Setting up Elasticsearch time-based indices

When you use Wazuh’s default configuration for the Elastic Stack (by following the installation guide) alerts are indexed in elasticsearch with the following naming convention:

This means you are not only specifying an index name, but also defining daily indices for your alerts.

This behaviour is laid out in the Logstash configuration file:

The pipeline’s output specifies the index name the alert will end up belonging to.

Logstash takes care of creating the index in case it is not present in elasticsearch.

To […]

By |November 23rd, 2018|0 Comments

How to integrate external software using Integrator

Integrator is a tool which easily connects Wazuh with external software. This is achieved by integrating the alert system with the APIs of the software products through scripts. Examples of this are the current integrations with Virustotal, Slack or PagerDuty.

In this article, we will learn how to configure Wazuh to communicate with external APIs. In addition, we will show how a script should be prepared to process alerts as required.

To illustrate this process, we will develop a basic integration with the Jira planning tool, creating an issue in its system with each file integrity monitoring alert produced by Syscheck.

Integration component […]

By |November 23rd, 2018|0 Comments

Wazuh 3.7.0 released!

Learn more about the newest features available on Wazuh 3.7.0, including Azure and Docker integration, multiple groups assignment, and more.

By |November 10th, 2018|0 Comments

Monitoring AWS environments with Wazuh

Introduction

AWS integration has been improved greatly in our latest release, Wazuh v3.6.1. We have both enhanced logs retrieved from S3 buckets as well as added support for additional AWS security services such as GuardDuty, Macie, and VPCFlow. Combining the information from these additional sources, Wazuh’s ability to monitor an AWS environment is stronger than ever before.

In this blog post, we will discuss how AWS provides useful tools to monitor a cloud environment and how Wazuh can incorporate all of the logs and findings (generated by Amazon GuardDuty when it detects a potentially malicious activity) from these tools directly into Wazuh […]

By |September 28th, 2018|0 Comments

Get ready for GDPR

Lately, not only the tech and related communities, but also pretty much everyone else has heard of GDPR, the new standards for security compliance.

GDPR (General Data Protection Regulation) has been drawn up to make privacy legislation consistant throughout Europe, with its main focus on providing data protection for all citizens in the European Union.

To this end, it seeks to increase the privacy of such data and to reform the way in which EU organizations approach data privacy.

As we can see, this regulation has significant impact in today’s world as personal information is vital […]

By |June 7th, 2018|0 Comments

Wazuh v3.2 released!

We are excited to announce the new version Wazuh v3.2. It comes with added features that improve some core capabilities for infrastructure security monitoring. The WUI has been enhanced too. Now it shows additional information regarding the configuration of the agents and including the latest features. Also, the team has worked on the WUI usability, resulting in a nicer user experience. Don’t miss the highlights below:

1. Vulnerability detection

With Wazuh v3.1 we integrated Vuls (vulnerability scanner) to perform vulnerabilities analysis. Now, this feature is supported natively (no need to use vuls integration anymore). In this version, agents are capable of reporting applications […]

By |February 14th, 2018|0 Comments

Wazuh v3.0 released!

Hi everyone,

We are very pleased to announce the release of Wazuh v3.0. We also would like to take this opportunity to appreciate the constant feedback received from our community, which is of great help for the development of the project.

Wazuh v3.0 comes with new features that, basically, improve all the components of Wazuh, including the core capabilities, the API and the Wazuh app for Kibana. Also, reported bugs have been fixed.

A brief summary of the new features can be found below. In addition, you can find more details in our release notes and changelog file.

The highlights of this […]

By |December 13th, 2017|0 Comments

Wazuh v2.1.0 released!

Today we are pleased to announce the release of Wazuh v2.1.0. We have added new features and fixed several bugs.

You can find all the details in our release notes and changelog file. Additionally, here is brief explanation of the new features:

Agent anti flood protection

Agents now include a mechanism to control event floods, avoiding outages, dropping events, or impact in network performance. We have seen in the past that, without any throughput control, an agent could get to collect and send incredibly high number of events per second (EPS), leading to unexpected outages or undesired situations.

For example, if an agent is reading noisy firewall […]

By |August 17th, 2017|0 Comments

Wazuh v2.0.1 released! Includes new rules for Docker, Jenkins, MongoDB, AWS S3, Windows Defender and more.

I am happy to announce that Wazuh v2.0.1 has just been released!

As many of you already know, we released Wazuh v2.0 back in April this year. It included the integration of our forked version of OSSEC with OpenSCAP and Elastic Stack 5. In addition, we improved some core capabilities for infrastructure security monitoring, and developed a new WUI in the form of a Kibana app. You can learn more here: https://blog.wazuh.com/wazuh-v2-0-released

This new released, Wazuh v2.0.1, come with additional rules and decoders as well as other interesting changes in the core code and the API.

By |July 26th, 2017|0 Comments

Wazuh workshop at Bsides Chicago – July 15th 2017

Wazuh is sponsoring the Bsides Security Conference in Chicago, taking place on Saturday July 15th, 2017. Come and say hello! It is a great oportunity to meet part of the team and learn more about Wazuh.

We will be doing a 3-hour workshop. Check the content below. Looking forward to seeing you all.

Workshop

Host-based security monitoring has become increasingly important as the number and severity of threats keeps growing. In addition, network security monitoring tools are now harder to deploy, and not as efficient as they used to be.

Another driver for the […]

By |July 14th, 2017|0 Comments