From 628f79670f63cb7e3147c7ea6db98c9d630af8a9 Mon Sep 17 00:00:00 2001 From: Javier Medeot Date: Tue, 4 Jul 2023 17:57:27 -0300 Subject: [PATCH 01/10] =?UTF-8?q?{=E1=BA=82iP}=20Move=20cloud=20security?= =?UTF-8?q?=20sources?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- source/{ => cloud-security}/amazon/index.rst | 0 .../{ => cloud-security}/amazon/instances.rst | 0 .../amazon/services/index.rst | 2 +- .../services/prerequisites/S3-bucket.rst | 6 +- .../services/prerequisites/considerations.rst | 0 .../services/prerequisites/credentials.rst | 22 +++---- .../services/prerequisites/dependencies.rst | 0 .../amazon/services/prerequisites/index.rst | 0 .../supported-services/cisco-umbrella.rst | 0 .../supported-services/cloudtrail.rst | 48 ++++++++-------- .../supported-services/cloudwatchlogs.rst | 2 +- .../services/supported-services/config.rst | 12 ++-- .../supported-services/ecr-image-scanning.rst | 12 ++-- .../elastic-load-balancing/alb.rst | 8 +-- .../elastic-load-balancing/clb.rst | 8 +-- .../elastic-load-balancing/index.rst | 0 .../elastic-load-balancing/nlb.rst | 8 +-- .../services/supported-services/guardduty.rst | 54 +++++++++--------- .../services/supported-services/index.rst | 0 .../services/supported-services/inspector.rst | 14 ++--- .../services/supported-services/kms.rst | 28 ++++----- .../services/supported-services/macie.rst | 30 +++++----- .../supported-services/security-lake.rst | 0 .../supported-services/server-access.rst | 12 ++-- .../supported-services/trusted-advisor.rst | 42 +++++++------- .../services/supported-services/vpc.rst | 16 +++--- .../services/supported-services/waf.rst | 28 ++++----- .../amazon/services/troubleshooting.rst | 0 .../active-directory/graph.rst | 26 ++++----- .../active-directory/index.rst | 4 +- .../azure/activity-services/index.rst | 0 .../prerequisites/considerations.rst | 0 .../prerequisites/credentials.rst | 10 ++-- .../prerequisites/dependencies.rst | 0 .../activity-services/prerequisites/index.rst | 0 .../activity-services/services/index.rst | 2 +- .../services/log-analytics.rst | 34 +++++------ .../activity-services/services/storage.rst | 18 +++--- source/{ => cloud-security}/azure/index.rst | 0 .../azure/monitoring-instances.rst | 0 source/{ => cloud-security}/gcp/index.rst | 6 +- .../gcp/prerequisites/considerations.rst | 0 .../gcp/prerequisites/credentials.rst | 2 +- .../gcp/prerequisites/dependencies.rst | 0 .../gcp/prerequisites/index.rst | 0 .../gcp/prerequisites/pubsub.rst | 6 +- .../gcp/supported-services/access_logs.rst | 0 .../supported-services/cloud_audit_logs.rst | 14 ++--- .../gcp/supported-services/dns_queries.rst | 14 ++--- .../gcp/supported-services/firewall.rst | 2 +- .../gcp/supported-services/index.rst | 0 .../gcp/supported-services/load_balancing.rst | 2 +- .../gcp/supported-services/vpc_flow.rst | 2 +- source/{ => cloud-security}/github/index.rst | 0 .../github/monitoring-github-activity.rst | 0 source/{ => cloud-security}/monitoring.rst | 0 .../{ => cloud-security}/office365/index.rst | 0 .../monitoring-office365-activity.rst | 14 ++--- .../use-cases/cloud-security.rst | 30 +++++----- .../aws/aws-cloudtrail-1.png | Bin .../aws/aws-cloudtrail-2.png | Bin .../aws/aws-cloudtrail-3.png | Bin .../aws/aws-create-completed.png | Bin .../aws/aws-create-config-1.png | Bin .../aws/aws-create-elb-1.png | Bin .../aws/aws-create-elb-2.png | Bin .../aws/aws-create-firehose-1.png | Bin .../aws/aws-create-firehose-10.png | Bin .../aws/aws-create-firehose-11.png | Bin .../aws/aws-create-firehose-12.png | Bin .../aws/aws-create-firehose-13.png | Bin .../aws/aws-create-firehose-14.png | Bin .../aws/aws-create-firehose-15.png | Bin .../aws/aws-create-firehose-2.png | Bin .../aws/aws-create-firehose-3.png | Bin .../aws/aws-create-firehose-4.1.png | Bin .../aws/aws-create-firehose-4.png | Bin .../aws/aws-create-firehose-5.png | Bin .../aws/aws-create-firehose-6.png | Bin .../aws/aws-create-firehose-7.png | Bin .../aws/aws-create-firehose-8.png | Bin .../aws/aws-create-firehose-9.png | Bin .../aws/aws-create-role-1.png | Bin .../aws/aws-create-role-10.png | Bin .../aws/aws-create-role-2.png | Bin .../aws/aws-create-role-4.png | Bin .../aws/aws-create-role-5.png | Bin .../aws/aws-create-role-6.png | Bin .../aws/aws-create-role-7.png | Bin .../aws/aws-create-role-8.png | Bin .../aws/aws-create-role-9.png | Bin .../aws/aws-create-stack.png | Bin .../aws/aws-create-vpc-1.png | Bin .../aws/aws-create-vpc-2.png | Bin .../aws/aws-create-vpc-3.png | Bin .../{ => cloud-security}/aws/aws-ec2-1.png | Bin .../{ => cloud-security}/aws/aws-ec2-2.png | Bin .../{ => cloud-security}/aws/aws-ec2-3.png | Bin .../{ => cloud-security}/aws/aws-ec2-4.png | Bin .../{ => cloud-security}/aws/aws-ec2-5.png | Bin .../{ => cloud-security}/aws/aws-ec2-6.png | Bin .../{ => cloud-security}/aws/aws-ec2-7.png | Bin .../{ => cloud-security}/aws/aws-ec2-8.png | Bin .../{ => cloud-security}/aws/aws-ec2-9.png | Bin .../aws/aws-ec2-guardduty.png | Bin .../aws/aws-ec2-guardduty2.png | Bin .../aws/aws-ec2-guardduty3.png | Bin .../aws/aws-ec2-guardduty4.png | Bin .../aws/aws-ec2-guardduty5.png | Bin .../aws/aws-ec2-guardduty6.png | Bin .../aws/aws-ec2-pannels-1.png | Bin .../aws/aws-ec2-pannels-2.png | Bin .../aws/aws-findings-1.png | Bin .../aws/aws-findings-2.png | Bin .../aws/aws-iam-pannels-1.png | Bin .../aws/aws-iam-pannels-2.png | Bin .../aws/aws-inspector-advanced-setup.png | Bin .../aws/aws-inspector-assessment-target.png | Bin .../aws/aws-inspector-assessment-template.png | Bin .../aws/aws-inspector-get-started.png | Bin .../aws/aws-inspector-overview.png | Bin .../aws/aws-inspector-review.png | Bin .../aws/aws-inspector-side-menu.png | Bin .../{ => cloud-security}/aws/aws-login-1.png | Bin .../{ => cloud-security}/aws/aws-login-2.png | Bin .../{ => cloud-security}/aws/aws-login-3.png | Bin .../{ => cloud-security}/aws/aws-login-4.png | Bin .../{ => cloud-security}/aws/aws-login-5.png | Bin .../{ => cloud-security}/aws/aws-s3-1.png | Bin .../aws/aws-server-access-1.png | Bin .../aws/aws-server-access-2.png | Bin .../aws/aws-server-access-3.png | Bin .../aws/aws-server-access-4.png | Bin .../aws/aws-server-access-5.png | Bin .../aws/aws-summary-user.png | Bin .../{ => cloud-security}/aws/aws-user.png | Bin .../{ => cloud-security}/aws/aws-vpc-1.png | Bin .../{ => cloud-security}/aws/aws-vpc-2.png | Bin .../{ => cloud-security}/aws/aws-vpc-3.png | Bin .../aws/trusted-advisor-1.png | Bin .../aws/trusted-advisor-2.png | Bin .../aws/trusted-advisor.png | Bin .../aws/trusted-eventbridge-1.png | Bin .../aws/trusted-eventbridge-2.png | Bin .../aws/trusted-eventbridge-3.png | Bin .../aws/trusted-eventbridge-4.png | Bin .../aws/trusted-eventbridge-5.png | Bin .../aws/trusted-eventbridge-6.png | Bin .../aws/trusted-kinesis-0.png | Bin .../aws/trusted-kinesis-1.png | Bin .../aws/trusted-kinesis-2.png | Bin .../aws/trusted-kinesis-3.png | Bin .../aws/trusted-kinesis-4.png | Bin .../aws/trusted-kinesis-5.png | Bin .../aws/trusted-kinesis-6.png | Bin .../aws/trusted-kinesis-7.png | Bin .../{ => cloud-security}/aws/trusted-ui-1.png | Bin .../{ => cloud-security}/aws/trusted-ui-2.png | Bin .../{ => cloud-security}/aws/trusted-ui-3.png | Bin .../aws/vpc-flow-data-visualization.png | Bin .../azure/aad-graph-intro.png | Bin .../azure/account-credentials.png | Bin .../{ => cloud-security}/azure/graph-1.png | Bin .../{ => cloud-security}/azure/graph-2.png | Bin .../{ => cloud-security}/azure/graph-3.png | Bin .../{ => cloud-security}/azure/graph-4.png | Bin .../{ => cloud-security}/azure/graph-5.png | Bin .../{ => cloud-security}/azure/graph-6.png | Bin .../{ => cloud-security}/azure/graph-7.png | Bin .../azure/kibana-services-1.png | Bin .../azure/kibana-services-2.png | Bin .../azure/log-analytics-activity-send.png | Bin .../azure/log-analytics-app-1.png | Bin .../azure/log-analytics-app-2.png | Bin .../azure/log-analytics-app-3.png | Bin .../azure/log-analytics-app-4.png | Bin .../azure/log-analytics-app-5.png | Bin .../azure/log-analytics-app-6.png | Bin .../azure/log-analytics-create-key.png | Bin .../azure/log-analytics-diagnostic-1.png | Bin .../azure/log-analytics-diagnostic-2.png | Bin .../azure/log-analytics-key-created.png | Bin .../azure/log-analytics-new-user.png | Bin .../azure/log-analytics-workspace-1.png | Bin .../azure/log-analytics-workspace-2.png | Bin .../azure/log-analytics-workspace-3.png | Bin .../azure/log-analytics-workspace-4.png | Bin .../azure/log-analytics-workspace-5.png | Bin .../azure/new-user-event.png | Bin .../{ => cloud-security}/azure/new-user.png | Bin .../azure/portal-services.png | Bin .../azure/storage-activity-1.png | Bin .../azure/storage-activity-2.png | Bin .../azure/storage-activity-3.png | Bin .../azure/storage-activity-log.png | Bin .../azure/storage-kibana.png | Bin .../azure/storage-new-user-1.png | Bin .../azure/storage-new-user-2.png | Bin .../gcp/gcp-account-key.png | Bin .../gcp/gcp-create-sink-button.png | Bin .../gcp/gcp-create-sink-dns.png | Bin .../gcp/gcp-create-sink.png | Bin .../gcp/gcp-data-flow.png | Bin .../gcp/gcp-kibana-dns-filtered-logs.png | Bin .../gcp/gcp-kibana-dns-log-filter.png | Bin .../gcp/gcp-kibana-dns-overview.png | Bin .../gcp/gcp-kibana-filtered-logs.png | Bin .../gcp/gcp-kibana-log-filter.png | Bin .../gcp/gcp-load-balancer-sink.png | Bin .../{ => cloud-security}/gcp/gcp-overview.png | Bin .../gcp/gcp-sink-destination.png | Bin .../gcp/gcp-sink-dns-destination.png | Bin .../gcp/gcp-sink-dns-name.png | Bin .../gcp/gcp-sink-name.png | Bin .../{ => cloud-security}/gcp/gcp-sink.png | Bin .../gcp/gcp-subscription.png | Bin .../{ => cloud-security}/gcp/gcp-topic.png | Bin .../gcp/gcp-vpc-flow-sink.png | Bin .../0-azure-app-new-registration.png | Bin ...1-azure-wazuh-app-register-application.png | Bin .../office365/2-azure-wazuh-app-overview.png | Bin ...e-wazuh-app-create-password-copy-value.png | Bin .../3-azure-wazuh-app-create-password.png | Bin ...pp-configure-permissions-admin-consent.png | Bin ...-azure-wazuh-app-configure-permissions.png | Bin source/index.rst | 2 +- .../aws-infrastructure-monitoring.rst | 4 +- source/release-notes/release-3-2-0.rst | 2 +- source/release-notes/release-3-7-0.rst | 2 +- .../reference/daemons/wazuh-modulesd.rst | 2 +- .../reference/ossec-conf/wodle-azure-logs.rst | 2 +- 231 files changed, 276 insertions(+), 276 deletions(-) rename source/{ => cloud-security}/amazon/index.rst (100%) rename source/{ => cloud-security}/amazon/instances.rst (100%) rename source/{ => cloud-security}/amazon/services/index.rst (87%) rename source/{ => cloud-security}/amazon/services/prerequisites/S3-bucket.rst (83%) rename source/{ => cloud-security}/amazon/services/prerequisites/considerations.rst (100%) rename source/{ => cloud-security}/amazon/services/prerequisites/credentials.rst (88%) rename source/{ => cloud-security}/amazon/services/prerequisites/dependencies.rst (100%) rename source/{ => cloud-security}/amazon/services/prerequisites/index.rst (100%) rename source/{ => cloud-security}/amazon/services/supported-services/cisco-umbrella.rst (100%) rename source/{ => cloud-security}/amazon/services/supported-services/cloudtrail.rst (79%) rename source/{ => cloud-security}/amazon/services/supported-services/cloudwatchlogs.rst (94%) rename source/{ => cloud-security}/amazon/services/supported-services/config.rst (87%) rename source/{ => cloud-security}/amazon/services/supported-services/ecr-image-scanning.rst (88%) rename source/{ => cloud-security}/amazon/services/supported-services/elastic-load-balancing/alb.rst (90%) rename source/{ => cloud-security}/amazon/services/supported-services/elastic-load-balancing/clb.rst (89%) rename source/{ => cloud-security}/amazon/services/supported-services/elastic-load-balancing/index.rst (100%) rename source/{ => cloud-security}/amazon/services/supported-services/elastic-load-balancing/nlb.rst (90%) rename source/{ => cloud-security}/amazon/services/supported-services/guardduty.rst (70%) rename source/{ => cloud-security}/amazon/services/supported-services/index.rst (100%) rename source/{ => cloud-security}/amazon/services/supported-services/inspector.rst (88%) rename source/{ => cloud-security}/amazon/services/supported-services/kms.rst (79%) rename source/{ => cloud-security}/amazon/services/supported-services/macie.rst (80%) rename source/{ => cloud-security}/amazon/services/supported-services/security-lake.rst (100%) rename source/{ => cloud-security}/amazon/services/supported-services/server-access.rst (84%) rename source/{ => cloud-security}/amazon/services/supported-services/trusted-advisor.rst (81%) rename source/{ => cloud-security}/amazon/services/supported-services/vpc.rst (87%) rename source/{ => cloud-security}/amazon/services/supported-services/waf.rst (82%) rename source/{ => cloud-security}/amazon/services/troubleshooting.rst (100%) rename source/{ => cloud-security}/azure/activity-services/active-directory/graph.rst (89%) rename source/{ => cloud-security}/azure/activity-services/active-directory/index.rst (83%) rename source/{ => cloud-security}/azure/activity-services/index.rst (100%) rename source/{ => cloud-security}/azure/activity-services/prerequisites/considerations.rst (100%) rename source/{ => cloud-security}/azure/activity-services/prerequisites/credentials.rst (85%) rename source/{ => cloud-security}/azure/activity-services/prerequisites/dependencies.rst (100%) rename source/{ => cloud-security}/azure/activity-services/prerequisites/index.rst (100%) rename source/{ => cloud-security}/azure/activity-services/services/index.rst (87%) rename source/{ => cloud-security}/azure/activity-services/services/log-analytics.rst (86%) rename source/{ => cloud-security}/azure/activity-services/services/storage.rst (86%) rename source/{ => cloud-security}/azure/index.rst (100%) rename source/{ => cloud-security}/azure/monitoring-instances.rst (100%) rename source/{ => cloud-security}/gcp/index.rst (92%) rename source/{ => cloud-security}/gcp/prerequisites/considerations.rst (100%) rename source/{ => cloud-security}/gcp/prerequisites/credentials.rst (98%) rename source/{ => cloud-security}/gcp/prerequisites/dependencies.rst (100%) rename source/{ => cloud-security}/gcp/prerequisites/index.rst (100%) rename source/{ => cloud-security}/gcp/prerequisites/pubsub.rst (93%) rename source/{ => cloud-security}/gcp/supported-services/access_logs.rst (100%) rename source/{ => cloud-security}/gcp/supported-services/cloud_audit_logs.rst (87%) rename source/{ => cloud-security}/gcp/supported-services/dns_queries.rst (83%) rename source/{ => cloud-security}/gcp/supported-services/firewall.rst (96%) rename source/{ => cloud-security}/gcp/supported-services/index.rst (100%) rename source/{ => cloud-security}/gcp/supported-services/load_balancing.rst (96%) rename source/{ => cloud-security}/gcp/supported-services/vpc_flow.rst (96%) rename source/{ => cloud-security}/github/index.rst (100%) rename source/{ => cloud-security}/github/monitoring-github-activity.rst (100%) rename source/{ => cloud-security}/monitoring.rst (100%) rename source/{ => cloud-security}/office365/index.rst (100%) rename source/{ => cloud-security}/office365/monitoring-office365-activity.rst (93%) rename source/images/{ => cloud-security}/aws/aws-cloudtrail-1.png (100%) rename source/images/{ => cloud-security}/aws/aws-cloudtrail-2.png (100%) rename source/images/{ => cloud-security}/aws/aws-cloudtrail-3.png (100%) rename source/images/{ => cloud-security}/aws/aws-create-completed.png (100%) rename source/images/{ => cloud-security}/aws/aws-create-config-1.png (100%) rename source/images/{ => cloud-security}/aws/aws-create-elb-1.png (100%) rename source/images/{ => cloud-security}/aws/aws-create-elb-2.png (100%) rename source/images/{ => cloud-security}/aws/aws-create-firehose-1.png (100%) rename source/images/{ => cloud-security}/aws/aws-create-firehose-10.png (100%) rename source/images/{ => cloud-security}/aws/aws-create-firehose-11.png (100%) rename source/images/{ => cloud-security}/aws/aws-create-firehose-12.png (100%) rename source/images/{ => cloud-security}/aws/aws-create-firehose-13.png (100%) rename source/images/{ => cloud-security}/aws/aws-create-firehose-14.png (100%) rename source/images/{ => cloud-security}/aws/aws-create-firehose-15.png (100%) rename source/images/{ => cloud-security}/aws/aws-create-firehose-2.png (100%) rename source/images/{ => cloud-security}/aws/aws-create-firehose-3.png (100%) rename source/images/{ => cloud-security}/aws/aws-create-firehose-4.1.png (100%) rename source/images/{ => cloud-security}/aws/aws-create-firehose-4.png (100%) rename source/images/{ => cloud-security}/aws/aws-create-firehose-5.png (100%) rename source/images/{ => cloud-security}/aws/aws-create-firehose-6.png (100%) rename source/images/{ => cloud-security}/aws/aws-create-firehose-7.png (100%) rename source/images/{ => cloud-security}/aws/aws-create-firehose-8.png (100%) rename source/images/{ => cloud-security}/aws/aws-create-firehose-9.png (100%) rename source/images/{ => cloud-security}/aws/aws-create-role-1.png (100%) rename source/images/{ => cloud-security}/aws/aws-create-role-10.png (100%) rename source/images/{ => cloud-security}/aws/aws-create-role-2.png (100%) rename source/images/{ => cloud-security}/aws/aws-create-role-4.png (100%) rename source/images/{ => cloud-security}/aws/aws-create-role-5.png (100%) rename source/images/{ => cloud-security}/aws/aws-create-role-6.png (100%) rename source/images/{ => cloud-security}/aws/aws-create-role-7.png (100%) rename source/images/{ => cloud-security}/aws/aws-create-role-8.png (100%) rename source/images/{ => cloud-security}/aws/aws-create-role-9.png (100%) rename source/images/{ => cloud-security}/aws/aws-create-stack.png (100%) rename source/images/{ => cloud-security}/aws/aws-create-vpc-1.png (100%) rename source/images/{ => cloud-security}/aws/aws-create-vpc-2.png (100%) rename source/images/{ => cloud-security}/aws/aws-create-vpc-3.png (100%) rename source/images/{ => cloud-security}/aws/aws-ec2-1.png (100%) rename source/images/{ => cloud-security}/aws/aws-ec2-2.png (100%) rename source/images/{ => cloud-security}/aws/aws-ec2-3.png (100%) rename source/images/{ => cloud-security}/aws/aws-ec2-4.png (100%) rename source/images/{ => cloud-security}/aws/aws-ec2-5.png (100%) rename source/images/{ => cloud-security}/aws/aws-ec2-6.png (100%) rename source/images/{ => cloud-security}/aws/aws-ec2-7.png (100%) rename source/images/{ => cloud-security}/aws/aws-ec2-8.png (100%) rename source/images/{ => cloud-security}/aws/aws-ec2-9.png (100%) rename source/images/{ => cloud-security}/aws/aws-ec2-guardduty.png (100%) rename source/images/{ => cloud-security}/aws/aws-ec2-guardduty2.png (100%) rename source/images/{ => cloud-security}/aws/aws-ec2-guardduty3.png (100%) rename source/images/{ => cloud-security}/aws/aws-ec2-guardduty4.png (100%) rename source/images/{ => cloud-security}/aws/aws-ec2-guardduty5.png (100%) rename source/images/{ => cloud-security}/aws/aws-ec2-guardduty6.png (100%) rename source/images/{ => cloud-security}/aws/aws-ec2-pannels-1.png (100%) rename source/images/{ => cloud-security}/aws/aws-ec2-pannels-2.png (100%) rename source/images/{ => cloud-security}/aws/aws-findings-1.png (100%) rename source/images/{ => cloud-security}/aws/aws-findings-2.png (100%) rename source/images/{ => cloud-security}/aws/aws-iam-pannels-1.png (100%) rename source/images/{ => cloud-security}/aws/aws-iam-pannels-2.png (100%) rename source/images/{ => cloud-security}/aws/aws-inspector-advanced-setup.png (100%) rename source/images/{ => cloud-security}/aws/aws-inspector-assessment-target.png (100%) rename source/images/{ => cloud-security}/aws/aws-inspector-assessment-template.png (100%) rename source/images/{ => cloud-security}/aws/aws-inspector-get-started.png (100%) rename source/images/{ => cloud-security}/aws/aws-inspector-overview.png (100%) rename source/images/{ => cloud-security}/aws/aws-inspector-review.png (100%) rename source/images/{ => cloud-security}/aws/aws-inspector-side-menu.png (100%) rename source/images/{ => cloud-security}/aws/aws-login-1.png (100%) rename source/images/{ => cloud-security}/aws/aws-login-2.png (100%) rename source/images/{ => cloud-security}/aws/aws-login-3.png (100%) rename source/images/{ => cloud-security}/aws/aws-login-4.png (100%) rename source/images/{ => cloud-security}/aws/aws-login-5.png (100%) rename source/images/{ => cloud-security}/aws/aws-s3-1.png (100%) rename source/images/{ => cloud-security}/aws/aws-server-access-1.png (100%) rename source/images/{ => cloud-security}/aws/aws-server-access-2.png (100%) rename source/images/{ => cloud-security}/aws/aws-server-access-3.png (100%) rename source/images/{ => cloud-security}/aws/aws-server-access-4.png (100%) rename source/images/{ => cloud-security}/aws/aws-server-access-5.png (100%) rename source/images/{ => cloud-security}/aws/aws-summary-user.png (100%) rename source/images/{ => cloud-security}/aws/aws-user.png (100%) rename source/images/{ => cloud-security}/aws/aws-vpc-1.png (100%) rename source/images/{ => cloud-security}/aws/aws-vpc-2.png (100%) rename source/images/{ => cloud-security}/aws/aws-vpc-3.png (100%) rename source/images/{ => cloud-security}/aws/trusted-advisor-1.png (100%) rename source/images/{ => cloud-security}/aws/trusted-advisor-2.png (100%) rename source/images/{ => cloud-security}/aws/trusted-advisor.png (100%) rename source/images/{ => cloud-security}/aws/trusted-eventbridge-1.png (100%) rename source/images/{ => cloud-security}/aws/trusted-eventbridge-2.png (100%) rename source/images/{ => cloud-security}/aws/trusted-eventbridge-3.png (100%) rename source/images/{ => cloud-security}/aws/trusted-eventbridge-4.png (100%) rename source/images/{ => cloud-security}/aws/trusted-eventbridge-5.png (100%) rename source/images/{ => cloud-security}/aws/trusted-eventbridge-6.png (100%) rename source/images/{ => cloud-security}/aws/trusted-kinesis-0.png (100%) rename source/images/{ => cloud-security}/aws/trusted-kinesis-1.png (100%) rename source/images/{ => cloud-security}/aws/trusted-kinesis-2.png (100%) rename source/images/{ => cloud-security}/aws/trusted-kinesis-3.png (100%) rename source/images/{ => cloud-security}/aws/trusted-kinesis-4.png (100%) rename source/images/{ => cloud-security}/aws/trusted-kinesis-5.png (100%) rename source/images/{ => cloud-security}/aws/trusted-kinesis-6.png (100%) rename source/images/{ => cloud-security}/aws/trusted-kinesis-7.png (100%) rename source/images/{ => cloud-security}/aws/trusted-ui-1.png (100%) rename source/images/{ => cloud-security}/aws/trusted-ui-2.png (100%) rename source/images/{ => cloud-security}/aws/trusted-ui-3.png (100%) rename source/images/{ => cloud-security}/aws/vpc-flow-data-visualization.png (100%) rename source/images/{ => cloud-security}/azure/aad-graph-intro.png (100%) rename source/images/{ => cloud-security}/azure/account-credentials.png (100%) rename source/images/{ => cloud-security}/azure/graph-1.png (100%) rename source/images/{ => cloud-security}/azure/graph-2.png (100%) rename source/images/{ => cloud-security}/azure/graph-3.png (100%) rename source/images/{ => cloud-security}/azure/graph-4.png (100%) rename source/images/{ => cloud-security}/azure/graph-5.png (100%) rename source/images/{ => cloud-security}/azure/graph-6.png (100%) rename source/images/{ => cloud-security}/azure/graph-7.png (100%) rename source/images/{ => cloud-security}/azure/kibana-services-1.png (100%) rename source/images/{ => cloud-security}/azure/kibana-services-2.png (100%) rename source/images/{ => cloud-security}/azure/log-analytics-activity-send.png (100%) rename source/images/{ => cloud-security}/azure/log-analytics-app-1.png (100%) rename source/images/{ => cloud-security}/azure/log-analytics-app-2.png (100%) rename source/images/{ => cloud-security}/azure/log-analytics-app-3.png (100%) rename source/images/{ => cloud-security}/azure/log-analytics-app-4.png (100%) rename source/images/{ => cloud-security}/azure/log-analytics-app-5.png (100%) rename source/images/{ => cloud-security}/azure/log-analytics-app-6.png (100%) rename source/images/{ => cloud-security}/azure/log-analytics-create-key.png (100%) rename source/images/{ => cloud-security}/azure/log-analytics-diagnostic-1.png (100%) rename source/images/{ => cloud-security}/azure/log-analytics-diagnostic-2.png (100%) rename source/images/{ => cloud-security}/azure/log-analytics-key-created.png (100%) rename source/images/{ => cloud-security}/azure/log-analytics-new-user.png (100%) rename source/images/{ => cloud-security}/azure/log-analytics-workspace-1.png (100%) rename source/images/{ => cloud-security}/azure/log-analytics-workspace-2.png (100%) rename source/images/{ => cloud-security}/azure/log-analytics-workspace-3.png (100%) rename source/images/{ => cloud-security}/azure/log-analytics-workspace-4.png (100%) rename source/images/{ => cloud-security}/azure/log-analytics-workspace-5.png (100%) rename source/images/{ => cloud-security}/azure/new-user-event.png (100%) rename source/images/{ => cloud-security}/azure/new-user.png (100%) rename source/images/{ => cloud-security}/azure/portal-services.png (100%) rename source/images/{ => cloud-security}/azure/storage-activity-1.png (100%) rename source/images/{ => cloud-security}/azure/storage-activity-2.png (100%) rename source/images/{ => cloud-security}/azure/storage-activity-3.png (100%) rename source/images/{ => cloud-security}/azure/storage-activity-log.png (100%) rename source/images/{ => cloud-security}/azure/storage-kibana.png (100%) rename source/images/{ => cloud-security}/azure/storage-new-user-1.png (100%) rename source/images/{ => cloud-security}/azure/storage-new-user-2.png (100%) rename source/images/{ => cloud-security}/gcp/gcp-account-key.png (100%) rename source/images/{ => cloud-security}/gcp/gcp-create-sink-button.png (100%) rename source/images/{ => cloud-security}/gcp/gcp-create-sink-dns.png (100%) rename source/images/{ => cloud-security}/gcp/gcp-create-sink.png (100%) rename source/images/{ => cloud-security}/gcp/gcp-data-flow.png (100%) rename source/images/{ => cloud-security}/gcp/gcp-kibana-dns-filtered-logs.png (100%) rename source/images/{ => cloud-security}/gcp/gcp-kibana-dns-log-filter.png (100%) rename source/images/{ => cloud-security}/gcp/gcp-kibana-dns-overview.png (100%) rename source/images/{ => cloud-security}/gcp/gcp-kibana-filtered-logs.png (100%) rename source/images/{ => cloud-security}/gcp/gcp-kibana-log-filter.png (100%) rename source/images/{ => cloud-security}/gcp/gcp-load-balancer-sink.png (100%) rename source/images/{ => cloud-security}/gcp/gcp-overview.png (100%) rename source/images/{ => cloud-security}/gcp/gcp-sink-destination.png (100%) rename source/images/{ => cloud-security}/gcp/gcp-sink-dns-destination.png (100%) rename source/images/{ => cloud-security}/gcp/gcp-sink-dns-name.png (100%) rename source/images/{ => cloud-security}/gcp/gcp-sink-name.png (100%) rename source/images/{ => cloud-security}/gcp/gcp-sink.png (100%) rename source/images/{ => cloud-security}/gcp/gcp-subscription.png (100%) rename source/images/{ => cloud-security}/gcp/gcp-topic.png (100%) rename source/images/{ => cloud-security}/gcp/gcp-vpc-flow-sink.png (100%) rename source/images/{ => cloud-security}/office365/0-azure-app-new-registration.png (100%) rename source/images/{ => cloud-security}/office365/1-azure-wazuh-app-register-application.png (100%) rename source/images/{ => cloud-security}/office365/2-azure-wazuh-app-overview.png (100%) rename source/images/{ => cloud-security}/office365/3-azure-wazuh-app-create-password-copy-value.png (100%) rename source/images/{ => cloud-security}/office365/3-azure-wazuh-app-create-password.png (100%) rename source/images/{ => cloud-security}/office365/4-azure-wazuh-app-configure-permissions-admin-consent.png (100%) rename source/images/{ => cloud-security}/office365/4-azure-wazuh-app-configure-permissions.png (100%) diff --git a/source/amazon/index.rst b/source/cloud-security/amazon/index.rst similarity index 100% rename from source/amazon/index.rst rename to source/cloud-security/amazon/index.rst diff --git a/source/amazon/instances.rst b/source/cloud-security/amazon/instances.rst similarity index 100% rename from source/amazon/instances.rst rename to source/cloud-security/amazon/instances.rst diff --git a/source/amazon/services/index.rst b/source/cloud-security/amazon/services/index.rst similarity index 87% rename from source/amazon/services/index.rst rename to source/cloud-security/amazon/services/index.rst index 6d0d0562a0..7b40c59abe 100644 --- a/source/amazon/services/index.rst +++ b/source/cloud-security/amazon/services/index.rst @@ -11,7 +11,7 @@ Monitoring AWS based services The Wazuh module for AWS (``aws-s3``) provides capabilities to monitor AWS based services. Each of the sections below contains detailed instructions to configure and set up all of the supported services, and also the required Wazuh configuration to collect the logs. -This module requires dependencies in order to work, and also the right credentials in order to access the services. Take a look at the :doc:`Amazon prerequisites ` section before proceeding. +This module requires dependencies in order to work, and also the right credentials in order to access the services. Take a look at the :doc:`Amazon prerequisites ` section before proceeding. .. topic:: Contents diff --git a/source/amazon/services/prerequisites/S3-bucket.rst b/source/cloud-security/amazon/services/prerequisites/S3-bucket.rst similarity index 83% rename from source/amazon/services/prerequisites/S3-bucket.rst rename to source/cloud-security/amazon/services/prerequisites/S3-bucket.rst index 3c87ae8be0..fac2ac19f0 100644 --- a/source/amazon/services/prerequisites/S3-bucket.rst +++ b/source/cloud-security/amazon/services/prerequisites/S3-bucket.rst @@ -19,19 +19,19 @@ In this section we will see how to create these data containers: 1. Go to Services > Storage > S3: - .. thumbnail:: ../../../images/aws/aws-create-firehose-1.png + .. thumbnail:: /images/cloud-security/aws/aws-create-firehose-1.png :align: center :width: 70% 2. Click on *Create bucket*: - .. thumbnail:: ../../../images/aws/aws-create-firehose-2.png + .. thumbnail:: /images/cloud-security/aws/aws-create-firehose-2.png :align: center :width: 70% 3. Create a new bucket, give it a name, then click on the *Create* button: - .. thumbnail:: ../../../images/aws/aws-create-firehose-3.png + .. thumbnail:: /images/cloud-security/aws/aws-create-firehose-3.png :align: center :width: 45% diff --git a/source/amazon/services/prerequisites/considerations.rst b/source/cloud-security/amazon/services/prerequisites/considerations.rst similarity index 100% rename from source/amazon/services/prerequisites/considerations.rst rename to source/cloud-security/amazon/services/prerequisites/considerations.rst diff --git a/source/amazon/services/prerequisites/credentials.rst b/source/cloud-security/amazon/services/prerequisites/credentials.rst similarity index 88% rename from source/amazon/services/prerequisites/credentials.rst rename to source/cloud-security/amazon/services/prerequisites/credentials.rst index 235d851d1b..e78046ffc5 100644 --- a/source/amazon/services/prerequisites/credentials.rst +++ b/source/cloud-security/amazon/services/prerequisites/credentials.rst @@ -27,7 +27,7 @@ Wazuh requires a user with permissions to pull log data from the different servi Navigate to Services > IAM > Users - .. thumbnail:: ../../../images/aws/aws-user.png + .. thumbnail:: /images/cloud-security/aws/aws-user.png :align: center :width: 70% @@ -35,7 +35,7 @@ Wazuh requires a user with permissions to pull log data from the different servi 2. Confirm user creation and get credentials: - .. thumbnail:: ../../../images/aws/aws-summary-user.png + .. thumbnail:: /images/cloud-security/aws/aws-summary-user.png :align: center :width: 70% @@ -98,55 +98,55 @@ IAM Roles can also be used to interact with the different AWS services. This sec 1. Go to Services > Security, Identity & Compliance > IAM. - .. thumbnail:: ../../../images/aws/aws-create-role-1.png + .. thumbnail:: /images/cloud-security/aws/aws-create-role-1.png :align: center :width: 70% 2. Select Roles in the right menu and click on the **Create role** button: - .. thumbnail:: ../../../images/aws/aws-create-role-2.png + .. thumbnail:: /images/cloud-security/aws/aws-create-role-2.png :align: center :width: 70% 3. Select S3 service and click on the **Next: Permissions** button: - .. thumbnail:: ../../../images/aws/aws-create-role-4.png + .. thumbnail:: /images/cloud-security/aws/aws-create-role-4.png :align: center :width: 70% 4. Select the previously created policy: - .. thumbnail:: ../../../images/aws/aws-create-role-5.png + .. thumbnail:: /images/cloud-security/aws/aws-create-role-5.png :align: center :width: 70% 5. Click on the **Create role** button: - .. thumbnail:: ../../../images/aws/aws-create-role-6.png + .. thumbnail:: /images/cloud-security/aws/aws-create-role-6.png :align: center :width: 70% 6. Access to role summary and click on its policy name: - .. thumbnail:: ../../../images/aws/aws-create-role-7.png + .. thumbnail:: /images/cloud-security/aws/aws-create-role-7.png :align: center :width: 70% 7. Add permissions so the new role can do *sts:AssumeRole* action: - .. thumbnail:: ../../../images/aws/aws-create-role-8.png + .. thumbnail:: /images/cloud-security/aws/aws-create-role-8.png :align: center :width: 70% 8. Come back to the role summary, go to the *Trust relationships* tab and click on the **Edit trust relationship** button: - .. thumbnail:: ../../../images/aws/aws-create-role-9.png + .. thumbnail:: /images/cloud-security/aws/aws-create-role-9.png :align: center :width: 70% 9. Add your user to the *Principal* tag and click on the **Update Trust Policy** button: - .. thumbnail:: ../../../images/aws/aws-create-role-10.png + .. thumbnail:: /images/cloud-security/aws/aws-create-role-10.png :align: center :width: 70% diff --git a/source/amazon/services/prerequisites/dependencies.rst b/source/cloud-security/amazon/services/prerequisites/dependencies.rst similarity index 100% rename from source/amazon/services/prerequisites/dependencies.rst rename to source/cloud-security/amazon/services/prerequisites/dependencies.rst diff --git a/source/amazon/services/prerequisites/index.rst b/source/cloud-security/amazon/services/prerequisites/index.rst similarity index 100% rename from source/amazon/services/prerequisites/index.rst rename to source/cloud-security/amazon/services/prerequisites/index.rst diff --git a/source/amazon/services/supported-services/cisco-umbrella.rst b/source/cloud-security/amazon/services/supported-services/cisco-umbrella.rst similarity index 100% rename from source/amazon/services/supported-services/cisco-umbrella.rst rename to source/cloud-security/amazon/services/supported-services/cisco-umbrella.rst diff --git a/source/amazon/services/supported-services/cloudtrail.rst b/source/cloud-security/amazon/services/supported-services/cloudtrail.rst similarity index 79% rename from source/amazon/services/supported-services/cloudtrail.rst rename to source/cloud-security/amazon/services/supported-services/cloudtrail.rst index c02193f85d..643d2edacb 100644 --- a/source/amazon/services/supported-services/cloudtrail.rst +++ b/source/cloud-security/amazon/services/supported-services/cloudtrail.rst @@ -15,19 +15,19 @@ Amazon configuration #. From your AWS console, choose “CloudTrail” from the Deployment & Management section: - .. thumbnail:: ../../../images/aws/aws-cloudtrail-1.png + .. thumbnail:: /images/cloud-security/aws/aws-cloudtrail-1.png :align: center :width: 70% #. Create a new trail: - .. thumbnail:: ../../../images/aws/aws-cloudtrail-2.png + .. thumbnail:: /images/cloud-security/aws/aws-cloudtrail-2.png :align: center :width: 70% #. Provide a name for the new S3 bucket that will be used to store the CloudTrail logs (remember the name you provide here, you’ll need to reference it during plugin setup): - .. thumbnail:: ../../../images/aws/aws-cloudtrail-3.png + .. thumbnail:: /images/cloud-security/aws/aws-cloudtrail-3.png :align: center :width: 70% @@ -111,13 +111,13 @@ Run a new instance in EC2 When a user runs a new instance in EC2 an AWS event is generated. As previously mentioned, the log message is collected by the Wazuh agent, and forwarded to the manager for analysis. The following alert will be shown in the Wazuh dashboard, it shows data such as instance type, the user who created it, or creation date: -.. thumbnail:: ../../../images/aws/aws-ec2-1.png +.. thumbnail:: /images/cloud-security/aws/aws-ec2-1.png :align: center :width: 70% When a user tries to run an instance **without relevant permissions**, then the following alert will be shown in Kibana: -.. thumbnail:: ../../../images/aws/aws-ec2-2.png +.. thumbnail:: /images/cloud-security/aws/aws-ec2-2.png :align: center :width: 70% @@ -126,13 +126,13 @@ Start instances in EC2 When an instance in EC2 is started, the following alert will be shown on the Wazuh dashboard, it shows information such as the instance id and the user who started it: -.. thumbnail:: ../../../images/aws/aws-ec2-3.png +.. thumbnail:: /images/cloud-security/aws/aws-ec2-3.png :align: center :width: 70% If a user tries to start instances **without relevant permissions** the following alert will be shown on Kibana: -.. thumbnail:: ../../../images/aws/aws-ec2-4.png +.. thumbnail:: /images/cloud-security/aws/aws-ec2-4.png :align: center :width: 70% @@ -141,13 +141,13 @@ Stop instances in EC2 When an instance in EC2 is stopped, the following alert will be shown on Kibana: -.. thumbnail:: ../../../images/aws/aws-ec2-5.png +.. thumbnail:: /images/cloud-security/aws/aws-ec2-5.png :align: center :width: 70% If a user tries to stop instances **without relevant permissions**, the following alert will be shown on Kibana: -.. thumbnail:: ../../../images/aws/aws-ec2-6.png +.. thumbnail:: /images/cloud-security/aws/aws-ec2-6.png :align: center :width: 70% @@ -156,7 +156,7 @@ Create Security Groups in EC2 When a new security group is created, the following alert is shown on the Wazuh dashboard. It shows information such as the user who created it and information about the security group: -.. thumbnail:: ../../../images/aws/aws-ec2-7.png +.. thumbnail:: /images/cloud-security/aws/aws-ec2-7.png :align: center :width: 70% @@ -165,7 +165,7 @@ Allocate a new Elastic IP address If a new Elastic IP address is allocated, the following alert will be shown on Kibana: -.. thumbnail:: ../../../images/aws/aws-ec2-8.png +.. thumbnail:: /images/cloud-security/aws/aws-ec2-8.png :align: center :width: 70% @@ -174,7 +174,7 @@ Associate a new Elastic IP address If an Elastic IP address is