valitydev/wazuh-kibana-app
14
0
Fork 0
mirror of https://github.com/valitydev/wazuh-kibana-app.git synced 2024-11-06 09:55:18 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Elasticsearch JS migrated to internal Kibana callWithRequest/callWithInternalUser

Browse Source
This commit is contained in:
Pedro Sanchez 2017-03-31 10:34:08 -07:00
parent c010e6e172
commit 05696f8509
6 changed files with 157 additions and 212 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
public/controllers/agentsPreview.js
View File

@ -110,7 +110,7 @@ app.controller('agentsPreviewController', function ($scope, DataFactory, Notifie
}, printError);
// Tops
genericReq.request('GET', '/api/wazuh-elastic/top/'+$scope.defaultManager+'/AgentName')
genericReq.request('GET', '/api/wazuh-elastic/top/'+$scope.defaultManager+'/agent.name')
.then(function (data) {
if(data.data == ""){
$scope.mostActiveAgent.name = $scope.defaultManager;
@ -118,7 +118,7 @@ app.controller('agentsPreviewController', function ($scope, DataFactory, Notifie
return;
}
$scope.mostActiveAgent.name = data.data;
genericReq.request('GET', '/api/wazuh-elastic/top/'+$scope.defaultManager+'/AgentID')
genericReq.request('GET', '/api/wazuh-elastic/top/'+$scope.defaultManager+'/agent.id')
.then(function (data) {
if(data.data == "" && $scope.mostActiveAgent.name != ""){
$scope.mostActiveAgent.id = "000";

6
public/objects/routes.js
View File

@ -9,8 +9,10 @@ var settingsWizard = function ($location, testConnection, appState, $q, genericR
{
appState.setDefaultManager(data.manager);
appState.setExtensions(data.extensions);
genericReq.request('PUT', '/api/wazuh-elastic/wazuh-pattern').then(function (data) {
deferred.resolve();
genericReq.request('PUT', '/api/wazuh-elastic/wazuh-alerts-pattern').then(function (data) {
genericReq.request('PUT', '/api/wazuh-elastic/wazuh-monitoring-pattern').then(function (data) {
deferred.resolve();
});
});
}, function (data) {
if(data.error == 2)

69
server/api/wazuh-api.js
View File

@ -26,12 +26,8 @@ module.exports = function (server, options) {
// Elastic JS Client
const serverConfig = server.config();
const elasticsearchURL = serverConfig.get('elasticsearch.url');
const elasticsearch = require('elasticsearch');
const client = new elasticsearch.Client({
host: elasticsearchURL,
apiVersion: '5.0'
});
const { elasticRequest } = server.plugins.elasticsearch.getCluster('data');
//Handlers - Generic
@ -55,22 +51,22 @@ module.exports = function (server, options) {
}
var getConfig = function (callback) {
client.search({ index: '.kibana', type: 'wazuh-configuration', q: 'active:true'})
.then(function (data) {
if (data.hits.total == 1) {
callback({ 'user': data.hits.hits[0]._source.api_user, 'password': new Buffer(data.hits.hits[0]._source.api_password, 'base64').toString("ascii"), 'url': data.hits.hits[0]._source.url, 'port': data.hits.hits[0]._source.api_port, 'insecure': data.hits.hits[0]._source.insecure, 'manager': data.hits.hits[0]._source.manager, 'extensions': data.hits.hits[0]._source.extensions });
} else {
callback({ 'error': 'no credentials', 'error_code': 1 });
}
}, function () {
callback({ 'error': 'no elasticsearch', 'error_code': 2 });
});
elasticRequest(req, 'search', { index: '.kibana', type: 'wazuh-configuration', q: 'active:true'}).then(
function (data) {
if (data.hits.total == 1) {
callback({ 'user': data.hits.hits[0]._source.api_user, 'password': new Buffer(data.hits.hits[0]._source.api_password, 'base64').toString("ascii"), 'url': data.hits.hits[0]._source.url, 'port': data.hits.hits[0]._source.api_port, 'insecure': data.hits.hits[0]._source.insecure, 'manager': data.hits.hits[0]._source.manager, 'extensions': data.hits.hits[0]._source.extensions });
} else {
