Thanks Santiago! These are great.
How can I import this dashboard into an existing Kibana installation? Thanks, On Tuesday, January 5, 2016 at 2:14:47 PM UTC-5, Santiago Bassett wrote: > > Hi, > > the dashboards we have created can be found here: > > https://github.com/wazuh/ossec-wazuh/tree/master/extensions/kibana > > Regarding the rules, here is the repo: > > https://github.com/wazuh/ossec-rules > > When the rule is related to a PCI control, that information is included in > the groups section, for example: > > <rule id="18106" level="5"> > > <if_sid>18105</if_sid> > > <id>^529$|^530$|^531$|^532$|^533$|^534$|^535$|^536$|^537$|^539$|^4625$ > </id> > > <description>Windows Logon Failure.</description> > > <group>win_authentication_failed,pci_dss_10.2.4,pci_dss_10.2.5, > </group> > > </rule> > > > This, combined with the modified json output, allow us to create the > dashboards for PCI in Kibana. > > On the other hand we are about to publish rules/decoders for Amazon AWS > (in case you happen to use it), you can already see the work we are doing > in the development branch. > > Best > > On Tue, Jan 5, 2016 at 7:13 AM, <namobud...@gmail.com <javascript:>> > wrote: > >> I took a look and it looks great, but I was wondering if you had any >> customized dashboards or favorite OSSEC rules to share? >> >> Thanks for all the great work. >> >> >> >> On Tuesday, December 22, 2015 at 10:44:07 PM UTC-5, Santiago Bassett >> wrote: >>> >>> Hi, >>> >>> in case you are interested, we have done some work integrating OSSEC >>> with ELK (specially for those using them to be compliant with PCI DSS, not >>> sure if this is the case), including the creation of Kibana dashboards. >>> >>> We have also created a RESTful API for OSSEC that we plan to use with >>> new Kibana plugins functionality (added in version 4.2), to be able to >>> monitor/control your OSSEC deployments from Kibana (e.g agent status, >>> syscheck or rootcheck settings, agent keys, loaded rules...) >>> >>> See more info in our website at: >>> http://documentation.wazuh.com/en/latest/ossec_elk.html >>> >>> Best regards, >>> >>> Santiago. >>> >>> On Thu, Dec 17, 2015 at 8:24 AM, <namobud...@gmail.com> wrote: >>> >>>> I've been tasked with tuning OSSEC. >>>> >>>> I've wondering if there is a general guideline or process. We have >>>> OSSEC feeding into ELK stack. What are folks thoughts on tuning vs. coming >>>> up with better Kibana hunting searches? >>>> >>>> Thanks! >>>> >>>> -- >>>> >>>> --- >>>> You received this message because you are subscribed to the Google >>>> Groups "ossec-list" group. >>>> To unsubscribe from this group and stop receiving emails from it, send >>>> an email to ossec-list+...@googlegroups.com. >>>> For more options, visit https://groups.google.com/d/optout. >>>> >>> >>> -- >> >> --- >> You received this message because you are subscribed to the Google Groups >> "ossec-list" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to ossec-list+...@googlegroups.com <javascript:>. >> For more options, visit https://groups.google.com/d/optout. >> > > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
