Lately, not only the tech and related communities, but also pretty much everyone else has heard of GDPR, the new standards for security compliance.

GDPR (General Data Protection Regulation) has been drawn up to make privacy legislation consistant throughout Europe, with its main focus on providing data protection for all citizens in the European Union.

To this end, it seeks to increase the privacy of such data and to reform the way in which EU organizations approach data privacy.

As we can see, this regulation has significant impact in today’s world as personal information is vital for many companies and the requirements for compliance with GDPR must be met or severe economic sanctions will be applied.

At Wazuh, we have adapted our software in the best possible way to support GDPR compliance, with the addition of:

  • A new tagging of our set of rules adding information about GDPR technical requirements.
  • A new tab regarding GDPR in the Wazuh app for Kibana that will give visual insight into compliance.

Using Wazuh file integrity monitoring and intrusion detection tools will allow processing and control of personal information as well as protection by means of threats detection, facilitating the fulfillment of security policies.

According to section 5.1.f of the GDPR,

Principles relating to processing of personal data

Personal data shall be: processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures (‘integrity and confidentiality’).

the storage and all processing of personal data must be properly processed and protected.

Let’s take a closer look with an use case.

A company stores data belonging to a certain subject:

root@agent:/home/agent/personal_records# cat subject_data.txt
First name: James
Surname: Harden
Marital Status: Married
Date of birth: 11/24/1989
Place of birth: Granada, España
Social security number: 1111 2222 3333 4444

We will configure the Wazuh agent so the previous file is monitored by the file integrity monitoring tool:

 root@agente:~# vim /var/ossec/etc/ossec.conf 
   ...
 <!-- File integrity monitoring -->
  
   ...
    /home/agent/personal_data
   ...
  
   ...

Then a user accesses and alters the file contents:

careless_user@agent:/home/agent/personal_data$ cat subject_data.txt
First name: James
Surname: Harden
Marital Status: Married
Date of birth: 11/24/1989
Place of birth: Granada, España
Social security number: 1111 2222 3333 4455

The Wazuh manager receives the event for this change and generates the corresponding alert:

{
"timestamp":"2018-05-25T15:41:57+0200",
"rule":{
    "level":7,
    "description":"Integrity checksum changed.",
    "id":"550",
    "firedtimes":1,
    "mail":false,
    "groups":[
        "ossec",
        "syscheck”
    ],
    "gpg13":[
        "4.11"
    ],
    "gdpr":[
        "II_5.1.f"
    ]
},
"syscheck":{
    "path":"/home/agent/personal_data/subject_data.txt",
    "size_after":"162",
    "perm_after":"100777",
    "uid_after":"0",
    "gid_after":"0",
    "md5_before":"991de94df73c387477b2d6ec1bd427e1",
    "md5_after":"ca9bc297e343dc6864b1d35f990fdacd",
    "sha1_before":"1c085bf5e1960915b23131c2e6c6ea28a41d164d",
    "sha1_after":"fbc5cf512d8d6c382b146bc854c08fad76624daf",
    "uname_after":"root",
    "gname_after":"root",
    "mtime_before":"2018-05-18T15:33:26",
    "mtime_after":"2018-05-18T15:41:56",
    "inode_after":438395,
    "diff":"6c6\n< Social security number: 1111 2222 3333 4444 \n---\n> Social security number: 1111 2222 3333 4455 \n",
    "event":"modified"
},
...
}

You can also check the Wazuh app dashboard specially built for GDPR:

We showed a use case where Wazuh helps to showcase GDPR compliance standards, but Wazuh can do much more: generation of all kinds of alerts, such as SSH or RDP brute force attacks, hidden processes detection such as rootkits, shellsock attack detection and reaction, malicious commands execution monitoring, suspicious network traffic capture with NIDS such as Suricata, scanning the system for malware, etc.

You can find more information at https://wazuh.com.