valitydev/wazuh-kibana-app
14
0
Fork 0
mirror of https://github.com/valitydev/wazuh-kibana-app.git synced 2024-11-06 09:55:18 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Rework Vis heights. PCI Tab. Custom VisLeyend tip

Browse Source
This commit is contained in:
Pedro Sanchez 2017-01-30 04:03:17 -08:00
parent e89e1df170
commit 9005b63484
16 changed files with 427 additions and 106 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
public/app.js
View File

@ -54,6 +54,7 @@ require('plugins/wazuh/controllers/agentsFim.js');
require('plugins/wazuh/controllers/agentsPm.js');
require('plugins/wazuh/controllers/agentsOscap.js');
require('plugins/wazuh/controllers/agentsAudit.js');
require('plugins/wazuh/controllers/agentsPci.js');
// Settings
require('plugins/wazuh/controllers/settings.js');

16
public/controllers/agentsPci.js Normal file
View File

@ -0,0 +1,16 @@
// Require config
var app = require('ui/modules').get('app/wazuh', []);
app.controller('PCIController', function ($scope, DataFactory, $mdToast, errlog, appState) {
$scope.defaultManagerName = appState.getDefaultManager().name;
//Print Error
var printError = function (error) {
$mdToast.show({
template: '<md-toast>' + error.html + '</md-toast>',
position: 'bottom left',
hideDelay: 5000,
});
}
});

8
public/controllers/overview.js
View File

@ -36,4 +36,12 @@ app.controller('overviewAuditController', function ($scope, DataFactory, generic
$scope.$parent.state.setOverviewState('audit');
$scope.defaultManager = $scope.$parent.state.getDefaultManager().name;
});
app.controller('overviewPCIController', function ($scope, DataFactory, genericReq, $mdToast, errlog) {
$scope.load = true;
$scope.$parent.state.setOverviewState('pci');
$scope.defaultManager = $scope.$parent.state.getDefaultManager().name;
});

6
public/controllers/settings.js
View File

@ -18,6 +18,7 @@ app.controller('settingsController', function ($scope, $http, testConnection, ap
$scope.extensions = {};
$scope.extensions.oscap = true;
$scope.extensions.audit = true;
$scope.extensions.pci = true;
// Remove API entry
@ -62,6 +63,7 @@ app.controller('settingsController', function ($scope, $http, testConnection, ap
}else{
$scope.extensions.oscap = true;
$scope.extensions.audit = true;
$scope.extensions.pci = true;
}
}
@ -94,7 +96,7 @@ app.controller('settingsController', function ($scope, $http, testConnection, ap
testConnection.test_tmp(tmpData).then(function (data) {
// API Check correct, get Manager name
tmpData.manager = data;
tmpData.extensions = {"oscap": true, "audit": true};
tmpData.extensions = {"oscap": true, "audit": true, "pci": true};
// Insert new API entry
$http.put("/api/wazuh-api/settings", tmpData).success(function (data, status) {
var newEntry = {'_id': data.response._id, _source: { manager: tmpData.manager, active: tmpData.active, url: tmpData.url, api_user: tmpData.user, api_port: tmpData.port } };
@ -124,7 +126,7 @@ app.controller('settingsController', function ($scope, $http, testConnection, ap
// Toggle extension
$scope.toggleExtension = function(extension,state) {
if(extension == "oscap" || extension == "audit"){
if(extension == "oscap" || extension == "audit" || extension == "pci"){
$http.put("/api/wazuh-api/extension/toggle/"+$scope.apiEntries[$scope.currentDefault]._id+"/"+extension+"/"+state).success(function (data, status) {
}).error(function (data, status) {
$mdToast.show($mdToast.simple().textContent("Invalid request when toggle extension state."));

39
public/directives/kibanaSearchbarDirective.js
View File

@ -52,7 +52,7 @@ require('ui/modules').get('app/wazuh', []).controller('kibanaSearchBar', functio
var filter = item.querySelector(".filter-description");
if(filter.children[0].innerText == "rule.pci_dss:"){
// Preparing and adding new element to filter actions icons
var pciLink = angular.element('<a class="action" ng-click=\'displayPCI('+filter.children[1].innerText+')\'><img src="/plugins/wazuh/img/icon_pci.png"></a>');
var pciLink = angular.element('<a class="action" ng-click=\'displayPCI('+filter.children[1].innerText+')\'>PCI</a>');
// Append the new element
angular.element(pciLink).appendTo(filter.nextElementSibling);
// Compile element to enable ng click
@ -61,13 +61,31 @@ require('ui/modules').get('app/wazuh', []).controller('kibanaSearchBar', functio
angular.element(filter.parentNode).css("min-width","calc(6*(1.414em + 13px))");
angular.element(filter.parentNode).attr('data-pci','1');
var cleanRequirement = filter.children[1].innerText.replace(/^"(.*)"$/, '$1');
$scope.displayPCI(cleanRequirement);
}
}
});
return;
}
function injectTipLeyend(){
// Get all leyends from vis
var visBox = document.querySelectorAll('.visBox');
var topPos = 7;
// Analyze each leyend title
visBox.forEach(function(box) {
var leyendLabel = box.querySelectorAll('.legend-value-container');
topPos = 7;
leyendLabel.forEach(function(item) {
var tip = angular.element('<i class="fa fa-question-circle" style="color: rgb(111, 135, 216);clear: both;float: right;position: absolute;right: 0px;top: '+topPos+'px;"></i>');
angular.element(tip).appendTo(item);
topPos = topPos + 19;
});
});
return;
}
// Set default time
if($route.current.params._g == "()"){
timefilter.time.from = "now-24h";
@ -104,22 +122,17 @@ require('ui/modules').get('app/wazuh', []).controller('kibanaSearchBar', functio
$timeout(
function() {
injectPciIcon();
var watchFilterBar = document.querySelectorAll(".filter-bar")[0];
$rootScope.$broadcast('fetchVisualization');
}, 0);
}
});
// create an observer instance
var observer = new MutationObserver(function(mutations) {
mutations.forEach(function(mutation) {
injectPciIcon();
});
});
var config = { childList: true };
$timeout(
function() {
injectTipLeyend();
}, 3000);
// Listen for destroy
$scope.$on('$destroy', visCounterWatch);

8
public/less/main.less
View File

@ -13,7 +13,7 @@ md-input-container > md-select {
span.md-headline {
color: #555;
font-size: 20px;
font-size: 17px;
}
.md-headline-small{
font-size: 18px;
@ -618,7 +618,7 @@ md-content._md.layout-row {
.kibanaVisualizationValue .cell-hover {
color: rgba(0,0,0,0.87);
font-size: 19pt;
font-size: 16pt;
}
.kibanaVisualizationValue .agg-table-paginated .cell-hover:hover {
@ -759,6 +759,10 @@ md-select-menu.md-default-theme md-content md-option:not([disabled]):focus, md-s
.vis-expand-leyend .legend-col-wrapper .legend-ul {
width: 363px;
}
.visBox-alert-level-evolution .legend-col-wrapper .legend-ul{
width: 38px;
}
.metric-vis .metric-value {
font-weight: normal;
}

