diff --git a/CHANGELOG.md b/CHANGELOG.md
index e18a1815bb..771fec8f0b 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -23,6 +23,7 @@ All notable changes to the Wazuh app project will be documented in this file.
- Changed the agents summary in overview with no results to an agent deployment help message. [#7041](https://github.com/wazuh/wazuh-dashboard-plugins/pull/7041)
- Changed malware feature description [#7036](https://github.com/wazuh/wazuh-dashboard-plugins/pull/7036)
- Changed the font size of the kpi subtitles and the features descriptions [#7033](https://github.com/wazuh/wazuh-dashboard-plugins/pull/7033)
+- Changed feature container margins to ensure consistent separation and uniform design. [#7034](https://github.com/wazuh/wazuh-dashboard-plugins/pull/7034)
- Changed stats page to use tabs [#7089](https://github.com/wazuh/wazuh-dashboard-plugins/pull/7089)
### Fixed
@@ -30,12 +31,14 @@ All notable changes to the Wazuh app project will be documented in this file.
- Fixed read-only users could not access to Statistics application [#7001](https://github.com/wazuh/wazuh-dashboard-plugins/pull/7001)
- Fixed no-agent-alert spawn with selected agent in agent-welcome view [#7029](https://github.com/wazuh/wazuh-dashboard-plugins/pull/7029)
- Fixed security policy exception when it contained deprecated actions [#7042](https://github.com/wazuh/wazuh-dashboard-plugins/pull/7042)
-- Fix export formatted csv data with special characters from tables [#7048](https://github.com/wazuh/wazuh-dashboard-plugins/pull/7048)
+- Fixed export formatted csv data with special characters from tables [#7048](https://github.com/wazuh/wazuh-dashboard-plugins/pull/7048)
+- Fixed column reordering feature [#7072](https://github.com/wazuh/wazuh-dashboard-plugins/pull/7072)
### Removed
- Removed agent RBAC filters from dashboard queries [#6945](https://github.com/wazuh/wazuh-dashboard-plugins/pull/6945)
- Removed GET /elastic/statistics API endpoint [#7001](https://github.com/wazuh/wazuh-dashboard-plugins/pull/7001)
+- Removed VirusTotal application in favor of Malware Detection [#7038](https://github.com/wazuh/wazuh-dashboard-plugins/pull/7038)
## Wazuh v4.9.1 - OpenSearch Dashboards 2.13.0 - Revision 03
diff --git a/plugins/main/common/constants.ts b/plugins/main/common/constants.ts
index 9442a5b76f..40ef55817b 100644
--- a/plugins/main/common/constants.ts
+++ b/plugins/main/common/constants.ts
@@ -81,11 +81,11 @@ export const WAZUH_SAMPLE_ALERTS_CATEGORIES_TYPE_ALERTS = {
{ audit: true },
{ openscap: true },
{ ciscat: true },
+ { virustotal: true },
{ yara: true },
],
[WAZUH_SAMPLE_ALERTS_CATEGORY_THREAT_DETECTION]: [
{ vulnerabilities: true },
- { virustotal: true },
{ osquery: true },
{ docker: true },
{ mitre: true },
@@ -243,8 +243,6 @@ export const DATA_SOURCE_FILTER_CONTROLLED_MITRE_ATTACK_RULE =
'mitre-attack-rule';
export const DATA_SOURCE_FILTER_CONTROLLED_MITRE_ATTACK_RULE_ID =
'hidden-mitre-attack-rule-id';
-export const DATA_SOURCE_FILTER_CONTROLLED_VIRUSTOTAL_RULE_GROUP =
- 'virustotal-rule-group';
export const DATA_SOURCE_FILTER_CONTROLLED_GOOGLE_CLOUD_RULE_GROUP =
'gcp-rule-group';
export const DATA_SOURCE_FILTER_CONTROLLED_MALWARE_DETECTION_RULE_GROUP =
diff --git a/plugins/main/common/wazuh-modules.ts b/plugins/main/common/wazuh-modules.ts
index 82eb87c3bf..f251c03f0d 100644
--- a/plugins/main/common/wazuh-modules.ts
+++ b/plugins/main/common/wazuh-modules.ts
@@ -99,12 +99,6 @@ export const WAZUH_MODULES = {
description:
'Security events related to your Google Cloud Platform services, collected directly via GCP API.', // TODO GCP
},
- virustotal: {
- title: 'VirusTotal',
- appId: 'virustotal',
- description:
- 'Alerts resulting from VirusTotal analysis of suspicious files via an integration with their API.',
- },
mitre: {
title: 'MITRE ATT&CK',
appId: 'mitre-attack',
diff --git a/plugins/main/public/components/add-modules-data/sample-data.tsx b/plugins/main/public/components/add-modules-data/sample-data.tsx
index ee7ab442ca..d3c33250af 100644
--- a/plugins/main/public/components/add-modules-data/sample-data.tsx
+++ b/plugins/main/public/components/add-modules-data/sample-data.tsx
@@ -37,7 +37,6 @@ import {
malwareDetection,
mitreAttack,
office365,
- virustotal,
vulnerabilityDetection,
} from '../../utils/applications';
@@ -47,14 +46,18 @@ const sampleSecurityInformationApplication = [
office365.title,
googleCloud.title,
github.title,
-];
+ 'authorization',
+ 'ssh',
+ 'web',
+].join(', ');
const sampleThreatDetectionApplication = [
vulnerabilityDetection.title,
- virustotal.title,
docker.title,
mitreAttack.title,
-];
+].join(', ');
+
+const sampleMalwareDetection = ['malware', 'VirusTotal', 'YARA'].join(', ');
export default class WzSampleData extends Component {
categories: {
@@ -77,23 +80,19 @@ export default class WzSampleData extends Component {
this.categories = [
{
title: 'Sample security information',
- description: `Sample data, visualizations and dashboards for security information (${sampleSecurityInformationApplication.join(
- ', ',
- )}, authorization, ssh, web).`,
+ description: `Sample data, visualizations and dashboards for security information (${sampleSecurityInformationApplication}).`,
image: '',
categorySampleAlertsIndex: 'security',
},
{
title: `Sample ${malwareDetection.title}`,
- description: `Sample data, visualizations and dashboards for events of ${malwareDetection.title} (${malwareDetection.title}).`,
+ description: `Sample data, visualizations and dashboards for events of ${malwareDetection.title} (${sampleMalwareDetection}).`,
image: '',
categorySampleAlertsIndex: 'auditing-policy-monitoring',
},
{
title: 'Sample threat detection and response',
- description: `Sample data, visualizations and dashboards for threat events of detection and response (${sampleThreatDetectionApplication.join(
- ', ',
- )}).`,
+ description: `Sample data, visualizations and dashboards for threat events of detection and response (${sampleThreatDetectionApplication}).`,
image: '',
categorySampleAlertsIndex: 'threat-detection',
},
diff --git a/plugins/main/public/components/common/data-grid/use-data-grid.tsx b/plugins/main/public/components/common/data-grid/use-data-grid.tsx
index ebc58594da..babf9cb790 100644
--- a/plugins/main/public/components/common/data-grid/use-data-grid.tsx
+++ b/plugins/main/public/components/common/data-grid/use-data-grid.tsx
@@ -65,15 +65,15 @@ export const useDataGrid = (props: tDataGridProps): EuiDataGridProps => {
indexPattern,
DocViewInspectButton,
results,
- defaultColumns: columns,
+ defaultColumns,
renderColumns,
useDefaultPagination = false,
pagination: paginationProps = {},
filters = [],
setFilters = () => {},
} = props;
- const [columnVisibility, setVisibility] = useState(() =>
- columns.map(({ id }) => id),
+ const [visibleColumns, setVisibleColumns] = useState(() =>
+ defaultColumns.map(({ id }) => id),
);
/** Rows */
const [rows, setRows] = useState([]);
@@ -81,7 +81,7 @@ export const useDataGrid = (props: tDataGridProps): EuiDataGridProps => {
/** Sorting **/
// get default sorting from default columns
const getDefaultSorting = () => {
- const defaultSort = columns.find(
+ const defaultSort = defaultColumns.find(
column => column.isSortable || column.defaultSortDirection,
);
return defaultSort
@@ -110,6 +110,53 @@ export const useDataGrid = (props: tDataGridProps): EuiDataGridProps => {
},
);
+ const sortFirstMatchedColumns = (
+ firstMatchedColumns: tDataGridColumn[],
+ visibleColumnsOrdered: string[],
+ ) => {
+ firstMatchedColumns.sort(
+ (a, b) =>
+ visibleColumnsOrdered.indexOf(a.id) -
+ visibleColumnsOrdered.indexOf(b.id),
+ );
+ return firstMatchedColumns;
+ };
+
+ const orderFirstMatchedColumns = (
+ columns: tDataGridColumn[],
+ visibleColumnsOrdered: string[],
+ ) => {
+ const firstMatchedColumns: tDataGridColumn[] = [];
+ const nonMatchedColumns: tDataGridColumn[] = [];
+ const visibleColumnsSet = new Set(visibleColumnsOrdered);
+
+ for (let i = 0; i < columns.length; i++) {
+ const column = columns[i];
+ if (visibleColumnsSet.has(column.id)) {