associated, then rule ``80446`` will apply, generating the corresponding alert: -.. thumbnail:: ../../../images/aws/aws-ec2-9.png +.. thumbnail:: /images/cloud-security/aws/aws-ec2-9.png :align: center :width: 70% @@ -190,7 +190,7 @@ Create a user account When we create a new user account in IAM an AWS event is generated. As previously mentioned, the log message is collected by the Wazuh agent, and forwarded to the manager for analysis. When a user account is created, the following alert will appear on the Wazuh dashboard. You can see the username of the created user and who created it: -.. thumbnail:: ../../../images/aws/aws-login-1.png +.. thumbnail:: /images/cloud-security/aws/aws-login-1.png :align: center :width: 70% @@ -199,7 +199,7 @@ Create a user account without permissions If an unauthorized user attempts to create new users, the following alert will be shown in the Wazuh dashboard. It will show you which user has tried to create a user account and the username it tried to create: -.. thumbnail:: ../../../images/aws/aws-login-2.png +.. thumbnail:: /images/cloud-security/aws/aws-login-2.png :align: center :width: 70% @@ -208,7 +208,7 @@ User login failed When a user tries to log in with an invalid password, the following alert will be shown in the Wazuh dashboard. There will be shown data such as the user who tried to log in or the browser it was using: -.. thumbnail:: ../../../images/aws/aws-login-3.png +.. thumbnail:: /images/cloud-security/aws/aws-login-3.png :align: center :width: 70% @@ -217,7 +217,7 @@ Possible break-in attempt When more than 4 authentication failures occur in a **360** second time window, Wazuh raises this alert: -.. thumbnail:: ../../../images/aws/aws-login-4.png +.. thumbnail:: /images/cloud-security/aws/aws-login-4.png :align: center :width: 70% @@ -226,16 +226,16 @@ Login success After a successful login, the following event will be shown in the Wazuh dashboard. It shows the user who logged in, the browser it used, and other useful information: -.. thumbnail:: ../../../images/aws/aws-login-5.png +.. thumbnail:: /images/cloud-security/aws/aws-login-5.png :align: center :width: 70% Here are the Wazuh dashboard charts for IAM events: -+----------------------------------------------------------+------------------------------------------------------------+ -| Pie Chart | Stacked Groups | -+==========================================================+============================================================+ -| .. thumbnail:: ../../../images/aws/aws-iam-pannels-1.png | .. thumbnail:: ../../../images/aws/aws-iam-pannels-2.png | -| :align: center | :align: center | -| :width: 70% | :width: 70% | -+----------------------------------------------------------+------------------------------------------------------------+ ++-----------------------------------------------------------------+-------------------------------------------------------------------+ +| Pie Chart | Stacked Groups | ++=================================================================+===================================================================+ +| .. thumbnail:: /images/cloud-security/aws/aws-iam-pannels-1.png | .. thumbnail:: /images/cloud-security/aws/aws-iam-pannels-2.png | +| :align: center | :align: center | +| :width: 70% | :width: 70% | ++-----------------------------------------------------------------+-------------------------------------------------------------------+ diff --git a/source/amazon/services/supported-services/cloudwatchlogs.rst b/source/cloud-security/amazon/services/supported-services/cloudwatchlogs.rst similarity index 94% rename from source/amazon/services/supported-services/cloudwatchlogs.rst rename to source/cloud-security/amazon/services/supported-services/cloudwatchlogs.rst index b0564bdd8b..ce19afc925 100644 --- a/source/amazon/services/supported-services/cloudwatchlogs.rst +++ b/source/cloud-security/amazon/services/supported-services/cloudwatchlogs.rst @@ -116,4 +116,4 @@ Wazuh configuration CloudWatch Logs use cases ------------------------- -Check the :doc:`Amazon ECR Image scanning ` section to learn how to use the CloudWatch Logs integration to pull logs from Amazon ECR Image scans. +Check the :doc:`Amazon ECR Image scanning ` section to learn how to use the CloudWatch Logs integration to pull logs from Amazon ECR Image scans. diff --git a/source/amazon/services/supported-services/config.rst b/source/cloud-security/amazon/services/supported-services/config.rst similarity index 87% rename from source/amazon/services/supported-services/config.rst rename to source/cloud-security/amazon/services/supported-services/config.rst index a180a06456..bd453383af 100644 --- a/source/amazon/services/supported-services/config.rst +++ b/source/cloud-security/amazon/services/supported-services/config.rst @@ -23,9 +23,9 @@ Amazon configuration .. note:: For more information about these options, see `Selecting Which Resources AWS Config Records. `_ -#. Select an existing S3 Bucket or :doc:`create a new one `. +#. Select an existing S3 Bucket or :doc:`create a new one `. - .. thumbnail:: ../../../images/aws/aws-create-config-1.png + .. thumbnail:: /images/cloud-security/aws/aws-create-config-1.png :align: center :width: 100% @@ -33,25 +33,25 @@ Amazon configuration #. Go to Services > Management Tools > CloudWatch: - .. thumbnail:: ../../../images/aws/aws-create-firehose-12.png + .. thumbnail:: /images/cloud-security/aws/aws-create-firehose-12.png :align: center :width: 100% #. Select Rules on the left menu and click on the *Create* rule button: - .. thumbnail:: ../../../images/aws/aws-create-firehose-13.png + .. thumbnail:: /images/cloud-security/aws/aws-create-firehose-13.png :align: center :width: 100% #. Select the services you want to get logs from using the Service name slider, then, click on the Add target button and add the previously created Firehose delivery stream there. Also, create a new role to access the delivery stream: - .. thumbnail:: ../../../images/aws/aws-create-firehose-14.png + .. thumbnail:: /images/cloud-security/aws/aws-create-firehose-14.png :align: center :width: 100% #. Give the rule some name and click on the *Create* rule button: - .. thumbnail:: ../../../images/aws/aws-create-firehose-15.png + .. thumbnail:: /images/cloud-security/aws/aws-create-firehose-15.png :align: center :width: 100% diff --git a/source/amazon/services/supported-services/ecr-image-scanning.rst b/source/cloud-security/amazon/services/supported-services/ecr-image-scanning.rst similarity index 88% rename from source/amazon/services/supported-services/ecr-image-scanning.rst rename to source/cloud-security/amazon/services/supported-services/ecr-image-scanning.rst index fd2746b35a..8e8d2e29eb 100644 --- a/source/amazon/services/supported-services/ecr-image-scanning.rst +++ b/source/cloud-security/amazon/services/supported-services/ecr-image-scanning.rst @@ -10,7 +10,7 @@ Amazon ECR Image scanning .. versionadded:: 4.3.0 -`Amazon ECR image scanning `_ uses the Common Vulnerabilities and Exposures (CVEs) database from the open-source `Clair project `_ to detect software vulnerabilities in container images and provide a list of scan findings, which can be easily integrated into Wazuh thanks to the :doc:`AWS CloudWatch Logs integration `. +`Amazon ECR image scanning `_ uses the Common Vulnerabilities and Exposures (CVEs) database from the open-source `Clair project `_ to detect software vulnerabilities in container images and provide a list of scan findings, which can be easily integrated into Wazuh thanks to the :doc:`AWS CloudWatch Logs integration `. Amazon ECR sends an event to Amazon EventBridge when an image scan is completed. The event itself is only a summary and does not contain the details of the scan findings. However, it is possible to configure a Lambda function to request the scan findings details and store them in CloudWatch Logs. Here is a quick summary of what the workflow looks like: @@ -38,7 +38,7 @@ How to create the CloudFormation Stack 3. Create a new stack using the template from step 1. -.. thumbnail:: ../../../images/aws/aws-create-stack.png +.. thumbnail:: /images/cloud-security/aws/aws-create-stack.png :title: Create new stack :align: center :width: 100% @@ -47,7 +47,7 @@ How to create the CloudFormation Stack 5. Wait until "CREATE_COMPLETE" status is reached. The stack containing the AWS Lambda is now ready to be used. -.. thumbnail:: ../../../images/aws/aws-create-completed.png +.. thumbnail:: /images/cloud-security/aws/aws-create-completed.png :title: Stack creation completed :align: center :width: 100% @@ -55,12 +55,12 @@ How to create the CloudFormation Stack Once the stack configuration is completed, the Lambda can be tested by manually triggering an image scan. The scan results in the creation of a CloudWatch log group called ``/aws/ecr/image-scan-findings/`` containing the scan results. For every new scan, the corresponding log streams are created inside the log group. -.. thumbnail:: ../../../images/aws/aws-findings-1.png +.. thumbnail:: /images/cloud-security/aws/aws-findings-1.png :title: Stack creation completed :align: center :width: 100% -.. thumbnail:: ../../../images/aws/aws-findings-2.png +.. thumbnail:: /images/cloud-security/aws/aws-findings-2.png :title: Stack creation completed :align: center :width: 100% @@ -84,7 +84,7 @@ Wazuh configuration .. note:: - Check the :doc:`AWS CloudWatch Logs integration ` to learn more about how the CloudWatch Logs integration works. + Check the :doc:`AWS CloudWatch Logs integration ` to learn more about how the CloudWatch Logs integration works. #. Restart Wazuh to apply the configuration changes. diff --git a/source/amazon/services/supported-services/elastic-load-balancing/alb.rst b/source/cloud-security/amazon/services/supported-services/elastic-load-balancing/alb.rst similarity index 90% rename from source/amazon/services/supported-services/elastic-load-balancing/alb.rst rename to source/cloud-security/amazon/services/supported-services/elastic-load-balancing/alb.rst index a8a315fc47..cec25308ce 100644 --- a/source/amazon/services/supported-services/elastic-load-balancing/alb.rst +++ b/source/cloud-security/amazon/services/supported-services/elastic-load-balancing/alb.rst @@ -13,23 +13,23 @@ Amazon ALB Amazon configuration -------------------- -#. Select an existing S3 Bucket or :doc:`create a new one `. +#. Select an existing S3 Bucket or :doc:`create a new one `. #. Go to Services > Compute > EC2: - .. thumbnail:: ../../../../images/aws/aws-create-vpc-1.png + .. thumbnail:: /images/cloud-security/aws/aws-create-vpc-1.png :align: center :width: 70% #. Go to Load Balancing > Load Balancers on the left menu. Create a new load balancer or select one or more load balancers and select *Edit attributes* on the *Actions* menu: - .. thumbnail:: ../../../../images/aws/aws-create-elb-1.png + .. thumbnail:: /images/cloud-security/aws/aws-create-elb-1.png :align: center :width: 70% #. In this tab we will define our S3 and the path where the logs will be stored: - .. thumbnail:: ../../../../images/aws/aws-create-elb-2.png + .. thumbnail:: /images/cloud-security/aws/aws-create-elb-2.png :align: center :width: 70% diff --git a/source/amazon/services/supported-services/elastic-load-balancing/clb.rst b/source/cloud-security/amazon/services/supported-services/elastic-load-balancing/clb.rst similarity index 89% rename from source/amazon/services/supported-services/elastic-load-balancing/clb.rst rename to source/cloud-security/amazon/services/supported-services/elastic-load-balancing/clb.rst index 4e34e7dc47..c14ad65c8c 100644 --- a/source/amazon/services/supported-services/elastic-load-balancing/clb.rst +++ b/source/cloud-security/amazon/services/supported-services/elastic-load-balancing/clb.rst @@ -13,23 +13,23 @@ Amazon CLB Amazon configuration -------------------- -#. Select an existing S3 Bucket or :doc:`create a new one `. +#. Select an existing S3 Bucket or :doc:`create a new one `. #. Go to Services > Compute > EC2: - .. thumbnail:: ../../../../images/aws/aws-create-vpc-1.png + .. thumbnail:: /images/cloud-security/aws/aws-create-vpc-1.png :align: center :width: 70% #. Go to Load Balancing > Load Balancers on the left menu. Create a new load balancer or select one or more load balancers and select *Edit attributes* on the *Actions* menu: - .. thumbnail:: ../../../../images/aws/aws-create-elb-1.png + .. thumbnail:: /images/cloud-security/aws/aws-create-elb-1.png :align: center :width: 70% #. In this tab we will define our S3 and the path where the logs will be stored: - .. thumbnail:: ../../../../images/aws/aws-create-elb-2.png + .. thumbnail:: /images/cloud-security/aws/aws-create-elb-2.png :align: center :width: 70% diff --git a/source/amazon/services/supported-services/elastic-load-balancing/index.rst b/source/cloud-security/amazon/services/supported-services/elastic-load-balancing/index.rst similarity index 100% rename from source/amazon/services/supported-services/elastic-load-balancing/index.rst rename to source/cloud-security/amazon/services/supported-services/elastic-load-balancing/index.rst diff --git a/source/amazon/services/supported-services/elastic-load-balancing/nlb.rst b/source/cloud-security/amazon/services/supported-services/elastic-load-balancing/nlb.rst similarity index 90% rename from source/amazon/services/supported-services/elastic-load-balancing/nlb.rst rename to source/cloud-security/amazon/services/supported-services/elastic-load-balancing/nlb.rst index 43590a2289..4542d3bf7f 100644 --- a/source/amazon/services/supported-services/elastic-load-balancing/nlb.rst +++ b/source/cloud-security/amazon/services/supported-services/elastic-load-balancing/nlb.rst @@ -13,23 +13,23 @@ Amazon NLB Amazon configuration -------------------- -#. Select an existing S3 Bucket or :doc:`create a new one `. +#. Select an existing S3 Bucket or :doc:`create a new one `. #. Go to Services > Compute > EC2: - .. thumbnail:: ../../../../images/aws/aws-create-vpc-1.png + .. thumbnail:: /images/cloud-security/aws/aws-create-vpc-1.png :align: center :width: 70% #. Go to Load Balancing > Load Balancers on the left menu. Create a new load balancer or select one or more load balancers and select *Edit attributes* on the *Actions* menu: - .. thumbnail:: ../../../../images/aws/aws-create-elb-1.png + .. thumbnail:: /images/cloud-security/aws/aws-create-elb-1.png :align: center :width: 70% #. In this tab we will define our S3 and the path where the logs will be stored: - .. thumbnail:: ../../../../images/aws/aws-create-elb-2.png + .. thumbnail:: /images/cloud-security/aws/aws-create-elb-2.png :align: center :width: 70% diff --git a/source/amazon/services/supported-services/guardduty.rst b/source/cloud-security/amazon/services/supported-services/guardduty.rst similarity index 70% rename from source/amazon/services/supported-services/guardduty.rst rename to source/cloud-security/amazon/services/supported-services/guardduty.rst index 694504987c..ca5185a305 100644 --- a/source/amazon/services/supported-services/guardduty.rst +++ b/source/cloud-security/amazon/services/supported-services/guardduty.rst @@ -13,83 +13,83 @@ Amazon GuardDuty Amazon configuration -------------------- -#. :doc:`Create a new ` S3 bucket. (If you want to use an already created one, skip this step). +#. :doc:`Create a new ` S3 bucket. (If you want to use an already created one, skip this step). #. Go to Services > Analytics > Kinesis: - .. thumbnail:: ../../../images/aws/aws-create-firehose-4.png + .. thumbnail:: /images/cloud-security/aws/aws-create-firehose-4.png :align: center :width: 70% #. If it's the first time you're using this service, you'll see the following screen. Just click on *Get started*: - .. thumbnail:: ../../../images/aws/aws-create-firehose-4.1.png + .. thumbnail:: /images/cloud-security/aws/aws-create-firehose-4.1.png :align: center :width: 70% #. Click on *Create delivery stream* button: - .. thumbnail:: ../../../images/aws/aws-create-firehose-5.png + .. thumbnail:: /images/cloud-security/aws/aws-create-firehose-5.png :align: center :width: 70% #. Put a name to your delivery stream and click on the *Next* button at the bottom of the page: - .. thumbnail:: ../../../images/aws/aws-create-firehose-6.png + .. thumbnail:: /images/cloud-security/aws/aws-create-firehose-6.png :align: center :width: 70% #. On the next page, leave both options as *Disabled* and click on *Next*: - .. thumbnail:: ../../../images/aws/aws-create-firehose-7.png + .. thumbnail:: /images/cloud-security/aws/aws-create-firehose-7.png :align: center :width: 70% #. Select *Amazon S3* as the destination, then select the previously created S3 bucket and add a prefix where logs will be stored. AWS Firehose creates a file structure *YYYY/MM/DD/HH*, if a prefix is used the created file structure would be *firehose/YYYY/MM/DD/HH*. If a prefix is used it must be specified under the Wazuh Bucket configuration: - .. thumbnail:: ../../../images/aws/aws-create-firehose-8.png + .. thumbnail:: /images/cloud-security/aws/aws-create-firehose-8.png :align: center :width: 70% #. You can select the compression you prefer. Wazuh supports any kind of compression but Snappy. After that, click on **Create new or choose**: - .. thumbnail:: ../../../images/aws/aws-create-firehose-9.png + .. thumbnail:: /images/cloud-security/aws/aws-create-firehose-9.png :align: center :width: 70% #. Give a proper name to the role and click on the *Allow* button: - .. thumbnail:: ../../../images/aws/aws-create-firehose-10.png + .. thumbnail:: /images/cloud-security/aws/aws-create-firehose-10.png :align: center :width: 70% #. The following page is just a summary of the Firehose stream created. Go to the bottom of the page and click on the **Create delivery stream** button. - .. thumbnail:: ../../../images/aws/aws-create-firehose-11.png + .. thumbnail:: /images/cloud-security/aws/aws-create-firehose-11.png :align: center :width: 70% #. Go to Services > Management Tools > CloudWatch: - .. thumbnail:: ../../../images/aws/aws-create-firehose-12.png + .. thumbnail:: /images/cloud-security/aws/aws-create-firehose-12.png :align: center :width: 70% #. Select *Rules* on the left menu and click on the *Create rule* button: - .. thumbnail:: ../../../images/aws/aws-create-firehose-13.png + .. thumbnail:: /images/cloud-security/aws/aws-create-firehose-13.png :align: center :width: 70% #. Select the services you want to get logs from using the **Service name** slider, then, click on the **Add target** button and add the previously created Firehose delivery stream there. Also, create a new role to access the delivery stream. - .. thumbnail:: ../../../images/aws/aws-create-firehose-14.png + .. thumbnail:: /images/cloud-security/aws/aws-create-firehose-14.png :align: center :width: 70% #. Give the rule some name and click on the *Create rule* button: - .. thumbnail:: ../../../images/aws/aws-create-firehose-15.png + .. thumbnail:: /images/cloud-security/aws/aws-create-firehose-15.png :align: center :width: 70% @@ -151,7 +151,7 @@ Brute force attacks If an instance has an open port that is receiving a brute force attack, the following alert will be shown on the Wazuh dashboard. It shows information about the attacked host, the attacker, and which port is being attacked: -.. thumbnail:: ../../../images/aws/aws-ec2-guardduty.png +.. thumbnail:: /images/cloud-security/aws/aws-ec2-guardduty.png :align: center :width: 70% @@ -160,7 +160,7 @@ EC2 API Calls made from unusual network If an API call is made from an unusual network, the following alert will be shown on the Wazuh dashboard. It shows the location of the unusual network, the user who did the API calls, and which API calls it did: -.. thumbnail:: ../../../images/aws/aws-ec2-guardduty2.png +.. thumbnail:: /images/cloud-security/aws/aws-ec2-guardduty2.png :align: center :width: 70% @@ -169,30 +169,30 @@ Compromised EC2 instance If there is any indicator of a compromised EC2 instance, an alert will be shown on the Wazuh dashboard explaining what's happening. Some examples of alerts are shown below: -.. thumbnail:: ../../../images/aws/aws-ec2-guardduty3.png +.. thumbnail:: /images/cloud-security/aws/aws-ec2-guardduty3.png :align: center :width: 70% -.. thumbnail:: ../../../images/aws/aws-ec2-guardduty4.png +.. thumbnail:: /images/cloud-security/aws/aws-ec2-guardduty4.png :align: center :width: 70% -.. thumbnail:: ../../../images/aws/aws-ec2-guardduty5.png +.. thumbnail:: /images/cloud-security/aws/aws-ec2-guardduty5.png :align: center :width: 70% To sum up, the following screenshot shows some alerts generated for a compromised EC2 instance: -.. thumbnail:: ../../../images/aws/aws-ec2-guardduty6.png +.. thumbnail:: /images/cloud-security/aws/aws-ec2-guardduty6.png :align: center :width: 70% And here are the Wazuh dashboard charts for EC2 events: -+----------------------------------------------------------+------------------------------------------------------------+ -| Pie Chart | Stacked Groups | -+==========================================================+============================================================+ -| .. thumbnail:: ../../../images/aws/aws-ec2-pannels-1.png | .. thumbnail:: ../../../images/aws/aws-ec2-pannels-2.png | -| :align: center | :align: center | -| :width: 70% | :width: 70% | -+----------------------------------------------------------+------------------------------------------------------------+ ++-----------------------------------------------------------------+-------------------------------------------------------------------+ +| Pie Chart | Stacked Groups | ++=================================================================+===================================================================+ +| .. thumbnail:: /images/cloud-security/aws/aws-ec2-pannels-1.png | .. thumbnail:: /images/cloud-security/aws/aws-ec2-pannels-2.png | +| :align: center | :align: center | +| :width: 70% | :width: 70% | ++-----------------------------------------------------------------+-------------------------------------------------------------------+ diff --git a/source/amazon/services/supported-services/index.rst b/source/cloud-security/amazon/services/supported-services/index.rst similarity index 100% rename from source/amazon/services/supported-services/index.rst rename to source/cloud-security/amazon/services/supported-services/index.rst diff --git a/source/amazon/services/supported-services/inspector.rst b/source/cloud-security/amazon/services/supported-services/inspector.rst similarity index 88% rename from source/amazon/services/supported-services/inspector.rst rename to source/cloud-security/amazon/services/supported-services/inspector.rst index 3f6304e19b..7dffa360c1 100644 --- a/source/amazon/services/supported-services/inspector.rst +++ b/source/cloud-security/amazon/services/supported-services/inspector.rst @@ -20,25 +20,25 @@ Amazon configuration #. To start using Amazon Inspector Classic, go to the Amazon Web Services management console and search for the Inspector service. Once there, click on the left side menu. - .. thumbnail:: ../../../images/aws/aws-inspector-overview.png + .. thumbnail:: /images/cloud-security/aws/aws-inspector-overview.png :align: center :width: 100% #. Click on **Switch to Inspector Classic**. - .. thumbnail:: ../../../images/aws/aws-inspector-side-menu.png + .. thumbnail:: /images/cloud-security/aws/aws-inspector-side-menu.png :align: center :width: 100% #. Click on **Get started**. - .. thumbnail:: ../../../images/aws/aws-inspector-get-started.png + .. thumbnail:: /images/cloud-security/aws/aws-inspector-get-started.png :align: center :width: 100% #. Click on **Advanced setup**. - .. thumbnail:: ../../../images/aws/aws-inspector-advanced-setup.png + .. thumbnail:: /images/cloud-security/aws/aws-inspector-advanced-setup.png :align: center :width: 100% @@ -52,7 +52,7 @@ Amazon configuration #. Click on **Next**. - .. thumbnail:: ../../../images/aws/aws-inspector-assessment-target.png + .. thumbnail:: /images/cloud-security/aws/aws-inspector-assessment-target.png :align: center :width: 100% @@ -60,13 +60,13 @@ Amazon configuration #. Configure the assessment template. Choose the name, duration, and periodicity of the analysis and click on **Next**. - .. thumbnail:: ../../../images/aws/aws-inspector-assessment-template.png + .. thumbnail:: /images/cloud-security/aws/aws-inspector-assessment-template.png :align: center :width: 100% #. Finally, review the details of the configured target and template and click on **Next**. - .. thumbnail:: ../../../images/aws/aws-inspector-review.png + .. thumbnail:: /images/cloud-security/aws/aws-inspector-review.png :align: center :width: 100% diff --git a/source/amazon/services/supported-services/kms.rst b/source/cloud-security/amazon/services/supported-services/kms.rst similarity index 79% rename from source/amazon/services/supported-services/kms.rst rename to source/cloud-security/amazon/services/supported-services/kms.rst index a9b44ae8af..9f25281e0d 100644 --- a/source/amazon/services/supported-services/kms.rst +++ b/source/cloud-security/amazon/services/supported-services/kms.rst @@ -13,83 +13,83 @@ AWS Key Management Service (KMS) Amazon configuration -------------------- -#. :doc:`Create a new ` S3 bucket. (If you want to use an already created one, skip this step). +#. :doc:`Create a new ` S3 bucket. (If you want to use an already created one, skip this step). #. Go to Services > Analytics > Kinesis: - .. thumbnail:: ../../../images/aws/aws-create-firehose-4.png + .. thumbnail:: /images/cloud-security/aws/aws-create-firehose-4.png :align: center :width: 70% #. If it's the first time you're using this service, you'll see the following screen. Just click on *Get started*: - .. thumbnail:: ../../../images/aws/aws-create-firehose-4.1.png + .. thumbnail:: /images/cloud-security/aws/aws-create-firehose-4.1.png :align: center :width: 70% #. Click on *Create delivery stream* button: - .. thumbnail:: ../../../images/aws/aws-create-firehose-5.png + .. thumbnail:: /images/cloud-security/aws/aws-create-firehose-5.png :align: center :width: 70% #. Put a name to your delivery stream and click on the *Next* button at the bottom of the page: - .. thumbnail:: ../../../images/aws/aws-create-firehose-6.png + .. thumbnail:: /images/cloud-security/aws/aws-create-firehose-6.png :align: center :width: 70% #. On the next page, leave both options as *Disabled* and click on *Next*: - .. thumbnail:: ../../../images/aws/aws-create-firehose-7.png + .. thumbnail:: /images/cloud-security/aws/aws-create-firehose-7.png :align: center :width: 70% #. Select *Amazon S3* as the destination, then select the previously created S3 bucket and add a prefix where logs will be stored. AWS Firehose creates a file structure *YYYY/MM/DD/HH*, if a prefix is used the created file structure would be *firehose/YYYY/MM/DD/HH*. If a prefix is used it must be specified under the Wazuh Bucket configuration: - .. thumbnail:: ../../../images/aws/aws-create-firehose-8.png + .. thumbnail:: /images/cloud-security/aws/aws-create-firehose-8.png :align: center :width: 70% #. Users can select the compression they prefer. Wazuh supports any kind of compression but Snappy. After that, click on **Create new or choose** - .. thumbnail:: ../../../images/aws/aws-create-firehose-9.png + .. thumbnail:: /images/cloud-security/aws/aws-create-firehose-9.png :align: center :width: 70% #. Give a proper name to the role and click on the *Allow* button: - .. thumbnail:: ../../../images/aws/aws-create-firehose-10.png + .. thumbnail:: /images/cloud-security/aws/aws-create-firehose-10.png :align: center :width: 70% #. The following page is just a summary of the Firehose stream created, go to the bottom of the page and click on the **Create delivery stream** button: - .. thumbnail:: ../../../images/aws/aws-create-firehose-11.png + .. thumbnail:: /images/cloud-security/aws/aws-create-firehose-11.png :align: center :width: 70% #. Go to Services > Management Tools > CloudWatch: - .. thumbnail:: ../../../images/aws/aws-create-firehose-12.png + .. thumbnail:: /images/cloud-security/aws/aws-create-firehose-12.png :align: center :width: 70% #. Select *Rules* on the left menu and click on the *Create rule* button: - .. thumbnail:: ../../../images/aws/aws-create-firehose-13.png + .. thumbnail:: /images/cloud-security/aws/aws-create-firehose-13.png :align: center :width: 70% #. Select the services you want to get logs from using the **Service name** slider, then, click on the **Add target** button and add the previously created Firehose delivery stream there. Also, create a new role to access the delivery stream. - .. thumbnail:: ../../../images/aws/aws-create-firehose-14.png + .. thumbnail:: /images/cloud-security/aws/aws-create-firehose-14.png :align: center :width: 70% #. Give the rule some name and click on the *Create rule* button: - .. thumbnail:: ../../../images/aws/aws-create-firehose-15.png + .. thumbnail:: /images/cloud-security/aws/aws-create-firehose-15.png :align: center :width: 70% diff --git a/source/amazon/services/supported-services/macie.rst b/source/cloud-security/amazon/services/supported-services/macie.rst similarity index 80% rename from source/amazon/services/supported-services/macie.rst rename to source/cloud-security/amazon/services/supported-services/macie.rst index ecf8707853..6cc63f0f3d 100644 --- a/source/amazon/services/supported-services/macie.rst +++ b/source/cloud-security/amazon/services/supported-services/macie.rst @@ -13,83 +13,83 @@ Amazon Macie Amazon configuration -------------------- -#. :doc:`Create a new ` S3 bucket. (If you want to use an already created one, skip this step). +#. :doc:`Create a new ` S3 bucket. (If you want to use an already created one, skip this step). #. Go to Services > Analytics > Kinesis: - .. thumbnail:: ../../../images/aws/aws-create-firehose-4.png + .. thumbnail:: /images/cloud-security/aws/aws-create-firehose-4.png :align: center :width: 70% #. If it's the first time you're using this service, you'll see the following screen. Just click on *Get started*: - .. thumbnail:: ../../../images/aws/aws-create-firehose-4.1.png + .. thumbnail:: /images/cloud-security/aws/aws-create-firehose-4.1.png :align: center :width: 70% #. Click on *Create delivery stream* button: - .. thumbnail:: ../../../images/aws/aws-create-firehose-5.png + .. thumbnail:: /images/cloud-security/aws/aws-create-firehose-5.png :align: center :width: 70% #. Put a name to your delivery stream and click on the *Next* button at the bottom of the page: - .. thumbnail:: ../../../images/aws/aws-create-firehose-6.png + .. thumbnail:: /images/cloud-security/aws/aws-create-firehose-6.png :align: center :width: 70% #. On the next page, leave both options as *Disabled* and click on *Next*: - .. thumbnail:: ../../../images/aws/aws-create-firehose-7.png + .. thumbnail:: /images/cloud-security/aws/aws-create-firehose-7.png :align: center :width: 70% #. Select *Amazon S3* as the destination, then select the previously created S3 bucket and add a prefix where logs will be stored. AWS Firehose creates a file structure *YYYY/MM/DD/HH*, if a prefix is used the created file structure would be *firehose/YYYY/MM/DD/HH*. If a prefix is used it must be specified under the Wazuh Bucket configuration: - .. thumbnail:: ../../../images/aws/aws-create-firehose-8.png + .. thumbnail:: /images/cloud-security/aws/aws-create-firehose-8.png :align: center :width: 70% #. You can select the compression you prefer. Wazuh supports any kind of compression but Snappy. After that, click on **Create new or choose**: - .. thumbnail:: ../../../images/aws/aws-create-firehose-9.png + .. thumbnail:: /images/cloud-security/aws/aws-create-firehose-9.png :align: center :width: 70% #. Give a proper name to the role and click on the *Allow* button: - .. thumbnail:: ../../../images/aws/aws-create-firehose-10.png + .. thumbnail:: /images/cloud-security/aws/aws-create-firehose-10.png :align: center :width: 70% #. The following page is just a summary of the Firehose stream created, go to the bottom of the page and click on the **Create delivery stream** button: - .. thumbnail:: ../../../images/aws/aws-create-firehose-11.png + .. thumbnail:: /images/cloud-security/aws/aws-create-firehose-11.png :align: center :width: 70% #. Go to Services > Management Tools > CloudWatch: - .. thumbnail:: ../../../images/aws/aws-create-firehose-12.png + .. thumbnail:: /images/cloud-security/aws/aws-create-firehose-12.png :align: center :width: 70% #. Select *Rules* on the left menu and click on the *Create rule* button: - .. thumbnail:: ../../../images/aws/aws-create-firehose-13.png + .. thumbnail:: /images/cloud-security/aws/aws-create-firehose-13.png :align: center :width: 70% #. Select the services you want to get logs from using the **Service name** slider, then, click on the **Add target** button and add the previously created Firehose delivery stream there. Also, create a new role to access the delivery stream. - .. thumbnail:: ../../../images/aws/aws-create-firehose-14.png + .. thumbnail:: /images/cloud-security/aws/aws-create-firehose-14.png :align: center :width: 70% #. Give the rule some name and click on the *Create rule* button: - .. thumbnail:: ../../../images/aws/aws-create-firehose-15.png + .. thumbnail:: /images/cloud-security/aws/aws-create-firehose-15.png :align: center :width: 70% @@ -147,6 +147,6 @@ Bucket removal Multiple alerts will be raised when a Bucket has been removed. Some examples are shown below: -.. thumbnail:: ../../../images/aws/aws-s3-1.png +.. thumbnail:: /images/cloud-security/aws/aws-s3-1.png :align: center :width: 70% diff --git a/source/amazon/services/supported-services/security-lake.rst b/source/cloud-security/amazon/services/supported-services/security-lake.rst similarity index 100% rename from source/amazon/services/supported-services/security-lake.rst rename to source/cloud-security/amazon/services/supported-services/security-lake.rst diff --git a/source/amazon/services/supported-services/server-access.rst b/source/cloud-security/amazon/services/supported-services/server-access.rst similarity index 84% rename from source/amazon/services/supported-services/server-access.rst rename to source/cloud-security/amazon/services/supported-services/server-access.rst index 4974c37b75..8a61dc99ce 100644 --- a/source/amazon/services/supported-services/server-access.rst +++ b/source/cloud-security/amazon/services/supported-services/server-access.rst @@ -14,33 +14,33 @@ Amazon S3 Server Access Amazon configuration -------------------- -#. :doc:`Create a new ` S3 bucket to store the access logs in it. If you want to use an existing one, skip this step. +#. :doc:`Create a new ` S3 bucket to store the access logs in it. If you want to use an existing one, skip this step. #. Go to Services > Storage > S3: - .. thumbnail:: ../../../images/aws/aws-server-access-1.png + .. thumbnail:: /images/cloud-security/aws/aws-server-access-1.png :align: center :width: 70% #. Look for the S3 bucket you want to monitor and click on its name: - .. thumbnail:: ../../../images/aws/aws-server-access-2.png + .. thumbnail:: /images/cloud-security/aws/aws-server-access-2.png :align: center :width: 70% #. Go to the **Properties** tab, scroll down until you find the **Server access logging**, and click on the **Edit** button: - .. thumbnail:: ../../../images/aws/aws-server-access-3.png + .. thumbnail:: /images/cloud-security/aws/aws-server-access-3.png :align: center :width: 70% - .. thumbnail:: ../../../images/aws/aws-server-access-4.png + .. thumbnail:: /images/cloud-security/aws/aws-server-access-4.png :align: center :width: 70% #. Check the **Enable** option, and click on the **Browse S3** button to look for the bucket in which you want S3 Server Access logs to be stored: - .. thumbnail:: ../../../images/aws/aws-server-access-5.png + .. thumbnail:: /images/cloud-security/aws/aws-server-access-5.png :align: center :width: 70% diff --git a/source/amazon/services/supported-services/trusted-advisor.rst b/source/cloud-security/amazon/services/supported-services/trusted-advisor.rst similarity index 81% rename from source/amazon/services/supported-services/trusted-advisor.rst rename to source/cloud-security/amazon/services/supported-services/trusted-advisor.rst index 0852f8fa4c..29f8c556c8 100644 --- a/source/amazon/services/supported-services/trusted-advisor.rst +++ b/source/cloud-security/amazon/services/supported-services/trusted-advisor.rst @@ -15,7 +15,7 @@ Amazon configuration Learn how to configure the different services required to integrate Trusted Advisor into Wazuh: - .. thumbnail:: ../../../images/aws/trusted-advisor.png + .. thumbnail:: /images/cloud-security/aws/trusted-advisor.png :align: center :width: 80% @@ -24,53 +24,53 @@ Amazon Kinesis configuration Create an Amazon Kinesis Data Firehose delivery stream to be able to store the Trusted Advisor logs into the desired S3 bucket so Wazuh can process them. -#. :doc:`Create a new ` S3 bucket. If you want to use an already existing one, skip this step. +#. :doc:`Create a new ` S3 bucket. If you want to use an already existing one, skip this step. #. Search for **Kinesis** in the search bar at the top of the page or go to **Services** > **Analytics** > **Kinesis**: - .. thumbnail:: ../../../images/aws/trusted-kinesis-0.png + .. thumbnail:: /images/cloud-security/aws/trusted-kinesis-0.png :align: center :width: 80% #. Select the **Kinesis Data Firehose** option and then click in the **Create delivery stream** button: - .. thumbnail:: ../../../images/aws/trusted-kinesis-1.png + .. thumbnail:: /images/cloud-security/aws/trusted-kinesis-1.png :align: center :width: 80% #. Select **Direct PUT** and **Amazon S3** as the desired Source and Destination, respectively: - .. thumbnail:: ../../../images/aws/trusted-kinesis-2.png + .. thumbnail:: /images/cloud-security/aws/trusted-kinesis-2.png :align: center :width: 80% #. Choose an appropriate **Delivery stream name**: - .. thumbnail:: ../../../images/aws/trusted-kinesis-3.png + .. thumbnail:: /images/cloud-security/aws/trusted-kinesis-3.png :align: center :width: 80% #. Leave both **Data transformation** and **Record format conversion** options disabled: - .. thumbnail:: ../../../images/aws/trusted-kinesis-4.png + .. thumbnail:: /images/cloud-security/aws/trusted-kinesis-4.png :align: center :width: 80% #. Select the desired S3 bucket as the destination. It is possible to specify a custom prefix to alter the path where AWS store the logs. AWS Firehose creates a file structure ``YYYY/MM/DD/HH``, if a prefix is used the created file structure would be ``prefix-name/YYYY/MM/DD/HH``. If a prefix is used it must be specified under the Wazuh Bucket configuration: - .. thumbnail:: ../../../images/aws/trusted-kinesis-5.png + .. thumbnail:: /images/cloud-security/aws/trusted-kinesis-5.png :align: center :width: 80% #. Create or choose an existing IAM role to be used by Kinesis Data Firehose in the **Advanced settings** section: - .. thumbnail:: ../../../images/aws/trusted-kinesis-6.png + .. thumbnail:: /images/cloud-security/aws/trusted-kinesis-6.png :align: center :width: 80% #. Click on the **Create delivery stream** button at the end of the page. The new Delivery stream will be created and its details will be shown as follows: - .. thumbnail:: ../../../images/aws/trusted-kinesis-7.png + .. thumbnail:: /images/cloud-security/aws/trusted-kinesis-7.png :align: center :width: 80% @@ -82,38 +82,38 @@ Configure an Amazon EventBridge rule to send Trusted Advisor events to the Amazo #. Search for **EventBridge** in the search bar at the top of the page or go to **Services** > **Application Integration** > **EventBridge**: - .. thumbnail:: ../../../images/aws/trusted-eventbridge-1.png + .. thumbnail:: /images/cloud-security/aws/trusted-eventbridge-1.png :align: center :width: 80% #. Click on the **Create rule** button: - .. thumbnail:: ../../../images/aws/trusted-eventbridge-2.png + .. thumbnail:: /images/cloud-security/aws/trusted-eventbridge-2.png :align: center :width: 80% #. Give an appropriate name for the EventBridge rule: - .. thumbnail:: ../../../images/aws/trusted-eventbridge-3.png + .. thumbnail:: /images/cloud-security/aws/trusted-eventbridge-3.png :align: center :width: 80% #. In the **Define pattern** section choose **Event pattern**, then **Pre-defined pattern by service**. Select **AWS** and **Trusted Advisor** as the **Service provider** and **Service name**, respectively. Choose **All Events** as the desired **Event type**: - .. thumbnail:: ../../../images/aws/trusted-eventbridge-4.png + .. thumbnail:: /images/cloud-security/aws/trusted-eventbridge-4.png :align: center :width: 80% #. Select the Firehose delivery stream created following the Kinesis steps as the **Target** for this EventBridge rule. Create a new role or specify an existing one for this resource if required: - .. thumbnail:: ../../../images/aws/trusted-eventbridge-5.png + .. thumbnail:: /images/cloud-security/aws/trusted-eventbridge-5.png :align: center :width: 80% #. Scroll down and click on **Create rule**. The new rule will now be present in the **Amazon EventBridge** > **Rules** section, ready to be used. From now on, every time a Trusted Advisor event is sent, it will be stored in the specified S3 bucket. Remember to enable the Trusted Advisor service first, otherwise no data will be processed: - .. thumbnail:: ../../../images/aws/trusted-eventbridge-6.png + .. thumbnail:: /images/cloud-security/aws/trusted-eventbridge-6.png :align: center :width: 80% @@ -122,13 +122,13 @@ AWS Trusted Advisor configuration #. Search for **Trusted Advisor** in the search bar at the top of the page or go to **Services** > **Management & Governance** > **Trusted Advisor**: - .. thumbnail:: ../../../images/aws/trusted-advisor-1.png + .. thumbnail:: /images/cloud-security/aws/trusted-advisor-1.png :align: center :width: 80% #. Go to **Preferences** in the left menu and click on the **Enable Trusted Advisor** button: - .. thumbnail:: ../../../images/aws/trusted-advisor-2.png + .. thumbnail:: /images/cloud-security/aws/trusted-advisor-2.png :align: center :width: 80% @@ -147,11 +147,11 @@ Wazuh configuration #. Access the Wazuh configuration in **Wazuh** > **Management** > **Configuration** using the Wazuh UI or by manually editing the ``/var/ossec/etc/ossec.conf`` file in the host: - .. thumbnail:: ../../../images/aws/trusted-ui-1.png + .. thumbnail:: /images/cloud-security/aws/trusted-ui-1.png :align: center :width: 80% - .. thumbnail:: ../../../images/aws/trusted-ui-2.png + .. thumbnail:: /images/cloud-security/aws/trusted-ui-2.png :align: center :width: 80% @@ -186,6 +186,6 @@ Wazuh configuration The :ref:`AWS S3 module ` configuration can be reviewed from **Wazuh** > **Management** > **Configuration** > **Cloud security monitoring** once added in the :ref:`Local configuration `. - .. thumbnail:: ../../../images/aws/trusted-ui-3.png + .. thumbnail:: /images/cloud-security/aws/trusted-ui-3.png :align: center :width: 80% diff --git a/source/amazon/services/supported-services/vpc.rst b/source/cloud-security/amazon/services/supported-services/vpc.rst similarity index 87% rename from source/amazon/services/supported-services/vpc.rst rename to source/cloud-security/amazon/services/supported-services/vpc.rst index 3c4ba3d087..56279ecc33 100644 --- a/source/amazon/services/supported-services/vpc.rst +++ b/source/cloud-security/amazon/services/supported-services/vpc.rst @@ -13,23 +13,23 @@ Amazon Virtual Private Cloud (VPC) Amazon configuration -------------------- -#. Select an existing S3 Bucket or :doc:`create a new one `. +#. Select an existing S3 Bucket or :doc:`create a new one `. #. Go to Services > Compute > EC2: - .. thumbnail:: ../../../images/aws/aws-create-vpc-1.png + .. thumbnail:: /images/cloud-security/aws/aws-create-vpc-1.png :align: center :width: 70% #. Go to Network & Security > Network Interfaces on the left menu. Select a network interface and select *Create a flow log* on the *Actions* menu: - .. thumbnail:: ../../../images/aws/aws-create-vpc-2.png + .. thumbnail:: /images/cloud-security/aws/aws-create-vpc-2.png :align: center :width: 70% #. Change all fields to look like the following screenshot and paste the ARN of the previously created bucket: - .. thumbnail:: ../../../images/aws/aws-create-vpc-3.png + .. thumbnail:: /images/cloud-security/aws/aws-create-vpc-3.png :align: center :width: 70% @@ -97,13 +97,13 @@ Create a VPC If a VPC is created, the following alert will be shown on Kibana: -.. thumbnail:: ../../../images/aws/aws-vpc-1.png +.. thumbnail:: /images/cloud-security/aws/aws-vpc-1.png :align: center :width: 70% If a user without proper permissions attempts to create a VPC, the following alert will be shown on Kibana: -.. thumbnail:: ../../../images/aws/aws-vpc-2.png +.. thumbnail:: /images/cloud-security/aws/aws-vpc-2.png :align: center :width: 70% @@ -112,13 +112,13 @@ Working with VPC Data A VPC alert contains data such as dest and source IP address, dst and source port, and how many bytes were sent: -.. thumbnail:: ../../../images/aws/aws-vpc-3.png +.. thumbnail:: /images/cloud-security/aws/aws-vpc-3.png :align: center :width: 70% These alerts can be easily analyzed using visualizations like the following one: -.. thumbnail:: ../../../images/aws/vpc-flow-data-visualization.png +.. thumbnail:: /images/cloud-security/aws/vpc-flow-data-visualization.png :align: center :width: 70% diff --git a/source/amazon/services/supported-services/waf.rst b/source/cloud-security/amazon/services/supported-services/waf.rst similarity index 82% rename from source/amazon/services/supported-services/waf.rst rename to source/cloud-security/amazon/services/supported-services/waf.rst index 06b8bae61f..c78251d32e 100644 --- a/source/amazon/services/supported-services/waf.rst +++ b/source/cloud-security/amazon/services/supported-services/waf.rst @@ -13,83 +13,83 @@ Amazon Web Application Firewall (WAF) Amazon configuration -------------------- -#. :doc:`Create a new ` S3 bucket. (If you want to use an already created one, skip this step). +#. :doc:`Create a new ` S3 bucket. (If you want to use an already created one, skip this step). #. Go to Services > Analytics > Kinesis: - .. thumbnail:: ../../../images/aws/aws-create-firehose-4.png + .. thumbnail:: /images/cloud-security/aws/aws-create-firehose-4.png :align: center :width: 70% #. If it's the first time you're using this service, you'll see the following screen. Just click on *Get started*: - .. thumbnail:: ../../../images/aws/aws-create-firehose-4.1.png + .. thumbnail:: /images/cloud-security/aws/aws-create-firehose-4.1.png :align: center :width: 70% #. Click on *Create delivery stream* button: - .. thumbnail:: ../../../images/aws/aws-create-firehose-5.png + .. thumbnail:: /images/cloud-security/aws/aws-create-firehose-5.png :align: center :width: 70% #. Put a name to your delivery stream and click on the *Next* button at the bottom of the page: - .. thumbnail:: ../../../images/aws/aws-create-firehose-6.png + .. thumbnail:: /images/cloud-security/aws/aws-create-firehose-6.png :align: center :width: 70% #. On the next page, leave both options as *Disabled* and click on *Next*: - .. thumbnail:: ../../../images/aws/aws-create-firehose-7.png + .. thumbnail:: /images/cloud-security/aws/aws-create-firehose-7.png :align: center :width: 70% #. Select *Amazon S3* as the destination, then select the previously created S3 bucket and add a prefix where logs will be stored. AWS Firehose creates a file structure *YYYY/MM/DD/HH*, if a prefix is used the created file structure would be *firehose/YYYY/MM/DD/HH*. If a prefix is used it must be specified under the Wazuh Bucket configuration: - .. thumbnail:: ../../../images/aws/aws-create-firehose-8.png + .. thumbnail:: /images/cloud-security/aws/aws-create-firehose-8.png :align: center :width: 70% #. Users can select the compression they prefer. Wazuh supports any kind of compression but Snappy. After that, click on **Create new or choose**: - .. thumbnail:: ../../../images/aws/aws-create-firehose-9.png + .. thumbnail:: /images/cloud-security/aws/aws-create-firehose-9.png :align: center :width: 70% #. Give a proper name to the role and click on the *Allow* button: - .. thumbnail:: ../../../images/aws/aws-create-firehose-10.png + .. thumbnail:: /images/cloud-security/aws/aws-create-firehose-10.png :align: center :width: 70% #. The following page is just a summary of the Firehose stream created, go to the bottom of the page and click on the *Create delivery stream* button: - .. thumbnail:: ../../../images/aws/aws-create-firehose-11.png + .. thumbnail:: /images/cloud-security/aws/aws-create-firehose-11.png :align: center :width: 70% #. Go to Services > Management Tools > CloudWatch: - .. thumbnail:: ../../../images/aws/aws-create-firehose-12.png + .. thumbnail:: /images/cloud-security/aws/aws-create-firehose-12.png :align: center :width: 70% #. Select *Rules* on the left menu and click on the *Create rule* button: - .. thumbnail:: ../../../images/aws/aws-create-firehose-13.png + .. thumbnail:: /images/cloud-security/aws/aws-create-firehose-13.png :align: center :width: 70% #. Select the services you want to get logs from using the **Service name** slider, then, click on the **Add target** button and add the previously created Firehose delivery stream there. Also, create a new role to access the delivery stream. - .. thumbnail:: ../../../images/aws/aws-create-firehose-14.png + .. thumbnail:: /images/cloud-security/aws/aws-create-firehose-14.png :align: center :width: 70% #. Give the rule some name and click on the *Create rule* button: - .. thumbnail:: ../../../images/aws/aws-create-firehose-15.png + .. thumbnail:: /images/cloud-security/aws/aws-create-firehose-15.png :align: center :width: 70% diff --git a/source/amazon/services/troubleshooting.rst b/source/cloud-security/amazon/services/troubleshooting.rst similarity index 100% rename from source/amazon/services/troubleshooting.rst rename to source/cloud-security/amazon/services/troubleshooting.rst diff --git a/source/azure/activity-services/active-directory/graph.rst b/source/cloud-security/azure/activity-services/active-directory/graph.rst similarity index 89% rename from source/azure/activity-services/active-directory/graph.rst rename to source/cloud-security/azure/activity-services/active-directory/graph.rst index 85f0436878..5007a875bf 100644 --- a/source/azure/activity-services/active-directory/graph.rst +++ b/source/cloud-security/azure/activity-services/active-directory/graph.rst @@ -37,7 +37,7 @@ This section explains the creation of an application that will use the Azure Log In the **Azure Active Directory** panel, select the option **App registrations**. Then, select **New registration**. -.. thumbnail:: ../../../images/azure/graph-1.png +.. thumbnail:: /images/cloud-security/azure/graph-1.png :title: Log Analytics App :align: center :width: 100% @@ -47,40 +47,40 @@ Giving permissions to the application #. Go to the **Overview** section and save the **Application (client) ID** for later authentication. - .. thumbnail:: ../../../images/azure/graph-2.png + .. thumbnail:: /images/cloud-security/azure/graph-2.png :title: AAD :align: center :width: 75% #. Go to the **API permissions** section and select the **Add a permission** option. - .. thumbnail:: ../../../images/azure/graph-3.png + .. thumbnail:: /images/cloud-security/azure/graph-3.png :title: AAD :align: center :width: 100% #. Select the API by searching for "Microsoft Graph". - .. thumbnail:: ../../../images/azure/graph-4.png + .. thumbnail:: /images/cloud-security/azure/graph-4.png :title: AAD :align: center :width: 100% #. Select the permissions in **Applications permissions** that adapt to our infrastructure. In this case, **AuditLog** permissions will be granted. Then, click **Add permissions**. - .. thumbnail:: ../../../images/azure/graph-5.png + .. thumbnail:: /images/cloud-security/azure/graph-5.png :title: AAD :align: center :width: 100% #. Grant admin consent for the tenant domain used for the permission added in the previous step. This must be done by an admin user. - .. thumbnail:: ../../../images/azure/graph-6.png + .. thumbnail:: /images/cloud-security/azure/graph-6.png :title: AAD :align: center :width: 100% - .. thumbnail:: ../../../images/azure/graph-7.png + .. thumbnail:: /images/cloud-security/azure/graph-7.png :title: AAD :align: center :width: 100% @@ -90,12 +90,12 @@ Obtaining the application key for authentication Select **Certificates & secrets** and fill in the **Description** and **Expires** fields. Copy the **value** once the key is saved. This is required to authenticate the application in order to use the Log Analytics API. -.. thumbnail:: ../../../images/azure/log-analytics-create-key.png +.. thumbnail:: /images/cloud-security/azure/log-analytics-create-key.png :title: Log Analytics App :align: center :width: 100% -.. thumbnail:: ../../../images/azure/log-analytics-key-created.png +.. thumbnail:: /images/cloud-security/azure/log-analytics-key-created.png :title: Log Analytics App :align: center :width: 100% @@ -169,7 +169,7 @@ Create a new user Create a new user in Azure. If the creation is successful, a log will be written to reflect it. This log can be retrieved using the ``auditLogs/directoryAudits`` query. -.. thumbnail:: ../../../images/azure/new-user.png +.. thumbnail:: /images/cloud-security/azure/new-user.png :title: AAD :align: center :width: 100% @@ -179,7 +179,7 @@ Azure portal visualization The resulting log from the user creation can be checked in the **Audit logs** section of Azure Active Directory. -.. thumbnail:: ../../../images/azure/portal-services.png +.. thumbnail:: /images/cloud-security/azure/portal-services.png :title: AAD :align: center :width: 100% @@ -189,12 +189,12 @@ Wazuh dashboard visualization Once the integration is running, the results will be available in the Wazuh dashboard. -.. thumbnail:: /images/azure/kibana-services-1.png +.. thumbnail:: /images/cloud-security/azure/kibana-services-1.png :title: AAD :align: center :width: 90% -.. thumbnail:: /images/azure/kibana-services-2.png +.. thumbnail:: /images/cloud-security/azure/kibana-services-2.png :title: AAD :align: center :width: 80% diff --git a/source/azure/activity-services/active-directory/index.rst b/source/cloud-security/azure/activity-services/active-directory/index.rst similarity index 83% rename from source/azure/activity-services/active-directory/index.rst rename to source/cloud-security/azure/activity-services/active-directory/index.rst index e2acf2089f..a39b7b007d 100644 --- a/source/azure/activity-services/active-directory/index.rst +++ b/source/cloud-security/azure/activity-services/active-directory/index.rst @@ -8,9 +8,9 @@ Monitoring Azure Active Directory ================================= -`Azure Active Directory `_ is the identity and directory management service that combines basic directory services, application access management, and identity protection in a single solution. The Wazuh ``azure-logs`` module requires dependencies to work as well as the right credentials to access the logs. Take a look at the :doc:`prerequisites ` section before proceeding. +`Azure Active Directory `_ is the identity and directory management service that combines basic directory services, application access management, and identity protection in a single solution. The Wazuh ``azure-logs`` module requires dependencies to work as well as the right credentials to access the logs. Take a look at the :doc:`prerequisites ` section before proceeding. -.. thumbnail:: ../../../images/azure/aad-graph-intro.png +.. thumbnail:: /images/cloud-security/azure/aad-graph-intro.png :title: AAD :align: center :width: 100% diff --git a/source/azure/activity-services/index.rst b/source/cloud-security/azure/activity-services/index.rst similarity index 100% rename from source/azure/activity-services/index.rst rename to source/cloud-security/azure/activity-services/index.rst diff --git a/source/azure/activity-services/prerequisites/considerations.rst b/source/cloud-security/azure/activity-services/prerequisites/considerations.rst similarity index 100% rename from source/azure/activity-services/prerequisites/considerations.rst rename to source/cloud-security/azure/activity-services/prerequisites/considerations.rst diff --git a/source/azure/activity-services/prerequisites/credentials.rst b/source/cloud-security/azure/activity-services/prerequisites/credentials.rst similarity index 85% rename from source/azure/activity-services/prerequisites/credentials.rst rename to source/cloud-security/azure/activity-services/prerequisites/credentials.rst index 71072cdcd6..3a61bf3364 100644 --- a/source/azure/activity-services/prerequisites/credentials.rst +++ b/source/cloud-security/azure/activity-services/prerequisites/credentials.rst @@ -13,14 +13,14 @@ It is necessary to provide access credentials to the Wazuh Azure module so it ca Getting access credentials for Microsoft Graph and Log Analytics ---------------------------------------------------------------- -For :doc:`Microsoft Graph ` and :doc:`Log Analytics ` valid ``application_id`` and ``application_key`` values are required. The necessary ``application_key`` value for a given **App Registration** in **Azure Active Directory** can be obtained from the **Certificates & secrets** section while the ``application_id`` can be obtained from the **Overview** section: +For :doc:`Microsoft Graph ` and :doc:`Log Analytics ` valid ``application_id`` and ``application_key`` values are required. The necessary ``application_key`` value for a given **App Registration** in **Azure Active Directory** can be obtained from the **Certificates & secrets** section while the ``application_id`` can be obtained from the **Overview** section: -.. thumbnail:: /images/azure/log-analytics-create-key.png +.. thumbnail:: /images/cloud-security/azure/log-analytics-create-key.png :title: Log Analytics App :align: center :width: 100% -.. thumbnail:: /images/azure/log-analytics-key-created.png +.. thumbnail:: /images/cloud-security/azure/log-analytics-key-created.png :title: Log Analytics App :align: center :width: 100% @@ -28,9 +28,9 @@ For :doc:`Microsoft Graph ` and Getting access credentials for Storage -------------------------------------- -:doc:`Azure Storage ` requires valid ``account_name`` and ``account_key`` values. They can be obtained in the **Access keys** section of **Storage accounts**: +:doc:`Azure Storage ` requires valid ``account_name`` and ``account_key`` values. They can be obtained in the **Access keys** section of **Storage accounts**: -.. thumbnail:: ../../../images/azure/account-credentials.png +.. thumbnail:: /images/cloud-security/azure/account-credentials.png :title: Storage :align: center :width: 100% diff --git a/source/azure/activity-services/prerequisites/dependencies.rst b/source/cloud-security/azure/activity-services/prerequisites/dependencies.rst similarity index 100% rename from source/azure/activity-services/prerequisites/dependencies.rst rename to source/cloud-security/azure/activity-services/prerequisites/dependencies.rst diff --git a/source/azure/activity-services/prerequisites/index.rst b/source/cloud-security/azure/activity-services/prerequisites/index.rst similarity index 100% rename from source/azure/activity-services/prerequisites/index.rst rename to source/cloud-security/azure/activity-services/prerequisites/index.rst diff --git a/source/azure/activity-services/services/index.rst b/source/cloud-security/azure/activity-services/services/index.rst similarity index 87% rename from source/azure/activity-services/services/index.rst rename to source/cloud-security/azure/activity-services/services/index.rst index 126f3c31a6..bd4e1d6b3b 100644 --- a/source/azure/activity-services/services/index.rst +++ b/source/cloud-security/azure/activity-services/services/index.rst @@ -11,7 +11,7 @@ Monitoring Azure platform and services The `Azure Monitor Logs `_ collects and organizes logs and performance data from monitored resources, including Azure services, virtual machines, and applications. This insight can be sent to Wazuh using the `Azure Log Analytics REST API` or directly accessing the contents of an `Azure Storage` account. -This section explains the two ways to proceed, looking at the steps to follow in the Microsoft Azure portal and using the ``azure-logs`` module on the Wazuh manager. The Wazuh ``azure-logs`` module requires dependencies as well as the right credentials to access the logs. Take a look at the :doc:`prerequisites ` section before proceeding. +This section explains the two ways to proceed, looking at the steps to follow in the Microsoft Azure portal and using the ``azure-logs`` module on the Wazuh manager. The Wazuh ``azure-logs`` module requires dependencies as well as the right credentials to access the logs. Take a look at the :doc:`prerequisites ` section before proceeding. .. topic:: Contents diff --git a/source/azure/activity-services/services/log-analytics.rst b/source/cloud-security/azure/activity-services/services/log-analytics.rst similarity index 86% rename from source/azure/activity-services/services/log-analytics.rst rename to source/cloud-security/azure/activity-services/services/log-analytics.rst index ce4c110aab..e2fe1bee5c 100644 --- a/source/azure/activity-services/services/log-analytics.rst +++ b/source/cloud-security/azure/activity-services/services/log-analytics.rst @@ -12,7 +12,7 @@ Using Azure Log Analytics The Log Analytics solution helps you to analyze and search the Azure activity log in all your Azure subscriptions, providing information about the operations performed with the resources of your subscriptions. -.. thumbnail:: ../../../images/azure/log-analytics-activity-send.png +.. thumbnail:: /images/cloud-security/azure/log-analytics-activity-send.png :title: Microsoft Azure resources :align: center :width: 60% @@ -34,7 +34,7 @@ Creating the application In the **Azure Active Directory** panel, select the option **App registrations**. Then, select **New registration**. -.. thumbnail:: ../../../images/azure/log-analytics-app-1.png +.. thumbnail:: /images/cloud-security/azure/log-analytics-app-1.png :title: Log Analytics App :align: center :width: 100% @@ -44,35 +44,35 @@ Giving permissions to the application 1. Go to the **Overview** section and save the **Application (client) ID** for later authentication. -.. thumbnail:: ../../../images/azure/log-analytics-app-2.png +.. thumbnail:: /images/cloud-security/azure/log-analytics-app-2.png :title: Log Analytics App :align: center :width: 100% 2. Go to the **API permissions** section and add the required permissions to the application. -.. thumbnail:: ../../../images/azure/log-analytics-app-3.png +.. thumbnail:: /images/cloud-security/azure/log-analytics-app-3.png :title: Log Analytics App :align: center :width: 100% 3. Search for the **Log Analytics API**. -.. thumbnail:: ../../../images/azure/log-analytics-app-4.png +.. thumbnail:: /images/cloud-security/azure/log-analytics-app-4.png :title: Log Analytics App :align: center :width: 100% 4. Select the **Read Log Analytics data** permission from **Applications permissions**. -.. thumbnail:: ../../../images/azure/log-analytics-app-5.png +.. thumbnail:: /images/cloud-security/azure/log-analytics-app-5.png :title: Log Analytics App :align: center :width: 100% 5. Grant admin consent for the tenant domain used for the permission added in the previous step. This must be done by an admin user. -.. thumbnail:: ../../../images/azure/log-analytics-app-6.png +.. thumbnail:: /images/cloud-security/azure/log-analytics-app-6.png :title: Log Analytics App :align: center :width: 100% @@ -83,35 +83,35 @@ Giving the application access to the Log Analytics API #. Access **Log Analytics workspaces** and create a new workspace or choose an existing one. - .. thumbnail:: /images/azure/log-analytics-workspace-1.png + .. thumbnail:: /images/cloud-security/azure/log-analytics-workspace-1.png :title: Log Analytics App :align: center :width: 100% #. In the **Overview** section, copy the ``Workspace Id`` value. The Wazuh configuration needs it to make requests to the API. - .. thumbnail:: /images/azure/log-analytics-workspace-2.png + .. thumbnail:: /images/cloud-security/azure/log-analytics-workspace-2.png :title: Log Analytics App :align: center :width: 100% #. In the **Access control (IAM)** section, click **Add** and select **Add role assignment** to add the required role to the application. - .. thumbnail:: /images/azure/log-analytics-workspace-3.png + .. thumbnail:: /images/cloud-security/azure/log-analytics-workspace-3.png :title: Log Analytics App :align: center :width: 100% #. In the **Role** tab, select the **Log Analytics Reader** role. - .. thumbnail:: /images/azure/log-analytics-workspace-4.png + .. thumbnail:: /images/cloud-security/azure/log-analytics-workspace-4.png :title: Log Analytics App :align: center :width: 100% #. In the **Members** tab, select **User, group, or service principal** under **Assign access to**. Then, click **Select members** under **Members** and find the App registration created previously. - .. thumbnail:: /images/azure/log-analytics-workspace-5.png + .. thumbnail:: /images/cloud-security/azure/log-analytics-workspace-5.png :title: Log Analytics App :align: center :width: 100% @@ -125,14 +125,14 @@ To collect logs and send them to the Log Analytics Workspace created in the prev #. Go back to **Azure Active Directory**, scroll down on the left menu bar, and select the **Diagnostic settings** section. Click on **Add diagnostic setting**. - .. thumbnail:: /images/azure/log-analytics-diagnostic-1.png + .. thumbnail:: /images/cloud-security/azure/log-analytics-diagnostic-1.png :title: Log Analytics App :align: center :width: 100% #. Choose the log categories you want to collect from, under **Logs Categories**. Check the **Send to Log Analytics workspace** option under **Destination details**. Select the Log Analytics Workspace you created in previous steps. - .. thumbnail:: /images/azure/log-analytics-diagnostic-2.png + .. thumbnail:: /images/cloud-security/azure/log-analytics-diagnostic-2.png :title: Log Analytics App :align: center :width: 100% @@ -157,7 +157,7 @@ Creating a user An easy way to test this is to create a new user in Azure Active Directory. A few minutes after the creation of the user, a new log will be available for Log Analytics reflecting this change. The log can be checked using the ``AuditLogs`` query, by accessing **Log Analytics** and running the ``AuditLogs`` query. -.. thumbnail:: ../../../images/azure/log-analytics-new-user.png +.. thumbnail:: /images/cloud-security/azure/log-analytics-new-user.png :title: Log Analytics App :align: center :width: 100% @@ -165,7 +165,7 @@ An easy way to test this is to create a new user in Azure Active Directory. A fe Wazuh configuration ^^^^^^^^^^^^^^^^^^^ -Proceed with configuring the ``azure-logs`` module in the local configuration (``ossec.conf``). The `key and ID of the application` saved during the configuration of the application will be used here, as well as the `workspace ID`. In this case, both fields were saved in a `file` for authentication. Check the :doc:`credentials ` reference for more information about this topic. +Proceed with configuring the ``azure-logs`` module in the local configuration (``ossec.conf``). The `key and ID of the application` saved during the configuration of the application will be used here, as well as the `workspace ID`. In this case, both fields were saved in a `file` for authentication. Check the :doc:`credentials ` reference for more information about this topic. Through the following configuration, Wazuh is ready to search for any query accepted by Azure Log Analytics. This example configuration includes a representative ``tag`` and will be scheduled for every Monday at 02:00, using an offset of one day, which means only the log data from the last day will be parsed: @@ -224,7 +224,7 @@ Alert visualization Once the Wazuh configuration is set and the ``azure-logs`` module is running using the previous configuration, the event will be processed. The results can be checked in the Wazuh dashboard: -.. thumbnail:: ../../../images/azure/new-user-event.png +.. thumbnail:: /images/cloud-security/azure/new-user-event.png :title: Log Analytics App :align: center :width: 100% diff --git a/source/azure/activity-services/services/storage.rst b/source/cloud-security/azure/activity-services/services/storage.rst similarity index 86% rename from source/azure/activity-services/services/storage.rst rename to source/cloud-security/azure/activity-services/services/storage.rst index 3de0cef0f2..be2aa2f4da 100644 --- a/source/azure/activity-services/services/storage.rst +++ b/source/cloud-security/azure/activity-services/services/storage.rst @@ -10,7 +10,7 @@ Using Azure Storage `Azure Storage `_ refers to the Microsoft Azure cloud storage solution, a service that provides a massively scalable object store for data objects, a messaging store for reliable messaging, a file system service for the cloud, and a NoSQL store. -.. thumbnail:: ../../../images/azure/storage-activity-log.png +.. thumbnail:: /images/cloud-security/azure/storage-activity-log.png :title: Storage :align: center :width: 60% @@ -25,21 +25,21 @@ Configuring the Activity log export 1. To export the logs, search for the **Activity log** service. It can be found by typing "Activity" in the search engine. From there, access the **Audit Logs** section and click on **Export Data Settings**. -.. thumbnail:: ../../../images/azure/storage-activity-1.png +.. thumbnail:: /images/cloud-security/azure/storage-activity-1.png :title: Storage :align: center :width: 80% 2. Click on **Add diagnostic setting**. -.. thumbnail:: ../../../images/azure/storage-activity-2.png +.. thumbnail:: /images/cloud-security/azure/storage-activity-2.png :title: Storage :align: center :width: 80% 3. Check the **AuditLogs** box and the **Archive to storage account**, selecting the name of the subscription and the Storage account to export the logs. -.. thumbnail:: ../../../images/azure/storage-activity-3.png +.. thumbnail:: /images/cloud-security/azure/storage-activity-3.png :title: Storage :align: center :width: 80% @@ -55,12 +55,12 @@ Creating a user An easy way to test this configuration is to create a new user in Azure Active Directory. A few minutes after the creation of the user, a new log will be available in a container named **insights-logs-auditlogs** inside the Storage account specified when configuring the Activity log export. -.. thumbnail:: ../../../images/azure/storage-new-user-1.png +.. thumbnail:: /images/cloud-security/azure/storage-new-user-1.png :title: Storage :align: center :width: 80% -.. thumbnail:: ../../../images/azure/storage-new-user-2.png +.. thumbnail:: /images/cloud-security/azure/storage-new-user-2.png :title: Storage :align: center :width: 80% @@ -68,9 +68,9 @@ An easy way to test this configuration is to create a new user in Azure Active D Wazuh configuration ^^^^^^^^^^^^^^^^^^^ -Proceed to configure the ``azure-logs`` module in the local configuration (``ossec.conf``). It is important to set the **account_name** and **account_key** of the Storage account to authenticate. This information can be found in the **Access keys** section of **Storage accounts**. Check the :doc:`credentials ` reference for more information about the different authentication options available. +Proceed to configure the ``azure-logs`` module in the local configuration (``ossec.conf``). It is important to set the **account_name** and **account_key** of the Storage account to authenticate. This information can be found in the **Access keys** section of **Storage accounts**. Check the :doc:`credentials ` reference for more information about the different authentication options available. -.. thumbnail:: ../../../images/azure/account-credentials.png +.. thumbnail:: /images/cloud-security/azure/account-credentials.png :title: Storage :align: center :width: 80% @@ -126,7 +126,7 @@ Alert visualization Once the Wazuh configuration is set and the ``azure-logs`` module is running using the previous configuration, the event from the user creation example exported to Storage will be processed. The results can be checked in the Wazuh dashboard. -.. thumbnail:: ../../../images/azure/storage-kibana.png +.. thumbnail:: /images/cloud-security/azure/storage-kibana.png :title: Storage :align: center :width: 80% \ No newline at end of file diff --git a/source/azure/index.rst b/source/cloud-security/azure/index.rst similarity index 100% rename from source/azure/index.rst rename to source/cloud-security/azure/index.rst diff --git a/source/azure/monitoring-instances.rst b/source/cloud-security/azure/monitoring-instances.rst similarity index 100% rename from source/azure/monitoring-instances.rst rename to source/cloud-security/azure/monitoring-instances.rst diff --git a/source/gcp/index.rst b/source/cloud-security/gcp/index.rst similarity index 92% rename from source/gcp/index.rst rename to source/cloud-security/gcp/index.rst index 250b94e3ae..73214a9c43 100644 --- a/source/gcp/index.rst +++ b/source/cloud-security/gcp/index.rst @@ -10,11 +10,11 @@ Using Wazuh to monitor GCP services Wazuh helps to increase the security of a GCP infrastructure by collecting and analyzing log data. -In the :doc:`/gcp/prerequisites/index` section there is information on: +In the :doc:`/cloud-security/gcp/prerequisites/index` section there is information on: - The required dependencies and credentials to access the services. -The :doc:`/gcp/supported-services/index` section contains detailed instructions to: +The :doc:`/cloud-security/gcp/supported-services/index` section contains detailed instructions to: - Configure and set up all the supported services. - Configure Wazuh to collect the logs. @@ -52,7 +52,7 @@ The data flow between the Wazuh module and Cloud Pub/Sub looks as follows: #. Finally, the messages are removed from the subscription’s message queue. -.. thumbnail:: ../images/gcp/gcp-data-flow.png +.. thumbnail:: /images/cloud-security/gcp/gcp-data-flow.png :align: center :width: 100% diff --git a/source/gcp/prerequisites/considerations.rst b/source/cloud-security/gcp/prerequisites/considerations.rst similarity index 100% rename from source/gcp/prerequisites/considerations.rst rename to source/cloud-security/gcp/prerequisites/considerations.rst diff --git a/source/gcp/prerequisites/credentials.rst b/source/cloud-security/gcp/prerequisites/credentials.rst similarity index 98% rename from source/gcp/prerequisites/credentials.rst rename to source/cloud-security/gcp/prerequisites/credentials.rst index 3c62677241..198415db65 100644 --- a/source/gcp/prerequisites/credentials.rst +++ b/source/cloud-security/gcp/prerequisites/credentials.rst @@ -27,7 +27,7 @@ Creating a private key After creating a service account, add a new key to it. To do this, click **Create Key**, select **JSON**, and click **Create** to complete the action. -.. thumbnail:: ../../images/gcp/gcp-account-key.png +.. thumbnail:: /images/cloud-security/gcp/gcp-account-key.png :align: center :width: 100% diff --git a/source/gcp/prerequisites/dependencies.rst b/source/cloud-security/gcp/prerequisites/dependencies.rst similarity index 100% rename from source/gcp/prerequisites/dependencies.rst rename to source/cloud-security/gcp/prerequisites/dependencies.rst diff --git a/source/gcp/prerequisites/index.rst b/source/cloud-security/gcp/prerequisites/index.rst similarity index 100% rename from source/gcp/prerequisites/index.rst rename to source/cloud-security/gcp/prerequisites/index.rst diff --git a/source/gcp/prerequisites/pubsub.rst b/source/cloud-security/gcp/prerequisites/pubsub.rst similarity index 93% rename from source/gcp/prerequisites/pubsub.rst rename to source/cloud-security/gcp/prerequisites/pubsub.rst index 2d75724abc..ecf8e669ce 100644 --- a/source/gcp/prerequisites/pubsub.rst +++ b/source/cloud-security/gcp/prerequisites/pubsub.rst @@ -19,7 +19,7 @@ Create a topic Every publishing application sends messages to topics. Wazuh will retrieve the logs from this topic. -.. thumbnail:: ../../images/gcp/gcp-topic.png +.. thumbnail:: /images/cloud-security/gcp/gcp-topic.png :align: center :width: 100% @@ -36,7 +36,7 @@ Follow the steps below to fill in the **Create subscription** form: You can create as many subscriptions as you wish. -.. thumbnail:: ../../images/gcp/gcp-subscription.png +.. thumbnail:: /images/cloud-security/gcp/gcp-subscription.png :align: center :width: 100% @@ -60,7 +60,7 @@ Follow the steps below to complete the **Create logs routing sink** form: #. **Choose logs to filter out to sink**: create exclusion filters to determine which logs are excluded #. Click the **CREATE SINK** button. -.. thumbnail:: ../../images/gcp/gcp-sink.png +.. thumbnail:: /images/cloud-security/gcp/gcp-sink.png :align: center :width: 100% diff --git a/source/gcp/supported-services/access_logs.rst b/source/cloud-security/gcp/supported-services/access_logs.rst similarity index 100% rename from source/gcp/supported-services/access_logs.rst rename to source/cloud-security/gcp/supported-services/access_logs.rst diff --git a/source/gcp/supported-services/cloud_audit_logs.rst b/source/cloud-security/gcp/supported-services/cloud_audit_logs.rst similarity index 87% rename from source/gcp/supported-services/cloud_audit_logs.rst rename to