diff --git a/config.yml b/config.yml
index c03f1121d7..c7a1035859 100644
--- a/config.yml
+++ b/config.yml
@@ -44,6 +44,7 @@
#extensions.ciscat : false
#extensions.aws : false
#extensions.virustotal: false
+#extensions.osquery : false
#
# ---------------------------------- Time out ----------------------------------
#
diff --git a/public/controllers/agent/agents.js b/public/controllers/agent/agents.js
index 7b62695729..1df972e2dd 100644
--- a/public/controllers/agent/agents.js
+++ b/public/controllers/agent/agents.js
@@ -98,7 +98,7 @@ class AgentsController {
this.tabVisualizations.assign('agents');
this.$scope.hostMonitoringTabs = ['general', 'fim', 'syscollector'];
- this.$scope.systemAuditTabs = ['pm', 'audit', 'oscap', 'ciscat'];
+ this.$scope.systemAuditTabs = ['pm', 'audit', 'oscap', 'ciscat', 'osquery'];
this.$scope.securityTabs = ['vuls', 'virustotal'];
this.$scope.complianceTabs = ['pci', 'gdpr'];
@@ -299,9 +299,7 @@ class AgentsController {
!force;
this.$scope.tab = tab;
- if (this.$scope.tab === 'configuration') {
- this.firstLoad();
- } else {
+ if (this.$scope.tab !== 'configuration') {
this.$scope.switchSubtab(
'panels',
true,
diff --git a/public/controllers/overview/index.js b/public/controllers/overview/index.js
index 557d563d5a..ebdf5c68b4 100644
--- a/public/controllers/overview/index.js
+++ b/public/controllers/overview/index.js
@@ -21,7 +21,8 @@ import {
metricsVulnerability,
metricsScap,
metricsCiscat,
- metricsVirustotal
+ metricsVirustotal,
+ metricsOsquery
} from '../../utils/overview-metrics';
import { queryConfig } from '../../services/query-config';
@@ -68,7 +69,7 @@ app.controller('overviewController', function(
tabVisualizations.assign('overview');
$scope.hostMonitoringTabs = ['general', 'fim', 'aws'];
- $scope.systemAuditTabs = ['pm', 'audit', 'oscap', 'ciscat'];
+ $scope.systemAuditTabs = ['pm', 'audit', 'oscap', 'ciscat', 'osquery'];
$scope.securityTabs = ['vuls', 'virustotal'];
$scope.complianceTabs = ['pci', 'gdpr'];
@@ -102,6 +103,9 @@ app.controller('overviewController', function(
case 'virustotal':
createMetrics(metricsVirustotal);
break;
+ case 'osquery':
+ createMetrics(metricsOsquery);
+ break;
}
}
};
@@ -257,10 +261,6 @@ app.controller('overviewController', function(
$scope.wzMonitoringEnabled = !!configuration['wazuh.monitoring.enabled'];
- if (!$scope.wzMonitoringEnabled) {
- await getSummary();
- }
-
return;
} catch (error) {
$scope.wzMonitoringEnabled = true;
@@ -274,9 +274,7 @@ app.controller('overviewController', function(
$scope.switchTab($scope.tab, true);
- if ($scope.tab && $scope.tab === 'welcome') {
- await getSummary();
- }
+ await getSummary();
if (!$scope.$$phase) $scope.$digest();
diff --git a/public/controllers/settings/index.js b/public/controllers/settings/index.js
index c4d990c6d1..7c7cd9c909 100644
--- a/public/controllers/settings/index.js
+++ b/public/controllers/settings/index.js
@@ -288,6 +288,7 @@ app.controller('settingsController', function(
tmpData.extensions.ciscat = config['extensions.ciscat'];
tmpData.extensions.aws = config['extensions.aws'];
tmpData.extensions.virustotal = config['extensions.virustotal'];
+ tmpData.extensions.osquery = config['extensions.osquery'];
const checkData = await testAPI.check(tmpData);
@@ -573,6 +574,7 @@ app.controller('settingsController', function(
$scope.extensions.ciscat = config['extensions.ciscat'];
$scope.extensions.aws = config['extensions.aws'];
$scope.extensions.virustotal = config['extensions.virustotal'];
+ $scope.extensions.osquery = config['extensions.osquery'];
} else {
$scope.extensions = appState.getExtensions(
JSON.parse(appState.getCurrentAPI()).id
diff --git a/public/factories/tab-visualizations.js b/public/factories/tab-visualizations.js
index 6664221898..103e36adb5 100644
--- a/public/factories/tab-visualizations.js
+++ b/public/factories/tab-visualizations.js
@@ -24,7 +24,8 @@ export class TabVisualizations {
gdpr: 3,
pci: 3,
virustotal: 6,
- configuration: 0
+ configuration: 0,
+ osquery: 5
};
this.overview = {
@@ -39,7 +40,8 @@ export class TabVisualizations {
pci: 6,
gdpr: 6,
aws: 6,
- virustotal: 7
+ virustotal: 7,
+ osquery: 5
};
this.tabVisualizations = {};
diff --git a/public/img/icons/osquery.png b/public/img/icons/osquery.png
new file mode 100644
index 0000000000..df0f91050d
Binary files /dev/null and b/public/img/icons/osquery.png differ
diff --git a/public/services/common-data.js b/public/services/common-data.js
index 83d3e145c1..128711e013 100644
--- a/public/services/common-data.js
+++ b/public/services/common-data.js
@@ -98,7 +98,8 @@ export class CommonData {
pci: { group: 'pci_dss' },
gdpr: { group: 'gdpr' },
aws: { group: 'amazon' },
- virustotal: { group: 'virustotal' }
+ virustotal: { group: 'virustotal' },
+ osquery: { group: 'osquery' }
};
const filters = [];
diff --git a/public/services/resolves/get-config.js b/public/services/resolves/get-config.js
index c9c101a2f9..f28b13de00 100644
--- a/public/services/resolves/get-config.js
+++ b/public/services/resolves/get-config.js
@@ -25,6 +25,7 @@ export async function getWzConfig($q, genericReq, errorHandler, wazuhConfig) {
'extensions.ciscat': false,
'extensions.aws': false,
'extensions.virustotal': false,
+ 'extensions.osquery': false,
timeout: 8000,
'wazuh.shards': 1,
'wazuh.replicas': 1,
diff --git a/public/services/resolves/settings-wizard.js b/public/services/resolves/settings-wizard.js
index cca4688d57..28adce7a4d 100644
--- a/public/services/resolves/settings-wizard.js
+++ b/public/services/resolves/settings-wizard.js
@@ -122,7 +122,8 @@ export function settingsWizard(
oscap: config['extensions.oscap'],
ciscat: config['extensions.ciscat'],
aws: config['extensions.aws'],
- virustotal: config['extensions.virustotal']
+ virustotal: config['extensions.virustotal'],
+ osquery: config['extensions.osquery']
};
appState.setExtensions(currentApi, extensions);
}
diff --git a/public/templates/agents/agents-osquery.html b/public/templates/agents/agents-osquery.html
new file mode 100644
index 0000000000..b48ccaefb2
--- /dev/null
+++ b/public/templates/agents/agents-osquery.html
@@ -0,0 +1,46 @@
+
+
+
+
+ Most common Osquery packs being used
+
+
+
+
+
+
+ Evolution of Osquery events per pack over time
+
+
+
+
+
+
+
+
+
+ Most common Osquery actions
+
+
+
+
+
+
+
+ Most common rules
+
+
+
+
+
+
+
+
+
+ Evolution of Osquery events over time
+
+
+
+
+
+
\ No newline at end of file
diff --git a/public/templates/agents/agents-welcome.html b/public/templates/agents/agents-welcome.html
index 9bc5e20713..b2d6c1c5da 100644
--- a/public/templates/agents/agents-welcome.html
+++ b/public/templates/agents/agents-welcome.html
@@ -122,6 +122,11 @@
Auditing and Policy Monitoring
title="'CIS-CAT'" switch-tab="switchTab('ciscat')" current-tab="'ciscat'"
description="TabDescription.ciscat.description"
>
+
diff --git a/public/templates/agents/agents.head b/public/templates/agents/agents.head
index 9ba7918a0c..cddefad5f9 100644
--- a/public/templates/agents/agents.head
+++ b/public/templates/agents/agents.head
@@ -132,7 +132,7 @@
{{ tabNames['audit'] }}
{{ tabNames['oscap'] }}
{{ tabNames['ciscat'] }}
-
+ {{ tabNames['osquery'] }}
+
diff --git a/public/templates/agents/agents.jade b/public/templates/agents/agents.jade
index a6c33bd67f..61faa680ff 100644
--- a/public/templates/agents/agents.jade
+++ b/public/templates/agents/agents.jade
@@ -11,5 +11,6 @@ include ./agents-pci.html
include ./agents-gdpr.html
include ./agents-virustotal.html
include ./agents-syscollector.html
+include ./agents-osquery.html
include ../management/configuration/agent-configuration.jade
include ../footer.foot
diff --git a/public/templates/overview/overview-osquery.html b/public/templates/overview/overview-osquery.html
new file mode 100644
index 0000000000..179362106d
--- /dev/null
+++ b/public/templates/overview/overview-osquery.html
@@ -0,0 +1,50 @@
+
+
+
+
+ Agents reporting Osquery events: of {{ agentsCountTotal }}
+
+
+
+
+
+
+
+
+
+
+
+ Alerts over time
+
+
+
+
+
+
+
+
+
+ Most common packs
+
+
+
+
+
+
+ Top 5 rules
+
+
+
+
+
+
+
+
+
+ Alerts evolution - Top 5 agents
+
+
+
+
+
+
\ No newline at end of file
diff --git a/public/templates/overview/overview-welcome.html b/public/templates/overview/overview-welcome.html
index 47e3666eec..e05b4e2881 100644
--- a/public/templates/overview/overview-welcome.html
+++ b/public/templates/overview/overview-welcome.html
@@ -75,6 +75,11 @@ Auditing and Policy Monitoring
title="'CIS-CAT'" switch-tab="switchTab('ciscat')" current-tab="'ciscat'"
description="TabDescription.ciscat.description"
>
+
diff --git a/public/templates/overview/overview.head b/public/templates/overview/overview.head
index 427b043150..69b6279927 100644
--- a/public/templates/overview/overview.head
+++ b/public/templates/overview/overview.head
@@ -65,7 +65,7 @@
{{ tabNames['audit'] }}
{{ tabNames['oscap'] }}
{{ tabNames['ciscat'] }}
+ {{ tabNames['osquery'] }}
diff --git a/public/templates/overview/overview.jade b/public/templates/overview/overview.jade
index 9a6a69dc21..9e1f339edf 100644
--- a/public/templates/overview/overview.jade
+++ b/public/templates/overview/overview.jade
@@ -11,4 +11,5 @@ include ./overview-pci.html
include ./overview-gdpr.html
include ./overview-aws.html
include ./overview-virustotal.html
+include ./overview-osquery.html
include ../footer.foot
diff --git a/public/templates/settings/settings-extensions.html b/public/templates/settings/settings-extensions.html
index 0f4344b93b..4380092694 100644
--- a/public/templates/settings/settings-extensions.html
+++ b/public/templates/settings/settings-extensions.html
@@ -114,6 +114,26 @@
+
+
+
+ {{ tabNames['osquery'] }}
+
+
+
Osquery can be used to expose an operating system as a high-performance relational database. This allows you to write SQL-based queries to explore operating system data.
+
+
+
+
+
+
+
+
+ More info
+
+
+
+
diff --git a/public/utils/overview-metrics.js b/public/utils/overview-metrics.js
index e6529c6f0a..4a6393ade5 100644
--- a/public/utils/overview-metrics.js
+++ b/public/utils/overview-metrics.js
@@ -69,11 +69,18 @@ const metricsVirustotal = {
virusTotal: '[vis-id="\'Wazuh-App-Overview-Virustotal-Total\'"]'
};
+// Metrics OSQuery
+const metricsOsquery = {
+ osqueryAgentsReporting:
+ '[vis-id="\'Wazuh-App-Overview-Osquery-Agents-reporting\'"]'
+};
+
export default {
metricsGeneral,
metricsAudit,
metricsVulnerability,
metricsScap,
metricsCiscat,
- metricsVirustotal
+ metricsVirustotal,
+ metricsOsquery
};
diff --git a/server/integration-files/known-fields.js b/server/integration-files/known-fields.js
index d516dfe6aa..13d10d7b77 100644
--- a/server/integration-files/known-fields.js
+++ b/server/integration-files/known-fields.js
@@ -5143,5 +5143,23 @@ export const knownFields = [
searchable: true,
aggregatable: true,
readFromDocValues: true
+ },
+ {
+ name: 'data.osquery.pack',
+ type: 'string',
+ count: 0,
+ scripted: false,
+ searchable: true,
+ aggregatable: true,
+ readFromDocValues: true
+ },
+ {
+ name: 'data.osquery.action',
+ type: 'string',
+ count: 0,
+ scripted: false,
+ searchable: true,
+ aggregatable: true,
+ readFromDocValues: true
}
];
diff --git a/server/integration-files/visualizations/agents/agents-osquery.js b/server/integration-files/visualizations/agents/agents-osquery.js
new file mode 100644
index 0000000000..a7b307aa7e
--- /dev/null
+++ b/server/integration-files/visualizations/agents/agents-osquery.js
@@ -0,0 +1,94 @@
+/*
+ * Wazuh app - Module for Agents/Osquery visualizations
+ * Copyright (C) 2018 Wazuh, Inc.
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * Find more information about this on the LICENSE file.
+ */
+export default [
+ {
+ _id: 'Wazuh-App-Agents-Osquery-monst-common-rules-being-fired',
+ _type: 'visualization',
+ _source: {
+ title: 'Most common rules being fired',
+ visState:
+ '{"title":"Most common rules being fired","type":"table","params":{"perPage":10,"showPartialRows":false,"showMetricsAtAllLevels":false,"sort":{"columnIndex":null,"direction":null},"showTotal":false,"totalFunc":"sum"},"aggs":[{"id":"1","enabled":true,"type":"count","schema":"metric","params":{}},{"id":"2","enabled":true,"type":"terms","schema":"bucket","params":{"field":"rule.id","size":5,"order":"desc","orderBy":"1","otherBucket":false,"otherBucketLabel":"Other","missingBucket":false,"missingBucketLabel":"Missing","customLabel":"Rule ID"}},{"id":"3","enabled":true,"type":"terms","schema":"bucket","params":{"field":"rule.description","size":1,"order":"desc","orderBy":"1","otherBucket":false,"otherBucketLabel":"Other","missingBucket":false,"missingBucketLabel":"Missing","customLabel":"Description"}}]}',
+ uiStateJSON:
+ '{"vis":{"params":{"sort":{"columnIndex":null,"direction":null}}}}',
+ description: '',
+ version: 1,
+ kibanaSavedObjectMeta: {
+ searchSourceJSON:
+ '{"index":"wazuh-alerts","query":{"query":"","language":"lucene"},"filter":[]}'
+ }
+ }
+ },
+ {
+ _id: 'Wazuh-App-Agents-Osquery-top-5-packs-being-used',
+ _type: 'visualization',
+ _source: {
+ title: 'Top 5 packs being used',
+ visState:
+ '{"title":"Top 5 packs being used","type":"pie","params":{"type":"pie","addTooltip":true,"addLegend":true,"legendPosition":"right","isDonut":true,"labels":{"show":false,"values":true,"last_level":true,"truncate":100}},"aggs":[{"id":"1","enabled":true,"type":"count","schema":"metric","params":{}},{"id":"2","enabled":true,"type":"terms","schema":"segment","params":{"field":"data.osquery.pack","size":5,"order":"desc","orderBy":"1","otherBucket":false,"otherBucketLabel":"Other","missingBucket":false,"missingBucketLabel":"Missing"}}]}',
+ uiStateJSON: '{}',
+ description: '',
+ version: 1,
+ kibanaSavedObjectMeta: {
+ searchSourceJSON:
+ '{"index":"wazuh-alerts","query":{"query":"","language":"lucene"},"filter":[]}'
+ }
+ }
+ },
+ {
+ _id: 'Wazuh-App-Agents-Osquery-most-common-osquery-actions',
+ _type: 'visualization',
+ _source: {
+ title: 'Most common Osquery actions',
+ visState:
+ '{"title":"Most common Osquery actions","type":"pie","params":{"type":"pie","addTooltip":true,"addLegend":true,"legendPosition":"right","isDonut":true,"labels":{"show":false,"values":true,"last_level":true,"truncate":100}},"aggs":[{"id":"1","enabled":true,"type":"count","schema":"metric","params":{}},{"id":"2","enabled":true,"type":"terms","schema":"segment","params":{"field":"data.osquery.action","size":5,"order":"desc","orderBy":"1","otherBucket":false,"otherBucketLabel":"Other","missingBucket":false,"missingBucketLabel":"Missing"}}]}',
+ uiStateJSON: '{}',
+ description: '',
+ version: 1,
+ kibanaSavedObjectMeta: {
+ searchSourceJSON:
+ '{"index":"wazuh-alerts","query":{"query":"","language":"lucene"},"filter":[]}'
+ }
+ }
+ },
+ {
+ _id: 'Wazuh-App-Agents-Osquery-events-per-pack-over-time',
+ _type: 'visualization',
+ _source: {
+ title: 'Events per pack over time',
+ visState:
+ '{"title":"Events per pack over time","type":"line","params":{"type":"line","grid":{"categoryLines":false,"style":{"color":"#eee"}},"categoryAxes":[{"id":"CategoryAxis-1","type":"category","position":"bottom","show":true,"style":{},"scale":{"type":"linear"},"labels":{"show":true,"truncate":100},"title":{}}],"valueAxes":[{"id":"ValueAxis-1","name":"LeftAxis-1","type":"value","position":"left","show":true,"style":{},"scale":{"type":"linear","mode":"normal"},"labels":{"show":true,"rotate":0,"filter":false,"truncate":100},"title":{"text":"Count"}}],"seriesParams":[{"show":"true","type":"line","mode":"normal","data":{"label":"Count","id":"1"},"valueAxis":"ValueAxis-1","drawLinesBetweenPoints":true,"showCircles":true}],"addTooltip":true,"addLegend":true,"legendPosition":"right","times":[],"addTimeMarker":false},"aggs":[{"id":"1","enabled":true,"type":"count","schema":"metric","params":{}},{"id":"2","enabled":true,"type":"terms","schema":"group","params":{"field":"data.osquery.pack","size":5,"order":"desc","orderBy":"1","otherBucket":false,"otherBucketLabel":"Other","missingBucket":false,"missingBucketLabel":"Missing"}},{"id":"3","enabled":true,"type":"date_histogram","schema":"segment","params":{"field":"@timestamp","interval":"auto","customInterval":"2h","min_doc_count":1,"extended_bounds":{}}}]}',
+ uiStateJSON: '{}',
+ description: '',
+ version: 1,
+ kibanaSavedObjectMeta: {
+ searchSourceJSON:
+ '{"index":"wazuh-alerts","query":{"query":"","language":"lucene"},"filter":[]}'
