Release 4.3.6 - Release Candidate 1 - E2E UX tests - Wazuh Dashboard

[pepitoenpeligro]

The following issue aims to run the specified test for the current release candidate, report the results, and open new issues for any encountered errors.

Modules tests information

Main release candidate issue	#14188
Main E2E UX test issue	#14260
Version	4.3.6
Release candidate #	RC1
Tag	v4.3.6-rc1
Previous modules tests issue

Installation procedure

• Wazuh Indexer
  • Step by Step
• Wazuh Server
  • Step by Step
• Wazuh Dashboard
  • Step by Step
• Wazuh Agent
  • Wazuh WUI one-liner deploy IP GROUP (created beforehand)

Test description

Best efford to test Wazuh dashboard package. Think critically and at least review/test:

• Wazuh dashboard package specs
• Dashboard package size
• Dashboard package metadata (description)
• Dashboard package digital signature
• Installed files location, size and permissions
• Installation footprint (check that no unnecessary files are modified/broken in the file system. For example that operating system files do keep their right owner/pemissions and that the installer did not break the system.)
• Installed service (test that it works correctly)
• Wazuh Dashboard logs when installed
• Wazuh Dashboard configuration (Try to find anomalies compared with 4.3.4)
• Wazuh Dashboard (included the Wazuh WUI) communication with Wazuh manager API and Wazuh indexer
• Register Wazuh Agents
• Basic browsing throguh the WUI
• Basic experience with WUI performance.
• Anything else that could have been overlooked when creating the new package

Test report procedure

All test results must have one of the following statuses:

🟢	All checks passed.
🔴	There is at least one failed result.
🟡	There is at least one expected failure or skipped test and no failures.

Any failing test must be properly addressed with a new issue, detailing the error and the possible cause.

An extended report of the test results can be attached as a ZIP or TXT file. Please attach any documents, screenshots, or tables to the issue update with the results. This report can be used by the auditors to dig deeper into any possible failures and details.

Conclusions

All tests have been executed and the results can be found in the issue updates.

Status	Test	Failure type	Notes
🟢	Wazuh dashboard package specs	Functional	#14348 (comment)
🟢	Dashboard package size	Functional	#14348 (comment)
🟢	Dashboard package metadata (description)	Usability	#14348 (comment)
🟢	Dashboard package digital signature	Usability	#14348 (comment)
🟢	Installed files location, size and permissions	Functional	#14348 (comment)
🟢	Installation footprint	Functional	#14348 (comment)
🟢	Wazuh Dashboard logs when installed	Functional	#14051 (comment)
🟢	Wazuh Dashboard configuration	Functional	#14348 (comment)
🟢	Wazuh Dashboard (included the Wazuh WUI) communication with Wazuh manager API and Wazuh indexer	Functional	#14348 (comment)
🟢	Register Wazuh Agents	Functional	#14348 (comment)
🟢	Basic browsing through the WUI	Usability	#14348 (comment)
🟢	Basic experience with WUI performance	Usability	#14348 (comment)

Auditors validation

The definition of done for this one is the validation of the conclusions and the test results from all auditors.

All checks from below must be accepted in order to close this issue.

• @davidjiglesias

[pepitoenpeligro]

0. Installation logs 🟢

dashboard /var/log/wazuh-install.log

19/07/2022 05:20:54 INFO: Starting Wazuh installation assistant. Wazuh version: 4.3.6
19/07/2022 05:20:54 INFO: Verbose logging redirected to /var/log/wazuh-install.log
[wazuh]
gpgcheck=1
gpgkey=https://packages-dev.wazuh.com/key/GPG-KEY-WAZUH
enabled=1
name=EL-${releasever} - Wazuh
baseurl=https://packages-dev.wazuh.com/pre-release/yum/
protect=1
19/07/2022 05:20:59 INFO: Wazuh development repository added.
19/07/2022 05:21:00 INFO: --- Wazuh dashboard ----
19/07/2022 05:21:00 INFO: Starting Wazuh dashboard installation.
Loaded plugins: extras_suggestions, langpacks, priorities, update-motd
Resolving Dependencies
--> Running transaction check
---> Package wazuh-dashboard.x86_64 0:4.3.6-1 will be installed
--> Finished Dependency Resolution

Dependencies Resolved

================================================================================
 Package                  Arch            Version          Repository      Size
================================================================================
Installing:
 wazuh-dashboard          x86_64          4.3.6-1          wazuh          150 M

Transaction Summary
================================================================================
Install  1 Package

Total download size: 150 M
Installed size: 588 M
Downloading packages:
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
  Installing : wazuh-dashboard-4.3.6-1.x86_64                               1/1
  Verifying  : wazuh-dashboard-4.3.6-1.x86_64                               1/1

Installed:
  wazuh-dashboard.x86_64 0:4.3.6-1

Complete!
19/07/2022 05:21:49 INFO: Wazuh dashboard installation finished.
19/07/2022 05:21:49 INFO: Wazuh dashboard post-install configuration finished.
19/07/2022 05:21:49 INFO: Starting service wazuh-dashboard.
Created symlink from /etc/systemd/system/multi-user.target.wants/wazuh-dashboard.service to /etc/systemd/system/wazuh-dashboard.service.
19/07/2022 05:21:50 INFO: wazuh-dashboard service started.
19/07/2022 05:22:16 INFO: Initializing Wazuh dashboard web application.
19/07/2022 05:22:17 INFO: Wazuh dashboard web application initialized.
19/07/2022 05:22:17 INFO: Installation finished.

