Skip to content
master
Switch branches/tags
Code

Latest commit

* Adapt for 4.0.4-8.1.1

* Adapt for Wazuh 4.0.4 and Splunk 8.1.1 (#994)

* Update README.md

* change python controllers

* Fixed api requests from agent and agent overview views

* add token.py and changes request

* migrate view configuration

* Migrating Agents views and api requests, Security information managment, auditing and policy monitoring, regulatory compilance

* migrate view ruleset

* Adapted Agents,cisca,docker,hippa,nist,osquery,virustotal, vulnerabilities

* Adapted overview general and welcome

* migrate view groups

* migrate view cluster

* fix api errors

* fix report views

* fix api and views errors

* fix api and views errors

* fix logs views

* Fixed managment ruleset, rules,decoders, list.

* Fixed Rulesets,save edited file configuration

* Fixed Rules save edited xml file

* Changed autocomplete suggestions to api 4.0 endpoints

* fix xml editor

* fix xml editor

* delete logs

* fix py imports

* fix add and remove agents from group

* Fixed return of request contemplating both options.

* Fixed watuhtoken imports

* fix healchek request

* delete console log

* Fixed, doesnt show last scan in agent inventory data, processes and packages tables

* Fixed generate report in agents inventory data

* Fix filter all values of daemons and log level. (#960)

* Fixed watuhtoken imports (#958)

* Fixed methods duplicated

* fix splunk version and conection manager

* Fixed removed endpoints with query params

* Fixed osquery error message when it is installed

* Refactored wazuhtoken use

* Added missing self

* Fixed commands to create new agents

* fix(monitoring): Fix job when cluster mode is disabled

* Conditional added to see if the cluster enabled

* Removed Run Scan action in agents policy monitoring

* Removed sort in file column in agents sca table

* Fixed cluster disabled issues

* fix(frontend): Add the missing reporting button in the Vulnerabilities module

* Fix manager was shown in visualization

* Fixed typo runnin

* fix(backend): update API endpoints with 4.0.4
  - Added a `endpoints.json` file
  - Added a service to retrieve the endpoints from the .json file

* fix(backend): load the app log file using the relative path to Splunk directory

* fix(frontend): add app log file directory to Logs section using the relative to Splunk home directory

* Fix help urls (#974)

* Changed help url

* Fixed duplicated header on discover (#976)

* Fixed duplicated header on discover

* fix empty configs (#977)

* delete console logs (#979)

* Fixing bad exception catch in dev tools

* Update api.py

* Update api.py

* Removed generate report in Agents SCA view

* Fix style error dev tools

* Improve hints dev tools

* Replace monitoring index from wazuh-monitoring-3x to wazuh-monitoring (#981)

* fix(monitoring): Change monitoring index from wazuh-monitoring-3x to wazuh-monitoring
  - Modified `inputs.conf`
  - Modified index filter in the agent status visualization

* feat(setup): Add configuration files for indexer and forwarder

* overlaping tooltips

* Added information button

* fix(frontend): Fix help side section in Configuration - Docker listener

* fix export table and show most active agent

* fix(frontend): Configuration > Alerts > Email alerts section didn't display anything when emails are not configurated

* Fixed error when generate report agents fim

* removed console log

* Hide report button when visualizations are hidden

* fix(frontend): Fixed resquest doesn't run in Dev tools and align text containers

* Fixed save config manager mode and section config cluster

* fix(fronted): Fix link to the group in Agent overview and agent platform set incorrectly (#990)

* fix delete list

* fix update list

Co-authored-by: Juanca Rodríguez <juanca.romo9@gmail.com>
Co-authored-by: Pablo Torres <pablotr9@correo.ugr.es>
Co-authored-by: Jose Sanchez Robles <josesanxez@gmail.com>
Co-authored-by: eze9252 <eze9252@gmail.com>
Co-authored-by: Ibarra Maximiliano <maximiliano.ibarra@wazuh.com>
Co-authored-by: Ezequiel Airaudo <36004787+eze9252@users.noreply.github.com>
Co-authored-by: gabiwassan <gabriel.wassan@wazuh.com>
Co-authored-by: Gabriel Wassan <gabrielwassan@gmail.com>
Co-authored-by: Maximiliano Ibarra <maximilianoaibarra@gmail.com>
Co-authored-by: CPAlejandro <cuellarpeinado@gmail.com>
Co-authored-by: Desvelao <iamdesvelao@gmail.com>
Co-authored-by: Pablo Martínez <pablomarga@hotmail.com>
Co-authored-by: Alejandro Cuéllar Peinado <alejandro.cuellar@wazuh.com>
Co-authored-by: Toni <34042064+Desvelao@users.noreply.github.com>
Co-authored-by: sortiz <sortiz@owlh.net>

* Fix writing errrors (#996)

* fix(reporting): Enhance PDF reports
  - Wazuh logo image not stretch
  - Removed rare character at the end of the section
  - Visualizations not stretched. Centered horizontally

* Fixed paginator on reporting view.