+ }
+ }
+ },
+ {
+ _id: 'Wazuh-App-Agents-Osquery-events-over-time',
+ _type: 'visualization',
+ _source: {
+ title: 'Osquery events over time',
+ visState:
+ '{"title":"Osquery events over time","type":"area","params":{"type":"area","grid":{"categoryLines":false,"style":{"color":"#eee"}},"categoryAxes":[{"id":"CategoryAxis-1","type":"category","position":"bottom","show":true,"style":{},"scale":{"type":"linear"},"labels":{"show":true,"truncate":100},"title":{}}],"valueAxes":[{"id":"ValueAxis-1","name":"LeftAxis-1","type":"value","position":"left","show":true,"style":{},"scale":{"type":"linear","mode":"normal"},"labels":{"show":true,"rotate":0,"filter":false,"truncate":100},"title":{"text":"Count"}}],"seriesParams":[{"show":"true","type":"area","mode":"stacked","data":{"label":"Count","id":"1"},"drawLinesBetweenPoints":true,"showCircles":true,"interpolate":"linear","valueAxis":"ValueAxis-1"}],"addTooltip":true,"addLegend":true,"legendPosition":"right","times":[],"addTimeMarker":false},"aggs":[{"id":"1","enabled":true,"type":"count","schema":"metric","params":{}},{"id":"2","enabled":true,"type":"date_histogram","schema":"segment","params":{"field":"@timestamp","interval":"auto","customInterval":"2h","min_doc_count":1,"extended_bounds":{}}}]}',
+ uiStateJSON: '{}',
+ description: '',
+ version: 1,
+ kibanaSavedObjectMeta: {
+ searchSourceJSON:
+ '{"index":"wazuh-alerts","query":{"query":"","language":"lucene"},"filter":[]}'
+ }
+ }
+ }
+];
diff --git a/server/integration-files/visualizations/agents/index.js b/server/integration-files/visualizations/agents/index.js
index 90031d50c3..762ce03b1a 100644
--- a/server/integration-files/visualizations/agents/index.js
+++ b/server/integration-files/visualizations/agents/index.js
@@ -19,5 +19,6 @@ import gdpr from './agents-gdpr';
import pm from './agents-pm';
import virustotal from './agents-virustotal';
import vuls from './agents-vuls';
+import osquery from './agents-osquery';
-export { audit, fim, general, oscap, ciscat, pci, gdpr, pm, virustotal, vuls };
+export { audit, fim, general, oscap, ciscat, pci, gdpr, pm, virustotal, vuls, osquery };
diff --git a/server/integration-files/visualizations/overview/index.js b/server/integration-files/visualizations/overview/index.js
index a19eb6faaf..88a9825b4e 100644
--- a/server/integration-files/visualizations/overview/index.js
+++ b/server/integration-files/visualizations/overview/index.js
@@ -20,6 +20,7 @@ import gdpr from './overview-gdpr';
import pm from './overview-pm';
import virustotal from './overview-virustotal';
import vuls from './overview-vuls';
+import osquery from './overview-osquery';
export {
audit,
@@ -32,5 +33,6 @@ export {
gdpr,
pm,
virustotal,
- vuls
+ vuls,
+ osquery
};
diff --git a/server/integration-files/visualizations/overview/overview-osquery.js b/server/integration-files/visualizations/overview/overview-osquery.js
new file mode 100644
index 0000000000..b748441dcf
--- /dev/null
+++ b/server/integration-files/visualizations/overview/overview-osquery.js
@@ -0,0 +1,93 @@
+/*
+ * Wazuh app - Module for Overview/Osquery visualizations
+ * Copyright (C) 2018 Wazuh, Inc.
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * Find more information about this on the LICENSE file.
