wazuh-kibana-app/wazuh.yml

---
#
# Wazuh app - App configuration file
# Copyright (C) 2015-2019 Wazuh, Inc.
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# Find more information about this on the LICENSE file.
#
# ======================== Wazuh app configuration file ========================
#
# Please check the documentation for more information on configuration options:
# https://documentation.wazuh.com/current/installation-guide/index.html
#
# Also, you can check our repository:
# https://github.com/wazuh/wazuh-kibana-app
#
# ------------------------------- Index patterns -------------------------------
#
# Default index pattern to use.
#pattern: wazuh-alerts-3.x-*
#
# ----------------------------------- Checks -----------------------------------
#
# Defines which checks must to be consider by the healthcheck
# step once the Wazuh app starts. Values must to be true or false.
#checks.pattern : true
#checks.template: true
#checks.api     : true
#checks.setup   : true
#
# --------------------------------- Extensions ---------------------------------
#
# Defines which extensions should be activated when you add a new API entry.
# You can change them after Wazuh app starts.
# Values must to be true or false.
#extensions.pci       : true
#extensions.gdpr      : true
#extensions.hipaa     : true
#extensions.nist      : true
#extensions.audit     : true
#extensions.oscap     : false
#extensions.ciscat    : false
#extensions.aws       : false
#extensions.virustotal: false
#extensions.osquery   : false
#extensions.docker    : false
#
# ---------------------------------- Time out ----------------------------------
#
# Defines maximum timeout to be used on the Wazuh app requests.
# It will be ignored if it is bellow 1500.
# It means milliseconds before we consider a request as failed.
# Default: 20000
#timeout: 20000
#
# ------------------------------ Advanced indices ------------------------------
#
# Configure .wazuh indices shards and replicas.
#wazuh.shards          : 1
#wazuh.replicas        : 0
#
# --------------------------- Index pattern selector ---------------------------
#
# Defines if the user is allowed to change the selected
# index pattern directly from the Wazuh app top menu.
# Default: true
#ip.selector: true
#
# List of index patterns to be ignored
#ip.ignore: []
#
# -------------------------------- X-Pack RBAC ---------------------------------
#
# Custom setting to enable/disable built-in X-Pack RBAC security capabilities.
# Default: enabled
#xpack.rbac.enabled: true
#
# ------------------------------ wazuh-monitoring ------------------------------
#
# Custom setting to enable/disable wazuh-monitoring indices.
# Values: true, false, worker
# If worker is given as value, the app will show the Agents status
# visualization but won't insert data on wazuh-monitoring indices.
# Default: true
#wazuh.monitoring.enabled: true
#
# Custom setting to set the frequency for wazuh-monitoring indices cron task.
# Default: 900 (s)
#wazuh.monitoring.frequency: 900
#
# Configure wazuh-monitoring-3.x-* indices shards and replicas.
#wazuh.monitoring.shards: 2
#wazuh.monitoring.replicas: 0
#
# Configure wazuh-monitoring-3.x-* indices custom creation interval.
# Values: h (hourly), d (daily), w (weekly), m (monthly)
# Default: d
#wazuh.monitoring.creation: d
#
# Default index pattern to use for Wazuh monitoring
#wazuh.monitoring.pattern: wazuh-monitoring-3.x-*
#
#
# ------------------------------- App privileges --------------------------------
#admin: true
#
# ------------------------------- App logging level -----------------------------
# Set the logging level for the Wazuh App log files.
# Default value: info
# Allowed values: info, debug
#logs.level: info
#
#-------------------------------- API entries -----------------------------------
#The following configuration is the default structure to define an API entry.
