valitydev/wazuh-kibana-app
14
0
Fork 0
mirror of https://github.com/valitydev/wazuh-kibana-app.git synced 2024-11-06 18:05:20 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Elasticsearch JS migrated to internal Kibana callWithRequest/callWithInternalUser

Browse Source
This commit is contained in:
Pedro Sanchez 2017-03-31 10:34:08 -07:00
parent c010e6e172
commit 05696f8509
6 changed files with 157 additions and 212 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
public/controllers/agentsPreview.js
View File

@ -110,7 +110,7 @@ app.controller('agentsPreviewController', function ($scope, DataFactory, Notifie
}, printError); }, printError);
// Tops // Tops
genericReq.request('GET', '/api/wazuh-elastic/top/'+$scope.defaultManager+'/AgentName') genericReq.request('GET', '/api/wazuh-elastic/top/'+$scope.defaultManager+'/agent.name')
.then(function (data) { .then(function (data) {
if(data.data == ""){ if(data.data == ""){
$scope.mostActiveAgent.name = $scope.defaultManager; $scope.mostActiveAgent.name = $scope.defaultManager;
@ -118,7 +118,7 @@ app.controller('agentsPreviewController', function ($scope, DataFactory, Notifie
return; return;
} }
$scope.mostActiveAgent.name = data.data; $scope.mostActiveAgent.name = data.data;
genericReq.request('GET', '/api/wazuh-elastic/top/'+$scope.defaultManager+'/AgentID') genericReq.request('GET', '/api/wazuh-elastic/top/'+$scope.defaultManager+'/agent.id')
.then(function (data) { .then(function (data) {
if(data.data == "" && $scope.mostActiveAgent.name != ""){ if(data.data == "" && $scope.mostActiveAgent.name != ""){
$scope.mostActiveAgent.id = "000"; $scope.mostActiveAgent.id = "000";

6
public/objects/routes.js
View File

@ -9,8 +9,10 @@ var settingsWizard = function ($location, testConnection, appState, $q, genericR
{ {
appState.setDefaultManager(data.manager); appState.setDefaultManager(data.manager);
appState.setExtensions(data.extensions); appState.setExtensions(data.extensions);
genericReq.request('PUT', '/api/wazuh-elastic/wazuh-pattern').then(function (data) { genericReq.request('PUT', '/api/wazuh-elastic/wazuh-alerts-pattern').then(function (data) {
deferred.resolve(); genericReq.request('PUT', '/api/wazuh-elastic/wazuh-monitoring-pattern').then(function (data) {
deferred.resolve();
});
}); });
}, function (data) { }, function (data) {
if(data.error == 2) if(data.error == 2)

69
server/api/wazuh-api.js
View File

@ -26,12 +26,8 @@ module.exports = function (server, options) {
// Elastic JS Client // Elastic JS Client
const serverConfig = server.config(); const serverConfig = server.config();
const elasticsearchURL = serverConfig.get('elasticsearch.url');
const elasticsearch = require('elasticsearch'); const elasticsearch = require('elasticsearch');
const client = new elasticsearch.Client({ const { elasticRequest } = server.plugins.elasticsearch.getCluster('data');
host: elasticsearchURL,
apiVersion: '5.0'
});
//Handlers - Generic //Handlers - Generic
@ -55,22 +51,22 @@ module.exports = function (server, options) {
} }
var getConfig = function (callback) { var getConfig = function (callback) {
client.search({ index: '.kibana', type: 'wazuh-configuration', q: 'active:true'}) elasticRequest(req, 'search', { index: '.kibana', type: 'wazuh-configuration', q: 'active:true'}).then(
.then(function (data) { function (data) {
if (data.hits.total == 1) { if (data.hits.total == 1) {
callback({ 'user': data.hits.hits[0]._source.api_user, 'password': new Buffer(data.hits.hits[0]._source.api_password, 'base64').toString("ascii"), 'url': data.hits.hits[0]._source.url, 'port': data.hits.hits[0]._source.api_port, 'insecure': data.hits.hits[0]._source.insecure, 'manager': data.hits.hits[0]._source.manager, 'extensions': data.hits.hits[0]._source.extensions }); callback({ 'user': data.hits.hits[0]._source.api_user, 'password': new Buffer(data.hits.hits[0]._source.api_password, 'base64').toString("ascii"), 'url': data.hits.hits[0]._source.url, 'port': data.hits.hits[0]._source.api_port, 'insecure': data.hits.hits[0]._source.insecure, 'manager': data.hits.hits[0]._source.manager, 'extensions': data.hits.hits[0]._source.extensions });
} else { } else {
callback({ 'error': 'no credentials', 'error_code': 1 }); callback({ 'error': 'no credentials', 'error_code': 1 });
} }
}, function () { }, function (error) {
callback({ 'error': 'no elasticsearch', 'error_code': 2 }); callback({ 'error': 'no elasticsearch', 'error_code': 2 });
}); });
}; };
var getAPI_entries = function (req,reply) { var getAPI_entries = function (req,reply) {
client.search({ index: '.kibana', type: 'wazuh-configuration'}).then( elasticRequest(req, 'search', { index: '.kibana', type: 'wazuh-configuration'}).then(
function (data) { function (data) {
reply(data.hits.hits); reply(data.hits.hits);
}, function (data, error) { }, function (data, error) {
