Merge branch '4.9.0' of https://github.com/wazuh/wazuh-kibana-app int…

…o feat/6549-remove-angularjs-controller-management

CHANGELOG.md

@@ -13,6 +13,7 @@ All notable changes to the Wazuh app project will be documented in this file.
 - Added propagation of updates from the table to dashboard visualizations in Endpoints summary [#6460](https://github.com/wazuh/wazuh-dashboard-plugins/pull/6460)
 - Handle index pattern selector on new discover [#6499](https://github.com/wazuh/wazuh-dashboard-plugins/pull/6499)
 - Added macOS log collector tab [#6545](https://github.com/wazuh/wazuh-dashboard-plugins/pull/6545)
+- Added journald log collector tab [#6572](https://github.com/wazuh/wazuh-dashboard-plugins/pull/6572)
 
 ### Changed
 
@@ -23,14 +24,16 @@ All notable changes to the Wazuh app project will be documented in this file.
 - Change the view of API is down and check connection to Server APIs application [#6337](https://github.com/wazuh/wazuh-dashboard-plugins/pull/6337)
 - Changed the usage of the endpoint GET /groups/{group_id}/files/{file_name} [#6385](https://github.com/wazuh/wazuh-dashboard-plugins/pull/6385)
 - Refactoring and redesign endpoints summary visualizations [#6268](https://github.com/wazuh/wazuh-dashboard-plugins/pull/6268)
+- Move AngularJS settings controller to ReactJS [#6580](https://github.com/wazuh/wazuh-dashboard-plugins/pull/6580)
 - Move AngularJS controller and view for manage groups to ReactJS [#6543](https://github.com/wazuh/wazuh-dashboard-plugins/pull/6543)
 - Move AngularJS controllers and views of Tools and Dev Tools to ReactJS [#6544](https://github.com/wazuh/wazuh-dashboard-plugins/pull/6544)
 - Move the AngularJS controller and template of blank screen to ReactJS component [#6538](https://github.com/wazuh/wazuh-dashboard-plugins/pull/6538)
+- Move AngularJS controller for management to ReactJS component [#6555](https://github.com/wazuh/wazuh-dashboard-plugins/pull/6555)
 - Moved the registry data to in-memory cache [#6481](https://github.com/wazuh/wazuh-dashboard-plugins/pull/6481)
 - Enhance the validation for `enrollment.dns` on App Settings application [#6573](https://github.com/wazuh/wazuh-dashboard-plugins/pull/6573)
 - Remove AngularJS controller for manage groups [#6543](https://github.com/wazuh/wazuh-dashboard-plugins/pull/6543)
 - Remove some branding references across the application. [#6155](https://github.com/wazuh/wazuh-dashboard-plugins/pull/6155)
-- Remove AngularJS controller for management [#6555](https://github.com/wazuh/wazuh-dashboard-plugins/pull/6555)
+- Implement new data source feature on MITRE ATT&CK module [#6482](https://github.com/wazuh/wazuh-dashboard-plugins/pull/6482)
 
 ### Fixed
 
@@ -42,6 +45,7 @@ All notable changes to the Wazuh app project will be documented in this file.
 - Removed API endpoint GET /api/timestamp [#6481](https://github.com/wazuh/wazuh-dashboard-plugins/pull/6481)
 - Removed API endpoint PUT /api/update-hostname/{id} [#6481](https://github.com/wazuh/wazuh-dashboard-plugins/pull/6481)
 - Removed API endpoint DELETE /hosts/remove-orphan-entries [#6481](https://github.com/wazuh/wazuh-dashboard-plugins/pull/6481)
+- Remove AngularJS component `click-action` [#6613](https://github.com/wazuh/wazuh-dashboard-plugins/pull/6613)
 
