Vulnerability dashboard

[Juan Carlos Flores Gonzalez]

Hello, could you help me please I need to build a dashboard for the progress and decrease in time of vulnerabilities in all agents.

Regards.

Juan

[Luis Enrique Chico Capistrano]

Hello Juan,

Thank you for reaching out to Wazuh support.

Based on your query, it seems like you're interested in building a dashboard to monitor the progress and decrease in time of vulnerabilities across all agents. The Wazuh dashboard is indeed a valuable tool for visualizing such information. To deploy the Wazuh dashboard, you can follow the instructions provided in the link below: Dashboard Deployment Guide.

The Wazuh dashboard is a component of the central Wazuh server, and deploying it will enable you to effectively monitor and manage vulnerabilities in your environment.

If you have any further questions or if there's anything specific you'd like assistance with regarding the dashboard setup or configuration, please feel free to let me know. I'm here to help.

Regars

[Juan Carlos Flores Gonzalez]

Hi,
Could you tell me which are the fields and values I should use in the filters to build a graph of the progress of the total and per agent active vulnerabilities. 

Regards. 
Juan Flores Gonzalez

--
You received this message because you are subscribed to the Google Groups "Wazuh | Mailing List" group.
To unsubscribe from this group and stop receiving emails from it, send an email to wazuh+un...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/wazuh/1d02ce46-32a5-4e3b-89bf-dbb9da9b328dn%40googlegroups.com.

[Hatem]

Hi Juan & Luis

Do you have any updates on the below?

Hatem

> To view this discussion on the web visit https://groups.google.com/d/msgid/wazuh/CAP%2BYbmujrpRb3yuexh9cmB9YuKB2HVz%2BVrzayDiZLDYvdH8rVQ%40mail.gmail.com.



--
BR
Hatem Enaami

[Juan Carlos Flores Gonzalez]

Hi,
Could you tell me which are the fields and values I should use in the filters to build a graph of the progress of the total and per agent active vulnerabilities. 

Juan Flores Gonzalez

[Luis Enrique Chico Capistrano]

Hi Juan & Hatem,

I'm still working on the below and haven't reached a definitive answer yet. I need some additional time to research and ensure the information is accurate. I'll keep you updated on my progress and aim to have something ASAP.

Best,
Luis

[Luis Enrique Chico Capistrano]

Hi Juan & Hatem,

Thanks for your patience. After some research, I have some updates for you:

The Vulnerability Detector works by generating alerts for new vulnerabilities. Therefore, if that graph is based on alerts, the only thing it will show is new vulnerabilities or resolved vulnerabilities.

So, I'm not sure how useful a graph would be, since it would not show you all the vulnerabilities of the agents, and additionally, the inventory only shows active vulnerabilities. Here are the graphics you can get:

So, if you wanted to create a dashboard that shows you all the vulnerabilities, based on alerts, it would not be possible. However, you could try to generate it by obtaining the information through the API. 
I attach a script you can use to get the list of vulnerabilities for all your connected agents (there are more fields you can add in the 'select' query).

Example by using the script:

root@wazuh:~# python3 vuln_summary_to_csv.py
Getting vulnerabilities information for agent 000: wazuh.manager
Getting vulnerabilities information for agent 001: ce84769b410b
Getting vulnerabilities information for agent 002: almalinux9.4
Getting vulnerabilities information for agent 004: WIN-RJL413CAOTT
Getting vulnerabilities information for agent 006: 50f843fadb5f

Report created at "/root/vuln_summary_list.csv".

root@wazuh:~# cat vuln_summary_list.csv  
agent_id,agent_name,agent_group,critical,high,medium,low,untriaged
000,wazuh.manager,unknown,0,11,44,3,0
001,ce84769b410b,['default'],0,0,3,0,0
004,WIN-RJL413CAOTT,['default'],49,704,292,5,0

I hope this will be useful for you!

Best,
Luis