From 86aae0f741aaab292048779bdbce9694833d1210 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jes=C3=BAs=20=C3=81ngel?= Date: Mon, 10 Jun 2019 16:57:59 +0200 Subject: [PATCH] Revert "Removed getFieldTop logic" This reverts commit d187f914da7a0a12b525382e7def5ff37b3b5b5f. --- public/controllers/agent/agents-preview.js | 37 +++++++++-- public/templates/agents-prev/agents-prev.html | 15 +++++ server/controllers/wazuh-elastic.js | 64 +++++++++++++++++++ server/routes/wazuh-elastic.js | 9 +++ test/server/wazuh-elastic.js | 4 ++ 5 files changed, 124 insertions(+), 5 deletions(-) diff --git a/public/controllers/agent/agents-preview.js b/public/controllers/agent/agents-preview.js index c9639aa8a..44526012b 100644 --- a/public/controllers/agent/agents-preview.js +++ b/public/controllers/agent/agents-preview.js @@ -73,6 +73,10 @@ export class AgentsPreviewController { this.versions = []; this.groups = []; this.nodes = []; + this.mostActiveAgent = { + name: '', + id: '' + }; // Load URL params if (loc && loc.tab) { @@ -151,13 +155,20 @@ export class AgentsPreviewController { const api = JSON.parse(this.appState.getCurrentAPI()).id; const clusterInfo = this.appState.getClusterInfo(); + const firstUrlParam = + clusterInfo.status === 'enabled' ? 'cluster' : 'manager'; + const secondUrlParam = clusterInfo[firstUrlParam]; - const agentsUnique = await this.genericReq.request( - 'GET', - '/api/agents-unique/' + api, - {} - ); + const pattern = this.appState.getCurrentPattern(); + const data = await Promise.all([ + this.genericReq.request('GET', '/api/agents-unique/' + api, {}), + this.genericReq.request( + 'GET', + `/elastic/top/${firstUrlParam}/${secondUrlParam}/agent.name/${pattern}` + ) + ]); + const [agentsUnique, agentsTop] = data; const unique = agentsUnique.data.result; this.searchBarModel = { @@ -193,6 +204,22 @@ export class AgentsPreviewController { this.agentsCountNeverConnected = unique.summary.agentsCountNeverConnected; this.agentsCountTotal = unique.summary.agentsCountTotal; this.agentsCoverity = unique.summary.agentsCoverity; + + if (agentsTop.data.data === '') { + this.mostActiveAgent.name = this.appState.getClusterInfo().manager; + this.mostActiveAgent.id = '000'; + } else { + this.mostActiveAgent.name = agentsTop.data.data; + const info = await this.genericReq.request( + 'GET', + `/elastic/top/${firstUrlParam}/${secondUrlParam}/agent.id/${pattern}` + ); + if (info.data.data === '' && this.mostActiveAgent.name !== '') { + this.mostActiveAgent.id = '000'; + } else { + this.mostActiveAgent.id = info.data.data; + } + } } catch (error) { this.errorInit = this.errorHandler.handle(error, false, false, true); } diff --git a/public/templates/agents-prev/agents-prev.html b/public/templates/agents-prev/agents-prev.html index 0bfa233cd..7198ea7d6 100644 --- a/public/templates/agents-prev/agents-prev.html +++ b/public/templates/agents-prev/agents-prev.html @@ -106,6 +106,21 @@ -

+
+ +
+
+

Most active agent

+
+

+ {{ctrl.mostActiveAgent.name}}

+

+ -

+
+
diff --git a/server/controllers/wazuh-elastic.js b/server/controllers/wazuh-elastic.js index 3469ec3c9..28fafd54b 100644 --- a/server/controllers/wazuh-elastic.js +++ b/server/controllers/wazuh-elastic.js @@ -192,6 +192,70 @@ export class WazuhElasticCtrl { } } + /** + * This get the fields keys + * @param {Object} req + * @param {Object} reply + * @returns {Array} fields or ErrorResponse + */ + async getFieldTop(req, reply) { + try { + // Top field payload + let payload = { + size: 1, + query: { + bool: { + must: [], + must_not: { + term: { + 'agent.id': '000' + } + }, + filter: { range: { timestamp: {} } } + } + }, + aggs: { + '2': { + terms: { + field: '', + size: 1, + order: { _count: 'desc' } + } + } + } + }; + + // Set up time interval, default to Last 24h + const timeGTE = 'now-1d'; + const timeLT = 'now'; + payload.query.bool.filter.range['timestamp']['gte'] = timeGTE; + payload.query.bool.filter.range['timestamp']['lt'] = timeLT; + + // Set up match for default cluster name + payload.query.bool.must.push( + req.params.mode === 'cluster' + ? { match: { 'cluster.name': req.params.cluster } } + : { match: { 'manager.name': req.params.cluster } } + ); + + payload.aggs['2'].terms.field = req.params.field; + payload.pattern = req.params.pattern; + + const data = await this.wzWrapper.searchWazuhAlertsWithPayload(payload); + + return data.hits.total.value === 0 || + typeof data.aggregations['2'].buckets[0] === 'undefined' + ? { statusCode: 200, data: '' } + : { + statusCode: 200, + data: data.aggregations['2'].buckets[0].key + }; + } catch (error) { + log('wazuh-elastic:getFieldTop', error.message || error); + return ErrorResponse(error.message || error, 4004, 500, reply); + } + } + /** * This get the elastic setup settings * @param {Object} req diff --git a/server/routes/wazuh-elastic.js b/server/routes/wazuh-elastic.js index 29341a8a0..1686be967 100644 --- a/server/routes/wazuh-elastic.js +++ b/server/routes/wazuh-elastic.js @@ -66,6 +66,15 @@ export function WazuhElasticRouter(server) { } }); + // Returns the agent with most alerts + server.route({ + method: 'GET', + path: '/elastic/top/{mode}/{cluster}/{field}/{pattern}', + handler(req, res) { + return ctrl.getFieldTop(req, res); + } + }); + // Return Wazuh Appsetup info server.route({ method: 'GET', diff --git a/test/server/wazuh-elastic.js b/test/server/wazuh-elastic.js index 285a5ca65..bcb78b1d8 100644 --- a/test/server/wazuh-elastic.js +++ b/test/server/wazuh-elastic.js @@ -100,6 +100,10 @@ describe('wazuh-elastic', () => { }); }); + /*it('GET /elastic/top/{mode}/{cluster}/{field}/{pattern}', async () => { + throw Error('Test not implemented...') + })*/ + describe('Checking .wazuh-version index', () => { it('GET /elastic/setup', async () => { const res = await needle(