Remove references to wazuh.yml file and adapt to the new configuration system

source/deployment-options/amazon-machine-images/amazon-machine-images.rst

@@ -94,10 +94,7 @@ All components included in this AMI are configured to work out-of-the-box withou
 - Wazuh manager: ``/var/ossec/etc/ossec.conf``
 - Wazuh indexer: ``/etc/wazuh-indexer/opensearch.yml``
 - Filebeat-OSS: ``/etc/filebeat/filebeat.yml``
-- Wazuh dashboard:
-
-    - ``/etc/wazuh-dashboard/opensearch_dashboards.yml``
-    - ``/usr/share/wazuh-dashboard/data/wazuh/config/wazuh.yml``
+- Wazuh dashboard: ``/etc/wazuh-dashboard/opensearch_dashboards.yml``
 
 To learn more about configuring Wazuh, see the :doc:`User manual </user-manual/index>`.
 

source/deployment-options/offline-installation/step-by-step.rst

@@ -377,19 +377,6 @@ Installing the Wazuh dashboard
 
     .. include:: /_templates/installations/dashboard/enable_dashboard.rst
 
-#. **Only for distributed deployments**:  Edit the file ``/usr/share/wazuh-dashboard/data/wazuh/config/wazuh.yml`` and replace the ``url`` value with the IP address or hostname of the Wazuh server master node.
-
-            .. code-block:: yaml
-               :emphasize-lines: 3
-
-               hosts:
-                 - default:
-                     url: https://localhost
-                     port: 55000
-                     username: wazuh-wui
-                     password: wazuh-wui
-                     run_as: false
-
 #.  Run the following command to verify the Wazuh dashboard service is active.
 
     .. include:: /_templates/installations/wazuh/common/check_wazuh_dashboard.rst    
@@ -400,7 +387,22 @@ Installing the Wazuh dashboard
     -   **Username**: admin
     -   **Password**: admin
 
-Upon the first access to the Wazuh dashboard, the browser shows a warning message stating that the certificate was not issued by a trusted authority. An exception can be added in the advanced options of the web browser or, for increased security, the ``root-ca.pem`` file previously generated can be imported to the certificate manager of the browser. Alternatively, a certificate from a trusted authority can be configured.
+    .. note::
+       :class: not-long
+
+       Upon the first access to the Wazuh dashboard, the browser shows a warning message stating that the certificate was not issued by a trusted authority. An exception can be added in the advanced options of the web browser or, for increased security, the ``root-ca.pem`` file previously generated can be imported to the certificate manager of the browser. Alternatively, a certificate from a trusted authority can be configured.
+
+#.  Go to **Dashboard management** > **Server APIs** to add a new server API connection. Click on **Add API connection** button and fill the form with the following values.
+
+   .. image:: /images/wazuh-dashboard/api-connections/wazuh-dashboard-add-api-connection.jpg
+      :align: center
+
+    - **ID**: ``default``
+    - **URL**: IP address or hostname of the Wazuh server master node
+    - **Port**: ``55000``
+    - **Username**: ``wazuh-wui``
+    - **Password**: ``wazuh-wui``
+    - **Run as**: ``false``
 
 Securing your Wazuh installation
 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
@@ -518,23 +520,15 @@ Select your deployment type and follow the instructions to change the default pa
 
             # echo <kibanaserver-password> | /usr/share/wazuh-dashboard/bin/opensearch-dashboards-keystore --allow-root add -f --stdin opensearch.password
 
-      #. Update the ``/usr/share/wazuh-dashboard/data/wazuh/config/wazuh.yml`` configuration file with the new `wazuh-wui` password generated in the second step.
-
-         .. code-block:: yaml
-            :emphasize-lines: 6
-
-            hosts:
-              - default:
-                  url: https://localhost
-                  port: 55000
-                  username: wazuh-wui
-                  password: "<wazuh-wui-password>"
-                  run_as: false
-
       #. Restart the Wazuh dashboard to apply the changes.
 
          .. include:: /_templates/common/restart_dashboard.rst
 
+      #. On the Wazuh dashboard, go to **Dashboard management** > **Server APIs** to update the API host password. Click on the edit button of the secured server API entry and replace the **Password** field. Then click on the **Apply** button to save.
+
+         .. image:: /images/wazuh-dashboard/api-connections/wazuh-dashboard-edit-api-connection.jpg
+            :align: center
+
 
 Next steps
 ^^^^^^^^^^

source/deployment-options/virtual-machine/virtual-machine.rst

@@ -107,11 +107,7 @@ All components included in this virtual image are configured to work out-of-the-
 
   - Filebeat-OSS: ``/etc/filebeat/filebeat.yml``
 
-  - Wazuh dashboard: 
-
-     - ``/etc/wazuh-dashboard/opensearch_dashboards.yml``
-
-     - ``/usr/share/wazuh-dashboard/data/wazuh/config/wazuh.yml``
+  - Wazuh dashboard: ``/etc/wazuh-dashboard/opensearch_dashboards.yml``
 
 VirtualBox time configuration
 -----------------------------

source/installation-guide/wazuh-dashboard/step-by-step.rst

@@ -98,31 +98,30 @@ Starting the Wazuh dashboard service
 
       .. include:: /_templates/installations/dashboard/enable_dashboard.rst
 
-
-      **Only for distributed deployments**  
-
-          Edit the ``/usr/share/wazuh-dashboard/data/wazuh/config/wazuh.yml`` file and replace the ``url`` value with the IP address or hostname of the Wazuh server master node.
-
-            .. code-block:: yaml
-               :emphasize-lines: 3
-
-               hosts:
-                 - default:
-                     url: https://localhost
-                     port: 55000
-                     username: wazuh-wui
-                     password: wazuh-wui
-                     run_as: false
-
 
   #. Access the Wazuh web interface with your credentials.
 
       - URL: *https://<wazuh-dashboard-ip>*
       - **Username**: *admin*
       - **Password**: *admin*
 
-    When you access the Wazuh dashboard for the first time, the browser shows a warning message stating that the certificate was not issued by a trusted authority. An exception can be added in the advanced options of the web browser. For increased security, the ``root-ca.pem``  file previously generated can be imported to the certificate manager of the browser. Alternatively, a certificate from a trusted authority can be configured. 
+     .. note::
+        :class: not-long
+
+
+        When you access the Wazuh dashboard for the first time, the browser shows a warning message stating that the certificate was not issued by a trusted authority. An exception can be added in the advanced options of the web browser. For increased security, the ``root-ca.pem``  file previously generated can be imported to the certificate manager of the browser. Alternatively, a certificate from a trusted authority can be configured. 
+
+  #.  Go to **Dashboard management** > **Server APIs** to add a new server API connection. Click on **Add API connection** button and fill the form with the following values.
+
+      .. image:: /images/wazuh-dashboard/api-connections/wazuh-dashboard-add-api-connection.jpg
+         :align: center
 
+      - **ID**: ``default``
+      - **URL**: IP address or hostname of the Wazuh server master node
+      - **Port**: ``55000``
+      - **Username**: ``wazuh-wui``
+      - **Password**: ``wazuh-wui``
+      - **Run as**: ``false``
 
 Securing your Wazuh installation
 --------------------------------
@@ -209,23 +208,14 @@ Select your deployment type and follow the instructions to change the default pa
 
             # echo <kibanaserver-password> | /usr/share/wazuh-dashboard/bin/opensearch-dashboards-keystore --allow-root add -f --stdin opensearch.password
 
-      #. Update the ``/usr/share/wazuh-dashboard/data/wazuh/config/wazuh.yml`` configuration file with the new `wazuh-wui` password generated in the second step.
-
-         .. code-block:: yaml
-            :emphasize-lines: 6
-
-            hosts:
-              - default:
-                  url: https://localhost
-                  port: 55000
-                  username: wazuh-wui
-                  password: "<wazuh-wui-password>"
-                  run_as: false
-
       #. Restart the Wazuh dashboard to apply the changes.
 
