valitydev/wazuh-kibana-app
14
0
Fork 0
mirror of https://github.com/valitydev/wazuh-kibana-app.git synced 2024-11-06 09:55:18 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Merge pull request #209 from wazuh/3.1-dev-aws-tab

Browse Source 
New AWS extension
This commit is contained in:
Javier Castro 2018-01-24 17:05:43 +01:00 committed by GitHub
commit 459f58ff4a
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
5 changed files with 221 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
public/controllers/agents.js
View File

@ -40,7 +40,7 @@ function ($scope, $location, $q, $rootScope, Notifier, appState, genericReq, api
"oscap": 13,
"audit": 15,
"pci": 3,
"aws": 100,
"aws": 8,
"virustotal": 6,
"configuration": 0
};

2
public/controllers/overview.js
View File

@ -36,7 +36,7 @@ app.controller('overviewController', function ($scope, $location, $rootScope, ap
"oscap": 14,
"audit": 16,
"pci": 6,
"aws": 100,
"aws": 8,
"virustotal": 7
};

60
public/templates/agents/agents-aws.html
View File

@ -1,3 +1,63 @@
<md-content flex layout="column" ng-if="tab === 'aws'" layout-align="start">
<!-- View: Panels -->
<div ng-show="resultState === 'ready' && tabView === 'panels'">
<div layout="row" layout-align="center stretch" class="height-120">
<md-card flex>
<md-card-content class="wazuh-column">
<kbn-vis class="metric" vis-id="'Wazuh-App-Overview-AWS-Metric-Run-instances'" id="Wazuh-App-Overview-AWS-Metric-Run-instances"></kbn-vis>
</md-card-content>
</md-card>
<md-card flex>
<md-card-content class="wazuh-column">
<kbn-vis class="metric" vis-id="'Wazuh-App-Overview-AWS-Metric-Terminate-instances'" id="Wazuh-App-Overview-AWS-Metric-Terminate-instances"></kbn-vis>
</md-card-content>
</md-card>
<md-card flex>
<md-card-content class="wazuh-column">
<kbn-vis class="metric" vis-id="'Wazuh-App-Overview-AWS-Metric-Create-tags'" id="Wazuh-App-Overview-AWS-Metric-Create-tags"></kbn-vis>
</md-card-content>
</md-card>
</div>
<div layout="row" layout-align="center stretch" class="height-120">
<md-card flex>
<md-card-content class="wazuh-column">
<kbn-vis class="metric" vis-id="'Wazuh-App-Overview-AWS-Metric-Authorize-security'" id="Wazuh-App-Overview-AWS-Metric-Authorize-security"></kbn-vis>
</md-card-content>
</md-card>
<md-card flex>
<md-card-content class="wazuh-column">
<kbn-vis class="metric" vis-id="'Wazuh-App-Overview-AWS-Metric-Revoke-security'" id="Wazuh-App-Overview-AWS-Metric-Revoke-security"></kbn-vis>
</md-card-content>
</md-card>
</div>
<div layout="row" layout-align="center stretch" class="height-270">
<md-card flex>
<md-card-content class="wazuh-column">
<span class="md-headline">Security groups over time</span>
<kbn-vis vis-id="'Wazuh-App-Overview-AWS-Security-groups-over-time'" id="Wazuh-App-Overview-AWS-Security-groups-over-time"></kbn-vis>
</md-card-content>
</md-card>
<md-card flex>
<md-card-content class="wazuh-column">
<span class="md-headline">Success login - Top 5 countries</span>
<kbn-vis vis-id="'Wazuh-App-Overview-AWS-Success-login-Top-5-countries'" id="Wazuh-App-Overview-AWS-Success-login-Top-5-countries"></kbn-vis>
</md-card-content>
</md-card>
</div>
<div layout="row" class="height-550">
<md-card flex>
<md-card-content class="wazuh-column">
<span class="md-headline">Alerts summary</span>
<kbn-vis class="kbn-chart" vis-id="'Wazuh-App-Overview-AWS-Agent-alerts-summary'" id="Wazuh-App-Overview-AWS-Agent-alerts-summary"></kbn-vis>
</md-card-content>
</md-card>
</div>
</div>
</md-content>

