From 85541a015d1f8c632fd9950e8598e3fbf7151d50 Mon Sep 17 00:00:00 2001 From: Luciano Gorza <103193307+lucianogorza@users.noreply.github.com> Date: Tue, 28 Nov 2023 08:12:05 -0300 Subject: [PATCH 01/26] Ignore uuid field in GET /manager/version/check response (#6157) * Ignore uuid field in GET /manager/version/check response * Fix copy error in availabla updates status column * Fix parameter name * Add query parameter --- docker/imposter/manager/version/check.json | 1 + plugins/main/public/components/settings/api/api-table.js | 2 +- .../server/services/updates/get-updates.test.ts | 5 ++++- .../server/services/updates/get-updates.ts | 7 +++++-- 4 files changed, 11 insertions(+), 4 deletions(-) diff --git a/docker/imposter/manager/version/check.json b/docker/imposter/manager/version/check.json index 82c37160f5..bcba3a69b7 100644 --- a/docker/imposter/manager/version/check.json +++ b/docker/imposter/manager/version/check.json @@ -1,5 +1,6 @@ { "data": { + "uuid": "7f828fd6-ef68-4656-b363-247b5861b84c", "last_check_date": "2023-10-04T14:52:07.319561Z", "current_version": "v4.8.0", "update_check": true, diff --git a/plugins/main/public/components/settings/api/api-table.js b/plugins/main/public/components/settings/api/api-table.js index b0e8a1bd60..53e6056e33 100644 --- a/plugins/main/public/components/settings/api/api-table.js +++ b/plugins/main/public/components/settings/api/api-table.js @@ -370,7 +370,7 @@ export const ApiTable = compose( color="primary" iconType="questionInCircle" aria-label="Info about the error" - onClick={() => this.props.copyToClipBoard(item.downReason)} + onClick={() => this.props.copyToClipBoard(api.error.detail)} /> diff --git a/plugins/wazuh-check-updates/server/services/updates/get-updates.test.ts b/plugins/wazuh-check-updates/server/services/updates/get-updates.test.ts index 469d3ce014..390e10436b 100644 --- a/plugins/wazuh-check-updates/server/services/updates/get-updates.test.ts +++ b/plugins/wazuh-check-updates/server/services/updates/get-updates.test.ts @@ -76,7 +76,9 @@ describe('getUpdates function', () => { mockedGetWazuhCore.mockImplementation(() => ({ controllers: { WazuhHostsCtrl: jest.fn().mockImplementation(() => ({ - getHostsEntries: jest.fn().mockImplementation(() => [{ id: 'api id' }]), + getHostsEntries: jest + .fn() + .mockImplementation(() => [{ id: 'api id' }]), })), }, services: { @@ -86,6 +88,7 @@ describe('getUpdates function', () => { request: jest.fn().mockImplementation(() => ({ data: { data: { + uuid: '7f828fd6-ef68-4656-b363-247b5861b84c', current_version: '4.3.1', last_available_patch: { description: diff --git a/plugins/wazuh-check-updates/server/services/updates/get-updates.ts b/plugins/wazuh-check-updates/server/services/updates/get-updates.ts index 36e377fe02..fffb450839 100644 --- a/plugins/wazuh-check-updates/server/services/updates/get-updates.ts +++ b/plugins/wazuh-check-updates/server/services/updates/get-updates.ts @@ -6,6 +6,7 @@ import { import { SAVED_OBJECT_UPDATES } from '../../../common/constants'; import { getSavedObject, setSavedObject } from '../saved-object'; import { getWazuhCore } from '../../plugin-services'; +import _ from 'lodash'; export const getUpdates = async (checkAvailableUpdates?: boolean): Promise => { try { @@ -27,7 +28,7 @@ export const getUpdates = async (checkAvailableUpdates?: boolean): Promise { const data = {}; const method = 'GET'; - const path = '/manager/version/check'; + const path = '/manager/version/check?force_query=true'; const options = { apiHostID: api.id, forceRefresh: true, @@ -51,8 +52,10 @@ export const getUpdates = async (checkAvailableUpdates?: boolean): Promise Date: Tue, 28 Nov 2023 13:43:04 -0300 Subject: [PATCH 02/26] Fix Updates status column when is up to date (#6163) * Fix Updates status column when is up to date * Fix Updates status column when is up to date --- .../server/services/updates/get-updates.ts | 25 ++++++++++++------- 1 file changed, 16 insertions(+), 9 deletions(-) diff --git a/plugins/wazuh-check-updates/server/services/updates/get-updates.ts b/plugins/wazuh-check-updates/server/services/updates/get-updates.ts index fffb450839..c6fcdbcdf5 100644 --- a/plugins/wazuh-check-updates/server/services/updates/get-updates.ts +++ b/plugins/wazuh-check-updates/server/services/updates/get-updates.ts @@ -43,21 +43,28 @@ export const getUpdates = async (checkAvailableUpdates?: boolean): Promise { + if (update?.update_check === false) { + return API_UPDATES_STATUS.DISABLED; + } + + if ( + update?.last_available_patch?.tag || + update?.last_available_minor?.tag || + update?.last_available_patch?.tag + ) { + return API_UPDATES_STATUS.AVAILABLE_UPDATES; + } + + return API_UPDATES_STATUS.UP_TO_DATE; + }; const updateWithoutUUID = _.omit(update, 'uuid'); return { ...updateWithoutUUID, api_id: api.id, - status, + status: getStatus(), }; } catch (e: any) { const error = { From e21fb9ccacb419132e7f37f0808c69f05df08060 Mon Sep 17 00:00:00 2001 From: Luciano Gorza <103193307+lucianogorza@users.noreply.github.com> Date: Tue, 28 Nov 2023 17:04:12 -0300 Subject: [PATCH 03/26] Fix last_check_date mapping when check updates service is disabled (#6171) --- .../server/services/updates/get-updates.ts | 27 +++++++++++++------ 1 file changed, 19 insertions(+), 8 deletions(-) diff --git a/plugins/wazuh-check-updates/server/services/updates/get-updates.ts b/plugins/wazuh-check-updates/server/services/updates/get-updates.ts index c6fcdbcdf5..7f1cf39312 100644 --- a/plugins/wazuh-check-updates/server/services/updates/get-updates.ts +++ b/plugins/wazuh-check-updates/server/services/updates/get-updates.ts @@ -6,7 +6,6 @@ import { import { SAVED_OBJECT_UPDATES } from '../../../common/constants'; import { getSavedObject, setSavedObject } from '../saved-object'; import { getWazuhCore } from '../../plugin-services'; -import _ from 'lodash'; export const getUpdates = async (checkAvailableUpdates?: boolean): Promise => { try { @@ -43,15 +42,24 @@ export const getUpdates = async (checkAvailableUpdates?: boolean): Promise { - if (update?.update_check === false) { + if (update_check === false) { return API_UPDATES_STATUS.DISABLED; } if ( - update?.last_available_patch?.tag || - update?.last_available_minor?.tag || - update?.last_available_patch?.tag + last_available_major?.tag || + last_available_minor?.tag || + last_available_patch?.tag ) { return API_UPDATES_STATUS.AVAILABLE_UPDATES; } @@ -59,10 +67,13 @@ export const getUpdates = async (checkAvailableUpdates?: boolean): Promise Date: Thu, 30 Nov 2023 09:32:40 +0100 Subject: [PATCH 04/26] Bump 4.7.2 revision 00 (#6181) bump: 4.7.2 revision 00 --- CHANGELOG.md | 6 ++++++ plugins/main/opensearch_dashboards.json | 8 +++++--- plugins/main/package.json | 6 +++--- 3 files changed, 14 insertions(+), 6 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index d0ba58bfa3..2fec9196d7 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,12 @@ All notable changes to the Wazuh app project will be documented in this file. +## Wazuh v4.7.2 - OpenSearch Dashboards 2.8.0 - Revision 00 + +### Added + +- Support for Wazuh 4.7.2 + ## Wazuh v4.7.1 - OpenSearch Dashboards 2.8.0 - Revision 01 ### Added diff --git a/plugins/main/opensearch_dashboards.json b/plugins/main/opensearch_dashboards.json index 42d86d7b09..bc6cd7757f 100644 --- a/plugins/main/opensearch_dashboards.json +++ b/plugins/main/opensearch_dashboards.json @@ -1,8 +1,10 @@ { "id": "wazuh", - "version": "4.7.1-01", + "version": "4.7.2-00", "opensearchDashboardsVersion": "opensearchDashboards", - "configPath": ["wazuh"], + "configPath": [ + "wazuh" + ], "requiredPlugins": [ "navigation", "data", @@ -24,4 +26,4 @@ ], "server": true, "ui": true -} +} \ No newline at end of file diff --git a/plugins/main/package.json b/plugins/main/package.json index c6b8e68e7e..99b489d459 100644 --- a/plugins/main/package.json +++ b/plugins/main/package.json @@ -1,7 +1,7 @@ { "name": "wazuh", - "version": "4.7.1", - "revision": "01", + "version": "4.7.2", + "revision": "00", "pluginPlatform": { "version": "2.8.0" }, @@ -83,4 +83,4 @@ "redux-mock-store": "^1.5.4", "swagger-client": "^3.19.11" } -} +} \ No newline at end of file From a61d777f288fcd8cb63f4625501e180c6c5a8830 Mon Sep 17 00:00:00 2001 From: Maximiliano Ibarra <6089438+Machi3mfl@users.noreply.github.com> Date: Thu, 30 Nov 2023 10:02:13 -0300 Subject: [PATCH 05/26] Fix error when a column with no value is selected to show in the vulnerabilities inventory table (#6179) * Fix inventory columns table visibility error * Update CHANGELOG * Fix CHANGELOG --- CHANGELOG.md | 2 +- .../dashboards/inventory/inventory_service.ts | 18 ++++++++++++------ .../vulnerabilities/data_grid/use_data_grid.ts | 4 ++-- 3 files changed, 15 insertions(+), 9 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 4b96d858fd..b6e8ae63c0 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -10,7 +10,7 @@ All notable changes to the Wazuh app project will be documented in this file. - Added the ability to check if there are available updates from the UI. [#6093](https://github.com/wazuh/wazuh-dashboard-plugins/pull/6093) - Added remember server address check [#5791](https://github.com/wazuh/wazuh-dashboard-plugins/pull/5791) - Added the ssl_agent_ca configuration to the SSL Settings form [#6083](https://github.com/wazuh/wazuh-dashboard-plugins/pull/6083) -- Added global vulnerabilities dashboards [#5896](https://github.com/wazuh/wazuh-dashboard-plugins/pull/5896) +- Added global vulnerabilities dashboards [#5896](https://github.com/wazuh/wazuh-dashboard-plugins/pull/5896) [#6179](https://github.com/wazuh/wazuh-dashboard-plugins/pull/6179) - Added an agent selector to the IT Hygiene application [#5840](https://github.com/wazuh/wazuh-dashboard-plugins/pull/5840) - Added query results limit when the search exceed 10000 hits [#6106](https://github.com/wazuh/wazuh-dashboard-plugins/pull/6106) diff --git a/plugins/main/public/components/overview/vulnerabilities/dashboards/inventory/inventory_service.ts b/plugins/main/public/components/overview/vulnerabilities/dashboards/inventory/inventory_service.ts index 6443c678b1..574965abeb 100644 --- a/plugins/main/public/components/overview/vulnerabilities/dashboards/inventory/inventory_service.ts +++ b/plugins/main/public/components/overview/vulnerabilities/dashboards/inventory/inventory_service.ts @@ -80,7 +80,7 @@ export const parseData = (resultsHits: SearchResponse['hits']['hits']): any[] => } -export const getFieldFormatted = (rowIndex, columnId, indexPattern, rowsParsed) => { +export const getFieldValueFormatted = (rowIndex, columnId, indexPattern, rowsParsed) => { const field = indexPattern.fields.find((field) => field.name === columnId); let fieldValue = null; if (columnId.includes('.')) { @@ -93,13 +93,19 @@ export const getFieldFormatted = (rowIndex, columnId, indexPattern, rowsParsed) fieldValue = fieldValue[field]; } }); - } else { - fieldValue = rowsParsed[rowIndex][columnId].formatted - ? rowsParsed[rowIndex][columnId].formatted - : rowsParsed[rowIndex][columnId]; + const rowValue = rowsParsed[rowIndex]; + // when not exist the column in the row value then the value is null + if(!rowValue.hasOwnProperty(columnId)){ + fieldValue = null; + }else{ + fieldValue = rowValue[columnId]?.formatted || rowValue[columnId]; + } + } + // when fieldValue is null or undefined then return a empty string + if (fieldValue === null || fieldValue === undefined) { + return ''; } - // if is date field if (field?.type === 'date') { // @ts-ignore diff --git a/plugins/main/public/components/overview/vulnerabilities/data_grid/use_data_grid.ts b/plugins/main/public/components/overview/vulnerabilities/data_grid/use_data_grid.ts index a43810fdf9..86dacd8b5d 100644 --- a/plugins/main/public/components/overview/vulnerabilities/data_grid/use_data_grid.ts +++ b/plugins/main/public/components/overview/vulnerabilities/data_grid/use_data_grid.ts @@ -2,7 +2,7 @@ import { EuiDataGridCellValueElementProps, EuiDataGridColumn, EuiDataGridProps, import { useEffect, useMemo, useState, Fragment } from "react"; import { SearchResponse } from "@opensearch-project/opensearch/api/types"; import { IFieldType, IndexPattern } from "../../../../../../../src/plugins/data/common"; -import { parseData, getFieldFormatted } from '../dashboards/inventory/inventory_service'; +import { parseData, getFieldValueFormatted } from '../dashboards/inventory/inventory_service'; import { MAX_ENTRIES_PER_QUERY } from "../dashboards/inventory/config"; type tDataGridProps = { @@ -72,7 +72,7 @@ export const useDataGrid = (props: tDataGridProps): EuiDataGridProps => { // then the rowIndex is relative to the current page const relativeRowIndex = rowIndex % pagination.pageSize; return rowsParsed.hasOwnProperty(relativeRowIndex) - ? getFieldFormatted(relativeRowIndex, columnId, indexPattern, rowsParsed) + ? getFieldValueFormatted(relativeRowIndex, columnId, indexPattern, rowsParsed) : null; }; From 2b875e8ac9fb1d3bc0b7ca01987d0eb838a94d07 Mon Sep 17 00:00:00 2001 From: Antonio <34042064+Desvelao@users.noreply.github.com> Date: Thu, 30 Nov 2023 17:16:41 +0100 Subject: [PATCH 06/26] Remove implicit filter from search bar UI (#6174) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * feat(search-bar): remove implicit filter from search bar UI * changelog: add pull request entry * test(search-bar): update tests of wql --------- Co-authored-by: Chantal Belén kelm <99441266+chantal-kelm@users.noreply.github.com> --- CHANGELOG.md | 1 + .../__snapshots__/wql.test.tsx.snap | 40 ------------------- .../search-bar/query-language/wql.test.tsx | 4 -- .../search-bar/query-language/wql.tsx | 32 --------------- 4 files changed, 1 insertion(+), 76 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index b6e8ae63c0..cf134ff451 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -30,6 +30,7 @@ All notable changes to the Wazuh app project will be documented in this file. - Removed the `disabled_roles` and `customization.logo.sidebar` settings [#5840](https://github.com/wazuh/wazuh-dashboard-plugins/pull/5840) - Removed the ability to configure the visibility of modules and removed `extensions.*` settings [#5840](https://github.com/wazuh/wazuh-dashboard-plugins/pull/5840) +- Removed the implicit filter of WQL language of the search bar UI [#6174](https://github.com/wazuh/wazuh-dashboard-plugins/pull/6174) ## Wazuh v4.7.1 - OpenSearch Dashboards 2.8.0 - Revision 01 diff --git a/plugins/main/public/components/search-bar/query-language/__snapshots__/wql.test.tsx.snap b/plugins/main/public/components/search-bar/query-language/__snapshots__/wql.test.tsx.snap index f1bad4e5d4..8d16ea7342 100644 --- a/plugins/main/public/components/search-bar/query-language/__snapshots__/wql.test.tsx.snap +++ b/plugins/main/public/components/search-bar/query-language/__snapshots__/wql.test.tsx.snap @@ -17,46 +17,6 @@ exports[`SearchBar component Renders correctly to match the snapshot of query la
-
-
- -
-
diff --git a/plugins/main/public/components/search-bar/query-language/wql.test.tsx b/plugins/main/public/components/search-bar/query-language/wql.test.tsx index 2d2a1b3171..a803a79ecf 100644 --- a/plugins/main/public/components/search-bar/query-language/wql.test.tsx +++ b/plugins/main/public/components/search-bar/query-language/wql.test.tsx @@ -41,10 +41,6 @@ describe('SearchBar component', () => { const wrapper = render(); await waitFor(() => { - const elementImplicitQuery = wrapper.container.querySelector( - '.euiCodeBlock__code', - ); - expect(elementImplicitQuery?.innerHTML).toEqual('id!=000 and '); expect(wrapper.container).toMatchSnapshot(); }); }); diff --git a/plugins/main/public/components/search-bar/query-language/wql.tsx b/plugins/main/public/components/search-bar/query-language/wql.tsx index 191f70b2d9..5282a6e096 100644 --- a/plugins/main/public/components/search-bar/query-language/wql.tsx +++ b/plugins/main/public/components/search-bar/query-language/wql.tsx @@ -1156,38 +1156,6 @@ export const WQL = { ); } }, - prepend: implicitQueryAsQL ? ( - - params.setQueryLanguageConfiguration(state => ({ - ...state, - isOpenPopoverImplicitFilter: - !state.isOpenPopoverImplicitFilter, - })) - } - iconType='filter' - > - {implicitQueryAsQL} - - } - isOpen={ - params.queryLanguage.configuration.isOpenPopoverImplicitFilter - } - closePopover={() => - params.setQueryLanguageConfiguration(state => ({ - ...state, - isOpenPopoverImplicitFilter: false, - })) - } - > - - Implicit query: {implicitQueryAsQL} - - This query is added to the input. - - ) : null, // Disable the focus trap in the EuiInputPopover. // This causes when using the Search suggestion, the suggestion popover can be closed. // If this is disabled, then the suggestion popover is open after a short time for this From 93278eba5b275602e9b8f205d28cac73a38413f6 Mon Sep 17 00:00:00 2001 From: Antonio <34042064+Desvelao@users.noreply.github.com> Date: Thu, 30 Nov 2023 18:52:41 +0100 Subject: [PATCH 07/26] Fix missing columns in the agents table of groups (#6184) * fix(groups): missing columns in the agents table * changelog: add entry --- CHANGELOG.md | 1 + .../components/management/groups/group-agents-table.js | 1 - 2 files changed, 1 insertion(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index d0ba58bfa3..93bd6fa6a3 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -13,6 +13,7 @@ All notable changes to the Wazuh app project will be documented in this file. - Fixed problem when using non latin characters in the username [#6076](https://github.com/wazuh/wazuh-dashboard-plugins/pull/6076) - Fixed UI crash on retrieving log collection configuration for macos agent. [#6104](https://github.com/wazuh/wazuh-dashboard-plugins/pull/6104) - Fixed incorrect validation of the agent name on the Deploy new agent window [#6105](https://github.com/wazuh/wazuh-dashboard-plugins/pull/6105) +- Fixed missing columns in the agents table of Groups [#6184](https://github.com/wazuh/wazuh-dashboard-plugins/pull/6184) ## Wazuh v4.7.0 - OpenSearch Dashboards 2.8.0 - Revision 04 diff --git a/plugins/main/public/controllers/management/components/management/groups/group-agents-table.js b/plugins/main/public/controllers/management/components/management/groups/group-agents-table.js index ee7550d232..f3eac7e170 100644 --- a/plugins/main/public/controllers/management/components/management/groups/group-agents-table.js +++ b/plugins/main/public/controllers/management/components/management/groups/group-agents-table.js @@ -82,7 +82,6 @@ class WzGroupAgentsTable extends Component { align: 'left', searchable: true, sortable: true, - show: true, }, { field: 'status', From 94fbdbddfdcd5717f7d94d585ade11e1b4ec866b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Julio=20C=C3=A9sar=20Biset?= <43619595+jbiset@users.noreply.github.com> Date: Fri, 1 Dec 2023 07:53:44 -0300 Subject: [PATCH 08/26] Fixed filter modal of bar chart of vulnerabilities dashboard (#6186) Removed visualization aggregation to fix barcharts --- .../dashboards/overview/dashboard_panels.ts | 33 ------------------- 1 file changed, 33 deletions(-) diff --git a/plugins/main/public/components/overview/vulnerabilities/dashboards/overview/dashboard_panels.ts b/plugins/main/public/components/overview/vulnerabilities/dashboards/overview/dashboard_panels.ts index 76aa50fa3b..ee101d39a4 100644 --- a/plugins/main/public/components/overview/vulnerabilities/dashboards/overview/dashboard_panels.ts +++ b/plugins/main/public/components/overview/vulnerabilities/dashboards/overview/dashboard_panels.ts @@ -123,22 +123,6 @@ const getVisStateTopVulnerabilities = (indexPatternId: string) => { }, schema: 'segment', }, - { - id: '3', - enabled: true, - type: 'terms', - params: { - field: 'vulnerability.id', - orderBy: '1', - order: 'desc', - size: 5, - otherBucket: false, - otherBucketLabel: 'Other', - missingBucket: false, - missingBucketLabel: 'Missing', - }, - schema: 'group', - }, ], }, }; @@ -273,23 +257,6 @@ const getVisStateTopVulnerabilitiesEndpoints = (indexPatternId: string) => { }, schema: 'segment', }, - { - id: '3', - enabled: true, - type: 'terms', - params: { - field: 'agent.id', - orderBy: '1', - order: 'desc', - size: 5, - otherBucket: false, - otherBucketLabel: 'Other', - missingBucket: false, - missingBucketLabel: 'Missing', - customLabel: 'mm', - }, - schema: 'group', - }, ], }, }; From 2fc0406d3ac0a06f36d419bf43a6618e71ca3f5e Mon Sep 17 00:00:00 2001 From: Antonio <34042064+Desvelao@users.noreply.github.com> Date: Fri, 1 Dec 2023 12:00:59 +0100 Subject: [PATCH 09/26] Remove application menu in the IT Hygiene (#6176) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * feat: remove application menu in IT Hygiene application - Remove application menu - Add link to Endpoint Summary - Refactor the responsive of header button using styles instead of controlled by JS - Changed the icon of Endpoint Summary application * fix: remove unused files and styles * changelog: add pull request entry --------- Co-authored-by: Chantal Belén kelm <99441266+chantal-kelm@users.noreply.github.com> --- CHANGELOG.md | 2 + .../common/welcome/agents-welcome.js | 259 ++++-------------- .../welcome/components/agent-sections.ts | 134 --------- .../common/welcome/components/menu-agent.js | 218 --------------- .../components/common/welcome/welcome.scss | 94 +++++-- .../public/components/wz-menu/wz-menu.scss | 8 - plugins/main/public/utils/applications.ts | 2 +- 7 files changed, 117 insertions(+), 600 deletions(-) delete mode 100644 plugins/main/public/components/common/welcome/components/agent-sections.ts delete mode 100644 plugins/main/public/components/common/welcome/components/menu-agent.js diff --git a/CHANGELOG.md b/CHANGELOG.md index cf134ff451..a0cb5fbf41 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -13,6 +13,7 @@ All notable changes to the Wazuh app project will be documented in this file. - Added global vulnerabilities dashboards [#5896](https://github.com/wazuh/wazuh-dashboard-plugins/pull/5896) [#6179](https://github.com/wazuh/wazuh-dashboard-plugins/pull/6179) - Added an agent selector to the IT Hygiene application [#5840](https://github.com/wazuh/wazuh-dashboard-plugins/pull/5840) - Added query results limit when the search exceed 10000 hits [#6106](https://github.com/wazuh/wazuh-dashboard-plugins/pull/6106) +- Added a redirection button to Endpoint Summary from IT Hygiene application [6176](https://github.com/wazuh/wazuh-dashboard-plugins/pull/6176) ### Changed @@ -30,6 +31,7 @@ All notable changes to the Wazuh app project will be documented in this file. - Removed the `disabled_roles` and `customization.logo.sidebar` settings [#5840](https://github.com/wazuh/wazuh-dashboard-plugins/pull/5840) - Removed the ability to configure the visibility of modules and removed `extensions.*` settings [#5840](https://github.com/wazuh/wazuh-dashboard-plugins/pull/5840) +- Removed the application menu in the IT Hygiene application [6176](https://github.com/wazuh/wazuh-dashboard-plugins/pull/6176) - Removed the implicit filter of WQL language of the search bar UI [#6174](https://github.com/wazuh/wazuh-dashboard-plugins/pull/6174) ## Wazuh v4.7.1 - OpenSearch Dashboards 2.8.0 - Revision 01 diff --git a/plugins/main/public/components/common/welcome/agents-welcome.js b/plugins/main/public/components/common/welcome/agents-welcome.js index 1452cc06a8..bb1e20e90b 100644 --- a/plugins/main/public/components/common/welcome/agents-welcome.js +++ b/plugins/main/public/components/common/welcome/agents-welcome.js @@ -21,7 +21,6 @@ import { EuiFlexGrid, EuiButtonEmpty, EuiPage, - EuiPopover, EuiLoadingChart, EuiToolTip, EuiButtonIcon, @@ -35,7 +34,6 @@ import { } from './components'; import { AgentInfo } from './agents-info'; import WzReduxProvider from '../../../redux/wz-redux-provider'; -import MenuAgent from './components/menu-agent'; import './welcome.scss'; import { WzDatePicker } from '../../../components/wz-date-picker/wz-date-picker'; import KibanaVis from '../../../kibana-integrations/kibana-vis'; @@ -53,7 +51,6 @@ import { getCore, getDataPlugin, } from '../../../kibana-services'; -import { hasAgentSupportModule } from '../../../react-services/wz-agents'; import { withErrorBoundary, withGlobalBreadcrumb, @@ -62,7 +59,6 @@ import { } from '../hocs'; import { compose } from 'redux'; import { API_NAME_AGENT_STATUS } from '../../../../common/constants'; -import { WAZUH_MODULES } from '../../../../common/wazuh-modules'; import { PromptAgentNeverConnected, PromptNoSelectedAgent, @@ -71,12 +67,8 @@ import { connect } from 'react-redux'; import { WzButton } from '../buttons'; import { Applications, - configurationAssessment, - fileIntegrityMonitoring, itHygiene, mitreAttack, - threatHunting, - vulnerabilityDetection, } from '../../../utils/applications'; import { RedirectAppLinks } from '../../../../../../src/plugins/opensearch_dashboards_react/public'; @@ -120,14 +112,9 @@ export const AgentsWelcome = compose( )( class AgentsWelcome extends Component { _isMount = false; - sidebarSizeDefault; constructor(props) { super(props); - this.offset = 275; - - this.sidebarSizeDefault = 320; - this.state = { lastScans: [], isLoading: true, @@ -135,43 +122,12 @@ export const AgentsWelcome = compose( sortDirection: 'desc', actionAgents: true, // Hide actions agents selectedRequirement: 'pci', - menuAgent: [], - maxModules: 5, widthWindow: window.innerWidth, - isLocked: false, }; } updateWidth = () => { - let menuSize; - if (this.state.isLocked) { - menuSize = window.innerWidth - this.offset - this.sidebarSizeDefault; - } else { - menuSize = window.innerWidth - this.offset; - } - let maxModules = 5; - if (menuSize > 1400) { - maxModules = 5; - } else { - if (menuSize > 1250) { - maxModules = 4; - } else { - if (menuSize > 1100) { - maxModules = 3; - } else { - if (menuSize > 900) { - maxModules = 2; - } else { - maxModules = 1; - if (menuSize < 750) { - maxModules = null; - } - } - } - } - } - - this.setState({ maxModules: maxModules, widthWindow: window.innerWidth }); + this.setState({ widthWindow: window.innerWidth }); }; /* TODO: we should to create a unique Explore agent button instead @@ -192,7 +148,6 @@ export const AgentsWelcome = compose( /* WORKAROUND: ensure the $scope.agent is synced with the agent stored in Redux (this.props.agent). See agents.js controller. */ this.props.setAgent(this.props.agent); - this.updatePinnedApplications(); this.updateWidth(); const tabVisualizations = new TabVisualizations(); tabVisualizations.removeAll(); @@ -204,10 +159,8 @@ export const AgentsWelcome = compose( const $injector = getAngularModule().$injector; this.drawerLokedSubscribtion = getChrome() .getIsNavDrawerLocked$() - .subscribe(isLocked => { - this.setState({ isLocked }, () => { - this.updateWidth(); - }); + .subscribe(() => { + this.updateWidth(); }); this.router = $injector.get('$route'); window.addEventListener('resize', this.updateWidth); //eslint-disable-line @@ -230,117 +183,34 @@ export const AgentsWelcome = compose( this.drawerLokedSubscribtion?.unsubscribe(); } - updatePinnedApplications(applications) { - let pinnedApplications; - - if (applications) { - pinnedApplications = applications; - } else { - pinnedApplications = window.localStorage.getItem( - 'wz-menu-agent-apps-pinned', - ) - ? JSON.parse(window.localStorage.getItem('wz-menu-agent-apps-pinned')) - : [ - // Default pinned applications - threatHunting.id, - fileIntegrityMonitoring.id, - configurationAssessment.id, - vulnerabilityDetection.id, - mitreAttack.id, - ]; - } - - // Ensure the pinned applications are supported - pinnedApplications = pinnedApplications.filter(pinnedApplication => - Applications.some(({ id }) => id === pinnedApplication), + renderEndpointsSummaryButton() { + const application = Applications.find( + ({ id }) => id === 'endpoints-summary', ); - - window.localStorage.setItem( - 'wz-menu-agent-apps-pinned', - JSON.stringify(pinnedApplications), - ); - this.setState({ menuAgent: pinnedApplications }); - } - - renderModules() { return ( - - {this.state.menuAgent.map((applicationId, i) => { - const moduleID = Object.keys(WAZUH_MODULES).find( - key => WAZUH_MODULES[key]?.appId === applicationId, - ).appId; - if ( - i < this.state.maxModules && - hasAgentSupportModule(this.props.agent, moduleID) - ) { - return ( - - - - - { - Applications.find(({ id }) => id === applicationId) - .title - } -   - - - - - ); - } - })} - - - this.setState({ switchModule: !this.state.switchModule }) - } - > - More... - - } - isOpen={this.state.switchModule} - closePopover={() => this.setState({ switchModule: false })} - repositionOnScroll={false} - anchorPosition='downCenter' - > -
- -
- - this.updatePinnedApplications(applications) - } - closePopover={() => { - this.setState({ switchModule: false }); - }} - switchTab={module => this.props.switchTab(module)} - > -
- -
- - - + + + {application.title} + + ); } renderTitle() { const notNeedStatus = true; const thereAreAgentSelected = Boolean(this.props.agent?.id); + // Calculate if the header buttons should display the name or only the icon to be responsive + return ( - {(this.state.maxModules !== null && this.renderModules()) || ( - - - this.setState({ - switchModule: !this.state.switchModule, - }) - } - > - Applications - - } - isOpen={this.state.switchModule} - closePopover={() => this.setState({ switchModule: false })} - repositionOnScroll={false} - anchorPosition='downCenter' - > -
- -
- - this.updatePinnedApplications(applications) - } - closePopover={() => { - this.setState({ switchModule: false }); - }} - switchTab={module => this.props.switchTab(module)} - > -
- -
- - - )} + + {this.renderEndpointsSummaryButton()} + @@ -433,13 +265,14 @@ export const AgentsWelcome = compose( onClick={() => this.props.switchTab('syscollector', notNeedStatus) } - tooltip={ - this.state.maxModules === null - ? { position: 'bottom', content: 'Inventory data' } - : undefined - } + className='wz-it-hygiene-header-button' + tooltip={{ + position: 'bottom', + content: 'Inventory data', + className: 'wz-it-hygiene-header-button-tooltip', + }} > - {this.state.maxModules !== null ? 'Inventory data' : ''} + Inventory data @@ -447,13 +280,14 @@ export const AgentsWelcome = compose( buttonType='empty' iconType='stats' onClick={() => this.props.switchTab('stats', notNeedStatus)} - tooltip={ - this.state.maxModules === null - ? { position: 'bottom', content: 'Stats' } - : undefined - } + className='wz-it-hygiene-header-button' + tooltip={{ + position: 'bottom', + content: 'Stats', + className: 'wz-it-hygiene-header-button-tooltip', + }} > - {this.state.maxModules !== null ? 'Stats' : ''} + Stats @@ -463,13 +297,14 @@ export const AgentsWelcome = compose( onClick={() => this.props.switchTab('configuration', notNeedStatus) } - tooltip={ - this.state.maxModules === null - ? { position: 'bottom', content: 'Configuration' } - : undefined - } + className='wz-it-hygiene-header-button' + tooltip={{ + position: 'bottom', + content: 'Configuration', + className: 'wz-it-hygiene-header-button-tooltip', + }} > - {this.state.maxModules !== null ? 'Configuration' : ''} + Configuration diff --git a/plugins/main/public/components/common/welcome/components/agent-sections.ts b/plugins/main/public/components/common/welcome/components/agent-sections.ts deleted file mode 100644 index 3278e60914..0000000000 --- a/plugins/main/public/components/common/welcome/components/agent-sections.ts +++ /dev/null @@ -1,134 +0,0 @@ -/* - * Wazuh app - Build all sections for MenuAgent. - * Copyright (C) 2015-2022 Wazuh, Inc. - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * Find more information about this on the LICENSE file. - */ - -import { WAZUH_MODULES_ID } from '../../../../../common/constants'; - -export const getAgentSections = (menuAgent) => { - return { - securityInformation: { - id: 'securityInformation', - text: 'Security information management', - isTitle: true, - }, - auditing: { - id: 'auditing', - text: 'Auditing and Policy Monitoring', - isTitle: true, - }, - threatDetection: { - id: 'threatDetection', - text: 'Threat detection and response', - isTitle: true, - }, - regulatoryCompliance: { - id: 'regulatoryCompliance', - text: 'Regulatory Compliance', - isTitle: true, - }, - general: { - id: WAZUH_MODULES_ID.SECURITY_EVENTS, - text: 'Security events', - isPin: menuAgent.general ? menuAgent.general : false, - }, - fim: { - id: WAZUH_MODULES_ID.INTEGRITY_MONITORING, - text: 'Integrity monitoring', - isPin: menuAgent.fim ? menuAgent.fim : false, - }, - aws: { - id: WAZUH_MODULES_ID.AMAZON_WEB_SERVICES, - text: 'Amazon AWS', - isPin: menuAgent.aws ? menuAgent.aws : false, - }, - gcp: { - id: WAZUH_MODULES_ID.GOOGLE_CLOUD_PLATFORM, - text: 'Google Cloud Platform', - isPin: menuAgent.gcp ? menuAgent.gcp : false, - }, - github: { - id: WAZUH_MODULES_ID.GITHUB, - text: 'GitHub', - isPin: menuAgent.github ? menuAgent.github : false - }, - pm: { - id: WAZUH_MODULES_ID.POLICY_MONITORING, - text: 'Policy Monitoring', - isPin: menuAgent.pm ? menuAgent.pm : false, - }, - sca: { - id: WAZUH_MODULES_ID.SECURITY_CONFIGURATION_ASSESSMENT, - text: 'Security configuration assessment', - isPin: menuAgent.sca ? menuAgent.sca : false, - }, - audit: { - id: WAZUH_MODULES_ID.AUDITING, - text: 'System Auditing', - isPin: menuAgent.audit ? menuAgent.audit : false, - }, - oscap: { - id: WAZUH_MODULES_ID.OPEN_SCAP, - text: 'OpenSCAP', - isPin: menuAgent.oscap ? menuAgent.oscap : false, - }, - ciscat: { - id: WAZUH_MODULES_ID.CIS_CAT, - text: 'CIS-CAT', - isPin: menuAgent.oscap ? menuAgent.oscap : false, - }, - vuls: { - id: WAZUH_MODULES_ID.VULNERABILITIES, - text: 'Vulnerabilities', - isPin: menuAgent.vuls ? menuAgent.vuls : false, - }, - virustotal: { - id: WAZUH_MODULES_ID.VIRUSTOTAL, - text: 'VirusTotal', - isPin: menuAgent.virustotal ? menuAgent.virustotal : false, - }, - osquery: { - id: WAZUH_MODULES_ID.OSQUERY, - text: 'Osquery', - isPin: menuAgent.osquery ? menuAgent.osquery : false, - }, - docker: { - id: WAZUH_MODULES_ID.DOCKER, - text: 'Docker Listener', - isPin: menuAgent.docker ? menuAgent.docker : false, - }, - mitre: { - id: WAZUH_MODULES_ID.MITRE_ATTACK, - text: 'MITRE ATT&CK', - isPin: menuAgent.mitre ? menuAgent.mitre : false, - }, - pci: { - id: WAZUH_MODULES_ID.PCI_DSS, - text: 'PCI DSS', - isPin: menuAgent.pci ? menuAgent.pci : false, - }, - gdpr: { - id: WAZUH_MODULES_ID.GDPR, - text: 'GDPR', - isPin: menuAgent.gdpr ? menuAgent.gdpr : false, - }, - hipaa: { - id: WAZUH_MODULES_ID.HIPAA, - text: 'HIPAA', - isPin: menuAgent.hipaa ? menuAgent.hipaa : false, - }, - nist: { - id: WAZUH_MODULES_ID.NIST_800_53, - text: 'NIST 800-53', - isPin: menuAgent.nist ? menuAgent.nist : false, - }, - tsc: { id: WAZUH_MODULES_ID.TSC, text: 'TSC', isPin: menuAgent.tsc ? menuAgent.tsc : false }, - }; -}; diff --git a/plugins/main/public/components/common/welcome/components/menu-agent.js b/plugins/main/public/components/common/welcome/components/menu-agent.js deleted file mode 100644 index f11013ad54..0000000000 --- a/plugins/main/public/components/common/welcome/components/menu-agent.js +++ /dev/null @@ -1,218 +0,0 @@ -/* - * Wazuh app - React component for registering agents. - * Copyright (C) 2015-2022 Wazuh, Inc. - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * Find more information about this on the LICENSE file. - */ -import React, { Component } from 'react'; -import { - EuiFlexGrid, - EuiFlexGroup, - EuiFlexItem, - EuiIcon, - EuiSideNav, - EuiLink, -} from '@elastic/eui'; -import { connect } from 'react-redux'; -import { hasAgentSupportModule } from '../../../../react-services/wz-agents'; -import { - getAngularModule, - getCore, - getToasts, -} from '../../../../kibana-services'; -import { updateCurrentAgentData } from '../../../../redux/actions/appStateActions'; -import { Applications, Categories } from '../../../../utils/applications'; -import { RedirectAppLinks } from '../../../../../../../src/plugins/opensearch_dashboards_react/public'; - -class WzMenuAgent extends Component { - constructor(props) { - super(props); - this.state = { - hoverAddFilter: '', - }; - - this.appCategories = Applications.reduce((categories, app) => { - const existingCategory = categories.find( - category => category.id === app.category, - ); - if (app.showInAgentMenu) { - if (existingCategory) { - existingCategory.apps.push(app); - } else { - const category = Categories.find( - category => app.category === category.id, - ); - categories.push({ - id: category.id, - label: Categories.find(category => app.category === category.id) - .label, - icon: category.euiIconType, - apps: [app], - }); - } - } - return categories; - }, []).sort((a, b) => { - return ( - Categories.find(category => a.id === category.id).order - - Categories.find(category => b.id === category.id).order - ); - }); - } - - componentDidMount() { - const $injector = getAngularModule().$injector; - this.router = $injector.get('$route'); - } - - clickMenuItem = appId => { - this.props.closePopover(); - // do not redirect if we already are in that tab - this.props.updateCurrentAgentData(this.props.isAgent); - this.router.reload(); - }; - - addToast({ color, title, text, time = 3000 }) { - getToasts().add({ title, text, toastLifeTimeMs: time, color }); - } - - createItems = items => { - return items - .filter(item => - hasAgentSupportModule(this.props.currentAgentData, item.id), - ) - .map(item => this.createItem(item)); - }; - - createItem = (item, data = {}) => { - // NOTE: Duplicate `name` values will cause `id` collisions. - return { - ...data, - id: item.id, - name: ( - { - this.setState({ hoverAddFilter: item.id }); - }} - onMouseLeave={() => { - this.setState({ hoverAddFilter: '' }); - }} - > - (!item.isTitle ? this.clickMenuItem(item.id) : null)} - style={{ cursor: !item.isTitle ? 'pointer' : 'normal' }} - > - - - {item.title} - - - - {this.state.hoverAddFilter === item.id && - !item.isTitle && - (this.props.pinnedApplications.length < 6 || item.isPin) && - (this.props.pinnedApplications.length > 1 || !item.isPin) && ( - - { - if ( - !item.isPin && - this.props.pinnedApplications.length < 6 - ) { - this.props.updatePinnedApplications([ - ...this.props.pinnedApplications, - item.id, - ]); - } else if ( - this.props.pinnedApplications.includes(item.id) - ) { - this.props.updatePinnedApplications([ - ...this.props.pinnedApplications.filter( - id => id !== item.id, - ), - ]); - } else { - this.addToast({ - title: - 'The limit of pinned applications has been reached', - color: 'danger', - }); - } - }} - color='primary' - type={ - this.props.pinnedApplications.includes(item.id) - ? 'pinFilled' - : 'pin' - } - aria-label='Next' - style={{ cursor: 'pointer' }} - /> - - )} - - ), - isSelected: this.props.currentTab === item.id, - }; - }; - - render() { - const items = this.appCategories.map(({ apps, ...rest }) => ({ - ...rest, - items: this.createItems( - apps.map(app => ({ - id: app.id, - title: app.title, - isPin: this.props.pinnedApplications.includes(app.id), - })), - ), - })); - - return ( -
-
- - {items.map(item => ( - - , - items: item.items, - }, - ]} - style={{ padding: '4px 12px' }} - /> - - ))} - -
-
- ); - } -} - -const mapStateToProps = state => { - return { - currentAgentData: state.appStateReducers.currentAgentData, - currentTab: state.appStateReducers.currentTab, - }; -}; - -const mapDispatchToProps = dispatch => ({ - updateCurrentAgentData: agentData => - dispatch(updateCurrentAgentData(agentData)), -}); - -export default connect(mapStateToProps, mapDispatchToProps)(WzMenuAgent); diff --git a/plugins/main/public/components/common/welcome/welcome.scss b/plugins/main/public/components/common/welcome/welcome.scss index e04bf5525c..dab373eee2 100644 --- a/plugins/main/public/components/common/welcome/welcome.scss +++ b/plugins/main/public/components/common/welcome/welcome.scss @@ -1,44 +1,84 @@ -.wz-welcome-page .euiCard .euiTitle, .wz-module-body .euiCard .euiTitle { - font-size: 16px; - font-weight: 400; +.wz-welcome-page .euiCard .euiTitle, +.wz-module-body .euiCard .euiTitle { + font-size: 16px; + font-weight: 400; } -.wz-welcome-page .euiCard .euiText, .wz-module-body .euiCard .euiText { - font-size: 12px; - font-family: sans-serif; +.wz-welcome-page .euiCard .euiText, +.wz-module-body .euiCard .euiText { + font-size: 12px; + font-family: sans-serif; } -.wz-module-header-agent:not(.wz-module-header-agent-main){ - background: white; - border-bottom: 1px solid #D3DAE6; +.wz-module-header-agent:not(.wz-module-header-agent-main) { + background: white; + border-bottom: 1px solid #d3dae6; } -.wz-welcome-page-agent-info.wz-welcome-page-agent-info-gray{ - border-top: 1px solid #d3dae6; - background: #fafbfd!important; - border-bottom: 1px solid #d3dae6; +.wz-welcome-page-agent-info.wz-welcome-page-agent-info-gray { + border-top: 1px solid #d3dae6; + background: #fafbfd !important; + border-bottom: 1px solid #d3dae6; } -.wz-welcome-page-agent-tabs{ - padding: 12px 16px 1px 10px; - min-height: 54px; - border-bottom: 1px solid #D3DAE6; - background-color: white; +.wz-welcome-page-agent-tabs { + padding: 12px 16px 1px 10px; + min-height: 54px; + border-bottom: 1px solid #d3dae6; + background-color: white; } -.wz-welcome-page-agent-info-actions{ - padding: 6px 0px 6px 0px; +.wz-welcome-page-agent-info-actions { + padding: 6px 0px 6px 0px; } -.wz-welcome-page-agent-info .euiStat .euiText{ - font-size: 12px; - font-family: sans-serif; +.wz-welcome-page-agent-info .euiStat .euiText { + font-size: 12px; + font-family: sans-serif; } .statWithLink:hover .euiTitle { - text-decoration: underline; + text-decoration: underline; } -span.statWithLink:hover { - text-decoration: underline; -} \ No newline at end of file +span.statWithLink:hover { + text-decoration: underline; +} + +// Header buttons of IT Hygiene application + +// Sidebar is open and locked +body.euiBody--hasFlyout:not(.euiBody-hasOverlayMask) { + @media only screen and (max-width: 1345px) { + // Hide button text depending on the window size + .wz-it-hygiene-header-button .euiButtonEmpty__text { + display: none; + } + } + + @media only screen and (min-width: 1346px) { + // Hide the tooltip of button depending on the window size + .wz-it-hygiene-header-button-tooltip { + display: none; + } + } +} + +// Sidebar is closed +body:not(.euiBody--hasFlyout) { + @media only screen and (max-width: 1025px) { + // Hide button text depending on the window size + .wz-it-hygiene-header-button .euiButtonEmpty__text { + display: none; + } + } + + @media only screen and (min-width: 1026px) { + // Hide the tooltip of button depending on the window size + .wz-it-hygiene-header-button-tooltip { + display: none; + } + } +} + +// Header buttons of IT Hygiene application diff --git a/plugins/main/public/components/wz-menu/wz-menu.scss b/plugins/main/public/components/wz-menu/wz-menu.scss index 02afe9d394..7eed9064ed 100644 --- a/plugins/main/public/components/wz-menu/wz-menu.scss +++ b/plugins/main/public/components/wz-menu/wz-menu.scss @@ -244,11 +244,3 @@ md-toolbar .md-button { height: 16px !important; margin-right: 6px; } - -.WzManagementSideMenu { - padding: 16px; -} - -.WzManagementSideMenu span { - font-size: 14px !important; -} diff --git a/plugins/main/public/utils/applications.ts b/plugins/main/public/utils/applications.ts index e198f0f7d9..aa675cd06b 100644 --- a/plugins/main/public/utils/applications.ts +++ b/plugins/main/public/utils/applications.ts @@ -76,7 +76,7 @@ export const endpointSumary = { description: i18n.translate('wz-app-endpoints-summary-description', { defaultMessage: 'Summary of agents and their status.', }), - euiIconType: 'usersRolesApp', + euiIconType: 'spacesApp', order: 600, showInOverviewApp: false, showInAgentMenu: false, From 12c618222d1618ea6cdde0f325dd9286deb365a6 Mon Sep 17 00:00:00 2001 From: Nicolas Agustin Guevara Pihen <42900763+Tostti@users.noreply.github.com> Date: Fri, 1 Dec 2023 13:24:12 -0300 Subject: [PATCH 10/26] Update development tools (#6187) * Upload script and requirements * Create readme * Add configuration and data files to gitignore * Remove unnecessary lines --- .gitignore | 4 + .../DIS_Template.json | 348 ++++++++++++++++++ .../dataInjectScript.py | 233 ++++++++++++ .../vulnerabilities-events-injector/readme.md | 18 + .../requirements.txt | 1 + 5 files changed, 604 insertions(+) create mode 100644 scripts/vulnerabilities-events-injector/DIS_Template.json create mode 100644 scripts/vulnerabilities-events-injector/dataInjectScript.py create mode 100644 scripts/vulnerabilities-events-injector/readme.md create mode 100644 scripts/vulnerabilities-events-injector/requirements.txt diff --git a/.gitignore b/.gitignore index f86051e821..08fe2e980f 100644 --- a/.gitignore +++ b/.gitignore @@ -83,3 +83,7 @@ public/assets/custom/* # Mac files .DS_Store + +#Vulnerabilities events injector config and data +scripts/vulnerabilities-events-injector/DIS_Settings.json +scripts/vulnerabilities-events-injector/generatedData.json diff --git a/scripts/vulnerabilities-events-injector/DIS_Template.json b/scripts/vulnerabilities-events-injector/DIS_Template.json new file mode 100644 index 0000000000..bb43bc9ab4 --- /dev/null +++ b/scripts/vulnerabilities-events-injector/DIS_Template.json @@ -0,0 +1,348 @@ +{ + "mappings": { + "date_detection": false, + "dynamic_templates": [ + { + "strings_as_keyword": { + "mapping": { + "ignore_above": 1024, + "type": "keyword" + }, + "match_mapping_type": "string" + } + } + ], + "properties": { + "@timestamp": { + "type": "date" + }, + "agent": { + "properties": { + "build": { + "properties": { + "original": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "ephemeral_id": { + "ignore_above": 1024, + "type": "keyword" + }, + "id": { + "ignore_above": 1024, + "type": "keyword" + }, + "name": { + "ignore_above": 1024, + "type": "keyword" + }, + "type": { + "ignore_above": 1024, + "type": "keyword" + }, + "version": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "ecs": { + "properties": { + "version": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "event": { + "properties": { + "action": { + "ignore_above": 1024, + "type": "keyword" + }, + "agent_id_status": { + "ignore_above": 1024, + "type": "keyword" + }, + "category": { + "ignore_above": 1024, + "type": "keyword" + }, + "code": { + "ignore_above": 1024, + "type": "keyword" + }, + "created": { + "type": "date" + }, + "dataset": { + "ignore_above": 1024, + "type": "keyword" + }, + "duration": { + "type": "long" + }, + "end": { + "type": "date" + }, + "hash": { + "ignore_above": 1024, + "type": "keyword" + }, + "id": { + "ignore_above": 1024, + "type": "keyword" + }, + "ingested": { + "type": "date" + }, + "kind": { + "ignore_above": 1024, + "type": "keyword" + }, + "module": { + "ignore_above": 1024, + "type": "keyword" + }, + "original": { + "doc_values": false, + "index": false, + "type": "keyword" + }, + "outcome": { + "ignore_above": 1024, + "type": "keyword" + }, + "provider": { + "ignore_above": 1024, + "type": "keyword" + }, + "reason": { + "ignore_above": 1024, + "type": "keyword" + }, + "reference": { + "ignore_above": 1024, + "type": "keyword" + }, + "risk_score": { + "type": "float" + }, + "risk_score_norm": { + "type": "float" + }, + "sequence": { + "type": "long" + }, + "severity": { + "type": "long" + }, + "start": { + "type": "date" + }, + "timezone": { + "ignore_above": 1024, + "type": "keyword" + }, + "type": { + "ignore_above": 1024, + "type": "keyword" + }, + "url": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "host": { + "properties": { + "os": { + "properties": { + "family": { + "ignore_above": 1024, + "type": "keyword" + }, + "full": { + "fields": { + "text": { + "type": "text" + } + }, + "ignore_above": 1024, + "type": "keyword" + }, + "kernel": { + "ignore_above": 1024, + "type": "keyword" + }, + "name": { + "fields": { + "text": { + "type": "text" + } + }, + "ignore_above": 1024, + "type": "keyword" + }, + "platform": { + "ignore_above": 1024, + "type": "keyword" + }, + "type": { + "ignore_above": 1024, + "type": "keyword" + }, + "version": { + "ignore_above": 1024, + "type": "keyword" + } + } + } + } + }, + "labels": { + "type": "object" + }, + "message": { + "type": "text" + }, + "package": { + "properties": { + "architecture": { + "ignore_above": 1024, + "type": "keyword" + }, + "build_version": { + "ignore_above": 1024, + "type": "keyword" + }, + "checksum": { + "ignore_above": 1024, + "type": "keyword" + }, + "description": { + "ignore_above": 1024, + "type": "keyword" + }, + "install_scope": { + "ignore_above": 1024, + "type": "keyword" + }, + "installed": { + "type": "date" + }, + "license": { + "ignore_above": 1024, + "type": "keyword" + }, + "name": { + "ignore_above": 1024, + "type": "keyword" + }, + "path": { + "ignore_above": 1024, + "type": "keyword" + }, + "reference": { + "ignore_above": 1024, + "type": "keyword" + }, + "size": { + "type": "long" + }, + "type": { + "ignore_above": 1024, + "type": "keyword" + }, + "version": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "tags": { + "ignore_above": 1024, + "type": "keyword" + }, + "vulnerability": { + "properties": { + "category": { + "ignore_above": 1024, + "type": "keyword" + }, + "classification": { + "ignore_above": 1024, + "type": "keyword" + }, + "description": { + "fields": { + "text": { + "type": "text" + } + }, + "ignore_above": 1024, + "type": "keyword" + }, + "enumeration": { + "ignore_above": 1024, + "type": "keyword" + }, + "id": { + "ignore_above": 1024, + "type": "keyword" + }, + "reference": { + "ignore_above": 1024, + "type": "keyword" + }, + "report_id": { + "ignore_above": 1024, + "type": "keyword" + }, + "scanner": { + "properties": { + "vendor": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "score": { + "properties": { + "base": { + "type": "float" + }, + "environmental": { + "type": "float" + }, + "temporal": { + "type": "float" + }, + "version": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "severity": { + "ignore_above": 1024, + "type": "keyword" + } + } + } + } + }, + "settings": { + "index": { + "codec": "best_compression", + "mapping": { + "total_fields": { + "limit": 1000 + } + }, + "refresh_interval": "2s" + } + } +} \ No newline at end of file diff --git a/scripts/vulnerabilities-events-injector/dataInjectScript.py b/scripts/vulnerabilities-events-injector/dataInjectScript.py new file mode 100644 index 0000000000..822612c5f6 --- /dev/null +++ b/scripts/vulnerabilities-events-injector/dataInjectScript.py @@ -0,0 +1,233 @@ +import datetime +from datetime import timedelta +from opensearchpy import OpenSearch, helpers +import random +import json +import os.path +import requests +import warnings + +warnings.filterwarnings("ignore") +def generateRandomDate(): + start_date = datetime.datetime.now() + end_date = start_date - timedelta(days=10) + random_date = start_date + (end_date - start_date) * random.random() + return(random_date.strftime("%Y-%m-%dT%H:%M:%S.{}Z".format(random.randint(0, 999)))) + +def generateRandomAgent(): + agent={} + agent['build'] = {'original':'build{}'.format(random.randint(0, 9999))} + agent['id'] = 'agent{}'.format(random.randint(0, 99)) + agent['name'] = 'Agent{}'.format(random.randint(0, 99)) + agent['version'] = 'v{}-stable'.format(random.randint(0, 9)) + agent['ephemeral_id'] = '{}'.format(random.randint(0, 99999)) + agent['type'] = random.choice(['filebeat','windows','linux','macos']) + return(agent) + +def generateRandomEvent(): + event = {} + event['action'] = random.choice(['login','logout','create','delete','modify','read','write','upload','download','copy','paste','cut','move','rename','open','close','execute','run','install','uninstall','start','stop','kill','suspend','resume','sleep','wake','lock','unlock','encrypt','decrypt','compress','decompress','archive','unarchive','mount','unmount','eject','connect','disconnect','send','receive']) + event['agent_id_status'] = random.choice(['verified','mismatch','missing','auth_metadata_missing']) + event['category'] = random.choice(['authentication','authorization','configuration','communication','file','network','process','registry','storage','system','web']) + event['code'] = '{}'.format(random.randint(0, 99999)) + event['created'] = generateRandomDate() + event['dataset'] = random.choice(['process','file','registry','socket','dns','http','tls','alert','authentication','authorization','configuration','communication','file','network','process','registry','storage','system','web']) + event['duration'] = random.randint(0, 99999) + new_date = generateRandomDate() + while new_date < event['created']: + new_date = generateRandomDate() + event['end'] = new_date + event['hash'] = str(hash('hash{}'.format(random.randint(0, 99999)))) + event['id'] = '{}'.format(random.randint(0, 99999)) + event['ingested'] = generateRandomDate() + event['kind'] = random.choice(['alert','asset','enrichment','event','metric','state','pipeline_error','signal']) + event['module'] = random.choice(['process','file','registry','socket','dns','http','tls','alert','authentication','authorization','configuration','communication','file','network','process','registry','storage','system','web']) + event['original'] = 'original{}'.format(random.randint(0, 99999)) + event['outcome'] = random.choice(['success','failure','unknown']) + event['provider'] = random.choice(['process','file','registry','socket','dns','http','tls','alert','authentication','authorization','configuration','communication','file','network','process','registry','storage','system','web']) + event['reason'] = 'This event happened due to reason{}'.format(random.randint(0, 99999)) + event['reference'] = 'https://system.example.com/event/#{}'.format(random.randint(0, 99999)) + event['risk_score'] = round(random.uniform(0, 10),1) + event['risk_score_norm'] = round(random.uniform(0, 10),1) + event['sequence'] = random.randint(0, 10) + event['severity'] = random.randint(0, 10) + event['start'] = generateRandomDate() + event['timezone'] = random.choice(['UTC','GMT','PST','EST','CST','MST','PDT','EDT','CDT','MDT']) + event['type'] = random.choice(['access','admin','allowed', 'change', 'connection', 'creation', 'deletion', 'denied', 'end', 'error', 'group', 'indicator', 'info', 'installation', 'protocol', 'start', 'user']) + event['url'] = 'http://mysystem.example.com/alert/{}'.format(random.randint(0, 99999)) + return(event) + +def generateRandomHost(): + host = {} + family=random.choice(['debian','ubuntu','macos','ios','android','RHEL']) + version='{}.{}'.format(random.randint(0, 99),random.randint(0, 99)) + host['os'] = { + 'family': family, + 'full': family + ' ' + version, + 'kernel': version+'kernel{}'.format(random.randint(0, 99)), + 'name': family + ' ' + version, + 'platform': family, + 'type': random.choice(['windows','linux','macos','ios','android','unix']), + 'version': version + } + return(host) + + + +def generateRandomLabels(): + labels = {} + labels['label1'] = 'label{}'.format(random.randint(0, 99)) + labels['label2'] = 'label{}'.format(random.randint(0, 99)) + return(labels) + +def generateRandomPackage(): + package = {} + package['architecture'] = random.choice(['x86','x64','arm','arm64']) + package['build_version'] = 'build{}'.format(random.randint(0, 9999)) + package['checksum'] = 'checksum{}'.format(random.randint(0, 9999)) + package['description'] = 'description{}'.format(random.randint(0, 9999)) + package['install_scope'] = random.choice(['user','system']) + package['install_time'] = generateRandomDate() + package['license'] = 'license{}'.format(random.randint(0, 9)) + package['name'] = 'name{}'.format(random.randint(0, 99)) + package['path'] = '/path/to/package{}'.format(random.randint(0, 99)) + package['reference'] = 'package-reference-{}'.format(random.randint(0, 99)) + package['size'] = random.randint(0, 99999) + package['type'] = random.choice(['deb','rpm','msi','pkg','app','apk','exe','zip','tar','gz','7z','rar','cab','iso','dmg','tar.gz','tar.bz2','tar.xz','tar.Z','tar.lz4','tar.sz','tar.zst']) + package['version'] = 'v{}-stable'.format(random.randint(0, 9)) + return(package) + +def generateRandomTags(): + tags = [] + for i in range(0, random.randint(0, 9)): + new_tag = 'tag{}'.format(random.randint(0, 99)) + while new_tag in tags: + new_tag = 'tag{}'.format(random.randint(0, 99)) + tags.append('tag{}'.format(random.randint(0, 99))) + return(tags) + +def generateRandomVulnerability(): + vulnerability = {} + vulnerability['category'] = random.choice(['security','config','os','package','custom']) + vulnerability['classification'] = 'classification{}'.format(random.randint(0, 9999)) + vulnerability['description'] = 'description{}'.format(random.randint(0, 9999)) + vulnerability['enumeration'] = 'CVE' + vulnerability['id'] = 'CVE-{}'.format(random.randint(0, 9999)) + vulnerability['reference'] = 'https://mycve.test.org/cgi-bin/cvename.cgi?name={}'.format(vulnerability['id']) + vulnerability['report_id'] = 'report-{}'.format(random.randint(0, 9999)) + vulnerability['scanner'] = {'vendor':'vendor-{}'.format(random.randint(0, 9))} + vulnerability['score'] = {'base':round(random.uniform(0, 10),1), 'environmental':round(random.uniform(0, 10),1), 'temporal':round(random.uniform(0, 10),1),'version':'{}'.format(round(random.uniform(0, 10),1))} + vulnerability['severity'] = random.choice(['Low','Medium','High','Critical']) + return(vulnerability) + +def generateRandomData(number): + for i in range(0, int(number)): + yield{ + '@timestamp':generateRandomDate(), + 'agent':generateRandomAgent(), + 'ecs':{'version':'1.7.0'}, + 'event':generateRandomEvent(), + 'host':generateRandomHost(), + 'labels':generateRandomLabels(), + 'message':'message{}'.format(random.randint(0, 99999)), + 'package':generateRandomPackage(), + 'tags':generateRandomTags(), + 'vulnerability':generateRandomVulnerability(), + } + +def verifyIndex(index,instance): + if not instance.indices.exists(index): + if os.path.exists('DIS_Template.json'): + print('\nIndex {} does not exist. Trying to create it with the template in DIS_Template.json'.format(index)) + with open('DIS_Template.json') as templateFile: + template = json.load(templateFile) + try: + instance.indices.create(index=index, body=template) + indexExist = True + print('Done!') + except Exception as e: + print('Error: {}'.format(e)) + return True + else: + notemplate=input('\nIndex {} does not exist. Template file not found. Continue without template? (y/n)'.format(index)) + while notemplate != 'y' and notemplate != 'n': + notemplate=input('\nInvalid option. Continue without template? (y/n)') + if notemplate == 'y': + print('\nTrying to create index {} without template'.format(index)) + try: + instance.indices.create(index=index) + print('\nDone!') + except Exception as e: + print('\nError: {}'.format(e)) + return True + return False + +def verifySettings(): + verified = False + if os.path.exists('DIS_Settings.json'): + with open('DIS_Settings.json') as configFile: + config = json.load(configFile) + if 'ip' not in config or 'port' not in config or 'index' not in config or 'username' not in config or 'password' not in config: + print('\nDIS_Settings.json is not properly configured. Continuing without it.') + else: + verified = True + else: + print('\nDIS_Settings.json not found. Continuing without it.') + + if not verified: + ip = input("\nEnter the IP of your Indexer: \n") + port = input("\nEnter the port of your Indexer: \n") + index = input("\nEnter the index name: \n") + url = 'https://{}:{}/{}/_doc'.format(ip, port, index) + username = input("\nUsername: \n") + password = input("\nPassword: \n") + config = json.dumps({'ip':ip,'port':port,'index':index,'username':username,'password':password}) + store = input("\nDo you want to store these settings for future use? (y/n) \n") + while store != 'y' and store != 'n': + store = input("\nInvalid option.\n Do you want to store these settings for future use? (y/n) \n") + if store == 'y': + with open('\nDIS_Settings.json', 'w') as configFile: + configFile.write(config) + return config + +def injectEvents(generator): + config = verifySettings() + + instance = OpenSearch([{'host':config['ip'],'port':config['port']}], http_auth=(config['username'], config['password']), use_ssl=True, verify_certs=False) + + if not instance.ping(): + print('\nError: Could not connect to the indexer') + return + + if (verifyIndex(config['index'],instance)): + print('\nTrying to inject the generated data...\n') + try: + helpers.bulk(instance, generator, index=config['index']) + print('\nDone!') + except Exception as e: + print('\nError: {}'.format(e)) + return + + +def main(): + action = input("Do you want to inject data or save it to a file? (i/s) \n") + while(action != 'i' and action != 's'): + action = input("\nInvalid option.\n Do you want to inject data or save it to a file? (i/s) \n") + number = input("\nHow many events do you want to generate? \n") + while(not number.isdigit()): + number = input("Invalid option.\n How many events do you want to generate? \n") + data = generateRandomData(number) + if action == 's': + print('\nGenerating {} events...\n'.format(number)) + outfile = open('generatedData.json','a') + for i in data: + json.dump(i, outfile) + outfile.write('\n') + outfile.close() + print('\nDone!\n') + else: + injectEvents(data) + return + +if __name__=="__main__": + main() diff --git a/scripts/vulnerabilities-events-injector/readme.md b/scripts/vulnerabilities-events-injector/readme.md new file mode 100644 index 0000000000..3770387005 --- /dev/null +++ b/scripts/vulnerabilities-events-injector/readme.md @@ -0,0 +1,18 @@ +# Vulnerabilities events injector + +This script generates random events with the Vulnerabilities format and saves them to a file or injects them to a Wazuh-Indexer/Opensearch instance. + +# Files + +- `dataInjectScript.py`: The main script file +- `DIS_Template.json`: If the script creates a new index in the instance, it will create it with this template. If this file doesn't exist, it will create it without templates. +- `DIS_Settings.json`: The script can save the Indexer/Opensearch connection parameters. They will be stored in this file. +- `generatedData.json`: If the script is told to save the data to a file, it save it to this file. + +# Usage + +1. Install the requirements with `pip install -r requirements.txt`. For some Operating Systems it will fail and suggest a different way to install it (`sudo pacman -S python-xyz`, `sudo apt install python-xyz`, etc.). + If the package is not found in this way, we can install it running `pip install -r requirements.txt --break-system-packages` (It is recommended to avoid this option if possible) + +2. Run the script with `python3 dataInjectScript.py` +3. Follow the instructions that it will show on the console. diff --git a/scripts/vulnerabilities-events-injector/requirements.txt b/scripts/vulnerabilities-events-injector/requirements.txt new file mode 100644 index 0000000000..7e8ce75a5b --- /dev/null +++ b/scripts/vulnerabilities-events-injector/requirements.txt @@ -0,0 +1 @@ +opensearch_py==2.4.2 From 1b044ded809d77b8f1453d2d7e5528374b15729a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Julio=20C=C3=A9sar=20Biset?= <43619595+jbiset@users.noreply.github.com> Date: Fri, 1 Dec 2023 15:43:07 -0300 Subject: [PATCH 11/26] Fix show call-out warning when there is no data in the vulnerabilities index (#6173) * Add check vulnerabilities index fields * Create useCheckIndexFields and WarningError * Update Dashboard and Inventory with check Index * Fix columns and names from index pattern in dashboard and inventory * Update CHANGELOG * Update CHANGELOG --------- Co-authored-by: Maximiliano Co-authored-by: Federico Rodriguez --- CHANGELOG.md | 2 +- plugins/main/common/constants.ts | 1 + .../services/check-pattern-support.service.ts | 75 ++++--- .../common/components/no_results.tsx | 166 ++------------- .../common/hooks/useCheckIndexFields.tsx | 83 ++++++++ .../dashboards/inventory/config/index.ts | 6 - .../dashboards/inventory/inventory.tsx | 40 +++- .../dashboards/overview/dashboard.tsx | 192 +++++++++++------- .../dashboards/overview/dashboard_panels.ts | 19 +- .../overview/dashboard_panels_filters.ts | 2 +- .../overview/dashboard_panels_kpis.ts | 8 +- .../error-factory/errors/WarningError.ts | 20 ++ .../public/react-services/saved-objects.js | 10 +- plugins/wazuh-core/common/constants.ts | 1 + 14 files changed, 316 insertions(+), 309 deletions(-) create mode 100644 plugins/main/public/components/overview/vulnerabilities/common/hooks/useCheckIndexFields.tsx create mode 100644 plugins/main/public/react-services/error-management/error-factory/errors/WarningError.ts diff --git a/CHANGELOG.md b/CHANGELOG.md index a0cb5fbf41..319620786c 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -10,7 +10,7 @@ All notable changes to the Wazuh app project will be documented in this file. - Added the ability to check if there are available updates from the UI. [#6093](https://github.com/wazuh/wazuh-dashboard-plugins/pull/6093) - Added remember server address check [#5791](https://github.com/wazuh/wazuh-dashboard-plugins/pull/5791) - Added the ssl_agent_ca configuration to the SSL Settings form [#6083](https://github.com/wazuh/wazuh-dashboard-plugins/pull/6083) -- Added global vulnerabilities dashboards [#5896](https://github.com/wazuh/wazuh-dashboard-plugins/pull/5896) [#6179](https://github.com/wazuh/wazuh-dashboard-plugins/pull/6179) +- Added global vulnerabilities dashboards [#5896](https://github.com/wazuh/wazuh-dashboard-plugins/pull/5896) [#6179](https://github.com/wazuh/wazuh-dashboard-plugins/pull/6179) [#6173](https://github.com/wazuh/wazuh-dashboard-plugins/pull/6173) [#6147](https://github.com/wazuh/wazuh-dashboard-plugins/pull/6147) - Added an agent selector to the IT Hygiene application [#5840](https://github.com/wazuh/wazuh-dashboard-plugins/pull/5840) - Added query results limit when the search exceed 10000 hits [#6106](https://github.com/wazuh/wazuh-dashboard-plugins/pull/6106) - Added a redirection button to Endpoint Summary from IT Hygiene application [6176](https://github.com/wazuh/wazuh-dashboard-plugins/pull/6176) diff --git a/plugins/main/common/constants.ts b/plugins/main/common/constants.ts index 4949a30685..ab420dcaac 100644 --- a/plugins/main/common/constants.ts +++ b/plugins/main/common/constants.ts @@ -50,6 +50,7 @@ export const WAZUH_STATISTICS_DEFAULT_CRON_FREQ = '0 */5 * * * *'; // Wazuh vulnerabilities export const WAZUH_VULNERABILITIES_PATTERN = 'wazuh-states-vulnerabilities'; +export const WAZUH_INDEX_TYPE_VULNERABILITIES = 'vulnerabilities'; // Job - Wazuh initialize export const WAZUH_PLUGIN_PLATFORM_TEMPLATE_NAME = 'wazuh-kibana'; diff --git a/plugins/main/public/components/health-check/services/check-pattern-support.service.ts b/plugins/main/public/components/health-check/services/check-pattern-support.service.ts index 611f6fd1a2..aca4d986a4 100644 --- a/plugins/main/public/components/health-check/services/check-pattern-support.service.ts +++ b/plugins/main/public/components/health-check/services/check-pattern-support.service.ts @@ -12,6 +12,7 @@ * */ import { SavedObject } from '../../../react-services'; +import { WarningError } from '../../../react-services/error-management/error-factory/errors/WarningError'; import { CheckLogger } from '../types/check_logger'; export const checkPatternSupportService = @@ -29,52 +30,50 @@ export const checkPatternSupportService = `Getting indices fields for the index pattern id [${pattern}]...`, ); const fields = await SavedObject.getIndicesFields(pattern, indexType); - if (fields) { - checkLogger.info( - `Fields for index pattern id [${pattern}] found: ${fields.length}`, - ); - checkLogger.info(`Creating saved object for the index pattern with id [${pattern}]. + checkLogger.info( + `Fields for index pattern id [${pattern}] found: ${fields.length}`, + ); + checkLogger.info(`Creating saved object for the index pattern with id [${pattern}]. title: ${pattern} id: ${pattern} timeFieldName: ${timeFieldName} ${fields ? `fields: ${fields.length}` : ''}`); - await SavedObject.createSavedObject( - 'index-pattern', - pattern, - { - attributes: { - title: pattern, - timeFieldName, - }, + await SavedObject.createSavedObject( + 'index-pattern', + pattern, + { + attributes: { + title: pattern, + timeFieldName, }, - fields, - ); - checkLogger.action( - `Created the saved object for the index pattern id [${pattern}]`, - ); - const indexPatternSavedObjectIDs = [pattern]; - // Check the index pattern saved objects can be found using `GET /api/saved_objects/_find` endpoint. - // Related issue: https://github.com/wazuh/wazuh-dashboard-plugins/issues/4293 - checkLogger.info( - `Checking the integrity of saved objects. Validating ${indexPatternSavedObjectIDs.join( - ',', - )} can be found...`, - ); - await SavedObject.validateIndexPatternSavedObjectCanBeFound( - indexPatternSavedObjectIDs, - ); - checkLogger.info('Integrity of saved objects: [ok]'); + }, + fields, + ); + checkLogger.action( + `Created the saved object for the index pattern id [${pattern}]`, + ); + const indexPatternSavedObjectIDs = [pattern]; + // Check the index pattern saved objects can be found using `GET /api/saved_objects/_find` endpoint. + // Related issue: https://github.com/wazuh/wazuh-dashboard-plugins/issues/4293 + checkLogger.info( + `Checking the integrity of saved objects. Validating ${indexPatternSavedObjectIDs.join( + ',', + )} can be found...`, + ); + await SavedObject.validateIndexPatternSavedObjectCanBeFound( + indexPatternSavedObjectIDs, + ); + checkLogger.info('Integrity of saved objects: [ok]'); + } catch (error) { + if (error.name === 'WarningError') { + checkLogger.warning(error.message || error); } else { - checkLogger.warning( - `No indices fields found for index pattern id [${pattern}], it is necessary to check the index...`, + checkLogger.error( + `Error creating index pattern id [${pattern}]: ${ + error.message || error + }`, ); } - } catch (error) { - checkLogger.error( - `Error creating index pattern id [${pattern}]: ${ - error.message || error - }`, - ); } } }; diff --git a/plugins/main/public/components/overview/vulnerabilities/common/components/no_results.tsx b/plugins/main/public/components/overview/vulnerabilities/common/components/no_results.tsx index 3d592c867d..babfd51d32 100644 --- a/plugins/main/public/components/overview/vulnerabilities/common/components/no_results.tsx +++ b/plugins/main/public/components/overview/vulnerabilities/common/components/no_results.tsx @@ -28,170 +28,32 @@ * under the License. */ -import React, { Fragment } from 'react'; +import React from 'react'; import { FormattedMessage, I18nProvider } from '@osd/i18n/react'; -import { - EuiCallOut, - EuiCode, - EuiDescriptionList, - EuiLink, - EuiPanel, - EuiSpacer, - EuiText, -} from '@elastic/eui'; +import { EuiCallOut, EuiPanel } from '@elastic/eui'; interface Props { - timeFieldName?: string; - queryLanguage?: string; + message?: string; } -export const DiscoverNoResults = ({ timeFieldName, queryLanguage }: Props) => { - let timeFieldMessage; - - if (timeFieldName) { - timeFieldMessage = ( - - - - -