@ -79,7 +75,7 @@ module.exports = function (server, options) {
}; };
var deleteAPI_entries = function (req,reply) { var deleteAPI_entries = function (req,reply) {
client.delete({ index: '.kibana', type: 'wazuh-configuration', id: req.params.id}).then( elasticRequest(req, 'delete', { index: '.kibana', type: 'wazuh-configuration', id: req.params.id}).then(
function (data) { function (data) {
reply(data); reply(data);
}, function (data, error) { }, function (data, error) {
@ -89,35 +85,37 @@ module.exports = function (server, options) {
var setAPI_entry_default = function (req,reply) { var setAPI_entry_default = function (req,reply) {
// Searching for previous default // Searching for previous default
client.search({ index: '.kibana', type: 'wazuh-configuration', q: 'active:true'}) elasticRequest(req, 'search', { index: '.kibana', type: 'wazuh-configuration', q: 'active:true'}).then(
.then(function (data) { function (data) {
if (data.hits.total == 1) { if (data.hits.total == 1) {
// Setting off previous default // Setting off previous default
var idPreviousActive = data.hits.hits[0]._id; var idPreviousActive = data.hits.hits[0]._id;
client.update({ index: '.kibana', type: 'wazuh-configuration', id: idPreviousActive, body: {doc: {"active": "false"}} }).then( elasticRequest(req, 'update', { index: '.kibana', type: 'wazuh-configuration', id: idPreviousActive, body: {doc: {"active": "false"}} }).then(
function () { function () {
reply({ 'statusCode': 200, 'message': 'ok' }); // Set new default
elasticRequest(req, 'update', { index: '.kibana', type: 'wazuh-configuration', id: req.params.id, body: {doc: {"active": "true"}} }).then(
function () {
reply({ 'statusCode': 200, 'message': 'ok' });
}, function (error) {
reply({ 'statusCode': 500, 'error': 8, 'message': 'Could not save data in elasticsearch' }).code(500);
});
}, function (error) { }, function (error) {
reply({ 'statusCode': 500, 'error': 8, 'message': 'Could not save data in elasticsearch' }).code(500); reply({ 'statusCode': 500, 'error': 8, 'message': 'Could not save data in elasticsearch' }).code(500);
}); });
}else{
// Set new default // Set new default
client.update({ index: '.kibana', type: 'wazuh-configuration', id: req.params.id, body: {doc: {"active": "true"}} }).then( elasticRequest(req, 'update', { index: '.kibana', type: 'wazuh-configuration', id: req.params.id, body: {doc: {"active": "true"}} }).then(
function () { function () {
reply({ 'statusCode': 200, 'message': 'ok' }); reply({ 'statusCode': 200, 'message': 'ok' });
}, function (error) { }, function (error) {
reply({ 'statusCode': 500, 'error': 8, 'message': 'Could not save data in elasticsearch' }).code(500); reply({ 'statusCode': 500, 'error': 8, 'message': 'Could not save data in elasticsearch' }).code(500);
}); });
} }
}, function () { }, function () {
callback({ 'error': 'no elasticsearch', 'error_code': 2 }); reply({ 'statusCode': 500, 'error': 8, 'message': 'Could not set API default entry' }).code(500);
}); });
client.update({ index: '.kibana', type: 'wazuh-configuration', id: req.params.id, body: {doc: {"active": "true"}} }).then(
function () {
reply({ 'statusCode': 200, 'message': 'ok' });
}, function (error) {
reply({ 'statusCode': 500, 'error': 8, 'message': 'Could not save data in elasticsearch' }).code(500);
});
}; };
var getPciRequirement = function (req,reply) { var getPciRequirement = function (req,reply) {
@ -145,7 +143,7 @@ module.exports = function (server, options) {
}; };
var getExtensions = function (req,reply) { var getExtensions = function (req,reply) {
client.search({ index: '.kibana', type: 'wazuh-configuration'}).then( elasticRequest(req, 'search', { index: '.kibana', type: 'wazuh-configuration'}).then(
function (data) { function (data) {
reply(data.hits.hits); reply(data.hits.hits);
}, function (data, error) { }, function (data, error) {
@ -158,7 +156,7 @@ module.exports = function (server, options) {
var extension = {}; var extension = {};
extension[req.params.extensionName] = (req.params.extensionValue == "true") ? true : false; extension[req.params.extensionName] = (req.params.extensionValue == "true") ? true : false;
client.update({ index: '.kibana', type: 'wazuh-configuration', id: req.params.id, body: {doc: {"extensions" : extension}} }).then( elasticRequest(req, 'update',{ index: '.kibana', type: 'wazuh-configuration', id: req.params.id, body: {doc: {"extensions" : extension}} }).then(
function () { function () {
reply({ 'statusCode': 200, 'message': 'ok' }); reply({ 'statusCode': 200, 'message': 'ok' });
}, function (error) { }, function (error) {
@ -338,7 +336,8 @@ module.exports = function (server, options) {
return; return;
} }
var settings = { 'api_user': req.payload.user, 'api_password': req.payload.password, 'url': req.payload.url, 'api_port': req.payload.port , 'insecure': req.payload.insecure, 'component' : 'API', 'active' : req.payload.active, 'manager' : req.payload.manager, 'extensions' : req.payload.extensions}; var settings = { 'api_user': req.payload.user, 'api_password': req.payload.password, 'url': req.payload.url, 'api_port': req.payload.port , 'insecure': req.payload.insecure, 'component' : 'API', 'active' : req.payload.active, 'manager' : req.payload.manager, 'extensions' : req.payload.extensions};
client.index({ index: '.kibana', type: 'wazuh-configuration', body: settings, refresh: true })
elasticRequest(req, 'index', { index: '.kibana', type: 'wazuh-configuration', body: settings, refresh: true })
.then(function (response) { .then(function (response) {
reply({ 'statusCode': 200, 'message': 'ok', 'response' : response }); reply({ 'statusCode': 200, 'message': 'ok', 'response' : response });
}, function (error) { }, function (error) {

242
server/api/wazuh-elastic.js
View File

@ -6,12 +6,8 @@ module.exports = function (server, options) {
// Elastic JS Client // Elastic JS Client
const serverConfig = server.config(); const serverConfig = server.config();
const elasticsearchURL = serverConfig.get('elasticsearch.url');
const elasticsearch = require('elasticsearch'); const elasticsearch = require('elasticsearch');
const client = new elasticsearch.Client({ const elasticRequest = server.plugins.elasticsearch.getCluster('data');
host: elasticsearchURL,
apiVersion: '5.0'
});
var index_pattern = "wazuh-alerts-*"; var index_pattern = "wazuh-alerts-*";
var index_pattern_wazuh_monitoring = "wazuh-monitoring-*"; var index_pattern_wazuh_monitoring = "wazuh-monitoring-*";
@ -23,26 +19,20 @@ module.exports = function (server, options) {
const payloads = { const payloads = {
getFieldTop: { "size": 1, "query": { "bool": { "must": [{ "query_string": { "query": "*", "analyze_wildcard": true } }, { "range": { "@timestamp": { "gte": '', "format": "epoch_millis" } } }], "must_not": [] } }, "aggs": { "2": { "terms": { "field": '', "size": 1, "order": { "_count": "desc" } } } } }, getFieldTop: { "size": 1, "query": { "bool": { "must": [{ "query_string": { "query": "*", "analyze_wildcard": true } }, { "range": { "@timestamp": { "gte": '', "format": "epoch_millis" } } }], "must_not": [] } }, "aggs": { "2": { "terms": { "field": '', "size": 1, "order": { "_count": "desc" } } } } },
getLastField: { "size": 1, "query": { "bool": { "must": [{ "exists": { "field": '' } }, { "query_string": { "query": "*" } }], "must_not": [{}] } }, "sort": [{ "@timestamp": { "order": "desc", "unmapped_type": "boolean" } }] }, getLastField: { "size": 1, "query": { "bool": { "must": [{ "exists": { "field": '' } }, { "query_string": { "query": "*" } }], "must_not": [{}] } }, "sort": [{ "@timestamp": { "order": "desc", "unmapped_type": "boolean" } }] }
statsOverviewAlerts: [{ "size": 0, "query": { "bool": { "must": [{ "query_string": { "query": "*", "analyze_wildcard": true } }, { "range": { "@timestamp": { "gte": '', "format": "epoch_millis" } } }], "must_not": [] } }, "aggs": {} },
{ "size": 0, "query": { "bool": { "must": [{ "query_string": { "query": "*", "analyze_wildcard": true } }, { "range": { "@timestamp": { "gte": '', "format": "epoch_millis" } } }], "must_not": [] } }, "aggs": { "2": { "terms": { "field": "srcip", "size": 1, "order": { "_count": "desc" } } } } },
{ "size": 0, "query": { "bool": { "must": [{ "query_string": { "query": "*", "analyze_wildcard": true } }, { "range": { "@timestamp": { "gte": '', "format": "epoch_millis" } } }], "must_not": [] } }, "aggs": { "2": { "terms": { "field": "rule.groups", "size": 1, "order": { "_count": "desc" } } } } }],
statsOverviewSyscheck: [{ "size": 0, "query": { "bool": { "must": [{ "query_string": { "query": "rule.groups:syscheck", "analyze_wildcard": true } }, { "range": { "@timestamp": { "gte": '', "format": "epoch_millis" } } }], "must_not": [] } }, "aggs": {} },
{ "size": 0, "query": { "bool": { "must": [{ "query_string": { "query": "rule.groups:syscheck", "analyze_wildcard": true } }, { "range": { "@timestamp": { "gte": '', "format": "epoch_millis" } } }], "must_not": [] } }, "aggs": { "2": { "terms": { "field": "AgentName", "size": 1, "order": { "_count": "desc" } } } } },
{ "size": 0, "query": { "bool": { "must": [{ "query_string": { "query": "*", "analyze_wildcard": true } }, { "range": { "@timestamp": { "gte": '', "format": "epoch_millis" } } }], "must_not": [] } }, "aggs": { "2": { "terms": { "field": "SyscheckFile.path", "size": 1, "order": { "_count": "desc" } } } } }]
}; };
//Handlers //Handlers
var fetchElastic = function (payload) { var fetchElastic = function (req, payload) {
return client.search({ index: 'wazuh-alerts-*', type: 'wazuh', body: payload }); return elasticRequest.callWithRequest(req, 'search', { index: 'wazuh-alerts-*', type: 'wazuh', body: payload });
