From 4060a851936d3f69b619b7c459f8d915b8712d23 Mon Sep 17 00:00:00 2001 From: Guido Modarelli Date: Mon, 30 Sep 2024 11:04:37 -0300 Subject: [PATCH 01/16] Remove Virustotal from Applications list --- plugins/main/public/utils/applications.ts | 1 - 1 file changed, 1 deletion(-) diff --git a/plugins/main/public/utils/applications.ts b/plugins/main/public/utils/applications.ts index 2333823b68..c908a1482a 100644 --- a/plugins/main/public/utils/applications.ts +++ b/plugins/main/public/utils/applications.ts @@ -841,7 +841,6 @@ export const Applications = [ threatHunting, vulnerabilityDetection, mitreAttack, - virustotal, pciDss, hipaa, gdpr, From 076d338eac053d93460c9fbc55638035c02ec0b5 Mon Sep 17 00:00:00 2001 From: Guido Modarelli Date: Mon, 30 Sep 2024 11:10:11 -0300 Subject: [PATCH 02/16] Remove Virustotal feature and dashboards --- CHANGELOG.md | 1 + 1 file changed, 1 insertion(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 0a25674f56..4d100d2353 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -25,6 +25,7 @@ All notable changes to the Wazuh app project will be documented in this file. - Removed agent RBAC filters from dashboard queries [#6945](https://github.com/wazuh/wazuh-dashboard-plugins/pull/6945) - Removed GET /elastic/statistics API endpoint [#7001](https://github.com/wazuh/wazuh-dashboard-plugins/pull/7001) +- Removed virustotal feature and dashboards in favor of malware dashboard [#7038](https://github.com/wazuh/wazuh-dashboard-plugins/pull/7038) ## Wazuh v4.9.1 - OpenSearch Dashboards 2.13.0 - Revision 01 From dfce1d538241cadebf9964a0234f6d5ce1122a02 Mon Sep 17 00:00:00 2001 From: Guido Modarelli Date: Wed, 2 Oct 2024 13:35:22 -0300 Subject: [PATCH 03/16] Remove Virustotal feature and dashboards as they are obsolete --- plugins/main/public/utils/applications.ts | 1 + 1 file changed, 1 insertion(+) diff --git a/plugins/main/public/utils/applications.ts b/plugins/main/public/utils/applications.ts index 7868fe1403..cf54e7ea37 100644 --- a/plugins/main/public/utils/applications.ts +++ b/plugins/main/public/utils/applications.ts @@ -232,6 +232,7 @@ export const mitreAttack = { }`, }; +// The Virustotal feature and dashboards are no longer in use, as they have been replaced by the Malware Dashboard. export const virustotal = { category: 'wz-category-threat-intelligence', id: 'virustotal', From ed1dbb446c5fae6f597440e597bad81668da20e0 Mon Sep 17 00:00:00 2001 From: Guido Modarelli Date: Thu, 3 Oct 2024 08:10:30 -0300 Subject: [PATCH 04/16] Remove VirusTotal --- plugins/main/README.md | 1 - plugins/main/common/constants.ts | 2 - plugins/main/common/wazuh-modules.ts | 6 - .../add-modules-data/sample-data.tsx | 2 - .../data-source/pattern/alerts/index.ts | 1 - .../pattern/alerts/virustotal/index.ts | 1 - .../virustotal/virustotal-data-source.ts | 28 - .../common/modules/modules-defaults.tsx | 18 - .../main/public/components/overview/index.ts | 1 - .../virustotal/dashboard/dashboard.tsx | 168 --- .../virustotal/dashboard/dashboard_panels.ts | 989 ------------------ .../dashboard/dashboard_panels_kpis.ts | 304 ------ .../overview/virustotal/dashboard/index.tsx | 1 - .../dashboard/virustotal_dashboard.scss | 10 - .../virustotal/events/virustotal-columns.tsx | 40 - .../configuration/configuration-settings.js | 7 - .../integrations/integrations.js | 10 - plugins/main/public/utils/applications.ts | 26 - .../agents/index.ts | 12 +- plugins/main/server/routes/wazuh-reporting.ts | 1 - .../basic/modules-directory.page.js | 1 - .../basic/settings/modules.page.js | 31 +- .../basic/wazuh-menu/wazuh-menu.page.js | 1 - .../odfe/modules-directory.page.js | 1 - .../pageobjects/odfe/settings/modules.page.js | 31 +- .../odfe/wazuh-menu/wazuh-menu.page.js | 1 - .../pageobjects/wzd/modules-directory.page.js | 1 - .../pageobjects/wzd/settings/modules.page.js | 31 +- .../wzd/wazuh-menu/wazuh-menu.page.js | 1 - .../xpack/modules-directory.page.js | 1 - .../xpack/settings/modules.page.js | 31 +- .../xpack/wazuh-menu/wazuh-menu.page.js | 4 +- .../utils/mappers/basic/modules-mapper.js | 2 - .../utils/mappers/odfe/modules-mapper.js | 2 - .../utils/mappers/wzd/modules-mapper.js | 2 - .../utils/mappers/xpack/modules-mapper.js | 2 - scripts/wazuh-alerts-generator/cli.js | 8 +- 37 files changed, 84 insertions(+), 1695 deletions(-) delete mode 100644 plugins/main/public/components/common/data-source/pattern/alerts/virustotal/index.ts delete mode 100644 plugins/main/public/components/common/data-source/pattern/alerts/virustotal/virustotal-data-source.ts delete mode 100644 plugins/main/public/components/overview/virustotal/dashboard/dashboard.tsx delete mode 100644 plugins/main/public/components/overview/virustotal/dashboard/dashboard_panels.ts delete mode 100644 plugins/main/public/components/overview/virustotal/dashboard/dashboard_panels_kpis.ts delete mode 100644 plugins/main/public/components/overview/virustotal/dashboard/index.tsx delete mode 100644 plugins/main/public/components/overview/virustotal/dashboard/virustotal_dashboard.scss delete mode 100644 plugins/main/public/components/overview/virustotal/events/virustotal-columns.tsx diff --git a/plugins/main/README.md b/plugins/main/README.md index 0d60d6fd32..8a0263c001 100644 --- a/plugins/main/README.md +++ b/plugins/main/README.md @@ -26,7 +26,6 @@ the Wazuh Indexer. The plugin provides the following capabilities: - Threat Detection and Response - Vulnerabilities: Discover what applications in your environment are affected by well-known vulnerabilities. - MITRE ATT&CK: Explore security alerts mapped to adversary tactics and techniques for better threat understanding. - - VirusTotal: Alerts resulting from VirusTotal analysis of suspicious files via an integration with their API. - Osquery: Osquery can be used to expose an operating system as a high-performance relational database. - Docker listener: Monitor and collect the activity from Docker containers such as creation, running, starting, stopping or pausing events. - Regulatory Compliance diff --git a/plugins/main/common/constants.ts b/plugins/main/common/constants.ts index 33e6bac766..12eca2799a 100644 --- a/plugins/main/common/constants.ts +++ b/plugins/main/common/constants.ts @@ -243,8 +243,6 @@ export const DATA_SOURCE_FILTER_CONTROLLED_MITRE_ATTACK_RULE = 'mitre-attack-rule'; export const DATA_SOURCE_FILTER_CONTROLLED_MITRE_ATTACK_RULE_ID = 'hidden-mitre-attack-rule-id'; -export const DATA_SOURCE_FILTER_CONTROLLED_VIRUSTOTAL_RULE_GROUP = - 'virustotal-rule-group'; export const DATA_SOURCE_FILTER_CONTROLLED_GOOGLE_CLOUD_RULE_GROUP = 'gcp-rule-group'; export const DATA_SOURCE_FILTER_CONTROLLED_MALWARE_DETECTION_RULE_GROUP = diff --git a/plugins/main/common/wazuh-modules.ts b/plugins/main/common/wazuh-modules.ts index 82eb87c3bf..f251c03f0d 100644 --- a/plugins/main/common/wazuh-modules.ts +++ b/plugins/main/common/wazuh-modules.ts @@ -99,12 +99,6 @@ export const WAZUH_MODULES = { description: 'Security events related to your Google Cloud Platform services, collected directly via GCP API.', // TODO GCP }, - virustotal: { - title: 'VirusTotal', - appId: 'virustotal', - description: - 'Alerts resulting from VirusTotal analysis of suspicious files via an integration with their API.', - }, mitre: { title: 'MITRE ATT&CK', appId: 'mitre-attack', diff --git a/plugins/main/public/components/add-modules-data/sample-data.tsx b/plugins/main/public/components/add-modules-data/sample-data.tsx index ee7ab442ca..4c9839ebec 100644 --- a/plugins/main/public/components/add-modules-data/sample-data.tsx +++ b/plugins/main/public/components/add-modules-data/sample-data.tsx @@ -37,7 +37,6 @@ import { malwareDetection, mitreAttack, office365, - virustotal, vulnerabilityDetection, } from '../../utils/applications'; @@ -51,7 +50,6 @@ const sampleSecurityInformationApplication = [ const sampleThreatDetectionApplication = [ vulnerabilityDetection.title, - virustotal.title, docker.title, mitreAttack.title, ]; diff --git a/plugins/main/public/components/common/data-source/pattern/alerts/index.ts b/plugins/main/public/components/common/data-source/pattern/alerts/index.ts index effcfe3e7b..c093c8a4fe 100644 --- a/plugins/main/public/components/common/data-source/pattern/alerts/index.ts +++ b/plugins/main/public/components/common/data-source/pattern/alerts/index.ts @@ -8,7 +8,6 @@ export * from './docker'; export * from './malware-detection'; export * from './vulnerabilities'; export * from './hipaa'; -export * from './virustotal'; export * from './nist-800-53'; export * from './mitre-attack'; export * from './pci-dss'; diff --git a/plugins/main/public/components/common/data-source/pattern/alerts/virustotal/index.ts b/plugins/main/public/components/common/data-source/pattern/alerts/virustotal/index.ts deleted file mode 100644 index ffed0ecacd..0000000000 --- a/plugins/main/public/components/common/data-source/pattern/alerts/virustotal/index.ts +++ /dev/null @@ -1 +0,0 @@ -export * from './virustotal-data-source'; diff --git a/plugins/main/public/components/common/data-source/pattern/alerts/virustotal/virustotal-data-source.ts b/plugins/main/public/components/common/data-source/pattern/alerts/virustotal/virustotal-data-source.ts deleted file mode 100644 index bd477527a1..0000000000 --- a/plugins/main/public/components/common/data-source/pattern/alerts/virustotal/virustotal-data-source.ts +++ /dev/null @@ -1,28 +0,0 @@ -import { tFilter } from '../../../index'; -import { DATA_SOURCE_FILTER_CONTROLLED_VIRUSTOTAL_RULE_GROUP } from '../../../../../../../common/constants'; -import { AlertsDataSource } from '../alerts-data-source'; - -const VIRUSTOTAL_GROUP_KEY = 'rule.groups'; -const VIRUSTOTAL_GROUP_VALUE = 'virustotal'; - -export class VirusTotalDataSource extends AlertsDataSource { - constructor(id: string, title: string) { - super(id, title); - } - - getRuleGroupsFilter() { - return super.getRuleGroupsFilter( - VIRUSTOTAL_GROUP_KEY, - VIRUSTOTAL_GROUP_VALUE, - DATA_SOURCE_FILTER_CONTROLLED_VIRUSTOTAL_RULE_GROUP, - ); - } - - getFixedFilters(): tFilter[] { - return [ - ...super.getFixedFiltersClusterManager(), - ...this.getRuleGroupsFilter(), - ...super.getFixedFilters(), - ]; - } -} diff --git a/plugins/main/public/components/common/modules/modules-defaults.tsx b/plugins/main/public/components/common/modules/modules-defaults.tsx index 926216572a..0fc4b4b5bc 100644 --- a/plugins/main/public/components/common/modules/modules-defaults.tsx +++ b/plugins/main/public/components/common/modules/modules-defaults.tsx @@ -38,7 +38,6 @@ import { gdprColumns } from '../../overview/gdpr/events/gdpr-columns'; import { tscColumns } from '../../overview/tsc/events/tsc-columns'; import { githubColumns } from '../../overview/github/events/github-columns'; import { mitreAttackColumns } from '../../overview/mitre/events/mitre-attack-columns'; -import { virustotalColumns } from '../../overview/virustotal/events/virustotal-columns'; import { malwareDetectionColumns } from '../../overview/malware-detection/events/malware-detection-columns'; import { WAZUH_VULNERABILITIES_PATTERN } from '../../../../common/constants'; import { @@ -55,7 +54,6 @@ import { DashboardAWS, DashboardOffice365, DashboardThreatHunting, - DashboardVirustotal, DashboardGoogleCloud, DashboardVuls, InventoryVuls, @@ -64,7 +62,6 @@ import { DockerDataSource, AlertsVulnerabilitiesDataSource, AWSDataSource, - VirusTotalDataSource, FIMDataSource, GitHubDataSource, MalwareDetectionDataSource, @@ -311,21 +308,6 @@ export const ModulesDefaults = { ], availableFor: ['manager', 'agent'], }, - virustotal: { - tabs: [ - { - id: 'dashboard', - name: 'Dashboard', - buttons: [ButtonExploreAgent, ButtonModuleGenerateReport], - component: DashboardVirustotal, - }, - renderDiscoverTab({ - tableColumns: virustotalColumns, - DataSource: VirusTotalDataSource, - }), - ], - availableFor: ['manager', 'agent'], - }, docker: { init: 'dashboard', tabs: [ diff --git a/plugins/main/public/components/overview/index.ts b/plugins/main/public/components/overview/index.ts index 74f6becf54..03bc993a63 100644 --- a/plugins/main/public/components/overview/index.ts +++ b/plugins/main/public/components/overview/index.ts @@ -12,5 +12,4 @@ export { DashboardPCIDSS } from './pci/dashboards'; export { DashboardOffice365 } from './office/dashboard'; export { DashboardThreatHunting } from './threat-hunting/dashboard'; export { DashboardTSC } from './tsc/dashboards'; -export { DashboardVirustotal } from './virustotal/dashboard'; export { DashboardVuls, InventoryVuls } from './vulnerabilities'; diff --git a/plugins/main/public/components/overview/virustotal/dashboard/dashboard.tsx b/plugins/main/public/components/overview/virustotal/dashboard/dashboard.tsx deleted file mode 100644 index 29cf0cff74..0000000000 --- a/plugins/main/public/components/overview/virustotal/dashboard/dashboard.tsx +++ /dev/null @@ -1,168 +0,0 @@ -import React, { useState, useEffect } from 'react'; -import { getPlugins } from '../../../../kibana-services'; -import { ViewMode } from '../../../../../../../src/plugins/embeddable/public'; -import { SearchResponse } from '../../../../../../../src/core/server'; -import { IndexPattern } from '../../../../../../../src/plugins/data/common'; -import { getDashboardPanels } from './dashboard_panels'; -import { I18nProvider } from '@osd/i18n/react'; -import useSearchBar from '../../../common/search-bar/use-search-bar'; -import { getKPIsPanel } from './dashboard_panels_kpis'; -import { - ErrorFactory, - ErrorHandler, - HttpError, -} from '../../../../react-services/error-management'; -import { withErrorBoundary } from '../../../common/hocs/error-boundary/with-error-boundary'; -import { SampleDataWarning } from '../../../visualize/components/sample-data-warning'; -import { - AlertsDataSourceRepository, - PatternDataSource, - tParsedIndexPattern, - useDataSource, -} from '../../../common/data-source'; -import { LoadingSearchbarProgress } from '../../../common/loading-searchbar-progress/loading-searchbar-progress'; -import { DiscoverNoResults } from '../../../common/no-results/no-results'; -import { VirusTotalDataSource } from '../../../common/data-source/pattern/alerts/virustotal/virustotal-data-source'; -import './virustotal_dashboard.scss'; -import { useReportingCommunicateSearchContext } from '../../../common/hooks/use-reporting-communicate-search-context'; -import { WzSearchBar } from '../../../common/search-bar'; - -const plugins = getPlugins(); - -const DashboardByRenderer = plugins.dashboard.DashboardContainerByValueRenderer; - -const DashboardVT: React.FC = () => { - const AlertsRepository = new AlertsDataSourceRepository(); - const { - filters, - dataSource, - fetchFilters, - fixedFilters, - isLoading: isDataSourceLoading, - fetchData, - setFilters, - } = useDataSource({ - DataSource: VirusTotalDataSource, - repository: AlertsRepository, - }); - - const [results, setResults] = useState({} as SearchResponse); - - const { searchBarProps } = useSearchBar({ - indexPattern: dataSource?.indexPattern as IndexPattern, - filters, - setFilters, - }); - const { query, absoluteDateRange } = searchBarProps; - - useReportingCommunicateSearchContext({ - isSearching: isDataSourceLoading, - totalResults: results?.hits?.total ?? 0, - indexPattern: dataSource?.indexPattern, - filters: fetchFilters, - query: query, - time: absoluteDateRange, - }); - - useEffect(() => { - if (isDataSourceLoading) { - return; - } - fetchData({ - query, - dateRange: absoluteDateRange, - }) - .then(results => { - setResults(results); - }) - .catch(error => { - const searchError = ErrorFactory.create(HttpError, { - error, - message: 'Error fetching data', - }); - ErrorHandler.handleError(searchError); - }); - }, [ - isDataSourceLoading, - JSON.stringify(fetchFilters), - JSON.stringify(query), - JSON.stringify(absoluteDateRange), - ]); - - return ( - - {isDataSourceLoading && !dataSource ? ( - - ) : ( - <> - - {!isDataSourceLoading && dataSource && results?.hits?.total > 0 ? ( - - ) : null} - {dataSource && results?.hits?.total === 0 ? ( - - ) : null} -
0 - ? '' - : 'wz-no-display' - }`} - > - - -