- -

- -

- -

- - - ); - } - - let luceneQueryMessage; - - if (queryLanguage === 'lucene') { - const searchExamples = [ - { - description: 200, - title: ( - - - - - - ), - }, - { - description: status:200, - title: ( - - - - - - ), - }, - { - description: status:[400 TO 499], - title: ( - - - - - - ), - }, - { - description: status:[400 TO 499] AND extension:PHP, - title: ( - - - - - - ), - }, - { - description: status:[400 TO 499] AND (extension:php OR extension:html), - title: ( - - - - - - ), - }, - ]; - - luceneQueryMessage = ( - - - - -

- -

- -

- -

- - - - - - - - - ); - } - +export const DiscoverNoResults = ({ message }: Props) => { return ( - + + message ?? ( + + ) } - color="warning" - iconType="help" - data-test-subj="discoverNoResults" + color='warning' + iconType='help' + data-test-subj='discoverNoResults' /> - {timeFieldMessage} - {luceneQueryMessage} ); diff --git a/plugins/main/public/components/overview/vulnerabilities/common/hooks/useCheckIndexFields.tsx b/plugins/main/public/components/overview/vulnerabilities/common/hooks/useCheckIndexFields.tsx new file mode 100644 index 0000000000..75112cbc85 --- /dev/null +++ b/plugins/main/public/components/overview/vulnerabilities/common/hooks/useCheckIndexFields.tsx @@ -0,0 +1,83 @@ +import { useState, useEffect } from 'react'; +import { search } from '../../dashboards/inventory/inventory_service'; +import { + IIndexPattern, + IndexPattern, + Filter, +} from '../../../../../../../../src/plugins/data/public'; +import { + ErrorFactory, + HttpError, +} from '../../../../../react-services/error-management'; +import { SavedObject } from '../../../../../react-services'; + +interface UseCheckIndexFieldsResult { + isLoading: boolean; + isSuccess: boolean; + isError: boolean; + error: Error | null; + resultIndexData: any; +} + +const useCheckIndexFields = ( + indexPatternId: string, + indexPattern: IIndexPattern | undefined, + indexType: string, + filters?: Filter[], + query?: any, +) => { + const [isError, setIsError] = useState(false); + const [error, setError] = useState(null); + const [isSuccess, setIsSuccess] = useState(false); + const [resultIndexData, setResultIndexData] = useState(null); + const [isLoading, setIsLoading] = useState(true); + + useEffect(() => { + if (indexPatternId) { + const checkIndexFields = async () => { + try { + // Check that the index exists + await SavedObject.getIndicesFields(indexPatternId, indexType); + setIsSuccess(true); + + // Check that the index has data + search({ + indexPattern: indexPattern as IndexPattern, + filters, + query, + }) + .then((results: any) => { + setResultIndexData(results); + setIsLoading(false); + }) + .catch((error: any) => { + const searchError = ErrorFactory.create(HttpError, { + error, + message: 'Error fetching vulnerabilities', + }); + setError(searchError); + setIsError(true); + setIsLoading(false); + }); + } catch (error) { + setError(error); + setIsError(true); + setIsSuccess(false); + setIsLoading(false); + } + }; + + checkIndexFields(); + } + }, [indexPatternId]); + + return { + isError, + error, + isSuccess, + resultIndexData, + isLoading, + } as UseCheckIndexFieldsResult; +}; + +export default useCheckIndexFields; diff --git a/plugins/main/public/components/overview/vulnerabilities/dashboards/inventory/config/index.ts b/plugins/main/public/components/overview/vulnerabilities/dashboards/inventory/config/index.ts index f6d6c14a0d..c6e98c1bb0 100644 --- a/plugins/main/public/components/overview/vulnerabilities/dashboards/inventory/config/index.ts +++ b/plugins/main/public/components/overview/vulnerabilities/dashboards/inventory/config/index.ts @@ -9,9 +9,6 @@ export const inventoryTableDefaultColumns: EuiDataGridColumn[] = [ { id: 'package.version', }, - { - id: 'package.architecture', - }, { id: 'vulnerability.severity', }, @@ -24,7 +21,4 @@ export const inventoryTableDefaultColumns: EuiDataGridColumn[] = [ { id: 'vulnerability.score.base', }, - { - id: 'event.created', - } ] \ No newline at end of file diff --git a/plugins/main/public/components/overview/vulnerabilities/dashboards/inventory/inventory.tsx b/plugins/main/public/components/overview/vulnerabilities/dashboards/inventory/inventory.tsx index 4f7cdc1518..121b356289 100644 --- a/plugins/main/public/components/overview/vulnerabilities/dashboards/inventory/inventory.tsx +++ b/plugins/main/public/components/overview/vulnerabilities/dashboards/inventory/inventory.tsx @@ -15,8 +15,6 @@ import { EuiFlyoutHeader, EuiTitle, EuiButtonEmpty, - EuiCallOut, - EuiSpacer, } from '@elastic/eui'; import { IndexPattern } from '../../../../../../../../src/plugins/data/common'; import { SearchResponse } from '../../../../../../../../src/core/server'; @@ -37,6 +35,8 @@ import { withErrorBoundary } from '../../../../common/hocs'; import { HitsCounter } from '../../../../../kibana-integrations/discover/application/components/hits_counter/hits_counter'; import { formatNumWithCommas } from '../../../../../kibana-integrations/discover/application/helpers'; import { useAppConfig } from '../../../../common/hooks'; +import { WAZUH_INDEX_TYPE_VULNERABILITIES } from '../../../../../../common/constants'; +import useCheckIndexFields from '../../common/hooks/useCheckIndexFields'; const InventoryVulsComponent = () => { const appConfig = useAppConfig(); @@ -93,8 +93,22 @@ const InventoryVulsComponent = () => { indexPattern: indexPattern as IndexPattern, }); + const { + isError, + error, + isSuccess, + resultIndexData, + isLoading: isLoadingCheckIndex, + } = useCheckIndexFields( + VULNERABILITIES_INDEX_PATTERN_ID, + indexPatterns?.[0], + WAZUH_INDEX_TYPE_VULNERABILITIES, + filters, + query, + ); + useEffect(() => { - if (!isLoading) { + if (!isLoading && isSuccess) { setIndexPattern(indexPatterns?.[0] as IndexPattern); search({ indexPattern: indexPatterns?.[0] as IndexPattern, @@ -120,12 +134,9 @@ const InventoryVulsComponent = () => { JSON.stringify(searchBarProps), JSON.stringify(pagination), JSON.stringify(sorting), + isLoadingCheckIndex, ]); - const timeField = indexPattern?.timeFieldName - ? indexPattern.timeFieldName - : undefined; - const onClickExportResults = async () => { const params = { indexPattern: indexPatterns?.[0] as IndexPattern, @@ -161,7 +172,7 @@ const InventoryVulsComponent = () => { grow > <> - {isLoading ? ( + {isLoading || isLoadingCheckIndex ? ( ) : ( { /> )} {isSearching ? : null} - {!isLoading && !isSearching && results?.hits?.total === 0 ? ( - + {!isLoading && + !isSearching && + (isError || + results?.hits?.total === 0 || + resultIndexData?.hits?.total === 0) ? ( + ) : null} - {!isLoading && !isSearching && results?.hits?.total > 0 ? ( + {!isLoading && + !isSearching && + isSuccess && + results?.hits?.total > 0 ? ( { +const DashboardVulsComponent: React.FC = () => { const appConfig = useAppConfig(); const VULNERABILITIES_INDEX_PATTERN_ID = appConfig.data['vulnerabilities.pattern']; - const { searchBarProps } = useSearchBarConfiguration({ defaultIndexPatternID: VULNERABILITIES_INDEX_PATTERN_ID, filters: [], }); + const { + isLoading: isLoadingSearchbar, + filters, + query, + indexPatterns, + } = searchBarProps; + + const { isError, error, isSuccess, resultIndexData, isLoading } = + useCheckIndexFields( + VULNERABILITIES_INDEX_PATTERN_ID, + indexPatterns?.[0], + WAZUH_INDEX_TYPE_VULNERABILITIES, + filters, + query, + ); return ( <> - + <> + {isLoading || isLoadingSearchbar ? : null} + {!isLoading && !isLoadingSearchbar ? ( + + ) : null} + {!isLoadingSearchbar && + !isLoading && + (isError || resultIndexData?.hits?.total === 0) ? ( + + ) : null} + {!isLoadingSearchbar && !isLoading && isSuccess ? ( + <> +
+ +
+ + + + ) : null} + -
- -
- - ); }; + +export const DashboardVuls = withErrorBoundary(DashboardVulsComponent); diff --git a/plugins/main/public/components/overview/vulnerabilities/dashboards/overview/dashboard_panels.ts b/plugins/main/public/components/overview/vulnerabilities/dashboards/overview/dashboard_panels.ts index ee101d39a4..d4d44a3f23 100644 --- a/plugins/main/public/components/overview/vulnerabilities/dashboards/overview/dashboard_panels.ts +++ b/plugins/main/public/components/overview/vulnerabilities/dashboards/overview/dashboard_panels.ts @@ -398,7 +398,7 @@ const getVisStateAccumulationMostDetectedVulnerabilities = ( enabled: true, type: 'date_histogram', params: { - field: 'event.created', + field: '@timestamp', timeRange: { from: 'now-24h', to: 'now', @@ -493,23 +493,6 @@ const getVisStateInventoryTable = (indexPatternId: string) => { }, schema: 'bucket', }, - { - id: '4', - enabled: true, - type: 'terms', - params: { - field: 'package.architecture', - orderBy: '1', - order: 'desc', - size: 5, - otherBucket: false, - otherBucketLabel: 'Other', - missingBucket: false, - missingBucketLabel: 'Missing', - customLabel: 'architecture', - }, - schema: 'bucket', - }, { id: '5', enabled: true, diff --git a/plugins/main/public/components/overview/vulnerabilities/dashboards/overview/dashboard_panels_filters.ts b/plugins/main/public/components/overview/vulnerabilities/dashboards/overview/dashboard_panels_filters.ts index 387d5d8f4f..791b505bb1 100644 --- a/plugins/main/public/components/overview/vulnerabilities/dashboards/overview/dashboard_panels_filters.ts +++ b/plugins/main/public/components/overview/vulnerabilities/dashboards/overview/dashboard_panels_filters.ts @@ -112,7 +112,7 @@ export const getDashboardFilters = ( indexPatternId, 'Top Operating system vulnerabilities', 'Operating system', - 'host.os.name', + 'host.os.full', ), }, }, diff --git a/plugins/main/public/components/overview/vulnerabilities/dashboards/overview/dashboard_panels_kpis.ts b/plugins/main/public/components/overview/vulnerabilities/dashboards/overview/dashboard_panels_kpis.ts index e86749e9ec..a4494d9c05 100644 --- a/plugins/main/public/components/overview/vulnerabilities/dashboards/overview/dashboard_panels_kpis.ts +++ b/plugins/main/public/components/overview/vulnerabilities/dashboards/overview/dashboard_panels_kpis.ts @@ -72,7 +72,7 @@ const getVisStateSeverityCritical = (indexPatternId: string) => { filters: [ { input: { - query: 'vulnerability.severity:"critical"', + query: 'vulnerability.severity:"Critical"', language: 'kuery', }, label: '- Critical Severity Alerts', @@ -164,7 +164,7 @@ const getVisStateSeverityHigh = (indexPatternId: string) => { filters: [ { input: { - query: 'vulnerability.severity:"high"', + query: 'vulnerability.severity:"High"', language: 'kuery', }, label: '- High Severity Alerts', @@ -249,7 +249,7 @@ const getVisStateSeverityMedium = (indexPatternId: string) => { filters: [ { input: { - query: 'vulnerability.severity:"medium"', + query: 'vulnerability.severity:"Medium"', language: 'kuery', }, label: '- Medium Severity Alerts', @@ -334,7 +334,7 @@ const getVisStateSeverityLow = (indexPatternId: string) => { filters: [ { input: { - query: 'vulnerability.severity:"low"', + query: 'vulnerability.severity:"Low"', language: 'kuery', }, label: '- Low Severity Alerts', diff --git a/plugins/main/public/react-services/error-management/error-factory/errors/WarningError.ts b/plugins/main/public/react-services/error-management/error-factory/errors/WarningError.ts new file mode 100644 index 0000000000..80882c4fe7 --- /dev/null +++ b/plugins/main/public/react-services/error-management/error-factory/errors/WarningError.ts @@ -0,0 +1,20 @@ +import { IWazuhErrorInfo, IWazuhErrorLogOpts } from '../../types'; +import WazuhError from './WazuhError'; + +export class WarningError extends WazuhError { + logOptions: IWazuhErrorLogOpts; + constructor(error: Error, info?: IWazuhErrorInfo) { + super(error, info); + this.logOptions = { + error: { + message: `[${this.constructor.name}]: ${error.message}`, + title: `An warning has occurred`, + error: error, + }, + level: 'WARNING', + severity: 'BUSINESS', + display: true, + store: false, + }; + } +} diff --git a/plugins/main/public/react-services/saved-objects.js b/plugins/main/public/react-services/saved-objects.js index f66fc25321..518875a355 100644 --- a/plugins/main/public/react-services/saved-objects.js +++ b/plugins/main/public/react-services/saved-objects.js @@ -24,6 +24,8 @@ import { } from '../../common/constants'; import { getSavedObjects } from '../kibana-services'; import { webDocumentationLink } from '../../common/services/web_documentation'; +import { ErrorFactory } from './error-management'; +import { WarningError } from './error-management/error-factory/errors/WarningError'; export class SavedObject { /** @@ -322,7 +324,7 @@ export class SavedObject { {}, ); return response.data.fields; - } catch { + } catch (error) { switch (indexType) { case WAZUH_INDEX_TYPE_MONITORING: return FieldsMonitoring; @@ -330,6 +332,12 @@ export class SavedObject { return FieldsStatistics; case WAZUH_INDEX_TYPE_ALERTS: return KnownFields; + default: + const warningError = ErrorFactory.create(WarningError, { + error, + message: error.message, + }); + throw warningError; } } }; diff --git a/plugins/wazuh-core/common/constants.ts b/plugins/wazuh-core/common/constants.ts index 4949a30685..ab420dcaac 100644 --- a/plugins/wazuh-core/common/constants.ts +++ b/plugins/wazuh-core/common/constants.ts @@ -50,6 +50,7 @@ export const WAZUH_STATISTICS_DEFAULT_CRON_FREQ = '0 */5 * * * *'; // Wazuh vulnerabilities export const WAZUH_VULNERABILITIES_PATTERN = 'wazuh-states-vulnerabilities'; +export const WAZUH_INDEX_TYPE_VULNERABILITIES = 'vulnerabilities'; // Job - Wazuh initialize export const WAZUH_PLUGIN_PLATFORM_TEMPLATE_NAME = 'wazuh-kibana'; From 740e2e18e7aad49c22c53055e05c9e744eede163 Mon Sep 17 00:00:00 2001 From: Federico Rodriguez Date: Fri, 1 Dec 2023 20:47:54 +0100 Subject: [PATCH 12/26] Fix exception reading policy_id property of undefined in IT-hygiene (#6177) * Handle undefined properties from groups and policies * Inventory tables check if they have the properties they need * clear agent param in url when unpinned * Fix clearing agent in URL when unpinned * Add HOC to guard the tables properties * Clean test code * Fix HOC implementation * Update test snapshot * Fix snapshot * Add changelog --- CHANGELOG.md | 3 + .../__snapshots__/inventory.test.tsx.snap | 48 +-- .../agents/syscollector/components/index.ts | 7 + .../components/network-interfaces-table.tsx | 67 ++++ .../components/network-ports-table.tsx | 72 ++++ .../components/network-settings-table.tsx | 67 ++++ .../components/packages-table.tsx | 70 ++++ .../components/processes-table.tsx | 70 ++++ .../components/windows-updates-table.tsx | 69 ++++ .../components/with-so-platform-guard.tsx | 28 ++ .../agents/syscollector/inventory.scss | 3 + .../agents/syscollector/inventory.tsx | 367 +----------------- .../agent-group-truncate/group-truncate.tsx | 2 +- .../components/common/welcome/agents-info.js | 3 +- .../common/welcome/agents-welcome.js | 6 + .../welcome/components/sca_scan/sca_scan.tsx | 28 +- .../wz-agent-selector/wz-agent-selector.js | 10 +- .../agent/components/agents-table.js | 14 +- .../management/groups/group-agents-table.js | 3 + 19 files changed, 539 insertions(+), 398 deletions(-) create mode 100644 plugins/main/public/components/agents/syscollector/components/index.ts create mode 100644 plugins/main/public/components/agents/syscollector/components/network-interfaces-table.tsx create mode 100644 plugins/main/public/components/agents/syscollector/components/network-ports-table.tsx create mode 100644 plugins/main/public/components/agents/syscollector/components/network-settings-table.tsx create mode 100644 plugins/main/public/components/agents/syscollector/components/packages-table.tsx create mode 100644 plugins/main/public/components/agents/syscollector/components/processes-table.tsx create mode 100644 plugins/main/public/components/agents/syscollector/components/windows-updates-table.tsx create mode 100644 plugins/main/public/components/agents/syscollector/components/with-so-platform-guard.tsx create mode 100644 plugins/main/public/components/agents/syscollector/inventory.scss diff --git a/CHANGELOG.md b/CHANGELOG.md index 319620786c..fa4f66baf1 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -26,6 +26,9 @@ All notable changes to the Wazuh app project will be documented in this file. - Fixed a problem with the agent menu header when the side menu is docked [#5840](https://github.com/wazuh/wazuh-dashboard-plugins/pull/5840) - Fixed how the query filters apply on the Security Alerts table [#6102](https://github.com/wazuh/wazuh-dashboard-plugins/pull/6102) +- Fixed exception in IT-Hygiene when an agent doesn't have policies [#6177](https://github.com/wazuh/wazuh-dashboard-plugins/pull/6177) +- Fixed exception in Inventory when agents don't have S.O. information [#6177](https://github.com/wazuh/wazuh-dashboard-plugins/pull/6177) +- Fixed pinned agent state in URL [#6177](https://github.com/wazuh/wazuh-dashboard-plugins/pull/6177) ### Removed diff --git a/plugins/main/public/components/agents/syscollector/__snapshots__/inventory.test.tsx.snap b/plugins/main/public/components/agents/syscollector/__snapshots__/inventory.test.tsx.snap index f515d70f35..227faac4a4 100644 --- a/plugins/main/public/components/agents/syscollector/__snapshots__/inventory.test.tsx.snap +++ b/plugins/main/public/components/agents/syscollector/__snapshots__/inventory.test.tsx.snap @@ -102,8 +102,7 @@ exports[`Inventory component A Apple agent should be well rendered. 1`] = ` style="margin-right:4px;margin-top:0" >
(a.label > b.label ? 1 : -1); + +export const NetworkInterfacesTable = ({ agent }) => { + return ( + + field) + .join(',')}`} + searchTable + downloadCsv + showReload + tablePageSizeOptions={[10, 25, 50, 100]} + searchBarWQL={{ + suggestions: { + field(currentValue) { + return netifaceColumns + .map(item => ({ + label: item.field, + description: `filter by ${item.name}`, + })) + .sort(sortFieldSuggestion); + }, + value: async (currentValue, { field }) => { + try { + const response = await WzRequest.apiReq( + 'GET', + `/syscollector/${agent.id}/netiface`, + { + params: { + distinct: true, + limit: SEARCH_BAR_WQL_VALUE_SUGGESTIONS_COUNT, + select: field, + sort: `+${field}`, + ...(currentValue + ? { q: `${field}~${currentValue}` } + : {}), + }, + }, + ); + return response?.data?.data.affected_items.map(item => ({ + label: getLodash(item, field), + })); + } catch (error) { + return []; + } + }, + }, + }} + tableProps={{ + tableLayout: 'auto', + }} + /> + + ); +}; diff --git a/plugins/main/public/components/agents/syscollector/components/network-ports-table.tsx b/plugins/main/public/components/agents/syscollector/components/network-ports-table.tsx new file mode 100644 index 0000000000..0d1f43aa73 --- /dev/null +++ b/plugins/main/public/components/agents/syscollector/components/network-ports-table.tsx @@ -0,0 +1,72 @@ +import React from 'react'; +import { EuiFlexItem, EuiFlexGroup, EuiIcon, EuiPanel } from '@elastic/eui'; +import { SEARCH_BAR_WQL_VALUE_SUGGESTIONS_COUNT } from '../../../../../common/constants'; +import { TableWzAPI } from '../../../common/tables'; +import { WzRequest } from '../../../../react-services'; +import { get as getLodash } from 'lodash'; +import { portsColumns } from '../columns'; +import { withSOPlatformGuard } from './with-so-platform-guard'; + +const sortFieldSuggestion = (a, b) => (a.label > b.label ? 1 : -1); + +export const NetworkPortsTable = withSOPlatformGuard( + ({ agent, soPlatform }) => { + return ( + + field) + .join(',')}`} + searchTable + downloadCsv + showReload + tablePageSizeOptions={[10, 25, 50, 100]} + searchBarWQL={{ + suggestions: { + field(currentValue) { + return portsColumns[soPlatform] + .map(item => ({ + label: item.field, + description: `filter by ${item.name}`, + })) + .sort(sortFieldSuggestion); + }, + value: async (currentValue, { field }) => { + try { + const response = await WzRequest.apiReq( + 'GET', + `/syscollector/${agent.id}/ports`, + { + params: { + distinct: true, + limit: SEARCH_BAR_WQL_VALUE_SUGGESTIONS_COUNT, + select: field, + sort: `+${field}`, + ...(currentValue + ? { q: `${field}~${currentValue}` } + : {}), + }, + }, + ); + return response?.data?.data.affected_items.map(item => ({ + label: getLodash(item, field), + })); + } catch (error) { + return []; + } + }, + }, + }} + tableProps={{ + tableLayout: 'auto', + }} + /> + + ); + }, +); diff --git a/plugins/main/public/components/agents/syscollector/components/network-settings-table.tsx b/plugins/main/public/components/agents/syscollector/components/network-settings-table.tsx new file mode 100644 index 0000000000..a6436086e7 --- /dev/null +++ b/plugins/main/public/components/agents/syscollector/components/network-settings-table.tsx @@ -0,0 +1,67 @@ +import React from 'react'; +import { EuiPanel } from '@elastic/eui'; +import { SEARCH_BAR_WQL_VALUE_SUGGESTIONS_COUNT } from '../../../../../common/constants'; +import { TableWzAPI } from '../../../common/tables'; +import { WzRequest } from '../../../../react-services'; +import { get as getLodash } from 'lodash'; +import { netaddrColumns } from '../columns'; + +const sortFieldSuggestion = (a, b) => (a.label > b.label ? 1 : -1); + +export const NetworkSettingsTable = ({ agent }) => { + return ( + + field) + .join(',')}`} + searchTable + downloadCsv + showReload + tablePageSizeOptions={[10, 25, 50, 100]} + searchBarWQL={{ + suggestions: { + field(currentValue) { + return netaddrColumns + .map(item => ({ + label: item.field, + description: `filter by ${item.name}`, + })) + .sort(sortFieldSuggestion); + }, + value: async (currentValue, { field }) => { + try { + const response = await WzRequest.apiReq( + 'GET', + `/syscollector/${agent.id}/netaddr`, + { + params: { + distinct: true, + limit: SEARCH_BAR_WQL_VALUE_SUGGESTIONS_COUNT, + select: field, + sort: `+${field}`, + ...(currentValue + ? { q: `${field}~${currentValue}` } + : {}), + }, + }, + ); + return response?.data?.data.affected_items.map(item => ({ + label: getLodash(item, field), + })); + } catch (error) { + return []; + } + }, + }, + }} + tableProps={{ + tableLayout: 'auto', + }} + /> + + ); +}; diff --git a/plugins/main/public/components/agents/syscollector/components/packages-table.tsx b/plugins/main/public/components/agents/syscollector/components/packages-table.tsx new file mode 100644 index 0000000000..087aae5ba5 --- /dev/null +++ b/plugins/main/public/components/agents/syscollector/components/packages-table.tsx @@ -0,0 +1,70 @@ +import React from 'react'; +import { EuiIcon, EuiPanel } from '@elastic/eui'; +import { SEARCH_BAR_WQL_VALUE_SUGGESTIONS_COUNT } from '../../../../../common/constants'; +import { TableWzAPI } from '../../../common/tables'; +import { WzRequest } from '../../../../react-services'; +import { get as getLodash } from 'lodash'; +import { packagesColumns } from '../columns'; +import { withSOPlatformGuard } from './with-so-platform-guard'; + +const sortFieldSuggestion = (a, b) => (a.label > b.label ? 1 : -1); + +export const PackagesTable = withSOPlatformGuard(({ agent, soPlatform }) => { + return ( + + field) + .join(',')}`} + searchTable + downloadCsv + showReload + tablePageSizeOptions={[10, 25, 50, 100]} + searchBarWQL={{ + suggestions: { + field(currentValue) { + return packagesColumns[soPlatform] + .map(item => ({ + label: item.field, + description: `filter by ${item.name}`, + })) + .sort(sortFieldSuggestion); + }, + value: async (currentValue, { field }) => { + try { + const response = await WzRequest.apiReq( + 'GET', + `/syscollector/${agent.id}/packages`, + { + params: { + distinct: true, + limit: SEARCH_BAR_WQL_VALUE_SUGGESTIONS_COUNT, + select: field, + sort: `+${field}`, + ...(currentValue + ? { q: `${field}~${currentValue}` } + : {}), + }, + }, + ); + return response?.data?.data.affected_items.map(item => ({ + label: getLodash(item, field), + })); + } catch (error) { + return []; + } + }, + }, + }} + tableProps={{ + tableLayout: 'auto', + }} + /> + + ); +}); diff --git a/plugins/main/public/components/agents/syscollector/components/processes-table.tsx b/plugins/main/public/components/agents/syscollector/components/processes-table.tsx new file mode 100644 index 0000000000..ea571673c3 --- /dev/null +++ b/plugins/main/public/components/agents/syscollector/components/processes-table.tsx @@ -0,0 +1,70 @@ +import React from 'react'; +import { EuiIcon, EuiPanel } from '@elastic/eui'; +import { SEARCH_BAR_WQL_VALUE_SUGGESTIONS_COUNT } from '../../../../../common/constants'; +import { TableWzAPI } from '../../../common/tables'; +import { WzRequest } from '../../../../react-services'; +import { get as getLodash } from 'lodash'; +import { processColumns } from '../columns'; +import { withSOPlatformGuard } from './with-so-platform-guard'; + +const sortFieldSuggestion = (a, b) => (a.label > b.label ? 1 : -1); + +export const ProcessesTable = withSOPlatformGuard(({ agent, soPlatform }) => { + return ( + + field) + .join(',')}`} + searchTable + downloadCsv + showReload + tablePageSizeOptions={[10, 25, 50, 100]} + searchBarWQL={{ + suggestions: { + field(currentValue) { + return processColumns[soPlatform] + .map(item => ({ + label: item.field, + description: `filter by ${item.name}`, + })) + .sort(sortFieldSuggestion); + }, + value: async (currentValue, { field }) => { + try { + const response = await WzRequest.apiReq( + 'GET', + `/syscollector/${agent.id}/processes`, + { + params: { + distinct: true, + limit: SEARCH_BAR_WQL_VALUE_SUGGESTIONS_COUNT, + select: field, + sort: `+${field}`, + ...(currentValue + ? { q: `${field}~${currentValue}` } + : {}), + }, + }, + ); + return response?.data?.data.affected_items.map(item => ({ + label: getLodash(item, field), + })); + } catch (error) { + return []; + } + }, + }, + }} + tableProps={{ + tableLayout: 'auto', + }} + /> + + ); +}); diff --git a/plugins/main/public/components/agents/syscollector/components/windows-updates-table.tsx b/plugins/main/public/components/agents/syscollector/components/windows-updates-table.tsx new file mode 100644 index 0000000000..585726b3a8 --- /dev/null +++ b/plugins/main/public/components/agents/syscollector/components/windows-updates-table.tsx @@ -0,0 +1,69 @@ +import React from 'react'; +import { EuiPanel } from '@elastic/eui'; +import { SEARCH_BAR_WQL_VALUE_SUGGESTIONS_COUNT } from '../../../../../common/constants'; +import { TableWzAPI } from '../../../common/tables'; +import { WzRequest } from '../../../../react-services'; +import { get as getLodash } from 'lodash'; +import { windowsUpdatesColumns } from '../columns'; + +const sortFieldSuggestion = (a, b) => (a.label > b.label ? 1 : -1); + +export const WindowsUpdatesTable = ({ agent }) => { + return ( + + field) + .join(',')}`} + searchTable + downloadCsv + showReload + tablePageSizeOptions={[10, 25, 50, 100]} + searchBarWQL={{ + suggestions: { + field(currentValue) { + return windowsUpdatesColumns + .map(item => ({ + label: item.field, + description: `filter by ${item.name}`, + })) + .sort(sortFieldSuggestion); + }, + value: async (currentValue, { field }) => { + try { + const response = await WzRequest.apiReq( + 'GET', + `/syscollector/${agent.id}/hotfixes`, + { + params: { + distinct: true, + limit: SEARCH_BAR_WQL_VALUE_SUGGESTIONS_COUNT, + select: field, + sort: `+${field}`, + ...(currentValue + ? { q: `${field}~${currentValue}` } + : {}), + }, + }, + ); + return response?.data?.data.affected_items.map(item => ({ + label: getLodash(item, field), + })); + } catch (error) { + return []; + } + }, + }, + }} + tableProps={{ + tableLayout: 'auto', + }} + /> + + ); +}; diff --git a/plugins/main/public/components/agents/syscollector/components/with-so-platform-guard.tsx b/plugins/main/public/components/agents/syscollector/components/with-so-platform-guard.tsx new file mode 100644 index 0000000000..bf3efd3b17 --- /dev/null +++ b/plugins/main/public/components/agents/syscollector/components/with-so-platform-guard.tsx @@ -0,0 +1,28 @@ +import React from 'react'; +import { EuiFlexItem, EuiFlexGroup, EuiIcon, EuiPanel } from '@elastic/eui'; + +export const withSOPlatformGuard = WrappedComponent => props => { + const { soPlatform } = props; + if (!soPlatform) { + return ( + + + +
+ + Not enough hardware or operating system information +
+ + + + ); + } + return ; +}; diff --git a/plugins/main/public/components/agents/syscollector/inventory.scss b/plugins/main/public/components/agents/syscollector/inventory.scss new file mode 100644 index 0000000000..e00bbb455f --- /dev/null +++ b/plugins/main/public/components/agents/syscollector/inventory.scss @@ -0,0 +1,3 @@ +.wz-agent-inventory-panel { + margin: '12px 16px 12px 16px'; +} diff --git a/plugins/main/public/components/agents/syscollector/inventory.tsx b/plugins/main/public/components/agents/syscollector/inventory.tsx index f6060112e3..57df7132ee 100644 --- a/plugins/main/public/components/agents/syscollector/inventory.tsx +++ b/plugins/main/public/components/agents/syscollector/inventory.tsx @@ -11,28 +11,21 @@ */ import React from 'react'; -import { EuiFlexGroup, EuiFlexItem, EuiCallOut, EuiPanel } from '@elastic/eui'; +import { EuiFlexGroup, EuiFlexItem, EuiCallOut } from '@elastic/eui'; import { InventoryMetrics } from './components/syscollector-metrics'; -import { - netaddrColumns, - netifaceColumns, - processColumns, - portsColumns, - packagesColumns, - windowsUpdatesColumns, -} from './columns'; -import { - API_NAME_AGENT_STATUS, - SEARCH_BAR_WQL_VALUE_SUGGESTIONS_COUNT, -} from '../../../../common/constants'; -import { TableWzAPI } from '../../common/tables'; -import { WzRequest } from '../../../react-services'; -import { get as getLodash } from 'lodash'; +import { API_NAME_AGENT_STATUS } from '../../../../common/constants'; import { compose } from 'redux'; import { withGuard } from '../../common/hocs'; import { PromptAgentNeverConnected } from '../prompts'; - -const sortFieldSuggestion = (a, b) => (a.label > b.label ? 1 : -1); +import { + NetworkInterfacesTable, + NetworkPortsTable, + NetworkSettingsTable, + WindowsUpdatesTable, + ProcessesTable, + PackagesTable, +} from './components'; +import './inventory.scss'; export const SyscollectorInventory = compose( withGuard( @@ -72,359 +65,33 @@ export const SyscollectorInventory = compose( - - field) - .join(',')}`} - searchTable - downloadCsv - showReload - tablePageSizeOptions={[10, 25, 50, 100]} - searchBarWQL={{ - suggestions: { - field(currentValue) { - return netifaceColumns - .map(item => ({ - label: item.field, - description: `filter by ${item.name}`, - })) - .sort(sortFieldSuggestion); - }, - value: async (currentValue, { field }) => { - try { - const response = await WzRequest.apiReq( - 'GET', - `/syscollector/${agent.id}/netiface`, - { - params: { - distinct: true, - limit: SEARCH_BAR_WQL_VALUE_SUGGESTIONS_COUNT, - select: field, - sort: `+${field}`, - ...(currentValue - ? { q: `${field}~${currentValue}` } - : {}), - }, - }, - ); - return response?.data?.data.affected_items.map(item => ({ - label: getLodash(item, field), - })); - } catch (error) { - return []; - } - }, - }, - }} - tableProps={{ - tableLayout: 'auto', - }} - /> - + - - field) - .join(',')}`} - searchTable - downloadCsv - showReload - tablePageSizeOptions={[10, 25, 50, 100]} - searchBarWQL={{ - suggestions: { - field(currentValue) { - return portsColumns[soPlatform] - .map(item => ({ - label: item.field, - description: `filter by ${item.name}`, - })) - .sort(sortFieldSuggestion); - }, - value: async (currentValue, { field }) => { - try { - const response = await WzRequest.apiReq( - 'GET', - `/syscollector/${agent.id}/ports`, - { - params: { - distinct: true, - limit: SEARCH_BAR_WQL_VALUE_SUGGESTIONS_COUNT, - select: field, - sort: `+${field}`, - ...(currentValue - ? { q: `${field}~${currentValue}` } - : {}), - }, - }, - ); - return response?.data?.data.affected_items.map(item => ({ - label: getLodash(item, field), - })); - } catch (error) { - return []; - } - }, - }, - }} - tableProps={{ - tableLayout: 'auto', - }} - /> - + - - field) - .join(',')}`} - searchTable - downloadCsv - showReload - tablePageSizeOptions={[10, 25, 50, 100]} - searchBarWQL={{ - suggestions: { - field(currentValue) { - return netaddrColumns - .map(item => ({ - label: item.field, - description: `filter by ${item.name}`, - })) - .sort(sortFieldSuggestion); - }, - value: async (currentValue, { field }) => { - try { - const response = await WzRequest.apiReq( - 'GET', - `/syscollector/${agent.id}/netaddr`, - { - params: { - distinct: true, - limit: SEARCH_BAR_WQL_VALUE_SUGGESTIONS_COUNT, - select: field, - sort: `+${field}`, - ...(currentValue - ? { q: `${field}~${currentValue}` } - : {}), - }, - }, - ); - return response?.data?.data.affected_items.map(item => ({ - label: getLodash(item, field), - })); - } catch (error) { - return []; - } - }, - }, - }} - tableProps={{ - tableLayout: 'auto', - }} - /> - + {agent && agent.os && agent.os.platform === 'windows' && ( - - field) - .join(',')}`} - searchTable - downloadCsv - showReload - tablePageSizeOptions={[10, 25, 50, 100]} - searchBarWQL={{ - suggestions: { - field(currentValue) { - return windowsUpdatesColumns - .map(item => ({ - label: item.field, - description: `filter by ${item.name}`, - })) - .sort(sortFieldSuggestion); - }, - value: async (currentValue, { field }) => { - try { - const response = await WzRequest.apiReq( - 'GET', - `/syscollector/${agent.id}/hotfixes`, - { - params: { - distinct: true, - limit: SEARCH_BAR_WQL_VALUE_SUGGESTIONS_COUNT, - select: field, - sort: `+${field}`, - ...(currentValue - ? { q: `${field}~${currentValue}` } - : {}), - }, - }, - ); - return response?.data?.data.affected_items.map( - item => ({ - label: getLodash(item, field), - }), - ); - } catch (error) { - return []; - } - }, - }, - }} - tableProps={{ - tableLayout: 'auto', - }} - /> - + )} - - field) - .join(',')}`} - searchTable - downloadCsv - showReload - tablePageSizeOptions={[10, 25, 50, 100]} - searchBarWQL={{ - suggestions: { - field(currentValue) { - return packagesColumns[soPlatform] - .map(item => ({ - label: item.field, - description: `filter by ${item.name}`, - })) - .sort(sortFieldSuggestion); - }, - value: async (currentValue, { field }) => { - try { - const response = await WzRequest.apiReq( - 'GET', - `/syscollector/${agent.id}/packages`, - { - params: { - distinct: true, - limit: SEARCH_BAR_WQL_VALUE_SUGGESTIONS_COUNT, - select: field, - sort: `+${field}`, - ...(currentValue - ? { q: `${field}~${currentValue}` } - : {}), - }, - }, - ); - return response?.data?.data.affected_items.map(item => ({ - label: getLodash(item, field), - })); - } catch (error) { - return []; - } - }, - }, - }} - tableProps={{ - tableLayout: 'auto', - }} - /> - + - - field) - .join(',')}`} - searchTable - downloadCsv - showReload - tablePageSizeOptions={[10, 25, 50, 100]} - searchBarWQL={{ - suggestions: { - field(currentValue) { - return processColumns[soPlatform] - .map(item => ({ - label: item.field, - description: `filter by ${item.name}`, - })) - .sort(sortFieldSuggestion); - }, - value: async (currentValue, { field }) => { - try { - const response = await WzRequest.apiReq( - 'GET', - `/syscollector/${agent.id}/processes`, - { - params: { - distinct: true, - limit: SEARCH_BAR_WQL_VALUE_SUGGESTIONS_COUNT, - select: field, - sort: `+${field}`, - ...(currentValue - ? { q: `${field}~${currentValue}` } - : {}), - }, - }, - ); - return response?.data?.data.affected_items.map(item => ({ - label: getLodash(item, field), - })); - } catch (error) { - return []; - } - }, - }, - }} - tableProps={{ - tableLayout: 'auto', - }} - /> - +
diff --git a/plugins/main/public/components/common/util/agent-group-truncate/group-truncate.tsx b/plugins/main/public/components/common/util/agent-group-truncate/group-truncate.tsx index c910eebee8..0b73f1080d 100644 --- a/plugins/main/public/components/common/util/agent-group-truncate/group-truncate.tsx +++ b/plugins/main/public/components/common/util/agent-group-truncate/group-truncate.tsx @@ -100,7 +100,7 @@ export class GroupTruncate extends React.Component { ); } - renderGroups(groups) { + renderGroups(groups = []) { const { length } = this.props; let auxGroups: Array = []; let tooltipGroups: Array = []; diff --git a/plugins/main/public/components/common/welcome/agents-info.js b/plugins/main/public/components/common/welcome/agents-info.js index 44aaa139dc..dd49faecab 100644 --- a/plugins/main/public/components/common/welcome/agents-info.js +++ b/plugins/main/public/components/common/welcome/agents-info.js @@ -110,7 +110,8 @@ export class AgentInfo extends Component { { + this.clearAgentInUrl(); this.props.updateCurrentAgentData({}); this.removeAgentsFilter(); }} diff --git a/plugins/main/public/components/common/welcome/components/sca_scan/sca_scan.tsx b/plugins/main/public/components/common/welcome/components/sca_scan/sca_scan.tsx index 9814642042..39224fde2c 100644 --- a/plugins/main/public/components/common/welcome/components/sca_scan/sca_scan.tsx +++ b/plugins/main/public/components/common/welcome/components/sca_scan/sca_scan.tsx @@ -90,6 +90,12 @@ export const ScaScan = compose( this.getLastScan(this.props.agent.id); } + async componentDidUpdate(prevProps: Readonly) { + if (prevProps.agent.id !== this.props.agent.id) { + this.getLastScan(this.props.agent.id); + } + } + async getLastScan(agentId: Number) { const scans = await WzRequest.apiReq( 'GET', @@ -209,7 +215,7 @@ export const ScaScan = compose( href={getCore().application.getUrlForApp( configurationAssessment.id, { - path: `#/overview?tab=sca&redirectPolicy=${lastScan.policy_id}`, + path: `#/overview?tab=sca&redirectPolicy=${lastScan?.policy_id}`, }, )} > @@ -220,7 +226,7 @@ export const ScaScan = compose( - {lastScan.policy_id} + {lastScan?.policy_id} @@ -258,6 +264,20 @@ export const ScaScan = compose( const loading = this.renderLoadingStatus(); const scaScan = this.renderScanDetails(); const emptyPrompt = this.renderEmptyPrompt(); + if (loading) { + return ( + + {loading} + + ); + } + if (!lastScan) { + return ( + + {emptyPrompt} + + ); + } return ( @@ -277,7 +297,7 @@ export const ScaScan = compose( href={getCore().application.getUrlForApp( configurationAssessment.id, { - path: `#/overview?tab=sca&redirectPolicy=${lastScan.policy_id}`, + path: `#/overview?tab=sca&redirectPolicy=${lastScan?.policy_id}`, }, )} > @@ -309,8 +329,6 @@ export const ScaScan = compose( - {lastScan === undefined && emptyPrompt} - {loading} {scaScan} diff --git a/plugins/main/public/components/wz-agent-selector/wz-agent-selector.js b/plugins/main/public/components/wz-agent-selector/wz-agent-selector.js index e7f600e6b8..3eeb3c0d62 100644 --- a/plugins/main/public/components/wz-agent-selector/wz-agent-selector.js +++ b/plugins/main/public/components/wz-agent-selector/wz-agent-selector.js @@ -48,12 +48,10 @@ class WzAgentSelector extends Component { agentTableSearch(agentIdList) { this.closeAgentModal(); if (window.location.href.includes('/agents?')) { - this.location.search( - 'agent', - store.getState().appStateReducers.currentAgentData.id - ? String(store.getState().appStateReducers.currentAgentData.id) - : null, - ); + const seletedAgent = + agentIdList?.[0] || + store.getState().appStateReducers.currentAgentData.id; + this.location.search('agent', seletedAgent ? String(seletedAgent) : null); this.route.reload(); return; } diff --git a/plugins/main/public/controllers/agent/components/agents-table.js b/plugins/main/public/controllers/agent/components/agents-table.js index 991168ebda..650b9d7c5f 100644 --- a/plugins/main/public/controllers/agent/components/agents-table.js +++ b/plugins/main/public/controllers/agent/components/agents-table.js @@ -41,15 +41,22 @@ import { get as getLodash } from 'lodash'; import { getCore } from '../../../kibana-services'; import { itHygiene } from '../../../utils/applications'; import { RedirectAppLinks } from '../../../../../../src/plugins/opensearch_dashboards_react/public'; - +import { connect } from 'react-redux'; +import { compose } from 'redux'; +import { updateCurrentAgentData } from '../../../redux/actions/appStateActions'; const searchBarWQLOptions = { implicitQuery: { query: 'id!=000', conjunction: ';', }, }; - -export const AgentsTable = withErrorBoundary( +const mapDispatchToProps = dispatch => ({ + updateCurrentAgentData: data => dispatch(updateCurrentAgentData(data)), +}); +export const AgentsTable = compose( + withErrorBoundary, + connect(null, mapDispatchToProps), +)( class AgentsTable extends Component { _isMount = false; constructor(props) { @@ -292,6 +299,7 @@ export const AgentsTable = withErrorBoundary( } return { onClick: ev => { + this.props.updateCurrentAgentData(item); getCore().application.navigateToApp(itHygiene.id, { path: `#/agents?tab=welcome&agent=${item.id}`, }); diff --git a/plugins/main/public/controllers/management/components/management/groups/group-agents-table.js b/plugins/main/public/controllers/management/components/management/groups/group-agents-table.js index 2b65c18c9d..234923622b 100644 --- a/plugins/main/public/controllers/management/components/management/groups/group-agents-table.js +++ b/plugins/main/public/controllers/management/components/management/groups/group-agents-table.js @@ -40,6 +40,7 @@ import { getErrorOrchestrator } from '../../../../../react-services/common-servi import { AgentStatus } from '../../../../../components/agents/agent-status'; import { WzRequest } from '../../../../../react-services'; import { itHygiene } from '../../../../../utils/applications'; +import { updateCurrentAgentData } from '../../../../../redux/actions/appStateActions'; class WzGroupAgentsTable extends Component { _isMounted = false; @@ -119,6 +120,7 @@ class WzGroupAgentsTable extends Component { aria-label='Go to the agent' iconType='eye' onClick={async () => { + this.props.updateCurrentAgentData(item); getCore().application.navigateToApp(itHygiene.id, { path: `#/agents?agent=${item.id}`, }); @@ -335,6 +337,7 @@ const mapDispatchToProps = dispatch => { updateSortFieldAgents: sortFieldAgents => dispatch(updateSortFieldAgents(sortFieldAgents)), updateReload: () => dispatch(updateReload()), + updateCurrentAgentData: data => dispatch(updateCurrentAgentData(data)), }; }; From b5be965d7b3585e276192718dd94efd00fd6904f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Julio=20C=C3=A9sar=20Biset?= <43619595+jbiset@users.noreply.github.com> Date: Mon, 4 Dec 2023 08:20:47 -0300 Subject: [PATCH 13/26] Fix default filters per tab in vulnerabilities module (#6188) * Fix default filters per vulnerabilities tab * Update use_search_bar_configuration test --- .../dashboards/overview/dashboard.tsx | 1 - .../use_search_bar_configuration.test.ts | 87 +++++++------- .../use_search_bar_configuration.tsx | 110 ++++++++++-------- 3 files changed, 101 insertions(+), 97 deletions(-) diff --git a/plugins/main/public/components/overview/vulnerabilities/dashboards/overview/dashboard.tsx b/plugins/main/public/components/overview/vulnerabilities/dashboards/overview/dashboard.tsx index 26838438f0..911548c996 100644 --- a/plugins/main/public/components/overview/vulnerabilities/dashboards/overview/dashboard.tsx +++ b/plugins/main/public/components/overview/vulnerabilities/dashboards/overview/dashboard.tsx @@ -29,7 +29,6 @@ const DashboardVulsComponent: React.FC = () => { appConfig.data['vulnerabilities.pattern']; const { searchBarProps } = useSearchBarConfiguration({ defaultIndexPatternID: VULNERABILITIES_INDEX_PATTERN_ID, - filters: [], }); const { isLoading: isLoadingSearchbar, diff --git a/plugins/main/public/components/overview/vulnerabilities/search_bar/use_search_bar_configuration.test.ts b/plugins/main/public/components/overview/vulnerabilities/search_bar/use_search_bar_configuration.test.ts index 37685811d8..8ec10959b9 100644 --- a/plugins/main/public/components/overview/vulnerabilities/search_bar/use_search_bar_configuration.test.ts +++ b/plugins/main/public/components/overview/vulnerabilities/search_bar/use_search_bar_configuration.test.ts @@ -1,7 +1,10 @@ import { renderHook } from '@testing-library/react-hooks'; import '@testing-library/jest-dom/extend-expect'; // osd dependencies -import { Start, dataPluginMock } from '../../../../../../../src/plugins/data/public/mocks'; +import { + Start, + dataPluginMock, +} from '../../../../../../../src/plugins/data/public/mocks'; import { Filter, IndexPattern, @@ -41,7 +44,7 @@ mockedGetDataPlugin.mockImplementation( }, }, }, - } as Start) + } as Start), ); /////////////////////////////////////////////////////////// @@ -77,7 +80,9 @@ describe('[hook] useSearchBarConfiguration', () => { jest .spyOn(mockDataPlugin.indexPatterns, 'getDefault') .mockResolvedValue(mockedDefaultIndexPatternData); - jest.spyOn(mockDataPlugin.query.filterManager, 'getFilters').mockReturnValue([]); + jest + .spyOn(mockDataPlugin.query.filterManager, 'getFilters') + .mockReturnValue([]); const { result, waitForNextUpdate } = renderHook(() => useSearchBar({})); await waitForNextUpdate(); expect(mockDataPlugin.indexPatterns.getDefault).toBeCalled(); @@ -93,15 +98,21 @@ describe('[hook] useSearchBarConfiguration', () => { id: exampleIndexPatternId, title: '', }; - jest.spyOn(mockDataPlugin.indexPatterns, 'get').mockResolvedValue(mockedIndexPatternData); + jest + .spyOn(mockDataPlugin.indexPatterns, 'get') + .mockResolvedValue(mockedIndexPatternData); const { result, waitForNextUpdate } = renderHook(() => useSearchBar({ defaultIndexPatternID: 'wazuh-index-pattern', - }) + }), ); await waitForNextUpdate(); - expect(mockDataPlugin.indexPatterns.get).toBeCalledWith(exampleIndexPatternId); - expect(result.current.searchBarProps.indexPatterns).toMatchObject([mockedIndexPatternData]); + expect(mockDataPlugin.indexPatterns.get).toBeCalledWith( + exampleIndexPatternId, + ); + expect(result.current.searchBarProps.indexPatterns).toMatchObject([ + mockedIndexPatternData, + ]); }); it('should show an ERROR message and get the default app index pattern when not found the index pattern data by the ID received', async () => { @@ -112,19 +123,25 @@ describe('[hook] useSearchBarConfiguration', () => { jest .spyOn(mockDataPlugin.indexPatterns, 'getDefault') .mockResolvedValue(mockedDefaultIndexPatternData); - jest.spyOn(mockDataPlugin.query.filterManager, 'getFilters').mockReturnValue([]); + jest + .spyOn(mockDataPlugin.query.filterManager, 'getFilters') + .mockReturnValue([]); // mocking console error to avoid logs in test and check if is called - const mockedConsoleError = jest.spyOn(console, 'error').mockImplementationOnce(() => {}); + const mockedConsoleError = jest + .spyOn(console, 'error') + .mockImplementationOnce(() => {}); const { result, waitForNextUpdate } = renderHook(() => useSearchBar({ defaultIndexPatternID: 'invalid-index-pattern-id', - }) + }), ); await waitForNextUpdate(); expect(mockDataPlugin.indexPatterns.getDefault).toBeCalled(); - expect(mockDataPlugin.indexPatterns.get).toBeCalledWith('invalid-index-pattern-id'); + expect(mockDataPlugin.indexPatterns.get).toBeCalledWith( + 'invalid-index-pattern-id', + ); expect(result.current.searchBarProps.indexPatterns).toMatchObject([ mockedDefaultIndexPatternData, ]); @@ -145,50 +162,22 @@ describe('[hook] useSearchBarConfiguration', () => { jest .spyOn(mockDataPlugin.indexPatterns, 'getDefault') .mockResolvedValue(mockedDefaultIndexPatternData); - jest.spyOn(mockDataPlugin.query.filterManager, 'getFilters').mockReturnValue(defaultFilters); + jest + .spyOn(mockDataPlugin.query.filterManager, 'getFilters') + .mockReturnValue(defaultFilters); const { result, waitForNextUpdate } = renderHook(() => useSearchBar({ filters: defaultFilters, - }) + }), ); await waitForNextUpdate(); expect(result.current.searchBarProps.filters).toMatchObject(defaultFilters); - expect(mockDataPlugin.query.filterManager.setFilters).toBeCalledWith(defaultFilters); - expect(mockDataPlugin.query.filterManager.getFilters).toBeCalled(); - }); - - it('should return and preserve filters when the index pattern received is equal to the index pattern already selected in the app', async () => { - const defaultIndexFilters: Filter[] = [ - { - query: 'something to filter', - meta: { - alias: 'filter-mocked', - disabled: false, - negate: true, - }, - }, - ]; - jest - .spyOn(mockDataPlugin.indexPatterns, 'getDefault') - .mockResolvedValue(mockedDefaultIndexPatternData); - jest - .spyOn(mockDataPlugin.indexPatterns, 'get') - .mockResolvedValue(mockedDefaultIndexPatternData); - jest - .spyOn(mockDataPlugin.query.filterManager, 'getFilters') - .mockReturnValue(defaultIndexFilters); - const { result, waitForNextUpdate } = renderHook(() => - useSearchBar({ - defaultIndexPatternID: mockedDefaultIndexPatternData.id, - }) + expect(mockDataPlugin.query.filterManager.setFilters).toBeCalledWith( + defaultFilters, ); - await waitForNextUpdate(); - expect(result.current.searchBarProps.indexPatterns).toMatchObject([ - mockedDefaultIndexPatternData, - ]); - expect(result.current.searchBarProps.filters).toMatchObject(defaultIndexFilters); + expect(mockDataPlugin.query.filterManager.getFilters).toBeCalled(); }); it('should return empty filters when the index pattern is NOT equal to the default app index pattern', async () => { @@ -204,11 +193,13 @@ describe('[hook] useSearchBarConfiguration', () => { jest .spyOn(mockDataPlugin.indexPatterns, 'getDefault') .mockResolvedValue(mockedDefaultIndexPatternData); - jest.spyOn(mockDataPlugin.query.filterManager, 'getFilters').mockReturnValue([]); + jest + .spyOn(mockDataPlugin.query.filterManager, 'getFilters') + .mockReturnValue([]); const { result, waitForNextUpdate } = renderHook(() => useSearchBar({ defaultIndexPatternID: exampleIndexPatternId, - }) + }), ); await waitForNextUpdate(); expect(result.current.searchBarProps.indexPatterns).toMatchObject([ diff --git a/plugins/main/public/components/overview/vulnerabilities/search_bar/use_search_bar_configuration.tsx b/plugins/main/public/components/overview/vulnerabilities/search_bar/use_search_bar_configuration.tsx index 377f24930c..06e4bb7648 100644 --- a/plugins/main/public/components/overview/vulnerabilities/search_bar/use_search_bar_configuration.tsx +++ b/plugins/main/public/components/overview/vulnerabilities/search_bar/use_search_bar_configuration.tsx @@ -1,4 +1,4 @@ -import React, { useEffect, useState } from 'react'; +import { useEffect, useState } from 'react'; import { SearchBarProps, FilterManager, @@ -44,6 +44,7 @@ const useSearchBarConfiguration = ( props?: tUseSearchBarProps, ): tUserSearchBarResponse => { // dependencies + const SESSION_STORAGE_FILTERS_NAME = 'wazuh_persistent_searchbar_filters'; const filterManager = useFilterManager().filterManager as FilterManager; const { filters } = useFilterManager(); const [query, setQuery] = props?.query @@ -56,20 +57,29 @@ const useSearchBarConfiguration = ( useState(); useEffect(() => { + if (filters && filters.length > 0) { + sessionStorage.setItem( + SESSION_STORAGE_FILTERS_NAME, + JSON.stringify(filters), + ); + } initSearchBar(); + /** + * When the component is disassembled, the original filters that arrived + * when the component was assembled are added. + */ + return () => { + const storagePreviousFilters = sessionStorage.getItem( + SESSION_STORAGE_FILTERS_NAME, + ); + if (storagePreviousFilters) { + const previousFilters = JSON.parse(storagePreviousFilters); + const cleanedFilters = cleanFilters(previousFilters); + filterManager.setFilters(cleanedFilters); + } + }; }, []); - useEffect(() => { - const defaultIndex = props?.defaultIndexPatternID; - /* Filters that do not belong to the default index are filtered */ - const cleanedFilters = filters.filter( - filter => filter.meta.index === defaultIndex, - ); - if (cleanedFilters.length !== filters.length) { - filterManager.setFilters(cleanedFilters); - } - }, [filters]); - /** * Initialize the searchbar props with the corresponding index pattern and filters */ @@ -77,8 +87,8 @@ const useSearchBarConfiguration = ( setIsLoading(true); const indexPattern = await getIndexPattern(props?.defaultIndexPatternID); setIndexPatternSelected(indexPattern); - const filters = await getInitialFilters(indexPattern); - filterManager.setFilters(filters); + const initialFilters = props?.filters ?? filters; + filterManager.setFilters(initialFilters); setIsLoading(false); }; @@ -104,44 +114,33 @@ const useSearchBarConfiguration = ( }; /** - * Return the initial filters considering if hook receives initial filters - * When the default index pattern is the same like the received preserve the filters - * @param indexPattern + * Return filters from filters manager. + * Additionally solve the known issue with the auto loaded agent.id filters from the searchbar + * and filters those filters that are not related to the default index pattern * @returns */ - const getInitialFilters = async (indexPattern: IIndexPattern) => { - const indexPatternService = getDataPlugin() - .indexPatterns as IndexPatternsContract; - let initialFilters: Filter[] = []; - if (props?.filters) { - return props?.filters; - } - if (indexPattern) { - // get filtermanager and filters - // if the index is the same, get filters stored - // else clear filters - const defaultIndexPattern = - (await indexPatternService.getDefault()) as IIndexPattern; - initialFilters = - defaultIndexPattern.id === indexPattern.id - ? filterManager.getFilters() - : []; - } else { - initialFilters = []; - } - return initialFilters; + const getFilters = () => { + const originalFilters = filterManager ? filterManager.getFilters() : []; + return originalFilters.filter( + (filter: Filter) => + filter?.meta?.controlledBy !== AUTHORIZED_AGENTS && // remove auto loaded agent.id filters + filter?.meta?.index === props?.defaultIndexPatternID, + ); }; /** - * Return filters from filters manager. - * Additionally solve the known issue with the auto loaded agent.id filters from the searchbar + * Return cleaned filters. + * Clean the known issue with the auto loaded agent.id filters from the searchbar + * and filters those filters that are not related to the default index pattern + * @param previousFilters * @returns */ - const getFilters = () => { - const filters = filterManager ? filterManager.getFilters() : []; - return filters.filter( - filter => filter.meta.controlledBy !== AUTHORIZED_AGENTS, - ); // remove auto loaded agent.id filters + const cleanFilters = (previousFilters: Filter[]) => { + return previousFilters.filter( + (filter: Filter) => + filter?.meta?.controlledBy !== AUTHORIZED_AGENTS && + filter?.meta?.index !== props?.defaultIndexPatternID, + ); }; /** @@ -156,9 +155,24 @@ const useSearchBarConfiguration = ( dateRangeFrom: timeFilter.from, dateRangeTo: timeFilter.to, onFiltersUpdated: (filters: Filter[]) => { - // its necessary execute setter to apply filters - filterManager.setFilters(filters); - props?.onFiltersUpdated && props?.onFiltersUpdated(filters); + const storagePreviousFilters = sessionStorage.getItem( + SESSION_STORAGE_FILTERS_NAME, + ); + /** + * If there are persisted filters, it is necessary to add them when + * updating the filters in the filterManager + */ + if (storagePreviousFilters) { + const previousFilters = JSON.parse(storagePreviousFilters); + const cleanedFilters = cleanFilters(previousFilters); + filterManager.setFilters([...cleanedFilters, ...filters]); + + props?.onFiltersUpdated && + props?.onFiltersUpdated([...cleanedFilters, ...filters]); + } else { + filterManager.setFilters(filters); + props?.onFiltersUpdated && props?.onFiltersUpdated(filters); + } }, onQuerySubmit: ( payload: { dateRange: TimeRange; query?: Query }, From 0a236df75561c35ffbdb33822b2127da0f6c3ed4 Mon Sep 17 00:00:00 2001 From: Nicolas Agustin Guevara Pihen <42900763+Tostti@users.noreply.github.com> Date: Tue, 5 Dec 2023 05:04:19 -0300 Subject: [PATCH 14/26] Fix errors in vulnerabilities injection script (#6189) fixed errors in script --- .../dataInjectScript.py | 34 ++++++++----------- 1 file changed, 15 insertions(+), 19 deletions(-) diff --git a/scripts/vulnerabilities-events-injector/dataInjectScript.py b/scripts/vulnerabilities-events-injector/dataInjectScript.py index 822612c5f6..0b4a93df9a 100644 --- a/scripts/vulnerabilities-events-injector/dataInjectScript.py +++ b/scripts/vulnerabilities-events-injector/dataInjectScript.py @@ -1,15 +1,13 @@ -import datetime -from datetime import timedelta +from datetime import timedelta, datetime from opensearchpy import OpenSearch, helpers import random import json import os.path -import requests import warnings warnings.filterwarnings("ignore") def generateRandomDate(): - start_date = datetime.datetime.now() + start_date = datetime.now() end_date = start_date - timedelta(days=10) random_date = start_date + (end_date - start_date) * random.random() return(random_date.strftime("%Y-%m-%dT%H:%M:%S.{}Z".format(random.randint(0, 999)))) @@ -147,20 +145,19 @@ def verifyIndex(index,instance): print('Done!') except Exception as e: print('Error: {}'.format(e)) - return True else: notemplate=input('\nIndex {} does not exist. Template file not found. Continue without template? (y/n)'.format(index)) while notemplate != 'y' and notemplate != 'n': - notemplate=input('\nInvalid option. Continue without template? (y/n)') - if notemplate == 'y': - print('\nTrying to create index {} without template'.format(index)) - try: - instance.indices.create(index=index) - print('\nDone!') - except Exception as e: - print('\nError: {}'.format(e)) - return True - return False + notemplate=input('\nInvalid option. Continue without template? (y/n) \n') + if notemplate == 'n': + return False + print('\nTrying to create index {} without template'.format(index)) + try: + instance.indices.create(index=index) + print('\nDone!') + except Exception as e: + print('\nError: {}'.format(e)) + return True def verifySettings(): verified = False @@ -181,18 +178,17 @@ def verifySettings(): url = 'https://{}:{}/{}/_doc'.format(ip, port, index) username = input("\nUsername: \n") password = input("\nPassword: \n") - config = json.dumps({'ip':ip,'port':port,'index':index,'username':username,'password':password}) + config = {'ip':ip,'port':port,'index':index,'username':username,'password':password} store = input("\nDo you want to store these settings for future use? (y/n) \n") while store != 'y' and store != 'n': store = input("\nInvalid option.\n Do you want to store these settings for future use? (y/n) \n") if store == 'y': - with open('\nDIS_Settings.json', 'w') as configFile: - configFile.write(config) + with open('DIS_Settings.json', 'w') as configFile: + json.dump(config, configFile) return config def injectEvents(generator): config = verifySettings() - instance = OpenSearch([{'host':config['ip'],'port':config['port']}], http_auth=(config['username'], config['password']), use_ssl=True, verify_certs=False) if not instance.ping(): From 7246747d7c1f132f944bb506179a676f256fe1a5 Mon Sep 17 00:00:00 2001 From: Federico Rodriguez Date: Tue, 5 Dec 2023 17:35:23 +0100 Subject: [PATCH 15/26] Bump revision to 01 (#6193) --- CHANGELOG.md | 2 +- plugins/main/common/api-info/endpoints.json | 929 +++++++++++++----- .../common/api-info/security-actions.json | 853 ++++++++++++---- plugins/main/opensearch_dashboards.json | 2 +- plugins/main/package.json | 2 +- .../opensearch_dashboards.json | 2 +- plugins/wazuh-check-updates/package.json | 2 +- plugins/wazuh-core/opensearch_dashboards.json | 2 +- plugins/wazuh-core/package.json | 2 +- 9 files changed, 1345 insertions(+), 451 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index fa4f66baf1..ab2a2d141f 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,7 +2,7 @@ All notable changes to the Wazuh app project will be documented in this file. -## Wazuh v4.8.0 - OpenSearch Dashboards 2.10.0 - Revision 00 +## Wazuh v4.8.0 - OpenSearch Dashboards 2.10.0 - Revision 01 ### Added diff --git a/plugins/main/common/api-info/endpoints.json b/plugins/main/common/api-info/endpoints.json index 440a61fcf6..b36353c39f 100644 --- a/plugins/main/common/api-info/endpoints.json +++ b/plugins/main/common/api-info/endpoints.json @@ -7,7 +7,9 @@ "documentation": "https://documentation.wazuh.com/4.8/user-manual/api/reference.html#operation/api.controllers.default_controller.default_info", "description": "Return basic information about the API", "summary": "Get API info", - "tags": ["API Info"], + "tags": [ + "API Info" + ], "query": [ { "name": "pretty", @@ -24,7 +26,9 @@ "documentation": "https://documentation.wazuh.com/4.8/user-manual/api/reference.html#operation/api.controllers.agent_controller.get_agents", "description": "Return information about all available agents or a list of them", "summary": "List agents", - "tags": ["Agents"], + "tags": [ + "Agents" + ], "query": [ { "name": "agents_list", @@ -61,7 +65,10 @@ "description": "Agent groups configuration sync status", "schema": { "type": "string", - "enum": ["synced", "not synced"] + "enum": [ + "synced", + "not synced" + ] } }, { @@ -206,7 +213,12 @@ "type": "array", "items": { "type": "string", - "enum": ["active", "pending", "never_connected", "disconnected"] + "enum": [ + "active", + "pending", + "never_connected", + "disconnected" + ] }, "minItems": 1 } @@ -234,7 +246,9 @@ "documentation": "https://documentation.wazuh.com/4.8/user-manual/api/reference.html#operation/api.controllers.agent_controller.get_agent_config", "description": "Return the active configuration the agent is currently using. This can be different from the configuration present in the configuration file, if it has been modified and the agent has not been restarted yet", "summary": "Get active configuration", - "tags": ["Agents"], + "tags": [ + "Agents" + ], "args": [ { "name": ":agent_id", @@ -332,7 +346,9 @@ "documentation": "https://documentation.wazuh.com/4.8/user-manual/api/reference.html#operation/api.controllers.agent_controller.get_daemon_stats", "description": "Return Wazuh statistical information from specified daemons in a specified agent", "summary": "Get Wazuh daemon stats from an agent", - "tags": ["Agents"], + "tags": [ + "Agents" + ], "args": [ { "name": ":agent_id", @@ -354,7 +370,10 @@ "type": "array", "items": { "type": "string", - "enum": ["wazuh-analysisd", "wazuh-remoted"] + "enum": [ + "wazuh-analysisd", + "wazuh-remoted" + ] } } }, @@ -381,7 +400,9 @@ "documentation": "https://documentation.wazuh.com/4.8/user-manual/api/reference.html#operation/api.controllers.agent_controller.get_sync_agent", "description": "Return whether the agent configuration has been synchronized with the agent or not. This can be useful to check after updating a group configuration", "summary": "Get configuration sync status", - "tags": ["Agents"], + "tags": [ + "Agents" + ], "args": [ { "name": ":agent_id", @@ -419,7 +440,9 @@ "documentation": "https://documentation.wazuh.com/4.8/user-manual/api/reference.html#operation/api.controllers.agent_controller.get_agent_key", "description": "Return the key of an agent", "summary": "Get key", - "tags": ["Agents"], + "tags": [ + "Agents" + ], "args": [ { "name": ":agent_id", @@ -457,7 +480,9 @@ "documentation": "https://documentation.wazuh.com/4.8/user-manual/api/reference.html#operation/api.controllers.agent_controller.get_component_stats", "description": "Return Wazuh's {component} statistical information from agent {agent_id}", "summary": "Get agent's component stats", - "tags": ["Agents"], + "tags": [ + "Agents" + ], "args": [ { "name": ":agent_id", @@ -476,7 +501,10 @@ "required": true, "schema": { "type": "string", - "enum": ["logcollector", "agent"] + "enum": [ + "logcollector", + "agent" + ] } } ], @@ -504,7 +532,9 @@ "documentation": "https://documentation.wazuh.com/4.8/user-manual/api/reference.html#operation/api.controllers.agent_controller.get_agent_no_group", "description": "Return a list with all the available agents without an assigned group", "summary": "List agents without group", - "tags": ["Agents"], + "tags": [ + "Agents" + ], "query": [ { "name": "limit", @@ -584,7 +614,9 @@ "documentation": "https://documentation.wazuh.com/4.8/user-manual/api/reference.html#operation/api.controllers.agent_controller.get_agent_outdated", "description": "Return the list of outdated agents", "summary": "List outdated agents", - "tags": ["Agents"], + "tags": [ + "Agents" + ], "query": [ { "name": "limit", @@ -653,7 +685,9 @@ "documentation": "https://documentation.wazuh.com/4.8/user-manual/api/reference.html#operation/api.controllers.agent_controller.get_agent_fields", "description": "Return all the different combinations that agents have for the selected fields. It also indicates the total number of agents that have each combination", "summary": "List agents distinct", - "tags": ["Agents"], + "tags": [ + "Agents" + ], "query": [ { "name": "fields", @@ -733,7 +767,9 @@ "documentation": "https://documentation.wazuh.com/4.8/user-manual/api/reference.html#operation/api.controllers.agent_controller.get_agent_summary_os", "description": "Return a summary of the OS of available agents", "summary": "Summarize agents OS", - "tags": ["Agents"], + "tags": [ + "Agents" + ], "query": [ { "name": "pretty", @@ -758,7 +794,9 @@ "documentation": "https://documentation.wazuh.com/4.8/user-manual/api/reference.html#operation/api.controllers.agent_controller.get_agent_summary_status", "description": "Return a summary of the connection and groups configuration synchronization statuses of available agents", "summary": "Summarize agents status", - "tags": ["Agents"], + "tags": [ + "Agents" + ], "query": [ { "name": "pretty", @@ -783,7 +821,9 @@ "documentation": "https://documentation.wazuh.com/4.8/user-manual/api/reference.html#operation/api.controllers.agent_controller.get_agent_upgrade", "description": "Return the agents upgrade results", "summary": "Get upgrade results", - "tags": ["Agents"], + "tags": [ + "Agents" + ], "query": [ { "name": "agents_list", @@ -909,7 +949,9 @@ "documentation": "https://documentation.wazuh.com/4.8/user-manual/api/reference.html#operation/api.controllers.ciscat_controller.get_agents_ciscat_results", "description": "Return the agent's ciscat results info", "summary": "Get results", - "tags": ["Ciscat"], + "tags": [ + "Ciscat" + ], "args": [ { "name": ":agent_id", @@ -1071,7 +1113,9 @@ "documentation": "https://documentation.wazuh.com/4.8/user-manual/api/reference.html#operation/api.controllers.cluster_controller.get_configuration_node", "description": "Return wazuh configuration used in node {node_id}. The 'section' and 'field' parameters will be ignored if 'raw' parameter is provided.", "summary": "Get node config", - "tags": ["Cluster"], + "tags": [ + "Cluster" + ], "args": [ { "name": ":node_id", @@ -1163,7 +1207,9 @@ "documentation": "https://documentation.wazuh.com/4.8/user-manual/api/reference.html#operation/api.controllers.cluster_controller.get_node_config", "description": "Return the requested configuration in JSON format for the specified node", "summary": "Get node active configuration", - "tags": ["Cluster"], + "tags": [ + "Cluster" + ], "args": [ { "name": ":component", @@ -1259,7 +1305,9 @@ "documentation": "https://documentation.wazuh.com/4.8/user-manual/api/reference.html#operation/api.controllers.cluster_controller.get_daemon_stats_node", "description": "Return Wazuh statistical information from specified daemons in a specified cluster node", "summary": "Get Wazuh daemon stats from a cluster node", - "tags": ["Cluster"], + "tags": [ + "Cluster" + ], "args": [ { "name": ":node_id", @@ -1279,7 +1327,11 @@ "type": "array", "items": { "type": "string", - "enum": ["wazuh-analysisd", "wazuh-remoted", "wazuh-db"] + "enum": [ + "wazuh-analysisd", + "wazuh-remoted", + "wazuh-db" + ] } } }, @@ -1306,7 +1358,9 @@ "documentation": "https://documentation.wazuh.com/4.8/user-manual/api/reference.html#operation/api.controllers.cluster_controller.get_info_node", "description": "Return basic information about a specified node such as version, compilation date, installation path", "summary": "Get node info", - "tags": ["Cluster"], + "tags": [ + "Cluster" + ], "args": [ { "name": ":node_id", @@ -1342,7 +1396,9 @@ "documentation": "https://documentation.wazuh.com/4.8/user-manual/api/reference.html#operation/api.controllers.cluster_controller.get_log_node", "description": "Return the last 2000 wazuh log entries in the specified node", "summary": "Get node logs", - "tags": ["Cluster"], + "tags": [ + "Cluster" + ], "args": [ { "name": ":node_id", @@ -1464,7 +1520,9 @@ "documentation": "https://documentation.wazuh.com/4.8/user-manual/api/reference.html#operation/api.controllers.cluster_controller.get_log_summary_node", "description": "Return a summary of the last 2000 wazuh log entries in the specified node", "summary": "Get node logs summary", - "tags": ["Cluster"], + "tags": [ + "Cluster" + ], "args": [ { "name": ":node_id", @@ -1500,7 +1558,9 @@ "documentation": "https://documentation.wazuh.com/4.8/user-manual/api/reference.html#operation/api.controllers.cluster_controller.get_stats_node", "description": "Return Wazuh statistical information in node {node_id} for the current or specified date", "summary": "Get node stats", - "tags": ["Cluster"], + "tags": [ + "Cluster" + ], "args": [ { "name": ":node_id", @@ -1544,7 +1604,9 @@ "documentation": "https://documentation.wazuh.com/4.8/user-manual/api/reference.html#operation/api.controllers.cluster_controller.get_stats_analysisd_node", "description": "Return Wazuh analysisd statistical information in node {node_id}", "summary": "Get node stats analysisd", - "tags": ["Cluster"], + "tags": [ + "Cluster" + ], "args": [ { "name": ":node_id", @@ -1580,7 +1642,9 @@ "documentation": "https://documentation.wazuh.com/4.8/user-manual/api/reference.html#operation/api.controllers.cluster_controller.get_stats_hourly_node", "description": "Return Wazuh statistical information in node {node_id} per hour. Each number in the averages field represents the average of alerts per hour", "summary": "Get node stats hour", - "tags": ["Cluster"], + "tags": [ + "Cluster" + ], "args": [ { "name": ":node_id", @@ -1616,7 +1680,9 @@ "documentation": "https://documentation.wazuh.com/4.8/user-manual/api/reference.html#operation/api.controllers.cluster_controller.get_stats_remoted_node", "description": "Return Wazuh remoted statistical information in node {node_id}", "summary": "Get node stats remoted", - "tags": ["Cluster"], + "tags": [ + "Cluster" + ], "args": [ { "name": ":node_id", @@ -1652,7 +1718,9 @@ "documentation": "https://documentation.wazuh.com/4.8/user-manual/api/reference.html#operation/api.controllers.cluster_controller.get_stats_weekly_node", "description": "Return Wazuh statistical information in node {node_id} per week. Each number in the averages field represents the average of alerts per hour for that specific day", "summary": "Get node stats week", - "tags": ["Cluster"], + "tags": [ + "Cluster" + ], "args": [ { "name": ":node_id", @@ -1688,7 +1756,9 @@ "documentation": "https://documentation.wazuh.com/4.8/user-manual/api/reference.html#operation/api.controllers.cluster_controller.get_status_node", "description": "Return the status of all Wazuh daemons in node node_id", "summary": "Get node status", - "tags": ["Cluster"], + "tags": [ + "Cluster" + ], "args": [ { "name": ":node_id", @@ -1724,7 +1794,9 @@ "documentation": "https://documentation.wazuh.com/4.8/user-manual/api/reference.html#operation/api.controllers.cluster_controller.get_api_config", "description": "Return the API configuration of all nodes (or a list of them) in JSON format", "summary": "Get nodes API config", - "tags": ["Cluster"], + "tags": [ + "Cluster" + ], "query": [ { "name": "nodes_list", @@ -1759,7 +1831,9 @@ "documentation": "https://documentation.wazuh.com/4.8/user-manual/api/reference.html#operation/api.controllers.cluster_controller.get_conf_validation", "description": "Return whether the Wazuh configuration is correct or not in all cluster nodes or a list of them", "summary": "Check nodes config", - "tags": ["Cluster"], + "tags": [ + "Cluster" + ], "query": [ { "name": "nodes_list", @@ -1794,7 +1868,9 @@ "documentation": "https://documentation.wazuh.com/4.8/user-manual/api/reference.html#operation/api.controllers.cluster_controller.get_healthcheck", "description": "Return cluster healthcheck information for all nodes or a list of them. Such information includes last keep alive, last synchronization time and number of agents reporting on each node", "summary": "Get nodes healthcheck", - "tags": ["Cluster"], + "tags": [ + "Cluster" + ], "query": [ { "name": "nodes_list", @@ -1829,7 +1905,9 @@ "documentation": "https://documentation.wazuh.com/4.8/user-manual/api/reference.html#operation/api.controllers.cluster_controller.get_config", "description": "Return the current node cluster configuration", "summary": "Get local node config", - "tags": ["Cluster"], + "tags": [ + "Cluster" + ], "query": [ { "name": "pretty", @@ -1854,7 +1932,9 @@ "documentation": "https://documentation.wazuh.com/4.8/user-manual/api/reference.html#operation/api.controllers.cluster_controller.get_cluster_node", "description": "Return basic information about the cluster node receiving the request", "summary": "Get local node info", - "tags": ["Cluster"], + "tags": [ + "Cluster" + ], "query": [ { "name": "pretty", @@ -1879,7 +1959,9 @@ "documentation": "https://documentation.wazuh.com/4.8/user-manual/api/reference.html#operation/api.controllers.cluster_controller.get_cluster_nodes", "description": "Get information about all nodes in the cluster or a list of them", "summary": "Get nodes info", - "tags": ["Cluster"], + "tags": [ + "Cluster" + ], "query": [ { "name": "distinct", @@ -1967,7 +2049,10 @@ "description": "Filter by node type", "schema": { "type": "string", - "enum": ["worker", "master"] + "enum": [ + "worker", + "master" + ] } }, { @@ -1985,7 +2070,9 @@ "documentation": "https://documentation.wazuh.com/4.8/user-manual/api/reference.html#operation/api.controllers.cluster_controller.get_nodes_ruleset_sync_status", "description": "Return ruleset synchronization status for all nodes or a list of them. This synchronization only covers the user custom ruleset", "summary": "Get cluster nodes ruleset synchronization status", - "tags": ["Cluster"], + "tags": [ + "Cluster" + ], "query": [ { "name": "nodes_list", @@ -2020,7 +2107,9 @@ "documentation": "https://documentation.wazuh.com/4.8/user-manual/api/reference.html#operation/api.controllers.cluster_controller.get_status", "description": "Return information about the cluster status", "summary": "Get cluster status", - "tags": ["Cluster"], + "tags": [ + "Cluster" + ], "query": [ { "name": "pretty", @@ -2045,7 +2134,9 @@ "documentation": "https://documentation.wazuh.com/4.8/user-manual/api/reference.html#operation/api.controllers.decoder_controller.get_decoders", "description": "Return information about all decoders included in ossec.conf. This information include decoder's route, decoder's name, decoder's file among others", "summary": "List decoders", - "tags": ["Decoders"], + "tags": [ + "Decoders" + ], "query": [ { "name": "decoder_names", @@ -2153,7 +2244,11 @@ "description": "Filter by list status. Use commas to enter multiple statuses", "schema": { "type": "string", - "enum": ["enabled", "disabled", "all"], + "enum": [ + "enabled", + "disabled", + "all" + ], "minItems": 1 } }, @@ -2172,7 +2267,9 @@ "documentation": "https://documentation.wazuh.com/4.8/user-manual/api/reference.html#operation/api.controllers.decoder_controller.get_decoders_files", "description": "Return information about all decoders files used in Wazuh. This information include decoder's file, decoder's route and decoder's status among others", "summary": "Get files", - "tags": ["Decoders"], + "tags": [ + "Decoders" + ], "query": [ { "name": "distinct", @@ -2269,7 +2366,11 @@ "description": "Filter by list status. Use commas to enter multiple statuses", "schema": { "type": "string", - "enum": ["enabled", "disabled", "all"], + "enum": [ + "enabled", + "disabled", + "all" + ], "minItems": 1 } }, @@ -2288,7 +2389,9 @@ "documentation": "https://documentation.wazuh.com/4.8/user-manual/api/reference.html#operation/api.controllers.decoder_controller.get_file", "description": "Get the content of a specified decoder file", "summary": "Get decoders file content", - "tags": ["Decoders"], + "tags": [ + "Decoders" + ], "args": [ { "name": ":filename", @@ -2340,7 +2443,9 @@ "documentation": "https://documentation.wazuh.com/4.8/user-manual/api/reference.html#operation/api.controllers.decoder_controller.get_decoders_parents", "description": "Return information about all parent decoders. A parent decoder is a decoder used as base of other decoders", "summary": "Get parent decoders", - "tags": ["Decoders"], + "tags": [ + "Decoders" + ], "query": [ { "name": "limit", @@ -2413,7 +2518,9 @@ "documentation": "https://documentation.wazuh.com/4.8/user-manual/api/reference.html#operation/api.controllers.experimental_controller.get_cis_cat_results", "description": "Return CIS-CAT results for all agents or a list of them", "summary": "Get agents CIS-CAT results", - "tags": ["Experimental"], + "tags": [ + "Experimental" + ], "query": [ { "name": "agents_list", @@ -2568,7 +2675,9 @@ "documentation": "https://documentation.wazuh.com/4.8/user-manual/api/reference.html#operation/api.controllers.experimental_controller.get_hardware_info", "description": "Return all agents (or a list of them) hardware info. This information include cpu, ram, scan info among others of all agents", "summary": "Get agents hardware", - "tags": ["Experimental"], + "tags": [ + "Experimental" + ], "query": [ { "name": "agents_list", @@ -2705,7 +2814,9 @@ "documentation": "https://documentation.wazuh.com/4.8/user-manual/api/reference.html#operation/api.controllers.experimental_controller.get_hotfixes_info", "description": "Return all agents (or a list of them) hotfixes info", "summary": "Get agents hotfixes", - "tags": ["Experimental"], + "tags": [ + "Experimental" + ], "query": [ { "name": "agents_list", @@ -2798,7 +2909,9 @@ "documentation": "https://documentation.wazuh.com/4.8/user-manual/api/reference.html#operation/api.controllers.experimental_controller.get_network_address_info", "description": "Return all agents (or a list of them) IPv4 and IPv6 addresses associated to their network interfaces. This information include used IP protocol, interface, and IP address among others", "summary": "Get agents netaddr", - "tags": ["Experimental"], + "tags": [ + "Experimental" + ], "query": [ { "name": "address", @@ -2916,7 +3029,9 @@ "documentation": "https://documentation.wazuh.com/4.8/user-manual/api/reference.html#operation/api.controllers.experimental_controller.get_network_interface_info", "description": "Return all agents (or a list of them) network interfaces. This information includes rx, scan, tx info and some network information among other", "summary": "Get agents netiface", - "tags": ["Experimental"], + "tags": [ + "Experimental" + ], "query": [ { "name": "adapter", @@ -3115,7 +3230,9 @@ "documentation": "https://documentation.wazuh.com/4.8/user-manual/api/reference.html#operation/api.controllers.experimental_controller.get_network_protocol_info", "description": "Return all agents (or a list of them) routing configuration for each network interface. This information includes interface, type protocol information among other", "summary": "Get agents netproto", - "tags": ["Experimental"], + "tags": [ + "Experimental" + ], "query": [ { "name": "agents_list", @@ -3136,7 +3253,12 @@ "schema": { "type": "string", "description": "DHCP status", - "enum": ["enabled", "disabled", "unknown", "BOOTP"] + "enum": [ + "enabled", + "disabled", + "unknown", + "BOOTP" + ] } }, { @@ -3234,7 +3356,9 @@ "documentation": "https://documentation.wazuh.com/4.8/user-manual/api/reference.html#operation/api.controllers.experimental_controller.get_os_info", "description": "Return all agents (or a list of them) OS info. This information includes os information, architecture information among other", "summary": "Get agents OS", - "tags": ["Experimental"], + "tags": [ + "Experimental" + ], "query": [ { "name": "agents_list", @@ -3360,7 +3484,9 @@ "documentation": "https://documentation.wazuh.com/4.8/user-manual/api/reference.html#operation/api.controllers.experimental_controller.get_packages_info", "description": "Return all agents (or a list of them) packages info. This information includes name, section, size, and priority information of all packages among other", "summary": "Get agents packages", - "tags": ["Experimental"], + "tags": [ + "Experimental" + ], "query": [ { "name": "agents_list", @@ -3484,7 +3610,9 @@ "documentation": "https://documentation.wazuh.com/4.8/user-manual/api/reference.html#operation/api.controllers.experimental_controller.get_ports_info", "description": "Return all agents (or a list of them) ports info. This information includes local IP, Remote IP, protocol information among other", "summary": "Get agents ports", - "tags": ["Experimental"], + "tags": [ + "Experimental" + ], "query": [ { "name": "agents_list", @@ -3634,7 +3762,9 @@ "documentation": "https://documentation.wazuh.com/4.8/user-manual/api/reference.html#operation/api.controllers.experimental_controller.get_processes_info", "description": "Return all agents (or a list of them) processes info", "summary": "Get agents processes", - "tags": ["Experimental"], + "tags": [ + "Experimental" + ], "query": [ { "name": "agents_list", @@ -3832,7 +3962,9 @@ "documentation": "https://documentation.wazuh.com/4.8/user-manual/api/reference.html#operation/api.controllers.agent_controller.get_list_group", "description": "Get information about all groups or a list of them. Returns a list containing basic information about each group such as number of agents belonging to the group and the checksums of the configuration and shared files", "summary": "Get groups", - "tags": ["Groups"], + "tags": [ + "Groups" + ], "query": [ { "name": "distinct", @@ -3953,7 +4085,9 @@ "documentation": "https://documentation.wazuh.com/4.8/user-manual/api/reference.html#operation/api.controllers.agent_controller.get_agents_in_group", "description": "Return the list of agents that belong to the specified group", "summary": "Get agents in a group", - "tags": ["Groups"], + "tags": [ + "Groups" + ], "args": [ { "name": ":group_id", @@ -4045,7 +4179,12 @@ "type": "array", "items": { "type": "string", - "enum": ["active", "pending", "never_connected", "disconnected"] + "enum": [ + "active", + "pending", + "never_connected", + "disconnected" + ] }, "minItems": 1 } @@ -4065,7 +4204,9 @@ "documentation": "https://documentation.wazuh.com/4.8/user-manual/api/reference.html#operation/api.controllers.agent_controller.get_group_config", "description": "Return the group configuration defined in the `agent.conf` file", "summary": "Get group configuration", - "tags": ["Groups"], + "tags": [ + "Groups" + ], "args": [ { "name": ":group_id", @@ -4123,7 +4264,9 @@ "documentation": "https://documentation.wazuh.com/4.8/user-manual/api/reference.html#operation/api.controllers.agent_controller.get_group_files", "description": "Return the files placed under the group directory", "summary": "Get group files", - "tags": ["Groups"], + "tags": [ + "Groups" + ], "args": [ { "name": ":group_id", @@ -4244,7 +4387,9 @@ "documentation": "https://documentation.wazuh.com/4.8/user-manual/api/reference.html#operation/api.controllers.agent_controller.get_group_file_json", "description": "Return the content of the specified group file parsed to JSON", "summary": "Get a file in group", - "tags": ["Groups"], + "tags": [ + "Groups" + ], "args": [ { "name": ":file_name", @@ -4282,7 +4427,12 @@ "type": "array", "items": { "type": "string", - "enum": ["conf", "rootkit_files", "rootkit_trojans", "rcl"] + "enum": [ + "conf", + "rootkit_files", + "rootkit_trojans", + "rcl" + ] } } }, @@ -4301,7 +4451,9 @@ "documentation": "https://documentation.wazuh.com/4.8/user-manual/api/reference.html#operation/api.controllers.agent_controller.get_group_file_xml", "description": "Return the contents of the specified group file parsed to XML", "summary": "Get a file in group", - "tags": ["Groups"], + "tags": [ + "Groups" + ], "args": [ { "name": ":file_name", @@ -4339,7 +4491,12 @@ "type": "array", "items": { "type": "string", - "enum": ["conf", "rootkit_files", "rootkit_trojans", "rcl"] + "enum": [ + "conf", + "rootkit_files", + "rootkit_trojans", + "rcl" + ] } } }, @@ -4358,7 +4515,9 @@ "documentation": "https://documentation.wazuh.com/4.8/user-manual/api/reference.html#operation/api.controllers.cdb_list_controller.get_lists", "description": "Return the contents of all CDB lists. Optionally, the result can be filtered by several criteria. See available parameters for more details", "summary": "Get CDB lists info", - "tags": ["Lists"], + "tags": [ + "Lists" + ], "query": [ { "name": "distinct", @@ -4465,7 +4624,9 @@ "documentation": "https://documentation.wazuh.com/4.8/user-manual/api/reference.html#operation/api.controllers.cdb_list_controller.get_lists_files", "description": "Return the path from all CDB lists. Use this method to know all the CDB lists and their location in the filesystem relative to Wazuh installation folder", "summary": "Get CDB lists files", - "tags": ["Lists"], + "tags": [ + "Lists" + ], "query": [ { "name": "filename", @@ -4546,7 +4707,9 @@ "documentation": "https://documentation.wazuh.com/4.8/user-manual/api/reference.html#operation/api.controllers.cdb_list_controller.get_file", "description": "Return the content of a CDB list file. Only the filename can be specified. It will be searched recursively if not found", "summary": "Get CDB list file content", - "tags": ["Lists"], + "tags": [ + "Lists" + ], "args": [ { "name": ":filename", @@ -4590,7 +4753,9 @@ "documentation": "https://documentation.wazuh.com/4.8/user-manual/api/reference.html#operation/api.controllers.manager_controller.get_api_config", "description": "Return the local API configuration in JSON format", "summary": "Get API config", - "tags": ["Manager"], + "tags": [ + "Manager" + ], "query": [ { "name": "pretty", @@ -4615,7 +4780,9 @@ "documentation": "https://documentation.wazuh.com/4.8/user-manual/api/reference.html#operation/api.controllers.manager_controller.get_configuration", "description": "Return wazuh configuration used. The 'section' and 'field' parameters will be ignored if 'raw' parameter is provided.", "summary": "Get configuration", - "tags": ["Manager"], + "tags": [ + "Manager" + ], "query": [ { "name": "distinct", @@ -4704,7 +4871,9 @@ "documentation": "https://documentation.wazuh.com/4.8/user-manual/api/reference.html#operation/api.controllers.manager_controller.get_manager_config_ondemand", "description": "Return the requested active configuration in JSON format", "summary": "Get active configuration", - "tags": ["Manager"], + "tags": [ + "Manager" + ], "args": [ { "name": ":component", @@ -4791,7 +4960,9 @@ "documentation": "https://documentation.wazuh.com/4.8/user-manual/api/reference.html#operation/api.controllers.manager_controller.get_conf_validation", "description": "Return whether the Wazuh configuration is correct", "summary": "Check config", - "tags": ["Manager"], + "tags": [ + "Manager" + ], "query": [ { "name": "pretty", @@ -4816,7 +4987,9 @@ "documentation": "https://documentation.wazuh.com/4.8/user-manual/api/reference.html#operation/api.controllers.manager_controller.get_daemon_stats", "description": "Return Wazuh statistical information from specified daemons", "summary": "Get Wazuh daemon stats", - "tags": ["Manager"], + "tags": [ + "Manager" + ], "query": [ { "name": "daemons_list", @@ -4825,7 +4998,11 @@ "type": "array", "items": { "type": "string", - "enum": ["wazuh-analysisd", "wazuh-remoted", "wazuh-db"] + "enum": [ + "wazuh-analysisd", + "wazuh-remoted", + "wazuh-db" + ] } } }, @@ -4852,7 +5029,9 @@ "documentation": "https://documentation.wazuh.com/4.8/user-manual/api/reference.html#operation/api.controllers.manager_controller.get_info", "description": "Return basic information such as version, compilation date, installation path", "summary": "Get information", - "tags": ["Manager"], + "tags": [ + "Manager" + ], "query": [ { "name": "pretty", @@ -4877,7 +5056,9 @@ "documentation": "https://documentation.wazuh.com/4.8/user-manual/api/reference.html#operation/api.controllers.manager_controller.get_log", "description": "Return the last 2000 wazuh log entries", "summary": "Get logs", - "tags": ["Manager"], + "tags": [ + "Manager" + ], "query": [ { "name": "distinct", @@ -4988,7 +5169,9 @@ "documentation": "https://documentation.wazuh.com/4.8/user-manual/api/reference.html#operation/api.controllers.manager_controller.get_log_summary", "description": "Return a summary of the last 2000 wazuh log entries", "summary": "Get logs summary", - "tags": ["Manager"], + "tags": [ + "Manager" + ], "query": [ { "name": "pretty", @@ -5013,7 +5196,9 @@ "documentation": "https://documentation.wazuh.com/4.8/user-manual/api/reference.html#operation/api.controllers.manager_controller.get_stats", "description": "Return Wazuh statistical information for the current or specified date", "summary": "Get stats", - "tags": ["Manager"], + "tags": [ + "Manager" + ], "query": [ { "name": "date", @@ -5046,7 +5231,9 @@ "documentation": "https://documentation.wazuh.com/4.8/user-manual/api/reference.html#operation/api.controllers.manager_controller.get_stats_analysisd", "description": "Return Wazuh analysisd statistical information", "summary": "Get stats analysisd", - "tags": ["Manager"], + "tags": [ + "Manager" + ], "query": [ { "name": "pretty", @@ -5071,7 +5258,9 @@ "documentation": "https://documentation.wazuh.com/4.8/user-manual/api/reference.html#operation/api.controllers.manager_controller.get_stats_hourly", "description": "Return Wazuh statistical information per hour. Each number in the averages field represents the average of alerts per hour", "summary": "Get stats hour", - "tags": ["Manager"], + "tags": [ + "Manager" + ], "query": [ { "name": "pretty", @@ -5096,7 +5285,9 @@ "documentation": "https://documentation.wazuh.com/4.8/user-manual/api/reference.html#operation/api.controllers.manager_controller.get_stats_remoted", "description": "Return Wazuh remoted statistical information", "summary": "Get stats remoted", - "tags": ["Manager"], + "tags": [ + "Manager" + ], "query": [ { "name": "pretty", @@ -5121,7 +5312,9 @@ "documentation": "https://documentation.wazuh.com/4.8/user-manual/api/reference.html#operation/api.controllers.manager_controller.get_stats_weekly", "description": "Return Wazuh statistical information per week. Each number in the averages field represents the average of alerts per hour for that specific day", "summary": "Get stats week", - "tags": ["Manager"], + "tags": [ + "Manager" + ], "query": [ { "name": "pretty", @@ -5146,32 +5339,9 @@ "documentation": "https://documentation.wazuh.com/4.8/user-manual/api/reference.html#operation/api.controllers.manager_controller.get_status", "description": "Return the status of all Wazuh daemons", "summary": "Get status", - "tags": ["Manager"], - "query": [ - { - "name": "pretty", - "description": "Show results in human-readable format", - "schema": { - "type": "boolean", - "default": false - } - }, - { - "name": "wait_for_complete", - "description": "Disable timeout response", - "schema": { - "type": "boolean", - "default": false - } - } - ] - }, - { - "name": "/manager/version/check", - "documentation": "https://documentation.wazuh.com/4.8/user-manual/api/reference.html#operation/api_controllers_manager_controller_get_available_updates", - "description": "Return the version of the API and the available updates", - "summary": "Get available updates", - "tags": ["Manager"], + "tags": [ + "Manager" + ], "query": [ { "name": "pretty", @@ -5196,7 +5366,9 @@ "documentation": "https://documentation.wazuh.com/4.8/user-manual/api/reference.html#operation/api.controllers.mitre_controller.get_groups", "description": "Return the groups from MITRE database", "summary": "Get MITRE groups", - "tags": ["MITRE"], + "tags": [ + "MITRE" + ], "query": [ { "name": "distinct", @@ -5295,7 +5467,9 @@ "documentation": "https://documentation.wazuh.com/4.8/user-manual/api/reference.html#operation/api.controllers.mitre_controller.get_metadata", "description": "Return the metadata from MITRE database", "summary": "Get MITRE metadata", - "tags": ["MITRE"], + "tags": [ + "MITRE" + ], "query": [ { "name": "pretty", @@ -5320,7 +5494,9 @@ "documentation": "https://documentation.wazuh.com/4.8/user-manual/api/reference.html#operation/api.controllers.mitre_controller.get_mitigations", "description": "Return the mitigations from MITRE database", "summary": "Get MITRE mitigations", - "tags": ["MITRE"], + "tags": [ + "MITRE" + ], "query": [ { "name": "distinct", @@ -5419,7 +5595,9 @@ "documentation": "https://documentation.wazuh.com/4.8/user-manual/api/reference.html#operation/api.controllers.mitre_controller.get_references", "description": "Return the references from MITRE database", "summary": "Get MITRE references", - "tags": ["MITRE"], + "tags": [ + "MITRE" + ], "query": [ { "name": "limit", @@ -5510,7 +5688,9 @@ "documentation": "https://documentation.wazuh.com/4.8/user-manual/api/reference.html#operation/api.controllers.mitre_controller.get_software", "description": "Return the software from MITRE database", "summary": "Get MITRE software", - "tags": ["MITRE"], + "tags": [ + "MITRE" + ], "query": [ { "name": "distinct", @@ -5609,7 +5789,9 @@ "documentation": "https://documentation.wazuh.com/4.8/user-manual/api/reference.html#operation/api.controllers.mitre_controller.get_tactics", "description": "Return the tactics from MITRE database", "summary": "Get MITRE tactics", - "tags": ["MITRE"], + "tags": [ + "MITRE" + ], "query": [ { "name": "distinct", @@ -5708,7 +5890,9 @@ "documentation": "https://documentation.wazuh.com/4.8/user-manual/api/reference.html#operation/api.controllers.mitre_controller.get_techniques", "description": "Return the techniques from MITRE database", "summary": "Get MITRE techniques", - "tags": ["MITRE"], + "tags": [ + "MITRE" + ], "query": [ { "name": "distinct", @@ -5807,7 +5991,9 @@ "documentation": "https://documentation.wazuh.com/4.8/user-manual/api/reference.html#operation/api.controllers.overview_controller.get_overview_agents", "description": "Return a dictionary with a full agents overview", "summary": "Get agents overview", - "tags": ["Overview"], + "tags": [ + "Overview" + ], "query": [ { "name": "pretty", @@ -5832,7 +6018,9 @@ "documentation": "https://documentation.wazuh.com/4.8/user-manual/api/reference.html#operation/api.controllers.rootcheck_controller.get_rootcheck_agent", "description": "Return the rootcheck database of an agent", "summary": "Get results", - "tags": ["Rootcheck"], + "tags": [ + "Rootcheck" + ], "args": [ { "name": ":agent_id", @@ -5957,7 +6145,9 @@ "documentation": "https://documentation.wazuh.com/4.8/user-manual/api/reference.html#operation/api.controllers.rootcheck_controller.get_last_scan_agent", "description": "Return the timestamp of the last rootcheck scan of an agent", "summary": "Get last scan datetime", - "tags": ["Rootcheck"], + "tags": [ + "Rootcheck" + ], "args": [ { "name": ":agent_id", @@ -5995,7 +6185,9 @@ "documentation": "https://documentation.wazuh.com/4.8/user-manual/api/reference.html#operation/api.controllers.rule_controller.get_rules", "description": "Return a list containing information about each rule such as file where it's defined, description, rule group, status, etc", "summary": "List rules", - "tags": ["Rules"], + "tags": [ + "Rules" + ], "query": [ { "name": "distinct", @@ -6168,7 +6360,11 @@ "description": "Filter by list status. Use commas to enter multiple statuses", "schema": { "type": "string", - "enum": ["enabled", "disabled", "all"], + "enum": [ + "enabled", + "disabled", + "all" + ], "minItems": 1 } }, @@ -6195,7 +6391,9 @@ "documentation": "https://documentation.wazuh.com/4.8/user-manual/api/reference.html#operation/api.controllers.rule_controller.get_rules_files", "description": "Return a list containing all files used to define rules and their status", "summary": "Get files", - "tags": ["Rules"], + "tags": [ + "Rules" + ], "query": [ { "name": "distinct", @@ -6292,7 +6490,11 @@ "description": "Filter by list status. Use commas to enter multiple statuses", "schema": { "type": "string", - "enum": ["enabled", "disabled", "all"], + "enum": [ + "enabled", + "disabled", + "all" + ], "minItems": 1 } }, @@ -6311,7 +6513,9 @@ "documentation": "https://documentation.wazuh.com/4.8/user-manual/api/reference.html#operation/api.controllers.rule_controller.get_file", "description": "Get the content of a specified rule in the ruleset", "summary": "Get rules file content", - "tags": ["Rules"], + "tags": [ + "Rules" + ], "args": [ { "name": ":filename", @@ -6363,7 +6567,9 @@ "documentation": "https://documentation.wazuh.com/4.8/user-manual/api/reference.html#operation/api.controllers.rule_controller.get_rules_groups", "description": "Return a list containing all rule groups names", "summary": "Get groups", - "tags": ["Rules"], + "tags": [ + "Rules" + ], "query": [ { "name": "limit", @@ -6425,7 +6631,9 @@ "documentation": "https://documentation.wazuh.com/4.8/user-manual/api/reference.html#operation/api.controllers.rule_controller.get_rules_requirement", "description": "Return all specified requirement names defined in the Wazuh ruleset", "summary": "Get requirements", - "tags": ["Rules"], + "tags": [ + "Rules" + ], "args": [ { "name": ":requirement", @@ -6505,7 +6713,9 @@ "documentation": "https://documentation.wazuh.com/4.8/user-manual/api/reference.html#operation/api.controllers.sca_controller.get_sca_agent", "description": "Return the security SCA database of an agent", "summary": "Get results", - "tags": ["SCA"], + "tags": [ + "SCA" + ], "args": [ { "name": ":agent_id", @@ -6628,7 +6838,9 @@ "documentation": "https://documentation.wazuh.com/4.8/user-manual/api/reference.html#operation/api.controllers.sca_controller.get_sca_checks", "description": "Return the policy monitoring alerts for a given policy", "summary": "Get policy checks", - "tags": ["SCA"], + "tags": [ + "SCA" + ], "args": [ { "name": ":agent_id", @@ -6839,7 +7051,9 @@ "documentation": "https://documentation.wazuh.com/4.8/user-manual/api/reference.html#operation/api.controllers.security_controller.get_rbac_actions", "description": "Get all RBAC actions, including the potential related resources and endpoints.", "summary": "List RBAC actions", - "tags": ["Security"], + "tags": [ + "Security" + ], "query": [ { "name": "endpoint", @@ -6863,7 +7077,9 @@ "documentation": "https://documentation.wazuh.com/4.8/user-manual/api/reference.html#operation/api.controllers.security_controller.get_security_config", "description": "Return the security configuration in JSON format", "summary": "Get security config", - "tags": ["Security"], + "tags": [ + "Security" + ], "query": [ { "name": "pretty", @@ -6888,7 +7104,9 @@ "documentation": "https://documentation.wazuh.com/4.8/user-manual/api/reference.html#operation/api.controllers.security_controller.get_policies", "description": "Get all policies in the system, including the administrator policy", "summary": "List policies", - "tags": ["Security"], + "tags": [ + "Security" + ], "query": [ { "name": "distinct", @@ -6988,7 +7206,9 @@ "documentation": "https://documentation.wazuh.com/4.8/user-manual/api/reference.html#operation/api.controllers.security_controller.get_rbac_resources", "description": "This method should be called to get all current defined RBAC resources.", "summary": "List RBAC resources", - "tags": ["Security"], + "tags": [ + "Security" + ], "query": [ { "name": "pretty", @@ -7025,7 +7245,9 @@ "documentation": "https://documentation.wazuh.com/4.8/user-manual/api/reference.html#operation/api.controllers.security_controller.get_roles", "description": "For a specific list, indicate the ids separated by commas. Example: ?role_ids=1,2,3", "summary": "List roles", - "tags": ["Security"], + "tags": [ + "Security" + ], "query": [ { "name": "distinct", @@ -7125,7 +7347,9 @@ "documentation": "https://documentation.wazuh.com/4.8/user-manual/api/reference.html#operation/api.controllers.security_controller.get_rules", "description": "Get a list of security rules from the system or all of them. These rules must be mapped with roles to obtain certain access privileges. For a specific list, indicate the ids separated by commas. Example: ?rule_ids=1,2,3", "summary": "List security rules", - "tags": ["Security"], + "tags": [ + "Security" + ], "query": [ { "name": "distinct", @@ -7225,7 +7449,9 @@ "documentation": "https://documentation.wazuh.com/4.8/user-manual/api/reference.html#operation/api.controllers.security_controller.deprecated_login_user", "description": "This method should be called to get an API token. This token will expire after auth_token_exp_timeout seconds (default: 900). This value can be changed using PUT /security/config", "summary": "Login", - "tags": ["Security"], + "tags": [ + "Security" + ], "query": [ { "name": "raw", @@ -7242,7 +7468,9 @@ "documentation": "https://documentation.wazuh.com/4.8/user-manual/api/reference.html#operation/api.controllers.security_controller.get_users", "description": "Get the information of a specified user", "summary": "List users", - "tags": ["Security"], + "tags": [ + "Security" + ], "query": [ { "name": "distinct", @@ -7342,7 +7570,9 @@ "documentation": "https://documentation.wazuh.com/4.8/user-manual/api/reference.html#operation/api.controllers.security_controller.get_user_me", "description": "Get the information of the current user", "summary": "Get current user info", - "tags": ["Security"], + "tags": [ + "Security" + ], "query": [ { "name": "pretty", @@ -7367,7 +7597,9 @@ "documentation": "https://documentation.wazuh.com/4.8/user-manual/api/reference.html#operation/api.controllers.security_controller.get_user_me_policies", "description": "Get the processed policies information for the current user", "summary": "Get current user processed policies", - "tags": ["Security"], + "tags": [ + "Security" + ], "query": [ { "name": "pretty", @@ -7384,7 +7616,9 @@ "documentation": "https://documentation.wazuh.com/4.8/user-manual/api/reference.html#operation/api.controllers.syscheck_controller.get_syscheck_agent", "description": "Return FIM findings in the specified agent", "summary": "Get results", - "tags": ["Syscheck"], + "tags": [ + "Syscheck" + ], "args": [ { "name": ":agent_id", @@ -7404,7 +7638,10 @@ "description": "Filter by architecture", "schema": { "type": "string", - "enum": ["[x32]", "[x64]"] + "enum": [ + "[x32]", + "[x64]" + ] } }, { @@ -7531,7 +7768,11 @@ "description": "Filter by file type. Registry_key and registry_value types are only available in Windows agents", "schema": { "type": "string", - "enum": ["file", "registry_key", "registry_value"] + "enum": [ + "file", + "registry_key", + "registry_value" + ] } }, { @@ -7565,7 +7806,9 @@ "documentation": "https://documentation.wazuh.com/4.8/user-manual/api/reference.html#operation/api.controllers.syscheck_controller.get_last_scan_agent", "description": "Return when the last syscheck scan started and ended. If the scan is still in progress the end date will be unknown", "summary": "Get last scan datetime", - "tags": ["Syscheck"], + "tags": [ + "Syscheck" + ], "args": [ { "name": ":agent_id", @@ -7603,7 +7846,9 @@ "documentation": "https://documentation.wazuh.com/4.8/user-manual/api/reference.html#operation/api.controllers.syscollector_controller.get_hardware_info", "description": "Return the agent's hardware info. This information include cpu, ram, scan info among others", "summary": "Get agent hardware", - "tags": ["Syscollector"], + "tags": [ + "Syscollector" + ], "args": [ { "name": ":agent_id", @@ -7652,7 +7897,9 @@ "documentation": "https://documentation.wazuh.com/4.8/user-manual/api/reference.html#operation/api.controllers.syscollector_controller.get_hotfix_info", "description": "Return all hotfixes installed by Microsoft(R) in Windows(R) systems (KB... fixes)", "summary": "Get agent hotfixes", - "tags": ["Syscollector"], + "tags": [ + "Syscollector" + ], "args": [ { "name": ":agent_id", @@ -7760,7 +8007,9 @@ "documentation": "https://documentation.wazuh.com/4.8/user-manual/api/reference.html#operation/api.controllers.syscollector_controller.get_network_address_info", "description": "Return the agent's network address info. This information include used IP protocol, interface, IP address among others", "summary": "Get agent netaddr", - "tags": ["Syscollector"], + "tags": [ + "Syscollector" + ], "args": [ { "name": ":agent_id", @@ -7901,7 +8150,9 @@ "documentation": "https://documentation.wazuh.com/4.8/user-manual/api/reference.html#operation/api.controllers.syscollector_controller.get_network_interface_info", "description": "Return the agent's network interface info. This information include rx, scan, tx info and some network information among others", "summary": "Get agent netiface", - "tags": ["Syscollector"], + "tags": [ + "Syscollector" + ], "args": [ { "name": ":agent_id", @@ -8114,7 +8365,9 @@ "documentation": "https://documentation.wazuh.com/4.8/user-manual/api/reference.html#operation/api.controllers.syscollector_controller.get_network_protocol_info", "description": "Return the agent's routing configuration for each network interface", "summary": "Get agent netproto", - "tags": ["Syscollector"], + "tags": [ + "Syscollector" + ], "args": [ { "name": ":agent_id", @@ -8135,15 +8388,12 @@ "schema": { "type": "string", "description": "DHCP status", - "enum": ["enabled", "disabled", "unknown", "BOOTP"] - } - }, - { - "name": "distinct", - "description": "Look for distinct values.", - "schema": { - "type": "boolean", - "default": false + "enum": [ + "enabled", + "disabled", + "unknown", + "BOOTP" + ] } }, { @@ -8256,7 +8506,9 @@ "documentation": "https://documentation.wazuh.com/4.8/user-manual/api/reference.html#operation/api.controllers.syscollector_controller.get_os_info", "description": "Return the agent's OS info. This information include os information, architecture information among others of all agents", "summary": "Get agent OS", - "tags": ["Syscollector"], + "tags": [ + "Syscollector" + ], "args": [ { "name": ":agent_id", @@ -8305,7 +8557,9 @@ "documentation": "https://documentation.wazuh.com/4.8/user-manual/api/reference.html#operation/api.controllers.syscollector_controller.get_packages_info", "description": "Return the agent's packages info. This information include name, section, size, priority information of all packages among others", "summary": "Get agent packages", - "tags": ["Syscollector"], + "tags": [ + "Syscollector" + ], "args": [ { "name": ":agent_id", @@ -8444,7 +8698,9 @@ "documentation": "https://documentation.wazuh.com/4.8/user-manual/api/reference.html#operation/api.controllers.syscollector_controller.get_ports_info", "description": "Return the agent's ports info. This information include local IP, Remote IP, protocol information among others", "summary": "Get agent ports", - "tags": ["Syscollector"], + "tags": [ + "Syscollector" + ], "args": [ { "name": ":agent_id", @@ -8609,7 +8865,9 @@ "documentation": "https://documentation.wazuh.com/4.8/user-manual/api/reference.html#operation/api.controllers.syscollector_controller.get_processes_info", "description": "Return the agent's processes info", "summary": "Get agent processes", - "tags": ["Syscollector"], + "tags": [ + "Syscollector" + ], "args": [ { "name": ":agent_id", @@ -8822,7 +9080,9 @@ "documentation": "https://documentation.wazuh.com/4.8/user-manual/api/reference.html#operation/api.controllers.task_controller.get_tasks_status", "description": "Returns all available information about the specified tasks", "summary": "List tasks", - "tags": ["Tasks"], + "tags": [ + "Tasks" + ], "query": [ { "name": "agents_list", @@ -8959,7 +9219,9 @@ "documentation": "https://documentation.wazuh.com/4.8/user-manual/api/reference.html#operation/api.controllers.vulnerability_controller.get_vulnerability_agent", "description": "Return the vulnerabilities of an agent", "summary": "Get vulnerabilities", - "tags": ["Vulnerability"], + "tags": [ + "Vulnerability" + ], "args": [ { "name": ":agent_id", @@ -9082,7 +9344,11 @@ "description": "Filter by CVE status", "schema": { "type": "string", - "enum": ["valid", "pending", "obsolete"] + "enum": [ + "valid", + "pending", + "obsolete" + ] } }, { @@ -9090,7 +9356,10 @@ "description": "Filter by CVE type", "schema": { "type": "string", - "enum": ["os", "package"] + "enum": [ + "os", + "package" + ] } }, { @@ -9116,7 +9385,9 @@ "documentation": "https://documentation.wazuh.com/4.8/user-manual/api/reference.html#operation/api.controllers.vulnerability_controller.get_last_scan_agent", "description": "Return when the last full and partial vulnerability scan of a specified agent ended.", "summary": "Get last scan datetime", - "tags": ["Vulnerability"], + "tags": [ + "Vulnerability" + ], "args": [ { "name": ":agent_id", @@ -9154,7 +9425,9 @@ "documentation": "https://documentation.wazuh.com/4.8/user-manual/api/reference.html#operation/api.controllers.vulnerability_controller.get_vulnerabilities_field_summary", "description": "Return a summary of the vulnerabilities' field of an agent", "summary": "Get agent vulnerabilities' field summary", - "tags": ["Vulnerability"], + "tags": [ + "Vulnerability" + ], "args": [ { "name": ":agent_id", @@ -9233,7 +9506,9 @@ "documentation": "https://documentation.wazuh.com/4.8/user-manual/api/reference.html#operation/api.controllers.active_response_controller.run_command", "description": "Run an Active Response command on all agents or a list of them", "summary": "Run command", - "tags": ["Active-response"], + "tags": [ + "Active-response" + ], "query": [ { "name": "agents_list", @@ -9291,7 +9566,9 @@ } } }, - "required": ["command"] + "required": [ + "command" + ] } ] }, @@ -9300,7 +9577,9 @@ "documentation": "https://documentation.wazuh.com/4.8/user-manual/api/reference.html#operation/api.controllers.agent_controller.put_agent_single_group", "description": "Assign an agent to a specified group", "summary": "Assign agent to group", - "tags": ["Agents"], + "tags": [ + "Agents" + ], "args": [ { "name": ":agent_id", @@ -9355,7 +9634,9 @@ "documentation": "https://documentation.wazuh.com/4.8/user-manual/api/reference.html#operation/api.controllers.agent_controller.restart_agent", "description": "Restart the specified agent", "summary": "Restart agent", - "tags": ["Agents"], + "tags": [ + "Agents" + ], "args": [ { "name": ":agent_id", @@ -9393,7 +9674,9 @@ "documentation": "https://documentation.wazuh.com/4.8/user-manual/api/reference.html#operation/api.controllers.agent_controller.put_multiple_agent_single_group", "description": "Assign all agents or a list of them to the specified group", "summary": "Assign agents to group", - "tags": ["Agents"], + "tags": [ + "Agents" + ], "query": [ { "name": "agents_list", @@ -9448,7 +9731,9 @@ "documentation": "https://documentation.wazuh.com/4.8/user-manual/api/reference.html#operation/api.controllers.agent_controller.restart_agents_by_group", "description": "Restart all agents which belong to a given group", "summary": "Restart agents in group", - "tags": ["Agents"], + "tags": [ + "Agents" + ], "args": [ { "name": ":group_id", @@ -9485,7 +9770,9 @@ "documentation": "https://documentation.wazuh.com/4.8/user-manual/api/reference.html#operation/api.controllers.agent_controller.restart_agents_by_node", "description": "Restart all agents which belong to a specific given node", "summary": "Restart agents in node", - "tags": ["Agents"], + "tags": [ + "Agents" + ], "args": [ { "name": ":node_id", @@ -9521,7 +9808,9 @@ "documentation": "https://documentation.wazuh.com/4.8/user-manual/api/reference.html#operation/api.controllers.agent_controller.reconnect_agents", "description": "Force reconnect all agents or a list of them", "summary": "Force reconnect agents", - "tags": ["Agents"], + "tags": [ + "Agents" + ], "query": [ { "name": "agents_list", @@ -9559,7 +9848,9 @@ "documentation": "https://documentation.wazuh.com/4.8/user-manual/api/reference.html#operation/api.controllers.agent_controller.restart_agents", "description": "Restart all agents or a list of them", "summary": "Restart agents", - "tags": ["Agents"], + "tags": [ + "Agents" + ], "query": [ { "name": "agents_list", @@ -9597,7 +9888,9 @@ "documentation": "https://documentation.wazuh.com/4.8/user-manual/api/reference.html#operation/api.controllers.agent_controller.put_upgrade_agents", "description": "Upgrade agents using a WPK file from online repository. When upgrading more than 3000 agents at the same time, it's highly recommended to use the parameter `wait_for_complete` set to `true` to avoid a possible API timeout", "summary": "Upgrade agents", - "tags": ["Agents"], + "tags": [ + "Agents" + ], "query": [ { "name": "agents_list", @@ -9756,7 +10049,9 @@ "documentation": "https://documentation.wazuh.com/4.8/user-manual/api/reference.html#operation/api.controllers.agent_controller.put_upgrade_custom_agents", "description": "Upgrade the agents using a local WPK file. When upgrading more than 3000 agents at the same time, it's highly recommended to use the parameter `wait_for_complete` set to `true` to avoid a possible API timeout", "summary": "Upgrade agents custom", - "tags": ["Agents"], + "tags": [ + "Agents" + ], "query": [ { "name": "agents_list", @@ -9900,7 +10195,9 @@ "documentation": "https://documentation.wazuh.com/4.8/user-manual/api/reference.html#operation/api.controllers.cluster_controller.update_configuration", "description": "Replace wazuh configuration for the given node with the data contained in the API request", "summary": "Update node configuration", - "tags": ["Cluster"], + "tags": [ + "Cluster" + ], "args": [ { "name": ":node_id", @@ -9936,7 +10233,9 @@ "documentation": "https://documentation.wazuh.com/4.8/user-manual/api/reference.html#operation/api.controllers.cluster_controller.put_restart", "description": "Restart all nodes in the cluster or a list of them", "summary": "Restart nodes", - "tags": ["Cluster"], + "tags": [ + "Cluster" + ], "query": [ { "name": "nodes_list", @@ -9971,7 +10270,9 @@ "documentation": "https://documentation.wazuh.com/4.8/user-manual/api/reference.html#operation/api.controllers.decoder_controller.put_file", "description": "Upload or replace a user decoder file content", "summary": "Update decoders file", - "tags": ["Decoders"], + "tags": [ + "Decoders" + ], "args": [ { "name": ":filename", @@ -10023,7 +10324,9 @@ "documentation": "https://documentation.wazuh.com/4.8/user-manual/api/reference.html#operation/api.controllers.agent_controller.put_group_config", "description": "Update an specified group's configuration. This API call expects a full valid XML file with the shared configuration tags/syntax", "summary": "Update group configuration", - "tags": ["Groups"], + "tags": [ + "Groups" + ], "args": [ { "name": ":group_id", @@ -10060,7 +10363,9 @@ "documentation": "https://documentation.wazuh.com/4.8/user-manual/api/reference.html#operation/api.controllers.cdb_list_controller.put_file", "description": "Replace or upload a CDB list file with the data contained in the API request", "summary": "Update CDB list file", - "tags": ["Lists"], + "tags": [ + "Lists" + ], "args": [ { "name": ":filename", @@ -10104,7 +10409,9 @@ "documentation": "https://documentation.wazuh.com/4.8/user-manual/api/reference.html#operation/api.controllers.logtest_controller.run_logtest_tool", "description": "Run logtest tool to check if a specified log raises any alert among other information", "summary": "Run logtest", - "tags": ["Logtest"], + "tags": [ + "Logtest" + ], "query": [ { "name": "pretty", @@ -10126,7 +10433,11 @@ "body": [ { "type": "object", - "required": ["event", "log_format", "location"], + "required": [ + "event", + "log_format", + "location" + ], "properties": { "token": { "type": "string", @@ -10153,7 +10464,9 @@ "documentation": "https://documentation.wazuh.com/4.8/user-manual/api/reference.html#operation/api.controllers.manager_controller.update_configuration", "description": "Replace Wazuh configuration with the data contained in the API request", "summary": "Update Wazuh configuration", - "tags": ["Manager"], + "tags": [ + "Manager" + ], "query": [ { "name": "pretty", @@ -10178,7 +10491,9 @@ "documentation": "https://documentation.wazuh.com/4.8/user-manual/api/reference.html#operation/api.controllers.manager_controller.put_restart", "description": "Restart the wazuh manager", "summary": "Restart manager", - "tags": ["Manager"], + "tags": [ + "Manager" + ], "query": [ { "name": "pretty", @@ -10203,7 +10518,9 @@ "documentation": "https://documentation.wazuh.com/4.8/user-manual/api/reference.html#operation/api.controllers.rootcheck_controller.put_rootcheck", "description": "Run rootcheck scan in all agents or a list of them", "summary": "Run scan", - "tags": ["Rootcheck"], + "tags": [ + "Rootcheck" + ], "query": [ { "name": "agents_list", @@ -10241,7 +10558,9 @@ "documentation": "https://documentation.wazuh.com/4.8/user-manual/api/reference.html#operation/api.controllers.rule_controller.put_file", "description": "Upload or replace a user ruleset file content", "summary": "Update rules file", - "tags": ["Rules"], + "tags": [ + "Rules" + ], "args": [ { "name": ":filename", @@ -10293,7 +10612,9 @@ "documentation": "https://documentation.wazuh.com/4.8/user-manual/api/reference.html#operation/api.controllers.security_controller.put_security_config", "description": "Update the security configuration with the data contained in the API request", "summary": "Update security config", - "tags": ["Security"], + "tags": [ + "Security" + ], "query": [ { "name": "pretty", @@ -10327,7 +10648,10 @@ "rbac_mode": { "description": "RBAC mode (white/black)", "type": "string", - "enum": ["white", "black"], + "enum": [ + "white", + "black" + ], "example": "white" } } @@ -10339,7 +10663,9 @@ "documentation": "https://documentation.wazuh.com/4.8/user-manual/api/reference.html#operation/api.controllers.security_controller.update_policy", "description": "Modify a policy, at least one property must be indicated", "summary": "Update policy", - "tags": ["Security"], + "tags": [ + "Security" + ], "args": [ { "name": ":policy_id", @@ -10403,7 +10729,11 @@ "description": "Effect of the policy" } }, - "required": ["actions", "resources", "effect"] + "required": [ + "actions", + "resources", + "effect" + ] } } } @@ -10414,7 +10744,9 @@ "documentation": "https://documentation.wazuh.com/4.8/user-manual/api/reference.html#operation/api.controllers.security_controller.update_role", "description": "Modify a role, cannot modify associated policies in this endpoint, at least one property must be indicated", "summary": "Update role", - "tags": ["Security"], + "tags": [ + "Security" + ], "args": [ { "name": ":role_id", @@ -10464,7 +10796,9 @@ "documentation": "https://documentation.wazuh.com/4.8/user-manual/api/reference.html#operation/api.controllers.security_controller.update_rule", "description": "Modify a security rule by specifying its ID", "summary": "Update security rule", - "tags": ["Security"], + "tags": [ + "Security" + ], "args": [ { "name": ":rule_id", @@ -10518,14 +10852,18 @@ "documentation": "https://documentation.wazuh.com/4.8/user-manual/api/reference.html#operation/api.controllers.security_controller.revoke_all_tokens", "description": "This method should be called to revoke all active JWT tokens", "summary": "Revoke JWT tokens", - "tags": ["Security"] + "tags": [ + "Security" + ] }, { "name": "/security/users/:user_id", "documentation": "https://documentation.wazuh.com/4.8/user-manual/api/reference.html#operation/api.controllers.security_controller.update_user", "description": "Modify a user's password by specifying their ID", "summary": "Update users", - "tags": ["Security"], + "tags": [ + "Security" + ], "args": [ { "name": ":user_id", @@ -10573,7 +10911,9 @@ "documentation": "https://documentation.wazuh.com/4.8/user-manual/api/reference.html#operation/api.controllers.security_controller.edit_run_as", "description": "Modify a user's allow_run_as flag by specifying their ID", "summary": "Enable/Disable run_as", - "tags": ["Security"], + "tags": [ + "Security" + ], "args": [ { "name": ":user_id", @@ -10618,7 +10958,9 @@ "documentation": "https://documentation.wazuh.com/4.8/user-manual/api/reference.html#operation/api.controllers.syscheck_controller.put_syscheck", "description": "Run FIM scan in all agents", "summary": "Run scan", - "tags": ["Syscheck"], + "tags": [ + "Syscheck" + ], "query": [ { "name": "agents_list", @@ -10656,7 +10998,9 @@ "documentation": "https://documentation.wazuh.com/4.8/user-manual/api/reference.html#operation/api.controllers.vulnerability_controller.run_vulnerability_scan", "description": "Run a vulnerability detector scan in all nodes", "summary": "Run vulnerability detector scan", - "tags": ["Vulnerability"], + "tags": [ + "Vulnerability" + ], "query": [ { "name": "pretty", @@ -10686,7 +11030,9 @@ "documentation": "https://documentation.wazuh.com/4.8/user-manual/api/reference.html#operation/api.controllers.agent_controller.add_agent", "description": "Add a new agent", "summary": "Add agent", - "tags": ["Agents"], + "tags": [ + "Agents" + ], "query": [ { "name": "pretty", @@ -10720,7 +11066,9 @@ "format": "alphanumeric" } }, - "required": ["name"] + "required": [ + "name" + ] } ] }, @@ -10729,7 +11077,9 @@ "documentation": "https://documentation.wazuh.com/4.8/user-manual/api/reference.html#operation/api.controllers.agent_controller.insert_agent", "description": "Add an agent specifying its name, ID and IP. If an agent with the same name, the same ID or the same IP already exists, replace it using the `force` parameter", "summary": "Add agent full", - "tags": ["Agents"], + "tags": [ + "Agents" + ], "query": [ { "name": "pretty", @@ -10809,7 +11159,9 @@ } } }, - "required": ["name"] + "required": [ + "name" + ] } ] }, @@ -10818,7 +11170,9 @@ "documentation": "https://documentation.wazuh.com/4.8/user-manual/api/reference.html#operation/api.controllers.agent_controller.post_new_agent", "description": "Add a new agent with name `agent_name`. This agent will use `any` as IP", "summary": "Add agent quick", - "tags": ["Agents"], + "tags": [ + "Agents" + ], "query": [ { "name": "agent_name", @@ -10853,7 +11207,9 @@ "documentation": "https://documentation.wazuh.com/4.8/user-manual/api/reference.html#operation/api.controllers.event_controller.forward_event", "description": "Send security events to analysisd.\n\nThe endpoint is limited to receiving a max of 30 requests per minute and a max bulk size of 100 events per request.", "summary": "Ingest events", - "tags": ["Events"], + "tags": [ + "Events" + ], "query": [ { "name": "pretty", @@ -10884,7 +11240,9 @@ } } }, - "required": ["events"] + "required": [ + "events" + ] } ] }, @@ -10893,7 +11251,9 @@ "documentation": "https://documentation.wazuh.com/4.8/user-manual/api/reference.html#operation/api.controllers.agent_controller.post_group", "description": "Create a new group", "summary": "Create a group", - "tags": ["Groups"], + "tags": [ + "Groups" + ], "query": [ { "name": "pretty", @@ -10923,7 +11283,9 @@ "maxLength": 128 } }, - "required": ["group_id"] + "required": [ + "group_id" + ] } ] }, @@ -10932,7 +11294,9 @@ "documentation": "https://documentation.wazuh.com/4.8/user-manual/api/reference.html#operation/api.controllers.security_controller.add_policy", "description": "Add a new policy, all fields need to be specified", "summary": "Add policy", - "tags": ["Security"], + "tags": [ + "Security" + ], "query": [ { "name": "pretty", @@ -10954,7 +11318,10 @@ "body": [ { "type": "object", - "required": ["name", "policy"], + "required": [ + "name", + "policy" + ], "properties": { "name": { "description": "Policy name", @@ -10985,7 +11352,11 @@ "description": "Effect of the policy" } }, - "required": ["actions", "resources", "effect"] + "required": [ + "actions", + "resources", + "effect" + ] } } } @@ -10996,7 +11367,9 @@ "documentation": "https://documentation.wazuh.com/4.8/user-manual/api/reference.html#operation/api.controllers.security_controller.add_role", "description": "Add a new role, all fields need to be specified", "summary": "Add role", - "tags": ["Security"], + "tags": [ + "Security" + ], "query": [ { "name": "pretty", @@ -11018,7 +11391,9 @@ "body": [ { "type": "object", - "required": ["name"], + "required": [ + "name" + ], "properties": { "name": { "type": "string", @@ -11035,7 +11410,9 @@ "documentation": "https://documentation.wazuh.com/4.8/user-manual/api/reference.html#operation/api.controllers.security_controller.set_role_policy", "description": "Create a specified relation role-policy, one role may have multiples policies", "summary": "Add policies to role", - "tags": ["Security"], + "tags": [ + "Security" + ], "args": [ { "name": ":role_id", @@ -11094,7 +11471,9 @@ "documentation": "https://documentation.wazuh.com/4.8/user-manual/api/reference.html#operation/api.controllers.security_controller.set_role_rule", "description": "Create a specific role-rule relation. One role may have multiple security rules", "summary": "Add security rules to role", - "tags": ["Security"], + "tags": [ + "Security" + ], "args": [ { "name": ":role_id", @@ -11144,7 +11523,9 @@ "documentation": "https://documentation.wazuh.com/4.8/user-manual/api/reference.html#operation/api.controllers.security_controller.add_rule", "description": "Add a new security rule", "summary": "Add security rule", - "tags": ["Security"], + "tags": [ + "Security" + ], "query": [ { "name": "pretty", @@ -11166,7 +11547,10 @@ "body": [ { "type": "object", - "required": ["name", "rule"], + "required": [ + "name", + "rule" + ], "properties": { "name": { "type": "string", @@ -11187,7 +11571,9 @@ "documentation": "https://documentation.wazuh.com/4.8/user-manual/api/reference.html#operation/api.controllers.security_controller.login_user", "description": "This method should be called to get an API token. This token will expire after auth_token_exp_timeout seconds (default: 900). This value can be changed using PUT /security/config", "summary": "Login", - "tags": ["Security"], + "tags": [ + "Security" + ], "query": [ { "name": "raw", @@ -11204,7 +11590,9 @@ "documentation": "https://documentation.wazuh.com/4.8/user-manual/api/reference.html#operation/api.controllers.security_controller.run_as_login", "description": "This method should be called to get an API token using an authorization context body. This token will expire after auth_token_exp_timeout seconds (default: 900). This value can be changed using PUT /security/config", "summary": "Login auth_context", - "tags": ["Security"], + "tags": [ + "Security" + ], "query": [ { "name": "raw", @@ -11221,7 +11609,9 @@ "documentation": "https://documentation.wazuh.com/4.8/user-manual/api/reference.html#operation/api.controllers.security_controller.create_user", "description": "Add a new API user to the system", "summary": "Add user", - "tags": ["Security"], + "tags": [ + "Security" + ], "query": [ { "name": "pretty", @@ -11255,7 +11645,10 @@ "format": "password" } }, - "required": ["username", "password"] + "required": [ + "username", + "password" + ] } ] }, @@ -11264,7 +11657,9 @@ "documentation": "https://documentation.wazuh.com/4.8/user-manual/api/reference.html#operation/api.controllers.security_controller.set_user_role", "description": "Create a specified relation role-policy, one user may have multiples roles", "summary": "Add roles to user", - "tags": ["Security"], + "tags": [ + "Security" + ], "args": [ { "name": ":user_id", @@ -11328,7 +11723,9 @@ "documentation": "https://documentation.wazuh.com/4.8/user-manual/api/reference.html#operation/api.controllers.agent_controller.delete_agents", "description": "Delete all agents or a list of them based on optional criteria", "summary": "Delete agents", - "tags": ["Agents"], + "tags": [ + "Agents" + ], "query": [ { "name": "agents_list", @@ -11491,7 +11888,9 @@ "documentation": "https://documentation.wazuh.com/4.8/user-manual/api/reference.html#operation/api.controllers.agent_controller.delete_single_agent_multiple_groups", "description": "Remove the agent from all groups or a list of them. The agent will automatically revert to the default group if it is removed from all its assigned groups", "summary": "Remove agent from groups", - "tags": ["Agents"], + "tags": [ + "Agents" + ], "args": [ { "name": ":agent_id", @@ -11541,7 +11940,9 @@ "documentation": "https://documentation.wazuh.com/4.8/user-manual/api/reference.html#operation/api.controllers.agent_controller.delete_single_agent_single_group", "description": "Remove an agent from a specified group. If the agent belongs to several groups, only the specified group will be deleted.", "summary": "Remove agent from group", - "tags": ["Agents"], + "tags": [ + "Agents" + ], "args": [ { "name": ":agent_id", @@ -11589,7 +11990,9 @@ "documentation": "https://documentation.wazuh.com/4.8/user-manual/api/reference.html#operation/api.controllers.agent_controller.delete_multiple_agent_single_group", "description": "Remove all agents assignment or a list of them from the specified group", "summary": "Remove agents from group", - "tags": ["Agents"], + "tags": [ + "Agents" + ], "query": [ { "name": "agents_list", @@ -11638,7 +12041,9 @@ "documentation": "https://documentation.wazuh.com/4.8/user-manual/api/reference.html#operation/api.controllers.decoder_controller.delete_file", "description": "Delete a specified decoder file", "summary": "Delete decoders file", - "tags": ["Decoders"], + "tags": [ + "Decoders" + ], "args": [ { "name": ":filename", @@ -11682,7 +12087,9 @@ "documentation": "https://documentation.wazuh.com/4.8/user-manual/api/reference.html#operation/api.controllers.experimental_controller.clear_rootcheck_database", "description": "Clear rootcheck database for all agents or a list of them", "summary": "Clear rootcheck results", - "tags": ["Experimental"], + "tags": [ + "Experimental" + ], "query": [ { "name": "agents_list", @@ -11721,7 +12128,9 @@ "documentation": "https://documentation.wazuh.com/4.8/user-manual/api/reference.html#operation/api.controllers.experimental_controller.clear_syscheck_database", "description": "Clear the syscheck database for all agents or a list of them", "summary": "Clear agents FIM results", - "tags": ["Experimental"], + "tags": [ + "Experimental" + ], "query": [ { "name": "agents_list", @@ -11760,7 +12169,9 @@ "documentation": "https://documentation.wazuh.com/4.8/user-manual/api/reference.html#operation/api.controllers.agent_controller.delete_groups", "description": "Delete all groups or a list of them", "summary": "Delete groups", - "tags": ["Groups"], + "tags": [ + "Groups" + ], "query": [ { "name": "groups_list", @@ -11799,7 +12210,9 @@ "documentation": "https://documentation.wazuh.com/4.8/user-manual/api/reference.html#operation/api.controllers.cdb_list_controller.delete_file", "description": "Delete a specified CDB list file. Only the filename can be specified. It will be searched recursively if not found", "summary": "Delete CDB list file", - "tags": ["Lists"], + "tags": [ + "Lists" + ], "args": [ { "name": ":filename", @@ -11835,7 +12248,9 @@ "documentation": "https://documentation.wazuh.com/4.8/user-manual/api/reference.html#operation/api.controllers.logtest_controller.end_logtest_session", "description": "Delete the saved logtest session corresponding to {token}", "summary": "End session", - "tags": ["Logtest"], + "tags": [ + "Logtest" + ], "args": [ { "name": ":token", @@ -11871,7 +12286,9 @@ "documentation": "https://documentation.wazuh.com/4.8/user-manual/api/reference.html#operation/api.controllers.rootcheck_controller.delete_rootcheck", "description": "Clear an agent's rootcheck database", "summary": "Clear results", - "tags": ["Rootcheck"], + "tags": [ + "Rootcheck" + ], "args": [ { "name": ":agent_id", @@ -11909,7 +12326,9 @@ "documentation": "https://documentation.wazuh.com/4.8/user-manual/api/reference.html#operation/api.controllers.rule_controller.delete_file", "description": "Delete a specified rule file", "summary": "Delete rules file", - "tags": ["Rules"], + "tags": [ + "Rules" + ], "args": [ { "name": ":filename", @@ -11953,7 +12372,9 @@ "documentation": "https://documentation.wazuh.com/4.8/user-manual/api/reference.html#operation/api.controllers.security_controller.delete_security_config", "description": "Replaces the security configuration with the original one", "summary": "Restore default security config", - "tags": ["Security"], + "tags": [ + "Security" + ], "query": [ { "name": "pretty", @@ -11978,7 +12399,9 @@ "documentation": "https://documentation.wazuh.com/4.8/user-manual/api/reference.html#operation/api.controllers.security_controller.remove_policies", "description": "Delete a list of policies or all policies in the system, roles linked to policies are not going to be removed", "summary": "Delete policies", - "tags": ["Security"], + "tags": [ + "Security" + ], "query": [ { "name": "policy_ids", @@ -12016,7 +12439,9 @@ "documentation": "https://documentation.wazuh.com/4.8/user-manual/api/reference.html#operation/api.controllers.security_controller.remove_roles", "description": "Policies linked to roles are not going to be removed", "summary": "Delete roles", - "tags": ["Security"], + "tags": [ + "Security" + ], "query": [ { "name": "pretty", @@ -12054,7 +12479,9 @@ "documentation": "https://documentation.wazuh.com/4.8/user-manual/api/reference.html#operation/api.controllers.security_controller.remove_role_policy", "description": "Delete a specified relation role-policy", "summary": "Remove policies from role", - "tags": ["Security"], + "tags": [ + "Security" + ], "args": [ { "name": ":role_id", @@ -12104,7 +12531,9 @@ "documentation": "https://documentation.wazuh.com/4.8/user-manual/api/reference.html#operation/api.controllers.security_controller.remove_role_rule", "description": "Delete a specific role-rule relation", "summary": "Remove security rules from role", - "tags": ["Security"], + "tags": [ + "Security" + ], "args": [ { "name": ":role_id", @@ -12154,7 +12583,9 @@ "documentation": "https://documentation.wazuh.com/4.8/user-manual/api/reference.html#operation/api.controllers.security_controller.remove_rules", "description": "Delete a list of security rules or all security rules in the system, roles linked to rules are not going to be deleted", "summary": "Delete security rules", - "tags": ["Security"], + "tags": [ + "Security" + ], "query": [ { "name": "pretty", @@ -12192,14 +12623,18 @@ "documentation": "https://documentation.wazuh.com/4.8/user-manual/api/reference.html#operation/api.controllers.security_controller.logout_user", "description": "This method should be called to invalidate all the current user's tokens", "summary": "Logout current user", - "tags": ["Security"] + "tags": [ + "Security" + ] }, { "name": "/security/users", "documentation": "https://documentation.wazuh.com/4.8/user-manual/api/reference.html#operation/api.controllers.security_controller.delete_users", "description": "Delete a list of users by specifying their IDs", "summary": "Delete users", - "tags": ["Security"], + "tags": [ + "Security" + ], "query": [ { "name": "pretty", @@ -12237,7 +12672,9 @@ "documentation": "https://documentation.wazuh.com/4.8/user-manual/api/reference.html#operation/api.controllers.security_controller.remove_user_role", "description": "Delete a specified relation user-roles", "summary": "Remove roles from user", - "tags": ["Security"], + "tags": [ + "Security" + ], "args": [ { "name": ":user_id", @@ -12287,7 +12724,9 @@ "documentation": "https://documentation.wazuh.com/4.8/user-manual/api/reference.html#operation/api.controllers.syscheck_controller.delete_syscheck_agent", "description": "Clear file integrity monitoring scan results for a specified agent. Only available for agents < 3.12.0, it doesn't apply for more recent ones", "summary": "Clear results", - "tags": ["Syscheck"], + "tags": [ + "Syscheck" + ], "args": [ { "name": ":agent_id", @@ -12322,4 +12761,4 @@ } ] } -] +] \ No newline at end of file diff --git a/plugins/main/common/api-info/security-actions.json b/plugins/main/common/api-info/security-actions.json index 418600f6c4..37d13fe040 100644 --- a/plugins/main/common/api-info/security-actions.json +++ b/plugins/main/common/api-info/security-actions.json @@ -1,30 +1,57 @@ { "active-response:command": { "description": "Execute active response commands in the agents", - "resources": ["agent:id", "agent:group"], + "resources": [ + "agent:id", + "agent:group" + ], "example": { - "actions": ["active-response:command"], - "resources": ["agent:id:001", "agent:group:atlantic"], + "actions": [ + "active-response:command" + ], + "resources": [ + "agent:id:001", + "agent:group:atlantic" + ], "effect": "allow" }, - "related_endpoints": ["PUT /active-response"] + "related_endpoints": [ + "PUT /active-response" + ] }, "agent:delete": { "description": "Delete agents", - "resources": ["agent:id", "agent:group"], + "resources": [ + "agent:id", + "agent:group" + ], "example": { - "actions": ["agent:delete"], - "resources": ["agent:id:010", "agent:group:pacific"], + "actions": [ + "agent:delete" + ], + "resources": [ + "agent:id:010", + "agent:group:pacific" + ], "effect": "allow" }, - "related_endpoints": ["DELETE /agents"] + "related_endpoints": [ + "DELETE /agents" + ] }, "agent:read": { "description": "Access agents information (id, name, group, last keep alive, etc)", - "resources": ["agent:id", "agent:group"], + "resources": [ + "agent:id", + "agent:group" + ], "example": { - "actions": ["agent:read"], - "resources": ["agent:id:*"], + "actions": [ + "agent:read" + ], + "resources": [ + "agent:id:*" + ], "effect": "allow" }, "related_endpoints": [ @@ -45,20 +72,38 @@ }, "agent:create": { "description": "Create new agents", - "resources": ["*:*"], + "resources": [ + "*:*" + ], "example": { - "actions": ["agent:create"], - "resources": ["*:*:*"], + "actions": [ + "agent:create" + ], + "resources": [ + "*:*:*" + ], "effect": "allow" }, - "related_endpoints": ["POST /agents", "POST /agents/insert", "POST /agents/insert/quick"] + "related_endpoints": [ + "POST /agents", + "POST /agents/insert", + "POST /agents/insert/quick" + ] }, "agent:modify_group": { "description": "Change the group of agents", - "resources": ["agent:id", "agent:group"], + "resources": [ + "agent:id", + "agent:group" + ], "example": { - "actions": ["agent:modify_group"], - "resources": ["agent:id:004", "agent:group:us-east"], + "actions": [ + "agent:modify_group" + ], + "resources": [ + "agent:id:004", + "agent:group:us-east" + ], "effect": "allow" }, "related_endpoints": [ @@ -71,10 +116,16 @@ }, "group:modify_assignments": { "description": "Change the agents assigned to the group", - "resources": ["group:id"], + "resources": [ + "group:id" + ], "example": { - "actions": ["group:modify_assignments"], - "resources": ["group:id:*"], + "actions": [ + "group:modify_assignments" + ], + "resources": [ + "group:id:*" + ], "effect": "allow" }, "related_endpoints": [ @@ -87,10 +138,18 @@ }, "agent:restart": { "description": "Restart agents", - "resources": ["agent:id", "agent:group"], + "resources": [ + "agent:id", + "agent:group" + ], "example": { - "actions": ["agent:restart"], - "resources": ["agent:id:050", "agent:id:049"], + "actions": [ + "agent:restart" + ], + "resources": [ + "agent:id:050", + "agent:id:049" + ], "effect": "deny" }, "related_endpoints": [ @@ -102,10 +161,18 @@ }, "agent:upgrade": { "description": "Upgrade the version of the agents", - "resources": ["agent:id", "agent:group"], + "resources": [ + "agent:id", + "agent:group" + ], "example": { - "actions": ["agent:upgrade"], - "resources": ["agent:id:001", "agent:group:mediterranean"], + "actions": [ + "agent:upgrade" + ], + "resources": [ + "agent:id:001", + "agent:group:mediterranean" + ], "effect": "allow" }, "related_endpoints": [ @@ -116,20 +183,34 @@ }, "group:delete": { "description": "Delete agent groups", - "resources": ["group:id"], + "resources": [ + "group:id" + ], "example": { - "actions": ["group:delete"], - "resources": ["group:id:*"], + "actions": [ + "group:delete" + ], + "resources": [ + "group:id:*" + ], "effect": "allow" }, - "related_endpoints": ["DELETE /groups"] + "related_endpoints": [ + "DELETE /groups" + ] }, "group:read": { "description": "Access agent groups information (id, name, agents, etc)", - "resources": ["group:id"], + "resources": [ + "group:id" + ], "example": { - "actions": ["group:create"], - "resources": ["group:id:*"], + "actions": [ + "group:create" + ], + "resources": [ + "group:id:*" + ], "effect": "allow" }, "related_endpoints": [ @@ -144,30 +225,53 @@ }, "group:create": { "description": "Create new agent groups", - "resources": ["*:*"], + "resources": [ + "*:*" + ], "example": { - "actions": ["group:create"], - "resources": ["*:*:*"], + "actions": [ + "group:create" + ], + "resources": [ + "*:*:*" + ], "effect": "allow" }, - "related_endpoints": ["POST /groups"] + "related_endpoints": [ + "POST /groups" + ] }, "group:update_config": { "description": "Change the configuration of agent groups", - "resources": ["group:id"], + "resources": [ + "group:id" + ], "example": { - "actions": ["group:update_config"], - "resources": ["group:id:*"], + "actions": [ + "group:update_config" + ], + "resources": [ + "group:id:*" + ], "effect": "deny" }, - "related_endpoints": ["PUT /groups/{group_id}/configuration"] + "related_endpoints": [ + "PUT /groups/{group_id}/configuration" + ] }, "cluster:read": { "description": "Read Wazuh's cluster nodes configuration", - "resources": ["node:id"], + "resources": [ + "node:id" + ], "example": { - "actions": ["cluster:read"], - "resources": ["node:id:worker1", "node:id:worker3"], + "actions": [ + "cluster:read" + ], + "resources": [ + "node:id:worker1", + "node:id:worker3" + ], "effect": "deny" }, "related_endpoints": [ @@ -195,110 +299,207 @@ }, "agent:reconnect": { "description": "Force reconnect agents", - "resources": ["agent:id", "agent:group"], + "resources": [ + "agent:id", + "agent:group" + ], "example": { - "actions": ["agent:reconnect"], - "resources": ["agent:id:050", "agent:id:049"], + "actions": [ + "agent:reconnect" + ], + "resources": [ + "agent:id:050", + "agent:id:049" + ], "effect": "deny" }, - "related_endpoints": ["PUT /agents/reconnect"] + "related_endpoints": [ + "PUT /agents/reconnect" + ] }, "ciscat:read": { "description": "Access CIS-CAT results for agents", - "resources": ["agent:id", "agent:group"], + "resources": [ + "agent:id", + "agent:group" + ], "example": { - "actions": ["ciscat:read"], - "resources": ["agent:id:001", "agent:id:003", "agent:group:default"], + "actions": [ + "ciscat:read" + ], + "resources": [ + "agent:id:001", + "agent:id:003", + "agent:group:default" + ], "effect": "deny" }, - "related_endpoints": ["GET /ciscat/{agent_id}/results", "GET /experimental/ciscat/results"] + "related_endpoints": [ + "GET /ciscat/{agent_id}/results", + "GET /experimental/ciscat/results" + ] }, "cluster:status": { "description": "Check Wazuh's cluster general status", - "resources": ["*:*"], + "resources": [ + "*:*" + ], "example": { - "actions": ["cluster:status"], - "resources": ["*:*:*"], + "actions": [ + "cluster:status" + ], + "resources": [ + "*:*:*" + ], "effect": "allow" }, - "related_endpoints": ["GET /cluster/status"] + "related_endpoints": [ + "GET /cluster/status" + ] }, "cluster:read_api_config": { "description": "Check Wazuh's cluster nodes API configuration", - "resources": ["*:*"], + "resources": [ + "*:*" + ], "example": { - "actions": ["cluster:read_api_config"], - "resources": ["node:id:worker1", "node:id:worker3"], + "actions": [ + "cluster:read_api_config" + ], + "resources": [ + "node:id:worker1", + "node:id:worker3" + ], "effect": "allow" }, - "related_endpoints": ["GET /cluster/api/config"] + "related_endpoints": [ + "GET /cluster/api/config" + ] }, "cluster:update_config": { "description": "Change the Wazuh's cluster node configuration", - "resources": ["node:id"], + "resources": [ + "node:id" + ], "example": { - "actions": ["cluster:update_config"], - "resources": ["node:id:worker1"], + "actions": [ + "cluster:update_config" + ], + "resources": [ + "node:id:worker1" + ], "effect": "allow" }, - "related_endpoints": ["PUT /cluster/{node_id}/configuration"] + "related_endpoints": [ + "PUT /cluster/{node_id}/configuration" + ] }, "cluster:restart": { "description": "Restart Wazuh's cluster nodes", - "resources": ["node:id"], + "resources": [ + "node:id" + ], "example": { - "actions": ["cluster:restart"], - "resources": ["node:id:worker1"], + "actions": [ + "cluster:restart" + ], + "resources": [ + "node:id:worker1" + ], "effect": "allow" }, - "related_endpoints": ["PUT /cluster/restart"] + "related_endpoints": [ + "PUT /cluster/restart" + ] }, "lists:read": { "description": "Read cdb lists files", - "resources": ["list:file"], + "resources": [ + "list:file" + ], "example": { - "actions": ["lists:read"], - "resources": ["list:file:audit-keys"], + "actions": [ + "lists:read" + ], + "resources": [ + "list:file:audit-keys" + ], "effect": "deny" }, - "related_endpoints": ["GET /lists", "GET /lists/files/{filename}", "GET /lists/files"] + "related_endpoints": [ + "GET /lists", + "GET /lists/files/{filename}", + "GET /lists/files" + ] }, "lists:update": { "description": "Update or upload cdb lists files", - "resources": ["*:*"], + "resources": [ + "*:*" + ], "example": { - "actions": ["lists:update"], - "resources": ["*:*:*"], + "actions": [ + "lists:update" + ], + "resources": [ + "*:*:*" + ], "effect": "allow" }, - "related_endpoints": ["PUT /lists/files/{filename}"] + "related_endpoints": [ + "PUT /lists/files/{filename}" + ] }, "lists:delete": { "description": "Delete cdb lists files", - "resources": ["list:file"], + "resources": [ + "list:file" + ], "example": { - "actions": ["lists:delete"], - "resources": ["list:file:audit-keys"], + "actions": [ + "lists:delete" + ], + "resources": [ + "list:file:audit-keys" + ], "effect": "deny" }, - "related_endpoints": ["PUT /lists/files/{filename}", "DELETE /lists/files/{filename}"] + "related_endpoints": [ + "PUT /lists/files/{filename}", + "DELETE /lists/files/{filename}" + ] }, "logtest:run": { "description": "Run logtest tool or end a logtest session", - "resources": ["*:*"], + "resources": [ + "*:*" + ], "example": { - "actions": ["logtest:run"], - "resources": ["*:*:*"], + "actions": [ + "logtest:run" + ], + "resources": [ + "*:*:*" + ], "effect": "allow" }, - "related_endpoints": ["PUT /logtest", "DELETE /logtest/sessions/{token}"] + "related_endpoints": [ + "PUT /logtest", + "DELETE /logtest/sessions/{token}" + ] }, "manager:read": { "description": "Read Wazuh manager configuration", - "resources": ["*:*"], + "resources": [ + "*:*" + ], "example": { - "actions": ["manager:read"], - "resources": ["*:*:*"], + "actions": [ + "manager:read" + ], + "resources": [ + "*:*:*" + ], "effect": "allow" }, "related_endpoints": [ @@ -315,46 +516,75 @@ "GET /manager/logs/summary", "PUT /manager/restart", "GET /manager/configuration/validation", - "GET /manager/configuration/{component}/{configuration}", - "GET /manager/version/check" + "GET /manager/configuration/{component}/{configuration}" ] }, "manager:update_config": { "description": "Update current Wazuh manager configuration", - "resources": ["*:*"], + "resources": [ + "*:*" + ], "example": { - "actions": ["manager:update_config"], - "resources": ["*:*:*"], + "actions": [ + "manager:update_config" + ], + "resources": [ + "*:*:*" + ], "effect": "allow" }, - "related_endpoints": ["PUT /manager/configuration"] + "related_endpoints": [ + "PUT /manager/configuration" + ] }, "manager:read_api_config": { "description": "Read Wazuh manager API configuration", - "resources": ["*:*"], + "resources": [ + "*:*" + ], "example": { - "actions": ["manager:read_api_config"], - "resources": ["*:*:*"], + "actions": [ + "manager:read_api_config" + ], + "resources": [ + "*:*:*" + ], "effect": "allow" }, - "related_endpoints": ["GET /manager/api/config"] + "related_endpoints": [ + "GET /manager/api/config" + ] }, "manager:restart": { "description": "Restart Wazuh managers", - "resources": ["*:*"], + "resources": [ + "*:*" + ], "example": { - "actions": ["manager:restart"], - "resources": ["*:*:*"], + "actions": [ + "manager:restart" + ], + "resources": [ + "*:*:*" + ], "effect": "deny" }, - "related_endpoints": ["PUT /manager/restart"] + "related_endpoints": [ + "PUT /manager/restart" + ] }, "mitre:read": { "description": "Access information from MITRE database", - "resources": ["*:*"], + "resources": [ + "*:*" + ], "example": { - "actions": ["mitre:read"], - "resources": ["*:*:*"], + "actions": [ + "mitre:read" + ], + "resources": [ + "*:*:*" + ], "effect": "allow" }, "related_endpoints": [ @@ -369,40 +599,75 @@ }, "rootcheck:run": { "description": "Run agents rootcheck scan", - "resources": ["agent:id", "agent:group"], + "resources": [ + "agent:id", + "agent:group" + ], "example": { - "actions": ["rootcheck:run"], - "resources": ["agent:id:*"], + "actions": [ + "rootcheck:run" + ], + "resources": [ + "agent:id:*" + ], "effect": "allow" }, - "related_endpoints": ["PUT /rootcheck"] + "related_endpoints": [ + "PUT /rootcheck" + ] }, "rootcheck:read": { "description": "Access information from agents rootcheck database", - "resources": ["agent:id", "agent:group"], + "resources": [ + "agent:id", + "agent:group" + ], "example": { - "actions": ["rootcheck:read"], - "resources": ["agent:id:011"], + "actions": [ + "rootcheck:read" + ], + "resources": [ + "agent:id:011" + ], "effect": "allow" }, - "related_endpoints": ["GET /rootcheck/{agent_id}", "GET /rootcheck/{agent_id}/last_scan"] + "related_endpoints": [ + "GET /rootcheck/{agent_id}", + "GET /rootcheck/{agent_id}/last_scan" + ] }, "rootcheck:clear": { "description": "Clear the agents rootcheck database", - "resources": ["agent:id", "agent:group"], + "resources": [ + "agent:id", + "agent:group" + ], "example": { - "actions": ["rootcheck:clear"], - "resources": ["agent:id:*"], + "actions": [ + "rootcheck:clear" + ], + "resources": [ + "agent:id:*" + ], "effect": "deny" }, - "related_endpoints": ["DELETE /rootcheck/{agent_id}", "DELETE /experimental/rootcheck"] + "related_endpoints": [ + "DELETE /rootcheck/{agent_id}", + "DELETE /experimental/rootcheck" + ] }, "rules:read": { "description": "Read rules files", - "resources": ["rule:file"], + "resources": [ + "rule:file" + ], "example": { - "actions": ["rules:read"], - "resources": ["rule:file:0610-win-ms_logs_rules.xml"], + "actions": [ + "rules:read" + ], + "resources": [ + "rule:file:0610-win-ms_logs_rules.xml" + ], "effect": "allow" }, "related_endpoints": [ @@ -415,70 +680,133 @@ }, "rules:update": { "description": "Update or upload custom rule files", - "resources": ["*:*"], + "resources": [ + "*:*" + ], "example": { - "actions": ["rules:update"], - "resources": ["*:*:*"], + "actions": [ + "rules:update" + ], + "resources": [ + "*:*:*" + ], "effect": "allow" }, - "related_endpoints": ["PUT /rules/files/{filename}"] + "related_endpoints": [ + "PUT /rules/files/{filename}" + ] }, "rules:delete": { "description": "Delete custom rule files", - "resources": ["rule:file"], + "resources": [ + "rule:file" + ], "example": { - "actions": ["rules:delete"], - "resources": ["rule:file:0610-win-ms_logs_rules.xml"], + "actions": [ + "rules:delete" + ], + "resources": [ + "rule:file:0610-win-ms_logs_rules.xml" + ], "effect": "allow" }, - "related_endpoints": ["PUT /rules/files/{filename}", "DELETE /rules/files/{filename}"] + "related_endpoints": [ + "PUT /rules/files/{filename}", + "DELETE /rules/files/{filename}" + ] }, "sca:read": { "description": "Access agents security configuration assessment", - "resources": ["agent:id", "agent:group"], + "resources": [ + "agent:id", + "agent:group" + ], "example": { - "actions": ["sca:read"], - "resources": ["agent:id:*"], + "actions": [ + "sca:read" + ], + "resources": [ + "agent:id:*" + ], "effect": "allow" }, - "related_endpoints": ["GET /sca/{agent_id}", "GET /sca/{agent_id}/checks/{policy_id}"] + "related_endpoints": [ + "GET /sca/{agent_id}", + "GET /sca/{agent_id}/checks/{policy_id}" + ] }, "syscheck:run": { "description": "Run agents syscheck scan", - "resources": ["agent:id", "agent:group"], + "resources": [ + "agent:id", + "agent:group" + ], "example": { - "actions": ["syscheck:run"], - "resources": ["agent:id:*"], + "actions": [ + "syscheck:run" + ], + "resources": [ + "agent:id:*" + ], "effect": "allow" }, - "related_endpoints": ["PUT /syscheck"] + "related_endpoints": [ + "PUT /syscheck" + ] }, "syscheck:read": { "description": "Access information from agents syscheck database", - "resources": ["agent:id", "agent:group"], + "resources": [ + "agent:id", + "agent:group" + ], "example": { - "actions": ["syscheck:read"], - "resources": ["agent:id:011", "agent:group:us-west"], + "actions": [ + "syscheck:read" + ], + "resources": [ + "agent:id:011", + "agent:group:us-west" + ], "effect": "allow" }, - "related_endpoints": ["GET /syscheck/{agent_id}", "GET /syscheck/{agent_id}/last_scan"] + "related_endpoints": [ + "GET /syscheck/{agent_id}", + "GET /syscheck/{agent_id}/last_scan" + ] }, "syscheck:clear": { "description": "Clear the agents syscheck database", - "resources": ["agent:id", "agent:group"], + "resources": [ + "agent:id", + "agent:group" + ], "example": { - "actions": ["syscheck:clear"], - "resources": ["agent:id:*"], + "actions": [ + "syscheck:clear" + ], + "resources": [ + "agent:id:*" + ], "effect": "deny" }, - "related_endpoints": ["DELETE /syscheck/{agent_id}", "DELETE /experimental/syscheck"] + "related_endpoints": [ + "DELETE /syscheck/{agent_id}", + "DELETE /experimental/syscheck" + ] }, "decoders:read": { "description": "Read decoders files", - "resources": ["decoder:file"], + "resources": [ + "decoder:file" + ], "example": { - "actions": ["decoders:read"], - "resources": ["decoder:file:*"], + "actions": [ + "decoders:read" + ], + "resources": [ + "decoder:file:*" + ], "effect": "allow" }, "related_endpoints": [ @@ -490,30 +818,54 @@ }, "decoders:update": { "description": "Update or upload custom decoder files", - "resources": ["*:*"], + "resources": [ + "*:*" + ], "example": { - "actions": ["decoders:update"], - "resources": ["*:*:*"], + "actions": [ + "decoders:update" + ], + "resources": [ + "*:*:*" + ], "effect": "allow" }, - "related_endpoints": ["PUT /decoders/files/{filename}"] + "related_endpoints": [ + "PUT /decoders/files/{filename}" + ] }, "decoders:delete": { "description": "Delete custom decoder files", - "resources": ["decoder:file"], + "resources": [ + "decoder:file" + ], "example": { - "actions": ["decoders:delete"], - "resources": ["decoder:file:local_decoder.xml"], + "actions": [ + "decoders:delete" + ], + "resources": [ + "decoder:file:local_decoder.xml" + ], "effect": "allow" }, - "related_endpoints": ["PUT /decoders/files/{filename}", "DELETE /decoders/files/{filename}"] + "related_endpoints": [ + "PUT /decoders/files/{filename}", + "DELETE /decoders/files/{filename}" + ] }, "syscollector:read": { "description": "Access agents syscollector information", - "resources": ["agent:id", "agent:group"], + "resources": [ + "agent:id", + "agent:group" + ], "example": { - "actions": ["syscollector:read"], - "resources": ["agent:id:*"], + "actions": [ + "syscollector:read" + ], + "resources": [ + "agent:id:*" + ], "effect": "allow" }, "related_endpoints": [ @@ -539,20 +891,40 @@ }, "security:edit_run_as": { "description": "Change the value of the allow_run_as flag for a user", - "resources": ["*:*"], + "resources": [ + "*:*" + ], "example": { - "actions": ["security:edit_run_as"], - "resources": ["*:*:*"], + "actions": [ + "security:edit_run_as" + ], + "resources": [ + "*:*:*" + ], "effect": "allow" }, - "related_endpoints": ["PUT /security/users/{user_id}/run_as"] + "related_endpoints": [ + "PUT /security/users/{user_id}/run_as" + ] }, "security:read": { "description": "Access information about system security resources", - "resources": ["policy:id", "role:id", "user:id", "rule:id"], + "resources": [ + "policy:id", + "role:id", + "user:id", + "rule:id" + ], "example": { - "actions": ["security:read"], - "resources": ["policy:id:*", "role:id:2", "user:id:5", "rule:id:3"], + "actions": [ + "security:read" + ], + "resources": [ + "policy:id:*", + "role:id:2", + "user:id:5", + "rule:id:3" + ], "effect": "allow" }, "related_endpoints": [ @@ -564,20 +936,40 @@ }, "security:create_user": { "description": "Create new system users", - "resources": ["*:*"], + "resources": [ + "*:*" + ], "example": { - "actions": ["security:create_user"], - "resources": ["*:*:*"], + "actions": [ + "security:create_user" + ], + "resources": [ + "*:*:*" + ], "effect": "allow" }, - "related_endpoints": ["POST /security/users"] + "related_endpoints": [ + "POST /security/users" + ] }, "security:delete": { "description": "Delete system security resources", - "resources": ["policy:id", "role:id", "user:id", "rule:id"], + "resources": [ + "policy:id", + "role:id", + "user:id", + "rule:id" + ], "example": { - "actions": ["security:update"], - "resources": ["policy:id:*", "role:id:3", "user:id:4", "rule:id:2"], + "actions": [ + "security:update" + ], + "resources": [ + "policy:id:*", + "role:id:3", + "user:id:4", + "rule:id:2" + ], "effect": "deny" }, "related_endpoints": [ @@ -592,10 +984,22 @@ }, "security:update": { "description": "Update the information of system security resources", - "resources": ["policy:id", "role:id", "user:id", "rule:id"], + "resources": [ + "policy:id", + "role:id", + "user:id", + "rule:id" + ], "example": { - "actions": ["security:update"], - "resources": ["policy:id:*", "role:id:4", "user:id:3", "rule:id:4"], + "actions": [ + "security:update" + ], + "resources": [ + "policy:id:*", + "role:id:4", + "user:id:3", + "rule:id:4" + ], "effect": "deny" }, "related_endpoints": [ @@ -610,60 +1014,111 @@ }, "security:create": { "description": "Create new system security resources", - "resources": ["*:*"], + "resources": [ + "*:*" + ], "example": { - "actions": ["security:create"], - "resources": ["*:*:*"], + "actions": [ + "security:create" + ], + "resources": [ + "*:*:*" + ], "effect": "deny" }, - "related_endpoints": ["POST /security/roles", "POST /security/rules", "POST /security/policies"] + "related_endpoints": [ + "POST /security/roles", + "POST /security/rules", + "POST /security/policies" + ] }, "security:read_config": { "description": "Read current system security configuration", - "resources": ["*:*"], + "resources": [ + "*:*" + ], "example": { - "actions": ["security:read_config"], - "resources": ["*:*:*"], + "actions": [ + "security:read_config" + ], + "resources": [ + "*:*:*" + ], "effect": "allow" }, - "related_endpoints": ["GET /security/config"] + "related_endpoints": [ + "GET /security/config" + ] }, "security:update_config": { "description": "Update current system security configuration", - "resources": ["*:*"], + "resources": [ + "*:*" + ], "example": { - "actions": ["security:update_config"], - "resources": ["*:*:*"], + "actions": [ + "security:update_config" + ], + "resources": [ + "*:*:*" + ], "effect": "allow" }, - "related_endpoints": ["PUT /security/config", "DELETE /security/config"] + "related_endpoints": [ + "PUT /security/config", + "DELETE /security/config" + ] }, "task:status": { "description": "Access task's status information", - "resources": ["*:*"], + "resources": [ + "*:*" + ], "example": { - "actions": ["task:status"], - "resources": ["*:*:*"], + "actions": [ + "task:status" + ], + "resources": [ + "*:*:*" + ], "effect": "deny" }, - "related_endpoints": ["GET /tasks/status"] + "related_endpoints": [ + "GET /tasks/status" + ] }, "vulnerability:run": { "description": "Allow running a vulnerability detector scan", - "resources": ["*:*"], + "resources": [ + "*:*" + ], "example": { - "actions": ["vulnerability:run"], - "resources": ["*:*:*"], + "actions": [ + "vulnerability:run" + ], + "resources": [ + "*:*:*" + ], "effect": "allow" }, - "related_endpoints": ["PUT /vulnerability"] + "related_endpoints": [ + "PUT /vulnerability" + ] }, "vulnerability:read": { "description": "Allow reading agents' vulnerabilities information", - "resources": ["agent:id", "agent:group"], + "resources": [ + "agent:id", + "agent:group" + ], "example": { - "actions": ["vulnerability:read"], - "resources": ["agent:id:011", "agent:group:us-west"], + "actions": [ + "vulnerability:read" + ], + "resources": [ + "agent:id:011", + "agent:group:us-west" + ], "effect": "allow" }, "related_endpoints": [ @@ -690,4 +1145,4 @@ "POST /events" ] } -} +} \ No newline at end of file diff --git a/plugins/main/opensearch_dashboards.json b/plugins/main/opensearch_dashboards.json index 874d4fda2d..886fbf6eb1 100644 --- a/plugins/main/opensearch_dashboards.json +++ b/plugins/main/opensearch_dashboards.json @@ -1,6 +1,6 @@ { "id": "wazuh", - "version": "4.8.0-00", + "version": "4.8.0-01", "opensearchDashboardsVersion": "opensearchDashboards", "configPath": [ "wazuh" diff --git a/plugins/main/package.json b/plugins/main/package.json index 12693996bc..ff233af8a3 100644 --- a/plugins/main/package.json +++ b/plugins/main/package.json @@ -1,7 +1,7 @@ { "name": "wazuh", "version": "4.8.0", - "revision": "00", + "revision": "01", "pluginPlatform": { "version": "2.10.0" }, diff --git a/plugins/wazuh-check-updates/opensearch_dashboards.json b/plugins/wazuh-check-updates/opensearch_dashboards.json index fc816ab6d5..b8e34cc705 100644 --- a/plugins/wazuh-check-updates/opensearch_dashboards.json +++ b/plugins/wazuh-check-updates/opensearch_dashboards.json @@ -1,6 +1,6 @@ { "id": "wazuhCheckUpdates", - "version": "4.8.0-00", + "version": "4.8.0-01", "opensearchDashboardsVersion": "opensearchDashboards", "server": true, "ui": true, diff --git a/plugins/wazuh-check-updates/package.json b/plugins/wazuh-check-updates/package.json index b6655d602a..69347520e8 100644 --- a/plugins/wazuh-check-updates/package.json +++ b/plugins/wazuh-check-updates/package.json @@ -1,7 +1,7 @@ { "name": "wazuh-check-updates", "version": "4.8.0", - "revision": "00", + "revision": "01", "pluginPlatform": { "version": "2.10.0" }, diff --git a/plugins/wazuh-core/opensearch_dashboards.json b/plugins/wazuh-core/opensearch_dashboards.json index 33b39ce69f..8bdf3047b9 100644 --- a/plugins/wazuh-core/opensearch_dashboards.json +++ b/plugins/wazuh-core/opensearch_dashboards.json @@ -1,6 +1,6 @@ { "id": "wazuhCore", - "version": "4.8.0-00", + "version": "4.8.0-01", "opensearchDashboardsVersion": "opensearchDashboards", "server": true, "ui": true, diff --git a/plugins/wazuh-core/package.json b/plugins/wazuh-core/package.json index 29db1c64c6..b338e75d6a 100644 --- a/plugins/wazuh-core/package.json +++ b/plugins/wazuh-core/package.json @@ -1,7 +1,7 @@ { "name": "wazuh-core", "version": "4.8.0", - "revision": "00", + "revision": "01", "pluginPlatform": { "version": "2.10.0" }, From e0ed9107bdf775d6e67edddd7f37e603b7214f35 Mon Sep 17 00:00:00 2001 From: Nicolas Agustin Guevara Pihen <42900763+Tostti@users.noreply.github.com> Date: Thu, 7 Dec 2023 15:59:37 -0300 Subject: [PATCH 16/26] Bump revision 02 for 4.7.1-RC2 (#6200) Bump revision 02 --- CHANGELOG.md | 2 +- plugins/main/opensearch_dashboards.json | 8 +++++--- plugins/main/package.json | 4 ++-- 3 files changed, 8 insertions(+), 6 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 93bd6fa6a3..09168716cc 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,7 +2,7 @@ All notable changes to the Wazuh app project will be documented in this file. -## Wazuh v4.7.1 - OpenSearch Dashboards 2.8.0 - Revision 01 +## Wazuh v4.7.1 - OpenSearch Dashboards 2.8.0 - Revision 02 ### Added diff --git a/plugins/main/opensearch_dashboards.json b/plugins/main/opensearch_dashboards.json index 42d86d7b09..6ec5775a2a 100644 --- a/plugins/main/opensearch_dashboards.json +++ b/plugins/main/opensearch_dashboards.json @@ -1,8 +1,10 @@ { "id": "wazuh", - "version": "4.7.1-01", + "version": "4.7.1-02", "opensearchDashboardsVersion": "opensearchDashboards", - "configPath": ["wazuh"], + "configPath": [ + "wazuh" + ], "requiredPlugins": [ "navigation", "data", @@ -24,4 +26,4 @@ ], "server": true, "ui": true -} +} \ No newline at end of file diff --git a/plugins/main/package.json b/plugins/main/package.json index c6b8e68e7e..0897f8c945 100644 --- a/plugins/main/package.json +++ b/plugins/main/package.json @@ -1,7 +1,7 @@ { "name": "wazuh", "version": "4.7.1", - "revision": "01", + "revision": "02", "pluginPlatform": { "version": "2.8.0" }, @@ -83,4 +83,4 @@ "redux-mock-store": "^1.5.4", "swagger-client": "^3.19.11" } -} +} \ No newline at end of file From 38a58b947ec4b9a38fc3d11d7fe94a7e7fde6a92 Mon Sep 17 00:00:00 2001 From: Luciano Gorza <103193307+lucianogorza@users.noreply.github.com> Date: Mon, 11 Dec 2023 09:56:49 -0300 Subject: [PATCH 17/26] Improve Agents preview page load when there are no agents (#6185) * Improve Agents preview page load when there are no agents * Update CHANGELOG * Update breadcrumb on RegisterAgent * Fix Agent preview component * Refresh stats on refresh button * Fix agent preview component to allow refresh all data * Fix CHANGELOG and className prop --- CHANGELOG.md | 4 ++++ .../controllers/agent/components/agents-preview.js | 14 ++++++++++++++ .../public/templates/agents-prev/agents-prev.html | 2 +- 3 files changed, 19 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 2fec9196d7..e28398fb5d 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -8,6 +8,10 @@ All notable changes to the Wazuh app project will be documented in this file. - Support for Wazuh 4.7.2 +### Fixed + +- Fixed Agents preview page load when there are no registered agents [#6185](https://github.com/wazuh/wazuh-dashboard-plugins/pull/6185) + ## Wazuh v4.7.1 - OpenSearch Dashboards 2.8.0 - Revision 01 ### Added diff --git a/plugins/main/public/controllers/agent/components/agents-preview.js b/plugins/main/public/controllers/agent/components/agents-preview.js index ef052c0745..d9a7dbd0ba 100644 --- a/plugins/main/public/controllers/agent/components/agents-preview.js +++ b/plugins/main/public/controllers/agent/components/agents-preview.js @@ -23,6 +23,7 @@ import { EuiToolTip, EuiCard, EuiLink, + EuiProgress, } from '@elastic/eui'; import { AgentsTable } from './agents-table'; import { WzRequest } from '../../../react-services/wz-request'; @@ -219,6 +220,19 @@ export const AgentsPreview = compose( render() { const evolutionIsReady = this.props.resultState !== 'loading'; + //This condition is because the angular template and the controller have a small delay to show the register agent component when there are no agents + //This condition must be removed when the controller is removed + if ( + !this.state.agentStatusSummary.total || + this.state.agentStatusSummary.total === '-' + ) { + return ( +
+ +
+ ); + } + return ( diff --git a/plugins/main/public/templates/agents-prev/agents-prev.html b/plugins/main/public/templates/agents-prev/agents-prev.html index 573720fea4..a62bbe07ef 100644 --- a/plugins/main/public/templates/agents-prev/agents-prev.html +++ b/plugins/main/public/templates/agents-prev/agents-prev.html @@ -59,7 +59,7 @@ layout="column" layout-align="start space-around" > -
+
Date: Mon, 11 Dec 2023 14:02:18 +0100 Subject: [PATCH 18/26] Add hostname board serial fields to agent inventory (#6191) * Add hostname and board_serial to agent inventory * Remove Camelcase from Board Serial * test snap fixed * Fix format * Added snaps and changelod * Edit hostname to host name in dashboard and changelog --- CHANGELOG.md | 1 + .../__snapshots__/inventory.test.tsx.snap | 78 ++++++++++++++++++- .../components/syscollector-metrics.tsx | 26 ++++++- 3 files changed, 101 insertions(+), 4 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index e28398fb5d..83a69ecb03 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -7,6 +7,7 @@ All notable changes to the Wazuh app project will be documented in this file. ### Added - Support for Wazuh 4.7.2 +- Added host name and board serial information to Agents > Inventory data [#6191](https://github.com/wazuh/wazuh-dashboard-plugins/pull/6191) ### Fixed diff --git a/plugins/main/public/components/agents/syscollector/__snapshots__/inventory.test.tsx.snap b/plugins/main/public/components/agents/syscollector/__snapshots__/inventory.test.tsx.snap index 539eeb3f55..d34d24e8f6 100644 --- a/plugins/main/public/components/agents/syscollector/__snapshots__/inventory.test.tsx.snap +++ b/plugins/main/public/components/agents/syscollector/__snapshots__/inventory.test.tsx.snap @@ -67,7 +67,7 @@ exports[`Inventory component A Apple agent should be well rendered. 1`] = `
+
+
+ Host name: + +
+
+
+
+ Board serial: + +
+
@@ -2096,7 +2120,7 @@ exports[`Inventory component A Linux agent should be well rendered. 1`] = `
+
+
+ Host name: + +
+
+
+
+ Board serial: + +
+
@@ -4199,7 +4247,7 @@ exports[`Inventory component A Windows agent should be well rendered. 1`] = `
+
+
+ Host name: + +
+
+
+
+ Board serial: + +
+
diff --git a/plugins/main/public/components/agents/syscollector/components/syscollector-metrics.tsx b/plugins/main/public/components/agents/syscollector/components/syscollector-metrics.tsx index 449f823dbc..bdd08b5322 100644 --- a/plugins/main/public/components/agents/syscollector/components/syscollector-metrics.tsx +++ b/plugins/main/public/components/agents/syscollector/components/syscollector-metrics.tsx @@ -93,7 +93,7 @@ export function InventoryMetrics({ agent }) { )} - + CPU:{' '} {syscollector.isLoading ? ( @@ -105,6 +105,30 @@ export function InventoryMetrics({ agent }) { )} + + + Host name:{' '} + {syscollector.isLoading ? ( + + ) : syscollector.data.os.hostname ? ( + {syscollector.data.os.hostname} + ) : ( + - + )} + + + + + Board serial:{' '} + {syscollector.isLoading ? ( + + ) : syscollector.data.hardware.board_serial ? ( + {syscollector.data.hardware.board_serial} + ) : ( + - + )} + + Last scan:{' '} From bc56ba904a7b67ad43a151419d25475230d9a328 Mon Sep 17 00:00:00 2001 From: Federico Rodriguez Date: Wed, 13 Dec 2023 11:55:13 +0100 Subject: [PATCH 19/26] Change the endpoint to get Wazuh manager auth configuration (#6206) * Change the auth configuration endpoint request * Add changelog --- CHANGELOG.md | 1 + .../security/policies/create-policy.tsx | 72 ++++++++++--------- .../security/policies/edit-policy.tsx | 72 ++++++++++--------- .../security/policies/policies-table.tsx | 2 +- .../register-agent/register-agent.tsx | 39 ++++------ .../services/register-agent-services.tsx | 48 +++++++++---- 6 files changed, 127 insertions(+), 107 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 83a69ecb03..4d2a06e2cc 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -12,6 +12,7 @@ All notable changes to the Wazuh app project will be documented in this file. ### Fixed - Fixed Agents preview page load when there are no registered agents [#6185](https://github.com/wazuh/wazuh-dashboard-plugins/pull/6185) +- Fixed the endpoint to get Wazuh server auth configuration [#6206](https://github.com/wazuh/wazuh-dashboard-plugins/pull/6206) ## Wazuh v4.7.1 - OpenSearch Dashboards 2.8.0 - Revision 01 diff --git a/plugins/main/public/components/security/policies/create-policy.tsx b/plugins/main/public/components/security/policies/create-policy.tsx index 2bf87b539c..58fc60a897 100644 --- a/plugins/main/public/components/security/policies/create-policy.tsx +++ b/plugins/main/public/components/security/policies/create-policy.tsx @@ -110,23 +110,25 @@ export const CreatePolicyFlyout = ({ closeFlyout }) => { const actionsData = actionsRequest?.data?.data || {}; setAvailableActions(actionsData); - const actions = Object.keys(actionsData).map((x, idx) => { - return { - id: idx, - value: x, - inputDisplay: x, - dropdownDisplay: ( - <> - {x} - -