indexer /var/log/wazuh-install.log

19/07/2022 05:19:30 INFO: Starting Wazuh installation assistant. Wazuh version: 4.3.6
19/07/2022 05:19:30 INFO: Verbose logging redirected to /var/log/wazuh-install.log
Security Admin v7
Will connect to 172.31.23.179:9300 ... done
Connected as CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US
OpenSearch Version: 1.2.4
OpenSearch Security Version: 1.2.4.0
Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ...
Clustername: wazuh-indexer-cluster
Clusterstate: GREEN
Number of nodes: 1
Number of data nodes: 1
.opendistro_security index does not exists, attempt to create it ... done (0-all replicas)
Populate config from /usr/share/wazuh-indexer/plugins/opensearch-security/securityconfig/
Will update '_doc/config' with /usr/share/wazuh-indexer/plugins/opensearch-security/securityconfig/config.yml
   SUCC: Configuration for 'config' created or updated
Will update '_doc/roles' with /usr/share/wazuh-indexer/plugins/opensearch-security/securityconfig/roles.yml
   SUCC: Configuration for 'roles' created or updated
Will update '_doc/rolesmapping' with /usr/share/wazuh-indexer/plugins/opensearch-security/securityconfig/roles_mapping.yml
   SUCC: Configuration for 'rolesmapping' created or updated
Will update '_doc/internalusers' with /usr/share/wazuh-indexer/plugins/opensearch-security/securityconfig/internal_users.yml
   SUCC: Configuration for 'internalusers' created or updated
Will update '_doc/actiongroups' with /usr/share/wazuh-indexer/plugins/opensearch-security/securityconfig/action_groups.yml
   SUCC: Configuration for 'actiongroups' created or updated
Will update '_doc/tenants' with /usr/share/wazuh-indexer/plugins/opensearch-security/securityconfig/tenants.yml
   SUCC: Configuration for 'tenants' created or updated
Will update '_doc/nodesdn' with /usr/share/wazuh-indexer/plugins/opensearch-security/securityconfig/nodes_dn.yml
   SUCC: Configuration for 'nodesdn' created or updated
Will update '_doc/whitelist' with /usr/share/wazuh-indexer/plugins/opensearch-security/securityconfig/whitelist.yml
   SUCC: Configuration for 'whitelist' created or updated
Will update '_doc/audit' with /usr/share/wazuh-indexer/plugins/opensearch-security/securityconfig/audit.yml
   SUCC: Configuration for 'audit' created or updated
Done with success
19/07/2022 05:19:40 INFO: Wazuh indexer cluster security configuration initialized.
{"acknowledged":true}Security Admin v7
Will connect to 172.31.23.179:9300 ... done
Connected as CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US
OpenSearch Version: 1.2.4
OpenSearch Security Version: 1.2.4.0
Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ...
Clustername: wazuh-indexer-cluster
Clusterstate: GREEN
Number of nodes: 1
Number of data nodes: 1
.opendistro_security index already exists, so we do not need to create one.
Will retrieve '_doc/config' into /usr/share/wazuh-indexer/backup/config.yml
   SUCC: Configuration for 'config' stored in /usr/share/wazuh-indexer/backup/config.yml
Will retrieve '_doc/roles' into /usr/share/wazuh-indexer/backup/roles.yml
   SUCC: Configuration for 'roles' stored in /usr/share/wazuh-indexer/backup/roles.yml
Will retrieve '_doc/rolesmapping' into /usr/share/wazuh-indexer/backup/roles_mapping.yml
   SUCC: Configuration for 'rolesmapping' stored in /usr/share/wazuh-indexer/backup/roles_mapping.yml
Will retrieve '_doc/internalusers' into /usr/share/wazuh-indexer/backup/internal_users.yml
   SUCC: Configuration for 'internalusers' stored in /usr/share/wazuh-indexer/backup/internal_users.yml
Will retrieve '_doc/actiongroups' into /usr/share/wazuh-indexer/backup/action_groups.yml
   SUCC: Configuration for 'actiongroups' stored in /usr/share/wazuh-indexer/backup/action_groups.yml
Will retrieve '_doc/tenants' into /usr/share/wazuh-indexer/backup/tenants.yml
   SUCC: Configuration for 'tenants' stored in /usr/share/wazuh-indexer/backup/tenants.yml
Will retrieve '_doc/nodesdn' into /usr/share/wazuh-indexer/backup/nodes_dn.yml
   SUCC: Configuration for 'nodesdn' stored in /usr/share/wazuh-indexer/backup/nodes_dn.yml
Will retrieve '_doc/whitelist' into /usr/share/wazuh-indexer/backup/whitelist.yml
   SUCC: Configuration for 'whitelist' stored in /usr/share/wazuh-indexer/backup/whitelist.yml
Will retrieve '_doc/audit' into /usr/share/wazuh-indexer/backup/audit.yml
   SUCC: Configuration for 'audit' stored in /usr/share/wazuh-indexer/backup/audit.yml
Security Admin v7
Will connect to 172.31.23.179:9300 ... done
Connected as CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US
OpenSearch Version: 1.2.4
OpenSearch Security Version: 1.2.4.0
Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ...
Clustername: wazuh-indexer-cluster
Clusterstate: GREEN
Number of nodes: 1
Number of data nodes: 1
.opendistro_security index already exists, so we do not need to create one.
Populate config from /usr/share/wazuh-indexer/plugins/opensearch-security/securityconfig/
Will update '_doc/config' with /usr/share/wazuh-indexer/plugins/opensearch-security/securityconfig/config.yml
   SUCC: Configuration for 'config' created or updated
Will update '_doc/roles' with /usr/share/wazuh-indexer/plugins/opensearch-security/securityconfig/roles.yml
   SUCC: Configuration for 'roles' created or updated
Will update '_doc/rolesmapping' with /usr/share/wazuh-indexer/plugins/opensearch-security/securityconfig/roles_mapping.yml
   SUCC: Configuration for 'rolesmapping' created or updated
Will update '_doc/internalusers' with /usr/share/wazuh-indexer/plugins/opensearch-security/securityconfig/internal_users.yml
   SUCC: Configuration for 'internalusers' created or updated
Will update '_doc/actiongroups' with /usr/share/wazuh-indexer/plugins/opensearch-security/securityconfig/action_groups.yml
   SUCC: Configuration for 'actiongroups' created or updated
Will update '_doc/tenants' with /usr/share/wazuh-indexer/plugins/opensearch-security/securityconfig/tenants.yml
   SUCC: Configuration for 'tenants' created or updated
Will update '_doc/nodesdn' with /usr/share/wazuh-indexer/plugins/opensearch-security/securityconfig/nodes_dn.yml
   SUCC: Configuration for 'nodesdn' created or updated
Will update '_doc/whitelist' with /usr/share/wazuh-indexer/plugins/opensearch-security/securityconfig/whitelist.yml
   SUCC: Configuration for 'whitelist' created or updated
Will update '_doc/audit' with /usr/share/wazuh-indexer/plugins/opensearch-security/securityconfig/audit.yml
   SUCC: Configuration for 'audit' created or updated
Done with success
19/07/2022 05:19:58 INFO: Wazuh indexer cluster started.

server /var/log/wazuh-install.log

19/07/2022 05:20:52 INFO: Starting Wazuh installation assistant. Wazuh version: 4.3.6
19/07/2022 05:20:52 INFO: Verbose logging redirected to /var/log/wazuh-install.log
[wazuh]
gpgcheck=1
gpgkey=https://packages-dev.wazuh.com/key/GPG-KEY-WAZUH
enabled=1
name=EL-${releasever} - Wazuh
baseurl=https://packages-dev.wazuh.com/pre-release/yum/
protect=1
19/07/2022 05:20:58 INFO: Wazuh development repository added.
19/07/2022 05:20:58 INFO: --- Wazuh server ---
19/07/2022 05:20:58 INFO: Starting the Wazuh manager installation.
Loaded plugins: extras_suggestions, langpacks, priorities, update-motd
Resolving Dependencies
--> Running transaction check
---> Package wazuh-manager.x86_64 0:4.3.6-1 will be installed
--> Finished Dependency Resolution

Dependencies Resolved

================================================================================
 Package                Arch            Version            Repository      Size
================================================================================
Installing:
 wazuh-manager          x86_64          4.3.6-1            wazuh          114 M

Transaction Summary
================================================================================
Install  1 Package

Total download size: 114 M
Installed size: 437 M
Downloading packages:
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
  Installing : wazuh-manager-4.3.6-1.x86_64                                 1/1
  Verifying  : wazuh-manager-4.3.6-1.x86_64                                 1/1

