Closed Desvelao closed 3 years ago
rule.level:7
-> Go to Module/Events" Filters shouldn't changerule.level:7
and make it pinned -> Go to Module/Events" Filters shouldn't changerule.level:7
-> Go to Module/FIM/Dashboard" The filter "rule.level:7" is removedrule.level:7
and make it pinned -> Go to Module/FIM/Dashboard" The filter "rule.level:7" persistsrule.level:7
-> Go to Module/FIM/Dashboard" The filter "rule.level:7" is removedrule.level:7
and make it pinned -> Go to Module/FIM/Dashboard" The filter "rule.level:7" persistsrule.level:7
-> Go to Module/Dashboard" Filters shouldn't changerule.level:7
and make it pinned -> Go to Module/Dashboard" Filters shouldn't changerule.level:7
-> Go to Agent any Module/Dashboard" The filter "rule.level:7" is removedrule.level:7
and make it pinned -> Go to Agent any Module/Dashboard" The filter "rule.level:7" persistsrule.level:7
-> Go to Agent any Module/Events" Filters shouldn't changerule.level:7
and make it pinned -> Go to Agent any Module/Events" Filters shouldn't changerule.level:7
-> Go to Agent FIM/Dashboard" The filter "rule.level:7" is removedrule.level:7
and make it pinned -> Go to Agent FIM/Dashboard" The filter "rule.level:7" persistsrule.level:7
-> Go to Agent FIM/Dashboard" The filter "rule.level:7" is removedrule.level:7
and make it pinned -> Go to Agent FIM/Dashboard" The filter "rule.level:7" persistsrule.level:7
-> Go to Agent any Module/Dashboard" Filters shouldn't changerule.level:7
and make it pinned -> Go to Agent any Module/Dashboard" Filters shouldn't changerule.level:7
-> Go to Module/Dashboard" The filter "rule.level:7" is removedrule.level:7
and make it pinned -> Go to Module/FIM/Dashboard" The filter "rule.level:7" persistsIf admin mode is enabled:
More menu
.rule.level:7
-> Go to Module/Events" Filters shouldn't changerule.level:7
and make it pinned -> Go to Module/Events" Filters shouldn't changerule.level:7
-> Go to Module/FIM/Dashboard" The filter "rule.level:7" is removedrule.level:7
and make it pinned -> Go to Module/FIM/Dashboard" The filter "rule.level:7" persistsrule.level:7
-> Go to Module/FIM/Dashboard" The filter "rule.level:7" is removedrule.level:7
and make it pinned -> Go to Module/FIM/Dashboard" The filter "rule.level:7" persistsrule.level:7
-> Go to Module/Dashboard" Filters shouldn't changerule.level:7
and make it pinned -> Go to Module/Dashboard" Filters shouldn't changerule.level:7
-> Go to Agent any Module/Dashboard" The filter "rule.level:7" is removedrule.level:7
and make it pinned -> Go to Agent any Module/Dashboard" The filter "rule.level:7" persistsrule.level:7
-> Go to Agent any Module/Events" Filters shouldn't changerule.level:7
and make it pinned -> Go to Agent any Module/Events" Filters shouldn't changerule.level:7
-> Go to Agent FIM/Dashboard" The filter "rule.level:7" is removedrule.level:7
and make it pinned -> Go to Agent FIM/Dashboard" The filter "rule.level:7" persistsrule.level:7
-> Go to Agent FIM/Dashboard" The filter "rule.level:7" is removedrule.level:7
and make it pinned -> Go to Agent FIM/Dashboard" The filter "rule.level:7" persistsrule.level:7
-> Go to Agent any Module/Dashboard" Filters shouldn't changerule.level:7
and make it pinned -> Go to Agent any Module/Dashboard" Filters shouldn't changerule.level:7
-> Go to Module/Dashboard" The filter "rule.level:7" is removedrule.level:7
and make it pinned -> Go to Module/FIM/Dashboard" The filter "rule.level:7" persistsIf admin mode is enabled:
More menu
.wazuh.yml
.[x] Monitoring
wazuh-agent
template[x] Statistics
[x] Installing the plugin using kibana-plugin install file:///wazuhapp.zip
should work.
[x] Installing the plugin using kibana-plugin install https://plugin/url/wazuhapp.zip
should work.
alerts
, monitoring
and statistics
index pattern should be created in the health check
run_as
host setting using the authentication context. Create a user and assign a specific role. For example, a user with the readonly
Wazuh API role.administrator
role.alerts
, monitoring
and statistics
index pattern should be created in the health check
run_as
host setting using the authentication context. Create a user and assign a specific role. For example, a user with the readonly
Wazuh API role.administrator
role.The table pagination doesn't work in SCA check list When a page number is clicked.
Update: PR to resolve: https://github.com/wazuh/wazuh-kibana-app/pull/2815
The Kibana pop up should not be displayed
Update: PR to resolve https://github.com/wazuh/wazuh-kibana-app/pull/2806
When you try to change a rule or decoder and restart the cluster this happens
Update: PR to resolve #2820
RBAC fails to provide access to specific agents
A user with access to a limited number of agents (2 out of 4) gets a correct agent count in the "Modules overview" page but can't access the Agents section (and in consequence can't see the agents summary or SCA information).
A very common use-case is to provide access to a group of agents to specific users associated with those endpoints (departments, MSSP customers, etc)
PR #2838
Related to what is mentioned here the Rows per page
selector doesn't work (it's always stuck at 10 rows):
Update: PR to resolve: https://github.com/wazuh/wazuh-kibana-app/pull/2815
Selecting Security configuration assessment
breaks the formatting of the Modules directory in the drop-down menu.