 ## Wazuh v4.8.2 - OpenSearch Dashboards 2.10.0 - Revision 00
 

docker/imposter/agents/configuration/logcollector-localfile.json

@@ -1,132 +1,150 @@
 {
   "data": {
     "localfile": [
+      {
+        "logformat": "journald",
+        "ignore_binaries": "no",
+        "only-future-events": "no",
+        "target": ["agent1"],
+        "filters": [
+          [
+            {
+              "field": "_KERNEL_DEVICE",
+              "expression": ".kernel1",
+              "ignore_if_missing": false
+            }
+          ],
+          [
+            {
+              "field": "_SYSTEMD_UNIT",
+              "expression": "^cron.service$",
+              "ignore_if_missing": false
+            },
+            {
+              "field": "CUSTOM",
+              "expression": "0|1|2",
+              "ignore_if_missing": true
+            }
+          ]
+        ],
+        "filters_disabled": false
+      },
+      {
+        "logformat": "journald",
+        "ignore_binaries": "no",
+        "only-future-events": "yes",
+        "target": ["agent2"]
+      },
+      {
+        "logformat": "journald",
+        "ignore_binaries": "no",
+        "only-future-events": "yes",
+        "target": ["agent3"],
+        "filters": [
+          {
+            "field": "_KERNEL_DEVICE",
+            "expression": ".",
+            "ignore_if_missing": false
+          }
+        ],
+        "filters_disabled": false
+      },
       {
         "logformat": "macos",
         "query": {
           "value": "(process == \"sudo\") or (process == \"sessionlogoutd\" and message contains \"logout is complete.\") or (process == \"sshd\") or (process == \"tccd\" and message contains \"Update Access Record\") or (message contains \"SessionAgentNotificationCenter\") or (process == \"screensharingd\" and message contains \"Authentication\") or (process == \"securityd\" and eventMessage contains \"Session\" and subsystem == \"com.apple.securityd\")",
           "level": "info",
-          "type": [
-            "log",
-            "activity",
-            "trace"
-          ]
+          "type": ["log", "activity", "trace"]
         },
         "ignore_binaries": "no",
         "only-future-events": "yes",
-        "target": [
-          "agent"
-        ]
+        "target": ["agent"]
       },
       {
         "logformat": "command",
         "command": "df -P",
         "alias": "df -P",
         "ignore_binaries": "no",
-        "target": [
-          "agent"
-        ],
+        "target": ["agent"],
         "frequency": 360
       },
       {
         "logformat": "full_command",
         "command": "netstat -tulpn | sed 's/\\([[:alnum:]]\\+\\)\\ \\+[[:digit:]]\\+\\ \\+[[:digit:]]\\+\\ \\+\\(.*\\):\\([[:digit:]]*\\)\\ \\+\\([0-9\\.\\:\\*]\\+\\).\\+\\ \\([[:digit:]]*\\/[[:alnum:]\\-]*\\).*/\\1 \\2 == \\3 == \\4 \\5/' | sort -k 4 -g | sed 's/ == \\(.*\\) ==/:\\1/' | sed 1,2d",
         "alias": "netstat listening ports",
         "ignore_binaries": "no",
-        "target": [
-          "agent"
-        ],
+        "target": ["agent"],
         "frequency": 360
       },
       {
         "logformat": "full_command",
         "command": "last -n 20",
         "alias": "last -n 20",
         "ignore_binaries": "no",
-        "target": [
-          "agent"
-        ],
+        "target": ["agent"],
         "frequency": 360
       },
       {
         "file": "/var/log/test.log",
         "logformat": "syslog",
         "ignore_binaries": "no",
         "only-future-events": "yes",
-        "target": [
-          "agent"
-        ]
+        "target": ["agent"]
       },
       {
         "file": "/var/log/nginx/access.log",
         "logformat": "apache",
         "ignore_binaries": "no",
         "only-future-events": "yes",
-        "target": [
-          "agent"
-        ]
+        "target": ["agent"]
       },
       {
         "file": "/var/log/nginx/error.log",
         "logformat": "apache",
