Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Reporting revamp #164

Open
1 of 4 tasks
havidarou opened this issue Apr 11, 2024 · 0 comments
Open
1 of 4 tasks

Reporting revamp #164

havidarou opened this issue Apr 11, 2024 · 0 comments
Assignees
@asteriscos
Labels
level/objective type/enhancement New feature or request

Comments

@havidarou
Copy link
Member

havidarou commented Apr 11, 2024
edited by asteriscos
Loading

Description

Wazuh has multiple reporting systems depending on the source of the information:

  • Wazuh manager API.
  • Wazuh indexer API.

This issue aims to unify all Wazuh reporting capabilities. Our initial approach will be to leverage the OpenSearch reporting and notifications plugins.

Wazuh status and metrics

We want to generate reports about servers and indexers. These reports will include statistics about the workload of Wazuh over time, the availability of the services and modules, etc.

These reports should help users manage the system's health, plan the system's capacity, and analyze the system's performance.

Security threats

We want to generate reports about the environment's security threats and posture. This should include at least:

  • SCA.
  • File integrity monitoring.
  • Inventory.
  • Threat intelligence.
  • Compliance and audit.
  • Vulnerability detection.

Custom reports

Users will be able to create personalized reports based on any information available in the indexer.

Functional requirements

  • All Wazuh XDR/SIEM output spawns from the Wazuh indexer.
  • Reports are generated in PDF.
  • Reports can be sent via email at scheduled intervals.
  • Reports can be downloaded on demand.
  • A user can list all available reports from one place, depending on the Wazuh indexer RBAC permissions.
  • A user can create/edit/delete custom reports from one place, depending on the Wazuh indexer RBAC permissions.
  • Threat detection and posture status will be regularly sent to users via email based on Wazuh dashboard initial startup configuration.

Non-functional requirements

  • The reporting system must ease container deployment scenarios.

Implementation restrictions

  • Use the existing OpenSearch reporting and notifications plugins as much as possible.

Plan

Spike

MVP ETA 09/26/2024

Checkpoint

Feature complete

Acceptance test
@AlexRuiz7 AlexRuiz7 mentioned this issue May 15, 2024
Closed
@Selutario Selutario mentioned this issue Jun 19, 2024
Closed
@Dwordcito Dwordcito mentioned this issue Jun 26, 2024
Closed
3 tasks
@Rebits Rebits mentioned this issue Jul 25, 2024
Open
This was referenced Jul 8, 2024
Closed
Closed
@fdalmaup fdalmaup mentioned this issue Aug 20, 2024
Open
8 tasks
This was referenced Sep 3, 2024
Open
Closed
This was referenced Sep 9, 2024
Closed
Closed
Closed
Closed
Closed
Closed
Closed
Closed
Closed
Closed
@asteriscos asteriscos mentioned this issue Sep 18, 2024
Open
This was referenced Oct 2, 2024
Closed
Open
@yenienserrano yenienserrano mentioned this issue Oct 9, 2024
Closed
1 task
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@asteriscos asteriscos

Labels
level/objective type/enhancement New feature or request
Projects
Release 5.0.0
Status: On hold
Roadmap
Status: In progress
Milestone
No milestone
Development

No branches or pull requests
2 participants
@havidarou @asteriscos