Aggregated CIS Report of all Wazuh Agents

580 views
Skip to first unread message

Jerome Nelson Jayaprakash

unread,
Oct 16, 2023, 6:57:10 AM10/16/23
to Wazuh | Mailing List
Hello Community,

I need to export CIS Benchmark report of all the agents in my Wazuh server which runs on v4.3.10. I have tried some python script, but no luck. Please help me with a script to get the CIS report.

Thanks,
Jerome

Kasim Mustapha

unread,
Oct 16, 2023, 8:12:43 PM10/16/23
to Wazuh | Mailing List
Hello Jerome,

I'm sorry for not getting back to you sooner.

You can export the events but the dashboards are built-in. Alternatively, you could create a similar dashboard in the visualization and export those.

The filter for the cis benchmark is --> rule.groups:sca

I hope this helps. Let me know if you have further questions.

Regards,
Kasim Mustapha

Jerome Nelson Jayaprakash

unread,
Oct 17, 2023, 3:18:59 AM10/17/23
to Wazuh | Mailing List
Hi Kasim,

Thanks for the reply.

I have created a dashboard and added the filter to it, however, it ain't work well for me. Please refer to the attachment and correct if am wrong.

And my actual requirement is to get the consolidated report of the pass, fail and score of all the agents.


Thanks,
Jerome
Screenshot 2023-10-17 124627.png

Kasim Mustapha

unread,
Oct 18, 2023, 6:14:47 AM10/18/23
to Wazuh | Mailing List
Hello Jerome,

Apologies for not getting back to you sooner.

I created a sample visualization to display the results for all agents in a pie chart with the following configurations;

image (23).png
image (24).png
image (25).png

The result is as follows;
Screenshot 2023-10-18 111237.png
You export this as a report.

I hope this helps. Let me know if you have further questions.

Jerome Nelson Jayaprakash

unread,
Oct 19, 2023, 1:53:07 AM10/19/23
to Wazuh | Mailing List
Hi Kasim,

Thanks for the email with the samples.

I have tried the same but I am having trouble with the configuration.

I couldn't the slice size option in the data metrics. It is not listed in the ADD METRIC section. Am I missing anything?
I have attached the sample SS. Please refer to that and provide your input.

Thanks,
Jerome
Screenshot 2023-10-19 112300.png

Kasim Mustapha

unread,
Oct 23, 2023, 9:34:42 AM10/23/23
to Wazuh | Mailing List
Hello Jerome,

Sorry for the late response.

You are not adding other metrics.

You are slicing the buckets.
Screenshot 2023-10-23 142910.png

This is what the bucket configuration would look like.
Screenshot 2023-10-23 143320.png

I hope this answers your questions. 

Let me know if you have further concerns.

Jerome Nelson Jayaprakash

unread,
Oct 25, 2023, 6:43:17 AM10/25/23
to Wazuh | Mailing List
Hi Kasim,

I have configured the visualization and have attached the SS.
But our requirement is that we need to see the consolidated report of all the agents with passed, failed and scores of each on a whole.
I have attached the CSV sheet which I exported from Wazuh with the Python script. I used to export the report and share it with my manager on a daily basis. And now I lost the script when my system crashed and couldn't rebuild a new one. 
Could u pls help me with getting such report?


Thanks,
Jerome
cis_sca_report_sample.csv
Screenshot 2023-10-25 155948.png

Vinicius Lehmann

unread,
Oct 25, 2023, 7:01:47 AM10/25/23
to Wazuh | Mailing List
Hello, 

I had the same need and ended up creating a python script that makes requests to Wazuh's API and returns the result in an excel spreadsheet.
wazuhSCAGeneric.py

Jerome Nelson Jayaprakash

unread,
Oct 26, 2023, 2:32:14 AM10/26/23
to Wazuh | Mailing List
Hi Vinicius,

Thanks for the script. It works very well as expected. 
I am able to pull the CIS report of all the agents. I can now extract the summary report from the result.
Reply all
Reply to author
Forward
0 new messages