wazuh / wazuh-dashboard-plugins Goto Github PK

Plugins for Wazuh Dashboard

License: GNU General Public License v2.0

JavaScript 32.16% HTML 0.15% TypeScript 63.21% SCSS 1.80% Shell 1.49% Dockerfile 0.52% Makefile 0.01% Python 0.20% Gherkin 0.47%

wazuh ossec security loganalyzer compliance monitoring intrusion-detection policy-monitoring openscap security-hardening

wazuh-dashboard-plugins's Introduction

Wazuh

Wazuh is a free and open source platform used for threat prevention, detection, and response. It is capable of protecting workloads across on-premises, virtualized, containerized, and cloud-based environments.

Wazuh solution consists of an endpoint security agent, deployed to the monitored systems, and a management server, which collects and analyzes data gathered by the agents. Besides, Wazuh has been fully integrated with the Elastic Stack, providing a search engine and data visualization tool that allows users to navigate through their security alerts.

Wazuh capabilities

A brief presentation of some of the more common use cases of the Wazuh solution.

Intrusion detection

Wazuh agents scan the monitored systems looking for malware, rootkits and suspicious anomalies. They can detect hidden files, cloaked processes or unregistered network listeners, as well as inconsistencies in system call responses.

In addition to agent capabilities, the server component uses a signature-based approach to intrusion detection, using its regular expression engine to analyze collected log data and look for indicators of compromise.

Log data analysis

Wazuh agents read operating system and application logs, and securely forward them to a central manager for rule-based analysis and storage. When no agent is deployed, the server can also receive data via syslog from network devices or applications.

The Wazuh rules help make you aware of application or system errors, misconfigurations, attempted and/or successful malicious activities, policy violations and a variety of other security and operational issues.

File integrity monitoring

Wazuh monitors the file system, identifying changes in content, permissions, ownership, and attributes of files that you need to keep an eye on. In addition, it natively identifies users and applications used to create or modify files.

File integrity monitoring capabilities can be used in combination with threat intelligence to identify threats or compromised hosts. In addition, several regulatory compliance standards, such as PCI DSS, require it.

Vulnerability detection

Wazuh agents pull software inventory data and send this information to the server, where it is correlated with continuously updated CVE (Common Vulnerabilities and Exposure) databases, in order to identify well-known vulnerable software.

Automated vulnerability assessment helps you find the weak spots in your critical assets and take corrective action before attackers exploit them to sabotage your business or steal confidential data.

Configuration assessment

Wazuh monitors system and application configuration settings to ensure they are compliant with your security policies, standards and/or hardening guides. Agents perform periodic scans to detect applications that are known to be vulnerable, unpatched, or insecurely configured.

Additionally, configuration checks can be customized, tailoring them to properly align with your organization. Alerts include recommendations for better configuration, references and mapping with regulatory compliance.

Incident response

Wazuh provides out-of-the-box active responses to perform various countermeasures to address active threats, such as blocking access to a system from the threat source when certain criteria are met.

In addition, Wazuh can be used to remotely run commands or system queries, identifying indicators of compromise (IOCs) and helping perform other live forensics or incident response tasks.

Regulatory compliance

Wazuh provides some of the necessary security controls to become compliant with industry standards and regulations. These features, combined with its scalability and multi-platform support help organizations meet technical compliance requirements.

Wazuh is widely used by payment processing companies and financial institutions to meet PCI DSS (Payment Card Industry Data Security Standard) requirements. Its web user interface provides reports and dashboards that can help with this and other regulations (e.g. GPG13 or GDPR).

Cloud security

Wazuh helps monitoring cloud infrastructure at an API level, using integration modules that are able to pull security data from well known cloud providers, such as Amazon AWS, Azure or Google Cloud. In addition, Wazuh provides rules to assess the configuration of your cloud environment, easily spotting weaknesses.

In addition, Wazuh light-weight and multi-platform agents are commonly used to monitor cloud environments at the instance level.

Containers security

Wazuh provides security visibility into your Docker hosts and containers, monitoring their behavior and detecting threats, vulnerabilities and anomalies. The Wazuh agent has native integration with the Docker engine allowing users to monitor images, volumes, network settings, and running containers.

Wazuh continuously collects and analyzes detailed runtime information. For example, alerting for containers running in privileged mode, vulnerable applications, a shell running in a container, changes to persistent volumes or images, and other possible threats.

WUI

The Wazuh WUI provides a powerful user interface for data visualization and analysis. This interface can also be used to manage Wazuh configuration and to monitor its status.

Modules overview

Security events

Integrity monitoring

Vulnerability detection

Regulatory compliance

Agents overview

Agent summary

Orchestration

Here you can find all the automation tools maintained by the Wazuh team.

Branches

master branch contains the latest code, be aware of possible bugs on this branch.
stable branch on correspond to the last Wazuh stable version.

Software and libraries used

Software	Version	Author	License
bzip2	1.0.8	Julian Seward	BSD License
cJSON	1.7.12	Dave Gamble	MIT License
cPython	3.10.13	Guido van Rossum	Python Software Foundation License version 2
cURL	8.5.0	Daniel Stenberg	MIT License
Flatbuffers	23.5.26	Google Inc.	Apache 2.0 License
GoogleTest	1.11.0	Google Inc.	3-Clause "New" BSD License
jemalloc	5.2.1	Jason Evans	2-Clause "Simplified" BSD License
Lua	5.3.6	PUC-Rio	MIT License
libarchive	3.7.2	Tim Kientzle	3-Clause "New" BSD License
libdb	18.1.40	Oracle Corporation	Affero GPL v3
libffi	3.2.1	Anthony Green	MIT License
libpcre2	10.42.0	Philip Hazel	BSD License
libplist	2.2.0	Aaron Burghardt et al.	GNU Lesser General Public License version 2.1
libYAML	0.1.7	Kirill Simonov	MIT License
liblzma	5.4.2	Lasse Collin, Jia Tan et al.	GNU Public License version 3
Linux Audit userspace	2.8.4	Rik Faith	LGPL (copyleft)
msgpack	3.1.1	Sadayuki Furuhashi	Boost Software License version 1.0
nlohmann	3.7.3	Niels Lohmann	MIT License
OpenSSL	3.0.12	OpenSSL Software Foundation	Apache 2.0 License
pacman	5.2.2	Judd Vinet	GNU Public License version 2 (copyleft)
popt	1.16	Jeff Johnson & Erik Troan	MIT License
procps	2.8.3	Brian Edmonds et al.	LGPL (copyleft)
RocksDB	8.3.2	Facebook Inc.	Apache 2.0 License
rpm	4.18.2	Marc Ewing & Erik Troan	GNU Public License version 2 (copyleft)
sqlite	3.45.0	D. Richard Hipp	Public Domain (no restrictions)
zlib	1.3.1	Jean-loup Gailly & Mark Adler	zlib/libpng License

PyPi packages

Documentation

Get involved

Become part of the Wazuh's community to learn from other users, participate in discussions, talk to our developers and contribute to the project.

If you want to contribute to our project please don’t hesitate to make pull-requests, submit issues or send commits, we will review all your questions.

You can also join our Slack community channel and mailing list by sending an email to [email protected], to ask questions and participate in discussions.

Stay up to date on news, releases, engineering articles and more.

Authors

Based on the OSSEC project started by Daniel Cid.

wazuh-dashboard-plugins's People

Contributors

Stargazers

Watchers

Forkers

hex2a seccraft run2016ww georgeyan pengqiuyuan cntrigkog jsoref jamesspi aizr rtkjbillo emhlbmc thatmrsheep diggs27 fuhry sergibondarenko rndrev nithintnin themallcop wherego2000 johnathan1983 showsmall hapablanha oneoneplus leexuan xtremebeing mikeweinberg mmurph3 dizhaung lishan-ls djangid wgreen2135 rednixon databill86 pablotr9 tokarthik ahmedc10 markxgold mikekmiller adri9valle francobep investlab whantt merlingo alexbmw00 roohanisingla duanhlduanhl broccolimassacre nicolapagni jsanchez91 fieldfusion trustex mvandermeulen dyydos vvvprabhakar bigrayhicks code-read rbkmoney falcon303 lyoeril katebee harduino onnesa monkz harish-chander doytsujin inamukhan-eforte sysbot1843 ggbg cryptoshade khanchan mbenziane zgdkik sensi-1337 duplocloud victorhugolg djds rlaussat-adesso mustapha0101 secureonelabs zaredan mustafa-aamir huangyidegit bijaysenihang jmorets21sec d9-matt ahmedpythoner subedibibek-cmd threeeyedraven-99 royaflash d9-technologies prasadanvekar tieuvuongly fasere75 reinaldoca jason-weise formanskiy sitedata hungdv98 isabella232 9sea

wazuh-dashboard-plugins's Issues

dashboard file intergrity :No results found

Hi all,

I have a issues with dashboard.
Please , help me fix it

Kibana error - saved 'field' attribute is now invalid

Issue: when loading a fresh elk stack install into a Ubuntu 16.04 vagrant, the Kibana app will not show the Overview tab. (see screenshot). This is a single server architecture without filebeat. Also the Manager/Agent tabs of Kibana seem to work just fine, with everything showing green.

Full url: http://192.168.34.2/app/wazuh#/overview?_g=(refreshInterval:(display:Off,pause:!f,value:0),time:(from:now-1d,mode:quick,to:now))&view=panels&tab=pci&_a=(columns:!(_source),index:'wazuh-alerts-*',query:'_exists_:rule.pci_dss%20AND%20manager.name:%20default-ubuntu-1604',sort:!('@timestamp',desc),uiState:(vis:(legendOpen:!f,params:(sort:(columnIndex:!n,direction:!n)))))

Other information:

elasticsearch: 5.6.0
logstash: 1:5.6.0-1
kibana: 5.6.0
java: oracle 1.8.0_131
wazuhapp: wazuhapp-2.1.0_5.6.0.zip
wazuh-manager: 2.1.0-1xenial
wazuh-api: 2.1.0-1xenial

It might also help that I am running kibana through a reverse nginx proxy. Here is the nginx config:

upstream kibana {
    server 127.0.0.1:5601;
}

server {
    listen       *:80;
    server_name  192.168.34.2;

    location / {
        proxy_pass  http://kibana;
        proxy_set_header        Host            $host;
        proxy_set_header        X-Real-IP       $remote_addr;
        proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;

        proxy_connect_timeout   180;
        proxy_send_timeout      180;
        proxy_read_timeout      180;
    }
}

My kibana.yml file:

# Kibana is served by a back end server. This setting specifies the port to use.
server.port: 5601

# Specifies the address to which the Kibana server will bind. IP addresses and host names are both valid values.
# The default is 'localhost', which usually means remote machines will not be able to connect.
# To allow connections from remote users, set this parameter to a non-loopback address.
server.host: "0.0.0.0"

# The Kibana server's name.  This is used for display purposes.
server.name: "192.168.34.2"

# Enables you specify a file where Kibana stores log output.
logging.dest: '/var/log/kibana.log'

Logstash/ES Config template:

# Wazuh - Logstash configuration file
## Remote Wazuh Manager - Filebeat input (only for multiple server hosts)
# input {
#     beats {
#         port => 5000
#         codec => "json_lines"
#          ssl => true
#          ssl_certificate => "/etc/logstash/logstash.crt"
#          ssl_key => "/etc/logstash/logstash.key"
#     }
#  }
## Local Wazuh Manager - JSON file input
input {
   file {
       type => "wazuh-alerts"
       path => "/var/ossec/logs/alerts/alerts.json"
       codec => "json"
   }
}
filter {
    #geoip {
    #    source => "srcip"
    #    target => "GeoLocation"
    #    fields => ["city_name", "continent_code", "country_code2", "country_name", "region_name", "location"]
    #}
    date {
        match => ["timestamp", "ISO8601"]
        target => "@timestamp"
    }
    mutate {
        remove_field => [ "timestamp", "beat", "fields", "input_type", "tags", "count", "@version", "log", "offset", "type"]
    }
}
output {
    elasticsearch {
        hosts => ["localhost:9200"]
        index => "wazuh-alerts-%{+YYYY.MM.dd}"
        document_type => "wazuh"
        template => "/etc/logstash/wazuh-elastic5-template.json"
#       template => "/etc/logstash/wazuh-elastic2-template.json"
        template_name => "wazuh"
        template_overwrite => true
    }
}

Elasticsearch.log:

[2017-09-14T20:30:17,561][INFO ][o.e.n.Node               ] [] initializing ...
[2017-09-14T20:30:18,458][INFO ][o.e.e.NodeEnvironment    ] [CpJRxBm] using [1] data paths, mounts [[/ (/dev/mapper/vagrant--vg-root)]], net usable_space [32.7gb], net total_space [37.7gb], spins? [possibly], types [ext4]
[2017-09-14T20:30:18,480][INFO ][o.e.e.NodeEnvironment    ] [CpJRxBm] heap size [1.9gb], compressed ordinary object pointers [true]
[2017-09-14T20:30:18,482][INFO ][o.e.n.Node               ] node name [CpJRxBm] derived from node ID [CpJRxBm1RLmA0xzfhEg8kA]; set [node.name] to override
[2017-09-14T20:30:18,482][INFO ][o.e.n.Node               ] version[5.6.0], pid[20972], build[781a835/2017-09-07T03:09:58.087Z], OS[Linux/4.4.0-75-generic/amd64], JVM[Oracle Corporation/Java HotSpot(TM) 64-Bit Server VM/1.8.0_131/25.131-b11]
[2017-09-14T20:30:18,487][INFO ][o.e.n.Node               ] JVM arguments [-Xms2g, -Xmx2g, -XX:+UseConcMarkSweepGC, -XX:CMSInitiatingOccupancyFraction=75, -XX:+UseCMSInitiatingOccupancyOnly, -XX:+AlwaysPreTouch, -Xss1m, -Djava.awt.headless=true, -Dfile.encoding=UTF-8, -Djna.nosys=true, -Djdk.io.permissionsUseCanonicalPath=true, -Dio.netty.noUnsafe=true, -Dio.netty.noKeySetOptimization=true, -Dio.netty.recycler.maxCapacityPerThread=0, -Dlog4j.shutdownHookEnabled=false, -Dlog4j2.disable.jmx=true, -Dlog4j.skipJansi=true, -XX:+HeapDumpOnOutOfMemoryError, -Des.path.home=/usr/share/elasticsearch]
[2017-09-14T20:30:26,105][INFO ][o.e.p.PluginsService     ] [CpJRxBm] loaded module [aggs-matrix-stats]
[2017-09-14T20:30:26,105][INFO ][o.e.p.PluginsService     ] [CpJRxBm] loaded module [ingest-common]
[2017-09-14T20:30:26,105][INFO ][o.e.p.PluginsService     ] [CpJRxBm] loaded module [lang-expression]
[2017-09-14T20:30:26,105][INFO ][o.e.p.PluginsService     ] [CpJRxBm] loaded module [lang-groovy]
[2017-09-14T20:30:26,105][INFO ][o.e.p.PluginsService     ] [CpJRxBm] loaded module [lang-mustache]
[2017-09-14T20:30:26,105][INFO ][o.e.p.PluginsService     ] [CpJRxBm] loaded module [lang-painless]
[2017-09-14T20:30:26,105][INFO ][o.e.p.PluginsService     ] [CpJRxBm] loaded module [parent-join]
[2017-09-14T20:30:26,105][INFO ][o.e.p.PluginsService     ] [CpJRxBm] loaded module [percolator]
[2017-09-14T20:30:26,106][INFO ][o.e.p.PluginsService     ] [CpJRxBm] loaded module [reindex]
[2017-09-14T20:30:26,107][INFO ][o.e.p.PluginsService     ] [CpJRxBm] loaded module [transport-netty3]
[2017-09-14T20:30:26,107][INFO ][o.e.p.PluginsService     ] [CpJRxBm] loaded module [transport-netty4]
[2017-09-14T20:30:26,108][INFO ][o.e.p.PluginsService     ] [CpJRxBm] no plugins loaded
[2017-09-14T20:30:38,559][INFO ][o.e.d.DiscoveryModule    ] [CpJRxBm] using discovery type [zen]
[2017-09-14T20:30:42,400][INFO ][o.e.n.Node               ] initialized
[2017-09-14T20:30:42,400][INFO ][o.e.n.Node               ] [CpJRxBm] starting ...
[2017-09-14T20:30:43,723][INFO ][o.e.t.TransportService   ] [CpJRxBm] publish_address {127.0.0.1:9300}, bound_addresses {[::1]:9300}, {127.0.0.1:9300}
[2017-09-14T20:30:47,128][INFO ][o.e.c.s.ClusterService   ] [CpJRxBm] new_master {CpJRxBm}{CpJRxBm1RLmA0xzfhEg8kA}{wzb0E6anQESOP5HPnoTRrw}{127.0.0.1}{127.0.0.1:9300}, reason: zen-disco-elected-as-master ([0] nodes joined)
[2017-09-14T20:30:47,311][INFO ][o.e.h.n.Netty4HttpServerTransport] [CpJRxBm] publish_address {127.0.0.1:9200}, bound_addresses {[::1]:9200}, {127.0.0.1:9200}
[2017-09-14T20:30:47,315][INFO ][o.e.n.Node               ] [CpJRxBm] started
[2017-09-14T20:30:47,468][INFO ][o.e.g.GatewayService     ] [CpJRxBm] recovered [0] indices into cluster_state
[2017-09-14T20:30:55,516][INFO ][o.e.c.m.MetaDataCreateIndexService] [CpJRxBm] [.kibana] creating index, cause [api], templates [], shards [1]/[1], mappings [_default_, index-pattern, server, visualization, search, timelion-sheet, config, dashboard, url]
[2017-09-14T20:30:57,356][INFO ][o.e.c.m.MetaDataCreateIndexService] [CpJRxBm] [wazuh-monitoring-2017.09.14] creating index, cause [api], templates [wazuh], shards [5]/[1], mappings [agent, wazuh]
[2017-09-14T20:30:57,475][INFO ][o.e.m.j.JvmGcMonitorService] [CpJRxBm] [gc][15] overhead, spent [265ms] collecting in the last [1s]
[2017-09-14T20:30:58,510][INFO ][o.e.c.m.MetaDataCreateIndexService] [CpJRxBm] [wazuh-alerts-2017.09.14] creating index, cause [auto(bulk api)], templates [wazuh], shards [1]/[0], mappings [agent, wazuh]
[2017-09-14T20:30:58,818][INFO ][o.e.c.m.MetaDataCreateIndexService] [CpJRxBm] [.wazuh] creating index, cause [auto(bulk api)], templates [], shards [5]/[1], mappings []
[2017-09-14T20:31:01,634][INFO ][o.e.c.m.MetaDataMappingService] [CpJRxBm] [wazuh-alerts-2017.09.14/jx6cTv75ReSgv43aBgFYMw] update_mapping [wazuh]
[2017-09-14T20:31:01,869][INFO ][o.e.c.m.MetaDataMappingService] [CpJRxBm] [.wazuh/_u8pHubhS6OFWy4Wh10QYw] create_mapping [wazuh-setup]
[2017-09-14T20:31:02,190][INFO ][o.e.c.m.MetaDataMappingService] [CpJRxBm] [.kibana/6ckdqrHbSt6u23MFWAf4rQ] update_mapping [config]
[2017-09-14T20:32:19,753][INFO ][o.e.c.m.MetaDataMappingService] [CpJRxBm] [.wazuh/_u8pHubhS6OFWy4Wh10QYw] create_mapping [wazuh-configuration]
[2017-09-14T20:32:20,259][INFO ][o.e.c.m.MetaDataMappingService] [CpJRxBm] [wazuh-monitoring-2017.09.14/2oYe42tLTkakS77uWDMLDw] update_mapping [agent]

Kibana startup log:

{"type":"log","@timestamp":"2017-09-14T20:30:19Z","tags":["status","plugin:[email protected]","info"],"pid":21150,"state":"green","message":"Status changed from uninitialized to green - Ready","prevState":"uninitialized","prevMsg":"uninitialized"}
{"type":"log","@timestamp":"2017-09-14T20:30:19Z","tags":["status","plugin:[email protected]","info"],"pid":21150,"state":"yellow","message":"Status changed from uninitialized to yellow - Waiting for Elasticsearch","prevState":"uninitialized","prevMsg":"uninitialized"}
{"type":"log","@timestamp":"2017-09-14T20:30:19Z","tags":["error","elasticsearch","admin"],"pid":21150,"message":"Request error, retrying\nHEAD http://localhost:9200/ => connect ECONNREFUSED 127.0.0.1:9200"}
{"type":"log","@timestamp":"2017-09-14T20:30:23Z","tags":["warning","elasticsearch","admin"],"pid":21150,"message":"Unable to revive connection: http://localhost:9200/"}
{"type":"log","@timestamp":"2017-09-14T20:30:23Z","tags":["error","elasticsearch","data"],"pid":21150,"message":"Request error, retrying\nHEAD http://localhost:9200/.kibana/config/5.6.0 => connect ECONNREFUSED 127.0.0.1:9200"}
{"type":"log","@timestamp":"2017-09-14T20:30:23Z","tags":["warning","elasticsearch","admin"],"pid":21150,"message":"Unable to revive connection: http://localhost:9200/"}
{"type":"log","@timestamp":"2017-09-14T20:30:23Z","tags":["warning","elasticsearch","admin"],"pid":21150,"message":"No living connections"}
{"type":"log","@timestamp":"2017-09-14T20:30:23Z","tags":["status","plugin:[email protected]","error"],"pid":21150,"state":"red","message":"Status changed from yellow to red - Request Timeout after 3000ms","prevState":"yellow","prevMsg":"Waiting for Elasticsearch"}
{"type":"log","@timestamp":"2017-09-14T20:30:23Z","tags":["status","plugin:[email protected]","info"],"pid":21150,"state":"green","message":"Status changed from uninitialized to green - Ready","prevState":"uninitialized","prevMsg":"uninitialized"}
{"type":"log","@timestamp":"2017-09-14T20:30:23Z","tags":["\u001b[34mwazuh\u001b[39m","initialize","info"],"pid":21150,"message":"Waiting Elasticsearch to be up..."}
{"type":"log","@timestamp":"2017-09-14T20:30:23Z","tags":["warning","elasticsearch","data"],"pid":21150,"message":"Unable to revive connection: http://localhost:9200/"}
{"type":"log","@timestamp":"2017-09-14T20:30:23Z","tags":["warning","elasticsearch","data"],"pid":21150,"message":"No living connections"}
{"type":"log","@timestamp":"2017-09-14T20:30:23Z","tags":["status","plugin:[email protected]","info"],"pid":21150,"state":"green","message":"Status changed from uninitialized to green - Ready","prevState":"uninitialized","prevMsg":"uninitialized"}
{"type":"log","@timestamp":"2017-09-14T20:30:23Z","tags":["\u001b[34mwazuh\u001b[39m","initialize","info"],"pid":21150,"message":"Waiting index \".kibana\" to be created and prepared...."}
{"type":"log","@timestamp":"2017-09-14T20:30:23Z","tags":["status","plugin:[email protected]","info"],"pid":21150,"state":"green","message":"Status changed from uninitialized to green - Ready","prevState":"uninitialized","prevMsg":"uninitialized"}
{"type":"log","@timestamp":"2017-09-14T20:30:24Z","tags":["status","plugin:[email protected]","info"],"pid":21150,"state":"green","message":"Status changed from uninitialized to green - Ready","prevState":"uninitialized","prevMsg":"uninitialized"}
{"type":"log","@timestamp":"2017-09-14T20:30:24Z","tags":["listening","info"],"pid":21150,"message":"Server running at http://0.0.0.0:5601"}
{"type":"log","@timestamp":"2017-09-14T20:30:24Z","tags":["status","ui settings","error"],"pid":21150,"state":"red","message":"Status changed from uninitialized to red - Elasticsearch plugin is red","prevState":"uninitialized","prevMsg":"uninitialized"}
{"type":"log","@timestamp":"2017-09-14T20:30:26Z","tags":["warning","elasticsearch","admin"],"pid":21150,"message":"Unable to revive connection: http://localhost:9200/"}
{"type":"log","@timestamp":"2017-09-14T20:30:26Z","tags":["warning","elasticsearch","admin"],"pid":21150,"message":"No living connections"}
{"type":"log","@timestamp":"2017-09-14T20:30:26Z","tags":["status","plugin:[email protected]","error"],"pid":21150,"state":"red","message":"Status changed from red to red - Unable to connect to Elasticsearch at http://localhost:9200.","prevState":"red","prevMsg":"Request Timeout after 3000ms"}
{"type":"log","@timestamp":"2017-09-14T20:30:26Z","tags":["warning","elasticsearch","admin"],"pid":21150,"message":"Unable to revive connection: http://localhost:9200/"}
{"type":"log","@timestamp":"2017-09-14T20:30:26Z","tags":["warning","elasticsearch","admin"],"pid":21150,"message":"No living connections"}
{"type":"log","@timestamp":"2017-09-14T20:30:26Z","tags":["\u001b[34mwazuh\u001b[39m","initialize","info"],"pid":21150,"message":"Waiting Elasticsearch to be up..."}
{"type":"log","@timestamp":"2017-09-14T20:30:26Z","tags":["warning","elasticsearch","data"],"pid":21150,"message":"Unable to revive connection: http://localhost:9200/"}
{"type":"log","@timestamp":"2017-09-14T20:30:26Z","tags":["warning","elasticsearch","data"],"pid":21150,"message":"No living connections"}
{"type":"log","@timestamp":"2017-09-14T20:30:26Z","tags":["\u001b[34mwazuh\u001b[39m","initialize","info"],"pid":21150,"message":"Waiting index \".kibana\" to be created and prepared...."}
{"type":"log","@timestamp":"2017-09-14T20:30:28Z","tags":["warning","elasticsearch","admin"],"pid":21150,"message":"Unable to revive connection: http://localhost:9200/"}
{"type":"log","@timestamp":"2017-09-14T20:30:28Z","tags":["warning","elasticsearch","admin"],"pid":21150,"message":"No living connections"}
{"type":"log","@timestamp":"2017-09-14T20:30:29Z","tags":["warning","elasticsearch","admin"],"pid":21150,"message":"Unable to revive connection: http://localhost:9200/"}
{"type":"log","@timestamp":"2017-09-14T20:30:29Z","tags":["warning","elasticsearch","admin"],"pid":21150,"message":"No living connections"}
{"type":"log","@timestamp":"2017-09-14T20:30:29Z","tags":["\u001b[34mwazuh\u001b[39m","initialize","info"],"pid":21150,"message":"Waiting Elasticsearch to be up..."}
{"type":"log","@timestamp":"2017-09-14T20:30:29Z","tags":["warning","elasticsearch","data"],"pid":21150,"message":"Unable to revive connection: http://localhost:9200/"}
{"type":"log","@timestamp":"2017-09-14T20:30:29Z","tags":["warning","elasticsearch","data"],"pid":21150,"message":"No living connections"}
{"type":"log","@timestamp":"2017-09-14T20:30:29Z","tags":["\u001b[34mwazuh\u001b[39m","initialize","info"],"pid":21150,"message":"Waiting index \".kibana\" to be created and prepared...."}
{"type":"log","@timestamp":"2017-09-14T20:30:31Z","tags":["warning","elasticsearch","admin"],"pid":21150,"message":"Unable to revive connection: http://localhost:9200/"}
{"type":"log","@timestamp":"2017-09-14T20:30:31Z","tags":["warning","elasticsearch","admin"],"pid":21150,"message":"No living connections"}
{"type":"log","@timestamp":"2017-09-14T20:30:32Z","tags":["warning","elasticsearch","admin"],"pid":21150,"message":"Unable to revive connection: http://localhost:9200/"}
{"type":"log","@timestamp":"2017-09-14T20:30:32Z","tags":["warning","elasticsearch","admin"],"pid":21150,"message":"No living connections"}
{"type":"log","@timestamp":"2017-09-14T20:30:32Z","tags":["\u001b[34mwazuh\u001b[39m","initialize","info"],"pid":21150,"message":"Waiting Elasticsearch to be up..."}
{"type":"log","@timestamp":"2017-09-14T20:30:32Z","tags":["warning","elasticsearch","data"],"pid":21150,"message":"Unable to revive connection: http://localhost:9200/"}
{"type":"log","@timestamp":"2017-09-14T20:30:32Z","tags":["warning","elasticsearch","data"],"pid":21150,"message":"No living connections"}
{"type":"log","@timestamp":"2017-09-14T20:30:32Z","tags":["\u001b[34mwazuh\u001b[39m","initialize","info"],"pid":21150,"message":"Waiting index \".kibana\" to be created and prepared...."}
{"type":"log","@timestamp":"2017-09-14T20:30:33Z","tags":["warning","elasticsearch","admin"],"pid":21150,"message":"Unable to revive connection: http://localhost:9200/"}
{"type":"log","@timestamp":"2017-09-14T20:30:33Z","tags":["warning","elasticsearch","admin"],"pid":21150,"message":"No living connections"}
{"type":"log","@timestamp":"2017-09-14T20:30:35Z","tags":["warning","elasticsearch","admin"],"pid":21150,"message":"Unable to revive connection: http://localhost:9200/"}
{"type":"log","@timestamp":"2017-09-14T20:30:35Z","tags":["warning","elasticsearch","admin"],"pid":21150,"message":"No living connections"}
{"type":"log","@timestamp":"2017-09-14T20:30:35Z","tags":["warning","elasticsearch","data"],"pid":21150,"message":"Unable to revive connection: http://localhost:9200/"}
{"type":"log","@timestamp":"2017-09-14T20:30:35Z","tags":["warning","elasticsearch","data"],"pid":21150,"message":"No living connections"}
{"type":"log","@timestamp":"2017-09-14T20:30:35Z","tags":["\u001b[34mwazuh\u001b[39m","initialize","info"],"pid":21150,"message":"Waiting Elasticsearch to be up..."}
{"type":"log","@timestamp":"2017-09-14T20:30:35Z","tags":["\u001b[34mwazuh\u001b[39m","initialize","info"],"pid":21150,"message":"Waiting index \".kibana\" to be created and prepared...."}
{"type":"log","@timestamp":"2017-09-14T20:30:36Z","tags":["warning","elasticsearch","admin"],"pid":21150,"message":"Unable to revive connection: http://localhost:9200/"}
{"type":"log","@timestamp":"2017-09-14T20:30:36Z","tags":["warning","elasticsearch","admin"],"pid":21150,"message":"No living connections"}
{"type":"log","@timestamp":"2017-09-14T20:30:38Z","tags":["warning","elasticsearch","admin"],"pid":21150,"message":"Unable to revive connection: http://localhost:9200/"}
{"type":"log","@timestamp":"2017-09-14T20:30:38Z","tags":["warning","elasticsearch","admin"],"pid":21150,"message":"No living connections"}
{"type":"log","@timestamp":"2017-09-14T20:30:38Z","tags":["warning","elasticsearch","admin"],"pid":21150,"message":"Unable to revive connection: http://localhost:9200/"}
{"type":"log","@timestamp":"2017-09-14T20:30:38Z","tags":["warning","elasticsearch","admin"],"pid":21150,"message":"No living connections"}
{"type":"log","@timestamp":"2017-09-14T20:30:38Z","tags":["warning","elasticsearch","data"],"pid":21150,"message":"Unable to revive connection: http://localhost:9200/"}
{"type":"log","@timestamp":"2017-09-14T20:30:38Z","tags":["warning","elasticsearch","data"],"pid":21150,"message":"No living connections"}
{"type":"log","@timestamp":"2017-09-14T20:30:38Z","tags":["\u001b[34mwazuh\u001b[39m","initialize","info"],"pid":21150,"message":"Waiting Elasticsearch to be up..."}
{"type":"log","@timestamp":"2017-09-14T20:30:38Z","tags":["\u001b[34mwazuh\u001b[39m","initialize","info"],"pid":21150,"message":"Waiting index \".kibana\" to be created and prepared...."}
{"type":"log","@timestamp":"2017-09-14T20:30:41Z","tags":["warning","elasticsearch","admin"],"pid":21150,"message":"Unable to revive connection: http://localhost:9200/"}
{"type":"log","@timestamp":"2017-09-14T20:30:41Z","tags":["warning","elasticsearch","admin"],"pid":21150,"message":"No living connections"}
{"type":"log","@timestamp":"2017-09-14T20:30:41Z","tags":["warning","elasticsearch","admin"],"pid":21150,"message":"Unable to revive connection: http://localhost:9200/"}
{"type":"log","@timestamp":"2017-09-14T20:30:41Z","tags":["warning","elasticsearch","admin"],"pid":21150,"message":"No living connections"}
{"type":"log","@timestamp":"2017-09-14T20:30:41Z","tags":["warning","elasticsearch","data"],"pid":21150,"message":"Unable to revive connection: http://localhost:9200/"}
{"type":"log","@timestamp":"2017-09-14T20:30:41Z","tags":["warning","elasticsearch","data"],"pid":21150,"message":"No living connections"}
{"type":"log","@timestamp":"2017-09-14T20:30:41Z","tags":["\u001b[34mwazuh\u001b[39m","initialize","info"],"pid":21150,"message":"Waiting Elasticsearch to be up..."}
{"type":"log","@timestamp":"2017-09-14T20:30:41Z","tags":["\u001b[34mwazuh\u001b[39m","initialize","info"],"pid":21150,"message":"Waiting index \".kibana\" to be created and prepared...."}
{"type":"log","@timestamp":"2017-09-14T20:30:43Z","tags":["warning","elasticsearch","admin"],"pid":21150,"message":"Unable to revive connection: http://localhost:9200/"}
{"type":"log","@timestamp":"2017-09-14T20:30:43Z","tags":["warning","elasticsearch","admin"],"pid":21150,"message":"No living connections"}
{"type":"log","@timestamp":"2017-09-14T20:30:45Z","tags":["warning","elasticsearch","admin"],"pid":21150,"message":"Unable to revive connection: http://localhost:9200/"}
{"type":"log","@timestamp":"2017-09-14T20:30:45Z","tags":["warning","elasticsearch","admin"],"pid":21150,"message":"No living connections"}
{"type":"log","@timestamp":"2017-09-14T20:30:45Z","tags":["warning","elasticsearch","data"],"pid":21150,"message":"Unable to revive connection: http://localhost:9200/"}
{"type":"log","@timestamp":"2017-09-14T20:30:45Z","tags":["warning","elasticsearch","data"],"pid":21150,"message":"No living connections"}
{"type":"log","@timestamp":"2017-09-14T20:30:45Z","tags":["\u001b[34mwazuh\u001b[39m","initialize","info"],"pid":21150,"message":"Waiting Elasticsearch to be up..."}
{"type":"log","@timestamp":"2017-09-14T20:30:45Z","tags":["\u001b[34mwazuh\u001b[39m","initialize","info"],"pid":21150,"message":"Waiting index \".kibana\" to be created and prepared...."}
{"type":"log","@timestamp":"2017-09-14T20:30:46Z","tags":["warning","elasticsearch","admin"],"pid":21150,"message":"Unable to revive connection: http://localhost:9200/"}
{"type":"log","@timestamp":"2017-09-14T20:30:46Z","tags":["warning","elasticsearch","admin"],"pid":21150,"message":"No living connections"}
{"type":"log","@timestamp":"2017-09-14T20:30:54Z","tags":["status","plugin:[email protected]","info"],"pid":21150,"state":"yellow","message":"Status changed from red to yellow - No existing Kibana index found","prevState":"red","prevMsg":"Unable to connect to Elasticsearch at http://localhost:9200."}
{"type":"log","@timestamp":"2017-09-14T20:30:54Z","tags":["status","ui settings","info"],"pid":21150,"state":"yellow","message":"Status changed from red to yellow - Elasticsearch plugin is yellow","prevState":"red","prevMsg":"Elasticsearch plugin is red"}
{"type":"log","@timestamp":"2017-09-14T20:30:56Z","tags":["\u001b[34mwazuh\u001b[39m","initialize","info"],"pid":21150,"message":"Wazuh-setup document does not exist. Initializating configuration..."}
{"type":"log","@timestamp":"2017-09-14T20:30:56Z","tags":["\u001b[34mwazuh\u001b[39m","Wazuh agents monitoring","info"],"pid":21150,"message":"Creating today index..."}
{"type":"log","@timestamp":"2017-09-14T20:30:56Z","tags":["\u001b[34mwazuh\u001b[39m","Wazuh agents monitoring","info"],"pid":21150,"message":"Configuring Kibana for working with \"wazuh-monitoring-*\" index pattern..."}
{"type":"log","@timestamp":"2017-09-14T20:30:57Z","tags":["\u001b[34mwazuh\u001b[39m","Wazuh agents monitoring","info"],"pid":21150,"message":"Template installed and loaded: wazuh-monitoring-*"}
{"type":"log","@timestamp":"2017-09-14T20:30:57Z","tags":["\u001b[34mwazuh\u001b[39m","Wazuh agents monitoring","info"],"pid":21150,"message":"Inserting sample alert..."}
{"type":"log","@timestamp":"2017-09-14T20:30:57Z","tags":["\u001b[34mwazuh\u001b[39m","initialize","info"],"pid":21150,"message":"Template installed and loaded: wazuh-alerts-*"}
{"type":"log","@timestamp":"2017-09-14T20:30:57Z","tags":["\u001b[34mwazuh\u001b[39m","initialize","info"],"pid":21150,"message":"Inserting sample alert..."}
{"type":"log","@timestamp":"2017-09-14T20:30:57Z","tags":["\u001b[34mwazuh\u001b[39m","initialize","info"],"pid":21150,"message":"Creating index pattern: wazuh-alerts-*"}
{"type":"log","@timestamp":"2017-09-14T20:30:57Z","tags":["\u001b[34mwazuh\u001b[39m","initialize","info"],"pid":21150,"message":"Importing objects (Searches, visualizations and dashboards) into Elasticsearch..."}
{"type":"log","@timestamp":"2017-09-14T20:30:59Z","tags":["\u001b[34mwazuh\u001b[39m","Wazuh agents monitoring","info"],"pid":21150,"message":"Successfully initialized!"}
{"type":"log","@timestamp":"2017-09-14T20:30:59Z","tags":["\u001b[34mwazuh\u001b[39m","initialize","info"],"pid":21150,"message":"Created index pattern: wazuh-alerts-*"}
{"type":"log","@timestamp":"2017-09-14T20:31:01Z","tags":["status","plugin:[email protected]","info"],"pid":21150,"state":"green","message":"Status changed from yellow to green - Kibana index ready","prevState":"yellow","prevMsg":"No existing Kibana index found"}
{"type":"log","@timestamp":"2017-09-14T20:31:01Z","tags":["status","ui settings","info"],"pid":21150,"state":"green","message":"Status changed from yellow to green - Ready","prevState":"yellow","prevMsg":"Elasticsearch plugin is yellow"}
{"type":"log","@timestamp":"2017-09-14T20:31:01Z","tags":["\u001b[34mwazuh\u001b[39m","initialize","info"],"pid":21150,"message":"Templates, mappings, index patterns, visualizations, searches and dashboards were successfully installed. App ready to be used."}
{"type":"log","@timestamp":"2017-09-14T20:31:01Z","tags":["\u001b[34mwazuh\u001b[39m","Wazuh agents monitoring","info"],"pid":21150,"message":"Sample alert inserted"}
{"type":"log","@timestamp":"2017-09-14T20:31:01Z","tags":["\u001b[34mwazuh\u001b[39m","initialize","info"],"pid":21150,"message":"Sample alert inserted"}
{"type":"log","@timestamp":"2017-09-14T20:31:01Z","tags":["\u001b[34mwazuh\u001b[39m","initialize","info"],"pid":21150,"message":"Wazuh set up info inserted"}
{"type":"log","@timestamp":"2017-09-14T20:31:01Z","tags":["\u001b[34mwazuh\u001b[39m","initialize","info"],"pid":21150,"message":"Setting Kibana default values: Index pattern, time picker and metaFields..."}
{"type":"log","@timestamp":"2017-09-14T20:31:02Z","tags":["\u001b[34mwazuh\u001b[39m","initialize","info"],"pid":21150,"message":"Kibana default values set"}

Logstash logs:

[2017-09-14T20:31:05,457][INFO ][logstash.modules.scaffold] Initializing module {:module_name=>"fb_apache", :directory=>"/usr/share/logstash/modules/fb_apache/configuration"}
[2017-09-14T20:31:05,468][INFO ][logstash.modules.scaffold] Initializing module {:module_name=>"netflow", :directory=>"/usr/share/logstash/modules/netflow/configuration"}
[2017-09-14T20:31:05,497][INFO ][logstash.setting.writabledirectory] Creating directory {:setting=>"path.queue", :path=>"/var/lib/logstash/queue"}
[2017-09-14T20:31:05,498][INFO ][logstash.setting.writabledirectory] Creating directory {:setting=>"path.dead_letter_queue", :path=>"/var/lib/logstash/dead_letter_queue"}
[2017-09-14T20:31:05,585][INFO ][logstash.agent           ] No persistent UUID file found. Generating new UUID {:uuid=>"9f1e2118-caf6-49e9-9d8e-d5b85751db0b", :path=>"/var/lib/logstash/uuid"}
[2017-09-14T20:31:07,642][INFO ][logstash.outputs.elasticsearch] Elasticsearch pool URLs updated {:changes=>{:removed=>[], :added=>[http://localhost:9200/]}}
[2017-09-14T20:31:07,643][INFO ][logstash.outputs.elasticsearch] Running health check to see if an Elasticsearch connection is working {:healthcheck_url=>http://localhost:9200/, :path=>"/"}
[2017-09-14T20:31:07,798][WARN ][logstash.outputs.elasticsearch] Restored connection to ES instance {:url=>"http://localhost:9200/"}
[2017-09-14T20:31:07,800][INFO ][logstash.outputs.elasticsearch] Using mapping template from {:path=>"/etc/logstash/wazuh-elastic5-template.json"}
[2017-09-14T20:31:07,929][INFO ][logstash.outputs.elasticsearch] Attempting to install template {:manage_template=>{"order"=>0, "template"=>"wazuh*", "settings"=>{"index.refresh_interval"=>"5s", "number_of_shards"=>1, "number_of_replicas"=>0}, "mappings"=>{"wazuh"=>{"dynamic_templates"=>[{"string_as_keyword"=>{"match_mapping_type"=>"string", "mapping"=>{"type"=>"keyword", "doc_values"=>"true"}}}], "properties"=>{"@timestamp"=>{"type"=>"date", "format"=>"dateOptionalTime"}, "@version"=>{"type"=>"text"}, "agent"=>{"properties"=>{"ip"=>{"type"=>"keyword", "doc_values"=>"true"}, "id"=>{"type"=>"keyword", "doc_values"=>"true"}, "name"=>{"type"=>"keyword", "doc_values"=>"true"}}}, "manager"=>{"properties"=>{"name"=>{"type"=>"keyword", "doc_values"=>"true"}}}, "dstuser"=>{"type"=>"keyword", "doc_values"=>"true"}, "AlertsFile"=>{"type"=>"keyword", "doc_values"=>"true"}, "full_log"=>{"type"=>"text"}, "previous_log"=>{"type"=>"text"}, "GeoLocation"=>{"properties"=>{"area_code"=>{"type"=>"long"}, "city_name"=>{"type"=>"keyword", "doc_values"=>"true"}, "continent_code"=>{"type"=>"text"}, "coordinates"=>{"type"=>"double"}, "country_code2"=>{"type"=>"text"}, "country_code3"=>{"type"=>"text"}, "country_name"=>{"type"=>"keyword", "doc_values"=>"true"}, "dma_code"=>{"type"=>"long"}, "ip"=>{"type"=>"keyword", "doc_values"=>"true"}, "latitude"=>{"type"=>"double"}, "location"=>{"type"=>"geo_point"}, "longitude"=>{"type"=>"double"}, "postal_code"=>{"type"=>"keyword"}, "real_region_name"=>{"type"=>"keyword", "doc_values"=>"true"}, "region_name"=>{"type"=>"keyword", "doc_values"=>"true"}, "timezone"=>{"type"=>"text"}}}, "host"=>{"type"=>"keyword", "doc_values"=>"true"}, "syscheck"=>{"properties"=>{"path"=>{"type"=>"keyword", "doc_values"=>"true"}, "sha1_before"=>{"type"=>"keyword", "doc_values"=>"true"}, "sha1_after"=>{"type"=>"keyword", "doc_values"=>"true"}, "uid_before"=>{"type"=>"keyword", "doc_values"=>"true"}, "uid_after"=>{"type"=>"keyword", "doc_values"=>"true"}, "gid_before"=>{"type"=>"keyword", "doc_values"=>"true"}, "gid_after"=>{"type"=>"keyword", "doc_values"=>"true"}, "perm_before"=>{"type"=>"keyword", "doc_values"=>"true"}, "perm_after"=>{"type"=>"keyword", "doc_values"=>"true"}, "md5_after"=>{"type"=>"keyword", "doc_values"=>"true"}, "md5_before"=>{"type"=>"keyword", "doc_values"=>"true"}, "gname_after"=>{"type"=>"keyword", "doc_values"=>"true"}, "gname_before"=>{"type"=>"keyword", "doc_values"=>"true"}, "inode_after"=>{"type"=>"keyword", "doc_values"=>"true"}, "inode_before"=>{"type"=>"keyword", "doc_values"=>"true"}, "mtime_after"=>{"type"=>"date", "format"=>"dateOptionalTime", "doc_values"=>"true"}, "mtime_before"=>{"type"=>"date", "format"=>"dateOptionalTime", "doc_values"=>"true"}, "uname_after"=>{"type"=>"keyword", "doc_values"=>"true"}, "uname_before"=>{"type"=>"keyword", "doc_values"=>"true"}, "size_before"=>{"type"=>"long", "doc_values"=>"true"}, "size_after"=>{"type"=>"long", "doc_values"=>"true"}, "diff"=>{"type"=>"keyword", "doc_values"=>"true"}, "event"=>{"type"=>"keyword", "doc_values"=>"true"}}}, "location"=>{"type"=>"keyword", "doc_values"=>"true"}, "message"=>{"type"=>"text"}, "offset"=>{"type"=>"keyword"}, "rule"=>{"properties"=>{"description"=>{"type"=>"keyword", "doc_values"=>"true"}, "groups"=>{"type"=>"keyword", "doc_values"=>"true"}, "level"=>{"type"=>"long", "doc_values"=>"true"}, "id"=>{"type"=>"keyword", "doc_values"=>"true"}, "cve"=>{"type"=>"keyword", "doc_values"=>"true"}, "info"=>{"type"=>"keyword", "doc_values"=>"true"}, "frequency"=>{"type"=>"long", "doc_values"=>"true"}, "firedtimes"=>{"type"=>"long", "doc_values"=>"true"}, "cis"=>{"type"=>"keyword", "doc_values"=>"true"}, "pci_dss"=>{"type"=>"keyword", "doc_values"=>"true"}}}, "decoder"=>{"properties"=>{"parent"=>{"type"=>"keyword", "doc_values"=>"true"}, "name"=>{"type"=>"keyword", "doc_values"=>"true"}, "ftscomment"=>{"type"=>"keyword", "doc_values"=>"true"}, "fts"=>{"type"=>"long", "doc_values"=>"true"}, "accumulate"=>{"type"=>"long", "doc_values"=>"true"}}}, "srcip"=>{"type"=>"keyword", "doc_values"=>"true"}, "protocol"=>{"type"=>"keyword", "doc_values"=>"true"}, "action"=>{"type"=>"keyword", "doc_values"=>"true"}, "dstip"=>{"type"=>"keyword", "doc_values"=>"true"}, "dstport"=>{"type"=>"keyword", "doc_values"=>"true"}, "srcuser"=>{"type"=>"keyword", "doc_values"=>"true"}, "program_name"=>{"type"=>"keyword", "doc_values"=>"true"}, "id"=>{"type"=>"keyword", "doc_values"=>"true"}, "status"=>{"type"=>"keyword", "doc_values"=>"true"}, "command"=>{"type"=>"keyword", "doc_values"=>"true"}, "url"=>{"type"=>"keyword", "doc_values"=>"true"}, "data"=>{"type"=>"keyword", "doc_values"=>"true"}, "system_name"=>{"type"=>"keyword", "doc_values"=>"true"}, "type"=>{"type"=>"text"}, "title"=>{"type"=>"keyword", "doc_values"=>"true"}, "oscap"=>{"properties"=>{"check.title"=>{"type"=>"keyword", "doc_values"=>"true"}, "check.id"=>{"type"=>"keyword", "doc_values"=>"true"}, "check.result"=>{"type"=>"keyword", "doc_values"=>"true"}, "check.severity"=>{"type"=>"keyword", "doc_values"=>"true"}, "check.description"=>{"type"=>"text"}, "check.rationale"=>{"type"=>"text"}, "check.references"=>{"type"=>"text"}, "check.identifiers"=>{"type"=>"text"}, "check.oval.id"=>{"type"=>"keyword", "doc_values"=>"true"}, "scan.id"=>{"type"=>"keyword", "doc_values"=>"true"}, "scan.content"=>{"type"=>"keyword", "doc_values"=>"true"}, "scan.benchmark.id"=>{"type"=>"keyword", "doc_values"=>"true"}, "scan.profile.title"=>{"type"=>"keyword", "doc_values"=>"true"}, "scan.profile.id"=>{"type"=>"keyword", "doc_values"=>"true"}, "scan.score"=>{"type"=>"double", "doc_values"=>"true"}, "scan.return_code"=>{"type"=>"long", "doc_values"=>"true"}}}, "audit"=>{"properties"=>{"type"=>{"type"=>"keyword", "doc_values"=>"true"}, "id"=>{"type"=>"keyword", "doc_values"=>"true"}, "syscall"=>{"type"=>"keyword", "doc_values"=>"true"}, "exit"=>{"type"=>"keyword", "doc_values"=>"true"}, "ppid"=>{"type"=>"keyword", "doc_values"=>"true"}, "pid"=>{"type"=>"keyword", "doc_values"=>"true"}, "auid"=>{"type"=>"keyword", "doc_values"=>"true"}, "uid"=>{"type"=>"keyword", "doc_values"=>"true"}, "gid"=>{"type"=>"keyword", "doc_values"=>"true"}, "euid"=>{"type"=>"keyword", "doc_values"=>"true"}, "suid"=>{"type"=>"keyword", "doc_values"=>"true"}, "fsuid"=>{"type"=>"keyword", "doc_values"=>"true"}, "egid"=>{"type"=>"keyword", "doc_values"=>"true"}, "sgid"=>{"type"=>"keyword", "doc_values"=>"true"}, "fsgid"=>{"type"=>"keyword", "doc_values"=>"true"}, "tty"=>{"type"=>"keyword", "doc_values"=>"true"}, "session"=>{"type"=>"keyword", "doc_values"=>"true"}, "command"=>{"type"=>"keyword", "doc_values"=>"true"}, "exe"=>{"type"=>"keyword", "doc_values"=>"true"}, "key"=>{"type"=>"keyword", "doc_values"=>"true"}, "cwd"=>{"type"=>"keyword", "doc_values"=>"true"}, "directory.name"=>{"type"=>"keyword", "doc_values"=>"true"}, "directory.inode"=>{"type"=>"keyword", "doc_values"=>"true"}, "directory.mode"=>{"type"=>"keyword", "doc_values"=>"true"}, "file.name"=>{"type"=>"keyword", "doc_values"=>"true"}, "file.inode"=>{"type"=>"keyword", "doc_values"=>"true"}, "file.mode"=>{"type"=>"keyword", "doc_values"=>"true"}, "acct"=>{"type"=>"keyword", "doc_values"=>"true"}, "dev"=>{"type"=>"keyword", "doc_values"=>"true"}, "enforcing"=>{"type"=>"keyword", "doc_values"=>"true"}, "list"=>{"type"=>"keyword", "doc_values"=>"true"}, "old-auid"=>{"type"=>"keyword", "doc_values"=>"true"}, "old-ses"=>{"type"=>"keyword", "doc_values"=>"true"}, "old_enforcing"=>{"type"=>"keyword", "doc_values"=>"true"}, "old_prom"=>{"type"=>"keyword", "doc_values"=>"true"}, "op"=>{"type"=>"keyword", "doc_values"=>"true"}, "prom"=>{"type"=>"keyword", "doc_values"=>"true"}, "res"=>{"type"=>"keyword", "doc_values"=>"true"}, "srcip"=>{"type"=>"keyword", "doc_values"=>"true"}, "subj"=>{"type"=>"keyword", "doc_values"=>"true"}, "success"=>{"type"=>"keyword", "doc_values"=>"true"}}}}}, "agent"=>{"properties"=>{"@timestamp"=>{"type"=>"date", "format"=>"dateOptionalTime"}, "status"=>{"type"=>"keyword"}, "ip"=>{"type"=>"keyword"}, "host"=>{"type"=>"keyword"}, "name"=>{"type"=>"keyword"}, "id"=>{"type"=>"keyword"}}}}}}
[2017-09-14T20:31:07,963][INFO ][logstash.outputs.elasticsearch] Installing elasticsearch template to _template/wazuh
[2017-09-14T20:31:08,153][INFO ][logstash.outputs.elasticsearch] New Elasticsearch output {:class=>"LogStash::Outputs::ElasticSearch", :hosts=>["//localhost:9200"]}
[2017-09-14T20:31:08,169][INFO ][logstash.pipeline        ] Starting pipeline {"id"=>"main", "pipeline.workers"=>1, "pipeline.batch.size"=>125, "pipeline.batch.delay"=>5, "pipeline.max_inflight"=>125}
[2017-09-14T20:31:09,213][INFO ][logstash.pipeline        ] Pipeline main started
[2017-09-14T20:31:09,448][INFO ][logstash.agent           ] Successfully started Logstash API endpoint {:port=>9600}

