valitydev/wazuh-kibana-app
14
0
Fork 0
mirror of https://github.com/valitydev/wazuh-kibana-app.git synced 2024-11-06 09:55:18 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Cleaning code. Working on SCAP

Browse Source
This commit is contained in:
Pedro Sanchez 2017-01-16 04:29:48 -08:00
parent a0788ae1e6
commit b8a5daeff7
23 changed files with 260 additions and 383 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
public/app.js
View File

@ -47,6 +47,7 @@ require('plugins/wazuh/controllers/ruleset.js');
require('plugins/wazuh/controllers/osseclog.js');
// Agents
require('plugins/wazuh/controllers/agents.js');
require('plugins/wazuh/controllers/agentsOverview.js');
require('plugins/wazuh/controllers/agentsPreview.js');
require('plugins/wazuh/controllers/agentsFim.js');

145
public/controllers/agents.js Normal file
View File

@ -0,0 +1,145 @@
// Require config
var app = require('ui/modules').get('app/wazuh', []);
app.controller('agentsController', function ($scope, $q, DataFactory, $mdToast, appState, errlog, $window) {
//Initialisation
$scope.load = true;
$scope.search = '';
$scope.submenuNavItem = '';
$scope.state = appState;
$scope._status = 'all';
var objectsArray = [];
//Print Error
var printError = function (error) {
$mdToast.show({
template: '<md-toast>' + error.html + '</md-toast>',
position: 'bottom left',
hideDelay: 5000,
});
};
//Functions
$scope.getAgentStatusClass = function (agentStatus) {
if (agentStatus == "Active")
return "green"
else
return "red";
};
$scope.formatAgentStatus = function (agentStatus) {
if (agentStatus == "Active")
return "Active"
else if (agentStatus == "Disconnected")
return "Disconnected";
else
return "Never connected";
};
$scope.agentsSearch = function (search) {
var defered = $q.defer();
var promise = defered.promise;
if (search) {
DataFactory.filters.set(objectsArray['/agents'], 'search', search);
} else {
DataFactory.filters.unset(objectsArray['/agents'], 'search');
}
DataFactory.get(objectsArray['/agents'])
.then(function (data) {
defered.resolve(data.data.items);
}, function (data) {
printError(data);
defered.reject();
});
return promise;
};
$scope.applyAgent = function (agent) {
if (agent) {
$scope.load = true;
//$scope.submenuNavItem = 'fim';
$scope.submenuNavItem = 'overview';
$scope._agent = agent;
$scope.search = agent.name;
$scope.load = false;
}
};
$scope.openDashboard = function (dashboard, filter) {
$scope.state.setDashboardsState(dashboard, filter);
$window.location.href = '#/dashboards/';
}
$scope.openDiscover = function (template, filter) {
$scope.state.setDiscoverState(template, filter);
$window.location.href = '#/discover/';
}
$scope.resetDiscover = function () {
$scope.state.unsetDiscoverState();
}
$scope.resetDashboards = function () {
$scope.state.unsetDashboardsState();
}
$scope.restartAgent = function () {
var path = '/agents/' + $scope._agent.id + '/restart';
DataFactory.getAndClean('put', path, {})
.then(function (data) {
if(data.error != 0)
var alert = data.message;
else
var alert = data.data;
$mdToast.show({
template: '<md-toast>' + alert + '</md-toast>',
position: 'bottom left',
hideDelay: 2000,
});
}, printError);
};
var load = function () {
DataFactory.initialize('get', '/agents', {}, 5, 0)
.then(function (data) {
objectsArray['/agents'] = data;
DataFactory.filters.register(objectsArray['/agents'], 'search', 'string');
/* tmp for debugging. Forcing a tab/agent selected.*/
$scope.submenuNavItem = 'policy_monitoring';
DataFactory.getAndClean('get', '/agents/' + "000", {})
.then(function (data) {
$scope.agentInfo = data.data;
$scope._agent = data.data;
}, printError);
// close tmp
$scope.load = false;
}, printError);
};
//Load
try {
load();
} catch (e) {
$mdToast.show({
template: '<md-toast> Unexpected exception loading controller </md-toast>',
position: 'bottom left',
hideDelay: 5000,
});
errlog.log('Unexpected exception loading controller', e);
}
//Destroy
$scope.$on("$destroy", function () {
angular.forEach(objectsArray, function (value) {
DataFactory.clean(value)
});
});
});

2
public/controllers/agentsOverview.js
View File

@ -1,7 +1,7 @@
// Require config
var app = require('ui/modules').get('app/wazuh', []);
app.controller('agentsController', function ($scope, DataFactory, $mdToast) {
app.controller('agentsOverviewController', function ($scope, DataFactory, $mdToast) {
//Initialisation
$scope.load = true;

147
public/controllers/general.js
View File

@ -1,151 +1,10 @@
// Require config
var app = require('ui/modules').get('app/wazuh', []);
app.controller('generalController', function ($scope, $q, DataFactory, $mdToast, appState, errlog, $window) {
//Initialisation
$scope.load = true;
$scope.search = '';
$scope.submenuNavItem = '';
$scope.state = appState;
$scope._status = 'all';
var objectsArray = [];
//Print Error
var printError = function (error) {
$mdToast.show({
template: '<md-toast>' + error.html + '</md-toast>',
position: 'bottom left',
hideDelay: 5000,
});
};
//Functions
$scope.getAgentStatusClass = function (agentStatus) {
if (agentStatus == "Active")
return "green"
else
return "red";
};
$scope.formatAgentStatus = function (agentStatus) {
if (agentStatus == "Active")
return "Active"
else if (agentStatus == "Disconnected")
return "Disconnected";
else
return "Never connected";
};
$scope.agentsSearch = function (search) {
var defered = $q.defer();
var promise = defered.promise;
if (search) {
DataFactory.filters.set(objectsArray['/agents'], 'search', search);
} else {
DataFactory.filters.unset(objectsArray['/agents'], 'search');
}
DataFactory.get(objectsArray['/agents'])
.then(function (data) {
defered.resolve(data.data.items);
}, function (data) {
printError(data);
defered.reject();
});
return promise;
};
$scope.applyAgent = function (agent) {
if (agent) {
$scope.load = true;
//$scope.submenuNavItem = 'fim';
$scope.submenuNavItem = 'overview';
$scope._agent = agent;
$scope.search = agent.name;
$scope.load = false;
}
};
$scope.openDashboard = function (dashboard, filter) {
$scope.state.setDashboardsState(dashboard, filter);
$window.location.href = '#/dashboards/';
}
$scope.openDiscover = function (template, filter) {
$scope.state.setDiscoverState(template, filter);
$window.location.href = '#/discover/';
}
$scope.resetDiscover = function () {
$scope.state.unsetDiscoverState();
}
$scope.resetDashboards = function () {
$scope.state.unsetDashboardsState();
}
$scope.restartAgent = function () {
var path = '/agents/' + $scope._agent.id + '/restart';
DataFactory.getAndClean('put', path, {})
.then(function (data) {
if(data.error != 0)
var alert = data.message;
else
var alert = data.data;
$mdToast.show({
template: '<md-toast>' + alert + '</md-toast>',
position: 'bottom left',
hideDelay: 2000,
});
}, printError);
};
var load = function () {
DataFactory.initialize('get', '/agents', {}, 5, 0)
.then(function (data) {
objectsArray['/agents'] = data;
DataFactory.filters.register(objectsArray['/agents'], 'search', 'string');
$scope.load = false;
}, printError);
};
//Load
try {
load();
} catch (e) {
$mdToast.show({
template: '<md-toast> Unexpected exception loading controller </md-toast>',
position: 'bottom left',
hideDelay: 5000,
});
errlog.log('Unexpected exception loading controller', e);
}
//Destroy
$scope.$on("$destroy", function () {
angular.forEach(objectsArray, function (value) {
DataFactory.clean(value)
});
});
});
app.controller('stateController', function ($scope, appState, $route) {
$scope.state = appState;
$scope.select = $route.current.params.select;
$scope.submenuNavItem2 = "rules";
$scope.resetDiscover = function () {
$scope.state.unsetDiscoverState();
}
$scope.resetDashboards = function () {
$scope.state.unsetDashboardsState();
}
$scope.setRulesTab = function(tab) {
$scope.submenuNavItem2 = tab;
@ -165,12 +24,6 @@ app.controller('generalController', function ($scope, appState, $window) {
$scope.state.setDiscoverState(template, filter);
$window.location.href = '#/discover/';
}
$scope.resetDiscover = function () {
$scope.state.unsetDiscoverState();
}
$scope.resetDashboards = function () {
$scope.state.unsetDashboardsState();
}
$scope.changeTabView = function (view) {
$scope.tabView = view;

42
public/controllers/manager.js
View File

@ -5,6 +5,7 @@ app.controller('managerController', function ($scope, DataFactory, genericReq, $
//Initialisation
$scope.load = true;
$scope.$parent.state.setManagerState('status');
$scope.defaultManager = $scope.$parent.state.getDefaultManager().name;
$scope.timeFilter = "24h";
$scope.stats = [];
@ -31,46 +32,6 @@ app.controller('managerController', function ($scope, DataFactory, genericReq, $
return "status red";
};
$scope.setTimer = function (time) {
if (time == "24h") {
$scope.timerFilterValue = "24h";
} else if (time == "48h") {
$scope.timerFilterValue = "48h";
} else {
$scope.timerFilterValue = "7d";
}
};
var load_tops = function () {
var daysAgo = 1;
if ($scope.timerFilterValue == "7d") {
var daysAgo = 7;
} else if ($scope.timerFilterValue == "48h") {
var daysAgo = 2;
} else {
var daysAgo = 1;
}
var date = new Date();
date.setDate(date.getDate() - daysAgo);
var timeAgo = date.getTime();
//timeAgo = "";
genericReq.request('GET', '/api/wazuh-elastic/top/srcuser/' + timeAgo)
.then(function (data) {
$scope.topsrcuser = data.data;
}, printError);
genericReq.request('GET', '/api/wazuh-elastic/top/srcip/' + timeAgo)
.then(function (data) {
$scope.topsrcip = data.data;
}, printError);
genericReq.request('GET', '/api/wazuh-elastic/top/rule.groups/' + timeAgo)
.then(function (data) {
$scope.topgroup = data.data;
}, printError);
genericReq.request('GET', '/api/wazuh-elastic/top/rule.PCI_DSS/' + timeAgo)
.then(function (data) {
$scope.toppci = data.data;
}, printError);
};
var load = function () {
DataFactory.getAndClean('get', '/agents/summary', {})
@ -110,7 +71,6 @@ app.controller('managerController', function ($scope, DataFactory, genericReq, $
//Load
try {
load();
load_tops();
} catch (e) {
$mdToast.show({
template: '<md-toast> Unexpected exception loading controller </md-toast>',

29
public/controllers/testController.js
View File

@ -4,9 +4,30 @@ var app = require('ui/modules').get('app/wazuh');
app.controller('testController', function ($scope, $mdToast, $rootScope, genericReq) {
$scope.AgentName = "testAgent";
app.controller('testController', function (appState, $scope, $mdToast, $rootScope, genericReq) {
// GET /api/wazuh-elastic/top/{manager}/{field}/{fieldFilter}/{fieldValue}/{time?}
$scope.state = appState;
$scope.defaultManager = $scope.state.getDefaultManager().name;
var daysAgo = 1;
var date = new Date();
date.setDate(date.getDate() - daysAgo);
var timeAgo = date.getTime();
// Check if rule group exists on last timeAgo.
// Input: rule group. Output: true / false
$scope.dynamicTab_exists = function (group) {
genericReq.request('GET', '/api/wazuh-elastic/top/'+$scope.defaultManager+'/rule.groups/rule.groups/'+group+'/'+timeAgo)
.then(function (data) {
if(data.data != ""){
console.log(data);
console.log("there is data");
}else{
console.log(data);
console.log("there is NOT data");
}
});
};
$scope.dynamicTab_exists("oscap");
});

2
public/templates/agents-fim.html
View File

@ -106,7 +106,7 @@
<span class="md-headline">Alerts summary</span>
</md-card-title-text>
</md-card-title>
<kbn-vis vis-height="600px" vis-index-pattern="wazuh-alerts-*" vis-a="(filters:!(),linked:!f,query:(query_string:(analyze_wildcard:!t,query:'*')),uiState:(vis:(params:(sort:(columnIndex:!n,direction:!n)))),vis:(aggs:!((enabled:!t,id:'1',params:(),schema:metric,type:count),(enabled:!t,id:'2',params:(customLabel:Agent,field:agent.name,order:desc,orderBy:'1',size:999999999),schema:bucket,type:terms),(enabled:!t,id:'4',params:(customLabel:File,field:syscheck.path,order:desc,orderBy:'1',size:999999999),schema:bucket,type:terms),(enabled:!t,id:'5',params:(customLabel:Event,field:syscheck.event,order:desc,orderBy:'1',size:999999999),schema:bucket,type:terms),(enabled:!t,id:'6',params:(customLabel:Description,field:rule.description,order:desc,orderBy:'1',size:999999999),schema:bucket,type:terms)),listeners:(),params:(perPage:10,showMeticsAtAllLevels:!f,showPartialRows:!f,showTotal:!f,sort:(columnIndex:!n,direction:!n),totalFunc:sum),title:'New%20Visualization',type:table))"
<kbn-vis vis-height="450px" vis-index-pattern="wazuh-alerts-*" vis-a="(filters:!(),linked:!f,query:(query_string:(analyze_wildcard:!t,query:'*')),uiState:(vis:(params:(sort:(columnIndex:!n,direction:!n)))),vis:(aggs:!((enabled:!t,id:'1',params:(),schema:metric,type:count),(enabled:!t,id:'2',params:(customLabel:Agent,field:agent.name,order:desc,orderBy:'1',size:999999999),schema:bucket,type:terms),(enabled:!t,id:'4',params:(customLabel:File,field:syscheck.path,order:desc,orderBy:'1',size:999999999),schema:bucket,type:terms),(enabled:!t,id:'5',params:(customLabel:Event,field:syscheck.event,order:desc,orderBy:'1',size:999999999),schema:bucket,type:terms),(enabled:!t,id:'6',params:(customLabel:Description,field:rule.description,order:desc,orderBy:'1',size:999999999),schema:bucket,type:terms)),listeners:(),params:(perPage:10,showMeticsAtAllLevels:!f,showPartialRows:!f,showTotal:!f,sort:(columnIndex:!n,direction:!n),totalFunc:sum),title:'New%20Visualization',type:table))"
vis-filter="rule.groups: syscheck AND {{'agent.name:'+_agent.name}}">
</kbn-vis>

2
public/templates/agents-overview.html
View File

@ -1,6 +1,6 @@
<md-content ng-if="submenuNavItem == 'overview' && tabView == 'panels'" ng-if="agentInfo">
<kbn-searchbar></kbn-searchbar>
<div ng-controller="agentsController">
<div ng-controller="agentsOverviewController">
<md-content layout="row">
<md-card flex="33">

31
public/templates/agents-policyMonitoring.html → public/templates/agents-pm.html
View File

