diff --git a/plugins/main/common/constants.ts b/plugins/main/common/constants.ts
index d7ac2d3f6b..7e83e553bb 100644
--- a/plugins/main/common/constants.ts
+++ b/plugins/main/common/constants.ts
@@ -230,6 +230,8 @@ export const DATA_SOURCE_FILTER_CONTROLLED_REGULATORY_COMPLIANCE_REQUIREMENT =
export const DATA_SOURCE_FILTER_CONTROLLED_PCI_DSS_EXIST = 'pci-dss-exist';
export const DATA_SOURCE_FILTER_CONTROLLED_VULNERABILITIES_RULE_GROUP =
'vulnerabilities-rule-group';
+export const DATA_SOURCE_FILTER_CONTROLLED_NIST_800_53_EXIST =
+ 'nist-800-53-rule-exist';
export const DATA_SOURCE_FILTER_CONTROLLED_GDPR_EXIST = 'gdpr-rule-exist';
export const DATA_SOURCE_FILTER_CONTROLLED_HIPAA_EXIST = 'hipaa-rule-exist';
export const DATA_SOURCE_FILTER_CONTROLLED_DOCKER_RULE_GROUP =
diff --git a/plugins/main/public/components/common/data-source/pattern/alerts/alerts-nist-800-53/alerts-nist-800-53-data-source.ts b/plugins/main/public/components/common/data-source/pattern/alerts/alerts-nist-800-53/alerts-nist-800-53-data-source.ts
new file mode 100644
index 0000000000..105c96f9cd
--- /dev/null
+++ b/plugins/main/public/components/common/data-source/pattern/alerts/alerts-nist-800-53/alerts-nist-800-53-data-source.ts
@@ -0,0 +1,42 @@
+import { tFilter } from '../../../index';
+import { DATA_SOURCE_FILTER_CONTROLLED_NIST_800_53_EXIST } from '../../../../../../../common/constants';
+import { AlertsDataSource } from '../alerts-data-source';
+
+const KEY_EXIST = 'rule.nist_800_53';
+
+export class AlertsNIST80053DataSource extends AlertsDataSource {
+ constructor(id: string, title: string) {
+ super(id, title);
+ }
+
+ private getFilterExist() {
+ return [
+ {
+ meta: {
+ index: this.id,
+ negate: false,
+ disabled: false,
+ alias: null,
+ type: 'exists',
+ key: KEY_EXIST,
+ value: 'exists',
+ params: {
+ query: null,
+ type: 'phrase',
+ },
+ controlledBy: DATA_SOURCE_FILTER_CONTROLLED_NIST_800_53_EXIST,
+ },
+ exists: {
+ field: KEY_EXIST,
+ },
+ $state: {
+ store: 'appState',
+ },
+ } as tFilter,
+ ];
+ }
+
+ getFixedFilters(): tFilter[] {
+ return [...this.getFilterExist(), ...super.getFixedFilters()];
+ }
+}
diff --git a/plugins/main/public/components/common/data-source/pattern/alerts/alerts-nist-800-53/index.ts b/plugins/main/public/components/common/data-source/pattern/alerts/alerts-nist-800-53/index.ts
new file mode 100644
index 0000000000..500695b72f
--- /dev/null
+++ b/plugins/main/public/components/common/data-source/pattern/alerts/alerts-nist-800-53/index.ts
@@ -0,0 +1 @@
+export * from './alerts-nist-800-53-data-source';
diff --git a/plugins/main/public/components/common/data-source/pattern/alerts/index.ts b/plugins/main/public/components/common/data-source/pattern/alerts/index.ts
index 047fba4a23..7db9e0d997 100644
--- a/plugins/main/public/components/common/data-source/pattern/alerts/index.ts
+++ b/plugins/main/public/components/common/data-source/pattern/alerts/index.ts
@@ -5,6 +5,7 @@ export * from './alerts-hipaa';
export * from './alerts-docker';
export * from './alerts-virustotal';
export * from './alerts-malware-detection';
+export * from './alerts-nist-800-53';
export * from './alerts-aws';
export * from './vulnerabilities';
export * from './mitre-attack';
diff --git a/plugins/main/public/components/common/modules/modules-defaults.tsx b/plugins/main/public/components/common/modules/modules-defaults.tsx
index dd327e3b6b..4459b3f8f7 100644
--- a/plugins/main/public/components/common/modules/modules-defaults.tsx
+++ b/plugins/main/public/components/common/modules/modules-defaults.tsx
@@ -54,6 +54,7 @@ import { DashboardPCIDSS } from '../../overview/pci/dashboards/dashboard';
import { DashboardDocker } from '../../overview/docker/dashboards';
import { DashboardMalwareDetection } from '../../overview/malware-detection/dashboard';
import { DashboardFIM } from '../../overview/fim/dashboard/dashboard';
+import { DashboardNIST80053 } from '../../overview/nist/dashboards/dashboard';
import { DashboardHIPAA } from '../../overview/hipaa/dashboards/dashboard';
import {
AlertsDockerDataSource,
@@ -65,6 +66,7 @@ import {
AlertsGoogleCloudDataSource,
AlertsMalwareDetectionDataSource,
AlertsFIMDataSource,
+ AlertsNIST80053DataSource,
MitreAttackDataSource,
AlertsGDPRDataSource,
AlertsConfigurationAssessmentDataSource,
@@ -397,7 +399,26 @@ export const ModulesDefaults = {
},
nist: {
init: 'dashboard',
- tabs: RegulatoryComplianceTabs(nistColumns),
+ tabs: [
+ {
+ id: 'dashboard',
+ name: 'Dashboard',
+ buttons: [ButtonModuleExploreAgent, ButtonModuleGenerateReport],
+ component: DashboardNIST80053,
+ },
+ {
+ id: 'inventory',
+ name: 'Controls',
+ buttons: [ButtonModuleExploreAgent],
+ component: props => (
+
+ ),
+ },
+ renderDiscoverTab({
+ tableColumns: nistColumns,
+ DataSource: AlertsNIST80053DataSource,
+ }),
+ ],
availableFor: ['manager', 'agent'],
},
gdpr: {
diff --git a/plugins/main/public/components/overview/nist/dashboards/dashboard-panels.ts b/plugins/main/public/components/overview/nist/dashboards/dashboard-panels.ts
new file mode 100644
index 0000000000..34d5069697
--- /dev/null
+++ b/plugins/main/public/components/overview/nist/dashboards/dashboard-panels.ts
@@ -0,0 +1,1326 @@
+import { DashboardPanelState } from '../../../../../../../src/plugins/dashboard/public/application';
+import { EmbeddableInput } from '../../../../../../../src/plugins/embeddable/public';
+
+const getVisStateMostActiveAgents = (indexPatternId: string) => {
+ return {
+ id: 'Wazuh-App-Overview-NIST-Agents',
+ title: 'Most active agents',
+ type: 'pie',
+ params: {
+ type: 'pie',
+ addTooltip: true,
+ addLegend: true,
+ legendPosition: 'right',
+ isDonut: true,
+ labels: {
+ show: false,
+ values: true,
+ last_level: true,
+ truncate: 100,
+ },
+ dimensions: {
+ metric: {
+ accessor: 1,
+ format: { id: 'number' },
+ params: {},
+ aggType: 'count',
+ },
+ buckets: [
+ {
+ accessor: 0,
+ format: {
+ id: 'terms',
+ params: {
+ id: 'string',
+ otherBucketLabel: 'Other',
+ missingBucketLabel: 'Missing',
+ },
+ },
+ params: {},
+ aggType: 'terms',
+ },
+ ],
+ },
+ },
+ uiState: {},
+ data: {
+ searchSource: {
+ query: {
+ language: 'kuery',
+ query: '',
+ },
+ filter: [],
+ index: indexPatternId,
+ },
+ references: [
+ {
+ name: 'kibanaSavedObjectMeta.searchSourceJSON.index',
+ type: 'index-pattern',
+ id: indexPatternId,
+ },
+ ],
+ aggs: [
+ {
+ id: '1',
+ enabled: true,
+ type: 'count',
+ schema: 'metric',
+ params: {},
+ },
+ {
+ id: '2',
+ enabled: true,
+ type: 'terms',
+ schema: 'segment',
+ params: {
+ field: 'agent.name',
+ orderBy: '1',
+ order: 'desc',
+ size: 10,
+ otherBucket: false,
+ otherBucketLabel: 'Other',
+ missingBucket: false,
+ missingBucketLabel: 'Missing',
+ customLabel: 'Agent',
+ },
+ },
+ ],
+ },
+ };
+};
+
+const getVisStateRequirementsOverTime = (indexPatternId: string) => {
+ return {
+ id: 'Wazuh-App-Overview-NIST-Requirements-over-time',
+ title: 'Top 10 requirements over time',
+ type: 'histogram',
+ params: {
+ type: 'histogram',
+ grid: { categoryLines: true, valueAxis: 'ValueAxis-1' },
+ categoryAxes: [
+ {
+ id: 'CategoryAxis-1',
+ type: 'category',
+ position: 'bottom',
+ show: true,
+ style: {},
+ scale: { type: 'linear' },
+ labels: { show: true, filter: true, truncate: 100 },
+ title: {},
+ },
+ ],
+ valueAxes: [
+ {
+ id: 'ValueAxis-1',
+ name: 'LeftAxis-1',
+ type: 'value',
+ position: 'left',
+ show: true,
+ style: {},
+ scale: { type: 'linear', mode: 'normal' },
+ labels: { show: true, rotate: 0, filter: false, truncate: 100 },
+ title: { text: 'Count' },
+ },
+ ],
+ seriesParams: [
+ {
