diff --git a/source/deployment-options/amazon-machine-images/amazon-machine-images.rst b/source/deployment-options/amazon-machine-images/amazon-machine-images.rst index a86b7bc6c4..3867567119 100644 --- a/source/deployment-options/amazon-machine-images/amazon-machine-images.rst +++ b/source/deployment-options/amazon-machine-images/amazon-machine-images.rst @@ -94,10 +94,7 @@ All components included in this AMI are configured to work out-of-the-box withou - Wazuh manager: ``/var/ossec/etc/ossec.conf`` - Wazuh indexer: ``/etc/wazuh-indexer/opensearch.yml`` - Filebeat-OSS: ``/etc/filebeat/filebeat.yml`` -- Wazuh dashboard: - - - ``/etc/wazuh-dashboard/opensearch_dashboards.yml`` - - ``/usr/share/wazuh-dashboard/data/wazuh/config/wazuh.yml`` +- Wazuh dashboard: ``/etc/wazuh-dashboard/opensearch_dashboards.yml`` To learn more about configuring Wazuh, see the :doc:`User manual `. diff --git a/source/deployment-options/offline-installation/step-by-step.rst b/source/deployment-options/offline-installation/step-by-step.rst index f4167fd565..8377d29fd2 100644 --- a/source/deployment-options/offline-installation/step-by-step.rst +++ b/source/deployment-options/offline-installation/step-by-step.rst @@ -377,19 +377,6 @@ Installing the Wazuh dashboard .. include:: /_templates/installations/dashboard/enable_dashboard.rst -#. **Only for distributed deployments**: Edit the file ``/usr/share/wazuh-dashboard/data/wazuh/config/wazuh.yml`` and replace the ``url`` value with the IP address or hostname of the Wazuh server master node. - - .. code-block:: yaml - :emphasize-lines: 3 - - hosts: - - default: - url: https://localhost - port: 55000 - username: wazuh-wui - password: wazuh-wui - run_as: false - #. Run the following command to verify the Wazuh dashboard service is active. .. include:: /_templates/installations/wazuh/common/check_wazuh_dashboard.rst @@ -400,7 +387,22 @@ Installing the Wazuh dashboard - **Username**: admin - **Password**: admin -Upon the first access to the Wazuh dashboard, the browser shows a warning message stating that the certificate was not issued by a trusted authority. An exception can be added in the advanced options of the web browser or, for increased security, the ``root-ca.pem`` file previously generated can be imported to the certificate manager of the browser. Alternatively, a certificate from a trusted authority can be configured. + .. note:: + :class: not-long + + Upon the first access to the Wazuh dashboard, the browser shows a warning message stating that the certificate was not issued by a trusted authority. An exception can be added in the advanced options of the web browser or, for increased security, the ``root-ca.pem`` file previously generated can be imported to the certificate manager of the browser. Alternatively, a certificate from a trusted authority can be configured. + +#. Go to **Dashboard management** > **Server APIs** to add a new server API connection. Click on **Add API connection** button and fill the form with the following values. + + .. image:: /images/wazuh-dashboard/api-connections/wazuh-dashboard-add-api-connection.jpg + :align: center + + - **ID**: ``default`` + - **URL**: IP address or hostname of the Wazuh server master node + - **Port**: ``55000`` + - **Username**: ``wazuh-wui`` + - **Password**: ``wazuh-wui`` + - **Run as**: ``false`` Securing your Wazuh installation ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ @@ -518,23 +520,15 @@ Select your deployment type and follow the instructions to change the default pa # echo | /usr/share/wazuh-dashboard/bin/opensearch-dashboards-keystore --allow-root add -f --stdin opensearch.password - #. Update the ``/usr/share/wazuh-dashboard/data/wazuh/config/wazuh.yml`` configuration file with the new `wazuh-wui` password generated in the second step. - - .. code-block:: yaml - :emphasize-lines: 6 - - hosts: - - default: - url: https://localhost - port: 55000 - username: wazuh-wui - password: "" - run_as: false - #. Restart the Wazuh dashboard to apply the changes. .. include:: /_templates/common/restart_dashboard.rst + #. On the Wazuh dashboard, go to **Dashboard management** > **Server APIs** to update the API host password. Click on the edit button of the secured server API entry and replace the **Password** field. Then click on the **Apply** button to save. + + .. image:: /images/wazuh-dashboard/api-connections/wazuh-dashboard-edit-api-connection.jpg + :align: center + Next steps ^^^^^^^^^^ diff --git a/source/deployment-options/virtual-machine/virtual-machine.rst b/source/deployment-options/virtual-machine/virtual-machine.rst index 5a5662fa1b..aae88ee24a 100644 --- a/source/deployment-options/virtual-machine/virtual-machine.rst +++ b/source/deployment-options/virtual-machine/virtual-machine.rst @@ -107,11 +107,7 @@ All components included in this virtual image are configured to work out-of-the- - Filebeat-OSS: ``/etc/filebeat/filebeat.yml`` - - Wazuh dashboard: - - - ``/etc/wazuh-dashboard/opensearch_dashboards.yml`` - - - ``/usr/share/wazuh-dashboard/data/wazuh/config/wazuh.yml`` + - Wazuh dashboard: ``/etc/wazuh-dashboard/opensearch_dashboards.yml`` VirtualBox time configuration ----------------------------- diff --git a/source/images/wazuh-dashboard/api-connections/wazuh-dashboard-add-api-connection.jpg b/source/images/wazuh-dashboard/api-connections/wazuh-dashboard-add-api-connection.jpg new file mode 100644 index 0000000000..8566eb0069 Binary files /dev/null and b/source/images/wazuh-dashboard/api-connections/wazuh-dashboard-add-api-connection.jpg differ diff --git a/source/images/wazuh-dashboard/api-connections/wazuh-dashboard-check-api-connection-run-as-is-enabled.jpg b/source/images/wazuh-dashboard/api-connections/wazuh-dashboard-check-api-connection-run-as-is-enabled.jpg new file mode 100644 index 0000000000..c102cf779f Binary files /dev/null and b/source/images/wazuh-dashboard/api-connections/wazuh-dashboard-check-api-connection-run-as-is-enabled.jpg differ diff --git a/source/images/wazuh-dashboard/api-connections/wazuh-dashboard-check-api-connection-run-as.jpg b/source/images/wazuh-dashboard/api-connections/wazuh-dashboard-check-api-connection-run-as.jpg new file mode 100644 index 0000000000..e7129caf15 Binary files /dev/null and b/source/images/wazuh-dashboard/api-connections/wazuh-dashboard-check-api-connection-run-as.jpg differ diff --git a/source/images/wazuh-dashboard/api-connections/wazuh-dashboard-edit-api-connection.jpg b/source/images/wazuh-dashboard/api-connections/wazuh-dashboard-edit-api-connection.jpg new file mode 100644 index 