Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Amazon AWS dashboard not showing information in some graphs #3931

Closed
Selutario opened this issue Mar 31, 2022 · 4 comments · Fixed by wazuh/wazuh#4459
Closed

Amazon AWS dashboard not showing information in some graphs #3931

Selutario opened this issue Mar 31, 2022 · 4 comments · Fixed by wazuh/wazuh#4459
Assignees
@Machi3mfl @AlexRuiz7
Labels
type/bug Bug issue UI/UX Generic label for things related to the font-end side

Comments

@Selutario
Copy link

Wazuh Elastic Rev Security
4.3 7.10.2 4301-1 ODFE
Browser
Chrome, Firefox, Safari, etc

Description
The AWS module shows "No results found" for both the Accounts and Regions sections. I'm not sure if this is a bug because Cloudtrail is the only integration I enabled in this case.

Preconditions
N/A

Steps to reproduce

  1. Enable the Cloudtrail integration in Wazuh (instructions).
  2. Go to the Amazon AWS module in the Wazuh APP.

Expected Result
All graphs inside the module should show any information.

Actual Result
All graphs show information, except for Regions and Accounts which say: No results found
Screenshots
image

Additional context
The alerts that were generated do contain fields for Regions and Accounts but then they are not displayed on the dashboard.
image
@Selutario Selutario added the type/bug Bug issue label Mar 31, 2022
@Selutario Selutario mentioned this issue Mar 31, 2022
Closed
2 tasks
@davidjiglesias davidjiglesias moved this to Triage in Release 4.3.0 Mar 31, 2022
@davidjiglesias davidjiglesias moved this from Triage to Known issues in Release 4.3.0 Apr 6, 2022
@Mayons Mayons mentioned this issue Apr 28, 2022
Closed
2 tasks
@mandeeps13k
Copy link

Hi Team,

Any updates on timeline for the fix of this issue ?

It would be great to have this issue fixed because the dashboards currently are not able display AWS Account IDs from cloudTrail logs. Even with logs from many different aws account IDs, the accounts as well as regions spaces in the AWS Dashboards remain empty.

It would be really great if this is fixed at the earliest. Looking forward to it.
Thanks.

@gdiazlo gdiazlo removed their assignment Aug 5, 2022
@gdiazlo gdiazlo moved this to Triage in Release 4.4.0 Aug 5, 2022
@gdiazlo
Copy link
Member

gdiazlo commented Aug 5, 2022

Related issues

@gdiazlo gdiazlo moved this from Triage to Todo in Release 4.4.0 Aug 29, 2022
@vikman90 vikman90 added this to the Release 4.4.0 milestone Aug 31, 2022
@Machi3mfl Machi3mfl self-assigned this Sep 22, 2022
@Machi3mfl Machi3mfl moved this from Todo to In Progress in Release 4.4.0 Sep 22, 2022
@AlexRuiz7
Copy link
Member

AlexRuiz7 commented Sep 22, 2022
edited by Machi3mfl
Loading

We tested the PR wazuh/wazuh#4459 and confirmed that adding these mappings results in a transformation of fields from aws.awsRegion to aws.region, so the Dashboards are rendering the results properly now.

In order to test this, we configured the AWS module, as defined in the step nr.1 of this issue, and then, appending AWS logs to the alerts.json file.

image

image

  • We need to test if this continues to work in a fresh environment, as we used the [Elastic API]

(https://www.elastic.co/guide/en/elasticsearch/reference/7.10/set-processor.html) to update the ingest pipelines with the new mappings.

For this, we need to build a development environment using this Wazuh branch: 3.11-update-filebeat-module, which is linked in the PR listed above.

@Machi3mfl
Copy link
Member

Task: test in a fresh environment

Tested PR wazuh/wazuh#4459 in a fresh environment.
Selection_043
Selection_042

@gdiazlo gdiazlo added UI/UX Generic label for things related to the font-end side and removed ui:dashboards labels Sep 24, 2022
@AlexRuiz7 AlexRuiz7 moved this from In Progress to In Review in Release 4.4.0 Sep 26, 2022
@AlexRuiz7 AlexRuiz7 linked a pull request Sep 28, 2022 that will close this issue
Added new digests to the filebeat module wazuh/wazuh#4459
Merged
26 tasks
Repository owner moved this from In Review to Done in Release 4.4.0 Oct 3, 2022
Repository owner moved this from Known issues to Done in Release 4.3.0 Oct 3, 2022
@CarlosRS9 CarlosRS9 mentioned this issue Oct 10, 2022
Closed
@Mayons95 Mayons95 mentioned this issue Nov 8, 2022
Closed
4 tasks
@Mayons95 Mayons95 mentioned this issue Nov 21, 2022
Closed
7 tasks
@Mayons95 Mayons95 mentioned this issue Dec 7, 2022
Closed
1 task
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@Machi3mfl Machi3mfl

@AlexRuiz7 AlexRuiz7

Labels
type/bug Bug issue UI/UX Generic label for things related to the font-end side
Projects
No open projects
Release 4.3.0
Status: Done
Release 4.4.0
Status: Done
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Added new digests to the filebeat module wazuh/wazuh
7 participants
@gdiazlo @Machi3mfl @vikman90 @mandeeps13k @AlexRuiz7 @Selutario @davidjiglesias