valitydev/wazuh-kibana-app
14
0
Fork 0
mirror of https://github.com/valitydev/wazuh-kibana-app.git synced 2024-11-06 18:05:20 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Merge branch '3.8-6.5' into issue-1004

Browse Source
This commit is contained in:
Jesús Ángel 2018-12-28 09:19:28 +01:00
commit 520a60fe09
14 changed files with 61 additions and 80 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
CHANGELOG.md
View File

@ -13,6 +13,7 @@ All notable changes to the Wazuh app project will be documented in this file.
- Added description to each setting under Settings > Configuration ([#1048](https://github.com/wazuh/wazuh-kibana-app/pull/1048)).
- Added a new setting to `config.yml` related to Wazuh monitoring and its index pattern ([#1095](https://github.com/wazuh/wazuh-kibana-app/pull/1095)).
- Resizable columns by dragging in Dev-tools ([#1102](https://github.com/wazuh/wazuh-kibana-app/pull/1102)).
- Added a new table (network addresses) for agent inventory tab ([#1111](https://github.com/wazuh/wazuh-kibana-app/pull/1111)).
### Changed
@ -25,6 +26,8 @@ All notable changes to the Wazuh app project will be documented in this file.
- Added "Registered date" and "Last keep alive" in agents table allowing you to sort by these fields ([#1102](https://github.com/wazuh/wazuh-kibana-app/pull/1102)).
- Improved code quality in sections such as Ruleset > Rule and Decoder detail view simplify conditions ([#1102](https://github.com/wazuh/wazuh-kibana-app/pull/1102)).
- Replaced reporting success message ([#1102](https://github.com/wazuh/wazuh-kibana-app/pull/1102)).
- Reduced the default number of shards and the default number of replicas for the app indices ([#1113](https://github.com/wazuh/wazuh-kibana-app/pull/1113)).
### Fixed
@ -38,12 +41,12 @@ All notable changes to the Wazuh app project will be documented in this file.
- Fixed Management > Monitoring tab frustration adding back buttons ([#1102](https://github.com/wazuh/wazuh-kibana-app/pull/1102)).
- Fix template checking when using more than one pattern ([#1104](https://github.com/wazuh/wazuh-kibana-app/pull/1104)).
## Wazuh v3.7.1 - Kibana v6.5.1 / v6.5.2 / v6.5.3 - Revision 415
## Wazuh v3.7.1 / v3.7.2 - Kibana v6.5.1 / v6.5.2 / v6.5.3 / v6.5.4 - Revision 415
### Added
- Support for Elastic stack v6.5.2 / v6.5.3.
- Support for Wazuh v3.7.1.
- Support for Elastic stack v6.5.2 / v6.5.3 / v6.5.4.
- Support for Wazuh v3.7.1 / v3.7.2.
- Dev Tools module now autocompletes API endpoints ([#1030](https://github.com/wazuh/wazuh-kibana-app/pull/1030)).
### Changed

14
README.md
View File

@ -25,17 +25,17 @@ Visualize and analyze Wazuh alerts stored in Elasticsearch using our Kibana app
## Requisites
- Wazuh HIDS 3.7.1
- Wazuh RESTful API 3.7.1
- Kibana 6.5.3
- Elasticsearch 6.5.3
- Wazuh HIDS 3.7.2
- Wazuh RESTful API 3.7.2
- Kibana 6.5.4
- Elasticsearch 6.5.4
## Installation
Install the app
```
sudo -u kibana NODE_OPTIONS="--max-old-space-size=3072" /usr/share/kibana/bin/kibana-plugin install https://packages.wazuh.com/wazuhapp/wazuhapp-3.7.1_6.5.3.zip
sudo -u kibana NODE_OPTIONS="--max-old-space-size=3072" /usr/share/kibana/bin/kibana-plugin install https://packages.wazuh.com/wazuhapp/wazuhapp-3.7.2_6.5.4.zip
```
Restart Kibana
@ -90,7 +90,7 @@ chown -R kibana:kibana /usr/share/kibana/plugins
Install the app
```
sudo -u kibana NODE_OPTIONS="--max-old-space-size=3072" /usr/share/kibana/bin/kibana-plugin install https://packages.wazuh.com/wazuhapp/wazuhapp-3.7.1_6.5.3.zip
sudo -u kibana NODE_OPTIONS="--max-old-space-size=3072" /usr/share/kibana/bin/kibana-plugin install https://packages.wazuh.com/wazuhapp/wazuhapp-3.7.2_6.5.4.zip
```
Restart Kibana
@ -154,6 +154,8 @@ service kibana restart
| 6.5.1 | 3.7.1 | /usr/share/kibana/bin/kibana-plugin install <https://packages.wazuh.com/wazuhapp/wazuhapp-3.7.1_6.5.1.zip> |
| 6.5.2 | 3.7.1 | /usr/share/kibana/bin/kibana-plugin install <https://packages.wazuh.com/wazuhapp/wazuhapp-3.7.1_6.5.2.zip> |
| 6.5.3 | 3.7.1 | /usr/share/kibana/bin/kibana-plugin install <https://packages.wazuh.com/wazuhapp/wazuhapp-3.7.1_6.5.3.zip> |
| 6.5.3 | 3.7.2 | /usr/share/kibana/bin/kibana-plugin install <https://packages.wazuh.com/wazuhapp/wazuhapp-3.7.2_6.5.3.zip> |
| 6.5.4 | 3.7.2 | /usr/share/kibana/bin/kibana-plugin install <https://packages.wazuh.com/wazuhapp/wazuhapp-3.7.2_6.5.4.zip> |
## Contribute

8
config.yml
View File

@ -58,9 +58,9 @@
#
# Configure .wazuh and .wazuh-version indices shards and replicas.
#wazuh.shards : 1
#wazuh.replicas : 1
#wazuh.replicas : 0
#wazuh-version.shards : 1
#wazuh-version.replicas: 1
#wazuh-version.replicas: 0
#
# --------------------------- Index pattern selector ---------------------------
#
@ -92,8 +92,8 @@
#wazuh.monitoring.frequency: 3600
#
# Configure wazuh-monitoring-3.x-* indices shards and replicas.
#wazuh.monitoring.shards: 5
#wazuh.monitoring.replicas: 1
#wazuh.monitoring.shards: 2
#wazuh.monitoring.replicas: 0
#
# Default index pattern to use for Wazuh monitoring
#wazuh.monitoring.pattern: wazuh-monitoring-3.x-*

2
package.json
View File

@ -4,7 +4,7 @@
"revision": "0416",
"code": "0416-0",
"kibana": {
"version": "6.5.3"
"version": "6.5.4"
},
"engines": {
"node": "8.14.0"

5
public/controllers/agent/agents.js
View File

@ -554,7 +554,8 @@ export class AgentsController {
this.apiReq.request('GET', `/syscollector/${id}/hardware`, {}),
this.apiReq.request('GET', `/syscollector/${id}/os`, {}),
this.apiReq.request('GET', `/syscollector/${id}/netiface`, {}),
this.apiReq.request('GET', `/syscollector/${id}/ports`, {}),
this.apiReq.request('GET', `/syscollector/${id}/ports`, {limit:1}),
this.apiReq.request('GET', `/syscollector/${id}/netaddr`, {limit:1}),
this.apiReq.request('GET', `/syscollector/${id}/packages`, {
limit: 1,
select: 'scan_time'
@ -572,6 +573,7 @@ export class AgentsController {
osResponse,
netifaceResponse,
portsResponse,
netaddrResponse,
packagesDateResponse,
processesDateResponse
] = result;
@ -599,6 +601,7 @@ export class AgentsController {
: false,
netiface: netifaceResponse ? { ...netifaceResponse } : false,
ports: portsResponse ? { ...portsResponse } : false,
netaddr: netaddrResponse ? { ...netaddrResponse } : false,
packagesDate: ((packagesDate || {}).items || []).length
? packagesDate.items[0].scan_time
: 'Unknown',

4
public/services/resolves/check-ram.js
View File

@ -13,13 +13,13 @@ export async function totalRAM(genericReq, errorHandler) {
try {
const data = await genericReq.request('GET', '/utils/memory');
const totalRAM = data.data.ram;
if (totalRAM < 3072 && totalRAM > 2048) {
if (totalRAM < 1600 && totalRAM > 1024) {
errorHandler.handle(
`Kibana server has ${totalRAM}MB of RAM, performance will suffer. Please increase it.`,
'RAM',
true
);
} else if (totalRAM <= 2048) {
} else if (totalRAM <= 1024) {
errorHandler.handle(
`Kibana server has ${totalRAM}MB of RAM, performance will suffer. Please increase it.`,
'RAM'

8
public/services/resolves/get-config.js
View File

@ -28,16 +28,16 @@ export async function getWzConfig($q, genericReq, errorHandler, wazuhConfig) {
'extensions.osquery': false,
timeout: 8000,
'wazuh.shards': 1,
'wazuh.replicas': 1,
'wazuh.replicas': 0,
'wazuh-version.shards': 1,
'wazuh-version.replicas': 1,
'wazuh-version.replicas': 0,
'ip.selector': true,
'ip.ignore': [],
'xpack.rbac.enabled': true,
'wazuh.monitoring.enabled': true,
'wazuh.monitoring.frequency': 3600,
'wazuh.monitoring.shards': 5,
'wazuh.monitoring.replicas': 1,
'wazuh.monitoring.shards': 2,
'wazuh.monitoring.replicas': 0,
'wazuh.monitoring.pattern': 'wazuh-monitoring-3.x-*',
admin: true
};

18
public/templates/agents/agents-syscollector.html
View File

@ -104,6 +104,24 @@
</md-card>
</div>
<div layout="row" class="layout-padding wz-padding-bottom-0" ng-if="syscollectorEnabled && hasSize(syscollector)">
<md-card flex class="wz-md-card">
<md-card-content class="wz-text-center wz-margin-bottom-40-inv" ng-if="syscollector.netaddr && !syscollector.netaddr.items.length">
<i class="fa fa-fw fa-info-circle" aria-hidden="true"></i> <span class="wz-headline-title">No network addresses scan available</span>
<md-divider class="wz-margin-top-10"></md-divider>
<div layout="column" class="wz-padding-top-10">
<p>The network addresses scan is disabled or not ready yet. Wait a little bit and try refreshing the page.</p>
</div>
</md-card-content>
<md-card-content class="wz-margin-bottom-40-inv" ng-if="syscollector.netaddr && syscollector.netaddr.items.length">
<span class="wz-headline-title"><i class="fa fa-fw fa-exchange"></i> Network addresses</span>
<md-divider class="wz-margin-top-10"></md-divider>
<wz-table flex path="'/syscollector/' + agent.id + '/netaddr'" row-sizes="[4]" keys="['address', 'netmask', 'proto', 'broadcast']">
</wz-table>
</md-card-content>
</md-card>
</div>
<div layout="row" class="layout-padding wz-padding-top-0" ng-if="syscollectorEnabled && hasSize(syscollector)">
<md-card flex class="wz-md-card">
<md-card-content>

15
server/initialize.js
View File

@ -68,7 +68,7 @@ export function Initialize(server) {
const checkKnownFields = async () => {
try {
const usingCredentials = await wzWrapper.usingCredentials();
const msg = `x-pack security enabled: ${usingCredentials ? 'yes' : 'no'}`;
const msg = `Security enabled: ${usingCredentials ? 'yes' : 'no'}`;
log('[initialize][checkKnownFields]', msg, 'info');
server.log([blueWazuh, 'initialize', 'info'], msg);
@ -236,12 +236,7 @@ export function Initialize(server) {
// Save Wazuh App setup
const saveConfiguration = async () => {
try {
const shardConfiguration = BuildBody(
configurationFile,
'wazuh-version',
1,
1
);
const shardConfiguration = BuildBody(configurationFile, 'wazuh-version');
await wzWrapper.createWazuhVersionIndex(shardConfiguration);
@ -381,7 +376,7 @@ export function Initialize(server) {
const result = await wzWrapper.checkIfIndexExists('.wazuh');
const shardConfiguration = BuildBody(configurationFile, 'wazuh', 1, 1);
const shardConfiguration = BuildBody(configurationFile, 'wazuh');
if (!result) {
try {
@ -436,9 +431,7 @@ export function Initialize(server) {
await wzWrapper.getWazuhVersionIndex();
const shardConfiguration = BuildBody(
configurationFile,
'wazuh-version',
1,
1
'wazuh-version'
);
await wzWrapper.updateIndexSettings(
'.wazuh-version',

4
server/lib/elastic-wrapper.js
View File

@ -14,6 +14,7 @@ import { monitoringKnownFields } from '../integration-files/monitoring-known-fie
export class ElasticWrapper {
constructor(server) {
this.usingSearchGuard = ((server || {}).plugins || {}).searchguard || false;
this.elasticRequest = server.plugins.elasticsearch.getCluster('data');
this.WZ_KIBANA_INDEX =
((((server || {}).registrations || {}).kibana || {}).options || {})
@ -663,8 +664,9 @@ export class ElasticWrapper {
);
return (
this.usingSearchGuard ||
((((data || {}).defaults || {}).xpack || {}).security || {}).enabled ==
'true'
'true'
);
} catch (error) {
return Promise.reject(error);

4
server/lib/replicas-shards-helper.js
View File

@ -20,8 +20,8 @@
export function BuildBody(
file,
indexName,
defaultShards = 5,
defaulReplicas = 1
defaultShards = 1,
defaulReplicas = 0
) {
if (indexName) {
const shards =

7
server/monitoring.js
View File

@ -380,12 +380,12 @@ export class Monitoring {
const shards =
typeof (configFile || {})['wazuh.monitoring.shards'] !== 'undefined'
? configFile['wazuh.monitoring.shards']
: 5;
: 2;
const replicas =
typeof (configFile || {})['wazuh.monitoring.replicas'] !== 'undefined'
? configFile['wazuh.monitoring.replicas']
: 1;
: 0;
const configuration = {
settings: {
@ -495,8 +495,7 @@ export class Monitoring {
const shardConfiguration = BuildBody(
configurationFile,
'wazuh.monitoring',
5,
1
2
);
await this.wzWrapper.updateIndexSettings(
this.todayIndex,

42
util/api-request-list.js
View File

@ -156,10 +156,6 @@ export const apiRequestList = [
name: '/cache',
args: []
},
{
name: '/experimental/syscheck',
args: []
},
{
name: '/rootcheck',
args: []
@ -429,43 +425,7 @@ export const apiRequestList = [
{
name: '/decoders/parents',
args: []
},
{
name: '/experimental/ciscat/results',
args: []
},
{
name: '/experimental/syscollector/hardware',
args: []
},
{
name: '/experimental/syscollector/netaddr',
args: []
},
{
name: '/experimental/syscollector/netiface',
args: []
},
{
name: '/experimental/syscollector/netproto',
args: []
},
{
name: '/experimental/syscollector/os',
args: []
},
{
name: '/experimental/syscollector/packages',
args: []
},
{
name: '/experimental/syscollector/ports',
args: []
},
{
name: '/experimental/syscollector/processes',
args: []
},
},
{
name: '/manager/configuration',
args: []

1
util/csv-key-equivalence.js
View File

@ -61,6 +61,7 @@ export const KeyEquivalenece = {
proto: 'Protocol',
address: 'Address',
protocol: 'Protocol',
netmask: 'Netmask',
'local.ip': 'Local IP',
'remote.ip': 'Remote IP',
'local.port': 'Local port',