* Fixed agents table version filter unknown value error (#1018)

* Fixed Agents table status filter doesn't work (#1016)

Co-authored-by: Ibarra Maximiliano <maximiliano.ibarra@wazuh.com>

* Fixed log error when you entry to cluster or status (#1015)

* fix select node in status and logs views (#1017)

* Update version to 4.1.3

* Redirect to overview if there isn't previous currentTab status (#1028)

* Redirect to overview if there isn't previous currentTab status

* Added check current api in navigation service

* Fixed bug that appear for an instant settings.api at start

* Added else

* Fixed the text of no api when we have it

Co-authored-by: Franco Charriol <francocharriol@gmail.com>

* pinned filter buttons blinks (#1032)

* Adapt files api endpoints (#1033)

* fix(frontend): Adapted read, edit and delete rules/decoders/lists to new API endpoints

* fix(frontend): Add exporting CDB list keys and values

* fix(frontend): remove commented line in ruleset.js

* Migrated upload files endpoints

* fix(frontend): Fix import/upload rule/decoder/list file

* fix(frontend): fix links to open a rule/decoder file from details

  - Fix links to open a rule/decoder file from details
  - Fix some html elements didn't show duw to deprecated conditionals related to API response objects

Co-authored-by: Franco Charriol <francocharriol@gmail.com>

* Changed equal operator to 'like' operator (#1034)

* Added dialog with file registry values (#1030)

* feat(scripts): Added script to generate the API info (#1035)

- Update info to API info to Wazuh API 4.1.3

* update version to 4.1.4

* fix(frontend): Fix the view of regex field in Decoder detail (#1036)

* fix(reports): Fix visualizations in reports due to vertical position and exceeding the horizontal page limit (#1037)

* fix(frontend): Fix CSV files names of Management > Groups section (#1038)

* escaped back slash in File parameter request (#1040)

* Added compatibility range with splunk version

* Re-ordered compatibility matrix on README

* Bumped to 4.1.5

* doc: fix package url for 4.1.5

Co-authored-by: Juanca Rodríguez <juanca.romo9@gmail.com>
Co-authored-by: Pablo Torres <pablotr9@correo.ugr.es>
Co-authored-by: Jose Sanchez Robles <josesanxez@gmail.com>
Co-authored-by: eze9252 <eze9252@gmail.com>
Co-authored-by: Ibarra Maximiliano <maximiliano.ibarra@wazuh.com>
Co-authored-by: Ezequiel Airaudo <36004787+eze9252@users.noreply.github.com>
Co-authored-by: gabiwassan <gabriel.wassan@wazuh.com>
Co-authored-by: Gabriel Wassan <gabrielwassan@gmail.com>
Co-authored-by: Maximiliano Ibarra <maximilianoaibarra@gmail.com>
Co-authored-by: CPAlejandro <cuellarpeinado@gmail.com>
Co-authored-by: Desvelao <iamdesvelao@gmail.com>
Co-authored-by: Pablo Martínez <pablomarga@hotmail.com>
Co-authored-by: Alejandro Cuéllar Peinado <alejandro.cuellar@wazuh.com>
Co-authored-by: Toni <34042064+Desvelao@users.noreply.github.com>
Co-authored-by: sortiz <sortiz@owlh.net>
Co-authored-by: sortizowlh <47242022+sortizowlh@users.noreply.github.com>
Co-authored-by: Federico Rodriguez <federico.rodriguez@wazuh.com>
Co-authored-by: Alberto R <alberpilot@gmail.com>
02ccf04

Git stats

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Splunk app for Wazuh

Slack Email Documentation Documentation

Wazuh app for Splunk offers an option to visualize Wazuh Alerts and API data. Wazuh helps you to gain deeper security visibility into your infrastructure by monitoring hosts at an operating system and application level.


Overview

Documentation

Branches

  • stable branch on correspond to the last Wazuh app stable version.
  • master branch contains the latest code, be aware of possible bugs on this branch.

Requisites

  1. An already installed Wazuh Manager with access to the API.
  2. Splunk Universal Forwarder where Wazuh Manager is installed.
  3. At least one Splunk Enterprise indexer.

Installation

Compatibility Matrix

Splunk version Wazuh version Installation
8.1.2 4.1.5 https://packages.wazuh.com/4.x/ui/splunk/wazuh_splunk-4.1.5_8.1.2-1.tar.gz
8.1.2 4.1.4 https://packages.wazuh.com/4.x/ui/splunk/wazuh_splunk-4.1.4_8.1.2-1.tar.gz
8.1.1 4.1.4 https://packages.wazuh.com/4.x/ui/splunk/wazuh_splunk-4.1.4_8.1.1-1.tar.gz
8.1.0 4.1.4 https://packages.wazuh.com/4.x/ui/splunk/wazuh_splunk-4.1.4_8.1.0-1.tar.gz
8.0.8 4.1.4 https://packages.wazuh.com/4.x/ui/splunk/wazuh_splunk-4.1.4_8.0.8-1.tar.gz
8.0.7 4.1.4 https://packages.wazuh.com/4.x/ui/splunk/wazuh_splunk-4.1.4_8.0.7-1.tar.gz
8.0.6 4.1.4 https://packages.wazuh.com/4.x/ui/splunk/wazuh_splunk-4.1.4_8.0.6-1.tar.gz
8.0.5 4.1.4 https://packages.wazuh.com/4.x/ui/splunk/wazuh_splunk-4.1.4_8.0.5-1.tar.gz
8.0.4 4.1.4 https://packages.wazuh.com/4.x/ui/splunk/wazuh_splunk-4.1.4_8.0.4-1.tar.gz
8.0.4 3.13.2 https://packages.wazuh.com/3.x/splunkapp/wazuhapp-splunk-3.13.2_8.0.4.tar.gz
8.0.4 3.13.1 https://packages.wazuh.com/3.x/splunkapp/wazuhapp-splunk-3.13.1_8.0.4.tar.gz
8.0.2 3.13.0 https://packages.wazuh.com/3.x/splunkapp/wazuhapp-splunk-3.13.0_8.0.2.tar.gz
8.0.2 3.12.3 https://packages.wazuh.com/3.x/splunkapp/wazuhapp-splunk-3.12.3_8.0.2.tar.gz
8.0.2 3.12.2 https://packages.wazuh.com/3.x/splunkapp/wazuhapp-splunk-3.12.2_8.0.2.tar.gz
8.0.2 3.12.1 https://packages.wazuh.com/3.x/splunkapp/wazuhapp-splunk-3.12.1_8.0.2.tar.gz
8.0.2 3.12.0 https://packages.wazuh.com/3.x/splunkapp/wazuhapp-splunk-3.12.0_8.0.2.tar.gz
8.0.1 3.11.4 https://packages.wazuh.com/3.x/splunkapp/wazuhapp-splunk-3.11.4_8.0.1.tar.gz
8.0.1 3.11.3 https://packages.wazuh.com/3.x/splunkapp/wazuhapp-splunk-3.11.3_8.0.1.tar.gz
8.0.1 3.11.2 https://packages.wazuh.com/3.x/splunkapp/wazuhapp-splunk-3.11.2_8.0.1.tar.gz
8.0.0 3.11.1 https://packages.wazuh.com/3.x/splunkapp/wazuhapp-splunk-3.11.1_8.0.0.tar.gz
8.0.0 3.11.0 https://packages.wazuh.com/3.x/splunkapp/wazuhapp-splunk-3.11.0_8.0.0.tar.gz
7.3.5 3.13.1 https://packages.wazuh.com/3.x/splunkapp/wazuhapp-splunk-3.13.1_7.3.5.tar.gz
7.3.5 3.13.0 https://packages.wazuh.com/3.x/splunkapp/wazuhapp-splunk-3.13.0_7.3.5.tar.gz
7.3.4 3.12.3 https://packages.wazuh.com/3.x/splunkapp/wazuhapp-splunk-3.12.3_7.3.4.tar.gz
7.3.4 3.12.2 https://packages.wazuh.com/3.x/splunkapp/wazuhapp-splunk-3.12.2_7.3.4.tar.gz
7.3.4 3.12.1 https://packages.wazuh.com/3.x/splunkapp/wazuhapp-splunk-3.12.1_7.3.4.tar.gz
7.3.4 3.12.0 https://packages.wazuh.com/3.x/splunkapp/wazuhapp-splunk-3.12.0_7.3.4.tar.gz
7.3.4 3.11.4 https://packages.wazuh.com/3.x/splunkapp/wazuhapp-splunk-3.11.4_7.3.4.tar.gz
7.3.4 3.11.3 https://packages.wazuh.com/3.x/splunkapp/wazuhapp-splunk-3.11.3_7.3.4.tar.gz
7.3.4 3.11.2 https://packages.wazuh.com/3.x/splunkapp/wazuhapp-splunk-3.11.2_7.3.4.tar.gz
7.3.2 3.11.1 https://packages.wazuh.com/3.x/splunkapp/wazuhapp-splunk-3.11.1_7.3.2.tar.gz
7.3.2 3.11.0 https://packages.wazuh.com/3.x/splunkapp/wazuhapp-splunk-3.11.0_7.3.2.tar.gz
