I have Wazuh configured on 3 machines and get log messages but I do not see any events on Kibana.
What configuration could I have missed?
--
Follow Security Onion on Twitter!
https://twitter.com/securityonion
---
You received this message because you are subscribed to the Google Groups "security-onion" group.
To unsubscribe from this group and stop receiving emails from it, send an email to security-onio...@googlegroups.com.
To post to this group, send email to securit...@googlegroups.com.
Visit this group at https://groups.google.com/group/security-onion.
For more options, visit https://groups.google.com/d/optout.
I get the alert emails from the server via Wazuh but I am not seeing any events in on the Kibana dashboard.
I am looking at using Elastalert for reporting but I am not seeing broken down Wazuh events. I have some ossec_archive events but all the information is in a json field called message which does not seem right.
--
Follow Security Onion on Twitter!
https://twitter.com/securityonion
---
You received this message because you are subscribed to the Google Groups "security-onion" group.
To unsubscribe from this group and stop receiving emails from it, send an email to security-onio...@googlegroups.com.
To post to this group, send email to securit...@googlegroups.com.
Visit this group at https://groups.google.com/group/security-onion.
For more options, visit https://groups.google.com/d/optout.
HIDS under Alert Data as I assume that will have a good breakdown.
OSSEC under Host Hunting has all the data in JSON which makes it difficult to test for.
Is this linked to
https://github.com/Security-Onion-Solutions/security-onion/issues/1469
--
Follow Security Onion on Twitter!
https://twitter.com/securityonion
---
You received this message because you are subscribed to the Google Groups "security-onion" group.
To unsubscribe from this group and stop receiving emails from it, send an email to security-onio...@googlegroups.com.
To post to this group, send email to securit...@googlegroups.com.
Visit this group at https://groups.google.com/group/security-onion.
For more options, visit https://groups.google.com/d/optout.
Will wait for the update to come.
It is not mission critical and I may mess something else up!
Thanks for the help.