Skip to content

YPSI-SAS/centsoc

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

25 Commits

images

images

 
 

sql

sql

 
 

README.md

README.md

 
 

conf.php

conf.php

 
 

requests.php

requests.php

 
 

utils.js

utils.js

 
 

wazuh-config.ihtml

wazuh-config.ihtml

 
 

wazuh-config.php

wazuh-config.php

 
 

wazuh-cve.ihtml

wazuh-cve.ihtml

 
 

wazuh-cve.php

wazuh-cve.php

 
 

wazuh-sca-policy.ihtml

wazuh-sca-policy.ihtml

 
 

wazuh-sca.ihtml

wazuh-sca.ihtml

 
 

wazuh-sca.php

wazuh-sca.php

 
 

wazuh-syscheck.ihtml

wazuh-syscheck.ihtml

 
 

wazuh-syscheck.php

wazuh-syscheck.php

 
 

Repository files navigation

CentSOC

CentSOC is a module for Centreon to add Wazuh last scans results to the Centreon UI through Wazuh Manager API With CentSOC, you can see vulnerabilities, SCA and Syscheck scans results

Prerequisites

To use CentSOC, you needs:

  • A Wazuh Manager server
  • At least one server with a Wazuh Agent installed
  • A Wazuh Manager API Account
  • A Centreon Central Server

Installation

Connect to your Centreon Central server's terminal and use this command

cd /usr/share/centreon/www/modules/
git clone https://github.com/YPSI-SAS/centsoc

Then, connect to your Centreon WebUI in Administration > Extensions > Manager menu and install CentSOC

Go to Administration > Wazuh > Wazuh Configuration and set Wazuh Manager Address and API Credentials

image

ATTENTION: Wazuh Manager URL must not contain "/" at the end !

Before using CentSOC, you first need to set WAZUHAGENTID macro on at least one host, with the id of the Wazuh agent installed on the corresponding host
image

You can list Wazuh Agents IDs on the Wazuh Manager with the next command:

/var/ossec/bin/agent_control -l

#Output:
Wazuh agent_control. List of available agents:
   ID: 000, Name: wazuh-manager (server), IP: 127.0.0.1, Active/Local
   ID: 001, Name: host01, IP: any, Active
   ID: 002, Name: host02, IP: any, Active
   ID: 003, Name: host03, IP: any, Disconnected

You now can start to use CentSOC and check what Wazuh Agents's Scan found in the 3 differents views for your hosts with a defined WAZUHAGENTID macro
For each view, you need to select an host and then press the Search button

Reporting > Wazuh > Vulnerabilities

Vulnerabilities view show all vulnerabilities found by the Wazuh Agent
You can filter the results by severity, title or CVE
You can also sort the results by severity or CVES3 Score
CVE ID's are clickable and redirect to their dedicated page on cve.org image

Reporting > Wazuh > File integrity

File Integrity view show results for syscheck scans on files
You can filter by file name, or by entry type (file or regisrty_key/registry_value)
You can also sort by filesize and by date

image

Reporting > Wazuh > SCA

SCA view can list the conformity policies applied on the selected host, and show the results
image

You can click on Policy name to get the details of the tests done by the agent
You can sort the tests by the results (failed, pass, invalid) image

About

No description, website, or topics provided.

Resources

Readme
Activity
Custom properties

Stars

3 stars

Watchers

1 watching

Forks

2 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages