diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS index d3de6258..5ff2b9a9 100644 --- a/.github/CODEOWNERS +++ b/.github/CODEOWNERS @@ -1,2 +1 @@ -# This should match the owning team set up in https://github.com/orgs/opensearch-project/teams -* @pjfitzgibbons @ps48 @kavithacm @derek-ho @joshuali925 @dai-chen @YANG-DB @rupal-bq @mengweieric @vamsi-amazon @swiddis @penghuo @seankao-az @anirudha \ No newline at end of file +* @wazuh/devel-indexer \ No newline at end of file diff --git a/.github/ISSUE_TEMPLATE/compatibility_request.md b/.github/ISSUE_TEMPLATE/compatibility_request.md new file mode 100644 index 00000000..37b498ac --- /dev/null +++ b/.github/ISSUE_TEMPLATE/compatibility_request.md @@ -0,0 +1,23 @@ +--- +name: Compatibility request +about: Suggest supporting a new version of OpenSearch +title: 'Compatibility with OpenSearch (version)' +labels: compatibility, level/task, type/research +assignees: '' + +--- + +## Description +We need to ensure the compatibility with the next version of OpenSearch vX.X. +This update is still being discussed, but we need to be aware of potential issues. + +For that, we need to: + +- [ ] Review opensearch's release notes. +- [ ] Identify improvements and potential impact. +- [ ] Create new development branch. +- [ ] Develop a testing environment to verify our components would work under this new build. + + +## Issues +- _List here the detected issues_ \ No newline at end of file diff --git a/.github/ISSUE_TEMPLATE/config.yml b/.github/ISSUE_TEMPLATE/config.yml index a8199a10..0db72d2a 100644 --- a/.github/ISSUE_TEMPLATE/config.yml +++ b/.github/ISSUE_TEMPLATE/config.yml @@ -1,7 +1,2 @@ -contact_links: - - name: OpenSearch Community Support - url: https://discuss.opendistrocommunity.dev/ - about: Please ask and answer questions here. - - name: AWS/Amazon Security - url: https://aws.amazon.com/security/vulnerability-reporting/ - about: Please report security vulnerabilities here. \ No newline at end of file +# disable blank issue creation +blank_issues_enabled: false diff --git a/.github/dependabot.yml b/.github/dependabot.yml new file mode 100644 index 00000000..06b837dd --- /dev/null +++ b/.github/dependabot.yml @@ -0,0 +1,8 @@ +updates: + - directory: /src + open-pull-requests-limit: 1 + package-ecosystem: gradle + schedule: + interval: weekly + day: "friday" +version: 2 \ No newline at end of file diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml new file mode 100644 index 00000000..7aa70cde --- /dev/null +++ b/.github/workflows/build.yml @@ -0,0 +1,69 @@ +run-name: Build Wazuh Indexer Reporting plugin | ${{ inputs.id}} +name: Build packages + +# This workflow runs when any of the following occur: +# - Run manually +# - Invoked from another workflow +on: + workflow_dispatch: + inputs: + revision: + description: "Revision" + type: string + default: "0" + id: + description: "ID used to identify the workflow uniquely." + type: string + required: false + workflow_call: + inputs: + revision: + description: "Revision" + type: string + default: "0" + id: + description: "ID used to identify the workflow uniquely." + type: string + required: false + +# ========================== +# Bibliography +# ========================== +# +# * Reusable workflows: limitations +# | https://docs.github.com/en/actions/using-workflows/reusing-workflows#limitations +# * Using matrix in reusable workflows: +# | https://docs.github.com/en/actions/using-workflows/reusing-workflows#using-a-matrix-strategy-with-a-reusable-workflow +# * Reading input from the called workflow +# | https://docs.github.com/en/enterprise-cloud@latest/actions/using-workflows/workflow-syntax-for-github-actions#onworkflow_callinputs +# * Ternary operator +# | https://docs.github.com/en/actions/learn-github-actions/expressions#example + +jobs: + build: + runs-on: ubuntu-latest + env: + plugin_name: wazuh-indexer-reporting + steps: + - uses: actions/checkout@v4 + - uses: actions/setup-java@v4 + with: + distribution: temurin + java-version: 21 + + - name: Setup Gradle # Used for caching + uses: gradle/actions/setup-gradle@v4 + + - name: Get version + id: version + run: echo "version=$(> "$GITHUB_OUTPUT" + + - name: Build with Gradle + run: ./gradlew build -Dversion=${{ steps.version.outputs.version }} -Drevision=${{ inputs.revision }} + + - name: Upload artifact + uses: actions/upload-artifact@v4 + with: + name: ${{ env.plugin_name }}-${{ steps.version.outputs.version }}.