Installed:
  wazuh-manager.x86_64 0:4.3.6-1

Complete!
19/07/2022 05:21:25 INFO: Wazuh manager installation finished.
19/07/2022 05:21:25 INFO: Starting service wazuh-manager.
Created symlink from /etc/systemd/system/multi-user.target.wants/wazuh-manager.service to /usr/lib/systemd/system/wazuh-manager.service.
19/07/2022 05:21:40 INFO: wazuh-manager service started.
19/07/2022 05:21:40 INFO: Starting Filebeat installation.
Existing lock /var/run/yum.pid: another copy is running as pid 7756.
Another app is currently holding the yum lock; waiting for it to exit...
  The other application is: yum
    Memory : 166 M RSS (384 MB VSZ)
    Started: Tue Jul 19 05:21:38 2022 - 00:03 ago
    State  : Running, pid: 7756
Another app is currently holding the yum lock; waiting for it to exit...
  The other application is: yum
    Memory : 164 M RSS (382 MB VSZ)
    Started: Tue Jul 19 05:21:38 2022 - 00:05 ago
    State  : Running, pid: 7756
19/07/2022 05:22:34 INFO: Filebeat installation finished.
wazuh/
wazuh/module.yml
wazuh/archives/
wazuh/archives/config/
wazuh/archives/config/archives.yml
wazuh/archives/ingest/
wazuh/archives/ingest/pipeline.json
wazuh/archives/manifest.yml
wazuh/alerts/
wazuh/alerts/config/
wazuh/alerts/config/alerts.yml
wazuh/alerts/ingest/
wazuh/alerts/ingest/pipeline.json
wazuh/alerts/manifest.yml
wazuh/_meta/
wazuh/_meta/config.yml
wazuh/_meta/fields.yml
wazuh/_meta/docs.asciidoc
Created filebeat keystore
Successfully updated the keystore
Successfully updated the keystore
19/07/2022 05:22:35 INFO: Filebeat post-install configuration finished.
Successfully updated the keystore
19/07/2022 05:22:46 INFO: Starting service filebeat.
Created symlink from /etc/systemd/system/multi-user.target.wants/filebeat.service to /usr/lib/systemd/system/filebeat.service.
19/07/2022 05:22:46 INFO: filebeat service started.
19/07/2022 05:22:46 INFO: Installation finished.

[pepitoenpeligro]

Wazuh Dashboard Package specs 🟢

yum info wazuh-dashboard
Loaded plugins: extras_suggestions, langpacks, priorities, update-motd
Installed Packages
Name        : wazuh-dashboard
Arch        : x86_64
Version     : 4.3.6
Release     : 1
Size        : 588 M
Repo        : installed
From repo   : wazuh
Summary     : Wazuh dashboard is a user interface and visualization tool for security-related data. Documentation can be found at
            : https://documentation.wazuh.com/current/getting-started/components/wazuh-dashboard.html
URL         : https://www.wazuh.com/
License     : GPL
Description : Wazuh dashboard is a user interface and visualization tool for security-related data. This Wazuh central component enables exploring, visualizing, and analyzing the stored security alerts generated
            : by the Wazuh server. Wazuh dashboard enables inspecting the status and managing the configurations of the Wazuh cluster and agents as well as creating and managing users and roles. In addition, it
            : allows testing the ruleset and making calls to the Wazuh API. Documentation can be found at https://documentation.wazuh.com/current/getting-started/components/wazuh-dashboard.html

 rpm -qi $(rpm -qa | awk '/dashboard/ {print $0}')
Name        : wazuh-dashboard
Version     : 4.3.6
Release     : 1
Architecture: x86_64
Install Date: Tue 19 Jul 2022 05:21:44 AM UTC
Group       : System Environment/Daemons
Size        : 616324112
License     : GPL
Signature   : RSA/SHA256, Mon 18 Jul 2022 07:56:47 PM UTC, Key ID 96b3ee5f29111145
Source RPM  : wazuh-dashboard-4.3.6-1.src.rpm
Build Date  : Mon 18 Jul 2022 07:47:44 PM UTC
Build Host  : ip-172-31-95-149.ec2.internal
Relocations : (not relocatable)
Packager    : Wazuh, Inc <info@wazuh.com>
Vendor      : Wazuh, Inc <info@wazuh.com>
URL         : https://www.wazuh.com/
Summary     : Wazuh dashboard is a user interface and visualization tool for security-related data. Documentation can be found at https://documentation.wazuh.com/current/getting-started/components/wazuh-dashboard.html
Description :
Wazuh dashboard is a user interface and visualization tool for security-related data. This Wazuh central component enables exploring, visualizing, and analyzing the stored security alerts generated by the Wazuh server. Wazuh dashboard enables inspecting the status and managing the configurations of the Wazuh cluster and agents as well as creating and managing users and roles. In addition, it allows testing the ruleset and making calls to the Wazuh API. Documentation can be found at https://documentation.wazuh.com/current/getting-started/components/wazuh-dashboard.html

[pepitoenpeligro]

Dashboard Package Size 🟢

Size        : 588 M

rpm --qf '%{SIZE}\n' -q wazuh-dashboard | awk '{print $1/(1024*1024)"MiB"}'
587.772MiB

[pepitoenpeligro]

Dashboard package metadata (description) 🟢

yum -C search wazuh-dashboard
Loaded plugins: extras_suggestions, langpacks, priorities, update-motd
=============================================================================================== N/S matched: wazuh-dashboard ================================================================================================
wazuh-dashboard.x86_64 : Wazuh dashboard is a user interface and visualization tool for security-related data. Documentation can be found at
                       : https://documentation.wazuh.com/current/getting-started/components/wazuh-dashboard.html

  Name and summary matches only, use "search all" for everything.

Grabacion.de.pantalla.2022-07-19.a.las.7.45.04.mov

[pepitoenpeligro]

Dashboard package digital signature 🟢

rpm -qi $(rpm -qa  | awk '/dashboard/ {print $0}') | awk '/Name|Install|Signature/ {print $0}'
Name        : wazuh-dashboard
Install Date: Tue 19 Jul 2022 05:21:44 AM UTC
Signature   : RSA/SHA256, Mon 18 Jul 2022 07:56:47 PM UTC, Key ID 96b3ee5f29111145

rpm -q gpg-pubkey --qf '%{NAME}-%{VERSION}-%{RELEASE}\t%{SUMMARY}\n'
gpg-pubkey-c87f5b1a-593863f8	gpg(Amazon Linux <amazon-linux@amazon.com>)
gpg-pubkey-29111145-591cd381	gpg(Wazuh.com (Wazuh Signing Key) <support@wazuh.com>)

[pepitoenpeligro]

