Release 4.3.7 - Release Candidate 1 - E2E UX tests - Wazuh Dashboard

[damarisg]

The following issue aims to run the specified test for the current release candidate, report the results, and open new issues for any encountered errors.

Modules tests information

Main release candidate issue	#14562
Main E2E UX test issue	#14614
Version	4.3.7
Release candidate #	RC1
Tag	v4.3.7-rc1
Previous modules tests issue

Installation procedure

• Wazuh Indexer
  • Step by Step
• Wazuh Server
  • Step by Step
• Wazuh Dashboard
  • Step by Step
• Wazuh Agent
  • Wazuh WUI one-liner deploy IP GROUP (created beforehand)

Test description

Best efford to test Wazuh dashboard package. Think critically and at least review/test:

• Wazuh dashboard package specs
• Dashboard package size
• Dashboard package metadata (description)
• Dashboard package digital signature
• Installed files location, size and permissions
• Installation footprint (check that no unnecessary files are modified/broken in the file system. For example that operating system files do keep their right owner/pemissions and that the installer did not break the system.)
• Installed service (test that it works correctly)
• Wazuh Dashboard logs when installed
• Wazuh Dashboard configuration (Try to find anomalies compared with 4.3.6)
• Wazuh Dashboard (included the Wazuh WUI) communication with Wazuh manager API and Wazuh indexer
• Register Wazuh Agents
• Basic browsing throguh the WUI
• Basic experience with WUI performance.
• Anything else that could have been overlooked when creating the new package

Test report procedure

All test results must have one of the following statuses:

🟢	All checks passed.
🔴	There is at least one failed result.
🟡	There is at least one expected failure or skipped test and no failures.

Any failing test must be properly addressed with a new issue, detailing the error and the possible cause.

An extended report of the test results can be attached as a ZIP or TXT file. Please attach any documents, screenshots, or tables to the issue update with the results. This report can be used by the auditors to dig deeper into any possible failures and details.

Conclusions

All tests have been executed and the results can be found in the issue updates.

Status	Test	Failure type	Notes
🟢	Wazuh dashboard package specs	Functional
🟢	Dashboard package size	Functional
🟢	Dashboard package metadata (description)	Usability
🟢	Dashboard package digital signature	Usability
🟢	Installed files location, size and permissions	Functional
🟢	Installation footprint	Functional
🟢	Wazuh Dashboard logs when installed	Functional
🟢	Wazuh Dashboard configuration	Functional
🟢	Wazuh Dashboard (included the Wazuh WUI) communication with Wazuh manager API and Wazuh indexer	Functional
🟢	Register Wazuh Agents	Functional
🟢	Basic browsing through the WUI	Usability
🟢	Basic experience with WUI performance	Usability

Auditors validation

The definition of done for this one is the validation of the conclusions and the test results from all auditors.

All checks from below must be accepted in order to close this issue.

• @jmv74211
• @vikman90

[QU3B1M]

Wazuh Dashboard Package Specs 🟢

Details

DEB Package

dpkg --info ./wazuh-dashboard_4.3.7-1_amd64.deb

 new Debian package, version 2.0.
 size 130607532 bytes: control archive=968048 bytes.
     190 bytes,     5 lines      conffiles            
     826 bytes,    10 lines      control              
 6424096 bytes, 52848 lines      md5sums              
    1992 bytes,    55 lines   *  postinst             #!/bin/sh
    1848 bytes,    87 lines   *  postrm               #!/bin/sh
    2308 bytes,    76 lines   *  preinst              #!/bin/sh
    2114 bytes,    83 lines   *  prerm                #!/bin/sh
 Package: wazuh-dashboard
 Version: 4.3.7-1
 Architecture: amd64
 Maintainer: Wazuh, Inc <[email protected]>
 Installed-Size: 622586
 Depends: debconf, adduser, curl, tar, libcap2-bin
 Section: admin
 Priority: extra
 Homepage: https://www.wazuh.com
 Description: Wazuh dashboard is a user interface and visualization tool for security-related data. This Wazuh central component enables exploring, visualizing, and analyzing the stored security alerts generated by the Wazuh server. Wazuh dashboard enables inspecting the status and managing the configurations of the Wazuh cluster and agents as well as creating and managing users and roles. In addition, it allows testing the ruleset and making calls to the Wazuh API. Documentation can be found at https://documentation.wazuh.com/current/getting-started/components/wazuh-dashboard.html

RPM Package

rpm -qi ./wazuh-dashboard-4.3.7-1.x86_64.rpm 

warning: ./wazuh-dashboard-4.3.7-1.x86_64.rpm: Header V3 RSA/SHA256 Signature, key ID 29111145: NOKEY

Name        : wazuh-dashboard
Version     : 4.3.7
Release     : 1
Architecture: x86_64
Install Date: (not installed)
Group       : System Environment/Daemons
Size        : 617499926
License     : GPL
Signature   : RSA/SHA256, Tue 16 Aug 2022 02:56:41 PM UTC, Key ID 96b3ee5f29111145
Source RPM  : wazuh-dashboard-4.3.7-1.src.rpm
Build Date  : Tue 16 Aug 2022 02:49:58 PM UTC
Build Host  : ip-172-31-48-105.ec2.internal
Relocations : (not relocatable)
Packager    : Wazuh, Inc <[email protected]>
Vendor      : Wazuh, Inc <[email protected]>
URL         : https://www.wazuh.com/
Summary     : Wazuh dashboard is a user interface and visualization tool for security-related data. Documentation can be found at https://documentation.wazuh.com/current/getting-started/components/wazuh-dashboard.html
Description :
Wazuh dashboard is a user interface and visualization tool for security-related data. This Wazuh central component enables exploring, visualizing, and analyzing the stored security alerts generated by the Wazuh server. Wazuh dashboard enables inspecting the status and managing the configurations of the Wazuh cluster and agents as well as creating and managing users and roles. In addition, it allows testing the ruleset and making calls to the Wazuh API. Documentation can be found at https://documentation.wazuh.com/current/getting-started/components/wazuh-dashboard.html

[QU3B1M]

Dashboard Package Size 🟢

Details

version	rpm-size	deb-size
4.3.7	617499	622586
4.3.6	616324	621440

raw data from logs

Wazuh 4.3.7 Packages

• deb package

  dpkg --info ./wazuh-dashboard_4.3.7-1_amd64.deb | grep "Installed-Size"
  
  Installed-Size:       622586

• rpm package

  rpm -qi ./wazuh-dashboard-4.3.7-1.x86_64.rpm | grep "Size"
  
  Size        : 617499926

Wazuh 4.3.6 Packages

• deb package

  dpkg --info ./wazuh-dashboard_4.3.6-1_amd64.deb | grep "Installed-Size"
  
  Installed-Size:       621440

• rpm package

  rpm -qi ./wazuh-dashboard-4.3.6-1.x86_64.rpm | grep "Size"
  
  Size        : 616324112

[QU3B1M]

Dashboard Package Metadata 🟢

Details

DEB Package

 Package: wazuh-dashboard
 Version: 4.3.7-1
 Architecture: amd64
 Maintainer: Wazuh, Inc <[email protected]>
 Installed-Size: 622586
 Depends: debconf, adduser, curl, tar, libcap2-bin
 Section: admin
 Priority: extra
 Homepage: https://www.wazuh.com
 Description: Wazuh dashboard is a user interface and visualization tool for security-related data. This Wazuh central component enables exploring, visualizing, and analyzing the stored security alerts generated by the Wazuh server. Wazuh dashboard enables inspecting the status and managing the configurations of the Wazuh cluster and agents as well as creating and managing users and roles. In addition, it allows testing the ruleset and making calls to the Wazuh API. Documentation can be found at https://documentation.wazuh.com/current/getting-started/components/wazuh-dashboard.html

RPM Package

Name        : wazuh-dashboard
Version     : 4.3.7
Release     : 1
Architecture: x86_64
Install Date: (not installed)
Group       : System Environment/Daemons
Size        : 617499926
License     : GPL
Signature   : RSA/SHA256, Tue 16 Aug 2022 02:56:41 PM UTC, Key ID 96b3ee5f29111145
Source RPM  : wazuh-dashboard-4.3.7-1.src.rpm
Build Date  : Tue 16 Aug 2022 02:49:58 PM UTC
Build Host  : ip-172-31-48-105.ec2.internal
Relocations : (not relocatable)
Packager    : Wazuh, Inc <[email protected]>
Vendor      : Wazuh, Inc <[email protected]>
URL         : https://www.wazuh.com/
Summary     : Wazuh dashboard is a user interface and visualization tool for security-related data. Documentation can be found at https://documentation.wazuh.com/current/getting-started/components/wazuh-dashboard.html
Description :
Wazuh dashboard is a user interface and visualization tool for security-related data. This Wazuh central component enables exploring, visualizing, and analyzing the stored security alerts generated by the Wazuh server. Wazuh dashboard enables inspecting the status and managing the configurations of the Wazuh cluster and agents as well as creating and managing users and roles. In addition, it allows testing the ruleset and making calls to the Wazuh API. Documentation can be found at https://documentation.wazuh.com/current/getting-started/components/wazuh-dashboard.html

