From 91ff5b699742965ac49648cad09ca4d75806ea0d Mon Sep 17 00:00:00 2001 From: Federico Rodriguez Date: Wed, 20 Mar 2024 13:09:08 +0100 Subject: [PATCH 1/5] Change vulnerabilities injector script --- .../vulnerabilities-events-injector/DIS_Template.json | 11 +++++++---- .../dataInjectScript.py | 3 ++- 2 files changed, 9 insertions(+), 5 deletions(-) diff --git a/scripts/vulnerabilities-events-injector/DIS_Template.json b/scripts/vulnerabilities-events-injector/DIS_Template.json index a68baf66e8..a441694477 100644 --- a/scripts/vulnerabilities-events-injector/DIS_Template.json +++ b/scripts/vulnerabilities-events-injector/DIS_Template.json @@ -13,9 +13,6 @@ } ], "properties": { - "@timestamp": { - "type": "date" - }, "agent": { "properties": { "build": { @@ -239,6 +236,9 @@ } } }, + "detected_at": { + "type": "date" + }, "manager": { "properties": { "name": { @@ -247,6 +247,9 @@ } } }, + "published_at": { + "type": "date" + }, "node": { "properties": { "name": { @@ -270,4 +273,4 @@ "refresh_interval": "2s" } } -} +} \ No newline at end of file diff --git a/scripts/vulnerabilities-events-injector/dataInjectScript.py b/scripts/vulnerabilities-events-injector/dataInjectScript.py index aa50604a3a..b58ca35e1c 100644 --- a/scripts/vulnerabilities-events-injector/dataInjectScript.py +++ b/scripts/vulnerabilities-events-injector/dataInjectScript.py @@ -120,12 +120,13 @@ def generateRandomVulnerability(): def generateRandomWazuh(): wazuh = {} wazuh['cluster'] = {'name':random.choice(['wazuh.manager', 'wazuh']), 'node':random.choice(['master','worker-01','worker-02','worker-03'])} + wazuh['published_at'] = generateRandomDate() + wazuh['detected_at'] = generateRandomDate() return(wazuh) def generateRandomData(number): for i in range(0, int(number)): yield{ - '@timestamp':generateRandomDate(), 'agent':generateRandomAgent(), 'ecs':{'version':'1.7.0'}, 'host':generateRandomHost(), From 7e509338cf1703f95a8e793968855bba96cda92e Mon Sep 17 00:00:00 2001 From: Federico Rodriguez Date: Wed, 20 Mar 2024 15:21:01 +0100 Subject: [PATCH 2/5] Change dashboard visualizations --- .../dashboards/overview/dashboard.tsx | 46 +++++++++---------- .../dashboards/overview/dashboard_panels.ts | 3 +- .../overview/dashboard_panels_filters.ts | 40 ++++++++-------- .../overview/dashboard_panels_kpis.ts | 18 ++++---- 4 files changed, 54 insertions(+), 53 deletions(-) diff --git a/plugins/main/public/components/overview/vulnerabilities/dashboards/overview/dashboard.tsx b/plugins/main/public/components/overview/vulnerabilities/dashboards/overview/dashboard.tsx index d8489e1920..b515411f81 100644 --- a/plugins/main/public/components/overview/vulnerabilities/dashboards/overview/dashboard.tsx +++ b/plugins/main/public/components/overview/vulnerabilities/dashboards/overview/dashboard.tsx @@ -113,6 +113,29 @@ const DashboardVulsComponent: React.FC = () => { ) : null} {!isLoading && !isSearching && results?.hits?.total > 0 ? (
+
{ onInputUpdated={handleFilterByVisualization} />