source/cloud-security/gcp/supported-services/cloud_audit_logs.rst index b306498ee0..961f9ac649 100644 --- a/source/gcp/supported-services/cloud_audit_logs.rst +++ b/source/cloud-security/gcp/supported-services/cloud_audit_logs.rst @@ -30,19 +30,19 @@ To enable Google audit logs collection, it is necessary to first ingest the audi #. Visit the `Google Cloud Logging section `_ and click on **CREATE SINK**. - .. thumbnail:: ../../images/gcp/gcp-create-sink-button.png + .. thumbnail:: /images/cloud-security/gcp/gcp-create-sink-button.png :align: center :width: 100% #. Provide a descriptive name for the sink and click on **NEXT**. - .. thumbnail:: ../../images/gcp/gcp-sink-name.png + .. thumbnail:: /images/cloud-security/gcp/gcp-sink-name.png :align: center :width: 80% #. Once the name for the sink is chosen, it is necessary to select the sink destination. As sink service, choose **Cloud Pub/Sub topic**, and then create or choose a topic to be used as destination. Then click on **NEXT**. - .. thumbnail:: ../../images/gcp/gcp-sink-destination.png + .. thumbnail:: /images/cloud-security/gcp/gcp-sink-destination.png :align: center :width: 80% @@ -54,7 +54,7 @@ To enable Google audit logs collection, it is necessary to first ingest the audi #. If it is not necessary to filter any logs out of the sink, click on **CREATE SINK**. - .. thumbnail:: ../../images/gcp/gcp-create-sink.png + .. thumbnail:: /images/cloud-security/gcp/gcp-create-sink.png :align: center :width: 80% @@ -66,19 +66,19 @@ Wazuh dashboard visualization After configuring the GCP Pub/Sub module to fetch the audit logs from Google Cloud, it is possible to visualize the alerts generated in the Wazuh dashboard. - .. thumbnail:: ../../images/gcp/gcp-overview.png + .. thumbnail:: /images/cloud-security/gcp/gcp-overview.png :align: center :width: 80% Google Cloud logs can be filtered by the **data.gcp.logName** field: - .. thumbnail:: ../../images/gcp/gcp-kibana-log-filter.png + .. thumbnail:: /images/cloud-security/gcp/gcp-kibana-log-filter.png :align: center :width: 80% After selecting the **Exists in** button, only Google Cloud-related events will appear in the Wazuh dashboard. - .. thumbnail:: ../../images/gcp/gcp-kibana-filtered-logs.png + .. thumbnail:: /images/cloud-security/gcp/gcp-kibana-filtered-logs.png :align: center :width: 80% diff --git a/source/gcp/supported-services/dns_queries.rst b/source/cloud-security/gcp/supported-services/dns_queries.rst similarity index 83% rename from source/gcp/supported-services/dns_queries.rst rename to source/cloud-security/gcp/supported-services/dns_queries.rst index 7d00df6b24..0befe52b79 100644 --- a/source/gcp/supported-services/dns_queries.rst +++ b/source/cloud-security/gcp/supported-services/dns_queries.rst @@ -19,19 +19,19 @@ Once DNS Cloud logging is configured, the generated logs must be ingested into a #. Visit the `Google Cloud Logging section `_ and click on **CREATE SINK**. - .. thumbnail:: ../../images/gcp/gcp-create-sink-button.png + .. thumbnail:: /images/cloud-security/gcp/gcp-create-sink-button.png :align: center :width: 100% #. Provide a descriptive name for the sink and click on **NEXT**. - .. thumbnail:: ../../images/gcp/gcp-sink-dns-name.png + .. thumbnail:: /images/cloud-security/gcp/gcp-sink-dns-name.png :align: center :width: 80% #. Once the name for the sink is chosen, it is necessary to select the sink destination. As sink service, choose **Cloud Pub/Sub topic**, and then create or choose a topic to be used as destination. Then click on **NEXT**. - .. thumbnail:: ../../images/gcp/gcp-sink-dns-destination.png + .. thumbnail:: /images/cloud-security/gcp/gcp-sink-dns-destination.png :align: center :width: 80% @@ -44,7 +44,7 @@ Once DNS Cloud logging is configured, the generated logs must be ingested into a #. If it is not necessary to filter any logs out of the sink, click on **CREATE SINK**. - .. thumbnail:: ../../images/gcp/gcp-create-sink-dns.png + .. thumbnail:: /images/cloud-security/gcp/gcp-create-sink-dns.png :align: center :width: 80% @@ -55,19 +55,19 @@ Wazuh dashboard visualization After configuring the GCP Pub/Sub module to fetch the DNS logs from Google Cloud, it is possible to visualize the alerts generated in the Wazuh dashboard. -.. thumbnail:: ../../images/gcp/gcp-kibana-dns-overview.png +.. thumbnail:: /images/cloud-security/gcp/gcp-kibana-dns-overview.png :align: center :width: 80% Google Cloud logs can be filtered by the **data.gcp.logName** field: -.. thumbnail:: ../../images/gcp/gcp-kibana-dns-log-filter.png +.. thumbnail:: /images/cloud-security/gcp/gcp-kibana-dns-log-filter.png :align: center :width: 80% After selecting the **Exists in** button, only Google Cloud-related events will appear in the Wazuh dashboard. -.. thumbnail:: ../../images/gcp/gcp-kibana-dns-filtered-logs.png +.. thumbnail:: /images/cloud-security/gcp/gcp-kibana-dns-filtered-logs.png :align: center :width: 80% diff --git a/source/gcp/supported-services/firewall.rst b/source/cloud-security/gcp/supported-services/firewall.rst similarity index 96% rename from source/gcp/supported-services/firewall.rst rename to source/cloud-security/gcp/supported-services/firewall.rst index 77ba528220..fdddc18670 100644 --- a/source/gcp/supported-services/firewall.rst +++ b/source/cloud-security/gcp/supported-services/firewall.rst @@ -26,6 +26,6 @@ The :ref:`Pub/Sub ` page explains how to set up a sink to logs for a Pub resource.type="gce_subnetwork" log_name="projects//logs/compute.googleapis.com%2Ffirewall" -.. thumbnail:: ../../images/gcp/gcp-vpc-flow-sink.png +.. thumbnail:: /images/cloud-security/gcp/gcp-vpc-flow-sink.png :align: center :width: 100% diff --git a/source/gcp/supported-services/index.rst b/source/cloud-security/gcp/supported-services/index.rst similarity index 100% rename from source/gcp/supported-services/index.rst rename to source/cloud-security/gcp/supported-services/index.rst diff --git a/source/gcp/supported-services/load_balancing.rst b/source/cloud-security/gcp/supported-services/load_balancing.rst similarity index 96% rename from source/gcp/supported-services/load_balancing.rst rename to source/cloud-security/gcp/supported-services/load_balancing.rst index 4610825802..03aa1342e4 100644 --- a/source/gcp/supported-services/load_balancing.rst +++ b/source/cloud-security/gcp/supported-services/load_balancing.rst @@ -25,6 +25,6 @@ The :ref:`Pub/Sub ` page explains how to set up a sink to logs for a Pub resource.type=http_load_balancer -.. thumbnail:: ../../images/gcp/gcp-load-balancer-sink.png +.. thumbnail:: /images/cloud-security/gcp/gcp-load-balancer-sink.png :align: center :width: 100% diff --git a/source/gcp/supported-services/vpc_flow.rst b/source/cloud-security/gcp/supported-services/vpc_flow.rst similarity index 96% rename from source/gcp/supported-services/vpc_flow.rst rename to source/cloud-security/gcp/supported-services/vpc_flow.rst index f70f1b2a00..ddcab959d3 100644 --- a/source/gcp/supported-services/vpc_flow.rst +++ b/source/cloud-security/gcp/supported-services/vpc_flow.rst @@ -27,6 +27,6 @@ The :ref:`Pub/Sub ` page explains how to set up a sink to logs for a Pub resource.type="gce_subnetwork" log_name="projects//logs/compute.googleapis.com%2Fvpc_flows" -.. thumbnail:: ../../images/gcp/gcp-vpc-flow-sink.png +.. thumbnail:: /images/cloud-security/gcp/gcp-vpc-flow-sink.png :align: center :width: 70% diff --git a/source/github/index.rst b/source/cloud-security/github/index.rst similarity index 100% rename from source/github/index.rst rename to source/cloud-security/github/index.rst diff --git a/source/github/monitoring-github-activity.rst b/source/cloud-security/github/monitoring-github-activity.rst similarity index 100% rename from source/github/monitoring-github-activity.rst rename to source/cloud-security/github/monitoring-github-activity.rst diff --git a/source/monitoring.rst b/source/cloud-security/monitoring.rst similarity index 100% rename from source/monitoring.rst rename to source/cloud-security/monitoring.rst diff --git a/source/office365/index.rst b/source/cloud-security/office365/index.rst similarity index 100% rename from source/office365/index.rst rename to source/cloud-security/office365/index.rst diff --git a/source/office365/monitoring-office365-activity.rst b/source/cloud-security/office365/monitoring-office365-activity.rst similarity index 93% rename from source/office365/monitoring-office365-activity.rst rename to source/cloud-security/office365/monitoring-office365-activity.rst index 4ba9816c9a..8eee406f9b 100644 --- a/source/office365/monitoring-office365-activity.rst +++ b/source/cloud-security/office365/monitoring-office365-activity.rst @@ -38,21 +38,21 @@ For **Wazuh** to successfully connect to the **Office365 API**, an authenticatio To authenticate with the Microsoft identity platform endpoint, you need to register an app in your `Microsoft Azure portal app registrations `_ section. Once there click on **New registration**: - .. thumbnail:: ../images/office365/0-azure-app-new-registration.png + .. thumbnail:: /images/cloud-security/office365/0-azure-app-new-registration.png :title: Register your app :align: center :width: 100% Fill in the name of your app, choose the desired account type and click on the **Register** button: - .. thumbnail:: ../images/office365/1-azure-wazuh-app-register-application.png + .. thumbnail:: /images/cloud-security/office365/1-azure-wazuh-app-register-application.png :title: Register your app :align: center :width: 100% The app is now registered, and you can see information about it in its **Overview** section, at this point we can get the ``client`` and ``tenant`` IDs: - .. thumbnail:: ../images/office365/2-azure-wazuh-app-overview.png + .. thumbnail:: /images/cloud-security/office365/2-azure-wazuh-app-overview.png :title: Register your app :align: center :width: 100% @@ -62,14 +62,14 @@ For **Wazuh** to successfully connect to the **Office365 API**, an authenticatio You can generate a password to use during the authentication process. Go to **Certificates & secrets** and click on **New client secret**, then the name and the expiration date of the **New client secret** are requested: - .. thumbnail:: ../images/office365/3-azure-wazuh-app-create-password.png + .. thumbnail:: /images/cloud-security/office365/3-azure-wazuh-app-create-password.png :title: Certificates & secrets :align: center :width: 100% Copy and save the value section. - .. thumbnail:: ../images/office365/3-azure-wazuh-app-create-password-copy-value.png + .. thumbnail:: /images/cloud-security/office365/3-azure-wazuh-app-create-password-copy-value.png :title: Copy secrets value :align: center :width: 100% @@ -88,14 +88,14 @@ For **Wazuh** to successfully connect to the **Office365 API**, an authenticatio - ``ActivityFeed.ReadDlp``. Read DLP policy events including detected sensitive data. - .. thumbnail:: ../images/office365/4-azure-wazuh-app-configure-permissions.png + .. thumbnail:: /images/cloud-security/office365/4-azure-wazuh-app-configure-permissions.png :title: API permissions :align: center :width: 100% .. note:: Admin consent is required for API permission changes. - .. thumbnail:: ../images/office365/4-azure-wazuh-app-configure-permissions-admin-consent.png + .. thumbnail:: /images/cloud-security/office365/4-azure-wazuh-app-configure-permissions-admin-consent.png :title: API permissions admin consent :align: center :width: 100% diff --git a/source/getting-started/use-cases/cloud-security.rst b/source/getting-started/use-cases/cloud-security.rst index 2669dfe7fb..505d10957c 100644 --- a/source/getting-started/use-cases/cloud-security.rst +++ b/source/getting-started/use-cases/cloud-security.rst @@ -19,23 +19,23 @@ The :doc:`Wazuh agent <../components/wazuh-agent>` also provides a module to mon The following list describes some of the AWS services that Wazuh can monitor: -- :doc:`Amazon Guardduty `: threat detection service that continuously monitors for malicious activity and unauthorized behavior to protect your AWS accounts, workloads, and data stored in Amazon S3. +- :doc:`Amazon Guardduty `: threat detection service that continuously monitors for malicious activity and unauthorized behavior to protect your AWS accounts, workloads, and data stored in Amazon S3. -- :doc:`Amazon Inspector `: automated security assessment service that helps improve the security and compliance of applications deployed on AWS. +- :doc:`Amazon Inspector `: automated security assessment service that helps improve the security and compliance of applications deployed on AWS. -- :doc:`Amazon Key Management Service (KMS) `: used to create and manage cryptographic keys and control their use across a wide range of AWS services. +- :doc:`Amazon Key Management Service (KMS) `: used to create and manage cryptographic keys and control their use across a wide range of AWS services. -- :doc:`Amazon Macie `: fully managed data security and data privacy service. It automatically detects unencrypted S3 buckets, publicly accessible buckets, and buckets shared with external AWS accounts. +- :doc:`Amazon Macie `: fully managed data security and data privacy service. It automatically detects unencrypted S3 buckets, publicly accessible buckets, and buckets shared with external AWS accounts. -- :doc:`Amazon Virtual Private Cloud (VPC) `: provisions a logically isolated section of the AWS Cloud where AWS resources can be launched on a virtual network defined by the user. +- :doc:`Amazon Virtual Private Cloud (VPC) `: provisions a logically isolated section of the AWS Cloud where AWS resources can be launched on a virtual network defined by the user. -- :doc:`AWS Config `: assess, audit, and evaluate the configurations of your AWS resources. It assists the users review changes in configurations and relationships between AWS resources. +- :doc:`AWS Config `: assess, audit, and evaluate the configurations of your AWS resources. It assists the users review changes in configurations and relationships between AWS resources. -- :doc:`AWS Cloudtrail `: enables governance, compliance, operational auditing, and risk auditing of your AWS account. With CloudTrail, you can log, continuously monitor, and retain account activity related to actions across your AWS infrastructure. +- :doc:`AWS Cloudtrail `: enables governance, compliance, operational auditing, and risk auditing of your AWS account. With CloudTrail, you can log, continuously monitor, and retain account activity related to actions across your AWS infrastructure. -- :doc:`AWS Trusted Advisor `: helps users reduce cost, increase performance, and improve security by optimizing their AWS environment. It provides real-time guidance to help users provision their resources following AWS best practices. +- :doc:`AWS Trusted Advisor `: helps users reduce cost, increase performance, and improve security by optimizing their AWS environment. It provides real-time guidance to help users provision their resources following AWS best practices. -- :doc:`AWS Web Application Firewall (WAF) `: helps protect your web applications or APIs against common web exploits that may affect availability, compromise security, or consume excessive resources. +- :doc:`AWS Web Application Firewall (WAF) `: helps protect your web applications or APIs against common web exploits that may affect availability, compromise security, or consume excessive resources. See below an example of an alert generated when an AWS security group is deleted: @@ -104,18 +104,18 @@ Example of AWS dashboard: :width: 80% :wrap_image: No -You can find more information on how to use Wazuh to monitor AWS in our :doc:`documentation `. +You can find more information on how to use Wazuh to monitor AWS in our :doc:`documentation `. Microsoft Azure --------------- The :doc:`Wazuh agent <../components/wazuh-agent>` module for Microsoft Azure makes it easy to pull Azure platform logs. In particular, it is designed to obtain data from the following services: -- :doc:`Log Analytics API `: The Log Analytics API is a core component of the Azure Monitor service, which is used to aggregate and analyze log data. The sources of such data are cloud applications, operating systems, and Azure resources. The Wazuh module for Azure is capable of querying the Log Analytics API, pulling the logs collected by the Azure monitor service. +- :doc:`Log Analytics API `: The Log Analytics API is a core component of the Azure Monitor service, which is used to aggregate and analyze log data. The sources of such data are cloud applications, operating systems, and Azure resources. The Wazuh module for Azure is capable of querying the Log Analytics API, pulling the logs collected by the Azure monitor service. -- :doc:`Blob Storage API `: Logs from Azure services are optionally pushed to Azure Blob Storage. Specifically, it is possible to configure an Azure service to export logs to a container in a storage account created for that purpose. Afterward, the Wazuh agent will download those logs via its integration with the Blob Storage API. +- :doc:`Blob Storage API `: Logs from Azure services are optionally pushed to Azure Blob Storage. Specifically, it is possible to configure an Azure service to export logs to a container in a storage account created for that purpose. Afterward, the Wazuh agent will download those logs via its integration with the Blob Storage API. -- :doc:`Active Directory Graph API `: The Azure Active Directory Graph API provides access to AZURE AD through REST API endpoints. It is used by Wazuh to monitor Active Directory events (e.g., creation of a new user, update of user properties, disable of user accounts, etc.). +- :doc:`Active Directory Graph API `: The Azure Active Directory Graph API provides access to AZURE AD through REST API endpoints. It is used by Wazuh to monitor Active Directory events (e.g., creation of a new user, update of user properties, disable of user accounts, etc.). See below an example of an Azure alert: @@ -157,7 +157,7 @@ See below an example of an Azure alert: "timestamp": "2020-05-25T15:45:51.432+0000" } -You can find more information on how to use Wazuh to monitor Microsoft Azure in our :doc:`documentation `. +You can find more information on how to use Wazuh to monitor Microsoft Azure in our :doc:`documentation `. Google Cloud Platform --------------------- @@ -228,4 +228,4 @@ See below an example of an alert generated when a known bad actor (a source IP a "timestamp": "2020-08-17T17:09:25.832+0000" } -You can find more information on how to use Wazuh to monitor the Google cloud platform in :doc:`/gcp/index`. +You can find more information on how to use Wazuh to monitor the Google cloud platform in :doc:`/cloud-security/gcp/index`. diff --git a/source/images/aws/aws-cloudtrail-1.png b/source/images/cloud-security/aws/aws-cloudtrail-1.png similarity index 100% rename from source/images/aws/aws-cloudtrail-1.png rename to source/images/cloud-security/aws/aws-cloudtrail-1.png diff --git a/source/images/aws/aws-cloudtrail-2.png b/source/images/cloud-security/aws/aws-cloudtrail-2.png similarity index 100% rename from source/images/aws/aws-cloudtrail-2.png rename to source/images/cloud-security/aws/aws-cloudtrail-2.png diff --git a/source/images/aws/aws-cloudtrail-3.png b/source/images/cloud-security/aws/aws-cloudtrail-3.png similarity index 100% rename from source/images/aws/aws-cloudtrail-3.png rename to source/images/cloud-security/aws/aws-cloudtrail-3.png diff --git a/source/images/aws/aws-create-completed.png b/source/images/cloud-security/aws/aws-create-completed.png similarity index 100% rename from source/images/aws/aws-create-completed.png rename to source/images/cloud-security/aws/aws-create-completed.png diff --git a/source/images/aws/aws-create-config-1.png b/source/images/cloud-security/aws/aws-create-config-1.png similarity index 100% rename from source/images/aws/aws-create-config-1.png rename to source/images/cloud-security/aws/aws-create-config-1.png diff --git a/source/images/aws/aws-create-elb-1.png b/source/images/cloud-security/aws/aws-create-elb-1.png similarity index 100% rename from source/images/aws/aws-create-elb-1.png rename to source/images/cloud-security/aws/aws-create-elb-1.png diff --git a/source/images/aws/aws-create-elb-2.png b/source/images/cloud-security/aws/aws-create-elb-2.png similarity index 100% rename from source/images/aws/aws-create-elb-2.png rename to source/images/cloud-security/aws/aws-create-elb-2.png diff --git a/source/images/aws/aws-create-firehose-1.png b/source/images/cloud-security/aws/aws-create-firehose-1.png similarity index 100% rename from source/images/aws/aws-create-firehose-1.png rename to source/images/cloud-security/aws/aws-create-firehose-1.png diff --git a/source/images/aws/aws-create-firehose-10.png b/source/images/cloud-security/aws/aws-create-firehose-10.png similarity index 100% rename from source/images/aws/aws-create-firehose-10.png rename to source/images/cloud-security/aws/aws-create-firehose-10.png diff --git a/source/images/aws/aws-create-firehose-11.png b/source/images/cloud-security/aws/aws-create-firehose-11.png similarity index 100% rename from source/images/aws/aws-create-firehose-11.png rename to source/images/cloud-security/aws/aws-create-firehose-11.png diff --git a/source/images/aws/aws-create-firehose-12.png b/source/images/cloud-security/aws/aws-create-firehose-12.png similarity index 100% rename from source/images/aws/aws-create-firehose-12.png rename to source/images/cloud-security/aws/aws-create-firehose-12.png diff --git a/source/images/aws/aws-create-firehose-13.png b/source/images/cloud-security/aws/aws-create-firehose-13.png similarity index 100% rename from source/images/aws/aws-create-firehose-13.png rename to source/images/cloud-security/aws/aws-create-firehose-13.png diff --git a/source/images/aws/aws-create-firehose-14.png b/source/images/cloud-security/aws/aws-create-firehose-14.png similarity index 100% rename from source/images/aws/aws-create-firehose-14.png rename to source/images/cloud-security/aws/aws-create-firehose-14.png diff --git a/source/images/aws/aws-create-firehose-15.png b/source/images/cloud-security/aws/aws-create-firehose-15.png similarity index 100% rename from source/images/aws/aws-create-firehose-15.png rename to source/images/cloud-security/aws/aws-create-firehose-15.png diff --git a/source/images/aws/aws-create-firehose-2.png b/source/images/cloud-security/aws/aws-create-firehose-2.png similarity index 100% rename from source/images/aws/aws-create-firehose-2.png rename to source/images/cloud-security/aws/aws-create-firehose-2.png diff --git a/source/images/aws/aws-create-firehose-3.png b/source/images/cloud-security/aws/aws-create-firehose-3.png similarity index 100% rename from source/images/aws/aws-create-firehose-3.png rename to source/images/cloud-security/aws/aws-create-firehose-3.png diff --git a/source/images/aws/aws-create-firehose-4.1.png b/source/images/cloud-security/aws/aws-create-firehose-4.1.png similarity index 100% rename from source/images/aws/aws-create-firehose-4.1.png rename to source/images/cloud-security/aws/aws-create-firehose-4.1.png diff --git a/source/images/aws/aws-create-firehose-4.png b/source/images/cloud-security/aws/aws-create-firehose-4.png similarity index 100% rename from source/images/aws/aws-create-firehose-4.png rename to source/images/cloud-security/aws/aws-create-firehose-4.png diff --git a/source/images/aws/aws-create-firehose-5.png b/source/images/cloud-security/aws/aws-create-firehose-5.png similarity index 100% rename from source/images/aws/aws-create-firehose-5.png rename to source/images/cloud-security/aws/aws-create-firehose-5.png diff --git a/source/images/aws/aws-create-firehose-6.png b/source/images/cloud-security/aws/aws-create-firehose-6.png similarity index 100% rename from source/images/aws/aws-create-firehose-6.png rename to source/images/cloud-security/aws/aws-create-firehose-6.png diff --git a/source/images/aws/aws-create-firehose-7.png b/source/images/cloud-security/aws/aws-create-firehose-7.png similarity index 100% rename from source/images/aws/aws-create-firehose-7.png rename to source/images/cloud-security/aws/aws-create-firehose-7.png diff --git a/source/images/aws/aws-create-firehose-8.png b/source/images/cloud-security/aws/aws-create-firehose-8.png similarity index 100% rename from source/images/aws/aws-create-firehose-8.png rename to source/images/cloud-security/aws/aws-create-firehose-8.png diff --git a/source/images/aws/aws-create-firehose-9.png b/source/images/cloud-security/aws/aws-create-firehose-9.png similarity index 100% rename from source/images/aws/aws-create-firehose-9.png rename to source/images/cloud-security/aws/aws-create-firehose-9.png diff --git a/source/images/aws/aws-create-role-1.png b/source/images/cloud-security/aws/aws-create-role-1.png similarity index 100% rename from source/images/aws/aws-create-role-1.png rename to source/images/cloud-security/aws/aws-create-role-1.png diff --git a/source/images/aws/aws-create-role-10.png b/source/images/cloud-security/aws/aws-create-role-10.png similarity index 100% rename from source/images/aws/aws-create-role-10.png rename to source/images/cloud-security/aws/aws-create-role-10.png diff --git a/source/images/aws/aws-create-role-2.png b/source/images/cloud-security/aws/aws-create-role-2.png similarity index 100% rename from source/images/aws/aws-create-role-2.png rename to source/images/cloud-security/aws/aws-create-role-2.png diff --git a/source/images/aws/aws-create-role-4.png b/source/images/cloud-security/aws/aws-create-role-4.png similarity index 100% rename from source/images/aws/aws-create-role-4.png rename to source/images/cloud-security/aws/aws-create-role-4.png diff --git a/source/images/aws/aws-create-role-5.png b/source/images/cloud-security/aws/aws-create-role-5.png similarity index 100% rename from source/images/aws/aws-create-role-5.png rename to source/images/cloud-security/aws/aws-create-role-5.png diff --git a/source/images/aws/aws-create-role-6.png b/source/images/cloud-security/aws/aws-create-role-6.png similarity index 100% rename from source/images/aws/aws-create-role-6.png rename to source/images/cloud-security/aws/aws-create-role-6.png diff --git a/source/images/aws/aws-create-role-7.png b/source/images/cloud-security/aws/aws-create-role-7.png similarity index 100% rename from source/images/aws/aws-create-role-7.png rename to source/images/cloud-security/aws/aws-create-role-7.png diff --git a/source/images/aws/aws-create-role-8.png b/source/images/cloud-security/aws/aws-create-role-8.png similarity index 100% rename from source/images/aws/aws-create-role-8.png rename to source/images/cloud-security/aws/aws-create-role-8.png diff --git a/source/images/aws/aws-create-role-9.png b/source/images/cloud-security/aws/aws-create-role-9.png similarity index 100% rename from source/images/aws/aws-create-role-9.png rename to source/images/cloud-security/aws/aws-create-role-9.png diff --git a/source/images/aws/aws-create-stack.png b/source/images/cloud-security/aws/aws-create-stack.png similarity index 100% rename from source/images/aws/aws-create-stack.png rename to source/images/cloud-security/aws/aws-create-stack.png diff --git a/source/images/aws/aws-create-vpc-1.png b/source/images/cloud-security/aws/aws-create-vpc-1.png similarity index 100% rename from source/images/aws/aws-create-vpc-1.png rename to source/images/cloud-security/aws/aws-create-vpc-1.png diff --git a/source/images/aws/aws-create-vpc-2.png b/source/images/cloud-security/aws/aws-create-vpc-2.png similarity index 100% rename from source/images/aws/aws-create-vpc-2.png rename to source/images/cloud-security/aws/aws-create-vpc-2.png diff --git a/source/images/aws/aws-create-vpc-3.png b/source/images/cloud-security/aws/aws-create-vpc-3.png similarity index 100% rename from source/images/aws/aws-create-vpc-3.png rename to source/images/cloud-security/aws/aws-create-vpc-3.png diff --git a/source/images/aws/aws-ec2-1.png b/source/images/cloud-security/aws/aws-ec2-1.png similarity index 100% rename from source/images/aws/aws-ec2-1.png rename to source/images/cloud-security/aws/aws-ec2-1.png diff --git a/source/images/aws/aws-ec2-2.png b/source/images/cloud-security/aws/aws-ec2-2.png similarity index 100% rename from source/images/aws/aws-ec2-2.png rename to source/images/cloud-security/aws/aws-ec2-2.png diff --git a/source/images/aws/aws-ec2-3.png b/source/images/cloud-security/aws/aws-ec2-3.png similarity index 100% rename from source/images/aws/aws-ec2-3.png rename to source/images/cloud-security/aws/aws-ec2-3.png diff --git a/source/images/aws/aws-ec2-4.png b/source/images/cloud-security/aws/aws-ec2-4.png similarity index 100% rename from source/images/aws/aws-ec2-4.png rename to source/images/cloud-security/aws/aws-ec2-4.png diff --git a/source/images/aws/aws-ec2-5.png b/source/images/cloud-security/aws/aws-ec2-5.png similarity index 100% rename from source/images/aws/aws-ec2-5.png rename to source/images/cloud-security/aws/aws-ec2-5.png diff --git a/source/images/aws/aws-ec2-6.png b/source/images/cloud-security/aws/aws-ec2-6.png similarity index 100% rename from source/images/aws/aws-ec2-6.png rename to source/images/cloud-security/aws/aws-ec2-6.png diff --git a/source/images/aws/aws-ec2-7.png b/source/images/cloud-security/aws/aws-ec2-7.png similarity index 100% rename from source/images/aws/aws-ec2-7.png rename to source/images/cloud-security/aws/aws-ec2-7.png diff --git a/source/images/aws/aws-ec2-8.png b/source/images/cloud-security/aws/aws-ec2-8.png similarity index 100% rename from source/images/aws/aws-ec2-8.png rename to source/images/cloud-security/aws/aws-ec2-8.png diff --git a/source/images/aws/aws-ec2-9.png b/source/images/cloud-security/aws/aws-ec2-9.png similarity index 100% rename from source/images/aws/aws-ec2-9.png rename to source/images/cloud-security/aws/aws-ec2-9.png diff --git a/source/images/aws/aws-ec2-guardduty.png b/source/images/cloud-security/aws/aws-ec2-guardduty.png similarity index 100% rename from source/images/aws/aws-ec2-guardduty.png rename to source/images/cloud-security/aws/aws-ec2-guardduty.png diff --git a/source/images/aws/aws-ec2-guardduty2.png b/source/images/cloud-security/aws/aws-ec2-guardduty2.png similarity index 100% rename from source/images/aws/aws-ec2-guardduty2.png rename to source/images/cloud-security/aws/aws-ec2-guardduty2.png diff --git a/source/images/aws/aws-ec2-guardduty3.png b/source/images/cloud-security/aws/aws-ec2-guardduty3.png similarity index 100% rename from source/images/aws/aws-ec2-guardduty3.png rename to source/images/cloud-security/aws/aws-ec2-guardduty3.png diff --git a/source/images/aws/aws-ec2-guardduty4.png b/source/images/cloud-security/aws/aws-ec2-guardduty4.png similarity index 100% rename from source/images/aws/aws-ec2-guardduty4.png rename to source/images/cloud-security/aws/aws-ec2-guardduty4.png diff --git a/source/images/aws/aws-ec2-guardduty5.png b/source/images/cloud-security/aws/aws-ec2-guardduty5.png similarity index 100% rename from source/images/aws/aws-ec2-guardduty5.png rename to source/images/cloud-security/aws/aws-ec2-guardduty5.png diff --git a/source/images/aws/aws-ec2-guardduty6.png b/source/images/cloud-security/aws/aws-ec2-guardduty6.png similarity index 100% rename from source/images/aws/aws-ec2-guardduty6.png rename to source/images/cloud-security/aws/aws-ec2-guardduty6.png diff --git a/source/images/aws/aws-ec2-pannels-1.png b/source/images/cloud-security/aws/aws-ec2-pannels-1.png similarity index 100% rename from source/images/aws/aws-ec2-pannels-1.png rename to source/images/cloud-security/aws/aws-ec2-pannels-1.png diff --git a/source/images/aws/aws-ec2-pannels-2.png b/source/images/cloud-security/aws/aws-ec2-pannels-2.png similarity index 100% rename from source/images/aws/aws-ec2-pannels-2.png rename to source/images/cloud-security/aws/aws-ec2-pannels-2.png diff --git a/source/images/aws/aws-findings-1.png b/source/images/cloud-security/aws/aws-findings-1.png similarity index 100% rename from source/images/aws/aws-findings-1.png rename to source/images/cloud-security/aws/aws-findings-1.png diff --git a/source/images/aws/aws-findings-2.png b/source/images/cloud-security/aws/aws-findings-2.png similarity index 100% rename from source/images/aws/aws-findings-2.png rename to source/images/cloud-security/aws/aws-findings-2.png diff --git a/source/images/aws/aws-iam-pannels-1.png b/source/images/cloud-security/aws/aws-iam-pannels-1.png similarity index 100% rename from source/images/aws/aws-iam-pannels-1.png rename to source/images/cloud-security/aws/aws-iam-pannels-1.png diff --git a/source/images/aws/aws-iam-pannels-2.png b/source/images/cloud-security/aws/aws-iam-pannels-2.png similarity index 100% rename from source/images/aws/aws-iam-pannels-2.png rename to source/images/cloud-security/aws/aws-iam-pannels-2.png diff --git a/source/images/aws/aws-inspector-advanced-setup.png b/source/images/cloud-security/aws/aws-inspector-advanced-setup.png similarity index 100% rename from source/images/aws/aws-inspector-advanced-setup.png rename to source/images/cloud-security/aws/aws-inspector-advanced-setup.png diff --git a/source/images/aws/aws-inspector-assessment-target.png b/source/images/cloud-security/aws/aws-inspector-assessment-target.png similarity index 100% rename from source/images/aws/aws-inspector-assessment-target.png rename to source/images/cloud-security/aws/aws-inspector-assessment-target.png diff --git a/source/images/aws/aws-inspector-assessment-template.png b/source/images/cloud-security/aws/aws-inspector-assessment-template.png similarity index 100% rename from source/images/aws/aws-inspector-assessment-template.png rename to source/images/cloud-security/aws/aws-inspector-assessment-template.png diff --git a/source/images/aws/aws-inspector-get-started.png b/source/images/cloud-security/aws/aws-inspector-get-started.png similarity index 100% rename from source/images/aws/aws-inspector-get-started.png rename to source/images/cloud-security/aws/aws-inspector-get-started.png diff --git a/source/images/aws/aws-inspector-overview.png b/source/images/cloud-security/aws/aws-inspector-overview.png similarity index 100% rename from source/images/aws/aws-inspector-overview.png rename to source/images/cloud-security/aws/aws-inspector-overview.png diff --git a/source/images/aws/aws-inspector-review.png b/source/images/cloud-security/aws/aws-inspector-review.png similarity index 100% rename from source/images/aws/aws-inspector-review.png rename to source/images/cloud-security/aws/aws-inspector-review.png diff --git a/source/images/aws/aws-inspector-side-menu.png b/source/images/cloud-security/aws/aws-inspector-side-menu.png similarity index 100% rename from source/images/aws/aws-inspector-side-menu.png rename to source/images/cloud-security/aws/aws-inspector-side-menu.png diff --git a/source/images/aws/aws-login-1.png b/source/images/cloud-security/aws/aws-login-1.png similarity index 100% rename from source/images/aws/aws-login-1.png rename to source/images/cloud-security/aws/aws-login-1.png diff --git a/source/images/aws/aws-login-2.png b/source/images/cloud-security/aws/aws-login-2.png similarity index 100% rename from source/images/aws/aws-login-2.png rename to source/images/cloud-security/aws/aws-login-2.png diff --git a/source/images/aws/aws-login-3.png b/source/images/cloud-security/aws/aws-login-3.png similarity index 100% rename from source/images/aws/aws-login-3.png rename to source/images/cloud-security/aws/aws-login-3.png diff --git a/source/images/aws/aws-login-4.png b/source/images/cloud-security/aws/aws-login-4.png similarity index 100% rename from source/images/aws/aws-login-4.png rename to source/images/cloud-security/aws/aws-login-4.png diff --git a/source/images/aws/aws-login-5.png b/source/images/cloud-security/aws/aws-login-5.png similarity index 100% rename from source/images/aws/aws-login-5.png rename to source/images/cloud-security/aws/aws-login-5.png diff --git a/source/images/aws/aws-s3-1.png b/source/images/cloud-security/aws/aws-s3-1.png similarity index 100% rename from source/images/aws/aws-s3-1.png rename to source/images/cloud-security/aws/aws-s3-1.png diff --git a/source/images/aws/aws-server-access-1.png b/source/images/cloud-security/aws/aws-server-access-1.png similarity index 100% rename from source/images/aws/aws-server-access-1.png rename to source/images/cloud-security/aws/aws-server-access-1.png diff --git a/source/images/aws/aws-server-access-2.png b/source/images/cloud-security/aws/aws-server-access-2.png similarity index 100% rename from source/images/aws/aws-server-access-2.png rename to source/images/cloud-security/aws/aws-server-access-2.png diff --git a/source/images/aws/aws-server-access-3.png b/source/images/cloud-security/aws/aws-server-access-3.png similarity index 100% rename from source/images/aws/aws-server-access-3.png rename to source/images/cloud-security/aws/aws-server-access-3.png diff --git a/source/images/aws/aws-server-access-4.png b/source/images/cloud-security/aws/aws-server-access-4.png similarity index 100% rename from source/images/aws/aws-server-access-4.png rename to source/images/cloud-security/aws/aws-server-access-4.png diff --git a/source/images/aws/aws-server-access-5.png b/source/images/cloud-security/aws/aws-server-access-5.png similarity index 100% rename from source/images/aws/aws-server-access-5.png rename to source/images/cloud-security/aws/aws-server-access-5.png diff --git a/source/images/aws/aws-summary-user.png b/source/images/cloud-security/aws/aws-summary-user.png similarity index 100% rename from source/images/aws/aws-summary-user.png rename to source/images/cloud-security/aws/aws-summary-user.png diff --git a/source/images/aws/aws-user.png b/source/images/cloud-security/aws/aws-user.png similarity index 100% rename from source/images/aws/aws-user.png rename to source/images/cloud-security/aws/aws-user.png diff --git a/source/images/aws/aws-vpc-1.png b/source/images/cloud-security/aws/aws-vpc-1.png similarity index 100% rename from source/images/aws/aws-vpc-1.png rename to source/images/cloud-security/aws/aws-vpc-1.png diff --git a/source/images/aws/aws-vpc-2.png b/source/images/cloud-security/aws/aws-vpc-2.png similarity index 100% rename from source/images/aws/aws-vpc-2.png rename to source/images/cloud-security/aws/aws-vpc-2.png diff --git a/source/images/aws/aws-vpc-3.png b/source/images/cloud-security/aws/aws-vpc-3.png similarity index 100% rename from source/images/aws/aws-vpc-3.png rename to source/images/cloud-security/aws/aws-vpc-3.png diff --git a/source/images/aws/trusted-advisor-1.png b/source/images/cloud-security/aws/trusted-advisor-1.png similarity index 100% rename from source/images/aws/trusted-advisor-1.png