Send discovery reports
Facu Basgall
I have created reports in Discover and would like to email them once a day.
I was looking through the documentation and found this, but not what I need. https://documentation.wazuh.com/current/user-manual/manager/automatic-reports.html
Is there a way to do this?
Thanks!
Gerardo David Caceres Fleitas
Hello Facu,
Wazuh uses the Opensearch
Reporting module, and we are continuously improving the platform and
its components to keep it up-to-date and provide better services to users. Until
this date, if you create a new report in the menu > OpenSearch Plugins
> Reporting, you can select a report trigger such as on-demand or
schedule a periodicity such as daily. Still, you will need to download the .pdf
report manually.
In the Reporting module, you can create report definitions, allowing you to generate reports based on the settings you assign them. The most important settings would be the source and type of the report. The source would be any previously created search, visualization, or dashboard; the type can be on-demand or scheduled.
On the other hand, the reports that we can automate to send over email are the Daily Reports, which will generate a daily report of the alerts received in your environment. You could configure Wazuh to send an email to a specified email address; you can leverage our mail module to generate these. Remember that you must define a sender email address, as seen here. If your SMTP server uses authentication, you must follow these steps since Wazuh does not support SMTP servers with authentication. Hence, a server relay is necessary to use them.
Example:
From: Wazuh 12:01 AM (10 hours ago)
to me
------------------------------------------------
Report 'Daily report: File changes' completed.
------------------------------------------------
->Processed alerts: 368
->Post-filtering alerts: 58
->First alert: 2017 Mar 08 06:31:26
->Last alert: 2017 Mar 08 13:11:42
Top entries for 'Level':
------------------------------------------------
Severity 5 |47 |
Severity 7 |11 |
Top entries for 'Group':
------------------------------------------------
ossec |58 |
pci_dss_11.5 |58 |
syscheck |58 |
Top entries for 'Location':
------------------------------------------------
localhost->syscheck |51 |
(ubuntu) 192.168.1.242->syscheck |7 |
Top entries for 'Rule':
------------------------------------------------
554 - File added to the system. |47 |
550 - Integrity checksum changed. |11 |
Top entries for 'Filenames':
------------------------------------------------
/boot/grub/grub.cfg |1 |
/etc/apt/apt.conf.d/01autoremove-kernels |1 |
/etc/group |1 |
/etc/group- |1 |
/etc/gshadow |1 |
/etc/gshadow- |1 |
/etc/passwd |1 |
/etc/passwd- |1 |
/etc/postfix/main.cf |1 |
/etc/shadow |1 |
/etc/shadow- |1 |
I hope you find this helpful.
Greetings.
Gerardo Cáceres.