0000000000..20f0900e61 Binary files /dev/null and b/source/images/wazuh-dashboard/api-connections/wazuh-dashboard-edit-api-connection.jpg differ diff --git a/source/installation-guide/wazuh-dashboard/step-by-step.rst b/source/installation-guide/wazuh-dashboard/step-by-step.rst index c150631490..05449274de 100644 --- a/source/installation-guide/wazuh-dashboard/step-by-step.rst +++ b/source/installation-guide/wazuh-dashboard/step-by-step.rst @@ -98,22 +98,6 @@ Starting the Wazuh dashboard service .. include:: /_templates/installations/dashboard/enable_dashboard.rst - - **Only for distributed deployments** - - Edit the ``/usr/share/wazuh-dashboard/data/wazuh/config/wazuh.yml`` file and replace the ``url`` value with the IP address or hostname of the Wazuh server master node. - - .. code-block:: yaml - :emphasize-lines: 3 - - hosts: - - default: - url: https://localhost - port: 55000 - username: wazuh-wui - password: wazuh-wui - run_as: false - #. Access the Wazuh web interface with your credentials. @@ -121,8 +105,23 @@ Starting the Wazuh dashboard service - **Username**: *admin* - **Password**: *admin* - When you access the Wazuh dashboard for the first time, the browser shows a warning message stating that the certificate was not issued by a trusted authority. An exception can be added in the advanced options of the web browser. For increased security, the ``root-ca.pem`` file previously generated can be imported to the certificate manager of the browser. Alternatively, a certificate from a trusted authority can be configured. + .. note:: + :class: not-long + + + When you access the Wazuh dashboard for the first time, the browser shows a warning message stating that the certificate was not issued by a trusted authority. An exception can be added in the advanced options of the web browser. For increased security, the ``root-ca.pem`` file previously generated can be imported to the certificate manager of the browser. Alternatively, a certificate from a trusted authority can be configured. + + #. Go to **Dashboard management** > **Server APIs** to add a new server API connection. Click on **Add API connection** button and fill the form with the following values. + + .. image:: /images/wazuh-dashboard/api-connections/wazuh-dashboard-add-api-connection.jpg + :align: center + - **ID**: ``default`` + - **URL**: IP address or hostname of the Wazuh server master node + - **Port**: ``55000`` + - **Username**: ``wazuh-wui`` + - **Password**: ``wazuh-wui`` + - **Run as**: ``false`` Securing your Wazuh installation -------------------------------- @@ -209,23 +208,14 @@ Select your deployment type and follow the instructions to change the default pa # echo | /usr/share/wazuh-dashboard/bin/opensearch-dashboards-keystore --allow-root add -f --stdin opensearch.password - #. Update the ``/usr/share/wazuh-dashboard/data/wazuh/config/wazuh.yml`` configuration file with the new `wazuh-wui` password generated in the second step. - - .. code-block:: yaml - :emphasize-lines: 6 - - hosts: - - default: - url: https://localhost - port: 55000 - username: wazuh-wui - password: "" - run_as: false - #. Restart the Wazuh dashboard to apply the changes. .. include:: /_templates/common/restart_dashboard.rst + #. On Wazuh dashboard, go to **Dashboard management** > **Server APIs** to update the API host password. Click on the edit button of the secured server API entry and replace the **Password** field. Then, click on the **Apply** button to save. + + .. image:: /images/wazuh-dashboard/api-connections/wazuh-dashboard-edit-api-connection.jpg + :align: center Next steps ---------- diff --git a/source/user-manual/api/securing-api.rst b/source/user-manual/api/securing-api.rst index 75b2af7db8..a7bfc0fa5f 100644 --- a/source/user-manual/api/securing-api.rst +++ b/source/user-manual/api/securing-api.rst @@ -54,7 +54,8 @@ Recommended changes to secure the Wazuh API After changing the password, there is no need to restart the Wazuh API but a new :api-ref:`authentication ` will be required for the affected users. .. warning:: - Changing the **wazuh-wui** user password will affect the Wazuh UI. You will have to update the ``/usr/share/wazuh-dashboard/data/wazuh/config/wazuh.yml`` configuration file accordingly with the new credentials. To learn more, see the :doc:`Wazuh dashboard configuration file ` document. + + Changing the ``wazuh-wui`` user password affects the Wazuh UI. You need to update the API host entry with the new credentials accordingly. To learn more, see the :doc:`Wazuh dashboard API host configuration ` section. #. Change the default host and port: diff --git a/source/user-manual/files-backup/creating/wazuh-central-components.rst b/source/user-manual/files-backup/creating/wazuh-central-components.rst index 02e000b4c7..d59363b6ac 100644 --- a/source/user-manual/files-backup/creating/wazuh-central-components.rst +++ b/source/user-manual/files-backup/creating/wazuh-central-components.rst @@ -115,8 +115,7 @@ Backing up the Wazuh indexer and dashboard # rsync -aREz \ /etc/wazuh-dashboard/certs/ \ /etc/wazuh-dashboard/opensearch_dashboards.yml \ - /usr/share/wazuh-dashboard/config/opensearch_dashboards.keystore \ - /usr/share/wazuh-dashboard/data/wazuh/config/wazuh.yml $bkp_folder + /usr/share/wazuh-dashboard/config/opensearch_dashboards.keystore $bkp_folder #. If present, back up your downloads and custom images. diff --git a/source/user-manual/user-administration/ldap.rst b/source/user-manual/user-administration/ldap.rst index 764a79d1f9..a7ff7ccf58 100644 --- a/source/user-manual/user-administration/ldap.rst +++ b/source/user-manual/user-administration/ldap.rst @@ -233,20 +233,10 @@ Follow these steps to create a new role mapping and grant administrator permissi Done with success SUCC: Expected 1 config types for node {"updated_config_types":["rolesmapping"],"updated_config_size":1,"message":null} is 1 (["rolesmapping"]) due to: null -#. Check the value of ``run_as`` in the ``/usr/share/wazuh-dashboard/data/wazuh/config/wazuh.yml`` configuration file. If ``run_as`` is set to ``false``, proceed to the next step. +#. Check the value of **Run as** in the API host entry configuration on **Dashboard management** > **Server APIs**. If **Run as** is set to ``false``, proceed to the next step. If **Run as** is set to ``true``, you need to add a role mapping on the Wazuh dashboard. To map the backend role to Wazuh, follow these steps: - .. code-block:: yaml - :emphasize-lines: 7 - - hosts: - - default: - url: https://localhost - port: 55000 - username: wazuh-wui - password: "" - run_as: false - - If ``run_as`` is set to ``true``, you need to add a role mapping on the Wazuh dashboard. To map the backend role to Wazuh, follow these steps: + .. image:: /images/wazuh-dashboard/api-connections/wazuh-dashboard-check-api-connection-run-as.jpg + :align: center #. Click **☰** to open the menu on the Wazuh dashboard, go to **Server management** > **Security**, and then **Roles mapping** to open the page. @@ -299,20 +289,10 @@ Setup read-only role #. Select the **Mapped users** tab and click **Manage mapping**. #. Under **Backend roles**, assign the name of the read-only role you have in your LDAP server and click on **Map** to confirm the action. In our case, the backend role (CN) is ``readonly``. -#. Check the value of ``run_as`` in the ``/usr/share/wazuh-dashboard/data/wazuh/config/wazuh.yml`` configuration file. If ``run_as`` is set to ``false``, proceed to the next step. - - .. code-block:: yaml - :emphasize-lines: 7 - - hosts: - - default: - url: https://localhost - port: 55000 - username: wazuh-wui - password: "" - run_as: false - - If ``run_as`` is set to ``true``, you need to add a role mapping on the Wazuh dashboard. To map the backend role to Wazuh, follow these steps: +#. Check the value of **Run as** in the API host entry configuration on **Dashboard management** > **Server APIs**. If **Run as** is disabled, proceed to the next step. If **Run as** is enabled, you need to add a role mapping on the Wazuh dashboard. To map the backend role to Wazuh, follow these steps: + + .. image:: /images/wazuh-dashboard/api-connections/wazuh-dashboard-check-api-connection-run-as.jpg + :align: center #. Click the upper-left menu icon **☰** to open the menu on the Wazuh dashboard, go to **Server management** > **Security**, and then **Roles mapping** to open the page. diff --git a/source/user-manual/user-administration/password-management.rst b/source/user-manual/user-administration/password-management.rst index 8192f8ede5..96bf96ba93 100644 --- a/source/user-manual/user-administration/password-management.rst +++ b/source/user-manual/user-administration/password-management.rst @@ -233,19 +233,11 @@ Follow the instructions below to change the passwords for all the Wazuh indexer # echo | /usr/share/wazuh-dashboard/bin/opensearch-dashboards-keystore --allow-root add -f --stdin opensearch.password -#. Update the ``/usr/share/wazuh-dashboard/data/wazuh/config/wazuh.yml`` configuration file with the new `wazuh-wui` password generated in the second step. - - .. code-block:: yaml - :emphasize-lines: 6 +#. Restart the Wazuh dashboard to apply the changes. - hosts: - - default: - url: https://localhost - port: 55000 - username: wazuh-wui - password: "" - run_as: false + .. include:: /_templates/common/restart_dashboard.rst -#. Restart the Wazuh dashboard to apply the changes. +#. Go to **Dashboard management** > **Server APIs** to update the password of the API host entry with the new `wazuh-wui` password generated in the second step. Click on the edit button of the related API host. Change the **Password** and then click on **Apply** to save the changes. - .. include:: /_templates/common/restart_dashboard.rst \ No newline at end of file + .. image:: /images/wazuh-dashboard/api-connections/wazuh-dashboard-edit-api-connection.jpg + :align: center \ No newline at end of file diff --git a/source/user-manual/user-administration/rbac.rst b/source/user-manual/user-administration/rbac.rst index a00fbb05c1..f8e750e1af 100644 --- a/source/user-manual/user-administration/rbac.rst +++ b/source/user-manual/user-administration/rbac.rst @@ -69,7 +69,10 @@ Follow these steps to create an internal user, create a new role mapping, and gi #. Click **Save role mapping** to save and map the user with Wazuh as *administrator*. - For the role mapping to take effect, make sure that ``run_as`` is set to ``true`` in the ``/usr/share/wazuh-dashboard/data/wazuh/config/wazuh.yml`` configuration file. Restart the Wazuh dashboard service and clear your browser cache and cookies. + For the role mapping to take effect, make sure that **Run as** is set to ``true`` in the API host entry configuration on **Dashboard management** > **Server APIs**. Restart the Wazuh dashboard service and clear your browser cache and cookies. + + .. image:: /images/wazuh-dashboard/api-connections/wazuh-dashboard-check-api-connection-run-as-is-enabled.jpg + :align: center Creating and setting a Wazuh read-only user ------------------------------------------- @@ -126,8 +129,10 @@ Follow these steps to create an internal user, create a new role mapping, and gi #. Click **Save role mapping** to save and map the user with Wazuh as *read-only*. - For the role mapping to take effect, make sure that ``run_as`` is set to ``true`` in the ``/usr/share/wazuh-dashboard/data/wazuh/config/wazuh.yml`` configuration file. Restart the Wazuh dashboard service and clear your browser cache and cookies. + For the role mapping to take effect, make sure that **Run as** is set to ``true`` in the API host entry configuration on **Dashboard management** > **Server APIs**. Restart the Wazuh dashboard service and clear your browser cache and cookies. + .. image:: /images/wazuh-dashboard/api-connections/wazuh-dashboard-check-api-connection-run-as-is-enabled.jpg + :align: center Creating an internal user and mapping it to Wazuh ------------------------------------------------- @@ -172,8 +177,10 @@ Follow these steps to create an internal user and map it to a role of your choic #. Click **Save role mapping** to save and map the user with Wazuh. - For the role mapping to take effect, make sure that ``run_as`` is set to ``true`` in the ``/usr/share/wazuh-dashboard/data/wazuh/config/wazuh.yml`` configuration file. Restart the Wazuh dashboard service and clear your browser cache and cookies. + For the role mapping to take effect, make sure that **Run as** is set to ``true`` in the API host entry configuration on **Dashboard management** > **Server APIs**. Restart the Wazuh dashboard service and clear your browser cache and cookies. + .. image:: /images/wazuh-dashboard/api-connections/wazuh-dashboard-check-api-connection-run-as-is-enabled.jpg + :align: center .. _wazuh-rbac-use-case-agents-group: @@ -345,7 +352,10 @@ To map the user with Wazuh, follow these steps: #. Click **Save role mapping** to finish the action. - For the role mapping to take effect, make sure that ``run_as`` is set to ``true`` in the ``/usr/share/wazuh-dashboard/data/wazuh/config/wazuh.yml`` configuration file. Restart the Wazuh dashboard service and clear your browser