Hide Wazuh App in kibana by space and user
116 views
Skip to first unread message
TOUIDJINE Kais
Mar 22, 2023, 4:56:38 AM3/22/23
to Wazuh mailing list
hello Community, I have the Wazuh app 4.3.9 for Elastic stack 7.17.6. in my Kibana i have multiple spaces and multiple users by spaces, how can I:
- hide the Wazuh app by space
- show wazuh agents by Space.
Antonio David Gutiérrez
Mar 22, 2023, 7:02:59 AM3/22/23
to Wazuh mailing list
Hi,
Thank you for using Wazuh!
I will reply to your questions
1. Unfortunately, it is not possible to hide the Wazuh plugin depending on the Kibana spaces.
The Wazuh plugin provides a way to hide it, which is based on the Elasticsearch roles of the users.
It is managed through the Wazuh plugin setting `disabled_roles` that is configurated in the Wazuh
plugin configuration file (located in /usr/share/kibana/data/wazuh/config/wazuh.yml). The users that
have some of the role names configurated for this setting can't see the Wazuh plugin.
More information here: https://documentation.wazuh.com/4.3/user-manual/wazuh-dashboard/config-file.html#disabled-roles
Related issue: https://github.com/wazuh/wazuh-kibana-app/issues/1601
2. I was researching and this is not possible. The RBAC features of the Wazuh plugin use the authentication context in Kibana to match
the RBAC rules of the Wazuh API, but unfortunately, the selected Kibana space is not included in this authentication context, so it can't be
used to define the RBAC rules of the Wazuh API. You could use the Wazuh API RBAC rules to define the agent's permissions attending to another
property of the authentication context as the roles or the user name.
More information:
- https://documentation.wazuh.com/current/user-manual/user-administration/rbac.html
- https://documentation.wazuh.com/current/user-manual/api/rbac/how-it-works.html
Thank you for using Wazuh!
I will reply to your questions
1. Unfortunately, it is not possible to hide the Wazuh plugin depending on the Kibana spaces.
The Wazuh plugin provides a way to hide it, which is based on the Elasticsearch roles of the users.
It is managed through the Wazuh plugin setting `disabled_roles` that is configurated in the Wazuh
plugin configuration file (located in /usr/share/kibana/data/wazuh/config/wazuh.yml). The users that
have some of the role names configurated for this setting can't see the Wazuh plugin.
More information here: https://documentation.wazuh.com/4.3/user-manual/wazuh-dashboard/config-file.html#disabled-roles
Related issue: https://github.com/wazuh/wazuh-kibana-app/issues/1601
2. I was researching and this is not possible. The RBAC features of the Wazuh plugin use the authentication context in Kibana to match
the RBAC rules of the Wazuh API, but unfortunately, the selected Kibana space is not included in this authentication context, so it can't be
used to define the RBAC rules of the Wazuh API. You could use the Wazuh API RBAC rules to define the agent's permissions attending to another
property of the authentication context as the roles or the user name.
More information:
- https://documentation.wazuh.com/current/user-manual/user-administration/rbac.html
- https://documentation.wazuh.com/current/user-manual/api/rbac/how-it-works.html
TOUIDJINE Kais
Mar 23, 2023, 2:57:12 PM3/23/23
to Wazuh mailing list
thank you @Antonio for the help, for the first task, I test it and it work, but not as expected, the wazuh app was disabled in the selected space, but still appear in the left kibana menu!
Antonio David Gutiérrez
Mar 24, 2023, 3:44:46 AM3/24/23
to Wazuh mailing list
Hi, I replicated your environment:
Wazuh plugin for Kibana 4.3.9
Elastic stack 7.17.6
I used the `disabled_roles` setting of the Wazuh plugin, and I confirm the Wazuh plugin could be visible in the Kibana menu when accessing with an user that has a role included in the `disabled_roles` setting of the Wazuh plugin. If the user tries to access to the Wazuh plugin, a prompt will be displayed with the message "Application not found" and at this moment the Wazuh plugin is not visible in the Kibana menu. If the user goes to another plugin and refreshes the page, the Wazuh plugin could be seen in the Kibana menu.
This problem is caused because the plugin is always registered in the Kibana menu when the user access to Kibana and only is hidden from the Kibana menu, when the user tried to access the Wazuh plugin.
References in the source code:
Plugin is registered in the Kibana menu: https://github.com/wazuh/wazuh-kibana-app/blob/v4.3.9-7.17.6/public/plugin.ts#L41
Plugin is unmounted and disabled of Kibana menu for a user with an Elasticsearch role that matches some of `disabled_roles` in the Wazuh plugin configuration: https://github.com/wazuh/wazuh-kibana-app/blob/v4.3.9-7.17.6/public/plugin.ts#L75-L86
This could have been fixed in the Wazuh plugin 4.4.0 that is not been released yet.
Wazuh plugin for Kibana 4.3.9
Elastic stack 7.17.6
I used the `disabled_roles` setting of the Wazuh plugin, and I confirm the Wazuh plugin could be visible in the Kibana menu when accessing with an user that has a role included in the `disabled_roles` setting of the Wazuh plugin. If the user tries to access to the Wazuh plugin, a prompt will be displayed with the message "Application not found" and at this moment the Wazuh plugin is not visible in the Kibana menu. If the user goes to another plugin and refreshes the page, the Wazuh plugin could be seen in the Kibana menu.
This problem is caused because the plugin is always registered in the Kibana menu when the user access to Kibana and only is hidden from the Kibana menu, when the user tried to access the Wazuh plugin.
References in the source code:
Plugin is registered in the Kibana menu: https://github.com/wazuh/wazuh-kibana-app/blob/v4.3.9-7.17.6/public/plugin.ts#L41
Plugin is unmounted and disabled of Kibana menu for a user with an Elasticsearch role that matches some of `disabled_roles` in the Wazuh plugin configuration: https://github.com/wazuh/wazuh-kibana-app/blob/v4.3.9-7.17.6/public/plugin.ts#L75-L86
This could have been fixed in the Wazuh plugin 4.4.0 that is not been released yet.
Reply all
Reply to author
Forward
0 new messages