wazuh-dashboard-plugins icon indicating copy to clipboard operation
wazuh-dashboard-plugins copied to clipboard

Published 20 hours ago verified publisher icon wazuh

Refactor FIM dashboard

Open chantal-kelm opened this issue 1 year ago • 2 comments

Description

We want to refactor the FIM dashboard by removing all traces of angular, and implementing a new way of displaying dashboards using embeddable, which for the time being we only use in the new vulnerability dashboard.

Tasks

The steps that have to be complete to close the issue.

  • [ ] Researching the FIM module
  • [ ] Analysing, learning about and becoming familiar with embeddables
  • [x] Implement logic with embeddables for the FIM dashboard
  • [ ] Apply logic to display the corresponding dashboard taking into account whether or not the user has a pinned agent
  • [x] #6210
  • [ ] Analysing components to be adapted to be reusable for use in FIM
  • [ ] #6325

Additional information

Add here any additional information relevant to the issue or that will help to close it: chunks of code, logs, additional error messages, related issues and so on.

chantal-kelm avatar Nov 29 '23 17:11 chantal-kelm

I am currently investigating the FIM module as agreed during the sync with @gdiazlo and @asteriscos in order to find out its use cases and improve its dashboards.

chantal-kelm avatar Dec 22 '23 15:12 chantal-kelm

Use cases

The Wazuh FIM module monitors directories to detect file changes, additions and deletions. This module is useful for monitoring important files on endpoints. You can use the FIM module for several purposes such as change management processes, regulatory compliance, and detecting cyberattacks. Below are examples of some use cases of the Wazuh FIM module.

Detecting malware persistence technique Detecting account manipulation Monitoring files at specific intervals Reporting file changes Monitoring configuration changes

How to best use existing use cases to create user-friendly dashboards?

  • Based on what I read in the documentation https://documentation.wazuh.com/current/user-manual/capabilities/file-integrity/index.html where it mentions that one of the capabilities of the FIM module is to be able to know which user modified a certain file, which we can activate with the who-data https://documentation.wazuh.com/current/user-manual/capabilities/file-integrity/advanced-settings.html#who-data-monitoring, I think it would be useful to show this in a table in the Dashboard.

Research is ongoing

chantal-kelm avatar Dec 22 '23 17:12 chantal-kelm

This change has been postponed.

asteriscos avatar Apr 25 '24 12:04 asteriscos