- - )} - - ); -}; - -export const DashboardVirustotal = withErrorBoundary(DashboardVT); diff --git a/plugins/main/public/components/overview/virustotal/dashboard/dashboard_panels.ts b/plugins/main/public/components/overview/virustotal/dashboard/dashboard_panels.ts deleted file mode 100644 index 1ec019da2b..0000000000 --- a/plugins/main/public/components/overview/virustotal/dashboard/dashboard_panels.ts +++ /dev/null @@ -1,989 +0,0 @@ -import { DashboardPanelState } from '../../../../../../../../src/plugins/dashboard/public/application'; -import { EmbeddableInput } from '../../../../../../../../src/plugins/embeddable/public'; - -/* WARNING: The panel id must be unique including general and agents visualizations. Otherwise, the visualizations will not refresh when we pin an agent, because they are cached by id */ - -/* Overview visualizations */ - -const getVisStateTop5UniqueMaliciousFilesPerAgent = ( - indexPatternId: string, -) => { - return { - id: 'Wazuh-App-Overview-Virustotal-Malicious-Per-Agent', - title: 'Top 5 agents with unique malicious files', - type: 'pie', - params: { - type: 'pie', - addTooltip: true, - addLegend: true, - legendPosition: 'right', - isDonut: true, - labels: { - show: false, - values: true, - last_level: true, - truncate: 100, - }, - }, - data: { - searchSource: { - query: { - language: 'kuery', - query: '', - }, - filter: [ - { - meta: { - index: 'wazuh-alerts', - negate: true, - disabled: false, - alias: null, - type: 'phrase', - key: 'data.virustotal.malicious', - value: '0', - params: { - query: '0', - type: 'phrase', - }, - }, - query: { - match: { - 'data.virustotal.malicious': { - query: '0', - type: 'phrase', - }, - }, - }, - $state: { - store: 'appState', - }, - }, - ], - index: indexPatternId, - }, - references: [ - { - name: 'kibanaSavedObjectMeta.searchSourceJSON.index', - type: 'index-pattern', - id: indexPatternId, - }, - ], - aggs: [ - { - id: '1', - enabled: true, - type: 'cardinality', - schema: 'metric', - params: { field: 'data.virustotal.source.md5' }, - }, - { - id: '2', - enabled: true, - type: 'terms', - schema: 'segment', - params: { - field: 'agent.name', - size: 5, - order: 'desc', - orderBy: '1', - }, - }, - ], - }, - }; -}; - -const getVisStateLastScannedFiles = (indexPatternId: string) => { - return { - id: 'Wazuh-App-Overview-Virustotal-Last-Files-Pie', - title: 'Last scanned files', - type: 'pie', - params: { - type: 'pie', - addTooltip: true, - addLegend: true, - legendPosition: 'right', - isDonut: true, - labels: { - show: false, - values: true, - last_level: true, - truncate: 100, - }, - }, - uiState: { - vis: { legendOpen: true }, - }, - data: { - searchSource: { - query: { - language: 'kuery', - query: '', - }, - filter: [], - index: indexPatternId, - }, - references: [ - { - name: 'kibanaSavedObjectMeta.searchSourceJSON.index', - type: 'index-pattern', - id: indexPatternId, - }, - ], - aggs: [ - { - id: '1', - enabled: true, - type: 'count', - schema: 'metric', - params: { customLabel: 'Files' }, - }, - { - id: '2', - enabled: true, - type: 'terms', - schema: 'segment', - params: { - field: 'data.virustotal.source.file', - size: 5, - order: 'desc', - orderBy: '1', - }, - }, - ], - }, - }; -}; - -const getVisStateAlertsEvolutionByAgents = (indexPatternId: string) => { - return { - id: 'Wazuh-App-Overview-Virustotal-Alerts-Evolution', - title: 'Alerts evolution by agents', - type: 'histogram', - params: { - type: 'histogram', - grid: { categoryLines: false }, - categoryAxes: [ - { - id: 'CategoryAxis-1', - type: 'category', - position: 'bottom', - show: true, - style: {}, - scale: { type: 'linear' }, - labels: { show: true, filter: true, truncate: 100 }, - title: {}, - }, - ], - valueAxes: [ - { - id: 'ValueAxis-1', - name: 'LeftAxis-1', - type: 'value', - position: 'left', - show: true, - style: {}, - scale: { type: 'linear', mode: 'normal' }, - labels: { show: true, rotate: 0, filter: false, truncate: 100 }, - title: { text: 'Count' }, - }, - ], - seriesParams: [ - { - show: true, - type: 'histogram', - mode: 'stacked', - data: { label: 'Count', id: '1' }, - valueAxis: 'ValueAxis-1', - drawLinesBetweenPoints: true, - lineWidth: 2, - showCircles: true, - }, - ], - addTooltip: true, - addLegend: true, - legendPosition: 'right', - times: [], - addTimeMarker: false, - labels: { show: false }, - thresholdLine: { - show: false, - value: 10, - width: 1, - style: 'full', - color: '#E7664C', - }, - dimensions: { - x: { - accessor: 0, - format: { id: 'date', params: { pattern: 'YYYY-MM-DD HH:mm' } }, - params: { - date: true, - interval: 'PT3H', - intervalOpenSearchValue: 3, - intervalOpenSearchUnit: 'h', - format: 'YYYY-MM-DD HH:mm', - bounds: { - min: '2020-04-17T12:11:35.943Z', - max: '2020-04-24T12:11:35.944Z', - }, - }, - label: 'timestamp per 3 hours', - aggType: 'date_histogram', - }, - y: [ - { - accessor: 2, - format: { id: 'number' }, - params: {}, - label: 'Count', - aggType: 'count', - }, - ], - series: [ - { - accessor: 1, - format: { - id: 'string', - params: { - parsedUrl: { - origin: 'http://localhost:5601', - pathname: '/app/kibana', - basePath: '', - }, - }, - }, - params: {}, - label: 'Top 5 unusual terms in agent.name', - aggType: 'significant_terms', - }, - ], - }, - radiusRatio: 50, - }, - uiState: { - vis: { - defaultColors: { - '0 - 7': 'rgb(247,251,255)', - '7 - 13': 'rgb(219,233,246)', - '13 - 20': 'rgb(187,214,235)', - '20 - 26': 'rgb(137,190,220)', - '26 - 33': 'rgb(83,158,205)', - '33 - 39': 'rgb(42,123,186)', - '39 - 45': 'rgb(11,85,159)', - }, - legendOpen: true, - }, - }, - data: { - searchSource: { - query: { - language: 'kuery', - query: '', - }, - filter: [ - { - meta: { - index: 'wazuh-alerts', - negate: false, - disabled: false, - alias: null, - type: 'exists', - key: 'data.virustotal.positives', - value: 'exists', - }, - exists: { - field: 'data.virustotal.positives', - }, - $state: { - store: 'appState', - }, - }, - { - meta: { - index: 'wazuh-alerts', - negate: true, - disabled: false, - alias: null, - type: 'phrase', - key: 'data.virustotal.positives', - value: '0', - params: { - query: 0, - type: 'phrase', - }, - }, - query: { - match: { - 'data.virustotal.positives': { - query: 0, - type: 'phrase', - }, - }, - }, - $state: { - store: 'appState', - }, - }, - ], - index: indexPatternId, - }, - references: [ - { - name: 'kibanaSavedObjectMeta.searchSourceJSON.index', - type: 'index-pattern', - id: indexPatternId, - }, - ], - aggs: [ - { - id: '1', - enabled: true, - type: 'count', - schema: 'metric', - params: {}, - }, - { - id: '3', - enabled: true, - type: 'terms', - schema: 'group', - params: { - field: 'agent.name', - orderBy: '1', - order: 'desc', - size: 5, - otherBucket: false, - otherBucketLabel: 'Other', - missingBucket: false, - missingBucketLabel: 'Missing', - }, - }, - { - id: '2', - enabled: true, - type: 'date_histogram', - schema: 'segment', - params: { - field: 'timestamp', - timeRange: { from: 'now-7d', to: 'now' }, - useNormalizedEsInterval: true, - scaleMetricValues: false, - interval: 'auto', - drop_partials: false, - min_doc_count: 1, - extended_bounds: {}, - }, - }, - ], - }, - }; -}; - -const getVisStateMaliciousFilesAlertsEvolution = (indexPatternId: string) => { - return { - id: 'Wazuh-App-Overview-Virustotal-Malicious-Evolution', - title: 'Malicious files alerts evolution', - type: 'histogram', - params: { - type: 'histogram', - grid: { categoryLines: false, style: { color: '#eee' } }, - categoryAxes: [ - { - id: 'CategoryAxis-1', - type: 'category', - position: 'bottom', - show: true, - style: {}, - scale: { type: 'linear' }, - labels: { show: true, filter: true, truncate: 100 }, - title: {}, - }, - ], - valueAxes: [ - { - id: 'ValueAxis-1', - name: 'LeftAxis-1', - type: 'value', - position: 'left', - show: true, - style: {}, - scale: { type: 'linear', mode: 'normal' }, - labels: { show: true, rotate: 0, filter: false, truncate: 100 }, - title: { text: 'Malicious' }, - }, - ], - seriesParams: [ - { - show: 'true', - type: 'histogram', - mode: 'stacked', - data: { label: 'Malicious', id: '1' }, - valueAxis: 'ValueAxis-1', - drawLinesBetweenPoints: true, - showCircles: true, - }, - ], - addTooltip: true, - addLegend: false, - legendPosition: 'right', - times: [], - addTimeMarker: false, - }, - data: { - searchSource: { - query: { - language: 'kuery', - query: '', - }, - filter: [ - { - meta: { - index: 'wazuh-alerts', - negate: false, - disabled: false, - alias: null, - type: 'exists', - key: 'data.virustotal.malicious', - value: 'exists', - }, - exists: { - field: 'data.virustotal.malicious', - }, - $state: { - store: 'appState', - }, - }, - { - meta: { - index: 'wazuh-alerts', - negate: true, - disabled: false, - alias: null, - type: 'phrase', - key: 'data.virustotal.malicious', - value: '0', - params: { - query: 0, - type: 'phrase', - }, - }, - query: { - match: { - 'data.virustotal.malicious': { - query: 0, - type: 'phrase', - }, - }, - }, - $state: { - store: 'appState', - }, - }, - ], - index: indexPatternId, - }, - references: [ - { - name: 'kibanaSavedObjectMeta.searchSourceJSON.index', - type: 'index-pattern', - id: indexPatternId, - }, - ], - aggs: [ - { - id: '1', - enabled: true, - type: 'count', - schema: 'metric', - params: { customLabel: 'Malicious' }, - }, - { - id: '2', - enabled: true, - type: 'date_histogram', - schema: 'segment', - params: { - field: 'timestamp', - interval: 'auto', - customInterval: '2h', - min_doc_count: 1, - extended_bounds: {}, - }, - }, - ], - }, - }; -}; - -const getVisStateLastFiles = (indexPatternId: string) => { - return { - id: 'Wazuh-App-Overview-Virustotal-Files-Table', - title: 'Last files', - type: 'table', - params: { - perPage: 10, - showPartialRows: false, - showMeticsAtAllLevels: false, - sort: { columnIndex: 2, direction: 'desc' }, - showTotal: false, - showToolbar: true, - totalFunc: 'sum', - }, - uiState: { - vis: { params: { sort: { columnIndex: 2, direction: 'desc' } } }, - }, - data: { - searchSource: { - query: { - language: 'kuery', - query: '', - }, - filter: [], - index: indexPatternId, - }, - references: [ - { - name: 'kibanaSavedObjectMeta.searchSourceJSON.index', - type: 'index-pattern', - id: indexPatternId, - }, - ], - aggs: [ - { - id: '1', - enabled: true, - type: 'count', - schema: 'metric', - params: { customLabel: 'Count' }, - }, - { - id: '4', - enabled: true, - type: 'terms', - schema: 'bucket', - params: { - field: 'data.virustotal.source.file', - size: 10, - order: 'desc', - orderBy: '1', - customLabel: 'File', - }, - }, - { - id: '2', - enabled: true, - type: 'terms', - schema: 'bucket', - params: { - field: 'data.virustotal.permalink', - size: 1, - order: 'desc', - orderBy: '1', - customLabel: 'Link', - }, - }, - ], - }, - }; -}; - -/* Agent visualizations */ - -const getVisStateAgentLastScannedFiles = (indexPatternId: string) => { - return { - id: 'Wazuh-App-Agents-Virustotal-Last-Files-Pie', - title: 'Last scanned files', - type: 'pie', - params: { - type: 'pie', - addTooltip: true, - addLegend: true, - legendPosition: 'right', - isDonut: true, - labels: { show: false, values: true, last_level: true, truncate: 100 }, - }, - uiState: { vis: { legendOpen: true } }, - data: { - searchSource: { - query: { - language: 'kuery', - query: '', - }, - filter: [], - index: indexPatternId, - }, - references: [ - { - name: 'kibanaSavedObjectMeta.searchSourceJSON.index', - type: 'index-pattern', - id: indexPatternId, - }, - ], - aggs: [ - { - id: '1', - enabled: true, - type: 'count', - schema: 'metric', - params: { customLabel: 'Files' }, - }, - { - id: '2', - enabled: true, - type: 'terms', - schema: 'segment', - params: { - field: 'data.virustotal.source.file', - size: 5, - order: 'desc', - orderBy: '1', - }, - }, - ], - }, - }; -}; - -const getVisStateAgentMaliciousFilesAlertsEvolution = ( - indexPatternId: string, -) => { - return { - id: 'Wazuh-App-Agents-Virustotal-Malicious-Evolution', - title: 'Malicious files alerts Evolution', - type: 'histogram', - params: { - type: 'histogram', - grid: { categoryLines: false, style: { color: '#eee' } }, - categoryAxes: [ - { - id: 'CategoryAxis-1', - type: 'category', - position: 'bottom', - show: true, - style: {}, - scale: { type: 'linear' }, - labels: { show: true, filter: true, truncate: 100 }, - title: {}, - }, - ], - valueAxes: [ - { - id: 'ValueAxis-1', - name: 'LeftAxis-1', - type: 'value', - position: 'left', - show: true, - style: {}, - scale: { type: 'linear', mode: 'normal' }, - labels: { show: true, rotate: 0, filter: false, truncate: 100 }, - title: { text: 'Malicious' }, - }, - ], - seriesParams: [ - { - show: 'true', - type: 'histogram', - mode: 'stacked', - data: { label: 'Malicious', id: '1' }, - valueAxis: 'ValueAxis-1', - drawLinesBetweenPoints: true, - showCircles: true, - }, - ], - addTooltip: true, - addLegend: false, - legendPosition: 'right', - times: [], - addTimeMarker: false, - }, - data: { - searchSource: { - query: { - language: 'kuery', - query: '', - }, - filter: [ - { - meta: { - index: 'wazuh-alerts', - negate: false, - disabled: false, - alias: null, - type: 'exists', - key: 'data.virustotal.positives', - value: 'exists', - }, - exists: { - field: 'data.virustotal.positives', - }, - $state: { - store: 'appState', - }, - }, - { - meta: { - index: 'wazuh-alerts', - negate: true, - disabled: false, - alias: null, - type: 'phrase', - key: 'data.virustotal.positives', - value: '0', - params: { - query: 0, - type: 'phrase', - }, - }, - query: { - match: { - 'data.virustotal.positives': { - query: 0, - type: 'phrase', - }, - }, - }, - $state: { - store: 'appState', - }, - }, - ], - index: indexPatternId, - }, - references: [ - { - name: 'kibanaSavedObjectMeta.searchSourceJSON.index', - type: 'index-pattern', - id: indexPatternId, - }, - ], - aggs: [ - { - id: '1', - enabled: true, - type: 'count', - schema: 'metric', - params: { customLabel: 'Malicious' }, - }, - { - id: '2', - enabled: true, - type: 'date_histogram', - schema: 'segment', - params: { - field: 'timestamp', - interval: 'auto', - customInterval: '2h', - min_doc_count: 1, - extended_bounds: {}, - }, - }, - ], - }, - }; -}; - -const getVisStateAgentLastFiles = (indexPatternId: string) => { - return { - id: 'Wazuh-App-Agents-Virustotal-Files-Table', - title: 'Last files', - type: 'table', - params: { - perPage: 10, - showPartialRows: false, - showMeticsAtAllLevels: false, - sort: { columnIndex: 2, direction: 'desc' }, - showTotal: false, - showToolbar: true, - totalFunc: 'sum', - }, - uiState: { - vis: { params: { sort: { columnIndex: 2, direction: 'desc' } } }, - }, - data: { - searchSource: { - query: { - language: 'kuery', - query: '', - }, - filter: [], - index: indexPatternId, - }, - references: [ - { - name: 'kibanaSavedObjectMeta.searchSourceJSON.index', - type: 'index-pattern', - id: indexPatternId, - }, - ], - aggs: [ - { - id: '1', - enabled: true, - type: 'count', - schema: 'metric', - params: { customLabel: 'Count' }, - }, - { - id: '4', - enabled: true, - type: 'terms', - schema: 'bucket', - params: { - field: 'data.virustotal.source.file', - size: 10, - order: 'desc', - orderBy: '1', - customLabel: 'File', - }, - }, - { - id: '2', - enabled: true, - type: 'terms', - schema: 'bucket', - params: { - field: 'data.virustotal.permalink', - size: 1, - order: 'desc', - orderBy: '1', - missingBucket: true, - missingBucketLabel: '-', - customLabel: 'Link', - }, - }, - ], - }, - }; -}; - -/* Definitiion of panels */ - -export const getDashboardPanels = ( - indexPatternId: string, - pinnedAgent?: boolean, -): { - [panelId: string]: DashboardPanelState< - EmbeddableInput & { [k: string]: unknown } - >; -} => { - const pinnedAgentPanels = { - '6': { - gridData: { - w: 12, - h: 9, - x: 0, - y: 0, - i: '6', - }, - type: 'visualization', - explicitInput: { - id: '6', - savedVis: getVisStateAgentLastScannedFiles(indexPatternId), - }, - }, - '7': { - gridData: { - w: 36, - h: 9, - x: 12, - y: 0, - i: '7', - }, - type: 'visualization', - explicitInput: { - id: '7', - savedVis: getVisStateAgentMaliciousFilesAlertsEvolution(indexPatternId), - }, - }, - '8': { - gridData: { - w: 48, - h: 20, - x: 0, - y: 9, - i: '8', - }, - type: 'visualization', - explicitInput: { - id: '8', - savedVis: getVisStateAgentLastFiles(indexPatternId), - }, - }, - }; - - const panels = { - '1': { - gridData: { - w: 24, - h: 13, - x: 0, - y: 0, - i: '1', - }, - type: 'visualization', - explicitInput: { - id: '1', - savedVis: getVisStateTop5UniqueMaliciousFilesPerAgent(indexPatternId), - }, - }, - '2': { - gridData: { - w: 24, - h: 13, - x: 28, - y: 0, - i: '2', - }, - type: 'visualization', - explicitInput: { - id: '2', - savedVis: getVisStateLastScannedFiles(indexPatternId), - }, - }, - '3': { - gridData: { - w: 48, - h: 20, - x: 0, - y: 13, - i: '3', - }, - type: 'visualization', - explicitInput: { - id: '3', - savedVis: getVisStateAlertsEvolutionByAgents(indexPatternId), - }, - }, - '4': { - gridData: { - w: 48, - h: 9, - x: 0, - y: 23, - i: '4', - }, - type: 'visualization', - explicitInput: { - id: '4', - savedVis: getVisStateMaliciousFilesAlertsEvolution(indexPatternId), - }, - }, - '5': { - gridData: { - w: 48, - h: 20, - x: 0, - y: 32, - i: '5', - }, - type: 'visualization', - explicitInput: { - id: '5', - savedVis: getVisStateLastFiles(indexPatternId), - }, - }, - }; - - return pinnedAgent ? pinnedAgentPanels : panels; -}; diff --git a/plugins/main/public/components/overview/virustotal/dashboard/dashboard_panels_kpis.ts b/plugins/main/public/components/overview/virustotal/dashboard/dashboard_panels_kpis.ts deleted file mode 100644 index 3a738bcc66..0000000000 --- a/plugins/main/public/components/overview/virustotal/dashboard/dashboard_panels_kpis.ts +++ /dev/null @@ -1,304 +0,0 @@ -import { DashboardPanelState } from '../../../../../../../../src/plugins/dashboard/public/application'; -import { EmbeddableInput } from '../../../../../../../../src/plugins/embeddable/public'; - -const getVisStateTotalMalicious = (indexPatternId: string) => { - return { - id: 'Wazuh-App-Overview-Virustotal-Total-Malicious', - title: 'Total Malicious', - type: 'metric', - params: { - addTooltip: true, - addLegend: false, - type: 'metric', - metric: { - percentageMode: false, - useRanges: false, - colorSchema: 'Reds', - metricColorMode: 'Labels', - colorsRange: [ - { - from: 0, - to: 0, - }, - { - from: 0, - to: 0, - }, - ], - labels: { - show: true, - }, - invertColors: false, - style: { - bgFill: '#000', - bgColor: false, - labelColor: false, - subText: '', - fontSize: 40, - }, - }, - }, - data: { - searchSource: { - query: { - language: 'kuery', - query: '', - }, - filter: [], - index: indexPatternId, - }, - references: [ - { - name: 'kibanaSavedObjectMeta.searchSourceJSON.index', - type: 'index-pattern', - id: indexPatternId, - }, - ], - aggs: [ - { - id: '1', - enabled: true, - type: 'count', - schema: 'metric', - params: { customLabel: ' ' }, - }, - { - id: '2', - enabled: true, - type: 'filters', - params: { - filters: [ - { - input: { - query: 'data.virustotal.malicious: 1', - language: 'kuery', - }, - label: '- Total malicious', - }, - ], - }, - schema: 'group', - }, - ], - }, - }; -}; - -const getVisStateTotalPositives = (indexPatternId: string) => { - return { - id: 'Wazuh-App-Overview-Virustotal-Total-Positives', - title: 'Total Positives', - type: 'metric', - params: { - addTooltip: true, - addLegend: false, - type: 'metric', - metric: { - percentageMode: false, - useRanges: false, - colorSchema: 'Greens', - metricColorMode: 'Labels', - colorsRange: [ - { - from: 0, - to: 0, - }, - { - from: 0, - to: 0, - }, - ], - labels: { - show: true, - }, - invertColors: false, - style: { - bgFill: '#000', - bgColor: false, - labelColor: false, - subText: '', - fontSize: 40, - }, - }, - }, - data: { - searchSource: { - query: { - language: 'kuery', - query: '', - }, - filter: [], - index: indexPatternId, - }, - references: [ - { - name: 'kibanaSavedObjectMeta.searchSourceJSON.index', - type: 'index-pattern', - id: indexPatternId, - }, - ], - aggs: [ - { - id: '1', - enabled: true, - type: 'count', - schema: 'metric', - params: { customLabel: ' ' }, - }, - { - id: '2', - enabled: true, - type: 'filters', - params: { - filters: [ - { - input: { - query: 'data.virustotal.positives: *', - language: 'kuery', - }, - label: '- Total Positives', - }, - ], - }, - schema: 'group', - }, - ], - }, - }; -}; - -const getVisStateTotal = (indexPatternId: string) => { - return { - id: 'Wazuh-App-Overview-Virustotal-Total', - title: 'Total', - type: 'metric', - params: { - addTooltip: true, - addLegend: false, - type: 'metric', - metric: { - percentageMode: false, - useRanges: false, - colorSchema: 'Greens', - metricColorMode: 'Labels', - colorsRange: [ - { - from: 0, - to: 0, - }, - { - from: 0, - to: 0, - }, - ], - labels: { - show: true, - }, - invertColors: false, - style: { - bgFill: '#000', - bgColor: false, - labelColor: false, - subText: '', - fontSize: 40, - }, - }, - }, - data: { - searchSource: { - query: { - language: 'kuery', - query: '', - }, - filter: [], - index: indexPatternId, - }, - references: [ - { - name: 'kibanaSavedObjectMeta.searchSourceJSON.index', - type: 'index-pattern', - id: indexPatternId, - }, - ], - aggs: [ - { - id: '1', - enabled: true, - type: 'count', - schema: 'metric', - params: { customLabel: ' ' }, - }, - { - id: '2', - enabled: true, - type: 'filters', - params: { - filters: [ - { - input: { - query: 'data.virustotal:*', - language: 'kuery', - }, - label: '- Total', - }, - ], - }, - schema: 'group', - }, - ], - }, - }; -}; - -export const getKPIsPanel = ( - indexPatternId: string, -): { - [panelId: string]: DashboardPanelState< - EmbeddableInput & { [k: string]: unknown } - >; -} => { - return { - '1': { - gridData: { - w: 12, - h: 6, - x: 6, - y: 0, - i: '1', - }, - type: 'visualization', - explicitInput: { - id: '1', - savedVis: getVisStateTotalMalicious(indexPatternId), - }, - }, - '2': { - gridData: { - w: 12, - h: 6, - x: 18, - y: 0, - i: '2', - }, - type: 'visualization', - explicitInput: { - id: '2', - savedVis: getVisStateTotalPositives(indexPatternId), - }, - }, - '3': { - gridData: { - w: 12, - h: 6, - x: 30, - y: 0, - i: '3', - }, - type: 'visualization', - explicitInput: { - id: '3', - savedVis: getVisStateTotal(indexPatternId), - }, - }, - }; -}; diff --git a/plugins/main/public/components/overview/virustotal/dashboard/index.tsx b/plugins/main/public/components/overview/virustotal/dashboard/index.tsx deleted file mode 100644 index b58b6c9229..0000000000 --- a/plugins/main/public/components/overview/virustotal/dashboard/index.tsx +++ /dev/null @@ -1 +0,0 @@ -export * from './dashboard'; diff --git a/plugins/main/public/components/overview/virustotal/dashboard/virustotal_dashboard.scss b/plugins/main/public/components/overview/virustotal/dashboard/virustotal_dashboard.scss deleted file mode 100644 index 6e8f3eab43..0000000000 --- a/plugins/main/public/components/overview/virustotal/dashboard/virustotal_dashboard.scss +++ /dev/null @@ -1,10 +0,0 @@ -.virustotal-dashboard-responsive { - @media (max-width: 767px) { - .react-grid-layout { - height: auto !important; - } - .dshLayout-isMaximizedPanel { - height: calc(100vh - 44px) !important; - } - } -} diff --git a/plugins/main/public/components/overview/virustotal/events/virustotal-columns.tsx b/plugins/main/public/components/overview/virustotal/events/virustotal-columns.tsx deleted file mode 100644 index 790561a9e4..0000000000 --- a/plugins/main/public/components/overview/virustotal/events/virustotal-columns.tsx +++ /dev/null @@ -1,40 +0,0 @@ -import { tDataGridColumn } from '../../../common/data-grid'; -import React from 'react'; -import { EuiLink } from '@elastic/eui'; - -export const virustotalColumns: tDataGridColumn[] = [ - { - id: 'timestamp', - isSortable: true, - defaultSortDirection: 'desc', - }, - { - id: 'agent.name', - }, - { - id: 'data.virustotal.source.file', - }, - { - id: 'data.virustotal.permalink', - render: value => { - if (!value) { - return '-'; - } else { - return ( - - {value} - - ); - } - }, - }, - { - id: 'data.virustotal.malicious', - }, - { - id: 'data.virustotal.positives', - }, - { - id: 'data.virustotal.total', - }, -]; diff --git a/plugins/main/public/controllers/management/components/management/configuration/configuration-settings.js b/plugins/main/public/controllers/management/components/management/configuration/configuration-settings.js index bce314f057..32eec21d70 100644 --- a/plugins/main/public/controllers/management/components/management/configuration/configuration-settings.js +++ b/plugins/main/public/controllers/management/components/management/configuration/configuration-settings.js @@ -80,13 +80,6 @@ export default [ goto: 'alerts', when: 'manager', }, - { - name: 'Integrations', - description: - 'Slack, VirusTotal and PagerDuty integrations with external APIs', - goto: 'integrations', - when: 'manager', - }, ], }, { diff --git a/plugins/main/public/controllers/management/components/management/configuration/integrations/integrations.js b/plugins/main/public/controllers/management/components/management/configuration/integrations/integrations.js index 4ab516beef..1ed24981c3 100644 --- a/plugins/main/public/controllers/management/components/management/configuration/integrations/integrations.js +++ b/plugins/main/public/controllers/management/components/management/configuration/integrations/integrations.js @@ -22,12 +22,6 @@ const helpLinks = [ text: 'Integration with external APIs', href: webDocumentationLink('user-manual/manager/manual-integration.html'), }, - { - text: 'VirusTotal integration', - href: webDocumentationLink( - 'user-manual/capabilities/malware-detection/virus-total-integration.html', - ), - }, { text: 'Integration reference', href: webDocumentationLink( @@ -38,10 +32,6 @@ const helpLinks = [ const defaultIntegrations = [ { title: 'Slack', description: 'Get alerts directly on Slack' }, - { - title: 'VirusTotal', - description: 'Get notified when malicious software is found', - }, { title: 'PagerDuty', description: 'Get alerts on this streamlined incident resolution software', diff --git a/plugins/main/public/utils/applications.ts b/plugins/main/public/utils/applications.ts index 3f93a3ec22..76ecbc060c 100644 --- a/plugins/main/public/utils/applications.ts +++ b/plugins/main/public/utils/applications.ts @@ -232,32 +232,6 @@ export const mitreAttack = { }`, }; -// The Virustotal feature and dashboards are no longer in use, as they have been replaced by the Malware Dashboard. -export const virustotal = { - category: 'wz-category-threat-intelligence', - id: 'virustotal', - title: i18n.translate('wz-app-virustotal-title', { - defaultMessage: 'VirusTotal', - }), - breadcrumbLabel: i18n.translate('wz-app-virustotal-breadcrumbLabel', { - defaultMessage: 'VirusTotal', - }), - description: i18n.translate('wz-app-virustotal-description', { - defaultMessage: - 'Alerts resulting from VirusTotal analysis of suspicious files via an integration with their API.', - }), - euiIconType: 'monitoringApp', - order: 303, - showInOverviewApp: true, - showInAgentMenu: true, - redirectTo: () => - `/overview/?tab=virustotal&tabView=dashboard${ - store.getState()?.appStateReducers?.currentAgentData?.id - ? `&agentId=${store.getState()?.appStateReducers?.currentAgentData?.id}` - : '' - }`, -}; - const pciDss = { category: 'wz-category-security-operations', id: 'pci-dss', diff --git a/plugins/main/server/lib/reporting/summary-tables-definitions/agents/index.ts b/plugins/main/server/lib/reporting/summary-tables-definitions/agents/index.ts index 46dee71df3..67ca045213 100644 --- a/plugins/main/server/lib/reporting/summary-tables-definitions/agents/index.ts +++ b/plugins/main/server/lib/reporting/summary-tables-definitions/agents/index.ts @@ -41,15 +41,6 @@ const gcpAlertsSummary = { ] } -const virustotalAlertsSummary = { - title: 'Alerts summary', - aggs: [ - AggregationFields['rule.id'], - AggregationFields['rule.description'], - AggregationFields['rule.level'], - ] -} - const osqueryAlertsSummary = { title: 'Alerts summary', aggs: [ @@ -181,7 +172,6 @@ export default { nist: [nistLastAlerts], gcp: [gcpAlertsSummary], tsc: [tscAlertsSummary], - virustotal: [virustotalAlertsSummary], osquery: [osqueryAlertsSummary], mitre: [mitreAlertsSummary], ciscat: [ciscatAlertsSummary], @@ -191,4 +181,4 @@ export default { gdpr: [gdprLastAlerts], pci: [pciLastAlerts], docker: [dockerAlertsSummary], -} +}; diff --git a/plugins/main/server/routes/wazuh-reporting.ts b/plugins/main/server/routes/wazuh-reporting.ts index 7f78a27458..14ec56d54a 100644 --- a/plugins/main/server/routes/wazuh-reporting.ts +++ b/plugins/main/server/routes/wazuh-reporting.ts @@ -43,7 +43,6 @@ export function WazuhReportingRoutes(router: IRouter) { schema.literal('ciscat'), schema.literal('vuls'), schema.literal('mitre'), - schema.literal('virustotal'), schema.literal('docker'), schema.literal('osquery'), schema.literal('oscap'), diff --git a/plugins/main/test/cypress/cypress/integration/pageobjects/basic/modules-directory.page.js b/plugins/main/test/cypress/cypress/integration/pageobjects/basic/modules-directory.page.js index cfd9ee32a9..1da81f4494 100644 --- a/plugins/main/test/cypress/cypress/integration/pageobjects/basic/modules-directory.page.js +++ b/plugins/main/test/cypress/cypress/integration/pageobjects/basic/modules-directory.page.js @@ -3,7 +3,6 @@ export const MODULES_DIRECTORY_PAGE = { gCPCard: '[data-test-subj="overviewWelcomeGcp"]', openSCAPCard: '[data-test-subj="overviewWelcomeOscap"]', cisCatCard: '[data-test-subj="overviewWelcomeCiscat"]', - virusTotalCard: '[data-test-subj="overviewWelcomeVirustotal"]', osqueryCard: '[data-test-subj="overviewWelcomeOsquery"]', dockerListenerCard: '[data-test-subj="overviewWelcomeDocker"]', gDPRCard: '[data-test-subj="overviewWelcomeGdpr"]', diff --git a/plugins/main/test/cypress/cypress/integration/pageobjects/basic/settings/modules.page.js b/plugins/main/test/cypress/cypress/integration/pageobjects/basic/settings/modules.page.js index 2628f3faaa..4317934e06 100644 --- a/plugins/main/test/cypress/cypress/integration/pageobjects/basic/settings/modules.page.js +++ b/plugins/main/test/cypress/cypress/integration/pageobjects/basic/settings/modules.page.js @@ -1,13 +1,22 @@ export const MODULES_PAGE = { - amazonAWSToggleButton: ':nth-child(1) > .euiPanel > :nth-child(3) > :nth-child(1) > :nth-child(1) > :nth-child(4) > .euiFlexItem--flexGrowZero > .euiSwitch > button', - gCPToggleButton: ':nth-child(1) > .euiPanel > :nth-child(3) > :nth-child(1) > :nth-child(1) > :nth-child(5) > .euiFlexItem--flexGrowZero > .euiSwitch > button', - gitHubCardToggleButton: ':nth-child(1) > .euiPanel > :nth-child(3) > :nth-child(1) > :nth-child(1) > :nth-child(6) > .euiFlexItem--flexGrowZero > .euiSwitch > button', - openSCAPToggleButton: ':nth-child(2) > .euiPanel > :nth-child(3) > :nth-child(1) > :nth-child(1) > :nth-child(4) > .euiFlexItem--flexGrowZero > .euiSwitch > button', - cisCatToggleButton: ':nth-child(2) > .euiPanel > :nth-child(3) > :nth-child(1) > :nth-child(1) > :nth-child(5) > .euiFlexItem--flexGrowZero > .euiSwitch > button', - virusTotalToggleButton: ':nth-child(3) > .euiPanel > :nth-child(3) > :nth-child(1) > :nth-child(1) > :nth-child(3) > .euiFlexItem--flexGrowZero > .euiSwitch > button', - osqueryToggleButton: ':nth-child(3) > .euiPanel > :nth-child(3) > :nth-child(1) > :nth-child(1) > :nth-child(4) > .euiFlexItem--flexGrowZero > .euiSwitch > button', - dockerListenerToggleButton: ':nth-child(3) > .euiPanel > :nth-child(3) > :nth-child(1) > :nth-child(1) > :nth-child(5) > .euiFlexItem--flexGrowZero > .euiSwitch > button', - gDPRToggleButton: ':nth-child(4) > .euiPanel > :nth-child(3) > :nth-child(1) > :nth-child(1) > :nth-child(3) > .euiFlexItem--flexGrowZero > .euiSwitch > button', - hIPAAToggleButton: ':nth-child(4) > .euiPanel > :nth-child(3) > :nth-child(1) > :nth-child(1) > :nth-child(4) > .euiFlexItem--flexGrowZero > .euiSwitch > button', - tSCToggleButton: ':nth-child(4) > .euiPanel > :nth-child(3) > :nth-child(1) > :nth-child(1) > :nth-child(5) > .euiFlexItem--flexGrowZero > .euiSwitch > button', + amazonAWSToggleButton: + ':nth-child(1) > .euiPanel > :nth-child(3) > :nth-child(1) > :nth-child(1) > :nth-child(4) > .euiFlexItem--flexGrowZero > .euiSwitch > button', + gCPToggleButton: + ':nth-child(1) > .euiPanel > :nth-child(3) > :nth-child(1) > :nth-child(1) > :nth-child(5) > .euiFlexItem--flexGrowZero > .euiSwitch > button', + gitHubCardToggleButton: + ':nth-child(1) > .euiPanel > :nth-child(3) > :nth-child(1) > :nth-child(1) > :nth-child(6) > .euiFlexItem--flexGrowZero > .euiSwitch > button', + openSCAPToggleButton: + ':nth-child(2) > .euiPanel > :nth-child(3) > :nth-child(1) > :nth-child(1) > :nth-child(4) > .euiFlexItem--flexGrowZero > .euiSwitch > button', + cisCatToggleButton: + ':nth-child(2) > .euiPanel > :nth-child(3) > :nth-child(1) > :nth-child(1) > :nth-child(5) > .euiFlexItem--flexGrowZero > .euiSwitch > button', + osqueryToggleButton: + ':nth-child(3) > .euiPanel > :nth-child(3) > :nth-child(1) > :nth-child(1) > :nth-child(4) > .euiFlexItem--flexGrowZero > .euiSwitch > button', + dockerListenerToggleButton: + ':nth-child(3) > .euiPanel > :nth-child(3) > :nth-child(1) > :nth-child(1) > :nth-child(5) > .euiFlexItem--flexGrowZero > .euiSwitch > button', + gDPRToggleButton: + ':nth-child(4) > .euiPanel > :nth-child(3) > :nth-child(1) > :nth-child(1) > :nth-child(3) > .euiFlexItem--flexGrowZero > .euiSwitch > button', + hIPAAToggleButton: + ':nth-child(4) > .euiPanel > :nth-child(3) > :nth-child(1) > :nth-child(1) > :nth-child(4) > .euiFlexItem--flexGrowZero > .euiSwitch > button', + tSCToggleButton: + ':nth-child(4) > .euiPanel > :nth-child(3) > :nth-child(1) > :nth-child(1) > :nth-child(5) > .euiFlexItem--flexGrowZero > .euiSwitch > button', }; diff --git a/plugins/main/test/cypress/cypress/integration/pageobjects/basic/wazuh-menu/wazuh-menu.page.js b/plugins/main/test/cypress/cypress/integration/pageobjects/basic/wazuh-menu/wazuh-menu.page.js index 1f8d860b2c..e4f469f63d 100644 --- a/plugins/main/test/cypress/cypress/integration/pageobjects/basic/wazuh-menu/wazuh-menu.page.js +++ b/plugins/main/test/cypress/cypress/integration/pageobjects/basic/wazuh-menu/wazuh-menu.page.js @@ -28,7 +28,6 @@ export const WAZUH_MENU_PAGE = { cisCatLink: '[data-test-subj=menuModulesCiscatLink]', securityConfigurationAssessmentLink: '[data-test-subj=menuModulesScaLink]', vulnerabilitiesLink: '[data-test-subj=menuModulesVulsLink]', - virusTotalLink: '[data-test-subj=menuModulesVirustotalLink]', osqueryLink: '[data-test-subj=menuModulesOsqueryLink]', dockerListenerLink: '[data-test-subj=menuModulesDockerLink]', mitreAttackLink: '[data-test-subj=menuModulesMitreLink]', diff --git a/plugins/main/test/cypress/cypress/integration/pageobjects/odfe/modules-directory.page.js b/plugins/main/test/cypress/cypress/integration/pageobjects/odfe/modules-directory.page.js index 49a40d905a..1b96cf42d7 100644 --- a/plugins/main/test/cypress/cypress/integration/pageobjects/odfe/modules-directory.page.js +++ b/plugins/main/test/cypress/cypress/integration/pageobjects/odfe/modules-directory.page.js @@ -3,7 +3,6 @@ export const MODULES_DIRECTORY_PAGE = { gCPCard: '[data-test-subj="overviewWelcomeGcp"]', openSCAPCard: '[data-test-subj="overviewWelcomeOscap"]', cisCatCard: '[data-test-subj="overviewWelcomeCiscat"]', - virusTotalCard: '[data-test-subj="overviewWelcomeVirustotal"]', osqueryCard: '[data-test-subj="overviewWelcomeOsquery"]', dockerListenerCard: '[data-test-subj="overviewWelcomeDocker"]', gDPRCard: '[data-test-subj="overviewWelcomeGdpr"]', diff --git a/plugins/main/test/cypress/cypress/integration/pageobjects/odfe/settings/modules.page.js