I mean that the Auditing and Policy Monitoring
section of modules gets moved to a second row below the Security information management
section.
@ s-ocando This is the current behavior for this section, we agree that an enhancement is needed, but we will work out of this issue in a future sprint. Please feel free to open an enhancement issue with this approach.
Thanks for reporting!
Update: It was tested in 4.0.3 4014, but it works on 4.0.4 4015
I'm attaching a gif to show the current RBAC behaviour (app version 4.0.4-7.9.1 revision 4015). A user is able to see the list of its allowed agents, at first is only able to see agent 001 and by adding permissions to read agent 002 it appears in its list after refreshing. This feature is currently malfunctioning in app 4.0.4-7.10.0 revision 4016.
I'm attaching a gif to show the current RBAC behaviour (app version 4.0.4-7.9.1 revision 4015). A user is able to see the list of its allowed agents, at first is only able to see agent 001 and by adding permissions to read agent 002 it appears in its list after refreshing. This feature is currently malfunctioning in app 4.0.4-7.10.0 revision 4016.
You're right, we are working on this issue right now. Thank you very much.
Selecting
Security configuration assessment
breaks the formatting of the Modules directory in the drop-down menu.
@jctello I can't reproduce it in Chrome in any reasonable resolution
PR #2861
Selecting
Security configuration assessment
breaks the formatting of the Modules directory in the drop-down menu.@jctello I can't reproduce it in Chrome in any reasonable resolution
can you share what browser and resolution are you using to check it, please?
Yes, this observed only on Firefox (I'm using 84.0.2) on Linux. It is not observed on Chromium (on Linux) or Firefox 83 on Windows.
The search functionality in file editor is gone. To reproduce go to Management > Configuration > Edit configuration, click on the text box and press Ctrl+F. On the previous version this would give a handy search box within the file. Console output is:
GEThttps://192.168.40.4/app/ext-searchbox.js
[HTTP/1.1 200 OK 22ms]
The script from “https://192.168.40.4/app/ext-searchbox.js” was loaded even though its MIME type (“text/html”) is not a valid JavaScript MIME type. wazuh
Some cookies are misusing the recommended “SameSite“ attribute 2
Uncaught SyntaxError: expected expression, got '<' ext-searchbox.js:1
Uncaught TypeError: t is undefined
exec https://192.168.40.4/35949/bundles/kbn-ui-shared-deps/kbn-ui-shared-deps.js:380
s https://192.168.40.4/35949/bundles/kbn-ui-shared-deps/kbn-ui-shared-deps.js:380
s https://192.168.40.4/35949/bundles/kbn-ui-shared-deps/kbn-ui-shared-deps.js:380
i https://192.168.40.4/35949/bundles/kbn-ui-shared-deps/kbn-ui-shared-deps.js:380
o https://192.168.40.4/35949/bundles/kbn-ui-shared-deps/kbn-ui-shared-deps.js:380
s https://192.168.40.4/35949/bundles/kbn-ui-shared-deps/kbn-ui-shared-deps.js:380
onreadystatechange https://192.168.40.4/35949/bundles/kbn-ui-shared-deps/kbn-ui-shared-deps.js:380
loadScript https://192.168.40.4/35949/bundles/kbn-ui-shared-deps/kbn-ui-shared-deps.js:380
loadModule https://192.168.40.4/35949/bundles/kbn-ui-shared-deps/kbn-ui-shared-deps.js:380
exec https://192.168.40.4/35949/bundles/kbn-ui-shared-deps/kbn-ui-shared-deps.js:380
a https://192.168.40.4/35949/bundles/kbn-ui-shared-deps/kbn-ui-shared-deps.js:380
_dispatchEvent https://192.168.40.4/35949/bundles/kbn-ui-shared-deps/kbn-ui-shared-deps.js:380
exec https://192.168.40.4/35949/bundles/kbn-ui-shared-deps/kbn-ui-shared-deps.js:380
$callKeyboardHandlers https://192.168.40.4/35949/bundles/kbn-ui-shared-deps/kbn-ui-shared-deps.js:380
onCommandKey https://192.168.40.4/35949/bundles/kbn-ui-shared-deps/kbn-ui-shared-deps.js:380
onCommandKey https://192.168.40.4/35949/bundles/kbn-ui-shared-deps/kbn-ui-shared-deps.js:380
l https://192.168.40.4/35949/bundles/kbn-ui-shared-deps/kbn-ui-shared-deps.js:380
addCommandKeyListener https://192.168.40.4/35949/bundles/kbn-ui-shared-deps/kbn-ui-shared-deps.js:380
kbn-ui-shared-deps.js:380:1175239
PR #2843
The Techniques
container for the MITRE's Framework tab goes out of the window size. This could be happening in the Modules
> PCI DSS
GDPR
HIPAA
NIST 800-53
and TSC
Controls' tabs too.
PR #2861
The statistics
indices are being wrongly created with:
1 shard
1 replica
Ignore the configuration.
This should be fixed here https://github.com/wazuh/wazuh-kibana-app/pull/2779, but it not working in my environment.
PR #2865
Hi team! Testing the app I have found an error when you pinned a filter and then going to Agents section. When you return to any "Module" the dashboard is not displayed.
PR #2864
Click in the rule details links don't add a filter in the Management > Rules search bar when access from Modules/any/Events
How to reproduce:
We need to move the Wazuh menu upper in the Kibana menu
wazuh-alerts-*
as the default index pattern when it's created.
PR #2867
PDF reporting can reflect wrong filters as reported here: https://github.com/wazuh/wazuh-kibana-app/issues/2874
Description Testing.
Test with browsers:
Test with the theme:
Checks: