From 172538b37fb0d9d8737cc3615c0752a2787a050f Mon Sep 17 00:00:00 2001 From: JuanGarriuz Date: Fri, 15 Nov 2024 15:29:57 +0100 Subject: [PATCH 1/9] Move fim data values to a common file --- .../agents/fim/inventory/fileDetail.tsx | 150 +------- .../agents/fim/inventory/fim-data.tsx | 344 ++++++++++++++++++ .../agents/fim/inventory/registry-table.tsx | 54 +-- .../components/agents/fim/inventory/table.tsx | 143 +------- 4 files changed, 354 insertions(+), 337 deletions(-) create mode 100644 plugins/main/public/components/agents/fim/inventory/fim-data.tsx diff --git a/plugins/main/public/components/agents/fim/inventory/fileDetail.tsx b/plugins/main/public/components/agents/fim/inventory/fileDetail.tsx index c6bfa9f1d8..d8e452a1d7 100644 --- a/plugins/main/public/components/agents/fim/inventory/fileDetail.tsx +++ b/plugins/main/public/components/agents/fim/inventory/fileDetail.tsx @@ -22,10 +22,8 @@ import { EuiSpacer, EuiStat, EuiToolTip, - EuiCodeBlock, EuiLink, } from '@elastic/eui'; -import { ICustomBadges } from '../../../wz-search-bar/components'; import { buildPhraseFilter, IIndexPattern, @@ -53,6 +51,7 @@ import TechniqueRowDetails from '../../../overview/mitre/framework/components/te import { DATA_SOURCE_FILTER_CONTROLLED_CLUSTER_MANAGER } from '../../../../../common/constants'; import NavigationService from '../../../../react-services/navigation-service'; import { setFilters } from '../../../common/search-bar/set-filters'; +import { getProperties } from './fim-data'; export class FileDetails extends Component { props!: { @@ -103,95 +102,6 @@ export class FileDetails extends Component { getIndexPattern().then(idxPtn => (this.indexPattern = idxPtn)); } - details() { - return [ - { - field: 'date', - name: 'Last analysis', - grow: 2, - icon: 'clock', - link: true, - transformValue: formatUIDate, - }, - { - field: 'mtime', - name: 'Last modified', - grow: 2, - icon: 'clock', - link: true, - transformValue: formatUIDate, - }, - { - field: 'uname', - name: 'User', - icon: 'user', - link: true, - }, - { - field: 'uid', - name: 'User ID', - icon: 'user', - link: true, - }, - { - field: 'gname', - name: 'Group', - icon: 'usersRolesApp', - onlyLinux: true, - link: true, - }, - { - field: 'gid', - name: 'Group ID', - onlyLinux: true, - icon: 'usersRolesApp', - link: true, - }, - { - field: 'size', - name: 'Size', - icon: 'nested', - link: true, - transformValue: value => this.renderFileDetailsSize(value), - }, - { - field: 'inode', - name: 'Inode', - icon: 'link', - onlyLinux: true, - link: true, - }, - { - field: 'md5', - name: 'MD5', - checksum: true, - icon: 'check', - link: true, - }, - { - field: 'sha1', - name: 'SHA1', - checksum: true, - icon: 'check', - link: true, - }, - { - field: 'sha256', - name: 'SHA256', - checksum: true, - icon: 'check', - link: true, - }, - { - field: 'perm', - name: 'Permissions', - icon: 'lock', - link: false, - transformValue: value => this.renderFileDetailsPermissions(value), - }, - ]; - } - registryDetails() { return [ { @@ -319,7 +229,8 @@ export class FileDetails extends Component { this.props.type === 'registry_key' || this.props.currentFile.type === 'registry_key' ? this.registryDetails() - : this.details(); + : getProperties(this.props.agent.os.platform, 'details'); + console.log(columns); const generalDetails = columns.map((item, idx) => { let value = this.props.currentFile[item.field] || '-'; let rawValue = value; @@ -411,61 +322,6 @@ export class FileDetails extends Component { ); } - renderFileDetailsPermissions(value) { - if ( - ((this.props.agent || {}).os || {}).platform === 'windows' && - value && - value !== '-' - ) { - return ( - -

- Permissions - - - - - -