+ firstMatchedColumns.push(column);
+ } else {
+ nonMatchedColumns.push(column);
+ }
+ }
+
+ return [
+ ...sortFirstMatchedColumns(firstMatchedColumns, visibleColumnsOrdered),
+ ...nonMatchedColumns,
+ ];
+ };
+
+ const getColumns = useMemo(() => {
+ return parseColumns(
+ indexPattern?.fields || [],
+ defaultColumns,
+ indexPattern,
+ rows,
+ pagination.pageSize,
+ filters,
+ setFilters,
+ );
+ }, [indexPattern, rows, pagination.pageSize, filters, setFilters]);
+
const onChangeItemsPerPage = useMemo(
() => (pageSize: number) =>
setPagination(pagination => ({
@@ -149,7 +196,7 @@ export const useDataGrid = (props: tDataGridProps): EuiDataGridProps => {
rowsParsed,
);
// check if column have render method initialized
- const column = columns.find(column => column.id === columnId);
+ const column = defaultColumns.find(column => column.id === columnId);
if (column && column.render) {
return column.render(fieldFormatted, rowsParsed[relativeRowIndex]);
}
@@ -198,53 +245,16 @@ export const useDataGrid = (props: tDataGridProps): EuiDataGridProps => {
];
}, [results]);
- const filterColumns = () => {
- const allColumns = parseColumns(
- indexPattern?.fields || [],
- columns,
- indexPattern,
- rows,
- pagination.pageSize,
- filters,
- setFilters,
- );
- const columnMatch = [];
- const columnNonMatch = [];
-
- for (const item of allColumns) {
- if (columnVisibility.includes(item.name)) {
- columnMatch.push(item);
- } else {
- columnNonMatch.push(item);
- }
- }
-
- return [...columnMatch, ...columnNonMatch];
- };
-
- const defaultColumnsPosition = (columnsVisibility, defaultColumns) => {
- const defaults = defaultColumns
- .map(item => item.id)
- .filter(id => columnsVisibility.includes(id));
-
- const nonDefaults = columnsVisibility.filter(
- item => !defaultColumns.map(item => item.id).includes(item),
- );
-
- return [...defaults, ...nonDefaults];
- };
-
return {
'aria-labelledby': props.ariaLabelledBy,
- columns: filterColumns(),
+ columns: orderFirstMatchedColumns(getColumns, visibleColumns),
columnVisibility: {
- visibleColumns: defaultColumnsPosition(columnVisibility, columns),
- setVisibleColumns: setVisibility,
+ visibleColumns,
+ setVisibleColumns,
},
renderCellValue: renderCellValue,
leadingControlColumns: leadingControlColumns,
- rowCount:
- rowCount < MAX_ENTRIES_PER_QUERY ? rowCount : MAX_ENTRIES_PER_QUERY,
+ rowCount: Math.min(rowCount, MAX_ENTRIES_PER_QUERY),
sorting: { columns: sortingColumns, onSort },
pagination: {
...pagination,
diff --git a/plugins/main/public/components/common/data-source/pattern/alerts/index.ts b/plugins/main/public/components/common/data-source/pattern/alerts/index.ts
index effcfe3e7b..c093c8a4fe 100644
--- a/plugins/main/public/components/common/data-source/pattern/alerts/index.ts
+++ b/plugins/main/public/components/common/data-source/pattern/alerts/index.ts
@@ -8,7 +8,6 @@ export * from './docker';
export * from './malware-detection';
export * from './vulnerabilities';
export * from './hipaa';
-export * from './virustotal';
export * from './nist-800-53';
export * from './mitre-attack';
export * from './pci-dss';
diff --git a/plugins/main/public/components/common/data-source/pattern/alerts/virustotal/index.ts b/plugins/main/public/components/common/data-source/pattern/alerts/virustotal/index.ts
deleted file mode 100644
index ffed0ecacd..0000000000
--- a/plugins/main/public/components/common/data-source/pattern/alerts/virustotal/index.ts
+++ /dev/null
@@ -1 +0,0 @@
-export * from './virustotal-data-source';
diff --git a/plugins/main/public/components/common/data-source/pattern/alerts/virustotal/virustotal-data-source.ts b/plugins/main/public/components/common/data-source/pattern/alerts/virustotal/virustotal-data-source.ts
deleted file mode 100644
index bd477527a1..0000000000
--- a/plugins/main/public/components/common/data-source/pattern/alerts/virustotal/virustotal-data-source.ts
+++ /dev/null
@@ -1,28 +0,0 @@
-import { tFilter } from '../../../index';
-import { DATA_SOURCE_FILTER_CONTROLLED_VIRUSTOTAL_RULE_GROUP } from '../../../../../../../common/constants';
-import { AlertsDataSource } from '../alerts-data-source';
-
-const VIRUSTOTAL_GROUP_KEY = 'rule.groups';
-const VIRUSTOTAL_GROUP_VALUE = 'virustotal';
-
-export class VirusTotalDataSource extends AlertsDataSource {
- constructor(id: string, title: string) {
- super(id, title);
- }
-
- getRuleGroupsFilter() {
- return super.getRuleGroupsFilter(
- VIRUSTOTAL_GROUP_KEY,
- VIRUSTOTAL_GROUP_VALUE,
- DATA_SOURCE_FILTER_CONTROLLED_VIRUSTOTAL_RULE_GROUP,
- );
- }
-
- getFixedFilters(): tFilter[] {
- return [
- ...super.getFixedFiltersClusterManager(),
- ...this.getRuleGroupsFilter(),
- ...super.getFixedFilters(),
- ];
- }
-}
diff --git a/plugins/main/public/components/common/modules/modules-defaults.tsx b/plugins/main/public/components/common/modules/modules-defaults.tsx
index 926216572a..0fc4b4b5bc 100644
--- a/plugins/main/public/components/common/modules/modules-defaults.tsx
+++ b/plugins/main/public/components/common/modules/modules-defaults.tsx
@@ -38,7 +38,6 @@ import { gdprColumns } from '../../overview/gdpr/events/gdpr-columns';
import { tscColumns } from '../../overview/tsc/events/tsc-columns';
import { githubColumns } from '../../overview/github/events/github-columns';
import { mitreAttackColumns } from '../../overview/mitre/events/mitre-attack-columns';
-import { virustotalColumns } from '../../overview/virustotal/events/virustotal-columns';
import { malwareDetectionColumns } from '../../overview/malware-detection/events/malware-detection-columns';
import { WAZUH_VULNERABILITIES_PATTERN } from '../../../../common/constants';
import {
@@ -55,7 +54,6 @@ import {
DashboardAWS,
DashboardOffice365,
DashboardThreatHunting,
- DashboardVirustotal,
DashboardGoogleCloud,
DashboardVuls,
InventoryVuls,
@@ -64,7 +62,6 @@ import {
DockerDataSource,
AlertsVulnerabilitiesDataSource,
AWSDataSource,
- VirusTotalDataSource,
FIMDataSource,
GitHubDataSource,
MalwareDetectionDataSource,
@@ -311,21 +308,6 @@ export const ModulesDefaults = {
],
availableFor: ['manager', 'agent'],
},
- virustotal: {
- tabs: [
- {
- id: 'dashboard',
- name: 'Dashboard',
- buttons: [ButtonExploreAgent, ButtonModuleGenerateReport],
- component: DashboardVirustotal,
- },
- renderDiscoverTab({
- tableColumns: virustotalColumns,
- DataSource: VirusTotalDataSource,
- }),
- ],
- availableFor: ['manager', 'agent'],
- },
docker: {
init: 'dashboard',
tabs: [
diff --git a/plugins/main/public/components/common/welcome/overview-welcome.js b/plugins/main/public/components/common/welcome/overview-welcome.js
index 868136ddc9..70af0d608b 100644
--- a/plugins/main/public/components/common/welcome/overview-welcome.js
+++ b/plugins/main/public/components/common/welcome/overview-welcome.js
@@ -21,7 +21,6 @@ import {
EuiSpacer,
EuiFlexGrid,
EuiCallOut,
- EuiPage,
} from '@elastic/eui';
import './welcome.scss';
import { withErrorBoundary, withGlobalBreadcrumb } from '../hocs';
@@ -111,63 +110,57 @@ export const OverviewWelcome = compose(
render() {
return (
-
-
-
-
- {this.props.agentsCountTotal === 0 && this.addAgent()}
-
-
- {appCategories.map(({ label, apps }) => (
-
- category.id === label)
- ?.label
- }
- >
-
-
- {apps.map(app => (
-
-
-
- }
- className='homSynopsis__card'
- title={app.title}
- href={NavigationService.getInstance().getUrlForApp(
- app.id,
- )}
- data-test-subj={`overviewWelcome${this.strtools.capitalize(
- app.id,
- )}`}
- description={app.description}
- />
-
-
- ))}
-
-
-
- ))}
-
-
-
+
+
+ {this.props.agentsCountTotal === 0 && this.addAgent()}
+
+
+ {appCategories.map(({ label, apps }) => (
+
+ category.id === label)
+ ?.label
+ }
+ >
+
+
+ {apps.map(app => (
+
+
+
+ }
+ className='wz-module-card-title h-100'
+ title={app.title}
+ titleSize='xs'
+ href={NavigationService.getInstance().getUrlForApp(
+ app.id,
+ )}
+ data-test-subj={`overviewWelcome${this.strtools.capitalize(
+ app.id,
+ )}`}
+ description={app.description}
+ />
+
+
+ ))}
+
+
+
+ ))}
+
-
-
+
+
);
}
},
diff --git a/plugins/main/public/components/common/welcome/welcome.scss b/plugins/main/public/components/common/welcome/welcome.scss
index 0ce9e18dda..ab06214b0d 100644
--- a/plugins/main/public/components/common/welcome/welcome.scss
+++ b/plugins/main/public/components/common/welcome/welcome.scss
@@ -1,14 +1,3 @@
-.wz-welcome-page .euiCard .euiTitle,
-.wz-module-body .euiCard .euiTitle {
- font-size: 16px;
- font-weight: 400;
-}
-
-.wz-welcome-page .euiCard .euiText,
-.wz-module-body .euiCard .euiText {
- font-family: sans-serif;
-}
-
.wz-module-header-agent:not(.wz-module-header-agent-main) {
background: white;
border-bottom: 1px solid #d3dae6;
@@ -44,7 +33,6 @@ span.statWithLink:hover {
text-decoration: underline;
}
-.wz-welcome-page .flex-redirect-app-links {
- display: flex;
- flex-grow: 1;
+.wz-module-card-title .euiCard__content .euiTitle {
+ font-weight: 400;
}
diff --git a/plugins/main/public/components/overview/index.ts b/plugins/main/public/components/overview/index.ts
index 74f6becf54..03bc993a63 100644
--- a/plugins/main/public/components/overview/index.ts
+++ b/plugins/main/public/components/overview/index.ts
@@ -12,5 +12,4 @@ export { DashboardPCIDSS } from './pci/dashboards';
export { DashboardOffice365 } from './office/dashboard';
export { DashboardThreatHunting } from './threat-hunting/dashboard';
export { DashboardTSC } from './tsc/dashboards';
-export { DashboardVirustotal } from './virustotal/dashboard';
export { DashboardVuls, InventoryVuls } from './vulnerabilities';
diff --git a/plugins/main/public/components/overview/overview.tsx b/plugins/main/public/components/overview/overview.tsx
index 12476ad0a7..56afe727c8 100644
--- a/plugins/main/public/components/overview/overview.tsx
+++ b/plugins/main/public/components/overview/overview.tsx
@@ -1,4 +1,5 @@
import React, { useEffect, useState } from 'react';
+import { EuiPage, EuiFlexGroup, EuiFlexItem } from '@elastic/eui';
import { getDataPlugin, getUiSettings } from '../../kibana-services';
import { Stats } from '../../controllers/overview/components/stats';
import { AppState, WzRequest } from '../../react-services';
@@ -158,10 +159,16 @@ export const Overview: React.FC = withRouteResolvers({
>
)}
{tab === 'welcome' && (
- <>
-
-
- >
+
+
+
+
+
+
+
+
+
+
)}
>
);
diff --git a/plugins/main/public/components/overview/virustotal/dashboard/dashboard.tsx b/plugins/main/public/components/overview/virustotal/dashboard/dashboard.tsx
deleted file mode 100644
index 29cf0cff74..0000000000
--- a/plugins/main/public/components/overview/virustotal/dashboard/dashboard.tsx
+++ /dev/null
@@ -1,168 +0,0 @@
-import React, { useState, useEffect } from 'react';
-import { getPlugins } from '../../../../kibana-services';
-import { ViewMode } from '../../../../../../../src/plugins/embeddable/public';
-import { SearchResponse } from '../../../../../../../src/core/server';
-import { IndexPattern } from '../../../../../../../src/plugins/data/common';
-import { getDashboardPanels } from './dashboard_panels';
-import { I18nProvider } from '@osd/i18n/react';
-import useSearchBar from '../../../common/search-bar/use-search-bar';
-import { getKPIsPanel } from './dashboard_panels_kpis';
-import {
- ErrorFactory,
- ErrorHandler,
- HttpError,
-} from '../../../../react-services/error-management';
-import { withErrorBoundary } from '../../../common/hocs/error-boundary/with-error-boundary';
-import { SampleDataWarning } from '../../../visualize/components/sample-data-warning';
-import {
- AlertsDataSourceRepository,
- PatternDataSource,
- tParsedIndexPattern,
- useDataSource,
-} from '../../../common/data-source';
-import { LoadingSearchbarProgress } from '../../../common/loading-searchbar-progress/loading-searchbar-progress';
-import { DiscoverNoResults } from '../../../common/no-results/no-results';
-import { VirusTotalDataSource } from '../../../common/data-source/pattern/alerts/virustotal/virustotal-data-source';
-import './virustotal_dashboard.scss';
-import { useReportingCommunicateSearchContext } from '../../../common/hooks/use-reporting-communicate-search-context';
-import { WzSearchBar } from '../../../common/search-bar';
-
-const plugins = getPlugins();
-
-const DashboardByRenderer = plugins.dashboard.DashboardContainerByValueRenderer;
-
-const DashboardVT: React.FC = () => {
- const AlertsRepository = new AlertsDataSourceRepository();
- const {
- filters,
- dataSource,
- fetchFilters,
- fixedFilters,
- isLoading: isDataSourceLoading,
- fetchData,
- setFilters,
- } = useDataSource({
- DataSource: VirusTotalDataSource,
- repository: AlertsRepository,
- });
-
- const [results, setResults] = useState({} as SearchResponse);
-
- const { searchBarProps } = useSearchBar({
- indexPattern: dataSource?.indexPattern as IndexPattern,
- filters,
- setFilters,
- });
- const { query, absoluteDateRange } = searchBarProps;
-
- useReportingCommunicateSearchContext({
- isSearching: isDataSourceLoading,
- totalResults: results?.hits?.total ?? 0,
- indexPattern: dataSource?.indexPattern,
- filters: fetchFilters,
- query: query,
- time: absoluteDateRange,
- });
-
- useEffect(() => {
- if (isDataSourceLoading) {
- return;
- }
- fetchData({
- query,
- dateRange: absoluteDateRange,
- })
- .then(results => {
- setResults(results);
- })
- .catch(error => {
- const searchError = ErrorFactory.create(HttpError, {
- error,
- message: 'Error fetching data',
- });
- ErrorHandler.handleError(searchError);
- });
- }, [
- isDataSourceLoading,
- JSON.stringify(fetchFilters),
- JSON.stringify(query),
- JSON.stringify(absoluteDateRange),
- ]);
-
- return (
-
- {isDataSourceLoading && !dataSource ? (
-
- ) : (
- <>
-
- {!isDataSourceLoading && dataSource && results?.hits?.total > 0 ? (
-
- ) : null}
- {dataSource && results?.hits?.total === 0 ? (
-
- ) : null}
- 0
- ? ''
- : 'wz-no-display'
- }`}
- >
-
-
-
- >
- )}
-
- );
-};
-
-export const DashboardVirustotal = withErrorBoundary(DashboardVT);
diff --git a/plugins/main/public/components/overview/virustotal/dashboard/dashboard_panels.ts b/plugins/main/public/components/overview/virustotal/dashboard/dashboard_panels.ts
deleted file mode 100644
index 1ec019da2b..0000000000
--- a/plugins/main/public/components/overview/virustotal/dashboard/dashboard_panels.ts
+++ /dev/null
@@ -1,989 +0,0 @@
-import { DashboardPanelState } from '../../../../../../../../src/plugins/dashboard/public/application';
-import { EmbeddableInput } from '../../../../../../../../src/plugins/embeddable/public';
-
-/* WARNING: The panel id must be unique including general and agents visualizations. Otherwise, the visualizations will not refresh when we pin an agent, because they are cached by id */
-
-/* Overview visualizations */
-
-const getVisStateTop5UniqueMaliciousFilesPerAgent = (
- indexPatternId: string,
-) => {
- return {
- id: 'Wazuh-App-Overview-Virustotal-Malicious-Per-Agent',
- title: 'Top 5 agents with unique malicious files',
- type: 'pie',
- params: {
- type: 'pie',
- addTooltip: true,
- addLegend: true,
- legendPosition: 'right',
- isDonut: true,
- labels: {
- show: false,
- values: true,
- last_level: true,
- truncate: 100,
- },
- },
- data: {
- searchSource: {
- query: {
- language: 'kuery',
- query: '',
- },
- filter: [
- {
- meta: {
- index: 'wazuh-alerts',
- negate: true,
- disabled: false,
- alias: null,
- type: 'phrase',
- key: 'data.virustotal.malicious',
- value: '0',
- params: {
- query: '0',
- type: 'phrase',
- },
- },
- query: {
- match: {
- 'data.virustotal.malicious': {
- query: '0',
- type: 'phrase',
- },
- },
- },
- $state: {
- store: 'appState',
- },
- },
- ],
- index: indexPatternId,
- },
- references: [
- {
- name: 'kibanaSavedObjectMeta.searchSourceJSON.index',
- type: 'index-pattern',
- id: indexPatternId,
- },
- ],
- aggs: [
- {
- id: '1',
- enabled: true,
- type: 'cardinality',
- schema: 'metric',
- params: { field: 'data.virustotal.source.md5' },
- },
- {
- id: '2',
- enabled: true,
- type: 'terms',
- schema: 'segment',
- params: {
- field: 'agent.name',
- size: 5,
- order: 'desc',
- orderBy: '1',
- },
- },
- ],
- },
- };
-};
-
-const getVisStateLastScannedFiles = (indexPatternId: string) => {
