Versions Compared

Old Version 4

changes.mady.by.user Daria Lebedeva

Saved on

compared with

New Version Current

changes.mady.by.user Daria Lebedeva

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Info

Cloudaware can monitor the specific criteria in your logs or IDS events, create incidents in CMDB and notify you via email. Use watcher functionality to create actions based on conditions which are periodically evaluated using queries on your data in Wazuh.

Table of Contents

Use case: you need to get alerts based on log entries from the windows event log in Wazuh, e.g. of creation of new AWS EC2 Security Groups.

...

Cloudaware Incident Webhook

Considering the state when a watcher is triggered to be an incident, we can refer to Cloudaware Incident Webhook integration. That means that every time the event is discovered by a watcher in Wazuh, a Cloudaware CloudAware incident will be created.

1. Log in to your CloudAware Cloudaware account → Admin.

...

2. Scroll down to Other integrations → CloudAware  → Cloudaware Incident Webhook. Click +Add.

...

4. Check the status of your integration:

...

Create A Watcher

1. Log in to your Wazuh application using Cloudaware Launcher. Select Management → Watcher (under ElasticSearch) → Create → Create advanced search.

...

...

Tip

...

You can contact your

...

Cloudaware dedicated account manager via tam@cloudaware.com to request a watcher based on your use case.

2. Set up a meaningful ID, Name and JSON for your watcher.

...

3. Click Create Watch.

Configure A Workflow Rule

To set up sending alerts based on CloudAware incidents Incident that will be created when a watcher is triggered, do the following:

1. Go back to your CloudAware Cloudaware account. Click Setup under your username.

...

4. Add Rule Name (1), set Evaluation Criteria(2) and Rule Criteria(3). Add Filter Logic if necessary. Click Save & Next

...

...

In this use case we set up email alerts for creation of new AWS EC2 Security Groups. Every time a new AWS EC2 Security Group is created, the watcher is triggered creating an incident in Cloudaware. The workflow rule will take into action sending the email alert.

5. Add Workflow Action → New Email Alert

...

10. Activate the workflow

...

Check

...

Creation of

...

Cloudaware Incidents in CMDB

Go to CMDB Navigator. Start typing incidents in the search bar and select CloudAware Incidents list view.

...

Email Alert Example

...