- - } - > - - {JSON.stringify(value, null, 2)} - - - ); - } - return value; - } - - renderFileDetailsSize(value) { - if (isNaN(value)) { - return 0; - } - const b = 2; - if (0 === value) { - return '0 Bytes'; - } - const c = 0 > b ? 0 : b, - d = Math.floor(Math.log(value) / Math.log(1024)); - return ( - parseFloat((value / Math.pow(1024, d)).toFixed(c)) + - ' ' + - ['Bytes', 'KB', 'MB', 'GB', 'TB', 'PB', 'EB', 'ZB', 'YB'][d] - ); - } - getDiscoverColumns() { const agentId = this.props.agent?.id; return agentId diff --git a/plugins/main/public/components/agents/fim/inventory/fim-data.tsx b/plugins/main/public/components/agents/fim/inventory/fim-data.tsx new file mode 100644 index 0000000000..a645bce448 --- /dev/null +++ b/plugins/main/public/components/agents/fim/inventory/fim-data.tsx @@ -0,0 +1,344 @@ +import React from 'react'; +import { formatUIDate } from '../../../../react-services/time-service'; +import { + EuiIconTip, + EuiAccordion, + EuiTitle, + EuiToolTip, + EuiIcon, + EuiCodeBlock, +} from '@elastic/eui'; + +function renderFileDetailsPermissions(value) { + return ( + +

+ Permissions + + + + + +

+ + } + > + + {JSON.stringify(value, null, 2)} + + + ); +} + +function renderFileDetailsSize(value) { + if (isNaN(value)) { + return 0; + } + const b = 2; + if (0 === value) { + return '0 Bytes'; + } + const c = 0 > b ? 0 : b, + d = Math.floor(Math.log(value) / Math.log(1024)); + return ( + parseFloat((value / Math.pow(1024, d)).toFixed(c)) + + ' ' + + ['Bytes', 'KB', 'MB', 'GB', 'TB', 'PB', 'EB', 'ZB', 'YB'][d] + ); +} + +const dataFIM = [ + { + field: 'file', + columns: { + name: 'File', + sortable: true, + width: '250px', + searchable: true, + show: true, + }, + details: null, + suggestion: { description: 'filter by file' }, + }, + { + field: 'mtime', + columns: { + name: ( + + Last modified{' '} + + + ), + sortable: true, + width: '130px', + render: formatUIDate, + searchable: false, + show: true, + }, + details: { + name: 'Last modified', + grow: 2, + icon: 'clock', + link: true, + transformValue: formatUIDate, + }, + suggestion: { + description: 'filter by modification time', + }, + }, + { + field: 'uname', + columns: { + name: 'User', + sortable: true, + truncateText: true, + width: '60px', + searchable: true, + show: true, + }, + details: { name: 'User', icon: 'user', link: true }, + suggestion: { description: 'filter by user name' }, + }, + { + field: 'uid', + columns: { + name: 'User ID', + sortable: true, + truncateText: true, + width: '60px', + searchable: true, + show: true, + }, + details: { field: 'uid', name: 'User ID', icon: 'user', link: true }, + suggestion: { description: 'filter by user name' }, + }, + { + field: 'gname', + columns: { + name: 'Group', + sortable: true, + truncateText: true, + width: '60px', + searchable: true, + show: true, + }, + details: { + field: 'gname', + name: 'Group', + icon: 'usersRolesApp', + onlyLinux: true, + link: true, + }, + suggestion: { description: 'filter by group name' }, + }, + { + field: 'gid', + columns: { + name: 'Group ID', + sortable: true, + truncateText: true, + width: '60px', + searchable: true, + show: true, + }, + details: { + field: 'gid', + name: 'Group ID', + onlyLinux: true, + icon: 'usersRolesApp', + link: true, + }, + suggestion: { description: 'filter by group id' }, + }, + { + field: 'size', + columns: { + name: 'Size', + sortable: true, + width: '60px', + searchable: true, + show: true, + }, + details: { + field: 'size', + name: 'Size', + icon: 'nested', + link: true, + transformValue: value => renderFileDetailsSize(value), + }, + suggestion: { description: 'filter by size' }, + }, + { + field: 'date', + columns: { + name: ( + + Last analysis{' '} + + + ), + sortable: true, + width: '130px', + render: formatUIDate, + searchable: false, + }, + details: { + name: 'Last analysis', + grow: 2, + icon: 'clock', + link: true, + transformValue: formatUIDate, + }, + suggestion: { description: 'filter by analysis time' }, + }, + { + field: 'inode', + columns: { + name: 'Inode', + width: '60px', + searchable: true, + sortable: true, + }, + details: { + field: 'inode', + name: 'Inode', + icon: 'link', + onlyLinux: true, + link: true, + }, + suggestion: { description: 'filter by Inode checksum' }, + }, + { + field: 'md5', + columns: { + name: 'MD5', + searchable: true, + sortable: true, + }, + details: { + field: 'md5', + name: 'MD5', + checksum: true, + icon: 'check', + link: true, + }, + suggestion: { description: 'filter by MD5 checksum' }, + }, + { + field: 'sha1', + columns: { + name: 'SHA1', + searchable: true, + sortable: true, + }, + details: { + field: 'sha1', + name: 'SHA1', + checksum: true, + icon: 'check', + link: true, + }, + suggestion: { description: 'filter by SHA1 checksum' }, + }, + { + field: 'sha256', + columns: { + name: 'SHA256', + searchable: true, + sortable: true, + }, + details: { + field: 'sha256', + name: 'SHA256', + checksum: true, + icon: 'check', + link: true, + }, + suggestion: { description: 'filter by SHA256 checksum' }, + }, + { + field: 'perm', + columns: null, + details: { + name: 'Permissions', + icon: 'lock', + link: false, + transformValue: value => renderFileDetailsPermissions(value), + }, + suggestion: null, + }, +]; + +// Checks that OS is not windows +function filterByOS(items, agentInfo: string) { + return items.filter( + item => item.details?.onlyLinux !