- {actionsData[x].description} -

- - - ), - }; - }); + const actions = Object.keys(actionsData) + .map((x, idx) => { + return { + id: idx, + value: x, + inputDisplay: x, + dropdownDisplay: ( + <> + {x} + +

+ {actionsData[x].description} +

+ + + ), + }; + }) + .sort((a, b) => a.value.localeCompare(b.value)); setActions(actions); } @@ -137,23 +139,25 @@ export const CreatePolicyFlyout = ({ closeFlyout }) => { allResources = allResources.concat(res); }); const allResourcesSet = new Set(allResources); - const resources = Array.from(allResourcesSet).map((x, idx) => { - return { - id: idx, - value: x, - inputDisplay: x, - dropdownDisplay: ( - <> - {x} - -

- {availableResources[x].description} -

- - - ), - }; - }); + const resources = Array.from(allResourcesSet) + .map((x, idx) => { + return { + id: idx, + value: x, + inputDisplay: x, + dropdownDisplay: ( + <> + {x} + +

+ {availableResources[x].description} +

+ + + ), + }; + }) + .sort((a, b) => a.value.localeCompare(b.value)); setResources(resources); }; diff --git a/plugins/main/public/components/security/policies/edit-policy.tsx b/plugins/main/public/components/security/policies/edit-policy.tsx index b2935bb611..17485f96d3 100644 --- a/plugins/main/public/components/security/policies/edit-policy.tsx +++ b/plugins/main/public/components/security/policies/edit-policy.tsx @@ -112,23 +112,25 @@ export const EditPolicyFlyout = ({ policy, closeFlyout }) => { const actionsData = actionsRequest?.data?.data || {}; setAvailableActions(actionsData); - const actions = Object.keys(actionsData).map((x, idx) => { - return { - id: idx, - value: x, - inputDisplay: x, - dropdownDisplay: ( - <> - {x} - -

- {actionsData[x].description} -

- - - ), - }; - }); + const actions = Object.keys(actionsData) + .map((x, idx) => { + return { + id: idx, + value: x, + inputDisplay: x, + dropdownDisplay: ( + <> + {x} + +

+ {actionsData[x].description} +

+ + + ), + }; + }) + .sort((a, b) => a.value.localeCompare(b.value)); setActions(actions); } @@ -139,23 +141,25 @@ export const EditPolicyFlyout = ({ policy, closeFlyout }) => { allResources = allResources.concat(res); }); const allResourcesSet = new Set(allResources); - const resources = Array.from(allResourcesSet).map((x, idx) => { - return { - id: idx, - value: x, - inputDisplay: x, - dropdownDisplay: ( - <> - {x} - -

- {(availableResources[x] || {}).description} -

- - - ), - }; - }); + const resources = Array.from(allResourcesSet) + .map((x, idx) => { + return { + id: idx, + value: x, + inputDisplay: x, + dropdownDisplay: ( + <> + {x} + +

