Merge pull request #3557 from wazuh/feat/3372-github-module

[Module] [GitHub] Add the module

CHANGELOG.md

@@ -11,7 +11,8 @@ All notable changes to the Wazuh app project will be documented in this file.
 - Improved the frontend handle errors strategy: UI, Toasts, console log and log in file 
   [#3327](https://github.com/wazuh/wazuh-kibana-app/pull/3327) 
   [#3321](https://github.com/wazuh/wazuh-kibana-app/pull/3321) 
-  [#3367](https://github.com/wazuh/wazuh-kibana-app/pull/3367) 
+  [#3367](https://github.com/wazuh/wazuh-kibana-app/pull/3367)
+  [#3373](https://github.com/wazuh/wazuh-kibana-app/pull/3373)
   [#3374](https://github.com/wazuh/wazuh-kibana-app/pull/3374) 
   [#3390](https://github.com/wazuh/wazuh-kibana-app/pull/3390)  
   [#3410](https://github.com/wazuh/wazuh-kibana-app/pull/3410) 
@@ -36,17 +37,26 @@ All notable changes to the Wazuh app project will be documented in this file.
   [#3478](https://github.com/wazuh/wazuh-kibana-app/pull/3478)
 - Added fields status and type in vulnerabilities table [#3196](https://github.com/wazuh/wazuh-kibana-app/pull/3196)
 - Added Intelligence tab to Mitre Att&ck module [#3368](https://github.com/wazuh/wazuh-kibana-app/pull/3368) [#3344](https://github.com/wazuh/wazuh-kibana-app/pull/3344)
+- Added sample data for office365 events [#3424](https://github.com/wazuh/wazuh-kibana-app/pull/3424)
+- Created a separate component to check for sample data [#3475](https://github.com/wazuh/wazuh-kibana-app/pull/3475)
+- Added a new hook for getting value suggestions [#3506](https://github.com/wazuh/wazuh-kibana-app/pull/3506)
+- Added dinamic simple filters and adding simple GitHub filters fields [3531](https://github.com/wazuh/wazuh-kibana-app/pull/3531)
+- Added configuration viewer for Module Office365 on Management > Configuration [#3524](https://github.com/wazuh/wazuh-kibana-app/pull/3524)
+- Added base Module Panel view with Office365 setup [#3518](https://github.com/wazuh/wazuh-kibana-app/pull/3518)
+- Added specifics and custom filters for Office365 search bar [#3533](https://github.com/wazuh/wazuh-kibana-app/pull/3533)
+- Adding Pagination and filter to drilldown tables at Office pannel [#3544](https://github.com/wazuh/wazuh-kibana-app/pull/3544).
+- Simple filters change between panel and drilldown panel [#3568](https://github.com/wazuh/wazuh-kibana-app/pull/3568).
 - Added new fields in Inventory table and Flyout Details [#3525](https://github.com/wazuh/wazuh-kibana-app/pull/3525)
 
 ### Changed
 
 - Changed ossec to wazuh in sample-data [#3121](https://github.com/wazuh/wazuh-kibana-app/pull/3121)
 - Changed empty fields in FIM tables and `syscheck.value_name` in discovery now show an empty tag for visual clarity [#3279](https://github.com/wazuh/wazuh-kibana-app/pull/3279)
 - Adapted the Mitre tactics and techniques resources to use the API endpoints [#3346](https://github.com/wazuh/wazuh-kibana-app/pull/3346)
-- Refactored all try catch strategy on Settings section [#3392](https://github.com/wazuh/wazuh-kibana-app/pull/3392)
-- Refactored all try catch strategy on Controller/Agent section [#3404](https://github.com/wazuh/wazuh-kibana-app/pull/3404)
-- Refactored all try catch value of context for ErrorOrchestrator service. [#3432](https://github.com/wazuh/wazuh-kibana-app/pull/3432)
-- Refactored all try catch strategy on Controller/Groups section [#3415](https://github.com/wazuh/wazuh-kibana-app/pull/3415)
+- Moved the filterManager subscription to the hook useFilterManager [#3517](https://github.com/wazuh/wazuh-kibana-app/pull/3517)
+- Change filter from is to is one of in custom searchbar [#3529](https://github.com/wazuh/wazuh-kibana-app/pull/3529)
+- Refactored as module tabs and buttons are rendered [#3494](https://github.com/wazuh/wazuh-kibana-app/pull/3494)
+- Added time subscription to Discover component [#3549](https://github.com/wazuh/wazuh-kibana-app/pull/3549)
 - Refactored as module tabs and buttons are rendered [#3494](https://github.com/wazuh/wazuh-kibana-app/pull/3494)
 - Testing logs using the Ruletest Test don't display the rule information if not matching a rule. [#3446](https://github.com/wazuh/wazuh-kibana-app/pull/3446)
 - Changed format permissions in FIM inventory [#3649](https://github.com/wazuh/wazuh-kibana-app/pull/3649)
@@ -55,6 +65,7 @@ All notable changes to the Wazuh app project will be documented in this file.
 
 - Fixed creation of log files [#3384](https://github.com/wazuh/wazuh-kibana-app/pull/3384) 
 - Fixed double fetching alerts count when pinnin/unpinning the agent in Mitre Att&ck/Framework [#3484](https://github.com/wazuh/wazuh-kibana-app/pull/3484)
+- Query config refactor [#3490](https://github.com/wazuh/wazuh-kibana-app/pull/3490)
 - Fixed rules and decoders test flyout clickout event [#3412](https://github.com/wazuh/wazuh-kibana-app/pull/3412)
 - Notify when you are registering an agent without permissions [#3430](https://github.com/wazuh/wazuh-kibana-app/pull/3430)
 - Remove not used `redirectRule` query param when clicking the row table on CDB Lists/Decoders [#3438](https://github.com/wazuh/wazuh-kibana-app/pull/3438)

README.md

@@ -20,6 +20,8 @@ This plugin for Kibana allows you to visualize and analyze Wazuh alerts stored i
         - Security events: Browse through your security alerts, identifying issues and threats in your environment.
         - Integrity monitoring: Alerts related to file changes, including permissions, content, ownership and attributes.
         - Amazon AWS: Security events related to your Amazon AWS services, collected directly via AWS API.
+        - Office 365: Security events related to your Office 365 services.
+        - GitHub: Security events related to your GitHub organizations, collected via GitHub audit logs API.
         - Google Cloud Platform: Security events related to your Google Cloud Platform services, collected directly via GCP API.
     - Auditing and Policy Monitoring
         - Policy monitoring: Verify that your systems are configured according to your security policies baseline.

common/constants.ts

@@ -64,12 +64,14 @@ export const WAZUH_SAMPLE_ALERTS_CATEGORIES_TYPE_ALERTS = {
   [WAZUH_SAMPLE_ALERTS_CATEGORY_SECURITY]: [
     { syscheck: true },
     { aws: true },
+    { office: true },
     { gcp: true },
     { authentication: true },
     { ssh: true },
     { apache: true, alerts: 2000 },
     { web: true },
     { windows: { service_control_manager: true }, alerts: 1000 },
+    { github: true }
   ],
   [WAZUH_SAMPLE_ALERTS_CATEGORY_AUDITING_POLICY_MONITORING]: [
     { rootcheck: true },
@@ -193,6 +195,8 @@ export const WAZUH_DEFAULT_APP_CONFIG = {
   'extensions.oscap': false,
   'extensions.ciscat': false,
   'extensions.aws': false,
+  'extensions.office': false,
+  'extensions.github': false,
   'extensions.gcp': false,
   'extensions.virustotal': false,
   'extensions.osquery': false,
@@ -241,6 +245,7 @@ export enum WAZUH_MODULES_ID {
   SECURITY_EVENTS = 'general',
   INTEGRITY_MONITORING = 'fim',
   AMAZON_WEB_SERVICES = 'aws',
+  OFFICE_365 = 'office',
   GOOGLE_CLOUD_PLATFORM = 'gcp',
   POLICY_MONITORING = 'pm',
   SECURITY_CONFIGURATION_ASSESSMENT = 'sca',
@@ -257,7 +262,8 @@ export enum WAZUH_MODULES_ID {
   CIS_CAT = 'ciscat',
   VIRUSTOTAL = 'virustotal',
   GDPR = 'gdpr',
-}
+  GITHUB = 'github'
+};
 
 export enum WAZUH_MENU_MANAGEMENT_SECTIONS_ID {
   MANAGEMENT = 'management',
@@ -274,19 +280,19 @@ export enum WAZUH_MENU_MANAGEMENT_SECTIONS_ID {
   LOGS = 'logs',
   REPORTING = 'reporting',
   STATISTICS = 'statistics',
-}
+};
 
 export enum WAZUH_MENU_TOOLS_SECTIONS_ID {
   API_CONSOLE = 'devTools',
   RULESET_TEST = 'logtest',
-}
+};
 
 export enum WAZUH_MENU_SECURITY_SECTIONS_ID {
   USERS = 'users',
   ROLES = 'roles',
   POLICIES = 'policies',
   ROLES_MAPPING = 'roleMapping',
-}
+};
 
 export enum WAZUH_MENU_SETTINGS_SECTIONS_ID {
   SETTINGS = 'settings',
@@ -297,7 +303,7 @@ export enum WAZUH_MENU_SETTINGS_SECTIONS_ID {
   LOGS = 'logs',
   MISCELLANEOUS = 'miscellaneous',
   ABOUT = 'about',
-}
+};
 
 export const AUTHORIZED_AGENTS = 'authorized-agents';
 
@@ -340,3 +346,4 @@ export const UI_TOAST_COLOR = {
   WARNING: 'warning',
   DANGER: 'danger',
 };
+

common/wazu-menu/wz-menu-overview.cy.ts

@@ -30,4 +30,6 @@ export enum WAZUH_MENU_MODULES_SECTIONS_CY_TEST_ID {
   CIS_CAT = 'menuModulesCiscatLink',
   VIRUSTOTAL = 'menuModulesVirustotalLink',
   GDPR = 'menuModulesGdprLink',
+  GITHUB = 'menuModulesGitHubLink',
+  OFFICE_365 = 'menuModulesOfficeLink'
 }

common/wazuh-modules.ts

@@ -75,6 +75,11 @@ export const WAZUH_MODULES = {
     description:
       'Security events related to your Amazon AWS services, collected directly via AWS API.'
   },
+  office: {
+    title: 'Office 365',
+    description:
+      'Security events related to your Office 365 services.'
+  },
   gcp: {
     title: 'Google Cloud Platform',
     description:
@@ -118,6 +123,11 @@ export const WAZUH_MODULES = {
     description:
       'Monitor and collect the activity from Docker containers such as creation, running, starting, stopping or pausing events.'
   },
+  github: {
+    title: 'GitHub',
+    description:
+      'Monitoring events from audit logs of your GitHub organizations.'
+  },
   devTools: {
     title: 'API console',
     description: 'Test the Wazuh API endpoints.'

