Wazuh - Cisco Umbrella - Log decoder Support
274 views
Skip to first unread message
vault wazuh
Jun 26, 2023, 1:43:56 AM6/26/23
to Wazuh mailing list
Hi Team,
We have ingested Cisco Umbrella logs as per the official documentation, the logs are received in the Wazuh manager console but there is no decoder matching to decode logs from Cisco Umbrella. I have attached the result of running the logtest tool and the logs from wazuh for your better understanding of the issue.
Could you please let me know on how to resolve the above issue? Is there any decoder that pre-exists in the wazuh manager? or if how can i write or create custom rules or alerts?
Best Regards,
Vault Organization
Samson Olugbenga Idowu
Jun 26, 2023, 2:38:05 AM6/26/23
to Wazuh mailing list
Hello Vault,
Thank you for choosing Wazuh.
Please be informed that there are no decoders and rules for Cisco Umbrella logs existing in the current version of Wazuh.
However, you can create a custom decoder/rule easily by following our guide:
https://wazuh.com/blog/creating-decoders-and-rules-from-scratch/
https://documentation.wazuh.com/current/user-manual/ruleset/custom.html?highlight=rules
Upon creating the custom decoders and rules, alert will be generated on the dashboard.
Should you require further assistance, do not hesitate to reach out.
Thank you for choosing Wazuh.
Please be informed that there are no decoders and rules for Cisco Umbrella logs existing in the current version of Wazuh.
However, you can create a custom decoder/rule easily by following our guide:
https://wazuh.com/blog/creating-decoders-and-rules-from-scratch/
https://documentation.wazuh.com/current/user-manual/ruleset/custom.html?highlight=rules
Upon creating the custom decoders and rules, alert will be generated on the dashboard.
Should you require further assistance, do not hesitate to reach out.
Reply all
Reply to author
Forward
0 new messages