+ */
+export default [
+ {
+ _id: 'Wazuh-App-Overview-Osquery-Alerts-over-time',
+ _type: 'visualization',
+ _source: {
+ title: 'Alerts over time',
+ visState:
+ '{"title":"Alerts over time","type":"area","params":{"type":"area","grid":{"categoryLines":false,"style":{"color":"#eee"}},"categoryAxes":[{"id":"CategoryAxis-1","type":"category","position":"bottom","show":true,"style":{},"scale":{"type":"linear"},"labels":{"show":true,"truncate":100},"title":{}}],"valueAxes":[{"id":"ValueAxis-1","name":"LeftAxis-1","type":"value","position":"left","show":true,"style":{},"scale":{"type":"linear","mode":"normal"},"labels":{"show":true,"rotate":0,"filter":false,"truncate":100},"title":{"text":"Count"}}],"seriesParams":[{"show":"true","type":"area","mode":"stacked","data":{"label":"Count","id":"1"},"drawLinesBetweenPoints":true,"showCircles":true,"interpolate":"linear","valueAxis":"ValueAxis-1"}],"addTooltip":true,"addLegend":true,"legendPosition":"right","times":[],"addTimeMarker":false},"aggs":[{"id":"1","enabled":true,"type":"count","schema":"metric","params":{}},{"id":"2","enabled":true,"type":"date_histogram","schema":"segment","params":{"field":"@timestamp","interval":"auto","customInterval":"2h","min_doc_count":1,"extended_bounds":{}}}]}',
+ uiStateJSON: '{}',
+ description: '',
+ version: 1,
+ kibanaSavedObjectMeta: {
+ searchSourceJSON:
+ '{"index":"wazuh-alerts","query":{"query":"","language":"lucene"},"filter":[]}'
+ }
+ }
+ },
+ {
+ _id: 'Wazuh-App-Overview-Osquery-Most-common-packs',
+ _type: 'visualization',
+ _source: {
+ title: 'Most common packs',
+ visState:
+ '{"title":"Most common packs","type":"pie","params":{"type":"pie","addTooltip":true,"addLegend":true,"legendPosition":"right","isDonut":true,"labels":{"show":false,"values":true,"last_level":true,"truncate":100}},"aggs":[{"id":"1","enabled":true,"type":"count","schema":"metric","params":{}},{"id":"2","enabled":true,"type":"terms","schema":"segment","params":{"field":"data.osquery.pack","size":5,"order":"desc","orderBy":"1","otherBucket":false,"otherBucketLabel":"Other","missingBucket":false,"missingBucketLabel":"Missing"}}]}',
+ uiStateJSON: '{}',
+ description: '',
+ version: 1,
+ kibanaSavedObjectMeta: {
+ searchSourceJSON:
+ '{"index":"wazuh-alerts","query":{"language":"lucene","query":""},"filter":[]}'
+ }
+ }
+ },
+ {
+ _id: 'Wazuh-App-Overview-Osquery-Top-5-rules',
+ _type: 'visualization',
+ _source: {
+ title: 'Top 5 rules',
+ visState:
+ '{"title":"Top 5 rules","type":"table","params":{"perPage":10,"showPartialRows":false,"showMetricsAtAllLevels":false,"sort":{"columnIndex":null,"direction":null},"showTotal":false,"totalFunc":"sum"},"aggs":[{"id":"1","enabled":true,"type":"count","schema":"metric","params":{}},{"id":"2","enabled":true,"type":"terms","schema":"bucket","params":{"field":"rule.id","size":5,"order":"desc","orderBy":"1","otherBucket":false,"otherBucketLabel":"Other","missingBucket":false,"missingBucketLabel":"Missing","customLabel":"Rule ID"}},{"id":"3","enabled":true,"type":"terms","schema":"bucket","params":{"field":"rule.description","size":1,"order":"desc","orderBy":"1","otherBucket":false,"otherBucketLabel":"Other","missingBucket":false,"missingBucketLabel":"Missing","customLabel":"Description"}}]}',
+ uiStateJSON:
+ '{"vis":{"params":{"sort":{"columnIndex":null,"direction":null}}}}',