}; };
// Returns alerts count for fields/value array between timeGTE and timeLT // Returns alerts count for fields/value array between timeGTE and timeLT
var alertsCount = function (req, reply) { var alertsCount = function (req, reply) {
var payload = {"size": 1,"query": {"bool": {"must": [], "filter": {"range": {"@timestamp": {}}}}}}; var payload = {"size": 1,"query": {"bool": {"must": [], "filter": {"range": {"@timestamp": {}}}}}};
// Set up time interval, default to Last 24h // Set up time interval, default to Last 24h
const timeGTE = req.payload.timeinterval.gte ? req.payload.timeinterval.gte : "now-1d"; const timeGTE = req.payload.timeinterval.gte ? req.payload.timeinterval.gte : "now-1d";
const timeLT = req.payload.timeinterval.lt ? req.payload.timeinterval.lt : "now"; const timeLT = req.payload.timeinterval.lt ? req.payload.timeinterval.lt : "now";
@ -62,7 +52,8 @@ module.exports = function (server, options) {
payload.query.bool.must.push({"match": obj}); payload.query.bool.must.push({"match": obj});
}) })
fetchElastic(payload).then(function (data) {
fetchElastic(req, payload).then(function (data) {
reply({ 'statusCode': 200, 'data': data.hits.total }); reply({ 'statusCode': 200, 'data': data.hits.total });
}, function () { }, function () {
reply({ 'statusCode': 500, 'error': 9, 'message': 'Could not get data from elasticsearch' }).code(500); reply({ 'statusCode': 500, 'error': 9, 'message': 'Could not get data from elasticsearch' }).code(500);
@ -70,31 +61,21 @@ module.exports = function (server, options) {
}; };
var getFieldTop = function (req, reply) { var getFieldTop = function (req, reply) {
// is date defined? or must use 24h ?
var date = new Date();
date.setDate(date.getDate() - 1);
date = date.getTime();
const timeAgo = req.params.time ? encodeURIComponent(req.params.time) : date; // Top field payload
var payload = {"size":1,"query":{"bool":{"must":[],"filter":{"range":{"@timestamp":{}}}}},"aggs":{"2":{"terms":{"field":"","size":1,"order":{"_count":"desc"}}}}}
var payload = JSON.parse(JSON.stringify(payloads.getFieldTop));
if (req.params.fieldFilter && req.params.fieldFilter2) { // Set up time interval, default to Last 24h
payload.query.bool.must[0].query_string.query = req.params.fieldFilter + ":" + req.params.fieldValue + " AND " + req.params.fieldFilter2 + ":" + req.params.fieldValue2 + " AND manager.name: " + req.params.manager; const timeGTE = "now-1d";
}else if(req.params.fieldFilter){ const timeLT = "now";
payload.query.bool.must[0].query_string.query = req.params.fieldFilter + ":" + req.params.fieldValue + " AND manager.name: " + req.params.manager; payload.query.bool.filter.range['@timestamp']["gte"] = timeGTE;
}else{ payload.query.bool.filter.range['@timestamp']["lt"] = timeLT;
payload.query.bool.must[0].query_string.query = "manager.name: " + req.params.manager;
} // Set up match for default manager name
payload.query.bool.must.push({"match": {"manager.name": req.params.manager}});
payload.query.bool.must[1].range['@timestamp'].gte = timeAgo;
payload.aggs['2'].terms.field = req.params.field; payload.aggs['2'].terms.field = req.params.field;
fetchElastic(payload).then(function (data) { fetchElastic(req, payload).then(function (data) {
if (data.hits.total == 0 || typeof data.aggregations['2'].buckets[0] === 'undefined') if (data.hits.total == 0 || typeof data.aggregations['2'].buckets[0] === 'undefined')
reply({ 'statusCode': 200, 'data': '' }); reply({ 'statusCode': 200, 'data': '' });
@ -128,7 +109,7 @@ module.exports = function (server, options) {
payload.query.bool.must.push(termArray); payload.query.bool.must.push(termArray);
} }
fetchElastic(payload).then(function (data) { fetchElastic(req, payload).then(function (data) {
if (data.hits.total == 0 || typeof data.hits.hits[0] === 'undefined') if (data.hits.total == 0 || typeof data.hits.hits[0] === 'undefined')
reply({ 'statusCode': 200, 'data': '' }); reply({ 'statusCode': 200, 'data': '' });
@ -139,78 +120,7 @@ module.exports = function (server, options) {
}); });
}; };
var statsOverviewAlerts = function (req, reply) { var putWazuhAlertsPattern = function (req, reply) {
var gte = new Date() - (24 * 3600);
var _payloads = payloads.statsOverviewAlerts;
var _data = [];
_payloads[0].query.bool.must[1].range['@timestamp'].gte = gte;
_payloads[1].query.bool.must[1].range['@timestamp'].gte = gte;
_payloads[2].query.bool.must[1].range['@timestamp'].gte = gte;
fetchElastic(_payloads[0]).then(function (data) {
_data['alerts'] = data.hits.total;
fetchElastic(_payloads[1]).then(function (data) {
if (data.hits.total == 0)
_data['ip'] = '-';
else
_data['ip'] = data.aggregations['2'].buckets[0].key;
fetchElastic(_payloads[2]).then(function (data) {
if (data.hits.total == 0)
_data['group'] = '-';
