Kubernetes monitoring using Wazuh
1,161 views
Skip to first unread message
Ahmed Abdelmajeed
Dec 14, 2022, 5:53:49 AM12/14/22
to Wazuh mailing list
Hello,
I'd like to know if there is possibility to monitor the K8s cluster using the Wazuh ? knowing that we are looking to monitor the Infrastructure self-managed infrastructure and Container levels.
Actually, as we see in Wazuh documentation, all examples about Container security are for Docker engine (Docker host/ Docker containers).
Thanks,
Ahmed
I'd like to know if there is possibility to monitor the K8s cluster using the Wazuh ? knowing that we are looking to monitor the Infrastructure self-managed infrastructure and Container levels.
Actually, as we see in Wazuh documentation, all examples about Container security are for Docker engine (Docker host/ Docker containers).
Thanks,
Ahmed
Nicolas Zapata
Dec 14, 2022, 6:16:40 AM12/14/22
to Wazuh mailing list
Hi Ahmed, Thanks for using Wazuh!
We recently published a new blog of this topic! Please check this Auditing Kubernetes with Wazuh
But in summary you need to follow this steps
- Create a webhook listener on the Wazuh server to receive logs from the Kubernetes cluster.
- Enable auditing on the Kubernetes cluster and configure it to forward audit logs to the Wazuh webhook listener.
- Create rules on the Wazuh server to alert about audit events received from Kubernetes.
I hope I have helped you, and do not hesitate to ask if you have questions.
Reply all
Reply to author
Forward
0 new messages