Installed files location, size and permissions 🟢

/usr/share/wazuh-dashboard

ll /usr/share/wazuh-dashboard
total 1176
drwxr-x---   2 wazuh-dashboard wazuh-dashboard     109 Jul 19 05:21 bin
drwxr-x---   2 wazuh-dashboard wazuh-dashboard      44 Jul 19 05:21 config
drwxr-x---   3 wazuh-dashboard wazuh-dashboard      31 Jul 19 05:22 data
-rw-r-----   1 wazuh-dashboard wazuh-dashboard   11358 Nov 22  2021 LICENSE.txt
-rw-r-----   1 wazuh-dashboard wazuh-dashboard    3098 Nov 22  2021 manifest.yml
drwxr-x---   6 wazuh-dashboard wazuh-dashboard     108 Jul 19 05:21 node
drwxr-x--- 703 wazuh-dashboard wazuh-dashboard   20480 Jul 19 05:21 node_modules
-rw-r-----   1 wazuh-dashboard wazuh-dashboard 1137439 Nov 22  2021 NOTICE.txt
-rw-r-----   1 wazuh-dashboard wazuh-dashboard     827 Nov 22  2021 package.json
drwxr-x---   8 wazuh-dashboard wazuh-dashboard     157 Jul 19 05:21 plugins
-rw-r-----   1 wazuh-dashboard wazuh-dashboard    1925 Nov 22  2021 README.txt
drwxr-x---  11 wazuh-dashboard wazuh-dashboard     160 Jul 19 05:21 src
-r--r-----   1 wazuh-dashboard wazuh-dashboard       6 Jul 15 09:48 VERSION

/usr/share/wazuh-dashboard/bin

ll /usr/share/wazuh-dashboard/bin
total 12
-rwxr-x--- 1 wazuh-dashboard wazuh-dashboard 918 Jul 15 09:48 opensearch-dashboards
-rwxr-x--- 1 wazuh-dashboard wazuh-dashboard 785 Jul 15 09:48 opensearch-dashboards-keystore
-rwxr-x--- 1 wazuh-dashboard wazuh-dashboard 822 Jul 15 09:48 opensearch-dashboards-plugin

/usr/share/wazuh-dashboard/data/wazuh/config/

ll /usr/share/wazuh-dashboard/data/wazuh/config/
total 12
-rw-r--r-- 1 wazuh-dashboard wazuh-dashboard  164 Jul 19 05:22 wazuh-registry.json
-rw------- 1 wazuh-dashboard wazuh-dashboard 7235 Jul 19 05:22 wazuh.yml

/usr/share/wazuh-dashboard/data/wazuh/config/wazuh.yml

stat /usr/share/wazuh-dashboard/data/wazuh/config/wazuh.yml
  File: ‘/usr/share/wazuh-dashboard/data/wazuh/config/wazuh.yml’
  Size: 7235      	Blocks: 16         IO Block: 4096   regular file
Device: 10301h/66305d	Inode: 33592639    Links: 1
Access: (0600/-rw-------)  Uid: (  995/wazuh-dashboard)   Gid: (  993/wazuh-dashboard)
Access: 2022-07-19 05:22:17.506380465 +0000
Modify: 2022-07-19 05:22:17.510380515 +0000
Change: 2022-07-19 05:22:17.510380515 +0000
 Birth: -

/usr/share/wazuh-dashboard/data/wazuh/config/wazuh.yml

---
#
# Wazuh dashboard - App configuration file
# Copyright (C) 2015-2022 Wazuh, Inc.
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# Find more information about this on the LICENSE file.
#
# ======================== Wazuh dashboard configuration file ========================
#
# Please check the documentation for more information on configuration options:
# https://documentation.wazuh.com/4.3/installation-guide/index.html
#
# Also, you can check our repository:
# https://github.com/wazuh/wazuh-kibana-app
#
# ------------------------------- Disable roles -------------------------------
#
# Defines which Elasticsearch roles disable Wazuh
# disabled_roles:
#      - wazuh_disabled
#
# ------------------------------- Index patterns -------------------------------
#
# Default index pattern to use.
#pattern: wazuh-alerts-*
#
# ----------------------------------- Checks -----------------------------------
#
# Defines which checks must to be consider by the healthcheck
# step once the Wazuh dashboard starts. Values must to be true or false.
#checks.pattern : true
#checks.template: true
#checks.fields  : true
#checks.api     : true
#checks.setup   : true
#checks.metaFields: true
#checks.timeFilter: true
#checks.maxBuckets: true
#
# --------------------------------- Extensions ---------------------------------
#
# Defines which extensions should be activated when you add a new API entry.
# You can change them after Wazuh dashboard starts.
# Values must to be true or false.
#extensions.pci       : true
#extensions.gdpr      : true
#extensions.hipaa     : true
#extensions.nist      : true
#extensions.tsc       : true
#extensions.audit     : true
#extensions.oscap     : false
#extensions.ciscat    : false
#extensions.aws       : false
#extensions.gcp       : false
#extensions.virustotal: false
#extensions.osquery   : false
#extensions.docker    : false
#
# ---------------------------------- Timeout ----------------------------------
#
# Defines maximum timeout to be used on the Wazuh dashboard requests.
# It will be ignored if it is bellow 1500.
# It means milliseconds before we consider a request as failed.
# Default: 20000
#timeout: 20000
#
# -------------------------------- API selector --------------------------------
#
# Defines if the user is allowed to change the selected
# API directly from the Wazuh dashboard top menu.
# Default: true
#api.selector: true
#
# --------------------------- Index pattern selector ---------------------------
#
# Defines if the user is allowed to change the selected
# index pattern directly from the Wazuh dashboard top menu.
# Default: true
#ip.selector: true
#
# List of index patterns to be ignored
#ip.ignore: []
#
# ------------------------------ wazuh-monitoring ------------------------------
#
# Custom setting to enable/disable wazuh-monitoring indices.
# Values: true, false, worker
# If worker is given as value, the app will show the Agents status
# visualization but won't insert data on wazuh-monitoring indices.
# Default: true
#wazuh.monitoring.enabled: true
#
# Custom setting to set the frequency for wazuh-monitoring indices cron task.
# Default: 900 (s)
#wazuh.monitoring.frequency: 900
#
# Configure wazuh-monitoring-* indices shards and replicas.
#wazuh.monitoring.shards: 1
#wazuh.monitoring.replicas: 0
#
# Configure wazuh-monitoring-* indices custom creation interval.
# Values: h (hourly), d (daily), w (weekly), m (monthly)
# Default: w
#wazuh.monitoring.creation: w
#
# Default index pattern to use for Wazuh monitoring
#wazuh.monitoring.pattern: wazuh-monitoring-*
#
# --------------------------------- wazuh-cron ----------------------------------
#
# Customize the index prefix of predefined jobs
# This change is not retroactive, if you change it new indexes will be created
# cron.prefix: wazuh
#
# --------------------------------- wazuh-sample-alerts -------------------------
#
# Customize the index name prefix of sample alerts
# This change is not retroactive, if you change it new indexes will be created
# It should match with a valid index template to avoid unknown fields on
# dashboards
#alerts.sample.prefix: wazuh-alerts-4.x-
#
# ------------------------------ wazuh-statistics -------------------------------
#
# Custom setting to enable/disable statistics tasks.
#cron.statistics.status: true
#
# Enter the ID of the APIs you want to save data from, leave this empty to run
# the task on all configured APIs
#cron.statistics.apis: []
#
# Define the frequency of task execution using cron schedule expressions
#cron.statistics.interval: 0 */5 * * * *
#
# Define the name of the index in which the documents are to be saved.
#cron.statistics.index.name: statistics
#
# Define the interval in which the index will be created
#cron.statistics.index.creation: w
#
# Configure statistics indices shards and replicas.
#cron.statistics.shards: 1
#cron.statistics.replicas: 0
#
# ------------------------------ wazuh-logo-customization -------------------------------
#
#Define the name of the app logo saved in the path /plugins/wazuh/assets/
#customization.logo.app: ''
#
#Define the name of the sidebar logo saved in the path /plugins/wazuh/assets/
#customization.logo.sidebar: ''
#
#Define the name of the health-check logo saved in the path /plugins/wazuh/assets/
#customization.logo.healthcheck: ''
#
#Define the name of the reports logo (.png) saved in the path /plugins/wazuh/assets/
#customization.logo.reports: ''
#
# ---------------------------- Hide manager alerts ------------------------------
# Hide the alerts of the manager in all dashboards and discover
#hideManagerAlerts: false
#
# ------------------------------- App logging level -----------------------------
# Set the logging level for the Wazuh dashboard log files.
# Default value: info
# Allowed values: info, debug
#logs.level: info
#
# -------------------------------- Enrollment DNS -------------------------------
# Set the variable WAZUH_REGISTRATION_SERVER in agents deployment.
# Default value: ''
#enrollment.dns: ''
#
# Wazuh registration password
# Default value: ''
#enrollment.password: cffy.ajz7tJ1MR2YZGl1t9iWtZElT3jr
#-------------------------------- API entries -----------------------------------
#The following configuration is the default structure to define an API entry.
#
#hosts:
#  - <id>:
      # URL
      # API url
      # url: http(s)://<url>

      # Port
      # API port
      # port: <port>

      # Username
      # API user's username
      # username: <username>

      # Password
      # API user's password
      # password: cffy.ajz7tJ1MR2YZGl1t9iWtZElT3jr

      # Run as
      # Define how the app user gets his/her app permissions.
      # Values:
      #   - true: use his/her authentication context. Require Wazuh API user allows run_as.
      #   - false or not defined: get same permissions of Wazuh API user.
      # run_as: <true|false>
hosts:
  - default:
     url: https://172.31.18.209
     port: 55000
     username: wazuh-wui
     password: cffy.ajz7tJ1MR2YZGl1t9iWtZElT3jr
     run_as: false

/usr/share/wazuh-dashboard/data/

total 4
-rw-r--r-- 1 wazuh-dashboard wazuh-dashboard 36 Jul 19 05:21 uuid
drwxr-xr-x 4 wazuh-dashboard wazuh-dashboard 32 Jul 19 05:22 wazuh

/usr/share/wazuh-dashboard/data/wazuh

total 0
drwxr-xr-x 2 wazuh-dashboard wazuh-dashboard 50 Jul 19 05:22 config
drwxr-xr-x 2 wazuh-dashboard wazuh-dashboard 52 Jul 19 05:22 logs

/usr/share/wazuh-dashboard/data/wazuh

total 12
-rw-r--r-- 1 wazuh-dashboard wazuh-dashboard  164 Jul 19 05:22 wazuh-registry.json
-rw------- 1 wazuh-dashboard wazuh-dashboard 7235 Jul 19 05:22 wazuh.yml

/usr/share/wazuh-dashboard/node

ll /usr/share/wazuh-dashboard/node
total 148
drwxr-x--- 2 wazuh-dashboard wazuh-dashboard    18 Jul 19 05:21 bin
-rw-r----- 1 wazuh-dashboard wazuh-dashboard 52988 Nov 22  2021 CHANGELOG.md
drwxr-x--- 3 wazuh-dashboard wazuh-dashboard    18 Jul 19 05:21 include
drwxr-x--- 2 wazuh-dashboard wazuh-dashboard     6 Nov 22  2021 lib
-rw-r----- 1 wazuh-dashboard wazuh-dashboard 68764 Nov 22  2021 LICENSE
-rw-r----- 1 wazuh-dashboard wazuh-dashboard 27379 Nov 22  2021 README.md
drwxr-x--- 5 wazuh-dashboard wazuh-dashboard    45 Jul 19 05:21 share

/usr/share/wazuh-dashboard/plugins/

ll /usr/share/wazuh-dashboard/plugins/
total 0
drwxr-x--- 6 wazuh-dashboard wazuh-dashboard 138 Jul 19 05:21 alertingDashboards
drwxr-x--- 6 wazuh-dashboard wazuh-dashboard 158 Jul 19 05:21 ganttChartDashboards
drwxr-x--- 8 wazuh-dashboard wazuh-dashboard 185 Jul 19 05:21 indexManagementDashboards
drwxr-x--- 8 wazuh-dashboard wazuh-dashboard 217 Jul 19 05:21 reportsDashboards
drwxr-x--- 7 wazuh-dashboard wazuh-dashboard 174 Jul 19 05:21 securityDashboards
drwxr-x--- 7 wazuh-dashboard wazuh-dashboard 188 Jul 19 05:21 wazuh

/usr/share/wazuh-dashboard/src

ll /usr/share/wazuh-dashboard/src
total 8
-rw-r-----  1 wazuh-dashboard wazuh-dashboard 2761 Nov 22  2021 apm.js
drwxr-x---  3 wazuh-dashboard wazuh-dashboard   81 Jul 19 05:21 cli
drwxr-x---  3 wazuh-dashboard wazuh-dashboard  157 Jul 19 05:21 cli_keystore
drwxr-x---  6 wazuh-dashboard wazuh-dashboard  101 Jul 19 05:21 cli_plugin
drwxr-x---  8 wazuh-dashboard wazuh-dashboard  206 Jul 19 05:21 core
drwxr-x---  2 wazuh-dashboard wazuh-dashboard   40 Jul 19 05:21 docs
drwxr-x---  5 wazuh-dashboard wazuh-dashboard   43 Jul 19 05:21 legacy
drwxr-x---  3 wazuh-dashboard wazuh-dashboard  103 Jul 19 05:21 optimize
drwxr-x--- 52 wazuh-dashboard wazuh-dashboard 4096 Jul 19 05:21 plugins
drwxr-x---  4 wazuh-dashboard wazuh-dashboard  168 Jul 19 05:21 setup_node_env

/etc/yum.repos.d/wazuh.repo

ll /etc/yum.repos.d/wazuh.repo
-rw-r--r-- 1 root root 165 Jul 19 05:22 /etc/yum.repos.d/wazuh.repo

