[Remove discover] Implement embeddable dashboard on Threat Hunting module

plugins/main/public/components/common/modules/modules-defaults.tsx

@@ -27,6 +27,7 @@ import {
 } from '../wazuh-discover/wz-discover';
 import { threatHuntingColumns } from '../wazuh-discover/config/data-grid-columns';
 import { vulnerabilitiesColumns } from '../../overview/vulnerabilities/events/vulnerabilities-columns';
+import { DashboardThreatHunting } from '../../overview/threat-hunting/dashboard/dashboard';
 import React from 'react';
 import { dockerColumns } from '../../overview/docker/events/docker-columns';
 import { googleCloudColumns } from '../../overview/google-cloud/events/google-cloud-columns';
@@ -44,7 +45,10 @@ import { mitreAttackColumns } from '../../overview/mitre/events/mitre-attack-col
 import { virustotalColumns } from '../../overview/virustotal/events/virustotal-columns';
 import { malwareDetectionColumns } from '../../overview/malware-detection/events/malware-detection-columns';
 import { WAZUH_VULNERABILITIES_PATTERN } from '../../../../common/constants';
-import { AlertsVulnerabilitiesDataSource } from '../data-source';
+import {
+  AlertsDataSource,
+  AlertsVulnerabilitiesDataSource,
+} from '../data-source';
 
 const ALERTS_INDEX_PATTERN = 'wazuh-alerts-*';
 const DEFAULT_INDEX_PATTERN = ALERTS_INDEX_PATTERN;
@@ -81,8 +85,16 @@ export const ModulesDefaults = {
   general: {
     init: 'events',
     tabs: [
-      DashboardTab,
-      renderDiscoverTab(DEFAULT_INDEX_PATTERN, threatHuntingColumns),
+      {
+        id: 'dashboard',
+        name: 'Dashboard',
+        buttons: [ButtonModuleExploreAgent, ButtonModuleGenerateReport],
+        component: DashboardThreatHunting,
+      },
+      renderDiscoverTab({
+        tableColumns: threatHuntingColumns,
+        DataSource: AlertsDataSource,
+      }),
     ],
     availableFor: ['manager', 'agent'],
   },

plugins/main/public/components/common/modules/modules-helper.js

@@ -2,6 +2,8 @@ import { getAngularModule, getDataPlugin } from '../../../kibana-services';
 import { AppState } from '../../../react-services/app-state';
 import { FilterHandler } from '../../../utils/filter-handler';
 import { VULNERABILITY_IMPLICIT_CLUSTER_MODE_FILTER } from '../../../../common/constants';
+import { useFilterManager } from '../hooks';
+import { FilterStateStore } from '../../../../../../src/plugins/data/common';
 
 export class ModulesHelper {
   static async getDiscoverScope() {
@@ -182,4 +184,59 @@ If this case happens, the implicit filters are regenerated and the function is c
 
     return filters;
   }
+
+  /**
+   *
+   * @param {string} indexPattern - Index pattern id being used
+   * @param {Filter[] | undefined} filters - (Optional) Filter Array in which to search if a pinned agent exists
+   * @returns
+   */
+  static getImplicitPinnedAgent(indexPattern, filters = []) {
+    const filterManager = useFilterManager().filterManager;
+    const initialFilters =
+      filters?.length > 0 ? filters : filterManager.getFilters();
+    const pinnedAgentByFilterManager = initialFilters.find(
+      filter =>
+        filter?.meta?.key === 'agent.id' && !!filter?.$state?.isImplicit,
+    );
+    const url = window.location.href;
+    const regex = new RegExp('agentId=' + '[^&]*');
+    const match = url.match(regex);
+    const isPinnedAgentByUrl = match && match[0];
+    if (pinnedAgentByFilterManager && isPinnedAgentByUrl) {
+      return {
+        ...pinnedAgentByFilterManager,
+        meta: {
+          ...pinnedAgentByFilterManager.meta,
+          index: indexPattern,
+        },
+        $state: { store: FilterStateStore.APP_STATE, isImplicit: true },
+      };
+    }
+
+    if (isPinnedAgentByUrl) {
+      const agentId = match[0].split('=')[1];
+      return {
+        meta: {
+          alias: null,
+          disabled: false,
+          key: 'agent.id',
+          negate: false,
+          params: { query: agentId },
+          type: 'phrase',
+          index: indexPattern,
+        },
+        query: {
+          match: {
+            'agent.id': {
+              query: agentId,
+              type: 'phrase',
+            },
+          },
+        },
+        $state: { store: 'appState', isImplicit: true },
+      };
+    }
+    return undefined;
+  }
 }