- return {
- id: 'Wazuh-App-Overview-Virustotal-Last-Files-Pie',
- title: 'Last scanned files',
- type: 'pie',
- params: {
- type: 'pie',
- addTooltip: true,
- addLegend: true,
- legendPosition: 'right',
- isDonut: true,
- labels: {
- show: false,
- values: true,
- last_level: true,
- truncate: 100,
- },
- },
- uiState: {
- vis: { legendOpen: true },
- },
- data: {
- searchSource: {
- query: {
- language: 'kuery',
- query: '',
- },
- filter: [],
- index: indexPatternId,
- },
- references: [
- {
- name: 'kibanaSavedObjectMeta.searchSourceJSON.index',
- type: 'index-pattern',
- id: indexPatternId,
- },
- ],
- aggs: [
- {
- id: '1',
- enabled: true,
- type: 'count',
- schema: 'metric',
- params: { customLabel: 'Files' },
- },
- {
- id: '2',
- enabled: true,
- type: 'terms',
- schema: 'segment',
- params: {
- field: 'data.virustotal.source.file',
- size: 5,
- order: 'desc',
- orderBy: '1',
- },
- },
- ],
- },
- };
-};
-
-const getVisStateAlertsEvolutionByAgents = (indexPatternId: string) => {
- return {
- id: 'Wazuh-App-Overview-Virustotal-Alerts-Evolution',
- title: 'Alerts evolution by agents',
- type: 'histogram',
- params: {
- type: 'histogram',
- grid: { categoryLines: false },
- categoryAxes: [
- {
- id: 'CategoryAxis-1',
- type: 'category',
- position: 'bottom',
- show: true,
- style: {},
- scale: { type: 'linear' },
- labels: { show: true, filter: true, truncate: 100 },
- title: {},
- },
- ],
- valueAxes: [
- {
- id: 'ValueAxis-1',
- name: 'LeftAxis-1',
- type: 'value',
- position: 'left',
- show: true,
- style: {},
- scale: { type: 'linear', mode: 'normal' },
- labels: { show: true, rotate: 0, filter: false, truncate: 100 },
- title: { text: 'Count' },
- },
- ],
- seriesParams: [
- {
- show: true,
- type: 'histogram',
- mode: 'stacked',
- data: { label: 'Count', id: '1' },
- valueAxis: 'ValueAxis-1',
- drawLinesBetweenPoints: true,
- lineWidth: 2,
- showCircles: true,
- },
- ],
- addTooltip: true,
- addLegend: true,
- legendPosition: 'right',
- times: [],
- addTimeMarker: false,
- labels: { show: false },
- thresholdLine: {
- show: false,
- value: 10,
- width: 1,
- style: 'full',
- color: '#E7664C',
- },
- dimensions: {
- x: {
- accessor: 0,
- format: { id: 'date', params: { pattern: 'YYYY-MM-DD HH:mm' } },
- params: {
- date: true,
- interval: 'PT3H',
- intervalOpenSearchValue: 3,
- intervalOpenSearchUnit: 'h',
- format: 'YYYY-MM-DD HH:mm',
- bounds: {
- min: '2020-04-17T12:11:35.943Z',
- max: '2020-04-24T12:11:35.944Z',
- },
- },
- label: 'timestamp per 3 hours',
- aggType: 'date_histogram',
- },
- y: [
- {
- accessor: 2,
- format: { id: 'number' },
- params: {},
- label: 'Count',
- aggType: 'count',
- },
- ],
- series: [
- {
- accessor: 1,
- format: {
- id: 'string',
- params: {
- parsedUrl: {
- origin: 'http://localhost:5601',
- pathname: '/app/kibana',
- basePath: '',
- },
- },
- },
- params: {},
- label: 'Top 5 unusual terms in agent.name',
- aggType: 'significant_terms',
- },
- ],
- },
- radiusRatio: 50,
- },
- uiState: {
- vis: {
- defaultColors: {
- '0 - 7': 'rgb(247,251,255)',
- '7 - 13': 'rgb(219,233,246)',
- '13 - 20': 'rgb(187,214,235)',
- '20 - 26': 'rgb(137,190,220)',
- '26 - 33': 'rgb(83,158,205)',
- '33 - 39': 'rgb(42,123,186)',
- '39 - 45': 'rgb(11,85,159)',
- },
- legendOpen: true,
- },
- },
- data: {
- searchSource: {
- query: {
- language: 'kuery',
- query: '',
- },
- filter: [
- {
- meta: {
- index: 'wazuh-alerts',
- negate: false,
- disabled: false,
- alias: null,
- type: 'exists',
- key: 'data.virustotal.positives',
- value: 'exists',
- },
- exists: {
- field: 'data.virustotal.positives',
- },
- $state: {
- store: 'appState',
- },
- },
- {
- meta: {
- index: 'wazuh-alerts',
- negate: true,
- disabled: false,
- alias: null,
- type: 'phrase',
- key: 'data.virustotal.positives',
- value: '0',
- params: {
- query: 0,
- type: 'phrase',
- },
- },
- query: {
- match: {
- 'data.virustotal.positives': {
- query: 0,
- type: 'phrase',
- },
- },
- },
- $state: {
- store: 'appState',
- },
- },
- ],
- index: indexPatternId,
- },
- references: [
- {
- name: 'kibanaSavedObjectMeta.searchSourceJSON.index',
- type: 'index-pattern',
- id: indexPatternId,
- },
- ],
- aggs: [
- {
- id: '1',
- enabled: true,
- type: 'count',
- schema: 'metric',
- params: {},
- },
- {
- id: '3',
- enabled: true,
- type: 'terms',
- schema: 'group',
- params: {
- field: 'agent.name',
- orderBy: '1',
- order: 'desc',
- size: 5,
- otherBucket: false,
- otherBucketLabel: 'Other',
- missingBucket: false,
- missingBucketLabel: 'Missing',
- },
- },
- {
- id: '2',
- enabled: true,
- type: 'date_histogram',
- schema: 'segment',
- params: {
- field: 'timestamp',
- timeRange: { from: 'now-7d', to: 'now' },
- useNormalizedEsInterval: true,
- scaleMetricValues: false,
- interval: 'auto',
- drop_partials: false,
- min_doc_count: 1,
- extended_bounds: {},
- },
- },
- ],
- },
- };
-};
-
-const getVisStateMaliciousFilesAlertsEvolution = (indexPatternId: string) => {
- return {
- id: 'Wazuh-App-Overview-Virustotal-Malicious-Evolution',
- title: 'Malicious files alerts evolution',
- type: 'histogram',
- params: {
- type: 'histogram',
- grid: { categoryLines: false, style: { color: '#eee' } },
- categoryAxes: [
- {
- id: 'CategoryAxis-1',
- type: 'category',
- position: 'bottom',
- show: true,
- style: {},
- scale: { type: 'linear' },
- labels: { show: true, filter: true, truncate: 100 },
- title: {},
- },
- ],
- valueAxes: [
- {
- id: 'ValueAxis-1',
- name: 'LeftAxis-1',
- type: 'value',
- position: 'left',
- show: true,
- style: {},
- scale: { type: 'linear', mode: 'normal' },
- labels: { show: true, rotate: 0, filter: false, truncate: 100 },
- title: { text: 'Malicious' },
- },
- ],
- seriesParams: [
- {
- show: 'true',
- type: 'histogram',
- mode: 'stacked',
- data: { label: 'Malicious', id: '1' },
- valueAxis: 'ValueAxis-1',
- drawLinesBetweenPoints: true,
- showCircles: true,
- },
- ],
- addTooltip: true,
- addLegend: false,
- legendPosition: 'right',
- times: [],
- addTimeMarker: false,
- },
- data: {
- searchSource: {
- query: {
- language: 'kuery',
- query: '',
- },
- filter: [
- {
- meta: {
- index: 'wazuh-alerts',
- negate: false,
- disabled: false,
- alias: null,
- type: 'exists',
- key: 'data.virustotal.malicious',
- value: 'exists',
- },
- exists: {
- field: 'data.virustotal.malicious',
- },
- $state: {
- store: 'appState',
- },
- },
- {
- meta: {
- index: 'wazuh-alerts',
- negate: true,
- disabled: false,
- alias: null,
- type: 'phrase',
- key: 'data.virustotal.malicious',
- value: '0',
- params: {
- query: 0,
- type: 'phrase',
- },
- },
- query: {
- match: {
- 'data.virustotal.malicious': {
- query: 0,
- type: 'phrase',
- },
- },
- },
- $state: {
- store: 'appState',
- },
- },
- ],
- index: indexPatternId,
- },
- references: [
- {
- name: 'kibanaSavedObjectMeta.searchSourceJSON.index',
- type: 'index-pattern',
- id: indexPatternId,
- },
- ],
- aggs: [
- {
- id: '1',
- enabled: true,
- type: 'count',
- schema: 'metric',
- params: { customLabel: 'Malicious' },
- },
- {
- id: '2',
- enabled: true,
- type: 'date_histogram',
- schema: 'segment',
- params: {
- field: 'timestamp',
- interval: 'auto',
- customInterval: '2h',
- min_doc_count: 1,
- extended_bounds: {},
- },
- },
- ],
- },
- };
-};
-
-const getVisStateLastFiles = (indexPatternId: string) => {
- return {
- id: 'Wazuh-App-Overview-Virustotal-Files-Table',
- title: 'Last files',
- type: 'table',
- params: {
- perPage: 10,
- showPartialRows: false,
- showMeticsAtAllLevels: false,
- sort: { columnIndex: 2, direction: 'desc' },
- showTotal: false,
- showToolbar: true,
- totalFunc: 'sum',
- },
- uiState: {
- vis: { params: { sort: { columnIndex: 2, direction: 'desc' } } },
- },
- data: {
- searchSource: {
- query: {
- language: 'kuery',
- query: '',
- },
- filter: [],
- index: indexPatternId,
- },
- references: [
- {
- name: 'kibanaSavedObjectMeta.searchSourceJSON.index',
- type: 'index-pattern',
- id: indexPatternId,
- },
- ],
- aggs: [
- {
- id: '1',
- enabled: true,
- type: 'count',
- schema: 'metric',
