Merge branch '4.10.0' into enhancement/7088-redesign-stats-page-to-us…

…e-tabs
wazuh · Oct 14, 2024 · c06deb9 · c06deb9
2 parents 43b3035 + f929855
commit c06deb9
Show file tree

Hide file tree

Showing 26 changed files with 594 additions and 2,181 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -23,19 +23,22 @@ All notable changes to the Wazuh app project will be documented in this file.
 - Changed the agents summary in overview with no results to an agent deployment help message. [#7041](https://github.com/wazuh/wazuh-dashboard-plugins/pull/7041)
 - Changed malware feature description [#7036](https://github.com/wazuh/wazuh-dashboard-plugins/pull/7036)
 - Changed the font size of the kpi subtitles and the features descriptions [#7033](https://github.com/wazuh/wazuh-dashboard-plugins/pull/7033)
+- Changed feature container margins to ensure consistent separation and uniform design. [#7034](https://github.com/wazuh/wazuh-dashboard-plugins/pull/7034)
 - Changed stats page to use tabs [#7089](https://github.com/wazuh/wazuh-dashboard-plugins/pull/7089)
 
 ### Fixed
 
 - Fixed read-only users could not access to Statistics application [#7001](https://github.com/wazuh/wazuh-dashboard-plugins/pull/7001)
 - Fixed no-agent-alert spawn with selected agent in agent-welcome view [#7029](https://github.com/wazuh/wazuh-dashboard-plugins/pull/7029)
 - Fixed security policy exception when it contained deprecated actions [#7042](https://github.com/wazuh/wazuh-dashboard-plugins/pull/7042)
-- Fix export formatted csv data with special characters from tables [#7048](https://github.com/wazuh/wazuh-dashboard-plugins/pull/7048)
+- Fixed export formatted csv data with special characters from tables [#7048](https://github.com/wazuh/wazuh-dashboard-plugins/pull/7048)
+- Fixed column reordering feature [#7072](https://github.com/wazuh/wazuh-dashboard-plugins/pull/7072)
 
 ### Removed
 
 - Removed agent RBAC filters from dashboard queries [#6945](https://github.com/wazuh/wazuh-dashboard-plugins/pull/6945)
 - Removed GET /elastic/statistics API endpoint [#7001](https://github.com/wazuh/wazuh-dashboard-plugins/pull/7001)
+- Removed VirusTotal application in favor of Malware Detection [#7038](https://github.com/wazuh/wazuh-dashboard-plugins/pull/7038)
 
 ## Wazuh v4.9.1 - OpenSearch Dashboards 2.13.0 - Revision 03
 

diff --git a/plugins/main/common/constants.ts b/plugins/main/common/constants.ts
@@ -81,11 +81,11 @@ export const WAZUH_SAMPLE_ALERTS_CATEGORIES_TYPE_ALERTS = {
     { audit: true },
     { openscap: true },
     { ciscat: true },
+    { virustotal: true },
     { yara: true },
   ],
   [WAZUH_SAMPLE_ALERTS_CATEGORY_THREAT_DETECTION]: [
     { vulnerabilities: true },
-    { virustotal: true },
     { osquery: true },
     { docker: true },
     { mitre: true },
@@ -243,8 +243,6 @@ export const DATA_SOURCE_FILTER_CONTROLLED_MITRE_ATTACK_RULE =
   'mitre-attack-rule';
 export const DATA_SOURCE_FILTER_CONTROLLED_MITRE_ATTACK_RULE_ID =
   'hidden-mitre-attack-rule-id';
-export const DATA_SOURCE_FILTER_CONTROLLED_VIRUSTOTAL_RULE_GROUP =
-  'virustotal-rule-group';
 export const DATA_SOURCE_FILTER_CONTROLLED_GOOGLE_CLOUD_RULE_GROUP =
   'gcp-rule-group';
 export const DATA_SOURCE_FILTER_CONTROLLED_MALWARE_DETECTION_RULE_GROUP =

diff --git a/plugins/main/common/wazuh-modules.ts b/plugins/main/common/wazuh-modules.ts
@@ -99,12 +99,6 @@ export const WAZUH_MODULES = {
     description:
       'Security events related to your Google Cloud Platform services, collected directly via GCP API.', // TODO GCP
   },
-  virustotal: {
-    title: 'VirusTotal',
-    appId: 'virustotal',
-    description:
-      'Alerts resulting from VirusTotal analysis of suspicious files via an integration with their API.',
-  },
   mitre: {
     title: 'MITRE ATT&CK',
     appId: 'mitre-attack',

diff --git a/plugins/main/public/components/add-modules-data/sample-data.tsx b/plugins/main/public/components/add-modules-data/sample-data.tsx
@@ -37,7 +37,6 @@ import {
   malwareDetection,
   mitreAttack,
   office365,
-  virustotal,
   vulnerabilityDetection,
 } from '../../utils/applications';
 