@ -3,26 +3,39 @@
<div flex ng-controller="pmController" layout="column">
<md-progress-linear class="md-accent" md-mode="indeterminate" ng-show="load"></md-progress-linear>
<md-content layout="row">
<md-card flex="40">
<md-card flex="50">
<md-card-title>
<md-card-title-text>
<span class="md-headline">Rootcheck alerts evolution</span>
<span class="md-headline">Alerts over time</span>
</md-card-title-text>
</md-card-title>
<md-card-content>
<kbn-vis vis-height="100px" vis-index-pattern="wazuh-alerts-*" vis-a="(filters:!(),linked:!f,query:(query_string:(analyze_wildcard:!t,query:'*')),uiState:(vis:(legendOpen:!f)),vis:(aggs:!((enabled:!t,id:'1',params:(),schema:metric,type:count),(enabled:!t,id:'2',params:(customInterval:'2h',extended_bounds:(),field:'@timestamp',interval:auto,min_doc_count:1),schema:segment,type:date_histogram)),listeners:(),params:(addLegend:!t,addTimeMarker:!f,addTooltip:!t,defaultYExtents:!f,mode:stacked,scale:linear,setYExtents:!f,shareYAxis:!t,times:!(),yAxis:()),title:'New%20Visualization',type:histogram))"
<kbn-vis vis-height="220px" vis-index-pattern="wazuh-alerts-*" vis-a="(filters:!(),linked:!f,query:(query_string:(analyze_wildcard:!t,query:'*')),uiState:(vis:(legendOpen:!f)),vis:(aggs:!((enabled:!t,id:'1',params:(),schema:metric,type:count),(enabled:!t,id:'2',params:(customInterval:'2h',extended_bounds:(),field:'@timestamp',interval:auto,min_doc_count:1),schema:segment,type:date_histogram)),listeners:(),params:(addLegend:!t,addTimeMarker:!f,addTooltip:!t,defaultYExtents:!f,mode:stacked,scale:linear,setYExtents:!f,shareYAxis:!t,times:!(),yAxis:()),title:'New%20Visualization',type:histogram))"
vis-filter="rule.groups: rootcheck AND {{_agent.name ? 'agent.name:'+_agent.name : '*'}}">
</kbn-vis>
</md-card-content>
</md-card>
<md-card flex="30">
<md-card flex="25">
<md-card-title>
<md-card-title-text>
<span class="md-headline">CIS Controls</span>
<span class="md-headline">Top 10 CIS Requirements</span>
</md-card-title-text>
</md-card-title>
<md-card-content>
<kbn-vis vis-height="100px" vis-index-pattern="wazuh-alerts-*" vis-a="(filters:!(),linked:!f,query:(query_string:(analyze_wildcard:!t,query:'*')),uiState:(),vis:(aggs:!((enabled:!t,id:'1',params:(),schema:metric,type:count),(enabled:!t,id:'2',params:(field:rule.cis,order:desc,orderBy:'1',size:5),schema:segment,type:terms)),listeners:(),params:(addLegend:!t,addTooltip:!t,isDonut:!f,shareYAxis:!t),title:'New%20Visualization',type:pie))"
<kbn-vis vis-height="220px" vis-index-pattern="wazuh-alerts-*" vis-a="(filters:!(),linked:!f,query:(query_string:(analyze_wildcard:!t,query:'*')),uiState:(),vis:(aggs:!((enabled:!t,id:'1',params:(),schema:metric,type:count),(enabled:!t,id:'2',params:(field:rule.cis,order:desc,orderBy:'1',size:10),schema:segment,type:terms)),listeners:(),params:(addLegend:!t,addTooltip:!t,isDonut:!t,shareYAxis:!t),title:'New%20Visualization',type:pie))"
vis-filter="rule.groups: rootcheck AND {{'agent.name:'+_agent.name}}"
>
</kbn-vis>
</md-card-content>
</md-card>
<md-card flex="25">
<md-card-title>
<md-card-title-text>
<span class="md-headline">Top 10 CIS Requirements</span>
</md-card-title-text>
</md-card-title>
<md-card-content>
<kbn-vis vis-height="220px" vis-index-pattern="wazuh-alerts-*" vis-a="(filters:!(),linked:!f,query:(query_string:(analyze_wildcard:!t,query:'rule.groups:%22rootcheck%22')),uiState:(),vis:(aggs:!((enabled:!t,id:'1',params:(),schema:metric,type:count),(enabled:!t,id:'2',params:(field:rule.pci_dss,order:desc,orderBy:'1',size:10),schema:segment,type:terms)),listeners:(),params:(addLegend:!t,addTooltip:!t,isDonut:!t,shareYAxis:!t),title:'PM%20Top%2010%20PCI%20DSS%20Requirements',type:pie))"
vis-filter="rule.groups: rootcheck AND {{'agent.name:'+_agent.name}}"
>
</kbn-vis>
@ -41,18 +54,18 @@
</div>
<div layout="row" layout-align="space-between stretch">
<md-card flex="100">
<md-card flex="100">
<md-card-title>
<md-card-title-text>
<span class="md-headline">Alerts summary</span>
</md-card-title-text>
</md-card-title>
<kbn-vis vis-height="600px" vis-index-pattern="wazuh-alerts-*" vis-a="(filters:!(),linked:!f,query:(query_string:(analyze_wildcard:!t,query:'*')),uiState:(vis:(params:(sort:(columnIndex:3,direction:desc)))),vis:(aggs:!((enabled:!t,id:'1',params:(),schema:metric,type:count),(enabled:!t,id:'2',params:(customLabel:'Agent name',field:agent.name,order:desc,orderBy:'1',size:999999999),schema:bucket,type:terms),(enabled:!t,id:'3',params:(customLabel:'Rule description',field:rule.description,order:desc,orderBy:'1',size:999999999),schema:bucket,type:terms),(enabled:!t,id:'4',params:(customLabel:Control,field:title,order:desc,orderBy:'1',size:999999999),schema:bucket,type:terms)),listeners:(),params:(perPage:10,showMeticsAtAllLevels:!f,showPartialRows:!f,showTotal:!f,sort:(columnIndex:!n,direction:!n),totalFunc:sum),title:'New%20Visualization',type:table))"
<kbn-vis vis-height="450px" vis-index-pattern="wazuh-alerts-*" vis-a="(filters:!(),linked:!f,query:(query_string:(analyze_wildcard:!t,query:'*')),uiState:(vis:(params:(sort:(columnIndex:3,direction:desc)))),vis:(aggs:!((enabled:!t,id:'1',params:(),schema:metric,type:count),(enabled:!t,id:'2',params:(customLabel:'Agent name',field:agent.name,order:desc,orderBy:'1',size:999999999),schema:bucket,type:terms),(enabled:!t,id:'3',params:(customLabel:'Rule description',field:rule.description,order:desc,orderBy:'1',size:999999999),schema:bucket,type:terms),(enabled:!t,id:'4',params:(customLabel:Control,field:title,order:desc,orderBy:'1',size:999999999),schema:bucket,type:terms)),listeners:(),params:(perPage:10,showMeticsAtAllLevels:!f,showPartialRows:!f,showTotal:!f,sort:(columnIndex:!n,direction:!n),totalFunc:sum),title:'New%20Visualization',type:table))"
vis-filter="rule.groups: rootcheck AND {{'agent.name:'+_agent.name}}">
</kbn-vis>
</md-card>
</md-card>
</div>
</div>

6
public/templates/agents.head
View File

@ -1,4 +1,4 @@
<div flex ng-controller="generalController" layout="column">
<div flex ng-controller="agentsController" layout="column">
<md-content class="wazuhMenuNavBar" ng-init="menuNavItem = 'agents'" style="height: 70px;">
<md-nav-bar class="wazuhMenuNav" md-selected-nav-item="menuNavItem" nav-bar-aria-label="navigation menu">
<md-nav-item id="header_logo" md-nav-href="#/" name="logo" aria-hidden="true">
@ -7,8 +7,8 @@
<md-nav-item md-nav-href="#/overview" name="overview">Overview</md-nav-item>
<md-nav-item md-nav-href="#/manager" name="manager">Manager</md-nav-item>
<md-nav-item md-nav-href="#/agents" name="agents" >Agents</md-nav-item>
<md-nav-item md-nav-href="#/discover" name="discover" ng-click="resetDiscover();">Discover</md-nav-item>
<md-nav-item md-nav-href="#/dashboards" name="dashboards" ng-click="resetDashboards();">Dashboards</md-nav-item>
<md-nav-item md-nav-href="#/discover" name="discover">Discover</md-nav-item>
<md-nav-item md-nav-href="#/dashboards" name="dashboards">Dashboards</md-nav-item>
<md-nav-item class="wazuhMenuNavBar_gear" md-nav-href="#/settings" name="settings"><i class="fa fa-cog ng-scope" aria-hidden="true" ></i></md-nav-item>
</md-nav-bar>
</md-content>

2
public/templates/agents.jade
View File

@ -2,7 +2,7 @@ include ./agents.head
include ./agents-preview.html
include ./agents-overview.html
include ./agents-fim.html
include ./agents-policyMonitoring.html
include ./agents-pm.html
include ./tabview-discover.html
include ./tabview-dashboard.html
include ./agents.foot

4
public/templates/dashboards.head
View File

@ -8,8 +8,8 @@
<md-nav-item md-nav-href="#/overview" name="overview">Overview</md-nav-item>
<md-nav-item md-nav-href="#/manager" name="manager">Manager</md-nav-item>
<md-nav-item md-nav-href="#/agents" name="agents">Agents</md-nav-item>
<md-nav-item md-nav-href="#/discover" name="discover" ng-click="resetDiscover();">Discover</md-nav-item>
<md-nav-item md-nav-href="#/dashboards" name="dashboards" ng-click="resetDashboards();">Dashboards</md-nav-item>
<md-nav-item md-nav-href="#/discover" name="discover">Discover</md-nav-item>
<md-nav-item md-nav-href="#/dashboards" name="dashboards">Dashboards</md-nav-item>
<md-nav-item class="wazuhMenuNavBar_gear" md-nav-href="#/settings" name="settings"><i class="fa fa-cog ng-scope" aria-hidden="true" ></i></md-nav-item>
</md-nav-bar>
</md-content>

4
public/templates/discover.head
View File

@ -8,8 +8,8 @@
<md-nav-item md-nav-href="#/overview" name="overview">Overview</md-nav-item>
<md-nav-item md-nav-href="#/manager" name="manager">Manager</md-nav-item>
<md-nav-item md-nav-href="#/agents" name="agents">Agents</md-nav-item>
<md-nav-item md-nav-href="#/discover" name="discover" ng-click="resetDiscover();">Discover</md-nav-item>
<md-nav-item md-nav-href="#/dashboards" name="dashboards" ng-click="resetDashboards();">Dashboards</md-nav-item>
<md-nav-item md-nav-href="#/discover" name="discover">Discover</md-nav-item>
<md-nav-item md-nav-href="#/dashboards" name="dashboards">Dashboards</md-nav-item>
<md-nav-item class="wazuhMenuNavBar_gear" md-nav-href="#/settings" name="settings"><i class="fa fa-cog ng-scope" aria-hidden="true" ></i></md-nav-item>
</md-nav-bar>
</md-content>

4
public/templates/manager.head
View File

@ -8,8 +8,8 @@
<md-nav-item md-nav-href="#/overview" name="overview">Overview</md-nav-item>
<md-nav-item md-nav-href="#/manager" name="manager">Manager</md-nav-item>
<md-nav-item md-nav-href="#/agents" name="agents">Agents</md-nav-item>
<md-nav-item md-nav-href="#/discover" name="discover" ng-click="resetDiscover();">Discover</md-nav-item>
<md-nav-item md-nav-href="#/dashboards" name="dashboards" ng-click="resetDashboards();">Dashboards</md-nav-item>
<md-nav-item md-nav-href="#/discover" name="discover">Discover</md-nav-item>
<md-nav-item md-nav-href="#/dashboards" name="dashboards">Dashboards</md-nav-item>
<md-nav-item class="wazuhMenuNavBar_gear" md-nav-href="#/settings" name="settings"><i class="fa fa-cog ng-scope" aria-hidden="true" ></i></md-nav-item>
</md-nav-bar>
</md-content>

2
public/templates/overview-fim.html
View File

@ -147,7 +147,7 @@
</md-card-title-text>
</md-card-title>
<md-card-content>
<kbn-vis vis-height="460px" vis-index-pattern="wazuh-alerts-*" vis-a="(filters:!(),linked:!f,query:(query_string:(analyze_wildcard:!t,query:'*')),uiState:(vis:(params:(sort:(columnIndex:!n,direction:!n)))),vis:(aggs:!((enabled:!t,id:'1',params:(),schema:metric,type:count),(enabled:!t,id:'2',params:(customLabel:Agent,field:agent.name,order:desc,orderBy:'1',size:999999999),schema:bucket,type:terms),(enabled:!t,id:'4',params:(customLabel:File,field:syscheck.path,order:desc,orderBy:'1',size:999999999),schema:bucket,type:terms),(enabled:!t,id:'5',params:(customLabel:Event,field:syscheck.event,order:desc,orderBy:'1',size:999999999),schema:bucket,type:terms),(enabled:!t,id:'6',params:(customLabel:Description,field:rule.description,order:desc,orderBy:'1',size:999999999),schema:bucket,type:terms)),listeners:(),params:(perPage:10,showMeticsAtAllLevels:!f,showPartialRows:!f,showTotal:!f,sort:(columnIndex:!n,direction:!n),totalFunc:sum),title:'New%20Visualization',type:table))"
<kbn-vis vis-height="450px" vis-index-pattern="wazuh-alerts-*" vis-a="(filters:!(),linked:!f,query:(query_string:(analyze_wildcard:!t,query:'*')),uiState:(vis:(params:(sort:(columnIndex:!n,direction:!n)))),vis:(aggs:!((enabled:!t,id:'1',params:(),schema:metric,type:count),(enabled:!t,id:'2',params:(customLabel:Agent,field:agent.name,order:desc,orderBy:'1',size:999999999),schema:bucket,type:terms),(enabled:!t,id:'4',params:(customLabel:File,field:syscheck.path,order:desc,orderBy:'1',size:999999999),schema:bucket,type:terms),(enabled:!t,id:'5',params:(customLabel:Event,field:syscheck.event,order:desc,orderBy:'1',size:999999999),schema:bucket,type:terms),(enabled:!t,id:'6',params:(customLabel:Description,field:rule.description,order:desc,orderBy:'1',size:999999999),schema:bucket,type:terms)),listeners:(),params:(perPage:10,showMeticsAtAllLevels:!f,showPartialRows:!f,showTotal:!f,sort:(columnIndex:!n,direction:!n),totalFunc:sum),title:'New%20Visualization',type:table))"
vis-filter="rule.groups: syscheck">
</kbn-vis>
</md-card-content>

2
public/templates/overview-general.html
View File

@ -132,7 +132,7 @@
</md-card-title-text>
</md-card-title>
<md-card-content>
<kbn-vis vis-height="460px" vis-index-pattern="wazuh-alerts-*" vis-a="(filters:!(),linked:!f,query:(query_string:(analyze_wildcard:!t,query:'*')),uiState:(vis:(params:(sort:(columnIndex:5,direction:desc)))),vis:(aggs:!((enabled:!t,id:'1',params:(),schema:metric,type:count),(enabled:!t,id:'2',params:(customLabel:'Rule ID',field:rule.id,order:desc,orderBy:'1',size:999999999),schema:bucket,type:terms),(enabled:!t,id:'3',params:(customLabel:Description,field:rule.description,order:desc,orderBy:'1',size:999999999),schema:bucket,type:terms),(enabled:!t,id:'4',params:(customLabel:Level,field:rule.level,order:desc,orderBy:'1',size:999999999),schema:bucket,type:terms),(enabled:!t,id:'5',params:(customLabel:Groups,field:rule.groups,order:desc,orderBy:'1',size:999999999),schema:bucket,type:terms),(enabled:!t,id:'6',params:(customLabel:'PCI DSS',field:rule.pci_dss,order:desc,orderBy:'1',size:999999999),schema:bucket,type:terms)),listeners:(),params:(perPage:10,showMeticsAtAllLevels:!f,showPartialRows:!f,showTotal:!f,sort:(columnIndex:5,direction:desc),totalFunc:sum),title:'Alerts summary',type:table))"
<kbn-vis vis-height="450px" vis-index-pattern="wazuh-alerts-*" vis-a="(filters:!(),linked:!f,query:(query_string:(analyze_wildcard:!t,query:'*')),uiState:(vis:(params:(sort:(columnIndex:5,direction:desc)))),vis:(aggs:!((enabled:!t,id:'1',params:(),schema:metric,type:count),(enabled:!t,id:'2',params:(customLabel:'Rule ID',field:rule.id,order:desc,orderBy:'1',size:999999999),schema:bucket,type:terms),(enabled:!t,id:'3',params:(customLabel:Description,field:rule.description,order:desc,orderBy:'1',size:999999999),schema:bucket,type:terms),(enabled:!t,id:'4',params:(customLabel:Level,field:rule.level,order:desc,orderBy:'1',size:999999999),schema:bucket,type:terms),(enabled:!t,id:'5',params:(customLabel:Groups,field:rule.groups,order:desc,orderBy:'1',size:999999999),schema:bucket,type:terms),(enabled:!t,id:'6',params:(customLabel:'PCI DSS',field:rule.pci_dss,order:desc,orderBy:'1',size:999999999),schema:bucket,type:terms)),listeners:(),params:(perPage:10,showMeticsAtAllLevels:!f,showPartialRows:!f,showTotal:!f,sort:(columnIndex:5,direction:desc),totalFunc:sum),title:'Alerts summary',type:table))"
vis-filter="*">
</kbn-vis>
</md-card-content>

2
public/templates/overview-oscap.html
View File

@ -149,7 +149,7 @@
</md-card-title-text>
</md-card-title>
<md-card-content>
<kbn-vis vis-height="460px" vis-index-pattern="wazuh-alerts-*" vis-a="(filters:!(),linked:!f,query:(query_string:(analyze_wildcard:!t,query:'*')),uiState:(vis:(params:(sort:(columnIndex:!n,direction:!n)))),vis:(aggs:!((enabled:!t,id:'1',params:(),schema:metric,type:count),(enabled:!t,id:'2',params:(customLabel:'Agent name',field:agent.name,order:desc,orderBy:'1',size:99999),schema:bucket,type:terms),(enabled:!t,id:'3',params:(customLabel:Title,field:oscap.check.title,order:desc,orderBy:'1',size:999999999),schema:bucket,type:terms),(enabled:!t,id:'4',params:(customLabel:Profile,field:oscap.scan.profile.title,order:desc,orderBy:'1',size:999999999),schema:bucket,type:terms),(enabled:!t,id:'5',params:(customLabel:'Scan ID',field:oscap.scan.id,order:desc,orderBy:'1',size:999999999),schema:bucket,type:terms),(enabled:!t,id:'6',params:(customLabel:Content,field:oscap.scan.content,order:desc,orderBy:'1',size:5),schema:bucket,type:terms)),listeners:(),params:(perPage:10,showMeticsAtAllLevels:!f,showPartialRows:!f,showTotal:!f,sort:(columnIndex:!n,direction:!n),totalFunc:sum),title:'New%20Visualization',type:table))"
<kbn-vis vis-height="450px" vis-index-pattern="wazuh-alerts-*" vis-a="(filters:!(),linked:!f,query:(query_string:(analyze_wildcard:!t,query:'*')),uiState:(vis:(params:(sort:(columnIndex:!n,direction:!n)))),vis:(aggs:!((enabled:!t,id:'1',params:(),schema:metric,type:count),(enabled:!t,id:'2',params:(customLabel:'Agent name',field:agent.name,order:desc,orderBy:'1',size:99999),schema:bucket,type:terms),(enabled:!t,id:'3',params:(customLabel:Title,field:oscap.check.title,order:desc,orderBy:'1',size:999999999),schema:bucket,type:terms),(enabled:!t,id:'4',params:(customLabel:Profile,field:oscap.scan.profile.title,order:desc,orderBy:'1',size:999999999),schema:bucket,type:terms),(enabled:!t,id:'5',params:(customLabel:'Scan ID',field:oscap.scan.id,order:desc,orderBy:'1',size:999999999),schema:bucket,type:terms),(enabled:!t,id:'6',params:(customLabel:Content,field:oscap.scan.content,order:desc,orderBy:'1',size:5),schema:bucket,type:terms)),listeners:(),params:(perPage:10,showMeticsAtAllLevels:!f,showPartialRows:!f,showTotal:!f,sort:(columnIndex:!n,direction:!n),totalFunc:sum),title:'New%20Visualization',type:table))"
vis-filter='oscap.check.result: fail AND rule.groups: oscap'>
</kbn-vis>
</md-card-content>

2
public/templates/overview-pm.html
View File

@ -52,7 +52,7 @@
</md-card-title-text>
</md-card-title>
<md-card-content>
<kbn-vis vis-height="460px" vis-index-pattern="wazuh-alerts-*" vis-a="(filters:!(),linked:!f,query:(query_string:(analyze_wildcard:!t,query:'*')),uiState:(vis:(params:(sort:(columnIndex:3,direction:desc)))),vis:(aggs:!((enabled:!t,id:'1',params:(),schema:metric,type:count),(enabled:!t,id:'2',params:(customLabel:'Agent%20name',field:agent.name,order:desc,orderBy:'1',size:999999999),schema:bucket,type:terms),(enabled:!t,id:'3',params:(customLabel:'Rule%20description',field:rule.description,order:desc,orderBy:'1',size:999999999),schema:bucket,type:terms),(enabled:!t,id:'4',params:(customLabel:Control,field:title,order:desc,orderBy:'1',size:999999999),schema:bucket,type:terms)),listeners:(),params:(perPage:10,showMeticsAtAllLevels:!f,showPartialRows:!f,showTotal:!f,sort:(columnIndex:!n,direction:!n),totalFunc:sum),title:'New%20Visualization',type:table))"
<kbn-vis vis-height="460px" vis-index-pattern="wazuh-alerts-*" vis-a="(filters:!(),linked:!f,query:(query_string:(analyze_wildcard:!t,query:'*')),uiState:(vis:(params:(sort:(columnIndex:3,direction:desc)))),vis:(aggs:!((enabled:!t,id:'1',params:(),schema:metric,type:count),(enabled:!t,id:'2',params:(customLabel:'Agent name',field:agent.name,order:desc,orderBy:'1',size:999999999),schema:bucket,type:terms),(enabled:!t,id:'3',params:(customLabel:'Rule description',field:rule.description,order:desc,orderBy:'1',size:999999999),schema:bucket,type:terms),(enabled:!t,id:'4',params:(customLabel:Control,field:title,order:desc,orderBy:'1',size:999999999),schema:bucket,type:terms)),listeners:(),params:(perPage:10,showMeticsAtAllLevels:!f,showPartialRows:!f,showTotal:!f,sort:(columnIndex:!n,direction:!n),totalFunc:sum),title:'New%20Visualization',type:table))"
vis-filter='rule.groups:"rootcheck"'>
</kbn-vis>
</md-card-content>

4
public/templates/overview.head
View File

@ -8,8 +8,8 @@
<md-nav-item md-nav-href="#/overview" name="overview">Overview</md-nav-item>
<md-nav-item md-nav-href="#/manager" name="manager">Manager</md-nav-item>
<md-nav-item md-nav-href="#/agents" name="agents">Agents</md-nav-item>
<md-nav-item md-nav-href="#/discover" name="discover" ng-click="resetDiscover();">Discover</md-nav-item>
<md-nav-item md-nav-href="#/dashboards" name="dashboards" ng-click="resetDashboards();">Dashboards</md-nav-item>
<md-nav-item md-nav-href="#/discover" name="discover">Discover</md-nav-item>
<md-nav-item md-nav-href="#/dashboards" name="dashboards">Dashboards</md-nav-item>
<md-nav-item class="wazuhMenuNavBar_gear" md-nav-href="#/settings" name="settings"><i class="fa fa-cog ng-scope" aria-hidden="true" ></i></md-nav-item>
</md-nav-bar>

19
public/templates/tabview-dashboard.html
View File

@ -1,25 +1,44 @@
<!-- Overview dashbards -->
<!-- OSSEC Alerts -->
<md-content style="background-color: white" flex layout="column" ng-if="menuNavItem == 'overview' && submenuNavItem == 'general' && tabView == 'dashboard'" layout-align="start space-around">
<kbn-dash dash-id="OSSEC-Alerts" dash-searchable="true" dash-timepicker="true"></kbn-dash>
</md-content>
<!-- File integrity monitoring-->
<md-content style="background-color: white" flex layout="column" ng-if="menuNavItem == 'overview' && submenuNavItem == 'fim' && tabView == 'dashboard'" layout-align="start space-around">
<kbn-dash dash-id="File-Integrity-Monitoring" dash-searchable="true" dash-timepicker="true"></kbn-dash>
</md-content>
<!-- Policy monitoring -->
<md-content style="background-color: white" flex layout="column" ng-if="menuNavItem == 'overview' && submenuNavItem == 'pm' && tabView == 'dashboard'" layout-align="start space-around">
<kbn-dash dash-id="CIS-Compliance" dash-searchable="true" dash-timepicker="true"></kbn-dash>
</md-content>
<!-- OSCAP -->
<md-content style="background-color: white" flex layout="column" ng-if="menuNavItem == 'overview' && submenuNavItem == 'oscap' && tabView == 'dashboard'" layout-align="start space-around">
<kbn-dash dash-id="OpenSCAP" dash-searchable="true" dash-timepicker="true"></kbn-dash>
</md-content>
<!-- Agents dashboards -->
<!-- OSSEC Alerts -->
<md-content style="background-color: white" flex layout="column" ng-if="menuNavItem == 'agents' && submenuNavItem == 'overview' && tabView == 'dashboard'" layout-align="start space-around">
<kbn-dash dash-id="OSSEC-Alerts" dash-searchable="true" dash-timepicker="true" dash-filter="agent.name: {{_agent.name}}"></kbn-dash>
</md-content>
<!-- File integrity monitoring-->
<md-content style="background-color: white" flex layout="column" ng-if="menuNavItem == 'agents' && submenuNavItem == 'fim' && tabView == 'dashboard'" layout-align="start space-around">
<kbn-dash dash-id="File-Integrity-Monitoring" dash-searchable="true" dash-timepicker="true" dash-filter="agent.name: {{_agent.name}}"></kbn-dash>
</md-content>
<!-- Policy monitoring -->
<md-content style="background-color: white" flex layout="column" ng-if="menuNavItem == 'agents' && submenuNavItem == 'policy_monitoring' && tabView == 'dashboard'" layout-align="start space-around">
<kbn-dash dash-id="CIS-Compliance" dash-searchable="true" dash-timepicker="true" dash-filter="agent.name: {{_agent.name}}"></kbn-dash>
</md-content>
<!-- OSCAP -->
<md-content style="background-color: white" flex layout="column" ng-if="menuNavItem == 'agents' && submenuNavItem == 'oscap' && tabView == 'dashboard'" layout-align="start space-around">
<kbn-dash dash-id="OpenSCAP" dash-searchable="true" dash-timepicker="true" dash-filter="agent.name: {{_agent.name}}"></kbn-dash>
</md-content>

27
public/templates/tabview-discover.html
View File

@ -1,3 +1,6 @@
<!-- Overview discover -->
<!-- General -->
<md-content style="background-color: white" flex layout="column" layout-align="start space-around" ng-if="menuNavItem == 'overview' && submenuNavItem == 'general' && tabView == 'discover'">
<kbn-disfull table-height="1000px;" dis-a="(columns:!(agent.name,agent.ip,rule.level,rule.description,rule.groups,rule.pci_dss,full_log),filters:!(),index:'wazuh-alerts-*',interval:auto,query:(query_string:(analyze_wildcard:!t,query:'*')),sort:!('@timestamp',desc))"
dis-filter="*"
@ -5,6 +8,7 @@
</kbn-disfull>
</md-content>
<!-- FIM -->
<md-content style="background-color: white" flex layout="column" layout-align="start space-around" ng-if="menuNavItem == 'overview' && submenuNavItem == 'fim' && tabView == 'discover'">
<kbn-disfull table-height="1000px;" dis-a="(columns:!(agent.name,agent.ip,syscheck.event,syscheck.path,syscheck.owner_after,syscheck.gowner_after,syscheck.perm_after),filters:!(),index:'wazuh-alerts-*',interval:auto,query:(query_string:(analyze_wildcard:!t,query:'*')),sort:!('@timestamp',desc))"
dis-filter="rule.groups:syscheck"
@ -12,7 +16,7 @@
</kbn-disfull>
</md-content>
<!-- PM -->
<md-content style="background-color: white" flex layout="column" layout-align="start space-around" ng-if="menuNavItem == 'overview' && submenuNavItem == 'pm' && tabView == 'discover'">
<kbn-disfull table-height="1000px;" dis-a="(columns:!(agent.name,agent.ip,rule.description,title,rule.level,file),filters:!(),index:'wazuh-alerts-*',interval:auto,query:(query_string:(analyze_wildcard:!t,query:'*')),sort:!('@timestamp',desc))"
dis-filter="rule.groups:rootcheck"
@ -20,8 +24,18 @@
</kbn-disfull>
</md-content>
<!-- SCAP -->
<md-content style="background-color: white" flex layout="column" layout-align="start space-around" ng-if="menuNavItem == 'overview' && submenuNavItem == 'oscap' && tabView == 'discover'">
<kbn-disfull table-height="1000px;" dis-a="(columns:!(agent.name,oscap.check.title,oscap.check.result,oscap.check.severity,oscap.scan.id,oscap.scan.content,oscap.scan.profile.title),filters:!(),index:'wazuh-alerts-*',interval:auto,query:(query_string:(analyze_wildcard:!t,query:'*')),sort:!('@timestamp',desc))"
dis-filter='rule.groups:"oscap" AND rule.groups:"oscap-result"'
infinite-scroll="true">
</kbn-disfull>
</md-content>
<!-- Agents discover -->
<!-- General -->
<md-content style="background-color: white" flex layout="column" layout-align="start space-around" ng-if="menuNavItem == 'agents' && submenuNavItem == 'overview' && tabView == 'discover'">
<kbn-disfull table-height="1000px;" dis-a="(columns:!(agent.name,agent.ip,rule.level,rule.description,rule.groups,rule.pci_dss,full_log),filters:!(),index:'wazuh-alerts-*',interval:auto,query:(query_string:(analyze_wildcard:!t,query:'*')),sort:!('@timestamp',desc))"
dis-filter="{{'agent.name:'+_agent.name}}"
@ -29,6 +43,7 @@
</kbn-disfull>
</md-content>
<!-- FIM -->
<md-content style="background-color: white" flex layout="column" layout-align="start space-around" ng-if="menuNavItem == 'agents' && submenuNavItem == 'fim' && tabView == 'discover'">
<kbn-disfull table-height="1000px;" dis-a="(columns:!(agent.name,agent.ip,syscheck.event,syscheck.path,syscheck.owner_after,syscheck.gowner_after,syscheck.perm_after),filters:!(),index:'wazuh-alerts-*',interval:auto,query:(query_string:(analyze_wildcard:!t,query:'*')),sort:!('@timestamp',desc))"
dis-filter="rule.groups:syscheck AND {{'agent.name:'+_agent.name}}"
@ -36,10 +51,18 @@
</kbn-disfull>
</md-content>
<!-- PM -->
<md-content style="background-color: white" flex layout="column" layout-align="start space-around" ng-if="menuNavItem == 'agents' && submenuNavItem == 'policy_monitoring' && tabView == 'discover'">
<kbn-disfull table-height="1000px;" dis-a="(columns:!(agent.name,agent.ip,rule.description,title,rule.level,file),filters:!(),index:'wazuh-alerts-*',interval:auto,query:(query_string:(analyze_wildcard:!t,query:'*')),sort:!('@timestamp',desc))"
dis-filter="rule.groups:rootcheck AND {{'agent.name:'+_agent.name}}"
infinite-scroll="true">
</kbn-disfull>
</md-content>
<!-- SCAP -->
<md-content style="background-color: white" flex layout="column" layout-align="start space-around" ng-if="menuNavItem == 'agents' && submenuNavItem == 'oscap' && tabView == 'discover'">
<kbn-disfull table-height="1000px;" dis-a="(columns:!(agent.name,oscap.check.title,oscap.check.result,oscap.check.severity,oscap.scan.id,oscap.scan.content,oscap.scan.profile.title),filters:!(),index:'wazuh-alerts-*',interval:auto,query:(query_string:(analyze_wildcard:!t,query:'*')),sort:!('@timestamp',desc))"
dis-filter='rule.groups:"oscap" AND rule.groups:"oscap-result" AND {{'agent.name:'+_agent.name}}'
infinite-scroll="true">
</kbn-disfull>
</md-content>

158
public/templates/test.html
View File

@ -1,161 +1,3 @@
<div ng-controller="testController">
<button ng-click="AgentName = 'localCentos'">localCentos</button>
<button ng-click="AgentName = 'snaowPC'">localPC</button>
<kbn-searchbar></kbn-searchbar>
<md-content layout="row" layout-align="center stretch">
<md-card flex="20" layout="column">
<md-card-content style="text-align: center;">
<kbn-vis-value vis-height="37px" vis-index-pattern="wazuh-alerts-*" vis-a="(filters:!(),linked:!f,query:(query_string:(analyze_wildcard:!t,query:'*')),uiState:(vis:(params:(sort:(columnIndex:!n,direction:!n)))),vis:(aggs:!((enabled:!t,id:'1',params:(field:'@timestamp'),schema:metric,type:max),(enabled:!t,id:'2',params:(field:oscap.scan.score,order:desc,orderBy:'1',size:1),schema:bucket,type:terms)),listeners:(),params:(perPage:1,showMeticsAtAllLevels:!f,showPartialRows:!f,showTotal:!f,sort:(columnIndex:!n,direction:!n),totalFunc:sum),title:'New%20Visualization',type:table))" vis-filter="*"></kbn-vis-value>
<div class="ng-binding">Last score</div>
</md-card-content>
</md-card>
<md-card flex="40" layout="column">
<md-card-content style="text-align: center;">
<kbn-vis-value vis-height="37px" vis-index-pattern="wazuh-alerts-*" vis-a="(filters:!(),linked:!f,query:(query_string:(analyze_wildcard:!t,query:'*')),uiState:(vis:(params:(sort:(columnIndex:!n,direction:!n)))),vis:(aggs:!((enabled:!t,id:'1',params:(field:'@timestamp'),schema:metric,type:max),(enabled:!t,id:'2',params:(field:agent.name,order:desc,orderBy:'1',size:1),schema:bucket,type:terms)),listeners:(),params:(perPage:1,showMeticsAtAllLevels:!f,showPartialRows:!f,showTotal:!f,sort:(columnIndex:!n,direction:!n),totalFunc:sum),title:'New%20Visualization',type:table))" vis-filter="oscap.check.result: fail AND rule.groups:oscap"></kbn-vis-value>
<div class="ng-binding">Last agent scanned</div>
</md-card-content>
</md-card>
<md-card flex="40" layout="column">
<md-card-content style="text-align: center;">
<kbn-vis-value vis-height="37px" vis-index-pattern="wazuh-alerts-*" vis-a="(filters:!(),linked:!f,query:(query_string:(analyze_wildcard:!t,query:'*')),uiState:(vis:(params:(sort:(columnIndex:!n,direction:!n)))),vis:(aggs:!((enabled:!t,id:'1',params:(field:'@timestamp'),schema:metric,type:max),(enabled:!t,id:'2',params:(field:oscap.scan.profile.title,order:desc,orderBy:'1',size:1),schema:bucket,type:terms)),listeners:(),params:(perPage:1,showMeticsAtAllLevels:!f,showPartialRows:!f,showTotal:!f,sort:(columnIndex:!n,direction:!n),totalFunc:sum),title:'New%20Visualization',type:table))" vis-filter="oscap.check.result: fail AND rule.groups: oscap "></kbn-vis-value>
<div class="ng-binding">Last scan profile</div>
</md-card-content>
</md-card>
</md-content>
<md-content layout="row" layout-align="center stretch">
<md-card flex="25">
<md-card-title>
<md-card-title-text>
<span class="md-headline">Agents</span>
</md-card-title-text>
</md-card-title>
<md-card-content>
<kbn-vis vis-height="154px" vis-index-pattern="wazuh-alerts-*" vis-a="(filters:!(),linked:!f,query:(query_string:(analyze_wildcard:!t,query:'*')),uiState:(),vis:(aggs:!((enabled:!t,id:'1',params:(),schema:metric,type:count),(enabled:!t,id:'2',params:(field:agent.name,order:desc,orderBy:'1',size:10000),schema:segment,type:terms)),listeners:(),params:(addLegend:!t,addTooltip:!t,isDonut:!t,legendPosition:right,shareYAxis:!t),title:'OSCAP%20Agents',type:pie))"
vis-filter="oscap.check.result: fail AND rule.groups: oscap AND NOT rule.groups: syslog ">
</kbn-vis>
</md-card-content>
</md-card>
<md-card flex="25">
<md-card-title>
<md-card-title-text>
<span class="md-headline">Profiles</span>
</md-card-title-text>
</md-card-title>
<md-card-content>
<kbn-vis vis-height="154px" vis-index-pattern="wazuh-alerts-*" vis-a="(filters:!(),linked:!f,query:(query_string:(analyze_wildcard:!t,query:'*')),uiState:(),vis:(aggs:!((enabled:!t,id:'1',params:(),schema:metric,type:count),(enabled:!t,id:'3',params:(field:oscap.scan.profile.title,order:desc,orderBy:'1',size:10000),schema:segment,type:terms)),listeners:(),params:(addLegend:!t,addTooltip:!t,isDonut:!t,legendPosition:right,shareYAxis:!t),title:'OSCAP%20Profiles',type:pie))"
vis-filter="oscap.check.result: fail AND rule.groups:oscap AND NOT rule.groups: syslog">
</kbn-vis>
</md-card-content>
</md-card>
<md-card flex="25">
<md-card-title>
<md-card-title-text>
<span class="md-headline">Content</span>
</md-card-title-text>
</md-card-title>
<md-card-content>
<kbn-vis vis-height="154px" vis-index-pattern="wazuh-alerts-*" vis-a="(filters:!(),linked:!f,query:(query_string:(analyze_wildcard:!t,query:'*')),uiState:(),vis:(aggs:!((enabled:!t,id:'1',params:(),schema:metric,type:count),(enabled:!t,id:'2',params:(field:oscap.scan.content,order:desc,orderBy:'1',size:10000),schema:segment,type:terms)),listeners:(),params:(addLegend:!t,addTooltip:!t,isDonut:!t,legendPosition:right,shareYAxis:!t),title:'OSCAP%20Content',type:pie))"
vis-filter="oscap.check.result: fail AND rule.groups:oscap AND NOT rule.groups: syslog">
</kbn-vis>
</md-card-content>
</md-card>
<md-card flex="25">
<md-card-title>
<md-card-title-text>
<span class="md-headline">Severity</span>
</md-card-title-text>
</md-card-title>
<md-card-content>
<kbn-vis vis-height="154px" vis-index-pattern="wazuh-alerts-*" vis-a="(filters:!(),linked:!f,query:(query_string:(analyze_wildcard:!t,query:'*')),uiState:(),vis:(aggs:!((enabled:!t,id:'1',params:(),schema:metric,type:count),(enabled:!t,id:'2',params:(field:oscap.check.severity,order:desc,orderBy:'1',size:10000),schema:segment,type:terms)),listeners:(),params:(addLegend:!t,addTooltip:!t,isDonut:!t,legendPosition:right,shareYAxis:!t),title:'OSCAP%20Content',type:pie))"
vis-filter="oscap.check.result: fail AND rule.groups:oscap AND NOT rule.groups: syslog">
</kbn-vis>
</md-card-content>
</md-card>
</md-content>
<md-content layout="row" layout-align="center stretch">
<md-card flex="100">
<md-card-title>
<md-card-title-text>
<span class="md-headline">Top 5 Agents - Alerts severity high</span>
</md-card-title-text>
</md-card-title>
<md-card-content>
<kbn-vis vis-height="154px" vis-index-pattern="wazuh-alerts-*" vis-a="(filters:!(),linked:!f,query:(query_string:(analyze_wildcard:!t,query:'*')),uiState:(vis:(legendOpen:!f)),vis:(aggs:!((enabled:!t,id:'1',params:(),schema:metric,type:count),(enabled:!t,id:'2',params:(field:agent.name,order:desc,orderBy:'1',size:5),schema:segment,type:terms)),listeners:(),params:(addLegend:!t,addTimeMarker:!f,addTooltip:!t,defaultYExtents:!f,legendPosition:right,mode:stacked,scale:linear,setYExtents:!f,shareYAxis:!t,times:!(),yAxis:()),title:'New%20Visualization',type:histogram))"
vis-filter="rule.groups: oscap AND oscap.check.severity: high">
</kbn-vis>
</md-card-content>
</md-card>
</md-content>
<md-content layout="row" layout-align="center stretch">
<md-card flex="50">
<md-card-title>
<md-card-title-text>
<span class="md-headline">Top 15 - Alerts</span>
</md-card-title-text>
</md-card-title>
<md-card-content>
<kbn-vis class="vis-expand-leyend" vis-height="250px" vis-index-pattern="wazuh-alerts-*" vis-a="(filters:!(),linked:!f,query:(query_string:(analyze_wildcard:!t,query:'*')),uiState:(),vis:(aggs:!((enabled:!t,id:'1',params:(),schema:metric,type:count),(enabled:!t,id:'2',params:(field:oscap.check.title,order:desc,orderBy:'1',size:15),schema:segment,type:terms)),listeners:(),params:(addLegend:!t,addTooltip:!t,isDonut:!f,legendPosition:right,shareYAxis:!t),title:'OSCAP%20Top%2020%20failed%20checks',type:pie))"
vis-filter="oscap.check.result: fail AND rule.groups:oscap AND rule.groups: oscap-result AND oscap.check.result:fail">
</kbn-vis>
</md-card-content>
</md-card>
<md-card flex="50">
<md-card-title>
<md-card-title-text>
<span class="md-headline">Top 15 - High risk alerts</span>
</md-card-title-text>
</md-card-title>
<md-card-content>
<kbn-vis class="vis-expand-leyend" vis-height="250px" vis-index-pattern="wazuh-alerts-*" vis-a="(filters:!(),linked:!f,query:(query_string:(analyze_wildcard:!t,query:'*')),uiState:(),vis:(aggs:!((enabled:!t,id:'1',params:(),schema:metric,type:count),(enabled:!t,id:'2',params:(field:oscap.check.title,order:desc,orderBy:'1',size:15),schema:segment,type:terms)),listeners:(),params:(addLegend:!t,addTooltip:!t,isDonut:!f,legendPosition:right,shareYAxis:!t),title:'OSCAP%20Top%2020%20failed%20checks',type:pie))"
vis-filter="oscap.check.severity: high AND oscap.check.result: fail AND rule.groups:oscap AND rule.groups: oscap-result AND oscap.check.result:fail">
</kbn-vis>
</md-card-content>
</md-card>
</md-content>
<md-content layout="row" layout-align="center stretch" >
<md-card flex="20" layout="column">
<md-card-content style="text-align: center;">
<kbn-vis vis-height="70px" vis-index-pattern="wazuh-alerts-*" vis-a="(filters:!(),linked:!f,query:(query_string:(analyze_wildcard:!t,query:'*')),uiState:(),vis:(aggs:!((enabled:!t,id:'1',params:(field:oscap.scan.score,customLabel:'Higher score'),schema:metric,type:max)),listeners:(),params:(fontSize:20,handleNoResults:!t),title:'New%20Visualization',type:metric))" vis-filter="*"></kbn-vis>
</md-card-content>
</md-card>
<md-card flex="20" layout="column">
<md-card-content style="text-align: center;">
<kbn-vis vis-height="70px" vis-index-pattern="wazuh-alerts-*" vis-a="(filters:!(),linked:!f,query:(query_string:(analyze_wildcard:!t,query:'*')),uiState:(),vis:(aggs:!((enabled:!t,id:'1',params:(field:oscap.scan.score,customLabel:'Lower score'),schema:metric,type:min)),listeners:(),params:(fontSize:20,handleNoResults:!t),title:'New%20Visualization',type:metric))" vis-filter="*"></kbn-vis>
</md-card-content>
</md-card>
<md-card flex="60" layout="column">
<md-card-content style="text-align: center;">
<kbn-vis-value vis-height="44px" vis-index-pattern="wazuh-alerts-*" vis-a="(filters:!(),linked:!f,query:(query_string:(analyze_wildcard:!t,query:'*')),uiState:(vis:(params:(sort:(columnIndex:!n,direction:!n)))),vis:(aggs:!((enabled:!t,id:'1',params:(field:'@timestamp'),schema:metric,type:max),(enabled:!t,id:'2',params:(field:oscap.check.title,order:desc,orderBy:'1',size:1),schema:bucket,type:terms)),listeners:(),params:(perPage:1,showMeticsAtAllLevels:!f,showPartialRows:!f,showTotal:!f,sort:(columnIndex:!n,direction:!n),totalFunc:sum),title:'New%20Visualization',type:table))" vis-filter="oscap.check.result: fail AND rule.groups:oscap"></kbn-vis-value>
<div class="ng-binding">Latest alert</div>
</md-card-content>
</md-card>
</md-content>
<md-content layout-align="center stretch">
<md-card flex>
<md-card-title>
<md-card-title-text>
<span class="md-headline">Last alerts</span>
</md-card-title-text>
</md-card-title>
<md-card-content>
<kbn-vis vis-height="460px" vis-index-pattern="wazuh-alerts-*" vis-a="(filters:!(),linked:!f,query:(query_string:(analyze_wildcard:!t,query:'*')),uiState:(vis:(params:(sort:(columnIndex:!n,direction:!n)))),vis:(aggs:!((enabled:!t,id:'1',params:(),schema:metric,type:count),(enabled:!t,id:'2',params:(customLabel:'Agent name',field:agent.name,order:desc,orderBy:'1',size:99999),schema:bucket,type:terms),(enabled:!t,id:'3',params:(customLabel:Title,field:oscap.check.title,order:desc,orderBy:'1',size:999999999),schema:bucket,type:terms),(enabled:!t,id:'4',params:(customLabel:Profile,field:oscap.scan.profile.title,order:desc,orderBy:'1',size:999999999),schema:bucket,type:terms),(enabled:!t,id:'5',params:(customLabel:'Scan ID',field:oscap.scan.id,order:desc,orderBy:'1',size:999999999),schema:bucket,type:terms),(enabled:!t,id:'6',params:(customLabel:Content,field:oscap.scan.content,order:desc,orderBy:'1',size:5),schema:bucket,type:terms)),listeners:(),params:(perPage:10,showMeticsAtAllLevels:!f,showPartialRows:!f,showTotal:!f,sort:(columnIndex:!n,direction:!n),totalFunc:sum),title:'New%20Visualization',type:table))"
vis-filter='oscap.check.result: fail AND rule.groups: oscap'>
</kbn-vis>
</md-card-content>
</md-card>
</md-content>
</div>

6
server/routes/wazuh-elastic.js
View File

@ -208,13 +208,13 @@ module.exports = function (server, options) {
});
/*
* GET /api/wazuh-elastic/top/{manager}/{field}/{time}/{fieldFilter}/{fieldValue}
* GET /api/wazuh-elastic/top/{manager}/{field}/{fieldFilter}/{fieldValue}/{time?}
* Returns the agent with most alerts
*
**/
server.route({
method: 'GET',
path: '/api/wazuh-elastic/top/{manager}/{field}/{time}/{fieldFilter}/{fieldValue}',
path: '/api/wazuh-elastic/top/{manager}/{field}/{fieldFilter}/{fieldValue}/{time?}',
handler: getFieldTop
});
@ -242,7 +242,7 @@ module.exports = function (server, options) {
});
/*
* PUT /api/wazuh-elastic/wazuh-pattern
* Return last field value
* Set wazuh index pattern
*
**/
server.route({