Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Alert Trigger Channel is not loading MS Teams as optional recipients #6783

Closed
d9-Mark opened this issue Jun 19, 2024 · 12 comments
Closed

Alert Trigger Channel is not loading MS Teams as optional recipients #6783

d9-Mark opened this issue Jun 19, 2024 · 12 comments
Assignees
@Desvelao
Labels
level/task Task issue reporter/community Issue reported by the community request/operational Operational requests type/bug Bug issue

Comments

@d9-Mark
Copy link

d9-Mark commented Jun 19, 2024

Wazuh Rev Browser
Latest 4.8.0 Firefox, Chrome, untested on others.

Description
On OpenSearch, I am able to flawlessly create a new channel, add my MS Teams webhook, return to alerting, setup a monitor with an action on a trigger and for the channel to send the POST to, I can select my MS Teams webhook. I am unable to select the proper chanel on the latest version of Wazuh. Previous versions I have installed on other stacks don't even have the option for MS teams webhooks yet.

Preconditions

  1. Alerts index
  2. Monitor
  3. Trigger
  4. Action <-- Won't show all possible channels

Steps to reproduce

  1. Navigate to the 'Explore' drop down option from the hamburger menu
  2. Click on 'Create Monitor'
  3. Fill out monitor details here, name is a requirement for sure to even test.
    My Setup:
Per query monitor
Extraction Query Editor
  1. Add Trigger -- This is where I get "Failed to load Destinations" as a toast alert.
  2. Add Action
  3. Channels -> Manage Channels if you need to create an MS Teams webhook channel. See my Screenshot for this. This webhook is described as active by the dashboard and the test message to my endpoint is working, I just cannot select this channel in my alert trigger's actions.

Expected Result

  1. See all possible channels for alert POST to go to

Actual Result

  1. Seeing only email/custom webhooks.

Screenshots
image
image
image

Additional context
Anything else I might be able to provide to help you help me, please let me know. I've been searching all over for this issue and can't find much on it, so it might be an oversight on my end. Thanks for reading!
@d9-Mark d9-Mark changed the title Channels not loading MS Teams as optional recipients Alert Trigger Channel is not loading MS Teams as optional recipients Jun 19, 2024
@abacao
Copy link

abacao commented Jun 24, 2024

I'm having the same issue

@RisPNG
Copy link

RisPNG commented Jun 27, 2024

Same issue as well, hope for a fix asap. Even if it modifying through JSON.

@RamonHH
Copy link

RamonHH commented Jun 28, 2024

Same Problem here....

@RisPNG
Copy link

RisPNG commented Jul 3, 2024

No support for this issue? Anyone got a solution?

@d9-Mark
Copy link
Author

d9-Mark commented Jul 3, 2024
edited
Loading

No support for this issue? Anyone got a solution?

I've used a very similar setup to the person who helped me on my Reddit thread here. It's not the exact solution we're looking for, nor is it as easy but this works for now, at least for me and my team. Still anxious to see if there is a planned deployment for the fix.
https://www.reddit.com/r/Wazuh/comments/1divds2/comment/l977ztv/?context=3

This is the original link to the 'custom integrations.'
https://wazuh.com/blog/how-to-integrate-external-software-using-integrator/

@alopezme
Copy link

alopezme commented Jul 8, 2024

Same problem.
I have a channel created but I can't use it :-(

2024-07-08_09h49_17
2024-07-08_09h49_02

@roishub
Copy link

roishub commented Aug 6, 2024

I am facing the same problem. Still no solution?

@Desvelao
Copy link
Member

Hi, I could replicate the problem using the Wazuh dashboard 4.8.1 (based on OpenSearch Dashboards 2.10.0).

I was researching and it seems that there is a bug on the Alerting application for Wazuh dashboard 4.8.x (that is based on OpenSearch Dashboards 2.10.0). Reviewing the release notes of recent versions of the alerting plugin for OpenSearch Dashboards, I found a related change for 2.11.0 that could fix the problem:

Using an OpenSearch Dashboards 2.11.0, I could select the Microsoft Teams channel for the monitor:
image
image

So, in theory, the problem should be fixed for the Wazuh dashboard is based on OpenSearch Dashboards whose version is later to 2.10.0. At the current moment, the unreleased Wazuh dashboard 4.9.0 will be based on OpenSearch Dashboards 2.13.0, so the fix should be included for this version.

@Desvelao Desvelao added type/bug Bug issue reporter/community Issue reported by the community labels Aug 14, 2024
@asteriscos asteriscos added request/operational Operational requests level/task Task issue labels Aug 19, 2024
@roishub
Copy link

roishub commented Aug 22, 2024 via email

@Desvelao
Copy link
Member

Is there something else I can do, like getting wazuh to use opensearch dashboard 2.11.0?

@roishub , I do not know if there is an user-friendly solution for this problem.

If you can not wait to a release of Wazuh dashboard that contains the fix, I guess some solutions could be:

  • Build a Wazuh dashboard based on a version of OpenSearch Dashboards (e.g. 2.11.0) that contains the fix.
  • Patch the current Alerting plugin with a fix on the installed Wazuh dashboard.
  • Replace the built-in Alerting plugin that contains the bug for a build (with some adaptations) of the plugin for OpenSearch Dashboards 2.11.0.

Note the mentioned approaches require development knowledge and are not user friendly. You could experience multiple problems, incompatibilities, etc...

My recommendation is to wait for the Wazuh dashboard 4.9.0.

@supremesyntax
Copy link

I can confirm it is working with 4.9.0. Teams can be selected as a channel for a monitor now.

@Desvelao
Copy link
Member

Thank you so much @supremesyntax for confirming it is working on Wazuh dashboard 4.9.0. I will close the issue.

Wazuh dashboard 4.9.0 lets the selection of Microsoft Teams channel
image

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@Desvelao Desvelao

Labels
level/task Task issue reporter/community Issue reported by the community request/operational Operational requests type/bug Bug issue
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
9 participants
@RisPNG @asteriscos @abacao @supremesyntax @RamonHH @Desvelao @alopezme @roishub @d9-Mark