@@ -47,14 +46,18 @@ const sampleSecurityInformationApplication = [
   office365.title,
   googleCloud.title,
   github.title,
-];
+  'authorization',
+  'ssh',
+  'web',
+].join(', ');
 
 const sampleThreatDetectionApplication = [
   vulnerabilityDetection.title,
-  virustotal.title,
   docker.title,
   mitreAttack.title,
-];
+].join(', ');
+
+const sampleMalwareDetection = ['malware', 'VirusTotal', 'YARA'].join(', ');
 
 export default class WzSampleData extends Component {
   categories: {
@@ -77,23 +80,19 @@ export default class WzSampleData extends Component {
     this.categories = [
       {
         title: 'Sample security information',
-        description: `Sample data, visualizations and dashboards for security information (${sampleSecurityInformationApplication.join(
-          ', ',
-        )}, authorization, ssh, web).`,
+        description: `Sample data, visualizations and dashboards for security information (${sampleSecurityInformationApplication}).`,
         image: '',
         categorySampleAlertsIndex: 'security',
       },
       {
         title: `Sample ${malwareDetection.title}`,
-        description: `Sample data, visualizations and dashboards for events of ${malwareDetection.title} (${malwareDetection.title}).`,
+        description: `Sample data, visualizations and dashboards for events of ${malwareDetection.title} (${sampleMalwareDetection}).`,
         image: '',
         categorySampleAlertsIndex: 'auditing-policy-monitoring',
       },
       {
         title: 'Sample threat detection and response',
-        description: `Sample data, visualizations and dashboards for threat events of detection and response (${sampleThreatDetectionApplication.join(
-          ', ',
-        )}).`,
+        description: `Sample data, visualizations and dashboards for threat events of detection and response (${sampleThreatDetectionApplication}).`,
         image: '',
         categorySampleAlertsIndex: 'threat-detection',
       },

diff --git a/plugins/main/public/components/common/data-grid/use-data-grid.tsx b/plugins/main/public/components/common/data-grid/use-data-grid.tsx
@@ -65,23 +65,23 @@ export const useDataGrid = (props: tDataGridProps): EuiDataGridProps => {
     indexPattern,
     DocViewInspectButton,
     results,
-    defaultColumns: columns,
+    defaultColumns,
     renderColumns,
     useDefaultPagination = false,
     pagination: paginationProps = {},
     filters = [],
     setFilters = () => {},
   } = props;
-  const [columnVisibility, setVisibility] = useState(() =>
-    columns.map(({ id }) => id),
+  const [visibleColumns, setVisibleColumns] = useState<string[]>(() =>
+    defaultColumns.map(({ id }) => id),
   );
   /** Rows */
   const [rows, setRows] = useState<any[]>([]);
   const rowCount = results ? (results?.hits?.total as number) : 0;
   /** Sorting **/
   // get default sorting from default columns
   const getDefaultSorting = () => {
-    const defaultSort = columns.find(
+    const defaultSort = defaultColumns.find(
       column => column.isSortable || column.defaultSortDirection,
     );
     return defaultSort
@@ -110,6 +110,53 @@ export const useDataGrid = (props: tDataGridProps): EuiDataGridProps => {
         },
   );
 
+  const sortFirstMatchedColumns = (
+    firstMatchedColumns: tDataGridColumn[],
+    visibleColumnsOrdered: string[],
+  ) => {
+    firstMatchedColumns.sort(
+      (a, b) =>
+        visibleColumnsOrdered.indexOf(a.id) -
+        visibleColumnsOrdered.indexOf(b.id),
+    );
+    return firstMatchedColumns;
+  };
+
+  const orderFirstMatchedColumns = (
+    columns: tDataGridColumn[],
+    visibleColumnsOrdered: string[],
+  ) => {
+    const firstMatchedColumns: tDataGridColumn[] = [];
+    const nonMatchedColumns: tDataGridColumn[] = [];
+    const visibleColumnsSet = new Set(visibleColumnsOrdered);
+
+    for (let i = 0; i < columns.length; i++) {
+      const column = columns[i];
+      if (visibleColumnsSet.has(column.id)) {
+        firstMatchedColumns.push(column);
+      } else {
+        nonMatchedColumns.push(column);
+      }
+    }
+
+    return [
+      ...sortFirstMatchedColumns(firstMatchedColumns, visibleColumnsOrdered),
+      ...nonMatchedColumns,
+    ];
+  };
+
+  const getColumns = useMemo(() => {
+    return parseColumns(
+      indexPattern?.fields || [],
+      defaultColumns,
+      indexPattern,
+      rows,
+      pagination.pageSize,
+      filters,
+      setFilters,
+    );
+  }, [indexPattern, rows, pagination.pageSize, filters, setFilters]);
+
   const onChangeItemsPerPage = useMemo(
     () => (pageSize: number) =>
       setPagination(pagination => ({
@@ -149,7 +196,7 @@ export const useDataGrid = (props: tDataGridProps): EuiDataGridProps => {
         rowsParsed,
       );
       // check if column have render method initialized
-      const column = columns.find(column => column.id === columnId);
+      const column = defaultColumns.find(column => column.id === columnId);
       if (column && column.render) {
         return column.render(fieldFormatted, rowsParsed[relativeRowIndex]);
       }
@@ -198,53 +245,16 @@ export const useDataGrid = (props: tDataGridProps): EuiDataGridProps => {
     ];
   }, [results]);
 
