| Info |
|---|
Wazuh is Cloudaware HIDS application built on Kibana platform. The Breeze agent needs to be installed before access to Wazuh is provided in Cloudaware Launcher. |
...
2. Click Add a filter and select a field, an operator and a value manually. Click Save.
...
Hover the mouse on the filter to view additional options:
...
. You can disable filter(1), pin filter(2), exclude matches(3), remove filter(4) or edit filter(5).
change to NOT by clicking the minus sign. After choosing NOT filter you will be able to view everything, except for the chosen criteria.
You can filter your date easily by clicking ‘plus’ or ‘minus’ signs near the string. For example, you can view all the events connected to the concrete rule ID:
Adding filters manually : in the left corner click ‘add filter’, fill in parameters and save.
You can easily disable the filter by unchecking the checkbox sign.:
...
File Integrity Monitoring (FIM)
...
Under the tab 'Overview' locate the section 'Security Information Management'. Select Integrity Monitoring to review important changes that occur on hosts specifically.
...
FIM keeps track of everything relevant and critical to the operating system (config files, binaries, patch installation, software upgrade, etc) monitoring events in real time - the data can not be deleted or adjusted.
For example, zoom into the data about a specific machine. Add a filter ‘agent.name is ’ and choose the machine ID (you can get and copy the id from the CMDB). You will be able to view all the events that occurred with this particular host.
Raw Data UI
Go to the tab 'Discover' to open events row data for a more profound investigation.
...
Scroll down to select the event in question. Click the triangle'arrow' sign to expand the details.:
...
Click the 'open book' sign and this string will be near a string to have it added as a column in a table mode. By clicking the 'X’ sign you can remove it from your table.You can also zoom into a specific time period. On the time diagram mark the period by left-clicking the mouse and holding it. You can zoom into a whatever :
...
Click on a trend chart to zoom into any specific time period you want would like to investigate, even to a few seconds period.If you want to
...
To undo zooming, go to the time picker in the upper right corner, click on ‘quick’ the tab 'Quick' and select the time period you need.
In this raw data UI you can also add filters by clicking zoom in and out signs or add them manually as mentioned above.
Agents
Go to the tab 'Agents' to view the summary about IDS agents in place, their versions, who is connected, what platforms you have, etcin question.