Detailed PCI requirements added

2024-11-06 09:55:18 +00:00 · 2017-01-26 07:35:07 -08:00 · 2017-01-26 07:35:07 -08:00 · 9a038702b0
commit 9a038702b0
parent 5bb9b076e8
8 changed files with 141 additions and 9 deletions
--- a/public/controllers/testController.js
+++ b/public/controllers/testController.js
@ -2,9 +2,10 @@

 var app = require('ui/modules').get('app/wazuh');

+app.controller('testController', function ($compile, appState, $scope, $mdToast, $rootScope, genericReq) {
+


-app.controller('testController', function (appState, $scope, $mdToast, $rootScope, genericReq) {

 });

--- a/public/directives/kibanaSearchbarDirective.js
+++ b/public/directives/kibanaSearchbarDirective.js
@ -22,8 +22,7 @@ var app = require('ui/modules').get('app/wazuh', [])
    }
  }]);

-require('ui/modules').get('app/wazuh', []).controller('kibanaSearchBar', function ($scope, $route, timefilter, AppState, appState, $location, kbnUrl, $timeout, courier, Private, Promise, savedVisualizations, SavedVis, getAppState, Notifier,$rootScope) {
-
+require('ui/modules').get('app/wazuh', []).controller('kibanaSearchBar', function (genericReq, $compile, $scope, $route, timefilter, AppState, appState, $location, kbnUrl, $timeout, courier, Private, Promise, savedVisualizations, SavedVis, getAppState, Notifier, $rootScope) {

 	$scope.stateQuery = $scope.disFilter;

@ -32,6 +31,55 @@ require('ui/modules').get('app/wazuh', []).controller('kibanaSearchBar', functio
 	timefilter.enabled = true;
 		
 	
+	$scope.displayPCI = function (requirement){
+		var pciRequirementBox = document.querySelector("#pciRequirementBox");
+		var pciRequirementBox_ReqTitle = document.querySelector("#pciRequirementBox_ReqTitle");
+
+		genericReq.request('GET', '/api/wazuh-api/pci/'+requirement).then(function (data) {
+			pciRequirementBox_ReqTitle.innerText = requirement;
+			pciRequirementBox_ReqContent.innerHTML = data.pci.description;
+			angular.element(pciRequirementBox).show();
+		});
+
+	}
+
+	function injectPciIcon(){
+		// Get all filters on filter bar
+		var filters = document.querySelectorAll(".filter-bar .filter");
+		// Analyze each filter
+		filters.forEach(function(item) {
+			if(angular.element(item).data('pci') != "1"){
+				var filterLabel = item.querySelectorAll(".filter-description .ng-scope");
+				filterLabel.forEach(function(item) {	
+					if(item.innerText == "rule.pci_dss:"){
+						// Preparing and adding new element to filter actions icons
+						var pciLink = angular.element('<a class="action" ng-click=\'displayPCI('+item.nextElementSibling.innerText+')\'><img src="/plugins/wazuh/img/icon_pci.png"></a>');
+						// Append the new element
+						angular.element(pciLink).appendTo(item.parentNode.nextElementSibling);
+						// Compile element to enable ng click
+						$compile(angular.element(item.parentNode.nextElementSibling).contents())($scope);
+						// Setup min width when adding new icon
+						angular.element(item.parentNode.parentNode).css("min-width","calc(6*(1.414em + 13px))");
+						angular.element(item.parentNode.parentNode).attr('data-pci','1');
+					}
+				});
+			}
+		});
+		return;
+	}
+
+
+	
+	// create an observer instance
+	var observer = new MutationObserver(function(mutations) {
+	  mutations.forEach(function(mutation) {
+			console.log("watching!");
+			injectPciIcon();
+	  });    
+	});
+
+	var config = { childList: true };
+

 	// Set default time
 	if($route.current.params._g == "()"){
@ -58,6 +106,8 @@ require('ui/modules').get('app/wazuh', []).controller('kibanaSearchBar', functio
 		if($rootScope.visCounter == 0){
 			$timeout(
 			function() {  
+				var watchFilterBar = document.querySelectorAll(".filter-bar")[0];
+				observer.observe(watchFilterBar, config);
 				$rootScope.$broadcast('fetchVisualization'); 
 			}, 0);
 		}
--- a/public/img/icon_pci.png
+++ b/public/img/icon_pci.png
--- a/public/templates/directives/kibana-searchbar-template.html
+++ b/public/templates/directives/kibana-searchbar-template.html
@ -30,4 +30,15 @@
  </navbar>

