Merge 4.10.0 into 4.10.1 (#7106)

Merge 4.10.0 into 4.10.1 > [!CAUTION] > Merge PR strategy: Create a merge commit
wazuh · Oct 17, 2024 · b3c69d8 · b3c69d8
2 parents 3eef5da + 911aa75
commit b3c69d8
Show file tree

Hide file tree

Showing 120 changed files with 2,268 additions and 3,484 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -8,29 +8,43 @@ All notable changes to the Wazuh app project will be documented in this file.
 
 - Support for Wazuh 4.10.1
 
-## Wazuh v4.10.0 - OpenSearch Dashboards 2.16.0 - Revision 01
+## Wazuh v4.10.0 - OpenSearch Dashboards 2.16.0 - Revision 02
 
 ### Added
 
 - Support for Wazuh 4.10.0
 - Added sample data for YARA [#6964](https://github.com/wazuh/wazuh-dashboard-plugins/issues/6964)
+- Added a custom filter and visualization for vulnerability.under_evaluation field [#6968](https://github.com/wazuh/wazuh-dashboard-plugins/issues/6968) [#7044](https://github.com/wazuh/wazuh-dashboard-plugins/pull/7044) [#7046](https://github.com/wazuh/wazuh-dashboard-plugins/issues/7046)
 
 ### Changed
 
 - Update malware detection group values in data sources [#6963](https://github.com/wazuh/wazuh-dashboard-plugins/issues/6963)
-- Changed the registration id of the Settings application for compatibility with Opensearch Dashboard 2.16.0 [#6938](https://github.com/wazuh/wazuh-dashboard-plugins/pull/6938)
+- Changed the registration id of the Settings application for compatibility with OpenSearch Dashboard 2.16.0 [#6938](https://github.com/wazuh/wazuh-dashboard-plugins/pull/6938)
 - Changed Malware detection dashboard visualizations [#6964](https://github.com/wazuh/wazuh-dashboard-plugins/issues/6964)
+- Changed MITRE ATT&CK overview description [#7032](https://github.com/wazuh/wazuh-dashboard-plugins/pull/7032)
+- Changed the agents summary in overview with no results to an agent deployment help message. [#7041](https://github.com/wazuh/wazuh-dashboard-plugins/pull/7041)
+- Changed malware feature description [#7036](https://github.com/wazuh/wazuh-dashboard-plugins/pull/7036)
+- Changed the font size of the kpi subtitles and the features descriptions [#7033](https://github.com/wazuh/wazuh-dashboard-plugins/pull/7033)
+- Changed feature container margins to ensure consistent separation and uniform design. [#7034](https://github.com/wazuh/wazuh-dashboard-plugins/pull/7034)
+- Changed the initial width to the default columns on each selected field [#7059](https://github.com/wazuh/wazuh-dashboard-plugins/issues/7059)
 
 ### Fixed
 
+- Fixed the filter are displayed cropped on screens of 575px to 767px in vulnerability detection module [#7047](https://github.com/wazuh/wazuh-dashboard-plugins/pull/7047)
 - Fixed read-only users could not access to Statistics application [#7001](https://github.com/wazuh/wazuh-dashboard-plugins/pull/7001)
+- Fixed no-agent-alert spawn with selected agent in agent-welcome view [#7029](https://github.com/wazuh/wazuh-dashboard-plugins/pull/7029)
+- Fixed security policy exception when it contained deprecated actions [#7042](https://github.com/wazuh/wazuh-dashboard-plugins/pull/7042)
+- Fixed export formatted csv data with special characters from tables [#7048](https://github.com/wazuh/wazuh-dashboard-plugins/pull/7048)
+- Fixed column reordering feature [#7072](https://github.com/wazuh/wazuh-dashboard-plugins/pull/7072)
+- Fixed filter management to prevent hiding when adding multiple filters [#7077](https://github.com/wazuh/wazuh-dashboard-plugins/pull/7077)
 
 ### Removed
 
 - Removed agent RBAC filters from dashboard queries [#6945](https://github.com/wazuh/wazuh-dashboard-plugins/pull/6945)
 - Removed GET /elastic/statistics API endpoint [#7001](https://github.com/wazuh/wazuh-dashboard-plugins/pull/7001)
+- Removed VirusTotal application in favor of Malware Detection [#7038](https://github.com/wazuh/wazuh-dashboard-plugins/pull/7038)
 