+ show: 'true',
+ type: 'line',
+ mode: 'normal',
+ data: { label: 'Count', id: '1' },
+ valueAxis: 'ValueAxis-1',
+ drawLinesBetweenPoints: true,
+ showCircles: true,
+ interpolate: 'linear',
+ },
+ ],
+ addTooltip: true,
+ addLegend: true,
+ legendPosition: 'right',
+ times: [],
+ addTimeMarker: false,
+ labels: { show: false },
+ dimensions: {
+ x: {
+ accessor: 0,
+ format: { id: 'date', params: { pattern: 'YYYY-MM-DD HH:mm' } },
+ params: {
+ date: true,
+ interval: 'PT1H',
+ format: 'YYYY-MM-DD HH:mm',
+ bounds: {
+ min: '2019-08-20T12:33:23.360Z',
+ max: '2019-08-22T12:33:23.360Z',
+ },
+ },
+ aggType: 'date_histogram',
+ },
+ y: [
+ {
+ accessor: 2,
+ format: { id: 'number' },
+ params: {},
+ aggType: 'count',
+ },
+ ],
+ series: [
+ {
+ accessor: 1,
+ format: {
+ id: 'terms',
+ params: {
+ id: 'string',
+ otherBucketLabel: 'Other',
+ missingBucketLabel: 'Missing',
+ },
+ },
+ params: {},
+ aggType: 'terms',
+ },
+ ],
+ },
+ },
+ uiState: {},
+ data: {
+ searchSource: {
+ query: {
+ language: 'kuery',
+ query: '',
+ },
+ filter: [],
+ index: indexPatternId,
+ },
+ references: [
+ {
+ name: 'kibanaSavedObjectMeta.searchSourceJSON.index',
+ type: 'index-pattern',
+ id: indexPatternId,
+ },
+ ],
+ aggs: [
+ {
+ id: '1',
+ enabled: true,
+ type: 'count',
+ schema: 'metric',
+ params: {},
+ },
+ {
+ id: '4',
+ enabled: true,
+ type: 'terms',
+ schema: 'group',
+ params: {
+ field: 'rule.nist_800_53',
+ orderBy: '1',
+ order: 'desc',
+ size: 8,
+ otherBucket: false,
+ otherBucketLabel: 'Other',
+ missingBucket: false,
+ missingBucketLabel: 'Missing',
+ customLabel: 'Requirement',
+ },
+ },
+ {
+ id: '2',
+ enabled: true,
+ type: 'date_histogram',
+ schema: 'segment',
+ params: {
+ field: 'timestamp',
+ timeRange: { from: 'now-2d', to: 'now' },
+ useNormalizedEsInterval: true,
+ interval: 'auto',
+ drop_partials: false,
+ min_doc_count: 1,
+ extended_bounds: {},
+ },
+ },
+ ],
+ },
+ };
+};
+
+const getVisStateRequirementsByAgents = (indexPatternId: string) => {
+ return {
+ id: 'Wazuh-App-Overview-NIST-requirements-by-agents',
+ title: 'Requirements distribution by agent',
+ type: 'area',
+ params: {
+ type: 'area',
+ grid: { categoryLines: false },
+ categoryAxes: [
+ {
+ id: 'CategoryAxis-1',
+ type: 'category',
+ position: 'bottom',
+ show: true,
+ style: {},
+ scale: { type: 'linear' },
+ labels: { show: true, filter: true, truncate: 100 },
+ title: {},
+ },
+ ],
+ valueAxes: [
+ {
+ id: 'ValueAxis-1',
+ name: 'LeftAxis-1',
+ type: 'value',
+ position: 'left',
+ show: true,
+ style: {},
+ scale: { type: 'linear', mode: 'normal' },
+ labels: { show: true, rotate: 0, filter: false, truncate: 100 },
+ title: { text: 'Count' },
+ },
+ ],
+ seriesParams: [
+ {
+ show: 'true',
+ type: 'histogram',
+ mode: 'stacked',
+ data: { label: 'Count', id: '1' },
+ drawLinesBetweenPoints: true,
+ showCircles: true,
+ interpolate: 'linear',
+ valueAxis: 'ValueAxis-1',
+ },
+ ],
+ addTooltip: true,
+ addLegend: true,
+ legendPosition: 'right',
+ times: [],
+ addTimeMarker: false,
+ dimensions: {
+ x: {
+ accessor: 0,
+ format: {
+ id: 'terms',
+ params: {
+ id: 'string',
+ otherBucketLabel: 'Other',
+ missingBucketLabel: 'Missing',
+ },
+ },
+ params: {},
+ aggType: 'terms',
+ },
+ y: [
+ {
+ accessor: 2,
+ format: { id: 'number' },
+ params: {},
+ aggType: 'count',
+ },
+ ],
+ series: [
+ {
+ accessor: 1,
+ format: {
+ id: 'terms',
+ params: {
+ id: 'string',
+ otherBucketLabel: 'Other',
+ missingBucketLabel: 'Missing',
+ },
+ },
+ params: {},
+ aggType: 'terms',
+ },
+ ],
+ },
+ },
+ uiState: { vis: { legendOpen: false } },
+ data: {
+ searchSource: {
+ query: {
+ language: 'kuery',
+ query: '',
+ },
+ filter: [],
+ index: indexPatternId,
+ },
+ references: [
+ {
+ name: 'kibanaSavedObjectMeta.searchSourceJSON.index',
+ type: 'index-pattern',
+ id: indexPatternId,
+ },
+ ],
+ aggs: [
+ {
+ id: '1',
+ enabled: true,
+ type: 'count',
+ schema: 'metric',
+ params: {},
+ },
+ {
+ id: '2',
+ enabled: true,
+ type: 'terms',
+ schema: 'segment',
+ params: {
+ field: 'agent.id',
+ orderBy: '1',
+ order: 'desc',
+ size: 5,
+ otherBucket: false,
+ otherBucketLabel: 'Other',
+ missingBucket: false,
+ missingBucketLabel: 'Missing',
+ customLabel: 'Agent',
+ },
+ },
+ {
+ id: '3',
+ enabled: true,
+ type: 'terms',
+ schema: 'group',
+ params: {
+ field: 'rule.nist_800_53',
+ orderBy: '1',
+ order: 'desc',
+ size: 9,
+ otherBucket: false,
+ otherBucketLabel: 'Other',
+ missingBucket: false,
+ missingBucketLabel: 'Missing',
+ customLabel: 'Requirement',
+ },
+ },
+ ],
+ },
+ };
+};
+
+const getVisStateRequirementsAgentsHeatmap = (indexPatternId: string) => {
+ return {
+ id: 'Wazuh-App-Overview-NIST-Requirements-Agents-heatmap',
+ title: 'Alerts volume by agent',
+ type: 'heatmap',
+ params: {
+ addLegend: true,
+ addTooltip: true,
+ colorSchema: 'Blues',
+ colorsNumber: 10,
+ colorsRange: [],
+ dimensions: {
+ series: [
+ {
+ accessor: 0,
+ aggType: 'terms',
+ format: {
+ id: 'terms',
+ params: {
+ id: 'string',
+ missingBucketLabel: 'Missing',
+ otherBucketLabel: 'Other',
+ },
+ },
+ params: {},
+ },
+ ],
+ x: {
+ accessor: 1,
+ aggType: 'terms',
+ format: {
+ id: 'terms',
+ params: {
+ id: 'string',
+ missingBucketLabel: 'Missing',
+ otherBucketLabel: 'Other',
+ },
+ },
+ params: {},
+ },
+ y: [
+ {
+ accessor: 2,
+ aggType: 'count',
+ format: { id: 'number' },
+ params: {},
+ },
+ ],
+ },
+ enableHover: false,
+ invertColors: false,
+ legendPosition: 'right',
+ percentageMode: false,
+ setColorRange: false,
+ times: [],
+ type: 'heatmap',
+ valueAxes: [
+ {
+ id: 'ValueAxis-1',
+ labels: {
+ color: 'black',
+ overwriteColor: false,
+ rotate: 0,
+ show: false,
+ },
+ scale: { defaultYExtents: false, type: 'linear' },
+ show: false,
+ type: 'value',
+ },
+ ],
+ },
+ uiState: {
+ vis: {
+ defaultColors: {
+ '0 - 160': 'rgb(247,251,255)',
+ '160 - 320': 'rgb(227,238,249)',
+ '320 - 480': 'rgb(208,225,242)',
+ '480 - 640': 'rgb(182,212,233)',
+ '640 - 800': 'rgb(148,196,223)',
+ '800 - 960': 'rgb(107,174,214)',
+ '960 - 1,120': 'rgb(74,152,201)',
+ '1,120 - 1,280': 'rgb(46,126,188)',
+ '1,280 - 1,440': 'rgb(23,100,171)',
+ '1,440 - 1,600': 'rgb(8,74,145)',
+ },
+ },
+ },
+ data: {
+ searchSource: {
+ query: {
+ language: 'kuery',
+ query: '',
+ },
+ filter: [],
+ index: indexPatternId,
+ },
+ references: [
+ {
+ name: 'kibanaSavedObjectMeta.searchSourceJSON.index',
+ type: 'index-pattern',
+ id: indexPatternId,
+ },
+ ],
+ aggs: [
+ {
+ enabled: true,
+ id: '1',
+ params: {},
+ schema: 'metric',
+ type: 'count',
+ },
+ {
+ enabled: true,
+ id: '3',
+ params: {
+ customLabel: 'Requirement',
+ field: 'rule.nist_800_53',
+ missingBucket: false,
+ missingBucketLabel: 'Missing',
+ order: 'desc',
+ orderBy: '1',
+ otherBucket: false,
+ otherBucketLabel: 'Other',
+ size: 10,
+ },
+ schema: 'group',
+ type: 'terms',
+ },
+ {
+ enabled: true,
+ id: '2',
+ params: {
+ customLabel: 'Agent',
+ field: 'agent.id',
+ missingBucket: false,
+ missingBucketLabel: 'Missing',
+ order: 'desc',
+ orderBy: '1',
+ otherBucket: false,
+ otherBucketLabel: 'Other',
+ size: 5,
+ },
+ schema: 'segment',
+ type: 'terms',
+ },
+ ],
+ },
+ };
+};
+
+const getVisStateMetrics = (indexPatternId: string) => {
+ return {
+ id: 'Wazuh-App-Overview-NIST-Metrics',
+ title: 'Stats',
+ type: 'metric',
+ params: {
+ metric: {
+ percentageMode: false,
+ useRanges: false,
+ colorSchema: 'Green to Red',
+ metricColorMode: 'None',
+ colorsRange: [{ type: 'range', from: 0, to: 10000 }],
+ labels: { show: true },
+ invertColors: false,
+ style: {
+ bgFill: '#000',
