[Update dashboards] Global vulnerabilities dashboards #5763
Comments
|
Reporting and export of query results for this dashboard might get interesting based on the proposed composition. Suggest adding it as a first tier specification to avoid complications formatting those down the line. |
|
Based on the details of the topic, we elaborated the following dasboards, we will continue to work on their appearance and on the data to be displayed. 
|
|
Update dashboard 
|
Machi3mfl
changed the title
Guide to generate random data for the vulnerabilities moduleTo test the new vulnerabilities module, it is necessary to generate data from the new Generation of vulnerability index dataHaving the environment up, use the random data generation script to generate the data as shown in the following image.
NOTE: keep in mind that the indexer port (9200) has to be exposed in the container configuration. Creation of the `wazuh-states-vulnerabilities` indexGo to Dashboards Managements and create the corresponding `wazuh-states-vulnerabilities` index as shown in the following images:
NOTE: It is important to specify the Custom index pattern ID with Mapping the index fieldsGo to Dev tools and insert the field mapping through a PUT, then do a GET of some field to test.
At this point it is necessary to do a DELETE as shown in the image and repeat again only the data generation but with a greater number of data.
Dev Tools codeFinally it is necessary to refresh the index in Dashboard Management
|
|
I am very interested in this dashboard, how do you show the active vulnerabilities since the current filtering does not allow that? Can you provide some information on it? |
I think the comment from @jbiset is about it. (Creation of the Anyway, still in development. I'm very interested in this feature too. |
|
@botkillern and @micsinyei, thanks for your feedback. |
Vulnerabilities inventory
|
|
do you have ETA? |
Hi, Have you got the guides on setting up these visualizations please? Thanks Rob |
|
Yeah this would be amazing if released, having a default overview of all vulnerabilities out of the gate would simply make the tool useful. Individual results, while useful is annoying to have to go back and forth between. |
|
If I'm reading all the details here correctly, this is in process for Wazuh 4.8 and is present in the current beta. It appears that the primary delay was the need for a new indexer/index to keep track of the vulnerabilities that are "current" instead of listing both active and solved as the Events table does. |
|
@burdorff correct, the need to generate a new indexer appears to be the hold up. |
|
Mean Time To Detect MTTD and Mean Time to Fix MTTF are the two crucial KPIs to put this dashboard I think. |
Introduction
With the new vulnerability detector work (wazuh/wazuh#14153), we can start implementing a global vulnerability dashboard which can manage all detected vulnerabilities across all endpoints.
We will implement this dashboard under Modules / Vulnerabilities:
without selecting an agent, this page will show the default dashboard, which will be designed like the following mock:
We won't be using the embedded Discover to implement the inventory or the vulnerabilities table, instead, we will use a standard table component with an expand action, which will display a fly-out with the details about the vulnerability selected. This design will take advantage of the new vulnerabilities index schema to ensure all vulnerabilities contain a minimum set of information required by our users.
The single agent dashboard will use the global one with an agent filter applied.
Development plan
In order to create the new vulnerabilities dashboard we need to define different tasks/steps:
Research stage
Components and services
Demo stage
Dashboardtab using OSD plugins #5894Inventorytab using OSD plugins #5895Improve and fixes stage
Add vulnerabilities index patter validation configuration and health-check
Fix show call-out warning when there is no data in the vulnerabilities index
Fixed filter modal of bar chart of vulnerabilities dashboard
Fix default filters per tab in Vulnerabilities module
**Remove Inventory table from vulnerability dashboard tab **
Disable by default the vulnerabilities health-check
Maximized visualizations don't display properly in vulnerabilities dashboard
Add pinned agent to vulnerability section
Update vulnerability configuration block
Plan
We want to implement a new
dashboardtab:Cross search vulnerability with alertsInvestigate how can we cross-search the vulnerability index with the general alerts index to search for additional information from within the vulnerability dashboard(It's not possible cross-search the vulnerability index with the general alerts index)cves by severityA user must be able to quickly see the amount of CVEs by severity: critical, high, medium, low(There is not enough information in the index to make a graph like this. Replaced with Accumulation of the most detected vulnerabilities)actions:Go to alerts index with a filter by that vulnerability(It's not possible)evaluate the performance of the dashboard in scenarios with thousands of endpoints(does not apply to this issue)Reporting(this functionality will be implemented later)A user should be able to export the query resultsA user should be able to create a report out of the dashboardWe might need to implement new configuration options to support the new vulnerability detector under the current configuration module.
We want to implement a new
inventorytab:Dependencies
This work depends on the vulnerability index schema and a set of sample data to build the queries to generate and test the dashboard visualizations and queries.
Related issues
We will add here issues from our backlog and projects related to this effort.
The text was updated successfully, but these errors were encountered: