Implement new data source feature on MITRE ATT&CK module #6482

JuanGarriuz · 2024-03-06T13:00:00Z

Description

Implement the embeddable dashboard on MITRE ATT&CK -> dashboard tab and deprecate any use of kibana-integrations components.

Issues Resolved

[Remove discover] Implement embeddable dashboard on MITRE ATT&CK module

Evidence

Test cases

Note

The global, dashboard, and discover tests cases are the same as the vulnerabilities module: #6534

Global

Test	Chrome	Firefox	Safari
Check data results consistency between inventory and dashboard tab	⚫	⚫	⚫
Check the filters persist between the inventory and dashboard tab	⚫	⚫	⚫
Check the filters are cleaned when throwing in the events tab	⚫	⚫	⚫
Check cluster-manager filter on tabs. Must be applied when the tab is shown (all tabs)	⚫	⚫	⚫
Check rule.mitre.id filter on Events and Framework tab	⚫	⚫	⚫
Check pinned agent filter on tabs	⚫	⚫	⚫
Check the request with hidden filters applied (allow agents, hide manager alerts)	⚫	⚫	⚫
Check the fixer filter cannot be removed from the filter bar (the remove icon is hidden)	⚫	⚫	⚫

Check data results consistency between inventory and dashboard tab

Check the filters persist between the inventory and dashboard tab

Check the filters are cleaned when throwing in the events tab

Check cluster-manager filter on tabs. Must be applied when the tab is shown (all tabs)

Check rule.mitre.id filter on Events and Framework tab

Check pinned agent filter on tabs

Check the request with hidden filters applied (allow agents, hide manager alerts)

Enable/disable the hideManagerAlerts settings on App Settings

Check the fixed filter cannot be removed from the filter bar

Dashboard tab

Test	Chrome	Firefox	Safari
Use search bar input to filter any word and check if the dashboard shows the corresponding results	⚫	⚫	⚫
Select an option from one of the recommended filters and check that the corresponding filter is added and the dashboard changes according to the applied filter	⚫	⚫	⚫
Add a filter through interaction with a visualization and check that the dashboard updates	⚫	⚫	⚫
Use the input and type an incorrect word to check if the no results message is shown	⚫	⚫	⚫

Use search bar input to filter any word and check if the dashboard shows the corresponding results

Select an option from one of the recommended filters and check that the corresponding filter is added and the dashboard changes according to the applied filter

Add a filter through interaction with a visualization and check that the dashboard updates

Use the input and type an incorrect word to check if the no results message is shown

Framework tab

Note

The framework tab must work like latest stable version

Test	Chrome	Firefox	Safari
Use the search bar and check that the tactics and techniques results are consistent	⚫	⚫	⚫
Use the table controls and search bar	⚫	⚫	⚫
Use the redirect icons in the technique element	⚫	⚫	⚫
Check the flyout discover filters	⚫	⚫	⚫
Compare events hits quantity between techniques table and flyout events	⚫	⚫	⚫
Check the technique details and redirects	⚫	⚫	⚫
Click on recent events right icons and check redirects	⚫	⚫	⚫
Use the search bar, time picker and filter manager and check consistency (the global filter must not be affected)	⚫	⚫	⚫
Sort events flyout table using the header and use the pagination	⚫	⚫	⚫
Click on events row redirects	⚫	⚫	⚫
Check expanded row document data consistency	⚫	⚫	⚫
Apply filters on the discover flyout using the rule tab links and check the View in Rules link	⚫	⚫	⚫

Use the search bar and check that the tactics and techniques results are consistent

Screen.Recording.2024-04-18.at.13.03.30.mov

-Use the table controls and search bar

Screen.Recording.2024-04-18.at.13.07.05.mov

Use the redirect icons in the technique element

Screen.Recording.2024-04-18.at.13.09.42.mov

Check the flyout discover filters

Note

The flyout discover must receive the filters from the framework's main search like hidden (only are used to fetch the data)

Screen.Recording.2024-04-18.at.13.13.20.mov

Compare events hits quantity between techniques table and flyout events

Screen.Recording.2024-04-18.at.13.15.45.mov

Check the technique details and redirects

Screen.Recording.2024-04-18.at.13.19.09.mov

Click on recent events right icons and check redirects

Screen.Recording.2024-04-18.at.13.20.48.mov

Use the search bar, time picker and filter manager and check consistency (the global filter must not be affected)

