All notable changes to the Wazuh App for Splunk project will be documented in this file.
- Added support for Wazuh 4.5.4.
- Added support for Wazuh 4.5.3.
- Added support for Wazuh 4.5.2.
- Added support for Wazuh 4.5.1.
- Added support for Wazuh 4.5.0.
- Added support for Wazuh 4.4.5.
- Added support for Wazuh 4.4.4.
- Added support for Wazuh 4.4.3.
- Fixed macOS agent install and restart command #1407
- Added support for Wazuh 4.4.2.
- Added support for Wazuh 4.4.1.
- Added agent's synchronization statistics. #1355
- Updated the response handlers for the
/agents/summary/statusendpoint. #1355
- Support for Wazuh 4.3.11
- Support for Wazuh 4.3.10
- Support for Wazuh 4.3.9
- Support for Splunk 8.2.7.1 & 8.2.8
- Support for Wazuh 4.3.8
- Support for Wazuh 4.3.7
- Fixed the API console suggestions, as they were not working in 4.3.6. #1359
- Support for Wazuh 4.3.6
- Fixed broken links that did not redirect correctly to the documentation #1351
- Fixed an error on the DevTools where the payload was not being sent, causing the request to fail. #1296
- Updated documentation links to match their respective title at the Wazuh documentation page #1351
- Re-allow the use of all tags to filter Wazuh Server logs #1354
- Support for Wazuh 4.3.5
- Outdated documentation links have been updated #1290
- The Alerts view from the MITRE section has been hardened in case of errors during the requests to the API (for example timeouts) #1343
- Added the status
Pendingto the Agents sections. #1292 - Added a disabled state to the
Apply changesbutton on the Agents group editor when no changes on the group are made. #1276
- Support for Wazuh 4.3.4
- Improved Splunk search-handler event management to avoid forwarder toast error mis-interpretation. #1327
- Fixed unhandled expired session when requesting Splunk DB documents. #1329
- Support for Wazuh 4.3.3
- Support for Wazuh 4.3.2
- Added PowerShell version warning to Windows agent installation wizard #1322
- Added cursor pointer to Agents table -> SCA #1328
- The compability checks of the App has been changed in order to simplify our release flow. #1323
- Fixed the render condition of a toast message related to the forwarder when there is no data of agents and the agent deployment guide is displayed in the
Agentssection #1320 - Fixed the access to
Management/Configurationdue to missing permissions when the manager cluster is disabled #1318
- Support for Wazuh 4.3.0
- Added Alias field to API to facilitate distinguishing between different managers #1166
- Ensure backwards compatibility #1126
- Added a Security Section to manage security related configurations #1148
- Added Crud Policies on security section. #1171
- Added Crud Roles on security section. #1168
- Added Crud Role Mapping on security section. #1169
- Added Crud Users on security section. #1173
- Created a permissions validation service. #1147
- Implemented the access control on the App's views. 1164
- Implemented a service to fetch Wazuh's users and its roles. #1155
- Implemented a server to fetch Splunk's users and its roles. #1156
- Added a run_as checkbox to the API configuration #1149
- Added the ability to use the Authorization Context login method. #1174
- Extensions now can only be changed by Splunk Admins #1228
- Wazuh rebranding #1186
- Updated deprecated authd options #1172
- Refactored branding color styles to improve maintainability #1236
- Changed Wazuh API's name to its alias in the quick settings selector #1243
- Changed register windows agent command #1315
- Extended the MITRE alerts section #1234
- Fixed agent's name overflow in the overview #1137
- Fixed on save rules or decoders files #1138
- Fixed unnecessary table requests when resizing browser window #1141
- Agent counters are now centered #1215
- Fixed being able to add an agent without create permissions #1216
- Fixed the underlapping navigation bar for Security options #1217
- Fixed error when agents view is re-initialized #1223
