Add global FIM and system inventories #7368
Open
+10,873
−24,356
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
- Replace FIM inventory table based on indexer data - Add `fim.pattern` setting to define the FIM index pattern
…based on indexer data - Replace the tables of agent system inventory based on indexer data - Create sample datasets for system inventory
- Create a OpenSearch Dashboards client with ability to: - Saved objects/index patterns: create, delete, get all, exists - Add the ability to create the index pattern into Wazuh dashboard - Move repeated logic from datasets to common file
…rn creation requirement
…licts because the this was created due to component is mounted 2 times triggering the creation 2 times in parallel
- Add useNewFilterManager hook - Add additional tabs for document details
- Add data sources - Add system inventory apps: - Hosts - Network - Software - Processes - Split FIM inventory into files and registries
4 tasks
…ttern to system_inventory_systems.pattern
plugins/main/public/components/overview/vulnerabilities/dashboards/inventory/inventory.tsx
Outdated
Show resolved
Hide resolved
plugins/main/public/components/overview/vulnerabilities/dashboards/inventory/inventory.tsx
Outdated
Show resolved
Hide resolved
plugins/main/public/components/overview/vulnerabilities/dashboards/inventory/inventory.tsx
Outdated
Show resolved
Hide resolved
Removes options from suggestion hook dependencies to avoid re-fetching when only options change.
plugins/main/public/components/common/hooks/use-effect-avoid-no-mount.ts
Outdated
Show resolved
Hide resolved
…a' of https://github.com/wazuh/wazuh-kibana-app into change/wz-27903-fim-system-inventory-tables-indexer-data
Remove console.log Co-authored-by: Guido Modarelli <[email protected]>
…to change/wz-27903-fim-system-inventory-tables-indexer-data
…e problem with embedables destroyed and unable to create dashboards
…te the problem with embedables destroyed and unable to create dashboards
Sets the size property of the filter button component to 's' for a smaller appearance.
|
Legend: 🧪 Test 2025/04/30
Details 🟢 Go to agent welcome and the hardware/system information should be displayed in a new panelChrome - 🟢
❓ Go to agent welcome and click on in a FIM file and it should open a flyout with the inventory details related to the selected fileChrome - ❓ I loaded the SampleData both from the UI and from the SampleData script, and I can't see the details related to the selected file. $ py script.py states-fim-files
INFO:configuration:Loaded configuration from file [config.json]
INFO:configuration:Configuration for [indexer]: [{'ip': '0.0.0.0', 'password': 'admin', 'port': '9200', 'username': 'admin'}]
Configuration is valid for [indexer], do you want to use it? [Y/n]:
INFO:configuration:Configuration for [dashboard]: [{'password': 'admin', 'url': 'https://localhost:5601', 'username': 'admin'}]
Configuration is valid for [dashboard], do you want to use it? [Y/n]:
INFO:opensearch:HEAD https://0.0.0.0:9200/ [status:200 request:0.052s]
INFO:__main__:Running dataset [states-fim-files]
INFO:configuration:Configuration for [dataset/states-fim-files/index]: [{'count': '10000', 'index_name': 'wazuh-states-fim-files-sample'}]
Configuration is valid for [dataset/states-fim-files/index], do you want to use it? [Y/n]:
INFO:opensearch:HEAD https://0.0.0.0:9200/wazuh-states-fim-files-sample [status:200 request:0.003s]
INFO:states-fim-files:Index found [wazuh-states-fim-files-sample]
Remove the [wazuh-states-fim-files-sample] index? [Y/n]
INFO:opensearch:DELETE https://0.0.0.0:9200/wazuh-states-fim-files-sample [status:200 request:0.053s]
INFO:states-fim-files:Index [wazuh-states-fim-files-sample] deleted
INFO:opensearch:PUT https://0.0.0.0:9200/wazuh-states-fim-files-sample [status:200 request:0.117s]
INFO:states-fim-files:Index [wazuh-states-fim-files-sample] created
INFO:opensearch:POST https://0.0.0.0:9200/wazuh-states-fim-files-sample/_bulk [status:200 request:0.036s]
INFO:opensearch:POST https://0.0.0.0:9200/wazuh-states-fim-files-sample/_bulk [status:200 request:0.036s]