51
public/templates/agents-overview.html
View File

@ -1,40 +1,6 @@
<md-content ng-if="submenuNavItem == 'overview' && tabView == 'panels'" ng-if="agentInfo">
<kbn-searchbar></kbn-searchbar>
<div ng-controller="agentsOverviewController">
<md-content layout="row">
<md-card flex layout="column">
<md-card-content style="text-align: center;">
<div class="metric-value ng-binding" style="font-size: 14pt;">{{agentInfo.name}}</div>
<div class="ng-binding">Name</div>
</md-card-content>
</md-card>
<md-card flex layout="column">
<md-card-content style="text-align: center;">
<div class="metric-value ng-binding" style="font-size: 14pt;">{{agentInfo.ip}}</div>
<div class="ng-binding">IP Address</div>
</md-card-content>
</md-card>
<md-card flex layout="column">
<md-card-content style="text-align: center;">
<div class="metric-value ng-binding" style="font-size: 14pt;">{{agentInfo.version}}</div>
<div class="ng-binding">Version</div>
</md-card-content>
</md-card>
<md-card flex layout="column">
<md-card-content style="text-align: center;">
<div class="metric-value ng-binding" class="legend-value-title ng-binding legend-value-truncate" tooltip="{{agentInfo.os}}" style="font-size: 14pt;">{{ agentInfo.os | limitTo: 20 }}{{agentInfo.os.length > 20 ? '...' : ''}}</div>
<div class="ng-binding">Operating system</div>
</md-card-content>
</md-card>
<md-card flex layout="column" ng-show="agentInfo.id != '000'">
<md-card-content style="text-align: center;">
<div class="metric-value ng-binding" style="font-size: 14pt;">{{agentInfo.lastKeepAlive}}</div>
<div class="ng-binding">Last keep alive</div>
</md-card-content>
</md-card>
</md-content>
<md-content layout="row">
<md-card flex="33">
<md-card-title>
@ -90,15 +56,16 @@
<md-content layout="row">
<md-card flex="40">
<md-card-title>
<md-card-title-text>
<span class="md-headline">Alerts by level</span>
</md-card-title-text>
</md-card-title>
<md-card-content>
<kbn-vis vis-height="200px" vis-index-pattern="wazuh-alerts-*" vis-a="(filters:!(),linked:!f,query:(query_string:(analyze_wildcard:!t,query:'*')),uiState:(),vis:(aggs:!((enabled:!t,id:'1',params:(),schema:metric,type:count),(enabled:!t,id:'2',params:(field:rule.level,order:desc,orderBy:'1',size:5),schema:segment,type:terms)),listeners:(),params:(addLegend:!t,addTooltip:!t,isDonut:!f,shareYAxis:!t),title:'Top 5',type:pie))"
vis-filter="{{agentInfo.name ? 'agent.name:'+agentInfo.name : '*'}}">
</kbn-vis>
<div layout="column" flex>
<p><b style="margin-right: 5px;">Hostname:</b> {{agentInfo.name ? agentInfo.name : '-'}}</p>
<p ng-if="agentInfo.ip"><b style="margin-right: 5px;">IP address:</b> {{agentInfo.ip ? agentInfo.ip : '-'}}</p>
<p><b style="margin-right: 5px;">Agent version:</b> {{agentInfo.version ? agentInfo.version : '-'}}</p>
<p><b style="margin-right: 5px;">Operating system:</b> {{agentInfo.os ? agentInfo.os : '-'}}</p>
<p ng-show="agentInfo.id != '000'"><b style="margin-right: 5px;">Last keep alive:</b> {{agentInfo.lastKeepAlive ? agentInfo.lastKeepAlive : '-'}}</p>
<p ng-show="agentInfo.id != '000'" ng-click="showKey = !showKey"><b style="margin-right: 5px;">Agent key <i ng-show="!showKey" class="fa fa-caret-down" aria-hidden="true"></i><i ng-show="showKey" class="fa fa-caret-up" aria-hidden="true"></i></b></p>
<pre ng-if="showKey && agentInfo.id != '000'" flex="80">{{agentInfo.key}}</pre>
</div>
</md-card-content>
</md-card>
<md-card flex="60">

