How to integrate zeek into wazuh with ELK?
2,381 views
Skip to first unread message
George13
Nov 10, 2022, 4:48:29 AM11/10/22
to Wazuh mailing list
Hi!
Dear Team!
I have installed zeek in a wazuh agent, and a wazuh manager with ELK in another host. I want to know how to see zeek alerts in kibana. How should I configure it?
Thank you very mach!
Openime Oniagbi
Nov 10, 2022, 6:20:31 AM11/10/22
to Wazuh mailing list
Hi George,
Furthermore, Wazuh has some examples of default rules for Zeek logs which you can find here:https://github.com/wazuh/wazuh-ruleset/blob/master/rules/0635-owlh-zeek_rules.xml
Finally, let me suggest you take a look at OwlH. It is an open-source project aimed to help in the Network IDS management at scale. It can be integrated with Wazuh and help you visualize the NIDS events.
For example, this documentation discusses the Wazuh and Zeek integration.
I hope this helps.
Regards.
Wazuh can process logs from Zeek. However, this feature is not included in a default Wazuh installation.
The easiest way to get this work is to forward the logs generated by Zeek to a Wazuh manager, where you can tune the ruleset to process the desired events. To do this, configure the log collector to read the event file. You can find details on how to do that in our documentation.
Furthermore, Wazuh has some examples of default rules for Zeek logs which you can find here:
Finally, let me suggest you take a look at OwlH. It is an open-source project aimed to help in the Network IDS management at scale. It can be integrated with Wazuh and help you visualize the NIDS events.
For example, this documentation discusses the Wazuh and Zeek integration.
I hope this helps.
Regards.
Reply all
Reply to author
Forward
0 new messages