diff --git a/apps/web/messages/en.json b/apps/web/messages/en.json index 9bd5732c..91c6e8dc 100644 --- a/apps/web/messages/en.json +++ b/apps/web/messages/en.json @@ -19370,8 +19370,8 @@ "body": "需要只讀 access 或脫敏 owner export;不能用猜測或舊截圖補成綠燈。" }, "dashboardApi": { - "title": "儀表板讀取層仍退化", - "body": "已儲存 API、權限、速率限制與憑證信任都要有脫敏修復讀回。" + "title": "儀表板 API 連線仍卡住", + "body": "目前 Dashboard 可進入,alerts、monitoring、statistics index pattern 已通過;但 API connection 未完成,API version 尚未驗證,所以仍不能宣稱 Wazuh 可用或代理清單已恢復。" }, "repairBoundary": { "title": "修復動作要另走維護閘門", diff --git a/apps/web/messages/zh-TW.json b/apps/web/messages/zh-TW.json index 9bd5732c..91c6e8dc 100644 --- a/apps/web/messages/zh-TW.json +++ b/apps/web/messages/zh-TW.json @@ -19370,8 +19370,8 @@ "body": "需要只讀 access 或脫敏 owner export;不能用猜測或舊截圖補成綠燈。" }, "dashboardApi": { - "title": "儀表板讀取層仍退化", - "body": "已儲存 API、權限、速率限制與憑證信任都要有脫敏修復讀回。" + "title": "儀表板 API 連線仍卡住", + "body": "目前 Dashboard 可進入,alerts、monitoring、statistics index pattern 已通過;但 API connection 未完成,API version 尚未驗證,所以仍不能宣稱 Wazuh 可用或代理清單已恢復。" }, "repairBoundary": { "title": "修復動作要另走維護閘門", diff --git a/apps/web/src/app/[locale]/iwooos/page.tsx b/apps/web/src/app/[locale]/iwooos/page.tsx index 5038348a..592644e6 100644 --- a/apps/web/src/app/[locale]/iwooos/page.tsx +++ b/apps/web/src/app/[locale]/iwooos/page.tsx @@ -2369,7 +2369,7 @@ const wazuhManagedHostCoverageItems: WazuhManagedHostCoverageItem[] = [ { key: 'coreTransport', check: 'HC-2', state: '2 有連線', icon: Activity, tone: 'warn' }, { key: 'devGap', check: 'HC-3', state: '1 無連線', icon: FileWarning, tone: 'locked' }, { key: 'blockedReadback', check: 'HC-4', state: '3 待讀回', icon: SearchCheck, tone: 'warn' }, - { key: 'dashboardApi', check: 'HC-5', state: '讀取退化', icon: Radar, tone: 'warn' }, + { key: 'dashboardApi', check: 'HC-5', state: 'API 卡住', icon: Radar, tone: 'warn' }, { key: 'repairBoundary', check: 'HC-6', state: '需獨立維護窗', icon: ClipboardCheck, tone: 'locked' }, ] as const @@ -2381,6 +2381,12 @@ const wazuhManagedHostCoverageBoundaries = [ 'wazuh_managed_host_coverage_ssh_readback_blocked_count=3', 'wazuh_managed_host_coverage_manager_registry_accepted_count=0', 'wazuh_managed_host_coverage_dashboard_api_degraded_observed_count=1', + 'wazuh_managed_host_coverage_dashboard_startup_check_observed=true', + 'wazuh_managed_host_coverage_dashboard_api_connection_ok_count=0', + 'wazuh_managed_host_coverage_dashboard_api_version_ok_count=0', + 'wazuh_managed_host_coverage_dashboard_index_pattern_ok_count=3', + 'wazuh_managed_host_coverage_dashboard_api_connection_check_status=pending_or_spinning', + 'wazuh_managed_host_coverage_dashboard_api_version_check_status=not_verified', 'wazuh_managed_host_coverage_live_metadata_env_enabled_count=0', 'wazuh_managed_host_coverage_runtime_gate_count=0', 'wazuh_agent_reenroll_authorized=false', diff --git a/docs/LOGBOOK.md b/docs/LOGBOOK.md index 85023137..8c9838dc 100644 --- a/docs/LOGBOOK.md +++ b/docs/LOGBOOK.md @@ -1,3 +1,23 @@ +## 2026-06-25|Wazuh Dashboard API 啟動檢查退化納入 Gate + +**背景**:最新 Wazuh Dashboard 畫面顯示 Dashboard 本身可進入,`alerts`、`monitoring`、`statistics` index pattern 已通過;但 `Check API connection` 仍停在等待 / 旋轉狀態,`Check API version` 尚未驗證。