brandon/oam
1
0
Fork 0
mirror of https://gitea.com/mcereda/oam.git synced 2026-02-08 21:34:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

chore(kb): improve articles about wazuh

Browse Source
This commit is contained in:
Michele Cereda
2024-05-24 17:56:25 +02:00
parent d1bd448b60
commit 471fb307db
6 changed files with 87 additions and 62 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
.vscode/settings.json vendored
View File

@@ -255,6 +255,7 @@
"sdkman", "sdkman",
"setfacl", "setfacl",
"setfattr", "setfattr",
"siem",
"slurm", "slurm",
"spiffe", "spiffe",
"sshfs", "sshfs",
@@ -290,6 +291,7 @@
"userspace", "userspace",
"vaultwarden", "vaultwarden",
"venv", "venv",
"wazuh",
"whalebrew", "whalebrew",
"winget", "winget",
"wlan", "wlan",

2
knowledge base/acronyms and abbreviations.md
View File

@@ -78,6 +78,7 @@
| RPM | RPM Package Manager | Package management system used by Linux distributions like Red Hat, (open)SuSE and Fedora | | RPM | RPM Package Manager | Package management system used by Linux distributions like Red Hat, (open)SuSE and Fedora |
| SAFE | Scaled Agile FramEwork | | | SAFE | Scaled Agile FramEwork | |
| SBOM | Software Bill Of Materials | See [SBOM at a Glance] | | SBOM | Software Bill Of Materials | See [SBOM at a Glance] |
| SIEM | [Security Information and Event Management)][siem] | |
| SOPS | Secrets OPerationS | | | SOPS | Secrets OPerationS | |
| SPIFFE | Secure Production Identity Framework for Everyone | | | SPIFFE | Secure Production Identity Framework for Everyone | |
| SQL | Structured Query Language | | | SQL | Structured Query Language | |
@@ -131,6 +132,7 @@
[fish]: fish.md [fish]: fish.md
[iac]: iac.md [iac]: iac.md
[kubernetes]: kubernetes/README.md [kubernetes]: kubernetes/README.md
[siem]: siem.md
[ssh]: ssh.md [ssh]: ssh.md
[sssd]: sssd.md [sssd]: sssd.md
[terraform enterprise]: terraform%20enterprise.md [terraform enterprise]: terraform%20enterprise.md

17
knowledge base/siem.md
View File

@@ -1,30 +1,19 @@
# Security information and event management # Security information and event management
## Table of contents <!-- omit in toc -->
1. [TL;DR](#tldr)
1. [Further readings](#further-readings) 1. [Further readings](#further-readings)
1. [Sources](#sources)
## TL;DR
## Further readings ## Further readings
- [Wazuh] - [Wazuh]
## Sources
All the references in the [further readings] section, plus the following:
<!-- <!--
References Reference
═╬═Time══
--> -->
<!-- Upstream --> <!-- Upstream -->
<!-- In-article sections --> <!-- In-article sections -->
[further readings]: #further-readings
<!-- Knowledge base --> <!-- Knowledge base -->
<!-- Files --> <!-- Files -->
<!-- Others --> <!-- Others -->
[wazuh]: https://wazuh.com/ [wazuh]: wazuh/README.md

48
knowledge base/wazuh.md
View File

@@ -1,48 +0,0 @@
# Wazuh
Open source security platform.
1. [TL;DR](#tldr)
1. [Further readings](#further-readings)
1. [Sources](#sources)
## TL;DR
<!-- Uncomment if needed
<details>
<summary>Installation and configuration</summary>
</details>
-->
<!-- Uncomment if needed
<details>
<summary>Usage</summary>
</details>
-->
<!-- Uncomment if needed
<details>
<summary>Real world use cases</summary>
</details>
-->
## Further readings
- [Website]
- [Github]
### Sources
<!--
Reference
═╬═Time══
-->
<!-- In-article sections -->
<!-- Knowledge base -->
<!-- Files -->
<!-- Upstream -->
[github]: https://github.com/wazuh/wazuh
[website]: https://wazuh.com/
<!-- Others -->

80
knowledge base/wazuh/README.md Normal file
View File

@@ -0,0 +1,80 @@
# Wazuh
Open source security platform.<br/>
Provides unified XDR and SIEM protection for endpoints and cloud workloads.
1. [Components](#components)
1. [Indexer](#indexer)
1. [Server](#server)
1. [Dashboard](#dashboard)
1. [Agent](#agent)
1. [Further readings](#further-readings)
1. [Sources](#sources)
## Components
| Component | Type | Description |
| --------- | -------- | ------------------------------------------------------------------------------------------------------------------------------------------------------ |
| Indexer | Central | Full-text search and analytics engine.<br/>Indexes and stores alerts generated by the server. |
| Server | Central | Analyzes data received from the agents.<br/>Can set up in a cluster.<br/>Manages the agents. |
| Dashboard | Central | Web UI for data visualization and analysis.<br/>Used to configure and monitor Wazuh. |
| Agent | Endpoint | Installed on monitored endpoints (i.e.: laptops, servers, cloud instances, virtual machines).<br/>Used for threat prevention, detection, and response. |
Wazuh can also monitor agent-less devices (e.g: firewalls, switches, routers) via Syslog, SSH or APIs.
![components and data flow](components%20and%20data%20flow.png)
### Indexer
Stores data as JSON documents.
_Indexes_ are collections of documents related to each other.<br/>
The stored documents are distributed across multiple different _shards_.<br/>
Shards are distributed on multiple nodes for redundancy.
Different indices store different event types.
| Index | Content | Notes |
| ------------------ | -------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------- |
| `wazuh-alerts` | Alerts generated by the server | Created each time an event trips a rule with a high enough priority. |
| `wazuharchives` | Events received by the server | Created whether or not events trip a rule. |
| `wazuhmonitoring` | Data related to the agent's status over time | Used by the web interface to show when individual agents are or have been _active_, _disconnected_, or _never connected_. |
| `wazuhstatistics` | Data related to the server's performance | Used by the web interface to show performance statistics. |
One can interact with the indexer cluster using its REST API.
### Server
TODO
### Dashboard
TODO
### Agent
TODO
## Further readings
- [Website]
- [Github]
### Sources
- [Documentation]
<!--
Reference
═╬═Time══
-->
<!-- In-article sections -->
<!-- Knowledge base -->
<!-- Files -->
<!-- Upstream -->
[documentation]: https://documentation.wazuh.com/current/
[github]: https://github.com/wazuh/wazuh
[website]: https://wazuh.com/
<!-- Others -->

BIN
knowledge base/wazuh/components and data flow.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 101 KiB