Welcome to WaZuh Security Insights and Enhancements,
This project serves as a comprehensive resource for anyone interested in leveraging WaZuh for Xtended Detection and Response (XDR) and Security Information and Event Management (SIEM). Here, you'll find a collection of valuable enhancements, custom dashboards, and personal learnings.
- Comprehensive Overview: Instantly access a complete overview of all security events detected by WaZuh, providing a clear and concise snapshot of the current security landscape.
- Insightful Dashboards: Utilize these dashboards to thoroughly review and analyze security insights identified by WaZuh, enabling a deeper understanding of potential threats and vulnerabilities.
- Periodic Reviews: Leverage these dashboards for regular reviews of security events, helping to systematically narrow down findings and focus on critical issues.
- Advanced Filtering: Each field within the dashboard offers powerful filtering capabilities, allowing for detailed insights and the ability to drill down into specific events for more granular analysis.
- 
Custom Dashboards: Dive into Custom dashboards that visualize critical security metrics and insights. 
- 
Enhancements: Explore various improvements and tweaks to optimize WaZuh's functionality. 
- 
Learnings: Benefit from my experiences and key takeaways while working with WaZuh XDR and SIEM. 
- 
Resources: Access documentation and guides to help you get started and make the most out of WaZuh. 
1. Overview of the Dashboards:         [Full View ↗]
| Dashboard | Exports | 
|---|---|
| CISO Dashboard | Security Anomaly Detection | Download | 
| CISO Dashboard | AWS Security | Download | 
| CISO Dashboard | System Anomaly Detection | Download | 
Note: Above Dashboards are in ndjson format, download the file and then follow below steps
2. How to Integrate:
- 
Go to WaZuh ➔ Stack Management ➔ Saved Objects ➔ Import - CISO Dashboard | Security Anomaly Detection Download ➔
- CISO Dashboard | System Anomaly Detection Download ➔
- CISO Dashboard | AWS Security Download ➔
 
A) WaZuh Extenal API Integrations ↗
1. Monitoring Email Overview [Full View ↗]
2. How to Integrate:
Step 1: Download the Custom Integration Script
| Resources | Link | 
|---|---|
| Custom Alerts Email PY | Go to Download | 
Step 2: Setup the Script File
Add this Script inside: /var/ossec/integrations/
Set Permission
chown root:wazuh /var/ossec/integrations/custom-alerts-email.py
chmod 750 /var/ossec/integrations/custom-alerts-email.pyStep 3: Integration in WaZuh
Use the Below XML Section inside WaZuh Manager ossec.conf
<!-- For GuardDuty: Custom GuardDuty Formatter -->
<integration>
    <name>custom-alerts-email.py</name>
    <hook_url>[email protected]</hook_url>
    <group>aws_guardduty</group>
    <api_key>Guardduty</api_key>
    <alert_format>json</alert_format>
</integration>
<!-- For FIM: Custom FIM Formatter -->
<integration>
    <name>custom-alerts-email.py</name>
    <hook_url>[email protected]</hook_url>
    <group>syscheck</group>
    <api_key>FIM</api_key>
    <alert_format>json</alert_format>
</integration>
<!-- For SG: Custom SecurityGroups Formatter -->
<integration>
    <name>custom-alerts-email.py</name>
    <hook_url>[email protected]</hook_url>
    <group>aws_cloudtrail_securitygroups</group> <!-- A Custom Group in rules need to be created which has all SG related Events -->
    <api_key>SecurityGroups</api_key>
    <alert_format>json</alert_format>
</integration>
<!-- For Any: Custom for Any - Set blank for api_key -->
<integration>
    <name>custom-alerts-email.py</name>
    <hook_url>[email protected]</hook_url>
    <group>ossec</group>
    <api_key></api_key>
    <alert_format>json</alert_format>
</integration>Note: To be added soon, work in progress
A Quick overview of WaZuh Components
| Resources | Link | 
|---|---|
| WaZuh Docs | Go to Link | 
| WaZuh Docker Installation | Go to Link | 
| AWS XDR Integrations | Go to Link | 
| Proof of Concepts | Go to Link | 