cache and cookies. + For the role mapping to take effect, make sure that **Run as** is set to ``true`` in the API host entry configuration on **Dashboard management** > **Server APIs**. Restart the Wazuh dashboard service and clear your browser cache and cookies. + + .. image:: /images/wazuh-dashboard/api-connections/wazuh-dashboard-check-api-connection-run-as-is-enabled.jpg + :align: center You have now created a new internal user and mapped it to manage a Wazuh agents' group. Authenticate with the new user and open the Wazuh dashboard, see that only ``Team_A`` agents' alerts and information are displayed. diff --git a/source/user-manual/user-administration/single-sign-on/administrator/google.rst b/source/user-manual/user-administration/single-sign-on/administrator/google.rst index 96e665a246..2468408332 100644 --- a/source/user-manual/user-administration/single-sign-on/administrator/google.rst +++ b/source/user-manual/user-administration/single-sign-on/administrator/google.rst @@ -243,21 +243,11 @@ Edit the Wazuh indexer security configuration files. We recommend that you back Wazuh dashboard configuration ----------------------------- -#. Check the value of ``run_as`` in the ``/usr/share/wazuh-dashboard/data/wazuh/config/wazuh.yml`` configuration file. If ``run_as`` is set to ``false``, proceed to the next step. - - .. code-block:: yaml - :emphasize-lines: 7 - - hosts: - - default: - url: https://localhost - port: 55000 - username: wazuh-wui - password: "" - run_as: false - - If ``run_as`` is set to ``true``, you need to add a role mapping on the Wazuh dashboard. To map the backend role to Wazuh, follow these steps: +#. Check the value of **Run as** in the API host entry configuration on **Dashboard management** > **Server APIs**. If **Run as** is set to ``false``, proceed to the next step. If **Run as** is set to ``true``, you need to add a role mapping on the Wazuh dashboard. To map the backend role to Wazuh, follow these steps: + .. image:: /images/wazuh-dashboard/api-connections/wazuh-dashboard-check-api-connection-run-as.jpg + :align: center + #. Click **☰** to open the menu on the Wazuh dashboard, go to **Server management** > **Security**, and then **Roles mapping** to open the page. .. thumbnail:: /images/single-sign-on/Wazuh-role-mapping.gif diff --git a/source/user-manual/user-administration/single-sign-on/administrator/jumpcloud.rst b/source/user-manual/user-administration/single-sign-on/administrator/jumpcloud.rst index 1894230b1f..b3f636daf4 100644 --- a/source/user-manual/user-administration/single-sign-on/administrator/jumpcloud.rst +++ b/source/user-manual/user-administration/single-sign-on/administrator/jumpcloud.rst @@ -279,20 +279,10 @@ Edit the Wazuh indexer security configuration files. We recommend that you back Wazuh dashboard configuration ----------------------------- -#. Check the value of ``run_as`` in the ``/usr/share/wazuh-dashboard/data/wazuh/config/wazuh.yml`` configuration file. If ``run_as`` is set to ``false``, proceed to the next step. +#. Check the value of **Run as** in the API host entry configuration on **Dashboard management** > **Server APIs**. If **Run as** is set to ``false``, proceed to the next step. If **Run as** is set to ``true``, you need to add a role mapping on the Wazuh dashboard. To map the backend role to Wazuh, follow these steps: - .. code-block:: yaml - :emphasize-lines: 7 - - hosts: - - default: - url: https://localhost - port: 55000 - username: wazuh-wui - password: "" - run_as: false - - If ``run_as`` is set to ``true``, you need to add a role mapping on the Wazuh dashboard. To map the backend role to Wazuh, follow these steps: + .. image:: /images/wazuh-dashboard/api-connections/wazuh-dashboard-check-api-connection-run-as.jpg + :align: center #. Click **☰** to open the menu on the Wazuh dashboard, go to **Server management** > **Security**, and then **Roles mapping** to open the page. diff --git a/source/user-manual/user-administration/single-sign-on/administrator/keycloak.rst b/source/user-manual/user-administration/single-sign-on/administrator/keycloak.rst index 3d5a300c71..03591cb399 100644 --- a/source/user-manual/user-administration/single-sign-on/administrator/keycloak.rst +++ b/source/user-manual/user-administration/single-sign-on/administrator/keycloak.rst @@ -353,20 +353,10 @@ The command output must be similar to the following: Wazuh dashboard configuration ----------------------------- -#. Check the value of ``run_as`` in the ``/usr/share/wazuh-dashboard/data/wazuh/config/wazuh.yml`` configuration file. If ``run_as`` is set to ``false``, proceed to the next step. +#. Check the value of **Run as** in the API host entry configuration on **Dashboard management** > **Server APIs**. If **Run as** is set to ``false``, proceed to the next step. If **Run as** is set to ``true``, you need to add a role mapping on the Wazuh dashboard. To map the backend role to Wazuh, follow these steps: - .. code-block:: yaml - :emphasize-lines: 7 - - hosts: - - default: - url: https://localhost - port: 55000 - username: wazuh-wui - password: "" - run_as: false - - If ``run_as`` is set to ``true``, you need to add a role mapping on the Wazuh dashboard. To map the backend role to Wazuh, follow these steps: + .. image:: /images/wazuh-dashboard/api-connections/wazuh-dashboard-check-api-connection-run-as.jpg + :align: center #. Click **☰** to open the menu on the Wazuh dashboard, go to **Server management** > **Security**, and then **Roles mapping** to open the page. diff --git a/source/user-manual/user-administration/single-sign-on/administrator/microsoft-entra-id.rst b/source/user-manual/user-administration/single-sign-on/administrator/microsoft-entra-id.rst index f443d1d8bf..b8f2ada748 100644 --- a/source/user-manual/user-administration/single-sign-on/administrator/microsoft-entra-id.rst +++ b/source/user-manual/user-administration/single-sign-on/administrator/microsoft-entra-id.rst @@ -276,21 +276,11 @@ Edit the Wazuh indexer security configuration files. We recommend that you back Wazuh dashboard configuration ----------------------------- -#. Check the value of ``run_as`` in the ``/usr/share/wazuh-dashboard/data/wazuh/config/wazuh.yml`` configuration file. If ``run_as`` is set to ``false``, proceed to the next step. - - .. code-block:: yaml - :emphasize-lines: 7 - - hosts: - - default: - url: https://localhost - port: 55000 - username: wazuh-wui - password: "" - run_as: false - - If ``run_as`` is set to ``true``, you need to add a role mapping on the Wazuh dashboard. To map the backend role to