CIS Reports

383 views
Skip to first unread message

Emrah Uludag

unread,
May 29, 2023, 5:42:54 AM5/29/23
to Wazuh mailing list
Hello Community,

I need to export  CIS Benchmark report list on my wazuhserver.  Currently i'm using Wazuh v4.4.1 version. How can i export CIS report by client.Also which command can I use for API request?

PS:  I have a python script (written by moosemaimer) for Vulnerability. There is any script for CIS reports? I need passed and fail filters 

Thanks
BR

Iseoluwa Oyeniyi

unread,
May 29, 2023, 8:50:08 AM5/29/23
to Wazuh mailing list
Hi Emrah,

To export a report based on existing CIS events generated by Wazuh SCA(Security Configuration Assessment),  you can utilize the reporting feature within Wazuh dashboard. When using this feature, you will have to create a report definition which is basically the settings desired for your report. Here, you would specify your report source, a time range and report trigger be it on demand or scheduled. For the report source, there are 4 available sources to choose from namely, Dashboard, Visualization, Saved search and Notebook. A good suggestion will be to create a desired search filter specific to your needs, save this search and then use this as the source when created your report definition.
- For this use case i have created a sample query in the Discover section that filters for all existing agents and all sca scan results, the query being "agent.name: * AND data.sca.check.result: *"(you can play around this and create your own query that satisfies your needs). After you have your query, save this[img1].
- Next you can click on the menu item in the top left corner and navigate to "Reporting" under Opensearch plugins.[img2].
- Create a new report definition and select "Saved search" as your report definition"[img3].
- Now you can save the report definition and generate the specified format.[img4]

In addition, there is currently no existing script of CIS reports.

Regards,
img4.jpg
img2.jpg
img1-.jpg
img3.jpg
img5.jpg

Emrah Uludag

unread,
Jun 5, 2023, 5:21:57 PM6/5/23
to Wazuh mailing list
Dear Iseoluwa,

Thanks for help and sorry for the late answer.  I try to same as your reporting but its gave error.  How can I fix this?

chrome_DHGMJVlvrG.png

29 Mayıs 2023 Pazartesi tarihinde saat 15:50:08 UTC+3 itibarıyla Iseoluwa Oyeniyi şunları yazdı:
Reply all
Reply to author
Forward
0 new messages