rename to source/images/cloud-security/aws/trusted-advisor-1.png diff --git a/source/images/aws/trusted-advisor-2.png b/source/images/cloud-security/aws/trusted-advisor-2.png similarity index 100% rename from source/images/aws/trusted-advisor-2.png rename to source/images/cloud-security/aws/trusted-advisor-2.png diff --git a/source/images/aws/trusted-advisor.png b/source/images/cloud-security/aws/trusted-advisor.png similarity index 100% rename from source/images/aws/trusted-advisor.png rename to source/images/cloud-security/aws/trusted-advisor.png diff --git a/source/images/aws/trusted-eventbridge-1.png b/source/images/cloud-security/aws/trusted-eventbridge-1.png similarity index 100% rename from source/images/aws/trusted-eventbridge-1.png rename to source/images/cloud-security/aws/trusted-eventbridge-1.png diff --git a/source/images/aws/trusted-eventbridge-2.png b/source/images/cloud-security/aws/trusted-eventbridge-2.png similarity index 100% rename from source/images/aws/trusted-eventbridge-2.png rename to source/images/cloud-security/aws/trusted-eventbridge-2.png diff --git a/source/images/aws/trusted-eventbridge-3.png b/source/images/cloud-security/aws/trusted-eventbridge-3.png similarity index 100% rename from source/images/aws/trusted-eventbridge-3.png rename to source/images/cloud-security/aws/trusted-eventbridge-3.png diff --git a/source/images/aws/trusted-eventbridge-4.png b/source/images/cloud-security/aws/trusted-eventbridge-4.png similarity index 100% rename from source/images/aws/trusted-eventbridge-4.png rename to source/images/cloud-security/aws/trusted-eventbridge-4.png diff --git a/source/images/aws/trusted-eventbridge-5.png b/source/images/cloud-security/aws/trusted-eventbridge-5.png similarity index 100% rename from source/images/aws/trusted-eventbridge-5.png rename to source/images/cloud-security/aws/trusted-eventbridge-5.png diff --git a/source/images/aws/trusted-eventbridge-6.png b/source/images/cloud-security/aws/trusted-eventbridge-6.png similarity index 100% rename from source/images/aws/trusted-eventbridge-6.png rename to source/images/cloud-security/aws/trusted-eventbridge-6.png diff --git a/source/images/aws/trusted-kinesis-0.png b/source/images/cloud-security/aws/trusted-kinesis-0.png similarity index 100% rename from source/images/aws/trusted-kinesis-0.png rename to source/images/cloud-security/aws/trusted-kinesis-0.png diff --git a/source/images/aws/trusted-kinesis-1.png b/source/images/cloud-security/aws/trusted-kinesis-1.png similarity index 100% rename from source/images/aws/trusted-kinesis-1.png rename to source/images/cloud-security/aws/trusted-kinesis-1.png diff --git a/source/images/aws/trusted-kinesis-2.png b/source/images/cloud-security/aws/trusted-kinesis-2.png similarity index 100% rename from source/images/aws/trusted-kinesis-2.png rename to source/images/cloud-security/aws/trusted-kinesis-2.png diff --git a/source/images/aws/trusted-kinesis-3.png b/source/images/cloud-security/aws/trusted-kinesis-3.png similarity index 100% rename from source/images/aws/trusted-kinesis-3.png rename to source/images/cloud-security/aws/trusted-kinesis-3.png diff --git a/source/images/aws/trusted-kinesis-4.png b/source/images/cloud-security/aws/trusted-kinesis-4.png similarity index 100% rename from source/images/aws/trusted-kinesis-4.png rename to source/images/cloud-security/aws/trusted-kinesis-4.png diff --git a/source/images/aws/trusted-kinesis-5.png b/source/images/cloud-security/aws/trusted-kinesis-5.png similarity index 100% rename from source/images/aws/trusted-kinesis-5.png rename to source/images/cloud-security/aws/trusted-kinesis-5.png diff --git a/source/images/aws/trusted-kinesis-6.png b/source/images/cloud-security/aws/trusted-kinesis-6.png similarity index 100% rename from source/images/aws/trusted-kinesis-6.png rename to source/images/cloud-security/aws/trusted-kinesis-6.png diff --git a/source/images/aws/trusted-kinesis-7.png b/source/images/cloud-security/aws/trusted-kinesis-7.png similarity index 100% rename from source/images/aws/trusted-kinesis-7.png rename to source/images/cloud-security/aws/trusted-kinesis-7.png diff --git a/source/images/aws/trusted-ui-1.png b/source/images/cloud-security/aws/trusted-ui-1.png similarity index 100% rename from source/images/aws/trusted-ui-1.png rename to source/images/cloud-security/aws/trusted-ui-1.png diff --git a/source/images/aws/trusted-ui-2.png b/source/images/cloud-security/aws/trusted-ui-2.png similarity index 100% rename from source/images/aws/trusted-ui-2.png rename to source/images/cloud-security/aws/trusted-ui-2.png diff --git a/source/images/aws/trusted-ui-3.png b/source/images/cloud-security/aws/trusted-ui-3.png similarity index 100% rename from source/images/aws/trusted-ui-3.png rename to source/images/cloud-security/aws/trusted-ui-3.png diff --git a/source/images/aws/vpc-flow-data-visualization.png b/source/images/cloud-security/aws/vpc-flow-data-visualization.png similarity index 100% rename from source/images/aws/vpc-flow-data-visualization.png rename to source/images/cloud-security/aws/vpc-flow-data-visualization.png diff --git a/source/images/azure/aad-graph-intro.png b/source/images/cloud-security/azure/aad-graph-intro.png similarity index 100% rename from source/images/azure/aad-graph-intro.png rename to source/images/cloud-security/azure/aad-graph-intro.png diff --git a/source/images/azure/account-credentials.png b/source/images/cloud-security/azure/account-credentials.png similarity index 100% rename from source/images/azure/account-credentials.png rename to source/images/cloud-security/azure/account-credentials.png diff --git a/source/images/azure/graph-1.png b/source/images/cloud-security/azure/graph-1.png similarity index 100% rename from source/images/azure/graph-1.png rename to source/images/cloud-security/azure/graph-1.png diff --git a/source/images/azure/graph-2.png b/source/images/cloud-security/azure/graph-2.png similarity index 100% rename from source/images/azure/graph-2.png rename to source/images/cloud-security/azure/graph-2.png diff --git a/source/images/azure/graph-3.png b/source/images/cloud-security/azure/graph-3.png similarity index 100% rename from source/images/azure/graph-3.png rename to source/images/cloud-security/azure/graph-3.png diff --git a/source/images/azure/graph-4.png b/source/images/cloud-security/azure/graph-4.png similarity index 100% rename from source/images/azure/graph-4.png rename to source/images/cloud-security/azure/graph-4.png diff --git a/source/images/azure/graph-5.png b/source/images/cloud-security/azure/graph-5.png similarity index 100% rename from source/images/azure/graph-5.png rename to source/images/cloud-security/azure/graph-5.png diff --git a/source/images/azure/graph-6.png b/source/images/cloud-security/azure/graph-6.png similarity index 100% rename from source/images/azure/graph-6.png rename to source/images/cloud-security/azure/graph-6.png diff --git a/source/images/azure/graph-7.png b/source/images/cloud-security/azure/graph-7.png similarity index 100% rename from source/images/azure/graph-7.png rename to source/images/cloud-security/azure/graph-7.png diff --git a/source/images/azure/kibana-services-1.png b/source/images/cloud-security/azure/kibana-services-1.png similarity index 100% rename from source/images/azure/kibana-services-1.png rename to source/images/cloud-security/azure/kibana-services-1.png diff --git a/source/images/azure/kibana-services-2.png b/source/images/cloud-security/azure/kibana-services-2.png similarity index 100% rename from source/images/azure/kibana-services-2.png rename to source/images/cloud-security/azure/kibana-services-2.png diff --git a/source/images/azure/log-analytics-activity-send.png b/source/images/cloud-security/azure/log-analytics-activity-send.png similarity index 100% rename from source/images/azure/log-analytics-activity-send.png rename to source/images/cloud-security/azure/log-analytics-activity-send.png diff --git a/source/images/azure/log-analytics-app-1.png b/source/images/cloud-security/azure/log-analytics-app-1.png similarity index 100% rename from source/images/azure/log-analytics-app-1.png rename to source/images/cloud-security/azure/log-analytics-app-1.png diff --git a/source/images/azure/log-analytics-app-2.png b/source/images/cloud-security/azure/log-analytics-app-2.png similarity index 100% rename from source/images/azure/log-analytics-app-2.png rename to source/images/cloud-security/azure/log-analytics-app-2.png diff --git a/source/images/azure/log-analytics-app-3.png b/source/images/cloud-security/azure/log-analytics-app-3.png similarity index 100% rename from source/images/azure/log-analytics-app-3.png rename to source/images/cloud-security/azure/log-analytics-app-3.png diff --git a/source/images/azure/log-analytics-app-4.png b/source/images/cloud-security/azure/log-analytics-app-4.png similarity index 100% rename from source/images/azure/log-analytics-app-4.png rename to source/images/cloud-security/azure/log-analytics-app-4.png diff --git a/source/images/azure/log-analytics-app-5.png b/source/images/cloud-security/azure/log-analytics-app-5.png similarity index 100% rename from source/images/azure/log-analytics-app-5.png rename to source/images/cloud-security/azure/log-analytics-app-5.png diff --git a/source/images/azure/log-analytics-app-6.png b/source/images/cloud-security/azure/log-analytics-app-6.png similarity index 100% rename from source/images/azure/log-analytics-app-6.png rename to source/images/cloud-security/azure/log-analytics-app-6.png diff --git a/source/images/azure/log-analytics-create-key.png b/source/images/cloud-security/azure/log-analytics-create-key.png similarity index 100% rename from source/images/azure/log-analytics-create-key.png rename to source/images/cloud-security/azure/log-analytics-create-key.png diff --git a/source/images/azure/log-analytics-diagnostic-1.png b/source/images/cloud-security/azure/log-analytics-diagnostic-1.png similarity index 100% rename from source/images/azure/log-analytics-diagnostic-1.png rename to source/images/cloud-security/azure/log-analytics-diagnostic-1.png diff --git a/source/images/azure/log-analytics-diagnostic-2.png b/source/images/cloud-security/azure/log-analytics-diagnostic-2.png similarity index 100% rename from source/images/azure/log-analytics-diagnostic-2.png rename to source/images/cloud-security/azure/log-analytics-diagnostic-2.png diff --git a/source/images/azure/log-analytics-key-created.png b/source/images/cloud-security/azure/log-analytics-key-created.png similarity index 100% rename from source/images/azure/log-analytics-key-created.png rename to source/images/cloud-security/azure/log-analytics-key-created.png diff --git a/source/images/azure/log-analytics-new-user.png b/source/images/cloud-security/azure/log-analytics-new-user.png similarity index 100% rename from source/images/azure/log-analytics-new-user.png rename to source/images/cloud-security/azure/log-analytics-new-user.png diff --git a/source/images/azure/log-analytics-workspace-1.png b/source/images/cloud-security/azure/log-analytics-workspace-1.png similarity index 100% rename from source/images/azure/log-analytics-workspace-1.png rename to source/images/cloud-security/azure/log-analytics-workspace-1.png diff --git a/source/images/azure/log-analytics-workspace-2.png b/source/images/cloud-security/azure/log-analytics-workspace-2.png similarity index 100% rename from source/images/azure/log-analytics-workspace-2.png rename to source/images/cloud-security/azure/log-analytics-workspace-2.png diff --git a/source/images/azure/log-analytics-workspace-3.png b/source/images/cloud-security/azure/log-analytics-workspace-3.png similarity index 100% rename from source/images/azure/log-analytics-workspace-3.png rename to source/images/cloud-security/azure/log-analytics-workspace-3.png diff --git a/source/images/azure/log-analytics-workspace-4.png b/source/images/cloud-security/azure/log-analytics-workspace-4.png similarity index 100% rename from source/images/azure/log-analytics-workspace-4.png rename to source/images/cloud-security/azure/log-analytics-workspace-4.png diff --git a/source/images/azure/log-analytics-workspace-5.png b/source/images/cloud-security/azure/log-analytics-workspace-5.png similarity index 100% rename from source/images/azure/log-analytics-workspace-5.png rename to source/images/cloud-security/azure/log-analytics-workspace-5.png diff --git a/source/images/azure/new-user-event.png b/source/images/cloud-security/azure/new-user-event.png similarity index 100% rename from source/images/azure/new-user-event.png rename to source/images/cloud-security/azure/new-user-event.png diff --git a/source/images/azure/new-user.png b/source/images/cloud-security/azure/new-user.png similarity index 100% rename from source/images/azure/new-user.png rename to source/images/cloud-security/azure/new-user.png diff --git a/source/images/azure/portal-services.png b/source/images/cloud-security/azure/portal-services.png similarity index 100% rename from source/images/azure/portal-services.png rename to source/images/cloud-security/azure/portal-services.png diff --git a/source/images/azure/storage-activity-1.png b/source/images/cloud-security/azure/storage-activity-1.png similarity index 100% rename from source/images/azure/storage-activity-1.png rename to source/images/cloud-security/azure/storage-activity-1.png diff --git a/source/images/azure/storage-activity-2.png b/source/images/cloud-security/azure/storage-activity-2.png similarity index 100% rename from source/images/azure/storage-activity-2.png rename to source/images/cloud-security/azure/storage-activity-2.png diff --git a/source/images/azure/storage-activity-3.png b/source/images/cloud-security/azure/storage-activity-3.png similarity index 100% rename from source/images/azure/storage-activity-3.png rename to source/images/cloud-security/azure/storage-activity-3.png diff --git a/source/images/azure/storage-activity-log.png b/source/images/cloud-security/azure/storage-activity-log.png similarity index 100% rename from source/images/azure/storage-activity-log.png rename to source/images/cloud-security/azure/storage-activity-log.png diff --git a/source/images/azure/storage-kibana.png b/source/images/cloud-security/azure/storage-kibana.png similarity index 100% rename from source/images/azure/storage-kibana.png rename to source/images/cloud-security/azure/storage-kibana.png diff --git a/source/images/azure/storage-new-user-1.png b/source/images/cloud-security/azure/storage-new-user-1.png similarity index 100% rename from source/images/azure/storage-new-user-1.png rename to source/images/cloud-security/azure/storage-new-user-1.png diff --git a/source/images/azure/storage-new-user-2.png b/source/images/cloud-security/azure/storage-new-user-2.png similarity index 100% rename from source/images/azure/storage-new-user-2.png rename to source/images/cloud-security/azure/storage-new-user-2.png diff --git a/source/images/gcp/gcp-account-key.png b/source/images/cloud-security/gcp/gcp-account-key.png similarity index 100% rename from source/images/gcp/gcp-account-key.png rename to source/images/cloud-security/gcp/gcp-account-key.png diff --git a/source/images/gcp/gcp-create-sink-button.png b/source/images/cloud-security/gcp/gcp-create-sink-button.png similarity index 100% rename from source/images/gcp/gcp-create-sink-button.png rename to source/images/cloud-security/gcp/gcp-create-sink-button.png diff --git a/source/images/gcp/gcp-create-sink-dns.png b/source/images/cloud-security/gcp/gcp-create-sink-dns.png similarity index 100% rename from source/images/gcp/gcp-create-sink-dns.png rename to source/images/cloud-security/gcp/gcp-create-sink-dns.png diff --git a/source/images/gcp/gcp-create-sink.png b/source/images/cloud-security/gcp/gcp-create-sink.png similarity index 100% rename from source/images/gcp/gcp-create-sink.png rename to source/images/cloud-security/gcp/gcp-create-sink.png diff --git a/source/images/gcp/gcp-data-flow.png b/source/images/cloud-security/gcp/gcp-data-flow.png similarity index 100% rename from source/images/gcp/gcp-data-flow.png rename to source/images/cloud-security/gcp/gcp-data-flow.png diff --git a/source/images/gcp/gcp-kibana-dns-filtered-logs.png b/source/images/cloud-security/gcp/gcp-kibana-dns-filtered-logs.png similarity index 100% rename from source/images/gcp/gcp-kibana-dns-filtered-logs.png rename to source/images/cloud-security/gcp/gcp-kibana-dns-filtered-logs.png diff --git a/source/images/gcp/gcp-kibana-dns-log-filter.png b/source/images/cloud-security/gcp/gcp-kibana-dns-log-filter.png similarity index 100% rename from source/images/gcp/gcp-kibana-dns-log-filter.png rename to source/images/cloud-security/gcp/gcp-kibana-dns-log-filter.png diff --git a/source/images/gcp/gcp-kibana-dns-overview.png b/source/images/cloud-security/gcp/gcp-kibana-dns-overview.png similarity index 100% rename from source/images/gcp/gcp-kibana-dns-overview.png rename to source/images/cloud-security/gcp/gcp-kibana-dns-overview.png diff --git a/source/images/gcp/gcp-kibana-filtered-logs.png b/source/images/cloud-security/gcp/gcp-kibana-filtered-logs.png similarity index 100% rename from source/images/gcp/gcp-kibana-filtered-logs.png rename to source/images/cloud-security/gcp/gcp-kibana-filtered-logs.png diff --git a/source/images/gcp/gcp-kibana-log-filter.png b/source/images/cloud-security/gcp/gcp-kibana-log-filter.png similarity index 100% rename from source/images/gcp/gcp-kibana-log-filter.png rename to source/images/cloud-security/gcp/gcp-kibana-log-filter.png diff --git a/source/images/gcp/gcp-load-balancer-sink.png b/source/images/cloud-security/gcp/gcp-load-balancer-sink.png similarity index 100% rename from source/images/gcp/gcp-load-balancer-sink.png rename to source/images/cloud-security/gcp/gcp-load-balancer-sink.png diff --git a/source/images/gcp/gcp-overview.png b/source/images/cloud-security/gcp/gcp-overview.png similarity index 100% rename from source/images/gcp/gcp-overview.png rename to source/images/cloud-security/gcp/gcp-overview.png diff --git a/source/images/gcp/gcp-sink-destination.png b/source/images/cloud-security/gcp/gcp-sink-destination.png similarity index 100% rename from source/images/gcp/gcp-sink-destination.png rename to source/images/cloud-security/gcp/gcp-sink-destination.png diff --git a/source/images/gcp/gcp-sink-dns-destination.png b/source/images/cloud-security/gcp/gcp-sink-dns-destination.png similarity index 100% rename from source/images/gcp/gcp-sink-dns-destination.png rename to source/images/cloud-security/gcp/gcp-sink-dns-destination.png diff --git a/source/images/gcp/gcp-sink-dns-name.png b/source/images/cloud-security/gcp/gcp-sink-dns-name.png similarity index 100% rename from source/images/gcp/gcp-sink-dns-name.png rename to source/images/cloud-security/gcp/gcp-sink-dns-name.png diff --git a/source/images/gcp/gcp-sink-name.png b/source/images/cloud-security/gcp/gcp-sink-name.png similarity index 100% rename from source/images/gcp/gcp-sink-name.png rename to source/images/cloud-security/gcp/gcp-sink-name.png diff --git a/source/images/gcp/gcp-sink.png b/source/images/cloud-security/gcp/gcp-sink.png similarity index 100% rename from source/images/gcp/gcp-sink.png rename to source/images/cloud-security/gcp/gcp-sink.png diff --git a/source/images/gcp/gcp-subscription.png b/source/images/cloud-security/gcp/gcp-subscription.png similarity index 100% rename from source/images/gcp/gcp-subscription.png rename to source/images/cloud-security/gcp/gcp-subscription.png diff --git a/source/images/gcp/gcp-topic.png b/source/images/cloud-security/gcp/gcp-topic.png similarity index 100% rename from source/images/gcp/gcp-topic.png rename to source/images/cloud-security/gcp/gcp-topic.png diff --git a/source/images/gcp/gcp-vpc-flow-sink.png b/source/images/cloud-security/gcp/gcp-vpc-flow-sink.png similarity index 100% rename from source/images/gcp/gcp-vpc-flow-sink.png rename to source/images/cloud-security/gcp/gcp-vpc-flow-sink.png diff --git a/source/images/office365/0-azure-app-new-registration.png b/source/images/cloud-security/office365/0-azure-app-new-registration.png similarity index 100% rename from source/images/office365/0-azure-app-new-registration.png rename to source/images/cloud-security/office365/0-azure-app-new-registration.png diff --git a/source/images/office365/1-azure-wazuh-app-register-application.png b/source/images/cloud-security/office365/1-azure-wazuh-app-register-application.png similarity index 100% rename from source/images/office365/1-azure-wazuh-app-register-application.png rename to source/images/cloud-security/office365/1-azure-wazuh-app-register-application.png diff --git a/source/images/office365/2-azure-wazuh-app-overview.png b/source/images/cloud-security/office365/2-azure-wazuh-app-overview.png similarity index 100% rename from source/images/office365/2-azure-wazuh-app-overview.png rename to source/images/cloud-security/office365/2-azure-wazuh-app-overview.png diff --git a/source/images/office365/3-azure-wazuh-app-create-password-copy-value.png b/source/images/cloud-security/office365/3-azure-wazuh-app-create-password-copy-value.png similarity index 100% rename from source/images/office365/3-azure-wazuh-app-create-password-copy-value.png rename to source/images/cloud-security/office365/3-azure-wazuh-app-create-password-copy-value.png diff --git a/source/images/office365/3-azure-wazuh-app-create-password.png b/source/images/cloud-security/office365/3-azure-wazuh-app-create-password.png similarity index 100% rename from source/images/office365/3-azure-wazuh-app-create-password.png rename to source/images/cloud-security/office365/3-azure-wazuh-app-create-password.png diff --git a/source/images/office365/4-azure-wazuh-app-configure-permissions-admin-consent.png b/source/images/cloud-security/office365/4-azure-wazuh-app-configure-permissions-admin-consent.png similarity index 100% rename from source/images/office365/4-azure-wazuh-app-configure-permissions-admin-consent.png rename to source/images/cloud-security/office365/4-azure-wazuh-app-configure-permissions-admin-consent.png diff --git a/source/images/office365/4-azure-wazuh-app-configure-permissions.png b/source/images/cloud-security/office365/4-azure-wazuh-app-configure-permissions.png similarity index 100% rename from source/images/office365/4-azure-wazuh-app-configure-permissions.png rename to source/images/cloud-security/office365/4-azure-wazuh-app-configure-permissions.png diff --git a/source/index.rst b/source/index.rst index 15f48407bb..50f80441cb 100644 --- a/source/index.rst +++ b/source/index.rst @@ -22,7 +22,7 @@ Index migration-guide/index Wazuh Cloud service user-manual/index - monitoring + cloud-security/monitoring development/index compliance/index proof-of-concept-guide/index diff --git a/source/proof-of-concept-guide/aws-infrastructure-monitoring.rst b/source/proof-of-concept-guide/aws-infrastructure-monitoring.rst index 65f2c5b76e..d7d4fd908b 100644 --- a/source/proof-of-concept-guide/aws-infrastructure-monitoring.rst +++ b/source/proof-of-concept-guide/aws-infrastructure-monitoring.rst @@ -8,7 +8,7 @@ Monitoring AWS infrastructure This use case shows how the Wazuh module for AWS (aws-s3) enables the log data collection from different AWS sources. -To learn more about monitoring AWS resources, see the :doc:`Using Wazuh to monitor AWS ` section of the documentation. +To learn more about monitoring AWS resources, see the :doc:`Using Wazuh to monitor AWS ` section of the documentation. Infrastructure -------------- @@ -45,7 +45,7 @@ Wazuh server #. From the Wazuh dashboard, navigate through **Settings > Modules** and enable the Amazon AWS module dashboard which is disabled by default. -#. Enable the Wazuh AWS module in the ``/var/ossec/etc/ossec.conf`` configuration file on the Wazuh server. Add only the AWS buckets of interest. Read our guide on how to :doc:`Configure AWS credentials `: +#. Enable the Wazuh AWS module in the ``/var/ossec/etc/ossec.conf`` configuration file on the Wazuh server. Add only the AWS buckets of interest. Read our guide on how to :doc:`Configure AWS credentials `: .. code-block:: xml :emphasize-lines: 8, 9 diff --git a/source/release-notes/release-3-2-0.rst b/source/release-notes/release-3-2-0.rst index 9b7c522775..9b7dadb823 100644 --- a/source/release-notes/release-3-2-0.rst +++ b/source/release-notes/release-3-2-0.rst @@ -84,7 +84,7 @@ Below is an example of the JSON alert generated by this module: aws.recipientAccountId: 166157441623 integration: aws -You can read more about this new module in the :doc:`AWS CloudTrail section `. +You can read more about this new module in the :doc:`AWS CloudTrail section `. CIS-CAT integration now supports Windows OS ------------------------------------------- diff --git a/source/release-notes/release-3-7-0.rst b/source/release-notes/release-3-7-0.rst index baacdd2ce0..c535a258a1 100644 --- a/source/release-notes/release-3-7-0.rst +++ b/source/release-notes/release-3-7-0.rst @@ -155,7 +155,7 @@ The Wazuh app for Kibana includes new features and interface redesigns to make u - Get the current manager/agent configuration on the redesigned tabs. - Added support for multiple groups feature. - - The :doc:`Amazon AWS ` tab has been redesigned to include better visualizations and the module configuration. + - The :doc:`Amazon AWS ` tab has been redesigned to include better visualizations and the module configuration. - The new :ref:`Osquery ` extension shows scans results from this Wazuh module. - Added a new selector to check the cluster nodes’ status and logs on the *Management > Status/Logs* tabs. - Several bugfixes, performance improvements, and compatibility with the latest Elastic Stack version. diff --git a/source/user-manual/reference/daemons/wazuh-modulesd.rst b/source/user-manual/reference/daemons/wazuh-modulesd.rst index f55d466a61..7d15f57a58 100644 --- a/source/user-manual/reference/daemons/wazuh-modulesd.rst +++ b/source/user-manual/reference/daemons/wazuh-modulesd.rst @@ -35,7 +35,7 @@ The wazuh-modulesd program manages the Wazuh modules described below. .. topic:: AWS S3 wodle - The AWS S3 wodle allows you to gather and parse logs from multiple AWS services, such as Guard Duty, Macie, VPC Flow, etc. See the :doc:`AWS S3 ` section for more information on this functionality. + The AWS S3 wodle allows you to gather and parse logs from multiple AWS services, such as Guard Duty, Macie, VPC Flow, etc. See the :doc:`AWS S3 ` section for more information on this functionality. .. topic:: GitHub wodle diff --git a/source/user-manual/reference/ossec-conf/wodle-azure-logs.rst b/source/user-manual/reference/ossec-conf/wodle-azure-logs.rst index d17294e2b9..6dc3356185 100644 --- a/source/user-manual/reference/ossec-conf/wodle-azure-logs.rst +++ b/source/user-manual/reference/ossec-conf/wodle-azure-logs.rst @@ -484,7 +484,7 @@ Key to the application we will use for authentication and to be able to use the graph\\auth_path ^^^^^^^^^^^^^^^^ -Path of the file that contains the application identifier and the application key for authentication in order to use the AAD Graph API. Incompatible with the ``application_id`` and ``application_key`` options. Check the :doc:`credentials ` reference for more information about this topic. +Path of the file that contains the application identifier and the application key for authentication in order to use the AAD Graph API. Incompatible with the ``application_id`` and ``application_key`` options. Check the :doc:`credentials ` reference for more information about this topic. +--------------------+--------------------+ | **Default value** | N/A | From 986f3d1b35c37d30a3ae8df40ba6618261ef36fb Mon Sep 17 00:00:00 2001 From: Javier Medeot Date: Wed, 5 Jul 2023 16:05:37 -0300 Subject: [PATCH 02/10] {WiP} Move cloud security sources --- source/_static/js/redirects.js | 412 +++++++++++++++++- .../elastic-load-balancing/alb.rst | 1 + .../elastic-load-balancing/clb.rst | 1 + .../elastic-load-balancing/index.rst | 1 + .../elastic-load-balancing/nlb.rst | 1 + .../prerequisites/dependencies.rst | 1 + 6 files changed, 409 insertions(+), 8 deletions(-) create mode 100644 source/amazon/services/supported-services/elastic-load-balancing/alb.rst create mode 100644 source/amazon/services/supported-services/elastic-load-balancing/clb.rst create mode 100644 source/amazon/services/supported-services/elastic-load-balancing/index.rst create mode 100644 source/amazon/services/supported-services/elastic-load-balancing/nlb.rst create mode 100644 source/azure/activity-services/prerequisites/dependencies.rst diff --git a/source/_static/js/redirects.js b/source/_static/js/redirects.js index 592c7552e1..702eb1b7ff 100644 --- a/source/_static/js/redirects.js +++ b/source/_static/js/redirects.js @@ -97,6 +97,16 @@ redirectSameRelease['4.4'] = { '/compliance/nist/threat-intelligence.html', '/user-manual/capabilities/wazuh-archives.html': '/user-manual/manager/wazuh-archives.html', + '/amazon/services/supported-services/elastic-load-balancing/index.html': + '/cloud-security/amazon/services/supported-services/elastic-load-balancing/index.html', + '/amazon/services/supported-services/elastic-load-balancing/alb.html': + '/cloud-security/amazon/services/supported-services/elastic-load-balancing/alb.html', + '/amazon/services/supported-services/elastic-load-balancing/nlb.html': + '/cloud-security/amazon/services/supported-services/elastic-load-balancing/nlb.html', + '/amazon/services/supported-services/elastic-load-balancing/clb.html': + '/cloud-security/amazon/services/supported-services/elastic-load-balancing/clb.html', + '/azure/activity-services/prerequisites/dependencies.html': + '/cloud-security/azure/activity-services/prerequisites/dependencies.html', }; /* Redirections from 4.3 to 4.4 */ @@ -155,17 +165,292 @@ redirections.push( { 'target': ['4.3=>4.4', '4.4=>4.3'], '4.3': '/amazon/services/supported-services/alb.html', - '4.4': '/amazon/services/supported-services/elastic-load-balancing/alb.html', + '4.4': '/cloud-security/amazon/services/supported-services/elastic-load-balancing/alb.html', }, { 'target': ['4.3=>4.4', '4.4=>4.3'], '4.3': '/amazon/services/supported-services/nlb.html', - '4.4': '/amazon/services/supported-services/elastic-load-balancing/nlb.html', + '4.4': '/cloud-security/amazon/services/supported-services/elastic-load-balancing/nlb.html', }, { 'target': ['4.3=>4.4', '4.4=>4.3'], '4.3': '/amazon/services/supported-services/clb.html', - '4.4': '/amazon/services/supported-services/elastic-load-balancing/clb.html', + '4.4': '/cloud-security/amazon/services/supported-services/elastic-load-balancing/clb.html', + }, + { + 'target': ['4.3=>4.4', '4.4=>4.3'], + '4.3': '/amazon/services/supported-services/ecr-image-scanning.html', + '4.4': '/cloud-security/amazon/services/supported-services/ecr-image-scanning.html', + }, + { + 'target': ['4.3=>4.4', '4.4=>4.3'], + '4.3': '/amazon/services/supported-services/server-access.html', + '4.4': '/cloud-security/amazon/services/supported-services/server-access.html', + }, + { + 'target': ['4.3=>4.4', '4.4=>4.3'], + '4.3': '/azure/activity-services/index.html', + '4.4': '/cloud-security/azure/activity-services/index.html', + }, + { + 'target': ['4.3=>4.4', '4.4=>4.3'], + '4.3': '/azure/activity-services/active-directory/index.html', + '4.4': '/cloud-security/azure/activity-services/active-directory/index.html', + }, + { + 'target': ['4.3=>4.4', '4.4=>4.3'], + '4.3': '/azure/activity-services/active-directory/graph.html', + '4.4': '/cloud-security/azure/activity-services/active-directory/graph.html', + }, + { + 'target': ['4.3=>4.4', '4.4=>4.3'], + '4.3': '/azure/activity-services/prerequisites/considerations.html', + '4.4': '/cloud-security/azure/activity-services/prerequisites/considerations.html', + }, + { + 'target': ['4.3=>4.4', '4.4=>4.3'], + '4.3': '/azure/activity-services/prerequisites/credentials.html', + '4.4': '/cloud-security/azure/activity-services/prerequisites/credentials.html', + }, + { + 'target': ['4.3=>4.4', '4.4=>4.3'], + '4.3': '/azure/activity-services/prerequisites/index.html', + '4.4': '/cloud-security/azure/activity-services/prerequisites/index.html', + }, + { + 'target': ['4.3=>4.4', '4.4=>4.3'], + '4.3': '/azure/activity-services/services/index.html', + '4.4': '/cloud-security/azure/activity-services/services/index.html', + }, + { + 'target': ['4.3=>4.4', '4.4=>4.3'], + '4.3': '/azure/activity-services/services/log-analytics.html', + '4.4': '/cloud-security/azure/activity-services/services/log-analytics.html', + }, + { + 'target': ['4.3=>4.4', '4.4=>4.3'], + '4.3': '/azure/activity-services/services/storage.html', + '4.4': '/cloud-security/azure/activity-services/services/storage.html', + }, + { + 'target': ['4.3=>4.4', '4.4=>4.3'], + '4.3': '/gcp/supported-services/access_logs.html', + '4.4': '/cloud-security/gcp/supported-services/access_logs.html', + }, + { + 'target': ['4.3=>4.4', '4.4=>4.3'], + '4.3': '/gcp/supported-services/cloud_audit_logs.html', + '4.4': '/cloud-security/gcp/supported-services/cloud_audit_logs.html', + }, + { + 'target': ['4.3=>4.4', '4.4=>4.3'], + '4.3': '/gcp/supported-services/dns_queries.html', + '4.4': '/cloud-security/gcp/supported-services/dns_queries.html', + }, + { + 'target': ['4.3=>4.4', '4.4=>4.3'], + '4.3': '/gcp/supported-services/load_balancing.html', + '4.4': '/cloud-security/gcp/supported-services/load_balancing.html', + }, + { + 'target': ['4.3=>4.4', '4.4=>4.3'], + '4.3': '/gcp/supported-services/vpc_flow.html', + '4.4': '/cloud-security/gcp/supported-services/vpc_flow.html', + }, + { + 'target': ['4.3=>4.4', '4.4=>4.3'], + '4.3': '/gcp/supported-services/firewall.html', + '4.4': '/cloud-security/gcp/supported-services/firewall.html', + }, + { + 'target': ['4.3=>4.4', '4.4=>4.3'], + '4.3': '/github/index.html', + '4.4': '/cloud-security/github/index.html', + }, + { + 'target': ['4.3=>4.4', '4.4=>4.3'], + '4.3': '/github/monitoring-github-activity.html', + '4.4': '/cloud-security/github/monitoring-github-activity.html', + }, + { + 'target': ['4.3=>4.4', '4.4=>4.3'], + '4.3': '/office365/index.html', + '4.4': '/cloud-security/office365/index.html', + }, + { + 'target': ['4.3=>4.4', '4.4=>4.3'], + '4.3': '/office365/monitoring-office365-activity.html', + '4.4': '/cloud-security/office365/monitoring-office365-activity.html', + }, + { + 'target': ['4.3=>4.4', '4.4=>4.3'], + '4.3': '/amazon/instances.html', + '4.4': '/cloud-security/amazon/instances.html', + }, + { + 'target': ['4.3=>4.4', '4.4=>4.3'], + '4.3': '/amazon/index.html', + '4.4': '/cloud-security/amazon/index.html', + }, + { + 'target': ['4.3=>4.4', '4.4=>4.3'], + '4.3': '/amazon/services/troubleshooting.html', + '4.4': '/cloud-security/amazon/services/troubleshooting.html', + }, + { + 'target': ['4.3=>4.4', '4.4=>4.3'], + '4.3': '/amazon/services/prerequisites/dependencies.html', + '4.4': '/cloud-security/amazon/services/prerequisites/dependencies.html', + }, + { + 'target': ['4.3=>4.4', '4.4=>4.3'], + '4.3': '/amazon/services/prerequisites/considerations.html', + '4.4': '/cloud-security/amazon/services/prerequisites/considerations.html', + }, + { + 'target': ['4.3=>4.4', '4.4=>4.3'], + '4.3': '/amazon/services/prerequisites/credentials.html', + '4.4': '/cloud-security/amazon/services/prerequisites/credentials.html', + }, + { + 'target': ['4.3=>4.4', '4.4=>4.3'], + '4.3': '/amazon/services/prerequisites/index.html', + '4.4': '/cloud-security/amazon/services/prerequisites/index.html', + }, + { + 'target': ['4.3=>4.4', '4.4=>4.3'], + '4.3': '/amazon/services/prerequisites/S3-bucket.html', + '4.4': '/cloud-security/amazon/services/prerequisites/S3-bucket.html', + }, + { + 'target': ['4.3=>4.4', '4.4=>4.3'], + '4.3': '/amazon/services/index.html', + '4.4': '/cloud-security/amazon/services/index.html', + }, + { + 'target': ['4.3=>4.4', '4.4=>4.3'], + '4.3': '/amazon/services/supported-services/elastic-load-balancing/index.html', + '4.4': '/cloud-security/amazon/services/supported-services/elastic-load-balancing/index.html', + }, + { + 'target': ['4.3=>4.4', '4.4=>4.3'], + '4.3': '/amazon/services/supported-services/vpc.html', + '4.4': '/cloud-security/amazon/services/supported-services/vpc.html', + }, + { + 'target': ['4.3=>4.4', '4.4=>4.3'], + '4.3': '/amazon/services/supported-services/security-lake.html', + '4.4': '/cloud-security/amazon/services/supported-services/security-lake.html', + }, + { + 'target': ['4.3=>4.4', '4.4=>4.3'], + '4.3': '/amazon/services/supported-services/waf.html', + '4.4': '/cloud-security/amazon/services/supported-services/waf.html', + }, + { + 'target': ['4.3=>4.4', '4.4=>4.3'], + '4.3': '/amazon/services/supported-services/guardduty.html', + '4.4': '/cloud-security/amazon/services/supported-services/guardduty.html', + }, + { + 'target': ['4.3=>4.4', '4.4=>4.3'], + '4.3': '/amazon/services/supported-services/cisco-umbrella.html', + '4.4': '/cloud-security/amazon/services/supported-services/cisco-umbrella.html', + }, + { + 'target': ['4.3=>4.4', '4.4=>4.3'], + '4.3': '/amazon/services/supported-services/cloudtrail.html', + '4.4': '/cloud-security/amazon/services/supported-services/cloudtrail.html', + }, + { + 'target': ['4.3=>4.4', '4.4=>4.3'], + '4.3': '/amazon/services/supported-services/kms.html', + '4.4': '/cloud-security/amazon/services/supported-services/kms.html', + }, + { + 'target': ['4.3=>4.4', '4.4=>4.3'], + '4.3': '/amazon/services/supported-services/index.html', + '4.4': '/cloud-security/amazon/services/supported-services/index.html', + }, + { + 'target': ['4.3=>4.4', '4.4=>4.3'], + '4.3': '/amazon/services/supported-services/config.html', + '4.4': '/cloud-security/amazon/services/supported-services/config.html', + }, + { + 'target': ['4.3=>4.4', '4.4=>4.3'], + '4.3': '/amazon/services/supported-services/trusted-advisor.html', + '4.4': '/cloud-security/amazon/services/supported-services/trusted-advisor.html', + }, + { + 'target': ['4.3=>4.4', '4.4=>4.3'], + '4.3': '/amazon/services/supported-services/inspector.html', + '4.4': '/cloud-security/amazon/services/supported-services/inspector.html', + }, + { + 'target': ['4.3=>4.4', '4.4=>4.3'], + '4.3': '/amazon/services/supported-services/macie.html', + '4.4': '/cloud-security/amazon/services/supported-services/macie.html', + }, + { + 'target': ['4.3=>4.4', '4.4=>4.3'], + '4.3': '/amazon/services/supported-services/cloudwatchlogs.html', + '4.4': '/cloud-security/amazon/services/supported-services/cloudwatchlogs.html', + }, + { + 'target': ['4.3=>4.4', '4.4=>4.3'], + '4.3': '/monitoring.html', + '4.4': '/cloud-security/monitoring.html', + }, + { + 'target': ['4.3=>4.4', '4.4=>4.3'], + '4.3': '/azure/monitoring-instances.html', + '4.4': '/cloud-security/azure/monitoring-instances.html', + }, + { + 'target': ['4.3=>4.4', '4.4=>4.3'], + '4.3': '/azure/index.html', + '4.4': '/cloud-security/azure/index.html', + }, + { + 'target': ['4.3=>4.4', '4.4=>4.3'], + '4.3': '/azure/activity-services/prerequisites/dependencies.html', + '4.4': '/cloud-security/azure/activity-services/prerequisites/dependencies.html', + }, + { + 'target': ['4.3=>4.4', '4.4=>4.3'], + '4.3': '/gcp/prerequisites/pubsub.html', + '4.4': '/cloud-security/gcp/prerequisites/pubsub.html', + }, + { + 'target': ['4.3=>4.4', '4.4=>4.3'], + '4.3': '/gcp/prerequisites/dependencies.html', + '4.4': '/cloud-security/gcp/prerequisites/dependencies.html', + }, + { + 'target': ['4.3=>4.4', '4.4=>4.3'], + '4.3': '/gcp/prerequisites/considerations.html', + '4.4': '/cloud-security/gcp/prerequisites/considerations.html', + }, + { + 'target': ['4.3=>4.4', '4.4=>4.3'], + '4.3': '/gcp/prerequisites/credentials.html', + '4.4': '/cloud-security/gcp/prerequisites/credentials.html', + }, + { + 'target': ['4.3=>4.4', '4.4=>4.3'], + '4.3': '/gcp/prerequisites/index.html', + '4.4': '/cloud-security/gcp/prerequisites/index.html', + }, + { + 'target': ['4.3=>4.4', '4.4=>4.3'], + '4.3': '/gcp/index.html', + '4.4': '/cloud-security/gcp/index.html', + }, + { + 'target': ['4.3=>4.4', '4.4=>4.3'], + '4.3': '/gcp/supported-services/index.html', + '4.4': '/cloud-security/gcp/supported-services/index.html', }, { 'target': ['4.3=>4.4', '4.4=>4.3'], @@ -367,14 +652,67 @@ redirections.push( /* Pages added in 4.4 */ newUrls['4.4'] = [ - '/amazon/services/supported-services/elastic-load-balancing/index.html', - '/amazon/services/supported-services/elastic-load-balancing/alb.html', - '/amazon/services/supported-services/elastic-load-balancing/nlb.html', - '/amazon/services/supported-services/elastic-load-balancing/clb.html', + '/cloud-security/amazon/instances.html', + '/cloud-security/amazon/index.html', + '/cloud-security/amazon/services/troubleshooting.html', + '/cloud-security/amazon/services/prerequisites/dependencies.html', + '/cloud-security/amazon/services/prerequisites/considerations.html', + '/cloud-security/amazon/services/prerequisites/credentials.html', + '/cloud-security/amazon/services/prerequisites/index.html', + '/cloud-security/amazon/services/prerequisites/S3-bucket.html', + '/cloud-security/amazon/services/index.html', + '/cloud-security/amazon/services/supported-services/vpc.html', + '/cloud-security/amazon/services/supported-services/security-lake.html', + '/cloud-security/amazon/services/supported-services/waf.html', + '/cloud-security/amazon/services/supported-services/guardduty.html', + '/cloud-security/amazon/services/supported-services/cisco-umbrella.html', + '/cloud-security/amazon/services/supported-services/cloudtrail.html', + '/cloud-security/amazon/services/supported-services/kms.html', + '/cloud-security/amazon/services/supported-services/index.html', + '/cloud-security/amazon/services/supported-services/config.html', + '/cloud-security/amazon/services/supported-services/trusted-advisor.html', + '/cloud-security/amazon/services/supported-services/inspector.html', + '/cloud-security/amazon/services/supported-services/macie.html', + '/cloud-security/amazon/services/supported-services/cloudwatchlogs.html', + '/cloud-security/amazon/services/supported-services/elastic-load-balancing/index.html', + '/cloud-security/amazon/services/supported-services/elastic-load-balancing/alb.html', + '/cloud-security/amazon/services/supported-services/elastic-load-balancing/nlb.html', + '/cloud-security/amazon/services/supported-services/elastic-load-balancing/clb.html', + '/cloud-security/amazon/services/supported-services/ecr-image-scanning.html', + '/cloud-security/amazon/services/supported-services/server-access.html', + '/cloud-security/azure/monitoring-instances.html', + '/cloud-security/azure/index.html', + '/cloud-security/azure/activity-services/index.html', + '/cloud-security/azure/activity-services/active-directory/index.html', + '/cloud-security/azure/activity-services/active-directory/graph.html', + '/cloud-security/azure/activity-services/prerequisites/considerations.html', + '/cloud-security/azure/activity-services/prerequisites/credentials.html', + '/cloud-security/azure/activity-services/prerequisites/dependencies.html', + '/cloud-security/azure/activity-services/prerequisites/index.html', + '/cloud-security/azure/activity-services/services/index.html', + '/cloud-security/azure/activity-services/services/log-analytics.html', + '/cloud-security/azure/activity-services/services/storage.html', + '/cloud-security/gcp/prerequisites/pubsub.html', + '/cloud-security/gcp/prerequisites/dependencies.html', + '/cloud-security/gcp/prerequisites/considerations.html', + '/cloud-security/gcp/prerequisites/credentials.html', + '/cloud-security/gcp/prerequisites/index.html', + '/cloud-security/gcp/index.html', + '/cloud-security/gcp/supported-services/index.html', + '/cloud-security/gcp/supported-services/access_logs.html', + '/cloud-security/gcp/supported-services/cloud_audit_logs.html', + '/cloud-security/gcp/supported-services/dns_queries.html', + '/cloud-security/gcp/supported-services/load_balancing.html', + '/cloud-security/gcp/supported-services/vpc_flow.html', + '/cloud-security/gcp/supported-services/firewall.html', + '/cloud-security/github/index.html', + '/cloud-security/github/monitoring-github-activity.html', + '/cloud-security/office365/index.html', + '/cloud-security/office365/monitoring-office365-activity.html', + '/cloud-security/monitoring.rshtml', '/user-manual/agents/key-request.html', '/user-manual/manager/manual-backup-restore.html', '/user-manual/reference/ossec-conf/wazuh-db-config.html', - '/azure/activity-services/prerequisites/dependencies.html', '/user-manual/wazuh-dashboard/custom-branding.html', '/release-notes/release-4-4-0.html', '/release-notes/release-4-4-1.html', @@ -451,9 +789,67 @@ newUrls['4.4'] = [ /* Pages removed in 4.4 */ removedUrls['4.4'] = [ + '/amazon/instances.html', + '/amazon/index.html', + '/amazon/services/troubleshooting.html', + '/amazon/services/prerequisites/dependencies.html', + '/amazon/services/prerequisites/considerations.html', + '/amazon/services/prerequisites/credentials.html', + '/amazon/services/prerequisites/index.html', + '/amazon/services/prerequisites/S3-bucket.html', + '/amazon/services/index.html', + '/amazon/services/supported-services/vpc.html', + '/amazon/services/supported-services/security-lake.html', + '/amazon/services/supported-services/waf.html', + '/amazon/services/supported-services/guardduty.html', + '/amazon/services/supported-services/cisco-umbrella.html', + '/amazon/services/supported-services/cloudtrail.html', + '/amazon/services/supported-services/kms.html', + '/amazon/services/supported-services/index.html', + '/amazon/services/supported-services/config.html', + '/amazon/services/supported-services/trusted-advisor.html', + '/amazon/services/supported-services/inspector.html', + '/amazon/services/supported-services/macie.html', + '/amazon/services/supported-services/cloudwatchlogs.html', '/amazon/services/supported-services/alb.html', '/amazon/services/supported-services/nlb.html', '/amazon/services/supported-services/clb.html', + '/amazon/services/supported-services/elastic-load-balancing/index.html', + '/amazon/services/supported-services/elastic-load-balancing/alb.html', + '/amazon/services/supported-services/elastic-load-balancing/nlb.html', + '/amazon/services/supported-services/elastic-load-balancing/clb.html', + '/amazon/services/supported-services/ecr-image-scanning.html', + '/amazon/services/supported-services/server-access.html', + '/azure/monitoring-instances.html', + '/azure/index.html', + '/azure/activity-services/index.html', + '/azure/activity-services/active-directory/index.html', + '/azure/activity-services/active-directory/graph.html', + '/azure/activity-services/prerequisites/considerations.html', + '/azure/activity-services/prerequisites/credentials.html', + '/azure/activity-services/prerequisites/dependencies.html', + '/azure/activity-services/prerequisites/index.html', + '/azure/activity-services/services/index.html', + '/azure/activity-services/services/log-analytics.html', + '/azure/activity-services/services/storage.html', + '/gcp/prerequisites/pubsub.html', + '/gcp/prerequisites/dependencies.html', + '/gcp/prerequisites/considerations.html', + '/gcp/prerequisites/credentials.html', + '/gcp/prerequisites/index.html', + '/gcp/index.html', + '/gcp/supported-services/index.html', + '/gcp/supported-services/access_logs.html', + '/gcp/supported-services/cloud_audit_logs.html', + '/gcp/supported-services/dns_queries.html', + '/gcp/supported-services/load_balancing.html', + '/gcp/supported-services/vpc_flow.html', + '/gcp/supported-services/firewall.html', + '/github/index.html', + '/github/monitoring-github-activity.html', + '/office365/index.html', + '/office365/monitoring-office365-activity.html', + '/monitoring.html', '/user-manual/capabilities/agent-key-polling.html', '/user-manual/wazuh-dashboard/single-sign-on/index.html', '/user-manual/wazuh-dashboard/single-sign-on/okta.html', diff --git a/source/amazon/services/supported-services/elastic-load-balancing/alb.rst b/source/amazon/services/supported-services/elastic-load-balancing/alb.rst new file mode 100644 index 0000000000..8feca331c5 --- /dev/null +++ b/source/amazon/services/supported-services/elastic-load-balancing/alb.rst @@ -0,0 +1 @@ +:orphan: diff --git a/source/amazon/services/supported-services/elastic-load-balancing/clb.rst b/source/amazon/services/supported-services/elastic-load-balancing/clb.rst new file mode 100644 index 0000000000..8feca331c5 --- /dev/null +++ b/source/amazon/services/supported-services/elastic-load-balancing/clb.rst @@ -0,0 +1 @@ +:orphan: diff --git a/source/amazon/services/supported-services/elastic-load-balancing/index.rst b/source/amazon/services/supported-services/elastic-load-balancing/index.rst new file mode 100644 index 0000000000..8feca331c5 --- /dev/null +++ b/source/amazon/services/supported-services/elastic-load-balancing/index.rst @@ -0,0 +1 @@ +:orphan: diff --git a/source/amazon/services/supported-services/elastic-load-balancing/nlb.rst b/source/amazon/services/supported-services/elastic-load-balancing/nlb.rst new file mode 100644 index 0000000000..8feca331c5 --- /dev/null +++ b/source/amazon/services/supported-services/elastic-load-balancing/nlb.rst @@ -0,0 +1 @@ +:orphan: diff --git a/source/azure/activity-services/prerequisites/dependencies.rst b/source/azure/activity-services/prerequisites/dependencies.rst new file mode 100644 index 0000000000..8feca331c5 --- /dev/null +++ b/source/azure/activity-services/prerequisites/dependencies.rst @@ -0,0 +1 @@ +:orphan: From 8aa8025af142eff1c9d4da83cbb3a2e405661e2e Mon Sep 17 00:00:00 2001 From: Javier Medeot Date: Wed, 5 Jul 2023 17:56:32 -0300 Subject: [PATCH 03/10] {WiP} Move cloud security sources --- source/cloud-security/amazon/services/troubleshooting.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/source/cloud-security/amazon/services/troubleshooting.rst b/source/cloud-security/amazon/services/troubleshooting.rst index 8965b16490..e98f201cda 100644 --- a/source/cloud-security/amazon/services/troubleshooting.rst +++ b/source/cloud-security/amazon/services/troubleshooting.rst @@ -67,7 +67,7 @@ Follow these steps to enable debug mode: #. Restart the Wazuh service. -.. include:: ../../_templates/common/restart_manager_or_agent.rst +.. include:: /_templates/common/restart_manager_or_agent.rst .. Note:: Don't forget to disable debug mode once the troubleshooting has finished. Leaving debug mode enabled could result in the addition of large amounts of logs in the ``ossec.log`` file. From 0f5042c0fe7c6ffe17ccfe1c7a88ff31b13de48e Mon Sep 17 00:00:00 2001 From: Javier Medeot Date: Thu, 13 Jul 2023 10:27:29 -0300 Subject: [PATCH 04/10] Undo orphan content removal --- .../elastic-load-balancing/alb.rst | 78 +++++++++++++++++++ .../elastic-load-balancing/clb.rst | 77 ++++++++++++++++++ .../elastic-load-balancing/index.rst | 18 +++++ .../elastic-load-balancing/nlb.rst | 77 ++++++++++++++++++ .../prerequisites/dependencies.rst | 67 ++++++++++++++++ 5 files changed, 317 insertions(+) diff --git a/source/amazon/services/supported-services/elastic-load-balancing/alb.rst b/source/amazon/services/supported-services/elastic-load-balancing/alb.rst index 8feca331c5..97dcab9c18 100644 --- a/source/amazon/services/supported-services/elastic-load-balancing/alb.rst +++ b/source/amazon/services/supported-services/elastic-load-balancing/alb.rst @@ -1 +1,79 @@ +.. Copyright (C) 2015, Wazuh, Inc. + +.. meta:: + :description: AWS Application Load Balancer is a service that distributes incoming application traffic across multiple targets. Learn how to configure and monitor it with Wazuh. + :orphan: + +Amazon ALB +========== + +`Application Load Balancers `_ (Amazon ALB) Elastic Load Balancing automatically distributes the incoming traffic across multiple targets, such as EC2 instances, containers, and IP addresses, in one or more Availability Zones. It monitors the health of its registered targets and routes traffic only to the healthy targets. Users can select the type of load balancer that best suits their needs. An Application Load Balancer functions at the application layer, the seventh layer of the Open Systems Interconnection (OSI) model. After the load balancer receives a request, it evaluates the listener rules in priority order to determine which rule to apply and then selects a target from the target group for the rule action. + +Amazon configuration +-------------------- + +#. Select an existing S3 Bucket or :doc:`create a new one `. + +#. Go to Services > Compute > EC2: + + .. thumbnail:: /images/cloud-security/aws/aws-create-vpc-1.png + :align: center + :width: 70% + +#. Go to Load Balancing > Load Balancers on the left menu. Create a new load balancer or select one or more load balancers and select *Edit attributes* on the *Actions* menu: + + .. thumbnail:: /images/cloud-security/aws/aws-create-elb-1.png + :align: center + :width: 70% + +#. In this tab we will define our S3 and the path where the logs will be stored: + + .. thumbnail:: /images/cloud-security/aws/aws-create-elb-2.png + :align: center + :width: 70% + + .. note:: + To enable access logs for ALB (Application Load Balancers), check the following link: + + * `Application Load Balancer. `_ + +Policy configuration +++++++++++++++++++++ + +.. include:: /_templates/cloud/amazon/create_policy.rst +.. include:: /_templates/cloud/amazon/bucket_policies.rst +.. include:: /_templates/cloud/amazon/attach_policy.rst + +Wazuh configuration +------------------- + +#. Open the Wazuh configuration file (``/var/ossec/etc/ossec.conf``) and add the following block for ALB: + + .. code-block:: xml + + + no + 10m + yes + yes + + wazuh-aws-wodle + ALB + default + + + + .. note:: + Check the :doc:`AWS S3 module ` reference manual to learn more about each setting. + +#. Restart Wazuh in order to apply the changes: + + * If you're configuring a Wazuh manager: + + .. include:: /_templates/common/restart_manager.rst + + * If you're configuring a Wazuh agent: + + .. include:: /_templates/common/restart_agent.rst + diff --git a/source/amazon/services/supported-services/elastic-load-balancing/clb.rst b/source/amazon/services/supported-services/elastic-load-balancing/clb.rst index 8feca331c5..ca2c8670eb 100644 --- a/source/amazon/services/supported-services/elastic-load-balancing/clb.rst +++ b/source/amazon/services/supported-services/elastic-load-balancing/clb.rst @@ -1 +1,78 @@ +.. Copyright (C) 2015, Wazuh, Inc. + +.. meta:: + :description: AWS Classic Load Balancer is a service that distributes incoming application traffic across multiple targets. Learn how to configure and monitor it with Wazuh. + :orphan: + +Amazon CLB +========== + +`Classic Load Balancers `_ (Amazon CLB) Elastic Load Balancing automatically distributes the incoming traffic across multiple targets, such as EC2 instances, containers, and IP addresses, in one or more Availability Zones. It monitors the health of its registered targets and routes traffic only to the healthy targets. Users can select the type of load balancer that best suits their needs. A Classic Load Balancer makes routing decisions at either the transport layer (TCP/SSL) or the application layer (HTTP/HTTPS). Classic Load Balancers currently require a fixed relationship between the load balancer port and the container instance port. + +Amazon configuration +-------------------- + +#. Select an existing S3 Bucket or :doc:`create a new one `. + +#. Go to Services > Compute > EC2: + + .. thumbnail:: /images/cloud-security/aws/aws-create-vpc-1.png + :align: center + :width: 70% + +#. Go to Load Balancing > Load Balancers on the left menu. Create a new load balancer or select one or more load balancers and select *Edit attributes* on the *Actions* menu: + + .. thumbnail:: /images/cloud-security/aws/aws-create-elb-1.png + :align: center + :width: 70% + +#. In this tab we will define our S3 and the path where the logs will be stored: + + .. thumbnail:: /images/cloud-security/aws/aws-create-elb-2.png + :align: center + :width: 70% + + .. note:: + To enable access logs for CLB (Classic Load Balancers), check the following link: + + * `Classic Load Balancer. `_ + +Policy configuration +++++++++++++++++++++ + +.. include:: /_templates/cloud/amazon/create_policy.rst +.. include:: /_templates/cloud/amazon/bucket_policies.rst +.. include:: /_templates/cloud/amazon/attach_policy.rst + +Wazuh configuration +------------------- + +#. Open the Wazuh configuration file (``/var/ossec/etc/ossec.conf``) and add the following block for CLB: + + .. code-block:: xml + + + no + 10m + yes + yes + + wazuh-aws-wodle + CLB + default + + + + .. note:: + Check the :doc:`AWS S3 module ` reference manual to learn more about each setting. + +#. Restart Wazuh in order to apply the changes: + + * If you're configuring a Wazuh manager: + + .. include:: /_templates/common/restart_manager.rst + + * If you're configuring a Wazuh agent: + + .. include:: /_templates/common/restart_agent.rst diff --git a/source/amazon/services/supported-services/elastic-load-balancing/index.rst b/source/amazon/services/supported-services/elastic-load-balancing/index.rst index 8feca331c5..ed2c4c8d5b 100644 --- a/source/amazon/services/supported-services/elastic-load-balancing/index.rst +++ b/source/amazon/services/supported-services/elastic-load-balancing/index.rst @@ -1 +1,19 @@ +.. Copyright (C) 2022 Wazuh, Inc. + +.. meta:: + :description: AWS Elastic Load Balancers are services that distribute incoming traffic across multiple targets. Learn how to configure and monitor them with Wazuh. + :orphan: + +====================== +Elastic Load Balancers +====================== + +AWS Elastic Load Balancers are services that distribute incoming traffic across multiple targets. The following sections explain the different types of load balancers available and how to configure and monitor them with Wazuh: + +.. toctree:: + :titlesonly: + + Amazon Application Load Balancer (ALB) + Amazon Classic Load Balancer (CLB) + Amazon Network Load Balancer (NLB) \ No newline at end of file diff --git a/source/amazon/services/supported-services/elastic-load-balancing/nlb.rst b/source/amazon/services/supported-services/elastic-load-balancing/nlb.rst index 8feca331c5..9bb4ff1a39 100644 --- a/source/amazon/services/supported-services/elastic-load-balancing/nlb.rst +++ b/source/amazon/services/supported-services/elastic-load-balancing/nlb.rst @@ -1 +1,78 @@ +.. Copyright (C) 2015, Wazuh, Inc. + +.. meta:: + :description: Amazon NLB automatically distributes the incoming traffic across multiple targets. Learn how to use Amazon NLB with Wazuh in this section. + :orphan: + +Amazon NLB +========== + +`Network Load Balancers `_ (Amazon NLB) Elastic Load Balancing automatically distributes the incoming traffic across multiple targets, such as EC2 instances, containers, and IP addresses, in one or more Availability Zones. It monitors the health of its registered targets and routes traffic only to the healthy targets. Users can select the type of load balancer that best suits their needs. A Network Load Balancer functions at the fourth layer of the Open Systems Interconnection (OSI) model. It can handle millions of requests per second. After the load balancer receives a connection request, it selects a target from the target group for the default rule. It attempts to open a TCP connection to the selected target on the port specified in the listener configuration. + +Amazon configuration +-------------------- + +#. Select an existing S3 Bucket or :doc:`create a new one `. + +#. Go to Services > Compute > EC2: + + .. thumbnail:: /images/cloud-security/aws/aws-create-vpc-1.png + :align: center + :width: 70% + +#. Go to Load Balancing > Load Balancers on the left menu. Create a new load balancer or select one or more load balancers and select *Edit attributes* on the *Actions* menu: + + .. thumbnail:: /images/cloud-security/aws/aws-create-elb-1.png + :align: center + :width: 70% + +#. In this tab we will define our S3 and the path where the logs will be stored: + + .. thumbnail:: /images/cloud-security/aws/aws-create-elb-2.png + :align: center + :width: 70% + + .. note:: + To enable access logs for NLB (Network Load Balancers), check the following link: + + * `Network Load Balancer. `_ + +Policy configuration +++++++++++++++++++++ + +.. include:: /_templates/cloud/amazon/create_policy.rst +.. include:: /_templates/cloud/amazon/bucket_policies.rst +.. include:: /_templates/cloud/amazon/attach_policy.rst + +Wazuh configuration +------------------- + +#. Open the Wazuh configuration file (``/var/ossec/etc/ossec.conf``) and add the following block for NLB: + + .. code-block:: xml + + + no + 10m + yes + yes + + wazuh-aws-wodle + NLB + default + + + + .. note:: + Check the :doc:`AWS S3 module ` reference manual to learn more about each setting. + +#. Restart Wazuh in order to apply the changes: + + * If you're configuring a Wazuh manager: + + .. include:: /_templates/common/restart_manager.rst + + * If you're configuring a Wazuh agent: + + .. include:: /_templates/common/restart_agent.rst diff --git a/source/azure/activity-services/prerequisites/dependencies.rst b/source/azure/activity-services/prerequisites/dependencies.rst index 8feca331c5..7f0cedef61 100644 --- a/source/azure/activity-services/prerequisites/dependencies.rst +++ b/source/azure/activity-services/prerequisites/dependencies.rst @@ -1 +1,68 @@ +.. Copyright (C) 2015, Wazuh, Inc. + :orphan: + +Installing dependencies +======================= + +.. note:: + + The Azure monitoring module can be configured in the Wazuh manager (which also behaves as an agent) or directly in a Wazuh agent. + +.. warning:: + The Wazuh manager includes all dependencies installed, these steps are only necessary when configuring the integration in a Wazuh agent. + + +Python +------ + +The Azure module requires Python 3. It is compatible with Python 3.7 and above. + +.. tabs:: + + .. group-tab:: Yum + + .. code-block:: console + + # yum update && yum install python3 + + .. group-tab:: APT + + .. code-block:: console + + # apt-get update && apt-get install python3 + + +The required modules can be installed with Pip, the Python package manager. Most of UNIX distributions have this tool available in their software repositories: + +.. tabs:: + + .. group-tab:: Yum + + .. code-block:: console + + # yum update && yum install python3-pip + + .. group-tab:: APT + + .. code-block:: console + + # apt-get update && apt-get install python3-pip + + +It is recommended to use a pip version greater than or equal to 19.3 to ease the installation of the required dependencies. + +.. code-block:: console + + # pip3 install --upgrade pip + +Azure Storage Blobs client library for Python +--------------------------------------------- + +`Azure Storage Blobs client library `_ is the official Python library for Microsoft's Azure Blob storage. + +To install the Azure Storage Blobs client library for Python, execute the following command: + +.. code-block:: console + + # pip3 install azure-storage-blob==2.1.0 azure-storage-common==2.1.0 azure-common==1.1.25 cryptography==3.3.2 cffi==1.14.4 pycparser==2.20 six==1.14.0 python-dateutil==2.8.1 requests==2.25.1 certifi==2022.12.07 chardet==3.0.4 idna==2.9 urllib3==1.26.5 SQLAlchemy==1.3.11 pytz==2020.1 \ No newline at end of file From 50e5bb403bfac710e3bc64755385b76a86fb3eca Mon Sep 17 00:00:00 2001 From: Javier Medeot Date: Thu, 13 Jul 2023 12:29:59 -0300 Subject: [PATCH 05/10] Fix Wazuh indexer backup folder reference --- source/user-manual/files-backup/wazuh-central-components.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/source/user-manual/files-backup/wazuh-central-components.rst b/source/user-manual/files-backup/wazuh-central-components.rst index 28577c6b88..be8cc09dbd 100644 --- a/source/user-manual/files-backup/wazuh-central-components.rst +++ b/source/user-manual/files-backup/wazuh-central-components.rst @@ -107,7 +107,7 @@ Backing up the Wazuh indexer and dashboard /etc/wazuh-indexer/opensearch.keystore \ /etc/wazuh-indexer/opensearch-observability/ \ /etc/wazuh-indexer/opensearch-reports-scheduler/ \ - /usr/share/wazuh-indexer/plugins/opensearch-security/securityconfig \ + /usr/share/wazuh-indexer/plugins/opensearch-security/tools/config.yml \ /usr/lib/sysctl.d/wazuh-indexer.conf $bkp_folder #. Back up the Wazuh dashboard certificates and configuration files. From 1c81bd736b2588449bdfffbd455b93895f7f2835 Mon Sep 17 00:00:00 2001 From: Javier Medeot Date: Thu, 13 Jul 2023 15:08:07 -0300 Subject: [PATCH 06/10] Fix Wazuh indexer backup folder reference --- source/user-manual/files-backup/wazuh-central-components.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/source/user-manual/files-backup/wazuh-central-components.rst b/source/user-manual/files-backup/wazuh-central-components.rst index be8cc09dbd..2e06e71b87 100644 --- a/source/user-manual/files-backup/wazuh-central-components.rst +++ b/source/user-manual/files-backup/wazuh-central-components.rst @@ -107,7 +107,7 @@ Backing up the Wazuh indexer and dashboard /etc/wazuh-indexer/opensearch.keystore \ /etc/wazuh-indexer/opensearch-observability/ \ /etc/wazuh-indexer/opensearch-reports-scheduler/ \ - /usr/share/wazuh-indexer/plugins/opensearch-security/tools/config.yml \ + /etc/wazuh-indexer/opensearch-security/ \ /usr/lib/sysctl.d/wazuh-indexer.conf $bkp_folder #. Back up the Wazuh dashboard certificates and configuration files. From cb57ec3c706b3a9b8e1f77f281d5283ebbdf8e9d Mon Sep 17 00:00:00 2001 From: vamera Date: Fri, 14 Jul 2023 10:26:45 +0200 Subject: [PATCH 07/10] Fixed a javacript error occurring while managing relative paths on the pages --- source/_themes/wazuh_doc_theme_v3/src/js-source/utils.js | 5 +---- .../wazuh_doc_theme_v3/static/js/min/api-reference.min.js | 2 +- source/_themes/wazuh_doc_theme_v3/static/js/min/index.min.js | 2 +- .../wazuh_doc_theme_v3/static/js/min/not-found.min.js | 2 +- .../wazuh_doc_theme_v3/static/js/min/search-results.min.js | 2 +- .../static/js/min/wazuh-documentation.min.js | 2 +- 6 files changed, 6 insertions(+), 9 deletions(-) diff --git a/source/_themes/wazuh_doc_theme_v3/src/js-source/utils.js b/source/_themes/wazuh_doc_theme_v3/src/js-source/utils.js index d1a47374ab..bb0eaae89a 100644 --- a/source/_themes/wazuh_doc_theme_v3/src/js-source/utils.js +++ b/source/_themes/wazuh_doc_theme_v3/src/js-source/utils.js @@ -38,7 +38,6 @@ if ( typeof(versions) === 'undefined' ) { }); $('.navbar-nav .dropdown-toggle').on('mouseleave', function(e) { let toElement = e.toElement || e.relatedTarget; - console.log(toElement); if ($(this).closest('.dropdown').hasClass('show') && toElement !== $(this).siblings()[0]) { e.stopPropagation(); @@ -47,8 +46,6 @@ if ( typeof(versions) === 'undefined' ) { }); $('.navbar-nav .dropdown-menu').on('mouseleave', function(e) { let toElement = e.toElement || e.relatedTarget; - - console.log("submenu",toElement); if ($(this).closest('.dropdown').hasClass('show') && toElement !== $(this).siblings()[0]) { $(this).siblings().trigger('click'); @@ -72,7 +69,7 @@ const newTabNodes = [ let oursHost = ['documentation.wazuh.com']; $('a.reference.external').each(function() { - let link = new URL($(this).attr('href')); + let link = new URL(this.href); if ( !oursHost.includes(link.host) ) { $(this).attr('target', '_blank').attr('rel', 'noreferrer noopener'); } diff --git a/source/_themes/wazuh_doc_theme_v3/static/js/min/api-reference.min.js b/source/_themes/wazuh_doc_theme_v3/static/js/min/api-reference.min.js index 1d0e7657f4..e4b79875a6 100644 --- a/source/_themes/wazuh_doc_theme_v3/static/js/min/api-reference.min.js +++ b/source/_themes/wazuh_doc_theme_v3/static/js/min/api-reference.min.js @@ -1,2 +1,2 @@ -if($(document).ready(function(){if(window.matchMedia){let n=$('head > link[rel="icon"][media]');$.each(n,function(e,t){const r=window.matchMedia(t.media);function o(){r.matches&&(n.remove(),n=$(t).appendTo("head"))}r.addListener(o),o()})}}),"undefined"==typeof versions){const versions=[]}!function(r){window.matchMedia("(hover: hover)").matches&&(r(".navbar-nav .dropdown-toggle").on("mouseenter",function(e){r(this).closest(".dropdown").hasClass("show")||(e.stopPropagation(),r(this).trigger("click"))}),r(".navbar-nav .dropdown-toggle").on("mouseleave",function(e){var t=e.toElement||e.relatedTarget;console.log(t),r(this).closest(".dropdown").hasClass("show")&&t!==r(this).siblings()[0]&&(e.stopPropagation(),r(this).trigger("click"))}),r(".navbar-nav .dropdown-menu").on("mouseleave",function(e){e=e.toElement||e.relatedTarget;console.log("submenu",e),r(this).closest(".dropdown").hasClass("show")&&e!==r(this).siblings()[0]&&r(this).siblings().trigger("click")}))}(jQuery);const minVersionRedoc="4.0",useApiRedoc=0<=compareVersion(DOCUMENTATION_OPTIONS.VERSION,minVersionRedoc),newTabNodes=["user-manual/api/reference","cloud-service/apis/reference"];let oursHost=["documentation.wazuh.com"];function compareVersion(r,o){let n=!1;if("string"==typeof r&&"string"==typeof o){let e=r.split("."),t=o.split(".");2<=e.length&&2<=t.length&&(e=e.map(e=>parseInt(e)),t=t.map(e=>parseInt(e)),n=e[0]>t[0]?1:e[0]t[1]?1:e[1]=parseInt(R))&&delete l[r]}return l}(h,f,i,newUrls,redirections,removedUrls);h=h.reverse();for(let e=0;e Version "+p[e]+(0==e?" (current)":"")+"",l==p[0]&&u(".no-latest-notice .link-latest").attr("href",a);return e.html(n),d}function m(t){if(Array.isArray(t))return t;{let e=t.trim();return"/"==(e="#"==(e=(e=e.replace(/\/$/,"/index.html")).replace(/\/{2,}/,"/")).charAt(e.length-1)?e.substring(0,e.length-1):e).charAt(e.length-1)||/.*(\.html|#.*)$/.test(e)||(e+="/"),e=checkEncodeURI(e="/"!=e.charAt(0)?"/"+e:e)?e:encodeURI(e)}}function V(e,t){let r=-1;for(i in t)e==t[i]&&(r=i);return r}function N(e,t){var r=[];for(forId in t)if({}.hasOwnProperty.call(t,forId))for(forRelease in t[forId])"target"!=forRelease&&e==t[forId][forRelease]&&r.push(t[forId]);return r}function b(e,t,r){for(var o=[],n=t;n.length;){var i,s,l,a=n.pop();for(forTarget in a.target)({}).hasOwnProperty.call(a.target,forTarget)&&(i=a.target[forTarget].split("=>"),s=parseInt(V(i[0],r)),l=parseInt(V(i[1],r)),e.page==a[i[0]])&&("toBottom"!=e.direction&&s=s&&o.push({release:i[1],direction:"toBottom",url:a[i[1]]})}return o}function k(e,t,r,o){var n,s=[];for(forVersions in o)({}).hasOwnProperty.call(o,forVersions)&&(forVersions=parseInt(forVersions),"toBottom"==e&&forVersionse&&null!=r[t[i]]&&-1==o&&(o=i);return o}(forVersions,o,t))&&(s[o[forVersions]]=t[o[n]]):s[o[forVersions]]=t[o[forVersions]]),"toTop"==e)&&forVersions>=r&&(null==t[o[forVersions]]?0!=forVersions&&-1!=(n=function(e,t,r){let o=-1;for(i in t)({}).hasOwnProperty.call(t,i)&&(i=parseInt(i))>=e&&null!=r[t[i-1]]&&-1==o&&(o=i-1);return o}(forVersions,o,s))&&(s[o[forVersions]]=s[o[n]]):s[o[forVersions]]=t[o[forVersions]]);return s}e==p[0]&&(e="current"),document.querySelector("link[rel='canonical']")||((s=document.createElement("link")).setAttribute("rel","canonical"),s.setAttribute("href",document.location.protocol+"//"+document.location.host+"/"+e+l),document.head.appendChild(s)),u('#version-selector [data-toggle="tooltip"]').tooltip({container:"header"})}),$("#version-selector a.disable").click(function(e){return e.preventDefault(),e.stopPropagation(),!1}),init(); +if($(document).ready(function(){if(window.matchMedia){let n=$('head > link[rel="icon"][media]');$.each(n,function(e,t){const r=window.matchMedia(t.media);function o(){r.matches&&(n.remove(),n=$(t).appendTo("head"))}r.addListener(o),o()})}}),"undefined"==typeof versions){const versions=[]}!function(r){window.matchMedia("(hover: hover)").matches&&(r(".navbar-nav .dropdown-toggle").on("mouseenter",function(e){r(this).closest(".dropdown").hasClass("show")||(e.stopPropagation(),r(this).trigger("click"))}),r(".navbar-nav .dropdown-toggle").on("mouseleave",function(e){var t=e.toElement||e.relatedTarget;r(this).closest(".dropdown").hasClass("show")&&t!==r(this).siblings()[0]&&(e.stopPropagation(),r(this).trigger("click"))}),r(".navbar-nav .dropdown-menu").on("mouseleave",function(e){e=e.toElement||e.relatedTarget;r(this).closest(".dropdown").hasClass("show")&&e!==r(this).siblings()[0]&&r(this).siblings().trigger("click")}))}(jQuery);const minVersionRedoc="4.0",useApiRedoc=0<=compareVersion(DOCUMENTATION_OPTIONS.VERSION,minVersionRedoc),newTabNodes=["user-manual/api/reference","cloud-service/apis/reference"];let oursHost=["documentation.wazuh.com"];function compareVersion(r,o){let n=!1;if("string"==typeof r&&"string"==typeof o){let e=r.split("."),t=o.split(".");2<=e.length&&2<=t.length&&(e=e.map(e=>parseInt(e)),t=t.map(e=>parseInt(e)),n=e[0]>t[0]?1:e[0]t[1]?1:e[1]=parseInt(R))&&delete l[r]}return l}(h,u,i,newUrls,redirections,removedUrls);h=h.reverse();for(let e=0;e Version "+p[e]+(0==e?" (current)":"")+"",l==p[0]&&f(".no-latest-notice .link-latest").attr("href",a);return e.html(n),d}function m(t){if(Array.isArray(t))return t;{let e=t.trim();return"/"==(e="#"==(e=(e=e.replace(/\/$/,"/index.html")).replace(/\/{2,}/,"/")).charAt(e.length-1)?e.substring(0,e.length-1):e).charAt(e.length-1)||/.*(\.html|#.*)$/.test(e)||(e+="/"),e=checkEncodeURI(e="/"!=e.charAt(0)?"/"+e:e)?e:encodeURI(e)}}function V(e,t){let r=-1;for(i in t)e==t[i]&&(r=i);return r}function N(e,t){var r=[];for(forId in t)if({}.hasOwnProperty.call(t,forId))for(forRelease in t[forId])"target"!=forRelease&&e==t[forId][forRelease]&&r.push(t[forId]);return r}function k(e,t,r){for(var o=[],n=t;n.length;){var i,s,l,a=n.pop();for(forTarget in a.target)({}).hasOwnProperty.call(a.target,forTarget)&&(i=a.target[forTarget].split("=>"),s=parseInt(V(i[0],r)),l=parseInt(V(i[1],r)),e.page==a[i[0]])&&("toBottom"!=e.direction&&s=s&&o.push({release:i[1],direction:"toBottom",url:a[i[1]]})}return o}function T(e,t,r,o){var n,s=[];for(forVersions in o)({}).hasOwnProperty.call(o,forVersions)&&(forVersions=parseInt(forVersions),"toBottom"==e&&forVersionse&&null!=r[t[i]]&&-1==o&&(o=i);return o}(forVersions,o,t))&&(s[o[forVersions]]=t[o[n]]):s[o[forVersions]]=t[o[forVersions]]),"toTop"==e)&&forVersions>=r&&(null==t[o[forVersions]]?0!=forVersions&&-1!=(n=function(e,t,r){let o=-1;for(i in t)({}).hasOwnProperty.call(t,i)&&(i=parseInt(i))>=e&&null!=r[t[i-1]]&&-1==o&&(o=i-1);return o}(forVersions,o,s))&&(s[o[forVersions]]=s[o[n]]):s[o[forVersions]]=t[o[forVersions]]);return s}e==p[0]&&(e="current"),document.querySelector("link[rel='canonical']")||((s=document.createElement("link")).setAttribute("rel","canonical"),s.setAttribute("href",document.location.protocol+"//"+document.location.host+"/"+e+l),document.head.appendChild(s)),f('#version-selector [data-toggle="tooltip"]').tooltip({container:"header"})}),$("#version-selector a.disable").click(function(e){return e.preventDefault(),e.stopPropagation(),!1}),init(); //# sourceMappingURL=api-reference.min.js.map \ No newline at end of file diff --git a/source/_themes/wazuh_doc_theme_v3/static/js/min/index.min.js b/source/_themes/wazuh_doc_theme_v3/static/js/min/index.min.js index 5494e1277f..4e816e65a5 100644 --- a/source/_themes/wazuh_doc_theme_v3/static/js/min/index.min.js +++ b/source/_themes/wazuh_doc_theme_v3/static/js/min/index.min.js @@ -1,2 +1,2 @@ -if($(document).ready(function(){if(window.matchMedia){let i=$('head > link[rel="icon"][media]');$.each(i,function(e,t){const n=window.matchMedia(t.media);function o(){n.matches&&(i.remove(),i=$(t).appendTo("head"))}n.addListener(o),o()})}}),"undefined"==typeof versions){const versions=[]}!function(n){window.matchMedia("(hover: hover)").matches&&(n(".navbar-nav .dropdown-toggle").on("mouseenter",function(e){n(this).closest(".dropdown").hasClass("show")||(e.stopPropagation(),n(this).trigger("click"))}),n(".navbar-nav .dropdown-toggle").on("mouseleave",function(e){var t=e.toElement||e.relatedTarget;console.log(t),n(this).closest(".dropdown").hasClass("show")&&t!==n(this).siblings()[0]&&(e.stopPropagation(),n(this).trigger("click"))}),n(".navbar-nav .dropdown-menu").on("mouseleave",function(e){e=e.toElement||e.relatedTarget;console.log("submenu",e),n(this).closest(".dropdown").hasClass("show")&&e!==n(this).siblings()[0]&&n(this).siblings().trigger("click")}))}(jQuery);const minVersionRedoc="4.0",useApiRedoc=0<=compareVersion(DOCUMENTATION_OPTIONS.VERSION,minVersionRedoc),newTabNodes=["user-manual/api/reference","cloud-service/apis/reference"];let oursHost=["documentation.wazuh.com"];function compareVersion(n,o){let i=!1;if("string"==typeof n&&"string"==typeof o){let e=n.split("."),t=o.split(".");2<=e.length&&2<=t.length&&(e=e.map(e=>parseInt(e)),t=t.map(e=>parseInt(e)),i=e[0]>t[0]?1:e[0]t[1]?1:e[1] :header:first").each(function(){$('').attr("href","#"+this.id).attr("title",_("Permalink to this headline")).appendTo(this)}),$("dt[id]").each(function(){$('').attr("href","#"+this.id).attr("title",_("Permalink to this definition")).appendTo(this)})},fixFirefoxAnchorBug:function(){document.location.hash&&$.browser.mozilla&&window.setTimeout(function(){document.location.href+=""},10)},highlightSearchWords:function(){var e,t=$.getQueryParameters(),n=t.highlight?t.highlight[0].replace(/"/g,"").split(/\s+/):[];n.length&&((e=$("main > .section")).length||(e=$("body")),window.setTimeout(function(){$.each(n,function(){e.highlightText(this.toLowerCase(),"highlighted")})},10),$('

'+_("Hide Search Matches")+"

").appendTo($("#searchbox")))},initIndexTable:function(){var e=$("img.toggler").click(function(){var e=$(this).attr("src"),t=$(this).attr("id").substr(7);$("tr.cg-"+t).toggle(),"minus.png"===e.substr(-9)?$(this).attr("src",e.substr(0,e.length-9)+"plus.png"):$(this).attr("src",e.substr(0,e.length-8)+"minus.png")}).css("display","");DOCUMENTATION_OPTIONS.COLLAPSE_INDEX&&e.click()},hideSearchWords:function(){$("#searchbox .highlight-link").fadeOut(300),$("span.highlighted").removeClass("highlighted")},makeURL:function(e){return DOCUMENTATION_OPTIONS.URL_ROOT+"/"+e},getCurrentURL:function(){var e=document.location.pathname,t=e.split(/\//),n=($.each(DOCUMENTATION_OPTIONS.URL_ROOT.split(/\//),function(){".."===this&&t.pop()}),t.join("/"));return e.substring(n.lastIndexOf("/")+1,e.length-1)},initOnKeyListeners:function(){$(document).keydown(function(e){var t=document.activeElement.tagName;if(!("TEXTAREA"===t||"INPUT"===t||"SELECT"===t||e.altKey||e.ctrlKey||e.metaKey||e.shiftKey))switch(e.keyCode){case 37:var n=$('link[rel="prev"]').prop("href");if(n)return window.location.href=n,!1;case 39:n=$('link[rel="next"]').prop("href");if(n)return window.location.href=n,!1}})}};_=Documentation.gettext,$(document).ready(function(){Documentation.init()});const maxShowItems=3;if($(".index")){$(".loading").removeClass("loading");const ya=document.createElement("span"),za=document.createElement("use"),Aa=(ya.setAttribute("class","ico-long-arrow-right"),$(".toctree-wrapper:last-of-type .toctree-l1:last-of-type .toctree-l2:first-of-type > a").text("More").append(ya),$('[href="quickstart.html"]').parent()),Ba=(Aa.attr("id","quickstart"),Aa.parent().prepend(Aa),[]);function hideSectionsFromIndex(t){for(let e=0;emaxShowItems&&(e.addClass("collapsible").addClass("collapsed"),e.append(t.cloneNode(!0)))})}$(document).delegate(".toctree-l1 .toggle","click",function(e){e.preventDefault();var e=$(e.target).closest(".collapsible"),t=e.hasClass("collapsed");$(".collapsible").addClass("collapsed"),$(".collapsed .toggle").attr("aria-label","Expand section"),t&&(e.removeClass("collapsed"),e.find(".toggle").attr("aria-label","Collapse section"))}),setCollapsibleIndexBlocks()} +if($(document).ready(function(){if(window.matchMedia){let i=$('head > link[rel="icon"][media]');$.each(i,function(e,t){const n=window.matchMedia(t.media);function o(){n.matches&&(i.remove(),i=$(t).appendTo("head"))}n.addListener(o),o()})}}),"undefined"==typeof versions){const versions=[]}!function(n){window.matchMedia("(hover: hover)").matches&&(n(".navbar-nav .dropdown-toggle").on("mouseenter",function(e){n(this).closest(".dropdown").hasClass("show")||(e.stopPropagation(),n(this).trigger("click"))}),n(".navbar-nav .dropdown-toggle").on("mouseleave",function(e){var t=e.toElement||e.relatedTarget;n(this).closest(".dropdown").hasClass("show")&&t!==n(this).siblings()[0]&&(e.stopPropagation(),n(this).trigger("click"))}),n(".navbar-nav .dropdown-menu").on("mouseleave",function(e){e=e.toElement||e.relatedTarget;n(this).closest(".dropdown").hasClass("show")&&e!==n(this).siblings()[0]&&n(this).siblings().trigger("click")}))}(jQuery);const minVersionRedoc="4.0",useApiRedoc=0<=compareVersion(DOCUMENTATION_OPTIONS.VERSION,minVersionRedoc),newTabNodes=["user-manual/api/reference","cloud-service/apis/reference"];let oursHost=["documentation.wazuh.com"];function compareVersion(n,o){let i=!1;if("string"==typeof n&&"string"==typeof o){let e=n.split("."),t=o.split(".");2<=e.length&&2<=t.length&&(e=e.map(e=>parseInt(e)),t=t.map(e=>parseInt(e)),i=e[0]>t[0]?1:e[0]t[1]?1:e[1] :header:first").each(function(){$('').attr("href","#"+this.id).attr("title",_("Permalink to this headline")).appendTo(this)}),$("dt[id]").each(function(){$('').attr("href","#"+this.id).attr("title",_("Permalink to this definition")).appendTo(this)})},fixFirefoxAnchorBug:function(){document.location.hash&&$.browser.mozilla&&window.setTimeout(function(){document.location.href+=""},10)},highlightSearchWords:function(){var e,t=$.getQueryParameters(),n=t.highlight?t.highlight[0].replace(/"/g,"").split(/\s+/):[];n.length&&((e=$("main > .section")).length||(e=$("body")),window.setTimeout(function(){$.each(n,function(){e.highlightText(this.toLowerCase(),"highlighted")})},10),$('

'+_("Hide Search Matches")+"

").appendTo($("#searchbox")))},initIndexTable:function(){var e=$("img.toggler").click(function(){var e=$(this).attr("src"),t=$(this).attr("id").substr(7);$("tr.cg-"+t).toggle(),"minus.png"===e.substr(-9)?$(this).attr("src",e.substr(0,e.length-9)+"plus.png"):$(this).attr("src",e.substr(0,e.length-8)+"minus.png")}).css("display","");DOCUMENTATION_OPTIONS.COLLAPSE_INDEX&&e.click()},hideSearchWords:function(){$("#searchbox .highlight-link").fadeOut(300),$("span.highlighted").removeClass("highlighted")},makeURL:function(e){return DOCUMENTATION_OPTIONS.URL_ROOT+"/"+e},getCurrentURL:function(){var e=document.location.pathname,t=e.split(/\//),n=($.each(DOCUMENTATION_OPTIONS.URL_ROOT.split(/\//),function(){".."===this&&t.pop()}),t.join("/"));return e.substring(n.lastIndexOf("/")+1,e.length-1)},initOnKeyListeners:function(){$(document).keydown(function(e){var t=document.activeElement.tagName;if(!("TEXTAREA"===t||"INPUT"===t||"SELECT"===t||e.altKey||e.ctrlKey||e.metaKey||e.shiftKey))switch(e.keyCode){case 37:var n=$('link[rel="prev"]').prop("href");if(n)return window.location.href=n,!1;case 39:n=$('link[rel="next"]').prop("href");if(n)return window.location.href=n,!1}})}};_=Documentation.gettext,$(document).ready(function(){Documentation.init()});const maxShowItems=3;if($(".index")){$(".loading").removeClass("loading");const ya=document.createElement("span"),za=document.createElement("use"),Aa=(ya.setAttribute("class","ico-long-arrow-right"),$(".toctree-wrapper:last-of-type .toctree-l1:last-of-type .toctree-l2:first-of-type > a").text("More").append(ya),$('[href="quickstart.html"]').parent()),Ba=(Aa.attr("id","quickstart"),Aa.parent().prepend(Aa),[]);function hideSectionsFromIndex(t){for(let e=0;emaxShowItems&&(e.addClass("collapsible").addClass("collapsed"),e.append(t.cloneNode(!0)))})}$(document).delegate(".toctree-l1 .toggle","click",function(e){e.preventDefault();var e=$(e.target).closest(".collapsible"),t=e.hasClass("collapsed");$(".collapsible").addClass("collapsed"),$(".collapsed .toggle").attr("aria-label","Expand section"),t&&(e.removeClass("collapsed"),e.find(".toggle").attr("aria-label","Collapse section"))}),setCollapsibleIndexBlocks()} //# sourceMappingURL=index.min.js.map \ No newline at end of file diff --git a/source/_themes/wazuh_doc_theme_v3/static/js/min/not-found.min.js b/source/_themes/wazuh_doc_theme_v3/static/js/min/not-found.min.js index 547e9cb8a7..9b256c2352 100644 --- a/source/_themes/wazuh_doc_theme_v3/static/js/min/not-found.min.js +++ b/source/_themes/wazuh_doc_theme_v3/static/js/min/not-found.min.js @@ -1,2 +1,2 @@ -if($(document).ready(function(){if(window.matchMedia){let o=$('head > link[rel="icon"][media]');$.each(o,function(e,t){const r=window.matchMedia(t.media);function n(){r.matches&&(o.remove(),o=$(t).appendTo("head"))}r.addListener(n),n()})}}),"undefined"==typeof versions){const versions=[]}!function(r){window.matchMedia("(hover: hover)").matches&&(r(".navbar-nav .dropdown-toggle").on("mouseenter",function(e){r(this).closest(".dropdown").hasClass("show")||(e.stopPropagation(),r(this).trigger("click"))}),r(".navbar-nav .dropdown-toggle").on("mouseleave",function(e){var t=e.toElement||e.relatedTarget;console.log(t),r(this).closest(".dropdown").hasClass("show")&&t!==r(this).siblings()[0]&&(e.stopPropagation(),r(this).trigger("click"))}),r(".navbar-nav .dropdown-menu").on("mouseleave",function(e){e=e.toElement||e.relatedTarget;console.log("submenu",e),r(this).closest(".dropdown").hasClass("show")&&e!==r(this).siblings()[0]&&r(this).siblings().trigger("click")}))}(jQuery);const minVersionRedoc="4.0",useApiRedoc=0<=compareVersion(DOCUMENTATION_OPTIONS.VERSION,minVersionRedoc),newTabNodes=["user-manual/api/reference","cloud-service/apis/reference"];let oursHost=["documentation.wazuh.com"];function compareVersion(r,n){let o=!1;if("string"==typeof r&&"string"==typeof n){let e=r.split("."),t=n.split(".");2<=e.length&&2<=t.length&&(e=e.map(e=>parseInt(e)),t=t.map(e=>parseInt(e)),o=e[0]>t[0]?1:e[0]t[1]?1:e[1] :header:first").each(function(){$('').attr("href","#"+this.id).attr("title",_("Permalink to this headline")).appendTo(this)}),$("dt[id]").each(function(){$('').attr("href","#"+this.id).attr("title",_("Permalink to this definition")).appendTo(this)})},fixFirefoxAnchorBug:function(){document.location.hash&&$.browser.mozilla&&window.setTimeout(function(){document.location.href+=""},10)},highlightSearchWords:function(){var e,t=$.getQueryParameters(),r=t.highlight?t.highlight[0].replace(/"/g,"").split(/\s+/):[];r.length&&((e=$("main > .section")).length||(e=$("body")),window.setTimeout(function(){$.each(r,function(){e.highlightText(this.toLowerCase(),"highlighted")})},10),$('

'+_("Hide Search Matches")+"

").appendTo($("#searchbox")))},initIndexTable:function(){var e=$("img.toggler").click(function(){var e=$(this).attr("src"),t=$(this).attr("id").substr(7);$("tr.cg-"+t).toggle(),"minus.png"===e.substr(-9)?$(this).attr("src",e.substr(0,e.length-9)+"plus.png"):$(this).attr("src",e.substr(0,e.length-8)+"minus.png")}).css("display","");DOCUMENTATION_OPTIONS.COLLAPSE_INDEX&&e.click()},hideSearchWords:function(){$("#searchbox .highlight-link").fadeOut(300),$("span.highlighted").removeClass("highlighted")},makeURL:function(e){return DOCUMENTATION_OPTIONS.URL_ROOT+"/"+e},getCurrentURL:function(){var e=document.location.pathname,t=e.split(/\//),r=($.each(DOCUMENTATION_OPTIONS.URL_ROOT.split(/\//),function(){".."===this&&t.pop()}),t.join("/"));return e.substring(r.lastIndexOf("/")+1,e.length-1)},initOnKeyListeners:function(){$(document).keydown(function(e){var t=document.activeElement.tagName;if(!("TEXTAREA"===t||"INPUT"===t||"SELECT"===t||e.altKey||e.ctrlKey||e.metaKey||e.shiftKey))switch(e.keyCode){case 37:var r=$('link[rel="prev"]').prop("href");if(r)return window.location.href=r,!1;case 39:r=$('link[rel="next"]').prop("href");if(r)return window.location.href=r,!1}})}};function checkEncodeURI(e){return/\%/i.test(e)}if(_=Documentation.gettext,$(document).ready(function(){Documentation.init()}),jQuery(function(d){const f=DOCUMENTATION_OPTIONS.VERSION,p="undefined"==typeof versions?[]:versions;o=d("#version-selector .current"),s=DOCUMENTATION_OPTIONS.VERSION,0=parseInt(T))&&delete a[r]}return a}(h,f,i,newUrls,redirections,removedUrls);h=h.reverse();for(let e=0;e Version "+p[e]+(0==e?" (current)":"")+"",a==p[0]&&d(".no-latest-notice .link-latest").attr("href",l);return e.html(o),u}function g(t){if(Array.isArray(t))return t;{let e=t.trim();return"/"==(e="#"==(e=(e=e.replace(/\/$/,"/index.html")).replace(/\/{2,}/,"/")).charAt(e.length-1)?e.substring(0,e.length-1):e).charAt(e.length-1)||/.*(\.html|#.*)$/.test(e)||(e+="/"),e=checkEncodeURI(e="/"!=e.charAt(0)?"/"+e:e)?e:encodeURI(e)}}function $(e,t){let r=-1;for(i in t)e==t[i]&&(r=i);return r}function N(e,t){var r=[];for(forId in t)if({}.hasOwnProperty.call(t,forId))for(forRelease in t[forId])"target"!=forRelease&&e==t[forId][forRelease]&&r.push(t[forId]);return r}function I(e,t,r){for(var n=[],o=t;o.length;){var i,s,a,l=o.pop();for(forTarget in l.target)({}).hasOwnProperty.call(l.target,forTarget)&&(i=l.target[forTarget].split("=>"),s=parseInt($(i[0],r)),a=parseInt($(i[1],r)),e.page==l[i[0]])&&("toBottom"!=e.direction&&s=s&&n.push({release:i[1],direction:"toBottom",url:l[i[1]]})}return n}function R(e,t,r,n){var o,s=[];for(forVersions in n)({}).hasOwnProperty.call(n,forVersions)&&(forVersions=parseInt(forVersions),"toBottom"==e&&forVersionse&&null!=r[t[i]]&&-1==n&&(n=i);return n}(forVersions,n,t))&&(s[n[forVersions]]=t[n[o]]):s[n[forVersions]]=t[n[forVersions]]),"toTop"==e)&&forVersions>=r&&(null==t[n[forVersions]]?0!=forVersions&&-1!=(o=function(e,t,r){let n=-1;for(i in t)({}).hasOwnProperty.call(t,i)&&(i=parseInt(i))>=e&&null!=r[t[i-1]]&&-1==n&&(n=i-1);return n}(forVersions,n,s))&&(s[n[forVersions]]=s[n[o]]):s[n[forVersions]]=t[n[forVersions]]);return s}e==p[0]&&(e="current"),document.querySelector("link[rel='canonical']")||((s=document.createElement("link")).setAttribute("rel","canonical"),s.setAttribute("href",document.location.protocol+"//"+document.location.host+"/"+e+a),document.head.appendChild(s)),d('#version-selector [data-toggle="tooltip"]').tooltip({container:"header"})}),$("#version-selector a.disable").click(function(e){return e.preventDefault(),e.stopPropagation(),!1}),0<$("#global-toc").length){function completelyHideMenuItems(){$("#global-toc li ul").each(function(){$(this).closest("li").hasClass("show")?(this.hidden=!1,$(this).slideDown(300)):$(this).slideUp(300,function(){this.hidden=!0})})}$("#global-toc .toctree-l1 a").each(function(e){$(this).siblings("ul").length&&($(this).closest("li").addClass("toc-toggle"),$(this).append($('')))}),$("#global-toc .current-toc-node").each(function(){$(this).on("click",function(e){e.preventDefault(),$("html, body").animate({scrollTop:0},"500")})}),$("#global-toc a .toc-toggle-btn").on("click",function(e){return $("#global-toc a .toc-toggle-btn .sr-only").text("Expand submenu"),$(this).find(".sr-only").text("Close submenu"),!(li=$(e.target).closest("li"))||0==li.children("ul").length||(e.stopPropagation(),e.preventDefault(),li.hasClass("show")?li.removeClass("show"):(li.siblings("li").removeClass("show"),li.addClass("show")),li.parents().hasClass("show")||$(".globaltoc li.show").addClass("show"),$(".globaltoc li.initial").removeClass("initial"),completelyHideMenuItems(),!1)}),emptyTocNodes&&(markTocNodesWithClass(emptyTocNodes,"empty-toc-node","#global-toc"),$("#global-toc .current-toc-node").addClass("empty-toc-node")),$("#global-toc .empty-toc-node").each(function(){$(this).on("click",function(e){e.preventDefault(),$(this).find(".toc-toggle-btn").click()})}),useApiRedoc&&(markTocNodesWithClass(newTabNodes,"js-new-tab",""),$(".js-new-tab").attr("target","_blank"));const Jb=["Install Wazuh manager on Linux","Install Wazuh agent on Linux"].map(function(e){return e.toLowerCase()});function hideSubtree(e){$("#global-toc a").each(function(){-1!==jQuery.inArray($(this).text().toLowerCase(),e)&&($(this).siblings().hide(),$(this).children("button").hide())})}hideSubtree(Jb)} +if($(document).ready(function(){if(window.matchMedia){let o=$('head > link[rel="icon"][media]');$.each(o,function(e,t){const r=window.matchMedia(t.media);function n(){r.matches&&(o.remove(),o=$(t).appendTo("head"))}r.addListener(n),n()})}}),"undefined"==typeof versions){const versions=[]}!function(r){window.matchMedia("(hover: hover)").matches&&(r(".navbar-nav .dropdown-toggle").on("mouseenter",function(e){r(this).closest(".dropdown").hasClass("show")||(e.stopPropagation(),r(this).trigger("click"))}),r(".navbar-nav .dropdown-toggle").on("mouseleave",function(e){var t=e.toElement||e.relatedTarget;r(this).closest(".dropdown").hasClass("show")&&t!==r(this).siblings()[0]&&(e.stopPropagation(),r(this).trigger("click"))}),r(".navbar-nav .dropdown-menu").on("mouseleave",function(e){e=e.toElement||e.relatedTarget;r(this).closest(".dropdown").hasClass("show")&&e!==r(this).siblings()[0]&&r(this).siblings().trigger("click")}))}(jQuery);const minVersionRedoc="4.0",useApiRedoc=0<=compareVersion(DOCUMENTATION_OPTIONS.VERSION,minVersionRedoc),newTabNodes=["user-manual/api/reference","cloud-service/apis/reference"];let oursHost=["documentation.wazuh.com"];function compareVersion(r,n){let o=!1;if("string"==typeof r&&"string"==typeof n){let e=r.split("."),t=n.split(".");2<=e.length&&2<=t.length&&(e=e.map(e=>parseInt(e)),t=t.map(e=>parseInt(e)),o=e[0]>t[0]?1:e[0]t[1]?1:e[1] :header:first").each(function(){$('').attr("href","#"+this.id).attr("title",_("Permalink to this headline")).appendTo(this)}),$("dt[id]").each(function(){$('').attr("href","#"+this.id).attr("title",_("Permalink to this definition")).appendTo(this)})},fixFirefoxAnchorBug:function(){document.location.hash&&$.browser.mozilla&&window.setTimeout(function(){document.location.href+=""},10)},highlightSearchWords:function(){var e,t=$.getQueryParameters(),r=t.highlight?t.highlight[0].replace(/"/g,"").split(/\s+/):[];r.length&&((e=$("main > .section")).length||(e=$("body")),window.setTimeout(function(){$.each(r,function(){e.highlightText(this.toLowerCase(),"highlighted")})},10),$('

'+_("Hide Search Matches")+"

").appendTo($("#searchbox")))},initIndexTable:function(){var e=$("img.toggler").click(function(){var e=$(this).attr("src"),t=$(this).attr("id").substr(7);$("tr.cg-"+t).toggle(),"minus.png"===e.substr(-9)?$(this).attr("src",e.substr(0,e.length-9)+"plus.png"):$(this).attr("src",e.substr(0,e.length-8)+"minus.png")}).css("display","");DOCUMENTATION_OPTIONS.COLLAPSE_INDEX&&e.click()},hideSearchWords:function(){$("#searchbox .highlight-link").fadeOut(300),$("span.highlighted").removeClass("highlighted")},makeURL:function(e){return DOCUMENTATION_OPTIONS.URL_ROOT+"/"+e},getCurrentURL:function(){var e=document.location.pathname,t=e.split(/\//),r=($.each(DOCUMENTATION_OPTIONS.URL_ROOT.split(/\//),function(){".."===this&&t.pop()}),t.join("/"));return e.substring(r.lastIndexOf("/")+1,e.length-1)},initOnKeyListeners:function(){$(document).keydown(function(e){var t=document.activeElement.tagName;if(!("TEXTAREA"===t||"INPUT"===t||"SELECT"===t||e.altKey||e.ctrlKey||e.metaKey||e.shiftKey))switch(e.keyCode){case 37:var r=$('link[rel="prev"]').prop("href");if(r)return window.location.href=r,!1;case 39:r=$('link[rel="next"]').prop("href");if(r)return window.location.href=r,!1}})}};function checkEncodeURI(e){return/\%/i.test(e)}if(_=Documentation.gettext,$(document).ready(function(){Documentation.init()}),jQuery(function(d){const f=DOCUMENTATION_OPTIONS.VERSION,p="undefined"==typeof versions?[]:versions;o=d("#version-selector .current"),s=DOCUMENTATION_OPTIONS.VERSION,0=parseInt(T))&&delete a[r]}return a}(h,f,i,newUrls,redirections,removedUrls);h=h.reverse();for(let e=0;e Version "+p[e]+(0==e?" (current)":"")+"",a==p[0]&&d(".no-latest-notice .link-latest").attr("href",l);return e.html(o),u}function g(t){if(Array.isArray(t))return t;{let e=t.trim();return"/"==(e="#"==(e=(e=e.replace(/\/$/,"/index.html")).replace(/\/{2,}/,"/")).charAt(e.length-1)?e.substring(0,e.length-1):e).charAt(e.length-1)||/.*(\.html|#.*)$/.test(e)||(e+="/"),e=checkEncodeURI(e="/"!=e.charAt(0)?"/"+e:e)?e:encodeURI(e)}}function $(e,t){let r=-1;for(i in t)e==t[i]&&(r=i);return r}function N(e,t){var r=[];for(forId in t)if({}.hasOwnProperty.call(t,forId))for(forRelease in t[forId])"target"!=forRelease&&e==t[forId][forRelease]&&r.push(t[forId]);return r}function I(e,t,r){for(var n=[],o=t;o.length;){var i,s,a,l=o.pop();for(forTarget in l.target)({}).hasOwnProperty.call(l.target,forTarget)&&(i=l.target[forTarget].split("=>"),s=parseInt($(i[0],r)),a=parseInt($(i[1],r)),e.page==l[i[0]])&&("toBottom"!=e.direction&&s=s&&n.push({release:i[1],direction:"toBottom",url:l[i[1]]})}return n}function R(e,t,r,n){var o,s=[];for(forVersions in n)({}).hasOwnProperty.call(n,forVersions)&&(forVersions=parseInt(forVersions),"toBottom"==e&&forVersionse&&null!=r[t[i]]&&-1==n&&(n=i);return n}(forVersions,n,t))&&(s[n[forVersions]]=t[n[o]]):s[n[forVersions]]=t[n[forVersions]]),"toTop"==e)&&forVersions>=r&&(null==t[n[forVersions]]?0!=forVersions&&-1!=(o=function(e,t,r){let n=-1;for(i in t)({}).hasOwnProperty.call(t,i)&&(i=parseInt(i))>=e&&null!=r[t[i-1]]&&-1==n&&(n=i-1);return n}(forVersions,n,s))&&(s[n[forVersions]]=s[n[o]]):s[n[forVersions]]=t[n[forVersions]]);return s}e==p[0]&&(e="current"),document.querySelector("link[rel='canonical']")||((s=document.createElement("link")).setAttribute("rel","canonical"),s.setAttribute("href",document.location.protocol+"//"+document.location.host+"/"+e+a),document.head.appendChild(s)),d('#version-selector [data-toggle="tooltip"]').tooltip({container:"header"})}),$("#version-selector a.disable").click(function(e){return e.preventDefault(),e.stopPropagation(),!1}),0<$("#global-toc").length){function completelyHideMenuItems(){$("#global-toc li ul").each(function(){$(this).closest("li").hasClass("show")?(this.hidden=!1,$(this).slideDown(300)):$(this).slideUp(300,function(){this.hidden=!0})})}$("#global-toc .toctree-l1 a").each(function(e){$(this).siblings("ul").length&&($(this).closest("li").addClass("toc-toggle"),$(this).append($('')))}),$("#global-toc .current-toc-node").each(function(){$(this).on("click",function(e){e.preventDefault(),$("html, body").animate({scrollTop:0},"500")})}),$("#global-toc a .toc-toggle-btn").on("click",function(e){return $("#global-toc a .toc-toggle-btn .sr-only").text("Expand submenu"),$(this).find(".sr-only").text("Close submenu"),!(li=$(e.target).closest("li"))||0==li.children("ul").length||(e.stopPropagation(),e.preventDefault(),li.hasClass("show")?li.removeClass("show"):(li.siblings("li").removeClass("show"),li.addClass("show")),li.parents().hasClass("show")||$(".globaltoc li.show").addClass("show"),$(".globaltoc li.initial").removeClass("initial"),completelyHideMenuItems(),!1)}),emptyTocNodes&&(markTocNodesWithClass(emptyTocNodes,"empty-toc-node","#global-toc"),$("#global-toc .current-toc-node").addClass("empty-toc-node")),$("#global-toc .empty-toc-node").each(function(){$(this).on("click",function(e){e.preventDefault(),$(this).find(".toc-toggle-btn").click()})}),useApiRedoc&&(markTocNodesWithClass(newTabNodes,"js-new-tab",""),$(".js-new-tab").attr("target","_blank"));const Jb=["Install Wazuh manager on Linux","Install Wazuh agent on Linux"].map(function(e){return e.toLowerCase()});function hideSubtree(e){$("#global-toc a").each(function(){-1!==jQuery.inArray($(this).text().toLowerCase(),e)&&($(this).siblings().hide(),$(this).children("button").hide())})}hideSubtree(Jb)} //# sourceMappingURL=not-found.min.js.map \ No newline at end of file diff --git a/source/_themes/wazuh_doc_theme_v3/static/js/min/search-results.min.js b/source/_themes/wazuh_doc_theme_v3/static/js/min/search-results.min.js index 243f295c49..defa3136fc 100644 --- a/source/_themes/wazuh_doc_theme_v3/static/js/min/search-results.min.js +++ b/source/_themes/wazuh_doc_theme_v3/static/js/min/search-results.min.js @@ -1,2 +1,2 @@ -if($(document).ready(function(){if(window.matchMedia){let o=$('head > link[rel="icon"][media]');$.each(o,function(e,t){const r=window.matchMedia(t.media);function n(){r.matches&&(o.remove(),o=$(t).appendTo("head"))}r.addListener(n),n()})}}),"undefined"==typeof versions){const versions=[]}!function(r){window.matchMedia("(hover: hover)").matches&&(r(".navbar-nav .dropdown-toggle").on("mouseenter",function(e){r(this).closest(".dropdown").hasClass("show")||(e.stopPropagation(),r(this).trigger("click"))}),r(".navbar-nav .dropdown-toggle").on("mouseleave",function(e){var t=e.toElement||e.relatedTarget;console.log(t),r(this).closest(".dropdown").hasClass("show")&&t!==r(this).siblings()[0]&&(e.stopPropagation(),r(this).trigger("click"))}),r(".navbar-nav .dropdown-menu").on("mouseleave",function(e){e=e.toElement||e.relatedTarget;console.log("submenu",e),r(this).closest(".dropdown").hasClass("show")&&e!==r(this).siblings()[0]&&r(this).siblings().trigger("click")}))}(jQuery);const minVersionRedoc="4.0",useApiRedoc=0<=compareVersion(DOCUMENTATION_OPTIONS.VERSION,minVersionRedoc),newTabNodes=["user-manual/api/reference","cloud-service/apis/reference"];let oursHost=["documentation.wazuh.com"];function compareVersion(r,n){let o=!1;if("string"==typeof r&&"string"==typeof n){let e=r.split("."),t=n.split(".");2<=e.length&&2<=t.length&&(e=e.map(e=>parseInt(e)),t=t.map(e=>parseInt(e)),o=e[0]>t[0]?1:e[0]t[1]?1:e[1]=parseInt(y))&&delete a[r]}return a}(h,p,s,newUrls,redirections,removedUrls);h=h.reverse();for(let e=0;e Version "+f[e]+(0==e?" (current)":"")+"",a==f[0]&&u(".no-latest-notice .link-latest").attr("href",i);return e.html(o),d}function g(t){if(Array.isArray(t))return t;{let e=t.trim();return"/"==(e="#"==(e=(e=e.replace(/\/$/,"/index.html")).replace(/\/{2,}/,"/")).charAt(e.length-1)?e.substring(0,e.length-1):e).charAt(e.length-1)||/.*(\.html|#.*)$/.test(e)||(e+="/"),e=checkEncodeURI(e="/"!=e.charAt(0)?"/"+e:e)?e:encodeURI(e)}}function T(e,t){let r=-1;for(i in t)e==t[i]&&(r=i);return r}function I(e,t){var r=[];for(forId in t)if({}.hasOwnProperty.call(t,forId))for(forRelease in t[forId])"target"!=forRelease&&e==t[forId][forRelease]&&r.push(t[forId]);return r}function N(e,t,r){for(var n=[],o=t;o.length;){var s,l,a,i=o.pop();for(forTarget in i.target)({}).hasOwnProperty.call(i.target,forTarget)&&(s=i.target[forTarget].split("=>"),l=parseInt(T(s[0],r)),a=parseInt(T(s[1],r)),e.page==i[s[0]])&&("toBottom"!=e.direction&&l=l&&n.push({release:s[1],direction:"toBottom",url:i[s[1]]})}return n}function R(e,t,r,n){var o,s=[];for(forVersions in n)({}).hasOwnProperty.call(n,forVersions)&&(forVersions=parseInt(forVersions),"toBottom"==e&&forVersionse&&null!=r[t[i]]&&-1==n&&(n=i);return n}(forVersions,n,t))&&(s[n[forVersions]]=t[n[o]]):s[n[forVersions]]=t[n[forVersions]]),"toTop"==e)&&forVersions>=r&&(null==t[n[forVersions]]?0!=forVersions&&-1!=(o=function(e,t,r){let n=-1;for(i in t)({}).hasOwnProperty.call(t,i)&&(i=parseInt(i))>=e&&null!=r[t[i-1]]&&-1==n&&(n=i-1);return n}(forVersions,n,s))&&(s[n[forVersions]]=s[n[o]]):s[n[forVersions]]=t[n[forVersions]]);return s}e==f[0]&&(e="current"),document.querySelector("link[rel='canonical']")||((s=document.createElement("link")).setAttribute("rel","canonical"),s.setAttribute("href",document.location.protocol+"//"+document.location.host+"/"+e+l),document.head.appendChild(s)),u('#version-selector [data-toggle="tooltip"]').tooltip({container:"header"})}),$("#version-selector a.disable").click(function(e){return e.preventDefault(),e.stopPropagation(),!1}),0<$("#global-toc").length){function completelyHideMenuItems(){$("#global-toc li ul").each(function(){$(this).closest("li").hasClass("show")?(this.hidden=!1,$(this).slideDown(300)):$(this).slideUp(300,function(){this.hidden=!0})})}$("#global-toc .toctree-l1 a").each(function(e){$(this).siblings("ul").length&&($(this).closest("li").addClass("toc-toggle"),$(this).append($('')))}),$("#global-toc .current-toc-node").each(function(){$(this).on("click",function(e){e.preventDefault(),$("html, body").animate({scrollTop:0},"500")})}),$("#global-toc a .toc-toggle-btn").on("click",function(e){return $("#global-toc a .toc-toggle-btn .sr-only").text("Expand submenu"),$(this).find(".sr-only").text("Close submenu"),!(li=$(e.target).closest("li"))||0==li.children("ul").length||(e.stopPropagation(),e.preventDefault(),li.hasClass("show")?li.removeClass("show"):(li.siblings("li").removeClass("show"),li.addClass("show")),li.parents().hasClass("show")||$(".globaltoc li.show").addClass("show"),$(".globaltoc li.initial").removeClass("initial"),completelyHideMenuItems(),!1)}),emptyTocNodes&&(markTocNodesWithClass(emptyTocNodes,"empty-toc-node","#global-toc"),$("#global-toc .current-toc-node").addClass("empty-toc-node")),$("#global-toc .empty-toc-node").each(function(){$(this).on("click",function(e){e.preventDefault(),$(this).find(".toc-toggle-btn").click()})}),useApiRedoc&&(markTocNodesWithClass(newTabNodes,"js-new-tab",""),$(".js-new-tab").attr("target","_blank"));const Q0=["Install Wazuh manager on Linux","Install Wazuh agent on Linux"].map(function(e){return e.toLowerCase()});function hideSubtree(e){$("#global-toc a").each(function(){-1!==jQuery.inArray($(this).text().toLowerCase(),e)&&($(this).siblings().hide(),$(this).children("button").hide())})}hideSubtree(Q0)}const excludedSearchFolders=["release-notes"],pagefindUrl="file:"===location.protocol?"":location.href.split("search.html")[0]+"_pagefind/pagefind.js";if($(".search")){const X0=new URLSearchParams(window.location.search),Y0="#search-results";function loadSphinxSearch(){getScript(DOCUMENTATION_OPTIONS.URL_ROOT+"_static/js/min/sphinx-search-ui.min.js"),getScript(DOCUMENTATION_OPTIONS.URL_ROOT+"searchindex.js")}function getScript(e){(loadScript=document.createElement("SCRIPT")).setAttribute("charset","utf-8"),loadScript.setAttribute("type","text/javascript"),loadScript.setAttribute("src",e),document.getElementsByTagName("head")[0].appendChild(loadScript)}pagefindUrl.length?fetch(pagefindUrl,{method:"HEAD"}).then(e=>{if(200!==e.status||!0===e.redirected)loadSphinxSearch();else{window.pagefind=import(pagefindUrl);let s,f=0;pagefind.then(function(e){const t=e.search,o=X0.get("q");if("string"==typeof o){let p="?highlight="+o;function r(h){s=h.length;var e=$(Y0),t=document.createElement("h1");$(t).text("Search results for: "),$('').appendTo(t).text(o),e.append(t);const r=$('').appendTo(e),d=$('
    ').appendTo(e);r.fadeIn(500);var n=[];const u=location.href.split("search.html")[0].split(location.host)[1];for(let c=0;c{let r=$('
  • ');let t="";path=""==u||"/"==u?e.url.substring(1):e.url.split(u)[1],t=path,"/"==(t="./"!==DOCUMENTATION_OPTIONS.URL_ROOT?DOCUMENTATION_OPTIONS.URL_ROOT+path:t)[t.length-1]&&(t+="index.html");for(var n,o=createResultBreadcrumb(n=$("").attr("href",t+p).text(e.meta.title).addClass("result-link")),s=h[c].excerpt_range,l=h[c].words,a=_.escape(e.content).split(" "),i=0;i"+a[l[i]]+"";e=0").addClass("context").html(e);r.append(n),r.append(o),r.append(s),$.each(excludedSearchFolders,function(e,t){if(path.includes(t+"/"))return f++,r.addClass("excluded-search-result"),r.addClass("hidden-result"),!1}),d.append(r),r.hasClass("hidden-result")||r.fadeIn(100)}));Promise.allSettled(n).then(([])=>{updateSearchStatus(r,s,f)})}0===(e=o).length?r([],Y0):t(e).then(e=>e.results).then(e=>r(e,Y0))}})}}):loadSphinxSearch()}function createResultBreadcrumb(e){const t=[];let r=e.attr("href").split("?")[0],n=$("#global-toc").find('[href="'+r+'"]');0===n.length&&"/"===r.substring(r.length-1)&&(r+="index.html",n=$("#global-toc").find('[href="'+r+'"]')),n.parents("li").each(function(){tocNodeLink=$(this).find(">a"),t.push({url:tocNodeLink.attr("href"),text:tocNodeLink.contents()[0].nodeValue})});var o=$(document.createElement("span")),s=(o.addClass("breadcrumb-separator").attr("aria-hidden","true"),$(document.createElement("nav")));s.addClass("breadcrumbs");for(let e=0;ePlease make sure that all words are spelled correctly.

    ").appendTo(t);else{let e="";e=0'+(r-n)+' page(s) matching the search query.     Include Release Notes results':'Found '+r+" page(s) matching the search query.",t.html(e)}}$(document).delegate("#search-results #toggle-results.include","click",function(){var e=$(this),t=$("ul.search li.excluded-search-result");e.text(e.text().replace("Include","Exclude")),e.removeClass("include").addClass("exclude"),$("#search-results #n-results").text($("ul.search li").length),t.each(function(e){(currentResult=$(this)).hide(0,function(){$(this).removeClass("hidden-result")}),currentResult.show("fast")})}),$(document).delegate("#search-results #toggle-results.exclude","click",function(){var e=$(this),t=$("ul.search li.excluded-search-result");e.text(e.text().replace("Exclude","Include")),e.removeClass("exclude").addClass("include"),$("#search-results #n-results").text($("ul.search li").length-t.length),t.each(function(e){(currentResult=$(this)).hide("normal",function(){$(this).addClass("hidden-result")})})}); +if($(document).ready(function(){if(window.matchMedia){let o=$('head > link[rel="icon"][media]');$.each(o,function(e,t){const r=window.matchMedia(t.media);function n(){r.matches&&(o.remove(),o=$(t).appendTo("head"))}r.addListener(n),n()})}}),"undefined"==typeof versions){const versions=[]}!function(r){window.matchMedia("(hover: hover)").matches&&(r(".navbar-nav .dropdown-toggle").on("mouseenter",function(e){r(this).closest(".dropdown").hasClass("show")||(e.stopPropagation(),r(this).trigger("click"))}),r(".navbar-nav .dropdown-toggle").on("mouseleave",function(e){var t=e.toElement||e.relatedTarget;r(this).closest(".dropdown").hasClass("show")&&t!==r(this).siblings()[0]&&(e.stopPropagation(),r(this).trigger("click"))}),r(".navbar-nav .dropdown-menu").on("mouseleave",function(e){e=e.toElement||e.relatedTarget;r(this).closest(".dropdown").hasClass("show")&&e!==r(this).siblings()[0]&&r(this).siblings().trigger("click")}))}(jQuery);const minVersionRedoc="4.0",useApiRedoc=0<=compareVersion(DOCUMENTATION_OPTIONS.VERSION,minVersionRedoc),newTabNodes=["user-manual/api/reference","cloud-service/apis/reference"];let oursHost=["documentation.wazuh.com"];function compareVersion(r,n){let o=!1;if("string"==typeof r&&"string"==typeof n){let e=r.split("."),t=n.split(".");2<=e.length&&2<=t.length&&(e=e.map(e=>parseInt(e)),t=t.map(e=>parseInt(e)),o=e[0]>t[0]?1:e[0]t[1]?1:e[1]=parseInt(b))&&delete a[r]}return a}(h,p,s,newUrls,redirections,removedUrls);h=h.reverse();for(let e=0;e Version "+f[e]+(0==e?" (current)":"")+"",a==f[0]&&u(".no-latest-notice .link-latest").attr("href",i);return e.html(o),d}function g(t){if(Array.isArray(t))return t;{let e=t.trim();return"/"==(e="#"==(e=(e=e.replace(/\/$/,"/index.html")).replace(/\/{2,}/,"/")).charAt(e.length-1)?e.substring(0,e.length-1):e).charAt(e.length-1)||/.*(\.html|#.*)$/.test(e)||(e+="/"),e=checkEncodeURI(e="/"!=e.charAt(0)?"/"+e:e)?e:encodeURI(e)}}function T(e,t){let r=-1;for(i in t)e==t[i]&&(r=i);return r}function I(e,t){var r=[];for(forId in t)if({}.hasOwnProperty.call(t,forId))for(forRelease in t[forId])"target"!=forRelease&&e==t[forId][forRelease]&&r.push(t[forId]);return r}function N(e,t,r){for(var n=[],o=t;o.length;){var s,l,a,i=o.pop();for(forTarget in i.target)({}).hasOwnProperty.call(i.target,forTarget)&&(s=i.target[forTarget].split("=>"),l=parseInt(T(s[0],r)),a=parseInt(T(s[1],r)),e.page==i[s[0]])&&("toBottom"!=e.direction&&l=l&&n.push({release:s[1],direction:"toBottom",url:i[s[1]]})}return n}function R(e,t,r,n){var o,s=[];for(forVersions in n)({}).hasOwnProperty.call(n,forVersions)&&(forVersions=parseInt(forVersions),"toBottom"==e&&forVersionse&&null!=r[t[i]]&&-1==n&&(n=i);return n}(forVersions,n,t))&&(s[n[forVersions]]=t[n[o]]):s[n[forVersions]]=t[n[forVersions]]),"toTop"==e)&&forVersions>=r&&(null==t[n[forVersions]]?0!=forVersions&&-1!=(o=function(e,t,r){let n=-1;for(i in t)({}).hasOwnProperty.call(t,i)&&(i=parseInt(i))>=e&&null!=r[t[i-1]]&&-1==n&&(n=i-1);return n}(forVersions,n,s))&&(s[n[forVersions]]=s[n[o]]):s[n[forVersions]]=t[n[forVersions]]);return s}e==f[0]&&(e="current"),document.querySelector("link[rel='canonical']")||((s=document.createElement("link")).setAttribute("rel","canonical"),s.setAttribute("href",document.location.protocol+"//"+document.location.host+"/"+e+l),document.head.appendChild(s)),u('#version-selector [data-toggle="tooltip"]').tooltip({container:"header"})}),$("#version-selector a.disable").click(function(e){return e.preventDefault(),e.stopPropagation(),!1}),0<$("#global-toc").length){function completelyHideMenuItems(){$("#global-toc li ul").each(function(){$(this).closest("li").hasClass("show")?(this.hidden=!1,$(this).slideDown(300)):$(this).slideUp(300,function(){this.hidden=!0})})}$("#global-toc .toctree-l1 a").each(function(e){$(this).siblings("ul").length&&($(this).closest("li").addClass("toc-toggle"),$(this).append($('')))}),$("#global-toc .current-toc-node").each(function(){$(this).on("click",function(e){e.preventDefault(),$("html, body").animate({scrollTop:0},"500")})}),$("#global-toc a .toc-toggle-btn").on("click",function(e){return $("#global-toc a .toc-toggle-btn .sr-only").text("Expand submenu"),$(this).find(".sr-only").text("Close submenu"),!(li=$(e.target).closest("li"))||0==li.children("ul").length||(e.stopPropagation(),e.preventDefault(),li.hasClass("show")?li.removeClass("show"):(li.siblings("li").removeClass("show"),li.addClass("show")),li.parents().hasClass("show")||$(".globaltoc li.show").addClass("show"),$(".globaltoc li.initial").removeClass("initial"),completelyHideMenuItems(),!1)}),emptyTocNodes&&(markTocNodesWithClass(emptyTocNodes,"empty-toc-node","#global-toc"),$("#global-toc .current-toc-node").addClass("empty-toc-node")),$("#global-toc .empty-toc-node").each(function(){$(this).on("click",function(e){e.preventDefault(),$(this).find(".toc-toggle-btn").click()})}),useApiRedoc&&(markTocNodesWithClass(newTabNodes,"js-new-tab",""),$(".js-new-tab").attr("target","_blank"));const Q0=["Install Wazuh manager on Linux","Install Wazuh agent on Linux"].map(function(e){return e.toLowerCase()});function hideSubtree(e){$("#global-toc a").each(function(){-1!==jQuery.inArray($(this).text().toLowerCase(),e)&&($(this).siblings().hide(),$(this).children("button").hide())})}hideSubtree(Q0)}const excludedSearchFolders=["release-notes"],pagefindUrl="file:"===location.protocol?"":location.href.split("search.html")[0]+"_pagefind/pagefind.js";if($(".search")){const X0=new URLSearchParams(window.location.search),Y0="#search-results";function loadSphinxSearch(){getScript(DOCUMENTATION_OPTIONS.URL_ROOT+"_static/js/min/sphinx-search-ui.min.js"),getScript(DOCUMENTATION_OPTIONS.URL_ROOT+"searchindex.js")}function getScript(e){(loadScript=document.createElement("SCRIPT")).setAttribute("charset","utf-8"),loadScript.setAttribute("type","text/javascript"),loadScript.setAttribute("src",e),document.getElementsByTagName("head")[0].appendChild(loadScript)}pagefindUrl.length?fetch(pagefindUrl,{method:"HEAD"}).then(e=>{if(200!==e.status||!0===e.redirected)loadSphinxSearch();else{window.pagefind=import(pagefindUrl);let s,f=0;pagefind.then(function(e){const t=e.search,o=X0.get("q");if("string"==typeof o){let p="?highlight="+o;function r(h){s=h.length;var e=$(Y0),t=document.createElement("h1");$(t).text("Search results for: "),$('').appendTo(t).text(o),e.append(t);const r=$('').appendTo(e),d=$('
      ').appendTo(e);r.fadeIn(500);var n=[];const u=location.href.split("search.html")[0].split(location.host)[1];for(let c=0;c{let r=$('
    • ');let t="";path=""==u||"/"==u?e.url.substring(1):e.url.split(u)[1],t=path,"/"==(t="./"!==DOCUMENTATION_OPTIONS.URL_ROOT?DOCUMENTATION_OPTIONS.URL_ROOT+path:t)[t.length-1]&&(t+="index.html");for(var n,o=createResultBreadcrumb(n=$("").attr("href",t+p).text(e.meta.title).addClass("result-link")),s=h[c].excerpt_range,l=h[c].words,a=_.escape(e.content).split(" "),i=0;i"+a[l[i]]+"";e=0").addClass("context").html(e);r.append(n),r.append(o),r.append(s),$.each(excludedSearchFolders,function(e,t){if(path.includes(t+"/"))return f++,r.addClass("excluded-search-result"),r.addClass("hidden-result"),!1}),d.append(r),r.hasClass("hidden-result")||r.fadeIn(100)}));Promise.allSettled(n).then(([])=>{updateSearchStatus(r,s,f)})}0===(e=o).length?r([],Y0):t(e).then(e=>e.results).then(e=>r(e,Y0))}})}}):loadSphinxSearch()}function createResultBreadcrumb(e){const t=[];let r=e.attr("href").split("?")[0],n=$("#global-toc").find('[href="'+r+'"]');0===n.length&&"/"===r.substring(r.length-1)&&(r+="index.html",n=$("#global-toc").find('[href="'+r+'"]')),n.parents("li").each(function(){tocNodeLink=$(this).find(">a"),t.push({url:tocNodeLink.attr("href"),text:tocNodeLink.contents()[0].nodeValue})});var o=$(document.createElement("span")),s=(o.addClass("breadcrumb-separator").attr("aria-hidden","true"),$(document.createElement("nav")));s.addClass("breadcrumbs");for(let e=0;ePlease make sure that all words are spelled correctly.