155
public/templates/agents-pci.html Normal file
View File

@ -0,0 +1,155 @@
<md-content ng-if="submenuNavItem == 'pci' && tabView == 'panels'" ng-if="_agent">
<div flex ng-controller="PCIController" layout="column">
<md-progress-linear class="md-accent" md-mode="indeterminate" ng-show="load"></md-progress-linear>
<kbn-searchbar></kbn-searchbar>
<md-content layout="row" layout-align="center stretch">
<md-card flex="20" layout="column">
<md-card-content style="text-align: center;">
<kbn-vis vis-height="70px" vis-index-pattern="wazuh-alerts-*" vis-a="(filters:!(),linked:!f,query:(query_string:(analyze_wildcard:!t,query:'*')),uiState:(),vis:(aggs:!((enabled:!t,id:'1',params:(field:oscap.scan.score,customLabel:'Higher score'),schema:metric,type:max)),listeners:(),params:(fontSize:19,handleNoResults:!t),title:'New%20Visualization',type:metric))" vis-filter="agent.name: {{_agent.name}}"></kbn-vis>
</md-card-content>
</md-card>
<md-card flex="20" layout="column">
<md-card-content style="text-align: center;">
<kbn-vis vis-height="70px" vis-index-pattern="wazuh-alerts-*" vis-a="(filters:!(),linked:!f,query:(query_string:(analyze_wildcard:!t,query:'*')),uiState:(),vis:(aggs:!((enabled:!t,id:'1',params:(field:oscap.scan.score,customLabel:'Lower score'),schema:metric,type:min)),listeners:(),params:(fontSize:19,handleNoResults:!t),title:'New%20Visualization',type:metric))" vis-filter="agent.name: {{_agent.name}}">
</kbn-vis>
</md-card-content>
</md-card>
<md-card flex="20" layout="column">
<md-card-content style="text-align: center; margin-top: 6px; ">
<kbn-vis-value style="margin-top: 6px" vis-height="37px" vis-index-pattern="wazuh-alerts-*" vis-a="(filters:!(),linked:!f,query:(query_string:(analyze_wildcard:!t,query:'*')),uiState:(vis:(params:(sort:(columnIndex:!n,direction:!n)))),vis:(aggs:!((enabled:!t,id:'1',params:(field:'@timestamp'),schema:metric,type:max),(enabled:!t,id:'2',params:(field:oscap.scan.score,order:desc,orderBy:'1',size:1),schema:bucket,type:terms)),listeners:(),params:(perPage:1,showMeticsAtAllLevels:!f,showPartialRows:!f,showTotal:!f,sort:(columnIndex:!n,direction:!n),totalFunc:sum),title:'New%20Visualization',type:table))" vis-filter="agent.name: {{_agent.name}}"></kbn-vis-value>
<div class="ng-binding">Last score</div>
</md-card-content>
</md-card>
<md-card flex="40" layout="column">
<md-card-content style="text-align: center;">
<kbn-vis-value vis-height="37px" vis-index-pattern="wazuh-alerts-*" vis-a="(filters:!(),linked:!f,query:(query_string:(analyze_wildcard:!t,query:'*')),uiState:(vis:(params:(sort:(columnIndex:!n,direction:!n)))),vis:(aggs:!((enabled:!t,id:'1',params:(field:'@timestamp'),schema:metric,type:max),(enabled:!t,id:'2',params:(field:oscap.scan.profile.title,order:desc,orderBy:'1',size:1),schema:bucket,type:terms)),listeners:(),params:(perPage:1,showMeticsAtAllLevels:!f,showPartialRows:!f,showTotal:!f,sort:(columnIndex:!n,direction:!n),totalFunc:sum),title:'New%20Visualization',type:table))" vis-filter="oscap.check.result: fail AND rule.groups: oscap AND agent.name: {{_agent.name}}"></kbn-vis-value>
<div class="ng-binding">Last scan profile</div>
</md-card-content>
</md-card>
</md-content>
<md-content layout="row" layout-align="center stretch">
<md-card flex="25">
<md-card-title>
<md-card-title-text>
<span class="md-headline">Scans</span>
</md-card-title-text>
</md-card-title>
<md-card-content>
<kbn-vis vis-height="154px" vis-index-pattern="wazuh-alerts-*" vis-a="(filters:!(),linked:!f,query:(query_string:(analyze_wildcard:!t,query:'*')),uiState:(),vis:(aggs:!((enabled:!t,id:'1',params:(),schema:metric,type:count),(enabled:!t,id:'2',params:(field:oscap.scan.id,order:desc,orderBy:'1',size:5),schema:segment,type:terms)),listeners:(),params:(addLegend:!t,addTooltip:!t,isDonut:!t,legendPosition:right,shareYAxis:!t),title:'OSCAP%20Agents',type:pie))"
vis-filter="agent.name: {{_agent.name}}">
</kbn-vis>
</md-card-content>
</md-card>
<md-card flex="25">
<md-card-title>
<md-card-title-text>
<span class="md-headline">Profiles</span>
</md-card-title-text>
</md-card-title>
<md-card-content>
<kbn-vis vis-height="154px" vis-index-pattern="wazuh-alerts-*" vis-a="(filters:!(),linked:!f,query:(query_string:(analyze_wildcard:!t,query:'*')),uiState:(),vis:(aggs:!((enabled:!t,id:'1',params:(),schema:metric,type:count),(enabled:!t,id:'3',params:(field:oscap.scan.profile.title,order:desc,orderBy:'1',size:5),schema:segment,type:terms)),listeners:(),params:(addLegend:!t,addTooltip:!t,isDonut:!t,legendPosition:right,shareYAxis:!t),title:'OSCAP%20Profiles',type:pie))"
vis-filter="oscap.check.result: fail AND rule.groups:oscap AND NOT rule.groups: syslog AND agent.name: {{_agent.name}}">
</kbn-vis>
</md-card-content>
</md-card>
<md-card flex="25">
<md-card-title>
<md-card-title-text>
<span class="md-headline">Content</span>
</md-card-title-text>
</md-card-title>
<md-card-content>
<kbn-vis vis-height="154px" vis-index-pattern="wazuh-alerts-*" vis-a="(filters:!(),linked:!f,query:(query_string:(analyze_wildcard:!t,query:'*')),uiState:(),vis:(aggs:!((enabled:!t,id:'1',params:(),schema:metric,type:count),(enabled:!t,id:'2',params:(field:oscap.scan.content,order:desc,orderBy:'1',size:5),schema:segment,type:terms)),listeners:(),params:(addLegend:!t,addTooltip:!t,isDonut:!t,legendPosition:right,shareYAxis:!t),title:'OSCAP%20Content',type:pie))"
vis-filter="oscap.check.result: fail AND rule.groups:oscap AND NOT rule.groups: syslog AND agent.name: {{_agent.name}}">
</kbn-vis>
</md-card-content>
</md-card>
<md-card flex="25">
<md-card-title>
<md-card-title-text>
<span class="md-headline">Severity</span>
</md-card-title-text>
</md-card-title>
<md-card-content>
<kbn-vis vis-height="154px" vis-index-pattern="wazuh-alerts-*" vis-a="(filters:!(),linked:!f,query:(query_string:(analyze_wildcard:!t,query:'*')),uiState:(),vis:(aggs:!((enabled:!t,id:'1',params:(),schema:metric,type:count),(enabled:!t,id:'2',params:(field:oscap.check.severity,order:desc,orderBy:'1',size:5),schema:segment,type:terms)),listeners:(),params:(addLegend:!t,addTooltip:!t,isDonut:!t,legendPosition:right,shareYAxis:!t),title:'OSCAP%20Content',type:pie))"
vis-filter="oscap.check.result: fail AND rule.groups:oscap AND NOT rule.groups: syslog AND agent.name: {{_agent.name}}">
</kbn-vis>
</md-card-content>
</md-card>
</md-content>
<md-content layout="row" layout-align="center stretch">
<md-card flex="100">
<md-card-title>
<md-card-title-text>
<span class="md-headline">Daily scans evolution</span>
</md-card-title-text>
</md-card-title>
<md-card-content>
<kbn-vis vis-height="160px" vis-index-pattern="wazuh-alerts-*" vis-a="(filters:!(),linked:!f,query:(query_string:(analyze_wildcard:!t,query:'rule.groups:oscap%20AND%20agent.name:localCentos')),uiState:(vis:(legendOpen:!f)),vis:(aggs:!((enabled:!t,id:'1',params:(),schema:metric,type:count),(enabled:!t,id:'2',params:(customInterval:'2h',customLabel:'Daily scans',extended_bounds:(),field:'@timestamp',interval:d,min_doc_count:1),schema:segment,type:date_histogram)),listeners:(),params:(addLegend:!t,addTimeMarker:!f,addTooltip:!t,defaultYExtents:!f,legendPosition:right,mode:stacked,scale:linear,setYExtents:!f,shareYAxis:!t,times:!(),yAxis:()),title:'New%20Visualization',type:histogram))"
vis-filter="rule.groups: oscap AND oscap.check.result:fail AND agent.name: {{_agent.name}}">
</kbn-vis>
</md-card-content>
</md-card>
</md-content>
<md-content layout="row" layout-align="center stretch">
<md-card flex="50">
<md-card-title>
<md-card-title-text>
<span class="md-headline">Top 10 - Alerts</span>
</md-card-title-text>
</md-card-title>
<md-card-content>
<kbn-vis class="vis-expand-leyend" vis-height="300px" vis-index-pattern="wazuh-alerts-*" vis-a="(filters:!(),linked:!f,query:(query_string:(analyze_wildcard:!t,query:'*')),uiState:(),vis:(aggs:!((enabled:!t,id:'1',params:(),schema:metric,type:count),(enabled:!t,id:'2',params:(field:oscap.check.title,order:desc,orderBy:'1',size:10),schema:segment,type:terms)),listeners:(),params:(addLegend:!t,addTooltip:!t,isDonut:!f,legendPosition:right,shareYAxis:!t),title:'OSCAP%20Top%2020%20failed%20checks',type:pie))"
vis-filter="oscap.check.result: fail AND rule.groups:oscap AND rule.groups: oscap-result AND oscap.check.result:fail AND agent.name: {{_agent.name}}">
</kbn-vis>
</md-card-content>
</md-card>
<md-card flex="50">
<md-card-title>
<md-card-title-text>
<span class="md-headline">Top 10 - High risk alerts</span>
</md-card-title-text>
</md-card-title>
<md-card-content>
<kbn-vis class="vis-expand-leyend" vis-height="300px" vis-index-pattern="wazuh-alerts-*" vis-a="(filters:!(),linked:!f,query:(query_string:(analyze_wildcard:!t,query:'*')),uiState:(),vis:(aggs:!((enabled:!t,id:'1',params:(),schema:metric,type:count),(enabled:!t,id:'2',params:(field:oscap.check.title,order:desc,orderBy:'1',size:10),schema:segment,type:terms)),listeners:(),params:(addLegend:!t,addTooltip:!t,isDonut:!f,legendPosition:right,shareYAxis:!t),title:'OSCAP%20Top%2020%20failed%20checks',type:pie))"
vis-filter="oscap.check.severity: high AND oscap.check.result: fail AND rule.groups:oscap AND rule.groups: oscap-result AND oscap.check.result:fail AND agent.name: {{_agent.name}}">
</kbn-vis>
</md-card-content>
</md-card>
</md-content>
<md-content layout="row" layout-align="center stretch" >
<md-card flex="100" layout="column">
<md-card-content style="text-align: center;">
<kbn-vis-value vis-height="44px" vis-index-pattern="wazuh-alerts-*" vis-a="(filters:!(),linked:!f,query:(query_string:(analyze_wildcard:!t,query:'*')),uiState:(vis:(params:(sort:(columnIndex:!n,direction:!n)))),vis:(aggs:!((enabled:!t,id:'1',params:(),schema:metric,type:count),(enabled:!t,id:'2',params:(field:oscap.check.title,order:desc,orderBy:'1',size:1),schema:bucket,type:terms)),listeners:(),params:(perPage:1,showMeticsAtAllLevels:!f,showPartialRows:!f,showTotal:!f,sort:(columnIndex:!n,direction:!n),totalFunc:sum),title:'New%20Visualization',type:table))" vis-filter="oscap.check.result: fail AND rule.groups:oscap AND agent.name: {{_agent.name}}">
</kbn-vis-value>
<div class="ng-binding">Top alert</div>
</md-card-content>
</md-card>
</md-content>
<md-content layout-align="center stretch">
<md-card flex>
<md-card-title>
<md-card-title-text>
<span class="md-headline">Last alerts</span>
</md-card-title-text>
</md-card-title>
<md-card-content>
<kbn-vis vis-height="450px" vis-index-pattern="wazuh-alerts-*" vis-a="(filters:!(),linked:!f,query:(query_string:(analyze_wildcard:!t,query:'*')),uiState:(vis:(params:(sort:(columnIndex:!n,direction:!n)))),vis:(aggs:!((enabled:!t,id:'1',params:(),schema:metric,type:count),(enabled:!t,id:'2',params:(customLabel:'Agent name',field:agent.name,order:desc,orderBy:'1',size:99999),schema:bucket,type:terms),(enabled:!t,id:'3',params:(customLabel:Title,field:oscap.check.title,order:desc,orderBy:'1',size:999999999),schema:bucket,type:terms),(enabled:!t,id:'4',params:(customLabel:Profile,field:oscap.scan.profile.title,order:desc,orderBy:'1',size:999999999),schema:bucket,type:terms),(enabled:!t,id:'5',params:(customLabel:'Scan ID',field:oscap.scan.id,order:desc,orderBy:'1',size:999999999),schema:bucket,type:terms),(enabled:!t,id:'6',params:(customLabel:Content,field:oscap.scan.content,order:desc,orderBy:'1',size:5),schema:bucket,type:terms)),listeners:(),params:(perPage:10,showMeticsAtAllLevels:!f,showPartialRows:!f,showTotal:!f,sort:(columnIndex:!n,direction:!n),totalFunc:sum),title:'New%20Visualization',type:table))"
vis-filter='oscap.check.result: fail AND rule.groups: oscap AND agent.name: {{_agent.name}}'>
</kbn-vis>
</md-card-content>
</md-card>
</md-content>
</div>
</md-content>

1
public/templates/agents.head
View File

@ -73,6 +73,7 @@
<md-nav-item md-nav-click="submenuNavItem = 'policy_monitoring'" name="policy_monitoring">Policy Monitoring</md-nav-item>
<md-nav-item md-nav-click="submenuNavItem = 'oscap'" name="oscap" ng-show="extensions.oscap">SCAP</md-nav-item>
<md-nav-item md-nav-click="submenuNavItem = 'audit'" name="audit" ng-show="extensions.audit">Audit</md-nav-item>
<md-nav-item md-nav-click="submenuNavItem = 'pci'" name="pci" ng-show="extensions.pci">PCI DSS</md-nav-item>
</md-nav-bar>
</md-content>

1
public/templates/agents.jade
View File

@ -5,6 +5,7 @@ include ./agents-fim.html
include ./agents-pm.html
include ./agents-oscap.html
include ./agents-audit.html
include ./agents-pci.html
include ./tabview-discover.html
include ./tabview-dashboard.html
include ./agents.foot

2
public/templates/directives/kibana-visualization-template.html
View File

@ -57,7 +57,7 @@
<div class="vis-editor-content">
<div class="vis-editor-canvas" flex="auto">
<visualize ng-if="searchSource" vis="vis" ui-state="uiState" search-source="searchSource" >
<visualize ng-if="searchSource" vis="vis" ui-state="uiState" search-source="searchSource" class="visBox">
</visualize>
</div>
</div>