${{ inputs.revision }}.zip + path: build/distributions/wazuh-indexer-${{ env.plugin_name }}-${{ steps.version.outputs.version }}.${{ inputs.revision }}.zip + if-no-files-found: error diff --git a/.github/workflows/build_on_push.yml b/.github/workflows/build_on_push.yml new file mode 100644 index 00000000..bc278450 --- /dev/null +++ b/.github/workflows/build_on_push.yml @@ -0,0 +1,14 @@ +name: Build packages (on push) + +# This workflow runs when any of the following occur: +# - On push to branches named after ci/* +on: + push: + # Sequence of patterns matched against refs/heads + branches: + - "ci/*" + +jobs: + call-build-workflow: + uses: ./.github/workflows/build.yml + secrets: inherit \ No newline at end of file diff --git a/.github/workflows/reports-scheduler-test-and-build-workflow.yml b/.github/workflows/reports-scheduler-test-and-build-workflow.yml index ce324719..d52432ec 100644 --- a/.github/workflows/reports-scheduler-test-and-build-workflow.yml +++ b/.github/workflows/reports-scheduler-test-and-build-workflow.yml @@ -59,7 +59,7 @@ jobs: chown -R 1000:1000 `pwd` - name: Upload Artifacts - uses: actions/upload-artifact@v1 + uses: actions/upload-artifact@v4 with: name: reports-scheduler-linux path: reports-scheduler-builds @@ -90,7 +90,7 @@ jobs: cp -r ./build/distributions/*.zip reports-scheduler-builds/ - name: Upload Artifacts - uses: actions/upload-artifact@v1 + uses: actions/upload-artifact@v4 with: name: reports-scheduler-windows path: reports-scheduler-builds @@ -122,7 +122,7 @@ jobs: cp -r ./build/distributions/*.zip reports-scheduler-builds/ - name: Upload Artifacts - uses: actions/upload-artifact@v1 + uses: actions/upload-artifact@v4 with: name: reports-scheduler-macos path: reports-scheduler-builds diff --git a/.idea/.name b/.idea/.name index a5b02101..4322d30f 100644 --- a/.idea/.name +++ b/.idea/.name @@ -1 +1 @@ -opensearch-reports-scheduler \ No newline at end of file +wazuh-indexer-reports-scheduler \ No newline at end of file diff --git a/ADMINS.md b/ADMINS.md deleted file mode 100644 index bcdc8f2a..00000000 --- a/ADMINS.md +++ /dev/null @@ -1,7 +0,0 @@ -## Admins - -| Admin | GitHub ID | Affiliation | -| --------------- | --------------------------------------- | ----------- | -| Henri Yandell | [hyandell](https://github.com/hyandell) | Amazon | - -[This document](https://github.com/opensearch-project/.github/blob/main/ADMINS.md) explains what admins do in this repo, and how they should be doing it. If you're interested in becoming a maintainer, see [MAINTAINERS](MAINTAINERS.md). If you're interested in contributing, see [CONTRIBUTING](CONTRIBUTING.md). diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index b234f675..d0ea8dad 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -1,96 +1,23 @@ -# Contributing Guidelines +# Contributing to Wazuh Indexer Plugins +Depending on the plugin relationship with the Wazuh organization we currently recommend the following naming conventions and optional follow-up checks: -Thank you for your interest in contributing to our project. Whether it's a bug report, new feature, correction, or additional -documentation, we greatly value feedback and contributions from our community. +### Official plugins -Please read through this document before submitting any issues or pull requests to ensure we have all the necessary -information to effectively respond to your bug report or contribution. +For the **official plugins** that live within the Wazuh organization (i.e. they are included in [wazuh/wazuh-indexer-plugins/](https://github.com/wazuh/wazuh-indexer-plugins) or [wazuh/wazuh-indexer-reporting/](https://github.com/wazuh/wazuh-indexer-reporting) folder), and **which share the same release cycle as the Wazuh Indexer** itself: -## Reporting Bugs/Feature Requests +- Do not include the word `plugin` in the repo name (e.g. [job-scheduler](https://github.com/opensearch-project/job-scheduler)) +- Use lowercase repo names +- Use spinal case for repo names (e.g. [job-scheduler](https://github.com/opensearch-project/job-scheduler)) +- Do not include the word `Wazuh Indexer` or `Wazuh Dashboard` in the repo name +- Provide a meaningful description, e.g. `A Wazuh Dashboard plugin to perform real-time and historical anomaly detection on Wazuh Indexer data`. -We welcome you to use the GitHub issue tracker to report bugs or suggest features. +### Thirdparty plugins -When filing an issue, please check existing open, or recently closed, issues to make sure somebody else hasn't already -reported the issue. Please try to include as much information as you can. Details like these are incredibly useful: +For the **3rd party plugins** that are maintained as independent projects in separate GitHub repositories **with their own release cycles** the recommended naming convention should follow the same rules as official plugins with some exceptions and few follow-up checks: -- A reproducible test case or series of steps -- The version of our code being used -- Any modifications you've made relevant to the bug -- Anything unusual about your environment or deployment - -## Sign your work -The sign-off is a simple line at the end of each commit, which certifies that you wrote it or otherwise have the right to pass it on as an open-source patch. if you can certify the below -``` -By making a contribution to this project, I certify that: -(a) The contribution was created in whole or in part by me and I -have the right to submit it under the open source license -indicated in the file; or -(b) The contribution is based upon previous work that, to the best -of my knowledge, is covered under an appropriate open source -license and I have the right under that license to submit that -work with modifications, whether created in whole or in part -by me, under the same open source license (unless I am -permitted to submit under a different license), as indicated -in the file; or -(c) The contribution was provided directly to me by some other -person who certified (a), (b) or (c) and I have not modified -it. -(d) I understand and agree that this project and the contribution -are public and that a record of the contribution (including all -personal information I submit with it, including my sign-off) is -maintained indefinitely and may be redistributed consistent with -this project or the open source license(s) involved. -``` -then you just add a line to every git commit message: -``` -Signed-off-by: Bob Sanders -``` -You can sign off your work easily by adding the configuration in github -``` -git config user.name "Bob Sanders" -git config user.email "bob.sanders@email.com" -``` -Then, you could sign off commits automatically by adding `-s` or `-=signoff` parameter to your usual git commits commands. e.g. -``` -git commit -s -m "my first commit" -``` - -## Contributing via Pull Requests - -Contributions via pull requests are much appreciated. Before sending us a pull request, please ensure that: - -1. You are working against the latest source on the _dev_ branch. -2. You check existing open, and recently merged, pull requests to make sure someone else hasn't addressed the problem already. -3. You open an issue to discuss any significant work - we would hate for your time to be wasted. - -To send us a pull request, please: - -1. Fork the repository. -2. Modify the source; please focus on the specific change you are contributing. If you also reformat all the code, it will be hard for us to focus on your change. -3. Ensure local tests pass. -4. Commit to your fork using clear commit messages. -5. Send us a pull request, answering any default questions in the pull request interface. -6. Pay attention to any automated CI failures reported in the pull request, and stay involved in the conversation. - -GitHub provides additional document on [forking a repository](https://help.github.com/articles/fork-a-repo/) and -[creating a pull request](https://help.github.com/articles/creating-a-pull-request/). - -## Finding contributions to work on - -Looking at the existing issues is a great way to find something to contribute on. As our projects, by default, use the default GitHub issue labels (enhancement/bug/duplicate/help wanted/invalid/question/wontfix), looking at any 'help wanted' issues is a great place to start. - -## Code of Conduct - -This project has adopted the [Amazon Open Source Code of