+ {(availableResources[x] || {}).description} +

+ + + ), + }; + }) + .sort((a, b) => a.value.localeCompare(b.value)); setResources(resources); }; diff --git a/plugins/main/public/components/security/policies/policies-table.tsx b/plugins/main/public/components/security/policies/policies-table.tsx index 866d0a34d0..4e2d9b376d 100644 --- a/plugins/main/public/components/security/policies/policies-table.tsx +++ b/plugins/main/public/components/security/policies/policies-table.tsx @@ -87,7 +87,7 @@ export const PoliciesTable = ({ name: 'Actions', sortable: true, render: actions => { - return (actions || []).join(', '); + return (actions || []).sort((a, b) => a.localeCompare(b)).join(', '); }, truncateText: true, }, diff --git a/plugins/main/public/controllers/register-agent/containers/register-agent/register-agent.tsx b/plugins/main/public/controllers/register-agent/containers/register-agent/register-agent.tsx index 8ae23213cd..7d110bfa2d 100644 --- a/plugins/main/public/controllers/register-agent/containers/register-agent/register-agent.tsx +++ b/plugins/main/public/controllers/register-agent/containers/register-agent/register-agent.tsx @@ -11,15 +11,17 @@ import { EuiProgress, EuiButton, } from '@elastic/eui'; -import { WzRequest } from '../../../../react-services/wz-request'; + import { UI_LOGGER_LEVELS } from '../../../../../common/constants'; import { UI_ERROR_SEVERITIES } from '../../../../react-services/error-orchestrator/types'; import { ErrorHandler } from '../../../../react-services/error-management'; -import { getMasterRemoteConfiguration } from '../../../agent/components/register-agent-service'; import './register-agent.scss'; import { Steps } from '../steps/steps'; import { InputForm } from '../../../../components/common/form'; -import { getGroups } from '../../services/register-agent-services'; +import { + getGroups, + getMasterConfiguration, +} from '../../services/register-agent-services'; import { useForm } from '../../../../components/common/form/hooks'; import { FormConfiguration } from '../../../../components/common/form/types'; import { useSelector } from 'react-redux'; @@ -93,39 +95,26 @@ export const RegisterAgent = withReduxProvider( const form = useForm(initialFields); - const getRemoteConfig = async () => { - const remoteConfig = await getMasterRemoteConfiguration(); - if (remoteConfig) { - setHaveUdpProtocol(remoteConfig.isUdp); - } - }; - - const getAuthInfo = async () => { - try { - const result = await WzRequest.apiReq( - 'GET', - '/agents/000/config/auth/auth', - {}, - ); - return (result.data || {}).data || {}; - } catch (error) { - ErrorHandler.handleError(error); + const getMasterConfig = async () => { + const masterConfig = await getMasterConfiguration(); + if (masterConfig?.remote) { + setHaveUdpProtocol(masterConfig.remote.isUdp); } + return masterConfig; }; useEffect(() => { const fetchData = async () => { try { const wazuhVersion = await getWazuhVersion(); - await getRemoteConfig(); - const authInfo = await getAuthInfo(); + const { auth: authConfig } = await getMasterConfig(); // get wazuh password configuration let wazuhPassword = ''; - const needsPassword = (authInfo.auth || {}).use_password === 'yes'; + const needsPassword = authConfig?.auth?.use_password === 'yes'; if (needsPassword) { wazuhPassword = - configuration['enrollment.password'] || - authInfo['authd.pass'] || + configuration?.['enrollment.password'] || + authConfig?.['authd.pass'] || ''; } const groups = await getGroups(); diff --git a/plugins/main/public/controllers/register-agent/services/register-agent-services.tsx b/plugins/main/public/controllers/register-agent/services/register-agent-services.tsx index 8200224bb2..71c3b1dc15 100644 --- a/plugins/main/public/controllers/register-agent/services/register-agent-services.tsx +++ b/plugins/main/public/controllers/register-agent/services/register-agent-services.tsx @@ -92,6 +92,19 @@ async function getRemoteConfiguration(nodeName: string): Promise { return config; } } +/** + * Get the manager/cluster auth configuration from Wazuh API + * @param node + * @returns + */ +async function getAuthConfiguration(node?: string) { + const authConfigUrl = node + ? `/cluster/${node}/configuration/auth/auth` + : '/manager/configuration/auth/auth'; + const result = await WzRequest.apiReq('GET', authConfigUrl, {}); + const auth = result?.data?.data?.affected_items?.[0]; + return auth; +} /** * Get the remote protocol available from list of protocols @@ -213,13 +226,18 @@ export const getMasterNode = (nodeIps: any[]): any[] => { }; /** - * Get the remote configuration from manager + * Get the remote and the auth configuration from manager * This function get the config from manager mode or cluster mode */ -export const getMasterRemoteConfiguration = async () => { +export const getMasterConfiguration = async () => { const nodes = await fetchClusterNodesOptions(); const masterNode = getMasterNode(nodes); - return await getRemoteConfiguration(masterNode[0].label); + const remote = await getRemoteConfiguration(masterNode[0].label); + const auth = await getAuthConfiguration(masterNode[0].label); + return { + remote, + auth, + }; }; export { getConnectionConfig, getRemoteConfiguration }; @@ -260,16 +278,18 @@ export interface IParseRegisterFormValues { export const parseRegisterAgentFormValues = ( formValues: { name: keyof UseFormReturn['fields']; value: any }[], OSOptionsDefined: RegisterAgentData[], - initialValues?: IParseRegisterFormValues + initialValues?: IParseRegisterFormValues, ) => { // return the values form the formFields and the value property - const parsedForm = initialValues || { - operatingSystem: { - architecture: '', - name: '', - }, - optionalParams: {}, - } as IParseRegisterFormValues; + const parsedForm = + initialValues || + ({ + operatingSystem: { + architecture: '', + name: '', + }, + optionalParams: {}, + } as IParseRegisterFormValues); formValues.forEach(field => { if (field.name === 'operatingSystemSelection') { // search the architecture defined in architecture array and get the os name defined in title array in the same index @@ -284,7 +304,9 @@ export const parseRegisterAgentFormValues = ( } } else { if (field.name === 'agentGroups') { - parsedForm.optionalParams[field.name as any] = field.value.map(item => item.id) + parsedForm.optionalParams[field.name as any] = field.value.map( + item => item.id, + ); } else { parsedForm.optionalParams[field.name as any] = field.value; } @@ -292,4 +314,4 @@ export const parseRegisterAgentFormValues = ( }); return parsedForm; -}; \ No newline at end of file +}; From 6e84a16f0761c3af7c468fe8284d7731bae4ff23 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C3=81lex=20Ruiz?= Date: Wed, 13 Dec 2023 12:32:15 +0100 Subject: [PATCH 20/26] Add Docker envs for 4.6.x and 4.7.x pre-release and release and add server to osd-dev environment (#6132) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * Add Docker envs for 4.6-production * feat(environments): remove logging and add dev environments for 4.7.0 * feat(environments): add server to dev environments - Add real server to osd-dev environments that is enbled through the server profile - Fix pre-release and release environments for 4.6.x - Add pre-release and release environments for 4.7.x * Fix network name and agent register command * feat(docker): replace Wazuh server on dev environments * fix(docker): fix agent version in dev environment * fix(docker): remove unused files in dev environment --------- Co-authored-by: Antonio David Gutiérrez Co-authored-by: Federico Rodriguez --- docker/osd-dev/config/1.x/osd/wazuh.yml | 6 +- docker/osd-dev/config/2.x/osd/wazuh.yml | 6 +- .../config/wazuh_cluster/wazuh_manager.conf | 353 ++++++++++++++++++ docker/osd-dev/dev.sh | 41 +- docker/osd-dev/dev.yml | 64 +++- docker/wazuh-4.6/README.md | 142 +++++++ docker/wazuh-4.6/config/certs/ca.json | 15 + docker/wazuh-4.6/config/certs/cfssl.json | 58 +++ docker/wazuh-4.6/config/certs/host.json | 19 + docker/wazuh-4.6/config/filebeat/filebeat.yml | 22 ++ .../wazuh-4.6/config/imposter/api_info.json | 12 + docker/wazuh-4.6/config/imposter/login.js | 42 +++ .../config/imposter/wazuh-config.yml | 16 + .../config/wazuh_cluster/wazuh_manager.conf | 353 ++++++++++++++++++ .../config/wazuh_dashboard/wazuh.yml | 14 + .../wazuh_dashboard/wazuh_dashboard.yml | 15 + .../wazuh_dashboard/wazuh_dashboard_saml.yml | 16 + .../config/wazuh_indexer/config-saml.yml | 40 ++ .../wazuh-4.6/config/wazuh_indexer/config.yml | 40 ++ .../config/wazuh_indexer/internal_users.yml | 56 +++ .../config/wazuh_indexer/opensearch.yml | 42 +++ .../wazuh-4.6/config/wazuh_indexer/roles.yml | 149 ++++++++ .../config/wazuh_indexer/roles_mapping.yml | 88 +++++ .../config/wazuh_indexer/wazuh.indexer.yml | 28 ++ docker/wazuh-4.6/enable_saml.sh | 165 ++++++++ docker/wazuh-4.6/pre.sh | 109 ++++++ docker/wazuh-4.6/pre.yml | 212 +++++++++++ docker/wazuh-4.6/rel.sh | 69 ++++ docker/wazuh-4.6/rel.yml | 325 ++++++++++++++++ docker/wazuh-4.7/README.md | 142 +++++++ docker/wazuh-4.7/config/certs/ca.json | 15 + docker/wazuh-4.7/config/certs/cfssl.json | 58 +++ docker/wazuh-4.7/config/certs/host.json | 19 + docker/wazuh-4.7/config/filebeat/filebeat.yml | 22 ++ .../wazuh-4.7/config/imposter/api_info.json | 12 + docker/wazuh-4.7/config/imposter/login.js | 42 +++ .../config/imposter/wazuh-config.yml | 16 + .../config/wazuh_cluster/wazuh_manager.conf | 353 ++++++++++++++++++ .../config/wazuh_dashboard/wazuh.yml | 14 + .../wazuh_dashboard/wazuh_dashboard.yml | 15 + .../wazuh_dashboard/wazuh_dashboard_saml.yml | 16 + .../config/wazuh_indexer/config-saml.yml | 40 ++ .../wazuh-4.7/config/wazuh_indexer/config.yml | 40 ++ .../config/wazuh_indexer/internal_users.yml | 56 +++ .../config/wazuh_indexer/opensearch.yml | 42 +++ .../wazuh-4.7/config/wazuh_indexer/roles.yml | 149 ++++++++ .../config/wazuh_indexer/roles_mapping.yml | 88 +++++ .../config/wazuh_indexer/wazuh.indexer.yml | 28 ++ docker/wazuh-4.7/enable_saml.sh | 165 ++++++++ docker/wazuh-4.7/pre.sh | 111 ++++++ docker/wazuh-4.7/pre.yml | 212 +++++++++++ docker/wazuh-4.7/rel.sh | 71 ++++ docker/wazuh-4.7/rel.yml | 325 ++++++++++++++++ 53 files changed, 4548 insertions(+), 20 deletions(-) create mode 100755 docker/osd-dev/config/wazuh_cluster/wazuh_manager.conf create mode 100644 docker/wazuh-4.6/README.md create mode 100644 docker/wazuh-4.6/config/certs/ca.json create mode 100644 docker/wazuh-4.6/config/certs/cfssl.json create mode 100644 docker/wazuh-4.6/config/certs/host.json create mode 100644 docker/wazuh-4.6/config/filebeat/filebeat.yml create mode 100644 docker/wazuh-4.6/config/imposter/api_info.json create mode 100755 docker/wazuh-4.6/config/imposter/login.js create mode 100755 docker/wazuh-4.6/config/imposter/wazuh-config.yml create mode 100755 docker/wazuh-4.6/config/wazuh_cluster/wazuh_manager.conf create mode 100755 docker/wazuh-4.6/config/wazuh_dashboard/wazuh.yml create mode 100755 docker/wazuh-4.6/config/wazuh_dashboard/wazuh_dashboard.yml create mode 100755 docker/wazuh-4.6/config/wazuh_dashboard/wazuh_dashboard_saml.yml create mode 100644 docker/wazuh-4.6/config/wazuh_indexer/config-saml.yml create mode 100644 docker/wazuh-4.6/config/wazuh_indexer/config.yml create mode 100755 docker/wazuh-4.6/config/wazuh_indexer/internal_users.yml create mode 100644 docker/wazuh-4.6/config/wazuh_indexer/opensearch.yml create mode 100644 docker/wazuh-4.6/config/wazuh_indexer/roles.yml create mode 100644 docker/wazuh-4.6/config/wazuh_indexer/roles_mapping.yml create mode 100755 docker/wazuh-4.6/config/wazuh_indexer/wazuh.indexer.yml create mode 100755 docker/wazuh-4.6/enable_saml.sh create mode 100755 docker/wazuh-4.6/pre.sh create mode 100755 docker/wazuh-4.6/pre.yml create mode 100755 docker/wazuh-4.6/rel.sh create mode 100755 docker/wazuh-4.6/rel.yml create mode 100644 docker/wazuh-4.7/README.md create mode 100644 docker/wazuh-4.7/config/certs/ca.json create mode 100644 docker/wazuh-4.7/config/certs/cfssl.json create mode 100644 docker/wazuh-4.7/config/certs/host.json create mode 100644 docker/wazuh-4.7/config/filebeat/filebeat.yml create mode 100644 docker/wazuh-4.7/config/imposter/api_info.json create mode 100755 docker/wazuh-4.7/config/imposter/login.js create mode 100755 docker/wazuh-4.7/config/imposter/wazuh-config.yml create mode 100755 docker/wazuh-4.7/config/wazuh_cluster/wazuh_manager.conf create mode 100755 docker/wazuh-4.7/config/wazuh_dashboard/wazuh.yml create mode 100755 docker/wazuh-4.7/config/wazuh_dashboard/wazuh_dashboard.yml create mode 100755 docker/wazuh-4.7/config/wazuh_dashboard/wazuh_dashboard_saml.yml create mode 100644 docker/wazuh-4.7/config/wazuh_indexer/config-saml.yml create mode 100644 docker/wazuh-4.7/config/wazuh_indexer/config.yml create mode 100755 docker/wazuh-4.7/config/wazuh_indexer/internal_users.yml create mode 100644 docker/wazuh-4.7/config/wazuh_indexer/opensearch.yml create mode 100644 docker/wazuh-4.7/config/wazuh_indexer/roles.yml create mode 100644 docker/wazuh-4.7/config/wazuh_indexer/roles_mapping.yml create mode 100755 docker/wazuh-4.7/config/wazuh_indexer/wazuh.indexer.yml create mode 100755 docker/wazuh-4.7/enable_saml.sh create mode 100755 docker/wazuh-4.7/pre.sh create mode 100755 docker/wazuh-4.7/pre.yml create mode 100755 docker/wazuh-4.7/rel.sh create mode 100755 docker/wazuh-4.7/rel.yml diff --git a/docker/osd-dev/config/1.x/osd/wazuh.yml b/docker/osd-dev/config/1.x/osd/wazuh.yml index 76c3a973ab..3f3bc90bbb 100755 --- a/docker/osd-dev/config/1.x/osd/wazuh.yml +++ b/docker/osd-dev/config/1.x/osd/wazuh.yml @@ -1,18 +1,18 @@ hosts: - manager: - url: "https://wazuh.manager" + url: 'https://wazuh.manager' port: 55000 username: wazuh-wui password: MyS3cr37P450r.*- run_as: false - imposter: - url: "http://imposter" + url: 'http://imposter' port: 8080 username: wazuh-wui password: MyS3cr37P450r.*- run_as: false - imposter-cli: - url: "http://" + url: 'http://' port: 8080 username: wazuh-wui password: MyS3cr37P450r.*- diff --git a/docker/osd-dev/config/2.x/osd/wazuh.yml b/docker/osd-dev/config/2.x/osd/wazuh.yml index 76c3a973ab..3f3bc90bbb 100755 --- a/docker/osd-dev/config/2.x/osd/wazuh.yml +++ b/docker/osd-dev/config/2.x/osd/wazuh.yml @@ -1,18 +1,18 @@ hosts: - manager: - url: "https://wazuh.manager" + url: 'https://wazuh.manager' port: 55000 username: wazuh-wui password: MyS3cr37P450r.*- run_as: false - imposter: - url: "http://imposter" + url: 'http://imposter' port: 8080 username: wazuh-wui password: MyS3cr37P450r.*- run_as: false - imposter-cli: - url: "http://" + url: 'http://' port: 8080 username: wazuh-wui password: MyS3cr37P450r.*- diff --git a/docker/osd-dev/config/wazuh_cluster/wazuh_manager.conf b/docker/osd-dev/config/wazuh_cluster/wazuh_manager.conf new file mode 100755 index 0000000000..aff1af9d6c --- /dev/null +++ b/docker/osd-dev/config/wazuh_cluster/wazuh_manager.conf @@ -0,0 +1,353 @@ + + + yes + yes + no + no + no + smtp.example.wazuh.com + wazuh@example.wazuh.com + recipient@example.wazuh.com + 12 + alerts.log + 10m + 0 + + + + 3 + 12 + + + + + plain + + + + secure + 1514 + tcp + 131072 + + + + + no + yes + yes + yes + yes + yes + yes + yes + + + 43200 + + etc/rootcheck/rootkit_files.txt + etc/rootcheck/rootkit_trojans.txt + + yes + + + + yes + 1800 + 1d + yes + + wodles/java + wodles/ciscat + + + + + yes + yes + /var/log/osquery/osqueryd.results.log + /etc/osquery/osquery.conf + yes + + + + + no + 1h + yes + yes + yes + yes + yes + yes + yes + + + + 10 + + + + + yes + yes + 12h + yes + + + + no + 5m + 6h + yes + + + + no + trusty + xenial + bionic + focal + 1h + + + + + no + stretch + buster + bullseye + 1h + + + + + no + 5 + 6 + 7 + 8 + 1h + + + + + no + amazon-linux + amazon-linux-2 + 1h + + + + + no + 1h + + + + + yes + 1h + + + + + yes + 2010 + 1h + + + + + + + no + + + 43200 + + yes + + + yes + + + no + + + /etc,/usr/bin,/usr/sbin + /bin,/sbin,/boot + + + /etc/mtab + /etc/hosts.deny + /etc/mail/statistics + /etc/random-seed + /etc/random.seed + /etc/adjtime + /etc/httpd/logs + /etc/utmpx + /etc/wtmpx + /etc/cups/certs + /etc/dumpdates + /etc/svc/volatile + + + .log$|.swp$ + + + /etc/ssl/private.key + + yes + yes + yes + yes + + + 10 + + + 100 + + + + yes + 5m + 1h + 10 + + + + + + 127.0.0.1 + ^localhost.localdomain$ + 10.0.0.106 + + + + disable-account + disable-account + yes + + + + restart-wazuh + restart-wazuh + + + + firewall-drop + firewall-drop + yes + + + + host-deny + host-deny + yes + + + + route-null + route-null + yes + + + + win_route-null + route-null.exe + yes + + + + netsh + netsh.exe + yes + + + + + + + command + df -P + 360 + + + + full_command + netstat -tulpn | sed 's/\([[:alnum:]]\+\)\ \+[[:digit:]]\+\ \+[[:digit:]]\+\ \+\(.*\):\([[:digit:]]*\)\ \+\([0-9\.\:\*]\+\).\+\ \([[:digit:]]*\/[[:alnum:]\-]*\).*/\1 \2 == \3 == \4 \5/' | sort -k 4 -g | sed 's/ == \(.*\) ==/:\1/' | sed 1,2d + netstat listening ports + 360 + + + + full_command + last -n 20 + 360 + + + + + ruleset/decoders + ruleset/rules + 0215-policy_rules.xml + etc/lists/audit-keys + etc/lists/amazon/aws-eventnames + etc/lists/security-eventchannel + + + etc/decoders + etc/rules + + + + yes + 1 + 64 + 15m + + + + + no + 1515 + no + yes + no + HIGH:!ADH:!EXP:!MD5:!RC4:!3DES:!CAMELLIA:@STRENGTH + + no + etc/sslmanager.cert + etc/sslmanager.key + no + + + + wazuh + node01 + master + + 1516 + 0.0.0.0 + + NODE_IP + + no + yes + + + + + + + syslog + /var/ossec/logs/active-responses.log + + + diff --git a/docker/osd-dev/dev.sh b/docker/osd-dev/dev.sh index 426eade63a..123a2baf66 100755 --- a/docker/osd-dev/dev.sh +++ b/docker/osd-dev/dev.sh @@ -22,13 +22,20 @@ osd_versions=( '2.4.0' '2.4.1' '2.6.0' + '2.8.0' '4.6.0' '4.7.0' ) +wzs_version=( + '4.7.0' + '4.7.1' + '4.7.2' +) + usage() { echo - echo "./dev.sh os_version osd_version /wazuh_app_src action [saml]" + echo "./dev.sh os_version osd_version /wazuh_app_src action [saml/server] [server_version]" echo echo "where" echo " os_version is one of " ${os_versions[*]} @@ -36,6 +43,7 @@ usage() { echo " wazuh_app_src is the path to the wazuh application source code" echo " action is one of up | down | stop" echo " saml to deploy a saml enabled environment" + echo " server to deploy a real server enabled environment" exit -1 } @@ -96,6 +104,16 @@ if [[ "$5" =~ "saml" ]]; then export SEC_CONFIG_FILE=./config/${OSD_MAJOR}/os/config-saml.yml fi +if [[ "$5" =~ "server" ]]; then + profile="server" + if [[ ! " ${wzs_version[*]} " =~ " ${6} " ]]; then + echo "Wazuh server version ${6} not found in ${wzs_version[*]}" + echo + exit -1 + fi + export WAZUH_STACK="${6}" +fi + export SEC_CONFIG_PATH=/usr/share/opensearch/plugins/opensearch-security/securityconfig if [[ "$OSD_MAJOR" == "2.x" ]]; then export SEC_CONFIG_PATH=/usr/share/opensearch/config/opensearch-security @@ -105,6 +123,27 @@ case "$4" in up) /bin/bash ../scripts/create_docker_networks.sh docker compose --profile $profile -f dev.yml up -Vd + + # Display a command to deploy an agent when using the real server + if [[ "$5" =~ "server" ]]; then + echo + echo "**************WARNING**************" + echo "The agent version must be a published one. This uses only released versions." + echo "If you need to change de version, edit the command as you see fit." + echo "***********************************" + echo "1. (Optional) Enroll an agent (Ubuntu 20.04):" + echo "docker run --name ${COMPOSE_PROJECT_NAME}-agent-\$(date +%s) --network os-dev-${OS_VERSION} --label com.docker.compose.project=${COMPOSE_PROJECT_NAME} --env WAZUH_AGENT_VERSION=${WAZUH_STACK} -d ubuntu:20.04 bash -c '" + echo " apt update -y" + echo " apt install -y curl lsb-release" + echo " curl -so \wazuh-agent-\${WAZUH_AGENT_VERSION}.deb \\" + echo " https://packages.wazuh.com/4.x/apt/pool/main/w/wazuh-agent/wazuh-agent_\${WAZUH_AGENT_VERSION}-1_amd64.deb \\" + echo " && WAZUH_MANAGER='wazuh.manager' WAZUH_AGENT_GROUP='default' dpkg -i ./wazuh-agent-\${WAZUH_AGENT_VERSION}.deb" + echo + echo " /etc/init.d/wazuh-agent start" + echo " tail -f /var/ossec/logs/ossec.log" + echo "'" + echo + fi ;; down) docker compose --profile $profile -f dev.yml down -v --remove-orphans diff --git a/docker/osd-dev/dev.yml b/docker/osd-dev/dev.yml index 0906bf2bc7..19aa36da43 100755 --- a/docker/osd-dev/dev.yml +++ b/docker/osd-dev/dev.yml @@ -1,17 +1,18 @@ version: '2.2' -x-logging: &logging - logging: - driver: loki - options: - loki-url: 'http://host.docker.internal:3100/loki/api/v1/push' +# x-logging: &logging +# logging: +# driver: loki +# options: +# loki-url: 'http://host.docker.internal:3100/loki/api/v1/push' services: exporter: image: quay.io/prometheuscommunity/elasticsearch-exporter:latest - <<: *logging + #<<: *logging hostname: exporter-osd-${OS_VERSION} profiles: + - 'server' - 'saml' - 'standard' networks: @@ -24,7 +25,7 @@ services: imposter: image: outofcoffee/imposter - <<: *logging + #<<: *logging hostname: imposter-osd-${OS_VERSION} networks: - os-dev @@ -37,8 +38,9 @@ services: generator: image: cfssl/cfssl - <<: *logging + #<<: *logging profiles: + - 'server' - 'saml' - 'standard' volumes: @@ -128,8 +130,9 @@ services: condition: service_completed_successfully required: false image: opensearchproject/opensearch:${OS_VERSION} - <<: *logging + #<<: *logging profiles: + - 'server' - 'saml' - 'standard' environment: @@ -157,6 +160,9 @@ services: - os_logs:/var/log/os1 - os_data:/var/lib/os1 + ports: + - 9200:9200 + - 9300:9300 networks: - os-dev - mon @@ -183,7 +189,7 @@ services: networks: - os-dev - mon - <<: *logging + #<<: *logging # restart: always entrypoint: - '/bin/bash' @@ -212,6 +218,7 @@ services: condition: service_healthy image: quay.io/wazuh/osd-dev:${OSD_VERSION} profiles: + - 'server' - 'saml' - 'standard' hostname: osd @@ -220,7 +227,7 @@ services: - devel - mon user: '1000:1000' - <<: *logging + #<<: *logging ports: - ${OSD_PORT}:5601 environment: @@ -272,7 +279,7 @@ services: profiles: - 'saml' hostname: idp - <<: *logging + #<<: *logging networks: - os-dev - mon @@ -301,7 +308,7 @@ services: profiles: - 'saml' hostname: idpsetup - <<: *logging + #<<: *logging networks: - os-dev - mon @@ -315,6 +322,37 @@ services: bash /enable_saml.sh exit 0 ' + wazuh.manager: + depends_on: + os1: + condition: service_healthy + image: wazuh/wazuh-manager:${WAZUH_STACK} + profiles: + - 'server' + hostname: wazuh.manager + # <<: *logging + networks: + - os-dev + - mon + environment: + - INDEXER_URL=https://os1:9200 + - INDEXER_USERNAME=admin + - INDEXER_PASSWORD=admin + - FILEBEAT_SSL_VERIFICATION_MODE=full + - SSL_CERTIFICATE_AUTHORITIES=/etc/ssl/wazuh/ca.pem + - SSL_CERTIFICATE=/etc/ssl/wazuh/filebeat.pem + - SSL_KEY=/etc/ssl/wazuh/filebeat.key + - API_USERNAME=wazuh-wui + - API_PASSWORD=MyS3cr37P450r.*- + volumes: + - wm_certs:/etc/ssl/wazuh + - ./config/wazuh_cluster/wazuh_manager.conf:/wazuh-config-mount/etc/ossec.conf + ports: + - '514:514' + - '1514:1514' + - '1515:1515' + - '1516:1516' + - '55000:55000' networks: os-dev: diff --git a/docker/wazuh-4.6/README.md b/docker/wazuh-4.6/README.md new file mode 100644 index 0000000000..e76e582ec1 --- /dev/null +++ b/docker/wazuh-4.6/README.md @@ -0,0 +1,142 @@ +# Wazuh Stack 4.6.x + +On this folder, we can find two types of environments: + +- release environment, managed by the `rel.sh` script +- prerelease environment managed by the `pre.sh` script + +### UI Credentials + +The default user and password to access the UI at https://0.0.0.0:5601/ are: + +``` +admin:SecretPassword +``` + +## Release environment + +This environment will start a working deployment with: + +- Wazuh Manager +- Wazuh Indexer +- Wazuh Dashboard + +Check the scripts for a list of the supported Wazuh versions. + +The environment expect the network `mon` to exists, either bring up the +`mon` stack or execute the following command: + +```bash +docker network create mon +``` + +The images used here are generated by the CI/CD team and uploaded into +the official Docker Hub organization. No Wazuh Agent image is provided yet, +so you'll need to deploy an agent in Docker manually, by following the +instructions below. + +### Image certificates + +Certificates are created automatically by the docker-compose, but if +it fails to create them with the appropriate permissions, we might need +to adjust them. + +This is related to the way the official Wazuh docker images are +prepared. + +### Registering agents using Docker + +To register an agent, we need to get the enrollment command from the +UI and then execute: + +- For `CentOS/8` images: + + ```bash + docker run --name wz-rel-agent-4.6.0 --rm --network wz-rel-450 --label com.docker.compose.project=wz-rel-450 -d centos:8 bash -c ' + sed -i -e "s|mirrorlist=|#mirrorlist=|g" /etc/yum.repos.d/CentOS-* + sed -i -e "s|#baseurl=http://mirror.centos.org|baseurl=http://vault.centos.org|g" /etc/yum.repos.d/CentOS-* + + # Change this command by the one the UI suggests. Add the -y flag and remove the `sudo`. + WAZUH_MANAGER='wazuh.manager' yum install -y https://packages.wazuh.com/4.x/yum5/x86_64/wazuh-agent-4.6.0-1.el5.x86_64.rpm + + /etc/init.d/wazuh-agent start + tail -f /var/ossec/logs/ossec.log + ' + ``` + +- For `Ubuntu` images + + ```bash + docker run --name wz-rel-agent-4.6.0 --network wz-rel-450 --label com.docker.compose.project=wz-rel-450 -d ubuntu:20.04 bash -c ' + apt update -y + apt install -y curl lsb-release + + # Change this command by the one the UI suggests to use. Remove the `sudo`. + curl -so wazuh-agent-4.6.0.deb https://packages.wazuh.com/4.x/apt/pool/main/w/wazuh-agent/wazuh-agent_4.6.0-1_amd64.deb && WAZUH_MANAGER='wazuh.manager' WAZUH_AGENT_GROUP='default' dpkg -i ./wazuh-agent-4.6.0.deb + + /etc/init.d/wazuh-agent start + tail -f /var/ossec/logs/ossec.log + ' + ``` + +- For `non-Linux` agents: + + We need to provision virtual machines. + +## Prerelease environment + +The prerelease environment helps us test app releases while the rest of +Wazuh packages haven't been generated yet. + +This environment will bring up: + +- Wazuh Indexer +- Wazuh Dashboard +- Filebeat +- Imposter + +### Usage + +The way to use this environment is to bring up a published Wazuh version to +later on upgrade the app with our pre-release package. + +While bring up the environment with the `pre.sh` script, specify the published +version of Wazuh with the `wazuh_version` argument, the new patch version of +Wazuh with `wazuh_api_version` and finally follow the steps provided by the +scripts. + +Example: test a package for Wazuh 4.6.0 + +```bash +./pre.sh 4.6.0 0 up +``` + +```bash +./pre.sh wazuh_version wazuh_api_version action + +where + wazuh_version is one of + wazuh_api_version is the minor version of wazuh 4.6, for example 5 17 + action is one of up | down + +In a minor release, the API should not change the version here bumps the API + string returned for testing. This script generates the file + + config/imposter/api_info.json + +used by the mock server +``` + +Please take into account that the API version for this environment will +always be a 4.6.x version. Also consider that our application version +must be the same as the one selected here. + +### App upgrade + +Follow the instructions provided by the `pre.sh` script. + +### Agent enrollment + +Because we're not using a real Wazuh Manager, we cannot register new agents. +Instead, Imposter (the mock server) will provide mocked responds to valid API +requests, as if it were the real Wazuh server. diff --git a/docker/wazuh-4.6/config/certs/ca.json b/docker/wazuh-4.6/config/certs/ca.json new file mode 100644 index 0000000000..8a96a70a42 --- /dev/null +++ b/docker/wazuh-4.6/config/certs/ca.json @@ -0,0 +1,15 @@ +{ + "CN": "Wazuh", + "key": { + "algo": "rsa", + "size": 2048 + }, + "names": [ + { + "C": "US", + "L": "San Francisco", + "O": "Wazuh", + "OU": "Wazuh Root CA" + } + ] +} diff --git a/docker/wazuh-4.6/config/certs/cfssl.json b/docker/wazuh-4.6/config/certs/cfssl.json new file mode 100644 index 0000000000..d23daf7621 --- /dev/null +++ b/docker/wazuh-4.6/config/certs/cfssl.json @@ -0,0 +1,58 @@ +{ + "signing": { + "default": { + "expiry": "8760h" + }, + "profiles": { + "intermediate_ca": { + "usages": [ + "signing", + "digital signature", + "key encipherment", + "cert sign", + "crl sign", + "server auth", + "client auth" + ], + "expiry": "8760h", + "ca_constraint": { + "is_ca": true, + "max_path_len": 0, + "max_path_len_zero": true + } + }, + "peer": { + "usages": [ + "signing", + "digital signature", + "key encipherment", + "data encipherment", + "client auth", + "server auth" + ], + "expiry": "8760h" + }, + "server": { + "usages": [ + "signing", + "digital signing", + "key encipherment", + "data encipherment", + "server auth" + ], + "expiry": "8760h" + }, + "client": { + "usages": [ + "signing", + "digital signature", + "key encipherment", + "data encipherment", + "client auth" + ], + "expiry": "8760h" + } + } + } +} + diff --git a/docker/wazuh-4.6/config/certs/host.json b/docker/wazuh-4.6/config/certs/host.json new file mode 100644 index 0000000000..27805da58e --- /dev/null +++ b/docker/wazuh-4.6/config/certs/host.json @@ -0,0 +1,19 @@ +{ + "CN": "HOST", + "key": { + "algo": "rsa", + "size": 2048 + }, + "names": [ + { + "C": "US", + "L": "California", + "O": "Wazuh", + "OU": "Wazuh" + } + ], + "hosts": [ + "HOST", + "localhost" + ] +} diff --git a/docker/wazuh-4.6/config/filebeat/filebeat.yml b/docker/wazuh-4.6/config/filebeat/filebeat.yml new file mode 100644 index 0000000000..e22b1f97ca --- /dev/null +++ b/docker/wazuh-4.6/config/filebeat/filebeat.yml @@ -0,0 +1,22 @@ + +# Wazuh - Filebeat configuration file +filebeat.modules: + - module: wazuh + alerts: + enabled: true + archives: + enabled: false + +setup.template.json.enabled: true +setup.template.json.path: '/etc/filebeat/wazuh-template.json' +setup.template.json.name: 'wazuh' +setup.template.overwrite: true +setup.ilm.enabled: false +output.elasticsearch: + hosts: ['https://wazuh.indexer:9200'] + username: 'admin' + password: 'SecretPassword' + ssl.verification_mode: full + ssl.certificate_authorities: ['/etc/ssl/wazuh/ca.pem'] + ssl.certificate: '/etc/ssl/wazuh/filebeat.pem' + ssl.key: '/etc/ssl/wazuh/filebeat-key.pem' diff --git a/docker/wazuh-4.6/config/imposter/api_info.json b/docker/wazuh-4.6/config/imposter/api_info.json new file mode 100644 index 0000000000..126f87cfe7 --- /dev/null +++ b/docker/wazuh-4.6/config/imposter/api_info.json @@ -0,0 +1,12 @@ +{ + "data": { + "title": "Wazuh API REST", + "api_version": "4.6.0", + "revision": 40316, + "license_name": "GPL 2.0", + "license_url": "https://github.com/wazuh/wazuh/blob/4.6/LICENSE", + "hostname": "imposter", + "timestamp": "2022-06-13T17:20:03Z" + }, + "error": 0 +} diff --git a/docker/wazuh-4.6/config/imposter/login.js b/docker/wazuh-4.6/config/imposter/login.js new file mode 100755 index 0000000000..86c2eb4180 --- /dev/null +++ b/docker/wazuh-4.6/config/imposter/login.js @@ -0,0 +1,42 @@ +exports = {}; + +load('https://raw.githubusercontent.com/kjur/jsrsasign/master/npm/lib/jsrsasign.js', exports); +header = { + "alg": "HS256", + "typ": "JWT", + "kid": "vpaas-magic-cookie-1fc542a3e4414a44b2611668195e2bfe/4f4910" +}; + +// The second part of the token is the payload, which contains the claims. +// Claims are statements about an entity (typically, the user) and +// additional data. There are three types of claims: +// registered, public, and private claims. +nbf = Date.now()-1000; + +claims = { + "iss": "wazuh", + "aud": "Wazuh API REST", + "nbf": nbf, + "exp": nbf+3600000, + "sub": "wazuh", + "rbac_roles": [ + 1 + ], + "rbac_mode": "white" +}; + + +jwt = KJUR.jws.JWS.sign("HS256", JSON.stringify(header), JSON.stringify(claims), "616161"); + +resp = { + "data": { + "token": jwt, + "error": 0 + } +}; + +respond() + .withStatusCode(200) + .withData(JSON.stringify(resp)); + + diff --git a/docker/wazuh-4.6/config/imposter/wazuh-config.yml b/docker/wazuh-4.6/config/imposter/wazuh-config.yml new file mode 100755 index 0000000000..ace39bf4a0 --- /dev/null +++ b/docker/wazuh-4.6/config/imposter/wazuh-config.yml @@ -0,0 +1,16 @@ +--- +plugin: openapi +specFile: https://raw.githubusercontent.com/wazuh/wazuh/v4.4.0/api/api/spec/spec.yaml + +resources: + - path: /security/user/authenticate + method: POST + response: + statusCode: 200 + scriptFile: login.js + - path: / + method: get + response: + statusCode: 200 + staticFile: api_info.json + diff --git a/docker/wazuh-4.6/config/wazuh_cluster/wazuh_manager.conf b/docker/wazuh-4.6/config/wazuh_cluster/wazuh_manager.conf new file mode 100755 index 0000000000..aff1af9d6c --- /dev/null +++ b/docker/wazuh-4.6/config/wazuh_cluster/wazuh_manager.conf @@ -0,0 +1,353 @@ + + + yes + yes + no + no + no + smtp.example.wazuh.com + wazuh@example.wazuh.com + recipient@example.wazuh.com + 12 + alerts.log + 10m + 0 + + + + 3 + 12 + + + + + plain + + + + secure + 1514 + tcp + 131072 + + + + + no + yes + yes + yes + yes + yes + yes + yes + + + 43200 + + etc/rootcheck/rootkit_files.txt + etc/rootcheck/rootkit_trojans.txt + + yes + + + + yes + 1800 + 1d + yes + + wodles/java + wodles/ciscat + + + + + yes + yes + /var/log/osquery/osqueryd.results.log + /etc/osquery/osquery.conf + yes + + + + + no + 1h + yes + yes + yes + yes + yes + yes + yes + + + + 10 + + + + + yes + yes + 12h + yes + + + + no + 5m + 6h + yes + + + + no + trusty + xenial + bionic + focal + 1h + + + + + no + stretch + buster + bullseye + 1h + + + + + no + 5 + 6 + 7 + 8 + 1h + + + + + no + amazon-linux + amazon-linux-2 + 1h + + + + + no + 1h + + + + + yes + 1h + + + + + yes + 2010 + 1h + + + + + + + no + + + 43200 + + yes + + + yes + + + no + + + /etc,/usr/bin,/usr/sbin + /bin,/sbin,/boot + + + /etc/mtab + /etc/hosts.deny + /etc/mail/statistics + /etc/random-seed + /etc/random.seed + /etc/adjtime + /etc/httpd/logs + /etc/utmpx + /etc/wtmpx + /etc/cups/certs + /etc/dumpdates + /etc/svc/volatile + + + .log$|.swp$ + + + /etc/ssl/private.key + + yes + yes + yes + yes + + + 10 + + + 100 + + + + yes + 5m + 1h + 10 + + + + + + 127.0.0.1 + ^localhost.localdomain$ + 10.0.0.106 + + + + disable-account + disable-account + yes + + + + restart-wazuh + restart-wazuh + + + + firewall-drop + firewall-drop + yes + + + + host-deny + host-deny + yes + + + + route-null + route-null + yes + + + + win_route-null + route-null.exe + yes + + + + netsh + netsh.exe + yes + + + + + + + command + df -P + 360 + + + + full_command + netstat -tulpn | sed 's/\([[:alnum:]]\+\)\ \+[[:digit:]]\+\ \+[[:digit:]]\+\ \+\(.*\):\([[:digit:]]*\)\ \+\([0-9\.\:\*]\+\).\+\ \([[:digit:]]*\/[[:alnum:]\-]*\).*/\1 \2 == \3 == \4 \5/' | sort -k 4 -g | sed 's/ == \(.*\) ==/:\1/' | sed 1,2d + netstat listening ports + 360 + + + + full_command + last -n 20 + 360 + + + + + ruleset/decoders + ruleset/rules + 0215-policy_rules.xml + etc/lists/audit-keys + etc/lists/amazon/aws-eventnames + etc/lists/security-eventchannel + + + etc/decoders + etc/rules + + + + yes + 1 + 64 + 15m + + + + + no + 1515 + no + yes + no + HIGH:!ADH:!EXP:!MD5:!RC4:!3DES:!CAMELLIA:@STRENGTH + + no + etc/sslmanager.cert + etc/sslmanager.key + no + + + + wazuh + node01 + master + + 1516 + 0.0.0.0 + + NODE_IP + + no + yes + + + + + + + syslog + /var/ossec/logs/active-responses.log + + + diff --git a/docker/wazuh-4.6/config/wazuh_dashboard/wazuh.yml b/docker/wazuh-4.6/config/wazuh_dashboard/wazuh.yml new file mode 100755 index 0000000000..dca5610652 --- /dev/null +++ b/docker/wazuh-4.6/config/wazuh_dashboard/wazuh.yml @@ -0,0 +1,14 @@ +hosts: + - imposter: + url: "http://imposter" + port: 8080 + username: wazuh-wui + password: MyS3cr37P450r.*- + run_as: false + + - 1513629884013: + url: https://wazuh.manager + port: 55000 + username: wazuh-wui + password: MyS3cr37P450r.*- + run_as: false diff --git a/docker/wazuh-4.6/config/wazuh_dashboard/wazuh_dashboard.yml b/docker/wazuh-4.6/config/wazuh_dashboard/wazuh_dashboard.yml new file mode 100755 index 0000000000..741fa3c019 --- /dev/null +++ b/docker/wazuh-4.6/config/wazuh_dashboard/wazuh_dashboard.yml @@ -0,0 +1,15 @@ +server.host: 0.0.0.0 +server.port: 5601 +opensearch.hosts: https://wazuh.indexer:9200 +opensearch.ssl.verificationMode: certificate +opensearch.requestHeadersAllowlist: ['securitytenant', 'Authorization'] +opensearch_security.multitenancy.enabled: false +opensearch_security.readonly_mode.roles: ['kibana_read_only'] +server.ssl.enabled: true +server.ssl.key: '/usr/share/wazuh-dashboard/certs/wazuh.dashboard.key' +server.ssl.certificate: '/usr/share/wazuh-dashboard/certs/wazuh.dashboard.pem' +opensearch.ssl.certificateAuthorities: + ['/usr/share/wazuh-dashboard/certs/ca.pem'] +uiSettings.overrides.defaultRoute: /app/wazuh +opensearch.username: 'kibanaserver' +opensearch.password: 'kibanaserver' diff --git a/docker/wazuh-4.6/config/wazuh_dashboard/wazuh_dashboard_saml.yml b/docker/wazuh-4.6/config/wazuh_dashboard/wazuh_dashboard_saml.yml new file mode 100755 index 0000000000..ce5d198300 --- /dev/null +++ b/docker/wazuh-4.6/config/wazuh_dashboard/wazuh_dashboard_saml.yml @@ -0,0 +1,16 @@ +server.host: 0.0.0.0 +server.port: 5601 +opensearch.hosts: https://wazuh.indexer:9200 +opensearch.ssl.verificationMode: certificate +opensearch.requestHeadersWhitelist: ["securitytenant","Authorization"] +opensearch_security.multitenancy.enabled: false +opensearch_security.readonly_mode.roles: ["kibana_read_only"] +server.ssl.enabled: true +server.ssl.key: "/usr/share/wazuh-dashboard/certs/wazuh.dashboard.key" +server.ssl.certificate: "/usr/share/wazuh-dashboard/certs/wazuh.dashboard.pem" +opensearch.ssl.certificateAuthorities: ["/usr/share/wazuh-dashboard/certs/ca.pem"] +uiSettings.overrides.defaultRoute: /app/wazuh +opensearch.username: "kibanaserver" +opensearch.password: "kibanaserver" +opensearch_security.auth.type: "saml" +server.xsrf.whitelist: [/_plugins/_security/saml/acs,/_opendistro/_security/saml/acs,/_plugins/_security/saml/acs/idpinitiated,/_opendistro/_security/saml/acs/idpinitiated,/_plugins/_security/saml/logout,/_opendistro/_security/saml/logout] diff --git a/docker/wazuh-4.6/config/wazuh_indexer/config-saml.yml b/docker/wazuh-4.6/config/wazuh_indexer/config-saml.yml new file mode 100644 index 0000000000..74fc91c8c4 --- /dev/null +++ b/docker/wazuh-4.6/config/wazuh_indexer/config-saml.yml @@ -0,0 +1,40 @@ +--- +_meta: + type: "config" + config_version: 2 + +config: + dynamic: + http: + anonymous_auth_enabled: false + authc: + internal_auth: + order: 0 + description: "HTTP basic authentication using the internal user database" + http_enabled: true + transport_enabled: true + http_authenticator: + type: basic + challenge: false + authentication_backend: + type: internal + saml_auth: + order: 1 + description: "Keycloack SAML provider" + http_enabled: true + transport_enabled: false + http_authenticator: + type: saml + challenge: true + config: + idp: + metadata_url: http://idp:8080/realms/wazuh/protocol/saml/descriptor + entity_id: http://idp:8080/realms/wazuh + sp: + entity_id: wazuh + signature_private_key_filepath: "certs/admin-key.pem" + kibana_url: https://localhost:5601 + roles_key: Role + exchange_key: 1a2a3a4a5a6a7a8a9a0a1b2b3b4b5b6b + authentication_backend: + type: noop diff --git a/docker/wazuh-4.6/config/wazuh_indexer/config.yml b/docker/wazuh-4.6/config/wazuh_indexer/config.yml new file mode 100644 index 0000000000..74fc91c8c4 --- /dev/null +++ b/docker/wazuh-4.6/config/wazuh_indexer/config.yml @@ -0,0 +1,40 @@ +--- +_meta: + type: "config" + config_version: 2 + +config: + dynamic: + http: + anonymous_auth_enabled: false + authc: + internal_auth: + order: 0 + description: "HTTP basic authentication using the internal user database" + http_enabled: true + transport_enabled: true + http_authenticator: + type: basic + challenge: false + authentication_backend: + type: internal + saml_auth: + order: 1 + description: "Keycloack SAML provider" + http_enabled: true + transport_enabled: false + http_authenticator: + type: saml + challenge: true + config: + idp: + metadata_url: http://idp:8080/realms/wazuh/protocol/saml/descriptor + entity_id: http://idp:8080/realms/wazuh + sp: + entity_id: wazuh + signature_private_key_filepath: "certs/admin-key.pem" + kibana_url: https://localhost:5601 + roles_key: Role + exchange_key: 1a2a3a4a5a6a7a8a9a0a1b2b3b4b5b6b + authentication_backend: + type: noop diff --git a/docker/wazuh-4.6/config/wazuh_indexer/internal_users.yml b/docker/wazuh-4.6/config/wazuh_indexer/internal_users.yml new file mode 100755 index 0000000000..d9f05b343b --- /dev/null +++ b/docker/wazuh-4.6/config/wazuh_indexer/internal_users.yml @@ -0,0 +1,56 @@ +--- +# This is the internal user database +# The hash value is a bcrypt hash and can be generated with plugin/tools/hash.sh + +_meta: + type: "internalusers" + config_version: 2 + +# Define your internal users here + +## Demo users + +admin: + hash: "$2y$12$K/SpwjtB.wOHJ/Nc6GVRDuc1h0rM1DfvziFRNPtk27P.c4yDr9njO" + reserved: true + backend_roles: + - "admin" + description: "Demo admin user" + +kibanaserver: + hash: "$2a$12$4AcgAt3xwOWadA5s5blL6ev39OXDNhmOesEoo33eZtrq2N0YrU3H." + reserved: true + description: "Demo kibanaserver user" + +kibanaro: + hash: "$2a$12$JJSXNfTowz7Uu5ttXfeYpeYE0arACvcwlPBStB1F.MI7f0U9Z4DGC" + reserved: false + backend_roles: + - "kibanauser" + - "readall" + attributes: + attribute1: "value1" + attribute2: "value2" + attribute3: "value3" + description: "Demo kibanaro user" + +logstash: + hash: "$2a$12$u1ShR4l4uBS3Uv59Pa2y5.1uQuZBrZtmNfqB3iM/.jL0XoV9sghS2" + reserved: false + backend_roles: + - "logstash" + description: "Demo logstash user" + +readall: + hash: "$2a$12$ae4ycwzwvLtZxwZ82RmiEunBbIPiAmGZduBAjKN0TXdwQFtCwARz2" + reserved: false + backend_roles: + - "readall" + description: "Demo readall user" + +snapshotrestore: + hash: "$2y$12$DpwmetHKwgYnorbgdvORCenv4NAK8cPUg8AI6pxLCuWf/ALc0.v7W" + reserved: false + backend_roles: + - "snapshotrestore" + description: "Demo snapshotrestore user" diff --git a/docker/wazuh-4.6/config/wazuh_indexer/opensearch.yml b/docker/wazuh-4.6/config/wazuh_indexer/opensearch.yml new file mode 100644 index 0000000000..ee1dbf59d5 --- /dev/null +++ b/docker/wazuh-4.6/config/wazuh_indexer/opensearch.yml @@ -0,0 +1,42 @@ +network.host: "0.0.0.0" +node.name: "os1" +path.data: /var/lib/os1 +path.logs: /var/log/os1 +# comment compatibility.override_main_response_version for 2.0.0 +compatibility.override_main_response_version: true +plugins.security.ssl.http.pemcert_filepath: ${OPENSEARCH_PATH_CONF}/certs/os1.pem +plugins.security.ssl.http.pemkey_filepath: ${OPENSEARCH_PATH_CONF}/certs/os1.key +plugins.security.ssl.http.pemtrustedcas_filepath: ${OPENSEARCH_PATH_CONF}/certs/ca.pem +plugins.security.ssl.transport.pemcert_filepath: ${OPENSEARCH_PATH_CONF}/certs/os1.pem +plugins.security.ssl.transport.pemkey_filepath: ${OPENSEARCH_PATH_CONF}/certs/os1.key +plugins.security.ssl.transport.pemtrustedcas_filepath: ${OPENSEARCH_PATH_CONF}/certs/ca.pem +plugins.security.ssl.http.enabled: true +plugins.security.ssl.transport.enforce_hostname_verification: false +plugins.security.ssl.transport.resolve_hostname: false +plugins.security.authcz.admin_dn: + - "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US" +plugins.security.check_snapshot_restore_write_privileges: true +plugins.security.enable_snapshot_restore_privilege: true +plugins.security.nodes_dn: + - "CN=os1,OU=Wazuh,O=Wazuh,L=California,C=US" +plugins.security.restapi.roles_enabled: + - "all_access" + - "security_rest_api_access" +plugins.security.system_indices.enabled: true +plugins.security.system_indices.indices: + [ + ".opendistro-alerting-config", + ".opendistro-alerting-alert*", + ".opendistro-anomaly-results*", + ".opendistro-anomaly-detector*", + ".opendistro-anomaly-checkpoints", + ".opendistro-anomaly-detection-state", + ".opendistro-reports-*", + ".opendistro-notifications-*", + ".opendistro-notebooks", + ".opensearch-observability", + ".opendistro-asynchronous-search-response*", + ".replication-metadata-store", + ] +plugins.security.allow_default_init_securityindex: true +cluster.routing.allocation.disk.threshold_enabled: false diff --git a/docker/wazuh-4.6/config/wazuh_indexer/roles.yml b/docker/wazuh-4.6/config/wazuh_indexer/roles.yml new file mode 100644 index 0000000000..5b35df448b --- /dev/null +++ b/docker/wazuh-4.6/config/wazuh_indexer/roles.yml @@ -0,0 +1,149 @@ +_meta: + type: "roles" + config_version: 2 + +# Restrict users so they can only view visualization and dashboard on kibana +kibana_read_only: + reserved: true + +# The security REST API access role is used to assign specific users access to change the security settings through the REST API. +security_rest_api_access: + reserved: true + +# Allows users to view monitors, destinations and alerts +alerting_read_access: + reserved: true + cluster_permissions: + - "cluster:admin/opendistro/alerting/alerts/get" + - "cluster:admin/opendistro/alerting/destination/get" + - "cluster:admin/opendistro/alerting/monitor/get" + - "cluster:admin/opendistro/alerting/monitor/search" + +# Allows users to view and acknowledge alerts +alerting_ack_alerts: + reserved: true + cluster_permissions: + - "cluster:admin/opendistro/alerting/alerts/*" + +# Allows users to use all alerting functionality +alerting_full_access: + reserved: true + cluster_permissions: + - "cluster_monitor" + - "cluster:admin/opendistro/alerting/*" + index_permissions: + - index_patterns: + - "*" + allowed_actions: + - "indices_monitor" + - "indices:admin/aliases/get" + - "indices:admin/mappings/get" + +# Allow users to read Anomaly Detection detectors and results +anomaly_read_access: + reserved: true + cluster_permissions: + - "cluster:admin/opendistro/ad/detector/info" + - "cluster:admin/opendistro/ad/detector/search" + - "cluster:admin/opendistro/ad/detectors/get" + - "cluster:admin/opendistro/ad/result/search" + - "cluster:admin/opendistro/ad/tasks/search" + +# Allows users to use all Anomaly Detection functionality +anomaly_full_access: + reserved: true + cluster_permissions: + - "cluster_monitor" + - "cluster:admin/opendistro/ad/*" + index_permissions: + - index_patterns: + - "*" + allowed_actions: + - "indices_monitor" + - "indices:admin/aliases/get" + - "indices:admin/mappings/get" + +# Allows users to read Notebooks +notebooks_read_access: + reserved: true + cluster_permissions: + - "cluster:admin/opendistro/notebooks/list" + - "cluster:admin/opendistro/notebooks/get" + +# Allows users to all Notebooks functionality +notebooks_full_access: + reserved: true + cluster_permissions: + - "cluster:admin/opendistro/notebooks/create" + - "cluster:admin/opendistro/notebooks/update" + - "cluster:admin/opendistro/notebooks/delete" + - "cluster:admin/opendistro/notebooks/get" + - "cluster:admin/opendistro/notebooks/list" + +# Allows users to read and download Reports +reports_instances_read_access: + reserved: true + cluster_permissions: + - "cluster:admin/opendistro/reports/instance/list" + - "cluster:admin/opendistro/reports/instance/get" + - "cluster:admin/opendistro/reports/menu/download" + +# Allows users to read and download Reports and Report-definitions +reports_read_access: + reserved: true + cluster_permissions: + - "cluster:admin/opendistro/reports/definition/get" + - "cluster:admin/opendistro/reports/definition/list" + - "cluster:admin/opendistro/reports/instance/list" + - "cluster:admin/opendistro/reports/instance/get" + - "cluster:admin/opendistro/reports/menu/download" + +# Allows users to all Reports functionality +reports_full_access: + reserved: true + cluster_permissions: + - "cluster:admin/opendistro/reports/definition/create" + - "cluster:admin/opendistro/reports/definition/update" + - "cluster:admin/opendistro/reports/definition/on_demand" + - "cluster:admin/opendistro/reports/definition/delete" + - "cluster:admin/opendistro/reports/definition/get" + - "cluster:admin/opendistro/reports/definition/list" + - "cluster:admin/opendistro/reports/instance/list" + - "cluster:admin/opendistro/reports/instance/get" + - "cluster:admin/opendistro/reports/menu/download" + +# Allows users to use all asynchronous-search functionality +asynchronous_search_full_access: + reserved: true + cluster_permissions: + - "cluster:admin/opendistro/asynchronous_search/*" + index_permissions: + - index_patterns: + - "*" + allowed_actions: + - "indices:data/read/search*" + +# Allows users to read stored asynchronous-search results +asynchronous_search_read_access: + reserved: true + cluster_permissions: + - "cluster:admin/opendistro/asynchronous_search/get" + +# Wazuh monitoring and statistics index permissions +manage_wazuh_index: + reserved: true + hidden: false + cluster_permissions: [] + index_permissions: + - index_patterns: + - "wazuh-*" + dls: "" + fls: [] + masked_fields: [] + allowed_actions: + - "read" + - "delete" + - "manage" + - "index" + tenant_permissions: [] + static: false diff --git a/docker/wazuh-4.6/config/wazuh_indexer/roles_mapping.yml b/docker/wazuh-4.6/config/wazuh_indexer/roles_mapping.yml new file mode 100644 index 0000000000..94c2b46613 --- /dev/null +++ b/docker/wazuh-4.6/config/wazuh_indexer/roles_mapping.yml @@ -0,0 +1,88 @@ +--- +# In this file users, backendroles and hosts can be mapped to Open Distro Security roles. +# Permissions for Opendistro roles are configured in roles.yml + +_meta: + type: "rolesmapping" + config_version: 2 + +# Define your roles mapping here + +## Default roles mapping + +all_access: + reserved: true + hidden: false + backend_roles: + - "admin" + hosts: [] + users: [] + and_backend_roles: [] + description: "Maps admin to all_access" + +own_index: + reserved: false + hidden: false + backend_roles: [] + hosts: [] + users: + - "*" + and_backend_roles: [] + description: "Allow full access to an index named like the username" + +logstash: + reserved: false + hidden: false + backend_roles: + - "logstash" + hosts: [] + users: [] + and_backend_roles: [] + +readall: + reserved: true + hidden: false + backend_roles: + - "readall" + hosts: [] + users: [] + and_backend_roles: [] + +manage_snapshots: + reserved: true + hidden: false + backend_roles: + - "snapshotrestore" + hosts: [] + users: [] + and_backend_roles: [] + +kibana_server: + reserved: true + hidden: false + backend_roles: [] + hosts: [] + users: + - "kibanaserver" + and_backend_roles: [] + +kibana_user: + reserved: false + hidden: false + backend_roles: + - "kibanauser" + hosts: [] + users: [] + and_backend_roles: [] + description: "Maps kibanauser to kibana_user" + + # Wazuh monitoring and statistics index permissions +manage_wazuh_index: + reserved: true + hidden: false + backend_roles: [] + hosts: [] + users: + - "kibanaserver" + - "admin" + and_backend_roles: [] diff --git a/docker/wazuh-4.6/config/wazuh_indexer/wazuh.indexer.yml b/docker/wazuh-4.6/config/wazuh_indexer/wazuh.indexer.yml new file mode 100755 index 0000000000..3b31ac37d0 --- /dev/null +++ b/docker/wazuh-4.6/config/wazuh_indexer/wazuh.indexer.yml @@ -0,0 +1,28 @@ +network.host: "0.0.0.0" +node.name: "wazuh.indexer" +path.data: /var/lib/wazuh-indexer +path.logs: /var/log/wazuh-indexer +discovery.type: single-node +compatibility.override_main_response_version: true +plugins.security.ssl.http.pemcert_filepath: ${OPENSEARCH_PATH_CONF}/certs/wazuh.indexer.pem +plugins.security.ssl.http.pemkey_filepath: ${OPENSEARCH_PATH_CONF}/certs/wazuh.indexer.key +plugins.security.ssl.http.pemtrustedcas_filepath: ${OPENSEARCH_PATH_CONF}/certs/ca.pem +plugins.security.ssl.transport.pemcert_filepath: ${OPENSEARCH_PATH_CONF}/certs/wazuh.indexer.pem +plugins.security.ssl.transport.pemkey_filepath: ${OPENSEARCH_PATH_CONF}/certs/wazuh.indexer.key +plugins.security.ssl.transport.pemtrustedcas_filepath: ${OPENSEARCH_PATH_CONF}/certs/ca.pem +plugins.security.ssl.http.enabled: true +plugins.security.ssl.transport.enforce_hostname_verification: false +plugins.security.ssl.transport.resolve_hostname: false +plugins.security.authcz.admin_dn: +- "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US" +plugins.security.check_snapshot_restore_write_privileges: true +plugins.security.enable_snapshot_restore_privilege: true +plugins.security.nodes_dn: +- "CN=os1,OU=Wazuh,O=Wazuh,L=California,C=US" +plugins.security.restapi.roles_enabled: +- "all_access" +- "security_rest_api_access" +plugins.security.system_indices.enabled: true +plugins.security.system_indices.indices: [".opendistro-alerting-config", ".opendistro-alerting-alert*", ".opendistro-anomaly-results*", ".opendistro-anomaly-detector*", ".opendistro-anomaly-checkpoints", ".opendistro-anomaly-detection-state", ".opendistro-reports-*", ".opendistro-notifications-*", ".opendistro-notebooks", ".opensearch-observability", ".opendistro-asynchronous-search-response*", ".replication-metadata-store"] +plugins.security.allow_default_init_securityindex: true +cluster.routing.allocation.disk.threshold_enabled: false \ No newline at end of file diff --git a/docker/wazuh-4.6/enable_saml.sh b/docker/wazuh-4.6/enable_saml.sh new file mode 100755 index 0000000000..41d3fb8a22 --- /dev/null +++ b/docker/wazuh-4.6/enable_saml.sh @@ -0,0 +1,165 @@ +#!/bin/bash + +# idp container launches and docker-compose returns too quickly, do not wait for container to +# be healthy as it has no dependencies, so we wait before continuing +sleep 7 + + +indexer="$1-wazuh.indexer-1" +dashboard="$1-wazuh.dashboard-1" + +# Setup keycloack to be used with wazuh-dashboards + +# Connection +U="admin" +P="admin" +B="http://idp:8080" + +# Realm +REALM="master" + +# Get ACCESS_TOKEN from default install +ACCESS_TOKEN=$(curl -sS \ + -d 'client_id=admin-cli' \ + -d 'username=admin' \ + -d 'password=admin' \ + -d 'grant_type=password' \ + "${B}/realms/master/protocol/openid-connect/token" | jq -r '.access_token') + +H=('-H' 'Content-Type: application/json' '-H' "Authorization: Bearer $ACCESS_TOKEN") + +# Create new REALM +REALM="wazuh" +P='{ + "id": "wazuh", + "realm": "wazuh", + "enabled": true +}' + +curl -sS -L -X POST "${B}/admin/realms" "${H[@]}" -d "$P" | grep -v "Conflict detected" + + +# Add admin certificates to keycloak as these are used by indexer to sign saml +# messages. These should be uploaded to keycloak if we want it to verify indexer messages. +key=$(cat /certs/wi/admin-key.pem | grep -v "PRIVATE KEY" | tr -d "\n") +cert=$(cat /certs/wi/admin.pem | grep -v CERTIFICATE | tr -d "\n") + + +# Create client +# By default the client does not verify the client signature on saml messages +# but it could be enabled for testing purposes +PC="{ + \"protocol\": \"saml\", + \"name\": \"wazuh\", + \"clientId\": \"wazuh\", + \"description\": \"wazuh saml integration\", + \"baseUrl\": \"https://localhost:5601\", + \"rootUrl\": \"https://localhost:5601\", + \"redirectUris\": [\"https://localhost:5601/*\"], + \"attributes\" : { + \"saml_single_logout_service_url_redirect\": \"https://localhost:5601/_opendistro/_security/saml/logout\", + \"saml_assertion_consumer_url_post\": \"https://localhost:5601/_opendistro/_security/saml/acs/idpinitiated\", + \"saml_single_logout_service_url_post\": \"https://wazuh.dashboard:5601/_opendistro/_security/saml/logout\", + \"saml.force.post.binding\": \"false\", + \"saml.signing.certificate\": \"$cert\", + \"saml.signing.private.key\": \"$key\", + \"saml.client.signature\": \"true\", + \"saml_single_logout_service_url_redirect\": \"https://localhost:5601\", + \"post.logout.redirect.uris\": \"https://localhost:5601*\" + } +}" + +curl -sS -L -X POST "${B}/admin/realms/${REALM}/clients" "${H[@]}" -d "$PC" | grep -v "Client wazuh already exists" + +# Get a client json representation +CLIENT=$(curl -sS -L -X GET "${B}/admin/realms/${REALM}/clients" "${H[@]}" -G -d 'clientId=wazuh' |jq '.[] | select(.clientId=="wazuh")') + +# Get client id +CID=$(echo $CLIENT | jq -r '.id' ) + +# Generate all-access and admin role for the realm +PR1='{ + "name":"all-access" +}' + +curl -sS -L -X POST "${B}/admin/realms/${REALM}/roles" "${H[@]}" -d "$PR1" | grep -v "Role with name all-access already exists" + +PR2='{ + "name":"admin" +}' + +curl -sS -L -X POST "${B}/admin/realms/${REALM}/roles" "${H[@]}" -d "$PR2" | grep -v "Role with name admin already exists" + + +## create new user +PU='{ + "username": "wazuh", + "email": "hello@wazuh.com", + "firstName": "Wazuh", + "lastName": "Wazuh", + "emailVerified": true, + "enabled": true, + "credentials": [{"temporary":false,"type":"password","value":"wazuh"}], + "realmRoles": ["admin", "all-access"] +}' + +curl -sS -L -X POST "${B}/admin/realms/${REALM}/users" "${H[@]}" -d "$PU" | grep -v "User exists with same username" + +## Get a user json representation +USER=$(curl -sS -L -X GET "${B}/admin/realms/${REALM}/users" "${H[@]}" -G -d 'username=wazuh' |jq '.[] | select(.username=="wazuh")') + +### Get user id +USERID=$(echo $USER | jq -r '.id' ) + +# Get roles +ROLES=$(curl -sS -L -X GET "${B}/admin/realms/${REALM}/roles" "${H[@]}" -d "$PR2" ) + +## Assign role +ADMINID=$(echo $ROLES | jq -r '.[] | select(.name=="admin").id') +ALLACCESSID=$(echo $ROLES | jq -r '.[] | select(.name=="all-access").id') + +PA1="[ + { + \"id\": \"$ADMINID\", + \"name\": \"admin\", + \"composite\": false, + \"clientRole\": false, + \"containerId\": \"wazuh\" + }, + { + \"id\": \"$ALLACCESSID\", + \"name\": \"all-access\", + \"description\": \"\", + \"composite\": false, + \"clientRole\": false, + \"containerId\": \"wazuh\" + } +]" + +curl -sS -L -X POST "${B}/admin/realms/${REALM}/users/${USERID}/role-mappings/realm" "${H[@]}" -d "$PA1" + +# Get list of client scopes +CSCOPES=$(curl -sS -L -X GET "${B}/admin/realms/${REALM}/client-scopes" "${H[@]}") +CSID=$(echo $CSCOPES | jq -r '.[] | select(.name=="role_list").id ') +CSR=$(echo $CSCOPES | jq -r '.[] | select(.name=="role_list") ') + + +# Set single to true, so opensearch works +UPDATE=$(echo $CSR | jq '.protocolMappers[] | select(.name=="role list").config.single |= "true" ') +PMID=$(echo $CSR | jq -r '.protocolMappers[] | select(.name=="role list").id') + +curl -sS -L -X PUT "${B}/admin/realms/${REALM}/client-scopes/$CSID/protocol-mappers/models/$PMID" "${H[@]}" -d "$UPDATE" + +# Set up auth realm on opensearch +certs="/usr/share/wazuh-indexer/certs" +ca="$certs/ca.pem" +cert="$certs/admin.pem" +key="$certs/admin-key.pem" + +securityadmin="bash /usr/share/wazuh-indexer/plugins/opensearch-security/tools/securityadmin.sh" +config_path="/usr/share/wazuh-indexer/opensearch-security/" + +echo "To update configuration in indexer, you can run:" +echo docker exec -e JAVA_HOME=/usr/share/wazuh-indexer/jdk $indexer $securityadmin -cacert $ca -cert $cert -key $key -cd $config_path + + diff --git a/docker/wazuh-4.6/pre.sh b/docker/wazuh-4.6/pre.sh new file mode 100755 index 0000000000..fbf7297c91 --- /dev/null +++ b/docker/wazuh-4.6/pre.sh @@ -0,0 +1,109 @@ +#!/usr/bin/env bash + +versions=( + "4.6.0" +) + +wazuh_api_version=( + "0" +) + +usage() { + echo + echo "./pre.sh wazuh_version wazuh_api_version action " + echo + echo "where" + echo " wazuh_version is one of ${versions[*]}" + echo " wazuh_api_version is the patch version of wazuh 4.6, for example " ${wazuh_api_version[*]} + echo " action is one of up | down | stop" + echo + echo "In a minor release, the API should not change the version here bumps the API" + echo " string returned for testing. This script generates the file " + echo + echo " config/imposter/api_info.json" + echo + echo "used by the mock server" + exit -1 +} + +if [ $# -ne 3 ]; then + echo "Incorrect number of arguments " $# + usage +fi + +if [[ ! " ${versions[*]} " =~ " ${1} " ]]; then + echo "Version ${1} not found in ${versions[*]}" + exit -1 +fi + +[ -n "$2" ] && [ "$2" -eq "$2" ] 2>/dev/null +if [ $? -ne 0 ]; then + echo "$2 is not number" + exit -1 +fi + +patch_version=$2 +cat <config/imposter/api_info.json +{ + "data": { + "title": "Wazuh API REST", + "api_version": "4.6.${patch_version}", + "revision": 40316, + "license_name": "GPL 2.0", + "license_url": "https://github.com/wazuh/wazuh/blob/4.6/LICENSE", + "hostname": "imposter", + "timestamp": "2022-06-13T17:20:03Z" + }, + "error": 0 +} +EOF + +export WAZUH_STACK=${1} +export KIBANA_PORT=5601 +export KIBANA_PASSWORD=${PASSWORD:-SecretPassword} +export COMPOSE_PROJECT_NAME=wz-pre-${WAZUH_STACK//./} + +case "$3" in +up) + # recreate volumes + docker compose -f pre.yml up -Vd + + # This installs Wazuh and integrates with a default Wazuh stack + # v=$( echo -n $WAZUH_STACK | sed 's/\.//g' ) + echo + echo "Install the pre-release package manually with:" + echo + echo "1. Uninstall current version of the Wazuh app:" + echo "docker exec -ti ${COMPOSE_PROJECT_NAME}-wazuh.dashboard-1 /usr/share/wazuh-dashboard/bin/opensearch-dashboards-plugin remove wazuh" + echo + echo "2. Restart Wazuh Dashboard:" + echo "docker restart ${COMPOSE_PROJECT_NAME}-wazuh.dashboard-1" + echo + echo "3. Copy the pre-release package to the running Wazuh Dashboard container:" + echo docker cp wazuh-4.6.${patch_version}-1.zip ${COMPOSE_PROJECT_NAME}-wazuh.dashboard-1:/tmp + echo + echo "4. Install the package we have just uploaded:" + echo "docker exec -ti ${COMPOSE_PROJECT_NAME}-wazuh.dashboard-1 /usr/share/wazuh-dashboard/bin/opensearch-dashboards-plugin install file:///tmp/wazuh-4.6.${patch_version}-1.zip" + echo + echo "5. Restart the Wazuh Dashboard container:" + echo "docker restart ${COMPOSE_PROJECT_NAME}-wazuh.dashboard-1" + echo + echo "6. Upload the Wazuh app configuration:" + echo "docker cp ./config/wazuh_dashboard/wazuh.yml ${COMPOSE_PROJECT_NAME}-wazuh.dashboard-1:/usr/share/wazuh-dashboard/data/wazuh/config/" + echo + echo "7. Access the running instance in:" + echo "https://localhost:${KIBANA_PORT}" + echo + ;; +down) + # delete volumes + docker compose -f pre.yml down -v --remove-orphans + ;; +stop) + docker compose -f rel.yml -p "${COMPOSE_PROJECT_NAME}" stop + ;; +*) + echo "Action must be either up or down" + usage + ;; +esac diff --git a/docker/wazuh-4.6/pre.yml b/docker/wazuh-4.6/pre.yml new file mode 100755 index 0000000000..7f22362cd1 --- /dev/null +++ b/docker/wazuh-4.6/pre.yml @@ -0,0 +1,212 @@ +# Wazuh App Copyright (C) 2021 Wazuh Inc. (License GPLv2) +version: '3.9' + +# x-logging: &logging +# logging: +# driver: loki +# options: +# loki-url: "http://host.docker.internal:3100/loki/api/v1/push" + +services: + exporter: + image: quay.io/prometheuscommunity/elasticsearch-exporter:latest + # <<: *logging + hostname: 'exporter-kbn-${WAZUH_STACK}' + networks: + - wzd-pre + - mon + command: + - '--es.uri=https://admin:${KIBANA_PASSWORD}@wazuh.indexer:9200' + - '--es.ssl-skip-verify' + - '--es.all' + + imposter: + image: outofcoffee/imposter + hostname: 'imposter-kbn-${WAZUH_STACK}' + networks: + - wzd-pre + - mon + # <<: *logging + environment: + - JAVA_OPTS="-Xmx512m -Xss512k -Dfile.encoding=UTF-8 -XX:MaxRAM=800m -XX:MaxRAMPercentage=95 -XX:MinRAMPercentage=60A" + - MALLOC_ARENA_MAX=1 + volumes: + - ./config/imposter:/opt/imposter/config + + generator: + image: cfssl/cfssl + volumes: + - wi_certs:/certs/wi + - wd_certs:/certs/wd + - wm_certs:/certs/wm + - ./config/certs:/conf + entrypoint: /bin/bash + command: > + -c ' + export certs=/tmp/certs + mkdir $$certs + cd $$certs + + echo "Generating CA" + cfssl gencert -initca /conf/ca.json | cfssljson -bare ca + + echo "Generating servers certificates" + for i in wazuh.indexer wazuh.dashboard wazuh.manager; do + echo "Generating cert for $$i" + cat /conf/host.json | \ + sed "s/HOST/$$i/g" | \ + cfssl gencert \ + -ca $$certs/ca.pem \ + -ca-key $$certs/ca-key.pem \ + -config /conf/cfssl.json \ + -profile=server - | \ + cfssljson -bare $$i + openssl pkcs8 -topk8 -inform pem -in $$i-key.pem -outform pem -nocrypt -out $$i.key + done + + echo "Generating clients certificates" + for i in admin filebeat; do + echo "Generating cert for $$i" + cat /conf/host.json | \ + sed "s/HOST/$$i/g" | \ + cfssl gencert \ + -ca $$certs/ca.pem \ + -ca-key $$certs/ca-key.pem \ + -config /conf/cfssl.json \ + -profile=client - | \ + cfssljson -bare $$i + openssl pkcs8 -topk8 -inform pem -in $$i-key.pem -outform pem -nocrypt -out $$i.key + done + + echo "Setting up permissions" + + rm /certs/wi/* /certs/wd/* /certs/wm/* + + mv $$certs/wazuh.indexer* /certs/wi + mv $$certs/admin* /certs/wi + mv /certs/wi/admin.key /certs/wi/admin-key.pem + cp $$certs/*ca* /certs/wi + + mv $$certs/wazuh.dashboard* /certs/wd + cp $$certs/*ca* /certs/wd + + mv $$certs/*.* /certs/wm + + chmod 640 /certs/wi/* /certs/wd/* /certs/wm/* + chown -R 1000:1000 /certs/* + ls -alR /certs/ + + sleep 30 + ' + healthcheck: + test: ['CMD-SHELL', '[ -r /certs/wm/wazuh.manager.pem ]'] + interval: 2s + timeout: 5s + retries: 10 + + filebeat: + depends_on: + wazuh.indexer: + condition: service_healthy + image: elastic/filebeat:7.10.2 + hostname: filebeat + user: '0:0' + networks: + - wzd-pre + - mon + # <<: *logging + entrypoint: + - '/bin/bash' + command: > + -c ' + mkdir -p /etc/filebeat + echo admin | filebeat keystore add username --stdin --force + echo SecretPassword| filebeat keystore add password --stdin --force + curl -so /etc/filebeat/wazuh-template.json https://raw.githubusercontent.com/wazuh/wazuh/4.3/extensions/elasticsearch/7.x/wazuh-template.json + curl -s https://packages.wazuh.com/4.x/filebeat/wazuh-filebeat-0.3.tar.gz | tar -xvz -C /usr/share/filebeat/module + # copy filebeat to preserve correct permissions without + # affecting host filesystem + cp /tmp/filebeat.yml /usr/share/filebeat/filebeat.yml + chown root.root /usr/share/filebeat/filebeat.yml + chmod go-w /usr/share/filebeat/filebeat.yml + filebeat setup -e + filebeat + ' + volumes: + - wm_certs:/etc/ssl/wazuh + - ./config/filebeat/filebeat.yml:/tmp/filebeat.yml + + wazuh.indexer: + depends_on: + generator: + condition: service_healthy + image: wazuh/wazuh-indexer:${WAZUH_STACK} + hostname: wazuh.indexer + networks: + - wzd-pre + - mon + # <<: *logging + environment: + - 'OPENSEARCH_JAVA_OPTS=-Xms512m -Xmx512m' + - 'OPENSEARCH_PATH_CONF=/usr/share/wazuh-indexer/config' + ulimits: + memlock: + soft: -1 + hard: -1 + nofile: + soft: 65536 + hard: 65536 + volumes: + - wazuh-indexer-data:/var/lib/wazuh-indexer + - wi_certs:/usr/share/wazuh-indexer/certs/ + - ./config/wazuh_indexer/wazuh.indexer.yml:/usr/share/wazuh-indexer/opensearch.yml + - ./config/wazuh_indexer/internal_users.yml:/usr/share/wazuh-indexer/opensearch-security/internal_users.yml + - ./config/wazuh_indexer/config.yml:/usr/share/wazuh-indexer/opensearch-security/config.yml + - ./config/wazuh_indexer/roles.yml:/usr/share/wazuh-indexer/opensearch-security/roles.yml + - ./config/wazuh_indexer/roles_mapping.yml:/usr/share/wazuh-indexer/opensearch-security/roles_mapping.yml + healthcheck: + test: + [ + 'CMD-SHELL', + '/usr/share/wazuh-indexer/bin/opensearch-plugin list | grep -q security', + ] + interval: 10s + timeout: 10s + retries: 120 + + wazuh.dashboard: + image: wazuh/wazuh-dashboard:${WAZUH_STACK} + hostname: wazuh.dashboard + depends_on: + wazuh.indexer: + condition: service_healthy + networks: + - wzd-pre + - mon + # <<: *logging + ports: + - ${KIBANA_PORT}:5601 + environment: + - INDEXER_USERNAME=admin + - INDEXER_PASSWORD=SecretPassword + - WAZUH_API_URL=http://imposter:8080 + - API_USERNAME=wazuh-wui + - API_PASSWORD=MyS3cr37P450r.*- + volumes: + - wd_certs:/usr/share/wazuh-dashboard/certs + - ./config/wazuh_dashboard/wazuh_dashboards.yml:/usr/share/wazuh-dashboard/config/wazuh_dashboards.yml + - ./config/wazuh_dashboard/wazuh.yml:/usr/share/wazuh-dashboard/data/wazuh/config/wazuh.yml + +networks: + networks: + wzd-pre: + name: wzd-pre-${WAZUH_STACK} + driver: bridge + mon: + external: true + +volumes: + wazuh-indexer-data: + wi_certs: + wd_certs: + wm_certs: diff --git a/docker/wazuh-4.6/rel.sh b/docker/wazuh-4.6/rel.sh new file mode 100755 index 0000000000..d3b3d18270 --- /dev/null +++ b/docker/wazuh-4.6/rel.sh @@ -0,0 +1,69 @@ +#!