- ; } => { return { - topPackageSelector: { + topVulnerabilities: { gridData: { - w: 12, + w: 9, h: 12, x: 0, y: 0, - i: 'topPackageSelector', + i: 'topVulnerabilities', }, type: 'visualization', explicitInput: { - id: 'topPackageSelector', + id: 'topVulnerabilities', savedVis: getVisStateFilter( - 'topPackageSelector', + 'topVulnerabilities', indexPatternId, - 'Top packages vulnerabilities', - 'Top 5 packages', - 'package.name', + 'Top vulnerabilities', + 'Top 5 vulnerabilities', + 'vulnerability.id', ), }, }, topOSVulnerabilities: { gridData: { - w: 12, + w: 15, h: 12, - x: 12, + x: 9, y: 0, i: 'topOSVulnerabilities', }, @@ -128,7 +128,7 @@ export const getDashboardFilters = ( }, topAgentVulnerabilities: { gridData: { - w: 12, + w: 15, h: 12, x: 24, y: 0, @@ -146,23 +146,23 @@ export const getDashboardFilters = ( ), }, }, - topVulnerabilities: { + topPackageSelector: { gridData: { - w: 12, + w: 9, h: 12, - x: 36, + x: 39, y: 0, - i: 'topVulnerabilities', + i: 'topPackageSelector', }, type: 'visualization', explicitInput: { - id: 'topVulnerabilities', + id: 'topPackageSelector', savedVis: getVisStateFilter( - 'topVulnerabilities', + 'topPackageSelector', indexPatternId, - 'Top vulnerabilities', - 'Top 5 vulnerabilities', - 'vulnerability.id', + 'Top packages vulnerabilities', + 'Top 5 packages', + 'package.name', ), }, }, diff --git a/plugins/main/public/components/overview/vulnerabilities/dashboards/overview/dashboard_panels_kpis.ts b/plugins/main/public/components/overview/vulnerabilities/dashboards/overview/dashboard_panels_kpis.ts index 4fc899a67c..996c2af3e4 100644 --- a/plugins/main/public/components/overview/vulnerabilities/dashboards/overview/dashboard_panels_kpis.ts +++ b/plugins/main/public/components/overview/vulnerabilities/dashboards/overview/dashboard_panels_kpis.ts @@ -60,7 +60,7 @@ const getVisStateSeverityCritical = (indexPatternId: string) => { enabled: true, type: 'count', params: { - customLabel: ' ', + customLabel: 'Critical', }, schema: 'metric', }, @@ -75,7 +75,7 @@ const getVisStateSeverityCritical = (indexPatternId: string) => { query: 'vulnerability.severity:"Critical"', language: 'kuery', }, - label: '- Critical severity alerts', + label: 'Severity', }, ], }, @@ -126,7 +126,7 @@ const getVisStateSeverityHigh = (indexPatternId: string) => { uiState: { vis: { colors: { - 'High Severity Alerts - Count': '#38D1BA', + 'High Severity - Count': '#38D1BA', }, }, }, @@ -152,7 +152,7 @@ const getVisStateSeverityHigh = (indexPatternId: string) => { enabled: true, type: 'count', params: { - customLabel: ' ', + customLabel: 'High', }, schema: 'metric', }, @@ -167,7 +167,7 @@ const getVisStateSeverityHigh = (indexPatternId: string) => { query: 'vulnerability.severity:"High"', language: 'kuery', }, - label: '- High severity alerts', + label: 'Severity', }, ], }, @@ -237,7 +237,7 @@ const getVisStateSeverityMedium = (indexPatternId: string) => { enabled: true, type: 'count', params: { - customLabel: ' ', + customLabel: 'Medium', }, schema: 'metric', }, @@ -252,7 +252,7 @@ const getVisStateSeverityMedium = (indexPatternId: string) => { query: 'vulnerability.severity:"Medium"', language: 'kuery', }, - label: '- Medium severity alerts', + label: 'Severity', }, ], }, @@ -322,7 +322,7 @@ const getVisStateSeverityLow = (indexPatternId: string) => { enabled: true, type: 'count', params: { - customLabel: ' ', + customLabel: 'Low', }, schema: 'metric', }, @@ -337,7 +337,7 @@ const getVisStateSeverityLow = (indexPatternId: string) => { query: 'vulnerability.severity:"Low"', language: 'kuery', }, - label: '- Low severity alerts', + label: 'Severity', }, ], }, From 175270a1244c2d0dff1bbf665c922ed8eef3d9b4 Mon Sep 17 00:00:00 2001 From: Federico Rodriguez Date: Mon, 25 Mar 2024 19:48:52 +0100 Subject: [PATCH 3/5] Fixed the vulnerabilities template fields --- .../DIS_Template.json | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/scripts/vulnerabilities-events-injector/DIS_Template.json b/scripts/vulnerabilities-events-injector/DIS_Template.json index a441694477..14d6167f1d 100644 --- a/scripts/vulnerabilities-events-injector/DIS_Template.json +++ b/scripts/vulnerabilities-events-injector/DIS_Template.json @@ -179,6 +179,9 @@ "ignore_above": 1024, "type": "keyword" }, + "detected_at": { + "type": "date" + }, "enumeration": { "ignore_above": 1024, "type": "keyword" @@ -187,6 +190,9 @@ "ignore_above": 1024, "type": "keyword" }, + "published_at": { + "type": "date" + }, "reference": { "ignore_above": 1024, "type": "keyword" @@ -236,9 +242,6 @@ } } }, - "detected_at": { - "type": "date" - }, "manager": { "properties": { "name": { @@ -247,9 +250,6 @@ } } }, - "published_at": { - "type": "date" - }, "node": { "properties": { "name": { From 88e9371ca2b8235bdfa7aeeb95d43ed8282e572e Mon Sep 17 00:00:00 2001 From: Federico Rodriguez Date: Mon, 25 Mar 2024 19:49:16 +0100 Subject: [PATCH 4/5] Fixed the vulnerabilities script fields --- scripts/vulnerabilities-events-injector/dataInjectScript.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/scripts/vulnerabilities-events-injector/dataInjectScript.py b/scripts/vulnerabilities-events-injector/dataInjectScript.py index b58ca35e1c..cee658ad92 100644 --- a/scripts/vulnerabilities-events-injector/dataInjectScript.py +++ b/scripts/vulnerabilities-events-injector/dataInjectScript.py @@ -115,13 +115,13 @@ def generateRandomVulnerability(): vulnerability['scanner'] = {'vendor':'vendor-{}'.format(random.randint(0, 9))} vulnerability['score'] = {'base':round(random.uniform(0, 10),1), 'environmental':round(random.uniform(0, 10),1), 'temporal':round(random.uniform(0, 10),1),'version':'{}'.format(round(random.uniform(0, 10),1))} vulnerability['severity'] = random.choice(['Low','Medium','High','Critical']) + vulnerability['published_at'] = generateRandomDate() + vulnerability['detected_at'] = generateRandomDate() return(vulnerability) def generateRandomWazuh(): wazuh = {} wazuh['cluster'] = {'name':random.choice(['wazuh.manager', 'wazuh']), 'node':random.choice(['master','worker-01','worker-02','worker-03'])} - wazuh['published_at'] = generateRandomDate() - wazuh['detected_at'] = generateRandomDate() return(wazuh) def generateRandomData(number): From 179269ccbc79e0ef60f89bbd87e09195159673f1 Mon Sep 17 00:00:00 2001 From: Federico Rodriguez Date: Mon, 25 Mar 2024 19:51:59 +0100 Subject: [PATCH 5/5] Fixed the vulnerability.published_at field in the dashboard --- .../vulnerabilities/dashboards/overview/dashboard_panels.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/plugins/main/public/components/overview/vulnerabilities/dashboards/overview/dashboard_panels.ts b/plugins/main/public/components/overview/vulnerabilities/dashboards/overview/dashboard_panels.ts index affa89d0e1..8ff1084b67 100644 --- a/plugins/main/public/components/overview/vulnerabilities/dashboards/overview/dashboard_panels.ts +++ b/plugins/main/public/components/overview/vulnerabilities/dashboards/overview/dashboard_panels.ts @@ -401,7 +401,7 @@ const getVisStateAccumulationMostDetectedVulnerabilities = ( enabled: true, type: 'date_histogram', params: { - field: 'wazuh.published_at', + field: 'vulnerability.published_at', customLabel: 'Published at', timeRange: { from: 'now-24h',