Remove VirusTotal

wazuh · Oct 3, 2024 · ed1dbb4 · ed1dbb4
1 parent dd205d9
commit ed1dbb4
Show file tree

Hide file tree

Showing 37 changed files with 84 additions and 1,695 deletions.
diff --git a/plugins/main/README.md b/plugins/main/README.md
@@ -26,7 +26,6 @@ the Wazuh Indexer. The plugin provides the following capabilities:
   - Threat Detection and Response
     - Vulnerabilities: Discover what applications in your environment are affected by well-known vulnerabilities.
     - MITRE ATT&CK: Explore security alerts mapped to adversary tactics and techniques for better threat understanding.
-    - VirusTotal: Alerts resulting from VirusTotal analysis of suspicious files via an integration with their API.
     - Osquery: Osquery can be used to expose an operating system as a high-performance relational database.
     - Docker listener: Monitor and collect the activity from Docker containers such as creation, running, starting, stopping or pausing events.
   - Regulatory Compliance

diff --git a/plugins/main/common/constants.ts b/plugins/main/common/constants.ts
@@ -243,8 +243,6 @@ export const DATA_SOURCE_FILTER_CONTROLLED_MITRE_ATTACK_RULE =
   'mitre-attack-rule';
 export const DATA_SOURCE_FILTER_CONTROLLED_MITRE_ATTACK_RULE_ID =
   'hidden-mitre-attack-rule-id';
-export const DATA_SOURCE_FILTER_CONTROLLED_VIRUSTOTAL_RULE_GROUP =
-  'virustotal-rule-group';
 export const DATA_SOURCE_FILTER_CONTROLLED_GOOGLE_CLOUD_RULE_GROUP =
   'gcp-rule-group';
 export const DATA_SOURCE_FILTER_CONTROLLED_MALWARE_DETECTION_RULE_GROUP =

diff --git a/plugins/main/common/wazuh-modules.ts b/plugins/main/common/wazuh-modules.ts
@@ -99,12 +99,6 @@ export const WAZUH_MODULES = {
     description:
       'Security events related to your Google Cloud Platform services, collected directly via GCP API.', // TODO GCP
   },
-  virustotal: {
-    title: 'VirusTotal',
-    appId: 'virustotal',
-    description:
-      'Alerts resulting from VirusTotal analysis of suspicious files via an integration with their API.',
-  },
   mitre: {
     title: 'MITRE ATT&CK',
     appId: 'mitre-attack',

diff --git a/plugins/main/public/components/add-modules-data/sample-data.tsx b/plugins/main/public/components/add-modules-data/sample-data.tsx
@@ -37,7 +37,6 @@ import {
   malwareDetection,
   mitreAttack,
   office365,
-  virustotal,
   vulnerabilityDetection,
 } from '../../utils/applications';
 
@@ -51,7 +50,6 @@ const sampleSecurityInformationApplication = [
 
 const sampleThreatDetectionApplication = [
   vulnerabilityDetection.title,
-  virustotal.title,
   docker.title,
   mitreAttack.title,
 ];

diff --git a/plugins/main/public/components/common/data-source/pattern/alerts/index.ts b/plugins/main/public/components/common/data-source/pattern/alerts/index.ts
@@ -8,7 +8,6 @@ export * from './docker';
 export * from './malware-detection';
 export * from './vulnerabilities';
 export * from './hipaa';
-export * from './virustotal';
 export * from './nist-800-53';
 export * from './mitre-attack';
 export * from './pci-dss';

diff --git a/plugins/main/public/components/common/data-source/pattern/alerts/virustotal/index.ts b/plugins/main/public/components/common/data-source/pattern/alerts/virustotal/index.ts
diff --git a/.../public/components/common/data-source/pattern/alerts/virustotal/virustotal-data-source.ts b/.../public/components/common/data-source/pattern/alerts/virustotal/virustotal-data-source.ts
diff --git a/plugins/main/public/components/common/modules/modules-defaults.tsx b/plugins/main/public/components/common/modules/modules-defaults.tsx
@@ -38,7 +38,6 @@ import { gdprColumns } from '../../overview/gdpr/events/gdpr-columns';
 import { tscColumns } from '../../overview/tsc/events/tsc-columns';
 import { githubColumns } from '../../overview/github/events/github-columns';
 import { mitreAttackColumns } from '../../overview/mitre/events/mitre-attack-columns';
-import { virustotalColumns } from '../../overview/virustotal/events/virustotal-columns';
 import { malwareDetectionColumns } from '../../overview/malware-detection/events/malware-detection-columns';
 import { WAZUH_VULNERABILITIES_PATTERN } from '../../../../common/constants';
 import {
@@ -55,7 +54,6 @@ import {
   DashboardAWS,
   DashboardOffice365,
   DashboardThreatHunting,
-  DashboardVirustotal,
   DashboardGoogleCloud,
   DashboardVuls,
   InventoryVuls,
@@ -64,7 +62,6 @@ import {
   DockerDataSource,
   AlertsVulnerabilitiesDataSource,
   AWSDataSource,
-  VirusTotalDataSource,
   FIMDataSource,
   GitHubDataSource,
   MalwareDetectionDataSource,
@@ -311,21 +308,6 @@ export const ModulesDefaults = {
     ],
     availableFor: ['manager', 'agent'],
   },
-  virustotal: {
-    tabs: [
-      {
-        id: 'dashboard',
-        name: 'Dashboard',
-        buttons: [ButtonExploreAgent, ButtonModuleGenerateReport],
-        component: DashboardVirustotal,
-      },
-      renderDiscoverTab({
-        tableColumns: virustotalColumns,
-        DataSource: VirusTotalDataSource,
-      }),
-    ],
-    availableFor: ['manager', 'agent'],
-  },
   docker: {
     init: 'dashboard',
     tabs: [

diff --git a/plugins/main/public/components/overview/index.ts b/plugins/main/public/components/overview/index.ts
@@ -12,5 +12,4 @@ export { DashboardPCIDSS } from './pci/dashboards';
 export { DashboardOffice365 } from './office/dashboard';
 export { DashboardThreatHunting } from './threat-hunting/dashboard';
 export { DashboardTSC } from './tsc/dashboards';
-export { DashboardVirustotal } from './virustotal/dashboard';
 export { DashboardVuls, InventoryVuls } from './vulnerabilities';
diff --git a/plugins/main/public/components/overview/virustotal/dashboard/dashboard.tsx b/plugins/main/public/components/overview/virustotal/dashboard/dashboard.tsx