+ bgColor: false,
+ labelColor: false,
+ subText: '',
+ fontSize: 20,
+ },
+ },
+ dimensions: {
+ metrics: [
+ {
+ type: 'vis_dimension',
+ accessor: 0,
+ format: { id: 'number', params: {} },
+ },
+ {
+ type: 'vis_dimension',
+ accessor: 1,
+ format: { id: 'number', params: {} },
+ },
+ ],
+ },
+ addTooltip: true,
+ addLegend: false,
+ type: 'metric',
+ },
+ uiState: {},
+ data: {
+ searchSource: {
+ query: {
+ language: 'kuery',
+ query: '',
+ },
+ filter: [],
+ index: indexPatternId,
+ },
+ references: [
+ {
+ name: 'kibanaSavedObjectMeta.searchSourceJSON.index',
+ type: 'index-pattern',
+ id: indexPatternId,
+ },
+ ],
+ aggs: [
+ {
+ id: '1',
+ enabled: true,
+ type: 'count',
+ schema: 'metric',
+ params: { customLabel: 'Total alerts' },
+ },
+ {
+ id: '2',
+ enabled: true,
+ type: 'max',
+ schema: 'metric',
+ params: {
+ field: 'rule.level',
+ customLabel: 'Max rule level detected',
+ },
+ },
+ ],
+ },
+ };
+};
+
+const getVisStateTopRequirements = (indexPatternId: string) => {
+ return {
+ id: 'Wazuh-App-Overview-NIST-Top-10-requirements',
+ title: 'Top 10 requirements',
+ type: 'pie',
+ params: {
+ type: 'pie',
+ addTooltip: true,
+ addLegend: true,
+ legendPosition: 'right',
+ isDonut: true,
+ labels: {
+ show: false,
+ values: true,
+ last_level: true,
+ truncate: 100,
+ },
+ dimensions: {
+ metric: {
+ accessor: 1,
+ format: { id: 'number' },
+ params: {},
+ aggType: 'count',
+ },
+ buckets: [
+ {
+ accessor: 0,
+ format: {
+ id: 'terms',
+ params: {
+ id: 'string',
+ otherBucketLabel: 'Other',
+ missingBucketLabel: 'Missing',
+ },
+ },
+ params: {},
+ aggType: 'terms',
+ },
+ ],
+ },
+ },
+ uiState: {},
+ data: {
+ searchSource: {
+ query: {
+ language: 'kuery',
+ query: '',
+ },
+ filter: [],
+ index: indexPatternId,
+ },
+ references: [
+ {
+ name: 'kibanaSavedObjectMeta.searchSourceJSON.index',
+ type: 'index-pattern',
+ id: indexPatternId,
+ },
+ ],
+ aggs: [
+ {
+ id: '1',
+ enabled: true,
+ type: 'count',
+ schema: 'metric',
+ params: {},
+ },
+ {
+ id: '2',
+ enabled: true,
+ type: 'terms',
+ schema: 'segment',
+ params: {
+ field: 'rule.nist_800_53',
+ orderBy: '1',
+ order: 'desc',
+ size: 10,
+ otherBucket: false,
+ otherBucketLabel: 'Other',
+ missingBucket: false,
+ missingBucketLabel: 'Missing',
+ customLabel: 'Requirement',
+ },
+ },
+ ],
+ },
+ };
+};
+
+const getVisStateAgentStats = (indexPatternId: string) => {
+ return {
+ id: 'Wazuh-App-Agents-NIST-Stats',
+ title: 'Stats',
+ type: 'metric',
+ params: {
+ metric: {
+ percentageMode: false,
+ useRanges: false,
+ colorSchema: 'Green to Red',
+ metricColorMode: 'None',
+ colorsRange: [{ type: 'range', from: 0, to: 10000 }],
+ labels: { show: true },
+ invertColors: false,
+ style: {
+ bgFill: '#000',
+ bgColor: false,
+ labelColor: false,
+ subText: '',
+ fontSize: 20,
+ },
+ },
+ dimensions: {
+ metrics: [
+ {
+ type: 'vis_dimension',
+ accessor: 0,
+ format: { id: 'number', params: {} },
+ },
+ {
+ type: 'vis_dimension',
+ accessor: 1,
+ format: { id: 'number', params: {} },
+ },
+ ],
+ },
+ addTooltip: true,
+ addLegend: false,
+ type: 'metric',
+ },
+ uiState: {},
+ data: {
+ searchSource: {
+ query: {
+ language: 'kuery',
+ query: '',
+ },
+ filter: [],
+ index: indexPatternId,
+ },
+ references: [
+ {
+ name: 'kibanaSavedObjectMeta.searchSourceJSON.index',
+ type: 'index-pattern',
+ id: indexPatternId,
+ },
+ ],
+ aggs: [
+ {
+ id: '1',
+ enabled: true,
+ type: 'count',
+ schema: 'metric',
+ params: { customLabel: 'Total alerts' },
+ },
+ {
+ id: '3',
+ enabled: true,
+ type: 'max',
+ schema: 'metric',
+ params: { field: 'rule.level', customLabel: 'Max rule level' },
+ },
+ ],
+ },
+ };
+};
+
+const getVisStateAgentTopRequirements = (indexPatternId: string) => {
+ return {
+ id: 'Wazuh-App-Agents-NIST-top-10-requirements',
+ title: 'Top 10 requirements',
+ type: 'pie',
+ params: {
+ type: 'pie',
+ addTooltip: true,
+ addLegend: true,
+ legendPosition: 'right',
+ isDonut: true,
+ labels: {
+ show: false,
+ values: true,
+ last_level: true,
+ truncate: 100,
+ },
+ dimensions: {
+ metric: {
+ accessor: 0,
+ format: { id: 'number' },
+ params: {},
+ aggType: 'count',
+ },
+ },
+ },
+ uiState: {},
+ data: {
+ searchSource: {
+ query: {
+ language: 'kuery',
+ query: '',
+ },
+ filter: [],
+ index: indexPatternId,
+ },
+ references: [
+ {
+ name: 'kibanaSavedObjectMeta.searchSourceJSON.index',
+ type: 'index-pattern',
+ id: indexPatternId,
+ },
+ ],
+ aggs: [
+ {
+ id: '1',
+ enabled: true,
+ type: 'count',
+ schema: 'metric',
+ params: {},
+ },
+ {
+ id: '2',
+ enabled: true,
+ type: 'terms',
+ schema: 'segment',
+ params: {
+ field: 'rule.nist_800_53',
+ orderBy: '1',
+ order: 'desc',
+ size: 10,
+ otherBucket: false,
+ otherBucketLabel: 'Other',
+ missingBucket: false,
+ missingBucketLabel: 'Missing',
+ customLabel: 'Requirement',
+ },
+ },
+ ],
+ },
+ };
+};
+
+const getVisStateAgentRuleLevelDistribution = (indexPatternId: string) => {
+ return {
+ id: 'Wazuh-App-Agents-NIST-Requirement-by-level',
+ title: 'Requirements distributed by level',
+ type: 'histogram',
+ params: {
+ type: 'histogram',
+ grid: { categoryLines: false },
+ categoryAxes: [
+ {
+ id: 'CategoryAxis-1',
+ type: 'category',
+ position: 'left',
+ show: true,
+ style: {},
+ scale: { type: 'linear' },
+ labels: { show: true, rotate: 0, filter: true, truncate: 200 },
+ title: {},
+ },
+ ],
+ valueAxes: [
+ {
+ id: 'ValueAxis-1',
+ name: 'LeftAxis-1',
+ type: 'value',
+ position: 'bottom',
+ show: true,
+ style: {},
+ scale: { type: 'linear', mode: 'normal' },
+ labels: { show: true, rotate: 75, filter: true, truncate: 100 },
+ title: { text: 'Count' },
+ },
+ ],
+ seriesParams: [
+ {
+ show: true,
+ type: 'histogram',
+ mode: 'stacked',
+ data: { label: 'Count', id: '1' },
+ valueAxis: 'ValueAxis-1',
+ drawLinesBetweenPoints: true,
+ showCircles: true,
+ },
+ ],
+ addTooltip: true,
+ addLegend: true,
+ legendPosition: 'right',
+ times: [],
+ addTimeMarker: false,
+ dimensions: {
+ x: {
+ accessor: 0,
+ format: {
+ id: 'terms',
+ params: {
+ id: 'string',
+ otherBucketLabel: 'Other',
+ missingBucketLabel: 'Missing',
+ },
+ },
+ params: {},
+ aggType: 'terms',
+ },
+ y: [
+ {
+ accessor: 2,
+ format: { id: 'number' },
+ params: {},
+ aggType: 'count',
+ },
+ ],
+ series: [
+ {
+ accessor: 1,
+ format: {
+ id: 'terms',
+ params: {
+ id: 'number',
+ otherBucketLabel: 'Other',
+ missingBucketLabel: 'Missing',
+ },
+ },
+ params: {},
+ aggType: 'terms',
+ },
+ ],
+ },
+ labels: { show: false },
+ },
+ uiState: {},
+ data: {
+ searchSource: {
+ query: {
+ language: 'kuery',
+ query: '',
+ },
+ filter: [],
+ index: indexPatternId,
+ },
+ references: [
+ {
+ name: 'kibanaSavedObjectMeta.searchSourceJSON.index',
+ type: 'index-pattern',
+ id: indexPatternId,
+ },
+ ],
+ aggs: [
+ {
+ id: '1',
+ enabled: true,
+ type: 'count',
+ schema: 'metric',
+ params: {},
+ },
+ {
+ id: '2',
+ enabled: true,
+ type: 'terms',
+ schema: 'segment',
+ params: {
+ field: 'rule.nist_800_53',
+ orderBy: '1',
+ order: 'desc',
+ size: 5,
+ otherBucket: false,
+ otherBucketLabel: 'Other',
+ missingBucket: false,
+ missingBucketLabel: 'Missing',
+ customLabel: 'Requirement',
+ },
+ },
+ {
+ id: '3',
+ enabled: true,
+ type: 'terms',
+ schema: 'group',
+ params: {
+ field: 'rule.level',
+ orderBy: '1',
+ order: 'desc',
+ size: 5,
+ otherBucket: false,
+ otherBucketLabel: 'Other',
+ missingBucket: false,
+ missingBucketLabel: 'Missing',
+ customLabel: 'Level',
+ },
+ },
+ ],
+ },
+ };
+};
+
+const getVisStateAgentRequirementsOverTime = (indexPatternId: string) => {
+ return {