INFO:opensearch:POST https://0.0.0.0:9200/wazuh-states-fim-files-sample/_bulk [status:200 request:0.036s]
INFO:opensearch:POST https://0.0.0.0:9200/wazuh-states-fim-files-sample/_bulk [status:200 request:0.054s]
INFO:opensearch:POST https://0.0.0.0:9200/wazuh-states-fim-files-sample/_bulk [status:200 request:0.038s]
INFO:opensearch:POST https://0.0.0.0:9200/wazuh-states-fim-files-sample/_bulk [status:200 request:0.038s]
INFO:opensearch:POST https://0.0.0.0:9200/wazuh-states-fim-files-sample/_bulk [status:200 request:0.036s]
INFO:opensearch:POST https://0.0.0.0:9200/wazuh-states-fim-files-sample/_bulk [status:200 request:0.034s]
INFO:opensearch:POST https://0.0.0.0:9200/wazuh-states-fim-files-sample/_bulk [status:200 request:0.033s]
INFO:opensearch:POST https://0.0.0.0:9200/wazuh-states-fim-files-sample/_bulk [status:200 request:0.033s]
INFO:opensearch:POST https://0.0.0.0:9200/wazuh-states-fim-files-sample/_bulk [status:200 request:0.046s]
INFO:opensearch:POST https://0.0.0.0:9200/wazuh-states-fim-files-sample/_bulk [status:200 request:0.042s]
INFO:opensearch:POST https://0.0.0.0:9200/wazuh-states-fim-files-sample/_bulk [status:200 request:0.055s]
INFO:opensearch:POST https://0.0.0.0:9200/wazuh-states-fim-files-sample/_bulk [status:200 request:0.037s]
INFO:opensearch:POST https://0.0.0.0:9200/wazuh-states-fim-files-sample/_bulk [status:200 request:0.035s]
INFO:opensearch:POST https://0.0.0.0:9200/wazuh-states-fim-files-sample/_bulk [status:200 request:0.034s]
INFO:opensearch:POST https://0.0.0.0:9200/wazuh-states-fim-files-sample/_bulk [status:200 request:0.043s]
INFO:opensearch:POST https://0.0.0.0:9200/wazuh-states-fim-files-sample/_bulk [status:200 request:0.037s]
INFO:opensearch:POST https://0.0.0.0:9200/wazuh-states-fim-files-sample/_bulk [status:200 request:0.034s]
INFO:opensearch:POST https://0.0.0.0:9200/wazuh-states-fim-files-sample/_bulk [status:200 request:0.038s]
INFO:states-fim-files:Data was indexed into [wazuh-states-fim-files-sample]
INFO:configuration:Configuration for [dataset/states-fim-files/index_pattern]: [{'create_index_pattern': 'n', 'index_pattern_name': ''}]
Configuration is valid for [dataset/states-fim-files/index_pattern], do you want to use it? [Y/n]:
🟢 Go to Server management > Dev Tools and it should not have any request related to syscollector (clean browser)Chrome - 🟢
🟢 Go to File integrity monitoring > Inventory and test the queries, filters and the table represents the expected data. Ensure the document details is working as expected.Chrome - 🟢 Screen.Recording.2025-04-30.174606.mp4🟢 Go to System inventory > IT Hygiene > Networks > Networks and test the queries, filters and the dashboard represents the expected data.Chrome - 🟢 Screen.Recording.2025-04-30.175553.mp4🟢 With no FIM indices and no index pattern, go to File integrity monitoring > Inventory and this should display a promptChrome - 🟢
🟢 With no System inventory indices and no index pattern, go to IT Hygiene > Inventory and this should display a promptChrome - 🟢
🟢 With no FIM indices and index pattern, go to File integrity monitoring > Inventory and this should display a prompt related to data source was not initializedChrome - 🟢
|
|
@guidomodarelli , regarding the test:
That displayed message in the flyout indicates that could not find data related to that file in the FIM files indices. The table that opens the flyout is related to alerts data, so in some cases or using the sample data that does not match the sample file paths in alerts and files inventory, you could have alerts related to a file, but there is no data in the FIM files. If you click in a file path (alert data) that you has information in the FIM inventory states, you should see that information. I will add a fix to ensure the sample data path in the FIM files inventory and alerts match, so this can be tested. |
9 tasks
…he FIM: recent events table of agent overview
|
|
|
🟢 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description
This pull request adds global FIM and system inventories.