71
public/templates/overview-general.html
View File

@ -3,7 +3,7 @@
<div layout="row" layout-align="center stretch">
<md-card flex layout="column">
<md-card-content>
<kbn-vis vis-height="70px" vis-index-pattern="wazuh-alerts-*" vis-a="(filters:!(),linked:!f,query:(query_string:(analyze_wildcard:!t,query:'*')),uiState:(),vis:(aggs:!((enabled:!t,id:'1',params:(customLabel:'Alerts'),schema:metric,type:count)),listeners:(),params:(fontSize:20,handleNoResults:!t),title:'Metric Alerts',type:metric))"
<kbn-vis vis-height="48px" vis-index-pattern="wazuh-alerts-*" vis-a="(filters:!(),linked:!f,query:(query_string:(analyze_wildcard:!t,query:'*')),uiState:(),vis:(aggs:!((enabled:!t,id:'1',params:(customLabel:'Alerts'),schema:metric,type:count)),listeners:(),params:(fontSize:20,handleNoResults:!t),title:'Metric Alerts',type:metric))"
vis-filter="*">
</kbn-vis>
</md-card-content>
@ -11,7 +11,7 @@
<md-card flex layout="column">
<md-card-content>
<kbn-vis vis-height="70px" vis-index-pattern="wazuh-alerts-*" vis-a="(filters:!(),linked:!f,query:(query_string:(analyze_wildcard:!t,query:'*')),uiState:(),vis:(aggs:!((enabled:!t,id:'1',params:(customLabel:'Level 10 or above alerts'),schema:metric,type:count)),listeners:(),params:(fontSize:20,handleNoResults:!t),title:'Metric Level 10 or above',type:metric))"
<kbn-vis vis-height="48px" vis-index-pattern="wazuh-alerts-*" vis-a="(filters:!(),linked:!f,query:(query_string:(analyze_wildcard:!t,query:'*')),uiState:(),vis:(aggs:!((enabled:!t,id:'1',params:(customLabel:'Level 10 or above alerts'),schema:metric,type:count)),listeners:(),params:(fontSize:20,handleNoResults:!t),title:'Metric Level 10 or above',type:metric))"
vis-filter="rule.level:[10 TO *]"
>
</kbn-vis>
@ -21,7 +21,7 @@
<md-card flex layout="column">
<md-card-content>
<kbn-vis vis-height="70px" vis-index-pattern="wazuh-alerts-*" vis-a="(filters:!(),linked:!f,query:(query_string:(analyze_wildcard:!t,query:'*')),uiState:(),vis:(aggs:!((enabled:!t,id:'1',params:(customLabel:'Authentication failure'),schema:metric,type:count)),listeners:(),params:(fontSize:20,handleNoResults:!t),title:'Metric auth failed',type:metric))"
<kbn-vis vis-height="48px" vis-index-pattern="wazuh-alerts-*" vis-a="(filters:!(),linked:!f,query:(query_string:(analyze_wildcard:!t,query:'*')),uiState:(),vis:(aggs:!((enabled:!t,id:'1',params:(customLabel:'Authentication failure'),schema:metric,type:count)),listeners:(),params:(fontSize:20,handleNoResults:!t),title:'Metric auth failed',type:metric))"
vis-filter="rule.groups: authentication_failed"
>
</kbn-vis>
@ -30,7 +30,7 @@
<md-card flex layout="column">
<md-card-content>
<kbn-vis vis-height="70px" vis-index-pattern="wazuh-alerts-*" vis-a="(filters:!(),linked:!f,query:(query_string:(analyze_wildcard:!t,query:'*')),uiState:(),vis:(aggs:!((enabled:!t,id:'1',params:(customLabel:'Authentication success'),schema:metric,type:count)),listeners:(),params:(fontSize:20,handleNoResults:!t),title:'Metric auth success',type:metric))"
<kbn-vis vis-height="48px" vis-index-pattern="wazuh-alerts-*" vis-a="(filters:!(),linked:!f,query:(query_string:(analyze_wildcard:!t,query:'*')),uiState:(),vis:(aggs:!((enabled:!t,id:'1',params:(customLabel:'Authentication success'),schema:metric,type:count)),listeners:(),params:(fontSize:20,handleNoResults:!t),title:'Metric auth success',type:metric))"
vis-filter="rule.groups: authentication_success"
>
</kbn-vis>
@ -39,47 +39,47 @@
</div>
<div layout="row" layout-align="center stretch">
<md-card flex="45">
<md-card-title>
<md-card-title-text>
<span class="md-headline">Top 5 PCI DSS Requirements</span>
</md-card-title-text>
</md-card-title>
<md-card layout="column" flex="40" class="visBox-alert-level-evolution">
<md-card-content>
<kbn-vis vis-height="154px" vis-index-pattern="wazuh-alerts-*" vis-a="(filters:!(),linked:!f,query:(query_string:(analyze_wildcard:!t,query:'*')),uiState:(),vis:(aggs:!((enabled:!t,id:'1',params:(),schema:metric,type:count),(enabled:!t,id:'2',params:(field:rule.pci_dss,order:desc,orderBy:'1',size:5),schema:segment,type:terms)),listeners:(),params:(addLegend:!t,addTooltip:!t,isDonut:!t,shareYAxis:!t),title:'Top pci',type:pie))"
vis-filter="*">
</kbn-vis>
<span class="md-headline">Alert level evolution</span>
<kbn-vis vis-height="150px" vis-index-pattern="wazuh-alerts-*" vis-a="(filters:!(),linked:!f,query:(query_string:(analyze_wildcard:!t,query:'*')),uiState:(),vis:(aggs:!((enabled:!t,id:'1',params:(),schema:metric,type:count),(enabled:!t,id:'2',params:(customInterval:'1h',extended_bounds:(),field:'@timestamp',interval:'auto',min_doc_count:1),schema:segment,type:date_histogram),(enabled:!t,id:'3',params:(field:rule.level,order:desc,orderBy:'1',size:5),schema:group,type:terms)),listeners:(),params:(addLegend:!t,addTimeMarker:!f,addTooltip:!t,defaultYExtents:!f,drawLinesBetweenPoints:!t,interpolate:linear,radiusRatio:9,scale:linear,setYExtents:!f,shareYAxis:!t,showCircles:!t,smoothLines:!f,times:!(),yAxis:()),title:'Alert level evolution',type:line))"
vis-filter="*"
</kbn-vis>
</md-card-content>
</md-card>
<md-card flex="65">
<md-card flex="60">
<md-card-content>
<span class="md-headline">Events</span>
<kbn-vis vis-height="120px" vis-index-pattern="wazuh-alerts-*" vis-a="(filters:!(),linked:!f,query:(query_string:(analyze_wildcard:!t,query:'*')),uiState:(vis:(legendOpen:!f)),vis:(aggs:!((enabled:!t,id:'1',params:(),schema:metric,type:count),(enabled:!t,id:'2',params:(customInterval:'2h',extended_bounds:(),field:'@timestamp',interval:'auto',min_doc_count:1),schema:segment,type:date_histogram)),listeners:(),params:(addLegend:!f,addTimeMarker:!f,addTooltip:!t,defaultYExtents:!f,mode:stacked,scale:linear,setYExtents:!f,shareYAxis:!t,times:!(),yAxis:()),title:'Events',type:histogram))"
<span class="md-headline">Alerts</span>
<kbn-vis vis-height="150px" vis-index-pattern="wazuh-alerts-*" vis-a="(filters:!(),linked:!f,query:(query_string:(analyze_wildcard:!t,query:'*')),uiState:(vis:(legendOpen:!f)),vis:(aggs:!((enabled:!t,id:'1',params:(),schema:metric,type:count),(enabled:!t,id:'2',params:(customInterval:'2h',extended_bounds:(),field:'@timestamp',interval:'auto',min_doc_count:1),schema:segment,type:date_histogram)),listeners:(),params:(addLegend:!f,addTimeMarker:!f,addTooltip:!t,defaultYExtents:!f,mode:stacked,scale:linear,setYExtents:!f,shareYAxis:!t,times:!(),yAxis:()),title:'Alerts',type:histogram))"
