Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

3.7 Added CIS-CAT Integration #342

Merged
merged 11 commits into from
Nov 15, 2018
Merged

3.7 Added CIS-CAT Integration #342

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
11 commits
Select commit Hold shift + click to select a range
ce07c09
ciscat HTML view
manuasir Nov 12, 2018
2b577ca
Added new state for ciscat section
manuasir Nov 12, 2018
f07a653
Approaching ciscat controller
manuasir Nov 12, 2018
332994a
Fixed logger initialization in class constructor
manuasir Nov 12, 2018
c14bc5a
Implementing vis in cis-cat section
manuasir Nov 12, 2018
bd0d73d
Added metrics
manuasir Nov 12, 2018
5c5e8bd
Fixed metric bind value
manuasir Nov 12, 2018
32403cb
Added missing class method
manuasir Nov 12, 2018
a69f86c
Added CIS-CAT section to agents
manuasir Nov 12, 2018
499db68
Merge branch 'dev-refactor' into 3.7-ciscat
manuasir Nov 12, 2018
1e31223
Merge branch '3.7' into 3.7-ciscat
Nov 15, 2018
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
Added metrics
  • Loading branch information
@manuasir
manuasir committed Nov 12, 2018
commit bd0d73d85954bec88b42342bed2a1b749d70f78a
25 changes: 15 additions & 10 deletions SplunkAppForWazuh/appserver/static/js/controllers/overview/ciscat/ciscatCtrl.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,9 @@ define([
constructor($urlTokenModel, $scope, $currentDataService, $state) {
this.scope = $scope
this.state = $state
this.addFilter = $currentDataService.addFilter
this.getFilters = $currentDataService.getSerializedFilters

