Testing 4.1.0-7.10.0

[Desvelao]

Wazuh	Elastic	Rev
4.1.0	7.10.0	4101

Description
Testing.

Test with browsers:

• Chrome
• Firefox
• Safari

Test with the theme:

• Light
• Dark

Checks:

• General checks
• ODFE 1.12.0
• X-Pack
• 4.1

[Desvelao]

General checks

Filter checks (Modules)

• "Module/Dashboard -> Add rule.level:7 -> Go to Module/Events" Filters shouldn't change
• "Module/Dashboard -> Add rule.level:7 and make it pinned -> Go to Module/Events" Filters shouldn't change
• "Module/Dashboard -> Add rule.level:7 -> Go to Module/FIM/Dashboard" The filter "rule.level:7" is removed
• "Module/Dashboard -> Add rule.level:7 and make it pinned -> Go to Module/FIM/Dashboard" The filter "rule.level:7" persists
• "Module/Events -> Add rule.level:7 -> Go to Module/FIM/Dashboard" The filter "rule.level:7" is removed
• "Module/Events -> Add rule.level:7 and make it pinned -> Go to Module/FIM/Dashboard" The filter "rule.level:7" persists
• "Module/Events -> Add rule.level:7 -> Go to Module/Dashboard" Filters shouldn't change
• "Module/Events -> Add rule.level:7 and make it pinned -> Go to Module/Dashboard" Filters shouldn't change
• "Module/Dashboard -> Add rule.level:7 -> Go to Agent any Module/Dashboard" The filter "rule.level:7" is removed
• "Module/Dashboard -> Add rule.level:7 and make it pinned -> Go to Agent any Module/Dashboard" The filter "rule.level:7" persists
• "Agent any Module/Dashboard -> Add rule.level:7 -> Go to Agent any Module/Events" Filters shouldn't change
• "Agent any Module/Dashboard -> Add rule.level:7 and make it pinned -> Go to Agent any Module/Events" Filters shouldn't change
• "Agent any Module/Dashboard -> Add rule.level:7 -> Go to Agent FIM/Dashboard" The filter "rule.level:7" is removed
• "Agent any Module/Dashboard -> Add rule.level:7 and make it pinned -> Go to Agent FIM/Dashboard" The filter "rule.level:7" persists
• "Agent any Module/Events -> Add rule.level:7 -> Go to Agent FIM/Dashboard" The filter "rule.level:7" is removed
• "Agent any Module/Events -> Add rule.level:7 and make it pinned -> Go to Agent FIM/Dashboard" The filter "rule.level:7" persists
• "Agent any Module/Events -> Add rule.level:7 -> Go to Agent any Module/Dashboard" Filters shouldn't change
• "Agent any Module/Events -> Add rule.level:7 and make it pinned -> Go to Agent any Module/Dashboard" Filters shouldn't change
• "Agent any Module/Dashboard -> Add rule.level:7 -> Go to Module/Dashboard" The filter "rule.level:7" is removed
• "Agent any Module/Dashboard -> Add rule.level:7 and make it pinned -> Go to Module/FIM/Dashboard" The filter "rule.level:7" persists

Modules views

• Review that we are not showing non-applicable modules depending on the agent OS.
• Check the FIM table inside FIM is showing information properly.
• Check all SCA tables.

Query bar

• Simple search, example: "ssh".
• Left wildcard search, example: "*ssh".
• Right wildcard search, example: "ssh*".
• Both sides wildcard search, example: "*ssh*". (its slowness is a known issue)
• Filter search, example: "rule.level >= 10".
• Multiple queries, example "rule.level >= 10 and agent.name : "pop-os"".

Visualizations

• Click on the lens of a field to apply a filter.
• Using the mouse, select a period of time on a time-based visualization.
• Dashboards with no alerts for the selected time range should not be broken.
• Dashboards with no alerts for any time range should not be broken and should not show any toaster.
• See at least one time every visualization of every dashboard. None of the visualizations should be broken (obviously).

Events related checks

• View surrounding documents should work
• View single document should work
• View the source of a document should work
• New links to flyouts works
• New redirection should work.

Overview UI

• Check the settings modules tab for enabling/disabling extensions.
• Metrics for agents should show values (including 0 if there are no agents).
• F5 on the page should keep the selected extensions.
• If an extension is disabled, it should not appear in menus.

Reporting

• Should work with no custom filters.
• Using custom filters, the report must apply the custom filters.
• Using custom filters and custom query, the report must apply the custom filters and the custom query.
• Using a custom query, the report must apply the custom query.
• Generate a report for Inventory.

Management - Status

• Metrics for agents should show values (including 0 if there are no agents).
• If the cluster is enabled, it should show a node selector.
• If the cluster is enabled, it should show a button for restarting the cluster, it should restart it after pressing the button.
• If the cluster is enabled, changing node should refresh the view.
• Check that every daemon metric is consistent.
• If there are one or more agents, it should show the "Last registered agent" box next to the manager box.

Management home UI

• Should show two cards with the different sections

Management - Cluster

• The load time should be fast, with no timeouts.
• Timelions should show data.
• The Overview should show Top 5 nodes visualization and information about the cluster.
• The nodes list should show all nodes.
• The node detail should show Alerts over time visualization and information about the node.

Management - Logs

• If the cluster is enabled, it should show a node selector.
• If the cluster is enabled, changing the node should refresh the view.
• Daemon selector should filter the output by the selected daemon.
• Level selector should filter the output by the selected level.
• Descending sort should apply a descending sort.
• Search bar should filter the output.
• Play real-time should append new logs on the fly.
• Formatted should export the output in a file for downloading it.

Management - Reporting

• If there are no reports, the table should be empty.
• If there are reports, they should be downloadable and removable.

Management - Ruleset

• List rules.
• List custom rules.
• List decoders.
• List custom decoders.
• Edit custom rules.
• Edit custom decoders.
• List CDB lists.
• Create, update CDB lists.
• Click on file column values should open the file content.
• Click on a rule should open the rule details.
• Click on a decoder should open the decoder details.
• Click on a CDB list should open the CDB list details.

Management - Groups

• List groups.
• Search groups.
• Create groups.
• Remove a group.
• Add one agent to a group.
• Add more than one agent to a group.
• Remove an agent from a group.
• Remove more than one agent from a group.
• Edit group configuration.
• Export group details in PDF using granular options.
• Export group details in PDF with no granular options.
• "Formatted" should export the output for the different tables.
• Click on an agent should redirect to the agent view.

Management - Configuration

• Check that all sections are working as expected.
• Edit the "ossec.conf" using the Edit configuration link. Edit, Save, Restart a node, Change node should be working as expected.

DevTools

If admin mode is enabled:

• Check autocomplete is working for endpoint url suggestions
• Check autocomplete is working for endpoint parameters suggestions
• Check the request is working
• The history must be stored in the browser session storage.
• Malformed queries should show information messages about the error.
• The output should be the same as doing a direct "curl".
• The download button should show a tooltip and download the output JSON.

Agents preview

• If there are no agents yet, the interactive guide should appear.
• The status chart should be consistent.
• The status metrics should be consistent.
• Last registered agent and most active agent should show agents or "-" depending on the environment.
• All available selectors on the search bar should work.
• Complex searches with multiple filters should work.
• "Formatted" button should export the list, try it against 14.000 agents.
• Sort the table.
• Refresh the table using "Refresh"
• Check that links in rows are working.
• Add a new agent should open the interactive guide.
  • Changing OS should refresh the snippet.
  • Changing OS architecture should refresh the snippet.
  • Filling the IP should refresh the snippet.
  • Click on close should close the guide.
  • Click on the copy icon should copy the snippet.

Agent specific view UI

• The configuration can't be edited.
• Export the agent configuration in PDF using granular options.
• Export the agent configuration in PDF with no granular options.
• Check all the Inventory tables.
• Check the agent status indicator on top of the view.
• If a plugin is disabled or not compatible, it should not appear in More menu.

App menu

• Should be visible always, even if we change the state.
• Should show the index pattern.
  • If there is more than one index pattern, show a list selector.
• Should show the selected API.
  • If there is more than one API, show a list selector.
• Every link should redirect you to the right section.

Settings

• Change the index pattern.
• Edit app settings.
• Show app logs.
• Review the About section. Check the app version, Kibana version, app revision, and installation date values.

Misc

• Test all settings from wazuh.yml.
• Kibana dark mode should work properly, all the app theme should be consistent with the dark theme of Kibana.

Backend Jobs

• Monitoring

  • Create wazuh-agent template
  • Indices are created. (The internal user needs permissions for manage this indices.)

• Statistics

  • Indices are created. (The internal user needs permissions to manage these indices.)

Infrastructure and others

• Installing the plugin using kibana-plugin install file:///wazuhapp.zip should work.
• Installing the plugin using kibana-plugin install https://plugin/url/wazuhapp.zip should work.

[Desvelao]

ODFE 1.12.0 checks

Index patterns creations

• alerts, monitoring and statistics index pattern should be created in the health check
  • Global tenant
  • Private tenant

RBAC

• Check the app works with the run_as host setting using the authentication context. Create a user and assign a specific role. For example, a user with the readonly Wazuh API role.
• Some sections can't be accessed without administrator role.

[Desvelao]

X-Pack checks

Index patterns creations

• alerts, monitoring and statistics index pattern should be created in the health check
  • Default space
  • Custom space

RBAC

• Check the app works with the run_as host setting using the authentication context. Create a user and assign a specific role. For example, a user with the readonly Wazuh API role.
• Some sections can't be accessed without administrator role.

[Desvelao]

4.1 check

• Modules/Integrity monitoring/Inventory table is working for a Windows agent (Support new fields of Windows Registry at FIM inventory panel #2679 and Checking APP for versión 4.1.0 #2771)

[frankeros]

We moved the registry_value syscheck items in a table inside of the corresponding registry_key item detail.

---

---

PR: #2952

[frankeros]

The visualization Most common alters in the HIPAA dashboard was fixed.
An old CSS style that broke some elements in Kibana / Visualizations was removed too.

---

PR: #2953

[frankeros]

Tests performed in this envs:

• ODFE - Chrome
• ODFE - Firefox
• ODFE - Safari
• X-Pack - Chrome
• No security - Chrome