/etc/rc.d/init.d/

ll /etc/rc.d/init.d/
total 44
lrwxrwxrwx 1 root            root               54 Jun 13 18:53 cfn-hup -> ../../../opt/aws/apitools/cfn-init/init/redhat/cfn-hup
-rw-r--r-- 1 root            root            18281 Mar 29  2019 functions
-rwxr-xr-x 1 root            root             4569 Mar 29  2019 netconsole
-rwxr-xr-x 1 root            root             7923 Mar 29  2019 network
-rw-r--r-- 1 root            root             1160 May 26 18:12 README
-rwxr-x--- 1 wazuh-dashboard wazuh-dashboard  3599 Jul 18 19:46 wazuh-dashboard

/etc/security/limits.conf

 cat /etc/security/limits.conf | grep "End of file" -A30 -B6
#@student        hard    nproc           20
#@faculty        soft    nproc           20
#@faculty        hard    nproc           50
#ftp             hard    nproc           0
#@student        -       maxlogins       4

# End of file

/sbin/sysctl vm.max_map_count

vm.max_map_count = 65530

[pepitoenpeligro]

Installation Footprint 🟢

dashboard /var/log/wazuh-install.log

19/07/2022 05:20:54 INFO: Starting Wazuh installation assistant. Wazuh version: 4.3.6
19/07/2022 05:20:54 INFO: Verbose logging redirected to /var/log/wazuh-install.log
[wazuh]
gpgcheck=1
gpgkey=https://packages-dev.wazuh.com/key/GPG-KEY-WAZUH
enabled=1
name=EL-${releasever} - Wazuh
baseurl=https://packages-dev.wazuh.com/pre-release/yum/
protect=1
19/07/2022 05:20:59 INFO: Wazuh development repository added.
19/07/2022 05:21:00 INFO: --- Wazuh dashboard ----
19/07/2022 05:21:00 INFO: Starting Wazuh dashboard installation.
Loaded plugins: extras_suggestions, langpacks, priorities, update-motd
Resolving Dependencies
--> Running transaction check
---> Package wazuh-dashboard.x86_64 0:4.3.6-1 will be installed
--> Finished Dependency Resolution

Dependencies Resolved

================================================================================
 Package                  Arch            Version          Repository      Size
================================================================================
Installing:
 wazuh-dashboard          x86_64          4.3.6-1          wazuh          150 M

Transaction Summary
================================================================================
Install  1 Package

Total download size: 150 M
Installed size: 588 M
Downloading packages:
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
  Installing : wazuh-dashboard-4.3.6-1.x86_64                               1/1
  Verifying  : wazuh-dashboard-4.3.6-1.x86_64                               1/1

Installed:
  wazuh-dashboard.x86_64 0:4.3.6-1

Complete!
19/07/2022 05:21:49 INFO: Wazuh dashboard installation finished.
19/07/2022 05:21:49 INFO: Wazuh dashboard post-install configuration finished.
19/07/2022 05:21:49 INFO: Starting service wazuh-dashboard.
Created symlink from /etc/systemd/system/multi-user.target.wants/wazuh-dashboard.service to /etc/systemd/system/wazuh-dashboard.service.
19/07/2022 05:21:50 INFO: wazuh-dashboard service started.
19/07/2022 05:22:16 INFO: Initializing Wazuh dashboard web application.
19/07/2022 05:22:17 INFO: Wazuh dashboard web application initialized.
19/07/2022 05:22:17 INFO: Installation finished.

[pepitoenpeligro]

Installed service 🟢

[pepitoenpeligro]

Wazuh Dashboard configuration 🟢

local wazuh.yaml in 4.3.4

---
#
# Wazuh dashboard - App configuration file
# Copyright (C) 2015-2022 Wazuh, Inc.
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# Find more information about this on the LICENSE file.
#
# ======================== Wazuh dashboard configuration file ========================
#
# Please check the documentation for more information on configuration options:
# https://documentation.wazuh.com/current/installation-guide/index.html
#
# Also, you can check our repository:
# https://github.com/wazuh/wazuh-kibana-app
#
# ------------------------------- Disable roles -------------------------------
#
# Defines which Elasticsearch roles disable Wazuh
# disabled_roles: 
#      - wazuh_disabled
#
# ------------------------------- Index patterns -------------------------------
#
# Default index pattern to use.
#pattern: wazuh-alerts-*
#
# ----------------------------------- Checks -----------------------------------
#
# Defines which checks must to be consider by the healthcheck
# step once the Wazuh dashboard starts. Values must to be true or false.
#checks.pattern : true
#checks.template: true
#checks.fields  : true
#checks.api     : true
#checks.setup   : true
#checks.metaFields: true
#checks.timeFilter: true
#checks.maxBuckets: true
#
# --------------------------------- Extensions ---------------------------------
#
# Defines which extensions should be activated when you add a new API entry.
# You can change them after Wazuh dashboard starts.
# Values must to be true or false.
#extensions.pci       : true
#extensions.gdpr      : true
#extensions.hipaa     : true
#extensions.nist      : true
#extensions.tsc       : true
#extensions.audit     : true
#extensions.oscap     : false
#extensions.ciscat    : false
#extensions.aws       : false
#extensions.gcp       : false
#extensions.virustotal: false
#extensions.osquery   : false
#extensions.docker    : false
#
# ---------------------------------- Timeout ----------------------------------
#
# Defines maximum timeout to be used on the Wazuh dashboard requests.
# It will be ignored if it is bellow 1500.
# It means milliseconds before we consider a request as failed.
# Default: 20000
#timeout: 20000
#
# -------------------------------- API selector --------------------------------
#
# Defines if the user is allowed to change the selected
# API directly from the Wazuh dashboard top menu.
# Default: true
#api.selector: true
#
# --------------------------- Index pattern selector ---------------------------
#
# Defines if the user is allowed to change the selected
# index pattern directly from the Wazuh dashboard top menu.
# Default: true
#ip.selector: true
#
# List of index patterns to be ignored
#ip.ignore: []
#
# ------------------------------ wazuh-monitoring ------------------------------
#
# Custom setting to enable/disable wazuh-monitoring indices.
# Values: true, false, worker
# If worker is given as value, the app will show the Agents status
# visualization but won't insert data on wazuh-monitoring indices.
# Default: true
#wazuh.monitoring.enabled: true
#
# Custom setting to set the frequency for wazuh-monitoring indices cron task.
# Default: 900 (s)
#wazuh.monitoring.frequency: 900
#
# Configure wazuh-monitoring-* indices shards and replicas.
#wazuh.monitoring.shards: 1
#wazuh.monitoring.replicas: 0
#
# Configure wazuh-monitoring-* indices custom creation interval.
# Values: h (hourly), d (daily), w (weekly), m (monthly)
# Default: w
#wazuh.monitoring.creation: w
#
# Default index pattern to use for Wazuh monitoring
#wazuh.monitoring.pattern: wazuh-monitoring-*
#
# --------------------------------- wazuh-cron ----------------------------------
#
# Customize the index prefix of predefined jobs
# This change is not retroactive, if you change it new indexes will be created
# cron.prefix: wazuh
#
# --------------------------------- wazuh-sample-alerts -------------------------
#
# Customize the index name prefix of sample alerts
# This change is not retroactive, if you change it new indexes will be created
# It should match with a valid index template to avoid unknown fields on
# dashboards
#alerts.sample.prefix: wazuh-alerts-4.x-
#
# ------------------------------ wazuh-statistics -------------------------------
#
# Custom setting to enable/disable statistics tasks.
#cron.statistics.status: true
#
# Enter the ID of the APIs you want to save data from, leave this empty to run
# the task on all configured APIs
#cron.statistics.apis: []
#
# Define the frequency of task execution using cron schedule expressions
#cron.statistics.interval: 0 */5 * * * *
#
# Define the name of the index in which the documents are to be saved.
#cron.statistics.index.name: statistics
#
# Define the interval in which the index will be created
#cron.statistics.index.creation: w
#
# Configure statistics indices shards and replicas.
#cron.statistics.shards: 1
#cron.statistics.replicas: 0
#
# ------------------------------ wazuh-logo-customization -------------------------------
#
#Define the name of the app logo saved in the path /plugins/wazuh/assets/
#customization.logo.app: ''
#
#Define the name of the sidebar logo saved in the path /plugins/wazuh/assets/
#customization.logo.sidebar: ''
#
#Define the name of the health-check logo saved in the path /plugins/wazuh/assets/
#customization.logo.healthcheck: ''
#
#Define the name of the reports logo (.png) saved in the path /plugins/wazuh/assets/
#customization.logo.reports: ''
#
# ---------------------------- Hide manager alerts ------------------------------
# Hide the alerts of the manager in all dashboards and discover
#hideManagerAlerts: false
#
# ------------------------------- App logging level -----------------------------
# Set the logging level for the Wazuh dashboard log files.
# Default value: info
# Allowed values: info, debug
#logs.level: info
#
# -------------------------------- Enrollment DNS -------------------------------
# Set the variable WAZUH_REGISTRATION_SERVER in agents deployment.
# Default value: ''
#enrollment.dns: ''
#
# Wazuh registration password
# Default value: ''
#enrollment.password: ''
#-------------------------------- API entries -----------------------------------
#The following configuration is the default structure to define an API entry.
#
#hosts:
#  - <id>:
      # URL
      # API url
      # url: http(s)://<url>

