy: '1' }, + params: { + field: 'syscheck.path', + size: 5, + order: 'desc', + orderBy: '1', + }, }, ], }), @@ -318,13 +358,24 @@ export default [ isDonut: true, }, aggs: [ - { id: '1', enabled: true, type: 'count', schema: 'metric', params: {} }, + { + id: '1', + enabled: true, + type: 'count', + schema: 'metric', + params: {}, + }, { id: '2', enabled: true, type: 'terms', schema: 'segment', - params: { field: 'syscheck.path', size: 5, order: 'desc', orderBy: '1' }, + params: { + field: 'syscheck.path', + size: 5, + order: 'desc', + orderBy: '1', + }, }, ], }), @@ -383,13 +434,24 @@ export default [ isDonut: true, }, aggs: [ - { id: '1', enabled: true, type: 'count', schema: 'metric', params: {} }, + { + id: '1', + enabled: true, + type: 'count', + schema: 'metric', + params: {}, + }, { id: '2', enabled: true, type: 'terms', schema: 'segment', - params: { field: 'syscheck.path', size: 5, order: 'desc', orderBy: '1' }, + params: { + field: 'syscheck.path', + size: 5, + order: 'desc', + orderBy: '1', + }, }, ], }), @@ -451,7 +513,13 @@ export default [ totalFunc: 'sum', }, aggs: [ - { id: '1', enabled: true, type: 'count', schema: 'metric', params: {} }, + { + id: '1', + enabled: true, + type: 'count', + schema: 'metric', + params: {}, + }, { id: '3', enabled: true, diff --git a/plugins/main/server/integration-files/visualizations/agents/agents-general.ts b/plugins/main/server/integration-files/visualizations/agents/agents-general.ts index af43ace6de..291c9f1bb5 100644 --- a/plugins/main/server/integration-files/visualizations/agents/agents-general.ts +++ b/plugins/main/server/integration-files/visualizations/agents/agents-general.ts @@ -23,10 +23,21 @@ export default [ addLegend: true, legendPosition: 'right', isDonut: true, - labels: { show: false, values: true, last_level: true, truncate: 100 }, + labels: { + show: false, + values: true, + last_level: true, + truncate: 100, + }, }, aggs: [ - { id: '1', enabled: true, type: 'count', schema: 'metric', params: {} }, + { + id: '1', + enabled: true, + type: 'count', + schema: 'metric', + params: {}, + }, { id: '2', enabled: true, @@ -85,7 +96,12 @@ export default [ labels: { show: true, color: 'black' }, scale: { show: false, labels: false, color: '#333', width: 2 }, type: 'simple', - style: { fontSize: 20, bgColor: false, labelColor: false, subText: '' }, + style: { + fontSize: 20, + bgColor: false, + labelColor: false, + subText: '', + }, }, }, aggs: [ @@ -98,7 +114,9 @@ export default [ }, ], }), - uiStateJSON: JSON.stringify({ vis: { defaultColors: { '0 - 100': 'rgb(0,104,55)' } } }), + uiStateJSON: JSON.stringify({ + vis: { defaultColors: { '0 - 100': 'rgb(0,104,55)' } }, + }), description: '', version: 1, kibanaSavedObjectMeta: { @@ -138,7 +156,12 @@ export default [ labels: { show: true, color: 'black' }, scale: { show: false, labels: false, color: '#333', width: 2 }, type: 'simple', - style: { fontSize: 20, bgColor: false, labelColor: false, subText: '' }, + style: { + fontSize: 20, + bgColor: false, + labelColor: false, + subText: '', + }, }, }, aggs: [ @@ -151,7 +174,9 @@ export default [ }, ], }), - uiStateJSON: JSON.stringify({ vis: { defaultColors: { '0 - 100': 'rgb(0,104,55)' } } }), + uiStateJSON: JSON.stringify({ + vis: { defaultColors: { '0 - 100': 'rgb(0,104,55)' } }, + }), description: '', version: 1, kibanaSavedObjectMeta: { @@ -216,7 +241,12 @@ export default [ labels: { show: true, color: 'black' }, scale: { show: false, labels: false, color: '#333', width: 2 }, type: 'simple', - style: { fontSize: 20, bgColor: false, labelColor: false, subText: '' }, + style: { + fontSize: 20, + bgColor: false, + labelColor: false, + subText: '', + }, }, }, aggs: [ @@ -229,7 +259,9 @@ export default [ }, ], }), - uiStateJSON: JSON.stringify({ vis: { defaultColors: { '0 - 100': 'rgb(0,104,55)' } } }), + uiStateJSON: JSON.stringify({ + vis: { defaultColors: { '0 - 100': 'rgb(0,104,55)' } }, + }), description: '', version: 1, kibanaSavedObjectMeta: { @@ -241,7 +273,8 @@ export default [ index: 'wazuh-alerts', type: 'phrases', key: 'rule.groups', - value: 'win_authentication_failed, authentication_failed, authentication_failures', + value: + 'win_authentication_failed, authentication_failed, authentication_failures', params: [ 'win_authentication_failed', 'authentication_failed', @@ -311,7 +344,12 @@ export default [ labels: { show: true, color: 'black' }, scale: { show: false, labels: false, color: '#333', width: 2 }, type: 'simple', - style: { fontSize: 20, bgColor: false, labelColor: false, subText: '' }, + style: { + fontSize: 20, + bgColor: false, + labelColor: false, + subText: '', + }, }, }, aggs: [ @@ -324,7 +362,9 @@ export default [ }, ], }), - uiStateJSON: JSON.stringify({ vis: { defaultColors: { '0 - 100': 'rgb(0,104,55)' } } }), + uiStateJSON: JSON.stringify({ + vis: { defaultColors: { '0 - 100': 'rgb(0,104,55)' } }, + }), description: '', version: 1, kibanaSavedObjectMeta: { @@ -377,10 +417,21 @@ export default [ addLegend: true, legendPosition: 'right', isDonut: false, - labels: { show: false, values: true, last_level: true, truncate: 100 }, + labels: { + show: false, + values: true, + last_level: true, + truncate: 100, + }, }, aggs: [ - { id: '1', enabled: true, type: 'count', schema: 'metric', params: {} }, + { + id: '1', + enabled: true, + type: 'count', + schema: 'metric', + params: {}, + }, { id: '2', enabled: true, @@ -425,10 +476,21 @@ export default [ addLegend: true, legendPosition: 'right', isDonut: true, - labels: { show: false, values: true, last_level: true, truncate: 100 }, + labels: { + show: false, + values: true, + last_level: true, + truncate: 100, + }, }, aggs: [ - { id: '1', enabled: true, type: 'count', schema: 'metric', params: {} }, + { + id: '1', + enabled: true, + type: 'count', + schema: 'metric', + params: {}, + }, { id: '2', enabled: true, @@ -465,11 +527,61 @@ export default [ _source: { title: 'Alert groups evolution', visState: JSON.stringify({ - title: 'Alerts by group over time', + title: 'Alert groups evolution', type: 'area', + aggs: [ + { + id: '1', + enabled: true, + type: 'count', + params: {}, + schema: 'metric', + }, + { + id: '3', + enabled: true, + type: 'terms', + params: { + field: 'rule.groups', + orderBy: '1', + order: 'desc', + size: 10, + otherBucket: false, + otherBucketLabel: 'Other', + missingBucket: false, + missingBucketLabel: 'Missing', + }, + schema: 'group', + }, + { + id: '2', + enabled: true, + type: 'date_histogram', + params: { + field: 'timestamp', + timeRange: { + from: 'now-1M', + to: 'now', + }, + useNormalizedOpenSearchInterval: true, + scaleMetricValues: false, + interval: 'auto', + drop_partials: false, + min_doc_count: 1, + extended_bounds: {}, + }, + schema: 'segment', + }, + ], params: { type: 'area', - grid: { categoryLines: true, style: { color: '#eee' }, valueAxis: 'ValueAxis-1' }, + grid: { + categoryLines: true, + style: { + color: '#eee', + }, + valueAxis: 'ValueAxis-1', + }, categoryAxes: [ { id: 'CategoryAxis-1', @@ -477,8 +589,14 @@ export default [ position: 'bottom', show: true, style: {}, - scale: { type: 'linear' }, - labels: { show: true, filter: true, truncate: 100 }, + scale: { + type: 'linear', + }, + labels: { + show: true, + filter: true, + truncate: 100, + }, title: {}, }, ], @@ -490,9 +608,19 @@ export default [ position: 'left', show: true, style: {}, - scale: { type: 'linear', mode: 'normal' }, - labels: { show: true, rotate: 0, filter: false, truncate: 100 }, - title: { text: 'Count' }, + scale: { + type: 'linear', + mode: 'normal', + }, + labels: { + show: true, + rotate: 0, + filter: false, + truncate: 100, + }, + title: { + text: 'Count', + }, }, ], seriesParams: [ @@ -500,7 +628,10 @@ export default [ show: 'true', type: 'area', mode: 'stacked', - data: { label: 'Count', id: '1' }, + data: { + label: 'Count', + id: '1', + }, drawLinesBetweenPoints: true, showCircles: true, interpolate: 'cardinal', @@ -512,43 +643,15 @@ export default [ legendPosition: 'right', times: [], addTimeMarker: false, - }, - aggs: [ - { id: '1', enabled: true, type: 'count', schema: 'metric', params: {} }, - { - id: '2', - enabled: true, - type: 'date_histogram', - schema: 'segment', - params: { - field: 'timestamp', - timeRange: { from: 'now-24h', to: 'now', mode: 'quick' }, - useNormalizedEsInterval: true, - interval: 'auto', - time_zone: 'Europe/Berlin', - drop_partials: false, - customInterval: '2h', - min_doc_count: 1, - extended_bounds: {}, - }, + thresholdLine: { + show: false, + value: 10, + width: 1, + style: 'full', + color: '#E7664C', }, - { - id: '3', - enabled: true, - type: 'terms', - schema: 'group', - params: { - field: 'rule.groups', - size: 5, - order: 'desc', - orderBy: '1', - otherBucket: false, - otherBucketLabel: 'Other', - missingBucket: false, - missingBucketLabel: 'Missing', - }, - }, - ], + labels: {}, + }, }), uiStateJSON: '{}', description: '', @@ -568,11 +671,61 @@ export default [ _source: { title: 'Alerts', visState: JSON.stringify({ - title: 'Alerts by action over time', + title: 'Top 10 Alerts', type: 'area', + aggs: [ + { + id: '1', + enabled: true, + type: 'count', + params: {}, + schema: 'metric', + }, + { + id: '3', + enabled: true, + type: 'terms', + params: { + field: 'rule.level', + orderBy: '1', + order: 'desc', + size: 10, + otherBucket: false, + otherBucketLabel: 'Other', + missingBucket: false, + missingBucketLabel: 'Missing', + }, + schema: 'group', + }, + { + id: '2', + enabled: true, + type: 'date_histogram', + params: { + field: 'timestamp', + timeRange: { + from: 'now-1M', + to: 'now', + }, + useNormalizedOpenSearchInterval: true, + scaleMetricValues: false, + interval: 'auto', + drop_partials: false, + min_doc_count: 1, + extended_bounds: {}, + }, + schema: 'segment', + }, + ], params: { type: 'area', - grid: { categoryLines: true, style: { color: '#eee' }, valueAxis: 'ValueAxis-1' }, + grid: { + categoryLines: true, + style: { + color: '#eee', + }, + valueAxis: 'ValueAxis-1', + }, categoryAxes: [ { id: 'CategoryAxis-1', @@ -580,8 +733,14 @@ export default [ position: 'bottom', show: true, style: {}, - scale: { type: 'linear' }, - labels: { show: true, filter: true, truncate: 100 }, + scale: { + type: 'linear', + }, + labels: { + show: true, + filter: true, + truncate: 100, + }, title: {}, }, ], @@ -593,9 +752,19 @@ export default [ position: 'left', show: true, style: {}, - scale: { type: 'linear', mode: 'normal' }, - labels: { show: true, rotate: 0, filter: false, truncate: 100 }, - title: { text: 'Count' }, + scale: { + type: 'linear', + mode: 'normal', + }, + labels: { + show: true, + rotate: 0, + filter: false, + truncate: 100, + }, + title: { + text: 'Count', + }, }, ], seriesParams: [ @@ -603,7 +772,10 @@ export default [ show: 'true', type: 'area', mode: 'stacked', - data: { label: 'Count', id: '1' }, + data: { + label: 'Count', + id: '1', + }, drawLinesBetweenPoints: true, showCircles: true, interpolate: 'cardinal', @@ -615,43 +787,15 @@ export default [ legendPosition: 'right', times: [], addTimeMarker: false, - }, - aggs: [ - { id: '1', enabled: true, type: 'count', schema: 'metric', params: {} }, - { - id: '2', - enabled: true, - type: 'date_histogram', - schema: 'segment', - params: { - field: 'timestamp', - timeRange: { from: 'now-24h', to: 'now', mode: 'quick' }, - useNormalizedEsInterval: true, - interval: 'auto', - time_zone: 'Europe/Berlin', - drop_partials: false, - customInterval: '2h', - min_doc_count: 1, - extended_bounds: {}, - }, + thresholdLine: { + show: false, + value: 10, + width: 1, + style: 'full', + color: '#E7664C', }, - { - id: '3', - enabled: true, - type: 'terms', - schema: 'group', - params: { - field: 'rule.level', - size: 5, - order: 'desc', - orderBy: '1', - otherBucket: false, - otherBucketLabel: 'Other', - missingBucket: false, - missingBucketLabel: 'Missing', - }, - }, - ], + labels: {}, + }, }), uiStateJSON: '{}', description: '', @@ -684,7 +828,13 @@ export default [ totalFunc: 'sum', }, aggs: [ - { id: '1', enabled: true, type: 'count', schema: 'metric', params: {} }, + { + id: '1', + enabled: true, + type: 'count', + schema: 'metric', + params: {}, + }, { id: '2', enabled: true, @@ -770,7 +920,13 @@ export default [ totalFunc: 'sum', }, aggs: [ - { id: '1', enabled: true, type: 'count', schema: 'metric', params: {} }, + { + id: '1', + enabled: true, + type: 'count', + schema: 'metric', + params: {}, + }, { id: '2', enabled: true, diff --git a/plugins/main/server/integration-files/visualizations/agents/agents-github.ts b/plugins/main/server/integration-files/visualizations/agents/agents-github.ts index 17ac6e85c9..75ba3eefa1 100644 --- a/plugins/main/server/integration-files/visualizations/agents/agents-github.ts +++ b/plugins/main/server/integration-files/visualizations/agents/agents-github.ts @@ -16,138 +16,139 @@ export default [ _source: { title: 'Alerts evolution by organization', visState: JSON.stringify({ - "title": "Alerts evolution by organization", - "type": "area", - "aggs": [ + title: 'Alerts evolution by organization', + type: 'area', + aggs: [ { - "id": "1", - "enabled": true, - "type": "count", - "params": {}, - "schema": "metric" + id: '1', + enabled: true, + type: 'count', + params: {}, + schema: 'metric', }, { - "id": "2", - "enabled": true, - "type": "date_histogram", - "params": { - "field": "timestamp", - "timeRange": { - "from": "now-7d", - "to": "now" - }, - "useNormalizedEsInterval": true, - "scaleMetricValues": false, - "interval": "auto", - "drop_partials": false, - "min_doc_count": 1, - "extended_bounds": {}, - "customLabel": "" + id: '3', + enabled: true, + type: 'terms', + params: { + field: 'data.github.org', + orderBy: '1', + order: 'desc', + size: 5, + otherBucket: false, + otherBucketLabel: 'Other', + missingBucket: false, + missingBucketLabel: 'Missing', }, - "schema": "segment" + schema: 'group', }, { - "id": "3", - "enabled": true, - "type": "terms", - "params": { - "field": "data.github.org", - "orderBy": "1", - "order": "desc", - "size": 5, - "otherBucket": false, - "otherBucketLabel": "Other", - "missingBucket": false, - "missingBucketLabel": "Missing" + id: '2', + enabled: true, + type: 'date_histogram', + params: { + field: 'timestamp', + timeRange: { + from: 'now-7d', + to: 'now', + }, + useNormalizedEsInterval: true, + scaleMetricValues: false, + interval: 'auto', + drop_partials: false, + min_doc_count: 1, + extended_bounds: {}, + customLabel: '', }, - "schema": "group" - } + schema: 'segment', + }, ], - "params": { - "type": "area", - "grid": { - "categoryLines": false + params: { + type: 'area', + grid: { + categoryLines: false, }, - "categoryAxes": [ + categoryAxes: [ { - "id": "CategoryAxis-1", - "type": "category", - "position": "bottom", - "show": true, - "style": {}, - "scale": { - "type": "linear" + id: 'CategoryAxis-1', + type: 'category', + position: 'bottom', + show: true, + style: {}, + scale: { + type: 'linear', }, - "labels": { - "show": true, - "filter": true, - "truncate": 100, - "rotate": 0 + labels: { + show: true, + filter: true, + truncate: 100, + rotate: 0, }, - "title": {} - } + title: {}, + }, ], - "valueAxes": [ + valueAxes: [ { - "id": "ValueAxis-1", - "name": "LeftAxis-1", - "type": "value", - "position": "left", - "show": true, - "style": {}, - "scale": { - "type": "linear", - "mode": "normal" + id: 'ValueAxis-1', + name: 'LeftAxis-1', + type: 'value', + position: 'left', + show: true, + style: {}, + scale: { + type: 'linear', + mode: 'normal', + }, + labels: { + show: true, + rotate: 0, + filter: false, + truncate: 100, }, - "labels": { - "show": true, - "rotate": 0, - "filter": false, - "truncate": 100 + title: { + text: 'Count', }, - "title": { - "text": "Count" - } - } + }, ], - "seriesParams": [ + seriesParams: [ { - "show": true, - "type": "line", - "mode": "normal", - "data": { - "label": "Count", - "id": "1" + show: true, + type: 'line', + mode: 'normal', + data: { + label: 'Count', + id: '1', }, - "drawLinesBetweenPoints": true, - "lineWidth": 2, - "showCircles": true, - "interpolate": "linear", - "valueAxis": "ValueAxis-1" - } + drawLinesBetweenPoints: true, + lineWidth: 2, + showCircles: true, + interpolate: 'linear', + valueAxis: 'ValueAxis-1', + }, ], - "addTooltip": true, - "addLegend": true, - "legendPosition": "right", - "times": [], - "addTimeMarker": false, - "thresholdLine": { - "show": false, - "value": 10, - "width": 1, - "style": "full", - "color": "#E7664C" + addTooltip: true, + addLegend: true, + legendPosition: 'right', + times: [], + addTimeMarker: false, + thresholdLine: { + show: false, + value: 10, + width: 1, + style: 'full', + color: '#E7664C', }, - "labels": {}, - "orderBucketsBySum": false - } + labels: {}, + orderBucketsBySum: false, + }, }), uiStateJSON: '', description: '', version: 1, kibanaSavedObjectMeta: { - searchSourceJSON: '{"index":"wazuh-alerts","filter":[],"query":{"query":"","language":"lucene"}}', - } + searchSourceJSON: + '{"index":"wazuh-alerts","filter":[],"query":{"query":"","language":"lucene"}}', + }, }, _type: 'visualization', }, @@ -156,53 +157,54 @@ export default [ _source: { title: 'Top 5 organizations by alerts', visState: JSON.stringify({ - "title": "Top 5 organizations by alerts", - "type": "pie", - "aggs": [ + title: 'Top 5 organizations by alerts', + type: 'pie', + aggs: [ { - "id": "1", - "enabled": true, - "type": "count", - "params": {}, - "schema": "metric" + id: '1', + enabled: true, + type: 'count', + params: {}, + schema: 'metric', }, { - "id": "2", - "enabled": true, - "type": "terms", - "params": { - "field": "data.github.org", - "orderBy": "1", - "order": "desc", - "size": 5, - "otherBucket": false, - "otherBucketLabel": "Other", - "missingBucket": false, - "missingBucketLabel": "Missing" + id: '2', + enabled: true, + type: 'terms', + params: { + field: 'data.github.org', + orderBy: '1', + order: 'desc', + size: 5, + otherBucket: false, + otherBucketLabel: 'Other', + missingBucket: false, + missingBucketLabel: 'Missing', }, - "schema": "segment" - } + schema: 'segment', + }, ], - "params": { - "type": "pie", - "addTooltip": true, - "addLegend": true, - "legendPosition": "right", - "isDonut": false, - "labels": { - "show": false, - "values": true, - "last_level": true, - "truncate": 100 - } - } + params: { + type: 'pie', + addTooltip: true, + addLegend: true, + legendPosition: 'right', + isDonut: false, + labels: { + show: false, + values: true, + last_level: true, + truncate: 100, + }, + }, }), uiStateJSON: '', description: '', version: 1, kibanaSavedObjectMeta: { - searchSourceJSON: '{"index":"wazuh-alerts","filter":[],"query":{"query":"","language":"lucene"}}', - } + searchSourceJSON: + '{"index":"wazuh-alerts","filter":[],"query":{"query":"","language":"lucene"}}', + }, }, _type: 'visualization', }, @@ -211,132 +213,133 @@ export default [ _source: { title: 'Users with more alerts', visState: JSON.stringify({ - "title": "Users with more alerts", - "type": "line", - "aggs": [ + title: 'Users with more alerts', + type: 'line', + aggs: [ { - "id": "1", - "enabled": true, - "type": "count", - "params": {}, - "schema": "metric" + id: '1', + enabled: true, + type: 'count', + params: {}, + schema: 'metric', }, { - "id": "4", - "enabled": true, - "type": "terms", - "params": { - "field": "data.github.org", - "orderBy": "1", - "order": "desc", - "size": 5, - "otherBucket": false, - "otherBucketLabel": "Other", - "missingBucket": false, - "missingBucketLabel": "Missing" + id: '4', + enabled: true, + type: 'terms', + params: { + field: 'data.github.org', + orderBy: '1', + order: 'desc', + size: 5, + otherBucket: false, + otherBucketLabel: 'Other', + missingBucket: false, + missingBucketLabel: 'Missing', }, - "schema": "segment" + schema: 'segment', }, { - "id": "3", - "enabled": true, - "type": "terms", - "params": { - "field": "data.github.actor", - "orderBy": "1", - "order": "desc", - "size": 5, - "otherBucket": false, - "otherBucketLabel": "Other", - "missingBucket": false, - "missingBucketLabel": "Missing" + id: '3', + enabled: true, + type: 'terms', + params: { + field: 'data.github.actor', + orderBy: '1', + order: 'desc', + size: 5, + otherBucket: false, + otherBucketLabel: 'Other', + missingBucket: false, + missingBucketLabel: 'Missing', }, - "schema": "group" - } + schema: 'group', + }, ], - "params": { - "type": "line", - "grid": { - "categoryLines": false + params: { + type: 'line', + grid: { + categoryLines: false, }, - "categoryAxes": [ + categoryAxes: [ { - "id": "CategoryAxis-1", - "type": "category", - "position": "bottom", - "show": true, - "style": {}, - "scale": { - "type": "linear" + id: 'CategoryAxis-1', + type: 'category', + position: 'bottom', + show: true, + style: {}, + scale: { + type: 'linear', }, - "labels": { - "show": true, - "filter": true, - "truncate": 100 + labels: { + show: true, + filter: true, + truncate: 100, }, - "title": {} - } + title: {}, + }, ], - "valueAxes": [ + valueAxes: [ { - "id": "ValueAxis-1", - "name": "LeftAxis-1", - "type": "value", - "position": "left", - "show": true, - "style": {}, - "scale": { - "type": "linear", - "mode": "normal" + id: 'ValueAxis-1', + name: 'LeftAxis-1', + type: 'value', + position: 'left', + show: true, + style: {}, + scale: { + type: 'linear', + mode: 'normal', + }, + labels: { + show: true, + rotate: 0, + filter: false, + truncate: 100, }, - "labels": { - "show": true, - "rotate": 0, - "filter": false, - "truncate": 100 + title: { + text: 'Count', }, - "title": { - "text": "Count" - } - } + }, ], - "seriesParams": [ + seriesParams: [ { - "show": true, - "type": "histogram", - "mode": "stacked", - "data": { - "label": "Count", - "id": "1" + show: true, + type: 'histogram', + mode: 'stacked', + data: { + label: 'Count', + id: '1', }, - "valueAxis": "ValueAxis-1", - "drawLinesBetweenPoints": true, - "lineWidth": 2, - "interpolate": "linear", - "showCircles": true - } + valueAxis: 'ValueAxis-1', + drawLinesBetweenPoints: true, + lineWidth: 2, + interpolate: 'linear', + showCircles: true, + }, ], - "addTooltip": true, - "addLegend": true, - "legendPosition": "right", - "times": [], - "addTimeMarker": false, - "labels": {}, - "thresholdLine": { - "show": false, - "value": 10, - "width": 1, - "style": "full", - "color": "#E7664C" - } - } + addTooltip: true, + addLegend: true, + legendPosition: 'right', + times: [], + addTimeMarker: false, + labels: {}, + thresholdLine: { + show: false, + value: 10, + width: 1, + style: 'full', + color: '#E7664C', + }, + }, }), uiStateJSON: '', description: '', version: 1, kibanaSavedObjectMeta: { - searchSourceJSON: '{"index":"wazuh-alerts","filter":[],"query":{"query":"","language":"lucene"}}', - } + searchSourceJSON: + '{"index":"wazuh-alerts","filter":[],"query":{"query":"","language":"lucene"}}', + }, }, _type: 'visualization', }, @@ -345,69 +348,70 @@ export default [ _source: { title: 'Top alerts by alert action type and organization', visState: JSON.stringify({ - "title": "Top alerts by alert action type and organization", - "type": "pie", - "aggs": [ + title: 'Top alerts by alert action type and organization', + type: 'pie', + aggs: [ { - "id": "1", - "enabled": true, - "type": "count", - "params": {}, - "schema": "metric" + id: '1', + enabled: true, + type: 'count', + params: {}, + schema: 'metric', }, { - "id": "3", - "enabled": true, - "type": "terms", - "params": { - "field": "data.github.org", - "orderBy": "1", - "order": "desc", - "size": 5, - "otherBucket": false, - "otherBucketLabel": "Other", - "missingBucket": false, - "missingBucketLabel": "Missing" + id: '3', + enabled: true, + type: 'terms', + params: { + field: 'data.github.org', + orderBy: '1', + order: 'desc', + size: 5, + otherBucket: false, + otherBucketLabel: 'Other', + missingBucket: false, + missingBucketLabel: 'Missing', }, - "schema": "segment" + schema: 'segment', }, { - "id": "2", - "enabled": true, - "type": "terms", - "params": { - "field": "data.github.action", - "orderBy": "1", - "order": "desc", - "size": 3, - "otherBucket": false, - "otherBucketLabel": "Other", - "missingBucket": false, - "missingBucketLabel": "Missing" + id: '2', + enabled: true, + type: 'terms', + params: { + field: 'data.github.action', + orderBy: '1', + order: 'desc', + size: 3, + otherBucket: false, + otherBucketLabel: 'Other', + missingBucket: false, + missingBucketLabel: 'Missing', }, - "schema": "segment" - } + schema: 'segment', + }, ], - "params": { - "type": "pie", - "addTooltip": true, - "addLegend": true, - "legendPosition": "right", - "isDonut": true, - "labels": { - "show": false, - "values": true, - "last_level": true, - "truncate": 100 - } - } + params: { + type: 'pie', + addTooltip: true, + addLegend: true, + legendPosition: 'right', + isDonut: true, + labels: { + show: false, + values: true, + last_level: true, + truncate: 100, + }, + }, }), uiStateJSON: '', description: '', version: 1, kibanaSavedObjectMeta: { - searchSourceJSON: '{"index":"wazuh-alerts","filter":[],"query":{"query":"","language":"lucene"}}', - } + searchSourceJSON: + '{"index":"wazuh-alerts","filter":[],"query":{"query":"","language":"lucene"}}', + }, }, _type: 'visualization', }, @@ -416,77 +420,77 @@ export default [ _source: { title: 'Alerts summary', visState: JSON.stringify({ - "title": "Alerts summary", - "type": "table", - "aggs": [ + title: 'Alerts summary', + type: 'table', + aggs: [ { - "id": "1", - "enabled": true, - "type": "count", - "params": {}, - "schema": "metric" + id: '1', + enabled: true, + type: 'count', + params: {}, + schema: 'metric', }, { - "id": "2", - "enabled": true, - "type": "terms", - "params": { - "field": "agent.name", - "orderBy": "1", - "order": "desc", - "size": 50, - "otherBucket": false, - "otherBucketLabel": "Other", - "missingBucket": false, - "missingBucketLabel": "Missing" + id: '2', + enabled: true, + type: 'terms', + params: { + field: 'agent.name', + orderBy: '1', + order: 'desc', + size: 50, + otherBucket: false, + otherBucketLabel: 'Other', + missingBucket: false, + missingBucketLabel: 'Missing', }, - "schema": "bucket" + schema: 'bucket', }, { - "id": "3", - "enabled": true, - "type": "terms", - "params": { - "field": "data.github.org", - "orderBy": "1", - "order": "desc", - "size": 10, - "otherBucket": false, - "otherBucketLabel": "Other", - "missingBucket": false, - "missingBucketLabel": "Missing" + id: '3', + enabled: true, + type: 'terms', + params: { + field: 'data.github.org', + orderBy: '1', + order: 'desc', + size: 10, + otherBucket: false, + otherBucketLabel: 'Other', + missingBucket: false, + missingBucketLabel: 'Missing', }, - "schema": "bucket" + schema: 'bucket', }, { - "id": "4", - "enabled": true, - "type": "terms", - "params": { - "field": "rule.description", - "orderBy": "1", - "order": "desc", - "size": 10, - "otherBucket": false, - "otherBucketLabel": "Other", - "missingBucket": false, - "missingBucketLabel": "Missing" + id: '4', + enabled: true, + type: 'terms', + params: { + field: 'rule.description', + orderBy: '1', + order: 'desc', + size: 10, + otherBucket: false, + otherBucketLabel: 'Other', + missingBucket: false, + missingBucketLabel: 'Missing', }, - "schema": "bucket" - } + schema: 'bucket', + }, ], - "params": { - "perPage": 10, - "showPartialRows": false, - "showMetricsAtAllLevels": false, - "sort": { - "columnIndex": null, - "direction": null + params: { + perPage: 10, + showPartialRows: false, + showMetricsAtAllLevels: false, + sort: { + columnIndex: null, + direction: null, }, - "showTotal": false, - "totalFunc": "sum", - "percentageCol": "" - } + showTotal: false, + totalFunc: 'sum', + percentageCol: '', + }, }), uiStateJSON: JSON.stringify({ vis: { params: { sort: { columnIndex: 3, direction: 'desc' } } }, @@ -494,9 +498,10 @@ export default [ description: '', version: 1, kibanaSavedObjectMeta: { - searchSourceJSON: '{"index":"wazuh-alerts","filter":[],"query":{"query":"","language":"lucene"}}', - } + searchSourceJSON: + '{"index":"wazuh-alerts","filter":[],"query":{"query":"","language":"lucene"}}', + }, }, _type: 'visualization', - } + }, ]; diff --git a/plugins/main/server/integration-files/visualizations/agents/agents-hipaa.ts b/plugins/main/server/integration-files/visualizations/agents/agents-hipaa.ts index 6c9d3f6ded..1370e04e1d 100644 --- a/plugins/main/server/integration-files/visualizations/agents/agents-hipaa.ts +++ b/plugins/main/server/integration-files/visualizations/agents/agents-hipaa.ts @@ -69,12 +69,29 @@ export default [ date: true, interval: 'PT12H', format: 'YYYY-MM-DD HH:mm', - bounds: { min: '2019-07-24T10:27:37.970Z', max: '2019-08-23T10:27:37.970Z' }, + bounds: { + min: '2019-07-24T10:27:37.970Z', + max: '2019-08-23T10:27:37.970Z', + }, }, aggType: 'date_histogram', }, - y: [{ accessor: 2, format: { id: 'number' }, params: {}, aggType: 'count' }], - z: [{ accessor: 3, format: { id: 'number' }, params: {}, aggType: 'count' }], + y: [ + { + accessor: 2, + format: { id: 'number' }, + params: {}, + aggType: 'count', + }, + ], + z: [ + { + accessor: 3, + format: { id: 'number' }, + params: {}, + aggType: 'count', + }, + ], series: [ { accessor: 1, @@ -94,22 +111,12 @@ export default [ radiusRatio: 20, }, aggs: [ - { id: '1', enabled: true, type: 'count', schema: 'metric', params: {} }, { - id: '2', + id: '1', enabled: true, - type: 'date_histogram', - schema: 'segment', - params: { - field: 'timestamp', - timeRange: { from: 'now-30d', to: 'now' }, - useNormalizedEsInterval: true, - interval: 'auto', - drop_partials: false, - min_doc_count: 1, - extended_bounds: {}, - customLabel: 'Timestampt', - }, + type: 'count', + schema: 'metric', + params: {}, }, { id: '3', @@ -128,7 +135,29 @@ export default [ customLabel: 'Requirement', }, }, - { id: '4', enabled: true, type: 'count', schema: 'radius', params: {} }, + { + id: '2', + enabled: true, + type: 'date_histogram', + schema: 'segment', + params: { + field: 'timestamp', + timeRange: { from: 'now-30d', to: 'now' }, + useNormalizedEsInterval: true, + interval: 'auto', + drop_partials: false, + min_doc_count: 1, + extended_bounds: {}, + customLabel: 'Timestampt', + }, + }, + { + id: '4', + enabled: true, + type: 'count', + schema: 'radius', + params: {}, + }, ], }), uiStateJSON: '{}', @@ -201,12 +230,23 @@ export default [ accessor: 0, format: { id: 'terms', - params: { id: 'string', otherBucketLabel: 'Other', missingBucketLabel: 'Missing' }, + params: { + id: 'string', + otherBucketLabel: 'Other', + missingBucketLabel: 'Missing', + }, }, params: {}, aggType: 'terms', }, - y: [{ accessor: 2, format: { id: 'number' }, params: {}, aggType: 'count' }], + y: [ + { + accessor: 2, + format: { id: 'number' }, + params: {}, + aggType: 'count', + }, + ], series: [ { accessor: 1, @@ -226,7 +266,13 @@ export default [ orderBucketsBySum: true, }, aggs: [ - { id: '1', enabled: true, type: 'count', schema: 'metric', params: {} }, + { + id: '1', + enabled: true, + type: 'count', + schema: 'metric', + params: {}, + }, { id: '2', enabled: true, @@ -289,18 +335,32 @@ export default [ minFontSize: 15, maxFontSize: 25, showLabel: true, - metric: { type: 'vis_dimension', accessor: 1, format: { id: 'string', params: {} } }, + metric: { + type: 'vis_dimension', + accessor: 1, + format: { id: 'string', params: {} }, + }, bucket: { type: 'vis_dimension', accessor: 0, format: { id: 'terms', - params: { id: 'string', otherBucketLabel: 'Other', missingBucketLabel: 'Missing' }, + params: { + id: 'string', + otherBucketLabel: 'Other', + missingBucketLabel: 'Missing', + }, }, }, }, aggs: [ - { id: '1', enabled: true, type: 'count', schema: 'metric', params: {} }, + { + id: '1', + enabled: true, + type: 'count', + schema: 'metric', + params: {}, + }, { id: '2', enabled: true, @@ -346,9 +406,19 @@ export default [ addLegend: true, legendPosition: 'right', isDonut: true, - labels: { show: false, values: true, last_level: true, truncate: 100 }, + labels: { + show: false, + values: true, + last_level: true, + truncate: 100, + }, dimensions: { - metric: { accessor: 1, format: { id: 'number' }, params: {}, aggType: 'count' }, + metric: { + accessor: 1, + format: { id: 'number' }, + params: {}, + aggType: 'count', + }, buckets: [ { accessor: 0, @@ -367,7 +437,13 @@ export default [ }, }, aggs: [ - { id: '1', enabled: true, type: 'count', schema: 'metric', params: {} }, + { + id: '1', + enabled: true, + type: 'count', + schema: 'metric', + params: {}, + }, { id: '2', enabled: true, @@ -460,30 +536,30 @@ export default [ date: true, interval: 'PT1H', format: 'YYYY-MM-DD HH:mm', - bounds: { min: '2019-08-19T09:19:10.911Z', max: '2019-08-23T09:19:10.911Z' }, + bounds: { + min: '2019-08-19T09:19:10.911Z', + max: '2019-08-23T09:19:10.911Z', + }, }, aggType: 'date_histogram', }, - y: [{ accessor: 1, format: { id: 'number' }, params: {}, aggType: 'count' }], + y: [ + { + accessor: 1, + format: { id: 'number' }, + params: {}, + aggType: 'count', + }, + ], }, }, aggs: [ - { id: '1', enabled: true, type: 'count', schema: 'metric', params: {} }, { - id: '2', + id: '1', enabled: true, - type: 'date_histogram', - schema: 'segment', - params: { - field: 'timestamp', - timeRange: { from: 'now-4d', to: 'now' }, - useNormalizedEsInterval: true, - interval: 'auto', - drop_partials: false, - min_doc_count: 1, - extended_bounds: {}, - customLabel: 'Timestampt', - }, + type: 'count', + schema: 'metric', + params: {}, }, { id: '3', @@ -502,6 +578,22 @@ export default [ customLabel: 'Requirement', }, }, + { + id: '2', + enabled: true, + type: 'date_histogram', + schema: 'segment', + params: { + field: 'timestamp', + timeRange: { from: 'now-4d', to: 'now' }, + useNormalizedEsInterval: true, + interval: 'auto', + drop_partials: false, + min_doc_count: 1, + extended_bounds: {}, + customLabel: 'Timestampt', + }, + }, ], }), uiStateJSON: '{}', @@ -534,7 +626,14 @@ export default [ showToolbar: true, totalFunc: 'sum', dimensions: { - metrics: [{ accessor: 3, format: { id: 'number' }, params: {}, aggType: 'count' }], + metrics: [ + { + accessor: 3, + format: { id: 'number' }, + params: {}, + aggType: 'count', + }, + ], buckets: [ { accessor: 0, @@ -579,7 +678,13 @@ export default [ }, }, aggs: [ - { id: '1', enabled: true, type: 'count', schema: 'metric', params: {} }, + { + id: '1', + enabled: true, + type: 'count', + schema: 'metric', + params: {}, + }, { id: '3', enabled: true, diff --git a/plugins/main/server/integration-files/visualizations/agents/agents-mitre.ts b/plugins/main/server/integration-files/visualizations/agents/agents-mitre.ts index 7ba64daa01..19dbf42591 100644 --- a/plugins/main/server/integration-files/visualizations/agents/agents-mitre.ts +++ b/plugins/main/server/integration-files/visualizations/agents/agents-mitre.ts @@ -16,7 +16,13 @@ export default [ title: 'Mitre attack count', visState: JSON.stringify({ aggs: [ - { enabled: true, id: '1', params: {}, schema: 'metric', type: 'count' }, + { + enabled: true, + id: '1', + params: {}, + schema: 'metric', + type: 'count', + }, { enabled: true, id: '2', @@ -38,7 +44,14 @@ export default [ params: { dimensions: { buckets: [], - metrics: [{ accessor: 0, aggType: 'count', format: { id: 'number' }, params: {} }], + metrics: [ + { + accessor: 0, + aggType: 'count', + format: { id: 'number' }, + params: {}, + }, + ], }, perPage: 10, percentageCol: '', @@ -118,7 +131,13 @@ export default [ times: [], addTimeMarker: false, labels: {}, - thresholdLine: { show: false, value: 10, width: 1, style: 'full', color: '#34130C' }, + thresholdLine: { + show: false, + value: 10, + width: 1, + style: 'full', + color: '#34130C', + }, dimensions: { x: { accessor: 0, @@ -127,11 +146,21 @@ export default [ date: true, interval: 'PT3H', format: 'YYYY-MM-DD HH:mm', - bounds: { min: '2019-11-07T15:45:45.770Z', max: '2019-11-14T15:45:45.770Z' }, + bounds: { + min: '2019-11-07T15:45:45.770Z', + max: '2019-11-14T15:45:45.770Z', + }, }, aggType: 'date_histogram', }, - y: [{ accessor: 2, format: { id: 'number' }, params: {}, aggType: 'count' }], + y: [ + { + accessor: 2, + format: { id: 'number' }, + params: {}, + aggType: 'count', + }, + ], series: [ { accessor: 1, @@ -150,21 +179,12 @@ export default [ }, }, aggs: [ - { id: '1', enabled: true, type: 'count', schema: 'metric', params: {} }, { - id: '2', + id: '1', enabled: true, - type: 'date_histogram', - schema: 'segment', - params: { - field: 'timestamp', - timeRange: { from: 'now-7d', to: 'now' }, - useNormalizedEsInterval: true, - interval: 'auto', - drop_partials: false, - min_doc_count: 1, - extended_bounds: {}, - }, + type: 'count', + schema: 'metric', + params: {}, }, { id: '3', @@ -183,6 +203,21 @@ export default [ missingBucketLabel: 'Missing', }, }, + { + id: '2', + enabled: true, + type: 'date_histogram', + schema: 'segment', + params: { + field: 'timestamp', + timeRange: { from: 'now-7d', to: 'now' }, + useNormalizedEsInterval: true, + interval: 'auto', + drop_partials: false, + min_doc_count: 1, + extended_bounds: {}, + }, + }, ], }), uiStateJSON: '{}', @@ -209,7 +244,12 @@ export default [ addLegend: true, addTooltip: true, dimensions: { - metric: { accessor: 1, format: { id: 'number' }, params: {}, aggType: 'count' }, + metric: { + accessor: 1, + format: { id: 'number' }, + params: {}, + aggType: 'count', + }, buckets: [ { accessor: 0, @@ -240,12 +280,23 @@ export default [ ], }, isDonut: true, - labels: { last_level: true, show: false, truncate: 100, values: true }, + labels: { + last_level: true, + show: false, + truncate: 100, + values: true, + }, legendPosition: 'right', type: 'pie', }, aggs: [ - { id: '1', enabled: true, type: 'count', schema: 'metric', params: {} }, + { + id: '1', + enabled: true, + type: 'count', + schema: 'metric', + params: {}, + }, { id: '2', enabled: true, @@ -308,9 +359,19 @@ export default [ addLegend: true, legendPosition: 'right', isDonut: true, - labels: { show: false, values: true, last_level: true, truncate: 100 }, + labels: { + show: false, + values: true, + last_level: true, + truncate: 100, + }, dimensions: { - metric: { accessor: 1, format: { id: 'number' }, params: {}, aggType: 'count' }, + metric: { + accessor: 1, + format: { id: 'number' }, + params: {}, + aggType: 'count', + }, buckets: [ { accessor: 0, @@ -342,7 +403,13 @@ export default [ }, }, aggs: [ - { id: '1', enabled: true, type: 'count', schema: 'metric', params: {} }, + { + id: '1', + enabled: true, + type: 'count', + schema: 'metric', + params: {}, + }, { id: '3', enabled: true, @@ -405,9 +472,19 @@ export default [ addLegend: true, legendPosition: 'right', isDonut: true, - labels: { show: false, values: true, last_level: true, truncate: 100 }, + labels: { + show: false, + values: true, + last_level: true, + truncate: 100, + }, dimensions: { - metric: { accessor: 1, format: { id: 'number' }, params: {}, aggType: 'count' }, + metric: { + accessor: 1, + format: { id: 'number' }, + params: {}, + aggType: 'count', + }, buckets: [ { accessor: 0, @@ -452,7 +529,13 @@ export default [ }, }, aggs: [ - { id: '1', enabled: true, type: 'count', schema: 'metric', params: {} }, + { + id: '1', + enabled: true, + type: 'count', + schema: 'metric', + params: {}, + }, { id: '3', enabled: true, @@ -554,10 +637,23 @@ export default [ times: [], addTimeMarker: false, labels: { show: false }, - thresholdLine: { show: false, value: 10, width: 1, style: 'full', color: '#34130C' }, + thresholdLine: { + show: false, + value: 10, + width: 1, + style: 'full', + color: '#34130C', + }, dimensions: { x: null, - y: [{ accessor: 1, format: { id: 'number' }, params: {}, aggType: 'count' }], + y: [ + { + accessor: 1, + format: { id: 'number' }, + params: {}, + aggType: 'count', + }, + ], series: [ { accessor: 0, @@ -576,7 +672,13 @@ export default [ }, }, aggs: [ - { id: '1', enabled: true, type: 'count', schema: 'metric', params: {} }, + { + id: '1', + enabled: true, + type: 'count', + schema: 'metric', + params: {}, + }, { id: '2', enabled: true, @@ -637,9 +739,19 @@ export default [ addLegend: true, legendPosition: 'right', isDonut: false, - labels: { show: false, values: true, last_level: true, truncate: 100 }, + labels: { + show: false, + values: true, + last_level: true, + truncate: 100, + }, dimensions: { - metric: { accessor: 1, format: { id: 'number' }, params: {}, aggType: 'count' }, + metric: { + accessor: 1, + format: { id: 'number' }, + params: {}, + aggType: 'count', + }, buckets: [ { accessor: 0, @@ -658,7 +770,13 @@ export default [ }, }, aggs: [ - { id: '1', enabled: true, type: 'count', schema: 'metric', params: {} }, + { + id: '1', + enabled: true, + type: 'count', + schema: 'metric', + params: {}, + }, { id: '2', enabled: true, @@ -708,7 +826,13 @@ export default [ totalFunc: 'sum', }, aggs: [ - { id: '1', enabled: true, type: 'count', schema: 'metric', params: {} }, + { + id: '1', + enabled: true, + type: 'count', + schema: 'metric', + params: {}, + }, { id: '2', enabled: true, diff --git a/plugins/main/server/integration-files/visualizations/agents/agents-nist.ts b/plugins/main/server/integration-files/visualizations/agents/agents-nist.ts index 35556a42e5..4f0247f6e1 100644 --- a/plugins/main/server/integration-files/visualizations/agents/agents-nist.ts +++ b/plugins/main/server/integration-files/visualizations/agents/agents-nist.ts @@ -26,12 +26,26 @@ export default [ colorsRange: [{ type: 'range', from: 0, to: 10000 }], labels: { show: true }, invertColors: false, - style: { bgFill: '#000', bgColor: false, labelColor: false, subText: '', fontSize: 20 }, + style: { + bgFill: '#000', + bgColor: false, + labelColor: false, + subText: '', + fontSize: 20, + }, }, dimensions: { metrics: [ - { type: 'vis_dimension', accessor: 0, format: { id: 'number', params: {} } }, - { type: 'vis_dimension', accessor: 1, format: { id: 'number', params: {} } }, + { + type: 'vis_dimension', + accessor: 0, + format: { id: 'number', params: {} }, + }, + { + type: 'vis_dimension', + accessor: 1, + format: { id: 'number', params: {} }, + }, ], }, addTooltip: true, @@ -81,13 +95,29 @@ export default [ addLegend: true, legendPosition: 'right', isDonut: true, - labels: { show: false, values: true, last_level: true, truncate: 100 }, + labels: { + show: false, + values: true, + last_level: true, + truncate: 100, + }, dimensions: { - metric: { accessor: 0, format: { id: 'number' }, params: {}, aggType: 'count' }, + metric: { + accessor: 0, + format: { id: 'number' }, + params: {}, + aggType: 'count', + }, }, }, aggs: [ - { id: '1', enabled: true, type: 'count', schema: 'metric', params: {} }, + { + id: '1', + enabled: true, + type: 'count', + schema: 'metric', + params: {}, + }, { id: '2', enabled: true, @@ -176,12 +206,23 @@ export default [ accessor: 0, format: { id: 'terms', - params: { id: 'string', otherBucketLabel: 'Other', missingBucketLabel: 'Missing' }, + params: { + id: 'string', + otherBucketLabel: 'Other', + missingBucketLabel: 'Missing', + }, }, params: {}, aggType: 'terms', }, - y: [{ accessor: 2, format: { id: 'number' }, params: {}, aggType: 'count' }], + y: [ + { + accessor: 2, + format: { id: 'number' }, + params: {}, + aggType: 'count', + }, + ], series: [ { accessor: 1, @@ -201,7 +242,13 @@ export default [ labels: { show: false }, }, aggs: [ - { id: '1', enabled: true, type: 'count', schema: 'metric', params: {} }, + { + id: '1', + enabled: true, + type: 'count', + schema: 