plugins/main/public/components/overview/threat-hunting/config/index.tsx

@@ -0,0 +1,121 @@
+import { EuiDataGridColumn, EuiLink } from '@elastic/eui';
+import { tDataGridColumn } from '../../../common/data-grid';
+import { getCore } from '../../../../kibana-services';
+import React from 'react';
+import { RedirectAppLinks } from '../../../../../../../src/plugins/opensearch_dashboards_react/public';
+
+export const MAX_ENTRIES_PER_QUERY = 10000;
+
+export const threatHuntingTableDefaultColumns: tDataGridColumn[] = [
+  {
+    id: 'icon',
+  },
+  {
+    id: 'timestamp',
+  },
+  {
+    id: 'agent.id',
+    render: (value: any) => {
+      const destURL = getCore().application.getUrlForApp('endpoints-summary', {
+        path: `#/agents?tab=welcome&agent=${value}`,
+      });
+      return (
+        <RedirectAppLinks application={getCore().application}>
+          <EuiLink href={destURL} style={{ cursor: 'pointer' }}>
+            {value}
+          </EuiLink>
+        </RedirectAppLinks>
+      );
+    },
+  },
+  {
+    id: 'agent.name',
+  },
+  {
+    id: 'rule.mitre.id',
+    render: (value: any) => {
+      const destURL = getCore().application.getUrlForApp('mitre-attack', {
+        path: `#/overview/?tab=mitre&tabView=intelligence&tabRedirect=techniques&idToRedirect=${value}`,
+      });
+      return (
+        <RedirectAppLinks application={getCore().application}>
+          <EuiLink href={destURL} style={{ cursor: 'pointer' }}>
+            {value}
+          </EuiLink>
+        </RedirectAppLinks>
+      );
+    },
+  },
+  {
+    id: 'rule.mitre.tactic',
+  },
+  {
+    id: 'rule.description',
+  },
+  {
+    id: 'rule.level',
+  },
+  {
+    id: 'rule.id',
+    render: (value: any) => {
+      const destURL = getCore().application.getUrlForApp('rules', {
+        path: `manager/?tab=ruleset&redirectRule=${value}`,
+      });
+      return (
+        <RedirectAppLinks application={getCore().application}>
+          <EuiLink href={destURL} style={{ cursor: 'pointer' }}>
+            {value}
+          </EuiLink>
+        </RedirectAppLinks>
+      );
+    },
+  },
+];
+
+export const threatHuntingTableAgentColumns: EuiDataGridColumn[] = [
+  {
+    id: 'icon',
+  },
+  {
+    id: 'timestamp',
+  },
+  {
+    id: 'rule.mitre.id',
+    render: (value: any) => {
+      const destURL = getCore().application.getUrlForApp('mitre-attack', {
+        path: `#/overview/?tab=mitre&tabView=intelligence&tabRedirect=techniques&idToRedirect=${value}`,
+      });
+      return (
+        <RedirectAppLinks application={getCore().application}>
+          <EuiLink href={destURL} style={{ cursor: 'pointer' }}>
+            {value}
+          </EuiLink>
+        </RedirectAppLinks>
+      );
+    },
+  },
+  {
+    id: 'rule.mitre.tactic',
+  },
+  {
+    id: 'rule.description',
+  },
+  {
+    id: 'rule.level',
+  },
+  {
+    id: 'rule.id',
+    render: (value: any) => {
+      const destURL = getCore().application.getUrlForApp('rules', {
+        path: `manager/?tab=ruleset&redirectRule=${value}`,
+      });
+      return (
+        <RedirectAppLinks application={getCore().application}>
+          <EuiLink href={destURL} style={{ cursor: 'pointer' }}>
+            {value}
+          </EuiLink>
+        </RedirectAppLinks>
+      );
+    },
+  },
+];