wazuh-dashboard-plugins icon indicating copy to clipboard operation
wazuh-dashboard-plugins copied to clipboard

Published 20 hours ago verified publisher icon wazuh

Refactor Inventory and, FIM dashboards

Open asteriscos opened this issue 1 year ago • 2 comments

Description

We need to replace the Inventory, File Integrity Monitoring, and Security Configuration Assessment dashboards which are part of the global queries objective.

The refactoring of the Vulnerability detector dashboard was the first step toward the global indexer queries goal, thus we want to use the same strategies to refactor SCA, FIM, and Inventory. This will allow us to design new use cases and enhance the existing ones.

Functional requirements

  • The user must be able to search and use all the current features in each of the apps.

Non-functional requirements

  • None of the current features should be lost.
  • The FIM and SCA apps must have Dashboard, Inventory, and Events tabs.
  • The endpoint Inventory app must only have a Dashboard and Inventory tab.
  • We should validate during the health-check process that each index pattern exists.

Implementation restrictions

  • Avoid using AngularJS.
  • We must re-use the same components developed in the Vulnerabilities detector app.

Plan

  • [ ] Analyse current dashboards and present a design proposal for each one
  • [ ] Refactor File Integrity Monitoring
    • [ ] Create FIM visualizations
    • [ ] #6178
    • [x] Refactor FIM inventory tab
    • [x] Refactor FIM events tab
  • [ ] Refactor Endpoint Inventory
    • [ ] Create Endpoint Inventory visualizations
    • [ ] Create Endpoint Inventory dashboard
    • [ ] Create Endpoint Inventory dashboard tab
    • [ ] Create Endpoint Inventory inventory tab
  • [ ] Refactor Security Configuration Assessment

asteriscos avatar Nov 16 '23 12:11 asteriscos

We started by analysing the current dashboards to see what we want to keep in what we currently offer and what we want to add or change, and based on that, present a design proposal.

Current File integrity monitoring dashboard without pinned agent

image

Current File integrity monitoring dashboard with pinned agent

image

Current SCA dashboard image

Current Inventory Data dashboard image

chantal-kelm avatar Nov 22 '23 11:11 chantal-kelm

Working on the proposed design of the File integrity monitoring dashboard, 3 proposals for improvement were identified, which are:

  • Add 3 metrics at the top of the dashboard, which can provide a quick overview of the facts and figures. These metrics will show the amount of deleted, added and modified files.

  • Maintain visual consistency and choose the type of graph that best represents the data to be displayed.

  • Define what data is most relevant to show.

Proposal for FIM dashboard with pinned agent:

  • The 3 metrics were added.

  • Changed some chart types

  • Removed the graph called actions as the same information is shown in more detail, one part in the events graph and the other part in the metrics.

image

Proposal for FIM dashboard without pinned agent:

  • The 3 metrics were added.

  • Removed the graph called actions as the same information is shown in more detail, one part in the alerts by action over time graph and the other part in the metrics.

image image

chantal-kelm avatar Nov 27 '23 18:11 chantal-kelm

Update

This Objective has been postponed for a future release.

asteriscos avatar Apr 29 '24 09:04 asteriscos