         "ignore_binaries": "no",
         "only-future-events": "yes",
-        "target": [
-          "agent"
-        ]
+        "target": ["agent"]
       },
       {
         "file": "/var/ossec/logs/active-responses.log",
         "logformat": "syslog",
         "ignore_binaries": "no",
         "only-future-events": "yes",
-        "target": [
-          "agent"
-        ]
+        "target": ["agent"]
       },
       {
         "file": "/var/log/auth.log",
         "logformat": "syslog",
         "ignore_binaries": "no",
         "only-future-events": "yes",
-        "target": [
-          "agent"
-        ]
+        "target": ["agent"]
       },
       {
         "file": "/var/log/syslog",
         "logformat": "syslog",
         "ignore_binaries": "no",
         "only-future-events": "yes",
-        "target": [
-          "agent"
-        ]
+        "target": ["agent"]
       },
       {
         "file": "/var/log/dpkg.log",
         "logformat": "syslog",
         "ignore_binaries": "no",
         "only-future-events": "yes",
-        "target": [
-          "agent"
-        ]
+        "target": ["agent"]
       },
       {
         "file": "/var/log/kern.log",
         "logformat": "syslog",
         "ignore_binaries": "no",
         "only-future-events": "yes",
-        "target": [
-          "agent"
-        ]
+        "target": ["agent"]
       },
       {
         "channel": "Application",
         "logformat": "eventlog",
         "ignore_binaries": "no",
-        "target": [
-          "agent"
-        ]
+        "target": ["agent"]
       },
       {
         "channel": "Security",
@@ -136,58 +154,46 @@
         },
         "ignore_binaries": "no",
         "only-future-events": "yes",
-        "target": [
-          "agent"
-        ],
+        "target": ["agent"],
         "reconnect_time": 5
       },
       {
         "channel": "System",
         "logformat": "eventlog",
         "ignore_binaries": "no",
-        "target": [
-          "agent"
-        ]
+        "target": ["agent"]
       },
       {
         "file": "active-response\\active-responses.log",
         "logformat": "syslog",
         "ignore_binaries": "no",
         "only-future-events": "yes",
-        "target": [
-          "agent"
-        ]
+        "target": ["agent"]
       },
       {
         "channel": "Microsoft-Windows-Sysmon/Operational",
         "logformat": "eventchannel",
         "ignore_binaries": "no",
         "only-future-events": "yes",
-        "target": [
-          "agent"
-        ],
+        "target": ["agent"],
         "reconnect_time": 5
       },
       {
         "channel": "Microsoft-Windows-Windows Defender/Operational",
         "logformat": "eventchannel",
         "ignore_binaries": "no",
         "only-future-events": "yes",
-        "target": [
-          "agent"
-        ],
+        "target": ["agent"],
         "reconnect_time": 5
       },
       {
         "file": "C:\\inetpub\\logs\\LogFiles\\W3SVC1\\u_ex240321.log",
         "logformat": "iis",
         "ignore_binaries": "no",
         "only-future-events": "yes",
-        "target": [
-          "agent"
-        ]
+        "target": ["agent"]
       }
     ]
   },
   "error": 0
-}
+}

plugins/main/common/constants.ts

@@ -227,7 +227,12 @@ export const DATA_SOURCE_FILTER_CONTROLLED_PINNED_AGENT = 'pinned-agent';
 export const DATA_SOURCE_FILTER_CONTROLLED_CLUSTER_MANAGER = 'cluster-manager';
 export const DATA_SOURCE_FILTER_CONTROLLED_VULNERABILITIES_RULE_GROUP =
   'vulnerabilities-rule-group';
-
+export const DATA_SOURCE_FILTER_CONTROLLED_MITRE_ATTACK_RULE =
+  'mitre-attack-rule';
+export const DATA_SOURCE_FILTER_CONTROLLED_MITRE_ATTACK_RULE_ID =
+  'hidden-mitre-attack-rule-id';
+export const DATA_SOURCE_FILTER_CONTROLLED_VIRUSTOTAL_RULE_GROUP =
+  'virustotal-rule-group';
 // Wazuh links
 export const WAZUH_LINK_GITHUB = 'https://github.com/wazuh';
 export const WAZUH_LINK_GOOGLE_GROUPS =