Wazuh, follow these steps: +#. Check the value of **Run as** in the API host entry configuration on **Dashboard management** > **Server APIs**. If **Run as** is set to ``false``, proceed to the next step. If **Run as** is set to ``true``, you need to add a role mapping on the Wazuh dashboard. To map the backend role to Wazuh, follow these steps: + .. image:: /images/wazuh-dashboard/api-connections/wazuh-dashboard-check-api-connection-run-as.jpg + :align: center + #. Click **☰** to open the menu on the Wazuh dashboard, go to **Server management** > **Security**, and then **Roles mapping** to open the page. .. thumbnail:: /images/single-sign-on/Wazuh-role-mapping.gif diff --git a/source/user-manual/user-administration/single-sign-on/administrator/okta.rst b/source/user-manual/user-administration/single-sign-on/administrator/okta.rst index fc26dbb699..f2fac1f28e 100644 --- a/source/user-manual/user-administration/single-sign-on/administrator/okta.rst +++ b/source/user-manual/user-administration/single-sign-on/administrator/okta.rst @@ -276,20 +276,10 @@ Edit the Wazuh indexer security configuration files. We recommend that you back Wazuh dashboard configuration ----------------------------- -#. Check the value of ``run_as`` in the ``/usr/share/wazuh-dashboard/data/wazuh/config/wazuh.yml`` configuration file. If ``run_as`` is set to ``false``, proceed to the next step. +#. Check the value of **Run as** in the API host entry configuration on **Dashboard management** > **Server APIs**. If **Run as** is set to ``false``, proceed to the next step. If **Run as** is set to ``true``, you need to add a role mapping on the Wazuh dashboard. To map the backend role to Wazuh, follow these steps: - .. code-block:: yaml - :emphasize-lines: 7 - - hosts: - - default: - url: https://localhost - port: 55000 - username: wazuh-wui - password: "" - run_as: false - - If ``run_as`` is set to ``true``, you need to add a role mapping on the Wazuh dashboard. To map the backend role to Wazuh, follow these steps: + .. image:: /images/wazuh-dashboard/api-connections/wazuh-dashboard-check-api-connection-run-as.jpg + :align: center #. Click **☰** to open the menu on the Wazuh dashboard, go to **Server management** > **Security**, and then **Roles mapping** to open the page. diff --git a/source/user-manual/user-administration/single-sign-on/administrator/onelogin.rst b/source/user-manual/user-administration/single-sign-on/administrator/onelogin.rst index 5ef8c1ab04..dc97164b09 100644 --- a/source/user-manual/user-administration/single-sign-on/administrator/onelogin.rst +++ b/source/user-manual/user-administration/single-sign-on/administrator/onelogin.rst @@ -277,20 +277,10 @@ Edit the Wazuh indexer security configuration files. We recommend that you back Wazuh dashboard configuration ----------------------------- -#. Check the value of ``run_as`` in the ``/usr/share/wazuh-dashboard/data/wazuh/config/wazuh.yml`` configuration file. If ``run_as`` is set to ``false``, proceed to the next step. +#. Check the value of **Run as** in the API host entry configuration on **Dashboard management** > **Server APIs**. If **Run as** is set to ``false``, proceed to the next step. If **Run as** is set to ``true``, you need to add a role mapping on the Wazuh dashboard. To map the backend role to Wazuh, follow these steps: - .. code-block:: yaml - :emphasize-lines: 7 - - hosts: - - default: - url: https://localhost - port: 55000 - username: wazuh-wui - password: "" - run_as: false - - If ``run_as`` is set to ``true``, you need to add a role mapping on the Wazuh dashboard. To map the backend role to Wazuh, follow these steps: + .. image:: /images/wazuh-dashboard/api-connections/wazuh-dashboard-check-api-connection-run-as.jpg + :align: center #. Click **☰** to open the menu on the Wazuh dashboard, go to **Server management** > **Security**, and then **Roles mapping** to open the page. diff --git a/source/user-manual/user-administration/single-sign-on/administrator/pingone.rst b/source/user-manual/user-administration/single-sign-on/administrator/pingone.rst index ada87da9ad..2074f44355 100644 --- a/source/user-manual/user-administration/single-sign-on/administrator/pingone.rst +++ b/source/user-manual/user-administration/single-sign-on/administrator/pingone.rst @@ -247,20 +247,10 @@ Edit the Wazuh indexer security configuration files. We recommend that you back Wazuh dashboard configuration ----------------------------- -#. Check the value of ``run_as`` in the ``/usr/share/wazuh-dashboard/data/wazuh/config/wazuh.yml`` configuration file. If ``run_as`` is set to ``false``, proceed to the next step. +#. Check the value of **Run as** in the API host entry configuration on **Dashboard management** > **Server APIs**. If **Run as** is set to ``false``, proceed to the next step. If **Run as** is set to ``true``, you need to add a role mapping on the Wazuh dashboard. To map the backend role to Wazuh, follow these steps: - .. code-block:: yaml - :emphasize-lines: 7 - - hosts: - - default: - url: https://localhost - port: 55000 - username: wazuh-wui - password: "" - run_as: false - - If ``run_as`` is set to ``true``, you need to add a role mapping on the Wazuh dashboard. To map the backend role to Wazuh, follow these steps: + .. image:: /images/wazuh-dashboard/api-connections/wazuh-dashboard-check-api-connection-run-as.jpg + :align: center #. Click **☰** to open the menu on the Wazuh dashboard, go to **Server management** > **Security**, and then **Roles mapping** to open the page. diff --git a/source/user-manual/user-administration/single-sign-on/read-only/google.rst b/source/user-manual/user-administration/single-sign-on/read-only/google.rst index 53adbec13b..f7b37f037f 100644 --- a/source/user-manual/user-administration/single-sign-on/read-only/google.rst +++ b/source/user-manual/user-administration/single-sign-on/read-only/google.rst @@ -213,20 +213,11 @@ Wazuh dashboard configuration #. Select the newly created role. #. Select the **Mapped users** tab and click **Manage mapping**. #. Under **Backend roles**, add the value of the **Department** field you created in Google Workspace and click **Map** to confirm the action. In our case, the backend role is ``wazuh-readonly``. -#. Check the value of ``run_as`` in the ``/usr/share/wazuh-dashboard/data/wazuh/config/wazuh.yml`` configuration file. If ``run_as`` is set to ``false``, proceed to the next step. - .. code-block:: yaml - :emphasize-lines: 7 - - hosts: - - default: - url: https://localhost - port: 55000 - username: wazuh-wui - password: "" - run_as: false +#. Check the value of **Run as** in the API host entry configuration on **Dashboard management** > **Server APIs**. If **Run as** is set to ``false``, proceed to the next step. If **Run as** is set to ``true``, you need to add a role mapping on the Wazuh dashboard. To map the backend role to Wazuh, follow these steps: - If ``run_as`` is set to ``true``, you need to add a role mapping on the Wazuh dashboard. To map the backend role to Wazuh, follow these steps: + .. image:: /images/wazuh-dashboard/api-connections/wazuh-dashboard-check-api-connection-run-as.jpg + :align: center #. Click **☰** to open the menu on the Wazuh dashboard, go to **Server management** > **Security**, and then **Roles mapping** to open the page. diff --git a/source/user-manual/user-administration/single-sign-on/read-only/jumpcloud.rst b/source/user-manual/user-administration/single-sign-on/read-only/jumpcloud.rst index f4d2030169..d7d9d1f95b 100644 --- a/source/user-manual/user-administration/single-sign-on/read-only/jumpcloud.rst +++ b/source/user-manual/user-administration/single-sign-on/read-only/jumpcloud.rst @@ -250,20 +250,10 @@ Wazuh dashboard configuration #. Select the **Mapped users** tab and click **Manage mapping**. #. Under **Backend roles**, add the name of the group you created in JumpCloud and click **Map** to confirm the action. In our case, the backend role is ``wazuh-readonly``. -#. Check the value of ``run_as`` in the ``/usr/share/wazuh-dashboard/data/wazuh/config/wazuh.yml`` configuration file. If ``run_as`` is set to ``false``, proceed to the next step. +#. Check the value of **Run as** in the API host entry configuration on **Dashboard management** > **Server APIs**. If **Run as** is set to ``false``, proceed to the next step. If **Run as** is set to ``true``, you need to add a role mapping on the Wazuh dashboard. To map the backend role to Wazuh, follow these steps: - .. code-block:: yaml - :emphasize-lines: 7 - - hosts: - - default: - url: https://localhost - port: 55000 - username: wazuh-wui - password: "" - run_as: false - - If ``run_as`` is set to ``true``, you need to add a role mapping on the Wazuh dashboard. To map the backend role to Wazuh, follow these steps: + .. image:: /images/wazuh-dashboard/api-connections/wazuh-dashboard-check-api-connection-run-as.jpg + :align: center #. Click **☰** to open the menu on the Wazuh dashboard, go to **Server management** > **Security**, and then **Roles mapping** to open the page. diff --git a/source/user-manual/user-administration/single-sign-on/read-only/keycloak.rst b/source/user-manual/user-administration/single-sign-on/read-only/keycloak.rst index 31b147ce1e..0334d0a543 100644 --- a/source/user-manual/user-administration/single-sign-on/read-only/keycloak.rst +++ b/source/user-manual/user-administration/single-sign-on/read-only/keycloak.rst @@ -325,20 +325,11 @@ Wazuh dashboard configuration #. Select the newly created role. #. Select the **Mapped users** tab and click **Manage mapping**. #. Under **Backend roles**, add the value of the **Role name** attribute in Keycloak configuration and click **Map** to confirm the action. In our case, the backend role is ``wazuh-readonly``. -#. Check the value of ``run_as`` in the ``/usr/share/wazuh-dashboard/data/wazuh/config/wazuh.yml`` configuration file. If ``run_as`` is set to ``false``, proceed to the next step. - .. code-block:: yaml - :emphasize-lines: 7 - - hosts: - - default: - url: https://localhost - port: 55000 - username: wazuh-wui - password: "" - run_as: false +#. Check the value of **Run as** in the API host entry configuration on **Dashboard management** > **Server APIs**. If **Run as** is set to ``false``, proceed to the next step. If **Run as** is set to ``true``, you need to add a role mapping on the Wazuh dashboard. To map the backend role to Wazuh, follow these steps: - If ``run_as`` is set to ``true``, you need to add a role mapping on the Wazuh dashboard. To map the backend role to Wazuh, follow these steps: + .. image:: /images/wazuh-dashboard/api-connections/wazuh-dashboard-check-api-connection-run-as.jpg + :align: center #. Click **☰** to open the menu on the Wazuh dashboard, go to **Server management** > **Security**, and then **Roles mapping** to open the page. diff --git a/source/user-manual/user-administration/single-sign-on/read-only/microsoft-entra-id.rst b/source/user-manual/user-administration/single-sign-on/read-only/microsoft-entra-id.rst index 4c16f82e68..c4d68d7b8c 100644 --- a/source/user-manual/user-administration/single-sign-on/read-only/microsoft-entra-id.rst +++ b/source/user-manual/user-administration/single-sign-on/read-only/microsoft-entra-id.rst @@ -231,20 +231,10 @@ Wazuh dashboard configuration #. Select the **Mapped users** tab and click **Manage mapping**. #. Under **Backend roles**, add the value attribute of the app role you created in Microsoft Entra ID and click **Map** to confirm the action. In our case, the backend role is ``wazuh-readonly``. -#. Check the value of ``run_as`` in the ``/usr/share/wazuh-dashboard/data/wazuh/config/wazuh.yml`` configuration file. If ``run_as`` is set to ``false``, proceed to the next step. +#. Check the value of **Run as** in the API host entry configuration on **Dashboard management** > **Server APIs**. If **Run as** is set to ``false``, proceed to the next step. If **Run as** is set to ``true``, you need to add a role mapping on the Wazuh dashboard. To map the backend role to Wazuh, follow these steps: - .. code-block:: yaml - :emphasize-lines: 7 - - hosts: - - default: - url: https://localhost - port: 55000 - username: wazuh-wui - password: "" - run_as: false - - If ``run_as`` is set to ``true``, you need to add a role mapping on the Wazuh dashboard. To map the backend role to Wazuh, follow these steps: + .. image:: /images/wazuh-dashboard/api-connections/wazuh-dashboard-check-api-connection-run-as.jpg + :align: center #. Click **☰** to open the menu on the Wazuh dashboard, go to **Server management** > **Security**, and then **Roles mapping** to open the page. diff --git a/source/user-manual/user-administration/single-sign-on/read-only/okta.rst b/source/user-manual/user-administration/single-sign-on/read-only/okta.rst index 70291829e6..e0bdb5f389 100644 --- a/source/user-manual/user-administration/single-sign-on/read-only/okta.rst +++ b/source/user-manual/user-administration/single-sign-on/read-only/okta.rst @@ -246,20 +246,10 @@ Wazuh dashboard configuration #. Select the **Mapped users** tab and click **Manage mapping**. #. Under **Backend roles**, add the name of the