THEHIVE WITH WAZUH DOCKER

[Dani Perez]

Hello im working with  https://github.com/TheHive-Project/Docker-Templates/blob/main/docker/thehive4-cortex3-misp-shuffle/docker-compose.yml, and i add on the end of that compose this from official documentation, and on kibana dont appears wazuh but i have wazuh running with correct logs.

Can anyone help me please?

thanks

[Alberto Rodriguez]

Hello

  Daniel, could you please take a look into the Elasticsearch and Kibana logs? 

The image logs look good but they are only corresponding to the filebeat component. The wazuh docker runs the Wazuh manager and filebeat, sometimes the logs are quickly passed. You could run into the docker container by docker exec -ti DOCKER_ID bash and check by using service wazuh-manager status if all wazuh-manager daemons are running or not. 
To summarize, we need to determine what part of the complete flow is not working. If wazuh manager services are running and filebeat test output works as expected, a manual curl to elasticsearch API could help us to determine if Elasticsearch or Kibana has a problem. 

Regards, 

Alberto R

[Dani Perez]

Hi, my container have this...

Im using this compose from this project opensource https://github.com/TheHive-Project/Docker-Templates/blob/main/docker/thehive4-cortex3-misp-shuffle/docker-compose.yml and i added from official documentation of Wazuh this lines on my compose at the end.

Indexes (patterns, etc.) of ES are working fine, but i dont know why menu wazuh doesnt appears...

Thanks

El dia dimecres, 2 de juny de 2021 a les 10:27:34 UTC+2, Alberto Rodriguez va escriure:

[Alberto Rodriguez]

Hello Daniel

  If you want to use Wazuh docker with the hive, you should consider some points. You should review that, using our latest tag `v4.1.5` this docker-compose: https://github.com/wazuh/wazuh-docker/blob/v4.1.5/docker-compose.yml correspond to Opendistro 1.13.2, which means 7.10.2 but with the elasticsearch OSS variant. We provide https://github.com/wazuh/wazuh-docker/blob/v4.1.5/xpack-compose.yml for using the non-OSS version, but it's a 7.10.2 version. The version you are using in your docker-compose is 7.11.1. 
Maybe it's easier to work in the x-pack compose and adding the "The Hive" components, but it's up to you. To summarizing, you must match versions. Take into account that wazuh-docker uses cipher communications between nodes. You must to generate certificates for the The Hive components that communicate with Elasticsearch or adapt the Wazuh components to avoid using certificates. 

Regards, 

Alberto R

--
You received this message because you are subscribed to the Google Groups "Wazuh mailing list" group.
To unsubscribe from this group and stop receiving emails from it, send an email to wazuh+un...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/wazuh/1746bcad-7723-4997-b02f-39aa62b0c7dbn%40googlegroups.com.

--

Alberto Rodriguez CICD TL  The Open Source Security Platform

* This message and the information contained in or attached to it are private and confidential and intended exclusively for the addressee. Any dissemination, copying or distribution to third parties without the express consent of the sender is strictly prohibited. If you have received this message in error, please delete it immediately and notify the sender. Thank you for your collaboration.