GeoMap with Waze Coordinate

[Aziz Sakhi (Blackroot Gangster)]

Hello, I have a small problem and I would like to know if you have a solution.

The principle is simple, I have a script that logs waze coordinates the output is

{"location": {"lat": 78.606713, "lon": -1.317378}}

The log file is monitored in the OSSEC configuration, except that I cannot find the elements to use them in a map with the geographical points which represent the locations of the coordinates.

On wazuh when I create a rule I manage to reassemble the following fields:

data.location.lat
data.location.lon

But impossible to convert them into geopoint usable by the geo map, even by trying to modify the type in the index it remains in string.

Should I create a decoder for this?

I tried but I don't understand the methodology used by the decoder regex or I'm doing it wrong.

Someone to help me?

[Julio Gasco]

Hi Aziz,

At the moment wazuh support GeoIP location, this filter is enabled by default on our filebeat pipeline in the latest version,s you can see an example with OpenVPN on the following documentation:

https://wazuh.com/blog/monitoring-remote-openvpn-connections-with-geoip-and-wazuh-xdr/

At the moment we don´t support other kind of geo location feature, but if the logs have the IP information you can try to use the IP to have a similar result.

If this is an option let me know if I can help you any further in using the IP for your use case.

Regards!