- params: { customLabel: 'Count' },
- },
- {
- id: '4',
- enabled: true,
- type: 'terms',
- schema: 'bucket',
- params: {
- field: 'data.virustotal.source.file',
- size: 10,
- order: 'desc',
- orderBy: '1',
- customLabel: 'File',
- },
- },
- {
- id: '2',
- enabled: true,
- type: 'terms',
- schema: 'bucket',
- params: {
- field: 'data.virustotal.permalink',
- size: 1,
- order: 'desc',
- orderBy: '1',
- customLabel: 'Link',
- },
- },
- ],
- },
- };
-};
-
-/* Agent visualizations */
-
-const getVisStateAgentLastScannedFiles = (indexPatternId: string) => {
- return {
- id: 'Wazuh-App-Agents-Virustotal-Last-Files-Pie',
- title: 'Last scanned files',
- type: 'pie',
- params: {
- type: 'pie',
- addTooltip: true,
- addLegend: true,
- legendPosition: 'right',
- isDonut: true,
- labels: { show: false, values: true, last_level: true, truncate: 100 },
- },
- uiState: { vis: { legendOpen: true } },
- data: {
- searchSource: {
- query: {
- language: 'kuery',
- query: '',
- },
- filter: [],
- index: indexPatternId,
- },
- references: [
- {
- name: 'kibanaSavedObjectMeta.searchSourceJSON.index',
- type: 'index-pattern',
- id: indexPatternId,
- },
- ],
- aggs: [
- {
- id: '1',
- enabled: true,
- type: 'count',
- schema: 'metric',
- params: { customLabel: 'Files' },
- },
- {
- id: '2',
- enabled: true,
- type: 'terms',
- schema: 'segment',
- params: {
- field: 'data.virustotal.source.file',
- size: 5,
- order: 'desc',
- orderBy: '1',
- },
- },
- ],
- },
- };
-};
-
-const getVisStateAgentMaliciousFilesAlertsEvolution = (
- indexPatternId: string,
-) => {
- return {
- id: 'Wazuh-App-Agents-Virustotal-Malicious-Evolution',
- title: 'Malicious files alerts Evolution',
- type: 'histogram',
- params: {
- type: 'histogram',
- grid: { categoryLines: false, style: { color: '#eee' } },
- categoryAxes: [
- {
- id: 'CategoryAxis-1',
- type: 'category',
- position: 'bottom',
- show: true,
- style: {},
- scale: { type: 'linear' },
- labels: { show: true, filter: true, truncate: 100 },
- title: {},
- },
- ],
- valueAxes: [
- {
- id: 'ValueAxis-1',
- name: 'LeftAxis-1',
- type: 'value',
- position: 'left',
- show: true,
- style: {},
- scale: { type: 'linear', mode: 'normal' },
- labels: { show: true, rotate: 0, filter: false, truncate: 100 },
- title: { text: 'Malicious' },
- },
- ],
- seriesParams: [
- {
- show: 'true',
- type: 'histogram',
- mode: 'stacked',
- data: { label: 'Malicious', id: '1' },
- valueAxis: 'ValueAxis-1',
- drawLinesBetweenPoints: true,
- showCircles: true,
- },
- ],
- addTooltip: true,
- addLegend: false,
- legendPosition: 'right',
- times: [],
- addTimeMarker: false,
- },
- data: {
- searchSource: {
- query: {
- language: 'kuery',
- query: '',
- },
- filter: [
- {
- meta: {
- index: 'wazuh-alerts',
- negate: false,
- disabled: false,
- alias: null,
- type: 'exists',
- key: 'data.virustotal.positives',
- value: 'exists',
- },
- exists: {
- field: 'data.virustotal.positives',
- },
- $state: {
- store: 'appState',
- },
- },
- {
- meta: {
- index: 'wazuh-alerts',
- negate: true,
- disabled: false,
- alias: null,
- type: 'phrase',
- key: 'data.virustotal.positives',
- value: '0',
- params: {
- query: 0,
- type: 'phrase',
- },
- },
- query: {
- match: {
- 'data.virustotal.positives': {
- query: 0,
- type: 'phrase',
- },
- },
- },
- $state: {
- store: 'appState',
- },
- },
- ],
- index: indexPatternId,
- },
- references: [
- {
- name: 'kibanaSavedObjectMeta.searchSourceJSON.index',
- type: 'index-pattern',
- id: indexPatternId,
- },
- ],
- aggs: [
- {
- id: '1',
- enabled: true,
- type: 'count',
- schema: 'metric',
- params: { customLabel: 'Malicious' },
- },
- {
- id: '2',
- enabled: true,
- type: 'date_histogram',
- schema: 'segment',
- params: {
- field: 'timestamp',
- interval: 'auto',
- customInterval: '2h',
- min_doc_count: 1,
- extended_bounds: {},
- },
- },
- ],
- },
- };
-};
-
-const getVisStateAgentLastFiles = (indexPatternId: string) => {
- return {
- id: 'Wazuh-App-Agents-Virustotal-Files-Table',
- title: 'Last files',
- type: 'table',
- params: {
- perPage: 10,
- showPartialRows: false,
- showMeticsAtAllLevels: false,
- sort: { columnIndex: 2, direction: 'desc' },
- showTotal: false,
- showToolbar: true,
- totalFunc: 'sum',
- },
- uiState: {
- vis: { params: { sort: { columnIndex: 2, direction: 'desc' } } },
- },
- data: {
- searchSource: {
- query: {
- language: 'kuery',
- query: '',
- },
- filter: [],
- index: indexPatternId,
- },
- references: [
- {
- name: 'kibanaSavedObjectMeta.searchSourceJSON.index',
- type: 'index-pattern',
- id: indexPatternId,
- },
- ],
- aggs: [
- {
- id: '1',
- enabled: true,
- type: 'count',
- schema: 'metric',
- params: { customLabel: 'Count' },
- },
- {
- id: '4',
- enabled: true,
- type: 'terms',
- schema: 'bucket',
- params: {
- field: 'data.virustotal.source.file',
- size: 10,
- order: 'desc',
- orderBy: '1',
- customLabel: 'File',
- },
- },
- {
- id: '2',
- enabled: true,
- type: 'terms',
- schema: 'bucket',
- params: {
- field: 'data.virustotal.permalink',
- size: 1,
- order: 'desc',
- orderBy: '1',
- missingBucket: true,
- missingBucketLabel: '-',
- customLabel: 'Link',
- },
- },
- ],
- },
- };
-};
-
-/* Definitiion of panels */
-
-export const getDashboardPanels = (
- indexPatternId: string,
- pinnedAgent?: boolean,
-): {
- [panelId: string]: DashboardPanelState<
- EmbeddableInput & { [k: string]: unknown }
- >;
-} => {
- const pinnedAgentPanels = {
- '6': {
- gridData: {
- w: 12,
- h: 9,
- x: 0,
- y: 0,
- i: '6',
- },
- type: 'visualization',
- explicitInput: {
- id: '6',
- savedVis: getVisStateAgentLastScannedFiles(indexPatternId),
- },
- },
- '7': {
- gridData: {
- w: 36,
- h: 9,
- x: 12,
- y: 0,
- i: '7',
- },
- type: 'visualization',
- explicitInput: {
- id: '7',
- savedVis: getVisStateAgentMaliciousFilesAlertsEvolution(indexPatternId),
- },
- },
- '8': {
- gridData: {
- w: 48,
- h: 20,
- x: 0,
- y: 9,
- i: '8',
- },
- type: 'visualization',
- explicitInput: {
- id: '8',
- savedVis: getVisStateAgentLastFiles(indexPatternId),
- },
- },
- };
-
- const panels = {
- '1': {
- gridData: {
- w: 24,
- h: 13,
- x: 0,
- y: 0,
- i: '1',
- },
- type: 'visualization',
- explicitInput: {
- id: '1',
- savedVis: getVisStateTop5UniqueMaliciousFilesPerAgent(indexPatternId),
- },
- },
- '2': {
- gridData: {
- w: 24,
- h: 13,
- x: 28,
- y: 0,
- i: '2',
- },
- type: 'visualization',
- explicitInput: {
- id: '2',
- savedVis: getVisStateLastScannedFiles(indexPatternId),
- },
- },
- '3': {
- gridData: {
- w: 48,
- h: 20,
- x: 0,
- y: 13,
- i: '3',
- },
- type: 'visualization',
- explicitInput: {
- id: '3',
- savedVis: getVisStateAlertsEvolutionByAgents(indexPatternId),
- },
- },
- '4': {
- gridData: {
- w: 48,
- h: 9,
- x: 0,
- y: 23,
- i: '4',
- },
- type: 'visualization',
- explicitInput: {
- id: '4',
- savedVis: getVisStateMaliciousFilesAlertsEvolution(indexPatternId),
- },
- },
- '5': {
- gridData: {
- w: 48,
- h: 20,
- x: 0,
- y: 32,
- i: '5',
- },
- type: 'visualization',
- explicitInput: {
- id: '5',
- savedVis: getVisStateLastFiles(indexPatternId),
- },
- },
- };
-
- return pinnedAgent ? pinnedAgentPanels : panels;
-};
diff --git a/plugins/main/public/components/overview/virustotal/dashboard/dashboard_panels_kpis.ts b/plugins/main/public/components/overview/virustotal/dashboard/dashboard_panels_kpis.ts
deleted file mode 100644
index 3a738bcc66..0000000000
--- a/plugins/main/public/components/overview/virustotal/dashboard/dashboard_panels_kpis.ts
+++ /dev/null
@@ -1,304 +0,0 @@
-import { DashboardPanelState } from '../../../../../../../../src/plugins/dashboard/public/application';
-import { EmbeddableInput } from '../../../../../../../../src/plugins/embeddable/public';
-
-const getVisStateTotalMalicious = (indexPatternId: string) => {
- return {
- id: 'Wazuh-App-Overview-Virustotal-Total-Malicious',
- title: 'Total Malicious',
- type: 'metric',
- params: {
- addTooltip: true,
- addLegend: false,
- type: 'metric',
- metric: {
- percentageMode: false,
- useRanges: false,
- colorSchema: 'Reds',
- metricColorMode: 'Labels',
- colorsRange: [
- {
- from: 0,
- to: 0,
- },