          .. include:: /_templates/common/restart_dashboard.rst
 
+      #. On Wazuh dashboard, go to **Dashboard management** > **Server APIs** to update the API host password. Click on the edit button of the secured server API entry and replace the **Password** field. Then, click on the **Apply** button to save.
+
+         .. image:: /images/wazuh-dashboard/api-connections/wazuh-dashboard-edit-api-connection.jpg
+            :align: center
 
 Next steps
 ----------

source/user-manual/api/securing-api.rst

@@ -54,7 +54,8 @@ Recommended changes to secure the Wazuh API
     After changing the password, there is no need to restart the Wazuh API but a new :api-ref:`authentication <operation/api.controllers.security_controller.login_user>` will be required for the affected users.
 
     .. warning::
-      Changing the **wazuh-wui** user password will affect the Wazuh UI. You will have to update the ``/usr/share/wazuh-dashboard/data/wazuh/config/wazuh.yml`` configuration file accordingly with the new credentials. To learn more, see the :doc:`Wazuh dashboard configuration file </user-manual/wazuh-dashboard/config-file>` document.
+
+       Changing the ``wazuh-wui`` user password affects the Wazuh UI. You need to update the API host entry with the new credentials accordingly. To learn more, see the :doc:`Wazuh dashboard API host configuration </user-manual/wazuh-dashboard/config-file>` section.
 
 #. Change the default host and port:
 

source/user-manual/files-backup/creating/wazuh-central-components.rst

@@ -115,8 +115,7 @@ Backing up the Wazuh indexer and dashboard
       # rsync -aREz \
       /etc/wazuh-dashboard/certs/ \
       /etc/wazuh-dashboard/opensearch_dashboards.yml \
-      /usr/share/wazuh-dashboard/config/opensearch_dashboards.keystore \
-      /usr/share/wazuh-dashboard/data/wazuh/config/wazuh.yml $bkp_folder
+      /usr/share/wazuh-dashboard/config/opensearch_dashboards.keystore $bkp_folder
 
 #. If present, back up your downloads and custom images.
 

source/user-manual/user-administration/ldap.rst

@@ -233,20 +233,10 @@ Follow these steps to create a new role mapping and grant administrator permissi
       Done with success
       SUCC: Expected 1 config types for node {"updated_config_types":["rolesmapping"],"updated_config_size":1,"message":null} is 1 (["rolesmapping"]) due to: null
 
-#. Check the value of ``run_as`` in the ``/usr/share/wazuh-dashboard/data/wazuh/config/wazuh.yml`` configuration file. If ``run_as`` is set to ``false``, proceed to the next step.
+#. Check the value of **Run as** in the API host entry configuration on **Dashboard management** > **Server APIs**. If **Run as** is set to ``false``, proceed to the next step. If **Run as** is set to ``true``, you need to add a role mapping on the Wazuh dashboard. To map the backend role to Wazuh, follow these steps:
 
-   .. code-block:: yaml
-      :emphasize-lines: 7
-
-      hosts:
-        - default:
-            url: https://localhost
-            port: 55000
-            username: wazuh-wui
-            password: "<wazuh-wui-password>"
-            run_as: false
-
-   If ``run_as`` is set to ``true``, you need to add a role mapping on the Wazuh dashboard. To map the backend role to Wazuh, follow these steps:
+   .. image:: /images/wazuh-dashboard/api-connections/wazuh-dashboard-check-api-connection-run-as.jpg
+      :align: center
 
    #. Click **☰** to open the menu on the Wazuh dashboard, go to **Server management** > **Security**, and then **Roles mapping** to open the page.
 
@@ -299,20 +289,10 @@ Setup read-only role
    #. Select the **Mapped users** tab and click **Manage mapping**.
    #. Under **Backend roles**, assign the name of the read-only role you have in your LDAP server and click on  **Map** to confirm the action. In our case, the backend role (CN) is ``readonly``.
 
