[BUG] Malware Detection filter limited to rootcheck

[landon-lengyel]

Describe the bug
The Malware Detection section has a built in filter for rule.groups: rootcheck - This results in malware detection events being missed such as through the group windows_defender

To Reproduce
Steps to reproduce the behavior:

1. On a Windows machine with Wazuh Agent, download the EICAR test txt file.
2. Attempt to open the file, and have Microsoft Defender block the action and quarantine the file.
3. In Wazuh dashboards, navigate to: Endpoints Summary > Your Windows PC > Malware Detection OR navigate just to Malware Detection
4. You will not see the Defender event anywhere here, due to that rule.groups: rootcheck filter.

Expected behavior
windows_defender and any other possible Malware Detection groups should be included by default.
Additionally, these built in filters ideally should be overridable in this view in case you know that they aren't correct, such as with rootcheck.

OpenSearch Version
Wazuh-Indexer: 4.9.0-1

Dashboards Version
4.9.0-2

Plugins

[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]

Screenshots

Host/Environment (please complete the following information):

• OS: Debian 12 (Server) Windows 11 (Client)
• Browser and version [e.g. 22] Firefox 131.0.2

Additional context