Add built-in dashboards for Kibana

[jesusgn90]

Hi team,

Some users reported they are missing external dashboards. Wazuh did that before and from Kibana 6.2 we removed them. This task is designed for adding those dashboards but this time with some changes.

Dashboards

• [ ] Generic dashboard (overview of the environment)
  • [ ] Geo map visualization must be included here too
• [ ] File integrity monitoring
• [ ] Security configuration assessment
• [ ] Vulnerability detector
• [ ] Authentications (must be valid for both Linux and Windows agents)
• [ ] PCI DSS
• [ ] GDPR

Filebeat related

• [ ] Load the dashboards using the Filebeat module Regards

[ketsapiwiq]

Hi! First of all thanks a lot for Wazuh, it's really a great modernization upon OSSEC and a powerful use of ELK. I was also trying to get access to the inventory data from Elasticsearch / the vanilla Kibana Discovery tab and I discovered they are indeed in a sqlite file in the manager.

I was wondering if sending this data to Elasticsearch was as simple as using a Logstash SQLite input, or if there is a better way/a work in progress on this? Although this solution is probably suboptimal due to log redundancy I believe it would be a quick way to be able to create Kibana dashboards.

Second question I think is related to this issue: even though I don't quite understand yet how osquery and the Wazuh osquery module work, I don't get how to create/have osquery dashboards such as the example shown in the docs of the Filebeat osquery module. Is it similar to the case above, meaning do I need to ask osquery to directly communicate with Elasticsearch/Filebeat until there is a closer integration between Elasticsearch-osquery-wazuh ?

Thanks again for the time y'all are dedicating to this project!

[ketsapiwiq]

Small update just in case: sadly the Logstash sqlite plugin doesn't work for feeding the inventory info to Elasticsearch because it requires that any tables being watched must have an 'id' column that is monotonically increasing and there's no id column.