      ").appendTo(t);else{let e="";e=0'+(r-n)+' page(s) matching the search query.       Include Release Notes results':'Found '+r+" page(s) matching the search query.",t.html(e)}}$(document).delegate("#search-results #toggle-results.include","click",function(){var e=$(this),t=$("ul.search li.excluded-search-result");e.text(e.text().replace("Include","Exclude")),e.removeClass("include").addClass("exclude"),$("#search-results #n-results").text($("ul.search li").length),t.each(function(e){(currentResult=$(this)).hide(0,function(){$(this).removeClass("hidden-result")}),currentResult.show("fast")})}),$(document).delegate("#search-results #toggle-results.exclude","click",function(){var e=$(this),t=$("ul.search li.excluded-search-result");e.text(e.text().replace("Exclude","Include")),e.removeClass("exclude").addClass("include"),$("#search-results #n-results").text($("ul.search li").length-t.length),t.each(function(e){(currentResult=$(this)).hide("normal",function(){$(this).addClass("hidden-result")})})}); //# sourceMappingURL=search-results.min.js.map \ No newline at end of file diff --git a/source/_themes/wazuh_doc_theme_v3/static/js/min/wazuh-documentation.min.js b/source/_themes/wazuh_doc_theme_v3/static/js/min/wazuh-documentation.min.js index c535e3fdd0..c26b2a40b3 100644 --- a/source/_themes/wazuh_doc_theme_v3/static/js/min/wazuh-documentation.min.js +++ b/source/_themes/wazuh_doc_theme_v3/static/js/min/wazuh-documentation.min.js @@ -1,2 +1,2 @@ -if($(document).ready(function(){if(window.matchMedia){let r=$('head > link[rel="icon"][media]');$.each(r,function(e,t){const n=window.matchMedia(t.media);function o(){n.matches&&(r.remove(),r=$(t).appendTo("head"))}n.addListener(o),o()})}}),"undefined"==typeof versions){const versions=[]}!function(n){window.matchMedia("(hover: hover)").matches&&(n(".navbar-nav .dropdown-toggle").on("mouseenter",function(e){n(this).closest(".dropdown").hasClass("show")||(e.stopPropagation(),n(this).trigger("click"))}),n(".navbar-nav .dropdown-toggle").on("mouseleave",function(e){var t=e.toElement||e.relatedTarget;console.log(t),n(this).closest(".dropdown").hasClass("show")&&t!==n(this).siblings()[0]&&(e.stopPropagation(),n(this).trigger("click"))}),n(".navbar-nav .dropdown-menu").on("mouseleave",function(e){e=e.toElement||e.relatedTarget;console.log("submenu",e),n(this).closest(".dropdown").hasClass("show")&&e!==n(this).siblings()[0]&&n(this).siblings().trigger("click")}))}(jQuery);const minVersionRedoc="4.0",useApiRedoc=0<=compareVersion(DOCUMENTATION_OPTIONS.VERSION,minVersionRedoc),newTabNodes=["user-manual/api/reference","cloud-service/apis/reference"];let oursHost=["documentation.wazuh.com"];function compareVersion(n,o){let r=!1;if("string"==typeof n&&"string"==typeof o){let e=n.split("."),t=o.split(".");2<=e.length&&2<=t.length&&(e=e.map(e=>parseInt(e)),t=t.map(e=>parseInt(e)),r=e[0]>t[0]?1:e[0]t[1]?1:e[1] :header:first").each(function(){$('').attr("href","#"+this.id).attr("title",_("Permalink to this headline")).appendTo(this)}),$("dt[id]").each(function(){$('').attr("href","#"+this.id).attr("title",_("Permalink to this definition")).appendTo(this)})},fixFirefoxAnchorBug:function(){document.location.hash&&$.browser.mozilla&&window.setTimeout(function(){document.location.href+=""},10)},highlightSearchWords:function(){var e,t=$.getQueryParameters(),n=t.highlight?t.highlight[0].replace(/"/g,"").split(/\s+/):[];n.length&&((e=$("main > .section")).length||(e=$("body")),window.setTimeout(function(){$.each(n,function(){e.highlightText(this.toLowerCase(),"highlighted")})},10),$('

      '+_("Hide Search Matches")+"

      ").appendTo($("#searchbox")))},initIndexTable:function(){var e=$("img.toggler").click(function(){var e=$(this).attr("src"),t=$(this).attr("id").substr(7);$("tr.cg-"+t).toggle(),"minus.png"===e.substr(-9)?$(this).attr("src",e.substr(0,e.length-9)+"plus.png"):$(this).attr("src",e.substr(0,e.length-8)+"minus.png")}).css("display","");DOCUMENTATION_OPTIONS.COLLAPSE_INDEX&&e.click()},hideSearchWords:function(){$("#searchbox .highlight-link").fadeOut(300),$("span.highlighted").removeClass("highlighted")},makeURL:function(e){return DOCUMENTATION_OPTIONS.URL_ROOT+"/"+e},getCurrentURL:function(){var e=document.location.pathname,t=e.split(/\//),n=($.each(DOCUMENTATION_OPTIONS.URL_ROOT.split(/\//),function(){".."===this&&t.pop()}),t.join("/"));return e.substring(n.lastIndexOf("/")+1,e.length-1)},initOnKeyListeners:function(){$(document).keydown(function(e){var t=document.activeElement.tagName;if(!("TEXTAREA"===t||"INPUT"===t||"SELECT"===t||e.altKey||e.ctrlKey||e.metaKey||e.shiftKey))switch(e.keyCode){case 37:var n=$('link[rel="prev"]').prop("href");if(n)return window.location.href=n,!1;case 39:n=$('link[rel="next"]').prop("href");if(n)return window.location.href=n,!1}})}};function checkEncodeURI(e){return/\%/i.test(e)}if(_=Documentation.gettext,$(document).ready(function(){Documentation.init()}),jQuery(function(u){const p=DOCUMENTATION_OPTIONS.VERSION,f="undefined"==typeof versions?[]:versions;o=u("#version-selector .current"),s=DOCUMENTATION_OPTIONS.VERSION,0=parseInt(O))&&delete a[r]}return a}(h,p,i,newUrls,redirections,removedUrls);h=h.reverse();for(let e=0;e Version "+f[e]+(0==e?" (current)":"")+"",a==f[0]&&u(".no-latest-notice .link-latest").attr("href",l);return e.html(o),d}function g(t){if(Array.isArray(t))return t;{let e=t.trim();return"/"==(e="#"==(e=(e=e.replace(/\/$/,"/index.html")).replace(/\/{2,}/,"/")).charAt(e.length-1)?e.substring(0,e.length-1):e).charAt(e.length-1)||/.*(\.html|#.*)$/.test(e)||(e+="/"),e=checkEncodeURI(e="/"!=e.charAt(0)?"/"+e:e)?e:encodeURI(e)}}function T(e,t){let n=-1;for(i in t)e==t[i]&&(n=i);return n}function C(e,t){var n=[];for(forId in t)if({}.hasOwnProperty.call(t,forId))for(forRelease in t[forId])"target"!=forRelease&&e==t[forId][forRelease]&&n.push(t[forId]);return n}function N(e,t,n){for(var o=[],r=t;r.length;){var i,s,a,l=r.pop();for(forTarget in l.target)({}).hasOwnProperty.call(l.target,forTarget)&&(i=l.target[forTarget].split("=>"),s=parseInt(T(i[0],n)),a=parseInt(T(i[1],n)),e.page==l[i[0]])&&("toBottom"!=e.direction&&s=s&&o.push({release:i[1],direction:"toBottom",url:l[i[1]]})}return o}function k(e,t,n,o){var r,s=[];for(forVersions in o)({}).hasOwnProperty.call(o,forVersions)&&(forVersions=parseInt(forVersions),"toBottom"==e&&forVersionse&&null!=n[t[i]]&&-1==o&&(o=i);return o}(forVersions,o,t))&&(s[o[forVersions]]=t[o[r]]):s[o[forVersions]]=t[o[forVersions]]),"toTop"==e)&&forVersions>=n&&(null==t[o[forVersions]]?0!=forVersions&&-1!=(r=function(e,t,n){let o=-1;for(i in t)({}).hasOwnProperty.call(t,i)&&(i=parseInt(i))>=e&&null!=n[t[i-1]]&&-1==o&&(o=i-1);return o}(forVersions,o,s))&&(s[o[forVersions]]=s[o[r]]):s[o[forVersions]]=t[o[forVersions]]);return s}e==f[0]&&(e="current"),document.querySelector("link[rel='canonical']")||((s=document.createElement("link")).setAttribute("rel","canonical"),s.setAttribute("href",document.location.protocol+"//"+document.location.host+"/"+e+a),document.head.appendChild(s)),u('#version-selector [data-toggle="tooltip"]').tooltip({container:"header"})}),$("#version-selector a.disable").click(function(e){return e.preventDefault(),e.stopPropagation(),!1}),0<$("#global-toc").length){function completelyHideMenuItems(){$("#global-toc li ul").each(function(){$(this).closest("li").hasClass("show")?(this.hidden=!1,$(this).slideDown(300)):$(this).slideUp(300,function(){this.hidden=!0})})}$("#global-toc .toctree-l1 a").each(function(e){$(this).siblings("ul").length&&($(this).closest("li").addClass("toc-toggle"),$(this).append($('')))}),$("#global-toc .current-toc-node").each(function(){$(this).on("click",function(e){e.preventDefault(),$("html, body").animate({scrollTop:0},"500")})}),$("#global-toc a .toc-toggle-btn").on("click",function(e){return $("#global-toc a .toc-toggle-btn .sr-only").text("Expand submenu"),$(this).find(".sr-only").text("Close submenu"),!(li=$(e.target).closest("li"))||0==li.children("ul").length||(e.stopPropagation(),e.preventDefault(),li.hasClass("show")?li.removeClass("show"):(li.siblings("li").removeClass("show"),li.addClass("show")),li.parents().hasClass("show")||$(".globaltoc li.show").addClass("show"),$(".globaltoc li.initial").removeClass("initial"),completelyHideMenuItems(),!1)}),emptyTocNodes&&(markTocNodesWithClass(emptyTocNodes,"empty-toc-node","#global-toc"),$("#global-toc .current-toc-node").addClass("empty-toc-node")),$("#global-toc .empty-toc-node").each(function(){$(this).on("click",function(e){e.preventDefault(),$(this).find(".toc-toggle-btn").click()})}),useApiRedoc&&(markTocNodesWithClass(newTabNodes,"js-new-tab",""),$(".js-new-tab").attr("target","_blank"));const b1=["Install Wazuh manager on Linux","Install Wazuh agent on Linux"].map(function(e){return e.toLowerCase()});function hideSubtree(e){$("#global-toc a").each(function(){-1!==jQuery.inArray($(this).text().toLowerCase(),e)&&($(this).siblings().hide(),$(this).children("button").hide())})}hideSubtree(b1)}if(0<$("#local-toc").length){const i1=$("#local-toc > .navbar-nav > .nav-item:first-of-type > .nav-link"),j1=$("main:first-of-type > .section:first-of-type");i1.attr("href",i1.attr("href")+j1.attr("id"))}if($("#local-toc .nav-link").on("click",function(e){e=$(e.target).attr("href"),e=$('[href="'+e+'"].headerlink').parent();e.hasClass("collapsed")&&e.click()}),0<$(".document").length){const n1=document.createElement("div");function filterCodeBlock(e,t){var n=e.clone(!0);n.find(".gp").empty();let o=n.text();n=findHeredocs(e),e=getCodeBlockType(t).toLowerCase();return o=String(o),-1===jQuery.inArray(e,["none","bash"])&&(o=(o=(o=(o=(o=(o=(o=(o=(o=(o=(o=(o=o.replace(/(^|\n)\s*(\.\s{0,1}){3}\s*($|\n)/g,"\n")).replace(/(.+]\$\s)/g,"")).replace(/(.+]\#\s)/g,"")).replace(/ansible@ansible:.+\$\s/g,"")).replace(/mysql>\s/g,"")).replace(/sqlite>\s/g,"")).replace(/Query\s.+\)\n/g,"")).replace(/.+@.+:.+(\#|\$)\s/g,"")).replace(/^>\s/g,"")).replace(/\n>\s/g,"\n")).replace(/(?:\$\s)/g,"")).replace(/\n{2,}$/g,"\n"),-1!==jQuery.inArray(e,["yaml","python","perl","powershell"])||t.is($('[class*="conf"]'))||(o=/<<[^<]/.test(o)?replacePromptOnHeredoc(o,n,e):filterPrompt(o,e))),o=o.trim()}function findHeredocs(e){e=$(e).text().split("\n");const n=[];let o=!1,r,i,s;return e.forEach((e,t)=>{o?closes(r,e.trim())&&(o=!1,(s=t-1)>i)&&n.push({start:i,finish:s}):/<<[^<]/.test(e)&&(o=!0,i=t+1,r=e.split("<<")[1].trim())}),n}function filterPrompt(e,t){return"bash"!=t&&(e=e.replace(/(?:\#\s)/g,"")),e=-1e<=n&&n<=t)||(e=filterPrompt(e,o)),r.push(e)}),r.join("\n")}function closes(e,t){return t.replace(/[-\\'"]/g,"")==e.replace(/[-\\'"]/g,"")}function copyToClipboard(e){var t=document.createElement("textarea");t.value=e,document.body.appendChild(t),t.select(),document.execCommand("copy"),document.body.removeChild(t)}n1.setAttribute("class","output-title"),n1.setAttribute("role","button"),n1.innerHTML="Output",$('[class*="highlight-"].output').each(function(){$(this).addClass("collapsible").attr("aria-expanded","false"),$(this).prepend(n1.cloneNode(!0)),$(this).hasClass("collapsed")||$(this).addClass("expanded").attr("aria-expanded","true")}),$('[class*="highlight-"].output.collapsible .output-title').on("click",function(e){const t=$(e.target).closest('[class*="highlight-"]');"false"===t.attr("aria-expanded")?(t.removeClass("collapsed").attr("aria-expanded","true"),setTimeout(function(){t.addClass("expanded")},300)):(t.removeClass("expanded").attr("aria-expanded","false"),setTimeout(function(){t.addClass("collapsed")},300))}),$(".highlight").each(function(){if($(this).parent().hasClass("escaped-tag-signs")){let n=$(this).html();const o=n.split(/\\"+gtFragments.join(">")),t!=o.length-1?n+=e+"\\<":n+=e}),$(this).html(n)}}),$(".highlight").each(function(){const o=/\s+$/g;var e=$(this),t=(e.find(".gp").each(function(){var e=$(this);let t=e.text().match(o),n="";t=t&&t[0].length-1;for(let e=0;e"+n+"").insertAfter(e),e.html(e.html().replace(o," "))}),e.html()),n=getCodeBlockType(e.parent()).toLowerCase();if(-1===jQuery.inArray(n,["none","bash"])){const i=findHeredocs(t);if(null!=t.match(/(?:\$\s|\#)/g)){n=t.split("\n");const s=[];n.forEach(function(e,n){var t=i.find(({start:e})=>e===n),o=i.find(({finish:e})=>e===n),r=i.find(({start:e,finish:t})=>e'+e:o?e+="":r||(e=e.replace(/(?:\$\s)/g,'$ ')),s.push(e)}),e.html(s.join("\n"))}}}),$(".highlight").each(function(){var e=$(this).parent();e.closest('[class*="highlight-"]').hasClass("output")||e.hasClass("no-copy")||e.prepend('')}),$(".copy-to-clipboard").click(function(){const e=$(this);copyToClipboard(filterCodeBlock($(e).parent().find(".highlight"),$(e).parent())),$(e).addClass("copied"),$(e).find("svg").css({display:"none"}).find("span").css({display:"block"}),$(e).find("span").css({display:"block"}),setTimeout(function(){$(e).removeClass("copied")},700),setTimeout(function(){$(e).find("span").css({display:"none"}),$(e).find("svg").css({display:"block"}),$(e).focus()},1e3)})}if($(".document")){const Cc="https://DOMAIN";function reponsiveTables(){$("table.docutils:not(.list-rows)").removeClass("table-responsive"),$("table.docutils:not(.list-rows)").each(function(){$(this).width()>$("main > div:first-of-type").width()&&$(this).addClass("table-responsive")})}$('[href^="'+Cc+'/"]').each(function(){var e=$(this).attr("href");$(this).attr("href",e.replace(Cc+"/",DOCUMENTATION_OPTIONS.URL_ROOT)),$(this).attr("target","_blank")}),$("main .reference.internal").each(function(){const t=this;newTabNodes.forEach(function(e){-1!==t.href.indexOf(e)&&$(t).attr("target","_blank")})}),$(".headerlink").text("Permalink to this headline"),reponsiveTables(),$("table.docutils.list-rows").each(function(){$(this).attr("role","presentation")}),$(window).on("resize",reponsiveTables)} +if($(document).ready(function(){if(window.matchMedia){let r=$('head > link[rel="icon"][media]');$.each(r,function(e,t){const n=window.matchMedia(t.media);function o(){n.matches&&(r.remove(),r=$(t).appendTo("head"))}n.addListener(o),o()})}}),"undefined"==typeof versions){const versions=[]}!function(n){window.matchMedia("(hover: hover)").matches&&(n(".navbar-nav .dropdown-toggle").on("mouseenter",function(e){n(this).closest(".dropdown").hasClass("show")||(e.stopPropagation(),n(this).trigger("click"))}),n(".navbar-nav .dropdown-toggle").on("mouseleave",function(e){var t=e.toElement||e.relatedTarget;n(this).closest(".dropdown").hasClass("show")&&t!==n(this).siblings()[0]&&(e.stopPropagation(),n(this).trigger("click"))}),n(".navbar-nav .dropdown-menu").on("mouseleave",function(e){e=e.toElement||e.relatedTarget;n(this).closest(".dropdown").hasClass("show")&&e!==n(this).siblings()[0]&&n(this).siblings().trigger("click")}))}(jQuery);const minVersionRedoc="4.0",useApiRedoc=0<=compareVersion(DOCUMENTATION_OPTIONS.VERSION,minVersionRedoc),newTabNodes=["user-manual/api/reference","cloud-service/apis/reference"];let oursHost=["documentation.wazuh.com"];function compareVersion(n,o){let r=!1;if("string"==typeof n&&"string"==typeof o){let e=n.split("."),t=o.split(".");2<=e.length&&2<=t.length&&(e=e.map(e=>parseInt(e)),t=t.map(e=>parseInt(e)),r=e[0]>t[0]?1:e[0]t[1]?1:e[1] :header:first").each(function(){$('').attr("href","#"+this.id).attr("title",_("Permalink to this headline")).appendTo(this)}),$("dt[id]").each(function(){$('').attr("href","#"+this.id).attr("title",_("Permalink to this definition")).appendTo(this)})},fixFirefoxAnchorBug:function(){document.location.hash&&$.browser.mozilla&&window.setTimeout(function(){document.location.href+=""},10)},highlightSearchWords:function(){var e,t=$.getQueryParameters(),n=t.highlight?t.highlight[0].replace(/"/g,"").split(/\s+/):[];n.length&&((e=$("main > .section")).length||(e=$("body")),window.setTimeout(function(){$.each(n,function(){e.highlightText(this.toLowerCase(),"highlighted")})},10),$('

      '+_("Hide Search Matches")+"

      ").appendTo($("#searchbox")))},initIndexTable:function(){var e=$("img.toggler").click(function(){var e=$(this).attr("src"),t=$(this).attr("id").substr(7);$("tr.cg-"+t).toggle(),"minus.png"===e.substr(-9)?$(this).attr("src",e.substr(0,e.length-9)+"plus.png"):$(this).attr("src",e.substr(0,e.length-8)+"minus.png")}).css("display","");DOCUMENTATION_OPTIONS.COLLAPSE_INDEX&&e.click()},hideSearchWords:function(){$("#searchbox .highlight-link").fadeOut(300),$("span.highlighted").removeClass("highlighted")},makeURL:function(e){return DOCUMENTATION_OPTIONS.URL_ROOT+"/"+e},getCurrentURL:function(){var e=document.location.pathname,t=e.split(/\//),n=($.each(DOCUMENTATION_OPTIONS.URL_ROOT.split(/\//),function(){".."===this&&t.pop()}),t.join("/"));return e.substring(n.lastIndexOf("/")+1,e.length-1)},initOnKeyListeners:function(){$(document).keydown(function(e){var t=document.activeElement.tagName;if(!("TEXTAREA"===t||"INPUT"===t||"SELECT"===t||e.altKey||e.ctrlKey||e.metaKey||e.shiftKey))switch(e.keyCode){case 37:var n=$('link[rel="prev"]').prop("href");if(n)return window.location.href=n,!1;case 39:n=$('link[rel="next"]').prop("href");if(n)return window.location.href=n,!1}})}};function checkEncodeURI(e){return/\%/i.test(e)}if(_=Documentation.gettext,$(document).ready(function(){Documentation.init()}),jQuery(function(u){const p=DOCUMENTATION_OPTIONS.VERSION,f="undefined"==typeof versions?[]:versions;o=u("#version-selector .current"),s=DOCUMENTATION_OPTIONS.VERSION,0=parseInt(O))&&delete a[r]}return a}(h,p,i,newUrls,redirections,removedUrls);h=h.reverse();for(let e=0;e Version "+f[e]+(0==e?" (current)":"")+"",a==f[0]&&u(".no-latest-notice .link-latest").attr("href",l);return e.html(o),d}function g(t){if(Array.isArray(t))return t;{let e=t.trim();return"/"==(e="#"==(e=(e=e.replace(/\/$/,"/index.html")).replace(/\/{2,}/,"/")).charAt(e.length-1)?e.substring(0,e.length-1):e).charAt(e.length-1)||/.*(\.html|#.*)$/.test(e)||(e+="/"),e=checkEncodeURI(e="/"!=e.charAt(0)?"/"+e:e)?e:encodeURI(e)}}function T(e,t){let n=-1;for(i in t)e==t[i]&&(n=i);return n}function C(e,t){var n=[];for(forId in t)if({}.hasOwnProperty.call(t,forId))for(forRelease in t[forId])"target"!=forRelease&&e==t[forId][forRelease]&&n.push(t[forId]);return n}function N(e,t,n){for(var o=[],r=t;r.length;){var i,s,a,l=r.pop();for(forTarget in l.target)({}).hasOwnProperty.call(l.target,forTarget)&&(i=l.target[forTarget].split("=>"),s=parseInt(T(i[0],n)),a=parseInt(T(i[1],n)),e.page==l[i[0]])&&("toBottom"!=e.direction&&s=s&&o.push({release:i[1],direction:"toBottom",url:l[i[1]]})}return o}function k(e,t,n,o){var r,s=[];for(forVersions in o)({}).hasOwnProperty.call(o,forVersions)&&(forVersions=parseInt(forVersions),"toBottom"==e&&forVersionse&&null!=n[t[i]]&&-1==o&&(o=i);return o}(forVersions,o,t))&&(s[o[forVersions]]=t[o[r]]):s[o[forVersions]]=t[o[forVersions]]),"toTop"==e)&&forVersions>=n&&(null==t[o[forVersions]]?0!=forVersions&&-1!=(r=function(e,t,n){let o=-1;for(i in t)({}).hasOwnProperty.call(t,i)&&(i=parseInt(i))>=e&&null!=n[t[i-1]]&&-1==o&&(o=i-1);return o}(forVersions,o,s))&&(s[o[forVersions]]=s[o[r]]):s[o[forVersions]]=t[o[forVersions]]);return s}e==f[0]&&(e="current"),document.querySelector("link[rel='canonical']")||((s=document.createElement("link")).setAttribute("rel","canonical"),s.setAttribute("href",document.location.protocol+"//"+document.location.host+"/"+e+a),document.head.appendChild(s)),u('#version-selector [data-toggle="tooltip"]').tooltip({container:"header"})}),$("#version-selector a.disable").click(function(e){return e.preventDefault(),e.stopPropagation(),!1}),0<$("#global-toc").length){function completelyHideMenuItems(){$("#global-toc li ul").each(function(){$(this).closest("li").hasClass("show")?(this.hidden=!1,$(this).slideDown(300)):$(this).slideUp(300,function(){this.hidden=!0})})}$("#global-toc .toctree-l1 a").each(function(e){$(this).siblings("ul").length&&($(this).closest("li").addClass("toc-toggle"),$(this).append($('')))}),$("#global-toc .current-toc-node").each(function(){$(this).on("click",function(e){e.preventDefault(),$("html, body").animate({scrollTop:0},"500")})}),$("#global-toc a .toc-toggle-btn").on("click",function(e){return $("#global-toc a .toc-toggle-btn .sr-only").text("Expand submenu"),$(this).find(".sr-only").text("Close submenu"),!(li=$(e.target).closest("li"))||0==li.children("ul").length||(e.stopPropagation(),e.preventDefault(),li.hasClass("show")?li.removeClass("show"):(li.siblings("li").removeClass("show"),li.addClass("show")),li.parents().hasClass("show")||$(".globaltoc li.show").addClass("show"),$(".globaltoc li.initial").removeClass("initial"),completelyHideMenuItems(),!1)}),emptyTocNodes&&(markTocNodesWithClass(emptyTocNodes,"empty-toc-node","#global-toc"),$("#global-toc .current-toc-node").addClass("empty-toc-node")),$("#global-toc .empty-toc-node").each(function(){$(this).on("click",function(e){e.preventDefault(),$(this).find(".toc-toggle-btn").click()})}),useApiRedoc&&(markTocNodesWithClass(newTabNodes,"js-new-tab",""),$(".js-new-tab").attr("target","_blank"));const b1=["Install Wazuh manager on Linux","Install Wazuh agent on Linux"].map(function(e){return e.toLowerCase()});function hideSubtree(e){$("#global-toc a").each(function(){-1!==jQuery.inArray($(this).text().toLowerCase(),e)&&($(this).siblings().hide(),$(this).children("button").hide())})}hideSubtree(b1)}if(0<$("#local-toc").length){const i1=$("#local-toc > .navbar-nav > .nav-item:first-of-type > .nav-link"),j1=$("main:first-of-type > .section:first-of-type");i1.attr("href",i1.attr("href")+j1.attr("id"))}if($("#local-toc .nav-link").on("click",function(e){e=$(e.target).attr("href"),e=$('[href="'+e+'"].headerlink').parent();e.hasClass("collapsed")&&e.click()}),0<$(".document").length){const n1=document.createElement("div");function filterCodeBlock(e,t){var n=e.clone(!0);n.find(".gp").empty();let o=n.text();n=findHeredocs(e),e=getCodeBlockType(t).toLowerCase();return o=String(o),-1===jQuery.inArray(e,["none","bash"])&&(o=(o=(o=(o=(o=(o=(o=(o=(o=(o=(o=(o=o.replace(/(^|\n)\s*(\.\s{0,1}){3}\s*($|\n)/g,"\n")).replace(/(.+]\$\s)/g,"")).replace(/(.+]\#\s)/g,"")).replace(/ansible@ansible:.+\$\s/g,"")).replace(/mysql>\s/g,"")).replace(/sqlite>\s/g,"")).replace(/Query\s.+\)\n/g,"")).replace(/.+@.+:.+(\#|\$)\s/g,"")).replace(/^>\s/g,"")).replace(/\n>\s/g,"\n")).replace(/(?:\$\s)/g,"")).replace(/\n{2,}$/g,"\n"),-1!==jQuery.inArray(e,["yaml","python","perl","powershell"])||t.is($('[class*="conf"]'))||(o=/<<[^<]/.test(o)?replacePromptOnHeredoc(o,n,e):filterPrompt(o,e))),o=o.trim()}function findHeredocs(e){e=$(e).text().split("\n");const n=[];let o=!1,r,i,s;return e.forEach((e,t)=>{o?closes(r,e.trim())&&(o=!1,(s=t-1)>i)&&n.push({start:i,finish:s}):/<<[^<]/.test(e)&&(o=!0,i=t+1,r=e.split("<<")[1].trim())}),n}function filterPrompt(e,t){return"bash"!=t&&(e=e.replace(/(?:\#\s)/g,"")),e=-1e<=n&&n<=t)||(e=filterPrompt(e,o)),r.push(e)}),r.join("\n")}function closes(e,t){return t.replace(/[-\\'"]/g,"")==e.replace(/[-\\'"]/g,"")}function copyToClipboard(e){var t=document.createElement("textarea");t.value=e,document.body.appendChild(t),t.select(),document.execCommand("copy"),document.body.removeChild(t)}n1.setAttribute("class","output-title"),n1.setAttribute("role","button"),n1.innerHTML="Output",$('[class*="highlight-"].output').each(function(){$(this).addClass("collapsible").attr("aria-expanded","false"),$(this).prepend(n1.cloneNode(!0)),$(this).hasClass("collapsed")||$(this).addClass("expanded").attr("aria-expanded","true")}),$('[class*="highlight-"].output.collapsible .output-title').on("click",function(e){const t=$(e.target).closest('[class*="highlight-"]');"false"===t.attr("aria-expanded")?(t.removeClass("collapsed").attr("aria-expanded","true"),setTimeout(function(){t.addClass("expanded")},300)):(t.removeClass("expanded").attr("aria-expanded","false"),setTimeout(function(){t.addClass("collapsed")},300))}),$(".highlight").each(function(){if($(this).parent().hasClass("escaped-tag-signs")){let n=$(this).html();const o=n.split(/\\"+gtFragments.join(">")),t!=o.length-1?n+=e+"\\<":n+=e}),$(this).html(n)}}),$(".highlight").each(function(){const o=/\s+$/g;var e=$(this),t=(e.find(".gp").each(function(){var e=$(this);let t=e.text().match(o),n="";t=t&&t[0].length-1;for(let e=0;e"+n+"").insertAfter(e),e.html(e.html().replace(o," "))}),e.html()),n=getCodeBlockType(e.parent()).toLowerCase();if(-1===jQuery.inArray(n,["none","bash"])){const i=findHeredocs(t);if(null!=t.match(/(?:\$\s|\#)/g)){n=t.split("\n");const s=[];n.forEach(function(e,n){var t=i.find(({start:e})=>e===n),o=i.find(({finish:e})=>e===n),r=i.find(({start:e,finish:t})=>e'+e:o?e+="":r||(e=e.replace(/(?:\$\s)/g,'$ ')),s.push(e)}),e.html(s.join("\n"))}}}),$(".highlight").each(function(){var e=$(this).parent();e.closest('[class*="highlight-"]').hasClass("output")||e.hasClass("no-copy")||e.prepend('')}),$(".copy-to-clipboard").click(function(){const e=$(this);copyToClipboard(filterCodeBlock($(e).parent().find(".highlight"),$(e).parent())),$(e).addClass("copied"),$(e).find("svg").css({display:"none"}).find("span").css({display:"block"}),$(e).find("span").css({display:"block"}),setTimeout(function(){$(e).removeClass("copied")},700),setTimeout(function(){$(e).find("span").css({display:"none"}),$(e).find("svg").css({display:"block"}),$(e).focus()},1e3)})}if($(".document")){const Cc="https://DOMAIN";function reponsiveTables(){$("table.docutils:not(.list-rows)").removeClass("table-responsive"),$("table.docutils:not(.list-rows)").each(function(){$(this).width()>$("main > div:first-of-type").width()&&$(this).addClass("table-responsive")})}$('[href^="'+Cc+'/"]').each(function(){var e=$(this).attr("href");$(this).attr("href",e.replace(Cc+"/",DOCUMENTATION_OPTIONS.URL_ROOT)),$(this).attr("target","_blank")}),$("main .reference.internal").each(function(){const t=this;newTabNodes.forEach(function(e){-1!==t.href.indexOf(e)&&$(t).attr("target","_blank")})}),$(".headerlink").text("Permalink to this headline"),reponsiveTables(),$("table.docutils.list-rows").each(function(){$(this).attr("role","presentation")}),$(window).on("resize",reponsiveTables)} //# sourceMappingURL=wazuh-documentation.min.js.map \ No newline at end of file From e3f450d6cd1ea988130e133067a1f5e1222643a7 Mon Sep 17 00:00:00 2001 From: Javier Medeot Date: Fri, 14 Jul 2023 11:03:02 -0300 Subject: [PATCH 08/10] Update source/_static/js/redirects.js Co-authored-by: Sandra Ocando --- source/_static/js/redirects.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/source/_static/js/redirects.js b/source/_static/js/redirects.js index 702eb1b7ff..de416bdef7 100644 --- a/source/_static/js/redirects.js +++ b/source/_static/js/redirects.js @@ -709,7 +709,7 @@ newUrls['4.4'] = [ '/cloud-security/github/monitoring-github-activity.html', '/cloud-security/office365/index.html', '/cloud-security/office365/monitoring-office365-activity.html', - '/cloud-security/monitoring.rshtml', + '/cloud-security/monitoring.html', '/user-manual/agents/key-request.html', '/user-manual/manager/manual-backup-restore.html', '/user-manual/reference/ossec-conf/wazuh-db-config.html', From 5b9a1b9eb6fa5061d210a745dc0165d4711140dd Mon Sep 17 00:00:00 2001 From: Javier Medeot Date: Tue, 18 Jul 2023 17:03:46 -0300 Subject: [PATCH 09/10] Add ossec.conf references --- source/cloud-security/gcp/supported-services/access_logs.rst | 2 +- source/cloud-security/github/monitoring-github-activity.rst | 4 ++-- .../office365/monitoring-office365-activity.rst | 4 ++-- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/source/cloud-security/gcp/supported-services/access_logs.rst b/source/cloud-security/gcp/supported-services/access_logs.rst index 6efa481066..68019e8fde 100644 --- a/source/cloud-security/gcp/supported-services/access_logs.rst +++ b/source/cloud-security/gcp/supported-services/access_logs.rst @@ -10,7 +10,7 @@ Usage logs & storage logs Google Cloud Storage offers `usage logs and storage logs `__, also known as access logs, in the form of CSV files that can be downloaded. Usage logs provide information for all of the requests made on a specified bucket and are created hourly. Storage logs provide information about the storage consumption of that bucket for the last day and are created daily. Once set up, usage logs and storage logs are automatically created as new objects in the specified bucket. -To process Storage and Acces logs, Wazuh makes use of the **gcp-bucket** module. Information regarding the configuration of this module can be found in the :ref:`gcp-bucket configuration reference `. +To process Storage and Access logs, Wazuh makes use of the **gcp-bucket** module. To configure manager and agent, check the :doc:`/user-manual/reference/ossec-conf/index` documentation. You can find information regarding the configuration of this module in the :ref:`gcp-bucket configuration reference `. Setting up log delivery to a Google Cloud Storage bucket diff --git a/source/cloud-security/github/monitoring-github-activity.rst b/source/cloud-security/github/monitoring-github-activity.rst index f50ab3ad19..ff82b70ddd 100644 --- a/source/cloud-security/github/monitoring-github-activity.rst +++ b/source/cloud-security/github/monitoring-github-activity.rst @@ -38,7 +38,7 @@ Wazuh configuration Next, we will see the options we have to configure for the Wazuh integration. -Proceed to configure the ``github`` module in the Wazuh manager or in the Wazuh agent. We will use the data that we took previously as the **organization name** and the **PATs**. Through the following configuration, Wazuh is ready to search for logs created by GitHub audit-log. In this case, we will search only the type of ``git`` events within an interval of ``1m``. Those logs will be only those that were created after the module was started: +Proceed to configure the ``github`` module in the Wazuh manager or in the Wazuh agent. To configure manager and agent, check the :doc:`/user-manual/reference/ossec-conf/index` documentation. We will use the data that we took previously as the **organization name** and the **PATs**. Through the following configuration, Wazuh is ready to search for logs created by GitHub audit-log. In this case, we will search only the type of ``git`` events within an interval of ``1m``. Those logs will be only those that were created after the module was started: .. code-block:: xml @@ -57,7 +57,7 @@ Proceed to configure the ``github`` module in the Wazuh manager or in the Wazuh -The module references can be found :ref:`here `. +Check :ref:`github-module` reference documentation for the module references. Using the configuration mentioned above, we will see an example of monitoring GitHub activity. diff --git a/source/cloud-security/office365/monitoring-office365-activity.rst b/source/cloud-security/office365/monitoring-office365-activity.rst index 8eee406f9b..54dcf3290b 100644 --- a/source/cloud-security/office365/monitoring-office365-activity.rst +++ b/source/cloud-security/office365/monitoring-office365-activity.rst @@ -106,7 +106,7 @@ Wazuh configuration Next, we will see the options we have to configure for the Wazuh integration. -Proceed to configure the ``office365`` module in the Wazuh manager or in the Wazuh agent. Through the following configuration, Wazuh is ready to search for logs created by Office 365 audit-log. In this case, we will only search for the ``Audit.SharePoint`` type events within an interval of ``1m``. Those logs will be only those that were created after the module was started: +Proceed to configure the ``office365`` module in the Wazuh manager or in the Wazuh agent. To configure manager and agent, check the :doc:`/user-manual/reference/ossec-conf/index` documentation. Through the following configuration, Wazuh is ready to search for logs created by Office 365 audit-log. In this case, we will only search for the ``Audit.SharePoint`` type events within an interval of ``1m``. Those logs will be only those that were created after the module was started: .. code-block:: xml @@ -125,7 +125,7 @@ Proceed to configure the ``office365`` module in the Wazuh manager or in the Waz -Module reference can be found :ref:`here `. +Check :ref:`office365-module` reference documentation for the module references. Using the configuration mentioned above, we will see an example of monitoring Office 365 activity. From ffa69a45bdab7ae2b67dd1b7f23d88d45bf8ed55 Mon Sep 17 00:00:00 2001 From: Javier Medeot Date: Wed, 19 Jul 2023 10:19:31 -0300 Subject: [PATCH 10/10] Apply suggestions from code review Co-authored-by: Sandra Ocando --- source/cloud-security/gcp/supported-services/access_logs.rst | 2 +- source/cloud-security/github/monitoring-github-activity.rst | 4 ++-- .../office365/monitoring-office365-activity.rst | 4 ++-- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/source/cloud-security/gcp/supported-services/access_logs.rst b/source/cloud-security/gcp/supported-services/access_logs.rst index 68019e8fde..1449687fa7 100644 --- a/source/cloud-security/gcp/supported-services/access_logs.rst +++ b/source/cloud-security/gcp/supported-services/access_logs.rst @@ -10,7 +10,7 @@ Usage logs & storage logs Google Cloud Storage offers `usage logs and storage logs `__, also known as access logs, in the form of CSV files that can be downloaded. Usage logs provide information for all of the requests made on a specified bucket and are created hourly. Storage logs provide information about the storage consumption of that bucket for the last day and are created daily. Once set up, usage logs and storage logs are automatically created as new objects in the specified bucket. -To process Storage and Access logs, Wazuh makes use of the **gcp-bucket** module. To configure manager and agent, check the :doc:`/user-manual/reference/ossec-conf/index` documentation. You can find information regarding the configuration of this module in the :ref:`gcp-bucket configuration reference `. +To process Storage and Access logs, Wazuh makes use of the ``gcp-bucket`` module. Configure the ``gcp-bucket`` module either in the Wazuh manager or the Wazuh agent. To do so, modify the :doc:`ossec.conf ` configuration file. Check the :ref:`gcp-bucket configuration reference ` to learn more. Setting up log delivery to a Google Cloud Storage bucket diff --git a/source/cloud-security/github/monitoring-github-activity.rst b/source/cloud-security/github/monitoring-github-activity.rst index ff82b70ddd..c0a2cde5bd 100644 --- a/source/cloud-security/github/monitoring-github-activity.rst +++ b/source/cloud-security/github/monitoring-github-activity.rst @@ -38,7 +38,7 @@ Wazuh configuration Next, we will see the options we have to configure for the Wazuh integration. -Proceed to configure the ``github`` module in the Wazuh manager or in the Wazuh agent. To configure manager and agent, check the :doc:`/user-manual/reference/ossec-conf/index` documentation. We will use the data that we took previously as the **organization name** and the **PATs**. Through the following configuration, Wazuh is ready to search for logs created by GitHub audit-log. In this case, we will search only the type of ``git`` events within an interval of ``1m``. Those logs will be only those that were created after the module was started: +Configure the ``github`` module either in the Wazuh manager or the Wazuh agent. To do so, modify the :doc:`ossec.conf ` configuration file. We will use the data that we took previously as the **organization name** and the **PATs**. Through the following configuration, Wazuh is ready to search for logs created by GitHub audit-log. In this case, we will search only the type of ``git`` events within an interval of ``1m``. Those logs will be only those that were created after the module was started: .. code-block:: xml @@ -57,7 +57,7 @@ Proceed to configure the ``github`` module in the Wazuh manager or in the Wazuh -Check :ref:`github-module` reference documentation for the module references. +To learn more, check the :ref:`github-module` module reference. Using the configuration mentioned above, we will see an example of monitoring GitHub activity. diff --git a/source/cloud-security/office365/monitoring-office365-activity.rst b/source/cloud-security/office365/monitoring-office365-activity.rst index 54dcf3290b..890c794dc4 100644 --- a/source/cloud-security/office365/monitoring-office365-activity.rst +++ b/source/cloud-security/office365/monitoring-office365-activity.rst @@ -106,7 +106,7 @@ Wazuh configuration Next, we will see the options we have to configure for the Wazuh integration. -Proceed to configure the ``office365`` module in the Wazuh manager or in the Wazuh agent. To configure manager and agent, check the :doc:`/user-manual/reference/ossec-conf/index` documentation. Through the following configuration, Wazuh is ready to search for logs created by Office 365 audit-log. In this case, we will only search for the ``Audit.SharePoint`` type events within an interval of ``1m``. Those logs will be only those that were created after the module was started: +Configure the ``office365`` module either in the Wazuh manager or the Wazuh agent. To do so, modify the :doc:`ossec.conf ` configuration file. Through the following configuration, Wazuh is ready to search for logs created by Office 365 audit-log. In this case, we will only search for the ``Audit.SharePoint`` type events within an interval of ``1m``. Those logs will be only those that were created after the module was started: .. code-block:: xml @@ -125,7 +125,7 @@ Proceed to configure the ``office365`` module in the Wazuh manager or in the Waz -Check :ref:`office365-module` reference documentation for the module references. +To learn more, check the :ref:`office365-module` module reference. Using the configuration mentioned above, we will see an example of monitoring Office 365 activity.