b/plugins/main/test/cypress/cypress/integration/pageobjects/odfe/settings/modules.page.js index 2628f3faaa..4317934e06 100644 --- a/plugins/main/test/cypress/cypress/integration/pageobjects/odfe/settings/modules.page.js +++ b/plugins/main/test/cypress/cypress/integration/pageobjects/odfe/settings/modules.page.js @@ -1,13 +1,22 @@ export const MODULES_PAGE = { - amazonAWSToggleButton: ':nth-child(1) > .euiPanel > :nth-child(3) > :nth-child(1) > :nth-child(1) > :nth-child(4) > .euiFlexItem--flexGrowZero > .euiSwitch > button', - gCPToggleButton: ':nth-child(1) > .euiPanel > :nth-child(3) > :nth-child(1) > :nth-child(1) > :nth-child(5) > .euiFlexItem--flexGrowZero > .euiSwitch > button', - gitHubCardToggleButton: ':nth-child(1) > .euiPanel > :nth-child(3) > :nth-child(1) > :nth-child(1) > :nth-child(6) > .euiFlexItem--flexGrowZero > .euiSwitch > button', - openSCAPToggleButton: ':nth-child(2) > .euiPanel > :nth-child(3) > :nth-child(1) > :nth-child(1) > :nth-child(4) > .euiFlexItem--flexGrowZero > .euiSwitch > button', - cisCatToggleButton: ':nth-child(2) > .euiPanel > :nth-child(3) > :nth-child(1) > :nth-child(1) > :nth-child(5) > .euiFlexItem--flexGrowZero > .euiSwitch > button', - virusTotalToggleButton: ':nth-child(3) > .euiPanel > :nth-child(3) > :nth-child(1) > :nth-child(1) > :nth-child(3) > .euiFlexItem--flexGrowZero > .euiSwitch > button', - osqueryToggleButton: ':nth-child(3) > .euiPanel > :nth-child(3) > :nth-child(1) > :nth-child(1) > :nth-child(4) > .euiFlexItem--flexGrowZero > .euiSwitch > button', - dockerListenerToggleButton: ':nth-child(3) > .euiPanel > :nth-child(3) > :nth-child(1) > :nth-child(1) > :nth-child(5) > .euiFlexItem--flexGrowZero > .euiSwitch > button', - gDPRToggleButton: ':nth-child(4) > .euiPanel > :nth-child(3) > :nth-child(1) > :nth-child(1) > :nth-child(3) > .euiFlexItem--flexGrowZero > .euiSwitch > button', - hIPAAToggleButton: ':nth-child(4) > .euiPanel > :nth-child(3) > :nth-child(1) > :nth-child(1) > :nth-child(4) > .euiFlexItem--flexGrowZero > .euiSwitch > button', - tSCToggleButton: ':nth-child(4) > .euiPanel > :nth-child(3) > :nth-child(1) > :nth-child(1) > :nth-child(5) > .euiFlexItem--flexGrowZero > .euiSwitch > button', + amazonAWSToggleButton: + ':nth-child(1) > .euiPanel > :nth-child(3) > :nth-child(1) > :nth-child(1) > :nth-child(4) > .euiFlexItem--flexGrowZero > .euiSwitch > button', + gCPToggleButton: + ':nth-child(1) > .euiPanel > :nth-child(3) > :nth-child(1) > :nth-child(1) > :nth-child(5) > .euiFlexItem--flexGrowZero > .euiSwitch > button', + gitHubCardToggleButton: + ':nth-child(1) > .euiPanel > :nth-child(3) > :nth-child(1) > :nth-child(1) > :nth-child(6) > .euiFlexItem--flexGrowZero > .euiSwitch > button', + openSCAPToggleButton: + ':nth-child(2) > .euiPanel > :nth-child(3) > :nth-child(1) > :nth-child(1) > :nth-child(4) > .euiFlexItem--flexGrowZero > .euiSwitch > button', + cisCatToggleButton: + ':nth-child(2) > .euiPanel > :nth-child(3) > :nth-child(1) > :nth-child(1) > :nth-child(5) > .euiFlexItem--flexGrowZero > .euiSwitch > button', + osqueryToggleButton: + ':nth-child(3) > .euiPanel > :nth-child(3) > :nth-child(1) > :nth-child(1) > :nth-child(4) > .euiFlexItem--flexGrowZero > .euiSwitch > button', + dockerListenerToggleButton: + ':nth-child(3) > .euiPanel > :nth-child(3) > :nth-child(1) > :nth-child(1) > :nth-child(5) > .euiFlexItem--flexGrowZero > .euiSwitch > button', + gDPRToggleButton: + ':nth-child(4) > .euiPanel > :nth-child(3) > :nth-child(1) > :nth-child(1) > :nth-child(3) > .euiFlexItem--flexGrowZero > .euiSwitch > button', + hIPAAToggleButton: + ':nth-child(4) > .euiPanel > :nth-child(3) > :nth-child(1) > :nth-child(1) > :nth-child(4) > .euiFlexItem--flexGrowZero > .euiSwitch > button', + tSCToggleButton: + ':nth-child(4) > .euiPanel > :nth-child(3) > :nth-child(1) > :nth-child(1) > :nth-child(5) > .euiFlexItem--flexGrowZero > .euiSwitch > button', }; diff --git a/plugins/main/test/cypress/cypress/integration/pageobjects/odfe/wazuh-menu/wazuh-menu.page.js b/plugins/main/test/cypress/cypress/integration/pageobjects/odfe/wazuh-menu/wazuh-menu.page.js index 1f8d860b2c..e4f469f63d 100644 --- a/plugins/main/test/cypress/cypress/integration/pageobjects/odfe/wazuh-menu/wazuh-menu.page.js +++ b/plugins/main/test/cypress/cypress/integration/pageobjects/odfe/wazuh-menu/wazuh-menu.page.js @@ -28,7 +28,6 @@ export const WAZUH_MENU_PAGE = { cisCatLink: '[data-test-subj=menuModulesCiscatLink]', securityConfigurationAssessmentLink: '[data-test-subj=menuModulesScaLink]', vulnerabilitiesLink: '[data-test-subj=menuModulesVulsLink]', - virusTotalLink: '[data-test-subj=menuModulesVirustotalLink]', osqueryLink: '[data-test-subj=menuModulesOsqueryLink]', dockerListenerLink: '[data-test-subj=menuModulesDockerLink]', mitreAttackLink: '[data-test-subj=menuModulesMitreLink]', diff --git a/plugins/main/test/cypress/cypress/integration/pageobjects/wzd/modules-directory.page.js b/plugins/main/test/cypress/cypress/integration/pageobjects/wzd/modules-directory.page.js index 49a40d905a..1b96cf42d7 100644 --- a/plugins/main/test/cypress/cypress/integration/pageobjects/wzd/modules-directory.page.js +++ b/plugins/main/test/cypress/cypress/integration/pageobjects/wzd/modules-directory.page.js @@ -3,7 +3,6 @@ export const MODULES_DIRECTORY_PAGE = { gCPCard: '[data-test-subj="overviewWelcomeGcp"]', openSCAPCard: '[data-test-subj="overviewWelcomeOscap"]', cisCatCard: '[data-test-subj="overviewWelcomeCiscat"]', - virusTotalCard: '[data-test-subj="overviewWelcomeVirustotal"]', osqueryCard: '[data-test-subj="overviewWelcomeOsquery"]', dockerListenerCard: '[data-test-subj="overviewWelcomeDocker"]', gDPRCard: '[data-test-subj="overviewWelcomeGdpr"]', diff --git a/plugins/main/test/cypress/cypress/integration/pageobjects/wzd/settings/modules.page.js b/plugins/main/test/cypress/cypress/integration/pageobjects/wzd/settings/modules.page.js index 2628f3faaa..4317934e06 100644 --- a/plugins/main/test/cypress/cypress/integration/pageobjects/wzd/settings/modules.page.js +++ b/plugins/main/test/cypress/cypress/integration/pageobjects/wzd/settings/modules.page.js @@ -1,13 +1,22 @@ export const MODULES_PAGE = { - amazonAWSToggleButton: ':nth-child(1) > .euiPanel > :nth-child(3) > :nth-child(1) > :nth-child(1) > :nth-child(4) > .euiFlexItem--flexGrowZero > .euiSwitch > button', - gCPToggleButton: ':nth-child(1) > .euiPanel > :nth-child(3) > :nth-child(1) > :nth-child(1) > :nth-child(5) > .euiFlexItem--flexGrowZero > .euiSwitch > button', - gitHubCardToggleButton: ':nth-child(1) > .euiPanel > :nth-child(3) > :nth-child(1) > :nth-child(1) > :nth-child(6) > .euiFlexItem--flexGrowZero > .euiSwitch > button', - openSCAPToggleButton: ':nth-child(2) > .euiPanel > :nth-child(3) > :nth-child(1) > :nth-child(1) > :nth-child(4) > .euiFlexItem--flexGrowZero > .euiSwitch > button', - cisCatToggleButton: ':nth-child(2) > .euiPanel > :nth-child(3) > :nth-child(1) > :nth-child(1) > :nth-child(5) > .euiFlexItem--flexGrowZero > .euiSwitch > button', - virusTotalToggleButton: ':nth-child(3) > .euiPanel > :nth-child(3) > :nth-child(1) > :nth-child(1) > :nth-child(3) > .euiFlexItem--flexGrowZero > .euiSwitch > button', - osqueryToggleButton: ':nth-child(3) > .euiPanel > :nth-child(3) > :nth-child(1) > :nth-child(1) > :nth-child(4) > .euiFlexItem--flexGrowZero > .euiSwitch > button', - dockerListenerToggleButton: ':nth-child(3) > .euiPanel > :nth-child(3) > :nth-child(1) > :nth-child(1) > :nth-child(5) > .euiFlexItem--flexGrowZero > .euiSwitch > button', - gDPRToggleButton: ':nth-child(4) > .euiPanel > :nth-child(3) > :nth-child(1) > :nth-child(1) > :nth-child(3) > .euiFlexItem--flexGrowZero > .euiSwitch > button', - hIPAAToggleButton: ':nth-child(4) > .euiPanel > :nth-child(3) > :nth-child(1) > :nth-child(1) > :nth-child(4) > .euiFlexItem--flexGrowZero > .euiSwitch > button', - tSCToggleButton: ':nth-child(4) > .euiPanel > :nth-child(3) > :nth-child(1) > :nth-child(1) > :nth-child(5) > .euiFlexItem--flexGrowZero > .euiSwitch > button', + amazonAWSToggleButton: + ':nth-child(1) > .euiPanel > :nth-child(3) > :nth-child(1) > :nth-child(1) > :nth-child(4) > .euiFlexItem--flexGrowZero > .euiSwitch > button', + gCPToggleButton: + ':nth-child(1) > .euiPanel > :nth-child(3) > :nth-child(1) > :nth-child(1) > :nth-child(5) > .euiFlexItem--flexGrowZero > .euiSwitch > button', + gitHubCardToggleButton: + ':nth-child(1) > .euiPanel > :nth-child(3) > :nth-child(1) > :nth-child(1) > :nth-child(6) > .euiFlexItem--flexGrowZero > .euiSwitch > button', + openSCAPToggleButton: + ':nth-child(2) > .euiPanel > :nth-child(3) > :nth-child(1) > :nth-child(1) > :nth-child(4) > .euiFlexItem--flexGrowZero > .euiSwitch > button', + cisCatToggleButton: + ':nth-child(2) > .euiPanel > :nth-child(3) > :nth-child(1) > :nth-child(1) > :nth-child(5) > .euiFlexItem--flexGrowZero > .euiSwitch > button', + osqueryToggleButton: + ':nth-child(3) > .euiPanel > :nth-child(3) > :nth-child(1) > :nth-child(1) > :nth-child(4) > .euiFlexItem--flexGrowZero > .euiSwitch > button', + dockerListenerToggleButton: + ':nth-child(3) > .euiPanel > :nth-child(3) > :nth-child(1) > :nth-child(1) > :nth-child(5) > .euiFlexItem--flexGrowZero > .euiSwitch > button', + gDPRToggleButton: + ':nth-child(4) > .euiPanel > :nth-child(3) > :nth-child(1) > :nth-child(1) > :nth-child(3) > .euiFlexItem--flexGrowZero > .euiSwitch > button', + hIPAAToggleButton: + ':nth-child(4) > .euiPanel > :nth-child(3) > :nth-child(1) > :nth-child(1) > :nth-child(4) > .euiFlexItem--flexGrowZero > .euiSwitch > button', + tSCToggleButton: + ':nth-child(4) > .euiPanel > :nth-child(3) > :nth-child(1) > :nth-child(1) > :nth-child(5) > .euiFlexItem--flexGrowZero > .euiSwitch > button', }; diff --git a/plugins/main/test/cypress/cypress/integration/pageobjects/wzd/wazuh-menu/wazuh-menu.page.js b/plugins/main/test/cypress/cypress/integration/pageobjects/wzd/wazuh-menu/wazuh-menu.page.js index 1f8d860b2c..e4f469f63d 100644 --- a/plugins/main/test/cypress/cypress/integration/pageobjects/wzd/wazuh-menu/wazuh-menu.page.js +++ b/plugins/main/test/cypress/cypress/integration/pageobjects/wzd/wazuh-menu/wazuh-menu.page.js @@ -28,7 +28,6 @@ export const WAZUH_MENU_PAGE = { cisCatLink: '[data-test-subj=menuModulesCiscatLink]', securityConfigurationAssessmentLink: '[data-test-subj=menuModulesScaLink]', vulnerabilitiesLink: '[data-test-subj=menuModulesVulsLink]', - virusTotalLink: '[data-test-subj=menuModulesVirustotalLink]', osqueryLink: '[data-test-subj=menuModulesOsqueryLink]', dockerListenerLink: '[data-test-subj=menuModulesDockerLink]', mitreAttackLink: '[data-test-subj=menuModulesMitreLink]', diff --git a/plugins/main/test/cypress/cypress/integration/pageobjects/xpack/modules-directory.page.js b/plugins/main/test/cypress/cypress/integration/pageobjects/xpack/modules-directory.page.js index cfd9ee32a9..1da81f4494 100644 --- a/plugins/main/test/cypress/cypress/integration/pageobjects/xpack/modules-directory.page.js +++ b/plugins/main/test/cypress/cypress/integration/pageobjects/xpack/modules-directory.page.js @@ -3,7 +3,6 @@ export const MODULES_DIRECTORY_PAGE = { gCPCard: '[data-test-subj="overviewWelcomeGcp"]', openSCAPCard: '[data-test-subj="overviewWelcomeOscap"]', cisCatCard: '[data-test-subj="overviewWelcomeCiscat"]', - virusTotalCard: '[data-test-subj="overviewWelcomeVirustotal"]', osqueryCard: '[data-test-subj="overviewWelcomeOsquery"]', dockerListenerCard: '[data-test-subj="overviewWelcomeDocker"]', gDPRCard: '[data-test-subj="overviewWelcomeGdpr"]', diff --git a/plugins/main/test/cypress/cypress/integration/pageobjects/xpack/settings/modules.page.js b/plugins/main/test/cypress/cypress/integration/pageobjects/xpack/settings/modules.page.js index 2628f3faaa..4317934e06 100644 --- a/plugins/main/test/cypress/cypress/integration/pageobjects/xpack/settings/modules.page.js +++ b/plugins/main/test/cypress/cypress/integration/pageobjects/xpack/settings/modules.page.js @@ -1,13 +1,22 @@ export const MODULES_PAGE = { - amazonAWSToggleButton: ':nth-child(1) > .euiPanel > :nth-child(3) > :nth-child(1) > :nth-child(1) > :nth-child(4) > .euiFlexItem--flexGrowZero > .euiSwitch > button', - gCPToggleButton: ':nth-child(1) > .euiPanel > :nth-child(3) > :nth-child(1) > :nth-child(1) > :nth-child(5) > .euiFlexItem--flexGrowZero > .euiSwitch > button', - gitHubCardToggleButton: ':nth-child(1) > .euiPanel > :nth-child(3) > :nth-child(1) > :nth-child(1) > :nth-child(6) > .euiFlexItem--flexGrowZero > .euiSwitch > button', - openSCAPToggleButton: ':nth-child(2) > .euiPanel > :nth-child(3) > :nth-child(1) > :nth-child(1) > :nth-child(4) > .euiFlexItem--flexGrowZero > .euiSwitch > button', - cisCatToggleButton: ':nth-child(2) > .euiPanel > :nth-child(3) > :nth-child(1) > :nth-child(1) > :nth-child(5) > .euiFlexItem--flexGrowZero > .euiSwitch > button', - virusTotalToggleButton: ':nth-child(3) > .euiPanel > :nth-child(3) > :nth-child(1) > :nth-child(1) > :nth-child(3) > .euiFlexItem--flexGrowZero > .euiSwitch > button', - osqueryToggleButton: ':nth-child(3) > .euiPanel > :nth-child(3) > :nth-child(1) > :nth-child(1) > :nth-child(4) > .euiFlexItem--flexGrowZero > .euiSwitch > button', - dockerListenerToggleButton: ':nth-child(3) > .euiPanel > :nth-child(3) > :nth-child(1) > :nth-child(1) > :nth-child(5) > .euiFlexItem--flexGrowZero > .euiSwitch > button', - gDPRToggleButton: ':nth-child(4) > .euiPanel > :nth-child(3) > :nth-child(1) > :nth-child(1) > :nth-child(3) > .euiFlexItem--flexGrowZero > .euiSwitch > button', - hIPAAToggleButton: ':nth-child(4) > .euiPanel > :nth-child(3) > :nth-child(1) > :nth-child(1) > :nth-child(4) > .euiFlexItem--flexGrowZero > .euiSwitch > button', - tSCToggleButton: ':nth-child(4) > .euiPanel > :nth-child(3) > :nth-child(1) > :nth-child(1) > :nth-child(5) > .euiFlexItem--flexGrowZero > .euiSwitch > button', + amazonAWSToggleButton: + ':nth-child(1) > .euiPanel > :nth-child(3) > :nth-child(1) > :nth-child(1) > :nth-child(4) > .euiFlexItem--flexGrowZero > .euiSwitch > button', + gCPToggleButton: + ':nth-child(1) > .euiPanel > :nth-child(3) > :nth-child(1) > :nth-child(1) > :nth-child(5) > .euiFlexItem--flexGrowZero > .euiSwitch > button', + gitHubCardToggleButton: + ':nth-child(1) > .euiPanel > :nth-child(3) > :nth-child(1) > :nth-child(1) > :nth-child(6) > .euiFlexItem--flexGrowZero > .euiSwitch > button', + openSCAPToggleButton: + ':nth-child(2) > .euiPanel > :nth-child(3) > :nth-child(1) > :nth-child(1) > :nth-child(4) > .euiFlexItem--flexGrowZero > .euiSwitch > button', + cisCatToggleButton: + ':nth-child(2) > .euiPanel > :nth-child(3) > :nth-child(1) > :nth-child(1) > :nth-child(5) > .euiFlexItem--flexGrowZero > .euiSwitch > button', + osqueryToggleButton: + ':nth-child(3) > .euiPanel > :nth-child(3) > :nth-child(1) > :nth-child(1) > :nth-child(4) > .euiFlexItem--flexGrowZero > .euiSwitch > button', + dockerListenerToggleButton: + ':nth-child(3) > .euiPanel > :nth-child(3) > :nth-child(1) > :nth-child(1) > :nth-child(5) > .euiFlexItem--flexGrowZero > .euiSwitch > button', + gDPRToggleButton: + ':nth-child(4) > .euiPanel > :nth-child(3) > :nth-child(1) > :nth-child(1) > :nth-child(3) > .euiFlexItem--flexGrowZero > .euiSwitch > button', + hIPAAToggleButton: + ':nth-child(4) > .euiPanel > :nth-child(3) > :nth-child(1) > :nth-child(1) > :nth-child(4) > .euiFlexItem--flexGrowZero > .euiSwitch > button', + tSCToggleButton: + ':nth-child(4) > .euiPanel > :nth-child(3) > :nth-child(1) > :nth-child(1) > :nth-child(5) > .euiFlexItem--flexGrowZero > .euiSwitch > button', }; diff --git a/plugins/main/test/cypress/cypress/integration/pageobjects/xpack/wazuh-menu/wazuh-menu.page.js b/plugins/main/test/cypress/cypress/integration/pageobjects/xpack/wazuh-menu/wazuh-menu.page.js index 7119d9ff65..7bffaeba01 100644 --- a/plugins/main/test/cypress/cypress/integration/pageobjects/xpack/wazuh-menu/wazuh-menu.page.js +++ b/plugins/main/test/cypress/cypress/integration/pageobjects/xpack/wazuh-menu/wazuh-menu.page.js @@ -28,7 +28,6 @@ export const WAZUH_MENU_PAGE = { cisCatLink: '[data-test-subj=menuModulesCiscatLink]', securityConfigurationAssessmentLink: '[data-test-subj=menuModulesScaLink]', vulnerabilitiesLink: '[data-test-subj=menuModulesVulsLink]', - virusTotalLink: '[data-test-subj=menuModulesVirustotalLink]', osqueryLink: '[data-test-subj=menuModulesOsqueryLink]', dockerListenerLink: '[data-test-subj=menuModulesDockerLink]', mitreAttackLink: '[data-test-subj=menuModulesMitreLink]', @@ -70,7 +69,8 @@ export const WAZUH_MENU_PAGE = { //endregion //region Settings settingsApiConfigurationLink: '[data-test-subj=menuSettingsApiLink]', - settingsModulesLink: '.wz-menu-right-side .WzManagementSideMenu [data-test-subj=menuSettingsModulesLink]', + settingsModulesLink: + '.wz-menu-right-side .WzManagementSideMenu [data-test-subj=menuSettingsModulesLink]', settingsSampleDataLink: '[data-test-subj=menuSettingsSampleDataLink]', settingsConfigurationLink: '[data-test-subj=menuSettingsConfigurationLink]', settingsLogsLink: '[data-test-subj=menuSettingsLogsLink]', diff --git a/plugins/main/test/cypress/cypress/integration/utils/mappers/basic/modules-mapper.js b/plugins/main/test/cypress/cypress/integration/utils/mappers/basic/modules-mapper.js index bb21a9d4e5..d1cbc1d954 100644 --- a/plugins/main/test/cypress/cypress/integration/utils/mappers/basic/modules-mapper.js +++ b/plugins/main/test/cypress/cypress/integration/utils/mappers/basic/modules-mapper.js @@ -11,7 +11,6 @@ export const MODULES_CARDS = { GitHub: MODULES_PAGE['gitHubCardToggleButton'], OpenSCAP: MODULES_PAGE['openSCAPToggleButton'], 'CIS-CAT': MODULES_PAGE['cisCatToggleButton'], - VirusTotal: MODULES_PAGE['virusTotalToggleButton'], Osquery: MODULES_PAGE['osqueryToggleButton'], 'Docker listener': MODULES_PAGE['dockerListenerToggleButton'], GDPR: MODULES_PAGE['gDPRToggleButton'], @@ -25,7 +24,6 @@ export const MODULES_SETTINGS = { GitHub: MODULES_DIRECTORY_PAGE['gitHubCard'], OpenSCAP: MODULES_DIRECTORY_PAGE['openSCAPCard'], 'CIS-CAT': MODULES_DIRECTORY_PAGE['cisCatCard'], - VirusTotal: MODULES_DIRECTORY_PAGE['virusTotalCard'], Osquery: MODULES_DIRECTORY_PAGE['osqueryCard'], 'Docker listener': MODULES_DIRECTORY_PAGE['dockerListenerCard'], GDPR: MODULES_DIRECTORY_PAGE['gDPRCard'], diff --git a/plugins/main/test/cypress/cypress/integration/utils/mappers/odfe/modules-mapper.js b/plugins/main/test/cypress/cypress/integration/utils/mappers/odfe/modules-mapper.js index 0f13240bee..3cb3fa3a54 100644 --- a/plugins/main/test/cypress/cypress/integration/utils/mappers/odfe/modules-mapper.js +++ b/plugins/main/test/cypress/cypress/integration/utils/mappers/odfe/modules-mapper.js @@ -11,7 +11,6 @@ export const MODULES_CARDS = { GitHub: MODULES_PAGE['gitHubCardToggleButton'], OpenSCAP: MODULES_PAGE['openSCAPToggleButton'], 'CIS-CAT': MODULES_PAGE['cisCatToggleButton'], - VirusTotal: MODULES_PAGE['virusTotalToggleButton'], Osquery: MODULES_PAGE['osqueryToggleButton'], 'Docker listener': MODULES_PAGE['dockerListenerToggleButton'], GDPR: MODULES_PAGE['gDPRToggleButton'], @@ -25,7 +24,6 @@ export const MODULES_SETTINGS = { GitHub: MODULES_DIRECTORY_PAGE['gitHubCard'], OpenSCAP: MODULES_DIRECTORY_PAGE['openSCAPCard'], 'CIS-CAT': MODULES_DIRECTORY_PAGE['cisCatCard'], - VirusTotal: MODULES_DIRECTORY_PAGE['virusTotalCard'], Osquery: MODULES_DIRECTORY_PAGE['osqueryCard'], 'Docker listener': MODULES_DIRECTORY_PAGE['dockerListenerCard'], GDPR: MODULES_DIRECTORY_PAGE['gDPRCard'], diff --git a/plugins/main/test/cypress/cypress/integration/utils/mappers/wzd/modules-mapper.js b/plugins/main/test/cypress/cypress/integration/utils/mappers/wzd/modules-mapper.js index 22a70ed995..6de19b694d 100644 --- a/plugins/main/test/cypress/cypress/integration/utils/mappers/wzd/modules-mapper.js +++ b/plugins/main/test/cypress/cypress/integration/utils/mappers/wzd/modules-mapper.js @@ -11,7 +11,6 @@ export const MODULES_CARDS = { GitHub: MODULES_PAGE['gitHubCardToggleButton'], OpenSCAP: MODULES_PAGE['openSCAPToggleButton'], 'CIS-CAT': MODULES_PAGE['cisCatToggleButton'], - VirusTotal: MODULES_PAGE['virusTotalToggleButton'], Osquery: MODULES_PAGE['osqueryToggleButton'], 'Docker listener': MODULES_PAGE['dockerListenerToggleButton'], GDPR: MODULES_PAGE['gDPRToggleButton'], @@ -25,7 +24,6 @@ export const MODULES_SETTINGS = { GitHub: MODULES_DIRECTORY_PAGE['gitHubCard'], OpenSCAP: MODULES_DIRECTORY_PAGE['openSCAPCard'], 'CIS-CAT': MODULES_DIRECTORY_PAGE['cisCatCard'], - VirusTotal: MODULES_DIRECTORY_PAGE['virusTotalCard'], Osquery: MODULES_DIRECTORY_PAGE['osqueryCard'], 'Docker listener': MODULES_DIRECTORY_PAGE['dockerListenerCard'], GDPR: MODULES_DIRECTORY_PAGE['gDPRCard'], diff --git a/plugins/main/test/cypress/cypress/integration/utils/mappers/xpack/modules-mapper.js b/plugins/main/test/cypress/cypress/integration/utils/mappers/xpack/modules-mapper.js index 3fe4616936..eef8fed129 100644 --- a/plugins/main/test/cypress/cypress/integration/utils/mappers/xpack/modules-mapper.js +++ b/plugins/main/test/cypress/cypress/integration/utils/mappers/xpack/modules-mapper.js @@ -11,7 +11,6 @@ export const MODULES_CARDS = { GitHub: MODULES_PAGE['gitHubCardToggleButton'], OpenSCAP: MODULES_PAGE['openSCAPToggleButton'], 'CIS-CAT': MODULES_PAGE['cisCatToggleButton'], - VirusTotal: MODULES_PAGE['virusTotalToggleButton'], Osquery: MODULES_PAGE['osqueryToggleButton'], 'Docker listener': MODULES_PAGE['dockerListenerToggleButton'], GDPR: MODULES_PAGE['gDPRToggleButton'], @@ -25,7 +24,6 @@ export const MODULES_SETTINGS = { GitHub: MODULES_DIRECTORY_PAGE['gitHubCard'], OpenSCAP: MODULES_DIRECTORY_PAGE['openSCAPCard'], 'CIS-CAT': MODULES_DIRECTORY_PAGE['cisCatCard'], - VirusTotal: MODULES_DIRECTORY_PAGE['virusTotalCard'], Osquery: MODULES_DIRECTORY_PAGE['osqueryCard'], 'Docker listener': MODULES_DIRECTORY_PAGE['dockerListenerCard'], GDPR: MODULES_DIRECTORY_PAGE['gDPRCard'], diff --git a/scripts/wazuh-alerts-generator/cli.js b/scripts/wazuh-alerts-generator/cli.js index 960cb418df..15f426b590 100644 --- a/scripts/wazuh-alerts-generator/cli.js +++ b/scripts/wazuh-alerts-generator/cli.js @@ -108,13 +108,7 @@ 'windows', ], 'auditing-policy-monitoring': ['audit', 'ciscat', 'openscap', 'rootcheck'], - 'thread-detection': [ - 'docker', - 'mitre', - 'osquery', - 'virustotal', - 'vulnerabilities', - ], + 'thread-detection': ['docker', 'mitre', 'osquery', 'vulnerabilities'], }; function displayHelp() { From 64d1c3f97ef543ce4c4d37fb33f367423a2f7f1b Mon Sep 17 00:00:00 2001 From: Guido Modarelli Date: Thu, 3 Oct 2024 08:12:28 -0300 Subject: [PATCH 05/16] Fix Prettier issues --- .../integrations/integrations.js | 42 ++- .../agents/index.ts | 78 +++--- plugins/main/server/routes/wazuh-reporting.ts | 258 ++++++++++-------- .../utils/mappers/basic/modules-mapper.js | 8 +- .../utils/mappers/odfe/modules-mapper.js | 8 +- .../utils/mappers/wzd/modules-mapper.js | 8 +- .../utils/mappers/xpack/modules-mapper.js | 8 +- 7 files changed, 209 insertions(+), 201 deletions(-) diff --git a/plugins/main/public/controllers/management/components/management/configuration/integrations/integrations.js b/plugins/main/public/controllers/management/components/management/configuration/integrations/integrations.js index 1ed24981c3..28c0214e9c 100644 --- a/plugins/main/public/controllers/management/components/management/configuration/integrations/integrations.js +++ b/plugins/main/public/controllers/management/components/management/configuration/integrations/integrations.js @@ -84,28 +84,26 @@ class WzConfigurationIntegrations extends Component { /> )} {currentConfig['integrator-integration'] && - !isString(currentConfig['integrator-integration']) ? ( - integrations && - integrations.map((integrationInfo, key) => { - const integration = Object.assign( - this.buildIntegration(integrationInfo.name), - integrationInfo - ); - return ( - - - - ); - }) - ) - : null - } + !isString(currentConfig['integrator-integration']) + ? integrations && + integrations.map((integrationInfo, key) => { + const integration = Object.assign( + this.buildIntegration(integrationInfo.name), + integrationInfo, + ); + return ( + + + + ); + }) + : null} ); } diff --git a/plugins/main/server/lib/reporting/summary-tables-definitions/agents/index.ts b/plugins/main/server/lib/reporting/summary-tables-definitions/agents/index.ts index 67ca045213..c84014feea 100644 --- a/plugins/main/server/lib/reporting/summary-tables-definitions/agents/index.ts +++ b/plugins/main/server/lib/reporting/summary-tables-definitions/agents/index.ts @@ -6,15 +6,13 @@ const generalAlertsSummary = { AggregationFields['rule.id'], AggregationFields['rule.description'], AggregationFields['rule.level'], - ] -} + ], +}; const generalGroupsSummary = { title: 'Groups summary', - aggs: [ - AggregationFields['rule.groups'], - ] -} + aggs: [AggregationFields['rule.groups']], +}; const awsAlertsSummary = { title: 'Alerts summary', @@ -22,24 +20,24 @@ const awsAlertsSummary = { AggregationFields['rule.id'], AggregationFields['rule.description'], AggregationFields['rule.level'], - ] -} + ], +}; const fimAlertsSummary = { title: 'Alerts summary', aggs: [ AggregationFields['syscheck.path'], AggregationFields['rule.description'], - ] -} + ], +}; const gcpAlertsSummary = { title: 'Alerts summary', aggs: [ AggregationFields['rule.id'], AggregationFields['rule.description'], AggregationFields['rule.level'], - ] -} + ], +}; const osqueryAlertsSummary = { title: 'Alerts summary', @@ -49,8 +47,8 @@ const osqueryAlertsSummary = { AggregationFields['agent.name'], AggregationFields['data.osquery.pack'], AggregationFields['data.osquery.calendarTime'], - ] -} + ], +}; const mitreAlertsSummary = { title: 'Alerts summary', @@ -58,8 +56,8 @@ const mitreAlertsSummary = { AggregationFields['rule.id'], AggregationFields['rule.description'], AggregationFields['rule.level'], - ] -} + ], +}; const ciscatAlertsSummary = { title: 'Alerts summary', @@ -67,16 +65,16 @@ const ciscatAlertsSummary = { AggregationFields['data.cis.rule_title'], AggregationFields['data.cis.group'], AggregationFields['data.cis.result'], - ] -} + ], +}; const pmAlertsSummary = { title: 'Alerts summary', aggs: [ AggregationFields['rule.description'], AggregationFields['data.title'], - ] -} + ], +}; const tscAlertsSummary = { title: 'Alerts summary', @@ -84,8 +82,8 @@ const tscAlertsSummary = { AggregationFields['agent.name'], AggregationFields['rule.tsc'], AggregationFields['rule.description'], - ] -} + ], +}; const githubAlertsSummary = { title: 'Alerts summary', @@ -93,18 +91,14 @@ const githubAlertsSummary = { AggregationFields['agent.name'], AggregationFields['data.github.org'], AggregationFields['rule.description'], - ] -} + ], +}; // 'Wazuh-App-Agents-GDPR-Last-alerts' const gdprLastAlerts = { title: 'Last alerts', - aggs: [ - AggregationFields['rule.gdpr'], - AggregationFields['rule.description'], - ] - -} + aggs: [AggregationFields['rule.gdpr'], AggregationFields['rule.description']], +}; // 'Wazuh-App-Agents-PCI-Last-alerts' const pciLastAlerts = { @@ -112,8 +106,8 @@ const pciLastAlerts = { aggs: [ AggregationFields['rule.pci_dss'], AggregationFields['rule.description'], - ] -} + ], +}; // 'Wazuh-App-Agents-NIST-Last-alerts' const nistLastAlerts = { @@ -122,8 +116,8 @@ const nistLastAlerts = { AggregationFields['rule.nist_800_53'], AggregationFields['rule.level'], AggregationFields['rule.description'], - ] -} + ], +}; // 'Wazuh-App-Agents-HIPAA-Last-alerts' const hipaaLastAlerts = { @@ -132,8 +126,8 @@ const hipaaLastAlerts = { AggregationFields['rule.hipaa'], AggregationFields['rule.level'], AggregationFields['rule.description'], - ] -} + ], +}; // 'Wazuh-App-Agents-OSCAP-Last-alerts' const oscapLastAlerts = { @@ -141,8 +135,8 @@ const oscapLastAlerts = { aggs: [ AggregationFields['data.oscap.check.title'], AggregationFields['data.oscap.scan.profile.title'], - ] -} + ], +}; // 'Wazuh-App-Agents-Audit-Last-alerts' const auditLastAlerts = { @@ -151,8 +145,8 @@ const auditLastAlerts = { AggregationFields['rule.description'], AggregationFields['data.audit.exe'], AggregationFields['data.audit.type'], - ] -} + ], +}; const dockerAlertsSummary = { title: 'Events summary', @@ -160,8 +154,8 @@ const dockerAlertsSummary = { AggregationFields['data.docker.Actor.Attributes.name'], AggregationFields['data.docker.Action'], AggregationFields['timestamp'], - ] -} + ], +}; export default { general: [generalAlertsSummary, generalGroupsSummary], diff --git a/plugins/main/server/routes/wazuh-reporting.ts b/plugins/main/server/routes/wazuh-reporting.ts index 14ec56d54a..fe4fde4d70 100644 --- a/plugins/main/server/routes/wazuh-reporting.ts +++ b/plugins/main/server/routes/wazuh-reporting.ts @@ -18,16 +18,23 @@ export function WazuhReportingRoutes(router: IRouter) { const agentIDValidation = schema.string({ minLength: 3, - validate: (agentID: string) => /^\d{3,}$/.test(agentID) ? undefined : 'must be 0-9 are allowed' + validate: (agentID: string) => + /^\d{3,}$/.test(agentID) ? undefined : 'must be 0-9 are allowed', }); const groupIDValidation = schema.string({ minLength: 1, - validate: (agentID: string) => /^(?!^(\.{1,2}|all)$)[\w\.\-]+$/.test(agentID) ? undefined : 'must be A-z, 0-9, _, . are allowed. It must not be ., .. or all.' + validate: (agentID: string) => + /^(?!^(\.{1,2}|all)$)[\w\.\-]+$/.test(agentID) + ? undefined + : 'must be A-z, 0-9, _, . are allowed. It must not be ., .. or all.', }); const ReportFilenameValidation = schema.string({ - validate: (agentID: string) => /^[\w\-\.]+\.pdf$/.test(agentID) ? undefined : 'must be A-z, 0-9, _, ., and - are allowed. It must end with .pdf.' + validate: (agentID: string) => + /^[\w\-\.]+\.pdf$/.test(agentID) + ? undefined + : 'must be A-z, 0-9, _, ., and - are allowed. It must end with .pdf.', }); const moduleIDValidation = schema.oneOf([ @@ -53,129 +60,154 @@ export function WazuhReportingRoutes(router: IRouter) { schema.literal('tsc'), ]); - router.post({ - path: '/reports/modules/{moduleID}', - validate: { - body: schema.object({ - array: schema.any(), - browserTimezone: schema.string(), - serverSideQuery: schema.maybe(schema.any()), - filters: schema.maybe(schema.any()), - agents: schema.maybe(schema.oneOf([agentIDValidation, schema.boolean()])), - components: schema.maybe(schema.any()), - searchBar: schema.maybe(schema.string()), - section: schema.maybe(schema.string()), - tab: schema.string(), - tables: schema.maybe(schema.any()), - time: schema.oneOf([schema.object({ - from: schema.string(), - to: schema.string() - }), schema.string()]), - indexPatternTitle: schema.string(), - apiId: schema.string() - }), - params: schema.object({ - moduleID: moduleIDValidation - }) - } - }, - (context, request, response) => ctrl.createReportsModules(context, request, response) + router.post( + { + path: '/reports/modules/{moduleID}', + validate: { + body: schema.object({ + array: schema.any(), + browserTimezone: schema.string(), + serverSideQuery: schema.maybe(schema.any()), + filters: schema.maybe(schema.any()), + agents: schema.maybe( + schema.oneOf([agentIDValidation, schema.boolean()]), + ), + components: schema.maybe(schema.any()), + searchBar: schema.maybe(schema.string()), + section: schema.maybe(schema.string()), + tab: schema.string(), + tables: schema.maybe(schema.any()), + time: schema.oneOf([ + schema.object({ + from: schema.string(), + to: schema.string(), + }), + schema.string(), + ]), + indexPatternTitle: schema.string(), + apiId: schema.string(), + }), + params: schema.object({ + moduleID: moduleIDValidation, + }), + }, + }, + (context, request, response) => + ctrl.createReportsModules(context, request, response), ); - router.post({ - path: '/reports/groups/{groupID}', - validate: { - body: schema.object({ - browserTimezone: schema.string(), - filters: schema.maybe(schema.any()), - components: schema.maybe(schema.any()), - section: schema.maybe(schema.string()), - apiId: schema.string() - }), - params: schema.object({ - groupID: groupIDValidation - }) - } - }, - (context, request, response) => ctrl.createReportsGroups(context, request, response) + router.post( + { + path: '/reports/groups/{groupID}', + validate: { + body: schema.object({ + browserTimezone: schema.string(), + filters: schema.maybe(schema.any()), + components: schema.maybe(schema.any()), + section: schema.maybe(schema.string()), + apiId: schema.string(), + }), + params: schema.object({ + groupID: groupIDValidation, + }), + }, + }, + (context, request, response) => + ctrl.createReportsGroups(context, request, response), ); - router.post({ - path: '/reports/agents/{agentID}', - validate: { - body: schema.object({ - browserTimezone: schema.string(), - filters: schema.any(), - components: schema.maybe(schema.any()), - section: schema.maybe(schema.string()), - apiId: schema.string() - }), - params: schema.object({ - agentID: agentIDValidation - }) - } - }, - (context, request, response) => ctrl.createReportsAgentsConfiguration(context, request, response) + router.post( + { + path: '/reports/agents/{agentID}', + validate: { + body: schema.object({ + browserTimezone: schema.string(), + filters: schema.any(), + components: schema.maybe(schema.any()), + section: schema.maybe(schema.string()), + apiId: schema.string(), + }), + params: schema.object({ + agentID: agentIDValidation, + }), + }, + }, + (context, request, response) => + ctrl.createReportsAgentsConfiguration(context, request, response), ); - router.post({ - path: '/reports/agents/{agentID}/inventory', - validate: { - body: schema.object({ - array: schema.any(), - browserTimezone: schema.string(), - serverSideQuery: schema.maybe(schema.any()), - filters: schema.maybe(schema.any()), - agents: schema.maybe(schema.oneOf([schema.string(), schema.boolean()])), - components: schema.maybe(schema.any()), - searchBar: schema.maybe(schema.oneOf([schema.string(), schema.boolean()])), - section: schema.maybe(schema.string()), - tab: schema.string(), - tables: schema.maybe(schema.any()), - time: schema.oneOf([schema.object({ - from: schema.string(), - to: schema.string() - }), schema.string()]), - indexPatternTitle: schema.string(), - apiId: schema.string() - }), - params: schema.object({ - agentID: agentIDValidation - }) - } - }, - (context, request, response) => ctrl.createReportsAgentsInventory(context, request, response) + router.post( + { + path: '/reports/agents/{agentID}/inventory', + validate: { + body: schema.object({ + array: schema.any(), + browserTimezone: schema.string(), + serverSideQuery: schema.maybe(schema.any()), + filters: schema.maybe(schema.any()), + agents: schema.maybe( + schema.oneOf([schema.string(), schema.boolean()]), + ), + components: schema.maybe(schema.any()), + searchBar: schema.maybe( + schema.oneOf([schema.string(), schema.boolean()]), + ), + section: schema.maybe(schema.string()), + tab: schema.string(), + tables: schema.maybe(schema.any()), + time: schema.oneOf([ + schema.object({ + from: schema.string(), + to: schema.string(), + }), + schema.string(), + ]), + indexPatternTitle: schema.string(), + apiId: schema.string(), + }), + params: schema.object({ + agentID: agentIDValidation, + }), + }, + }, + (context, request, response) => + ctrl.createReportsAgentsInventory(context, request, response), ); // Fetch specific report - router.get({ - path: '/reports/{name}', - validate: { - params: schema.object({ - name: ReportFilenameValidation - }) - } - }, - (context, request, response) => ctrl.getReportByName(context, request, response) + router.get( + { + path: '/reports/{name}', + validate: { + params: schema.object({ + name: ReportFilenameValidation, + }), + }, + }, + (context, request, response) => + ctrl.getReportByName(context, request, response), ); // Delete specific report - router.delete({ - path: '/reports/{name}', - validate: { - params: schema.object({ - name: ReportFilenameValidation - }) - } - }, - (context, request, response) => ctrl.deleteReportByName(context, request, response) - ) + router.delete( + { + path: '/reports/{name}', + validate: { + params: schema.object({ + name: ReportFilenameValidation, + }), + }, + }, + (context, request, response) => + ctrl.deleteReportByName(context, request, response), + ); // Fetch the reports list - router.get({ - path: '/reports', - validate: false - }, - (context, request, response) => ctrl.getReports(context, request, response) + router.get( + { + path: '/reports', + validate: false, + }, + (context, request, response) => ctrl.getReports(context, request, response), ); } diff --git a/plugins/main/test/cypress/cypress/integration/utils/mappers/basic/modules-mapper.js b/plugins/main/test/cypress/cypress/integration/utils/mappers/basic/modules-mapper.js index d1cbc1d954..4e1a81450c 100644 --- a/plugins/main/test/cypress/cypress/integration/utils/mappers/basic/modules-mapper.js +++ b/plugins/main/test/cypress/cypress/integration/utils/mappers/basic/modules-mapper.js @@ -1,9 +1,5 @@ -import { - MODULES_PAGE -} from '../../../pageobjects/basic/settings/modules.page'; -import { - MODULES_DIRECTORY_PAGE -} from '../../../pageobjects/basic/modules-directory.page'; +import { MODULES_PAGE } from '../../../pageobjects/basic/settings/modules.page'; +import { MODULES_DIRECTORY_PAGE } from '../../../pageobjects/basic/modules-directory.page'; export const MODULES_CARDS = { 'Amazon AWS': MODULES_PAGE['amazonAWSToggleButton'], diff --git a/plugins/main/test/cypress/cypress/integration/utils/mappers/odfe/modules-mapper.js b/plugins/main/test/cypress/cypress/integration/utils/mappers/odfe/modules-mapper.js index 3cb3fa3a54..e712001b28 100644 --- a/plugins/main/test/cypress/cypress/integration/utils/mappers/odfe/modules-mapper.js +++ b/plugins/main/test/cypress/cypress/integration/utils/mappers/odfe/modules-mapper.js @@ -1,9 +1,5 @@ -import { - MODULES_PAGE -} from '../../../pageobjects/odfe/settings/modules.page'; -import { - MODULES_DIRECTORY_PAGE -} from '../../../pageobjects/odfe/modules-directory.page'; +import { MODULES_PAGE } from '../../../pageobjects/odfe/settings/modules.page'; +import { MODULES_DIRECTORY_PAGE } from '../../../pageobjects/odfe/modules-directory.page'; export const MODULES_CARDS = { 'Amazon AWS': MODULES_PAGE['amazonAWSToggleButton'], diff --git a/plugins/main/test/cypress/cypress/integration/utils/mappers/wzd/modules-mapper.js b/plugins/main/test/cypress/cypress/integration/utils/mappers/wzd/modules-mapper.js index 6de19b694d..9bedf2f43b 100644 --- a/plugins/main/test/cypress/cypress/integration/utils/mappers/wzd/modules-mapper.js +++ b/plugins/main/test/cypress/cypress/integration/utils/mappers/wzd/modules-mapper.js @@ -1,9 +1,5 @@ -import { - MODULES_PAGE -} from '../../../pageobjects/wzd/settings/modules.page'; -import { - MODULES_DIRECTORY_PAGE -} from '../../../pageobjects/wzd/modules-directory.page'; +import { MODULES_PAGE } from '../../../pageobjects/wzd/settings/modules.page'; +import { MODULES_DIRECTORY_PAGE } from '../../../pageobjects/wzd/modules-directory.page'; export const MODULES_CARDS = { 'Amazon AWS': MODULES_PAGE['amazonAWSToggleButton'], diff --git a/plugins/main/test/cypress/cypress/integration/utils/mappers/xpack/modules-mapper.js b/plugins/main/test/cypress/cypress/integration/utils/mappers/xpack/modules-mapper.js index eef8fed129..82eac62afc 100644 --- a/plugins/main/test/cypress/cypress/integration/utils/mappers/xpack/modules-mapper.js +++ b/plugins/main/test/cypress/cypress/integration/utils/mappers/xpack/modules-mapper.js @@ -1,9 +1,5 @@ -import { - MODULES_PAGE -} from '../../../pageobjects/xpack/settings/modules.page'; -import { - MODULES_DIRECTORY_PAGE -} from '../../../pageobjects/xpack/modules-directory.page'; +import { MODULES_PAGE } from '../../../pageobjects/xpack/settings/modules.page'; +import { MODULES_DIRECTORY_PAGE } from '../../../pageobjects/xpack/modules-directory.page'; export const MODULES_CARDS = { 'Amazon AWS': MODULES_PAGE['amazonAWSToggleButton'], From 2206464c727a64d947886e5868ec273bee2c5524 Mon Sep 17 00:00:00 2001 From: Guido Modarelli <38738725+guidomodarelli@users.noreply.github.com> Date: Tue, 8 Oct 2024 13:30:08 -0300 Subject: [PATCH 06/16] Update CHANGELOG.md Co-authored-by: Antonio <34042064+Desvelao@users.noreply.github.com> --- CHANGELOG.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 86a5c747ac..b8d0a947fa 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -35,7 +35,7 @@ All notable changes to the Wazuh app project will be documented in this file. - Removed agent RBAC filters from dashboard queries [#6945](https://github.com/wazuh/wazuh-dashboard-plugins/pull/6945) - Removed GET /elastic/statistics API endpoint [#7001](https://github.com/wazuh/wazuh-dashboard-plugins/pull/7001) -- Removed virustotal feature and dashboards in favor of malware dashboard [#7038](https://github.com/wazuh/wazuh-dashboard-plugins/pull/7038) +- Removed VirusTotal application in favor of Malware Detection [#7038](https://github.com/wazuh/wazuh-dashboard-plugins/pull/7038) ## Wazuh v4.9.1 - OpenSearch Dashboards 2.13.0 - Revision 01 From aed1d69e122e5e26c1f4f9df2f74427d076af59d Mon Sep 17 00:00:00 2001 From: Guido Modarelli Date: Tue, 8 Oct 2024 13:31:55 -0300 Subject: [PATCH 07/16] Add VirusTotal integration for threat detection capabilities --- plugins/main/README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/plugins/main/README.md b/plugins/main/README.md index 8a0263c001..0d60d6fd32 100644 --- a/plugins/main/README.md +++ b/plugins/main/README.md @@ -26,6 +26,7 @@ the Wazuh Indexer. The plugin provides the following capabilities: - Threat Detection and Response - Vulnerabilities: Discover what applications in your environment are affected by well-known vulnerabilities. - MITRE ATT&CK: Explore security alerts mapped to adversary tactics and techniques for better threat understanding. + - VirusTotal: Alerts resulting from VirusTotal analysis of suspicious files via an integration with their API. - Osquery: Osquery can be used to expose an operating system as a high-performance relational database. - Docker listener: Monitor and collect the activity from Docker containers such as creation, running, starting, stopping or pausing events. - Regulatory Compliance From ba7e4e17f0189a324ed82f7c4e41f60c3132502b Mon Sep 17 00:00:00 2001 From: Guido Modarelli Date: Tue, 8 Oct 2024 13:33:26 -0300 Subject: [PATCH 08/16] Restore plugins/main/public/controllers/management/components/management/configuration/configuration-settings.js --- .../management/configuration/configuration-settings.js | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/plugins/main/public/controllers/management/components/management/configuration/configuration-settings.js b/plugins/main/public/controllers/management/components/management/configuration/configuration-settings.js index 32eec21d70..bce314f057 100644 --- a/plugins/main/public/controllers/management/components/management/configuration/configuration-settings.js +++ b/plugins/main/public/controllers/management/components/management/configuration/configuration-settings.js @@ -80,6 +80,13 @@ export default [ goto: 'alerts', when: 'manager', }, + { + name: 'Integrations', + description: + 'Slack, VirusTotal and PagerDuty integrations with external APIs', + goto: 'integrations', + when: 'manager', + }, ], }, { From 14878de0b75c8262eacc7bd32fbf73beec91d04f Mon Sep 17 00:00:00 2001 From: Guido Modarelli Date: Tue, 8 Oct 2024 13:34:39 -0300 Subject: [PATCH 09/16] Restore plugins/main/public/controllers/management/components/management/configuration/integrations/integrations.js --- .../integrations/integrations.js | 52 ++++++++++++------- 1 file changed, 32 insertions(+), 20 deletions(-) diff --git a/plugins/main/public/controllers/management/components/management/configuration/integrations/integrations.js b/plugins/main/public/controllers/management/components/management/configuration/integrations/integrations.js index 28c0214e9c..4ab516beef 100644 --- a/plugins/main/public/controllers/management/components/management/configuration/integrations/integrations.js +++ b/plugins/main/public/controllers/management/components/management/configuration/integrations/integrations.js @@ -22,6 +22,12 @@ const helpLinks = [ text: 'Integration with external APIs', href: webDocumentationLink('user-manual/manager/manual-integration.html'), }, + { + text: 'VirusTotal integration', + href: webDocumentationLink( + 'user-manual/capabilities/malware-detection/virus-total-integration.html', + ), + }, { text: 'Integration reference', href: webDocumentationLink( @@ -32,6 +38,10 @@ const helpLinks = [ const defaultIntegrations = [ { title: 'Slack', description: 'Get alerts directly on Slack' }, + { + title: 'VirusTotal', + description: 'Get notified when malicious software is found', + }, { title: 'PagerDuty', description: 'Get alerts on this streamlined incident resolution software', @@ -84,26 +94,28 @@ class WzConfigurationIntegrations extends Component { /> )} {currentConfig['integrator-integration'] && - !isString(currentConfig['integrator-integration']) - ? integrations && - integrations.map((integrationInfo, key) => { - const integration = Object.assign( - this.buildIntegration(integrationInfo.name), - integrationInfo, - ); - return ( - - - - ); - }) - : null} + !isString(currentConfig['integrator-integration']) ? ( + integrations && + integrations.map((integrationInfo, key) => { + const integration = Object.assign( + this.buildIntegration(integrationInfo.name), + integrationInfo + ); + return ( + + + + ); + }) + ) + : null + } ); } From 6f8113e32abfccedc3bd6a7ca797a3ac0a0811ac Mon Sep 17 00:00:00 2001 From: Guido Modarelli Date: Tue, 8 Oct 2024 13:37:17 -0300 Subject: [PATCH 10/16] Restore test/cypress --- .../basic/modules-directory.page.js | 1 + .../basic/settings/modules.page.js | 31 +++++++------------ .../basic/wazuh-menu/wazuh-menu.page.js | 1 + .../odfe/modules-directory.page.js | 1 + .../pageobjects/odfe/settings/modules.page.js | 31 +++++++------------ .../odfe/wazuh-menu/wazuh-menu.page.js | 1 + .../pageobjects/wzd/modules-directory.page.js | 1 + .../pageobjects/wzd/settings/modules.page.js | 31 +++++++------------ .../wzd/wazuh-menu/wazuh-menu.page.js | 1 + .../xpack/modules-directory.page.js | 1 + .../xpack/settings/modules.page.js | 31 +++++++------------ .../xpack/wazuh-menu/wazuh-menu.page.js | 4 +-- .../utils/mappers/basic/modules-mapper.js | 10 ++++-- .../utils/mappers/odfe/modules-mapper.js | 10 ++++-- .../utils/mappers/wzd/modules-mapper.js | 10 ++++-- .../utils/mappers/xpack/modules-mapper.js | 10 ++++-- 16 files changed, 85 insertions(+), 90 deletions(-) diff --git a/plugins/main/test/cypress/cypress/integration/pageobjects/basic/modules-directory.page.js b/plugins/main/test/cypress/cypress/integration/pageobjects/basic/modules-directory.page.js index 1da81f4494..cfd9ee32a9 100644 --- a/plugins/main/test/cypress/cypress/integration/pageobjects/basic/modules-directory.page.js +++ b/plugins/main/test/cypress/cypress/integration/pageobjects/basic/modules-directory.page.js @@ -3,6 +3,7 @@ export const MODULES_DIRECTORY_PAGE = { gCPCard: '[data-test-subj="overviewWelcomeGcp"]', openSCAPCard: '[data-test-subj="overviewWelcomeOscap"]', cisCatCard: '[data-test-subj="overviewWelcomeCiscat"]', + virusTotalCard: '[data-test-subj="overviewWelcomeVirustotal"]', osqueryCard: '[data-test-subj="overviewWelcomeOsquery"]', dockerListenerCard: '[data-test-subj="overviewWelcomeDocker"]', gDPRCard: '[data-test-subj="overviewWelcomeGdpr"]', diff --git a/plugins/main/test/cypress/cypress/integration/pageobjects/basic/settings/modules.page.js b/plugins/main/test/cypress/cypress/integration/pageobjects/basic/settings/modules.page.js index 4317934e06..2628f3faaa 100644 --- a/plugins/main/test/cypress/cypress/integration/pageobjects/basic/settings/modules.page.js +++ b/plugins/main/test/cypress/cypress/integration/pageobjects/basic/settings/modules.page.js @@ -1,22 +1,13 @@ export const MODULES_PAGE = { - amazonAWSToggleButton: - ':nth-child(1) > .euiPanel > :nth-child(3) > :nth-child(1) > :nth-child(1) > :nth-child(4) > .euiFlexItem--flexGrowZero > .euiSwitch > button', - gCPToggleButton: - ':nth-child(1) > .euiPanel > :nth-child(3) > :nth-child(1) > :nth-child(1) > :nth-child(5) > .euiFlexItem--flexGrowZero > .euiSwitch > button', - gitHubCardToggleButton: - ':nth-child(1) > .euiPanel > :nth-child(3) > :nth-child(1) > :nth-child(1) > :nth-child(6) > .euiFlexItem--flexGrowZero > .euiSwitch > button', - openSCAPToggleButton: - ':nth-child(2) > .euiPanel > :nth-child(3) > :nth-child(1) > :nth-child(1) > :nth-child(4) > .euiFlexItem--flexGrowZero > .euiSwitch > button', - cisCatToggleButton: - ':nth-child(2) > .euiPanel > :nth-child(3) > :nth-child(1) > :nth-child(1) > :nth-child(5) > .euiFlexItem--flexGrowZero > .euiSwitch > button', - osqueryToggleButton: - ':nth-child(3) > .euiPanel > :nth-child(3) > :nth-child(1) > :nth-child(1) > :nth-child(4) > .euiFlexItem--flexGrowZero > .euiSwitch > button', - dockerListenerToggleButton: - ':nth-child(3) > .euiPanel > :nth-child(3) > :nth-child(1) > :nth-child(1) > :nth-child(5) > .euiFlexItem--flexGrowZero > .euiSwitch > button', - gDPRToggleButton: - ':nth-child(4) > .euiPanel > :nth-child(3) > :nth-child(1) > :nth-child(1) > :nth-child(3) > .euiFlexItem--flexGrowZero > .euiSwitch > button', - hIPAAToggleButton: - ':nth-child(4) > .euiPanel > :nth-child(3) > :nth-child(1) > :nth-child(1) > :nth-child(4) > .euiFlexItem--flexGrowZero > .euiSwitch > button', - tSCToggleButton: - ':nth-child(4) > .euiPanel > :nth-child(3) > :nth-child(1) > :nth-child(1) > :nth-child(5) > .euiFlexItem--flexGrowZero > .euiSwitch > button', + amazonAWSToggleButton: ':nth-child(1) > .euiPanel > :nth-child(3) > :nth-child(1) > :nth-child(1) > :nth-child(4) > .euiFlexItem--flexGrowZero > .euiSwitch > button', + gCPToggleButton: ':nth-child(1) > .euiPanel > :nth-child(3) > :nth-child(1) > :nth-child(1) > :nth-child(5) > .euiFlexItem--flexGrowZero > .euiSwitch > button', + gitHubCardToggleButton: ':nth-child(1) > .euiPanel > :nth-child(3) > :nth-child(1) > :nth-child(1) > :nth-child(6) > .euiFlexItem--flexGrowZero > .euiSwitch > button', + openSCAPToggleButton: ':nth-child(2) > .euiPanel > :nth-child(3) > :nth-child(1) > :nth-child(1) > :nth-child(4) > .euiFlexItem--flexGrowZero > .euiSwitch > button', + cisCatToggleButton: ':nth-child(2) > .euiPanel > :nth-child(3) > :nth-child(1) > :nth-child(1) > :nth-child(5) > .euiFlexItem--flexGrowZero > .euiSwitch > button', + virusTotalToggleButton: ':nth-child(3) > .euiPanel > :nth-child(3) > :nth-child(1) > :nth-child(1) > :nth-child(3) > .euiFlexItem--flexGrowZero > .euiSwitch > button', + osqueryToggleButton: ':nth-child(3) > .euiPanel > :nth-child(3) > :nth-child(1) > :nth-child(1) > :nth-child(4) > .euiFlexItem--flexGrowZero > .euiSwitch > button', + dockerListenerToggleButton: ':nth-child(3) > .euiPanel > :nth-child(3) > :nth-child(1) > :nth-child(1) > :nth-child(5) > .euiFlexItem--flexGrowZero > .euiSwitch > button', + gDPRToggleButton: ':nth-child(4) > .euiPanel > :nth-child(3) > :nth-child(1) > :nth-child(1) > :nth-child(3) > .euiFlexItem--flexGrowZero > .euiSwitch > button', + hIPAAToggleButton: ':nth-child(4) > .euiPanel > :nth-child(3) > :nth-child(1) > :nth-child(1) > :nth-child(4) > .euiFlexItem--flexGrowZero > .euiSwitch > button', + tSCToggleButton: ':nth-child(4) > .euiPanel > :nth-child(3) > :nth-child(1) > :nth-child(1) > :nth-child(5) > .euiFlexItem--flexGrowZero > .euiSwitch > button', }; diff --git a/plugins/main/test/cypress/cypress/integration/pageobjects/basic/wazuh-menu/wazuh-menu.page.js b/plugins/main/test/cypress/cypress/integration/pageobjects/basic/wazuh-menu/wazuh-menu.page.js index e4f469f63d..1f8d860b2c 100644 --- a/plugins/main/test/cypress/cypress/integration/pageobjects/basic/wazuh-menu/wazuh-menu.page.js +++ b/plugins/main/test/cypress/cypress/integration/pageobjects/basic/wazuh-menu/wazuh-menu.page.js @@ -28,6 +28,7 @@ export const WAZUH_MENU_PAGE = { cisCatLink: '[data-test-subj=menuModulesCiscatLink]', securityConfigurationAssessmentLink: '[data-test-subj=menuModulesScaLink]', vulnerabilitiesLink: '[data-test-subj=menuModulesVulsLink]', + virusTotalLink: '[data-test-subj=menuModulesVirustotalLink]', osqueryLink: '[data-test-subj=menuModulesOsqueryLink]', dockerListenerLink: '[data-test-subj=menuModulesDockerLink]', mitreAttackLink: '[data-test-subj=menuModulesMitreLink]', diff --git a/plugins/main/test/cypress/cypress/integration/pageobjects/odfe/modules-directory.page.js b/plugins/main/test/cypress/cypress/integration/pageobjects/odfe/modules-directory.page.js index 1b96cf42d7..49a40d905a 100644 --- a/plugins/main/test/cypress/cypress/integration/pageobjects/odfe/modules-directory.page.js +++ b/plugins/main/test/cypress/cypress/integration/pageobjects/odfe/modules-directory.page.js @@ -3,6 +3,7 @@ export const MODULES_DIRECTORY_PAGE = { gCPCard: '[data-test-subj="overviewWelcomeGcp"]', openSCAPCard: '[data-test-subj="overviewWelcomeOscap"]', cisCatCard: '[data-test-subj="overviewWelcomeCiscat"]', + virusTotalCard: '[data-test-subj="overviewWelcomeVirustotal"]', osqueryCard: '[data-test-subj="overviewWelcomeOsquery"]', dockerListenerCard: '[data-test-subj="overviewWelcomeDocker"]', gDPRCard: '[data-test-subj="overviewWelcomeGdpr"]', diff --git a/plugins/main/test/cypress/cypress/integration/pageobjects/odfe/settings/modules.page.js b/plugins/main/test/cypress/cypress/integration/pageobjects/odfe/settings/modules.page.js index 4317934e06..2628f3faaa 100644 --- a/plugins/main/test/cypress/cypress/integration/pageobjects/odfe/settings/modules.page.js +++ b/plugins/main/test/cypress/cypress/integration/pageobjects/odfe/settings/modules.page.js @@ -1,22 +1,13 @@ export const MODULES_PAGE = { - amazonAWSToggleButton: - ':nth-child(1) > .euiPanel > :nth-child(3) > :nth-child(1) > :nth-child(1) > :nth-child(4) > .euiFlexItem--flexGrowZero > .euiSwitch > button', - gCPToggleButton: - ':nth-child(1) > .euiPanel > :nth-child(3) > :nth-child(1) > :nth-child(1) > :nth-child(5) > .euiFlexItem--flexGrowZero > .euiSwitch > button', - gitHubCardToggleButton: - ':nth-child(1) > .euiPanel > :nth-child(3) > :nth-child(1) > :nth-child(1) > :nth-child(6) > .euiFlexItem--flexGrowZero > .euiSwitch > button', - openSCAPToggleButton: - ':nth-child(2) > .euiPanel > :nth-child(3) > :nth-child(1) > :nth-child(1) > :nth-child(4) > .euiFlexItem--flexGrowZero > .euiSwitch > button', - cisCatToggleButton: - ':nth-child(2) > .euiPanel > :nth-child(3) > :nth-child(1) > :nth-child(1) > :nth-child(5) > .euiFlexItem--flexGrowZero > .euiSwitch > button', - osqueryToggleButton: - ':nth-child(3) > .euiPanel > :nth-child(3) > :nth-child(1) > :nth-child(1) > :nth-child(4) > .euiFlexItem--flexGrowZero > .euiSwitch > button', - dockerListenerToggleButton: - ':nth-child(3) > .euiPanel > :nth-child(3) > :nth-child(1) > :nth-child(1) > :nth-child(5) > .euiFlexItem--flexGrowZero > .euiSwitch > button', - gDPRToggleButton: - ':nth-child(4) > .euiPanel > :nth-child(3) > :nth-child(1) > :nth-child(1) > :nth-child(3) > .euiFlexItem--flexGrowZero > .euiSwitch > button', - hIPAAToggleButton: - ':nth-child(4) > .euiPanel > :nth-child(3) > :nth-child(1) > :nth-child(1) > :nth-child(4) > .euiFlexItem--flexGrowZero > .euiSwitch > button', - tSCToggleButton: - ':nth-child(4) > .euiPanel > :nth-child(3) > :nth-child(1) > :nth-child(1) > :nth-child(5) > .euiFlexItem--flexGrowZero > .euiSwitch > button', + amazonAWSToggleButton: ':nth-child(1) > .euiPanel > :nth-child(3) > :nth-child(1) > :nth-child(1) > :nth-child(4) > .euiFlexItem--flexGrowZero > .euiSwitch > button', + gCPToggleButton: ':nth-child(1) > .euiPanel > :nth-child(3) > :nth-child(1) > :nth-child(1) > :nth-child(5) > .euiFlexItem--flexGrowZero > .euiSwitch > button', + gitHubCardToggleButton: ':nth-child(1) > .euiPanel > :nth-child(3) > :nth-child(1) > :nth-child(1) > :nth-child(6) > .euiFlexItem--flexGrowZero > .euiSwitch > button', + openSCAPToggleButton: ':nth-child(2) > .euiPanel > :nth-child(3) > :nth-child(1) > :nth-child(1) > :nth-child(4) > .euiFlexItem--flexGrowZero > .euiSwitch > button', + cisCatToggleButton: ':nth-child(2) > .euiPanel > :nth-child(3) > :nth-child(1) > :nth-child(1) > :nth-child(5) > .euiFlexItem--flexGrowZero > .euiSwitch > button', + virusTotalToggleButton: ':nth-child(3) > .euiPanel > :nth-child(3) > :nth-child(1) > :nth-child(1) > :nth-child(3) > .euiFlexItem--flexGrowZero > .euiSwitch > button', + osqueryToggleButton: ':nth-child(3) > .euiPanel > :nth-child(3) > :nth-child(1) > :nth-child(1) > :nth-child(4) > .euiFlexItem--flexGrowZero > .euiSwitch > button', + dockerListenerToggleButton: ':nth-child(3) > .euiPanel > :nth-child(3) > :nth-child(1) > :nth-child(1) > :nth-child(5) > .euiFlexItem--flexGrowZero > .euiSwitch > button', + gDPRToggleButton: ':nth-child(4) > .euiPanel > :nth-child(3) > :nth-child(1) > :nth-child(1) > :nth-child(3) > .euiFlexItem--flexGrowZero > .euiSwitch > button', + hIPAAToggleButton: ':nth-child(4) > .euiPanel > :nth-child(3) > :nth-child(1) > :nth-child(1) > :nth-child(4) > .euiFlexItem--flexGrowZero > .euiSwitch > button', + tSCToggleButton: ':nth-child(4) > .euiPanel > :nth-child(3) > :nth-child(1) > :nth-child(1) > :nth-child(5) > .euiFlexItem--flexGrowZero > .euiSwitch > button', }; diff --git a/plugins/main/test/cypress/cypress/integration/pageobjects/odfe/wazuh-menu/wazuh-menu.page.js b/plugins/main/test/cypress/cypress/integration/pageobjects/odfe/wazuh-menu/wazuh-menu.page.js index e4f469f63d..1f8d860b2c 100644 --- a/plugins/main/test/cypress/cypress/integration/pageobjects/odfe/wazuh-menu/wazuh-menu.page.js +++ b/plugins/main/test/cypress/cypress/integration/pageobjects/odfe/wazuh-menu/wazuh-menu.page.js @@ -28,6 +28,7 @@ export const WAZUH_MENU_PAGE = { cisCatLink: '[data-test-subj=menuModulesCiscatLink]', securityConfigurationAssessmentLink: '[data-test-subj=menuModulesScaLink]', vulnerabilitiesLink: '[data-test-subj=menuModulesVulsLink]', + virusTotalLink: '[data-test-subj=menuModulesVirustotalLink]', osqueryLink: '[data-test-subj=menuModulesOsqueryLink]', dockerListenerLink: '[data-test-subj=menuModulesDockerLink]', mitreAttackLink: '[data-test-subj=menuModulesMitreLink]', diff --git a/plugins/main/test/cypress/cypress/integration/pageobjects/wzd/modules-directory.page.js b/plugins/main/test/cypress/cypress/integration/pageobjects/wzd/modules-directory.page.js index 1b96cf42d7..49a40d905a 100644 --- a/plugins/main/test/cypress/cypress/integration/pageobjects/wzd/modules-directory.page.js +++ b/plugins/main/test/cypress/cypress/integration/pageobjects/wzd/modules-directory.page.js @@ -3,6 +3,7 @@ export const MODULES_DIRECTORY_PAGE = { gCPCard: '[data-test-subj="overviewWelcomeGcp"]', openSCAPCard: '[data-test-subj="overviewWelcomeOscap"]', cisCatCard: '[data-test-subj="overviewWelcomeCiscat"]', + virusTotalCard: '[data-test-subj="overviewWelcomeVirustotal"]', osqueryCard: '[data-test-subj="overviewWelcomeOsquery"]', dockerListenerCard: '[data-test-subj="overviewWelcomeDocker"]', gDPRCard: '[data-test-subj="overviewWelcomeGdpr"]', diff --git a/plugins/main/test/cypress/cypress/integration/pageobjects/wzd/settings/modules.page.js b/plugins/main/test/cypress/cypress/integration/pageobjects/wzd/settings/modules.page.js index 4317934e06..2628f3faaa 100644 --- a/plugins/main/test/cypress/cypress/integration/pageobjects/wzd/settings/modules.page.js +++ b/plugins/main/test/cypress/cypress/integration/pageobjects/wzd/settings/modules.page.js @@ -1,22 +1,13 @@ export const MODULES_PAGE = { - amazonAWSToggleButton: - ':nth-child(1) > .euiPanel > :nth-child(3) > :nth-child(1) > :nth-child(1) > :nth-child(4) > .euiFlexItem--flexGrowZero > .euiSwitch > button', - gCPToggleButton: - ':nth-child(1) > .euiPanel > :nth-child(3) > :nth-child(1) > :nth-child(1) > :nth-child(5) > .euiFlexItem--flexGrowZero > .euiSwitch > button', - gitHubCardToggleButton: - ':nth-child(1) > .euiPanel > :nth-child(3) > :nth-child(1) > :nth-child(1) > :nth-child(6) > .euiFlexItem--flexGrowZero > .euiSwitch > button', - openSCAPToggleButton: - ':nth-child(2) > .euiPanel > :nth-child(3) > :nth-child(1) > :nth-child(1) > :nth-child(4) > .euiFlexItem--flexGrowZero > .euiSwitch > button', - cisCatToggleButton: - ':nth-child(2) > .euiPanel > :nth-child(3) > :nth-child(1) > :nth-child(1) > :nth-child(5) > .euiFlexItem--flexGrowZero > .euiSwitch > button', - osqueryToggleButton: - ':nth-child(3) > .euiPanel > :nth-child(3) > :nth-child(1) > :nth-child(1) > :nth-child(4) > .euiFlexItem--flexGrowZero > .euiSwitch > button', - dockerListenerToggleButton: - ':nth-child(3) > .euiPanel > :nth-child(3) > :nth-child(1) > :nth-child(1) > :nth-child(5) > .euiFlexItem--flexGrowZero > .euiSwitch > button', - gDPRToggleButton: - ':nth-child(4) > .euiPanel > :nth-child(3) > :nth-child(1) > :nth-child(1) > :nth-child(3) > .euiFlexItem--flexGrowZero > .euiSwitch > button', - hIPAAToggleButton: - ':nth-child(4) > .euiPanel > :nth-child(3) > :nth-child(1) > :nth-child(1) > :nth-child(4) > .euiFlexItem--flexGrowZero > .euiSwitch > button', - tSCToggleButton: - ':nth-child(4) > .euiPanel > :nth-child(3) > :nth-child(1) > :nth-child(1) > :nth-child(5) > .euiFlexItem--flexGrowZero > .euiSwitch > button', + amazonAWSToggleButton: ':nth-child(1) > .euiPanel > :nth-child(3) > :nth-child(1) > :nth-child(1) > :nth-child(4) > .euiFlexItem--flexGrowZero > .euiSwitch > button', + gCPToggleButton: ':nth-child(1) > .euiPanel > :nth-child(3) > :nth-child(1) > :nth-child(1) > :nth-child(5) > .euiFlexItem--flexGrowZero > .euiSwitch > button', + gitHubCardToggleButton: ':nth-child(1) > .euiPanel > :nth-child(3) > :nth-child(1) > :nth-child(1) > :nth-child(6) > .euiFlexItem--flexGrowZero > .euiSwitch > button', + openSCAPToggleButton: ':nth-child(2) > .euiPanel > :nth-child(3) > :nth-child(1) > :nth-child(1) > :nth-child(4) > .euiFlexItem--flexGrowZero > .euiSwitch > button', + cisCatToggleButton: ':nth-child(2) > .euiPanel > :nth-child(3) > :nth-child(1) > :nth-child(1) > :nth-child(5) > .euiFlexItem--flexGrowZero > .euiSwitch > button', + virusTotalToggleButton: ':nth-child(3) > .euiPanel > :nth-child(3) > :nth-child(1) > :nth-child(1) > :nth-child(3) > .euiFlexItem--flexGrowZero > .euiSwitch > button', + osqueryToggleButton: ':nth-child(3) > .euiPanel > :nth-child(3) > :nth-child(1) > :nth-child(1) > :nth-child(4) > .euiFlexItem--flexGrowZero > .euiSwitch > button', + dockerListenerToggleButton: ':nth-child(3) > .euiPanel > :nth-child(3) > :nth-child(1) > :nth-child(1) > :nth-child(5) > .euiFlexItem--flexGrowZero > .euiSwitch > button', + gDPRToggleButton: ':nth-child(4) > .euiPanel > :nth-child(3) > :nth-child(1) > :nth-child(1) > :nth-child(3) > .euiFlexItem--flexGrowZero > .euiSwitch > button', + hIPAAToggleButton: ':nth-child(4) > .euiPanel > :nth-child(3) > :nth-child(1) > :nth-child(1) > :nth-child(4) > .euiFlexItem--flexGrowZero > .euiSwitch > button', + tSCToggleButton: ':nth-child(4) > .euiPanel > :nth-child(3) > :nth-child(1) > :nth-child(1) > :nth-child(5) > .euiFlexItem--flexGrowZero > .euiSwitch > button', }; diff --git a/plugins/main/test/cypress/cypress/integration/pageobjects/wzd/wazuh-menu/wazuh-menu.page.js b/plugins/main/test/cypress/cypress/integration/pageobjects/wzd/wazuh-menu/wazuh-menu.page.js index e4f469f63d..1f8d860b2c 100644 --- a/plugins/main/test/cypress/cypress/integration/pageobjects/wzd/wazuh-menu/wazuh-menu.page.js +++ b/plugins/main/test/cypress/cypress/integration/pageobjects/wzd/wazuh-menu/wazuh-menu.page.js @@ -28,6 +28,7 @@ export const WAZUH_MENU_PAGE = { cisCatLink: '[data-test-subj=menuModulesCiscatLink]', securityConfigurationAssessmentLink: '[data-test-subj=menuModulesScaLink]', vulnerabilitiesLink: '[data-test-subj=menuModulesVulsLink]', + virusTotalLink: '[data-test-subj=menuModulesVirustotalLink]', osqueryLink: '[data-test-subj=menuModulesOsqueryLink]', dockerListenerLink: '[data-test-subj=menuModulesDockerLink]', mitreAttackLink: '[data-test-subj=menuModulesMitreLink]', diff --git a/plugins/main/test/cypress/cypress/integration/pageobjects/xpack/modules-directory.page.js b/plugins/main/test/cypress/cypress/integration/pageobjects/xpack/modules-directory.page.js index 1da81f4494..cfd9ee32a9 100644 --- a/plugins/main/test/cypress/cypress/integration/pageobjects/xpack/modules-directory.page.js +++ b/plugins/main/test/cypress/cypress/integration/pageobjects/xpack/modules-directory.page.js @@ -3,6 +3,7 @@ export const MODULES_DIRECTORY_PAGE = { gCPCard: '[data-test-subj="overviewWelcomeGcp"]', openSCAPCard: '[data-test-subj="overviewWelcomeOscap"]', cisCatCard: '[data-test-subj="overviewWelcomeCiscat"]', + virusTotalCard: '[data-test-subj="overviewWelcomeVirustotal"]', osqueryCard: '[data-test-subj="overviewWelcomeOsquery"]', dockerListenerCard: '[data-test-subj="overviewWelcomeDocker"]', gDPRCard: '[data-test-subj="overviewWelcomeGdpr"]', diff --git a/plugins/main/test/cypress/cypress/integration/pageobjects/xpack/settings/modules.page.js b/plugins/main/test/cypress/cypress/integration/pageobjects/xpack/settings/modules.page.js index 4317934e06..2628f3faaa 100644 --- a/plugins/main/test/cypress/cypress/integration/pageobjects/xpack/settings/modules.page.js +++ b/plugins/main/test/cypress/cypress/integration/pageobjects/xpack/settings/modules.page.js @@ -1,22 +1,13 @@ export const MODULES_PAGE = { - amazonAWSToggleButton: - ':nth-child(1) > .euiPanel > :nth-child(3) > :nth-child(1) > :nth-child(1) > :nth-child(4) > .euiFlexItem--flexGrowZero > .euiSwitch > button', - gCPToggleButton: - ':nth-child(1) > .euiPanel > :nth-child(3) > :nth-child(1) > :nth-child(1) > :nth-child(5) > .euiFlexItem--flexGrowZero > .euiSwitch > button', - gitHubCardToggleButton: - ':nth-child(1) > .euiPanel > :nth-child(3) > :nth-child(1) > :nth-child(1) > :nth-child(6) > .euiFlexItem--flexGrowZero > .euiSwitch > button', - openSCAPToggleButton: - ':nth-child(2) > .euiPanel > :nth-child(3) > :nth-child(1) > :nth-child(1) > :nth-child(4) > .euiFlexItem--flexGrowZero > .euiSwitch > button', - cisCatToggleButton: - ':nth-child(2) > .euiPanel > :nth-child(3) > :nth-child(1) > :nth-child(1) > :nth-child(5) > .euiFlexItem--flexGrowZero > .euiSwitch > button', - osqueryToggleButton: - ':nth-child(3) > .euiPanel > :nth-child(3) > :nth-child(1) > :nth-child(1) > :nth-child(4) > .euiFlexItem--flexGrowZero > .euiSwitch > button', - dockerListenerToggleButton: - ':nth-child(3) > .euiPanel > :nth-child(3) > :nth-child(1) > :nth-child(1) > :nth-child(5) > .euiFlexItem--flexGrowZero > .euiSwitch > button', - gDPRToggleButton: - ':nth-child(4) > .euiPanel > :nth-child(3) > :nth-child(1) > :nth-child(1) > :nth-child(3) > .euiFlexItem--flexGrowZero > .euiSwitch > button', - hIPAAToggleButton: - ':nth-child(4) > .euiPanel > :nth-child(3) > :nth-child(1) > :nth-child(1) > :nth-child(4) > .euiFlexItem--flexGrowZero > .euiSwitch > button', - tSCToggleButton: - ':nth-child(4) > .euiPanel > :nth-child(3) > :nth-child(1) > :nth-child(1) > :nth-child(5) > .euiFlexItem--flexGrowZero > .euiSwitch > button', + amazonAWSToggleButton: ':nth-child(1) > .euiPanel > :nth-child(3) > :nth-child(1) > :nth-child(1) > :nth-child(4) > .euiFlexItem--flexGrowZero > .euiSwitch > button', + gCPToggleButton: ':nth-child(1) > .euiPanel > :nth-child(3) > :nth-child(1) > :nth-child(1) > :nth-child(5) > .euiFlexItem--flexGrowZero > .euiSwitch > button', + gitHubCardToggleButton: ':nth-child(1) > .euiPanel > :nth-child(3) > :nth-child(1) > :nth-child(1) > :nth-child(6) > .euiFlexItem--flexGrowZero > .euiSwitch > button', + openSCAPToggleButton: ':nth-child(2) > .euiPanel > :nth-child(3) > :nth-child(1) > :nth-child(1) > :nth-child(4) > .euiFlexItem--flexGrowZero > .euiSwitch > button', + cisCatToggleButton: ':nth-child(2) > .euiPanel > :nth-child(3) > :nth-child(1) > :nth-child(1) > :nth-child(5) > .euiFlexItem--flexGrowZero > .euiSwitch > button', + virusTotalToggleButton: ':nth-child(3) > .euiPanel > :nth-child(3) > :nth-child(1) > :nth-child(1) > :nth-child(3) > .euiFlexItem--flexGrowZero > .euiSwitch > button', + osqueryToggleButton: ':nth-child(3) > .euiPanel > :nth-child(3) > :nth-child(1) > :nth-child(1) > :nth-child(4) > .euiFlexItem--flexGrowZero > .euiSwitch > button', + dockerListenerToggleButton: ':nth-child(3) > .euiPanel > :nth-child(3) > :nth-child(1) > :nth-child(1) > :nth-child(5) > .euiFlexItem--flexGrowZero > .euiSwitch > button', + gDPRToggleButton: ':nth-child(4) > .euiPanel > :nth-child(3) > :nth-child(1) > :nth-child(1) > :nth-child(3) > .euiFlexItem--flexGrowZero > .euiSwitch > button', + hIPAAToggleButton: ':nth-child(4) > .euiPanel > :nth-child(3) > :nth-child(1) > :nth-child(1) > :nth-child(4) > .euiFlexItem--flexGrowZero > .euiSwitch > button', + tSCToggleButton: ':nth-child(4) > .euiPanel > :nth-child(3) > :nth-child(1) > :nth-child(1) > :nth-child(5) > .euiFlexItem--flexGrowZero > .euiSwitch > button', }; diff --git a/plugins/main/test/cypress/cypress/integration/pageobjects/xpack/wazuh-menu/wazuh-menu.page.js b/plugins/main/test/cypress/cypress/integration/pageobjects/xpack/wazuh-menu/wazuh-menu.page.js index 7bffaeba01..7119d9ff65 100644 --- a/plugins/main/test/cypress/cypress/integration/pageobjects/xpack/wazuh-menu/wazuh-menu.page.js +++ b/plugins/main/test/cypress/cypress/integration/pageobjects/xpack/wazuh-menu/wazuh-menu.page.js @@ -28,6 +28,7 @@ export