Conduct](https://aws.github.io/code-of-conduct). -For more information see the [Code of Conduct FAQ](https://aws.github.io/code-of-conduct-faq) or contact -opensource-codeofconduct@amazon.com with any additional questions or comments. - -## Security issue notifications - -If you discover a potential security issue in this project we ask that you notify AWS/Amazon Security via our [vulnerability reporting page](http://aws.amazon.com/security/vulnerability-reporting/). Please do **not** create a public github issue. - -## Licensing - -See the [LICENSE](LICENSE) file for our project's licensing. We will ask you to confirm the licensing of your contribution. - -We may ask you to sign a [Contributor License Agreement (CLA)](http://en.wikipedia.org/wiki/Contributor_License_Agreement) for larger changes. +- Inclusion of the words like `Wazuh Indexer` or `Wazuh Dashboard` (and in reasonable cases even `plugin`) are welcome because they can increase the chance of discoverability of the repository +- Check the plugin versioning policy is documented and help users know which versions of the plugin are compatible and recommended for specific versions of OpenSearch +- Review [CONTRIBUTING.md](CONTRIBUTING.md) document which is by default tailored to the needs of Amazon Web Services developer teams. You might want to update or further customize specific parts related to: + - **Code of Conduct** (if you do not already have CoC policy then there are several options to start with, such as [Contributor Covenant](https://www.contributor-covenant.org/)), + - **Security Policy** (you should let users know how they can safely report security vulnerabilities), + - Check if you need explicit part about **Trademarks and Attributions** (if you use any registered or non-registered trademarks we recommend following applicable "trademark-use" documents provided by respective trademark owners) diff --git a/MAINTAINERS.md b/MAINTAINERS.md deleted file mode 100644 index f07ff16d..00000000 --- a/MAINTAINERS.md +++ /dev/null @@ -1,34 +0,0 @@ -## Overview - -This document contains a list of maintainers in this repo. See [opensearch-project/.github/RESPONSIBILITIES.md](https://github.com/opensearch-project/.github/blob/main/RESPONSIBILITIES.md#maintainer-responsibilities) that explains what the role of maintainer means, what maintainers do in this and other repos, and how they should be doing it. If you're interested in contributing, and becoming a maintainer, see [CONTRIBUTING](CONTRIBUTING.md). - -## Current Maintainers - -| Maintainer | GitHub ID | Affiliation | -| ----------------- | ------------------------------------------------- | ----------- | -| Eric Wei | [mengweieric](https://github.com/mengweieric) | Amazon | -| Joshua Li | [joshuali925](https://github.com/joshuali925) | Amazon | -| Shenoy Pratik | [ps48](https://github.com/ps48) | Amazon | -| Kavitha Mohan | [kavithacm](https://github.com/kavithacm) | Amazon | -| Rupal Mahajan | [rupal-bq](https://github.com/rupal-bq) | Amazon | -| Derek Ho | [derek-ho](https://github.com/derek-ho) | Amazon | -| Lior Perry | [YANG-DB](https://github.com/YANG-DB) | Amazon | -| Peter Fitzgibbons | [pjfitzgibbons](https://github.com/pjfitzgibbons) | Amazon | -| Simeon Widdis | [swiddis](https://github.com/swiddis) | Amazon | -| Chen Dai | [dai-chen](https://github.com/dai-chen) | Amazon | -| Vamsi Manohar | [vamsi-amazon](https://github.com/vamsi-amazon) | Amazon | -| Peng Huo | [penghuo](https://github.com/penghuo) | Amazon | -| Sean Kao | [seankao-az](https://github.com/seankao-az) | Amazon | -| Anirudha Jadhav | [anirudha](https://github.com/anirudha) | Amazon | - - -## Emeritus Maintainers - -| Maintainer | GitHub ID | Affiliation | -| ----------------- | ------------------------------------------------------- | ----------- | -| Charlotte Henkle | [CEHENKLE](https://github.com/CEHENKLE) | Amazon | -| Nick Knize | [nknize](https://github.com/nknize) | Amazon | -| David Cui | [davidcui1225](https://github.com/davidcui1225) | Amazon | -| Eugene Lee | [eugenesk24](https://github.com/eugenesk24) | Amazon | -| Zhongnan Su | [zhongnansu](https://github.com/zhongnansu) | Amazon | -| Sean Li | [sejli](https://github.com/sejli) | Amazon | diff --git a/README.md b/README.md index f4678e9a..114592b4 100644 --- a/README.md +++ b/README.md @@ -1,104 +1,75 @@ - - -- [OpenSearch Dashboards Reports](#opensearch-dashboards-reports) -- [Code Summary](#code-summary) -- [Documentation](#documentation) -- [Contributing](#contributing) -- [Setup](#setup-&-build) -- [Notifications Integration](#notifications-integration) -- [Code of Conduct](#code-of-conduct) +