#
#hosts:
#  - <id>:
#     url: http(s)://<url>
#     port: <port>
#     user: <user>
#     password: <password> 

hosts:
  - default:
     url: http://localhost
     port: 55000
     user: foo
     password: bar
Using Yaml instead JSON by the configuration file 2018-01-24 14:28:02 +00:00			`---`
Added filter adding to groups and PCI 2018-04-23 17:15:38 +00:00			`#`
			`# Wazuh app - App configuration file`
Updated copyright text 2019-01-14 16:36:47 +00:00			`# Copyright (C) 2015-2019 Wazuh, Inc.`
Added filter adding to groups and PCI 2018-04-23 17:15:38 +00:00			`#`
			`# This program is free software; you can redistribute it and/or modify`
			`# it under the terms of the GNU General Public License as published by`
			`# the Free Software Foundation; either version 2 of the License, or`
			`# (at your option) any later version.`
			`#`
			`# Find more information about this on the LICENSE file.`
			`#`
Added copyright and small enhancements to root project files 2018-04-22 18:52:55 +00:00			`# ======================== Wazuh app configuration file ========================`
Configuration file refactored 2018-01-30 10:42:48 +00:00			`#`
Added copyright and small enhancements to root project files 2018-04-22 18:52:55 +00:00			`# Please check the documentation for more information on configuration options:`
			`# https://documentation.wazuh.com/current/installation-guide/index.html`
Configuration file refactored 2018-01-30 10:42:48 +00:00			`#`
Added copyright and small enhancements to root project files 2018-04-22 18:52:55 +00:00			`# Also, you can check our repository:`
			`# https://github.com/wazuh/wazuh-kibana-app`
Configuration file refactored 2018-01-30 10:42:48 +00:00			`#`
Added copyright and small enhancements to root project files 2018-04-22 18:52:55 +00:00			`# ------------------------------- Index patterns -------------------------------`
Configuration file refactored 2018-01-30 10:42:48 +00:00			`#`
Using Yaml instead JSON by the configuration file 2018-01-24 14:28:02 +00:00			`# Default index pattern to use.`
Added new options related to wazuh-monitoring 2018-05-07 11:30:55 +00:00			`#pattern: wazuh-alerts-3.x-*`
Configuration file refactored 2018-01-30 10:42:48 +00:00			`#`
Added copyright and small enhancements to root project files 2018-04-22 18:52:55 +00:00			`# ----------------------------------- Checks -----------------------------------`
Configuration file refactored 2018-01-30 10:42:48 +00:00			`#`
Added copyright and small enhancements to root project files 2018-04-22 18:52:55 +00:00			`# Defines which checks must to be consider by the healthcheck`
			`# step once the Wazuh app starts. Values must to be true or false.`
Added new options related to wazuh-monitoring 2018-05-07 11:30:55 +00:00			`#checks.pattern : true`
			`#checks.template: true`
			`#checks.api : true`
			`#checks.setup : true`
Configuration file refactored 2018-01-30 10:42:48 +00:00			`#`
Revert "Fully removed API extensions from the whole App" This reverts commit 6e65da9fc9fed703b1d3f3b273f2643b4b75e733. 2018-10-01 07:05:15 +00:00			`# --------------------------------- Extensions ---------------------------------`
			`#`
			`# Defines which extensions should be activated when you add a new API entry.`
			`# You can change them after Wazuh app starts.`
			`# Values must to be true or false.`
			`#extensions.pci : true`
			`#extensions.gdpr : true`
Bump 7.2 into 7.3 2019-08-07 08:31:59 +00:00			`#extensions.hipaa : true`
			`#extensions.nist : true`
Revert "Fully removed API extensions from the whole App" This reverts commit 6e65da9fc9fed703b1d3f3b273f2643b4b75e733. 2018-10-01 07:05:15 +00:00			`#extensions.audit : true`
Ui fixes 2019-03-21 17:21:29 +00:00			`#extensions.oscap : false`
Revert "Fully removed API extensions from the whole App" This reverts commit 6e65da9fc9fed703b1d3f3b273f2643b4b75e733. 2018-10-01 07:05:15 +00:00			`#extensions.ciscat : false`
			`#extensions.aws : false`
			`#extensions.virustotal: false`
Added extensions logic for Osquery 2018-10-03 09:43:16 +00:00			`#extensions.osquery : false`
Docker configuration + Docker dashboards (#1367) 2019-04-12 10:49:31 +00:00			`#extensions.docker : false`
Configuration file refactored 2018-01-30 10:42:48 +00:00			`#`
Added copyright and small enhancements to root project files 2018-04-22 18:52:55 +00:00			`# ---------------------------------- Time out ----------------------------------`
Configuration file refactored 2018-01-30 10:42:48 +00:00			`#`
