Detailed PCI requirements added

This commit is contained in:
Pedro Sanchez 2017-01-26 07:35:07 -08:00
parent 5bb9b076e8
commit 9a038702b0
8 changed files with 141 additions and 9 deletions

View File

@ -2,9 +2,10 @@
var app = require('ui/modules').get('app/wazuh');
app.controller('testController', function ($compile, appState, $scope, $mdToast, $rootScope, genericReq) {
app.controller('testController', function (appState, $scope, $mdToast, $rootScope, genericReq) {
});

View File

@ -22,8 +22,7 @@ var app = require('ui/modules').get('app/wazuh', [])
}
}]);
require('ui/modules').get('app/wazuh', []).controller('kibanaSearchBar', function ($scope, $route, timefilter, AppState, appState, $location, kbnUrl, $timeout, courier, Private, Promise, savedVisualizations, SavedVis, getAppState, Notifier,$rootScope) {
require('ui/modules').get('app/wazuh', []).controller('kibanaSearchBar', function (genericReq, $compile, $scope, $route, timefilter, AppState, appState, $location, kbnUrl, $timeout, courier, Private, Promise, savedVisualizations, SavedVis, getAppState, Notifier, $rootScope) {
$scope.stateQuery = $scope.disFilter;
@ -32,7 +31,56 @@ require('ui/modules').get('app/wazuh', []).controller('kibanaSearchBar', functio
timefilter.enabled = true;
$scope.displayPCI = function (requirement){
var pciRequirementBox = document.querySelector("#pciRequirementBox");
var pciRequirementBox_ReqTitle = document.querySelector("#pciRequirementBox_ReqTitle");
genericReq.request('GET', '/api/wazuh-api/pci/'+requirement).then(function (data) {
pciRequirementBox_ReqTitle.innerText = requirement;
pciRequirementBox_ReqContent.innerHTML = data.pci.description;
angular.element(pciRequirementBox).show();
});
}
function injectPciIcon(){
// Get all filters on filter bar
var filters = document.querySelectorAll(".filter-bar .filter");
// Analyze each filter
filters.forEach(function(item) {
if(angular.element(item).data('pci') != "1"){
var filterLabel = item.querySelectorAll(".filter-description .ng-scope");
filterLabel.forEach(function(item) {
if(item.innerText == "rule.pci_dss:"){
// Preparing and adding new element to filter actions icons
var pciLink = angular.element('<a class="action" ng-click=\'displayPCI('+item.nextElementSibling.innerText+')\'><img src="/plugins/wazuh/img/icon_pci.png"></a>');
// Append the new element
angular.element(pciLink).appendTo(item.parentNode.nextElementSibling);
// Compile element to enable ng click
$compile(angular.element(item.parentNode.nextElementSibling).contents())($scope);
// Setup min width when adding new icon
angular.element(item.parentNode.parentNode).css("min-width","calc(6*(1.414em + 13px))");
angular.element(item.parentNode.parentNode).attr('data-pci','1');
}
});
}
});
return;
}
// create an observer instance
var observer = new MutationObserver(function(mutations) {
mutations.forEach(function(mutation) {
console.log("watching!");
injectPciIcon();
});
});
var config = { childList: true };
// Set default time
if($route.current.params._g == "()"){
timefilter.time.from = "now-24h";
@ -58,12 +106,14 @@ require('ui/modules').get('app/wazuh', []).controller('kibanaSearchBar', functio
if($rootScope.visCounter == 0){
$timeout(
function() {
$rootScope.$broadcast('fetchVisualization');
var watchFilterBar = document.querySelectorAll(".filter-bar")[0];
observer.observe(watchFilterBar, config);
$rootScope.$broadcast('fetchVisualization');
}, 0);
}
});
// Listen for destroy
$scope.$on('$destroy', visCounterWatch);

BIN
public/img/icon_pci.png Normal file

Binary file not shown.