- {
- from: 0,
- to: 0,
- },
- ],
- labels: {
- show: true,
- },
- invertColors: false,
- style: {
- bgFill: '#000',
- bgColor: false,
- labelColor: false,
- subText: '',
- fontSize: 40,
- },
- },
- },
- data: {
- searchSource: {
- query: {
- language: 'kuery',
- query: '',
- },
- filter: [],
- index: indexPatternId,
- },
- references: [
- {
- name: 'kibanaSavedObjectMeta.searchSourceJSON.index',
- type: 'index-pattern',
- id: indexPatternId,
- },
- ],
- aggs: [
- {
- id: '1',
- enabled: true,
- type: 'count',
- schema: 'metric',
- params: { customLabel: ' ' },
- },
- {
- id: '2',
- enabled: true,
- type: 'filters',
- params: {
- filters: [
- {
- input: {
- query: 'data.virustotal.malicious: 1',
- language: 'kuery',
- },
- label: '- Total malicious',
- },
- ],
- },
- schema: 'group',
- },
- ],
- },
- };
-};
-
-const getVisStateTotalPositives = (indexPatternId: string) => {
- return {
- id: 'Wazuh-App-Overview-Virustotal-Total-Positives',
- title: 'Total Positives',
- type: 'metric',
- params: {
- addTooltip: true,
- addLegend: false,
- type: 'metric',
- metric: {
- percentageMode: false,
- useRanges: false,
- colorSchema: 'Greens',
- metricColorMode: 'Labels',
- colorsRange: [
- {
- from: 0,
- to: 0,
- },
- {
- from: 0,
- to: 0,
- },
- ],
- labels: {
- show: true,
- },
- invertColors: false,
- style: {
- bgFill: '#000',
- bgColor: false,
- labelColor: false,
- subText: '',
- fontSize: 40,
- },
- },
- },
- data: {
- searchSource: {
- query: {
- language: 'kuery',
- query: '',
- },
- filter: [],
- index: indexPatternId,
- },
- references: [
- {
- name: 'kibanaSavedObjectMeta.searchSourceJSON.index',
- type: 'index-pattern',
- id: indexPatternId,
- },
- ],
- aggs: [
- {
- id: '1',
- enabled: true,
- type: 'count',
- schema: 'metric',
- params: { customLabel: ' ' },
- },
- {
- id: '2',
- enabled: true,
- type: 'filters',
- params: {
- filters: [
- {
- input: {
- query: 'data.virustotal.positives: *',
- language: 'kuery',
- },
- label: '- Total Positives',
- },
- ],
- },
- schema: 'group',
- },
- ],
- },
- };
-};
-
-const getVisStateTotal = (indexPatternId: string) => {
- return {
- id: 'Wazuh-App-Overview-Virustotal-Total',
- title: 'Total',
- type: 'metric',
- params: {
- addTooltip: true,
- addLegend: false,
- type: 'metric',
- metric: {
- percentageMode: false,
- useRanges: false,
- colorSchema: 'Greens',
- metricColorMode: 'Labels',
- colorsRange: [
- {
- from: 0,
- to: 0,
- },
- {
- from: 0,
- to: 0,
- },
- ],
- labels: {
- show: true,
- },
- invertColors: false,
- style: {
- bgFill: '#000',
- bgColor: false,
- labelColor: false,
- subText: '',
- fontSize: 40,
- },
- },
- },
- data: {
- searchSource: {
- query: {
- language: 'kuery',
- query: '',
- },
- filter: [],
- index: indexPatternId,
- },
- references: [
- {
- name: 'kibanaSavedObjectMeta.searchSourceJSON.index',
- type: 'index-pattern',
- id: indexPatternId,
- },
- ],
- aggs: [
- {
- id: '1',
- enabled: true,
- type: 'count',
- schema: 'metric',
- params: { customLabel: ' ' },
- },
- {
- id: '2',
- enabled: true,
- type: 'filters',
- params: {
- filters: [
- {
- input: {
- query: 'data.virustotal:*',
- language: 'kuery',
- },
- label: '- Total',
- },
- ],
- },
- schema: 'group',
- },
- ],
- },
- };
-};
-
-export const getKPIsPanel = (
- indexPatternId: string,
-): {
- [panelId: string]: DashboardPanelState<
- EmbeddableInput & { [k: string]: unknown }
- >;
-} => {
- return {
- '1': {
- gridData: {
- w: 12,
- h: 6,
- x: 6,
- y: 0,
- i: '1',
- },
- type: 'visualization',
- explicitInput: {
- id: '1',
- savedVis: getVisStateTotalMalicious(indexPatternId),
- },
- },
- '2': {
- gridData: {
- w: 12,
- h: 6,
- x: 18,
- y: 0,
- i: '2',
- },
- type: 'visualization',
- explicitInput: {
- id: '2',
- savedVis: getVisStateTotalPositives(indexPatternId),
- },
- },
- '3': {
- gridData: {
- w: 12,
- h: 6,
- x: 30,
- y: 0,
- i: '3',
- },
- type: 'visualization',
- explicitInput: {
- id: '3',
- savedVis: getVisStateTotal(indexPatternId),
- },
- },
- };
-};
diff --git a/plugins/main/public/components/overview/virustotal/dashboard/index.tsx b/plugins/main/public/components/overview/virustotal/dashboard/index.tsx
deleted file mode 100644
index b58b6c9229..0000000000
--- a/plugins/main/public/components/overview/virustotal/dashboard/index.tsx
+++ /dev/null
@@ -1 +0,0 @@
-export * from './dashboard';
diff --git a/plugins/main/public/components/overview/virustotal/dashboard/virustotal_dashboard.scss b/plugins/main/public/components/overview/virustotal/dashboard/virustotal_dashboard.scss
deleted file mode 100644
index 6e8f3eab43..0000000000
--- a/plugins/main/public/components/overview/virustotal/dashboard/virustotal_dashboard.scss
+++ /dev/null
@@ -1,10 +0,0 @@
-.virustotal-dashboard-responsive {
- @media (max-width: 767px) {
- .react-grid-layout {
- height: auto !important;
- }
- .dshLayout-isMaximizedPanel {
- height: calc(100vh - 44px) !important;
- }
- }
-}
diff --git a/plugins/main/public/components/overview/virustotal/events/virustotal-columns.tsx b/plugins/main/public/components/overview/virustotal/events/virustotal-columns.tsx
deleted file mode 100644
index 790561a9e4..0000000000
--- a/plugins/main/public/components/overview/virustotal/events/virustotal-columns.tsx
+++ /dev/null
@@ -1,40 +0,0 @@
-import { tDataGridColumn } from '../../../common/data-grid';
-import React from 'react';
-import { EuiLink } from '@elastic/eui';
-
-export const virustotalColumns: tDataGridColumn[] = [
- {
- id: 'timestamp',
- isSortable: true,
- defaultSortDirection: 'desc',
- },
- {
- id: 'agent.name',
- },
- {
- id: 'data.virustotal.source.file',
- },
- {
- id: 'data.virustotal.permalink',
- render: value => {
- if (!value) {
- return '-';
- } else {
- return (
-
- {value}
-
- );
- }
- },
- },
- {
- id: 'data.virustotal.malicious',
- },
- {
- id: 'data.virustotal.positives',
- },
- {
- id: 'data.virustotal.total',
- },
-];
diff --git a/plugins/main/public/controllers/overview/components/__snapshots__/stats.test.tsx.snap b/plugins/main/public/controllers/overview/components/__snapshots__/stats.test.tsx.snap
index 1f7b3597f0..96310fd8a7 100644
--- a/plugins/main/public/controllers/overview/components/__snapshots__/stats.test.tsx.snap
+++ b/plugins/main/public/controllers/overview/components/__snapshots__/stats.test.tsx.snap
@@ -3,304 +3,300 @@
exports[`Stats component renders correctly to match the snapshot 1`] = `
+
-
+
+
+
+ This instance has no agents registered.
+
+ Please deploy agents to begin monitoring your endpoints.
+
+
+
+
+
+
+
+
-
- Agents summary
-
+ Agents summary
-
+
+
+
+
-
-
-
- Critical severity
-
-
-
-
-
- -
-
-
-
+ Critical severity
+
-
- Rule level 15 or higher
-
+
+
+ -
+
+
+
+
+
+ Rule level 15 or higher
+
+
-
-
- High severity
-
-
-
-
-
- -
-
-
-
+ High severity
+
-
- Rule level 12 to 14
-
+
+
+ -
+
+
+
+
+
+ Rule level 12 to 14
+
+
-
-
- Medium severity
-
-
-
-
-
- -
-
-
-
+ Medium severity
+
-
- Rule level 7 to 11
-
+
+
+ -
+
+
+
+
+
+ Rule level 7 to 11
+
+
-
-
- Low severity
-
-
-
-
-
- -
-
-
-
+ Low severity
+
-
- Rule level 0 to 6
-
+
+
+ -
+
+
+
+
+
+ Rule level 0 to 6
+
+
-
- Last 24 hours alerts
-
+ Last 24 hours alerts
-
+
diff --git a/plugins/main/public/controllers/overview/components/stats.js b/plugins/main/public/controllers/overview/components/stats.js
index 60d1c790bf..97fbb7cfec 100644
--- a/plugins/main/public/controllers/overview/components/stats.js
+++ b/plugins/main/public/controllers/overview/components/stats.js
@@ -16,7 +16,6 @@ import {
EuiCard,
EuiFlexItem,
EuiFlexGroup,
- EuiPage,
EuiToolTip,
EuiEmptyPrompt,
} from '@elastic/eui';
@@ -86,75 +85,72 @@ export const Stats = withErrorBoundary(
);
return (
-
-
-
-
- {hasResults ? (
- ({
- onClick,
- label,
- value:
- typeof this.props[status] !== 'undefined'
- ? this.props[status]
- : 0,
- color,
- }),
- )}
+
+
+
+ {hasResults ? (
+ ({
+ onClick,
+ label,
+ value:
+ typeof this.props[status] !== 'undefined'
+ ? this.props[status]
+ : 0,
+ color,
+ }),
+ )}
+ />
+ ) : (
+ !hasResults &&
+ this.props !== undefined && (
+
+ This instance has no agents registered.
+
+ Please deploy agents to begin monitoring your endpoints.
+
+ }
+ actions={
+
+ Deploy new agent
+
+ }
/>
- ) : (
- !hasResults &&
- this.props !== undefined && (
-
- This instance has no agents registered.
-
- Please deploy agents to begin monitoring your
- endpoints.
-
- }
- actions={
-
- Deploy new agent
-
- }
- />
- )
- )}
-
-
-
-
-
-
-
-
-
-
-
-
-
-
+ )
+ )}
+
+
+
+
+
+
+
+
+
+
+
+
+
);
}
},
diff --git a/plugins/main/public/utils/applications.ts b/plugins/main/public/utils/applications.ts
index 4db8e2d751..76ecbc060c 100644
--- a/plugins/main/public/utils/applications.ts
+++ b/plugins/main/public/utils/applications.ts
@@ -232,31 +232,6 @@ export const mitreAttack = {
}`,
};
-export const virustotal = {
- category: 'wz-category-threat-intelligence',
- id: 'virustotal',
- title: i18n.translate('wz-app-virustotal-title', {
- defaultMessage: 'VirusTotal',
- }),
- breadcrumbLabel: i18n.translate('wz-app-virustotal-breadcrumbLabel', {
- defaultMessage: 'VirusTotal',
- }),
- description: i18n.translate('wz-app-virustotal-description', {
- defaultMessage:
- 'Alerts resulting from VirusTotal analysis of suspicious files via an integration with their API.',
- }),
- euiIconType: 'monitoringApp',
- order: 303,
- showInOverviewApp: true,
- showInAgentMenu: true,
- redirectTo: () =>
- `/overview/?tab=virustotal&tabView=dashboard${
- store.getState()?.appStateReducers?.currentAgentData?.id
- ? `&agentId=${store.getState()?.appStateReducers?.currentAgentData?.id}`
- : ''
- }`,
-};
-
const pciDss = {
category: 'wz-category-security-operations',
id: 'pci-dss',
@@ -841,7 +816,6 @@ export const Applications = [
threatHunting,
vulnerabilityDetection,
mitreAttack,
- virustotal,
pciDss,
hipaa,
gdpr,
diff --git a/plugins/main/server/lib/reporting/summary-tables-definitions/agents/index.ts b/plugins/main/server/lib/reporting/summary-tables-definitions/agents/index.ts
index 46dee71df3..c84014feea 100644
--- a/plugins/main/server/lib/reporting/summary-tables-definitions/agents/index.ts
+++ b/plugins/main/server/lib/reporting/summary-tables-definitions/agents/index.ts
@@ -6,15 +6,13 @@ const generalAlertsSummary = {
AggregationFields['rule.id'],
AggregationFields['rule.description'],
AggregationFields['rule.level'],
- ]
-}
+ ],
+};
const generalGroupsSummary = {
title: 'Groups summary',
- aggs: [
- AggregationFields['rule.groups'],
- ]
-}
+ aggs: [AggregationFields['rule.groups']],
+};
const awsAlertsSummary = {
title: 'Alerts summary',
@@ -22,33 +20,24 @@ const awsAlertsSummary = {
AggregationFields['rule.id'],
AggregationFields['rule.description'],
AggregationFields['rule.level'],
- ]
-}
+ ],
+};
const fimAlertsSummary = {
title: 'Alerts summary',
aggs: [
AggregationFields['syscheck.path'],
AggregationFields['rule.description'],
- ]
-}
+ ],
+};
const gcpAlertsSummary = {
title: 'Alerts summary',
aggs: [
AggregationFields['rule.id'],
AggregationFields['rule.description'],
AggregationFields['rule.level'],
- ]
-}
-
-const virustotalAlertsSummary = {
- title: 'Alerts summary',
- aggs: [
- AggregationFields['rule.id'],
- AggregationFields['rule.description'],
- AggregationFields['rule.level'],
- ]
-}
+ ],
+};
const osqueryAlertsSummary = {
title: 'Alerts summary',
@@ -58,8 +47,8 @@ const osqueryAlertsSummary = {
AggregationFields['agent.name'],
AggregationFields['data.osquery.pack'],
AggregationFields['data.osquery.calendarTime'],
- ]
-}
+ ],
+};
const mitreAlertsSummary = {
title: 'Alerts summary',
@@ -67,8 +56,8 @@ const mitreAlertsSummary = {
AggregationFields['rule.id'],
AggregationFields['rule.description'],
AggregationFields['rule.level'],
- ]
-}
+ ],
+};
const ciscatAlertsSummary = {
title: 'Alerts summary',
@@ -76,16 +65,16 @@ const ciscatAlertsSummary = {
AggregationFields['data.cis.rule_title'],
AggregationFields['data.cis.group'],
AggregationFields['data.cis.result'],
- ]
-}
+ ],
+};
const pmAlertsSummary = {
title: 'Alerts summary',
aggs: [
AggregationFields['rule.description'],
AggregationFields['data.title'],
- ]
-}
+ ],
+};
const tscAlertsSummary = {
title: 'Alerts summary',
@@ -93,8 +82,8 @@ const tscAlertsSummary = {
AggregationFields['agent.name'],
AggregationFields['rule.tsc'],
AggregationFields['rule.description'],
- ]
-}
+ ],
+};
const githubAlertsSummary = {
title: 'Alerts summary',
@@ -102,18 +91,14 @@ const githubAlertsSummary = {
AggregationFields['agent.name'],
AggregationFields['data.github.org'],
AggregationFields['rule.description'],
- ]
-}
+ ],
+};
// 'Wazuh-App-Agents-GDPR-Last-alerts'
const gdprLastAlerts = {
title: 'Last alerts',
- aggs: [
- AggregationFields['rule.gdpr'],
- AggregationFields['rule.description'],
- ]
-
-}
+ aggs: [AggregationFields['rule.gdpr'], AggregationFields['rule.description']],
+};
// 'Wazuh-App-Agents-PCI-Last-alerts'
const pciLastAlerts = {
@@ -121,8 +106,8 @@ const pciLastAlerts = {
aggs: [
AggregationFields['rule.pci_dss'],
AggregationFields['rule.description'],
- ]
-}
+ ],
+};
// 'Wazuh-App-Agents-NIST-Last-alerts'
const nistLastAlerts = {
@@ -131,8 +116,8 @@ const nistLastAlerts = {
AggregationFields['rule.nist_800_53'],
AggregationFields['rule.level'],
AggregationFields['rule.description'],
- ]
-}
+ ],
+};
// 'Wazuh-App-Agents-HIPAA-Last-alerts'
const hipaaLastAlerts = {
@@ -141,8 +126,8 @@ const hipaaLastAlerts = {
AggregationFields['rule.hipaa'],
AggregationFields['rule.level'],
AggregationFields['rule.description'],
- ]
-}
+ ],
+};
// 'Wazuh-App-Agents-OSCAP-Last-alerts'
const oscapLastAlerts = {
@@ -150,8 +135,8 @@ const oscapLastAlerts = {
aggs: [
AggregationFields['data.oscap.check.title'],
AggregationFields['data.oscap.scan.profile.title'],
- ]
-}
+ ],
+};
// 'Wazuh-App-Agents-Audit-Last-alerts'
const auditLastAlerts = {
@@ -160,8 +145,8 @@ const auditLastAlerts = {
AggregationFields['rule.description'],
AggregationFields['data.audit.exe'],
AggregationFields['data.audit.type'],
- ]
-}
+ ],
+};
const dockerAlertsSummary = {
title: 'Events summary',
@@ -169,8 +154,8 @@ const dockerAlertsSummary = {
AggregationFields['data.docker.Actor.Attributes.name'],
AggregationFields['data.docker.Action'],
AggregationFields['timestamp'],
- ]
-}
+ ],
+};
export default {
general: [generalAlertsSummary, generalGroupsSummary],
@@ -181,7 +166,6 @@ export default {
nist: [nistLastAlerts],
gcp: [gcpAlertsSummary],
tsc: [tscAlertsSummary],
- virustotal: [virustotalAlertsSummary],
osquery: [osqueryAlertsSummary],
mitre: [mitreAlertsSummary],
ciscat: [ciscatAlertsSummary],
@@ -191,4 +175,4 @@ export default {
gdpr: [gdprLastAlerts],
pci: [pciLastAlerts],
docker: [dockerAlertsSummary],
-}
+};
diff --git a/plugins/main/server/routes/wazuh-reporting.ts b/plugins/main/server/routes/wazuh-reporting.ts
index 7f78a27458..fe4fde4d70 100644
--- a/plugins/main/server/routes/wazuh-reporting.ts
+++ b/plugins/main/server/routes/wazuh-reporting.ts
@@ -18,16 +18,23 @@ export function WazuhReportingRoutes(router: IRouter) {
const agentIDValidation = schema.string({
minLength: 3,
- validate: (agentID: string) => /^\d{3,}$/.test(agentID) ? undefined : 'must be 0-9 are allowed'
+ validate: (agentID: string) =>
+ /^\d{3,}$/.test(agentID) ? undefined : 'must be 0-9 are allowed',
});
const groupIDValidation = schema.string({
minLength: 1,
- validate: (agentID: string) => /^(?!^(\.{1,2}|all)$)[\w\.\-]+$/.test(agentID) ? undefined : 'must be A-z, 0-9, _, . are allowed. It must not be ., .. or all.'
+ validate: (agentID: string) =>
+ /^(?!^(\.{1,2}|all)$)[\w\.\-]+$/.test(agentID)
+ ? undefined
+ : 'must be A-z, 0-9, _, . are allowed. It must not be ., .. or all.',
});
const ReportFilenameValidation = schema.string({
- validate: (agentID: string) => /^[\w\-\.]+\.pdf$/.test(agentID) ? undefined : 'must be A-z, 0-9, _, ., and - are allowed. It must end with .pdf.'