read-only group you created in Okta and click **Map** to confirm the action. In our case, the backend role is ``wazuh-readonly``. -#. Check the value of ``run_as`` in the ``/usr/share/wazuh-dashboard/data/wazuh/config/wazuh.yml`` configuration file. If ``run_as`` is set to ``false``, proceed to the next step. +#. Check the value of **Run as** in the API host entry configuration on **Dashboard management** > **Server APIs**. If **Run as** is set to ``false``, proceed to the next step. If **Run as** is set to ``true``, you need to add a role mapping on the Wazuh dashboard. To map the backend role to Wazuh, follow these steps: - .. code-block:: yaml - :emphasize-lines: 7 - - hosts: - - default: - url: https://localhost - port: 55000 - username: wazuh-wui - password: "" - run_as: false - - If ``run_as`` is set to ``true``, you need to add a role mapping on the Wazuh dashboard. To map the backend role to Wazuh, follow these steps: + .. image:: /images/wazuh-dashboard/api-connections/wazuh-dashboard-check-api-connection-run-as.jpg + :align: center #. Click **☰** to open the menu on the Wazuh dashboard, go to **Server management** > **Security**, and then **Roles mapping** to open the page. diff --git a/source/user-manual/user-administration/single-sign-on/read-only/onelogin.rst b/source/user-manual/user-administration/single-sign-on/read-only/onelogin.rst index 559d610002..54ede109ba 100644 --- a/source/user-manual/user-administration/single-sign-on/read-only/onelogin.rst +++ b/source/user-manual/user-administration/single-sign-on/read-only/onelogin.rst @@ -245,20 +245,11 @@ Wazuh dashboard configuration #. Select the newly created role. #. Select the **Mapped users** tab and click **Manage mapping**. #. Under **Backend roles**, add the value of the **Department** field in OneLogin configuration and click **Map** to confirm the action. In our case, the backend role is ``wazuh-readonly``. -#. Check the value of ``run_as`` in the ``/usr/share/wazuh-dashboard/data/wazuh/config/wazuh.yml`` configuration file. If ``run_as`` is set to ``false``, proceed to the next step. - .. code-block:: yaml - :emphasize-lines: 7 - - hosts: - - default: - url: https://localhost - port: 55000 - username: wazuh-wui - password: "" - run_as: false +#. Check the value of **Run as** in the API host entry configuration on **Dashboard management** > **Server APIs**. If **Run as** is set to ``false``, proceed to the next step. If **Run as** is set to ``true``, you need to add a role mapping on the Wazuh dashboard. To map the backend role to Wazuh, follow these steps: - If ``run_as`` is set to ``true``, you need to add a role mapping on the Wazuh dashboard. To map the backend role to Wazuh, follow these steps: + .. image:: /images/wazuh-dashboard/api-connections/wazuh-dashboard-check-api-connection-run-as.jpg + :align: center #. Click **☰** to open the menu on the Wazuh dashboard, go to **Server management** > **Security**, and then **Roles mapping** to open the page. diff --git a/source/user-manual/user-administration/single-sign-on/read-only/pingone.rst b/source/user-manual/user-administration/single-sign-on/read-only/pingone.rst index 6271114824..4ac3a50a21 100644 --- a/source/user-manual/user-administration/single-sign-on/read-only/pingone.rst +++ b/source/user-manual/user-administration/single-sign-on/read-only/pingone.rst @@ -217,20 +217,10 @@ Wazuh dashboard configuration #. Select the **Mapped users** tab and click **Manage mapping**. #. Under **Backend roles**, add the name of the group you created in PingOne and click **Map** to confirm the action. In our case, the backend role is ``wazuh-readonly``. -#. Check the value of ``run_as`` in the ``/usr/share/wazuh-dashboard/data/wazuh/config/wazuh.yml`` configuration file. If ``run_as`` is set to ``false``, proceed to the next step. +#. Check the value of **Run as** in the API host entry configuration on **Dashboard management** > **Server APIs**. If **Run as** is set to ``false``, proceed to the next step. If **Run as** is set to ``true``, you need to add a role mapping on the Wazuh dashboard. To map the backend role to Wazuh, follow these steps: - .. code-block:: yaml - :emphasize-lines: 7 - - hosts: - - default: - url: https://localhost - port: 55000 - username: wazuh-wui - password: "" - run_as: false - - If ``run_as`` is set to ``true``, you need to add a role mapping on the Wazuh dashboard. To map the backend role to Wazuh, follow these steps: + .. image:: /images/wazuh-dashboard/api-connections/wazuh-dashboard-check-api-connection-run-as.jpg + :align: center #. Click **☰** to open the menu on the Wazuh dashboard, go to **Server management** > **Security**, and then **Roles mapping** to open the page. diff --git a/source/user-manual/wazuh-dashboard/config-file.rst b/source/user-manual/wazuh-dashboard/config-file.rst index e358d2a64b..bc94f95460 100644 --- a/source/user-manual/wazuh-dashboard/config-file.rst +++ b/source/user-manual/wazuh-dashboard/config-file.rst @@ -1,18 +1,69 @@ .. Copyright (C) 2015, Wazuh, Inc. .. meta:: - :description: The Wazuh dashboard includes a configuration file where you can define custom values for several options. Learn more about it in this section. + :description: The Wazuh dashboard includes configuration options to define custom settings. Learn more about it in this section. .. _wazuh_dashboard_config_file: -Configuration file -================== +Configuration +============= + +You can configure the Wazuh dashboard and plugins as follows: + +- **Wazuh dashboard settings**: You can edit the Wazuh dashboard configuration file. + + - ``/etc/wazuh-dashboard/opensearch_dashboards.yml`` for installations from packages. + - ``/usr/share/wazuh-dashboard/config/opensearch_dashoards.yml`` for Docker installations. + +- **Plugins settings**: Users with privileges to manage the Wazuh indexer security REST API can manage the plugins settings from the Wazuh dashboard. Wazuh stores the custom values in a saved object. + + - **Dashboard management** > **App Settings**: To customize several settings. + - **Dashboard management** > **Server APIs**: To customize API host entries. + +This section describes all the settings available for each location. + +Setup a configuration +--------------------- + +The management of the plugin settings can be done through the UI, but you can setup the current configuration using a configuration file with these methods too: + +- on start +- API + +.. warning:: + + Changing some settings through these methods could require some action to take effect. -The Wazuh dashboard