After

Width:  |  Height:  |  Size: 1.4 KiB

View File

@ -30,4 +30,15 @@
</navbar>
<filter-bar state="$state"></filter-bar>
<div layout="row" layout-align="center stretch" id="pciRequirementBox" style="display: none;">
<md-card flex>
<md-card-content>
<span class="md-headline">
PCI DSS Requirement <span id="pciRequirementBox_ReqTitle"></span>
<span onClick="$('#pciRequirementBox').hide()" style="float: right"><i class="fa fa-times" aria-hidden="true"></i></span>
</span>
<p id="pciRequirementBox_ReqContent"></p>
</md-card-content>
</md-card>
</div>
</div>

View File

@ -39,7 +39,19 @@
</div>
<div layout="row" layout-align="center stretch">
<md-card flex="100">
<md-card flex="45">
<md-card-title>
<md-card-title-text>
<span class="md-headline">Top 5 PCI Controls</span>
</md-card-title-text>
</md-card-title>
<md-card-content>
<kbn-vis vis-height="154px" vis-index-pattern="wazuh-alerts-*" vis-a="(filters:!(),linked:!f,query:(query_string:(analyze_wildcard:!t,query:'*')),uiState:(),vis:(aggs:!((enabled:!t,id:'1',params:(),schema:metric,type:count),(enabled:!t,id:'2',params:(field:rule.pci_dss,order:desc,orderBy:'1',size:5),schema:segment,type:terms)),listeners:(),params:(addLegend:!t,addTooltip:!t,isDonut:!t,shareYAxis:!t),title:'Top pci',type:pie))"
vis-filter="*">
</kbn-vis>
</md-card-content>
</md-card>
<md-card flex="65">
<md-card-content>
<span class="md-headline">Events</span>
<kbn-vis vis-height="120px" vis-index-pattern="wazuh-alerts-*" vis-a="(filters:!(),linked:!f,query:(query_string:(analyze_wildcard:!t,query:'*')),uiState:(vis:(legendOpen:!f)),vis:(aggs:!((enabled:!t,id:'1',params:(),schema:metric,type:count),(enabled:!t,id:'2',params:(customInterval:'2h',extended_bounds:(),field:'@timestamp',interval:'auto',min_doc_count:1),schema:segment,type:date_histogram)),listeners:(),params:(addLegend:!f,addTimeMarker:!f,addTooltip:!t,defaultYExtents:!f,mode:stacked,scale:linear,setYExtents:!f,shareYAxis:!t,times:!(),yAxis:()),title:'Events',type:histogram))"

View File

@ -7,14 +7,24 @@
<md-card flex layout="column">
<md-card-content>
<kbn-vis vis-height="300px" vis-index-pattern="wazuh-alerts-*" vis-a="(filters:!(),linked:!f,query:(query_string:(analyze_wildcard:!t,query:'*')),uiState:(vis:(legendOpen:!f)),vis:(aggs:!((enabled:!t,id:'1',params:(),schema:metric,type:count),(enabled:!t,id:'2',params:(customInterval:'2h',extended_bounds:(),field:'@timestamp',interval:'auto',min_doc_count:1),schema:segment,type:date_histogram)),listeners:(),params:(addLegend:!f,addTimeMarker:!f,addTooltip:!t,defaultYExtents:!f,mode:stacked,scale:linear,setYExtents:!f,shareYAxis:!t,times:!(),yAxis:()),title:'Events',type:histogram))"
vis-filter="*"
>
<kbn-vis vis-height="154px" vis-index-pattern="wazuh-alerts-*" vis-a="(filters:!(),linked:!f,query:(query_string:(analyze_wildcard:!t,query:'*')),uiState:(),vis:(aggs:!((enabled:!t,id:'1',params:(),schema:metric,type:count),(enabled:!t,id:'2',params:(field:rule.pci_dss,order:desc,orderBy:'1',size:5),schema:segment,type:terms)),listeners:(),params:(addLegend:!t,addTooltip:!t,isDonut:!t,shareYAxis:!t),title:'Top pci',type:pie))"
vis-filter="{{agentInfo.name ? 'agent.name:'+agentInfo.name : '*'}}">
</kbn-vis>
</md-card-content>
</md-card>
<md-card flex layout="column">
<md-card-content>
<kbn-vis vis-height="193px" vis-index-pattern="wazuh-alerts-*" vis-a="(filters:!(),linked:!f,query:(query_string:(analyze_wildcard:!t,query:'*')),uiState:(),vis:(aggs:!((enabled:!t,id:'1',params:(),schema:metric,type:count),(enabled:!t,id:'3',params:(field:rule.groups,order:desc,orderBy:'1',size:8),schema:group,type:terms),(enabled:!t,id:'2',params:(customInterval:'2h',extended_bounds:(),field:'@timestamp',interval:'auto',min_doc_count:1),schema:segment,type:date_histogram)),listeners:(),params:(addLegend:!t,addTimeMarker:!f,addTooltip:!t,defaultYExtents:!f,interpolate:linear,mode:stacked,scale:linear,setYExtents:!f,shareYAxis:!t,smoothLines:!f,times:!(),yAxis:()),title:'Signature:%20Area%20Chart',type:area))"
vis-filter="*"
</kbn-vis>
</md-card-content>
</md-card>
</md-content>

