Merge branch '3.8-6.5' into issue-1004

CHANGELOG.md

@@ -13,6 +13,7 @@ All notable changes to the Wazuh app project will be documented in this file.
 - Added description to each setting under Settings > Configuration ([#1048](https://github.com/wazuh/wazuh-kibana-app/pull/1048)).
 - Added a new setting to `config.yml` related to Wazuh monitoring and its index pattern ([#1095](https://github.com/wazuh/wazuh-kibana-app/pull/1095)).
 - Resizable columns by dragging in Dev-tools ([#1102](https://github.com/wazuh/wazuh-kibana-app/pull/1102)).
+- Added a new table (network addresses) for agent inventory tab ([#1111](https://github.com/wazuh/wazuh-kibana-app/pull/1111)).
 
 ### Changed
 
@@ -25,6 +26,8 @@ All notable changes to the Wazuh app project will be documented in this file.
 - Added "Registered date" and "Last keep alive" in agents table allowing you to sort by these fields ([#1102](https://github.com/wazuh/wazuh-kibana-app/pull/1102)).
 - Improved code quality in sections such as Ruleset > Rule and Decoder detail view simplify conditions ([#1102](https://github.com/wazuh/wazuh-kibana-app/pull/1102)).
 - Replaced reporting success message ([#1102](https://github.com/wazuh/wazuh-kibana-app/pull/1102)).
+- Reduced the default number of shards and the default number of replicas for the app indices ([#1113](https://github.com/wazuh/wazuh-kibana-app/pull/1113)).
+
 
 ### Fixed
 
@@ -38,12 +41,12 @@ All notable changes to the Wazuh app project will be documented in this file.
 - Fixed Management > Monitoring tab frustration adding back buttons ([#1102](https://github.com/wazuh/wazuh-kibana-app/pull/1102)).
 - Fix template checking when using more than one pattern ([#1104](https://github.com/wazuh/wazuh-kibana-app/pull/1104)).
 
-## Wazuh v3.7.1 - Kibana v6.5.1 / v6.5.2 / v6.5.3 - Revision 415
+## Wazuh v3.7.1 / v3.7.2 - Kibana v6.5.1 / v6.5.2 / v6.5.3 / v6.5.4 - Revision 415
 
 ### Added
 
-- Support for Elastic stack v6.5.2 / v6.5.3.
-- Support for Wazuh v3.7.1.
+- Support for Elastic stack v6.5.2 / v6.5.3 / v6.5.4.
+- Support for Wazuh v3.7.1 / v3.7.2.
 - Dev Tools module now autocompletes API endpoints ([#1030](https://github.com/wazuh/wazuh-kibana-app/pull/1030)).
 
 ### Changed

README.md

@@ -25,17 +25,17 @@ Visualize and analyze Wazuh alerts stored in Elasticsearch using our Kibana app
 
 ## Requisites
 
-- Wazuh HIDS 3.7.1
-- Wazuh RESTful API 3.7.1
-- Kibana 6.5.3
-- Elasticsearch 6.5.3
+- Wazuh HIDS 3.7.2
+- Wazuh RESTful API 3.7.2
+- Kibana 6.5.4
+- Elasticsearch 6.5.4
 
 ## Installation
 
 Install the app
 
 ```
-sudo -u kibana NODE_OPTIONS="--max-old-space-size=3072" /usr/share/kibana/bin/kibana-plugin install https://packages.wazuh.com/wazuhapp/wazuhapp-3.7.1_6.5.3.zip
+sudo -u kibana NODE_OPTIONS="--max-old-space-size=3072" /usr/share/kibana/bin/kibana-plugin install https://packages.wazuh.com/wazuhapp/wazuhapp-3.7.2_6.5.4.zip
 ```
 
 Restart Kibana
@@ -90,7 +90,7 @@ chown -R kibana:kibana /usr/share/kibana/plugins
 Install the app
 
 ```
-sudo -u kibana NODE_OPTIONS="--max-old-space-size=3072" /usr/share/kibana/bin/kibana-plugin install https://packages.wazuh.com/wazuhapp/wazuhapp-3.7.1_6.5.3.zip
+sudo -u kibana NODE_OPTIONS="--max-old-space-size=3072" /usr/share/kibana/bin/kibana-plugin install https://packages.wazuh.com/wazuhapp/wazuhapp-3.7.2_6.5.4.zip
 ```
 
 Restart Kibana
@@ -154,6 +154,8 @@ service kibana restart
 |      6.5.1     |       3.7.1       | /usr/share/kibana/bin/kibana-plugin install <https://packages.wazuh.com/wazuhapp/wazuhapp-3.7.1_6.5.1.zip> |
 |      6.5.2     |       3.7.1       | /usr/share/kibana/bin/kibana-plugin install <https://packages.wazuh.com/wazuhapp/wazuhapp-3.7.1_6.5.2.zip> |
 |      6.5.3     |       3.7.1       | /usr/share/kibana/bin/kibana-plugin install <https://packages.wazuh.com/wazuhapp/wazuhapp-3.7.1_6.5.3.zip> |
+|      6.5.3     |       3.7.2       | /usr/share/kibana/bin/kibana-plugin install <https://packages.wazuh.com/wazuhapp/wazuhapp-3.7.2_6.5.3.zip> |
+|      6.5.4     |       3.7.2       | /usr/share/kibana/bin/kibana-plugin install <https://packages.wazuh.com/wazuhapp/wazuhapp-3.7.2_6.5.4.zip> |
 
 
 ## Contribute

config.yml

@@ -58,9 +58,9 @@
 #
 # Configure .wazuh and .wazuh-version indices shards and replicas.
 #wazuh.shards          : 1
-#wazuh.replicas        : 1
+#wazuh.replicas        : 0
 #wazuh-version.shards  : 1
-#wazuh-version.replicas: 1
+#wazuh-version.replicas: 0
 #
 # --------------------------- Index pattern selector ---------------------------
 #
@@ -92,8 +92,8 @@
 #wazuh.monitoring.frequency: 3600
 #
 # Configure wazuh-monitoring-3.x-* indices shards and replicas.
-#wazuh.monitoring.shards: 5
-#wazuh.monitoring.replicas: 1
+#wazuh.monitoring.shards: 2
+#wazuh.monitoring.replicas: 0
 #
 # Default index pattern to use for Wazuh monitoring
 #wazuh.monitoring.pattern: wazuh-monitoring-3.x-*

package.json

@@ -4,7 +4,7 @@
     "revision": "0416",
     "code": "0416-0",
     "kibana": {
-        "version": "6.5.3"
+        "version": "6.5.4"
     },
     "engines": {
         "node": "8.14.0"

public/controllers/agent/agents.js

@@ -554,7 +554,8 @@ export class AgentsController {
         this.apiReq.request('GET', `/syscollector/${id}/hardware`, {}),
         this.apiReq.request('GET', `/syscollector/${id}/os`, {}),
         this.apiReq.request('GET', `/syscollector/${id}/netiface`, {}),
-        this.apiReq.request('GET', `/syscollector/${id}/ports`, {}),
+        this.apiReq.request('GET', `/syscollector/${id}/ports`, {limit:1}),
+        this.apiReq.request('GET', `/syscollector/${id}/netaddr`, {limit:1}),
         this.apiReq.request('GET', `/syscollector/${id}/packages`, {
           limit: 1,
           select: 'scan_time'
@@ -572,6 +573,7 @@ export class AgentsController {
         osResponse,
         netifaceResponse,
         portsResponse,
+        netaddrResponse,
         packagesDateResponse,
         processesDateResponse
       ] = result;
@@ -599,6 +601,7 @@ export class AgentsController {
             : false,
         netiface: netifaceResponse ? { ...netifaceResponse } : false,
         ports: portsResponse ? { ...portsResponse } : false,
+        netaddr: netaddrResponse ? { ...netaddrResponse } : false,
         packagesDate: ((packagesDate || {}).items || []).length
           ? packagesDate.items[0].scan_time
           : 'Unknown',

public/services/resolves/check-ram.js

@@ -13,13 +13,13 @@ export async function totalRAM(genericReq, errorHandler) {
   try {
     const data = await genericReq.request('GET', '/utils/memory');
     const totalRAM = data.data.ram;
-    if (totalRAM < 3072 && totalRAM > 2048) {
+    if (totalRAM < 1600 && totalRAM > 1024) {
       errorHandler.handle(
         `Kibana server has ${totalRAM}MB of RAM, performance will suffer. Please increase it.`,
         'RAM',
         true
       );
-    } else if (totalRAM <= 2048) {
+    } else if (totalRAM <= 1024) {
       errorHandler.handle(
         `Kibana server has ${totalRAM}MB of RAM, performance will suffer. Please increase it.`,
         'RAM'

public/services/resolves/get-config.js

@@ -28,16 +28,16 @@ export async function getWzConfig($q, genericReq, errorHandler, wazuhConfig) {
     'extensions.osquery': false,
     timeout: 8000,
     'wazuh.shards': 1,
-    'wazuh.replicas': 1,
+    'wazuh.replicas': 0,
     'wazuh-version.shards': 1,
-    'wazuh-version.replicas': 1,
+    'wazuh-version.replicas': 0,
     'ip.selector': true,
     'ip.ignore': [],
     'xpack.rbac.enabled': true,
     'wazuh.monitoring.enabled': true,
     'wazuh.monitoring.frequency': 3600,
-    'wazuh.monitoring.shards': 5,
-    'wazuh.monitoring.replicas': 1,
+    'wazuh.monitoring.shards': 2,
+    'wazuh.monitoring.replicas': 0,
     'wazuh.monitoring.pattern': 'wazuh-monitoring-3.x-*',
     admin: true
   };

public/templates/agents/agents-syscollector.html

@@ -104,6 +104,24 @@
         </md-card>
     </div>
 
+    <div layout="row" class="layout-padding wz-padding-bottom-0" ng-if="syscollectorEnabled && hasSize(syscollector)">
+        <md-card flex class="wz-md-card">
+            <md-card-content class="wz-text-center wz-margin-bottom-40-inv" ng-if="syscollector.netaddr && !syscollector.netaddr.items.length">
+                <i class="fa fa-fw fa-info-circle" aria-hidden="true"></i> <span class="wz-headline-title">No network addresses scan available</span>
+                <md-divider class="wz-margin-top-10"></md-divider>
+                <div layout="column" class="wz-padding-top-10">
+                    <p>The network addresses scan is disabled or not ready yet. Wait a little bit and try refreshing the page.</p>
+                </div>
+            </md-card-content>
+            <md-card-content class="wz-margin-bottom-40-inv" ng-if="syscollector.netaddr && syscollector.netaddr.items.length">
+                <span class="wz-headline-title"><i class="fa fa-fw fa-exchange"></i> Network addresses</span>
+                <md-divider class="wz-margin-top-10"></md-divider>
+                <wz-table flex path="'/syscollector/' + agent.id + '/netaddr'" row-sizes="[4]" keys="['address', 'netmask', 'proto', 'broadcast']">
+                </wz-table>
+            </md-card-content>
+        </md-card>
+    </div>
+
     <div layout="row" class="layout-padding wz-padding-top-0" ng-if="syscollectorEnabled && hasSize(syscollector)">
         <md-card flex class="wz-md-card">
             <md-card-content>

server/initialize.js

@@ -68,7 +68,7 @@ export function Initialize(server) {
   const checkKnownFields = async () => {
     try {
       const usingCredentials = await wzWrapper.usingCredentials();
-      const msg = `x-pack security enabled: ${usingCredentials ? 'yes' : 'no'}`;
+      const msg = `Security enabled: ${usingCredentials ? 'yes' : 'no'}`;
 
       log('[initialize][checkKnownFields]', msg, 'info');
       server.log([blueWazuh, 'initialize', 'info'], msg);
@@ -236,12 +236,7 @@ export function Initialize(server) {
   // Save Wazuh App setup
   const saveConfiguration = async () => {
     try {
-      const shardConfiguration = BuildBody(
-        configurationFile,
-        'wazuh-version',
-        1,
-        1
-      );
+      const shardConfiguration = BuildBody(configurationFile, 'wazuh-version');
 
       await wzWrapper.createWazuhVersionIndex(shardConfiguration);
 
@@ -381,7 +376,7 @@ export function Initialize(server) {
 
       const result = await wzWrapper.checkIfIndexExists('.wazuh');
 
-      const shardConfiguration = BuildBody(configurationFile, 'wazuh', 1, 1);
+      const shardConfiguration = BuildBody(configurationFile, 'wazuh');
 
       if (!result) {
         try {
@@ -436,9 +431,7 @@ export function Initialize(server) {
         await wzWrapper.getWazuhVersionIndex();
         const shardConfiguration = BuildBody(
           configurationFile,
-          'wazuh-version',
-          1,
-          1
+          'wazuh-version'
         );
         await wzWrapper.updateIndexSettings(
           '.wazuh-version',

server/lib/elastic-wrapper.js

@@ -14,6 +14,7 @@ import { monitoringKnownFields } from '../integration-files/monitoring-known-fie
 
 export class ElasticWrapper {
   constructor(server) {
+    this.usingSearchGuard = ((server || {}).plugins || {}).searchguard || false;
     this.elasticRequest = server.plugins.elasticsearch.getCluster('data');
     this.WZ_KIBANA_INDEX =
       ((((server || {}).registrations || {}).kibana || {}).options || {})
@@ -663,6 +664,7 @@ export class ElasticWrapper {
       );
 
       return (
+        this.usingSearchGuard ||
         ((((data || {}).defaults || {}).xpack || {}).security || {}).enabled ==
           'true'
       );

server/lib/replicas-shards-helper.js

@@ -20,8 +20,8 @@
 export function BuildBody(
   file,
   indexName,
-  defaultShards = 5,
-  defaulReplicas = 1
+  defaultShards = 1,
+  defaulReplicas = 0
 ) {
   if (indexName) {
     const shards =

server/monitoring.js

@@ -380,12 +380,12 @@ export class Monitoring {
       const shards =
         typeof (configFile || {})['wazuh.monitoring.shards'] !== 'undefined'
           ? configFile['wazuh.monitoring.shards']
-          : 5;
+          : 2;
 
       const replicas =
         typeof (configFile || {})['wazuh.monitoring.replicas'] !== 'undefined'
           ? configFile['wazuh.monitoring.replicas']
-          : 1;
+          : 0;
 
       const configuration = {
         settings: {
@@ -495,8 +495,7 @@ export class Monitoring {
         const shardConfiguration = BuildBody(
           configurationFile,
           'wazuh.monitoring',
-          5,
-          1
+          2
         );
         await this.wzWrapper.updateIndexSettings(
           this.todayIndex,

util/api-request-list.js

@@ -156,10 +156,6 @@ export const apiRequestList = [
         name: '/cache',
         args: []
       },
-      {
-        name: '/experimental/syscheck',
-        args: []
-      },
       {
         name: '/rootcheck',
         args: []
@@ -430,42 +426,6 @@ export const apiRequestList = [
         name: '/decoders/parents',
         args: []
       },      
-      {
-        name: '/experimental/ciscat/results',
-        args: []
-      },
-      {
-        name: '/experimental/syscollector/hardware',
-        args: []
-      },
-      {
-        name: '/experimental/syscollector/netaddr',
-        args: []
-      },
-      {
-        name: '/experimental/syscollector/netiface',
-        args: []
-      },
-      {
-        name: '/experimental/syscollector/netproto',
-        args: []
-      },
-      {
-        name: '/experimental/syscollector/os',
-        args: []
-      },
-      {
-        name: '/experimental/syscollector/packages',
-        args: []
-      },
-      {
-        name: '/experimental/syscollector/ports',
-        args: []
-      },
-      {
-        name: '/experimental/syscollector/processes',
-        args: []
-      },
       {
         name: '/manager/configuration',
         args: []

util/csv-key-equivalence.js

@@ -61,6 +61,7 @@ export const KeyEquivalenece = {
   proto: 'Protocol',
   address: 'Address',
   protocol: 'Protocol',
+  netmask: 'Netmask',
   'local.ip': 'Local IP',
   'remote.ip': 'Remote IP',
   'local.port': 'Local port',