Changes:
IT HygienetoSecurity operationscategoryIT Hygieneto agent menusystem_inventory.patternfim.patternuseDataGridto manage error on initializationGET /api/syscollectorendpointPOST /reports/agents/{agentID}/inventoryAPI endpoint and extended reporting information related to syscollectorInventory dataviews and button from agent overviewScreen.Recording.2025-04-30.162009.mp4
Side changes
vulnerabilities.patternsetting instead of searching index pattern with title/id that containsvulnerabilities.display:tableIssues Resolved
#27903
Evidence
FIM > Inventory
IT Hygiene > Dashboard
Overview
Agent
IT Hygiene > Inventory
Agent overview
Dev Tools
New settings
Test
This pull request adds a sample data generator, see
scripts/sample-data/README.md. The indexed sample data expects you use the imposter API.Legend:
⚫: none
🟢: pass
🟡: warning
🔴: fail
⚪: not applicable
UI
Details
⚫ Go to agent welcome and the hardware/system information should be displayed in a new panel
Chrome - ⚫
Firefox - ⚫
Safari - ⚫
⚫ Go to agent welcome and click on in a FIM file and it should open a flyout with the inventory details related to the selected file
Chrome - ⚫
Firefox - ⚫
Safari - ⚫
⚫ Go to Server management > Dev Tools and it should not have any request related to syscollector (clean browser)
Chrome - ⚫
Firefox - ⚫
Safari - ⚫
⚫ Go to File integrity monitoring > Inventory and test the queries, filters and the table represents the expected data. Ensure the document details is working as expected.
Chrome - ⚫
Firefox - ⚫
Safari - ⚫
⚫ Go to System inventory > IT Hygiene > Dashboard and test the queries, filters and the dashboard represents the expected data.
Chrome - ⚫
Firefox - ⚫
Safari - ⚫
⚫ Go to System inventory > IT Hygiene > Inventory and test the queries, filters and the table represents the expected data. Ensure the document details is working as expected.
Chrome - ⚫
Firefox - ⚫
Safari - ⚫
⚫ With no FIM indices and no index pattern, go to File integrity monitoring > Inventory and this should display a prompt
Chrome - ⚫
Firefox - ⚫
Safari - ⚫
⚫ With no System inventory indices and no index pattern, go to IT Hygiene > Inventory and this should display a prompt
Chrome - ⚫
Firefox - ⚫
Safari - ⚫
⚫ With no System inventory indices and no index pattern, go to IT Hygiene > Dashboard and this should display a prompt
Chrome - ⚫
Firefox - ⚫
Safari - ⚫
⚫ With no FIM indices and index pattern, go to File integrity monitoring > Inventory and this should display a prompt related to data source was not initialized
Chrome - ⚫
Firefox - ⚫
Safari - ⚫
⚫ With no System inventory indices and index pattern, go to IT Hygiene > Inventory and this should display a prompt related to data source was not initialized
Chrome - ⚫
Firefox - ⚫
Safari - ⚫
Check List