else
_data['group'] = data.aggregations['2'].buckets[0].key;
reply({ 'statusCode': 200, 'data': { 'alerts': _data['alerts'], 'ip': _data['ip'], 'group': _data['group'] } });
}, function () {
reply({ 'statusCode': 500, 'error': 9, 'message': 'Could not get data from elasticsearch' }).code(500);
});
}, function () {
reply({ 'statusCode': 500, 'error': 9, 'message': 'Could not get data from elasticsearch' }).code(500);
});
}, function () {
reply({ 'statusCode': 500, 'error': 9, 'message': 'Could not get data from elasticsearch' }).code(500);
});
};
var statsOverviewSyscheck = function (req, reply) {
var gte = new Date() - (24 * 3600);
var _payloads = payloads.statsOverviewSyscheck;
var _data = [];
_payloads[0].query.bool.must[1].range['@timestamp'].gte = gte;
_payloads[1].query.bool.must[1].range['@timestamp'].gte = gte;
_payloads[2].query.bool.must[1].range['@timestamp'].gte = gte;
fetchElastic(_payloads[0]).then(function (data) {
data['alerts'] = data.hits.total;
fetchElastic(_payloads[1]).then(function (data) {
if (data.hits.total == 0)
_data['agent'] = '-';
else
_data['agent'] = data.aggregations['2'].buckets[0].key;
fetchElastic(_payloads[2]).then(function (data) {
if (data.hits.total == 0)
_data['file'] = '-';
else
_data['file'] = data.aggregations['2'].buckets[0].key;
reply({ 'statusCode': 200, 'data': { 'alerts': _data['alerts'], 'agent': _data['agent'], 'file': _data['file'] } });
}, function () {
reply({ 'statusCode': 500, 'error': 9, 'message': 'Could not get data from elasticsearch' }).code(500);
});
}, function () {
reply({ 'statusCode': 500, 'error': 9, 'message': 'Could not get data from elasticsearch' }).code(500);
});
}, function () {
reply({ 'statusCode': 500, 'error': 9, 'message': 'Could not get data from elasticsearch' }).code(500);
});
};
var putWazuhPattern = function (req, reply) {
try { try {
kibana_fields_data = JSON.parse(fs.readFileSync(path.resolve(__dirname, KIBANA_FIELDS_FILE), 'utf8')); kibana_fields_data = JSON.parse(fs.readFileSync(path.resolve(__dirname, KIBANA_FIELDS_FILE), 'utf8'));
@ -224,12 +134,12 @@ module.exports = function (server, options) {
} }
// Get current fields index pattern (wazuh-alerts-*) // Get current fields index pattern (wazuh-alerts-*)
client.get({ elasticRequest.callWithInternalUser('get', {
index: '.kibana', index: '.kibana',
type: 'index-pattern', type: 'index-pattern',
id: index_pattern id: index_pattern
}, function (error, response) { }).then(
if(response.found){ function (response) {
wazuhAlerts_indexPattern_current = JSON.parse(response._source.fields); wazuhAlerts_indexPattern_current = JSON.parse(response._source.fields);
// Compare and update fields properties // Compare and update fields properties
for (var i = 0, len = wazuhAlerts_indexPattern_current.length; i < len; i++) { for (var i = 0, len = wazuhAlerts_indexPattern_current.length; i < len; i++) {
@ -239,7 +149,7 @@ module.exports = function (server, options) {
} }
} }
// Update index pattern (wazuh-alerts-*) // Update index pattern (wazuh-alerts-*)
client.update({ elasticRequest.callWithInternalUser('update', {
index: '.kibana', index: '.kibana',
type: 'index-pattern', type: 'index-pattern',
id: index_pattern, id: index_pattern,
@ -248,12 +158,16 @@ module.exports = function (server, options) {
fields: JSON.stringify((wazuhAlerts_indexPattern_current)) fields: JSON.stringify((wazuhAlerts_indexPattern_current))
} }
} }
}, function (error, response) { }).then(
responseBack["wazuh-alerts"] = response; function (response) {
}); reply({ 'response': response}).code(200);
}else{ }, function (error) {
reply({ 'response': error, 'error' : '1'}).code(error.statusCode);
}
);
}, function (error) {
// Create index pattern // Create index pattern
client.create({ elasticRequest.callWithInternalUser('create', {
index: '.kibana', index: '.kibana',
type: 'index-pattern', type: 'index-pattern',
id: index_pattern, id: index_pattern,
@ -262,46 +176,74 @@ module.exports = function (server, options) {
timeFieldName: '@timestamp', timeFieldName: '@timestamp',
fields: kibana_fields_data.wazuh_alerts fields: kibana_fields_data.wazuh_alerts
} }
}).then(function () { }).then(
responseBack["wazuh-alerts"] = response; function (response) {
}, function (response) { reply({ 'response': response}).code(200);
if (response.statusCode != '409') { }, function (error) {
responseBack["wazuh-alerts"] = "Index pattern not found and could not be created"; reply({ 'response': error, 'error' : '2'}).code(error.statusCode);
}
}); });
} }
}); );
} catch (e) { } catch (e) {
server.log([blueWazuh, 'initialize', 'error'], 'Could not read the mapping file.'); server.log([blueWazuh, 'initialize', 'error'], 'Could not read the mapping file.');
server.log([blueWazuh, 'initialize', 'error'], 'Path: ' + KIBANA_FIELDS_FILE); server.log([blueWazuh, 'initialize', 'error'], 'Path: ' + KIBANA_FIELDS_FILE);