      # Port
      # API port
      # port: <port>

      # Username
      # API user's username
      # username: <username>

      # Password
      # API user's password
      # password: <password>

      # Run as
      # Define how the app user gets his/her app permissions.
      # Values:
      #   - true: use his/her authentication context. Require Wazuh API user allows run_as.
      #   - false or not defined: get same permissions of Wazuh API user.
      # run_as: <true|false>
hosts:
  - default:
     url: https://localhost
     port: 55000
     username: wazuh-wui
     password: wazuh-wui
     run_as: false

Wazuh.yaml in 4.3.5 on aws

---
#
# Wazuh dashboard - App configuration file
# Copyright (C) 2015-2022 Wazuh, Inc.
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# Find more information about this on the LICENSE file.
#
# ======================== Wazuh dashboard configuration file ========================
#
# Please check the documentation for more information on configuration options:
# https://documentation.wazuh.com/4.3/installation-guide/index.html
#
# Also, you can check our repository:
# https://github.com/wazuh/wazuh-kibana-app
#
# ------------------------------- Disable roles -------------------------------
#
# Defines which Elasticsearch roles disable Wazuh
# disabled_roles:
#      - wazuh_disabled
#
# ------------------------------- Index patterns -------------------------------
#
# Default index pattern to use.
#pattern: wazuh-alerts-*
#
# ----------------------------------- Checks -----------------------------------
#
# Defines which checks must to be consider by the healthcheck
# step once the Wazuh dashboard starts. Values must to be true or false.
#checks.pattern : true
#checks.template: true
#checks.fields  : true
#checks.api     : true
#checks.setup   : true
#checks.metaFields: true
#checks.timeFilter: true
#checks.maxBuckets: true
#
# --------------------------------- Extensions ---------------------------------
#
# Defines which extensions should be activated when you add a new API entry.
# You can change them after Wazuh dashboard starts.
# Values must to be true or false.
#extensions.pci       : true
#extensions.gdpr      : true
#extensions.hipaa     : true
#extensions.nist      : true
#extensions.tsc       : true
#extensions.audit     : true
#extensions.oscap     : false
#extensions.ciscat    : false
#extensions.aws       : false
#extensions.gcp       : false
#extensions.virustotal: false
#extensions.osquery   : false
#extensions.docker    : false
#
# ---------------------------------- Timeout ----------------------------------
#
# Defines maximum timeout to be used on the Wazuh dashboard requests.
# It will be ignored if it is bellow 1500.
# It means milliseconds before we consider a request as failed.
# Default: 20000
#timeout: 20000
#
# -------------------------------- API selector --------------------------------
#
# Defines if the user is allowed to change the selected
# API directly from the Wazuh dashboard top menu.
# Default: true
#api.selector: true
#
# --------------------------- Index pattern selector ---------------------------
#
# Defines if the user is allowed to change the selected
# index pattern directly from the Wazuh dashboard top menu.
# Default: true
#ip.selector: true
#
# List of index patterns to be ignored
#ip.ignore: []
#
# ------------------------------ wazuh-monitoring ------------------------------
#
# Custom setting to enable/disable wazuh-monitoring indices.
# Values: true, false, worker
# If worker is given as value, the app will show the Agents status
# visualization but won't insert data on wazuh-monitoring indices.
# Default: true
#wazuh.monitoring.enabled: true
#
# Custom setting to set the frequency for wazuh-monitoring indices cron task.
# Default: 900 (s)
#wazuh.monitoring.frequency: 900
#
# Configure wazuh-monitoring-* indices shards and replicas.
#wazuh.monitoring.shards: 1
#wazuh.monitoring.replicas: 0
#
# Configure wazuh-monitoring-* indices custom creation interval.
# Values: h (hourly), d (daily), w (weekly), m (monthly)
# Default: w
#wazuh.monitoring.creation: w
#
# Default index pattern to use for Wazuh monitoring
#wazuh.monitoring.pattern: wazuh-monitoring-*
#
# --------------------------------- wazuh-cron ----------------------------------
#
# Customize the index prefix of predefined jobs
# This change is not retroactive, if you change it new indexes will be created
# cron.prefix: wazuh
#
# --------------------------------- wazuh-sample-alerts -------------------------
#
# Customize the index name prefix of sample alerts
# This change is not retroactive, if you change it new indexes will be created
# It should match with a valid index template to avoid unknown fields on
# dashboards
#alerts.sample.prefix: wazuh-alerts-4.x-
#
# ------------------------------ wazuh-statistics -------------------------------
#
# Custom setting to enable/disable statistics tasks.
#cron.statistics.status: true
#
# Enter the ID of the APIs you want to save data from, leave this empty to run
# the task on all configured APIs
#cron.statistics.apis: []
#
# Define the frequency of task execution using cron schedule expressions
#cron.statistics.interval: 0 */5 * * * *
#
# Define the name of the index in which the documents are to be saved.
#cron.statistics.index.name: statistics
#
# Define the interval in which the index will be created
#cron.statistics.index.creation: w
#
# Configure statistics indices shards and replicas.
#cron.statistics.shards: 1
#cron.statistics.replicas: 0
#
# ------------------------------ wazuh-logo-customization -------------------------------
#
#Define the name of the app logo saved in the path /plugins/wazuh/assets/
#customization.logo.app: ''
#
#Define the name of the sidebar logo saved in the path /plugins/wazuh/assets/
#customization.logo.sidebar: ''
#
#Define the name of the health-check logo saved in the path /plugins/wazuh/assets/
#customization.logo.healthcheck: ''
#
#Define the name of the reports logo (.png) saved in the path /plugins/wazuh/assets/
#customization.logo.reports: ''
#
# ---------------------------- Hide manager alerts ------------------------------
# Hide the alerts of the manager in all dashboards and discover
#hideManagerAlerts: false
#
# ------------------------------- App logging level -----------------------------
# Set the logging level for the Wazuh dashboard log files.
# Default value: info
# Allowed values: info, debug
#logs.level: info
#
# -------------------------------- Enrollment DNS -------------------------------
# Set the variable WAZUH_REGISTRATION_SERVER in agents deployment.
# Default value: ''
#enrollment.dns: ''
#
# Wazuh registration password
# Default value: ''
#enrollment.password: cffy.ajz7tJ1MR2YZGl1t9iWtZElT3jr
#-------------------------------- API entries -----------------------------------
#The following configuration is the default structure to define an API entry.
#
#hosts:
#  - <id>:
      # URL
      # API url
      # url: http(s)://<url>