Added copyright and small enhancements to root project files 2018-04-22 18:52:55 +00:00			`# Defines maximum timeout to be used on the Wazuh app requests.`
Updated CHANGELOG.md 2018-05-10 18:01:20 +00:00			`# It will be ignored if it is bellow 1500.`
Configuration file refactored 2018-01-30 10:42:48 +00:00			`# It means milliseconds before we consider a request as failed.`
Update 3.9-6.7 branch with latest changes (#1359) 2019-04-10 13:07:56 +00:00			`# Default: 20000`
			`#timeout: 20000`
Adding shard and replica configuration for .wazuh and .wazuh-version 2018-02-27 12:16:56 +00:00			`#`
Added copyright and small enhancements to root project files 2018-04-22 18:52:55 +00:00			`# ------------------------------ Advanced indices ------------------------------`
Adding shard and replica configuration for .wazuh and .wazuh-version 2018-02-27 12:16:56 +00:00			`#`
Bump 7.2 into 7.3 2019-08-07 08:31:59 +00:00			`# Configure .wazuh indices shards and replicas.`
Added new options related to wazuh-monitoring 2018-05-07 11:30:55 +00:00			`#wazuh.shards : 1`
Reduced shards and replicas for common app indices 2018-12-26 14:13:25 +00:00			`#wazuh.replicas : 0`
Added ip.selector to config.yml 2018-03-13 14:16:06 +00:00			`#`
Added copyright and small enhancements to root project files 2018-04-22 18:52:55 +00:00			`# --------------------------- Index pattern selector ---------------------------`
Added ip.selector to config.yml 2018-03-13 14:16:06 +00:00			`#`
Updated CHANGELOG.md 2018-05-10 18:01:20 +00:00			`# Defines if the user is allowed to change the selected`
			`# index pattern directly from the Wazuh app top menu.`
Updated config file to include CIS-CAT extension 2018-06-19 13:35:16 +00:00			`# Default: true`
Added new options related to wazuh-monitoring 2018-05-07 11:30:55 +00:00			`#ip.selector: true`
Added new config for x-pack index pattern filtering 2018-04-26 08:25:05 +00:00			`#`
Added ip.ignore setting 2018-10-05 13:10:59 +00:00			`# List of index patterns to be ignored`
			`#ip.ignore: []`
			`#`
Updated CHANGELOG.md 2018-05-10 18:01:20 +00:00			`# -------------------------------- X-Pack RBAC ---------------------------------`
Added new config for x-pack index pattern filtering 2018-04-26 08:25:05 +00:00			`#`
Updated CHANGELOG.md 2018-05-10 18:01:20 +00:00			`# Custom setting to enable/disable built-in X-Pack RBAC security capabilities.`
Added new config for x-pack index pattern filtering 2018-04-26 08:25:05 +00:00			`# Default: enabled`
Added new options related to wazuh-monitoring 2018-05-07 11:30:55 +00:00			`#xpack.rbac.enabled: true`
			`#`
Updated CHANGELOG.md 2018-05-10 18:01:20 +00:00			`# ------------------------------ wazuh-monitoring ------------------------------`
			`#`
Added new options related to wazuh-monitoring 2018-05-07 11:30:55 +00:00			`# Custom setting to enable/disable wazuh-monitoring indices.`
Allowing to show monitoring data without ingesting information 2018-05-21 08:16:07 +00:00			`# Values: true, false, worker`
Updated config file to include CIS-CAT extension 2018-06-19 13:35:16 +00:00			`# If worker is given as value, the app will show the Agents status`
			`# visualization but won't insert data on wazuh-monitoring indices.`
Allowing to show monitoring data without ingesting information 2018-05-21 08:16:07 +00:00			`# Default: true`
Fix typo 2018-05-07 15:07:19 +00:00			`#wazuh.monitoring.enabled: true`
Added new options related to wazuh-monitoring 2018-05-07 11:30:55 +00:00			`#`
			`# Custom setting to set the frequency for wazuh-monitoring indices cron task.`
Reduced default monitoring interval to 15 min 2019-03-21 15:19:25 +00:00			`# Default: 900 (s)`
			`#wazuh.monitoring.frequency: 900`
Updated CHANGELOG.md 2018-05-10 18:01:20 +00:00			`#`
Renamed configuration for monitoring 2018-08-23 08:40:01 +00:00			`# Configure wazuh-monitoring-3.x-* indices shards and replicas.`
Reduced shards and replicas for common app indices 2018-12-26 14:13:25 +00:00			`#wazuh.monitoring.shards: 2`
			`#wazuh.monitoring.replicas: 0`
Added admin as new setting 2018-10-30 11:23:45 +00:00			`#`
Updated config.yml 2019-02-14 08:47:02 +00:00			`# Configure wazuh-monitoring-3.x-* indices custom creation interval.`
			`# Values: h (hourly), d (daily), w (weekly), m (monthly)`
Re-updated config.yml 2019-02-14 08:51:16 +00:00			`# Default: d`
Updated config.yml 2019-02-14 08:47:02 +00:00			`#wazuh.monitoring.creation: d`
			`#`
Added new setting for Wazuh monitoring index pattern (in progress) 2018-12-17 09:52:57 +00:00			`# Default index pattern to use for Wazuh monitoring`
			`#wazuh.monitoring.pattern: wazuh-monitoring-3.x-*`
			`#`
			`#`
Added admin as new setting 2018-10-30 11:23:45 +00:00			`# ------------------------------- App privileges --------------------------------`
Docker configuration + Docker dashboards (#1367) 2019-04-12 10:49:31 +00:00			`#admin: true`
Improve app logger (#1373) 2019-04-15 10:47:45 +00:00			`#`
Migrate API entries from .wazuh index to wazuh.yml (#1811) * Removed "Pattern" and "First use" sections from Settings * Simplified API entries table in Settings * Started "API is down" guide * Started "Add API" guide * Loading new components for Settings * Adapt Settings views for using new components * Migrate hosts and remove .wazuh index * Prevent duplicate hosts * Improve regex * Cleaning settings.js controller (in progress) * Prevent try to add again if .wazuh was not deleted * Add function to check if is busy * Migrate the cluster_info and extensions to the wazuh-registry * Replace wazuh-version by wazuh-registry * Add endpoint to get the host from wazuh-hosts.yml * Get the APIs from the wazuh-hosts.yml * Updates the cluster info in the registry when checking connection * Remove console.error * Check api connection from wazuh-host data * Try to connect to another API in case the default fails * Adapt settings-wizard and api-count * Adapt wazuh-api.js controller for using wazuh-hosts.yml * Prevent undefined results * Clean initialize * Remove wazuh-api-elastic routes and controllers * Remove addApiProps * Change config.yml by wazuh.yml * Replace config.yml in the kibana plugin helper * Delete wazuh-api-elastic tests * Check for orphan registry entries * Check manager connection before setting as default * Prevent error toaster when there is any api entry * Prevent errors when any api is reachable * Check for new apis and their connection * Prevent error when update registry of undefined * Prevent error when no cluster_info * Remove console.log * Change state by props * Fix settings-wizard * Fix when joinning hosts and registry * Check for new API entries * Close add api component * Remove await * Improve checks for new apis * Test if API is down in wazuh-api * Check down APIs * Api is down component finish * Transform hosts in the backend * Fix key * Adapt removeOrphanentries * Adapt settings-wizard * Improve api-is-down component * Change the way to display the helpers components * Check APIs status when get them * Remove console.log * Check manager sets the status to the API entry * Prevent create wazuh-registry.json without hosts * FIx extensions * Add panel * Change style for wazuh hosts * Show add api component from the table * Refresh API entries * Update wazuh-hosts * Api is down table loading effect * Show API is down when accessing to settings if any API is up * Update cluster info in the settings wizard * Change color * Remove wazuh-hosts.yml * Remove hosts from configuration * Fix \n in the migration * Fix api-count * Fix typo * Fix API wizard * Fix example in getting started guide * Fix typos * Refresh hosts in api-is-down component * Set default in props * Fix API count * Iterates the api entries to set one as default * Fix component unmount * Fix flick * Fix when refresh and all entries and the yml is corrupt * Improve handler error when getting error in the yml parser * Adapt monitoring * Allow unsigned certs * Fix when there is not stored api - health check * Fix when any api entry could be select * Warning when set an API as default * Send to settings when achieve connect with an API when trying set as default * Try to set others API entries * Preven duplicate hosts: in wazuh.yml * Improve when stored api is not reachable handler * Fix typo * Added ID and the capability to search in the table * Fix input style * Fix typo * Do pararell requests * Fix when checking entry * Add cheking spinner while checking api connection * Spinner while checking in api-is-down component * Use for instead of forEach * Change spinner by message while refreshing entries * Add a spinner by each entry while checking it * Show the reason why wazuh is down * Improve message from error 3099 * Add capability to copy to the clipboard the error 2019-10-09 10:13:14 +00:00			`# ------------------------------- App logging level -----------------------------`
Fix typo 2019-05-16 10:10:35 +00:00			`# Set the logging level for the Wazuh App log files.`
