Edit Security Dashboards HTML/Js?

[Austin]

Currently I have my data being pipelined through Graylog and they use an "_" as their key separator instead of a "." like Elasticsearch uses. The security dashboard is useless since the panels look for "rule.level" and "agent.name" instead of "rule_level" and "agent_name". Would it be possible to change the panels to look for the "_"  instead of the "."? or a way to tell Elasticsearch completely to index the data with underscores instead of dots? 

Thank you in Advance!

[Cedrick Foko]

Hi Austin,

Thank you for using Wazuh.

It is not possible to change that directly from the dashboard, but you can configure Wazuh indexer to ingest logs directly from Graylog. Once Wazuh indexer receives logs from Graylog, it will index the logs and display alerts on the dashboard. You can find more information here:  Part 1. Wazuh Indexer — SIEM Backend | by SOCFortress | Medium and  Part 2. Graylog Install — Log Ingestion | by SOCFortress | Medium.

I hope you find this helpful. Don't hesitate to ask if you have any other question.

Regards,