wazuh-dashboard-plugins
wazuh-docker
wazuh-dashboard-plugins | wazuh-docker | |
---|---|---|
6 | 4 | |
389 | 577 | |
3.1% | 4.0% | |
9.8 | 9.0 | |
8 days ago | 8 days ago | |
TypeScript | Shell | |
GNU General Public License v3.0 only | GNU General Public License v3.0 or later |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
wazuh-dashboard-plugins
-
SCA module
By the way, is there any way to initiate a force scan whenever we want without having to modify the configuration file for the time interval? According to this link "https://github.com/wazuh/wazuh-kibana-app/issues/3878," there is supposedly a button to force a specific agent to perform a scan. However, I'm using version 4.4.5 and I don't have access to that functionality.
-
Vulnerability overview
I see from https://github.com/wazuh/wazuh-kibana-app/issues/4431 maybe there used to be but it was removed - perhaps there is another solution for now?
- wazuh on existingkibana
-
Wazuh 4.3.x with Elastic Stack Premium license
I learned that Wazuh Dashboard is actually a “Kibana plugin”, and based on the compatibility matrix, in theory this should work:
- Wazuh Vulnerabilities Dashboard missing
-
Is it possible to include this field by default on saved filters and queries? I have saved a new filter including this field then i have saved the query and selected the option to include filters, but if i refresh the field data.srcip is not included anymore. How can i include data.srcip by default?
Our recommended way to do what you want requires to build Kibana from source code. So, to change the default "Selected Fields" you must modify the "events-selected-field.js" file in the wazuh-kibana-app: https://github.com/wazuh/wazuh-kibana-app/blob/master/public/components/common/modules/events-selected-fields.js and then you have to build and re-install it
wazuh-docker
-
Wazuh Docker Single Node. 500 error after changing admin password
Now based on my reading of https://github.com/wazuh/wazuh-docker/issues/775This is means i should enter the indexer container and run securityadmin after setting the environment variables specified in the docs....I did this. The command completes successfully with no errors.
-
No config sync when using cluster?
Greetings, for an implementation with ansible we do not have official documentation, however we can recommend an implementation with docker, here the guide https://github.com/wazuh/wazuh-docker
-
Wazuh and ELK
I mean, you could set it up as a container too - although I'm sure someone has already done this for you - for example, Wazuh themselves at https://github.com/wazuh/wazuh-docker
-
Can Wazuh be installed along side of Graylog in the same system?
I think you can install a Wazuh + ELK stack docker https://github.com/wazuh/wazuh-docker. Changing the ports by docker proxy. It will be safe
What are some alternatives?
Wazuh - Wazuh - The Open Source Security Platform. Unified XDR and SIEM protection for endpoints and cloud workloads.
wazuh-ansible - Wazuh - Ansible playbook
lunasec - LunaSec - Dependency Security Scanner that automatically notifies you about vulnerabilities like Log4Shell or node-ipc in your Pull Requests and Builds. Protect yourself in 30 seconds with the LunaTrace GitHub App: https://github.com/marketplace/lunatrace-by-lunasec/
OSSEC - OSSEC is an Open Source Host-based Intrusion Detection System that performs log analysis, file integrity checking, policy monitoring, rootkit detection, real-time alerting and active response.
RedELK - Red Team's SIEM - tool for Red Teams used for tracking and alarming about Blue Team activities as well as better usability in long term operations.
boiler_plates - Docker Compose Boilerplates
openscap - NIST Certified SCAP 1.2 toolkit
docker-github-actions-runner - This will run the new self-hosted github actions runners with docker-in-docker
Fail2Ban - Daemon to ban hosts that cause multiple authentication errors
wazuh-kubernetes - Wazuh - Wazuh Kubernetes
sysmon - Sysmon and wazuh integration with Sigma sysmon rules [updated]
lynis - Lynis - Security auditing tool for Linux, macOS, and UNIX-based systems. Assists with compliance testing (HIPAA/ISO27001/PCI DSS) and system hardening. Agentless, and installation optional.