Add rule group win_auth_failure to metrics (#2099)

wazuh · Feb 26, 2020 · baab817 · baab817
1 parent ad4659b
commit baab817
Show file tree

Hide file tree

Showing 2 changed files with 16 additions and 4 deletions.
diff --git a/server/integration-files/visualizations/agents/agents-general.js b/server/integration-files/visualizations/agents/agents-general.js
@@ -104,10 +104,11 @@ export default [
                               "index": "wazuh-alerts",
                               "type": "phrases",
                               "key": "rule.groups",
-                              "value": "authentication_failed, authentication_failures",
+                              "value": "win_authentication_failed, authentication_failed, authentication_failures",
                               "params": [
+                                "win_authentication_failed",
                                 "authentication_failed",
-                                "win_authentication_failed"
+                                "authentication_failures"
                               ],
                               "negate": false,
                               "disabled": false,
@@ -116,14 +117,19 @@ export default [
                             "query": {
                               "bool": {
                                 "should": [
+                                  {
+                                    "match_phrase": {
+                                      "rule.groups": "win_authentication_failed"
+                                    }
+                                  },
                                   {
                                     "match_phrase": {
                                       "rule.groups": "authentication_failed"
                                     }
                                   },
                                   {
                                     "match_phrase": {
-                                      "rule.groups": "win_authentication_failed"
+                                      "rule.groups": "authentication_failures"
                                     }
                                   }
                                 ],

diff --git a/server/integration-files/visualizations/overview/overview-general.js b/server/integration-files/visualizations/overview/overview-general.js
@@ -105,8 +105,9 @@ export default [
                               "index": "wazuh-alerts",
                               "type": "phrases",
                               "key": "rule.groups",
-                              "value": "authentication_failed, authentication_failures",
+                              "value": "win_authentication_failed, authentication_failed, authentication_failures",
                               "params": [
+                                "win_authentication_failed",
                                 "authentication_failed",
                                 "authentication_failures"
                               ],
@@ -117,6 +118,11 @@ export default [
                             "query": {
                               "bool": {
                                 "should": [
+                                  {
+                                    "match_phrase": {
+                                      "rule.groups": "win_authentication_failed"
+                                    }
+                                  },
                                   {
                                     "match_phrase": {
                                       "rule.groups": "authentication_failed"