Creating a custom Wazuh Compliance
Fear cube_A
Md. Nazmur Sakib
Hello!
Can you share what you mean by custom compliance. If you are talking about SCA CIS compliance policies.
Policies for the SCA module are written in YAML. This format was chosen because it is human-readable and easy to understand. You can easily write your own SCA policies or extend existing ones to fit your needs.
You can read this document to understand how to write SCA policies in yml.
If you want, you can explore this document and write your own plocity file for SCA scan. It will not need any coding knowledge.
Also, we have SCA files for lots of operating systems. Check the repository.
https://github.com/wazuh/wazuh/tree/main/ruleset/sca
Let me know if you need any further information.
Fear cube_A
--
You received this message because you are subscribed to the Google Groups "Wazuh | Mailing List" group.
To unsubscribe from this group and stop receiving emails from it, send an email to wazuh+un...@googlegroups.com.
To view this discussion visit https://groups.google.com/d/msgid/wazuh/38148979-20ca-49c1-b91e-68923944b507n%40googlegroups.com.
Md. Nazmur Sakib
Currently, we only support these compliance.
These are configured in the source code, so you can use the ID of the compliances in the rules, and they map and reflect in your alerts.
There is no easy way to do the same for other compliances like ISO 27001.
We have other compliance in our road map. They will be added in future releases.
For now, you can check this discussion to see how you can compare ISO 27001 with other complaints to get help with an ISO 27001 audit.
https://github.com/wazuh/wazuh/issues/4091
Let me know if you need any further information.
Fear cube_A
To view this discussion visit https://groups.google.com/d/msgid/wazuh/205734e9-b6ff-419f-9b0e-3fca9267c1c9n%40googlegroups.com.