Comments (4)
Hi @necrose99,
could you explain it in more detail?.
Thanks.
from wazuh-api.
was trying to instance elastic search etc to run additional dashboards , however easier said than done.
Yara rules and yara , malwarehouse , snorby/snort rules > wazuh molloc depends on snort rules. and snort. Suricata Nginx , php 7.1
suricata + elastic +wazuh would be a great paring , nids/siem/etc
moloch would be just an added bonus,
https://github.com/pevma/Suricata-Logstash-Templates/tree/master/Templates
https://blog.reboost.net/suricata-on-pfsense-to-elk-stack/
https://home.regit.org/2013/10/logstash-and-suricata-for-the-old-guys/
http://pevma.blogspot.com/2014/03/suricata-and-grand-slam-of-open-source.html
elastic plug-ins (migration ie auto-migrate... etc RPM bump don't want the stack going bust. ) kopf newer so far is a pain in the arse to build. i have a vm already mostly done ... however its json configs ... with dys... torture to get the to work.
http://ossec.wazuh.com/vm/ossec-vm-2.8.3.ova migrate to wazuh libs. easy enough however can rpm upgrade all but for elasticsearch no 1.x to 2.x migrate plugin is not good. ui will fail. new centos 7 vm , mount drive as readonly , copy data to vm as home/temp for configs etc. firefox settings into /etc/skel as they have the dashboards. favs. and if ldap/ad integration , SOC users ... going to be alot of users.... and for vm's i hate lvm2 as reszing is a pest and even if you do , you run out of diskspce ,
as extents on xfs/ext4 still think disk is x and not 5x larger. so just rsync of a few folder over hear or thier. 18 gig demo vm , kinda a pain...
6.9 vm cant be upgraded. least easily. (forcing 7.x rpms from dvd rpm -UVH force ends catastropicly. )
and trying to prevent security holes
hpe G E S-N e x t-G e n (SEC) so i wont say to much more.
http://www.wazuh.com/professional-services/ , hopefully we get the budget ,.....
but i'd welcome a few open templates to setup the elkstack with wazuh+Suricata at the least.
from wazuh-api.
Hi necrose99,
here we discuss issues related with the API. If you want to propose a VM with Wazuh + ELK + Suricata, the wazuh mailing list is a good option.
Anyway I recommend you to use this MV (ELK + Wazuh): http://ossec.wazuh.com/vm/Wazuh+ELK%2064-bit.ova. Then, you just have to add Suricata.
Thanks for your recommendation, we will consider it.
Regards.
from wazuh-api.
was just asking any recommends for a combined elk stack for differing instance on differing ports (no really great examples when i search for any templates... )
however seems best to separate them out , as if something goes bust , (it would also be painfull to fix and a mess of dep/hells) but a Wazuh/Suricata box would be a good go though, and could push into wazuh manager perhaps.
was trying to save vm space ip's .
however also unless i limited Moloch to capture x hours max (PCAP/Yara/snort) else it will flod virtual disk. (works Asia infra is sporty/ low bandwidth) , its mainly going to forward over to Suricata/Wazuh/greylog (somehow will need to figure) boxes, etc. have them inspect logs for any detection anomalies ... (unfortunately no defined rules for ossec/wazuh in grey-log , mainly for master logger and longer term storage )
instancing elk stack to various ports ie a wazuh view, suricata view , etc, etc... more of a pain in the arse... (Learning curve is woeful no really great examples on how )
Yara Rules/Snort & or taxiI/Stixx feeds would be a plus but noted. to fill dynamic rule conversion...
(some sort of anon wazuh sharing of data feeds.)
for now I've built a VM at home off centos core , and have added X11 gnome, and xfce , and repos .
as a base... , firewall/proxy
https://www.aanval.com/ , hmm...
from wazuh-api.
Related Issues (20)
- foo: timestamp out of range for platform time_t HOT 2
- Error with PowerShell Script for register agent.
- Wazuh could not be recovered. HOT 3
- Possible race condition with API log rotation and API calls
- Increase filesize limit HOT 1
- Add support for querying vulnerability data for agent HOT 3
- How can i get alerts from API or other method if it possible HOT 7
- /experimental/syscollector endpoint error having disconnected nodes
- API alert information HOT 2
- API mocha test results for version 3.13.2 HOT 1
- wazuh-api crash when FIPS enabled on Redhat/CentOS 7 HOT 3
- configure_api.sh does not change Kibana plugin .yml file HOT 2
- When trying to restart Agents in a Group without Agents assigned to it shows "Bad request" message. HOT 1
- issue with API? HOT 3
- Wazuh API Call - Active-Response 404 Error - Wazuh Api 4.1.5 HOT 1
- Not working endpoint wazuh-api /sca/{agent:id}/checks/{sca: id} HOT 2
- wazuh(code=exited,status=1/FAILURE)
- wazuh-manager:4.3.10 keeps restarting
- Wazuh API breaks every now and then and i cant figure out why
- How can I get Security Events Alerts through API for all agents of specific group
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from wazuh-api.