      # Port
      # API port
      # port: <port>

      # Username
      # API user's username
      # username: <username>

      # Password
      # API user's password
      # password: cffy.ajz7tJ1MR2YZGl1t9iWtZElT3jr

      # Run as
      # Define how the app user gets his/her app permissions.
      # Values:
      #   - true: use his/her authentication context. Require Wazuh API user allows run_as.
      #   - false or not defined: get same permissions of Wazuh API user.
      # run_as: <true|false>
hosts:
  - default:
     url: https://172.31.18.209
     port: 55000
     username: wazuh-wui
     password: cffy.ajz7tJ1MR2YZGl1t9iWtZElT3jr
     run_as: false

Diffs

New url on documentation: https://documentation.wazuh.com/4.3/installation-guide/index.htmlt

[pepitoenpeligro]

Wazuh Dashboard (included the Wazuh WUI) communication with Wazuh manager API and Wazuh indexer 🟢

GET /manager/info

GET /syscollector/000/processes?pretty=true

Security Events

Logs on wazuh-server

Index on wazuh-indexer

[pepitoenpeligro]

Register Wazuh Agents 🟢

Register a Wazuh agent on OS X [Monterrey] (12.4) with the default group

wazuh_os_x_agent_default_group.mov

Register a Windows 2022 agent on group pepitotesting436 (creation procedure inside)

wazuh_windows_agent_specific_groupp.mp4

Register a Ubuntu 22.04 agent on group pepitotesting436

wazuh_ubuntu_22_04_specific_group.mov

[pepitoenpeligro]

Basic browsing through the WUI 🟢

Wazuh APP > Modules > Security Events

Grabacion.de.pantalla.2022-07-19.a.las.13.53.55.mov

Wazuh APP > Modules > Auditing and Policy Monitoring > Policy Monitoring

Grabacion.de.pantalla.2022-07-19.a.las.13.55.32.mov

Wazuh APP > Modules > Auditing and Policy Monitoring > Security configuration assessment

Grabacion.de.pantalla.2022-07-19.a.las.13.56.53.mov

Wazuh APP > Modules > Threat detection and response > Vulnerabilities

Grabacion.de.pantalla.2022-07-19.a.las.13.58.20.mov

Wazuh APP > Modules > Threat detection and response > MITRE ATT&CK

Grabacion.de.pantalla.2022-07-19.a.las.13.59.13.mov

Wazuh APP > Modules > Regulatory compliance > PCI DSS

Grabacion.de.pantalla.2022-07-19.a.las.14.02.07.mov

Wazuh APP > Modules > Regulatory compliance > GDPR

Grabacion.de.pantalla.2022-07-19.a.las.14.03.47.mov

Wazuh APP > Modules > Regulatory compliance > HIPAA

Grabacion.de.pantalla.2022-07-19.a.las.14.05.22.mov

Wazuh APP > Modules > Regulatory compliance > NIST 800-53

Grabacion.de.pantalla.2022-07-19.a.las.14.06.30.mov

Wazuh APP > Modules > Regulatory compliance > TSC

Grabacion.de.pantalla.2022-07-19.a.las.14.07.47.mov

Wazuh APP > Management > Rules

Grabacion.de.pantalla.2022-07-19.a.las.14.10.07.mov

Wazuh APP > Management > Decoders

Grabacion.de.pantalla.2022-07-19.a.las.14.11.53.mov

Wazuh APP > Management > Groups

Grabacion.de.pantalla.2022-07-19.a.las.14.13.25.mov

Wazuh APP > Regularon Compliance

Grabacion.de.pantalla.2022-07-19.a.las.14.01.11.mov

Wazuh APP > Agents

Grabacion.de.pantalla.2022-07-19.a.las.13.51.39.mov

Wazuh APP > Tools > API Console

tested on #14348 (comment)

Wazuh APP > Tools > Ruleset Test

Grabacion.de.pantalla.2022-07-19.a.las.13.36.46.mov

Wazuh APP > Settings and general test

Grabacion.de.pantalla.2022-07-19.a.las.14.14.38.mov

[pepitoenpeligro]

Basic experience with WUI performance 🟢

GET /rules

Grabacion.de.pantalla.2022-07-19.a.las.13.29.57.mov

GET /decoders

Grabacion.de.pantalla.2022-07-19.a.las.13.31.14.mov

Time consumption

[pepitoenpeligro]

Conclusions

Status	Test	Failure type	Notes
🟢	Wazuh dashboard package specs	Functional	#14348 (comment)
🟢	Dashboard package size	Functional	#14348 (comment)
🟢	Dashboard package metadata (description)	Usability	#14348 (comment)
🟢	Dashboard package digital signature	Usability	#14348 (comment)
🟢	Installed files location, size and permissions	Functional	#14348 (comment)
🟢	Installation footprint	Functional	#14348 (comment)
🟢	Wazuh Dashboard logs when installed	Functional	#14051 (comment)
🟢	Wazuh Dashboard configuration	Functional	#14348 (comment)
🟢	Wazuh Dashboard (included the Wazuh WUI) communication with Wazuh manager API and Wazuh indexer	Functional	#14348 (comment)
🟢	Register Wazuh Agents	Functional	#14348 (comment)
🟢	Basic browsing through the WUI	Usability	#14348 (comment)
🟢	Basic experience with WUI performance	Usability	#14348 (comment)