+ id: 'Wazuh-App-Agents-NIST-Requirements-stacked-overtime',
+ title: 'Requirements over time',
+ type: 'histogram',
+ params: {
+ type: 'histogram',
+ grid: { categoryLines: true, valueAxis: 'ValueAxis-1' },
+ categoryAxes: [
+ {
+ id: 'CategoryAxis-1',
+ type: 'category',
+ position: 'bottom',
+ show: true,
+ style: {},
+ scale: { type: 'linear' },
+ labels: { show: true, filter: true, truncate: 100 },
+ title: {},
+ },
+ ],
+ valueAxes: [
+ {
+ id: 'ValueAxis-1',
+ name: 'LeftAxis-1',
+ type: 'value',
+ position: 'left',
+ show: true,
+ style: {},
+ scale: { type: 'linear', mode: 'normal' },
+ labels: { show: true, rotate: 0, filter: false, truncate: 100 },
+ title: { text: 'Count' },
+ },
+ ],
+ seriesParams: [
+ {
+ show: 'true',
+ type: 'histogram',
+ mode: 'stacked',
+ data: { label: 'Count', id: '1' },
+ valueAxis: 'ValueAxis-1',
+ drawLinesBetweenPoints: true,
+ showCircles: true,
+ },
+ ],
+ addTooltip: true,
+ addLegend: true,
+ legendPosition: 'right',
+ times: [],
+ addTimeMarker: false,
+ labels: { show: false },
+ dimensions: {
+ x: {
+ accessor: 0,
+ format: { id: 'date', params: { pattern: 'YYYY-MM-DD HH:mm' } },
+ params: {
+ date: true,
+ interval: 'PT1H',
+ format: 'YYYY-MM-DD HH:mm',
+ bounds: {
+ min: '2019-08-19T09:46:35.795Z',
+ max: '2019-08-23T09:46:35.795Z',
+ },
+ },
+ aggType: 'date_histogram',
+ },
+ y: [
+ {
+ accessor: 2,
+ format: { id: 'number' },
+ params: {},
+ aggType: 'count',
+ },
+ ],
+ series: [
+ {
+ accessor: 1,
+ format: {
+ id: 'terms',
+ params: {
+ id: 'string',
+ otherBucketLabel: 'Other',
+ missingBucketLabel: 'Missing',
+ },
+ },
+ params: {},
+ aggType: 'terms',
+ },
+ ],
+ },
+ },
+ uiState: {},
+ data: {
+ searchSource: {
+ query: {
+ language: 'kuery',
+ query: '',
+ },
+ filter: [],
+ index: indexPatternId,
+ },
+ references: [
+ {
+ name: 'kibanaSavedObjectMeta.searchSourceJSON.index',
+ type: 'index-pattern',
+ id: indexPatternId,
+ },
+ ],
+ aggs: [
+ {
+ id: '1',
+ enabled: true,
+ type: 'count',
+ schema: 'metric',
+ params: {},
+ },
+ {
+ id: '3',
+ enabled: true,
+ type: 'terms',
+ schema: 'group',
+ params: {
+ field: 'rule.hipaa',
+ orderBy: '1',
+ order: 'desc',
+ size: 5,
+ otherBucket: false,
+ otherBucketLabel: 'Other',
+ missingBucket: false,
+ missingBucketLabel: 'Missing',
+ customLabel: 'Requirement',
+ },
+ },
+ {
+ id: '2',
+ enabled: true,
+ type: 'date_histogram',
+ schema: 'segment',
+ params: {
+ field: 'timestamp',
+ timeRange: { from: 'now-4d', to: 'now' },
+ useNormalizedEsInterval: true,
+ interval: 'auto',
+ drop_partials: false,
+ min_doc_count: 1,
+ extended_bounds: {},
+ customLabel: 'Timestamp',
+ },
+ },
+ ],
+ },
+ };
+};
+
+export const getDashboardPanels = (
+ indexPatternId: string,
+ isPinnedAgent: boolean,
+): {
+ [panelId: string]: DashboardPanelState<
+ EmbeddableInput & { [k: string]: unknown }
+ >;
+} => {
+ const overviewDashboard = {
+ g1: {
+ gridData: {
+ w: 11,
+ h: 14,
+ x: 0,
+ y: 0,
+ i: 'g1',
+ },
+ type: 'visualization',
+ explicitInput: {
+ id: 'g1',
+ savedVis: getVisStateMostActiveAgents(indexPatternId),
+ },
+ },
+ g2: {
+ gridData: {
+ w: 24,
+ h: 14,
+ x: 11,
+ y: 0,
+ i: 'g2',
+ },
+ type: 'visualization',
+ explicitInput: {
+ id: 'g2',
+ savedVis: getVisStateRequirementsOverTime(indexPatternId),
+ },
+ },
+ g3: {
+ gridData: {
+ w: 13,
+ h: 14,
+ x: 35,
+ y: 0,
+ i: 'g3',
+ },
+ type: 'visualization',
+ explicitInput: {
+ id: 'g3',
+ savedVis: getVisStateRequirementsByAgents(indexPatternId),
+ },
+ },
+ g4: {
+ gridData: {
+ w: 24,
+ h: 12,
+ x: 0,
+ y: 14,
+ i: 'g4',
+ },
+ type: 'visualization',
+ explicitInput: {
+ id: 'g4',
+ savedVis: getVisStateRequirementsAgentsHeatmap(indexPatternId),
+ },
+ },
+ g5: {
+ gridData: {
+ w: 11,
+ h: 12,
+ x: 24,
+ y: 14,
+ i: 'g5',
+ },
+ type: 'visualization',
+ explicitInput: {
+ id: 'g5',
+ savedVis: getVisStateMetrics(indexPatternId),
+ },
+ },
+ g6: {
+ gridData: {
+ w: 13,
+ h: 12,
+ x: 35,
+ y: 14,
+ i: 'g6',
+ },
+ type: 'visualization',
+ explicitInput: {
+ id: 'g6',
+ savedVis: getVisStateTopRequirements(indexPatternId),
+ },
+ },
+ };
+
+ const agentDashboard = {
+ a1: {
+ gridData: {
+ w: 12,
+ h: 11,
+ x: 0,
+ y: 0,
+ i: 'a1',
+ },
+ type: 'visualization',
+ explicitInput: {
+ id: 'a1',
+ savedVis: getVisStateAgentStats(indexPatternId),
+ },
+ },
+ a2: {
+ gridData: {
+ w: 12,
+ h: 11,
+ x: 12,
+ y: 0,
+ i: 'a2',
+ },
+ type: 'visualization',
+ explicitInput: {
+ id: 'a2',
+ savedVis: getVisStateAgentTopRequirements(indexPatternId),
+ },
+ },
+ a3: {
+ gridData: {
+ w: 24,
+ h: 11,
+ x: 24,
+ y: 0,
+ i: 'a3',
+ },
+ type: 'visualization',
+ explicitInput: {
+ id: 'a3',
+ savedVis: getVisStateAgentRuleLevelDistribution(indexPatternId),
+ },
+ },
+ a4: {
+ gridData: {
+ w: 48,
+ h: 11,
+ x: 0,
+ y: 11,
+ i: 'a4',
+ },
+ type: 'visualization',
+ explicitInput: {
+ id: 'a4',
+ savedVis: getVisStateAgentRequirementsOverTime(indexPatternId),
+ },
+ },
+ };
+ return isPinnedAgent ? agentDashboard : overviewDashboard;
+};
diff --git a/plugins/main/public/components/overview/nist/dashboards/dashboard.tsx b/plugins/main/public/components/overview/nist/dashboards/dashboard.tsx
new file mode 100644
index 0000000000..727a1f47c2
--- /dev/null
+++ b/plugins/main/public/components/overview/nist/dashboards/dashboard.tsx
@@ -0,0 +1,144 @@
+import React, { useState, useEffect } from 'react';
+import { SearchResponse } from '../../../../../../../src/core/server';
+import { getPlugins } from '../../../../kibana-services';
+import { ViewMode } from '../../../../../../../src/plugins/embeddable/public';
+import { getDashboardPanels } from './dashboard-panels';
+import { I18nProvider } from '@osd/i18n/react';
+import useSearchBar from '../../../common/search-bar/use-search-bar';
+import './styles.scss';
+import { withErrorBoundary } from '../../../common/hocs';
+import { DiscoverNoResults } from '../../../common/no-results/no-results';
+import { LoadingSpinner } from '../../../common/loading-spinner/loading-spinner';
+import { IndexPattern } from '../../../../../../../src/plugins/data/common';
+import {
+ ErrorFactory,
+ ErrorHandler,
+ HttpError,
+} from '../../../../react-services/error-management';
+import { compose } from 'redux';
+import { SampleDataWarning } from '../../../visualize/components';
+import { AlertsNIST80053DataSource } from '../../../common/data-source/pattern/alerts/alerts-nist-800-53/alerts-nist-800-53-data-source';
+import {
+ AlertsDataSourceRepository,
+ PatternDataSource,
+ tParsedIndexPattern,
+ useDataSource,
+} from '../../../common/data-source';
+
+const plugins = getPlugins();
+
+const SearchBar = getPlugins().data.ui.SearchBar;
+
+const DashboardByRenderer = plugins.dashboard.DashboardContainerByValueRenderer;
+
+const DashboardNIST80053Component: React.FC = () => {
+ const {
+ filters,
+ dataSource,
+ fetchFilters,
+ isLoading: isDataSourceLoading,
+ fetchData,
+ setFilters,
+ } = useDataSource({
+ DataSource: AlertsNIST80053DataSource,
+ repository: new AlertsDataSourceRepository(),
+ });
+ const [results, setResults] = useState({} as SearchResponse);
+
+ const { searchBarProps } = useSearchBar({
+ indexPattern: dataSource?.indexPattern as IndexPattern,
+ filters,
+ setFilters,
+ });
+
+ const { query, dateRangeFrom, dateRangeTo } = searchBarProps;
+
+ useEffect(() => {
+ if (isDataSourceLoading) {
+ return;
+ }
+ fetchData({
+ query,
+ dateRange: {
+ from: dateRangeFrom,
+ to: dateRangeTo,
+ },
+ })
+ .then(results => {
+ setResults(results);
+ })
+ .catch(error => {
+ const searchError = ErrorFactory.create(HttpError, {
+ error,
