Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

3.2 - Splunk app v2.0.0 #16

Merged
merged 35 commits into from
Apr 2, 2018
Merged

3.2 - Splunk app v2.0.0 #16

Changes from 1 commit
Commits
Show all changes
35 commits
Select commit Hold shift + click to select a range
0385fc0
Trying to avoid TA-wazuh-api-connector
manuasir Mar 21, 2018
9d94f27
Returning data from own backend more efficiently
manuasir Mar 22, 2018
0660b46
Fetching ruleset data from API on demand and avoiding indexation clos…
manuasir Mar 22, 2018
3e6244b
Deleting TA api connector plugin
manuasir Mar 22, 2018
c88d48a
Changin source of ruleset search tab
manuasir Mar 22, 2018
3ca1074
Merge pull request #10 from wazuh/3.2-dev-indexing-agents
manuasir Mar 22, 2018
7489e26
Merge pull request #11 from wazuh/3.2-dev-ruleset-search
manuasir Mar 22, 2018
7525fa6
Splunk indexes are not needed anymore for any Ruleset or Decoders fun…
manuasir Mar 22, 2018
24e39be
Merge pull request #12 from wazuh/3.2-dev-decoders
manuasir Mar 22, 2018
016fc9f
Setting new Agents Summary endpooint in backend
manuasir Mar 22, 2018
33ba3c2
New agents summary controller
manuasir Mar 22, 2018
c2a9a8a
Opening up new Agents endpoint
manuasir Mar 22, 2018
81e1a63
Deleting unnecessary backup file
manuasir Mar 22, 2018
0604c58
Setting new Agents Summary endpoint in backend
manuasir Mar 22, 2018
27e9209
Adapting Agent summary tabs to use data from API
manuasir Mar 22, 2018
afd2006
Agent status backend endpoint
manuasir Mar 22, 2018
dda2f75
Modifying the Splunk Query in order to adapt it to own backend instea…
manuasir Mar 22, 2018
aeb10fc
Cleaning and writing some comments over the backend code
manuasir Mar 22, 2018
eab6d3f
Merge pull request #13 from wazuh/3.2-dev-indexing-agents
manuasir Mar 22, 2018
0863927
Implementing new endpoints in backend for fetch manager status and ba…
manuasir Mar 23, 2018
11a9201
adding controllers for fetching data from new endpoints
manuasir Mar 23, 2018
383d793
Deleting TA, commited by error before
manuasir Mar 23, 2018
628db9f
Merge pull request #14 from wazuh/3.2-dev-basic-info
manuasir Mar 23, 2018
754accf
Backend endpoints for Agent list data
manuasir Mar 23, 2018
76ef41a
Agent list backend
manuasir Mar 23, 2018
7e666a6
Agent list backend
manuasir Mar 23, 2018
57a6172
Agent list backend
manuasir Mar 23, 2018
6d48ba2
Modifying Agents queries for getting data from API
manuasir Mar 23, 2018
9d28727
correcting some queries
manuasir Mar 23, 2018
8293ccc
Merge pull request #15 from wazuh/3.2-agents-api
manuasir Mar 23, 2018
bc59a7f
Quick hotfix, an index stayed without being removed
manuasir Mar 23, 2018
80dff05
Preparing the app for being deployed on demo machine
manuasir Apr 2, 2018
e6be344
Adding LF,not CRLF in readme.md
manuasir Apr 2, 2018
fff0406
Adding CHANGELOG.md to the project
manuasir Apr 2, 2018
ed8a12c
Updating app version in changelog
manuasir Apr 2, 2018
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
correcting some queries
  • Loading branch information
@manuasir
manuasir committed Mar 23, 2018
commit 9d2872748610111e5b51430e01dc41a8bbb4eb7b
4 changes: 2 additions & 2 deletions SplunkAppForWazuh/default/data/ui/views/audit.xml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -26,14 +26,14 @@
<panel>
<table>
<search>
<query>index="wazuh_api" sourcetype="wazuh:api:agents" name=$agent$ |table id, ip, name, os.platform, os.uname, os.name, os.arch, os.version, dateAdd, lastKeepAlive, last_rootcheck, last_syscheck, version, status | dedup id | sort - id | rename os.platform as "Platform", os.uname as "OS Info", os.name as "OS name", os.arch as "Arch", os.version as "OS Version", dateAdd as "Registered date", lastKeepAlive as "Last KeepAlive", last_rootcheck as "Last Rootcheck", last_syscheck as "Last Syscheck", version as "Agent version" | fillnull value="N/A"</query>
<query>| getagentscheck name=$agent$ |table id, ip, name, os.platform, os.uname, os.name, os.arch, os.version, dateAdd, lastKeepAlive, last_rootcheck, last_syscheck, version, status | dedup id | sort - id | rename os.platform as "Platform", os.uname as "OS Info", os.name as "OS name", os.arch as "Arch", os.version as "OS Version", dateAdd as "Registered date", lastKeepAlive as "Last KeepAlive", last_rootcheck as "Last Rootcheck", last_syscheck as "Last Syscheck", version as "Agent version" | fillnull value="N/A"</query>
<earliest>-60m@m</earliest>
<latest>now</latest>
</search>
<option name="count">5</option>
<option name="drilldown">cell</option>
<drilldown>
<link target="_blank">search?q=index="wazuh_api" sourcetype="wazuh:api:agents" name=$agent$ |table id, ip, name, os.platform, os.uname, os.name, os.arch, os.version, dateAdd, lastKeepAlive, last_rootcheck, last_syscheck, version, status | dedup id | sort - id | rename os.platform as "Platform", os.uname as "OS Info", os.name as "OS name", os.arch as "Arch", os.version as "OS Version", dateAdd as "Registered date", lastKeepAlive as "Last KeepAlive", last_rootcheck as "Last Rootcheck", last_syscheck as "Last Syscheck", version as "Agent version" | fillnull value="N/A"&amp;earliest=-60m@m&amp;latest=now</link>
<link target="_blank">| getagentscheck name=$agent$ |table id, ip, name, os.platform, os.uname, os.name, os.arch, os.version, dateAdd, lastKeepAlive, last_rootcheck, last_syscheck, version, status | dedup id | sort - id | rename os.platform as "Platform", os.uname as "OS Info", os.name as "OS name", os.arch as "Arch", os.version as "OS Version", dateAdd as "Registered date", lastKeepAlive as "Last KeepAlive", last_rootcheck as "Last Rootcheck", last_syscheck as "Last Syscheck", version as "Agent version" | fillnull value="N/A"&amp;earliest=-60m@m&amp;latest=now</link>
</drilldown>
</table>
</panel>
Expand Down