Could I change the UI of wazuh app by replacing Kibana with my own UI?

Question

I'm trying to replace Kibana with my own custom UI and use it with wazuh app...is that possible? and how? I build my UI and try to look for the endpoint that's Kibana call to fetch the data but its very hard to locates them and I think Kibana makes the data for its own charts and because of that I couldn't find the endpoints. and for now I cant even do the login method and nothing work. could someone help me with a proper way to do this?

Please edit the question to limit it to a specific problem with enough detail to identify an adequate answer. — MD. RAKIB HASAN, Dec 22 '21 at 08:56

score 0 · Answer 1 · answered Dec 13 '21 at 13:42

I Assume that what You are trying to do is to create a new UI from scratch without using Kibana's graphics and visualizations, correct?

It is important that you understand correctly the Wazuh Architecture:

Each Endpoint (Agent) sends information back to the Server(s)/Cluster
The cluster analyses the information received, and sends it over to Elasticsearch cluster for further analysis and indexing.
The Wazuh Kibana UI (WUI) gets data from Elasticsearch using the API to create the visualizations and show them to the user.

The data is not stored in Kibana, but in Elasticsearch. If you've installed ES on Linux, the default data folder is in /var/lib/elasticsearch (CentOS) or /var/lib/elasticsearch/data (Ubuntu).

Going back to your question:

In case that you want to ditch kibana altogether, What you could do is make calls to the Wazuh API to retrieve the information stored and then generate your own graphics and visualizations.

If you want, also you can create your own custom Kibana Visualizations and embed them in any site you want as an iframe

Another possible way is to create your own custom Kibana App by modyfing downloading the WUI repository and modify it's look to suit your needs.

Thank you very much for your answer and its helpful to me... In the first option of ditching Kibana altogether, is there is a way to locate the endpoints Kibana use to get its data from elastic search ? In the second option I think using iframe isn't secure and will have many issues in CORS policies... The third option is there and documentation to run Wazuh Kibana app locally in development mode ? and thanks again for your answers — Jaf Dev, Dec 14 '21 at 08:32
For the 1st option, I think the easiest way, would be to download the Repo of the Wazuh Kibana App, that is linked in the third option, and look at the code from there. The same repo has the options and stuff needed to go for the 3rd option. There's info on how to run it for development in the repo's wiki. — Andres Micalizzi, Dec 15 '21 at 11:25

Could I change the UI of wazuh app by replacing Kibana with my own UI?

1 Answers1