Hi, in case you are interested, we have done some work integrating OSSEC with ELK (specially for those using them to be compliant with PCI DSS, not sure if this is the case), including the creation of Kibana dashboards.
We have also created a RESTful API for OSSEC that we plan to use with new Kibana plugins functionality (added in version 4.2), to be able to monitor/control your OSSEC deployments from Kibana (e.g agent status, syscheck or rootcheck settings, agent keys, loaded rules...) See more info in our website at: http://documentation.wazuh.com/en/latest/ossec_elk.html Best regards, Santiago. On Thu, Dec 17, 2015 at 8:24 AM, <[email protected]> wrote: > I've been tasked with tuning OSSEC. > > I've wondering if there is a general guideline or process. We have OSSEC > feeding into ELK stack. What are folks thoughts on tuning vs. coming up > with better Kibana hunting searches? > > Thanks! > > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/d/optout. > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