Tail end of alerts.json

{"timestamp":"2017-09-14T20:29:58+0000","rule":{"level":7,"description":"New dpkg (Debian Package) installed.","id":"2902","firedtimes":14,"mail":false,"groups":["syslog","dpkg","config_changed"],"pci_dss":["10.6.1","10.2.7"]},"agent":{"id":"000","name":"default-ubuntu-1604"},"manager":{"name":"default-ubuntu-1604"},"full_log":"2017-09-14 20:29:58 status installed systemd:amd64 229-4ubuntu16","decoder":{"name":"windows-date-format"},"hostname":"default-ubuntu-1604","location":"/var/log/dpkg.log"}
{"timestamp":"2017-09-14T20:30:00+0000","rule":{"level":7,"description":"New dpkg (Debian Package) installed.","id":"2902","firedtimes":15,"mail":false,"groups":["syslog","dpkg","config_changed"],"pci_dss":["10.6.1","10.2.7"]},"agent":{"id":"000","name":"default-ubuntu-1604"},"manager":{"name":"default-ubuntu-1604"},"full_log":"2017-09-14 20:29:58 status installed ureadahead:amd64 0.100.0-19","decoder":{"name":"windows-date-format"},"hostname":"default-ubuntu-1604","location":"/var/log/dpkg.log"}
{"timestamp":"2017-09-14T20:30:00+0000","rule":{"level":7,"description":"New dpkg (Debian Package) installed.","id":"2902","firedtimes":16,"mail":false,"groups":["syslog","dpkg","config_changed"],"pci_dss":["10.6.1","10.2.7"]},"agent":{"id":"000","name":"default-ubuntu-1604"},"manager":{"name":"default-ubuntu-1604"},"full_log":"2017-09-14 20:29:58 status installed ufw:all 0.35-0ubuntu2","decoder":{"name":"windows-date-format"},"hostname":"default-ubuntu-1604","location":"/var/log/dpkg.log"}

ES Template:

{
  "order": 0,
  "template": "wazuh*",
  "settings": {
    "index.refresh_interval": "5s",
    "number_of_shards":   1,
    "number_of_replicas": 0
  },
  "mappings": {
    "wazuh": {
      "dynamic_templates": [
        {
          "string_as_keyword": {
            "match_mapping_type": "string",
            "mapping": {
              "type": "keyword",
              "doc_values": "true"
            }
          }
        }
      ],
      "properties": {
        "@timestamp": {
          "type": "date",
          "format": "dateOptionalTime"
        },
        "@version": {
          "type": "text"
        },
        "agent": {
          "properties": {
            "ip": {
              "type": "keyword",
              "doc_values": "true"
            },
            "id": {
              "type": "keyword",
              "doc_values": "true"
            },
            "name": {
              "type": "keyword",
              "doc_values": "true"
            }
          }
        },
        "manager": {
          "properties": {
            "name": {
              "type": "keyword",
              "doc_values": "true"
            }
          }
        },
        "dstuser": {
          "type": "keyword",
          "doc_values": "true"
        },
        "AlertsFile": {
          "type": "keyword",
          "doc_values": "true"
        },
        "full_log": {
          "type": "text"
        },
        "previous_log": {
          "type": "text"
        },
        "GeoLocation": {
          "properties": {
            "area_code": {
              "type": "long"
            },
            "city_name": {
              "type": "keyword",
              "doc_values": "true"
            },
            "continent_code": {
              "type": "text"
            },
            "coordinates": {
              "type": "double"
            },
            "country_code2": {
              "type": "text"
            },
            "country_code3": {
              "type": "text"
            },
            "country_name": {
              "type": "keyword",
              "doc_values": "true"
            },
            "dma_code": {
              "type": "long"
            },
            "ip": {
              "type": "keyword",
              "doc_values": "true"
            },
            "latitude": {
              "type": "double"
            },
            "location": {
              "type": "geo_point"
            },
            "longitude": {
              "type": "double"
            },
            "postal_code": {
              "type": "keyword"
            },
            "real_region_name": {
              "type": "keyword",
              "doc_values": "true"
            },
            "region_name": {
              "type": "keyword",
              "doc_values": "true"
            },
            "timezone": {
              "type": "text"
            }
          }
        },
        "host": {
          "type": "keyword",
          "doc_values": "true"
        },
        "syscheck": {
          "properties": {
            "path": {
              "type": "keyword",
              "doc_values": "true"
            },
            "sha1_before": {
              "type": "keyword",
              "doc_values": "true"
            },
            "sha1_after": {
              "type": "keyword",
              "doc_values": "true"
            },
            "uid_before": {
              "type": "keyword",
              "doc_values": "true"
            },
            "uid_after": {
              "type": "keyword",
              "doc_values": "true"
            },
            "gid_before": {
              "type": "keyword",
              "doc_values": "true"
            },
            "gid_after": {
              "type": "keyword",
              "doc_values": "true"
            },
            "perm_before": {
              "type": "keyword",
              "doc_values": "true"
            },
            "perm_after": {
              "type": "keyword",
              "doc_values": "true"
            },
            "md5_after": {
              "type": "keyword",
              "doc_values": "true"
            },
            "md5_before": {
              "type": "keyword",
              "doc_values": "true"
            },
            "gname_after": {
              "type": "keyword",
              "doc_values": "true"
            },
            "gname_before": {
              "type": "keyword",
              "doc_values": "true"
            },
            "inode_after": {
              "type": "keyword",
              "doc_values": "true"
            },
            "inode_before": {
              "type": "keyword",
              "doc_values": "true"
            },
            "mtime_after": {
              "type": "date",
              "format": "dateOptionalTime",
              "doc_values": "true"
            },
            "mtime_before": {
              "type": "date",
              "format": "dateOptionalTime",
              "doc_values": "true"
            },
            "uname_after": {
              "type": "keyword",
              "doc_values": "true"
            },
            "uname_before": {
              "type": "keyword",
              "doc_values": "true"
            },
            "size_before": {
              "type": "long",
              "doc_values": "true"
            },
            "size_after": {
              "type": "long",
              "doc_values": "true"
            },
            "diff": {
              "type": "keyword",
              "doc_values": "true"
            },
            "event": {
              "type": "keyword",
              "doc_values": "true"
            }
          }
        },
        "location": {
          "type": "keyword",
          "doc_values": "true"
        },
        "message": {
          "type": "text"
        },
        "offset": {
          "type": "keyword"
        },
        "rule": {
          "properties": {
            "description": {
              "type": "keyword",
              "doc_values": "true"
            },
            "groups": {
              "type": "keyword",
              "doc_values": "true"
            },
            "level": {
              "type": "long",
              "doc_values": "true"
            },
            "id": {
              "type": "keyword",
              "doc_values": "true"
            },
            "cve": {
              "type": "keyword",
              "doc_values": "true"
            },
            "info": {
              "type": "keyword",
              "doc_values": "true"
            },
            "frequency": {
              "type": "long",
              "doc_values": "true"
            },
            "firedtimes": {
              "type": "long",
              "doc_values": "true"
            },
            "cis": {
              "type": "keyword",
              "doc_values": "true"
            },
            "pci_dss": {
              "type": "keyword",
              "doc_values": "true"
            }
          }
        },
        "decoder": {
          "properties": {
            "parent": {
              "type": "keyword",
              "doc_values": "true"
            },
            "name": {
              "type": "keyword",
              "doc_values": "true"
            },
            "ftscomment": {
              "type": "keyword",
              "doc_values": "true"
            },
            "fts": {
              "type": "long",
              "doc_values": "true"
            },
            "accumulate": {
              "type": "long",
              "doc_values": "true"
            }
          }
        },
        "srcip": {
          "type": "keyword",
          "doc_values": "true"
        },
        "protocol": {
          "type": "keyword",
          "doc_values": "true"
        },
        "action": {
          "type": "keyword",
          "doc_values": "true"
        },
        "dstip": {
          "type": "keyword",
          "doc_values": "true"
        },
        "dstport": {
          "type": "keyword",
          "doc_values": "true"
        },
        "srcuser": {
          "type": "keyword",
          "doc_values": "true"
        },
        "program_name": {
          "type": "keyword",
          "doc_values": "true"
        },
        "id": {
          "type": "keyword",
          "doc_values": "true"
        },
        "status": {
          "type": "keyword",
          "doc_values": "true"
        },
        "command": {
          "type": "keyword",
          "doc_values": "true"
        },
        "url": {
          "type": "keyword",
          "doc_values": "true"
        },
        "data": {
          "type": "keyword",
          "doc_values": "true"
        },
        "system_name": {
          "type": "keyword",
          "doc_values": "true"
        },
        "type": {
          "type": "text"
        },
        "title": {
          "type": "keyword",
          "doc_values": "true"
        },
        "oscap": {
          "properties": {
            "check.title": {
              "type": "keyword",
              "doc_values": "true"
            },
            "check.id": {
              "type": "keyword",
              "doc_values": "true"
            },
            "check.result": {
              "type": "keyword",
              "doc_values": "true"
            },
            "check.severity": {
              "type": "keyword",
              "doc_values": "true"
            },
            "check.description": {
              "type": "text"
            },
            "check.rationale": {
              "type": "text"
            },
            "check.references": {
              "type": "text"
            },
            "check.identifiers": {
              "type": "text"
            },
            "check.oval.id": {
              "type": "keyword",
              "doc_values": "true"
            },
            "scan.id": {
              "type": "keyword",
              "doc_values": "true"
            },
            "scan.content": {
              "type": "keyword",
              "doc_values": "true"
            },
            "scan.benchmark.id": {
              "type": "keyword",
              "doc_values": "true"
            },
            "scan.profile.title": {
              "type": "keyword",
              "doc_values": "true"
            },
            "scan.profile.id": {
              "type": "keyword",
              "doc_values": "true"
            },
            "scan.score": {
              "type": "double",
              "doc_values": "true"
            },
            "scan.return_code": {
              "type": "long",
              "doc_values": "true"
            }
          }
        },
        "audit": {
          "properties": {
            "type": {
              "type": "keyword",
              "doc_values": "true"
            },
            "id": {
              "type": "keyword",
              "doc_values": "true"
            },
            "syscall": {
              "type": "keyword",
              "doc_values": "true"
            },
            "exit": {
              "type": "keyword",
              "doc_values": "true"
            },
            "ppid": {
              "type": "keyword",
              "doc_values": "true"
            },
            "pid": {
              "type": "keyword",
              "doc_values": "true"
            },
            "auid": {
              "type": "keyword",
              "doc_values": "true"
            },
            "uid": {
              "type": "keyword",
              "doc_values": "true"
            },
            "gid": {
              "type": "keyword",
              "doc_values": "true"
            },
            "euid": {
              "type": "keyword",
              "doc_values": "true"
            },
            "suid": {
              "type": "keyword",
              "doc_values": "true"
            },
            "fsuid": {
              "type": "keyword",
              "doc_values": "true"
            },
            "egid": {
              "type": "keyword",
              "doc_values": "true"
            },
            "sgid": {
              "type": "keyword",
              "doc_values": "true"
            },
            "fsgid": {
              "type": "keyword",
              "doc_values": "true"
            },
            "tty": {
              "type": "keyword",
              "doc_values": "true"
            },
            "session": {
              "type": "keyword",
              "doc_values": "true"
            },
            "command": {
              "type": "keyword",
              "doc_values": "true"
            },
            "exe": {
              "type": "keyword",
              "doc_values": "true"
            },
            "key": {
              "type": "keyword",
              "doc_values": "true"
            },
            "cwd": {
              "type": "keyword",
              "doc_values": "true"
            },
            "directory.name": {
              "type": "keyword",
              "doc_values": "true"
            },
            "directory.inode": {
              "type": "keyword",
              "doc_values": "true"
            },
            "directory.mode": {
              "type": "keyword",
              "doc_values": "true"
            },
            "file.name": {
              "type": "keyword",
              "doc_values": "true"
            },
            "file.inode": {
              "type": "keyword",
              "doc_values": "true"
            },
            "file.mode": {
              "type": "keyword",
              "doc_values": "true"
            },
            "acct": {
              "type": "keyword",
              "doc_values": "true"
            },
            "dev": {
              "type": "keyword",
              "doc_values": "true"
            },
            "enforcing": {
              "type": "keyword",
              "doc_values": "true"
            },
            "list": {
              "type": "keyword",
              "doc_values": "true"
            },
            "old-auid": {
              "type": "keyword",
              "doc_values": "true"
            },
            "old-ses": {
              "type": "keyword",
              "doc_values": "true"
            },
            "old_enforcing": {
              "type": "keyword",
              "doc_values": "true"
            },
            "old_prom": {
              "type": "keyword",
              "doc_values": "true"
            },
            "op": {
              "type": "keyword",
              "doc_values": "true"
            },
            "prom": {
              "type": "keyword",
              "doc_values": "true"
            },
            "res": {
              "type": "keyword",
              "doc_values": "true"
            },
            "srcip": {
              "type": "keyword",
              "doc_values": "true"
            },
            "subj": {
              "type": "keyword",
              "doc_values": "true"
            },
            "success": {
              "type": "keyword",
              "doc_values": "true"
            }
          }
        }
      }
    },
    "agent": {
      "properties": {
        "@timestamp": {
          "type": "date",
          "format": "dateOptionalTime"
        },
        "status": {
          "type": "keyword"
        },
        "ip": {
          "type": "keyword"
        },
        "host": {
          "type": "keyword"
        },
        "name": {
          "type": "keyword"
        },
        "id": {
          "type": "keyword"
        }
      }
    }
  }
}