/usr/bin/env bash + +versions=( + "4.6.0" +) + +usage() { + echo + echo "$0 version action [saml]" + echo + echo "where version is one of ${versions[*]}" + echo "action is one of up | down | stop" + echo "saml to deploy a saml enabled environment" + exit -1 +} + +if [ $# -lt 2 ]; then + echo "Incorrect number of arguments " $# + usage +fi + +if [[ ! " ${versions[*]} " =~ " ${1} " ]]; then + echo "Version ${1} not found in ${versions[*]}" + exit -1 +fi + +export WAZUH_STACK=${1} +export KIBANA_PORT=5601 +export KIBANA_PASSWORD=${PASSWORD:-SecretPassword} +export COMPOSE_PROJECT_NAME=wz-rel-${WAZUH_STACK//./} + +profile="standard" +export WAZUH_DASHBOARD_CONF=./config/wazuh_dashboard/wazuh_dashboard.yml +export SEC_CONFIG_FILE=./config/wazuh_indexer/config.yml + +if [[ "$3" =~ "saml" ]]; then + profile="saml" + export WAZUH_DASHBOARD_CONF=./config/wazuh_dashboard/wazuh_dashboard_saml.yml + export SEC_CONFIG_FILE=./config/wazuh_indexer/config-saml.yml +fi + +case "$2" in +up) + docker compose --profile $profile -f rel.yml -p "${COMPOSE_PROJECT_NAME}" up -Vd + echo + echo "1. (Optional) Enroll an agent (Ubuntu 20.04):" + echo "docker run --name ${COMPOSE_PROJECT_NAME}-agent --network ${COMPOSE_PROJECT_NAME} --label com.docker.compose.project=${COMPOSE_PROJECT_NAME} -d ubuntu:20.04 bash -c '" + echo " apt update -y" + echo " apt install -y curl lsb-release" + echo " curl -so \wazuh-agent-${WAZUH_STACK}.deb \\" + echo " https://packages.wazuh.com/4.x/apt/pool/main/w/wazuh-agent/wazuh-agent_${WAZUH_STACK}-1_amd64.deb \\" + echo " && WAZUH_MANAGER='wazuh.manager' WAZUH_AGENT_GROUP='default' dpkg -i ./wazuh-agent-${WAZUH_STACK}.deb" + echo + echo " /etc/init.d/wazuh-agent start" + echo " tail -f /var/ossec/logs/ossec.log" + echo "'" + echo + ;; +down) + docker compose --profile $profile -f rel.yml -p "${COMPOSE_PROJECT_NAME}" down -v --remove-orphans + ;; +stop) + docker compose --profile $profile -f rel.yml -p "${COMPOSE_PROJECT_NAME}" stop + ;; +*) + echo "Action must be either up or down" + usage + ;; +esac diff --git a/docker/wazuh-4.6/rel.yml b/docker/wazuh-4.6/rel.yml new file mode 100755 index 0000000000..fd5b1a3a08 --- /dev/null +++ b/docker/wazuh-4.6/rel.yml @@ -0,0 +1,325 @@ +# Wazuh App Copyright (C) 2021 Wazuh Inc. (License GPLv2) +version: '3.9' + +# x-logging: &logging +# logging: +# driver: loki +# options: +# loki-url: 'http://host.docker.internal:3100/loki/api/v1/push' + +services: + generator: + image: cfssl/cfssl + profiles: + - 'saml' + - 'standard' + # <<: *logging + volumes: + - wi_certs:/certs/wi + - wd_certs:/certs/wd + - wm_certs:/certs/wm + - idp_certs:/certs/idp + - ./config/certs:/conf + # Included to avoid docker from creating duplicated networks + networks: + - wz-rel + entrypoint: /bin/bash + command: > + -c ' + export certs=/tmp/certs + mkdir $$certs + cd $$certs + + echo "Generating CA" + cfssl gencert -initca /conf/ca.json | cfssljson -bare ca + + echo "Generating servers certificates" + for i in wazuh.indexer wazuh.dashboard wazuh.manager; do + echo "Generating cert for $$i" + cat /conf/host.json | \ + sed "s/HOST/$$i/g" | \ + cfssl gencert \ + -ca $$certs/ca.pem \ + -ca-key $$certs/ca-key.pem \ + -config /conf/cfssl.json \ + -profile=server - | \ + cfssljson -bare $$i + openssl pkcs8 -topk8 -inform pem -in $$i-key.pem -outform pem -nocrypt -out $$i.key + done + + echo "Generating clients certificates" + for i in admin saml filebeat; do + echo "Generating cert for $$i" + cat /conf/host.json | \ + sed "s/HOST/$$i/g" | \ + cfssl gencert \ + -ca $$certs/ca.pem \ + -ca-key $$certs/ca-key.pem \ + -config /conf/cfssl.json \ + -profile=client - | \ + cfssljson -bare $$i + openssl pkcs8 -topk8 -inform pem -in $$i-key.pem -outform pem -nocrypt -out $$i.key + done + + echo "Setting up permissions" + + rm /certs/wi/* /certs/wd/* /certs/wm/* + + mv $$certs/wazuh.indexer* /certs/wi + mv $$certs/admin* /certs/wi + mv /certs/wi/admin.key /certs/wi/admin-key.pem + cp $$certs/*ca* /certs/wi + + mv $$certs/saml* /certs/idp + mv /certs/idp/saml.key /certs/idp/saml-key.pem + cp $$certs/*ca* /certs/idp + + mv $$certs/wazuh.dashboard* /certs/wd + cp $$certs/*ca* /certs/wd + + mv $$certs/*.* /certs/wm + + chmod 640 /certs/wi/* /certs/wd/* /certs/wm/* + chown -R 1000:1000 /certs/* + ls -alR /certs/ + + sleep 300 + ' + healthcheck: + test: ['CMD-SHELL', '[ -r /certs/wm/wazuh.manager.pem ]'] + interval: 2s + timeout: 5s + retries: 10 + + idpsec: + image: quay.io/keycloak/keycloak:19.0.1 + depends_on: + generator: + condition: service_healthy + profiles: + - 'saml' + volumes: + - wi_certs:/certs/wi + - wd_certs:/certs/wd + - wm_certs:/certs/wm + - idp_certs:/certs/idp + networks: + - wz-rel + - mon + entrypoint: /bin/bash + command: > + -c ' + # trust store + for i in /certs/idp/ca.pem /certs/wd/wazuh.dashboard.pem /certs/wi/wazuh.indexer.pem + do + keytool -import -alias $$(basename $$i .pem) -file $$i -keystore /certs/idp/truststore.jks -storepass SecretPassword -trustcacerts -noprompt + done + sleep 300 + ' + healthcheck: + test: ['CMD-SHELL', '[ -r /certs/idp/truststore.jks ]'] + interval: 2s + timeout: 5s + retries: 10 + + wazuh.manager: + depends_on: + generator: + condition: service_healthy + image: wazuh/wazuh-manager:${WAZUH_STACK} + profiles: + - 'saml' + - 'standard' + hostname: wazuh.manager + networks: + - wz-rel + - mon + # <<: *logging + environment: + - INDEXER_URL=https://wazuh.indexer:9200 + - INDEXER_USERNAME=admin + - INDEXER_PASSWORD=SecretPassword + - FILEBEAT_SSL_VERIFICATION_MODE=full + - SSL_CERTIFICATE_AUTHORITIES=/etc/ssl/wazuh/ca.pem + - SSL_CERTIFICATE=/etc/ssl/wazuh/filebeat.pem + - SSL_KEY=/etc/ssl/wazuh/filebeat.key + - API_USERNAME=wazuh-wui + - API_PASSWORD=MyS3cr37P450r.*- + volumes: + - wazuh_api_configuration:/var/ossec/api/configuration + - wazuh_etc:/var/ossec/etc + - wazuh_logs:/var/ossec/logs + - wazuh_queue:/var/ossec/queue + - wazuh_var_multigroups:/var/ossec/var/multigroups + - wazuh_integrations:/var/ossec/integrations + - wazuh_active_response:/var/ossec/active-response/bin + - wazuh_agentless:/var/ossec/agentless + - wazuh_wodles:/var/ossec/wodles + - filebeat_etc:/etc/filebeat + - filebeat_var:/var/lib/filebeat + - wm_certs:/etc/ssl/wazuh + - ./config/wazuh_cluster/wazuh_manager.conf:/wazuh-config-mount/etc/ossec.conf + + wazuh.indexer: + depends_on: + generator: + condition: service_healthy + idpsetup: + condition: service_completed_successfully + required: false + image: wazuh/wazuh-indexer:${WAZUH_STACK} + profiles: + - 'saml' + - 'standard' + hostname: wazuh.indexer + networks: + - wz-rel + - mon + # <<: *logging + environment: + - 'OPENSEARCH_JAVA_OPTS=-Xms512m -Xmx512m' + - 'OPENSEARCH_PATH_CONF=/usr/share/wazuh-indexer/config' + ulimits: + memlock: + soft: -1 + hard: -1 + nofile: + soft: 65536 + hard: 65536 + volumes: + - wazuh-indexer-data:/var/lib/wazuh-indexer + - wi_certs:/usr/share/wazuh-indexer/certs/ + - idp_certs:/usr/share/wazuh-indexer/idp/ + - ./config/wazuh_indexer/wazuh.indexer.yml:/usr/share/wazuh-indexer/opensearch.yml + - ./config/wazuh_indexer/internal_users.yml:/usr/share/wazuh-indexer/opensearch-security/internal_users.yml + - ${SEC_CONFIG_FILE}:/usr/share/wazuh-indexer/opensearch-security/config.yml + - ./config/wazuh_indexer/roles.yml:/usr/share/wazuh-indexer/opensearch-security/roles.yml + - ./config/wazuh_indexer/roles_mapping.yml:/usr/share/wazuh-indexer/opensearch-security/roles_mapping.yml + healthcheck: + test: + [ + 'CMD-SHELL', + '/usr/share/wazuh-indexer/bin/opensearch-plugin list | grep -q security', + ] + interval: 10s + timeout: 10s + retries: 120 + + wazuh.dashboard: + image: wazuh/wazuh-dashboard:${WAZUH_STACK} + profiles: + - 'saml' + - 'standard' + hostname: wazuh.dashboard + depends_on: + wazuh.indexer: + condition: service_healthy + networks: + - wz-rel + - mon + # <<: *logging + ports: + - ${KIBANA_PORT}:5601 + environment: + - INDEXER_USERNAME=admin + - INDEXER_PASSWORD=SecretPassword + - WAZUH_API_URL=https://wazuh.manager + - API_USERNAME=wazuh-wui + - API_PASSWORD=MyS3cr37P450r.*- + volumes: + - wd_certs:/usr/share/wazuh-dashboard/certs + - ${WAZUH_DASHBOARD_CONF}:/usr/share/wazuh-dashboard/config/opensearch_dashboards.yml + - ./config/wazuh_dashboard/wazuh.yml:/usr/share/wazuh-dashboard/data/wazuh/config/wazuh.yml + + exporter: + image: quay.io/prometheuscommunity/elasticsearch-exporter:latest + profiles: + - 'saml' + - 'standard' + # <<: *logging + hostname: 'exporter' + networks: + - wz-rel + - mon + command: + - '--es.uri=https://admin:${KIBANA_PASSWORD}@wazuh-indexer:9200' + - '--es.ssl-skip-verify' + - '--es.all' + + idp: + image: quay.io/keycloak/keycloak:19.0.1 + depends_on: + idpsec: + condition: service_healthy + profiles: + - 'saml' + hostname: idp + # <<: *logging + networks: + - wz-rel + - mon + ports: + - '8080:8080' + environment: + - KEYCLOAK_ADMIN=admin + - KEYCLOAK_ADMIN_PASSWORD=admin + - KC_SPI_TRUSTSTORE_FILE_PASSWORD=SecretPassword + - KC_SPI_TRUSTSTORE_FILE_FILE=/certs/truststore.jks + volumes: + - keycloak-data:/var/lib/keycloak/data + - idp_certs:/certs + command: start-dev + healthcheck: + test: curl -f http://idp:8080/realms/master || exit 1 + interval: 10s + timeout: 5s + retries: 6 + + idpsetup: + image: badouralix/curl-jq + depends_on: + idp: + condition: service_healthy + profiles: + - 'saml' + hostname: idpsetup + # <<: *logging + networks: + - wz-rel + - mon + volumes: + - wi_certs:/certs/wi + - ./enable_saml.sh:/enable_saml.sh + entrypoint: /bin/sh + command: > + -c ' + apk add bash + bash /enable_saml.sh + exit 0 + ' + +networks: + wz-rel: + name: ${COMPOSE_PROJECT_NAME} + driver: bridge + mon: + external: true + +volumes: + wi_certs: + wd_certs: + wm_certs: + idp_certs: + wazuh_api_configuration: + wazuh_etc: + wazuh_logs: + wazuh_queue: + wazuh_var_multigroups: + wazuh_integrations: + wazuh_active_response: + wazuh_agentless: + wazuh_wodles: + filebeat_etc: + filebeat_var: + wazuh-indexer-data: + keycloak-data: diff --git a/docker/wazuh-4.7/README.md b/docker/wazuh-4.7/README.md new file mode 100644 index 0000000000..20d90784da --- /dev/null +++ b/docker/wazuh-4.7/README.md @@ -0,0 +1,142 @@ +# Wazuh Stack 4.7.x + +On this folder, we can find two types of environments: + +- release environment, managed by the `rel.sh` script +- prerelease environment managed by the `pre.sh` script + +### UI Credentials + +The default user and password to access the UI at https://0.0.0.0:5601/ are: + +``` +admin:SecretPassword +``` + +## Release environment + +This environment will start a working deployment with: + +- Wazuh Manager +- Wazuh Indexer +- Wazuh Dashboard + +Check the scripts for a list of the supported Wazuh versions. + +The environment expect the network `mon` to exists, either bring up the +`mon` stack or execute the following command: + +```bash +docker network create mon +``` + +The images used here are generated by the CI/CD team and uploaded into +the official Docker Hub organization. No Wazuh Agent image is provided yet, +so you'll need to deploy an agent in Docker manually, by following the +instructions below. + +### Image certificates + +Certificates are created automatically by the docker-compose, but if +it fails to create them with the appropriate permissions, we might need +to adjust them. + +This is related to the way the official Wazuh docker images are +prepared. + +### Registering agents using Docker + +To register an agent, we need to get the enrollment command from the +UI and then execute: + +- For `CentOS/8` images: + + ```bash + docker run --name wz-rel-agent-4.7.0 --rm --network wz-rel-450 --label com.docker.compose.project=wz-rel-450 -d centos:8 bash -c ' + sed -i -e "s|mirrorlist=|#mirrorlist=|g" /etc/yum.repos.d/CentOS-* + sed -i -e "s|#baseurl=http://mirror.centos.org|baseurl=http://vault.centos.org|g" /etc/yum.repos.d/CentOS-* + + # Change this command by the one the UI suggests. Add the -y flag and remove the `sudo`. + WAZUH_MANAGER='wazuh.manager' yum install -y https://packages.wazuh.com/4.x/yum5/x86_64/wazuh-agent-4.7.0-1.el5.x86_64.rpm + + /etc/init.d/wazuh-agent start + tail -f /var/ossec/logs/ossec.log + ' + ``` + +- For `Ubuntu` images + + ```bash + docker run --name wz-rel-agent-4.7.0 --network wz-rel-450 --label com.docker.compose.project=wz-rel-450 -d ubuntu:20.04 bash -c ' + apt update -y + apt install -y curl lsb-release + + # Change this command by the one the UI suggests to use. Remove the `sudo`. + curl -so wazuh-agent-4.7.0.deb https://packages.wazuh.com/4.x/apt/pool/main/w/wazuh-agent/wazuh-agent_4.7.0-1_amd64.deb && WAZUH_MANAGER='wazuh.manager' WAZUH_AGENT_GROUP='default' dpkg -i ./wazuh-agent-4.7.0.deb + + /etc/init.d/wazuh-agent start + tail -f /var/ossec/logs/ossec.log + ' + ``` + +- For `non-Linux` agents: + + We need to provision virtual machines. + +## Prerelease environment + +The prerelease environment helps us test app releases while the rest of +Wazuh packages haven't been generated yet. + +This environment will bring up: + +- Wazuh Indexer +- Wazuh Dashboard +- Filebeat +- Imposter + +### Usage + +The way to use this environment is to bring up a published Wazuh version to +later on upgrade the app with our pre-release package. + +While bring up the environment with the `pre.sh` script, specify the published +version of Wazuh with the `wazuh_version` argument, the new patch version of +Wazuh with `wazuh_api_version` and finally follow the steps provided by the +scripts. + +Example: test a package for Wazuh 4.7.0 + +```bash +./pre.sh 4.7.0 0 up +``` + +```bash +./pre.sh wazuh_version wazuh_api_version action + +where + wazuh_version is one of + wazuh_api_version is the minor version of wazuh 4.7, for example 5 17 + action is one of up | down + +In a minor release, the API should not change the version here bumps the API + string returned for testing. This script generates the file + + config/imposter/api_info.json + +used by the mock server +``` + +Please take into account that the API version for this environment will +always be a 4.7.x version. Also consider that our application version +must be the same as the one selected here. + +### App upgrade + +Follow the instructions provided by the `pre.sh` script. + +### Agent enrollment + +Because we're not using a real Wazuh Manager, we cannot register new agents. +Instead, Imposter (the mock server) will provide mocked responds to valid API +requests, as if it were the real Wazuh server. diff --git a/docker/wazuh-4.7/config/certs/ca.json b/docker/wazuh-4.7/config/certs/ca.json new file mode 100644 index 0000000000..8a96a70a42 --- /dev/null +++ b/docker/wazuh-4.7/config/certs/ca.json @@ -0,0 +1,15 @@ +{ + "CN": "Wazuh", + "key": { + "algo": "rsa", + "size": 2048 + }, + "names": [ + { + "C": "US", + "L": "San Francisco", + "O": "Wazuh", + "OU": "Wazuh Root CA" + } + ] +} diff --git a/docker/wazuh-4.7/config/certs/cfssl.json b/docker/wazuh-4.7/config/certs/cfssl.json new file mode 100644 index 0000000000..d23daf7621 --- /dev/null +++ b/docker/wazuh-4.7/config/certs/cfssl.json @@ -0,0 +1,58 @@ +{ + "signing": { + "default": { + "expiry": "8760h" + }, + "profiles": { + "intermediate_ca": { + "usages": [ + "signing", + "digital signature", + "key encipherment", + "cert sign", + "crl sign", + "server auth", + "client auth" + ], + "expiry": "8760h", + "ca_constraint": { + "is_ca": true, + "max_path_len": 0, + "max_path_len_zero": true + } + }, + "peer": { + "usages": [ + "signing", + "digital signature", + "key encipherment", + "data encipherment", + "client auth", + "server auth" + ], + "expiry": "8760h" + }, + "server": { + "usages": [ + "signing", + "digital signing", + "key encipherment", + "data encipherment", + "server auth" + ], + "expiry": "8760h" + }, + "client": { + "usages": [ + "signing", + "digital signature", + "key encipherment", + "data encipherment", + "client auth" + ], + "expiry": "8760h" + } + } + } +} + diff --git a/docker/wazuh-4.7/config/certs/host.json b/docker/wazuh-4.7/config/certs/host.json new file mode 100644 index 0000000000..27805da58e --- /dev/null +++ b/docker/wazuh-4.7/config/certs/host.json @@ -0,0 +1,19 @@ +{ + "CN": "HOST", + "key": { + "algo": "rsa", + "size": 2048 + }, + "names": [ + { + "C": "US", + "L": "California", + "O": "Wazuh", + "OU": "Wazuh" + } + ], + "hosts": [ + "HOST", + "localhost" + ] +} diff --git a/docker/wazuh-4.7/config/filebeat/filebeat.yml b/docker/wazuh-4.7/config/filebeat/filebeat.yml new file mode 100644 index 0000000000..e22b1f97ca --- /dev/null +++ b/docker/wazuh-4.7/config/filebeat/filebeat.yml @@ -0,0 +1,22 @@ + +# Wazuh - Filebeat configuration file +filebeat.modules: + - module: wazuh + alerts: + enabled: true + archives: + enabled: false + +setup.template.json.enabled: true +setup.template.json.path: '/etc/filebeat/wazuh-template.json' +setup.template.json.name: 'wazuh' +setup.template.overwrite: true +setup.ilm.enabled: false +output.elasticsearch: + hosts: ['https://wazuh.indexer:9200'] + username: 'admin' + password: 'SecretPassword' + ssl.verification_mode: full + ssl.certificate_authorities: ['/etc/ssl/wazuh/ca.pem'] + ssl.certificate: '/etc/ssl/wazuh/filebeat.pem' + ssl.key: '/etc/ssl/wazuh/filebeat-key.pem' diff --git a/docker/wazuh-4.7/config/imposter/api_info.json b/docker/wazuh-4.7/config/imposter/api_info.json new file mode 100644 index 0000000000..6bd2244ded --- /dev/null +++ b/docker/wazuh-4.7/config/imposter/api_info.json @@ -0,0 +1,12 @@ +{ + "data": { + "title": "Wazuh API REST", + "api_version": "4.7.0", + "revision": 40316, + "license_name": "GPL 2.0", + "license_url": "https://github.com/wazuh/wazuh/blob/4.7/LICENSE", + "hostname": "imposter", + "timestamp": "2022-06-13T17:20:03Z" + }, + "error": 0 +} diff --git a/docker/wazuh-4.7/config/imposter/login.js b/docker/wazuh-4.7/config/imposter/login.js new file mode 100755 index 0000000000..86c2eb4180 --- /dev/null +++ b/docker/wazuh-4.7/config/imposter/login.js @@ -0,0 +1,42 @@ +exports = {}; + +load('https://raw.githubusercontent.com/kjur/jsrsasign/master/npm/lib/jsrsasign.js', exports); +header = { + "alg": "HS256", + "typ": "JWT", + "kid": "vpaas-magic-cookie-1fc542a3e4414a44b2611668195e2bfe/4f4910" +}; + +// The second part of the token is the payload, which contains the claims. +// Claims are statements about an entity (typically, the user) and +// additional data. There are three types of claims: +// registered, public, and private claims. +nbf = Date.now()-1000; + +claims = { + "iss": "wazuh", + "aud": "Wazuh API REST", + "nbf": nbf, + "exp": nbf+3600000, + "sub": "wazuh", + "rbac_roles": [ + 1 + ], + "rbac_mode": "white" +}; + + +jwt = KJUR.jws.JWS.sign("HS256", JSON.stringify(header), JSON.stringify(claims), "616161"); + +resp = { + "data": { + "token": jwt, + "error": 0 + } +}; + +respond() + .withStatusCode(200) + .withData(JSON.stringify(resp)); + + diff --git a/docker/wazuh-4.7/config/imposter/wazuh-config.yml b/docker/wazuh-4.7/config/imposter/wazuh-config.yml new file mode 100755 index 0000000000..ace39bf4a0 --- /dev/null +++ b/docker/wazuh-4.7/config/imposter/wazuh-config.yml @@ -0,0 +1,16 @@ +--- +plugin: openapi +specFile: https://raw.githubusercontent.com/wazuh/wazuh/v4.4.0/api/api/spec/spec.yaml + +resources: + - path: /security/user/authenticate + method: POST + response: + statusCode: 200 + scriptFile: login.js + - path: / + method: get + response: + statusCode: 200 + staticFile: api_info.json + diff --git a/docker/wazuh-4.7/config/wazuh_cluster/wazuh_manager.conf b/docker/wazuh-4.7/config/wazuh_cluster/wazuh_manager.conf new file mode 100755 index 0000000000..aff1af9d6c --- /dev/null +++ b/docker/wazuh-4.7/config/wazuh_cluster/wazuh_manager.conf @@ -0,0 +1,353 @@ + + + yes + yes + no + no + no + smtp.example.wazuh.com + wazuh@example.wazuh.com + recipient@example.wazuh.com + 12 + alerts.log + 10m + 0 + + + + 3 + 12 + + + + + plain + + + + secure + 1514 + tcp + 131072 + + + + + no + yes + yes + yes + yes + yes + yes + yes + + + 43200 + + etc/rootcheck/rootkit_files.txt + etc/rootcheck/rootkit_trojans.txt + + yes + + + + yes + 1800 + 1d + yes + + wodles/java + wodles/ciscat + + + + + yes + yes + /var/log/osquery/osqueryd.results.log + /etc/osquery/osquery.conf + yes + + + + + no + 1h + yes + yes + yes + yes + yes + yes + yes + + + + 10 + + + + + yes + yes + 12h + yes + + + + no + 5m + 6h + yes + + + + no + trusty + xenial + bionic + focal + 1h + + + + + no + stretch + buster + bullseye + 1h + + + + + no + 5 + 6 + 7 + 8 + 1h + + + + + no + amazon-linux + amazon-linux-2 + 1h + + + + + no + 1h + + + + + yes + 1h + + + + + yes + 2010 + 1h + + + + + + + no + + + 43200 + + yes + + + yes + + + no + + + /etc,/usr/bin,/usr/sbin + /bin,/sbin,/boot + + + /etc/mtab + /etc/hosts.deny + /etc/mail/statistics + /etc/random-seed + /etc/random.seed + /etc/adjtime + /etc/httpd/logs + /etc/utmpx + /etc/wtmpx + /etc/cups/certs + /etc/dumpdates + /etc/svc/volatile + + + .log$|.swp$ + + + /etc/ssl/private.key + + yes + yes + yes + yes + + + 10 + + + 100 + + + + yes + 5m + 1h + 10 + + + + + + 127.0.0.1 + ^localhost.localdomain$ + 10.0.0.106 + + + + disable-account + disable-account + yes + + + + restart-wazuh + restart-wazuh + + + + firewall-drop + firewall-drop + yes + + + + host-deny + host-deny + yes + + + + route-null + route-null + yes + + + + win_route-null + route-null.exe + yes + + + + netsh + netsh.exe + yes + + + + + + + command + df -P + 360 + + + + full_command + netstat -tulpn | sed 's/\([[:alnum:]]\+\)\ \+[[:digit:]]\+\ \+[[:digit:]]\+\ \+\(.*\):\([[:digit:]]*\)\ \+\([0-9\.\:\*]\+\).\+\ \([[:digit:]]*\/[[:alnum:]\-]*\).*/\1 \2 == \3 == \4 \5/' | sort -k 4 -g | sed 's/ == \(.*\) ==/:\1/' | sed 1,2d + netstat listening ports + 360 + + + + full_command + last -n 20 + 360 + + + + + ruleset/decoders + ruleset/rules + 0215-policy_rules.xml + etc/lists/audit-keys + etc/lists/amazon/aws-eventnames + etc/lists/security-eventchannel + + + etc/decoders + etc/rules + + + + yes + 1 + 64 + 15m + + + + + no + 1515 + no + yes + no + HIGH:!ADH:!EXP:!MD5:!RC4:!3DES:!CAMELLIA:@STRENGTH + + no + etc/sslmanager.cert + etc/sslmanager.key + no + + + + wazuh + node01 + master + + 1516 + 0.0.0.0 + + NODE_IP + + no + yes + + + + + + + syslog + /var/ossec/logs/active-responses.log + + + diff --git a/docker/wazuh-4.7/config/wazuh_dashboard/wazuh.yml b/docker/wazuh-4.7/config/wazuh_dashboard/wazuh.yml new file mode 100755 index 0000000000..dca5610652 --- /dev/null +++ b/docker/wazuh-4.7/config/wazuh_dashboard/wazuh.yml @@ -0,0 +1,14 @@ +hosts: + - imposter: + url: "http://imposter" + port: 8080 + username: wazuh-wui + password: MyS3cr37P450r.*- + run_as: false + + - 1513629884013: + url: https://wazuh.manager + port: 55000 + username: wazuh-wui + password: MyS3cr37P450r.*- + run_as: false diff --git a/docker/wazuh-4.7/config/wazuh_dashboard/wazuh_dashboard.yml b/docker/wazuh-4.7/config/wazuh_dashboard/wazuh_dashboard.yml new file mode 100755 index 0000000000..741fa3c019 --- /dev/null +++ b/docker/wazuh-4.7/config/wazuh_dashboard/wazuh_dashboard.yml @@ -0,0 +1,15 @@ +server.host: 0.0.0.0 +server.port: 5601 +opensearch.hosts: https://wazuh.indexer:9200 +opensearch.ssl.verificationMode: certificate +opensearch.requestHeadersAllowlist: ['securitytenant', 'Authorization'] +opensearch_security.multitenancy.enabled: false +opensearch_security.readonly_mode.roles: ['kibana_read_only'] +server.ssl.enabled: true +server.ssl.key: '/usr/share/wazuh-dashboard/certs/wazuh.dashboard.key' +server.ssl.certificate: '/usr/share/wazuh-dashboard/certs/wazuh.dashboard.pem' +opensearch.ssl.certificateAuthorities: + ['/usr/share/wazuh-dashboard/certs/ca.pem'] +uiSettings.overrides.defaultRoute: /app/wazuh +opensearch.username: 'kibanaserver' +opensearch.password: 'kibanaserver' diff --git a/docker/wazuh-4.7/config/wazuh_dashboard/wazuh_dashboard_saml.yml b/docker/wazuh-4.7/config/wazuh_dashboard/wazuh_dashboard_saml.yml new file mode 100755 index 0000000000..ce5d198300 --- /dev/null +++ b/docker/wazuh-4.7/config/wazuh_dashboard/wazuh_dashboard_saml.yml @@ -0,0 +1,16 @@ +server.host: 0.0.0.0 +server.port: 5601 +opensearch.hosts: https://wazuh.indexer:9200 +opensearch.ssl.verificationMode: certificate +opensearch.requestHeadersWhitelist: ["securitytenant","Authorization"] +opensearch_security.multitenancy.enabled: false +opensearch_security.readonly_mode.roles: ["kibana_read_only"] +server.ssl.enabled: true +server.ssl.key: "/usr/share/wazuh-dashboard/certs/wazuh.dashboard.key" +server.ssl.certificate: "/usr/share/wazuh-dashboard/certs/wazuh.dashboard.pem" +opensearch.ssl.certificateAuthorities: ["/usr/share/wazuh-dashboard/certs/ca.pem"] +uiSettings.overrides.defaultRoute: /app/wazuh +opensearch.username: "kibanaserver" +opensearch.password: "kibanaserver" +opensearch_security.auth.type: "saml" +server.xsrf.whitelist: [/_plugins/_security/saml/acs,/_opendistro/_security/saml/acs,/_plugins/_security/saml/acs/idpinitiated,/_opendistro/_security/saml/acs/idpinitiated,/_plugins/_security/saml/logout,/_opendistro/_security/saml/logout] diff --git a/docker/wazuh-4.7/config/wazuh_indexer/config-saml.yml b/docker/wazuh-4.7/config/wazuh_indexer/config-saml.yml new file mode 100644 index 0000000000..74fc91c8c4 --- /dev/null +++ b/docker/wazuh-4.7/config/wazuh_indexer/config-saml.yml @@ -0,0 +1,40 @@ +--- +_meta: + type: "config" + config_version: 2 + +config: + dynamic: + http: + anonymous_auth_enabled: false + authc: + internal_auth: + order: 0 + description: "HTTP basic authentication using the internal user database" + http_enabled: true + transport_enabled: true + http_authenticator: + type: basic + challenge: false + authentication_backend: + type: internal + saml_auth: + order: 1 + description: "Keycloack SAML provider" + http_enabled: true + transport_enabled: false + http_authenticator: + type: saml + challenge: true + config: + idp: + metadata_url: http://idp:8080/realms/wazuh/protocol/saml/descriptor + entity_id: http://idp:8080/realms/wazuh + sp: + entity_id: wazuh + signature_private_key_filepath: "certs/admin-key.pem" + kibana_url: https://localhost:5601 + roles_key: Role + exchange_key: 1a2a3a4a5a6a7a8a9a0a1b2b3b4b5b6b + authentication_backend: + type: noop diff --git a/docker/wazuh-4.7/config/wazuh_indexer/config.yml b/docker/wazuh-4.7/config/wazuh_indexer/config.yml new file mode 100644 index 0000000000..74fc91c8c4 --- /dev/null +++ b/docker/wazuh-4.7/config/wazuh_indexer/config.yml @@ -0,0 +1,40 @@ +--- +_meta: + type: "config" + config_version: 2 + +config: + dynamic: + http: + anonymous_auth_enabled: false + authc: + internal_auth: + order: 0 + description: "HTTP basic authentication using the internal user database" + http_enabled: true + transport_enabled: true + http_authenticator: + type: basic + challenge: false + authentication_backend: + type: internal + saml_auth: + order: 1 + description: "Keycloack SAML provider" + http_enabled: true + transport_enabled: false + http_authenticator: + type: saml + challenge: true + config: + idp: + metadata_url: http://idp:8080/realms/wazuh/protocol/saml/descriptor + entity_id: http://idp:8080/realms/wazuh + sp: + entity_id: wazuh + signature_private_key_filepath: "certs/admin-key.pem" + kibana_url: https://localhost:5601 + roles_key: Role + exchange_key: 1a2a3a4a5a6a7a8a9a0a1b2b3b4b5b6b + authentication_backend: + type: noop diff --git a/docker/wazuh-4.7/config/wazuh_indexer/internal_users.yml b/docker/wazuh-4.7/config/wazuh_indexer/internal_users.yml new file mode 100755 index 0000000000..d9f05b343b --- /dev/null +++ b/docker/wazuh-4.7/config/wazuh_indexer/internal_users.yml @@ -0,0 +1,56 @@ +--- +# This is the internal user database +# The hash value is a bcrypt hash and can be generated with plugin/tools/hash.sh + +_meta: + type: "internalusers" + config_version: 2 + +# Define your internal users here + +## Demo users + +admin: + hash: "$2y$12$K/SpwjtB.wOHJ/Nc6GVRDuc1h0rM1DfvziFRNPtk27P.c4yDr9njO" + reserved: true + backend_roles: + - "admin" + description: "Demo admin user" + +kibanaserver: + hash: "$2a$12$4AcgAt3xwOWadA5s5blL6ev39OXDNhmOesEoo33eZtrq2N0YrU3H." + reserved: true + description: "Demo kibanaserver user" + +kibanaro: + hash: "$2a$12$JJSXNfTowz7Uu5ttXfeYpeYE0arACvcwlPBStB1F.MI7f0U9Z4DGC" + reserved: false + backend_roles: + - "kibanauser" + - "readall" + attributes: + attribute1: "value1" + attribute2: "value2" + attribute3: "value3" + description: "Demo kibanaro user" + +logstash: + hash: "$2a$12$u1ShR4l4uBS3Uv59Pa2y5.1uQuZBrZtmNfqB3iM/.jL0XoV9sghS2" + reserved: false + backend_roles: + - "logstash" + description: "Demo logstash user" + +readall: + hash: "$2a$12$ae4ycwzwvLtZxwZ82RmiEunBbIPiAmGZduBAjKN0TXdwQFtCwARz2" + reserved: false + backend_roles: + - "readall" + description: "Demo readall user" + +snapshotrestore: + hash: "$2y$12$DpwmetHKwgYnorbgdvORCenv4NAK8cPUg8AI6pxLCuWf/ALc0.v7W" + reserved: false + backend_roles: + - "snapshotrestore" + description: "Demo snapshotrestore user" diff --git a/docker/wazuh-4.7/config/wazuh_indexer/opensearch.yml b/docker/wazuh-4.7/config/wazuh_indexer/opensearch.yml new file mode 100644 index 0000000000..ee1dbf59d5 --- /dev/null +++ b/docker/wazuh-4.7/config/wazuh_indexer/opensearch.yml @@ -0,0 +1,42 @@ +network.host: "0.0.0.0" +node.name: "os1" +path.data: /var/lib/os1 +path.logs: /var/log/os1 +# comment compatibility.override_main_response_version for 2.0.0 +compatibility.override_main_response_version: true +plugins.security.ssl.http.pemcert_filepath: ${OPENSEARCH_PATH_CONF}/certs/os1.pem +plugins.security.ssl.http.pemkey_filepath: ${OPENSEARCH_PATH_CONF}/certs/os1.key +plugins.security.ssl.http.pemtrustedcas_filepath: ${OPENSEARCH_PATH_CONF}/certs/ca.pem +plugins.security.ssl.transport.pemcert_filepath: ${OPENSEARCH_PATH_CONF}/certs/os1.pem +plugins.security.ssl.transport.pemkey_filepath: ${OPENSEARCH_PATH_CONF}/certs/os1.key +plugins.security.ssl.transport.pemtrustedcas_filepath: ${OPENSEARCH_PATH_CONF}/certs/ca.pem +plugins.security.ssl.http.enabled: true +plugins.security.ssl.transport.enforce_hostname_verification: false +plugins.security.ssl.transport.resolve_hostname: false +plugins.security.authcz.admin_dn: + - "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US" +plugins.security.check_snapshot_restore_write_privileges: true +plugins.security.enable_snapshot_restore_privilege: true +plugins.security.nodes_dn: + - "CN=os1,OU=Wazuh,O=Wazuh,L=California,C=US" +plugins.security.restapi.roles_enabled: + - "all_access" + - "security_rest_api_access" +plugins.security.system_indices.enabled: true +plugins.security.system_indices.indices: + [ + ".opendistro-alerting-config", + ".opendistro-alerting-alert*", + ".opendistro-anomaly-results*", + ".opendistro-anomaly-detector*", + ".opendistro-anomaly-checkpoints", + ".opendistro-anomaly-detection-state", + ".opendistro-reports-*", + ".opendistro-notifications-*", + ".opendistro-notebooks", + ".opensearch-observability", + ".opendistro-asynchronous-search-response*", + ".replication-metadata-store", + ] +plugins.security.allow_default_init_securityindex: true +cluster.routing.allocation.disk.threshold_enabled: false diff --git a/docker/wazuh-4.7/config/wazuh_indexer/roles.yml b/docker/wazuh-4.7/config/wazuh_indexer/roles.yml new file mode 100644 index 0000000000..5b35df448b --- /dev/null +++ b/docker/wazuh-4.7/config/wazuh_indexer/roles.yml @@ -0,0 +1,149 @@ +_meta: + type: "roles" + config_version: 2 + +# Restrict users so they can only view visualization and dashboard on kibana +kibana_read_only: + reserved: true + +# The security REST API access role is used to assign specific users access to change the security settings through the REST API. +security_rest_api_access: + reserved: true + +# Allows users to view monitors, destinations and alerts +alerting_read_access: + reserved: true + cluster_permissions: + - "cluster:admin/opendistro/alerting/alerts/get" + - "cluster:admin/opendistro/alerting/destination/get" + - "cluster:admin/opendistro/alerting/monitor/get" + - "cluster:admin/opendistro/alerting/monitor/search" + +# Allows users to view and acknowledge alerts +alerting_ack_alerts: + reserved: true + cluster_permissions: + - "cluster:admin/opendistro/alerting/alerts/*" + +# Allows users to use all alerting functionality +alerting_full_access: + reserved: true + cluster_permissions: + - "cluster_monitor" + - "cluster:admin/opendistro/alerting/*" + index_permissions: + - index_patterns: + - "*" + allowed_actions: + - "indices_monitor" + - "indices:admin/aliases/get" + - "indices:admin/mappings/get" + +# Allow users to read Anomaly Detection detectors and results +anomaly_read_access: + reserved: true + cluster_permissions: + - "cluster:admin/opendistro/ad/detector/info" + - "cluster:admin/opendistro/ad/detector/search" + - "cluster:admin/opendistro/ad/detectors/get" + - "cluster:admin/opendistro/ad/result/search" + - "cluster:admin/opendistro/ad/tasks/search" + +# Allows users to use all Anomaly Detection functionality +anomaly_full_access: + reserved: true + cluster_permissions: + - "cluster_monitor" + - "cluster:admin/opendistro/ad/*" + index_permissions: + - index_patterns: + - "*" + allowed_actions: + - "indices_monitor" + - "indices:admin/aliases/get" + - "indices:admin/mappings/get" + +# Allows users to read Notebooks +notebooks_read_access: + reserved: true + cluster_permissions: + - "cluster:admin/opendistro/notebooks/list" + - "cluster:admin/opendistro/notebooks/get" + +# Allows users to all Notebooks functionality +notebooks_full_access: + reserved: true + cluster_permissions: + - "cluster:admin/opendistro/notebooks/create" + - "cluster:admin/opendistro/notebooks/update" + - "cluster:admin/opendistro/notebooks/delete" + - "cluster:admin/opendistro/notebooks/get" + - "cluster:admin/opendistro/notebooks/list" + +# Allows users to read and download Reports +reports_instances_read_access: + reserved: true + cluster_permissions: + - "cluster:admin/opendistro/reports/instance/list" + - "cluster:admin/opendistro/reports/instance/get" + - "cluster:admin/opendistro/reports/menu/download" + +# Allows users to read and download Reports and Report-definitions +reports_read_access: + reserved: true + cluster_permissions: + - "cluster:admin/opendistro/reports/definition/get" + - "cluster:admin/opendistro/reports/definition/list" + - "cluster:admin/opendistro/reports/instance/list" + - "cluster:admin/opendistro/reports/instance/get" + - "cluster:admin/opendistro/reports/menu/download" + +# Allows users to all Reports functionality +reports_full_access: + reserved: true + cluster_permissions: + - "cluster:admin/opendistro/reports/definition/create" + - "cluster:admin/opendistro/reports/definition/update" + - "cluster:admin/opendistro/reports/definition/on_demand" + - "cluster:admin/opendistro/reports/definition/delete" + - "cluster:admin/opendistro/reports/definition/get" + - "cluster:admin/opendistro/reports/definition/list" + - "cluster:admin/opendistro/reports/instance/list" + - "cluster:admin/opendistro/reports/instance/get" + - "cluster:admin/opendistro/reports/menu/download" + +# Allows users to use all asynchronous-search functionality +asynchronous_search_full_access: + reserved: true + cluster_permissions: + - "cluster:admin/opendistro/asynchronous_search/*" + index_permissions: + - index_patterns: + - "*" + allowed_actions: + - "indices:data/read/search*" + +# Allows users to read stored asynchronous-search results +asynchronous_search_read_access: + reserved: true + cluster_permissions: + - "cluster:admin/opendistro/asynchronous_search/get" + +# Wazuh monitoring and statistics index permissions +manage_wazuh_index: + reserved: true + hidden: false + cluster_permissions: [] + index_permissions: + - index_patterns: + - "wazuh-*" + dls: "" + fls: [] + masked_fields: [] + allowed_actions: + - "read" + - "delete" + - "manage" + - "index" + tenant_permissions: [] + static: false diff --git a/docker/wazuh-4.7/config/wazuh_indexer/roles_mapping.yml b/docker/wazuh-4.7/config/wazuh_indexer/roles_mapping.yml new file mode 100644 index 0000000000..94c2b46613 --- /dev/null +++ b/docker/wazuh-4.7/config/wazuh_indexer/roles_mapping.yml @@ -0,0 +1,88 @@ +--- +# In this file users, backendroles and hosts can be mapped to Open Distro Security roles. +# Permissions for Opendistro roles are configured in roles.yml + +_meta: + type: "rolesmapping" + config_version: 2 + +# Define your roles mapping here + +## Default roles mapping + +all_access: + reserved: true + hidden: false + backend_roles: + - "admin" + hosts: [] + users: [] + and_backend_roles: [] + description: "Maps admin to all_access" + +own_index: + reserved: false + hidden: false + backend_roles: [] + hosts: [] + users: + - "*" + and_backend_roles: [] + description: "Allow full access to an index named like the username" + +logstash: + reserved: false + hidden: false + backend_roles: + - "logstash" + hosts: [] + users: [] + and_backend_roles: [] + +readall: + reserved: true + hidden: false + backend_roles: + - "readall" + hosts: [] + users: [] + and_backend_roles: [] + +manage_snapshots: + reserved: true + hidden: false + backend_roles: + - "snapshotrestore" + hosts: [] + users: [] + and_backend_roles: [] + +kibana_server: + reserved: true + hidden: false + backend_roles: [] + hosts: [] + users: + - "kibanaserver" + and_backend_roles: [] + +kibana_user: + reserved: false + hidden: false + backend_roles: + - "kibanauser" + hosts: [] + users: [] + and_backend_roles: [] + description: "Maps kibanauser to kibana_user" + + # Wazuh monitoring and statistics index permissions +manage_wazuh_index: + reserved: true + hidden: false + backend_roles: [] + hosts: [] + users: + - "kibanaserver" + - "admin" + and_backend_roles: [] diff --git a/docker/wazuh-4.7/config/wazuh_indexer/wazuh.indexer.yml b/docker/wazuh-4.7/config/wazuh_indexer/wazuh.indexer.yml new file mode 100755 index 0000000000..3b31ac37d0 --- /dev/null +++ b/docker/wazuh-4.7/config/wazuh_indexer/wazuh.indexer.yml @@ -0,0 +1,28 @@ +network.host: "0.0.0.0" +node.name: "wazuh.indexer" +path.data: /var/lib/wazuh-indexer +path.logs: /var/log/wazuh-indexer +discovery.type: single-node +compatibility.override_main_response_version: true +plugins.security.ssl.http.pemcert_filepath: ${OPENSEARCH_PATH_CONF}/certs/wazuh.indexer.pem +plugins.security.ssl.http.pemkey_filepath: ${OPENSEARCH_PATH_CONF}/certs/wazuh.indexer.key +plugins.security.ssl.http.pemtrustedcas_filepath: ${OPENSEARCH_PATH_CONF}/certs/ca.pem +plugins.security.ssl.transport.pemcert_filepath: ${OPENSEARCH_PATH_CONF}/certs/wazuh.indexer.pem +plugins.security.ssl.transport.pemkey_filepath: ${OPENSEARCH_PATH_CONF}/certs/wazuh.indexer.key +plugins.security.ssl.transport.pemtrustedcas_filepath: ${OPENSEARCH_PATH_CONF}/certs/ca.pem +plugins.security.ssl.http.enabled: true +plugins.security.ssl.transport.enforce_hostname_verification: false +plugins.security.ssl.transport.resolve_hostname: false +plugins.security.authcz.admin_dn: +- "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US" +plugins.security.check_snapshot_restore_write_privileges: true +plugins.security.enable_snapshot_restore_privilege: true +plugins.security.nodes_dn: +- "CN=os1,OU=Wazuh,O=Wazuh,L=California,C=US" +plugins.security.restapi.roles_enabled: +- "all_access" +- "security_rest_api_access" +plugins.security.system_indices.enabled: true +plugins.security.system_indices.indices: [".opendistro-alerting-config", ".opendistro-alerting-alert*", ".opendistro-anomaly-results*", ".opendistro-anomaly-detector*", ".opendistro-anomaly-checkpoints", ".opendistro-anomaly-detection-state", ".opendistro-reports-*", ".opendistro-notifications-*", ".opendistro-notebooks", ".opensearch-observability", ".opendistro-asynchronous-search-response*", ".replication-metadata-store"] +plugins.security.allow_default_init_securityindex: true +cluster.routing.allocation.disk.threshold_enabled: false \ No newline at end of file diff --git a/docker/wazuh-4.7/enable_saml.sh b/docker/wazuh-4.7/enable_saml.sh new file mode 100755 index 0000000000..41d3fb8a22 --- /dev/null +++ b/docker/wazuh-4.7/enable_saml.sh @@ -0,0 +1,165 @@ +#!/bin/bash + +# idp container launches and docker-compose returns too quickly, do not wait for container to +# be healthy as it has no dependencies, so we wait before continuing +sleep 7 + + +indexer="$1-wazuh.indexer-1" +dashboard="$1-wazuh.dashboard-1" + +# Setup keycloack to be used with wazuh-dashboards + +# Connection +U="admin" +P="admin" +B="http://idp:8080" + +# Realm +REALM="master" + +# Get ACCESS_TOKEN from default install +ACCESS_TOKEN=$(curl -sS \ + -d 'client_id=admin-cli' \ + -d 'username=admin' \ + -d 'password=admin' \ + -d 'grant_type=password' \ + "${B}/realms/master/protocol/openid-connect/token" | jq -r '.access_token') + +H=('-H' 'Content-Type: application/json' '-H' "Authorization: Bearer $ACCESS_TOKEN") + +# Create new REALM +REALM="wazuh" +P='{ + "id": "wazuh", + "realm": "wazuh", + "enabled": true +}' + +curl -sS -L -X POST "${B}/admin/realms" "${H[@]}" -d "$P" | grep -v "Conflict detected" + + +# Add admin certificates to keycloak as these are used by indexer to sign saml +# messages. These should be uploaded to keycloak if we want it to verify indexer messages. +key=$(cat /certs/wi/admin-key.pem | grep -v "PRIVATE KEY" | tr -d "\n") +cert=$(cat /certs/wi/admin.pem | grep -v CERTIFICATE | tr -d "\n") + + +# Create client +# By default the client does not verify the client signature on saml messages +# but it could be enabled for testing purposes +PC="{ + \"protocol\": \"saml\", + \"name\": \"wazuh\", + \"clientId\": \"wazuh\", + \"description\": \"wazuh saml integration\", + \"baseUrl\": \"https://localhost:5601\", + \"rootUrl\": \"https://localhost:5601\", + \"redirectUris\": [\"https://localhost:5601/*\"], + \"attributes\" : { + \"saml_single_logout_service_url_redirect\": \"https://localhost:5601/_opendistro/_security/saml/logout\", + \"saml_assertion_consumer_url_post\": \"https://localhost:5601/_opendistro/_security/saml/acs/idpinitiated\", + \"saml_single_logout_service_url_post\": \"https://wazuh.dashboard:5601/_opendistro/_security/saml/logout\", + \"saml.force.post.binding\": \"false\", + \"saml.signing.certificate\": \"$cert\", + \"saml.signing.private.key\": \"$key\", + \"saml.client.signature\": \"true\", + \"saml_single_logout_service_url_redirect\": \"https://localhost:5601\", + \"post.logout.redirect.uris\": \"https://localhost:5601*\" + } +}" + +curl -sS -L -X POST "${B}/admin/realms/${REALM}/clients" "${H[@]}" -d "$PC" | grep -v "Client wazuh already exists" + +# Get a client json representation +CLIENT=$(curl -sS -L -X GET "${B}/admin/realms/${REALM}/clients" "${H[@]}" -G -d 'clientId=wazuh' |jq '.[] | select(.clientId=="wazuh")') + +# Get client id +CID=$(echo $CLIENT | jq -r '.id' ) + +# Generate all-access and admin role for the realm +PR1='{ + "name":"all-access" +}' + +curl -sS -L -X POST "${B}/admin/realms/${REALM}/roles" "${H[@]}" -d "$PR1" | grep -v "Role with name all-access already exists" + +PR2='{ + "name":"admin" +}' + +curl -sS -L -X POST "${B}/admin/realms/${REALM}/roles" "${H[@]}" -d "$PR2" | grep -v "Role with name admin already exists" + + +## create new user +PU='{ + "username": "wazuh", + "email": "hello@wazuh.com", + "firstName": "Wazuh", + "lastName": "Wazuh", + "emailVerified": true, + "enabled": true, + "credentials": [{"temporary":false,"type":"password","value":"wazuh"}], + "realmRoles": ["admin", "all-access"] +}' + +curl -sS -L -X POST "${B}/admin/realms/${REALM}/users" "${H[@]}" -d "$PU" | grep -v "User exists with same username" + +## Get a user json representation +USER=$(curl -sS -L -X GET "${B}/admin/realms/${REALM}/users" "${H[@]}" -G -d 'username=wazuh' |jq '.[] | select(.username=="wazuh")') + +### Get user id +USERID=$(echo $USER | jq -r '.id' ) + +# Get roles +ROLES=$(curl -sS -L -X GET "${B}/admin/realms/${REALM}/roles" "${H[@]}" -d "$PR2" ) + +## Assign role +ADMINID=$(echo $ROLES | jq -r '.[] | select(.name=="admin").id') +ALLACCESSID=$(echo $ROLES | jq -r '.[] | select(.name=="all-access").id') + +PA1="[ + { + \"id\": \"$ADMINID\", + \"name\": \"admin\", + \"composite\": false, + \"clientRole\": false, + \"containerId\": \"wazuh\" + }, + { + \"id\": \"$ALLACCESSID\", + \"name\": \"all-access\", + \"description\": \"\", + \"composite\": false, + \"clientRole\": false, + \"containerId\": \"wazuh\" + } +]" + +curl -sS -L -X POST "${B}/admin/realms/${REALM}/users/${USERID}/role-mappings/realm" "${H[@]}" -d "$PA1" + +# Get list of client scopes +CSCOPES=$(curl -sS -L -X GET "${B}/admin/realms/${REALM}/client-scopes" "${H[@]}") +CSID=$(echo $CSCOPES | jq -r '.[] | select(.name=="role_list").id ') +CSR=$(echo $CSCOPES | jq -r '.[] | select(.name=="role_list") ') + + +# Set single to true, so opensearch works +UPDATE=$(echo $CSR | jq '.protocolMappers[] | select(.name=="role list").config.single |= "true" ') +PMID=$(echo $CSR | jq -r '.protocolMappers[] | select(.name=="role list").id') + +curl -sS -L -X PUT "${B}/admin/realms/${REALM}/client-scopes/$CSID/protocol-mappers/models/$PMID" "${H[@]}" -d "$UPDATE" + +# Set up auth realm on opensearch +certs="/usr/share/wazuh-indexer/certs" +ca="$certs/ca.pem" +cert="$certs/admin.pem" +key="$certs/admin-key.pem" + +securityadmin="bash /usr/share/wazuh-indexer/plugins/opensearch-security/tools/securityadmin.sh" +config_path="/usr/share/wazuh-indexer/opensearch-security/" + +echo "To update configuration in indexer, you can run:" +echo docker exec -e JAVA_HOME=/usr/share/wazuh-indexer/jdk $indexer $securityadmin -cacert $ca -cert $cert -key $key -cd $config_path + + diff --git a/docker/wazuh-4.7/pre.sh b/docker/wazuh-4.7/pre.sh new file mode 100755 index 0000000000..a3baf6bffe --- /dev/null +++ b/docker/wazuh-4.7/pre.sh @@ -0,0 +1,111 @@ +#!/usr/bin/env bash + +versions=( + "4.7.0" + "4.7.1" + "4.7.2" +) + +wazuh_api_version=( + "0" +) + +usage() { + echo + echo "./pre.sh wazuh_version wazuh_api_version action " + echo + echo "where" + echo " wazuh_version is one of ${versions[*]}" + echo " wazuh_api_version is the patch version of wazuh 4.7, for example " ${wazuh_api_version[*]} + echo " action is one of up | down | stop" + echo + echo "In a minor release, the API should not change the version here bumps the API" + echo " string returned for testing. This script generates the file " + echo + echo " config/imposter/api_info.json" + echo + echo "used by the mock server" + exit -1 +} + +if [ $# -ne 3 ]; then + echo "Incorrect number of arguments " $# + usage +fi + +if [[ ! " ${versions[*]} " =~ " ${1} " ]]; then + echo "Version ${1} not found in ${versions[*]}" + exit -1 +fi + +[ -n "$2" ] && [ "$2" -eq "$2" ] 2>/dev/null +if [ $? -ne 0 ]; then + echo "$2 is not number" + exit -1 +fi + +patch_version=$2 +cat <config/imposter/api_info.json +{ + "data": { + "title": "Wazuh API REST", + "api_version": "4.7.${patch_version}", + "revision": 40316, + "license_name": "GPL 2.0", + "license_url": "https://github.com/wazuh/wazuh/blob/4.7/LICENSE", + "hostname": "imposter", + "timestamp": "2022-06-13T17:20:03Z" + }, + "error": 0 +} +EOF + +export WAZUH_STACK=${1} +export KIBANA_PORT=5601 +export KIBANA_PASSWORD=${PASSWORD:-SecretPassword} +export COMPOSE_PROJECT_NAME=wz-pre-${WAZUH_STACK//./} + +case "$3" in +up) + # recreate volumes + docker compose -f pre.yml up -Vd + + # This installs Wazuh and integrates with a default Wazuh stack + # v=$( echo -n $WAZUH_STACK | sed 's/\.//g' ) + echo + echo "Install the pre-release package manually with:" + echo + echo "1. Uninstall current version of the Wazuh app:" + echo "docker exec -ti ${COMPOSE_PROJECT_NAME}-wazuh.dashboard-1 /usr/share/wazuh-dashboard/bin/opensearch-dashboards-plugin remove wazuh" + echo + echo "2. Restart Wazuh Dashboard:" + echo "docker restart ${COMPOSE_PROJECT_NAME}-wazuh.dashboard-1" + echo + echo "3. Copy the pre-release package to the running Wazuh Dashboard container:" + echo docker cp wazuh-4.7.${patch_version}-1.zip ${COMPOSE_PROJECT_NAME}-wazuh.dashboard-1:/tmp + echo + echo "4. Install the package we have just uploaded:" + echo "docker exec -ti ${COMPOSE_PROJECT_NAME}-wazuh.dashboard-1 /usr/share/wazuh-dashboard/bin/opensearch-dashboards-plugin install file:///tmp/wazuh-4.7.${patch_version}-1.zip" + echo + echo "5. Restart the Wazuh Dashboard container:" + echo "docker restart ${COMPOSE_PROJECT_NAME}-wazuh.dashboard-1" + echo + echo "6. Upload the Wazuh app configuration:" + echo "docker cp ./config/wazuh_dashboard/wazuh.yml ${COMPOSE_PROJECT_NAME}-wazuh.dashboard-1:/usr/share/wazuh-dashboard/data/wazuh/config/" + echo + echo "7. Access the running instance in:" + echo "https://localhost:${KIBANA_PORT}" + echo + ;; +down) + # delete volumes + docker compose -f pre.yml down -v --remove-orphans + ;; +stop) + docker compose -f rel.yml -p "${COMPOSE_PROJECT_NAME}" stop + ;; +*) + echo "Action must be either up or down" + usage + ;; +esac diff --git a/docker/wazuh-4.7/pre.yml b/docker/wazuh-4.7/pre.yml new file mode 100755 index 0000000000..7f22362cd1 --- /dev/null +++ b/docker/wazuh-4.7/pre.yml @@ -0,0 +1,212 @@ +# Wazuh App Copyright (C) 2021 Wazuh Inc. (License GPLv2) +version: '3.9' + +# x-logging: &logging +# logging: +# driver: loki +# options: +# loki-url: "http://host.docker.internal:3100/loki/api/v1/push" + +services: + exporter: + image: quay.io/prometheuscommunity/elasticsearch-exporter:latest + # <<: *logging + hostname: 'exporter-kbn-${WAZUH_STACK}' + networks: + - wzd-pre + - mon + command: + - '--es.uri=https://admin:${KIBANA_PASSWORD}@wazuh.indexer:9200' + - '--es.ssl-skip-verify' + - '--es.all' + + imposter: + image: outofcoffee/imposter + hostname: 'imposter-kbn-${WAZUH_STACK}' + networks: + - wzd-pre + - mon + # <<: *logging + environment: + - JAVA_OPTS="-Xmx512m -Xss512k -Dfile.encoding=UTF-8 -XX:MaxRAM=800m -XX:MaxRAMPercentage=95 -XX:MinRAMPercentage=60A" + - MALLOC_ARENA_MAX=1 + volumes: + - ./config/imposter:/opt/imposter/config + + generator: + image: cfssl/cfssl + volumes: + - wi_certs:/certs/wi + - wd_certs:/certs/wd + - wm_certs:/certs/wm + - ./config/certs:/conf + entrypoint: /bin/bash + command: > + -c ' + export certs=/tmp/certs + mkdir $$certs + cd $$certs + + echo "Generating CA" + cfssl gencert -initca /conf/ca.json | cfssljson -bare ca + + echo "Generating servers certificates" + for i in wazuh.indexer wazuh.dashboard wazuh.manager; do + echo "Generating cert for $$i" + cat /conf/host.json | \ + sed "s/HOST/$$i/g" | \ + cfssl gencert \ + -ca $$certs/ca.pem \ + -ca-key $$certs/ca-key.pem \ + -config /conf/cfssl.json \ + -profile=server - | \ + cfssljson -bare $$i + openssl pkcs8 -topk8 -inform pem -in $$i-key.pem -outform pem -nocrypt -out $$i.key + done + + echo "Generating clients certificates" + for i in admin filebeat; do + echo "Generating cert for $$i" + cat /conf/host.json | \ + sed "s/HOST/$$i/g" | \ + cfssl gencert \ + -ca $$certs/ca.pem \ + -ca-key $$certs/ca-key.pem \ + -config /conf/cfssl.json \ + -profile=client - | \ + cfssljson -bare $$i + openssl pkcs8 -topk8 -inform pem -in $$i-key.pem -outform pem -nocrypt -out $$i.key + done + + echo "Setting up permissions" + + rm /certs/wi/* /certs/wd/* /certs/wm/* + + mv $$certs/wazuh.indexer* /certs/wi + mv $$certs/admin* /certs/wi + mv /certs/wi/admin.key /certs/wi/admin-key.pem + cp $$certs/*ca* /certs/wi + + mv $$certs/wazuh.dashboard* /certs/wd + cp $$certs/*ca* /certs/wd + + mv $$certs/*.* /certs/wm + + chmod 640 /certs/wi/* /certs/wd/* /certs/wm/* + chown -R 1000:1000 /certs/* + ls -alR /certs/ + + sleep 30 + ' + healthcheck: + test: ['CMD-SHELL', '[ -r /certs/wm/wazuh.manager.pem ]'] + interval: 2s + timeout: 5s + retries: 10 + + filebeat: + depends_on: + wazuh.indexer: + condition: service_healthy + image: elastic/filebeat:7.10.2 + hostname: filebeat + user: '0:0' + networks: + - wzd-pre + - mon + # <<: *logging + entrypoint: + - '/bin/bash' + command: > + -c ' + mkdir -p /etc/filebeat + echo admin | filebeat keystore add username --stdin --force + echo SecretPassword| filebeat keystore add password --stdin --force + curl -so /etc/filebeat/wazuh-template.json https://raw.githubusercontent.com/wazuh/wazuh/4.3/extensions/elasticsearch/7.x/wazuh-template.json + curl -s https://packages.wazuh.com/4.x/filebeat/wazuh-filebeat-0.3.tar.gz | tar -xvz -C /usr/share/filebeat/module + # copy filebeat to preserve correct permissions without + # affecting host filesystem + cp /tmp/filebeat.yml /usr/share/filebeat/filebeat.yml + chown root.root /usr/share/filebeat/filebeat.yml + chmod go-w /usr/share/filebeat/filebeat.yml + filebeat setup -e + filebeat + ' + volumes: + - wm_certs:/etc/ssl/wazuh + - ./config/filebeat/filebeat.yml:/tmp/filebeat.yml + + wazuh.indexer: + depends_on: + generator: + condition: service_healthy + image: wazuh/wazuh-indexer:${WAZUH_STACK} + hostname: wazuh.indexer + networks: + - wzd-pre + - mon + # <<: *logging + environment: + - 'OPENSEARCH_JAVA_OPTS=-Xms512m -Xmx512m' + - 'OPENSEARCH_PATH_CONF=/usr/share/wazuh-indexer/config' + ulimits: + memlock: + soft: -1 + hard: -1 + nofile: + soft: 65536 + hard: 65536 + volumes: + - wazuh-indexer-data:/var/lib/wazuh-indexer + - wi_certs:/usr/share/wazuh-indexer/certs/ + - ./config/wazuh_indexer/wazuh.indexer.yml:/usr/share/wazuh-indexer/opensearch.yml + - ./config/wazuh_indexer/internal_users.yml:/usr/share/wazuh-indexer/opensearch-security/internal_users.yml + - ./config/wazuh_indexer/config.yml:/usr/share/wazuh-indexer/opensearch-security/config.yml + - ./config/wazuh_indexer/roles.yml:/usr/share/wazuh-indexer/opensearch-security/roles.yml + - ./config/wazuh_indexer/roles_mapping.yml:/usr/share/wazuh-indexer/opensearch-security/roles_mapping.yml + healthcheck: + test: + [ + 'CMD-SHELL', + '/usr/share/wazuh-indexer/bin/opensearch-plugin list | grep -q security', + ] + interval: 10s + timeout: 10s + retries: 120 + + wazuh.dashboard: + image: wazuh/wazuh-dashboard:${WAZUH_STACK} + hostname: wazuh.dashboard + depends_on: + wazuh.indexer: + condition: service_healthy + networks: + - wzd-pre + - mon + # <<: *logging + ports: + - ${KIBANA_PORT}:5601 + environment: + - INDEXER_USERNAME=admin + - INDEXER_PASSWORD=SecretPassword + - WAZUH_API_URL=http://imposter:8080 + - API_USERNAME=wazuh-wui + - API_PASSWORD=MyS3cr37P450r.*- + volumes: + - wd_certs:/usr/share/wazuh-dashboard/certs + - ./config/wazuh_dashboard/wazuh_dashboards.yml:/usr/share/wazuh-dashboard/config/wazuh_dashboards.yml + - ./config/wazuh_dashboard/wazuh.yml:/usr/share/wazuh-dashboard/data/wazuh/config/wazuh.yml + +networks: + networks: + wzd-pre: + name: wzd-pre-${WAZUH_STACK} + driver: bridge + mon: + external: true + +volumes: + wazuh-indexer-data: + wi_certs: + wd_certs: + wm_certs: diff --git a/docker/wazuh-4.7/rel.sh b/docker/wazuh-4.7/rel.sh new file mode 100755 index 0000000000..0e639bdd46 --- /dev/null +++ b/docker/wazuh-4.7/rel.sh @@ -0,0 +1,71 @@ +#!/usr/bin/env bash + +versions=( + "4.7.0" + "4.7.1" + "4.7.2" +) + +usage() { + echo + echo "$0 version action [saml]" + echo + echo "where version is one of ${versions[*]}" + echo "action is one of up | down | stop" + echo "saml to deploy a saml enabled environment" + exit -1 +} + +if [ $# -lt 2 ]; then + echo "Incorrect number of arguments " $# + usage +fi + +if [[ ! " ${versions[*]} " =~ " ${1} " ]]; then + echo "Version ${1} not found in ${versions[*]}" + exit -1 +fi + +export WAZUH_STACK=${1} +export KIBANA_PORT=5601 +export KIBANA_PASSWORD=${PASSWORD:-SecretPassword} +export COMPOSE_PROJECT_NAME=wz-rel-${WAZUH_STACK//./} + +profile="standard" +export WAZUH_DASHBOARD_CONF=./config/wazuh_dashboard/wazuh_dashboard.yml +export SEC_CONFIG_FILE=./config/wazuh_indexer/config.yml + +if [[ "$3" =~ "saml" ]]; then + profile="saml" + export WAZUH_DASHBOARD_CONF=./config/wazuh_dashboard/wazuh_dashboard_saml.yml + export SEC_CONFIG_FILE=./config/wazuh_indexer/config-saml.yml +fi + +case "$2" in +up) + docker compose --profile $profile -f rel.yml -p "${COMPOSE_PROJECT_NAME}" up -Vd + echo + echo "1. (Optional) Enroll an agent (Ubuntu 20.04):" + echo "docker run --name ${COMPOSE_PROJECT_NAME}-agent --network ${COMPOSE_PROJECT_NAME} --label com.docker.compose.project=${COMPOSE_PROJECT_NAME} -d ubuntu:20.04 bash -c '" + echo " apt update -y" + echo " apt install -y curl lsb-release" + echo " curl -so \wazuh-agent-${WAZUH_STACK}.deb \\" + echo " https://packages.wazuh.com/4.x/apt/pool/main/w/wazuh-agent/wazuh-agent_${WAZUH_STACK}-1_amd64.deb \\" + echo " && WAZUH_MANAGER='wazuh.manager' WAZUH_AGENT_GROUP='default' dpkg -i ./wazuh-agent-${WAZUH_STACK}.deb" + echo + echo " /etc/init.d/wazuh-agent start" + echo " tail -f /var/ossec/logs/ossec.log" + echo "'" + echo + ;; +down) + docker compose --profile $profile -f rel.yml -p "${COMPOSE_PROJECT_NAME}" down -v --remove-orphans + ;; +stop) + docker compose --profile $profile -f rel.yml -p "${COMPOSE_PROJECT_NAME}" stop + ;; +*) + echo "Action must be either up or down" + usage + ;; +esac diff --git a/docker/wazuh-4.7/rel.yml b/docker/wazuh-4.7/rel.yml new file mode 100755 index 0000000000..fd5b1a3a08 --- /dev/null +++ b/docker/wazuh-4.7/rel.yml @@ -0,0 +1,325 @@ +# Wazuh App Copyright (C) 2021 Wazuh Inc. (License GPLv2) +version: '3.9' + +# x-logging: &logging +# logging: +# driver: loki +# options: +# loki-url: 'http://host.docker.internal:3100/loki/api/v1/push' + +services: + generator: + image: cfssl/cfssl + profiles: + - 'saml' + - 'standard' + # <<: *logging + volumes: + - wi_certs:/certs/wi + - wd_certs:/certs/wd + - wm_certs:/certs/wm + - idp_certs:/certs/idp + - ./config/certs:/conf + # Included to avoid docker from creating duplicated networks + networks: + - wz-rel + entrypoint: /bin/bash + command: > + -c ' + export certs=/tmp/certs + mkdir $$certs + cd $$certs + + echo "Generating CA" + cfssl gencert -initca /conf/ca.json | cfssljson -bare ca + + echo "Generating servers certificates" + for i in wazuh.indexer wazuh.dashboard wazuh.manager; do + echo "Generating cert for $$i" + cat /conf/host.json | \ + sed "s/HOST/$$i/g" | \ + cfssl gencert \ + -ca $$certs/ca.pem \ + -ca-key $$certs/ca-key.pem \ + -config /conf/cfssl.json \ + -profile=server - | \ + cfssljson -bare $$i + openssl pkcs8 -topk8 -inform pem -in $$i-key.pem -outform pem -nocrypt -out $$i.key + done + + echo "Generating clients certificates" + for i in admin saml filebeat; do + echo "Generating cert for $$i" + cat /conf/host.json | \ + sed "s/HOST/$$i/g" | \ + cfssl gencert \ + -ca $$certs/ca.pem \ + -ca-key $$certs/ca-key.pem \ + -config /conf/cfssl.json \ + -profile=client - | \ + cfssljson -bare $$i + openssl pkcs8 -topk8 -inform pem -in $$i-key.pem -outform pem -nocrypt -out $$i.key + done + + echo "Setting up permissions" + + rm /certs/wi/* /certs/wd/* /certs/wm/* + + mv $$certs/wazuh.indexer* /certs/wi + mv $$certs/admin* /certs/wi + mv /certs/wi/admin.key /certs/wi/admin-key.pem + cp $$certs/*ca* /certs/wi + + mv $$certs/saml* /certs/idp + mv /certs/idp/saml.key /certs/idp/saml-key.pem + cp $$certs/*ca* /certs/idp + + mv $$certs/wazuh.dashboard* /certs/wd + cp $$certs/*ca* /certs/wd + + mv $$certs/*.* /certs/wm + + chmod 640 /certs/wi/* /certs/wd/* /certs/wm/* + chown -R 1000:1000 /certs/* + ls -alR /certs/ + + sleep 300 + ' + healthcheck: + test: ['CMD-SHELL', '[ -r /certs/wm/wazuh.manager.pem ]'] + interval: 2s + timeout: 5s + retries: 10 + + idpsec: + image: quay.io/keycloak/keycloak:19.0.1 + depends_on: + generator: + condition: service_healthy + profiles: + - 'saml' + volumes: + - wi_certs:/certs/wi + - wd_certs:/certs/wd + - wm_certs:/certs/wm + - idp_certs:/certs/idp + networks: + - wz-rel + - mon + entrypoint: /bin/bash + command: > + -c ' + # trust store + for i in /certs/idp/ca.pem /certs/wd/wazuh.dashboard.pem /certs/wi/wazuh.indexer.pem + do + keytool -import -alias $$(basename $$i .pem) -file $$i -keystore /certs/idp/truststore.jks -storepass SecretPassword -trustcacerts -noprompt + done + sleep 300 + ' + healthcheck: + test: ['CMD-SHELL', '[ -r /certs/idp/truststore.jks ]'] + interval: 2s + timeout: 5s + retries: 10 + + wazuh.manager: + depends_on: + generator: + condition: service_healthy + image: wazuh/wazuh-manager:${WAZUH_STACK} + profiles: + - 'saml' + - 'standard' + hostname: wazuh.manager + networks: + - wz-rel + - mon + # <<: *logging + environment: + - INDEXER_URL=https://wazuh.indexer:9200 + - INDEXER_USERNAME=admin + - INDEXER_PASSWORD=SecretPassword + - FILEBEAT_SSL_VERIFICATION_MODE=full + - SSL_CERTIFICATE_AUTHORITIES=/etc/ssl/wazuh/ca.pem + - SSL_CERTIFICATE=/etc/ssl/wazuh/filebeat.pem + - SSL_KEY=/etc/ssl/wazuh/filebeat.key + - API_USERNAME=wazuh-wui + - API_PASSWORD=MyS3cr37P450r.*- + volumes: + - wazuh_api_configuration:/var/ossec/api/configuration + - wazuh_etc:/var/ossec/etc + - wazuh_logs:/var/ossec/logs + - wazuh_queue:/var/ossec/queue + - wazuh_var_multigroups:/var/ossec/var/multigroups + - wazuh_integrations:/var/ossec/integrations + - wazuh_active_response:/var/ossec/active-response/bin + - wazuh_agentless:/var/ossec/agentless + - wazuh_wodles:/var/ossec/wodles + - filebeat_etc:/etc/filebeat + - filebeat_var:/var/lib/filebeat + - wm_certs:/etc/ssl/wazuh + - ./config/wazuh_cluster/wazuh_manager.conf:/wazuh-config-mount/etc/ossec.conf + + wazuh.indexer: + depends_on: + generator: + condition: service_healthy + idpsetup: + condition: service_completed_successfully + required: false + image: wazuh/wazuh-indexer:${WAZUH_STACK} + profiles: + - 'saml' + - 'standard' + hostname: wazuh.indexer + networks: + - wz-rel + - mon + # <<: *logging + environment: + - 'OPENSEARCH_JAVA_OPTS=-Xms512m -Xmx512m' + - 'OPENSEARCH_PATH_CONF=/usr/share/wazuh-indexer/config' + ulimits: + memlock: + soft: -1 + hard: -1 + nofile: + soft: 65536 + hard: 65536 + volumes: + - wazuh-indexer-data:/var/lib/wazuh-indexer + - wi_certs:/usr/share/wazuh-indexer/certs/ + - idp_certs:/usr/share/wazuh-indexer/idp/ + - ./config/wazuh_indexer/wazuh.indexer.yml:/usr/share/wazuh-indexer/opensearch.yml + - ./config/wazuh_indexer/internal_users.yml:/usr/share/wazuh-indexer/opensearch-security/internal_users.yml + - ${SEC_CONFIG_FILE}:/usr/share/wazuh-indexer/opensearch-security/config.yml + - ./config/wazuh_indexer/roles.yml:/usr/share/wazuh-indexer/opensearch-security/roles.yml + - ./config/wazuh_indexer/roles_mapping.yml:/usr/share/wazuh-indexer/opensearch-security/roles_mapping.yml + healthcheck: + test: + [ + 'CMD-SHELL', + '/usr/share/wazuh-indexer/bin/opensearch-plugin list | grep -q security', + ] + interval: 10s + timeout: 10s + retries: 120 + + wazuh.dashboard: + image: wazuh/wazuh-dashboard:${WAZUH_STACK} + profiles: + - 'saml' + - 'standard' + hostname: wazuh.dashboard + depends_on: + wazuh.indexer: + condition: service_healthy + networks: + - wz-rel + - mon + # <<: *logging + ports: + - ${KIBANA_PORT}:5601 + environment: + - INDEXER_USERNAME=admin + - INDEXER_PASSWORD=SecretPassword + - WAZUH_API_URL=https://wazuh.manager + - API_USERNAME=wazuh-wui + - API_PASSWORD=MyS3cr37P450r.*- + volumes: + - wd_certs:/usr/share/wazuh-dashboard/certs + - ${WAZUH_DASHBOARD_CONF}:/usr/share/wazuh-dashboard/config/opensearch_dashboards.yml + - ./config/wazuh_dashboard/wazuh.yml:/usr/share/wazuh-dashboard/data/wazuh/config/wazuh.yml + + exporter: + image: quay.io/prometheuscommunity/elasticsearch-exporter:latest + profiles: + - 'saml' + - 'standard' + # <<: *logging + hostname: 'exporter' + networks: + - wz-rel + - mon + command: + - '--es.uri=https://admin:${KIBANA_PASSWORD}@wazuh-indexer:9200' + - '--es.ssl-skip-verify' + - '--es.all' + + idp: + image: quay.io/keycloak/keycloak:19.0.1 + depends_on: + idpsec: + condition: service_healthy + profiles: + - 'saml' + hostname: idp + # <<: *logging + networks: + - wz-rel + - mon + ports: + - '8080:8080' + environment: + - KEYCLOAK_ADMIN=admin + - KEYCLOAK_ADMIN_PASSWORD=admin + - KC_SPI_TRUSTSTORE_FILE_PASSWORD=SecretPassword + - KC_SPI_TRUSTSTORE_FILE_FILE=/certs/truststore.jks + volumes: + - keycloak-data:/var/lib/keycloak/data + - idp_certs:/certs + command: start-dev + healthcheck: + test: curl -f http://idp:8080/realms/master || exit 1 + interval: 10s + timeout: 5s + retries: 6 + + idpsetup: + image: badouralix/curl-jq + depends_on: + idp: + condition: service_healthy + profiles: + - 'saml' + hostname: idpsetup + # <<: *logging + networks: + - wz-rel + - mon + volumes: + - wi_certs:/certs/wi + - ./enable_saml.sh:/enable_saml.sh + entrypoint: /bin/sh + command: > + -c ' + apk add bash + bash /enable_saml.sh + exit 0 + ' + +networks: + wz-rel: + name: ${COMPOSE_PROJECT_NAME} + driver: bridge + mon: + external: true + +volumes: + wi_certs: + wd_certs: + wm_certs: + idp_certs: + wazuh_api_configuration: + wazuh_etc: + wazuh_logs: + wazuh_queue: + wazuh_var_multigroups: + wazuh_integrations: + wazuh_active_response: + wazuh_agentless: + wazuh_wodles: + filebeat_etc: + filebeat_var: + wazuh-indexer-data: + keycloak-data: From f871edea6f35c427e73250239c09dcc3a565821a Mon Sep 17 00:00:00 2001 From: JuanGarriuz Date: Wed, 13 Dec 2023 19:23:27 +0100 Subject: [PATCH 21/26] Standardize titles and subtitles in the register agent wizard (#6208) * Standardize titles and subtitles in the register agent wizard * Add changelod * remove one of the alerts * Fix overlay styles in codeblock --------- Co-authored-by: Federico Rodriguez --- CHANGELOG.md | 1 + .../agent/components/agents-preview.scss | 2 +- .../command-output/command-output.tsx | 2 +- .../components/command-output/os-warning.tsx | 69 +++++++++++++++++++ .../components/group-input/group-input.tsx | 2 +- .../optionals-inputs/optionals-inputs.tsx | 19 +++-- .../server-address/server-address.tsx | 2 +- .../containers/steps/steps.scss | 4 -- .../register-agent/containers/steps/steps.tsx | 31 +++++---- .../utils/register-agent-data.tsx | 4 +- 10 files changed, 106 insertions(+), 30 deletions(-) create mode 100644 plugins/main/public/controllers/register-agent/components/command-output/os-warning.tsx diff --git a/CHANGELOG.md b/CHANGELOG.md index 4d2a06e2cc..dbb1b0707e 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -6,6 +6,7 @@ All notable changes to the Wazuh app project will be documented in this file. ### Added +- Added contextual information in the register agent commands [#6208](https://github.com/wazuh/wazuh-dashboard-plugins/pull/6208) - Support for Wazuh 4.7.2 - Added host name and board serial information to Agents > Inventory data [#6191](https://github.com/wazuh/wazuh-dashboard-plugins/pull/6191) diff --git a/plugins/main/public/controllers/agent/components/agents-preview.scss b/plugins/main/public/controllers/agent/components/agents-preview.scss index 04f94f4f6f..e420ca4e33 100644 --- a/plugins/main/public/controllers/agent/components/agents-preview.scss +++ b/plugins/main/public/controllers/agent/components/agents-preview.scss @@ -57,7 +57,7 @@ position: absolute; top: 0; width: 100%; - height: 90%; + height: 100%; display: flex; flex-direction: column; justify-content: center; diff --git a/plugins/main/public/controllers/register-agent/components/command-output/command-output.tsx b/plugins/main/public/controllers/register-agent/components/command-output/command-output.tsx index 31064c60fe..1a8f604ccf 100644 --- a/plugins/main/public/controllers/register-agent/components/command-output/command-output.tsx +++ b/plugins/main/public/controllers/register-agent/components/command-output/command-output.tsx @@ -55,7 +55,6 @@ export default function CommandOutput(props: ICommandSectionProps) { const onChangeShowPassword = (event: EuiSwitchEvent) => { setShowPassword(event.target.checked); }; - return ( @@ -64,6 +63,7 @@ export default function CommandOutput(props: ICommandSectionProps) { diff --git a/plugins/main/public/controllers/register-agent/components/command-output/os-warning.tsx b/plugins/main/public/controllers/register-agent/components/command-output/os-warning.tsx new file mode 100644 index 0000000000..e9e17e0e65 --- /dev/null +++ b/plugins/main/public/controllers/register-agent/components/command-output/os-warning.tsx @@ -0,0 +1,69 @@ +import React from 'react'; +import { EuiCallOut } from '@elastic/eui'; +import { tOperatingSystem } from '../../core/config/os-commands-definitions'; + +interface OsWarningProps { + os?: tOperatingSystem['name']; +} + +export default function OsCommandWarning(props: OsWarningProps) { + const osSelector = { + WINDOWS: ( + +
    +
  • + + You will need administrator privileges to perform this + installation. + +
    • +
  • + PowerShell 3.0 or greater is required. +
    • +
+

+ Keep in mind you need to run this command in a Windows PowerShell + terminal. +

+ + ), + LINUX: ( + +
    +
  • + + You will need administrator privileges to perform this + installation. + +
    • +
  • + Shell Bash is required. +
    • +
+

+ Keep in mind you need to run this command in a Shell Bash terminal. +

+ + ), + macOS: ( + +
    +
  • + + You will need administrator privileges to perform this + installation. + +
    • +
  • + Shell Bash is required. +
    • +
+

+ Keep in mind you need to run this command in a Shell Bash terminal. +

+ + ), + }; + + return osSelector[props?.os] || null; +} diff --git a/plugins/main/public/controllers/register-agent/components/group-input/group-input.tsx b/plugins/main/public/controllers/register-agent/components/group-input/group-input.tsx index e12c301850..afeab1b86e 100644 --- a/plugins/main/public/controllers/register-agent/components/group-input/group-input.tsx +++ b/plugins/main/public/controllers/register-agent/components/group-input/group-input.tsx @@ -45,7 +45,7 @@ const GroupInput = ({ value, options, onChange }) => { >

- Select one or more existing groups + Select one or more existing groups:

diff --git a/plugins/main/public/controllers/register-agent/components/optionals-inputs/optionals-inputs.tsx b/plugins/main/public/controllers/register-agent/components/optionals-inputs/optionals-inputs.tsx index 317e3b6c41..8a0364ed9c 100644 --- a/plugins/main/public/controllers/register-agent/components/optionals-inputs/optionals-inputs.tsx +++ b/plugins/main/public/controllers/register-agent/components/optionals-inputs/optionals-inputs.tsx @@ -27,7 +27,7 @@ const OptionalsInputs = (props: OptionalsInputsProps) => { const agentNameDocLink = webDocumentationLink( 'user-manual/reference/ossec-conf/client.html#enrollment-agent-name', PLUGIN_VERSION_SHORT, - ) + ); const popoverAgentName = ( Learn about{' '} @@ -64,7 +64,7 @@ const OptionalsInputs = (props: OptionalsInputsProps) => { gutterSize='s' > -

Assign an agent name

+

Assign an agent name:

 { /> {warningForAgentName}} + title={ + + {warningForAgentName} + + + } iconType='iInCircle' className='warningForAgentName' /> diff --git a/plugins/main/public/controllers/register-agent/components/server-address/server-address.tsx b/plugins/main/public/controllers/register-agent/components/server-address/server-address.tsx index d8f1cd1c31..92369162aa 100644 --- a/plugins/main/public/controllers/register-agent/components/server-address/server-address.tsx +++ b/plugins/main/public/controllers/register-agent/components/server-address/server-address.tsx @@ -66,7 +66,7 @@ const ServerAddressInput = (props: ServerAddressInputProps) => { > - Assign a server address + Assign a server address: diff --git a/plugins/main/public/controllers/register-agent/containers/steps/steps.scss b/plugins/main/public/controllers/register-agent/containers/steps/steps.scss index 17bdbef44c..5ea8024f31 100644 --- a/plugins/main/public/controllers/register-agent/containers/steps/steps.scss +++ b/plugins/main/public/controllers/register-agent/containers/steps/steps.scss @@ -32,10 +32,6 @@ margin-top: 10px; } - .euiToolTipAnchor { - margin-left: 7px; - } - .subtitleAgentName { flex-direction: 'row'; font-style: 'normal'; diff --git a/plugins/main/public/controllers/register-agent/containers/steps/steps.tsx b/plugins/main/public/controllers/register-agent/containers/steps/steps.tsx index 2c0dec80e2..6bfc6ff282 100644 --- a/plugins/main/public/controllers/register-agent/containers/steps/steps.tsx +++ b/plugins/main/public/controllers/register-agent/containers/steps/steps.tsx @@ -33,6 +33,7 @@ import { tFormStepsLabel, } from '../../services/register-agent-steps-status-services'; import { webDocumentationLink } from '../../../../../common/services/web_documentation'; +import OsCommandWarning from '../../components/command-output/os-warning'; interface IStepsProps { needsPassword: boolean; @@ -141,14 +142,14 @@ export const Steps = ({ status: getOSSelectorStepStatus(form.fields), }, { - title: 'Server address', + title: 'Server address:', children: , status: getServerAddressStepStatus(form.fields), }, ...(needsPassword && !wazuhPassword ? [ { - title: 'Wazuh password', + title: 'Wazuh password:', children: ( , status: getOptionalParameterStepStatus( form.fields, @@ -184,8 +185,7 @@ export const Steps = ({ ), }, { - title: - 'Run the following commands to download and install the Wazuh agent:', + title: 'Run the following commands to download and install the agent:', children: ( <> {missingStepsName?.length ? ( @@ -208,20 +208,25 @@ export const Steps = ({ /> ) : null} {!missingStepsName?.length && !invalidFieldsName?.length ? ( - setInstallCommandWasCopied(true)} - password={registerAgentFormValues.optionalParams.wazuhPassword} - /> + <> + setInstallCommandWasCopied(true)} + password={registerAgentFormValues.optionalParams.wazuhPassword} + /> + + ) : null} ), status: installCommandStepStatus, }, { - title: 'Start the Wazuh agent:', + title: 'Start the agent:', children: ( <> {missingStepsName?.length ? ( diff --git a/plugins/main/public/controllers/register-agent/utils/register-agent-data.tsx b/plugins/main/public/controllers/register-agent/utils/register-agent-data.tsx index 378bf61d33..39d39d19bf 100644 --- a/plugins/main/public/controllers/register-agent/utils/register-agent-data.tsx +++ b/plugins/main/public/controllers/register-agent/utils/register-agent-data.tsx @@ -34,7 +34,7 @@ export const SERVER_ADDRESS_TEXTS = [ { title: 'Server address', subtitle: - 'This is the address the agent uses to communicate with the Wazuh server. Enter an IP address or a fully qualified domain name (FDQN).', + 'This is the address the agent uses to communicate with the server. Enter an IP address or a fully qualified domain name (FDQN).', }, ]; @@ -42,6 +42,6 @@ export const OPTIONAL_PARAMETERS_TEXT = [ { title: 'Optional settings', subtitle: - 'The deployment sets the endpoint hostname as the agent name by default. Optionally, you can set your own name in the field below.', + 'By default, the deployment uses the hostname as the agent name. Optionally, you can use a different agent name in the field below.', }, ]; From 192c10738d96fd3ef662684f3fb736b328ad2b34 Mon Sep 17 00:00:00 2001 From: Federico Rodriguez Date: Wed, 13 Dec 2023 20:41:51 +0100 Subject: [PATCH 22/26] Fix the register agent selected cluster/manager config endpoint (#6213) * Fix the cluster conditional to choose the endpoints * Add changelog --- CHANGELOG.md | 4 ++-- .../services/register-agent-services.tsx | 24 +++++++++++++------ 2 files changed, 19 insertions(+), 9 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index dbb1b0707e..127e4c8580 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -6,14 +6,14 @@ All notable changes to the Wazuh app project will be documented in this file. ### Added -- Added contextual information in the register agent commands [#6208](https://github.com/wazuh/wazuh-dashboard-plugins/pull/6208) - Support for Wazuh 4.7.2 +- Added contextual information in the register agent commands [#6208](https://github.com/wazuh/wazuh-dashboard-plugins/pull/6208) - Added host name and board serial information to Agents > Inventory data [#6191](https://github.com/wazuh/wazuh-dashboard-plugins/pull/6191) ### Fixed - Fixed Agents preview page load when there are no registered agents [#6185](https://github.com/wazuh/wazuh-dashboard-plugins/pull/6185) -- Fixed the endpoint to get Wazuh server auth configuration [#6206](https://github.com/wazuh/wazuh-dashboard-plugins/pull/6206) +- Fixed the endpoint to get Wazuh server auth configuration [#6206](https://github.com/wazuh/wazuh-dashboard-plugins/pull/6206) [#6213](https://github.com/wazuh/wazuh-dashboard-plugins/pull/6213) ## Wazuh v4.7.1 - OpenSearch Dashboards 2.8.0 - Revision 01 diff --git a/plugins/main/public/controllers/register-agent/services/register-agent-services.tsx b/plugins/main/public/controllers/register-agent/services/register-agent-services.tsx index 71c3b1dc15..82377255e8 100644 --- a/plugins/main/public/controllers/register-agent/services/register-agent-services.tsx +++ b/plugins/main/public/controllers/register-agent/services/register-agent-services.tsx @@ -42,7 +42,10 @@ export const clusterStatusResponse = async (): Promise => { /** * Get the remote configuration from api */ -async function getRemoteConfiguration(nodeName: string): Promise { +async function getRemoteConfiguration( + nodeName: string, + clusterStatus: boolean, +): Promise { let config: RemoteConfig = { name: nodeName, isUdp: false, @@ -50,7 +53,6 @@ async function getRemoteConfiguration(nodeName: string): Promise { }; try { - const clusterStatus = await clusterStatusResponse(); let result; if (clusterStatus) { result = await WzRequest.apiReq( @@ -97,8 +99,8 @@ async function getRemoteConfiguration(nodeName: string): Promise { * @param node * @returns */ -async function getAuthConfiguration(node?: string) { - const authConfigUrl = node +async function getAuthConfiguration(node: string, clusterStatus: boolean) { + const authConfigUrl = clusterStatus ? `/cluster/${node}/configuration/auth/auth` : '/manager/configuration/auth/auth'; const result = await WzRequest.apiReq('GET', authConfigUrl, {}); @@ -131,7 +133,11 @@ async function getConnectionConfig( const nodeIp = nodeSelected?.value; if (!defaultServerAddress) { if (nodeSelected.nodetype !== 'custom') { - const remoteConfig = await getRemoteConfiguration(nodeName); + const clusterStatus = await clusterStatusResponse(); + const remoteConfig = await getRemoteConfiguration( + nodeName, + clusterStatus, + ); return { serverAddress: nodeIp, udpProtocol: remoteConfig.isUdp, @@ -232,8 +238,12 @@ export const getMasterNode = (nodeIps: any[]): any[] => { export const getMasterConfiguration = async () => { const nodes = await fetchClusterNodesOptions(); const masterNode = getMasterNode(nodes); - const remote = await getRemoteConfiguration(masterNode[0].label); - const auth = await getAuthConfiguration(masterNode[0].label); + const clusterStatus = await clusterStatusResponse(); + const remote = await getRemoteConfiguration( + masterNode[0].label, + clusterStatus, + ); + const auth = await getAuthConfiguration(masterNode[0].label, clusterStatus); return { remote, auth, From 9a92c375cb44a6b7894cff81768e8cab1ce5b091 Mon Sep 17 00:00:00 2001 From: Nicolas Agustin Guevara Pihen <42900763+Tostti@users.noreply.github.com> Date: Fri, 15 Dec 2023 11:08:22 -0300 Subject: [PATCH 23/26] Fix error navigating back to agent (#6224) * Fix error in agents preview * Modify changelog --- CHANGELOG.md | 1 + .../agent/components/agents-preview.js | 21 +++++++++++++------ 2 files changed, 16 insertions(+), 6 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 127e4c8580..64e990aae6 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -14,6 +14,7 @@ All notable changes to the Wazuh app project will be documented in this file. - Fixed Agents preview page load when there are no registered agents [#6185](https://github.com/wazuh/wazuh-dashboard-plugins/pull/6185) - Fixed the endpoint to get Wazuh server auth configuration [#6206](https://github.com/wazuh/wazuh-dashboard-plugins/pull/6206) [#6213](https://github.com/wazuh/wazuh-dashboard-plugins/pull/6213) +- Fixed error navigating back to agent in some scenarios [#6224](https://github.com/wazuh/wazuh-dashboard-plugins/pull/6224) ## Wazuh v4.7.1 - OpenSearch Dashboards 2.8.0 - Revision 01 diff --git a/plugins/main/public/controllers/agent/components/agents-preview.js b/plugins/main/public/controllers/agent/components/agents-preview.js index d9a7dbd0ba..de0c36135b 100644 --- a/plugins/main/public/controllers/agent/components/agents-preview.js +++ b/plugins/main/public/controllers/agent/components/agents-preview.js @@ -54,6 +54,7 @@ import { agentStatusColorByAgentStatus, agentStatusLabelByAgentStatus, } from '../../../../common/services/wz_agent_status'; +import { AppNavigate } from '../../../react-services/app-navigate.js'; export const AgentsPreview = compose( withErrorBoundary, @@ -319,10 +320,13 @@ export const AgentsPreview = compose( content='View agent details' > - this.showAgent( - this.state.lastRegisteredAgent, - ) + onClick={ev => { + ev.stopPropagation(); + AppNavigate.navigateToModule(ev, 'agents', { + tab: 'welcome', + agent: this.state.lastRegisteredAgent?.id, + }); + } } > {this.state.lastRegisteredAgent?.name || '-'} @@ -349,8 +353,13 @@ export const AgentsPreview = compose( content='View agent details' > - this.showAgent(this.state.agentMostActive) + onClick={ev => { + ev.stopPropagation(); + AppNavigate.navigateToModule(ev, 'agents', { + tab: 'welcome', + agent: this.state.agentMostActive?.id, + }); + } } > {this.state.agentMostActive?.name || '-'} From beac211f993c5066927c77cb37c4b2cbae78d200 Mon Sep 17 00:00:00 2001 From: Nicolas Agustin Guevara Pihen <42900763+Tostti@users.noreply.github.com> Date: Fri, 15 Dec 2023 13:29:34 -0300 Subject: [PATCH 24/26] Bump revision 03 for 4.7.1-RC3 (#6229) bump revision 03 for 4.7.1-RC3 --- CHANGELOG.md | 2 +- plugins/main/opensearch_dashboards.json | 2 +- plugins/main/package.json | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 09168716cc..2ce32ece55 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,7 +2,7 @@ All notable changes to the Wazuh app project will be documented in this file. -## Wazuh v4.7.1 - OpenSearch Dashboards 2.8.0 - Revision 02 +## Wazuh v4.7.1 - OpenSearch Dashboards 2.8.0 - Revision 03 ### Added diff --git a/plugins/main/opensearch_dashboards.json b/plugins/main/opensearch_dashboards.json index 6ec5775a2a..4fa76eb5d9 100644 --- a/plugins/main/opensearch_dashboards.json +++ b/plugins/main/opensearch_dashboards.json @@ -1,6 +1,6 @@ { "id": "wazuh", - "version": "4.7.1-02", + "version": "4.7.1-03", "opensearchDashboardsVersion": "opensearchDashboards", "configPath": [ "wazuh" diff --git a/plugins/main/package.json b/plugins/main/package.json index 0897f8c945..b784c08d6e 100644 --- a/plugins/main/package.json +++ b/plugins/main/package.json @@ -1,7 +1,7 @@ { "name": "wazuh", "version": "4.7.1", - "revision": "02", + "revision": "03", "pluginPlatform": { "version": "2.8.0" }, From c046cc5947176223be5c1c8ba0baab68601de862 Mon Sep 17 00:00:00 2001 From: Nicolas Agustin Guevara Pihen <42900763+Tostti@users.noreply.github.com> Date: Mon, 18 Dec 2023 13:05:19 -0300 Subject: [PATCH 25/26] Fix reports path in toast (#6226) * Fix reports path in toast * Update changelog * Update changelog --- CHANGELOG.md | 6 +++--- plugins/main/public/react-services/reporting.js | 6 +++--- plugins/main/public/services/reporting.js | 9 ++++----- 3 files changed, 10 insertions(+), 11 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index ab2a2d141f..f3f7820f76 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -17,7 +17,7 @@ All notable changes to the Wazuh app project will be documented in this file. ### Changed -- Moved the plugin menu to platform applications into the side menu [#5840](https://github.com/wazuh/wazuh-dashboard-plugins/pull/5840) +- Moved the plugin menu to platform applications into the side menu [#5840](https://github.com/wazuh/wazuh-dashboard-plugins/pull/5840) [#6226](https://github.com/wazuh/wazuh-dashboard-plugins/pull/6226) - Changed dashboards. [#6035](https://github.com/wazuh/wazuh-dashboard-plugins/pull/6035) - Change the display order of tabs in all modules. [#6067](https://github.com/wazuh/wazuh-dashboard-plugins/pull/6067) - Upgraded the `axios` dependency to `1.6.1` [#5062](https://github.com/wazuh/wazuh-dashboard-plugins/pull/5062) @@ -34,7 +34,7 @@ All notable changes to the Wazuh app project will be documented in this file. - Removed the `disabled_roles` and `customization.logo.sidebar` settings [#5840](https://github.com/wazuh/wazuh-dashboard-plugins/pull/5840) - Removed the ability to configure the visibility of modules and removed `extensions.*` settings [#5840](https://github.com/wazuh/wazuh-dashboard-plugins/pull/5840) -- Removed the application menu in the IT Hygiene application [6176](https://github.com/wazuh/wazuh-dashboard-plugins/pull/6176) +- Removed the application menu in the IT Hygiene application [#6176](https://github.com/wazuh/wazuh-dashboard-plugins/pull/6176) - Removed the implicit filter of WQL language of the search bar UI [#6174](https://github.com/wazuh/wazuh-dashboard-plugins/pull/6174) ## Wazuh v4.7.1 - OpenSearch Dashboards 2.8.0 - Revision 01 @@ -55,7 +55,7 @@ All notable changes to the Wazuh app project will be documented in this file. - Support for Wazuh 4.7.0 - Added `status detail` column in the agents table. [#5680](https://github.com/wazuh/wazuh-dashboard-plugins/pull/5680) -- Added agent register wizard handle properly special characters in password [5738](https://github.com/wazuh/wazuh-dashboard-plugins/pull/5738) +- Added agent register wizard handle properly special characters in password [#5738](https://github.com/wazuh/wazuh-dashboard-plugins/pull/5738) ### Changed diff --git a/plugins/main/public/react-services/reporting.js b/plugins/main/public/react-services/reporting.js index 4fa1dee29d..13a29777b2 100644 --- a/plugins/main/public/react-services/reporting.js +++ b/plugins/main/public/react-services/reporting.js @@ -82,7 +82,7 @@ export class ReportingService { const visualizationIDList = []; for (const item of idArray) { const tmpHTMLElement = $(`#${item}`); - if(tmpHTMLElement[0]){ + if (tmpHTMLElement[0]) { this.vis2png.assignHTMLItem(item, tmpHTMLElement); visualizationIDList.push(item); } @@ -120,7 +120,7 @@ export class ReportingService { this.showToast( 'success', 'Created report', - 'Success. Go to Wazuh > Management > Reporting', + 'Success. Go to Indexer/dashboard management > Reporting', 4000 ); return; @@ -167,7 +167,7 @@ export class ReportingService { this.showToast( 'success', 'Created report', - 'Success. Go to Wazuh > Management > Reporting', + 'Success. Go to Indexer/dashboard management > Reporting', 4000 ); return; diff --git a/plugins/main/public/services/reporting.js b/plugins/main/public/services/reporting.js index 92e869c1bf..6bcc5c45d1 100644 --- a/plugins/main/public/services/reporting.js +++ b/plugins/main/public/services/reporting.js @@ -71,9 +71,8 @@ export class ReportingService { const appliedFilters = await this.visHandlers.getAppliedFilters(syscollectorFilters); const array = await this.vis2png.checkArray(idArray); - const name = `wazuh-${isAgents ? 'agents' : 'overview'}-${tab}-${ - (Date.now() / 1000) | 0 - }.pdf`; + const name = `wazuh-${isAgents ? 'agents' : 'overview'}-${tab}-${(Date.now() / 1000) | 0 + }.pdf`; const browserTimezone = moment.tz.guess(true); @@ -96,7 +95,7 @@ export class ReportingService { this.$rootScope.reportBusy = false; this.$rootScope.reportStatus = false; this.$rootScope.$applyAsync(); - ErrorHandler.info('Success. Go to Wazuh > Management > Reporting', 'Reporting'); + ErrorHandler.info('Success. Go to Indexer/dashboard management > Reporting', 'Reporting'); return; } catch (error) { @@ -134,7 +133,7 @@ export class ReportingService { this.$rootScope.reportBusy = false; this.$rootScope.reportStatus = false; this.$rootScope.$applyAsync(); - ErrorHandler.info('Success. Go to Wazuh > Management > Reporting', 'Reporting'); + ErrorHandler.info('Success. Go to Indexer/dashboard management > Reporting', 'Reporting'); return; } catch (error) { From 52e8096f67e0e8fc9e828bab19311943263ef37b Mon Sep 17 00:00:00 2001 From: Federico Rodriguez Date: Tue, 19 Dec 2023 18:47:50 +0100 Subject: [PATCH 26/26] Fix invalid date format (#6234) * Fix redundant date format * Add changelog --- CHANGELOG.md | 1 + .../public/controllers/agent/components/agents-table.js | 8 ++------ plugins/main/public/controllers/settings/settings.js | 2 +- plugins/main/public/react-services/time-service.js | 9 ++++++--- plugins/wazuh-core/public/utils/time.ts | 3 +++ 5 files changed, 13 insertions(+), 10 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index f3f7820f76..d11d7bcb1d 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -29,6 +29,7 @@ All notable changes to the Wazuh app project will be documented in this file. - Fixed exception in IT-Hygiene when an agent doesn't have policies [#6177](https://github.com/wazuh/wazuh-dashboard-plugins/pull/6177) - Fixed exception in Inventory when agents don't have S.O. information [#6177](https://github.com/wazuh/wazuh-dashboard-plugins/pull/6177) - Fixed pinned agent state in URL [#6177](https://github.com/wazuh/wazuh-dashboard-plugins/pull/6177) +- Fixed invalid date format in about and agent views [#6234](https://github.com/wazuh/wazuh-dashboard-plugins/pull/6234) ### Removed diff --git a/plugins/main/public/controllers/agent/components/agents-table.js b/plugins/main/public/controllers/agent/components/agents-table.js index 650b9d7c5f..e1dae99b5b 100644 --- a/plugins/main/public/controllers/agent/components/agents-table.js +++ b/plugins/main/public/controllers/agent/components/agents-table.js @@ -233,6 +233,7 @@ export const AgentsTable = compose( /> ), + render: dateAdd => formatUIDate(dateAdd), sortable: true, show: false, searchable: false, @@ -250,6 +251,7 @@ export const AgentsTable = compose( /> ), + render: lastKeepAlive => formatUIDate(lastKeepAlive), sortable: true, show: false, searchable: false, @@ -334,12 +336,6 @@ export const AgentsTable = compose( return { ...item, ...(item.ip ? { ip: item.ip } : { ip: '-' }), - ...(typeof item.dateAdd === 'string' - ? { dateAdd: formatUIDate(item.dateAdd) } - : { dateAdd: '-' }), - ...(typeof item.lastKeepAlive === 'string' - ? { lastKeepAlive: formatUIDate(item.lastKeepAlive) } - : { lastKeepAlive: '-' }), ...(item.node_name !== 'unknown' ? { node_name: item.node_name } : { node_name: '-' }), diff --git a/plugins/main/public/controllers/settings/settings.js b/plugins/main/public/controllers/settings/settings.js index aee83ebed5..b405243fb0 100644 --- a/plugins/main/public/controllers/settings/settings.js +++ b/plugins/main/public/controllers/settings/settings.js @@ -472,7 +472,7 @@ export class SettingsController { const response = data.data.data; this.appInfo = { 'app-version': response['app-version'], - installationDate: formatUIDate(response['installationDate']), + installationDate: response['installationDate'], revision: response['revision'], }; diff --git a/plugins/main/public/react-services/time-service.js b/plugins/main/public/react-services/time-service.js index 74e745a3de..c0fa48cbdf 100644 --- a/plugins/main/public/react-services/time-service.js +++ b/plugins/main/public/react-services/time-service.js @@ -12,15 +12,18 @@ import moment from 'moment-timezone'; import { getUiSettings } from '../kibana-services'; -export const formatUIDate = (date) => { +export const formatUIDate = date => { + if (typeof date !== 'string') { + return '-'; + } const dateFormat = getUiSettings().get('dateFormat'); const timezone = getTimeZone(); const momentDate = moment(date); momentDate.tz(timezone); return momentDate.format(dateFormat); -} +}; const getTimeZone = () => { const dateFormatTZ = getUiSettings().get('dateFormat:tz'); const detectedTimezone = moment.tz.guess(); return dateFormatTZ === 'Browser' ? detectedTimezone : dateFormatTZ; -} \ No newline at end of file +}; diff --git a/plugins/wazuh-core/public/utils/time.ts b/plugins/wazuh-core/public/utils/time.ts index 3ddf9b9880..5b7b4bd911 100644 --- a/plugins/wazuh-core/public/utils/time.ts +++ b/plugins/wazuh-core/public/utils/time.ts @@ -2,6 +2,9 @@ import moment from 'moment-timezone'; import { getUiSettings } from '../plugin-services'; export const formatUIDate = (date: Date) => { + if (typeof date !== 'string') { + return '-'; + } const dateFormat = getUiSettings().get('dateFormat'); const timezone = getTimeZone(); const momentDate = moment(date);