-## Wazuh v4.9.1 - OpenSearch Dashboards 2.13.0 - Revision 01
+## Wazuh v4.9.1 - OpenSearch Dashboards 2.13.0 - Revision 04
 
 ### Added
 
@@ -49,6 +63,11 @@ All notable changes to the Wazuh app project will be documented in this file.
 - Fixed missing options depending on agent operating system in the agent configuration report [#6983](https://github.com/wazuh/wazuh-dashboard-plugins/pull/6983)
 - Fixed an style that affected the Discover plugin [#6989](https://github.com/wazuh/wazuh-dashboard-plugins/pull/6989)
 - Fixed a problem updating the API host registry in the GET /api/check-stored-api [#6995](https://github.com/wazuh/wazuh-dashboard-plugins/pull/6995)
+- Fixed the `Open report` button of the toast and the `Download report` icon of the reporting table in Safari [#7019](https://github.com/wazuh/wazuh-dashboard-plugins/pull/7019)
+- Fixed style when unnpinned an agent in endpoint summary section [#7015](https://github.com/wazuh/wazuh-dashboard-plugins/pull/7015)
+- Fixed overflow style on a long value filter [#7021](https://github.com/wazuh/wazuh-dashboard-plugins/pull/7021)
+- Fixed buttons enabled for a readonly user in `Endpoint groups` section [#7056](https://github.com/wazuh/wazuh-dashboard-plugins/pull/7056)
+- Fixed the automatic page refresh in dashboards and prevent duplicate requests [#7090](https://github.com/wazuh/wazuh-dashboard-plugins/pull/7090)
 
 ### Changed
 
@@ -62,7 +81,9 @@ All notable changes to the Wazuh app project will be documented in this file.
 
 ### Removed
 
+- Removed the PDF report footer year [#7023](https://github.com/wazuh/wazuh-dashboard-plugins/pull/7023)
 - Removed the XML autoformat function group configuration due to performance [#6999](https://github.com/wazuh/wazuh-dashboard-plugins/pull/6999)
+- Removed data grid tables from Threat hunting dashboard, GitHub panel and Office365 panel [#7086](https://github.com/wazuh/wazuh-dashboard-plugins/pull/7086)
 
 ## Wazuh v4.9.0 - OpenSearch Dashboards 2.13.0 - Revision 07
 

diff --git a/plugins/main/README.md b/plugins/main/README.md
@@ -25,7 +25,7 @@ the Wazuh Indexer. The plugin provides the following capabilities:
     - CIS-CAT: Configuration assessment using Center of Internet Security scanner and SCAP checks.
   - Threat Detection and Response
     - Vulnerabilities: Discover what applications in your environment are affected by well-known vulnerabilities.
-    - MITRE ATT&CK: Security events from the knowledge base of adversary tactics and techniques based on real-world observations.
+    - MITRE ATT&CK: Explore security alerts mapped to adversary tactics and techniques for better threat understanding.
     - VirusTotal: Alerts resulting from VirusTotal analysis of suspicious files via an integration with their API.
     - Osquery: Osquery can be used to expose an operating system as a high-performance relational database.
     - Docker listener: Monitor and collect the activity from Docker containers such as creation, running, starting, stopping or pausing events.

diff --git a/plugins/main/common/api-info/security-actions.json b/plugins/main/common/api-info/security-actions.json
@@ -551,6 +551,16 @@
       "DELETE /decoders/files/{filename}"
     ]
   },
+  "event:ingest": {
+    "description": "Ingest events",
+    "resources": ["*:*"],
+    "example": {
+      "actions": ["event:ingest"],
+      "resources": ["*:*:*"],
+      "effect": "allow"
+    },
+    "related_endpoints": ["POST /events"]
+  },
   "syscollector:read": {
     "description": "Access agents syscollector information",
     "resources": ["agent:id", "agent:group"],
@@ -694,15 +704,5 @@
       "effect": "deny"
     },
     "related_endpoints": ["GET /tasks/status"]
-  },
-  "event:ingest": {
-    "description": "Ingest events",
-    "resources": ["*:*"],
-    "example": {
-      "actions": ["event:ingest"],
-      "resources": ["*:*:*"],
-      "effect": "allow"
-    },
-    "related_endpoints": ["POST /events"]
   }
 }
diff --git a/plugins/main/common/constants.ts b/plugins/main/common/constants.ts
@@ -81,11 +81,11 @@ export const WAZUH_SAMPLE_ALERTS_CATEGORIES_TYPE_ALERTS = {
     { audit: true },
     { openscap: true },
     { ciscat: true },
+    { virustotal: true },
     { yara: true },
   ],
   [WAZUH_SAMPLE_ALERTS_CATEGORY_THREAT_DETECTION]: [
     { vulnerabilities: true },
-    { virustotal: true },
     { osquery: true },
     { docker: true },
     { mitre: true },
@@ -243,8 +243,6 @@ export const DATA_SOURCE_FILTER_CONTROLLED_MITRE_ATTACK_RULE =
   'mitre-attack-rule';
 export const DATA_SOURCE_FILTER_CONTROLLED_MITRE_ATTACK_RULE_ID =
   'hidden-mitre-attack-rule-id';
-export const DATA_SOURCE_FILTER_CONTROLLED_VIRUSTOTAL_RULE_GROUP =
-  'virustotal-rule-group';
 export const DATA_SOURCE_FILTER_CONTROLLED_GOOGLE_CLOUD_RULE_GROUP =
   'gcp-rule-group';
 export const DATA_SOURCE_FILTER_CONTROLLED_MALWARE_DETECTION_RULE_GROUP =
@@ -303,7 +301,7 @@ export const ASSETS_PUBLIC_URL = '/plugins/wazuh/public/assets/';
 export const REPORTS_LOGO_IMAGE_ASSETS_RELATIVE_PATH =
   'images/logo_reports.png';
 export const REPORTS_PRIMARY_COLOR = '#256BD1';
-export const REPORTS_PAGE_FOOTER_TEXT = 'Copyright © 2024 Wazuh, Inc.';
+export const REPORTS_PAGE_FOOTER_TEXT = 'Copyright © Wazuh, Inc.';
 export const REPORTS_PAGE_HEADER_TEXT = '[email protected]\nhttps://wazuh.com';
 
 // Plugin platform
@@ -529,3 +527,6 @@ export const SEARCH_BAR_DEBOUNCE_UPDATE_TIME = 400;
 
 // ID used to refer the createOsdUrlStateStorage state
 export const OSD_URL_STATE_STORAGE_ID = 'state:storeInSessionStorage';
+
+export const APP_STATE_URL_KEY = '_a';
+export const GLOBAL_STATE_URL_KEY = '_g';
diff --git a/plugins/main/common/wazuh-modules.ts b/plugins/main/common/wazuh-modules.ts
@@ -26,7 +26,7 @@ export const WAZUH_MODULES = {
     title: 'Malware detection',
     appId: 'malware-detection',
     description:
-      'Verify that your systems are configured according to your security policies baseline.',
+      'Check indicators of compromise triggered by malware infections or cyberattacks.',
   },
   vuls: {
     title: 'Vulnerability detection',
@@ -99,17 +99,11 @@ export const WAZUH_MODULES = {
     description:
       'Security events related to your Google Cloud Platform services, collected directly via GCP API.', // TODO GCP
   },
-  virustotal: {
-    title: 'VirusTotal',
-    appId: 'virustotal',
-    description:
-      'Alerts resulting from VirusTotal analysis of suspicious files via an integration with their API.',
-  },
   mitre: {
     title: 'MITRE ATT&CK',
     appId: 'mitre-attack',
     description:
-      'Security events from the knowledge base of adversary tactics and techniques based on real-world observations',
+      'Explore security alerts mapped to adversary tactics and techniques for better threat understanding.',
   },
   syscollector: {
     title: 'Inventory data',

diff --git a/plugins/main/public/components/add-modules-data/sample-data.tsx b/plugins/main/public/components/add-modules-data/sample-data.tsx
@@ -37,7 +37,6 @@ import {
   malwareDetection,
   mitreAttack,
   office365,
-  virustotal,
   vulnerabilityDetection,
 } from '../../utils/applications';
 
@@ -47,14 +46,18 @@ const sampleSecurityInformationApplication = [
   office365.title,
   googleCloud.title,
   github.title,
-];
+  'authorization',
+  'ssh',
+  'web',
+].join(', ');
 
 const sampleThreatDetectionApplication = [
   vulnerabilityDetection.title,
-  virustotal.title,
   docker.title,
   mitreAttack.title,
-];
+].join(', ');
+
+const sampleMalwareDetection = ['malware', 'VirusTotal', 'YARA'].join(', ');
 
 export default class WzSampleData extends Component {
   categories: {
@@ -77,23 +80,19 @@ export default class WzSampleData extends Component {
     this.categories = [
       {
         title: 'Sample security information',
-        description: `Sample data, visualizations and dashboards for security information (${sampleSecurityInformationApplication.join(
-          ', ',
-        )}, authorization, ssh, web).`,
+        description: `Sample data, visualizations and dashboards for security information (${sampleSecurityInformationApplication}).`,
         image: '',
         categorySampleAlertsIndex: 'security',
       },
       {
         title: `Sample ${malwareDetection.title}`,
-        description: `Sample data, visualizations and dashboards for events of ${malwareDetection.title} (${malwareDetection.title}).`,
+        description: `Sample data, visualizations and dashboards for events of ${malwareDetection.title} (${sampleMalwareDetection}).`,
         image: '',
         categorySampleAlertsIndex: 'auditing-policy-monitoring',
       },
       {
         title: 'Sample threat detection and response',
-        description: `Sample data, visualizations and dashboards for threat events of detection and response (${sampleThreatDetectionApplication.join(
-          ', ',
-        )}).`,
+        description: `Sample data, visualizations and dashboards for threat events of detection and response (${sampleThreatDetectionApplication}).`,
         image: '',
         categorySampleAlertsIndex: 'threat-detection',
       },