-#. Check the value of ``run_as`` in the ``/usr/share/wazuh-dashboard/data/wazuh/config/wazuh.yml`` configuration file. If ``run_as`` is set to ``false``, proceed to the next step.
-
-   .. code-block:: yaml
-      :emphasize-lines: 7
-
-      hosts:
-        - default:
-            url: https://localhost
-            port: 55000
-            username: wazuh-wui
-            password: "<wazuh-wui-password>"
-            run_as: false
-
-   If ``run_as`` is set to ``true``, you need to add a role mapping on the Wazuh dashboard. To map the backend role to Wazuh, follow these steps:
+#. Check the value of **Run as** in the API host entry configuration on **Dashboard management** > **Server APIs**. If **Run as** is disabled, proceed to the next step. If **Run as** is enabled, you need to add a role mapping on the Wazuh dashboard. To map the backend role to Wazuh, follow these steps:
+
+   .. image:: /images/wazuh-dashboard/api-connections/wazuh-dashboard-check-api-connection-run-as.jpg
+      :align: center
 
    #. Click the upper-left menu icon **☰** to open the menu on the Wazuh dashboard, go to **Server management** > **Security**, and then **Roles mapping** to open the page.
 

source/user-manual/user-administration/password-management.rst

@@ -233,19 +233,11 @@ Follow the instructions below to change the passwords for all the Wazuh indexer
 
       # echo <kibanaserver-password> | /usr/share/wazuh-dashboard/bin/opensearch-dashboards-keystore --allow-root add -f --stdin opensearch.password
 
-#. Update the ``/usr/share/wazuh-dashboard/data/wazuh/config/wazuh.yml`` configuration file with the new `wazuh-wui` password generated in the second step.
-
-   .. code-block:: yaml
-      :emphasize-lines: 6
+#. Restart the Wazuh dashboard to apply the changes.
 
-      hosts:
-        - default:
-            url: https://localhost
-            port: 55000
-            username: wazuh-wui
-            password: "<wazuh-wui-password>"
-            run_as: false
+   .. include:: /_templates/common/restart_dashboard.rst
 
-#. Restart the Wazuh dashboard to apply the changes.
+#. Go to **Dashboard management** > **Server APIs** to update the password of the API host entry with the new `wazuh-wui` password generated in the second step. Click on the edit button of the related API host. Change the **Password** and then click on **Apply** to save the changes.
 
-   .. include:: /_templates/common/restart_dashboard.rst
+   .. image:: /images/wazuh-dashboard/api-connections/wazuh-dashboard-edit-api-connection.jpg
+      :align: center

source/user-manual/user-administration/rbac.rst

@@ -69,7 +69,10 @@ Follow these steps to create an internal user, create a new role mapping, and gi
 
    #. Click **Save role mapping** to save and map the user with Wazuh as *administrator*. 
 
-   For the role mapping to take effect, make sure that ``run_as`` is set to ``true`` in the ``/usr/share/wazuh-dashboard/data/wazuh/config/wazuh.yml`` configuration file. Restart the Wazuh dashboard service and clear your browser cache and cookies.
+   For the role mapping to take effect, make sure that **Run as** is set to ``true`` in the API host entry configuration on **Dashboard management** > **Server APIs**. Restart the Wazuh dashboard service and clear your browser cache and cookies.
+
+      .. image:: /images/wazuh-dashboard/api-connections/wazuh-dashboard-check-api-connection-run-as-is-enabled.jpg
+         :align: center
 
 Creating and setting a Wazuh read-only user
 -------------------------------------------
@@ -126,8 +129,10 @@ Follow these steps to create an internal user, create a new role mapping, and gi
 
    #. Click **Save role mapping** to save and map the user with Wazuh as *read-only*. 
 