  <filter-bar state="$state"></filter-bar>
+	<div layout="row" layout-align="center stretch" id="pciRequirementBox" style="display: none;">
+		<md-card flex>
+			<md-card-content>
+				<span class="md-headline">
+					PCI DSS Requirement <span id="pciRequirementBox_ReqTitle"></span>
+					<span onClick="$('#pciRequirementBox').hide()" style="float: right"><i class="fa fa-times" aria-hidden="true"></i></span>
+				</span>
+				<p id="pciRequirementBox_ReqContent"></p>
+			</md-card-content>
+		</md-card>
+	</div>
 </div>
--- a/public/templates/overview-general.html
+++ b/public/templates/overview-general.html
@ -39,7 +39,19 @@
 	</div>

 	<div layout="row" layout-align="center stretch">
-		<md-card flex="100">
+		<md-card flex="45">
+			<md-card-title>
+				<md-card-title-text>
+					<span class="md-headline">Top 5 PCI Controls</span>
+				</md-card-title-text>
+			</md-card-title>
+			<md-card-content>
+				<kbn-vis vis-height="154px" vis-index-pattern="wazuh-alerts-*" vis-a="(filters:!(),linked:!f,query:(query_string:(analyze_wildcard:!t,query:'*')),uiState:(),vis:(aggs:!((enabled:!t,id:'1',params:(),schema:metric,type:count),(enabled:!t,id:'2',params:(field:rule.pci_dss,order:desc,orderBy:'1',size:5),schema:segment,type:terms)),listeners:(),params:(addLegend:!t,addTooltip:!t,isDonut:!t,shareYAxis:!t),title:'Top pci',type:pie))"
+					vis-filter="*">
+				</kbn-vis>
+			</md-card-content>
+		</md-card>
+		<md-card flex="65">
 			<md-card-content>
 				<span class="md-headline">Events</span>
 				<kbn-vis vis-height="120px" vis-index-pattern="wazuh-alerts-*" vis-a="(filters:!(),linked:!f,query:(query_string:(analyze_wildcard:!t,query:'*')),uiState:(vis:(legendOpen:!f)),vis:(aggs:!((enabled:!t,id:'1',params:(),schema:metric,type:count),(enabled:!t,id:'2',params:(customInterval:'2h',extended_bounds:(),field:'@timestamp',interval:'auto',min_doc_count:1),schema:segment,type:date_histogram)),listeners:(),params:(addLegend:!f,addTimeMarker:!f,addTooltip:!t,defaultYExtents:!f,mode:stacked,scale:linear,setYExtents:!f,shareYAxis:!t,times:!(),yAxis:()),title:'Events',type:histogram))"
--- a/public/templates/test.html
+++ b/public/templates/test.html
@ -7,14 +7,24 @@
 	
 		<md-card flex layout="column">
 			<md-card-content>
-				<kbn-vis vis-height="300px" vis-index-pattern="wazuh-alerts-*" vis-a="(filters:!(),linked:!f,query:(query_string:(analyze_wildcard:!t,query:'*')),uiState:(vis:(legendOpen:!f)),vis:(aggs:!((enabled:!t,id:'1',params:(),schema:metric,type:count),(enabled:!t,id:'2',params:(customInterval:'2h',extended_bounds:(),field:'@timestamp',interval:'auto',min_doc_count:1),schema:segment,type:date_histogram)),listeners:(),params:(addLegend:!f,addTimeMarker:!f,addTooltip:!t,defaultYExtents:!f,mode:stacked,scale:linear,setYExtents:!f,shareYAxis:!t,times:!(),yAxis:()),title:'Events',type:histogram))"
-					vis-filter="*"
-					>
+				<kbn-vis vis-height="154px" vis-index-pattern="wazuh-alerts-*" vis-a="(filters:!(),linked:!f,query:(query_string:(analyze_wildcard:!t,query:'*')),uiState:(),vis:(aggs:!((enabled:!t,id:'1',params:(),schema:metric,type:count),(enabled:!t,id:'2',params:(field:rule.pci_dss,order:desc,orderBy:'1',size:5),schema:segment,type:terms)),listeners:(),params:(addLegend:!t,addTooltip:!t,isDonut:!t,shareYAxis:!t),title:'Top pci',type:pie))"
+							vis-filter="{{agentInfo.name ? 'agent.name:'+agentInfo.name : '*'}}">
 						</kbn-vis>

 			</md-card-content>
 		</md-card>

+		<md-card flex layout="column">
+			<md-card-content>
+<kbn-vis vis-height="193px" vis-index-pattern="wazuh-alerts-*" vis-a="(filters:!(),linked:!f,query:(query_string:(analyze_wildcard:!t,query:'*')),uiState:(),vis:(aggs:!((enabled:!t,id:'1',params:(),schema:metric,type:count),(enabled:!t,id:'3',params:(field:rule.groups,order:desc,orderBy:'1',size:8),schema:group,type:terms),(enabled:!t,id:'2',params:(customInterval:'2h',extended_bounds:(),field:'@timestamp',interval:'auto',min_doc_count:1),schema:segment,type:date_histogram)),listeners:(),params:(addLegend:!t,addTimeMarker:!f,addTooltip:!t,defaultYExtents:!f,interpolate:linear,mode:stacked,scale:linear,setYExtents:!f,shareYAxis:!t,smoothLines:!f,times:!(),yAxis:()),title:'Signature:%20Area%20Chart',type:area))"
+				vis-filter="*"
+				</kbn-vis>
+
+			</md-card-content>
+		</md-card>
+
+
+
 </md-content>