+ +

+ +[![Chat](https://img.shields.io/badge/chat-on%20forums-blue)](https://groups.google.com/forum/#!forum/wazuh) +[![Slack](https://img.shields.io/badge/slack-join-blue.svg)](https://wazuh.com/community/join-us-on-slack) +[![Documentation](https://img.shields.io/badge/documentation-reference-blue)](https://documentation.wazuh.com) + +- [Welcome!](#welcome) +- [Project Resources](#project-resources) - [Security](#security) - [License](#license) - [Copyright](#copyright) +- [Trademark](#trademark) -# OpenSearch Dashboards Reports - -OpenSearch Dashboards Reports allows ‘Report Owner’ (engineers, including but not limited to developers, DevOps, IT Engineer, and IT admin) export and share reports from OpenSearch Dashboards dashboards, saved search, alerts and visualizations. It helps automate the process of scheduling reports on an on-demand or a periodical basis (on cron schedules as well). Further, it also automates the process of exporting and sharing reports triggered for various alerts. The feature is present in the Dashboard, Discover, and Visualization tabs. We are currently working on integrating Dashboards Reports with Notifications to enable sharing functionality. After the support is introduced, scheduled reports can be sent to (shared with) self or various stakeholders within the organization. These stakeholders include but are not limited to, executives, managers, engineers (developers, DevOps, IT Engineer) in the form of pdf, hyperlinks, csv, excel via various channels such as email, Slack, and Amazon Chime. However, in order to export, schedule and share reports, report owners should have the necessary permissions as defined under Roles and Privileges. - -## Code Summary - -### Reports-Scheduler - -| | | -| ---------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | -| Test and build | [![Observability OpenSearch Build CI][reports-scheduler-build-badge]][reports-scheduler-build-link] | -| Code coverage | [![codecov][reports-scheduler-codecov-badge]][codecov-link] | -| Distribution build tests | [![OpenSearch IT tests][reports-scheduler-it-badge]][reports-scheduler-it-link] [![OpenSearch IT code][reports-scheduler-it-code-badge]][reports-scheduler-it-code-link] | -| Backward compatibility tests | [![BWC tests][bwc-tests-badge]][bwc-tests-link] | - - -### Repository Checks - -| | | -| ------------ | --------------------------------------------------------------- | -| DCO Checker | [![Developer certificate of origin][dco-badge]][dco-badge-link] | -| Link Checker | [![Link Checker][link-check-badge]][link-check-link] | - -### Issues - -| | -| -------------------------------------------------------------- | -| [![good first issues open][good-first-badge]][good-first-link] | -| [![features open][feature-badge]][feature-link] | -| [![enhancements open][enhancement-badge]][enhancement-link] | -| [![bugs open][bug-badge]][bug-link] | -| [![untriaged open][untriaged-badge]][untriaged-link] | -| [![nolabel open][nolabel-badge]][nolabel-link] | - -[dco-badge]: https://github.com/opensearch-project/dashboards-reports/actions/workflows/dco.yml/badge.svg -[dco-badge-link]: https://github.com/opensearch-project/dashboards-reports/actions/workflows/dco.yml -[link-check-badge]: https://github.com/opensearch-project/dashboards-reports/actions/workflows/link-checker.yml/badge.svg -[link-check-link]: https://github.com/opensearch-project/dashboards-reports/actions/workflows/link-checker.yml -[reports-scheduler-build-badge]: https://github.com/opensearch-project/dashboards-reports/actions/workflows/reports-scheduler-test-and-build-workflow.yml/badge.svg -[reports-scheduler-build-link]: https://github.com/opensearch-project/dashboards-reports/actions/workflows/reports-scheduler-test-and-build-workflow.yml -[reports-scheduler-codecov-badge]: https://codecov.io/gh/opensearch-project/dashboards-reports/branch/main/graphs/badge.svg?flag=reports-scheduler -[codecov-link]: https://codecov.io/gh/opensearch-project/dashboards-reports -[cypress-test-badge]: https://img.shields.io/badge/Cypress%20tests-in%20progress-yellow -[cypress-test-link]: https://github.com/opensearch-project/opensearch-build/issues/1124 -[cypress-code-badge]: https://img.shields.io/badge/Cypress%20code-blue -[cypress-code-link]: https://github.com/opensearch-project/dashboards-reports/tree/main/dashboards-reports/.cypress/integration -[reports-scheduler-it-badge]: https://img.shields.io/badge/Reports%20Scheduler%20IT%20tests-in%20progress-yellow -[reports-scheduler-it-link]: https://github.com/opensearch-project/opensearch-build/issues/1124 -[reports-scheduler-it-code-badge]: https://img.shields.io/badge/Reports%20Scheduler%20code-blue -[reports-scheduler-it-code-link]: https://github.com/opensearch-project/reporting/blob/main/src/test/kotlin/org/opensearch/integTest/ReportsSchedulerPluginIT.kt -[bwc-tests-badge]: https://img.shields.io/badge/BWC%20tests-in%20progress-yellow -[bwc-tests-link]: https://github.com/opensearch-project/dashboards-reports/pull/244/files -[good-first-badge]: https://img.shields.io/github/issues/opensearch-project/dashboards-reports/good%20first%20issue.svg -[good-first-link]: https://github.com/opensearch-project/dashboards-reports/issues?q=is%3Aopen+is%3Aissue+label%3A%22good+first+issue%22+ -[feature-badge]: https://img.shields.io/github/issues/opensearch-project/dashboards-reports/feature%20request.svg -[feature-link]: https://github.com/opensearch-project/dashboards-reports/issues?q=is%3Aopen+is%3Aissue+label%3A%22feature+request%22+ -[bug-badge]: https://img.shields.io/github/issues/opensearch-project/dashboards-reports/bug.svg -[bug-link]: https://github.com/opensearch-project/dashboards-reports/issues?q=is%3Aopen+is%3Aissue+label%3Abug+ -[enhancement-badge]: https://img.shields.io/github/issues/opensearch-project/dashboards-reports/enhancement.svg -[enhancement-link]: https://github.com/opensearch-project/dashboards-reports/issues?q=is%3Aopen+is%3Aissue+label%3Aenhancement+ -[untriaged-badge]: https://img.shields.io/github/issues/opensearch-project/dashboards-reports/untriaged.svg -[untriaged-link]: https://github.com/opensearch-project/dashboards-reports/issues?q=is%3Aopen+is%3Aissue+label%3Auntriaged+ -[nolabel-badge]: https://img.shields.io/github/issues-search/opensearch-project/dashboards-reports?color=yellow&label=no%20label%20issues&query=is%3Aopen%20is%3Aissue%20no%3Alabel -[nolabel-link]: https://github.com/opensearch-project/dashboards-reports/issues?q=is%3Aopen+is%3Aissue+no%3Alabel+ +## Welcome! -## Documentation & Forum +The Wazuh Indexer is a highly scalable, full-text search and analytics engine. This Wazuh central component indexes and stores alerts generated by the Wazuh server and provides near real-time data search and analytics capabilities. -Please see our technical [documentation](https://opensearch.org/docs/dashboards/reporting/) to learn more about its features. For additional help with the plugin, including questions about opening an issue, try the OpenSearch [Forum](https://forum.opensearch.org/c/opensearch-dashboards/reports/51). +Wazuh Indexer is an open source fork of [OpenSearch](https://github.com/opensearch-project/opensearch). -## Contributing +This repository stores the source code of the Wazuh Indexer Reporting Plugin and its configurations. + +## Wazuh Indexer Reporting Plugin -We welcome you to get involved in development, documentation, testing the OpenSearch Dashboards reports plugin. See our [CONTRIBUTING.md](./CONTRIBUTING.md) and join in. +Wazuh Indexer Reporting allows ‘Report Owner’ (engineers, including but not limited to developers, DevOps, IT Engineer, and IT admin) export and share reports from Wazuh Dashboard's dashboards, saved search, alerts and visualizations. It helps automate the process of scheduling reports on an on-demand or a periodical basis (on cron schedules as well). Further, it also automates the process of exporting and sharing reports triggered for various alerts. The feature is present in the Dashboard, Discover, and Visualization tabs. We are currently working on integrating Dashboards Reports with Notifications to enable sharing functionality. After the support is introduced, scheduled