vis-filter="*"
>
</kbn-vis>
</md-card-content>
</md-card>
</div>
<div layout="row" layout-align="center stretch">
<md-card flex="65">
<md-card flex="20">
<md-card-content>
<span class="md-headline">Groups</span>
<kbn-vis vis-height="170px" vis-index-pattern="wazuh-alerts-*" vis-a="(filters:!(),linked:!f,query:(query_string:(analyze_wildcard:!t,query:'*')),uiState:(),vis:(aggs:!((enabled:!t,id:'1',params:(),schema:metric,type:count),(enabled:!t,id:'2',params:(field:rule.groups,order:desc,orderBy:'1',size:5),schema:segment,type:terms)),listeners:(),params:(addLegend:!t,addTooltip:!t,isDonut:!t,shareYAxis:!t),title:'Top groups',type:pie))"
vis-filter="*">
</kbn-vis>
</md-card-content>
</md-card>
<md-card flex="40">
<md-card-content>
<span class="md-headline">Alerts evolution - Top 10 agents</span>
<kbn-vis vis-height="240px" vis-index-pattern="wazuh-alerts-*" vis-a="(filters:!(),linked:!f,query:(query_string:(analyze_wildcard:!t,query:'*')),uiState:(),vis:(aggs:!((enabled:!t,id:'1',params:(),schema:metric,type:count),(enabled:!t,id:'2',params:(customInterval:'2h',extended_bounds:(),field:'@timestamp',interval:auto,min_doc_count:1),schema:segment,type:date_histogram),(enabled:!t,id:'3',params:(field:agent.name,order:desc,orderBy:'1',size:10),schema:group,type:terms)),listeners:(),params:(addLegend:!t,addTimeMarker:!f,addTooltip:!t,defaultYExtents:!f,interpolate:linear,legendPosition:right,mode:overlap,scale:linear,setYExtents:!f,shareYAxis:!t,smoothLines:!t,times:!(),yAxis:()),title:'Agents',type:area))"
<kbn-vis vis-height="193px" vis-index-pattern="wazuh-alerts-*" vis-a="(filters:!(),linked:!f,query:(query_string:(analyze_wildcard:!t,query:'*')),uiState:(),vis:(aggs:!((enabled:!t,id:'1',params:(),schema:metric,type:count),(enabled:!t,id:'2',params:(customInterval:'2h',extended_bounds:(),field:'@timestamp',interval:auto,min_doc_count:1),schema:segment,type:date_histogram),(enabled:!t,id:'3',params:(field:agent.name,order:desc,orderBy:'1',size:10),schema:group,type:terms)),listeners:(),params:(addLegend:!t,addTimeMarker:!f,addTooltip:!t,defaultYExtents:!f,interpolate:linear,legendPosition:right,mode:overlap,scale:linear,setYExtents:!f,shareYAxis:!t,smoothLines:!t,times:!(),yAxis:()),title:'Agents',type:area))"
vis-filter="*"
>
</kbn-vis>
</md-card-content>
</md-card>
<md-card layout="column" flex="45">
<md-card layout="column" flex="40">
<md-card-content>
<span class="md-headline">Agents status</span>
<kbn-vis vis-height="240px" vis-index-pattern="wazuh-monitoring-*" vis-a="(filters:!(),linked:!f,query:(query_string:(analyze_wildcard:!t,query:'*')),uiState:(),vis:(aggs:!((enabled:!t,id:'2',params:(customInterval:'2h',extended_bounds:(),field:'@timestamp',interval:'auto',min_doc_count:1),schema:segment,type:date_histogram),(enabled:!t,id:'3',params:(field:id),schema:metric,type:cardinality),(enabled:!t,id:'4',params:(field:status,order:asc,orderBy:'3',size:5),schema:group,type:terms)),listeners:(),params:(addLegend:!t,addTimeMarker:!f,addTooltip:!t,defaultYExtents:!f,drawLinesBetweenPoints:!t,interpolate:linear,radiusRatio:9,scale:linear,setYExtents:!f,shareYAxis:!t,showCircles:!t,smoothLines:!f,times:!(),yAxis:()),title:'Agents Status',type:line))"
<kbn-vis vis-height="193px" vis-index-pattern="wazuh-monitoring-*" vis-a="(filters:!(),linked:!f,query:(query_string:(analyze_wildcard:!t,query:'*')),uiState:(),vis:(aggs:!((enabled:!t,id:'2',params:(customInterval:'2h',extended_bounds:(),field:'@timestamp',interval:'auto',min_doc_count:1),schema:segment,type:date_histogram),(enabled:!t,id:'3',params:(field:id),schema:metric,type:cardinality),(enabled:!t,id:'4',params:(field:status,order:asc,orderBy:'3',size:5),schema:group,type:terms)),listeners:(),params:(addLegend:!t,addTimeMarker:!f,addTooltip:!t,defaultYExtents:!f,drawLinesBetweenPoints:!t,interpolate:linear,radiusRatio:9,scale:linear,setYExtents:!f,shareYAxis:!t,showCircles:!t,smoothLines:!f,times:!(),yAxis:()),title:'Agents Status',type:line))"
vis-filter="*">
</kbn-vis>
</md-card-content>
@ -114,28 +114,7 @@
</md-card-content>
</md-card>
</div>
<div layout="row" layout-align="center stretch">
<md-card flex="50">
<md-card-content>
<span class="md-headline">Groups</span>
<kbn-vis vis-height="193px" vis-index-pattern="wazuh-alerts-*" vis-a="(filters:!(),linked:!f,query:(query_string:(analyze_wildcard:!t,query:'*')),uiState:(),vis:(aggs:!((enabled:!t,id:'1',params:(),schema:metric,type:count),(enabled:!t,id:'3',params:(field:rule.groups,order:desc,orderBy:'1',size:8),schema:group,type:terms),(enabled:!t,id:'2',params:(customInterval:'2h',extended_bounds:(),field:'@timestamp',interval:'auto',min_doc_count:1),schema:segment,type:date_histogram)),listeners:(),params:(addLegend:!t,addTimeMarker:!f,addTooltip:!t,defaultYExtents:!f,interpolate:linear,mode:stacked,scale:linear,setYExtents:!f,shareYAxis:!t,smoothLines:!f,times:!(),yAxis:()),title:'Signature:%20Area%20Chart',type:area))"
vis-filter="*"
</kbn-vis>
</md-card-content>
</md-card>
<md-card layout="column" flex="50">
<md-card-content>
<span class="md-headline">Alert level evolution</span>
<kbn-vis vis-height="193px" vis-index-pattern="wazuh-alerts-*" vis-a="(filters:!(),linked:!f,query:(query_string:(analyze_wildcard:!t,query:'*')),uiState:(),vis:(aggs:!((enabled:!t,id:'1',params:(),schema:metric,type:count),(enabled:!t,id:'2',params:(customInterval:'1h',extended_bounds:(),field:'@timestamp',interval:'auto',min_doc_count:1),schema:segment,type:date_histogram),(enabled:!t,id:'3',params:(field:rule.level,order:desc,orderBy:'1',size:8),schema:group,type:terms)),listeners:(),params:(addLegend:!t,addTimeMarker:!f,addTooltip:!t,defaultYExtents:!f,drawLinesBetweenPoints:!t,interpolate:linear,radiusRatio:9,scale:linear,setYExtents:!f,shareYAxis:!t,showCircles:!t,smoothLines:!f,times:!(),yAxis:()),title:'Alert level evolution',type:line))"
vis-filter="*"
</kbn-vis>
</md-card-content>
</md-card>
</div>
<div layout="row" layout-align="center stretch">
<md-card flex>
<md-card-title>

159
public/templates/overview-pci.html Normal file
View File

@ -0,0 +1,159 @@
<md-content flex layout="column" ng-if="!load && submenuNavItem == 'pci' && tabView == 'panels'" ng-controller="overviewPCIController" layout-align="space-around">
<kbn-searchbar></kbn-searchbar>
<md-content layout="row" layout-align="center stretch">
<md-card flex="20" layout="column">
<md-card-content style="text-align: center;">
<kbn-vis-value vis-height="37px" vis-index-pattern="wazuh-alerts-*" vis-a="(filters:!(),linked:!f,query:(query_string:(analyze_wildcard:!t,query:'*')),uiState:(vis:(params:(sort:(columnIndex:!n,direction:!n)))),vis:(aggs:!((enabled:!t,id:'1',params:(field:'@timestamp'),schema:metric,type:max),(enabled:!t,id:'2',params:(field:oscap.scan.score,order:desc,orderBy:'1',size:1),schema:bucket,type:terms)),listeners:(),params:(perPage:1,showMeticsAtAllLevels:!f,showPartialRows:!f,showTotal:!f,sort:(columnIndex:!n,direction:!n),totalFunc:sum),title:'New%20Visualization',type:table))" vis-filter="*"></kbn-vis-value>
<div class="ng-binding">Last score</div>
</md-card-content>
</md-card>
<md-card flex="40" layout="column">
<md-card-content style="text-align: center;">
<kbn-vis-value vis-height="37px" vis-index-pattern="wazuh-alerts-*" vis-a="(filters:!(),linked:!f,query:(query_string:(analyze_wildcard:!t,query:'*')),uiState:(vis:(params:(sort:(columnIndex:!n,direction:!n)))),vis:(aggs:!((enabled:!t,id:'1',params:(field:'@timestamp'),schema:metric,type:max),(enabled:!t,id:'2',params:(field:agent.name,order:desc,orderBy:'1',size:1),schema:bucket,type:terms)),listeners:(),params:(perPage:1,showMeticsAtAllLevels:!f,showPartialRows:!f,showTotal:!f,sort:(columnIndex:!n,direction:!n),totalFunc:sum),title:'New%20Visualization',type:table))" vis-filter="oscap.check.result: fail AND rule.groups:oscap"></kbn-vis-value>
<div class="ng-binding">Last agent scanned</div>
</md-card-content>
</md-card>
<md-card flex="40" layout="column">
<md-card-content style="text-align: center;">
<kbn-vis-value vis-height="37px" vis-index-pattern="wazuh-alerts-*" vis-a="(filters:!(),linked:!f,query:(query_string:(analyze_wildcard:!t,query:'*')),uiState:(vis:(params:(sort:(columnIndex:!n,direction:!n)))),vis:(aggs:!((enabled:!t,id:'1',params:(field:'@timestamp'),schema:metric,type:max),(enabled:!t,id:'2',params:(field:oscap.scan.profile.title,order:desc,orderBy:'1',size:1),schema:bucket,type:terms)),listeners:(),params:(perPage:1,showMeticsAtAllLevels:!f,showPartialRows:!f,showTotal:!f,sort:(columnIndex:!n,direction:!n),totalFunc:sum),title:'New%20Visualization',type:table))" vis-filter="oscap.check.result: fail AND rule.groups: oscap "></kbn-vis-value>
<div class="ng-binding">Last scan profile</div>
</md-card-content>
</md-card>
</md-content>
<md-content layout="row" layout-align="center stretch">
<md-card flex="25">
<md-card-title>
<md-card-title-text>
<span class="md-headline">Agents</span>
</md-card-title-text>
</md-card-title>
<md-card-content>
<kbn-vis vis-height="154px" vis-index-pattern="wazuh-alerts-*" vis-a="(filters:!(),linked:!f,query:(query_string:(analyze_wildcard:!t,query:'*')),uiState:(),vis:(aggs:!((enabled:!t,id:'1',params:(),schema:metric,type:count),(enabled:!t,id:'2',params:(field:agent.name,order:desc,orderBy:'1',size:10),schema:segment,type:terms)),listeners:(),params:(addLegend:!t,addTooltip:!t,isDonut:!t,legendPosition:right,shareYAxis:!t),title:'OSCAP%20Agents',type:pie))"
vis-filter="oscap.check.result: fail AND rule.groups: oscap AND NOT rule.groups: syslog ">
</kbn-vis>
</md-card-content>
</md-card>
<md-card flex="25">
<md-card-title>
<md-card-title-text>
<span class="md-headline">Profiles</span>
</md-card-title-text>
</md-card-title>
<md-card-content>
<kbn-vis vis-height="154px" vis-index-pattern="wazuh-alerts-*" vis-a="(filters:!(),linked:!f,query:(query_string:(analyze_wildcard:!t,query:'*')),uiState:(),vis:(aggs:!((enabled:!t,id:'1',params:(),schema:metric,type:count),(enabled:!t,id:'3',params:(field:oscap.scan.profile.title,order:desc,orderBy:'1',size:10),schema:segment,type:terms)),listeners:(),params:(addLegend:!t,addTooltip:!t,isDonut:!t,legendPosition:right,shareYAxis:!t),title:'OSCAP%20Profiles',type:pie))"
vis-filter="oscap.check.result: fail AND rule.groups:oscap AND NOT rule.groups: syslog">
</kbn-vis>
</md-card-content>
</md-card>
<md-card flex="25">
<md-card-title>
<md-card-title-text>
<span class="md-headline">Content</span>
</md-card-title-text>
</md-card-title>
<md-card-content>
<kbn-vis vis-height="154px" vis-index-pattern="wazuh-alerts-*" vis-a="(filters:!(),linked:!f,query:(query_string:(analyze_wildcard:!t,query:'*')),uiState:(),vis:(aggs:!((enabled:!t,id:'1',params:(),schema:metric,type:count),(enabled:!t,id:'2',params:(field:oscap.scan.content,order:desc,orderBy:'1',size:10),schema:segment,type:terms)),listeners:(),params:(addLegend:!t,addTooltip:!t,isDonut:!t,legendPosition:right,shareYAxis:!t),title:'OSCAP%20Content',type:pie))"
vis-filter="oscap.check.result: fail AND rule.groups:oscap AND NOT rule.groups: syslog">
</kbn-vis>
</md-card-content>
</md-card>
<md-card flex="25">
<md-card-title>
<md-card-title-text>
<span class="md-headline">Severity</span>
</md-card-title-text>
</md-card-title>
<md-card-content>
<kbn-vis vis-height="154px" vis-index-pattern="wazuh-alerts-*" vis-a="(filters:!(),linked:!f,query:(query_string:(analyze_wildcard:!t,query:'*')),uiState:(),vis:(aggs:!((enabled:!t,id:'1',params:(),schema:metric,type:count),(enabled:!t,id:'2',params:(field:oscap.check.severity,order:desc,orderBy:'1',size:10),schema:segment,type:terms)),listeners:(),params:(addLegend:!t,addTooltip:!t,isDonut:!t,legendPosition:right,shareYAxis:!t),title:'OSCAP%20Content',type:pie))"
vis-filter="oscap.check.result: fail AND rule.groups:oscap AND NOT rule.groups: syslog">
</kbn-vis>
</md-card-content>
</md-card>
</md-content>
<md-content layout="row" layout-align="center stretch">
<md-card flex="100">
<md-card-title>
<md-card-title-text>
<span class="md-headline">Top 5 Agents - Alerts severity high</span>
</md-card-title-text>
</md-card-title>
<md-card-content>
<kbn-vis vis-height="154px" vis-index-pattern="wazuh-alerts-*" vis-a="(filters:!(),linked:!f,query:(query_string:(analyze_wildcard:!t,query:'*')),uiState:(vis:(legendOpen:!f)),vis:(aggs:!((enabled:!t,id:'1',params:(),schema:metric,type:count),(enabled:!t,id:'2',params:(field:agent.name,order:desc,orderBy:'1',size:5),schema:segment,type:terms)),listeners:(),params:(addLegend:!t,addTimeMarker:!f,addTooltip:!t,defaultYExtents:!f,legendPosition:right,mode:stacked,scale:linear,setYExtents:!f,shareYAxis:!t,times:!(),yAxis:()),title:'New%20Visualization',type:histogram))"
vis-filter="rule.groups: oscap AND oscap.check.severity: high">
</kbn-vis>
</md-card-content>
</md-card>
</md-content>
<md-content layout="row" layout-align="center stretch">
<md-card flex="50">
<md-card-title>
<md-card-title-text>
<span class="md-headline">Top 10 - Alerts</span>
</md-card-title-text>
</md-card-title>
<md-card-content>
<kbn-vis class="vis-expand-leyend" vis-height="300px" vis-index-pattern="wazuh-alerts-*" vis-a="(filters:!(),linked:!f,query:(query_string:(analyze_wildcard:!t,query:'*')),uiState:(),vis:(aggs:!((enabled:!t,id:'1',params:(),schema:metric,type:count),(enabled:!t,id:'2',params:(field:oscap.check.title,order:desc,orderBy:'1',size:10),schema:segment,type:terms)),listeners:(),params:(addLegend:!t,addTooltip:!t,isDonut:!f,legendPosition:right,shareYAxis:!t),title:'OSCAP%20Top%2020%20failed%20checks',type:pie))"
vis-filter="oscap.check.result: fail AND rule.groups:oscap AND rule.groups: oscap-result AND oscap.check.result:fail">
</kbn-vis>
</md-card-content>
</md-card>
<md-card flex="50">
<md-card-title>
<md-card-title-text>
<span class="md-headline">Top 10 - High risk alerts</span>
</md-card-title-text>
</md-card-title>
<md-card-content>
<kbn-vis class="vis-expand-leyend" vis-height="300px" vis-index-pattern="wazuh-alerts-*" vis-a="(filters:!(),linked:!f,query:(query_string:(analyze_wildcard:!t,query:'*')),uiState:(),vis:(aggs:!((enabled:!t,id:'1',params:(),schema:metric,type:count),(enabled:!t,id:'2',params:(field:oscap.check.title,order:desc,orderBy:'1',size:10),schema:segment,type:terms)),listeners:(),params:(addLegend:!t,addTooltip:!t,isDonut:!f,legendPosition:right,shareYAxis:!t),title:'OSCAP%20Top%2020%20failed%20checks',type:pie))"
vis-filter="oscap.check.severity: high AND oscap.check.result: fail AND rule.groups:oscap AND rule.groups: oscap-result AND oscap.check.result:fail">
</kbn-vis>
</md-card-content>
</md-card>
</md-content>
<md-content layout="row" layout-align="center stretch" >
<md-card flex="20" layout="column">
<md-card-content style="text-align: center;">
<kbn-vis vis-height="70px" vis-index-pattern="wazuh-alerts-*" vis-a="(filters:!(),linked:!f,query:(query_string:(analyze_wildcard:!t,query:'*')),uiState:(),vis:(aggs:!((enabled:!t,id:'1',params:(field:oscap.scan.score,customLabel:'Higher score'),schema:metric,type:max)),listeners:(),params:(fontSize:20,handleNoResults:!t),title:'New%20Visualization',type:metric))" vis-filter="*"></kbn-vis>
</md-card-content>
</md-card>
<md-card flex="20" layout="column">
<md-card-content style="text-align: center;">
<kbn-vis vis-height="70px" vis-index-pattern="wazuh-alerts-*" vis-a="(filters:!(),linked:!f,query:(query_string:(analyze_wildcard:!t,query:'*')),uiState:(),vis:(aggs:!((enabled:!t,id:'1',params:(field:oscap.scan.score,customLabel:'Lower score'),schema:metric,type:min)),listeners:(),params:(fontSize:20,handleNoResults:!t),title:'New%20Visualization',type:metric))" vis-filter="*"></kbn-vis>
</md-card-content>
</md-card>
<md-card flex="60" layout="column">
<md-card-content style="text-align: center;">
<kbn-vis-value vis-height="44px" vis-index-pattern="wazuh-alerts-*" vis-a="(filters:!(),linked:!f,query:(query_string:(analyze_wildcard:!t,query:'*')),uiState:(vis:(params:(sort:(columnIndex:!n,direction:!n)))),vis:(aggs:!((enabled:!t,id:'1',params:(field:'@timestamp'),schema:metric,type:max),(enabled:!t,id:'2',params:(field:oscap.check.title,order:desc,orderBy:'1',size:1),schema:bucket,type:terms)),listeners:(),params:(perPage:1,showMeticsAtAllLevels:!f,showPartialRows:!f,showTotal:!f,sort:(columnIndex:!n,direction:!n),totalFunc:sum),title:'New%20Visualization',type:table))" vis-filter="oscap.check.result: fail AND rule.groups:oscap"></kbn-vis-value>
<div class="ng-binding">Latest alert</div>
</md-card-content>
</md-card>
</md-content>
<md-content layout-align="center stretch">
<md-card flex>
<md-card-title>
<md-card-title-text>
<span class="md-headline">Last alerts</span>
</md-card-title-text>
</md-card-title>
<md-card-content>
<kbn-vis vis-height="450px" vis-index-pattern="wazuh-alerts-*" vis-a="(filters:!(),linked:!f,query:(query_string:(analyze_wildcard:!t,query:'*')),uiState:(vis:(params:(sort:(columnIndex:!n,direction:!n)))),vis:(aggs:!((enabled:!t,id:'1',params:(),schema:metric,type:count),(enabled:!t,id:'2',params:(customLabel:'Agent name',field:agent.name,order:desc,orderBy:'1',size:99999),schema:bucket,type:terms),(enabled:!t,id:'3',params:(customLabel:Title,field:oscap.check.title,order:desc,orderBy:'1',size:999999999),schema:bucket,type:terms),(enabled:!t,id:'4',params:(customLabel:Profile,field:oscap.scan.profile.title,order:desc,orderBy:'1',size:999999999),schema:bucket,type:terms),(enabled:!t,id:'5',params:(customLabel:'Scan ID',field:oscap.scan.id,order:desc,orderBy:'1',size:999999999),schema:bucket,type:terms),(enabled:!t,id:'6',params:(customLabel:Content,field:oscap.scan.content,order:desc,orderBy:'1',size:5),schema:bucket,type:terms)),listeners:(),params:(perPage:10,showMeticsAtAllLevels:!f,showPartialRows:!f,showTotal:!f,sort:(columnIndex:!n,direction:!n),totalFunc:sum),title:'New%20Visualization',type:table))"
vis-filter='oscap.check.result: fail AND rule.groups: oscap'>
</kbn-vis>
</md-card-content>
</md-card>
</md-content>
</md-content>

