Update master branch (#867)

* Fix open file when content is empty * Fix error on ruleset empty files * Fix CDB list name * Update labels configuration table (#848) * Add new field 'reconnect_time' to Log collection section * Allow upload ruleset files (#850) * Add tab to upload files * Add upload files Drag n drop directive * Upload files with dragndrop directive added * Add Logtest side tab * Rules tab redesign with Logtest directive * Redesign decoders tab and add logtest sidebar * Update Ruleset -> CDB Lists * Improve Log test directive * Improve upload file styling * Add error/success messages on upload files * Allow upload files with cluster mode disabled * Allow upload decoders and cdb lists * Remove loading bar * Bump revision. Update changelog/readme (#851) * Ruleset section styling fixes (#852) * Fix style * Fix settings icon * Fix wz-table margin * Adapt vulnerability detector config on-demand (#854) * Adapt vuln-detector config section * Show vuln detector on windows agents * Fix hidden integrations in the config view * Fix hidden integrations in the config view (#856) * Bump version and revision (#859) * Fix hidden integrations in the config view * Bump version and revision * Adapt Wazuh App for Splunk 8.0.0 (#865) * Update requests and json libraries * Remove cStringIO lib and use python3.7 syntax * Use StringIO to export CSV * Update PIL lib * Update FPDF library * Update reporting controller syntax to python3.7 * Update reporting controller syntax to python3 syntax * Remove 'expanded' key from FIM table * Bump version/revision/changelog * Fix monitored directories table (#889) * Fix monitored directories table * Fix typo * Update README screenshot (#874) * Remove duplicated libraries * Update changelog * Remove .pyc files * Update app logo dimensions Co-authored-by: Juanca Rodríguez <juancarlos.rodriguez@wazuh.com> Co-authored-by: Juan Carlos Tello <juancarlos.tello@wazuh.com>
wazuh · Dec 24, 2019 · d6a6af1 · d6a6af1
1 parent b041487
commit d6a6af1
Show file tree

Hide file tree

Showing 40 changed files with 5,503 additions and 1,145 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -2,6 +2,28 @@
 
 All notable changes to the Wazuh app for Splunk project will be documented in this file.
 
+## Wazuh v3.11.0 - Splunk Enterprise v7.3.2, v8.0.0 - Revision 46
+
+### Added
+
+- Support for Wazuh v3.11.0
+- Support for Splunk 8.0.0
+- Allow upload rules/decoders/CDB-lists files [#828](https://github.com/wazuh/wazuh-splunk/issues/828)
+- Added new field for Log collection configuration section  [#845](https://github.com/wazuh/wazuh-splunk/issues/845)
+
+### Changed
+
+- Changed labels configuration table [#846](https://github.com/wazuh/wazuh-splunk/issues/846)
+- Adapt Vulnerability Configuration section to its new format [#853](https://github.com/wazuh/wazuh-splunk/issues/853)
+
+### Fixed
+
+- Fixed error when opening empty files [#839](https://github.com/wazuh/wazuh-splunk/issues/839)
+- CDB lists section is now showing the correct name of the list [#841](https://github.com/wazuh/wazuh-splunk/issues/841)
+- Fix error when exporting group configuration [#834](https://github.com/wazuh/wazuh-splunk/issues/834)
+- Fix missing custom integrations [#855](https://github.com/wazuh/wazuh-splunk/issues/855)
+- Fix Monitored directories table in agent report [#888](https://github.com/wazuh/wazuh-splunk/issues/888)
+
 ## Wazuh v3.10.2 - Splunk Enterprise v8.0.0 - Revision 45
 
 ### Added

diff --git a/README.md b/README.md
@@ -7,10 +7,10 @@
 
  Wazuh app for Splunk offers an option to visualize _Wazuh Alerts_ and _API data_. Wazuh helps you to gain deeper security visibility into your infrastructure by monitoring hosts at an operating system and application level.
 * * *
-![](https://i.imgur.com/HkMjiwJ.png)
+![Overview](SplunkOverview.png)
 ### Documentation
 
--   [Wazuh app for Splunk installation guide](https://documentation.wazuh.com/current/installing-splunk/index.html)
+- [Wazuh app for Splunk installation guide](https://documentation.wazuh.com/current/installation-guide/installing-splunk/index.html)
 
