Compatibility with Splunk 9.x

[gdiazlo]

Description

There is a new Splunk version released in the summer of 2022, Splunk 9. Currently, our application only supports 8.x versions. We will evaluate if we can support Splunk 9.x.

For that, we need to:

• Review Splunk's latest stable changelog.
• Identify improvements and potential impact on the UI.
• Develop a testing environment to verify our components would work under this new build.
• Execute a regression test to detect additional problems.

Splunk 9.0 Release Notes

Related issues:

• Splunk has deprecated HTML dashboards. Wazuh app Dashboards migration to Splunk Dashboard Studio format  #1378

Issues

• List here the detected issues
• TypeError: Cannot read properties of null (reading 'off') #1381

[yenienserrano]

The tests with the installation of Wazuh 4.3.9, it can be said that the app works correctly, I found an error that happens in previous versions of Splunk but does not break the application.

[yenienserrano]

I share evidence of wazuh working in Splunk 9.0.1:

Screenshots:

Overview

Security events

FIM

without information

with information

Vulnerabilities

HIPAA

Management

Rules

Agents

Overview agent

Dev tools

Security

configuration/API

[Mayons95]

I connected a new agent for ubuntu 22.04, and also I enabled all the modules on the ossec.config file to check if all the Wazuh modules are working as expected.

Screencast.from.31-10-22.14.47.40.webm

Screencast.from.31-10-22.14.48.26.webm

Screencast.from.31-10-22.14.50.40.webm

Screencast.from.31-10-22.14.51.58.webm

Screencast.from.31-10-22.14.53.48.webm

[AlexRuiz7]

All checks have passed