Wazuh Core Plugin API

The Wazuh Core plugin provides shared services, configuration management, security utilities, and API client functionality used by all other Wazuh plugins.

Plugin Class

WazuhCorePlugin

Location: plugins/wazuh-core/public/plugin.ts:20

export class WazuhCorePlugin
  implements Plugin<WazuhCorePluginSetup, WazuhCorePluginStart>

Lifecycle Methods

setup()

Initializes core services during the setup phase. Signature:

public async setup(core: CoreSetup): Promise<WazuhCorePluginSetup>

core

CoreSetup

required

OpenSearch Dashboards core setup contract

Returns: Promise<WazuhCorePluginSetup>

configuration

Configuration

Configuration service for reading and managing plugin settings

dashboardSecurity

DashboardSecurity

Security utilities for authentication and authorization

utils

object

Utility functions

Show properties

formatUIDate

(date: Date) => string

Formats a Date object for UI display

API_USER_STATUS_RUN_AS

object

Constants for run_as API user statuses

SettingsValidator

class

Validation utilities for settings

Example:

export class MyPlugin implements Plugin {
  public setup(core: CoreSetup, plugins: { wazuhCore: WazuhCorePluginSetup }) {
    // Access configuration
    const config = plugins.wazuhCore.configuration;
    
    // Use dashboard security
    const security = plugins.wazuhCore.dashboardSecurity;
    
    // Use utilities
    const formatted = plugins.wazuhCore.utils.formatUIDate(new Date());
  }
}

start()

Activates services during the start phase. Signature:

public async start(core: CoreStart): Promise<WazuhCorePluginStart>

core

CoreStart

required

OpenSearch Dashboards core start contract

Returns: Promise<WazuhCorePluginStart>

configuration

Configuration

Active configuration service instance

dashboardSecurity

DashboardSecurity

Active security service instance

hooks

object

React hooks for UI components

Show properties

useDockedSideNav

() => boolean

Hook to detect if side navigation is docked

utils

object

Utility functions (same as setup)

Configuration Service

Manages plugin configuration from multiple sources.

Configuration

Location: plugins/wazuh-core/common/services/configuration.ts

get()

Retrieve a configuration value. Signature:

get<T = any>(settingKey: string): Promise<T>

settingKey

string

required

The setting key to retrieve

Returns: Promise<T> - The configuration value Example:

import { getWazuhCorePlugin } from './plugin-services';

const wazuhCore = getWazuhCorePlugin();

// Get index pattern
const pattern = await wazuhCore.configuration.get('pattern');
// => "wazuh-alerts-*"

// Get timeout setting
const timeout = await wazuhCore.configuration.get('timeout');
// => 20000

set()

Update a configuration value. Signature:

set(settingKey: string, value: any): Promise<void>

settingKey

string

required

The setting key to update

value

any

required

The new value

Example:

// Update timeout
await wazuhCore.configuration.set('timeout', 30000);

// Update index pattern
await wazuhCore.configuration.set('pattern', 'wazuh-alerts-4.x-*');

Common Settings

pattern

string

default:"wazuh-alerts-*"

Default index pattern for Wazuh alerts

timeout

number

default:20000

Request timeout in milliseconds

ip.selector

boolean

default:true

Enable/disable IP selector in UI

ip.ignore

string[]

default:[]

IP addresses to exclude from monitoring

logs.level

string

default:"info"

Logging level (info, debug, error)

hideManagerAlerts

boolean

default:false

Hide alerts from manager in visualizations

Dashboard Security Service

Handles authentication, authorization, and security platform detection.

DashboardSecurity

Location: plugins/wazuh-core/public/utils/dashboard-security.ts

fetchCurrentPlatform()

Detects the current security platform. Signature:

fetchCurrentPlatform(): Promise<string>

Returns: Platform identifier

platform

string

One of: ‘opensearch’, ‘xpack’, or empty string if no security

Example:

const platform = await wazuhCore.dashboardSecurity.fetchCurrentPlatform();

if (platform === 'opensearch') {
  // OpenSearch Security is active
} else if (platform === 'xpack') {
  // Elastic X-Pack security is active
}

fetchCurrentUser()

Retrieves the current authenticated user. Signature:

fetchCurrentUser(): Promise<{
  username: string,
  authContext: any
}>

Returns: User information

username

string

The username of the authenticated user

authContext

object

Additional authentication context (platform-specific)

Example:

const user = await wazuhCore.dashboardSecurity.fetchCurrentUser();
console.log(`Logged in as: ${user.username}`);

fetchCurrentUserRoles()

Retrieves roles for the current user. Signature:

fetchCurrentUserRoles(): Promise<string[]>

Returns: Promise<string[]> - Array of role names Example:

const roles = await wazuhCore.dashboardSecurity.fetchCurrentUserRoles();

if (roles.includes('administrator')) {
  // User has admin privileges
}

hasDashboardSecurity()

Checks if a security platform is enabled. Signature:

hasDashboardSecurity(): Promise<boolean>

Example:

const hasecurity = await wazuhCore.dashboardSecurity.hasDashboardSecurity();

if (!hasSecurity) {
  // Show security warning
}

Server Plugin

The server-side Core plugin provides API clients and host management.

WazuhCorePlugin (Server)

Location: plugins/wazuh-core/server/plugin.ts:28

setup() (Server)

Signature:

public async setup(
  core: CoreSetup,
  plugins: PluginSetup
): Promise<WazuhCorePluginSetup>

Returns: Server setup contract

dashboardSecurity

ISecurityFactory

Server-side security factory

configuration

IConfigurationEnhanced

Server configuration service

manageHosts

ManageHosts

API host management service

serverAPIClient

ServerAPIClient

Wazuh API client

api

object

API client interfaces

Show properties

client.asInternalUser

ServerAPIInternalUserClient

API client using internal credentials

client.asScoped

Function

Creates a scoped client for the current request user

Server API Client

Makes authenticated requests to the Wazuh API.

request() (asCurrentUser)

Make an API request as the current user. Signature:

request(
  method: string,
  path: string,
  data: any,
  options: { apiHostID: string; forceRefresh?: boolean }
): Promise<any>

method

string

required

HTTP method (GET, POST, PUT, DELETE)

path

string

required

API endpoint path

data

object

required

Request body

options.apiHostID

string

required

API host identifier

options.forceRefresh

boolean

default:false

Force token refresh

Example:

// In a route handler
router.get(
  { path: '/api/agents/summary', validate: false },
  async (context, request, response) => {
    try {
      const result = await context.wazuh_core.api.client.asCurrentUser.request(
        'GET',
        '/agents/summary/status',
        {},
        { apiHostID: 'default' }
      );
      
      return response.ok({ body: result });
    } catch (error) {
      return response.customError({
        statusCode: error.statusCode || 500,
        body: { message: error.message }
      });
    }
  }
);

authenticate()

Authenticate and retrieve an API token. Signature:

authenticate(apiHostID: string): Promise<string>

apiHostID

string

required

API host identifier

Returns: Promise<string> - Authentication token Example:

const token = await context.wazuh_core.api.client.asCurrentUser.authenticate('default');

Request Handler Context

The Core plugin extends the request handler context. Type Definition:

declare module 'opensearch_dashboards/server' {
  interface RequestHandlerContext {
    wazuh_core: {
      configuration: IConfigurationEnhanced;
      dashboardSecurity: ISecurityFactory;
      manageHosts: ManageHosts;
      serverAPIClient: ServerAPIClient;
      api: {
        client: {
          asInternalUser: ServerAPIInternalUserClient;
          asCurrentUser: ServerAPIScopedUserClient;
        };
      };
    };
  }
}

Usage:

router.get(
  { path: '/my-endpoint', validate: false },
  async (context, request, response) => {
    // Access Core services via context
    const config = context.wazuh_core.configuration;
    const security = context.wazuh_core.dashboardSecurity;
    const api = context.wazuh_core.api.client.asCurrentUser;
    
    // Make API request
    const agents = await api.request(
      'GET',
      '/agents',
      {},
      { apiHostID: 'default' }
    );
    
    return response.ok({ body: agents });
  }
);

Utilities

formatUIDate()

Formats a Date object for consistent UI display. Signature:

formatUIDate(date: Date): string

date

Date

required

Date to format

Returns: Formatted date string Example:

import { getWazuhCorePlugin } from './plugin-services';

const formatted = getWazuhCorePlugin().utils.formatUIDate(new Date());
// => "2026-03-04 10:30:45"

Hooks

useDockedSideNav()

React hook to determine if side navigation is docked. Signature:

function useDockedSideNav(): boolean

Returns: boolean - True if side nav is docked Example:

import React from 'react';
import { getWazuhCorePlugin } from './plugin-services';

function MyComponent() {
  const { useDockedSideNav } = getWazuhCorePlugin().hooks;
  const isDocked = useDockedSideNav();
  
  return (
    <div className={isDocked ? 'with-docked-nav' : 'without-docked-nav'}>
      Content
    </div>
  );
}

Constants

API_USER_STATUS_RUN_AS

Status codes for run_as API user configuration. Location: plugins/wazuh-core/common/api-user-status-run-as.ts

export const API_USER_STATUS_RUN_AS = {
  ALL_DISABLED: 0,
  USER_NOT_ALLOWED: 1,
  HOST_DISABLED: 2,
  ENABLED: 3,
} as const;

Usage:

import { API_USER_STATUS_RUN_AS } from 'plugins/wazuh-core/public';

if (status === API_USER_STATUS_RUN_AS.ENABLED) {
  // run_as is enabled
}

Main Plugin API

Main dashboard plugin reference

Configuration

Plugin configuration guide

Security

Security configuration

API Client

API console usage

Overview

Plugin APIs

Components

Plugin Class