callback({ 'error': 'no credentials', 'error_code': 1 });
}
}, function (error) {
callback({ 'error': 'no elasticsearch', 'error_code': 2 });
});
};
var getAPI_entries = function (req,reply) {
client.search({ index: '.kibana', type: 'wazuh-configuration'}).then(
elasticRequest(req, 'search', { index: '.kibana', type: 'wazuh-configuration'}).then(
function (data) {
reply(data.hits.hits);
}, function (data, error) {
@ -79,7 +75,7 @@ module.exports = function (server, options) {
};
var deleteAPI_entries = function (req,reply) {
client.delete({ index: '.kibana', type: 'wazuh-configuration', id: req.params.id}).then(
elasticRequest(req, 'delete', { index: '.kibana', type: 'wazuh-configuration', id: req.params.id}).then(
function (data) {
reply(data);
}, function (data, error) {
@ -89,35 +85,37 @@ module.exports = function (server, options) {
var setAPI_entry_default = function (req,reply) {
// Searching for previous default
client.search({ index: '.kibana', type: 'wazuh-configuration', q: 'active:true'})
.then(function (data) {
elasticRequest(req, 'search', { index: '.kibana', type: 'wazuh-configuration', q: 'active:true'}).then(
function (data) {
if (data.hits.total == 1) {
// Setting off previous default
var idPreviousActive = data.hits.hits[0]._id;
client.update({ index: '.kibana', type: 'wazuh-configuration', id: idPreviousActive, body: {doc: {"active": "false"}} }).then(
elasticRequest(req, 'update', { index: '.kibana', type: 'wazuh-configuration', id: idPreviousActive, body: {doc: {"active": "false"}} }).then(
function () {
reply({ 'statusCode': 200, 'message': 'ok' });
// Set new default
elasticRequest(req, 'update', { index: '.kibana', type: 'wazuh-configuration', id: req.params.id, body: {doc: {"active": "true"}} }).then(
function () {
reply({ 'statusCode': 200, 'message': 'ok' });
}, function (error) {
reply({ 'statusCode': 500, 'error': 8, 'message': 'Could not save data in elasticsearch' }).code(500);
});
}, function (error) {
reply({ 'statusCode': 500, 'error': 8, 'message': 'Could not save data in elasticsearch' }).code(500);
});
});
}else{
// Set new default
client.update({ index: '.kibana', type: 'wazuh-configuration', id: req.params.id, body: {doc: {"active": "true"}} }).then(
elasticRequest(req, 'update', { index: '.kibana', type: 'wazuh-configuration', id: req.params.id, body: {doc: {"active": "true"}} }).then(
function () {
reply({ 'statusCode': 200, 'message': 'ok' });
}, function (error) {
reply({ 'statusCode': 500, 'error': 8, 'message': 'Could not save data in elasticsearch' }).code(500);
});
}
});
}
}, function () {
callback({ 'error': 'no elasticsearch', 'error_code': 2 });
reply({ 'statusCode': 500, 'error': 8, 'message': 'Could not set API default entry' }).code(500);
});
client.update({ index: '.kibana', type: 'wazuh-configuration', id: req.params.id, body: {doc: {"active": "true"}} }).then(
function () {
reply({ 'statusCode': 200, 'message': 'ok' });
}, function (error) {
reply({ 'statusCode': 500, 'error': 8, 'message': 'Could not save data in elasticsearch' }).code(500);
});
};
var getPciRequirement = function (req,reply) {
@ -145,7 +143,7 @@ module.exports = function (server, options) {
};
var getExtensions = function (req,reply) {
client.search({ index: '.kibana', type: 'wazuh-configuration'}).then(
elasticRequest(req, 'search', { index: '.kibana', type: 'wazuh-configuration'}).then(
function (data) {
reply(data.hits.hits);
}, function (data, error) {
@ -158,7 +156,7 @@ module.exports = function (server, options) {
var extension = {};
extension[req.params.extensionName] = (req.params.extensionValue == "true") ? true : false;
client.update({ index: '.kibana', type: 'wazuh-configuration', id: req.params.id, body: {doc: {"extensions" : extension}} }).then(
