Reports of wazuh 3.13. 2

Karthikraja Anandhan

unread,

Dec 24, 2020, 7:04:22 AM12/24/20

to wa...@googlegroups.com

Hi,

Can someone please explain in detail about the possible ways of generating the reports from wazuh 3.13.2 along with the watermark of wazuh .

Note: Expect the following ways:

1.Generate report option present in all the modules in pdf file format.

2.Generating reports from kibana visualisation in excel & csv file format by adding individual bucket lists.

--

With Regards,

Franco Hielpos

unread,

Dec 28, 2020, 2:23:11 PM12/28/20

to Wazuh mailing list

Hello,

You can generate PDF reports within the Wazuh App from the Wazuh dashboards. You simply need to go to the desired dashboard and select the "Generate Report" in the top left:

This reports will be generated and will be accesible from "Management" -> "Reporting"

More information about Wazuh reporting can be found here:

https://documentation.wazuh.com/3.13/user-manual/kibana-app/features/reporting.html

Regarding CSV reports, it depends on whether you are using Elasticsearch or OpenDistro:

If you are using Elasticsearch with XPACK:

You can create reports from the Discover section:

Here, select the wazuh-alerts index and then you can create a query that fits your needs and then share it as the format you need:

More information about XPACK reporting:

https://www.elastic.co/guide/en/kibana/current/reporting-getting-started.html

If you are using OpenDistro:

Here, as you mentioned, you should use Visualizations by going to the Visualize section of Kibana and creating a new visualization based on your needs.

Once you have your visualization, you can go to the inspect button on the top left and select Download as CSV.

Another option is to use SQL workbench:

Here you can make a query with SQL as follows:

SELECT * FROM wazuh-alerts-* WHERE @timestamp >='2020-12-01';

This would bring all the fields from the alerts from "2020-12-01", modifying the SELECT section with the fields you want could achieve better results than a visualization.