 ## Branches
 
@@ -56,7 +56,9 @@
 |      7.3.0     |       3.10.0      | <https://packages.wazuh.com/3.x/splunkapp/v3.10.0_7.3.0.tar.gz> |
 |      7.3.0     |       3.10.1      | <https://packages.wazuh.com/3.x/splunkapp/v3.10.1_7.3.0.tar.gz> |
 |      7.3.0     |       3.10.2      | <https://packages.wazuh.com/3.x/splunkapp/v3.10.2_7.3.0.tar.gz> |
-|     8.0.0      |       3.10.2      | <https://packages.wazuh.com/3.x/splunkapp/wazuhapp-splunk-3.10.2_8.0.0.tar.gz> |
+|      8.0.0     |       3.10.2      | <https://packages.wazuh.com/3.x/splunkapp/wazuhapp-splunk-3.10.2_8.0.0.tar.gz> |
+|      7.3.2     |       3.11.0      | <https://packages.wazuh.com/3.x/splunkapp/wazuhapp-splunk-3.11.0_7.3.2.tar.gz> |
+|      8.0.0     |       3.11.0      | <https://packages.wazuh.com/3.x/splunkapp/wazuhapp-splunk-3.11.0_8.0.0.tar.gz> |
 
 
 ## Upgrade

diff --git a/SplunkAppForWazuh/README.md b/SplunkAppForWazuh/README.md
@@ -9,11 +9,11 @@ Wazuh app for Splunk offers an option to visualize _Wazuh Alerts_ and _API data_
 
 ---
 
-![](https://i.imgur.com/HkMjiwJ.png)
+![Overview](../SplunkOverview.png)
 
 ### Documentation
 
-- [Wazuh app for Splunk installation guide](https://documentation.wazuh.com/current/installing-splunk/index.html)
+- [Wazuh app for Splunk installation guide](https://documentation.wazuh.com/current/installation-guide/installing-splunk/index.html)
 
 ## Branches
 
@@ -57,8 +57,13 @@ Wazuh app for Splunk offers an option to visualize _Wazuh Alerts_ and _API data_
 |     7.3.0      |     3.9.3     | <https://packages.wazuh.com/3.x/splunkapp/v3.9.3_7.3.0.tar.gz> |
 |     7.3.0      |     3.9.4     | <https://packages.wazuh.com/3.x/splunkapp/v3.9.4_7.3.0.tar.gz> |
 |     7.3.0      |     3.9.5     | <https://packages.wazuh.com/3.x/splunkapp/v3.9.5_7.3.0.tar.gz> |
+|     7.3.0      |     3.10.0     | <https://packages.wazuh.com/3.x/splunkapp/v3.10.0_7.3.0.tar.gz> |
+|     7.3.0      |     3.10.1     | <https://packages.wazuh.com/3.x/splunkapp/v3.10.1_7.3.0.tar.gz> |
+|     7.3.0      |     3.10.2     | <https://packages.wazuh.com/3.x/splunkapp/v3.10.2_7.3.0.tar.gz> |
 |     7.3.0      |     3.10.2    | <https://packages.wazuh.com/3.x/splunkapp/v3.10.2_7.3.0.tar.gz> |
 |     8.0.0      |     3.10.2    | <https://packages.wazuh.com/3.x/splunkapp/wazuhapp-splunk-3.10.2_8.0.0.tar.gz> |
+|     7.3.2      |     3.11.0     | <https://packages.wazuh.com/3.x/splunkapp/wazuhapp-splunk-3.11.0_7.3.2.tar.gz> |
+|     8.0.0      |     3.11.0     | <https://packages.wazuh.com/3.x/splunkapp/wazuhapp-splunk-3.11.0_8.0.0.tar.gz> |
 
 ## Upgrade
 

diff --git a/SplunkAppForWazuh/appserver/controllers/manager.py b/SplunkAppForWazuh/appserver/controllers/manager.py
@@ -13,6 +13,7 @@
 """
 
 
+from . import api
 import jsonbak
 import requestsbak
 import uuid
@@ -74,6 +75,7 @@ def __init__(self):
             self.db = database()
             self.config =  self.get_config_on_memory()
             self.timeout = int(self.config['timeout'])
+            self.wazuh_api = api.api()
             self.session = requestsbak.Session()            
             self.session.trust_env = False
         except Exception as e:
@@ -511,6 +513,54 @@ def check_daemons(self, url, auth, verify, check_cluster):
             self.logger.error("manager: Error checking daemons: %s" % (e))
             raise e
 
+    @expose_page(must_login=False, methods=['POST'])
+    def upload_file(self, **kwargs):
+        # Only rules files are uploaded currently
+        self.logger.debug("manager: Uploading file(s)")
+        try:
+            # Get file name and file content
+            split_file = str(kwargs["file"]).split('\', \'')
+            file_name = split_file[1]
+            file_content = split_file[2]
+            file_content = file_content[:len(file_content)-2]
+            file_content2 = file_content
+
+            # Get path 
+            dest_path = kwargs["path"]
+
+
+            # Get current API data
+            opt_id = kwargs["apiId"]
+            current_api_json = self.db.get(opt_id)
+            current_api_json = jsonbak.loads(current_api_json)
+            opt_username = str(current_api_json["data"]["userapi"])
+            opt_password = str(current_api_json["data"]["passapi"])
+            opt_base_url = str(current_api_json["data"]["url"])
+            opt_base_port = str(current_api_json["data"]["portapi"])
+            opt_cluster = False
+            if "filterType" in current_api_json["data"] and current_api_json["data"]["filterType"] == 'cluster.name':
+                opt_cluster = True
+
+            # API requests auth
+            auth = requestsbak.auth.HTTPBasicAuth(opt_username, opt_password)
+            verify = False
+            url = opt_base_url + ":" + opt_base_port
+
+
+            if dest_path and dest_path == 'etc/lists/':
+                file_content = file_content.replace('\\n',"\n")
+                result = self.session.post(url + '/manager/files?path='+ dest_path +file_name, data=file_content, headers= {"Content-type": "application/octet-stream"}, auth=auth, timeout=20, verify=verify)
+            else:
+                file_content = file_content.replace('\\n','')
+                result = self.session.post(url + '/manager/files?path='+ dest_path +file_name, data=file_content, headers= {"Content-type": "application/xml"}, auth=auth, timeout=20, verify=verify)
+            result = jsonbak.loads(result.text)
+            if 'error' in result and result['error'] != 0:
+                return jsonbak.dumps({"status": "400", "text": "Error adding file: %s. Cause: %s" % (file_name,result["message"])})
+            return jsonbak.dumps({"status": "200", "text": "File %s was updated successfully. " % file_name})
+        except Exception as e:
+            self.logger.error("manager: Error trying to upload a file(s): %s" % (e))
+
+
     def get_config_on_memory(self):
         try:
             self.logger.debug("manager: Getting configuration on memory.")

diff --git a/SplunkAppForWazuh/appserver/controllers/report.py b/SplunkAppForWazuh/appserver/controllers/report.py
@@ -125,55 +125,56 @@ def getString(self, value,labels={}):
     def getDirectoriesChecks(self,row):
         newRow = []
         newRow.append(row['dir'])
-        if 'realtime' in row['opts'] and row['opts'].index('realtime'):
+        self.logger.info(row)
+        if 'realtime' in row['opts']:
             newRow.append('yes')
         else:
             newRow.append('no')
-        if 'whodata' in row['opts'] and row['opts'].index('whodata'):
+        if 'whodata' in row['opts'] or ('check_whodata' in row['opts']) :
             newRow.append('yes')
         else:
             newRow.append('no')
-        if 'report_changes' in row['opts'] and row['opts'].index('report_changes'):
+        if 'report_changes' in row['opts']:
             newRow.append('yes')
         else:
             newRow.append('no')
-        if 'check_sha1sum	' in row['opts'] and row['opts'].index('check_sha1sum'):
+        if 'check_sha1sum	' in row['opts']:
             newRow.append('yes')
         else:
             newRow.append('no')
-        if 'check_md5sum' in row['opts'] and row['opts'].index('check_md5sum'):
+        if 'check_md5sum' in row['opts']:
             newRow.append('yes')
         else:
             newRow.append('no')
-        if 'check_sha256sum' in row['opts'] and row['opts'].index('check_sha256sum'):
+        if 'check_sha256sum' in row['opts']:
             newRow.append('yes')
         else:
             newRow.append('no')
-        if 'check_size' in row['opts'] and row['opts'].index('check_size'):
+        if 'check_size' in row['opts']:
             newRow.append('yes')
         else:
             newRow.append('no')
-        if 'check_owner' in row['opts'] and row['opts'].index('check_owner'):
+        if 'check_owner' in row['opts']:
             newRow.append('yes')
         else:
             newRow.append('no')
-        if 'check_group' in row['opts'] and row['opts'].index('check_group'):
+        if 'check_group' in row['opts']:
             newRow.append('yes')
         else:
             newRow.append('no')
-        if 'check_perm' in row['opts'] and row['opts'].index('check_perm') :
+        if 'check_perm' in row['opts']:
             newRow.append('yes')
         else:
             newRow.append('no')
-        if 'check_mtime' in row['opts'] and row['opts'].index('check_mtime') :
+        if 'check_mtime' in row['opts']:
             newRow.append('yes')
         else:
             newRow.append('no')
-        if 'check_inode' in row['opts'] and row['opts'].index('check_inode') :
+        if 'check_inode' in row['opts']:
             newRow.append('yes')
         else:
             newRow.append('no')
-        if 'follow_symbolic_link' in row['opts'] and row['opts'].index('follow_symbolic_link'):
+        if 'follow_symbolic_link' in row['opts']:
             newRow.append('yes')
         else:
             newRow.append('no')

diff --git a/SplunkAppForWazuh/appserver/static/css/styles/common.css b/SplunkAppForWazuh/appserver/static/css/styles/common.css
@@ -87,6 +87,10 @@
   border-color: #396e3e !important;
 }
 