- Fixed not being able to see actions after adding first API #1230
- Fixed agent status chart data disappearing #1232
- Added data validation to the group creation process #1256
- Implemented data validation on the CDB lists #1261
- Fixed the agent status graph so that it shows the correct amount of agents #1237 #1244
- Fix the sorting on the Groups table columns #1258
- Fixed non-sortable columns on the Security section tables 1260
- Fixed group report disabled configuration parameter error#1271
- Fixed import CDB list file #1266
- Fixed header menu height style issue #1282
- Fixed an error on the search string used on the Alerts Summary table on the Overview > Vulnerability section, causing the table to showno data #1283
- Fixed not allowing to see view settings without permission #1316
- Support for Wazuh 4.2.6
- Support for Wazuh 4.2.5
- Support for Wazuh 4.2.4
- Support for Wazuh 4.2.3
- Added MITRE ATT&CK Framework integration #1083
- Added MITRE ATT&CK Dashboard integration #1076
- Added CVE Dashboard #1109
- Support for Splunk v8.1.4
- Added new source type selector to customize queries used by dashboards #1104
- Added quick settings to improve the view and selection of API, index, and source type #1107
- Added requirement service #1162
- Support for Splunk v8.2.2
- Upgrades jQuery version from 2.1.0 to 3.5.0 #1118
- Cannot pin search filters on Edge - Chip style collapses #1070
- Tables without server side pagination #1074
- Fixed gear icon in fim table #1077
- Added cache control #1078
- Fixed error where tables unset their loading state before finishing API calls #1084
- Fixed search bar queries with spaces #1083
- Fixed pinned fields ending with curly brackets #1083
- Fixed issues for Splunk Cloud compatibility #1099
- Fixed expand row feature in Agent File Integrity Monitoring #1112
- Support for Wazuh 4.2.1
- Added error toast in search handler when the connection with forwarder fails #1021
- Changed query to show alert evolution on discover #1024
- Added link to agent view in Group Agents table #1066
- Support for Splunk 8.1.3
- Support for Python3 compatibility, deleted deprecated Python2 #1052
- Applied latest Wazuh API changes to create group request #1058
- Apply Wazuh tools name changing to the wazuh-splunk #944
- Apply Wazuh daemons name changing to wazuh-splunk #945
- Fixed token cache duration #1020
- Fixed issue with dynamic columns width for agents PDF report #1042
- Fixed blocked app when there isn't connection with the API #1045
- Fixed success toast saving agent configuration file with bad style #1046
- Minor style fixes #1059
- Added new error handler to Alerts Configuration views #1063
- Fixed uncontrolled message error when add api fails #1069
- Support for Wazuh v4.1.5
- Support for Splunk v8.1.2
- Support for Splunk v8.1.3
- Support for Splunk v8.1.4
- Added new source type selector to customize queries used by dashboards #1104
- Added quick settings to improve the view and selection of API, index, and source type #1107
- Added persitence to modules in overview panel #1134 #1135 #1146
- Added Agent status visualization on Agents main view #1140
- Added validation service to compare user permissions to requirements #1158
- Fixed missing node name for agent overview #1103
- Fixed missing columns for some tables in reports #1103
- Fixed multiple Wazuh API token cache #1136
- Fixed visualizations buttons tooltip positioning #1144
- Support for Wazuh v4.1.4
- Support for Splunk v8.1.2
Adapt for Wazuh 4.0
- Support Wazuh API JWT authentication and authorization
- Adapt for deprecated Wazuh API endpoints in 4.0 - #950
- Adapt for Manager endpoints
- Several cosmetic fixes
Adapt for Wazuh 4.1
- Adapt for new Manager and Cluster Configuration endpoints
- Adapt for new Ruleset files endpoints
- Adapt for new
syscheckregistry types - Added registry values for registry key inventory in FIM
- Fixed regex field in Decoder detail
- Fixed search bar on Agents table
- Support for Wazuh v3.13.6
- Support for Wazuh v3.13.5
- Support for Wazuh v3.13.4
- Support for Wazuh v3.13.2
- Support for Wazuh v3.13.1
- Support for Splunk v8.0.4
- Update references of the field
vulnerability.referencetovulnerability.references#931 - Fixed wazuh-monitoring indices on Splunk 8.0+ version #927
- Support for Wazuh v3.13.0
- Support for Wazuh v3.12.3
- Support for Wazuh v3.12.2
- Support for Wazuh v3.12.1
- Added new FIM settings on configuration on demand. #912
- Support for Wazuh v3.12.0
- Support for Splunk 8.0.2.1
- Added azure-logs wodle configuration section #860
- Added new condition field to SCA tab #861
- Changed some ambiguous messages in configuration section #879
- Support for Wazuh v3.11.4
- Support for Wazuh v3.11.3
- Support for Wazuh v3.11.2
- Support for Splunk v8.0.1
- Support for Wazuh v3.11.1
- Support for Wazuh v3.11.0
- Support for Splunk 8.0.0
- Allow upload rules/decoders/CDB-lists files #828
- Added new field for Log collection configuration section #845
- Changed labels configuration table #846
- Adapt Vulnerability Configuration section to its new format #853
- Fixed error when opening empty files #839
- CDB lists section is now showing the correct name of the list #841
- Fix error when exporting group configuration #834
- Fix missing custom integrations #855
- Fix Monitored directories table in agent report #888
- Support for Wazuh v3.10.2
- Support for Splunk 8.0.0
- Support for Wazuh v3.10.2
- Support for Wazuh v3.10.1
- Support for Wazuh v3.10.0
- New design and several UI/UX changes. #726
- Adapt Wazuh Splunk APP for Microsoft Edge Browser. #813
- Added an interactive guide for registering agents, things are now easier for the user, guiding it through the steps needed ending in a copy & paste snippet for deploying his agent #623
- Added new dashboards for the recently added regulatory compliance groups into the Wazuh core. They are HIPAA and NIST-800-53. #705
- Export all the information of a Wazuh group and its related agents in a PDF document. #641
- Export the configuration of a certain agent as a PDF document. Supports granularity for exporting just certain sections of the configuration #640
- Added debug level for app logs #637
- Improved app performance #798
- APP navigation have been improved using nested states #669
- Reduced Agents preview load time using the new API endpoint /summary/agents #798
- Replaced the requirements slider component with a new styled component [805(#805)
- Modules are just being shown only when supported by the agent OS. #753
- API sensitive information is now hidden on every transition #792
- Fixed NULL labels in visualizations #783
- Agent data is now being shown correctly when the agent is not active #748
- Devtools content is now successfully loaded #734
- Filters are correctly applied in the search bar #732
- Removed duplicated Log box #740
- Applied the right sorting order on lists #721
- Fixed blank page in Management->Cluster #734
- Cluster is properly validated #699
- Fixed Agents tab navigation using the breadcrumb #810
- Support for Wazuh v3.9.5
- Support for Wazuh v3.9.4
- Rules and decoders tables now show the path column. #788
- Make level and path clickable columns, then it adds a filter for the table. (Rules/Decoders) #788
- Click on filename to open its content (Ruleset). #788
- Overview -> SCA dashboard has been removed. #788
- Overview/Agents -> Policy monitoring dashboards have been refactored. #788
- Fixed error when adding a filter with spaces. #793
- Fixed downloading tables as CSV. #788
- Fixed flick in CDB lists table when deleting a list. #788
- Hide API password from check-connection requests #792
- Support for Wazuh v3.9.3
- Extend information for syscollector #785
- Fixed agent bar that was not applying filters correctly when refreshing #743.
- Fixed incorrect fields in never connected agents #750.
- Box editors without delimited bottom have been fixed #750.
- Fixed error message when the app detects an unexpected Wazuh version #750.
