Jean - I'm not sure if this fits your use case or not, but we run Security Onion (SO) and PacketFence (PF) on our network and have them work together.
SO comes with the ELK stack built in. I am currently using Elastalert (part of Elasticsearch) to trigger security events in PF via its API. I currently have alerts based on IDS signatures and Palo Alto traffic data (mainly URL Filtering alerts). I do use Wazuh, but am not currently triggering any PF security events based on its data. SO has the Wazuh manager installed by default and you can easily add Wazuh agents to systems on your network. This may be worth a look (unless I'm completely missing what your goal is...). Max -- Max McGrath <http://www.linkedin.com/in/max-mcgrath-a299124b> Infrastructure and Security Manager Carthage College 262-551-6666 mmcgr...@carthage.edu On Sat, Apr 11, 2020 at 9:57 PM Jean Matar via PacketFence-users < packetfence-users@lists.sourceforge.net> wrote: > Hello all ! > > My name is jean and i am a cyber security master's student. as a project > we were assigned the task of checking if we could integrate wazuh ( > https://wazuh.com/ > <https://urldefense.com/v3/__https://wazuh.com/__;!!DWqe1SB0EKY-!Z6B5xvB5nrnU325utUAQu4RUyj7a8DJTkVKJieSxLBqrwX3BCpagk0QVOM1vUXkqBVw$>), > Wazuh is a free, open source and enterprise-ready security monitoring > solution for threat detection, integrity monitoring, incident response and > compliance.) with packet fence as a way to check for anomalies on a device > upon registration , and for corrective actions from the siem solution on to > packet fence. > > Does anyone have any information regarding the matter and if it is > possible ? > > Any help is much appreciated ! > > Thank you for your assistance > > Regards > _______________________________________________ > PacketFence-users mailing list > PacketFence-users@lists.sourceforge.net > > https://urldefense.com/v3/__https://lists.sourceforge.net/lists/listinfo/packetfence-users__;!!DWqe1SB0EKY-!Z6B5xvB5nrnU325utUAQu4RUyj7a8DJTkVKJieSxLBqrwX3BCpagk0QVOM1v6RflQMA$ >
_______________________________________________ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