--- a/server/routes/wazuh-api.js
+++ b/server/routes/wazuh-api.js
@ -1,9 +1,14 @@
 module.exports = function (server, options) {
+	// Require some libraries
+	const fs = require('fs');
+	const path = require('path');

+	// Consts values, versions.
    const MIN_VERSION = [2,0,0];
    const MAX_VERSION = [3,0,0];
 	const wazuh_api_version = 'v2.0.0';
 	
+	// Elastic JS Client
    const client = server.plugins.elasticsearch.client;

    //Handlers - Generic
@ -93,6 +98,25 @@ module.exports = function (server, options) {
 		});
    };	

+	var getPciRequirement = function (req,reply) {
+
+		const pciRequirementsFile = '../scripts/integration_files/pci_requirements.json';
+		var pciRequirements = {};
+
+		try {
+			pciRequirements = JSON.parse(fs.readFileSync(path.resolve(__dirname, pciRequirementsFile), 'utf8'));
+			console.log(pciRequirements);
+		} catch (e) {
+			server.log([blueWazuh, 'initialize', 'error'], 'Could not read the mapping file.');
+			server.log([blueWazuh, 'initialize', 'error'], 'Path: ' + pciRequirementsFile);
+			server.log([blueWazuh, 'initialize', 'error'], 'Exception: ' + e);
+		};
+		var pci_description = "";
+		if(pciRequirements[req.params.requirement])
+			pci_description = pciRequirements[req.params.requirement];
+		reply({pci: {requirement: req.params.requirement, description: pci_description}});
+    };
+
 	var getExtensions = function (req,reply) {
        client.search({ index: '.kibana', type: 'wazuh-configuration'}).then(
 			function (data) {
@ -447,6 +471,17 @@ module.exports = function (server, options) {
        handler: getExtensions
    });	

+    /* 
+    * GET /api/wazuh-api/pci/requirement
+    * Return a PCI requirement description
+    *
+    **/
+    server.route({
+        method: 'GET',
+        path: '/api/wazuh-api/pci/{requirement}',
+        handler: getPciRequirement
+    });	
+	
 	/*
    * POST /api/wazuh/debug
    * Write in debug log
--- a/server/scripts/integration_files/pci_requirements.json
+++ b/server/scripts/integration_files/pci_requirements.json
@ -0,0 +1,13 @@
+{
+	"10.2.5" : "Use of and changes to identification and authentication mechanisms—including but not limited to creation of new accounts and elevation of privileges—and all changes, additions, or deletions to accounts with root or administrative privileges.",
+	"10.2.6" : "Initialization, stopping, or pausing of the audit logs",
+	"10.2.7" : "Creation and deletion of system level objects",
+	"10.5.2" : "Protect audit trail files from unauthorized modifications",
+	"10.5.5" : "Use file integrity monitoring or change-detection software on logs to ensure that existing log data cannot be changed without generating alerts (although new data being added should not cause an alert).",
+	"10.6.1" : "Review the following at least daily: <br><ul><li>All security events</li><li>Logs of all system components that store, process, or transmit CHD and/or SAD, or that could</li>impact the security of CHD and/or SAD</li><li>Logs of all critical system components</li><li>Logs of all servers and system components that perform security functions (for example, firewalls, intrusion-detection systems/intrusion-prevention systems (IDS/IPS), authentication servers, e-commerce redirection servers, etc.)</li></ul>",
+	"11.4" : "Use intrusion-detection and/or intrusion-prevention techniques to detect and/or prevent intrusions into the network.<br>Monitor all traffic at the perimeter of the cardholder data environment as well as at critical points in the cardholder data environment, and alert personnel to suspected compromises. Keep all intrusion detection and prevention engines, baselines, and signatures up to date.",
+	"11.5" : "Deploy a change-detection mechanism (for example, file-integrity monitoring tools) to alert personnel to unauthorized modification of critical system files, configuration files, or content files; and configure the software to perform critical file comparisons at least weekly.",
+	"2.2" : "Develop configuration standards for all system components. Assure that these standards address all known security vulnerabilities and are consistent with industry-accepted system hardening standards (CIS, ISO, SANS, NIST).",
+	"2.2.2" : "Enable only necessary services, protocols, daemons, etc., as required for the function of the system. ",
+	"2.2.4" : "Configure system security parameters to prevent misuse."
+}