1
public/templates/overview.head
View File

@ -27,6 +27,7 @@
<md-nav-item md-nav-click="submenuNavItem = 'pm'" name="pm">Policy monitoring</md-nav-item>
<md-nav-item md-nav-click="submenuNavItem = 'oscap'" name="oscap" ng-show="extensions.oscap">SCAP</md-nav-item>
<md-nav-item md-nav-click="submenuNavItem = 'audit'" name="audit" ng-show="extensions.audit">Audit</md-nav-item>
<md-nav-item md-nav-click="submenuNavItem = 'pci'" name="pci" ng-show="extensions.pci">PCI DSS</md-nav-item>
</md-nav-bar>
</md-content>

1
public/templates/overview.jade
View File

@ -4,6 +4,7 @@ include ./overview-fim.html
include ./overview-pm.html
include ./overview-oscap.html
include ./overview-audit.html
include ./overview-pci.html
include ./tabview-discover.html
include ./tabview-dashboard.html
include ./footer.foot

13
public/templates/settings.html
View File

@ -78,6 +78,19 @@
<h1><i class="fa fa-cog ng-scope" aria-hidden="true" style="font-size: 25px;"></i> Wazuh App: Extensions</h1>
<p flex>Enable or disable extensions according to your needs. The extension includes: Panels, discover and dashboards, for agents / overview.</p>
<div>
<span layout="row" layout-align="space-between center" style="font-weight: bold">
PCI DSS
</span>
<span>
The Payment Card Industry Data Security Standard (PCI DSS) is a proprietary information security standard for organizations that handle branded credit cards from the major card schemes including Visa, MasterCard, American Express, Discover, and JCB. The PCI Standard is mandated by the card brands and administered by the Payment Card Industry Security Standards Council. The standard was created to increase controls around cardholder data to reduce credit card fraud.
</span>
<span>
<md-switch flex ng-model="extensions.pci" aria-label="extensionsPci" ng-change="toggleExtension('pci',extensions.pci)"></md-switch>
</span>
<md-divider></md-divider>
</div>
<div>
<span layout="row" layout-align="space-between center" style="font-weight: bold">