public/components/add-modules-data/guides/office.js

@@ -0,0 +1,181 @@
+/*
+* Wazuh app - Office365 interactive extension guide
+* Copyright (C) 2015-2021 Wazuh, Inc.
+*
+* This program is free software; you can redistribute it and/or modify
+* it under the terms of the GNU General Public License as published by
+* the Free Software Foundation; either version 2 of the License, or
+* (at your option) any later version.
+*
+* Find more information about this on the LICENSE file.
+*/
+export default {
+  id: 'office',
+  name: 'Office 365',
+  wodle_name: 'office',
+  description: 'Configuration options of the Office 365 wodle.',
+  category: 'Security information management',
+  documentation_link: 'https://documentation.wazuh.com/current/user-manual/reference/ossec-conf/wodle-s3.html',
+  icon: 'logoOfficeMono',
+  avaliable_for_manager: true,
+  avaliable_for_agent: true,
+  steps: [
+    // {
+    //   title: 'Required settings',
+    //   description: '',
+    //   elements: [
+    //     {
+    //       name: 'disabled',
+    //       description: `Disables the AWS-S3 wodle.`,
+    //       type: 'switch',
+    //       required: true
+    //     },
+    //     {
+    //       name: 'interval',
+    //       description: 'Frequency for reading from the S3 bucket.',
+    //       type: 'input',
+    //       required: true,
+    //       placeholder: 'Positive number with suffix character indicating a time unit',
+    //       default_value: '10m',
+    //       validate_error_message: 'A positive number that should contain a suffix character indicating a time unit, such as, s (seconds), m (minutes), h (hours), d (days). e.g. 10m',
+    //       validate_regex: /^[1-9]\d*[s|m|h|d]$/
+    //     },
+    //     {
+    //       name: 'run_on_start',
+    //       description: 'Run evaluation immediately when service is started.',
+    //       type: 'switch',
+    //       required: true,
+    //       default_value: true
+    //     },
+
+    //   ]
+    // },
+    // {
+    //   title: 'Optional settings',
+    //   description: '',
+    //   elements: [
+    //     {
+    //       name: 'remove_from_bucket',
+    //       description: 'Define if you want to remove logs from your S3 bucket after they are read by the wodle.',
+    //       type: 'switch',
+    //       default_value: true
+    //     },
+    //     {
+    //       name: 'skip_on_error',
+    //       description: 'When unable to process and parse a CloudTrail log, skip the log and continue processing',
+    //       type: 'switch',
+    //       default_value: true
+    //     }
+    //   ]
+    // },
+    // {
+    //   title: 'Buckets',
+    //   description: 'Defines one or more buckets to process.',
+    //   elements: [
+    //     {
+    //       name: 'bucket',
+    //       description: 'Defines a bucket to process.',
+    //       removable: true,
+    //       required: true,
+    //       repeatable: true,
+    //       repeatable_insert_first: true,
+    //       repeatable_insert_first_properties: {
+    //         removable: false
+    //       },
+    //       validate_error_message: 'Any directory or file name.',
+    //       show_attributes: true,
+    //       attributes: [
+    //         {
+    //           name: 'type',
+    //           description: 'Specifies type of bucket.',
+    //           info: 'Different configurations as macie has custom type.',
+    //           type: 'select',
+    //           required: true,
+    //           values: [
+    //             {value: 'cloudtrail', text: 'cloudtrail'},
+    //             {value: 'guardduty', text: 'guardduty'},
+    //             {value: 'vpcflow', text: 'vpcflow'},
+    //             {value: 'config', text: 'config'},
+    //             {value: 'custom', text: 'custom'}
+    //           ],
+    //           default_value: 'cloudtrail'
+    //         }
+    //       ],
+    //       show_options: true,
+    //       options: [
+    //         {
+    //           name: 'name',
+    //           description: 'Name of the S3 bucket from where logs are read.',
+    //           type: 'input',
+    //           required: true,
+    //           placeholder: 'Name of the S3 bucket'
+    //         },
+    //         {
+    //           name: 'aws_account_id',
+    //           description: 'The AWS Account ID for the bucket logs. Only works with CloudTrail buckets.',
+    //           type: 'input',
+    //           placeholder: 'Comma list of 12 digit AWS Account ID'
+    //         },
+    //         {
+    //           name: 'aws_account_alias',
+    //           description: 'A user-friendly name for the AWS account.',
+    //           type: 'input',
+    //           placeholder: 'AWS account user-friendly name'
+    //         },
+    //         {
+    //           name: 'access_key',
+    //           description: 'The access key ID for the IAM user with the permission to read logs from the bucket.',
+    //           type: 'input',
+    //           placeholder: 'Any alphanumerical key.'
+    //         },
+    //         {
+    //           name: 'secret_key',
+    //           description: 'The secret key created for the IAM user with the permission to read logs from the bucket.',
+    //           type: 'input',
+    //           placeholder: 'Any alphanumerical key.'
+    //         },
+    //         {
+    //           name: 'aws_profile',
+    //           description: 'A valid profile name from a Shared Credential File or AWS Config File with the permission to read logs from the bucket.',
+    //           type: 'input',
+    //           placeholder: 'Valid profile name'
+    //         },
+    //         {
+    //           name: 'iam_role_arn',
+    //           description: 'A valid role arn with permission to read logs from the bucket.Valid role arn',
+    //           type: 'input',
+    //           placeholder: 'Valid role arn'
+    //         },
+    //         {
+    //           name: 'path',
+    //           description: 'If defined, the path or prefix for the bucket.',
+    //           type: 'input',
+    //           placeholder: 'Path or prefix for the bucket.'
+    //         },
+    //         {
+    //           name: 'only_logs_after',
+    //           description: 'A valid date, in YYYY-MMM-DD format, that only logs from after that date will be parsed. All logs from before that date will be skipped.',
+    //           type: 'input',
+    //           placeholder: 'Date, e.g.: 2020-APR-02',
+    //           validate_regex: /^[1-9]\d{3}-((JAN)|(FEB)|(MAR)|(APR)|(MAY)|(JUN)|(JUL)|(AUG)|(SEP)|(OCT)|(NOV)|(DEC))-\d{2}$/,
+    //           validate_error_message: 'A valid date, in YYYY-MMM-DD format'
+    //         },
+    //         {
+    //           name: 'regions',
+    //           description: 'A comma-delimited list of regions to limit parsing of logs. Only works with CloudTrail buckets.',
+    //           type: 'input',
+    //           default_value: 'All regions',
+    //           placeholder: 'Comma-delimited list of valid regions'
+    //         },
+    //         {
+    //           name: 'aws_organization_id',
+    //           description: 'Name of AWS organization. Only works with CloudTrail buckets.',
+    //           type: 'input',
+    //           placeholder: 'Valid AWS organization name'
+    //         }
+    //       ]
+    //     }
+    //   ]
+    // }
+  ]
+} 

public/components/add-modules-data/sample-data.tsx

@@ -45,8 +45,7 @@ export default class WzSampleData extends Component {
     this.categories = [
       {
         title: 'Sample security information',
-        description:
-          'Sample data, visualizations and dashboards for security information (integrity monitoring, Amazon AWS services, Google Cloud Platform, authorization, ssh, web).',
+        description: 'Sample data, visualizations and dashboards for security information (integrity monitoring, Amazon AWS services, Office 365, Google Cloud Platform, GitHub, authorization, ssh, web).',
         image: '',
         categorySampleAlertsIndex: 'security',
       },