Interesting project for Wazuh's roadmap
Carlos Lopez
Maybe this colud be interesting to integrate with Wazuh via woodle:
https://github.com/0xrawsec/whids
Regards,
C. L. Martinez
David Vidriales
I've been briefly investigating this tool and it seems to me that it's something similar to Wazuh's Windows EventChannel log collection (https://documentation.wazuh.com/3.10/user-manual/capabilities/log-data-collection/how-to-collect-wlogs.html and https://wazuh.com/blog/how-to-collect-windows-events-with-wazuh/)
Could you tell a benefit from the already existing functionality in Wazuh regarding this tool? If there's enough new functionality in this tool to make it worth the difference, I'll open an issue to develop the integration you proposed. Thanks for your interest and collaboration.
Kind regards,
David
Carlos Lopez
The most important feature here, almost for me, is granularity in creating rules and dump data from files, registry and processess.
What do you think?
Regards,
C. L. Martinez
________________________________________
From: wa...@googlegroups.com <wa...@googlegroups.com> on behalf of David Vidriales <david.v...@wazuh.com>
Sent: 28 October 2019 14:31
To: Wazuh mailing list
Subject: Re: Interesting project for Wazuh's roadmap
Hi Carlos,
Kind regards,
David
https://github.com/0xrawsec/whids
Regards,
C. L. Martinez
--
You received this message because you are subscribed to the Google Groups "Wazuh mailing list" group.
To unsubscribe from this group and stop receiving emails from it, send an email to wazuh+un...@googlegroups.com<mailto:wazuh+un...@googlegroups.com>.
To view this discussion on the web visit https://groups.google.com/d/msgid/wazuh/748b963b-7d7b-474a-8ba8-d8e1d09f5bb5%40googlegroups.com<https://groups.google.com/d/msgid/wazuh/748b963b-7d7b-474a-8ba8-d8e1d09f5bb5%40googlegroups.com?utm_medium=email&utm_source=footer>.
David Vidriales
I encourage you to keep an eye on the issue's updates (https://github.com/wazuh/wazuh/issues/4161) to check how it plays out and give us feedback about it.
Best regards,
David
On Monday, October 28, 2019 at 2:51:55 PM UTC+1, Carlos Lopez wrote:
Many thanks for your answer David. IMO, the real difference here between EventChannel log and this solution, is the enrichment part, which allows you to interoperate with third party products and plus the use of Wazuh agent, you can implement an robust opensource EDR solution in Windows environments.The most important feature here, almost for me, is granularity in creating rules and dump data from files, registry and processess.
What do you think?
Regards,
C. L. Martinez
________________________________________
From: wa...@googlegroups.com <wa...@googlegroups.com> on behalf of David Vidriales
Sent: 28 October 2019 14:31
To: Wazuh mailing list
Subject: Re: Interesting project for Wazuh's roadmap
Hi Carlos,
I've been briefly investigating this tool and it seems to me that it's something similar to Wazuh's Windows EventChannel log collection (https://documentation.wazuh.com/3.10/user-manual/capabilities/log-data-collection/how-to-collect-wlogs.html and https://wazuh.com/blog/how-to-collect-windows-events-with-wazuh/)
Could you tell a benefit from the already existing functionality in Wazuh regarding this tool? If there's enough new functionality in this tool to make it worth the difference, I'll open an issue to develop the integration you proposed. Thanks for your interest and collaboration.
Kind regards,
DavidOn Monday, October 28, 2019 at 10:16:52 AM UTC+1, Carlos Lopez wrote:
Hi all,Maybe this colud be interesting to integrate with Wazuh via woodle:
https://github.com/0xrawsec/whids
Regards,
C. L. Martinez
--
You received this message because you are subscribed to the Google Groups "Wazuh mailing list" group.
To unsubscribe from this group and stop receiving emails from it, send an email to wazuh+unsubscribe@googlegroups.com<mailto:wazuh+unsub...@googlegroups.com>.
Carlos Lopez
Regards,
C. L. Martinez
________________________________________
From: wa...@googlegroups.com <wa...@googlegroups.com> on behalf of David Vidriales <david.v...@wazuh.com>
Sent: 29 October 2019 15:06
To: Wazuh mailing list
Subject: Re: Interesting project for Wazuh's roadmap
Hi again Carlos,
I can appreciate a real value in enriching the events of Windows Event Channel that way. I've opened an issue about it and we'll discuss the possible solutions (which may lead to adding the development of this integration to our roadmap if necessary). Thanks for your interest and contribution to Wazuh.
I encourage you to keep an eye on the issue's updates (https://github.com/wazuh/wazuh/issues/4161) to check how it plays out and give us feedback about it.
Best regards,
David
On Monday, October 28, 2019 at 2:51:55 PM UTC+1, Carlos Lopez wrote:
Many thanks for your answer David. IMO, the real difference here between EventChannel log and this solution, is the enrichment part, which allows you to interoperate with third party products and plus the use of Wazuh agent, you can implement an robust opensource EDR solution in Windows environments.
The most important feature here, almost for me, is granularity in creating rules and dump data from files, registry and processess.
What do you think?
Regards,
C. L. Martinez
________________________________________
From: wa...@googlegroups.com<mailto:wa...@googlegroups.com> <wa...@googlegroups.com<mailto:wa...@googlegroups.com>> on behalf of David Vidriales
Sent: 28 October 2019 14:31
To: Wazuh mailing list
Subject: Re: Interesting project for Wazuh's roadmap
Hi Carlos,
I've been briefly investigating this tool and it seems to me that it's something similar to Wazuh's Windows EventChannel log collection (https://documentation.wazuh.com/3.10/user-manual/capabilities/log-data-collection/how-to-collect-wlogs.html and https://wazuh.com/blog/how-to-collect-windows-events-with-wazuh/)
Could you tell a benefit from the already existing functionality in Wazuh regarding this tool? If there's enough new functionality in this tool to make it worth the difference, I'll open an issue to develop the integration you proposed. Thanks for your interest and collaboration.
Kind regards,
David
On Monday, October 28, 2019 at 10:16:52 AM UTC+1, Carlos Lopez wrote:
Hi all,
Maybe this colud be interesting to integrate with Wazuh via woodle:
https://github.com/0xrawsec/whids
Regards,
C. L. Martinez
--
You received this message because you are subscribed to the Google Groups "Wazuh mailing list" group.
To unsubscribe from this group and stop receiving emails from it, send an email to wazuh+un...@googlegroups.com<mailto:wazuh%2Bunsu...@googlegroups.com><mailto:wazuh+un...@googlegroups.com<mailto:wazuh%2Bunsu...@googlegroups.com>>.
To view this discussion on the web visit https://groups.google.com/d/msgid/wazuh/748b963b-7d7b-474a-8ba8-d8e1d09f5bb5%40googlegroups.com<https://groups.google.com/d/msgid/wazuh/748b963b-7d7b-474a-8ba8-d8e1d09f5bb5%40googlegroups.com?utm_medium=email&utm_source=footer>.
--
You received this message because you are subscribed to the Google Groups "Wazuh mailing list" group.
To unsubscribe from this group and stop receiving emails from it, send an email to wazuh+un...@googlegroups.com<mailto:wazuh+un...@googlegroups.com>.
To view this discussion on the web visit https://groups.google.com/d/msgid/wazuh/a6a3e05e-76ac-42d7-aba7-a665b037105f%40googlegroups.com<https://groups.google.com/d/msgid/wazuh/a6a3e05e-76ac-42d7-aba7-a665b037105f%40googlegroups.com?utm_medium=email&utm_source=footer>.