46
public/templates/overview/overview-aws.html
View File

@ -3,6 +3,52 @@
<!-- View: Panels -->
<div ng-show="resultState === 'ready' && tabView === 'panels'">
<div layout="row" layout-align="center stretch" class="height-120">
<md-card flex>
<md-card-content class="wazuh-column">
<kbn-vis class="metric" vis-id="'Wazuh-App-Overview-AWS-Metric-Run-instances'" id="Wazuh-App-Overview-AWS-Metric-Run-instances"></kbn-vis>
</md-card-content>
</md-card>
<md-card flex>
<md-card-content class="wazuh-column">
<kbn-vis class="metric" vis-id="'Wazuh-App-Overview-AWS-Metric-Terminate-instances'" id="Wazuh-App-Overview-AWS-Metric-Terminate-instances"></kbn-vis>
</md-card-content>
</md-card>
<md-card flex>
<md-card-content class="wazuh-column">
<kbn-vis class="metric" vis-id="'Wazuh-App-Overview-AWS-Metric-Create-tags'" id="Wazuh-App-Overview-AWS-Metric-Create-tags"></kbn-vis>
</md-card-content>
</md-card>
</div>
<div layout="row" layout-align="center stretch" class="height-120">
<md-card flex>
<md-card-content class="wazuh-column">
<kbn-vis class="metric" vis-id="'Wazuh-App-Overview-AWS-Metric-Authorize-security'" id="Wazuh-App-Overview-AWS-Metric-Authorize-security"></kbn-vis>
</md-card-content>
</md-card>
<md-card flex>
<md-card-content class="wazuh-column">
<kbn-vis class="metric" vis-id="'Wazuh-App-Overview-AWS-Metric-Revoke-security'" id="Wazuh-App-Overview-AWS-Metric-Revoke-security"></kbn-vis>
</md-card-content>
</md-card>
</div>
<div layout="row" layout-align="center stretch" class="height-270">
<md-card flex>
<md-card-content class="wazuh-column">
<span class="md-headline">Security groups over time</span>
<kbn-vis vis-id="'Wazuh-App-Overview-AWS-Security-groups-over-time'" id="Wazuh-App-Overview-AWS-Security-groups-over-time"></kbn-vis>
</md-card-content>
</md-card>
<md-card flex>
<md-card-content class="wazuh-column">
<span class="md-headline">Success login - Top 5 countries</span>
<kbn-vis vis-id="'Wazuh-App-Overview-AWS-Success-login-Top-5-countries'" id="Wazuh-App-Overview-AWS-Success-login-Top-5-countries"></kbn-vis>
</md-card-content>
</md-card>
</div>
<div layout="row" class="height-550">
<md-card flex>
<md-card-content class="wazuh-column">