== (agentInfo === 'windows'), + ); +} + +function getPropertiesColumnsType(items) { + // Avoid columns that are not rendered from getting into view + return items + .filter(({ columns }) => columns) + .map(({ field, columns }) => ({ + field, + ...columns, + })); +} + +function getPropertiesSuggestionsType(items) { + return items.map(({ field, suggestion }) => ({ + label: field, + ...suggestion, + })); +} + +function getPropertiesDetailsType(items) { + // Avoid details that are not rendered from getting into view + return items + .filter(({ details }) => details) + .map(({ field, name, details }) => ({ + field, + name, + ...details, + })); +} + +const mappersType = { + columns: getPropertiesColumnsType, + suggestions: getPropertiesSuggestionsType, + details: getPropertiesDetailsType, +}; + +export function getProperties( + agentInfo: string, + type: 'columns' | 'suggestions' | 'details', +) { + // Filter + const filteredFields = filterByOS(dataFIM, agentInfo); + + // Get mapper by type + const mapperByType = mappersType[type]; + + return mapperByType(filteredFields); +} diff --git a/plugins/main/public/components/agents/fim/inventory/registry-table.tsx b/plugins/main/public/components/agents/fim/inventory/registry-table.tsx index 6dfb410c46..d905569241 100644 --- a/plugins/main/public/components/agents/fim/inventory/registry-table.tsx +++ b/plugins/main/public/components/agents/fim/inventory/registry-table.tsx @@ -14,12 +14,12 @@ import React, { Component } from 'react'; import { EuiFlexGroup, EuiFlexItem, EuiIconTip } from '@elastic/eui'; import { WzRequest } from '../../../../react-services/wz-request'; import { FlyoutDetail } from './flyout'; -import { formatUIDate } from '../../../../react-services/time-service'; import { TableWzAPI } from '../../../common/tables'; import { SEARCH_BAR_WQL_VALUE_SUGGESTIONS_COUNT } from '../../../../../common/constants'; import { withRouterSearch } from '../../../common/hocs'; import { Route, Switch } from '../../../router-search'; import NavigationService from '../../../../react-services/navigation-service'; +import { getProperties } from './fim-data'; export const RegistryTable = withRouterSearch( class RegistryTable extends Component { @@ -58,56 +58,6 @@ export const RegistryTable = withRouterSearch( }); }; - columns() { - return [ - { - field: 'file', - name: 'Registry', - sortable: true, - searchable: true, - show: true, - }, - { - field: 'mtime', - name: ( - - Last modified{' '} - - - ), - sortable: true, - width: '250px', - className: 'wz-white-space-nowrap', - render: formatUIDate, - searchable: false, - show: true, - }, - { - field: 'date', - name: ( - - Last analysis{' '} - - - ), - sortable: true, - width: '100px', - render: formatUIDate, - searchable: false, - }, - ]; - } - onFiltersChange = filters => { this.setState({ filters, @@ -127,7 +77,7 @@ export const RegistryTable = withRouterSearch( }; }; - const columns = this.columns(); + const columns = getProperties(this.props.agent.os.platform, 'details'); const APIendpoint = `/syscheck/${this.props.agent.id}?type=registry_key`; diff --git a/plugins/main/public/components/agents/fim/inventory/table.tsx b/plugins/main/public/components/agents/fim/inventory/table.tsx index 80157ce30c..c400dc88a8 100644 --- a/plugins/main/public/components/agents/fim/inventory/table.tsx +++ b/plugins/main/public/components/agents/fim/inventory/table.tsx @@ -11,15 +11,15 @@ */ import React, { Component } from 'react'; -import { EuiFlexGroup, EuiFlexItem, EuiIconTip } from '@elastic/eui'; +import { EuiFlexGroup, EuiFlexItem } from '@elastic/eui'; import { WzRequest } from '../../../../react-services/wz-request'; import { FlyoutDetail } from './flyout'; -import { formatUIDate } from '../../../../react-services/time-service'; import { TableWzAPI } from '../../../common/tables'; import { SEARCH_BAR_WQL_VALUE_SUGGESTIONS_COUNT } from '../../../../../common/constants'; import { withRouterSearch } from '../../../common/hocs'; import { Route, Switch } from '../../../router-search'; import NavigationService from '../../../../react-services/navigation-service'; +import { getProperties } from './fim-data'; export const InventoryTable = withRouterSearch( class InventoryTable extends Component { @@ -58,122 +58,6 @@ export const InventoryTable = withRouterSearch( }); }; - columns() { - let width; - (((this.props.agent || {}).os || {}).platform || false) === 'windows' - ? (width = '60px') - : (width = '80px'); - return [ - { - field: 'file', - name: 'File', - sortable: true, - width: '250px', - searchable: true, - show: true, - }, - { - field: 'mtime', - name: ( - - Last modified{' '} - - - ), - sortable: true, - width: '100px', - render: formatUIDate, - searchable: false, - show: true, - }, - { - field: 'uname', - name: 'User', - sortable: true, - truncateText: true, - width: `${width}`, - searchable: true, - show: true, - }, - { - field: 'uid', - name: 'User ID', - sortable: true, - truncateText: true, - width: `${width}`, - searchable: true, - show: true, - }, - { - field: 'gname', - name: 'Group', - sortable: true, - truncateText: true, - width: `${width}`, - searchable: true, - show: true, - }, - { - field: 'gid', - name: 'Group ID', - sortable: true, - truncateText: true, - width: `${width}`, - searchable: true, - show: true, - }, - { - field: 'size', - name: 'Size', - sortable: true, - width: `${width}`, - searchable: true, - show: true, - }, - { - field: 'date', - name: ( - - Last analysis{' '} - - - ), - sortable: true, - width: '100px', - render: formatUIDate, - searchable: false, - }, - { - field: 'md5', - name: 'MD5', - searchable: true, - sortable: true, - }, - { - field: 'sha1', - name: 'SHA1', - searchable: true, - sortable: true, - }, - { - field: 'sha256', - name: 'SHA256', - searchable: true, - sortable: true, - }, - ]; - } - onFiltersChange = filters => { this.setState({ filters, @@ -192,7 +76,7 @@ export const InventoryTable = withRouterSearch( }, }; }; - const columns = this.columns(); + const columns = getProperties(this.props.agent.os.platform, 'columns'); const APIendpoint = `/syscheck/${this.props.agent.id}?type=file`; @@ -206,25 +90,8 @@ export const InventoryTable = withRouterSearch( endpoint={APIendpoint} searchBarWQL={{ suggestions: { - field: currentValue => [ - { label: 'date', description: 'filter by analysis time' }, - { label: 'file', description: 'filter by file' }, - { label: 'gid', description: 'filter by group id' }, - { label: 'gname', description: 'filter by group name' }, - { label: 'md5', description: 'filter by MD5 checksum' }, - { - label: 'mtime', - description: 'filter by modification time', - }, - { label: 'sha1', description: 'filter by SHA1 checksum' }, - { - label: 'sha256', - description: 'filter by SHA256 checksum', - }, - { label: 'size', description: 'filter by size' }, - { label: 'uname', description: 'filter by user name' }, - { label: 'uid', description: 'filter by user id' }, - ], + field: currentValue => + getProperties(this.props.agent.os.platform, 'suggestions'), value: async (currentValue, { field }) => { try { const response = await WzRequest.apiReq( From c15d8c807b6565992158e96c0565b15fd5abcce9 Mon Sep 17 00:00:00 2001 From: JuanGarriuz Date: Fri, 15 Nov 2024 15:58:43 +0100 Subject: [PATCH 2/9] Change order --- .../agents/fim/inventory/fim-data.tsx | 56 +++++++++---------- 1 file changed, 28 insertions(+), 28 deletions(-) diff --git a/plugins/main/public/components/agents/fim/inventory/fim-data.tsx b/plugins/main/public/components/agents/fim/inventory/fim-data.tsx index a645bce448..3b27bb9ec5 100644 --- a/plugins/main/public/components/agents/fim/inventory/fim-data.tsx +++ b/plugins/main/public/components/agents/fim/inventory/fim-data.tsx @@ -70,6 +70,34 @@ const dataFIM = [ details: null, suggestion: { description: 