diff --git a/plugins/main/public/components/agents/__snapshots__/agent-status.test.tsx.snap b/plugins/main/public/components/agents/__snapshots__/agent-status.test.tsx.snap
@@ -126,7 +126,8 @@ exports[`AgentStatus component Renders status indicator with the its color and t
       xmlns="http://www.w3.org/2000/svg"
     >
       <path
-        d="M8 14A6 6 0 1 1 8 2a6 6 0 0 1 0 12Zm0-1A5 5 0 1 0 8 3a5 5 0 0 0 0 10Zm-.186-1.065A.785.785 0 0 1 7 11.12c0-.48.34-.82.814-.82.475 0 .809.34.809.82 0 .475-.334.815-.809.815ZM5.9 6.317C5.96 5.168 6.755 4.4 8.048 4.4c1.218 0 2.091.759 2.091 1.8 0 .736-.36 1.304-1.03 1.707-.56.33-.717.56-.717 1.022v.305l-.1.1H7.47l-.1-.1v-.431c-.005-.646.302-1.104.987-1.514.527-.322.708-.59.708-1.047 0-.536-.416-.91-1.05-.91-.652 0-1.064.374-1.112.998l-.1.092H6l-.1-.105Z"
+        d="M7.5 11.508 7.468 8H6.25V7h2.401l.03 3.508H9.8v1H7.5Zm-.25-6.202a.83.83 0 0 1 .207-.577c.137-.153.334-.229.59-.229.256 0 .454.076.594.23.14.152.209.345.209.576 0 .228-.07.417-.21.568-.14.15-.337.226-.593.226-.256 0-.453-.075-.59-.226a.81.81 0 0 1-.207-.568ZM8 13A5 5 0 1 0 8 3a5 5 0 0 0 0 10Zm0 1A6 6 0 1 1 8 2a6 6 0 0 1 0 12Z"
+        fill-rule="evenodd"
       />
     </svg>
   </span>
@@ -193,7 +194,8 @@ exports[`AgentStatus component Renders status indicator with the its color and t
       xmlns="http://www.w3.org/2000/svg"
     >
       <path
-        d="M8 14A6 6 0 1 1 8 2a6 6 0 0 1 0 12Zm0-1A5 5 0 1 0 8 3a5 5 0 0 0 0 10Zm-.186-1.065A.785.785 0 0 1 7 11.12c0-.48.34-.82.814-.82.475 0 .809.34.809.82 0 .475-.334.815-.809.815ZM5.9 6.317C5.96 5.168 6.755 4.4 8.048 4.4c1.218 0 2.091.759 2.091 1.8 0 .736-.36 1.304-1.03 1.707-.56.33-.717.56-.717 1.022v.305l-.1.1H7.47l-.1-.1v-.431c-.005-.646.302-1.104.987-1.514.527-.322.708-.59.708-1.047 0-.536-.416-.91-1.05-.91-.652 0-1.064.374-1.112.998l-.1.092H6l-.1-.105Z"
+        d="M7.5 11.508 7.468 8H6.25V7h2.401l.03 3.508H9.8v1H7.5Zm-.25-6.202a.83.83 0 0 1 .207-.577c.137-.153.334-.229.59-.229.256 0 .454.076.594.23.14.152.209.345.209.576 0 .228-.07.417-.21.568-.14.15-.337.226-.593.226-.256 0-.453-.075-.59-.226a.81.81 0 0 1-.207-.568ZM8 13A5 5 0 1 0 8 3a5 5 0 0 0 0 10Zm0 1A6 6 0 1 1 8 2a6 6 0 0 1 0 12Z"
+        fill-rule="evenodd"
       />
     </svg>
   </span>
@@ -260,7 +262,8 @@ exports[`AgentStatus component Renders status indicator with the its color and t
       xmlns="http://www.w3.org/2000/svg"
     >
       <path
-        d="M8 14A6 6 0 1 1 8 2a6 6 0 0 1 0 12Zm0-1A5 5 0 1 0 8 3a5 5 0 0 0 0 10Zm-.186-1.065A.785.785 0 0 1 7 11.12c0-.48.34-.82.814-.82.475 0 .809.34.809.82 0 .475-.334.815-.809.815ZM5.9 6.317C5.96 5.168 6.755 4.4 8.048 4.4c1.218 0 2.091.759 2.091 1.8 0 .736-.36 1.304-1.03 1.707-.56.33-.717.56-.717 1.022v.305l-.1.1H7.47l-.1-.1v-.431c-.005-.646.302-1.104.987-1.514.527-.322.708-.59.708-1.047 0-.536-.416-.91-1.05-.91-.652 0-1.064.374-1.112.998l-.1.092H6l-.1-.105Z"
+        d="M7.5 11.508 7.468 8H6.25V7h2.401l.03 3.508H9.8v1H7.5Zm-.25-6.202a.83.83 0 0 1 .207-.577c.137-.153.334-.229.59-.229.256 0 .454.076.594.23.14.152.209.345.209.576 0 .228-.07.417-.21.568-.14.15-.337.226-.593.226-.256 0-.453-.075-.59-.226a.81.81 0 0 1-.207-.568ZM8 13A5 5 0 1 0 8 3a5 5 0 0 0 0 10Zm0 1A6 6 0 1 1 8 2a6 6 0 0 1 0 12Z"
+        fill-rule="evenodd"
       />
     </svg>
   </span>

diff --git a/plugins/main/public/components/agents/agent-status.tsx b/plugins/main/public/components/agents/agent-status.tsx
@@ -26,7 +26,7 @@ export const AgentStatus = ({ status, children = null, style = {}, agent }) => {
         anchorClassName='wz-margin-left-10'
         aria-label='Description'
         size='m'
-        type='questionInCircle'
+        type='iInCircle'
         color='primary'
         content={statusCodeAgent?.STATUS_DESCRIPTION ?? 'Without information'}
       />

diff --git a/plugins/main/public/components/common/data-grid/data-grid-service.ts b/plugins/main/public/components/common/data-grid/data-grid-service.ts
@@ -170,7 +170,12 @@ export const exportSearchToCSV = async (
         if (typeof value === 'object') {
           return JSON.stringify(value);
         }
-        return `"${value}"`;
+        // Escape double quotes and handle line breaks to prevent column misalignment
+        return `"${value
+          .toString()
+          .replaceAll(/"/g, '""')
+          .replaceAll(/\r\n/g, '\\r\\n')
+          .replaceAll(/\n/g, '\\n')}"`;
       });
       return parsedRow?.join(',');
     })