-  const filterColumns = () => {
-    const allColumns = parseColumns(
-      indexPattern?.fields || [],
-      columns,
-      indexPattern,
-      rows,
-      pagination.pageSize,
-      filters,
-      setFilters,
-    );
-    const columnMatch = [];
-    const columnNonMatch = [];
-
-    for (const item of allColumns) {
-      if (columnVisibility.includes(item.name)) {
-        columnMatch.push(item);
-      } else {
-        columnNonMatch.push(item);
-      }
-    }
-
-    return [...columnMatch, ...columnNonMatch];
-  };
-
-  const defaultColumnsPosition = (columnsVisibility, defaultColumns) => {
-    const defaults = defaultColumns
-      .map(item => item.id)
-      .filter(id => columnsVisibility.includes(id));
-
-    const nonDefaults = columnsVisibility.filter(
-      item => !defaultColumns.map(item => item.id).includes(item),
-    );
-
-    return [...defaults, ...nonDefaults];
-  };
-
   return {
     'aria-labelledby': props.ariaLabelledBy,
-    columns: filterColumns(),
+    columns: orderFirstMatchedColumns(getColumns, visibleColumns),
     columnVisibility: {
-      visibleColumns: defaultColumnsPosition(columnVisibility, columns),
-      setVisibleColumns: setVisibility,
+      visibleColumns,
+      setVisibleColumns,
     },
     renderCellValue: renderCellValue,
     leadingControlColumns: leadingControlColumns,
-    rowCount:
-      rowCount < MAX_ENTRIES_PER_QUERY ? rowCount : MAX_ENTRIES_PER_QUERY,
+    rowCount: Math.min(rowCount, MAX_ENTRIES_PER_QUERY),
     sorting: { columns: sortingColumns, onSort },
     pagination: {
       ...pagination,

diff --git a/plugins/main/public/components/common/data-source/pattern/alerts/index.ts b/plugins/main/public/components/common/data-source/pattern/alerts/index.ts
@@ -8,7 +8,6 @@ export * from './docker';
 export * from './malware-detection';
 export * from './vulnerabilities';
 export * from './hipaa';
-export * from './virustotal';
 export * from './nist-800-53';
 export * from './mitre-attack';
 export * from './pci-dss';

diff --git a/plugins/main/public/components/common/data-source/pattern/alerts/virustotal/index.ts b/plugins/main/public/components/common/data-source/pattern/alerts/virustotal/index.ts
diff --git a/.../public/components/common/data-source/pattern/alerts/virustotal/virustotal-data-source.ts b/.../public/components/common/data-source/pattern/alerts/virustotal/virustotal-data-source.ts
diff --git a/plugins/main/public/components/common/modules/modules-defaults.tsx b/plugins/main/public/components/common/modules/modules-defaults.tsx
@@ -38,7 +38,6 @@ import { gdprColumns } from '../../overview/gdpr/events/gdpr-columns';
 import { tscColumns } from '../../overview/tsc/events/tsc-columns';
 import { githubColumns } from '../../overview/github/events/github-columns';
 import { mitreAttackColumns } from '../../overview/mitre/events/mitre-attack-columns';
-import { virustotalColumns } from '../../overview/virustotal/events/virustotal-columns';
 import { malwareDetectionColumns } from '../../overview/malware-detection/events/malware-detection-columns';
 import { WAZUH_VULNERABILITIES_PATTERN } from '../../../../common/constants';
 import {
@@ -55,7 +54,6 @@ import {
   DashboardAWS,
   DashboardOffice365,
   DashboardThreatHunting,
-  DashboardVirustotal,
   DashboardGoogleCloud,
   DashboardVuls,
   InventoryVuls,
@@ -64,7 +62,6 @@ import {
   DockerDataSource,
   AlertsVulnerabilitiesDataSource,
   AWSDataSource,
-  VirusTotalDataSource,
   FIMDataSource,
   GitHubDataSource,
   MalwareDetectionDataSource,
@@ -311,21 +308,6 @@ export const ModulesDefaults = {
     ],
     availableFor: ['manager', 'agent'],
   },
-  virustotal: {
-    tabs: [
-      {
-        id: 'dashboard',
-        name: 'Dashboard',
-        buttons: [ButtonExploreAgent, ButtonModuleGenerateReport],
-        component: DashboardVirustotal,
-      },
-      renderDiscoverTab({
-        tableColumns: virustotalColumns,
-        DataSource: VirusTotalDataSource,
-      }),
-    ],
-    availableFor: ['manager', 'agent'],
-  },
   docker: {
     init: 'dashboard',
     tabs: [