8.0.0 3.10.2 https://packages.wazuh.com/3.x/splunkapp/wazuhapp-splunk-3.10.2_8.0.0.tar.gz
7.3.0 3.10.2 https://packages.wazuh.com/3.x/splunkapp/v3.10.2_7.3.0.tar.gz
7.3.0 3.10.1 https://packages.wazuh.com/3.x/splunkapp/v3.10.1_7.3.0.tar.gz
7.3.0 3.10.0 https://packages.wazuh.com/3.x/splunkapp/v3.10.0_7.3.0.tar.gz
7.3.0 3.9.5 https://packages.wazuh.com/3.x/splunkapp/v3.9.5_7.3.0.tar.gz
7.3.0 3.9.4 https://packages.wazuh.com/3.x/splunkapp/v3.9.4_7.3.0.tar.gz
7.3.0 3.9.3 https://packages.wazuh.com/3.x/splunkapp/v3.9.3_7.3.0.tar.gz
7.3.0 3.9.2 https://packages.wazuh.com/3.x/splunkapp/v3.9.2_7.3.0.tar.gz
7.3.0 3.9.1 https://packages.wazuh.com/3.x/splunkapp/v3.9.1_7.3.0.tar.gz
7.2.6 3.9.1 https://packages.wazuh.com/3.x/splunkapp/v3.9.1_7.2.6.tar.gz
7.2.6 3.9.0 https://packages.wazuh.com/3.x/splunkapp/v3.9.0_7.2.6.tar.gz
7.2.6 3.8.2 https://packages.wazuh.com/3.x/splunkapp/v3.8.2_7.2.6.tar.gz
7.2.5 3.8.2 https://packages.wazuh.com/3.x/splunkapp/v3.8.2_7.2.5.tar.gz
7.2.4 3.8.2 https://packages.wazuh.com/3.x/splunkapp/v3.8.2_7.2.4.tar.gz
7.2.3 3.8.2 https://packages.wazuh.com/3.x/splunkapp/v3.8.2_7.2.3.tar.gz
7.2.3 3.8.1 https://packages.wazuh.com/3.x/splunkapp/v3.8.1_7.2.3.tar.gz
7.2.3 3.8.0 https://packages.wazuh.com/3.x/splunkapp/v3.8.0_7.2.3.tar.gz
7.2.1 3.7.2 https://packages.wazuh.com/3.x/splunkapp/v3.7.2_7.2.1.tar.gz
7.2.1 3.7.1 https://packages.wazuh.com/3.x/splunkapp/v3.7.1_7.2.1.tar.gz
7.2.1 3.7.0 https://packages.wazuh.com/3.x/splunkapp/v3.7.0_7.2.1.tar.gz
7.2.0 3.7.0 https://packages.wazuh.com/3.x/splunkapp/v3.7.0_7.2.0.tar.gz
7.1.3 3.6.1 https://packages.wazuh.com/3.x/splunkapp/v3.6.1_7.1.3.tar.gz
7.1.2 3.6.0 https://packages.wazuh.com/3.x/splunkapp/v3.6.0_7.1.2.tar.gz
7.1.2 3.5.0 https://packages.wazuh.com/3.x/splunkapp/v3.5.0_7.1.2.tar.gz
7.1.2 3.4.0 https://packages.wazuh.com/3.x/splunkapp/v3.4.0_7.1.2.tar.gz
7.1.1 3.3.1 https://packages.wazuh.com/3.x/splunkapp/v3.3.1_7.1.1.tar.gz
7.1.1 3.3.0 https://packages.wazuh.com/3.x/splunkapp/v3.3.0_7.1.1.tar.gz
7.1.1 3.2.4 https://packages.wazuh.com/3.x/splunkapp/v3.2.4_7.1.1.tar.gz
7.1.1 3.2.3 https://packages.wazuh.com/3.x/splunkapp/v3.2.3_7.1.1.tar.gz
7.1.1 3.2.2 https://packages.wazuh.com/3.x/splunkapp/v3.2.2_7.1.1.tar.gz
7.0.3 3.2.1 https://packages.wazuh.com/3.x/splunkapp/v3.2.1_7.0.3.tar.gz

Upgrade

Remove the app using splunk plugin tool

$SPLUNK_HOME/bin/splunk remove app SplunkAppForWazuh

Install the app

 $SPLUNK_HOME/bin/splunk install app <last package file>

Contribute

If you want to contribute to our project please don't hesitate to send a pull request. You can also join our users mailing list, by sending an email to mailto:wazuh+subscribe@googlegroups.com, to ask questions and participate in discussions.

Copyright & License

Copyright (C) 2015-2019 Wazuh, Inc.

This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.

Find more information about this on the LICENSE file.

References