Integrations maintenance request

wazuh / wazuh-indexer

Wazuh indexer, the Wazuh search engine

https://opensearch.org/docs/latest/opensearch/index/

Apache License 2.0

11 stars 19 forks source link

Integrations maintenance request #445

Closed mcasas993 closed 1 month ago

mcasas993 commented 1 month ago

Description

The Wazuh Indexer team is responsible for the maintenance of the third-party integrations hosted in the wazuh/wazuh-indexer repository. We must ensure these integrations work under new releases of the third-party software (Splunk, OpenSearch, Logstash) and our own.

For that, we need to:

[x] Update our testing environments to verify the integrations work under new versions.

Issues

List here the detected issues

mcasas993 commented 1 month ago

Opensearch Integration

We test seven dashboards.

wazuh-vulnerabilities-v1.0

wazuh-security-events-v1.0

wazuh-pci-dss-v1.0

wazuh-malware-detection-v1.0

wazuh-incident-response-v1.0

wazuh-amazon-aws-v1.0

wazuh-docker-listener-v1.0

mcasas993 commented 1 month ago

When I go to Discover section to search data for the Docker Dashboard, I found this error:

illegal_argument_exception
Field [data.osquery.calendarTime] of type [keyword] does not support custom formats
Error: Bad Request
    at fetch_Fetch.fetchResponse (https://localhost:5602/7969/bundles/core/core.entry.js:15:392113)
    at async interceptResponse (https://localhost:5602/7969/bundles/core/core.entry.js:15:386867)
    at async https://localhost:5602/7969/bundles/core/core.entry.js:15:389834

mcasas993 commented 1 month ago

Elasticsearch Integration

We test seven dashboards.

wazuh-vulnerabilities-v1.0

wazuh-security-events-v1.0

wazuh-pci-dss-v1.0

wazuh-malware-detection-v1.0

wazuh-incident-response-v1.0

wazuh-amazon-aws-v1.0

wazuh-docker-listener-v1.0 It has a warning message: The "data.docker.Actor.ID" field can not be used for filtering. I supposed that is not normal.