From cb123292f46c50272eacdb685460b260c5020d33 Mon Sep 17 00:00:00 2001 From: Guido Modarelli Date: Wed, 15 Jan 2025 17:34:35 -0300 Subject: [PATCH 001/212] Add initial Wazuh Analysis plugin files and structure --- plugins/wazuh-analysis/.i18nrc.json | 7 +++ .../wazuh-analysis/opensearch_dashboards.json | 8 +++ plugins/wazuh-analysis/package.json | 25 ++++++++ plugins/wazuh-analysis/public/application.tsx | 23 ++++++++ .../public/components/analysis-app.tsx | 13 +++++ plugins/wazuh-analysis/public/plugin.ts | 58 +++++++++++++++++++ plugins/wazuh-analysis/public/types.ts | 5 ++ plugins/wazuh-analysis/tsconfig.json | 17 ++++++ 8 files changed, 156 insertions(+) create mode 100644 plugins/wazuh-analysis/.i18nrc.json create mode 100644 plugins/wazuh-analysis/opensearch_dashboards.json create mode 100644 plugins/wazuh-analysis/package.json create mode 100644 plugins/wazuh-analysis/public/application.tsx create mode 100644 plugins/wazuh-analysis/public/components/analysis-app.tsx create mode 100644 plugins/wazuh-analysis/public/plugin.ts create mode 100644 plugins/wazuh-analysis/public/types.ts create mode 100644 plugins/wazuh-analysis/tsconfig.json diff --git a/plugins/wazuh-analysis/.i18nrc.json b/plugins/wazuh-analysis/.i18nrc.json new file mode 100644 index 0000000000..2be1de408f --- /dev/null +++ b/plugins/wazuh-analysis/.i18nrc.json @@ -0,0 +1,7 @@ +{ + "prefix": "wazuhAnalysis", + "paths": { + "wazuhAnalysis": "." + }, + "translations": ["translations/en-US.json"] +} diff --git a/plugins/wazuh-analysis/opensearch_dashboards.json b/plugins/wazuh-analysis/opensearch_dashboards.json new file mode 100644 index 0000000000..04ed23c690 --- /dev/null +++ b/plugins/wazuh-analysis/opensearch_dashboards.json @@ -0,0 +1,8 @@ +{ + "id": "wazuhAnalysis", + "version": "5.0.0-00", + "opensearchDashboardsVersion": "opensearchDashboards", + "server": true, + "ui": true, + "requiredPlugins": [] +} diff --git a/plugins/wazuh-analysis/package.json b/plugins/wazuh-analysis/package.json new file mode 100644 index 0000000000..a4c3b166e6 --- /dev/null +++ b/plugins/wazuh-analysis/package.json @@ -0,0 +1,25 @@ +{ + "name": "wazuh-analysis", + "version": "5.0.0", + "revision": "00", + "pluginPlatform": { + "version": "2.18.0" + }, + "description": "Wazuh Analysis", + "private": true, + "scripts": { + "build": "yarn plugin-helpers build --opensearch-dashboards-version=$OPENSEARCH_DASHBOARDS_VERSION", + "plugin-helpers": "node ../../scripts/plugin_helpers", + "osd": "node ../../scripts/osd", + "test:ui:runner": "node ../../scripts/functional_test_runner.js", + "test:server": "plugin-helpers test:server", + "test:browser": "plugin-helpers test:browser", + "test:jest": "node scripts/jest --runInBand", + "test:jest:runner": "node scripts/runner test" + }, + "dependencies": {}, + "devDependencies": { + "@testing-library/user-event": "^14.5.2", + "@types/": "testing-library/user-event" + } +} diff --git a/plugins/wazuh-analysis/public/application.tsx b/plugins/wazuh-analysis/public/application.tsx new file mode 100644 index 0000000000..f7121d28ac --- /dev/null +++ b/plugins/wazuh-analysis/public/application.tsx @@ -0,0 +1,23 @@ +import React from 'react'; +import ReactDOM from 'react-dom'; +import { AppMountParameters } from 'opensearch-dashboards/public'; +import { + AnalysisApp, + AnalysisAppDependencies, +} from './components/analysis-app'; + +export const renderApp = async ( + { history, appBasePath, element }: AppMountParameters, + dependencies: AnalysisAppDependencies, +) => { + ReactDOM.render( + , + element, + ); + + return () => ReactDOM.unmountComponentAtNode(element); +}; diff --git a/plugins/wazuh-analysis/public/components/analysis-app.tsx b/plugins/wazuh-analysis/public/components/analysis-app.tsx new file mode 100644 index 0000000000..e68eed14f5 --- /dev/null +++ b/plugins/wazuh-analysis/public/components/analysis-app.tsx @@ -0,0 +1,13 @@ +import React from 'react'; +import { AppMountParameters } from '../../../../src/core/public'; + +// eslint-disable-next-line @typescript-eslint/no-empty-object-type +export interface AnalysisAppDependencies {} + +interface AnalysisAppProps { + appBasePath: string; + history: AppMountParameters['history']; + dependencies: AnalysisAppDependencies; +} + +export const AnalysisApp = (_props: AnalysisAppProps) => <>AnalysisApp; diff --git a/plugins/wazuh-analysis/public/plugin.ts b/plugins/wazuh-analysis/public/plugin.ts new file mode 100644 index 0000000000..5604a17b93 --- /dev/null +++ b/plugins/wazuh-analysis/public/plugin.ts @@ -0,0 +1,58 @@ +import { i18n } from '@osd/i18n'; +import { AppMountParameters } from 'opensearch-dashboards/public'; +import { App, CoreSetup, CoreStart, Plugin } from '../../../src/core/public'; +import { NavigationPublicPluginStart } from '../../../src/plugins/navigation/public'; +import { AnalysisSetup, AnalysisStart } from './types'; + +// eslint-disable-next-line @typescript-eslint/no-empty-object-type +interface AnalysisSetupDependencies {} + +interface AnalysisStartDependencies { + navigation: NavigationPublicPluginStart; +} + +export class AnalysisPlugin + implements + Plugin +{ + private readonly title = i18n.translate('analysis.title', { + defaultMessage: 'Analysis', + }); + + public setup( + core: CoreSetup, + _plugins: AnalysisSetupDependencies, + ): AnalysisSetup | Promise { + console.debug('AnalysisPlugin started'); + + const ApplicationsMap: Record> = { + analysis: { + title: this.title, + async mount(params: AppMountParameters) { + const { renderApp } = await import('./application'); + + return renderApp(params, {}); + }, + }, + }; + const APPLICATIONS = Object.entries(ApplicationsMap).map(([id, app]) => ({ + ...app, + id, + })); + + for (const app of APPLICATIONS) { + core.application.register(app); + } + + return {}; + } + + start( + _core: CoreStart, + _plugins: AnalysisStartDependencies, + ): AnalysisStart | Promise { + return {}; + } + + stop?(): void {} +} diff --git a/plugins/wazuh-analysis/public/types.ts b/plugins/wazuh-analysis/public/types.ts new file mode 100644 index 0000000000..e002a68974 --- /dev/null +++ b/plugins/wazuh-analysis/public/types.ts @@ -0,0 +1,5 @@ +// eslint-disable-next-line @typescript-eslint/no-empty-object-type +export interface AnalysisSetup {} + +// eslint-disable-next-line @typescript-eslint/no-empty-object-type +export interface AnalysisStart {} diff --git a/plugins/wazuh-analysis/tsconfig.json b/plugins/wazuh-analysis/tsconfig.json new file mode 100644 index 0000000000..cc7e3e157f --- /dev/null +++ b/plugins/wazuh-analysis/tsconfig.json @@ -0,0 +1,17 @@ +{ + "extends": "../../tsconfig.json", + "compilerOptions": { + "outDir": "./target", + "skipLibCheck": true + }, + "include": [ + "index.ts", + "common/**/*.ts", + "public/**/*.ts", + "public/**/*.tsx", + "server/**/*.ts", + "../../typings/**/*", + "public/hooks" + ], + "exclude": [] +} From 26231e4ac1ef8b4cf253acd345ce292fb390cf9c Mon Sep 17 00:00:00 2001 From: Guido Modarelli Date: Thu, 16 Jan 2025 09:43:22 -0300 Subject: [PATCH 002/212] Add wazuh-analysis plugin to dev.yml configuration --- docker/osd-dev/dev.yml | 1 + plugins/wazuh-analysis/yarn.lock | 12 ++++++++++++ 2 files changed, 13 insertions(+) create mode 100644 plugins/wazuh-analysis/yarn.lock diff --git a/docker/osd-dev/dev.yml b/docker/osd-dev/dev.yml index c07d2b6c6d..056390e1b5 100755 --- a/docker/osd-dev/dev.yml +++ b/docker/osd-dev/dev.yml @@ -246,6 +246,7 @@ services: - '${SRC}/wazuh-check-updates:/home/node/kbn/plugins/wazuh-check-updates' - '${SRC}/wazuh-engine:/home/node/kbn/plugins/wazuh-engine' - '${SRC}/wazuh-fleet:/home/node/kbn/plugins/wazuh-fleet' + - '${SRC}/wazuh-analysis:/home/node/kbn/plugins/wazuh-analysis' - wd_certs:/home/node/kbn/certs/ - ${WAZUH_DASHBOARD_CONF}:/home/node/kbn/config/opensearch_dashboards.yml - ./config/${OSD_MAJOR}/osd/wazuh.yml:/home/node/kbn/data/wazuh/config/wazuh.yml diff --git a/plugins/wazuh-analysis/yarn.lock b/plugins/wazuh-analysis/yarn.lock new file mode 100644 index 0000000000..bda17e6374 --- /dev/null +++ b/plugins/wazuh-analysis/yarn.lock @@ -0,0 +1,12 @@ +# THIS IS AN AUTOGENERATED FILE. DO NOT EDIT THIS FILE DIRECTLY. +# yarn lockfile v1 + + +"@testing-library/user-event@^14.5.2": + version "14.6.0" + resolved "https://registry.yarnpkg.com/@testing-library/user-event/-/user-event-14.6.0.tgz#6748ec1ac6df9291e92b6abc0f3530b3842bf34d" + integrity sha512-+jsfK7kVJbqnCYtLTln8Ja/NmVrZRwBJHmHR9IxIVccMWSOZ6Oy0FkDJNeyVu4QSpMNmRfy10Xb76ObRDlWWBQ== + +"@types/@testing-library/user-event": + version "0.0.0-semantically-released" + resolved "https://codeload.github.com/testing-library/user-event/tar.gz/a7f8c09f4063423241472c2af3514e198a255dc8" From 614fee5f11bb4b50f1f9891fa34bd6285edeb965 Mon Sep 17 00:00:00 2001 From: Guido Modarelli Date: Thu, 16 Jan 2025 12:01:59 -0300 Subject: [PATCH 003/212] Set server option to false in Wazuh Analysis plugin configuration --- plugins/wazuh-analysis/opensearch_dashboards.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/plugins/wazuh-analysis/opensearch_dashboards.json b/plugins/wazuh-analysis/opensearch_dashboards.json index 04ed23c690..5e60b18eb4 100644 --- a/plugins/wazuh-analysis/opensearch_dashboards.json +++ b/plugins/wazuh-analysis/opensearch_dashboards.json @@ -2,7 +2,7 @@ "id": "wazuhAnalysis", "version": "5.0.0-00", "opensearchDashboardsVersion": "opensearchDashboards", - "server": true, + "server": false, "ui": true, "requiredPlugins": [] } From 453d14738675fc2d856f6df827247341dcf50ee0 Mon Sep 17 00:00:00 2001 From: Guido Modarelli Date: Thu, 16 Jan 2025 12:20:44 -0300 Subject: [PATCH 004/212] Add initial implementation of the Wazuh Analysis plugin --- plugins/wazuh-analysis/public/index.ts | 9 +++++++++ 1 file changed, 9 insertions(+) create mode 100644 plugins/wazuh-analysis/public/index.ts diff --git a/plugins/wazuh-analysis/public/index.ts b/plugins/wazuh-analysis/public/index.ts new file mode 100644 index 0000000000..312e392c29 --- /dev/null +++ b/plugins/wazuh-analysis/public/index.ts @@ -0,0 +1,9 @@ +import { AnalysisPlugin } from './plugin'; + +// This exports static code and TypeScript types, +// as well as the OpenSearch Dashboards Platform `plugin()` initializer. +export function plugin() { + return new AnalysisPlugin(); +} + +export type { AnalysisSetup, AnalysisStart } from './types'; From a8509548c7603366a4db98061b222fdd3a97f1fe Mon Sep 17 00:00:00 2001 From: Guido Modarelli Date: Thu, 16 Jan 2025 15:17:33 -0300 Subject: [PATCH 005/212] Enforce no-empty-object-type rule in TypeScript files for Wazuh Analysis plugin --- .eslintrc.js | 4 ++++ plugins/wazuh-analysis/public/components/analysis-app.tsx | 1 - plugins/wazuh-analysis/public/plugin.ts | 1 - plugins/wazuh-analysis/public/types.ts | 2 -- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.eslintrc.js b/.eslintrc.js index 52b51c1614..cceaaae523 100644 --- a/.eslintrc.js +++ b/.eslintrc.js @@ -219,6 +219,10 @@ module.exports = { /* -------------------------------------------------------------------------- */ /* @typescript-eslint */ /* -------------------------------------------------------------------------- */ + '@typescript-eslint/no-empty-object-type': [ + 'error', + { allowInterfaces: 'always' }, + ], '@typescript-eslint/no-dynamic-delete': 'off', '@typescript-eslint/no-unused-vars': [ 'error', diff --git a/plugins/wazuh-analysis/public/components/analysis-app.tsx b/plugins/wazuh-analysis/public/components/analysis-app.tsx index e68eed14f5..89b1704ea9 100644 --- a/plugins/wazuh-analysis/public/components/analysis-app.tsx +++ b/plugins/wazuh-analysis/public/components/analysis-app.tsx @@ -1,7 +1,6 @@ import React from 'react'; import { AppMountParameters } from '../../../../src/core/public'; -// eslint-disable-next-line @typescript-eslint/no-empty-object-type export interface AnalysisAppDependencies {} interface AnalysisAppProps { diff --git a/plugins/wazuh-analysis/public/plugin.ts b/plugins/wazuh-analysis/public/plugin.ts index 5604a17b93..ecd95fcfa4 100644 --- a/plugins/wazuh-analysis/public/plugin.ts +++ b/plugins/wazuh-analysis/public/plugin.ts @@ -4,7 +4,6 @@ import { App, CoreSetup, CoreStart, Plugin } from '../../../src/core/public'; import { NavigationPublicPluginStart } from '../../../src/plugins/navigation/public'; import { AnalysisSetup, AnalysisStart } from './types'; -// eslint-disable-next-line @typescript-eslint/no-empty-object-type interface AnalysisSetupDependencies {} interface AnalysisStartDependencies { diff --git a/plugins/wazuh-analysis/public/types.ts b/plugins/wazuh-analysis/public/types.ts index e002a68974..9b30e4afbb 100644 --- a/plugins/wazuh-analysis/public/types.ts +++ b/plugins/wazuh-analysis/public/types.ts @@ -1,5 +1,3 @@ -// eslint-disable-next-line @typescript-eslint/no-empty-object-type export interface AnalysisSetup {} -// eslint-disable-next-line @typescript-eslint/no-empty-object-type export interface AnalysisStart {} From 269ed79a7ed9ff094cf8ec18b030a56c4542bd1b Mon Sep 17 00:00:00 2001 From: Guido Modarelli Date: Thu, 16 Jan 2025 17:47:58 -0300 Subject: [PATCH 006/212] Refactor AnalysisApp component to use EUI layout components --- .../wazuh-analysis/public/components/analysis-app.tsx | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/plugins/wazuh-analysis/public/components/analysis-app.tsx b/plugins/wazuh-analysis/public/components/analysis-app.tsx index 89b1704ea9..bfa6a542b6 100644 --- a/plugins/wazuh-analysis/public/components/analysis-app.tsx +++ b/plugins/wazuh-analysis/public/components/analysis-app.tsx @@ -1,4 +1,5 @@ import React from 'react'; +import { EuiPage, EuiPageBody, EuiPageContentBody } from '@elastic/eui'; import { AppMountParameters } from '../../../../src/core/public'; export interface AnalysisAppDependencies {} @@ -9,4 +10,10 @@ interface AnalysisAppProps { dependencies: AnalysisAppDependencies; } -export const AnalysisApp = (_props: AnalysisAppProps) => <>AnalysisApp; +export const AnalysisApp = (_props: AnalysisAppProps) => ( + + + AnalysisApp + + +); From 85d627fdccf2329525cbbb4215172262a46e4ead Mon Sep 17 00:00:00 2001 From: Guido Modarelli Date: Fri, 17 Jan 2025 11:38:32 -0300 Subject: [PATCH 007/212] Enable TTY for OSD development environment in dev.yml --- docker/osd-dev/dev.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/docker/osd-dev/dev.yml b/docker/osd-dev/dev.yml index 056390e1b5..29e34b139c 100755 --- a/docker/osd-dev/dev.yml +++ b/docker/osd-dev/dev.yml @@ -239,6 +239,7 @@ services: - ${OSD_PORT}:5601 environment: - 'LOGS=/proc/1/fd/1' + tty: true volumes: - osd_cache:/home/node/.cache - '${SRC}/main:/home/node/kbn/plugins/main' From 07dffbb884b0c7dc5f9b6fce4ee1970e987b5b97 Mon Sep 17 00:00:00 2001 From: Guido Modarelli Date: Fri, 17 Jan 2025 11:39:02 -0300 Subject: [PATCH 008/212] Add TypeScript types for React and ReactDOM as dev dependencies --- package.json | 2 ++ yarn.lock | 17 +++++++++++++++++ 2 files changed, 19 insertions(+) diff --git a/package.json b/package.json index 73994b0ed9..819bb59731 100644 --- a/package.json +++ b/package.json @@ -8,6 +8,8 @@ }, "devDependencies": { "@stylistic/eslint-plugin": "^2.11.0", + "@types/react": "^19.0.7", + "@types/react-dom": "^19.0.3", "@typescript-eslint/eslint-plugin": "^8.16.0", "@typescript-eslint/parser": "^8.16.0", "eslint": "^8.57.1", diff --git a/yarn.lock b/yarn.lock index f7bc471275..2d20336bc7 100644 --- a/yarn.lock +++ b/yarn.lock @@ -136,6 +136,18 @@ resolved "https://registry.yarnpkg.com/@types/normalize-package-data/-/normalize-package-data-2.4.4.tgz#56e2cc26c397c038fab0e3a917a12d5c5909e901" integrity sha512-37i+OaWTh9qeK4LSHPsyRC7NahnGotNuZvjLSgcPzblpHB3rrCJxAOgI5gCdKm7coonsaX1Of0ILiTcnZjbfxA== +"@types/react-dom@^19.0.3": + version "19.0.3" + resolved "https://registry.yarnpkg.com/@types/react-dom/-/react-dom-19.0.3.tgz#0804dfd279a165d5a0ad8b53a5b9e65f338050a4" + integrity sha512-0Knk+HJiMP/qOZgMyNFamlIjw9OFCsyC2ZbigmEEyXXixgre6IQpm/4V+r3qH4GC1JPvRJKInw+on2rV6YZLeA== + +"@types/react@^19.0.7": + version "19.0.7" + resolved "https://registry.yarnpkg.com/@types/react/-/react-19.0.7.tgz#c451968b999d1cb2d9207dc5ff56496164cf511d" + integrity sha512-MoFsEJKkAtZCrC1r6CM8U22GzhG7u2Wir8ons/aCKH6MBdD1ibV24zOSSkdZVUKqN5i396zG5VKLYZ3yaUZdLA== + dependencies: + csstype "^3.0.2" + "@typescript-eslint/eslint-plugin@^8.16.0": version "8.16.0" resolved "https://registry.yarnpkg.com/@typescript-eslint/eslint-plugin/-/eslint-plugin-8.16.0.tgz#ac56825bcdf3b392fc76a94b1315d4a162f201a6" @@ -598,6 +610,11 @@ cross-spawn@^7.0.2: shebang-command "^2.0.0" which "^2.0.1" +csstype@^3.0.2: + version "3.1.3" + resolved "https://registry.yarnpkg.com/csstype/-/csstype-3.1.3.tgz#d80ff294d114fb0e6ac500fbf85b60137d7eff81" + integrity sha512-M1uQkMl8rQK/szD0LNhtqxIPLpimGm8sOBwU7lLnCpSbTyY3yeU1Vc7l4KT5zT4s/yOxHH5O7tIuuLOCnLADRw== + data-view-buffer@^1.0.1: version "1.0.1" resolved "https://registry.yarnpkg.com/data-view-buffer/-/data-view-buffer-1.0.1.tgz#8ea6326efec17a2e42620696e671d7d5a8bc66b2" From 7ba426ba4a66c43b407e4805c8a9752edd69a05a Mon Sep 17 00:00:00 2001 From: Guido Modarelli Date: Fri, 17 Jan 2025 12:22:09 -0300 Subject: [PATCH 009/212] Add translation messages and application categories for Wazuh Analysis plugin --- plugins/wazuh-analysis/public/plugin.ts | 63 ++++++++++++++++++++++--- 1 file changed, 57 insertions(+), 6 deletions(-) diff --git a/plugins/wazuh-analysis/public/plugin.ts b/plugins/wazuh-analysis/public/plugin.ts index ecd95fcfa4..75cd5db239 100644 --- a/plugins/wazuh-analysis/public/plugin.ts +++ b/plugins/wazuh-analysis/public/plugin.ts @@ -1,5 +1,5 @@ import { i18n } from '@osd/i18n'; -import { AppMountParameters } from 'opensearch-dashboards/public'; +import { AppCategory, AppMountParameters } from 'opensearch-dashboards/public'; import { App, CoreSetup, CoreStart, Plugin } from '../../../src/core/public'; import { NavigationPublicPluginStart } from '../../../src/plugins/navigation/public'; import { AnalysisSetup, AnalysisStart } from './types'; @@ -14,9 +14,28 @@ export class AnalysisPlugin implements Plugin { - private readonly title = i18n.translate('analysis.title', { - defaultMessage: 'Analysis', - }); + private readonly translationMessages = { + ANALYSIS_PLUGIN_TITLE: i18n.translate('analysis.title', { + defaultMessage: 'Analysis', + }), + ENDPOINT_SECURITY: i18n.translate('analysis.endpoint_security', { + defaultMessage: 'Endpoint Security', + }), + THREAT_INTELLIGENCE: i18n.translate('analysis.threat_intelligence', { + defaultMessage: 'Threat Intelligence', + }), + SECURITY_OPERATIONS: i18n.translate('analysis.security_operations', { + defaultMessage: 'Security Operations', + }), + CLOUD_SECURITY: i18n.translate('analysis.cloud_security', { + defaultMessage: 'Cloud Security', + }), + }; + private readonly CATEGORY: AppCategory = { + id: 'analysis', + label: this.translationMessages.ANALYSIS_PLUGIN_TITLE, + order: 5000, + }; public setup( core: CoreSetup, @@ -25,9 +44,41 @@ export class AnalysisPlugin console.debug('AnalysisPlugin started'); const ApplicationsMap: Record> = { - analysis: { - title: this.title, + endpoint_security: { + title: this.translationMessages.ENDPOINT_SECURITY, + category: this.CATEGORY, async mount(params: AppMountParameters) { + // TODO: Implement the endpoint security application + const { renderApp } = await import('./application'); + + return renderApp(params, {}); + }, + }, + threat_intelligence: { + title: this.translationMessages.THREAT_INTELLIGENCE, + category: this.CATEGORY, + async mount(params: AppMountParameters) { + // TODO: Implement the threat intelligence application + const { renderApp } = await import('./application'); + + return renderApp(params, {}); + }, + }, + security_operations: { + title: this.translationMessages.SECURITY_OPERATIONS, + category: this.CATEGORY, + async mount(params: AppMountParameters) { + // TODO: Implement the security operations application + const { renderApp } = await import('./application'); + + return renderApp(params, {}); + }, + }, + cloud_security: { + title: this.translationMessages.CLOUD_SECURITY, + category: this.CATEGORY, + async mount(params: AppMountParameters) { + // TODO: Implement the cloud security application const { renderApp } = await import('./application'); return renderApp(params, {}); From 48c45aeff67542ec437b3b03e3c7505d9796a065 Mon Sep 17 00:00:00 2001 From: Guido Modarelli Date: Fri, 17 Jan 2025 17:23:16 -0300 Subject: [PATCH 010/212] Refactor AnalysisPlugin to use constants for plugin and category IDs --- plugins/wazuh-analysis/public/plugin.ts | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/plugins/wazuh-analysis/public/plugin.ts b/plugins/wazuh-analysis/public/plugin.ts index 75cd5db239..868eba971f 100644 --- a/plugins/wazuh-analysis/public/plugin.ts +++ b/plugins/wazuh-analysis/public/plugin.ts @@ -2,6 +2,7 @@ import { i18n } from '@osd/i18n'; import { AppCategory, AppMountParameters } from 'opensearch-dashboards/public'; import { App, CoreSetup, CoreStart, Plugin } from '../../../src/core/public'; import { NavigationPublicPluginStart } from '../../../src/plugins/navigation/public'; +import { OmitStrict } from '../../wazuh-core/common/types'; import { AnalysisSetup, AnalysisStart } from './types'; interface AnalysisSetupDependencies {} @@ -14,6 +15,11 @@ export class AnalysisPlugin implements Plugin { + private readonly PLUGIN_ID = 'analysis'; + private readonly ENDPOINT_SECURITY_ID = 'endpoint_security'; + private readonly THREAT_INTELLIGENCE_ID = 'threat_intelligence'; + private readonly SECURITY_OPERATIONS_ID = 'security_operations'; + private readonly CLOUD_SECURITY_ID = 'cloud_security'; private readonly translationMessages = { ANALYSIS_PLUGIN_TITLE: i18n.translate('analysis.title', { defaultMessage: 'Analysis', @@ -32,7 +38,7 @@ export class AnalysisPlugin }), }; private readonly CATEGORY: AppCategory = { - id: 'analysis', + id: this.PLUGIN_ID, label: this.translationMessages.ANALYSIS_PLUGIN_TITLE, order: 5000, }; @@ -43,7 +49,7 @@ export class AnalysisPlugin ): AnalysisSetup | Promise { console.debug('AnalysisPlugin started'); - const ApplicationsMap: Record> = { + const ApplicationsMap: Record> = { endpoint_security: { title: this.translationMessages.ENDPOINT_SECURITY, category: this.CATEGORY, From 72cc11b773f22a5cd496148d1a8448298996d873 Mon Sep 17 00:00:00 2001 From: Guido Modarelli Date: Fri, 17 Jan 2025 17:23:52 -0300 Subject: [PATCH 011/212] Add navigation links for security categories in AnalysisPlugin --- plugins/wazuh-analysis/public/plugin.ts | 63 +++++++++++++++++++++---- 1 file changed, 54 insertions(+), 9 deletions(-) diff --git a/plugins/wazuh-analysis/public/plugin.ts b/plugins/wazuh-analysis/public/plugin.ts index 868eba971f..30536ca4bd 100644 --- a/plugins/wazuh-analysis/public/plugin.ts +++ b/plugins/wazuh-analysis/public/plugin.ts @@ -1,6 +1,12 @@ import { i18n } from '@osd/i18n'; import { AppCategory, AppMountParameters } from 'opensearch-dashboards/public'; -import { App, CoreSetup, CoreStart, Plugin } from '../../../src/core/public'; +import { + App, + CoreSetup, + CoreStart, + Plugin, + DEFAULT_NAV_GROUPS, +} from '../../../src/core/public'; import { NavigationPublicPluginStart } from '../../../src/plugins/navigation/public'; import { OmitStrict } from '../../wazuh-core/common/types'; import { AnalysisSetup, AnalysisStart } from './types'; @@ -24,18 +30,30 @@ export class AnalysisPlugin ANALYSIS_PLUGIN_TITLE: i18n.translate('analysis.title', { defaultMessage: 'Analysis', }), - ENDPOINT_SECURITY: i18n.translate('analysis.endpoint_security', { + ENDPOINT_SECURITY: i18n.translate( + `analysis.category.${this.ENDPOINT_SECURITY_ID}`, + { defaultMessage: 'Endpoint Security', - }), - THREAT_INTELLIGENCE: i18n.translate('analysis.threat_intelligence', { + }, + ), + THREAT_INTELLIGENCE: i18n.translate( + `analysis.category.${this.THREAT_INTELLIGENCE_ID}`, + { defaultMessage: 'Threat Intelligence', - }), - SECURITY_OPERATIONS: i18n.translate('analysis.security_operations', { + }, + ), + SECURITY_OPERATIONS: i18n.translate( + `analysis.category.${this.SECURITY_OPERATIONS_ID}`, + { defaultMessage: 'Security Operations', - }), - CLOUD_SECURITY: i18n.translate('analysis.cloud_security', { + }, + ), + CLOUD_SECURITY: i18n.translate( + `analysis.category.${this.CLOUD_SECURITY_ID}`, + { defaultMessage: 'Cloud Security', - }), + }, + ), }; private readonly CATEGORY: AppCategory = { id: this.PLUGIN_ID, @@ -100,6 +118,33 @@ export class AnalysisPlugin core.application.register(app); } + core.chrome.navGroup.addNavLinksToGroup(DEFAULT_NAV_GROUPS.all, [ + { + id: this.ENDPOINT_SECURITY_ID, + title: this.translationMessages.ENDPOINT_SECURITY, + order: 0, + category: this.CATEGORY, + }, + { + id: this.THREAT_INTELLIGENCE_ID, + title: this.translationMessages.THREAT_INTELLIGENCE, + order: 1, + category: this.CATEGORY, + }, + { + id: this.SECURITY_OPERATIONS_ID, + title: this.translationMessages.SECURITY_OPERATIONS, + order: 2, + category: this.CATEGORY, + }, + { + id: this.CLOUD_SECURITY_ID, + title: this.translationMessages.CLOUD_SECURITY, + order: 3, + category: this.CATEGORY, + }, + ]); + return {}; } From 5d3d3455a5d32add72e755ca9ea63b984d02db7e Mon Sep 17 00:00:00 2001 From: Guido Modarelli Date: Fri, 17 Jan 2025 17:24:50 -0300 Subject: [PATCH 012/212] Fix indentation in translation messages for analysis categories in Wazuh Analysis plugin --- plugins/wazuh-analysis/public/plugin.ts | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/plugins/wazuh-analysis/public/plugin.ts b/plugins/wazuh-analysis/public/plugin.ts index 30536ca4bd..b02d43640b 100644 --- a/plugins/wazuh-analysis/public/plugin.ts +++ b/plugins/wazuh-analysis/public/plugin.ts @@ -33,25 +33,25 @@ export class AnalysisPlugin ENDPOINT_SECURITY: i18n.translate( `analysis.category.${this.ENDPOINT_SECURITY_ID}`, { - defaultMessage: 'Endpoint Security', + defaultMessage: 'Endpoint Security', }, ), THREAT_INTELLIGENCE: i18n.translate( `analysis.category.${this.THREAT_INTELLIGENCE_ID}`, { - defaultMessage: 'Threat Intelligence', + defaultMessage: 'Threat Intelligence', }, ), SECURITY_OPERATIONS: i18n.translate( `analysis.category.${this.SECURITY_OPERATIONS_ID}`, { - defaultMessage: 'Security Operations', + defaultMessage: 'Security Operations', }, ), CLOUD_SECURITY: i18n.translate( `analysis.category.${this.CLOUD_SECURITY_ID}`, { - defaultMessage: 'Cloud Security', + defaultMessage: 'Cloud Security', }, ), }; From a09696d22e5b581c055d15c13913cae22a2fd59c Mon Sep 17 00:00:00 2001 From: Guido Modarelli Date: Mon, 20 Jan 2025 11:07:17 -0300 Subject: [PATCH 013/212] Refactor translation keys in AnalysisPlugin to use plugin ID for consistency --- plugins/wazuh-analysis/public/plugin.ts | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/plugins/wazuh-analysis/public/plugin.ts b/plugins/wazuh-analysis/public/plugin.ts index b02d43640b..b5fd1c385b 100644 --- a/plugins/wazuh-analysis/public/plugin.ts +++ b/plugins/wazuh-analysis/public/plugin.ts @@ -31,25 +31,25 @@ export class AnalysisPlugin defaultMessage: 'Analysis', }), ENDPOINT_SECURITY: i18n.translate( - `analysis.category.${this.ENDPOINT_SECURITY_ID}`, + `${this.PLUGIN_ID}.category.${this.ENDPOINT_SECURITY_ID}`, { defaultMessage: 'Endpoint Security', }, ), THREAT_INTELLIGENCE: i18n.translate( - `analysis.category.${this.THREAT_INTELLIGENCE_ID}`, + `${this.PLUGIN_ID}.category.${this.THREAT_INTELLIGENCE_ID}`, { defaultMessage: 'Threat Intelligence', }, ), SECURITY_OPERATIONS: i18n.translate( - `analysis.category.${this.SECURITY_OPERATIONS_ID}`, + `${this.PLUGIN_ID}.category.${this.SECURITY_OPERATIONS_ID}`, { defaultMessage: 'Security Operations', }, ), CLOUD_SECURITY: i18n.translate( - `analysis.category.${this.CLOUD_SECURITY_ID}`, + `${this.PLUGIN_ID}.category.${this.CLOUD_SECURITY_ID}`, { defaultMessage: 'Cloud Security', }, From 4253b06b307dceae11e77e4418c7fb4a9e85c1aa Mon Sep 17 00:00:00 2001 From: Guido Modarelli Date: Mon, 20 Jan 2025 16:22:30 -0300 Subject: [PATCH 014/212] Add translation messages for new categories in AnalysisPlugin --- plugins/wazuh-analysis/public/plugin.ts | 69 ++++++++++++++++++++----- 1 file changed, 57 insertions(+), 12 deletions(-) diff --git a/plugins/wazuh-analysis/public/plugin.ts b/plugins/wazuh-analysis/public/plugin.ts index b5fd1c385b..324178b2f0 100644 --- a/plugins/wazuh-analysis/public/plugin.ts +++ b/plugins/wazuh-analysis/public/plugin.ts @@ -26,34 +26,52 @@ export class AnalysisPlugin private readonly THREAT_INTELLIGENCE_ID = 'threat_intelligence'; private readonly SECURITY_OPERATIONS_ID = 'security_operations'; private readonly CLOUD_SECURITY_ID = 'cloud_security'; + private readonly CONFIGURATION_ASSESSMENT_ID = 'configuration_assessment'; + private readonly MALWARE_DETECTION_ID = 'malware_detection'; + private readonly FIM_ID = 'fim'; private readonly translationMessages = { ANALYSIS_PLUGIN_TITLE: i18n.translate('analysis.title', { defaultMessage: 'Analysis', }), - ENDPOINT_SECURITY: i18n.translate( + ENDPOINT_SECURITY_TITLE: i18n.translate( `${this.PLUGIN_ID}.category.${this.ENDPOINT_SECURITY_ID}`, { defaultMessage: 'Endpoint Security', }, ), - THREAT_INTELLIGENCE: i18n.translate( + THREAT_INTELLIGENCE_TITLE: i18n.translate( `${this.PLUGIN_ID}.category.${this.THREAT_INTELLIGENCE_ID}`, { defaultMessage: 'Threat Intelligence', }, ), - SECURITY_OPERATIONS: i18n.translate( + SECURITY_OPERATIONS_TITLE: i18n.translate( `${this.PLUGIN_ID}.category.${this.SECURITY_OPERATIONS_ID}`, { defaultMessage: 'Security Operations', }, ), - CLOUD_SECURITY: i18n.translate( + CLOUD_SECURITY_TITLE: i18n.translate( `${this.PLUGIN_ID}.category.${this.CLOUD_SECURITY_ID}`, { defaultMessage: 'Cloud Security', }, ), + CONFIGURATION_ASSESSMENT_TITLE: i18n.translate( + `${this.PLUGIN_ID}.category.${this.CONFIGURATION_ASSESSMENT_ID}`, + { + defaultMessage: 'Configuration Assessment', + }, + ), + MALWARE_DETECTION_TITLE: i18n.translate( + `${this.PLUGIN_ID}.category.${this.MALWARE_DETECTION_ID}`, + { + defaultMessage: 'Malware Detection', + }, + ), + FIM_TITLE: i18n.translate(`${this.PLUGIN_ID}.category.${this.FIM_ID}`, { + defaultMessage: 'File Integrity Monitoring', + }), }; private readonly CATEGORY: AppCategory = { id: this.PLUGIN_ID, @@ -69,7 +87,7 @@ export class AnalysisPlugin const ApplicationsMap: Record> = { endpoint_security: { - title: this.translationMessages.ENDPOINT_SECURITY, + title: this.translationMessages.ENDPOINT_SECURITY_TITLE, category: this.CATEGORY, async mount(params: AppMountParameters) { // TODO: Implement the endpoint security application @@ -79,7 +97,7 @@ export class AnalysisPlugin }, }, threat_intelligence: { - title: this.translationMessages.THREAT_INTELLIGENCE, + title: this.translationMessages.THREAT_INTELLIGENCE_TITLE, category: this.CATEGORY, async mount(params: AppMountParameters) { // TODO: Implement the threat intelligence application @@ -89,7 +107,7 @@ export class AnalysisPlugin }, }, security_operations: { - title: this.translationMessages.SECURITY_OPERATIONS, + title: this.translationMessages.SECURITY_OPERATIONS_TITLE, category: this.CATEGORY, async mount(params: AppMountParameters) { // TODO: Implement the security operations application @@ -99,12 +117,39 @@ export class AnalysisPlugin }, }, cloud_security: { - title: this.translationMessages.CLOUD_SECURITY, + title: this.translationMessages.CLOUD_SECURITY_TITLE, category: this.CATEGORY, async mount(params: AppMountParameters) { // TODO: Implement the cloud security application const { renderApp } = await import('./application'); + return renderApp(params, {}); + }, + }, + configuration_assessment: { + title: this.translationMessages.CONFIGURATION_ASSESSMENT_TITLE, + async mount(params: AppMountParameters) { + // TODO: Implement the configuration assessment application + const { renderApp } = await import('./application'); + + return renderApp(params, {}); + }, + }, + malware_detection: { + title: this.translationMessages.MALWARE_DETECTION_TITLE, + async mount(params: AppMountParameters) { + // TODO: Implement the malware detection application + const { renderApp } = await import('./application'); + + return renderApp(params, {}); + }, + }, + fim: { + title: this.translationMessages.FIM_TITLE, + async mount(params: AppMountParameters) { + // TODO: Implement the fim application + const { renderApp } = await import('./application'); + return renderApp(params, {}); }, }, @@ -121,25 +166,25 @@ export class AnalysisPlugin core.chrome.navGroup.addNavLinksToGroup(DEFAULT_NAV_GROUPS.all, [ { id: this.ENDPOINT_SECURITY_ID, - title: this.translationMessages.ENDPOINT_SECURITY, + title: this.translationMessages.ENDPOINT_SECURITY_TITLE, order: 0, category: this.CATEGORY, }, { id: this.THREAT_INTELLIGENCE_ID, - title: this.translationMessages.THREAT_INTELLIGENCE, + title: this.translationMessages.THREAT_INTELLIGENCE_TITLE, order: 1, category: this.CATEGORY, }, { id: this.SECURITY_OPERATIONS_ID, - title: this.translationMessages.SECURITY_OPERATIONS, + title: this.translationMessages.SECURITY_OPERATIONS_TITLE, order: 2, category: this.CATEGORY, }, { id: this.CLOUD_SECURITY_ID, - title: this.translationMessages.CLOUD_SECURITY, + title: this.translationMessages.CLOUD_SECURITY_TITLE, order: 3, category: this.CATEGORY, }, From 65f972fb13c8d06e2e21a9a80a46468d90b9a0d0 Mon Sep 17 00:00:00 2001 From: Guido Modarelli Date: Mon, 20 Jan 2025 16:27:53 -0300 Subject: [PATCH 015/212] Refactor AnalysisPlugin to use dynamic keys for application IDs --- plugins/wazuh-analysis/public/plugin.ts | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/plugins/wazuh-analysis/public/plugin.ts b/plugins/wazuh-analysis/public/plugin.ts index 324178b2f0..77d2bed5b8 100644 --- a/plugins/wazuh-analysis/public/plugin.ts +++ b/plugins/wazuh-analysis/public/plugin.ts @@ -86,7 +86,7 @@ export class AnalysisPlugin console.debug('AnalysisPlugin started'); const ApplicationsMap: Record> = { - endpoint_security: { + [this.ENDPOINT_SECURITY_ID]: { title: this.translationMessages.ENDPOINT_SECURITY_TITLE, category: this.CATEGORY, async mount(params: AppMountParameters) { @@ -96,7 +96,7 @@ export class AnalysisPlugin return renderApp(params, {}); }, }, - threat_intelligence: { + [this.THREAT_INTELLIGENCE_ID]: { title: this.translationMessages.THREAT_INTELLIGENCE_TITLE, category: this.CATEGORY, async mount(params: AppMountParameters) { @@ -106,7 +106,7 @@ export class AnalysisPlugin return renderApp(params, {}); }, }, - security_operations: { + [this.SECURITY_OPERATIONS_ID]: { title: this.translationMessages.SECURITY_OPERATIONS_TITLE, category: this.CATEGORY, async mount(params: AppMountParameters) { @@ -116,7 +116,7 @@ export class AnalysisPlugin return renderApp(params, {}); }, }, - cloud_security: { + [this.CLOUD_SECURITY_ID]: { title: this.translationMessages.CLOUD_SECURITY_TITLE, category: this.CATEGORY, async mount(params: AppMountParameters) { @@ -126,7 +126,7 @@ export class AnalysisPlugin return renderApp(params, {}); }, }, - configuration_assessment: { + [this.CONFIGURATION_ASSESSMENT_ID]: { title: this.translationMessages.CONFIGURATION_ASSESSMENT_TITLE, async mount(params: AppMountParameters) { // TODO: Implement the configuration assessment application @@ -135,7 +135,7 @@ export class AnalysisPlugin return renderApp(params, {}); }, }, - malware_detection: { + [this.MALWARE_DETECTION_ID]: { title: this.translationMessages.MALWARE_DETECTION_TITLE, async mount(params: AppMountParameters) { // TODO: Implement the malware detection application @@ -144,7 +144,7 @@ export class AnalysisPlugin return renderApp(params, {}); }, }, - fim: { + [this.FIM_ID]: { title: this.translationMessages.FIM_TITLE, async mount(params: AppMountParameters) { // TODO: Implement the fim application From 5fd61ce0ede57559c5a11f28654207d849f4c552 Mon Sep 17 00:00:00 2001 From: Guido Modarelli Date: Mon, 20 Jan 2025 17:55:38 -0300 Subject: [PATCH 016/212] Add navigation links for configuration assessment, malware detection, and FIM in AnalysisPlugin --- plugins/wazuh-analysis/public/plugin.ts | 35 ++++++++++++++++++++++++- 1 file changed, 34 insertions(+), 1 deletion(-) diff --git a/plugins/wazuh-analysis/public/plugin.ts b/plugins/wazuh-analysis/public/plugin.ts index 77d2bed5b8..0f2850a3f8 100644 --- a/plugins/wazuh-analysis/public/plugin.ts +++ b/plugins/wazuh-analysis/public/plugin.ts @@ -1,5 +1,9 @@ import { i18n } from '@osd/i18n'; -import { AppCategory, AppMountParameters } from 'opensearch-dashboards/public'; +import { + AppCategory, + AppMountParameters, + ChromeNavGroup, +} from 'opensearch-dashboards/public'; import { App, CoreSetup, @@ -163,6 +167,35 @@ export class AnalysisPlugin core.application.register(app); } + const navGroups = { + [this.ENDPOINT_SECURITY_ID]: { + id: this.ENDPOINT_SECURITY_ID, + title: this.translationMessages.ENDPOINT_SECURITY_TITLE, + description: this.translationMessages.ENDPOINT_SECURITY_DESCRIPTION, + }, + } satisfies Record; + + core.chrome.navGroup.addNavLinksToGroup( + navGroups[this.ENDPOINT_SECURITY_ID], + [ + { + // Configuration assessment + id: this.CONFIGURATION_ASSESSMENT_ID, + title: this.translationMessages.CONFIGURATION_ASSESSMENT_TITLE, + }, + { + // Malware detection + id: this.MALWARE_DETECTION_ID, + title: this.translationMessages.MALWARE_DETECTION_TITLE, + }, + { + // FIM + id: this.FIM_ID, + title: this.translationMessages.FIM_TITLE, + }, + ], + ); + core.chrome.navGroup.addNavLinksToGroup(DEFAULT_NAV_GROUPS.all, [ { id: this.ENDPOINT_SECURITY_ID, From ce4b49dffdc4b858e0a1c640d5d24dd81a5daaca Mon Sep 17 00:00:00 2001 From: Guido Modarelli Date: Mon, 20 Jan 2025 17:56:35 -0300 Subject: [PATCH 017/212] Add function to navigate to the first app in a navigation group --- plugins/wazuh-analysis/public/plugin.ts | 33 +++++++++++++++++++++++++ 1 file changed, 33 insertions(+) diff --git a/plugins/wazuh-analysis/public/plugin.ts b/plugins/wazuh-analysis/public/plugin.ts index 0f2850a3f8..ee48bf1da9 100644 --- a/plugins/wazuh-analysis/public/plugin.ts +++ b/plugins/wazuh-analysis/public/plugin.ts @@ -4,6 +4,7 @@ import { AppMountParameters, ChromeNavGroup, } from 'opensearch-dashboards/public'; +import { first } from 'rxjs/operators'; import { App, CoreSetup, @@ -21,6 +22,38 @@ interface AnalysisStartDependencies { navigation: NavigationPublicPluginStart; } +/** + * The function `navigateToFirstAppInNavGroup` sets the current navigation group, + * retrieves the first navigation item within that group, and navigates to the + * corresponding application if it exists. + * @param {CoreStart} coreStart + * @param {string} navGroupId - The `navGroupId` parameter is a string that + * represents the unique identifier of a navigation group within the application. + */ +const navigateToFirstAppInNavGroup = async ( + coreStart: CoreStart, + navGroupId: string, +) => { + // Set the current nav group + coreStart.chrome.navGroup.setCurrentNavGroup(navGroupId); + + // Get the current nav group + const navGroupMap = await coreStart.chrome.navGroup + .getNavGroupsMap$() + .pipe(first()) + .toPromise(); + + // Get the first nav item, if it exists navigate to the app + if (navGroupMap) { + const navGroup = navGroupMap[navGroupId]; + const firstNavItem = navGroup?.navLinks[0]; + + if (firstNavItem?.id) { + coreStart.application.navigateToApp(firstNavItem.id); + } + } +}; + export class AnalysisPlugin implements Plugin From 7139c255e050fdbe1a26018e7645c90d80ddb1ec Mon Sep 17 00:00:00 2001 From: Guido Modarelli Date: Mon, 20 Jan 2025 17:57:06 -0300 Subject: [PATCH 018/212] Update application IDs in AnalysisPlugin to include endpoint security path --- plugins/wazuh-analysis/public/plugin.ts | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/plugins/wazuh-analysis/public/plugin.ts b/plugins/wazuh-analysis/public/plugin.ts index ee48bf1da9..72fd1c334c 100644 --- a/plugins/wazuh-analysis/public/plugin.ts +++ b/plugins/wazuh-analysis/public/plugin.ts @@ -63,9 +63,12 @@ export class AnalysisPlugin private readonly THREAT_INTELLIGENCE_ID = 'threat_intelligence'; private readonly SECURITY_OPERATIONS_ID = 'security_operations'; private readonly CLOUD_SECURITY_ID = 'cloud_security'; - private readonly CONFIGURATION_ASSESSMENT_ID = 'configuration_assessment'; - private readonly MALWARE_DETECTION_ID = 'malware_detection'; - private readonly FIM_ID = 'fim'; + private readonly CONFIGURATION_ASSESSMENT_ID = + this.ENDPOINT_SECURITY_ID + encodeURIComponent('/configuration_assessment'); + private readonly MALWARE_DETECTION_ID = + this.ENDPOINT_SECURITY_ID + encodeURIComponent('/malware_detection'); + private readonly FIM_ID = + this.ENDPOINT_SECURITY_ID + encodeURIComponent('/fim'); private readonly translationMessages = { ANALYSIS_PLUGIN_TITLE: i18n.translate('analysis.title', { defaultMessage: 'Analysis', From fbb9911d1ea01a8b548daddb3c4d0109edac345e Mon Sep 17 00:00:00 2001 From: Guido Modarelli Date: Mon, 20 Jan 2025 17:57:41 -0300 Subject: [PATCH 019/212] Remove category assignment from threat intelligence application in AnalysisPlugin --- plugins/wazuh-analysis/public/plugin.ts | 1 - 1 file changed, 1 deletion(-) diff --git a/plugins/wazuh-analysis/public/plugin.ts b/plugins/wazuh-analysis/public/plugin.ts index 72fd1c334c..2f553ee982 100644 --- a/plugins/wazuh-analysis/public/plugin.ts +++ b/plugins/wazuh-analysis/public/plugin.ts @@ -138,7 +138,6 @@ export class AnalysisPlugin }, [this.THREAT_INTELLIGENCE_ID]: { title: this.translationMessages.THREAT_INTELLIGENCE_TITLE, - category: this.CATEGORY, async mount(params: AppMountParameters) { // TODO: Implement the threat intelligence application const { renderApp } = await import('./application'); From f187e2f598093ebfbb0487a255e0bea04688912f Mon Sep 17 00:00:00 2001 From: Guido Modarelli Date: Mon, 20 Jan 2025 17:57:56 -0300 Subject: [PATCH 020/212] Add description for endpoint security category in AnalysisPlugin --- plugins/wazuh-analysis/public/plugin.ts | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/plugins/wazuh-analysis/public/plugin.ts b/plugins/wazuh-analysis/public/plugin.ts index 2f553ee982..287d4ad81a 100644 --- a/plugins/wazuh-analysis/public/plugin.ts +++ b/plugins/wazuh-analysis/public/plugin.ts @@ -79,6 +79,13 @@ export class AnalysisPlugin defaultMessage: 'Endpoint Security', }, ), + ENDPOINT_SECURITY_DESCRIPTION: i18n.translate( + `${this.PLUGIN_ID}.category.${this.ENDPOINT_SECURITY_ID}.description`, + { + defaultMessage: + 'Advanced monitoring and protection for devices against security threats.', + }, + ), THREAT_INTELLIGENCE_TITLE: i18n.translate( `${this.PLUGIN_ID}.category.${this.THREAT_INTELLIGENCE_ID}`, { From 4f8ef8c7a7528bda1aecdaec9a2cfa1203e3de9d Mon Sep 17 00:00:00 2001 From: Guido Modarelli Date: Mon, 20 Jan 2025 17:58:19 -0300 Subject: [PATCH 021/212] Remove category assignment from endpoint security application in AnalysisPlugin --- plugins/wazuh-analysis/public/plugin.ts | 1 - 1 file changed, 1 deletion(-) diff --git a/plugins/wazuh-analysis/public/plugin.ts b/plugins/wazuh-analysis/public/plugin.ts index 287d4ad81a..0dc2e0ae49 100644 --- a/plugins/wazuh-analysis/public/plugin.ts +++ b/plugins/wazuh-analysis/public/plugin.ts @@ -135,7 +135,6 @@ export class AnalysisPlugin const ApplicationsMap: Record> = { [this.ENDPOINT_SECURITY_ID]: { title: this.translationMessages.ENDPOINT_SECURITY_TITLE, - category: this.CATEGORY, async mount(params: AppMountParameters) { // TODO: Implement the endpoint security application const { renderApp } = await import('./application'); From 9ede90020bc98563175350dcd095048ce77f7873 Mon Sep 17 00:00:00 2001 From: Guido Modarelli Date: Mon, 20 Jan 2025 17:59:35 -0300 Subject: [PATCH 022/212] Fix navigation to the first app in the endpoint security group and update core start property assignment --- plugins/wazuh-analysis/public/plugin.ts | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/plugins/wazuh-analysis/public/plugin.ts b/plugins/wazuh-analysis/public/plugin.ts index 0dc2e0ae49..e7e0d5ac92 100644 --- a/plugins/wazuh-analysis/public/plugin.ts +++ b/plugins/wazuh-analysis/public/plugin.ts @@ -132,10 +132,17 @@ export class AnalysisPlugin ): AnalysisSetup | Promise { console.debug('AnalysisPlugin started'); + // eslint-disable-next-line unicorn/no-this-assignment, @typescript-eslint/no-this-alias + const that = this; const ApplicationsMap: Record> = { [this.ENDPOINT_SECURITY_ID]: { title: this.translationMessages.ENDPOINT_SECURITY_TITLE, async mount(params: AppMountParameters) { + // @ts-expect-error Property '_coreStart' does not exist on type 'AnalysisPlugin'. + const coreStart = that._coreStart as CoreStart; + + navigateToFirstAppInNavGroup(coreStart, that.ENDPOINT_SECURITY_ID); + // TODO: Implement the endpoint security application const { renderApp } = await import('./application'); @@ -268,9 +275,12 @@ export class AnalysisPlugin } start( - _core: CoreStart, + core: CoreStart, _plugins: AnalysisStartDependencies, ): AnalysisStart | Promise { + // @ts-expect-error Property '_coreStart' does not exist on type 'AnalysisPlugin'. + this._coreStart = core; + return {}; } From 027ea30d69924e72ffb41faccef3ee4b369d1306 Mon Sep 17 00:00:00 2001 From: Guido Modarelli Date: Mon, 20 Jan 2025 18:11:31 -0300 Subject: [PATCH 023/212] Refactor sub-application ID generation in AnalysisPlugin for improved readability --- plugins/wazuh-analysis/public/plugin.ts | 18 ++++++++++++------ 1 file changed, 12 insertions(+), 6 deletions(-) diff --git a/plugins/wazuh-analysis/public/plugin.ts b/plugins/wazuh-analysis/public/plugin.ts index e7e0d5ac92..0c4210563b 100644 --- a/plugins/wazuh-analysis/public/plugin.ts +++ b/plugins/wazuh-analysis/public/plugin.ts @@ -54,6 +54,9 @@ const navigateToFirstAppInNavGroup = async ( } }; +const generateSubAppId = (parentAppId: string, subAppId: string) => + `${parentAppId}_${encodeURIComponent(`/${subAppId}`)}`; + export class AnalysisPlugin implements Plugin @@ -63,12 +66,15 @@ export class AnalysisPlugin private readonly THREAT_INTELLIGENCE_ID = 'threat_intelligence'; private readonly SECURITY_OPERATIONS_ID = 'security_operations'; private readonly CLOUD_SECURITY_ID = 'cloud_security'; - private readonly CONFIGURATION_ASSESSMENT_ID = - this.ENDPOINT_SECURITY_ID + encodeURIComponent('/configuration_assessment'); - private readonly MALWARE_DETECTION_ID = - this.ENDPOINT_SECURITY_ID + encodeURIComponent('/malware_detection'); - private readonly FIM_ID = - this.ENDPOINT_SECURITY_ID + encodeURIComponent('/fim'); + private readonly CONFIGURATION_ASSESSMENT_ID = generateSubAppId( + this.ENDPOINT_SECURITY_ID, + 'configuration_assessment', + ); + private readonly MALWARE_DETECTION_ID = generateSubAppId( + this.ENDPOINT_SECURITY_ID, + 'malware_detection', + ); + private readonly FIM_ID = generateSubAppId(this.ENDPOINT_SECURITY_ID, 'fim'); private readonly translationMessages = { ANALYSIS_PLUGIN_TITLE: i18n.translate('analysis.title', { defaultMessage: 'Analysis', From 2de10c219d7ec3d34f65b9e5cd92d2ec048af9c0 Mon Sep 17 00:00:00 2001 From: Guido Modarelli Date: Mon, 20 Jan 2025 18:22:45 -0300 Subject: [PATCH 024/212] Add JSDoc comments for generateSubAppId function in plugin.ts --- plugins/wazuh-analysis/public/plugin.ts | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/plugins/wazuh-analysis/public/plugin.ts b/plugins/wazuh-analysis/public/plugin.ts index 0c4210563b..6fd0b6f573 100644 --- a/plugins/wazuh-analysis/public/plugin.ts +++ b/plugins/wazuh-analysis/public/plugin.ts @@ -54,6 +54,14 @@ const navigateToFirstAppInNavGroup = async ( } }; +/** + * The function `generateSubAppId` takes a parent app ID and a sub app ID, and + * returns a combined ID with the sub app ID URL-encoded. + * @param {string} parentAppId - The `parentAppId` parameter is a string + * representing the ID of the parent application. + * @param {string} subAppId - The `subAppId` parameter is a string representing the + * ID of a sub-application within a parent application. + */ const generateSubAppId = (parentAppId: string, subAppId: string) => `${parentAppId}_${encodeURIComponent(`/${subAppId}`)}`; From 38151dc459f69f37c2c486bfe920a1c4978c0bc4 Mon Sep 17 00:00:00 2001 From: Guido Modarelli Date: Mon, 20 Jan 2025 18:29:43 -0300 Subject: [PATCH 025/212] Refactor mount functions in AnalysisPlugin to use arrow function syntax for improved context handling --- plugins/wazuh-analysis/public/plugin.ts | 20 +++++++++----------- 1 file changed, 9 insertions(+), 11 deletions(-) diff --git a/plugins/wazuh-analysis/public/plugin.ts b/plugins/wazuh-analysis/public/plugin.ts index 6fd0b6f573..6652fb7876 100644 --- a/plugins/wazuh-analysis/public/plugin.ts +++ b/plugins/wazuh-analysis/public/plugin.ts @@ -146,16 +146,14 @@ export class AnalysisPlugin ): AnalysisSetup | Promise { console.debug('AnalysisPlugin started'); - // eslint-disable-next-line unicorn/no-this-assignment, @typescript-eslint/no-this-alias - const that = this; const ApplicationsMap: Record> = { [this.ENDPOINT_SECURITY_ID]: { title: this.translationMessages.ENDPOINT_SECURITY_TITLE, - async mount(params: AppMountParameters) { + mount: async (params: AppMountParameters) => { // @ts-expect-error Property '_coreStart' does not exist on type 'AnalysisPlugin'. - const coreStart = that._coreStart as CoreStart; + const coreStart = this._coreStart as CoreStart; - navigateToFirstAppInNavGroup(coreStart, that.ENDPOINT_SECURITY_ID); + navigateToFirstAppInNavGroup(coreStart, this.ENDPOINT_SECURITY_ID); // TODO: Implement the endpoint security application const { renderApp } = await import('./application'); @@ -165,7 +163,7 @@ export class AnalysisPlugin }, [this.THREAT_INTELLIGENCE_ID]: { title: this.translationMessages.THREAT_INTELLIGENCE_TITLE, - async mount(params: AppMountParameters) { + mount: async (params: AppMountParameters) => { // TODO: Implement the threat intelligence application const { renderApp } = await import('./application'); @@ -175,7 +173,7 @@ export class AnalysisPlugin [this.SECURITY_OPERATIONS_ID]: { title: this.translationMessages.SECURITY_OPERATIONS_TITLE, category: this.CATEGORY, - async mount(params: AppMountParameters) { + mount: async (params: AppMountParameters) => { // TODO: Implement the security operations application const { renderApp } = await import('./application'); @@ -185,7 +183,7 @@ export class AnalysisPlugin [this.CLOUD_SECURITY_ID]: { title: this.translationMessages.CLOUD_SECURITY_TITLE, category: this.CATEGORY, - async mount(params: AppMountParameters) { + mount: async (params: AppMountParameters) => { // TODO: Implement the cloud security application const { renderApp } = await import('./application'); @@ -194,7 +192,7 @@ export class AnalysisPlugin }, [this.CONFIGURATION_ASSESSMENT_ID]: { title: this.translationMessages.CONFIGURATION_ASSESSMENT_TITLE, - async mount(params: AppMountParameters) { + mount: async (params: AppMountParameters) => { // TODO: Implement the configuration assessment application const { renderApp } = await import('./application'); @@ -203,7 +201,7 @@ export class AnalysisPlugin }, [this.MALWARE_DETECTION_ID]: { title: this.translationMessages.MALWARE_DETECTION_TITLE, - async mount(params: AppMountParameters) { + mount: async (params: AppMountParameters) => { // TODO: Implement the malware detection application const { renderApp } = await import('./application'); @@ -212,7 +210,7 @@ export class AnalysisPlugin }, [this.FIM_ID]: { title: this.translationMessages.FIM_TITLE, - async mount(params: AppMountParameters) { + mount: async (params: AppMountParameters) => { // TODO: Implement the fim application const { renderApp } = await import('./application'); From e294a62ebe6388e85433a7e75e1a90c845e026b2 Mon Sep 17 00:00:00 2001 From: Guido Modarelli Date: Mon, 20 Jan 2025 18:37:06 -0300 Subject: [PATCH 026/212] Implement app startup subject in AnalysisPlugin for navigation handling --- plugins/wazuh-analysis/public/plugin.ts | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/plugins/wazuh-analysis/public/plugin.ts b/plugins/wazuh-analysis/public/plugin.ts index 6652fb7876..47c33fc289 100644 --- a/plugins/wazuh-analysis/public/plugin.ts +++ b/plugins/wazuh-analysis/public/plugin.ts @@ -5,6 +5,7 @@ import { ChromeNavGroup, } from 'opensearch-dashboards/public'; import { first } from 'rxjs/operators'; +import { Subject } from 'rxjs'; import { App, CoreSetup, @@ -69,6 +70,7 @@ export class AnalysisPlugin implements Plugin { + private readonly appStartup$ = new Subject(); private readonly PLUGIN_ID = 'analysis'; private readonly ENDPOINT_SECURITY_ID = 'endpoint_security'; private readonly THREAT_INTELLIGENCE_ID = 'threat_intelligence'; @@ -150,10 +152,7 @@ export class AnalysisPlugin [this.ENDPOINT_SECURITY_ID]: { title: this.translationMessages.ENDPOINT_SECURITY_TITLE, mount: async (params: AppMountParameters) => { - // @ts-expect-error Property '_coreStart' does not exist on type 'AnalysisPlugin'. - const coreStart = this._coreStart as CoreStart; - - navigateToFirstAppInNavGroup(coreStart, this.ENDPOINT_SECURITY_ID); + this.appStartup$.next(this.ENDPOINT_SECURITY_ID); // TODO: Implement the endpoint security application const { renderApp } = await import('./application'); @@ -290,8 +289,10 @@ export class AnalysisPlugin core: CoreStart, _plugins: AnalysisStartDependencies, ): AnalysisStart | Promise { - // @ts-expect-error Property '_coreStart' does not exist on type 'AnalysisPlugin'. - this._coreStart = core; + this.appStartup$.subscribe({ + next: (navGroupId: string) => + navigateToFirstAppInNavGroup(core, navGroupId), + }); return {}; } From 5f5246935dfec9f6c6928f71b8541ecd4948c5d4 Mon Sep 17 00:00:00 2001 From: Guido Modarelli Date: Mon, 20 Jan 2025 19:02:13 -0300 Subject: [PATCH 027/212] Add getCurrentNavGroup function to retrieve the current navigation group --- plugins/wazuh-analysis/public/plugin.ts | 3 +++ 1 file changed, 3 insertions(+) diff --git a/plugins/wazuh-analysis/public/plugin.ts b/plugins/wazuh-analysis/public/plugin.ts index 47c33fc289..6ce3cf625e 100644 --- a/plugins/wazuh-analysis/public/plugin.ts +++ b/plugins/wazuh-analysis/public/plugin.ts @@ -23,6 +23,9 @@ interface AnalysisStartDependencies { navigation: NavigationPublicPluginStart; } +const getCurrentNavGroup = async (core: CoreStart) => + core.chrome.navGroup.getCurrentNavGroup$().pipe(first()).toPromise(); + /** * The function `navigateToFirstAppInNavGroup` sets the current navigation group, * retrieves the first navigation item within that group, and navigates to the From 2cedfc184f66c37152b1cf85c375392491f468d1 Mon Sep 17 00:00:00 2001 From: Guido Modarelli Date: Mon, 20 Jan 2025 19:03:02 -0300 Subject: [PATCH 028/212] Refactor navigateToFirstAppInNavGroup function to improve parameter handling and simplify navigation logic --- plugins/wazuh-analysis/public/plugin.ts | 40 +++++++++++-------------- 1 file changed, 17 insertions(+), 23 deletions(-) diff --git a/plugins/wazuh-analysis/public/plugin.ts b/plugins/wazuh-analysis/public/plugin.ts index 6ce3cf625e..447640be5e 100644 --- a/plugins/wazuh-analysis/public/plugin.ts +++ b/plugins/wazuh-analysis/public/plugin.ts @@ -3,6 +3,7 @@ import { AppCategory, AppMountParameters, ChromeNavGroup, + NavGroupItemInMap, } from 'opensearch-dashboards/public'; import { first } from 'rxjs/operators'; import { Subject } from 'rxjs'; @@ -27,34 +28,27 @@ const getCurrentNavGroup = async (core: CoreStart) => core.chrome.navGroup.getCurrentNavGroup$().pipe(first()).toPromise(); /** - * The function `navigateToFirstAppInNavGroup` sets the current navigation group, - * retrieves the first navigation item within that group, and navigates to the - * corresponding application if it exists. - * @param {CoreStart} coreStart - * @param {string} navGroupId - The `navGroupId` parameter is a string that - * represents the unique identifier of a navigation group within the application. + * The function `navigateToFirstAppInNavGroup` navigates to the first app in a + * specified navigation group if it exists. + * @param {CoreStart} core - The `core` parameter is an object that provides access + * to core services in Kibana, such as application navigation, HTTP requests, and + * more. It is typically provided by the Kibana platform to plugins and can be used + * to interact with various functionalities within the Kibana application. + * @param {NavGroupItemInMap | undefined} navGroup - The `navGroup` parameter is + * expected to be an object that represents a navigation group item in a map. It + * should have a property `navLinks` which is an array of navigation links. Each + * navigation link in the `navLinks` array should have an `id` property that + * represents the ID */ const navigateToFirstAppInNavGroup = async ( - coreStart: CoreStart, - navGroupId: string, + core: CoreStart, + navGroup: NavGroupItemInMap | undefined, ) => { - // Set the current nav group - coreStart.chrome.navGroup.setCurrentNavGroup(navGroupId); - - // Get the current nav group - const navGroupMap = await coreStart.chrome.navGroup - .getNavGroupsMap$() - .pipe(first()) - .toPromise(); - // Get the first nav item, if it exists navigate to the app - if (navGroupMap) { - const navGroup = navGroupMap[navGroupId]; - const firstNavItem = navGroup?.navLinks[0]; + const firstNavItem = navGroup?.navLinks[0]; - if (firstNavItem?.id) { - coreStart.application.navigateToApp(firstNavItem.id); - } + if (firstNavItem?.id) { + core.application.navigateToApp(firstNavItem.id); } }; From 4d083900fd9c1298e7a00e4b128ba77c9ea6edc6 Mon Sep 17 00:00:00 2001 From: Guido Modarelli Date: Mon, 20 Jan 2025 19:03:24 -0300 Subject: [PATCH 029/212] Refactor app startup subscription to set current navigation group and navigate accordingly --- plugins/wazuh-analysis/public/plugin.ts | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/plugins/wazuh-analysis/public/plugin.ts b/plugins/wazuh-analysis/public/plugin.ts index 447640be5e..b79a15a785 100644 --- a/plugins/wazuh-analysis/public/plugin.ts +++ b/plugins/wazuh-analysis/public/plugin.ts @@ -287,8 +287,13 @@ export class AnalysisPlugin _plugins: AnalysisStartDependencies, ): AnalysisStart | Promise { this.appStartup$.subscribe({ - next: (navGroupId: string) => - navigateToFirstAppInNavGroup(core, navGroupId), + next: async (navGroupId: string) => { + core.chrome.navGroup.setCurrentNavGroup(navGroupId); + + const currentNavGroup = await getCurrentNavGroup(core); + + navigateToFirstAppInNavGroup(core, currentNavGroup); + }, }); return {}; From 174bc12d6cfef5e6fdcf8abf21d42cdd7c5d6b2e Mon Sep 17 00:00:00 2001 From: Guido Modarelli Date: Mon, 20 Jan 2025 19:43:30 -0300 Subject: [PATCH 030/212] Add navigation link status management for endpoint security applications --- plugins/wazuh-analysis/public/plugin.ts | 63 +++++++++++++++++++++---- 1 file changed, 55 insertions(+), 8 deletions(-) diff --git a/plugins/wazuh-analysis/public/plugin.ts b/plugins/wazuh-analysis/public/plugin.ts index b79a15a785..7867790004 100644 --- a/plugins/wazuh-analysis/public/plugin.ts +++ b/plugins/wazuh-analysis/public/plugin.ts @@ -9,6 +9,7 @@ import { first } from 'rxjs/operators'; import { Subject } from 'rxjs'; import { App, + AppNavLinkStatus, CoreSetup, CoreStart, Plugin, @@ -24,6 +25,12 @@ interface AnalysisStartDependencies { navigation: NavigationPublicPluginStart; } +const makeNavLinkStatusVisible = (): Partial => ({ + navLinkStatus: AppNavLinkStatus.visible, +}); +const makeNavLinkStatusHidden = (): Partial => ({ + navLinkStatus: AppNavLinkStatus.hidden, +}); const getCurrentNavGroup = async (core: CoreStart) => core.chrome.navGroup.getCurrentNavGroup$().pipe(first()).toPromise(); @@ -68,6 +75,9 @@ export class AnalysisPlugin Plugin { private readonly appStartup$ = new Subject(); + private readonly endpointSecurityAppsStatusUpdater$ = new Subject< + () => object + >(); private readonly PLUGIN_ID = 'analysis'; private readonly ENDPOINT_SECURITY_ID = 'endpoint_security'; private readonly THREAT_INTELLIGENCE_ID = 'threat_intelligence'; @@ -148,13 +158,14 @@ export class AnalysisPlugin const ApplicationsMap: Record> = { [this.ENDPOINT_SECURITY_ID]: { title: this.translationMessages.ENDPOINT_SECURITY_TITLE, - mount: async (params: AppMountParameters) => { + mount: async (_params: AppMountParameters) => { + this.endpointSecurityAppsStatusUpdater$.next( + makeNavLinkStatusVisible, + ); this.appStartup$.next(this.ENDPOINT_SECURITY_ID); - // TODO: Implement the endpoint security application - const { renderApp } = await import('./application'); - - return renderApp(params, {}); + // TODO: Implement the endpoint security landing page + return () => {}; }, }, [this.THREAT_INTELLIGENCE_ID]: { @@ -188,29 +199,65 @@ export class AnalysisPlugin }, [this.CONFIGURATION_ASSESSMENT_ID]: { title: this.translationMessages.CONFIGURATION_ASSESSMENT_TITLE, + navLinkStatus: AppNavLinkStatus.hidden, + updater$: this.endpointSecurityAppsStatusUpdater$, mount: async (params: AppMountParameters) => { + this.endpointSecurityAppsStatusUpdater$.next( + makeNavLinkStatusVisible, + ); + // TODO: Implement the configuration assessment application const { renderApp } = await import('./application'); + const unmount = await renderApp(params, {}); - return renderApp(params, {}); + return () => { + this.endpointSecurityAppsStatusUpdater$.next( + makeNavLinkStatusHidden, + ); + unmount(); + }; }, }, [this.MALWARE_DETECTION_ID]: { title: this.translationMessages.MALWARE_DETECTION_TITLE, + navLinkStatus: AppNavLinkStatus.hidden, + updater$: this.endpointSecurityAppsStatusUpdater$, mount: async (params: AppMountParameters) => { + this.endpointSecurityAppsStatusUpdater$.next( + makeNavLinkStatusVisible, + ); + // TODO: Implement the malware detection application const { renderApp } = await import('./application'); + const unmount = await renderApp(params, {}); - return renderApp(params, {}); + return () => { + this.endpointSecurityAppsStatusUpdater$.next( + makeNavLinkStatusHidden, + ); + unmount(); + }; }, }, [this.FIM_ID]: { title: this.translationMessages.FIM_TITLE, + navLinkStatus: AppNavLinkStatus.hidden, + updater$: this.endpointSecurityAppsStatusUpdater$, mount: async (params: AppMountParameters) => { + this.endpointSecurityAppsStatusUpdater$.next( + makeNavLinkStatusVisible, + ); + // TODO: Implement the fim application const { renderApp } = await import('./application'); + const unmount = await renderApp(params, {}); - return renderApp(params, {}); + return () => { + this.endpointSecurityAppsStatusUpdater$.next( + makeNavLinkStatusHidden, + ); + unmount(); + }; }, }, }; From d048aa61296442b8373d67ca1edaf923ac5f9488 Mon Sep 17 00:00:00 2001 From: Guido Modarelli Date: Mon, 20 Jan 2025 19:59:00 -0300 Subject: [PATCH 031/212] Refactor endpoint security applications to streamline mount logic and manage nav link visibility --- plugins/wazuh-analysis/public/plugin.ts | 74 ++++++++++++------------- 1 file changed, 34 insertions(+), 40 deletions(-) diff --git a/plugins/wazuh-analysis/public/plugin.ts b/plugins/wazuh-analysis/public/plugin.ts index 7867790004..965b396105 100644 --- a/plugins/wazuh-analysis/public/plugin.ts +++ b/plugins/wazuh-analysis/public/plugin.ts @@ -1,6 +1,7 @@ import { i18n } from '@osd/i18n'; import { AppCategory, + AppMount, AppMountParameters, ChromeNavGroup, NavGroupItemInMap, @@ -197,70 +198,63 @@ export class AnalysisPlugin return renderApp(params, {}); }, }, - [this.CONFIGURATION_ASSESSMENT_ID]: { + }; + const endpointSecurityApps: App[] = [ + { + id: this.CONFIGURATION_ASSESSMENT_ID, title: this.translationMessages.CONFIGURATION_ASSESSMENT_TITLE, navLinkStatus: AppNavLinkStatus.hidden, updater$: this.endpointSecurityAppsStatusUpdater$, mount: async (params: AppMountParameters) => { - this.endpointSecurityAppsStatusUpdater$.next( - makeNavLinkStatusVisible, - ); - // TODO: Implement the configuration assessment application const { renderApp } = await import('./application'); - const unmount = await renderApp(params, {}); - - return () => { - this.endpointSecurityAppsStatusUpdater$.next( - makeNavLinkStatusHidden, - ); - unmount(); - }; + + return await renderApp(params, {}); }, }, - [this.MALWARE_DETECTION_ID]: { + { + id: this.MALWARE_DETECTION_ID, title: this.translationMessages.MALWARE_DETECTION_TITLE, navLinkStatus: AppNavLinkStatus.hidden, updater$: this.endpointSecurityAppsStatusUpdater$, mount: async (params: AppMountParameters) => { - this.endpointSecurityAppsStatusUpdater$.next( - makeNavLinkStatusVisible, - ); - // TODO: Implement the malware detection application const { renderApp } = await import('./application'); - const unmount = await renderApp(params, {}); - - return () => { - this.endpointSecurityAppsStatusUpdater$.next( - makeNavLinkStatusHidden, - ); - unmount(); - }; + + return await renderApp(params, {}); }, }, - [this.FIM_ID]: { + { + id: this.FIM_ID, title: this.translationMessages.FIM_TITLE, navLinkStatus: AppNavLinkStatus.hidden, updater$: this.endpointSecurityAppsStatusUpdater$, mount: async (params: AppMountParameters) => { - this.endpointSecurityAppsStatusUpdater$.next( - makeNavLinkStatusVisible, - ); - // TODO: Implement the fim application const { renderApp } = await import('./application'); - const unmount = await renderApp(params, {}); - - return () => { - this.endpointSecurityAppsStatusUpdater$.next( - makeNavLinkStatusHidden, - ); - unmount(); - }; + + return await renderApp(params, {}); }, }, - }; + ]; + + for (const app of endpointSecurityApps) { + const mount = app.mount.bind(app) as AppMount; + + app.mount = async (params: AppMountParameters) => { + this.endpointSecurityAppsStatusUpdater$.next(makeNavLinkStatusVisible); + + const unmount = await mount(params); + + return () => { + this.endpointSecurityAppsStatusUpdater$.next(makeNavLinkStatusHidden); + unmount(); + }; + }; + + ApplicationsMap[app.id] = app; + } + const APPLICATIONS = Object.entries(ApplicationsMap).map(([id, app]) => ({ ...app, id, From aa5923a47c88f4a899fc7f78479188201f53c7b2 Mon Sep 17 00:00:00 2001 From: Guido Modarelli Date: Mon, 20 Jan 2025 20:08:36 -0300 Subject: [PATCH 032/212] Refactor application registration to use an array for better structure and clarity --- plugins/wazuh-analysis/public/plugin.ts | 26 ++++++++++++------------- 1 file changed, 12 insertions(+), 14 deletions(-) diff --git a/plugins/wazuh-analysis/public/plugin.ts b/plugins/wazuh-analysis/public/plugin.ts index 965b396105..848875cce7 100644 --- a/plugins/wazuh-analysis/public/plugin.ts +++ b/plugins/wazuh-analysis/public/plugin.ts @@ -17,7 +17,6 @@ import { DEFAULT_NAV_GROUPS, } from '../../../src/core/public'; import { NavigationPublicPluginStart } from '../../../src/plugins/navigation/public'; -import { OmitStrict } from '../../wazuh-core/common/types'; import { AnalysisSetup, AnalysisStart } from './types'; interface AnalysisSetupDependencies {} @@ -156,8 +155,9 @@ export class AnalysisPlugin ): AnalysisSetup | Promise { console.debug('AnalysisPlugin started'); - const ApplicationsMap: Record> = { - [this.ENDPOINT_SECURITY_ID]: { + const applications: App[] = [ + { + id: this.ENDPOINT_SECURITY_ID, title: this.translationMessages.ENDPOINT_SECURITY_TITLE, mount: async (_params: AppMountParameters) => { this.endpointSecurityAppsStatusUpdater$.next( @@ -169,7 +169,8 @@ export class AnalysisPlugin return () => {}; }, }, - [this.THREAT_INTELLIGENCE_ID]: { + { + id: this.THREAT_INTELLIGENCE_ID, title: this.translationMessages.THREAT_INTELLIGENCE_TITLE, mount: async (params: AppMountParameters) => { // TODO: Implement the threat intelligence application @@ -178,7 +179,8 @@ export class AnalysisPlugin return renderApp(params, {}); }, }, - [this.SECURITY_OPERATIONS_ID]: { + { + id: this.SECURITY_OPERATIONS_ID, title: this.translationMessages.SECURITY_OPERATIONS_TITLE, category: this.CATEGORY, mount: async (params: AppMountParameters) => { @@ -188,7 +190,8 @@ export class AnalysisPlugin return renderApp(params, {}); }, }, - [this.CLOUD_SECURITY_ID]: { + { + id: this.CLOUD_SECURITY_ID, title: this.translationMessages.CLOUD_SECURITY_TITLE, category: this.CATEGORY, mount: async (params: AppMountParameters) => { @@ -198,7 +201,7 @@ export class AnalysisPlugin return renderApp(params, {}); }, }, - }; + ]; const endpointSecurityApps: App[] = [ { id: this.CONFIGURATION_ASSESSMENT_ID, @@ -252,15 +255,10 @@ export class AnalysisPlugin }; }; - ApplicationsMap[app.id] = app; + applications.push(app); } - const APPLICATIONS = Object.entries(ApplicationsMap).map(([id, app]) => ({ - ...app, - id, - })); - - for (const app of APPLICATIONS) { + for (const app of applications) { core.application.register(app); } From 7592b793dbf99404cbd1996d2769ce1dde60a434 Mon Sep 17 00:00:00 2001 From: Guido Modarelli Date: Mon, 20 Jan 2025 20:10:12 -0300 Subject: [PATCH 033/212] Refactor translationMessages to use Object.freeze for immutability --- plugins/wazuh-analysis/public/plugin.ts | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/plugins/wazuh-analysis/public/plugin.ts b/plugins/wazuh-analysis/public/plugin.ts index 848875cce7..913210f234 100644 --- a/plugins/wazuh-analysis/public/plugin.ts +++ b/plugins/wazuh-analysis/public/plugin.ts @@ -92,7 +92,7 @@ export class AnalysisPlugin 'malware_detection', ); private readonly FIM_ID = generateSubAppId(this.ENDPOINT_SECURITY_ID, 'fim'); - private readonly translationMessages = { + private readonly translationMessages = Object.freeze({ ANALYSIS_PLUGIN_TITLE: i18n.translate('analysis.title', { defaultMessage: 'Analysis', }), @@ -142,7 +142,7 @@ export class AnalysisPlugin FIM_TITLE: i18n.translate(`${this.PLUGIN_ID}.category.${this.FIM_ID}`, { defaultMessage: 'File Integrity Monitoring', }), - }; + }); private readonly CATEGORY: AppCategory = { id: this.PLUGIN_ID, label: this.translationMessages.ANALYSIS_PLUGIN_TITLE, From c0ac199244b4d0feed8991de20d0ce6a80a9f51d Mon Sep 17 00:00:00 2001 From: Guido Modarelli Date: Mon, 20 Jan 2025 20:12:35 -0300 Subject: [PATCH 034/212] Refactor AnalysisPlugin setup to improve app registration structure --- plugins/wazuh-analysis/public/plugin.ts | 16 ++++++++++------ 1 file changed, 10 insertions(+), 6 deletions(-) diff --git a/plugins/wazuh-analysis/public/plugin.ts b/plugins/wazuh-analysis/public/plugin.ts index 913210f234..98aecce885 100644 --- a/plugins/wazuh-analysis/public/plugin.ts +++ b/plugins/wazuh-analysis/public/plugin.ts @@ -149,12 +149,7 @@ export class AnalysisPlugin order: 5000, }; - public setup( - core: CoreSetup, - _plugins: AnalysisSetupDependencies, - ): AnalysisSetup | Promise { - console.debug('AnalysisPlugin started'); - + private registerApps(core: CoreSetup) { const applications: App[] = [ { id: this.ENDPOINT_SECURITY_ID, @@ -261,6 +256,15 @@ export class AnalysisPlugin for (const app of applications) { core.application.register(app); } + } + + public setup( + core: CoreSetup, + _plugins: AnalysisSetupDependencies, + ): AnalysisSetup | Promise { + console.debug('AnalysisPlugin started'); + + this.registerApps(core); const navGroups = { [this.ENDPOINT_SECURITY_ID]: { From f857c70a441a828a69e39f0065f3486bd4b07dc2 Mon Sep 17 00:00:00 2001 From: Guido Modarelli Date: Mon, 20 Jan 2025 20:14:57 -0300 Subject: [PATCH 035/212] Refactor AnalysisPlugin to use Object.freeze for navigation groups --- plugins/wazuh-analysis/public/plugin.ts | 17 ++++++++--------- 1 file changed, 8 insertions(+), 9 deletions(-) diff --git a/plugins/wazuh-analysis/public/plugin.ts b/plugins/wazuh-analysis/public/plugin.ts index 98aecce885..f405ddf646 100644 --- a/plugins/wazuh-analysis/public/plugin.ts +++ b/plugins/wazuh-analysis/public/plugin.ts @@ -148,6 +148,13 @@ export class AnalysisPlugin label: this.translationMessages.ANALYSIS_PLUGIN_TITLE, order: 5000, }; + private readonly navGroups = Object.freeze({ + [this.ENDPOINT_SECURITY_ID]: { + id: this.ENDPOINT_SECURITY_ID, + title: this.translationMessages.ENDPOINT_SECURITY_TITLE, + description: this.translationMessages.ENDPOINT_SECURITY_DESCRIPTION, + }, + } satisfies Record); private registerApps(core: CoreSetup) { const applications: App[] = [ @@ -266,16 +273,8 @@ export class AnalysisPlugin this.registerApps(core); - const navGroups = { - [this.ENDPOINT_SECURITY_ID]: { - id: this.ENDPOINT_SECURITY_ID, - title: this.translationMessages.ENDPOINT_SECURITY_TITLE, - description: this.translationMessages.ENDPOINT_SECURITY_DESCRIPTION, - }, - } satisfies Record; - core.chrome.navGroup.addNavLinksToGroup( - navGroups[this.ENDPOINT_SECURITY_ID], + this.navGroups[this.ENDPOINT_SECURITY_ID], [ { // Configuration assessment From 5759572a9607f38fdf27ef2e4bf99c9ee41e6ac8 Mon Sep 17 00:00:00 2001 From: Guido Modarelli Date: Mon, 20 Jan 2025 20:20:32 -0300 Subject: [PATCH 036/212] Refactor AnalysisPlugin to separate navigation group registration into its own method --- plugins/wazuh-analysis/public/plugin.ts | 19 +++++++++++-------- 1 file changed, 11 insertions(+), 8 deletions(-) diff --git a/plugins/wazuh-analysis/public/plugin.ts b/plugins/wazuh-analysis/public/plugin.ts index f405ddf646..60af17a8d6 100644 --- a/plugins/wazuh-analysis/public/plugin.ts +++ b/plugins/wazuh-analysis/public/plugin.ts @@ -265,14 +265,7 @@ export class AnalysisPlugin } } - public setup( - core: CoreSetup, - _plugins: AnalysisSetupDependencies, - ): AnalysisSetup | Promise { - console.debug('AnalysisPlugin started'); - - this.registerApps(core); - + private registerNavGroups(core: CoreSetup) { core.chrome.navGroup.addNavLinksToGroup( this.navGroups[this.ENDPOINT_SECURITY_ID], [ @@ -320,6 +313,16 @@ export class AnalysisPlugin category: this.CATEGORY, }, ]); + } + + public setup( + core: CoreSetup, + _plugins: AnalysisSetupDependencies, + ): AnalysisSetup | Promise { + console.debug('AnalysisPlugin started'); + + this.registerApps(core); + this.registerNavGroups(core); return {}; } From 42650dba7eeb913939465826f8ed83996b415b73 Mon Sep 17 00:00:00 2001 From: Guido Modarelli Date: Mon, 20 Jan 2025 20:21:50 -0300 Subject: [PATCH 037/212] Refactor AnalysisPlugin to extract app startup subscription into a separate method --- plugins/wazuh-analysis/public/plugin.ts | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/plugins/wazuh-analysis/public/plugin.ts b/plugins/wazuh-analysis/public/plugin.ts index 60af17a8d6..e7cddbc0ee 100644 --- a/plugins/wazuh-analysis/public/plugin.ts +++ b/plugins/wazuh-analysis/public/plugin.ts @@ -327,10 +327,7 @@ export class AnalysisPlugin return {}; } - start( - core: CoreStart, - _plugins: AnalysisStartDependencies, - ): AnalysisStart | Promise { + private subscribeToAppStartup(core: CoreStart) { this.appStartup$.subscribe({ next: async (navGroupId: string) => { core.chrome.navGroup.setCurrentNavGroup(navGroupId); @@ -340,6 +337,13 @@ export class AnalysisPlugin navigateToFirstAppInNavGroup(core, currentNavGroup); }, }); + } + + start( + core: CoreStart, + _plugins: AnalysisStartDependencies, + ): AnalysisStart | Promise { + this.subscribeToAppStartup(core); return {}; } From fca4fba61708bfd1c6c8340274a4841ed91b81b5 Mon Sep 17 00:00:00 2001 From: Guido Modarelli Date: Mon, 20 Jan 2025 20:23:10 -0300 Subject: [PATCH 038/212] Refactor AnalysisPlugin to use Object.freeze for CATEGORY definition --- plugins/wazuh-analysis/public/plugin.ts | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/plugins/wazuh-analysis/public/plugin.ts b/plugins/wazuh-analysis/public/plugin.ts index e7cddbc0ee..d4d1968b4c 100644 --- a/plugins/wazuh-analysis/public/plugin.ts +++ b/plugins/wazuh-analysis/public/plugin.ts @@ -143,11 +143,11 @@ export class AnalysisPlugin defaultMessage: 'File Integrity Monitoring', }), }); - private readonly CATEGORY: AppCategory = { + private readonly CATEGORY: AppCategory = Object.freeze({ id: this.PLUGIN_ID, label: this.translationMessages.ANALYSIS_PLUGIN_TITLE, order: 5000, - }; + }); private readonly navGroups = Object.freeze({ [this.ENDPOINT_SECURITY_ID]: { id: this.ENDPOINT_SECURITY_ID, From 47789f4ad1a4abec26651a8797e0ea6755d41200 Mon Sep 17 00:00:00 2001 From: Guido Modarelli Date: Mon, 20 Jan 2025 20:27:34 -0300 Subject: [PATCH 039/212] Refactor AnalysisPlugin to consolidate endpoint security apps into a single subApps structure --- plugins/wazuh-analysis/public/plugin.ts | 74 +++++++++++++------------ 1 file changed, 38 insertions(+), 36 deletions(-) diff --git a/plugins/wazuh-analysis/public/plugin.ts b/plugins/wazuh-analysis/public/plugin.ts index d4d1968b4c..e4fca9deb5 100644 --- a/plugins/wazuh-analysis/public/plugin.ts +++ b/plugins/wazuh-analysis/public/plugin.ts @@ -204,46 +204,48 @@ export class AnalysisPlugin }, }, ]; - const endpointSecurityApps: App[] = [ - { - id: this.CONFIGURATION_ASSESSMENT_ID, - title: this.translationMessages.CONFIGURATION_ASSESSMENT_TITLE, - navLinkStatus: AppNavLinkStatus.hidden, - updater$: this.endpointSecurityAppsStatusUpdater$, - mount: async (params: AppMountParameters) => { - // TODO: Implement the configuration assessment application - const { renderApp } = await import('./application'); - - return await renderApp(params, {}); + const subApps: Record = { + [this.ENDPOINT_SECURITY_ID]: [ + { + id: this.CONFIGURATION_ASSESSMENT_ID, + title: this.translationMessages.CONFIGURATION_ASSESSMENT_TITLE, + navLinkStatus: AppNavLinkStatus.hidden, + updater$: this.endpointSecurityAppsStatusUpdater$, + mount: async (params: AppMountParameters) => { + // TODO: Implement the configuration assessment application + const { renderApp } = await import('./application'); + + return await renderApp(params, {}); + }, }, - }, - { - id: this.MALWARE_DETECTION_ID, - title: this.translationMessages.MALWARE_DETECTION_TITLE, - navLinkStatus: AppNavLinkStatus.hidden, - updater$: this.endpointSecurityAppsStatusUpdater$, - mount: async (params: AppMountParameters) => { - // TODO: Implement the malware detection application - const { renderApp } = await import('./application'); - - return await renderApp(params, {}); + { + id: this.MALWARE_DETECTION_ID, + title: this.translationMessages.MALWARE_DETECTION_TITLE, + navLinkStatus: AppNavLinkStatus.hidden, + updater$: this.endpointSecurityAppsStatusUpdater$, + mount: async (params: AppMountParameters) => { + // TODO: Implement the malware detection application + const { renderApp } = await import('./application'); + + return await renderApp(params, {}); + }, }, - }, - { - id: this.FIM_ID, - title: this.translationMessages.FIM_TITLE, - navLinkStatus: AppNavLinkStatus.hidden, - updater$: this.endpointSecurityAppsStatusUpdater$, - mount: async (params: AppMountParameters) => { - // TODO: Implement the fim application - const { renderApp } = await import('./application'); - - return await renderApp(params, {}); + { + id: this.FIM_ID, + title: this.translationMessages.FIM_TITLE, + navLinkStatus: AppNavLinkStatus.hidden, + updater$: this.endpointSecurityAppsStatusUpdater$, + mount: async (params: AppMountParameters) => { + // TODO: Implement the fim application + const { renderApp } = await import('./application'); + + return await renderApp(params, {}); + }, }, - }, - ]; + ], + }; - for (const app of endpointSecurityApps) { + for (const app of subApps[this.ENDPOINT_SECURITY_ID]) { const mount = app.mount.bind(app) as AppMount; app.mount = async (params: AppMountParameters) => { From 4cc41fc1c5e1925c94d07f15b2758cde319a3913 Mon Sep 17 00:00:00 2001 From: Guido Modarelli Date: Mon, 20 Jan 2025 20:46:45 -0300 Subject: [PATCH 040/212] Refactor AnalysisPlugin to improve code organization and maintainability --- plugins/wazuh-analysis/public/plugin.ts | 331 +++++++++++++----------- 1 file changed, 175 insertions(+), 156 deletions(-) diff --git a/plugins/wazuh-analysis/public/plugin.ts b/plugins/wazuh-analysis/public/plugin.ts index e4fca9deb5..7d2d2cc007 100644 --- a/plugins/wazuh-analysis/public/plugin.ts +++ b/plugins/wazuh-analysis/public/plugin.ts @@ -25,14 +25,118 @@ interface AnalysisStartDependencies { navigation: NavigationPublicPluginStart; } -const makeNavLinkStatusVisible = (): Partial => ({ - navLinkStatus: AppNavLinkStatus.visible, +/** + * The function `generateSubAppId` takes a parent app ID and a sub app ID, and + * returns a combined ID with the sub app ID URL-encoded. + * @param {string} parentAppId - The `parentAppId` parameter is a string + * representing the ID of the parent application. + * @param {string} subAppId - The `subAppId` parameter is a string representing the + * ID of a sub-application within a parent application. + */ +function generateSubAppId(parentAppId: string, subAppId: string) { + return `${parentAppId}_${encodeURIComponent(`/${subAppId}`)}`; +} + +const PLUGIN_ID = 'analysis'; +const ENDPOINT_SECURITY_ID = 'endpoint_security'; +const THREAT_INTELLIGENCE_ID = 'threat_intelligence'; +const SECURITY_OPERATIONS_ID = 'security_operations'; +const CLOUD_SECURITY_ID = 'cloud_security'; + +type ParentAppId = + | typeof ENDPOINT_SECURITY_ID + | typeof THREAT_INTELLIGENCE_ID + | typeof SECURITY_OPERATIONS_ID + | typeof CLOUD_SECURITY_ID; + +const CONFIGURATION_ASSESSMENT_ID = generateSubAppId( + ENDPOINT_SECURITY_ID, + 'configuration_assessment', +); +const MALWARE_DETECTION_ID = generateSubAppId( + ENDPOINT_SECURITY_ID, + 'malware_detection', +); +const FIM_ID = generateSubAppId(ENDPOINT_SECURITY_ID, 'fim'); +const TRANSLATION_MESSAGES = Object.freeze({ + ANALYSIS_PLUGIN_TITLE: i18n.translate('analysis.title', { + defaultMessage: 'Analysis', + }), + ENDPOINT_SECURITY_TITLE: i18n.translate( + `${PLUGIN_ID}.category.${ENDPOINT_SECURITY_ID}`, + { + defaultMessage: 'Endpoint Security', + }, + ), + ENDPOINT_SECURITY_DESCRIPTION: i18n.translate( + `${PLUGIN_ID}.category.${ENDPOINT_SECURITY_ID}.description`, + { + defaultMessage: + 'Advanced monitoring and protection for devices against security threats.', + }, + ), + THREAT_INTELLIGENCE_TITLE: i18n.translate( + `${PLUGIN_ID}.category.${THREAT_INTELLIGENCE_ID}`, + { + defaultMessage: 'Threat Intelligence', + }, + ), + SECURITY_OPERATIONS_TITLE: i18n.translate( + `${PLUGIN_ID}.category.${SECURITY_OPERATIONS_ID}`, + { + defaultMessage: 'Security Operations', + }, + ), + CLOUD_SECURITY_TITLE: i18n.translate( + `${PLUGIN_ID}.category.${CLOUD_SECURITY_ID}`, + { + defaultMessage: 'Cloud Security', + }, + ), + CONFIGURATION_ASSESSMENT_TITLE: i18n.translate( + `${PLUGIN_ID}.category.${CONFIGURATION_ASSESSMENT_ID}`, + { + defaultMessage: 'Configuration Assessment', + }, + ), + MALWARE_DETECTION_TITLE: i18n.translate( + `${PLUGIN_ID}.category.${MALWARE_DETECTION_ID}`, + { + defaultMessage: 'Malware Detection', + }, + ), + FIM_TITLE: i18n.translate(`${PLUGIN_ID}.category.${FIM_ID}`, { + defaultMessage: 'File Integrity Monitoring', + }), }); -const makeNavLinkStatusHidden = (): Partial => ({ - navLinkStatus: AppNavLinkStatus.hidden, +const CATEGORY: AppCategory = Object.freeze({ + id: PLUGIN_ID, + label: TRANSLATION_MESSAGES.ANALYSIS_PLUGIN_TITLE, + order: 5000, }); -const getCurrentNavGroup = async (core: CoreStart) => - core.chrome.navGroup.getCurrentNavGroup$().pipe(first()).toPromise(); +const NAV_GROUPS = Object.freeze({ + [ENDPOINT_SECURITY_ID]: { + id: ENDPOINT_SECURITY_ID, + title: TRANSLATION_MESSAGES.ENDPOINT_SECURITY_TITLE, + description: TRANSLATION_MESSAGES.ENDPOINT_SECURITY_DESCRIPTION, + }, +} satisfies Partial>); + +function makeNavLinkStatusVisible(): Partial { + return { + navLinkStatus: AppNavLinkStatus.visible, + }; +} + +function makeNavLinkStatusHidden(): Partial { + return { + navLinkStatus: AppNavLinkStatus.hidden, + }; +} + +async function getCurrentNavGroup(core: CoreStart) { + return core.chrome.navGroup.getCurrentNavGroup$().pipe(first()).toPromise(); +} /** * The function `navigateToFirstAppInNavGroup` navigates to the first app in a @@ -59,121 +163,35 @@ const navigateToFirstAppInNavGroup = async ( } }; -/** - * The function `generateSubAppId` takes a parent app ID and a sub app ID, and - * returns a combined ID with the sub app ID URL-encoded. - * @param {string} parentAppId - The `parentAppId` parameter is a string - * representing the ID of the parent application. - * @param {string} subAppId - The `subAppId` parameter is a string representing the - * ID of a sub-application within a parent application. - */ -const generateSubAppId = (parentAppId: string, subAppId: string) => - `${parentAppId}_${encodeURIComponent(`/${subAppId}`)}`; - export class AnalysisPlugin implements Plugin { private readonly appStartup$ = new Subject(); - private readonly endpointSecurityAppsStatusUpdater$ = new Subject< - () => object - >(); - private readonly PLUGIN_ID = 'analysis'; - private readonly ENDPOINT_SECURITY_ID = 'endpoint_security'; - private readonly THREAT_INTELLIGENCE_ID = 'threat_intelligence'; - private readonly SECURITY_OPERATIONS_ID = 'security_operations'; - private readonly CLOUD_SECURITY_ID = 'cloud_security'; - private readonly CONFIGURATION_ASSESSMENT_ID = generateSubAppId( - this.ENDPOINT_SECURITY_ID, - 'configuration_assessment', - ); - private readonly MALWARE_DETECTION_ID = generateSubAppId( - this.ENDPOINT_SECURITY_ID, - 'malware_detection', - ); - private readonly FIM_ID = generateSubAppId(this.ENDPOINT_SECURITY_ID, 'fim'); - private readonly translationMessages = Object.freeze({ - ANALYSIS_PLUGIN_TITLE: i18n.translate('analysis.title', { - defaultMessage: 'Analysis', - }), - ENDPOINT_SECURITY_TITLE: i18n.translate( - `${this.PLUGIN_ID}.category.${this.ENDPOINT_SECURITY_ID}`, - { - defaultMessage: 'Endpoint Security', - }, - ), - ENDPOINT_SECURITY_DESCRIPTION: i18n.translate( - `${this.PLUGIN_ID}.category.${this.ENDPOINT_SECURITY_ID}.description`, - { - defaultMessage: - 'Advanced monitoring and protection for devices against security threats.', - }, - ), - THREAT_INTELLIGENCE_TITLE: i18n.translate( - `${this.PLUGIN_ID}.category.${this.THREAT_INTELLIGENCE_ID}`, - { - defaultMessage: 'Threat Intelligence', - }, - ), - SECURITY_OPERATIONS_TITLE: i18n.translate( - `${this.PLUGIN_ID}.category.${this.SECURITY_OPERATIONS_ID}`, - { - defaultMessage: 'Security Operations', - }, - ), - CLOUD_SECURITY_TITLE: i18n.translate( - `${this.PLUGIN_ID}.category.${this.CLOUD_SECURITY_ID}`, - { - defaultMessage: 'Cloud Security', - }, - ), - CONFIGURATION_ASSESSMENT_TITLE: i18n.translate( - `${this.PLUGIN_ID}.category.${this.CONFIGURATION_ASSESSMENT_ID}`, - { - defaultMessage: 'Configuration Assessment', - }, - ), - MALWARE_DETECTION_TITLE: i18n.translate( - `${this.PLUGIN_ID}.category.${this.MALWARE_DETECTION_ID}`, - { - defaultMessage: 'Malware Detection', - }, - ), - FIM_TITLE: i18n.translate(`${this.PLUGIN_ID}.category.${this.FIM_ID}`, { - defaultMessage: 'File Integrity Monitoring', - }), - }); - private readonly CATEGORY: AppCategory = Object.freeze({ - id: this.PLUGIN_ID, - label: this.translationMessages.ANALYSIS_PLUGIN_TITLE, - order: 5000, - }); - private readonly navGroups = Object.freeze({ - [this.ENDPOINT_SECURITY_ID]: { - id: this.ENDPOINT_SECURITY_ID, - title: this.translationMessages.ENDPOINT_SECURITY_TITLE, - description: this.translationMessages.ENDPOINT_SECURITY_DESCRIPTION, - }, - } satisfies Record); + private readonly appStatusUpdater$: Partial< + Record> + > = { + [ENDPOINT_SECURITY_ID]: new Subject(), + }; private registerApps(core: CoreSetup) { const applications: App[] = [ { - id: this.ENDPOINT_SECURITY_ID, - title: this.translationMessages.ENDPOINT_SECURITY_TITLE, + id: ENDPOINT_SECURITY_ID, + title: TRANSLATION_MESSAGES.ENDPOINT_SECURITY_TITLE, mount: async (_params: AppMountParameters) => { - this.endpointSecurityAppsStatusUpdater$.next( + this.appStatusUpdater$[ENDPOINT_SECURITY_ID].next( makeNavLinkStatusVisible, ); - this.appStartup$.next(this.ENDPOINT_SECURITY_ID); + this.appStartup$.next(ENDPOINT_SECURITY_ID); // TODO: Implement the endpoint security landing page return () => {}; }, }, { - id: this.THREAT_INTELLIGENCE_ID, - title: this.translationMessages.THREAT_INTELLIGENCE_TITLE, + id: THREAT_INTELLIGENCE_ID, + title: TRANSLATION_MESSAGES.THREAT_INTELLIGENCE_TITLE, mount: async (params: AppMountParameters) => { // TODO: Implement the threat intelligence application const { renderApp } = await import('./application'); @@ -182,9 +200,9 @@ export class AnalysisPlugin }, }, { - id: this.SECURITY_OPERATIONS_ID, - title: this.translationMessages.SECURITY_OPERATIONS_TITLE, - category: this.CATEGORY, + id: SECURITY_OPERATIONS_ID, + title: TRANSLATION_MESSAGES.SECURITY_OPERATIONS_TITLE, + category: CATEGORY, mount: async (params: AppMountParameters) => { // TODO: Implement the security operations application const { renderApp } = await import('./application'); @@ -193,9 +211,9 @@ export class AnalysisPlugin }, }, { - id: this.CLOUD_SECURITY_ID, - title: this.translationMessages.CLOUD_SECURITY_TITLE, - category: this.CATEGORY, + id: CLOUD_SECURITY_ID, + title: TRANSLATION_MESSAGES.CLOUD_SECURITY_TITLE, + category: CATEGORY, mount: async (params: AppMountParameters) => { // TODO: Implement the cloud security application const { renderApp } = await import('./application'); @@ -204,13 +222,13 @@ export class AnalysisPlugin }, }, ]; - const subApps: Record = { - [this.ENDPOINT_SECURITY_ID]: [ + const subApps = { + [ENDPOINT_SECURITY_ID]: [ { - id: this.CONFIGURATION_ASSESSMENT_ID, - title: this.translationMessages.CONFIGURATION_ASSESSMENT_TITLE, + id: CONFIGURATION_ASSESSMENT_ID, + title: TRANSLATION_MESSAGES.CONFIGURATION_ASSESSMENT_TITLE, navLinkStatus: AppNavLinkStatus.hidden, - updater$: this.endpointSecurityAppsStatusUpdater$, + updater$: this.appStatusUpdater$[ENDPOINT_SECURITY_ID], mount: async (params: AppMountParameters) => { // TODO: Implement the configuration assessment application const { renderApp } = await import('./application'); @@ -219,10 +237,10 @@ export class AnalysisPlugin }, }, { - id: this.MALWARE_DETECTION_ID, - title: this.translationMessages.MALWARE_DETECTION_TITLE, + id: MALWARE_DETECTION_ID, + title: TRANSLATION_MESSAGES.MALWARE_DETECTION_TITLE, navLinkStatus: AppNavLinkStatus.hidden, - updater$: this.endpointSecurityAppsStatusUpdater$, + updater$: this.appStatusUpdater$[ENDPOINT_SECURITY_ID], mount: async (params: AppMountParameters) => { // TODO: Implement the malware detection application const { renderApp } = await import('./application'); @@ -231,10 +249,10 @@ export class AnalysisPlugin }, }, { - id: this.FIM_ID, - title: this.translationMessages.FIM_TITLE, + id: FIM_ID, + title: TRANSLATION_MESSAGES.FIM_TITLE, navLinkStatus: AppNavLinkStatus.hidden, - updater$: this.endpointSecurityAppsStatusUpdater$, + updater$: this.appStatusUpdater$[ENDPOINT_SECURITY_ID], mount: async (params: AppMountParameters) => { // TODO: Implement the fim application const { renderApp } = await import('./application'); @@ -243,18 +261,22 @@ export class AnalysisPlugin }, }, ], - }; + } satisfies Partial>; - for (const app of subApps[this.ENDPOINT_SECURITY_ID]) { + for (const app of subApps[ENDPOINT_SECURITY_ID]) { const mount = app.mount.bind(app) as AppMount; app.mount = async (params: AppMountParameters) => { - this.endpointSecurityAppsStatusUpdater$.next(makeNavLinkStatusVisible); + this.appStatusUpdater$[ENDPOINT_SECURITY_ID].next( + makeNavLinkStatusVisible, + ); const unmount = await mount(params); return () => { - this.endpointSecurityAppsStatusUpdater$.next(makeNavLinkStatusHidden); + this.appStatusUpdater$[ENDPOINT_SECURITY_ID].next( + makeNavLinkStatusHidden, + ); unmount(); }; }; @@ -268,51 +290,48 @@ export class AnalysisPlugin } private registerNavGroups(core: CoreSetup) { - core.chrome.navGroup.addNavLinksToGroup( - this.navGroups[this.ENDPOINT_SECURITY_ID], - [ - { - // Configuration assessment - id: this.CONFIGURATION_ASSESSMENT_ID, - title: this.translationMessages.CONFIGURATION_ASSESSMENT_TITLE, - }, - { - // Malware detection - id: this.MALWARE_DETECTION_ID, - title: this.translationMessages.MALWARE_DETECTION_TITLE, - }, - { - // FIM - id: this.FIM_ID, - title: this.translationMessages.FIM_TITLE, - }, - ], - ); + core.chrome.navGroup.addNavLinksToGroup(NAV_GROUPS[ENDPOINT_SECURITY_ID], [ + { + // Configuration assessment + id: CONFIGURATION_ASSESSMENT_ID, + title: TRANSLATION_MESSAGES.CONFIGURATION_ASSESSMENT_TITLE, + }, + { + // Malware detection + id: MALWARE_DETECTION_ID, + title: TRANSLATION_MESSAGES.MALWARE_DETECTION_TITLE, + }, + { + // FIM + id: FIM_ID, + title: TRANSLATION_MESSAGES.FIM_TITLE, + }, + ]); core.chrome.navGroup.addNavLinksToGroup(DEFAULT_NAV_GROUPS.all, [ { - id: this.ENDPOINT_SECURITY_ID, - title: this.translationMessages.ENDPOINT_SECURITY_TITLE, + id: ENDPOINT_SECURITY_ID, + title: TRANSLATION_MESSAGES.ENDPOINT_SECURITY_TITLE, order: 0, - category: this.CATEGORY, + category: CATEGORY, }, { - id: this.THREAT_INTELLIGENCE_ID, - title: this.translationMessages.THREAT_INTELLIGENCE_TITLE, + id: THREAT_INTELLIGENCE_ID, + title: TRANSLATION_MESSAGES.THREAT_INTELLIGENCE_TITLE, order: 1, - category: this.CATEGORY, + category: CATEGORY, }, { - id: this.SECURITY_OPERATIONS_ID, - title: this.translationMessages.SECURITY_OPERATIONS_TITLE, + id: SECURITY_OPERATIONS_ID, + title: TRANSLATION_MESSAGES.SECURITY_OPERATIONS_TITLE, order: 2, - category: this.CATEGORY, + category: CATEGORY, }, { - id: this.CLOUD_SECURITY_ID, - title: this.translationMessages.CLOUD_SECURITY_TITLE, + id: CLOUD_SECURITY_ID, + title: TRANSLATION_MESSAGES.CLOUD_SECURITY_TITLE, order: 3, - category: this.CATEGORY, + category: CATEGORY, }, ]); } From 8ab60275ff0df40cb40a5682ea88db7004e8ed38 Mon Sep 17 00:00:00 2001 From: Guido Modarelli Date: Tue, 21 Jan 2025 06:37:56 -0300 Subject: [PATCH 041/212] Refactor AnalysisPlugin to assign CATEGORY to endpoint security and threat intelligence apps --- plugins/wazuh-analysis/public/plugin.ts | 2 ++ 1 file changed, 2 insertions(+) diff --git a/plugins/wazuh-analysis/public/plugin.ts b/plugins/wazuh-analysis/public/plugin.ts index 7d2d2cc007..19dfa8a9ad 100644 --- a/plugins/wazuh-analysis/public/plugin.ts +++ b/plugins/wazuh-analysis/public/plugin.ts @@ -179,6 +179,7 @@ export class AnalysisPlugin { id: ENDPOINT_SECURITY_ID, title: TRANSLATION_MESSAGES.ENDPOINT_SECURITY_TITLE, + category: CATEGORY, mount: async (_params: AppMountParameters) => { this.appStatusUpdater$[ENDPOINT_SECURITY_ID].next( makeNavLinkStatusVisible, @@ -192,6 +193,7 @@ export class AnalysisPlugin { id: THREAT_INTELLIGENCE_ID, title: TRANSLATION_MESSAGES.THREAT_INTELLIGENCE_TITLE, + category: CATEGORY, mount: async (params: AppMountParameters) => { // TODO: Implement the threat intelligence application const { renderApp } = await import('./application'); From 3e31c746cf6d2295cb203d0d6eebfef4a2c6c2dc Mon Sep 17 00:00:00 2001 From: Guido Modarelli Date: Tue, 21 Jan 2025 06:47:31 -0300 Subject: [PATCH 042/212] Refactor AnalysisPlugin to update appStatusUpdater type to AppUpdater --- plugins/wazuh-analysis/public/plugin.ts | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/plugins/wazuh-analysis/public/plugin.ts b/plugins/wazuh-analysis/public/plugin.ts index 19dfa8a9ad..17448e632e 100644 --- a/plugins/wazuh-analysis/public/plugin.ts +++ b/plugins/wazuh-analysis/public/plugin.ts @@ -3,6 +3,7 @@ import { AppCategory, AppMount, AppMountParameters, + AppUpdater, ChromeNavGroup, NavGroupItemInMap, } from 'opensearch-dashboards/public'; @@ -169,9 +170,9 @@ export class AnalysisPlugin { private readonly appStartup$ = new Subject(); private readonly appStatusUpdater$: Partial< - Record> + Record> > = { - [ENDPOINT_SECURITY_ID]: new Subject(), + [ENDPOINT_SECURITY_ID]: new Subject(), }; private registerApps(core: CoreSetup) { From 1644441f467cc1e779a47b5e95278c492bd9cde0 Mon Sep 17 00:00:00 2001 From: Guido Modarelli Date: Tue, 21 Jan 2025 06:48:39 -0300 Subject: [PATCH 043/212] Refactor AnalysisPlugin to conditionally update appStatusUpdater based on navGroup status --- plugins/wazuh-analysis/public/plugin.ts | 35 ++++++++++++++++--------- 1 file changed, 22 insertions(+), 13 deletions(-) diff --git a/plugins/wazuh-analysis/public/plugin.ts b/plugins/wazuh-analysis/public/plugin.ts index 17448e632e..b66666ce02 100644 --- a/plugins/wazuh-analysis/public/plugin.ts +++ b/plugins/wazuh-analysis/public/plugin.ts @@ -182,10 +182,12 @@ export class AnalysisPlugin title: TRANSLATION_MESSAGES.ENDPOINT_SECURITY_TITLE, category: CATEGORY, mount: async (_params: AppMountParameters) => { - this.appStatusUpdater$[ENDPOINT_SECURITY_ID].next( - makeNavLinkStatusVisible, - ); - this.appStartup$.next(ENDPOINT_SECURITY_ID); + if (core.chrome.navGroup.getNavGroupEnabled()) { + this.appStatusUpdater$[ENDPOINT_SECURITY_ID]?.next( + makeNavLinkStatusVisible, + ); + this.appStartup$.next(ENDPOINT_SECURITY_ID); + } // TODO: Implement the endpoint security landing page return () => {}; @@ -270,16 +272,21 @@ export class AnalysisPlugin const mount = app.mount.bind(app) as AppMount; app.mount = async (params: AppMountParameters) => { - this.appStatusUpdater$[ENDPOINT_SECURITY_ID].next( - makeNavLinkStatusVisible, - ); + if (core.chrome.navGroup.getNavGroupEnabled()) { + this.appStatusUpdater$[ENDPOINT_SECURITY_ID]?.next( + makeNavLinkStatusVisible, + ); + } const unmount = await mount(params); return () => { - this.appStatusUpdater$[ENDPOINT_SECURITY_ID].next( - makeNavLinkStatusHidden, - ); + if (core.chrome.navGroup.getNavGroupEnabled()) { + this.appStatusUpdater$[ENDPOINT_SECURITY_ID]?.next( + makeNavLinkStatusHidden, + ); + } + unmount(); }; }; @@ -354,11 +361,13 @@ export class AnalysisPlugin private subscribeToAppStartup(core: CoreStart) { this.appStartup$.subscribe({ next: async (navGroupId: string) => { - core.chrome.navGroup.setCurrentNavGroup(navGroupId); + if (core.chrome.navGroup.getNavGroupEnabled()) { + core.chrome.navGroup.setCurrentNavGroup(navGroupId); - const currentNavGroup = await getCurrentNavGroup(core); + const currentNavGroup = await getCurrentNavGroup(core); - navigateToFirstAppInNavGroup(core, currentNavGroup); + navigateToFirstAppInNavGroup(core, currentNavGroup); + } }, }); } From 5e3961c736d7d9950d95aec5ad74cbdc92c0d42e Mon Sep 17 00:00:00 2001 From: Guido Modarelli Date: Tue, 21 Jan 2025 06:49:06 -0300 Subject: [PATCH 044/212] Refactor AnalysisPlugin to ensure unmount function returns a boolean value --- plugins/wazuh-analysis/public/plugin.ts | 2 ++ 1 file changed, 2 insertions(+) diff --git a/plugins/wazuh-analysis/public/plugin.ts b/plugins/wazuh-analysis/public/plugin.ts index b66666ce02..231d695b82 100644 --- a/plugins/wazuh-analysis/public/plugin.ts +++ b/plugins/wazuh-analysis/public/plugin.ts @@ -288,6 +288,8 @@ export class AnalysisPlugin } unmount(); + + return true; }; }; From 55ff576b63f1df202094e0f4305bb7e7f658e735 Mon Sep 17 00:00:00 2001 From: Guido Modarelli Date: Tue, 21 Jan 2025 06:52:51 -0300 Subject: [PATCH 045/212] Refactor AnalysisPlugin to simplify appStatusUpdater initialization and remove optional chaining --- plugins/wazuh-analysis/public/plugin.ts | 12 +++++------- 1 file changed, 5 insertions(+), 7 deletions(-) diff --git a/plugins/wazuh-analysis/public/plugin.ts b/plugins/wazuh-analysis/public/plugin.ts index 231d695b82..b38b78ad61 100644 --- a/plugins/wazuh-analysis/public/plugin.ts +++ b/plugins/wazuh-analysis/public/plugin.ts @@ -169,11 +169,9 @@ export class AnalysisPlugin Plugin { private readonly appStartup$ = new Subject(); - private readonly appStatusUpdater$: Partial< - Record> - > = { + private readonly appStatusUpdater$ = { [ENDPOINT_SECURITY_ID]: new Subject(), - }; + } satisfies Partial>>; private registerApps(core: CoreSetup) { const applications: App[] = [ @@ -183,7 +181,7 @@ export class AnalysisPlugin category: CATEGORY, mount: async (_params: AppMountParameters) => { if (core.chrome.navGroup.getNavGroupEnabled()) { - this.appStatusUpdater$[ENDPOINT_SECURITY_ID]?.next( + this.appStatusUpdater$[ENDPOINT_SECURITY_ID].next( makeNavLinkStatusVisible, ); this.appStartup$.next(ENDPOINT_SECURITY_ID); @@ -273,7 +271,7 @@ export class AnalysisPlugin app.mount = async (params: AppMountParameters) => { if (core.chrome.navGroup.getNavGroupEnabled()) { - this.appStatusUpdater$[ENDPOINT_SECURITY_ID]?.next( + this.appStatusUpdater$[ENDPOINT_SECURITY_ID].next( makeNavLinkStatusVisible, ); } @@ -282,7 +280,7 @@ export class AnalysisPlugin return () => { if (core.chrome.navGroup.getNavGroupEnabled()) { - this.appStatusUpdater$[ENDPOINT_SECURITY_ID]?.next( + this.appStatusUpdater$[ENDPOINT_SECURITY_ID].next( makeNavLinkStatusHidden, ); } From 7ce935cd327afd8c53347c1b114b74572ae6cc7b Mon Sep 17 00:00:00 2001 From: Guido Modarelli Date: Tue, 21 Jan 2025 07:32:04 -0300 Subject: [PATCH 046/212] Refactor package.json to remove unused React type definitions from devDependencies --- package.json | 2 -- 1 file changed, 2 deletions(-) diff --git a/package.json b/package.json index 819bb59731..73994b0ed9 100644 --- a/package.json +++ b/package.json @@ -8,8 +8,6 @@ }, "devDependencies": { "@stylistic/eslint-plugin": "^2.11.0", - "@types/react": "^19.0.7", - "@types/react-dom": "^19.0.3", "@typescript-eslint/eslint-plugin": "^8.16.0", "@typescript-eslint/parser": "^8.16.0", "eslint": "^8.57.1", From c46b157a1d441a51477e2ee8801482b2fa34dad8 Mon Sep 17 00:00:00 2001 From: Guido Modarelli Date: Tue, 21 Jan 2025 07:36:47 -0300 Subject: [PATCH 047/212] Refactor yarn.lock to remove unused React type definitions and csstype dependency --- yarn.lock | 17 ----------------- 1 file changed, 17 deletions(-) diff --git a/yarn.lock b/yarn.lock index 2d20336bc7..f7bc471275 100644 --- a/yarn.lock +++ b/yarn.lock @@ -136,18 +136,6 @@ resolved "https://registry.yarnpkg.com/@types/normalize-package-data/-/normalize-package-data-2.4.4.tgz#56e2cc26c397c038fab0e3a917a12d5c5909e901" integrity sha512-37i+OaWTh9qeK4LSHPsyRC7NahnGotNuZvjLSgcPzblpHB3rrCJxAOgI5gCdKm7coonsaX1Of0ILiTcnZjbfxA== -"@types/react-dom@^19.0.3": - version "19.0.3" - resolved "https://registry.yarnpkg.com/@types/react-dom/-/react-dom-19.0.3.tgz#0804dfd279a165d5a0ad8b53a5b9e65f338050a4" - integrity sha512-0Knk+HJiMP/qOZgMyNFamlIjw9OFCsyC2ZbigmEEyXXixgre6IQpm/4V+r3qH4GC1JPvRJKInw+on2rV6YZLeA== - -"@types/react@^19.0.7": - version "19.0.7" - resolved "https://registry.yarnpkg.com/@types/react/-/react-19.0.7.tgz#c451968b999d1cb2d9207dc5ff56496164cf511d" - integrity sha512-MoFsEJKkAtZCrC1r6CM8U22GzhG7u2Wir8ons/aCKH6MBdD1ibV24zOSSkdZVUKqN5i396zG5VKLYZ3yaUZdLA== - dependencies: - csstype "^3.0.2" - "@typescript-eslint/eslint-plugin@^8.16.0": version "8.16.0" resolved "https://registry.yarnpkg.com/@typescript-eslint/eslint-plugin/-/eslint-plugin-8.16.0.tgz#ac56825bcdf3b392fc76a94b1315d4a162f201a6" @@ -610,11 +598,6 @@ cross-spawn@^7.0.2: shebang-command "^2.0.0" which "^2.0.1" -csstype@^3.0.2: - version "3.1.3" - resolved "https://registry.yarnpkg.com/csstype/-/csstype-3.1.3.tgz#d80ff294d114fb0e6ac500fbf85b60137d7eff81" - integrity sha512-M1uQkMl8rQK/szD0LNhtqxIPLpimGm8sOBwU7lLnCpSbTyY3yeU1Vc7l4KT5zT4s/yOxHH5O7tIuuLOCnLADRw== - data-view-buffer@^1.0.1: version "1.0.1" resolved "https://registry.yarnpkg.com/data-view-buffer/-/data-view-buffer-1.0.1.tgz#8ea6326efec17a2e42620696e671d7d5a8bc66b2" From 1489da384aa421342ae9511e791a097041e42c10 Mon Sep 17 00:00:00 2001 From: Guido Modarelli Date: Tue, 21 Jan 2025 10:58:12 -0300 Subject: [PATCH 048/212] Refactor AnalysisPlugin to add threat intelligence sub-apps and update navigation links --- plugins/wazuh-analysis/public/plugin.ts | 139 ++++++++++++++++++++++-- 1 file changed, 128 insertions(+), 11 deletions(-) diff --git a/plugins/wazuh-analysis/public/plugin.ts b/plugins/wazuh-analysis/public/plugin.ts index b38b78ad61..a8c0d960ee 100644 --- a/plugins/wazuh-analysis/public/plugin.ts +++ b/plugins/wazuh-analysis/public/plugin.ts @@ -59,6 +59,18 @@ const MALWARE_DETECTION_ID = generateSubAppId( 'malware_detection', ); const FIM_ID = generateSubAppId(ENDPOINT_SECURITY_ID, 'fim'); +const THREAT_HUNTING_ID = generateSubAppId( + THREAT_INTELLIGENCE_ID, + 'threat_hunting', +); +const VULNERABILITY_DETECTION_ID = generateSubAppId( + THREAT_INTELLIGENCE_ID, + 'vulnerability_detection', +); +const MITRE_ATTACK_ID = generateSubAppId( + THREAT_INTELLIGENCE_ID, + 'mitre_attack', +); const TRANSLATION_MESSAGES = Object.freeze({ ANALYSIS_PLUGIN_TITLE: i18n.translate('analysis.title', { defaultMessage: 'Analysis', @@ -82,6 +94,13 @@ const TRANSLATION_MESSAGES = Object.freeze({ defaultMessage: 'Threat Intelligence', }, ), + THREAT_INTELLIGENCE_DESCRIPTION: i18n.translate( + `${PLUGIN_ID}.category.${THREAT_INTELLIGENCE_ID}.description`, + { + defaultMessage: + 'Collect and analyze information about potential threats to inform security decisions.', + }, + ), SECURITY_OPERATIONS_TITLE: i18n.translate( `${PLUGIN_ID}.category.${SECURITY_OPERATIONS_ID}`, { @@ -109,6 +128,24 @@ const TRANSLATION_MESSAGES = Object.freeze({ FIM_TITLE: i18n.translate(`${PLUGIN_ID}.category.${FIM_ID}`, { defaultMessage: 'File Integrity Monitoring', }), + THREAT_HUNTING_TITLE: i18n.translate( + `${PLUGIN_ID}.category.${THREAT_HUNTING_ID}`, + { + defaultMessage: 'Threat Hunting', + }, + ), + VULNERABILITY_DETECTION_TITLE: i18n.translate( + `${PLUGIN_ID}.category.${VULNERABILITY_DETECTION_ID}`, + { + defaultMessage: 'Vulnerability Detection', + }, + ), + MITRE_ATTACK_TITLE: i18n.translate( + `${PLUGIN_ID}.category.${MITRE_ATTACK_ID}`, + { + defaultMessage: 'MITRE ATT&CK', + }, + ), }); const CATEGORY: AppCategory = Object.freeze({ id: PLUGIN_ID, @@ -121,6 +158,11 @@ const NAV_GROUPS = Object.freeze({ title: TRANSLATION_MESSAGES.ENDPOINT_SECURITY_TITLE, description: TRANSLATION_MESSAGES.ENDPOINT_SECURITY_DESCRIPTION, }, + [THREAT_INTELLIGENCE_ID]: { + id: THREAT_INTELLIGENCE_ID, + title: TRANSLATION_MESSAGES.THREAT_INTELLIGENCE_TITLE, + description: TRANSLATION_MESSAGES.THREAT_INTELLIGENCE_DESCRIPTION, + }, } satisfies Partial>); function makeNavLinkStatusVisible(): Partial { @@ -171,6 +213,9 @@ export class AnalysisPlugin private readonly appStartup$ = new Subject(); private readonly appStatusUpdater$ = { [ENDPOINT_SECURITY_ID]: new Subject(), + [THREAT_INTELLIGENCE_ID]: new Subject(), + [SECURITY_OPERATIONS_ID]: new Subject(), + [CLOUD_SECURITY_ID]: new Subject(), } satisfies Partial>>; private registerApps(core: CoreSetup) { @@ -196,6 +241,13 @@ export class AnalysisPlugin title: TRANSLATION_MESSAGES.THREAT_INTELLIGENCE_TITLE, category: CATEGORY, mount: async (params: AppMountParameters) => { + if (core.chrome.navGroup.getNavGroupEnabled()) { + this.appStatusUpdater$[THREAT_INTELLIGENCE_ID].next( + makeNavLinkStatusVisible, + ); + this.appStartup$.next(THREAT_INTELLIGENCE_ID); + } + // TODO: Implement the threat intelligence application const { renderApp } = await import('./application'); @@ -260,29 +312,77 @@ export class AnalysisPlugin // TODO: Implement the fim application const { renderApp } = await import('./application'); + return await renderApp(params, {}); + }, + }, + ], + [THREAT_INTELLIGENCE_ID]: [ + { + id: THREAT_HUNTING_ID, + title: TRANSLATION_MESSAGES.THREAT_HUNTING_TITLE, + navLinkStatus: AppNavLinkStatus.hidden, + updater$: this.appStatusUpdater$[THREAT_INTELLIGENCE_ID], + mount: async (params: AppMountParameters) => { + // TODO: Implement the threat hunting application + const { renderApp } = await import('./application'); + + return await renderApp(params, {}); + }, + }, + { + id: VULNERABILITY_DETECTION_ID, + title: TRANSLATION_MESSAGES.VULNERABILITY_DETECTION_TITLE, + navLinkStatus: AppNavLinkStatus.hidden, + updater$: this.appStatusUpdater$[THREAT_INTELLIGENCE_ID], + mount: async (params: AppMountParameters) => { + // TODO: Implement the vulnerability detection application + const { renderApp } = await import('./application'); + + return await renderApp(params, {}); + }, + }, + { + id: MITRE_ATTACK_ID, + title: TRANSLATION_MESSAGES.MITRE_ATTACK_TITLE, + navLinkStatus: AppNavLinkStatus.hidden, + updater$: this.appStatusUpdater$[THREAT_INTELLIGENCE_ID], + mount: async (params: AppMountParameters) => { + // TODO: Implement the mitre attack application + const { renderApp } = await import('./application'); + return await renderApp(params, {}); }, }, ], } satisfies Partial>; - for (const app of subApps[ENDPOINT_SECURITY_ID]) { + this.setupAppMounts(subApps, ENDPOINT_SECURITY_ID, core, applications); + this.setupAppMounts(subApps, THREAT_INTELLIGENCE_ID, core, applications); + + for (const app of applications) { + core.application.register(app); + } + } + + private setupAppMounts( + subApps: Partial>, + navGroupId: ParentAppId, + core: CoreSetup, + applications: App[], + ) { + for (const app of subApps[navGroupId] ?? []) { const mount = app.mount.bind(app) as AppMount; app.mount = async (params: AppMountParameters) => { if (core.chrome.navGroup.getNavGroupEnabled()) { - this.appStatusUpdater$[ENDPOINT_SECURITY_ID].next( - makeNavLinkStatusVisible, - ); + this.appStatusUpdater$[navGroupId].next(makeNavLinkStatusVisible); } const unmount = await mount(params); return () => { if (core.chrome.navGroup.getNavGroupEnabled()) { - this.appStatusUpdater$[ENDPOINT_SECURITY_ID].next( - makeNavLinkStatusHidden, - ); + this.appStatusUpdater$[navGroupId].next(makeNavLinkStatusHidden); } unmount(); @@ -293,10 +393,6 @@ export class AnalysisPlugin applications.push(app); } - - for (const app of applications) { - core.application.register(app); - } } private registerNavGroups(core: CoreSetup) { @@ -318,6 +414,27 @@ export class AnalysisPlugin }, ]); + core.chrome.navGroup.addNavLinksToGroup( + NAV_GROUPS[THREAT_INTELLIGENCE_ID], + [ + { + // Threat hunting + id: THREAT_HUNTING_ID, + title: TRANSLATION_MESSAGES.THREAT_HUNTING_TITLE, + }, + { + // Vulnerability detection + id: VULNERABILITY_DETECTION_ID, + title: TRANSLATION_MESSAGES.VULNERABILITY_DETECTION_TITLE, + }, + { + // MITRE ATT&CK + id: MITRE_ATTACK_ID, + title: TRANSLATION_MESSAGES.MITRE_ATTACK_TITLE, + }, + ], + ); + core.chrome.navGroup.addNavLinksToGroup(DEFAULT_NAV_GROUPS.all, [ { id: ENDPOINT_SECURITY_ID, From d7806302957cd7b8cf24ab3e973d0ab4c8c63891 Mon Sep 17 00:00:00 2001 From: Guido Modarelli Date: Tue, 21 Jan 2025 13:08:57 -0300 Subject: [PATCH 049/212] Refactor AnalysisPlugin to add new sub-apps for regulatory compliance, IT hygiene, incident response, and cloud security services --- plugins/wazuh-analysis/public/plugin.ts | 236 ++++++++++++++++++++++++ 1 file changed, 236 insertions(+) diff --git a/plugins/wazuh-analysis/public/plugin.ts b/plugins/wazuh-analysis/public/plugin.ts index a8c0d960ee..d189cb9777 100644 --- a/plugins/wazuh-analysis/public/plugin.ts +++ b/plugins/wazuh-analysis/public/plugin.ts @@ -71,6 +71,20 @@ const MITRE_ATTACK_ID = generateSubAppId( THREAT_INTELLIGENCE_ID, 'mitre_attack', ); +const REGULATORY_COMPLIANCE_ID = generateSubAppId( + SECURITY_OPERATIONS_ID, + 'regulatory_compliance', +); +const IT_HYGIENE_ID = generateSubAppId(SECURITY_OPERATIONS_ID, 'it_hygiene'); +const INCIDENT_RESPONSE_ID = generateSubAppId( + SECURITY_OPERATIONS_ID, + 'incident_response', +); +const DOCKER_ID = generateSubAppId(CLOUD_SECURITY_ID, 'docker'); +const AWS_ID = generateSubAppId(CLOUD_SECURITY_ID, 'aws'); +const GOOGLE_CLOUD_ID = generateSubAppId(CLOUD_SECURITY_ID, 'google_cloud'); +const GITHUB_ID = generateSubAppId(CLOUD_SECURITY_ID, 'github'); +const OFFICE365_ID = generateSubAppId(CLOUD_SECURITY_ID, 'office365'); const TRANSLATION_MESSAGES = Object.freeze({ ANALYSIS_PLUGIN_TITLE: i18n.translate('analysis.title', { defaultMessage: 'Analysis', @@ -107,12 +121,26 @@ const TRANSLATION_MESSAGES = Object.freeze({ defaultMessage: 'Security Operations', }, ), + SECURITY_OPERATIONS_DESCRIPTION: i18n.translate( + `${PLUGIN_ID}.category.${SECURITY_OPERATIONS_ID}.description`, + { + defaultMessage: + 'Advanced monitoring and protection for devices against security threats.', + }, + ), CLOUD_SECURITY_TITLE: i18n.translate( `${PLUGIN_ID}.category.${CLOUD_SECURITY_ID}`, { defaultMessage: 'Cloud Security', }, ), + CLOUD_SECURITY_DESCRIPTION: i18n.translate( + `${PLUGIN_ID}.category.${CLOUD_SECURITY_ID}.description`, + { + defaultMessage: + 'Monitoring and protection for cloud environments against security threats.', + }, + ), CONFIGURATION_ASSESSMENT_TITLE: i18n.translate( `${PLUGIN_ID}.category.${CONFIGURATION_ASSESSMENT_ID}`, { @@ -146,6 +174,39 @@ const TRANSLATION_MESSAGES = Object.freeze({ defaultMessage: 'MITRE ATT&CK', }, ), + REGULATORY_COMPLIANCE_TITLE: i18n.translate( + `${PLUGIN_ID}.category.${REGULATORY_COMPLIANCE_ID}`, + { + defaultMessage: 'Regulatory Compliance', + }, + ), + IT_HYGIENE_TITLE: i18n.translate(`${PLUGIN_ID}.category.${IT_HYGIENE_ID}`, { + defaultMessage: 'IT Hygiene', + }), + INCIDENT_RESPONSE_TITLE: i18n.translate( + `${PLUGIN_ID}.category.${INCIDENT_RESPONSE_ID}`, + { + defaultMessage: 'Incident Response', + }, + ), + DOCKER_TITLE: i18n.translate(`${PLUGIN_ID}.category.${DOCKER_ID}`, { + defaultMessage: 'Docker', + }), + AWS_TITLE: i18n.translate(`${PLUGIN_ID}.category.${AWS_ID}`, { + defaultMessage: 'AWS', + }), + GOOGLE_CLOUD_TITLE: i18n.translate( + `${PLUGIN_ID}.category.${GOOGLE_CLOUD_ID}`, + { + defaultMessage: 'Google Cloud', + }, + ), + GITHUB_TITLE: i18n.translate(`${PLUGIN_ID}.category.${GITHUB_ID}`, { + defaultMessage: 'Github', + }), + OFFICE365_TITLE: i18n.translate(`${PLUGIN_ID}.category.${OFFICE365_ID}`, { + defaultMessage: 'Office 365', + }), }); const CATEGORY: AppCategory = Object.freeze({ id: PLUGIN_ID, @@ -163,6 +224,16 @@ const NAV_GROUPS = Object.freeze({ title: TRANSLATION_MESSAGES.THREAT_INTELLIGENCE_TITLE, description: TRANSLATION_MESSAGES.THREAT_INTELLIGENCE_DESCRIPTION, }, + [SECURITY_OPERATIONS_ID]: { + id: SECURITY_OPERATIONS_ID, + title: TRANSLATION_MESSAGES.SECURITY_OPERATIONS_TITLE, + description: TRANSLATION_MESSAGES.SECURITY_OPERATIONS_DESCRIPTION, + }, + [CLOUD_SECURITY_ID]: { + id: CLOUD_SECURITY_ID, + title: TRANSLATION_MESSAGES.CLOUD_SECURITY_TITLE, + description: TRANSLATION_MESSAGES.CLOUD_SECURITY_DESCRIPTION, + }, } satisfies Partial>); function makeNavLinkStatusVisible(): Partial { @@ -259,6 +330,13 @@ export class AnalysisPlugin title: TRANSLATION_MESSAGES.SECURITY_OPERATIONS_TITLE, category: CATEGORY, mount: async (params: AppMountParameters) => { + if (core.chrome.navGroup.getNavGroupEnabled()) { + this.appStatusUpdater$[SECURITY_OPERATIONS_ID].next( + makeNavLinkStatusVisible, + ); + this.appStartup$.next(SECURITY_OPERATIONS_ID); + } + // TODO: Implement the security operations application const { renderApp } = await import('./application'); @@ -270,6 +348,13 @@ export class AnalysisPlugin title: TRANSLATION_MESSAGES.CLOUD_SECURITY_TITLE, category: CATEGORY, mount: async (params: AppMountParameters) => { + if (core.chrome.navGroup.getNavGroupEnabled()) { + this.appStatusUpdater$[CLOUD_SECURITY_ID].next( + makeNavLinkStatusVisible, + ); + this.appStartup$.next(CLOUD_SECURITY_ID); + } + // TODO: Implement the cloud security application const { renderApp } = await import('./application'); @@ -350,6 +435,106 @@ export class AnalysisPlugin // TODO: Implement the mitre attack application const { renderApp } = await import('./application'); + return await renderApp(params, {}); + }, + }, + ], + [SECURITY_OPERATIONS_ID]: [ + { + id: REGULATORY_COMPLIANCE_ID, + title: TRANSLATION_MESSAGES.REGULATORY_COMPLIANCE_TITLE, + navLinkStatus: AppNavLinkStatus.hidden, + updater$: this.appStatusUpdater$[SECURITY_OPERATIONS_ID], + mount: async (params: AppMountParameters) => { + // TODO: Implement the regulatory compliance application + const { renderApp } = await import('./application'); + + return await renderApp(params, {}); + }, + }, + { + id: IT_HYGIENE_ID, + title: TRANSLATION_MESSAGES.IT_HYGIENE_TITLE, + navLinkStatus: AppNavLinkStatus.hidden, + updater$: this.appStatusUpdater$[SECURITY_OPERATIONS_ID], + mount: async (params: AppMountParameters) => { + // TODO: Implement the it hygiene application + const { renderApp } = await import('./application'); + + return await renderApp(params, {}); + }, + }, + { + id: INCIDENT_RESPONSE_ID, + title: TRANSLATION_MESSAGES.INCIDENT_RESPONSE_TITLE, + navLinkStatus: AppNavLinkStatus.hidden, + updater$: this.appStatusUpdater$[SECURITY_OPERATIONS_ID], + mount: async (params: AppMountParameters) => { + // TODO: Implement the incident response application + const { renderApp } = await import('./application'); + + return await renderApp(params, {}); + }, + }, + ], + [CLOUD_SECURITY_ID]: [ + { + id: DOCKER_ID, + title: TRANSLATION_MESSAGES.DOCKER_TITLE, + navLinkStatus: AppNavLinkStatus.hidden, + updater$: this.appStatusUpdater$[CLOUD_SECURITY_ID], + mount: async (params: AppMountParameters) => { + // TODO: Implement the docker application + const { renderApp } = await import('./application'); + + return await renderApp(params, {}); + }, + }, + { + id: AWS_ID, + title: TRANSLATION_MESSAGES.AWS_TITLE, + navLinkStatus: AppNavLinkStatus.hidden, + updater$: this.appStatusUpdater$[CLOUD_SECURITY_ID], + mount: async (params: AppMountParameters) => { + // TODO: Implement the aws application + const { renderApp } = await import('./application'); + + return await renderApp(params, {}); + }, + }, + { + id: GOOGLE_CLOUD_ID, + title: TRANSLATION_MESSAGES.GOOGLE_CLOUD_TITLE, + navLinkStatus: AppNavLinkStatus.hidden, + updater$: this.appStatusUpdater$[CLOUD_SECURITY_ID], + mount: async (params: AppMountParameters) => { + // TODO: Implement the google cloud application + const { renderApp } = await import('./application'); + + return await renderApp(params, {}); + }, + }, + { + id: GITHUB_ID, + title: TRANSLATION_MESSAGES.GITHUB_TITLE, + navLinkStatus: AppNavLinkStatus.hidden, + updater$: this.appStatusUpdater$[CLOUD_SECURITY_ID], + mount: async (params: AppMountParameters) => { + // TODO: Implement the github application + const { renderApp } = await import('./application'); + + return await renderApp(params, {}); + }, + }, + { + id: OFFICE365_ID, + title: TRANSLATION_MESSAGES.OFFICE365_TITLE, + navLinkStatus: AppNavLinkStatus.hidden, + updater$: this.appStatusUpdater$[CLOUD_SECURITY_ID], + mount: async (params: AppMountParameters) => { + // TODO: Implement the office365 application + const { renderApp } = await import('./application'); + return await renderApp(params, {}); }, }, @@ -358,6 +543,8 @@ export class AnalysisPlugin this.setupAppMounts(subApps, ENDPOINT_SECURITY_ID, core, applications); this.setupAppMounts(subApps, THREAT_INTELLIGENCE_ID, core, applications); + this.setupAppMounts(subApps, SECURITY_OPERATIONS_ID, core, applications); + this.setupAppMounts(subApps, CLOUD_SECURITY_ID, core, applications); for (const app of applications) { core.application.register(app); @@ -435,6 +622,55 @@ export class AnalysisPlugin ], ); + core.chrome.navGroup.addNavLinksToGroup( + NAV_GROUPS[SECURITY_OPERATIONS_ID], + [ + { + // Regulatory compliance + id: REGULATORY_COMPLIANCE_ID, + title: TRANSLATION_MESSAGES.REGULATORY_COMPLIANCE_TITLE, + }, + { + // IT hygiene + id: IT_HYGIENE_ID, + title: TRANSLATION_MESSAGES.IT_HYGIENE_TITLE, + }, + { + // Incident response + id: INCIDENT_RESPONSE_ID, + title: TRANSLATION_MESSAGES.INCIDENT_RESPONSE_TITLE, + }, + ], + ); + + core.chrome.navGroup.addNavLinksToGroup(NAV_GROUPS[CLOUD_SECURITY_ID], [ + { + // Docker + id: DOCKER_ID, + title: TRANSLATION_MESSAGES.DOCKER_TITLE, + }, + { + // AWS + id: AWS_ID, + title: TRANSLATION_MESSAGES.AWS_TITLE, + }, + { + // Google Cloud + id: GOOGLE_CLOUD_ID, + title: TRANSLATION_MESSAGES.GOOGLE_CLOUD_TITLE, + }, + { + // Github + id: GITHUB_ID, + title: TRANSLATION_MESSAGES.GITHUB_TITLE, + }, + { + // Office 365 + id: OFFICE365_ID, + title: TRANSLATION_MESSAGES.OFFICE365_TITLE, + }, + ]); + core.chrome.navGroup.addNavLinksToGroup(DEFAULT_NAV_GROUPS.all, [ { id: ENDPOINT_SECURITY_ID, From 8dd71d25310cca54f869af8703f65e6c77cd46dd Mon Sep 17 00:00:00 2001 From: Guido Modarelli Date: Tue, 21 Jan 2025 13:19:39 -0300 Subject: [PATCH 050/212] Refactor AnalysisPlugin to improve app mount logic and enhance app status updates --- plugins/wazuh-analysis/public/plugin.ts | 52 ++++++++++--------------- 1 file changed, 20 insertions(+), 32 deletions(-) diff --git a/plugins/wazuh-analysis/public/plugin.ts b/plugins/wazuh-analysis/public/plugin.ts index d189cb9777..540dd3b753 100644 --- a/plugins/wazuh-analysis/public/plugin.ts +++ b/plugins/wazuh-analysis/public/plugin.ts @@ -281,7 +281,7 @@ export class AnalysisPlugin implements Plugin { - private readonly appStartup$ = new Subject(); + private readonly appStartup$ = new Subject(); private readonly appStatusUpdater$ = { [ENDPOINT_SECURITY_ID]: new Subject(), [THREAT_INTELLIGENCE_ID]: new Subject(), @@ -295,30 +295,16 @@ export class AnalysisPlugin id: ENDPOINT_SECURITY_ID, title: TRANSLATION_MESSAGES.ENDPOINT_SECURITY_TITLE, category: CATEGORY, - mount: async (_params: AppMountParameters) => { - if (core.chrome.navGroup.getNavGroupEnabled()) { - this.appStatusUpdater$[ENDPOINT_SECURITY_ID].next( - makeNavLinkStatusVisible, - ); - this.appStartup$.next(ENDPOINT_SECURITY_ID); - } - + mount: + async (_params: AppMountParameters) => // TODO: Implement the endpoint security landing page - return () => {}; - }, + () => {}, }, { id: THREAT_INTELLIGENCE_ID, title: TRANSLATION_MESSAGES.THREAT_INTELLIGENCE_TITLE, category: CATEGORY, mount: async (params: AppMountParameters) => { - if (core.chrome.navGroup.getNavGroupEnabled()) { - this.appStatusUpdater$[THREAT_INTELLIGENCE_ID].next( - makeNavLinkStatusVisible, - ); - this.appStartup$.next(THREAT_INTELLIGENCE_ID); - } - // TODO: Implement the threat intelligence application const { renderApp } = await import('./application'); @@ -330,13 +316,6 @@ export class AnalysisPlugin title: TRANSLATION_MESSAGES.SECURITY_OPERATIONS_TITLE, category: CATEGORY, mount: async (params: AppMountParameters) => { - if (core.chrome.navGroup.getNavGroupEnabled()) { - this.appStatusUpdater$[SECURITY_OPERATIONS_ID].next( - makeNavLinkStatusVisible, - ); - this.appStartup$.next(SECURITY_OPERATIONS_ID); - } - // TODO: Implement the security operations application const { renderApp } = await import('./application'); @@ -348,13 +327,6 @@ export class AnalysisPlugin title: TRANSLATION_MESSAGES.CLOUD_SECURITY_TITLE, category: CATEGORY, mount: async (params: AppMountParameters) => { - if (core.chrome.navGroup.getNavGroupEnabled()) { - this.appStatusUpdater$[CLOUD_SECURITY_ID].next( - makeNavLinkStatusVisible, - ); - this.appStartup$.next(CLOUD_SECURITY_ID); - } - // TODO: Implement the cloud security application const { renderApp } = await import('./application'); @@ -362,6 +334,22 @@ export class AnalysisPlugin }, }, ]; + + for (const app of applications) { + const mount = app.mount.bind(app) as AppMount; + + app.mount = async (params: AppMountParameters) => { + if (core.chrome.navGroup.getNavGroupEnabled()) { + this.appStatusUpdater$[app.id as ParentAppId].next( + makeNavLinkStatusVisible, + ); + this.appStartup$.next(app.id as ParentAppId); + } + + return await mount(params); + }; + } + const subApps = { [ENDPOINT_SECURITY_ID]: [ { From 0b391e117df726ed8f1114768b531fd483af3ebf Mon Sep 17 00:00:00 2001 From: Guido Modarelli Date: Tue, 21 Jan 2025 13:25:33 -0300 Subject: [PATCH 051/212] Refactor AnalysisPlugin to streamline app mount logic using a loop for improved maintainability --- plugins/wazuh-analysis/public/plugin.ts | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/plugins/wazuh-analysis/public/plugin.ts b/plugins/wazuh-analysis/public/plugin.ts index 540dd3b753..633eacff1a 100644 --- a/plugins/wazuh-analysis/public/plugin.ts +++ b/plugins/wazuh-analysis/public/plugin.ts @@ -529,10 +529,14 @@ export class AnalysisPlugin ], } satisfies Partial>; - this.setupAppMounts(subApps, ENDPOINT_SECURITY_ID, core, applications); - this.setupAppMounts(subApps, THREAT_INTELLIGENCE_ID, core, applications); - this.setupAppMounts(subApps, SECURITY_OPERATIONS_ID, core, applications); - this.setupAppMounts(subApps, CLOUD_SECURITY_ID, core, applications); + for (const parentAppId of Object.keys(subApps)) { + this.setupAppMounts( + subApps, + parentAppId as ParentAppId, + core, + applications, + ); + } for (const app of applications) { core.application.register(app); From 059d801e4c29825f237158e4cd5ea0d6a0934db6 Mon Sep 17 00:00:00 2001 From: Guido Modarelli Date: Wed, 22 Jan 2025 10:58:31 -0300 Subject: [PATCH 052/212] Refactor AnalysisPlugin to register applications directly in setupAppMounts for improved clarity and efficiency --- plugins/wazuh-analysis/public/plugin.ts | 15 ++++----------- 1 file changed, 4 insertions(+), 11 deletions(-) diff --git a/plugins/wazuh-analysis/public/plugin.ts b/plugins/wazuh-analysis/public/plugin.ts index 633eacff1a..3f46eaecd3 100644 --- a/plugins/wazuh-analysis/public/plugin.ts +++ b/plugins/wazuh-analysis/public/plugin.ts @@ -348,6 +348,8 @@ export class AnalysisPlugin return await mount(params); }; + + core.application.register(app); } const subApps = { @@ -530,24 +532,15 @@ export class AnalysisPlugin } satisfies Partial>; for (const parentAppId of Object.keys(subApps)) { - this.setupAppMounts( - subApps, - parentAppId as ParentAppId, - core, - applications, - ); + this.setupAppMounts(subApps, parentAppId as ParentAppId, core); } - for (const app of applications) { - core.application.register(app); - } } private setupAppMounts( subApps: Partial>, navGroupId: ParentAppId, core: CoreSetup, - applications: App[], ) { for (const app of subApps[navGroupId] ?? []) { const mount = app.mount.bind(app) as AppMount; @@ -570,7 +563,7 @@ export class AnalysisPlugin }; }; - applications.push(app); + core.application.register(app); } } From 87e39c8d64ecc16d7c0eb5b37671064c8d4c2811 Mon Sep 17 00:00:00 2001 From: Guido Modarelli Date: Wed, 22 Jan 2025 11:28:14 -0300 Subject: [PATCH 053/212] Refactor AnalysisPlugin to rename navigation link visibility functions for improved clarity --- plugins/wazuh-analysis/public/plugin.ts | 13 +++++-------- 1 file changed, 5 insertions(+), 8 deletions(-) diff --git a/plugins/wazuh-analysis/public/plugin.ts b/plugins/wazuh-analysis/public/plugin.ts index 3f46eaecd3..dd40be1826 100644 --- a/plugins/wazuh-analysis/public/plugin.ts +++ b/plugins/wazuh-analysis/public/plugin.ts @@ -236,13 +236,13 @@ const NAV_GROUPS = Object.freeze({ }, } satisfies Partial>); -function makeNavLinkStatusVisible(): Partial { +function setNavLinkVisible(): Partial { return { navLinkStatus: AppNavLinkStatus.visible, }; } -function makeNavLinkStatusHidden(): Partial { +function setNavLinkHidden(): Partial { return { navLinkStatus: AppNavLinkStatus.hidden, }; @@ -340,9 +340,7 @@ export class AnalysisPlugin app.mount = async (params: AppMountParameters) => { if (core.chrome.navGroup.getNavGroupEnabled()) { - this.appStatusUpdater$[app.id as ParentAppId].next( - makeNavLinkStatusVisible, - ); + this.appStatusUpdater$[app.id as ParentAppId].next(setNavLinkVisible); this.appStartup$.next(app.id as ParentAppId); } @@ -534,7 +532,6 @@ export class AnalysisPlugin for (const parentAppId of Object.keys(subApps)) { this.setupAppMounts(subApps, parentAppId as ParentAppId, core); } - } private setupAppMounts( @@ -547,14 +544,14 @@ export class AnalysisPlugin app.mount = async (params: AppMountParameters) => { if (core.chrome.navGroup.getNavGroupEnabled()) { - this.appStatusUpdater$[navGroupId].next(makeNavLinkStatusVisible); + this.appStatusUpdater$[navGroupId].next(setNavLinkVisible); } const unmount = await mount(params); return () => { if (core.chrome.navGroup.getNavGroupEnabled()) { - this.appStatusUpdater$[navGroupId].next(makeNavLinkStatusHidden); + this.appStatusUpdater$[navGroupId].next(setNavLinkHidden); } unmount(); From 9c2e331bf883af234d30cd2596b0155896e57347 Mon Sep 17 00:00:00 2001 From: Guido Modarelli Date: Wed, 22 Jan 2025 11:45:02 -0300 Subject: [PATCH 054/212] Add global search functionality for navigation pages in AnalysisPlugin --- .../public/components/page-item.tsx | 80 ++++++++++++++++++ .../components/search-pages-command.tsx | 83 +++++++++++++++++++ plugins/wazuh-analysis/public/plugin.ts | 17 ++++ 3 files changed, 180 insertions(+) create mode 100644 plugins/wazuh-analysis/public/components/page-item.tsx create mode 100644 plugins/wazuh-analysis/public/components/search-pages-command.tsx diff --git a/plugins/wazuh-analysis/public/components/page-item.tsx b/plugins/wazuh-analysis/public/components/page-item.tsx new file mode 100644 index 0000000000..43052f3fea --- /dev/null +++ b/plugins/wazuh-analysis/public/components/page-item.tsx @@ -0,0 +1,80 @@ +import { + EuiBreadcrumb, + EuiFlexGroup, + EuiFlexItem, + EuiHighlight, + EuiIcon, + EuiSimplifiedBreadcrumbs, +} from '@elastic/eui'; +import { + ChromeNavLink, + ChromeRegistrationNavLink, + CoreStart, + NavGroupItemInMap, +} from 'opensearch-dashboards/public'; +import React from 'react'; + +interface Props { + key: React.Key; + link: ChromeRegistrationNavLink & + ChromeNavLink & { navGroup: NavGroupItemInMap }; + coreStart: CoreStart; + search: string; + callback?: () => void; +} + +export const GlobalSearchPageItem = ({ + key, + link, + coreStart, + search, + callback, +}: Props) => { + const breadcrumbs: EuiBreadcrumb[] = []; + const navGroupElement = (navGroup: NavGroupItemInMap) => ( + + {navGroup.icon && ( + + + + )} + + + {navGroup.title} + + + + ); + + breadcrumbs.push({ text: navGroupElement(link.navGroup) }); + + const onNavItemClick = () => { + callback?.(); + coreStart.chrome.navGroup.setCurrentNavGroup(link.navGroup.id); + coreStart.application.navigateToApp(link.id); + }; + + breadcrumbs.push({ + text: ( + + {link.title} + + ), + onClick: () => {}, + }); + + return ( + + ); +}; diff --git a/plugins/wazuh-analysis/public/components/search-pages-command.tsx b/plugins/wazuh-analysis/public/components/search-pages-command.tsx new file mode 100644 index 0000000000..f6f789dbe0 --- /dev/null +++ b/plugins/wazuh-analysis/public/components/search-pages-command.tsx @@ -0,0 +1,83 @@ +import { + ChromeNavLink, + ChromeRegistrationNavLink, + CoreStart, +} from 'opensearch-dashboards/public'; +import { first } from 'rxjs/operators'; +import React, { ReactNode } from 'react'; +import { GlobalSearchPageItem } from './page-item'; + +function match(title: string | undefined, query: string) { + return title && title.toLowerCase().includes(query.toLowerCase()); +} + +export const searchPages = async ( + query: string, + applicationIds: string[], + coreStart?: CoreStart, + callback?: () => void, +): Promise => { + if (!coreStart) { + return []; + } + + const navGroupMap = await coreStart.chrome.navGroup + .getNavGroupsMap$() + .pipe(first()) + .toPromise(); + const searchResult = applicationIds.flatMap(useCaseId => { + const navGroup = navGroupMap[useCaseId]; + + if (!navGroup) { + return []; + } + + const links = navGroup.navLinks as (ChromeRegistrationNavLink & + ChromeNavLink)[]; + // parent nav links are not clickable + const parentNavLinkIds = new Set( + links.map(link => link.parentNavLinkId).filter(link => !!link), + ); + + return links + .filter(link => { + const title = link.title; + let parentNavLinkTitle = ''; + + // parent title also taken into consideration for search its sub items + if (link.parentNavLinkId) { + parentNavLinkTitle = + navGroup.navLinks.find( + navLink => navLink.id === link.parentNavLinkId, + )?.title ?? ''; + } + + const navGroupTitleMatch = match(navGroup.title, query); + const titleMatch = match(title, query); + const parentTitleMatch = match(parentNavLinkTitle, query); + + return ( + !link.disabled && + (navGroupTitleMatch || titleMatch || parentTitleMatch) && + !parentNavLinkIds.has(link.id) + ); + }) + .map(link => ({ + ...link, + navGroup, + })); + }); + const pages = searchResult + .slice(0, 10) + .map(link => ( + + )); + + return pages; +}; diff --git a/plugins/wazuh-analysis/public/plugin.ts b/plugins/wazuh-analysis/public/plugin.ts index dd40be1826..c5a932d5a4 100644 --- a/plugins/wazuh-analysis/public/plugin.ts +++ b/plugins/wazuh-analysis/public/plugin.ts @@ -19,6 +19,7 @@ import { } from '../../../src/core/public'; import { NavigationPublicPluginStart } from '../../../src/plugins/navigation/public'; import { AnalysisSetup, AnalysisStart } from './types'; +import { searchPages } from './components/search-pages-command'; interface AnalysisSetupDependencies {} @@ -281,6 +282,7 @@ export class AnalysisPlugin implements Plugin { + private coreStart?: CoreStart; private readonly appStartup$ = new Subject(); private readonly appStatusUpdater$ = { [ENDPOINT_SECURITY_ID]: new Subject(), @@ -350,6 +352,20 @@ export class AnalysisPlugin core.application.register(app); } + if (core.chrome.navGroup.getNavGroupEnabled()) { + core.chrome.globalSearch.registerSearchCommand({ + id: 'analysis', + type: 'PAGES', + run: async (query: string, done?: () => void) => + searchPages( + query, + applications.map(app => app.id), + this.coreStart, + done, + ), + }); + } + const subApps = { [ENDPOINT_SECURITY_ID]: [ { @@ -711,6 +727,7 @@ export class AnalysisPlugin core: CoreStart, _plugins: AnalysisStartDependencies, ): AnalysisStart | Promise { + this.coreStart = core; this.subscribeToAppStartup(core); return {}; From 858e6015d137a154ffff5f7d7b83450abb011974 Mon Sep 17 00:00:00 2001 From: Guido Modarelli Date: Wed, 22 Jan 2025 11:45:44 -0300 Subject: [PATCH 055/212] Rename global search command ID in AnalysisPlugin for consistency --- plugins/wazuh-analysis/public/plugin.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/plugins/wazuh-analysis/public/plugin.ts b/plugins/wazuh-analysis/public/plugin.ts index c5a932d5a4..48c9fea193 100644 --- a/plugins/wazuh-analysis/public/plugin.ts +++ b/plugins/wazuh-analysis/public/plugin.ts @@ -354,7 +354,7 @@ export class AnalysisPlugin if (core.chrome.navGroup.getNavGroupEnabled()) { core.chrome.globalSearch.registerSearchCommand({ - id: 'analysis', + id: 'wz-analysis', type: 'PAGES', run: async (query: string, done?: () => void) => searchPages( From 503f9b1880320861a83034df5a5a7a3f668770e6 Mon Sep 17 00:00:00 2001 From: Guido Modarelli Date: Wed, 22 Jan 2025 12:31:41 -0300 Subject: [PATCH 056/212] Rename search pages command file for improved organization and clarity --- .../global-search-page-item.tsx} | 0 .../components/{ => global_search}/search-pages-command.tsx | 2 +- 2 files changed, 1 insertion(+), 1 deletion(-) rename plugins/wazuh-analysis/public/components/{page-item.tsx => global_search/global-search-page-item.tsx} (100%) rename plugins/wazuh-analysis/public/components/{ => global_search}/search-pages-command.tsx (96%) diff --git a/plugins/wazuh-analysis/public/components/page-item.tsx b/plugins/wazuh-analysis/public/components/global_search/global-search-page-item.tsx similarity index 100% rename from plugins/wazuh-analysis/public/components/page-item.tsx rename to plugins/wazuh-analysis/public/components/global_search/global-search-page-item.tsx diff --git a/plugins/wazuh-analysis/public/components/search-pages-command.tsx b/plugins/wazuh-analysis/public/components/global_search/search-pages-command.tsx similarity index 96% rename from plugins/wazuh-analysis/public/components/search-pages-command.tsx rename to plugins/wazuh-analysis/public/components/global_search/search-pages-command.tsx index f6f789dbe0..5f66e70f20 100644 --- a/plugins/wazuh-analysis/public/components/search-pages-command.tsx +++ b/plugins/wazuh-analysis/public/components/global_search/search-pages-command.tsx @@ -5,7 +5,7 @@ import { } from 'opensearch-dashboards/public'; import { first } from 'rxjs/operators'; import React, { ReactNode } from 'react'; -import { GlobalSearchPageItem } from './page-item'; +import { GlobalSearchPageItem } from './global-search-page-item'; function match(title: string | undefined, query: string) { return title && title.toLowerCase().includes(query.toLowerCase()); From 630dcb47802d564b705a1c9c8facf3ebc1117a5e Mon Sep 17 00:00:00 2001 From: Guido Modarelli Date: Wed, 22 Jan 2025 12:32:02 -0300 Subject: [PATCH 057/212] Move search pages command import to global search directory for improved organization --- plugins/wazuh-analysis/public/plugin.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/plugins/wazuh-analysis/public/plugin.ts b/plugins/wazuh-analysis/public/plugin.ts index 48c9fea193..e020fee60e 100644 --- a/plugins/wazuh-analysis/public/plugin.ts +++ b/plugins/wazuh-analysis/public/plugin.ts @@ -19,7 +19,7 @@ import { } from '../../../src/core/public'; import { NavigationPublicPluginStart } from '../../../src/plugins/navigation/public'; import { AnalysisSetup, AnalysisStart } from './types'; -import { searchPages } from './components/search-pages-command'; +import { searchPages } from './components/global_search/search-pages-command'; interface AnalysisSetupDependencies {} From 7b01f9ba32f70fb4312ab6079ce5d5fb4939688e Mon Sep 17 00:00:00 2001 From: Guido Modarelli Date: Wed, 22 Jan 2025 16:08:31 -0300 Subject: [PATCH 058/212] Rename function generateSubAppId to buildSubAppId for improved clarity --- plugins/wazuh-analysis/public/plugin.ts | 33 +++++++++++-------------- 1 file changed, 15 insertions(+), 18 deletions(-) diff --git a/plugins/wazuh-analysis/public/plugin.ts b/plugins/wazuh-analysis/public/plugin.ts index e020fee60e..994594c621 100644 --- a/plugins/wazuh-analysis/public/plugin.ts +++ b/plugins/wazuh-analysis/public/plugin.ts @@ -35,7 +35,7 @@ interface AnalysisStartDependencies { * @param {string} subAppId - The `subAppId` parameter is a string representing the * ID of a sub-application within a parent application. */ -function generateSubAppId(parentAppId: string, subAppId: string) { +function buildSubAppId(parentAppId: string, subAppId: string) { return `${parentAppId}_${encodeURIComponent(`/${subAppId}`)}`; } @@ -51,41 +51,38 @@ type ParentAppId = | typeof SECURITY_OPERATIONS_ID | typeof CLOUD_SECURITY_ID; -const CONFIGURATION_ASSESSMENT_ID = generateSubAppId( +const CONFIGURATION_ASSESSMENT_ID = buildSubAppId( ENDPOINT_SECURITY_ID, 'configuration_assessment', ); -const MALWARE_DETECTION_ID = generateSubAppId( +const MALWARE_DETECTION_ID = buildSubAppId( ENDPOINT_SECURITY_ID, 'malware_detection', ); -const FIM_ID = generateSubAppId(ENDPOINT_SECURITY_ID, 'fim'); -const THREAT_HUNTING_ID = generateSubAppId( +const FIM_ID = buildSubAppId(ENDPOINT_SECURITY_ID, 'fim'); +const THREAT_HUNTING_ID = buildSubAppId( THREAT_INTELLIGENCE_ID, 'threat_hunting', ); -const VULNERABILITY_DETECTION_ID = generateSubAppId( +const VULNERABILITY_DETECTION_ID = buildSubAppId( THREAT_INTELLIGENCE_ID, 'vulnerability_detection', ); -const MITRE_ATTACK_ID = generateSubAppId( - THREAT_INTELLIGENCE_ID, - 'mitre_attack', -); -const REGULATORY_COMPLIANCE_ID = generateSubAppId( +const MITRE_ATTACK_ID = buildSubAppId(THREAT_INTELLIGENCE_ID, 'mitre_attack'); +const REGULATORY_COMPLIANCE_ID = buildSubAppId( SECURITY_OPERATIONS_ID, 'regulatory_compliance', ); -const IT_HYGIENE_ID = generateSubAppId(SECURITY_OPERATIONS_ID, 'it_hygiene'); -const INCIDENT_RESPONSE_ID = generateSubAppId( +const IT_HYGIENE_ID = buildSubAppId(SECURITY_OPERATIONS_ID, 'it_hygiene'); +const INCIDENT_RESPONSE_ID = buildSubAppId( SECURITY_OPERATIONS_ID, 'incident_response', ); -const DOCKER_ID = generateSubAppId(CLOUD_SECURITY_ID, 'docker'); -const AWS_ID = generateSubAppId(CLOUD_SECURITY_ID, 'aws'); -const GOOGLE_CLOUD_ID = generateSubAppId(CLOUD_SECURITY_ID, 'google_cloud'); -const GITHUB_ID = generateSubAppId(CLOUD_SECURITY_ID, 'github'); -const OFFICE365_ID = generateSubAppId(CLOUD_SECURITY_ID, 'office365'); +const DOCKER_ID = buildSubAppId(CLOUD_SECURITY_ID, 'docker'); +const AWS_ID = buildSubAppId(CLOUD_SECURITY_ID, 'aws'); +const GOOGLE_CLOUD_ID = buildSubAppId(CLOUD_SECURITY_ID, 'google_cloud'); +const GITHUB_ID = buildSubAppId(CLOUD_SECURITY_ID, 'github'); +const OFFICE365_ID = buildSubAppId(CLOUD_SECURITY_ID, 'office365'); const TRANSLATION_MESSAGES = Object.freeze({ ANALYSIS_PLUGIN_TITLE: i18n.translate('analysis.title', { defaultMessage: 'Analysis', From 6ddf2c09b64da40f2d590457433f3b55788363ae Mon Sep 17 00:00:00 2001 From: Guido Modarelli Date: Wed, 22 Jan 2025 16:14:18 -0300 Subject: [PATCH 059/212] Add internationalization support for Analysis Plugin title --- plugins/wazuh-analysis/common/i18n.ts | 8 ++++++++ 1 file changed, 8 insertions(+) create mode 100644 plugins/wazuh-analysis/common/i18n.ts diff --git a/plugins/wazuh-analysis/common/i18n.ts b/plugins/wazuh-analysis/common/i18n.ts new file mode 100644 index 0000000000..f9f29db6e2 --- /dev/null +++ b/plugins/wazuh-analysis/common/i18n.ts @@ -0,0 +1,8 @@ +import { i18n } from '@osd/i18n'; + +export const ANALYSIS_PLUGIN_TITLE = i18n.translate( + 'wazuhAnalysisanalysis.title', + { + defaultMessage: 'Analysis', + }, +); From b131df7ce64567610ccbcc7c4b0b2266a95e754e Mon Sep 17 00:00:00 2001 From: Guido Modarelli Date: Wed, 22 Jan 2025 16:15:09 -0300 Subject: [PATCH 060/212] Add constants file and export PLUGIN_ID for analysis plugin --- plugins/wazuh-analysis/common/constants.ts | 1 + plugins/wazuh-analysis/public/plugin.ts | 1 + 2 files changed, 2 insertions(+) create mode 100644 plugins/wazuh-analysis/common/constants.ts diff --git a/plugins/wazuh-analysis/common/constants.ts b/plugins/wazuh-analysis/common/constants.ts new file mode 100644 index 0000000000..3ad1e45e32 --- /dev/null +++ b/plugins/wazuh-analysis/common/constants.ts @@ -0,0 +1 @@ +export const PLUGIN_ID = 'analysis'; diff --git a/plugins/wazuh-analysis/public/plugin.ts b/plugins/wazuh-analysis/public/plugin.ts index 994594c621..3a5f2e3586 100644 --- a/plugins/wazuh-analysis/public/plugin.ts +++ b/plugins/wazuh-analysis/public/plugin.ts @@ -18,6 +18,7 @@ import { DEFAULT_NAV_GROUPS, } from '../../../src/core/public'; import { NavigationPublicPluginStart } from '../../../src/plugins/navigation/public'; +import { PLUGIN_ID } from '../common/constants'; import { AnalysisSetup, AnalysisStart } from './types'; import { searchPages } from './components/global_search/search-pages-command'; From ee1c2adaea0198b875561cf73bbb335281488cc4 Mon Sep 17 00:00:00 2001 From: Guido Modarelli Date: Wed, 22 Jan 2025 16:15:57 -0300 Subject: [PATCH 061/212] Remove redundant PLUGIN_ID constant from analysis plugin --- plugins/wazuh-analysis/public/plugin.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/plugins/wazuh-analysis/public/plugin.ts b/plugins/wazuh-analysis/public/plugin.ts index 3a5f2e3586..ed5486b607 100644 --- a/plugins/wazuh-analysis/public/plugin.ts +++ b/plugins/wazuh-analysis/public/plugin.ts @@ -20,6 +20,7 @@ import { import { NavigationPublicPluginStart } from '../../../src/plugins/navigation/public'; import { PLUGIN_ID } from '../common/constants'; import { AnalysisSetup, AnalysisStart } from './types'; +import { CATEGORY } from './applications/category'; import { searchPages } from './components/global_search/search-pages-command'; interface AnalysisSetupDependencies {} @@ -40,7 +41,6 @@ function buildSubAppId(parentAppId: string, subAppId: string) { return `${parentAppId}_${encodeURIComponent(`/${subAppId}`)}`; } -const PLUGIN_ID = 'analysis'; const ENDPOINT_SECURITY_ID = 'endpoint_security'; const THREAT_INTELLIGENCE_ID = 'threat_intelligence'; const SECURITY_OPERATIONS_ID = 'security_operations'; From 4705206eddb3361be1c7e80051239b837c5fde65 Mon Sep 17 00:00:00 2001 From: Guido Modarelli Date: Wed, 22 Jan 2025 16:16:43 -0300 Subject: [PATCH 062/212] Add CATEGORY constant for analysis plugin with internationalization support --- plugins/wazuh-analysis/public/applications/category.ts | 9 +++++++++ plugins/wazuh-analysis/public/plugin.ts | 6 ------ 2 files changed, 9 insertions(+), 6 deletions(-) create mode 100644 plugins/wazuh-analysis/public/applications/category.ts diff --git a/plugins/wazuh-analysis/public/applications/category.ts b/plugins/wazuh-analysis/public/applications/category.ts new file mode 100644 index 0000000000..c67fb989fd --- /dev/null +++ b/plugins/wazuh-analysis/public/applications/category.ts @@ -0,0 +1,9 @@ +import { AppCategory } from 'opensearch-dashboards/public'; +import { PLUGIN_ID } from '../../common/constants'; +import { ANALYSIS_PLUGIN_TITLE } from '../../common/i18n'; + +export const CATEGORY: AppCategory = Object.freeze({ + id: PLUGIN_ID, + label: ANALYSIS_PLUGIN_TITLE, + order: 5000, +}); diff --git a/plugins/wazuh-analysis/public/plugin.ts b/plugins/wazuh-analysis/public/plugin.ts index ed5486b607..9c04cf18ce 100644 --- a/plugins/wazuh-analysis/public/plugin.ts +++ b/plugins/wazuh-analysis/public/plugin.ts @@ -1,6 +1,5 @@ import { i18n } from '@osd/i18n'; import { - AppCategory, AppMount, AppMountParameters, AppUpdater, @@ -207,11 +206,6 @@ const TRANSLATION_MESSAGES = Object.freeze({ defaultMessage: 'Office 365', }), }); -const CATEGORY: AppCategory = Object.freeze({ - id: PLUGIN_ID, - label: TRANSLATION_MESSAGES.ANALYSIS_PLUGIN_TITLE, - order: 5000, -}); const NAV_GROUPS = Object.freeze({ [ENDPOINT_SECURITY_ID]: { id: ENDPOINT_SECURITY_ID, From 07e20ddbf0de08264ba850268f1bf94ef77fbf07 Mon Sep 17 00:00:00 2001 From: Guido Modarelli Date: Wed, 22 Jan 2025 16:19:27 -0300 Subject: [PATCH 063/212] Add Endpoint Security application with internationalization support --- .../endpoint-security/endpoint-security.ts | 26 +++++++++++++++++++ plugins/wazuh-analysis/public/plugin.ts | 15 ++++------- 2 files changed, 31 insertions(+), 10 deletions(-) create mode 100644 plugins/wazuh-analysis/public/applications/endpoint-security/endpoint-security.ts diff --git a/plugins/wazuh-analysis/public/applications/endpoint-security/endpoint-security.ts b/plugins/wazuh-analysis/public/applications/endpoint-security/endpoint-security.ts new file mode 100644 index 0000000000..a4b5c7e6c4 --- /dev/null +++ b/plugins/wazuh-analysis/public/applications/endpoint-security/endpoint-security.ts @@ -0,0 +1,26 @@ +import { i18n } from '@osd/i18n'; +import { + App, + AppMountParameters, + CoreSetup, +} from 'opensearch-dashboards/public'; +import { CATEGORY } from '../category'; +import { PLUGIN_ID } from '../../../common/constants'; + +export const ENDPOINT_SECURITY_ID = 'endpoint_security'; +export const ENDPOINT_SECURITY_TITLE = i18n.translate( + `${PLUGIN_ID}.category.${ENDPOINT_SECURITY_ID}`, + { + defaultMessage: 'Endpoint Security', + }, +); + +export const EndpointSecurityApp = (_core: CoreSetup): App => ({ + id: ENDPOINT_SECURITY_ID, + title: ENDPOINT_SECURITY_TITLE, + category: CATEGORY, + mount: + async (_params: AppMountParameters) => + // TODO: Implement the endpoint security landing page + () => {}, +}); diff --git a/plugins/wazuh-analysis/public/plugin.ts b/plugins/wazuh-analysis/public/plugin.ts index 9c04cf18ce..69aab696aa 100644 --- a/plugins/wazuh-analysis/public/plugin.ts +++ b/plugins/wazuh-analysis/public/plugin.ts @@ -20,6 +20,10 @@ import { NavigationPublicPluginStart } from '../../../src/plugins/navigation/pub import { PLUGIN_ID } from '../common/constants'; import { AnalysisSetup, AnalysisStart } from './types'; import { CATEGORY } from './applications/category'; +import { + ENDPOINT_SECURITY_ID, + EndpointSecurityApp, +} from './applications/endpoint-security/endpoint-security'; import { searchPages } from './components/global_search/search-pages-command'; interface AnalysisSetupDependencies {} @@ -40,7 +44,6 @@ function buildSubAppId(parentAppId: string, subAppId: string) { return `${parentAppId}_${encodeURIComponent(`/${subAppId}`)}`; } -const ENDPOINT_SECURITY_ID = 'endpoint_security'; const THREAT_INTELLIGENCE_ID = 'threat_intelligence'; const SECURITY_OPERATIONS_ID = 'security_operations'; const CLOUD_SECURITY_ID = 'cloud_security'; @@ -285,15 +288,7 @@ export class AnalysisPlugin private registerApps(core: CoreSetup) { const applications: App[] = [ - { - id: ENDPOINT_SECURITY_ID, - title: TRANSLATION_MESSAGES.ENDPOINT_SECURITY_TITLE, - category: CATEGORY, - mount: - async (_params: AppMountParameters) => - // TODO: Implement the endpoint security landing page - () => {}, - }, + EndpointSecurityApp(core), { id: THREAT_INTELLIGENCE_ID, title: TRANSLATION_MESSAGES.THREAT_INTELLIGENCE_TITLE, From 6e51e5c660b1e2c835382524d2c785fd52bca207 Mon Sep 17 00:00:00 2001 From: Guido Modarelli Date: Wed, 22 Jan 2025 16:31:10 -0300 Subject: [PATCH 064/212] Refactor analysis plugin constants and remove redundant i18n file --- plugins/wazuh-analysis/common/constants.ts | 8 ++++++++ plugins/wazuh-analysis/common/i18n.ts | 8 -------- plugins/wazuh-analysis/public/applications/category.ts | 3 +-- plugins/wazuh-analysis/public/plugin.ts | 3 --- 4 files changed, 9 insertions(+), 13 deletions(-) delete mode 100644 plugins/wazuh-analysis/common/i18n.ts diff --git a/plugins/wazuh-analysis/common/constants.ts b/plugins/wazuh-analysis/common/constants.ts index 3ad1e45e32..e92e606729 100644 --- a/plugins/wazuh-analysis/common/constants.ts +++ b/plugins/wazuh-analysis/common/constants.ts @@ -1 +1,9 @@ +import { i18n } from '@osd/i18n'; + export const PLUGIN_ID = 'analysis'; +export const ANALYSIS_PLUGIN_TITLE = i18n.translate( + 'wazuhAnalysisanalysis.title', + { + defaultMessage: 'Analysis', + }, +); diff --git a/plugins/wazuh-analysis/common/i18n.ts b/plugins/wazuh-analysis/common/i18n.ts deleted file mode 100644 index f9f29db6e2..0000000000 --- a/plugins/wazuh-analysis/common/i18n.ts +++ /dev/null @@ -1,8 +0,0 @@ -import { i18n } from '@osd/i18n'; - -export const ANALYSIS_PLUGIN_TITLE = i18n.translate( - 'wazuhAnalysisanalysis.title', - { - defaultMessage: 'Analysis', - }, -); diff --git a/plugins/wazuh-analysis/public/applications/category.ts b/plugins/wazuh-analysis/public/applications/category.ts index c67fb989fd..f09e6e802c 100644 --- a/plugins/wazuh-analysis/public/applications/category.ts +++ b/plugins/wazuh-analysis/public/applications/category.ts @@ -1,6 +1,5 @@ import { AppCategory } from 'opensearch-dashboards/public'; -import { PLUGIN_ID } from '../../common/constants'; -import { ANALYSIS_PLUGIN_TITLE } from '../../common/i18n'; +import { ANALYSIS_PLUGIN_TITLE, PLUGIN_ID } from '../../common/constants'; export const CATEGORY: AppCategory = Object.freeze({ id: PLUGIN_ID, diff --git a/plugins/wazuh-analysis/public/plugin.ts b/plugins/wazuh-analysis/public/plugin.ts index 69aab696aa..fee5680574 100644 --- a/plugins/wazuh-analysis/public/plugin.ts +++ b/plugins/wazuh-analysis/public/plugin.ts @@ -87,9 +87,6 @@ const GOOGLE_CLOUD_ID = buildSubAppId(CLOUD_SECURITY_ID, 'google_cloud'); const GITHUB_ID = buildSubAppId(CLOUD_SECURITY_ID, 'github'); const OFFICE365_ID = buildSubAppId(CLOUD_SECURITY_ID, 'office365'); const TRANSLATION_MESSAGES = Object.freeze({ - ANALYSIS_PLUGIN_TITLE: i18n.translate('analysis.title', { - defaultMessage: 'Analysis', - }), ENDPOINT_SECURITY_TITLE: i18n.translate( `${PLUGIN_ID}.category.${ENDPOINT_SECURITY_ID}`, { From 8d186b6b74a45c99418190d37f2f9793239fb8c2 Mon Sep 17 00:00:00 2001 From: Guido Modarelli Date: Wed, 22 Jan 2025 16:32:25 -0300 Subject: [PATCH 065/212] Add description constant for Endpoint Security and update references --- .../endpoint-security/endpoint-security.ts | 7 +++++++ plugins/wazuh-analysis/public/plugin.ts | 21 +++++-------------- 2 files changed, 12 insertions(+), 16 deletions(-) diff --git a/plugins/wazuh-analysis/public/applications/endpoint-security/endpoint-security.ts b/plugins/wazuh-analysis/public/applications/endpoint-security/endpoint-security.ts index a4b5c7e6c4..2753642aa2 100644 --- a/plugins/wazuh-analysis/public/applications/endpoint-security/endpoint-security.ts +++ b/plugins/wazuh-analysis/public/applications/endpoint-security/endpoint-security.ts @@ -14,6 +14,13 @@ export const ENDPOINT_SECURITY_TITLE = i18n.translate( defaultMessage: 'Endpoint Security', }, ); +export const ENDPOINT_SECURITY_DESCRIPTION = i18n.translate( + `${PLUGIN_ID}.category.${ENDPOINT_SECURITY_ID}.description`, + { + defaultMessage: + 'Advanced monitoring and protection for devices against security threats.', + }, +); export const EndpointSecurityApp = (_core: CoreSetup): App => ({ id: ENDPOINT_SECURITY_ID, diff --git a/plugins/wazuh-analysis/public/plugin.ts b/plugins/wazuh-analysis/public/plugin.ts index fee5680574..31bc246458 100644 --- a/plugins/wazuh-analysis/public/plugin.ts +++ b/plugins/wazuh-analysis/public/plugin.ts @@ -22,6 +22,8 @@ import { AnalysisSetup, AnalysisStart } from './types'; import { CATEGORY } from './applications/category'; import { ENDPOINT_SECURITY_ID, + ENDPOINT_SECURITY_TITLE, + ENDPOINT_SECURITY_DESCRIPTION, EndpointSecurityApp, } from './applications/endpoint-security/endpoint-security'; import { searchPages } from './components/global_search/search-pages-command'; @@ -87,19 +89,6 @@ const GOOGLE_CLOUD_ID = buildSubAppId(CLOUD_SECURITY_ID, 'google_cloud'); const GITHUB_ID = buildSubAppId(CLOUD_SECURITY_ID, 'github'); const OFFICE365_ID = buildSubAppId(CLOUD_SECURITY_ID, 'office365'); const TRANSLATION_MESSAGES = Object.freeze({ - ENDPOINT_SECURITY_TITLE: i18n.translate( - `${PLUGIN_ID}.category.${ENDPOINT_SECURITY_ID}`, - { - defaultMessage: 'Endpoint Security', - }, - ), - ENDPOINT_SECURITY_DESCRIPTION: i18n.translate( - `${PLUGIN_ID}.category.${ENDPOINT_SECURITY_ID}.description`, - { - defaultMessage: - 'Advanced monitoring and protection for devices against security threats.', - }, - ), THREAT_INTELLIGENCE_TITLE: i18n.translate( `${PLUGIN_ID}.category.${THREAT_INTELLIGENCE_ID}`, { @@ -209,8 +198,8 @@ const TRANSLATION_MESSAGES = Object.freeze({ const NAV_GROUPS = Object.freeze({ [ENDPOINT_SECURITY_ID]: { id: ENDPOINT_SECURITY_ID, - title: TRANSLATION_MESSAGES.ENDPOINT_SECURITY_TITLE, - description: TRANSLATION_MESSAGES.ENDPOINT_SECURITY_DESCRIPTION, + title: ENDPOINT_SECURITY_TITLE, + description: ENDPOINT_SECURITY_DESCRIPTION, }, [THREAT_INTELLIGENCE_ID]: { id: THREAT_INTELLIGENCE_ID, @@ -656,7 +645,7 @@ export class AnalysisPlugin core.chrome.navGroup.addNavLinksToGroup(DEFAULT_NAV_GROUPS.all, [ { id: ENDPOINT_SECURITY_ID, - title: TRANSLATION_MESSAGES.ENDPOINT_SECURITY_TITLE, + title: ENDPOINT_SECURITY_TITLE, order: 0, category: CATEGORY, }, From 8bb9efd13890796cd56984f4e9857d360b266d4b Mon Sep 17 00:00:00 2001 From: Guido Modarelli Date: Wed, 22 Jan 2025 16:33:49 -0300 Subject: [PATCH 066/212] Add Threat Intelligence application with internationalization support --- .../threat-intelligence.ts | 17 ++++++++++++ plugins/wazuh-analysis/public/plugin.ts | 27 +++++++------------ 2 files changed, 26 insertions(+), 18 deletions(-) create mode 100644 plugins/wazuh-analysis/public/applications/threat-intelligence/threat-intelligence.ts diff --git a/plugins/wazuh-analysis/public/applications/threat-intelligence/threat-intelligence.ts b/plugins/wazuh-analysis/public/applications/threat-intelligence/threat-intelligence.ts new file mode 100644 index 0000000000..b8d7ddc053 --- /dev/null +++ b/plugins/wazuh-analysis/public/applications/threat-intelligence/threat-intelligence.ts @@ -0,0 +1,17 @@ +import { i18n } from '@osd/i18n'; +import { PLUGIN_ID } from '../../../common/constants'; + +export const THREAT_INTELLIGENCE_ID = 'threat_intelligence'; +export const THREAT_INTELLIGENCE_TITLE = i18n.translate( + `${PLUGIN_ID}.category.${THREAT_INTELLIGENCE_ID}`, + { + defaultMessage: 'Threat Intelligence', + }, +); +export const THREAT_INTELLIGENCE_DESCRIPTION = i18n.translate( + `${PLUGIN_ID}.category.${THREAT_INTELLIGENCE_ID}.description`, + { + defaultMessage: + 'Collect and analyze information about potential threats to inform security decisions.', + }, +); diff --git a/plugins/wazuh-analysis/public/plugin.ts b/plugins/wazuh-analysis/public/plugin.ts index 31bc246458..3c7ef9bfc8 100644 --- a/plugins/wazuh-analysis/public/plugin.ts +++ b/plugins/wazuh-analysis/public/plugin.ts @@ -27,6 +27,11 @@ import { EndpointSecurityApp, } from './applications/endpoint-security/endpoint-security'; import { searchPages } from './components/global_search/search-pages-command'; +import { + THREAT_INTELLIGENCE_ID, + THREAT_INTELLIGENCE_TITLE, + THREAT_INTELLIGENCE_DESCRIPTION, +} from './applications/threat-intelligence/threat-intelligence'; interface AnalysisSetupDependencies {} @@ -46,7 +51,6 @@ function buildSubAppId(parentAppId: string, subAppId: string) { return `${parentAppId}_${encodeURIComponent(`/${subAppId}`)}`; } -const THREAT_INTELLIGENCE_ID = 'threat_intelligence'; const SECURITY_OPERATIONS_ID = 'security_operations'; const CLOUD_SECURITY_ID = 'cloud_security'; @@ -89,19 +93,6 @@ const GOOGLE_CLOUD_ID = buildSubAppId(CLOUD_SECURITY_ID, 'google_cloud'); const GITHUB_ID = buildSubAppId(CLOUD_SECURITY_ID, 'github'); const OFFICE365_ID = buildSubAppId(CLOUD_SECURITY_ID, 'office365'); const TRANSLATION_MESSAGES = Object.freeze({ - THREAT_INTELLIGENCE_TITLE: i18n.translate( - `${PLUGIN_ID}.category.${THREAT_INTELLIGENCE_ID}`, - { - defaultMessage: 'Threat Intelligence', - }, - ), - THREAT_INTELLIGENCE_DESCRIPTION: i18n.translate( - `${PLUGIN_ID}.category.${THREAT_INTELLIGENCE_ID}.description`, - { - defaultMessage: - 'Collect and analyze information about potential threats to inform security decisions.', - }, - ), SECURITY_OPERATIONS_TITLE: i18n.translate( `${PLUGIN_ID}.category.${SECURITY_OPERATIONS_ID}`, { @@ -203,8 +194,8 @@ const NAV_GROUPS = Object.freeze({ }, [THREAT_INTELLIGENCE_ID]: { id: THREAT_INTELLIGENCE_ID, - title: TRANSLATION_MESSAGES.THREAT_INTELLIGENCE_TITLE, - description: TRANSLATION_MESSAGES.THREAT_INTELLIGENCE_DESCRIPTION, + title: THREAT_INTELLIGENCE_TITLE, + description: THREAT_INTELLIGENCE_DESCRIPTION, }, [SECURITY_OPERATIONS_ID]: { id: SECURITY_OPERATIONS_ID, @@ -277,7 +268,7 @@ export class AnalysisPlugin EndpointSecurityApp(core), { id: THREAT_INTELLIGENCE_ID, - title: TRANSLATION_MESSAGES.THREAT_INTELLIGENCE_TITLE, + title: THREAT_INTELLIGENCE_TITLE, category: CATEGORY, mount: async (params: AppMountParameters) => { // TODO: Implement the threat intelligence application @@ -651,7 +642,7 @@ export class AnalysisPlugin }, { id: THREAT_INTELLIGENCE_ID, - title: TRANSLATION_MESSAGES.THREAT_INTELLIGENCE_TITLE, + title: THREAT_INTELLIGENCE_TITLE, order: 1, category: CATEGORY, }, From 1ba9e2b4ad870a8fc2fc10f262b63118f5f9e38a Mon Sep 17 00:00:00 2001 From: Guido Modarelli Date: Wed, 22 Jan 2025 16:39:31 -0300 Subject: [PATCH 067/212] Add Threat Intelligence application implementation and registration --- .../threat-intelligence/threat-intelligence.ts | 16 ++++++++++++++++ plugins/wazuh-analysis/public/plugin.ts | 13 ++----------- 2 files changed, 18 insertions(+), 11 deletions(-) diff --git a/plugins/wazuh-analysis/public/applications/threat-intelligence/threat-intelligence.ts b/plugins/wazuh-analysis/public/applications/threat-intelligence/threat-intelligence.ts index b8d7ddc053..86e9503ee5 100644 --- a/plugins/wazuh-analysis/public/applications/threat-intelligence/threat-intelligence.ts +++ b/plugins/wazuh-analysis/public/applications/threat-intelligence/threat-intelligence.ts @@ -1,5 +1,11 @@ import { i18n } from '@osd/i18n'; +import { + App, + AppMountParameters, + CoreSetup, +} from 'opensearch-dashboards/public'; import { PLUGIN_ID } from '../../../common/constants'; +import { CATEGORY } from '../category'; export const THREAT_INTELLIGENCE_ID = 'threat_intelligence'; export const THREAT_INTELLIGENCE_TITLE = i18n.translate( @@ -15,3 +21,13 @@ export const THREAT_INTELLIGENCE_DESCRIPTION = i18n.translate( 'Collect and analyze information about potential threats to inform security decisions.', }, ); + +export const ThreatIntelligenceApp = (_core: CoreSetup): App => ({ + id: THREAT_INTELLIGENCE_ID, + title: THREAT_INTELLIGENCE_TITLE, + category: CATEGORY, + mount: + async (_params: AppMountParameters) => + // TODO: Implement the threat intelligence application + () => {}, +}); diff --git a/plugins/wazuh-analysis/public/plugin.ts b/plugins/wazuh-analysis/public/plugin.ts index 3c7ef9bfc8..5894e9cee0 100644 --- a/plugins/wazuh-analysis/public/plugin.ts +++ b/plugins/wazuh-analysis/public/plugin.ts @@ -31,6 +31,7 @@ import { THREAT_INTELLIGENCE_ID, THREAT_INTELLIGENCE_TITLE, THREAT_INTELLIGENCE_DESCRIPTION, + ThreatIntelligenceApp, } from './applications/threat-intelligence/threat-intelligence'; interface AnalysisSetupDependencies {} @@ -266,17 +267,7 @@ export class AnalysisPlugin private registerApps(core: CoreSetup) { const applications: App[] = [ EndpointSecurityApp(core), - { - id: THREAT_INTELLIGENCE_ID, - title: THREAT_INTELLIGENCE_TITLE, - category: CATEGORY, - mount: async (params: AppMountParameters) => { - // TODO: Implement the threat intelligence application - const { renderApp } = await import('./application'); - - return renderApp(params, {}); - }, - }, + ThreatIntelligenceApp(core), { id: SECURITY_OPERATIONS_ID, title: TRANSLATION_MESSAGES.SECURITY_OPERATIONS_TITLE, From b0c20622111c171d85918f2e1ec88ac306c83c42 Mon Sep 17 00:00:00 2001 From: Guido Modarelli Date: Wed, 22 Jan 2025 16:52:14 -0300 Subject: [PATCH 068/212] rename application files to group directory --- .../wazuh-analysis/public/{applications => groups}/category.ts | 0 .../endpoint-security/endpoint-security.ts | 0 .../threat-intelligence/threat-intelligence.ts | 0 3 files changed, 0 insertions(+), 0 deletions(-) rename plugins/wazuh-analysis/public/{applications => groups}/category.ts (100%) rename plugins/wazuh-analysis/public/{applications => groups}/endpoint-security/endpoint-security.ts (100%) rename plugins/wazuh-analysis/public/{applications => groups}/threat-intelligence/threat-intelligence.ts (100%) diff --git a/plugins/wazuh-analysis/public/applications/category.ts b/plugins/wazuh-analysis/public/groups/category.ts similarity index 100% rename from plugins/wazuh-analysis/public/applications/category.ts rename to plugins/wazuh-analysis/public/groups/category.ts diff --git a/plugins/wazuh-analysis/public/applications/endpoint-security/endpoint-security.ts b/plugins/wazuh-analysis/public/groups/endpoint-security/endpoint-security.ts similarity index 100% rename from plugins/wazuh-analysis/public/applications/endpoint-security/endpoint-security.ts rename to plugins/wazuh-analysis/public/groups/endpoint-security/endpoint-security.ts diff --git a/plugins/wazuh-analysis/public/applications/threat-intelligence/threat-intelligence.ts b/plugins/wazuh-analysis/public/groups/threat-intelligence/threat-intelligence.ts similarity index 100% rename from plugins/wazuh-analysis/public/applications/threat-intelligence/threat-intelligence.ts rename to plugins/wazuh-analysis/public/groups/threat-intelligence/threat-intelligence.ts From f194838dcbf0807941079125a39635491b7a0636 Mon Sep 17 00:00:00 2001 From: Guido Modarelli Date: Wed, 22 Jan 2025 16:52:43 -0300 Subject: [PATCH 069/212] Refactor plugin imports to group directory structure --- plugins/wazuh-analysis/public/plugin.ts | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/plugins/wazuh-analysis/public/plugin.ts b/plugins/wazuh-analysis/public/plugin.ts index 5894e9cee0..e1467b1f26 100644 --- a/plugins/wazuh-analysis/public/plugin.ts +++ b/plugins/wazuh-analysis/public/plugin.ts @@ -19,20 +19,20 @@ import { import { NavigationPublicPluginStart } from '../../../src/plugins/navigation/public'; import { PLUGIN_ID } from '../common/constants'; import { AnalysisSetup, AnalysisStart } from './types'; -import { CATEGORY } from './applications/category'; +import { CATEGORY } from './groups/category'; import { ENDPOINT_SECURITY_ID, ENDPOINT_SECURITY_TITLE, ENDPOINT_SECURITY_DESCRIPTION, EndpointSecurityApp, -} from './applications/endpoint-security/endpoint-security'; +} from './groups/endpoint-security/endpoint-security'; import { searchPages } from './components/global_search/search-pages-command'; import { THREAT_INTELLIGENCE_ID, THREAT_INTELLIGENCE_TITLE, THREAT_INTELLIGENCE_DESCRIPTION, ThreatIntelligenceApp, -} from './applications/threat-intelligence/threat-intelligence'; +} from './groups/threat-intelligence/threat-intelligence'; interface AnalysisSetupDependencies {} From 9bde1db5154c8a8fa83e99c545aab8b80e97cf09 Mon Sep 17 00:00:00 2001 From: Guido Modarelli Date: Wed, 22 Jan 2025 17:02:11 -0300 Subject: [PATCH 070/212] Add Security Operations application implementation and registration --- .../security-operations.ts | 33 ++++++++++++++++ plugins/wazuh-analysis/public/plugin.ts | 38 +++++-------------- 2 files changed, 43 insertions(+), 28 deletions(-) create mode 100644 plugins/wazuh-analysis/public/groups/security-operations/security-operations.ts diff --git a/plugins/wazuh-analysis/public/groups/security-operations/security-operations.ts b/plugins/wazuh-analysis/public/groups/security-operations/security-operations.ts new file mode 100644 index 0000000000..66753ad33b --- /dev/null +++ b/plugins/wazuh-analysis/public/groups/security-operations/security-operations.ts @@ -0,0 +1,33 @@ +import { i18n } from '@osd/i18n'; +import { + App, + AppMountParameters, + CoreSetup, +} from 'opensearch-dashboards/public'; +import { PLUGIN_ID } from '../../../common/constants'; +import { CATEGORY } from '../category'; + +export const SECURITY_OPERATIONS_ID = 'security_operations'; +export const SECURITY_OPERATIONS_TITLE = i18n.translate( + `${PLUGIN_ID}.category.${SECURITY_OPERATIONS_ID}`, + { + defaultMessage: 'Security Operations', + }, +); +export const SECURITY_OPERATIONS_DESCRIPTION = i18n.translate( + `${PLUGIN_ID}.category.${SECURITY_OPERATIONS_ID}.description`, + { + defaultMessage: + 'Advanced monitoring and protection for devices against security threats.', + }, +); + +export const SecurityOperationsApp = (_core: CoreSetup): App => ({ + id: SECURITY_OPERATIONS_ID, + title: SECURITY_OPERATIONS_TITLE, + category: CATEGORY, + mount: + async (_params: AppMountParameters) => + // TODO: Implement the security operations application + () => {}, +}); diff --git a/plugins/wazuh-analysis/public/plugin.ts b/plugins/wazuh-analysis/public/plugin.ts index e1467b1f26..444d338d56 100644 --- a/plugins/wazuh-analysis/public/plugin.ts +++ b/plugins/wazuh-analysis/public/plugin.ts @@ -33,6 +33,12 @@ import { THREAT_INTELLIGENCE_DESCRIPTION, ThreatIntelligenceApp, } from './groups/threat-intelligence/threat-intelligence'; +import { + SECURITY_OPERATIONS_ID, + SECURITY_OPERATIONS_TITLE, + SECURITY_OPERATIONS_DESCRIPTION, + SecurityOperationsApp, +} from './groups/security-operations/security-operations'; interface AnalysisSetupDependencies {} @@ -52,7 +58,6 @@ function buildSubAppId(parentAppId: string, subAppId: string) { return `${parentAppId}_${encodeURIComponent(`/${subAppId}`)}`; } -const SECURITY_OPERATIONS_ID = 'security_operations'; const CLOUD_SECURITY_ID = 'cloud_security'; type ParentAppId = @@ -94,19 +99,6 @@ const GOOGLE_CLOUD_ID = buildSubAppId(CLOUD_SECURITY_ID, 'google_cloud'); const GITHUB_ID = buildSubAppId(CLOUD_SECURITY_ID, 'github'); const OFFICE365_ID = buildSubAppId(CLOUD_SECURITY_ID, 'office365'); const TRANSLATION_MESSAGES = Object.freeze({ - SECURITY_OPERATIONS_TITLE: i18n.translate( - `${PLUGIN_ID}.category.${SECURITY_OPERATIONS_ID}`, - { - defaultMessage: 'Security Operations', - }, - ), - SECURITY_OPERATIONS_DESCRIPTION: i18n.translate( - `${PLUGIN_ID}.category.${SECURITY_OPERATIONS_ID}.description`, - { - defaultMessage: - 'Advanced monitoring and protection for devices against security threats.', - }, - ), CLOUD_SECURITY_TITLE: i18n.translate( `${PLUGIN_ID}.category.${CLOUD_SECURITY_ID}`, { @@ -200,8 +192,8 @@ const NAV_GROUPS = Object.freeze({ }, [SECURITY_OPERATIONS_ID]: { id: SECURITY_OPERATIONS_ID, - title: TRANSLATION_MESSAGES.SECURITY_OPERATIONS_TITLE, - description: TRANSLATION_MESSAGES.SECURITY_OPERATIONS_DESCRIPTION, + title: SECURITY_OPERATIONS_TITLE, + description: SECURITY_OPERATIONS_DESCRIPTION, }, [CLOUD_SECURITY_ID]: { id: CLOUD_SECURITY_ID, @@ -268,17 +260,7 @@ export class AnalysisPlugin const applications: App[] = [ EndpointSecurityApp(core), ThreatIntelligenceApp(core), - { - id: SECURITY_OPERATIONS_ID, - title: TRANSLATION_MESSAGES.SECURITY_OPERATIONS_TITLE, - category: CATEGORY, - mount: async (params: AppMountParameters) => { - // TODO: Implement the security operations application - const { renderApp } = await import('./application'); - - return renderApp(params, {}); - }, - }, + SecurityOperationsApp(core), { id: CLOUD_SECURITY_ID, title: TRANSLATION_MESSAGES.CLOUD_SECURITY_TITLE, @@ -639,7 +621,7 @@ export class AnalysisPlugin }, { id: SECURITY_OPERATIONS_ID, - title: TRANSLATION_MESSAGES.SECURITY_OPERATIONS_TITLE, + title: SECURITY_OPERATIONS_TITLE, order: 2, category: CATEGORY, }, From 684bae9d03e5aca9bf5223dc3743a3e5fa699da5 Mon Sep 17 00:00:00 2001 From: Guido Modarelli Date: Wed, 22 Jan 2025 17:13:13 -0300 Subject: [PATCH 071/212] Add Cloud Security application implementation and internationalization support --- .../groups/cloud-security/cloud-security.ts | 17 ++++++++++++++ plugins/wazuh-analysis/public/plugin.ts | 23 +++++-------------- 2 files changed, 23 insertions(+), 17 deletions(-) create mode 100644 plugins/wazuh-analysis/public/groups/cloud-security/cloud-security.ts diff --git a/plugins/wazuh-analysis/public/groups/cloud-security/cloud-security.ts b/plugins/wazuh-analysis/public/groups/cloud-security/cloud-security.ts new file mode 100644 index 0000000000..10f6a46948 --- /dev/null +++ b/plugins/wazuh-analysis/public/groups/cloud-security/cloud-security.ts @@ -0,0 +1,17 @@ +import { i18n } from '@osd/i18n'; +import { PLUGIN_ID } from '../../../common/constants'; + +export const CLOUD_SECURITY_ID = 'cloud_security'; +export const CLOUD_SECURITY_TITLE = i18n.translate( + `${PLUGIN_ID}.category.${CLOUD_SECURITY_ID}`, + { + defaultMessage: 'Cloud Security', + }, +); +export const CLOUD_SECURITY_DESCRIPTION = i18n.translate( + `${PLUGIN_ID}.category.${CLOUD_SECURITY_ID}.description`, + { + defaultMessage: + 'Monitoring and protection for cloud environments against security threats.', + }, +); diff --git a/plugins/wazuh-analysis/public/plugin.ts b/plugins/wazuh-analysis/public/plugin.ts index 444d338d56..6f57bfd817 100644 --- a/plugins/wazuh-analysis/public/plugin.ts +++ b/plugins/wazuh-analysis/public/plugin.ts @@ -39,6 +39,10 @@ import { SECURITY_OPERATIONS_DESCRIPTION, SecurityOperationsApp, } from './groups/security-operations/security-operations'; +import { + CLOUD_SECURITY_ID, + CLOUD_SECURITY_TITLE, +} from './groups/cloud-security/cloud-security'; interface AnalysisSetupDependencies {} @@ -58,8 +62,6 @@ function buildSubAppId(parentAppId: string, subAppId: string) { return `${parentAppId}_${encodeURIComponent(`/${subAppId}`)}`; } -const CLOUD_SECURITY_ID = 'cloud_security'; - type ParentAppId = | typeof ENDPOINT_SECURITY_ID | typeof THREAT_INTELLIGENCE_ID @@ -99,19 +101,6 @@ const GOOGLE_CLOUD_ID = buildSubAppId(CLOUD_SECURITY_ID, 'google_cloud'); const GITHUB_ID = buildSubAppId(CLOUD_SECURITY_ID, 'github'); const OFFICE365_ID = buildSubAppId(CLOUD_SECURITY_ID, 'office365'); const TRANSLATION_MESSAGES = Object.freeze({ - CLOUD_SECURITY_TITLE: i18n.translate( - `${PLUGIN_ID}.category.${CLOUD_SECURITY_ID}`, - { - defaultMessage: 'Cloud Security', - }, - ), - CLOUD_SECURITY_DESCRIPTION: i18n.translate( - `${PLUGIN_ID}.category.${CLOUD_SECURITY_ID}.description`, - { - defaultMessage: - 'Monitoring and protection for cloud environments against security threats.', - }, - ), CONFIGURATION_ASSESSMENT_TITLE: i18n.translate( `${PLUGIN_ID}.category.${CONFIGURATION_ASSESSMENT_ID}`, { @@ -263,7 +252,7 @@ export class AnalysisPlugin SecurityOperationsApp(core), { id: CLOUD_SECURITY_ID, - title: TRANSLATION_MESSAGES.CLOUD_SECURITY_TITLE, + title: CLOUD_SECURITY_TITLE, category: CATEGORY, mount: async (params: AppMountParameters) => { // TODO: Implement the cloud security application @@ -627,7 +616,7 @@ export class AnalysisPlugin }, { id: CLOUD_SECURITY_ID, - title: TRANSLATION_MESSAGES.CLOUD_SECURITY_TITLE, + title: CLOUD_SECURITY_TITLE, order: 3, category: CATEGORY, }, From 61eb709d85c8818a9398aef57092c5f847c7f4c4 Mon Sep 17 00:00:00 2001 From: Guido Modarelli Date: Wed, 22 Jan 2025 17:17:42 -0300 Subject: [PATCH 072/212] Add GroupsId type definition for security applications --- plugins/wazuh-analysis/public/groups/types.ts | 10 ++++++++++ 1 file changed, 10 insertions(+) create mode 100644 plugins/wazuh-analysis/public/groups/types.ts diff --git a/plugins/wazuh-analysis/public/groups/types.ts b/plugins/wazuh-analysis/public/groups/types.ts new file mode 100644 index 0000000000..b7088fb6d7 --- /dev/null +++ b/plugins/wazuh-analysis/public/groups/types.ts @@ -0,0 +1,10 @@ +import { CLOUD_SECURITY_ID } from './cloud-security/cloud-security'; +import { ENDPOINT_SECURITY_ID } from './endpoint-security/endpoint-security'; +import { SECURITY_OPERATIONS_ID } from './security-operations/security-operations'; +import { THREAT_INTELLIGENCE_ID } from './threat-intelligence/threat-intelligence'; + +export type GroupsId = + | typeof ENDPOINT_SECURITY_ID + | typeof THREAT_INTELLIGENCE_ID + | typeof SECURITY_OPERATIONS_ID + | typeof CLOUD_SECURITY_ID; From de104757ceb2bbc7b240be6cec1de38e5bd6de1f Mon Sep 17 00:00:00 2001 From: Guido Modarelli Date: Wed, 22 Jan 2025 17:19:13 -0300 Subject: [PATCH 073/212] Add navigation groups for security applications --- .../public/groups/nav-groups.ts | 45 +++++++++++++++++++ plugins/wazuh-analysis/public/plugin.ts | 27 +---------- 2 files changed, 46 insertions(+), 26 deletions(-) create mode 100644 plugins/wazuh-analysis/public/groups/nav-groups.ts diff --git a/plugins/wazuh-analysis/public/groups/nav-groups.ts b/plugins/wazuh-analysis/public/groups/nav-groups.ts new file mode 100644 index 0000000000..e96720ba6b --- /dev/null +++ b/plugins/wazuh-analysis/public/groups/nav-groups.ts @@ -0,0 +1,45 @@ +import { ChromeNavGroup } from 'opensearch-dashboards/public'; +import { + ENDPOINT_SECURITY_ID, + ENDPOINT_SECURITY_TITLE, + ENDPOINT_SECURITY_DESCRIPTION, +} from './endpoint-security/endpoint-security'; +import { + SECURITY_OPERATIONS_ID, + SECURITY_OPERATIONS_TITLE, + SECURITY_OPERATIONS_DESCRIPTION, +} from './security-operations/security-operations'; +import { + THREAT_INTELLIGENCE_ID, + THREAT_INTELLIGENCE_TITLE, + THREAT_INTELLIGENCE_DESCRIPTION, +} from './threat-intelligence/threat-intelligence'; +import { + CLOUD_SECURITY_ID, + CLOUD_SECURITY_TITLE, + CLOUD_SECURITY_DESCRIPTION, +} from './cloud-security/cloud-security'; +import { GroupsId } from './types'; + +export const NAV_GROUPS = Object.freeze({ + [ENDPOINT_SECURITY_ID]: { + id: ENDPOINT_SECURITY_ID, + title: ENDPOINT_SECURITY_TITLE, + description: ENDPOINT_SECURITY_DESCRIPTION, + }, + [THREAT_INTELLIGENCE_ID]: { + id: THREAT_INTELLIGENCE_ID, + title: THREAT_INTELLIGENCE_TITLE, + description: THREAT_INTELLIGENCE_DESCRIPTION, + }, + [SECURITY_OPERATIONS_ID]: { + id: SECURITY_OPERATIONS_ID, + title: SECURITY_OPERATIONS_TITLE, + description: SECURITY_OPERATIONS_DESCRIPTION, + }, + [CLOUD_SECURITY_ID]: { + id: CLOUD_SECURITY_ID, + title: CLOUD_SECURITY_TITLE, + description: CLOUD_SECURITY_DESCRIPTION, + }, +} satisfies Partial>); diff --git a/plugins/wazuh-analysis/public/plugin.ts b/plugins/wazuh-analysis/public/plugin.ts index 6f57bfd817..6f3c628baf 100644 --- a/plugins/wazuh-analysis/public/plugin.ts +++ b/plugins/wazuh-analysis/public/plugin.ts @@ -3,7 +3,6 @@ import { AppMount, AppMountParameters, AppUpdater, - ChromeNavGroup, NavGroupItemInMap, } from 'opensearch-dashboards/public'; import { first } from 'rxjs/operators'; @@ -23,26 +22,24 @@ import { CATEGORY } from './groups/category'; import { ENDPOINT_SECURITY_ID, ENDPOINT_SECURITY_TITLE, - ENDPOINT_SECURITY_DESCRIPTION, EndpointSecurityApp, } from './groups/endpoint-security/endpoint-security'; import { searchPages } from './components/global_search/search-pages-command'; import { THREAT_INTELLIGENCE_ID, THREAT_INTELLIGENCE_TITLE, - THREAT_INTELLIGENCE_DESCRIPTION, ThreatIntelligenceApp, } from './groups/threat-intelligence/threat-intelligence'; import { SECURITY_OPERATIONS_ID, SECURITY_OPERATIONS_TITLE, - SECURITY_OPERATIONS_DESCRIPTION, SecurityOperationsApp, } from './groups/security-operations/security-operations'; import { CLOUD_SECURITY_ID, CLOUD_SECURITY_TITLE, } from './groups/cloud-security/cloud-security'; +import { NAV_GROUPS } from './groups/nav-groups'; interface AnalysisSetupDependencies {} @@ -168,28 +165,6 @@ const TRANSLATION_MESSAGES = Object.freeze({ defaultMessage: 'Office 365', }), }); -const NAV_GROUPS = Object.freeze({ - [ENDPOINT_SECURITY_ID]: { - id: ENDPOINT_SECURITY_ID, - title: ENDPOINT_SECURITY_TITLE, - description: ENDPOINT_SECURITY_DESCRIPTION, - }, - [THREAT_INTELLIGENCE_ID]: { - id: THREAT_INTELLIGENCE_ID, - title: THREAT_INTELLIGENCE_TITLE, - description: THREAT_INTELLIGENCE_DESCRIPTION, - }, - [SECURITY_OPERATIONS_ID]: { - id: SECURITY_OPERATIONS_ID, - title: SECURITY_OPERATIONS_TITLE, - description: SECURITY_OPERATIONS_DESCRIPTION, - }, - [CLOUD_SECURITY_ID]: { - id: CLOUD_SECURITY_ID, - title: TRANSLATION_MESSAGES.CLOUD_SECURITY_TITLE, - description: TRANSLATION_MESSAGES.CLOUD_SECURITY_DESCRIPTION, - }, -} satisfies Partial>); function setNavLinkVisible(): Partial { return { From daa566b07a1d39221b83f04328c24360607d7093 Mon Sep 17 00:00:00 2001 From: Guido Modarelli Date: Wed, 22 Jan 2025 17:31:19 -0300 Subject: [PATCH 074/212] Add Cloud Security application structure and integration --- .../groups/cloud-security/cloud-security.ts | 16 ++++++++++++++++ plugins/wazuh-analysis/public/plugin.ts | 13 ++----------- 2 files changed, 18 insertions(+), 11 deletions(-) diff --git a/plugins/wazuh-analysis/public/groups/cloud-security/cloud-security.ts b/plugins/wazuh-analysis/public/groups/cloud-security/cloud-security.ts index 10f6a46948..999accf9c0 100644 --- a/plugins/wazuh-analysis/public/groups/cloud-security/cloud-security.ts +++ b/plugins/wazuh-analysis/public/groups/cloud-security/cloud-security.ts @@ -1,5 +1,11 @@ import { i18n } from '@osd/i18n'; +import { + App, + AppMountParameters, + CoreSetup, +} from 'opensearch-dashboards/public'; import { PLUGIN_ID } from '../../../common/constants'; +import { CATEGORY } from '../category'; export const CLOUD_SECURITY_ID = 'cloud_security'; export const CLOUD_SECURITY_TITLE = i18n.translate( @@ -15,3 +21,13 @@ export const CLOUD_SECURITY_DESCRIPTION = i18n.translate( 'Monitoring and protection for cloud environments against security threats.', }, ); + +export const CloudSecurityApp = (_core: CoreSetup): App => ({ + id: CLOUD_SECURITY_ID, + title: CLOUD_SECURITY_TITLE, + category: CATEGORY, + mount: + async (_params: AppMountParameters) => + // TODO: Implement the cloud security application + () => {}, +}); diff --git a/plugins/wazuh-analysis/public/plugin.ts b/plugins/wazuh-analysis/public/plugin.ts index 6f3c628baf..dbc8ee6f5d 100644 --- a/plugins/wazuh-analysis/public/plugin.ts +++ b/plugins/wazuh-analysis/public/plugin.ts @@ -38,6 +38,7 @@ import { import { CLOUD_SECURITY_ID, CLOUD_SECURITY_TITLE, + CloudSecurityApp, } from './groups/cloud-security/cloud-security'; import { NAV_GROUPS } from './groups/nav-groups'; @@ -225,17 +226,7 @@ export class AnalysisPlugin EndpointSecurityApp(core), ThreatIntelligenceApp(core), SecurityOperationsApp(core), - { - id: CLOUD_SECURITY_ID, - title: CLOUD_SECURITY_TITLE, - category: CATEGORY, - mount: async (params: AppMountParameters) => { - // TODO: Implement the cloud security application - const { renderApp } = await import('./application'); - - return renderApp(params, {}); - }, - }, + CloudSecurityApp(core), ]; for (const app of applications) { From cfe3b473d02ad0ddd62c7921b12b983ce899bcb8 Mon Sep 17 00:00:00 2001 From: Guido Modarelli Date: Wed, 22 Jan 2025 17:38:44 -0300 Subject: [PATCH 075/212] Enable new home page feature in OpenSearch Dashboards configuration --- docker/osd-dev/config/2.x/osd/opensearch_dashboards.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/docker/osd-dev/config/2.x/osd/opensearch_dashboards.yml b/docker/osd-dev/config/2.x/osd/opensearch_dashboards.yml index 91d018b929..f33c639ad4 100755 --- a/docker/osd-dev/config/2.x/osd/opensearch_dashboards.yml +++ b/docker/osd-dev/config/2.x/osd/opensearch_dashboards.yml @@ -9,6 +9,9 @@ opensearch.ssl.verificationMode: certificate opensearch.requestHeadersAllowlist: ['securitytenant', 'Authorization'] # opensearch_security.multitenancy.enabled: false +uiSettings: + overrides: + 'home:useNewHomePage': true opensearch_security.readonly_mode.roles: ['kibana_read_only'] server.ssl.enabled: true server.ssl.key: '/home/node/kbn/certs/osd.key' From 991b350a4785f1b4a863f6b31cfe913351213802 Mon Sep 17 00:00:00 2001 From: Guido Modarelli Date: Mon, 3 Feb 2025 08:15:30 -0300 Subject: [PATCH 076/212] Refactor buildSubAppId function into utils for better modularity --- plugins/wazuh-analysis/public/plugin.ts | 13 +------------ plugins/wazuh-analysis/public/utils/index.ts | 11 +++++++++++ 2 files changed, 12 insertions(+), 12 deletions(-) create mode 100644 plugins/wazuh-analysis/public/utils/index.ts diff --git a/plugins/wazuh-analysis/public/plugin.ts b/plugins/wazuh-analysis/public/plugin.ts index dbc8ee6f5d..6c81f42829 100644 --- a/plugins/wazuh-analysis/public/plugin.ts +++ b/plugins/wazuh-analysis/public/plugin.ts @@ -41,6 +41,7 @@ import { CloudSecurityApp, } from './groups/cloud-security/cloud-security'; import { NAV_GROUPS } from './groups/nav-groups'; +import { buildSubAppId } from './utils'; interface AnalysisSetupDependencies {} @@ -48,18 +49,6 @@ interface AnalysisStartDependencies { navigation: NavigationPublicPluginStart; } -/** - * The function `generateSubAppId` takes a parent app ID and a sub app ID, and - * returns a combined ID with the sub app ID URL-encoded. - * @param {string} parentAppId - The `parentAppId` parameter is a string - * representing the ID of the parent application. - * @param {string} subAppId - The `subAppId` parameter is a string representing the - * ID of a sub-application within a parent application. - */ -function buildSubAppId(parentAppId: string, subAppId: string) { - return `${parentAppId}_${encodeURIComponent(`/${subAppId}`)}`; -} - type ParentAppId = | typeof ENDPOINT_SECURITY_ID | typeof THREAT_INTELLIGENCE_ID diff --git a/plugins/wazuh-analysis/public/utils/index.ts b/plugins/wazuh-analysis/public/utils/index.ts new file mode 100644 index 0000000000..d8523e44df --- /dev/null +++ b/plugins/wazuh-analysis/public/utils/index.ts @@ -0,0 +1,11 @@ +/** + * The function `generateSubAppId` takes a parent app ID and a sub app ID, and + * returns a combined ID with the sub app ID URL-encoded. + * @param {string} parentAppId - The `parentAppId` parameter is a string + * representing the ID of the parent application. + * @param {string} subAppId - The `subAppId` parameter is a string representing the + * ID of a sub-application within a parent application. + */ +export function buildSubAppId(parentAppId: string, subAppId: string) { + return `${parentAppId}_${encodeURIComponent(`/${subAppId}`)}`; +} From febcf7da619e5ec547fbde3a3ef4466efb72e04e Mon Sep 17 00:00:00 2001 From: Guido Modarelli Date: Mon, 3 Feb 2025 08:34:49 -0300 Subject: [PATCH 077/212] Move navigateToFirstAppInNavGroup function to utils and update imports --- plugins/wazuh-analysis/public/plugin.ts | 28 +------------------- plugins/wazuh-analysis/public/utils/index.ts | 27 +++++++++++++++++++ 2 files changed, 28 insertions(+), 27 deletions(-) diff --git a/plugins/wazuh-analysis/public/plugin.ts b/plugins/wazuh-analysis/public/plugin.ts index 6c81f42829..bdf866cab0 100644 --- a/plugins/wazuh-analysis/public/plugin.ts +++ b/plugins/wazuh-analysis/public/plugin.ts @@ -3,7 +3,6 @@ import { AppMount, AppMountParameters, AppUpdater, - NavGroupItemInMap, } from 'opensearch-dashboards/public'; import { first } from 'rxjs/operators'; import { Subject } from 'rxjs'; @@ -41,7 +40,7 @@ import { CloudSecurityApp, } from './groups/cloud-security/cloud-security'; import { NAV_GROUPS } from './groups/nav-groups'; -import { buildSubAppId } from './utils'; +import { buildSubAppId, navigateToFirstAppInNavGroup } from './utils'; interface AnalysisSetupDependencies {} @@ -172,31 +171,6 @@ async function getCurrentNavGroup(core: CoreStart) { return core.chrome.navGroup.getCurrentNavGroup$().pipe(first()).toPromise(); } -/** - * The function `navigateToFirstAppInNavGroup` navigates to the first app in a - * specified navigation group if it exists. - * @param {CoreStart} core - The `core` parameter is an object that provides access - * to core services in Kibana, such as application navigation, HTTP requests, and - * more. It is typically provided by the Kibana platform to plugins and can be used - * to interact with various functionalities within the Kibana application. - * @param {NavGroupItemInMap | undefined} navGroup - The `navGroup` parameter is - * expected to be an object that represents a navigation group item in a map. It - * should have a property `navLinks` which is an array of navigation links. Each - * navigation link in the `navLinks` array should have an `id` property that - * represents the ID - */ -const navigateToFirstAppInNavGroup = async ( - core: CoreStart, - navGroup: NavGroupItemInMap | undefined, -) => { - // Get the first nav item, if it exists navigate to the app - const firstNavItem = navGroup?.navLinks[0]; - - if (firstNavItem?.id) { - core.application.navigateToApp(firstNavItem.id); - } -}; - export class AnalysisPlugin implements Plugin diff --git a/plugins/wazuh-analysis/public/utils/index.ts b/plugins/wazuh-analysis/public/utils/index.ts index d8523e44df..6c97f47b3e 100644 --- a/plugins/wazuh-analysis/public/utils/index.ts +++ b/plugins/wazuh-analysis/public/utils/index.ts @@ -1,3 +1,5 @@ +import { CoreStart, NavGroupItemInMap } from '../../../../src/core/public'; + /** * The function `generateSubAppId` takes a parent app ID and a sub app ID, and * returns a combined ID with the sub app ID URL-encoded. @@ -9,3 +11,28 @@ export function buildSubAppId(parentAppId: string, subAppId: string) { return `${parentAppId}_${encodeURIComponent(`/${subAppId}`)}`; } + +/** + * The function `navigateToFirstAppInNavGroup` navigates to the first app in a + * specified navigation group if it exists. + * @param {CoreStart} core - The `core` parameter is an object that provides access + * to core services in Kibana, such as application navigation, HTTP requests, and + * more. It is typically provided by the Kibana platform to plugins and can be used + * to interact with various functionalities within the Kibana application. + * @param {NavGroupItemInMap | undefined} navGroup - The `navGroup` parameter is + * expected to be an object that represents a navigation group item in a map. It + * should have a property `navLinks` which is an array of navigation links. Each + * navigation link in the `navLinks` array should have an `id` property that + * represents the ID + */ +export async function navigateToFirstAppInNavGroup( + core: CoreStart, + navGroup: NavGroupItemInMap | undefined, +) { + // Get the first nav item, if it exists navigate to the app + const firstNavItem = navGroup?.navLinks[0]; + + if (firstNavItem?.id) { + core.application.navigateToApp(firstNavItem.id); + } +} From 5bd0480fd665a502a3a29cd9c829cfe7d3d76e76 Mon Sep 17 00:00:00 2001 From: Guido Modarelli Date: Mon, 3 Feb 2025 08:38:25 -0300 Subject: [PATCH 078/212] Rename `generateSubAppId` function to `buildSubAppId` for consistency --- plugins/wazuh-analysis/public/utils/index.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/plugins/wazuh-analysis/public/utils/index.ts b/plugins/wazuh-analysis/public/utils/index.ts index 6c97f47b3e..43817ac723 100644 --- a/plugins/wazuh-analysis/public/utils/index.ts +++ b/plugins/wazuh-analysis/public/utils/index.ts @@ -1,7 +1,7 @@ import { CoreStart, NavGroupItemInMap } from '../../../../src/core/public'; /** - * The function `generateSubAppId` takes a parent app ID and a sub app ID, and + * The function `buildSubAppId` takes a parent app ID and a sub app ID, and * returns a combined ID with the sub app ID URL-encoded. * @param {string} parentAppId - The `parentAppId` parameter is a string * representing the ID of the parent application. From 0fc0b521769f016288c5da8721f58132d53627e5 Mon Sep 17 00:00:00 2001 From: Guido Modarelli Date: Mon, 3 Feb 2025 08:59:38 -0300 Subject: [PATCH 079/212] Add endpoint security and threat intelligence applications --- .../groups/endpoint-security/applications.ts | 78 ++++++++++ .../threat-intelligence/applications.ts | 81 +++++++++++ plugins/wazuh-analysis/public/plugin.ts | 135 ++---------------- 3 files changed, 167 insertions(+), 127 deletions(-) create mode 100644 plugins/wazuh-analysis/public/groups/endpoint-security/applications.ts create mode 100644 plugins/wazuh-analysis/public/groups/threat-intelligence/applications.ts diff --git a/plugins/wazuh-analysis/public/groups/endpoint-security/applications.ts b/plugins/wazuh-analysis/public/groups/endpoint-security/applications.ts new file mode 100644 index 0000000000..2aeb47d8ab --- /dev/null +++ b/plugins/wazuh-analysis/public/groups/endpoint-security/applications.ts @@ -0,0 +1,78 @@ +import { + AppMountParameters, + AppNavLinkStatus, + AppUpdater, +} from 'opensearch-dashboards/public'; +import { Subject } from 'rxjs'; +import { i18n } from '@osd/i18n'; +import { buildSubAppId } from '../../utils'; +import { PLUGIN_ID } from '../../../common/constants'; +import { ENDPOINT_SECURITY_ID } from './endpoint-security'; + +const CONFIGURATION_ASSESSMENT_ID = buildSubAppId( + ENDPOINT_SECURITY_ID, + 'configuration_assessment', +); +const MALWARE_DETECTION_ID = buildSubAppId( + ENDPOINT_SECURITY_ID, + 'malware_detection', +); +const FIM_ID = buildSubAppId(ENDPOINT_SECURITY_ID, 'fim'); +const TRANSLATION_MESSAGES = Object.freeze({ + CONFIGURATION_ASSESSMENT_TITLE: i18n.translate( + `${PLUGIN_ID}.category.${CONFIGURATION_ASSESSMENT_ID}`, + { + defaultMessage: 'Configuration Assessment', + }, + ), + MALWARE_DETECTION_TITLE: i18n.translate( + `${PLUGIN_ID}.category.${MALWARE_DETECTION_ID}`, + { + defaultMessage: 'Malware Detection', + }, + ), + FIM_TITLE: i18n.translate(`${PLUGIN_ID}.category.${FIM_ID}`, { + defaultMessage: 'File Integrity Monitoring', + }), +}); + +export function getEndpointSecurityApps(updater$: Subject) { + return [ + { + id: CONFIGURATION_ASSESSMENT_ID, + title: TRANSLATION_MESSAGES.CONFIGURATION_ASSESSMENT_TITLE, + navLinkStatus: AppNavLinkStatus.hidden, + updater$, + mount: async (params: AppMountParameters) => { + // TODO: Implement the configuration assessment application + const { renderApp } = await import('../../application'); + + return await renderApp(params, {}); + }, + }, + { + id: MALWARE_DETECTION_ID, + title: TRANSLATION_MESSAGES.MALWARE_DETECTION_TITLE, + navLinkStatus: AppNavLinkStatus.hidden, + updater$, + mount: async (params: AppMountParameters) => { + // TODO: Implement the malware detection application + const { renderApp } = await import('../../application'); + + return await renderApp(params, {}); + }, + }, + { + id: FIM_ID, + title: TRANSLATION_MESSAGES.FIM_TITLE, + navLinkStatus: AppNavLinkStatus.hidden, + updater$, + mount: async (params: AppMountParameters) => { + // TODO: Implement the fim application + const { renderApp } = await import('../../application'); + + return await renderApp(params, {}); + }, + }, + ]; +} diff --git a/plugins/wazuh-analysis/public/groups/threat-intelligence/applications.ts b/plugins/wazuh-analysis/public/groups/threat-intelligence/applications.ts new file mode 100644 index 0000000000..bc53d8a83f --- /dev/null +++ b/plugins/wazuh-analysis/public/groups/threat-intelligence/applications.ts @@ -0,0 +1,81 @@ +import { + AppMountParameters, + AppNavLinkStatus, + AppUpdater, +} from 'opensearch-dashboards/public'; +import { Subject } from 'rxjs'; +import { i18n } from '@osd/i18n'; +import { buildSubAppId } from '../../utils'; +import { PLUGIN_ID } from '../../../common/constants'; +import { THREAT_INTELLIGENCE_ID } from './threat-intelligence'; + +const THREAT_HUNTING_ID = buildSubAppId( + THREAT_INTELLIGENCE_ID, + 'threat_hunting', +); +const VULNERABILITY_DETECTION_ID = buildSubAppId( + THREAT_INTELLIGENCE_ID, + 'vulnerability_detection', +); +const MITRE_ATTACK_ID = buildSubAppId(THREAT_INTELLIGENCE_ID, 'mitre_attack'); +const TRANSLATION_MESSAGES = Object.freeze({ + THREAT_HUNTING_TITLE: i18n.translate( + `${PLUGIN_ID}.category.${THREAT_HUNTING_ID}`, + { + defaultMessage: 'Threat Hunting', + }, + ), + VULNERABILITY_DETECTION_TITLE: i18n.translate( + `${PLUGIN_ID}.category.${VULNERABILITY_DETECTION_ID}`, + { + defaultMessage: 'Vulnerability Detection', + }, + ), + MITRE_ATTACK_TITLE: i18n.translate( + `${PLUGIN_ID}.category.${MITRE_ATTACK_ID}`, + { + defaultMessage: 'MITRE ATT&CK', + }, + ), +}); + +export function getThreatIntelligenceApps(updater$: Subject) { + return [ + { + id: THREAT_HUNTING_ID, + title: TRANSLATION_MESSAGES.THREAT_HUNTING_TITLE, + navLinkStatus: AppNavLinkStatus.hidden, + updater$, + mount: async (params: AppMountParameters) => { + // TODO: Implement the threat hunting application + const { renderApp } = await import('../../application'); + + return await renderApp(params, {}); + }, + }, + { + id: VULNERABILITY_DETECTION_ID, + title: TRANSLATION_MESSAGES.VULNERABILITY_DETECTION_TITLE, + navLinkStatus: AppNavLinkStatus.hidden, + updater$, + mount: async (params: AppMountParameters) => { + // TODO: Implement the vulnerability detection application + const { renderApp } = await import('../../application'); + + return await renderApp(params, {}); + }, + }, + { + id: MITRE_ATTACK_ID, + title: TRANSLATION_MESSAGES.MITRE_ATTACK_TITLE, + navLinkStatus: AppNavLinkStatus.hidden, + updater$, + mount: async (params: AppMountParameters) => { + // TODO: Implement the mitre attack application + const { renderApp } = await import('../../application'); + + return await renderApp(params, {}); + }, + }, + ]; +} diff --git a/plugins/wazuh-analysis/public/plugin.ts b/plugins/wazuh-analysis/public/plugin.ts index bdf866cab0..9725e9a995 100644 --- a/plugins/wazuh-analysis/public/plugin.ts +++ b/plugins/wazuh-analysis/public/plugin.ts @@ -41,6 +41,8 @@ import { } from './groups/cloud-security/cloud-security'; import { NAV_GROUPS } from './groups/nav-groups'; import { buildSubAppId, navigateToFirstAppInNavGroup } from './utils'; +import { getEndpointSecurityApps } from './groups/endpoint-security/applications'; +import { getThreatIntelligenceApps } from './groups/threat-intelligence/applications'; interface AnalysisSetupDependencies {} @@ -54,24 +56,6 @@ type ParentAppId = | typeof SECURITY_OPERATIONS_ID | typeof CLOUD_SECURITY_ID; -const CONFIGURATION_ASSESSMENT_ID = buildSubAppId( - ENDPOINT_SECURITY_ID, - 'configuration_assessment', -); -const MALWARE_DETECTION_ID = buildSubAppId( - ENDPOINT_SECURITY_ID, - 'malware_detection', -); -const FIM_ID = buildSubAppId(ENDPOINT_SECURITY_ID, 'fim'); -const THREAT_HUNTING_ID = buildSubAppId( - THREAT_INTELLIGENCE_ID, - 'threat_hunting', -); -const VULNERABILITY_DETECTION_ID = buildSubAppId( - THREAT_INTELLIGENCE_ID, - 'vulnerability_detection', -); -const MITRE_ATTACK_ID = buildSubAppId(THREAT_INTELLIGENCE_ID, 'mitre_attack'); const REGULATORY_COMPLIANCE_ID = buildSubAppId( SECURITY_OPERATIONS_ID, 'regulatory_compliance', @@ -87,39 +71,6 @@ const GOOGLE_CLOUD_ID = buildSubAppId(CLOUD_SECURITY_ID, 'google_cloud'); const GITHUB_ID = buildSubAppId(CLOUD_SECURITY_ID, 'github'); const OFFICE365_ID = buildSubAppId(CLOUD_SECURITY_ID, 'office365'); const TRANSLATION_MESSAGES = Object.freeze({ - CONFIGURATION_ASSESSMENT_TITLE: i18n.translate( - `${PLUGIN_ID}.category.${CONFIGURATION_ASSESSMENT_ID}`, - { - defaultMessage: 'Configuration Assessment', - }, - ), - MALWARE_DETECTION_TITLE: i18n.translate( - `${PLUGIN_ID}.category.${MALWARE_DETECTION_ID}`, - { - defaultMessage: 'Malware Detection', - }, - ), - FIM_TITLE: i18n.translate(`${PLUGIN_ID}.category.${FIM_ID}`, { - defaultMessage: 'File Integrity Monitoring', - }), - THREAT_HUNTING_TITLE: i18n.translate( - `${PLUGIN_ID}.category.${THREAT_HUNTING_ID}`, - { - defaultMessage: 'Threat Hunting', - }, - ), - VULNERABILITY_DETECTION_TITLE: i18n.translate( - `${PLUGIN_ID}.category.${VULNERABILITY_DETECTION_ID}`, - { - defaultMessage: 'Vulnerability Detection', - }, - ), - MITRE_ATTACK_TITLE: i18n.translate( - `${PLUGIN_ID}.category.${MITRE_ATTACK_ID}`, - { - defaultMessage: 'MITRE ATT&CK', - }, - ), REGULATORY_COMPLIANCE_TITLE: i18n.translate( `${PLUGIN_ID}.category.${REGULATORY_COMPLIANCE_ID}`, { @@ -222,82 +173,12 @@ export class AnalysisPlugin } const subApps = { - [ENDPOINT_SECURITY_ID]: [ - { - id: CONFIGURATION_ASSESSMENT_ID, - title: TRANSLATION_MESSAGES.CONFIGURATION_ASSESSMENT_TITLE, - navLinkStatus: AppNavLinkStatus.hidden, - updater$: this.appStatusUpdater$[ENDPOINT_SECURITY_ID], - mount: async (params: AppMountParameters) => { - // TODO: Implement the configuration assessment application - const { renderApp } = await import('./application'); - - return await renderApp(params, {}); - }, - }, - { - id: MALWARE_DETECTION_ID, - title: TRANSLATION_MESSAGES.MALWARE_DETECTION_TITLE, - navLinkStatus: AppNavLinkStatus.hidden, - updater$: this.appStatusUpdater$[ENDPOINT_SECURITY_ID], - mount: async (params: AppMountParameters) => { - // TODO: Implement the malware detection application - const { renderApp } = await import('./application'); - - return await renderApp(params, {}); - }, - }, - { - id: FIM_ID, - title: TRANSLATION_MESSAGES.FIM_TITLE, - navLinkStatus: AppNavLinkStatus.hidden, - updater$: this.appStatusUpdater$[ENDPOINT_SECURITY_ID], - mount: async (params: AppMountParameters) => { - // TODO: Implement the fim application - const { renderApp } = await import('./application'); - - return await renderApp(params, {}); - }, - }, - ], - [THREAT_INTELLIGENCE_ID]: [ - { - id: THREAT_HUNTING_ID, - title: TRANSLATION_MESSAGES.THREAT_HUNTING_TITLE, - navLinkStatus: AppNavLinkStatus.hidden, - updater$: this.appStatusUpdater$[THREAT_INTELLIGENCE_ID], - mount: async (params: AppMountParameters) => { - // TODO: Implement the threat hunting application - const { renderApp } = await import('./application'); - - return await renderApp(params, {}); - }, - }, - { - id: VULNERABILITY_DETECTION_ID, - title: TRANSLATION_MESSAGES.VULNERABILITY_DETECTION_TITLE, - navLinkStatus: AppNavLinkStatus.hidden, - updater$: this.appStatusUpdater$[THREAT_INTELLIGENCE_ID], - mount: async (params: AppMountParameters) => { - // TODO: Implement the vulnerability detection application - const { renderApp } = await import('./application'); - - return await renderApp(params, {}); - }, - }, - { - id: MITRE_ATTACK_ID, - title: TRANSLATION_MESSAGES.MITRE_ATTACK_TITLE, - navLinkStatus: AppNavLinkStatus.hidden, - updater$: this.appStatusUpdater$[THREAT_INTELLIGENCE_ID], - mount: async (params: AppMountParameters) => { - // TODO: Implement the mitre attack application - const { renderApp } = await import('./application'); - - return await renderApp(params, {}); - }, - }, - ], + [ENDPOINT_SECURITY_ID]: getEndpointSecurityApps( + this.appStatusUpdater$[ENDPOINT_SECURITY_ID], + ), + [THREAT_INTELLIGENCE_ID]: getThreatIntelligenceApps( + this.appStatusUpdater$[THREAT_INTELLIGENCE_ID], + ), [SECURITY_OPERATIONS_ID]: [ { id: REGULATORY_COMPLIANCE_ID, From 64883934db5fb3fe97ddce05b36e5ec83d1c14ee Mon Sep 17 00:00:00 2001 From: Guido Modarelli Date: Mon, 3 Feb 2025 09:07:25 -0300 Subject: [PATCH 080/212] Export application IDs and titles for endpoint security and threat intelligence --- .../groups/endpoint-security/applications.ts | 42 +++++++-------- .../threat-intelligence/applications.ts | 53 ++++++++++--------- plugins/wazuh-analysis/public/plugin.ts | 32 ++++++++--- 3 files changed, 71 insertions(+), 56 deletions(-) diff --git a/plugins/wazuh-analysis/public/groups/endpoint-security/applications.ts b/plugins/wazuh-analysis/public/groups/endpoint-security/applications.ts index 2aeb47d8ab..48761c02d0 100644 --- a/plugins/wazuh-analysis/public/groups/endpoint-security/applications.ts +++ b/plugins/wazuh-analysis/public/groups/endpoint-security/applications.ts @@ -9,38 +9,36 @@ import { buildSubAppId } from '../../utils'; import { PLUGIN_ID } from '../../../common/constants'; import { ENDPOINT_SECURITY_ID } from './endpoint-security'; -const CONFIGURATION_ASSESSMENT_ID = buildSubAppId( +export const CONFIGURATION_ASSESSMENT_ID = buildSubAppId( ENDPOINT_SECURITY_ID, 'configuration_assessment', ); -const MALWARE_DETECTION_ID = buildSubAppId( +export const MALWARE_DETECTION_ID = buildSubAppId( ENDPOINT_SECURITY_ID, 'malware_detection', ); -const FIM_ID = buildSubAppId(ENDPOINT_SECURITY_ID, 'fim'); -const TRANSLATION_MESSAGES = Object.freeze({ - CONFIGURATION_ASSESSMENT_TITLE: i18n.translate( - `${PLUGIN_ID}.category.${CONFIGURATION_ASSESSMENT_ID}`, - { - defaultMessage: 'Configuration Assessment', - }, - ), - MALWARE_DETECTION_TITLE: i18n.translate( - `${PLUGIN_ID}.category.${MALWARE_DETECTION_ID}`, - { - defaultMessage: 'Malware Detection', - }, - ), - FIM_TITLE: i18n.translate(`${PLUGIN_ID}.category.${FIM_ID}`, { - defaultMessage: 'File Integrity Monitoring', - }), +export const FIM_ID = buildSubAppId(ENDPOINT_SECURITY_ID, 'fim'); +export const CONFIGURATION_ASSESSMENT_TITLE = i18n.translate( + `${PLUGIN_ID}.category.${CONFIGURATION_ASSESSMENT_ID}`, + { + defaultMessage: 'Configuration Assessment', + }, +); +export const MALWARE_DETECTION_TITLE = i18n.translate( + `${PLUGIN_ID}.category.${MALWARE_DETECTION_ID}`, + { + defaultMessage: 'Malware Detection', + }, +); +export const FIM_TITLE = i18n.translate(`${PLUGIN_ID}.category.${FIM_ID}`, { + defaultMessage: 'File Integrity Monitoring', }); export function getEndpointSecurityApps(updater$: Subject) { return [ { id: CONFIGURATION_ASSESSMENT_ID, - title: TRANSLATION_MESSAGES.CONFIGURATION_ASSESSMENT_TITLE, + title: CONFIGURATION_ASSESSMENT_TITLE, navLinkStatus: AppNavLinkStatus.hidden, updater$, mount: async (params: AppMountParameters) => { @@ -52,7 +50,7 @@ export function getEndpointSecurityApps(updater$: Subject) { }, { id: MALWARE_DETECTION_ID, - title: TRANSLATION_MESSAGES.MALWARE_DETECTION_TITLE, + title: MALWARE_DETECTION_TITLE, navLinkStatus: AppNavLinkStatus.hidden, updater$, mount: async (params: AppMountParameters) => { @@ -64,7 +62,7 @@ export function getEndpointSecurityApps(updater$: Subject) { }, { id: FIM_ID, - title: TRANSLATION_MESSAGES.FIM_TITLE, + title: FIM_TITLE, navLinkStatus: AppNavLinkStatus.hidden, updater$, mount: async (params: AppMountParameters) => { diff --git a/plugins/wazuh-analysis/public/groups/threat-intelligence/applications.ts b/plugins/wazuh-analysis/public/groups/threat-intelligence/applications.ts index bc53d8a83f..8d3e4f5cb5 100644 --- a/plugins/wazuh-analysis/public/groups/threat-intelligence/applications.ts +++ b/plugins/wazuh-analysis/public/groups/threat-intelligence/applications.ts @@ -9,41 +9,42 @@ import { buildSubAppId } from '../../utils'; import { PLUGIN_ID } from '../../../common/constants'; import { THREAT_INTELLIGENCE_ID } from './threat-intelligence'; -const THREAT_HUNTING_ID = buildSubAppId( +export const THREAT_HUNTING_ID = buildSubAppId( THREAT_INTELLIGENCE_ID, 'threat_hunting', ); -const VULNERABILITY_DETECTION_ID = buildSubAppId( +export const VULNERABILITY_DETECTION_ID = buildSubAppId( THREAT_INTELLIGENCE_ID, 'vulnerability_detection', ); -const MITRE_ATTACK_ID = buildSubAppId(THREAT_INTELLIGENCE_ID, 'mitre_attack'); -const TRANSLATION_MESSAGES = Object.freeze({ - THREAT_HUNTING_TITLE: i18n.translate( - `${PLUGIN_ID}.category.${THREAT_HUNTING_ID}`, - { - defaultMessage: 'Threat Hunting', - }, - ), - VULNERABILITY_DETECTION_TITLE: i18n.translate( - `${PLUGIN_ID}.category.${VULNERABILITY_DETECTION_ID}`, - { - defaultMessage: 'Vulnerability Detection', - }, - ), - MITRE_ATTACK_TITLE: i18n.translate( - `${PLUGIN_ID}.category.${MITRE_ATTACK_ID}`, - { - defaultMessage: 'MITRE ATT&CK', - }, - ), -}); +export const MITRE_ATTACK_ID = buildSubAppId( + THREAT_INTELLIGENCE_ID, + 'mitre_attack', +); +export const THREAT_HUNTING_TITLE = i18n.translate( + `${PLUGIN_ID}.category.${THREAT_HUNTING_ID}`, + { + defaultMessage: 'Threat Hunting', + }, +); +export const VULNERABILITY_DETECTION_TITLE = i18n.translate( + `${PLUGIN_ID}.category.${VULNERABILITY_DETECTION_ID}`, + { + defaultMessage: 'Vulnerability Detection', + }, +); +export const MITRE_ATTACK_TITLE = i18n.translate( + `${PLUGIN_ID}.category.${MITRE_ATTACK_ID}`, + { + defaultMessage: 'MITRE ATT&CK', + }, +); export function getThreatIntelligenceApps(updater$: Subject) { return [ { id: THREAT_HUNTING_ID, - title: TRANSLATION_MESSAGES.THREAT_HUNTING_TITLE, + title: THREAT_HUNTING_TITLE, navLinkStatus: AppNavLinkStatus.hidden, updater$, mount: async (params: AppMountParameters) => { @@ -55,7 +56,7 @@ export function getThreatIntelligenceApps(updater$: Subject) { }, { id: VULNERABILITY_DETECTION_ID, - title: TRANSLATION_MESSAGES.VULNERABILITY_DETECTION_TITLE, + title: VULNERABILITY_DETECTION_TITLE, navLinkStatus: AppNavLinkStatus.hidden, updater$, mount: async (params: AppMountParameters) => { @@ -67,7 +68,7 @@ export function getThreatIntelligenceApps(updater$: Subject) { }, { id: MITRE_ATTACK_ID, - title: TRANSLATION_MESSAGES.MITRE_ATTACK_TITLE, + title: MITRE_ATTACK_TITLE, navLinkStatus: AppNavLinkStatus.hidden, updater$, mount: async (params: AppMountParameters) => { diff --git a/plugins/wazuh-analysis/public/plugin.ts b/plugins/wazuh-analysis/public/plugin.ts index 9725e9a995..e92328ef1d 100644 --- a/plugins/wazuh-analysis/public/plugin.ts +++ b/plugins/wazuh-analysis/public/plugin.ts @@ -41,8 +41,24 @@ import { } from './groups/cloud-security/cloud-security'; import { NAV_GROUPS } from './groups/nav-groups'; import { buildSubAppId, navigateToFirstAppInNavGroup } from './utils'; -import { getEndpointSecurityApps } from './groups/endpoint-security/applications'; -import { getThreatIntelligenceApps } from './groups/threat-intelligence/applications'; +import { + CONFIGURATION_ASSESSMENT_ID, + CONFIGURATION_ASSESSMENT_TITLE, + FIM_ID, + FIM_TITLE, + getEndpointSecurityApps, + MALWARE_DETECTION_ID, + MALWARE_DETECTION_TITLE, +} from './groups/endpoint-security/applications'; +import { + getThreatIntelligenceApps, + MITRE_ATTACK_ID, + MITRE_ATTACK_TITLE, + THREAT_HUNTING_ID, + THREAT_HUNTING_TITLE, + VULNERABILITY_DETECTION_ID, + VULNERABILITY_DETECTION_TITLE, +} from './groups/threat-intelligence/applications'; interface AnalysisSetupDependencies {} @@ -321,17 +337,17 @@ export class AnalysisPlugin { // Configuration assessment id: CONFIGURATION_ASSESSMENT_ID, - title: TRANSLATION_MESSAGES.CONFIGURATION_ASSESSMENT_TITLE, + title: CONFIGURATION_ASSESSMENT_TITLE, }, { // Malware detection id: MALWARE_DETECTION_ID, - title: TRANSLATION_MESSAGES.MALWARE_DETECTION_TITLE, + title: MALWARE_DETECTION_TITLE, }, { // FIM id: FIM_ID, - title: TRANSLATION_MESSAGES.FIM_TITLE, + title: FIM_TITLE, }, ]); @@ -341,17 +357,17 @@ export class AnalysisPlugin { // Threat hunting id: THREAT_HUNTING_ID, - title: TRANSLATION_MESSAGES.THREAT_HUNTING_TITLE, + title: THREAT_HUNTING_TITLE, }, { // Vulnerability detection id: VULNERABILITY_DETECTION_ID, - title: TRANSLATION_MESSAGES.VULNERABILITY_DETECTION_TITLE, + title: VULNERABILITY_DETECTION_TITLE, }, { // MITRE ATT&CK id: MITRE_ATTACK_ID, - title: TRANSLATION_MESSAGES.MITRE_ATTACK_TITLE, + title: MITRE_ATTACK_TITLE, }, ], ); From 0b1901c1d7301dbd3d255384893ca1af269fae59 Mon Sep 17 00:00:00 2001 From: Guido Modarelli Date: Mon, 3 Feb 2025 09:10:26 -0300 Subject: [PATCH 081/212] Add security operations applications with IDs and titles --- .../security-operations/applications.ts | 82 +++++++++++++++++++ plugins/wazuh-analysis/public/plugin.ts | 80 ++++-------------- 2 files changed, 97 insertions(+), 65 deletions(-) create mode 100644 plugins/wazuh-analysis/public/groups/security-operations/applications.ts diff --git a/plugins/wazuh-analysis/public/groups/security-operations/applications.ts b/plugins/wazuh-analysis/public/groups/security-operations/applications.ts new file mode 100644 index 0000000000..0ae9f217a5 --- /dev/null +++ b/plugins/wazuh-analysis/public/groups/security-operations/applications.ts @@ -0,0 +1,82 @@ +import { + AppMountParameters, + AppNavLinkStatus, + AppUpdater, +} from 'opensearch-dashboards/public'; +import { Subject } from 'rxjs'; +import { i18n } from '@osd/i18n'; +import { buildSubAppId } from '../../utils'; +import { PLUGIN_ID } from '../../../common/constants'; +import { SECURITY_OPERATIONS_ID } from './security-operations'; + +export const REGULATORY_COMPLIANCE_ID = buildSubAppId( + SECURITY_OPERATIONS_ID, + 'regulatory_compliance', +); +export const IT_HYGIENE_ID = buildSubAppId( + SECURITY_OPERATIONS_ID, + 'it_hygiene', +); +export const INCIDENT_RESPONSE_ID = buildSubAppId( + SECURITY_OPERATIONS_ID, + 'incident_response', +); +export const REGULATORY_COMPLIANCE_TITLE = i18n.translate( + `${PLUGIN_ID}.category.${REGULATORY_COMPLIANCE_ID}`, + { + defaultMessage: 'Regulatory Compliance', + }, +); +export const IT_HYGIENE_TITLE = i18n.translate( + `${PLUGIN_ID}.category.${IT_HYGIENE_ID}`, + { + defaultMessage: 'IT Hygiene', + }, +); +export const INCIDENT_RESPONSE_TITLE = i18n.translate( + `${PLUGIN_ID}.category.${INCIDENT_RESPONSE_ID}`, + { + defaultMessage: 'Incident Response', + }, +); + +export function getSecurityOperationsApps(updater$: Subject) { + return [ + { + id: REGULATORY_COMPLIANCE_ID, + title: REGULATORY_COMPLIANCE_TITLE, + navLinkStatus: AppNavLinkStatus.hidden, + updater$, + mount: async (params: AppMountParameters) => { + // TODO: Implement the regulatory compliance application + const { renderApp } = await import('../../application'); + + return await renderApp(params, {}); + }, + }, + { + id: IT_HYGIENE_ID, + title: IT_HYGIENE_TITLE, + navLinkStatus: AppNavLinkStatus.hidden, + updater$, + mount: async (params: AppMountParameters) => { + // TODO: Implement the it hygiene application + const { renderApp } = await import('../../application'); + + return await renderApp(params, {}); + }, + }, + { + id: INCIDENT_RESPONSE_ID, + title: INCIDENT_RESPONSE_TITLE, + navLinkStatus: AppNavLinkStatus.hidden, + updater$, + mount: async (params: AppMountParameters) => { + // TODO: Implement the incident response application + const { renderApp } = await import('../../application'); + + return await renderApp(params, {}); + }, + }, + ]; +} diff --git a/plugins/wazuh-analysis/public/plugin.ts b/plugins/wazuh-analysis/public/plugin.ts index e92328ef1d..0292b7af50 100644 --- a/plugins/wazuh-analysis/public/plugin.ts +++ b/plugins/wazuh-analysis/public/plugin.ts @@ -59,6 +59,15 @@ import { VULNERABILITY_DETECTION_ID, VULNERABILITY_DETECTION_TITLE, } from './groups/threat-intelligence/applications'; +import { + getSecurityOperationsApps, + INCIDENT_RESPONSE_ID, + INCIDENT_RESPONSE_TITLE, + IT_HYGIENE_ID, + IT_HYGIENE_TITLE, + REGULATORY_COMPLIANCE_ID, + REGULATORY_COMPLIANCE_TITLE, +} from './groups/security-operations/applications'; interface AnalysisSetupDependencies {} @@ -72,36 +81,12 @@ type ParentAppId = | typeof SECURITY_OPERATIONS_ID | typeof CLOUD_SECURITY_ID; -const REGULATORY_COMPLIANCE_ID = buildSubAppId( - SECURITY_OPERATIONS_ID, - 'regulatory_compliance', -); -const IT_HYGIENE_ID = buildSubAppId(SECURITY_OPERATIONS_ID, 'it_hygiene'); -const INCIDENT_RESPONSE_ID = buildSubAppId( - SECURITY_OPERATIONS_ID, - 'incident_response', -); const DOCKER_ID = buildSubAppId(CLOUD_SECURITY_ID, 'docker'); const AWS_ID = buildSubAppId(CLOUD_SECURITY_ID, 'aws'); const GOOGLE_CLOUD_ID = buildSubAppId(CLOUD_SECURITY_ID, 'google_cloud'); const GITHUB_ID = buildSubAppId(CLOUD_SECURITY_ID, 'github'); const OFFICE365_ID = buildSubAppId(CLOUD_SECURITY_ID, 'office365'); const TRANSLATION_MESSAGES = Object.freeze({ - REGULATORY_COMPLIANCE_TITLE: i18n.translate( - `${PLUGIN_ID}.category.${REGULATORY_COMPLIANCE_ID}`, - { - defaultMessage: 'Regulatory Compliance', - }, - ), - IT_HYGIENE_TITLE: i18n.translate(`${PLUGIN_ID}.category.${IT_HYGIENE_ID}`, { - defaultMessage: 'IT Hygiene', - }), - INCIDENT_RESPONSE_TITLE: i18n.translate( - `${PLUGIN_ID}.category.${INCIDENT_RESPONSE_ID}`, - { - defaultMessage: 'Incident Response', - }, - ), DOCKER_TITLE: i18n.translate(`${PLUGIN_ID}.category.${DOCKER_ID}`, { defaultMessage: 'Docker', }), @@ -195,44 +180,9 @@ export class AnalysisPlugin [THREAT_INTELLIGENCE_ID]: getThreatIntelligenceApps( this.appStatusUpdater$[THREAT_INTELLIGENCE_ID], ), - [SECURITY_OPERATIONS_ID]: [ - { - id: REGULATORY_COMPLIANCE_ID, - title: TRANSLATION_MESSAGES.REGULATORY_COMPLIANCE_TITLE, - navLinkStatus: AppNavLinkStatus.hidden, - updater$: this.appStatusUpdater$[SECURITY_OPERATIONS_ID], - mount: async (params: AppMountParameters) => { - // TODO: Implement the regulatory compliance application - const { renderApp } = await import('./application'); - - return await renderApp(params, {}); - }, - }, - { - id: IT_HYGIENE_ID, - title: TRANSLATION_MESSAGES.IT_HYGIENE_TITLE, - navLinkStatus: AppNavLinkStatus.hidden, - updater$: this.appStatusUpdater$[SECURITY_OPERATIONS_ID], - mount: async (params: AppMountParameters) => { - // TODO: Implement the it hygiene application - const { renderApp } = await import('./application'); - - return await renderApp(params, {}); - }, - }, - { - id: INCIDENT_RESPONSE_ID, - title: TRANSLATION_MESSAGES.INCIDENT_RESPONSE_TITLE, - navLinkStatus: AppNavLinkStatus.hidden, - updater$: this.appStatusUpdater$[SECURITY_OPERATIONS_ID], - mount: async (params: AppMountParameters) => { - // TODO: Implement the incident response application - const { renderApp } = await import('./application'); - - return await renderApp(params, {}); - }, - }, - ], + [SECURITY_OPERATIONS_ID]: getSecurityOperationsApps( + this.appStatusUpdater$[SECURITY_OPERATIONS_ID], + ), [CLOUD_SECURITY_ID]: [ { id: DOCKER_ID, @@ -378,17 +328,17 @@ export class AnalysisPlugin { // Regulatory compliance id: REGULATORY_COMPLIANCE_ID, - title: TRANSLATION_MESSAGES.REGULATORY_COMPLIANCE_TITLE, + title: REGULATORY_COMPLIANCE_TITLE, }, { // IT hygiene id: IT_HYGIENE_ID, - title: TRANSLATION_MESSAGES.IT_HYGIENE_TITLE, + title: IT_HYGIENE_TITLE, }, { // Incident response id: INCIDENT_RESPONSE_ID, - title: TRANSLATION_MESSAGES.INCIDENT_RESPONSE_TITLE, + title: INCIDENT_RESPONSE_TITLE, }, ], ); From a952ab87cf9778424a419a51bebd14de1423ed78 Mon Sep 17 00:00:00 2001 From: Guido Modarelli Date: Mon, 3 Feb 2025 09:41:13 -0300 Subject: [PATCH 082/212] Add cloud security applications with IDs and titles --- .../groups/cloud-security/applications.ts | 108 ++++++++++++++++ plugins/wazuh-analysis/public/plugin.ts | 118 ++++-------------- 2 files changed, 130 insertions(+), 96 deletions(-) create mode 100644 plugins/wazuh-analysis/public/groups/cloud-security/applications.ts diff --git a/plugins/wazuh-analysis/public/groups/cloud-security/applications.ts b/plugins/wazuh-analysis/public/groups/cloud-security/applications.ts new file mode 100644 index 0000000000..e51803eaa5 --- /dev/null +++ b/plugins/wazuh-analysis/public/groups/cloud-security/applications.ts @@ -0,0 +1,108 @@ +import { + AppMountParameters, + AppNavLinkStatus, + AppUpdater, +} from 'opensearch-dashboards/public'; +import { Subject } from 'rxjs'; +import { i18n } from '@osd/i18n'; +import { buildSubAppId } from '../../utils'; +import { PLUGIN_ID } from '../../../common/constants'; +import { CLOUD_SECURITY_ID } from './cloud-security'; + +export const DOCKER_ID = buildSubAppId(CLOUD_SECURITY_ID, 'docker'); +export const AWS_ID = buildSubAppId(CLOUD_SECURITY_ID, 'aws'); +export const GOOGLE_CLOUD_ID = buildSubAppId(CLOUD_SECURITY_ID, 'google_cloud'); +export const GITHUB_ID = buildSubAppId(CLOUD_SECURITY_ID, 'github'); +export const OFFICE365_ID = buildSubAppId(CLOUD_SECURITY_ID, 'office365'); +export const DOCKER_TITLE = i18n.translate( + `${PLUGIN_ID}.category.${DOCKER_ID}`, + { + defaultMessage: 'Docker', + }, +); +export const AWS_TITLE = i18n.translate(`${PLUGIN_ID}.category.${AWS_ID}`, { + defaultMessage: 'AWS', +}); +export const GOOGLE_CLOUD_TITLE = i18n.translate( + `${PLUGIN_ID}.category.${GOOGLE_CLOUD_ID}`, + { + defaultMessage: 'Google Cloud', + }, +); +export const GITHUB_TITLE = i18n.translate( + `${PLUGIN_ID}.category.${GITHUB_ID}`, + { + defaultMessage: 'Github', + }, +); +export const OFFICE365_TITLE = i18n.translate( + `${PLUGIN_ID}.category.${OFFICE365_ID}`, + { + defaultMessage: 'Office 365', + }, +); + +export function getCloudSecurityApps(updater$: Subject) { + return [ + { + id: DOCKER_ID, + title: DOCKER_TITLE, + navLinkStatus: AppNavLinkStatus.hidden, + updater$, + mount: async (params: AppMountParameters) => { + // TODO: Implement the docker application + const { renderApp } = await import('../../application'); + + return await renderApp(params, {}); + }, + }, + { + id: AWS_ID, + title: AWS_TITLE, + navLinkStatus: AppNavLinkStatus.hidden, + updater$, + mount: async (params: AppMountParameters) => { + // TODO: Implement the aws application + const { renderApp } = await import('../../application'); + + return await renderApp(params, {}); + }, + }, + { + id: GOOGLE_CLOUD_ID, + title: GOOGLE_CLOUD_TITLE, + navLinkStatus: AppNavLinkStatus.hidden, + updater$, + mount: async (params: AppMountParameters) => { + // TODO: Implement the google cloud application + const { renderApp } = await import('../../application'); + + return await renderApp(params, {}); + }, + }, + { + id: GITHUB_ID, + title: GITHUB_TITLE, + navLinkStatus: AppNavLinkStatus.hidden, + updater$, + mount: async (params: AppMountParameters) => { + // TODO: Implement the github application + const { renderApp } = await import('../../application'); + + return await renderApp(params, {}); + }, + }, + { + id: OFFICE365_ID, + title: OFFICE365_TITLE, + navLinkStatus: AppNavLinkStatus.hidden, + updater$, + mount: async (params: AppMountParameters) => { + // TODO: Implement the office365 application + const { renderApp } = await import('../../application'); + + return await renderApp(params, {}); + }, + }, + ]; +} diff --git a/plugins/wazuh-analysis/public/plugin.ts b/plugins/wazuh-analysis/public/plugin.ts index 0292b7af50..5a12cbce08 100644 --- a/plugins/wazuh-analysis/public/plugin.ts +++ b/plugins/wazuh-analysis/public/plugin.ts @@ -1,4 +1,3 @@ -import { i18n } from '@osd/i18n'; import { AppMount, AppMountParameters, @@ -15,7 +14,6 @@ import { DEFAULT_NAV_GROUPS, } from '../../../src/core/public'; import { NavigationPublicPluginStart } from '../../../src/plugins/navigation/public'; -import { PLUGIN_ID } from '../common/constants'; import { AnalysisSetup, AnalysisStart } from './types'; import { CATEGORY } from './groups/category'; import { @@ -40,7 +38,7 @@ import { CloudSecurityApp, } from './groups/cloud-security/cloud-security'; import { NAV_GROUPS } from './groups/nav-groups'; -import { buildSubAppId, navigateToFirstAppInNavGroup } from './utils'; +import { navigateToFirstAppInNavGroup } from './utils'; import { CONFIGURATION_ASSESSMENT_ID, CONFIGURATION_ASSESSMENT_TITLE, @@ -68,6 +66,19 @@ import { REGULATORY_COMPLIANCE_ID, REGULATORY_COMPLIANCE_TITLE, } from './groups/security-operations/applications'; +import { + AWS_ID, + AWS_TITLE, + DOCKER_ID, + DOCKER_TITLE, + getCloudSecurityApps, + GITHUB_ID, + GITHUB_TITLE, + GOOGLE_CLOUD_ID, + GOOGLE_CLOUD_TITLE, + OFFICE365_ID, + OFFICE365_TITLE, +} from './groups/cloud-security/applications'; interface AnalysisSetupDependencies {} @@ -81,32 +92,6 @@ type ParentAppId = | typeof SECURITY_OPERATIONS_ID | typeof CLOUD_SECURITY_ID; -const DOCKER_ID = buildSubAppId(CLOUD_SECURITY_ID, 'docker'); -const AWS_ID = buildSubAppId(CLOUD_SECURITY_ID, 'aws'); -const GOOGLE_CLOUD_ID = buildSubAppId(CLOUD_SECURITY_ID, 'google_cloud'); -const GITHUB_ID = buildSubAppId(CLOUD_SECURITY_ID, 'github'); -const OFFICE365_ID = buildSubAppId(CLOUD_SECURITY_ID, 'office365'); -const TRANSLATION_MESSAGES = Object.freeze({ - DOCKER_TITLE: i18n.translate(`${PLUGIN_ID}.category.${DOCKER_ID}`, { - defaultMessage: 'Docker', - }), - AWS_TITLE: i18n.translate(`${PLUGIN_ID}.category.${AWS_ID}`, { - defaultMessage: 'AWS', - }), - GOOGLE_CLOUD_TITLE: i18n.translate( - `${PLUGIN_ID}.category.${GOOGLE_CLOUD_ID}`, - { - defaultMessage: 'Google Cloud', - }, - ), - GITHUB_TITLE: i18n.translate(`${PLUGIN_ID}.category.${GITHUB_ID}`, { - defaultMessage: 'Github', - }), - OFFICE365_TITLE: i18n.translate(`${PLUGIN_ID}.category.