+ message: 'Error fetching alerts',
+ });
+ ErrorHandler.handleError(searchError);
+ });
+ }, [
+ JSON.stringify(fetchFilters),
+ JSON.stringify(query),
+ JSON.stringify(dateRangeFrom),
+ JSON.stringify(dateRangeTo),
+ ]);
+
+ return (
+ <>
+
+ <>
+ {isDataSourceLoading && !dataSource ? (
+
+ ) : (
+
+
+
+ )}
+ {dataSource && results?.hits?.total === 0 ? (
+
+ ) : null}
+ {dataSource && results?.hits?.total > 0 ? (
+ <>
+
+
+
+
+
+ ) : null}
+
+
+
+ );
+};
+
+export const DashboardNIST80053 = compose(withErrorBoundary)(
+ DashboardNIST80053Component,
+);
diff --git a/plugins/main/public/components/overview/nist/dashboards/index.tsx b/plugins/main/public/components/overview/nist/dashboards/index.tsx
new file mode 100644
index 0000000000..b691822976
--- /dev/null
+++ b/plugins/main/public/components/overview/nist/dashboards/index.tsx
@@ -0,0 +1 @@
+export * from './dashboard';
\ No newline at end of file
diff --git a/plugins/main/public/components/overview/nist/dashboards/styles.scss b/plugins/main/public/components/overview/nist/dashboards/styles.scss
new file mode 100644
index 0000000000..6630bbc35b
--- /dev/null
+++ b/plugins/main/public/components/overview/nist/dashboards/styles.scss
@@ -0,0 +1,10 @@
+.nist-dashboard-responsive {
+ @media (max-width: 767px) {
+ .react-grid-layout {
+ height: auto !important;
+ }
+ .dshLayout-isMaximizedPanel {
+ height: 100% !important;
+ }
+ }
+}
diff --git a/plugins/main/server/integration-files/visualizations/agents/agents-nist.ts b/plugins/main/server/integration-files/visualizations/agents/agents-nist.ts
deleted file mode 100644
index 4f0247f6e1..0000000000
--- a/plugins/main/server/integration-files/visualizations/agents/agents-nist.ts
+++ /dev/null
@@ -1,646 +0,0 @@
-/*
- * Wazuh app - Module for Agents/NIST-800-53 visualizations
- * Copyright (C) 2015-2022 Wazuh, Inc.
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * Find more information about this on the LICENSE file.
- */
-export default [
- {
- _id: 'Wazuh-App-Agents-NIST-Stats',
- _source: {
- title: 'Stats',
- visState: JSON.stringify({
- title: 'Stats',
- type: 'metric',
- params: {
- metric: {
- percentageMode: false,
- useRanges: false,
- colorSchema: 'Green to Red',
- metricColorMode: 'None',
- colorsRange: [{ type: 'range', from: 0, to: 10000 }],
- labels: { show: true },
- invertColors: false,
- style: {
- bgFill: '#000',
- bgColor: false,
- labelColor: false,
- subText: '',
- fontSize: 20,
- },
- },
- dimensions: {
- metrics: [
- {
- type: 'vis_dimension',
- accessor: 0,
- format: { id: 'number', params: {} },
- },
- {
- type: 'vis_dimension',
- accessor: 1,
- format: { id: 'number', params: {} },
- },
- ],
- },
- addTooltip: true,
- addLegend: false,
- type: 'metric',
- },
- aggs: [
- {
- id: '1',
- enabled: true,
- type: 'count',
- schema: 'metric',
- params: { customLabel: 'Total alerts' },
- },
- {
- id: '3',
- enabled: true,
- type: 'max',
- schema: 'metric',
- params: { field: 'rule.level', customLabel: 'Max rule level' },
- },
- ],
- }),
- uiStateJSON: '{}',
- description: '',
- version: 1,
- kibanaSavedObjectMeta: {
- searchSourceJSON: JSON.stringify({
- index: 'wazuh-alerts',
- filter: [],
- query: { query: '', language: 'lucene' },
- }),
- },
- },
- _type: 'visualization',
- },
- {
- _id: 'Wazuh-App-Agents-NIST-top-10-requirements',
- _source: {
- title: 'Top 10 requirements',
- visState: JSON.stringify({
- title: 'Top 10 requirements',
- type: 'pie',
- params: {
- type: 'pie',
- addTooltip: true,
- addLegend: true,
- legendPosition: 'right',
- isDonut: true,
- labels: {
- show: false,
- values: true,
- last_level: true,
- truncate: 100,
- },
- dimensions: {
- metric: {
- accessor: 0,
- format: { id: 'number' },
- params: {},
- aggType: 'count',
- },
- },
- },
- aggs: [
- {
- id: '1',
- enabled: true,
- type: 'count',
- schema: 'metric',
- params: {},
- },
- {
- id: '2',
- enabled: true,
- type: 'terms',
- schema: 'segment',
- params: {
- field: 'rule.nist_800_53',
- orderBy: '1',
- order: 'desc',
- size: 10,
- otherBucket: false,
- otherBucketLabel: 'Other',
- missingBucket: false,
- missingBucketLabel: 'Missing',
- customLabel: 'Requirement',
- },
- },
- ],
- }),
- uiStateJSON: '{}',
- description: '',
- version: 1,
- kibanaSavedObjectMeta: {
- searchSourceJSON: JSON.stringify({
- index: 'wazuh-alerts',
- filter: [],
- query: { query: '', language: 'lucene' },
- }),
- },
- },
- _type: 'visualization',
- },
- {
- _id: 'Wazuh-App-Agents-NIST-Requirement-by-level',
- _source: {
- title: 'Requirements distributed by level',
- visState: JSON.stringify({
- title: 'Requirements distributed by level',
- type: 'histogram',
- params: {
- type: 'histogram',
- grid: { categoryLines: false },
- categoryAxes: [
- {
- id: 'CategoryAxis-1',
- type: 'category',
- position: 'left',
- show: true,
- style: {},
- scale: { type: 'linear' },
- labels: { show: true, rotate: 0, filter: true, truncate: 200 },
- title: {},
- },
- ],
- valueAxes: [
- {
- id: 'ValueAxis-1',
- name: 'LeftAxis-1',
- type: 'value',
- position: 'bottom',
- show: true,
- style: {},
- scale: { type: 'linear', mode: 'normal' },
- labels: { show: true, rotate: 75, filter: true, truncate: 100 },
- title: { text: 'Count' },
- },
- ],
- seriesParams: [
- {
- show: true,
- type: 'histogram',
- mode: 'stacked',
- data: { label: 'Count', id: '1' },
- valueAxis: 'ValueAxis-1',
- drawLinesBetweenPoints: true,
- showCircles: true,
- },
- ],
- addTooltip: true,
- addLegend: true,
- legendPosition: 'right',
- times: [],
- addTimeMarker: false,
- dimensions: {
- x: {
- accessor: 0,
- format: {
- id: 'terms',
- params: {
- id: 'string',
- otherBucketLabel: 'Other',
- missingBucketLabel: 'Missing',
- },
- },
- params: {},
- aggType: 'terms',
- },
- y: [
- {
- accessor: 2,
- format: { id: 'number' },
- params: {},
- aggType: 'count',
- },
- ],
- series: [
- {
- accessor: 1,
- format: {
- id: 'terms',
- params: {
- id: 'number',
- otherBucketLabel: 'Other',
- missingBucketLabel: 'Missing',
- },
- },
- params: {},
- aggType: 'terms',
- },
- ],
- },
- labels: { show: false },
- },
- aggs: [
- {
- id: '1',
- enabled: true,
- type: 'count',
- schema: 'metric',
- params: {},
- },
- {
- id: '2',
- enabled: true,
- type: 'terms',
- schema: 'segment',
- params: {
- field: 'rule.nist_800_53',
- orderBy: '1',
- order: 'desc',
- size: 5,
- otherBucket: false,
- otherBucketLabel: 'Other',
- missingBucket: false,
- missingBucketLabel: 'Missing',
- customLabel: 'Requirement',
- },
- },
- {
- id: '3',
- enabled: true,
- type: 'terms',
- schema: 'group',
- params: {
- field: 'rule.level',
- orderBy: '1',
- order: 'desc',
- size: 5,
- otherBucket: false,
- otherBucketLabel: 'Other',
- missingBucket: false,
- missingBucketLabel: 'Missing',
- customLabel: 'Level',
- },
- },
- ],
- }),
- uiStateJSON: '{}',
- description: '',
- version: 1,
- kibanaSavedObjectMeta: {
- searchSourceJSON: JSON.stringify({
- index: 'wazuh-alerts',
- filter: [],
- query: { query: '', language: 'lucene' },
- }),
- },
- },
- _type: 'visualization',
- },
- {
- _id: 'Wazuh-App-Agents-NIST-Rule-level-distribution',
- _source: {
- title: 'Rule level distribution',
- visState: JSON.stringify({
- title: 'Rule level distribution',
- type: 'pie',
- params: {
- type: 'pie',
- addTooltip: true,
- addLegend: false,
- legendPosition: 'right',
- isDonut: true,
- labels: { show: true, values: true, last_level: true, truncate: 100 },
- },
- aggs: [
- {
- id: '1',
- enabled: true,
- type: 'count',
- schema: 'metric',
- params: {},
- },
- {
- id: '2',
- enabled: true,
- type: 'terms',
- schema: 'segment',
