+
+
+
+
+
+
-
-
-
-
-
-
-
-
- Global
-
-
- JSON output
- {{managerConfiguration.global.jsonout_output}}
-
-
- Log all
- {{managerConfiguration.global.logall}}
-
-
-
- Log all in JSON
- {{managerConfiguration.global.logall_json}}
-
-
-
- White list
- {{ managerConfiguration.global.white_list.length
- <=5 ? managerConfiguration.global.white_list : managerConfiguration.global.white_list.length }}
-
-
- Stats
- {{ managerConfiguration.global.stats }}
-
-
-
- Host information
- {{ managerConfiguration.global.host_infomation }}
-
-
-
- Log alert level
- {{ managerConfiguration.alerts.log_alert_level }}
-
-
-
- E-mail notifications
- {{ managerConfiguration.global.email_notification }}
-
-
-
- E-mail alert level
- {{ managerConfiguration.global.email_alert_level }}
-
-
-
- E-mail to
- {{ managerConfiguration.global.email_to }}
-
-
-
- E-mail from
- {{ managerConfiguration.global.email_from }}
-
-
-
- SMTP server
- {{ managerConfiguration.global.smtp_server }}
-
-
-
- Max email per hour
- {{ managerConfiguration.global.email_maxperhour }}
-
-
- E-mail IDS name
- {{ managerConfiguration.global.email_idsname }}
-
-
-
-
-
-
-
-
-
-
-
-
-
- E-mail alerts
-
-
- Email to
- {{ managerConfiguration.email_alerts.email_to }}
-
-
-
- Alert level
- {{ managerConfiguration.email_alerts.level }}
-
-
-
- Group
- {{ managerConfiguration.email_alerts.group }}
-
-
-
- Event location
- {{ managerConfiguration.email_alerts.event_location }}
-
-
-
- Format
- {{ managerConfiguration.email_alerts.format }}
-
-
-
- Rule ID
- {{ managerConfiguration.email_alerts.rule_id }}
-
-
-
- Do not delay
- {{ managerConfiguration.email_alerts.do_not_delay }}
-
-
-
- Do not group
- {{ managerConfiguration.email_alerts.do_not_group }}
-
-
-
-
-
-
-
-
-
-
-
-
- Remote
-
-
-
- Connection
- {{item.connection}}
-
-
- Port
- {{item.port}}
-
-
- Protocol
- {{item.protocol}}
-
-
-
-
-
-
-
-
-
-
-
-
-
- Cluster
-
-
- Name
- {{managerConfiguration.cluster.name}}
-
-
- Interval
- {{managerConfiguration.cluster.interval}}
-
-
- Node name
- {{managerConfiguration.cluster.node_name}}
-
-
- Bind address
- {{managerConfiguration.cluster.bind_addr}}
-
-
- Node type
- {{managerConfiguration.cluster.node_type}}
-
-
- Nodes
- {{managerConfiguration.cluster.nodes}}
-
-
- Port
- {{managerConfiguration.cluster.port}}
-
-
-
-
-
-
-
-
-
-
-
- Syscheck
-
-
- Syscheck disabled
- {{managerConfiguration.syscheck.disabled}}
-
-
- Frequency
- {{managerConfiguration.syscheck.frequency}}
-
-
- Scan time
- {{managerConfiguration.syscheck.scan_time}}
-
-
- Scan day
- {{managerConfiguration.syscheck.scan_day}}
-
-
- Auto ignore
- {{managerConfiguration.syscheck.auto_ignore}}
-
-
- Alert new files
- {{managerConfiguration.syscheck.alert_new_files}}
-
-
- Scan on start
- {{managerConfiguration.syscheck.scan_on_start}}
-
-
- No diff
- {{managerConfiguration.syscheck.nodiff}}
-
-
- Skip NFS
- {{managerConfiguration.syscheck.skip_nfs}}
-
-
-
- Monitoring directories
-
-
-
- Path
- {{item.path}}
-
-
- Check all
- {{item.check_all}}
-
-
-
-
-
-
-
-
-
-
-
-
- Rootcheck
-
-
- Rootcheck disabled
- {{managerConfiguration.rootcheck.disabled}}
-
-
- Rootkit files
- {{managerConfiguration.rootcheck.rootkit_files}}
-
-
- Rootkit trojans
- {{managerConfiguration.rootcheck.rootkit_trojans}}
-
-
- Base directory
- {{managerConfiguration.rootcheck.base_directory}}
-
-
- Scan all
- {{managerConfiguration.rootcheck.scanall}}
-
-
- Frequency
- {{managerConfiguration.rootcheck.frequency}}
-
-
- Skip NFS
- {{managerConfiguration.rootcheck.skip_nfs}}
-
-
-
- System audit files
-
-
-
-
-
-
-
-
-
-
-
-
- Auth
-
-
- Disabled
- {{managerConfiguration.auth.disabled}}
-
-
- Purge
- {{managerConfiguration.auth.purge}}
-
-
- Force insert
- {{managerConfiguration.auth.force_insert}}
-
-
- SSL verify host
- {{managerConfiguration.auth.ssl_verify_host}}
-
-
- Limit max agents
- {{managerConfiguration.auth.limit_maxagents}}
-
-
- Force time
- {{managerConfiguration.auth.force_time}}
-
-
- SSL manager key
- {{managerConfiguration.auth.ssl_manager_key}}
-
-
- SSL manager cert
- {{managerConfiguration.auth.ssl_manager_cert}}
-
-
- Use source ip
- {{managerConfiguration.auth.use_source_ip}}
-
-
- Use password
- {{managerConfiguration.auth.use_password}}
-
-
- Port
- {{managerConfiguration.auth.port}}
-
-
- SSL auto negotiate
- {{managerConfiguration.auth.ssl_auto_negotiate}}
-
-
- Ciphers
- {{managerConfiguration.auth.ciphers}}
-
-
-
-
-
-
-
-
-
-
-
-
- Logcollector
-
-
-
-
- Location
- {{item.location}}
-
-
- Command
- {{item.command}}
-
-
- Log format
- {{item.log_format}}
-
-
- Frequency
- {{item.frequency}}
-
-
- Alias
- {{item.alias}}
-
-
- Check diff
- {{item.check_diff}}
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- Command
-
-
-
-
-
- Name
- {{ item.name }}
-
-
-
- Expect
- {{ item.expect }}
-
-
-
- Executable
- {{ item.executable }}
-
-
-
- Timeout allowed
- {{ item.timeout_allowed}}
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- Ruleset
-
-
-
Decoder directories
-
-
Decoder excludes
-
-
Decoder files
-
-
Rules directories
-
-
Rules files
-
-
Rule excludes
-
-
-
Path
- {{ managerConfiguration.ruleset.rule_exclude }}
-
-
-
CDB lists
-
-
-
Path
- {{ managerConfiguration.ruleset.list }}
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- Active response
-
-
-
-
Command
- {{item.command}}
-
-
Location
- {{item.location}}
-
-
Agent ID(s)
- {{item.agent_id}}
-
-
- Level {{item.level}}
-
-
- Timeout {{item.timeout}}
-
-
- Rules ID(s) {{item.rules_id}}
-
-
- Repeated offenders {{item.repeated_offenders}}
-
-
-
-
-
-
-
-
-
+
+
+ Global
+ Click to see more details
+
+
+
+
+
JSON output
+
{{managerConfiguration.global.jsonout_output}}
+
+
+
Log alert level
+
{{managerConfiguration.alerts.log_alert_level}}
+
+
+
+
+
+
+
+ Cluster
+ Click to see more details
+
+
+
+
+
Name
+
{{managerConfiguration.cluster.name}}
+
+
Node type
+
{{managerConfiguration.cluster.node_type}}
+
+
+
+
+
+
+
+
+ Syscheck
+ Click to see more details
+
+
+
+
+
Frequency
+
{{managerConfiguration.syscheck.frequency}}
+
+
Alert new files
+
{{managerConfiguration.syscheck.alert_new_files}}
+
+
+
+
+
+
+
+
+ Rootcheck
+ Click to see more details
+
+
+
+
+
Frequency
+
{{managerConfiguration.rootcheck.frequency}}
+
+
Skip NFS
+
{{managerConfiguration.rootcheck.skip_nfs}}
+
+
+
+
+
+
+
+
+ Logcollector
+ Click to see more details
+
+
+ Logcollector settings
+
+
+
+
+
+
+
+
+
+ E-mail alerts
+ Click to see more details
+
+
+
+
+
Email to
+
{{managerConfiguration.email_alerts.email_to}}
+
+
Alert level
+
{{managerConfiguration.email_alerts.alert_level}}
+
+
+
+
+
+
+
+
+ Auth
+ Click to see more details
+
+
+
+
+
Purge
+
{{managerConfiguration.auth.purge}}
+
+
Force insert
+
{{managerConfiguration.auth.force_insert}}
+
+
+
+
+
+
+
+
+ Ruleset
+ Click to see more details
+
+
+ Ruleset settings
+
+
+
+
+
+
+
+
+
+ Command
+ Click to see more details
+
+
+ Command settings
+
+
+
+
+
+
+
+
+
+ Active response
+ Click to see more details
+
+
+ Active response settings
+
+
+
+
+
+
+
+
+
+ Remote
+ Click to see more details
+
+
+ Agents events listening settings
+
+
+
+
+
+
+
+
+
+ Global
+
+
+
+
JSON output
+
{{managerConfiguration.global.jsonout_output}}
+
+
Log all
+
{{managerConfiguration.global.logall}}
+
+
Log all in JSON
+
{{managerConfiguration.global.logall_json}}
+
+
White list
+
{{managerConfiguration.global.white_list.length
+ <= 5 ? managerConfiguration.global.white_list : managerConfiguration.global.white_list.length}}
+
+
Stats
+
{{managerConfiguration.global.stats}}
+
+
Host information
+
{{managerConfiguration.global.host_infomation}}
+
+
Log alert level
+
{{managerConfiguration.alerts.log_alert_level}}
+
+
E-mail notifications
+
{{managerConfiguration.global.email_notification}}
+
+
E-mail alert level
+
{{ managerConfiguration.alerts.email_alert_level }}
+
+
E-mail to
+
{{managerConfiguration.global.email_to}}
+
+
E-mail from
+
{{managerConfiguration.global.email_from}}
+
+
SMTP server
+
{{managerConfiguration.global.smtp_server}}
+
+
Max email per hour
+
{{managerConfiguration.global.email_maxperhour}}
+
+
E-mail IDS name
+
{{managerConfiguration.global.email_idsname}}
+
+
+
+
+
+
+
+ Cluster
+
+
+
+
Disabled
+
{{managerConfiguration.cluster.disabled}}
+
+
Hidden
+
{{managerConfiguration.cluster.hidden}}
+
+
Name
+
{{managerConfiguration.cluster.name}}
+
+
Interval
+
{{managerConfiguration.cluster.interval}}
+
+
Node name
+
{{managerConfiguration.cluster.node_name}}
+
+
Node type
+
{{managerConfiguration.cluster.node_type}}
+
+
Port
+
{{managerConfiguration.cluster.port}}
+
+
Bind address
+
{{managerConfiguration.cluster.bind_addr}}
+
+
Nodes
+
{{managerConfiguration.cluster.nodes}}
+
+
+
+
+
+
+
+ Syscheck
+
+
+
+
Disabled
+
{{managerConfiguration.syscheck.disabled}}
+
+
Frequency
+
{{managerConfiguration.syscheck.frequency}}
+
+
Scan time
+
{{managerConfiguration.syscheck.scan_time}}
+
+
Scan day
+
{{managerConfiguration.syscheck.scan_day}}
+
+
Auto ignore
+
{{managerConfiguration.syscheck.auto_ignore}}
+
+
Alert new files
+
{{managerConfiguration.syscheck.alert_new_files}}
+
+
Scan on start
+
{{managerConfiguration.syscheck.scan_on_start}}
+
+
No diff
+
{{managerConfiguration.syscheck.nodiff}}
+
+
Skip NFS
+
{{managerConfiguration.syscheck.skip_nfs}}
+
Monitoring directories
+
+
+
+
+
+
Check all
+
{{item.check_all}}
+
+
+
+
+
+
+
+
+
+ Rootcheck
+
+
+
+
Disabled
+
{{managerConfiguration.rootcheck.disabled}}
+
+
Rootkit files
+
{{managerConfiguration.rootcheck.rootkit_files}}
+
+
Rootkit trojans
+
{{managerConfiguration.rootcheck.rootkit_trojans}}
+
+
Base directory
+
{{managerConfiguration.rootcheck.base_directory}}
+
+
Scan all
+
{{managerConfiguration.rootcheck.scanall}}
+
+
Frequency
+
{{managerConfiguration.rootcheck.frequency}}
+
+
Skip NFS
+
{{managerConfiguration.rootcheck.skip_nfs}}
+
System audit files
+
+
+
+
+
+
+
+
+
+
+
+ Ruleset
+
+
+ Decoder directories
+
+
+
+ Decoder excludes
+
+
+
+ Decoder files
+
+
+
+ Rules directories
+
+
+
+ Rules files
+
+
+
+ Rule excludes
+
+
+
Path
+
{{managerConfiguration.ruleset.rule_exclude}}
+
CDB Lists
+
+
+
Path
+
{{managerConfiguration.ruleset.list}}
+
+
+
+
+
+
+
+ Logcollector
+
+
+
+
+
Location
+
{{item.location}}
+
+
+
Command
+
{{item.command}}
+
+
+
Log format
+
{{item.log_format}}
+
+
+
Frequency
+
{{item.frequency}}
+
+
+
Alias
+
{{item.alias}}
+
+
+
Check diff
+
{{item.check_diff}}
+
+
+
+
+
+
+
+
+
+ E-mail alerts
+
+
+
+
Email to
+
{{managerConfiguration.email_alerts.email_to}}
+
+
Alert level
+
{{managerConfiguration.email_alerts.alert_level}}
+
+
Group
+
{{managerConfiguration.email_alerts.group}}
+
+
Event location
+
{{managerConfiguration.email_alerts.event_location}}
+
+
Format
+
{{managerConfiguration.email_alerts.format}}
+
+
Rule ID
+
{{managerConfiguration.email_alerts.rule_id}}
+
+
Do not delay
+
{{managerConfiguration.email_alerts.do_not_delay}}
+
+
Do not group
+
{{managerConfiguration.email_alerts.do_not_group}}
+
+
+
+
+
+
+
+ Auth
+
+
+
+
Disabled
+
{{managerConfiguration.auth.disabled}}
+
+
Purge
+
{{managerConfiguration.auth.purge}}
+
+
Force insert
+
{{managerConfiguration.auth.force_insert}}
+
+
SSL verify host
+
{{managerConfiguration.auth.ssl_verify_host}}
+
+
Limit max agents
+
{{managerConfiguration.auth.limit_maxagents}}
+
+
Force time
+
{{managerConfiguration.auth.force_time}}
+
+
SSL manager key
+
{{managerConfiguration.auth.ssl_manager_key}}
+
+
SSL manager cert
+
{{managerConfiguration.auth.ssl_manager_cert}}
+
+
Use source IP
+
{{managerConfiguration.auth.use_source_ip}}
+
+
Use password
+
{{managerConfiguration.auth.use_password}}
+
+
Port
+
{{managerConfiguration.auth.port}}
+
+
SSL auto negotiate
+
{{managerConfiguration.auth.ssl_auto_negotiate}}
+
+
Ciphers
+
{{managerConfiguration.auth.ciphers}}
+
+
+
+
+
+
+
+ Command
+
+
+
+
+
+
Expect
+
{{item.expect}}
+
+
+
Executable
+
{{item.executable}}
+
+
+
Timeout allowed
+
{{item.timeout_allowed}}
+
+
+
+
+
+
+
+
+
+ Active response
+
+
+
+
+
Command
+
{{item.command}}
+
+
+
Location
+
{{item.location}}
+
+
+
Agent ID(s)
+
{{item.agent_id}}
+
+
+
Level
+
{{item.level}}
+
+
+
Timeout
+
{{item.timeout}}
+
+
+
Rules ID(s)
+
{{item.rules_id}}
+
+
+
Repeated offenders
+
{{item.repeated_offenders}}
+
+
+
+
+
+
+
+
+
+ Remote
+
+
+
+
+
Connection
+
{{item.connection}}
+
+
+
+
Protocol
+
{{item.protocol}}
+
+
+
+
+
+
+
diff --git a/server/integration-files/app-objects-file-alerts.json b/server/integration-files/app-objects-file-alerts.json
index aa46a87fd..e908fadf7 100644
--- a/server/integration-files/app-objects-file-alerts.json
+++ b/server/integration-files/app-objects-file-alerts.json
@@ -189,35 +189,33 @@
},
{
"_id": "Wazuh-App-Overview-General-Alerts-summary",
+ "_type": "visualization",
"_source": {
- "title": "Wazuh App Overview General Alerts summary",
- "visState":
- "{\"title\":\"Wazuh App Overview General Alerts Summary Table\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"rule.id\",\"size\":999999,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Rule ID\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"rule.description\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Description\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"rule.level\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Level\"}}]}",
- "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}",
- "description": "",
- "version": 1,
+ "title": "Wazuh App Overview General Alerts summary",
+ "visState": "{\"title\":\"Wazuh App Overview General Alerts summary\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"rule.id\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Rule ID\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"rule.description\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":1,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Description\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"rule.level\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":1,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Level\"}}]}",
+ "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}",
+ "description": "",
+ "version": 1,
"kibanaSavedObjectMeta": {
- "searchSourceJSON":
+ "searchSourceJSON":
"{\"index\":\"wazuh-alerts\",\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"
}
- },
- "_type": "visualization"
+ }
},
{
"_id": "Wazuh-App-Overview-General-Groups-summary",
+ "_type": "visualization",
"_source": {
- "title": "Wazuh App Overview General Groups summary",
- "visState":
- "{\"title\":\"Wazuh App Overview General Groups Summary Table\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"rule.groups\",\"size\":99999,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Group\"}}]}",
- "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}",
- "description": "",
- "version": 1,
+ "title": "Wazuh App Overview General Groups summary",
+ "visState": "{\"title\":\"Wazuh App Overview General Groups summary\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"rule.groups\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Group\"}}]}",
+ "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}",
+ "description": "",
+ "version": 1,
"kibanaSavedObjectMeta": {
- "searchSourceJSON":
+ "searchSourceJSON":
"{\"index\":\"wazuh-alerts\",\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"
}
- },
- "_type": "visualization"
+ }
},
{
"_id": "Wazuh-App-Overview-FIM-Added",
@@ -469,35 +467,33 @@
},
{
"_id": "Wazuh-App-Overview-FIM-Events-summary",
+ "_type": "visualization",
"_source": {
- "title": "Wazuh App Overview FIM Events summary",
- "visState":
- "{\"title\":\"Wazuh App Overview FIM Events summary\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"agent.name\",\"size\":9999999,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Agent\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"syscheck.path\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"File\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"syscheck.event\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Event\"}},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"rule.description\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Description\"}}]}",
- "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}",
- "description": "",
- "version": 1,
+ "title": "Wazuh App Overview FIM Events summary",
+ "visState": "{\"title\":\"Wazuh App Overview FIM Events summary\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"agent.name\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Agent\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"syscheck.path\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"File\"}},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"rule.description\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Description\"}}]}",
+ "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":3,\"direction\":\"desc\"}}}}",
+ "description": "",
+ "version": 1,
"kibanaSavedObjectMeta": {
- "searchSourceJSON":
+ "searchSourceJSON":
"{\"index\":\"wazuh-alerts\",\"filter\":[],\"query\":{\"query\":\"rule.groups: syscheck\",\"language\":\"lucene\"}}"
}
- },
- "_type": "visualization"
+ }
},
{
"_id": "Wazuh-App-Overview-PM-Events-over-time",
+ "_type": "visualization",
"_source": {
- "title": "Wazuh App Overview PM Events over time",
- "visState":
- "{\"params\": {\"scale\": \"linear\", \"yAxis\": {}, \"smoothLines\": true, \"addTimeMarker\": false, \"interpolate\": \"linear\", \"addLegend\": true, \"shareYAxis\": true, \"mode\": \"overlap\", \"defaultYExtents\": false, \"setYExtents\": false, \"addTooltip\": true, \"times\": []}, \"listeners\": {}, \"type\": \"area\", \"aggs\": [{\"type\": \"count\", \"enabled\": true, \"id\": \"1\", \"params\": {}, \"schema\": \"metric\"}, {\"type\": \"terms\", \"enabled\": true, \"id\": \"2\", \"params\": {\"orderBy\": \"1\", \"field\": \"rule.description\", \"order\": \"desc\", \"size\": 100}, \"schema\": \"group\"}, {\"type\": \"date_histogram\", \"enabled\": true, \"id\": \"3\", \"params\": {\"customInterval\": \"2h\", \"field\": \"@timestamp\", \"interval\": \"auto\", \"extended_bounds\": {}, \"min_doc_count\": 1}, \"schema\": \"segment\"}], \"title\": \"PM Alerts over time\"}",
- "uiStateJSON": "{}",
- "description": "",
- "version": 1,
+ "title": "Wazuh App Overview PM Events over time",
+ "visState": "{\"title\":\"Wazuh App Overview PM Events over time\",\"type\":\"area\",\"params\":{\"scale\":\"linear\",\"yAxis\":{},\"smoothLines\":true,\"addTimeMarker\":false,\"interpolate\":\"linear\",\"addLegend\":true,\"shareYAxis\":true,\"mode\":\"overlap\",\"defaultYExtents\":false,\"setYExtents\":false,\"addTooltip\":true,\"times\":[],\"type\":\"area\",\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\",\"setYExtents\":false,\"defaultYExtents\":false},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":\"true\",\"type\":\"area\",\"mode\":\"normal\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"interpolate\":\"cardinal\",\"valueAxis\":\"ValueAxis-1\"}],\"legendPosition\":\"right\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"rule.description\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"customInterval\":\"2h\",\"min_doc_count\":1,\"extended_bounds\":{}}}]}",
+ "uiStateJSON": "{}",
+ "description": "",
+ "version": 1,
"kibanaSavedObjectMeta": {
- "searchSourceJSON":
+ "searchSourceJSON":
"{\"index\":\"wazuh-alerts\",\"filter\":[],\"query\":{\"query\":\"rule.groups:\\\"rootcheck\\\"\",\"language\":\"lucene\"}}"
}
- },
- "_type": "visualization"
+ }
},
{
"_id": "Wazuh-App-Overview-PM-Top-5-CIS-requirements",
@@ -540,26 +536,26 @@
"description": "",
"version": 1,
"kibanaSavedObjectMeta": {
- "searchSourceJSON": "{\"index\":\"wazuh-alerts\",\"filter\":[],\"query\":{\"query\":\"rule.groups:\\\"rootcheck\\\"\",\"language\":\"lucene\"}}"
+ "searchSourceJSON":
+ "{\"index\":\"wazuh-alerts\",\"filter\":[],\"query\":{\"query\":\"rule.groups:\\\"rootcheck\\\"\",\"language\":\"lucene\"}}"
}
},
"_type": "visualization"
},
{
"_id": "Wazuh-App-Overview-PM-Alerts-summary",
+ "_type": "visualization",
"_source": {
- "title": "Wazuh App Overview PM Alerts summary",
- "visState":
- "{\"title\":\"Wazuh App PM Alerts summary\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showMeticsAtAllLevels\":false,\"showPartialRows\":false,\"showTotal\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"agent.name\",\"size\":9999999,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Agent\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"rule.description\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Description\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"data.title\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Control\"}}]}",
- "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}",
- "description": "",
- "version": 1,
+ "title": "Wazuh App Overview PM Alerts summary",
+ "visState": "{\"title\":\"Wazuh App Overview PM Alerts summary\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showMeticsAtAllLevels\":false,\"showPartialRows\":false,\"showTotal\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"agent.name\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Agent\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"rule.description\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Description\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"data.title\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Control\"}}]}",
+ "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}",
+ "description": "",
+ "version": 1,
"kibanaSavedObjectMeta": {
- "searchSourceJSON":
+ "searchSourceJSON":
"{\"index\":\"wazuh-alerts\",\"filter\":[],\"query\":{\"language\":\"lucene\",\"query\":\"rule.groups:\\\"rootcheck\\\"\"}}"
}
- },
- "_type": "visualization"
+ }
},
{
"_id": "Wazuh-App-Overview-OSCAP-Last-score",
@@ -767,19 +763,18 @@
},
{
"_id": "Wazuh-App-Overview-OSCAP-Last-alerts",
+ "_type": "visualization",
"_source": {
- "title": "Wazuh App Overview OSCAP Last alerts",
- "visState":
- "{\"title\":\"Wazuh App Overview OSCAP Last alerts\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"agent.name\",\"size\":999999,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Agent\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"data.oscap.check.title\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Title\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"data.oscap.scan.profile.title\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Profile\"}},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"data.oscap.scan.id\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Scan ID\"}},{\"id\":\"6\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"data.oscap.scan.content\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Content\"}}]}",
- "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}",
- "description": "",
- "version": 1,
+ "title": "Wazuh App Overview OSCAP Last alerts",
+ "visState": "{\"title\":\"Wazuh App Overview OSCAP Last alerts\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"agent.name\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":40,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Agent\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"data.oscap.check.title\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Title\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"data.oscap.scan.profile.title\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Profile\"}},{\"id\":\"6\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"data.oscap.scan.content\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Content\"}}]}",
+ "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}",
+ "description": "",
+ "version": 1,
"kibanaSavedObjectMeta": {
- "searchSourceJSON":
- "{\"index\":\"wazuh-alerts\",\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"
+ "searchSourceJSON":
+ "{\"index\":\"wazuh-alerts\",\"filter\":[],\"query\":{\"query\":\"rule.groups: oscap\",\"language\":\"lucene\"}}"
}
- },
- "_type": "visualization"
+ }
},
{
"_id": "Wazuh-App-Overview-Audit-New-files",
@@ -1007,23 +1002,25 @@
"description": "",
"version": 1,
"kibanaSavedObjectMeta": {
- "searchSourceJSON": "{\"index\":\"wazuh-alerts\",\"filter\":[],\"query\":{\"query\":\"rule.groups: audit AND rule.id: 80791\",\"language\":\"lucene\"}}"
+ "searchSourceJSON":
+ "{\"index\":\"wazuh-alerts\",\"filter\":[],\"query\":{\"query\":\"rule.groups: audit AND rule.id: 80791\",\"language\":\"lucene\"}}"
}
}
},
{
"_id": "Wazuh-App-Overview-Audit-Last-alerts",
+ "_type": "visualization",
"_source": {
- "title": "Wazuh App Overview Audit Last alerts",
- "visState": "{\"title\":\"Wazuh App Overview Audit Last alerts\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"agent.name\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":999999,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Agent\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"rule.description\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":1000,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Event\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"data.audit.exe\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Command\"}}]}",
- "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}",
- "description": "",
- "version": 1,
- "kibanaSavedObjectMeta": {
- "searchSourceJSON": "{\"index\":\"wazuh-alerts\",\"filter\":[],\"query\":{\"query\":\"rule.groups: audit\",\"language\":\"lucene\"}}"
- }
- },
- "_type": "visualization"
+ "title": "Wazuh App Overview Audit Last alerts",
+ "visState": "{\"title\":\"Wazuh App Overview Audit Last alerts\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"agent.name\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Agent\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"rule.description\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Event\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"data.audit.exe\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Command\"}}]}",
+ "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}",
+ "description": "",
+ "version": 1,
+ "kibanaSavedObjectMeta": {
+ "searchSourceJSON":
+ "{\"index\":\"wazuh-alerts\",\"filter\":[],\"query\":{\"query\":\"rule.groups: audit\",\"language\":\"lucene\"}}"
+ }
+ }
},
{
"_id": "Wazuh-App-Overview-PCI-DSS-Requirements-heatmap",
@@ -1103,19 +1100,18 @@
},
{
"_id": "Wazuh-App-Overview-PCI-DSS-Last-alerts",
+ "_type": "visualization",
"_source": {
- "title": "Wazuh App Overview PCI DSS Last alerts",
- "visState":
- "{\"title\":\"Wazuh App Overview PCI DSS Last Alerts\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"agent.name\",\"size\":999999,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Agent name\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"rule.pci_dss\",\"size\":999999,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Requirement\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"rule.description\",\"size\":999999,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Rule description\"}}]}",
- "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}",
- "description": "",
- "version": 1,
+ "title": "Wazuh App Overview PCI DSS Last alerts",
+ "visState": "{\"title\":\"Wazuh App Overview PCI DSS Last alerts\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"agent.name\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Agent name\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"rule.pci_dss\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Requirement\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"rule.description\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Rule description\"}}]}",
+ "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":3,\"direction\":\"desc\"}}}}",
+ "description": "",
+ "version": 1,
"kibanaSavedObjectMeta": {
- "searchSourceJSON":
+ "searchSourceJSON":
"{\"index\":\"wazuh-alerts\",\"filter\":[],\"query\":{\"query\":\"_exists_:rule.pci_dss\",\"language\":\"lucene\"}}"
}
- },
- "_type": "visualization"
+ }
},
{
"_id": "Wazuh-App-Manager-Ruleset-Rules-Top-24h-Groups",
@@ -1275,35 +1271,33 @@
},
{
"_id": "Wazuh-App-Agents-Overview-Alerts-summary",
+ "_type": "visualization",
"_source": {
- "title": "Wazuh App Agents Overview Alerts summary",
- "visState":
- "{\"title\":\"Wazuh App Agents Overview Alerts summary\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"rule.id\",\"size\":999999,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Rule ID\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"rule.description\",\"size\":1,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Description\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"rule.level\",\"size\":1,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Level\"}}]}",
- "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}",
- "description": "",
- "version": 1,
+ "title": "Wazuh App Agents Overview Alerts summary",
+ "visState": "{\"title\":\"Wazuh App Agents Overview Alerts summary\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"rule.id\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Rule ID\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"rule.description\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":1,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Description\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"rule.level\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":1,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Level\"}}]}",
+ "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}",
+ "description": "",
+ "version": 1,
"kibanaSavedObjectMeta": {
- "searchSourceJSON":
+ "searchSourceJSON":
"{\"index\":\"wazuh-alerts\",\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"
}
- },
- "_type": "visualization"
+ }
},
{
"_id": "Wazuh-App-Agents-Overview-Groups-summary",
+ "_type": "visualization",
"_source": {
- "title": "Wazuh App Agents Overview Groups summary",
- "visState":
- "{\"title\":\"Wazuh App Agents Overview Groups summary\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"rule.groups\",\"size\":999999,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Group\"}}]}",
- "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}",
- "description": "",
- "version": 1,
+ "title": "Wazuh App Agents Overview Groups summary",
+ "visState": "{\"title\":\"Wazuh App Agents Overview Groups summary\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"rule.groups\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Group\"}}]}",
+ "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}",
+ "description": "",
+ "version": 1,
"kibanaSavedObjectMeta": {
- "searchSourceJSON":
+ "searchSourceJSON":
"{\"index\":\"wazuh-alerts\",\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"
}
- },
- "_type": "visualization"
+ }
},
{
"_id": "Wazuh-App-Agents-FIM-Users",
@@ -1419,19 +1413,18 @@
},
{
"_id": "Wazuh-App-Agents-FIM-Alerts-summary",
+ "_type": "visualization",
"_source": {
- "title": "Wazuh App Agents FIM Alerts summary",
- "visState":
- "{\"title\":\"Wazuh App Agents FIM Alerts summary\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"agent.name\",\"size\":999999,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Agent\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"syscheck.path\",\"size\":999999,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"File\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"syscheck.event\",\"size\":999999,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Event\"}},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"rule.description\",\"size\":999999,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Description\"}}]}",
- "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}",
- "description": "",
- "version": 1,
+ "title": "Wazuh App Agents FIM Alerts summary",
+ "visState": "{\"title\":\"Wazuh App Agents FIM Alerts summary\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"syscheck.path\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"File\"}},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"rule.description\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Description\"}}]}",
+ "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}",
+ "description": "",
+ "version": 1,
"kibanaSavedObjectMeta": {
- "searchSourceJSON":
+ "searchSourceJSON":
"{\"index\":\"wazuh-alerts\",\"filter\":[],\"query\":{\"query\":\"rule.groups: syscheck\",\"language\":\"lucene\"}}"
}
- },
- "_type": "visualization"
+ }
},
{
"_id": "Wazuh-App-Agents-PM-Alerts-over-time",
@@ -1483,19 +1476,18 @@
},
{
"_id": "Wazuh-App-Agents-PM-Alerts-summary",
+ "_type": "visualization",
"_source": {
- "title": "Wazuh App Agents PM Alerts summary",
- "visState":
- "{\"title\":\"Wazuh App Agents PM Alerts summary\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"agent.name\",\"size\":999999,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Agent name\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"rule.description\",\"size\":999999,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Rule description\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"data.title\",\"size\":999999,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Control\"}}]}",
- "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}",
- "description": "",
- "version": 1,
+ "title": "Wazuh App Agents PM Alerts summary",
+ "visState": "{\"title\":\"Wazuh App Agents PM Alerts summary\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"rule.description\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Rule description\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"data.title\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Control\"}}]}",
+ "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}",
+ "description": "",
+ "version": 1,
"kibanaSavedObjectMeta": {
- "searchSourceJSON":
+ "searchSourceJSON":
"{\"index\":\"wazuh-alerts\",\"filter\":[],\"query\":{\"query\":\"rule.groups: rootcheck\",\"language\":\"lucene\"}}"
}
- },
- "_type": "visualization"
+ }
},
{
"_id": "Wazuh-App-Agents-OSCAP-Higher-score-metric",
@@ -1691,19 +1683,18 @@
},
{
"_id": "Wazuh-App-Agents-OSCAP-Last-alerts",
+ "_type": "visualization",
"_source": {
- "title": "Wazuh App Agents OSCAP Last alerts",
- "visState":
- "{\"title\":\"Wazuh App Agents OSCAP Last alerts\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"agent.name\",\"size\":999999,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Agent name\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"data.oscap.check.title\",\"size\":999999,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Title\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"data.oscap.scan.profile.title\",\"size\":999999,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Profile\"}},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"data.oscap.scan.id\",\"size\":999999,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Scan ID\"}},{\"id\":\"6\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"data.oscap.scan.content\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Content\"}}]}",
- "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}",
- "description": "",
- "version": 1,
+ "title": "Wazuh App Agents OSCAP Last alerts",
+ "visState": "{\"title\":\"Wazuh App Agents OSCAP Last alerts\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":1,\"direction\":\"asc\"},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"data.oscap.check.title\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Title\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"data.oscap.scan.profile.title\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Profile\"}},{\"id\":\"6\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"data.oscap.scan.content\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Content\"}}]}",
+ "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":4,\"direction\":\"desc\"}}}}",
+ "description": "",
+ "version": 1,
"kibanaSavedObjectMeta": {
- "searchSourceJSON":
- "{\"index\":\"wazuh-alerts\",\"filter\":[],\"query\":{\"query\":\"data.oscap.check.result: fail AND rule.groups: oscap\",\"language\":\"lucene\"}}"
+ "searchSourceJSON":
+ "{\"index\":\"wazuh-alerts\",\"filter\":[],\"query\":{\"query\":\"rule.groups: oscap\",\"language\":\"lucene\"}}"
}
- },
- "_type": "visualization"
+ }
},
{
"_id": "Wazuh-App-Agents-Audit-New-files-metric",
@@ -1929,17 +1920,18 @@
},
{
"_id": "Wazuh-App-Agents-Audit-Last-alerts",
+ "_type": "visualization",
"_source": {
- "title": "Wazuh App Agents Audit Last alerts",
- "visState": "{\"title\":\"Wazuh App Agents Audit Last alerts\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"agent.name\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":999999,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Agent name\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"rule.description\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":1000,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Event\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"data.audit.exe\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Command\"}}]}",
- "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}",
- "description": "",
- "version": 1,
- "kibanaSavedObjectMeta": {
- "searchSourceJSON": "{\"index\":\"wazuh-alerts\",\"filter\":[],\"query\":{\"query\":\"rule.groups: audit\",\"language\":\"lucene\"}}"
- }
- },
- "_type": "visualization"
+ "title": "Wazuh App Agents Audit Last alerts",
+ "visState": "{\"title\":\"Wazuh App Agents Audit Last alerts\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"rule.description\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Event\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"data.audit.exe\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Command\"}},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"data.audit.type\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Type\"}}]}",
+ "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}",
+ "description": "",
+ "version": 1,
+ "kibanaSavedObjectMeta": {
+ "searchSourceJSON":
+ "{\"index\":\"wazuh-alerts\",\"filter\":[],\"query\":{\"query\":\"rule.groups: audit\",\"language\":\"lucene\"}}"
+ }
+ }
},
{
"_id": "Wazuh-App-Agents-PCI-Requirements",
@@ -1974,19 +1966,18 @@
},
{
"_id": "Wazuh-App-Agents-PCI-Last-alerts",
+ "_type": "visualization",
"_source": {
- "title": "Wazuh App Agents PCI Last alerts",
- "visState":
- "{\"title\":\"Wazuh App Agents PCI Last alerts\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"agent.name\",\"size\":999999,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Agent name\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"rule.pci_dss\",\"size\":999999,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Requirement\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"rule.description\",\"size\":999999,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Rule description\"}}]}",
- "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"asc\"}}}}",
- "description": "",
- "version": 1,
+ "title": "Wazuh App Agents PCI Last alerts",
+ "visState": "{\"title\":\"Wazuh App Agents PCI Last alerts\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":2,\"direction\":\"asc\"},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"rule.pci_dss\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Requirement\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"rule.description\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Rule description\"}}]}",
+ "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}",
+ "description": "",
+ "version": 1,
"kibanaSavedObjectMeta": {
- "searchSourceJSON":
+ "searchSourceJSON":
"{\"index\":\"wazuh-alerts\",\"filter\":[],\"query\":{\"query\":\"_exists_:rule.pci_dss\",\"language\":\"lucene\"}}"
}
- },
- "_type": "visualization"
+ }
},
{
"_id": "Wazuh-App-Overview-AWS-Metric-Authorize-security",
@@ -2116,17 +2107,18 @@
},
{
"_id": "Wazuh-App-Overview-AWS-Alerts-summary",
+ "_type": "visualization",
"_source": {
- "title": "Wazuh App Overview AWS Alerts summary",
- "visState": "{\"title\":\"Wazuh App Overview AWS Alerts summary\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"manager.name\",\"size\":500,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Manager\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"GeoLocation.country_name\",\"size\":500,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Country\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"rule.description\",\"size\":999,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Description\"}}]}",
- "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":3,\"direction\":\"desc\"}}},\"spy\":{\"mode\":{\"name\":null,\"fill\":false}}}",
- "description": "",
- "version": 1,
+ "title": "Wazuh App Overview AWS Alerts summary",
+ "visState": "{\"title\":\"Wazuh App Overview AWS Alerts summary\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":3,\"direction\":\"desc\"},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"manager.name\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Manager\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"GeoLocation.country_name\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Country\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"rule.description\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Description\"}}]}",
+ "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":3,\"direction\":\"desc\"}}},\"spy\":{\"mode\":{\"name\":null,\"fill\":false}}}",
+ "description": "",
+ "version": 1,
"kibanaSavedObjectMeta": {
- "searchSourceJSON": "{\"index\":\"wazuh-alerts\",\"filter\":[],\"query\":{\"query\":\"rule.groups: amazon\",\"language\":\"lucene\"}}"
+ "searchSourceJSON":
+ "{\"index\":\"wazuh-alerts\",\"filter\":[],\"query\":{\"query\":\"rule.groups: amazon\",\"language\":\"lucene\"}}"
}
- },
- "_type": "visualization"
+ }
},
{
"_id": "Wazuh-App-Overview-Virustotal-Last-Files-Pie",
@@ -2272,11 +2264,11 @@
"_id": "Wazuh-App-Overview-VULS-Alerts-summary",
"_type": "visualization",
"_source": {
- "title": "Wazuh App Overview VULS Alerts summary",
- "visState": "{\"title\":\"Wazuh App Overview VULS Alerts summary\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"data.vulnerability.cve\",\"size\":999999,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"CVE\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"data.vulnerability.severity\",\"size\":999999,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Severity\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"data.vulnerability.title\",\"size\":999999,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Title\"}},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"data.vulnerability.updated\",\"size\":999999,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Updated\"}},{\"id\":\"6\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"data.vulnerability.reference\",\"size\":999999,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Reference\"}}]}",
- "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":5,\"direction\":\"desc\"}}}}",
- "description": "",
- "version": 1,
+ "title": "Wazuh App Overview VULS Alerts summary",
+ "visState": "{\"title\":\"Wazuh App Overview VULS Alerts summary\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":5,\"direction\":\"desc\"},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"data.vulnerability.cve\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"CVE\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"data.vulnerability.severity\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Severity\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"data.vulnerability.title\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Title\"}},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"data.vulnerability.updated\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Updated\"}},{\"id\":\"6\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"data.vulnerability.reference\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Reference\"}}]}",
+ "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":5,\"direction\":\"desc\"}}}}",
+ "description": "",
+ "version": 1,
"kibanaSavedObjectMeta": {
"searchSourceJSON": "{\"index\":\"wazuh-alerts\",\"filter\":[],\"query\":{\"query\":\"rule.groups: vulnerability-detector\",\"language\":\"lucene\"}}"
}