You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Our Cloud and Security team came together to contribute to Wazuh and we are developing the Wazuh application for AWS ECS Fargate. We did the first SETUP and are now in the testing phase, but we came across the process below:
For that, we need to:
[OKAY] Todos os APP e funções estão operando normalmente dentro do Wazuh.
[OKAY] the features are as expected and operating normally. - [NOKAY ] Problem with handling URL that contains MANAGER.NAME as default
Is there any way to remove the default server from the URL, because we are talking about this, because the ECS TASKs when they are generated by default the DNS of this manager ends up being changed, because AWS works with this dynamic addressing, therefore the references are lost, but not data, so we understand that if there is a possibility of removing this default from the base URL, it would be possible to have data and thus we could evolve our tests in ECS and who knows contribute to the wazuh platform with a process to be applied in Fargate ECS.
This DNS address is automatically generated by AWS. When taks dies or is restarted;
DNS AWS: ip-10-92-18-96.ec2.internal
url when we try to navigate by default: https://wazuh-dashboard.DNS.COM/app/threat-hunting#/overview/?tab=general&tabView=panels&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-90d,to:now))&_a=(columns:!(_source),filters:!(('$state':(isImplicit:!t,store:appState),meta:(alias:!n,disabled:!f,index:'wazuh-alerts-*',key:manager.name,negate:!f,params:(**query:ip-10-92-18-96.ec2.internal**),removable:!f,type:phrase),query:(match:(manager.name:(**query:ip-10-92-18-96.ec2.internal**,type:phrase))))),index:'wazuh-alerts-*',interval:auto,query:(language:kuery,query:''),sort:!())
When I edit the URL and ADD MANAGER.NAME to it as IF EXIST, it is possible to catalog old data from other ECS that were automatically generated by AWS. The question is, can we leave this as default?
Issues
We saw this other issue with a similar process, but as there was no response we were unable to validate it.
Description
Our Cloud and Security team came together to contribute to Wazuh and we are developing the Wazuh application for AWS ECS Fargate. We did the first SETUP and are now in the testing phase, but we came across the process below:
For that, we need to:
- [NOKAY ] Problem with handling URL that contains MANAGER.NAME as default
Is there any way to remove the default server from the URL, because we are talking about this, because the ECS TASKs when they are generated by default the DNS of this manager ends up being changed, because AWS works with this dynamic addressing, therefore the references are lost, but not data, so we understand that if there is a possibility of removing this default from the base URL, it would be possible to have data and thus we could evolve our tests in ECS and who knows contribute to the wazuh platform with a process to be applied in Fargate ECS.
This DNS address is automatically generated by AWS. When taks dies or is restarted;
DNS AWS: ip-10-92-18-96.ec2.internal
url when we try to navigate by default:
https://wazuh-dashboard.DNS.COM/app/threat-hunting#/overview/?tab=general&tabView=panels&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-90d,to:now))&_a=(columns:!(_source),filters:!(('$state':(isImplicit:!t,store:appState),meta:(alias:!n,disabled:!f,index:'wazuh-alerts-*',key:manager.name,negate:!f,params:(**query:ip-10-92-18-96.ec2.internal**),removable:!f,type:phrase),query:(match:(manager.name:(**query:ip-10-92-18-96.ec2.internal**,type:phrase))))),index:'wazuh-alerts-*',interval:auto,query:(language:kuery,query:''),sort:!())manipulated url:
https://wazuh-dashboard.DNS.COM/app/threat-hunting#/overview/?tab=general&tabView=panels&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-90d,to:now))&_a=(columns:!(_source),**filters:!(('$state':(store:appState),exists:(field:manager.name**),meta:(alias:!n,disabled:!f,index:'wazuh-alerts-*',**key:manager.name,negate:!f,type:exists,value:exists**))),index:'wazuh-alerts-*',interval:auto,query:(language:kuery,query:'',timestamp:'1730143870989'),sort:!())When I edit the URL and ADD MANAGER.NAME to it as IF EXIST, it is possible to catalog old data from other ECS that were automatically generated by AWS. The question is, can we leave this as default?
Issues
manager.namefilter (better server migration support) #189Attachment:
The text was updated successfully, but these errors were encountered: