search

wazuh / wazuh-dashboard-plugins

Plugins for Wazuh Dashboard
https://wazuh.com/
GNU General Public License v2.0
413 stars 176 forks source link

Refine filter mechanism #6672

Closed asteriscos closed 1 month ago

asteriscos commented 2 months ago
Wazuh Rev
4.9.0 00

Description

After testing all main features integrated we detected some odd behaviors that need fixing.

Tasks

Machi3mfl commented 2 months ago

In the Vulnerabilities module, when we change the index pattern the view doesn't render any visualization

https://github.com/wazuh/wazuh-dashboard-plugins/pull/6674

Before

https://github.com/wazuh/wazuh-dashboard-plugins/assets/6089438/ed472a58-a6e7-4da9-b577-4074572a0e14

This error

Screenshot 2024-05-15 at 11 42 51

After

https://github.com/wazuh/wazuh-dashboard-plugins/assets/6089438/b7756ab9-a9d6-479a-9387-7ffd0ebff7a7

Machi3mfl commented 1 month ago

Fix modules redirections with predefined filters via URL

Tasks

Current solution

  1. Using the getUrlForApp to get the redirect href

<EuiButtonEmpty
                iconType='popout'
                aria-label='popout'
                href={getCore().application.getUrlForApp(threatHunting.id, {
                  path: `#/overview/?tab=general&tabView=panels&addRuleFilter=1001`
                })}
                target='blank'
              >
                View alerts of this Rule
              </EuiButtonEmpty>
  1. In plugins/wazuh/public/services/common-data.js, globally check the URL query, search the addRuleFilter and add directly to the filter manager the filter
const regex = new RegExp('addRuleFilter=' + '[^&]*');
      const match = this.$window.location.href.match(regex);
      if (match && match[0]) {
        const id = match[0].split('=')[1];
        let filter = filterHandler.ruleIdQuery(id);
        filter.$state.isImplicit = false;
        filters.push(filter);
        this.$window.location.href = this.$window.location.href.replace(
          regex,
          '',
        );
      }

Disadvantages

 Possible solutions

     // redirect manager or something 

    redirector.redirectToApp({
      tab: 'general',
      tabView: 'panels',
     applicationId: 'threat-hunting',
    filters: [{ key: 'rule.id', value: '1001' }]
    })

Then this service construct the URL with the params like:

Problem

When the URL is refreshed using enter or F5 the a_ content is cleaned

For instance: 


getCore().application.getUrlForApp(threatHunting.id, {
                  path: `#/overview/?tab=general&tabView=panels&filters='ruleId=1001&ruleMitreId=T100`
                })

Then, when the data source is loaded the data source filter manager gets the query params, creates the filters and add on it.

lucianogorza commented 1 month ago

Proposals to display implicit filters in the search bar

Currently, to display the implicit filters, the search bar component native to OpenSearch is manipulated and the close buttons for the filter badges are removed. This practice sometimes results in incorrect functionality because we are interfering with the behavior of a component outside our control.

To achieve a stable behavior for displaying implicit filters, the following alternatives are proposed.

All options have the same technical solution but with different visual proposals.

Option 1: Show all implicit filterswithout the close button

This option, visually, is identical to how it is currently displayed, but technically the solution is different. We would be hiding the implicit filters from the native search bar and adding them as components of our application outside the bar in the DOM.

image

Option 2: Show all implicit filters without the close button and with another background color

image

Option 3: Hide the implicit filters and show a Tooltip to display the info

image

Option 4: Hide the implicit filters and show a Popover to display the info

image

Due to the scope and size of the proposed solution, we decided to create another issue to continue the development: https://github.com/wazuh/wazuh-dashboard-plugins/issues/6711