server.log([blueWazuh, 'initialize', 'error'], 'Exception: ' + e); server.log([blueWazuh, 'initialize', 'error'], 'Exception: ' + e);
}; };
};
var putWazuhMonitoringPattern = function (req, reply) {
try { try {
kibana_fields_data = JSON.parse(fs.readFileSync(path.resolve(__dirname, KIBANA_FIELDS_FILE), 'utf8')); kibana_fields_data = JSON.parse(fs.readFileSync(path.resolve(__dirname, KIBANA_FIELDS_FILE), 'utf8'));
// Update index pattern (wazuh-monitoring-*) // Check if wazuh-monitoring-* exists
client.update({ elasticRequest.callWithInternalUser('get', {
index: '.kibana', index: '.kibana',
type: 'index-pattern', type: 'index-pattern',
id: index_pattern_wazuh_monitoring, id: index_pattern_wazuh_monitoring
body: { }).then(
doc: { function (response) {
fields: kibana_fields_data.wazuh_monitoring // Update index pattern (wazuh-monitoring-*)
} elasticRequest.callWithInternalUser('update', {
index: '.kibana',
type: 'index-pattern',
id: index_pattern_wazuh_monitoring,
body: {
doc: {
fields: kibana_fields_data.wazuh_monitoring
}
}
}).then(
function (response) {
reply({ 'response': response}).code(200);
}, function (error) {
reply({ 'response': error }).code(error.statusCode);
}
);
}, function (error) {
// Create index pattern
elasticRequest.callWithInternalUser('create', {
index: '.kibana',
type: 'index-pattern',
id: index_pattern_wazuh_monitoring,
body: {
title: index_pattern_wazuh_monitoring,
timeFieldName: '@timestamp',
fields: kibana_fields_data.wazuh_monitoring
}
}).then(
function (response) {
reply({ 'response': response}).code(200);
}, function (error) {
reply({ 'response': error, 'error' : '2'}).code(error.statusCode);
});
} }
}, function (error, response) { );
responseBack["wazuh-monitoring"] = response;
reply({ 'response': responseBack, 'error': error }).code(200);
})
} catch (e) { } catch (e) {
server.log([blueWazuh, 'initialize', 'error'], 'Could not read the mapping file.'); server.log([blueWazuh, 'initialize', 'error'], 'Could not read the mapping file.');
server.log([blueWazuh, 'initialize', 'error'], 'Path: ' + KIBANA_FIELDS_FILE); server.log([blueWazuh, 'initialize', 'error'], 'Path: ' + KIBANA_FIELDS_FILE);
server.log([blueWazuh, 'initialize', 'error'], 'Exception: ' + e); server.log([blueWazuh, 'initialize', 'error'], 'Exception: ' + e);
}; };
}
};
//Server routes //Server routes
@ -370,6 +312,7 @@ module.exports = function (server, options) {
path: '/api/wazuh-elastic/last/{manager}/{field}/{fieldFilter}/{fieldValue}', path: '/api/wazuh-elastic/last/{manager}/{field}/{fieldFilter}/{fieldValue}',
handler: getLastField handler: getLastField
}); });
/* /*
* PUT /api/wazuh-elastic/wazuh-pattern * PUT /api/wazuh-elastic/wazuh-pattern
* Set wazuh index pattern * Set wazuh index pattern
@ -377,7 +320,18 @@ module.exports = function (server, options) {
**/ **/
server.route({ server.route({
method: 'PUT', method: 'PUT',
path: '/api/wazuh-elastic/wazuh-pattern', path: '/api/wazuh-elastic/wazuh-alerts-pattern',
handler: putWazuhPattern handler: putWazuhAlertsPattern
}); });
/*
* PUT /api/wazuh-elastic/wazuh-pattern
* Set wazuh index pattern
*
**/
server.route({
method: 'PUT',
path: '/api/wazuh-elastic/wazuh-monitoring-pattern',
handler: putWazuhMonitoringPattern
});
}; };

25
server/startup/initialize.js
View File

@ -3,12 +3,9 @@ module.exports = function (server, options) {
// Elastic JS Client // Elastic JS Client
const serverConfig = server.config(); const serverConfig = server.config();
const elasticsearchURL = serverConfig.get('elasticsearch.url');
const elasticsearch = require('elasticsearch'); const elasticsearch = require('elasticsearch');
const client = new elasticsearch.Client({ const elasticRequest = server.plugins.elasticsearch.getCluster('data');
host: elasticsearchURL, //callWithInternalUser
apiVersion: '5.0'
});
// External libraries // External libraries
const uiSettings = server.uiSettings(); const uiSettings = server.uiSettings();
@ -48,7 +45,7 @@ module.exports = function (server, options) {
var setup_info = {"name" : "Wazuh App", "app-version": packageJSON.version, "revision": packageJSON.revision, "installationDate": new Date().toISOString() }; var setup_info = {"name" : "Wazuh App", "app-version": packageJSON.version, "revision": packageJSON.revision, "installationDate": new Date().toISOString() };
if(type == "install"){ if(type == "install"){
client.create({ index: ".kibana", type: 'wazuh-setup', id: 1, body: setup_info }).then( elasticRequest.callWithInternalUser('create', { index: ".kibana", type: 'wazuh-setup', id: 1, body: setup_info }).then(
function () { function () {
server.log([blueWazuh, 'initialize', 'info'], 'Wazuh set up info inserted'); server.log([blueWazuh, 'initialize', 'info'], 'Wazuh set up info inserted');
