User Behavior Entity Analysis Support
188 views
Skip to first unread message
Kashif Ali
Jul 26, 2022, 6:55:19 AM7/26/22
to wa...@googlegroups.com
Hi,
We are using Wazuh and it's working perfectly. Recently we installed file integrity to monitor user's action but it's limited.
I want to ask if someone can develop a custom (if source is available) agent or something else to do more task such as
Email
Websites
Accessing folder
Session recording
Etc
If possible then it can send all the logs to wazuh (if supported by wazuh, wazuh agent).
Thank you
Octavio Valle López
Jul 26, 2022, 10:13:36 AM7/26/22
to Wazuh mailing list
Hi Kashif, I hope you are well!
Wazuh has many of the features that you indicate and can be integrated with many information providers to have more context of what is happening in your environment, many of these features are outside of FIM.
FIM is only to see file differences or activity related to the FileSystem.
For this, the first thing that would be good to know is what operating system it points to see which side we are oriented to.
then I recommend you check the following link to see the capacity of Wazuh. To otherwise exploit the SIEM capabilities of Wazuh.
https://documentation.wazuh.com/current/user-manual/capabilities/index.html
If you find that we don't have a feature, you can request a feature from us on github.com for our development team to review.
https://github.com/wazuh/wazuh/issues/new?assignees=&labels=&template=default.md&title=
Wazuh has many of the features that you indicate and can be integrated with many information providers to have more context of what is happening in your environment, many of these features are outside of FIM.
FIM is only to see file differences or activity related to the FileSystem.
For this, the first thing that would be good to know is what operating system it points to see which side we are oriented to.
then I recommend you check the following link to see the capacity of Wazuh. To otherwise exploit the SIEM capabilities of Wazuh.
https://documentation.wazuh.com/current/user-manual/capabilities/index.html
If you find that we don't have a feature, you can request a feature from us on github.com for our development team to review.
https://github.com/wazuh/wazuh/issues/new?assignees=&labels=&template=default.md&title=
Kashif Ali
Aug 2, 2022, 3:10:32 AM8/2/22
to Wazuh mailing list
Thank you very much for your reply
Just explaining. UBA is an anomaly detection. It looks patterns of human behavior that analyzes to detect anomalies and then to indicate the potential threats.
For example. An agent checks the email activity of user. A user sends an email to us...@yahoo.com everyday but one day a user sent email to us...@live.com, send alert. Another example, An agent checks the activity of web browser, I hit yahoo.com everyday but today i opened live.com, send alert to server.
These are just 2 examples, there are other activities too. So such support is available in Wazuh/Wazuh agent or developed further? Or to add this feature in near future?
Created issue (feature): User Behavior Analytics Support #14446 (https://github.com/wazuh/wazuh/issues/14446)
Thank you
Just explaining. UBA is an anomaly detection. It looks patterns of human behavior that analyzes to detect anomalies and then to indicate the potential threats.
For example. An agent checks the email activity of user. A user sends an email to us...@yahoo.com everyday but one day a user sent email to us...@live.com, send alert. Another example, An agent checks the activity of web browser, I hit yahoo.com everyday but today i opened live.com, send alert to server.
These are just 2 examples, there are other activities too. So such support is available in Wazuh/Wazuh agent or developed further? Or to add this feature in near future?
Created issue (feature): User Behavior Analytics Support #14446 (https://github.com/wazuh/wazuh/issues/14446)
Thank you
Reply all
Reply to author
Forward
0 new messages