elasticRequest(req, 'update',{ index: '.kibana', type: 'wazuh-configuration', id: req.params.id, body: {doc: {"extensions" : extension}} }).then(
function () {
reply({ 'statusCode': 200, 'message': 'ok' });
}, function (error) {
@ -338,7 +336,8 @@ module.exports = function (server, options) {
return;
}
var settings = { 'api_user': req.payload.user, 'api_password': req.payload.password, 'url': req.payload.url, 'api_port': req.payload.port , 'insecure': req.payload.insecure, 'component' : 'API', 'active' : req.payload.active, 'manager' : req.payload.manager, 'extensions' : req.payload.extensions};
client.index({ index: '.kibana', type: 'wazuh-configuration', body: settings, refresh: true })
elasticRequest(req, 'index', { index: '.kibana', type: 'wazuh-configuration', body: settings, refresh: true })
.then(function (response) {
reply({ 'statusCode': 200, 'message': 'ok', 'response' : response });
}, function (error) {

242
server/api/wazuh-elastic.js
View File

@ -6,12 +6,8 @@ module.exports = function (server, options) {
// Elastic JS Client
const serverConfig = server.config();
const elasticsearchURL = serverConfig.get('elasticsearch.url');
const elasticsearch = require('elasticsearch');
const client = new elasticsearch.Client({
host: elasticsearchURL,
apiVersion: '5.0'
});
const elasticRequest = server.plugins.elasticsearch.getCluster('data');
var index_pattern = "wazuh-alerts-*";
var index_pattern_wazuh_monitoring = "wazuh-monitoring-*";
@ -23,26 +19,20 @@ module.exports = function (server, options) {
const payloads = {
getFieldTop: { "size": 1, "query": { "bool": { "must": [{ "query_string": { "query": "*", "analyze_wildcard": true } }, { "range": { "@timestamp": { "gte": '', "format": "epoch_millis" } } }], "must_not": [] } }, "aggs": { "2": { "terms": { "field": '', "size": 1, "order": { "_count": "desc" } } } } },
getLastField: { "size": 1, "query": { "bool": { "must": [{ "exists": { "field": '' } }, { "query_string": { "query": "*" } }], "must_not": [{}] } }, "sort": [{ "@timestamp": { "order": "desc", "unmapped_type": "boolean" } }] },
statsOverviewAlerts: [{ "size": 0, "query": { "bool": { "must": [{ "query_string": { "query": "*", "analyze_wildcard": true } }, { "range": { "@timestamp": { "gte": '', "format": "epoch_millis" } } }], "must_not": [] } }, "aggs": {} },
{ "size": 0, "query": { "bool": { "must": [{ "query_string": { "query": "*", "analyze_wildcard": true } }, { "range": { "@timestamp": { "gte": '', "format": "epoch_millis" } } }], "must_not": [] } }, "aggs": { "2": { "terms": { "field": "srcip", "size": 1, "order": { "_count": "desc" } } } } },
{ "size": 0, "query": { "bool": { "must": [{ "query_string": { "query": "*", "analyze_wildcard": true } }, { "range": { "@timestamp": { "gte": '', "format": "epoch_millis" } } }], "must_not": [] } }, "aggs": { "2": { "terms": { "field": "rule.groups", "size": 1, "order": { "_count": "desc" } } } } }],
statsOverviewSyscheck: [{ "size": 0, "query": { "bool": { "must": [{ "query_string": { "query": "rule.groups:syscheck", "analyze_wildcard": true } }, { "range": { "@timestamp": { "gte": '', "format": "epoch_millis" } } }], "must_not": [] } }, "aggs": {} },
{ "size": 0, "query": { "bool": { "must": [{ "query_string": { "query": "rule.groups:syscheck", "analyze_wildcard": true } }, { "range": { "@timestamp": { "gte": '', "format": "epoch_millis" } } }], "must_not": [] } }, "aggs": { "2": { "terms": { "field": "AgentName", "size": 1, "order": { "_count": "desc" } } } } },
{ "size": 0, "query": { "bool": { "must": [{ "query_string": { "query": "*", "analyze_wildcard": true } }, { "range": { "@timestamp": { "gte": '', "format": "epoch_millis" } } }], "must_not": [] } }, "aggs": { "2": { "terms": { "field": "SyscheckFile.path", "size": 1, "order": { "_count": "desc" } } } } }]