reports can be sent to (shared with) self or various stakeholders within the organization. These stakeholders include but are not limited to, executives, managers, engineers (developers, DevOps, IT Engineer) in the form of PDF, hyperlinks, CSV, excel via various channels such as email, Slack, and Amazon Chime. However, in order to export, schedule and share reports, report owners should have the necessary permissions as defined under Roles and Privileges. -## Notifications Integration +## Project Resources -OpenSearch Dashboards Reports integration with [Notifications](https://github.com/opensearch-project/notifications) is currently in progress. Tracking [here](https://github.com/opensearch-project/dashboards-reports/issues/72) +* [Project Website](https://wazuh.com) +* [Quickstart](https://documentation.wazuh.com/current/quickstart.html) +* [Documentation](https://documentation.wazuh.com) +* Need help? Try [Slack](https://wazuh.com/community/join-us-on-slack) +* [Security](SECURITY.md) + +## Documentation & Forum + +Please see the technical [documentation](https://opensearch.org/docs/dashboards/reporting) to learn more about its features. For additional help with the plugin, including questions about opening an issue, try the Wazuh [Community](https://wazuh.com/community/). + +## Contributing + +We welcome you to get involved in development, documentation, testing the Wazuh Dashboard reports plugin. See our [CONTRIBUTING.md](./CONTRIBUTING.md) and join in. ## Code of Conduct This project has adopted the [Amazon Open Source Code of Conduct](CODE_OF_CONDUCT.md). For more information see the [Code of Conduct FAQ](https://aws.github.io/code-of-conduct-faq), or contact [opensource-codeofconduct@amazon.com](mailto:opensource-codeofconduct@amazon.com) with any additional questions or comments. + ## Security -If you discover a potential security issue in this project we ask that you notify OpenSearch Security directly via email to security@opensearch.org. Please do **not** create a public GitHub issue. +To report a possible vulnerability or security issue you can: +- Email us to security@wazuh.com. +- Open a new security report under the security tab on this repository. + +**PLEASE DO NOT OPEN A PUBLIC ISSUE ABOUT SECURITY** + +We want to protect our community, so please give us time to fix a vulnerability +before publishing it. ## License -See the [LICENSE](./LICENSE) file for our project's licensing. We will ask you to confirm the licensing of your contribution. +This project is licensed under the [AGPL v3.0 License](LICENSE.txt). ## Copyright +- Copyright Wazuh, Inc. + +## Trademark + +OpenSearch is a registered trademark of Amazon Web Services. + +OpenSearch includes certain Apache-licensed Elasticsearch code from Elasticsearch B.V. and other source code. Elasticsearch B.V. is not the source of that other source code. ELASTICSEARCH is a registered trademark of Elasticsearch B.V. + +Check Wazuh's [trademark and Brand policy](https://wazuh.com/trademark-and-brand-policy/). + diff --git a/SECURITY.md b/SECURITY.md index be4ac746..4d35ef4f 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -1,3 +1,45 @@ -## Reporting a Vulnerability +# Wazuh Open Source Project Security Policy -If you discover a potential security issue in this project we ask that you notify OpenSearch Security directly via email to security@opensearch.org. Please do **not** create a public GitHub issue. +Version: 2023-06-12 + +## Introduction +This document outlines the Security Policy for Wazuh's open source projects. It emphasizes our commitment to maintain a secure environment for our users and contributors, and reflects our belief in the power of collaboration to identify and resolve security vulnerabilities. + +## Scope +This policy applies to all open source projects developed, maintained, or hosted by Wazuh. + +## Reporting Security Vulnerabilities +If you believe you've discovered a potential security vulnerability in one of our open source projects, we strongly encourage you to report it to us responsibly. + +Please submit your findings as security advisories under the "Security" tab in the relevant GitHub repository. Alternatively, you may send the details of your findings to [security@wazuh.com](mailto:security@wazuh.com). + +## Vulnerability Disclosure Policy +Upon receiving a report of a potential vulnerability, our team will initiate an investigation. If the reported issue is confirmed as a vulnerability, we will take the following steps: + +1. Acknowledgment: We will acknowledge the receipt of your vulnerability report and begin our investigation. +2. Validation: We will validate the issue and work on reproducing it in our environment. +3. Remediation: We will work on a fix and thoroughly test it +4. Release & Disclosure: After 90 days from the discovery of the vulnerability, or as soon as a fix is ready and thoroughly tested (whichever comes first), we will release a security update for the affected project. We will also publicly disclose the vulnerability by publishing a CVE (Common Vulnerabilities and Exposures) and acknowledging the discovering party. +5. Exceptions: In order to preserve the security of the Wazuh community at large, we might extend the disclosure period to allow users to patch their deployments. + +This 90-day period allows for end-users to update their systems and minimizes the risk of widespread exploitation of the vulnerability. + +## Automatic Scanning +We leverage GitHub Actions to perform automated scans of our supply chain. These scans assist us in identifying vulnerabilities and outdated dependencies in a proactive and timely manner. + +## Credit +We believe in giving credit where credit is due. If you report a security vulnerability to us, and we determine that it is a valid vulnerability, we will publicly credit you for the discovery when we disclose the vulnerability. If you wish to remain anonymous, please indicate so in your initial report. + +We do appreciate and encourage feedback from our community, but currently we do not have a bounty program. We might start bounty programs in the future. + +## Compliance with this Policy +We consider the discovery and reporting of security vulnerabilities an important public service. We encourage responsible reporting of any vulnerabilities that may be found in our site or applications. + +Furthermore, we will not take legal action against or suspend or terminate access to the site or services of those who discover and report security vulnerabilities in accordance with this policy because of the fact. + +We ask that all users and contributors respect this policy and the security of our community's users by disclosing vulnerabilities to us in accordance with this policy. + +## Changes to this Security Policy +This policy may be revised from time to time. Each version of the policy will be identified at the top of the page by its effective date. + +If you have any questions about this Security Policy, please contact us at [security@wazuh.com](mailto:security@wazuh.com) diff --git a/VERSION b/VERSION new file mode 100644 index 00000000..28cbf7c0 --- /dev/null +++ b/VERSION @@ -0,0 +1 @@ +5.0.0 \ No newline at end of file diff --git a/build.gradle b/build.gradle index dfedc2f9..2cfbb31a 100644 --- a/build.gradle +++ b/build.gradle @@ -67,7 +67,7 @@ def usingMultiNode = project.properties.containsKey('numNodes') check.dependsOn jacocoTestReport opensearchplugin { - name 'opensearch-reports-scheduler' + name 'wazuh-indexer-reports-scheduler' description 'Scheduler for Dashboards Reports Plugin' classname "org.opensearch.reportsscheduler.ReportsSchedulerPlugin" extendedPlugins = ['opensearch-job-scheduler'] @@ -77,9 +77,9 @@ publishing { publications { pluginZip(MavenPublication) { publication -> pom { - name = 'opensearch-reports-scheduler' + name = 'wazuh-indexer-scheduler' description = 'Scheduler for Dashboards Reports Plugin' - groupId = "org.opensearch.plugin" + groupId = "com.wazuh.plugin" licenses { license { name = 'The Apache License, Version 2.0' @@ -91,6 +91,10 @@ publishing { name = 'OpenSearch' url = 'https://github.com/opensearch-project/reporting' } + developer { + name = 'Wazuh' + url = 'https://github.com/wazuh/wazuh-indexer-reporting' + } } } } diff --git a/settings.gradle b/settings.gradle index 65cef7a2..aa3179ce 100644 --- a/settings.gradle +++ b/settings.gradle @@ -3,5 +3,5 @@ * SPDX-License-Identifier: Apache-2.0 */ -rootProject.name = 'opensearch-reports-scheduler' +rootProject.name = 'wazuh-indexer-reports-scheduler'