SIEMonster - Kibana- wazuh

Stephen

unread,

Jul 18, 2018, 7:56:44 AM7/18/18

to Wazuh mailing list

Hi guys

I am just playing around with SIEMonster 3.0 and I faced with two problems...:

1. I can't search by group name in Kibana - group name of agents

2. Kibana - generate a report button is missing from the Discovery tab. I was trying to follow this video with no luck: https://www.youtube.com/watch?v=Jd8-A3fIGjo

- not to mention Skedler is not working at all with my setup.

Regards

Steve

Louis Bernardo

unread,

Jul 19, 2018, 2:44:36 AM7/19/18

to Wazuh mailing list

Hi Stephen,

Wazuh is not directly affiliated with Siemonster in the way you think. Siemonster is a collection of tools intended to be used by SOC staff as an all in one. As such they will always be small iterations behind in versioning as they have to make everything play nicely together after release by the owners. If you have Siemonster specific questions like you have now it is better to ask them in the Siemonster support forum directly. You will need to register and then you can ask the question there. It may be worth to have a look through the questions already posted as some of your questions may already be in there.

https://3503bfe669f8-003837.vbulletin.net/forum/main-forum

FYI, the Wazuh versions and ELK versions are closely tied for functionality reasons. This may be why you aren't seeing all the tabs on Siemonster.

Hope this helps.

Louis

Stephen

unread,

Jul 19, 2018, 4:41:28 AM7/19/18

to Wazuh mailing list

Hi Louis,

Thanks for your reply. The first question is still relevant to the mailing group. Can you search by agent.group in Kibana?

All the bests

Stephen

Santiago Bassett

unread,

Jul 19, 2018, 8:40:45 AM7/19/18

to Stephen, Wazuh mailing list

Hi Stephen,

afaik, there is no such a thing as agent.group. But you can add to your agent.conf files a label, and search by label. More info here:

https://documentation.wazuh.com/current/user-manual/capabilities/labels.html

This means that you can have agents grouped, receiving the configuration for their group, and enriching their alerts with the group label (or labels).

In addition there are rule.groups, that you can use to search different type of alerts.

I hope it helps,

Santiago.

--
You received this message because you are subscribed to the Google Groups "Wazuh mailing list" group.
To unsubscribe from this group and stop receiving emails from it, send an email to wazuh+unsubscribe@googlegroups.com.
To post to this group, send email to wa...@googlegroups.com.
Visit this group at https://groups.google.com/group/wazuh.
To view this discussion on the web visit https://groups.google.com/d/msgid/wazuh/1c0fc3a5-0245-4d90-8e15-4e231d45f5c3%40googlegroups.com.

For more options, visit https://groups.google.com/d/optout.

Louis Bernardo

unread,

Jul 20, 2018, 4:04:53 AM7/20/18

to Wazuh mailing list

I think he is referring to the agent groups that one can use in Wazuh

https://documentation.wazuh.com/3.x/user-manual/agents/grouping-agents.html

If you run Wazuh on it's own you can search for agents in those groups via Kibana.

@Stephen I have raised this with the Siemonster team. Please do open a new thread on the Siemonster support forum so that it has visibility for tracking.

Stephen

unread,

Jul 24, 2018, 5:29:44 AM7/24/18

to Wazuh mailing list

I'll do thanks!

Reply all

Reply to author

Forward