includes a configuration file located at ``/usr/share/wazuh-dashboard/data/wazuh/config/wazuh.yml`` where you can define custom values for several options. This section describes all the settings available in this file. +On start +^^^^^^^^ -If you are using the Wazuh Kibana plugin, you can find this configuration file at ``/usr/share/kibana/data/wazuh/config/wazuh.yml``. +When the Wazuh dashboard starts, checks if there is a file located at ``/data/wazuh/config/wazuh.yml``. If this exists and there is not the configuration saved object, then will setup into it. -The configuration file shows the default values for all of the possible options. You can edit the file, uncomment any of them and apply the desired values. You can also edit these settings from the Wazuh dashboard in **Indexer/dashboard management** > **App Settings**. +API +^^^ + +Use the Wazuh dashboard API to setup the configuration: + +#. Define a configuration file according to the settings. + +#. Upload the configuration: + +.. code-block:: sh + + curl -k -u : --form file='@' -H 'xsrf:kibana' -XPOST
/utils/configuration/import + +where: + - `username`: username + - `password`: password for the user + - `config_file`: path to the configuration file + - `address`: URL address of the Wazuh dashboard host + +.. note:: + + The user must have privilegies to manage the rest API of Wazuh indexer. + +Configuration file +------------------ The configuration file reference is organized by sections: @@ -521,7 +572,7 @@ Set the footer of the PDF reports. To use an empty footer, type a space " " in t Example ------- -This is an example of the wazuh.yml configuration: +This is an example of the configuration file that can be used to load a configuration: .. code-block:: yaml @@ -589,3 +640,43 @@ This is an example of the wazuh.yml configuration: # Enrollment DNS enrollment.dns: '' enrollment.password: '' + + +Configuration of Wazuh dashboard +-------------------------------- + +wazuh_core.configuration.encryption_key +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +Define a key to encrypt some sensitive data stored in the configuration saved object. + ++--------------------+----------------------------+ +| **Default value** | secretencryptionkey! | ++--------------------+----------------------------+ +| **Allowed values** | Any string | ++--------------------+----------------------------+ + +.. warning:: + + Any change in this value could cause a problem if there was data stored that was encrypted with the previous key. + +wazuh_core.instance +^^^^^^^^^^^^^^^^^^^ + +Define the identifier of the Wazuh dashboard instance.This identifier is used to define the configuration saved object that will use the Wazuh dashboard instance. + +This allows to define independant or shared configuration for different Wazuh dashboard instances that uses the same Wazuh indexer backend. + ++--------------------+----------------------------+ +| **Default value** | wazuh-dashboard | ++--------------------+----------------------------+ +| **Allowed values** | Any string | ++--------------------+----------------------------+ + +.. warning:: + + Any change in this value could cause stored configuration previously is lost. + +.. warning:: + + When sharing the configuration of multiple instances of Wazuh dashboard and changing the settings from some instance, the changes could require some actions to take effect that should be applied in each instance that is sharing the configuration. diff --git a/source/user-manual/wazuh-dashboard/settings.rst b/source/user-manual/wazuh-dashboard/settings.rst index b8b7b74c00..f38b364b5a 100644 --- a/source/user-manual/wazuh-dashboard/settings.rst +++ b/source/user-manual/wazuh-dashboard/settings.rst @@ -22,7 +22,7 @@ In this section, you can list all your inserted API credentials. The star icon i Configuration ------------- -You can take a quick look at the Wazuh dashboard configuration file here. The documentation for the ``wazuh.yml`` file can be found in the config section. +You can take a quick look at the Wazuh dashboard configuration here. The documentation for configuration can be found in the config section. .. thumbnail:: ../../images/kibana-app/features/settings/configuration.png :align: center diff --git a/source/user-manual/wazuh-dashboard/troubleshooting.rst b/source/user-manual/wazuh-dashboard/troubleshooting.rst index 963e0586dd..45cae1ba4f 100644 --- a/source/user-manual/wazuh-dashboard/troubleshooting.rst +++ b/source/user-manual/wazuh-dashboard/troubleshooting.rst @@ -74,23 +74,6 @@ To ensure that Filebeat is correctly configured, run the following command: version: 7.10.2 - -Could not connect to API with id: default: 3003 - Missing param: API USERNAME ------------------------------------------------------------------------------ - -Starting Wazuh 4.0 the Wazuh API username variable changed from ``user`` to ``username``. It's necessary to change the credentials (foo:bar are no longer accepted) as well as the name of the variable in the ``/usr/share/wazuh-dashboard/data/wazuh/config/wazuh.yml`` configuration file. For example, the configuration can be: - -.. code-block:: console - - hosts: - - production: - url: https://localhost - port: 55000 - username: wazuh-wui - password: wazuh-wui - run_as: false - - "Wazuh API and Wazuh dashboard version mismatch" error is displayed ------------------------------------------------------------------- diff --git a/source/user-manual/wazuh-indexer/wazuh-indexer-indices.rst b/source/user-manual/wazuh-indexer/wazuh-indexer-indices.rst index 8ff1d9eec4..fe4804b3f0 100644 --- a/source/user-manual/wazuh-indexer/wazuh-indexer-indices.rst +++ b/source/user-manual/wazuh-indexer/wazuh-indexer-indices.rst @@ -105,11 +105,7 @@ This section describes creating a custom index pattern, ``my-custom-alerts-*``, The index name must not contain the characters ``#``, ``\``, ``/``, ``*``, ``?``, ``"``, ``<``, ``>``, ``|``, ``,``, and must not start with ``_``, ``-``, or ``+``. Also, all the letters must be lowercase. -#. (Optional) If you want to use the new index pattern by default, open the ``/usr/share/wazuh-dashboard/data/wazuh/config/wazuh.yml`` file and add the below configuration: - - .. code-block:: yaml - - pattern: my-custom-alerts-* +#. (Optional) If you want to use the new index pattern by default, on Wazuh dashboard go to **Dashboard management** > **App Settings** and edit the **pattern** setting with the ``my-custom-alerts-*`` and save the changes. This will make the Wazuh server automatically create and/or select the new index pattern.