Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add ossec.conf references #6249

Merged
merged 2 commits into from
Jul 19, 2023
Merged

Add ossec.conf references #6249

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
5b9a1b9
Add ossec.conf references
javimed Jul 18, 2023
ffa69a4
Apply suggestions from code review
javimed Jul 19, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion source/cloud-security/gcp/supported-services/access_logs.rst
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,7 @@ Usage logs & storage logs

Google Cloud Storage offers `usage logs and storage logs <https://cloud.google.com/storage/docs/access-logs>`__, also known as access logs, in the form of CSV files that can be downloaded. Usage logs provide information for all of the requests made on a specified bucket and are created hourly. Storage logs provide information about the storage consumption of that bucket for the last day and are created daily. Once set up, usage logs and storage logs are automatically created as new objects in the specified bucket.

To process Storage and Acces logs, Wazuh makes use of the **gcp-bucket** module. Information regarding the configuration of this module can be found in the :ref:`gcp-bucket configuration reference <gcp-bucket>`.
To process Storage and Access logs, Wazuh makes use of the **gcp-bucket** module. To configure manager and agent, check the :doc:`/user-manual/reference/ossec-conf/index` documentation. You can find information regarding the configuration of this module in the :ref:`gcp-bucket configuration reference <gcp-bucket>`.
javimed marked this conversation as resolved.
Show resolved Hide resolved


Setting up log delivery to a Google Cloud Storage bucket
Expand Down
4 changes: 2 additions & 2 deletions source/cloud-security/github/monitoring-github-activity.rst
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -38,7 +38,7 @@ Wazuh configuration

Next, we will see the options we have to configure for the Wazuh integration.

Proceed to configure the ``github`` module in the Wazuh manager or in the Wazuh agent. We will use the data that we took previously as the **organization name** and the **PATs**. Through the following configuration, Wazuh is ready to search for logs created by GitHub audit-log. In this case, we will search only the type of ``git`` events within an interval of ``1m``. Those logs will be only those that were created after the module was started:
Proceed to configure the ``github`` module in the Wazuh manager or in the Wazuh agent. To configure manager and agent, check the :doc:`/user-manual/reference/ossec-conf/index` documentation. We will use the data that we took previously as the **organization name** and the **PATs**. Through the following configuration, Wazuh is ready to search for logs created by GitHub audit-log. In this case, we will search only the type of ``git`` events within an interval of ``1m``. Those logs will be only those that were created after the module was started:
javimed marked this conversation as resolved.
Show resolved Hide resolved

.. code-block:: xml

Expand All @@ -57,7 +57,7 @@ Proceed to configure the ``github`` module in the Wazuh manager or in the Wazuh
</api_parameters>
</github>

The module references can be found :ref:`here <github-module>`.
Check :ref:`github-module` reference documentation for the module references.
javimed marked this conversation as resolved.
Show resolved Hide resolved

Using the configuration mentioned above, we will see an example of monitoring GitHub activity.

Expand Down
4 changes: 2 additions & 2 deletions source/cloud-security/office365/monitoring-office365-activity.rst
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -106,7 +106,7 @@ Wazuh configuration

Next, we will see the options we have to configure for the Wazuh integration.

Proceed to configure the ``office365`` module in the Wazuh manager or in the Wazuh agent. Through the following configuration, Wazuh is ready to search for logs created by Office 365 audit-log. In this case, we will only search for the ``Audit.SharePoint`` type events within an interval of ``1m``. Those logs will be only those that were created after the module was started:
Proceed to configure the ``office365`` module in the Wazuh manager or in the Wazuh agent. To configure manager and agent, check the :doc:`/user-manual/reference/ossec-conf/index` documentation. Through the following configuration, Wazuh is ready to search for logs created by Office 365 audit-log. In this case, we will only search for the ``Audit.SharePoint`` type events within an interval of ``1m``. Those logs will be only those that were created after the module was started:
javimed marked this conversation as resolved.
Show resolved Hide resolved

.. code-block:: xml

Expand All @@ -125,7 +125,7 @@ Proceed to configure the ``office365`` module in the Wazuh manager or in the Waz
</subscriptions>
</office365>

Module reference can be found :ref:`here <office365-module>`.
Check :ref:`office365-module` reference documentation for the module references.
javimed marked this conversation as resolved.
Show resolved Hide resolved

Using the configuration mentioned above, we will see an example of monitoring Office 365 activity.

Expand Down
Loading