this.filters = this.getFilters()
this.submittedTokenModel = $urlTokenModel.getSubmittedTokenModel()
this.timePicker = new TimePicker('#timePicker',$urlTokenModel.handleValueChange)
Expand All @@ -44,22 +46,25 @@ define([
/**
* Metrics
*/
new SearchHandler(`lastNotChecked`,`${this.filters} sourcetype=wazuh rule.id=80790 | stats count`,`filesAddedToken`,'$result.count$','lastNotChecked',this.submittedTokenModel,this.scope),
new SearchHandler(`lastPass`,`${this.filters} sourcetype=wazuh rule.id=80784 | stats count`,`readFilesToken`,'$result.count$','lastPass',this.submittedTokenModel,this.scope),
new SearchHandler(`lastScanScore`,`${this.filters} sourcetype=wazuh rule.id=80781 | stats count`,`filesModifiedToken`,'$result.count$','lastScanScore',this.submittedTokenModel,this.scope),
new SearchHandler(`lastScanDate`,`${this.filters} sourcetype=wazuh rule.id=80791 | stats count`,'filesDeletedToken','$result.count$','lastScanDate',this.submittedTokenModel,this.scope),
new SearchHandler(`lastErrors`,`${this.filters} sourcetype=wazuh rule.id=80791 | stats count`,'filesDeletedToken','$result.count$','lastErrors',this.submittedTokenModel,this.scope),
new SearchHandler(`lastFails`,`${this.filters} sourcetype=wazuh rule.id=80791 | stats count`,'filesDeletedToken','$result.count$','lastFails',this.submittedTokenModel,this.scope),
new SearchHandler(`lastUknown`,`${this.filters} sourcetype=wazuh rule.id=80791 | stats count`,'filesDeletedToken','$result.count$','lastUknown',this.submittedTokenModel,this.scope),
new SearchHandler(`lastScanBenchmark`,`${this.filters} sourcetype=wazuh rule.id=80791 | stats count`,'filesDeletedToken','$result.count$','lastScanBenchmark',this.submittedTokenModel,this.scope),
new SearchHandler(`lastNotChecked`,`${this.filters} | search data.cis.notchecked=* | table data.cis.notchecked | head 1`,`filesAddedToken`,'$result.data.cis.notchecked$','lastNotChecked',this.submittedTokenModel,this.scope),
new SearchHandler(`lastPass`,`${this.filters} | search data.cis.pass=* | table data.cis.pass | head 1`,`lastPass`,'$result.data.cis.pass$','lastPass',this.submittedTokenModel,this.scope),
new SearchHandler(`lastScanScore`,`${this.filters} | search data.cis.score=* | table data.cis.score | head 1`,`lastScanScore`,'$result.data.cis.score$','lastScanScore',this.submittedTokenModel,this.scope),
new SearchHandler(`lastScanDate`,`${this.filters} | search data.cis.timestamp=* | table data.cis.timestamp | head 1`,'lastScanDate','$result.data.cis.timestamp$','lastScanDate',this.submittedTokenModel,this.scope),
new SearchHandler(`lastErrors`,`${this.filters} | search data.cis.error=* | table data.cis.error | head 1`,'lastErrors','$result.data.cis.error$','lastErrors',this.submittedTokenModel,this.scope),
new SearchHandler(`lastFails`,`${this.filters} | search data.cis.fail=* | table data.cis.fail | head 1`,'lastFails','$result.data.cis.fail$','lastFails',this.submittedTokenModel,this.scope),
new SearchHandler(`lastUnknown`,`${this.filters} | search data.unknown.fail=* | table data.cis.unknown | head 1`,'lastUnknown','$result.data.cis.unknown$','lastUknown',this.submittedTokenModel,this.scope),
new SearchHandler(`lastScanBenchmark`,`${this.filters} rule.groups=ciscat | search data.cis.benchmark=* | table data.cis.benchmark | head 1`,'lastScanBenchmark','$result.data.cis.benchmark$','lastScanBenchmark',this.submittedTokenModel,this.scope),
/**
* Visualizations
*/
new ColumnChart('topCiscatGroups',`${this.filters} sourcetype=wazuh rule.groups=\"ciscat\" | top data.cis.group`,'topCiscatGroups'),
new LinearChart('scanResultEvolution',`${this.filters} sourcetype=wazuh rule.groups=\"ciscat\" agent.name=* | top agent.name`,'scanResultEvolution'),
new Table('alertsSummary',`${this.filters} sourcetype=wazuh rule.groups=\"ciscat\" | stats count sparkline by data.cis.rule_title, data.cis.remediation,data.cis.group | sort count desc | rename "data.cis.rule_title" as "Title", rename " data.cis.remediation" as "Remediation", rename "data.cis.group" as "Group" `,'alertsSummary')
new LinearChart('scanResultEvolution',`${this.filters} sourcetype=wazuh rule.groups=\"ciscat\" | timechart count by data.cis.result usenull=f`,'scanResultEvolution'),
new Table('alertsSummary',`${this.filters} sourcetype=wazuh rule.groups=\"ciscat\" | stats count sparkline by data.cis.rule_title, data.cis.remediation,data.cis.group | sort count desc | rename "data.cis.rule_title" as "Title", "data.cis.remediation" as "Remediation", "data.cis.group" as "Group" `,'alertsSummary')
]
}
$onInit(){
this.addFilter(`{"rule.groups":"ciscat", "implicit":true}`)
}
}
app.controller('ciscatCtrl', Audit)
})
2 changes: 1 addition & 1 deletion SplunkAppForWazuh/appserver/static/js/controllers/overview/ciscat/overview-ciscat.html
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -41,7 +41,7 @@
<span class="wz-text-bold" ng-bind="lastFails"></span>
</div>
<div class="wz-text-truncatable" flex>Last unknown:
<span class="wz-text-bold" ng-bind="lastUknown"></span>
<span class="wz-text-bold" ng-bind="lastUnknown"></span>
</div>
<div class="wz-text-truncatable" flex>Last scan benchmark:
<span class="wz-text-bold" ng-bind="lastScanBenchmark"></span>
Expand Down