}, function () { }, function () {
@ -57,7 +54,7 @@ module.exports = function (server, options) {
} }
if(type == "upgrade"){ if(type == "upgrade"){
client.update({ index: ".kibana", type: 'wazuh-setup', id: 1, body: {doc: setup_info}}).then( elasticRequest.callWithInternalUser('update', { index: ".kibana", type: 'wazuh-setup', id: 1, body: {doc: setup_info}}).then(
function () { function () {
server.log([blueWazuh, 'initialize', 'info'], 'Wazuh set up info updated'); server.log([blueWazuh, 'initialize', 'info'], 'Wazuh set up info updated');
}, function () { }, function () {
@ -80,7 +77,7 @@ module.exports = function (server, options) {
}; };
server.log([blueWazuh, 'initialize', 'info'], 'Creating index pattern: ' + index_pattern); server.log([blueWazuh, 'initialize', 'info'], 'Creating index pattern: ' + index_pattern);
client.create({ index: '.kibana', type: 'index-pattern', id: index_pattern, body: { title: index_pattern, timeFieldName: '@timestamp', fields: kibana_fields_data.wazuh_alerts } }) elasticRequest.callWithInternalUser('create', { index: '.kibana', type: 'index-pattern', id: index_pattern, body: { title: index_pattern, timeFieldName: '@timestamp', fields: kibana_fields_data.wazuh_alerts } })
.then(function () { .then(function () {
server.log([blueWazuh, 'initialize', 'info'], 'Created index pattern: ' + index_pattern); server.log([blueWazuh, 'initialize', 'info'], 'Created index pattern: ' + index_pattern);
// Once index pattern is created, set it as default, wait few seconds for Kibana. // Once index pattern is created, set it as default, wait few seconds for Kibana.
@ -158,7 +155,7 @@ module.exports = function (server, options) {
// Init function. Check for "wazuh-setup" document existance. // Init function. Check for "wazuh-setup" document existance.
var init = function () { var init = function () {
client.get({ index: ".kibana", type: "wazuh-setup", id: "1" }).then( elasticRequest.callWithInternalUser('get', { index: ".kibana", type: "wazuh-setup", id: "1" }).then(
function (data) { function (data) {
server.log([blueWazuh, 'initialize', 'info'], 'Wazuh-setup document already exists. Proceed to upgrade.'); server.log([blueWazuh, 'initialize', 'info'], 'Wazuh-setup document already exists. Proceed to upgrade.');
install("upgrade"); install("upgrade");
@ -182,8 +179,7 @@ module.exports = function (server, options) {
server.log([blueWazuh, 'initialize', 'error'], 'Path: ' + TEMPLATE_FILE); server.log([blueWazuh, 'initialize', 'error'], 'Path: ' + TEMPLATE_FILE);
server.log([blueWazuh, 'initialize', 'error'], 'Exception: ' + e); server.log([blueWazuh, 'initialize', 'error'], 'Exception: ' + e);
}; };
elasticRequest.callWithInternalUser('indices.putTemplate', {name: "wazuh", order: 0, body: map_jsondata}).then(
client.indices.putTemplate( {name: "wazuh", order: 0, body: map_jsondata}).then(
function () { function () {
server.log([blueWazuh, 'initialize', 'info'], 'Template installed and loaded: ' + index_pattern); server.log([blueWazuh, 'initialize', 'info'], 'Template installed and loaded: ' + index_pattern);
configureKibana(type); configureKibana(type);
@ -209,12 +205,11 @@ module.exports = function (server, options) {
body += '{ "index": { "_index": ".kibana", "_type": "'+element._type+'", "_id": "'+element._id+'" } }\n'; body += '{ "index": { "_index": ".kibana", "_type": "'+element._type+'", "_id": "'+element._id+'" } }\n';
body += JSON.stringify(element._source) + "\n"; body += JSON.stringify(element._source) + "\n";
}); });
elasticRequest.callWithInternalUser('bulk',{
client.bulk({
index: '.kibana', index: '.kibana',
body: body body: body
}).then(function () { }).then(function () {
client.indices.refresh({ index: ['.kibana', index_pattern] }); elasticRequest.callWithInternalUser('indices.refresh',{ index: ['.kibana', index_pattern] });
server.log([blueWazuh, 'initialize', 'info'], 'Templates, mappings, index patterns, visualizations, searches and dashboards were successfully installed. App ready to be used.'); server.log([blueWazuh, 'initialize', 'info'], 'Templates, mappings, index patterns, visualizations, searches and dashboards were successfully installed. App ready to be used.');
}, function (err) { }, function (err) {
server.log([blueWazuh, 'server', 'error'], 'Error importing objects into elasticsearch. Bulk request failed.'); server.log([blueWazuh, 'server', 'error'], 'Error importing objects into elasticsearch. Bulk request failed.');
@ -224,7 +219,7 @@ module.exports = function (server, options) {
// Wait until Kibana index is created / loaded and initialize Wazuh App // Wait until Kibana index is created / loaded and initialize Wazuh App
var checkKibanaIndex = function () { var checkKibanaIndex = function () {
client.exists({ index: ".kibana", id: packageJSON.kibana.version, type: "config" }).then( elasticRequest.callWithInternalUser('exists',{ index: ".kibana", id: packageJSON.kibana.version, type: "config" }).then(
function (data) { function (data) {
init(); init();
}, function (data) { }, function (data) {

23
server/wazuh-monitoring.js
View File

@ -3,12 +3,8 @@ module.exports = function (server, options) {
// Elastic JS Client // Elastic JS Client
const serverConfig = server.config(); const serverConfig = server.config();
const elasticsearchURL = serverConfig.get('elasticsearch.url');
const elasticsearch = require('elasticsearch'); const elasticsearch = require('elasticsearch');
const client = new elasticsearch.Client({ const elasticRequest = server.plugins.elasticsearch.getCluster('data');
host: elasticsearchURL,
apiVersion: '5.0'
});
// External libraries // External libraries
const fs = require('fs'); const fs = require('fs');
@ -125,8 +121,7 @@ module.exports = function (server, options) {
var fDate = new Date().toISOString().replace(/T/, '-').replace(/\..+/, '').replace(/-/g, '.').replace(/:/g, '').slice(0, -7); var fDate = new Date().toISOString().replace(/T/, '-').replace(/\..+/, '').replace(/-/g, '.').replace(/:/g, '').slice(0, -7);
var todayIndex = index_prefix + fDate; var todayIndex = index_prefix + fDate;
elasticRequest.callWithInternalUser('indices.exists',{ index: todayIndex }).then(
client.indices.exists({ index: todayIndex }).then(
function (result) { function (result) {
if (result) { if (result) {
insertDocument(todayIndex); insertDocument(todayIndex);
@ -141,7 +136,7 @@ module.exports = function (server, options) {
// Creating wazuh-monitoring index // Creating wazuh-monitoring index
var createIndex = function (todayIndex) { var createIndex = function (todayIndex) {
client.indices.create({ index: todayIndex }).then( elasticRequest.callWithInternalUser('indices.create',{ index: todayIndex }).then(
function () { function () {
insertDocument(todayIndex); insertDocument(todayIndex);
}, function () { }, function () {
@ -165,7 +160,8 @@ module.exports = function (server, options) {
if (body == '') { if (body == '') {
return; return;
} }
client.bulk({ elasticRequest.callWithInternalUser('indices.bulk',
{
index: todayIndex, index: todayIndex,
type: 'agent', type: 'agent',
body: body body: body
@ -179,7 +175,7 @@ module.exports = function (server, options) {
// Get API configuration from elastic and callback to loadCredentials // Get API configuration from elastic and callback to loadCredentials
var getConfig = function (callback) { var getConfig = function (callback) {
client.search({ index: '.kibana', type: 'wazuh-configuration'}) elasticRequest.callWithInternalUser('search',{ index: '.kibana', type: 'wazuh-configuration'})
.then(function (data) { .then(function (data) {
if (data.hits.total > 0) { if (data.hits.total > 0) {
callback(data.hits); callback(data.hits);
@ -200,8 +196,7 @@ module.exports = function (server, options) {
server.log([blueWazuh, 'Wazuh agents monitoring', 'error'], 'Path: ' + TEMPLATE_FILE); server.log([blueWazuh, 'Wazuh agents monitoring', 'error'], 'Path: ' + TEMPLATE_FILE);
server.log([blueWazuh, 'Wazuh agents monitoring', 'error'], 'Exception: ' + e); server.log([blueWazuh, 'Wazuh agents monitoring', 'error'], 'Exception: ' + e);
}; };
elasticRequest.callWithInternalUser('indices.putTemplate',{name: "wazuh", order: 0, body: map_jsondata}).then(
client.indices.putTemplate( {name: "wazuh", order: 0, body: map_jsondata}).then(
function () { function () {
server.log([blueWazuh, 'Wazuh agents monitoring', 'info'], 'Template installed and loaded: ' + index_pattern); server.log([blueWazuh, 'Wazuh agents monitoring', 'info'], 'Template installed and loaded: ' + index_pattern);
}, function (data) { }, function (data) {
@ -220,7 +215,7 @@ module.exports = function (server, options) {
server.log([blueWazuh, 'Wazuh agents monitoring', 'error'], 'Exception: ' + e); server.log([blueWazuh, 'Wazuh agents monitoring', 'error'], 'Exception: ' + e);
}; };
return client.create({ index: '.kibana', type: 'index-pattern', id: index_pattern, body: { title: index_pattern, timeFieldName: '@timestamp', fields: kibana_fields_data.wazuh_monitoring} }); return elasticRequest.callWithInternalUser('create',{ index: '.kibana', type: 'index-pattern', id: index_pattern, body: { title: index_pattern, timeFieldName: '@timestamp', fields: kibana_fields_data.wazuh_monitoring} });
}; };
// fetchAgents on demand // fetchAgents on demand
@ -231,7 +226,7 @@ module.exports = function (server, options) {
// Wait until Elasticsearch is ready // Wait until Elasticsearch is ready
var checkElasticStatus = function () { var checkElasticStatus = function () {
client.info().then( elasticRequest.callWithInternalUser('info').then(
function (data) { function (data) {
init(); init();
}, function (data) { }, function (data) {