..."producer": "k8s.io" }, "protoPayload": { "@type": "type.googleapis.com/google.cloud.audit.AuditLog", "authenticationInfo": { "principalEmail": "javier.castro@wazuh.com" }, "authorizationInfo": [{ "granted": true, "permission": "io.k8s.core.v1.pods.list", "resource": "core/v1/namespaces/default/pods" }], "methodName": "io.k8s.core.v1.pods.list", "requestMetadata": { "callerIp": "sanitized", "callerSuppliedUserAgent": "GoogleCloudConsole" },...
..."Workload": "AzureActiveDirectory", "IntraSystemId": "sanitized", "RecordType": "15", "Version": "1", "UserId": "javier@wazuh.com", "TargetContextId": "sanitized", "CreationTime": "2020-03-19T16:48:02", "Id": "sanitized", "InterSystemsId": "sanitized", "ApplicationId": "sanitized", "UserType": "0", "ActorContextId": "sanitized" } }, "rule": { "firedtimes": 116,...
Lately, not only the tech and related communities, but also pretty much everyone else has heard of GDPR, the new standards for security compliance. GDPR (General Data Protection Regulation) has...
When you use Wazuh’s default configuration for the Elastic Stack (by following the installation guide) alerts are indexed in elasticsearch with the following naming convention: wazuh-alerts-3.x-YYYY.MM.dd This means you are...
The goal of this article is to explain how to set up a basic configuration of FIM (File Integrity Monitoring) using the syscheck component in OSSEC. After that, we will check...
In some environments the hardest part of the deployment process is the installation of OSSEC on Windows endpoints. Wazuh has created a tool to install, register and connect Windows agents using...
Windows Event Channel monitoring in OSSEC is the modern version of Event Log, and unlike this, Event Channel allows you to make queries in order to filter events. In this case...
Please make sure that all words are spelled correctly.