Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Reporting revamp #164

Open
2 of 4 tasks
Tracked by #408
havidarou opened this issue Apr 11, 2024 · 0 comments
Open
2 of 4 tasks
Tracked by #408

Reporting revamp #164

havidarou opened this issue Apr 11, 2024 · 0 comments
Assignees
Labels

Comments

@havidarou
Copy link
Member

havidarou commented Apr 11, 2024

Description

Wazuh has multiple reporting systems depending on the source of the information:

  • Wazuh manager API.
  • Wazuh indexer API.

This issue aims to unify all Wazuh reporting capabilities. Our initial approach will be to leverage the OpenSearch reporting and notifications plugins.

Wazuh status and metrics

We want to generate reports about servers and indexers. These reports will include statistics about the workload of Wazuh over time, the availability of the services and modules, etc.

These reports should help users manage the system's health, plan the system's capacity, and analyze the system's performance.

Security threats

We want to generate reports about the environment's security threats and posture. This should include at least:

  • SCA.
  • File integrity monitoring.
  • Inventory.
  • Threat intelligence.
  • Compliance and audit.
  • Vulnerability detection.

Custom reports

Users will be able to create personalized reports based on any information available in the indexer.

Functional requirements

  • All Wazuh XDR/SIEM output spawns from the Wazuh indexer.
  • Reports are generated in PDF.
  • Reports can be sent via email at scheduled intervals.
  • Reports can be downloaded on demand.
  • A user can list all available reports from one place, depending on the Wazuh indexer RBAC permissions.
  • A user can create/edit/delete custom reports from one place, depending on the Wazuh indexer RBAC permissions.
  • Threat detection and posture status will be regularly sent to users via email based on Wazuh dashboard initial startup configuration.

Non-functional requirements

  • The reporting system must ease container deployment scenarios.

Implementation restrictions

  • Use the existing OpenSearch reporting and notifications plugins as much as possible.

Plan

Spike

MVP ETA 09/26/2024

Checkpoint

Feature complete

Acceptance test

@wazuhci wazuhci added this to Roadmap Apr 11, 2024
@wazuhci wazuhci moved this to Draft in Roadmap Apr 11, 2024
@wazuhci wazuhci moved this to Blocked in Release 5.0.0 Apr 29, 2024
@havidarou havidarou moved this from Draft to Backlog in Roadmap Jun 19, 2024
@wazuhci wazuhci moved this from Blocked to Triage in Release 5.0.0 Jun 19, 2024
@wazuhci wazuhci moved this from Triage to In progress in Release 5.0.0 Jun 24, 2024
@wazuhci wazuhci moved this from In progress to On hold in Release 5.0.0 Jul 25, 2024
@wazuhci wazuhci moved this from Backlog to In progress in Roadmap Aug 2, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
Status: On hold
Development

No branches or pull requests

2 participants