- Fix Agents > Inventory #745.
- Fix Invalid Date message in some browsers dates e1ccb55.
- Fix ignored in the configuration ondemand #780.
- Support for Wazuh v3.9.2
- Added overall metrics for Agents > Overview #725.
- Fixed visualization for Agents > Overview #718.
- Fix error when adding an api with invalid fields format #729.
- Fix missing parameters in Dev Tools request #731.
- Support for Splunk Enterprise v7.3.0
- Improve dynamic height for configuration editor #700.
- Changed the way the app validates the version matching between Wazuh API and the app #693.
- Prevent error when
kvStoreis not ready yet #695. - Several UI/UX improvements and fixes for the 3.9.0 latest changes #686, #692.
- Fixed handled but not shown error messages from rule editor #697.
- Fixed infinite API log fetching #704.
- Support for Wazuh v3.9.0
- Edit master and worker configuration ( #525, #534 #572 ).
- Edit local rules, local decoders and CDB lists ( #525, #532, #501 #572 )
- Dev Tools additions
- Added hotkey
[shift] + [enter]for sending query (#503). - Added
Export JSONbutton for the Dev Tools (#503). - Added configuration assessment information in "Agent > Configuration Assessments" (#505).
- Restart master and worker nodes ( #564 #545 #535 #563 ).
- Restart agents (#556).
- Discover function on each section (#529).
- Can pined filters ( #529 #618).
- Expand visualizations on the dashboard (#570).
- Reporting as admin extension (#585).
- Delete rules, decoders and CDB lists files (#589).
- Prevent overwrite a existing file (#589).
- Unescape back slash for JSON raw content (#599).
- Capability to edit rules and decoders files ( #597 #613 ).
- Allow navigation throught url (#596).
- Enable back button (#596).
- Capability to hide or show columns ( #566 #614 ).
- Can resize columns ( #566 #614 ).
- Cabability to expand visualizations (#567).
- Set the browser time zone to the report (#619).
- View no local rules/decoders XML files (#667).
- Added some Angular charts in Agents Preview and Agents SCA sections (#668).
- Added Docker listener settings in configuration views (#665).
- Added Docker dashboards for both Agents and Overview (#665).
- New server module, it's a job queue so we can add delayed jobs to be run in background, this iteration only accepts delayed Wazuh API calls (#629).
- Added a dynamic table columns selecto (#668).
- Added resizable columns by dragging in tables (#668).
- Added an info bar when Wazuh is not ready yet in order to prevent App fails. (#636).
- Show follow symbolic link in the configuration ondemand (#685).
- Changed empty results message for Wazuh tables (#487).
- Escape XML special characters (#496).
- Allowing the same query multiple times on the Dev Tools (#503).
- Using full height for all containers when possible (#575).
- Changed some visualizations for FIM, GDPR, PCI, Vulnerability and Security Events (#527).
- New design for agent header view (#575).
- Not fetching data the very first time the Dev Tools are opened (#503).
- Store the API database into Splunk KVstore (#537).
- Notification toast types and style(#570).
- UI changes for editing groups (#478).
- Use new meaningful toasters (#591).
- Change several descriptions (#597).
- Redisign configuration view (#597).
- Updated autocomplete list in DevTools (#538).
- Modularize some functions (#601).
- View logs as raw text (#604).
- Show logs in a text box (#604).
- Reviewed Osquery dashboards (#668).
- Improve audit dashboards (#668).
- Permit special charsets in API credentials(#578).
- Can download API response in Devtools (#559).
- Do not lose the focus of the navbar (#558).
- Polling agents state (#548).
- Reporting (#504).
- Refresh rule info afeter edit it (#589).
- Change the selected index (#580).
- More descriptive error when savinga file and get an error (#601).
- Show success message when group configuration is saved (#601).
- Error when trying to download a CSV file (#604).
- Do not show pagination for one-page tables (#668).
- Show email configuration on the configuration on demand (#672).
- Unify timezone (#673).
- Properly handling long messages on notifier service, until now, they were using out of the card space, also we replaced some API messages with more meaningful messages (#570).
- Adapted Wazuh icon for multiple browsers where it was gone (#475).
- Support for Wazuh v3.8.2
- Close configuration editor only if it was successfully updated (7879144c).
- Support for Wazuh v3.8.1
- Moved monitored/ignored Windows registry entries to "FIM > Monitored" and "FIM > Ignored" to avoid user confusion (#508).
- Excluding manager from agent monitoring script (#509).
- Added group management features such as:
- Add the selected agent to groups from the Agent dashboard (#414).
- Auto-complete endpoints in Dev Tools section (#430).
- XML editor for group configurations (#432).
- Multi-selector for attaching agents to groups dynamically (#432).
- Generate PDF reports from dashboards (#446).
- New directive for tables that don't need external data sources (#400).
- New search bar directive with interactive filters and suggestions (#399).
- Resizable columns by dragging in Dev-tools (#430).
- Added
audit_key(Who-data Audit keys) for configuration tab (#444). - Added app info to settings about section 3.8 enhancement (#448).
- Added maild option to read data from (#477).
- Tiny AWS rework (#450).
- Added a new table (network addresses) for agent inventory tab (#452).
- Improved code quality: ESLint convention for JavaScript and pep257 / flake8 for Python (#416).
- Deleted blue loading ring (#426).
- Disabled several extensions by default (#445).
- Updated localfile values in the configuration of an agent (#451).
- Dev tools is now showing the response as it is, like curl does (#461).
- Removed
unknownas valid node name (#477). - Agents header. (#518).
- Fixed for mutex methods in database modules (#442).
- UX improvements and fixes (#434).
- Fixed unhandled error with trim() method (#427).
- Fixed undefined error in the agents search bar (#425).
- UX enhancements (#433).
- Fixed schema for
wazuh-monitoring-3xindex (#436). - Fix overlapped play button in Dev-tools when the input box has a scrollbar (#430).
- Fix Dev-tools behavior when parse json invalid blocks (#430).
- Fix rule details for
listandinfoparameters (#477).
There are no changes for Splunk app for Wazuh in this version.
- Added administrator mode for Dev Tools module (#353).
- Added extension management features (#330).
- Added native Angular.js md-tooltips (#362).
- Added export as CSV option for multiple tables (#348).
- Added VirusTotal integration (#340).
- Added CIS-CAT integration (#342).
- Added Discover section (#331).
- Increased number of rows for syscollector tables (#358).
- Refactored all the configuration sections (#363).
- Improved Overview dashboard cards (#372).
- Fix a bug when using the Agent status monitoring alerts (#361).
- Added missing fields for syscollector network tables (#359).
- Fixed wrong value in a variable from the agents module (#374).
- Updated searches for AWS section (#374).
- Osquery integration (#252).
- Cluster monitoring (#246).
- Added a node selector for Management > Status section when Wazuh cluster is enabled (#291).
- Added a node selector for Management > Logs section when Wazuh cluster is enabled (#299).
- Configuration section (#261).
- FIM section (#255).
- Settings section (#265).
- The
wz-tabledirective now checks if a request is aborted (#301).
- Minor fixes.
- AWS integration (#247).
- Support for SSL with reverse proxy configuration (#248).
- Minor fixes.
- App log section (#237).
- Support for reverse proxy configuration (#239).
- Dev tools (#233).
- Agent inventory section (#238).
- Minor fixes (#241).
- Support for Wazuh 3.6.1
- Minor fixes.
- Minor fixes (#229).
- Support for Wazuh 3.6.0
- Minor fixes (#211).
- Support for Wazuh v3.5.0
There are no changes for Splunk app for Wazuh in this version.