getLastField: { "size": 1, "query": { "bool": { "must": [{ "exists": { "field": '' } }, { "query_string": { "query": "*" } }], "must_not": [{}] } }, "sort": [{ "@timestamp": { "order": "desc", "unmapped_type": "boolean" } }] }
};
//Handlers
var fetchElastic = function (payload) {
return client.search({ index: 'wazuh-alerts-*', type: 'wazuh', body: payload });
var fetchElastic = function (req, payload) {
return elasticRequest.callWithRequest(req, 'search', { index: 'wazuh-alerts-*', type: 'wazuh', body: payload });
};
// Returns alerts count for fields/value array between timeGTE and timeLT
var alertsCount = function (req, reply) {
var payload = {"size": 1,"query": {"bool": {"must": [], "filter": {"range": {"@timestamp": {}}}}}};
// Set up time interval, default to Last 24h
const timeGTE = req.payload.timeinterval.gte ? req.payload.timeinterval.gte : "now-1d";
const timeLT = req.payload.timeinterval.lt ? req.payload.timeinterval.lt : "now";
@ -62,7 +52,8 @@ module.exports = function (server, options) {
payload.query.bool.must.push({"match": obj});
})
fetchElastic(payload).then(function (data) {
fetchElastic(req, payload).then(function (data) {
reply({ 'statusCode': 200, 'data': data.hits.total });
}, function () {
reply({ 'statusCode': 500, 'error': 9, 'message': 'Could not get data from elasticsearch' }).code(500);
@ -70,31 +61,21 @@ module.exports = function (server, options) {
};
var getFieldTop = function (req, reply) {
// is date defined? or must use 24h ?
var date = new Date();
date.setDate(date.getDate() - 1);
date = date.getTime();
const timeAgo = req.params.time ? encodeURIComponent(req.params.time) : date;
var payload = JSON.parse(JSON.stringify(payloads.getFieldTop));
// Top field payload
var payload = {"size":1,"query":{"bool":{"must":[],"filter":{"range":{"@timestamp":{}}}}},"aggs":{"2":{"terms":{"field":"","size":1,"order":{"_count":"desc"}}}}}
if (req.params.fieldFilter && req.params.fieldFilter2) {
payload.query.bool.must[0].query_string.query = req.params.fieldFilter + ":" + req.params.fieldValue + " AND " + req.params.fieldFilter2 + ":" + req.params.fieldValue2 + " AND manager.name: " + req.params.manager;
}else if(req.params.fieldFilter){
payload.query.bool.must[0].query_string.query = req.params.fieldFilter + ":" + req.params.fieldValue + " AND manager.name: " + req.params.manager;
}else{
payload.query.bool.must[0].query_string.query = "manager.name: " + req.params.manager;
}
payload.query.bool.must[1].range['@timestamp'].gte = timeAgo;
// Set up time interval, default to Last 24h
const timeGTE = "now-1d";
const timeLT = "now";
payload.query.bool.filter.range['@timestamp']["gte"] = timeGTE;
payload.query.bool.filter.range['@timestamp']["lt"] = timeLT;
// Set up match for default manager name
payload.query.bool.must.push({"match": {"manager.name": req.params.manager}});
payload.aggs['2'].terms.field = req.params.field;
fetchElastic(payload).then(function (data) {
fetchElastic(req, payload).then(function (data) {
if (data.hits.total == 0 || typeof data.aggregations['2'].buckets[0] === 'undefined')
reply({ 'statusCode': 200, 'data': '' });
@ -128,7 +109,7 @@ module.exports = function (server, options) {
payload.query.bool.must.push(termArray);
}
fetchElastic(payload).then(function (data) {
fetchElastic(req, payload).then(function (data) {
if (data.hits.total == 0 || typeof data.hits.hits[0] === 'undefined')
reply({ 'statusCode': 200, 'data': '' });
@ -139,78 +120,7 @@ module.exports = function (server, options) {
});
};
var statsOverviewAlerts = function (req, reply) {
var gte = new Date() - (24 * 3600);
var _payloads = payloads.statsOverviewAlerts;
var _data = [];
_payloads[0].query.bool.must[1].range['@timestamp'].gte = gte;
_payloads[1].query.bool.must[1].range['@timestamp'].gte = gte;
_payloads[2].query.bool.must[1].range['@timestamp'].gte = gte;
fetchElastic(_payloads[0]).then(function (data) {
_data['alerts'] = data.hits.total;
fetchElastic(_payloads[1]).then(function (data) {
if (data.hits.total == 0)
_data['ip'] = '-';
else
_data['ip'] = data.aggregations['2'].buckets[0].key;
fetchElastic(_payloads[2]).then(function (data) {
if (data.hits.total == 0)
_data['group'] = '-';
else
_data['group'] = data.aggregations['2'].buckets[0].key;
reply({ 'statusCode': 200, 'data': { 'alerts': _data['alerts'], 'ip': _data['ip'], 'group': _data['group'] } });
}, function () {
reply({ 'statusCode': 500, 'error': 9, 'message': 'Could not get data from elasticsearch' }).code(500);
});
}, function () {
reply({ 'statusCode': 500, 'error': 9, 'message': 'Could not get data from elasticsearch' }).code(500);
});
}, function () {
reply({ 'statusCode': 500, 'error': 9, 'message': 'Could not get data from elasticsearch' }).code(500);
});
};
var statsOverviewSyscheck = function (req, reply) {
var gte = new Date() - (24 * 3600);
var _payloads = payloads.statsOverviewSyscheck;
var _data = [];
_payloads[0].query.bool.must[1].range['@timestamp'].gte = gte;
_payloads[1].query.bool.must[1].range['@timestamp'].gte = gte;
_payloads[2].query.bool.must[1].range['@timestamp'].gte = gte;
fetchElastic(_payloads[0]).then(function (data) {
data['alerts'] = data.hits.total;
fetchElastic(_payloads[1]).then(function (data) {
if (data.hits.total == 0)
_data['agent'] = '-';
else
_data['agent'] = data.aggregations['2'].buckets[0].key;
fetchElastic(_payloads[2]).then(function (data) {
if (data.hits.total == 0)
_data['file'] = '-';
else
_data['file'] = data.aggregations['2'].buckets[0].key;
reply({ 'statusCode': 200, 'data': { 'alerts': _data['alerts'], 'agent': _data['agent'], 'file': _data['file'] } });
}, function () {
reply({ 'statusCode': 500, 'error': 9, 'message': 'Could not get data from elasticsearch' }).code(500);
});
}, function () {
reply({ 'statusCode': 500, 'error': 9, 'message': 'Could not get data from elasticsearch' }).code(500);
});
}, function () {
reply({ 'statusCode': 500, 'error': 9, 'message': 'Could not get data from elasticsearch' }).code(500);
});
};
var putWazuhPattern = function (req, reply) {
var putWazuhAlertsPattern = function (req, reply) {
try {
kibana_fields_data = JSON.parse(fs.readFileSync(path.resolve(__dirname, KIBANA_FIELDS_FILE), 'utf8'));
@ -224,12 +134,12 @@ module.exports = function (server, options) {
}
// Get current fields index pattern (wazuh-alerts-*)
client.get({
elasticRequest.callWithInternalUser('get', {
index: '.kibana',
type: 'index-pattern',
id: index_pattern
}, function (error, response) {
if(response.found){
id: index_pattern
}).then(
function (response) {
wazuhAlerts_indexPattern_current = JSON.parse(response._source.fields);
// Compare and update fields properties
for (var i = 0, len = wazuhAlerts_indexPattern_current.length; i < len; i++) {
@ -239,7 +149,7 @@ module.exports = function (server, options) {
}
}
// Update index pattern (wazuh-alerts-*)
client.update({
elasticRequest.callWithInternalUser('update', {
index: '.kibana',
type: 'index-pattern',
id: index_pattern,
@ -248,12 +158,16 @@ module.exports = function (server, options) {
fields: JSON.stringify((wazuhAlerts_indexPattern_current))
}
}
}, function (error, response) {
responseBack["wazuh-alerts"] = response;
});
}else{
}).then(
function (response) {
reply({ 'response': response}).code(200);
}, function (error) {
reply({ 'response': error, 'error' : '1'}).code(error.statusCode);
}
);
