Zabbix + Prometheus for Wazuh

This page summarizes the projects mentioned and recommended in the original post on /r/zabbix
Security Compliance log-analysis vulnerability-detection Cybersecurity

InfluxDB - Power Real-Time Data Analytics at Scale
Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
www.influxdata.com
featured
SaaSHub - Software Alternatives and Reviews
SaaSHub helps you find the best software and product alternatives
www.saashub.com
featured

  • wazuh-prometheus-exporter

    Wazuh prometheus exporter

    • We are using Zabbix internally an for a well-structured monitoring and want to monitor Wazuh too. I used this Prometheus exporter to collect the metrics. In order to read the Prometheus values I am using the Zabbix documentation.

  • Wazuh

    Wazuh - The Open Source Security Platform. Unified XDR and SIEM protection for endpoints and cloud workloads.

    • # HELP python_gc_objects_collected_total Objects collected during gc # TYPE python_gc_objects_collected_total counter python_gc_objects_collected_total{generation="0"} 187.0 python_gc_objects_collected_total{generation="1"} 142.0 python_gc_objects_collected_total{generation="2"} 0.0 # HELP python_gc_objects_uncollectable_total Uncollectable object found during GC # TYPE python_gc_objects_uncollectable_total counter python_gc_objects_uncollectable_total{generation="0"} 0.0 python_gc_objects_uncollectable_total{generation="1"} 0.0 python_gc_objects_uncollectable_total{generation="2"} 0.0 # HELP python_gc_collections_total Number of times this generation was collected # TYPE python_gc_collections_total counter python_gc_collections_total{generation="0"} 71.0 python_gc_collections_total{generation="1"} 6.0 python_gc_collections_total{generation="2"} 0.0 # HELP python_info Python platform information # TYPE python_info gauge python_info{implementation="CPython",major="3",minor="6",patchlevel="8",version="3.6.8"} 1.0 # HELP process_virtual_memory_bytes Virtual memory size in bytes. # TYPE process_virtual_memory_bytes gauge process_virtual_memory_bytes 2.74837504e+08 # HELP process_resident_memory_bytes Resident memory size in bytes. # TYPE process_resident_memory_bytes gauge process_resident_memory_bytes 2.9093888e+07 # HELP process_start_time_seconds Start time of the process since unix epoch in seconds. # TYPE process_start_time_seconds gauge process_start_time_seconds 1.67869531984e+09 # HELP process_cpu_seconds_total Total user and system CPU time spent in seconds. # TYPE process_cpu_seconds_total counter process_cpu_seconds_total 0.96 # HELP process_open_fds Number of open file descriptors. # TYPE process_open_fds gauge process_open_fds 6.0 # HELP process_max_fds Maximum number of open file descriptors. # TYPE process_max_fds gauge process_max_fds 1024.0 # HELP wazuh_total_agent Total Wazuh agents count # TYPE wazuh_total_agent summary wazuh_agents_count 93.0 wazuh_agents_count 7.0 # HELP wazuh_total_group Total Wazuh groups count # TYPE wazuh_total_group summary wazuh_agents_group 2.0 wazuh_agents_group 82.0 wazuh_agents_group 18.0 wazuh_agents_group 100.0 wazuh_agents_group 82.0 wazuh_agents_group 18.0 wazuh_agents_group 0.0 wazuh_agents_group 100.0 wazuh_agents_group 6.0 wazuh_agents_group 15.0 wazuh_agents_group 1.0 wazuh_agents_group 2.0 wazuh_agents_group 29.0 wazuh_agents_group 2.0 wazuh_agents_group 10.0 wazuh_agents_group 24.0 # HELP wazuh_agent_status Total Wazuh agents by status # TYPE wazuh_agent_status summary wazuh_active_agents 96.0 wazuh_disconnected_agents 4.0 wazuh_never_connected_agents 0.0 wazuh_pending_agents 0.0 wazuh_total_agents 100.0 # HELP wazuh_agent_version_info Wazuh agent versions # TYPE wazuh_agent_version_info gauge wazuh_agent_version_info{count="92",version="Wazuh v4.3.10"} 1.0 wazuh_agent_version_info{count="8",version="Wazuh v4.3.8"} 1.0 # HELP last_registered_agent_info Wazuh last registered agent # TYPE last_registered_agent_info gauge last_registered_agent_info{wazuh_1_build="19045"} 1.0 last_registered_agent_info{wazuh_1_major="10"} 1.0 last_registered_agent_info{wazuh_1_minor="0"} 1.0 last_registered_agent_info{wazuh_1_name="Microsoft Windows 10 Pro"} 1.0 last_registered_agent_info{wazuh_1_platform="windows"} 1.0 last_registered_agent_info{wazuh_1_uname="Microsoft Windows 10 Pro"} 1.0 last_registered_agent_info{wazuh_1_version="10.0.19045"} 1.0 # HELP manager_stats_hourly_info Wazuh statistical information per hour. Each number in the averages field represents the average of alerts per hour # TYPE manager_stats_hourly_info gauge total_affected_items 1.0 total_failed_items 0.0 # HELP nodes_healthcheck_info Wazuh nodes healthcheck # TYPE nodes_healthcheck_info gauge nodes_healthcheck_info{name="wazuh-1"} 1.0 nodes_healthcheck_info{type="master"} 1.0 nodes_healthcheck_info{version="4.3.10"} 1.0 nodes_healthcheck_info{ip=""} 1.0 nodes_healthcheck_info{n_active_agents="4"} 1.0 nodes_healthcheck_info{name="wazuh-2"} 1.0 nodes_healthcheck_info{type="worker"} 1.0 nodes_healthcheck_info{version="4.3.10"} 1.0 nodes_healthcheck_info{ip=""} 1.0 nodes_healthcheck_info{n_active_agents="93"} 1.0 # HELP wazuh_api_info Wazuh API information # TYPE wazuh_api_info gauge wazuh_api_info{title="Wazuh API REST"} 1.0 wazuh_api_info{api_version="4.3.10"} 1.0 wazuh_api_info{revision="40323"} 1.0 wazuh_api_info{license_name="GPL 2.0"} 1.0 wazuh_api_info{license_url="https://github.com/wazuh/wazuh/blob/4.3/LICENSE"} 1.0 wazuh_api_info{hostname=""} 1.0 wazuh_api_info{timestamp="2023-03-13T08:36:01Z"} 1.0 # HELP manager_stats_total Wazuh statistical information for the current date # TYPE manager_stats_total summary total_alerts_hour_0 954.0 total_syscheck_hour_0 0.0 total_firewall_hour_0 0.0 total_events_hour_0 1093.0 total_alerts_hour_1 821.0 total_syscheck_hour_1 0.0 total_firewall_hour_1 0.0 total_events_hour_1 976.0 total_alerts_hour_2 798.0 total_syscheck_hour_2 0.0 total_firewall_hour_2 0.0 total_events_hour_2 933.0 total_alerts_hour_3 971.0 total_syscheck_hour_3 0.0 total_firewall_hour_3 0.0 total_events_hour_3 1110.0 total_alerts_hour_4 1100.0 total_syscheck_hour_4 2.0 total_firewall_hour_4 0.0 total_events_hour_4 1243.0 total_alerts_hour_5 831.0 total_syscheck_hour_5 0.0 total_firewall_hour_5 0.0 total_events_hour_5 980.0 total_alerts_hour_6 849.0 total_syscheck_hour_6 0.0 total_firewall_hour_6 0.0 total_events_hour_6 991.0 total_alerts_hour_7 848.0 total_syscheck_hour_7 0.0 total_firewall_hour_7 0.0 total_events_hour_7 983.0 total_alerts_hour_8 922.0 total_syscheck_hour_8 0.0 total_firewall_hour_8 0.0 total_events_hour_8 1065.0 total_alerts_hour_9 16017.0 total_syscheck_hour_9 1374.0 total_firewall_hour_9 0.0 total_events_hour_9 16163.0 # HELP manager_stats_remote Wazuh remoted statistical information # TYPE manager_stats_remote summary queue_size{manager_stats_remote="queue_size"} 0.0 total_queue_size{manager_stats_remote="total_queue_size"} 131072.0 tcp_sessions{manager_stats_remote="tcp_sessions"} 3.0 evt_count{manager_stats_remote="evt_count"} 36636.0 ctrl_msg_count{manager_stats_remote="ctrl_msg_count"} 1117.0 discarded_count{manager_stats_remote="discarded_count"} 0.0 queued_msgs{manager_stats_remote="queued_msgs"} 7086.0 recv_bytes{manager_stats_remote="recv_bytes"} 2.4331934e+07 dequeued_after_close{manager_stats_remote="dequeued_after_close"} 0.0 # HELP last_logs_info The last 2000 wazuh log entries # TYPE last_logs_info gauge last_logs_info{wazuh_authd_info="New connection from "} 1.0 # HELP analysisd_stats Wazuh analysisd statistical information # TYPE analysisd_stats summary analysisd_stats{analysisd_stats="total_events_decoded"} 5.0 analysisd_stats{analysisd_stats="syscheck_events_decoded"} 0.0 analysisd_stats{analysisd_stats="syscheck_edps"} 0.0 analysisd_stats{analysisd_stats="syscollector_events_decoded"} 0.0 analysisd_stats{analysisd_stats="syscollector_edps"} 0.0 analysisd_stats{analysisd_stats="rootcheck_events_decoded"} 0.0 analysisd_stats{analysisd_stats="rootcheck_edps"} 0.0 analysisd_stats{analysisd_stats="sca_events_decoded"} 0.0 analysisd_stats{analysisd_stats="sca_edps"} 0.0 analysisd_stats{analysisd_stats="hostinfo_events_decoded"} 0.0 analysisd_stats{analysisd_stats="hostinfo_edps"} 0.0 analysisd_stats{analysisd_stats="winevt_events_decoded"} 3.0 analysisd_stats{analysisd_stats="winevt_edps"} 0.0 analysisd_stats{analysisd_stats="dbsync_messages_dispatched"} 0.0 analysisd_stats{analysisd_stats="dbsync_mdps"} 0.0 analysisd_stats{analysisd_stats="other_events_decoded"} 2.0 analysisd_stats{analysisd_stats="other_events_edps"} 0.0 analysisd_stats{analysisd_stats="events_processed"} 5.0 analysisd_stats{analysisd_stats="events_edps"} 1.0 analysisd_stats{analysisd_stats="events_received"} 5.0 analysisd_stats{analysisd_stats="events_dropped"} 0.0 analysisd_stats{analysisd_stats="alerts_written"} 2.0 analysisd_stats{analysisd_stats="firewall_written"} 0.0 analysisd_stats{analysisd_stats="fts_written"} 0.0 analysisd_stats{analysisd_stats="syscheck_queue_usage"} 0.0 analysisd_stats{analysisd_stats="syscheck_queue_size"} 16384.0 analysisd_stats{analysisd_stats="syscollector_queue_usage"} 0.0 analysisd_stats{analysisd_stats="syscollector_queue_size"} 16384.0 analysisd_stats{analysisd_stats="rootcheck_queue_usage"} 0.0 analysisd_stats{analysisd_stats="rootcheck_queue_size"} 16384.0 analysisd_stats{analysisd_stats="sca_queue_usage"} 0.0 analysisd_stats{analysisd_stats="sca_queue_size"} 16384.0 analysisd_stats{analysisd_stats="sca_queue_size"} 16384.0 analysisd_stats{analysisd_stats="hostinfo_queue_usage"} 0.0 analysisd_stats{analysisd_stats="hostinfo_queue_size"} 16384.0 analysisd_stats{analysisd_stats="winevt_queue_usage"} 0.0 analysisd_stats{analysisd_stats="dbsync_queue_usage"} 0.0 analysisd_stats{analysisd_stats="dbsync_queue_size"} 16384.0 analysisd_stats{analysisd_stats="upgrade_queue_usage"} 0.0 analysisd_stats{analysisd_stats="upgrade_queue_size"} 16384.0 analysisd_stats{analysisd_stats="event_queue_usage"} 0.0 analysisd_stats{analysisd_stats="event_queue_size"} 16384.0 analysisd_stats{analysisd_stats="rule_matching_queue_usage"} 0.0 analysisd_stats{analysisd_stats="rule_matching_queue_size"} 16384.0 analysisd_stats{analysisd_stats="alerts_queue_usage"} 0.0 analysisd_stats{analysisd_stats="alerts_queue_size"} 16384.0 analysisd_stats{analysisd_stats="firewall_queue_usage"} 0.0 analysisd_stats{analysisd_stats="statistical_queue_usage"} 0.0 analysisd_stats{analysisd_stats="statistical_queue_size"} 16384.0 analysisd_stats{analysisd_stats="archives_queue_usage"} 0.0 analysisd_stats{analysisd_stats="archives_queue_size"} 16384.0 # HELP wazuh_validate_configuration_info Return whether the Wazuh configuration is correct # TYPE wazuh_validate_configuration_info gauge wazuh_validate_configuration_info{node_name="wazuh-1",status="OK"} 1.0

  • InfluxDB

    Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.

    InfluxDB logo
NOTE: The number of mentions on this list indicates mentions on common posts plus user suggested alternatives. Hence, a higher number means a more popular project.

Suggest a related project

Related posts

  • Exclude certain CIS (sca) rules from agents

    1 project | /r/Wazuh | 11 Dec 2023

  • Deployment issue

    1 project | /r/Wazuh | 11 Dec 2023

  • Greenbone

    1 project | /r/ITProTuesday | 8 Dec 2023

  • Update vulnerability databases through proxy with authentication

    3 projects | /r/Wazuh | 7 Dec 2023

  • 💻 Introducing Wazuh 4.7.0.

    1 project | /r/Wazuh | 6 Dec 2023