wazuh-dashboard-plugins icon indicating copy to clipboard operation
wazuh-dashboard-plugins copied to clipboard

Published 20 hours ago verified publisher icon wazuh

Alert Trigger Channel is not loading MS Teams as optional recipients

Open d9-Mark opened this issue 1 year ago • 10 comments

Wazuh Rev Browser
Latest 4.8.0 Firefox, Chrome, untested on others.

Description On OpenSearch, I am able to flawlessly create a new channel, add my MS Teams webhook, return to alerting, setup a monitor with an action on a trigger and for the channel to send the POST to, I can select my MS Teams webhook. I am unable to select the proper chanel on the latest version of Wazuh. Previous versions I have installed on other stacks don't even have the option for MS teams webhooks yet.

Preconditions

  1. Alerts index
  2. Monitor
  3. Trigger
  4. Action <-- Won't show all possible channels

Steps to reproduce

  1. Navigate to the 'Explore' drop down option from the hamburger menu
  2. Click on 'Create Monitor'
  3. Fill out monitor details here, name is a requirement for sure to even test. My Setup:
Per query monitor
Extraction Query Editor
  1. Add Trigger -- This is where I get "Failed to load Destinations" as a toast alert.
  2. Add Action
  3. Channels -> Manage Channels if you need to create an MS Teams webhook channel. See my Screenshot for this. This webhook is described as active by the dashboard and the test message to my endpoint is working, I just cannot select this channel in my alert trigger's actions.

Expected Result

  1. See all possible channels for alert POST to go to

Actual Result

  1. Seeing only email/custom webhooks.

Screenshots image image image

Additional context Anything else I might be able to provide to help you help me, please let me know. I've been searching all over for this issue and can't find much on it, so it might be an oversight on my end. Thanks for reading!

d9-Mark avatar Jun 19 '24 18:06 d9-Mark

I'm having the same issue

abacao avatar Jun 24 '24 11:06 abacao

Same issue as well, hope for a fix asap. Even if it modifying through JSON.

RisPNG avatar Jun 27 '24 10:06 RisPNG

Same Problem here....

RamonHH avatar Jun 28 '24 13:06 RamonHH

No support for this issue? Anyone got a solution?

RisPNG avatar Jul 03 '24 05:07 RisPNG

No support for this issue? Anyone got a solution?

I've used a very similar setup to the person who helped me on my Reddit thread here. It's not the exact solution we're looking for, nor is it as easy but this works for now, at least for me and my team. Still anxious to see if there is a planned deployment for the fix. https://www.reddit.com/r/Wazuh/comments/1divds2/comment/l977ztv/?context=3

This is the original link to the 'custom integrations.' https://wazuh.com/blog/how-to-integrate-external-software-using-integrator/

d9-Mark avatar Jul 03 '24 12:07 d9-Mark

Same problem. I have a channel created but I can't use it :-(

2024-07-08_09h49_17 2024-07-08_09h49_02

alopezme avatar Jul 08 '24 07:07 alopezme

I am facing the same problem. Still no solution?

roishub avatar Aug 06 '24 11:08 roishub

Hi, I could replicate the problem using the Wazuh dashboard 4.8.1 (based on OpenSearch Dashboards 2.10.0).

I was researching and it seems that there is a bug on the Alerting application for Wazuh dashboard 4.8.x (that is based on OpenSearch Dashboards 2.10.0). Reviewing the release notes of recent versions of the alerting plugin for OpenSearch Dashboards, I found a related change for 2.11.0 that could fix the problem:

  • Release notes: https://github.com/opensearch-project/alerting-dashboards-plugin/blob/2.11.0.0/release-notes/opensearch-alerting-dashboards-plugin.release-notes-2.11.0.0.md
  • Pull request solves the problem: https://github.com/opensearch-project/alerting-dashboards-plugin/pull/743

Using an OpenSearch Dashboards 2.11.0, I could select the Microsoft Teams channel for the monitor: image image

So, in theory, the problem should be fixed for the Wazuh dashboard is based on OpenSearch Dashboards whose version is later to 2.10.0. At the current moment, the unreleased Wazuh dashboard 4.9.0 will be based on OpenSearch Dashboards 2.13.0, so the fix should be included for this version.

Desvelao avatar Aug 14 '24 07:08 Desvelao

Hi Antonio, sorry for the late reply. So what should I do now? I can't wait for wazuh to get updated to 4.9.0. Is there something else I can do, like getting wazuh to use opensearch dashboard 2.11.0?

On Wed, 14 Aug 2024 at 13:19, Antonio @.***> wrote:

Hi, I could replicate the problem using the Wazuh dashboard 4.8.1 (based on OpenSearch Dashboards 2.10.0).

I was researching and it seems that there is a bug on the Alerting application for Wazuh dashboard 4.8.x (that is based on OpenSearch Dashboards 2.10.0). Reviewing the release notes of recent versions of the alerting plugin for OpenSearch Dashboards, I found a related change for 2.11.0 that could fix the problem:

Using an OpenSearch Dashboards 2.11.0, I could select the Microsoft Teams channel for the monitor: image.png (view on web) https://github.com/user-attachments/assets/73760d26-610c-4357-9fd0-c90e59dd6885 image.png (view on web) https://github.com/user-attachments/assets/1544265f-9a55-49da-96ba-1cfe5020dc1c

So, in theory, the problem should be fixed for the Wazuh dashboard is based on OpenSearch Dashboards whose version is later to 2.10.0. At the current moment, the unreleased Wazuh dashboard 4.9.0 will be based on OpenSearch Dashboards 2.13.0, so the fix should be included for this version.

— Reply to this email directly, view it on GitHub https://github.com/wazuh/wazuh-dashboard-plugins/issues/6783#issuecomment-2288076761, or unsubscribe https://github.com/notifications/unsubscribe-auth/A7G2B5FVLV6CC2NOC6W6I3LZRMDYXAVCNFSM6AAAAABJSQVXVGVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDEOBYGA3TMNZWGE . You are receiving this because you commented.Message ID: @.***>

roishub avatar Aug 22 '24 13:08 roishub

Is there something else I can do, like getting wazuh to use opensearch dashboard 2.11.0?

@roishub , I do not know if there is an user-friendly solution for this problem.

If you can not wait to a release of Wazuh dashboard that contains the fix, I guess some solutions could be:

  • Build a Wazuh dashboard based on a version of OpenSearch Dashboards (e.g. 2.11.0) that contains the fix.
  • Patch the current Alerting plugin with a fix on the installed Wazuh dashboard.
  • Replace the built-in Alerting plugin that contains the bug for a build (with some adaptations) of the plugin for OpenSearch Dashboards 2.11.0.

Note the mentioned approaches require development knowledge and are not user friendly. You could experience multiple problems, incompatibilities, etc...

My recommendation is to wait for the Wazuh dashboard 4.9.0.

Desvelao avatar Aug 23 '24 14:08 Desvelao

I can confirm it is working with 4.9.0. Teams can be selected as a channel for a monitor now.

supremesyntax avatar Sep 10 '24 13:09 supremesyntax

Thank you so much @supremesyntax for confirming it is working on Wazuh dashboard 4.9.0. I will close the issue.

Wazuh dashboard 4.9.0 lets the selection of Microsoft Teams channel image

Desvelao avatar Sep 11 '24 07:09 Desvelao