+ validate: (agentID: string) =>
+ /^[\w\-\.]+\.pdf$/.test(agentID)
+ ? undefined
+ : 'must be A-z, 0-9, _, ., and - are allowed. It must end with .pdf.',
});
const moduleIDValidation = schema.oneOf([
@@ -43,7 +50,6 @@ export function WazuhReportingRoutes(router: IRouter) {
schema.literal('ciscat'),
schema.literal('vuls'),
schema.literal('mitre'),
- schema.literal('virustotal'),
schema.literal('docker'),
schema.literal('osquery'),
schema.literal('oscap'),
@@ -54,129 +60,154 @@ export function WazuhReportingRoutes(router: IRouter) {
schema.literal('tsc'),
]);
- router.post({
- path: '/reports/modules/{moduleID}',
- validate: {
- body: schema.object({
- array: schema.any(),
- browserTimezone: schema.string(),
- serverSideQuery: schema.maybe(schema.any()),
- filters: schema.maybe(schema.any()),
- agents: schema.maybe(schema.oneOf([agentIDValidation, schema.boolean()])),
- components: schema.maybe(schema.any()),
- searchBar: schema.maybe(schema.string()),
- section: schema.maybe(schema.string()),
- tab: schema.string(),
- tables: schema.maybe(schema.any()),
- time: schema.oneOf([schema.object({
- from: schema.string(),
- to: schema.string()
- }), schema.string()]),
- indexPatternTitle: schema.string(),
- apiId: schema.string()
- }),
- params: schema.object({
- moduleID: moduleIDValidation
- })
- }
- },
- (context, request, response) => ctrl.createReportsModules(context, request, response)
+ router.post(
+ {
+ path: '/reports/modules/{moduleID}',
+ validate: {
+ body: schema.object({
+ array: schema.any(),
+ browserTimezone: schema.string(),
+ serverSideQuery: schema.maybe(schema.any()),
+ filters: schema.maybe(schema.any()),
+ agents: schema.maybe(
+ schema.oneOf([agentIDValidation, schema.boolean()]),
+ ),
+ components: schema.maybe(schema.any()),
+ searchBar: schema.maybe(schema.string()),
+ section: schema.maybe(schema.string()),
+ tab: schema.string(),
+ tables: schema.maybe(schema.any()),
+ time: schema.oneOf([
+ schema.object({
+ from: schema.string(),
+ to: schema.string(),
+ }),
+ schema.string(),
+ ]),
+ indexPatternTitle: schema.string(),
+ apiId: schema.string(),
+ }),
+ params: schema.object({
+ moduleID: moduleIDValidation,
+ }),
+ },
+ },
+ (context, request, response) =>
+ ctrl.createReportsModules(context, request, response),
);
- router.post({
- path: '/reports/groups/{groupID}',
- validate: {
- body: schema.object({
- browserTimezone: schema.string(),
- filters: schema.maybe(schema.any()),
- components: schema.maybe(schema.any()),
- section: schema.maybe(schema.string()),
- apiId: schema.string()
- }),
- params: schema.object({
- groupID: groupIDValidation
- })
- }
- },
- (context, request, response) => ctrl.createReportsGroups(context, request, response)
+ router.post(
+ {
+ path: '/reports/groups/{groupID}',
+ validate: {
+ body: schema.object({
+ browserTimezone: schema.string(),
+ filters: schema.maybe(schema.any()),
+ components: schema.maybe(schema.any()),
+ section: schema.maybe(schema.string()),
+ apiId: schema.string(),
+ }),
+ params: schema.object({
+ groupID: groupIDValidation,
+ }),
+ },
+ },
+ (context, request, response) =>
+ ctrl.createReportsGroups(context, request, response),
);
- router.post({
- path: '/reports/agents/{agentID}',
- validate: {
- body: schema.object({
- browserTimezone: schema.string(),
- filters: schema.any(),
- components: schema.maybe(schema.any()),
- section: schema.maybe(schema.string()),
- apiId: schema.string()
- }),
- params: schema.object({
- agentID: agentIDValidation
- })
- }
- },
- (context, request, response) => ctrl.createReportsAgentsConfiguration(context, request, response)
+ router.post(
+ {
+ path: '/reports/agents/{agentID}',
+ validate: {
+ body: schema.object({
+ browserTimezone: schema.string(),
+ filters: schema.any(),
+ components: schema.maybe(schema.any()),
+ section: schema.maybe(schema.string()),
+ apiId: schema.string(),
+ }),
+ params: schema.object({
+ agentID: agentIDValidation,
+ }),
+ },
+ },
+ (context, request, response) =>
+ ctrl.createReportsAgentsConfiguration(context, request, response),
);
- router.post({
- path: '/reports/agents/{agentID}/inventory',
- validate: {
- body: schema.object({
- array: schema.any(),
- browserTimezone: schema.string(),
- serverSideQuery: schema.maybe(schema.any()),
- filters: schema.maybe(schema.any()),
- agents: schema.maybe(schema.oneOf([schema.string(), schema.boolean()])),
- components: schema.maybe(schema.any()),
- searchBar: schema.maybe(schema.oneOf([schema.string(), schema.boolean()])),
- section: schema.maybe(schema.string()),
- tab: schema.string(),
- tables: schema.maybe(schema.any()),
- time: schema.oneOf([schema.object({
- from: schema.string(),
- to: schema.string()
- }), schema.string()]),
- indexPatternTitle: schema.string(),
- apiId: schema.string()
- }),
- params: schema.object({
- agentID: agentIDValidation
- })
- }
- },
- (context, request, response) => ctrl.createReportsAgentsInventory(context, request, response)
+ router.post(
+ {
+ path: '/reports/agents/{agentID}/inventory',
+ validate: {
+ body: schema.object({
+ array: schema.any(),
+ browserTimezone: schema.string(),
+ serverSideQuery: schema.maybe(schema.any()),
+ filters: schema.maybe(schema.any()),
+ agents: schema.maybe(
+ schema.oneOf([schema.string(), schema.boolean()]),
+ ),
+ components: schema.maybe(schema.any()),
+ searchBar: schema.maybe(
+ schema.oneOf([schema.string(), schema.boolean()]),
+ ),
+ section: schema.maybe(schema.string()),
+ tab: schema.string(),
+ tables: schema.maybe(schema.any()),
+ time: schema.oneOf([
+ schema.object({
+ from: schema.string(),
+ to: schema.string(),
+ }),
+ schema.string(),
+ ]),
+ indexPatternTitle: schema.string(),
+ apiId: schema.string(),
+ }),
+ params: schema.object({
+ agentID: agentIDValidation,
+ }),
+ },
+ },
+ (context, request, response) =>
+ ctrl.createReportsAgentsInventory(context, request, response),
);
// Fetch specific report
- router.get({
- path: '/reports/{name}',
- validate: {
- params: schema.object({
- name: ReportFilenameValidation
- })
- }
- },
- (context, request, response) => ctrl.getReportByName(context, request, response)
+ router.get(
+ {
+ path: '/reports/{name}',
+ validate: {
+ params: schema.object({
+ name: ReportFilenameValidation,
+ }),
+ },
+ },
+ (context, request, response) =>
+ ctrl.getReportByName(context, request, response),
);
// Delete specific report
- router.delete({
- path: '/reports/{name}',
- validate: {
- params: schema.object({
- name: ReportFilenameValidation
- })
- }
- },
- (context, request, response) => ctrl.deleteReportByName(context, request, response)
- )
+ router.delete(
+ {
+ path: '/reports/{name}',
+ validate: {
+ params: schema.object({
+ name: ReportFilenameValidation,
+ }),
+ },
+ },
+ (context, request, response) =>
+ ctrl.deleteReportByName(context, request, response),
+ );
// Fetch the reports list
- router.get({
- path: '/reports',
- validate: false
- },
- (context, request, response) => ctrl.getReports(context, request, response)
+ router.get(
+ {
+ path: '/reports',
+ validate: false,
+ },
+ (context, request, response) => ctrl.getReports(context, request, response),
);
}
diff --git a/plugins/wazuh-core/common/constants.ts b/plugins/wazuh-core/common/constants.ts
index 604ab8db86..3b51f2e9bf 100644
--- a/plugins/wazuh-core/common/constants.ts
+++ b/plugins/wazuh-core/common/constants.ts
@@ -82,11 +82,11 @@ export const WAZUH_SAMPLE_ALERTS_CATEGORIES_TYPE_ALERTS = {
{ audit: true },
{ openscap: true },
{ ciscat: true },
+ { virustotal: true },
{ yara: true },
],
[WAZUH_SAMPLE_ALERTS_CATEGORY_THREAT_DETECTION]: [
{ vulnerabilities: true },
- { virustotal: true },
{ osquery: true },
{ docker: true },
{ mitre: true },
diff --git a/scripts/wazuh-alerts-generator/cli.js b/scripts/wazuh-alerts-generator/cli.js
index 960cb418df..bb76d94843 100644
--- a/scripts/wazuh-alerts-generator/cli.js
+++ b/scripts/wazuh-alerts-generator/cli.js
@@ -107,14 +107,15 @@
'web',
'windows',
],
- 'auditing-policy-monitoring': ['audit', 'ciscat', 'openscap', 'rootcheck'],
- 'thread-detection': [
- 'docker',
- 'mitre',
- 'osquery',
+ 'auditing-policy-monitoring': [
+ 'audit',
+ 'ciscat',
+ 'openscap',
+ 'rootcheck',
'virustotal',
- 'vulnerabilities',
+ 'yara',
],
+ 'thread-detection': ['docker', 'mitre', 'osquery', 'vulnerabilities'],
};
function displayHelp() {