+ description: '',
+ version: 1,
+ kibanaSavedObjectMeta: {
+ searchSourceJSON:
+ '{"index":"wazuh-alerts","query":{"query":"","language":"lucene"},"filter":[]}'
+ }
+ }
+ },
+ {
+ _id: 'Wazuh-App-Overview-Osquery-Alerts-evolution-Top-5-agents',
+ _type: 'visualization',
+ _source: {
+ title: 'Alerts evolution - Top 5 agents',
+ visState:
+ '{"title":"Alerts evolution - Top 5 agents","type":"area","params":{"type":"area","grid":{"categoryLines":false,"style":{"color":"#eee"}},"categoryAxes":[{"id":"CategoryAxis-1","type":"category","position":"bottom","show":true,"style":{},"scale":{"type":"linear"},"labels":{"show":true,"truncate":100},"title":{}}],"valueAxes":[{"id":"ValueAxis-1","name":"LeftAxis-1","type":"value","position":"left","show":true,"style":{},"scale":{"type":"linear","mode":"normal"},"labels":{"show":true,"rotate":0,"filter":false,"truncate":100},"title":{"text":"Count"}}],"seriesParams":[{"show":"true","type":"area","mode":"stacked","data":{"label":"Count","id":"1"},"drawLinesBetweenPoints":true,"showCircles":true,"interpolate":"linear","valueAxis":"ValueAxis-1"}],"addTooltip":true,"addLegend":true,"legendPosition":"right","times":[],"addTimeMarker":false},"aggs":[{"id":"1","enabled":true,"type":"count","schema":"metric","params":{}},{"id":"2","enabled":true,"type":"date_histogram","schema":"segment","params":{"field":"@timestamp","interval":"auto","customInterval":"2h","min_doc_count":1,"extended_bounds":{}}},{"id":"3","enabled":true,"type":"terms","schema":"group","params":{"field":"agent.name","size":5,"order":"desc","orderBy":"1","otherBucket":false,"otherBucketLabel":"Other","missingBucket":false,"missingBucketLabel":"Missing"}}]}',
+ uiStateJSON: '{}',
+ description: '',
+ version: 1,
+ kibanaSavedObjectMeta: {
+ searchSourceJSON:
+ '{"index":"wazuh-alerts","query":{"query":"","language":"lucene"},"filter":[]}'
+ }
+ }
+ },
+ {
+ _id: 'Wazuh-App-Overview-Osquery-Agents-reporting',
+ _type: 'visualization',
+ _source: {
+ title: 'Agents reporting',
+ "visState": "{\"title\":\"Agents reporting\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"metric\",\"metric\":{\"percentageMode\":false,\"useRanges\":false,\"colorSchema\":\"Green to Red\",\"metricColorMode\":\"None\",\"colorsRange\":[{\"from\":0,\"to\":10000}],\"labels\":{\"show\":true},\"invertColors\":false,\"style\":{\"bgFill\":\"#000\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"fontSize\":60}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"cardinality\",\"schema\":\"metric\",\"params\":{\"field\":\"agent.id\"}}]}",
+ uiStateJSON: '{}',
+ description: '',
+ version: 1,
+ kibanaSavedObjectMeta: {
+ searchSourceJSON:
+ '{"index":"wazuh-alerts","query":{"query":"","language":"lucene"},"filter":[]}'
+ }
+ }
+ }
+];
diff --git a/server/reporting/tab-description.js b/server/reporting/tab-description.js
index b79cd802af..8a67e454e3 100644
--- a/server/reporting/tab-description.js
+++ b/server/reporting/tab-description.js
@@ -74,5 +74,9 @@ export const TabDescription = {
title: 'Configuration',
description:
'Check the current agent configuration remotely applied by its group.'
+ },
+ osquery: {
+ title: 'Osquery',
+ description: 'Osquery can be used to expose an operating system as a high-performance relational database.'
}
};