[QU3B1M]

Dashboard Package Digital Signature 🟢

Details

RPM Package

rpm -qi $(rpm -qa | awk '/dashboard/ {print$0}') | awk '/Name|Install|Signature/ {print $0}'

Name        : wazuh-dashboard
Install Date: Fri 19 Aug 2022 03:59:53 PM UTC
Signature   : RSA/SHA256, Tue 16 Aug 2022 02:56:41 PM UTC, Key ID 96b3ee5f29111145

DEB Package

In Ubuntu only the repo is Signed not the package

dpkg-sig --verify ./wazuh-dashboard_4.3.7-1_amd64.deb 
Processing ./wazuh-dashboard_4.3.7-1_amd64.deb...
NOSIG

[QU3B1M]

Installed files location, size and permissions 🟢

Details

ll /usr/share/wazuh-dashboard

total 1196
drwxr-xr-x   9 root            root               4096 Aug 17 11:12 ./
drwxr-xr-x 108 root            root               4096 Aug 17 11:11 ../
drwxr-x---   2 wazuh-dashboard wazuh-dashboard    4096 Aug 17 11:12 bin/
drwxr-x---   2 wazuh-dashboard wazuh-dashboard    4096 Aug 17 11:13 config/
drwxr-x---   3 wazuh-dashboard wazuh-dashboard    4096 Aug 17 11:16 data/
-rw-r-----   1 wazuh-dashboard wazuh-dashboard   11358 Nov 15  2021 LICENSE.txt
-rw-r-----   1 wazuh-dashboard wazuh-dashboard    3098 Nov 15  2021 manifest.yml
drwxr-x---   6 wazuh-dashboard wazuh-dashboard    4096 Aug 17 11:12 node/
drwxr-x--- 703 wazuh-dashboard wazuh-dashboard   24576 Aug 17 11:12 node_modules/
-rw-r-----   1 wazuh-dashboard wazuh-dashboard 1137439 Nov 15  2021 NOTICE.txt
-rw-r-----   1 wazuh-dashboard wazuh-dashboard     827 Nov 15  2021 package.json
drwxr-x---   8 wazuh-dashboard wazuh-dashboard    4096 Aug 17 11:12 plugins/
-rw-r-----   1 wazuh-dashboard wazuh-dashboard    1925 Nov 15  2021 README.txt
drwxr-x---  11 wazuh-dashboard wazuh-dashboard    4096 Aug 17 11:13 src/
-r--r-----   1 wazuh-dashboard wazuh-dashboard       6 Nov 15  2021 VERSION

ll /usr/share/wazuh-dashboard/bin

total 20
drwxr-x--- 2 wazuh-dashboard wazuh-dashboard 4096 Aug 17 11:12 ./
drwxr-xr-x 9 root            root            4096 Aug 17 11:12 ../
-rwxr-x--- 1 wazuh-dashboard wazuh-dashboard  918 Nov 15  2021 opensearch-dashboards*
-rwxr-x--- 1 wazuh-dashboard wazuh-dashboard  785 Nov 15  2021 opensearch-dashboards-keystore*
-rwxr-x--- 1 wazuh-dashboard wazuh-dashboard  822 Nov 15  2021 opensearch-dashboards-plugin*

ll /usr/share/wazuh-dashboard/data/wazuh/config/

total 24
drwxr-xr-x 2 wazuh-dashboard wazuh-dashboard 4096 Aug 17 11:17 ./
drwxr-xr-x 4 wazuh-dashboard wazuh-dashboard 4096 Aug 17 11:16 ../
-rw-r--r-- 1 wazuh-dashboard wazuh-dashboard  473 Aug 17 11:17 wazuh-registry.json
-rw------- 1 wazuh-dashboard wazuh-dashboard 8214 Aug 17 11:17 wazuh.yml

ll /usr/share/wazuh-dashboard/data/wazuh/config/wazuh.yml

File: /usr/share/wazuh-dashboard/data/wazuh/config/wazuh.yml
Size: 8214      	Blocks: 24         IO Block: 4096   regular file
Device: fd00h/64768d	Inode: 1065449     Links: 1
Access: (0600/-rw-------)  Uid: (  113/wazuh-dashboard)   Gid: (  117/wazuh-dashboard)
Access: 2022-08-17 11:17:38.949843396 +0000
Modify: 2022-08-17 11:17:32.498619721 +0000
Change: 2022-08-17 11:17:32.506623721 +0000
Birth: -

ll /usr/share/wazuh-dashboard/data/

total 16
drwxr-x--- 3 wazuh-dashboard wazuh-dashboard 4096 Aug 17 11:16 ./
drwxr-xr-x 9 root            root            4096 Aug 17 11:12 ../
-rw-r--r-- 1 wazuh-dashboard wazuh-dashboard   36 Aug 17 11:15 uuid
drwxr-xr-x 4 wazuh-dashboard wazuh-dashboard 4096 Aug 17 11:16 wazuh/

ll /usr/share/wazuh-dashboard/data/wazuh

total 16
drwxr-xr-x 4 wazuh-dashboard wazuh-dashboard 4096 Aug 17 11:16 ./
drwxr-x--- 3 wazuh-dashboard wazuh-dashboard 4096 Aug 17 11:16 ../
drwxr-xr-x 2 wazuh-dashboard wazuh-dashboard 4096 Aug 17 11:17 config/
drwxr-xr-x 2 wazuh-dashboard wazuh-dashboard 4096 Aug 17 11:16 logs/

ll /usr/share/wazuh-dashboard/data/wazuh/config/

total 24
drwxr-xr-x 2 wazuh-dashboard wazuh-dashboard 4096 Aug 17 11:17 ./
drwxr-xr-x 4 wazuh-dashboard wazuh-dashboard 4096 Aug 17 11:16 ../
-rw-r--r-- 1 wazuh-dashboard wazuh-dashboard  473 Aug 17 11:17 wazuh-registry.json
-rw------- 1 wazuh-dashboard wazuh-dashboard 8214 Aug 17 11:17 wazuh.yml

ll /usr/share/wazuh-dashboard/node

total 172
drwxr-x--- 6 wazuh-dashboard wazuh-dashboard  4096 Aug 17 11:12 ./
drwxr-xr-x 9 root            root             4096 Aug 17 11:12 ../
drwxr-x--- 2 wazuh-dashboard wazuh-dashboard  4096 Aug 17 11:12 bin/
-rw-r----- 1 wazuh-dashboard wazuh-dashboard 52988 Nov 15  2021 CHANGELOG.md
drwxr-x--- 3 wazuh-dashboard wazuh-dashboard  4096 Aug 17 11:11 include/
drwxr-x--- 2 wazuh-dashboard wazuh-dashboard  4096 Nov 15  2021 lib/
-rw-r----- 1 wazuh-dashboard wazuh-dashboard 68764 Nov 15  2021 LICENSE
-rw-r----- 1 wazuh-dashboard wazuh-dashboard 27379 Nov 15  2021 README.md
drwxr-x--- 5 wazuh-dashboard wazuh-dashboard  4096 Aug 17 11:11 share/

ll /usr/share/wazuh-dashboard/plugins/

total 32
drwxr-x--- 8 wazuh-dashboard wazuh-dashboard 4096 Aug 17 11:12 ./
drwxr-xr-x 9 root            root            4096 Aug 17 11:12 ../
drwxr-x--- 6 wazuh-dashboard wazuh-dashboard 4096 Aug 17 11:12 alertingDashboards/
drwxr-x--- 6 wazuh-dashboard wazuh-dashboard 4096 Aug 17 11:12 ganttChartDashboards/
drwxr-x--- 8 wazuh-dashboard wazuh-dashboard 4096 Aug 17 11:12 indexManagementDashboards/
drwxr-x--- 8 wazuh-dashboard wazuh-dashboard 4096 Aug 17 11:13 reportsDashboards/
drwxr-x--- 7 wazuh-dashboard wazuh-dashboard 4096 Aug 17 11:13 securityDashboards/
drwxr-x--- 7 wazuh-dashboard wazuh-dashboard 4096 Aug 17 11:13 wazuh/