}, function (error) {
// Create index pattern
client.create({
elasticRequest.callWithInternalUser('create', {
index: '.kibana',
type: 'index-pattern',
id: index_pattern,
@ -262,46 +176,74 @@ module.exports = function (server, options) {
timeFieldName: '@timestamp',
fields: kibana_fields_data.wazuh_alerts
}
}).then(function () {
responseBack["wazuh-alerts"] = response;
}, function (response) {
if (response.statusCode != '409') {
responseBack["wazuh-alerts"] = "Index pattern not found and could not be created";
}
}).then(
function (response) {
reply({ 'response': response}).code(200);
}, function (error) {
reply({ 'response': error, 'error' : '2'}).code(error.statusCode);
});
}
});
);
} catch (e) {
server.log([blueWazuh, 'initialize', 'error'], 'Could not read the mapping file.');
server.log([blueWazuh, 'initialize', 'error'], 'Path: ' + KIBANA_FIELDS_FILE);
server.log([blueWazuh, 'initialize', 'error'], 'Exception: ' + e);
};
};
var putWazuhMonitoringPattern = function (req, reply) {
try {
kibana_fields_data = JSON.parse(fs.readFileSync(path.resolve(__dirname, KIBANA_FIELDS_FILE), 'utf8'));
// Update index pattern (wazuh-monitoring-*)
client.update({
// Check if wazuh-monitoring-* exists
elasticRequest.callWithInternalUser('get', {
index: '.kibana',
type: 'index-pattern',
id: index_pattern_wazuh_monitoring,
body: {
doc: {
fields: kibana_fields_data.wazuh_monitoring
}
id: index_pattern_wazuh_monitoring
}).then(
function (response) {
// Update index pattern (wazuh-monitoring-*)
elasticRequest.callWithInternalUser('update', {
index: '.kibana',
type: 'index-pattern',
id: index_pattern_wazuh_monitoring,
body: {
doc: {
fields: kibana_fields_data.wazuh_monitoring
}
}
}).then(
function (response) {
reply({ 'response': response}).code(200);
}, function (error) {
reply({ 'response': error }).code(error.statusCode);
}
);
}, function (error) {
// Create index pattern
elasticRequest.callWithInternalUser('create', {
index: '.kibana',
type: 'index-pattern',
id: index_pattern_wazuh_monitoring,
body: {
title: index_pattern_wazuh_monitoring,
timeFieldName: '@timestamp',
fields: kibana_fields_data.wazuh_monitoring
}
}).then(
function (response) {
reply({ 'response': response}).code(200);
}, function (error) {
reply({ 'response': error, 'error' : '2'}).code(error.statusCode);
});
}
}, function (error, response) {
responseBack["wazuh-monitoring"] = response;
reply({ 'response': responseBack, 'error': error }).code(200);
})
);
} catch (e) {
server.log([blueWazuh, 'initialize', 'error'], 'Could not read the mapping file.');
server.log([blueWazuh, 'initialize', 'error'], 'Path: ' + KIBANA_FIELDS_FILE);
server.log([blueWazuh, 'initialize', 'error'], 'Exception: ' + e);
};
};
};
}
//Server routes
@ -370,6 +312,7 @@ module.exports = function (server, options) {
path: '/api/wazuh-elastic/last/{manager}/{field}/{fieldFilter}/{fieldValue}',
handler: getLastField
});
/*
* PUT /api/wazuh-elastic/wazuh-pattern
* Set wazuh index pattern
@ -377,7 +320,18 @@ module.exports = function (server, options) {
**/
server.route({
method: 'PUT',
path: '/api/wazuh-elastic/wazuh-pattern',
handler: putWazuhPattern
path: '/api/wazuh-elastic/wazuh-alerts-pattern',
handler: putWazuhAlertsPattern
});
/*
* PUT /api/wazuh-elastic/wazuh-pattern
* Set wazuh index pattern
*
**/
server.route({
method: 'PUT',
path: '/api/wazuh-elastic/wazuh-monitoring-pattern',
handler: putWazuhMonitoringPattern
});
};

25
server/startup/initialize.js
View File

@ -3,12 +3,9 @@ module.exports = function (server, options) {
// Elastic JS Client
const serverConfig = server.config();
const elasticsearchURL = serverConfig.get('elasticsearch.url');
const elasticsearch = require('elasticsearch');
const client = new elasticsearch.Client({
host: elasticsearchURL,
apiVersion: '5.0'
});
const elasticRequest = server.plugins.elasticsearch.getCluster('data');
//callWithInternalUser
// External libraries
const uiSettings = server.uiSettings();
@ -48,7 +45,7 @@ module.exports = function (server, options) {
var setup_info = {"name" : "Wazuh App", "app-version": packageJSON.version, "revision": packageJSON.revision, "installationDate": new Date().toISOString() };
if(type == "install"){
client.create({ index: ".kibana", type: 'wazuh-setup', id: 1, body: setup_info }).then(
elasticRequest.callWithInternalUser('create', { index: ".kibana", type: 'wazuh-setup', id: 1, body: setup_info }).then(
function () {
server.log([blueWazuh, 'initialize', 'info'], 'Wazuh set up info inserted');
}, function () {
@ -57,7 +54,7 @@ module.exports = function (server, options) {
}
if(type == "upgrade"){
client.update({ index: ".kibana", type: 'wazuh-setup', id: 1, body: {doc: setup_info}}).then(
elasticRequest.callWithInternalUser('update', { index: ".kibana", type: 'wazuh-setup', id: 1, body: {doc: setup_info}}).then(
function () {
server.log([blueWazuh, 'initialize', 'info'], 'Wazuh set up info updated');
}, function () {
@ -80,7 +77,7 @@ module.exports = function (server, options) {
};
server.log([blueWazuh, 'initialize', 'info'], 'Creating index pattern: ' + index_pattern);
client.create({ index: '.kibana', type: 'index-pattern', id: index_pattern, body: { title: index_pattern, timeFieldName: '@timestamp', fields: kibana_fields_data.wazuh_alerts } })
elasticRequest.callWithInternalUser('create', { index: '.kibana', type: 'index-pattern', id: index_pattern, body: { title: index_pattern, timeFieldName: '@timestamp', fields: kibana_fields_data.wazuh_alerts } })
.then(function () {
server.log([blueWazuh, 'initialize', 'info'], 'Created index pattern: ' + index_pattern);
// Once index pattern is created, set it as default, wait few seconds for Kibana.
@ -158,7 +155,7 @@ module.exports = function (server, options) {
// Init function. Check for "wazuh-setup" document existance.
var init = function () {
client.get({ index: ".kibana", type: "wazuh-setup", id: "1" }).then(
elasticRequest.callWithInternalUser('get', { index: ".kibana", type: "wazuh-setup", id: "1" }).then(
function (data) {
server.log([blueWazuh, 'initialize', 'info'], 'Wazuh-setup document already exists. Proceed to upgrade.');
install("upgrade");
@ -182,8 +179,7 @@ module.exports = function (server, options) {
server.log([blueWazuh, 'initialize', 'error'], 'Path: ' + TEMPLATE_FILE);
server.log([blueWazuh, 'initialize', 'error'], 'Exception: ' + e);
};
client.indices.putTemplate( {name: "wazuh", order: 0, body: map_jsondata}).then(
elasticRequest.callWithInternalUser('indices.putTemplate', {name: "wazuh", order: 0, body: map_jsondata}).then(
function () {
server.log([blueWazuh, 'initialize', 'info'], 'Template installed and loaded: ' + index_pattern);
configureKibana(type);
@ -209,12 +205,11 @@ module.exports = function (server, options) {
body += '{ "index": { "_index": ".kibana", "_type": "'+element._type+'", "_id": "'+element._id+'" } }\n';
body += JSON.stringify(element._source) + "\n";
});
client.bulk({
elasticRequest.callWithInternalUser('bulk',{
index: '.kibana',
body: body
}).then(function () {
client.indices.refresh({ index: ['.kibana', index_pattern] });
elasticRequest.callWithInternalUser('indices.refresh',{ index: ['.kibana', index_pattern] });
server.log([blueWazuh, 'initialize', 'info'], 'Templates, mappings, index patterns, visualizations, searches and dashboards were successfully installed. App ready to be used.');
}, function (err) {
server.log([blueWazuh, 'server', 'error'], 'Error importing objects into elasticsearch. Bulk request failed.');
@ -224,7 +219,7 @@ module.exports = function (server, options) {
// Wait until Kibana index is created / loaded and initialize Wazuh App
var checkKibanaIndex = function () {
client.exists({ index: ".kibana", id: packageJSON.kibana.version, type: "config" }).then(
elasticRequest.callWithInternalUser('exists',{ index: ".kibana", id: packageJSON.kibana.version, type: "config" }).then(
function (data) {
init();
}, function (data) {

23
server/wazuh-monitoring.js
View File

@ -3,12 +3,8 @@ module.exports = function (server, options) {
// Elastic JS Client
const serverConfig = server.config();
const elasticsearchURL = serverConfig.get('elasticsearch.url');
const elasticsearch = require('elasticsearch');
const client = new elasticsearch.Client({
host: elasticsearchURL,
apiVersion: '5.0'
});
const elasticRequest = server.plugins.elasticsearch.getCluster('data');
// External libraries
const fs = require('fs');
@ -125,8 +121,7 @@ module.exports = function (server, options) {
var fDate = new Date().toISOString().replace(/T/, '-').replace(/\..+/, '').replace(/-/g, '.').replace(/:/g, '').slice(0, -7);
var todayIndex = index_prefix + fDate;
client.indices.exists({ index: todayIndex }).then(
elasticRequest.callWithInternalUser('indices.exists',{ index: todayIndex }).then(
function (result) {
if (result) {
insertDocument(todayIndex);
@ -141,7 +136,7 @@ module.exports = function (server, options) {
// Creating wazuh-monitoring index
var createIndex = function (todayIndex) {
client.indices.create({ index: todayIndex }).then(
elasticRequest.callWithInternalUser('indices.create',{ index: todayIndex }).then(
function () {
insertDocument(todayIndex);
}, function () {
@ -165,7 +160,8 @@ module.exports = function (server, options) {
if (body == '') {
return;
}
client.bulk({
elasticRequest.callWithInternalUser('indices.bulk',
{
index: todayIndex,
type: 'agent',
body: body
@ -179,7 +175,7 @@ module.exports = function (server, options) {
// Get API configuration from elastic and callback to loadCredentials
var getConfig = function (callback) {
client.search({ index: '.kibana', type: 'wazuh-configuration'})
elasticRequest.callWithInternalUser('search',{ index: '.kibana', type: 'wazuh-configuration'})
.then(function (data) {
if (data.hits.total > 0) {
callback(data.hits);
@ -200,8 +196,7 @@ module.exports = function (server, options) {
server.log([blueWazuh, 'Wazuh agents monitoring', 'error'], 'Path: ' + TEMPLATE_FILE);
server.log([blueWazuh, 'Wazuh agents monitoring', 'error'], 'Exception: ' + e);
};
client.indices.putTemplate( {name: "wazuh", order: 0, body: map_jsondata}).then(
elasticRequest.callWithInternalUser('indices.putTemplate',{name: "wazuh", order: 0, body: map_jsondata}).then(
function () {
server.log([blueWazuh, 'Wazuh agents monitoring', 'info'], 'Template installed and loaded: ' + index_pattern);
}, function (data) {
@ -220,7 +215,7 @@ module.exports = function (server, options) {
server.log([blueWazuh, 'Wazuh agents monitoring', 'error'], 'Exception: ' + e);
};
return client.create({ index: '.kibana', type: 'index-pattern', id: index_pattern, body: { title: index_pattern, timeFieldName: '@timestamp', fields: kibana_fields_data.wazuh_monitoring} });
return elasticRequest.callWithInternalUser('create',{ index: '.kibana', type: 'index-pattern', id: index_pattern, body: { title: index_pattern, timeFieldName: '@timestamp', fields: kibana_fields_data.wazuh_monitoring} });
};
// fetchAgents on demand
@ -231,7 +226,7 @@ module.exports = function (server, options) {
// Wait until Elasticsearch is ready
var checkElasticStatus = function () {
client.info().then(
elasticRequest.callWithInternalUser('info').then(
function (data) {
init();
}, function (data) {