I am extracting reports from Openvas through vulnwhisperer and I would like to view it on my kibana dashboard. I have the configuration file provided by vulnwhisperer which is kibana.json. Could anyone please tell me how can I import it into kibana so that I can get a out of the box vizualization of vulnwhisperer in kibana. I really need your help guys. Thank you so much in advance. I am using elasticsearch and kibana version 7.8.0. Please let me know if you need any other information. Thanks.
I suppose you are referring to this file: https://github.com/HASecuritySolutions/VulnWhisperer/blob/master/resources/elk6/kibana.json ?
Go to Mangement > Saved Objects and use the "Import" button there.
Hello @flash1293. Thank you for your response. Yes, I am talking about that exact file. However, there is another file called kibana_APIonly.json. Which one should I import? Thanks again for your help.
Another thing is although I inserted the logstash-vulnwhisperer-template_elk7.json template to the elasticsearch with the following command:
cat logstash-vulnwhisperer-template_elk7.json | curl -XPUT 'https://:9200/_template/logstash' -u username:password -k -H 'Content-Type: application/json' -d @-
But when I go to saved objects and suppose open the VulnWhisperer - Reporting, it gives the following error:
[timelion_vis] > Timelion request error: undefined Error: in cell #1: Elasticsearch index not found: logstash-vulnwhisperer-*
Could you please tell me what I might be missing?? Thank a ton again.
@flash1293 Hi, I just deleted the logstash-vulnwhisperer-* from the index pattern in the kibana dashboard. and then tried to put it back with the previous command. But now it does not show the logstash-vulnwhisperer-* index.
I just tried to follow the instruction step in the following link:
But when I tried to create an index pattern called logstash-*, it says The index pattern you've entered doesn't match any indices. You can match any of your 37 indices , below. And the next step button is disabled. Please help me to fix it. Thank you
It seems like you can get better help by asking for help either in the VUlnWhisperer GH repo or the forum (if it exists) - it seems like there is some problem in the instructions you are working with.
In general the stuff you posted here looks like the data didn't get ingested correctly in the Elastic stack.
Thank you for your response @flash1293. But could you please tell me that why I can see the logstash pattern when I run GET cat/templates?v in the dev tools as follows:
name index_patterns order version composed_of
wazuh-agent [wazuh-monitoring-3.x-] 0
logstash [logstash-vulnwhisperer-] 0
tenant_template [.kibana-_, .kibana_0*, .kibana_1, .kibana_2, .kibana_3, .kibana_4, .kibana_5, .kibana_6, .kibana_7, .kibana_8, .kibana_9] 0
wazuh [wazuh-alerts-3.x-, wazuh-archives-3.x-*] 0 1
But I do not see logstash-vulnwhisperer-* in my index patterns in kibana. But I see wazuh-alerts-3.x-* and wazuh-monitoring-3.x-*. Please help. Thank you so much.
Kibana index patterns and Elasticsearch templates are two different things. It seems like in your case something created the template in Elasticsearch to ingest data, but as no data has been ingested so far, Kibana doesn't know about it
Ok, thank you so much. Now, its much clear to me. Thank you so much for the explanation @flash1293