- params: {
- field: 'rule.level',
- size: 15,
- order: 'desc',
- orderBy: '1',
- otherBucket: false,
- otherBucketLabel: 'Other',
- missingBucket: false,
- missingBucketLabel: 'Missing',
- },
- },
- ],
- }),
- uiStateJSON: JSON.stringify({ vis: { legendOpen: false } }),
- description: '',
- version: 1,
- kibanaSavedObjectMeta: {
- searchSourceJSON: JSON.stringify({
- index: 'wazuh-alerts',
- filter: [],
- query: { query: '', language: 'lucene' },
- }),
- },
- },
- _type: 'visualization',
- },
- {
- _id: 'Wazuh-App-Agents-NIST-Requirements-stacked-overtime',
- _source: {
- title: 'Requirements over time',
- visState: JSON.stringify({
- title: 'Requirements over time',
- type: 'histogram',
- params: {
- type: 'histogram',
- grid: { categoryLines: true, valueAxis: 'ValueAxis-1' },
- categoryAxes: [
- {
- id: 'CategoryAxis-1',
- type: 'category',
- position: 'bottom',
- show: true,
- style: {},
- scale: { type: 'linear' },
- labels: { show: true, filter: true, truncate: 100 },
- title: {},
- },
- ],
- valueAxes: [
- {
- id: 'ValueAxis-1',
- name: 'LeftAxis-1',
- type: 'value',
- position: 'left',
- show: true,
- style: {},
- scale: { type: 'linear', mode: 'normal' },
- labels: { show: true, rotate: 0, filter: false, truncate: 100 },
- title: { text: 'Count' },
- },
- ],
- seriesParams: [
- {
- show: 'true',
- type: 'histogram',
- mode: 'stacked',
- data: { label: 'Count', id: '1' },
- valueAxis: 'ValueAxis-1',
- drawLinesBetweenPoints: true,
- showCircles: true,
- },
- ],
- addTooltip: true,
- addLegend: true,
- legendPosition: 'right',
- times: [],
- addTimeMarker: false,
- labels: { show: false },
- dimensions: {
- x: {
- accessor: 0,
- format: { id: 'date', params: { pattern: 'YYYY-MM-DD HH:mm' } },
- params: {
- date: true,
- interval: 'PT1H',
- format: 'YYYY-MM-DD HH:mm',
- bounds: {
- min: '2019-08-19T09:46:35.795Z',
- max: '2019-08-23T09:46:35.795Z',
- },
- },
- aggType: 'date_histogram',
- },
- y: [
- {
- accessor: 2,
- format: { id: 'number' },
- params: {},
- aggType: 'count',
- },
- ],
- series: [
- {
- accessor: 1,
- format: {
- id: 'terms',
- params: {
- id: 'string',
- otherBucketLabel: 'Other',
- missingBucketLabel: 'Missing',
- },
- },
- params: {},
- aggType: 'terms',
- },
- ],
- },
- },
- aggs: [
- {
- id: '1',
- enabled: true,
- type: 'count',
- schema: 'metric',
- params: {},
- },
- {
- id: '3',
- enabled: true,
- type: 'terms',
- schema: 'group',
- params: {
- field: 'rule.hipaa',
- orderBy: '1',
- order: 'desc',
- size: 5,
- otherBucket: false,
- otherBucketLabel: 'Other',
- missingBucket: false,
- missingBucketLabel: 'Missing',
- customLabel: 'Requirement',
- },
- },
- {
- id: '2',
- enabled: true,
- type: 'date_histogram',
- schema: 'segment',
- params: {
- field: 'timestamp',
- timeRange: { from: 'now-4d', to: 'now' },
- useNormalizedEsInterval: true,
- interval: 'auto',
- drop_partials: false,
- min_doc_count: 1,
- extended_bounds: {},
- customLabel: 'Timestamp',
- },
- },
- ],
- }),
- uiStateJSON: '{}',
- description: '',
- version: 1,
- kibanaSavedObjectMeta: {
- searchSourceJSON: JSON.stringify({
- index: 'wazuh-alerts',
- filter: [],
- query: { query: '', language: 'lucene' },
- }),
- },
- },
- _type: 'visualization',
- },
- {
- _id: 'Wazuh-App-Agents-NIST-Last-alerts',
- _type: 'visualization',
- _source: {
- title: 'Alerts summary',
- visState: JSON.stringify({
- title: 'Alerts summary',
- type: 'table',
- params: {
- perPage: 10,
- showPartialRows: false,
- showMetricsAtAllLevels: false,
- sort: { columnIndex: 3, direction: 'desc' },
- showTotal: false,
- showToolbar: true,
- totalFunc: 'sum',
- dimensions: {
- metrics: [
- {
- accessor: 3,
- format: { id: 'number' },
- params: {},
- aggType: 'count',
- },
- ],
- buckets: [
- {
- accessor: 0,
- format: {
- id: 'terms',
- params: {
- id: 'string',
- otherBucketLabel: 'Other',
- missingBucketLabel: 'Missing',
- },
- },
- params: {},
- aggType: 'terms',
- },
- {
- accessor: 1,
- format: {
- id: 'terms',
- params: {
- id: 'number',
- otherBucketLabel: 'Other',
- missingBucketLabel: 'Missing',
- },
- },
- params: {},
- aggType: 'terms',
- },
- {
- accessor: 2,
- format: {
- id: 'terms',
- params: {
- id: 'string',
- otherBucketLabel: 'Other',
- missingBucketLabel: 'Missing',
- },
- },
- params: {},
- aggType: 'terms',
- },
- ],
- },
- },
- aggs: [
- {
- id: '1',
- enabled: true,
- type: 'count',
- schema: 'metric',
- params: {},
- },
- {
- id: '3',
- enabled: true,
- type: 'terms',
- schema: 'bucket',
- params: {
- field: 'rule.nist_800_53',
- orderBy: '1',
- order: 'desc',
- size: 20,
- otherBucket: false,
- otherBucketLabel: 'Other',
- missingBucket: false,
- missingBucketLabel: 'Missing',
- customLabel: 'Requirement',
- },
- },
- {
- id: '4',
- enabled: true,
- type: 'terms',
- schema: 'bucket',
- params: {
- field: 'rule.level',
- orderBy: '1',
- order: 'desc',
- size: 5,
- otherBucket: false,
- otherBucketLabel: 'Other',
- missingBucket: false,
- missingBucketLabel: 'Missing',
- customLabel: 'Rule level',
- },
- },
- {
- id: '5',
- enabled: true,
- type: 'terms',
- schema: 'bucket',
- params: {
- field: 'rule.description',
- orderBy: '1',
- order: 'desc',
- size: 200,
- otherBucket: false,
- otherBucketLabel: 'Other',
- missingBucket: false,
- missingBucketLabel: 'Missing',
- customLabel: 'Description',
- },
- },
- ],
- }),
- uiStateJSON: JSON.stringify({
- vis: { params: { sort: { columnIndex: 3, direction: 'desc' } } },
- }),
- description: '',
- version: 1,
- kibanaSavedObjectMeta: {
- searchSourceJSON: JSON.stringify({
- index: 'wazuh-alerts',
- filter: [],
- query: { query: '', language: 'lucene' },
- }),
- },
- },
- },
-];
diff --git a/plugins/main/server/integration-files/visualizations/agents/index.ts b/plugins/main/server/integration-files/visualizations/agents/index.ts
index 6e89a3634f..590d314872 100644
--- a/plugins/main/server/integration-files/visualizations/agents/index.ts
+++ b/plugins/main/server/integration-files/visualizations/agents/index.ts
@@ -16,7 +16,6 @@ import gcp from './agents-gcp';
import oscap from './agents-oscap';
import ciscat from './agents-ciscat';
import mitre from './agents-mitre';
-import nist from './agents-nist';
import tsc from './agents-tsc';
import pm from './agents-pm';
import virustotal from './agents-virustotal';
@@ -33,7 +32,6 @@ export {
gcp,
oscap,
ciscat,
- nist,
tsc,
pm,
virustotal,
diff --git a/plugins/main/server/integration-files/visualizations/overview/index.ts b/plugins/main/server/integration-files/visualizations/overview/index.ts
index 36750830c6..947f822c73 100644
--- a/plugins/main/server/integration-files/visualizations/overview/index.ts
+++ b/plugins/main/server/integration-files/visualizations/overview/index.ts
@@ -16,7 +16,6 @@ import fim from './overview-fim';
import general from './overview-general';
import oscap from './overview-oscap';
import ciscat from './overview-ciscat';
-import nist from './overview-nist';
import tsc from './overview-tsc';
import pm from './overview-pm';
import virustotal from './overview-virustotal';
@@ -34,7 +33,6 @@ export {
general,
oscap,
ciscat,
- nist,
tsc,
pm,
virustotal,
diff --git a/plugins/main/server/integration-files/visualizations/overview/overview-nist.ts b/plugins/main/server/integration-files/visualizations/overview/overview-nist.ts
deleted file mode 100644
index 481e4d1c90..0000000000
--- a/plugins/main/server/integration-files/visualizations/overview/overview-nist.ts
+++ /dev/null
@@ -1,838 +0,0 @@
-/*
- * Wazuh app - Module for Overview/NIST visualizations
- * Copyright (C) 2015-2022 Wazuh, Inc.
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * Find more information about this on the LICENSE file.
- */
-export default [
- {
- _id: 'Wazuh-App-Overview-NIST-Requirements-over-time',
- _source: {
- title: 'Requirements over time',
- visState: JSON.stringify({
- title: 'NIST-Requirements-over-time',
- type: 'histogram',
- params: {
- type: 'histogram',
- grid: { categoryLines: true, valueAxis: 'ValueAxis-1' },
- categoryAxes: [
- {
- id: 'CategoryAxis-1',
- type: 'category',
- position: 'bottom',
- show: true,
- style: {},
- scale: { type: 'linear' },
- labels: { show: true, filter: true, truncate: 100 },
- title: {},
- },
- ],
- valueAxes: [
- {
- id: 'ValueAxis-1',
- name: 'LeftAxis-1',
- type: 'value',
- position: 'left',
- show: true,
- style: {},
- scale: { type: 'linear', mode: 'normal' },
- labels: { show: true, rotate: 0, filter: false, truncate: 100 },
- title: { text: 'Count' },
- },
- ],
- seriesParams: [
- {
- show: 'true',
- type: 'line',
- mode: 'normal',
- data: { label: 'Count', id: '1' },
- valueAxis: 'ValueAxis-1',
- drawLinesBetweenPoints: true,
- showCircles: true,
- interpolate: 'linear',
- },
- ],
- addTooltip: true,
- addLegend: true,
- legendPosition: 'right',
- times: [],
- addTimeMarker: false,
- labels: { show: false },
- dimensions: {
- x: {
- accessor: 0,
- format: { id: 'date', params: { pattern: 'YYYY-MM-DD HH:mm' } },
- params: {
- date: true,
- interval: 'PT1H',
- format: 'YYYY-MM-DD HH:mm',
- bounds: {
- min: '2019-08-20T12:33:23.360Z',
- max: '2019-08-22T12:33:23.360Z',
- },
- },
- aggType: 'date_histogram',
- },
- y: [
- {
- accessor: 2,
- format: { id: 'number' },
- params: {},
- aggType: 'count',
- },
- ],
- series: [
- {
- accessor: 1,
- format: {
- id: 'terms',
- params: {
- id: 'string',
- otherBucketLabel: 'Other',
- missingBucketLabel: 'Missing',
- },
- },
- params: {},
- aggType: 'terms',
- },
- ],
- },
- },
- aggs: [
- {
- id: '1',
- enabled: true,
- type: 'count',
- schema: 'metric',
- params: {},
- },
- {
- id: '4',
- enabled: true,
- type: 'terms',
- schema: 'group',
- params: {
- field: 'rule.nist_800_53',
- orderBy: '1',
- order: 'desc',
- size: 8,
- otherBucket: false,
- otherBucketLabel: 'Other',
- missingBucket: false,
- missingBucketLabel: 'Missing',
- customLabel: 'Requirement',
- },
- },
- {
- id: '2',
- enabled: true,
- type: 'date_histogram',
- schema: 'segment',
- params: {
- field: 'timestamp',
- timeRange: { from: 'now-2d', to: 'now' },
- useNormalizedEsInterval: true,
- interval: 'auto',
- drop_partials: false,
- min_doc_count: 1,
- extended_bounds: {},
- },
- },
- ],
- }),
- uiStateJSON: '{}',
- description: '',
- version: 1,
- kibanaSavedObjectMeta: {
- searchSourceJSON: JSON.stringify({
- index: 'wazuh-alerts',
- filter: [],
- query: { language: 'lucene', query: '' },
- }),
- },
- },
- _type: 'visualization',
- },
- {
- _id: 'Wazuh-App-Overview-NIST-Requirements-Agents-heatmap',
- _type: 'visualization',
- _source: {
- title: 'Alerts volume by agent',
- visState: JSON.stringify({
- aggs: [
- {
- enabled: true,
- id: '1',
- params: {},
- schema: 'metric',
- type: 'count',
- },
- {
- enabled: true,
- id: '3',
- params: {
- customLabel: 'Requirement',
- field: 'rule.nist_800_53',
- missingBucket: false,
- missingBucketLabel: 'Missing',
- order: 'desc',
- orderBy: '1',
- otherBucket: false,
- otherBucketLabel: 'Other',
- size: 10,
- },
- schema: 'group',
- type: 'terms',
- },
- {
- enabled: true,
- id: '2',
- params: {
- customLabel: 'Agent',
- field: 'agent.id',
- missingBucket: false,
- missingBucketLabel: 'Missing',
- order: 'desc',
- orderBy: '1',
- otherBucket: false,
- otherBucketLabel: 'Other',
- size: 5,
- },
- schema: 'segment',
- type: 'terms',
- },
- ],
- params: {
- addLegend: true,
- addTooltip: true,
- colorSchema: 'Blues',
- colorsNumber: 10,
- colorsRange: [],
- dimensions: {
- series: [
- {
- accessor: 0,
- aggType: 'terms',
- format: {
- id: 'terms',
- params: {
- id: 'string',
- missingBucketLabel: 'Missing',
- otherBucketLabel: 'Other',
- },
- },
- params: {},
- },
- ],
- x: {
- accessor: 1,
- aggType: 'terms',
- format: {
- id: 'terms',
- params: {
- id: 'string',
- missingBucketLabel: 'Missing',
- otherBucketLabel: 'Other',
- },
- },
- params: {},
- },
- y: [
- {
- accessor: 2,
- aggType: 'count',
- format: { id: 'number' },
- params: {},
- },
- ],
- },
- enableHover: false,
- invertColors: false,
- legendPosition: 'right',
- percentageMode: false,
- setColorRange: false,
- times: [],
- type: 'heatmap',
- valueAxes: [
- {
- id: 'ValueAxis-1',
- labels: {
- color: 'black',
- overwriteColor: false,
- rotate: 0,
- show: false,
- },
- scale: { defaultYExtents: false, type: 'linear' },
- show: false,
- type: 'value',
- },
- ],
- },
- title: 'NIST-Last-alerts',
- type: 'heatmap',
- }),
- uiStateJSON: JSON.stringify({
- vis: {
- defaultColors: {
- '0 - 160': 'rgb(247,251,255)',
- '160 - 320': 'rgb(227,238,249)',
- '320 - 480': 'rgb(208,225,242)',
- '480 - 640': 'rgb(182,212,233)',
- '640 - 800': 'rgb(148,196,223)',
- '800 - 960': 'rgb(107,174,214)',
- '960 - 1,120': 'rgb(74,152,201)',
- '1,120 - 1,280': 'rgb(46,126,188)',
- '1,280 - 1,440': 'rgb(23,100,171)',
- '1,440 - 1,600': 'rgb(8,74,145)',
- },
- },
- }),
- description: '',
- version: 1,
- kibanaSavedObjectMeta: {
- searchSourceJSON: JSON.stringify({
- index: 'wazuh-alerts',
- query: { query: '', language: 'lucene' },
- filter: [],
- }),
- },
- },
- },
- {
- _id: 'Wazuh-App-Overview-NIST-requirements-by-agents',
- _source: {
- title: 'Requirements distribution by agent',
- visState: JSON.stringify({
- title: 'NIST-Top-requirements-by-agent',
- type: 'area',
- params: {
- type: 'area',
- grid: { categoryLines: false },
- categoryAxes: [
- {
- id: 'CategoryAxis-1',
- type: 'category',
- position: 'bottom',
- show: true,
- style: {},
- scale: { type: 'linear' },
- labels: { show: true, filter: true, truncate: 100 },
- title: {},
- },
- ],
- valueAxes: [
- {
- id: 'ValueAxis-1',
- name: 'LeftAxis-1',
- type: 'value',
- position: 'left',
- show: true,
- style: {},
- scale: { type: 'linear', mode: 'normal' },
- labels: { show: true, rotate: 0, filter: false, truncate: 100 },
- title: { text: 'Count' },
- },
- ],
- seriesParams: [
- {
- show: 'true',
- type: 'histogram',
- mode: 'stacked',
- data: { label: 'Count', id: '1' },
- drawLinesBetweenPoints: true,
- showCircles: true,
- interpolate: 'linear',
- valueAxis: 'ValueAxis-1',
- },
- ],
- addTooltip: true,
- addLegend: true,
- legendPosition: 'right',
- times: [],
- addTimeMarker: false,
- dimensions: {
- x: {
- accessor: 0,
- format: {
- id: 'terms',
- params: {
- id: 'string',
- otherBucketLabel: 'Other',
- missingBucketLabel: 'Missing',
- },
- },
- params: {},
- aggType: 'terms',
- },
- y: [
- {
- accessor: 2,
- format: { id: 'number' },
- params: {},
- aggType: 'count',
- },
- ],
- series: [
- {
- accessor: 1,
- format: {
- id: 'terms',
- params: {
- id: 'string',
- otherBucketLabel: 'Other',
- missingBucketLabel: 'Missing',
- },
- },
- params: {},
- aggType: 'terms',
- },
- ],
- },
- },
- aggs: [
- {
- id: '1',
- enabled: true,
- type: 'count',
- schema: 'metric',
- params: {},
- },
- {
- id: '2',
- enabled: true,
- type: 'terms',
- schema: 'segment',
- params: {
- field: 'agent.id',