ll /usr/share/wazuh-dashboard/src

total 48
drwxr-x--- 11 wazuh-dashboard wazuh-dashboard 4096 Aug 17 11:13 ./
drwxr-xr-x  9 root            root            4096 Aug 17 11:12 ../
-rw-r-----  1 wazuh-dashboard wazuh-dashboard 2761 Nov 15  2021 apm.js
drwxr-x---  3 wazuh-dashboard wazuh-dashboard 4096 Aug 17 11:13 cli/
drwxr-x---  3 wazuh-dashboard wazuh-dashboard 4096 Aug 17 11:13 cli_keystore/
drwxr-x---  6 wazuh-dashboard wazuh-dashboard 4096 Aug 17 11:13 cli_plugin/
drwxr-x---  8 wazuh-dashboard wazuh-dashboard 4096 Aug 17 11:13 core/
drwxr-x---  2 wazuh-dashboard wazuh-dashboard 4096 Aug 17 11:13 docs/
drwxr-x---  5 wazuh-dashboard wazuh-dashboard 4096 Aug 17 11:12 legacy/
drwxr-x---  3 wazuh-dashboard wazuh-dashboard 4096 Aug 17 11:13 optimize/
drwxr-x--- 52 wazuh-dashboard wazuh-dashboard 4096 Aug 17 11:12 plugins/
drwxr-x---  4 wazuh-dashboard wazuh-dashboard 4096 Aug 17 11:13 setup_node_env/

[QU3B1M]

Installation footprint 🟢

Details

The footprint was analyzed using the tool check_files

• Get the system files status before wazuh-dashboard installation

  python3 check_files.py -o /vagrant/check_files/check_files_before_wazuh_dashboard.json --ignore /sys /dev /proc /run /var/lib/dpkg/info/ /vagrant/check_files
  
  2022-08-20 18:22:04,332 - INFO - Ignoring the following paths: ['/sys', '/dev', '/proc', '/run', '/var/lib/dpkg/info/', '/vagrant/check_files']
  2022-08-20 18:22:04,332 - INFO - Getting check-files data from /
  2022-08-20 18:22:44,339 - INFO - The check-files data has been written in /vagrant/check_files/check_files_before_wazuh_dashboard.json file
  
  

• Install wazuh-dashboard following the step-by-step guide

• Get the files status after the wazuh-dashboard installation

  python3 check_files.py -o /vagrant/check_files/check_files_after_wazuh_dashboard.json --ignore /sys /dev /proc /run /var/lib/dpkg/info/ /vagrant/check_files /usr/share/doc/wazuh-dashboard /etc/wazuh-dashboard /usr/share/wazuh-dashboard
  
  2022-08-20 18:25:21,015 - INFO - Ignoring the following paths: ['/sys', '/dev', '/proc', '/run', '/var/lib/dpkg/info/', '/vagrant/check_files', '/usr/share/doc/wazuh-dashboard', '/etc/wazuh-dashboard', '/usr/share/wazuh-dashboard']
  2022-08-20 18:25:21,016 - INFO - Getting check-files data from /
  2022-08-20 18:26:07,568 - INFO - The check-files data has been written in /vagrant/check_files/check_files_after_wazuh_dashboard.json file
  

• Compare both files using the command diff to check there are no permissions or owner changes

