Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

POC data persistence UX - endpoint inventory #213

Closed
5 tasks
Tracked by #210
asteriscos opened this issue Jun 21, 2024 · 3 comments
Closed
5 tasks
Tracked by #210

POC data persistence UX - endpoint inventory #213

asteriscos opened this issue Jun 21, 2024 · 3 comments
Assignees
@lucianogorza
Labels
level/task Task issue type/enhancement New feature or request

Comments

@asteriscos
Copy link
Member

asteriscos commented Jun 21, 2024
edited by gdiazlo
Loading

Description

We want to create a new plugin which will be in charge of:

  • dashboards and reports related to the endpoint
  • actions related to endpoints provided by the API
  • notifications related to the endpoints

dashboard and events view will use the endpoints inventory data directly from the indexer. We expect the information to be similar to the one we currently have in Endpoints summary / agent-name / Inventory.

Coordinate with wazuh-indexer to define an early design and field mappings for the inventory index or indices.

Plan

  • Analysis
    • Design the index and mappings along with the indexer team
    • Explore different information dashboard designs:
      • Segregate information tabs per data type (Network interfaces, Network ports, etc.)
      • Include a menu within the view to select different views without going for the global menu
      • Propose other tests / designs based on the available information
  • PoC
    • Mock data in an inventory index that complies with WCS (Wazuh common schema)
    • Create a new plugin that includes a dashboard and discover views in the main plugin
    • The dashboard must be configured as a saved object so it can be referenced in the reporting plugin
@asteriscos asteriscos mentioned this issue Jun 21, 2024
Closed
2 tasks
@asteriscos asteriscos added type/enhancement New feature or request level/task Task issue labels Jun 21, 2024
@lucianogorza lucianogorza self-assigned this Aug 7, 2024
@lucianogorza
Copy link

Analysis

Here are the sections currently listed in the inventory of the device where an agent is installed:

Data related to hardware and operating system

image

Network interfaces

image

Network ports

image

Network settings

image

Packages

image

Processes

image

Analyzing the established index for persisting the inventory stateful-inventory and comparing it with the data currently displayed, the following questions arise:

  • How is the relationship with the agent established?
  • In which fields will the information for networks, packages, and processes be persisted?
  • Can there be multiple documents in the index for the same agent?

@lucianogorza
Copy link

lucianogorza commented Aug 12, 2024
edited
Loading

Update 12/08/2024

Generate data through a Python script.

Index pattern inventory-system-*

image

Index pattern inventory-networks-*

image

@lucianogorza
Copy link

lucianogorza commented Aug 13, 2024
edited
Loading

Update 13/08/2024

Add Networks, Processes and Packages tabs to agent view (replace Inventory tab)

image

To generate index data:

  1. Run data generator script:
wazuh-dashboard-plugins/scripts/wazuh-fleet-generator$ python3 dataInjectScript.py
  1. Create index patterns manually (create with the same name and id):
  • fleet-agents-* (Includes agent and host data)
  • inventory-networks-*

@asteriscos asteriscos mentioned this issue Aug 22, 2024
Merged
6 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@lucianogorza lucianogorza

Labels
level/task Task issue type/enhancement New feature or request
Projects
Release 5.0.0
Status: Done
Milestone
No milestone
Development

No branches or pull requests
2 participants
@asteriscos @lucianogorza