Wazuh v3.2.3 - Splunk v7.1.0

There are no changes for Splunk app for Wazuh in this version.

Wazuh v3.2.2 - Splunk v7.1.0

Added

• Wazuh secured API connections are now supported (#51).
• Error notifications with toasts (#54).
• New agent group configuration tab added (#50).
• Inputs need to be validated before being submitted (#52).

Changed

• Styling improvements (#57).
• Users can't navigate over the app without API successful connection.
• Controllers logic refactor.

Fixed

• Navigation navbar background color fixed.

Wazuh v3.2.1 - Splunk v7.0.3

Added

• New Manager Logs tab (#6):
  • New module implemented to show Manager logs.
  • Data is fetched directly from Wazuh API.
• Back-end (#14)
  • Now the Splunk App has its own backend in order to modularize any REST routes it might need.
  • Several code refactoring for a better handling of possible use cases.
  • All queries along the App where bootstrapped in order to use the new back-end instead using indexes.
• New Configuration tab:
  • Now the whole configuration that the app needs is made by inputs.
  • Extern configuration files are not needed anymore.
• Back-end refactor:
  • Each controller is now parameterized, not any hardcoded values anymore.
  • Endpoints now work with GET params.
• New Manager Configuration tab (#32)
• Dynamic tables(#37)
  • Now the app uses dynamic tables improving the pagination and filtering.
  • Backend endpoints were adapted to pagination and better interaction with Wazuh API.

Changed

• Ruleset and Decoders data will be fetched from API (#12):
  • Now the app will avoid indexing Ruleset and Decoders data.
• Manager info will be fetched from API (#14):
  • Now the app will avoid indexing Manager info data.
• Agents data will be fetched from API (#15):
  • Now the app will avoid indexing Agents info data.
• And the best thing, it's no longer needed any extra index and the TA-wazuh-api-connector anymore.
• Each view was converted from SimpleXML to HTML+JS in order to gain the whole SplunkJS SDK functionality.
• Credentials are now stored in KVStore database, values are getting from ajax when needed.
• Each query now send parameters to streaming commands.
• The app is now called 'Wazuh' instead 'SplunkAppForWazuh'.
• Some unused tabs were deleted (Splunk and Tools).
• Performance improvings:
  • Event listeners and unused dependencies were removed
  • Useless tokens deleted
• API Configuration:
  • IP base and port are not required anymore.
  • Status led added in order to check connection.
  • Password field is not shown now.
• View controllers transpiled to ES6 syntax
• Wazuh copyright on each javascript and python file
• Tab distribution redesigned:
  • Deleted redundant Agents summary views and compact them in just one tab
  • Deleted Search on Rules and Search on Decoders tab and compacting all functionalities in Ruleset and Decoders tabs
  • Tab names were renamed

Fixed

• Ruleset and Decoders search tabs now are able to filter properly.
• SSL Verification Error in lab environment fixed
• Groups: now the content of each individual configuration file is showed up in pretty JSON format properly.
• Splunk queries fixed:
  • Now a query is executed when a Splunk element such tables and tags are clicked

SplunkAppForWazuh

First release of Wazuh's Splunk app.

MD5 (SplunkAppForWazuh.tgz) = e7d1dc03e407e0720c6b24c82caba3f3
MD5 (TA-wazuh-api-connector.tgz) = af30c6a0b6620bc7a7f728358ecf81ac