Customize dashboard and restrict access

161 views
Skip to first unread message

Lander

unread,
Oct 15, 2024, 1:50:19 AM10/15/24
to Wazuh | Mailing List
Hi all,

I'm looking to set up Wazuh for our clients which are usually SMBs.

The only thing they would need to see is a custom dashboard with visualizations we set up. They should not be able to see anything else (ideally not even the other modules via the hamburger menu as we already provide other services with similar endgoals). But of course the data comes from the sources they don't have access to.

I'm a bit stuck with the roles, policies setup and how i can limit it as tight as possible. 

Worst case i could use their API's and set a fully custom dashboard for clients?

Thank you!

Kr,
Lander

 

ismail....@wazuh.com

unread,
Oct 15, 2024, 5:41:27 AM10/15/24
to Wazuh | Mailing List

Hi  Lander,

A user in Wazuh can have access restricted to a specific dashboard by using Role-Based Access Control (RBAC) and multi-tenancy features. This method allows granting permissions solely for viewing the selected dashboard while ensuring that all other data and agents remain hidden.

Here is a sample configuration that can be modified according to specific requirements:

  1. Enable multi-tenancy:

    Log in as the root user, and refer to the Wazuh documentation to enable multi-tenancy, and edit the /etc/wazuh-dashboard/opensearch_dashboards.yml configuration file.

  2. Create a Tenant:
    Log in as the admin user, and follow these steps to set up a new tenant in the Wazuh dashboard.

    Menu icon → Indexer Management → Security → Tenants → Create Tenant → Create

    Tenant name: tenant_group_a
    Description (Optional): any

  3. Create an Internal User:
    Proceed to create an internal user who will be assigned specific access permissions.

    Menu icon ☰ → Indexer Management → Security → Internal Users → Create Internal User (Provide Username and password) → Create

    Provide Username and password:
    Username: user1

    Note: User created now.

  4. Create a Role:
    Create a rule and map the user to the role.

    Menu icon → Indexer Management → Security → Roles → Create Role → Create

    Role Name: group_a
    Cluster Permissions: cluster_composite_ops_ro

    Index Permissions:
    Index: *

    Index permissions: read

    Tenant Permissions: tenant_group_a "Read only"

  5. To map the user to the appropriate role, follow these steps:

    Select group → mapped users → map users → Map

    Group: group_a
    Users: user1
    Backend Roles: group_a

  6. To allow user1 to access only the dashboards belonging to tenant_group_a, assign them to the kibana_read_only role.

    Navigate Menu icon → Indexer Management → Security → Roles

    Search kibana_read in the search bar and open this role.

    Mapped users → map users → Add user name user1 → Map

  7. To map the user with Wazuh, follow these steps:

    Navigate Menu icon → Server Management → Security → Roles mapping Create Role mapping

    Provide the following details,

    Role mapping name: group_a

    Roles: readonly
    Map internal users: user1

     

  8. To create a dashboard for a specific tenant:

    Navigate, Menu icon → Index Management → Security → Tenants → Click on view dashboard of the tenant_group_a.

    If an index pattern is not available, create an index pattern.

    Index pattern name: wazuh-alerts-*

    Once the index pattern is created, navigate back to the tenant.

    Click on view dashboardcreate new dashboard

    Dashboard name is given: Cortex XDR-Dashboard


  9. Once all the above steps,
    Please log in the wazuh dashboard with url https://<IP or Domain>/app/dashboards?security_tenant=<Tenant Name>

    Eg:

    https://192.168.10.10/app/dashboards?security_tenant=tenant_group_a

    User1 can only view Cortex XDR-Dashboard and access the Dashboard area.

    Note:     Added some screenshots also for reference.


    I hope this information helps you. Please feel free to reach out to us for any information/issues.

    Regards,


new tenant.png
Untitled.png
backend_role.png
role permission.png
role permissions.png
user.png
tenant.png

Lander

unread,
Oct 15, 2024, 7:33:10 AM10/15/24
to Wazuh | Mailing List
Hi,

First of all thank you for all the detailed steps.
Even though the below error still exists, the solution is working as intended. Thank you a lot for that!

Could you further clarify the differences between the Roles on Index management vs the roles on Server management? Do I also need to create a user here (other that wazuh & wazuh-wui)



I have an error on step 7: Error(4005) I can create the role mapping & select a role but cannot add a mapping rule -> map internal usrs
ServerManagementRoleError.png

Step 5 is also unclear to me:

To map the user to the appropriate role, follow these steps:

Select group → mapped users → map users → Map
Group: group_a
Users: user1
Backend Roles: group_a

I can't find group anywhere. Although it would be a lot easier to manage users through groups.



Best regards,

ismail....@wazuh.com

unread,
Oct 16, 2024, 4:57:56 AM10/16/24
to Wazuh | Mailing List
Hi,

I'm glad the solution is working as expected despite the error. Let me clarify the differences between roles in Index management and Server management:

Index management (OpenSearch) roles focus on managing access to indices and documents within OpenSearch. These roles define permissions like reading, writing, or managing specific OpenSearch resources.

Server management roles, on the other hand, are designed to manage access to the Wazuh Dashboard and its functionalities. Wazuh roles define what users can view or manage within the Wazuh environment, including agent management, rules, and decoders. These roles are tailored specifically to Wazuh's security monitoring functions.

You can see wazuh roles, Navigate Menu icon ☰ → Server Management → Security → Roles


Please refer to the wazuh document https://documentation.wazuh.com/current/user-manual/user-administration/rbac.html for more info.

Note:

For the role mapping to take effect, make sure that run_as is set to true in the /usr/share/wazuh-dashboard/data/wazuh/config/wazuh.yml configuration file.

Restart the Wazuh dashboard service and clear your browser cache and cookies.

systemctl restart wazuh-dashboard


Do I also need to create a user here?

No need to create a new user here; you can map the existing user (user1) with Wazuh, and it will be reflected under the "Map internal users" section.

(Screenshot has been added for your reference).

Refer Point 7:

7. To map the user with Wazuh, follow these steps:


Navigate Menu icon ☰ → Server Management → Security → Roles mapping → Create Role mapping →


Provide the following details,

Role mapping name: group_a

Roles: readonly
Map internal users: user1

Step5 explanation:

In Step 4, we created a role named group_a. Now, in Step 5, to map the user1 to the group_a role,

Navigate Menu icon ☰ → Indexer Management → Security → Roles → select group_a role → mapped users → map users → Map



I hope this information helps you. Please feel free to reach out to us for any information/issues.

Regards,

 

ismail....@wazuh.com

unread,
Oct 22, 2024, 2:16:58 AM10/22/24
to Wazuh | Mailing List
Added missing screenshot here:
user_map.png
Reply all
Reply to author
Forward
0 new messages