'metric', + params: {}, + }, { id: '2', enabled: true, @@ -267,7 +314,13 @@ export default [ labels: { show: true, values: true, last_level: true, truncate: 100 }, }, aggs: [ - { id: '1', enabled: true, type: 'count', schema: 'metric', params: {} }, + { + id: '1', + enabled: true, + type: 'count', + schema: 'metric', + params: {}, + }, { id: '2', enabled: true, @@ -359,11 +412,21 @@ export default [ date: true, interval: 'PT1H', format: 'YYYY-MM-DD HH:mm', - bounds: { min: '2019-08-19T09:46:35.795Z', max: '2019-08-23T09:46:35.795Z' }, + bounds: { + min: '2019-08-19T09:46:35.795Z', + max: '2019-08-23T09:46:35.795Z', + }, }, aggType: 'date_histogram', }, - y: [{ accessor: 2, format: { id: 'number' }, params: {}, aggType: 'count' }], + y: [ + { + accessor: 2, + format: { id: 'number' }, + params: {}, + aggType: 'count', + }, + ], series: [ { accessor: 1, @@ -382,22 +445,12 @@ export default [ }, }, aggs: [ - { id: '1', enabled: true, type: 'count', schema: 'metric', params: {} }, { - id: '2', + id: '1', enabled: true, - type: 'date_histogram', - schema: 'segment', - params: { - field: 'timestamp', - timeRange: { from: 'now-4d', to: 'now' }, - useNormalizedEsInterval: true, - interval: 'auto', - drop_partials: false, - min_doc_count: 1, - extended_bounds: {}, - customLabel: 'Timestamp', - }, + type: 'count', + schema: 'metric', + params: {}, }, { id: '3', @@ -416,6 +469,22 @@ export default [ customLabel: 'Requirement', }, }, + { + id: '2', + enabled: true, + type: 'date_histogram', + schema: 'segment', + params: { + field: 'timestamp', + timeRange: { from: 'now-4d', to: 'now' }, + useNormalizedEsInterval: true, + interval: 'auto', + drop_partials: false, + min_doc_count: 1, + extended_bounds: {}, + customLabel: 'Timestamp', + }, + }, ], }), uiStateJSON: '{}', @@ -448,7 +517,14 @@ export default [ showToolbar: true, totalFunc: 'sum', dimensions: { - metrics: [{ accessor: 3, format: { id: 'number' }, params: {}, aggType: 'count' }], + metrics: [ + { + accessor: 3, + format: { id: 'number' }, + params: {}, + aggType: 'count', + }, + ], buckets: [ { accessor: 0, @@ -493,7 +569,13 @@ export default [ }, }, aggs: [ - { id: '1', enabled: true, type: 'count', schema: 'metric', params: {} }, + { + id: '1', + enabled: true, + type: 'count', + schema: 'metric', + params: {}, + }, { id: '3', enabled: true, diff --git a/plugins/main/server/integration-files/visualizations/overview/overview-aws.ts b/plugins/main/server/integration-files/visualizations/overview/overview-aws.ts index 7a84b7e084..34c6d3f958 100644 --- a/plugins/main/server/integration-files/visualizations/overview/overview-aws.ts +++ b/plugins/main/server/integration-files/visualizations/overview/overview-aws.ts @@ -233,6 +233,22 @@ export default [ schema: 'metric', params: {}, }, + { + id: '3', + enabled: true, + type: 'terms', + schema: 'group', + params: { + field: 'data.aws.source', + size: 5, + order: 'desc', + orderBy: '1', + otherBucket: false, + otherBucketLabel: 'Other', + missingBucket: false, + missingBucketLabel: 'Missing', + }, + }, { id: '2', enabled: true, @@ -250,22 +266,6 @@ export default [ extended_bounds: {}, }, }, - { - id: '3', - enabled: true, - type: 'terms', - schema: 'group', - params: { - field: 'data.aws.source', - size: 5, - order: 'desc', - orderBy: '1', - otherBucket: false, - otherBucketLabel: 'Other', - missingBucket: false, - missingBucketLabel: 'Missing', - }, - }, ], }), uiStateJSON: '{}', @@ -582,6 +582,22 @@ export default [ schema: 'metric', params: {}, }, + { + id: '3', + enabled: true, + type: 'terms', + schema: 'group', + params: { + field: 'data.aws.log_info.s3bucket', + size: 5, + order: 'desc', + orderBy: '1', + otherBucket: false, + otherBucketLabel: 'Other', + missingBucket: false, + missingBucketLabel: 'Missing', + }, + }, { id: '2', enabled: true, @@ -599,22 +615,6 @@ export default [ extended_bounds: {}, }, }, - { - id: '3', - enabled: true, - type: 'terms', - schema: 'group', - params: { - field: 'data.aws.log_info.s3bucket', - size: 5, - order: 'desc', - orderBy: '1', - otherBucket: false, - otherBucketLabel: 'Other', - missingBucket: false, - missingBucketLabel: 'Missing', - }, - }, ], }), uiStateJSON: '{}', diff --git a/plugins/main/server/integration-files/visualizations/overview/overview-docker.ts b/plugins/main/server/integration-files/visualizations/overview/overview-docker.ts index ff0743f5fd..f2adee074f 100644 --- a/plugins/main/server/integration-files/visualizations/overview/overview-docker.ts +++ b/plugins/main/server/integration-files/visualizations/overview/overview-docker.ts @@ -26,6 +26,22 @@ export default [ params: {}, schema: 'metric', }, + { + id: '3', + enabled: true, + type: 'terms', + params: { + field: 'data.docker.Type', + orderBy: '1', + order: 'desc', + size: 5, + otherBucket: false, + otherBucketLabel: 'Other', + missingBucket: false, + missingBucketLabel: 'Missing', + }, + schema: 'group', + }, { id: '2', enabled: true, @@ -45,22 +61,6 @@ export default [ }, schema: 'segment', }, - { - id: '3', - enabled: true, - type: 'terms', - params: { - field: 'data.docker.Type', - orderBy: '1', - order: 'desc', - size: 5, - otherBucket: false, - otherBucketLabel: 'Other', - missingBucket: false, - missingBucketLabel: 'Missing', - }, - schema: 'group', - }, ], params: { type: 'histogram', diff --git a/plugins/main/server/integration-files/visualizations/overview/overview-fim.ts b/plugins/main/server/integration-files/visualizations/overview/overview-fim.ts index 5d9fab5385..6286f9fa8d 100644 --- a/plugins/main/server/integration-files/visualizations/overview/overview-fim.ts +++ b/plugins/main/server/integration-files/visualizations/overview/overview-fim.ts @@ -334,6 +334,22 @@ export default [ schema: 'metric', params: {}, }, + { + id: '3', + enabled: true, + type: 'terms', + schema: 'group', + params: { + field: 'syscheck.event', + size: 5, + order: 'desc', + orderBy: '1', + otherBucket: false, + otherBucketLabel: 'Other', + missingBucket: false, + missingBucketLabel: 'Missing', + }, + }, { id: '2', enabled: true, @@ -351,22 +367,6 @@ export default [ extended_bounds: {}, }, }, - { - id: '3', - enabled: true, - type: 'terms', - schema: 'group', - params: { - field: 'syscheck.event', - size: 5, - order: 'desc', - orderBy: '1', - otherBucket: false, - otherBucketLabel: 'Other', - missingBucket: false, - missingBucketLabel: 'Missing', - }, - }, ], }), uiStateJSON: '{}', diff --git a/plugins/main/server/integration-files/visualizations/overview/overview-gdpr.ts b/plugins/main/server/integration-files/visualizations/overview/overview-gdpr.ts index 676d7ee5f7..d1be4a41bb 100644 --- a/plugins/main/server/integration-files/visualizations/overview/overview-gdpr.ts +++ b/plugins/main/server/integration-files/visualizations/overview/overview-gdpr.ts @@ -19,7 +19,11 @@ export default [ type: 'area', params: { type: 'area', - grid: { categoryLines: true, style: { color: '#eee' }, valueAxis: 'ValueAxis-1' }, + grid: { + categoryLines: true, + style: { color: '#eee' }, + valueAxis: 'ValueAxis-1', + }, categoryAxes: [ { id: 'CategoryAxis-1', @@ -64,23 +68,12 @@ export default [ addTimeMarker: false, }, aggs: [ - { id: '1', enabled: true, type: 'count', schema: 'metric', params: {} }, { - id: '2', + id: '1', enabled: true, - type: 'date_histogram', - schema: 'segment', - params: { - field: 'timestamp', - timeRange: { from: 'now-24h', to: 'now', mode: 'quick' }, - useNormalizedEsInterval: true, - interval: 'auto', - time_zone: 'Europe/Berlin', - drop_partials: false, - customInterval: '2h', - min_doc_count: 1, - extended_bounds: {}, - }, + type: 'count', + schema: 'metric', + params: {}, }, { id: '3', @@ -98,6 +91,23 @@ export default [ missingBucketLabel: 'Missing', }, }, + { + id: '2', + enabled: true, + type: 'date_histogram', + schema: 'segment', + params: { + field: 'timestamp', + timeRange: { from: 'now-24h', to: 'now', mode: 'quick' }, + useNormalizedEsInterval: true, + interval: 'auto', + time_zone: 'Europe/Berlin', + drop_partials: false, + customInterval: '2h', + min_doc_count: 1, + extended_bounds: {}, + }, + }, ], }), uiStateJSON: '{}', @@ -140,12 +150,23 @@ export default [ id: 'ValueAxis-1', type: 'value', scale: { type: 'linear', defaultYExtents: false }, - labels: { show: false, rotate: 0, overwriteColor: false, color: '#555' }, + labels: { + show: false, + rotate: 0, + overwriteColor: false, + color: '#555', + }, }, ], }, aggs: [ - { id: '1', enabled: true, type: 'count', schema: 'metric', params: {} }, + { + id: '1', + enabled: true, + type: 'count', + schema: 'metric', + params: {}, + }, { id: '2', enabled: true, @@ -267,8 +288,22 @@ export default [ params: { date: true, interval: 'P1D', format: 'YYYY-MM-DD' }, aggType: 'date_histogram', }, - y: [{ accessor: 2, format: { id: 'number' }, params: {}, aggType: 'count' }], - z: [{ accessor: 3, format: { id: 'number' }, params: {}, aggType: 'count' }], + y: [ + { + accessor: 2, + format: { id: 'number' }, + params: {}, + aggType: 'count', + }, + ], + z: [ + { + accessor: 3, + format: { id: 'number' }, + params: {}, + aggType: 'count', + }, + ], series: [ { accessor: 1, @@ -288,21 +323,12 @@ export default [ radiusRatio: 50, }, aggs: [ - { id: '1', enabled: true, type: 'count', schema: 'metric', params: {} }, { - id: '2', + id: '1', enabled: true, - type: 'date_histogram', - schema: 'segment', - params: { - field: 'timestamp', - timeRange: { from: 'now-1h', to: 'now' }, - useNormalizedEsInterval: true, - interval: 'auto', - drop_partials: false, - min_doc_count: 1, - extended_bounds: {}, - }, + type: 'count', + schema: 'metric', + params: {}, }, { id: '3', @@ -313,14 +339,35 @@ export default [ field: 'rule.gdpr', orderBy: '1', order: 'desc', - size: 50, + size: 10, otherBucket: false, otherBucketLabel: 'Other', missingBucket: false, missingBucketLabel: 'Missing', }, }, - { id: '4', enabled: true, type: 'count', schema: 'radius', params: {} }, + { + id: '2', + enabled: true, + type: 'date_histogram', + schema: 'segment', + params: { + field: 'timestamp', + timeRange: { from: 'now-1h', to: 'now' }, + useNormalizedEsInterval: true, + interval: 'auto', + drop_partials: false, + min_doc_count: 1, + extended_bounds: {}, + }, + }, + { + id: '4', + enabled: true, + type: 'count', + schema: 'radius', + params: {}, + }, ], }), uiStateJSON: '{"vis":{"legendOpen":false}}', @@ -351,13 +398,24 @@ export default [ isDonut: false, }, aggs: [ - { id: '1', enabled: true, type: 'count', schema: 'metric', params: {} }, + { + id: '1', + enabled: true, + type: 'count', + schema: 'metric', + params: {}, + }, { id: '2', enabled: true, type: 'terms', schema: 'segment', - params: { field: 'agent.name', size: 10, order: 'desc', orderBy: '1' }, + params: { + field: 'agent.name', + size: 10, + order: 'desc', + orderBy: '1', + }, }, ], }), @@ -428,7 +486,13 @@ export default [ radiusRatio: 51, }, aggs: [ - { id: '1', enabled: true, type: 'count', schema: 'metric', params: {} }, + { + id: '1', + enabled: true, + type: 'count', + schema: 'metric', + params: {}, + }, { id: '2', enabled: true, @@ -447,7 +511,12 @@ export default [ enabled: true, type: 'terms', schema: 'group', - params: { field: 'agent.name', size: 5, order: 'desc', orderBy: '1' }, + params: { + field: 'agent.name', + size: 5, + order: 'desc', + orderBy: '1', + }, }, ], }), @@ -482,7 +551,13 @@ export default [ totalFunc: 'sum', }, aggs: [ - { id: '1', enabled: true, type: 'count', schema: 'metric', params: {} }, + { + id: '1', + enabled: true, + type: 'count', + schema: 'metric', + params: {}, + }, { id: '2', enabled: true, @@ -536,7 +611,8 @@ export default [ }, ], }), - uiStateJSON: '{"vis":{"params":{"sort":{"columnIndex":3,"direction":"desc"}}}}', + uiStateJSON: + '{"vis":{"params":{"sort":{"columnIndex":3,"direction":"desc"}}}}', description: '', version: 1, kibanaSavedObjectMeta: { @@ -566,7 +642,13 @@ export default [ totalFunc: 'sum', }, aggs: [ - { id: '1', enabled: true, type: 'count', schema: 'metric', params: {} }, + { + id: '1', + enabled: true, + type: 'count', + schema: 'metric', + params: {}, + }, { id: '2', enabled: true, @@ -620,7 +702,8 @@ export default [ }, ], }), - uiStateJSON: '{"vis":{"params":{"sort":{"columnIndex":3,"direction":"desc"}}}}', + uiStateJSON: + '{"vis":{"params":{"sort":{"columnIndex":3,"direction":"desc"}}}}', description: '', version: 1, kibanaSavedObjectMeta: { diff --git a/plugins/main/server/integration-files/visualizations/overview/overview-general.ts b/plugins/main/server/integration-files/visualizations/overview/overview-general.ts index 16723e1082..926ae80d48 100644 --- a/plugins/main/server/integration-files/visualizations/overview/overview-general.ts +++ b/plugins/main/server/integration-files/visualizations/overview/overview-general.ts @@ -461,13 +461,59 @@ export default [ _source: { title: 'Alert level evolution', visState: JSON.stringify({ - title: 'Alert level evolution', + title: 'Alerts level evolution', type: 'area', + aggs: [ + { + id: '1', + enabled: true, + type: 'count', + params: {}, + schema: 'metric', + }, + { + id: '3', + enabled: true, + type: 'terms', + params: { + field: 'rule.level', + orderBy: '1', + order: 'desc', + size: 10, + otherBucket: false, + otherBucketLabel: 'Other', + missingBucket: false, + missingBucketLabel: 'Missing', + }, + schema: 'group', + }, + { + id: '2', + enabled: true, + type: 'date_histogram', + params: { + field: 'timestamp', + timeRange: { + from: 'now-24h', + to: 'now', + }, + useNormalizedOpenSearchInterval: true, + scaleMetricValues: false, + interval: 'auto', + drop_partials: false, + min_doc_count: 1, + extended_bounds: {}, + }, + schema: 'segment', + }, + ], params: { type: 'area', grid: { categoryLines: true, - style: { color: '#eee' }, + style: { + color: '#eee', + }, valueAxis: 'ValueAxis-1', }, categoryAxes: [ @@ -477,8 +523,14 @@ export default [ position: 'bottom', show: true, style: {}, - scale: { type: 'linear' }, - labels: { show: true, filter: true, truncate: 100 }, + scale: { + type: 'linear', + }, + labels: { + show: true, + filter: true, + truncate: 100, + }, title: {}, }, ], @@ -490,9 +542,19 @@ export default [ position: 'left', show: true, style: {}, - scale: { type: 'linear', mode: 'normal' }, - labels: { show: true, rotate: 0, filter: false, truncate: 100 }, - title: { text: 'Count' }, + scale: { + type: 'linear', + mode: 'normal', + }, + labels: { + show: true, + rotate: 0, + filter: false, + truncate: 