+.agreeBtn:hover {
+  background-color: #43884a !important;
+}
+
 .cancelBtn {
   color: #000000 !important;
   background-color: #d9d9d9 !important;
@@ -2280,7 +2284,7 @@ md-tabs.md-default-theme md-ink-bar, md-tabs md-ink-bar {
   margin: 2px 15px 0px -500px;
   height: auto;
 }
-}
+
 .link-disabled {
   cursor: not-allowed;
   opacity: 0.5;
@@ -2436,6 +2440,149 @@ wazuh-card-slider {
   width: 100% ;
 }
 
+.euiButton .euiButton__content {
+  height: 100%;
+  width: 100%;
+  vertical-align: middle;
+  display: -webkit-box;
+  display: -ms-flexbox;
+  display: flex;
+  -webkit-box-pack: center;
+  -ms-flex-pack: center;
+  justify-content: center;
+  -webkit-box-align: center;
+  -ms-flex-align: center;
+  align-items: center;
+  padding: 0 12px;
+}
+
+.euiButton:disabled .euiButton__content {
+  pointer-events: auto;
+  cursor: not-allowed;
+}
+
+.table-striped>tbody>tr:nth-child(odd)>td, .table-striped>tbody>tr:nth-child(odd)>th {
+background-color: white;
+}
+
+.link-table {
+  margin-right:10px;
+  font-size: 16px;
+  padding-left: 10px;
+}
+
+.link-table:hover {
+  text-decoration: underline
+}
+
+
+.euiTextArea:focus {
+  background-color: rgb(250,250,250);
+  border-bottom: 2px solid rgb(63, 126, 67);
+}
+
+::-webkit-scrollbar {
+  width: 7px;
+  height: 7px;
+}
+
+/* Track */
+::-webkit-scrollbar-track {
+  background: #f1f1f1; 
+}
+
+/* Handle */
+::-webkit-scrollbar-thumb {
+  background: #888; 
+  border-radius: 10px;
+}
+
+/* Handle on hover */
+::-webkit-scrollbar-thumb:hover {
+  background: #555;
+}
+
+
+.logtest-fullscreen {
+  position: fixed !important;
+  top: 0;
+  left: 0;
+  overflow: hidden;
+  height: 100% !important;
+  width: 100% !important;
+  max-width: 100% !important;
+  max-height: 100% !important;
+  z-index: 100;
+}
+.dz-filename {
+  padding-top: 18px !important;
+}
+
+.dropzone .dz-preview .dz-progress {
+  margin-top: -18px !important;
+}
+
+.dropzone.dz-clickable {
+  cursor: pointer;
+  background-color: #b4c5b573;
+  border: 1px solid rgba(0, 0, 0, 0.12);
+}
+
+
+.wz-popover-wrapper {
+  position: relative;
+  top: 55px;
+  right: -92%;
+  display: inline-block;
+  z-index: 100;
+}
+.wz-popover-content {
+  opacity: 0;
+  z-index:100;
+  visibility: hidden;
+  position: absolute;
+  left: -350px;
+  transform: translate(0, 10px);
+  background-color: #ffffff;
+  padding: 1rem 1.5rem 1.5rem 1.5rem;
+  box-shadow: 1px 2px 4px 1px rgba(0, 0, 0, 0.76);
+  width: 350px;
+}
+.wz-popover-content:before {
+  content: "";
+  position: fixed;
+  width: 10px;
+  height: 10px;
+  background: white;
+  transform: rotate(45deg);
+  top: -6px;
+  z-index: 1 !important;
+  left: 326px;
+  border-top: 1px solid #80808085;
+  border-left: 1px solid #80808085;
+}
+.wz-popover-wrapper .wz-popover-content {
+  z-index: 10;
+  opacity: 1;
+  visibility: visible;
+  height:auto;
+  transform: translate(0, 10px);
+}
+
+
+.wz-popover-message {
+  text-align: center;
+}
+
+
+.wz-success-message {
+  color: rgb(32, 121, 32) !important
+}
+
+.wz-error-message {
+  color: rgb(173, 16, 16) !important
+}
+
 .wz-min-height-40 {
   min-height: 40px !important;
 }