Hi, the dashboards we have created can be found here:
https://github.com/wazuh/ossec-wazuh/tree/master/extensions/kibana Regarding the rules, here is the repo: https://github.com/wazuh/ossec-rules When the rule is related to a PCI control, that information is included in the groups section, for example: <rule id="18106" level="5"> <if_sid>18105</if_sid> <id>^529$|^530$|^531$|^532$|^533$|^534$|^535$|^536$|^537$|^539$|^4625$ </id> <description>Windows Logon Failure.</description> <group>win_authentication_failed,pci_dss_10.2.4,pci_dss_10.2.5,</group> </rule> This, combined with the modified json output, allow us to create the dashboards for PCI in Kibana. On the other hand we are about to publish rules/decoders for Amazon AWS (in case you happen to use it), you can already see the work we are doing in the development branch. Best On Tue, Jan 5, 2016 at 7:13 AM, <[email protected]> wrote: > I took a look and it looks great, but I was wondering if you had any > customized dashboards or favorite OSSEC rules to share? > > Thanks for all the great work. > > > > On Tuesday, December 22, 2015 at 10:44:07 PM UTC-5, Santiago Bassett wrote: >> >> Hi, >> >> in case you are interested, we have done some work integrating OSSEC with >> ELK (specially for those using them to be compliant with PCI DSS, not sure >> if this is the case), including the creation of Kibana dashboards. >> >> We have also created a RESTful API for OSSEC that we plan to use with new >> Kibana plugins functionality (added in version 4.2), to be able to >> monitor/control your OSSEC deployments from Kibana (e.g agent status, >> syscheck or rootcheck settings, agent keys, loaded rules...) >> >> See more info in our website at: >> http://documentation.wazuh.com/en/latest/ossec_elk.html >> >> Best regards, >> >> Santiago. >> >> On Thu, Dec 17, 2015 at 8:24 AM, <[email protected]> wrote: >> >>> I've been tasked with tuning OSSEC. >>> >>> I've wondering if there is a general guideline or process. We have OSSEC >>> feeding into ELK stack. What are folks thoughts on tuning vs. coming up >>> with better Kibana hunting searches? >>> >>> Thanks! >>> >>> -- >>> >>> --- >>> You received this message because you are subscribed to the Google >>> Groups "ossec-list" group. >>> To unsubscribe from this group and stop receiving emails from it, send >>> an email to [email protected]. >>> For more options, visit https://groups.google.com/d/optout. >>> >> >> -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/d/optout. > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
