search

wazuh / wazuh-dashboard-plugins

Plugins for Wazuh Dashboard
https://wazuh.com/
GNU General Public License v2.0
412 stars 175 forks source link

Active response displays wrong status #6801

Open Desvelao opened 3 weeks ago

Desvelao commented 3 weeks ago

Description

The active response status is displayed as disabled when it should be enabled.

Defining or not the the disabled property causes the same behaviour on the UI

<disabled>no</disabled>

the UI displays the active response is disabled.

Screenshots image

Desvelao commented 3 weeks ago

Research

I was researching this on 4.8.0 and it seems there is a different behavior in the API responses and the expected API response by the UI.

The Status of this active response render depends on the disabled property of the API response:

https://github.com/wazuh/wazuh-dashboard-plugins/blob/v4.8.0-2.10.0/plugins/main/public/controllers/management/components/management/configuration/active-response/active-response-active-response.js#L29-L33 https://github.com/wazuh/wazuh-dashboard-plugins/blob/v4.8.0-2.10.0/plugins/main/public/controllers/management/components/management/configuration/utils/utils.js#L136-L137

I tried to configure the active response:

Case 1: no define disabled property

  <active-response>
    <command>host-deny</command>
    <location>local</location>
    <level>7</level>
    <timeout>600</timeout>
  </active-response>

The UI displays the status of the active response as disabled. The API response does not include the disabled property. image

Case 2: define disabled as no

  <active-response>
    <disabled>no</disabled>
    <command>host-deny</command>
    <location>local</location>
    <level>7</level>
    <timeout>600</timeout>
  </active-response>

The UI displays the status of the active response as disabled. The API response does not include the disabled property.

image

Case 3: define disabled as yes

  <active-response>
    <disabled>yes</disabled>
    <command>host-deny</command>
    <location>local</location>
    <level>7</level>
    <timeout>600</timeout>
  </active-response>

The API response does not include the active response.

image

The API request to display the configuration of the API response are:

In summary, the UI is expecting the disabled property to render the status of the active response, but this is not included in the API response.

We should talk with @wazuh/devel-pyserver to clarify the expected behavior and the API responses.