  diff full log

   119c119
   <         "last_update": "2022-06-07 11:55:03",
   ---
   >         "last_update": "2022-08-20 18:24:11",
   128c128
   <         "last_update": "2022-06-07 11:55:03",
   ---
   >         "last_update": "2022-08-20 18:22:52",
   149,150c149,150
   <         "md5sum": "bfc1fc893aad66d916907c5bd44623d6",
   <         "size": "568.95KB"
   ---
   >         "md5sum": "ed937114aac544f33af24b52df816854",
   >         "size": "568.88KB"
   178c178
   <         "last_update": "2022-02-23 08:51:05",
   ---
   >         "last_update": "2022-08-20 18:22:52",
   208,210c208,210
   <         "last_update": "2022-06-07 11:55:03",
   <         "md5sum": "ed937114aac544f33af24b52df816854",
   <         "size": "568.88KB"
   ---
   >         "last_update": "2022-08-20 18:24:11",
   >         "md5sum": "fb8a69f830c71a34c5a127c23772fe99",
   >         "size": "570.08KB"
   297c297
   <         "last_update": "2022-06-07 11:55:03",
   ---
   >         "last_update": "2022-08-20 18:22:52",
   317c317
   <         "last_update": "2022-06-07 11:55:03",
   ---
   >         "last_update": "2022-08-20 18:24:10",
   2709a2710,2719
   >     "/var/lib/dpkg/info/wazuh-dashboard.md5sums": {
   >         "type": "file",
   >         "user": "root",
   >         "group": "root",
   >         "mode": "644",
   >         "permissions": "-rw-r--r--",
   >         "last_update": "2021-11-15 16:47:07",
   >         "md5sum": "dd1886994c1bd71c05b8238af050a676",
   >         "size": "6.13MB"
   >     },
   3949a3960,3969
   >     "/var/lib/dpkg/info/wazuh-dashboard.preinst": {
   >         "type": "file",
   >         "user": "root",
   >         "group": "root",
   >         "mode": "755",
   >         "permissions": "-rwxr-xr-x",
   >         "last_update": "2021-11-15 16:47:07",
   >         "md5sum": "e51be72b42a30b6560ccff62f8fe52de",
   >         "size": "2.25KB"
   >     },
   10029a10050,10059
   >     "/var/lib/dpkg/info/wazuh-dashboard.postinst": {
   >         "type": "file",
   >         "user": "root",
   >         "group": "root",
   >         "mode": "755",
   >         "permissions": "-rwxr-xr-x",
   >         "last_update": "2021-11-15 16:47:07",
   >         "md5sum": "d79406aa9d174676cce18e5bd3e667a1",
   >         "size": "1.95KB"
   >     },
   12629a12660,12669
   >     "/var/lib/dpkg/info/wazuh-dashboard.conffiles": {
   >         "type": "file",
   >         "user": "root",
   >         "group": "root",
   >         "mode": "644",
   >         "permissions": "-rw-r--r--",
   >         "last_update": "2021-11-15 16:47:07",
   >         "md5sum": "0cbdec4557ee758a1c9153e8066786a0",
   >         "size": "190B"
   >     },
   14689a14730,14739
   >     "/var/lib/dpkg/info/wazuh-dashboard.postrm": {
   >         "type": "file",
   >         "user": "root",
   >         "group": "root",
   >         "mode": "755",
   >         "permissions": "-rwxr-xr-x",
   >         "last_update": "2021-11-15 16:47:07",
   >         "md5sum": "70c7e8c6c6898a816f1456a9fdb3b91b",
   >         "size": "1.80KB"
   >     },
   16939a16990,16999
   >     "/var/lib/dpkg/info/wazuh-dashboard.prerm": {
   >         "type": "file",
   >         "user": "root",
   >         "group": "root",
   >         "mode": "755",
   >         "permissions": "-rwxr-xr-x",
   >         "last_update": "2021-11-15 16:47:07",
   >         "md5sum": "990d5dc55ec7d27f4a6a97c293fee1a9",
   >         "size": "2.06KB"
   >     },
   18629a18690,18699
   >     "/var/lib/dpkg/info/wazuh-dashboard.list": {
   >         "type": "file",
   >         "user": "root",
   >         "group": "root",
   >         "mode": "644",
   >         "permissions": "-rw-r--r--",
   >         "last_update": "2022-08-20 18:24:10",
   >         "md5sum": "821a73694e15a1889bb86d0ead8a378e",
   >         "size": "4.99MB"
   >     },
   26356c26426
   <         "last_update": "2022-06-07 11:55:03",
   ---
   >         "last_update": "2022-08-20 18:24:11",
   32176,32178c32246,32248
   <         "last_update": "2022-06-07 11:55:04",
   <         "md5sum": "d41d8cd98f00b204e9800998ecf8427e",
   <         "size": "0B"
   ---
   >         "last_update": "2022-08-20 18:22:52",
   >         "md5sum": "58c2fbd3e75260331ac50a635877b15c",
   >         "size": "3.56KB"
   32186c32256
   <         "last_update": "2022-08-20 18:20:40",
   ---
   >         "last_update": "2022-08-20 18:22:52",
   32226,32228c32296,32298
   <         "last_update": "2022-06-07 11:55:04",
   <         "md5sum": "d41d8cd98f00b204e9800998ecf8427e",
   <         "size": "0B"
   ---
   >         "last_update": "2022-08-20 18:24:11",
   >         "md5sum": "3f0e32dd373bdd89ae5af38e52755133",
   >         "size": "456B"
   32256,32258c32326,32328
   <         "last_update": "2022-08-20 18:21:25",
   <         "md5sum": "873cb37011e6dd3b1e56b25bea692c2a",
   <         "size": "93.85KB"
   ---
   >         "last_update": "2022-08-20 18:25:33",
   >         "md5sum": "e26b702601f7a202bd3c0044bf81e3c9",
   >         "size": "97.74KB"
   32306,32308c32376,32378
   <         "last_update": "2022-08-20 18:22:00",
   <         "md5sum": "bb532a8e7d07bce7e4c00ac0189a651d",
   <         "size": "6.83KB"
   ---
   >         "last_update": "2022-08-20 18:24:11",
   >         "md5sum": "22071ce2fa6a2e24ed3c9a350c65ebc1",
   >         "size": "8.03KB"
   32354,32355c32424,32425
   <         "last_update": "2022-08-20 18:22:00",
   <         "md5sum": "aeda377eed6e70277c5b33e09907fb29",
   ---
   >         "last_update": "2022-08-20 18:25:33",
   >         "md5sum": "c4900d3c8f3e4da6e64455ebf7c64d50",
   32364,32365c32434,32435
   <         "last_update": "2022-08-20 18:20:28",
   <         "md5sum": "4147f3b0b06b7b1be2fa41b40255c5e0",
   ---
   >         "last_update": "2022-08-20 18:25:19",
   >         "md5sum": "e37c10a32a2a166330a2a8bd310f06dc",
   32658c32728
   <         "last_update": "2022-08-20 18:21:03",
   ---
   >         "last_update": "2022-08-20 18:25:33",
   32678a32749,32766
   >     "/var/tmp/systemd-private-ec93e6c5b8a041359dc7be9f20ce9ed1-systemd-timedated.service-BWYukj": {
   >         "type": "directory",
   >         "user": "root",
   >         "group": "root",
   >         "mode": "700",
   >         "permissions": "drwx------",
   >         "last_update": "2022-08-20 18:25:33",
   >         "size": "4.00KB"
   >     },
   >     "/var/tmp/systemd-private-ec93e6c5b8a041359dc7be9f20ce9ed1-systemd-timedated.service-BWYukj/tmp": {
   >         "type": "directory",
   >         "user": "root",
   >         "group": "root",
   >         "mode": "777",
   >         "permissions": "drwxrwxrwt",
   >         "last_update": "2022-08-20 18:25:33",
   >         "size": "4.00KB"
   >     },
   233761c233849
   <         "last_update": "2022-06-07 11:54:50",
   ---
   >         "last_update": "2022-08-20 18:22:52",
   396366c396454
   <         "last_update": "2022-06-07 11:55:04",
   ---
   >         "last_update": "2022-08-20 18:22:52",
   410332c410420
   <         "last_update": "2022-06-07 11:50:33",
   ---
   >         "last_update": "2022-08-20 18:24:29",
   410334a410423,410432
   >     "/root/.viminfo": {
   >         "type": "file",
   >         "user": "root",
   >         "group": "root",
   >         "mode": "600",
   >         "permissions": "-rw-------",
   >         "last_update": "2022-08-20 18:24:29",
   >         "md5sum": "561fed7d4ebf75f8498fdad5a566dcef",
   >         "size": "1.02KB"
   >     },
   414231c414329
   <         "last_update": "2022-08-20 18:21:03",
   ---
   >         "last_update": "2022-08-20 18:25:33",
   414260a414359,414376
   >     "/tmp/systemd-private-ec93e6c5b8a041359dc7be9f20ce9ed1-systemd-timedated.service-n5kRog": {
   >         "type": "directory",
   >         "user": "root",
   >         "group": "root",
   >         "mode": "700",
   >         "permissions": "drwx------",
   >         "last_update": "2022-08-20 18:25:33",
   >         "size": "4.00KB"
   >     },
   >     "/tmp/systemd-private-ec93e6c5b8a041359dc7be9f20ce9ed1-systemd-timedated.service-n5kRog/tmp": {
   >         "type": "directory",
   >         "user": "root",
   >         "group": "root",
   >         "mode": "777",
   >         "permissions": "drwxrwxrwt",
   >         "last_update": "2022-08-20 18:25:33",
   >         "size": "4.00KB"
   >     },
   547041c547157
   <         "last_update": "2022-08-20 18:20:35",
   ---
   >         "last_update": "2022-08-20 18:22:52",
   547100,547102c547216,547218
   <         "last_update": "2022-06-07 11:54:18",
   <         "md5sum": "c9f226626ac5e243aa7d83443259964c",
   <         "size": "682B"
   ---
   >         "last_update": "2022-08-20 18:22:52",
   >         "md5sum": "a358c5a42f7336674cc7447bed68a54f",
   >         "size": "702B"
   547150,547152c547266,547268
   <         "last_update": "2022-06-07 11:50:35",
   <         "md5sum": "645a1bb7b845f177e450b35dbf6d19fb",
   <         "size": "1.02KB"
   ---
   >         "last_update": "2022-08-20 18:22:52",
   >         "md5sum": "21b37915fe52965733d271ff3c884e2b",
   >         "size": "1.08KB"
   547190,547192c547306,547308
   <         "last_update": "2022-06-07 11:54:18",
   <         "md5sum": "e91d3e31e9f3b508d8d02bbe1bcf7459",
   <         "size": "811B"
   ---
   >         "last_update": "2022-08-20 18:22:52",
   >         "md5sum": "7a9f200ca385501c608092a38b15434b",
   >         "size": "834B"
   547240,547242c547356,547358
   <         "last_update": "2022-06-07 11:50:32",
   <         "md5sum": "2f3288c725f380e43f316ef6bb3cf26d",
   <         "size": "671B"
   ---
   >         "last_update": "2022-06-07 11:54:18",
   >         "md5sum": "c9f226626ac5e243aa7d83443259964c",
   >         "size": "682B"
   547310c547426
   <         "last_update": "2022-08-20 18:22:43",
   ---
   >         "last_update": "2022-08-20 18:26:06",
   547450,547452c547566,547568
   <         "last_update": "2022-06-07 11:54:18",
   <         "md5sum": "265f8372bf07d2c68291f8c53128f770",
   <         "size": "1.04KB"
   ---
   >         "last_update": "2022-08-20 18:22:52",
   >         "md5sum": "21b37915fe52965733d271ff3c884e2b",
   >         "size": "1.08KB"
   547470,547472c547586,547588
   <         "last_update": "2022-06-07 11:50:32",
   <         "md5sum": "0e2648a4e2503bb943d0c8a471783d73",
   <         "size": "797B"
   ---
   >         "last_update": "2022-06-07 11:54:18",
   >         "md5sum": "e91d3e31e9f3b508d8d02bbe1bcf7459",
   >         "size": "811B"
   547540,547542c547656,547658
   <         "last_update": "2022-06-07 11:50:35",
   <         "md5sum": "862915615b8fb27d666dc10bad2b3b49",
   <         "size": "1.79KB"
   ---
   >         "last_update": "2022-08-20 18:22:52",
   >         "md5sum": "e255b493d202cd2a45f8290d5543e39b",
   >         "size": "1.88KB"
   547670,547672c547786,547788
   <         "last_update": "2022-06-07 11:54:18",
   <         "md5sum": "8a0f77a7347c6d90cd3a9235b8e96516",
   <         "size": "1.83KB"
   ---
   >         "last_update": "2022-08-20 18:22:52",
   >         "md5sum": "e255b493d202cd2a45f8290d5543e39b",
   >         "size": "1.88KB"
   549230c549346
   <         "last_update": "2022-06-07 11:51:41",
   ---
   >         "last_update": "2022-08-20 18:24:10",
   549322a549439,549448
   >     "/etc/systemd/system/wazuh-dashboard": {
   >         "type": "file",
   >         "user": "wazuh-dashboard",
   >         "group": "wazuh-dashboard",
   >         "mode": "750",
   >         "permissions": "-rwxr-x---",
   >         "last_update": "2021-11-15 16:47:07",
   >         "md5sum": "bfd48210d7d54b201e32e5f4f1cde89a",
   >         "size": "3.51KB"
   >     },
   549352a549479,549488
   >     "/etc/systemd/system/wazuh-dashboard.service": {
   >         "type": "file",
   >         "user": "wazuh-dashboard",
   >         "group": "wazuh-dashboard",
   >         "mode": "640",
   >         "permissions": "-rw-r-----",
   >         "last_update": "2021-11-15 16:47:07",
   >         "md5sum": "0a3d801c4b1b10d5f3b0059f8ebbc4b2",
   >         "size": "393B"
   >     },
   549468c549604
   <         "last_update": "2022-06-07 11:54:19",
   ---
   >         "last_update": "2022-08-20 18:25:07",
   549770a549907,549916
   >     "/etc/systemd/system/multi-user.target.wants/wazuh-dashboard.service": {
   >         "type": "file",
   >         "user": "wazuh-dashboard",
   >         "group": "wazuh-dashboard",
   >         "mode": "640",
   >         "permissions": "-rw-r-----",
   >         "last_update": "2021-11-15 16:47:07",
   >         "md5sum": "0a3d801c4b1b10d5f3b0059f8ebbc4b2",
   >         "size": "393B"
   >     },
   554480c554626
   <         "last_update": "2022-06-07 11:54:50",
   ---
   >         "last_update": "2022-08-20 18:24:10",
   554591a554738,554747
   >     },
   >     "/etc/default/wazuh-dashboard": {
   >         "type": "file",
   >         "user": "wazuh-dashboard",
   >         "group": "wazuh-dashboard",
   >         "mode": "750",
   >         "permissions": "-rwxr-x---",
   >         "last_update": "2021-11-15 16:47:07",
   >         "md5sum": "7b287c0803e3b544076523e88dfcc9cd",
   >         "size": "100B"
  

  The compared files can be found here

[QU3B1M]

Installed Service 🟢

Details

systemctl status wazuh-dashboard

● wazuh-dashboard.service - wazuh-dashboard
     Loaded: loaded (/etc/systemd/system/wazuh-dashboard.service; enabled; vendor preset: enabled)
     Active: active (running) since Wed 2022-08-17 18:50:25 UTC; 12s ago
   Main PID: 45851 (node)
      Tasks: 11 (limit: 2274)
     Memory: 162.9M
     CGroup: /system.slice/wazuh-dashboard.service
             └─45851 /usr/share/wazuh-dashboard/bin/../node/bin/node --no-warnings --max-http-header-size=65536 --unhandled-rejections=warn /usr/>

Aug 17 18:50:25 dashboard systemd[1]: wazuh-dashboard.service: Succeeded.
Aug 17 18:50:25 dashboard systemd[1]: Stopped wazuh-dashboard.
Aug 17 18:50:25 dashboard systemd[1]: Started wazuh-dashboard.
Aug 17 18:50:28 dashboard opensearch-dashboards[45851]: {"type":"log","@timestamp":"2022-08-17T18:50:28Z","tags":["info","plugins-service"],"pid">
Aug 17 18:50:29 dashboard opensearch-dashboards[45851]: {"type":"log","@timestamp":"2022-08-17T18:50:29Z","tags":["info","plugins-system"],"pid":>
Aug 17 18:50:29 dashboard opensearch-dashboards[45851]: {"type":"log","@timestamp":"2022-08-17T18:50:29Z","tags":["info","savedobjects-service"],>
Aug 17 18:50:29 dashboard opensearch-dashboards[45851]: {"type":"log","@timestamp":"2022-08-17T18:50:29Z","tags":["info","savedobjects-service"],>
Aug 17 18:50:29 dashboard opensearch-dashboards[45851]: {"type":"log","@timestamp":"2022-08-17T18:50:29Z","tags":["info","plugins-system"],"pid":>
Aug 17 18:50:29 dashboard opensearch-dashboards[45851]: {"type":"log","@timestamp":"2022-08-17T18:50:29Z","tags":["listening","info"],"pid":45851>
Aug 17 18:50:30 dashboard opensearch-dashboards[45851]: {"type":"log","@timestamp":"2022-08-17T18:50:30Z","tags":["info","http","server","OpenSea>

[QU3B1M]

Wazuh Dashboard logs when installed 🟢

Details

journalctl -u wazuh-dashboard

-- Logs begin at Tue 2022-06-07 11:55:04 UTC, end at Fri 2022-08-19 16:44:39 UTC. --
Aug 19 16:44:04 dashboard systemd[1]: Started wazuh-dashboard.
Aug 19 16:44:07 dashboard opensearch-dashboards[14543]: {"type":"log","@timestamp":"2022-08-19T16:44:07Z","tags":["info","plugins-service"],"pid":14543,"message":"Plugin \"visTypeXy\" is disabled."}
Aug 19 16:44:07 dashboard opensearch-dashboards[14543]: {"type":"log","@timestamp":"2022-08-19T16:44:07Z","tags":["info","plugins-system"],"pid":14543,"message":"Setting up [42] plugins: [alertingDashboards,usageCollection,opensearchDashboardsUsageCollection,opensearchDashboardsLegacy,mapsLegacy,share,opensearchUiShared,legacyExport,embeddable,expressions,data,home,console,apmOss,management,indexPatternManagement,advancedSettings,savedObjects,securityDashboards,reportsDashboards,indexManagementDashboards,dashboard,visualizations,visTypeVega,visTypeTimeline,timeline,visTypeTable,visTypeMarkdown,tileMap,regionMap,inputControlVis,ganttChartDashboards,visualize,charts,visTypeVislib,visTypeTimeseries,visTypeTagcloud,visTypeMetric,discover,wazuh,savedObjectsManagement,bfetch]"}
Aug 19 16:44:07 dashboard opensearch-dashboards[14543]: {"type":"log","@timestamp":"2022-08-19T16:44:07Z","tags":["info","savedobjects-service"],"pid":14543,"message":"Waiting until all OpenSearch nodes are compatible with OpenSearch Dashboards before starting saved objects migrations..."}
Aug 19 16:44:08 dashboard opensearch-dashboards[14543]: {"type":"log","@timestamp":"2022-08-19T16:44:08Z","tags":["info","savedobjects-service"],"pid":14543,"message":"Starting saved objects migrations"}
Aug 19 16:44:08 dashboard opensearch-dashboards[14543]: {"type":"log","@timestamp":"2022-08-19T16:44:08Z","tags":["info","plugins-system"],"pid":14543,"message":"Starting [42] plugins: [alertingDashboards,usageCollection,opensearchDashboardsUsageCollection,opensearchDashboardsLegacy,mapsLegacy,share,opensearchUiShared,legacyExport,embeddable,expressions,data,home,console,apmOss,management,indexPatternManagement,advancedSettings,savedObjects,securityDashboards,reportsDashboards,indexManagementDashboards,dashboard,visualizations,visTypeVega,visTypeTimeline,timeline,visTypeTable,visTypeMarkdown,tileMap,regionMap,inputControlVis,ganttChartDashboards,visualize,charts,visTypeVislib,visTypeTimeseries,visTypeTagcloud,visTypeMetric,discover,wazuh,savedObjectsManagement,bfetch]"}
Aug 19 16:44:09 dashboard opensearch-dashboards[14543]: {"type":"log","@timestamp":"2022-08-19T16:44:09Z","tags":["listening","info"],"pid":14543,"message":"Server running at https://0.0.0.0:443"}
Aug 19 16:44:09 dashboard opensearch-dashboards[14543]: {"type":"log","@timestamp":"2022-08-19T16:44:09Z","tags":["info","http","server","OpenSearchDashboards"],"pid":14543,"message":"http server running at https://0.0.0.0:443"}
Aug 19 16:44:35 dashboard systemd[1]: Stopping wazuh-dashboard...
Aug 19 16:44:35 dashboard opensearch-dashboards[14543]: {"type":"log","@timestamp":"2022-08-19T16:44:35Z","tags":["info","plugins-system"],"pid":14543,"message":"Stopping all plugins."}
Aug 19 16:44:35 dashboard systemd[1]: wazuh-dashboard.service: Succeeded.
Aug 19 16:44:35 dashboard systemd[1]: Stopped wazuh-dashboard.
Aug 19 16:44:35 dashboard systemd[1]: Started wazuh-dashboard.
Aug 19 16:44:38 dashboard opensearch-dashboards[14577]: {"type":"log","@timestamp":"2022-08-19T16:44:38Z","tags":["info","plugins-service"],"pid":14577,"message":"Plugin \"visTypeXy\" is disabled."}
Aug 19 16:44:38 dashboard opensearch-dashboards[14577]: {"type":"log","@timestamp":"2022-08-19T16:44:38Z","tags":["info","plugins-system"],"pid":14577,"message":"Setting up [42] plugins: [alertingDashboards,usageCollection,opensearchDashboardsUsageCollection,opensearchDashboardsLegacy,mapsLegacy,share,opensearchUiShared,legacyExport,embeddable,expressions,data,home,console,apmOss,management,indexPatternManagement,advancedSettings,savedObjects,securityDashboards,reportsDashboards,indexManagementDashboards,dashboard,visualizations,visTypeVega,visTypeTimeline,timeline,visTypeTable,visTypeMarkdown,tileMap,regionMap,inputControlVis,ganttChartDashboards,visualize,charts,visTypeVislib,visTypeTimeseries,visTypeTagcloud,visTypeMetric,discover,wazuh,savedObjectsManagement,bfetch]"}
Aug 19 16:44:39 dashboard opensearch-dashboards[14577]: {"type":"log","@timestamp":"2022-08-19T16:44:39Z","tags":["info","savedobjects-service"],"pid":14577,"message":"Waiting until all OpenSearch nodes are compatible with OpenSearch Dashboards before starting saved objects migrations..."}
Aug 19 16:44:39 dashboard opensearch-dashboards[14577]: {"type":"log","@timestamp":"2022-08-19T16:44:39Z","tags":["info","savedobjects-service"],"pid":14577,"message":"Starting saved objects migrations"}
Aug 19 16:44:39 dashboard opensearch-dashboards[14577]: {"type":"log","@timestamp":"2022-08-19T16:44:39Z","tags":["info","plugins-system"],"pid":14577,"message":"Starting [42] plugins: [alertingDashboards,usageCollection,opensearchDashboardsUsageCollection,opensearchDashboardsLegacy,mapsLegacy,share,opensearchUiShared,legacyExport,embeddable,expressions,data,home,console,apmOss,management,indexPatternManagement,advancedSettings,savedObjects,securityDashboards,reportsDashboards,indexManagementDashboards,dashboard,visualizations,visTypeVega,visTypeTimeline,timeline,visTypeTable,visTypeMarkdown,tileMap,regionMap,inputControlVis,ganttChartDashboards,visualize,charts,visTypeVislib,visTypeTimeseries,visTypeTagcloud,visTypeMetric,discover,wazuh,savedObjectsManagement,bfetch]"}
Aug 19 16:44:39 dashboard opensearch-dashboards[14577]: {"type":"log","@timestamp":"2022-08-19T16:44:39Z","tags":["listening","info"],"pid":14577,"message":"Server running at https://0.0.0.0:443"}
Aug 19 16:44:39 dashboard opensearch-dashboards[14577]: {"type":"log","@timestamp":"2022-08-19T16:44:39Z","tags":["info","http","server","OpenSearchDashboards"],"pid":14577,"message":"http server running at https://0.0.0.0:443"}

[QU3B1M]

Wazuh Dashboard configuration 🟢

Details

The config file `wazuh.yml` has some changes compared to the 4.3.6 as expected (issue [#4402](https:/wazuh/wazuh-dashboard-plugins/issues/4402)) a lot of those changes are improvements and fixes in the file documentation.

• 4.3.6 configuration file download

  Or full yml on screen

    ---
    #
    # Wazuh dashboard - App configuration file
    # Copyright (C) 2015-2022 Wazuh, Inc.
    #
    # This program is free software; you can redistribute it and/or modify
    # it under the terms of the GNU General Public License as published by
    # the Free Software Foundation; either version 2 of the License, or
    # (at your option) any later version.
    #
    # Find more information about this on the LICENSE file.
    #
    # ======================== Wazuh dashboard configuration file ========================
    #
    # Please check the documentation for more information on configuration options:
    # https://documentation.wazuh.com/4.3/installation-guide/index.html
    #
    # Also, you can check our repository:
    # https:/wazuh/wazuh-kibana-app
    #
    # ------------------------------- Disable roles -------------------------------
    #
    # Defines which Elasticsearch roles disable Wazuh
    # disabled_roles: 
    #      - wazuh_disabled
    #
    # ------------------------------- Index patterns -------------------------------
    #
    # Default index pattern to use.
    #pattern: wazuh-alerts-*
    #
    # ----------------------------------- Checks -----------------------------------
    #
    # Defines which checks must to be consider by the healthcheck
    # step once the Wazuh dashboard starts. Values must to be true or false.
    #checks.pattern : true
    #checks.template: true
    #checks.fields  : true
    #checks.api     : true
    #checks.setup   : true
    #checks.metaFields: true
    #checks.timeFilter: true
    #checks.maxBuckets: true
    #
    # --------------------------------- Extensions ---------------------------------
    #
    # Defines which extensions should be activated when you add a new API entry.
    # You can change them after Wazuh dashboard starts.
    # Values must to be true or false.
    #extensions.pci       : true
    #extensions.gdpr      : true
    #extensions.hipaa     : true
    #extensions.nist      : true
    #extensions.tsc       : true
    #extensions.audit     : true
    #extensions.oscap     : false
    #extensions.ciscat    : false
    #extensions.aws       : false
    #extensions.gcp       : false
    #extensions.virustotal: false
    #extensions.osquery   : false
    #extensions.docker    : false
    #
    # ---------------------------------- Timeout ----------------------------------
    #
    # Defines maximum timeout to be used on the Wazuh dashboard requests.
    # It will be ignored if it is bellow 1500.
    # It means milliseconds before we consider a request as failed.
    # Default: 20000
    #timeout: 20000
    #
    # -------------------------------- API selector --------------------------------
    #
    # Defines if the user is allowed to change the selected
    # API directly from the Wazuh dashboard top menu.
    # Default: true
    #api.selector: true
    #
    # --------------------------- Index pattern selector ---------------------------
    #
    # Defines if the user is allowed to change the selected
    # index pattern directly from the Wazuh dashboard top menu.
    # Default: true
    #ip.selector: true
    #
    # List of index patterns to be ignored
    #ip.ignore: []
    #
    # ------------------------------ wazuh-monitoring ------------------------------
    #
    # Custom setting to enable/disable wazuh-monitoring indices.
    # Values: true, false, worker
    # If worker is given as value, the app will show the Agents status
    # visualization but won't insert data on wazuh-monitoring indices.
    # Default: true
    #wazuh.monitoring.enabled: true
    #
    # Custom setting to set the frequency for wazuh-monitoring indices cron task.
    # Default: 900 (s)
    #wazuh.monitoring.frequency: 900
    #
    # Configure wazuh-monitoring-* indices shards and replicas.
    #wazuh.monitoring.shards: 1
    #wazuh.monitoring.replicas: 0
    #
    # Configure wazuh-monitoring-* indices custom creation interval.
    # Values: h (hourly), d (daily), w (weekly), m (monthly)
    # Default: w
    #wazuh.monitoring.creation: w
    #
    # Default index pattern to use for Wazuh monitoring
    #wazuh.monitoring.pattern: wazuh-monitoring-*
    #
    # --------------------------------- wazuh-cron ----------------------------------
    #
    # Customize the index prefix of predefined jobs
    # This change is not retroactive, if you change it new indexes will be created
    # cron.prefix: wazuh
    #
    # --------------------------------- wazuh-sample-alerts -------------------------
    #
    # Customize the index name prefix of sample alerts
    # This change is not retroactive, if you change it new indexes will be created
    # It should match with a valid index template to avoid unknown fields on
    # dashboards
    #alerts.sample.prefix: wazuh-alerts-4.x-
    #
    # ------------------------------ wazuh-statistics -------------------------------
    #
    # Custom setting to enable/disable statistics tasks.
    #cron.statistics.status: true
    #
    # Enter the ID of the APIs you want to save data from, leave this empty to run
    # the task on all configured APIs
    #cron.statistics.apis: []
    #
    # Define the frequency of task execution using cron schedule expressions
    #cron.statistics.interval: 0 */5 * * * *
    #
    # Define the name of the index in which the documents are to be saved.
    #cron.statistics.index.name: statistics
    #
    # Define the interval in which the index will be created
    #cron.statistics.index.creation: w
    #
    # Configure statistics indices shards and replicas.
    #cron.statistics.shards: 1
    #cron.statistics.replicas: 0
    #
    # ------------------------------ wazuh-logo-customization -------------------------------
    #
    #Define the name of the app logo saved in the path /plugins/wazuh/assets/
    #customization.logo.app: ''
    #
    #Define the name of the sidebar logo saved in the path /plugins/wazuh/assets/
    #customization.logo.sidebar: ''
    #
    #Define the name of the health-check logo saved in the path /plugins/wazuh/assets/
    #customization.logo.healthcheck: ''
    #
    #Define the name of the reports logo (.png) saved in the path /plugins/wazuh/assets/
    #customization.logo.reports: ''
    #
    # ---------------------------- Hide manager alerts ------------------------------
    # Hide the alerts of the manager in all dashboards and discover
    #hideManagerAlerts: false
    #
    # ------------------------------- App logging level -----------------------------
    # Set the logging level for the Wazuh dashboard log files.
    # Default value: info
    # Allowed values: info, debug
    #logs.level: info
    #
    # -------------------------------- Enrollment DNS -------------------------------
    # Set the variable WAZUH_REGISTRATION_SERVER in agents deployment.
    # Default value: ''
    #enrollment.dns: ''
    #
    # Wazuh registration password
    # Default value: ''
    #enrollment.password: ''
    #-------------------------------- API entries -----------------------------------
    #The following configuration is the default structure to define an API entry.
    #
    #hosts:
    #  - <id>:
          # URL
          # API url
          # url: http(s)://<url>
  
          # Port
          # API port
          # port: <port>
  
          # Username
          # API user's username
          # username: <username>
  
          # Password
          # API user's password
          # password: <password>
  
          # Run as
          # Define how the app user gets his/her app permissions.
          # Values:
          #   - true: use his/her authentication context. Require Wazuh API user allows run_as.
          #   - false or not defined: get same permissions of Wazuh API user.
          # run_as: <true|false>
    hosts:
    - default:
          url: https://192.168.56.10
          port: 55000
          username: wazuh-wui
          password: wazuh-wui
          run_as: false
  

• 4.3.7 configuration file download

  Or full yml on screen

   ---
   #
   # Wazuh dashboard - App configuration file
   # Copyright (C) 2015-2022 Wazuh, Inc.
   #
   # This program is free software; you can redistribute it and/or modify
   # it under the terms of the GNU General Public License as published by
   # the Free Software Foundation; either version 2 of the License, or
   # (at your option) any later version.
   #
   # Find more information about this on the LICENSE file.
   #
   # ======================== Wazuh dashboard configuration file ========================
   #
   # Please check the documentation for more information about configuration options:
   # https://documentation.wazuh.com/4.3/user-manual/wazuh-dashboard/config-file.html
   #
   # Also, you can check our repository:
   # https:/wazuh/wazuh-kibana-app
   #
   # ---------------------------- Unauthorized roles ------------------------------
   #
   # Disable Wazuh for the Elasticsearch / OpenSearch roles defined here.
   # disabled_roles:
   #   - wazuh_disabled
   #
   # ------------------------------- Index patterns -------------------------------
   #
   # Default index pattern to use on the app. If there's no valid index pattern, the
   # app will automatically create one with the name indicated in this option.
   # pattern: wazuh-alerts-*
   #
   # ----------------------------------- Checks -----------------------------------
   #
   # Define which checks will be executed by the App's HealthCheck.
   # Allowed values are: true, false
   #
   # Enable or disable the index pattern health check when opening the app.
   # checks.pattern: true
   #
   # Enable or disable the template health check when opening the app.
   # checks.template: true
   #
   # Enable or disable the API health check when opening the app.
   # checks.api: true
   #
   # Enable or disable the setup health check when opening the app.
   # checks.setup: true
   #
   # Enable or disable the known fields health check when opening the app.
   # checks.fields: true
   #
   # Change the default value of the Wazuh dashboard metaField configuration
   # checks.metaFields: true
   #
   # Change the default value of the Wazuh dashboard timeFilter configuration
   # checks.timeFilter: true
   #
   # Change the default value of the Wazuh dashboard max buckets configuration
   # checks.maxBuckets: true
   #
   # --------------------------------- Extensions ---------------------------------
   #
   # Define the initial state of the extensions (enabled / disabled) for recently
   # added hosts. The extensions can be enabled or disabled anytime using the UI.
   # Allowed values are: true, false
   #
   # Enable or disable the PCI DSS tab on Overview and Agents.
   # extensions.pci: true
   #
   # Enable or disable the GDPR tab on Overview and Agents.
   # extensions.gdpr: true
   #
   # Enable or disable the HIPAA tab on Overview and Agents.
   # extensions.hipaa: true
   #
   # Enable or disable the NIST 800-53 tab on Overview and Agents.
   # extensions.nist: true
   #
   # Enable or disable the TSC tab on Overview and Agents.
   # extensions.tsc: true
   #
   # Enable or disable the Audit tab on Overview and Agents.
   # extensions.audit: true
   #
   # Enable or disable the Open SCAP tab on Overview and Agents.
   # extensions.oscap: false
   #
   # Enable or disable the CIS-CAT tab on Overview and Agents.
   # extensions.ciscat: false
   #
   # Enable or disable the Amazon (AWS) tab on Overview.
   # extensions.aws: false
   #
   # Enable or disable the Google Cloud Platform tab on Overview.
   # extensions.gcp: false
   #
   # Enable or disable the VirusTotal tab on Overview and Agents.
   # extensions.virustotal: false
   #
   # Enable or disable the Osquery tab on Overview and Agents.
   # extensions.osquery: false
   #
   # Enable or disable the Docker listener tab on Overview and Agents.
   # extensions.docker: false
   #
   # ------------------------------- Timeout --------------------------------------
   #
   # Maximum time, in milliseconds, the app will wait for an API response when making
   # requests to it. It will be ignored if the value is set under 1500 milliseconds.
   # timeout: 20000
   #
   # --------------------------- Index pattern selector ---------------------------
   #
   # Define if the user is allowed to change the selected index pattern directly from
   # the top menu bar.
   # ip.selector: true
   #
   # Disable certain index pattern names from being available in index pattern
   # selector from the Wazuh app.
   # ip.ignore: 
   #
   # ------------------------------ Monitoring ------------------------------------
   #
   # Enable or disable the wazuh-monitoring index creation and/or visualization.
   # wazuh.monitoring.enabled: true
   #
   # Frequency, in seconds, of API requests to get the state of the agents and create
   # a new document in the wazuh-monitoring index with this data.
   # wazuh.monitoring.frequency: 900
   #
   # Define the number of shards to use for the wazuh-monitoring-* indices.
   # wazuh.monitoring.shards: 1
   #
   # Define the number of replicas to use for the wazuh-monitoring-* indices.
   # wazuh.monitoring.replicas: 0
   #
   # Define the interval in which a new wazuh-monitoring index will be created.
   # Allowed values are: h (hourly), d (daily), w (weekly), m (monthly)
   # wazuh.monitoring.creation: w
   #
   # Default index pattern to use for Wazuh monitoring.
   # wazuh.monitoring.pattern: wazuh-monitoring-*
   #
   # --------------------------------- Sample data --------------------------------
   #
   # Define the index name prefix of sample alerts. It must match the template used
   # by the index pattern to avoid unknown fields in dashboards.
   # alerts.sample.prefix: wazuh-alerts-4.x-
   #
   # ------------------------------ Background tasks ------------------------------
   #
   # Define the index prefix of predefined jobs.
   # cron.prefix: wazuh
   #
   # ------------------------------ Wazuh Statistics ------------------------------
   #
   # Enable or disable the statistics tasks.
   # cron.statistics.status: true
   #
   # Enter the ID of the hosts you want to save data from, leave this empty to run
   # the task on every host.
   # cron.statistics.apis: 
   #
   # Define the frequency of task execution using cron schedule expressions.
   # cron.statistics.interval: 0 */5 * * * *
   #
   # Define the name of the index in which the documents will be saved.
   # cron.statistics.index.name: statistics
   #
   # Define the interval in which a new index will be created.
   # cron.statistics.index.creation: w
   #
   # Define the number of shards to use for the statistics indices.
   # cron.statistics.shards: 1
   #
   # Define the number of replicas to use for the statistics indices.
   # cron.statistics.replicas: 0
   #
   # ------------------------------ Logo customization ----------------------------
   #
   # Set the name of the app logo stored at /plugins/wazuh/public/assets/
   # customization.logo.app: 
   #
   # Set the name of the sidebar logo stored at /plugins/wazuh/public/assets/
   # customization.logo.sidebar: 
   #
   # Set the name of the health-check logo stored at /plugins/wazuh/public/assets/
   # customization.logo.healthcheck: 
   #
   # Set the name of the reports logo (.png) stored at /plugins/wazuh/public/assets/
   # customization.logo.reports: 
   #
   # ---------------------------- Hide manager alerts -----------------------------
   #
   # Hide the alerts of the manager in every dashboard.
   # hideManagerAlerts: false
   #
   # ------------------------------- App logging level ----------------------------
   #
   # Logging level of the App.
   # Allowed values are: info, debug
   # logs.level: info
   #
   # ------------------------------- Agent enrollment -----------------------------
   #
   # Specifies the Wazuh registration server, used for the agent enrollment.
   # enrollment.dns: 
   #
   # Specifies the password used to authenticate during the agent enrollment.
   # enrollment.password: 
   #
   #-------------------------------- Wazuh hosts ----------------------------------
   #
   # The following configuration is the default structure to define a host.
   #
   # hosts:
   #   # Host ID / name,
   #   - env-1:
   #       # Host URL
   #       url: https://env-1.example
   #       # Host / API port
   #       port: 55000
   #       # Host / API username
   #       username: wazuh-wui
   #       # Host / API password
   #       password: wazuh-wui
   #       # Use RBAC or not. If set to true, the username must be "wazuh-wui".
   #       run_as: true
   #   - env-2:
   #       url: https://env-2.example
   #       port: 55000
   #       username: wazuh-wui
   #       password: wazuh-wui
   #       run_as: true
  