Improve app logger (#1373) 2019-04-15 10:47:45 +00:00			`# Default value: info`
			`# Allowed values: info, debug`
Restored level "info" for app logs 2019-08-14 10:33:00 +00:00			`#logs.level: info`
Migrate API entries from .wazuh index to wazuh.yml (#1811) * Removed "Pattern" and "First use" sections from Settings * Simplified API entries table in Settings * Started "API is down" guide * Started "Add API" guide * Loading new components for Settings * Adapt Settings views for using new components * Migrate hosts and remove .wazuh index * Prevent duplicate hosts * Improve regex * Cleaning settings.js controller (in progress) * Prevent try to add again if .wazuh was not deleted * Add function to check if is busy * Migrate the cluster_info and extensions to the wazuh-registry * Replace wazuh-version by wazuh-registry * Add endpoint to get the host from wazuh-hosts.yml * Get the APIs from the wazuh-hosts.yml * Updates the cluster info in the registry when checking connection * Remove console.error * Check api connection from wazuh-host data * Try to connect to another API in case the default fails * Adapt settings-wizard and api-count * Adapt wazuh-api.js controller for using wazuh-hosts.yml * Prevent undefined results * Clean initialize * Remove wazuh-api-elastic routes and controllers * Remove addApiProps * Change config.yml by wazuh.yml * Replace config.yml in the kibana plugin helper * Delete wazuh-api-elastic tests * Check for orphan registry entries * Check manager connection before setting as default * Prevent error toaster when there is any api entry * Prevent errors when any api is reachable * Check for new apis and their connection * Prevent error when update registry of undefined * Prevent error when no cluster_info * Remove console.log * Change state by props * Fix settings-wizard * Fix when joinning hosts and registry * Check for new API entries * Close add api component * Remove await * Improve checks for new apis * Test if API is down in wazuh-api * Check down APIs * Api is down component finish * Transform hosts in the backend * Fix key * Adapt removeOrphanentries * Adapt settings-wizard * Improve api-is-down component * Change the way to display the helpers components * Check APIs status when get them * Remove console.log * Check manager sets the status to the API entry * Prevent create wazuh-registry.json without hosts * FIx extensions * Add panel * Change style for wazuh hosts * Show add api component from the table * Refresh API entries * Update wazuh-hosts * Api is down table loading effect * Show API is down when accessing to settings if any API is up * Update cluster info in the settings wizard * Change color * Remove wazuh-hosts.yml * Remove hosts from configuration * Fix \n in the migration * Fix api-count * Fix typo * Fix API wizard * Fix example in getting started guide * Fix typos * Refresh hosts in api-is-down component * Set default in props * Fix API count * Iterates the api entries to set one as default * Fix component unmount * Fix flick * Fix when refresh and all entries and the yml is corrupt * Improve handler error when getting error in the yml parser * Adapt monitoring * Allow unsigned certs * Fix when there is not stored api - health check * Fix when any api entry could be select * Warning when set an API as default * Send to settings when achieve connect with an API when trying set as default * Try to set others API entries * Preven duplicate hosts: in wazuh.yml * Improve when stored api is not reachable handler * Fix typo * Added ID and the capability to search in the table * Fix input style * Fix typo * Do pararell requests * Fix when checking entry * Add cheking spinner while checking api connection * Spinner while checking in api-is-down component * Use for instead of forEach * Change spinner by message while refreshing entries * Add a spinner by each entry while checking it * Show the reason why wazuh is down * Improve message from error 3099 * Add capability to copy to the clipboard the error 2019-10-09 10:13:14 +00:00			`#`
			`#-------------------------------- API entries -----------------------------------`
			`#The following configuration is the default structure to define an API entry.`
			`#`
			`#hosts:`
			`# - <id>:`
			`# url: http(s)://<url>`
			`# port: <port>`
			`# user: <user>`
			`# password: <password>`

			`hosts:`
			`- default:`
			`url: http://localhost`
			`port: 55000`
			`user: foo`
			`password: bar`