const WAZUH_MENU_PAGE = { cisCatLink: '[data-test-subj=menuModulesCiscatLink]', securityConfigurationAssessmentLink: '[data-test-subj=menuModulesScaLink]', vulnerabilitiesLink: '[data-test-subj=menuModulesVulsLink]', + virusTotalLink: '[data-test-subj=menuModulesVirustotalLink]', osqueryLink: '[data-test-subj=menuModulesOsqueryLink]', dockerListenerLink: '[data-test-subj=menuModulesDockerLink]', mitreAttackLink: '[data-test-subj=menuModulesMitreLink]', @@ -69,8 +70,7 @@ export const WAZUH_MENU_PAGE = { //endregion //region Settings settingsApiConfigurationLink: '[data-test-subj=menuSettingsApiLink]', - settingsModulesLink: - '.wz-menu-right-side .WzManagementSideMenu [data-test-subj=menuSettingsModulesLink]', + settingsModulesLink: '.wz-menu-right-side .WzManagementSideMenu [data-test-subj=menuSettingsModulesLink]', settingsSampleDataLink: '[data-test-subj=menuSettingsSampleDataLink]', settingsConfigurationLink: '[data-test-subj=menuSettingsConfigurationLink]', settingsLogsLink: '[data-test-subj=menuSettingsLogsLink]', diff --git a/plugins/main/test/cypress/cypress/integration/utils/mappers/basic/modules-mapper.js b/plugins/main/test/cypress/cypress/integration/utils/mappers/basic/modules-mapper.js index 4e1a81450c..bb21a9d4e5 100644 --- a/plugins/main/test/cypress/cypress/integration/utils/mappers/basic/modules-mapper.js +++ b/plugins/main/test/cypress/cypress/integration/utils/mappers/basic/modules-mapper.js @@ -1,5 +1,9 @@ -import { MODULES_PAGE } from '../../../pageobjects/basic/settings/modules.page'; -import { MODULES_DIRECTORY_PAGE } from '../../../pageobjects/basic/modules-directory.page'; +import { + MODULES_PAGE +} from '../../../pageobjects/basic/settings/modules.page'; +import { + MODULES_DIRECTORY_PAGE +} from '../../../pageobjects/basic/modules-directory.page'; export const MODULES_CARDS = { 'Amazon AWS': MODULES_PAGE['amazonAWSToggleButton'], @@ -7,6 +11,7 @@ export const MODULES_CARDS = { GitHub: MODULES_PAGE['gitHubCardToggleButton'], OpenSCAP: MODULES_PAGE['openSCAPToggleButton'], 'CIS-CAT': MODULES_PAGE['cisCatToggleButton'], + VirusTotal: MODULES_PAGE['virusTotalToggleButton'], Osquery: MODULES_PAGE['osqueryToggleButton'], 'Docker listener': MODULES_PAGE['dockerListenerToggleButton'], GDPR: MODULES_PAGE['gDPRToggleButton'], @@ -20,6 +25,7 @@ export const MODULES_SETTINGS = { GitHub: MODULES_DIRECTORY_PAGE['gitHubCard'], OpenSCAP: MODULES_DIRECTORY_PAGE['openSCAPCard'], 'CIS-CAT': MODULES_DIRECTORY_PAGE['cisCatCard'], + VirusTotal: MODULES_DIRECTORY_PAGE['virusTotalCard'], Osquery: MODULES_DIRECTORY_PAGE['osqueryCard'], 'Docker listener': MODULES_DIRECTORY_PAGE['dockerListenerCard'], GDPR: MODULES_DIRECTORY_PAGE['gDPRCard'], diff --git a/plugins/main/test/cypress/cypress/integration/utils/mappers/odfe/modules-mapper.js b/plugins/main/test/cypress/cypress/integration/utils/mappers/odfe/modules-mapper.js index e712001b28..0f13240bee 100644 --- a/plugins/main/test/cypress/cypress/integration/utils/mappers/odfe/modules-mapper.js +++ b/plugins/main/test/cypress/cypress/integration/utils/mappers/odfe/modules-mapper.js @@ -1,5 +1,9 @@ -import { MODULES_PAGE } from '../../../pageobjects/odfe/settings/modules.page'; -import { MODULES_DIRECTORY_PAGE } from '../../../pageobjects/odfe/modules-directory.page'; +import { + MODULES_PAGE +} from '../../../pageobjects/odfe/settings/modules.page'; +import { + MODULES_DIRECTORY_PAGE +} from '../../../pageobjects/odfe/modules-directory.page'; export const MODULES_CARDS = { 'Amazon AWS': MODULES_PAGE['amazonAWSToggleButton'], @@ -7,6 +11,7 @@ export const MODULES_CARDS = { GitHub: MODULES_PAGE['gitHubCardToggleButton'], OpenSCAP: MODULES_PAGE['openSCAPToggleButton'], 'CIS-CAT': MODULES_PAGE['cisCatToggleButton'], + VirusTotal: MODULES_PAGE['virusTotalToggleButton'], Osquery: MODULES_PAGE['osqueryToggleButton'], 'Docker listener': MODULES_PAGE['dockerListenerToggleButton'], GDPR: MODULES_PAGE['gDPRToggleButton'], @@ -20,6 +25,7 @@ export const MODULES_SETTINGS = { GitHub: MODULES_DIRECTORY_PAGE['gitHubCard'], OpenSCAP: MODULES_DIRECTORY_PAGE['openSCAPCard'], 'CIS-CAT': MODULES_DIRECTORY_PAGE['cisCatCard'], + VirusTotal: MODULES_DIRECTORY_PAGE['virusTotalCard'], Osquery: MODULES_DIRECTORY_PAGE['osqueryCard'], 'Docker listener': MODULES_DIRECTORY_PAGE['dockerListenerCard'], GDPR: MODULES_DIRECTORY_PAGE['gDPRCard'], diff --git a/plugins/main/test/cypress/cypress/integration/utils/mappers/wzd/modules-mapper.js b/plugins/main/test/cypress/cypress/integration/utils/mappers/wzd/modules-mapper.js index 9bedf2f43b..22a70ed995 100644 --- a/plugins/main/test/cypress/cypress/integration/utils/mappers/wzd/modules-mapper.js +++ b/plugins/main/test/cypress/cypress/integration/utils/mappers/wzd/modules-mapper.js @@ -1,5 +1,9 @@ -import { MODULES_PAGE } from '../../../pageobjects/wzd/settings/modules.page'; -import { MODULES_DIRECTORY_PAGE } from '../../../pageobjects/wzd/modules-directory.page'; +import { + MODULES_PAGE +} from '../../../pageobjects/wzd/settings/modules.page'; +import { + MODULES_DIRECTORY_PAGE +} from '../../../pageobjects/wzd/modules-directory.page'; export const MODULES_CARDS = { 'Amazon AWS': MODULES_PAGE['amazonAWSToggleButton'], @@ -7,6 +11,7 @@ export const MODULES_CARDS = { GitHub: MODULES_PAGE['gitHubCardToggleButton'], OpenSCAP: MODULES_PAGE['openSCAPToggleButton'], 'CIS-CAT': MODULES_PAGE['cisCatToggleButton'], + VirusTotal: MODULES_PAGE['virusTotalToggleButton'], Osquery: MODULES_PAGE['osqueryToggleButton'], 'Docker listener': MODULES_PAGE['dockerListenerToggleButton'], GDPR: MODULES_PAGE['gDPRToggleButton'], @@ -20,6 +25,7 @@ export const MODULES_SETTINGS = { GitHub: MODULES_DIRECTORY_PAGE['gitHubCard'], OpenSCAP: MODULES_DIRECTORY_PAGE['openSCAPCard'], 'CIS-CAT': MODULES_DIRECTORY_PAGE['cisCatCard'], + VirusTotal: MODULES_DIRECTORY_PAGE['virusTotalCard'], Osquery: MODULES_DIRECTORY_PAGE['osqueryCard'], 'Docker listener': MODULES_DIRECTORY_PAGE['dockerListenerCard'], GDPR: MODULES_DIRECTORY_PAGE['gDPRCard'], diff --git a/plugins/main/test/cypress/cypress/integration/utils/mappers/xpack/modules-mapper.js b/plugins/main/test/cypress/cypress/integration/utils/mappers/xpack/modules-mapper.js index 82eac62afc..3fe4616936 100644 --- a/plugins/main/test/cypress/cypress/integration/utils/mappers/xpack/modules-mapper.js +++ b/plugins/main/test/cypress/cypress/integration/utils/mappers/xpack/modules-mapper.js @@ -1,5 +1,9 @@ -import { MODULES_PAGE } from '../../../pageobjects/xpack/settings/modules.page'; -import { MODULES_DIRECTORY_PAGE } from '../../../pageobjects/xpack/modules-directory.page'; +import { + MODULES_PAGE +} from '../../../pageobjects/xpack/settings/modules.page'; +import { + MODULES_DIRECTORY_PAGE +} from '../../../pageobjects/xpack/modules-directory.page'; export const MODULES_CARDS = { 'Amazon AWS': MODULES_PAGE['amazonAWSToggleButton'], @@ -7,6 +11,7 @@ export const MODULES_CARDS = { GitHub: MODULES_PAGE['gitHubCardToggleButton'], OpenSCAP: MODULES_PAGE['openSCAPToggleButton'], 'CIS-CAT': MODULES_PAGE['cisCatToggleButton'], + VirusTotal: MODULES_PAGE['virusTotalToggleButton'], Osquery: MODULES_PAGE['osqueryToggleButton'], 'Docker listener': MODULES_PAGE['dockerListenerToggleButton'], GDPR: MODULES_PAGE['gDPRToggleButton'], @@ -20,6 +25,7 @@ export const MODULES_SETTINGS = { GitHub: MODULES_DIRECTORY_PAGE['gitHubCard'], OpenSCAP: MODULES_DIRECTORY_PAGE['openSCAPCard'], 'CIS-CAT': MODULES_DIRECTORY_PAGE['cisCatCard'], + VirusTotal: MODULES_DIRECTORY_PAGE['virusTotalCard'], Osquery: MODULES_DIRECTORY_PAGE['osqueryCard'], 'Docker listener': MODULES_DIRECTORY_PAGE['dockerListenerCard'], GDPR: MODULES_DIRECTORY_PAGE['gDPRCard'], From f3f142a2e0d3ec36aa6e56f2d1089205d2e4de75 Mon Sep 17 00:00:00 2001 From: Guido Modarelli Date: Tue, 8 Oct 2024 13:38:59 -0300 Subject: [PATCH 11/16] Restore scripts/wazuh-alerts-generator/cli.js --- scripts/wazuh-alerts-generator/cli.js | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/scripts/wazuh-alerts-generator/cli.js b/scripts/wazuh-alerts-generator/cli.js index 15f426b590..960cb418df 100644 --- a/scripts/wazuh-alerts-generator/cli.js +++ b/scripts/wazuh-alerts-generator/cli.js @@ -108,7 +108,13 @@ 'windows', ], 'auditing-policy-monitoring': ['audit', 'ciscat', 'openscap', 'rootcheck'], - 'thread-detection': ['docker', 'mitre', 'osquery', 'vulnerabilities'], + 'thread-detection': [ + 'docker', + 'mitre', + 'osquery', + 'virustotal', + 'vulnerabilities', + ], }; function displayHelp() { From 52565172b44565c5d4baf045c642d17557c968c4 Mon Sep 17 00:00:00 2001 From: Guido Modarelli Date: Tue, 8 Oct 2024 13:40:24 -0300 Subject: [PATCH 12/16] Restore plugins/main/public/components/add-modules-data/sample-data.tsx --- plugins/main/public/components/add-modules-data/sample-data.tsx | 2 ++ 1 file changed, 2 insertions(+) diff --git a/plugins/main/public/components/add-modules-data/sample-data.tsx b/plugins/main/public/components/add-modules-data/sample-data.tsx index 4c9839ebec..ee7ab442ca 100644 --- a/plugins/main/public/components/add-modules-data/sample-data.tsx +++ b/plugins/main/public/components/add-modules-data/sample-data.tsx @@ -37,6 +37,7 @@ import { malwareDetection, mitreAttack, office365, + virustotal, vulnerabilityDetection, } from '../../utils/applications'; @@ -50,6 +51,7 @@ const sampleSecurityInformationApplication = [ const sampleThreatDetectionApplication = [ vulnerabilityDetection.title, + virustotal.title, docker.title, mitreAttack.title, ]; From 093cdb3bbb41d8456893a7cf8414799124762270 Mon Sep 17 00:00:00 2001 From: Guido Modarelli Date: Wed, 9 Oct 2024 11:07:10 -0300 Subject: [PATCH 13/16] Add Virustotal application to Applications list --- plugins/main/public/utils/applications.ts | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/plugins/main/public/utils/applications.ts b/plugins/main/public/utils/applications.ts index 76ecbc060c..3bdceab453 100644 --- a/plugins/main/public/utils/applications.ts +++ b/plugins/main/public/utils/applications.ts @@ -232,6 +232,12 @@ export const mitreAttack = { }`, }; +export const virustotal = { + title: i18n.translate('wz-app-virustotal-title', { + defaultMessage: 'VirusTotal', + }), +}; + const pciDss = { category: 'wz-category-security-operations', id: 'pci-dss', @@ -816,6 +822,7 @@ export const Applications = [ threatHunting, vulnerabilityDetection, mitreAttack, + virustotal, pciDss, hipaa, gdpr, From 202fd4bccd2a938ffc568a03848cd79de9a67edc Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Antonio=20David=20Guti=C3=A9rrez?= Date: Fri, 11 Oct 2024 15:23:42 +0200 Subject: [PATCH 14/16] fix: error registering unwanted application and move VirusTotal sample data to Malware detection category --- plugins/main/common/constants.ts | 2 +- .../add-modules-data/sample-data.tsx | 23 ++++++++++--------- plugins/main/public/utils/applications.ts | 7 ------ plugins/wazuh-core/common/constants.ts | 2 +- 4 files changed, 14 insertions(+), 20 deletions(-) diff --git a/plugins/main/common/constants.ts b/plugins/main/common/constants.ts index 382a7e37a6..40ef55817b 100644 --- a/plugins/main/common/constants.ts +++ b/plugins/main/common/constants.ts @@ -81,11 +81,11 @@ export const WAZUH_SAMPLE_ALERTS_CATEGORIES_TYPE_ALERTS = { { audit: true }, { openscap: true }, { ciscat: true }, + { virustotal: true }, { yara: true }, ], [WAZUH_SAMPLE_ALERTS_CATEGORY_THREAT_DETECTION]: [ { vulnerabilities: true }, - { virustotal: true }, { osquery: true }, { docker: true }, { mitre: true }, diff --git a/plugins/main/public/components/add-modules-data/sample-data.tsx b/plugins/main/public/components/add-modules-data/sample-data.tsx index ee7ab442ca..96ed36ea5d 100644 --- a/plugins/main/public/components/add-modules-data/sample-data.tsx +++ b/plugins/main/public/components/add-modules-data/sample-data.tsx @@ -37,7 +37,6 @@ import { malwareDetection, mitreAttack, office365, - virustotal, vulnerabilityDetection, } from '../../utils/applications'; @@ -47,14 +46,20 @@ const sampleSecurityInformationApplication = [ office365.title, googleCloud.title, github.title, -]; + 'authorization', + 'ssh', + 'web', +].join(', '); const sampleThreatDetectionApplication = [ vulnerabilityDetection.title, - virustotal.title, docker.title, mitreAttack.title, -]; +].join(', '); + +const sampleThreatMalwareDetection = ['malware', 'VirusTotal', 'YARA'].join( + ', ', +); export default class WzSampleData extends Component { categories: { @@ -77,23 +82,19 @@ export default class WzSampleData extends Component { this.categories = [ { title: 'Sample security information', - description: `Sample data, visualizations and dashboards for security information (${sampleSecurityInformationApplication.join( - ', ', - )}, authorization, ssh, web).`, + description: `Sample data, visualizations and dashboards for security information (${sampleSecurityInformationApplication}).`, image: '', categorySampleAlertsIndex: 'security', }, { title: `Sample ${malwareDetection.title}`, - description: `Sample data, visualizations and dashboards for events of ${malwareDetection.title} (${malwareDetection.title}).`, + description: `Sample data, visualizations and dashboards for events of ${malwareDetection.title} (${sampleThreatMalwareDetection}).`, image: '', categorySampleAlertsIndex: 'auditing-policy-monitoring', }, { title: 'Sample threat detection and response', - description: `Sample data, visualizations and dashboards for threat events of detection and response (${sampleThreatDetectionApplication.join( - ', ', - )}).`, + description: `Sample data, visualizations and dashboards for threat events of detection and response (${sampleThreatDetectionApplication}).`, image: '', categorySampleAlertsIndex: 'threat-detection', }, diff --git a/plugins/main/public/utils/applications.ts b/plugins/main/public/utils/applications.ts index 3bdceab453..76ecbc060c 100644 --- a/plugins/main/public/utils/applications.ts +++ b/plugins/main/public/utils/applications.ts @@ -232,12 +232,6 @@ export const mitreAttack = { }`, }; -export const virustotal = { - title: i18n.translate('wz-app-virustotal-title', { - defaultMessage: 'VirusTotal', - }), -}; - const pciDss = { category: 'wz-category-security-operations', id: 'pci-dss', @@ -822,7 +816,6 @@ export const Applications = [ threatHunting, vulnerabilityDetection, mitreAttack, - virustotal, pciDss, hipaa, gdpr, diff --git a/plugins/wazuh-core/common/constants.ts b/plugins/wazuh-core/common/constants.ts index 604ab8db86..3b51f2e9bf 100644 --- a/plugins/wazuh-core/common/constants.ts +++ b/plugins/wazuh-core/common/constants.ts @@ -82,11 +82,11 @@ export const WAZUH_SAMPLE_ALERTS_CATEGORIES_TYPE_ALERTS = { { audit: true }, { openscap: true }, { ciscat: true }, + { virustotal: true }, { yara: true }, ], [WAZUH_SAMPLE_ALERTS_CATEGORY_THREAT_DETECTION]: [ { vulnerabilities: true }, - { virustotal: true }, { osquery: true }, { docker: true }, { mitre: true }, From fc228a3c9405d03f5cb84df462bad1227f9c96be Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Antonio=20David=20Guti=C3=A9rrez?= Date: Fri, 11 Oct 2024 15:26:36 +0200 Subject: [PATCH 15/16] fix: move VirusTotal sample data to Malware detection category in script --- scripts/wazuh-alerts-generator/cli.js | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/scripts/wazuh-alerts-generator/cli.js b/scripts/wazuh-alerts-generator/cli.js index 960cb418df..bb76d94843 100644 --- a/scripts/wazuh-alerts-generator/cli.js +++ b/scripts/wazuh-alerts-generator/cli.js @@ -107,14 +107,15 @@ 'web', 'windows', ], - 'auditing-policy-monitoring': ['audit', 'ciscat', 'openscap', 'rootcheck'], - 'thread-detection': [ - 'docker', - 'mitre', - 'osquery', + 'auditing-policy-monitoring': [ + 'audit', + 'ciscat', + 'openscap', + 'rootcheck', 'virustotal', - 'vulnerabilities', + 'yara', ], + 'thread-detection': ['docker', 'mitre', 'osquery', 'vulnerabilities'], }; function displayHelp() { From 5d32ec29edfe7785a3af18b09b81326bf9bd85a5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Antonio=20David=20Guti=C3=A9rrez?= Date: Fri, 11 Oct 2024 15:35:39 +0200 Subject: [PATCH 16/16] fix: enhance variable name --- .../main/public/components/add-modules-data/sample-data.tsx | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/plugins/main/public/components/add-modules-data/sample-data.tsx b/plugins/main/public/components/add-modules-data/sample-data.tsx index 96ed36ea5d..d3c33250af 100644 --- a/plugins/main/public/components/add-modules-data/sample-data.tsx +++ b/plugins/main/public/components/add-modules-data/sample-data.tsx @@ -57,9 +57,7 @@ const sampleThreatDetectionApplication = [ mitreAttack.title, ].join(', '); -const sampleThreatMalwareDetection = ['malware', 'VirusTotal', 'YARA'].join( - ', ', -); +const sampleMalwareDetection = ['malware', 'VirusTotal', 'YARA'].join(', '); export default class WzSampleData extends Component { categories: { @@ -88,7 +86,7 @@ export default class WzSampleData extends Component { }, { title: `Sample ${malwareDetection.title}`, - description: `Sample data, visualizations and dashboards for events of ${malwareDetection.title} (${sampleThreatMalwareDetection}).`, + description: `Sample data, visualizations and dashboards for events of ${malwareDetection.title} (${sampleMalwareDetection}).`, image: '', categorySampleAlertsIndex: 'auditing-policy-monitoring', },