- orderBy: '1',
- order: 'desc',
- size: 5,
- otherBucket: false,
- otherBucketLabel: 'Other',
- missingBucket: false,
- missingBucketLabel: 'Missing',
- customLabel: 'Agent',
- },
- },
- {
- id: '3',
- enabled: true,
- type: 'terms',
- schema: 'group',
- params: {
- field: 'rule.nist_800_53',
- orderBy: '1',
- order: 'desc',
- size: 9,
- otherBucket: false,
- otherBucketLabel: 'Other',
- missingBucket: false,
- missingBucketLabel: 'Missing',
- customLabel: 'Requirement',
- },
- },
- ],
- }),
- uiStateJSON: JSON.stringify({ vis: { legendOpen: false } }),
- description: '',
- version: 1,
- kibanaSavedObjectMeta: {
- searchSourceJSON: JSON.stringify({
- index: 'wazuh-alerts',
- filter: [],
- query: { query: '', language: 'lucene' },
- }),
- },
- },
- _type: 'visualization',
- },
- {
- _id: 'Wazuh-App-Overview-NIST-Metrics',
- _source: {
- title: 'Stats',
- visState: JSON.stringify({
- title: 'nist-metrics',
- type: 'metric',
- params: {
- metric: {
- percentageMode: false,
- useRanges: false,
- colorSchema: 'Green to Red',
- metricColorMode: 'None',
- colorsRange: [{ type: 'range', from: 0, to: 10000 }],
- labels: { show: true },
- invertColors: false,
- style: {
- bgFill: '#000',
- bgColor: false,
- labelColor: false,
- subText: '',
- fontSize: 20,
- },
- },
- dimensions: {
- metrics: [
- {
- type: 'vis_dimension',
- accessor: 0,
- format: { id: 'number', params: {} },
- },
- {
- type: 'vis_dimension',
- accessor: 1,
- format: { id: 'number', params: {} },
- },
- ],
- },
- addTooltip: true,
- addLegend: false,
- type: 'metric',
- },
- aggs: [
- {
- id: '1',
- enabled: true,
- type: 'count',
- schema: 'metric',
- params: { customLabel: 'Total alerts' },
- },
- {
- id: '2',
- enabled: true,
- type: 'max',
- schema: 'metric',
- params: {
- field: 'rule.level',
- customLabel: 'Max rule level detected',
- },
- },
- ],
- }),
- uiStateJSON: '{}',
- description: '',
- version: 1,
- kibanaSavedObjectMeta: {
- searchSourceJSON: JSON.stringify({
- index: 'wazuh-alerts',
- filter: [],
- query: { query: '', language: 'lucene' },
- }),
- },
- },
- _type: 'visualization',
- },
- {
- _id: 'Wazuh-App-Overview-NIST-Top-10-requirements',
- _source: {
- title: 'Top 10 requirements',
- visState: JSON.stringify({
- title: 'NIST-Top-10-requirements',
- type: 'pie',
- params: {
- type: 'pie',
- addTooltip: true,
- addLegend: true,
- legendPosition: 'right',
- isDonut: true,
- labels: {
- show: false,
- values: true,
- last_level: true,
- truncate: 100,
- },
- dimensions: {
- metric: {
- accessor: 1,
- format: { id: 'number' },
- params: {},
- aggType: 'count',
- },
- buckets: [
- {
- accessor: 0,
- format: {
- id: 'terms',
- params: {
- id: 'string',
- otherBucketLabel: 'Other',
- missingBucketLabel: 'Missing',
- },
- },
- params: {},
- aggType: 'terms',
- },
- ],
- },
- },
- aggs: [
- {
- id: '1',
- enabled: true,
- type: 'count',
- schema: 'metric',
- params: {},
- },
- {
- id: '2',
- enabled: true,
- type: 'terms',
- schema: 'segment',
- params: {
- field: 'rule.nist_800_53',
- orderBy: '1',
- order: 'desc',
- size: 10,
- otherBucket: false,
- otherBucketLabel: 'Other',
- missingBucket: false,
- missingBucketLabel: 'Missing',
- customLabel: 'Requirement',
- },
- },
- ],
- }),
- uiStateJSON: '{}',
- description: '',
- version: 1,
- kibanaSavedObjectMeta: {
- searchSourceJSON: JSON.stringify({
- index: 'wazuh-alerts',
- filter: [],
- query: { query: '', language: 'lucene' },
- }),
- },
- },
- _type: 'visualization',
- },
- {
- _id: 'Wazuh-App-Overview-NIST-Agents',
- _source: {
- title: 'Most active agents',
- visState: JSON.stringify({
- title: 'NIST-Top-10-agents',
- type: 'pie',
- params: {
- type: 'pie',
- addTooltip: true,
- addLegend: true,
- legendPosition: 'right',
- isDonut: true,
- labels: {
- show: false,
- values: true,
- last_level: true,
- truncate: 100,
- },
- dimensions: {
- metric: {
- accessor: 1,
- format: { id: 'number' },
- params: {},
- aggType: 'count',
- },
- buckets: [
- {
- accessor: 0,
- format: {
- id: 'terms',
- params: {
- id: 'string',
- otherBucketLabel: 'Other',
- missingBucketLabel: 'Missing',
- },
- },
- params: {},
- aggType: 'terms',
- },
- ],
- },
- },
- aggs: [
- {
- id: '1',
- enabled: true,
- type: 'count',
- schema: 'metric',
- params: {},
- },
- {
- id: '2',
- enabled: true,
- type: 'terms',
- schema: 'segment',
- params: {
- field: 'agent.name',
- orderBy: '1',
- order: 'desc',
- size: 10,
- otherBucket: false,
- otherBucketLabel: 'Other',
- missingBucket: false,
- missingBucketLabel: 'Missing',
- customLabel: 'Agent',
- },
- },
- ],
- }),
- uiStateJSON: '{}',
- description: '',
- version: 1,
- kibanaSavedObjectMeta: {
- searchSourceJSON: JSON.stringify({
- index: 'wazuh-alerts',
- filter: [],
- query: { query: '', language: 'lucene' },
- }),
- },
- },
- _type: 'visualization',
- },
- {
- _id: 'Wazuh-App-Overview-NIST-Alerts-summary',
- _type: 'visualization',
- _source: {
- title: 'Alerts summary',
- visState: JSON.stringify({
- title: 'NIST-Alerts-summary',
- type: 'table',
- params: {
- perPage: 10,
- showPartialRows: false,
- showMetricsAtAllLevels: false,
- sort: { columnIndex: 3, direction: 'desc' },
- showTotal: false,
- showToolbar: true,
- totalFunc: 'sum',
- dimensions: {
- metrics: [
- {
- accessor: 3,
- format: { id: 'number' },
- params: {},
- aggType: 'count',
- },
- ],
- buckets: [
- {
- accessor: 0,
- format: {
- id: 'terms',
- params: {
- id: 'string',
- otherBucketLabel: 'Other',
- missingBucketLabel: 'Missing',
- },
- },
- params: {},
- aggType: 'terms',
- },
- {
- accessor: 1,
- format: {
- id: 'terms',
- params: {
- id: 'string',
- otherBucketLabel: 'Other',
- missingBucketLabel: 'Missing',
- },
- },
- params: {},
- aggType: 'terms',
- },
- {
- accessor: 2,
- format: {
- id: 'terms',
- params: {
- id: 'number',
- otherBucketLabel: 'Other',
- missingBucketLabel: 'Missing',
- },
- },
- params: {},
- aggType: 'terms',
- },
- ],
- },
- },
- aggs: [
- {
- id: '1',
- enabled: true,
- type: 'count',
- schema: 'metric',
- params: {},
- },
- {
- id: '2',
- enabled: true,
- type: 'terms',
- schema: 'bucket',
- params: {
- field: 'agent.name',
- orderBy: '1',
- order: 'desc',
- size: 50,
- otherBucket: false,
- otherBucketLabel: 'Other',
- missingBucket: false,
- missingBucketLabel: 'Missing',
- customLabel: 'Agent',
- },
- },
- {
- id: '3',
- enabled: true,
- type: 'terms',
- schema: 'bucket',
- params: {
- field: 'rule.nist_800_53',
- orderBy: '1',
- order: 'desc',
- size: 20,
- otherBucket: false,
- otherBucketLabel: 'Other',
- missingBucket: false,
- missingBucketLabel: 'Missing',
- customLabel: 'Requirement',
- },
- },
- {
- id: '4',
- enabled: true,
- type: 'terms',
- schema: 'bucket',
- params: {
- field: 'rule.level',
- orderBy: '1',
- order: 'desc',
- size: 5,
- otherBucket: false,
- otherBucketLabel: 'Other',
- missingBucket: false,
- missingBucketLabel: 'Missing',
- customLabel: 'Rule level',
- },
- },
- ],
- }),
- uiStateJSON: JSON.stringify({
- vis: { params: { sort: { columnIndex: 3, direction: 'desc' } } },
- }),
- description: '',
- version: 1,
- kibanaSavedObjectMeta: {
- searchSourceJSON: JSON.stringify({
- index: 'wazuh-alerts',
- filter: [],
- query: { query: '', language: 'lucene' },
- }),
- },
- },
- },
-];