Wazuh Kibana dashboard empty with errors

Installed the latest version of Wazuh using the docs. I have a single server implementation, where Wazuh server and ELK are running on same host, and agents connect remotely. After configuring the Wazuh app and agents, the "Overview" dashboard is empty and shows errors (Saved "field" parameter is now invalid etc). Screenshot attached below.
I followed instructions on these threads (wazuh/wazuh#111, #24), but they did not fix the issue. There are some fields in "Index Patterns" which do not have check mark for "Searchable" and "Aggregateable".

Agents - Preview: Unexpected error. Please, report this error.

Kibana 5.3.1, Wazuhapp 2.0 5.3.1

Error shows up when I navigate to the Agents tab. There is an error in the dev console as well.

Agent status graph show incorrect number of never connected

This is on Overview > General

I have a total of 8 agents, but still get 1 as never connect on the graph.

support kinaba 5.3.1????

support kinaba 5.3.1?

Cannot connect to wazuh-api via Kibana

Hey,

I'm having issues with my connection. When I try to connect to the api, I get the message: "Settings: There are not services running in the given URL."

I've boiled it down to data not being populated into the .wazuh index in ES (the wazuh-configurations "type").

When I run localhost:5601/api/wazuh-api/check, I get the following output:
{"statusCode":200,"error":"2","data":"no_credentials"}

I checked the source, and that's where I came to the conclusion that there was no data for the values, specifically this code block:
https://github.com/wazuh/wazuh-kibana-app/blob/ae7b149a60aeaaaceaa605f941e2cb62d300b10a/server/api/wazuh-api.js#L37
which leads us to our message:
https://github.com/wazuh/wazuh-kibana-app/blob/ae7b149a60aeaaaceaa605f941e2cb62d300b10a/server/api/wazuh-api.js#L215

Also, just FYI, I'm not using X-Pack; I'm just using the proprietary clone from Github:
https://github.com/wazuh/wazuh-docker.git

The creds I'm entering into the plugin in Kibana are:
foo/bar
host: http://127.0.0.1
port: 55000

So, my question boils down to: what is supposed to populate the .wazuh index with configurations (wazuh-manager, kibana, etc), and what might be preventing that configuration data from being inserted?

Kibana front-end unusually slow

After setting up a pretty basic kibana app, I've noticed that the UI is especially slow for the Wazuh App. This issue doesn't happen in Kibana when via the Discover tab (or others).

I added a screenshot below, showing that it hangs on loading a favicon for about 20 seconds. I thought it might be a network issue, but I haven't been able to track down the root cause.

New index pattern

Hello Guys!

Could you consider creating another index besides wazuh-alerts automatically?
I would like wazuhapp already to create an index for the file /var/ossec/logs/archives/archives.json.

Another doubt. If I use the wazuhapp plugin I still need to use "template =>" /etc/logstash/wazuh-elastic5-template.json "in the logstash configuration, since the wazuh app automatically creates the index?

I used it in my logstash configuration and the following occurred:
Wazuhapp created the wazuh-alerts index with all the fields with the "searchable" and "aggregatable" options checked, until then all OK. After a while I updated the index on the management page and in most of the fields the options "searchable" and "aggregatable" disappeared.

It would not be necessary to display the data for this index on the wazuhapp dashboards.
What I want is for the wazuh-archives index to have the same wazuh-alerts setting, that all fields have "searchable" and "aggregatable" checked.

Not getting anything on Audit tab

Make index name configurable

The Kibana plugin should support configurable index names to integrate Wazuh with hosted Elasticsearch stacks like Logsene. It looks the index prefix is hard coded in JS source code:
https://github.com/wazuh/wazuh-kibana-app/blob/bf237f0363ed76a51eac08a3a5582578ef0c2aa1/server/startup/initialize.js#L21-L22
I assume Dashboard definitions would need to be generated with the configured index name.

Visualize: "field" is a required parameter

Saved "field" parameter is now invalid. Please select a new field.
Visualize: "field" is a required parameter

TypeError: "field" is a required parameter
    at FieldParamTypeProvider.FieldParamType.write (http://192.168.8.137:5601/bundles/wazuh.bundle.js?v=16337:67:978625)
    at http://192.168.8.137:5601/bundles/wazuh.bundle.js?v=16337:37:18422
    at AggParams.forEach (<anonymous>)
    at AggParams.AggTypesAggParamsProvider.AggParams.write (http://192.168.8.137:5601/bundles/wazuh.bundle.js?v=16337:37:18380)
    at AggConfig.VisAggConfigProvider.AggConfig.write (http://192.168.8.137:5601/bundles/wazuh.bundle.js?v=16337:16:81086)
    at AggConfig.VisAggConfigProvider.AggConfig.toDsl (http://192.168.8.137:5601/bundles/wazuh.bundle.js?v=16337:16:82021)
    at http://192.168.8.137:5601/bundles/wazuh.bundle.js?v=16337:67:975200
    at Array.forEach (<anonymous>)
    at AggConfigs.VisAggConfigsProvider.AggConfigs.toDsl (http://192.168.8.137:5601/bundles/wazuh.bundle.js?v=16337:67:974983)
    at http://192.168.8.137:5601/bundles/wazuh.bundle.js?v=16337:50:167607

OS dropdown options on Agents Overview page are not working

Enable new panels for Vulns and AWS

Hi,
I have enabled Vuls and AWS (3.1) and I don't find documentation to enable their panels in Kibana. Would you mind to point me to the right direction please?
Thanks in advance!

Wrong Visualisation Wazuh App Overview General Agents status

Could it be, that the visualization Wazuh App Overview General Agents status is wrong? We had to change it to use id.keyword and status.keyword (Using Kibana 6.1.2)

Fixed visualization:

{
  "title": "Wazuh App Overview General Agents status",
  "type": "histogram",
  "params": {
    "type": "histogram",
    "grid": {
      "categoryLines": false,
      "style": {
        "color": "#eee"
      }
    },
    "categoryAxes": [
      {
        "id": "CategoryAxis-1",
        "type": "category",
        "position": "bottom",
        "show": true,
        "style": {},
        "scale": {
          "type": "linear"
        },
        "labels": {
          "show": true,
          "truncate": 100
        },
        "title": {}
      }
    ],
    "valueAxes": [
      {
        "id": "ValueAxis-1",
        "name": "LeftAxis-1",
        "type": "value",
        "position": "left",
        "show": true,
        "style": {},
        "scale": {
          "type": "linear",
          "mode": "normal"
        },
        "labels": {
          "show": true,
          "rotate": 0,
          "filter": false,
          "truncate": 100
        },
        "title": {
          "text": "Count"
        }
      }
    ],
    "seriesParams": [
      {
        "show": true,
        "mode": "normal",
        "type": "line",
        "drawLinesBetweenPoints": false,
        "showCircles": true,
        "interpolate": "cardinal",
        "lineWidth": 3.5,
        "data": {
          "id": "4",
          "label": "Count"
        },
        "valueAxis": "ValueAxis-1"
      }
    ],
    "addTooltip": true,
    "addLegend": true,
    "legendPosition": "right",
    "times": [],
    "addTimeMarker": false
  },
  "aggs": [
    {
      "id": "2",
      "enabled": true,
      "type": "date_histogram",
      "schema": "segment",
      "params": {
        "field": "@timestamp",
        "interval": "h",
        "customInterval": "2h",
        "min_doc_count": 1,
        "extended_bounds": {}
      }
    },
    {
      "id": "3",
      "enabled": true,
      "type": "terms",
      "schema": "group",
      "params": {
        "field": "status.keyword",
        "size": 5,
        "order": "desc",
        "orderBy": "_term"
      }
    },
    {
      "id": "4",
      "enabled": true,
      "type": "cardinality",
      "schema": "metric",
      "params": {
        "field": "id.keyword",
        "customLabel": "Count"
      }
    }
  ]
}

error when use ngMaterial

I wanna use ngMaterial in kibana visual plugin, but get erorr:

Uncaught TypeError: angular.module(...).info is not a function (http://127.0.0.1:6001/app/kibana:4139)

could you give me some help about use ngMaterial, cause I see wazuh-kibana-app use it too

Plans for Kibana 6?

Hi All,

Just wondering what the plans are for kibana and elastic version 6?

Thanks!
James

Kibana App -- blank (white) screen

Hola fellas,

I have just updated the manager (single host deployment with Elastic Stack) and all of the sudden when I click on the Wazuh app, it just shows a blank screen and nothing else.

I'm running the following versions:

elasticsearch 6.1.1

logstash 6.1.1-1

kibana 6.1.1

wazuh-manager 3.1.0-1

wazuh-api 3.1.0-1

the api.log looks OK (nothing unusual).
I'm behind a nginx webserver

below you can find my config

`server {
listen 80;
listen [::]:80;
return 301 https://$host$request_uri;
}

server {
listen 443 default_server;
listen [::]:443;
ssl on;
ssl_certificate /etc/ssl/certs/kibana-access.pem;
ssl_certificate_key /etc/ssl/private/kibana-access.key;
access_log /var/log/nginx/nginx.access.log;
error_log /var/log/nginx/nginx.error.log;
location / {
auth_basic "Restricted";
auth_basic_user_file /etc/nginx/conf.d/kibana.htpasswd;
proxy_pass http://localhost:5601/;
}
}`

is there anything else i could check to get the kibana wazuh-app running again?

cheers,
theresa

Blank page

Hi,

I have a blank page and have this error :
error : 9 message : "Could not get data from elasticsearch" statusCode : 500

When I search on wazuh-elastic.js : it try to search on ".wazuh-version" But it doesn't exist on my elastic...

here what I have :
.wazuh DIwZS-QXSLqFn5m0lKo6hA
wazuh-monitoring-3.x-2018.01.15 RiSztf5YSyaGH1iqPXY2jg
wazuh-alerts-3.x-2018.01.16 9FIhTQaqTNiQMJgd41q_3A
wazuh-monitoring-3.x-2018.01.16 nbdbmdPrSdWOvC02231XaA9.9kb

If someone can help me...

Thanks a lot,
Franck

App tabs empty

Using ELK 5.6.2 and Wazuh 2.1.1 i'm seeing blank overview and agent tabs for all sections - overview, file integrity, policy monitoring, scap, audit, and PCI DSS. The data is coming in - individual Kibana dashboards for these aspects work, and the indices are populating. Something is amiss with the wazuh-kibana app itself (it does show agents registering and all that jazz, so its definitely talking to the Wazuh API).
Am i doing something wrong here? App installed as per instructions in the docs via the kibana-plugin install targeting the 2.1.1 zip.

wazuh-monitoring-3.x-2017.12.26 How to create and insert data？

Only the transmission of the /opt/ossec/logs/alerts/alerts.log log was seen and data was inserted into elasticsearch index => "wazuh-alerts-3.x -% {+ YYYY.MM.dd}", but at / extensions /logstash/01-wazuh-remote.conf did not see wazuh-monitoring-3.x-2017.12.26 such data processing

Dont show anything in Overview tab

I saw some image demo, have many chart in Overview tab but when i installed plugin in kibana, i dont see anything in Overview tab.
Im using Kibana 5.4. (wzauh-kibana-app for kibana 5.4). Everything function is woking except Overview tab
Demo

My Overview tab

Thanks!

support kinaba 5.3.0?

Plugin installation failure - 403

Hi when I try to install the Wazuh Kibana app from the provided URL the response is 403

wazuh-alerts-* Pattern is not found in Kibana 5.6.2

When I use the Wazuh-Tab in Kibana the Plugin doesnt find my wazuh-alerts-* pattern.

I noticed that it says "wazu-alerts-" instead of "wazuh-alerts-" but it says "logstash-" Could it be, that the wildcard gets interpretet wrong?

This is my Index-Pattern:

I am sending via filebeats to logstash. My Elasticsearch and Kibana is currently on Version 5.6.2
This is my elasticsearch output ( logstash configuration ):


    elasticsearch {
      hosts => ["some_server","some_server","some_server"]
      template_name => "wazuh"
      template => "/etc/logstash/templates/wazuh-elastic5-template.json"
      document_type => "wazuh"
      template_overwrite => true
      index => "wazuh-alerts-%{+YYYY.MM.dd}"
}

Thanks in advance

Get error message "Error getting API entries due to [object Object]" after deploying searchguard

I'm having a problem with wazuh in kibana after deploying searchguard for securing elasticsearch. I cannot load my wazuh dashboard in kibana and there is also some error message.

stuck at "Waiting Elasticsearch to be up" / "Waiting index \".kibana\" to be created and prepared...."

I installed the latest plugin but dashboards, saved searches, etc are not created.

Installation:

/usr/share/kibana/bin/kibana-plugin install https://packages.wazuh.com/wazuhapp/wazuhapp-2.0_5.2.2.zip

Attempting to transfer from https://packages.wazuh.com/wazuhapp/wazuhapp-2.0_5.2.2.zip
Transferring 16627532 bytes....................
Transfer complete
Retrieving metadata from plugin archive
Extracting plugin archive
Extraction complete
Optimizing and caching browser bundles...
Plugin installation complete

syslog:

kibana[1753]: {"type":"log","@timestamp":"2017-03-16T15:29:44Z","tags":["\u001b[34mwazuh\u001b[39m","initialize","info"],"pid":1753,"message":"Waiting Elasticsearch to be up..."}
kibana[1753]: {"type":"log","@timestamp":"2017-03-16T15:29:46Z","tags":["\u001b[34mwazuh\u001b[39m","initialize","info"],"pid":1753,"message":"Waiting index \".kibana\" to be created and prepared...."}

Connection to elasticsearch is working (".kibana" index exists and is green), and there seem to be no permission problems with any indices in the elasticsearch log.

Configuring Wazuh-Kibana-App to use an alternative index

Hey. I am working on a monitoring system and I decided to add wazuh into it. But the problem is we are forwarding all the logs into a single index, "xyz", now is there any way that I can configure wazuh to work with the xyz index instead of the regular wazuh-alerts and wazuh-monitoring. I am using ELK Stack 5.6.5 and Wazuh 2.1. Regards.

The selected index-pattern is not present. No template found for the selected index-pattern.

Hello,

after update to 6.0 my ELK stack with wazuh plugin installed I cant go to Wazuh plugin tab in Kibana.

The error is:

 Performing checks...(4/4)
Ups, something went wrong...
  The selected index-pattern is not present.
  No template found for the selected index-pattern.
  {"data":{"statusCode":500,"error":9,"message":"Could not get data from elasticsearch"},"status":500,"config":{"method":"GET","transformRequest":[null],"transformResponse":[null],"jsonpCallbackParam":"callback","headers":{"Accept":"application/json, text/plain, */*","kbn-version":"6.1.2"},"timeout":4000,"url":"/api/wazuh-elastic/setup"},"statusText":"Internal Server Error","html":"Unexpected error. Please, report this error.","message":"Unexpected error. Please, report this error."}

I reuploaded the templates, reinstalled plugin and still got this issue.

I recently removed the .wazuh index and it worked like couple of seconds untill i tried to connect to my Wazuh enviroment and error returned.

Can't Disable PCI-DSS in Kibana App

When I toggle the PCI-DSS setting off, it does not actually apply.

How do I disable the PCI-DSS stuff if we don't use it?

how to configure logstash5 and elasticsearch5

dear all
[root@es-node1 ~]# /usr/share/kibana/bin/kibana-plugin list
[email protected]

when Plugin installation complete i found index wazuh-monitoring-* and wazuh-alerts-*
so i want know how to configure logstash5 and elasticsearch5

Kibana basePath + Nginx

Wazuh App is not able to use "settings.basePath" from kibana.yml, causing some requests to fail.

All the request should add basePath to the URL if the setting is set.
For example, when getting the apiEntries:

https://github.com/wazuh/wazuh-kibana-app/blob/master/public/controllers/settings.js#L76

Wazuh Elasticsearch Template Missing

The Template file as listed in the install instructions is missing from GitHub
https://raw.githubusercontent.com/wazuh/wazuh-kibana-app/master/server/startup/integration_files/template_file.json

I used instead
https://raw.githubusercontent.com/wazuh/wazuh-kibana-app/2.1/server/startup/integration_files/template_file.json

wazuh kibana app is giving me "Saved "field" parameter is now invalid" error

Just installed brand new Wazuh server and when I open the Overview and use the General tab I get this:

I searched the github issues and found that StasGoshtein mentioned the same error in #25
The response was to import the sample alerts and refresh the field list but that's not working for me. When I do a:
curl https://github.com/wazuh/wazuh-kibana-app/tree/2.1/server/startup/integration_files/alert_sample.json | curl -XPUT "http://localhost:9200/wazuh-alerts-"date +%Y.%m.%d"/wazuh/sample" -H 'Content-Type: application/json' -d @-
I get an error saying:
{"error":{"root_cause":[{"type":"mapper_parsing_exception","reason":"failed to parse"}],"type":"mapper_parsing_exception","reason":"failed to parse","caused_by":{"type":"not_x_content_exception","reason":"Compressor detection can only be called on some xcontent bytes or compressed xcontent bytes"}},"status":400}

Was running elastic stack 5.6.3 but have now downgraded to 5.6.2 which is working on my dev box, so it appears that the issue is not with the elastic versions but rather with changes made to the wazuh kibana app recently. Perhaps related to the branching change? Anyhow, that's beside the point. A system that was built 14 days ago is working.

Using wazuh-manager 2.1.1

wazuh-app plugin unsuccessful

Hi,
I've problem on installing wazuh kibana plugin, it said I need kibana version 6.1.0 while I've installed the latest kibana version 6.1.1 .
I've try using your README link for kibana version 6.1.1 but still did not work. Any solution?

Thanks

It's not compliant with kibana 5.5

I installed ur plugin in kibana 5.5 and kibana doesn't working. I found some update for custome plugin in here
elastic/kibana#12707 (comment)

Visualize: "field" is a required parameter

Hello, i'm having a problem with error visualize, it said visualize: "field" is a required parameter. And i put my template just before logstash starting.

Wazuh ElasticStack Upgrade Errors

I have recently upgraded wazuh from 2.X to 3.X and now I'm getting following errors in /var/log/elasticsearch/elasticsearch.log

[2017-12-26T13:24:51,876][DEBUG][o.e.a.b.TransportShardBulkAction] [wazuh-alerts-2017.12.26][0] failed to execute bulk item (index) BulkShardRequest [[wazuh-alerts-2017.12.26][0]] containing [18] requests
org.elasticsearch.index.mapper.MapperParsingException: failed to parse [data]
at org.elasticsearch.index.mapper.FieldMapper.parse(FieldMapper.java:302) ~[elasticsearch-6.1.0.jar:6.1.0]
at org.elasticsearch.index.mapper.DocumentParser.parseObjectOrField(DocumentParser.java:485) ~[elasticsearch-6.1.0.jar:6.1.0]
at org.elasticsearch.index.mapper.DocumentParser.parseObject(DocumentParser.java:500) ~[elasticsearch-6.1.0.jar:6.1.0]
at org.elasticsearch.index.mapper.DocumentParser.innerParseObject(DocumentParser.java:394) ~[elasticsearch-6.1.0.jar:6.1.0]
at org.elasticsearch.index.mapper.DocumentParser.parseObjectOrNested(DocumentParser.java:384) ~[elasticsearch-6.1.0.jar:6.1.0]
at org.elasticsearch.index.mapper.DocumentParser.internalParseDocument(DocumentParser.java:93) ~[elasticsearch-6.1.0.jar:6.1.0]
at org.elasticsearch.index.mapper.DocumentParser.parseDocument(DocumentParser.java:67) ~[elasticsearch-6.1.0.jar:6.1.0]
at org.elasticsearch.index.mapper.DocumentMapper.parse(DocumentMapper.java:261) ~[elasticsearch-6.1.0.jar:6.1.0]
at org.elasticsearch.index.shard.IndexShard.prepareIndex(IndexShard.java:708) ~[elasticsearch-6.1.0.jar:6.1.0]
at org.elasticsearch.index.shard.IndexShard.applyIndexOperation(IndexShard.java:686) ~[elasticsearch-6.1.0.jar:6.1.0]
at org.elasticsearch.index.shard.IndexShard.applyIndexOperationOnPrimary(IndexShard.java:667) ~[elasticsearch-6.1.0.jar:6.1.0]
at org.elasticsearch.action.bulk.TransportShardBulkAction.executeIndexRequestOnPrimary(TransportShardBulkAction.java:548) ~[elasticsearch-6.1.0.jar:6.1.0]
at org.elasticsearch.action.bulk.TransportShardBulkAction.executeIndexRequest(TransportShardBulkAction.java:140) [elasticsearch-6.1.0.jar:6.1.0]
at org.elasticsearch.action.bulk.TransportShardBulkAction.executeBulkItemRequest(TransportShardBulkAction.java:236) [elasticsearch-6.1.0.jar:6.1.0]
at org.elasticsearch.action.bulk.TransportShardBulkAction.performOnPrimary(TransportShardBulkAction.java:123) [elasticsearch-6.1.0.jar:6.1.0]
at org.elasticsearch.action.bulk.TransportShardBulkAction.shardOperationOnPrimary(TransportShardBulkAction.java:110) [elasticsearch-6.1.0.jar:6.1.0]
at org.elasticsearch.action.bulk.TransportShardBulkAction.shardOperationOnPrimary(TransportShardBulkAction.java:72) [elasticsearch-6.1.0.jar:6.1.0]
at org.elasticsearch.action.support.replication.TransportReplicationAction$PrimaryShardReference.perform(TransportReplicationAction.java:1033) [elasticsearch-6.1.0.jar:6.1.0]
at org.elasticsearch.action.support.replication.TransportReplicationAction$PrimaryShardReference.perform(TransportReplicationAction.java:1011) [elasticsearch-6.1.0.jar:6.1.0]
at org.elasticsearch.action.support.replication.ReplicationOperation.execute(ReplicationOperation.java:104) [elasticsearch-6.1.0.jar:6.1.0]
at org.elasticsearch.action.support.replication.TransportReplicationAction$AsyncPrimaryAction.onResponse(TransportReplicationAction.java:358) [elasticsearch-6.1.0.jar:6.1.0]
at org.elasticsearch.action.support.replication.TransportReplicationAction$AsyncPrimaryAction.onResponse(TransportReplicationAction.java:298) [elasticsearch-6.1.0.jar:6.1.0]
at org.elasticsearch.action.support.replication.TransportReplicationAction$1.onResponse(TransportReplicationAction.java:974) [elasticsearch-6.1.0.jar:6.1.0]
at org.elasticsearch.action.support.replication.TransportReplicationAction$1.onResponse(TransportReplicationAction.java:971) [elasticsearch-6.1.0.jar:6.1.0]
at org.elasticsearch.index.shard.IndexShardOperationPermits.acquire(IndexShardOperationPermits.java:238) [elasticsearch-6.1.0.jar:6.1.0]
at org.elasticsearch.index.shard.IndexShard.acquirePrimaryOperationPermit(IndexShard.java:2211) [elasticsearch-6.1.0.jar:6.1.0]
at org.elasticsearch.action.support.replication.TransportReplicationAction.acquirePrimaryShardReference(TransportReplicationAction.java:983) [elasticsearch-6.1.0.jar:6.1.0]
at org.elasticsearch.action.support.replication.TransportReplicationAction.access$500(TransportReplicationAction.java:97) [elasticsearch-6.1.0.jar:6.1.0]
at org.elasticsearch.action.support.replication.TransportReplicationAction$AsyncPrimaryAction.doRun(TransportReplicationAction.java:319) [elasticsearch-6.1.0.jar:6.1.0]
at org.elasticsearch.common.util.concurrent.AbstractRunnable.run(AbstractRunnable.java:37) [elasticsearch-6.1.0.jar:6.1.0]
at org.elasticsearch.action.support.replication.TransportReplicationAction$PrimaryOperationTransportHandler.messageReceived(TransportReplicationAction.java:294) [elasticsearch-6.1.0.jar:6.1.0]
at org.elasticsearch.action.support.replication.TransportReplicationAction$PrimaryOperationTransportHandler.messageReceived(TransportReplicationAction.java:281) [elasticsearch-6.1.0.jar:6.1.0]
at org.elasticsearch.transport.RequestHandlerRegistry.processMessageReceived(RequestHandlerRegistry.java:66) [elasticsearch-6.1.0.jar:6.1.0]
at org.elasticsearch.transport.TransportService$7.doRun(TransportService.java:652) [elasticsearch-6.1.0.jar:6.1.0]
at org.elasticsearch.common.util.concurrent.ThreadContext$ContextPreservingAbstractRunnable.doRun(ThreadContext.java:637) [elasticsearch-6.1.0.jar:6.1.0]
at org.elasticsearch.common.util.concurrent.AbstractRunnable.run(AbstractRunnable.java:37) [elasticsearch-6.1.0.jar:6.1.0]
at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source) [?:1.8.0_144]
at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source) [?:1.8.0_144]
at java.lang.Thread.run(Unknown Source) [?:1.8.0_144]
Caused by: java.lang.IllegalStateException: Can't get text on a START_OBJECT at 1:579
at org.elasticsearch.common.xcontent.json.JsonXContentParser.text(JsonXContentParser.java:85) ~[elasticsearch-6.1.0.jar:6.1.0]
at org.elasticsearch.common.xcontent.support.AbstractXContentParser.textOrNull(AbstractXContentParser.java:237) ~[elasticsearch-6.1.0.jar:6.1.0]
at org.elasticsearch.index.mapper.KeywordFieldMapper.parseCreateField(KeywordFieldMapper.java:315) ~[elasticsearch-6.1.0.jar:6.1.0]
at org.elasticsearch.index.mapper.FieldMapper.parse(FieldMapper.java:297) ~[elasticsearch-6.1.0.jar:6.1.0]
... 38 more

Any clue what could be causing this ??

Automate connection from Wazuh App to the API

Hi guys,
I'm wondering if there is any way to perform step 4 here from the command line.

I'm writing an AWS CloudFormation template to automate deployment of ELK, Wazuh and other security tools and I want to automate that step as well.
Thanks in advance!

Wazuh plugin and Kibana 5.3.2 in CentOS7

Hi,
Following your official installation instructions for CentOS7, command "yum install kibana" installs Kibana 5.3.2 wich is not supported by your plugin as you can see here:

# /usr/share/kibana/bin/kibana-plugin install https://packages.wazuh.com/wazuhapp/wazuhapp.zip
Attempting to transfer from https://packages.wazuh.com/wazuhapp/wazuhapp.zip
Transferring 16637026 bytes....................
Transfer complete
Retrieving metadata from plugin archive
Extracting plugin archive
Extraction complete
Plugin installation was unsuccessful due to error "Incorrect Kibana version in plugin [wazuh]. Expected [5.3.2]; found [5.3.1]"

I looked at package.json inside the zip file and it looks like only "kibana": { "version" : "5.3.1" } is allowed. So it fails.

A workaround I used was as follows in case you may be interested:

yum erase -y kibana
curl https://artifacts.elastic.co/downloads/kibana/kibana-5.3.1-x86_64.rpm -o kibana-5.3.1-x86_64.rpm
yum localinstall -y kibana-5.3.1-x86_64.rpm

Right after that the plugin installation command completes without error.

It would be great if the plugin also supports 5.3.2 in order to make the installation process smoother.

Cheers

kibana 6.1 plugin

hi ,

kibana-6.1.0-1.x86_64 installed on centos 7 machine. when i try to install wazuh plugin it says "Incorrect Kibana version in plugin [wazuh]. Expected [6.1.0]; found [6.0.1]" .

could you check ?

/usr/share/kibana/bin/kibana-plugin install https://packages.wazuh.com/wazuhapp/wazuhapp.zip
Attempting to transfer from https://packages.wazuh.com/wazuhapp/wazuhapp.zip
Transferring 4577607 bytes....................
Transfer complete
Retrieving metadata from plugin archive
Extracting plugin archive
Extraction complete
Plugin installation was unsuccessful due to error "Incorrect Kibana version in plugin [wazuh]. Expected [6.1.0]; found [6.0.1]"

Wazuhapp version problem

Hi All,

Busy deploying Wazuh on ubuntu 16.04 LTS as per documentation. When I get to the part "/usr/share/kibana/bin/kibana-plugin install https://packages.wazuh.com/wazuhapp/wazuhapp.zip" it fails with the following:

root@Wazuh-srv:/tmp/test/kibana/wazuh# /usr/share/kibana/bin/kibana-plugin install https://packages.wazuh.com/wazuhapp/wazuhapp.zip Attempting to transfer from https://packages.wazuh.com/wazuhapp/wazuhapp.zip Transferring 4459005 bytes.................... Transfer complete Retrieving metadata from plugin archive Extracting plugin archive Extraction complete Plugin installation was unsuccessful due to error "Incorrect Kibana version in plugin [wazuh]. Expected [5.6.5]; found [5.6.4]"
I see that 5.6.5 is not yet available. Any ideas?

Elasticsearch/Kibana 5.6.0-1 released today.

The wazuh plugin needs to be updated for the new release.

Buffer deprecated

file: 'server/api/wazuh-elastic.js'
severity: 'Error'
message: ''new Buffer()' was deprecated since v6. Use 'Buffer.alloc()' or 'Buffer.from()' (use 'https://www.npmjs.com/package/safe-buffer' for '<4.5.0') instead. (node/no-deprecated-api)' at: '26,88'
source: 'eslint'

Wrong index name

Hi,
If you delete indexes wazuh-monitoring-* and restart wazuh-api.
It have creating a new index but with an old date. For example:
Today - 2017.08.24, but wazuh created index with name wazuh-monitoring-2017.07.31.
Example from logs:

{
  "_index": "wazuh-monitoring-2017.07.31",
  "_type": "agent",
  "_id": "AV4UHQpTw_N0NWwPJFyV",
  "_version": 1,
  "_score": null,
  "_source": {
    "status": "Disconnected",
    "ip": "172.16.27.90",
    "id": "136",
    "name": "us-web-stage-01",
    "@timestamp": "2017-08-24T12:00:01.102Z",
    "host": "us-log-system-01"
  },
  "fields": {
    "@timestamp": [
      1503576001102
    ]
  },
  "sort": [
    1503576001102
  ]
}

I have index rotation by curator and this index wazuh-monitoring-2017.07.31 deleted every day at now((((

Ability to add/remove agents from the app

Hello Wazuh Team,
Are there any plans having an UI to manage agents, add/remove ?
I know the REST API can do it.

NFR: Add documentation for server.defaultRoute: "/app/wazuh"

Full disclosure: I'm a Kibana n00b...

It took me forever to figure out that adding this directive at the end of /etc/kibana/kibana.yml on the virtual appliance instructs Kibana to start on the Wazuh plugin homescreen:

server.defaultRoute: "/app/wazuh"

Add Support for Internationalization

Please add Support for Internationalization, so we can be able to translate the Kibana App to other languages.

For example, a recent study from a brazilian IT Magazine reported that 93% of the brazilian IT professionals don't speak any other language than Portuguese. Among them, 83% of IT Managers don't speak English.

So Wazuh could be more spread in my country if translated to pt_br.

Thanks!

Any chance for wazuh-app 2.1.1 for ES 5.5.0 ?

Or if it's not possible, point me to instruction on how to build it myself.

Kibana, Wazuh HIDS, Wazuh RESTful API installd in same server ??

Hi,
i installed wazuh-kibana plugin in kibana (5.3) successed.
When i run kibana, i got error

Need install Kibana, Wazuh HIDS, Wazuh RESTful API in same server ???

Recommend Projects

React

A declarative, efficient, and flexible JavaScript library for building user interfaces.
Vue.js

🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript

TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
TensorFlow

An Open Source Machine Learning Framework for Everyone
Django

The Web framework for perfectionists with deadlines.
Laravel

A PHP framework for web artisans
D3

Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

javascript

JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
web

Some thing interesting about web. New door for the world.
server

A server is a program made to process requests and deliver data to clients.
Machine learning

Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Visualization

Some thing interesting about visualization, use data art
Game

Some thing interesting about game, make everyone happy.

Recommend Org

Facebook

We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft

Open source projects and samples from Microsoft.
Google

Google ❤️ Open Source for everyone.
Alibaba

Alibaba Open Source for everyone
D3

Data-Driven Documents codes.
Tencent

China tencent open source team.

Jobs

Jooble