Aggregating all logs from Syslog, windows event log, etc
51 views
Skip to first unread message
Steven Paugh
Apr 6, 2023, 9:25:14 AM4/6/23
to Wazuh mailing list
Hello team,
As we work towards rebuilding our wazuh cluster I am curious if anyone has ever tried to use wazuh as a more traditional SIEM along with the OOB EDR capabilities?
My initial thought was that it wasn't possible for us to collect all logs from our endpoints for things like DNS, syslog events, etc because of the default indexes not supporting something like that.
My initial thought was that it wasn't possible for us to collect all logs from our endpoints for things like DNS, syslog events, etc because of the default indexes not supporting something like that.
Is there any documentation on an ask like this? Ideally it could involve something like the wazuh-alerts index handling EDR alerts from the base wazuh tool, and then another index for all logs coming from our endpoints.
Thank you,
-Steven
Manuel Jose Cano Rojo
Apr 10, 2023, 8:38:58 AM4/10/23
to Wazuh mailing list
Hello Steven,
If I have not misunderstood your message, I think Wazuh can perform all the functionalities you are talking about via the Syscollector module. This module retrieves all the important information about the monitored system, there are several scan types that can be run.
Let me know if you are referring to different stuff and I will try to help you as fast as I can!
Regards,
Manuel.
If I have not misunderstood your message, I think Wazuh can perform all the functionalities you are talking about via the Syscollector module. This module retrieves all the important information about the monitored system, there are several scan types that can be run.
Let me know if you are referring to different stuff and I will try to help you as fast as I can!
Regards,
Manuel.
Reply all
Reply to author
Forward
0 new messages