-   For the role mapping to take effect, make sure that ``run_as`` is set to ``true`` in the ``/usr/share/wazuh-dashboard/data/wazuh/config/wazuh.yml`` configuration file. Restart the Wazuh dashboard service and clear your browser cache and cookies.
+   For the role mapping to take effect, make sure that **Run as** is set to ``true`` in the API host entry configuration on **Dashboard management** > **Server APIs**. Restart the Wazuh dashboard service and clear your browser cache and cookies.
 
+      .. image:: /images/wazuh-dashboard/api-connections/wazuh-dashboard-check-api-connection-run-as-is-enabled.jpg
+         :align: center
 
 Creating an internal user and mapping it to Wazuh
 -------------------------------------------------
@@ -172,8 +177,10 @@ Follow these steps to create an internal user and map it to a role of your choic
 
    #. Click **Save role mapping** to save and map the user with Wazuh.
 
-   For the role mapping to take effect, make sure that ``run_as`` is set to ``true`` in the ``/usr/share/wazuh-dashboard/data/wazuh/config/wazuh.yml`` configuration file. Restart the Wazuh dashboard service and clear your browser cache and cookies.
+   For the role mapping to take effect, make sure that **Run as** is set to ``true`` in the API host entry configuration on **Dashboard management** > **Server APIs**. Restart the Wazuh dashboard service and clear your browser cache and cookies.
 
+      .. image:: /images/wazuh-dashboard/api-connections/wazuh-dashboard-check-api-connection-run-as-is-enabled.jpg
+         :align: center
 
 .. _wazuh-rbac-use-case-agents-group:
 
@@ -345,7 +352,10 @@ To map the user with Wazuh, follow these steps:
 
 #. Click **Save role mapping** to finish the action. 
 
-  For the role mapping to take effect, make sure that ``run_as`` is set to ``true`` in the ``/usr/share/wazuh-dashboard/data/wazuh/config/wazuh.yml`` configuration file. Restart the Wazuh dashboard service and clear your browser cache and cookies.
+   For the role mapping to take effect, make sure that **Run as** is set to ``true`` in the API host entry configuration on **Dashboard management** > **Server APIs**. Restart the Wazuh dashboard service and clear your browser cache and cookies.
+
+      .. image:: /images/wazuh-dashboard/api-connections/wazuh-dashboard-check-api-connection-run-as-is-enabled.jpg
+         :align: center
 
 You have now created a new internal user and mapped it to manage a Wazuh agents' group. Authenticate with the new user and open the Wazuh dashboard, see that only ``Team_A`` agents' alerts and information are displayed.  
 

source/user-manual/user-administration/single-sign-on/administrator/google.rst

@@ -243,21 +243,11 @@ Edit the Wazuh indexer security configuration files. We recommend that you back
 Wazuh dashboard configuration
 -----------------------------
 
-#. Check the value of ``run_as`` in the ``/usr/share/wazuh-dashboard/data/wazuh/config/wazuh.yml`` configuration file. If ``run_as`` is set to ``false``, proceed to the next step.
-
-   .. code-block:: yaml
-      :emphasize-lines: 7
-
-      hosts:
-        - default:
-            url: https://localhost
-            port: 55000
-            username: wazuh-wui
-            password: "<wazuh-wui-password>"
-            run_as: false
-
-   If ``run_as`` is set to ``true``, you need to add a role mapping on the Wazuh dashboard. To map the backend role to Wazuh, follow these steps:
+#. Check the value of **Run as** in the API host entry configuration on **Dashboard management** > **Server APIs**. If **Run as** is set to ``false``, proceed to the next step. If **Run as** is set to ``true``, you need to add a role mapping on the Wazuh dashboard. To map the backend role to Wazuh, follow these steps:
 
+   .. image:: /images/wazuh-dashboard/api-connections/wazuh-dashboard-check-api-connection-run-as.jpg
+      :align: center
+
    #. Click **☰** to open the menu on the Wazuh dashboard, go to **Server management** > **Security**, and then **Roles mapping** to open the page.
 
       .. thumbnail:: /images/single-sign-on/Wazuh-role-mapping.gif