100, + }, + title: { + text: 'Count', + }, }, ], seriesParams: [ @@ -500,7 +562,10 @@ export default [ show: 'true', type: 'area', mode: 'stacked', - data: { label: 'Count', id: '1' }, + data: { + label: 'Count', + id: '1', + }, drawLinesBetweenPoints: true, showCircles: true, interpolate: 'cardinal', @@ -512,49 +577,15 @@ export default [ legendPosition: 'right', times: [], addTimeMarker: false, - }, - aggs: [ - { - id: '1', - enabled: true, - type: 'count', - schema: 'metric', - params: {}, - }, - { - id: '2', - enabled: true, - type: 'date_histogram', - schema: 'segment', - params: { - field: 'timestamp', - timeRange: { from: 'now-24h', to: 'now', mode: 'quick' }, - useNormalizedEsInterval: true, - interval: 'auto', - time_zone: 'Europe/Berlin', - drop_partials: false, - customInterval: '2h', - min_doc_count: 1, - extended_bounds: {}, - }, - }, - { - id: '3', - enabled: true, - type: 'terms', - schema: 'group', - params: { - field: 'rule.level', - size: '15', - order: 'desc', - orderBy: '1', - otherBucket: false, - otherBucketLabel: 'Other', - missingBucket: false, - missingBucketLabel: 'Missing', - }, + thresholdLine: { + show: false, + value: 10, + width: 1, + style: 'full', + color: '#E7664C', }, - ], + labels: {}, + }, }), uiStateJSON: '{}', description: '', @@ -592,7 +623,7 @@ export default [ field: 'rule.mitre.technique', orderBy: '1', order: 'desc', - size: 20, + size: 10, otherBucket: false, otherBucketLabel: 'Other', missingBucket: false, diff --git a/plugins/main/server/integration-files/visualizations/overview/overview-github.ts b/plugins/main/server/integration-files/visualizations/overview/overview-github.ts index d46e4c7aff..0a6bfc30c7 100644 --- a/plugins/main/server/integration-files/visualizations/overview/overview-github.ts +++ b/plugins/main/server/integration-files/visualizations/overview/overview-github.ts @@ -25,6 +25,22 @@ export default [ params: {}, schema: 'metric', }, + { + id: '3', + enabled: true, + type: 'terms', + params: { + field: 'data.github.org', + orderBy: '1', + order: 'desc', + size: 5, + otherBucket: false, + otherBucketLabel: 'Other', + missingBucket: false, + missingBucketLabel: 'Missing', + }, + schema: 'group', + }, { id: '2', enabled: true, @@ -45,22 +61,6 @@ export default [ }, schema: 'segment', }, - { - id: '3', - enabled: true, - type: 'terms', - params: { - field: 'data.github.org', - orderBy: '1', - order: 'desc', - size: 5, - otherBucket: false, - otherBucketLabel: 'Other', - missingBucket: false, - missingBucketLabel: 'Missing', - }, - schema: 'group', - }, ], params: { type: 'area', diff --git a/plugins/main/server/integration-files/visualizations/overview/overview-mitre.ts b/plugins/main/server/integration-files/visualizations/overview/overview-mitre.ts index 8bfcc5efc1..70183f86a1 100644 --- a/plugins/main/server/integration-files/visualizations/overview/overview-mitre.ts +++ b/plugins/main/server/integration-files/visualizations/overview/overview-mitre.ts @@ -16,7 +16,13 @@ export default [ title: 'Mitre attack count', visState: JSON.stringify({ aggs: [ - { enabled: true, id: '1', params: {}, schema: 'metric', type: 'count' }, + { + enabled: true, + id: '1', + params: {}, + schema: 'metric', + type: 'count', + }, { enabled: true, id: '2', @@ -38,7 +44,14 @@ export default [ params: { dimensions: { buckets: [], - metrics: [{ accessor: 0, aggType: 'count', format: { id: 'number' }, params: {} }], + metrics: [ + { + accessor: 0, + aggType: 'count', + format: { id: 'number' }, + params: {}, + }, + ], }, perPage: 10, percentageCol: '', @@ -118,7 +131,13 @@ export default [ times: [], addTimeMarker: false, labels: {}, - thresholdLine: { show: false, value: 10, width: 1, style: 'full', color: '#34130C' }, + thresholdLine: { + show: false, + value: 10, + width: 1, + style: 'full', + color: '#34130C', + }, dimensions: { x: { accessor: 0, @@ -127,11 +146,21 @@ export default [ date: true, interval: 'PT3H', format: 'YYYY-MM-DD HH:mm', - bounds: { min: '2019-11-07T15:45:45.770Z', max: '2019-11-14T15:45:45.770Z' }, + bounds: { + min: '2019-11-07T15:45:45.770Z', + max: '2019-11-14T15:45:45.770Z', + }, }, aggType: 'date_histogram', }, - y: [{ accessor: 2, format: { id: 'number' }, params: {}, aggType: 'count' }], + y: [ + { + accessor: 2, + format: { id: 'number' }, + params: {}, + aggType: 'count', + }, + ], series: [ { accessor: 1, @@ -150,21 +179,12 @@ export default [ }, }, aggs: [ - { id: '1', enabled: true, type: 'count', schema: 'metric', params: {} }, { - id: '2', + id: '1', enabled: true, - type: 'date_histogram', - schema: 'segment', - params: { - field: 'timestamp', - timeRange: { from: 'now-7d', to: 'now' }, - useNormalizedEsInterval: true, - interval: 'auto', - drop_partials: false, - min_doc_count: 1, - extended_bounds: {}, - }, + type: 'count', + schema: 'metric', + params: {}, }, { id: '3', @@ -183,6 +203,21 @@ export default [ missingBucketLabel: 'Missing', }, }, + { + id: '2', + enabled: true, + type: 'date_histogram', + schema: 'segment', + params: { + field: 'timestamp', + timeRange: { from: 'now-7d', to: 'now' }, + useNormalizedEsInterval: true, + interval: 'auto', + drop_partials: false, + min_doc_count: 1, + extended_bounds: {}, + }, + }, ], }), uiStateJSON: '{}', @@ -211,13 +246,29 @@ export default [ addLegend: true, legendPosition: 'right', isDonut: true, - labels: { show: false, values: true, last_level: true, truncate: 100 }, + labels: { + show: false, + values: true, + last_level: true, + truncate: 100, + }, dimensions: { - metric: { accessor: 0, format: { id: 'number' }, params: {}, aggType: 'count' }, + metric: { + accessor: 0, + format: { id: 'number' }, + params: {}, + aggType: 'count', + }, }, }, aggs: [ - { id: '1', enabled: true, type: 'count', schema: 'metric', params: {} }, + { + id: '1', + enabled: true, + type: 'count', + schema: 'metric', + params: {}, + }, { id: '2', enabled: true, @@ -317,10 +368,23 @@ export default [ times: [], addTimeMarker: false, labels: { show: false }, - thresholdLine: { show: false, value: 10, width: 1, style: 'full', color: '#34130C' }, + thresholdLine: { + show: false, + value: 10, + width: 1, + style: 'full', + color: '#34130C', + }, dimensions: { x: null, - y: [{ accessor: 1, format: { id: 'number' }, params: {}, aggType: 'count' }], + y: [ + { + accessor: 1, + format: { id: 'number' }, + params: {}, + aggType: 'count', + }, + ], series: [ { accessor: 0, @@ -339,7 +403,13 @@ export default [ }, }, aggs: [ - { id: '1', enabled: true, type: 'count', schema: 'metric', params: {} }, + { + id: '1', + enabled: true, + type: 'count', + schema: 'metric', + params: {}, + }, { id: '2', enabled: true, @@ -415,12 +485,23 @@ export default [ accessor: 1, format: { id: 'terms', - params: { id: 'string', otherBucketLabel: 'Other', missingBucketLabel: 'Missing' }, + params: { + id: 'string', + otherBucketLabel: 'Other', + missingBucketLabel: 'Missing', + }, }, params: {}, aggType: 'terms', }, - y: [{ accessor: 2, format: { id: 'number' }, params: {}, aggType: 'count' }], + y: [ + { + accessor: 2, + format: { id: 'number' }, + params: {}, + aggType: 'count', + }, + ], series: [ { accessor: 0, @@ -452,7 +533,13 @@ export default [ valueAxis: 'ValueAxis-1', }, ], - thresholdLine: { color: '#34130C', show: false, style: 'full', value: 10, width: 1 }, + thresholdLine: { + color: '#34130C', + show: false, + style: 'full', + value: 10, + width: 1, + }, times: [], type: 'area', valueAxes: [ @@ -470,7 +557,13 @@ export default [ ], }, aggs: [ - { id: '1', enabled: true, type: 'count', schema: 'metric', params: {} }, + { + id: '1', + enabled: true, + type: 'count', + schema: 'metric', + params: {}, + }, { id: '3', enabled: true, @@ -531,9 +624,19 @@ export default [ addLegend: true, legendPosition: 'right', isDonut: false, - labels: { show: false, values: true, last_level: true, truncate: 100 }, + labels: { + show: false, + values: true, + last_level: true, + truncate: 100, + }, dimensions: { - metric: { accessor: 1, format: { id: 'number' }, params: {}, aggType: 'count' }, + metric: { + accessor: 1, + format: { id: 'number' }, + params: {}, + aggType: 'count', + }, buckets: [ { accessor: 0, @@ -552,7 +655,13 @@ export default [ }, }, aggs: [ - { id: '1', enabled: true, type: 'count', schema: 'metric', params: {} }, + { + id: '1', + enabled: true, + type: 'count', + schema: 'metric', + params: {}, + }, { id: '2', enabled: true, @@ -602,7 +711,13 @@ export default [ totalFunc: 'sum', }, aggs: [ - { id: '1', enabled: true, type: 'count', schema: 'metric', params: {} }, + { + id: '1', + enabled: true, + type: 'count', + schema: 'metric', + params: {}, + }, { id: '2', enabled: true, @@ -656,7 +771,8 @@ export default [ }, ], }), - uiStateJSON: '{"vis":{"params":{"sort":{"columnIndex":3,"direction":"desc"}}}}', + uiStateJSON: + '{"vis":{"params":{"sort":{"columnIndex":3,"direction":"desc"}}}}', description: '', version: 1, kibanaSavedObjectMeta: { diff --git a/plugins/main/server/integration-files/visualizations/overview/overview-nist.ts b/plugins/main/server/integration-files/visualizations/overview/overview-nist.ts index 1c8836bdd5..481e4d1c90 100644 --- a/plugins/main/server/integration-files/visualizations/overview/overview-nist.ts +++ b/plugins/main/server/integration-files/visualizations/overview/overview-nist.ts @@ -71,11 +71,21 @@ export default [ date: true, interval: 'PT1H', format: 'YYYY-MM-DD HH:mm', - bounds: { min: '2019-08-20T12:33:23.360Z', max: '2019-08-22T12:33:23.360Z' }, + bounds: { + min: '2019-08-20T12:33:23.360Z', + max: '2019-08-22T12:33:23.360Z', + }, }, aggType: 'date_histogram', }, - y: [{ accessor: 2, format: { id: 'number' }, params: {}, aggType: 'count' }], + y: [ + { + accessor: 2, + format: { id: 'number' }, + params: {}, + aggType: 'count', + }, + ], series: [ { accessor: 1, @@ -94,21 +104,12 @@ export default [ }, }, aggs: [ - { id: '1', enabled: true, type: 'count', schema: 'metric', params: {} }, { - id: '2', + id: '1', enabled: true, - type: 'date_histogram', - schema: 'segment', - params: { - field: 'timestamp', - timeRange: { from: 'now-2d', to: 'now' }, - useNormalizedEsInterval: true, - interval: 'auto', - drop_partials: false, - min_doc_count: 1, - extended_bounds: {}, - }, + type: 'count', + schema: 'metric', + params: {}, }, { id: '4', @@ -119,7 +120,7 @@ export default [ field: 'rule.nist_800_53', orderBy: '1', order: 'desc', - size: 50, + size: 8, otherBucket: false, otherBucketLabel: 'Other', missingBucket: false, @@ -127,6 +128,21 @@ export default [ customLabel: 'Requirement', }, }, + { + id: '2', + enabled: true, + type: 'date_histogram', + schema: 'segment', + params: { + field: 'timestamp', + timeRange: { from: 'now-2d', to: 'now' }, + useNormalizedEsInterval: true, + interval: 'auto', + drop_partials: false, + min_doc_count: 1, + extended_bounds: {}, + }, + }, ], }), uiStateJSON: '{}', @@ -149,7 +165,13 @@ export default [ title: 'Alerts volume by agent', visState: JSON.stringify({ aggs: [ - { enabled: true, id: '1', params: {}, schema: 'metric', type: 'count' }, + { + enabled: true, + id: '1', + params: {}, + schema: 'metric', + type: 'count', + }, { enabled: true, id: '3', @@ -212,11 +234,22 @@ export default [ aggType: 'terms', format: { id: 'terms', - params: { id: 'string', missingBucketLabel: 'Missing', otherBucketLabel: 'Other' }, + params: { + id: 'string', + missingBucketLabel: 'Missing', + otherBucketLabel: 'Other', + }, }, params: {}, }, - y: [{ accessor: 2, aggType: 'count', format: { id: 'number' }, params: {} }], + y: [ + { + accessor: 2, + aggType: 'count', + format: { id: 'number' }, + params: {}, + }, + ], }, enableHover: false, invertColors: false, @@ -228,7 +261,12 @@ export default [ valueAxes: [ { id: 'ValueAxis-1', - labels: { color: 'black', overwriteColor: false, rotate: 0, show: false }, + labels: { + color: 'black', + overwriteColor: false, + rotate: 0, + show: false, + }, scale: { defaultYExtents: false, type: 'linear' }, show: false, type: 'value', @@ -322,12 +360,23 @@ export default [ accessor: 0, format: { id: 'terms', - params: { id: 'string', otherBucketLabel: 'Other', missingBucketLabel: 'Missing' }, + params: { + id: 'string', + otherBucketLabel: 'Other', + missingBucketLabel: 'Missing', + }, }, params: {}, aggType: 'terms', }, - y: [{ accessor: 2, format: { id: 'number' }, params: {}, aggType: 'count' }], + y: [ + { + accessor: 2, + format: { id: 'number' }, + params: {}, + aggType: 'count', + }, + ], series: [ { accessor: 1, @@ -346,7 +395,13 @@ export default [ }, }, aggs: [ - { id: '1', enabled: true, type: 'count', schema: 'metric', params: {} }, + { + id: '1', + enabled: true, + type: 'count', + schema: 'metric', + params: {}, + }, { id: '2', enabled: true, @@ -373,7 +428,7 @@ export default [ field: 'rule.nist_800_53', orderBy: '1', order: 'desc', - size: 10, + size: 9, otherBucket: false, otherBucketLabel: 'Other', missingBucket: false, @@ -412,12 +467,26 @@ export default [ colorsRange: [{ type: 'range', from: 0, to: 10000 }], labels: { show: true }, invertColors: false, - style: { bgFill: '#000', bgColor: false, labelColor: false, subText: '', fontSize: 20 }, + style: { + bgFill: '#000', + bgColor: false, + labelColor: false, + subText: '', + fontSize: 20, + }, }, dimensions: { metrics: [ - { type: 'vis_dimension', accessor: 0, format: { id: 'number', params: {} } }, - { type: 'vis_dimension', accessor: 1, format: { id: 'number', params: {} } }, + { + type: 'vis_dimension', + accessor: 0, + format: { id: 'number', params: {} }, + }, + { + type: 'vis_dimension', + accessor: 1, + format: { id: 'number', params: {} }, + }, ], }, addTooltip: true, @@ -437,7 +506,10 @@ export default [ enabled: true, type: 'max', schema: 'metric', - params: { field: 'rule.level', customLabel: 'Max rule level detected' }, + params: { + field: 'rule.level', + customLabel: 'Max rule level detected', + }, }, ], }), @@ -467,9 +539,19 @@ export default [ addLegend: true, legendPosition: 'right', isDonut: true, - labels: { show: false, values: true, last_level: true, truncate: 100 }, + labels: { + show: false, + values: true, + last_level: true, + truncate: 100, + }, dimensions: { - metric: { accessor: 1, format: { id: 'number' }, params: {}, aggType: 'count' }, + metric: { + accessor: 1, + format: { id: 'number' }, + params: {}, + aggType: 'count', + }, buckets: [ { accessor: 0, @@ -488,7 +570,13 @@ export default [ }, }, aggs: [ - { id: '1', enabled: true, type: 'count', schema: 'metric', params: {} }, + { + id: '1', + enabled: true, + type: 'count', + schema: 'metric', + params: {}, + }, { id: '2', enabled: true, @@ -534,9 +622,19 @@ export default [ addLegend: true, legendPosition: 'right', isDonut: true, - labels: { show: false, values: true, last_level: true, truncate: 100 }, + labels: { + show: false, + values: true, + last_level: true, + truncate: 100, + }, dimensions: { - metric: { accessor: 1, format: { id: 'number' }, params: {}, aggType: 'count' }, + metric: { + accessor: 1, + format: { id: 'number' }, + params: {}, + aggType: 'count', + }, buckets: [ { accessor: 0, @@ -555,7 +653,13 @@ export default [ }, }, aggs: [ - { id: '1', enabled: true, type: 'count', schema: 'metric', params: {} }, + { + id: '1', + enabled: true, + type: 'count', + schema: 'metric', + params: {}, + }, { id: '2', enabled: true, @@ -605,7 +709,14 @@ export default [ showToolbar: true, totalFunc: 'sum', dimensions: { - metrics: [{ accessor: 3, format: { id: 'number' }, params: {}, aggType: 'count' }], + metrics: [ + { + accessor: 3, + format: { id: 'number' }, + params: {}, + aggType: 'count', + }, + ], buckets: [ { accessor: 0, @@ -650,7 +761,13 @@ export default [ }, }, aggs: [ - { id: '1', enabled: true, type: 'count', schema: 'metric', params: {} }, + { + id: '1', + enabled: true, + type: 'count', + schema: 'metric', + params: {}, + }, { id: '2', enabled: true, diff --git a/plugins/main/server/integration-files/visualizations/overview/overview-pci.ts b/plugins/main/server/integration-files/visualizations/overview/overview-pci.ts index f133f5326c..620d2c81bf 100644 --- a/plugins/main/server/integration-files/visualizations/overview/overview-pci.ts +++ b/plugins/main/server/integration-files/visualizations/overview/overview-pci.ts @@ -76,21 +76,11 @@ export default [ params: {}, }, { - id: '2', + id: '1', enabled: true, - type: 'date_histogram', - schema: 'segment', - params: { - field: 'timestamp', - timeRange: { from: 'now-24h', to: 'now', mode: 'quick' }, - useNormalizedEsInterval: true, - interval: 'auto', - time_zone: 'Europe/Berlin', - drop_partials: false, - customInterval: '2h', - min_doc_count: 1, - extended_bounds: {}, - }, + type: 'count', + schema: 'metric', + params: {}, }, { id: '3', @@ -108,6 +98,23 @@ export default [ missingBucketLabel: 'Missing', }, }, + { + id: '2', + enabled: true, + type: 'date_histogram', + schema: 'segment', + params: { + field: 'timestamp', + timeRange: { from: 'now-24h', to: 'now', mode: 'quick' }, + useNormalizedEsInterval: true, + interval: 'auto', + time_zone: 'Europe/Berlin', + drop_partials: false, + customInterval: '2h', + min_doc_count: 1, + extended_bounds: {}, + }, + }, ], }), uiStateJSON: '{}', @@ -346,20 +353,11 @@ export default [ }, }, { - id: '3', + id: '4', enabled: true, - type: 'terms', - schema: 'group', - params: { - field: 'rule.pci_dss', - orderBy: '1', - order: 'desc', - size: 50, - otherBucket: false, - otherBucketLabel: 'Other', - missingBucket: false, - missingBucketLabel: 'Missing', - }, + type: 'count', + schema: 'radius', + params: {}, }, { id: '4', @@ -439,9 +437,56 @@ export default [ visState: JSON.stringify({ title: 'Requirements by agent', type: 'histogram', + aggs: [ + { + id: '1', + enabled: true, + type: 'count', + params: {}, + schema: 'metric', + }, + { + id: '3', + enabled: true, + type: 'terms', + params: { + field: 'agent.name', + orderBy: '1', + order: 'desc', + size: 5, + otherBucket: false, + otherBucketLabel: 'Other', + missingBucket: false, + missingBucketLabel: 'Missing', + }, + schema: 'group', + }, + { + id: '2', + enabled: true, + type: 'terms', + params: { + field: 'rule.pci_dss', + orderBy: '1', + order: 'desc', + size: 5, + otherBucket: false, + otherBucketLabel: 'Other', + missingBucket: false, + missingBucketLabel: 'Missing', + customLabel: 'Requirements', + }, + schema: 'segment', + }, + ], params: { type: 'histogram', - grid: { categoryLines: false, style: { color: '#eee' } }, + grid: { + categoryLines: false, + style: { + color: '#eee', + }, + }, categoryAxes: [ { id: 'CategoryAxis-1', @@ -449,8 +494,15 @@ export default [ position: 'bottom', show: true, style: {}, - scale: { type: 'linear' }, - labels: { show: true, filter: true, truncate: 100, rotate: 0 }, + scale: { + type: 'linear', + }, + labels: { + show: true, + filter: true, + truncate: 100, + rotate: 0, + }, title: {}, }, ], @@ -462,9 +514,19 @@ export default [ position: 'left', show: true, style: {}, - scale: { type: 'linear', mode: 'normal' }, - labels: { show: true, rotate: 0, filter: false, truncate: 100 }, - title: { text: 'Count' }, + scale: { + type: 'linear', + mode: 'normal', + }, + labels: { + show: true, + rotate: 0, + filter: false, + truncate: 100, + }, + title: { + text: 'Count', + }, }, ], seriesParams: [ @@ -472,7 +534,10 @@ export default [ show: 'true', type: 'histogram', mode: 'stacked', - data: { label: 'Count', id: '1' }, + data: { + label: 'Count', + id: '1', + }, valueAxis: 'ValueAxis-1', drawLinesBetweenPoints: true, showCircles: true, @@ -484,41 +549,17 @@ export default [ times: [], addTimeMarker: false, radiusRatio: 51, - }, - aggs: [ - { - id: '1', - enabled: true, - type: 'count', - schema: 'metric', - params: {}, - }, - { - id: '2', - enabled: true, - type: 'terms', - schema: 'segment', - params: { - field: 'rule.pci_dss', - size: 5, - order: 'desc', - orderBy: '1', - customLabel: 'Requirements', - }, + labels: { + show: false, }, - { - id: '3', - enabled: true, - type: 'terms', - schema: 'group', - params: { - field: 'agent.name', - size: 5, - order: 'desc', - orderBy: '1', - }, + thresholdLine: { + show: false, + value: 10, + width: 1, + style: 'full', + color: '#E7664C', }, - ], + }, }), uiStateJSON: '{}', description: '', diff --git a/plugins/main/server/integration-files/visualizations/overview/overview-pm.ts b/plugins/main/server/integration-files/visualizations/overview/overview-pm.ts index 613218fd42..38a52b0f9e 100644 --- a/plugins/main/server/integration-files/visualizations/overview/overview-pm.ts +++ b/plugins/main/server/integration-files/visualizations/overview/overview-pm.ts @@ -155,111 +155,6 @@ export default [ }, }, }, - // { - // _id: 'Wazuh-App-Overview-PM-Events-over-time', - // _type: 'visualization', - // _source: { - // title: 'Events over time', - // visState: JSON.stringify({ - // title: 'Events over time', - // type: 'area', - // params: { - // scale: 'linear', - // yAxis: {}, - // smoothLines: true, - // addTimeMarker: false, - // interpolate: 'linear', - // addLegend: true, - // shareYAxis: true, - // mode: 'overlap', - // defaultYExtents: false, - // setYExtents: false, - // addTooltip: true, - // times: [], - // type: 'area', - // grid: { categoryLines: false, style: { color: '#eee' } }, - // categoryAxes: [ - // { - // id: 'CategoryAxis-1', - // type: 'category', - // position: 'bottom', - // show: true, - // style: {}, - // scale: { type: 'linear' }, - // labels: { show: true, filter: true, truncate: 100 }, - // title: {}, - // }, - // ], - // valueAxes: [ - // { - // id: 'ValueAxis-1', - // name: 'LeftAxis-1', - // type: 'value', - // position: 'left', - // show: true, - // style: {}, - // scale: { type: 'linear', mode: 'normal', setYExtents: false, defaultYExtents: false }, - // labels: { show: true, rotate: 0, filter: false, truncate: 100 }, - // title: { text: 'Count' }, - // }, - // ], - // seriesParams: [ - // { - // show: 'true', - // type: 'area', - // mode: 'normal', - // data: { label: 'Count', id: '1' }, - // interpolate: 'cardinal', - // valueAxis: 'ValueAxis-1', - // }, - // ], - // legendPosition: 'right', - // }, - // aggs: [ - // { id: '1', enabled: true, type: 'count', schema: 'metric', params: {} }, - // { - // id: '2', - // enabled: true, - // type: 'terms', - // schema: 'group', - // params: { - // field: 'rule.description', - // otherBucket: false, - // otherBucketLabel: 'Other', - // missingBucket: false, - // missingBucketLabel: 'Missing', - // size: 5, - // order: 'desc', - // orderBy: '1', - // }, - // }, - // { - // id: '3', - // enabled: true, - // type: 'date_histogram', - // schema: 'segment', - // params: { - // field: 'timestamp', - // interval: 'auto', - // customInterval: '2h', - // min_doc_count: 1, - // extended_bounds: {}, - // }, - // }, - // ], - // }), - // uiStateJSON: '{}', - // description: '', - // version: 1, - // kibanaSavedObjectMeta: { - // searchSourceJSON: JSON.stringify({ - // index: 'wazuh-alerts', - // filter: [], - // query: { query: '', language: 'lucene' }, - // }), - // }, - // }, - // }, { _id: 'Wazuh-App-Overview-PM-Rootkits-Activity-Over-Time', _type: 'visualization', diff --git a/plugins/main/server/integration-files/visualizations/overview/overview-tsc.ts b/plugins/main/server/integration-files/visualizations/overview/overview-tsc.ts index d083a04bcd..25f694effa 100644 --- a/plugins/main/server/integration-files/visualizations/overview/overview-tsc.ts +++ b/plugins/main/server/integration-files/visualizations/overview/overview-tsc.ts @@ -19,7 +19,11 @@ export default [ type: 'area', params: { type: 'area', - grid: { categoryLines: true, style: { color: '#eee' }, valueAxis: 'ValueAxis-1' }, + grid: { + categoryLines: true, + style: { color: '#eee' }, + valueAxis: 'ValueAxis-1', + }, categoryAxes: [ { id: 'CategoryAxis-1', @@ -64,23 +68,12 @@ export default [ addTimeMarker: false, }, aggs: [ - { id: '1', enabled: true, type: 'count', schema: 'metric', params: {} }, { - id: '2', + id: '1', enabled: true, - type: 'date_histogram', - schema: 'segment', - params: { - field: 'timestamp', - timeRange: { from: 'now-24h', to: 'now', mode: 'quick' }, - useNormalizedEsInterval: true, - interval: 'auto', - time_zone: 'Europe/Berlin', - drop_partials: false, - customInterval: '2h', - min_doc_count: 1, - extended_bounds: {}, - }, + type: 'count', + schema: 'metric', + params: {}, }, { id: '3', @@ -98,6 +91,23 @@ export default [ missingBucketLabel: 'Missing', }, }, + { + id: '2', + enabled: true, + type: 'date_histogram', + schema: 'segment', + params: { + field: 'timestamp', + timeRange: { from: 'now-24h', to: 'now', mode: 'quick' }, + useNormalizedEsInterval: true, + interval: 'auto', + time_zone: 'Europe/Berlin', + drop_partials: false, + customInterval: '2h', + min_doc_count: 1, + extended_bounds: {}, + }, + }, ], }), uiStateJSON: '{}', @@ -140,12 +150,23 @@ export default [ id: 'ValueAxis-1', type: 'value', scale: { type: 'linear', defaultYExtents: false }, - labels: { show: false, rotate: 0, overwriteColor: false, color: '#555' }, + labels: { + show: false, + rotate: 0, + overwriteColor: false, + color: '#555', + }, }, ], }, aggs: [ - { id: '1', enabled: true, type: 'count', schema: 'metric', params: {} }, + { + id: '1', + enabled: true, + type: 'count', + schema: 'metric', + params: {}, + }, { id: '2', enabled: true, @@ -267,8 +288,22 @@ export default [ params: { date: true, interval: 'P1D', format: 'YYYY-MM-DD' }, aggType: 'date_histogram', }, - y: [{ accessor: 2, format: { id: 'number' }, params: {}, aggType: 'count' }], - z: [{ accessor: 3, format: { id: 'number' }, params: {}, aggType: 'count' }], + y: [ + { + accessor: 2, + format: { id: 'number' }, + params: {}, + aggType: 'count', + }, + ], + z: [ + { + accessor: 3, + format: { id: 'number' }, + params: {}, + aggType: 'count', + }, + ], series: [ { accessor: 1, @@ -288,21 +323,12 @@ export default [ radiusRatio: 50, }, aggs: [ - { id: '1', enabled: true, type: 'count', schema: 'metric', params: {} }, { - id: '2', + id: '1', enabled: true, - type: 'date_histogram', - schema: 'segment', - params: { - field: 'timestamp', - timeRange: { from: 'now-1h', to: 'now' }, - useNormalizedEsInterval: true, - interval: 'auto', - drop_partials: false, - min_doc_count: 1, - extended_bounds: {}, - }, + type: 'count', + schema: 'metric', + params: {}, }, { id: '3', @@ -313,14 +339,35 @@ export default [ field: 'rule.tsc', orderBy: '1', order: 'desc', - size: 50, + size: 10, otherBucket: false, otherBucketLabel: 'Other', missingBucket: false, missingBucketLabel: 'Missing', }, }, - { id: '4', enabled: true, type: 'count', schema: 'radius', params: {} }, + { + id: '2', + enabled: true, + type: 'date_histogram', + schema: 'segment', + params: { + field: 'timestamp', + timeRange: { from: 'now-1h', to: 'now' }, + useNormalizedEsInterval: true, + interval: 'auto', + drop_partials: false, + min_doc_count: 1, + extended_bounds: {}, + }, + }, + { + id: '4', + enabled: true, + type: 'count', + schema: 'radius', + params: {}, + }, ], }), uiStateJSON: '{}', @@ -351,13 +398,24 @@ export default [ isDonut: false, }, aggs: [ - { id: '1', enabled: true, type: 'count', schema: 'metric', params: {} }, + { + id: '1', + enabled: true, + type: 'count', + schema: 'metric', + params: {}, + }, { id: '2', enabled: true, type: 'terms', schema: 'segment', - params: { field: 'agent.name', size: 10, order: 'desc', orderBy: '1' }, + params: { + field: 'agent.name', + size: 10, + order: 'desc', + orderBy: '1', + }, }, ], }), @@ -428,7 +486,13 @@ export default [ radiusRatio: 51, }, aggs: [ - { id: '1', enabled: true, type: 'count', schema: 'metric', params: {} }, + { + id: '1', + enabled: true, + type: 'count', + schema: 'metric', + params: {}, + }, { id: '2', enabled: true, @@ -447,7 +511,12 @@ export default [ enabled: true, type: 'terms', schema: 'group', - params: { field: 'agent.name', size: 5, order: 'desc', orderBy: '1' }, + params: { + field: 'agent.name', + size: 5, + order: 'desc', + orderBy: '1', + }, }, ], }), @@ -482,7 +551,13 @@ export default [ totalFunc: 'sum', }, aggs: [ - { id: '1', enabled: true, type: 'count', schema: 'metric', params: {} }, + { + id: '1', + enabled: true, + type: 'count', + schema: 'metric', + params: {}, + }, { id: '2', enabled: true, @@ -568,7 +643,13 @@ export default [ totalFunc: 'sum', }, aggs: [ - { id: '1', enabled: true, type: 'count', schema: 'metric', params: {} }, + { + id: '1', + enabled: true, + type: 'count', + schema: 'metric', + params: {}, + }, { id: '2', enabled: true, diff --git a/plugins/main/server/integration-files/visualizations/overview/overview-virustotal.ts b/plugins/main/server/integration-files/visualizations/overview/overview-virustotal.ts index 6effe6cefa..9a73843577 100644 --- a/plugins/main/server/integration-files/visualizations/overview/overview-virustotal.ts +++ b/plugins/main/server/integration-files/visualizations/overview/overview-virustotal.ts @@ -24,7 +24,12 @@ export default [ addLegend: true, legendPosition: 'right', isDonut: true, - labels: { show: false, values: true, last_level: true, truncate: 100 }, + labels: { + show: false, + values: true, + last_level: true, + truncate: 100, + }, }, aggs: [ { @@ -39,7 +44,12 @@ export default [ enabled: true, type: 'terms', schema: 'segment', - params: { field: 'data.virustotal.source.file', size: 5, order: 'desc', orderBy: '1' }, + params: { + field: 'data.virustotal.source.file', + size: 5, + order: 'desc', + orderBy: '1', + }, }, ], }), @@ -139,7 +149,13 @@ export default [ colorsRange: [{ from: 0, to: 10000 }], labels: { show: true }, invertColors: false, - style: { bgFill: '#000', bgColor: false, labelColor: false, subText: '', fontSize: 20 }, + style: { + bgFill: '#000', + bgColor: false, + labelColor: false, + subText: '', + fontSize: 20, + }, }, }, aggs: [ @@ -211,7 +227,13 @@ export default [ colorsRange: [{ from: 0, to: 10000 }], labels: { show: true }, invertColors: false, - style: { bgFill: '#000', bgColor: false, labelColor: false, subText: '', fontSize: 20 }, + style: { + bgFill: '#000', + bgColor: false, + labelColor: false, + subText: '', + fontSize: 20, + }, }, }, aggs: [ @@ -432,7 +454,13 @@ export default [ colorsRange: [{ from: 0, to: 10000 }], labels: { show: true }, invertColors: false, - style: { bgFill: '#000', bgColor: false, labelColor: false, subText: '', fontSize: 20 }, + style: { + bgFill: '#000', + bgColor: false, + labelColor: false, + subText: '', + fontSize: 20, + }, }, }, aggs: [ @@ -573,7 +601,12 @@ export default [ addLegend: true, legendPosition: 'right', isDonut: true, - labels: { show: false, values: true, last_level: true, truncate: 100 }, + labels: { + show: false, + values: true, + last_level: true, + truncate: 100, + }, }, aggs: [ { @@ -588,7 +621,12 @@ export default [ enabled: true, type: 'terms', schema: 'segment', - params: { field: 'agent.name', size: 5, order: 'desc', orderBy: '1' }, + params: { + field: 'agent.name', + size: 5, + order: 'desc', + orderBy: '1', + }, }, ], }), @@ -685,7 +723,13 @@ export default [ times: [], addTimeMarker: false, labels: { show: false }, - thresholdLine: { show: false, value: 10, width: 1, style: 'full', color: '#E7664C' }, + thresholdLine: { + show: false, + value: 10, + width: 1, + style: 'full', + color: '#E7664C', + }, dimensions: { x: { accessor: 0, @@ -696,7 +740,10 @@ export default [ intervalOpenSearchValue: 3, intervalOpenSearchUnit: 'h', format: 'YYYY-MM-DD HH:mm', - bounds: { min: '2020-04-17T12:11:35.943Z', max: '2020-04-24T12:11:35.944Z' }, + bounds: { + min: '2020-04-17T12:11:35.943Z', + max: '2020-04-24T12:11:35.944Z', + }, }, label: 'timestamp per 3 hours', aggType: 'date_histogram', @@ -732,22 +779,12 @@ export default [ radiusRatio: 50, }, aggs: [ - { id: '1', enabled: true, type: 'count', schema: 'metric', params: {} }, { - id: '2', + id: '1', enabled: true, - type: 'date_histogram', - schema: 'segment', - params: { - field: 'timestamp', - timeRange: { from: 'now-7d', to: 'now' }, - useNormalizedEsInterval: true, - scaleMetricValues: false, - interval: 'auto', - drop_partials: false, - min_doc_count: 1, - extended_bounds: {}, - }, + type: 'count', + schema: 'metric', + params: {}, }, { id: '3', @@ -765,6 +802,22 @@ export default [ missingBucketLabel: 'Missing', }, }, + { + id: '2', + enabled: true, + type: 'date_histogram', + schema: 'segment', + params: { + field: 'timestamp', + timeRange: { from: 'now-7d', to: 'now' }, + useNormalizedEsInterval: true, + scaleMetricValues: false, + interval: 'auto', + drop_partials: false, + min_doc_count: 1, + extended_bounds: {}, + }, + }, ], }), uiStateJSON: JSON.stringify({ @@ -854,7 +907,13 @@ export default [ totalFunc: 'sum', }, aggs: [ - { id: '1', enabled: true, type: 'count', schema: 'metric', params: {} }, + { + id: '1', + enabled: true, + type: 'count', + schema: 'metric', + params: {}, + }, { id: '2', enabled: true, diff --git a/plugins/main/test/cypress/cypress/fixtures/configuration.panel.text.json b/plugins/main/test/cypress/cypress/fixtures/configuration.panel.text.json index ff156065aa..5f23722d0f 100644 --- a/plugins/main/test/cypress/cypress/fixtures/configuration.panel.text.json +++ b/plugins/main/test/cypress/cypress/fixtures/configuration.panel.text.json @@ -94,6 +94,11 @@ "title": "Set time filter to 24h", "subTitle": "Change the default value of the Kibana timeFilter configuration", "label": "checks.timeFilter" + }, + { + "title": "Vulnerabilities index pattern", + "subTitle": "Enable or disable the vulnerabilities index pattern health check when opening the app.", + "label": "checks.vulnerabilities.pattern" } ] }, @@ -130,6 +135,11 @@ "subTitle": "Default index pattern to use for Wazuh monitoring.", "label": "wazuh.monitoring.pattern" }, + { + "title": "Index pattern", + "subTitle": "Default index pattern to use for vulnerabilities.", + "label": "vulnerabilities.pattern" + }, { "title": "", "subTitle": "", @@ -177,6 +187,21 @@ } ] }, + { + "name": "Vulnerabilities", + "items": [ + { + "title": "Index pattern", + "subTitle": "Default index pattern to use for vulnerabilities.", + "label": "vulnerabilities.pattern" + }, + { + "title": "", + "subTitle": "", + "label": "" + } + ] + }, { "name": "Logo Customization", "items": [ diff --git a/plugins/main/test/cypress/images/wazuh_manager_filebeat_sources_cmake/Dockerfile b/plugins/main/test/cypress/images/wazuh_manager_filebeat_sources_cmake/Dockerfile index fdd3e01e34..1dddbbf285 100755 --- a/plugins/main/test/cypress/images/wazuh_manager_filebeat_sources_cmake/Dockerfile +++ b/plugins/main/test/cypress/images/wazuh_manager_filebeat_sources_cmake/Dockerfile @@ -44,4 +44,4 @@ EXPOSE 55000 # WAZUH_VERSION - Define the Wazuh branch/tag to install. [WAZUH_VERSION=4.1.0] # FILEBEAT_VERSION - Filebeat Version # FILEBEAT_WAZUH_TEMPLATE_URL - Link with the Wazuh template. [FILEBEAT_WAZUH_TEMPLATE_URL=https://raw.githubusercontent.com/wazuh/wazuh/4.0/extensions/elasticsearch/7.x/wazuh-template.json] -# FILEBEAT_WAZUH_MODULE_URL - Link with the Wazuh Filebeat module. [FILEBEAT_WAZUH_MODULE_URL=https://packages.wazuh.com/4.x/filebeat/wazuh-filebeat-0.1.tar.gz] \ No newline at end of file +# FILEBEAT_WAZUH_MODULE_URL - Link with the Wazuh Filebeat module. [FILEBEAT_WAZUH_MODULE_URL=https://packages.wazuh.com/4.x/filebeat/wazuh-filebeat-0.3.tar.gz] diff --git a/plugins/wazuh-check-updates/opensearch_dashboards.json b/plugins/wazuh-check-updates/opensearch_dashboards.json index fc816ab6d5..112f05fa5a 100644 --- a/plugins/wazuh-check-updates/opensearch_dashboards.json +++ b/plugins/wazuh-check-updates/opensearch_dashboards.json @@ -1,6 +1,6 @@ { "id": "wazuhCheckUpdates", - "version": "4.8.0-00", + "version": "4.8.1-00", "opensearchDashboardsVersion": "opensearchDashboards", "server": true, "ui": true, diff --git a/plugins/wazuh-check-updates/package.json b/plugins/wazuh-check-updates/package.json index db8f3dd5ea..106451ed81 100644 --- a/plugins/wazuh-check-updates/package.json +++ b/plugins/wazuh-check-updates/package.json @@ -1,6 +1,6 @@ { "name": "wazuh-check-updates", - "version": "4.8.0", + "version": "4.8.1", "revision": "00", "pluginPlatform": { "version": "2.10.0" @@ -14,7 +14,7 @@ "test:ui:runner": "node ../../scripts/functional_test_runner.js", "test:server": "plugin-helpers test:server", "test:browser": "plugin-helpers test:browser", - "test:jest": "node scripts/jest", + "test:jest": "node scripts/jest --runInBand", "test:jest:runner": "node scripts/runner test" }, "dependencies": { diff --git a/plugins/wazuh-core/common/constants.ts b/plugins/wazuh-core/common/constants.ts index b4bbc5897e..4949a30685 100644 --- a/plugins/wazuh-core/common/constants.ts +++ b/plugins/wazuh-core/common/constants.ts @@ -48,6 +48,9 @@ export const WAZUH_STATISTICS_DEFAULT_STATUS = true; export const WAZUH_STATISTICS_DEFAULT_FREQUENCY = 900; export const WAZUH_STATISTICS_DEFAULT_CRON_FREQ = '0 */5 * * * *'; +// Wazuh vulnerabilities +export const WAZUH_VULNERABILITIES_PATTERN = 'wazuh-states-vulnerabilities'; + // Job - Wazuh initialize export const WAZUH_PLUGIN_PLATFORM_TEMPLATE_NAME = 'wazuh-kibana'; @@ -105,10 +108,7 @@ export const WAZUH_CONFIGURATION_CACHE_TIME = 10000; // time in ms; // Reserved ids for Users/Role mapping export const WAZUH_API_RESERVED_ID_LOWER_THAN = 100; -export const WAZUH_API_RESERVED_WUI_SECURITY_RULES = [ - 1, - 2 -]; +export const WAZUH_API_RESERVED_WUI_SECURITY_RULES = [1, 2]; // Wazuh data path const WAZUH_DATA_PLUGIN_PLATFORM_BASE_PATH = 'data'; @@ -321,7 +321,7 @@ export const PLUGIN_PLATFORM_WAZUH_DOCUMENTATION_URL_PATH_TROUBLESHOOTING = export const PLUGIN_PLATFORM_WAZUH_DOCUMENTATION_URL_PATH_APP_CONFIGURATION = 'user-manual/wazuh-dashboard/config-file.html'; export const PLUGIN_PLATFORM_URL_GUIDE = - 'https://opensearch.org/docs/1.2/opensearch/index/'; + 'https://opensearch.org/docs/2.10/about'; export const PLUGIN_PLATFORM_URL_GUIDE_TITLE = 'OpenSearch guide'; export const PLUGIN_PLATFORM_REQUEST_HEADERS = { @@ -405,6 +405,10 @@ export const ELASTIC_NAME = 'elastic'; // Default Wazuh indexer name export const WAZUH_INDEXER_NAME = 'Wazuh indexer'; +// Not timeFieldName on index pattern +export const NOT_TIME_FIELD_NAME_INDEX_PATTERN = + 'not_time_field_name_index_pattern'; + // Customization export const CUSTOMIZATION_ENDPOINT_PAYLOAD_UPLOAD_CUSTOM_FILE_MAXIMUM_BYTES = 1048576; @@ -412,9 +416,9 @@ export const CUSTOMIZATION_ENDPOINT_PAYLOAD_UPLOAD_CUSTOM_FILE_MAXIMUM_BYTES = 1 export enum SettingCategory { GENERAL, HEALTH_CHECK, - EXTENSIONS, MONITORING, STATISTICS, + VULNERABILITIES, SECURITY, CUSTOMIZATION, } @@ -510,12 +514,12 @@ export type TPluginSetting = { requiresRestartingPluginPlatform?: boolean; // Define options related to the `type`. options?: - | TPluginSettingOptionsEditor - | TPluginSettingOptionsFile - | TPluginSettingOptionsNumber - | TPluginSettingOptionsSelect - | TPluginSettingOptionsSwitch - | TPluginSettingOptionsTextArea; + | TPluginSettingOptionsEditor + | TPluginSettingOptionsFile + | TPluginSettingOptionsNumber + | TPluginSettingOptionsSelect + | TPluginSettingOptionsSwitch + | TPluginSettingOptionsTextArea; // Transform the input value. The result is saved in the form global state of Settings/Configuration uiFormTransformChangedInputValue?: (value: any) => any; // Transform the configuration value or default as initial value for the input in Settings/Configuration @@ -550,10 +554,6 @@ export const PLUGIN_SETTINGS_CATEGORIES: { 'Basic app settings related to alerts index pattern, hide the manager alerts in the dashboards, logs level and more.', renderOrder: SettingCategory.GENERAL, }, - [SettingCategory.EXTENSIONS]: { - title: 'Initial display state of the modules of the new API host entries.', - description: 'Extensions.', - }, [SettingCategory.SECURITY]: { title: 'Security', description: 'Application security options such as unauthorized roles.', @@ -571,6 +571,12 @@ export const PLUGIN_SETTINGS_CATEGORIES: { 'Options related to the daemons manager monitoring job and their storage in indexes.', renderOrder: SettingCategory.STATISTICS, }, + [SettingCategory.VULNERABILITIES]: { + title: 'Vulnerabilities', + description: + 'Options related to the agent vulnerabilities monitoring job and its storage in indexes.', + renderOrder: SettingCategory.VULNERABILITIES, + }, [SettingCategory.CUSTOMIZATION]: { title: 'Custom branding', description: @@ -828,6 +834,33 @@ export const PLUGIN_SETTINGS: { [key: string]: TPluginSetting } = { return schema.boolean(); }, }, + 'checks.vulnerabilities.pattern': { + title: 'Vulnerabilities index pattern', + description: + 'Enable or disable the vulnerabilities index pattern health check when opening the app.', + category: SettingCategory.HEALTH_CHECK, + type: EpluginSettingType.switch, + defaultValue: true, + isConfigurableFromFile: true, + isConfigurableFromUI: true, + options: { + switch: { + values: { + disabled: { label: 'false', value: false }, + enabled: { label: 'true', value: true }, + }, + }, + }, + uiFormTransformChangedInputValue: function ( + value: boolean | string, + ): boolean { + return Boolean(value); + }, + validate: SettingsValidator.isBoolean, + validateBackend: function (schema) { + return schema.boolean(); + }, + }, 'cron.prefix': { title: 'Cron prefix', description: 'Define the index prefix of predefined jobs.', @@ -1116,7 +1149,7 @@ export const PLUGIN_SETTINGS: { [key: string]: TPluginSetting } = { }, 'customization.logo.app': { title: 'App main logo', - description: `This logo is used in the app main menu, at the top left corner.`, + description: `This logo is used as loading indicator while the user is logging into Wazuh API.`, category: SettingCategory.CUSTOMIZATION, type: EpluginSettingType.filepicker, defaultValue: '', @@ -1245,51 +1278,6 @@ export const PLUGIN_SETTINGS: { [key: string]: TPluginSetting } = { )(value); }, }, - 'customization.logo.sidebar': { - title: 'Navigation drawer logo', - description: `This is the logo for the app to display in the platform's navigation drawer, this is, the main sidebar collapsible menu.`, - category: SettingCategory.CUSTOMIZATION, - type: EpluginSettingType.filepicker, - defaultValue: '', - isConfigurableFromFile: true, - isConfigurableFromUI: true, - requiresReloadingBrowserTab: true, - options: { - file: { - type: 'image', - extensions: ['.jpeg', '.jpg', '.png', '.svg'], - size: { - maxBytes: - CUSTOMIZATION_ENDPOINT_PAYLOAD_UPLOAD_CUSTOM_FILE_MAXIMUM_BYTES, - }, - recommended: { - dimensions: { - width: 80, - height: 80, - unit: 'px', - }, - }, - store: { - relativePathFileSystem: 'public/assets/custom/images', - filename: 'customization.logo.sidebar', - resolveStaticURL: (filename: string) => - `custom/images/${filename}?v=${Date.now()}`, - // ?v=${Date.now()} is used to force the browser to reload the image when a new file is uploaded - }, - }, - }, - validate: function (value) { - return SettingsValidator.compose( - SettingsValidator.filePickerFileSize({ - ...this.options.file.size, - meaningfulUnit: true, - }), - SettingsValidator.filePickerSupportedExtensions( - this.options.file.extensions, - ), - )(value); - }, - }, 'customization.reports.footer': { title: 'Reports footer', description: 'Set the footer of the reports.', @@ -1330,53 +1318,6 @@ export const PLUGIN_SETTINGS: { [key: string]: TPluginSetting } = { return schema.string({ validate: this.validate.bind(this) }); }, }, - disabled_roles: { - title: 'Disable roles', - description: 'Disabled the plugin visibility for users with the roles.', - category: SettingCategory.SECURITY, - type: EpluginSettingType.editor, - defaultValue: [], - isConfigurableFromFile: true, - isConfigurableFromUI: true, - options: { - editor: { - language: 'json', - }, - }, - uiFormTransformConfigurationValueToInputValue: function (value: any): any { - return JSON.stringify(value); - }, - uiFormTransformInputValueToConfigurationValue: function ( - value: string, - ): any { - try { - return JSON.parse(value); - } catch (error) { - return value; - } - }, - validate: SettingsValidator.json( - SettingsValidator.compose( - SettingsValidator.array( - SettingsValidator.compose( - SettingsValidator.isString, - SettingsValidator.isNotEmptyString, - SettingsValidator.hasNoSpaces, - ), - ), - ), - ), - validateBackend: function (schema) { - return schema.arrayOf( - schema.string({ - validate: SettingsValidator.compose( - SettingsValidator.isNotEmptyString, - SettingsValidator.hasNoSpaces, - ), - }), - ); - }, - }, 'enrollment.dns': { title: 'Enrollment DNS', description: @@ -1405,398 +1346,6 @@ export const PLUGIN_SETTINGS: { [key: string]: TPluginSetting } = { return schema.string({ validate: this.validate }); }, }, - 'extensions.audit': { - title: 'System auditing', - description: 'Enable or disable the Audit tab on Overview and Agents.', - category: SettingCategory.EXTENSIONS, - type: EpluginSettingType.switch, - defaultValue: true, - isConfigurableFromFile: true, - isConfigurableFromUI: false, - options: { - switch: { - values: { - disabled: { label: 'false', value: false }, - enabled: { label: 'true', value: true }, - }, - }, - }, - uiFormTransformChangedInputValue: function ( - value: boolean | string, - ): boolean { - return Boolean(value); - }, - validate: SettingsValidator.isBoolean, - validateBackend: function (schema) { - return schema.boolean(); - }, - }, - 'extensions.aws': { - title: 'Amazon AWS', - description: 'Enable or disable the Amazon (AWS) tab on Overview.', - category: SettingCategory.EXTENSIONS, - type: EpluginSettingType.switch, - defaultValue: false, - isConfigurableFromFile: true, - isConfigurableFromUI: false, - options: { - switch: { - values: { - disabled: { label: 'false', value: false }, - enabled: { label: 'true', value: true }, - }, - }, - }, - uiFormTransformChangedInputValue: function ( - value: boolean | string, - ): boolean { - return Boolean(value); - }, - validate: SettingsValidator.isBoolean, - validateBackend: function (schema) { - return schema.boolean(); - }, - }, - 'extensions.ciscat': { - title: 'CIS-CAT', - description: 'Enable or disable the CIS-CAT tab on Overview and Agents.', - category: SettingCategory.EXTENSIONS, - type: EpluginSettingType.switch, - defaultValue: false, - isConfigurableFromFile: true, - isConfigurableFromUI: false, - options: { - switch: { - values: { - disabled: { label: 'false', value: false }, - enabled: { label: 'true', value: true }, - }, - }, - }, - uiFormTransformChangedInputValue: function ( - value: boolean | string, - ): boolean { - return Boolean(value); - }, - validate: SettingsValidator.isBoolean, - validateBackend: function (schema) { - return schema.boolean(); - }, - }, - 'extensions.docker': { - title: 'Docker listener', - description: - 'Enable or disable the Docker listener tab on Overview and Agents.', - category: SettingCategory.EXTENSIONS, - type: EpluginSettingType.switch, - defaultValue: false, - isConfigurableFromFile: true, - isConfigurableFromUI: false, - options: { - switch: { - values: { - disabled: { label: 'false', value: false }, - enabled: { label: 'true', value: true }, - }, - }, - }, - uiFormTransformChangedInputValue: function ( - value: boolean | string, - ): boolean { - return Boolean(value); - }, - validate: SettingsValidator.isBoolean, - validateBackend: function (schema) { - return schema.boolean(); - }, - }, - 'extensions.gcp': { - title: 'Google Cloud platform', - description: 'Enable or disable the Google Cloud Platform tab on Overview.', - category: SettingCategory.EXTENSIONS, - type: EpluginSettingType.switch, - defaultValue: false, - isConfigurableFromFile: true, - isConfigurableFromUI: false, - options: { - switch: { - values: { - disabled: { label: 'false', value: false }, - enabled: { label: 'true', value: true }, - }, - }, - }, - uiFormTransformChangedInputValue: function ( - value: boolean | string, - ): boolean { - return Boolean(value); - }, - validate: SettingsValidator.isBoolean, - validateBackend: function (schema) { - return schema.boolean(); - }, - }, - 'extensions.gdpr': { - title: 'GDPR', - description: 'Enable or disable the GDPR tab on Overview and Agents.', - category: SettingCategory.EXTENSIONS, - type: EpluginSettingType.switch, - defaultValue: true, - isConfigurableFromFile: true, - isConfigurableFromUI: false, - options: { - switch: { - values: { - disabled: { label: 'false', value: false }, - enabled: { label: 'true', value: true }, - }, - }, - }, - uiFormTransformChangedInputValue: function ( - value: boolean | string, - ): boolean { - return Boolean(value); - }, - validate: SettingsValidator.isBoolean, - validateBackend: function (schema) { - return schema.boolean(); - }, - }, - 'extensions.github': { - title: 'GitHub', - description: 'Enable or disable the GitHub tab on Overview and Agents.', - category: SettingCategory.EXTENSIONS, - type: EpluginSettingType.switch, - defaultValue: false, - isConfigurableFromFile: true, - isConfigurableFromUI: false, - options: { - switch: { - values: { - disabled: { label: 'false', value: false }, - enabled: { label: 'true', value: true }, - }, - }, - }, - uiFormTransformChangedInputValue: function ( - value: boolean | string, - ): boolean { - return Boolean(value); - }, - validate: SettingsValidator.isBoolean, - validateBackend: function (schema) { - return schema.boolean(); - }, - }, - 'extensions.hipaa': { - title: 'HIPAA', - description: 'Enable or disable the HIPAA tab on Overview and Agents.', - category: SettingCategory.EXTENSIONS, - type: EpluginSettingType.switch, - defaultValue: true, - isConfigurableFromFile: true, - isConfigurableFromUI: false, - options: { - switch: { - values: { - disabled: { label: 'false', value: false }, - enabled: { label: 'true', value: true }, - }, - }, - }, - uiFormTransformChangedInputValue: function ( - value: boolean | string, - ): boolean { - return Boolean(value); - }, - validate: SettingsValidator.isBoolean, - validateBackend: function (schema) { - return schema.boolean(); - }, - }, - 'extensions.nist': { - title: 'NIST', - description: - 'Enable or disable the NIST 800-53 tab on Overview and Agents.', - category: SettingCategory.EXTENSIONS, - type: EpluginSettingType.switch, - defaultValue: true, - isConfigurableFromFile: true, - isConfigurableFromUI: false, - options: { - switch: { - values: { - disabled: { label: 'false', value: false }, - enabled: { label: 'true', value: true }, - }, - }, - }, - uiFormTransformChangedInputValue: function ( - value: boolean | string, - ): boolean { - return Boolean(value); - }, - validate: SettingsValidator.isBoolean, - validateBackend: function (schema) { - return schema.boolean(); - }, - }, - 'extensions.office': { - title: 'Office 365', - description: 'Enable or disable the Office 365 tab on Overview and Agents.', - category: SettingCategory.EXTENSIONS, - type: EpluginSettingType.switch, - defaultValue: false, - isConfigurableFromFile: true, - isConfigurableFromUI: false, - options: { - switch: { - values: { - disabled: { label: 'false', value: false }, - enabled: { label: 'true', value: true }, - }, - }, - }, - uiFormTransformChangedInputValue: function ( - value: boolean | string, - ): boolean { - return Boolean(value); - }, - validate: SettingsValidator.isBoolean, - validateBackend: function (schema) { - return schema.boolean(); - }, - }, - 'extensions.oscap': { - title: 'OSCAP', - description: 'Enable or disable the Open SCAP tab on Overview and Agents.', - category: SettingCategory.EXTENSIONS, - type: EpluginSettingType.switch, - defaultValue: false, - isConfigurableFromFile: true, - isConfigurableFromUI: false, - options: { - switch: { - values: { - disabled: { label: 'false', value: false }, - enabled: { label: 'true', value: true }, - }, - }, - }, - uiFormTransformChangedInputValue: function ( - value: boolean | string, - ): boolean { - return Boolean(value); - }, - validate: SettingsValidator.isBoolean, - validateBackend: function (schema) { - return schema.boolean(); - }, - }, - 'extensions.osquery': { - title: 'Osquery', - description: 'Enable or disable the Osquery tab on Overview and Agents.', - category: SettingCategory.EXTENSIONS, - type: EpluginSettingType.switch, - defaultValue: false, - isConfigurableFromFile: true, - isConfigurableFromUI: false, - options: { - switch: { - values: { - disabled: { label: 'false', value: false }, - enabled: { label: 'true', value: true }, - }, - }, - }, - uiFormTransformChangedInputValue: function ( - value: boolean | string, - ): boolean { - return Boolean(value); - }, - validate: SettingsValidator.isBoolean, - validateBackend: function (schema) { - return schema.boolean(); - }, - }, - 'extensions.pci': { - title: 'PCI DSS', - description: 'Enable or disable the PCI DSS tab on Overview and Agents.', - category: SettingCategory.EXTENSIONS, - type: EpluginSettingType.switch, - defaultValue: true, - isConfigurableFromFile: true, - isConfigurableFromUI: false, - options: { - switch: { - values: { - disabled: { label: 'false', value: false }, - enabled: { label: 'true', value: true }, - }, - }, - }, - uiFormTransformChangedInputValue: function ( - value: boolean | string, - ): boolean { - return Boolean(value); - }, - validate: SettingsValidator.isBoolean, - validateBackend: function (schema) { - return schema.boolean(); - }, - }, - 'extensions.tsc': { - title: 'TSC', - description: 'Enable or disable the TSC tab on Overview and Agents.', - category: SettingCategory.EXTENSIONS, - type: EpluginSettingType.switch, - defaultValue: true, - isConfigurableFromFile: true, - isConfigurableFromUI: false, - options: { - switch: { - values: { - disabled: { label: 'false', value: false }, - enabled: { label: 'true', value: true }, - }, - }, - }, - uiFormTransformChangedInputValue: function ( - value: boolean | string, - ): boolean { - return Boolean(value); - }, - validate: SettingsValidator.isBoolean, - validateBackend: function (schema) { - return schema.boolean(); - }, - }, - 'extensions.virustotal': { - title: 'Virustotal', - description: 'Enable or disable the VirusTotal tab on Overview and Agents.', - category: SettingCategory.EXTENSIONS, - type: EpluginSettingType.switch, - defaultValue: false, - isConfigurableFromFile: true, - isConfigurableFromUI: false, - options: { - switch: { - values: { - disabled: { label: 'false', value: false }, - enabled: { label: 'true', value: true }, - }, - }, - }, - uiFormTransformChangedInputValue: function ( - value: boolean | string, - ): boolean { - return Boolean(value); - }, - validate: SettingsValidator.isBoolean, - validateBackend: function (schema) { - return schema.boolean(); - }, - }, hideManagerAlerts: { title: 'Hide manager alerts', description: 'Hide the alerts of the manager in every dashboard.', @@ -2212,6 +1761,36 @@ export const PLUGIN_SETTINGS: { [key: string]: TPluginSetting } = { return schema.number({ validate: this.validate.bind(this) }); }, }, + 'vulnerabilities.pattern': { + title: 'Index pattern', + description: 'Default index pattern to use for vulnerabilities.', + category: SettingCategory.VULNERABILITIES, + type: EpluginSettingType.text, + defaultValue: WAZUH_VULNERABILITIES_PATTERN, + isConfigurableFromFile: true, + isConfigurableFromUI: true, + requiresRunningHealthCheck: false, + validate: SettingsValidator.compose( + SettingsValidator.isNotEmptyString, + SettingsValidator.hasNoSpaces, + SettingsValidator.noLiteralString('.', '..'), + SettingsValidator.noStartsWithString('-', '_', '+', '.'), + SettingsValidator.hasNotInvalidCharacters( + '\\', + '/', + '?', + '"', + '<', + '>', + '|', + ',', + '#', + ), + ), + validateBackend: function (schema) { + return schema.string({ minLength: 1, validate: this.validate }); + }, + }, }; export type TPluginSettingKey = keyof typeof PLUGIN_SETTINGS; diff --git a/plugins/wazuh-core/opensearch_dashboards.json b/plugins/wazuh-core/opensearch_dashboards.json index 33b39ce69f..a68490fc52 100644 --- a/plugins/wazuh-core/opensearch_dashboards.json +++ b/plugins/wazuh-core/opensearch_dashboards.json @@ -1,6 +1,6 @@ { "id": "wazuhCore", - "version": "4.8.0-00", + "version": "4.8.1-00", "opensearchDashboardsVersion": "opensearchDashboards", "server": true, "ui": true, diff --git a/plugins/wazuh-core/package.json b/plugins/wazuh-core/package.json index 7cceb1cae4..e0a811f4f9 100644 --- a/plugins/wazuh-core/package.json +++ b/plugins/wazuh-core/package.json @@ -1,6 +1,6 @@ { "name": "wazuh-core", - "version": "4.8.0", + "version": "4.8.1", "revision": "00", "pluginPlatform": { "version": "2.10.0" @@ -14,7 +14,7 @@ "test:ui:runner": "node ../../scripts/functional_test_runner.js", "test:server": "plugin-helpers test:server", "test:browser": "plugin-helpers test:browser", - "test:jest": "node scripts/jest", + "test:jest": "node scripts/jest --runInBand", "test:jest:runner": "node scripts/runner test" }, "dependencies": { diff --git a/scripts/release/tag.js b/scripts/release/tag.js index 3e169ce602..dc49a772fd 100644 --- a/scripts/release/tag.js +++ b/scripts/release/tag.js @@ -111,11 +111,6 @@ async function run(configuration) { bump(configuration); - logger.debug('Checking if there are changes to commit'); - const thereChangesToCommit = - execSystem('git diff --exit-code --no-patch;echo -n $?').toString() === '1'; - logger.debug(`Are there changes to commit?: ${thereChangesToCommit}`); - if (!ignoreConfirmation) { let repeat = true; do { @@ -149,6 +144,11 @@ async function run(configuration) { } while (repeat); } + logger.debug('Checking if there are changes to commit'); + const thereChangesToCommit = + execSystem('git diff --exit-code --no-patch;echo -n $?').toString() === '1'; + logger.debug(`Are there changes to commit?: ${thereChangesToCommit}`); + if (thereChangesToCommit) { logger.info('There are changes to commit.'); console.log(execSystem('git diff --name-only').toString());