Juniper Firewall Decoders

[Abdul Samad]

Dear Team,

I am unable to find decoders & rules for juniper firewall in Wazuh, 

If anybody have, please share them

[Mauro Agustín Malara]

Hi,

Currently, we do not have rules or decoders for the Juniper firewall logs (it is possible to check this in our repo). However, you can add custom rules and decoders to the manager, but first of all, you need to make sure that you can see logs from Juniper:

1. Enable the <logall_json> option in the manager’s configuration (I recommend you to disable the <logall> option as you will be able to see the full_log field and create decoders and rules based on it).
2. Restart the Wazuh manager to apply the changes.
3. Look for logs in the /var/ossec/logs/archives/archives.json file. To do so, you can use the grep command: grep 'some text to search in the log' /var/ossec/logs/archives/archives.json

Finally, use the full_log field to create your custom rules and decoders following this documentation.

Let me know if it helps or if you have any questions,

Regards.

​