Screen.Recording.2024-04-18.at.13.23.43.mov

Sort events flyout table using the header and use the pagination

Screen.Recording.2024-04-18.at.13.26.10.mov

Click on events row redirects

Screen.Recording.2024-04-18.at.13.27.37.mov

Check expanded row document data consistency

Screen.Recording.2024-04-18.at.13.29.58.mov

Apply filters on the discover flyout using the rule tab links and check the View in Rules link

Screen.Recording.2024-04-18.at.13.31.45.mov

Events tab (Discover)

Search bar

Test	Chrome	Firefox	Safari
Apply filters using search bar input	⚫	⚫	⚫
Apply filters using the search bar `add filter` feature	⚫	⚫	⚫
Apply filters using the date picker	⚫	⚫	⚫
Apply filters with no results (Check the `No results match your search criteria` message)	⚫	⚫	⚫
Use the `saved queries` feature (Check saved queries CRUD)	⚫	⚫	⚫

Apply filters using search bar input

Apply filters using the search bar add filter feature

Apply filters using the date picker

Apply filters with no results (Check the No results match your search criteria message)

Use the saved queries feature (Check saved queries CRUD)

Histogram chart

Test	Chrome	Firefox	Safari
Check histogram chart hits consistency	⚫	⚫	⚫
Use chart options (three points: maximize, minimize, inspect)	⚫	⚫	⚫

Check histogram chart hits consistency

Use chart options (three points: maximize, minimize, inspect)

Data grid

Test	Chrome	Firefox	Safari
Check all table header features (sort, show/hide columns, density, etc)	⚫	⚫	⚫
Check table pagination and rows per page	⚫	⚫	⚫
Check document detail flyout	⚫	⚫	⚫

Check all table header features (sort, show/hide columns, density, etc)

Check table pagination and rows per page

Check document detail flyout

Check List

All tests pass
- yarn test:jest
New functionality includes testing.
New functionality has been documented.
Update CHANGELOG.md
Commits are signed per the DCO using --signoff

…-MITRE-ATTACK

github-actions · 2024-04-17T11:02:16Z

Wazuh Core plugin code coverage (Jest) test	%	values
Statements	45.37%	( 397 / 875 )
Branches	41.31%	( 157 / 380 )
Functions	43.83%	( 135 / 308 )
Lines	45.61%	( 395 / 866 )

github-actions · 2024-04-17T11:02:22Z

Wazuh Check Updates plugin code coverage (Jest) test	%	values
Statements	76.44%	( 172 / 225 )
Branches	58.65%	( 61 / 104 )
Functions	61.7%	( 29 / 47 )
Lines	76.44%	( 172 / 225 )

github-actions · 2024-04-17T11:06:44Z

Main plugin code coverage (Jest) test	%	values
Statements	10.77%	( 3755 / 34838 )
Branches	7.25%	( 1653 / 22769 )
Functions	10.49%	( 871 / 8302 )
Lines	10.92%	( 3649 / 33400 )

… cluster module (#6561) * Migrated Server Management Cluster to embeddables without cluster controller * Fixed width of Cluster Configuration section * Rendering conditions are adjusted and clean code * Deleted controller and visualization monitoring files * Integrated data-source implementation * Fixed configuration_cards itemsList, the code is improved and unnecessary code is removed * Added HOC withGuardAsync * Changed the source of clusterEnabled information to that provided by the API * Changed ClusterOverview component class to functional and fixed error on checkClusterIsEnabledAndRunning * Added more dependencies in useEffect on Cluster Dashboard * Added error handling to cluster-disabled component * Fixed alert.timestamp field on SampleData

…#6542) * Migrated visualizations to embeddables * Changed searchbar and node selector * Cleaned dashboard obsolete code * Added selectedNodeFilter * Integrated new data source on statistics * Fixed statistics index without data. * Added apiName filter * Fixed nodeName filter when a node is selected in cluster mode * Added No results message, fixed allow agents filters on request and cleaned obsolete code * Changed condition of apiName filter, validation of statistics-data-source-repository and abstracted behavior between DashboardListenerEngineStatistics and DashboardAnalysisEngineStatistics * Deleted unused use-build-statistics-visualizations hook * Fixed information message depending on active tab * Added withUserAuthorizationPrompt to add protection with the user permissions check * remove(statistics): unused message definitions * Deleted unused index.ts file on cluster integration-files visualizations --------- Co-authored-by: Antonio David Gutiérrez <antonio.gutierrez@wazuh.com>

* changelog: fix entries * Change enrollment.dns changelog entry --------- Co-authored-by: Federico Rodriguez <federico.rodriguez@wazuh.com>

* remove click-action.js * update changelog * Update changelog --------- Co-authored-by: Federico Rodriguez <federico.rodriguez@wazuh.com>

* Create settings component * Parcial refactor into react component * Remove angularJS controller * Remove unnecessary properties * Add changelog * fix: category parameter to preselect the app category settings on App Settings from Statistics * Remove optional chaining operator --------- Co-authored-by: Antonio David Gutiérrez <antonio.gutierrez@wazuh.com>

* Added tab * Add journald tab * Added changes to imposter * journald values filters table * Update changelog and redesign filters table * Fixed styles * Fixed hardcode bug * Added filters groups * Change to an accordion render * Added helps-link * Added changelog * Fix changelog and message popover improve * Update configuration-setting imports * Fix macOS log title * resolve comments * Fixed info euitext render and header no render in journald tab * Add verification to mac and journald agents and add condition to journald --------- Co-authored-by: Federico Rodriguez <federico.rodriguez@wazuh.com>

…#6525) * Migrated visualizations, added loadings and messages * Fixed warning for expected a single ReactElement * Added new virustotal data source. Changed NoResults and LoadingSpinner to commons components * Fixed Events tab * Integrated pinned agent functionality based on data source * Added timeRange to dashboard useEffect dependencies and changed the way to get pinned agent * Deleted unused component * Changed AlertsVirustotalDataSource import in modules-defaults * Fixed error message * DashboardByRenderer timeRange params replaced by searchBarProps deconstruction * Added wz-discover hide-filter-control classes to hide the button that allows you to affect all the filters in the search bar * Removed unnecessary virus total in Filters tab in common data to remove duplicate filters * Removed unused getImplicitPinnedAgent in modules-helper * Added dateRange param to fetchData in dashboard useEffect * Improved AlertsVirustotalDataSource import in modules-defaults and deleted wz-discover on SearchBar wrapper

…dule (#6486) * Migrated visualizations to embeddables * Added withPinnedAgent HOC * Added dashboard update mechanism depending on whether or not an agent has been pinned * Pinned agent visualization definitions are migrated and aesthetic adjustments are made * The interaction was added to the KPIs, the links to the lower table were added, as well as the change of columns when an agent is set * Integrated new data source on Threat Hunting module * DiscoverNoResults and LoadingSpinner components are replaced with common components * Clean code and fixed dashboards conditions * Improved condition for rendering the dashboard and SampleData message * Removed unnecessary general/threat hunting in tabFilters in common data to remove duplicate filters * Removed unused getImplicitPinnedAgent in modules-helper * Added dateRange param to fetchData in dashboard useEffect, added wz-discover hide-filter-control classes to hide the button that allows you to affect all the filters in the search bar and use searchbarProps deconstruction * Deleted unnecessary wz-discover class on SearchBar wrapper * Changed Threat Hunting columns file name * Deleted unused imports in modules-helper --------- Co-authored-by: Ian Yenien Serrano <63758389+yenienserrano@users.noreply.github.com> Co-authored-by: Federico Rodriguez <federico.rodriguez@wazuh.com>

…-MITRE-ATTACK

JuanGarriuz added 2 commits March 6, 2024 13:57

Moved mitre intelligence to a subfolder

c8ba62f

fix imports

d48ec8e

JuanGarriuz self-assigned this Mar 6, 2024

JuanGarriuz added 4 commits March 6, 2024 14:08

moved mitre framework

1eed82b

fix framework imports

2a96e1a

Changed dashboard

16a25bd

updated snapshots

2ae86ea

JuanGarriuz linked an issue Mar 7, 2024 that may be closed by this pull request

[Remove discover] Refactor dashboard, intelligence, framework and events tabs on MITRE ATT&CK module #6480

Closed

JuanGarriuz and others added 18 commits March 7, 2024 14:56

Fixed typo

796b3a8

Added pinned agent mode

b03f72d

Changed mitre dashboard

5cea5b5

Merge branch '4.9.0' into feat/6480-implement-embeddable-dashboard-on…

7936ad4

…-MITRE-ATTACK

Merge branch '4.9.0' into feat/6480-implement-embeddable-dashboard-on…

e3b19f1

…-MITRE-ATTACK

Fix framework tab

5a6373e

Add mitre data source

86f6fab

Change framework tab class components to functional components

487336b

Added date picker in search bar

7f3dc51

Add aggregattions to search

22232e0

Add columns definition in data grid

119a2cc

Fix cluster disabled error on filter

a966574

Add receive filter manager like prop

6a760f9

Create generic components to reuse in discover

feac61b

Add mitre attack data source

24d1367

Create flyout discover

e94b701

Refactor mitre with data source

181041a

Merge branch '4.9.0' into feat/6480-implement-embeddable-dashboard-on…

c20e39d

…-MITRE-ATTACK

Add default fetch filters

2da247a

Machi3mfl and others added 21 commits April 25, 2024 15:12

Fix files with prettier

affc8e5

Signed commit

b8c42b2

Fix changelog entries (#6612)

08cd54c

* changelog: fix entries * Change enrollment.dns changelog entry --------- Co-authored-by: Federico Rodriguez <federico.rodriguez@wazuh.com>

Remove AngularJS component click-action.js (#6613)

3e0328d

* remove click-action.js * update changelog * Update changelog --------- Co-authored-by: Federico Rodriguez <federico.rodriguez@wazuh.com>

Fix mitre columns error in techniques on hover

9c47963

Hide remove filters on search bar

eb5b681

Use not global time filter and query in search bar

0004e1b

Fix filters in visualizations

2b19e1d

Remove global filter manager from common-data

788431b

Fix date range parser on requests

1645496

Fix error when remove query saved

8d7169a

Add timestamp formatted in events data grid

e1cc885

Renamed virus total data source

d07e7b1

Change order fixed filters virus total

d8ac420

Clean dashboard code

c12a59d

Machi3mfl dismissed stale reviews from jbiset and yenienserrano via c12a59d April 25, 2024 18:18

Machi3mfl force-pushed the feat/6480-implement-embeddable-dashboard-on-MITRE-ATTACK branch from 836f073 to c12a59d Compare April 25, 2024 18:18

Merge branch '4.9.0' into feat/6480-implement-embeddable-dashboard-on…

b833acf

…-MITRE-ATTACK

jbiset approved these changes Apr 25, 2024

View reviewed changes

Tostti merged commit 1f183a0 into 4.9.0 Apr 25, 2024
1 check passed

Tostti deleted the feat/6480-implement-embeddable-dashboard-on-MITRE-ATTACK branch April 25, 2024 18:26

Machi3mfl mentioned this pull request May 3, 2024

Implement embeddable dashboard on GitHub #6537

Merged

6 tasks

Machi3mfl mentioned this pull request May 13, 2024

Implement embeddable dashboard on Office 365 #6528

Merged

6 tasks

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Implement new data source feature on MITRE ATT&CK module #6482

Implement new data source feature on MITRE ATT&CK module #6482

JuanGarriuz commented Mar 6, 2024 •

edited by Machi3mfl

github-actions bot commented Apr 17, 2024

github-actions bot commented Apr 17, 2024

github-actions bot commented Apr 17, 2024

Implement new data source feature on MITRE ATT&CK module #6482

Implement new data source feature on MITRE ATT&CK module #6482

Conversation

JuanGarriuz commented Mar 6, 2024 • edited by Machi3mfl

Description

Issues Resolved

Evidence

Test cases

Global

Dashboard tab

Framework tab

Events tab (Discover)

Search bar

Histogram chart

Data grid

Check List

github-actions bot commented Apr 17, 2024

github-actions bot commented Apr 17, 2024

github-actions bot commented Apr 17, 2024

JuanGarriuz commented Mar 6, 2024 •

edited by Machi3mfl