Everyone Attention - Home Based Cyber Security Lab - WAZUH
142 views
Skip to first unread message
Daniel
Oct 18, 2022, 6:58:15 AM10/18/22
to Wazuh mailing list
Hello WAZUH Team,
I know my query is little bit different from others but professional suggestion and guidance would be quite helpful for me.
Basically I am setting up WAZUH on my home based LAB setup, and have integrated several log-sources like my own windows based physical machine, a Linux server etc.
Could you please suggest few more log-sources that you have in your knowledge that are successfully be integrated to WAZUH.
Please be noted that I am looking forward for open-source log sources not commercial.
Suat Toksöz
Oct 18, 2022, 8:00:23 AM10/18/22
to Daniel, Wazuh mailing list
Hi Daniel,
Please check out the wazuh decoders (https://github.com/wazuh/wazuh/tree/master/ruleset/decoders) for log sources.
Best regards
--
You received this message because you are subscribed to the Google Groups "Wazuh mailing list" group.
To unsubscribe from this group and stop receiving emails from it, send an email to wazuh+un...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/wazuh/b0505048-560a-4988-9751-281623cf1940n%40googlegroups.com.
Best regards,
Suat Toksöz
Lucio Donda
Oct 18, 2022, 8:12:27 AM10/18/22
to Wazuh mailing list
Hi Daniel,
As you may now logcollector is in charge of taking a variety of sources of logs in order to analyze them later, here for more info.
Besides system logs you may see logs generated by monitoring files, security configuration assessment on systems, syslog, etc. (docs)
Does that answer your question? Are you trying to test something with a broad variety of logs, are you having difficulties with generating logs from a specific source?
As you may now logcollector is in charge of taking a variety of sources of logs in order to analyze them later, here for more info.
Besides system logs you may see logs generated by monitoring files, security configuration assessment on systems, syslog, etc. (docs)
Does that answer your question? Are you trying to test something with a broad variety of logs, are you having difficulties with generating logs from a specific source?
Daniel
Oct 18, 2022, 11:41:40 AM10/18/22
to Wazuh mailing list
Hello lucio,
Thanks for your response, yes I am planning to make some Authentication based rules, but you also know that In-order for a rule to be fired there should be relevant event at the backend. The problem I am facing is that I am unable to observe Success Login events at Kibana, how-ever I have tried login and logout on the already agent based monitored Kali machine.
Lucio Donda
Oct 19, 2022, 2:25:57 PM10/19/22
to Wazuh mailing list
Hi Daniel, sorry for the late response.
searching in the community I found some other USER trying to see alerts generated by successful login, In order to do that they enabled audit logs ( Security > Audit logs > General settings > Configure ) removing Authentication from the exclude list. Then audit alerts appeared under the security-auditlog-* index.
Here you may find some more details on that.
I guess that this info may throw some light on your research.
searching in the community I found some other USER trying to see alerts generated by successful login, In order to do that they enabled audit logs ( Security > Audit logs > General settings > Configure ) removing Authentication from the exclude list. Then audit alerts appeared under the security-auditlog-* index.
Here you may find some more details on that.
I guess that this info may throw some light on your research.
Reply all
Reply to author
Forward
0 new messages