'filter by file' }, }, + { + field: 'date', + columns: { + name: ( + + Last analysis{' '} + + + ), + sortable: true, + width: '130px', + render: formatUIDate, + searchable: false, + }, + details: { + name: 'Last analysis', + grow: 2, + icon: 'clock', + link: true, + transformValue: formatUIDate, + }, + suggestion: { description: 'filter by analysis time' }, + }, { field: 'mtime', columns: { @@ -183,34 +211,6 @@ const dataFIM = [ }, suggestion: { description: 'filter by size' }, }, - { - field: 'date', - columns: { - name: ( - - Last analysis{' '} - - - ), - sortable: true, - width: '130px', - render: formatUIDate, - searchable: false, - }, - details: { - name: 'Last analysis', - grow: 2, - icon: 'clock', - link: true, - transformValue: formatUIDate, - }, - suggestion: { description: 'filter by analysis time' }, - }, { field: 'inode', columns: { From df17d2f79c87d9d38e0ee95d3401f3ed9870cd02 Mon Sep 17 00:00:00 2001 From: JuanGarriuz Date: Mon, 18 Nov 2024 12:45:39 +0100 Subject: [PATCH 3/9] Add changelog and solve registry windows --- CHANGELOG.md | 1 + .../components/agents/fim/inventory/fim-data.tsx | 12 +++++++++++- .../agents/fim/inventory/registry-table.tsx | 3 +-- 3 files changed, 13 insertions(+), 3 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index cc9b568c43..11cffb7f46 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -49,6 +49,7 @@ All notable changes to the Wazuh app project will be documented in this file. - Fixed Invalid date filter applied on FIM details flyout [#7160](https://github.com/wazuh/wazuh-dashboard-plugins/pull/7160) - Fixed the check updates UI was displayed despite it could be configured as disabled [#7156](https://github.com/wazuh/wazuh-dashboard-plugins/pull/7156) - Fixed filter by value in document details in safari [#7151](https://github.com/wazuh/wazuh-dashboard-plugins/pull/7151) +- Fixed inode not be rendered in FIM inventory view [#7163](https://github.com/wazuh/wazuh-dashboard-plugins/pull/7163) ### Removed diff --git a/plugins/main/public/components/agents/fim/inventory/fim-data.tsx b/plugins/main/public/components/agents/fim/inventory/fim-data.tsx index 3b27bb9ec5..53fea61538 100644 --- a/plugins/main/public/components/agents/fim/inventory/fim-data.tsx +++ b/plugins/main/public/components/agents/fim/inventory/fim-data.tsx @@ -69,6 +69,7 @@ const dataFIM = [ }, details: null, suggestion: { description: 'filter by file' }, + registry: true, }, { field: 'date', @@ -97,6 +98,7 @@ const dataFIM = [ transformValue: formatUIDate, }, suggestion: { description: 'filter by analysis time' }, + registry: true, }, { field: 'mtime', @@ -128,6 +130,7 @@ const dataFIM = [ suggestion: { description: 'filter by modification time', }, + registry: true, }, { field: 'uname', @@ -306,6 +309,12 @@ function getPropertiesColumnsType(items) { })); } +function getPropertiesRegistryType(items) { + return items + .filter(item => item.registry) + .map(({ field, columns }) => ({ field, ...columns })); +} + function getPropertiesSuggestionsType(items) { return items.map(({ field, suggestion }) => ({ label: field, @@ -328,11 +337,12 @@ const mappersType = { columns: getPropertiesColumnsType, suggestions: getPropertiesSuggestionsType, details: getPropertiesDetailsType, + registry: getPropertiesRegistryType, }; export function getProperties( agentInfo: string, - type: 'columns' | 'suggestions' | 'details', + type: 'columns' | 'suggestions' | 'details' | 'registry', ) { // Filter const filteredFields = filterByOS(dataFIM, agentInfo); diff --git a/plugins/main/public/components/agents/fim/inventory/registry-table.tsx b/plugins/main/public/components/agents/fim/inventory/registry-table.tsx index d905569241..9d49d2d3fc 100644 --- a/plugins/main/public/components/agents/fim/inventory/registry-table.tsx +++ b/plugins/main/public/components/agents/fim/inventory/registry-table.tsx @@ -77,8 +77,7 @@ export const RegistryTable = withRouterSearch( }; }; - const columns = getProperties(this.props.agent.os.platform, 'details'); - + const columns = getProperties(this.props.agent.os.platform, 'registry'); const APIendpoint = `/syscheck/${this.props.agent.id}?type=registry_key`; return ( From 218597f52d4c51be10c69160002c29740216a59c