${OFFICE365_ID}`, { - defaultMessage: 'Office 365', - }), -}); - function setNavLinkVisible(): Partial { return { navLinkStatus: AppNavLinkStatus.visible, @@ -183,68 +168,9 @@ export class AnalysisPlugin [SECURITY_OPERATIONS_ID]: getSecurityOperationsApps( this.appStatusUpdater$[SECURITY_OPERATIONS_ID], ), - [CLOUD_SECURITY_ID]: [ - { - id: DOCKER_ID, - title: TRANSLATION_MESSAGES.DOCKER_TITLE, - navLinkStatus: AppNavLinkStatus.hidden, - updater$: this.appStatusUpdater$[CLOUD_SECURITY_ID], - mount: async (params: AppMountParameters) => { - // TODO: Implement the docker application - const { renderApp } = await import('./application'); - - return await renderApp(params, {}); - }, - }, - { - id: AWS_ID, - title: TRANSLATION_MESSAGES.AWS_TITLE, - navLinkStatus: AppNavLinkStatus.hidden, - updater$: this.appStatusUpdater$[CLOUD_SECURITY_ID], - mount: async (params: AppMountParameters) => { - // TODO: Implement the aws application - const { renderApp } = await import('./application'); - - return await renderApp(params, {}); - }, - }, - { - id: GOOGLE_CLOUD_ID, - title: TRANSLATION_MESSAGES.GOOGLE_CLOUD_TITLE, - navLinkStatus: AppNavLinkStatus.hidden, - updater$: this.appStatusUpdater$[CLOUD_SECURITY_ID], - mount: async (params: AppMountParameters) => { - // TODO: Implement the google cloud application - const { renderApp } = await import('./application'); - - return await renderApp(params, {}); - }, - }, - { - id: GITHUB_ID, - title: TRANSLATION_MESSAGES.GITHUB_TITLE, - navLinkStatus: AppNavLinkStatus.hidden, - updater$: this.appStatusUpdater$[CLOUD_SECURITY_ID], - mount: async (params: AppMountParameters) => { - // TODO: Implement the github application - const { renderApp } = await import('./application'); - - return await renderApp(params, {}); - }, - }, - { - id: OFFICE365_ID, - title: TRANSLATION_MESSAGES.OFFICE365_TITLE, - navLinkStatus: AppNavLinkStatus.hidden, - updater$: this.appStatusUpdater$[CLOUD_SECURITY_ID], - mount: async (params: AppMountParameters) => { - // TODO: Implement the office365 application - const { renderApp } = await import('./application'); - - return await renderApp(params, {}); - }, - }, - ], + [CLOUD_SECURITY_ID]: getCloudSecurityApps( + this.appStatusUpdater$[CLOUD_SECURITY_ID], + ), } satisfies Partial>; for (const parentAppId of Object.keys(subApps)) { @@ -347,27 +273,27 @@ export class AnalysisPlugin { // Docker id: DOCKER_ID, - title: TRANSLATION_MESSAGES.DOCKER_TITLE, + title: DOCKER_TITLE, }, { // AWS id: AWS_ID, - title: TRANSLATION_MESSAGES.AWS_TITLE, + title: AWS_TITLE, }, { // Google Cloud id: GOOGLE_CLOUD_ID, - title: TRANSLATION_MESSAGES.GOOGLE_CLOUD_TITLE, + title: GOOGLE_CLOUD_TITLE, }, { // Github id: GITHUB_ID, - title: TRANSLATION_MESSAGES.GITHUB_TITLE, + title: GITHUB_TITLE, }, { // Office 365 id: OFFICE365_ID, - title: TRANSLATION_MESSAGES.OFFICE365_TITLE, + title: OFFICE365_TITLE, }, ]); From 274441398e15a05d56a0bb437742a26715f4d1f7 Mon Sep 17 00:00:00 2001 From: Guido Modarelli Date: Mon, 3 Feb 2025 09:44:25 -0300 Subject: [PATCH 083/212] Refactor app ID handling to use GroupsId type for improved consistency --- plugins/wazuh-analysis/public/plugin.ts | 23 +++++++++-------------- 1 file changed, 9 insertions(+), 14 deletions(-) diff --git a/plugins/wazuh-analysis/public/plugin.ts b/plugins/wazuh-analysis/public/plugin.ts index 5a12cbce08..a94e4ce207 100644 --- a/plugins/wazuh-analysis/public/plugin.ts +++ b/plugins/wazuh-analysis/public/plugin.ts @@ -79,6 +79,7 @@ import { OFFICE365_ID, OFFICE365_TITLE, } from './groups/cloud-security/applications'; +import { GroupsId } from './groups/types'; interface AnalysisSetupDependencies {} @@ -86,12 +87,6 @@ interface AnalysisStartDependencies { navigation: NavigationPublicPluginStart; } -type ParentAppId = - | typeof ENDPOINT_SECURITY_ID - | typeof THREAT_INTELLIGENCE_ID - | typeof SECURITY_OPERATIONS_ID - | typeof CLOUD_SECURITY_ID; - function setNavLinkVisible(): Partial { return { navLinkStatus: AppNavLinkStatus.visible, @@ -113,13 +108,13 @@ export class AnalysisPlugin Plugin { private coreStart?: CoreStart; - private readonly appStartup$ = new Subject(); + private readonly appStartup$ = new Subject(); private readonly appStatusUpdater$ = { [ENDPOINT_SECURITY_ID]: new Subject(), [THREAT_INTELLIGENCE_ID]: new Subject(), [SECURITY_OPERATIONS_ID]: new Subject(), [CLOUD_SECURITY_ID]: new Subject(), - } satisfies Partial>>; + } satisfies Partial>>; private registerApps(core: CoreSetup) { const applications: App[] = [ @@ -134,8 +129,8 @@ export class AnalysisPlugin app.mount = async (params: AppMountParameters) => { if (core.chrome.navGroup.getNavGroupEnabled()) { - this.appStatusUpdater$[app.id as ParentAppId].next(setNavLinkVisible); - this.appStartup$.next(app.id as ParentAppId); + this.appStatusUpdater$[app.id as GroupsId].next(setNavLinkVisible); + this.appStartup$.next(app.id as GroupsId); } return await mount(params); @@ -171,16 +166,16 @@ export class AnalysisPlugin [CLOUD_SECURITY_ID]: getCloudSecurityApps( this.appStatusUpdater$[CLOUD_SECURITY_ID], ), - } satisfies Partial>; + } satisfies Partial>; for (const parentAppId of Object.keys(subApps)) { - this.setupAppMounts(subApps, parentAppId as ParentAppId, core); + this.setupAppMounts(subApps, parentAppId as GroupsId, core); } } private setupAppMounts( - subApps: Partial>, - navGroupId: ParentAppId, + subApps: Partial>, + navGroupId: GroupsId, core: CoreSetup, ) { for (const app of subApps[navGroupId] ?? []) { From 3bed755538ab33e6073eac8dca34a48d917ef595 Mon Sep 17 00:00:00 2001 From: Guido Modarelli Date: Mon, 3 Feb 2025 09:58:09 -0300 Subject: [PATCH 084/212] Add endpoint security navigation group and refactor registration of nav links --- .../groups/endpoint-security/nav-group.ts | 40 +++++++++++++++++++ .../public/groups/nav-groups.ts | 10 ----- plugins/wazuh-analysis/public/plugin.ts | 29 ++------------ 3 files changed, 43 insertions(+), 36 deletions(-) create mode 100644 plugins/wazuh-analysis/public/groups/endpoint-security/nav-group.ts diff --git a/plugins/wazuh-analysis/public/groups/endpoint-security/nav-group.ts b/plugins/wazuh-analysis/public/groups/endpoint-security/nav-group.ts new file mode 100644 index 0000000000..a1b1e10077 --- /dev/null +++ b/plugins/wazuh-analysis/public/groups/endpoint-security/nav-group.ts @@ -0,0 +1,40 @@ +import { CoreSetup } from 'opensearch-dashboards/public'; +import { + CONFIGURATION_ASSESSMENT_ID, + CONFIGURATION_ASSESSMENT_TITLE, + FIM_ID, + FIM_TITLE, + MALWARE_DETECTION_ID, + MALWARE_DETECTION_TITLE, +} from './applications'; +import { + ENDPOINT_SECURITY_DESCRIPTION, + ENDPOINT_SECURITY_ID, + ENDPOINT_SECURITY_TITLE, +} from './endpoint-security'; + +export const ENDPOINT_SECURITY_NAV_GROUP = { + id: ENDPOINT_SECURITY_ID, + title: ENDPOINT_SECURITY_TITLE, + description: ENDPOINT_SECURITY_DESCRIPTION, +}; + +export const registerEndpointSecurityNavLinksToGroup = (core: CoreSetup) => { + core.chrome.navGroup.addNavLinksToGroup(ENDPOINT_SECURITY_NAV_GROUP, [ + { + // Configuration assessment + id: CONFIGURATION_ASSESSMENT_ID, + title: CONFIGURATION_ASSESSMENT_TITLE, + }, + { + // Malware detection + id: MALWARE_DETECTION_ID, + title: MALWARE_DETECTION_TITLE, + }, + { + // FIM + id: FIM_ID, + title: FIM_TITLE, + }, + ]); +}; diff --git a/plugins/wazuh-analysis/public/groups/nav-groups.ts b/plugins/wazuh-analysis/public/groups/nav-groups.ts index e96720ba6b..290d562d95 100644 --- a/plugins/wazuh-analysis/public/groups/nav-groups.ts +++ b/plugins/wazuh-analysis/public/groups/nav-groups.ts @@ -1,9 +1,4 @@ import { ChromeNavGroup } from 'opensearch-dashboards/public'; -import { - ENDPOINT_SECURITY_ID, - ENDPOINT_SECURITY_TITLE, - ENDPOINT_SECURITY_DESCRIPTION, -} from './endpoint-security/endpoint-security'; import { SECURITY_OPERATIONS_ID, SECURITY_OPERATIONS_TITLE, @@ -22,11 +17,6 @@ import { import { GroupsId } from './types'; export const NAV_GROUPS = Object.freeze({ - [ENDPOINT_SECURITY_ID]: { - id: ENDPOINT_SECURITY_ID, - title: ENDPOINT_SECURITY_TITLE, - description: ENDPOINT_SECURITY_DESCRIPTION, - }, [THREAT_INTELLIGENCE_ID]: { id: THREAT_INTELLIGENCE_ID, title: THREAT_INTELLIGENCE_TITLE, diff --git a/plugins/wazuh-analysis/public/plugin.ts b/plugins/wazuh-analysis/public/plugin.ts index a94e4ce207..c86dbf788f 100644 --- a/plugins/wazuh-analysis/public/plugin.ts +++ b/plugins/wazuh-analysis/public/plugin.ts @@ -39,15 +39,7 @@ import { } from './groups/cloud-security/cloud-security'; import { NAV_GROUPS } from './groups/nav-groups'; import { navigateToFirstAppInNavGroup } from './utils'; -import { - CONFIGURATION_ASSESSMENT_ID, - CONFIGURATION_ASSESSMENT_TITLE, - FIM_ID, - FIM_TITLE, - getEndpointSecurityApps, - MALWARE_DETECTION_ID, - MALWARE_DETECTION_TITLE, -} from './groups/endpoint-security/applications'; +import { getEndpointSecurityApps } from './groups/endpoint-security/applications'; import { getThreatIntelligenceApps, MITRE_ATTACK_ID, @@ -80,6 +72,7 @@ import { OFFICE365_TITLE, } from './groups/cloud-security/applications'; import { GroupsId } from './groups/types'; +import { registerEndpointSecurityNavLinksToGroup } from './groups/endpoint-security/nav-group'; interface AnalysisSetupDependencies {} @@ -204,23 +197,7 @@ export class AnalysisPlugin } private registerNavGroups(core: CoreSetup) { - core.chrome.navGroup.addNavLinksToGroup(NAV_GROUPS[ENDPOINT_SECURITY_ID], [ - { - // Configuration assessment - id: CONFIGURATION_ASSESSMENT_ID, - title: CONFIGURATION_ASSESSMENT_TITLE, - }, - { - // Malware detection - id: MALWARE_DETECTION_ID, - title: MALWARE_DETECTION_TITLE, - }, - { - // FIM - id: FIM_ID, - title: FIM_TITLE, - }, - ]); + registerEndpointSecurityNavLinksToGroup(core); core.chrome.navGroup.addNavLinksToGroup( NAV_GROUPS[THREAT_INTELLIGENCE_ID], From 02a0c8f8fbdcd3ca795fd87df55eca8b7da3d1ec Mon Sep 17 00:00:00 2001 From: Guido Modarelli Date: Mon, 3 Feb 2025 12:22:25 -0300 Subject: [PATCH 085/212] Refactor navigation group handling and improve utility functions for better code organization --- plugins/wazuh-analysis/public/plugin.ts | 16 +++------------- plugins/wazuh-analysis/public/utils/index.ts | 5 +++++ 2 files changed, 8 insertions(+), 13 deletions(-) diff --git a/plugins/wazuh-analysis/public/plugin.ts b/plugins/wazuh-analysis/public/plugin.ts index c86dbf788f..a2eb311680 100644 --- a/plugins/wazuh-analysis/public/plugin.ts +++ b/plugins/wazuh-analysis/public/plugin.ts @@ -1,9 +1,4 @@ -import { - AppMount, - AppMountParameters, - AppUpdater, -} from 'opensearch-dashboards/public'; -import { first } from 'rxjs/operators'; +import { AppMount, AppMountParameters } from 'opensearch-dashboards/public'; import { Subject } from 'rxjs'; import { App, @@ -18,7 +13,6 @@ import { AnalysisSetup, AnalysisStart } from './types'; import { CATEGORY } from './groups/category'; import { ENDPOINT_SECURITY_ID, - ENDPOINT_SECURITY_TITLE, EndpointSecurityApp, } from './groups/endpoint-security/endpoint-security'; import { searchPages } from './components/global_search/search-pages-command'; @@ -38,7 +32,7 @@ import { CloudSecurityApp, } from './groups/cloud-security/cloud-security'; import { NAV_GROUPS } from './groups/nav-groups'; -import { navigateToFirstAppInNavGroup } from './utils'; +import { getCurrentNavGroup, navigateToFirstAppInNavGroup } from './utils'; import { getEndpointSecurityApps } from './groups/endpoint-security/applications'; import { getThreatIntelligenceApps, @@ -72,7 +66,7 @@ import { OFFICE365_TITLE, } from './groups/cloud-security/applications'; import { GroupsId } from './groups/types'; -import { registerEndpointSecurityNavLinksToGroup } from './groups/endpoint-security/nav-group'; +import { setupEndpointSecurityNavGroup } from './groups/endpoint-security/nav-group'; interface AnalysisSetupDependencies {} @@ -92,10 +86,6 @@ function setNavLinkHidden(): Partial { }; } -async function getCurrentNavGroup(core: CoreStart) { - return core.chrome.navGroup.getCurrentNavGroup$().pipe(first()).toPromise(); -} - export class AnalysisPlugin implements Plugin diff --git a/plugins/wazuh-analysis/public/utils/index.ts b/plugins/wazuh-analysis/public/utils/index.ts index 43817ac723..575025eef1 100644 --- a/plugins/wazuh-analysis/public/utils/index.ts +++ b/plugins/wazuh-analysis/public/utils/index.ts @@ -1,3 +1,4 @@ +import { first } from 'rxjs/operators'; import { CoreStart, NavGroupItemInMap } from '../../../../src/core/public'; /** @@ -36,3 +37,7 @@ export async function navigateToFirstAppInNavGroup( core.application.navigateToApp(firstNavItem.id); } } + +export async function getCurrentNavGroup(core: CoreStart) { + return core.chrome.navGroup.getCurrentNavGroup$().pipe(first()).toPromise(); +} From 3a4f6eaf498078d058521a6f9cf554f43d0fff10 Mon Sep 17 00:00:00 2001 From: Guido Modarelli Date: Mon, 3 Feb 2025 15:34:56 -0300 Subject: [PATCH 086/212] Refactor endpoint security navigation group setup for improved organization and clarity --- .../public/groups/endpoint-security/nav-group.ts | 13 +++++++++++-- plugins/wazuh-analysis/public/plugin.ts | 8 +------- 2 files changed, 12 insertions(+), 9 deletions(-) diff --git a/plugins/wazuh-analysis/public/groups/endpoint-security/nav-group.ts b/plugins/wazuh-analysis/public/groups/endpoint-security/nav-group.ts index a1b1e10077..7c11930589 100644 --- a/plugins/wazuh-analysis/public/groups/endpoint-security/nav-group.ts +++ b/plugins/wazuh-analysis/public/groups/endpoint-security/nav-group.ts @@ -1,4 +1,5 @@ -import { CoreSetup } from 'opensearch-dashboards/public'; +import { CoreSetup, DEFAULT_NAV_GROUPS } from '../../../../../src/core/public'; +import { CATEGORY } from '../category'; import { CONFIGURATION_ASSESSMENT_ID, CONFIGURATION_ASSESSMENT_TITLE, @@ -19,7 +20,15 @@ export const ENDPOINT_SECURITY_NAV_GROUP = { description: ENDPOINT_SECURITY_DESCRIPTION, }; -export const registerEndpointSecurityNavLinksToGroup = (core: CoreSetup) => { +export const setupEndpointSecurityNavGroup = (core: CoreSetup) => { + core.chrome.navGroup.addNavLinksToGroup(DEFAULT_NAV_GROUPS.all, [ + { + id: ENDPOINT_SECURITY_ID, + title: ENDPOINT_SECURITY_TITLE, + order: 0, + category: CATEGORY, + }, + ]); core.chrome.navGroup.addNavLinksToGroup(ENDPOINT_SECURITY_NAV_GROUP, [ { // Configuration assessment diff --git a/plugins/wazuh-analysis/public/plugin.ts b/plugins/wazuh-analysis/public/plugin.ts index a2eb311680..2e4eefb8a6 100644 --- a/plugins/wazuh-analysis/public/plugin.ts +++ b/plugins/wazuh-analysis/public/plugin.ts @@ -187,7 +187,7 @@ export class AnalysisPlugin } private registerNavGroups(core: CoreSetup) { - registerEndpointSecurityNavLinksToGroup(core); + setupEndpointSecurityNavGroup(core); core.chrome.navGroup.addNavLinksToGroup( NAV_GROUPS[THREAT_INTELLIGENCE_ID], @@ -260,12 +260,6 @@ export class AnalysisPlugin ]); core.chrome.navGroup.addNavLinksToGroup(DEFAULT_NAV_GROUPS.all, [ - { - id: ENDPOINT_SECURITY_ID, - title: ENDPOINT_SECURITY_TITLE, - order: 0, - category: CATEGORY, - }, { id: THREAT_INTELLIGENCE_ID, title: THREAT_INTELLIGENCE_TITLE, From 42ca3aedcc68b746716e918dd4b1da53d5263615 Mon Sep 17 00:00:00 2001 From: Guido Modarelli Date: Mon, 3 Feb 2025 15:58:56 -0300 Subject: [PATCH 087/212] Refactor application management by introducing ApplicationService for improved app lifecycle handling and navigation group integration --- plugins/wazuh-analysis/public/plugin.ts | 105 ++++----------- .../public/services/application.service.ts | 125 ++++++++++++++++++ plugins/wazuh-analysis/public/utils/index.ts | 32 ----- .../wazuh-analysis/public/utils/nav-group.ts | 31 +++++ 4 files changed, 184 insertions(+), 109 deletions(-) create mode 100644 plugins/wazuh-analysis/public/services/application.service.ts create mode 100644 plugins/wazuh-analysis/public/utils/nav-group.ts diff --git a/plugins/wazuh-analysis/public/plugin.ts b/plugins/wazuh-analysis/public/plugin.ts index 2e4eefb8a6..8c4021553a 100644 --- a/plugins/wazuh-analysis/public/plugin.ts +++ b/plugins/wazuh-analysis/public/plugin.ts @@ -1,5 +1,3 @@ -import { AppMount, AppMountParameters } from 'opensearch-dashboards/public'; -import { Subject } from 'rxjs'; import { App, AppNavLinkStatus, @@ -32,7 +30,6 @@ import { CloudSecurityApp, } from './groups/cloud-security/cloud-security'; import { NAV_GROUPS } from './groups/nav-groups'; -import { getCurrentNavGroup, navigateToFirstAppInNavGroup } from './utils'; import { getEndpointSecurityApps } from './groups/endpoint-security/applications'; import { getThreatIntelligenceApps, @@ -67,6 +64,7 @@ import { } from './groups/cloud-security/applications'; import { GroupsId } from './groups/types'; import { setupEndpointSecurityNavGroup } from './groups/endpoint-security/nav-group'; +import { ApplicationService } from './services/application.service'; interface AnalysisSetupDependencies {} @@ -90,14 +88,15 @@ export class AnalysisPlugin implements Plugin { + private readonly applicationService = new ApplicationService(); private coreStart?: CoreStart; - private readonly appStartup$ = new Subject(); - private readonly appStatusUpdater$ = { - [ENDPOINT_SECURITY_ID]: new Subject(), - [THREAT_INTELLIGENCE_ID]: new Subject(), - [SECURITY_OPERATIONS_ID]: new Subject(), - [CLOUD_SECURITY_ID]: new Subject(), - } satisfies Partial>>; + + constructor() { + this.applicationService.registerAppUpdater(ENDPOINT_SECURITY_ID); + this.applicationService.registerAppUpdater(THREAT_INTELLIGENCE_ID); + this.applicationService.registerAppUpdater(SECURITY_OPERATIONS_ID); + this.applicationService.registerAppUpdater(CLOUD_SECURITY_ID); + } private registerApps(core: CoreSetup) { const applications: App[] = [ @@ -107,20 +106,9 @@ export class AnalysisPlugin CloudSecurityApp(core), ]; - for (const app of applications) { - const mount = app.mount.bind(app) as AppMount; - - app.mount = async (params: AppMountParameters) => { - if (core.chrome.navGroup.getNavGroupEnabled()) { - this.appStatusUpdater$[app.id as GroupsId].next(setNavLinkVisible); - this.appStartup$.next(app.id as GroupsId); - } - - return await mount(params); - }; - - core.application.register(app); - } + this.applicationService.initializeNavGroupMounts(applications, core, { + prepareApp: setNavLinkVisible, + }); if (core.chrome.navGroup.getNavGroupEnabled()) { core.chrome.globalSearch.registerSearchCommand({ @@ -136,53 +124,30 @@ export class AnalysisPlugin }); } - const subApps = { + const subApps: Partial> = { [ENDPOINT_SECURITY_ID]: getEndpointSecurityApps( - this.appStatusUpdater$[ENDPOINT_SECURITY_ID], + this.applicationService.getAppUpdater(ENDPOINT_SECURITY_ID), ), [THREAT_INTELLIGENCE_ID]: getThreatIntelligenceApps( - this.appStatusUpdater$[THREAT_INTELLIGENCE_ID], + this.applicationService.getAppUpdater(THREAT_INTELLIGENCE_ID), ), [SECURITY_OPERATIONS_ID]: getSecurityOperationsApps( - this.appStatusUpdater$[SECURITY_OPERATIONS_ID], + this.applicationService.getAppUpdater(SECURITY_OPERATIONS_ID), ), [CLOUD_SECURITY_ID]: getCloudSecurityApps( - this.appStatusUpdater$[CLOUD_SECURITY_ID], + this.applicationService.getAppUpdater(CLOUD_SECURITY_ID), ), - } satisfies Partial>; - - for (const parentAppId of Object.keys(subApps)) { - this.setupAppMounts(subApps, parentAppId as GroupsId, core); - } - } - - private setupAppMounts( - subApps: Partial>, - navGroupId: GroupsId, - core: CoreSetup, - ) { - for (const app of subApps[navGroupId] ?? []) { - const mount = app.mount.bind(app) as AppMount; - - app.mount = async (params: AppMountParameters) => { - if (core.chrome.navGroup.getNavGroupEnabled()) { - this.appStatusUpdater$[navGroupId].next(setNavLinkVisible); - } + }; - const unmount = await mount(params); - - return () => { - if (core.chrome.navGroup.getNavGroupEnabled()) { - this.appStatusUpdater$[navGroupId].next(setNavLinkHidden); - } - - unmount(); - - return true; - }; - }; - - core.application.register(app); + for (const groupsId of Object.keys(subApps) as GroupsId[]) { + this.applicationService.initializeSubApplicationMounts( + subApps[groupsId] ?? [], + core, + { + prepareApp: setNavLinkVisible, + teardownApp: setNavLinkHidden, + }, + ); } } @@ -293,26 +258,12 @@ export class AnalysisPlugin return {}; } - private subscribeToAppStartup(core: CoreStart) { - this.appStartup$.subscribe({ - next: async (navGroupId: string) => { - if (core.chrome.navGroup.getNavGroupEnabled()) { - core.chrome.navGroup.setCurrentNavGroup(navGroupId); - - const currentNavGroup = await getCurrentNavGroup(core); - - navigateToFirstAppInNavGroup(core, currentNavGroup); - } - }, - }); - } - start( core: CoreStart, _plugins: AnalysisStartDependencies, ): AnalysisStart | Promise { this.coreStart = core; - this.subscribeToAppStartup(core); + this.applicationService.onAppStartupSubscribe(core); return {}; } diff --git a/plugins/wazuh-analysis/public/services/application.service.ts b/plugins/wazuh-analysis/public/services/application.service.ts new file mode 100644 index 0000000000..2e11aa636d --- /dev/null +++ b/plugins/wazuh-analysis/public/services/application.service.ts @@ -0,0 +1,125 @@ +import { + App, + AppMount, + AppMountParameters, + AppUpdater, + CoreSetup, + CoreStart, +} from 'opensearch-dashboards/public'; +import { Subject } from 'rxjs'; +import { i18n } from '@osd/i18n'; +import { + getCurrentNavGroup, + navigateToFirstAppInNavGroup, +} from '../utils/nav-group'; + +class AppUpdaterNotFoundError extends Error { + constructor(appId: string) { + super( + i18n.translate('errors.appUpdater.NotFound', { + defaultMessage: `AppUpdater for ${appId} not found`, + }), + ); + this.name = 'AppUpdaterNotFoundError'; + } +} + +interface AppOperations { + prepareApp?: () => Partial; + teardownApp?: () => Partial; +} + +export class ApplicationService { + private readonly appUpdater$: Partial>> = + {}; + private readonly appStartup$ = new Subject(); + + /** + * This function takes a parent app ID and a sub app ID, and returns a + * combined ID with the sub app ID URL-encoded. + * @param {string} parentAppId - Is a string representing the ID of the parent + * application. + * @param {string} subAppId - Is a string representing the ID of a + * sub-application within a parent application. + */ + static buildSubAppId(parentAppId: string, subAppId: string) { + return `${parentAppId}_${encodeURIComponent(`/${subAppId}`)}`; + } + + registerAppUpdater(appId: string) { + this.appUpdater$[appId] = new Subject(); + } + + getAppUpdater(appId: string) { + if (!this.appUpdater$[appId]) { + throw new AppUpdaterNotFoundError(appId); + } + + return this.appUpdater$[appId]; + } + + initializeNavGroupMounts( + apps: App[], + core: CoreSetup, + appOperations: AppOperations, + ) { + for (const app of apps) { + const mount = app.mount.bind(app) as AppMount; + + app.mount = async (params: AppMountParameters) => { + if (core.chrome.navGroup.getNavGroupEnabled()) { + this.getAppUpdater(app.id).next(appOperations.prepareApp); + this.appStartup$.next(app.id); + } + + return await mount(params); + }; + + core.application.register(app); + } + } + + initializeSubApplicationMounts( + apps: App[], + core: CoreSetup, + appOperations: AppOperations, + ) { + for (const app of apps) { + const mount = app.mount.bind(app) as AppMount; + + app.mount = async (params: AppMountParameters) => { + if (core.chrome.navGroup.getNavGroupEnabled()) { + this.getAppUpdater(app.id).next(appOperations.prepareApp); + } + + const unmount = await mount(params); + + return () => { + if (core.chrome.navGroup.getNavGroupEnabled()) { + this.getAppUpdater(app.id).next(appOperations.teardownApp); + } + + unmount(); + + return true; + }; + }; + + core.application.register(app); + } + } + + onAppStartupSubscribe(core: CoreStart) { + this.appStartup$.subscribe({ + next: async (navGroupId: string) => { + if (core.chrome.navGroup.getNavGroupEnabled()) { + core.chrome.navGroup.setCurrentNavGroup(navGroupId); + + const currentNavGroup = await getCurrentNavGroup(core); + + navigateToFirstAppInNavGroup(core, currentNavGroup); + } + }, + }); + } +} diff --git a/plugins/wazuh-analysis/public/utils/index.ts b/plugins/wazuh-analysis/public/utils/index.ts index 575025eef1..d393c82b65 100644 --- a/plugins/wazuh-analysis/public/utils/index.ts +++ b/plugins/wazuh-analysis/public/utils/index.ts @@ -1,6 +1,3 @@ -import { first } from 'rxjs/operators'; -import { CoreStart, NavGroupItemInMap } from '../../../../src/core/public'; - /** * The function `buildSubAppId` takes a parent app ID and a sub app ID, and * returns a combined ID with the sub app ID URL-encoded. @@ -12,32 +9,3 @@ import { CoreStart, NavGroupItemInMap } from '../../../../src/core/public'; export function buildSubAppId(parentAppId: string, subAppId: string) { return `${parentAppId}_${encodeURIComponent(`/${subAppId}`)}`; } - -/** - * The function `navigateToFirstAppInNavGroup` navigates to the first app in a - * specified navigation group if it exists. - * @param {CoreStart} core - The `core` parameter is an object that provides access - * to core services in Kibana, such as application navigation, HTTP requests, and - * more. It is typically provided by the Kibana platform to plugins and can be used - * to interact with various functionalities within the Kibana application. - * @param {NavGroupItemInMap | undefined} navGroup - The `navGroup` parameter is - * expected to be an object that represents a navigation group item in a map. It - * should have a property `navLinks` which is an array of navigation links. Each - * navigation link in the `navLinks` array should have an `id` property that - * represents the ID - */ -export async function navigateToFirstAppInNavGroup( - core: CoreStart, - navGroup: NavGroupItemInMap | undefined, -) { - // Get the first nav item, if it exists navigate to the app - const firstNavItem = navGroup?.navLinks[0]; - - if (firstNavItem?.id) { - core.application.navigateToApp(firstNavItem.id); - } -} - -export async function getCurrentNavGroup(core: CoreStart) { - return core.chrome.navGroup.getCurrentNavGroup$().pipe(first()).toPromise(); -} diff --git a/plugins/wazuh-analysis/public/utils/nav-group.ts b/plugins/wazuh-analysis/public/utils/nav-group.ts new file mode 100644 index 0000000000..aedddc388d --- /dev/null +++ b/plugins/wazuh-analysis/public/utils/nav-group.ts @@ -0,0 +1,31 @@ +import { first } from 'rxjs/operators'; +import { CoreStart, NavGroupItemInMap } from '../../../../src/core/public'; + +/** + * The function `navigateToFirstAppInNavGroup` navigates to the first app in a + * specified navigation group if it exists. + * @param {CoreStart} core - The `core` parameter is an object that provides access + * to core services in Kibana, such as application navigation, HTTP requests, and + * more. It is typically provided by the Kibana platform to plugins and can be used + * to interact with various functionalities within the Kibana application. + * @param {NavGroupItemInMap | undefined} navGroup - The `navGroup` parameter is + * expected to be an object that represents a navigation group item in a map. It + * should have a property `navLinks` which is an array of navigation links. Each + * navigation link in the `navLinks` array should have an `id` property that + * represents the ID + */ +export async function navigateToFirstAppInNavGroup( + core: CoreStart, + navGroup: NavGroupItemInMap | undefined, +) { + // Get the first nav item, if it exists navigate to the app + const firstNavItem = navGroup?.navLinks[0]; + + if (firstNavItem?.id) { + core.application.navigateToApp(firstNavItem.id); + } +} + +export async function getCurrentNavGroup(core: CoreStart) { + return core.chrome.navGroup.getCurrentNavGroup$().pipe(first()).toPromise(); +} From 2861e813ea0a2877e1227aa2664f892016b6cc7d Mon Sep 17 00:00:00 2001 From: Guido Modarelli Date: Mon, 3 Feb 2025 16:07:36 -0300 Subject: [PATCH 088/212] Refactor AnalysisPlugin to streamline app updater registration using navGroupsIds array --- plugins/wazuh-analysis/public/plugin.ts | 27 +++++++++++++------------ 1 file changed, 14 insertions(+), 13 deletions(-) diff --git a/plugins/wazuh-analysis/public/plugin.ts b/plugins/wazuh-analysis/public/plugin.ts index 8c4021553a..ddb10f54e5 100644 --- a/plugins/wazuh-analysis/public/plugin.ts +++ b/plugins/wazuh-analysis/public/plugin.ts @@ -90,12 +90,17 @@ export class AnalysisPlugin { private readonly applicationService = new ApplicationService(); private coreStart?: CoreStart; + private readonly navGroupsIds: GroupsId[] = [ + ENDPOINT_SECURITY_ID, + THREAT_INTELLIGENCE_ID, + SECURITY_OPERATIONS_ID, + CLOUD_SECURITY_ID, + ]; constructor() { - this.applicationService.registerAppUpdater(ENDPOINT_SECURITY_ID); - this.applicationService.registerAppUpdater(THREAT_INTELLIGENCE_ID); - this.applicationService.registerAppUpdater(SECURITY_OPERATIONS_ID); - this.applicationService.registerAppUpdater(CLOUD_SECURITY_ID); + for (const navGroupId of this.navGroupsIds) { + this.applicationService.registerAppUpdater(navGroupId); + } } private registerApps(core: CoreSetup) { @@ -139,15 +144,11 @@ export class AnalysisPlugin ), }; - for (const groupsId of Object.keys(subApps) as GroupsId[]) { - this.applicationService.initializeSubApplicationMounts( - subApps[groupsId] ?? [], - core, - { - prepareApp: setNavLinkVisible, - teardownApp: setNavLinkHidden, - }, - ); + for (const apps of Object.values(subApps)) { + this.applicationService.initializeSubApplicationMounts(apps, core, { + prepareApp: setNavLinkVisible, + teardownApp: setNavLinkHidden, + }); } } From 476fad2d48594467b5f1e30a89eaa34b5732d446 Mon Sep 17 00:00:00 2001 From: Guido Modarelli Date: Mon, 3 Feb 2025 16:59:50 -0300 Subject: [PATCH 089/212] Refactor endpoint security group by consolidating app registration and navigation link setup into a single module --- .../groups/endpoint-security/applications.ts | 5 +- .../endpoint-security/endpoint-security.ts | 33 -------- .../public/groups/endpoint-security/index.ts | 82 +++++++++++++++++++ .../groups/endpoint-security/nav-group.ts | 49 ----------- plugins/wazuh-analysis/public/groups/types.ts | 22 ++++- plugins/wazuh-analysis/public/plugin.ts | 17 ++-- 6 files changed, 114 insertions(+), 94 deletions(-) delete mode 100644 plugins/wazuh-analysis/public/groups/endpoint-security/endpoint-security.ts create mode 100644 plugins/wazuh-analysis/public/groups/endpoint-security/index.ts delete mode 100644 plugins/wazuh-analysis/public/groups/endpoint-security/nav-group.ts diff --git a/plugins/wazuh-analysis/public/groups/endpoint-security/applications.ts b/plugins/wazuh-analysis/public/groups/endpoint-security/applications.ts index 48761c02d0..9c60a3371a 100644 --- a/plugins/wazuh-analysis/public/groups/endpoint-security/applications.ts +++ b/plugins/wazuh-analysis/public/groups/endpoint-security/applications.ts @@ -1,4 +1,5 @@ import { + App, AppMountParameters, AppNavLinkStatus, AppUpdater, @@ -7,7 +8,7 @@ import { Subject } from 'rxjs'; import { i18n } from '@osd/i18n'; import { buildSubAppId } from '../../utils'; import { PLUGIN_ID } from '../../../common/constants'; -import { ENDPOINT_SECURITY_ID } from './endpoint-security'; +import { ENDPOINT_SECURITY_ID } from '.'; export const CONFIGURATION_ASSESSMENT_ID = buildSubAppId( ENDPOINT_SECURITY_ID, @@ -34,7 +35,7 @@ export const FIM_TITLE = i18n.translate(`${PLUGIN_ID}.category.${FIM_ID}`, { defaultMessage: 'File Integrity Monitoring', }); -export function getEndpointSecurityApps(updater$: Subject) { +export function getEndpointSecurityApps(updater$?: Subject): App[] { return [ { id: CONFIGURATION_ASSESSMENT_ID, diff --git a/plugins/wazuh-analysis/public/groups/endpoint-security/endpoint-security.ts b/plugins/wazuh-analysis/public/groups/endpoint-security/endpoint-security.ts deleted file mode 100644 index 2753642aa2..0000000000 --- a/plugins/wazuh-analysis/public/groups/endpoint-security/endpoint-security.ts +++ /dev/null @@ -1,33 +0,0 @@ -import { i18n } from '@osd/i18n'; -import { - App, - AppMountParameters, - CoreSetup, -} from 'opensearch-dashboards/public'; -import { CATEGORY } from '../category'; -import { PLUGIN_ID } from '../../../common/constants'; - -export const ENDPOINT_SECURITY_ID = 'endpoint_security'; -export const ENDPOINT_SECURITY_TITLE = i18n.translate( - `${PLUGIN_ID}.category.${ENDPOINT_SECURITY_ID}`, - { - defaultMessage: 'Endpoint Security', - }, -); -export const ENDPOINT_SECURITY_DESCRIPTION = i18n.translate( - `${PLUGIN_ID}.category.${ENDPOINT_SECURITY_ID}.description`, - { - defaultMessage: - 'Advanced monitoring and protection for devices against security threats.', - }, -); - -export const EndpointSecurityApp = (_core: CoreSetup): App => ({ - id: ENDPOINT_SECURITY_ID, - title: ENDPOINT_SECURITY_TITLE, - category: CATEGORY, - mount: - async (_params: AppMountParameters) => - // TODO: Implement the endpoint security landing page - () => {}, -}); diff --git a/plugins/wazuh-analysis/public/groups/endpoint-security/index.ts b/plugins/wazuh-analysis/public/groups/endpoint-security/index.ts new file mode 100644 index 0000000000..cb38130fa9 --- /dev/null +++ b/plugins/wazuh-analysis/public/groups/endpoint-security/index.ts @@ -0,0 +1,82 @@ +import { i18n } from '@osd/i18n'; +import { + App, + AppMountParameters, + AppUpdater, + ChromeNavGroup, + ChromeRegistrationNavLink, + CoreSetup, +} from 'opensearch-dashboards/public'; +import { Subject } from 'rxjs'; +import { PLUGIN_ID } from '../../../common/constants'; +import { CATEGORY } from '../category'; +import { Group } from '../types'; +import { getEndpointSecurityApps } from './applications'; + +export const ENDPOINT_SECURITY_ID = 'endpoint_security'; +export const ENDPOINT_SECURITY_TITLE = i18n.translate( + `${PLUGIN_ID}.category.${ENDPOINT_SECURITY_ID}`, + { + defaultMessage: 'Endpoint Security', + }, +); +export const ENDPOINT_SECURITY_DESCRIPTION = i18n.translate( + `${PLUGIN_ID}.category.${ENDPOINT_SECURITY_ID}.description`, + { + defaultMessage: + 'Advanced monitoring and protection for devices against security threats.', + }, +); + +export const EndpointSecurityNavGroup: Group = { + getId: () => ENDPOINT_SECURITY_ID, + getTitle: () => ENDPOINT_SECURITY_TITLE, + getDescription: () => ENDPOINT_SECURITY_DESCRIPTION, + + getNavGroup(): ChromeNavGroup { + return { + id: ENDPOINT_SECURITY_ID, + title: ENDPOINT_SECURITY_TITLE, + description: ENDPOINT_SECURITY_DESCRIPTION, + }; + }, + + getAppGroup(): App { + return { + id: ENDPOINT_SECURITY_ID, + title: ENDPOINT_SECURITY_TITLE, + category: CATEGORY, + mount: + async (_params: AppMountParameters) => + // TODO: Implement the endpoint security landing page + () => {}, + }; + }, + + getGroupNavLink(): ChromeRegistrationNavLink { + return { + id: ENDPOINT_SECURITY_ID, + title: ENDPOINT_SECURITY_TITLE, + order: 0, + category: CATEGORY, + }; + }, + + getAppsNavLinks(): ChromeRegistrationNavLink[] { + return getEndpointSecurityApps().map(app => ({ + id: app.id, + title: app.title, + })); + }, + + getApps(updater$: Subject): App[] { + return getEndpointSecurityApps(updater$); + }, + + addNavLinks(core: CoreSetup) { + core.chrome.navGroup.addNavLinksToGroup( + EndpointSecurityNavGroup.getNavGroup(), + EndpointSecurityNavGroup.getAppsNavLinks(), + ); + }, +}; diff --git a/plugins/wazuh-analysis/public/groups/endpoint-security/nav-group.ts b/plugins/wazuh-analysis/public/groups/endpoint-security/nav-group.ts deleted file mode 100644 index 7c11930589..0000000000 --- a/plugins/wazuh-analysis/public/groups/endpoint-security/nav-group.ts +++ /dev/null @@ -1,49 +0,0 @@ -import { CoreSetup, DEFAULT_NAV_GROUPS } from '../../../../../src/core/public'; -import { CATEGORY } from '../category'; -import { - CONFIGURATION_ASSESSMENT_ID, - CONFIGURATION_ASSESSMENT_TITLE, - FIM_ID, - FIM_TITLE, - MALWARE_DETECTION_ID, - MALWARE_DETECTION_TITLE, -} from './applications'; -import { - ENDPOINT_SECURITY_DESCRIPTION, - ENDPOINT_SECURITY_ID, - ENDPOINT_SECURITY_TITLE, -} from './endpoint-security'; - -export const ENDPOINT_SECURITY_NAV_GROUP = { - id: ENDPOINT_SECURITY_ID, - title: ENDPOINT_SECURITY_TITLE, - description: ENDPOINT_SECURITY_DESCRIPTION, -}; - -export const setupEndpointSecurityNavGroup = (core: CoreSetup) => { - core.chrome.navGroup.addNavLinksToGroup(DEFAULT_NAV_GROUPS.all, [ - { - id: ENDPOINT_SECURITY_ID, - title: ENDPOINT_SECURITY_TITLE, - order: 0, - category: CATEGORY, - }, - ]); - core.chrome.navGroup.addNavLinksToGroup(ENDPOINT_SECURITY_NAV_GROUP, [ - { - // Configuration assessment - id: CONFIGURATION_ASSESSMENT_ID, - title: CONFIGURATION_ASSESSMENT_TITLE, - }, - { - // Malware detection - id: MALWARE_DETECTION_ID, - title: MALWARE_DETECTION_TITLE, - }, - { - // FIM - id: FIM_ID, - title: FIM_TITLE, - }, - ]); -}; diff --git a/plugins/wazuh-analysis/public/groups/types.ts b/plugins/wazuh-analysis/public/groups/types.ts index b7088fb6d7..3f8f4e29ad 100644 --- a/plugins/wazuh-analysis/public/groups/types.ts +++ b/plugins/wazuh-analysis/public/groups/types.ts @@ -1,10 +1,30 @@ +import { + App, + AppUpdater, + ChromeNavGroup, + ChromeRegistrationNavLink, + CoreSetup, +} from 'opensearch-dashboards/public'; +import { Subject } from 'rxjs'; import { CLOUD_SECURITY_ID } from './cloud-security/cloud-security'; -import { ENDPOINT_SECURITY_ID } from './endpoint-security/endpoint-security'; import { SECURITY_OPERATIONS_ID } from './security-operations/security-operations'; import { THREAT_INTELLIGENCE_ID } from './threat-intelligence/threat-intelligence'; +import { ENDPOINT_SECURITY_ID } from './endpoint-security'; export type GroupsId = | typeof ENDPOINT_SECURITY_ID | typeof THREAT_INTELLIGENCE_ID | typeof SECURITY_OPERATIONS_ID | typeof CLOUD_SECURITY_ID; + +export interface Group { + getId: () => string; + getTitle: () => string; + getDescription: () => string; + getNavGroup: () => ChromeNavGroup; + getAppGroup: () => App; + getGroupNavLink: () => ChromeRegistrationNavLink; + getAppsNavLinks: () => ChromeRegistrationNavLink[]; + getApps: (updater$: Subject) => App[]; + addNavLinks: (core: CoreSetup) => void; +} diff --git a/plugins/wazuh-analysis/public/plugin.ts b/plugins/wazuh-analysis/public/plugin.ts index ddb10f54e5..a62f9f0c79 100644 --- a/plugins/wazuh-analysis/public/plugin.ts +++ b/plugins/wazuh-analysis/public/plugin.ts @@ -9,10 +9,6 @@ import { import { NavigationPublicPluginStart } from '../../../src/plugins/navigation/public'; import { AnalysisSetup, AnalysisStart } from './types'; import { CATEGORY } from './groups/category'; -import { - ENDPOINT_SECURITY_ID, - EndpointSecurityApp, -} from './groups/endpoint-security/endpoint-security'; import { searchPages } from './components/global_search/search-pages-command'; import { THREAT_INTELLIGENCE_ID, @@ -30,7 +26,6 @@ import { CloudSecurityApp, } from './groups/cloud-security/cloud-security'; import { NAV_GROUPS } from './groups/nav-groups'; -import { getEndpointSecurityApps } from './groups/endpoint-security/applications'; import { getThreatIntelligenceApps, MITRE_ATTACK_ID, @@ -63,8 +58,11 @@ import { OFFICE365_TITLE, } from './groups/cloud-security/applications'; import { GroupsId } from './groups/types'; -import { setupEndpointSecurityNavGroup } from './groups/endpoint-security/nav-group'; import { ApplicationService } from './services/application.service'; +import { + ENDPOINT_SECURITY_ID, + EndpointSecurityNavGroup, +} from './groups/endpoint-security'; interface AnalysisSetupDependencies {} @@ -105,7 +103,7 @@ export class AnalysisPlugin private registerApps(core: CoreSetup) { const applications: App[] = [ - EndpointSecurityApp(core), + EndpointSecurityNavGroup.getAppGroup(), ThreatIntelligenceApp(core), SecurityOperationsApp(core), CloudSecurityApp(core), @@ -130,7 +128,7 @@ export class AnalysisPlugin } const subApps: Partial> = { - [ENDPOINT_SECURITY_ID]: getEndpointSecurityApps( + [ENDPOINT_SECURITY_ID]: EndpointSecurityNavGroup.getApps( this.applicationService.getAppUpdater(ENDPOINT_SECURITY_ID), ), [THREAT_INTELLIGENCE_ID]: getThreatIntelligenceApps( @@ -153,7 +151,7 @@ export class AnalysisPlugin } private registerNavGroups(core: CoreSetup) { - setupEndpointSecurityNavGroup(core); + EndpointSecurityNavGroup.addNavLinks(core); core.chrome.navGroup.addNavLinksToGroup( NAV_GROUPS[THREAT_INTELLIGENCE_ID], @@ -226,6 +224,7 @@ export class AnalysisPlugin ]); core.chrome.navGroup.addNavLinksToGroup(DEFAULT_NAV_GROUPS.all, [ + EndpointSecurityNavGroup.getGroupNavLink(), { id: THREAT_INTELLIGENCE_ID, title: THREAT_INTELLIGENCE_TITLE, From c625e3e478819ba9c458ae40b0b8269ac08b491d Mon Sep 17 00:00:00 2001 From: Guido Modarelli Date: Mon, 3 Feb 2025 17:25:46 -0300 Subject: [PATCH 090/212] Refactor cloud security group by consolidating navigation and application handling into a single module --- .../groups/cloud-security/applications.ts | 2 +- .../groups/cloud-security/cloud-security.ts | 33 -------- .../public/groups/cloud-security/index.ts | 81 +++++++++++++++++++ .../public/groups/nav-groups.ts | 10 --- plugins/wazuh-analysis/public/groups/types.ts | 50 +++++++++++- plugins/wazuh-analysis/public/plugin.ts | 61 ++------------ 6 files changed, 139 insertions(+), 98 deletions(-) delete mode 100644 plugins/wazuh-analysis/public/groups/cloud-security/cloud-security.ts create mode 100644 plugins/wazuh-analysis/public/groups/cloud-security/index.ts diff --git a/plugins/wazuh-analysis/public/groups/cloud-security/applications.ts b/plugins/wazuh-analysis/public/groups/cloud-security/applications.ts index e51803eaa5..09c4049a3c 100644 --- a/plugins/wazuh-analysis/public/groups/cloud-security/applications.ts +++ b/plugins/wazuh-analysis/public/groups/cloud-security/applications.ts @@ -42,7 +42,7 @@ export const OFFICE365_TITLE = i18n.translate( }, ); -export function getCloudSecurityApps(updater$: Subject) { +export function getCloudSecurityApps(updater$?: Subject) { return [ { id: DOCKER_ID, diff --git a/plugins/wazuh-analysis/public/groups/cloud-security/cloud-security.ts b/plugins/wazuh-analysis/public/groups/cloud-security/cloud-security.ts deleted file mode 100644 index 999accf9c0..0000000000 --- a/plugins/wazuh-analysis/public/groups/cloud-security/cloud-security.ts +++ /dev/null @@ -1,33 +0,0 @@ -import { i18n } from '@osd/i18n'; -import { - App, - AppMountParameters, - CoreSetup, -} from 'opensearch-dashboards/public'; -import { PLUGIN_ID } from '../../../common/constants'; -import { CATEGORY } from '../category'; - -export const CLOUD_SECURITY_ID = 'cloud_security'; -export const CLOUD_SECURITY_TITLE = i18n.translate( - `${PLUGIN_ID}.category.${CLOUD_SECURITY_ID}`, - { - defaultMessage: 'Cloud Security', - }, -); -export const CLOUD_SECURITY_DESCRIPTION = i18n.translate( - `${PLUGIN_ID}.category.${CLOUD_SECURITY_ID}.description`, - { - defaultMessage: - 'Monitoring and protection for cloud environments against security threats.', - }, -); - -export const CloudSecurityApp = (_core: CoreSetup): App => ({ - id: CLOUD_SECURITY_ID, - title: CLOUD_SECURITY_TITLE, - category: CATEGORY, - mount: - async (_params: AppMountParameters) => - // TODO: Implement the cloud security application - () => {}, -}); diff --git a/plugins/wazuh-analysis/public/groups/cloud-security/index.ts b/plugins/wazuh-analysis/public/groups/cloud-security/index.ts new file mode 100644 index 0000000000..fb257feaff --- /dev/null +++ b/plugins/wazuh-analysis/public/groups/cloud-security/index.ts @@ -0,0 +1,81 @@ +import { i18n } from '@osd/i18n'; +import { + App, + AppMountParameters, + AppUpdater, + ChromeRegistrationNavLink, + CoreSetup, +} from 'opensearch-dashboards/public'; +import { Subject } from 'rxjs'; +import { PLUGIN_ID } from '../../../common/constants'; +import { Group } from '../types'; +import { CATEGORY } from '../category'; +import { getCloudSecurityApps } from './applications'; + +export const CLOUD_SECURITY_ID = 'cloud_security'; +export const CLOUD_SECURITY_TITLE = i18n.translate( + `${PLUGIN_ID}.category.${CLOUD_SECURITY_ID}`, + { + defaultMessage: 'Cloud Security', + }, +); +export const CLOUD_SECURITY_DESCRIPTION = i18n.translate( + `${PLUGIN_ID}.category.${CLOUD_SECURITY_ID}.description`, + { + defaultMessage: + 'Monitoring and protection for cloud environments against security threats.', + }, +); + +export const CloudSecurityNavGroup: Group = { + getId: () => CLOUD_SECURITY_ID, + getTitle: () => CLOUD_SECURITY_TITLE, + getDescription: () => CLOUD_SECURITY_DESCRIPTION, + + getNavGroup() { + return { + id: CLOUD_SECURITY_ID, + title: CLOUD_SECURITY_TITLE, + description: CLOUD_SECURITY_DESCRIPTION, + }; + }, + + getAppGroup() { + return { + id: CLOUD_SECURITY_ID, + title: CLOUD_SECURITY_TITLE, + category: CATEGORY, + mount: + async (_params: AppMountParameters) => + // TODO: Implement the cloud security application + () => {}, + }; + }, + + getGroupNavLink(): ChromeRegistrationNavLink { + return { + id: CLOUD_SECURITY_ID, + title: CLOUD_SECURITY_TITLE, + order: 0, + category: CATEGORY, + }; + }, + + getAppsNavLinks(): ChromeRegistrationNavLink[] { + return getCloudSecurityApps().map(app => ({ + id: app.id, + title: app.title, + })); + }, + + getApps(updater$: Subject): App[] { + return getCloudSecurityApps(updater$); + }, + + addNavLinks(core: CoreSetup): void { + core.chrome.navGroup.addNavLinksToGroup( + CloudSecurityNavGroup.getNavGroup(), + CloudSecurityNavGroup.getAppsNavLinks(), + ); + }, +}; diff --git a/plugins/wazuh-analysis/public/groups/nav-groups.ts b/plugins/wazuh-analysis/public/groups/nav-groups.ts index 290d562d95..d9da39fbca 100644 --- a/plugins/wazuh-analysis/public/groups/nav-groups.ts +++ b/plugins/wazuh-analysis/public/groups/nav-groups.ts @@ -9,11 +9,6 @@ import { THREAT_INTELLIGENCE_TITLE, THREAT_INTELLIGENCE_DESCRIPTION, } from './threat-intelligence/threat-intelligence'; -import { - CLOUD_SECURITY_ID, - CLOUD_SECURITY_TITLE, - CLOUD_SECURITY_DESCRIPTION, -} from './cloud-security/cloud-security'; import { GroupsId } from './types'; export const NAV_GROUPS = Object.freeze({ @@ -27,9 +22,4 @@ export const NAV_GROUPS = Object.freeze({ title: SECURITY_OPERATIONS_TITLE, description: SECURITY_OPERATIONS_DESCRIPTION, }, - [CLOUD_SECURITY_ID]: { - id: CLOUD_SECURITY_ID, - title: CLOUD_SECURITY_TITLE, - description: CLOUD_SECURITY_DESCRIPTION, - }, } satisfies Partial>); diff --git a/plugins/wazuh-analysis/public/groups/types.ts b/plugins/wazuh-analysis/public/groups/types.ts index 3f8f4e29ad..3c46a6f82a 100644 --- a/plugins/wazuh-analysis/public/groups/types.ts +++ b/plugins/wazuh-analysis/public/groups/types.ts @@ -6,10 +6,10 @@ import { CoreSetup, } from 'opensearch-dashboards/public'; import { Subject } from 'rxjs'; -import { CLOUD_SECURITY_ID } from './cloud-security/cloud-security'; import { SECURITY_OPERATIONS_ID } from './security-operations/security-operations'; import { THREAT_INTELLIGENCE_ID } from './threat-intelligence/threat-intelligence'; import { ENDPOINT_SECURITY_ID } from './endpoint-security'; +import { CLOUD_SECURITY_ID } from './cloud-security'; export type GroupsId = | typeof ENDPOINT_SECURITY_ID @@ -21,10 +21,58 @@ export interface Group { getId: () => string; getTitle: () => string; getDescription: () => string; + + /** + * This method is used to retrieve the navigation group to which the group + * belongs. The `ChromeNavGroup` object represents a group of navigation links + * within the OpenSearch Dashboards application. By calling `getNavGroup`, you + * can get the specific navigation group associated with the group, which can + * be used for organizing and displaying navigation links related to that + * group within the application's user interface. + */ getNavGroup: () => ChromeNavGroup; + + /** + * This method is used to retrieve the specific OpenSearch Dashboards + * application associated with the group. The `App` object represents an + * application within the OpenSearch Dashboards framework and contains + * information about the application, such as its title, description, and + * configuration. + */ getAppGroup: () => App; + + /** + * This method is used to retrieve a specific navigation link associated with + * the group. The `ChromeRegistrationNavLink` object represents a single + * navigation link within the OpenSearch Dashboards application. By calling + * this method, you can get the specific navigation link that is related to + * the group, which can be used for navigating to a specific section or + * feature within the application's user interface that is associated with + * that group. + */ getGroupNavLink: () => ChromeRegistrationNavLink; + + /** + * Returns an array of `ChromeRegistrationNavLink` objects. These objects + * represent navigation links for sub-applications within the OpenSearch + * Dashboards application that are associated with the specific group. + */ getAppsNavLinks: () => ChromeRegistrationNavLink[]; + + /** + * This method is used to retrieve the list of applications associated with + * the specific group. The `updater$` parameter is a subject that can be used + * to update or notify subscribers about changes to the list of applications. + * By calling this method, you can get the array of `App` objects that belong + * to the group, allowing you to access information about each application, + * such as its title, description, and configuration within the OpenSearch + * Dashboards framework. + */ getApps: (updater$: Subject) => App[]; + + /** + * This method is used to add navigation links related to the specific group + * within the OpenSearch Dashboards application. + */ addNavLinks: (core: CoreSetup) => void; } diff --git a/plugins/wazuh-analysis/public/plugin.ts b/plugins/wazuh-analysis/public/plugin.ts index a62f9f0c79..8c07cc4419 100644 --- a/plugins/wazuh-analysis/public/plugin.ts +++ b/plugins/wazuh-analysis/public/plugin.ts @@ -20,11 +20,6 @@ import { SECURITY_OPERATIONS_TITLE, SecurityOperationsApp, } from './groups/security-operations/security-operations'; -import { - CLOUD_SECURITY_ID, - CLOUD_SECURITY_TITLE, - CloudSecurityApp, -} from './groups/cloud-security/cloud-security'; import { NAV_GROUPS } from './groups/nav-groups'; import { getThreatIntelligenceApps, @@ -44,25 +39,16 @@ import { REGULATORY_COMPLIANCE_ID, REGULATORY_COMPLIANCE_TITLE, } from './groups/security-operations/applications'; -import { - AWS_ID, - AWS_TITLE, - DOCKER_ID, - DOCKER_TITLE, - getCloudSecurityApps, - GITHUB_ID, - GITHUB_TITLE, - GOOGLE_CLOUD_ID, - GOOGLE_CLOUD_TITLE, - OFFICE365_ID, - OFFICE365_TITLE, -} from './groups/cloud-security/applications'; import { GroupsId } from './groups/types'; import { ApplicationService } from './services/application.service'; import { ENDPOINT_SECURITY_ID, EndpointSecurityNavGroup, } from './groups/endpoint-security'; +import { + CLOUD_SECURITY_ID, + CloudSecurityNavGroup, +} from './groups/cloud-security'; interface AnalysisSetupDependencies {} @@ -106,7 +92,7 @@ export class AnalysisPlugin EndpointSecurityNavGroup.getAppGroup(), ThreatIntelligenceApp(core), SecurityOperationsApp(core), - CloudSecurityApp(core), + CloudSecurityNavGroup.getAppGroup(), ]; this.applicationService.initializeNavGroupMounts(applications, core, { @@ -137,7 +123,7 @@ export class AnalysisPlugin [SECURITY_OPERATIONS_ID]: getSecurityOperationsApps( this.applicationService.getAppUpdater(SECURITY_OPERATIONS_ID), ), - [CLOUD_SECURITY_ID]: getCloudSecurityApps( + [CLOUD_SECURITY_ID]: CloudSecurityNavGroup.getApps( this.applicationService.getAppUpdater(CLOUD_SECURITY_ID), ), }; @@ -195,33 +181,7 @@ export class AnalysisPlugin ], ); - core.chrome.navGroup.addNavLinksToGroup(NAV_GROUPS[CLOUD_SECURITY_ID], [ - { - // Docker - id: DOCKER_ID, - title: DOCKER_TITLE, - }, - { - // AWS - id: AWS_ID, - title: AWS_TITLE, - }, - { - // Google Cloud - id: GOOGLE_CLOUD_ID, - title: GOOGLE_CLOUD_TITLE, - }, - { - // Github - id: GITHUB_ID, - title: GITHUB_TITLE, - }, - { - // Office 365 - id: OFFICE365_ID, - title: OFFICE365_TITLE, - }, - ]); + CloudSecurityNavGroup.addNavLinks(core); core.chrome.navGroup.addNavLinksToGroup(DEFAULT_NAV_GROUPS.all, [ EndpointSecurityNavGroup.getGroupNavLink(), @@ -237,12 +197,7 @@ export class AnalysisPlugin order: 2, category: CATEGORY, }, - { - id: CLOUD_SECURITY_ID, - title: CLOUD_SECURITY_TITLE, - order: 3, - category: CATEGORY, - }, + CloudSecurityNavGroup.getGroupNavLink(), ]); } From 3d973c5cb0bfeaef6fbd28eaa30cb093aba427fc Mon Sep 17 00:00:00 2001 From: Guido Modarelli Date: Mon, 3 Feb 2025 17:31:02 -0300 Subject: [PATCH 091/212] Refactor security operations group by consolidating navigation and application handling into a single module --- .../public/groups/nav-groups.ts | 10 --- .../security-operations/applications.ts | 4 +- .../groups/security-operations/index.ts | 81 +++++++++++++++++++ .../security-operations.ts | 33 -------- plugins/wazuh-analysis/public/groups/types.ts | 2 +- plugins/wazuh-analysis/public/plugin.ts | 47 ++--------- 6 files changed, 90 insertions(+), 87 deletions(-) create mode 100644 plugins/wazuh-analysis/public/groups/security-operations/index.ts delete mode 100644 plugins/wazuh-analysis/public/groups/security-operations/security-operations.ts diff --git a/plugins/wazuh-analysis/public/groups/nav-groups.ts b/plugins/wazuh-analysis/public/groups/nav-groups.ts index d9da39fbca..88df08ae98 100644 --- a/plugins/wazuh-analysis/public/groups/nav-groups.ts +++ b/plugins/wazuh-analysis/public/groups/nav-groups.ts @@ -1,9 +1,4 @@ import { ChromeNavGroup } from 'opensearch-dashboards/public'; -import { - SECURITY_OPERATIONS_ID, - SECURITY_OPERATIONS_TITLE, - SECURITY_OPERATIONS_DESCRIPTION, -} from './security-operations/security-operations'; import { THREAT_INTELLIGENCE_ID, THREAT_INTELLIGENCE_TITLE, @@ -17,9 +12,4 @@ export const NAV_GROUPS = Object.freeze({ title: THREAT_INTELLIGENCE_TITLE, description: THREAT_INTELLIGENCE_DESCRIPTION, }, - [SECURITY_OPERATIONS_ID]: { - id: SECURITY_OPERATIONS_ID, - title: SECURITY_OPERATIONS_TITLE, - description: SECURITY_OPERATIONS_DESCRIPTION, - }, } satisfies Partial>); diff --git a/plugins/wazuh-analysis/public/groups/security-operations/applications.ts b/plugins/wazuh-analysis/public/groups/security-operations/applications.ts index 0ae9f217a5..820d3314ce 100644 --- a/plugins/wazuh-analysis/public/groups/security-operations/applications.ts +++ b/plugins/wazuh-analysis/public/groups/security-operations/applications.ts @@ -7,7 +7,7 @@ import { Subject } from 'rxjs'; import { i18n } from '@osd/i18n'; import { buildSubAppId } from '../../utils'; import { PLUGIN_ID } from '../../../common/constants'; -import { SECURITY_OPERATIONS_ID } from './security-operations'; +import { SECURITY_OPERATIONS_ID } from '.'; export const REGULATORY_COMPLIANCE_ID = buildSubAppId( SECURITY_OPERATIONS_ID, @@ -40,7 +40,7 @@ export const INCIDENT_RESPONSE_TITLE = i18n.translate( }, ); -export function getSecurityOperationsApps(updater$: Subject) { +export function getSecurityOperationsApps(updater$?: Subject) { return [ { id: REGULATORY_COMPLIANCE_ID, diff --git a/plugins/wazuh-analysis/public/groups/security-operations/index.ts b/plugins/wazuh-analysis/public/groups/security-operations/index.ts new file mode 100644 index 0000000000..d2c707c350 --- /dev/null +++ b/plugins/wazuh-analysis/public/groups/security-operations/index.ts @@ -0,0 +1,81 @@ +import { i18n } from '@osd/i18n'; +import { + App, + AppMountParameters, + AppUpdater, + ChromeRegistrationNavLink, + CoreSetup, +} from 'opensearch-dashboards/public'; +import { Subject } from 'rxjs'; +import { PLUGIN_ID } from '../../../common/constants'; +import { CATEGORY } from '../category'; +import { Group } from '../types'; +import { getSecurityOperationsApps } from './applications'; + +export const SECURITY_OPERATIONS_ID = 'security_operations'; +export const SECURITY_OPERATIONS_TITLE = i18n.translate( + `${PLUGIN_ID}.category.${SECURITY_OPERATIONS_ID}`, + { + defaultMessage: 'Security Operations', + }, +); +export const SECURITY_OPERATIONS_DESCRIPTION = i18n.translate( + `${PLUGIN_ID}.category.${SECURITY_OPERATIONS_ID}.description`, + { + defaultMessage: + 'Advanced monitoring and protection for devices against security threats.', + }, +); + +export const SecurityOperationsNavGroup: Group = { + getId: () => SECURITY_OPERATIONS_ID, + getTitle: () => SECURITY_OPERATIONS_TITLE, + getDescription: () => SECURITY_OPERATIONS_DESCRIPTION, + + getNavGroup() { + return { + id: SECURITY_OPERATIONS_ID, + title: SECURITY_OPERATIONS_TITLE, + description: SECURITY_OPERATIONS_DESCRIPTION, + }; + }, + + getAppGroup() { + return { + id: SECURITY_OPERATIONS_ID, + title: SECURITY_OPERATIONS_TITLE, + category: CATEGORY, + mount: + async (_params: AppMountParameters) => + // TODO: Implement the security operations application + () => {}, + }; + }, + + getGroupNavLink(): ChromeRegistrationNavLink { + return { + id: SECURITY_OPERATIONS_ID, + title: SECURITY_OPERATIONS_TITLE, + order: 0, + category: CATEGORY, + }; + }, + + getAppsNavLinks(): ChromeRegistrationNavLink[] { + return getSecurityOperationsApps().map(app => ({ + id: app.id, + title: app.title, + })); + }, + + getApps(updater$: Subject): App[] { + return getSecurityOperationsApps(updater$); + }, + + addNavLinks(core: CoreSetup): void { + core.chrome.navGroup.addNavLinksToGroup( + SecurityOperationsNavGroup.getNavGroup(), + SecurityOperationsNavGroup.getAppsNavLinks(), + ); + }, +}; diff --git a/plugins/wazuh-analysis/public/groups/security-operations/security-operations.ts b/plugins/wazuh-analysis/public/groups/security-operations/security-operations.ts deleted file mode 100644 index 66753ad33b..0000000000 --- a/plugins/wazuh-analysis/public/groups/security-operations/security-operations.ts +++ /dev/null @@ -1,33 +0,0 @@ -import { i18n } from '@osd/i18n'; -import { - App, - AppMountParameters, - CoreSetup, -} from 'opensearch-dashboards/public'; -import { PLUGIN_ID } from '../../../common/constants'; -import { CATEGORY } from '../category'; - -export const SECURITY_OPERATIONS_ID = 'security_operations'; -export const SECURITY_OPERATIONS_TITLE = i18n.translate( - `${PLUGIN_ID}.category.${SECURITY_OPERATIONS_ID}`, - { - defaultMessage: 'Security Operations', - }, -); -export const SECURITY_OPERATIONS_DESCRIPTION = i18n.translate( - `${PLUGIN_ID}.category.${SECURITY_OPERATIONS_ID}.description`, - { - defaultMessage: - 'Advanced monitoring and protection for devices against security threats.', - }, -); - -export const SecurityOperationsApp = (_core: CoreSetup): App => ({ - id: SECURITY_OPERATIONS_ID, - title: SECURITY_OPERATIONS_TITLE, - category: CATEGORY, - mount: - async (_params: AppMountParameters) => - // TODO: Implement the security operations application - () => {}, -}); diff --git a/plugins/wazuh-analysis/public/groups/types.ts b/plugins/wazuh-analysis/public/groups/types.ts index 3c46a6f82a..1f04094c45 100644 --- a/plugins/wazuh-analysis/public/groups/types.ts +++ b/plugins/wazuh-analysis/public/groups/types.ts @@ -6,7 +6,7 @@ import { CoreSetup, } from 'opensearch-dashboards/public'; import { Subject } from 'rxjs'; -import { SECURITY_OPERATIONS_ID } from './security-operations/security-operations'; +import { SECURITY_OPERATIONS_ID } from './security-operations'; import { THREAT_INTELLIGENCE_ID } from './threat-intelligence/threat-intelligence'; import { ENDPOINT_SECURITY_ID } from './endpoint-security'; import { CLOUD_SECURITY_ID } from './cloud-security'; diff --git a/plugins/wazuh-analysis/public/plugin.ts b/plugins/wazuh-analysis/public/plugin.ts index 8c07cc4419..fe3a385008 100644 --- a/plugins/wazuh-analysis/public/plugin.ts +++ b/plugins/wazuh-analysis/public/plugin.ts @@ -17,9 +17,8 @@ import { } from './groups/threat-intelligence/threat-intelligence'; import { SECURITY_OPERATIONS_ID, - SECURITY_OPERATIONS_TITLE, - SecurityOperationsApp, -} from './groups/security-operations/security-operations'; + SecurityOperationsNavGroup, +} from './groups/security-operations'; import { NAV_GROUPS } from './groups/nav-groups'; import { getThreatIntelligenceApps, @@ -30,15 +29,6 @@ import { VULNERABILITY_DETECTION_ID, VULNERABILITY_DETECTION_TITLE, } from './groups/threat-intelligence/applications'; -import { - getSecurityOperationsApps, - INCIDENT_RESPONSE_ID, - INCIDENT_RESPONSE_TITLE, - IT_HYGIENE_ID, - IT_HYGIENE_TITLE, - REGULATORY_COMPLIANCE_ID, - REGULATORY_COMPLIANCE_TITLE, -} from './groups/security-operations/applications'; import { GroupsId } from './groups/types'; import { ApplicationService } from './services/application.service'; import { @@ -91,7 +81,7 @@ export class AnalysisPlugin const applications: App[] = [ EndpointSecurityNavGroup.getAppGroup(), ThreatIntelligenceApp(core), - SecurityOperationsApp(core), + SecurityOperationsNavGroup.getAppGroup(), CloudSecurityNavGroup.getAppGroup(), ]; @@ -120,7 +110,7 @@ export class AnalysisPlugin [THREAT_INTELLIGENCE_ID]: getThreatIntelligenceApps( this.applicationService.getAppUpdater(THREAT_INTELLIGENCE_ID), ), - [SECURITY_OPERATIONS_ID]: getSecurityOperationsApps( + [SECURITY_OPERATIONS_ID]: SecurityOperationsNavGroup.getApps( this.applicationService.getAppUpdater(SECURITY_OPERATIONS_ID), ), [CLOUD_SECURITY_ID]: CloudSecurityNavGroup.getApps( @@ -160,27 +150,7 @@ export class AnalysisPlugin ], ); - core.chrome.navGroup.addNavLinksToGroup( - NAV_GROUPS[SECURITY_OPERATIONS_ID], - [ - { - // Regulatory compliance - id: REGULATORY_COMPLIANCE_ID, - title: REGULATORY_COMPLIANCE_TITLE, - }, - { - // IT hygiene - id: IT_HYGIENE_ID, - title: IT_HYGIENE_TITLE, - }, - { - // Incident response - id: INCIDENT_RESPONSE_ID, - title: INCIDENT_RESPONSE_TITLE, - }, - ], - ); - + SecurityOperationsNavGroup.addNavLinks(core); CloudSecurityNavGroup.addNavLinks(core); core.chrome.navGroup.addNavLinksToGroup(DEFAULT_NAV_GROUPS.all, [ @@ -191,12 +161,7 @@ export class AnalysisPlugin order: 1, category: CATEGORY, }, - { - id: SECURITY_OPERATIONS_ID, - title: SECURITY_OPERATIONS_TITLE, - order: 2, - category: CATEGORY, - }, + SecurityOperationsNavGroup.getGroupNavLink(), CloudSecurityNavGroup.getGroupNavLink(), ]); } From b5d79bf77f3c7ce8f461605238a13883605de0e3 Mon Sep 17 00:00:00 2001 From: Guido Modarelli Date: Mon, 3 Feb 2025 17:43:38 -0300 Subject: [PATCH 092/212] Refactor Group interface to use generic type for improved type safety --- plugins/wazuh-analysis/public/groups/types.ts | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/plugins/wazuh-analysis/public/groups/types.ts b/plugins/wazuh-analysis/public/groups/types.ts index 1f04094c45..e83495f355 100644 --- a/plugins/wazuh-analysis/public/groups/types.ts +++ b/plugins/wazuh-analysis/public/groups/types.ts @@ -7,7 +7,7 @@ import { } from 'opensearch-dashboards/public'; import { Subject } from 'rxjs'; import { SECURITY_OPERATIONS_ID } from './security-operations'; -import { THREAT_INTELLIGENCE_ID } from './threat-intelligence/threat-intelligence'; +import { THREAT_INTELLIGENCE_ID } from './threat-intelligence'; import { ENDPOINT_SECURITY_ID } from './endpoint-security'; import { CLOUD_SECURITY_ID } from './cloud-security'; @@ -17,8 +17,8 @@ export type GroupsId = | typeof SECURITY_OPERATIONS_ID | typeof CLOUD_SECURITY_ID; -export interface Group { - getId: () => string; +export interface Group { + getId: () => GroupId; getTitle: () => string; getDescription: () => string; From 1bbfa18205ad1d9569bf0d84d82f85707e8f10ba Mon Sep 17 00:00:00 2001 From: Guido Modarelli Date: Mon, 3 Feb 2025 17:44:21 -0300 Subject: [PATCH 093/212] Refactor threat intelligence group by consolidating application logic and removing obsolete file --- .../threat-intelligence/applications.ts | 4 +- .../groups/threat-intelligence/index.ts | 82 +++++++++++++++++++ .../threat-intelligence.ts | 33 -------- 3 files changed, 84 insertions(+), 35 deletions(-) create mode 100644 plugins/wazuh-analysis/public/groups/threat-intelligence/index.ts delete mode 100644 plugins/wazuh-analysis/public/groups/threat-intelligence/threat-intelligence.ts diff --git a/plugins/wazuh-analysis/public/groups/threat-intelligence/applications.ts b/plugins/wazuh-analysis/public/groups/threat-intelligence/applications.ts index 8d3e4f5cb5..87aa261387 100644 --- a/plugins/wazuh-analysis/public/groups/threat-intelligence/applications.ts +++ b/plugins/wazuh-analysis/public/groups/threat-intelligence/applications.ts @@ -7,7 +7,7 @@ import { Subject } from 'rxjs'; import { i18n } from '@osd/i18n'; import { buildSubAppId } from '../../utils'; import { PLUGIN_ID } from '../../../common/constants'; -import { THREAT_INTELLIGENCE_ID } from './threat-intelligence'; +import { THREAT_INTELLIGENCE_ID } from '.'; export const THREAT_HUNTING_ID = buildSubAppId( THREAT_INTELLIGENCE_ID, @@ -40,7 +40,7 @@ export const MITRE_ATTACK_TITLE = i18n.translate( }, ); -export function getThreatIntelligenceApps(updater$: Subject) { +export function getThreatIntelligenceApps(updater$?: Subject) { return [ { id: THREAT_HUNTING_ID, diff --git a/plugins/wazuh-analysis/public/groups/threat-intelligence/index.ts b/plugins/wazuh-analysis/public/groups/threat-intelligence/index.ts new file mode 100644 index 0000000000..7c38cbf63f --- /dev/null +++ b/plugins/wazuh-analysis/public/groups/threat-intelligence/index.ts @@ -0,0 +1,82 @@ +import { i18n } from '@osd/i18n'; +import { + App, + AppMountParameters, + AppUpdater, + ChromeRegistrationNavLink, + CoreSetup, +} from 'opensearch-dashboards/public'; +import { Subject } from 'rxjs'; +import { PLUGIN_ID } from '../../../common/constants'; +import { CATEGORY } from '../category'; +import { Group } from '../types'; +import { getThreatIntelligenceApps } from './applications'; + +export const THREAT_INTELLIGENCE_ID = 'threat_intelligence'; +export const THREAT_INTELLIGENCE_TITLE = i18n.translate( + `${PLUGIN_ID}.category.${THREAT_INTELLIGENCE_ID}`, + { + defaultMessage: 'Threat Intelligence', + }, +); +export const THREAT_INTELLIGENCE_DESCRIPTION = i18n.translate( + `${PLUGIN_ID}.category.${THREAT_INTELLIGENCE_ID}.description`, + { + defaultMessage: + 'Collect and analyze information about potential threats to inform security decisions.', + }, +); + +export const ThreatIntelligenceNavGroup: Group = + { + getId: () => THREAT_INTELLIGENCE_ID, + getTitle: () => THREAT_INTELLIGENCE_TITLE, + getDescription: () => THREAT_INTELLIGENCE_DESCRIPTION, + + getNavGroup() { + return { + id: THREAT_INTELLIGENCE_ID, + title: THREAT_INTELLIGENCE_TITLE, + description: THREAT_INTELLIGENCE_DESCRIPTION, + }; + }, + + getAppGroup() { + return { + id: THREAT_INTELLIGENCE_ID, + title: THREAT_INTELLIGENCE_TITLE, + category: CATEGORY, + mount: + async (_params: AppMountParameters) => + // TODO: Implement the threat intelligence application + () => {}, + }; + }, + + getGroupNavLink(): ChromeRegistrationNavLink { + return { + id: THREAT_INTELLIGENCE_ID, + title: THREAT_INTELLIGENCE_TITLE, + order: 0, + category: CATEGORY, + }; + }, + + getAppsNavLinks(): ChromeRegistrationNavLink[] { + return getThreatIntelligenceApps().map(app => ({ + id: app.id, + title: app.title, + })); + }, + + getApps(updater$: Subject): App[] { + return getThreatIntelligenceApps(updater$); + }, + + addNavLinks(core: CoreSetup): void { + core.chrome.navGroup.addNavLinksToGroup( + ThreatIntelligenceNavGroup.getNavGroup(), + ThreatIntelligenceNavGroup.getAppsNavLinks(), + ); + }, + }; diff --git a/plugins/wazuh-analysis/public/groups/threat-intelligence/threat-intelligence.ts b/plugins/wazuh-analysis/public/groups/threat-intelligence/threat-intelligence.ts deleted file mode 100644 index 86e9503ee5..0000000000 --- a/plugins/wazuh-analysis/public/groups/threat-intelligence/threat-intelligence.ts +++ /dev/null @@ -1,33 +0,0 @@ -import { i18n } from '@osd/i18n'; -import { - App, - AppMountParameters, - CoreSetup, -} from 'opensearch-dashboards/public'; -import { PLUGIN_ID } from '../../../common/constants'; -import { CATEGORY } from '../category'; - -export const THREAT_INTELLIGENCE_ID = 'threat_intelligence'; -export const THREAT_INTELLIGENCE_TITLE = i18n.translate( - `${PLUGIN_ID}.category.${THREAT_INTELLIGENCE_ID}`, - { - defaultMessage: 'Threat Intelligence', - }, -); -export const THREAT_INTELLIGENCE_DESCRIPTION = i18n.translate( - `${PLUGIN_ID}.category.${THREAT_INTELLIGENCE_ID}.description`, - { - defaultMessage: - 'Collect and analyze information about potential threats to inform security decisions.', - }, -); - -export const ThreatIntelligenceApp = (_core: CoreSetup): App => ({ - id: THREAT_INTELLIGENCE_ID, - title: THREAT_INTELLIGENCE_TITLE, - category: CATEGORY, - mount: - async (_params: AppMountParameters) => - // TODO: Implement the threat intelligence application - () => {}, -}); From 2e83a0686cd371db21cecc79adc84e97c04b2378 Mon Sep 17 00:00:00 2001 From: Guido Modarelli Date: Mon, 3 Feb 2025 17:44:44 -0300 Subject: [PATCH 094/212] Refactor cloud security application import for improved clarity --- .../wazuh-analysis/public/groups/cloud-security/applications.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/plugins/wazuh-analysis/public/groups/cloud-security/applications.ts b/plugins/wazuh-analysis/public/groups/cloud-security/applications.ts index 09c4049a3c..9c000b5d1f 100644 --- a/plugins/wazuh-analysis/public/groups/cloud-security/applications.ts +++ b/plugins/wazuh-analysis/public/groups/cloud-security/applications.ts @@ -7,7 +7,7 @@ import { Subject } from 'rxjs'; import { i18n } from '@osd/i18n'; import { buildSubAppId } from '../../utils'; import { PLUGIN_ID } from '../../../common/constants'; -import { CLOUD_SECURITY_ID } from './cloud-security'; +import { CLOUD_SECURITY_ID } from '.'; export const DOCKER_ID = buildSubAppId(CLOUD_SECURITY_ID, 'docker'); export const AWS_ID = buildSubAppId(CLOUD_SECURITY_ID, 'aws'); From 3a02a6252a4f5f1e5a585efe4a305e742234fe02 Mon Sep 17 00:00:00 2001 From: Guido Modarelli Date: Mon, 3 Feb 2025 17:45:53 -0300 Subject: [PATCH 095/212] Refactor navigation groups by removing obsolete nav-groups file --- .../wazuh-analysis/public/groups/nav-groups.ts | 15 --------------- 1 file changed, 15 deletions(-) delete mode 100644 plugins/wazuh-analysis/public/groups/nav-groups.ts diff --git a/plugins/wazuh-analysis/public/groups/nav-groups.ts b/plugins/wazuh-analysis/public/groups/nav-groups.ts deleted file mode 100644 index 88df08ae98..0000000000 --- a/plugins/wazuh-analysis/public/groups/nav-groups.ts +++ /dev/null @@ -1,15 +0,0 @@ -import { ChromeNavGroup } from 'opensearch-dashboards/public'; -import { - THREAT_INTELLIGENCE_ID, - THREAT_INTELLIGENCE_TITLE, - THREAT_INTELLIGENCE_DESCRIPTION, -} from './threat-intelligence/threat-intelligence'; -import { GroupsId } from './types'; - -export const NAV_GROUPS = Object.freeze({ - [THREAT_INTELLIGENCE_ID]: { - id: THREAT_INTELLIGENCE_ID, - title: THREAT_INTELLIGENCE_TITLE, - description: THREAT_INTELLIGENCE_DESCRIPTION, - }, -} satisfies Partial>); From 783626d904785d805ba2d0420db8232d9c1167c7 Mon Sep 17 00:00:00 2001 From: Guido Modarelli Date: Mon, 3 Feb 2025 17:46:23 -0300 Subject: [PATCH 096/212] Refactor navigation groups to use generic types for improved type safety --- .../public/groups/cloud-security/index.ts | 2 +- .../public/groups/endpoint-security/index.ts | 2 +- .../groups/security-operations/index.ts | 93 ++++++++++--------- 3 files changed, 49 insertions(+), 48 deletions(-) diff --git a/plugins/wazuh-analysis/public/groups/cloud-security/index.ts b/plugins/wazuh-analysis/public/groups/cloud-security/index.ts index fb257feaff..1997c006e7 100644 --- a/plugins/wazuh-analysis/public/groups/cloud-security/index.ts +++ b/plugins/wazuh-analysis/public/groups/cloud-security/index.ts @@ -27,7 +27,7 @@ export const CLOUD_SECURITY_DESCRIPTION = i18n.translate( }, ); -export const CloudSecurityNavGroup: Group = { +export const CloudSecurityNavGroup: Group = { getId: () => CLOUD_SECURITY_ID, getTitle: () => CLOUD_SECURITY_TITLE, getDescription: () => CLOUD_SECURITY_DESCRIPTION, diff --git a/plugins/wazuh-analysis/public/groups/endpoint-security/index.ts b/plugins/wazuh-analysis/public/groups/endpoint-security/index.ts index cb38130fa9..569cbd5d4c 100644 --- a/plugins/wazuh-analysis/public/groups/endpoint-security/index.ts +++ b/plugins/wazuh-analysis/public/groups/endpoint-security/index.ts @@ -28,7 +28,7 @@ export const ENDPOINT_SECURITY_DESCRIPTION = i18n.translate( }, ); -export const EndpointSecurityNavGroup: Group = { +export const EndpointSecurityNavGroup: Group = { getId: () => ENDPOINT_SECURITY_ID, getTitle: () => ENDPOINT_SECURITY_TITLE, getDescription: () => ENDPOINT_SECURITY_DESCRIPTION, diff --git a/plugins/wazuh-analysis/public/groups/security-operations/index.ts b/plugins/wazuh-analysis/public/groups/security-operations/index.ts index d2c707c350..54e1fd9839 100644 --- a/plugins/wazuh-analysis/public/groups/security-operations/index.ts +++ b/plugins/wazuh-analysis/public/groups/security-operations/index.ts @@ -27,55 +27,56 @@ export const SECURITY_OPERATIONS_DESCRIPTION = i18n.translate( }, ); -export const SecurityOperationsNavGroup: Group = { - getId: () => SECURITY_OPERATIONS_ID, - getTitle: () => SECURITY_OPERATIONS_TITLE, - getDescription: () => SECURITY_OPERATIONS_DESCRIPTION, +export const SecurityOperationsNavGroup: Group = + { + getId: () => SECURITY_OPERATIONS_ID, + getTitle: () => SECURITY_OPERATIONS_TITLE, + getDescription: () => SECURITY_OPERATIONS_DESCRIPTION, - getNavGroup() { - return { - id: SECURITY_OPERATIONS_ID, - title: SECURITY_OPERATIONS_TITLE, - description: SECURITY_OPERATIONS_DESCRIPTION, - }; - }, + getNavGroup() { + return { + id: SECURITY_OPERATIONS_ID, + title: SECURITY_OPERATIONS_TITLE, + description: SECURITY_OPERATIONS_DESCRIPTION, + }; + }, - getAppGroup() { - return { - id: SECURITY_OPERATIONS_ID, - title: SECURITY_OPERATIONS_TITLE, - category: CATEGORY, - mount: - async (_params: AppMountParameters) => - // TODO: Implement the security operations application - () => {}, - }; - }, + getAppGroup() { + return { + id: SECURITY_OPERATIONS_ID, + title: SECURITY_OPERATIONS_TITLE, + category: CATEGORY, + mount: + async (_params: AppMountParameters) => + // TODO: Implement the security operations application + () => {}, + }; + }, - getGroupNavLink(): ChromeRegistrationNavLink { - return { - id: SECURITY_OPERATIONS_ID, - title: SECURITY_OPERATIONS_TITLE, - order: 0, - category: CATEGORY, - }; - }, + getGroupNavLink(): ChromeRegistrationNavLink { + return { + id: SECURITY_OPERATIONS_ID, + title: SECURITY_OPERATIONS_TITLE, + order: 0, + category: CATEGORY, + }; + }, - getAppsNavLinks(): ChromeRegistrationNavLink[] { - return getSecurityOperationsApps().map(app => ({ - id: app.id, - title: app.title, - })); - }, + getAppsNavLinks(): ChromeRegistrationNavLink[] { + return getSecurityOperationsApps().map(app => ({ + id: app.id, + title: app.title, + })); + }, - getApps(updater$: Subject): App[] { - return getSecurityOperationsApps(updater$); - }, + getApps(updater$: Subject): App[] { + return getSecurityOperationsApps(updater$); + }, - addNavLinks(core: CoreSetup): void { - core.chrome.navGroup.addNavLinksToGroup( - SecurityOperationsNavGroup.getNavGroup(), - SecurityOperationsNavGroup.getAppsNavLinks(), - ); - }, -}; + addNavLinks(core: CoreSetup): void { + core.chrome.navGroup.addNavLinksToGroup( + SecurityOperationsNavGroup.getNavGroup(), + SecurityOperationsNavGroup.getAppsNavLinks(), + ); + }, + }; From 62ab753de9e77eb2bf16c35186900ae54b32d43c Mon Sep 17 00:00:00 2001 From: Guido Modarelli Date: Mon, 3 Feb 2025 17:46:59 -0300 Subject: [PATCH 097/212] Refactor AnalysisPlugin to use nav group classes for improved organization and clarity --- plugins/wazuh-analysis/public/plugin.ts | 126 ++++++------------------ 1 file changed, 31 insertions(+), 95 deletions(-) diff --git a/plugins/wazuh-analysis/public/plugin.ts b/plugins/wazuh-analysis/public/plugin.ts index fe3a385008..5f3bc1c028 100644 --- a/plugins/wazuh-analysis/public/plugin.ts +++ b/plugins/wazuh-analysis/public/plugin.ts @@ -3,42 +3,18 @@ import { AppNavLinkStatus, CoreSetup, CoreStart, - Plugin, DEFAULT_NAV_GROUPS, + Plugin, } from '../../../src/core/public'; import { NavigationPublicPluginStart } from '../../../src/plugins/navigation/public'; -import { AnalysisSetup, AnalysisStart } from './types'; -import { CATEGORY } from './groups/category'; import { searchPages } from './components/global_search/search-pages-command'; -import { - THREAT_INTELLIGENCE_ID, - THREAT_INTELLIGENCE_TITLE, - ThreatIntelligenceApp, -} from './groups/threat-intelligence/threat-intelligence'; -import { - SECURITY_OPERATIONS_ID, - SecurityOperationsNavGroup, -} from './groups/security-operations'; -import { NAV_GROUPS } from './groups/nav-groups'; -import { - getThreatIntelligenceApps, - MITRE_ATTACK_ID, - MITRE_ATTACK_TITLE, - THREAT_HUNTING_ID, - THREAT_HUNTING_TITLE, - VULNERABILITY_DETECTION_ID, - VULNERABILITY_DETECTION_TITLE, -} from './groups/threat-intelligence/applications'; -import { GroupsId } from './groups/types'; +import { CloudSecurityNavGroup } from './groups/cloud-security'; +import { EndpointSecurityNavGroup } from './groups/endpoint-security'; +import { SecurityOperationsNavGroup } from './groups/security-operations'; +import { ThreatIntelligenceNavGroup } from './groups/threat-intelligence'; +import { Group, GroupsId } from './groups/types'; import { ApplicationService } from './services/application.service'; -import { - ENDPOINT_SECURITY_ID, - EndpointSecurityNavGroup, -} from './groups/endpoint-security'; -import { - CLOUD_SECURITY_ID, - CloudSecurityNavGroup, -} from './groups/cloud-security'; +import { AnalysisSetup, AnalysisStart } from './types'; interface AnalysisSetupDependencies {} @@ -64,26 +40,23 @@ export class AnalysisPlugin { private readonly applicationService = new ApplicationService(); private coreStart?: CoreStart; - private readonly navGroupsIds: GroupsId[] = [ - ENDPOINT_SECURITY_ID, - THREAT_INTELLIGENCE_ID, - SECURITY_OPERATIONS_ID, - CLOUD_SECURITY_ID, + private readonly navGroups: Group[] = [ + EndpointSecurityNavGroup, + ThreatIntelligenceNavGroup, + SecurityOperationsNavGroup, + CloudSecurityNavGroup, ]; constructor() { - for (const navGroupId of this.navGroupsIds) { - this.applicationService.registerAppUpdater(navGroupId); + for (const navGroup of this.navGroups) { + this.applicationService.registerAppUpdater(navGroup.getId()); } } private registerApps(core: CoreSetup) { - const applications: App[] = [ - EndpointSecurityNavGroup.getAppGroup(), - ThreatIntelligenceApp(core), - SecurityOperationsNavGroup.getAppGroup(), - CloudSecurityNavGroup.getAppGroup(), - ]; + const applications: App[] = this.navGroups.map(navGroup => + navGroup.getAppGroup(), + ); this.applicationService.initializeNavGroupMounts(applications, core, { prepareApp: setNavLinkVisible, @@ -103,20 +76,14 @@ export class AnalysisPlugin }); } - const subApps: Partial> = { - [ENDPOINT_SECURITY_ID]: EndpointSecurityNavGroup.getApps( - this.applicationService.getAppUpdater(ENDPOINT_SECURITY_ID), - ), - [THREAT_INTELLIGENCE_ID]: getThreatIntelligenceApps( - this.applicationService.getAppUpdater(THREAT_INTELLIGENCE_ID), - ), - [SECURITY_OPERATIONS_ID]: SecurityOperationsNavGroup.getApps( - this.applicationService.getAppUpdater(SECURITY_OPERATIONS_ID), - ), - [CLOUD_SECURITY_ID]: CloudSecurityNavGroup.getApps( - this.applicationService.getAppUpdater(CLOUD_SECURITY_ID), - ), - }; + const subApps: Partial> = Object.fromEntries( + this.navGroups.map(navGroup => [ + navGroup.getId(), + navGroup.getApps( + this.applicationService.getAppUpdater(navGroup.getId()), + ), + ]), + ); for (const apps of Object.values(subApps)) { this.applicationService.initializeSubApplicationMounts(apps, core, { @@ -127,43 +94,12 @@ export class AnalysisPlugin } private registerNavGroups(core: CoreSetup) { - EndpointSecurityNavGroup.addNavLinks(core); - - core.chrome.navGroup.addNavLinksToGroup( - NAV_GROUPS[THREAT_INTELLIGENCE_ID], - [ - { - // Threat hunting - id: THREAT_HUNTING_ID, - title: THREAT_HUNTING_TITLE, - }, - { - // Vulnerability detection - id: VULNERABILITY_DETECTION_ID, - title: VULNERABILITY_DETECTION_TITLE, - }, - { - // MITRE ATT&CK - id: MITRE_ATTACK_ID, - title: MITRE_ATTACK_TITLE, - }, - ], - ); - - SecurityOperationsNavGroup.addNavLinks(core); - CloudSecurityNavGroup.addNavLinks(core); - - core.chrome.navGroup.addNavLinksToGroup(DEFAULT_NAV_GROUPS.all, [ - EndpointSecurityNavGroup.getGroupNavLink(), - { - id: THREAT_INTELLIGENCE_ID, - title: THREAT_INTELLIGENCE_TITLE, - order: 1, - category: CATEGORY, - }, - SecurityOperationsNavGroup.getGroupNavLink(), - CloudSecurityNavGroup.getGroupNavLink(), - ]); + for (const navGroup of this.navGroups) { + navGroup.addNavLinks(core); + core.chrome.navGroup.addNavLinksToGroup(DEFAULT_NAV_GROUPS.all, [ + navGroup.getGroupNavLink(), + ]); + } } public setup( From b302ac091eee2dc4f1bdde241bf36394890c2fff Mon Sep 17 00:00:00 2001 From: Guido Modarelli Date: Mon, 3 Feb 2025 18:04:52 -0300 Subject: [PATCH 098/212] Refactor AnalysisPlugin to simplify subApps initialization by removing unnecessary object mapping --- plugins/wazuh-analysis/public/plugin.ts | 11 +++-------- 1 file changed, 3 insertions(+), 8 deletions(-) diff --git a/plugins/wazuh-analysis/public/plugin.ts b/plugins/wazuh-analysis/public/plugin.ts index 5f3bc1c028..53e76a86d4 100644 --- a/plugins/wazuh-analysis/public/plugin.ts +++ b/plugins/wazuh-analysis/public/plugin.ts @@ -76,16 +76,11 @@ export class AnalysisPlugin }); } - const subApps: Partial> = Object.fromEntries( - this.navGroups.map(navGroup => [ - navGroup.getId(), - navGroup.getApps( - this.applicationService.getAppUpdater(navGroup.getId()), - ), - ]), + const subApps: App[] = this.navGroups.map(navGroup => + navGroup.getApps(this.applicationService.getAppUpdater(navGroup.getId())), ); - for (const apps of Object.values(subApps)) { + for (const apps of subApps) { this.applicationService.initializeSubApplicationMounts(apps, core, { prepareApp: setNavLinkVisible, teardownApp: setNavLinkHidden, From 884ebe430ee39e7e3ab0aaee653a00cb63cc06dc Mon Sep 17 00:00:00 2001 From: Guido Modarelli Date: Tue, 4 Feb 2025 10:25:28 -0300 Subject: [PATCH 099/212] Refactor AnalysisPlugin and ApplicationService to streamline nav link visibility management by consolidating related functions and simplifying initialization logic --- plugins/wazuh-analysis/public/plugin.ts | 22 ++------------- .../public/services/application.service.ts | 28 +++++++++++++++---- 2 files changed, 25 insertions(+), 25 deletions(-) diff --git a/plugins/wazuh-analysis/public/plugin.ts b/plugins/wazuh-analysis/public/plugin.ts index 53e76a86d4..15f39307e2 100644 --- a/plugins/wazuh-analysis/public/plugin.ts +++ b/plugins/wazuh-analysis/public/plugin.ts @@ -1,6 +1,5 @@ import { App, - AppNavLinkStatus, CoreSetup, CoreStart, DEFAULT_NAV_GROUPS, @@ -22,18 +21,6 @@ interface AnalysisStartDependencies { navigation: NavigationPublicPluginStart; } -function setNavLinkVisible(): Partial { - return { - navLinkStatus: AppNavLinkStatus.visible, - }; -} - -function setNavLinkHidden(): Partial { - return { - navLinkStatus: AppNavLinkStatus.hidden, - }; -} - export class AnalysisPlugin implements Plugin @@ -58,9 +45,7 @@ export class AnalysisPlugin navGroup.getAppGroup(), ); - this.applicationService.initializeNavGroupMounts(applications, core, { - prepareApp: setNavLinkVisible, - }); + this.applicationService.initializeNavGroupMounts(applications, core); if (core.chrome.navGroup.getNavGroupEnabled()) { core.chrome.globalSearch.registerSearchCommand({ @@ -81,10 +66,7 @@ export class AnalysisPlugin ); for (const apps of subApps) { - this.applicationService.initializeSubApplicationMounts(apps, core, { - prepareApp: setNavLinkVisible, - teardownApp: setNavLinkHidden, - }); + this.applicationService.initializeSubApplicationMounts(apps, core); } } diff --git a/plugins/wazuh-analysis/public/services/application.service.ts b/plugins/wazuh-analysis/public/services/application.service.ts index 2e11aa636d..28629d73f7 100644 --- a/plugins/wazuh-analysis/public/services/application.service.ts +++ b/plugins/wazuh-analysis/public/services/application.service.ts @@ -2,6 +2,7 @@ import { App, AppMount, AppMountParameters, + AppNavLinkStatus, AppUpdater, CoreSetup, CoreStart, @@ -58,17 +59,31 @@ export class ApplicationService { return this.appUpdater$[appId]; } + private setNavLinkVisible(): Partial { + return { + navLinkStatus: AppNavLinkStatus.visible, + }; + } + + private setNavLinkHidden(): Partial { + return { + navLinkStatus: AppNavLinkStatus.hidden, + }; + } + initializeNavGroupMounts( apps: App[], core: CoreSetup, - appOperations: AppOperations, + appOperations?: AppOperations, ) { + const prepareApp = appOperations?.prepareApp ?? this.setNavLinkVisible; + for (const app of apps) { const mount = app.mount.bind(app) as AppMount; app.mount = async (params: AppMountParameters) => { if (core.chrome.navGroup.getNavGroupEnabled()) { - this.getAppUpdater(app.id).next(appOperations.prepareApp); + this.getAppUpdater(app.id).next(prepareApp); this.appStartup$.next(app.id); } @@ -82,21 +97,24 @@ export class ApplicationService { initializeSubApplicationMounts( apps: App[], core: CoreSetup, - appOperations: AppOperations, + appOperations?: AppOperations, ) { + const prepareApp = appOperations?.prepareApp ?? this.setNavLinkVisible; + const teardownApp = appOperations?.teardownApp ?? this.setNavLinkHidden; + for (const app of apps) { const mount = app.mount.bind(app) as AppMount; app.mount = async (params: AppMountParameters) => { if (core.chrome.navGroup.getNavGroupEnabled()) { - this.getAppUpdater(app.id).next(appOperations.prepareApp); + this.getAppUpdater(app.id).next(prepareApp); } const unmount = await mount(params); return () => { if (core.chrome.navGroup.getNavGroupEnabled()) { - this.getAppUpdater(app.id).next(appOperations.teardownApp); + this.getAppUpdater(app.id).next(teardownApp); } unmount(); From 92b776864c670bbb7bea75fbdd565ecadc414656 Mon Sep 17 00:00:00 2001 From: Guido Modarelli Date: Tue, 4 Feb 2025 10:37:07 -0300 Subject: [PATCH 100/212] Refactor AnalysisPlugin to change subApps type from App[] to App[][] for improved type clarity --- plugins/wazuh-analysis/public/plugin.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/plugins/wazuh-analysis/public/plugin.ts b/plugins/wazuh-analysis/public/plugin.ts index 15f39307e2..d8bf9e9989 100644 --- a/plugins/wazuh-analysis/public/plugin.ts +++ b/plugins/wazuh-analysis/public/plugin.ts @@ -61,7 +61,7 @@ export class AnalysisPlugin }); } - const subApps: App[] = this.navGroups.map(navGroup => + const subApps: App[][] = this.navGroups.map(navGroup => navGroup.getApps(this.applicationService.getAppUpdater(navGroup.getId())), ); From 2187cff321f51a24a0a090a5a489f8a84aef66d7 Mon Sep 17 00:00:00 2001 From: Guido Modarelli Date: Tue, 4 Feb 2025 11:06:24 -0300 Subject: [PATCH 101/212] Refactor ApplicationService to encapsulate navigation logic in navigateToFirstAppInNavGroup method for improved clarity and maintainability --- .../public/services/application.service.ts | 34 ++++++++++++++++--- 1 file changed, 29 insertions(+), 5 deletions(-) diff --git a/plugins/wazuh-analysis/public/services/application.service.ts b/plugins/wazuh-analysis/public/services/application.service.ts index 28629d73f7..201dc5741a 100644 --- a/plugins/wazuh-analysis/public/services/application.service.ts +++ b/plugins/wazuh-analysis/public/services/application.service.ts @@ -9,10 +9,8 @@ import { } from 'opensearch-dashboards/public'; import { Subject } from 'rxjs'; import { i18n } from '@osd/i18n'; -import { - getCurrentNavGroup, - navigateToFirstAppInNavGroup, -} from '../utils/nav-group'; +import { getCurrentNavGroup } from '../utils/nav-group'; +import { NavGroupItemInMap } from '../../../../src/core/public'; class AppUpdaterNotFoundError extends Error { constructor(appId: string) { @@ -135,9 +133,35 @@ export class ApplicationService { const currentNavGroup = await getCurrentNavGroup(core); - navigateToFirstAppInNavGroup(core, currentNavGroup); + this.navigateToFirstAppInNavGroup(core, currentNavGroup); } }, }); } + + /** + * This function navigates to the first app in a specified navigation group if + * it exists. + * @param {CoreStart} core - This parameter is an object that provides access + * to core services in Kibana, such as application navigation, HTTP requests, + * and more. It is typically provided by the Kibana platform to plugins and + * can be used to interact with various functionalities within the Kibana + * application. + * @param {NavGroupItemInMap | undefined} navGroup - This parameter is + * expected to be an object that represents a navigation group item in a map. + * It should have a property `navLinks` which is an array of navigation links. + * Each navigation link in the `navLinks` array should have an `id` property + * that represents the ID + */ + async navigateToFirstAppInNavGroup( + core: CoreStart, + navGroup: NavGroupItemInMap | undefined, + ) { + // Get the first nav item, if it exists navigate to the app + const firstNavItem = navGroup?.navLinks[0]; + + if (firstNavItem?.id) { + core.application.navigateToApp(firstNavItem.id); + } + } } From dc66174120a106d89074f0010b1332a4a6ee1abc Mon Sep 17 00:00:00 2001 From: Guido Modarelli Date: Tue, 4 Feb 2025 11:07:09 -0300 Subject: [PATCH 102/212] Refactor ApplicationService to enhance documentation with detailed JSDoc comments for improved code clarity and maintainability --- .../public/services/application.service.ts | 74 +++++++++++++++++++ 1 file changed, 74 insertions(+) diff --git a/plugins/wazuh-analysis/public/services/application.service.ts b/plugins/wazuh-analysis/public/services/application.service.ts index 201dc5741a..9b2c3f33e0 100644 --- a/plugins/wazuh-analysis/public/services/application.service.ts +++ b/plugins/wazuh-analysis/public/services/application.service.ts @@ -45,10 +45,28 @@ export class ApplicationService { return `${parentAppId}_${encodeURIComponent(`/${subAppId}`)}`; } + /** + * This function creates a new Subject for a specific application updater + * identified by its `appId`. + * @param {string} appId - This parameter is a string that represents the + * unique identifier of the application for which you want to register an app + * updater. + */ registerAppUpdater(appId: string) { this.appUpdater$[appId] = new Subject(); } + /** + * This function retrieves the app updater for a specific app ID, throwing an + * error if the updater is not found. + * @param {string} appId - This function is used to retrieve an app updater + * based on the provided `appId`. If the app updater for the specified `appId` + * does not exist, it throws an `AppUpdaterNotFoundError` with the `appId` + * @returns This function is returning the app updater object associated with + * the provided `appId`. If the app updater object does not exist for the + * given `appId`, it will throw an `AppUpdaterNotFoundError` with the `appId` + * that was passed as an argument. + */ getAppUpdater(appId: string) { if (!this.appUpdater$[appId]) { throw new AppUpdaterNotFoundError(appId); @@ -57,18 +75,47 @@ export class ApplicationService { return this.appUpdater$[appId]; } + /** + * This function returns an object with the `navLinkStatus` property set to + * `visible` for an App object. + * @returns A partial object of the App interface is being returned with the + * property `navLinkStatus` set to `AppNavLinkStatus.visible`. + */ private setNavLinkVisible(): Partial { return { navLinkStatus: AppNavLinkStatus.visible, }; } + /** + * This function returns an object with the `navLinkStatus` property set to + * `hidden` for an App object. + * @returns A partial object of the App interface is being returned with the + * navLinkStatus property set to AppNavLinkStatus.hidden. + */ private setNavLinkHidden(): Partial { return { navLinkStatus: AppNavLinkStatus.hidden, }; } + /** + * The function initializes navigation group mounts for a list of apps in a + * TypeScript codebase. + * @param {App[]} apps - This parameter is an array of objects representing + * different applications. Each object contains information about a specific + * app, such as its ID, name, and mount function. + * @param {CoreSetup} core - This parameter is used to access core + * functionalities and services provided by the application framework. This + * parameter is typically used to register applications, access the Chrome + * service for navigation group settings, and perform other core setup + * @param {AppOperations} [appOperations] - This parameter is an optional + * object that contains two properties: `beforeMount` and `cleanup`. These + * properties are functions that are executed before and after mounting each + * application, respectively. The `beforeMount` function is used to prepare + * the application for mounting, while the `cleanup` function is used to clean + * up the application after it has been unmounted. + */ initializeNavGroupMounts( apps: App[], core: CoreSetup, @@ -92,6 +139,24 @@ export class ApplicationService { } } + /** + * The function initializes mounts for multiple sub applications, allowing for + * preparation (beforeMount) and cleanup operations to be executed before and + * after * mounting each application. + * @param {App[]} apps - This parameter is an array of objects representing + * different applications. Each object contains information about a specific + * app, such as its ID, name, and mount function. + * @param {CoreSetup} core - This parameter in the is used to access core + * services and functionalities provided by the application framework. This + * parameter is typically used to register applications, access the Chrome + * service for UI components, and perform other core setup tasks + * @param {AppOperations} [appOperations] - This parameter is an optional + * object that contains two properties: `beforeMount` and `cleanup`. These + * properties are functions that are executed before and after mounting each + * application, respectively. The `beforeMount` function is used to prepare + * the application for mounting, while the `cleanup` function is used to clean + * up the application after it has been unmounted. + */ initializeSubApplicationMounts( apps: App[], core: CoreSetup, @@ -125,6 +190,15 @@ export class ApplicationService { } } + /** + * The function subscribes to an observable `appStartup$` and performs certain + * actions based on the received data. + * @param {CoreStart} core - This parameter is an object that provides access + * to various services and functionalities within the application. It is + * typically passed in as a parameter to allow the function to interact with + * the application's core services, such as navigation, UI components, data + * fetching, and more. + */ onAppStartupSubscribe(core: CoreStart) { this.appStartup$.subscribe({ next: async (navGroupId: string) => { From a563860d1077d03bd68fb9e865901869736e913f Mon Sep 17 00:00:00 2001 From: Guido Modarelli Date: Tue, 4 Feb 2025 11:07:33 -0300 Subject: [PATCH 103/212] Refactor nav-group utility to remove navigateToFirstAppInNavGroup function and introduce getCurrentNavGroup for improved navigation handling --- .../wazuh-analysis/public/utils/nav-group.ts | 27 +------------------ 1 file changed, 1 insertion(+), 26 deletions(-) diff --git a/plugins/wazuh-analysis/public/utils/nav-group.ts b/plugins/wazuh-analysis/public/utils/nav-group.ts index aedddc388d..062d4f5480 100644 --- a/plugins/wazuh-analysis/public/utils/nav-group.ts +++ b/plugins/wazuh-analysis/public/utils/nav-group.ts @@ -1,30 +1,5 @@ import { first } from 'rxjs/operators'; -import { CoreStart, NavGroupItemInMap } from '../../../../src/core/public'; - -/** - * The function `navigateToFirstAppInNavGroup` navigates to the first app in a - * specified navigation group if it exists. - * @param {CoreStart} core - The `core` parameter is an object that provides access - * to core services in Kibana, such as application navigation, HTTP requests, and - * more. It is typically provided by the Kibana platform to plugins and can be used - * to interact with various functionalities within the Kibana application. - * @param {NavGroupItemInMap | undefined} navGroup - The `navGroup` parameter is - * expected to be an object that represents a navigation group item in a map. It - * should have a property `navLinks` which is an array of navigation links. Each - * navigation link in the `navLinks` array should have an `id` property that - * represents the ID - */ -export async function navigateToFirstAppInNavGroup( - core: CoreStart, - navGroup: NavGroupItemInMap | undefined, -) { - // Get the first nav item, if it exists navigate to the app - const firstNavItem = navGroup?.navLinks[0]; - - if (firstNavItem?.id) { - core.application.navigateToApp(firstNavItem.id); - } -} +import { CoreStart } from '../../../../src/core/public'; export async function getCurrentNavGroup(core: CoreStart) { return core.chrome.navGroup.getCurrentNavGroup$().pipe(first()).toPromise(); From ef24122db15e11e5459ff4a29e5c6bbc98839933 Mon Sep 17 00:00:00 2001 From: Guido Modarelli Date: Tue, 4 Feb 2025 11:08:07 -0300 Subject: [PATCH 104/212] Refactor ApplicationService to enhance unmount logic for improved resource cleanup during application lifecycle --- .../public/services/application.service.ts | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/plugins/wazuh-analysis/public/services/application.service.ts b/plugins/wazuh-analysis/public/services/application.service.ts index 9b2c3f33e0..a7ea6b3d8b 100644 --- a/plugins/wazuh-analysis/public/services/application.service.ts +++ b/plugins/wazuh-analysis/public/services/application.service.ts @@ -132,7 +132,17 @@ export class ApplicationService { this.appStartup$.next(app.id); } - return await mount(params); + const unmount = await mount(params); + + return () => { + if (core.chrome.navGroup.getNavGroupEnabled()) { + this.getAppUpdater(app.id).next(appOperations?.cleanup); + } + + unmount(); + + return true; + }; }; core.application.register(app); From f789b0a8d872cfee1169f1fb95798fd8677d0af8 Mon Sep 17 00:00:00 2001 From: Guido Modarelli Date: Tue, 4 Feb 2025 11:08:25 -0300 Subject: [PATCH 105/212] Refactor ApplicationService to rename appOperations methods for improved clarity and consistency in lifecycle management --- .../public/services/application.service.ts | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/plugins/wazuh-analysis/public/services/application.service.ts b/plugins/wazuh-analysis/public/services/application.service.ts index a7ea6b3d8b..6cbe1c91f3 100644 --- a/plugins/wazuh-analysis/public/services/application.service.ts +++ b/plugins/wazuh-analysis/public/services/application.service.ts @@ -24,8 +24,8 @@ class AppUpdaterNotFoundError extends Error { } interface AppOperations { - prepareApp?: () => Partial; - teardownApp?: () => Partial; + beforeMount?: () => Partial; + cleanup?: () => Partial; } export class ApplicationService { @@ -121,14 +121,14 @@ export class ApplicationService { core: CoreSetup, appOperations?: AppOperations, ) { - const prepareApp = appOperations?.prepareApp ?? this.setNavLinkVisible; + const beforeMount = appOperations?.beforeMount ?? this.setNavLinkVisible; for (const app of apps) { const mount = app.mount.bind(app) as AppMount; app.mount = async (params: AppMountParameters) => { if (core.chrome.navGroup.getNavGroupEnabled()) { - this.getAppUpdater(app.id).next(prepareApp); + this.getAppUpdater(app.id).next(beforeMount); this.appStartup$.next(app.id); } @@ -172,22 +172,22 @@ export class ApplicationService { core: CoreSetup, appOperations?: AppOperations, ) { - const prepareApp = appOperations?.prepareApp ?? this.setNavLinkVisible; - const teardownApp = appOperations?.teardownApp ?? this.setNavLinkHidden; + const beforeMount = appOperations?.beforeMount ?? this.setNavLinkVisible; + const cleanup = appOperations?.cleanup ?? this.setNavLinkHidden; for (const app of apps) { const mount = app.mount.bind(app) as AppMount; app.mount = async (params: AppMountParameters) => { if (core.chrome.navGroup.getNavGroupEnabled()) { - this.getAppUpdater(app.id).next(prepareApp); + this.getAppUpdater(app.id).next(beforeMount); } const unmount = await mount(params); return () => { if (core.chrome.navGroup.getNavGroupEnabled()) { - this.getAppUpdater(app.id).next(teardownApp); + this.getAppUpdater(app.id).next(cleanup); } unmount(); From 382fdc4b4dc451dcddc0f7ca9ca176b919a1bef3 Mon Sep 17 00:00:00 2001 From: Guido Modarelli Date: Tue, 4 Feb 2025 11:28:17 -0300 Subject: [PATCH 106/212] Refactor AnalysisPlugin to move app updater registration to the start method for improved initialization flow --- plugins/wazuh-analysis/public/plugin.ts | 10 ++++------ 1 file changed, 4 insertions(+), 6 deletions(-) diff --git a/plugins/wazuh-analysis/public/plugin.ts b/plugins/wazuh-analysis/public/plugin.ts index d8bf9e9989..b8b349ae3a 100644 --- a/plugins/wazuh-analysis/public/plugin.ts +++ b/plugins/wazuh-analysis/public/plugin.ts @@ -34,12 +34,6 @@ export class AnalysisPlugin CloudSecurityNavGroup, ]; - constructor() { - for (const navGroup of this.navGroups) { - this.applicationService.registerAppUpdater(navGroup.getId()); - } - } - private registerApps(core: CoreSetup) { const applications: App[] = this.navGroups.map(navGroup => navGroup.getAppGroup(), @@ -85,6 +79,10 @@ export class AnalysisPlugin ): AnalysisSetup | Promise { console.debug('AnalysisPlugin started'); + for (const navGroup of this.navGroups) { + this.applicationService.registerAppUpdater(navGroup.getId()); + } + this.registerApps(core); this.registerNavGroups(core); From 04858477d44e90cb7e165973b877ac383c6c60cc Mon Sep 17 00:00:00 2001 From: Guido Modarelli Date: Tue, 4 Feb 2025 13:02:41 -0300 Subject: [PATCH 107/212] Refactor DashboardSecurityService types to enhance typing for higher type safety and add optional token property --- .../wazuh-core/public/services/dashboard-security/types.ts | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/plugins/wazuh-core/public/services/dashboard-security/types.ts b/plugins/wazuh-core/public/services/dashboard-security/types.ts index 0239b78b09..da6e8996e8 100644 --- a/plugins/wazuh-core/public/services/dashboard-security/types.ts +++ b/plugins/wazuh-core/public/services/dashboard-security/types.ts @@ -5,6 +5,7 @@ import { WAZUH_SECURITY_PLUGIN_OPENSEARCH_DASHBOARDS_SECURITY } from '../../../c export interface DashboardSecurityServiceAccount { administrator: boolean; administrator_requirements: string | null; + token?: string; } export interface DashboardSecurityServiceSetupReturn { @@ -16,13 +17,12 @@ export interface DashboardSecurityServiceSetupReturn { useDashboardSecurityIsAdmin: () => boolean; }; hocs: { - // FIXME: enhance typing withDashboardSecurityAccount: ( WrappedComponent: React.ElementType, - ) => (props: any) => React.ElementRef; + ) => (props: any) => React.ElementRef; withDashboardSecurityAccountAdmin: ( WrappedComponent: React.ElementType, - ) => (props: any) => React.ElementRef; + ) => (props: any) => React.ElementRef; }; } From 2966c2400373cb3720796486edbd334647d085fe Mon Sep 17 00:00:00 2001 From: Guido Modarelli Date: Tue, 4 Feb 2025 13:03:28 -0300 Subject: [PATCH 108/212] Refactor DashboardSecurityService to improve type safety and error handling, and enhance localization for user role messages --- .../dashboard-security/dashboard-security.ts | 37 +++++++++++-------- 1 file changed, 22 insertions(+), 15 deletions(-) diff --git a/plugins/wazuh-core/public/services/dashboard-security/dashboard-security.ts b/plugins/wazuh-core/public/services/dashboard-security/dashboard-security.ts index 3ac207a9c4..c0cba3afaf 100644 --- a/plugins/wazuh-core/public/services/dashboard-security/dashboard-security.ts +++ b/plugins/wazuh-core/public/services/dashboard-security/dashboard-security.ts @@ -1,6 +1,7 @@ import { BehaviorSubject } from 'rxjs'; import jwtDecode from 'jwt-decode'; -import { Logger } from '../../../common/services/configuration'; +import { Logger } from '@osd/logging'; +import { i18n } from '@osd/i18n'; import { WAZUH_ROLE_ADMINISTRATOR_ID } from '../../../common/constants'; import { createDashboardSecurityHooks } from './ui/hooks/creator'; import { createDashboardSecurityHOCs } from './ui/hocs/creator'; @@ -12,20 +13,20 @@ import { } from './types'; export class DashboardSecurity implements DashboardSecurityService { - private _securityPlatform = ''; + private _securityPlatform: DashboardSecurityService['securityPlatform'] = ''; public account$: BehaviorSubject; constructor( private readonly logger: Logger, private readonly http: { get: (path: string) => any }, ) { - this.account$ = new BehaviorSubject({ + this.account$ = new BehaviorSubject({ administrator: false, administrator_requirements: null, }); } - get securityPlatform() { + get securityPlatform(): DashboardSecurityService['securityPlatform'] { return this._securityPlatform; } @@ -41,7 +42,7 @@ export class DashboardSecurity implements DashboardSecurityService { this.logger.debug(`Security platform: ${this._securityPlatform}`); return this.securityPlatform; - } catch (error) { + } catch (error: any) { this.logger.error(error.message); throw error; } @@ -71,7 +72,7 @@ export class DashboardSecurity implements DashboardSecurityService { hocs = createDashboardSecurityHOCs(hooks); this.logger.debug('Created HOCs'); this.logger.debug('Created the UI utilities'); - } catch (error) { + } catch (error: any) { this.logger.error(`Error creating the UI utilities: ${error.message}`); throw error; } @@ -79,14 +80,14 @@ export class DashboardSecurity implements DashboardSecurityService { try { this.logger.debug('Getting security platform'); await this.fetchCurrentPlatform(); - } catch (error) { + } catch (error: any) { this.logger.error( `Error fetching the current platform: ${error.message}`, ); } // Update the dashboard security account information based on server API token - updateData$.subscribe(({ token }: { token: string }) => { + updateData$.subscribe(({ token }) => { const jwtPayload: { rbac_roles?: number[]; } | null = token ? jwtDecode(token) : null; @@ -104,18 +105,24 @@ export class DashboardSecurity implements DashboardSecurityService { async stop() {} - private getAccountFromJWTAPIDecodedToken(decodedToken: { - rbac_roles?: number[]; - }) { - const isAdministrator = decodedToken?.rbac_roles?.some?.( - role => role === WAZUH_ROLE_ADMINISTRATOR_ID, - ); + private getAccountFromJWTAPIDecodedToken( + decodedToken: { + rbac_roles?: number[]; + } | null, + ) { + const isAdministrator = + decodedToken?.rbac_roles?.some?.( + role => role === WAZUH_ROLE_ADMINISTRATOR_ID, + ) ?? false; return { administrator: isAdministrator, administrator_requirements: isAdministrator ? null - : 'User has no administrator role in the selected API connection.', + : i18n.translate('wazuh.security.no_admin_role', { + defaultMessage: + 'User has no administrator role in the selected API connection.', + }), }; } } From ac4ac01ee958f697febd194dd803b7d1b5b04070 Mon Sep 17 00:00:00 2001 From: Guido Modarelli Date: Tue, 4 Feb 2025 13:03:49 -0300 Subject: [PATCH 109/212] Refactor LifecycleService to make dependency parameters optional for improved flexibility --- plugins/wazuh-core/public/services/types.ts | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/plugins/wazuh-core/public/services/types.ts b/plugins/wazuh-core/public/services/types.ts index 75147d110f..1cb50b0598 100644 --- a/plugins/wazuh-core/public/services/types.ts +++ b/plugins/wazuh-core/public/services/types.ts @@ -6,7 +6,7 @@ export interface LifecycleService< StopDeps = any, StopReturn = any, > { - setup: (deps: SetupDeps) => SetupReturn; - start: (deps: StartDeps) => StartReturn; - stop: (deps: StopDeps) => StopReturn; + setup: (deps?: SetupDeps) => SetupReturn; + start: (deps?: StartDeps) => StartReturn; + stop: (deps?: StopDeps) => StopReturn; } From 68de57833b29d29ffe9f8dc941322d58e1a83ed6 Mon Sep 17 00:00:00 2001 From: Guido Modarelli Date: Tue, 4 Feb 2025 13:04:41 -0300 Subject: [PATCH 110/212] Add NoopLogger implementation for logging interface compliance --- .../wazuh-core/common/logger/noop-logger.ts | 37 +++++++++++++++++++ 1 file changed, 37 insertions(+) create mode 100644 plugins/wazuh-core/common/logger/noop-logger.ts diff --git a/plugins/wazuh-core/common/logger/noop-logger.ts b/plugins/wazuh-core/common/logger/noop-logger.ts new file mode 100644 index 0000000000..3165be918a --- /dev/null +++ b/plugins/wazuh-core/common/logger/noop-logger.ts @@ -0,0 +1,37 @@ +import { Logger, LogMeta, LogRecord } from '@osd/logging'; + +const noop = () => {}; + +export class NoopLogger implements Logger { + info(_message: string): void { + return noop(); + } + + error(_message: string): void { + return noop(); + } + + debug(_message: string): void { + return noop(); + } + + warn(_message: string): void { + return noop(); + } + + trace(_message: string, _meta?: LogMeta): void { + return noop(); + } + + fatal(_errorOrMessage: string | Error, _meta?: LogMeta): void { + return noop(); + } + + log(_record: LogRecord): void { + return noop(); + } + + get(..._childContextPaths: string[]): Logger { + return this; + } +} From 9e0f53c83935ac4ac87fa3974116b51e11ae0f76 Mon Sep 17 00:00:00 2001 From: Guido Modarelli Date: Tue, 4 Feb 2025 14:16:48 -0300 Subject: [PATCH 111/212] Add logging to ApplicationService for improved debugging and traceability --- .../public/services/application.service.ts | 27 +++++++++++++++++++ 1 file changed, 27 insertions(+) diff --git a/plugins/wazuh-analysis/public/services/application.service.ts b/plugins/wazuh-analysis/public/services/application.service.ts index 6cbe1c91f3..3e1f2ae75d 100644 --- a/plugins/wazuh-analysis/public/services/application.service.ts +++ b/plugins/wazuh-analysis/public/services/application.service.ts @@ -9,6 +9,7 @@ import { } from 'opensearch-dashboards/public'; import { Subject } from 'rxjs'; import { i18n } from '@osd/i18n'; +import { Logger } from '@osd/logging'; import { getCurrentNavGroup } from '../utils/nav-group'; import { NavGroupItemInMap } from '../../../../src/core/public'; @@ -33,6 +34,8 @@ export class ApplicationService { {}; private readonly appStartup$ = new Subject(); + constructor(private readonly logger?: Logger) {} + /** * This function takes a parent app ID and a sub app ID, and returns a * combined ID with the sub app ID URL-encoded. @@ -53,6 +56,7 @@ export class ApplicationService { * updater. */ registerAppUpdater(appId: string) { + this.logger?.debug('registerAppUpdater', {}); this.appUpdater$[appId] = new Subject(); } @@ -68,7 +72,10 @@ export class ApplicationService { * that was passed as an argument. */ getAppUpdater(appId: string) { + this.logger?.debug(`getAppUpdater ${appId}`); + if (!this.appUpdater$[appId]) { + this.logger?.error(`getAppUpdater ${appId}`); throw new AppUpdaterNotFoundError(appId); } @@ -82,6 +89,8 @@ export class ApplicationService { * property `navLinkStatus` set to `AppNavLinkStatus.visible`. */ private setNavLinkVisible(): Partial { + this.logger?.debug('setNavLinkVisible'); + return { navLinkStatus: AppNavLinkStatus.visible, }; @@ -94,6 +103,8 @@ export class ApplicationService { * navLinkStatus property set to AppNavLinkStatus.hidden. */ private setNavLinkHidden(): Partial { + this.logger?.debug('setNavLinkHidden'); + return { navLinkStatus: AppNavLinkStatus.hidden, }; @@ -121,9 +132,13 @@ export class ApplicationService { core: CoreSetup, appOperations?: AppOperations, ) { + this.logger?.debug('initializeNavGroupMounts'); + const beforeMount = appOperations?.beforeMount ?? this.setNavLinkVisible; for (const app of apps) { + this.logger?.debug(`initializeApp ${app.id}`); + const mount = app.mount.bind(app) as AppMount; app.mount = async (params: AppMountParameters) => { @@ -135,6 +150,8 @@ export class ApplicationService { const unmount = await mount(params); return () => { + this.logger?.debug(`unmount ${app.id}`); + if (core.chrome.navGroup.getNavGroupEnabled()) { this.getAppUpdater(app.id).next(appOperations?.cleanup); } @@ -172,10 +189,14 @@ export class ApplicationService { core: CoreSetup, appOperations?: AppOperations, ) { + this.logger?.debug('initializeSubApplicationMounts'); + const beforeMount = appOperations?.beforeMount ?? this.setNavLinkVisible; const cleanup = appOperations?.cleanup ?? this.setNavLinkHidden; for (const app of apps) { + this.logger?.debug(`initializeApp ${app.id}`); + const mount = app.mount.bind(app) as AppMount; app.mount = async (params: AppMountParameters) => { @@ -186,6 +207,8 @@ export class ApplicationService { const unmount = await mount(params); return () => { + this.logger?.debug(`unmount ${app.id}`); + if (core.chrome.navGroup.getNavGroupEnabled()) { this.getAppUpdater(app.id).next(cleanup); } @@ -212,6 +235,8 @@ export class ApplicationService { onAppStartupSubscribe(core: CoreStart) { this.appStartup$.subscribe({ next: async (navGroupId: string) => { + this.logger?.debug(`onAppStartupSubscribe ${navGroupId}`); + if (core.chrome.navGroup.getNavGroupEnabled()) { core.chrome.navGroup.setCurrentNavGroup(navGroupId); @@ -241,6 +266,8 @@ export class ApplicationService { core: CoreStart, navGroup: NavGroupItemInMap | undefined, ) { + this.logger?.debug('navigateToFirstAppInNavGroup'); + // Get the first nav item, if it exists navigate to the app const firstNavItem = navGroup?.navLinks[0]; From 987736f6f039c33e7f169fc3fe5fccab455e0c29 Mon Sep 17 00:00:00 2001 From: Guido Modarelli Date: Tue, 4 Feb 2025 14:17:26 -0300 Subject: [PATCH 112/212] Refactor application.service.ts to streamline imports and enhance code organization --- .../public/services/application.service.ts | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/plugins/wazuh-analysis/public/services/application.service.ts b/plugins/wazuh-analysis/public/services/application.service.ts index 3e1f2ae75d..8db2a60364 100644 --- a/plugins/wazuh-analysis/public/services/application.service.ts +++ b/plugins/wazuh-analysis/public/services/application.service.ts @@ -1,3 +1,6 @@ +import { Subject } from 'rxjs'; +import { i18n } from '@osd/i18n'; +import { Logger } from '@osd/logging'; import { App, AppMount, @@ -6,12 +9,9 @@ import { AppUpdater, CoreSetup, CoreStart, -} from 'opensearch-dashboards/public'; -import { Subject } from 'rxjs'; -import { i18n } from '@osd/i18n'; -import { Logger } from '@osd/logging'; + NavGroupItemInMap, +} from '../../../../src/core/public'; import { getCurrentNavGroup } from '../utils/nav-group'; -import { NavGroupItemInMap } from '../../../../src/core/public'; class AppUpdaterNotFoundError extends Error { constructor(appId: string) { From 6c7fe6ebd30fe23fe297d40d3688e0f4c0145a0b Mon Sep 17 00:00:00 2001 From: Guido Modarelli Date: Tue, 4 Feb 2025 14:18:02 -0300 Subject: [PATCH 113/212] Refactor security-related groups to centralize constants and improve code organization --- .../groups/cloud-security/applications.ts | 53 +++++-------------- .../public/groups/cloud-security/constants.ts | 50 +++++++++++++++++ .../public/groups/cloud-security/index.ts | 26 +++------ .../groups/endpoint-security/applications.ts | 41 ++++---------- .../groups/endpoint-security/constants.ts | 42 +++++++++++++++ .../public/groups/endpoint-security/index.ts | 26 +++------ .../security-operations/applications.ts | 47 ++++------------ .../groups/security-operations/constants.ts | 48 +++++++++++++++++ .../groups/security-operations/index.ts | 26 +++------ .../threat-intelligence/applications.ts | 47 ++++------------ .../groups/threat-intelligence/constants.ts | 48 +++++++++++++++++ .../groups/threat-intelligence/index.ts | 26 +++------ 12 files changed, 260 insertions(+), 220 deletions(-) create mode 100644 plugins/wazuh-analysis/public/groups/cloud-security/constants.ts create mode 100644 plugins/wazuh-analysis/public/groups/endpoint-security/constants.ts create mode 100644 plugins/wazuh-analysis/public/groups/security-operations/constants.ts create mode 100644 plugins/wazuh-analysis/public/groups/threat-intelligence/constants.ts diff --git a/plugins/wazuh-analysis/public/groups/cloud-security/applications.ts b/plugins/wazuh-analysis/public/groups/cloud-security/applications.ts index 9c000b5d1f..2f1003212e 100644 --- a/plugins/wazuh-analysis/public/groups/cloud-security/applications.ts +++ b/plugins/wazuh-analysis/public/groups/cloud-security/applications.ts @@ -1,46 +1,21 @@ +import { Subject } from 'rxjs'; import { AppMountParameters, AppNavLinkStatus, AppUpdater, -} from 'opensearch-dashboards/public'; -import { Subject } from 'rxjs'; -import { i18n } from '@osd/i18n'; -import { buildSubAppId } from '../../utils'; -import { PLUGIN_ID } from '../../../common/constants'; -import { CLOUD_SECURITY_ID } from '.'; - -export const DOCKER_ID = buildSubAppId(CLOUD_SECURITY_ID, 'docker'); -export const AWS_ID = buildSubAppId(CLOUD_SECURITY_ID, 'aws'); -export const GOOGLE_CLOUD_ID = buildSubAppId(CLOUD_SECURITY_ID, 'google_cloud'); -export const GITHUB_ID = buildSubAppId(CLOUD_SECURITY_ID, 'github'); -export const OFFICE365_ID = buildSubAppId(CLOUD_SECURITY_ID, 'office365'); -export const DOCKER_TITLE = i18n.translate( - `${PLUGIN_ID}.category.${DOCKER_ID}`, - { - defaultMessage: 'Docker', - }, -); -export const AWS_TITLE = i18n.translate(`${PLUGIN_ID}.category.${AWS_ID}`, { - defaultMessage: 'AWS', -}); -export const GOOGLE_CLOUD_TITLE = i18n.translate( - `${PLUGIN_ID}.category.${GOOGLE_CLOUD_ID}`, - { - defaultMessage: 'Google Cloud', - }, -); -export const GITHUB_TITLE = i18n.translate( - `${PLUGIN_ID}.category.${GITHUB_ID}`, - { - defaultMessage: 'Github', - }, -); -export const OFFICE365_TITLE = i18n.translate( - `${PLUGIN_ID}.category.${OFFICE365_ID}`, - { - defaultMessage: 'Office 365', - }, -); +} from '../../../../../src/core/public'; +import { + AWS_ID, + AWS_TITLE, + DOCKER_ID, + DOCKER_TITLE, + GITHUB_ID, + GITHUB_TITLE, + GOOGLE_CLOUD_ID, + GOOGLE_CLOUD_TITLE, + OFFICE365_ID, + OFFICE365_TITLE, +} from './constants'; export function getCloudSecurityApps(updater$?: Subject) { return [ diff --git a/plugins/wazuh-analysis/public/groups/cloud-security/constants.ts b/plugins/wazuh-analysis/public/groups/cloud-security/constants.ts new file mode 100644 index 0000000000..d4a7070756 --- /dev/null +++ b/plugins/wazuh-analysis/public/groups/cloud-security/constants.ts @@ -0,0 +1,50 @@ +import { i18n } from '@osd/i18n'; +import { PLUGIN_ID } from '../../../common/constants'; +import { buildSubAppId } from '../../utils'; + +export const CLOUD_SECURITY_ID = 'cloud_security'; +export const CLOUD_SECURITY_TITLE = i18n.translate( + `${PLUGIN_ID}.category.${CLOUD_SECURITY_ID}`, + { + defaultMessage: 'Cloud Security', + }, +); +export const CLOUD_SECURITY_DESCRIPTION = i18n.translate( + `${PLUGIN_ID}.category.${CLOUD_SECURITY_ID}.description`, + { + defaultMessage: + 'Monitoring and protection for cloud environments against security threats.', + }, +); +export const DOCKER_ID = buildSubAppId(CLOUD_SECURITY_ID, 'docker'); +export const AWS_ID = buildSubAppId(CLOUD_SECURITY_ID, 'aws'); +export const GOOGLE_CLOUD_ID = buildSubAppId(CLOUD_SECURITY_ID, 'google_cloud'); +export const GITHUB_ID = buildSubAppId(CLOUD_SECURITY_ID, 'github'); +export const OFFICE365_ID = buildSubAppId(CLOUD_SECURITY_ID, 'office365'); +export const DOCKER_TITLE = i18n.translate( + `${PLUGIN_ID}.category.${DOCKER_ID}`, + { + defaultMessage: 'Docker', + }, +); +export const AWS_TITLE = i18n.translate(`${PLUGIN_ID}.category.${AWS_ID}`, { + defaultMessage: 'AWS', +}); +export const GOOGLE_CLOUD_TITLE = i18n.translate( + `${PLUGIN_ID}.category.${GOOGLE_CLOUD_ID}`, + { + defaultMessage: 'Google Cloud', + }, +); +export const GITHUB_TITLE = i18n.translate( + `${PLUGIN_ID}.category.${GITHUB_ID}`, + { + defaultMessage: 'Github', + }, +); +export const OFFICE365_TITLE = i18n.translate( + `${PLUGIN_ID}.category.${OFFICE365_ID}`, + { + defaultMessage: 'Office 365', + }, +); diff --git a/plugins/wazuh-analysis/public/groups/cloud-security/index.ts b/plugins/wazuh-analysis/public/groups/cloud-security/index.ts index 1997c006e7..e5eff35f41 100644 --- a/plugins/wazuh-analysis/public/groups/cloud-security/index.ts +++ b/plugins/wazuh-analysis/public/groups/cloud-security/index.ts @@ -1,31 +1,19 @@ -import { i18n } from '@osd/i18n'; +import { Subject } from 'rxjs'; import { App, AppMountParameters, AppUpdater, ChromeRegistrationNavLink, CoreSetup, -} from 'opensearch-dashboards/public'; -import { Subject } from 'rxjs'; -import { PLUGIN_ID } from '../../../common/constants'; +} from '../../../../../src/core/public'; import { Group } from '../types'; import { CATEGORY } from '../category'; import { getCloudSecurityApps } from './applications'; - -export const CLOUD_SECURITY_ID = 'cloud_security'; -export const CLOUD_SECURITY_TITLE = i18n.translate( - `${PLUGIN_ID}.category.${CLOUD_SECURITY_ID}`, - { - defaultMessage: 'Cloud Security', - }, -); -export const CLOUD_SECURITY_DESCRIPTION = i18n.translate( - `${PLUGIN_ID}.category.${CLOUD_SECURITY_ID}.description`, - { - defaultMessage: - 'Monitoring and protection for cloud environments against security threats.', - }, -); +import { + CLOUD_SECURITY_DESCRIPTION, + CLOUD_SECURITY_ID, + CLOUD_SECURITY_TITLE, +} from './constants'; export const CloudSecurityNavGroup: Group = { getId: () => CLOUD_SECURITY_ID, diff --git a/plugins/wazuh-analysis/public/groups/endpoint-security/applications.ts b/plugins/wazuh-analysis/public/groups/endpoint-security/applications.ts index 9c60a3371a..7710eef626 100644 --- a/plugins/wazuh-analysis/public/groups/endpoint-security/applications.ts +++ b/plugins/wazuh-analysis/public/groups/endpoint-security/applications.ts @@ -1,39 +1,18 @@ +import { Subject } from 'rxjs'; import { App, AppMountParameters, AppNavLinkStatus, AppUpdater, -} from 'opensearch-dashboards/public'; -import { Subject } from 'rxjs'; -import { i18n } from '@osd/i18n'; -import { buildSubAppId } from '../../utils'; -import { PLUGIN_ID } from '../../../common/constants'; -import { ENDPOINT_SECURITY_ID } from '.'; - -export const CONFIGURATION_ASSESSMENT_ID = buildSubAppId( - ENDPOINT_SECURITY_ID, - 'configuration_assessment', -); -export const MALWARE_DETECTION_ID = buildSubAppId( - ENDPOINT_SECURITY_ID, - 'malware_detection', -); -export const FIM_ID = buildSubAppId(ENDPOINT_SECURITY_ID, 'fim'); -export const CONFIGURATION_ASSESSMENT_TITLE = i18n.translate( - `${PLUGIN_ID}.category.${CONFIGURATION_ASSESSMENT_ID}`, - { - defaultMessage: 'Configuration Assessment', - }, -); -export const MALWARE_DETECTION_TITLE = i18n.translate( - `${PLUGIN_ID}.category.${MALWARE_DETECTION_ID}`, - { - defaultMessage: 'Malware Detection', - }, -); -export const FIM_TITLE = i18n.translate(`${PLUGIN_ID}.category.${FIM_ID}`, { - defaultMessage: 'File Integrity Monitoring', -}); +} from '../../../../../src/core/public'; +import { + CONFIGURATION_ASSESSMENT_ID, + CONFIGURATION_ASSESSMENT_TITLE, + FIM_ID, + FIM_TITLE, + MALWARE_DETECTION_ID, + MALWARE_DETECTION_TITLE, +} from './constants'; export function getEndpointSecurityApps(updater$?: Subject): App[] { return [ diff --git a/plugins/wazuh-analysis/public/groups/endpoint-security/constants.ts b/plugins/wazuh-analysis/public/groups/endpoint-security/constants.ts new file mode 100644 index 0000000000..503fc75aaf --- /dev/null +++ b/plugins/wazuh-analysis/public/groups/endpoint-security/constants.ts @@ -0,0 +1,42 @@ +import { i18n } from '@osd/i18n'; +import { PLUGIN_ID } from '../../../common/constants'; +import { buildSubAppId } from '../../utils'; + +export const ENDPOINT_SECURITY_ID = 'endpoint_security'; +export const ENDPOINT_SECURITY_TITLE = i18n.translate( + `${PLUGIN_ID}.category.${ENDPOINT_SECURITY_ID}`, + { + defaultMessage: 'Endpoint Security', + }, +); +export const ENDPOINT_SECURITY_DESCRIPTION = i18n.translate( + `${PLUGIN_ID}.category.${ENDPOINT_SECURITY_ID}.description`, + { + defaultMessage: + 'Advanced monitoring and protection for devices against security threats.', + }, +); +export const CONFIGURATION_ASSESSMENT_ID = buildSubAppId( + ENDPOINT_SECURITY_ID, + 'configuration_assessment', +); +export const MALWARE_DETECTION_ID = buildSubAppId( + ENDPOINT_SECURITY_ID, + 'malware_detection', +); +export const FIM_ID = buildSubAppId(ENDPOINT_SECURITY_ID, 'fim'); +export const CONFIGURATION_ASSESSMENT_TITLE = i18n.translate( + `${PLUGIN_ID}.category.${CONFIGURATION_ASSESSMENT_ID}`, + { + defaultMessage: 'Configuration Assessment', + }, +); +export const MALWARE_DETECTION_TITLE = i18n.translate( + `${PLUGIN_ID}.category.${MALWARE_DETECTION_ID}`, + { + defaultMessage: 'Malware Detection', + }, +); +export const FIM_TITLE = i18n.translate(`${PLUGIN_ID}.category.${FIM_ID}`, { + defaultMessage: 'File Integrity Monitoring', +}); diff --git a/plugins/wazuh-analysis/public/groups/endpoint-security/index.ts b/plugins/wazuh-analysis/public/groups/endpoint-security/index.ts index 569cbd5d4c..2596561d36 100644 --- a/plugins/wazuh-analysis/public/groups/endpoint-security/index.ts +++ b/plugins/wazuh-analysis/public/groups/endpoint-security/index.ts @@ -1,4 +1,4 @@ -import { i18n } from '@osd/i18n'; +import { Subject } from 'rxjs'; import { App, AppMountParameters, @@ -6,27 +6,15 @@ import { ChromeNavGroup, ChromeRegistrationNavLink, CoreSetup, -} from 'opensearch-dashboards/public'; -import { Subject } from 'rxjs'; -import { PLUGIN_ID } from '../../../common/constants'; +} from '../../../../../src/core/public'; import { CATEGORY } from '../category'; import { Group } from '../types'; import { getEndpointSecurityApps } from './applications'; - -export const ENDPOINT_SECURITY_ID = 'endpoint_security'; -export const ENDPOINT_SECURITY_TITLE = i18n.translate( - `${PLUGIN_ID}.category.${ENDPOINT_SECURITY_ID}`, - { - defaultMessage: 'Endpoint Security', - }, -); -export const ENDPOINT_SECURITY_DESCRIPTION = i18n.translate( - `${PLUGIN_ID}.category.${ENDPOINT_SECURITY_ID}.description`, - { - defaultMessage: - 'Advanced monitoring and protection for devices against security threats.', - }, -); +import { + ENDPOINT_SECURITY_DESCRIPTION, + ENDPOINT_SECURITY_ID, + ENDPOINT_SECURITY_TITLE, +} from './constants'; export const EndpointSecurityNavGroup: Group = { getId: () => ENDPOINT_SECURITY_ID, diff --git a/plugins/wazuh-analysis/public/groups/security-operations/applications.ts b/plugins/wazuh-analysis/public/groups/security-operations/applications.ts index 820d3314ce..271bcf0473 100644 --- a/plugins/wazuh-analysis/public/groups/security-operations/applications.ts +++ b/plugins/wazuh-analysis/public/groups/security-operations/applications.ts @@ -1,44 +1,17 @@ +import { Subject } from 'rxjs'; import { AppMountParameters, AppNavLinkStatus, AppUpdater, -} from 'opensearch-dashboards/public'; -import { Subject } from 'rxjs'; -import { i18n } from '@osd/i18n'; -import { buildSubAppId } from '../../utils'; -import { PLUGIN_ID } from '../../../common/constants'; -import { SECURITY_OPERATIONS_ID } from '.'; - -export const REGULATORY_COMPLIANCE_ID = buildSubAppId( - SECURITY_OPERATIONS_ID, - 'regulatory_compliance', -); -export const IT_HYGIENE_ID = buildSubAppId( - SECURITY_OPERATIONS_ID, - 'it_hygiene', -); -export const INCIDENT_RESPONSE_ID = buildSubAppId( - SECURITY_OPERATIONS_ID, - 'incident_response', -); -export const REGULATORY_COMPLIANCE_TITLE = i18n.translate( - `${PLUGIN_ID}.category.${REGULATORY_COMPLIANCE_ID}`, - { - defaultMessage: 'Regulatory Compliance', - }, -); -export const IT_HYGIENE_TITLE = i18n.translate( - `${PLUGIN_ID}.category.${IT_HYGIENE_ID}`, - { - defaultMessage: 'IT Hygiene', - }, -); -export const INCIDENT_RESPONSE_TITLE = i18n.translate( - `${PLUGIN_ID}.category.${INCIDENT_RESPONSE_ID}`, - { - defaultMessage: 'Incident Response', - }, -); +} from '../../../../../src/core/public'; +import { + INCIDENT_RESPONSE_ID, + INCIDENT_RESPONSE_TITLE, + IT_HYGIENE_ID, + IT_HYGIENE_TITLE, + REGULATORY_COMPLIANCE_ID, + REGULATORY_COMPLIANCE_TITLE, +} from './constants'; export function getSecurityOperationsApps(updater$?: Subject) { return [ diff --git a/plugins/wazuh-analysis/public/groups/security-operations/constants.ts b/plugins/wazuh-analysis/public/groups/security-operations/constants.ts new file mode 100644 index 0000000000..c9923d6cf6 --- /dev/null +++ b/plugins/wazuh-analysis/public/groups/security-operations/constants.ts @@ -0,0 +1,48 @@ +import { i18n } from '@osd/i18n'; +import { PLUGIN_ID } from '../../../common/constants'; +import { buildSubAppId } from '../../utils'; + +export const SECURITY_OPERATIONS_ID = 'security_operations'; +export const SECURITY_OPERATIONS_TITLE = i18n.translate( + `${PLUGIN_ID}.category.${SECURITY_OPERATIONS_ID}`, + { + defaultMessage: 'Security Operations', + }, +); +export const SECURITY_OPERATIONS_DESCRIPTION = i18n.translate( + `${PLUGIN_ID}.category.${SECURITY_OPERATIONS_ID}.description`, + { + defaultMessage: + 'Advanced monitoring and protection for devices against security threats.', + }, +); +export const REGULATORY_COMPLIANCE_ID = buildSubAppId( + SECURITY_OPERATIONS_ID, + 'regulatory_compliance', +); +export const IT_HYGIENE_ID = buildSubAppId( + SECURITY_OPERATIONS_ID, + 'it_hygiene', +); +export const INCIDENT_RESPONSE_ID = buildSubAppId( + SECURITY_OPERATIONS_ID, + 'incident_response', +); +export const REGULATORY_COMPLIANCE_TITLE = i18n.translate( + `${PLUGIN_ID}.category.${REGULATORY_COMPLIANCE_ID}`, + { + defaultMessage: 'Regulatory Compliance', + }, +); +export const IT_HYGIENE_TITLE = i18n.translate( + `${PLUGIN_ID}.category.${IT_HYGIENE_ID}`, + { + defaultMessage: 'IT Hygiene', + }, +); +export const INCIDENT_RESPONSE_TITLE = i18n.translate( + `${PLUGIN_ID}.category.${INCIDENT_RESPONSE_ID}`, + { + defaultMessage: 'Incident Response', + }, +); diff --git a/plugins/wazuh-analysis/public/groups/security-operations/index.ts b/plugins/wazuh-analysis/public/groups/security-operations/index.ts index 54e1fd9839..a33486721a 100644 --- a/plugins/wazuh-analysis/public/groups/security-operations/index.ts +++ b/plugins/wazuh-analysis/public/groups/security-operations/index.ts @@ -1,31 +1,19 @@ -import { i18n } from '@osd/i18n'; +import { Subject } from 'rxjs'; import { App, AppMountParameters, AppUpdater, ChromeRegistrationNavLink, CoreSetup, -} from 'opensearch-dashboards/public'; -import { Subject } from 'rxjs'; -import { PLUGIN_ID } from '../../../common/constants'; +} from '../../../../../src/core/public'; import { CATEGORY } from '../category'; import { Group } from '../types'; import { getSecurityOperationsApps } from './applications'; - -export const SECURITY_OPERATIONS_ID = 'security_operations'; -export const SECURITY_OPERATIONS_TITLE = i18n.translate( - `${PLUGIN_ID}.category.${SECURITY_OPERATIONS_ID}`, - { - defaultMessage: 'Security Operations', - }, -); -export const SECURITY_OPERATIONS_DESCRIPTION = i18n.translate( - `${PLUGIN_ID}.category.${SECURITY_OPERATIONS_ID}.description`, - { - defaultMessage: - 'Advanced monitoring and protection for devices against security threats.', - }, -); +import { + SECURITY_OPERATIONS_DESCRIPTION, + SECURITY_OPERATIONS_ID, + SECURITY_OPERATIONS_TITLE, +} from './constants'; export const SecurityOperationsNavGroup: Group = { diff --git a/plugins/wazuh-analysis/public/groups/threat-intelligence/applications.ts b/plugins/wazuh-analysis/public/groups/threat-intelligence/applications.ts index 87aa261387..372b611ea4 100644 --- a/plugins/wazuh-analysis/public/groups/threat-intelligence/applications.ts +++ b/plugins/wazuh-analysis/public/groups/threat-intelligence/applications.ts @@ -1,44 +1,17 @@ +import { Subject } from 'rxjs'; import { AppMountParameters, AppNavLinkStatus, AppUpdater, -} from 'opensearch-dashboards/public'; -import { Subject } from 'rxjs'; -import { i18n } from '@osd/i18n'; -import { buildSubAppId } from '../../utils'; -import { PLUGIN_ID } from '../../../common/constants'; -import { THREAT_INTELLIGENCE_ID } from '.'; - -export const THREAT_HUNTING_ID = buildSubAppId( - THREAT_INTELLIGENCE_ID, - 'threat_hunting', -); -export const VULNERABILITY_DETECTION_ID = buildSubAppId( - THREAT_INTELLIGENCE_ID, - 'vulnerability_detection', -); -export const MITRE_ATTACK_ID = buildSubAppId( - THREAT_INTELLIGENCE_ID, - 'mitre_attack', -); -export const THREAT_HUNTING_TITLE = i18n.translate( - `${PLUGIN_ID}.category.${THREAT_HUNTING_ID}`, - { - defaultMessage: 'Threat Hunting', - }, -); -export const VULNERABILITY_DETECTION_TITLE = i18n.translate( - `${PLUGIN_ID}.category.${VULNERABILITY_DETECTION_ID}`, - { - defaultMessage: 'Vulnerability Detection', - }, -); -export const MITRE_ATTACK_TITLE = i18n.translate( - `${PLUGIN_ID}.category.${MITRE_ATTACK_ID}`, - { - defaultMessage: 'MITRE ATT&CK', - }, -); +} from '../../../../../src/core/public'; +import { + MITRE_ATTACK_ID, + MITRE_ATTACK_TITLE, + THREAT_HUNTING_ID, + THREAT_HUNTING_TITLE, + VULNERABILITY_DETECTION_ID, + VULNERABILITY_DETECTION_TITLE, +} from './constants'; export function getThreatIntelligenceApps(updater$?: Subject) { return [ diff --git a/plugins/wazuh-analysis/public/groups/threat-intelligence/constants.ts b/plugins/wazuh-analysis/public/groups/threat-intelligence/constants.ts new file mode 100644 index 0000000000..34c6ec41f6 --- /dev/null +++ b/plugins/wazuh-analysis/public/groups/threat-intelligence/constants.ts @@ -0,0 +1,48 @@ +import { i18n } from '@osd/i18n'; +import { PLUGIN_ID } from '../../../common/constants'; +import { buildSubAppId } from '../../utils'; + +export const THREAT_INTELLIGENCE_ID = 'threat_intelligence'; +export const THREAT_INTELLIGENCE_TITLE = i18n.translate( + `${PLUGIN_ID}.category.${THREAT_INTELLIGENCE_ID}.`, + { + defaultMessage: 'Threat Intelligence', + }, +); +export const THREAT_INTELLIGENCE_DESCRIPTION = i18n.translate( + `${PLUGIN_ID}.category.${THREAT_INTELLIGENCE_ID}.description`, + { + defaultMessage: + 'Collect and analyze information about potential threats to inform security decisions.', + }, +); +export const THREAT_HUNTING_ID = buildSubAppId( + THREAT_INTELLIGENCE_ID, + 'threat_hunting', +); +export const VULNERABILITY_DETECTION_ID = buildSubAppId( + THREAT_INTELLIGENCE_ID, + 'vulnerability_detection', +); +export const MITRE_ATTACK_ID = buildSubAppId( + THREAT_INTELLIGENCE_ID, + 'mitre_attack', +); +export const THREAT_HUNTING_TITLE = i18n.translate( + `${PLUGIN_ID}.category.${THREAT_HUNTING_ID}`, + { + defaultMessage: 'Threat Hunting', + }, +); +export const VULNERABILITY_DETECTION_TITLE = i18n.translate( + `${PLUGIN_ID}.category.${VULNERABILITY_DETECTION_ID}`, + { + defaultMessage: 'Vulnerability Detection', + }, +); +export const MITRE_ATTACK_TITLE = i18n.translate( + `${PLUGIN_ID}.category.${MITRE_ATTACK_ID}`, + { + defaultMessage: 'MITRE ATT&CK', + }, +); diff --git a/plugins/wazuh-analysis/public/groups/threat-intelligence/index.ts b/plugins/wazuh-analysis/public/groups/threat-intelligence/index.ts index 7c38cbf63f..536e3ada08 100644 --- a/plugins/wazuh-analysis/public/groups/threat-intelligence/index.ts +++ b/plugins/wazuh-analysis/public/groups/threat-intelligence/index.ts @@ -1,31 +1,19 @@ -import { i18n } from '@osd/i18n'; +import { Subject } from 'rxjs'; import { App, AppMountParameters, AppUpdater, ChromeRegistrationNavLink, CoreSetup, -} from 'opensearch-dashboards/public'; -import { Subject } from 'rxjs'; -import { PLUGIN_ID } from '../../../common/constants'; +} from '../../../../../src/core/public'; import { CATEGORY } from '../category'; import { Group } from '../types'; import { getThreatIntelligenceApps } from './applications'; - -export const THREAT_INTELLIGENCE_ID = 'threat_intelligence'; -export const THREAT_INTELLIGENCE_TITLE = i18n.translate( - `${PLUGIN_ID}.category.${THREAT_INTELLIGENCE_ID}`, - { - defaultMessage: 'Threat Intelligence', - }, -); -export const THREAT_INTELLIGENCE_DESCRIPTION = i18n.translate( - `${PLUGIN_ID}.category.${THREAT_INTELLIGENCE_ID}.description`, - { - defaultMessage: - 'Collect and analyze information about potential threats to inform security decisions.', - }, -); +import { + THREAT_INTELLIGENCE_DESCRIPTION, + THREAT_INTELLIGENCE_ID, + THREAT_INTELLIGENCE_TITLE, +} from './constants'; export const ThreatIntelligenceNavGroup: Group = { From a6c6d4ac6323c0f1c66c3c160f66108aca737acd Mon Sep 17 00:00:00 2001 From: Guido Modarelli Date: Tue, 4 Feb 2025 14:19:04 -0300 Subject: [PATCH 114/212] Refactor WazuhCorePlugin to implement NoopLogger for improved logging and type safety --- plugins/wazuh-core/public/plugin.ts | 58 +++++++++++++++++------------ 1 file changed, 34 insertions(+), 24 deletions(-) diff --git a/plugins/wazuh-core/public/plugin.ts b/plugins/wazuh-core/public/plugin.ts index cd50d1a18c..08dec54933 100644 --- a/plugins/wazuh-core/public/plugin.ts +++ b/plugins/wazuh-core/public/plugin.ts @@ -5,42 +5,61 @@ import { PluginInitializerContext, } from 'opensearch-dashboards/public'; import { Cookies } from 'react-cookie'; +import { Logger } from '@osd/logging'; import { ConfigurationStore } from '../common/services/configuration/configuration-store'; import { EConfigurationProviders } from '../common/constants'; import { API_USER_STATUS_RUN_AS } from '../common/api-user-status-run-as'; import { Configuration } from '../common/services/configuration'; +import { NoopLogger } from '../common/logger/noop-logger'; import { WazuhCorePluginSetup, WazuhCorePluginStart } from './types'; import { setChrome, setCore, setUiSettings } from './plugin-services'; import { UISettingsConfigProvider } from './services/configuration/ui-settings-provider'; import { InitializerConfigProvider } from './services/configuration/initializer-context-provider'; import * as utils from './utils'; import * as uiComponents from './components'; -import { DashboardSecurity } from './services/dashboard-security'; +import { + DashboardSecurity, + DashboardSecurityServiceSetupReturn, +} from './services/dashboard-security'; import * as hooks from './hooks'; -import { CoreState, State } from './services/state'; +import { CoreState, State, StateSetupReturn } from './services/state'; import { ServerHostClusterInfoStateContainer } from './services/state/containers/server-host-cluster-info'; import { ServerHostStateContainer } from './services/state/containers/server-host'; import { DataSourceAlertsStateContainer } from './services/state/containers/data-source-alerts'; -import { CoreServerSecurity } from './services'; +import { CoreServerSecurity, ServerSecurity } from './services'; import { CoreHTTPClient } from './services/http/http-client'; -const noop = () => {}; +interface RuntimeSetup { + dashboardSecurity: DashboardSecurityServiceSetupReturn; + http: Awaited>; + serverSecurity: Awaited>; + state: StateSetupReturn; +} + +interface Runtime { + setup: RuntimeSetup; + start: Record; +} export class WazuhCorePlugin implements Plugin { - runtime: Record = { - setup: {}, - start: {}, - }; - internal: Record = {}; + runtime: Runtime; + internal: Record; services: { - [key: string]: any; - dashboardSecurity?: DashboardSecurity; - state?: State; - } = {}; + configuration: Configuration; + dashboardSecurity: DashboardSecurity; + http: CoreHTTPClient; + serverSecurity: ServerSecurity; + state: State; + }; constructor(private readonly initializerContext: PluginInitializerContext) { + this.runtime = { + setup: {}, + start: {}, + }; + // @ts-expect-error Type '{}' is missing some properties this.services = {}; this.internal = {}; } @@ -48,16 +67,7 @@ export class WazuhCorePlugin public async setup(core: CoreSetup): Promise { // No operation logger - const logger = { - info: noop, - error: noop, - debug: noop, - warn: noop, - trace: noop, - fatal: noop, - log: noop, - get: () => logger, - }; + const logger: Logger = new NoopLogger(); this.internal.configurationStore = new ConfigurationStore(logger); @@ -81,7 +91,7 @@ export class WazuhCorePlugin this.services.dashboardSecurity = new DashboardSecurity(logger, core.http); // Create state - this.services.state = new CoreState(logger); + this.services.state = new CoreState(logger) as unknown as State; const cookiesStore = new Cookies(); From 8fc978e2e298533f8ab59f3ea862137623764c44 Mon Sep 17 00:00:00 2001 From: Guido Modarelli Date: Tue, 4 Feb 2025 14:31:33 -0300 Subject: [PATCH 115/212] Refactor ApplicationService to use navGroupId for improved navigation group handling --- .../public/services/application.service.ts | 16 +++++++++++----- 1 file changed, 11 insertions(+), 5 deletions(-) diff --git a/plugins/wazuh-analysis/public/services/application.service.ts b/plugins/wazuh-analysis/public/services/application.service.ts index 8db2a60364..18d79cbbde 100644 --- a/plugins/wazuh-analysis/public/services/application.service.ts +++ b/plugins/wazuh-analysis/public/services/application.service.ts @@ -110,6 +110,10 @@ export class ApplicationService { }; } + private getNavGroupId(appId: string): string { + return appId.split('_%2F')[0]; + } + /** * The function initializes navigation group mounts for a list of apps in a * TypeScript codebase. @@ -140,11 +144,12 @@ export class ApplicationService { this.logger?.debug(`initializeApp ${app.id}`); const mount = app.mount.bind(app) as AppMount; + const navGroupId = this.getNavGroupId(app.id); app.mount = async (params: AppMountParameters) => { if (core.chrome.navGroup.getNavGroupEnabled()) { - this.getAppUpdater(app.id).next(beforeMount); - this.appStartup$.next(app.id); + this.getAppUpdater(navGroupId).next(beforeMount); + this.appStartup$.next(navGroupId); } const unmount = await mount(params); @@ -153,7 +158,7 @@ export class ApplicationService { this.logger?.debug(`unmount ${app.id}`); if (core.chrome.navGroup.getNavGroupEnabled()) { - this.getAppUpdater(app.id).next(appOperations?.cleanup); + this.getAppUpdater(navGroupId).next(appOperations?.cleanup); } unmount(); @@ -198,10 +203,11 @@ export class ApplicationService { this.logger?.debug(`initializeApp ${app.id}`); const mount = app.mount.bind(app) as AppMount; + const navGroupId = this.getNavGroupId(app.id); app.mount = async (params: AppMountParameters) => { if (core.chrome.navGroup.getNavGroupEnabled()) { - this.getAppUpdater(app.id).next(beforeMount); + this.getAppUpdater(navGroupId).next(beforeMount); } const unmount = await mount(params); @@ -210,7 +216,7 @@ export class ApplicationService { this.logger?.debug(`unmount ${app.id}`); if (core.chrome.navGroup.getNavGroupEnabled()) { - this.getAppUpdater(app.id).next(cleanup); + this.getAppUpdater(navGroupId).next(cleanup); } unmount(); From e183fc346f87fda7866706be506ccc8560de3c41 Mon Sep 17 00:00:00 2001 From: Guido Modarelli Date: Tue, 4 Feb 2025 14:36:38 -0300 Subject: [PATCH 116/212] Remove unused navigation group handling from ApplicationService unmount logic --- plugins/wazuh-analysis/public/services/application.service.ts | 4 ---- 1 file changed, 4 deletions(-) diff --git a/plugins/wazuh-analysis/public/services/application.service.ts b/plugins/wazuh-analysis/public/services/application.service.ts index 18d79cbbde..8f317c3de4 100644 --- a/plugins/wazuh-analysis/public/services/application.service.ts +++ b/plugins/wazuh-analysis/public/services/application.service.ts @@ -157,10 +157,6 @@ export class ApplicationService { return () => { this.logger?.debug(`unmount ${app.id}`); - if (core.chrome.navGroup.getNavGroupEnabled()) { - this.getAppUpdater(navGroupId).next(appOperations?.cleanup); - } - unmount(); return true; From 005e73574bfc6da9c72c860c6c0396c65d93908e Mon Sep 17 00:00:00 2001 From: Guido Modarelli Date: Wed, 5 Feb 2025 10:46:19 -0300 Subject: [PATCH 117/212] Refactor WazuhCorePlugin and ApplicationService for improved navigation handling and error management --- plugins/wazuh-analysis/public/plugin.ts | 12 +++--- plugins/wazuh-core/public/plugin.ts | 5 +++ .../services/application/application.ts} | 39 ++++--------------- .../errors/app-updater-not-found-error.ts | 10 +++++ .../public/services/application/types.ts | 6 +++ 5 files changed, 34 insertions(+), 38 deletions(-) rename plugins/{wazuh-analysis/public/services/application.service.ts => wazuh-core/public/services/application/application.ts} (89%) create mode 100644 plugins/wazuh-core/public/services/application/errors/app-updater-not-found-error.ts create mode 100644 plugins/wazuh-core/public/services/application/types.ts diff --git a/plugins/wazuh-analysis/public/plugin.ts b/plugins/wazuh-analysis/public/plugin.ts index b8b349ae3a..9b821d9ead 100644 --- a/plugins/wazuh-analysis/public/plugin.ts +++ b/plugins/wazuh-analysis/public/plugin.ts @@ -12,7 +12,6 @@ import { EndpointSecurityNavGroup } from './groups/endpoint-security'; import { SecurityOperationsNavGroup } from './groups/security-operations'; import { ThreatIntelligenceNavGroup } from './groups/threat-intelligence'; import { Group, GroupsId } from './groups/types'; -import { ApplicationService } from './services/application.service'; import { AnalysisSetup, AnalysisStart } from './types'; interface AnalysisSetupDependencies {} @@ -25,7 +24,6 @@ export class AnalysisPlugin implements Plugin { - private readonly applicationService = new ApplicationService(); private coreStart?: CoreStart; private readonly navGroups: Group[] = [ EndpointSecurityNavGroup, @@ -39,7 +37,7 @@ export class AnalysisPlugin navGroup.getAppGroup(), ); - this.applicationService.initializeNavGroupMounts(applications, core); + core.application.initializeNavGroupMounts(applications, core); if (core.chrome.navGroup.getNavGroupEnabled()) { core.chrome.globalSearch.registerSearchCommand({ @@ -56,11 +54,11 @@ export class AnalysisPlugin } const subApps: App[][] = this.navGroups.map(navGroup => - navGroup.getApps(this.applicationService.getAppUpdater(navGroup.getId())), + navGroup.getApps(core.application.getAppUpdater(navGroup.getId())), ); for (const apps of subApps) { - this.applicationService.initializeSubApplicationMounts(apps, core); + core.application.initializeSubApplicationMounts(apps, core); } } @@ -80,7 +78,7 @@ export class AnalysisPlugin console.debug('AnalysisPlugin started'); for (const navGroup of this.navGroups) { - this.applicationService.registerAppUpdater(navGroup.getId()); + core.application.registerAppUpdater(navGroup.getId()); } this.registerApps(core); @@ -94,7 +92,7 @@ export class AnalysisPlugin _plugins: AnalysisStartDependencies, ): AnalysisStart | Promise { this.coreStart = core; - this.applicationService.onAppStartupSubscribe(core); + core.application.onAppStartupSubscribe(core); return {}; } diff --git a/plugins/wazuh-core/public/plugin.ts b/plugins/wazuh-core/public/plugin.ts index 08dec54933..d95e279657 100644 --- a/plugins/wazuh-core/public/plugin.ts +++ b/plugins/wazuh-core/public/plugin.ts @@ -28,6 +28,7 @@ import { ServerHostStateContainer } from './services/state/containers/server-hos import { DataSourceAlertsStateContainer } from './services/state/containers/data-source-alerts'; import { CoreServerSecurity, ServerSecurity } from './services'; import { CoreHTTPClient } from './services/http/http-client'; +import { ApplicationService } from './services/application/application'; interface RuntimeSetup { dashboardSecurity: DashboardSecurityServiceSetupReturn; @@ -47,6 +48,7 @@ export class WazuhCorePlugin runtime: Runtime; internal: Record; services: { + application: ApplicationService; configuration: Configuration; dashboardSecurity: DashboardSecurity; http: CoreHTTPClient; @@ -56,6 +58,7 @@ export class WazuhCorePlugin constructor(private readonly initializerContext: PluginInitializerContext) { this.runtime = { + // @ts-expect-error Type '{}' is missing some properties setup: {}, start: {}, }; @@ -82,6 +85,8 @@ export class WazuhCorePlugin new UISettingsConfigProvider(core.uiSettings), ); + this.services.application = new ApplicationService(logger); + this.services.configuration = new Configuration( logger, this.internal.configurationStore, diff --git a/plugins/wazuh-analysis/public/services/application.service.ts b/plugins/wazuh-core/public/services/application/application.ts similarity index 89% rename from plugins/wazuh-analysis/public/services/application.service.ts rename to plugins/wazuh-core/public/services/application/application.ts index 8f317c3de4..69578d6b6b 100644 --- a/plugins/wazuh-analysis/public/services/application.service.ts +++ b/plugins/wazuh-core/public/services/application/application.ts @@ -1,5 +1,5 @@ +import { first } from 'rxjs/operators'; import { Subject } from 'rxjs'; -import { i18n } from '@osd/i18n'; import { Logger } from '@osd/logging'; import { App, @@ -10,24 +10,9 @@ import { CoreSetup, CoreStart, NavGroupItemInMap, -} from '../../../../src/core/public'; -import { getCurrentNavGroup } from '../utils/nav-group'; - -class AppUpdaterNotFoundError extends Error { - constructor(appId: string) { - super( - i18n.translate('errors.appUpdater.NotFound', { - defaultMessage: `AppUpdater for ${appId} not found`, - }), - ); - this.name = 'AppUpdaterNotFoundError'; - } -} - -interface AppOperations { - beforeMount?: () => Partial; - cleanup?: () => Partial; -} +} from '../../../../../src/core/public'; +import { AppUpdaterNotFoundError } from './errors/app-updater-not-found-error'; +import { AppOperations } from './types'; export class ApplicationService { private readonly appUpdater$: Partial>> = @@ -36,16 +21,8 @@ export class ApplicationService { constructor(private readonly logger?: Logger) {} - /** - * This function takes a parent app ID and a sub app ID, and returns a - * combined ID with the sub app ID URL-encoded. - * @param {string} parentAppId - Is a string representing the ID of the parent - * application. - * @param {string} subAppId - Is a string representing the ID of a - * sub-application within a parent application. - */ - static buildSubAppId(parentAppId: string, subAppId: string) { - return `${parentAppId}_${encodeURIComponent(`/${subAppId}`)}`; + async getCurrentNavGroup(core: CoreStart) { + return core.chrome.navGroup.getCurrentNavGroup$().pipe(first()).toPromise(); } /** @@ -56,7 +33,7 @@ export class ApplicationService { * updater. */ registerAppUpdater(appId: string) { - this.logger?.debug('registerAppUpdater', {}); + this.logger?.debug('registerAppUpdater'); this.appUpdater$[appId] = new Subject(); } @@ -242,7 +219,7 @@ export class ApplicationService { if (core.chrome.navGroup.getNavGroupEnabled()) { core.chrome.navGroup.setCurrentNavGroup(navGroupId); - const currentNavGroup = await getCurrentNavGroup(core); + const currentNavGroup = await this.getCurrentNavGroup(core); this.navigateToFirstAppInNavGroup(core, currentNavGroup); } diff --git a/plugins/wazuh-core/public/services/application/errors/app-updater-not-found-error.ts b/plugins/wazuh-core/public/services/application/errors/app-updater-not-found-error.ts new file mode 100644 index 0000000000..63239cae90 --- /dev/null +++ b/plugins/wazuh-core/public/services/application/errors/app-updater-not-found-error.ts @@ -0,0 +1,10 @@ +export class AppUpdaterNotFoundError extends Error { + constructor(appId: string) { + super( + i18n.translate('errors.appUpdater.NotFound', { + defaultMessage: `AppUpdater for ${appId} not found`, + }), + ); + this.name = 'AppUpdaterNotFoundError'; + } +} diff --git a/plugins/wazuh-core/public/services/application/types.ts b/plugins/wazuh-core/public/services/application/types.ts new file mode 100644 index 0000000000..008421f3a9 --- /dev/null +++ b/plugins/wazuh-core/public/services/application/types.ts @@ -0,0 +1,6 @@ +import { App } from '../../../../src/core/public'; + +export interface AppOperations { + beforeMount?: () => Partial; + cleanup?: () => Partial; +} From 55ace2d15c3897292a60959a96b0f31c77dc7bac Mon Sep 17 00:00:00 2001 From: Guido Modarelli Date: Wed, 5 Feb 2025 10:46:59 -0300 Subject: [PATCH 118/212] Remove unused getCurrentNavGroup utility function from nav-group.ts --- plugins/wazuh-analysis/public/utils/nav-group.ts | 6 ------ 1 file changed, 6 deletions(-) delete mode 100644 plugins/wazuh-analysis/public/utils/nav-group.ts diff --git a/plugins/wazuh-analysis/public/utils/nav-group.ts b/plugins/wazuh-analysis/public/utils/nav-group.ts deleted file mode 100644 index 062d4f5480..0000000000 --- a/plugins/wazuh-analysis/public/utils/nav-group.ts +++ /dev/null @@ -1,6 +0,0 @@ -import { first } from 'rxjs/operators'; -import { CoreStart } from '../../../../src/core/public'; - -export async function getCurrentNavGroup(core: CoreStart) { - return core.chrome.navGroup.getCurrentNavGroup$().pipe(first()).toPromise(); -} From 03a87b77f3bdfc3f599cd01b99853f83e09287b0 Mon Sep 17 00:00:00 2001 From: Guido Modarelli Date: Wed, 5 Feb 2025 11:07:47 -0300 Subject: [PATCH 119/212] Refactor WazuhCorePlugin and AnalysisPlugin to use applicationService for improved service management --- .../wazuh-analysis/opensearch_dashboards.json | 2 +- plugins/wazuh-analysis/public/plugin.ts | 35 +++++++++++++------ plugins/wazuh-core/public/plugin.ts | 4 +-- plugins/wazuh-core/public/types.ts | 3 ++ 4 files changed, 31 insertions(+), 13 deletions(-) diff --git a/plugins/wazuh-analysis/opensearch_dashboards.json b/plugins/wazuh-analysis/opensearch_dashboards.json index 5e60b18eb4..9142a1e710 100644 --- a/plugins/wazuh-analysis/opensearch_dashboards.json +++ b/plugins/wazuh-analysis/opensearch_dashboards.json @@ -4,5 +4,5 @@ "opensearchDashboardsVersion": "opensearchDashboards", "server": false, "ui": true, - "requiredPlugins": [] + "requiredPlugins": ["wazuhCore"] } diff --git a/plugins/wazuh-analysis/public/plugin.ts b/plugins/wazuh-analysis/public/plugin.ts index 9b821d9ead..54e7327e94 100644 --- a/plugins/wazuh-analysis/public/plugin.ts +++ b/plugins/wazuh-analysis/public/plugin.ts @@ -6,6 +6,11 @@ import { Plugin, } from '../../../src/core/public'; import { NavigationPublicPluginStart } from '../../../src/plugins/navigation/public'; +import { + WazuhCorePluginSetup, + WazuhCorePluginStart, +} from '../../wazuh-core/public'; +import { ApplicationService } from '../../wazuh-core/public/services/application/application'; import { searchPages } from './components/global_search/search-pages-command'; import { CloudSecurityNavGroup } from './groups/cloud-security'; import { EndpointSecurityNavGroup } from './groups/endpoint-security'; @@ -14,10 +19,13 @@ import { ThreatIntelligenceNavGroup } from './groups/threat-intelligence'; import { Group, GroupsId } from './groups/types'; import { AnalysisSetup, AnalysisStart } from './types'; -interface AnalysisSetupDependencies {} +interface AnalysisSetupDependencies { + wazuhCore: WazuhCorePluginSetup; +} interface AnalysisStartDependencies { navigation: NavigationPublicPluginStart; + wazuhCore: WazuhCorePluginStart; } export class AnalysisPlugin @@ -32,12 +40,15 @@ export class AnalysisPlugin CloudSecurityNavGroup, ]; - private registerApps(core: CoreSetup) { + private registerApps( + core: CoreSetup, + applicationService: ApplicationService, + ) { const applications: App[] = this.navGroups.map(navGroup => navGroup.getAppGroup(), ); - core.application.initializeNavGroupMounts(applications, core); + applicationService.initializeNavGroupMounts(applications, core); if (core.chrome.navGroup.getNavGroupEnabled()) { core.chrome.globalSearch.registerSearchCommand({ @@ -54,11 +65,11 @@ export class AnalysisPlugin } const subApps: App[][] = this.navGroups.map(navGroup => - navGroup.getApps(core.application.getAppUpdater(navGroup.getId())), + navGroup.getApps(applicationService.getAppUpdater(navGroup.getId())), ); for (const apps of subApps) { - core.application.initializeSubApplicationMounts(apps, core); + applicationService.initializeSubApplicationMounts(apps, core); } } @@ -73,15 +84,17 @@ export class AnalysisPlugin public setup( core: CoreSetup, - _plugins: AnalysisSetupDependencies, + plugins: AnalysisSetupDependencies, ): AnalysisSetup | Promise { console.debug('AnalysisPlugin started'); + const wazuhCore = plugins.wazuhCore; + for (const navGroup of this.navGroups) { - core.application.registerAppUpdater(navGroup.getId()); + wazuhCore.applicationService.registerAppUpdater(navGroup.getId()); } - this.registerApps(core); + this.registerApps(core, wazuhCore.applicationService); this.registerNavGroups(core); return {}; @@ -89,10 +102,12 @@ export class AnalysisPlugin start( core: CoreStart, - _plugins: AnalysisStartDependencies, + plugins: AnalysisStartDependencies, ): AnalysisStart | Promise { + const wazuhCore = plugins.wazuhCore; + this.coreStart = core; - core.application.onAppStartupSubscribe(core); + wazuhCore.applicationService.onAppStartupSubscribe(core); return {}; } diff --git a/plugins/wazuh-core/public/plugin.ts b/plugins/wazuh-core/public/plugin.ts index d95e279657..0eb32e05ec 100644 --- a/plugins/wazuh-core/public/plugin.ts +++ b/plugins/wazuh-core/public/plugin.ts @@ -48,7 +48,7 @@ export class WazuhCorePlugin runtime: Runtime; internal: Record; services: { - application: ApplicationService; + applicationService: ApplicationService; configuration: Configuration; dashboardSecurity: DashboardSecurity; http: CoreHTTPClient; @@ -85,7 +85,7 @@ export class WazuhCorePlugin new UISettingsConfigProvider(core.uiSettings), ); - this.services.application = new ApplicationService(logger); + this.services.applicationService = new ApplicationService(logger); this.services.configuration = new Configuration( logger, diff --git a/plugins/wazuh-core/public/types.ts b/plugins/wazuh-core/public/types.ts index 6339a8cb7f..49cc6ef452 100644 --- a/plugins/wazuh-core/public/types.ts +++ b/plugins/wazuh-core/public/types.ts @@ -12,10 +12,12 @@ import { DashboardSecurityService, DashboardSecurityServiceSetupReturn, } from './services/dashboard-security'; +import { ApplicationService } from './services/application/application'; export interface WazuhCorePluginSetup { _internal: any; utils: { formatUIDate: (date: Date) => string }; + applicationService: ApplicationService; API_USER_STATUS_RUN_AS: typeof API_USER_STATUS_RUN_AS; configuration: Configuration; dashboardSecurity: DashboardSecurityService; @@ -43,6 +45,7 @@ export interface WazuhCorePluginSetup { export interface WazuhCorePluginStart { utils: { formatUIDate: (date: Date) => string }; + applicationService: ApplicationService; API_USER_STATUS_RUN_AS: typeof API_USER_STATUS_RUN_AS; configuration: Configuration; dashboardSecurity: DashboardSecurityService; From 76709d37453b37e9cb5ff10c1e3d4581c83ad8d5 Mon Sep 17 00:00:00 2001 From: Guido Modarelli Date: Wed, 5 Feb 2025 11:09:50 -0300 Subject: [PATCH 120/212] Refactor AnalysisPlugin to streamline imports and enhance type definitions for setup dependencies --- plugins/wazuh-analysis/public/plugin.ts | 21 ++++++--------------- plugins/wazuh-analysis/public/types.ts | 12 ++++++++++++ 2 files changed, 18 insertions(+), 15 deletions(-) diff --git a/plugins/wazuh-analysis/public/plugin.ts b/plugins/wazuh-analysis/public/plugin.ts index 54e7327e94..fc7a535698 100644 --- a/plugins/wazuh-analysis/public/plugin.ts +++ b/plugins/wazuh-analysis/public/plugin.ts @@ -5,11 +5,6 @@ import { DEFAULT_NAV_GROUPS, Plugin, } from '../../../src/core/public'; -import { NavigationPublicPluginStart } from '../../../src/plugins/navigation/public'; -import { - WazuhCorePluginSetup, - WazuhCorePluginStart, -} from '../../wazuh-core/public'; import { ApplicationService } from '../../wazuh-core/public/services/application/application'; import { searchPages } from './components/global_search/search-pages-command'; import { CloudSecurityNavGroup } from './groups/cloud-security'; @@ -17,16 +12,12 @@ import { EndpointSecurityNavGroup } from './groups/endpoint-security'; import { SecurityOperationsNavGroup } from './groups/security-operations'; import { ThreatIntelligenceNavGroup } from './groups/threat-intelligence'; import { Group, GroupsId } from './groups/types'; -import { AnalysisSetup, AnalysisStart } from './types'; - -interface AnalysisSetupDependencies { - wazuhCore: WazuhCorePluginSetup; -} - -interface AnalysisStartDependencies { - navigation: NavigationPublicPluginStart; - wazuhCore: WazuhCorePluginStart; -} +import { + AnalysisSetup, + AnalysisSetupDependencies, + AnalysisStart, + AnalysisStartDependencies, +} from './types'; export class AnalysisPlugin implements diff --git a/plugins/wazuh-analysis/public/types.ts b/plugins/wazuh-analysis/public/types.ts index 9b30e4afbb..4fe145cda9 100644 --- a/plugins/wazuh-analysis/public/types.ts +++ b/plugins/wazuh-analysis/public/types.ts @@ -1,3 +1,15 @@ +import { + WazuhCorePluginSetup, + WazuhCorePluginStart, +} from '../../wazuh-core/public'; + export interface AnalysisSetup {} export interface AnalysisStart {} +export interface AnalysisSetupDependencies { + wazuhCore: WazuhCorePluginSetup; +} + +export interface AnalysisStartDependencies { + wazuhCore: WazuhCorePluginStart; +} From 7adbe1eab34a5fc4a96cb00804ebfedec0750584 Mon Sep 17 00:00:00 2001 From: Guido Modarelli Date: Wed, 5 Feb 2025 16:27:01 -0300 Subject: [PATCH 121/212] Add createSideNavItems function to generate side navigation items for apps --- .../wazuh-analysis/public/groups/side-nav.tsx | 24 +++++++++++++++++++ 1 file changed, 24 insertions(+) create mode 100644 plugins/wazuh-analysis/public/groups/side-nav.tsx diff --git a/plugins/wazuh-analysis/public/groups/side-nav.tsx b/plugins/wazuh-analysis/public/groups/side-nav.tsx new file mode 100644 index 0000000000..63db9b4f77 --- /dev/null +++ b/plugins/wazuh-analysis/public/groups/side-nav.tsx @@ -0,0 +1,24 @@ +import { EuiSideNavItemType } from '@elastic/eui'; +import { App } from 'opensearch-dashboards/public'; + +export function createSideNavItems( + id: string, + name: string, + apps: App[], + selectedAppId?: App['id'], +) { + const items: EuiSideNavItemType[] = [ + { + name, + id, + items: apps.map(app => ({ + id: app.id, + name: app.title, + onClick: () => alert(`click on ${app.id}`), + isSelected: app.id === selectedAppId, + })), + }, + ]; + + return items; +} From c3695c7d2970a8986d975c5b9f51ca070a6c9d3e Mon Sep 17 00:00:00 2001 From: Guido Modarelli Date: Wed, 5 Feb 2025 16:27:28 -0300 Subject: [PATCH 122/212] Add createEndpointSecurityNavItems function to generate navigation items for endpoint security --- .../groups/endpoint-security/nav-items.ts | 22 +++++++++++++++++++ 1 file changed, 22 insertions(+) create mode 100644 plugins/wazuh-analysis/public/groups/endpoint-security/nav-items.ts diff --git a/plugins/wazuh-analysis/public/groups/endpoint-security/nav-items.ts b/plugins/wazuh-analysis/public/groups/endpoint-security/nav-items.ts new file mode 100644 index 0000000000..d2cd2e9e70 --- /dev/null +++ b/plugins/wazuh-analysis/public/groups/endpoint-security/nav-items.ts @@ -0,0 +1,22 @@ +import { EuiSideNavItemType, htmlIdGenerator } from '@elastic/eui'; +import { App } from 'opensearch-dashboards/public'; +import { createSideNavItems } from '../side-nav'; +import { ENDPOINT_SECURITY_ID, ENDPOINT_SECURITY_TITLE } from './constants'; +import { getEndpointSecurityApps } from './applications'; + +interface Props { + selectedAppId?: App['id']; +} + +export function createEndpointSecurityNavItems( + props?: Props, +): EuiSideNavItemType[] { + const items: EuiSideNavItemType[] = createSideNavItems( + htmlIdGenerator(ENDPOINT_SECURITY_ID)(), + ENDPOINT_SECURITY_TITLE, + getEndpointSecurityApps(), + props?.selectedAppId, + ); + + return items; +} From 026ed918b3b6b86ca5511260952f497c4fbd8f98 Mon Sep 17 00:00:00 2001 From: Guido Modarelli Date: Wed, 5 Feb 2025 16:30:02 -0300 Subject: [PATCH 123/212] Add Layout component for structured page layout with sidebar navigation --- .../wazuh-analysis/public/groups/layout.tsx | 29 +++++++++++++++++++ 1 file changed, 29 insertions(+) create mode 100644 plugins/wazuh-analysis/public/groups/layout.tsx diff --git a/plugins/wazuh-analysis/public/groups/layout.tsx b/plugins/wazuh-analysis/public/groups/layout.tsx new file mode 100644 index 0000000000..802a3a8f27 --- /dev/null +++ b/plugins/wazuh-analysis/public/groups/layout.tsx @@ -0,0 +1,29 @@ +import { + EuiPage, + EuiPageBody, + EuiPageContentBody, + EuiPageSideBar, + EuiSideNav, + EuiSideNavItemType, +} from '@elastic/eui'; +import React from 'react'; + +interface LayoutProps { + 'aria-label': string; + items: EuiSideNavItemType[]; + children: React.ReactChild[]; +} + +export const Layout = (props: LayoutProps) => ( + + + + + + {props.children} + + +); From 4b737e8160c91a795290a6de309c4075ebd835ec Mon Sep 17 00:00:00 2001 From: Guido Modarelli Date: Wed, 5 Feb 2025 16:34:41 -0300 Subject: [PATCH 124/212] Add new endpoint security applications: Configuration Assessment, FIM, and Malware Detection --- .../configuration-assesment/application.tsx | 10 +++++++++ .../configuration-assesment.tsx | 22 +++++++++++++++++++ .../apps/fim/application.tsx | 10 +++++++++ .../groups/endpoint-security/apps/fim/fim.tsx | 16 ++++++++++++++ .../apps/malware-detection/application.tsx | 10 +++++++++ .../malware-detection/malware-detection.tsx | 22 +++++++++++++++++++ 6 files changed, 90 insertions(+) create mode 100644 plugins/wazuh-analysis/public/groups/endpoint-security/apps/configuration-assesment/application.tsx create mode 100644 plugins/wazuh-analysis/public/groups/endpoint-security/apps/configuration-assesment/configuration-assesment.tsx create mode 100644 plugins/wazuh-analysis/public/groups/endpoint-security/apps/fim/application.tsx create mode 100644 plugins/wazuh-analysis/public/groups/endpoint-security/apps/fim/fim.tsx create mode 100644 plugins/wazuh-analysis/public/groups/endpoint-security/apps/malware-detection/application.tsx create mode 100644 plugins/wazuh-analysis/public/groups/endpoint-security/apps/malware-detection/malware-detection.tsx diff --git a/plugins/wazuh-analysis/public/groups/endpoint-security/apps/configuration-assesment/application.tsx b/plugins/wazuh-analysis/public/groups/endpoint-security/apps/configuration-assesment/application.tsx new file mode 100644 index 0000000000..6cffc2d316 --- /dev/null +++ b/plugins/wazuh-analysis/public/groups/endpoint-security/apps/configuration-assesment/application.tsx @@ -0,0 +1,10 @@ +import React from 'react'; +import ReactDOM from 'react-dom'; +import { AppMountParameters } from 'opensearch-dashboards/public'; +import ConfigurationAssessmentApp from './configuration-assesment'; + +export const renderApp = async ({ element }: AppMountParameters) => { + ReactDOM.render(, element); + + return () => ReactDOM.unmountComponentAtNode(element); +}; diff --git a/plugins/wazuh-analysis/public/groups/endpoint-security/apps/configuration-assesment/configuration-assesment.tsx b/plugins/wazuh-analysis/public/groups/endpoint-security/apps/configuration-assesment/configuration-assesment.tsx new file mode 100644 index 0000000000..8783e1071e --- /dev/null +++ b/plugins/wazuh-analysis/public/groups/endpoint-security/apps/configuration-assesment/configuration-assesment.tsx @@ -0,0 +1,22 @@ +import React from 'react'; +import { Layout } from '../../../layout'; +import { + CONFIGURATION_ASSESSMENT_ID, + CONFIGURATION_ASSESSMENT_TITLE, + ENDPOINT_SECURITY_TITLE, +} from '../../constants'; +import { createEndpointSecurityNavItems } from '../../nav-items'; + +const ConfigurationAssessmentApp = () => { + const items = createEndpointSecurityNavItems({ + selectedAppId: CONFIGURATION_ASSESSMENT_ID, + }); + + return ( + + {CONFIGURATION_ASSESSMENT_TITLE} App + + ); +}; + +export default ConfigurationAssessmentApp; diff --git a/plugins/wazuh-analysis/public/groups/endpoint-security/apps/fim/application.tsx b/plugins/wazuh-analysis/public/groups/endpoint-security/apps/fim/application.tsx new file mode 100644 index 0000000000..57d0e7bfa7 --- /dev/null +++ b/plugins/wazuh-analysis/public/groups/endpoint-security/apps/fim/application.tsx @@ -0,0 +1,10 @@ +import React from 'react'; +import ReactDOM from 'react-dom'; +import { AppMountParameters } from 'opensearch-dashboards/public'; +import FimApp from './fim'; + +export const renderApp = async ({ element }: AppMountParameters) => { + ReactDOM.render(, element); + + return () => ReactDOM.unmountComponentAtNode(element); +}; diff --git a/plugins/wazuh-analysis/public/groups/endpoint-security/apps/fim/fim.tsx b/plugins/wazuh-analysis/public/groups/endpoint-security/apps/fim/fim.tsx new file mode 100644 index 0000000000..7e8e880de4 --- /dev/null +++ b/plugins/wazuh-analysis/public/groups/endpoint-security/apps/fim/fim.tsx @@ -0,0 +1,16 @@ +import React from 'react'; +import { Layout } from '../../../layout'; +import { ENDPOINT_SECURITY_TITLE, FIM_ID, FIM_TITLE } from '../../constants'; +import { createEndpointSecurityNavItems } from '../../nav-items'; + +const FimApp = () => { + const items = createEndpointSecurityNavItems({ selectedAppId: FIM_ID }); + + return ( + + {FIM_TITLE} App + + ); +}; + +export default FimApp; diff --git a/plugins/wazuh-analysis/public/groups/endpoint-security/apps/malware-detection/application.tsx b/plugins/wazuh-analysis/public/groups/endpoint-security/apps/malware-detection/application.tsx new file mode 100644 index 0000000000..830c87d8cf --- /dev/null +++ b/plugins/wazuh-analysis/public/groups/endpoint-security/apps/malware-detection/application.tsx @@ -0,0 +1,10 @@ +import React from 'react'; +import ReactDOM from 'react-dom'; +import { AppMountParameters } from 'opensearch-dashboards/public'; +import MalwareDetectionApp from './malware-detection'; + +export const renderApp = async ({ element }: AppMountParameters) => { + ReactDOM.render(, element); + + return () => ReactDOM.unmountComponentAtNode(element); +}; diff --git a/plugins/wazuh-analysis/public/groups/endpoint-security/apps/malware-detection/malware-detection.tsx b/plugins/wazuh-analysis/public/groups/endpoint-security/apps/malware-detection/malware-detection.tsx new file mode 100644 index 0000000000..e7bdbdcda9 --- /dev/null +++ b/plugins/wazuh-analysis/public/groups/endpoint-security/apps/malware-detection/malware-detection.tsx @@ -0,0 +1,22 @@ +import React from 'react'; +import { Layout } from '../../../layout'; +import { + ENDPOINT_SECURITY_TITLE, + MALWARE_DETECTION_ID, + MALWARE_DETECTION_TITLE, +} from '../../constants'; +import { createEndpointSecurityNavItems } from '../../nav-items'; + +const MalwareDetectionApp = () => { + const items = createEndpointSecurityNavItems({ + selectedAppId: MALWARE_DETECTION_ID, + }); + + return ( + + {MALWARE_DETECTION_TITLE} App + + ); +}; + +export default MalwareDetectionApp; From 2aca4ab53f8ef955534b6eb98d8d5a25e6a4341c Mon Sep 17 00:00:00 2001 From: Guido Modarelli Date: Wed, 5 Feb 2025 16:36:16 -0300 Subject: [PATCH 125/212] Update endpoint security applications imports for configuration assessment, malware detection, and FIM --- .../public/groups/endpoint-security/applications.ts | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/plugins/wazuh-analysis/public/groups/endpoint-security/applications.ts b/plugins/wazuh-analysis/public/groups/endpoint-security/applications.ts index 7710eef626..8b25d6beb5 100644 --- a/plugins/wazuh-analysis/public/groups/endpoint-security/applications.ts +++ b/plugins/wazuh-analysis/public/groups/endpoint-security/applications.ts @@ -23,9 +23,11 @@ export function getEndpointSecurityApps(updater$?: Subject): App[] { updater$, mount: async (params: AppMountParameters) => { // TODO: Implement the configuration assessment application - const { renderApp } = await import('../../application'); + const { renderApp } = await import( + './apps/configuration-assesment/application' + ); - return await renderApp(params, {}); + return await renderApp(params); }, }, { @@ -35,7 +37,9 @@ export function getEndpointSecurityApps(updater$?: Subject): App[] { updater$, mount: async (params: AppMountParameters) => { // TODO: Implement the malware detection application - const { renderApp } = await import('../../application'); + const { renderApp } = await import( + './apps/malware-detection/application' + ); return await renderApp(params, {}); }, @@ -47,7 +51,7 @@ export function getEndpointSecurityApps(updater$?: Subject): App[] { updater$, mount: async (params: AppMountParameters) => { // TODO: Implement the fim application - const { renderApp } = await import('../../application'); + const { renderApp } = await import('./apps/fim/application'); return await renderApp(params, {}); }, From 31dc58b2e647337cbb7464bec038b19ec3033645 Mon Sep 17 00:00:00 2001 From: Guido Modarelli Date: Thu, 6 Feb 2025 13:48:25 +0000 Subject: [PATCH 126/212] Update Layout component to accept a single child or an array of children Refactor imports in types.ts to use constants from respective modules Remove empty object parameter from renderApp calls in endpoint security applications Refactor endpoint security applications to use Layout component and pass AppMountParameters refactor: remove history parameter from renderApp calls in endpoint security applications --- .../groups/endpoint-security/applications.ts | 4 +-- .../configuration-assesment/application.tsx | 23 +++++++++++++--- .../configuration-assesment.tsx | 27 ++++++------------- .../apps/fim/application.tsx | 20 +++++++++++--- .../groups/endpoint-security/apps/fim/fim.tsx | 19 +++++-------- .../apps/malware-detection/application.tsx | 20 +++++++++++--- .../malware-detection/malware-detection.tsx | 27 ++++++------------- .../wazuh-analysis/public/groups/layout.tsx | 2 +- plugins/wazuh-analysis/public/groups/types.ts | 8 +++--- 9 files changed, 80 insertions(+), 70 deletions(-) diff --git a/plugins/wazuh-analysis/public/groups/endpoint-security/applications.ts b/plugins/wazuh-analysis/public/groups/endpoint-security/applications.ts index 8b25d6beb5..a36e177593 100644 --- a/plugins/wazuh-analysis/public/groups/endpoint-security/applications.ts +++ b/plugins/wazuh-analysis/public/groups/endpoint-security/applications.ts @@ -41,7 +41,7 @@ export function getEndpointSecurityApps(updater$?: Subject): App[] { './apps/malware-detection/application' ); - return await renderApp(params, {}); + return await renderApp(params); }, }, { @@ -53,7 +53,7 @@ export function getEndpointSecurityApps(updater$?: Subject): App[] { // TODO: Implement the fim application const { renderApp } = await import('./apps/fim/application'); - return await renderApp(params, {}); + return await renderApp(params); }, }, ]; diff --git a/plugins/wazuh-analysis/public/groups/endpoint-security/apps/configuration-assesment/application.tsx b/plugins/wazuh-analysis/public/groups/endpoint-security/apps/configuration-assesment/application.tsx index 6cffc2d316..81b414912d 100644 --- a/plugins/wazuh-analysis/public/groups/endpoint-security/apps/configuration-assesment/application.tsx +++ b/plugins/wazuh-analysis/public/groups/endpoint-security/apps/configuration-assesment/application.tsx @@ -1,10 +1,25 @@ import React from 'react'; import ReactDOM from 'react-dom'; import { AppMountParameters } from 'opensearch-dashboards/public'; -import ConfigurationAssessmentApp from './configuration-assesment'; +import { createEndpointSecurityNavItems } from '../../nav-items'; +import { + CONFIGURATION_ASSESSMENT_ID, + ENDPOINT_SECURITY_TITLE, +} from '../../constants'; +import { Layout } from '../../../layout'; +import { ConfigurationAssessmentApp } from './configuration-assesment'; -export const renderApp = async ({ element }: AppMountParameters) => { - ReactDOM.render(, element); +export const renderApp = async (params: AppMountParameters) => { + const items = createEndpointSecurityNavItems({ + selectedAppId: CONFIGURATION_ASSESSMENT_ID, + }); - return () => ReactDOM.unmountComponentAtNode(element); + ReactDOM.render( + + + , + params.element, + ); + + return () => ReactDOM.unmountComponentAtNode(params.element); }; diff --git a/plugins/wazuh-analysis/public/groups/endpoint-security/apps/configuration-assesment/configuration-assesment.tsx b/plugins/wazuh-analysis/public/groups/endpoint-security/apps/configuration-assesment/configuration-assesment.tsx index 8783e1071e..c009b3f707 100644 --- a/plugins/wazuh-analysis/public/groups/endpoint-security/apps/configuration-assesment/configuration-assesment.tsx +++ b/plugins/wazuh-analysis/public/groups/endpoint-security/apps/configuration-assesment/configuration-assesment.tsx @@ -1,22 +1,11 @@ import React from 'react'; -import { Layout } from '../../../layout'; -import { - CONFIGURATION_ASSESSMENT_ID, - CONFIGURATION_ASSESSMENT_TITLE, - ENDPOINT_SECURITY_TITLE, -} from '../../constants'; -import { createEndpointSecurityNavItems } from '../../nav-items'; +import { AppMountParameters } from 'opensearch-dashboards/public'; +import { CONFIGURATION_ASSESSMENT_TITLE } from '../../constants'; -const ConfigurationAssessmentApp = () => { - const items = createEndpointSecurityNavItems({ - selectedAppId: CONFIGURATION_ASSESSMENT_ID, - }); +interface ConfigurationAssessmentAppProps { + params: AppMountParameters; +} - return ( - - {CONFIGURATION_ASSESSMENT_TITLE} App - - ); -}; - -export default ConfigurationAssessmentApp; +export const ConfigurationAssessmentApp = ( + _props: ConfigurationAssessmentAppProps, +) => <>{CONFIGURATION_ASSESSMENT_TITLE} App; diff --git a/plugins/wazuh-analysis/public/groups/endpoint-security/apps/fim/application.tsx b/plugins/wazuh-analysis/public/groups/endpoint-security/apps/fim/application.tsx index 57d0e7bfa7..16983d2929 100644 --- a/plugins/wazuh-analysis/public/groups/endpoint-security/apps/fim/application.tsx +++ b/plugins/wazuh-analysis/public/groups/endpoint-security/apps/fim/application.tsx @@ -1,10 +1,22 @@ import React from 'react'; import ReactDOM from 'react-dom'; import { AppMountParameters } from 'opensearch-dashboards/public'; -import FimApp from './fim'; +import { Layout } from '../../../layout'; +import { ENDPOINT_SECURITY_TITLE, FIM_ID } from '../../constants'; +import { createEndpointSecurityNavItems } from '../../nav-items'; +import { FimApp } from './fim'; -export const renderApp = async ({ element }: AppMountParameters) => { - ReactDOM.render(, element); +export const renderApp = async (params: AppMountParameters) => { + const items = createEndpointSecurityNavItems({ + selectedAppId: FIM_ID, + }); - return () => ReactDOM.unmountComponentAtNode(element); + ReactDOM.render( + + + , + params.element, + ); + + return () => ReactDOM.unmountComponentAtNode(params.element); }; diff --git a/plugins/wazuh-analysis/public/groups/endpoint-security/apps/fim/fim.tsx b/plugins/wazuh-analysis/public/groups/endpoint-security/apps/fim/fim.tsx index 7e8e880de4..2055e427c7 100644 --- a/plugins/wazuh-analysis/public/groups/endpoint-security/apps/fim/fim.tsx +++ b/plugins/wazuh-analysis/public/groups/endpoint-security/apps/fim/fim.tsx @@ -1,16 +1,9 @@ import React from 'react'; -import { Layout } from '../../../layout'; -import { ENDPOINT_SECURITY_TITLE, FIM_ID, FIM_TITLE } from '../../constants'; -import { createEndpointSecurityNavItems } from '../../nav-items'; +import { AppMountParameters } from 'opensearch-dashboards/public'; +import { FIM_TITLE } from '../../constants'; -const FimApp = () => { - const items = createEndpointSecurityNavItems({ selectedAppId: FIM_ID }); +interface FimAppProps { + params: AppMountParameters; +} - return ( - - {FIM_TITLE} App - - ); -}; - -export default FimApp; +export const FimApp = (_props: FimAppProps) => <>{FIM_TITLE} App; diff --git a/plugins/wazuh-analysis/public/groups/endpoint-security/apps/malware-detection/application.tsx b/plugins/wazuh-analysis/public/groups/endpoint-security/apps/malware-detection/application.tsx index 830c87d8cf..f92d18455f 100644 --- a/plugins/wazuh-analysis/public/groups/endpoint-security/apps/malware-detection/application.tsx +++ b/plugins/wazuh-analysis/public/groups/endpoint-security/apps/malware-detection/application.tsx @@ -1,10 +1,22 @@ import React from 'react'; import ReactDOM from 'react-dom'; import { AppMountParameters } from 'opensearch-dashboards/public'; -import MalwareDetectionApp from './malware-detection'; +import { ENDPOINT_SECURITY_TITLE, MALWARE_DETECTION_ID } from '../../constants'; +import { createEndpointSecurityNavItems } from '../../nav-items'; +import { Layout } from '../../../layout'; +import { MalwareDetectionApp } from './malware-detection'; -export const renderApp = async ({ element }: AppMountParameters) => { - ReactDOM.render(, element); +export const renderApp = async (params: AppMountParameters) => { + const items = createEndpointSecurityNavItems({ + selectedAppId: MALWARE_DETECTION_ID, + }); - return () => ReactDOM.unmountComponentAtNode(element); + ReactDOM.render( + + + , + params.element, + ); + + return () => ReactDOM.unmountComponentAtNode(params.element); }; diff --git a/plugins/wazuh-analysis/public/groups/endpoint-security/apps/malware-detection/malware-detection.tsx b/plugins/wazuh-analysis/public/groups/endpoint-security/apps/malware-detection/malware-detection.tsx index e7bdbdcda9..0df3aa91fd 100644 --- a/plugins/wazuh-analysis/public/groups/endpoint-security/apps/malware-detection/malware-detection.tsx +++ b/plugins/wazuh-analysis/public/groups/endpoint-security/apps/malware-detection/malware-detection.tsx @@ -1,22 +1,11 @@ import React from 'react'; -import { Layout } from '../../../layout'; -import { - ENDPOINT_SECURITY_TITLE, - MALWARE_DETECTION_ID, - MALWARE_DETECTION_TITLE, -} from '../../constants'; -import { createEndpointSecurityNavItems } from '../../nav-items'; +import { AppMountParameters } from 'opensearch-dashboards/public'; +import { MALWARE_DETECTION_TITLE } from '../../constants'; -const MalwareDetectionApp = () => { - const items = createEndpointSecurityNavItems({ - selectedAppId: MALWARE_DETECTION_ID, - }); +interface MalwareDetectionAppProps { + params: AppMountParameters; +} - return ( - - {MALWARE_DETECTION_TITLE} App - - ); -}; - -export default MalwareDetectionApp; +export const MalwareDetectionApp = (_props: MalwareDetectionAppProps) => ( + <>{MALWARE_DETECTION_TITLE} App +); diff --git a/plugins/wazuh-analysis/public/groups/layout.tsx b/plugins/wazuh-analysis/public/groups/layout.tsx index 802a3a8f27..a347fe5f7b 100644 --- a/plugins/wazuh-analysis/public/groups/layout.tsx +++ b/plugins/wazuh-analysis/public/groups/layout.tsx @@ -11,7 +11,7 @@ import React from 'react'; interface LayoutProps { 'aria-label': string; items: EuiSideNavItemType[]; - children: React.ReactChild[]; + children: React.ReactChild[] | React.ReactChild; } export const Layout = (props: LayoutProps) => ( diff --git a/plugins/wazuh-analysis/public/groups/types.ts b/plugins/wazuh-analysis/public/groups/types.ts index e83495f355..4e4549b461 100644 --- a/plugins/wazuh-analysis/public/groups/types.ts +++ b/plugins/wazuh-analysis/public/groups/types.ts @@ -6,10 +6,10 @@ import { CoreSetup, } from 'opensearch-dashboards/public'; import { Subject } from 'rxjs'; -import { SECURITY_OPERATIONS_ID } from './security-operations'; -import { THREAT_INTELLIGENCE_ID } from './threat-intelligence'; -import { ENDPOINT_SECURITY_ID } from './endpoint-security'; -import { CLOUD_SECURITY_ID } from './cloud-security'; +import { SECURITY_OPERATIONS_ID } from './security-operations/constants'; +import { THREAT_INTELLIGENCE_ID } from './threat-intelligence/constants'; +import { ENDPOINT_SECURITY_ID } from './endpoint-security/constants'; +import { CLOUD_SECURITY_ID } from './cloud-security/constants'; export type GroupsId = | typeof ENDPOINT_SECURITY_ID From 6fd31a9b79479a8b5a3085baea23a2942a608d7e Mon Sep 17 00:00:00 2001 From: Guido Modarelli Date: Thu, 6 Feb 2025 12:11:59 -0300 Subject: [PATCH 127/212] feat: implement navigation to the first endpoint security app on mount --- .../wazuh-analysis/public/groups/endpoint-security/index.ts | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/plugins/wazuh-analysis/public/groups/endpoint-security/index.ts b/plugins/wazuh-analysis/public/groups/endpoint-security/index.ts index 2596561d36..6d779b1503 100644 --- a/plugins/wazuh-analysis/public/groups/endpoint-security/index.ts +++ b/plugins/wazuh-analysis/public/groups/endpoint-security/index.ts @@ -9,6 +9,7 @@ import { } from '../../../../../src/core/public'; import { CATEGORY } from '../category'; import { Group } from '../types'; +import { getCore } from '../../plugin-services'; import { getEndpointSecurityApps } from './applications'; import { ENDPOINT_SECURITY_DESCRIPTION, @@ -37,7 +38,9 @@ export const EndpointSecurityNavGroup: Group = { mount: async (_params: AppMountParameters) => // TODO: Implement the endpoint security landing page - () => {}, + () => { + getCore().application.navigateToApp(getEndpointSecurityApps()[0].id); + }, }; }, From 6831abec252652f220d55a71bc77b517156380a8 Mon Sep 17 00:00:00 2001 From: Guido Modarelli Date: Thu, 6 Feb 2025 12:12:25 -0300 Subject: [PATCH 128/212] feat: add plugin services for core getter and setter in Wazuh analysis plugin --- plugins/wazuh-analysis/public/plugin-services.ts | 4 ++++ plugins/wazuh-analysis/public/plugin.ts | 7 ++++--- 2 files changed, 8 insertions(+), 3 deletions(-) create mode 100644 plugins/wazuh-analysis/public/plugin-services.ts diff --git a/plugins/wazuh-analysis/public/plugin-services.ts b/plugins/wazuh-analysis/public/plugin-services.ts new file mode 100644 index 0000000000..74c69915da --- /dev/null +++ b/plugins/wazuh-analysis/public/plugin-services.ts @@ -0,0 +1,4 @@ +import { CoreStart } from 'opensearch-dashboards/public'; +import { createGetterSetter } from '../../../src/plugins/opensearch_dashboards_utils/common'; + +export const [getCore, setCore] = createGetterSetter('Core'); diff --git a/plugins/wazuh-analysis/public/plugin.ts b/plugins/wazuh-analysis/public/plugin.ts index fc7a535698..9c250b4add 100644 --- a/plugins/wazuh-analysis/public/plugin.ts +++ b/plugins/wazuh-analysis/public/plugin.ts @@ -12,6 +12,7 @@ import { EndpointSecurityNavGroup } from './groups/endpoint-security'; import { SecurityOperationsNavGroup } from './groups/security-operations'; import { ThreatIntelligenceNavGroup } from './groups/threat-intelligence'; import { Group, GroupsId } from './groups/types'; +import { getCore, setCore } from './plugin-services'; import { AnalysisSetup, AnalysisSetupDependencies, @@ -23,7 +24,6 @@ export class AnalysisPlugin implements Plugin { - private coreStart?: CoreStart; private readonly navGroups: Group[] = [ EndpointSecurityNavGroup, ThreatIntelligenceNavGroup, @@ -49,7 +49,7 @@ export class AnalysisPlugin searchPages( query, applications.map(app => app.id), - this.coreStart, + getCore(), done, ), }); @@ -95,9 +95,10 @@ export class AnalysisPlugin core: CoreStart, plugins: AnalysisStartDependencies, ): AnalysisStart | Promise { + setCore(core); + const wazuhCore = plugins.wazuhCore; - this.coreStart = core; wazuhCore.applicationService.onAppStartupSubscribe(core); return {}; From 684abfcf34c71f79060171c7ac51c2716f8101ae Mon Sep 17 00:00:00 2001 From: Guido Modarelli Date: Thu, 6 Feb 2025 12:12:58 -0300 Subject: [PATCH 129/212] feat: update side navigation to use core application navigation --- plugins/wazuh-analysis/public/groups/side-nav.tsx | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/plugins/wazuh-analysis/public/groups/side-nav.tsx b/plugins/wazuh-analysis/public/groups/side-nav.tsx index 63db9b4f77..c111c2afdd 100644 --- a/plugins/wazuh-analysis/public/groups/side-nav.tsx +++ b/plugins/wazuh-analysis/public/groups/side-nav.tsx @@ -1,5 +1,6 @@ import { EuiSideNavItemType } from '@elastic/eui'; import { App } from 'opensearch-dashboards/public'; +import { getCore } from '../plugin-services'; export function createSideNavItems( id: string, @@ -14,7 +15,7 @@ export function createSideNavItems( items: apps.map(app => ({ id: app.id, name: app.title, - onClick: () => alert(`click on ${app.id}`), + onClick: () => getCore().application.navigateToApp(app.id), isSelected: app.id === selectedAppId, })), }, From 7d4bda92afa9221c80e8d1eb41c797bcc2a9984f Mon Sep 17 00:00:00 2001 From: Guido Modarelli Date: Thu, 6 Feb 2025 12:13:17 -0300 Subject: [PATCH 130/212] feat: add opensearchDashboardsUtils as a required plugin for Wazuh analysis --- plugins/wazuh-analysis/opensearch_dashboards.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/plugins/wazuh-analysis/opensearch_dashboards.json b/plugins/wazuh-analysis/opensearch_dashboards.json index 9142a1e710..1dc0f563d9 100644 --- a/plugins/wazuh-analysis/opensearch_dashboards.json +++ b/plugins/wazuh-analysis/opensearch_dashboards.json @@ -4,5 +4,5 @@ "opensearchDashboardsVersion": "opensearchDashboards", "server": false, "ui": true, - "requiredPlugins": ["wazuhCore"] + "requiredPlugins": ["opensearchDashboardsUtils", "wazuhCore"] } From d8d912948a2dd1a09bb5883ad46e652e600de1b2 Mon Sep 17 00:00:00 2001 From: Guido Modarelli Date: Thu, 6 Feb 2025 12:26:07 -0300 Subject: [PATCH 131/212] refactor: remove order property from navigation groups in Wazuh analysis plugin --- plugins/wazuh-analysis/public/groups/cloud-security/index.ts | 1 - .../wazuh-analysis/public/groups/endpoint-security/index.ts | 5 ++--- .../public/groups/security-operations/index.ts | 1 - .../public/groups/threat-intelligence/index.ts | 1 - 4 files changed, 2 insertions(+), 6 deletions(-) diff --git a/plugins/wazuh-analysis/public/groups/cloud-security/index.ts b/plugins/wazuh-analysis/public/groups/cloud-security/index.ts index e5eff35f41..8a08e121f6 100644 --- a/plugins/wazuh-analysis/public/groups/cloud-security/index.ts +++ b/plugins/wazuh-analysis/public/groups/cloud-security/index.ts @@ -44,7 +44,6 @@ export const CloudSecurityNavGroup: Group = { return { id: CLOUD_SECURITY_ID, title: CLOUD_SECURITY_TITLE, - order: 0, category: CATEGORY, }; }, diff --git a/plugins/wazuh-analysis/public/groups/endpoint-security/index.ts b/plugins/wazuh-analysis/public/groups/endpoint-security/index.ts index 6d779b1503..540b11d61c 100644 --- a/plugins/wazuh-analysis/public/groups/endpoint-security/index.ts +++ b/plugins/wazuh-analysis/public/groups/endpoint-security/index.ts @@ -39,8 +39,8 @@ export const EndpointSecurityNavGroup: Group = { async (_params: AppMountParameters) => // TODO: Implement the endpoint security landing page () => { - getCore().application.navigateToApp(getEndpointSecurityApps()[0].id); - }, + getCore().application.navigateToApp(getEndpointSecurityApps()[0].id); + }, }; }, @@ -48,7 +48,6 @@ export const EndpointSecurityNavGroup: Group = { return { id: ENDPOINT_SECURITY_ID, title: ENDPOINT_SECURITY_TITLE, - order: 0, category: CATEGORY, }; }, diff --git a/plugins/wazuh-analysis/public/groups/security-operations/index.ts b/plugins/wazuh-analysis/public/groups/security-operations/index.ts index a33486721a..d75190cc3e 100644 --- a/plugins/wazuh-analysis/public/groups/security-operations/index.ts +++ b/plugins/wazuh-analysis/public/groups/security-operations/index.ts @@ -45,7 +45,6 @@ export const SecurityOperationsNavGroup: Group = return { id: SECURITY_OPERATIONS_ID, title: SECURITY_OPERATIONS_TITLE, - order: 0, category: CATEGORY, }; }, diff --git a/plugins/wazuh-analysis/public/groups/threat-intelligence/index.ts b/plugins/wazuh-analysis/public/groups/threat-intelligence/index.ts index 536e3ada08..d185288f4e 100644 --- a/plugins/wazuh-analysis/public/groups/threat-intelligence/index.ts +++ b/plugins/wazuh-analysis/public/groups/threat-intelligence/index.ts @@ -45,7 +45,6 @@ export const ThreatIntelligenceNavGroup: Group = return { id: THREAT_INTELLIGENCE_ID, title: THREAT_INTELLIGENCE_TITLE, - order: 0, category: CATEGORY, }; }, From eb51dc66cf4c58ce0c9c835f7a57598b89a77c70 Mon Sep 17 00:00:00 2001 From: Guido Modarelli Date: Thu, 6 Feb 2025 12:26:28 -0300 Subject: [PATCH 132/212] feat: implement navigation to the first endpoint security app in the mount function --- .../public/groups/endpoint-security/index.ts | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/plugins/wazuh-analysis/public/groups/endpoint-security/index.ts b/plugins/wazuh-analysis/public/groups/endpoint-security/index.ts index 540b11d61c..27bbb870c2 100644 --- a/plugins/wazuh-analysis/public/groups/endpoint-security/index.ts +++ b/plugins/wazuh-analysis/public/groups/endpoint-security/index.ts @@ -35,11 +35,10 @@ export const EndpointSecurityNavGroup: Group = { id: ENDPOINT_SECURITY_ID, title: ENDPOINT_SECURITY_TITLE, category: CATEGORY, - mount: - async (_params: AppMountParameters) => - // TODO: Implement the endpoint security landing page - () => { + mount: async (_params: AppMountParameters) => { getCore().application.navigateToApp(getEndpointSecurityApps()[0].id); + + return () => {}; }, }; }, From 0f14727644e2e6a8bcc3f6b15bfd5163a5905adb Mon Sep 17 00:00:00 2001 From: Guido Modarelli Date: Thu, 6 Feb 2025 12:28:54 -0300 Subject: [PATCH 133/212] feat: conditionally render side navigation based on nav group settings --- plugins/wazuh-analysis/public/groups/layout.tsx | 15 +++++++++------ 1 file changed, 9 insertions(+), 6 deletions(-) diff --git a/plugins/wazuh-analysis/public/groups/layout.tsx b/plugins/wazuh-analysis/public/groups/layout.tsx index a347fe5f7b..ff654ffbb8 100644 --- a/plugins/wazuh-analysis/public/groups/layout.tsx +++ b/plugins/wazuh-analysis/public/groups/layout.tsx @@ -7,6 +7,7 @@ import { EuiSideNavItemType, } from '@elastic/eui'; import React from 'react'; +import { getCore } from '../plugin-services'; interface LayoutProps { 'aria-label': string; @@ -16,12 +17,14 @@ interface LayoutProps { export const Layout = (props: LayoutProps) => ( - - - + {!getCore().chrome.navGroup.getNavGroupEnabled() && ( + + + + )} {props.children} From b77d72e16d98a39075147f8ff14591c9cf373cb2 Mon Sep 17 00:00:00 2001 From: Guido Modarelli Date: Thu, 6 Feb 2025 12:31:38 -0300 Subject: [PATCH 134/212] refactor: update import paths for endpoint security apps to use new filenames --- .../apps/configuration-assesment/application.tsx | 2 +- ...figuration-assesment.tsx => configuration-assesment-app.tsx} | 0 .../public/groups/endpoint-security/apps/fim/application.tsx | 2 +- .../groups/endpoint-security/apps/fim/{fim.tsx => fim-app.tsx} | 0 .../endpoint-security/apps/malware-detection/application.tsx | 2 +- .../{malware-detection.tsx => malware-detection-app.tsx} | 0 6 files changed, 3 insertions(+), 3 deletions(-) rename plugins/wazuh-analysis/public/groups/endpoint-security/apps/configuration-assesment/{configuration-assesment.tsx => configuration-assesment-app.tsx} (100%) rename plugins/wazuh-analysis/public/groups/endpoint-security/apps/fim/{fim.tsx => fim-app.tsx} (100%) rename plugins/wazuh-analysis/public/groups/endpoint-security/apps/malware-detection/{malware-detection.tsx => malware-detection-app.tsx} (100%) diff --git a/plugins/wazuh-analysis/public/groups/endpoint-security/apps/configuration-assesment/application.tsx b/plugins/wazuh-analysis/public/groups/endpoint-security/apps/configuration-assesment/application.tsx index 81b414912d..75086b6998 100644 --- a/plugins/wazuh-analysis/public/groups/endpoint-security/apps/configuration-assesment/application.tsx +++ b/plugins/wazuh-analysis/public/groups/endpoint-security/apps/configuration-assesment/application.tsx @@ -7,7 +7,7 @@ import { ENDPOINT_SECURITY_TITLE, } from '../../constants'; import { Layout } from '../../../layout'; -import { ConfigurationAssessmentApp } from './configuration-assesment'; +import { ConfigurationAssessmentApp } from './configuration-assesment-app'; export const renderApp = async (params: AppMountParameters) => { const items = createEndpointSecurityNavItems({ diff --git a/plugins/wazuh-analysis/public/groups/endpoint-security/apps/configuration-assesment/configuration-assesment.tsx b/plugins/wazuh-analysis/public/groups/endpoint-security/apps/configuration-assesment/configuration-assesment-app.tsx similarity index 100% rename from plugins/wazuh-analysis/public/groups/endpoint-security/apps/configuration-assesment/configuration-assesment.tsx rename to plugins/wazuh-analysis/public/groups/endpoint-security/apps/configuration-assesment/configuration-assesment-app.tsx diff --git a/plugins/wazuh-analysis/public/groups/endpoint-security/apps/fim/application.tsx b/plugins/wazuh-analysis/public/groups/endpoint-security/apps/fim/application.tsx index 16983d2929..bfb9e9ca26 100644 --- a/plugins/wazuh-analysis/public/groups/endpoint-security/apps/fim/application.tsx +++ b/plugins/wazuh-analysis/public/groups/endpoint-security/apps/fim/application.tsx @@ -4,7 +4,7 @@ import { AppMountParameters } from 'opensearch-dashboards/public'; import { Layout } from '../../../layout'; import { ENDPOINT_SECURITY_TITLE, FIM_ID } from '../../constants'; import { createEndpointSecurityNavItems } from '../../nav-items'; -import { FimApp } from './fim'; +import { FimApp } from './fim-app'; export const renderApp = async (params: AppMountParameters) => { const items = createEndpointSecurityNavItems({ diff --git a/plugins/wazuh-analysis/public/groups/endpoint-security/apps/fim/fim.tsx b/plugins/wazuh-analysis/public/groups/endpoint-security/apps/fim/fim-app.tsx similarity index 100% rename from plugins/wazuh-analysis/public/groups/endpoint-security/apps/fim/fim.tsx rename to plugins/wazuh-analysis/public/groups/endpoint-security/apps/fim/fim-app.tsx diff --git a/plugins/wazuh-analysis/public/groups/endpoint-security/apps/malware-detection/application.tsx b/plugins/wazuh-analysis/public/groups/endpoint-security/apps/malware-detection/application.tsx index f92d18455f..ec4f1d70b6 100644 --- a/plugins/wazuh-analysis/public/groups/endpoint-security/apps/malware-detection/application.tsx +++ b/plugins/wazuh-analysis/public/groups/endpoint-security/apps/malware-detection/application.tsx @@ -4,7 +4,7 @@ import { AppMountParameters } from 'opensearch-dashboards/public'; import { ENDPOINT_SECURITY_TITLE, MALWARE_DETECTION_ID } from '../../constants'; import { createEndpointSecurityNavItems } from '../../nav-items'; import { Layout } from '../../../layout'; -import { MalwareDetectionApp } from './malware-detection'; +import { MalwareDetectionApp } from './malware-detection-app'; export const renderApp = async (params: AppMountParameters) => { const items = createEndpointSecurityNavItems({ diff --git a/plugins/wazuh-analysis/public/groups/endpoint-security/apps/malware-detection/malware-detection.tsx b/plugins/wazuh-analysis/public/groups/endpoint-security/apps/malware-detection/malware-detection-app.tsx similarity index 100% rename from plugins/wazuh-analysis/public/groups/endpoint-security/apps/malware-detection/malware-detection.tsx rename to plugins/wazuh-analysis/public/groups/endpoint-security/apps/malware-detection/malware-detection-app.tsx From 3204df41d9936afc47e5797d6701faab46569ffb Mon Sep 17 00:00:00 2001 From: Guido Modarelli Date: Thu, 6 Feb 2025 12:33:47 -0300 Subject: [PATCH 135/212] feat: add conditional navigation to the first endpoint security app based on nav group settings --- .../wazuh-analysis/public/groups/endpoint-security/index.ts | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/plugins/wazuh-analysis/public/groups/endpoint-security/index.ts b/plugins/wazuh-analysis/public/groups/endpoint-security/index.ts index 27bbb870c2..142b16a617 100644 --- a/plugins/wazuh-analysis/public/groups/endpoint-security/index.ts +++ b/plugins/wazuh-analysis/public/groups/endpoint-security/index.ts @@ -36,7 +36,9 @@ export const EndpointSecurityNavGroup: Group = { title: ENDPOINT_SECURITY_TITLE, category: CATEGORY, mount: async (_params: AppMountParameters) => { - getCore().application.navigateToApp(getEndpointSecurityApps()[0].id); + if (!getCore().chrome.navGroup.getNavGroupEnabled()) { + getCore().application.navigateToApp(getEndpointSecurityApps()[0].id); + } return () => {}; }, From 6b1b4ab5f6b2bac5a0702c4fe8bcfe24e8279f85 Mon Sep 17 00:00:00 2001 From: Guido Modarelli Date: Thu, 6 Feb 2025 12:45:45 -0300 Subject: [PATCH 136/212] refactor: make updater$ parameter optional in getApps method across navigation groups --- plugins/wazuh-analysis/public/groups/cloud-security/index.ts | 2 +- plugins/wazuh-analysis/public/groups/endpoint-security/index.ts | 2 +- .../wazuh-analysis/public/groups/security-operations/index.ts | 2 +- .../wazuh-analysis/public/groups/threat-intelligence/index.ts | 2 +- plugins/wazuh-analysis/public/groups/types.ts | 2 +- 5 files changed, 5 insertions(+), 5 deletions(-) diff --git a/plugins/wazuh-analysis/public/groups/cloud-security/index.ts b/plugins/wazuh-analysis/public/groups/cloud-security/index.ts index 8a08e121f6..778497def8 100644 --- a/plugins/wazuh-analysis/public/groups/cloud-security/index.ts +++ b/plugins/wazuh-analysis/public/groups/cloud-security/index.ts @@ -55,7 +55,7 @@ export const CloudSecurityNavGroup: Group = { })); }, - getApps(updater$: Subject): App[] { + getApps(updater$?: Subject): App[] { return getCloudSecurityApps(updater$); }, diff --git a/plugins/wazuh-analysis/public/groups/endpoint-security/index.ts b/plugins/wazuh-analysis/public/groups/endpoint-security/index.ts index 142b16a617..7b67b57090 100644 --- a/plugins/wazuh-analysis/public/groups/endpoint-security/index.ts +++ b/plugins/wazuh-analysis/public/groups/endpoint-security/index.ts @@ -60,7 +60,7 @@ export const EndpointSecurityNavGroup: Group = { })); }, - getApps(updater$: Subject): App[] { + getApps(updater$?: Subject): App[] { return getEndpointSecurityApps(updater$); }, diff --git a/plugins/wazuh-analysis/public/groups/security-operations/index.ts b/plugins/wazuh-analysis/public/groups/security-operations/index.ts index d75190cc3e..72dd5e69b4 100644 --- a/plugins/wazuh-analysis/public/groups/security-operations/index.ts +++ b/plugins/wazuh-analysis/public/groups/security-operations/index.ts @@ -56,7 +56,7 @@ export const SecurityOperationsNavGroup: Group = })); }, - getApps(updater$: Subject): App[] { + getApps(updater$?: Subject): App[] { return getSecurityOperationsApps(updater$); }, diff --git a/plugins/wazuh-analysis/public/groups/threat-intelligence/index.ts b/plugins/wazuh-analysis/public/groups/threat-intelligence/index.ts index d185288f4e..736013915d 100644 --- a/plugins/wazuh-analysis/public/groups/threat-intelligence/index.ts +++ b/plugins/wazuh-analysis/public/groups/threat-intelligence/index.ts @@ -56,7 +56,7 @@ export const ThreatIntelligenceNavGroup: Group = })); }, - getApps(updater$: Subject): App[] { + getApps(updater$?: Subject): App[] { return getThreatIntelligenceApps(updater$); }, diff --git a/plugins/wazuh-analysis/public/groups/types.ts b/plugins/wazuh-analysis/public/groups/types.ts index 4e4549b461..9f39d2de08 100644 --- a/plugins/wazuh-analysis/public/groups/types.ts +++ b/plugins/wazuh-analysis/public/groups/types.ts @@ -68,7 +68,7 @@ export interface Group { * such as its title, description, and configuration within the OpenSearch * Dashboards framework. */ - getApps: (updater$: Subject) => App[]; + getApps: (updater$?: Subject) => App[]; /** * This method is used to add navigation links related to the specific group From 5eaf6274f96ca4b69864d1277c40fbfbcc3a12a3 Mon Sep 17 00:00:00 2001 From: Guido Modarelli Date: Thu, 6 Feb 2025 12:50:40 -0300 Subject: [PATCH 137/212] refactor: replace createEndpointSecurityNavItems with createSideNavItems for navigation consistency --- .../configuration-assesment/application.tsx | 10 +++++---- .../apps/fim/application.tsx | 8 ++++--- .../apps/malware-detection/application.tsx | 10 +++++---- .../groups/endpoint-security/nav-items.ts | 22 ------------------- .../wazuh-analysis/public/groups/side-nav.tsx | 21 +++++++++--------- 5 files changed, 28 insertions(+), 43 deletions(-) delete mode 100644 plugins/wazuh-analysis/public/groups/endpoint-security/nav-items.ts diff --git a/plugins/wazuh-analysis/public/groups/endpoint-security/apps/configuration-assesment/application.tsx b/plugins/wazuh-analysis/public/groups/endpoint-security/apps/configuration-assesment/application.tsx index 75086b6998..4e5aeff2ee 100644 --- a/plugins/wazuh-analysis/public/groups/endpoint-security/apps/configuration-assesment/application.tsx +++ b/plugins/wazuh-analysis/public/groups/endpoint-security/apps/configuration-assesment/application.tsx @@ -1,16 +1,18 @@ import React from 'react'; -import ReactDOM from 'react-dom'; import { AppMountParameters } from 'opensearch-dashboards/public'; -import { createEndpointSecurityNavItems } from '../../nav-items'; +import ReactDOM from 'react-dom'; +import { EndpointSecurityNavGroup } from '../..'; +import { Layout } from '../../../layout'; +import { createSideNavItems } from '../../../side-nav'; import { CONFIGURATION_ASSESSMENT_ID, ENDPOINT_SECURITY_TITLE, } from '../../constants'; -import { Layout } from '../../../layout'; import { ConfigurationAssessmentApp } from './configuration-assesment-app'; export const renderApp = async (params: AppMountParameters) => { - const items = createEndpointSecurityNavItems({ + const items = createSideNavItems({ + group: EndpointSecurityNavGroup, selectedAppId: CONFIGURATION_ASSESSMENT_ID, }); diff --git a/plugins/wazuh-analysis/public/groups/endpoint-security/apps/fim/application.tsx b/plugins/wazuh-analysis/public/groups/endpoint-security/apps/fim/application.tsx index bfb9e9ca26..5f6153e0fa 100644 --- a/plugins/wazuh-analysis/public/groups/endpoint-security/apps/fim/application.tsx +++ b/plugins/wazuh-analysis/public/groups/endpoint-security/apps/fim/application.tsx @@ -1,13 +1,15 @@ import React from 'react'; -import ReactDOM from 'react-dom'; import { AppMountParameters } from 'opensearch-dashboards/public'; +import ReactDOM from 'react-dom'; +import { EndpointSecurityNavGroup } from '../..'; import { Layout } from '../../../layout'; +import { createSideNavItems } from '../../../side-nav'; import { ENDPOINT_SECURITY_TITLE, FIM_ID } from '../../constants'; -import { createEndpointSecurityNavItems } from '../../nav-items'; import { FimApp } from './fim-app'; export const renderApp = async (params: AppMountParameters) => { - const items = createEndpointSecurityNavItems({ + const items = createSideNavItems({ + group: EndpointSecurityNavGroup, selectedAppId: FIM_ID, }); diff --git a/plugins/wazuh-analysis/public/groups/endpoint-security/apps/malware-detection/application.tsx b/plugins/wazuh-analysis/public/groups/endpoint-security/apps/malware-detection/application.tsx index ec4f1d70b6..44b8fd8cbc 100644 --- a/plugins/wazuh-analysis/public/groups/endpoint-security/apps/malware-detection/application.tsx +++ b/plugins/wazuh-analysis/public/groups/endpoint-security/apps/malware-detection/application.tsx @@ -1,13 +1,15 @@ import React from 'react'; -import ReactDOM from 'react-dom'; import { AppMountParameters } from 'opensearch-dashboards/public'; -import { ENDPOINT_SECURITY_TITLE, MALWARE_DETECTION_ID } from '../../constants'; -import { createEndpointSecurityNavItems } from '../../nav-items'; +import ReactDOM from 'react-dom'; +import { EndpointSecurityNavGroup } from '../..'; import { Layout } from '../../../layout'; +import { createSideNavItems } from '../../../side-nav'; +import { ENDPOINT_SECURITY_TITLE, MALWARE_DETECTION_ID } from '../../constants'; import { MalwareDetectionApp } from './malware-detection-app'; export const renderApp = async (params: AppMountParameters) => { - const items = createEndpointSecurityNavItems({ + const items = createSideNavItems({ + group: EndpointSecurityNavGroup, selectedAppId: MALWARE_DETECTION_ID, }); diff --git a/plugins/wazuh-analysis/public/groups/endpoint-security/nav-items.ts b/plugins/wazuh-analysis/public/groups/endpoint-security/nav-items.ts deleted file mode 100644 index d2cd2e9e70..0000000000 --- a/plugins/wazuh-analysis/public/groups/endpoint-security/nav-items.ts +++ /dev/null @@ -1,22 +0,0 @@ -import { EuiSideNavItemType, htmlIdGenerator } from '@elastic/eui'; -import { App } from 'opensearch-dashboards/public'; -import { createSideNavItems } from '../side-nav'; -import { ENDPOINT_SECURITY_ID, ENDPOINT_SECURITY_TITLE } from './constants'; -import { getEndpointSecurityApps } from './applications'; - -interface Props { - selectedAppId?: App['id']; -} - -export function createEndpointSecurityNavItems( - props?: Props, -): EuiSideNavItemType[] { - const items: EuiSideNavItemType[] = createSideNavItems( - htmlIdGenerator(ENDPOINT_SECURITY_ID)(), - ENDPOINT_SECURITY_TITLE, - getEndpointSecurityApps(), - props?.selectedAppId, - ); - - return items; -} diff --git a/plugins/wazuh-analysis/public/groups/side-nav.tsx b/plugins/wazuh-analysis/public/groups/side-nav.tsx index c111c2afdd..5e229dc8f0 100644 --- a/plugins/wazuh-analysis/public/groups/side-nav.tsx +++ b/plugins/wazuh-analysis/public/groups/side-nav.tsx @@ -1,18 +1,19 @@ -import { EuiSideNavItemType } from '@elastic/eui'; +import { EuiSideNavItemType, htmlIdGenerator } from '@elastic/eui'; import { App } from 'opensearch-dashboards/public'; import { getCore } from '../plugin-services'; +import { Group } from './types'; -export function createSideNavItems( - id: string, - name: string, - apps: App[], - selectedAppId?: App['id'], -) { +interface Options { + group: Group; + selectedAppId?: App['id']; +} + +export function createSideNavItems({ group, selectedAppId }: Options) { const items: EuiSideNavItemType[] = [ { - name, - id, - items: apps.map(app => ({ + id: htmlIdGenerator(group.getId())(), + name: group.getTitle(), + items: group.getApps().map(app => ({ id: app.id, name: app.title, onClick: () => getCore().application.navigateToApp(app.id), From 4651cbf95460be1a9022c519f08a3cab570ede90 Mon Sep 17 00:00:00 2001 From: Guido Modarelli Date: Thu, 6 Feb 2025 13:14:56 -0300 Subject: [PATCH 138/212] feat: implement regulatory compliance app with dedicated rendering and link to security operations navigation group --- .../security-operations/applications.ts | 6 +++-- .../regulatory-compliance/application.tsx | 27 +++++++++++++++++++ .../regulatory-compliance-app.tsx | 11 ++++++++ .../groups/security-operations/index.ts | 14 +++++++--- 4 files changed, 52 insertions(+), 6 deletions(-) create mode 100644 plugins/wazuh-analysis/public/groups/security-operations/apps/regulatory-compliance/application.tsx create mode 100644 plugins/wazuh-analysis/public/groups/security-operations/apps/regulatory-compliance/regulatory-compliance-app.tsx diff --git a/plugins/wazuh-analysis/public/groups/security-operations/applications.ts b/plugins/wazuh-analysis/public/groups/security-operations/applications.ts index 271bcf0473..786b5cfe24 100644 --- a/plugins/wazuh-analysis/public/groups/security-operations/applications.ts +++ b/plugins/wazuh-analysis/public/groups/security-operations/applications.ts @@ -22,9 +22,11 @@ export function getSecurityOperationsApps(updater$?: Subject) { updater$, mount: async (params: AppMountParameters) => { // TODO: Implement the regulatory compliance application - const { renderApp } = await import('../../application'); + const { renderApp } = await import( + './apps/regulatory-compliance/application' + ); - return await renderApp(params, {}); + return await renderApp(params); }, }, { diff --git a/plugins/wazuh-analysis/public/groups/security-operations/apps/regulatory-compliance/application.tsx b/plugins/wazuh-analysis/public/groups/security-operations/apps/regulatory-compliance/application.tsx new file mode 100644 index 0000000000..7ff146d588 --- /dev/null +++ b/plugins/wazuh-analysis/public/groups/security-operations/apps/regulatory-compliance/application.tsx @@ -0,0 +1,27 @@ +import React from 'react'; +import { AppMountParameters } from 'opensearch-dashboards/public'; +import ReactDOM from 'react-dom'; +import { SecurityOperationsNavGroup } from '../..'; +import { Layout } from '../../../layout'; +import { createSideNavItems } from '../../../side-nav'; +import { + REGULATORY_COMPLIANCE_ID, + SECURITY_OPERATIONS_ID, +} from '../../constants'; +import { RegulatoryComplianceApp } from './regulatory-compliance-app'; + +export const renderApp = async (params: AppMountParameters) => { + const items = createSideNavItems({ + group: SecurityOperationsNavGroup, + selectedAppId: REGULATORY_COMPLIANCE_ID, + }); + + ReactDOM.render( + + + , + params.element, + ); + + return () => ReactDOM.unmountComponentAtNode(params.element); +}; diff --git a/plugins/wazuh-analysis/public/groups/security-operations/apps/regulatory-compliance/regulatory-compliance-app.tsx b/plugins/wazuh-analysis/public/groups/security-operations/apps/regulatory-compliance/regulatory-compliance-app.tsx new file mode 100644 index 0000000000..3024c7f24b --- /dev/null +++ b/plugins/wazuh-analysis/public/groups/security-operations/apps/regulatory-compliance/regulatory-compliance-app.tsx @@ -0,0 +1,11 @@ +import React from 'react'; +import { AppMountParameters } from 'opensearch-dashboards/public'; +import { REGULATORY_COMPLIANCE_TITLE } from '../../constants'; + +interface RegulatoryComplianceProps { + params: AppMountParameters; +} + +export const RegulatoryComplianceApp = (_props: RegulatoryComplianceProps) => ( + <>{REGULATORY_COMPLIANCE_TITLE} App +); diff --git a/plugins/wazuh-analysis/public/groups/security-operations/index.ts b/plugins/wazuh-analysis/public/groups/security-operations/index.ts index 72dd5e69b4..d3f613790c 100644 --- a/plugins/wazuh-analysis/public/groups/security-operations/index.ts +++ b/plugins/wazuh-analysis/public/groups/security-operations/index.ts @@ -8,6 +8,7 @@ import { } from '../../../../../src/core/public'; import { CATEGORY } from '../category'; import { Group } from '../types'; +import { getCore } from '../../plugin-services'; import { getSecurityOperationsApps } from './applications'; import { SECURITY_OPERATIONS_DESCRIPTION, @@ -34,10 +35,15 @@ export const SecurityOperationsNavGroup: Group = id: SECURITY_OPERATIONS_ID, title: SECURITY_OPERATIONS_TITLE, category: CATEGORY, - mount: - async (_params: AppMountParameters) => - // TODO: Implement the security operations application - () => {}, + mount: async (_params: AppMountParameters) => { + if (!getCore().chrome.navGroup.getNavGroupEnabled()) { + getCore().application.navigateToApp( + getSecurityOperationsApps()[0].id, + ); + } + + return () => {}; + }, }; }, From 7098c8dd8e3f601ff4fa75a228d70d910ab91499 Mon Sep 17 00:00:00 2001 From: Guido Modarelli Date: Thu, 6 Feb 2025 13:17:54 -0300 Subject: [PATCH 139/212] feat: add IT hygiene application with dedicated rendering and integrate into security operations navigation group --- .../security-operations/applications.ts | 4 ++-- .../apps/it-hygiene/application.tsx | 24 +++++++++++++++++++ .../apps/it-hygiene/it-hygiene-app.tsx | 11 +++++++++ 3 files changed, 37 insertions(+), 2 deletions(-) create mode 100644 plugins/wazuh-analysis/public/groups/security-operations/apps/it-hygiene/application.tsx create mode 100644 plugins/wazuh-analysis/public/groups/security-operations/apps/it-hygiene/it-hygiene-app.tsx diff --git a/plugins/wazuh-analysis/public/groups/security-operations/applications.ts b/plugins/wazuh-analysis/public/groups/security-operations/applications.ts index 786b5cfe24..87e8be6dff 100644 --- a/plugins/wazuh-analysis/public/groups/security-operations/applications.ts +++ b/plugins/wazuh-analysis/public/groups/security-operations/applications.ts @@ -36,9 +36,9 @@ export function getSecurityOperationsApps(updater$?: Subject) { updater$, mount: async (params: AppMountParameters) => { // TODO: Implement the it hygiene application - const { renderApp } = await import('../../application'); + const { renderApp } = await import('./apps/it-hygiene/application'); - return await renderApp(params, {}); + return await renderApp(params); }, }, { diff --git a/plugins/wazuh-analysis/public/groups/security-operations/apps/it-hygiene/application.tsx b/plugins/wazuh-analysis/public/groups/security-operations/apps/it-hygiene/application.tsx new file mode 100644 index 0000000000..f43edefb58 --- /dev/null +++ b/plugins/wazuh-analysis/public/groups/security-operations/apps/it-hygiene/application.tsx @@ -0,0 +1,24 @@ +import React from 'react'; +import { AppMountParameters } from 'opensearch-dashboards/public'; +import ReactDOM from 'react-dom'; +import { SecurityOperationsNavGroup } from '../..'; +import { Layout } from '../../../layout'; +import { createSideNavItems } from '../../../side-nav'; +import { IT_HYGIENE_ID, SECURITY_OPERATIONS_ID } from '../../constants'; +import { ItHygieneApp } from './it-hygiene-app'; + +export const renderApp = async (params: AppMountParameters) => { + const items = createSideNavItems({ + group: SecurityOperationsNavGroup, + selectedAppId: IT_HYGIENE_ID, + }); + + ReactDOM.render( + + + , + params.element, + ); + + return () => ReactDOM.unmountComponentAtNode(params.element); +}; diff --git a/plugins/wazuh-analysis/public/groups/security-operations/apps/it-hygiene/it-hygiene-app.tsx b/plugins/wazuh-analysis/public/groups/security-operations/apps/it-hygiene/it-hygiene-app.tsx new file mode 100644 index 0000000000..e75491ebee --- /dev/null +++ b/plugins/wazuh-analysis/public/groups/security-operations/apps/it-hygiene/it-hygiene-app.tsx @@ -0,0 +1,11 @@ +import React from 'react'; +import { AppMountParameters } from 'opensearch-dashboards/public'; +import { IT_HYGIENE_TITLE } from '../../constants'; + +interface ItHygieneProps { + params: AppMountParameters; +} + +export const ItHygieneApp = (_props: ItHygieneProps) => ( + <>{IT_HYGIENE_TITLE} App +); From 1d64a9bee717f1dbd158be9681f3b6600116988f Mon Sep 17 00:00:00 2001 From: Guido Modarelli Date: Thu, 6 Feb 2025 13:52:57 -0300 Subject: [PATCH 140/212] refactor: remove TODO comments for unimplemented applications in endpoint security apps module --- .../public/groups/endpoint-security/applications.ts | 3 --- 1 file changed, 3 deletions(-) diff --git a/plugins/wazuh-analysis/public/groups/endpoint-security/applications.ts b/plugins/wazuh-analysis/public/groups/endpoint-security/applications.ts index a36e177593..52a2ef294b 100644 --- a/plugins/wazuh-analysis/public/groups/endpoint-security/applications.ts +++ b/plugins/wazuh-analysis/public/groups/endpoint-security/applications.ts @@ -22,7 +22,6 @@ export function getEndpointSecurityApps(updater$?: Subject): App[] { navLinkStatus: AppNavLinkStatus.hidden, updater$, mount: async (params: AppMountParameters) => { - // TODO: Implement the configuration assessment application const { renderApp } = await import( './apps/configuration-assesment/application' ); @@ -36,7 +35,6 @@ export function getEndpointSecurityApps(updater$?: Subject): App[] { navLinkStatus: AppNavLinkStatus.hidden, updater$, mount: async (params: AppMountParameters) => { - // TODO: Implement the malware detection application const { renderApp } = await import( './apps/malware-detection/application' ); @@ -50,7 +48,6 @@ export function getEndpointSecurityApps(updater$?: Subject): App[] { navLinkStatus: AppNavLinkStatus.hidden, updater$, mount: async (params: AppMountParameters) => { - // TODO: Implement the fim application const { renderApp } = await import('./apps/fim/application'); return await renderApp(params); From 303bab46dc00c7a137f421af0fb572b01fb8a950 Mon Sep 17 00:00:00 2001 From: Guido Modarelli Date: Thu, 6 Feb 2025 13:53:35 -0300 Subject: [PATCH 141/212] refactor: remove TODO comments for incident response application and update import path in security operations apps module --- .../public/groups/security-operations/applications.ts | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/plugins/wazuh-analysis/public/groups/security-operations/applications.ts b/plugins/wazuh-analysis/public/groups/security-operations/applications.ts index 87e8be6dff..3998310e73 100644 --- a/plugins/wazuh-analysis/public/groups/security-operations/applications.ts +++ b/plugins/wazuh-analysis/public/groups/security-operations/applications.ts @@ -21,7 +21,6 @@ export function getSecurityOperationsApps(updater$?: Subject) { navLinkStatus: AppNavLinkStatus.hidden, updater$, mount: async (params: AppMountParameters) => { - // TODO: Implement the regulatory compliance application const { renderApp } = await import( './apps/regulatory-compliance/application' ); @@ -35,7 +34,6 @@ export function getSecurityOperationsApps(updater$?: Subject) { navLinkStatus: AppNavLinkStatus.hidden, updater$, mount: async (params: AppMountParameters) => { - // TODO: Implement the it hygiene application const { renderApp } = await import('./apps/it-hygiene/application'); return await renderApp(params); @@ -47,10 +45,11 @@ export function getSecurityOperationsApps(updater$?: Subject) { navLinkStatus: AppNavLinkStatus.hidden, updater$, mount: async (params: AppMountParameters) => { - // TODO: Implement the incident response application - const { renderApp } = await import('../../application'); + const { renderApp } = await import( + './apps/incident-response/application' + ); - return await renderApp(params, {}); + return await renderApp(params); }, }, ]; From 5608cf5eb88ce6ede7a8f8f1f7ce5d644daada78 Mon Sep 17 00:00:00 2001 From: Guido Modarelli Date: Thu, 6 Feb 2025 14:08:27 -0300 Subject: [PATCH 142/212] feat: implement incident response application with rendering logic and integrate into security operations navigation group --- .../apps/incident-response/application.tsx | 27 +++++++++++++++++++ .../incident-response-app.tsx | 11 ++++++++ 2 files changed, 38 insertions(+) create mode 100644 plugins/wazuh-analysis/public/groups/security-operations/apps/incident-response/application.tsx create mode 100644 plugins/wazuh-analysis/public/groups/security-operations/apps/incident-response/incident-response-app.tsx diff --git a/plugins/wazuh-analysis/public/groups/security-operations/apps/incident-response/application.tsx b/plugins/wazuh-analysis/public/groups/security-operations/apps/incident-response/application.tsx new file mode 100644 index 0000000000..0e6d0c0085 --- /dev/null +++ b/plugins/wazuh-analysis/public/groups/security-operations/apps/incident-response/application.tsx @@ -0,0 +1,27 @@ +import React from 'react'; +import { AppMountParameters } from 'opensearch-dashboards/public'; +import ReactDOM from 'react-dom'; +import { SecurityOperationsNavGroup } from '../..'; +import { Layout } from '../../../layout'; +import { createSideNavItems } from '../../../side-nav'; +import { + INCIDENT_RESPONSE_ID, + SECURITY_OPERATIONS_TITLE, +} from '../../constants'; +import { IncidentResponseApp } from './incident-response-app'; + +export const renderApp = async (params: AppMountParameters) => { + const items = createSideNavItems({ + group: SecurityOperationsNavGroup, + selectedAppId: INCIDENT_RESPONSE_ID, + }); + + ReactDOM.render( + + + , + params.element, + ); + + return () => ReactDOM.unmountComponentAtNode(params.element); +}; diff --git a/plugins/wazuh-analysis/public/groups/security-operations/apps/incident-response/incident-response-app.tsx b/plugins/wazuh-analysis/public/groups/security-operations/apps/incident-response/incident-response-app.tsx new file mode 100644 index 0000000000..9461d4f13c --- /dev/null +++ b/plugins/wazuh-analysis/public/groups/security-operations/apps/incident-response/incident-response-app.tsx @@ -0,0 +1,11 @@ +import React from 'react'; +import { AppMountParameters } from 'opensearch-dashboards/public'; +import { INCIDENT_RESPONSE_TITLE } from '../../constants'; + +interface IncidentResponseProps { + params: AppMountParameters; +} + +export const IncidentResponseApp = (_props: IncidentResponseProps) => ( + <>{INCIDENT_RESPONSE_TITLE} App +); From e89412da438e0841404c4354b525c01375aeddd5 Mon Sep 17 00:00:00 2001 From: Guido Modarelli Date: Thu, 6 Feb 2025 14:08:47 -0300 Subject: [PATCH 143/212] fix: update SECURITY_OPERATIONS_ID to SECURITY_OPERATIONS_TITLE in IT Hygiene and Regulatory Compliance apps for consistency --- .../security-operations/apps/it-hygiene/application.tsx | 4 ++-- .../apps/regulatory-compliance/application.tsx | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/plugins/wazuh-analysis/public/groups/security-operations/apps/it-hygiene/application.tsx b/plugins/wazuh-analysis/public/groups/security-operations/apps/it-hygiene/application.tsx index f43edefb58..feaedc7263 100644 --- a/plugins/wazuh-analysis/public/groups/security-operations/apps/it-hygiene/application.tsx +++ b/plugins/wazuh-analysis/public/groups/security-operations/apps/it-hygiene/application.tsx @@ -4,7 +4,7 @@ import ReactDOM from 'react-dom'; import { SecurityOperationsNavGroup } from '../..'; import { Layout } from '../../../layout'; import { createSideNavItems } from '../../../side-nav'; -import { IT_HYGIENE_ID, SECURITY_OPERATIONS_ID } from '../../constants'; +import { IT_HYGIENE_ID, SECURITY_OPERATIONS_TITLE } from '../../constants'; import { ItHygieneApp } from './it-hygiene-app'; export const renderApp = async (params: AppMountParameters) => { @@ -14,7 +14,7 @@ export const renderApp = async (params: AppMountParameters) => { }); ReactDOM.render( - + , params.element, diff --git a/plugins/wazuh-analysis/public/groups/security-operations/apps/regulatory-compliance/application.tsx b/plugins/wazuh-analysis/public/groups/security-operations/apps/regulatory-compliance/application.tsx index 7ff146d588..8daf394ed3 100644 --- a/plugins/wazuh-analysis/public/groups/security-operations/apps/regulatory-compliance/application.tsx +++ b/plugins/wazuh-analysis/public/groups/security-operations/apps/regulatory-compliance/application.tsx @@ -6,7 +6,7 @@ import { Layout } from '../../../layout'; import { createSideNavItems } from '../../../side-nav'; import { REGULATORY_COMPLIANCE_ID, - SECURITY_OPERATIONS_ID, + SECURITY_OPERATIONS_TITLE, } from '../../constants'; import { RegulatoryComplianceApp } from './regulatory-compliance-app'; @@ -17,7 +17,7 @@ export const renderApp = async (params: AppMountParameters) => { }); ReactDOM.render( - + , params.element, From b707ae074fb558874a3a11a9ddfafd5dd02f4eab Mon Sep 17 00:00:00 2001 From: Guido Modarelli Date: Thu, 6 Feb 2025 14:25:39 -0300 Subject: [PATCH 144/212] feat: implement MITRE ATT&CK application with rendering logic and integrate into threat intelligence navigation group --- .../threat-intelligence/applications.ts | 5 ++-- .../apps/mitre-att&ck/application.tsx | 24 +++++++++++++++++++ .../apps/mitre-att&ck/mitre-att&ck-app.tsx | 11 +++++++++ 3 files changed, 37 insertions(+), 3 deletions(-) create mode 100644 plugins/wazuh-analysis/public/groups/threat-intelligence/apps/mitre-att&ck/application.tsx create mode 100644 plugins/wazuh-analysis/public/groups/threat-intelligence/apps/mitre-att&ck/mitre-att&ck-app.tsx diff --git a/plugins/wazuh-analysis/public/groups/threat-intelligence/applications.ts b/plugins/wazuh-analysis/public/groups/threat-intelligence/applications.ts index 372b611ea4..1e68061f74 100644 --- a/plugins/wazuh-analysis/public/groups/threat-intelligence/applications.ts +++ b/plugins/wazuh-analysis/public/groups/threat-intelligence/applications.ts @@ -21,10 +21,9 @@ export function getThreatIntelligenceApps(updater$?: Subject) { navLinkStatus: AppNavLinkStatus.hidden, updater$, mount: async (params: AppMountParameters) => { - // TODO: Implement the threat hunting application - const { renderApp } = await import('../../application'); + const { renderApp } = await import('./apps/mitre-att&ck/application'); - return await renderApp(params, {}); + return await renderApp(params); }, }, { diff --git a/plugins/wazuh-analysis/public/groups/threat-intelligence/apps/mitre-att&ck/application.tsx b/plugins/wazuh-analysis/public/groups/threat-intelligence/apps/mitre-att&ck/application.tsx new file mode 100644 index 0000000000..4781befcdb --- /dev/null +++ b/plugins/wazuh-analysis/public/groups/threat-intelligence/apps/mitre-att&ck/application.tsx @@ -0,0 +1,24 @@ +import React from 'react'; +import { AppMountParameters } from 'opensearch-dashboards/public'; +import ReactDOM from 'react-dom'; +import { ThreatIntelligenceNavGroup } from '../..'; +import { Layout } from '../../../layout'; +import { createSideNavItems } from '../../../side-nav'; +import { MITRE_ATTACK_ID, THREAT_HUNTING_TITLE } from '../../constants'; +import { MitreAttackApp } from './mitre-att&ck-app'; + +export const renderApp = async (params: AppMountParameters) => { + const items = createSideNavItems({ + group: ThreatIntelligenceNavGroup, + selectedAppId: MITRE_ATTACK_ID, + }); + + ReactDOM.render( + + + , + params.element, + ); + + return () => ReactDOM.unmountComponentAtNode(params.element); +}; diff --git a/plugins/wazuh-analysis/public/groups/threat-intelligence/apps/mitre-att&ck/mitre-att&ck-app.tsx b/plugins/wazuh-analysis/public/groups/threat-intelligence/apps/mitre-att&ck/mitre-att&ck-app.tsx new file mode 100644 index 0000000000..035ad96952 --- /dev/null +++ b/plugins/wazuh-analysis/public/groups/threat-intelligence/apps/mitre-att&ck/mitre-att&ck-app.tsx @@ -0,0 +1,11 @@ +import React from 'react'; +import { AppMountParameters } from 'opensearch-dashboards/public'; +import { MITRE_ATTACK_TITLE } from '../../constants'; + +interface MitreAttackProps { + params: AppMountParameters; +} + +export const MitreAttackApp = (_props: MitreAttackProps) => ( + <>{MITRE_ATTACK_TITLE} App +); From d122b164752f0a265af27c79341b5585cffa9e9c Mon Sep 17 00:00:00 2001 From: Guido Modarelli Date: Thu, 6 Feb 2025 14:26:56 -0300 Subject: [PATCH 145/212] feat: enhance threat intelligence nav group to navigate to app based on nav group status in mount function --- .../public/groups/threat-intelligence/index.ts | 14 ++++++++++---- 1 file changed, 10 insertions(+), 4 deletions(-) diff --git a/plugins/wazuh-analysis/public/groups/threat-intelligence/index.ts b/plugins/wazuh-analysis/public/groups/threat-intelligence/index.ts index 736013915d..5e88970c50 100644 --- a/plugins/wazuh-analysis/public/groups/threat-intelligence/index.ts +++ b/plugins/wazuh-analysis/public/groups/threat-intelligence/index.ts @@ -8,6 +8,7 @@ import { } from '../../../../../src/core/public'; import { CATEGORY } from '../category'; import { Group } from '../types'; +import { getCore } from '../../plugin-services'; import { getThreatIntelligenceApps } from './applications'; import { THREAT_INTELLIGENCE_DESCRIPTION, @@ -34,10 +35,15 @@ export const ThreatIntelligenceNavGroup: Group = id: THREAT_INTELLIGENCE_ID, title: THREAT_INTELLIGENCE_TITLE, category: CATEGORY, - mount: - async (_params: AppMountParameters) => - // TODO: Implement the threat intelligence application - () => {}, + mount: async (_params: AppMountParameters) => { + if (!getCore().chrome.navGroup.getNavGroupEnabled()) { + getCore().application.navigateToApp( + getThreatIntelligenceApps()[0].id, + ); + } + + return () => {}; + }, }; }, From 09d9a86d17a87f7d48bd8ca07cd9cb137c9ac7ef Mon Sep 17 00:00:00 2001 From: Guido Modarelli Date: Thu, 6 Feb 2025 14:34:53 -0300 Subject: [PATCH 146/212] Fix import path and update title for MITRE attack app --- .../public/groups/threat-intelligence/applications.ts | 5 ++--- .../threat-intelligence/apps/mitre-att&ck/application.tsx | 4 ++-- 2 files changed, 4 insertions(+), 5 deletions(-) diff --git a/plugins/wazuh-analysis/public/groups/threat-intelligence/applications.ts b/plugins/wazuh-analysis/public/groups/threat-intelligence/applications.ts index 1e68061f74..bf7d89e3c8 100644 --- a/plugins/wazuh-analysis/public/groups/threat-intelligence/applications.ts +++ b/plugins/wazuh-analysis/public/groups/threat-intelligence/applications.ts @@ -44,10 +44,9 @@ export function getThreatIntelligenceApps(updater$?: Subject) { navLinkStatus: AppNavLinkStatus.hidden, updater$, mount: async (params: AppMountParameters) => { - // TODO: Implement the mitre attack application - const { renderApp } = await import('../../application'); + const { renderApp } = await import('./apps/mitre-att&ck/application'); - return await renderApp(params, {}); + return await renderApp(params); }, }, ]; diff --git a/plugins/wazuh-analysis/public/groups/threat-intelligence/apps/mitre-att&ck/application.tsx b/plugins/wazuh-analysis/public/groups/threat-intelligence/apps/mitre-att&ck/application.tsx index 4781befcdb..6a57f27280 100644 --- a/plugins/wazuh-analysis/public/groups/threat-intelligence/apps/mitre-att&ck/application.tsx +++ b/plugins/wazuh-analysis/public/groups/threat-intelligence/apps/mitre-att&ck/application.tsx @@ -4,7 +4,7 @@ import ReactDOM from 'react-dom'; import { ThreatIntelligenceNavGroup } from '../..'; import { Layout } from '../../../layout'; import { createSideNavItems } from '../../../side-nav'; -import { MITRE_ATTACK_ID, THREAT_HUNTING_TITLE } from '../../constants'; +import { MITRE_ATTACK_ID, THREAT_INTELLIGENCE_TITLE } from '../../constants'; import { MitreAttackApp } from './mitre-att&ck-app'; export const renderApp = async (params: AppMountParameters) => { @@ -14,7 +14,7 @@ export const renderApp = async (params: AppMountParameters) => { }); ReactDOM.render( - + , params.element, From 273c8f0a45a40e4f21865e9581a3824218f8dda5 Mon Sep 17 00:00:00 2001 From: Guido Modarelli Date: Thu, 6 Feb 2025 14:55:40 -0300 Subject: [PATCH 147/212] Add threat-hunting application to threat intelligence group --- .../threat-intelligence/applications.ts | 2 +- .../apps/threat-hunting/application.tsx | 24 +++++++++++++++++++ .../threat-hunting/threat-hunting-app.tsx | 11 +++++++++ 3 files changed, 36 insertions(+), 1 deletion(-) create mode 100644 plugins/wazuh-analysis/public/groups/threat-intelligence/apps/threat-hunting/application.tsx create mode 100644 plugins/wazuh-analysis/public/groups/threat-intelligence/apps/threat-hunting/threat-hunting-app.tsx diff --git a/plugins/wazuh-analysis/public/groups/threat-intelligence/applications.ts b/plugins/wazuh-analysis/public/groups/threat-intelligence/applications.ts index bf7d89e3c8..4c5bc7acef 100644 --- a/plugins/wazuh-analysis/public/groups/threat-intelligence/applications.ts +++ b/plugins/wazuh-analysis/public/groups/threat-intelligence/applications.ts @@ -21,7 +21,7 @@ export function getThreatIntelligenceApps(updater$?: Subject) { navLinkStatus: AppNavLinkStatus.hidden, updater$, mount: async (params: AppMountParameters) => { - const { renderApp } = await import('./apps/mitre-att&ck/application'); + const { renderApp } = await import('./apps/threat-hunting/application'); return await renderApp(params); }, diff --git a/plugins/wazuh-analysis/public/groups/threat-intelligence/apps/threat-hunting/application.tsx b/plugins/wazuh-analysis/public/groups/threat-intelligence/apps/threat-hunting/application.tsx new file mode 100644 index 0000000000..7e49ce79f6 --- /dev/null +++ b/plugins/wazuh-analysis/public/groups/threat-intelligence/apps/threat-hunting/application.tsx @@ -0,0 +1,24 @@ +import React from 'react'; +import { AppMountParameters } from 'opensearch-dashboards/public'; +import ReactDOM from 'react-dom'; +import { ThreatIntelligenceNavGroup } from '../..'; +import { Layout } from '../../../layout'; +import { createSideNavItems } from '../../../side-nav'; +import { THREAT_HUNTING_ID, THREAT_INTELLIGENCE_TITLE } from '../../constants'; +import { ThreatHuntingApp } from './threat-hunting-app'; + +export const renderApp = async (params: AppMountParameters) => { + const items = createSideNavItems({ + group: ThreatIntelligenceNavGroup, + selectedAppId: THREAT_HUNTING_ID, + }); + + ReactDOM.render( + + + , + params.element, + ); + + return () => ReactDOM.unmountComponentAtNode(params.element); +}; diff --git a/plugins/wazuh-analysis/public/groups/threat-intelligence/apps/threat-hunting/threat-hunting-app.tsx b/plugins/wazuh-analysis/public/groups/threat-intelligence/apps/threat-hunting/threat-hunting-app.tsx new file mode 100644 index 0000000000..2936f2ed81 --- /dev/null +++ b/plugins/wazuh-analysis/public/groups/threat-intelligence/apps/threat-hunting/threat-hunting-app.tsx @@ -0,0 +1,11 @@ +import React from 'react'; +import { AppMountParameters } from 'opensearch-dashboards/public'; +import { THREAT_HUNTING_TITLE } from '../../constants'; + +interface ThreatHuntingProps { + params: AppMountParameters; +} + +export const ThreatHuntingApp = (_props: ThreatHuntingProps) => ( + <>{THREAT_HUNTING_TITLE} App +); From 1c75521a1c66e8ddd29c1bee737ba46978e56c5e Mon Sep 17 00:00:00 2001 From: Guido Modarelli Date: Thu, 6 Feb 2025 15:01:12 -0300 Subject: [PATCH 148/212] Implement vulnerability detection application structure --- .../threat-intelligence/applications.ts | 7 ++--- .../vulnerability-detection/application.tsx | 27 +++++++++++++++++++ .../vulnerability-detection-app.tsx | 11 ++++++++ 3 files changed, 42 insertions(+), 3 deletions(-) create mode 100644 plugins/wazuh-analysis/public/groups/threat-intelligence/apps/vulnerability-detection/application.tsx create mode 100644 plugins/wazuh-analysis/public/groups/threat-intelligence/apps/vulnerability-detection/vulnerability-detection-app.tsx diff --git a/plugins/wazuh-analysis/public/groups/threat-intelligence/applications.ts b/plugins/wazuh-analysis/public/groups/threat-intelligence/applications.ts index 4c5bc7acef..f3c2efb055 100644 --- a/plugins/wazuh-analysis/public/groups/threat-intelligence/applications.ts +++ b/plugins/wazuh-analysis/public/groups/threat-intelligence/applications.ts @@ -32,10 +32,11 @@ export function getThreatIntelligenceApps(updater$?: Subject) { navLinkStatus: AppNavLinkStatus.hidden, updater$, mount: async (params: AppMountParameters) => { - // TODO: Implement the vulnerability detection application - const { renderApp } = await import('../../application'); + const { renderApp } = await import( + './apps/vulnerability-detection/application' + ); - return await renderApp(params, {}); + return await renderApp(params); }, }, { diff --git a/plugins/wazuh-analysis/public/groups/threat-intelligence/apps/vulnerability-detection/application.tsx b/plugins/wazuh-analysis/public/groups/threat-intelligence/apps/vulnerability-detection/application.tsx new file mode 100644 index 0000000000..2b03c34b72 --- /dev/null +++ b/plugins/wazuh-analysis/public/groups/threat-intelligence/apps/vulnerability-detection/application.tsx @@ -0,0 +1,27 @@ +import React from 'react'; +import { AppMountParameters } from 'opensearch-dashboards/public'; +import ReactDOM from 'react-dom'; +import { ThreatIntelligenceNavGroup } from '../..'; +import { Layout } from '../../../layout'; +import { createSideNavItems } from '../../../side-nav'; +import { + THREAT_INTELLIGENCE_TITLE, + VULNERABILITY_DETECTION_ID, +} from '../../constants'; +import { VulnerabilityDetectionApp } from './vulnerability-detection-app'; + +export const renderApp = async (params: AppMountParameters) => { + const items = createSideNavItems({ + group: ThreatIntelligenceNavGroup, + selectedAppId: VULNERABILITY_DETECTION_ID, + }); + + ReactDOM.render( + + + , + params.element, + ); + + return () => ReactDOM.unmountComponentAtNode(params.element); +}; diff --git a/plugins/wazuh-analysis/public/groups/threat-intelligence/apps/vulnerability-detection/vulnerability-detection-app.tsx b/plugins/wazuh-analysis/public/groups/threat-intelligence/apps/vulnerability-detection/vulnerability-detection-app.tsx new file mode 100644 index 0000000000..e0019de5ec --- /dev/null +++ b/plugins/wazuh-analysis/public/groups/threat-intelligence/apps/vulnerability-detection/vulnerability-detection-app.tsx @@ -0,0 +1,11 @@ +import React from 'react'; +import { AppMountParameters } from 'opensearch-dashboards/public'; +import { VULNERABILITY_DETECTION_TITLE } from '../../constants'; + +interface VulnerabilityDetectionProps { + params: AppMountParameters; +} + +export const VulnerabilityDetectionApp = ( + _props: VulnerabilityDetectionProps, +) => <>{VULNERABILITY_DETECTION_TITLE} App; From 1bda38c07deb32d77801f14eca43f24ebf45a242 Mon Sep 17 00:00:00 2001 From: Guido Modarelli Date: Thu, 6 Feb 2025 15:14:51 -0300 Subject: [PATCH 149/212] Refactor app props naming for consistency across incident response, it hygiene, and compliance apps --- .../apps/incident-response/incident-response-app.tsx | 4 ++-- .../apps/it-hygiene/it-hygiene-app.tsx | 4 ++-- .../regulatory-compliance/regulatory-compliance-app.tsx | 8 ++++---- .../apps/mitre-att&ck/mitre-att&ck-app.tsx | 4 ++-- .../apps/threat-hunting/threat-hunting-app.tsx | 4 ++-- .../vulnerability-detection-app.tsx | 4 ++-- 6 files changed, 14 insertions(+), 14 deletions(-) diff --git a/plugins/wazuh-analysis/public/groups/security-operations/apps/incident-response/incident-response-app.tsx b/plugins/wazuh-analysis/public/groups/security-operations/apps/incident-response/incident-response-app.tsx index 9461d4f13c..fb2673978c 100644 --- a/plugins/wazuh-analysis/public/groups/security-operations/apps/incident-response/incident-response-app.tsx +++ b/plugins/wazuh-analysis/public/groups/security-operations/apps/incident-response/incident-response-app.tsx @@ -2,10 +2,10 @@ import React from 'react'; import { AppMountParameters } from 'opensearch-dashboards/public'; import { INCIDENT_RESPONSE_TITLE } from '../../constants'; -interface IncidentResponseProps { +interface IncidentResponseAppProps { params: AppMountParameters; } -export const IncidentResponseApp = (_props: IncidentResponseProps) => ( +export const IncidentResponseApp = (_props: IncidentResponseAppProps) => ( <>{INCIDENT_RESPONSE_TITLE} App ); diff --git a/plugins/wazuh-analysis/public/groups/security-operations/apps/it-hygiene/it-hygiene-app.tsx b/plugins/wazuh-analysis/public/groups/security-operations/apps/it-hygiene/it-hygiene-app.tsx index e75491ebee..be8da8bed3 100644 --- a/plugins/wazuh-analysis/public/groups/security-operations/apps/it-hygiene/it-hygiene-app.tsx +++ b/plugins/wazuh-analysis/public/groups/security-operations/apps/it-hygiene/it-hygiene-app.tsx @@ -2,10 +2,10 @@ import React from 'react'; import { AppMountParameters } from 'opensearch-dashboards/public'; import { IT_HYGIENE_TITLE } from '../../constants'; -interface ItHygieneProps { +interface ItHygieneAppProps { params: AppMountParameters; } -export const ItHygieneApp = (_props: ItHygieneProps) => ( +export const ItHygieneApp = (_props: ItHygieneAppProps) => ( <>{IT_HYGIENE_TITLE} App ); diff --git a/plugins/wazuh-analysis/public/groups/security-operations/apps/regulatory-compliance/regulatory-compliance-app.tsx b/plugins/wazuh-analysis/public/groups/security-operations/apps/regulatory-compliance/regulatory-compliance-app.tsx index 3024c7f24b..7e84b25b7a 100644 --- a/plugins/wazuh-analysis/public/groups/security-operations/apps/regulatory-compliance/regulatory-compliance-app.tsx +++ b/plugins/wazuh-analysis/public/groups/security-operations/apps/regulatory-compliance/regulatory-compliance-app.tsx @@ -2,10 +2,10 @@ import React from 'react'; import { AppMountParameters } from 'opensearch-dashboards/public'; import { REGULATORY_COMPLIANCE_TITLE } from '../../constants'; -interface RegulatoryComplianceProps { +interface RegulatoryComplianceAppProps { params: AppMountParameters; } -export const RegulatoryComplianceApp = (_props: RegulatoryComplianceProps) => ( - <>{REGULATORY_COMPLIANCE_TITLE} App -); +export const RegulatoryComplianceApp = ( + _props: RegulatoryComplianceAppProps, +) => <>{REGULATORY_COMPLIANCE_TITLE} App; diff --git a/plugins/wazuh-analysis/public/groups/threat-intelligence/apps/mitre-att&ck/mitre-att&ck-app.tsx b/plugins/wazuh-analysis/public/groups/threat-intelligence/apps/mitre-att&ck/mitre-att&ck-app.tsx index 035ad96952..98fb6bbf24 100644 --- a/plugins/wazuh-analysis/public/groups/threat-intelligence/apps/mitre-att&ck/mitre-att&ck-app.tsx +++ b/plugins/wazuh-analysis/public/groups/threat-intelligence/apps/mitre-att&ck/mitre-att&ck-app.tsx @@ -2,10 +2,10 @@ import React from 'react'; import { AppMountParameters } from 'opensearch-dashboards/public'; import { MITRE_ATTACK_TITLE } from '../../constants'; -interface MitreAttackProps { +interface MitreAttackAppProps { params: AppMountParameters; } -export const MitreAttackApp = (_props: MitreAttackProps) => ( +export const MitreAttackApp = (_props: MitreAttackAppProps) => ( <>{MITRE_ATTACK_TITLE} App ); diff --git a/plugins/wazuh-analysis/public/groups/threat-intelligence/apps/threat-hunting/threat-hunting-app.tsx b/plugins/wazuh-analysis/public/groups/threat-intelligence/apps/threat-hunting/threat-hunting-app.tsx index 2936f2ed81..249aa0188b 100644 --- a/plugins/wazuh-analysis/public/groups/threat-intelligence/apps/threat-hunting/threat-hunting-app.tsx +++ b/plugins/wazuh-analysis/public/groups/threat-intelligence/apps/threat-hunting/threat-hunting-app.tsx @@ -2,10 +2,10 @@ import React from 'react'; import { AppMountParameters } from 'opensearch-dashboards/public'; import { THREAT_HUNTING_TITLE } from '../../constants'; -interface ThreatHuntingProps { +interface ThreatHuntingAppProps { params: AppMountParameters; } -export const ThreatHuntingApp = (_props: ThreatHuntingProps) => ( +export const ThreatHuntingApp = (_props: ThreatHuntingAppProps) => ( <>{THREAT_HUNTING_TITLE} App ); diff --git a/plugins/wazuh-analysis/public/groups/threat-intelligence/apps/vulnerability-detection/vulnerability-detection-app.tsx b/plugins/wazuh-analysis/public/groups/threat-intelligence/apps/vulnerability-detection/vulnerability-detection-app.tsx index e0019de5ec..2d9f438539 100644 --- a/plugins/wazuh-analysis/public/groups/threat-intelligence/apps/vulnerability-detection/vulnerability-detection-app.tsx +++ b/plugins/wazuh-analysis/public/groups/threat-intelligence/apps/vulnerability-detection/vulnerability-detection-app.tsx @@ -2,10 +2,10 @@ import React from 'react'; import { AppMountParameters } from 'opensearch-dashboards/public'; import { VULNERABILITY_DETECTION_TITLE } from '../../constants'; -interface VulnerabilityDetectionProps { +interface VulnerabilityDetectionAppProps { params: AppMountParameters; } export const VulnerabilityDetectionApp = ( - _props: VulnerabilityDetectionProps, + _props: VulnerabilityDetectionAppProps, ) => <>{VULNERABILITY_DETECTION_TITLE} App; From 32f2f8868e4b8dbcee5abaa928c62bc94df4b86c Mon Sep 17 00:00:00 2001 From: Guido Modarelli Date: Thu, 6 Feb 2025 15:15:22 -0300 Subject: [PATCH 150/212] Enhance Cloud Security navigation by conditionally redirecting based on nav group status in the mount function --- .../public/groups/cloud-security/index.ts | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/plugins/wazuh-analysis/public/groups/cloud-security/index.ts b/plugins/wazuh-analysis/public/groups/cloud-security/index.ts index 778497def8..a6e4f9e127 100644 --- a/plugins/wazuh-analysis/public/groups/cloud-security/index.ts +++ b/plugins/wazuh-analysis/public/groups/cloud-security/index.ts @@ -8,6 +8,7 @@ import { } from '../../../../../src/core/public'; import { Group } from '../types'; import { CATEGORY } from '../category'; +import { getCore } from '../../plugin-services'; import { getCloudSecurityApps } from './applications'; import { CLOUD_SECURITY_DESCRIPTION, @@ -33,10 +34,13 @@ export const CloudSecurityNavGroup: Group = { id: CLOUD_SECURITY_ID, title: CLOUD_SECURITY_TITLE, category: CATEGORY, - mount: - async (_params: AppMountParameters) => - // TODO: Implement the cloud security application - () => {}, + mount: async (_params: AppMountParameters) => { + if (!getCore().chrome.navGroup.getNavGroupEnabled()) { + getCore().application.navigateToApp(getCloudSecurityApps()[0].id); + } + + return () => {}; + }, }; }, From c57c1b5e4c0d06729c2f928bbb856cb3704495e3 Mon Sep 17 00:00:00 2001 From: Guido Modarelli Date: Thu, 6 Feb 2025 15:16:16 -0300 Subject: [PATCH 151/212] Implement AWS application for cloud security group --- .../groups/cloud-security/applications.ts | 5 ++-- .../cloud-security/apps/aws/application.tsx | 24 +++++++++++++++++++ .../cloud-security/apps/aws/aws-app.tsx | 9 +++++++ 3 files changed, 35 insertions(+), 3 deletions(-) create mode 100644 plugins/wazuh-analysis/public/groups/cloud-security/apps/aws/application.tsx create mode 100644 plugins/wazuh-analysis/public/groups/cloud-security/apps/aws/aws-app.tsx diff --git a/plugins/wazuh-analysis/public/groups/cloud-security/applications.ts b/plugins/wazuh-analysis/public/groups/cloud-security/applications.ts index 2f1003212e..dda732acee 100644 --- a/plugins/wazuh-analysis/public/groups/cloud-security/applications.ts +++ b/plugins/wazuh-analysis/public/groups/cloud-security/applications.ts @@ -37,10 +37,9 @@ export function getCloudSecurityApps(updater$?: Subject) { navLinkStatus: AppNavLinkStatus.hidden, updater$, mount: async (params: AppMountParameters) => { - // TODO: Implement the aws application - const { renderApp } = await import('../../application'); + const { renderApp } = await import('./apps/aws/application'); - return await renderApp(params, {}); + return await renderApp(params); }, }, { diff --git a/plugins/wazuh-analysis/public/groups/cloud-security/apps/aws/application.tsx b/plugins/wazuh-analysis/public/groups/cloud-security/apps/aws/application.tsx new file mode 100644 index 0000000000..0ea0600b18 --- /dev/null +++ b/plugins/wazuh-analysis/public/groups/cloud-security/apps/aws/application.tsx @@ -0,0 +1,24 @@ +import React from 'react'; +import { AppMountParameters } from 'opensearch-dashboards/public'; +import ReactDOM from 'react-dom'; +import { Layout } from '../../../layout'; +import { createSideNavItems } from '../../../side-nav'; +import { AWS_ID, CLOUD_SECURITY_TITLE } from '../../constants'; +import { CloudSecurityNavGroup } from '../..'; +import { AwsApp } from './aws-app'; + +export const renderApp = async (params: AppMountParameters) => { + const items = createSideNavItems({ + group: CloudSecurityNavGroup, + selectedAppId: AWS_ID, + }); + + ReactDOM.render( + + + , + params.element, + ); + + return () => ReactDOM.unmountComponentAtNode(params.element); +}; diff --git a/plugins/wazuh-analysis/public/groups/cloud-security/apps/aws/aws-app.tsx b/plugins/wazuh-analysis/public/groups/cloud-security/apps/aws/aws-app.tsx new file mode 100644 index 0000000000..5493b26752 --- /dev/null +++ b/plugins/wazuh-analysis/public/groups/cloud-security/apps/aws/aws-app.tsx @@ -0,0 +1,9 @@ +import React from 'react'; +import { AppMountParameters } from 'opensearch-dashboards/public'; +import { AWS_TITLE } from '../../constants'; + +interface AwsAppProps { + params: AppMountParameters; +} + +export const AwsApp = (_props: AwsAppProps) => <>{AWS_TITLE} App; From b3540d7776a3139fffed90aad8578964210797bb Mon Sep 17 00:00:00 2001 From: Guido Modarelli Date: Thu, 6 Feb 2025 15:18:27 -0300 Subject: [PATCH 152/212] Add Docker application implementation and render logic for cloud security group in Wazuh analysis plugin --- .../groups/cloud-security/applications.ts | 5 ++-- .../apps/docker/application.tsx | 24 +++++++++++++++++++ .../cloud-security/apps/docker/docker-app.tsx | 9 +++++++ 3 files changed, 35 insertions(+), 3 deletions(-) create mode 100644 plugins/wazuh-analysis/public/groups/cloud-security/apps/docker/application.tsx create mode 100644 plugins/wazuh-analysis/public/groups/cloud-security/apps/docker/docker-app.tsx diff --git a/plugins/wazuh-analysis/public/groups/cloud-security/applications.ts b/plugins/wazuh-analysis/public/groups/cloud-security/applications.ts index dda732acee..254c5e17d8 100644 --- a/plugins/wazuh-analysis/public/groups/cloud-security/applications.ts +++ b/plugins/wazuh-analysis/public/groups/cloud-security/applications.ts @@ -25,10 +25,9 @@ export function getCloudSecurityApps(updater$?: Subject) { navLinkStatus: AppNavLinkStatus.hidden, updater$, mount: async (params: AppMountParameters) => { - // TODO: Implement the docker application - const { renderApp } = await import('../../application'); + const { renderApp } = await import('./apps/docker/application'); - return await renderApp(params, {}); + return await renderApp(params); }, }, { diff --git a/plugins/wazuh-analysis/public/groups/cloud-security/apps/docker/application.tsx b/plugins/wazuh-analysis/public/groups/cloud-security/apps/docker/application.tsx new file mode 100644 index 0000000000..46b681980a --- /dev/null +++ b/plugins/wazuh-analysis/public/groups/cloud-security/apps/docker/application.tsx @@ -0,0 +1,24 @@ +import React from 'react'; +import { AppMountParameters } from 'opensearch-dashboards/public'; +import ReactDOM from 'react-dom'; +import { Layout } from '../../../layout'; +import { createSideNavItems } from '../../../side-nav'; +import { CLOUD_SECURITY_TITLE, DOCKER_ID } from '../../constants'; +import { CloudSecurityNavGroup } from '../..'; +import { DockerApp } from './docker-app'; + +export const renderApp = async (params: AppMountParameters) => { + const items = createSideNavItems({ + group: CloudSecurityNavGroup, + selectedAppId: DOCKER_ID, + }); + + ReactDOM.render( + + + , + params.element, + ); + + return () => ReactDOM.unmountComponentAtNode(params.element); +}; diff --git a/plugins/wazuh-analysis/public/groups/cloud-security/apps/docker/docker-app.tsx b/plugins/wazuh-analysis/public/groups/cloud-security/apps/docker/docker-app.tsx new file mode 100644 index 0000000000..6a76e4b8b8 --- /dev/null +++ b/plugins/wazuh-analysis/public/groups/cloud-security/apps/docker/docker-app.tsx @@ -0,0 +1,9 @@ +import React from 'react'; +import { AppMountParameters } from 'opensearch-dashboards/public'; +import { DOCKER_TITLE } from '../../constants'; + +interface DockerAppProps { + params: AppMountParameters; +} + +export const DockerApp = (_props: DockerAppProps) => <>{DOCKER_TITLE} App; From 5c90483a05dcb9113bbebbecb47f2f733fcc780a Mon Sep 17 00:00:00 2001 From: Guido Modarelli Date: Thu, 6 Feb 2025 15:22:10 -0300 Subject: [PATCH 153/212] Implement Google Cloud application and render logic for cloud security group in Wazuh analysis plugin --- .../groups/cloud-security/applications.ts | 5 ++-- .../apps/google-cloud/application.tsx | 24 +++++++++++++++++++ .../apps/google-cloud/google-cloud-app.tsx | 11 +++++++++ 3 files changed, 37 insertions(+), 3 deletions(-) create mode 100644 plugins/wazuh-analysis/public/groups/cloud-security/apps/google-cloud/application.tsx create mode 100644 plugins/wazuh-analysis/public/groups/cloud-security/apps/google-cloud/google-cloud-app.tsx diff --git a/plugins/wazuh-analysis/public/groups/cloud-security/applications.ts b/plugins/wazuh-analysis/public/groups/cloud-security/applications.ts index 254c5e17d8..0deb0a5758 100644 --- a/plugins/wazuh-analysis/public/groups/cloud-security/applications.ts +++ b/plugins/wazuh-analysis/public/groups/cloud-security/applications.ts @@ -47,10 +47,9 @@ export function getCloudSecurityApps(updater$?: Subject) { navLinkStatus: AppNavLinkStatus.hidden, updater$, mount: async (params: AppMountParameters) => { - // TODO: Implement the google cloud application - const { renderApp } = await import('../../application'); + const { renderApp } = await import('./apps/google-cloud/application'); - return await renderApp(params, {}); + return await renderApp(params); }, }, { diff --git a/plugins/wazuh-analysis/public/groups/cloud-security/apps/google-cloud/application.tsx b/plugins/wazuh-analysis/public/groups/cloud-security/apps/google-cloud/application.tsx new file mode 100644 index 0000000000..b895311898 --- /dev/null +++ b/plugins/wazuh-analysis/public/groups/cloud-security/apps/google-cloud/application.tsx @@ -0,0 +1,24 @@ +import React from 'react'; +import { AppMountParameters } from 'opensearch-dashboards/public'; +import ReactDOM from 'react-dom'; +import { Layout } from '../../../layout'; +import { createSideNavItems } from '../../../side-nav'; +import { CLOUD_SECURITY_TITLE, GOOGLE_CLOUD_ID } from '../../constants'; +import { CloudSecurityNavGroup } from '../..'; +import { GoogleCloudApp } from './google-cloud-app'; + +export const renderApp = async (params: AppMountParameters) => { + const items = createSideNavItems({ + group: CloudSecurityNavGroup, + selectedAppId: GOOGLE_CLOUD_ID, + }); + + ReactDOM.render( + + + , + params.element, + ); + + return () => ReactDOM.unmountComponentAtNode(params.element); +}; diff --git a/plugins/wazuh-analysis/public/groups/cloud-security/apps/google-cloud/google-cloud-app.tsx b/plugins/wazuh-analysis/public/groups/cloud-security/apps/google-cloud/google-cloud-app.tsx new file mode 100644 index 0000000000..3b52068187 --- /dev/null +++ b/plugins/wazuh-analysis/public/groups/cloud-security/apps/google-cloud/google-cloud-app.tsx @@ -0,0 +1,11 @@ +import React from 'react'; +import { AppMountParameters } from 'opensearch-dashboards/public'; +import { GOOGLE_CLOUD_TITLE } from '../../constants'; + +interface GoogleCloudAppProps { + params: AppMountParameters; +} + +export const GoogleCloudApp = (_props: GoogleCloudAppProps) => ( + <>{GOOGLE_CLOUD_TITLE} App +); From cca2d57ba57f415606468b22952975588643f811 Mon Sep 17 00:00:00 2001 From: Guido Modarelli Date: Thu, 6 Feb 2025 15:24:56 -0300 Subject: [PATCH 154/212] Add GitHub application implementation and render logic for cloud security group in Wazuh analysis plugin --- .../groups/cloud-security/applications.ts | 5 ++-- .../apps/github/application.tsx | 24 +++++++++++++++++++ .../cloud-security/apps/github/github-app.tsx | 9 +++++++ 3 files changed, 35 insertions(+), 3 deletions(-) create mode 100644 plugins/wazuh-analysis/public/groups/cloud-security/apps/github/application.tsx create mode 100644 plugins/wazuh-analysis/public/groups/cloud-security/apps/github/github-app.tsx diff --git a/plugins/wazuh-analysis/public/groups/cloud-security/applications.ts b/plugins/wazuh-analysis/public/groups/cloud-security/applications.ts index 0deb0a5758..4286d367c1 100644 --- a/plugins/wazuh-analysis/public/groups/cloud-security/applications.ts +++ b/plugins/wazuh-analysis/public/groups/cloud-security/applications.ts @@ -58,10 +58,9 @@ export function getCloudSecurityApps(updater$?: Subject) { navLinkStatus: AppNavLinkStatus.hidden, updater$, mount: async (params: AppMountParameters) => { - // TODO: Implement the github application - const { renderApp } = await import('../../application'); + const { renderApp } = await import('./apps/github/application'); - return await renderApp(params, {}); + return await renderApp(params); }, }, { diff --git a/plugins/wazuh-analysis/public/groups/cloud-security/apps/github/application.tsx b/plugins/wazuh-analysis/public/groups/cloud-security/apps/github/application.tsx new file mode 100644 index 0000000000..754437bc5e --- /dev/null +++ b/plugins/wazuh-analysis/public/groups/cloud-security/apps/github/application.tsx @@ -0,0 +1,24 @@ +import React from 'react'; +import { AppMountParameters } from 'opensearch-dashboards/public'; +import ReactDOM from 'react-dom'; +import { Layout } from '../../../layout'; +import { createSideNavItems } from '../../../side-nav'; +import { CLOUD_SECURITY_TITLE, GITHUB_ID } from '../../constants'; +import { CloudSecurityNavGroup } from '../..'; +import { GithubApp } from './github-app'; + +export const renderApp = async (params: AppMountParameters) => { + const items = createSideNavItems({ + group: CloudSecurityNavGroup, + selectedAppId: GITHUB_ID, + }); + + ReactDOM.render( + + + , + params.element, + ); + + return () => ReactDOM.unmountComponentAtNode(params.element); +}; diff --git a/plugins/wazuh-analysis/public/groups/cloud-security/apps/github/github-app.tsx b/plugins/wazuh-analysis/public/groups/cloud-security/apps/github/github-app.tsx new file mode 100644 index 0000000000..88a510bf49 --- /dev/null +++ b/plugins/wazuh-analysis/public/groups/cloud-security/apps/github/github-app.tsx @@ -0,0 +1,9 @@ +import React from 'react'; +import { AppMountParameters } from 'opensearch-dashboards/public'; +import { GITHUB_TITLE } from '../../constants'; + +interface GithubAppProps { + params: AppMountParameters; +} + +export const GithubApp = (_props: GithubAppProps) => <>{GITHUB_TITLE} App; From 97b04176857c9070386bcde4fb4f3e4cc0009bf0 Mon Sep 17 00:00:00 2001 From: Guido Modarelli Date: Thu, 6 Feb 2025 15:27:49 -0300 Subject: [PATCH 155/212] Implement Office 365 application and render logic for cloud security group in Wazuh analysis plugin --- .../groups/cloud-security/applications.ts | 5 ++-- .../apps/office-365/application.tsx | 24 +++++++++++++++++++ .../apps/office-365/office-365-app.tsx | 11 +++++++++ 3 files changed, 37 insertions(+), 3 deletions(-) create mode 100644 plugins/wazuh-analysis/public/groups/cloud-security/apps/office-365/application.tsx create mode 100644 plugins/wazuh-analysis/public/groups/cloud-security/apps/office-365/office-365-app.tsx diff --git a/plugins/wazuh-analysis/public/groups/cloud-security/applications.ts b/plugins/wazuh-analysis/public/groups/cloud-security/applications.ts index 4286d367c1..0a66e739b7 100644 --- a/plugins/wazuh-analysis/public/groups/cloud-security/applications.ts +++ b/plugins/wazuh-analysis/public/groups/cloud-security/applications.ts @@ -69,10 +69,9 @@ export function getCloudSecurityApps(updater$?: Subject) { navLinkStatus: AppNavLinkStatus.hidden, updater$, mount: async (params: AppMountParameters) => { - // TODO: Implement the office365 application - const { renderApp } = await import('../../application'); + const { renderApp } = await import('./apps/office-365/application'); - return await renderApp(params, {}); + return await renderApp(params); }, }, ]; diff --git a/plugins/wazuh-analysis/public/groups/cloud-security/apps/office-365/application.tsx b/plugins/wazuh-analysis/public/groups/cloud-security/apps/office-365/application.tsx new file mode 100644 index 0000000000..fbff90d2ab --- /dev/null +++ b/plugins/wazuh-analysis/public/groups/cloud-security/apps/office-365/application.tsx @@ -0,0 +1,24 @@ +import React from 'react'; +import { AppMountParameters } from 'opensearch-dashboards/public'; +import ReactDOM from 'react-dom'; +import { Layout } from '../../../layout'; +import { createSideNavItems } from '../../../side-nav'; +import { CLOUD_SECURITY_TITLE, OFFICE365_ID } from '../../constants'; +import { CloudSecurityNavGroup } from '../..'; +import { Office365App } from './office-365-app'; + +export const renderApp = async (params: AppMountParameters) => { + const items = createSideNavItems({ + group: CloudSecurityNavGroup, + selectedAppId: OFFICE365_ID, + }); + + ReactDOM.render( + + + , + params.element, + ); + + return () => ReactDOM.unmountComponentAtNode(params.element); +}; diff --git a/plugins/wazuh-analysis/public/groups/cloud-security/apps/office-365/office-365-app.tsx b/plugins/wazuh-analysis/public/groups/cloud-security/apps/office-365/office-365-app.tsx new file mode 100644 index 0000000000..ee90053e60 --- /dev/null +++ b/plugins/wazuh-analysis/public/groups/cloud-security/apps/office-365/office-365-app.tsx @@ -0,0 +1,11 @@ +import React from 'react'; +import { AppMountParameters } from 'opensearch-dashboards/public'; +import { OFFICE365_TITLE } from '../../constants'; + +interface Office365AppProps { + params: AppMountParameters; +} + +export const Office365App = (_props: Office365AppProps) => ( + <>{OFFICE365_TITLE} App +); From 11281322b54a61873c6fc35ae0815c34f156eafd Mon Sep 17 00:00:00 2001 From: Guido Modarelli Date: Thu, 6 Feb 2025 17:41:51 -0300 Subject: [PATCH 156/212] Remove unused appBasePath prop from AnalysisApp component in Wazuh analysis plugin for cleaner code --- plugins/wazuh-analysis/public/application.tsx | 8 ++------ plugins/wazuh-analysis/public/components/analysis-app.tsx | 1 - 2 files changed, 2 insertions(+), 7 deletions(-) diff --git a/plugins/wazuh-analysis/public/application.tsx b/plugins/wazuh-analysis/public/application.tsx index f7121d28ac..443feec151 100644 --- a/plugins/wazuh-analysis/public/application.tsx +++ b/plugins/wazuh-analysis/public/application.tsx @@ -7,15 +7,11 @@ import { } from './components/analysis-app'; export const renderApp = async ( - { history, appBasePath, element }: AppMountParameters, + { history, element }: AppMountParameters, dependencies: AnalysisAppDependencies, ) => { ReactDOM.render( - , + , element, ); diff --git a/plugins/wazuh-analysis/public/components/analysis-app.tsx b/plugins/wazuh-analysis/public/components/analysis-app.tsx index bfa6a542b6..05923fbf81 100644 --- a/plugins/wazuh-analysis/public/components/analysis-app.tsx +++ b/plugins/wazuh-analysis/public/components/analysis-app.tsx @@ -5,7 +5,6 @@ import { AppMountParameters } from '../../../../src/core/public'; export interface AnalysisAppDependencies {} interface AnalysisAppProps { - appBasePath: string; history: AppMountParameters['history']; dependencies: AnalysisAppDependencies; } From 491a53996b71266abea92b1f602433b3a87a1268 Mon Sep 17 00:00:00 2001 From: Guido Modarelli Date: Fri, 7 Feb 2025 14:28:00 -0300 Subject: [PATCH 157/212] Enhance ApplicationService with detailed documentation and refine method descriptions for improved clarity and maintainability --- .../services/application/application.ts | 54 ++++++++++++------- 1 file changed, 35 insertions(+), 19 deletions(-) diff --git a/plugins/wazuh-core/public/services/application/application.ts b/plugins/wazuh-core/public/services/application/application.ts index 69578d6b6b..e608c77cb2 100644 --- a/plugins/wazuh-core/public/services/application/application.ts +++ b/plugins/wazuh-core/public/services/application/application.ts @@ -15,19 +15,32 @@ import { AppUpdaterNotFoundError } from './errors/app-updater-not-found-error'; import { AppOperations } from './types'; export class ApplicationService { + /** + * Usage: Used to emit updates (for example, changes in navigation link + * visibility) to registered applications or application groups. + */ private readonly appUpdater$: Partial>> = {}; + /** + * Usage: Used to notify the startup event of an application (or group) and, + * from it, update the application navigation (for example, setting the + * current group and navigating to the first app in the group). + */ private readonly appStartup$ = new Subject(); constructor(private readonly logger?: Logger) {} + /** + * Asynchronously gets the current navigation group. + */ async getCurrentNavGroup(core: CoreStart) { return core.chrome.navGroup.getCurrentNavGroup$().pipe(first()).toPromise(); } /** - * This function creates a new Subject for a specific application updater - * identified by its `appId`. + * Registers (or initializes) an updater for a specific appId (in practice, + * for a navigation group). + * * @param {string} appId - This parameter is a string that represents the * unique identifier of the application for which you want to register an app * updater. @@ -38,12 +51,12 @@ export class ApplicationService { } /** - * This function retrieves the app updater for a specific app ID, throwing an + * This method retrieves the app updater for a specific app ID, throwing an * error if the updater is not found. - * @param {string} appId - This function is used to retrieve an app updater + * @param {string} appId - This method is used to retrieve an app updater * based on the provided `appId`. If the app updater for the specified `appId` * does not exist, it throws an `AppUpdaterNotFoundError` with the `appId` - * @returns This function is returning the app updater object associated with + * @returns This method is returning the app updater object associated with * the provided `appId`. If the app updater object does not exist for the * given `appId`, it will throw an `AppUpdaterNotFoundError` with the `appId` * that was passed as an argument. @@ -60,8 +73,8 @@ export class ApplicationService { } /** - * This function returns an object with the `navLinkStatus` property set to - * `visible` for an App object. + * This method returns a partial object of type App where the navLinkStatus + * property is set to visible. * @returns A partial object of the App interface is being returned with the * property `navLinkStatus` set to `AppNavLinkStatus.visible`. */ @@ -74,8 +87,8 @@ export class ApplicationService { } /** - * This function returns an object with the `navLinkStatus` property set to - * `hidden` for an App object. + * This method returns a partial object with the navLinkStatus property set + * to hidden. * @returns A partial object of the App interface is being returned with the * navLinkStatus property set to AppNavLinkStatus.hidden. */ @@ -87,13 +100,16 @@ export class ApplicationService { }; } + /** + * Extracts the navigation group identifier from the appId. + */ private getNavGroupId(appId: string): string { return appId.split('_%2F')[0]; } /** - * The function initializes navigation group mounts for a list of apps in a - * TypeScript codebase. + * The method initializes and registers the mounting of a set of + * applications that belong to navigation groups. * @param {App[]} apps - This parameter is an array of objects representing * different applications. Each object contains information about a specific * app, such as its ID, name, and mount function. @@ -145,9 +161,8 @@ export class ApplicationService { } /** - * The function initializes mounts for multiple sub applications, allowing for - * preparation (beforeMount) and cleanup operations to be executed before and - * after * mounting each application. + * The method initializes and registers the mounting of sub-applications, + * adding logic for both mounting and cleanup (unmounting). * @param {App[]} apps - This parameter is an array of objects representing * different applications. Each object contains information about a specific * app, such as its ID, name, and mount function. @@ -203,11 +218,12 @@ export class ApplicationService { } /** - * The function subscribes to an observable `appStartup$` and performs certain - * actions based on the received data. + * The method ensures that, after an application starts, the interface updates + * to reflect the active group and automatically redirects the user to the + * first available application in that group. * @param {CoreStart} core - This parameter is an object that provides access * to various services and functionalities within the application. It is - * typically passed in as a parameter to allow the function to interact with + * typically passed in as a parameter to allow the method to interact with * the application's core services, such as navigation, UI components, data * fetching, and more. */ @@ -228,8 +244,8 @@ export class ApplicationService { } /** - * This function navigates to the first app in a specified navigation group if - * it exists. + * This method navigates to the first application (or link) in the specified + * navigation group if it exists. * @param {CoreStart} core - This parameter is an object that provides access * to core services in Kibana, such as application navigation, HTTP requests, * and more. It is typically provided by the Kibana platform to plugins and From 686df300b6f4116ffb28a3c24b8a474762d45ac2 Mon Sep 17 00:00:00 2001 From: Guido Modarelli Date: Fri, 7 Feb 2025 15:22:03 -0300 Subject: [PATCH 158/212] refactor: rename match function to hasMatch for clarity --- .../components/global_search/search-pages-command.tsx | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/plugins/wazuh-analysis/public/components/global_search/search-pages-command.tsx b/plugins/wazuh-analysis/public/components/global_search/search-pages-command.tsx index 5f66e70f20..53e50623c6 100644 --- a/plugins/wazuh-analysis/public/components/global_search/search-pages-command.tsx +++ b/plugins/wazuh-analysis/public/components/global_search/search-pages-command.tsx @@ -7,7 +7,7 @@ import { first } from 'rxjs/operators'; import React, { ReactNode } from 'react'; import { GlobalSearchPageItem } from './global-search-page-item'; -function match(title: string | undefined, query: string) { +function hasMatch(title: string | undefined, query: string) { return title && title.toLowerCase().includes(query.toLowerCase()); } @@ -52,9 +52,9 @@ export const searchPages = async ( )?.title ?? ''; } - const navGroupTitleMatch = match(navGroup.title, query); - const titleMatch = match(title, query); - const parentTitleMatch = match(parentNavLinkTitle, query); + const navGroupTitleMatch = hasMatch(navGroup.title, query); + const titleMatch = hasMatch(title, query); + const parentTitleMatch = hasMatch(parentNavLinkTitle, query); return ( !link.disabled && From 9e56a5818baf9d459e6bec37df22411749427695 Mon Sep 17 00:00:00 2001 From: Guido Modarelli Date: Fri, 7 Feb 2025 15:35:03 -0300 Subject: [PATCH 159/212] refactor: remove unused Group interface and related methods for cleaner code --- plugins/wazuh-analysis/public/groups/types.ts | 72 +------------------ 1 file changed, 2 insertions(+), 70 deletions(-) diff --git a/plugins/wazuh-analysis/public/groups/types.ts b/plugins/wazuh-analysis/public/groups/types.ts index 9f39d2de08..e8448b2686 100644 --- a/plugins/wazuh-analysis/public/groups/types.ts +++ b/plugins/wazuh-analysis/public/groups/types.ts @@ -1,78 +1,10 @@ -import { - App, - AppUpdater, - ChromeNavGroup, - ChromeRegistrationNavLink, - CoreSetup, -} from 'opensearch-dashboards/public'; -import { Subject } from 'rxjs'; +import { CLOUD_SECURITY_ID } from './cloud-security/constants'; +import { ENDPOINT_SECURITY_ID } from './endpoint-security/constants'; import { SECURITY_OPERATIONS_ID } from './security-operations/constants'; import { THREAT_INTELLIGENCE_ID } from './threat-intelligence/constants'; -import { ENDPOINT_SECURITY_ID } from './endpoint-security/constants'; -import { CLOUD_SECURITY_ID } from './cloud-security/constants'; export type GroupsId = | typeof ENDPOINT_SECURITY_ID | typeof THREAT_INTELLIGENCE_ID | typeof SECURITY_OPERATIONS_ID | typeof CLOUD_SECURITY_ID; - -export interface Group { - getId: () => GroupId; - getTitle: () => string; - getDescription: () => string; - - /** - * This method is used to retrieve the navigation group to which the group - * belongs. The `ChromeNavGroup` object represents a group of navigation links - * within the OpenSearch Dashboards application. By calling `getNavGroup`, you - * can get the specific navigation group associated with the group, which can - * be used for organizing and displaying navigation links related to that - * group within the application's user interface. - */ - getNavGroup: () => ChromeNavGroup; - - /** - * This method is used to retrieve the specific OpenSearch Dashboards - * application associated with the group. The `App` object represents an - * application within the OpenSearch Dashboards framework and contains - * information about the application, such as its title, description, and - * configuration. - */ - getAppGroup: () => App; - - /** - * This method is used to retrieve a specific navigation link associated with - * the group. The `ChromeRegistrationNavLink` object represents a single - * navigation link within the OpenSearch Dashboards application. By calling - * this method, you can get the specific navigation link that is related to - * the group, which can be used for navigating to a specific section or - * feature within the application's user interface that is associated with - * that group. - */ - getGroupNavLink: () => ChromeRegistrationNavLink; - - /** - * Returns an array of `ChromeRegistrationNavLink` objects. These objects - * represent navigation links for sub-applications within the OpenSearch - * Dashboards application that are associated with the specific group. - */ - getAppsNavLinks: () => ChromeRegistrationNavLink[]; - - /** - * This method is used to retrieve the list of applications associated with - * the specific group. The `updater$` parameter is a subject that can be used - * to update or notify subscribers about changes to the list of applications. - * By calling this method, you can get the array of `App` objects that belong - * to the group, allowing you to access information about each application, - * such as its title, description, and configuration within the OpenSearch - * Dashboards framework. - */ - getApps: (updater$?: Subject) => App[]; - - /** - * This method is used to add navigation links related to the specific group - * within the OpenSearch Dashboards application. - */ - addNavLinks: (core: CoreSetup) => void; -} From 4440a8b4ffcc8669bf291363c1d406e7b9730b74 Mon Sep 17 00:00:00 2001 From: Guido Modarelli Date: Fri, 7 Feb 2025 15:35:36 -0300 Subject: [PATCH 160/212] refactor: update Group import path for consistency and remove unused addNavLinks method --- .../public/groups/cloud-security/index.ts | 10 +--------- .../public/groups/endpoint-security/index.ts | 10 +--------- .../public/groups/security-operations/index.ts | 10 +--------- .../public/groups/threat-intelligence/index.ts | 10 +--------- 4 files changed, 4 insertions(+), 36 deletions(-) diff --git a/plugins/wazuh-analysis/public/groups/cloud-security/index.ts b/plugins/wazuh-analysis/public/groups/cloud-security/index.ts index a6e4f9e127..c07978bef3 100644 --- a/plugins/wazuh-analysis/public/groups/cloud-security/index.ts +++ b/plugins/wazuh-analysis/public/groups/cloud-security/index.ts @@ -4,11 +4,10 @@ import { AppMountParameters, AppUpdater, ChromeRegistrationNavLink, - CoreSetup, } from '../../../../../src/core/public'; -import { Group } from '../types'; import { CATEGORY } from '../category'; import { getCore } from '../../plugin-services'; +import { Group } from '../../../../wazuh-core/public/services/application/types'; import { getCloudSecurityApps } from './applications'; import { CLOUD_SECURITY_DESCRIPTION, @@ -62,11 +61,4 @@ export const CloudSecurityNavGroup: Group = { getApps(updater$?: Subject): App[] { return getCloudSecurityApps(updater$); }, - - addNavLinks(core: CoreSetup): void { - core.chrome.navGroup.addNavLinksToGroup( - CloudSecurityNavGroup.getNavGroup(), - CloudSecurityNavGroup.getAppsNavLinks(), - ); - }, }; diff --git a/plugins/wazuh-analysis/public/groups/endpoint-security/index.ts b/plugins/wazuh-analysis/public/groups/endpoint-security/index.ts index 7b67b57090..765722f881 100644 --- a/plugins/wazuh-analysis/public/groups/endpoint-security/index.ts +++ b/plugins/wazuh-analysis/public/groups/endpoint-security/index.ts @@ -5,11 +5,10 @@ import { AppUpdater, ChromeNavGroup, ChromeRegistrationNavLink, - CoreSetup, } from '../../../../../src/core/public'; import { CATEGORY } from '../category'; -import { Group } from '../types'; import { getCore } from '../../plugin-services'; +import { Group } from '../../../../wazuh-core/public/services/application/types'; import { getEndpointSecurityApps } from './applications'; import { ENDPOINT_SECURITY_DESCRIPTION, @@ -63,11 +62,4 @@ export const EndpointSecurityNavGroup: Group = { getApps(updater$?: Subject): App[] { return getEndpointSecurityApps(updater$); }, - - addNavLinks(core: CoreSetup) { - core.chrome.navGroup.addNavLinksToGroup( - EndpointSecurityNavGroup.getNavGroup(), - EndpointSecurityNavGroup.getAppsNavLinks(), - ); - }, }; diff --git a/plugins/wazuh-analysis/public/groups/security-operations/index.ts b/plugins/wazuh-analysis/public/groups/security-operations/index.ts index d3f613790c..97cef323c6 100644 --- a/plugins/wazuh-analysis/public/groups/security-operations/index.ts +++ b/plugins/wazuh-analysis/public/groups/security-operations/index.ts @@ -4,11 +4,10 @@ import { AppMountParameters, AppUpdater, ChromeRegistrationNavLink, - CoreSetup, } from '../../../../../src/core/public'; import { CATEGORY } from '../category'; -import { Group } from '../types'; import { getCore } from '../../plugin-services'; +import { Group } from '../../../../wazuh-core/public/services/application/types'; import { getSecurityOperationsApps } from './applications'; import { SECURITY_OPERATIONS_DESCRIPTION, @@ -65,11 +64,4 @@ export const SecurityOperationsNavGroup: Group = getApps(updater$?: Subject): App[] { return getSecurityOperationsApps(updater$); }, - - addNavLinks(core: CoreSetup): void { - core.chrome.navGroup.addNavLinksToGroup( - SecurityOperationsNavGroup.getNavGroup(), - SecurityOperationsNavGroup.getAppsNavLinks(), - ); - }, }; diff --git a/plugins/wazuh-analysis/public/groups/threat-intelligence/index.ts b/plugins/wazuh-analysis/public/groups/threat-intelligence/index.ts index 5e88970c50..2406688885 100644 --- a/plugins/wazuh-analysis/public/groups/threat-intelligence/index.ts +++ b/plugins/wazuh-analysis/public/groups/threat-intelligence/index.ts @@ -4,11 +4,10 @@ import { AppMountParameters, AppUpdater, ChromeRegistrationNavLink, - CoreSetup, } from '../../../../../src/core/public'; import { CATEGORY } from '../category'; -import { Group } from '../types'; import { getCore } from '../../plugin-services'; +import { Group } from '../../../../wazuh-core/public/services/application/types'; import { getThreatIntelligenceApps } from './applications'; import { THREAT_INTELLIGENCE_DESCRIPTION, @@ -65,11 +64,4 @@ export const ThreatIntelligenceNavGroup: Group = getApps(updater$?: Subject): App[] { return getThreatIntelligenceApps(updater$); }, - - addNavLinks(core: CoreSetup): void { - core.chrome.navGroup.addNavLinksToGroup( - ThreatIntelligenceNavGroup.getNavGroup(), - ThreatIntelligenceNavGroup.getAppsNavLinks(), - ); - }, }; From bde4bf1f617964a31eecc12856ed19a03313fd25 Mon Sep 17 00:00:00 2001 From: Guido Modarelli Date: Fri, 7 Feb 2025 15:36:25 -0300 Subject: [PATCH 161/212] refactor: enhance Group interface with detailed methods for navigation and application management --- .../public/services/application/types.ts | 62 ++++++++++++++++++- 1 file changed, 61 insertions(+), 1 deletion(-) diff --git a/plugins/wazuh-core/public/services/application/types.ts b/plugins/wazuh-core/public/services/application/types.ts index 008421f3a9..0bd0829a24 100644 --- a/plugins/wazuh-core/public/services/application/types.ts +++ b/plugins/wazuh-core/public/services/application/types.ts @@ -1,6 +1,66 @@ -import { App } from '../../../../src/core/public'; +import { + App, + AppUpdater, + ChromeNavGroup, + ChromeRegistrationNavLink, +} from 'opensearch-dashboards/public'; +import { Subject } from 'rxjs'; export interface AppOperations { beforeMount?: () => Partial; cleanup?: () => Partial; } + +export interface Group { + getId: () => GroupId; + getTitle: () => string; + getDescription: () => string; + + /** + * This method is used to retrieve the navigation group to which the group + * belongs. The `ChromeNavGroup` object represents a group of navigation links + * within the OpenSearch Dashboards application. By calling `getNavGroup`, you + * can get the specific navigation group associated with the group, which can + * be used for organizing and displaying navigation links related to that + * group within the application's user interface. + */ + getNavGroup: () => ChromeNavGroup; + + /** + * This method is used to retrieve the specific OpenSearch Dashboards + * application associated with the group. The `App` object represents an + * application within the OpenSearch Dashboards framework and contains + * information about the application, such as its title, description, and + * configuration. + */ + getAppGroup: () => App; + + /** + * This method is used to retrieve a specific navigation link associated with + * the group. The `ChromeRegistrationNavLink` object represents a single + * navigation link within the OpenSearch Dashboards application. By calling + * this method, you can get the specific navigation link that is related to + * the group, which can be used for navigating to a specific section or + * feature within the application's user interface that is associated with + * that group. + */ + getGroupNavLink: () => ChromeRegistrationNavLink; + + /** + * Returns an array of `ChromeRegistrationNavLink` objects. These objects + * represent navigation links for sub-applications within the OpenSearch + * Dashboards application that are associated with the specific group. + */ + getAppsNavLinks: () => ChromeRegistrationNavLink[]; + + /** + * This method is used to retrieve the list of applications associated with + * the specific group. The `updater$` parameter is a subject that can be used + * to update or notify subscribers about changes to the list of applications. + * By calling this method, you can get the array of `App` objects that belong + * to the group, allowing you to access information about each application, + * such as its title, description, and configuration within the OpenSearch + * Dashboards framework. + */ + getApps: (updater$?: Subject) => App[]; +} From b04a41ab836c4c6b7891ff350975f7020883c5f9 Mon Sep 17 00:00:00 2001 From: Guido Modarelli Date: Fri, 7 Feb 2025 15:39:57 -0300 Subject: [PATCH 162/212] refactor: enrich debug logging in registerAppUpdater with appId for better traceability --- plugins/wazuh-core/public/services/application/application.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/plugins/wazuh-core/public/services/application/application.ts b/plugins/wazuh-core/public/services/application/application.ts index e608c77cb2..4676ae5f20 100644 --- a/plugins/wazuh-core/public/services/application/application.ts +++ b/plugins/wazuh-core/public/services/application/application.ts @@ -46,7 +46,7 @@ export class ApplicationService { * updater. */ registerAppUpdater(appId: string) { - this.logger?.debug('registerAppUpdater'); + this.logger?.debug(`registerAppUpdater (AppId: ${appId})`); this.appUpdater$[appId] = new Subject(); } From 75c4af41e65823d3ef3f4cf54c57a252b2d1e7ef Mon Sep 17 00:00:00 2001 From: Guido Modarelli Date: Fri, 7 Feb 2025 15:40:55 -0300 Subject: [PATCH 163/212] refactor: reorganize application service methods for clearer structure and enhance navigation group setup logic --- .../services/application/application.ts | 45 ++++++++++++++----- 1 file changed, 34 insertions(+), 11 deletions(-) diff --git a/plugins/wazuh-core/public/services/application/application.ts b/plugins/wazuh-core/public/services/application/application.ts index 4676ae5f20..f77dfb0ca3 100644 --- a/plugins/wazuh-core/public/services/application/application.ts +++ b/plugins/wazuh-core/public/services/application/application.ts @@ -1,6 +1,6 @@ -import { first } from 'rxjs/operators'; -import { Subject } from 'rxjs'; import { Logger } from '@osd/logging'; +import { Subject } from 'rxjs'; +import { first } from 'rxjs/operators'; import { App, AppMount, @@ -9,10 +9,11 @@ import { AppUpdater, CoreSetup, CoreStart, + DEFAULT_NAV_GROUPS, NavGroupItemInMap, } from '../../../../../src/core/public'; import { AppUpdaterNotFoundError } from './errors/app-updater-not-found-error'; -import { AppOperations } from './types'; +import { AppOperations, Group } from './types'; export class ApplicationService { /** @@ -124,16 +125,13 @@ export class ApplicationService { * the application for mounting, while the `cleanup` function is used to clean * up the application after it has been unmounted. */ - initializeNavGroupMounts( - apps: App[], + modifyAppGroupMount( + app: App, core: CoreSetup, appOperations?: AppOperations, ) { - this.logger?.debug('initializeNavGroupMounts'); - const beforeMount = appOperations?.beforeMount ?? this.setNavLinkVisible; - for (const app of apps) { this.logger?.debug(`initializeApp ${app.id}`); const mount = app.mount.bind(app) as AppMount; @@ -155,9 +153,6 @@ export class ApplicationService { return true; }; }; - - core.application.register(app); - } } /** @@ -270,4 +265,32 @@ export class ApplicationService { core.application.navigateToApp(firstNavItem.id); } } + + private registerAppGroup(appGroup: App, core: CoreSetup) { + this.registerAppUpdater(appGroup.id); + this.modifyAppGroupMount(appGroup, core); + core.application.register(appGroup); + } + + private registerNavGroup(navGroup: Group, core: CoreSetup) { + core.chrome.navGroup.addNavLinksToGroup(DEFAULT_NAV_GROUPS.all, [ + navGroup.getGroupNavLink(), + ]); + core.chrome.navGroup.addNavLinksToGroup( + navGroup.getNavGroup(), + navGroup.getAppsNavLinks(), + ); + + this.registerAppGroup(navGroup.getAppGroup(), core); + } + + /** + * This method is used to add navigation links related to the specific group + * within the OpenSearch Dashboards application. + */ + setup(navGroups: Group[], core: CoreSetup) { + for (const navGroup of navGroups) { + this.registerNavGroup(navGroup, core); + } + } } From e4313f8c2a883562a0d37b77343e733e4f5a96e9 Mon Sep 17 00:00:00 2001 From: Guido Modarelli Date: Fri, 7 Feb 2025 15:42:41 -0300 Subject: [PATCH 164/212] refactor: streamline application initialization and navigation group handling for improved clarity and functionality --- plugins/wazuh-analysis/public/plugin.ts | 38 ++++--------------- .../services/application/application.ts | 30 +++++++-------- 2 files changed, 22 insertions(+), 46 deletions(-) diff --git a/plugins/wazuh-analysis/public/plugin.ts b/plugins/wazuh-analysis/public/plugin.ts index 9c250b4add..304ca068c9 100644 --- a/plugins/wazuh-analysis/public/plugin.ts +++ b/plugins/wazuh-analysis/public/plugin.ts @@ -1,17 +1,12 @@ -import { - App, - CoreSetup, - CoreStart, - DEFAULT_NAV_GROUPS, - Plugin, -} from '../../../src/core/public'; +import { App, CoreSetup, CoreStart, Plugin } from '../../../src/core/public'; import { ApplicationService } from '../../wazuh-core/public/services/application/application'; +import { Group } from '../../wazuh-core/public/services/application/types'; import { searchPages } from './components/global_search/search-pages-command'; import { CloudSecurityNavGroup } from './groups/cloud-security'; import { EndpointSecurityNavGroup } from './groups/endpoint-security'; import { SecurityOperationsNavGroup } from './groups/security-operations'; import { ThreatIntelligenceNavGroup } from './groups/threat-intelligence'; -import { Group, GroupsId } from './groups/types'; +import { GroupsId } from './groups/types'; import { getCore, setCore } from './plugin-services'; import { AnalysisSetup, @@ -38,20 +33,14 @@ export class AnalysisPlugin const applications: App[] = this.navGroups.map(navGroup => navGroup.getAppGroup(), ); - - applicationService.initializeNavGroupMounts(applications, core); + const applicationIds = applications.map(app => app.id); if (core.chrome.navGroup.getNavGroupEnabled()) { core.chrome.globalSearch.registerSearchCommand({ id: 'wz-analysis', type: 'PAGES', run: async (query: string, done?: () => void) => - searchPages( - query, - applications.map(app => app.id), - getCore(), - done, - ), + searchPages(query, applicationIds, getCore(), done), }); } @@ -60,16 +49,7 @@ export class AnalysisPlugin ); for (const apps of subApps) { - applicationService.initializeSubApplicationMounts(apps, core); - } - } - - private registerNavGroups(core: CoreSetup) { - for (const navGroup of this.navGroups) { - navGroup.addNavLinks(core); - core.chrome.navGroup.addNavLinksToGroup(DEFAULT_NAV_GROUPS.all, [ - navGroup.getGroupNavLink(), - ]); + applicationService.modifySubAppsMount(apps, core); } } @@ -81,12 +61,8 @@ export class AnalysisPlugin const wazuhCore = plugins.wazuhCore; - for (const navGroup of this.navGroups) { - wazuhCore.applicationService.registerAppUpdater(navGroup.getId()); - } - + wazuhCore.applicationService.setup(this.navGroups, core); this.registerApps(core, wazuhCore.applicationService); - this.registerNavGroups(core); return {}; } diff --git a/plugins/wazuh-core/public/services/application/application.ts b/plugins/wazuh-core/public/services/application/application.ts index f77dfb0ca3..f1010c199d 100644 --- a/plugins/wazuh-core/public/services/application/application.ts +++ b/plugins/wazuh-core/public/services/application/application.ts @@ -132,27 +132,27 @@ export class ApplicationService { ) { const beforeMount = appOperations?.beforeMount ?? this.setNavLinkVisible; - this.logger?.debug(`initializeApp ${app.id}`); + this.logger?.debug(`initializeApp ${app.id}`); - const mount = app.mount.bind(app) as AppMount; - const navGroupId = this.getNavGroupId(app.id); + const mount = app.mount.bind(app) as AppMount; + const navGroupId = this.getNavGroupId(app.id); - app.mount = async (params: AppMountParameters) => { - if (core.chrome.navGroup.getNavGroupEnabled()) { - this.getAppUpdater(navGroupId).next(beforeMount); - this.appStartup$.next(navGroupId); - } + app.mount = async (params: AppMountParameters) => { + if (core.chrome.navGroup.getNavGroupEnabled()) { + this.getAppUpdater(navGroupId).next(beforeMount); + this.appStartup$.next(navGroupId); + } - const unmount = await mount(params); + const unmount = await mount(params); - return () => { - this.logger?.debug(`unmount ${app.id}`); + return () => { + this.logger?.debug(`unmount ${app.id}`); - unmount(); + unmount(); - return true; - }; + return true; }; + }; } /** @@ -172,7 +172,7 @@ export class ApplicationService { * the application for mounting, while the `cleanup` function is used to clean * up the application after it has been unmounted. */ - initializeSubApplicationMounts( + modifySubAppsMount( apps: App[], core: CoreSetup, appOperations?: AppOperations, From 92c3701f14b30aec8f92d0d7e2e10515de1655ea Mon Sep 17 00:00:00 2001 From: Guido Modarelli Date: Fri, 7 Feb 2025 15:45:00 -0300 Subject: [PATCH 165/212] refactor: rename method and streamline navigation group assignment for improved code clarity and organization --- .../wazuh-core/public/services/application/application.ts | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/plugins/wazuh-core/public/services/application/application.ts b/plugins/wazuh-core/public/services/application/application.ts index f1010c199d..ef5d568618 100644 --- a/plugins/wazuh-core/public/services/application/application.ts +++ b/plugins/wazuh-core/public/services/application/application.ts @@ -272,7 +272,7 @@ export class ApplicationService { core.application.register(appGroup); } - private registerNavGroup(navGroup: Group, core: CoreSetup) { + private assignNavLinksToChromeGroups(navGroup: Group, core: CoreSetup) { core.chrome.navGroup.addNavLinksToGroup(DEFAULT_NAV_GROUPS.all, [ navGroup.getGroupNavLink(), ]); @@ -280,7 +280,10 @@ export class ApplicationService { navGroup.getNavGroup(), navGroup.getAppsNavLinks(), ); + } + private registerNavGroup(navGroup: Group, core: CoreSetup) { + this.assignNavLinksToChromeGroups(navGroup, core); this.registerAppGroup(navGroup.getAppGroup(), core); } From 6bebaa00109e79f8b09da5e76b7db3ca31ab452e Mon Sep 17 00:00:00 2001 From: Guido Modarelli Date: Fri, 7 Feb 2025 15:51:32 -0300 Subject: [PATCH 166/212] refactor: simplify app registration and enhance navigation group handling for better code clarity and maintainability --- plugins/wazuh-analysis/public/plugin.ts | 21 +++---------------- .../services/application/application.ts | 9 ++++++++ 2 files changed, 12 insertions(+), 18 deletions(-) diff --git a/plugins/wazuh-analysis/public/plugin.ts b/plugins/wazuh-analysis/public/plugin.ts index 304ca068c9..846b97e966 100644 --- a/plugins/wazuh-analysis/public/plugin.ts +++ b/plugins/wazuh-analysis/public/plugin.ts @@ -1,5 +1,4 @@ import { App, CoreSetup, CoreStart, Plugin } from '../../../src/core/public'; -import { ApplicationService } from '../../wazuh-core/public/services/application/application'; import { Group } from '../../wazuh-core/public/services/application/types'; import { searchPages } from './components/global_search/search-pages-command'; import { CloudSecurityNavGroup } from './groups/cloud-security'; @@ -26,10 +25,7 @@ export class AnalysisPlugin CloudSecurityNavGroup, ]; - private registerApps( - core: CoreSetup, - applicationService: ApplicationService, - ) { + private registerApps(core: CoreSetup) { const applications: App[] = this.navGroups.map(navGroup => navGroup.getAppGroup(), ); @@ -43,14 +39,6 @@ export class AnalysisPlugin searchPages(query, applicationIds, getCore(), done), }); } - - const subApps: App[][] = this.navGroups.map(navGroup => - navGroup.getApps(applicationService.getAppUpdater(navGroup.getId())), - ); - - for (const apps of subApps) { - applicationService.modifySubAppsMount(apps, core); - } } public setup( @@ -58,11 +46,8 @@ export class AnalysisPlugin plugins: AnalysisSetupDependencies, ): AnalysisSetup | Promise { console.debug('AnalysisPlugin started'); - - const wazuhCore = plugins.wazuhCore; - - wazuhCore.applicationService.setup(this.navGroups, core); - this.registerApps(core, wazuhCore.applicationService); + plugins.wazuhCore.applicationService.setup(this.navGroups, core); + this.registerApps(core); return {}; } diff --git a/plugins/wazuh-core/public/services/application/application.ts b/plugins/wazuh-core/public/services/application/application.ts index ef5d568618..b658c40984 100644 --- a/plugins/wazuh-core/public/services/application/application.ts +++ b/plugins/wazuh-core/public/services/application/application.ts @@ -287,6 +287,14 @@ export class ApplicationService { this.registerAppGroup(navGroup.getAppGroup(), core); } + private registerSubAppsGroups(navGroup: Group, core: CoreSetup) { + const subApps: App[] = navGroup.getApps( + this.getAppUpdater(navGroup.getId()), + ); + + this.modifySubAppsMount(subApps, core); + } + /** * This method is used to add navigation links related to the specific group * within the OpenSearch Dashboards application. @@ -294,6 +302,7 @@ export class ApplicationService { setup(navGroups: Group[], core: CoreSetup) { for (const navGroup of navGroups) { this.registerNavGroup(navGroup, core); + this.registerSubAppsGroups(navGroup, core); } } } From 4c4d67eeb984166ed09257520c4419f8f3a7818b Mon Sep 17 00:00:00 2001 From: Guido Modarelli Date: Fri, 7 Feb 2025 15:56:08 -0300 Subject: [PATCH 167/212] refactor: rename and simplify sub-app mounting logic for improved clarity and organization --- .../services/application/application.ts | 47 +++++++++---------- 1 file changed, 21 insertions(+), 26 deletions(-) diff --git a/plugins/wazuh-core/public/services/application/application.ts b/plugins/wazuh-core/public/services/application/application.ts index b658c40984..dec6c13d3d 100644 --- a/plugins/wazuh-core/public/services/application/application.ts +++ b/plugins/wazuh-core/public/services/application/application.ts @@ -172,44 +172,36 @@ export class ApplicationService { * the application for mounting, while the `cleanup` function is used to clean * up the application after it has been unmounted. */ - modifySubAppsMount( - apps: App[], - core: CoreSetup, - appOperations?: AppOperations, - ) { + modifySubAppMount(app: App, core: CoreSetup, appOperations?: AppOperations) { this.logger?.debug('initializeSubApplicationMounts'); const beforeMount = appOperations?.beforeMount ?? this.setNavLinkVisible; const cleanup = appOperations?.cleanup ?? this.setNavLinkHidden; - for (const app of apps) { - this.logger?.debug(`initializeApp ${app.id}`); + this.logger?.debug(`initializeApp ${app.id}`); - const mount = app.mount.bind(app) as AppMount; - const navGroupId = this.getNavGroupId(app.id); + const mount = app.mount.bind(app) as AppMount; + const navGroupId = this.getNavGroupId(app.id); - app.mount = async (params: AppMountParameters) => { - if (core.chrome.navGroup.getNavGroupEnabled()) { - this.getAppUpdater(navGroupId).next(beforeMount); - } + app.mount = async (params: AppMountParameters) => { + if (core.chrome.navGroup.getNavGroupEnabled()) { + this.getAppUpdater(navGroupId).next(beforeMount); + } - const unmount = await mount(params); + const unmount = await mount(params); - return () => { - this.logger?.debug(`unmount ${app.id}`); + return () => { + this.logger?.debug(`unmount ${app.id}`); - if (core.chrome.navGroup.getNavGroupEnabled()) { - this.getAppUpdater(navGroupId).next(cleanup); - } + if (core.chrome.navGroup.getNavGroupEnabled()) { + this.getAppUpdater(navGroupId).next(cleanup); + } - unmount(); + unmount(); - return true; - }; + return true; }; - - core.application.register(app); - } + }; } /** @@ -292,7 +284,10 @@ export class ApplicationService { this.getAppUpdater(navGroup.getId()), ); - this.modifySubAppsMount(subApps, core); + for (const app of subApps) { + this.modifySubAppMount(app, core); + core.application.register(app); + } } /** From 66f95f06f28af82592e57a7f26ffc15096f87458 Mon Sep 17 00:00:00 2001 From: Guido Modarelli Date: Fri, 7 Feb 2025 16:03:07 -0300 Subject: [PATCH 168/212] feat: add global search page item and search pages command components for enhanced navigation and search functionality --- .../public/components/global_search/global-search-page-item.tsx | 0 .../public/components/global_search/search-pages-command.tsx | 0 2 files changed, 0 insertions(+), 0 deletions(-) rename plugins/{wazuh-analysis => wazuh-core}/public/components/global_search/global-search-page-item.tsx (100%) rename plugins/{wazuh-analysis => wazuh-core}/public/components/global_search/search-pages-command.tsx (100%) diff --git a/plugins/wazuh-analysis/public/components/global_search/global-search-page-item.tsx b/plugins/wazuh-core/public/components/global_search/global-search-page-item.tsx similarity index 100% rename from plugins/wazuh-analysis/public/components/global_search/global-search-page-item.tsx rename to plugins/wazuh-core/public/components/global_search/global-search-page-item.tsx diff --git a/plugins/wazuh-analysis/public/components/global_search/search-pages-command.tsx b/plugins/wazuh-core/public/components/global_search/search-pages-command.tsx similarity index 100% rename from plugins/wazuh-analysis/public/components/global_search/search-pages-command.tsx rename to plugins/wazuh-core/public/components/global_search/search-pages-command.tsx From fa0cf392daf290734380e6aa59dd809ad433bb4c Mon Sep 17 00:00:00 2001 From: Guido Modarelli Date: Fri, 7 Feb 2025 16:10:32 -0300 Subject: [PATCH 169/212] refactor: enhance application setup and search command registration for improved modularity and clarity --- plugins/wazuh-analysis/public/plugin.ts | 27 +++------- .../services/application/application.ts | 50 +++++++++++++++++-- 2 files changed, 54 insertions(+), 23 deletions(-) diff --git a/plugins/wazuh-analysis/public/plugin.ts b/plugins/wazuh-analysis/public/plugin.ts index 846b97e966..eba085ceab 100644 --- a/plugins/wazuh-analysis/public/plugin.ts +++ b/plugins/wazuh-analysis/public/plugin.ts @@ -1,6 +1,5 @@ -import { App, CoreSetup, CoreStart, Plugin } from '../../../src/core/public'; +import { CoreSetup, CoreStart, Plugin } from '../../../src/core/public'; import { Group } from '../../wazuh-core/public/services/application/types'; -import { searchPages } from './components/global_search/search-pages-command'; import { CloudSecurityNavGroup } from './groups/cloud-security'; import { EndpointSecurityNavGroup } from './groups/endpoint-security'; import { SecurityOperationsNavGroup } from './groups/security-operations'; @@ -25,29 +24,17 @@ export class AnalysisPlugin CloudSecurityNavGroup, ]; - private registerApps(core: CoreSetup) { - const applications: App[] = this.navGroups.map(navGroup => - navGroup.getAppGroup(), - ); - const applicationIds = applications.map(app => app.id); - - if (core.chrome.navGroup.getNavGroupEnabled()) { - core.chrome.globalSearch.registerSearchCommand({ - id: 'wz-analysis', - type: 'PAGES', - run: async (query: string, done?: () => void) => - searchPages(query, applicationIds, getCore(), done), - }); - } - } - public setup( core: CoreSetup, plugins: AnalysisSetupDependencies, ): AnalysisSetup | Promise { console.debug('AnalysisPlugin started'); - plugins.wazuhCore.applicationService.setup(this.navGroups, core); - this.registerApps(core); + plugins.wazuhCore.applicationService.setup({ + id: 'wz-analysis', + navGroups: this.navGroups, + coreSetup: core, + getCoreStart: getCore, + }); return {}; } diff --git a/plugins/wazuh-core/public/services/application/application.ts b/plugins/wazuh-core/public/services/application/application.ts index dec6c13d3d..35de275fd0 100644 --- a/plugins/wazuh-core/public/services/application/application.ts +++ b/plugins/wazuh-core/public/services/application/application.ts @@ -12,6 +12,7 @@ import { DEFAULT_NAV_GROUPS, NavGroupItemInMap, } from '../../../../../src/core/public'; +import { searchPages } from '../../components/global_search/search-pages-command'; import { AppUpdaterNotFoundError } from './errors/app-updater-not-found-error'; import { AppOperations, Group } from './types'; @@ -290,14 +291,57 @@ export class ApplicationService { } } + private registerSearchCommand({ + id, + navGroups, + coreSetup, + getCoreStart, + }: { + id: string; + navGroups: Group[]; + coreSetup: CoreSetup; + getCoreStart: () => CoreStart; + }) { + const applications: App[] = navGroups.map(navGroup => + navGroup.getAppGroup(), + ); + const applicationIds = applications.map(app => app.id); + + if (coreSetup.chrome.navGroup.getNavGroupEnabled()) { + coreSetup.chrome.globalSearch.registerSearchCommand({ + id, + type: 'PAGES', + run: async (query: string, done?: () => void) => + searchPages(query, applicationIds, getCoreStart(), done), + }); + } + } + /** * This method is used to add navigation links related to the specific group * within the OpenSearch Dashboards application. */ - setup(navGroups: Group[], core: CoreSetup) { + setup({ + id, + navGroups, + coreSetup, + getCoreStart, + }: { + id: string; + navGroups: Group[]; + coreSetup: CoreSetup; + getCoreStart: () => CoreStart; + }) { for (const navGroup of navGroups) { - this.registerNavGroup(navGroup, core); - this.registerSubAppsGroups(navGroup, core); + this.registerNavGroup(navGroup, coreSetup); + this.registerSubAppsGroups(navGroup, coreSetup); } + + this.registerSearchCommand({ + id, + navGroups, + coreSetup, + getCoreStart, + }); } } From 4b98efccead88c293a73b3a8ba9d2e1c994af3c2 Mon Sep 17 00:00:00 2001 From: Guido Modarelli Date: Fri, 7 Feb 2025 16:16:31 -0300 Subject: [PATCH 170/212] refactor: simplify application startup method for improved clarity and consistency --- plugins/wazuh-analysis/public/plugin.ts | 4 +--- plugins/wazuh-core/public/services/application/application.ts | 2 +- 2 files changed, 2 insertions(+), 4 deletions(-) diff --git a/plugins/wazuh-analysis/public/plugin.ts b/plugins/wazuh-analysis/public/plugin.ts index eba085ceab..d1bc3db2bf 100644 --- a/plugins/wazuh-analysis/public/plugin.ts +++ b/plugins/wazuh-analysis/public/plugin.ts @@ -45,9 +45,7 @@ export class AnalysisPlugin ): AnalysisStart | Promise { setCore(core); - const wazuhCore = plugins.wazuhCore; - - wazuhCore.applicationService.onAppStartupSubscribe(core); + plugins.wazuhCore.applicationService.onAppStartup(core); return {}; } diff --git a/plugins/wazuh-core/public/services/application/application.ts b/plugins/wazuh-core/public/services/application/application.ts index 35de275fd0..5b565365b1 100644 --- a/plugins/wazuh-core/public/services/application/application.ts +++ b/plugins/wazuh-core/public/services/application/application.ts @@ -215,7 +215,7 @@ export class ApplicationService { * the application's core services, such as navigation, UI components, data * fetching, and more. */ - onAppStartupSubscribe(core: CoreStart) { + onAppStartup(core: CoreStart) { this.appStartup$.subscribe({ next: async (navGroupId: string) => { this.logger?.debug(`onAppStartupSubscribe ${navGroupId}`); From 77e6c04501b62e14ad0dbbdda7ff27b593008385 Mon Sep 17 00:00:00 2001 From: Guido Modarelli Date: Fri, 7 Feb 2025 16:46:43 -0300 Subject: [PATCH 171/212] refactor: streamline application mount logic for improved clarity and modularity --- .../services/application/application.ts | 97 +++++++++---------- 1 file changed, 48 insertions(+), 49 deletions(-) diff --git a/plugins/wazuh-core/public/services/application/application.ts b/plugins/wazuh-core/public/services/application/application.ts index 5b565365b1..b8240c180f 100644 --- a/plugins/wazuh-core/public/services/application/application.ts +++ b/plugins/wazuh-core/public/services/application/application.ts @@ -109,6 +109,38 @@ export class ApplicationService { return appId.split('_%2F')[0]; } + private isNavGroupEnabled(core: CoreSetup) { + return core.chrome.navGroup.getNavGroupEnabled(); + } + + private modifyMount( + app: App, + core: CoreSetup, + appOperations?: AppOperations, + ) { + this.logger?.debug(`${this.modifyMount.name} [AppId: ${app.id}]`); + + const mount = app.mount.bind(app) as AppMount; + + app.mount = async (params: AppMountParameters) => { + if (this.isNavGroupEnabled(core)) { + appOperations?.beforeMount?.(); + } + + const unmount = await mount(params); + + return () => { + this.logger?.debug(`Unmount [AppId: ${app.id}]`); + + if (this.isNavGroupEnabled(core)) { + appOperations?.cleanup?.(); + } + + return unmount(); + }; + }; + } + /** * The method initializes and registers the mounting of a set of * applications that belong to navigation groups. @@ -126,34 +158,17 @@ export class ApplicationService { * the application for mounting, while the `cleanup` function is used to clean * up the application after it has been unmounted. */ - modifyAppGroupMount( - app: App, - core: CoreSetup, - appOperations?: AppOperations, - ) { - const beforeMount = appOperations?.beforeMount ?? this.setNavLinkVisible; - - this.logger?.debug(`initializeApp ${app.id}`); + modifyAppGroupMount(app: App, core: CoreSetup) { + this.logger?.debug(this.modifyAppGroupMount.name); - const mount = app.mount.bind(app) as AppMount; const navGroupId = this.getNavGroupId(app.id); - app.mount = async (params: AppMountParameters) => { - if (core.chrome.navGroup.getNavGroupEnabled()) { - this.getAppUpdater(navGroupId).next(beforeMount); - this.appStartup$.next(navGroupId); - } - - const unmount = await mount(params); - - return () => { - this.logger?.debug(`unmount ${app.id}`); - - unmount(); - - return true; - }; + const beforeMount = () => { + this.getAppUpdater(navGroupId).next(this.setNavLinkVisible); + this.appStartup$.next(navGroupId); }; + + this.modifyMount(app, core, { beforeMount }); } /** @@ -173,36 +188,20 @@ export class ApplicationService { * the application for mounting, while the `cleanup` function is used to clean * up the application after it has been unmounted. */ - modifySubAppMount(app: App, core: CoreSetup, appOperations?: AppOperations) { - this.logger?.debug('initializeSubApplicationMounts'); + modifySubAppMount(app: App, core: CoreSetup) { + this.logger?.debug(this.modifySubAppMount.name); - const beforeMount = appOperations?.beforeMount ?? this.setNavLinkVisible; - const cleanup = appOperations?.cleanup ?? this.setNavLinkHidden; - - this.logger?.debug(`initializeApp ${app.id}`); - - const mount = app.mount.bind(app) as AppMount; const navGroupId = this.getNavGroupId(app.id); - app.mount = async (params: AppMountParameters) => { - if (core.chrome.navGroup.getNavGroupEnabled()) { - this.getAppUpdater(navGroupId).next(beforeMount); - } - - const unmount = await mount(params); - - return () => { - this.logger?.debug(`unmount ${app.id}`); - - if (core.chrome.navGroup.getNavGroupEnabled()) { - this.getAppUpdater(navGroupId).next(cleanup); - } - - unmount(); + const beforeMount = () => { + this.getAppUpdater(navGroupId).next(this.setNavLinkVisible); + }; - return true; - }; + const cleanup = () => { + this.getAppUpdater(navGroupId).next(this.setNavLinkHidden); }; + + this.modifyMount(app, core, { beforeMount, cleanup }); } /** From a73eb4837d09a72722ffa8396a44073ea3e3b4b6 Mon Sep 17 00:00:00 2001 From: Guido Modarelli Date: Fri, 7 Feb 2025 16:50:32 -0300 Subject: [PATCH 172/212] refactor: replace getCoreStart with getCore for improved consistency in application service --- plugins/wazuh-analysis/public/plugin.ts | 3 +-- .../wazuh-core/public/services/application/application.ts | 8 ++------ 2 files changed, 3 insertions(+), 8 deletions(-) diff --git a/plugins/wazuh-analysis/public/plugin.ts b/plugins/wazuh-analysis/public/plugin.ts index d1bc3db2bf..2b7dedb24e 100644 --- a/plugins/wazuh-analysis/public/plugin.ts +++ b/plugins/wazuh-analysis/public/plugin.ts @@ -5,7 +5,7 @@ import { EndpointSecurityNavGroup } from './groups/endpoint-security'; import { SecurityOperationsNavGroup } from './groups/security-operations'; import { ThreatIntelligenceNavGroup } from './groups/threat-intelligence'; import { GroupsId } from './groups/types'; -import { getCore, setCore } from './plugin-services'; +import { setCore } from './plugin-services'; import { AnalysisSetup, AnalysisSetupDependencies, @@ -33,7 +33,6 @@ export class AnalysisPlugin id: 'wz-analysis', navGroups: this.navGroups, coreSetup: core, - getCoreStart: getCore, }); return {}; diff --git a/plugins/wazuh-core/public/services/application/application.ts b/plugins/wazuh-core/public/services/application/application.ts index b8240c180f..14774a2288 100644 --- a/plugins/wazuh-core/public/services/application/application.ts +++ b/plugins/wazuh-core/public/services/application/application.ts @@ -13,6 +13,7 @@ import { NavGroupItemInMap, } from '../../../../../src/core/public'; import { searchPages } from '../../components/global_search/search-pages-command'; +import { getCore } from '../../plugin-services'; import { AppUpdaterNotFoundError } from './errors/app-updater-not-found-error'; import { AppOperations, Group } from './types'; @@ -294,12 +295,10 @@ export class ApplicationService { id, navGroups, coreSetup, - getCoreStart, }: { id: string; navGroups: Group[]; coreSetup: CoreSetup; - getCoreStart: () => CoreStart; }) { const applications: App[] = navGroups.map(navGroup => navGroup.getAppGroup(), @@ -311,7 +310,7 @@ export class ApplicationService { id, type: 'PAGES', run: async (query: string, done?: () => void) => - searchPages(query, applicationIds, getCoreStart(), done), + searchPages(query, applicationIds, getCore(), done), }); } } @@ -324,12 +323,10 @@ export class ApplicationService { id, navGroups, coreSetup, - getCoreStart, }: { id: string; navGroups: Group[]; coreSetup: CoreSetup; - getCoreStart: () => CoreStart; }) { for (const navGroup of navGroups) { this.registerNavGroup(navGroup, coreSetup); @@ -340,7 +337,6 @@ export class ApplicationService { id, navGroups, coreSetup, - getCoreStart, }); } } From 7229b20cd6625f3ced8165a173e600c50a92d3b1 Mon Sep 17 00:00:00 2001 From: Guido Modarelli Date: Fri, 7 Feb 2025 17:00:28 -0300 Subject: [PATCH 173/212] refactor: update ApplicationService to use coreSetup for improved modularity and clarity --- plugins/wazuh-core/public/plugin.ts | 2 +- .../services/application/application.ts | 55 +++++++++---------- 2 files changed, 28 insertions(+), 29 deletions(-) diff --git a/plugins/wazuh-core/public/plugin.ts b/plugins/wazuh-core/public/plugin.ts index 0eb32e05ec..2fff4cb9ad 100644 --- a/plugins/wazuh-core/public/plugin.ts +++ b/plugins/wazuh-core/public/plugin.ts @@ -85,7 +85,7 @@ export class WazuhCorePlugin new UISettingsConfigProvider(core.uiSettings), ); - this.services.applicationService = new ApplicationService(logger); + this.services.applicationService = new ApplicationService(logger, core); this.services.configuration = new Configuration( logger, diff --git a/plugins/wazuh-core/public/services/application/application.ts b/plugins/wazuh-core/public/services/application/application.ts index 14774a2288..9b42b49a5c 100644 --- a/plugins/wazuh-core/public/services/application/application.ts +++ b/plugins/wazuh-core/public/services/application/application.ts @@ -31,7 +31,10 @@ export class ApplicationService { */ private readonly appStartup$ = new Subject(); - constructor(private readonly logger?: Logger) {} + constructor( + private readonly logger: Logger, + private readonly coreSetup: CoreSetup, + ) {} /** * Asynchronously gets the current navigation group. @@ -110,21 +113,17 @@ export class ApplicationService { return appId.split('_%2F')[0]; } - private isNavGroupEnabled(core: CoreSetup) { - return core.chrome.navGroup.getNavGroupEnabled(); + private isNavGroupEnabled() { + return this.coreSetup.chrome.navGroup.getNavGroupEnabled(); } - private modifyMount( - app: App, - core: CoreSetup, - appOperations?: AppOperations, - ) { + private modifyMount(app: App, appOperations?: AppOperations) { this.logger?.debug(`${this.modifyMount.name} [AppId: ${app.id}]`); const mount = app.mount.bind(app) as AppMount; app.mount = async (params: AppMountParameters) => { - if (this.isNavGroupEnabled(core)) { + if (this.isNavGroupEnabled()) { appOperations?.beforeMount?.(); } @@ -133,7 +132,7 @@ export class ApplicationService { return () => { this.logger?.debug(`Unmount [AppId: ${app.id}]`); - if (this.isNavGroupEnabled(core)) { + if (this.isNavGroupEnabled()) { appOperations?.cleanup?.(); } @@ -159,7 +158,7 @@ export class ApplicationService { * the application for mounting, while the `cleanup` function is used to clean * up the application after it has been unmounted. */ - modifyAppGroupMount(app: App, core: CoreSetup) { + modifyAppGroupMount(app: App) { this.logger?.debug(this.modifyAppGroupMount.name); const navGroupId = this.getNavGroupId(app.id); @@ -169,7 +168,7 @@ export class ApplicationService { this.appStartup$.next(navGroupId); }; - this.modifyMount(app, core, { beforeMount }); + this.modifyMount(app, { beforeMount }); } /** @@ -189,7 +188,7 @@ export class ApplicationService { * the application for mounting, while the `cleanup` function is used to clean * up the application after it has been unmounted. */ - modifySubAppMount(app: App, core: CoreSetup) { + modifySubAppMount(app: App) { this.logger?.debug(this.modifySubAppMount.name); const navGroupId = this.getNavGroupId(app.id); @@ -202,7 +201,7 @@ export class ApplicationService { this.getAppUpdater(navGroupId).next(this.setNavLinkHidden); }; - this.modifyMount(app, core, { beforeMount, cleanup }); + this.modifyMount(app, { beforeMount, cleanup }); } /** @@ -259,35 +258,35 @@ export class ApplicationService { } } - private registerAppGroup(appGroup: App, core: CoreSetup) { + private registerAppGroup(appGroup: App) { this.registerAppUpdater(appGroup.id); - this.modifyAppGroupMount(appGroup, core); - core.application.register(appGroup); + this.modifyAppGroupMount(appGroup); + this.coreSetup.application.register(appGroup); } - private assignNavLinksToChromeGroups(navGroup: Group, core: CoreSetup) { - core.chrome.navGroup.addNavLinksToGroup(DEFAULT_NAV_GROUPS.all, [ + private assignNavLinksToChromeGroups(navGroup: Group) { + this.coreSetup.chrome.navGroup.addNavLinksToGroup(DEFAULT_NAV_GROUPS.all, [ navGroup.getGroupNavLink(), ]); - core.chrome.navGroup.addNavLinksToGroup( + this.coreSetup.chrome.navGroup.addNavLinksToGroup( navGroup.getNavGroup(), navGroup.getAppsNavLinks(), ); } - private registerNavGroup(navGroup: Group, core: CoreSetup) { - this.assignNavLinksToChromeGroups(navGroup, core); - this.registerAppGroup(navGroup.getAppGroup(), core); + private registerNavGroup(navGroup: Group) { + this.assignNavLinksToChromeGroups(navGroup); + this.registerAppGroup(navGroup.getAppGroup()); } - private registerSubAppsGroups(navGroup: Group, core: CoreSetup) { + private registerSubAppsGroups(navGroup: Group) { const subApps: App[] = navGroup.getApps( this.getAppUpdater(navGroup.getId()), ); for (const app of subApps) { - this.modifySubAppMount(app, core); - core.application.register(app); + this.modifySubAppMount(app); + this.coreSetup.application.register(app); } } @@ -329,8 +328,8 @@ export class ApplicationService { coreSetup: CoreSetup; }) { for (const navGroup of navGroups) { - this.registerNavGroup(navGroup, coreSetup); - this.registerSubAppsGroups(navGroup, coreSetup); + this.registerNavGroup(navGroup); + this.registerSubAppsGroups(navGroup); } this.registerSearchCommand({ From 8cba859eac01326b5290e247ff38723db3ada1c9 Mon Sep 17 00:00:00 2001 From: Guido Modarelli Date: Fri, 7 Feb 2025 17:07:36 -0300 Subject: [PATCH 174/212] refactor: enhance logging in ApplicationService for improved traceability --- .../services/application/application.ts | 39 ++++++++++++++----- 1 file changed, 30 insertions(+), 9 deletions(-) diff --git a/plugins/wazuh-core/public/services/application/application.ts b/plugins/wazuh-core/public/services/application/application.ts index 9b42b49a5c..294efbf508 100644 --- a/plugins/wazuh-core/public/services/application/application.ts +++ b/plugins/wazuh-core/public/services/application/application.ts @@ -34,7 +34,9 @@ export class ApplicationService { constructor( private readonly logger: Logger, private readonly coreSetup: CoreSetup, - ) {} + ) { + this.logger = logger.get('ApplicationService'); + } /** * Asynchronously gets the current navigation group. @@ -52,7 +54,7 @@ export class ApplicationService { * updater. */ registerAppUpdater(appId: string) { - this.logger?.debug(`registerAppUpdater (AppId: ${appId})`); + this.logger?.debug(`${this.registerAppUpdater.name} [AppId: ${appId}]`); this.appUpdater$[appId] = new Subject(); } @@ -68,7 +70,7 @@ export class ApplicationService { * that was passed as an argument. */ getAppUpdater(appId: string) { - this.logger?.debug(`getAppUpdater ${appId}`); + this.logger?.debug(`${this.getAppUpdater.name} [AppId: ${appId}]`); if (!this.appUpdater$[appId]) { this.logger?.error(`getAppUpdater ${appId}`); @@ -85,7 +87,7 @@ export class ApplicationService { * property `navLinkStatus` set to `AppNavLinkStatus.visible`. */ private setNavLinkVisible(): Partial { - this.logger?.debug('setNavLinkVisible'); + this.logger?.debug(`${this.setNavLinkVisible.name}`); return { navLinkStatus: AppNavLinkStatus.visible, @@ -99,7 +101,7 @@ export class ApplicationService { * navLinkStatus property set to AppNavLinkStatus.hidden. */ private setNavLinkHidden(): Partial { - this.logger?.debug('setNavLinkHidden'); + this.logger?.debug(`${this.setNavLinkHidden.name}`); return { navLinkStatus: AppNavLinkStatus.hidden, @@ -159,7 +161,7 @@ export class ApplicationService { * up the application after it has been unmounted. */ modifyAppGroupMount(app: App) { - this.logger?.debug(this.modifyAppGroupMount.name); + this.logger?.debug(`${this.modifyAppGroupMount.name} [AppId: ${app.id}]`); const navGroupId = this.getNavGroupId(app.id); @@ -189,7 +191,7 @@ export class ApplicationService { * up the application after it has been unmounted. */ modifySubAppMount(app: App) { - this.logger?.debug(this.modifySubAppMount.name); + this.logger?.debug(`${this.modifySubAppMount.name} [AppId: ${app.id}]`); const navGroupId = this.getNavGroupId(app.id); @@ -217,7 +219,9 @@ export class ApplicationService { onAppStartup(core: CoreStart) { this.appStartup$.subscribe({ next: async (navGroupId: string) => { - this.logger?.debug(`onAppStartupSubscribe ${navGroupId}`); + this.logger?.debug( + `${this.onAppStartup.name} [NavGroupId: ${navGroupId}]`, + ); if (core.chrome.navGroup.getNavGroupEnabled()) { core.chrome.navGroup.setCurrentNavGroup(navGroupId); @@ -248,7 +252,9 @@ export class ApplicationService { core: CoreStart, navGroup: NavGroupItemInMap | undefined, ) { - this.logger?.debug('navigateToFirstAppInNavGroup'); + this.logger?.debug( + `${this.navigateToFirstAppInNavGroup.name} [NavGroupId: ${navGroup?.id}]`, + ); // Get the first nav item, if it exists navigate to the app const firstNavItem = navGroup?.navLinks[0]; @@ -259,12 +265,16 @@ export class ApplicationService { } private registerAppGroup(appGroup: App) { + this.logger?.debug(`${this.registerAppGroup.name} [AppId: ${appGroup.id}]`); this.registerAppUpdater(appGroup.id); this.modifyAppGroupMount(appGroup); this.coreSetup.application.register(appGroup); } private assignNavLinksToChromeGroups(navGroup: Group) { + this.logger?.debug( + `${this.assignNavLinksToChromeGroups.name} [NavGroupId: ${navGroup.getId()}]`, + ); this.coreSetup.chrome.navGroup.addNavLinksToGroup(DEFAULT_NAV_GROUPS.all, [ navGroup.getGroupNavLink(), ]); @@ -275,11 +285,18 @@ export class ApplicationService { } private registerNavGroup(navGroup: Group) { + this.logger?.debug( + `${this.registerNavGroup.name} [NavGroupId: ${navGroup.getId()}]`, + ); this.assignNavLinksToChromeGroups(navGroup); this.registerAppGroup(navGroup.getAppGroup()); } private registerSubAppsGroups(navGroup: Group) { + this.logger?.debug( + `${this.registerSubAppsGroups.name} [NavGroupId: ${navGroup.getId()}]`, + ); + const subApps: App[] = navGroup.getApps( this.getAppUpdater(navGroup.getId()), ); @@ -299,6 +316,8 @@ export class ApplicationService { navGroups: Group[]; coreSetup: CoreSetup; }) { + this.logger?.debug(`${this.registerSearchCommand.name} [Id: ${id}]`); + const applications: App[] = navGroups.map(navGroup => navGroup.getAppGroup(), ); @@ -327,6 +346,8 @@ export class ApplicationService { navGroups: Group[]; coreSetup: CoreSetup; }) { + this.logger?.debug(`${this.setup.name} [Id: ${id}]`); + for (const navGroup of navGroups) { this.registerNavGroup(navGroup); this.registerSubAppsGroups(navGroup); From 009bb3a58dbb7ee9c7d5d1efeb14265b877d5302 Mon Sep 17 00:00:00 2001 From: Guido Modarelli Date: Fri, 7 Feb 2025 17:09:47 -0300 Subject: [PATCH 175/212] refactor: enhance debug logging in AnalysisPlugin for improved traceability --- plugins/wazuh-analysis/public/plugin.ts | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/plugins/wazuh-analysis/public/plugin.ts b/plugins/wazuh-analysis/public/plugin.ts index 2b7dedb24e..4e29516adb 100644 --- a/plugins/wazuh-analysis/public/plugin.ts +++ b/plugins/wazuh-analysis/public/plugin.ts @@ -28,7 +28,7 @@ export class AnalysisPlugin core: CoreSetup, plugins: AnalysisSetupDependencies, ): AnalysisSetup | Promise { - console.debug('AnalysisPlugin started'); + console.debug(`${AnalysisPlugin.name} setup`); plugins.wazuhCore.applicationService.setup({ id: 'wz-analysis', navGroups: this.navGroups, @@ -42,6 +42,7 @@ export class AnalysisPlugin core: CoreStart, plugins: AnalysisStartDependencies, ): AnalysisStart | Promise { + console.debug(`${AnalysisPlugin.name} start`); setCore(core); plugins.wazuhCore.applicationService.onAppStartup(core); @@ -49,5 +50,7 @@ export class AnalysisPlugin return {}; } - stop?(): void {} + stop?(): void { + console.debug(`${AnalysisPlugin.name} stop`); + } } From 7b2f5e8211417b106f26cede5c3d0108bf42f8eb Mon Sep 17 00:00:00 2001 From: Guido Modarelli Date: Fri, 7 Feb 2025 17:12:29 -0300 Subject: [PATCH 176/212] refactor: change method visibility to private in ApplicationService for encapsulation --- .../public/services/application/application.ts | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/plugins/wazuh-core/public/services/application/application.ts b/plugins/wazuh-core/public/services/application/application.ts index 294efbf508..4a4d160fd7 100644 --- a/plugins/wazuh-core/public/services/application/application.ts +++ b/plugins/wazuh-core/public/services/application/application.ts @@ -41,7 +41,7 @@ export class ApplicationService { /** * Asynchronously gets the current navigation group. */ - async getCurrentNavGroup(core: CoreStart) { + private async getCurrentNavGroup(core: CoreStart) { return core.chrome.navGroup.getCurrentNavGroup$().pipe(first()).toPromise(); } @@ -53,7 +53,7 @@ export class ApplicationService { * unique identifier of the application for which you want to register an app * updater. */ - registerAppUpdater(appId: string) { + private registerAppUpdater(appId: string) { this.logger?.debug(`${this.registerAppUpdater.name} [AppId: ${appId}]`); this.appUpdater$[appId] = new Subject(); } @@ -69,7 +69,7 @@ export class ApplicationService { * given `appId`, it will throw an `AppUpdaterNotFoundError` with the `appId` * that was passed as an argument. */ - getAppUpdater(appId: string) { + private getAppUpdater(appId: string) { this.logger?.debug(`${this.getAppUpdater.name} [AppId: ${appId}]`); if (!this.appUpdater$[appId]) { @@ -160,7 +160,7 @@ export class ApplicationService { * the application for mounting, while the `cleanup` function is used to clean * up the application after it has been unmounted. */ - modifyAppGroupMount(app: App) { + private modifyAppGroupMount(app: App) { this.logger?.debug(`${this.modifyAppGroupMount.name} [AppId: ${app.id}]`); const navGroupId = this.getNavGroupId(app.id); @@ -190,7 +190,7 @@ export class ApplicationService { * the application for mounting, while the `cleanup` function is used to clean * up the application after it has been unmounted. */ - modifySubAppMount(app: App) { + private modifySubAppMount(app: App) { this.logger?.debug(`${this.modifySubAppMount.name} [AppId: ${app.id}]`); const navGroupId = this.getNavGroupId(app.id); @@ -248,7 +248,7 @@ export class ApplicationService { * Each navigation link in the `navLinks` array should have an `id` property * that represents the ID */ - async navigateToFirstAppInNavGroup( + private async navigateToFirstAppInNavGroup( core: CoreStart, navGroup: NavGroupItemInMap | undefined, ) { From 277266a99ed061c185dca9398146f7265cb07820 Mon Sep 17 00:00:00 2001 From: Guido Modarelli Date: Fri, 7 Feb 2025 17:19:08 -0300 Subject: [PATCH 177/212] refactor: remove coreSetup parameter from ApplicationService methods for improved clarity --- plugins/wazuh-analysis/public/plugin.ts | 1 - .../services/application/application.ts | 30 ++++++------------- 2 files changed, 9 insertions(+), 22 deletions(-) diff --git a/plugins/wazuh-analysis/public/plugin.ts b/plugins/wazuh-analysis/public/plugin.ts index 4e29516adb..b3e7170a86 100644 --- a/plugins/wazuh-analysis/public/plugin.ts +++ b/plugins/wazuh-analysis/public/plugin.ts @@ -32,7 +32,6 @@ export class AnalysisPlugin plugins.wazuhCore.applicationService.setup({ id: 'wz-analysis', navGroups: this.navGroups, - coreSetup: core, }); return {}; diff --git a/plugins/wazuh-core/public/services/application/application.ts b/plugins/wazuh-core/public/services/application/application.ts index 4a4d160fd7..8ee33b7c19 100644 --- a/plugins/wazuh-core/public/services/application/application.ts +++ b/plugins/wazuh-core/public/services/application/application.ts @@ -17,6 +17,11 @@ import { getCore } from '../../plugin-services'; import { AppUpdaterNotFoundError } from './errors/app-updater-not-found-error'; import { AppOperations, Group } from './types'; +interface SetupParams { + id: string; + navGroups: Group[]; +} + export class ApplicationService { /** * Usage: Used to emit updates (for example, changes in navigation link @@ -307,15 +312,7 @@ export class ApplicationService { } } - private registerSearchCommand({ - id, - navGroups, - coreSetup, - }: { - id: string; - navGroups: Group[]; - coreSetup: CoreSetup; - }) { + private registerSearchCommand({ id, navGroups }: SetupParams) { this.logger?.debug(`${this.registerSearchCommand.name} [Id: ${id}]`); const applications: App[] = navGroups.map(navGroup => @@ -323,8 +320,8 @@ export class ApplicationService { ); const applicationIds = applications.map(app => app.id); - if (coreSetup.chrome.navGroup.getNavGroupEnabled()) { - coreSetup.chrome.globalSearch.registerSearchCommand({ + if (this.coreSetup.chrome.navGroup.getNavGroupEnabled()) { + this.coreSetup.chrome.globalSearch.registerSearchCommand({ id, type: 'PAGES', run: async (query: string, done?: () => void) => @@ -337,15 +334,7 @@ export class ApplicationService { * This method is used to add navigation links related to the specific group * within the OpenSearch Dashboards application. */ - setup({ - id, - navGroups, - coreSetup, - }: { - id: string; - navGroups: Group[]; - coreSetup: CoreSetup; - }) { + setup({ id, navGroups }: SetupParams) { this.logger?.debug(`${this.setup.name} [Id: ${id}]`); for (const navGroup of navGroups) { @@ -356,7 +345,6 @@ export class ApplicationService { this.registerSearchCommand({ id, navGroups, - coreSetup, }); } } From 58b1633bc32248bf87a6cafbb03ed38500f650ca Mon Sep 17 00:00:00 2001 From: Guido Modarelli Date: Fri, 7 Feb 2025 22:44:55 -0300 Subject: [PATCH 178/212] Refactor ApplicationService documentation and methods --- .../services/application/application.ts | 111 +++++++----------- 1 file changed, 42 insertions(+), 69 deletions(-) diff --git a/plugins/wazuh-core/public/services/application/application.ts b/plugins/wazuh-core/public/services/application/application.ts index 8ee33b7c19..d93e5312cd 100644 --- a/plugins/wazuh-core/public/services/application/application.ts +++ b/plugins/wazuh-core/public/services/application/application.ts @@ -24,15 +24,12 @@ interface SetupParams { export class ApplicationService { /** - * Usage: Used to emit updates (for example, changes in navigation link - * visibility) to registered applications or application groups. + * Stores app updaters for different applications, used to emit updates (e.g., navigation link visibility changes). */ private readonly appUpdater$: Partial>> = {}; /** - * Usage: Used to notify the startup event of an application (or group) and, - * from it, update the application navigation (for example, setting the - * current group and navigating to the first app in the group). + * Emits startup events for applications, allowing navigation updates (e.g., setting the current group and navigating). */ private readonly appStartup$ = new Subject(); @@ -44,19 +41,15 @@ export class ApplicationService { } /** - * Asynchronously gets the current navigation group. + * Retrieves the current navigation group asynchronously. */ private async getCurrentNavGroup(core: CoreStart) { return core.chrome.navGroup.getCurrentNavGroup$().pipe(first()).toPromise(); } /** - * Registers (or initializes) an updater for a specific appId (in practice, - * for a navigation group). - * - * @param {string} appId - This parameter is a string that represents the - * unique identifier of the application for which you want to register an app - * updater. + * Registers an app updater for a given application ID, typically used for navigation group updates. + * @param appId - Unique identifier of the application to register an updater for. */ private registerAppUpdater(appId: string) { this.logger?.debug(`${this.registerAppUpdater.name} [AppId: ${appId}]`); @@ -64,15 +57,10 @@ export class ApplicationService { } /** - * This method retrieves the app updater for a specific app ID, throwing an - * error if the updater is not found. - * @param {string} appId - This method is used to retrieve an app updater - * based on the provided `appId`. If the app updater for the specified `appId` - * does not exist, it throws an `AppUpdaterNotFoundError` with the `appId` - * @returns This method is returning the app updater object associated with - * the provided `appId`. If the app updater object does not exist for the - * given `appId`, it will throw an `AppUpdaterNotFoundError` with the `appId` - * that was passed as an argument. + * Retrieves the app updater for a specific app ID. Throws an error if not found. + * @param appId - Unique identifier of the application. + * @returns The app updater associated with the given `appId`. + * @throws {AppUpdaterNotFoundError} If no updater exists for the provided `appId`. */ private getAppUpdater(appId: string) { this.logger?.debug(`${this.getAppUpdater.name} [AppId: ${appId}]`); @@ -86,47 +74,39 @@ export class ApplicationService { } /** - * This method returns a partial object of type App where the navLinkStatus - * property is set to visible. - * @returns A partial object of the App interface is being returned with the - * property `navLinkStatus` set to `AppNavLinkStatus.visible`. + * Returns an object setting `navLinkStatus` to visible. */ private setNavLinkVisible(): Partial { - this.logger?.debug(`${this.setNavLinkVisible.name}`); - - return { - navLinkStatus: AppNavLinkStatus.visible, - }; + return { navLinkStatus: AppNavLinkStatus.visible }; } /** - * This method returns a partial object with the navLinkStatus property set - * to hidden. - * @returns A partial object of the App interface is being returned with the - * navLinkStatus property set to AppNavLinkStatus.hidden. + * Returns an object setting `navLinkStatus` to hidden. */ private setNavLinkHidden(): Partial { - this.logger?.debug(`${this.setNavLinkHidden.name}`); - - return { - navLinkStatus: AppNavLinkStatus.hidden, - }; + return { navLinkStatus: AppNavLinkStatus.hidden }; } /** - * Extracts the navigation group identifier from the appId. + * Extracts the navigation group ID from an application ID. */ private getNavGroupId(appId: string): string { return appId.split('_%2F')[0]; } + /** + * Checks if navigation groups are enabled. + */ private isNavGroupEnabled() { return this.coreSetup.chrome.navGroup.getNavGroupEnabled(); } + /** + * Modifies an application's mount behavior to handle lifecycle operations. + * @param app - The application to modify. + * @param appOperations - Optional lifecycle operations. + */ private modifyMount(app: App, appOperations?: AppOperations) { - this.logger?.debug(`${this.modifyMount.name} [AppId: ${app.id}]`); - const mount = app.mount.bind(app) as AppMount; app.mount = async (params: AppMountParameters) => { @@ -215,19 +195,13 @@ export class ApplicationService { * The method ensures that, after an application starts, the interface updates * to reflect the active group and automatically redirects the user to the * first available application in that group. - * @param {CoreStart} core - This parameter is an object that provides access - * to various services and functionalities within the application. It is - * typically passed in as a parameter to allow the method to interact with - * the application's core services, such as navigation, UI components, data - * fetching, and more. + * @param {CoreStart} core - An object that provides access to various + * services and functionalities within the application. It allows interaction + * with core services such as navigation, HTTP requests, and more. */ onAppStartup(core: CoreStart) { this.appStartup$.subscribe({ next: async (navGroupId: string) => { - this.logger?.debug( - `${this.onAppStartup.name} [NavGroupId: ${navGroupId}]`, - ); - if (core.chrome.navGroup.getNavGroupEnabled()) { core.chrome.navGroup.setCurrentNavGroup(navGroupId); @@ -240,18 +214,12 @@ export class ApplicationService { } /** - * This method navigates to the first application (or link) in the specified - * navigation group if it exists. - * @param {CoreStart} core - This parameter is an object that provides access - * to core services in Kibana, such as application navigation, HTTP requests, - * and more. It is typically provided by the Kibana platform to plugins and - * can be used to interact with various functionalities within the Kibana - * application. - * @param {NavGroupItemInMap | undefined} navGroup - This parameter is - * expected to be an object that represents a navigation group item in a map. - * It should have a property `navLinks` which is an array of navigation links. - * Each navigation link in the `navLinks` array should have an `id` property - * that represents the ID + * Navigates to the first available application in in the specified navigation + * group + * @param {CoreStart} core - An object that provides access to various + * services and functionalities within the application. It allows interaction + * with core services such as navigation, HTTP requests, and more. + * @param navGroup - Navigation group containing app links. */ private async navigateToFirstAppInNavGroup( core: CoreStart, @@ -289,6 +257,9 @@ export class ApplicationService { ); } + /** + * Registers a navigation group and its associated applications. + */ private registerNavGroup(navGroup: Group) { this.logger?.debug( `${this.registerNavGroup.name} [NavGroupId: ${navGroup.getId()}]`, @@ -297,6 +268,9 @@ export class ApplicationService { this.registerAppGroup(navGroup.getAppGroup()); } + /** + * Registers sub-applications within a navigation group. + */ private registerSubAppsGroups(navGroup: Group) { this.logger?.debug( `${this.registerSubAppsGroups.name} [NavGroupId: ${navGroup.getId()}]`, @@ -312,6 +286,9 @@ export class ApplicationService { } } + /** + * Registers a global search command for searching pages within app groups. + */ private registerSearchCommand({ id, navGroups }: SetupParams) { this.logger?.debug(`${this.registerSearchCommand.name} [Id: ${id}]`); @@ -331,8 +308,7 @@ export class ApplicationService { } /** - * This method is used to add navigation links related to the specific group - * within the OpenSearch Dashboards application. + * Initializes the service by registering navigation groups and applications. */ setup({ id, navGroups }: SetupParams) { this.logger?.debug(`${this.setup.name} [Id: ${id}]`); @@ -342,9 +318,6 @@ export class ApplicationService { this.registerSubAppsGroups(navGroup); } - this.registerSearchCommand({ - id, - navGroups, - }); + this.registerSearchCommand({ id, navGroups }); } } From 5ac419faf73845da7741f46c68210b98e225b4ea Mon Sep 17 00:00:00 2001 From: Guido Modarelli Date: Tue, 11 Feb 2025 12:06:38 -0300 Subject: [PATCH 179/212] refactor: add NavGroupType to security-related navigation groups for consistency --- plugins/wazuh-analysis/public/groups/cloud-security/index.ts | 2 ++ plugins/wazuh-analysis/public/groups/endpoint-security/index.ts | 2 ++ .../wazuh-analysis/public/groups/security-operations/index.ts | 2 ++ .../wazuh-analysis/public/groups/threat-intelligence/index.ts | 2 ++ 4 files changed, 8 insertions(+) diff --git a/plugins/wazuh-analysis/public/groups/cloud-security/index.ts b/plugins/wazuh-analysis/public/groups/cloud-security/index.ts index c07978bef3..c8e5aa025e 100644 --- a/plugins/wazuh-analysis/public/groups/cloud-security/index.ts +++ b/plugins/wazuh-analysis/public/groups/cloud-security/index.ts @@ -4,6 +4,7 @@ import { AppMountParameters, AppUpdater, ChromeRegistrationNavLink, + NavGroupType, } from '../../../../../src/core/public'; import { CATEGORY } from '../category'; import { getCore } from '../../plugin-services'; @@ -25,6 +26,7 @@ export const CloudSecurityNavGroup: Group = { id: CLOUD_SECURITY_ID, title: CLOUD_SECURITY_TITLE, description: CLOUD_SECURITY_DESCRIPTION, + type: NavGroupType.SYSTEM }; }, diff --git a/plugins/wazuh-analysis/public/groups/endpoint-security/index.ts b/plugins/wazuh-analysis/public/groups/endpoint-security/index.ts index 765722f881..b3902a8b26 100644 --- a/plugins/wazuh-analysis/public/groups/endpoint-security/index.ts +++ b/plugins/wazuh-analysis/public/groups/endpoint-security/index.ts @@ -5,6 +5,7 @@ import { AppUpdater, ChromeNavGroup, ChromeRegistrationNavLink, + NavGroupType, } from '../../../../../src/core/public'; import { CATEGORY } from '../category'; import { getCore } from '../../plugin-services'; @@ -26,6 +27,7 @@ export const EndpointSecurityNavGroup: Group = { id: ENDPOINT_SECURITY_ID, title: ENDPOINT_SECURITY_TITLE, description: ENDPOINT_SECURITY_DESCRIPTION, + type: NavGroupType.SYSTEM }; }, diff --git a/plugins/wazuh-analysis/public/groups/security-operations/index.ts b/plugins/wazuh-analysis/public/groups/security-operations/index.ts index 97cef323c6..1b35d180fb 100644 --- a/plugins/wazuh-analysis/public/groups/security-operations/index.ts +++ b/plugins/wazuh-analysis/public/groups/security-operations/index.ts @@ -4,6 +4,7 @@ import { AppMountParameters, AppUpdater, ChromeRegistrationNavLink, + NavGroupType, } from '../../../../../src/core/public'; import { CATEGORY } from '../category'; import { getCore } from '../../plugin-services'; @@ -26,6 +27,7 @@ export const SecurityOperationsNavGroup: Group = id: SECURITY_OPERATIONS_ID, title: SECURITY_OPERATIONS_TITLE, description: SECURITY_OPERATIONS_DESCRIPTION, + type: NavGroupType.SYSTEM }; }, diff --git a/plugins/wazuh-analysis/public/groups/threat-intelligence/index.ts b/plugins/wazuh-analysis/public/groups/threat-intelligence/index.ts index 2406688885..2721013575 100644 --- a/plugins/wazuh-analysis/public/groups/threat-intelligence/index.ts +++ b/plugins/wazuh-analysis/public/groups/threat-intelligence/index.ts @@ -4,6 +4,7 @@ import { AppMountParameters, AppUpdater, ChromeRegistrationNavLink, + NavGroupType, } from '../../../../../src/core/public'; import { CATEGORY } from '../category'; import { getCore } from '../../plugin-services'; @@ -26,6 +27,7 @@ export const ThreatIntelligenceNavGroup: Group = id: THREAT_INTELLIGENCE_ID, title: THREAT_INTELLIGENCE_TITLE, description: THREAT_INTELLIGENCE_DESCRIPTION, + type: NavGroupType.SYSTEM }; }, From ccabc8a79833ee2dabf2d394efad06225f44c52a Mon Sep 17 00:00:00 2001 From: Guido Modarelli Date: Wed, 12 Feb 2025 20:35:21 +0000 Subject: [PATCH 180/212] fix: correct translation key for analysis plugin title --- plugins/wazuh-analysis/common/constants.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/plugins/wazuh-analysis/common/constants.ts b/plugins/wazuh-analysis/common/constants.ts index e92e606729..3e638c346d 100644 --- a/plugins/wazuh-analysis/common/constants.ts +++ b/plugins/wazuh-analysis/common/constants.ts @@ -2,7 +2,7 @@ import { i18n } from '@osd/i18n'; export const PLUGIN_ID = 'analysis'; export const ANALYSIS_PLUGIN_TITLE = i18n.translate( - 'wazuhAnalysisanalysis.title', + 'wazuhAnalysis.title', { defaultMessage: 'Analysis', }, From cbb2928e96020a678b28cc2b1445f1bec8fb80bc Mon Sep 17 00:00:00 2001 From: Guido Modarelli Date: Wed, 12 Feb 2025 21:03:38 +0000 Subject: [PATCH 181/212] refactor: update import paths for constants in cloud security apps --- .../groups/cloud-security/applications.ts | 14 +++----- .../cloud-security/apps/aws/application.tsx | 3 +- .../cloud-security/apps/aws/aws-app.tsx | 2 +- .../cloud-security/apps/aws/constants.ts | 9 +++++ .../apps/docker/application.tsx | 3 +- .../cloud-security/apps/docker/constants.ts | 12 +++++++ .../cloud-security/apps/docker/docker-app.tsx | 2 +- .../apps/github/application.tsx | 3 +- .../cloud-security/apps/github/constants.ts | 12 +++++++ .../cloud-security/apps/github/github-app.tsx | 2 +- .../apps/google-cloud/application.tsx | 3 +- .../apps/google-cloud/constants.ts | 12 +++++++ .../apps/google-cloud/google-cloud-app.tsx | 2 +- .../apps/office-365/application.tsx | 3 +- .../apps/office-365/constants.ts | 12 +++++++ .../apps/office-365/office-365-app.tsx | 2 +- .../public/groups/cloud-security/constants.ts | 33 ------------------- .../public/groups/cloud-security/index.ts | 2 +- 18 files changed, 78 insertions(+), 53 deletions(-) create mode 100644 plugins/wazuh-analysis/public/groups/cloud-security/apps/aws/constants.ts create mode 100644 plugins/wazuh-analysis/public/groups/cloud-security/apps/docker/constants.ts create mode 100644 plugins/wazuh-analysis/public/groups/cloud-security/apps/github/constants.ts create mode 100644 plugins/wazuh-analysis/public/groups/cloud-security/apps/google-cloud/constants.ts create mode 100644 plugins/wazuh-analysis/public/groups/cloud-security/apps/office-365/constants.ts diff --git a/plugins/wazuh-analysis/public/groups/cloud-security/applications.ts b/plugins/wazuh-analysis/public/groups/cloud-security/applications.ts index 0a66e739b7..b54acb3af9 100644 --- a/plugins/wazuh-analysis/public/groups/cloud-security/applications.ts +++ b/plugins/wazuh-analysis/public/groups/cloud-security/applications.ts @@ -4,18 +4,14 @@ import { AppNavLinkStatus, AppUpdater, } from '../../../../../src/core/public'; +import { DOCKER_ID, DOCKER_TITLE } from './apps/docker/constants'; +import { AWS_ID, AWS_TITLE } from './apps/aws/constants'; import { - AWS_ID, - AWS_TITLE, - DOCKER_ID, - DOCKER_TITLE, - GITHUB_ID, - GITHUB_TITLE, GOOGLE_CLOUD_ID, GOOGLE_CLOUD_TITLE, - OFFICE365_ID, - OFFICE365_TITLE, -} from './constants'; +} from './apps/google-cloud/constants'; +import { GITHUB_ID, GITHUB_TITLE } from './apps/github/constants'; +import { OFFICE365_ID, OFFICE365_TITLE } from './apps/office-365/constants'; export function getCloudSecurityApps(updater$?: Subject) { return [ diff --git a/plugins/wazuh-analysis/public/groups/cloud-security/apps/aws/application.tsx b/plugins/wazuh-analysis/public/groups/cloud-security/apps/aws/application.tsx index 0ea0600b18..702276a306 100644 --- a/plugins/wazuh-analysis/public/groups/cloud-security/apps/aws/application.tsx +++ b/plugins/wazuh-analysis/public/groups/cloud-security/apps/aws/application.tsx @@ -3,9 +3,10 @@ import { AppMountParameters } from 'opensearch-dashboards/public'; import ReactDOM from 'react-dom'; import { Layout } from '../../../layout'; import { createSideNavItems } from '../../../side-nav'; -import { AWS_ID, CLOUD_SECURITY_TITLE } from '../../constants'; +import { CLOUD_SECURITY_TITLE } from '../../constants'; import { CloudSecurityNavGroup } from '../..'; import { AwsApp } from './aws-app'; +import { AWS_ID } from './constants'; export const renderApp = async (params: AppMountParameters) => { const items = createSideNavItems({ diff --git a/plugins/wazuh-analysis/public/groups/cloud-security/apps/aws/aws-app.tsx b/plugins/wazuh-analysis/public/groups/cloud-security/apps/aws/aws-app.tsx index 5493b26752..bad4702ad5 100644 --- a/plugins/wazuh-analysis/public/groups/cloud-security/apps/aws/aws-app.tsx +++ b/plugins/wazuh-analysis/public/groups/cloud-security/apps/aws/aws-app.tsx @@ -1,6 +1,6 @@ import React from 'react'; import { AppMountParameters } from 'opensearch-dashboards/public'; -import { AWS_TITLE } from '../../constants'; +import { AWS_TITLE } from './constants'; interface AwsAppProps { params: AppMountParameters; diff --git a/plugins/wazuh-analysis/public/groups/cloud-security/apps/aws/constants.ts b/plugins/wazuh-analysis/public/groups/cloud-security/apps/aws/constants.ts new file mode 100644 index 0000000000..e8eebba268 --- /dev/null +++ b/plugins/wazuh-analysis/public/groups/cloud-security/apps/aws/constants.ts @@ -0,0 +1,9 @@ +import { i18n } from '@osd/i18n'; +import { PLUGIN_ID } from '../../../../../common/constants'; +import { buildSubAppId } from '../../../../utils'; +import { CLOUD_SECURITY_ID } from '../../constants'; + +export const AWS_ID = buildSubAppId(CLOUD_SECURITY_ID, 'aws'); +export const AWS_TITLE = i18n.translate(`${PLUGIN_ID}.category.${AWS_ID}`, { + defaultMessage: 'AWS', +}); diff --git a/plugins/wazuh-analysis/public/groups/cloud-security/apps/docker/application.tsx b/plugins/wazuh-analysis/public/groups/cloud-security/apps/docker/application.tsx index 46b681980a..e2db6a58ba 100644 --- a/plugins/wazuh-analysis/public/groups/cloud-security/apps/docker/application.tsx +++ b/plugins/wazuh-analysis/public/groups/cloud-security/apps/docker/application.tsx @@ -3,9 +3,10 @@ import { AppMountParameters } from 'opensearch-dashboards/public'; import ReactDOM from 'react-dom'; import { Layout } from '../../../layout'; import { createSideNavItems } from '../../../side-nav'; -import { CLOUD_SECURITY_TITLE, DOCKER_ID } from '../../constants'; +import { CLOUD_SECURITY_TITLE } from '../../constants'; import { CloudSecurityNavGroup } from '../..'; import { DockerApp } from './docker-app'; +import { DOCKER_ID } from './constants'; export const renderApp = async (params: AppMountParameters) => { const items = createSideNavItems({ diff --git a/plugins/wazuh-analysis/public/groups/cloud-security/apps/docker/constants.ts b/plugins/wazuh-analysis/public/groups/cloud-security/apps/docker/constants.ts new file mode 100644 index 0000000000..805f73d706 --- /dev/null +++ b/plugins/wazuh-analysis/public/groups/cloud-security/apps/docker/constants.ts @@ -0,0 +1,12 @@ +import { i18n } from '@osd/i18n'; +import { PLUGIN_ID } from '../../../../../common/constants'; +import { buildSubAppId } from '../../../../utils'; +import { CLOUD_SECURITY_ID } from '../../constants'; + +export const DOCKER_ID = buildSubAppId(CLOUD_SECURITY_ID, 'docker'); +export const DOCKER_TITLE = i18n.translate( + `${PLUGIN_ID}.category.${DOCKER_ID}`, + { + defaultMessage: 'Docker', + }, +); diff --git a/plugins/wazuh-analysis/public/groups/cloud-security/apps/docker/docker-app.tsx b/plugins/wazuh-analysis/public/groups/cloud-security/apps/docker/docker-app.tsx index 6a76e4b8b8..99eeb41788 100644 --- a/plugins/wazuh-analysis/public/groups/cloud-security/apps/docker/docker-app.tsx +++ b/plugins/wazuh-analysis/public/groups/cloud-security/apps/docker/docker-app.tsx @@ -1,6 +1,6 @@ import React from 'react'; import { AppMountParameters } from 'opensearch-dashboards/public'; -import { DOCKER_TITLE } from '../../constants'; +import { DOCKER_TITLE } from './constants'; interface DockerAppProps { params: AppMountParameters; diff --git a/plugins/wazuh-analysis/public/groups/cloud-security/apps/github/application.tsx b/plugins/wazuh-analysis/public/groups/cloud-security/apps/github/application.tsx index 754437bc5e..863f7b0566 100644 --- a/plugins/wazuh-analysis/public/groups/cloud-security/apps/github/application.tsx +++ b/plugins/wazuh-analysis/public/groups/cloud-security/apps/github/application.tsx @@ -3,9 +3,10 @@ import { AppMountParameters } from 'opensearch-dashboards/public'; import ReactDOM from 'react-dom'; import { Layout } from '../../../layout'; import { createSideNavItems } from '../../../side-nav'; -import { CLOUD_SECURITY_TITLE, GITHUB_ID } from '../../constants'; +import { CLOUD_SECURITY_TITLE } from '../../constants'; import { CloudSecurityNavGroup } from '../..'; import { GithubApp } from './github-app'; +import { GITHUB_ID } from './constants'; export const renderApp = async (params: AppMountParameters) => { const items = createSideNavItems({ diff --git a/plugins/wazuh-analysis/public/groups/cloud-security/apps/github/constants.ts b/plugins/wazuh-analysis/public/groups/cloud-security/apps/github/constants.ts new file mode 100644 index 0000000000..c699dfebf5 --- /dev/null +++ b/plugins/wazuh-analysis/public/groups/cloud-security/apps/github/constants.ts @@ -0,0 +1,12 @@ +import { i18n } from '@osd/i18n'; +import { PLUGIN_ID } from '../../../../../common/constants'; +import { buildSubAppId } from '../../../../utils'; +import { CLOUD_SECURITY_ID } from '../../constants'; + +export const GITHUB_ID = buildSubAppId(CLOUD_SECURITY_ID, 'github'); +export const GITHUB_TITLE = i18n.translate( + `${PLUGIN_ID}.category.${GITHUB_ID}`, + { + defaultMessage: 'Github', + }, +); diff --git a/plugins/wazuh-analysis/public/groups/cloud-security/apps/github/github-app.tsx b/plugins/wazuh-analysis/public/groups/cloud-security/apps/github/github-app.tsx index 88a510bf49..7a444dfecf 100644 --- a/plugins/wazuh-analysis/public/groups/cloud-security/apps/github/github-app.tsx +++ b/plugins/wazuh-analysis/public/groups/cloud-security/apps/github/github-app.tsx @@ -1,6 +1,6 @@ import React from 'react'; import { AppMountParameters } from 'opensearch-dashboards/public'; -import { GITHUB_TITLE } from '../../constants'; +import { GITHUB_TITLE } from './constants'; interface GithubAppProps { params: AppMountParameters; diff --git a/plugins/wazuh-analysis/public/groups/cloud-security/apps/google-cloud/application.tsx b/plugins/wazuh-analysis/public/groups/cloud-security/apps/google-cloud/application.tsx index b895311898..4381e56ed1 100644 --- a/plugins/wazuh-analysis/public/groups/cloud-security/apps/google-cloud/application.tsx +++ b/plugins/wazuh-analysis/public/groups/cloud-security/apps/google-cloud/application.tsx @@ -3,9 +3,10 @@ import { AppMountParameters } from 'opensearch-dashboards/public'; import ReactDOM from 'react-dom'; import { Layout } from '../../../layout'; import { createSideNavItems } from '../../../side-nav'; -import { CLOUD_SECURITY_TITLE, GOOGLE_CLOUD_ID } from '../../constants'; +import { CLOUD_SECURITY_TITLE } from '../../constants'; import { CloudSecurityNavGroup } from '../..'; import { GoogleCloudApp } from './google-cloud-app'; +import { GOOGLE_CLOUD_ID } from './constants'; export const renderApp = async (params: AppMountParameters) => { const items = createSideNavItems({ diff --git a/plugins/wazuh-analysis/public/groups/cloud-security/apps/google-cloud/constants.ts b/plugins/wazuh-analysis/public/groups/cloud-security/apps/google-cloud/constants.ts new file mode 100644 index 0000000000..3d70808035 --- /dev/null +++ b/plugins/wazuh-analysis/public/groups/cloud-security/apps/google-cloud/constants.ts @@ -0,0 +1,12 @@ +import { i18n } from '@osd/i18n'; +import { PLUGIN_ID } from '../../../../../common/constants'; +import { buildSubAppId } from '../../../../utils'; +import { CLOUD_SECURITY_ID } from '../../constants'; + +export const GOOGLE_CLOUD_ID = buildSubAppId(CLOUD_SECURITY_ID, 'google_cloud'); +export const GOOGLE_CLOUD_TITLE = i18n.translate( + `${PLUGIN_ID}.category.${GOOGLE_CLOUD_ID}`, + { + defaultMessage: 'Google Cloud', + }, +); diff --git a/plugins/wazuh-analysis/public/groups/cloud-security/apps/google-cloud/google-cloud-app.tsx b/plugins/wazuh-analysis/public/groups/cloud-security/apps/google-cloud/google-cloud-app.tsx index 3b52068187..63d32f395b 100644 --- a/plugins/wazuh-analysis/public/groups/cloud-security/apps/google-cloud/google-cloud-app.tsx +++ b/plugins/wazuh-analysis/public/groups/cloud-security/apps/google-cloud/google-cloud-app.tsx @@ -1,6 +1,6 @@ import React from 'react'; import { AppMountParameters } from 'opensearch-dashboards/public'; -import { GOOGLE_CLOUD_TITLE } from '../../constants'; +import { GOOGLE_CLOUD_TITLE } from './constants'; interface GoogleCloudAppProps { params: AppMountParameters; diff --git a/plugins/wazuh-analysis/public/groups/cloud-security/apps/office-365/application.tsx b/plugins/wazuh-analysis/public/groups/cloud-security/apps/office-365/application.tsx index fbff90d2ab..85c44ee944 100644 --- a/plugins/wazuh-analysis/public/groups/cloud-security/apps/office-365/application.tsx +++ b/plugins/wazuh-analysis/public/groups/cloud-security/apps/office-365/application.tsx @@ -3,9 +3,10 @@ import { AppMountParameters } from 'opensearch-dashboards/public'; import ReactDOM from 'react-dom'; import { Layout } from '../../../layout'; import { createSideNavItems } from '../../../side-nav'; -import { CLOUD_SECURITY_TITLE, OFFICE365_ID } from '../../constants'; +import { CLOUD_SECURITY_TITLE } from '../../constants'; import { CloudSecurityNavGroup } from '../..'; import { Office365App } from './office-365-app'; +import { OFFICE365_ID } from './constants'; export const renderApp = async (params: AppMountParameters) => { const items = createSideNavItems({ diff --git a/plugins/wazuh-analysis/public/groups/cloud-security/apps/office-365/constants.ts b/plugins/wazuh-analysis/public/groups/cloud-security/apps/office-365/constants.ts new file mode 100644 index 0000000000..6db1ea3954 --- /dev/null +++ b/plugins/wazuh-analysis/public/groups/cloud-security/apps/office-365/constants.ts @@ -0,0 +1,12 @@ +import { i18n } from '@osd/i18n'; +import { PLUGIN_ID } from '../../../../../common/constants'; +import { buildSubAppId } from '../../../../utils'; +import { CLOUD_SECURITY_ID } from '../../constants'; + +export const OFFICE365_ID = buildSubAppId(CLOUD_SECURITY_ID, 'office365'); +export const OFFICE365_TITLE = i18n.translate( + `${PLUGIN_ID}.category.${OFFICE365_ID}`, + { + defaultMessage: 'Office 365', + }, +); diff --git a/plugins/wazuh-analysis/public/groups/cloud-security/apps/office-365/office-365-app.tsx b/plugins/wazuh-analysis/public/groups/cloud-security/apps/office-365/office-365-app.tsx index ee90053e60..c008cc855f 100644 --- a/plugins/wazuh-analysis/public/groups/cloud-security/apps/office-365/office-365-app.tsx +++ b/plugins/wazuh-analysis/public/groups/cloud-security/apps/office-365/office-365-app.tsx @@ -1,6 +1,6 @@ import React from 'react'; import { AppMountParameters } from 'opensearch-dashboards/public'; -import { OFFICE365_TITLE } from '../../constants'; +import { OFFICE365_TITLE } from './constants'; interface Office365AppProps { params: AppMountParameters; diff --git a/plugins/wazuh-analysis/public/groups/cloud-security/constants.ts b/plugins/wazuh-analysis/public/groups/cloud-security/constants.ts index d4a7070756..10f6a46948 100644 --- a/plugins/wazuh-analysis/public/groups/cloud-security/constants.ts +++ b/plugins/wazuh-analysis/public/groups/cloud-security/constants.ts @@ -1,6 +1,5 @@ import { i18n } from '@osd/i18n'; import { PLUGIN_ID } from '../../../common/constants'; -import { buildSubAppId } from '../../utils'; export const CLOUD_SECURITY_ID = 'cloud_security'; export const CLOUD_SECURITY_TITLE = i18n.translate( @@ -16,35 +15,3 @@ export const CLOUD_SECURITY_DESCRIPTION = i18n.translate( 'Monitoring and protection for cloud environments against security threats.', }, ); -export const DOCKER_ID = buildSubAppId(CLOUD_SECURITY_ID, 'docker'); -export const AWS_ID = buildSubAppId(CLOUD_SECURITY_ID, 'aws'); -export const GOOGLE_CLOUD_ID = buildSubAppId(CLOUD_SECURITY_ID, 'google_cloud'); -export const GITHUB_ID = buildSubAppId(CLOUD_SECURITY_ID, 'github'); -export const OFFICE365_ID = buildSubAppId(CLOUD_SECURITY_ID, 'office365'); -export const DOCKER_TITLE = i18n.translate( - `${PLUGIN_ID}.category.${DOCKER_ID}`, - { - defaultMessage: 'Docker', - }, -); -export const AWS_TITLE = i18n.translate(`${PLUGIN_ID}.category.${AWS_ID}`, { - defaultMessage: 'AWS', -}); -export const GOOGLE_CLOUD_TITLE = i18n.translate( - `${PLUGIN_ID}.category.${GOOGLE_CLOUD_ID}`, - { - defaultMessage: 'Google Cloud', - }, -); -export const GITHUB_TITLE = i18n.translate( - `${PLUGIN_ID}.category.${GITHUB_ID}`, - { - defaultMessage: 'Github', - }, -); -export const OFFICE365_TITLE = i18n.translate( - `${PLUGIN_ID}.category.${OFFICE365_ID}`, - { - defaultMessage: 'Office 365', - }, -); diff --git a/plugins/wazuh-analysis/public/groups/cloud-security/index.ts b/plugins/wazuh-analysis/public/groups/cloud-security/index.ts index c8e5aa025e..6757ed4e55 100644 --- a/plugins/wazuh-analysis/public/groups/cloud-security/index.ts +++ b/plugins/wazuh-analysis/public/groups/cloud-security/index.ts @@ -26,7 +26,7 @@ export const CloudSecurityNavGroup: Group = { id: CLOUD_SECURITY_ID, title: CLOUD_SECURITY_TITLE, description: CLOUD_SECURITY_DESCRIPTION, - type: NavGroupType.SYSTEM + type: NavGroupType.SYSTEM, }; }, From c492efbd40e7ed7c9b3346491c1972d7b3b2ef8e Mon Sep 17 00:00:00 2001 From: Guido Modarelli Date: Wed, 12 Feb 2025 21:06:17 +0000 Subject: [PATCH 182/212] refactor: move configuration assessment constants to a separate file for better organization --- .../groups/endpoint-security/applications.ts | 6 ++++-- .../apps/configuration-assesment/constants.ts | 15 +++++++++++++++ .../public/groups/endpoint-security/constants.ts | 10 ---------- 3 files changed, 19 insertions(+), 12 deletions(-) create mode 100644 plugins/wazuh-analysis/public/groups/endpoint-security/apps/configuration-assesment/constants.ts diff --git a/plugins/wazuh-analysis/public/groups/endpoint-security/applications.ts b/plugins/wazuh-analysis/public/groups/endpoint-security/applications.ts index 52a2ef294b..b86488a8ef 100644 --- a/plugins/wazuh-analysis/public/groups/endpoint-security/applications.ts +++ b/plugins/wazuh-analysis/public/groups/endpoint-security/applications.ts @@ -6,13 +6,15 @@ import { AppUpdater, } from '../../../../../src/core/public'; import { - CONFIGURATION_ASSESSMENT_ID, - CONFIGURATION_ASSESSMENT_TITLE, FIM_ID, FIM_TITLE, MALWARE_DETECTION_ID, MALWARE_DETECTION_TITLE, } from './constants'; +import { + CONFIGURATION_ASSESSMENT_ID, + CONFIGURATION_ASSESSMENT_TITLE, +} from './apps/configuration-assesment/constants'; export function getEndpointSecurityApps(updater$?: Subject): App[] { return [ diff --git a/plugins/wazuh-analysis/public/groups/endpoint-security/apps/configuration-assesment/constants.ts b/plugins/wazuh-analysis/public/groups/endpoint-security/apps/configuration-assesment/constants.ts new file mode 100644 index 0000000000..bec8b264f9 --- /dev/null +++ b/plugins/wazuh-analysis/public/groups/endpoint-security/apps/configuration-assesment/constants.ts @@ -0,0 +1,15 @@ +import { i18n } from '@osd/i18n'; +import { PLUGIN_ID } from '../../../../../common/constants'; +import { buildSubAppId } from '../../../../utils'; +import { ENDPOINT_SECURITY_ID } from '../../constants'; + +export const CONFIGURATION_ASSESSMENT_ID = buildSubAppId( + ENDPOINT_SECURITY_ID, + 'configuration_assessment', +); +export const CONFIGURATION_ASSESSMENT_TITLE = i18n.translate( + `${PLUGIN_ID}.category.${CONFIGURATION_ASSESSMENT_ID}`, + { + defaultMessage: 'Configuration Assessment', + }, +); diff --git a/plugins/wazuh-analysis/public/groups/endpoint-security/constants.ts b/plugins/wazuh-analysis/public/groups/endpoint-security/constants.ts index 503fc75aaf..4a1cc425ef 100644 --- a/plugins/wazuh-analysis/public/groups/endpoint-security/constants.ts +++ b/plugins/wazuh-analysis/public/groups/endpoint-security/constants.ts @@ -16,21 +16,11 @@ export const ENDPOINT_SECURITY_DESCRIPTION = i18n.translate( 'Advanced monitoring and protection for devices against security threats.', }, ); -export const CONFIGURATION_ASSESSMENT_ID = buildSubAppId( - ENDPOINT_SECURITY_ID, - 'configuration_assessment', -); export const MALWARE_DETECTION_ID = buildSubAppId( ENDPOINT_SECURITY_ID, 'malware_detection', ); export const FIM_ID = buildSubAppId(ENDPOINT_SECURITY_ID, 'fim'); -export const CONFIGURATION_ASSESSMENT_TITLE = i18n.translate( - `${PLUGIN_ID}.category.${CONFIGURATION_ASSESSMENT_ID}`, - { - defaultMessage: 'Configuration Assessment', - }, -); export const MALWARE_DETECTION_TITLE = i18n.translate( `${PLUGIN_ID}.category.${MALWARE_DETECTION_ID}`, { From bf584c3625ef041d7bb64b2c264866093de6c58c Mon Sep 17 00:00:00 2001 From: Guido Modarelli Date: Wed, 12 Feb 2025 21:07:17 +0000 Subject: [PATCH 183/212] refactor: streamline ANALYSIS_PLUGIN_TITLE translation and ensure consistent NavGroupType usage --- plugins/wazuh-analysis/common/constants.ts | 9 +++------ .../public/groups/endpoint-security/index.ts | 2 +- .../public/groups/security-operations/index.ts | 2 +- .../public/groups/threat-intelligence/index.ts | 2 +- 4 files changed, 6 insertions(+), 9 deletions(-) diff --git a/plugins/wazuh-analysis/common/constants.ts b/plugins/wazuh-analysis/common/constants.ts index 3e638c346d..f5535bd686 100644 --- a/plugins/wazuh-analysis/common/constants.ts +++ b/plugins/wazuh-analysis/common/constants.ts @@ -1,9 +1,6 @@ import { i18n } from '@osd/i18n'; export const PLUGIN_ID = 'analysis'; -export const ANALYSIS_PLUGIN_TITLE = i18n.translate( - 'wazuhAnalysis.title', - { - defaultMessage: 'Analysis', - }, -); +export const ANALYSIS_PLUGIN_TITLE = i18n.translate('wazuhAnalysis.title', { + defaultMessage: 'Analysis', +}); diff --git a/plugins/wazuh-analysis/public/groups/endpoint-security/index.ts b/plugins/wazuh-analysis/public/groups/endpoint-security/index.ts index b3902a8b26..f9244fe05f 100644 --- a/plugins/wazuh-analysis/public/groups/endpoint-security/index.ts +++ b/plugins/wazuh-analysis/public/groups/endpoint-security/index.ts @@ -27,7 +27,7 @@ export const EndpointSecurityNavGroup: Group = { id: ENDPOINT_SECURITY_ID, title: ENDPOINT_SECURITY_TITLE, description: ENDPOINT_SECURITY_DESCRIPTION, - type: NavGroupType.SYSTEM + type: NavGroupType.SYSTEM, }; }, diff --git a/plugins/wazuh-analysis/public/groups/security-operations/index.ts b/plugins/wazuh-analysis/public/groups/security-operations/index.ts index 1b35d180fb..0f57b240de 100644 --- a/plugins/wazuh-analysis/public/groups/security-operations/index.ts +++ b/plugins/wazuh-analysis/public/groups/security-operations/index.ts @@ -27,7 +27,7 @@ export const SecurityOperationsNavGroup: Group = id: SECURITY_OPERATIONS_ID, title: SECURITY_OPERATIONS_TITLE, description: SECURITY_OPERATIONS_DESCRIPTION, - type: NavGroupType.SYSTEM + type: NavGroupType.SYSTEM, }; }, diff --git a/plugins/wazuh-analysis/public/groups/threat-intelligence/index.ts b/plugins/wazuh-analysis/public/groups/threat-intelligence/index.ts index 2721013575..d3f001d87b 100644 --- a/plugins/wazuh-analysis/public/groups/threat-intelligence/index.ts +++ b/plugins/wazuh-analysis/public/groups/threat-intelligence/index.ts @@ -27,7 +27,7 @@ export const ThreatIntelligenceNavGroup: Group = id: THREAT_INTELLIGENCE_ID, title: THREAT_INTELLIGENCE_TITLE, description: THREAT_INTELLIGENCE_DESCRIPTION, - type: NavGroupType.SYSTEM + type: NavGroupType.SYSTEM, }; }, From 9690fe3b8f25b80fcb96c2fa10ba114e4cfd7cc7 Mon Sep 17 00:00:00 2001 From: Guido Modarelli Date: Wed, 12 Feb 2025 21:08:47 +0000 Subject: [PATCH 184/212] refactor: reorganize import paths for constants in configuration assessment files --- .../apps/configuration-assesment/application.tsx | 6 ++---- .../configuration-assesment/configuration-assesment-app.tsx | 2 +- 2 files changed, 3 insertions(+), 5 deletions(-) diff --git a/plugins/wazuh-analysis/public/groups/endpoint-security/apps/configuration-assesment/application.tsx b/plugins/wazuh-analysis/public/groups/endpoint-security/apps/configuration-assesment/application.tsx index 4e5aeff2ee..0be003e114 100644 --- a/plugins/wazuh-analysis/public/groups/endpoint-security/apps/configuration-assesment/application.tsx +++ b/plugins/wazuh-analysis/public/groups/endpoint-security/apps/configuration-assesment/application.tsx @@ -4,11 +4,9 @@ import ReactDOM from 'react-dom'; import { EndpointSecurityNavGroup } from '../..'; import { Layout } from '../../../layout'; import { createSideNavItems } from '../../../side-nav'; -import { - CONFIGURATION_ASSESSMENT_ID, - ENDPOINT_SECURITY_TITLE, -} from '../../constants'; +import { ENDPOINT_SECURITY_TITLE } from '../../constants'; import { ConfigurationAssessmentApp } from './configuration-assesment-app'; +import { CONFIGURATION_ASSESSMENT_ID } from './constants'; export const renderApp = async (params: AppMountParameters) => { const items = createSideNavItems({ diff --git a/plugins/wazuh-analysis/public/groups/endpoint-security/apps/configuration-assesment/configuration-assesment-app.tsx b/plugins/wazuh-analysis/public/groups/endpoint-security/apps/configuration-assesment/configuration-assesment-app.tsx index c009b3f707..909361d385 100644 --- a/plugins/wazuh-analysis/public/groups/endpoint-security/apps/configuration-assesment/configuration-assesment-app.tsx +++ b/plugins/wazuh-analysis/public/groups/endpoint-security/apps/configuration-assesment/configuration-assesment-app.tsx @@ -1,6 +1,6 @@ import React from 'react'; import { AppMountParameters } from 'opensearch-dashboards/public'; -import { CONFIGURATION_ASSESSMENT_TITLE } from '../../constants'; +import { CONFIGURATION_ASSESSMENT_TITLE } from './constants'; interface ConfigurationAssessmentAppProps { params: AppMountParameters; From 490af122f8f55005d8e3a236e6e03f2a1f8d2ca3 Mon Sep 17 00:00:00 2001 From: Guido Modarelli Date: Wed, 12 Feb 2025 21:09:50 +0000 Subject: [PATCH 185/212] refactor: move FIM constants to a dedicated file for better organization --- .../public/groups/endpoint-security/applications.ts | 8 ++------ .../groups/endpoint-security/apps/fim/application.tsx | 3 ++- .../groups/endpoint-security/apps/fim/constants.ts | 9 +++++++++ .../public/groups/endpoint-security/apps/fim/fim-app.tsx | 2 +- .../public/groups/endpoint-security/constants.ts | 4 ---- 5 files changed, 14 insertions(+), 12 deletions(-) create mode 100644 plugins/wazuh-analysis/public/groups/endpoint-security/apps/fim/constants.ts diff --git a/plugins/wazuh-analysis/public/groups/endpoint-security/applications.ts b/plugins/wazuh-analysis/public/groups/endpoint-security/applications.ts index b86488a8ef..cabba9dc9a 100644 --- a/plugins/wazuh-analysis/public/groups/endpoint-security/applications.ts +++ b/plugins/wazuh-analysis/public/groups/endpoint-security/applications.ts @@ -5,16 +5,12 @@ import { AppNavLinkStatus, AppUpdater, } from '../../../../../src/core/public'; -import { - FIM_ID, - FIM_TITLE, - MALWARE_DETECTION_ID, - MALWARE_DETECTION_TITLE, -} from './constants'; +import { MALWARE_DETECTION_ID, MALWARE_DETECTION_TITLE } from './constants'; import { CONFIGURATION_ASSESSMENT_ID, CONFIGURATION_ASSESSMENT_TITLE, } from './apps/configuration-assesment/constants'; +import { FIM_ID, FIM_TITLE } from './apps/fim/constants'; export function getEndpointSecurityApps(updater$?: Subject): App[] { return [ diff --git a/plugins/wazuh-analysis/public/groups/endpoint-security/apps/fim/application.tsx b/plugins/wazuh-analysis/public/groups/endpoint-security/apps/fim/application.tsx index 5f6153e0fa..23ddbf5d44 100644 --- a/plugins/wazuh-analysis/public/groups/endpoint-security/apps/fim/application.tsx +++ b/plugins/wazuh-analysis/public/groups/endpoint-security/apps/fim/application.tsx @@ -4,8 +4,9 @@ import ReactDOM from 'react-dom'; import { EndpointSecurityNavGroup } from '../..'; import { Layout } from '../../../layout'; import { createSideNavItems } from '../../../side-nav'; -import { ENDPOINT_SECURITY_TITLE, FIM_ID } from '../../constants'; +import { ENDPOINT_SECURITY_TITLE } from '../../constants'; import { FimApp } from './fim-app'; +import { FIM_ID } from './constants'; export const renderApp = async (params: AppMountParameters) => { const items = createSideNavItems({ diff --git a/plugins/wazuh-analysis/public/groups/endpoint-security/apps/fim/constants.ts b/plugins/wazuh-analysis/public/groups/endpoint-security/apps/fim/constants.ts new file mode 100644 index 0000000000..83d3df4c0d --- /dev/null +++ b/plugins/wazuh-analysis/public/groups/endpoint-security/apps/fim/constants.ts @@ -0,0 +1,9 @@ +import { i18n } from '@osd/i18n'; +import { PLUGIN_ID } from '../../../../../common/constants'; +import { buildSubAppId } from '../../../../utils'; +import { ENDPOINT_SECURITY_ID } from '../../constants'; + +export const FIM_ID = buildSubAppId(ENDPOINT_SECURITY_ID, 'fim'); +export const FIM_TITLE = i18n.translate(`${PLUGIN_ID}.category.${FIM_ID}`, { + defaultMessage: 'File Integrity Monitoring', +}); diff --git a/plugins/wazuh-analysis/public/groups/endpoint-security/apps/fim/fim-app.tsx b/plugins/wazuh-analysis/public/groups/endpoint-security/apps/fim/fim-app.tsx index 2055e427c7..5c98693c6e 100644 --- a/plugins/wazuh-analysis/public/groups/endpoint-security/apps/fim/fim-app.tsx +++ b/plugins/wazuh-analysis/public/groups/endpoint-security/apps/fim/fim-app.tsx @@ -1,6 +1,6 @@ import React from 'react'; import { AppMountParameters } from 'opensearch-dashboards/public'; -import { FIM_TITLE } from '../../constants'; +import { FIM_TITLE } from './constants'; interface FimAppProps { params: AppMountParameters; diff --git a/plugins/wazuh-analysis/public/groups/endpoint-security/constants.ts b/plugins/wazuh-analysis/public/groups/endpoint-security/constants.ts index 4a1cc425ef..7559343e45 100644 --- a/plugins/wazuh-analysis/public/groups/endpoint-security/constants.ts +++ b/plugins/wazuh-analysis/public/groups/endpoint-security/constants.ts @@ -20,13 +20,9 @@ export const MALWARE_DETECTION_ID = buildSubAppId( ENDPOINT_SECURITY_ID, 'malware_detection', ); -export const FIM_ID = buildSubAppId(ENDPOINT_SECURITY_ID, 'fim'); export const MALWARE_DETECTION_TITLE = i18n.translate( `${PLUGIN_ID}.category.${MALWARE_DETECTION_ID}`, { defaultMessage: 'Malware Detection', }, ); -export const FIM_TITLE = i18n.translate(`${PLUGIN_ID}.category.${FIM_ID}`, { - defaultMessage: 'File Integrity Monitoring', -}); From ce8a74cc3b88e6110529ebbb3a77a0b707ea886e Mon Sep 17 00:00:00 2001 From: Guido Modarelli Date: Wed, 12 Feb 2025 21:12:02 +0000 Subject: [PATCH 186/212] refactor: move malware detection constants to a dedicated file for better organization --- .../groups/endpoint-security/applications.ts | 5 ++++- .../apps/malware-detection/application.tsx | 3 ++- .../apps/malware-detection/constants.ts | 15 +++++++++++++++ .../malware-detection/malware-detection-app.tsx | 2 +- .../public/groups/endpoint-security/constants.ts | 11 ----------- 5 files changed, 22 insertions(+), 14 deletions(-) create mode 100644 plugins/wazuh-analysis/public/groups/endpoint-security/apps/malware-detection/constants.ts diff --git a/plugins/wazuh-analysis/public/groups/endpoint-security/applications.ts b/plugins/wazuh-analysis/public/groups/endpoint-security/applications.ts index cabba9dc9a..7db2cbaf12 100644 --- a/plugins/wazuh-analysis/public/groups/endpoint-security/applications.ts +++ b/plugins/wazuh-analysis/public/groups/endpoint-security/applications.ts @@ -5,12 +5,15 @@ import { AppNavLinkStatus, AppUpdater, } from '../../../../../src/core/public'; -import { MALWARE_DETECTION_ID, MALWARE_DETECTION_TITLE } from './constants'; import { CONFIGURATION_ASSESSMENT_ID, CONFIGURATION_ASSESSMENT_TITLE, } from './apps/configuration-assesment/constants'; import { FIM_ID, FIM_TITLE } from './apps/fim/constants'; +import { + MALWARE_DETECTION_ID, + MALWARE_DETECTION_TITLE, +} from './apps/malware-detection/constants'; export function getEndpointSecurityApps(updater$?: Subject): App[] { return [ diff --git a/plugins/wazuh-analysis/public/groups/endpoint-security/apps/malware-detection/application.tsx b/plugins/wazuh-analysis/public/groups/endpoint-security/apps/malware-detection/application.tsx index 44b8fd8cbc..305e979863 100644 --- a/plugins/wazuh-analysis/public/groups/endpoint-security/apps/malware-detection/application.tsx +++ b/plugins/wazuh-analysis/public/groups/endpoint-security/apps/malware-detection/application.tsx @@ -4,8 +4,9 @@ import ReactDOM from 'react-dom'; import { EndpointSecurityNavGroup } from '../..'; import { Layout } from '../../../layout'; import { createSideNavItems } from '../../../side-nav'; -import { ENDPOINT_SECURITY_TITLE, MALWARE_DETECTION_ID } from '../../constants'; +import { ENDPOINT_SECURITY_TITLE } from '../../constants'; import { MalwareDetectionApp } from './malware-detection-app'; +import { MALWARE_DETECTION_ID } from './constants'; export const renderApp = async (params: AppMountParameters) => { const items = createSideNavItems({ diff --git a/plugins/wazuh-analysis/public/groups/endpoint-security/apps/malware-detection/constants.ts b/plugins/wazuh-analysis/public/groups/endpoint-security/apps/malware-detection/constants.ts new file mode 100644 index 0000000000..bb0ef22c50 --- /dev/null +++ b/plugins/wazuh-analysis/public/groups/endpoint-security/apps/malware-detection/constants.ts @@ -0,0 +1,15 @@ +import { i18n } from '@osd/i18n'; +import { PLUGIN_ID } from '../../../../../common/constants'; +import { buildSubAppId } from '../../../../utils'; +import { ENDPOINT_SECURITY_ID } from '../../constants'; + +export const MALWARE_DETECTION_ID = buildSubAppId( + ENDPOINT_SECURITY_ID, + 'malware_detection', +); +export const MALWARE_DETECTION_TITLE = i18n.translate( + `${PLUGIN_ID}.category.${MALWARE_DETECTION_ID}`, + { + defaultMessage: 'Malware Detection', + }, +); diff --git a/plugins/wazuh-analysis/public/groups/endpoint-security/apps/malware-detection/malware-detection-app.tsx b/plugins/wazuh-analysis/public/groups/endpoint-security/apps/malware-detection/malware-detection-app.tsx index 0df3aa91fd..3100c2693f 100644 --- a/plugins/wazuh-analysis/public/groups/endpoint-security/apps/malware-detection/malware-detection-app.tsx +++ b/plugins/wazuh-analysis/public/groups/endpoint-security/apps/malware-detection/malware-detection-app.tsx @@ -1,6 +1,6 @@ import React from 'react'; import { AppMountParameters } from 'opensearch-dashboards/public'; -import { MALWARE_DETECTION_TITLE } from '../../constants'; +import { MALWARE_DETECTION_TITLE } from './constants'; interface MalwareDetectionAppProps { params: AppMountParameters; diff --git a/plugins/wazuh-analysis/public/groups/endpoint-security/constants.ts b/plugins/wazuh-analysis/public/groups/endpoint-security/constants.ts index 7559343e45..0e73dfa3e6 100644 --- a/plugins/wazuh-analysis/public/groups/endpoint-security/constants.ts +++ b/plugins/wazuh-analysis/public/groups/endpoint-security/constants.ts @@ -1,6 +1,5 @@ import { i18n } from '@osd/i18n'; import { PLUGIN_ID } from '../../../common/constants'; -import { buildSubAppId } from '../../utils'; export const ENDPOINT_SECURITY_ID = 'endpoint_security'; export const ENDPOINT_SECURITY_TITLE = i18n.translate( @@ -16,13 +15,3 @@ export const ENDPOINT_SECURITY_DESCRIPTION = i18n.translate( 'Advanced monitoring and protection for devices against security threats.', }, ); -export const MALWARE_DETECTION_ID = buildSubAppId( - ENDPOINT_SECURITY_ID, - 'malware_detection', -); -export const MALWARE_DETECTION_TITLE = i18n.translate( - `${PLUGIN_ID}.category.${MALWARE_DETECTION_ID}`, - { - defaultMessage: 'Malware Detection', - }, -); From 530e3ab430c5ffadf9191673bf039bbb4906a378 Mon Sep 17 00:00:00 2001 From: Guido Modarelli Date: Wed, 12 Feb 2025 21:13:58 +0000 Subject: [PATCH 187/212] refactor: move incident response constants to a dedicated file for better organization --- .../groups/security-operations/applications.ts | 6 ++++-- .../apps/incident-response/application.tsx | 6 ++---- .../apps/incident-response/constants.ts | 15 +++++++++++++++ .../incident-response/incident-response-app.tsx | 2 +- .../groups/security-operations/constants.ts | 10 ---------- 5 files changed, 22 insertions(+), 17 deletions(-) create mode 100644 plugins/wazuh-analysis/public/groups/security-operations/apps/incident-response/constants.ts diff --git a/plugins/wazuh-analysis/public/groups/security-operations/applications.ts b/plugins/wazuh-analysis/public/groups/security-operations/applications.ts index 3998310e73..b96459bfa0 100644 --- a/plugins/wazuh-analysis/public/groups/security-operations/applications.ts +++ b/plugins/wazuh-analysis/public/groups/security-operations/applications.ts @@ -5,13 +5,15 @@ import { AppUpdater, } from '../../../../../src/core/public'; import { - INCIDENT_RESPONSE_ID, - INCIDENT_RESPONSE_TITLE, IT_HYGIENE_ID, IT_HYGIENE_TITLE, REGULATORY_COMPLIANCE_ID, REGULATORY_COMPLIANCE_TITLE, } from './constants'; +import { + INCIDENT_RESPONSE_ID, + INCIDENT_RESPONSE_TITLE, +} from './apps/incident-response/constants'; export function getSecurityOperationsApps(updater$?: Subject) { return [ diff --git a/plugins/wazuh-analysis/public/groups/security-operations/apps/incident-response/application.tsx b/plugins/wazuh-analysis/public/groups/security-operations/apps/incident-response/application.tsx index 0e6d0c0085..43929f1d0c 100644 --- a/plugins/wazuh-analysis/public/groups/security-operations/apps/incident-response/application.tsx +++ b/plugins/wazuh-analysis/public/groups/security-operations/apps/incident-response/application.tsx @@ -4,11 +4,9 @@ import ReactDOM from 'react-dom'; import { SecurityOperationsNavGroup } from '../..'; import { Layout } from '../../../layout'; import { createSideNavItems } from '../../../side-nav'; -import { - INCIDENT_RESPONSE_ID, - SECURITY_OPERATIONS_TITLE, -} from '../../constants'; +import { SECURITY_OPERATIONS_TITLE } from '../../constants'; import { IncidentResponseApp } from './incident-response-app'; +import { INCIDENT_RESPONSE_ID } from './constants'; export const renderApp = async (params: AppMountParameters) => { const items = createSideNavItems({ diff --git a/plugins/wazuh-analysis/public/groups/security-operations/apps/incident-response/constants.ts b/plugins/wazuh-analysis/public/groups/security-operations/apps/incident-response/constants.ts new file mode 100644 index 0000000000..2a95bcfb26 --- /dev/null +++ b/plugins/wazuh-analysis/public/groups/security-operations/apps/incident-response/constants.ts @@ -0,0 +1,15 @@ +import { i18n } from '@osd/i18n'; +import { PLUGIN_ID } from '../../../../../common/constants'; +import { buildSubAppId } from '../../../../utils'; +import { SECURITY_OPERATIONS_ID } from '../../constants'; + +export const INCIDENT_RESPONSE_ID = buildSubAppId( + SECURITY_OPERATIONS_ID, + 'incident_response', +); +export const INCIDENT_RESPONSE_TITLE = i18n.translate( + `${PLUGIN_ID}.category.${INCIDENT_RESPONSE_ID}`, + { + defaultMessage: 'Incident Response', + }, +); diff --git a/plugins/wazuh-analysis/public/groups/security-operations/apps/incident-response/incident-response-app.tsx b/plugins/wazuh-analysis/public/groups/security-operations/apps/incident-response/incident-response-app.tsx index fb2673978c..01081d5798 100644 --- a/plugins/wazuh-analysis/public/groups/security-operations/apps/incident-response/incident-response-app.tsx +++ b/plugins/wazuh-analysis/public/groups/security-operations/apps/incident-response/incident-response-app.tsx @@ -1,6 +1,6 @@ import React from 'react'; import { AppMountParameters } from 'opensearch-dashboards/public'; -import { INCIDENT_RESPONSE_TITLE } from '../../constants'; +import { INCIDENT_RESPONSE_TITLE } from './constants'; interface IncidentResponseAppProps { params: AppMountParameters; diff --git a/plugins/wazuh-analysis/public/groups/security-operations/constants.ts b/plugins/wazuh-analysis/public/groups/security-operations/constants.ts index c9923d6cf6..e62df2af85 100644 --- a/plugins/wazuh-analysis/public/groups/security-operations/constants.ts +++ b/plugins/wazuh-analysis/public/groups/security-operations/constants.ts @@ -24,10 +24,6 @@ export const IT_HYGIENE_ID = buildSubAppId( SECURITY_OPERATIONS_ID, 'it_hygiene', ); -export const INCIDENT_RESPONSE_ID = buildSubAppId( - SECURITY_OPERATIONS_ID, - 'incident_response', -); export const REGULATORY_COMPLIANCE_TITLE = i18n.translate( `${PLUGIN_ID}.category.${REGULATORY_COMPLIANCE_ID}`, { @@ -40,9 +36,3 @@ export const IT_HYGIENE_TITLE = i18n.translate( defaultMessage: 'IT Hygiene', }, ); -export const INCIDENT_RESPONSE_TITLE = i18n.translate( - `${PLUGIN_ID}.category.${INCIDENT_RESPONSE_ID}`, - { - defaultMessage: 'Incident Response', - }, -); From e1fe336fd1ef6cb68530b8bce60f1cf59d492838 Mon Sep 17 00:00:00 2001 From: Guido Modarelli Date: Wed, 12 Feb 2025 21:15:40 +0000 Subject: [PATCH 188/212] refactor: move IT hygiene constants to a dedicated file for better organization --- .../groups/security-operations/applications.ts | 3 +-- .../apps/it-hygiene/application.tsx | 3 ++- .../apps/it-hygiene/constants.ts | 15 +++++++++++++++ .../apps/it-hygiene/it-hygiene-app.tsx | 2 +- .../groups/security-operations/constants.ts | 10 ---------- 5 files changed, 19 insertions(+), 14 deletions(-) create mode 100644 plugins/wazuh-analysis/public/groups/security-operations/apps/it-hygiene/constants.ts diff --git a/plugins/wazuh-analysis/public/groups/security-operations/applications.ts b/plugins/wazuh-analysis/public/groups/security-operations/applications.ts index b96459bfa0..7e1a13606d 100644 --- a/plugins/wazuh-analysis/public/groups/security-operations/applications.ts +++ b/plugins/wazuh-analysis/public/groups/security-operations/applications.ts @@ -5,8 +5,6 @@ import { AppUpdater, } from '../../../../../src/core/public'; import { - IT_HYGIENE_ID, - IT_HYGIENE_TITLE, REGULATORY_COMPLIANCE_ID, REGULATORY_COMPLIANCE_TITLE, } from './constants'; @@ -14,6 +12,7 @@ import { INCIDENT_RESPONSE_ID, INCIDENT_RESPONSE_TITLE, } from './apps/incident-response/constants'; +import { IT_HYGIENE_ID, IT_HYGIENE_TITLE } from './apps/it-hygiene/constants'; export function getSecurityOperationsApps(updater$?: Subject) { return [ diff --git a/plugins/wazuh-analysis/public/groups/security-operations/apps/it-hygiene/application.tsx b/plugins/wazuh-analysis/public/groups/security-operations/apps/it-hygiene/application.tsx index feaedc7263..141c882440 100644 --- a/plugins/wazuh-analysis/public/groups/security-operations/apps/it-hygiene/application.tsx +++ b/plugins/wazuh-analysis/public/groups/security-operations/apps/it-hygiene/application.tsx @@ -4,8 +4,9 @@ import ReactDOM from 'react-dom'; import { SecurityOperationsNavGroup } from '../..'; import { Layout } from '../../../layout'; import { createSideNavItems } from '../../../side-nav'; -import { IT_HYGIENE_ID, SECURITY_OPERATIONS_TITLE } from '../../constants'; +import { SECURITY_OPERATIONS_TITLE } from '../../constants'; import { ItHygieneApp } from './it-hygiene-app'; +import { IT_HYGIENE_ID } from './constants'; export const renderApp = async (params: AppMountParameters) => { const items = createSideNavItems({ diff --git a/plugins/wazuh-analysis/public/groups/security-operations/apps/it-hygiene/constants.ts b/plugins/wazuh-analysis/public/groups/security-operations/apps/it-hygiene/constants.ts new file mode 100644 index 0000000000..4db35e0925 --- /dev/null +++ b/plugins/wazuh-analysis/public/groups/security-operations/apps/it-hygiene/constants.ts @@ -0,0 +1,15 @@ +import { i18n } from '@osd/i18n'; +import { PLUGIN_ID } from '../../../../../common/constants'; +import { buildSubAppId } from '../../../../utils'; +import { SECURITY_OPERATIONS_ID } from '../../constants'; + +export const IT_HYGIENE_ID = buildSubAppId( + SECURITY_OPERATIONS_ID, + 'it_hygiene', +); +export const IT_HYGIENE_TITLE = i18n.translate( + `${PLUGIN_ID}.category.${IT_HYGIENE_ID}`, + { + defaultMessage: 'IT Hygiene', + }, +); diff --git a/plugins/wazuh-analysis/public/groups/security-operations/apps/it-hygiene/it-hygiene-app.tsx b/plugins/wazuh-analysis/public/groups/security-operations/apps/it-hygiene/it-hygiene-app.tsx index be8da8bed3..2732594c09 100644 --- a/plugins/wazuh-analysis/public/groups/security-operations/apps/it-hygiene/it-hygiene-app.tsx +++ b/plugins/wazuh-analysis/public/groups/security-operations/apps/it-hygiene/it-hygiene-app.tsx @@ -1,6 +1,6 @@ import React from 'react'; import { AppMountParameters } from 'opensearch-dashboards/public'; -import { IT_HYGIENE_TITLE } from '../../constants'; +import { IT_HYGIENE_TITLE } from './constants'; interface ItHygieneAppProps { params: AppMountParameters; diff --git a/plugins/wazuh-analysis/public/groups/security-operations/constants.ts b/plugins/wazuh-analysis/public/groups/security-operations/constants.ts index e62df2af85..2482e3371a 100644 --- a/plugins/wazuh-analysis/public/groups/security-operations/constants.ts +++ b/plugins/wazuh-analysis/public/groups/security-operations/constants.ts @@ -20,19 +20,9 @@ export const REGULATORY_COMPLIANCE_ID = buildSubAppId( SECURITY_OPERATIONS_ID, 'regulatory_compliance', ); -export const IT_HYGIENE_ID = buildSubAppId( - SECURITY_OPERATIONS_ID, - 'it_hygiene', -); export const REGULATORY_COMPLIANCE_TITLE = i18n.translate( `${PLUGIN_ID}.category.${REGULATORY_COMPLIANCE_ID}`, { defaultMessage: 'Regulatory Compliance', }, ); -export const IT_HYGIENE_TITLE = i18n.translate( - `${PLUGIN_ID}.category.${IT_HYGIENE_ID}`, - { - defaultMessage: 'IT Hygiene', - }, -); From 1a716fe8f3186e89ea2a0f069ad26844f979a821 Mon Sep 17 00:00:00 2001 From: Guido Modarelli Date: Wed, 12 Feb 2025 21:17:00 +0000 Subject: [PATCH 189/212] refactor: move regulatory compliance constants to a dedicated file for better organization --- .../groups/security-operations/applications.ts | 8 ++++---- .../apps/regulatory-compliance/application.tsx | 6 ++---- .../apps/regulatory-compliance/constants.ts | 15 +++++++++++++++ .../regulatory-compliance-app.tsx | 2 +- .../groups/security-operations/constants.ts | 11 ----------- 5 files changed, 22 insertions(+), 20 deletions(-) create mode 100644 plugins/wazuh-analysis/public/groups/security-operations/apps/regulatory-compliance/constants.ts diff --git a/plugins/wazuh-analysis/public/groups/security-operations/applications.ts b/plugins/wazuh-analysis/public/groups/security-operations/applications.ts index 7e1a13606d..b6d30491f1 100644 --- a/plugins/wazuh-analysis/public/groups/security-operations/applications.ts +++ b/plugins/wazuh-analysis/public/groups/security-operations/applications.ts @@ -4,15 +4,15 @@ import { AppNavLinkStatus, AppUpdater, } from '../../../../../src/core/public'; -import { - REGULATORY_COMPLIANCE_ID, - REGULATORY_COMPLIANCE_TITLE, -} from './constants'; import { INCIDENT_RESPONSE_ID, INCIDENT_RESPONSE_TITLE, } from './apps/incident-response/constants'; import { IT_HYGIENE_ID, IT_HYGIENE_TITLE } from './apps/it-hygiene/constants'; +import { + REGULATORY_COMPLIANCE_ID, + REGULATORY_COMPLIANCE_TITLE, +} from './apps/regulatory-compliance/constants'; export function getSecurityOperationsApps(updater$?: Subject) { return [ diff --git a/plugins/wazuh-analysis/public/groups/security-operations/apps/regulatory-compliance/application.tsx b/plugins/wazuh-analysis/public/groups/security-operations/apps/regulatory-compliance/application.tsx index 8daf394ed3..91907b5ad0 100644 --- a/plugins/wazuh-analysis/public/groups/security-operations/apps/regulatory-compliance/application.tsx +++ b/plugins/wazuh-analysis/public/groups/security-operations/apps/regulatory-compliance/application.tsx @@ -4,11 +4,9 @@ import ReactDOM from 'react-dom'; import { SecurityOperationsNavGroup } from '../..'; import { Layout } from '../../../layout'; import { createSideNavItems } from '../../../side-nav'; -import { - REGULATORY_COMPLIANCE_ID, - SECURITY_OPERATIONS_TITLE, -} from '../../constants'; +import { SECURITY_OPERATIONS_TITLE } from '../../constants'; import { RegulatoryComplianceApp } from './regulatory-compliance-app'; +import { REGULATORY_COMPLIANCE_ID } from './constants'; export const renderApp = async (params: AppMountParameters) => { const items = createSideNavItems({ diff --git a/plugins/wazuh-analysis/public/groups/security-operations/apps/regulatory-compliance/constants.ts b/plugins/wazuh-analysis/public/groups/security-operations/apps/regulatory-compliance/constants.ts new file mode 100644 index 0000000000..028b6e2052 --- /dev/null +++ b/plugins/wazuh-analysis/public/groups/security-operations/apps/regulatory-compliance/constants.ts @@ -0,0 +1,15 @@ +import { i18n } from '@osd/i18n'; +import { PLUGIN_ID } from '../../../../../common/constants'; +import { buildSubAppId } from '../../../../utils'; +import { SECURITY_OPERATIONS_ID } from '../../constants'; + +export const REGULATORY_COMPLIANCE_ID = buildSubAppId( + SECURITY_OPERATIONS_ID, + 'regulatory_compliance', +); +export const REGULATORY_COMPLIANCE_TITLE = i18n.translate( + `${PLUGIN_ID}.category.${REGULATORY_COMPLIANCE_ID}`, + { + defaultMessage: 'Regulatory Compliance', + }, +); diff --git a/plugins/wazuh-analysis/public/groups/security-operations/apps/regulatory-compliance/regulatory-compliance-app.tsx b/plugins/wazuh-analysis/public/groups/security-operations/apps/regulatory-compliance/regulatory-compliance-app.tsx index 7e84b25b7a..4b2c582d7c 100644 --- a/plugins/wazuh-analysis/public/groups/security-operations/apps/regulatory-compliance/regulatory-compliance-app.tsx +++ b/plugins/wazuh-analysis/public/groups/security-operations/apps/regulatory-compliance/regulatory-compliance-app.tsx @@ -1,6 +1,6 @@ import React from 'react'; import { AppMountParameters } from 'opensearch-dashboards/public'; -import { REGULATORY_COMPLIANCE_TITLE } from '../../constants'; +import { REGULATORY_COMPLIANCE_TITLE } from './constants'; interface RegulatoryComplianceAppProps { params: AppMountParameters; diff --git a/plugins/wazuh-analysis/public/groups/security-operations/constants.ts b/plugins/wazuh-analysis/public/groups/security-operations/constants.ts index 2482e3371a..0455237174 100644 --- a/plugins/wazuh-analysis/public/groups/security-operations/constants.ts +++ b/plugins/wazuh-analysis/public/groups/security-operations/constants.ts @@ -1,6 +1,5 @@ import { i18n } from '@osd/i18n'; import { PLUGIN_ID } from '../../../common/constants'; -import { buildSubAppId } from '../../utils'; export const SECURITY_OPERATIONS_ID = 'security_operations'; export const SECURITY_OPERATIONS_TITLE = i18n.translate( @@ -16,13 +15,3 @@ export const SECURITY_OPERATIONS_DESCRIPTION = i18n.translate( 'Advanced monitoring and protection for devices against security threats.', }, ); -export const REGULATORY_COMPLIANCE_ID = buildSubAppId( - SECURITY_OPERATIONS_ID, - 'regulatory_compliance', -); -export const REGULATORY_COMPLIANCE_TITLE = i18n.translate( - `${PLUGIN_ID}.category.${REGULATORY_COMPLIANCE_ID}`, - { - defaultMessage: 'Regulatory Compliance', - }, -); From c2593fe9d2ac08bcdb4ecfde38c8f5afa7fba1cc Mon Sep 17 00:00:00 2001 From: Guido Modarelli Date: Wed, 12 Feb 2025 21:19:25 +0000 Subject: [PATCH 190/212] refactor: move MITRE ATT&CK constants to a dedicated file for better organization --- .../groups/threat-intelligence/applications.ts | 6 ++++-- .../apps/mitre-att&ck/application.tsx | 3 ++- .../apps/mitre-att&ck/constants.ts | 15 +++++++++++++++ .../apps/mitre-att&ck/mitre-att&ck-app.tsx | 2 +- .../groups/threat-intelligence/constants.ts | 10 ---------- 5 files changed, 22 insertions(+), 14 deletions(-) create mode 100644 plugins/wazuh-analysis/public/groups/threat-intelligence/apps/mitre-att&ck/constants.ts diff --git a/plugins/wazuh-analysis/public/groups/threat-intelligence/applications.ts b/plugins/wazuh-analysis/public/groups/threat-intelligence/applications.ts index f3c2efb055..96c4124f3d 100644 --- a/plugins/wazuh-analysis/public/groups/threat-intelligence/applications.ts +++ b/plugins/wazuh-analysis/public/groups/threat-intelligence/applications.ts @@ -5,13 +5,15 @@ import { AppUpdater, } from '../../../../../src/core/public'; import { - MITRE_ATTACK_ID, - MITRE_ATTACK_TITLE, THREAT_HUNTING_ID, THREAT_HUNTING_TITLE, VULNERABILITY_DETECTION_ID, VULNERABILITY_DETECTION_TITLE, } from './constants'; +import { + MITRE_ATTACK_ID, + MITRE_ATTACK_TITLE, +} from './apps/mitre-att&ck/constants'; export function getThreatIntelligenceApps(updater$?: Subject) { return [ diff --git a/plugins/wazuh-analysis/public/groups/threat-intelligence/apps/mitre-att&ck/application.tsx b/plugins/wazuh-analysis/public/groups/threat-intelligence/apps/mitre-att&ck/application.tsx index 6a57f27280..4346749297 100644 --- a/plugins/wazuh-analysis/public/groups/threat-intelligence/apps/mitre-att&ck/application.tsx +++ b/plugins/wazuh-analysis/public/groups/threat-intelligence/apps/mitre-att&ck/application.tsx @@ -4,8 +4,9 @@ import ReactDOM from 'react-dom'; import { ThreatIntelligenceNavGroup } from '../..'; import { Layout } from '../../../layout'; import { createSideNavItems } from '../../../side-nav'; -import { MITRE_ATTACK_ID, THREAT_INTELLIGENCE_TITLE } from '../../constants'; +import { THREAT_INTELLIGENCE_TITLE } from '../../constants'; import { MitreAttackApp } from './mitre-att&ck-app'; +import { MITRE_ATTACK_ID } from './constants'; export const renderApp = async (params: AppMountParameters) => { const items = createSideNavItems({ diff --git a/plugins/wazuh-analysis/public/groups/threat-intelligence/apps/mitre-att&ck/constants.ts b/plugins/wazuh-analysis/public/groups/threat-intelligence/apps/mitre-att&ck/constants.ts new file mode 100644 index 0000000000..f33bc0ff69 --- /dev/null +++ b/plugins/wazuh-analysis/public/groups/threat-intelligence/apps/mitre-att&ck/constants.ts @@ -0,0 +1,15 @@ +import { i18n } from '@osd/i18n'; +import { PLUGIN_ID } from '../../../../../common/constants'; +import { buildSubAppId } from '../../../../utils'; +import { THREAT_INTELLIGENCE_ID } from '../../constants'; + +export const MITRE_ATTACK_ID = buildSubAppId( + THREAT_INTELLIGENCE_ID, + 'mitre_attack', +); +export const MITRE_ATTACK_TITLE = i18n.translate( + `${PLUGIN_ID}.category.${MITRE_ATTACK_ID}`, + { + defaultMessage: 'MITRE ATT&CK', + }, +); diff --git a/plugins/wazuh-analysis/public/groups/threat-intelligence/apps/mitre-att&ck/mitre-att&ck-app.tsx b/plugins/wazuh-analysis/public/groups/threat-intelligence/apps/mitre-att&ck/mitre-att&ck-app.tsx index 98fb6bbf24..d5d4b02b9d 100644 --- a/plugins/wazuh-analysis/public/groups/threat-intelligence/apps/mitre-att&ck/mitre-att&ck-app.tsx +++ b/plugins/wazuh-analysis/public/groups/threat-intelligence/apps/mitre-att&ck/mitre-att&ck-app.tsx @@ -1,6 +1,6 @@ import React from 'react'; import { AppMountParameters } from 'opensearch-dashboards/public'; -import { MITRE_ATTACK_TITLE } from '../../constants'; +import { MITRE_ATTACK_TITLE } from './constants'; interface MitreAttackAppProps { params: AppMountParameters; diff --git a/plugins/wazuh-analysis/public/groups/threat-intelligence/constants.ts b/plugins/wazuh-analysis/public/groups/threat-intelligence/constants.ts index 34c6ec41f6..66c9487f6d 100644 --- a/plugins/wazuh-analysis/public/groups/threat-intelligence/constants.ts +++ b/plugins/wazuh-analysis/public/groups/threat-intelligence/constants.ts @@ -24,10 +24,6 @@ export const VULNERABILITY_DETECTION_ID = buildSubAppId( THREAT_INTELLIGENCE_ID, 'vulnerability_detection', ); -export const MITRE_ATTACK_ID = buildSubAppId( - THREAT_INTELLIGENCE_ID, - 'mitre_attack', -); export const THREAT_HUNTING_TITLE = i18n.translate( `${PLUGIN_ID}.category.${THREAT_HUNTING_ID}`, { @@ -40,9 +36,3 @@ export const VULNERABILITY_DETECTION_TITLE = i18n.translate( defaultMessage: 'Vulnerability Detection', }, ); -export const MITRE_ATTACK_TITLE = i18n.translate( - `${PLUGIN_ID}.category.${MITRE_ATTACK_ID}`, - { - defaultMessage: 'MITRE ATT&CK', - }, -); From 72a3ed1ab93f2f77c4360a772300ba197788eb50 Mon Sep 17 00:00:00 2001 From: Guido Modarelli Date: Wed, 12 Feb 2025 21:20:51 +0000 Subject: [PATCH 191/212] refactor: move threat hunting constants to a dedicated file for better organization --- .../groups/threat-intelligence/applications.ts | 6 ++++-- .../apps/threat-hunting/application.tsx | 3 ++- .../apps/threat-hunting/constants.ts | 15 +++++++++++++++ .../apps/threat-hunting/threat-hunting-app.tsx | 2 +- .../groups/threat-intelligence/constants.ts | 10 ---------- 5 files changed, 22 insertions(+), 14 deletions(-) create mode 100644 plugins/wazuh-analysis/public/groups/threat-intelligence/apps/threat-hunting/constants.ts diff --git a/plugins/wazuh-analysis/public/groups/threat-intelligence/applications.ts b/plugins/wazuh-analysis/public/groups/threat-intelligence/applications.ts index 96c4124f3d..2452c9ee74 100644 --- a/plugins/wazuh-analysis/public/groups/threat-intelligence/applications.ts +++ b/plugins/wazuh-analysis/public/groups/threat-intelligence/applications.ts @@ -5,8 +5,6 @@ import { AppUpdater, } from '../../../../../src/core/public'; import { - THREAT_HUNTING_ID, - THREAT_HUNTING_TITLE, VULNERABILITY_DETECTION_ID, VULNERABILITY_DETECTION_TITLE, } from './constants'; @@ -14,6 +12,10 @@ import { MITRE_ATTACK_ID, MITRE_ATTACK_TITLE, } from './apps/mitre-att&ck/constants'; +import { + THREAT_HUNTING_ID, + THREAT_HUNTING_TITLE, +} from './apps/threat-hunting/constants'; export function getThreatIntelligenceApps(updater$?: Subject) { return [ diff --git a/plugins/wazuh-analysis/public/groups/threat-intelligence/apps/threat-hunting/application.tsx b/plugins/wazuh-analysis/public/groups/threat-intelligence/apps/threat-hunting/application.tsx index 7e49ce79f6..a2f99f18ca 100644 --- a/plugins/wazuh-analysis/public/groups/threat-intelligence/apps/threat-hunting/application.tsx +++ b/plugins/wazuh-analysis/public/groups/threat-intelligence/apps/threat-hunting/application.tsx @@ -4,8 +4,9 @@ import ReactDOM from 'react-dom'; import { ThreatIntelligenceNavGroup } from '../..'; import { Layout } from '../../../layout'; import { createSideNavItems } from '../../../side-nav'; -import { THREAT_HUNTING_ID, THREAT_INTELLIGENCE_TITLE } from '../../constants'; +import { THREAT_INTELLIGENCE_TITLE } from '../../constants'; import { ThreatHuntingApp } from './threat-hunting-app'; +import { THREAT_HUNTING_ID } from './constants'; export const renderApp = async (params: AppMountParameters) => { const items = createSideNavItems({ diff --git a/plugins/wazuh-analysis/public/groups/threat-intelligence/apps/threat-hunting/constants.ts b/plugins/wazuh-analysis/public/groups/threat-intelligence/apps/threat-hunting/constants.ts new file mode 100644 index 0000000000..d4e8743adf --- /dev/null +++ b/plugins/wazuh-analysis/public/groups/threat-intelligence/apps/threat-hunting/constants.ts @@ -0,0 +1,15 @@ +import { i18n } from '@osd/i18n'; +import { PLUGIN_ID } from '../../../../../common/constants'; +import { buildSubAppId } from '../../../../utils'; +import { THREAT_INTELLIGENCE_ID } from '../../constants'; + +export const THREAT_HUNTING_ID = buildSubAppId( + THREAT_INTELLIGENCE_ID, + 'threat_hunting', +); +export const THREAT_HUNTING_TITLE = i18n.translate( + `${PLUGIN_ID}.category.${THREAT_HUNTING_ID}`, + { + defaultMessage: 'Threat Hunting', + }, +); diff --git a/plugins/wazuh-analysis/public/groups/threat-intelligence/apps/threat-hunting/threat-hunting-app.tsx b/plugins/wazuh-analysis/public/groups/threat-intelligence/apps/threat-hunting/threat-hunting-app.tsx index 249aa0188b..d37cfcf232 100644 --- a/plugins/wazuh-analysis/public/groups/threat-intelligence/apps/threat-hunting/threat-hunting-app.tsx +++ b/plugins/wazuh-analysis/public/groups/threat-intelligence/apps/threat-hunting/threat-hunting-app.tsx @@ -1,6 +1,6 @@ import React from 'react'; import { AppMountParameters } from 'opensearch-dashboards/public'; -import { THREAT_HUNTING_TITLE } from '../../constants'; +import { THREAT_HUNTING_TITLE } from './constants'; interface ThreatHuntingAppProps { params: AppMountParameters; diff --git a/plugins/wazuh-analysis/public/groups/threat-intelligence/constants.ts b/plugins/wazuh-analysis/public/groups/threat-intelligence/constants.ts index 66c9487f6d..93bafc0beb 100644 --- a/plugins/wazuh-analysis/public/groups/threat-intelligence/constants.ts +++ b/plugins/wazuh-analysis/public/groups/threat-intelligence/constants.ts @@ -16,20 +16,10 @@ export const THREAT_INTELLIGENCE_DESCRIPTION = i18n.translate( 'Collect and analyze information about potential threats to inform security decisions.', }, ); -export const THREAT_HUNTING_ID = buildSubAppId( - THREAT_INTELLIGENCE_ID, - 'threat_hunting', -); export const VULNERABILITY_DETECTION_ID = buildSubAppId( THREAT_INTELLIGENCE_ID, 'vulnerability_detection', ); -export const THREAT_HUNTING_TITLE = i18n.translate( - `${PLUGIN_ID}.category.${THREAT_HUNTING_ID}`, - { - defaultMessage: 'Threat Hunting', - }, -); export const VULNERABILITY_DETECTION_TITLE = i18n.translate( `${PLUGIN_ID}.category.${VULNERABILITY_DETECTION_ID}`, { From 641f55f1c35444e45e7407c4b563182457f98617 Mon Sep 17 00:00:00 2001 From: Guido Modarelli Date: Wed, 12 Feb 2025 21:21:58 +0000 Subject: [PATCH 192/212] refactor: move vulnerability detection constants to a dedicated file for better organization --- .../groups/threat-intelligence/applications.ts | 8 ++++---- .../apps/vulnerability-detection/application.tsx | 6 ++---- .../apps/vulnerability-detection/constants.ts | 15 +++++++++++++++ .../vulnerability-detection-app.tsx | 2 +- .../groups/threat-intelligence/constants.ts | 11 ----------- 5 files changed, 22 insertions(+), 20 deletions(-) create mode 100644 plugins/wazuh-analysis/public/groups/threat-intelligence/apps/vulnerability-detection/constants.ts diff --git a/plugins/wazuh-analysis/public/groups/threat-intelligence/applications.ts b/plugins/wazuh-analysis/public/groups/threat-intelligence/applications.ts index 2452c9ee74..e2b308bf30 100644 --- a/plugins/wazuh-analysis/public/groups/threat-intelligence/applications.ts +++ b/plugins/wazuh-analysis/public/groups/threat-intelligence/applications.ts @@ -4,10 +4,6 @@ import { AppNavLinkStatus, AppUpdater, } from '../../../../../src/core/public'; -import { - VULNERABILITY_DETECTION_ID, - VULNERABILITY_DETECTION_TITLE, -} from './constants'; import { MITRE_ATTACK_ID, MITRE_ATTACK_TITLE, @@ -16,6 +12,10 @@ import { THREAT_HUNTING_ID, THREAT_HUNTING_TITLE, } from './apps/threat-hunting/constants'; +import { + VULNERABILITY_DETECTION_ID, + VULNERABILITY_DETECTION_TITLE, +} from './apps/vulnerability-detection/constants'; export function getThreatIntelligenceApps(updater$?: Subject) { return [ diff --git a/plugins/wazuh-analysis/public/groups/threat-intelligence/apps/vulnerability-detection/application.tsx b/plugins/wazuh-analysis/public/groups/threat-intelligence/apps/vulnerability-detection/application.tsx index 2b03c34b72..7b71b1a2e2 100644 --- a/plugins/wazuh-analysis/public/groups/threat-intelligence/apps/vulnerability-detection/application.tsx +++ b/plugins/wazuh-analysis/public/groups/threat-intelligence/apps/vulnerability-detection/application.tsx @@ -4,11 +4,9 @@ import ReactDOM from 'react-dom'; import { ThreatIntelligenceNavGroup } from '../..'; import { Layout } from '../../../layout'; import { createSideNavItems } from '../../../side-nav'; -import { - THREAT_INTELLIGENCE_TITLE, - VULNERABILITY_DETECTION_ID, -} from '../../constants'; +import { THREAT_INTELLIGENCE_TITLE } from '../../constants'; import { VulnerabilityDetectionApp } from './vulnerability-detection-app'; +import { VULNERABILITY_DETECTION_ID } from './constants'; export const renderApp = async (params: AppMountParameters) => { const items = createSideNavItems({ diff --git a/plugins/wazuh-analysis/public/groups/threat-intelligence/apps/vulnerability-detection/constants.ts b/plugins/wazuh-analysis/public/groups/threat-intelligence/apps/vulnerability-detection/constants.ts new file mode 100644 index 0000000000..bbd675d3a9 --- /dev/null +++ b/plugins/wazuh-analysis/public/groups/threat-intelligence/apps/vulnerability-detection/constants.ts @@ -0,0 +1,15 @@ +import { i18n } from '@osd/i18n'; +import { PLUGIN_ID } from '../../../../../common/constants'; +import { buildSubAppId } from '../../../../utils'; +import { THREAT_INTELLIGENCE_ID } from '../../constants'; + +export const VULNERABILITY_DETECTION_ID = buildSubAppId( + THREAT_INTELLIGENCE_ID, + 'vulnerability_detection', +); +export const VULNERABILITY_DETECTION_TITLE = i18n.translate( + `${PLUGIN_ID}.category.${VULNERABILITY_DETECTION_ID}`, + { + defaultMessage: 'Vulnerability Detection', + }, +); diff --git a/plugins/wazuh-analysis/public/groups/threat-intelligence/apps/vulnerability-detection/vulnerability-detection-app.tsx b/plugins/wazuh-analysis/public/groups/threat-intelligence/apps/vulnerability-detection/vulnerability-detection-app.tsx index 2d9f438539..7a439f870b 100644 --- a/plugins/wazuh-analysis/public/groups/threat-intelligence/apps/vulnerability-detection/vulnerability-detection-app.tsx +++ b/plugins/wazuh-analysis/public/groups/threat-intelligence/apps/vulnerability-detection/vulnerability-detection-app.tsx @@ -1,6 +1,6 @@ import React from 'react'; import { AppMountParameters } from 'opensearch-dashboards/public'; -import { VULNERABILITY_DETECTION_TITLE } from '../../constants'; +import { VULNERABILITY_DETECTION_TITLE } from './constants'; interface VulnerabilityDetectionAppProps { params: AppMountParameters; diff --git a/plugins/wazuh-analysis/public/groups/threat-intelligence/constants.ts b/plugins/wazuh-analysis/public/groups/threat-intelligence/constants.ts index 93bafc0beb..43ed7af00c 100644 --- a/plugins/wazuh-analysis/public/groups/threat-intelligence/constants.ts +++ b/plugins/wazuh-analysis/public/groups/threat-intelligence/constants.ts @@ -1,6 +1,5 @@ import { i18n } from '@osd/i18n'; import { PLUGIN_ID } from '../../../common/constants'; -import { buildSubAppId } from '../../utils'; export const THREAT_INTELLIGENCE_ID = 'threat_intelligence'; export const THREAT_INTELLIGENCE_TITLE = i18n.translate( @@ -16,13 +15,3 @@ export const THREAT_INTELLIGENCE_DESCRIPTION = i18n.translate( 'Collect and analyze information about potential threats to inform security decisions.', }, ); -export const VULNERABILITY_DETECTION_ID = buildSubAppId( - THREAT_INTELLIGENCE_ID, - 'vulnerability_detection', -); -export const VULNERABILITY_DETECTION_TITLE = i18n.translate( - `${PLUGIN_ID}.category.${VULNERABILITY_DETECTION_ID}`, - { - defaultMessage: 'Vulnerability Detection', - }, -); From 07c850bc696c77b246ddcb388add7e88947940ca Mon Sep 17 00:00:00 2001 From: Antonio <34042064+Desvelao@users.noreply.github.com> Date: Mon, 27 Jan 2025 13:29:06 +0100 Subject: [PATCH 193/212] Add tasks to initialize index patterns (#7262) * feat: add task to create index pattern fields - Add task to create index pattern fields - Create CLIs to get the static files for the index pattern default fields used when there is no indices on the Wazuh dashboard starts * chore(changelog): add entry * fix(script): uncomment statements in build-static-files-get-from-wildcard tool --- CHANGELOG.md | 2 +- .../index-patterns-fields/fields-agent.json | 440 + .../index-patterns-fields/fields-alerts.json | 17304 ++++++++++++++++ .../fields-commands.json | 168 + .../index-patterns-fields/fields-fim.json | 586 + .../fields-hardware.json | 536 + .../fields-hotfixes.json | 432 + .../fields-networks.json | 920 + .../fields-packages.json | 488 + .../index-patterns-fields/fields-ports.json | 536 + .../fields-processes.json | 536 + .../fields-scheduled-commands.json | 96 + .../index-patterns-fields/fields-system.json | 760 + .../fields-vulnerabilities.json | 1024 + plugins/wazuh-core/server/plugin.ts | 134 +- .../README.md | 80 + .../build-static-files/README.md | 32 + .../build-static-files-get-from-wildcard.js | 227 + .../build-static-files-transform-templates.js | 96 + .../build-static-files/lib.js | 26 + .../cli.js | 138 + .../map-template-to-index-pattern-fields.js | 201 + scripts/lib/cli/cli.js | 1 + scripts/lib/http.js | 37 + 24 files changed, 24790 insertions(+), 10 deletions(-) create mode 100644 plugins/wazuh-core/server/initialization/index-patterns-fields/fields-agent.json create mode 100644 plugins/wazuh-core/server/initialization/index-patterns-fields/fields-alerts.json create mode 100644 plugins/wazuh-core/server/initialization/index-patterns-fields/fields-commands.json create mode 100644 plugins/wazuh-core/server/initialization/index-patterns-fields/fields-fim.json create mode 100644 plugins/wazuh-core/server/initialization/index-patterns-fields/fields-hardware.json create mode 100644 plugins/wazuh-core/server/initialization/index-patterns-fields/fields-hotfixes.json create mode 100644 plugins/wazuh-core/server/initialization/index-patterns-fields/fields-networks.json create mode 100644 plugins/wazuh-core/server/initialization/index-patterns-fields/fields-packages.json create mode 100644 plugins/wazuh-core/server/initialization/index-patterns-fields/fields-ports.json create mode 100644 plugins/wazuh-core/server/initialization/index-patterns-fields/fields-processes.json create mode 100644 plugins/wazuh-core/server/initialization/index-patterns-fields/fields-scheduled-commands.json create mode 100644 plugins/wazuh-core/server/initialization/index-patterns-fields/fields-system.json create mode 100644 plugins/wazuh-core/server/initialization/index-patterns-fields/fields-vulnerabilities.json create mode 100644 scripts/indices-fields-mapping-to-index-pattern-fields/README.md create mode 100644 scripts/indices-fields-mapping-to-index-pattern-fields/build-static-files/README.md create mode 100644 scripts/indices-fields-mapping-to-index-pattern-fields/build-static-files/build-static-files-get-from-wildcard.js create mode 100644 scripts/indices-fields-mapping-to-index-pattern-fields/build-static-files/build-static-files-transform-templates.js create mode 100644 scripts/indices-fields-mapping-to-index-pattern-fields/build-static-files/lib.js create mode 100644 scripts/indices-fields-mapping-to-index-pattern-fields/cli.js create mode 100644 scripts/indices-fields-mapping-to-index-pattern-fields/map-template-to-index-pattern-fields.js create mode 100644 scripts/lib/http.js diff --git a/CHANGELOG.md b/CHANGELOG.md index 12b7f67a9e..30a3d98f54 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -10,7 +10,7 @@ All notable changes to the Wazuh app project will be documented in this file. - Added creation of report definition when creating dashboard by reference and the button to reset the report [#7091](https://github.com/wazuh/wazuh-dashboard-plugins/pull/7091) - Added a frontend http client to core plugin [#7000](https://github.com/wazuh/wazuh-dashboard-plugins/pull/7000) - Added serverSecurity service to core plugin [#7026](https://github.com/wazuh/wazuh-dashboard-plugins/pull/7026) -- Added an initilization service to core plugin to run the initilization tasks related to user scope [#7145](https://github.com/wazuh/wazuh-dashboard-plugins/pull/7145) +- Added an initilization service to core plugin to run the initilization tasks related to user scope [#7145](https://github.com/wazuh/wazuh-dashboard-plugins/pull/7145) [#7262](https://github.com/wazuh/wazuh-dashboard-plugins/pull/7262) ### Removed diff --git a/plugins/wazuh-core/server/initialization/index-patterns-fields/fields-agent.json b/plugins/wazuh-core/server/initialization/index-patterns-fields/fields-agent.json new file mode 100644 index 0000000000..76b8e1b11a --- /dev/null +++ b/plugins/wazuh-core/server/initialization/index-patterns-fields/fields-agent.json @@ -0,0 +1,440 @@ +[ + { + "name": "_id", + "type": "string", + "esTypes": ["_id"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": false + }, + { + "name": "_index", + "type": "string", + "esTypes": ["_index"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": false + }, + { + "name": "_score", + "type": "number", + "searchable": false, + "aggregatable": false, + "readFromDocValues": false + }, + { + "name": "_source", + "type": "_source", + "esTypes": ["_source"], + "searchable": false, + "aggregatable": false, + "readFromDocValues": false + }, + { + "name": "_type", + "type": "string", + "searchable": false, + "aggregatable": false, + "readFromDocValues": false + }, + { + "name": "agent.groups", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.architecture", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.boot.id", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.cpu.usage", + "type": "number", + "esTypes": ["float"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.disk.read.bytes", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.disk.write.bytes", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.domain", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.geo.city_name", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.geo.continent_code", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.geo.continent_name", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.geo.country_iso_code", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.geo.country_name", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.geo.location", + "type": "geo_point", + "esTypes": ["geo_point"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.geo.name", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.geo.postal_code", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.geo.region_iso_code", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.geo.region_name", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.geo.timezone", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.hostname", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.id", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.ip", + "type": "ip", + "esTypes": ["ip"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.mac", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.name", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.network.egress.bytes", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.network.egress.packets", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.network.ingress.bytes", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.network.ingress.packets", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.os.family", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.os.full", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.os.kernel", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.os.name", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.os.platform", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.os.type", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.os.version", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.pid_ns_ino", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.risk.calculated_level", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.risk.calculated_score", + "type": "number", + "esTypes": ["float"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.risk.calculated_score_norm", + "type": "number", + "esTypes": ["float"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.risk.static_level", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.risk.static_score", + "type": "number", + "esTypes": ["float"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.risk.static_score_norm", + "type": "number", + "esTypes": ["float"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.type", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.uptime", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.id", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.key", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.last_login", + "type": "date", + "esTypes": ["date"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.name", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.status", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.type", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.version", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + } +] diff --git a/plugins/wazuh-core/server/initialization/index-patterns-fields/fields-alerts.json b/plugins/wazuh-core/server/initialization/index-patterns-fields/fields-alerts.json new file mode 100644 index 0000000000..656cab0cfc --- /dev/null +++ b/plugins/wazuh-core/server/initialization/index-patterns-fields/fields-alerts.json @@ -0,0 +1,17304 @@ +[ + { + "name": "@timestamp", + "type": "date", + "esTypes": ["date"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "_id", + "type": "string", + "esTypes": ["_id"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": false + }, + { + "name": "_index", + "type": "string", + "esTypes": ["_index"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": false + }, + { + "name": "_score", + "type": "number", + "searchable": false, + "aggregatable": false, + "readFromDocValues": false + }, + { + "name": "_source", + "type": "_source", + "esTypes": ["_source"], + "searchable": false, + "aggregatable": false, + "readFromDocValues": false + }, + { + "name": "_type", + "type": "string", + "searchable": false, + "aggregatable": false, + "readFromDocValues": false + }, + { + "name": "agent.groups", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.architecture", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.boot.id", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.cpu.usage", + "type": "number", + "esTypes": ["float"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.disk.read.bytes", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.disk.write.bytes", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.domain", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.geo.city_name", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.geo.continent_code", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.geo.continent_name", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.geo.country_iso_code", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.geo.country_name", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.geo.location", + "type": "geo_point", + "esTypes": ["geo_point"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.geo.name", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.geo.postal_code", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.geo.region_iso_code", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.geo.region_name", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.geo.timezone", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.hostname", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.id", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.ip", + "type": "ip", + "esTypes": ["ip"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.mac", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.name", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.network.egress.bytes", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.network.egress.packets", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.network.ingress.bytes", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.network.ingress.packets", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.os.family", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.os.full", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.os.kernel", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.os.name", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.os.platform", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.os.type", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.os.version", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.pid_ns_ino", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.risk.calculated_level", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.risk.calculated_score", + "type": "number", + "esTypes": ["float"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.risk.calculated_score_norm", + "type": "number", + "esTypes": ["float"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.risk.static_level", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.risk.static_score", + "type": "number", + "esTypes": ["float"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.risk.static_score_norm", + "type": "number", + "esTypes": ["float"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.type", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.uptime", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.id", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.name", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.type", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.version", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "client.address", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "client.as.number", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "client.as.organization.name", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "client.as.organization.name.text", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "multi": { + "parent": "client.as.organization.name" + } + } + }, + { + "name": "client.bytes", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "client.domain", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "client.geo.city_name", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "client.geo.continent_code", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "client.geo.continent_name", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "client.geo.country_iso_code", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "client.geo.country_name", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "client.geo.location", + "type": "geo_point", + "esTypes": ["geo_point"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "client.geo.name", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "client.geo.postal_code", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "client.geo.region_iso_code", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "client.geo.region_name", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "client.geo.timezone", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "client.ip", + "type": "ip", + "esTypes": ["ip"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "client.mac", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "client.nat.ip", + "type": "ip", + "esTypes": ["ip"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "client.nat.port", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "client.packets", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "client.port", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "client.registered_domain", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "client.subdomain", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "client.top_level_domain", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "client.user.domain", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "client.user.email", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "client.user.full_name", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "client.user.full_name.text", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "multi": { + "parent": "client.user.full_name" + } + } + }, + { + "name": "client.user.group.domain", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "client.user.group.id", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "client.user.group.name", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "client.user.hash", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "client.user.id", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "client.user.name", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "client.user.name.text", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "multi": { + "parent": "client.user.name" + } + } + }, + { + "name": "client.user.roles", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "cloud.account.id", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "cloud.account.name", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "cloud.availability_zone", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "cloud.instance.id", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "cloud.instance.name", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "cloud.machine.type", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "cloud.origin.account.id", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "cloud.origin.account.name", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "cloud.origin.availability_zone", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "cloud.origin.instance.id", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "cloud.origin.instance.name", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "cloud.origin.machine.type", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "cloud.origin.project.id", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "cloud.origin.project.name", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "cloud.origin.provider", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "cloud.origin.region", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "cloud.origin.service.name", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "cloud.project.id", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "cloud.project.name", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "cloud.provider", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "cloud.region", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "cloud.service.name", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "cloud.target.account.id", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "cloud.target.account.name", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "cloud.target.availability_zone", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "cloud.target.instance.id", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "cloud.target.instance.name", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "cloud.target.machine.type", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "cloud.target.project.id", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "cloud.target.project.name", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "cloud.target.provider", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "cloud.target.region", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "cloud.target.service.name", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "container.cpu.usage", + "type": "number", + "esTypes": ["float"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "container.disk.read.bytes", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "container.disk.write.bytes", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "container.id", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "container.image.hash.all", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "container.image.name", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "container.image.tag", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "container.memory.usage", + "type": "number", + "esTypes": ["float"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "container.name", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "container.network.egress.bytes", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "container.network.ingress.bytes", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "container.runtime", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "container.security_context.privileged", + "type": "boolean", + "esTypes": ["boolean"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "data_stream.dataset", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "data_stream.namespace", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "data_stream.type", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "destination.address", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "destination.as.number", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "destination.as.organization.name", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "destination.as.organization.name.text", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "multi": { + "parent": "destination.as.organization.name" + } + } + }, + { + "name": "destination.bytes", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "destination.domain", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "destination.geo.city_name", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "destination.geo.continent_code", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "destination.geo.continent_name", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "destination.geo.country_iso_code", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "destination.geo.country_name", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "destination.geo.location", + "type": "geo_point", + "esTypes": ["geo_point"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "destination.geo.name", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "destination.geo.postal_code", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "destination.geo.region_iso_code", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "destination.geo.region_name", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "destination.geo.timezone", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "destination.ip", + "type": "ip", + "esTypes": ["ip"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "destination.mac", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "destination.nat.ip", + "type": "ip", + "esTypes": ["ip"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "destination.nat.port", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "destination.packets", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "destination.port", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "destination.registered_domain", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "destination.subdomain", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "destination.top_level_domain", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "destination.user.domain", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "destination.user.email", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "destination.user.full_name", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "destination.user.full_name.text", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "multi": { + "parent": "destination.user.full_name" + } + } + }, + { + "name": "destination.user.group.domain", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "destination.user.group.id", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "destination.user.group.name", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "destination.user.hash", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "destination.user.id", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "destination.user.name", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "destination.user.name.text", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "multi": { + "parent": "destination.user.name" + } + } + }, + { + "name": "destination.user.roles", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "device.id", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "device.manufacturer", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "device.model.identifier", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "device.model.name", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "dll.code_signature.digest_algorithm", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "dll.code_signature.exists", + "type": "boolean", + "esTypes": ["boolean"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "dll.code_signature.signing_id", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "dll.code_signature.status", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "dll.code_signature.subject_name", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "dll.code_signature.team_id", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "dll.code_signature.timestamp", + "type": "date", + "esTypes": ["date"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "dll.code_signature.trusted", + "type": "boolean", + "esTypes": ["boolean"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "dll.code_signature.valid", + "type": "boolean", + "esTypes": ["boolean"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "dll.hash.md5", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "dll.hash.sha1", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "dll.hash.sha256", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "dll.hash.sha384", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "dll.hash.sha512", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "dll.hash.ssdeep", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "dll.hash.tlsh", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "dll.name", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "dll.path", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "dll.pe.architecture", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "dll.pe.company", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "dll.pe.description", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "dll.pe.file_version", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "dll.pe.go_import_hash", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "dll.pe.go_imports", + "type": "unknown", + "esTypes": ["flat_object"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "dll.pe.go_imports.", + "type": "unknown", + "esTypes": ["flat_object"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "multi": { + "parent": "dll.pe.go_imports" + } + } + }, + { + "name": "dll.pe.go_imports._value", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "multi": { + "parent": "dll.pe.go_imports" + } + } + }, + { + "name": "dll.pe.go_imports._valueAndPath", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "multi": { + "parent": "dll.pe.go_imports" + } + } + }, + { + "name": "dll.pe.go_imports_names_entropy", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "dll.pe.go_imports_names_var_entropy", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "dll.pe.go_stripped", + "type": "boolean", + "esTypes": ["boolean"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "dll.pe.imphash", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "dll.pe.import_hash", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "dll.pe.imports", + "type": "unknown", + "esTypes": ["flat_object"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "dll.pe.imports.", + "type": "unknown", + "esTypes": ["flat_object"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "multi": { + "parent": "dll.pe.imports" + } + } + }, + { + "name": "dll.pe.imports._value", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "multi": { + "parent": "dll.pe.imports" + } + } + }, + { + "name": "dll.pe.imports._valueAndPath", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "multi": { + "parent": "dll.pe.imports" + } + } + }, + { + "name": "dll.pe.imports_names_entropy", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "dll.pe.imports_names_var_entropy", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "dll.pe.original_file_name", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "dll.pe.pehash", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "dll.pe.product", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "dll.pe.sections.entropy", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "nested": { + "path": "dll.pe.sections" + } + } + }, + { + "name": "dll.pe.sections.name", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "nested": { + "path": "dll.pe.sections" + } + } + }, + { + "name": "dll.pe.sections.physical_size", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "nested": { + "path": "dll.pe.sections" + } + } + }, + { + "name": "dll.pe.sections.var_entropy", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "nested": { + "path": "dll.pe.sections" + } + } + }, + { + "name": "dll.pe.sections.virtual_size", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "nested": { + "path": "dll.pe.sections" + } + } + }, + { + "name": "dns.answers.class", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "dns.answers.data", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "dns.answers.name", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "dns.answers.ttl", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "dns.answers.type", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "dns.header_flags", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "dns.id", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "dns.op_code", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "dns.question.class", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "dns.question.name", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "dns.question.registered_domain", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "dns.question.subdomain", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "dns.question.top_level_domain", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "dns.question.type", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "dns.resolved_ip", + "type": "ip", + "esTypes": ["ip"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "dns.response_code", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "dns.type", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "ecs.version", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "email.attachments.file.extension", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "nested": { + "path": "email.attachments" + } + } + }, + { + "name": "email.attachments.file.hash.md5", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "nested": { + "path": "email.attachments" + } + } + }, + { + "name": "email.attachments.file.hash.sha1", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "nested": { + "path": "email.attachments" + } + } + }, + { + "name": "email.attachments.file.hash.sha256", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "nested": { + "path": "email.attachments" + } + } + }, + { + "name": "email.attachments.file.hash.sha384", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "nested": { + "path": "email.attachments" + } + } + }, + { + "name": "email.attachments.file.hash.sha512", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "nested": { + "path": "email.attachments" + } + } + }, + { + "name": "email.attachments.file.hash.ssdeep", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "nested": { + "path": "email.attachments" + } + } + }, + { + "name": "email.attachments.file.hash.tlsh", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "nested": { + "path": "email.attachments" + } + } + }, + { + "name": "email.attachments.file.mime_type", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "nested": { + "path": "email.attachments" + } + } + }, + { + "name": "email.attachments.file.name", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "nested": { + "path": "email.attachments" + } + } + }, + { + "name": "email.attachments.file.size", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "nested": { + "path": "email.attachments" + } + } + }, + { + "name": "email.bcc.address", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "email.cc.address", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "email.content_type", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "email.delivery_timestamp", + "type": "date", + "esTypes": ["date"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "email.direction", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "email.from.address", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "email.local_id", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "email.message_id", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "email.origination_timestamp", + "type": "date", + "esTypes": ["date"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "email.reply_to.address", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "email.sender.address", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "email.subject", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "email.subject.text", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "multi": { + "parent": "email.subject" + } + } + }, + { + "name": "email.to.address", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "email.x_mailer", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "error.code", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "error.id", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "error.message", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "error.stack_trace", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "error.stack_trace.text", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "multi": { + "parent": "error.stack_trace" + } + } + }, + { + "name": "error.type", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "event.action", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "event.agent_id_status", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "event.category", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "event.code", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "event.created", + "type": "date", + "esTypes": ["date"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "event.dataset", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "event.duration", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "event.end", + "type": "date", + "esTypes": ["date"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "event.hash", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "event.id", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "event.ingested", + "type": "date", + "esTypes": ["date"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "event.kind", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "event.module", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "event.original", + "type": "string", + "esTypes": ["keyword"], + "searchable": false, + "aggregatable": false, + "readFromDocValues": false + }, + { + "name": "event.outcome", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "event.provider", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "event.reason", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "event.reference", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "event.risk_score", + "type": "number", + "esTypes": ["float"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "event.risk_score_norm", + "type": "number", + "esTypes": ["float"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "event.sequence", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "event.severity", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "event.start", + "type": "date", + "esTypes": ["date"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "event.timezone", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "event.type", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "event.url", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "faas.coldstart", + "type": "boolean", + "esTypes": ["boolean"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "faas.execution", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "faas.id", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "faas.name", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "faas.trigger.request_id", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "faas.trigger.type", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "faas.version", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "file.accessed", + "type": "date", + "esTypes": ["date"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "file.attributes", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "file.code_signature.digest_algorithm", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "file.code_signature.exists", + "type": "boolean", + "esTypes": ["boolean"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "file.code_signature.signing_id", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "file.code_signature.status", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "file.code_signature.subject_name", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "file.code_signature.team_id", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "file.code_signature.timestamp", + "type": "date", + "esTypes": ["date"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "file.code_signature.trusted", + "type": "boolean", + "esTypes": ["boolean"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "file.code_signature.valid", + "type": "boolean", + "esTypes": ["boolean"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "file.created", + "type": "date", + "esTypes": ["date"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "file.ctime", + "type": "date", + "esTypes": ["date"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "file.device", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "file.directory", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "file.drive_letter", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "file.elf.architecture", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "file.elf.byte_order", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "file.elf.cpu_type", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "file.elf.creation_date", + "type": "date", + "esTypes": ["date"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "file.elf.exports", + "type": "unknown", + "esTypes": ["flat_object"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "file.elf.exports.", + "type": "unknown", + "esTypes": ["flat_object"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "multi": { + "parent": "file.elf.exports" + } + } + }, + { + "name": "file.elf.exports._value", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "multi": { + "parent": "file.elf.exports" + } + } + }, + { + "name": "file.elf.exports._valueAndPath", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "multi": { + "parent": "file.elf.exports" + } + } + }, + { + "name": "file.elf.go_import_hash", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "file.elf.go_imports", + "type": "unknown", + "esTypes": ["flat_object"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "file.elf.go_imports.", + "type": "unknown", + "esTypes": ["flat_object"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "multi": { + "parent": "file.elf.go_imports" + } + } + }, + { + "name": "file.elf.go_imports._value", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "multi": { + "parent": "file.elf.go_imports" + } + } + }, + { + "name": "file.elf.go_imports._valueAndPath", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "multi": { + "parent": "file.elf.go_imports" + } + } + }, + { + "name": "file.elf.go_imports_names_entropy", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "file.elf.go_imports_names_var_entropy", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "file.elf.go_stripped", + "type": "boolean", + "esTypes": ["boolean"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "file.elf.header.abi_version", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "file.elf.header.class", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "file.elf.header.data", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "file.elf.header.entrypoint", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "file.elf.header.object_version", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "file.elf.header.os_abi", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "file.elf.header.type", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "file.elf.header.version", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "file.elf.import_hash", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "file.elf.imports", + "type": "unknown", + "esTypes": ["flat_object"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "file.elf.imports.", + "type": "unknown", + "esTypes": ["flat_object"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "multi": { + "parent": "file.elf.imports" + } + } + }, + { + "name": "file.elf.imports._value", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "multi": { + "parent": "file.elf.imports" + } + } + }, + { + "name": "file.elf.imports._valueAndPath", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "multi": { + "parent": "file.elf.imports" + } + } + }, + { + "name": "file.elf.imports_names_entropy", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "file.elf.imports_names_var_entropy", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "file.elf.sections.chi2", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "nested": { + "path": "file.elf.sections" + } + } + }, + { + "name": "file.elf.sections.entropy", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "nested": { + "path": "file.elf.sections" + } + } + }, + { + "name": "file.elf.sections.flags", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "nested": { + "path": "file.elf.sections" + } + } + }, + { + "name": "file.elf.sections.name", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "nested": { + "path": "file.elf.sections" + } + } + }, + { + "name": "file.elf.sections.physical_offset", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "nested": { + "path": "file.elf.sections" + } + } + }, + { + "name": "file.elf.sections.physical_size", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "nested": { + "path": "file.elf.sections" + } + } + }, + { + "name": "file.elf.sections.type", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "nested": { + "path": "file.elf.sections" + } + } + }, + { + "name": "file.elf.sections.var_entropy", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "nested": { + "path": "file.elf.sections" + } + } + }, + { + "name": "file.elf.sections.virtual_address", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "nested": { + "path": "file.elf.sections" + } + } + }, + { + "name": "file.elf.sections.virtual_size", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "nested": { + "path": "file.elf.sections" + } + } + }, + { + "name": "file.elf.segments.sections", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "nested": { + "path": "file.elf.segments" + } + } + }, + { + "name": "file.elf.segments.type", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "nested": { + "path": "file.elf.segments" + } + } + }, + { + "name": "file.elf.shared_libraries", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "file.elf.telfhash", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "file.extension", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "file.fork_name", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "file.gid", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "file.group", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "file.hash.md5", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "file.hash.sha1", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "file.hash.sha256", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "file.hash.sha384", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "file.hash.sha512", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "file.hash.ssdeep", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "file.hash.tlsh", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "file.inode", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "file.macho.go_import_hash", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "file.macho.go_imports", + "type": "unknown", + "esTypes": ["flat_object"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "file.macho.go_imports.", + "type": "unknown", + "esTypes": ["flat_object"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "multi": { + "parent": "file.macho.go_imports" + } + } + }, + { + "name": "file.macho.go_imports._value", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "multi": { + "parent": "file.macho.go_imports" + } + } + }, + { + "name": "file.macho.go_imports._valueAndPath", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "multi": { + "parent": "file.macho.go_imports" + } + } + }, + { + "name": "file.macho.go_imports_names_entropy", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "file.macho.go_imports_names_var_entropy", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "file.macho.go_stripped", + "type": "boolean", + "esTypes": ["boolean"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "file.macho.import_hash", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "file.macho.imports", + "type": "unknown", + "esTypes": ["flat_object"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "file.macho.imports.", + "type": "unknown", + "esTypes": ["flat_object"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "multi": { + "parent": "file.macho.imports" + } + } + }, + { + "name": "file.macho.imports._value", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "multi": { + "parent": "file.macho.imports" + } + } + }, + { + "name": "file.macho.imports._valueAndPath", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "multi": { + "parent": "file.macho.imports" + } + } + }, + { + "name": "file.macho.imports_names_entropy", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "file.macho.imports_names_var_entropy", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "file.macho.sections.entropy", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "nested": { + "path": "file.macho.sections" + } + } + }, + { + "name": "file.macho.sections.name", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "nested": { + "path": "file.macho.sections" + } + } + }, + { + "name": "file.macho.sections.physical_size", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "nested": { + "path": "file.macho.sections" + } + } + }, + { + "name": "file.macho.sections.var_entropy", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "nested": { + "path": "file.macho.sections" + } + } + }, + { + "name": "file.macho.sections.virtual_size", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "nested": { + "path": "file.macho.sections" + } + } + }, + { + "name": "file.macho.symhash", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "file.mime_type", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "file.mode", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "file.mtime", + "type": "date", + "esTypes": ["date"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "file.name", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "file.owner", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "file.path", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "file.path.text", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "multi": { + "parent": "file.path" + } + } + }, + { + "name": "file.pe.architecture", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "file.pe.company", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "file.pe.description", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "file.pe.file_version", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "file.pe.go_import_hash", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "file.pe.go_imports", + "type": "unknown", + "esTypes": ["flat_object"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "file.pe.go_imports.", + "type": "unknown", + "esTypes": ["flat_object"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "multi": { + "parent": "file.pe.go_imports" + } + } + }, + { + "name": "file.pe.go_imports._value", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "multi": { + "parent": "file.pe.go_imports" + } + } + }, + { + "name": "file.pe.go_imports._valueAndPath", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "multi": { + "parent": "file.pe.go_imports" + } + } + }, + { + "name": "file.pe.go_imports_names_entropy", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "file.pe.go_imports_names_var_entropy", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "file.pe.go_stripped", + "type": "boolean", + "esTypes": ["boolean"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "file.pe.imphash", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "file.pe.import_hash", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "file.pe.imports", + "type": "unknown", + "esTypes": ["flat_object"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "file.pe.imports.", + "type": "unknown", + "esTypes": ["flat_object"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "multi": { + "parent": "file.pe.imports" + } + } + }, + { + "name": "file.pe.imports._value", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "multi": { + "parent": "file.pe.imports" + } + } + }, + { + "name": "file.pe.imports._valueAndPath", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "multi": { + "parent": "file.pe.imports" + } + } + }, + { + "name": "file.pe.imports_names_entropy", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "file.pe.imports_names_var_entropy", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "file.pe.original_file_name", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "file.pe.pehash", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "file.pe.product", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "file.pe.sections.entropy", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "nested": { + "path": "file.pe.sections" + } + } + }, + { + "name": "file.pe.sections.name", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "nested": { + "path": "file.pe.sections" + } + } + }, + { + "name": "file.pe.sections.physical_size", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "nested": { + "path": "file.pe.sections" + } + } + }, + { + "name": "file.pe.sections.var_entropy", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "nested": { + "path": "file.pe.sections" + } + } + }, + { + "name": "file.pe.sections.virtual_size", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "nested": { + "path": "file.pe.sections" + } + } + }, + { + "name": "file.size", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "file.target_path", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "file.target_path.text", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "multi": { + "parent": "file.target_path" + } + } + }, + { + "name": "file.type", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "file.uid", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "file.x509.alternative_names", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "file.x509.issuer.common_name", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "file.x509.issuer.country", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "file.x509.issuer.distinguished_name", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "file.x509.issuer.locality", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "file.x509.issuer.organization", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "file.x509.issuer.organizational_unit", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "file.x509.issuer.state_or_province", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "file.x509.not_after", + "type": "date", + "esTypes": ["date"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "file.x509.not_before", + "type": "date", + "esTypes": ["date"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "file.x509.public_key_algorithm", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "file.x509.public_key_curve", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "file.x509.public_key_exponent", + "type": "number", + "esTypes": ["long"], + "searchable": false, + "aggregatable": false, + "readFromDocValues": false + }, + { + "name": "file.x509.public_key_size", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "file.x509.serial_number", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "file.x509.signature_algorithm", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "file.x509.subject.common_name", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "file.x509.subject.country", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "file.x509.subject.distinguished_name", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "file.x509.subject.locality", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "file.x509.subject.organization", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "file.x509.subject.organizational_unit", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "file.x509.subject.state_or_province", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "file.x509.version_number", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "group.domain", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "group.id", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "group.name", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "host.architecture", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "host.boot.id", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "host.cpu.usage", + "type": "number", + "esTypes": ["float"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "host.disk.read.bytes", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "host.disk.write.bytes", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "host.domain", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "host.geo.city_name", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "host.geo.continent_code", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "host.geo.continent_name", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "host.geo.country_iso_code", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "host.geo.country_name", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "host.geo.location", + "type": "geo_point", + "esTypes": ["geo_point"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "host.geo.name", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "host.geo.postal_code", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "host.geo.region_iso_code", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "host.geo.region_name", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "host.geo.timezone", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "host.hostname", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "host.id", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "host.ip", + "type": "ip", + "esTypes": ["ip"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "host.mac", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "host.name", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "host.network.egress.bytes", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "host.network.egress.packets", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "host.network.ingress.bytes", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "host.network.ingress.packets", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "host.os.family", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "host.os.full", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "host.os.kernel", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "host.os.name", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "host.os.platform", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "host.os.type", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "host.os.version", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "host.pid_ns_ino", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "host.risk.calculated_level", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "host.risk.calculated_score", + "type": "number", + "esTypes": ["float"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "host.risk.calculated_score_norm", + "type": "number", + "esTypes": ["float"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "host.risk.static_level", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "host.risk.static_score", + "type": "number", + "esTypes": ["float"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "host.risk.static_score_norm", + "type": "number", + "esTypes": ["float"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "host.type", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "host.uptime", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "http.request.body.bytes", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "http.request.body.content", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "http.request.body.content.text", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "multi": { + "parent": "http.request.body.content" + } + } + }, + { + "name": "http.request.bytes", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "http.request.id", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "http.request.method", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "http.request.mime_type", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "http.request.referrer", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "http.response.body.bytes", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "http.response.body.content", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "http.response.body.content.text", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "multi": { + "parent": "http.response.body.content" + } + } + }, + { + "name": "http.response.bytes", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "http.response.mime_type", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "http.response.status_code", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "http.version", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "log.file.path", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "log.level", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "log.logger", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "log.origin.file.line", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "log.origin.file.name", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "log.origin.function", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "log.syslog.appname", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "log.syslog.facility.code", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "log.syslog.facility.name", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "log.syslog.hostname", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "log.syslog.msgid", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "log.syslog.priority", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "log.syslog.procid", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "log.syslog.severity.code", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "log.syslog.severity.name", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "log.syslog.structured_data", + "type": "unknown", + "esTypes": ["flat_object"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "log.syslog.structured_data.", + "type": "unknown", + "esTypes": ["flat_object"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "multi": { + "parent": "log.syslog.structured_data" + } + } + }, + { + "name": "log.syslog.structured_data._value", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "multi": { + "parent": "log.syslog.structured_data" + } + } + }, + { + "name": "log.syslog.structured_data._valueAndPath", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "multi": { + "parent": "log.syslog.structured_data" + } + } + }, + { + "name": "log.syslog.version", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "message", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "network.application", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "network.bytes", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "network.community_id", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "network.direction", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "network.forwarded_ip", + "type": "ip", + "esTypes": ["ip"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "network.iana_number", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "network.inner.vlan.id", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "network.inner.vlan.name", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "network.name", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "network.packets", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "network.protocol", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "network.transport", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "network.type", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "network.vlan.id", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "network.vlan.name", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "observer.egress.interface.alias", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "observer.egress.interface.id", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "observer.egress.interface.name", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "observer.egress.vlan.id", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "observer.egress.vlan.name", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "observer.egress.zone", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "observer.geo.city_name", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "observer.geo.continent_code", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "observer.geo.continent_name", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "observer.geo.country_iso_code", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "observer.geo.country_name", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "observer.geo.location", + "type": "geo_point", + "esTypes": ["geo_point"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "observer.geo.name", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "observer.geo.postal_code", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "observer.geo.region_iso_code", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "observer.geo.region_name", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "observer.geo.timezone", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "observer.hostname", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "observer.ingress.interface.alias", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "observer.ingress.interface.id", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "observer.ingress.interface.name", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "observer.ingress.vlan.id", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "observer.ingress.vlan.name", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "observer.ingress.zone", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "observer.ip", + "type": "ip", + "esTypes": ["ip"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "observer.mac", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "observer.name", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "observer.os.family", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "observer.os.full", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "observer.os.full.text", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "multi": { + "parent": "observer.os.full" + } + } + }, + { + "name": "observer.os.kernel", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "observer.os.name", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "observer.os.name.text", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "multi": { + "parent": "observer.os.name" + } + } + }, + { + "name": "observer.os.platform", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "observer.os.type", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "observer.os.version", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "observer.product", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "observer.serial_number", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "observer.type", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "observer.vendor", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "observer.version", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "orchestrator.api_version", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "orchestrator.cluster.id", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "orchestrator.cluster.name", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "orchestrator.cluster.url", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "orchestrator.cluster.version", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "orchestrator.namespace", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "orchestrator.organization", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "orchestrator.resource.annotation", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "orchestrator.resource.id", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "orchestrator.resource.ip", + "type": "ip", + "esTypes": ["ip"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "orchestrator.resource.label", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "orchestrator.resource.name", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "orchestrator.resource.parent.type", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "orchestrator.resource.type", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "orchestrator.type", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "organization.id", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "organization.name", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "organization.name.text", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "multi": { + "parent": "organization.name" + } + } + }, + { + "name": "package.architecture", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "package.build_version", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "package.checksum", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "package.description", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "package.install_scope", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "package.installed", + "type": "date", + "esTypes": ["date"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "package.license", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "package.name", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "package.path", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "package.reference", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "package.size", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "package.type", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "package.version", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "process.args", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "process.args_count", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "process.code_signature.digest_algorithm", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "process.code_signature.exists", + "type": "boolean", + "esTypes": ["boolean"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "process.code_signature.signing_id", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "process.code_signature.status", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "process.code_signature.subject_name", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "process.code_signature.team_id", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "process.code_signature.timestamp", + "type": "date", + "esTypes": ["date"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "process.code_signature.trusted", + "type": "boolean", + "esTypes": ["boolean"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "process.code_signature.valid", + "type": "boolean", + "esTypes": ["boolean"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "process.command_line", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "process.elf.architecture", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "process.elf.byte_order", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "process.elf.cpu_type", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "process.elf.creation_date", + "type": "date", + "esTypes": ["date"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "process.elf.exports", + "type": "unknown", + "esTypes": ["flat_object"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "process.elf.exports.", + "type": "unknown", + "esTypes": ["flat_object"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "multi": { + "parent": "process.elf.exports" + } + } + }, + { + "name": "process.elf.exports._value", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "multi": { + "parent": "process.elf.exports" + } + } + }, + { + "name": "process.elf.exports._valueAndPath", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "multi": { + "parent": "process.elf.exports" + } + } + }, + { + "name": "process.elf.go_import_hash", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "process.elf.go_imports", + "type": "unknown", + "esTypes": ["flat_object"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "process.elf.go_imports.", + "type": "unknown", + "esTypes": ["flat_object"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "multi": { + "parent": "process.elf.go_imports" + } + } + }, + { + "name": "process.elf.go_imports._value", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "multi": { + "parent": "process.elf.go_imports" + } + } + }, + { + "name": "process.elf.go_imports._valueAndPath", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "multi": { + "parent": "process.elf.go_imports" + } + } + }, + { + "name": "process.elf.go_imports_names_entropy", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "process.elf.go_imports_names_var_entropy", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "process.elf.go_stripped", + "type": "boolean", + "esTypes": ["boolean"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "process.elf.header.abi_version", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "process.elf.header.class", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "process.elf.header.data", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "process.elf.header.entrypoint", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "process.elf.header.object_version", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "process.elf.header.os_abi", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "process.elf.header.type", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "process.elf.header.version", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "process.elf.import_hash", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "process.elf.imports", + "type": "unknown", + "esTypes": ["flat_object"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "process.elf.imports.", + "type": "unknown", + "esTypes": ["flat_object"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "multi": { + "parent": "process.elf.imports" + } + } + }, + { + "name": "process.elf.imports._value", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "multi": { + "parent": "process.elf.imports" + } + } + }, + { + "name": "process.elf.imports._valueAndPath", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "multi": { + "parent": "process.elf.imports" + } + } + }, + { + "name": "process.elf.imports_names_entropy", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "process.elf.imports_names_var_entropy", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "process.elf.sections.chi2", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "nested": { + "path": "process.elf.sections" + } + } + }, + { + "name": "process.elf.sections.entropy", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "nested": { + "path": "process.elf.sections" + } + } + }, + { + "name": "process.elf.sections.flags", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "nested": { + "path": "process.elf.sections" + } + } + }, + { + "name": "process.elf.sections.name", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "nested": { + "path": "process.elf.sections" + } + } + }, + { + "name": "process.elf.sections.physical_offset", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "nested": { + "path": "process.elf.sections" + } + } + }, + { + "name": "process.elf.sections.physical_size", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "nested": { + "path": "process.elf.sections" + } + } + }, + { + "name": "process.elf.sections.type", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "nested": { + "path": "process.elf.sections" + } + } + }, + { + "name": "process.elf.sections.var_entropy", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "nested": { + "path": "process.elf.sections" + } + } + }, + { + "name": "process.elf.sections.virtual_address", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "nested": { + "path": "process.elf.sections" + } + } + }, + { + "name": "process.elf.sections.virtual_size", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "nested": { + "path": "process.elf.sections" + } + } + }, + { + "name": "process.elf.segments.sections", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "nested": { + "path": "process.elf.segments" + } + } + }, + { + "name": "process.elf.segments.type", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "nested": { + "path": "process.elf.segments" + } + } + }, + { + "name": "process.elf.shared_libraries", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "process.elf.telfhash", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "process.end", + "type": "date", + "esTypes": ["date"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "process.entity_id", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "process.entry_leader.args", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "process.entry_leader.args_count", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "process.entry_leader.attested_groups.name", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "process.entry_leader.attested_user.id", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "process.entry_leader.attested_user.name", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "process.entry_leader.attested_user.name.text", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "multi": { + "parent": "process.entry_leader.attested_user.name" + } + } + }, + { + "name": "process.entry_leader.command_line", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "process.entry_leader.command_line.text", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "multi": { + "parent": "process.entry_leader.command_line" + } + } + }, + { + "name": "process.entry_leader.entity_id", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "process.entry_leader.entry_meta.source.ip", + "type": "ip", + "esTypes": ["ip"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "process.entry_leader.entry_meta.type", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "process.entry_leader.executable", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "process.entry_leader.executable.text", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "multi": { + "parent": "process.entry_leader.executable" + } + } + }, + { + "name": "process.entry_leader.group.id", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "process.entry_leader.group.name", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "process.entry_leader.interactive", + "type": "boolean", + "esTypes": ["boolean"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "process.entry_leader.name", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "process.entry_leader.name.text", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "multi": { + "parent": "process.entry_leader.name" + } + } + }, + { + "name": "process.entry_leader.parent.entity_id", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "process.entry_leader.parent.pid", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "process.entry_leader.parent.session_leader.entity_id", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "process.entry_leader.parent.session_leader.pid", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "process.entry_leader.parent.session_leader.start", + "type": "date", + "esTypes": ["date"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "process.entry_leader.parent.session_leader.vpid", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "process.entry_leader.parent.start", + "type": "date", + "esTypes": ["date"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "process.entry_leader.parent.vpid", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "process.entry_leader.pid", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "process.entry_leader.real_group.id", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "process.entry_leader.real_group.name", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "process.entry_leader.real_user.id", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "process.entry_leader.real_user.name", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "process.entry_leader.real_user.name.text", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "multi": { + "parent": "process.entry_leader.real_user.name" + } + } + }, + { + "name": "process.entry_leader.same_as_process", + "type": "boolean", + "esTypes": ["boolean"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "process.entry_leader.saved_group.id", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "process.entry_leader.saved_group.name", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "process.entry_leader.saved_user.id", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "process.entry_leader.saved_user.name", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "process.entry_leader.saved_user.name.text", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "multi": { + "parent": "process.entry_leader.saved_user.name" + } + } + }, + { + "name": "process.entry_leader.start", + "type": "date", + "esTypes": ["date"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "process.entry_leader.supplemental_groups.id", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "process.entry_leader.supplemental_groups.name", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "process.entry_leader.tty.char_device.major", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "process.entry_leader.tty.char_device.minor", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "process.entry_leader.user.id", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "process.entry_leader.user.name", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "process.entry_leader.user.name.text", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "multi": { + "parent": "process.entry_leader.user.name" + } + } + }, + { + "name": "process.entry_leader.vpid", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "process.entry_leader.working_directory", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "process.entry_leader.working_directory.text", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "multi": { + "parent": "process.entry_leader.working_directory" + } + } + }, + { + "name": "process.env_vars", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "process.executable", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "process.executable.text", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "multi": { + "parent": "process.executable" + } + } + }, + { + "name": "process.exit_code", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "process.group_leader.args", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "process.group_leader.args_count", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "process.group_leader.command_line", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "process.group_leader.command_line.text", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "multi": { + "parent": "process.group_leader.command_line" + } + } + }, + { + "name": "process.group_leader.entity_id", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "process.group_leader.executable", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "process.group_leader.executable.text", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "multi": { + "parent": "process.group_leader.executable" + } + } + }, + { + "name": "process.group_leader.group.id", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "process.group_leader.group.name", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "process.group_leader.interactive", + "type": "boolean", + "esTypes": ["boolean"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "process.group_leader.name", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "process.group_leader.name.text", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "multi": { + "parent": "process.group_leader.name" + } + } + }, + { + "name": "process.group_leader.pid", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "process.group_leader.real_group.id", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "process.group_leader.real_group.name", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "process.group_leader.real_user.id", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "process.group_leader.real_user.name", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "process.group_leader.real_user.name.text", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "multi": { + "parent": "process.group_leader.real_user.name" + } + } + }, + { + "name": "process.group_leader.same_as_process", + "type": "boolean", + "esTypes": ["boolean"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "process.group_leader.saved_group.id", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "process.group_leader.saved_group.name", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "process.group_leader.saved_user.id", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "process.group_leader.saved_user.name", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "process.group_leader.saved_user.name.text", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "multi": { + "parent": "process.group_leader.saved_user.name" + } + } + }, + { + "name": "process.group_leader.start", + "type": "date", + "esTypes": ["date"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "process.group_leader.supplemental_groups.id", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "process.group_leader.supplemental_groups.name", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "process.group_leader.tty.char_device.major", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "process.group_leader.tty.char_device.minor", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "process.group_leader.user.id", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "process.group_leader.user.name", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "process.group_leader.user.name.text", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "multi": { + "parent": "process.group_leader.user.name" + } + } + }, + { + "name": "process.group_leader.vpid", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "process.group_leader.working_directory", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "process.group_leader.working_directory.text", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "multi": { + "parent": "process.group_leader.working_directory" + } + } + }, + { + "name": "process.hash.md5", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "process.hash.sha1", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "process.hash.sha256", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "process.hash.sha384", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "process.hash.sha512", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "process.hash.ssdeep", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "process.hash.tlsh", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "process.interactive", + "type": "boolean", + "esTypes": ["boolean"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "process.io.bytes_skipped.length", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "process.io.bytes_skipped.offset", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "process.io.max_bytes_per_process_exceeded", + "type": "boolean", + "esTypes": ["boolean"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "process.io.text", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "process.io.total_bytes_captured", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "process.io.total_bytes_skipped", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "process.io.type", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "process.macho.go_import_hash", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "process.macho.go_imports", + "type": "unknown", + "esTypes": ["flat_object"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "process.macho.go_imports.", + "type": "unknown", + "esTypes": ["flat_object"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "multi": { + "parent": "process.macho.go_imports" + } + } + }, + { + "name": "process.macho.go_imports._value", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "multi": { + "parent": "process.macho.go_imports" + } + } + }, + { + "name": "process.macho.go_imports._valueAndPath", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "multi": { + "parent": "process.macho.go_imports" + } + } + }, + { + "name": "process.macho.go_imports_names_entropy", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "process.macho.go_imports_names_var_entropy", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "process.macho.go_stripped", + "type": "boolean", + "esTypes": ["boolean"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "process.macho.import_hash", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "process.macho.imports", + "type": "unknown", + "esTypes": ["flat_object"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "process.macho.imports.", + "type": "unknown", + "esTypes": ["flat_object"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "multi": { + "parent": "process.macho.imports" + } + } + }, + { + "name": "process.macho.imports._value", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "multi": { + "parent": "process.macho.imports" + } + } + }, + { + "name": "process.macho.imports._valueAndPath", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "multi": { + "parent": "process.macho.imports" + } + } + }, + { + "name": "process.macho.imports_names_entropy", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "process.macho.imports_names_var_entropy", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "process.macho.sections.entropy", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "nested": { + "path": "process.macho.sections" + } + } + }, + { + "name": "process.macho.sections.name", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "nested": { + "path": "process.macho.sections" + } + } + }, + { + "name": "process.macho.sections.physical_size", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "nested": { + "path": "process.macho.sections" + } + } + }, + { + "name": "process.macho.sections.var_entropy", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "nested": { + "path": "process.macho.sections" + } + } + }, + { + "name": "process.macho.sections.virtual_size", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "nested": { + "path": "process.macho.sections" + } + } + }, + { + "name": "process.macho.symhash", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "process.name", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "process.parent.args", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "process.parent.args_count", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "process.parent.code_signature.digest_algorithm", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "process.parent.code_signature.exists", + "type": "boolean", + "esTypes": ["boolean"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "process.parent.code_signature.signing_id", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "process.parent.code_signature.status", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "process.parent.code_signature.subject_name", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "process.parent.code_signature.team_id", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "process.parent.code_signature.timestamp", + "type": "date", + "esTypes": ["date"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "process.parent.code_signature.trusted", + "type": "boolean", + "esTypes": ["boolean"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "process.parent.code_signature.valid", + "type": "boolean", + "esTypes": ["boolean"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "process.parent.command_line", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "process.parent.command_line.text", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "multi": { + "parent": "process.parent.command_line" + } + } + }, + { + "name": "process.parent.elf.architecture", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "process.parent.elf.byte_order", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "process.parent.elf.cpu_type", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "process.parent.elf.creation_date", + "type": "date", + "esTypes": ["date"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "process.parent.elf.exports", + "type": "unknown", + "esTypes": ["flat_object"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "process.parent.elf.exports.", + "type": "unknown", + "esTypes": ["flat_object"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "multi": { + "parent": "process.parent.elf.exports" + } + } + }, + { + "name": "process.parent.elf.exports._value", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "multi": { + "parent": "process.parent.elf.exports" + } + } + }, + { + "name": "process.parent.elf.exports._valueAndPath", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "multi": { + "parent": "process.parent.elf.exports" + } + } + }, + { + "name": "process.parent.elf.go_import_hash", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "process.parent.elf.go_imports", + "type": "unknown", + "esTypes": ["flat_object"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "process.parent.elf.go_imports.", + "type": "unknown", + "esTypes": ["flat_object"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "multi": { + "parent": "process.parent.elf.go_imports" + } + } + }, + { + "name": "process.parent.elf.go_imports._value", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "multi": { + "parent": "process.parent.elf.go_imports" + } + } + }, + { + "name": "process.parent.elf.go_imports._valueAndPath", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "multi": { + "parent": "process.parent.elf.go_imports" + } + } + }, + { + "name": "process.parent.elf.go_imports_names_entropy", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "process.parent.elf.go_imports_names_var_entropy", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "process.parent.elf.go_stripped", + "type": "boolean", + "esTypes": ["boolean"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "process.parent.elf.header.abi_version", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "process.parent.elf.header.class", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "process.parent.elf.header.data", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "process.parent.elf.header.entrypoint", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "process.parent.elf.header.object_version", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "process.parent.elf.header.os_abi", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "process.parent.elf.header.type", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "process.parent.elf.header.version", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "process.parent.elf.import_hash", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "process.parent.elf.imports", + "type": "unknown", + "esTypes": ["flat_object"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "process.parent.elf.imports.", + "type": "unknown", + "esTypes": ["flat_object"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "multi": { + "parent": "process.parent.elf.imports" + } + } + }, + { + "name": "process.parent.elf.imports._value", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "multi": { + "parent": "process.parent.elf.imports" + } + } + }, + { + "name": "process.parent.elf.imports._valueAndPath", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "multi": { + "parent": "process.parent.elf.imports" + } + } + }, + { + "name": "process.parent.elf.imports_names_entropy", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "process.parent.elf.imports_names_var_entropy", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "process.parent.elf.sections.chi2", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "nested": { + "path": "process.parent.elf.sections" + } + } + }, + { + "name": "process.parent.elf.sections.entropy", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "nested": { + "path": "process.parent.elf.sections" + } + } + }, + { + "name": "process.parent.elf.sections.flags", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "nested": { + "path": "process.parent.elf.sections" + } + } + }, + { + "name": "process.parent.elf.sections.name", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "nested": { + "path": "process.parent.elf.sections" + } + } + }, + { + "name": "process.parent.elf.sections.physical_offset", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "nested": { + "path": "process.parent.elf.sections" + } + } + }, + { + "name": "process.parent.elf.sections.physical_size", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "nested": { + "path": "process.parent.elf.sections" + } + } + }, + { + "name": "process.parent.elf.sections.type", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "nested": { + "path": "process.parent.elf.sections" + } + } + }, + { + "name": "process.parent.elf.sections.var_entropy", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "nested": { + "path": "process.parent.elf.sections" + } + } + }, + { + "name": "process.parent.elf.sections.virtual_address", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "nested": { + "path": "process.parent.elf.sections" + } + } + }, + { + "name": "process.parent.elf.sections.virtual_size", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "nested": { + "path": "process.parent.elf.sections" + } + } + }, + { + "name": "process.parent.elf.segments.sections", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "nested": { + "path": "process.parent.elf.segments" + } + } + }, + { + "name": "process.parent.elf.segments.type", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "nested": { + "path": "process.parent.elf.segments" + } + } + }, + { + "name": "process.parent.elf.shared_libraries", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "process.parent.elf.telfhash", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "process.parent.end", + "type": "date", + "esTypes": ["date"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "process.parent.entity_id", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "process.parent.executable", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "process.parent.executable.text", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "multi": { + "parent": "process.parent.executable" + } + } + }, + { + "name": "process.parent.exit_code", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "process.parent.group.id", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "process.parent.group.name", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "process.parent.group_leader.entity_id", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "process.parent.group_leader.pid", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "process.parent.group_leader.start", + "type": "date", + "esTypes": ["date"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "process.parent.group_leader.vpid", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "process.parent.hash.md5", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "process.parent.hash.sha1", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "process.parent.hash.sha256", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "process.parent.hash.sha384", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "process.parent.hash.sha512", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "process.parent.hash.ssdeep", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "process.parent.hash.tlsh", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "process.parent.interactive", + "type": "boolean", + "esTypes": ["boolean"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "process.parent.macho.go_import_hash", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "process.parent.macho.go_imports", + "type": "unknown", + "esTypes": ["flat_object"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "process.parent.macho.go_imports.", + "type": "unknown", + "esTypes": ["flat_object"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "multi": { + "parent": "process.parent.macho.go_imports" + } + } + }, + { + "name": "process.parent.macho.go_imports._value", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "multi": { + "parent": "process.parent.macho.go_imports" + } + } + }, + { + "name": "process.parent.macho.go_imports._valueAndPath", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "multi": { + "parent": "process.parent.macho.go_imports" + } + } + }, + { + "name": "process.parent.macho.go_imports_names_entropy", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "process.parent.macho.go_imports_names_var_entropy", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "process.parent.macho.go_stripped", + "type": "boolean", + "esTypes": ["boolean"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "process.parent.macho.import_hash", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "process.parent.macho.imports", + "type": "unknown", + "esTypes": ["flat_object"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "process.parent.macho.imports.", + "type": "unknown", + "esTypes": ["flat_object"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "multi": { + "parent": "process.parent.macho.imports" + } + } + }, + { + "name": "process.parent.macho.imports._value", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "multi": { + "parent": "process.parent.macho.imports" + } + } + }, + { + "name": "process.parent.macho.imports._valueAndPath", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "multi": { + "parent": "process.parent.macho.imports" + } + } + }, + { + "name": "process.parent.macho.imports_names_entropy", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "process.parent.macho.imports_names_var_entropy", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "process.parent.macho.sections.entropy", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "nested": { + "path": "process.parent.macho.sections" + } + } + }, + { + "name": "process.parent.macho.sections.name", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "nested": { + "path": "process.parent.macho.sections" + } + } + }, + { + "name": "process.parent.macho.sections.physical_size", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "nested": { + "path": "process.parent.macho.sections" + } + } + }, + { + "name": "process.parent.macho.sections.var_entropy", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "nested": { + "path": "process.parent.macho.sections" + } + } + }, + { + "name": "process.parent.macho.sections.virtual_size", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "nested": { + "path": "process.parent.macho.sections" + } + } + }, + { + "name": "process.parent.macho.symhash", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "process.parent.name", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "process.parent.name.text", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "multi": { + "parent": "process.parent.name" + } + } + }, + { + "name": "process.parent.pe.architecture", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "process.parent.pe.company", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "process.parent.pe.description", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "process.parent.pe.file_version", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "process.parent.pe.go_import_hash", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "process.parent.pe.go_imports", + "type": "unknown", + "esTypes": ["flat_object"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "process.parent.pe.go_imports.", + "type": "unknown", + "esTypes": ["flat_object"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "multi": { + "parent": "process.parent.pe.go_imports" + } + } + }, + { + "name": "process.parent.pe.go_imports._value", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "multi": { + "parent": "process.parent.pe.go_imports" + } + } + }, + { + "name": "process.parent.pe.go_imports._valueAndPath", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "multi": { + "parent": "process.parent.pe.go_imports" + } + } + }, + { + "name": "process.parent.pe.go_imports_names_entropy", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "process.parent.pe.go_imports_names_var_entropy", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "process.parent.pe.go_stripped", + "type": "boolean", + "esTypes": ["boolean"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "process.parent.pe.imphash", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "process.parent.pe.import_hash", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "process.parent.pe.imports", + "type": "unknown", + "esTypes": ["flat_object"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "process.parent.pe.imports.", + "type": "unknown", + "esTypes": ["flat_object"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "multi": { + "parent": "process.parent.pe.imports" + } + } + }, + { + "name": "process.parent.pe.imports._value", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "multi": { + "parent": "process.parent.pe.imports" + } + } + }, + { + "name": "process.parent.pe.imports._valueAndPath", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "multi": { + "parent": "process.parent.pe.imports" + } + } + }, + { + "name": "process.parent.pe.imports_names_entropy", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "process.parent.pe.imports_names_var_entropy", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "process.parent.pe.original_file_name", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "process.parent.pe.pehash", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "process.parent.pe.product", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "process.parent.pe.sections.entropy", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "nested": { + "path": "process.parent.pe.sections" + } + } + }, + { + "name": "process.parent.pe.sections.name", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "nested": { + "path": "process.parent.pe.sections" + } + } + }, + { + "name": "process.parent.pe.sections.physical_size", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "nested": { + "path": "process.parent.pe.sections" + } + } + }, + { + "name": "process.parent.pe.sections.var_entropy", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "nested": { + "path": "process.parent.pe.sections" + } + } + }, + { + "name": "process.parent.pe.sections.virtual_size", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "nested": { + "path": "process.parent.pe.sections" + } + } + }, + { + "name": "process.parent.pgid", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "process.parent.pid", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "process.parent.real_group.id", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "process.parent.real_group.name", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "process.parent.real_user.id", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "process.parent.real_user.name", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "process.parent.real_user.name.text", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "multi": { + "parent": "process.parent.real_user.name" + } + } + }, + { + "name": "process.parent.saved_group.id", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "process.parent.saved_group.name", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "process.parent.saved_user.id", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "process.parent.saved_user.name", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "process.parent.saved_user.name.text", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "multi": { + "parent": "process.parent.saved_user.name" + } + } + }, + { + "name": "process.parent.start", + "type": "date", + "esTypes": ["date"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "process.parent.supplemental_groups.id", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "process.parent.supplemental_groups.name", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "process.parent.thread.capabilities.effective", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "process.parent.thread.capabilities.permitted", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "process.parent.thread.id", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "process.parent.thread.name", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "process.parent.title", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "process.parent.title.text", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "multi": { + "parent": "process.parent.title" + } + } + }, + { + "name": "process.parent.tty.char_device.major", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "process.parent.tty.char_device.minor", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "process.parent.uptime", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "process.parent.user.id", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "process.parent.user.name", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "process.parent.user.name.text", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "multi": { + "parent": "process.parent.user.name" + } + } + }, + { + "name": "process.parent.vpid", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "process.parent.working_directory", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "process.parent.working_directory.text", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "multi": { + "parent": "process.parent.working_directory" + } + } + }, + { + "name": "process.pe.architecture", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "process.pe.company", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "process.pe.description", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "process.pe.file_version", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "process.pe.go_import_hash", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "process.pe.go_imports", + "type": "unknown", + "esTypes": ["flat_object"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "process.pe.go_imports.", + "type": "unknown", + "esTypes": ["flat_object"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "multi": { + "parent": "process.pe.go_imports" + } + } + }, + { + "name": "process.pe.go_imports._value", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "multi": { + "parent": "process.pe.go_imports" + } + } + }, + { + "name": "process.pe.go_imports._valueAndPath", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "multi": { + "parent": "process.pe.go_imports" + } + } + }, + { + "name": "process.pe.go_imports_names_entropy", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "process.pe.go_imports_names_var_entropy", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "process.pe.go_stripped", + "type": "boolean", + "esTypes": ["boolean"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "process.pe.imphash", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "process.pe.import_hash", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "process.pe.imports", + "type": "unknown", + "esTypes": ["flat_object"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "process.pe.imports.", + "type": "unknown", + "esTypes": ["flat_object"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "multi": { + "parent": "process.pe.imports" + } + } + }, + { + "name": "process.pe.imports._value", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "multi": { + "parent": "process.pe.imports" + } + } + }, + { + "name": "process.pe.imports._valueAndPath", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "multi": { + "parent": "process.pe.imports" + } + } + }, + { + "name": "process.pe.imports_names_entropy", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "process.pe.imports_names_var_entropy", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "process.pe.original_file_name", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "process.pe.pehash", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "process.pe.product", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "process.pe.sections.entropy", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "nested": { + "path": "process.pe.sections" + } + } + }, + { + "name": "process.pe.sections.name", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "nested": { + "path": "process.pe.sections" + } + } + }, + { + "name": "process.pe.sections.physical_size", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "nested": { + "path": "process.pe.sections" + } + } + }, + { + "name": "process.pe.sections.var_entropy", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "nested": { + "path": "process.pe.sections" + } + } + }, + { + "name": "process.pe.sections.virtual_size", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "nested": { + "path": "process.pe.sections" + } + } + }, + { + "name": "process.pgid", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "process.pid", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "process.previous.args", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "process.previous.args_count", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "process.previous.executable", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "process.previous.executable.text", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "multi": { + "parent": "process.previous.executable" + } + } + }, + { + "name": "process.real_group.id", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "process.real_group.name", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "process.real_user.id", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "process.real_user.name", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "process.real_user.name.text", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "multi": { + "parent": "process.real_user.name" + } + } + }, + { + "name": "process.saved_group.id", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "process.saved_group.name", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "process.saved_user.id", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "process.saved_user.name", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "process.saved_user.name.text", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "multi": { + "parent": "process.saved_user.name" + } + } + }, + { + "name": "process.session_leader.args", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "process.session_leader.args_count", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "process.session_leader.command_line", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "process.session_leader.command_line.text", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "multi": { + "parent": "process.session_leader.command_line" + } + } + }, + { + "name": "process.session_leader.entity_id", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "process.session_leader.executable", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "process.session_leader.executable.text", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "multi": { + "parent": "process.session_leader.executable" + } + } + }, + { + "name": "process.session_leader.group.id", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "process.session_leader.group.name", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "process.session_leader.interactive", + "type": "boolean", + "esTypes": ["boolean"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "process.session_leader.name", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "process.session_leader.name.text", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "multi": { + "parent": "process.session_leader.name" + } + } + }, + { + "name": "process.session_leader.parent.entity_id", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "process.session_leader.parent.pid", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "process.session_leader.parent.session_leader.entity_id", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "process.session_leader.parent.session_leader.pid", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "process.session_leader.parent.session_leader.start", + "type": "date", + "esTypes": ["date"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "process.session_leader.parent.session_leader.vpid", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "process.session_leader.parent.start", + "type": "date", + "esTypes": ["date"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "process.session_leader.parent.vpid", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "process.session_leader.pid", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "process.session_leader.real_group.id", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "process.session_leader.real_group.name", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "process.session_leader.real_user.id", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "process.session_leader.real_user.name", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "process.session_leader.real_user.name.text", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "multi": { + "parent": "process.session_leader.real_user.name" + } + } + }, + { + "name": "process.session_leader.same_as_process", + "type": "boolean", + "esTypes": ["boolean"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "process.session_leader.saved_group.id", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "process.session_leader.saved_group.name", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "process.session_leader.saved_user.id", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "process.session_leader.saved_user.name", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "process.session_leader.saved_user.name.text", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "multi": { + "parent": "process.session_leader.saved_user.name" + } + } + }, + { + "name": "process.session_leader.start", + "type": "date", + "esTypes": ["date"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "process.session_leader.supplemental_groups.id", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "process.session_leader.supplemental_groups.name", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "process.session_leader.tty.char_device.major", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "process.session_leader.tty.char_device.minor", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "process.session_leader.user.id", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "process.session_leader.user.name", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "process.session_leader.user.name.text", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "multi": { + "parent": "process.session_leader.user.name" + } + } + }, + { + "name": "process.session_leader.vpid", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "process.session_leader.working_directory", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "process.session_leader.working_directory.text", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "multi": { + "parent": "process.session_leader.working_directory" + } + } + }, + { + "name": "process.start", + "type": "date", + "esTypes": ["date"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "process.supplemental_groups.id", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "process.supplemental_groups.name", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "process.thread.capabilities.effective", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "process.thread.capabilities.permitted", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "process.thread.id", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "process.thread.name", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "process.title", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "process.title.text", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "multi": { + "parent": "process.title" + } + } + }, + { + "name": "process.tty.char_device.major", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "process.tty.char_device.minor", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "process.tty.columns", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "process.tty.rows", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "process.uptime", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "process.user.id", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "process.user.name", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "process.user.name.text", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "multi": { + "parent": "process.user.name" + } + } + }, + { + "name": "process.vpid", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "process.working_directory", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "process.working_directory.text", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "multi": { + "parent": "process.working_directory" + } + } + }, + { + "name": "registry.data.bytes", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "registry.data.strings", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "registry.data.type", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "registry.hive", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "registry.key", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "registry.path", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "registry.value", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "related.hash", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "related.hosts", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "related.ip", + "type": "ip", + "esTypes": ["ip"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "related.user", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "rule.author", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "rule.category", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "rule.description", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "rule.id", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "rule.license", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "rule.name", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "rule.reference", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "rule.ruleset", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "rule.uuid", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "rule.version", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "server.address", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "server.as.number", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "server.as.organization.name", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "server.as.organization.name.text", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "multi": { + "parent": "server.as.organization.name" + } + } + }, + { + "name": "server.bytes", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "server.domain", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "server.geo.city_name", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "server.geo.continent_code", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "server.geo.continent_name", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "server.geo.country_iso_code", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "server.geo.country_name", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "server.geo.location", + "type": "geo_point", + "esTypes": ["geo_point"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "server.geo.name", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "server.geo.postal_code", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "server.geo.region_iso_code", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "server.geo.region_name", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "server.geo.timezone", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "server.ip", + "type": "ip", + "esTypes": ["ip"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "server.mac", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "server.nat.ip", + "type": "ip", + "esTypes": ["ip"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "server.nat.port", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "server.packets", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "server.port", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "server.registered_domain", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "server.subdomain", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "server.top_level_domain", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "server.user.domain", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "server.user.email", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "server.user.full_name", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "server.user.full_name.text", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "multi": { + "parent": "server.user.full_name" + } + } + }, + { + "name": "server.user.group.domain", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "server.user.group.id", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "server.user.group.name", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "server.user.hash", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "server.user.id", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "server.user.name", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "server.user.name.text", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "multi": { + "parent": "server.user.name" + } + } + }, + { + "name": "server.user.roles", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "service.address", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "service.environment", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "service.ephemeral_id", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "service.id", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "service.name", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "service.node.name", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "service.node.role", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "service.node.roles", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "service.origin.address", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "service.origin.environment", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "service.origin.ephemeral_id", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "service.origin.id", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "service.origin.name", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "service.origin.node.name", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "service.origin.node.role", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "service.origin.node.roles", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "service.origin.state", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "service.origin.type", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "service.origin.version", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "service.state", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "service.target.address", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "service.target.environment", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "service.target.ephemeral_id", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "service.target.id", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "service.target.name", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "service.target.node.name", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "service.target.node.role", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "service.target.node.roles", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "service.target.state", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "service.target.type", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "service.target.version", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "service.type", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "service.version", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "source.address", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "source.as.number", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "source.as.organization.name", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "source.as.organization.name.text", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "multi": { + "parent": "source.as.organization.name" + } + } + }, + { + "name": "source.bytes", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "source.domain", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "source.geo.city_name", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "source.geo.continent_code", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "source.geo.continent_name", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "source.geo.country_iso_code", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "source.geo.country_name", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "source.geo.location", + "type": "geo_point", + "esTypes": ["geo_point"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "source.geo.name", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "source.geo.postal_code", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "source.geo.region_iso_code", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "source.geo.region_name", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "source.geo.timezone", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "source.ip", + "type": "ip", + "esTypes": ["ip"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "source.mac", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "source.nat.ip", + "type": "ip", + "esTypes": ["ip"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "source.nat.port", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "source.packets", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "source.port", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "source.registered_domain", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "source.subdomain", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "source.top_level_domain", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "source.user.domain", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "source.user.email", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "source.user.full_name", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "source.user.full_name.text", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "multi": { + "parent": "source.user.full_name" + } + } + }, + { + "name": "source.user.group.domain", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "source.user.group.id", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "source.user.group.name", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "source.user.hash", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "source.user.id", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "source.user.name", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "source.user.name.text", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "multi": { + "parent": "source.user.name" + } + } + }, + { + "name": "source.user.roles", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "span.id", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "threat.enrichments.indicator.as.number", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "nested": { + "path": "threat.enrichments" + } + } + }, + { + "name": "threat.enrichments.indicator.as.organization.name", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "nested": { + "path": "threat.enrichments" + } + } + }, + { + "name": "threat.enrichments.indicator.as.organization.name.text", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "multi": { + "parent": "threat.enrichments.indicator.as.organization.name" + }, + "nested": { + "path": "threat.enrichments" + } + } + }, + { + "name": "threat.enrichments.indicator.confidence", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "nested": { + "path": "threat.enrichments" + } + } + }, + { + "name": "threat.enrichments.indicator.description", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "nested": { + "path": "threat.enrichments" + } + } + }, + { + "name": "threat.enrichments.indicator.email.address", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "nested": { + "path": "threat.enrichments" + } + } + }, + { + "name": "threat.enrichments.indicator.file.accessed", + "type": "date", + "esTypes": ["date"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "nested": { + "path": "threat.enrichments" + } + } + }, + { + "name": "threat.enrichments.indicator.file.attributes", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "nested": { + "path": "threat.enrichments" + } + } + }, + { + "name": "threat.enrichments.indicator.file.code_signature.digest_algorithm", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "nested": { + "path": "threat.enrichments" + } + } + }, + { + "name": "threat.enrichments.indicator.file.code_signature.exists", + "type": "boolean", + "esTypes": ["boolean"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "nested": { + "path": "threat.enrichments" + } + } + }, + { + "name": "threat.enrichments.indicator.file.code_signature.signing_id", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "nested": { + "path": "threat.enrichments" + } + } + }, + { + "name": "threat.enrichments.indicator.file.code_signature.status", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "nested": { + "path": "threat.enrichments" + } + } + }, + { + "name": "threat.enrichments.indicator.file.code_signature.subject_name", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "nested": { + "path": "threat.enrichments" + } + } + }, + { + "name": "threat.enrichments.indicator.file.code_signature.team_id", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "nested": { + "path": "threat.enrichments" + } + } + }, + { + "name": "threat.enrichments.indicator.file.code_signature.timestamp", + "type": "date", + "esTypes": ["date"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "nested": { + "path": "threat.enrichments" + } + } + }, + { + "name": "threat.enrichments.indicator.file.code_signature.trusted", + "type": "boolean", + "esTypes": ["boolean"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "nested": { + "path": "threat.enrichments" + } + } + }, + { + "name": "threat.enrichments.indicator.file.code_signature.valid", + "type": "boolean", + "esTypes": ["boolean"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "nested": { + "path": "threat.enrichments" + } + } + }, + { + "name": "threat.enrichments.indicator.file.created", + "type": "date", + "esTypes": ["date"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "nested": { + "path": "threat.enrichments" + } + } + }, + { + "name": "threat.enrichments.indicator.file.ctime", + "type": "date", + "esTypes": ["date"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "nested": { + "path": "threat.enrichments" + } + } + }, + { + "name": "threat.enrichments.indicator.file.device", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "nested": { + "path": "threat.enrichments" + } + } + }, + { + "name": "threat.enrichments.indicator.file.directory", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "nested": { + "path": "threat.enrichments" + } + } + }, + { + "name": "threat.enrichments.indicator.file.drive_letter", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "nested": { + "path": "threat.enrichments" + } + } + }, + { + "name": "threat.enrichments.indicator.file.elf.architecture", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "nested": { + "path": "threat.enrichments" + } + } + }, + { + "name": "threat.enrichments.indicator.file.elf.byte_order", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "nested": { + "path": "threat.enrichments" + } + } + }, + { + "name": "threat.enrichments.indicator.file.elf.cpu_type", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "nested": { + "path": "threat.enrichments" + } + } + }, + { + "name": "threat.enrichments.indicator.file.elf.creation_date", + "type": "date", + "esTypes": ["date"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "nested": { + "path": "threat.enrichments" + } + } + }, + { + "name": "threat.enrichments.indicator.file.elf.exports", + "type": "unknown", + "esTypes": ["flat_object"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "nested": { + "path": "threat.enrichments" + } + } + }, + { + "name": "threat.enrichments.indicator.file.elf.exports.", + "type": "unknown", + "esTypes": ["flat_object"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "multi": { + "parent": "threat.enrichments.indicator.file.elf.exports" + }, + "nested": { + "path": "threat.enrichments" + } + } + }, + { + "name": "threat.enrichments.indicator.file.elf.exports._value", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "multi": { + "parent": "threat.enrichments.indicator.file.elf.exports" + }, + "nested": { + "path": "threat.enrichments" + } + } + }, + { + "name": "threat.enrichments.indicator.file.elf.exports._valueAndPath", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "multi": { + "parent": "threat.enrichments.indicator.file.elf.exports" + }, + "nested": { + "path": "threat.enrichments" + } + } + }, + { + "name": "threat.enrichments.indicator.file.elf.go_import_hash", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "nested": { + "path": "threat.enrichments" + } + } + }, + { + "name": "threat.enrichments.indicator.file.elf.go_imports", + "type": "unknown", + "esTypes": ["flat_object"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "nested": { + "path": "threat.enrichments" + } + } + }, + { + "name": "threat.enrichments.indicator.file.elf.go_imports.", + "type": "unknown", + "esTypes": ["flat_object"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "multi": { + "parent": "threat.enrichments.indicator.file.elf.go_imports" + }, + "nested": { + "path": "threat.enrichments" + } + } + }, + { + "name": "threat.enrichments.indicator.file.elf.go_imports._value", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "multi": { + "parent": "threat.enrichments.indicator.file.elf.go_imports" + }, + "nested": { + "path": "threat.enrichments" + } + } + }, + { + "name": "threat.enrichments.indicator.file.elf.go_imports._valueAndPath", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "multi": { + "parent": "threat.enrichments.indicator.file.elf.go_imports" + }, + "nested": { + "path": "threat.enrichments" + } + } + }, + { + "name": "threat.enrichments.indicator.file.elf.go_imports_names_entropy", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "nested": { + "path": "threat.enrichments" + } + } + }, + { + "name": "threat.enrichments.indicator.file.elf.go_imports_names_var_entropy", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "nested": { + "path": "threat.enrichments" + } + } + }, + { + "name": "threat.enrichments.indicator.file.elf.go_stripped", + "type": "boolean", + "esTypes": ["boolean"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "nested": { + "path": "threat.enrichments" + } + } + }, + { + "name": "threat.enrichments.indicator.file.elf.header.abi_version", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "nested": { + "path": "threat.enrichments" + } + } + }, + { + "name": "threat.enrichments.indicator.file.elf.header.class", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "nested": { + "path": "threat.enrichments" + } + } + }, + { + "name": "threat.enrichments.indicator.file.elf.header.data", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "nested": { + "path": "threat.enrichments" + } + } + }, + { + "name": "threat.enrichments.indicator.file.elf.header.entrypoint", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "nested": { + "path": "threat.enrichments" + } + } + }, + { + "name": "threat.enrichments.indicator.file.elf.header.object_version", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "nested": { + "path": "threat.enrichments" + } + } + }, + { + "name": "threat.enrichments.indicator.file.elf.header.os_abi", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "nested": { + "path": "threat.enrichments" + } + } + }, + { + "name": "threat.enrichments.indicator.file.elf.header.type", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "nested": { + "path": "threat.enrichments" + } + } + }, + { + "name": "threat.enrichments.indicator.file.elf.header.version", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "nested": { + "path": "threat.enrichments" + } + } + }, + { + "name": "threat.enrichments.indicator.file.elf.import_hash", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "nested": { + "path": "threat.enrichments" + } + } + }, + { + "name": "threat.enrichments.indicator.file.elf.imports", + "type": "unknown", + "esTypes": ["flat_object"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "nested": { + "path": "threat.enrichments" + } + } + }, + { + "name": "threat.enrichments.indicator.file.elf.imports.", + "type": "unknown", + "esTypes": ["flat_object"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "multi": { + "parent": "threat.enrichments.indicator.file.elf.imports" + }, + "nested": { + "path": "threat.enrichments" + } + } + }, + { + "name": "threat.enrichments.indicator.file.elf.imports._value", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "multi": { + "parent": "threat.enrichments.indicator.file.elf.imports" + }, + "nested": { + "path": "threat.enrichments" + } + } + }, + { + "name": "threat.enrichments.indicator.file.elf.imports._valueAndPath", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "multi": { + "parent": "threat.enrichments.indicator.file.elf.imports" + }, + "nested": { + "path": "threat.enrichments" + } + } + }, + { + "name": "threat.enrichments.indicator.file.elf.imports_names_entropy", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "nested": { + "path": "threat.enrichments" + } + } + }, + { + "name": "threat.enrichments.indicator.file.elf.imports_names_var_entropy", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "nested": { + "path": "threat.enrichments" + } + } + }, + { + "name": "threat.enrichments.indicator.file.elf.sections.chi2", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "nested": { + "path": "threat.enrichments.indicator.file.elf.sections" + } + } + }, + { + "name": "threat.enrichments.indicator.file.elf.sections.entropy", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "nested": { + "path": "threat.enrichments.indicator.file.elf.sections" + } + } + }, + { + "name": "threat.enrichments.indicator.file.elf.sections.flags", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "nested": { + "path": "threat.enrichments.indicator.file.elf.sections" + } + } + }, + { + "name": "threat.enrichments.indicator.file.elf.sections.name", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "nested": { + "path": "threat.enrichments.indicator.file.elf.sections" + } + } + }, + { + "name": "threat.enrichments.indicator.file.elf.sections.physical_offset", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "nested": { + "path": "threat.enrichments.indicator.file.elf.sections" + } + } + }, + { + "name": "threat.enrichments.indicator.file.elf.sections.physical_size", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "nested": { + "path": "threat.enrichments.indicator.file.elf.sections" + } + } + }, + { + "name": "threat.enrichments.indicator.file.elf.sections.type", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "nested": { + "path": "threat.enrichments.indicator.file.elf.sections" + } + } + }, + { + "name": "threat.enrichments.indicator.file.elf.sections.var_entropy", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "nested": { + "path": "threat.enrichments.indicator.file.elf.sections" + } + } + }, + { + "name": "threat.enrichments.indicator.file.elf.sections.virtual_address", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "nested": { + "path": "threat.enrichments.indicator.file.elf.sections" + } + } + }, + { + "name": "threat.enrichments.indicator.file.elf.sections.virtual_size", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "nested": { + "path": "threat.enrichments.indicator.file.elf.sections" + } + } + }, + { + "name": "threat.enrichments.indicator.file.elf.segments.sections", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "nested": { + "path": "threat.enrichments.indicator.file.elf.segments" + } + } + }, + { + "name": "threat.enrichments.indicator.file.elf.segments.type", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "nested": { + "path": "threat.enrichments.indicator.file.elf.segments" + } + } + }, + { + "name": "threat.enrichments.indicator.file.elf.shared_libraries", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "nested": { + "path": "threat.enrichments" + } + } + }, + { + "name": "threat.enrichments.indicator.file.elf.telfhash", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "nested": { + "path": "threat.enrichments" + } + } + }, + { + "name": "threat.enrichments.indicator.file.extension", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "nested": { + "path": "threat.enrichments" + } + } + }, + { + "name": "threat.enrichments.indicator.file.fork_name", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "nested": { + "path": "threat.enrichments" + } + } + }, + { + "name": "threat.enrichments.indicator.file.gid", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "nested": { + "path": "threat.enrichments" + } + } + }, + { + "name": "threat.enrichments.indicator.file.group", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "nested": { + "path": "threat.enrichments" + } + } + }, + { + "name": "threat.enrichments.indicator.file.hash.md5", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "nested": { + "path": "threat.enrichments" + } + } + }, + { + "name": "threat.enrichments.indicator.file.hash.sha1", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "nested": { + "path": "threat.enrichments" + } + } + }, + { + "name": "threat.enrichments.indicator.file.hash.sha256", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "nested": { + "path": "threat.enrichments" + } + } + }, + { + "name": "threat.enrichments.indicator.file.hash.sha384", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "nested": { + "path": "threat.enrichments" + } + } + }, + { + "name": "threat.enrichments.indicator.file.hash.sha512", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "nested": { + "path": "threat.enrichments" + } + } + }, + { + "name": "threat.enrichments.indicator.file.hash.ssdeep", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "nested": { + "path": "threat.enrichments" + } + } + }, + { + "name": "threat.enrichments.indicator.file.hash.tlsh", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "nested": { + "path": "threat.enrichments" + } + } + }, + { + "name": "threat.enrichments.indicator.file.inode", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "nested": { + "path": "threat.enrichments" + } + } + }, + { + "name": "threat.enrichments.indicator.file.mime_type", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "nested": { + "path": "threat.enrichments" + } + } + }, + { + "name": "threat.enrichments.indicator.file.mode", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "nested": { + "path": "threat.enrichments" + } + } + }, + { + "name": "threat.enrichments.indicator.file.mtime", + "type": "date", + "esTypes": ["date"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "nested": { + "path": "threat.enrichments" + } + } + }, + { + "name": "threat.enrichments.indicator.file.name", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "nested": { + "path": "threat.enrichments" + } + } + }, + { + "name": "threat.enrichments.indicator.file.owner", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "nested": { + "path": "threat.enrichments" + } + } + }, + { + "name": "threat.enrichments.indicator.file.path", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "nested": { + "path": "threat.enrichments" + } + } + }, + { + "name": "threat.enrichments.indicator.file.path.text", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "multi": { + "parent": "threat.enrichments.indicator.file.path" + }, + "nested": { + "path": "threat.enrichments" + } + } + }, + { + "name": "threat.enrichments.indicator.file.pe.architecture", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "nested": { + "path": "threat.enrichments" + } + } + }, + { + "name": "threat.enrichments.indicator.file.pe.company", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "nested": { + "path": "threat.enrichments" + } + } + }, + { + "name": "threat.enrichments.indicator.file.pe.description", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "nested": { + "path": "threat.enrichments" + } + } + }, + { + "name": "threat.enrichments.indicator.file.pe.file_version", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "nested": { + "path": "threat.enrichments" + } + } + }, + { + "name": "threat.enrichments.indicator.file.pe.go_import_hash", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "nested": { + "path": "threat.enrichments" + } + } + }, + { + "name": "threat.enrichments.indicator.file.pe.go_imports", + "type": "unknown", + "esTypes": ["flat_object"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "nested": { + "path": "threat.enrichments" + } + } + }, + { + "name": "threat.enrichments.indicator.file.pe.go_imports.", + "type": "unknown", + "esTypes": ["flat_object"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "multi": { + "parent": "threat.enrichments.indicator.file.pe.go_imports" + }, + "nested": { + "path": "threat.enrichments" + } + } + }, + { + "name": "threat.enrichments.indicator.file.pe.go_imports._value", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "multi": { + "parent": "threat.enrichments.indicator.file.pe.go_imports" + }, + "nested": { + "path": "threat.enrichments" + } + } + }, + { + "name": "threat.enrichments.indicator.file.pe.go_imports._valueAndPath", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "multi": { + "parent": "threat.enrichments.indicator.file.pe.go_imports" + }, + "nested": { + "path": "threat.enrichments" + } + } + }, + { + "name": "threat.enrichments.indicator.file.pe.go_imports_names_entropy", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "nested": { + "path": "threat.enrichments" + } + } + }, + { + "name": "threat.enrichments.indicator.file.pe.go_imports_names_var_entropy", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "nested": { + "path": "threat.enrichments" + } + } + }, + { + "name": "threat.enrichments.indicator.file.pe.go_stripped", + "type": "boolean", + "esTypes": ["boolean"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "nested": { + "path": "threat.enrichments" + } + } + }, + { + "name": "threat.enrichments.indicator.file.pe.imphash", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "nested": { + "path": "threat.enrichments" + } + } + }, + { + "name": "threat.enrichments.indicator.file.pe.import_hash", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "nested": { + "path": "threat.enrichments" + } + } + }, + { + "name": "threat.enrichments.indicator.file.pe.imports", + "type": "unknown", + "esTypes": ["flat_object"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "nested": { + "path": "threat.enrichments" + } + } + }, + { + "name": "threat.enrichments.indicator.file.pe.imports.", + "type": "unknown", + "esTypes": ["flat_object"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "multi": { + "parent": "threat.enrichments.indicator.file.pe.imports" + }, + "nested": { + "path": "threat.enrichments" + } + } + }, + { + "name": "threat.enrichments.indicator.file.pe.imports._value", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "multi": { + "parent": "threat.enrichments.indicator.file.pe.imports" + }, + "nested": { + "path": "threat.enrichments" + } + } + }, + { + "name": "threat.enrichments.indicator.file.pe.imports._valueAndPath", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "multi": { + "parent": "threat.enrichments.indicator.file.pe.imports" + }, + "nested": { + "path": "threat.enrichments" + } + } + }, + { + "name": "threat.enrichments.indicator.file.pe.imports_names_entropy", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "nested": { + "path": "threat.enrichments" + } + } + }, + { + "name": "threat.enrichments.indicator.file.pe.imports_names_var_entropy", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "nested": { + "path": "threat.enrichments" + } + } + }, + { + "name": "threat.enrichments.indicator.file.pe.original_file_name", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "nested": { + "path": "threat.enrichments" + } + } + }, + { + "name": "threat.enrichments.indicator.file.pe.pehash", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "nested": { + "path": "threat.enrichments" + } + } + }, + { + "name": "threat.enrichments.indicator.file.pe.product", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "nested": { + "path": "threat.enrichments" + } + } + }, + { + "name": "threat.enrichments.indicator.file.pe.sections.entropy", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "nested": { + "path": "threat.enrichments.indicator.file.pe.sections" + } + } + }, + { + "name": "threat.enrichments.indicator.file.pe.sections.name", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "nested": { + "path": "threat.enrichments.indicator.file.pe.sections" + } + } + }, + { + "name": "threat.enrichments.indicator.file.pe.sections.physical_size", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "nested": { + "path": "threat.enrichments.indicator.file.pe.sections" + } + } + }, + { + "name": "threat.enrichments.indicator.file.pe.sections.var_entropy", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "nested": { + "path": "threat.enrichments.indicator.file.pe.sections" + } + } + }, + { + "name": "threat.enrichments.indicator.file.pe.sections.virtual_size", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "nested": { + "path": "threat.enrichments.indicator.file.pe.sections" + } + } + }, + { + "name": "threat.enrichments.indicator.file.size", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "nested": { + "path": "threat.enrichments" + } + } + }, + { + "name": "threat.enrichments.indicator.file.target_path", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "nested": { + "path": "threat.enrichments" + } + } + }, + { + "name": "threat.enrichments.indicator.file.target_path.text", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "multi": { + "parent": "threat.enrichments.indicator.file.target_path" + }, + "nested": { + "path": "threat.enrichments" + } + } + }, + { + "name": "threat.enrichments.indicator.file.type", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "nested": { + "path": "threat.enrichments" + } + } + }, + { + "name": "threat.enrichments.indicator.file.uid", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "nested": { + "path": "threat.enrichments" + } + } + }, + { + "name": "threat.enrichments.indicator.file.x509.alternative_names", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "nested": { + "path": "threat.enrichments" + } + } + }, + { + "name": "threat.enrichments.indicator.file.x509.issuer.common_name", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "nested": { + "path": "threat.enrichments" + } + } + }, + { + "name": "threat.enrichments.indicator.file.x509.issuer.country", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "nested": { + "path": "threat.enrichments" + } + } + }, + { + "name": "threat.enrichments.indicator.file.x509.issuer.distinguished_name", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "nested": { + "path": "threat.enrichments" + } + } + }, + { + "name": "threat.enrichments.indicator.file.x509.issuer.locality", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "nested": { + "path": "threat.enrichments" + } + } + }, + { + "name": "threat.enrichments.indicator.file.x509.issuer.organization", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "nested": { + "path": "threat.enrichments" + } + } + }, + { + "name": "threat.enrichments.indicator.file.x509.issuer.organizational_unit", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "nested": { + "path": "threat.enrichments" + } + } + }, + { + "name": "threat.enrichments.indicator.file.x509.issuer.state_or_province", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "nested": { + "path": "threat.enrichments" + } + } + }, + { + "name": "threat.enrichments.indicator.file.x509.not_after", + "type": "date", + "esTypes": ["date"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "nested": { + "path": "threat.enrichments" + } + } + }, + { + "name": "threat.enrichments.indicator.file.x509.not_before", + "type": "date", + "esTypes": ["date"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "nested": { + "path": "threat.enrichments" + } + } + }, + { + "name": "threat.enrichments.indicator.file.x509.public_key_algorithm", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "nested": { + "path": "threat.enrichments" + } + } + }, + { + "name": "threat.enrichments.indicator.file.x509.public_key_curve", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "nested": { + "path": "threat.enrichments" + } + } + }, + { + "name": "threat.enrichments.indicator.file.x509.public_key_exponent", + "type": "number", + "esTypes": ["long"], + "searchable": false, + "aggregatable": false, + "readFromDocValues": false, + "subType": { + "nested": { + "path": "threat.enrichments" + } + } + }, + { + "name": "threat.enrichments.indicator.file.x509.public_key_size", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "nested": { + "path": "threat.enrichments" + } + } + }, + { + "name": "threat.enrichments.indicator.file.x509.serial_number", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "nested": { + "path": "threat.enrichments" + } + } + }, + { + "name": "threat.enrichments.indicator.file.x509.signature_algorithm", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "nested": { + "path": "threat.enrichments" + } + } + }, + { + "name": "threat.enrichments.indicator.file.x509.subject.common_name", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "nested": { + "path": "threat.enrichments" + } + } + }, + { + "name": "threat.enrichments.indicator.file.x509.subject.country", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "nested": { + "path": "threat.enrichments" + } + } + }, + { + "name": "threat.enrichments.indicator.file.x509.subject.distinguished_name", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "nested": { + "path": "threat.enrichments" + } + } + }, + { + "name": "threat.enrichments.indicator.file.x509.subject.locality", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "nested": { + "path": "threat.enrichments" + } + } + }, + { + "name": "threat.enrichments.indicator.file.x509.subject.organization", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "nested": { + "path": "threat.enrichments" + } + } + }, + { + "name": "threat.enrichments.indicator.file.x509.subject.organizational_unit", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "nested": { + "path": "threat.enrichments" + } + } + }, + { + "name": "threat.enrichments.indicator.file.x509.subject.state_or_province", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "nested": { + "path": "threat.enrichments" + } + } + }, + { + "name": "threat.enrichments.indicator.file.x509.version_number", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "nested": { + "path": "threat.enrichments" + } + } + }, + { + "name": "threat.enrichments.indicator.first_seen", + "type": "date", + "esTypes": ["date"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "nested": { + "path": "threat.enrichments" + } + } + }, + { + "name": "threat.enrichments.indicator.geo.city_name", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "nested": { + "path": "threat.enrichments" + } + } + }, + { + "name": "threat.enrichments.indicator.geo.continent_code", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "nested": { + "path": "threat.enrichments" + } + } + }, + { + "name": "threat.enrichments.indicator.geo.continent_name", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "nested": { + "path": "threat.enrichments" + } + } + }, + { + "name": "threat.enrichments.indicator.geo.country_iso_code", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "nested": { + "path": "threat.enrichments" + } + } + }, + { + "name": "threat.enrichments.indicator.geo.country_name", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "nested": { + "path": "threat.enrichments" + } + } + }, + { + "name": "threat.enrichments.indicator.geo.location", + "type": "geo_point", + "esTypes": ["geo_point"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "nested": { + "path": "threat.enrichments" + } + } + }, + { + "name": "threat.enrichments.indicator.geo.name", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "nested": { + "path": "threat.enrichments" + } + } + }, + { + "name": "threat.enrichments.indicator.geo.postal_code", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "nested": { + "path": "threat.enrichments" + } + } + }, + { + "name": "threat.enrichments.indicator.geo.region_iso_code", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "nested": { + "path": "threat.enrichments" + } + } + }, + { + "name": "threat.enrichments.indicator.geo.region_name", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "nested": { + "path": "threat.enrichments" + } + } + }, + { + "name": "threat.enrichments.indicator.geo.timezone", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "nested": { + "path": "threat.enrichments" + } + } + }, + { + "name": "threat.enrichments.indicator.ip", + "type": "ip", + "esTypes": ["ip"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "nested": { + "path": "threat.enrichments" + } + } + }, + { + "name": "threat.enrichments.indicator.last_seen", + "type": "date", + "esTypes": ["date"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "nested": { + "path": "threat.enrichments" + } + } + }, + { + "name": "threat.enrichments.indicator.marking.tlp", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "nested": { + "path": "threat.enrichments" + } + } + }, + { + "name": "threat.enrichments.indicator.marking.tlp_version", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "nested": { + "path": "threat.enrichments" + } + } + }, + { + "name": "threat.enrichments.indicator.modified_at", + "type": "date", + "esTypes": ["date"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "nested": { + "path": "threat.enrichments" + } + } + }, + { + "name": "threat.enrichments.indicator.name", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "nested": { + "path": "threat.enrichments" + } + } + }, + { + "name": "threat.enrichments.indicator.port", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "nested": { + "path": "threat.enrichments" + } + } + }, + { + "name": "threat.enrichments.indicator.provider", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "nested": { + "path": "threat.enrichments" + } + } + }, + { + "name": "threat.enrichments.indicator.reference", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "nested": { + "path": "threat.enrichments" + } + } + }, + { + "name": "threat.enrichments.indicator.registry.data.bytes", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "nested": { + "path": "threat.enrichments" + } + } + }, + { + "name": "threat.enrichments.indicator.registry.data.strings", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "nested": { + "path": "threat.enrichments" + } + } + }, + { + "name": "threat.enrichments.indicator.registry.data.type", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "nested": { + "path": "threat.enrichments" + } + } + }, + { + "name": "threat.enrichments.indicator.registry.hive", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "nested": { + "path": "threat.enrichments" + } + } + }, + { + "name": "threat.enrichments.indicator.registry.key", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "nested": { + "path": "threat.enrichments" + } + } + }, + { + "name": "threat.enrichments.indicator.registry.path", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "nested": { + "path": "threat.enrichments" + } + } + }, + { + "name": "threat.enrichments.indicator.registry.value", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "nested": { + "path": "threat.enrichments" + } + } + }, + { + "name": "threat.enrichments.indicator.scanner_stats", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "nested": { + "path": "threat.enrichments" + } + } + }, + { + "name": "threat.enrichments.indicator.sightings", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "nested": { + "path": "threat.enrichments" + } + } + }, + { + "name": "threat.enrichments.indicator.type", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "nested": { + "path": "threat.enrichments" + } + } + }, + { + "name": "threat.enrichments.indicator.url.domain", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "nested": { + "path": "threat.enrichments" + } + } + }, + { + "name": "threat.enrichments.indicator.url.extension", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "nested": { + "path": "threat.enrichments" + } + } + }, + { + "name": "threat.enrichments.indicator.url.fragment", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "nested": { + "path": "threat.enrichments" + } + } + }, + { + "name": "threat.enrichments.indicator.url.full", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "nested": { + "path": "threat.enrichments" + } + } + }, + { + "name": "threat.enrichments.indicator.url.full.text", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "multi": { + "parent": "threat.enrichments.indicator.url.full" + }, + "nested": { + "path": "threat.enrichments" + } + } + }, + { + "name": "threat.enrichments.indicator.url.original", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "nested": { + "path": "threat.enrichments" + } + } + }, + { + "name": "threat.enrichments.indicator.url.original.text", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "multi": { + "parent": "threat.enrichments.indicator.url.original" + }, + "nested": { + "path": "threat.enrichments" + } + } + }, + { + "name": "threat.enrichments.indicator.url.password", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "nested": { + "path": "threat.enrichments" + } + } + }, + { + "name": "threat.enrichments.indicator.url.path", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "nested": { + "path": "threat.enrichments" + } + } + }, + { + "name": "threat.enrichments.indicator.url.port", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "nested": { + "path": "threat.enrichments" + } + } + }, + { + "name": "threat.enrichments.indicator.url.query", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "nested": { + "path": "threat.enrichments" + } + } + }, + { + "name": "threat.enrichments.indicator.url.registered_domain", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "nested": { + "path": "threat.enrichments" + } + } + }, + { + "name": "threat.enrichments.indicator.url.scheme", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "nested": { + "path": "threat.enrichments" + } + } + }, + { + "name": "threat.enrichments.indicator.url.subdomain", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "nested": { + "path": "threat.enrichments" + } + } + }, + { + "name": "threat.enrichments.indicator.url.top_level_domain", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "nested": { + "path": "threat.enrichments" + } + } + }, + { + "name": "threat.enrichments.indicator.url.username", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "nested": { + "path": "threat.enrichments" + } + } + }, + { + "name": "threat.enrichments.indicator.x509.alternative_names", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "nested": { + "path": "threat.enrichments" + } + } + }, + { + "name": "threat.enrichments.indicator.x509.issuer.common_name", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "nested": { + "path": "threat.enrichments" + } + } + }, + { + "name": "threat.enrichments.indicator.x509.issuer.country", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "nested": { + "path": "threat.enrichments" + } + } + }, + { + "name": "threat.enrichments.indicator.x509.issuer.distinguished_name", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "nested": { + "path": "threat.enrichments" + } + } + }, + { + "name": "threat.enrichments.indicator.x509.issuer.locality", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "nested": { + "path": "threat.enrichments" + } + } + }, + { + "name": "threat.enrichments.indicator.x509.issuer.organization", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "nested": { + "path": "threat.enrichments" + } + } + }, + { + "name": "threat.enrichments.indicator.x509.issuer.organizational_unit", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "nested": { + "path": "threat.enrichments" + } + } + }, + { + "name": "threat.enrichments.indicator.x509.issuer.state_or_province", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "nested": { + "path": "threat.enrichments" + } + } + }, + { + "name": "threat.enrichments.indicator.x509.not_after", + "type": "date", + "esTypes": ["date"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "nested": { + "path": "threat.enrichments" + } + } + }, + { + "name": "threat.enrichments.indicator.x509.not_before", + "type": "date", + "esTypes": ["date"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "nested": { + "path": "threat.enrichments" + } + } + }, + { + "name": "threat.enrichments.indicator.x509.public_key_algorithm", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "nested": { + "path": "threat.enrichments" + } + } + }, + { + "name": "threat.enrichments.indicator.x509.public_key_curve", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "nested": { + "path": "threat.enrichments" + } + } + }, + { + "name": "threat.enrichments.indicator.x509.public_key_exponent", + "type": "number", + "esTypes": ["long"], + "searchable": false, + "aggregatable": false, + "readFromDocValues": false, + "subType": { + "nested": { + "path": "threat.enrichments" + } + } + }, + { + "name": "threat.enrichments.indicator.x509.public_key_size", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "nested": { + "path": "threat.enrichments" + } + } + }, + { + "name": "threat.enrichments.indicator.x509.serial_number", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "nested": { + "path": "threat.enrichments" + } + } + }, + { + "name": "threat.enrichments.indicator.x509.signature_algorithm", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "nested": { + "path": "threat.enrichments" + } + } + }, + { + "name": "threat.enrichments.indicator.x509.subject.common_name", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "nested": { + "path": "threat.enrichments" + } + } + }, + { + "name": "threat.enrichments.indicator.x509.subject.country", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "nested": { + "path": "threat.enrichments" + } + } + }, + { + "name": "threat.enrichments.indicator.x509.subject.distinguished_name", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "nested": { + "path": "threat.enrichments" + } + } + }, + { + "name": "threat.enrichments.indicator.x509.subject.locality", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "nested": { + "path": "threat.enrichments" + } + } + }, + { + "name": "threat.enrichments.indicator.x509.subject.organization", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "nested": { + "path": "threat.enrichments" + } + } + }, + { + "name": "threat.enrichments.indicator.x509.subject.organizational_unit", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "nested": { + "path": "threat.enrichments" + } + } + }, + { + "name": "threat.enrichments.indicator.x509.subject.state_or_province", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "nested": { + "path": "threat.enrichments" + } + } + }, + { + "name": "threat.enrichments.indicator.x509.version_number", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "nested": { + "path": "threat.enrichments" + } + } + }, + { + "name": "threat.enrichments.matched.atomic", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "nested": { + "path": "threat.enrichments" + } + } + }, + { + "name": "threat.enrichments.matched.field", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "nested": { + "path": "threat.enrichments" + } + } + }, + { + "name": "threat.enrichments.matched.id", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "nested": { + "path": "threat.enrichments" + } + } + }, + { + "name": "threat.enrichments.matched.index", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "nested": { + "path": "threat.enrichments" + } + } + }, + { + "name": "threat.enrichments.matched.occurred", + "type": "date", + "esTypes": ["date"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "nested": { + "path": "threat.enrichments" + } + } + }, + { + "name": "threat.enrichments.matched.type", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "nested": { + "path": "threat.enrichments" + } + } + }, + { + "name": "threat.feed.dashboard_id", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "threat.feed.description", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "threat.feed.name", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "threat.feed.reference", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "threat.framework", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "threat.group.alias", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "threat.group.id", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "threat.group.name", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "threat.group.reference", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "threat.indicator.as.number", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "threat.indicator.as.organization.name", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "threat.indicator.as.organization.name.text", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "multi": { + "parent": "threat.indicator.as.organization.name" + } + } + }, + { + "name": "threat.indicator.confidence", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "threat.indicator.description", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "threat.indicator.email.address", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "threat.indicator.file.accessed", + "type": "date", + "esTypes": ["date"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "threat.indicator.file.attributes", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "threat.indicator.file.code_signature.digest_algorithm", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "threat.indicator.file.code_signature.exists", + "type": "boolean", + "esTypes": ["boolean"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "threat.indicator.file.code_signature.signing_id", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "threat.indicator.file.code_signature.status", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "threat.indicator.file.code_signature.subject_name", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "threat.indicator.file.code_signature.team_id", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "threat.indicator.file.code_signature.timestamp", + "type": "date", + "esTypes": ["date"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "threat.indicator.file.code_signature.trusted", + "type": "boolean", + "esTypes": ["boolean"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "threat.indicator.file.code_signature.valid", + "type": "boolean", + "esTypes": ["boolean"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "threat.indicator.file.created", + "type": "date", + "esTypes": ["date"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "threat.indicator.file.ctime", + "type": "date", + "esTypes": ["date"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "threat.indicator.file.device", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "threat.indicator.file.directory", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "threat.indicator.file.drive_letter", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "threat.indicator.file.elf.architecture", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "threat.indicator.file.elf.byte_order", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "threat.indicator.file.elf.cpu_type", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "threat.indicator.file.elf.creation_date", + "type": "date", + "esTypes": ["date"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "threat.indicator.file.elf.exports", + "type": "unknown", + "esTypes": ["flat_object"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "threat.indicator.file.elf.exports.", + "type": "unknown", + "esTypes": ["flat_object"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "multi": { + "parent": "threat.indicator.file.elf.exports" + } + } + }, + { + "name": "threat.indicator.file.elf.exports._value", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "multi": { + "parent": "threat.indicator.file.elf.exports" + } + } + }, + { + "name": "threat.indicator.file.elf.exports._valueAndPath", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "multi": { + "parent": "threat.indicator.file.elf.exports" + } + } + }, + { + "name": "threat.indicator.file.elf.go_import_hash", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "threat.indicator.file.elf.go_imports", + "type": "unknown", + "esTypes": ["flat_object"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "threat.indicator.file.elf.go_imports.", + "type": "unknown", + "esTypes": ["flat_object"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "multi": { + "parent": "threat.indicator.file.elf.go_imports" + } + } + }, + { + "name": "threat.indicator.file.elf.go_imports._value", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "multi": { + "parent": "threat.indicator.file.elf.go_imports" + } + } + }, + { + "name": "threat.indicator.file.elf.go_imports._valueAndPath", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "multi": { + "parent": "threat.indicator.file.elf.go_imports" + } + } + }, + { + "name": "threat.indicator.file.elf.go_imports_names_entropy", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "threat.indicator.file.elf.go_imports_names_var_entropy", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "threat.indicator.file.elf.go_stripped", + "type": "boolean", + "esTypes": ["boolean"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "threat.indicator.file.elf.header.abi_version", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "threat.indicator.file.elf.header.class", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "threat.indicator.file.elf.header.data", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "threat.indicator.file.elf.header.entrypoint", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "threat.indicator.file.elf.header.object_version", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "threat.indicator.file.elf.header.os_abi", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "threat.indicator.file.elf.header.type", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "threat.indicator.file.elf.header.version", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "threat.indicator.file.elf.import_hash", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "threat.indicator.file.elf.imports", + "type": "unknown", + "esTypes": ["flat_object"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "threat.indicator.file.elf.imports.", + "type": "unknown", + "esTypes": ["flat_object"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "multi": { + "parent": "threat.indicator.file.elf.imports" + } + } + }, + { + "name": "threat.indicator.file.elf.imports._value", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "multi": { + "parent": "threat.indicator.file.elf.imports" + } + } + }, + { + "name": "threat.indicator.file.elf.imports._valueAndPath", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "multi": { + "parent": "threat.indicator.file.elf.imports" + } + } + }, + { + "name": "threat.indicator.file.elf.imports_names_entropy", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "threat.indicator.file.elf.imports_names_var_entropy", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "threat.indicator.file.elf.sections.chi2", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "nested": { + "path": "threat.indicator.file.elf.sections" + } + } + }, + { + "name": "threat.indicator.file.elf.sections.entropy", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "nested": { + "path": "threat.indicator.file.elf.sections" + } + } + }, + { + "name": "threat.indicator.file.elf.sections.flags", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "nested": { + "path": "threat.indicator.file.elf.sections" + } + } + }, + { + "name": "threat.indicator.file.elf.sections.name", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "nested": { + "path": "threat.indicator.file.elf.sections" + } + } + }, + { + "name": "threat.indicator.file.elf.sections.physical_offset", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "nested": { + "path": "threat.indicator.file.elf.sections" + } + } + }, + { + "name": "threat.indicator.file.elf.sections.physical_size", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "nested": { + "path": "threat.indicator.file.elf.sections" + } + } + }, + { + "name": "threat.indicator.file.elf.sections.type", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "nested": { + "path": "threat.indicator.file.elf.sections" + } + } + }, + { + "name": "threat.indicator.file.elf.sections.var_entropy", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "nested": { + "path": "threat.indicator.file.elf.sections" + } + } + }, + { + "name": "threat.indicator.file.elf.sections.virtual_address", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "nested": { + "path": "threat.indicator.file.elf.sections" + } + } + }, + { + "name": "threat.indicator.file.elf.sections.virtual_size", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "nested": { + "path": "threat.indicator.file.elf.sections" + } + } + }, + { + "name": "threat.indicator.file.elf.segments.sections", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "nested": { + "path": "threat.indicator.file.elf.segments" + } + } + }, + { + "name": "threat.indicator.file.elf.segments.type", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "nested": { + "path": "threat.indicator.file.elf.segments" + } + } + }, + { + "name": "threat.indicator.file.elf.shared_libraries", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "threat.indicator.file.elf.telfhash", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "threat.indicator.file.extension", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "threat.indicator.file.fork_name", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "threat.indicator.file.gid", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "threat.indicator.file.group", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "threat.indicator.file.hash.md5", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "threat.indicator.file.hash.sha1", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "threat.indicator.file.hash.sha256", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "threat.indicator.file.hash.sha384", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "threat.indicator.file.hash.sha512", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "threat.indicator.file.hash.ssdeep", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "threat.indicator.file.hash.tlsh", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "threat.indicator.file.inode", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "threat.indicator.file.mime_type", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "threat.indicator.file.mode", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "threat.indicator.file.mtime", + "type": "date", + "esTypes": ["date"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "threat.indicator.file.name", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "threat.indicator.file.owner", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "threat.indicator.file.path", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "threat.indicator.file.path.text", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "multi": { + "parent": "threat.indicator.file.path" + } + } + }, + { + "name": "threat.indicator.file.pe.architecture", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "threat.indicator.file.pe.company", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "threat.indicator.file.pe.description", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "threat.indicator.file.pe.file_version", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "threat.indicator.file.pe.go_import_hash", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "threat.indicator.file.pe.go_imports", + "type": "unknown", + "esTypes": ["flat_object"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "threat.indicator.file.pe.go_imports.", + "type": "unknown", + "esTypes": ["flat_object"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "multi": { + "parent": "threat.indicator.file.pe.go_imports" + } + } + }, + { + "name": "threat.indicator.file.pe.go_imports._value", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "multi": { + "parent": "threat.indicator.file.pe.go_imports" + } + } + }, + { + "name": "threat.indicator.file.pe.go_imports._valueAndPath", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "multi": { + "parent": "threat.indicator.file.pe.go_imports" + } + } + }, + { + "name": "threat.indicator.file.pe.go_imports_names_entropy", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "threat.indicator.file.pe.go_imports_names_var_entropy", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "threat.indicator.file.pe.go_stripped", + "type": "boolean", + "esTypes": ["boolean"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "threat.indicator.file.pe.imphash", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "threat.indicator.file.pe.import_hash", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "threat.indicator.file.pe.imports", + "type": "unknown", + "esTypes": ["flat_object"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "threat.indicator.file.pe.imports.", + "type": "unknown", + "esTypes": ["flat_object"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "multi": { + "parent": "threat.indicator.file.pe.imports" + } + } + }, + { + "name": "threat.indicator.file.pe.imports._value", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "multi": { + "parent": "threat.indicator.file.pe.imports" + } + } + }, + { + "name": "threat.indicator.file.pe.imports._valueAndPath", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "multi": { + "parent": "threat.indicator.file.pe.imports" + } + } + }, + { + "name": "threat.indicator.file.pe.imports_names_entropy", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "threat.indicator.file.pe.imports_names_var_entropy", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "threat.indicator.file.pe.original_file_name", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "threat.indicator.file.pe.pehash", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "threat.indicator.file.pe.product", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "threat.indicator.file.pe.sections.entropy", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "nested": { + "path": "threat.indicator.file.pe.sections" + } + } + }, + { + "name": "threat.indicator.file.pe.sections.name", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "nested": { + "path": "threat.indicator.file.pe.sections" + } + } + }, + { + "name": "threat.indicator.file.pe.sections.physical_size", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "nested": { + "path": "threat.indicator.file.pe.sections" + } + } + }, + { + "name": "threat.indicator.file.pe.sections.var_entropy", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "nested": { + "path": "threat.indicator.file.pe.sections" + } + } + }, + { + "name": "threat.indicator.file.pe.sections.virtual_size", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "nested": { + "path": "threat.indicator.file.pe.sections" + } + } + }, + { + "name": "threat.indicator.file.size", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "threat.indicator.file.target_path", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "threat.indicator.file.target_path.text", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "multi": { + "parent": "threat.indicator.file.target_path" + } + } + }, + { + "name": "threat.indicator.file.type", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "threat.indicator.file.uid", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "threat.indicator.file.x509.alternative_names", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "threat.indicator.file.x509.issuer.common_name", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "threat.indicator.file.x509.issuer.country", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "threat.indicator.file.x509.issuer.distinguished_name", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "threat.indicator.file.x509.issuer.locality", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "threat.indicator.file.x509.issuer.organization", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "threat.indicator.file.x509.issuer.organizational_unit", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "threat.indicator.file.x509.issuer.state_or_province", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "threat.indicator.file.x509.not_after", + "type": "date", + "esTypes": ["date"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "threat.indicator.file.x509.not_before", + "type": "date", + "esTypes": ["date"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "threat.indicator.file.x509.public_key_algorithm", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "threat.indicator.file.x509.public_key_curve", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "threat.indicator.file.x509.public_key_exponent", + "type": "number", + "esTypes": ["long"], + "searchable": false, + "aggregatable": false, + "readFromDocValues": false + }, + { + "name": "threat.indicator.file.x509.public_key_size", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "threat.indicator.file.x509.serial_number", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "threat.indicator.file.x509.signature_algorithm", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "threat.indicator.file.x509.subject.common_name", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "threat.indicator.file.x509.subject.country", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "threat.indicator.file.x509.subject.distinguished_name", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "threat.indicator.file.x509.subject.locality", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "threat.indicator.file.x509.subject.organization", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "threat.indicator.file.x509.subject.organizational_unit", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "threat.indicator.file.x509.subject.state_or_province", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "threat.indicator.file.x509.version_number", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "threat.indicator.first_seen", + "type": "date", + "esTypes": ["date"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "threat.indicator.geo.city_name", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "threat.indicator.geo.continent_code", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "threat.indicator.geo.continent_name", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "threat.indicator.geo.country_iso_code", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "threat.indicator.geo.country_name", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "threat.indicator.geo.location", + "type": "geo_point", + "esTypes": ["geo_point"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "threat.indicator.geo.name", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "threat.indicator.geo.postal_code", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "threat.indicator.geo.region_iso_code", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "threat.indicator.geo.region_name", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "threat.indicator.geo.timezone", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "threat.indicator.ip", + "type": "ip", + "esTypes": ["ip"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "threat.indicator.last_seen", + "type": "date", + "esTypes": ["date"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "threat.indicator.marking.tlp", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "threat.indicator.marking.tlp_version", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "threat.indicator.modified_at", + "type": "date", + "esTypes": ["date"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "threat.indicator.name", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "threat.indicator.port", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "threat.indicator.provider", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "threat.indicator.reference", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "threat.indicator.registry.data.bytes", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "threat.indicator.registry.data.strings", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "threat.indicator.registry.data.type", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "threat.indicator.registry.hive", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "threat.indicator.registry.key", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "threat.indicator.registry.path", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "threat.indicator.registry.value", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "threat.indicator.scanner_stats", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "threat.indicator.sightings", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "threat.indicator.type", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "threat.indicator.url.domain", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "threat.indicator.url.extension", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "threat.indicator.url.fragment", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "threat.indicator.url.full", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "threat.indicator.url.full.text", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "multi": { + "parent": "threat.indicator.url.full" + } + } + }, + { + "name": "threat.indicator.url.original", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "threat.indicator.url.original.text", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "multi": { + "parent": "threat.indicator.url.original" + } + } + }, + { + "name": "threat.indicator.url.password", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "threat.indicator.url.path", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "threat.indicator.url.port", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "threat.indicator.url.query", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "threat.indicator.url.registered_domain", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "threat.indicator.url.scheme", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "threat.indicator.url.subdomain", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "threat.indicator.url.top_level_domain", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "threat.indicator.url.username", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "threat.indicator.x509.alternative_names", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "threat.indicator.x509.issuer.common_name", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "threat.indicator.x509.issuer.country", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "threat.indicator.x509.issuer.distinguished_name", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "threat.indicator.x509.issuer.locality", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "threat.indicator.x509.issuer.organization", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "threat.indicator.x509.issuer.organizational_unit", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "threat.indicator.x509.issuer.state_or_province", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "threat.indicator.x509.not_after", + "type": "date", + "esTypes": ["date"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "threat.indicator.x509.not_before", + "type": "date", + "esTypes": ["date"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "threat.indicator.x509.public_key_algorithm", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "threat.indicator.x509.public_key_curve", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "threat.indicator.x509.public_key_exponent", + "type": "number", + "esTypes": ["long"], + "searchable": false, + "aggregatable": false, + "readFromDocValues": false + }, + { + "name": "threat.indicator.x509.public_key_size", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "threat.indicator.x509.serial_number", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "threat.indicator.x509.signature_algorithm", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "threat.indicator.x509.subject.common_name", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "threat.indicator.x509.subject.country", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "threat.indicator.x509.subject.distinguished_name", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "threat.indicator.x509.subject.locality", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "threat.indicator.x509.subject.organization", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "threat.indicator.x509.subject.organizational_unit", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "threat.indicator.x509.subject.state_or_province", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "threat.indicator.x509.version_number", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "threat.software.alias", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "threat.software.id", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "threat.software.name", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "threat.software.platforms", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "threat.software.reference", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "threat.software.type", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "threat.tactic.id", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "threat.tactic.name", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "threat.tactic.reference", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "threat.technique.id", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "threat.technique.name", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "threat.technique.name.text", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "multi": { + "parent": "threat.technique.name" + } + } + }, + { + "name": "threat.technique.reference", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "threat.technique.subtechnique.id", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "threat.technique.subtechnique.name", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "threat.technique.subtechnique.name.text", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "multi": { + "parent": "threat.technique.subtechnique.name" + } + } + }, + { + "name": "threat.technique.subtechnique.reference", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "tls.cipher", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "tls.client.certificate", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "tls.client.certificate_chain", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "tls.client.hash.md5", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "tls.client.hash.sha1", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "tls.client.hash.sha256", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "tls.client.issuer", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "tls.client.ja3", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "tls.client.not_after", + "type": "date", + "esTypes": ["date"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "tls.client.not_before", + "type": "date", + "esTypes": ["date"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "tls.client.server_name", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "tls.client.subject", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "tls.client.supported_ciphers", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "tls.client.x509.alternative_names", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "tls.client.x509.issuer.common_name", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "tls.client.x509.issuer.country", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "tls.client.x509.issuer.distinguished_name", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "tls.client.x509.issuer.locality", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "tls.client.x509.issuer.organization", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "tls.client.x509.issuer.organizational_unit", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "tls.client.x509.issuer.state_or_province", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "tls.client.x509.not_after", + "type": "date", + "esTypes": ["date"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "tls.client.x509.not_before", + "type": "date", + "esTypes": ["date"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "tls.client.x509.public_key_algorithm", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "tls.client.x509.public_key_curve", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "tls.client.x509.public_key_exponent", + "type": "number", + "esTypes": ["long"], + "searchable": false, + "aggregatable": false, + "readFromDocValues": false + }, + { + "name": "tls.client.x509.public_key_size", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "tls.client.x509.serial_number", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "tls.client.x509.signature_algorithm", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "tls.client.x509.subject.common_name", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "tls.client.x509.subject.country", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "tls.client.x509.subject.distinguished_name", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "tls.client.x509.subject.locality", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "tls.client.x509.subject.organization", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "tls.client.x509.subject.organizational_unit", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "tls.client.x509.subject.state_or_province", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "tls.client.x509.version_number", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "tls.curve", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "tls.established", + "type": "boolean", + "esTypes": ["boolean"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "tls.next_protocol", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "tls.resumed", + "type": "boolean", + "esTypes": ["boolean"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "tls.server.certificate", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "tls.server.certificate_chain", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "tls.server.hash.md5", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "tls.server.hash.sha1", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "tls.server.hash.sha256", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "tls.server.issuer", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "tls.server.ja3s", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "tls.server.not_after", + "type": "date", + "esTypes": ["date"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "tls.server.not_before", + "type": "date", + "esTypes": ["date"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "tls.server.subject", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "tls.server.x509.alternative_names", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "tls.server.x509.issuer.common_name", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "tls.server.x509.issuer.country", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "tls.server.x509.issuer.distinguished_name", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "tls.server.x509.issuer.locality", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "tls.server.x509.issuer.organization", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "tls.server.x509.issuer.organizational_unit", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "tls.server.x509.issuer.state_or_province", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "tls.server.x509.not_after", + "type": "date", + "esTypes": ["date"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "tls.server.x509.not_before", + "type": "date", + "esTypes": ["date"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "tls.server.x509.public_key_algorithm", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "tls.server.x509.public_key_curve", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "tls.server.x509.public_key_exponent", + "type": "number", + "esTypes": ["long"], + "searchable": false, + "aggregatable": false, + "readFromDocValues": false + }, + { + "name": "tls.server.x509.public_key_size", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "tls.server.x509.serial_number", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "tls.server.x509.signature_algorithm", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "tls.server.x509.subject.common_name", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "tls.server.x509.subject.country", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "tls.server.x509.subject.distinguished_name", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "tls.server.x509.subject.locality", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "tls.server.x509.subject.organization", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "tls.server.x509.subject.organizational_unit", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "tls.server.x509.subject.state_or_province", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "tls.server.x509.version_number", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "tls.version", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "tls.version_protocol", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "trace.id", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "transaction.id", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "url.domain", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "url.extension", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "url.fragment", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "url.full", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "url.full.text", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "multi": { + "parent": "url.full" + } + } + }, + { + "name": "url.original", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "url.original.text", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "multi": { + "parent": "url.original" + } + } + }, + { + "name": "url.password", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "url.path", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "url.port", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "url.query", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "url.registered_domain", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "url.scheme", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "url.subdomain", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "url.top_level_domain", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "url.username", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "user.changes.domain", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "user.changes.email", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "user.changes.full_name", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "user.changes.full_name.text", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "multi": { + "parent": "user.changes.full_name" + } + } + }, + { + "name": "user.changes.group.domain", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "user.changes.group.id", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "user.changes.group.name", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "user.changes.hash", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "user.changes.id", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "user.changes.name", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "user.changes.name.text", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "multi": { + "parent": "user.changes.name" + } + } + }, + { + "name": "user.changes.roles", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "user.domain", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "user.effective.domain", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "user.effective.email", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "user.effective.full_name", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "user.effective.full_name.text", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "multi": { + "parent": "user.effective.full_name" + } + } + }, + { + "name": "user.effective.group.domain", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "user.effective.group.id", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "user.effective.group.name", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "user.effective.hash", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "user.effective.id", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "user.effective.name", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "user.effective.name.text", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "multi": { + "parent": "user.effective.name" + } + } + }, + { + "name": "user.effective.roles", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "user.email", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "user.full_name", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "user.full_name.text", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "multi": { + "parent": "user.full_name" + } + } + }, + { + "name": "user.group.domain", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "user.group.id", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "user.group.name", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "user.hash", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "user.id", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "user.name", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "user.name.text", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "multi": { + "parent": "user.name" + } + } + }, + { + "name": "user.risk.calculated_level", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "user.risk.calculated_score", + "type": "number", + "esTypes": ["float"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "user.risk.calculated_score_norm", + "type": "number", + "esTypes": ["float"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "user.risk.static_level", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "user.risk.static_score", + "type": "number", + "esTypes": ["float"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "user.risk.static_score_norm", + "type": "number", + "esTypes": ["float"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "user.roles", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "user.target.domain", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "user.target.email", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "user.target.full_name", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "user.target.full_name.text", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "multi": { + "parent": "user.target.full_name" + } + } + }, + { + "name": "user.target.group.domain", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "user.target.group.id", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "user.target.group.name", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "user.target.hash", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "user.target.id", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "user.target.name", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "user.target.name.text", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "multi": { + "parent": "user.target.name" + } + } + }, + { + "name": "user.target.roles", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "user_agent.device.name", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "user_agent.name", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "user_agent.original", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "user_agent.original.text", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "multi": { + "parent": "user_agent.original" + } + } + }, + { + "name": "user_agent.os.family", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "user_agent.os.full", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "user_agent.os.full.text", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "multi": { + "parent": "user_agent.os.full" + } + } + }, + { + "name": "user_agent.os.kernel", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "user_agent.os.name", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "user_agent.os.name.text", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "multi": { + "parent": "user_agent.os.name" + } + } + }, + { + "name": "user_agent.os.platform", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "user_agent.os.type", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "user_agent.os.version", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "user_agent.version", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "vulnerability.category", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "vulnerability.classification", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "vulnerability.description", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "vulnerability.enumeration", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "vulnerability.id", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "vulnerability.reference", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "vulnerability.report_id", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "vulnerability.scanner.vendor", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "vulnerability.score.base", + "type": "number", + "esTypes": ["float"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "vulnerability.score.environmental", + "type": "number", + "esTypes": ["float"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "vulnerability.score.temporal", + "type": "number", + "esTypes": ["float"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "vulnerability.score.version", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "vulnerability.severity", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + } +] diff --git a/plugins/wazuh-core/server/initialization/index-patterns-fields/fields-commands.json b/plugins/wazuh-core/server/initialization/index-patterns-fields/fields-commands.json new file mode 100644 index 0000000000..b9eef5ff65 --- /dev/null +++ b/plugins/wazuh-core/server/initialization/index-patterns-fields/fields-commands.json @@ -0,0 +1,168 @@ +[ + { + "name": "@timestamp", + "type": "date", + "esTypes": ["date"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "_id", + "type": "string", + "esTypes": ["_id"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": false + }, + { + "name": "_index", + "type": "string", + "esTypes": ["_index"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": false + }, + { + "name": "_score", + "type": "number", + "searchable": false, + "aggregatable": false, + "readFromDocValues": false + }, + { + "name": "_source", + "type": "_source", + "esTypes": ["_source"], + "searchable": false, + "aggregatable": false, + "readFromDocValues": false + }, + { + "name": "_type", + "type": "string", + "searchable": false, + "aggregatable": false, + "readFromDocValues": false + }, + { + "name": "agent.groups", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "command.action.name", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "command.action.version", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "command.order_id", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "command.request_id", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "command.result.code", + "type": "number", + "esTypes": ["short"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "command.result.data", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "command.result.message", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "command.source", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "command.status", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "command.target.id", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "command.target.type", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "command.timeout", + "type": "number", + "esTypes": ["short"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "command.user", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "delivery_timestamp", + "type": "date", + "esTypes": ["date"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + } +] diff --git a/plugins/wazuh-core/server/initialization/index-patterns-fields/fields-fim.json b/plugins/wazuh-core/server/initialization/index-patterns-fields/fields-fim.json new file mode 100644 index 0000000000..b0599b8fa4 --- /dev/null +++ b/plugins/wazuh-core/server/initialization/index-patterns-fields/fields-fim.json @@ -0,0 +1,586 @@ +[ + { + "name": "_id", + "type": "string", + "esTypes": ["_id"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": false + }, + { + "name": "_index", + "type": "string", + "esTypes": ["_index"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": false + }, + { + "name": "_score", + "type": "number", + "searchable": false, + "aggregatable": false, + "readFromDocValues": false + }, + { + "name": "_source", + "type": "_source", + "esTypes": ["_source"], + "searchable": false, + "aggregatable": false, + "readFromDocValues": false + }, + { + "name": "_type", + "type": "string", + "searchable": false, + "aggregatable": false, + "readFromDocValues": false + }, + { + "name": "agent.groups", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.architecture", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.boot.id", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.cpu.usage", + "type": "number", + "esTypes": ["float"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.disk.read.bytes", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.disk.write.bytes", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.domain", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.geo.city_name", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.geo.continent_code", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.geo.continent_name", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.geo.country_iso_code", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.geo.country_name", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.geo.location", + "type": "geo_point", + "esTypes": ["geo_point"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.geo.name", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.geo.postal_code", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.geo.region_iso_code", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.geo.region_name", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.geo.timezone", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.hostname", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.id", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.ip", + "type": "ip", + "esTypes": ["ip"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.mac", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.name", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.network.egress.bytes", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.network.egress.packets", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.network.ingress.bytes", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.network.ingress.packets", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.os.family", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.os.full", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.os.kernel", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.os.name", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.os.platform", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.os.type", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.os.version", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.pid_ns_ino", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.risk.calculated_level", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.risk.calculated_score", + "type": "number", + "esTypes": ["float"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.risk.calculated_score_norm", + "type": "number", + "esTypes": ["float"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.risk.static_level", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.risk.static_score", + "type": "number", + "esTypes": ["float"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.risk.static_score_norm", + "type": "number", + "esTypes": ["float"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.type", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.uptime", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.id", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.name", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.type", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.version", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "file.attributes", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "file.gid", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "file.group", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "file.hash.md5", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "file.hash.sha1", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "file.hash.sha256", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "file.inode", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "file.mode", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "file.mtime", + "type": "date", + "esTypes": ["date"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "file.name", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "file.owner", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "file.path", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "file.path.text", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "multi": { + "parent": "file.path" + } + } + }, + { + "name": "file.size", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "file.target_path", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "file.target_path.text", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true, + "subType": { + "multi": { + "parent": "file.target_path" + } + } + }, + { + "name": "file.type", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "file.uid", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "registry.key", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "registry.value", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + } +] diff --git a/plugins/wazuh-core/server/initialization/index-patterns-fields/fields-hardware.json b/plugins/wazuh-core/server/initialization/index-patterns-fields/fields-hardware.json new file mode 100644 index 0000000000..ebedcc3adb --- /dev/null +++ b/plugins/wazuh-core/server/initialization/index-patterns-fields/fields-hardware.json @@ -0,0 +1,536 @@ +[ + { + "name": "@timestamp", + "type": "date", + "esTypes": ["date"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "_id", + "type": "string", + "esTypes": ["_id"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": false + }, + { + "name": "_index", + "type": "string", + "esTypes": ["_index"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": false + }, + { + "name": "_score", + "type": "number", + "searchable": false, + "aggregatable": false, + "readFromDocValues": false + }, + { + "name": "_source", + "type": "_source", + "esTypes": ["_source"], + "searchable": false, + "aggregatable": false, + "readFromDocValues": false + }, + { + "name": "_type", + "type": "string", + "searchable": false, + "aggregatable": false, + "readFromDocValues": false + }, + { + "name": "agent.groups", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.architecture", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.boot.id", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.cpu.cores", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.cpu.name", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.cpu.speed", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.cpu.usage", + "type": "number", + "esTypes": ["float"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.disk.read.bytes", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.disk.write.bytes", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.domain", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.geo.city_name", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.geo.continent_code", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.geo.continent_name", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.geo.country_iso_code", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.geo.country_name", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.geo.location", + "type": "geo_point", + "esTypes": ["geo_point"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.geo.name", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.geo.postal_code", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.geo.region_iso_code", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.geo.region_name", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.geo.timezone", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.hostname", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.id", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.ip", + "type": "ip", + "esTypes": ["ip"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.mac", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.memory.free", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.memory.total", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.memory.used.percentage", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.name", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.network.egress.bytes", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.network.egress.packets", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.network.ingress.bytes", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.network.ingress.packets", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.os.family", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.os.full", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.os.kernel", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.os.name", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.os.platform", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.os.type", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.os.version", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.pid_ns_ino", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.risk.calculated_level", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.risk.calculated_score", + "type": "number", + "esTypes": ["float"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.risk.calculated_score_norm", + "type": "number", + "esTypes": ["float"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.risk.static_level", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.risk.static_score", + "type": "number", + "esTypes": ["float"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.risk.static_score_norm", + "type": "number", + "esTypes": ["float"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.type", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.uptime", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.id", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.name", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.type", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.version", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "host.cpu.cores", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "host.cpu.name", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "host.cpu.speed", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "host.cpu.usage", + "type": "number", + "esTypes": ["float"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "host.memory.free", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "host.memory.total", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "host.memory.used.percentage", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "observer.serial_number", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + } +] diff --git a/plugins/wazuh-core/server/initialization/index-patterns-fields/fields-hotfixes.json b/plugins/wazuh-core/server/initialization/index-patterns-fields/fields-hotfixes.json new file mode 100644 index 0000000000..2f19765469 --- /dev/null +++ b/plugins/wazuh-core/server/initialization/index-patterns-fields/fields-hotfixes.json @@ -0,0 +1,432 @@ +[ + { + "name": "@timestamp", + "type": "date", + "esTypes": ["date"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "_id", + "type": "string", + "esTypes": ["_id"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": false + }, + { + "name": "_index", + "type": "string", + "esTypes": ["_index"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": false + }, + { + "name": "_score", + "type": "number", + "searchable": false, + "aggregatable": false, + "readFromDocValues": false + }, + { + "name": "_source", + "type": "_source", + "esTypes": ["_source"], + "searchable": false, + "aggregatable": false, + "readFromDocValues": false + }, + { + "name": "_type", + "type": "string", + "searchable": false, + "aggregatable": false, + "readFromDocValues": false + }, + { + "name": "agent.groups", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.architecture", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.boot.id", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.cpu.usage", + "type": "number", + "esTypes": ["float"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.disk.read.bytes", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.disk.write.bytes", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.domain", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.geo.city_name", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.geo.continent_code", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.geo.continent_name", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.geo.country_iso_code", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.geo.country_name", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.geo.location", + "type": "geo_point", + "esTypes": ["geo_point"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.geo.name", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.geo.postal_code", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.geo.region_iso_code", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.geo.region_name", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.geo.timezone", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.hostname", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.id", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.ip", + "type": "ip", + "esTypes": ["ip"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.mac", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.name", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.network.egress.bytes", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.network.egress.packets", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.network.ingress.bytes", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.network.ingress.packets", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.os.family", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.os.full", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.os.kernel", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.os.name", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.os.platform", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.os.type", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.os.version", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.pid_ns_ino", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.risk.calculated_level", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.risk.calculated_score", + "type": "number", + "esTypes": ["float"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.risk.calculated_score_norm", + "type": "number", + "esTypes": ["float"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.risk.static_level", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.risk.static_score", + "type": "number", + "esTypes": ["float"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.risk.static_score_norm", + "type": "number", + "esTypes": ["float"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.type", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.uptime", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.id", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.name", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.type", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.version", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "package.hotfix.name", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + } +] diff --git a/plugins/wazuh-core/server/initialization/index-patterns-fields/fields-networks.json b/plugins/wazuh-core/server/initialization/index-patterns-fields/fields-networks.json new file mode 100644 index 0000000000..1bf4690a9f --- /dev/null +++ b/plugins/wazuh-core/server/initialization/index-patterns-fields/fields-networks.json @@ -0,0 +1,920 @@ +[ + { + "name": "@timestamp", + "type": "date", + "esTypes": ["date"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "_id", + "type": "string", + "esTypes": ["_id"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": false + }, + { + "name": "_index", + "type": "string", + "esTypes": ["_index"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": false + }, + { + "name": "_score", + "type": "number", + "searchable": false, + "aggregatable": false, + "readFromDocValues": false + }, + { + "name": "_source", + "type": "_source", + "esTypes": ["_source"], + "searchable": false, + "aggregatable": false, + "readFromDocValues": false + }, + { + "name": "_type", + "type": "string", + "searchable": false, + "aggregatable": false, + "readFromDocValues": false + }, + { + "name": "agent.groups", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.architecture", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.boot.id", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.cpu.usage", + "type": "number", + "esTypes": ["float"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.disk.read.bytes", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.disk.write.bytes", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.domain", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.geo.city_name", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.geo.continent_code", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.geo.continent_name", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.geo.country_iso_code", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.geo.country_name", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.geo.location", + "type": "geo_point", + "esTypes": ["geo_point"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.geo.name", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.geo.postal_code", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.geo.region_iso_code", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.geo.region_name", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.geo.timezone", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.hostname", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.id", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.ip", + "type": "ip", + "esTypes": ["ip"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.mac", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.name", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.network.egress.bytes", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.network.egress.drops", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.network.egress.errors", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.network.egress.packets", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.network.ingress.bytes", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.network.ingress.drops", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.network.ingress.errors", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.network.ingress.packets", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.os.family", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.os.full", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.os.kernel", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.os.name", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.os.platform", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.os.type", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.os.version", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.pid_ns_ino", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.risk.calculated_level", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.risk.calculated_score", + "type": "number", + "esTypes": ["float"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.risk.calculated_score_norm", + "type": "number", + "esTypes": ["float"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.risk.static_level", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.risk.static_score", + "type": "number", + "esTypes": ["float"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.risk.static_score_norm", + "type": "number", + "esTypes": ["float"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.type", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.uptime", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.id", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.name", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.type", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.version", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "host.architecture", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "host.boot.id", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "host.cpu.usage", + "type": "number", + "esTypes": ["float"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "host.disk.read.bytes", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "host.disk.write.bytes", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "host.domain", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "host.geo.city_name", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "host.geo.continent_code", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "host.geo.continent_name", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "host.geo.country_iso_code", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "host.geo.country_name", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "host.geo.location", + "type": "geo_point", + "esTypes": ["geo_point"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "host.geo.name", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "host.geo.postal_code", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "host.geo.region_iso_code", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "host.geo.region_name", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "host.geo.timezone", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "host.hostname", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "host.id", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "host.ip", + "type": "ip", + "esTypes": ["ip"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "host.mac", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "host.name", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "host.network.egress.bytes", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "host.network.egress.drops", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "host.network.egress.errors", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "host.network.egress.packets", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "host.network.ingress.bytes", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "host.network.ingress.drops", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "host.network.ingress.errors", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "host.network.ingress.packets", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "host.os.family", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "host.os.full", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "host.os.kernel", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "host.os.name", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "host.os.platform", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "host.os.type", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "host.os.version", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "host.pid_ns_ino", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "host.risk.calculated_level", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "host.risk.calculated_score", + "type": "number", + "esTypes": ["float"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "host.risk.calculated_score_norm", + "type": "number", + "esTypes": ["float"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "host.risk.static_level", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "host.risk.static_score", + "type": "number", + "esTypes": ["float"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "host.risk.static_score_norm", + "type": "number", + "esTypes": ["float"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "host.type", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "host.uptime", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "interface.mtu", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "interface.state", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "interface.type", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "network.broadcast", + "type": "ip", + "esTypes": ["ip"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "network.dhcp", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "network.gateway", + "type": "ip", + "esTypes": ["ip"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "network.metric", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "network.netmask", + "type": "ip", + "esTypes": ["ip"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "network.protocol", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "network.type", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "observer.ingress.interface.alias", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "observer.ingress.interface.name", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + } +] diff --git a/plugins/wazuh-core/server/initialization/index-patterns-fields/fields-packages.json b/plugins/wazuh-core/server/initialization/index-patterns-fields/fields-packages.json new file mode 100644 index 0000000000..c88d9c76e7 --- /dev/null +++ b/plugins/wazuh-core/server/initialization/index-patterns-fields/fields-packages.json @@ -0,0 +1,488 @@ +[ + { + "name": "@timestamp", + "type": "date", + "esTypes": ["date"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "_id", + "type": "string", + "esTypes": ["_id"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": false + }, + { + "name": "_index", + "type": "string", + "esTypes": ["_index"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": false + }, + { + "name": "_score", + "type": "number", + "searchable": false, + "aggregatable": false, + "readFromDocValues": false + }, + { + "name": "_source", + "type": "_source", + "esTypes": ["_source"], + "searchable": false, + "aggregatable": false, + "readFromDocValues": false + }, + { + "name": "_type", + "type": "string", + "searchable": false, + "aggregatable": false, + "readFromDocValues": false + }, + { + "name": "agent.groups", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.architecture", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.boot.id", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.cpu.usage", + "type": "number", + "esTypes": ["float"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.disk.read.bytes", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.disk.write.bytes", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.domain", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.geo.city_name", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.geo.continent_code", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.geo.continent_name", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.geo.country_iso_code", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.geo.country_name", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.geo.location", + "type": "geo_point", + "esTypes": ["geo_point"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.geo.name", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.geo.postal_code", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.geo.region_iso_code", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.geo.region_name", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.geo.timezone", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.hostname", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.id", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.ip", + "type": "ip", + "esTypes": ["ip"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.mac", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.name", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.network.egress.bytes", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.network.egress.packets", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.network.ingress.bytes", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.network.ingress.packets", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.os.family", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.os.full", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.os.kernel", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.os.name", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.os.platform", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.os.type", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.os.version", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.pid_ns_ino", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.risk.calculated_level", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.risk.calculated_score", + "type": "number", + "esTypes": ["float"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.risk.calculated_score_norm", + "type": "number", + "esTypes": ["float"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.risk.static_level", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.risk.static_score", + "type": "number", + "esTypes": ["float"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.risk.static_score_norm", + "type": "number", + "esTypes": ["float"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.type", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.uptime", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.id", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.name", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.type", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.version", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "package.architecture", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "package.description", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "package.installed", + "type": "date", + "esTypes": ["date"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "package.name", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "package.path", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "package.size", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "package.type", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "package.version", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + } +] diff --git a/plugins/wazuh-core/server/initialization/index-patterns-fields/fields-ports.json b/plugins/wazuh-core/server/initialization/index-patterns-fields/fields-ports.json new file mode 100644 index 0000000000..452affe6ce --- /dev/null +++ b/plugins/wazuh-core/server/initialization/index-patterns-fields/fields-ports.json @@ -0,0 +1,536 @@ +[ + { + "name": "@timestamp", + "type": "date", + "esTypes": ["date"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "_id", + "type": "string", + "esTypes": ["_id"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": false + }, + { + "name": "_index", + "type": "string", + "esTypes": ["_index"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": false + }, + { + "name": "_score", + "type": "number", + "searchable": false, + "aggregatable": false, + "readFromDocValues": false + }, + { + "name": "_source", + "type": "_source", + "esTypes": ["_source"], + "searchable": false, + "aggregatable": false, + "readFromDocValues": false + }, + { + "name": "_type", + "type": "string", + "searchable": false, + "aggregatable": false, + "readFromDocValues": false + }, + { + "name": "agent.groups", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.architecture", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.boot.id", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.cpu.usage", + "type": "number", + "esTypes": ["float"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.disk.read.bytes", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.disk.write.bytes", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.domain", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.geo.city_name", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.geo.continent_code", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.geo.continent_name", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.geo.country_iso_code", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.geo.country_name", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.geo.location", + "type": "geo_point", + "esTypes": ["geo_point"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.geo.name", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.geo.postal_code", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.geo.region_iso_code", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.geo.region_name", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.geo.timezone", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.hostname", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.id", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.ip", + "type": "ip", + "esTypes": ["ip"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.mac", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.name", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.network.egress.bytes", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.network.egress.packets", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.network.egress.queue", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.network.ingress.bytes", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.network.ingress.packets", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.network.ingress.queue", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.os.family", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.os.full", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.os.kernel", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.os.name", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.os.platform", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.os.type", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.os.version", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.pid_ns_ino", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.risk.calculated_level", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.risk.calculated_score", + "type": "number", + "esTypes": ["float"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.risk.calculated_score_norm", + "type": "number", + "esTypes": ["float"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.risk.static_level", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.risk.static_score", + "type": "number", + "esTypes": ["float"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.risk.static_score_norm", + "type": "number", + "esTypes": ["float"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.type", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.uptime", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.id", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.name", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.type", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.version", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "destination.ip", + "type": "ip", + "esTypes": ["ip"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "destination.port", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "device.id", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "file.inode", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "host.network.egress.queue", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "host.network.ingress.queue", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "interface.state", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "network.protocol", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "process.name", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "process.pid", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "source.ip", + "type": "ip", + "esTypes": ["ip"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "source.port", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + } +] diff --git a/plugins/wazuh-core/server/initialization/index-patterns-fields/fields-processes.json b/plugins/wazuh-core/server/initialization/index-patterns-fields/fields-processes.json new file mode 100644 index 0000000000..8b3d6b0cac --- /dev/null +++ b/plugins/wazuh-core/server/initialization/index-patterns-fields/fields-processes.json @@ -0,0 +1,536 @@ +[ + { + "name": "@timestamp", + "type": "date", + "esTypes": ["date"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "_id", + "type": "string", + "esTypes": ["_id"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": false + }, + { + "name": "_index", + "type": "string", + "esTypes": ["_index"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": false + }, + { + "name": "_score", + "type": "number", + "searchable": false, + "aggregatable": false, + "readFromDocValues": false + }, + { + "name": "_source", + "type": "_source", + "esTypes": ["_source"], + "searchable": false, + "aggregatable": false, + "readFromDocValues": false + }, + { + "name": "_type", + "type": "string", + "searchable": false, + "aggregatable": false, + "readFromDocValues": false + }, + { + "name": "agent.groups", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.architecture", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.boot.id", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.cpu.usage", + "type": "number", + "esTypes": ["float"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.disk.read.bytes", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.disk.write.bytes", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.domain", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.geo.city_name", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.geo.continent_code", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.geo.continent_name", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.geo.country_iso_code", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.geo.country_name", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.geo.location", + "type": "geo_point", + "esTypes": ["geo_point"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.geo.name", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.geo.postal_code", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.geo.region_iso_code", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.geo.region_name", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.geo.timezone", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.hostname", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.id", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.ip", + "type": "ip", + "esTypes": ["ip"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.mac", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.name", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.network.egress.bytes", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.network.egress.packets", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.network.ingress.bytes", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.network.ingress.packets", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.os.family", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.os.full", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.os.kernel", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.os.name", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.os.platform", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.os.type", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.os.version", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.pid_ns_ino", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.risk.calculated_level", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.risk.calculated_score", + "type": "number", + "esTypes": ["float"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.risk.calculated_score_norm", + "type": "number", + "esTypes": ["float"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.risk.static_level", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.risk.static_score", + "type": "number", + "esTypes": ["float"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.risk.static_score_norm", + "type": "number", + "esTypes": ["float"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.type", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.uptime", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.id", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.name", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.type", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.version", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "process.args", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "process.command_line", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "process.group.id", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "process.name", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "process.parent.pid", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "process.pid", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "process.real_group.id", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "process.real_user.id", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "process.saved_group.id", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "process.saved_user.id", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "process.start", + "type": "date", + "esTypes": ["date"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "process.thread.id", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "process.tty.char_device.major", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "process.user.id", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + } +] diff --git a/plugins/wazuh-core/server/initialization/index-patterns-fields/fields-scheduled-commands.json b/plugins/wazuh-core/server/initialization/index-patterns-fields/fields-scheduled-commands.json new file mode 100644 index 0000000000..4ddda5a87a --- /dev/null +++ b/plugins/wazuh-core/server/initialization/index-patterns-fields/fields-scheduled-commands.json @@ -0,0 +1,96 @@ +[ + { + "name": "_id", + "type": "string", + "esTypes": ["_id"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": false + }, + { + "name": "_index", + "type": "string", + "esTypes": ["_index"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": false + }, + { + "name": "_score", + "type": "number", + "searchable": false, + "aggregatable": false, + "readFromDocValues": false + }, + { + "name": "_source", + "type": "_source", + "esTypes": ["_source"], + "searchable": false, + "aggregatable": false, + "readFromDocValues": false + }, + { + "name": "_type", + "type": "string", + "searchable": false, + "aggregatable": false, + "readFromDocValues": false + }, + { + "name": "enabled", + "type": "boolean", + "esTypes": ["boolean"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "enabled_time", + "type": "date", + "esTypes": ["date"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "last_update_time", + "type": "date", + "esTypes": ["date"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "name", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "schedule.interval.period", + "type": "number", + "esTypes": ["integer"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "schedule.interval.start_time", + "type": "date", + "esTypes": ["date"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "schedule.interval.unit", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + } +] diff --git a/plugins/wazuh-core/server/initialization/index-patterns-fields/fields-system.json b/plugins/wazuh-core/server/initialization/index-patterns-fields/fields-system.json new file mode 100644 index 0000000000..7cdd2ba6e4 --- /dev/null +++ b/plugins/wazuh-core/server/initialization/index-patterns-fields/fields-system.json @@ -0,0 +1,760 @@ +[ + { + "name": "@timestamp", + "type": "date", + "esTypes": ["date"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "_id", + "type": "string", + "esTypes": ["_id"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": false + }, + { + "name": "_index", + "type": "string", + "esTypes": ["_index"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": false + }, + { + "name": "_score", + "type": "number", + "searchable": false, + "aggregatable": false, + "readFromDocValues": false + }, + { + "name": "_source", + "type": "_source", + "esTypes": ["_source"], + "searchable": false, + "aggregatable": false, + "readFromDocValues": false + }, + { + "name": "_type", + "type": "string", + "searchable": false, + "aggregatable": false, + "readFromDocValues": false + }, + { + "name": "agent.groups", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.architecture", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.boot.id", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.cpu.usage", + "type": "number", + "esTypes": ["float"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.disk.read.bytes", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.disk.write.bytes", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.domain", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.geo.city_name", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.geo.continent_code", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.geo.continent_name", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.geo.country_iso_code", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.geo.country_name", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.geo.location", + "type": "geo_point", + "esTypes": ["geo_point"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.geo.name", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.geo.postal_code", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.geo.region_iso_code", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.geo.region_name", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.geo.timezone", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.hostname", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.id", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.ip", + "type": "ip", + "esTypes": ["ip"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.mac", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.name", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.network.egress.bytes", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.network.egress.packets", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.network.ingress.bytes", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.network.ingress.packets", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.os.family", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.os.full", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.os.kernel", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.os.name", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.os.platform", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.os.type", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.os.version", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.pid_ns_ino", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.risk.calculated_level", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.risk.calculated_score", + "type": "number", + "esTypes": ["float"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.risk.calculated_score_norm", + "type": "number", + "esTypes": ["float"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.risk.static_level", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.risk.static_score", + "type": "number", + "esTypes": ["float"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.risk.static_score_norm", + "type": "number", + "esTypes": ["float"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.type", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.uptime", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.id", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.name", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.type", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.version", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "host.architecture", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "host.boot.id", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "host.cpu.usage", + "type": "number", + "esTypes": ["float"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "host.disk.read.bytes", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "host.disk.write.bytes", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "host.domain", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "host.geo.city_name", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "host.geo.continent_code", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "host.geo.continent_name", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "host.geo.country_iso_code", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "host.geo.country_name", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "host.geo.location", + "type": "geo_point", + "esTypes": ["geo_point"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "host.geo.name", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "host.geo.postal_code", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "host.geo.region_iso_code", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "host.geo.region_name", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "host.geo.timezone", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "host.hostname", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "host.id", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "host.ip", + "type": "ip", + "esTypes": ["ip"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "host.mac", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "host.name", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "host.network.egress.bytes", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "host.network.egress.packets", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "host.network.ingress.bytes", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "host.network.ingress.packets", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "host.os.family", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "host.os.full", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "host.os.kernel", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "host.os.name", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "host.os.platform", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "host.os.type", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "host.os.version", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "host.pid_ns_ino", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "host.risk.calculated_level", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "host.risk.calculated_score", + "type": "number", + "esTypes": ["float"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "host.risk.calculated_score_norm", + "type": "number", + "esTypes": ["float"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "host.risk.static_level", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "host.risk.static_score", + "type": "number", + "esTypes": ["float"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "host.risk.static_score_norm", + "type": "number", + "esTypes": ["float"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "host.type", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "host.uptime", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + } +] diff --git a/plugins/wazuh-core/server/initialization/index-patterns-fields/fields-vulnerabilities.json b/plugins/wazuh-core/server/initialization/index-patterns-fields/fields-vulnerabilities.json new file mode 100644 index 0000000000..1f26a1ab33 --- /dev/null +++ b/plugins/wazuh-core/server/initialization/index-patterns-fields/fields-vulnerabilities.json @@ -0,0 +1,1024 @@ +[ + { + "name": "_id", + "type": "string", + "esTypes": ["_id"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": false + }, + { + "name": "_index", + "type": "string", + "esTypes": ["_index"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": false + }, + { + "name": "_score", + "type": "number", + "searchable": false, + "aggregatable": false, + "readFromDocValues": false + }, + { + "name": "_source", + "type": "_source", + "esTypes": ["_source"], + "searchable": false, + "aggregatable": false, + "readFromDocValues": false + }, + { + "name": "_type", + "type": "string", + "searchable": false, + "aggregatable": false, + "readFromDocValues": false + }, + { + "name": "agent.groups", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.architecture", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.boot.id", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.cpu.usage", + "type": "number", + "esTypes": ["float"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.disk.read.bytes", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.disk.write.bytes", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.domain", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.geo.city_name", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.geo.continent_code", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.geo.continent_name", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.geo.country_iso_code", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.geo.country_name", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.geo.location", + "type": "geo_point", + "esTypes": ["geo_point"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.geo.name", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.geo.postal_code", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.geo.region_iso_code", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.geo.region_name", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.geo.timezone", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.hostname", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.id", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.ip", + "type": "ip", + "esTypes": ["ip"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.mac", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.name", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.network.egress.bytes", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.network.egress.packets", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.network.ingress.bytes", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.network.ingress.packets", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.os.family", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.os.full", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.os.kernel", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.os.name", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.os.platform", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.os.type", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.os.version", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.pid_ns_ino", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.risk.calculated_level", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.risk.calculated_score", + "type": "number", + "esTypes": ["float"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.risk.calculated_score_norm", + "type": "number", + "esTypes": ["float"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.risk.static_level", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.risk.static_score", + "type": "number", + "esTypes": ["float"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.risk.static_score_norm", + "type": "number", + "esTypes": ["float"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.type", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.host.uptime", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.id", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.name", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.type", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "agent.version", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "host.architecture", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "host.boot.id", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "host.cpu.usage", + "type": "number", + "esTypes": ["float"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "host.disk.read.bytes", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "host.disk.write.bytes", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "host.domain", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "host.geo.city_name", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "host.geo.continent_code", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "host.geo.continent_name", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "host.geo.country_iso_code", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "host.geo.country_name", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "host.geo.location", + "type": "geo_point", + "esTypes": ["geo_point"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "host.geo.name", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "host.geo.postal_code", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "host.geo.region_iso_code", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "host.geo.region_name", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "host.geo.timezone", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "host.hostname", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "host.id", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "host.ip", + "type": "ip", + "esTypes": ["ip"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "host.mac", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "host.name", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "host.network.egress.bytes", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "host.network.egress.packets", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "host.network.ingress.bytes", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "host.network.ingress.packets", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "host.os.family", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "host.os.full", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "host.os.kernel", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "host.os.name", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "host.os.platform", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "host.os.type", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "host.os.version", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "host.pid_ns_ino", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "host.risk.calculated_level", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "host.risk.calculated_score", + "type": "number", + "esTypes": ["float"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "host.risk.calculated_score_norm", + "type": "number", + "esTypes": ["float"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "host.risk.static_level", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "host.risk.static_score", + "type": "number", + "esTypes": ["float"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "host.risk.static_score_norm", + "type": "number", + "esTypes": ["float"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "host.type", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "host.uptime", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "package.architecture", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "package.build_version", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "package.checksum", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "package.description", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "package.install_scope", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "package.installed", + "type": "date", + "esTypes": ["date"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "package.license", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "package.name", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "package.path", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "package.reference", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "package.size", + "type": "number", + "esTypes": ["long"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "package.type", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "package.version", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "vulnerability.category", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "vulnerability.classification", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "vulnerability.description", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "vulnerability.detected_at", + "type": "date", + "esTypes": ["date"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "vulnerability.enumeration", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "vulnerability.id", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "vulnerability.published_at", + "type": "date", + "esTypes": ["date"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "vulnerability.reference", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "vulnerability.report_id", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "vulnerability.scanner.condition", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "vulnerability.scanner.source", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "vulnerability.scanner.vendor", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "vulnerability.score.base", + "type": "number", + "esTypes": ["float"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "vulnerability.score.environmental", + "type": "number", + "esTypes": ["float"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "vulnerability.score.temporal", + "type": "number", + "esTypes": ["float"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "vulnerability.score.version", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "vulnerability.severity", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "vulnerability.under_evaluation", + "type": "boolean", + "esTypes": ["boolean"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "wazuh.cluster.name", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "wazuh.cluster.node", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + }, + { + "name": "wazuh.schema.version", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true + } +] diff --git a/plugins/wazuh-core/server/plugin.ts b/plugins/wazuh-core/server/plugin.ts index 0fd2b918bc..29b66baa97 100644 --- a/plugins/wazuh-core/server/plugin.ts +++ b/plugins/wazuh-core/server/plugin.ts @@ -41,10 +41,21 @@ import { initializationTaskCreatorIndexPattern, initializationTaskCreatorSetting, } from './initialization'; -import alertsIndexPatternDefaultFields from './initialization/index-patterns-fields/alerts-fields.json'; import monitoringIndexPatternDefaultFields from './initialization/index-patterns-fields/monitoring-fields.json'; import statisticsIndexPatternDefaultFields from './initialization/index-patterns-fields/statistics-fields.json'; -import vulnerabilitiesStatesFields from './initialization/index-patterns-fields/vulnerabibility-states-fields.json'; +import indexPatternFieldsAgent from './initialization/index-patterns-fields/fields-agent.json'; +import indexPatternFieldsAlerts from './initialization/index-patterns-fields/fields-alerts.json'; +import indexPatternFieldsCommands from './initialization/index-patterns-fields/fields-commands.json'; +import indexPatternFieldsFim from './initialization/index-patterns-fields/fields-fim.json'; +import indexPatternFieldsHardware from './initialization/index-patterns-fields/fields-hardware.json'; +import indexPatternFieldsHotfixes from './initialization/index-patterns-fields/fields-hotfixes.json'; +import indexPatternFieldsNetworks from './initialization/index-patterns-fields/fields-networks.json'; +import indexPatternFieldsPackages from './initialization/index-patterns-fields/fields-packages.json'; +import indexPatternFieldsPorts from './initialization/index-patterns-fields/fields-ports.json'; +import indexPatternFieldsProcesses from './initialization/index-patterns-fields/fields-processes.json'; +import indexPatternFieldsSheduledCommands from './initialization/index-patterns-fields/fields-scheduled-commands.json'; +import indexPatternFieldsSystem from './initialization/index-patterns-fields/fields-system.json'; +import indexPatternFieldsVulnerabilities from './initialization/index-patterns-fields/fields-vulnerabilities.json'; export class WazuhCorePlugin implements Plugin @@ -120,13 +131,13 @@ export class WazuhCorePlugin // TODO: this task should be registered by the related plugin this.services.initialization.register( initializationTaskCreatorIndexPattern({ - getIndexPatternID: ctx => ctx.configuration.get('pattern'), + getIndexPatternID: async () => 'wazuh-alerts-5.x-*', // TODO: this should use a static value or configurable setting in the server side taskName: 'index-pattern:alerts', options: { savedObjectOverwrite: { - timeFieldName: 'timestamp', + timeFieldName: '@timestamp', }, - fieldsNoIndices: alertsIndexPatternDefaultFields, + fieldsNoIndices: indexPatternFieldsAlerts, }, configurationSettingKey: 'checks.pattern', }), @@ -151,11 +162,10 @@ export class WazuhCorePlugin // TODO: this task should be registered by the related plugin this.services.initialization.register( initializationTaskCreatorIndexPattern({ - getIndexPatternID: ctx => - ctx.configuration.get('vulnerabilities.pattern'), - taskName: 'index-pattern:vulnerabilities-states', + getIndexPatternID: async () => 'wazuh-states-vulnerabilities*', // TODO: this should use a static value or configurable setting in the server side + taskName: 'index-pattern:states-vulnerabilities', options: { - fieldsNoIndices: vulnerabilitiesStatesFields, + fieldsNoIndices: indexPatternFieldsVulnerabilities, }, configurationSettingKey: 'checks.vulnerability', // TODO: create new setting }), @@ -187,6 +197,112 @@ export class WazuhCorePlugin }), ); + // TODO: this task should be registered by the related plugin + /* + Temporal: we register the index pattern initialization tasks using a static fields definition. + We could retrieve tihs data from the template indexed by Wazuh indexer and + transform into the index pattern field format + */ + + for (const { + indexPattern, + taskIndexPattern, + timeFieldName, + fieldsNoIndices, + configurationSettingKey, + } of [ + { + indexPattern: 'wazuh-agents*', + taskIndexPattern: 'agents', + fieldsNoIndices: indexPatternFieldsAgent, + configurationSettingKey: '', + }, + { + indexPattern: 'wazuh-commands*', + taskIndexPattern: 'commands', + fieldsNoIndices: indexPatternFieldsCommands, + configurationSettingKey: '', + }, + { + indexPattern: 'wazuh-states-fim*', + taskIndexPattern: 'states-fim', + fieldsNoIndices: indexPatternFieldsFim, + configurationSettingKey: '', + }, + { + indexPattern: 'wazuh-states-inventory-hardware*', + taskIndexPattern: 'states-inventory-hardware', + fieldsNoIndices: indexPatternFieldsHardware, + configurationSettingKey: '', + }, + { + indexPattern: 'wazuh-states-inventory-hotfixes*', + taskIndexPattern: 'states-inventory-hotfixes', + fieldsNoIndices: indexPatternFieldsHotfixes, + configurationSettingKey: '', + }, + { + indexPattern: 'wazuh-states-inventory-networks*', + taskIndexPattern: 'states-inventory-networks', + fieldsNoIndices: indexPatternFieldsNetworks, + configurationSettingKey: '', + }, + { + indexPattern: 'wazuh-states-inventory-packages*', + taskIndexPattern: 'states-inventory-packages', + fieldsNoIndices: indexPatternFieldsPackages, + configurationSettingKey: '', + }, + { + indexPattern: 'wazuh-states-inventory-ports*', + taskIndexPattern: 'states-inventory-ports', + fieldsNoIndices: indexPatternFieldsPorts, + configurationSettingKey: '', + }, + { + indexPattern: 'wazuh-states-inventory-system*', + taskIndexPattern: 'states-system', + fieldsNoIndices: indexPatternFieldsSystem, + configurationSettingKey: '', + }, + { + indexPattern: 'wazuh-states-inventory-processes*', + taskIndexPattern: 'states-inventory-processes', + fieldsNoIndices: indexPatternFieldsProcesses, + configurationSettingKey: '', + }, + { + indexPattern: '.scheduled-commands*', + taskIndexPattern: 'states-scheduled-commands', + fieldsNoIndices: indexPatternFieldsSheduledCommands, + configurationSettingKey: '', + }, + ] as { + indexPattern: string; + taskIndexPattern: string; + timeFieldName?: string; + fieldsNoIndices?: object; + configurationSettingKey: string; + }[]) { + this.services.initialization.register( + initializationTaskCreatorIndexPattern({ + getIndexPatternID: async () => indexPattern, // TODO: this should use a static value or configurable setting in the server side + taskName: `index-pattern:${taskIndexPattern}`, + options: { + ...(timeFieldName + ? { + savedObjectOverwrite: { + timeFieldName, + }, + } + : {}), + ...(fieldsNoIndices ? { fieldsNoIndices } : {}), + }, + configurationSettingKey: configurationSettingKey, // TODO: setting placehodler, create new setting + }), + ); + } + // Settings // TODO: this task should be registered by the related plugin for (const setting of [ diff --git a/scripts/indices-fields-mapping-to-index-pattern-fields/README.md b/scripts/indices-fields-mapping-to-index-pattern-fields/README.md new file mode 100644 index 0000000000..9f11b4df25 --- /dev/null +++ b/scripts/indices-fields-mapping-to-index-pattern-fields/README.md @@ -0,0 +1,80 @@ +# Description + +This tool maps the index field mappings definitions to index pattern fields of Wazuh dashboard. + +Example: + +Index field mapping: + +```json +{ + "mappings": { + "properties": { + "rule": { + "properties": { + "level": { + "type": "keyword" + } + } + } + } + } +} +``` + +Index pattern field: + +```json +{ + "name": "rule.level", + "type": "string", + "esTypes": ["keyword"], + "searchable": true, + "aggregatable": true, + "readFromDocValues": true +} +``` + +This can be used to generate a static file with the index pattern fields from index templates to use as values by default when creating the default index patterns in the Wazuh dashboard initialization. + +# Usage + +```console +node cli.js --template [options] +``` + +See the help for more information: + +```console +node cli.js --help +``` + +# Use cases + +## Fetch template from URL and save to a file + +```console +node cli.js --template https://example/template.json --output output.json +``` + +## Fetch template from URL and display the output to stdout + +```console +node cli.js --template https://example/template.json +``` + +## Get template from file and save to a file + +```console +node cli.js --template path/to/template.json --output output.json +``` + +## Get template from file and display the output to stdout + +```console +node cli.js --template path/to/template.json +``` + +# References + +- Wazuh index templates: https://github.com/wazuh/wazuh-indexer-plugins/tree/master/plugins/setup/src/main/resources diff --git a/scripts/indices-fields-mapping-to-index-pattern-fields/build-static-files/README.md b/scripts/indices-fields-mapping-to-index-pattern-fields/build-static-files/README.md new file mode 100644 index 0000000000..80e17ee631 --- /dev/null +++ b/scripts/indices-fields-mapping-to-index-pattern-fields/build-static-files/README.md @@ -0,0 +1,32 @@ +# Description + +This directory contains tools to generate static files with information about the index pattern +fields for the Wazuh indices using different approaches: + +- build-static-files-get-from-wildcard: retrieve the index pattern fields from Wazuh dashboard indexing the Wazuh indexer templates +- build-static-files-transform-templates: get the template from [wazuh/wazuh-indexer/plugins] and transform locally the data + +# build-static-files-get-from-wildcard + +## Usage + +```console +node build-static-files-get-from-wildcard.js --branch master +``` + +By default, this should move the static files to `plugins/wazuh-core/server/initialization/index-pattern-fields` directory that are used to define the initialization tasks related to index patterns. + +> [NOTE] +> If you are using a Wazuh dashboard development, move the files could cause the Wazuh dashboard is restarted, losing the data, define an external directory for the output and move manually the files after checing they were generated correctly. + +# build-static-files-transform-templates + +This tool uses under the hood the [CLI](../README.md). + +## Usage + +```console +node build-static-files-get-from-wildcard.js --branch master +``` + +By default, this should move the static files to `plugins/wazuh-core/server/initialization/index-pattern-fields` directory that are used to define the initialization tasks related to index patterns. diff --git a/scripts/indices-fields-mapping-to-index-pattern-fields/build-static-files/build-static-files-get-from-wildcard.js b/scripts/indices-fields-mapping-to-index-pattern-fields/build-static-files/build-static-files-get-from-wildcard.js new file mode 100644 index 0000000000..0044abef75 --- /dev/null +++ b/scripts/indices-fields-mapping-to-index-pattern-fields/build-static-files/build-static-files-get-from-wildcard.js @@ -0,0 +1,227 @@ +const path = require('path'); +const { execSync } = require('child_process'); +const createCLI = require('../../lib/cli/cli'); +const { getTemplatesURLs } = require('./lib'); + +const cli = createCLI( + path.basename(__filename), + 'This tool generates the index pattern fields for the Wazuh indices based on the template definition [wazuh/wazuh-indexer-plugins] repository, indexes the template, creates an empty index, gets the fields for wildcard and save into a file. Require a Wazuh dashboard and Wazuh indexer.', + `node ${__filename} --branch [options]`, + [ + { + long: 'debug', + description: 'Enable debug in the logger.', + parse: (parameter, input, { logger, option }) => { + logger.setLevel(0); + return { + [option.long]: true, + }; + }, + }, + { + long: 'help', + description: 'Display the help.', + parse: (parameter, input, { logger, option }) => { + return { + [option.long]: true, + }; + }, + }, + { + long: 'branch', + description: + 'Define the branch to retrieve the templates from Wazuh indexer.', + help: '', + parse: (parameter, input, { logger, option }) => { + const [nextParameter] = input; + + if (nextParameter) { + input.splice(0, 1); + return { + [option.long]: nextParameter, + }; + } else { + logger.error(`${parameter} parameter is not defined.`); + process.exit(1); + } + }, + }, + { + long: 'username', + description: 'Define Wazuh indexer username.', + help: '', + parse: (parameter, input, { logger, option }) => { + const [nextParameter] = input; + + if (nextParameter) { + input.splice(0, 1); + return { + [option.long]: nextParameter, + }; + } else { + logger.error(`${parameter} parameter is not defined.`); + process.exit(1); + } + }, + }, + { + long: 'password', + description: 'Define Wazuh indexer password.', + help: '', + parse: (parameter, input, { logger, option }) => { + const [nextParameter] = input; + + if (nextParameter) { + input.splice(0, 1); + return { + [option.long]: nextParameter, + }; + } else { + logger.error(`${parameter} parameter is not defined.`); + process.exit(1); + } + }, + }, + { + long: 'wazuh-dashboard', + description: 'Define Wazuh dashboard address', + help: '', + parse: (parameter, input, { logger, option }) => { + const [nextParameter] = input; + + if (nextParameter) { + input.splice(0, 1); + return { + [option.long]: nextParameter, + }; + } else { + logger.error(`${parameter} parameter is not defined.`); + process.exit(1); + } + }, + }, + { + long: 'wazuh-indexer', + description: 'Define Wazuh indexer address', + help: '', + parse: (parameter, input, { logger, option }) => { + const [nextParameter] = input; + + if (nextParameter) { + input.splice(0, 1); + return { + [option.long]: nextParameter, + }; + } else { + logger.error(`${parameter} parameter is not defined.`); + process.exit(1); + } + }, + }, + ], +); + +function createTmpDirectories() { + ['index-pattern-fields', 'templates'].forEach(dir => + execSync(`mkdir -p ${dir}`), + ); +} + +function cleanTmpDirectories() { + ['index-pattern-fields', 'templates'].forEach(dir => + execSync(`rm -rf ${dir}`), + ); +} + +function run(configuration) { + try { + const templateURLs = getTemplatesURLs({ branch: configuration.branch }); + + createTmpDirectories(); + + const outputDir = path.join( + __dirname, + '../../../plugins/wazuh-core/server/initialization/index-patterns-fields', + ); + + for (const { name, url } of templateURLs) { + const templateFile = `templates/index-template-${name}.json`; + const logger = cli.logger.create([name]); + logger.debug(`Fetching template from ${url}`); + + execSync(`curl -o ${templateFile} ${url}`); + logger.info(`Fetched template from ${url}`); + + logger.debug(`Indexing template ${url}`); + execSync( + `curl -k -u ${configuration.username}:${configuration.password} -XPUT ${configuration['wazuh-indexer']}/_template/${name} -H 'Content-Type: application/json' --data '@${templateFile}'`, + ); + logger.info(`Indexed template ${url}`); + + const template = require(`./${templateFile}`); + + const [indexNameTemplate] = template.index_patterns; + + const indexName = indexNameTemplate.replace(/\*/g, ''); + + logger.debug(`Creating index ${indexName}`); + execSync( + `curl -k -u ${configuration.username}:${configuration.password} -XPUT ${configuration['wazuh-indexer']}/${indexName}`, + ); + logger.info(`Created index ${indexName}`); + + logger.debug( + `Getting index pattern fields from wildcard ${indexNameTemplate}`, + ); + execSync( + `curl -k -u ${configuration.username}:${configuration.password} '${configuration['wazuh-dashboard']}/api/index_patterns/_fields_for_wildcard?pattern=${indexNameTemplate}&meta_fields=_source&meta_fields=_id&meta_fields=_type&meta_fields=_index&meta_fields=_score' | jq .fields > ${path.join('index-pattern-fields', `fields-${name}.json`)}`, + ); + logger.info( + `Get index pattern fields from wildcard ${indexNameTemplate}`, + ); + } + cli.logger.debug(`Moving fields files to ${outputDir}/`); + execSync(`mv index-pattern-fields/* ${outputDir}/`); + cli.logger.info(`Moved fields files to ${outputDir}/`); + + cleanTmpDirectories(); + } catch (error) { + cleanTmpDirectories(); + throw error; + } +} + +async function main(input) { + try { + let configuration = cli.parse(input); + + configuration = { + // Default values + branch: 'master', + 'wazuh-dashboard': 'https://localhost:5601', + 'wazuh-indexer': 'https://localhost:9200', + username: 'admin', + password: 'admin', + ...configuration, + }; + + if (configuration['display-configuration']) { + /* Send to stderr. This does the configuration can be displayed and redirect the stdout output + to a file */ + console.error(configuration); + } + + // Display the help + if (configuration['help']) { + cli.help(); + } + + run(configuration); + } catch (error) { + cli.logger.error(`An unexpected error happened: ${error.message}`); + process.exit(1); + } +} + +const consoleInputParameters = [...process.argv].slice(2).join(' '); +main(consoleInputParameters); diff --git a/scripts/indices-fields-mapping-to-index-pattern-fields/build-static-files/build-static-files-transform-templates.js b/scripts/indices-fields-mapping-to-index-pattern-fields/build-static-files/build-static-files-transform-templates.js new file mode 100644 index 0000000000..306146f21b --- /dev/null +++ b/scripts/indices-fields-mapping-to-index-pattern-fields/build-static-files/build-static-files-transform-templates.js @@ -0,0 +1,96 @@ +const path = require('path'); +const { execSync } = require('child_process'); +const createCLI = require('../../lib/cli/cli'); +const { getTemplatesURLs } = require('./lib'); + +const cli = createCLI( + path.basename(__filename), + 'This tool generates the index pattern fields for the Wazuh indices based on the template definition [wazuh/wazuh-indexer-plugins] repository applying a local transformation.', + `node ${__filename} --branch [options]`, + [ + { + long: 'debug', + description: 'Enable debug in the logger.', + parse: (parameter, input, { logger, option }) => { + logger.setLevel(0); + return { + [option.long]: true, + }; + }, + }, + { + long: 'help', + description: 'Display the help.', + parse: (parameter, input, { logger, option }) => { + return { + [option.long]: true, + }; + }, + }, + { + long: 'branch', + description: + 'Define the branch to retrieve the templates from Wazuh indexer.', + help: '', + parse: (parameter, input, { logger, option }) => { + const [nextParameter] = input; + + if (nextParameter) { + input.splice(0, 1); + return { + [option.long]: nextParameter, + }; + } else { + logger.error(`${parameter} parameter is not defined.`); + process.exit(1); + } + }, + }, + ], +); + +function run(configuration) { + const templateURLs = getTemplatesURLs({ branch: configuration.branch }); + const pathCli = path.resolve(__dirname, '..', 'cli.js'); + + for (const { name, url } of templateURLs) { + execSync( + `node ${pathCli} --template ${url} --output ${path.join(configuration['output-dir'], `fields-${name}.json`)}`, + ); + } +} + +function main(input) { + try { + let configuration = cli.parse(input); + + configuration = { + // Default values + branch: 'master', + 'output-dir': path.join( + __dirname, + '../../../plugins/wazuh-core/server/initialization/index-patterns-fields', + ), + ...configuration, + }; + + if (configuration['display-configuration']) { + /* Send to stderr. This does the configuration can be displayed and redirect the stdout output + to a file */ + console.error(configuration); + } + + // Display the help + if (configuration['help']) { + cli.help(); + } + + run(configuration); + } catch (error) { + cli.logger.error(`An unexpected error happened: ${error.message}`); + process.exit(1); + } +} + +const consoleInputParameters = [...process.argv].slice(2).join(' '); +main(consoleInputParameters); diff --git a/scripts/indices-fields-mapping-to-index-pattern-fields/build-static-files/lib.js b/scripts/indices-fields-mapping-to-index-pattern-fields/build-static-files/lib.js new file mode 100644 index 0000000000..d316a85fb1 --- /dev/null +++ b/scripts/indices-fields-mapping-to-index-pattern-fields/build-static-files/lib.js @@ -0,0 +1,26 @@ +function getTemplateURL({ branch, file }) { + return `https://raw.githubusercontent.com/wazuh/wazuh-indexer-plugins/refs/heads/${branch}/plugins/setup/src/main/resources/${file}`; +} + +module.exports.getTemplatesURLs = function getTemplatesURLs({ branch }) { + return [ + 'agent', + 'alerts', + 'commands', + 'fim', + 'hardware', + 'hotfixes', + 'networks', + 'packages', + 'ports', + 'processes', + 'scheduled-commands', + 'system', + 'vulnerabilities', + ].map(name => { + return { + name, + url: getTemplateURL({ branch, file: `index-template-${name}.json` }), + }; + }); +}; diff --git a/scripts/indices-fields-mapping-to-index-pattern-fields/cli.js b/scripts/indices-fields-mapping-to-index-pattern-fields/cli.js new file mode 100644 index 0000000000..b88ba33a2b --- /dev/null +++ b/scripts/indices-fields-mapping-to-index-pattern-fields/cli.js @@ -0,0 +1,138 @@ +const createCLI = require('../lib/cli/cli'); +const path = require('path'); +const { + mapTemplateToIndexPatternFields, +} = require('./map-template-to-index-pattern-fields'); + +const cli = createCLI( + path.basename(__filename), + 'cliDescription', + `node ${__filename} --template