.github/ISSUE_TEMPLATE | ||
public | ||
server | ||
test | ||
util | ||
.eslintignore | ||
.eslintrc.json | ||
.gitignore | ||
.i18nrc.json | ||
.kibana-plugin-helpers.json | ||
.tslint.yml | ||
.yarnignore | ||
CHANGELOG.md | ||
index.js | ||
init.js | ||
LICENSE | ||
package.json | ||
README.md | ||
STYLEGUIDE.md | ||
tsconfig.json |
Wazuh Kibana App
Wazuh is a security detection, visibility, and compliance open source project. It was born as a fork of OSSEC HIDS, and then it was integrated with Elastic Stack and OpenSCAP evolving into a more comprehensive solution. You can learn more about it here wazuh.com
Description
Visualize and analyze Wazuh alerts stored in Elasticsearch using our Kibana app plugin.
- Obtain statistics per agent, search alerts and filter by using the different visualizations.
- View the Wazuh manager configuration.
- File integrity monitoring.
- Scan your assets as part of a configuration assessment audit.
- Verify that your systems are configured according to your security policies baseline with police monitoring module.
Documentation
Branches
stable
corresponds to the latest Wazuh app stable version.master
branch contains the latest code, be aware of possible bugs on this branch.
Requisites
- Wazuh HIDS 3.13.0
- Wazuh RESTful API 3.13.0
- Kibana 7.8.0
- Elasticsearch 7.8.0
Installation
Install the Wazuh app plugin for Kibana
cd /usr/share/kibana
sudo -u kibana bin/kibana-plugin install https://packages.wazuh.com/wazuhapp/wazuhapp-3.13.0_7.7.1.zip
Restart Kibana
- Systemd:
systemctl restart kibana
- SysV Init:
service kibana restart
Upgrade
Note: Since Wazuh 3.12.0 release (regardless of the Elastic Stack version) the location of the wazuh.yml has been moved from /usr/share/kibana/plugins/wazuh/wazuh.yml
to /usr/share/kibana/optimize/wazuh/config/wazuh.yml
.
Stop Kibana
- Systemd:
systemctl stop kibana
- SysV Init:
service kibana stop
Copy the wazuh.yml
to its new location. (Only needed for upgrades from 3.11.x to 3.12.y)
mkdir -p /usr/share/kibana/optimize/wazuh/config
cp /usr/share/kibana/plugins/wazuh/wazuh.yml /usr/share/kibana/optimize/wazuh/config/wazuh.yml
Remove the Wazuh app using the kibana-plugin tool
cd /usr/share/kibana/
sudo -u kibana bin/kibana-plugin remove wazuh
Remove generated bundles
rm -rf /usr/share/kibana/optimize/bundles
Update file permissions. This will prevent errors when generating new bundles or updating the app:
chown -R kibana:kibana /usr/share/kibana/optimize
chown -R kibana:kibana /usr/share/kibana/plugins
Install the Wazuh app
cd /usr/share/kibana/
sudo -u kibana bin/kibana-plugin install https://packages.wazuh.com/wazuhapp/wazuhapp-3.13.0_7.7.1.zip
Update configuration file permissions.
sudo chown kibana:kibana /usr/share/kibana/optimize/wazuh/config/wazuh.yml
sudo chmod 600 /usr/share/kibana/optimize/wazuh/config/wazuh.yml
Restart Kibana
- Systemd:
systemctl restart kibana
- SysV Init:
service kibana restart
Wazuh - Kibana - Open Distro version compatibility matrix
Contribute
If you want to contribute to our project please don't hesitate to send a pull request. You can also join our users mailing list, by sending an email to wazuh+subscribe@googlegroups.com, to ask questions and participate in discussions.
Software and libraries used
Copyright & License
Copyright © 2020 Wazuh, Inc.
This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.
Find more information about this on the LICENSE file.