114
server/integration_files/app_objects_file_alerts.json
View File

@ -2012,7 +2012,119 @@
"_id": "Wazuh-App-Overview-AWS-Alerts-summary",
"_source": {
"title": "Wazuh App Overview AWS Alerts summary",
"visState": "{\"title\":\"Wazuh App Overview AWS Alerts summary\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"agent.name\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Agent\"}},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"@timestamp\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Date\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"rule.description\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Description\"}}]}",
"visState": "{\"title\":\"Wazuh App Overview AWS Alerts summary\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"manager.name\",\"size\":500,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Manager\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"GeoLocation.country_name\",\"size\":500,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Country\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"rule.description\",\"size\":999,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Description\"}}]}",
"uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":3,\"direction\":\"desc\"}}},\"spy\":{\"mode\":{\"name\":null,\"fill\":false}}}",
"description": "",
"version": 1,
"kibanaSavedObjectMeta": {
"searchSourceJSON": "{\"index\":\"wazuh-alerts\",\"filter\":[],\"query\":{\"query\":\"rule.groups: amazon\",\"language\":\"lucene\"}}"
}
},
"_type": "visualization"
},
{
"_id": "Wazuh-App-Overview-AWS-Metric-Authorize-security",
"_source": {
"title": "Wazuh App Overview AWS Metric Authorize security",
"visState": "{\"title\":\"Wazuh App Overview AWS Metric Authorize security\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"metric\",\"metric\":{\"percentageMode\":false,\"useRanges\":false,\"colorSchema\":\"Green to Red\",\"metricColorMode\":\"None\",\"colorsRange\":[{\"from\":0,\"to\":10000}],\"labels\":{\"show\":true},\"invertColors\":false,\"style\":{\"bgFill\":\"#000\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"fontSize\":20}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Authorized security groups\"}}]}",
"uiStateJSON": "{}",
"description": "",
"version": 1,
"kibanaSavedObjectMeta": {
"searchSourceJSON": "{\"index\":\"wazuh-alerts\",\"filter\":[],\"query\":{\"query\":\"rule.groups: amazon AND rule.description: *AuthorizeSecurity*\",\"language\":\"lucene\"}}"
}
},
"_type": "visualization"
},
{
"_id": "Wazuh-App-Overview-AWS-Metric-Create-tags",
"_source": {
"title": "Wazuh App Overview AWS Metric Create tags",
"visState": "{\"title\":\"Wazuh App Overview AWS Metric Create tags\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"metric\",\"metric\":{\"percentageMode\":false,\"useRanges\":false,\"colorSchema\":\"Green to Red\",\"metricColorMode\":\"None\",\"colorsRange\":[{\"from\":0,\"to\":10000}],\"labels\":{\"show\":true},\"invertColors\":false,\"style\":{\"bgFill\":\"#000\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"fontSize\":20}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Created tags\"}}]}",
"uiStateJSON": "{}",
"description": "",
"version": 1,
"kibanaSavedObjectMeta": {
"searchSourceJSON": "{\"index\":\"wazuh-alerts\",\"filter\":[],\"query\":{\"query\":\"rule.groups: amazon AND rule.description: *CreateTags*\",\"language\":\"lucene\"}}"
}
},
"_type": "visualization"
},
{
"_id": "Wazuh-App-Overview-AWS-Metric-Revoke-security",
"_source": {
"title": "Wazuh App Overview AWS Metric Revoke security",
"visState": "{\"title\":\"Wazuh App Overview AWS Metric Revoke security\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"metric\",\"metric\":{\"percentageMode\":false,\"useRanges\":false,\"colorSchema\":\"Green to Red\",\"metricColorMode\":\"None\",\"colorsRange\":[{\"from\":0,\"to\":10000}],\"labels\":{\"show\":true},\"invertColors\":false,\"style\":{\"bgFill\":\"#000\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"fontSize\":20}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Revoked security groups\"}}]}",
"uiStateJSON": "{}",
"description": "",
"version": 1,
"kibanaSavedObjectMeta": {
"searchSourceJSON": "{\"index\":\"wazuh-alerts\",\"filter\":[],\"query\":{\"query\":\"rule.groups: amazon AND rule.description: *RevokeSecurity*\",\"language\":\"lucene\"}}"
}
},
"_type": "visualization"
},
{
"_id": "Wazuh-App-Overview-AWS-Metric-Run-instances",
"_source": {
"title": "Wazuh App Overview AWS Metric Run instances",