這代表 Wazuh Dashboard 可見與索引可讀,不能被誤報為 Manager API 已通、agent registry 已恢復或 Wazuh 全主機納管完成。 + +**本輪更新**: +- `docs/security/wazuh-agent-visibility-runtime-gate.snapshot.json` 新增 dashboard startup check 欄位:API connection `pending_or_spinning`、API version `not_verified`、index pattern ok `3`、API connection ok `0`、API version ok `0`。 +- `scripts/security/wazuh-agent-visibility-runtime-gate.py` 加嚴檢查上述狀態,避免後續把 Dashboard 可見改成假綠。 +- `/zh-TW/iwooos` 的 Wazuh 主機納管覆蓋 Gate 將 `HC-5` 改為 `API 卡住`,並在邊界鍵值顯示 startup check 與 index pattern 狀態。 +- `apps/web/messages/en.json` 繼續與 `zh-TW.json` 維持繁中鏡像。 + +**完成度**: +- Wazuh Dashboard startup check 納管:`100%` source-side。 +- Dashboard index pattern readback:`3 / 3`。 +- Dashboard API connection accepted:`0%`。 +- Dashboard API version accepted:`0%`。 +- Wazuh manager registry accepted:`0%`。 +- runtime gate / host write / active response / agent reenroll / restart / secret patch:`0%`。 + +**邊界**:本輪只根據使用者提供的畫面做脫敏狀態建模與 repo-side guard;沒有保存截圖、沒有公開內網位址、沒有讀 Wazuh secret、沒有查 Wazuh manager live API、沒有 SSH、沒有重啟 Wazuh、沒有修改 Nginx / firewall / Docker / K8s,也沒有 active scan 或 active response。 + ## 2026-06-25|IwoooS 資安作戰系統 source-side 補強 **背景**:IwoooS 已有資產總帳、外部入侵防堵矩陣、SOC / SIEM / Kali / Wazuh 整合矩陣與 Wazuh route / registry no-false-green gate,但仍需要一份更高層的作戰系統,把業界主流框架、即時危害分流、告警訊息合約、AI 自動化閉環、跨 session 同步與停止線固定成同一個可驗證 program。 diff --git a/docs/security/wazuh-agent-visibility-runtime-gate.snapshot.json b/docs/security/wazuh-agent-visibility-runtime-gate.snapshot.json index 8727b12b..4e5e5700 100644 --- a/docs/security/wazuh-agent-visibility-runtime-gate.snapshot.json +++ b/docs/security/wazuh-agent-visibility-runtime-gate.snapshot.json @@ -15,6 +15,15 @@ "agent_transport_connected_observed": true, "manager_transport_established_connection_count": 6, "dashboard_api_degraded_observed": true, + "dashboard_startup_check_observed": true, + "dashboard_api_connection_check_status": "pending_or_spinning", + "dashboard_api_version_check_status": "not_verified", + "dashboard_alerts_index_pattern_check_status": "ok", + "dashboard_monitoring_index_pattern_check_status": "ok", + "dashboard_statistics_index_pattern_check_status": "ok", + "dashboard_index_pattern_ok_count": 3, + "dashboard_api_connection_ok_count": 0, + "dashboard_api_version_ok_count": 0, "dashboard_stored_api_unreachable_observed": true, "dashboard_api_login_500_observed": true, "dashboard_api_rate_limited_observed": true, @@ -54,6 +63,11 @@ "status": "degraded_current_observed", "evidence": "dashboard plugin 在 stored API、login、API check 與 TLS client trust 路徑觀察到 400、429、500 與權限錯誤", "completion_percent": 70 + }, + "dashboard_startup_check": { + "status": "api_connection_pending_index_patterns_ok", + "evidence": "Dashboard 啟動畫面可見且 alerts、monitoring、statistics index pattern 已通過;API connection 仍未完成,API version 尚未驗證", + "completion_percent": 45 } }, "registry_counts": { @@ -73,6 +87,7 @@ "wazuh_api_run_as_or_internal_user_permission_mismatch", "dashboard_api_check_rate_limited", "dashboard_tls_client_trust_mismatch", + "dashboard_frontend_index_patterns_ok_but_manager_api_check_pending", "manager_registry_read_permission_missing_for_current_readonly_user" ], "required_evidence_before_green": [ @@ -105,6 +120,9 @@ "required_fields": [ "stored_api_status", "api_check_status", + "api_connection_check_status", + "api_version_check_status", + "index_pattern_check_statuses", "rate_limit_status", "tls_trust_status" ], diff --git a/scripts/security/wazuh-agent-visibility-runtime-gate.py b/scripts/security/wazuh-agent-visibility-runtime-gate.py index ac80c3aa..46db7bfc 100644 --- a/scripts/security/wazuh-agent-visibility-runtime-gate.py +++ b/scripts/security/wazuh-agent-visibility-runtime-gate.py @@ -153,6 +153,48 @@ def validate(root: Path) -> None: "wazuh_agent_visibility_runtime_gate.dashboard_api_degraded_observed", snapshot.get("dashboard_api_degraded_observed"), ) + assert_true( + "wazuh_agent_visibility_runtime_gate.dashboard_startup_check_observed", + snapshot.get("dashboard_startup_check_observed"), + ) + assert_equal( + "wazuh_agent_visibility_runtime_gate.dashboard_api_connection_check_status", + snapshot.get("dashboard_api_connection_check_status"), + "pending_or_spinning", + ) + assert_equal( + "wazuh_agent_visibility_runtime_gate.dashboard_api_version_check_status", + snapshot.get("dashboard_api_version_check_status"), + "not_verified", + ) + assert_equal( + "wazuh_agent_visibility_runtime_gate.dashboard_alerts_index_pattern_check_status", + snapshot.get("dashboard_alerts_index_pattern_check_status"), + "ok", + ) + assert_equal( + "wazuh_agent_visibility_runtime_gate.dashboard_monitoring_index_pattern_check_status", + snapshot.get("dashboard_monitoring_index_pattern_check_status"), + "ok", + ) + assert_equal( + "wazuh_agent_visibility_runtime_gate.dashboard_statistics_index_pattern_check_status", + snapshot.get("dashboard_statistics_index_pattern_check_status"), + "ok", + ) + assert_equal( + "wazuh_agent_visibility_runtime_gate.dashboard_index_pattern_ok_count", + snapshot.get("dashboard_index_pattern_ok_count"), + 3, + ) + assert_zero( + "wazuh_agent_visibility_runtime_gate.dashboard_api_connection_ok_count", + snapshot.get("dashboard_api_connection_ok_count"), + ) + assert_zero( + "wazuh_agent_visibility_runtime_gate.dashboard_api_version_ok_count", + snapshot.get("dashboard_api_version_ok_count"), + ) for key in [ "dashboard_stored_api_unreachable_observed", "dashboard_api_login_500_observed", @@ -193,6 +235,8 @@ def main() -> None: f"registry=0 route={snapshot['production_route_http_status']} " f"transport={snapshot['manager_transport_established_connection_count']} " f"dashboard_degraded={int(snapshot['dashboard_api_degraded_observed'])} " + f"api_connection={snapshot['dashboard_api_connection_check_status']} " + f"index_ok={snapshot['dashboard_index_pattern_ok_count']} " f"runtime_gate={snapshot['runtime_gate_count']}" )