View File

@ -1,9 +1,14 @@
module.exports = function (server, options) {
// Require some libraries
const fs = require('fs');
const path = require('path');
// Consts values, versions.
const MIN_VERSION = [2,0,0];
const MAX_VERSION = [3,0,0];
const wazuh_api_version = 'v2.0.0';
// Elastic JS Client
const client = server.plugins.elasticsearch.client;
//Handlers - Generic
@ -93,6 +98,25 @@ module.exports = function (server, options) {
});
};
var getPciRequirement = function (req,reply) {
const pciRequirementsFile = '../scripts/integration_files/pci_requirements.json';
var pciRequirements = {};
try {
pciRequirements = JSON.parse(fs.readFileSync(path.resolve(__dirname, pciRequirementsFile), 'utf8'));
console.log(pciRequirements);
} catch (e) {
server.log([blueWazuh, 'initialize', 'error'], 'Could not read the mapping file.');
server.log([blueWazuh, 'initialize', 'error'], 'Path: ' + pciRequirementsFile);
server.log([blueWazuh, 'initialize', 'error'], 'Exception: ' + e);
};
var pci_description = "";
if(pciRequirements[req.params.requirement])
pci_description = pciRequirements[req.params.requirement];
reply({pci: {requirement: req.params.requirement, description: pci_description}});
};
var getExtensions = function (req,reply) {
client.search({ index: '.kibana', type: 'wazuh-configuration'}).then(
function (data) {
@ -446,6 +470,17 @@ module.exports = function (server, options) {
path: '/api/wazuh-api/extension',
handler: getExtensions
});
/*
* GET /api/wazuh-api/pci/requirement
* Return a PCI requirement description
*
**/
server.route({
method: 'GET',
path: '/api/wazuh-api/pci/{requirement}',
handler: getPciRequirement
});
/*
* POST /api/wazuh/debug

View File

@ -0,0 +1,13 @@
{
"10.2.5" : "Use of and changes to identification and authentication mechanisms—including but not limited to creation of new accounts and elevation of privileges—and all changes, additions, or deletions to accounts with root or administrative privileges.",
"10.2.6" : "Initialization, stopping, or pausing of the audit logs",
"10.2.7" : "Creation and deletion of system level objects",
"10.5.2" : "Protect audit trail files from unauthorized modifications",
"10.5.5" : "Use file integrity monitoring or change-detection software on logs to ensure that existing log data cannot be changed without generating alerts (although new data being added should not cause an alert).",
"10.6.1" : "Review the following at least daily: <br><ul><li>All security events</li><li>Logs of all system components that store, process, or transmit CHD and/or SAD, or that could</li>impact the security of CHD and/or SAD</li><li>Logs of all critical system components</li><li>Logs of all servers and system components that perform security functions (for example, firewalls, intrusion-detection systems/intrusion-prevention systems (IDS/IPS), authentication servers, e-commerce redirection servers, etc.)</li></ul>",
"11.4" : "Use intrusion-detection and/or intrusion-prevention techniques to detect and/or prevent intrusions into the network.<br>Monitor all traffic at the perimeter of the cardholder data environment as well as at critical points in the cardholder data environment, and alert personnel to suspected compromises. Keep all intrusion detection and prevention engines, baselines, and signatures up to date.",
"11.5" : "Deploy a change-detection mechanism (for example, file-integrity monitoring tools) to alert personnel to unauthorized modification of critical system files, configuration files, or content files; and configure the software to perform critical file comparisons at least weekly.",
"2.2" : "Develop configuration standards for all system components. Assure that these standards address all known security vulnerabilities and are consistent with industry-accepted system hardening standards (CIS, ISO, SANS, NIST).",
"2.2.2" : "Enable only necessary services, protocols, daemons, etc., as required for the function of the system. ",
"2.2.4" : "Configure system security parameters to prevent misuse."
}