"visState": "{\"title\":\"Wazuh App Overview AWS Metric Run instances\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"metric\",\"metric\":{\"percentageMode\":false,\"useRanges\":false,\"colorSchema\":\"Green to Red\",\"metricColorMode\":\"None\",\"colorsRange\":[{\"from\":0,\"to\":10000}],\"labels\":{\"show\":true},\"invertColors\":false,\"style\":{\"bgFill\":\"#000\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"fontSize\":20}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Runned instances\"}}]}",
"uiStateJSON": "{}",
"description": "",
"version": 1,
"kibanaSavedObjectMeta": {
"searchSourceJSON": "{\"index\":\"wazuh-alerts\",\"filter\":[],\"query\":{\"query\":\"rule.groups: amazon AND rule.description: *RunInstances*\",\"language\":\"lucene\"}}"
}
},
"_type": "visualization"
},
{
"_id": "Wazuh-App-Overview-AWS-Metric-Terminate-instances",
"_source": {
"title": "Wazuh App Overview AWS Metric Terminate instances",
"visState": "{\"title\":\"Wazuh App Overview AWS Metric Terminate instances\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"metric\",\"metric\":{\"percentageMode\":false,\"useRanges\":false,\"colorSchema\":\"Green to Red\",\"metricColorMode\":\"None\",\"colorsRange\":[{\"from\":0,\"to\":10000}],\"labels\":{\"show\":true},\"invertColors\":false,\"style\":{\"bgFill\":\"#000\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"fontSize\":20}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Terminated instances\"}}]}",
"uiStateJSON": "{}",
"description": "",
"version": 1,
"kibanaSavedObjectMeta": {
"searchSourceJSON": "{\"index\":\"wazuh-alerts\",\"filter\":[],\"query\":{\"query\":\"rule.groups: amazon AND rule.description: *TerminateInstances*\",\"language\":\"lucene\"}}"
}
},
"_type": "visualization"
},
{
"_id": "Wazuh-App-Overview-AWS-Security-groups-over-time",
"_source": {
"title": "Wazuh App Overview AWS Security groups over time",
"visState": "{\"title\":\"Wazuh App Overview AWS Security groups over time\",\"type\":\"area\",\"params\":{\"type\":\"area\",\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":\"true\",\"type\":\"area\",\"mode\":\"stacked\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"interpolate\":\"linear\",\"valueAxis\":\"ValueAxis-1\"}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"rule.description\",\"size\":2,\"order\":\"desc\",\"orderBy\":\"1\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"customInterval\":\"2h\",\"min_doc_count\":1,\"extended_bounds\":{}}}]}",
"uiStateJSON": "{}",
"description": "",
"version": 1,
"kibanaSavedObjectMeta": {
"searchSourceJSON": "{\"index\":\"wazuh-alerts\",\"filter\":[],\"query\":{\"query\":\"rule.groups: amazon AND rule.description: *Security*\",\"language\":\"lucene\"}}"
}
},
"_type": "visualization"
},
{
"_id": "Wazuh-App-Overview-AWS-Success-login-Top-5-countries",
"_source": {
"title": "Wazuh App Overview AWS Success login Top 5 countries",
"visState": "{\"title\":\"Wazuh App Overview AWS Success login Top 5 countries\",\"type\":\"histogram\",\"params\":{\"type\":\"histogram\",\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":\"true\",\"type\":\"histogram\",\"mode\":\"stacked\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":false,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"GeoLocation.country_name\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Country\"}}]}",
"uiStateJSON": "{}",
"description": "",
"version": 1,
"kibanaSavedObjectMeta": {
"searchSourceJSON": "{\"index\":\"wazuh-alerts\",\"filter\":[],\"query\":{\"query\":\"rule.groups: amazon AND rule.description: *Login?Success*\",\"language\":\"lucene\"}}"
}
},
"_type": "visualization"
},
{
"_id": "Wazuh-App-Overview-AWS-Agent-alerts-summary",
"_source": {
"title": "Wazuh App Overview AWS Agent alerts summary",
"visState": "{\"title\":\"Wazuh App Overview AWS Agent alerts summary\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"agent.name\",\"size\":500,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Agent\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"GeoLocation.country_name\",\"size\":500,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Country\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"rule.description\",\"size\":999,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Description\"}}]}",
"uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":3,\"direction\":\"desc\"}}},\"spy\":{\"mode\":{\"name\":null,\"fill\":false}}}",
"description": "",
"version": 1,