- Support for Wazuh v3.3.1
- Redesigned agents summary dashboard (#115).
- Manager status dashboard redesigned (#117).
- Manager configuration dashboard redesigned (#120).
- Agent group configuration dashboard redesigned (#122).
- Groups configuration dashboard redesigned (#125).
- Rules and decoders dashboards redesigned (#128).
- Logs dashboard redesigned (#130).
- Settings dashboard redesigned (#133).
- Polling and index agent status data (#101).
- Selecting 'wazuh' index when any other is selected (#100).
- Extending response timeout in checking connection endpoint (#509cb7b).
- Deprecated interval field in manager configuration cluster section (#93).
There are no changes for Splunk app for Wazuh in this version.
- Multi-API support (#65).
- First API inserted is now selected by default #47a1fe7
- Any API will be inserted if it hasn't connectivity #47a1fe7
- Make General dashboard the default one #2e59564
- Fixed the case when an already selected index is deleted from cookie #3024da4
- Fixed warning message in agent group configuration #27ab703
- Added style and alignment to the current selected API and index #89
There are no changes for Splunk app for Wazuh in this version.
- Wazuh secured API connections are now supported (#51).
- Error notifications with toasts (#54).
- New agent group configuration tab added (#50).
- Inputs need to be validated before being submitted (#52).
- Styling improvements (#57).
- Users can't navigate over the app without API successful connection.
- Controllers logic refactor.
- Navigation navbar background color fixed.
- New Manager Configuration tab (#32).
- Dynamic tables(#37).
- Now the app uses dynamic tables improving the pagination and filtering.
- Backend endpoints were adapted to pagination and better interaction with Wazuh API.
- Performance improvements:
- Event listeners and unused dependencies were removed
- Useless tokens deleted
- API Configuration:
- IP base and port are not required anymore.
- Status led added in order to check connection.
- Password field is not shown now.
- View controllers transpiled to ES6 syntax
- Wazuh copyright on each javascript and python file
- Tab distribution redesigned:
- Deleted redundant Agents summary views and compact them in just one tab
- Deleted Search on Rules and Search on Decoders tab and compacting all functionalities in Ruleset and Decoders tabs
- Tab names were renamed
- Ruleset and Decoders search tabs now are able to filter properly.
- SSL Verification Error in lab environment fixed
- Groups: now the content of each individual configuration file is showed up in pretty JSON format properly.
- Splunk queries fixed:
- Now a query is executed when a Splunk element such tables and tags are clicked
- New Configuration tab:
- Now the whole configuration that the app needs is made by inputs.
- Extern configuration files are not needed anymore.
- Back-end refactor:
- Each controller is now parameterized, not any hardcoded values anymore.
- Endpoints now work with GET params.
- Each view was converted from SimpleXML to HTML+JS in order to gain the whole SplunkJS SDK functionality.
- Credentials are now stored in KVStore database, values are getting from ajax when needed.
- Each query now send parameters to streaming commands.
- The app is now called 'Wazuh' instead 'SplunkAppForWazuh'.
- Some unused tabs were deleted (Splunk and Tools)
- Ruleset and Decoders search tabs now are able to filter properly.
- New Manager Logs tab (#6):.
- New module implemented to show Manager logs.
- Data is fetched directly from Wazuh API.
- Back-end (#14).
- Now the Splunk App has its own backend in order to modularize any REST routes it might need.
- Several code refactoring for a better handling of possible use cases.
- All queries along the App where bootstrapped in order to use the new back-end instead using indexes.
- Ruleset and Decoders data will be fetched from API (#12):.
- Now the app will avoid indexing Ruleset and Decoders data.
- Manager info will be fetched from API (#14):.
- Now the app will avoid indexing Manager info data.
- Agents data will be fetched from API (#15):.
- Now the app will avoid indexing Agents info data.
- And the best thing, it's no longer needed any extra index and the TA-wazuh-api-connector anymore.