Assistance with Tag Creation and ISO 27001 Regulation in Wazuh Dashboard
101 views
Skip to first unread message
Batu Kapicioglu
Dec 19, 2024, 7:54:42 AM12/19/24
to Wazuh | Mailing List
Hello,
I hope you’re doing well. I would like to know how I can create tags in the Wazuh dashboard. How can I view the regulations I have created here, or how can I tag them as shown in the image below? I would appreciate it if you could assist me with this.
Additionally, could you guide me on how to add the ISO 27001 regulation?
Thank you in advance for your help!
Best regards,
Gerardo David Caceres Fleitas
Dec 20, 2024, 5:50:32 AM12/20/24
to Wazuh | Mailing List
Hello Batu,
Please look at the following documentation for information about the regulatory compliance modules included by Wazuh.
https://documentation.wazuh.com/current/getting-started/use-cases/regulatory-compliance.htmln
Adding new compliance modules to Wazuh requires a deep understanding of compliance requirements, development, and the Wazuh ruleset. There is no guide available for this task. Wazuh is adding new compliance modules when noticing the users' interest, which means that new modules are planning to be released.
Github: https://github.com/wazuh/wazuh/issues
Another helpful feature in Wazuh for compliance requirements is the SCA (Security configuration assessment) policies, which are based on CIS benchmarks and already include mapping with some regulations, including ISO 27001. Note that new ones can also be created.
https://documentation.wazuh.com/current/user-manual/capabilities/sec-config-assessment/index.html
https://github.com/wazuh/wazuh/tree/master/ruleset/sca
Also, it is essential to mention that Wazuh and its various features help comply with multiple compliance requirements, such as keeping audit and log data through a SIEM solution (for example, authentication events), monitoring file integrity, and using a vulnerability scanner, etc. This is possible even though Wazuh doesn't have an official module for them.
https://documentation.wazuh.com/current/user-manual/capabilities/index.html
If you want to create a manual mapping with the Wazuh ruleset and a particular regulation, a workaround could be making a rules group and editing the ones associated with this specific regulation. You can find more information on how to edit existing rules below:
https://documentation.wazuh.com/current/user-manual/ruleset/rules/custom.html#changing-existing-rules
Example with two SSH rules:
Example of a query filtering by the created rule group
I hope this helps; best regards.!
Please look at the following documentation for information about the regulatory compliance modules included by Wazuh.
https://documentation.wazuh.com/current/getting-started/use-cases/regulatory-compliance.htmln
Adding new compliance modules to Wazuh requires a deep understanding of compliance requirements, development, and the Wazuh ruleset. There is no guide available for this task. Wazuh is adding new compliance modules when noticing the users' interest, which means that new modules are planning to be released.
Github: https://github.com/wazuh/wazuh/issues
Another helpful feature in Wazuh for compliance requirements is the SCA (Security configuration assessment) policies, which are based on CIS benchmarks and already include mapping with some regulations, including ISO 27001. Note that new ones can also be created.
https://documentation.wazuh.com/current/user-manual/capabilities/sec-config-assessment/index.html
https://github.com/wazuh/wazuh/tree/master/ruleset/sca
Also, it is essential to mention that Wazuh and its various features help comply with multiple compliance requirements, such as keeping audit and log data through a SIEM solution (for example, authentication events), monitoring file integrity, and using a vulnerability scanner, etc. This is possible even though Wazuh doesn't have an official module for them.
https://documentation.wazuh.com/current/user-manual/capabilities/index.html
If you want to create a manual mapping with the Wazuh ruleset and a particular regulation, a workaround could be making a rules group and editing the ones associated with this specific regulation. You can find more information on how to edit existing rules below:
https://documentation.wazuh.com/current/user-manual/ruleset/rules/custom.html#changing-existing-rules
Example with two SSH rules:
Example of a query filtering by the created rule group
I hope this helps; best regards.!
Reply all
Reply to author
Forward
0 new messages