Mon Sep 17 00:00:00 2001 From: JuanGarriuz Date: Mon, 18 Nov 2024 13:11:50 +0100 Subject: [PATCH 4/9] Solve comments --- CHANGELOG.md | 3 +-- .../main/public/components/agents/fim/inventory/fileDetail.tsx | 1 - 2 files changed, 1 insertion(+), 3 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 11cffb7f46..ae9c95e980 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -44,12 +44,11 @@ All notable changes to the Wazuh app project will be documented in this file. - Fixed filter management to prevent hiding when adding multiple filters [#7077](https://github.com/wazuh/wazuh-dashboard-plugins/pull/7077) - Fixed the Mitre ATT&CK exception in the agent view, the redirections of ID, Tactics, Dashboard Icon and Event Icon in the drop-down menu and the card not displaying information when the flyout was opened [#7116](https://github.com/wazuh/wazuh-dashboard-plugins/pull/7116) - Fixed the filter are displayed cropped on screens of 575px to 767px in vulnerability detection module [#7047](https://github.com/wazuh/wazuh-dashboard-plugins/pull/7047) -- Fixed ability to filter from files inventory details flyout of File Integrity Monitoring [#7119](https://github.com/wazuh/wazuh-dashboard-plugins/pull/7119) +- Fixed ability to filter from files inventory details flyout of File Integrity Monitoring [#7119](https://github.com/wazuh/wazuh-dashboard-plugins/pull/7119) [#7163](https://github.com/wazuh/wazuh-dashboard-plugins/pull/7163) - Fixed endpoint group module name and indexer management order [#7150](https://github.com/wazuh/wazuh-dashboard-plugins/pull/7150) - Fixed Invalid date filter applied on FIM details flyout [#7160](https://github.com/wazuh/wazuh-dashboard-plugins/pull/7160) - Fixed the check updates UI was displayed despite it could be configured as disabled [#7156](https://github.com/wazuh/wazuh-dashboard-plugins/pull/7156) - Fixed filter by value in document details in safari [#7151](https://github.com/wazuh/wazuh-dashboard-plugins/pull/7151) -- Fixed inode not be rendered in FIM inventory view [#7163](https://github.com/wazuh/wazuh-dashboard-plugins/pull/7163) ### Removed diff --git a/plugins/main/public/components/agents/fim/inventory/fileDetail.tsx b/plugins/main/public/components/agents/fim/inventory/fileDetail.tsx index d8e452a1d7..5559499b2e 100644 --- a/plugins/main/public/components/agents/fim/inventory/fileDetail.tsx +++ b/plugins/main/public/components/agents/fim/inventory/fileDetail.tsx @@ -230,7 +230,6 @@ export class FileDetails extends Component { this.props.currentFile.type === 'registry_key' ? this.registryDetails() : getProperties(this.props.agent.os.platform, 'details'); - console.log(columns); const generalDetails = columns.map((item, idx) => { let value = this.props.currentFile[item.field] || '-'; let rawValue = value; From 1ca9f6b0a96ca2ee53a0ea705d05ac8ffac08611 Mon Sep 17 00:00:00 2001 From: JuanGarriuz Date: Mon, 18 Nov 2024 18:10:15 +0100 Subject: [PATCH 5/9] Resolve comments --- .../agents/fim/inventory/fim-data.tsx | 47 +++++++++++++++++-- 1 file changed, 43 insertions(+), 4 deletions(-) diff --git a/plugins/main/public/components/agents/fim/inventory/fim-data.tsx b/plugins/main/public/components/agents/fim/inventory/fim-data.tsx index 53fea61538..b43678c919 100644 --- a/plugins/main/public/components/agents/fim/inventory/fim-data.tsx +++ b/plugins/main/public/components/agents/fim/inventory/fim-data.tsx @@ -69,7 +69,12 @@ const dataFIM = [ }, details: null, suggestion: { description: 'filter by file' }, - registry: true, + registry: { + name: 'Registry', + sortable: true, + searchable: true, + show: true, + }, }, { field: 'date', @@ -98,7 +103,23 @@ const dataFIM = [ transformValue: formatUIDate, }, suggestion: { description: 'filter by analysis time' }, - registry: true, + registry: { + name: ( + + Last analysis{' '} + + + ), + sortable: true, + width: '100px', + render: formatUIDate, + searchable: false, + }, }, { field: 'mtime', @@ -130,7 +151,25 @@ const dataFIM = [ suggestion: { description: 'filter by modification time', }, - registry: true, + registry: { + name: ( + + Last modified{' '} + + + ), + sortable: true, + width: '250px', + className: 'wz-white-space-nowrap', + render: formatUIDate, + searchable: false, + show: true, + }, }, { field: 'uname', @@ -312,7 +351,7 @@ function getPropertiesColumnsType(items) { function getPropertiesRegistryType(items) { return items .filter(item => item.registry) - .map(({ field, columns }) => ({ field, ...columns })); + .map(({ field, registry }) => ({ field, ...registry })); } function getPropertiesSuggestionsType(items) { From 469de63132227d5477ee1ff837d5a6ffff586e54 Mon Sep 17 00:00:00 2001 From: JuanGarriuz Date: Tue, 19 Nov 2024 09:23:31 +0100 Subject: [PATCH 6/9] Add comments --- .../public/components/agents/fim/inventory/fim-data.tsx | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/plugins/main/public/components/agents/fim/inventory/fim-data.tsx b/plugins/main/public/components/agents/fim/inventory/fim-data.tsx index b43678c919..75deb5673a 100644 --- a/plugins/main/public/components/agents/fim/inventory/fim-data.tsx +++ b/plugins/main/public/components/agents/fim/inventory/fim-data.tsx @@ -57,6 +57,14 @@ function renderFileDetailsSize(value) { ); } +// dataFIM defines a configuration list for fields used in a File Integrity Monitoring (FIM) system. +// Include: +// - field: The identifier for the data field. +// - columns: Defines how the field appears into file table +// - details: Describes how the field is shown in detailed view +// - suggestions: Defines the helps to searchbar +// - registry: Defines how the field appears into windows registry table + const dataFIM = [ { field: 'file', From 18a4b33bcff7a7451b8212953ef594045591e0ea Mon Sep 17 00:00:00 2001 From: JuanGarriuz Date: Tue, 19 Nov 2024 15:43:46 +0100 Subject: [PATCH 7/9] Resolve permisions render filter --- .../agents/fim/inventory/fim-data.tsx | 80 +++++++++---------- .../agents/fim/inventory/registry-table.tsx | 2 +- 2 files changed, 39 insertions(+), 43 deletions(-) diff --git a/plugins/main/public/components/agents/fim/inventory/fim-data.tsx b/plugins/main/public/components/agents/fim/inventory/fim-data.tsx index 75deb5673a..b3b83b63fb 100644 --- a/plugins/main/public/components/agents/fim/inventory/fim-data.tsx +++ b/plugins/main/public/components/agents/fim/inventory/fim-data.tsx @@ -10,34 +10,38 @@ import { } from '@elastic/eui'; function renderFileDetailsPermissions(value) { - return ( - -

- Permissions - - - - - -

- - } - > - - {JSON.stringify(value, null, 2)} - - - ); + // Permisions in object form will get rendered in a EuiAccordion + if (typeof value !== 'string') { + return ( + +

+ Permissions + + + + + +

+ + } + > + + {JSON.stringify(value, null, 2)} + + + ); + } + return value; } function renderFileDetailsSize(value) { @@ -78,6 +82,7 @@ const dataFIM = [ details: null, suggestion: { description: 'filter by file' }, registry: { + width: '250px', name: 'Registry', sortable: true, searchable: true, @@ -202,7 +207,7 @@ const dataFIM = [ searchable: true, show: true, }, - details: { field: 'uid', name: 'User ID', icon: 'user', link: true }, + details: { name: 'User ID', icon: 'user', link: true }, suggestion: { description: 'filter by user name' }, }, { @@ -216,12 +221,11 @@ const dataFIM = [ show: true, }, details: { - field: 'gname', name: 'Group', icon: 'usersRolesApp', - onlyLinux: true, link: true, }, + onlyLinux: true, suggestion: { description: 'filter by group name' }, }, { @@ -235,12 +239,11 @@ const dataFIM = [ show: true, }, details: { - field: 'gid', name: 'Group ID', - onlyLinux: true, icon: 'usersRolesApp', link: true, }, + onlyLinux: true, suggestion: { description: 'filter by group id' }, }, { @@ -253,7 +256,6 @@ const dataFIM = [ show: true, }, details: { - field: 'size', name: 'Size', icon: 'nested', link: true, @@ -270,12 +272,11 @@ const dataFIM = [ sortable: true, }, details: { - field: 'inode', name: 'Inode', icon: 'link', - onlyLinux: true, link: true, }, + onlyLinux: true, suggestion: { description: 'filter by Inode checksum' }, }, { @@ -286,7 +287,6 @@ const dataFIM = [ sortable: true, }, details: { - field: 'md5', name: 'MD5', checksum: true, icon: 'check', @@ -302,7 +302,6 @@ const dataFIM = [ sortable: true, }, details: { - field: 'sha1', name: 'SHA1', checksum: true, icon: 'check', @@ -318,7 +317,6 @@ const dataFIM = [ sortable: true, }, details: { - field: 'sha256', name: 'SHA256', checksum: true, icon: 'check', @@ -341,9 +339,7 @@ const dataFIM = [ // Checks that OS is not windows function filterByOS(items, agentInfo: string) { - return items.filter( - item => item.details?.onlyLinux !== (agentInfo === 'windows'), - ); + return items.filter(item => item.onlyLinux !== (agentInfo === 'windows')); } function getPropertiesColumnsType(items) { diff --git a/plugins/main/public/components/agents/fim/inventory/registry-table.tsx b/plugins/main/public/components/agents/fim/inventory/registry-table.tsx index 9d49d2d3fc..f98162a71a 100644 --- a/plugins/main/public/components/agents/fim/inventory/registry-table.tsx +++ b/plugins/main/public/components/agents/fim/inventory/registry-table.tsx @@ -77,7 +77,7 @@ export const RegistryTable = withRouterSearch( }; }; - const columns = getProperties(this.props.agent.os.platform, 'registry'); + const columns = getProperties(this.props.agent.os?.platform, 'registry'); const APIendpoint = `/syscheck/${this.props.agent.id}?type=registry_key`; return ( From b559b2bee3ce01a49417cb7494dea5e5b0edc9c0 Mon Sep 17 00:00:00 2001 From: JuanGarriuz Date: Tue, 19 Nov 2024 15:47:33 +0100 Subject: [PATCH 8/9] Order suggestions alphabetically --- .../components/agents/fim/inventory/fim-data.tsx | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/plugins/main/public/components/agents/fim/inventory/fim-data.tsx b/plugins/main/public/components/agents/fim/inventory/fim-data.tsx index b3b83b63fb..bc67f6bca7 100644 --- a/plugins/main/public/components/agents/fim/inventory/fim-data.tsx +++ b/plugins/main/public/components/agents/fim/inventory/fim-data.tsx @@ -359,10 +359,13 @@ function getPropertiesRegistryType(items) { } function getPropertiesSuggestionsType(items) { - return items.map(({ field, suggestion }) => ({ - label: field, - ...suggestion, - })); + return items + .filter(({ suggestion }) => suggestion) + .map(({ field, suggestion }) => ({ + label: field, + ...suggestion, + })) + .sort((a, b) => a.label.localeCompare(b.label)); } function getPropertiesDetailsType(items) { From 8ccd6a517e70f604a565240624da933da9428257 Mon Sep 17 00:00:00 2001 From: JuanGarriuz Date: Wed, 20 Nov 2024 11:48:54 +0100 Subject: [PATCH 9/9] Added optional chaining operator to agents.os.platform access --- .../public/components/agents/fim/inventory/fileDetail.tsx | 2 +- .../public/components/agents/fim/inventory/fim-data.tsx | 4 ++-- .../components/agents/fim/inventory/registry-table.tsx | 2 +- .../main/public/components/agents/fim/inventory/table.tsx | 7 +++++-- 4 files changed, 9 insertions(+), 6 deletions(-) diff --git a/plugins/main/public/components/agents/fim/inventory/fileDetail.tsx b/plugins/main/public/components/agents/fim/inventory/fileDetail.tsx index 5559499b2e..b41738f3c6 100644 --- a/plugins/main/public/components/agents/fim/inventory/fileDetail.tsx +++ b/plugins/main/public/components/agents/fim/inventory/fileDetail.tsx @@ -229,7 +229,7 @@ export class FileDetails extends Component { this.props.type === 'registry_key' || this.props.currentFile.type === 'registry_key' ? this.registryDetails() - : getProperties(this.props.agent.os.platform, 'details'); + : getProperties(this.props.agent?.os?.platform, 'details'); const generalDetails = columns.map((item, idx) => { let value = this.props.currentFile[item.field] || '-'; let rawValue = value; diff --git a/plugins/main/public/components/agents/fim/inventory/fim-data.tsx b/plugins/main/public/components/agents/fim/inventory/fim-data.tsx index bc67f6bca7..b423407258 100644 --- a/plugins/main/public/components/agents/fim/inventory/fim-data.tsx +++ b/plugins/main/public/components/agents/fim/inventory/fim-data.tsx @@ -10,8 +10,8 @@ import { } from '@elastic/eui'; function renderFileDetailsPermissions(value) { - // Permisions in object form will get rendered in a EuiAccordion - if (typeof value !== 'string') { + // Permisions in string form will get rendered in a EuiAccordion + if (typeof value === 'object') { return ( - getProperties(this.props.agent.os.platform, 'suggestions'), + getProperties( + this.props.agent?.os?.platform, + 'suggestions', + ), value: async (currentValue, { field }) => { try { const response = await WzRequest.apiReq(