   hosts:
     - default:
         url: https://192.168.56.10
         port: 55000
         username: wazuh-wui
         password: wazuh-wui
         run_as: false
  

[QU3B1M]

Wazuh Dashboard communication with Wazuh manager API and Wazuh indexer 🟢

Details

GET /manager/info

Server log:

2022/08/18 15:27:14 INFO: wazuh-wui 192.168.56.12 "GET /manager/info" with parameters {} and body {} done in 0.015s: 200

GET /syscollector/000/packages?search=ssh&limit=1

Server log:

2022/08/18 15:28:33 INFO: wazuh-wui 192.168.56.12 "GET /syscollector/000/packages" with parameters {"search": "ssh", "limit": "1"} and body {} done in 0.024s: 200

Security Events

Index on wazuh-indexer

root@vagrant:/vagrant# curl -u admin:admin -k -XGET "https://192.168.56.11:9200/_cat/indices/wazuh-alerts-*?s=index"
green open wazuh-alerts-4.x-2022.08.17 1huip-OxTyGiB76txfMYqg 3 0 10 0  87.1kb  87.1kb
green open wazuh-alerts-4.x-2022.08.18 foqUmBPdSkGIqzFOgS3uOw 3 0 17 0 110.7kb 110.7kb

[QU3B1M]

Register Wazuh Agents 🟢

Details

Installing agents by following the guide given by wazuh-dashboard

Centos Agent installation

• On wazuh-dashboard navigate to the page agents and start deploying a new agent using the button Deploy new agent to open the agent one-liner deploy page

• Select the correct agent host specifications

  selection image

  

• Install the agent using the command given by the dashboard (modifying the version to 4.3.6 that is the one that can be found on the repository for now)

  sudo WAZUH_MANAGER='192.168.56.10' WAZUH_AGENT_GROUP='default' yum install https://packages.wazuh.com/4.x/yum/wazuh-agent-4.3.6-1.x86_64.rpm
  

• Start the agent service

  sudo systemctl daemon-reload
  sudo systemctl enable wazuh-agent
  sudo systemctl start wazuh-agent
  

• The agent is working and listed properly
  

Centos Agent installation on group `testgroup`

• On wazuh-dashboard navigate to the page agents and start deploying a new agent using the button Deploy new agent to open the agent one-liner deploy page

• Select the correct agent host specifications

  selection image

  

• Install the agent using the command given by the dashboard (modifying the version to 4.3.6 that is the one that can be found on the repository for now)

  sudo WAZUH_MANAGER='192.168.56.10' WAZUH_AGENT_GROUP='testgroup' yum install https://packages.wazuh.com/4.x/yum/wazuh-agent-4.3.6-1.x86_64.rpm
  

• Start the agent service

  sudo systemctl daemon-reload
  sudo systemctl enable wazuh-agent
  sudo systemctl start wazuh-agent
  

• The agent is working and listed properly
  

Ubuntu Agent installation

• On wazuh-dashboard navigate to the page agents and start deploying a new agent using the button Deploy new agent to open the agent one-liner deploy page

• Select the correct agent host specifications

  selection image

  

• Install the agent using the command given by the dashboard (modifying the version to 4.3.6 that is the one that can be found on the repository for now)

  curl -so wazuh-agent-4.3.6.deb https://packages.wazuh.com/4.x/apt/pool/main/w/wazuh-agent/wazuh-agent_4.3.6-1_amd64.deb && sudo WAZUH_MANAGER='192.168.56.10' WAZUH_AGENT_GROUP='default' dpkg -i ./wazuh-agent-4.3.6.deb
  

• Start the agent service

  sudo systemctl daemon-reload
  sudo systemctl enable wazuh-agent
  sudo systemctl start wazuh-agent
  

• The agent is working and listed properly
  

Ubuntu Agent installation on group `testgroup`

• On wazuh-dashboard navigate to the page agents and start deploying a new agent using the button Deploy new agent to open the agent one-liner deploy page

• Select the correct agent host specifications

  selection image

  

• Install the agent using the command given by the dashboard (modifying the version to 4.3.6 that is the one that can be found on the repository for now)

  curl -so wazuh-agent-4.3.6.deb https://packages.wazuh.com/4.x/apt/pool/main/w/wazuh-agent/wazuh-agent_4.3.6-1_amd64.deb && sudo WAZUH_MANAGER='192.168.56.10' WAZUH_AGENT_GROUP='testgroup' dpkg -i ./wazuh-agent-4.3.6.deb
  

• Start the agent service

  sudo systemctl daemon-reload
  sudo systemctl enable wazuh-agent
  sudo systemctl start wazuh-agent
  

• The agent is working and listed properly
  

Windows Agent installation

• On wazuh-dashboard navigate to the page agents and start deploying a new agent using the button Deploy new agent to open the agent one-liner deploy page

• Select the correct agent host specifications

  selection image

  

• Install the agent using the command given by the dashboard (modifying the version to 4.3.6 that is the one that can be found on the repository for now)

  Invoke-WebRequest -Uri https://packages.wazuh.com/4.x/windows/wazuh-agent-4.3.6-1.msi -OutFile ${env:tmp}\wazuh-agent-4.3.6.msi; msiexec.exe /i ${env:tmp}\wazuh-agent-4.3.6.msi /q WAZUH_MANAGER='192.168.56.10' WAZUH_REGISTRATION_SERVER='192.168.56.10' WAZUH_AGENT_GROUP='default' 
  

• Start the agent service

  NET START WazuhSvc
  

• The agent is working and listed properly
  

Windows Agent installation on group `testgroup`

• On wazuh-dashboard navigate to the page agents and start deploying a new agent using the button Deploy new agent to open the agent one-liner deploy page

• Select the correct agent host specifications

  selection image

  

• Install the agent using the command given by the dashboard (modifying the version to 4.3.6 that is the one that can be found on the repository for now)

  Invoke-WebRequest -Uri https://packages.wazuh.com/4.x/windows/wazuh-agent-4.3.6-1.msi -OutFile ${env:tmp}\wazuh-agent-4.3.6.msi; msiexec.exe /i ${env:tmp}\wazuh-agent-4.3.6.msi /q WAZUH_MANAGER='192.168.56.10' WAZUH_REGISTRATION_SERVER='192.168.56.10' WAZUH_AGENT_GROUP='testgroup' 
  

• Start the agent service

  NET START WazuhSvc
  

• The agent is working and listed properly

  

[QU3B1M]

Basic browsing through the WUI 🟢

Details

Wazuh APP > Modules

2022-08-18.18-45-03.mp4

Wazuh APP > Management

2022-08-18.18-54-23.mp4

Wazuh APP > Agents

2022-08-18.19-01-13.mp4

Wazuh APP > Tools

2022-08-18.19-07-45.mp4

Wazuh APP > Settings and general test

2022-08-18.19-12-48.mp4

[QU3B1M]

Basic experience with WUI performance. 🟢

Details

GET /rules & GET /decoders

2022-08-18.19-18-02.mp4

2022/08/18 22:04:47 INFO: wazuh-wui 192.168.56.12 "GET /decoders" with parameters {} and body {} done in 0.290s: 200
2022/08/18 22:04:56 INFO: wazuh-wui 192.168.56.12 "GET /rules" with parameters {} and body {} done in 0.588s: 200