Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Engine - Integration of MaxMind for GeoIP and ASN Data Enrichment in Wazuh-Engine #21695

Closed
6 tasks done
JcabreraC opened this issue Feb 1, 2024 · 0 comments · Fixed by #23337
Closed
6 tasks done

Engine - Integration of MaxMind for GeoIP and ASN Data Enrichment in Wazuh-Engine #21695

JcabreraC opened this issue Feb 1, 2024 · 0 comments · Fixed by #23337
Assignees
@juliancnn @JcabreraC
Labels
epic level/epic module/engine team/core type/enhancement New feature or request

Comments

@JcabreraC
Copy link
Member

JcabreraC commented Feb 1, 2024
edited

Wazuh version Component Install type Install method Platform
5.0.0 Engine Manager Packages/Sources OS version
Epic branch
21695-engine-maxmind-integration

Description

This epic outlines a series of tasks aimed at integrating MaxMind's GeoIP and ASN databases into the Wazuh-Engine. The goal is to enrich events with geographical and autonomous system number (ASN) information, enhancing the engine's capabilities in data analysis and threat intelligence.

Objectives

  • Research: Conduct thorough research to understand the best practices for integrating MaxMind databases with the Wazuh-Engine.
  • Module Development: Develop a foundational module for interacting with MaxMind databases.
  • Helper Functions: Implement necessary helper functions to facilitate data retrieval and processing from MaxMind databases.
  • Automatic DB Updates: Research and develop a system for the automatic updating of MaxMind databases to ensure data accuracy and relevance.
  • Ruleset Update: Update the Wazuh ruleset to utilize the enriched GeoIP and ASN data for improved event analysis.
  • Integration Testing: Perform comprehensive integration testing to ensure the seamless functioning of the MaxMind integration within the Wazuh-Engine ecosystem.

Tasks

Additional Considerations

  • Data Privacy and Compliance: Ensure that the integration of MaxMind complies with data privacy laws and regulations.
  • Documentation: Document each phase of the development process, including research findings, module design, and integration strategies.
  • Performance Impact: Assess the impact of MaxMind integration on the performance of the Wazuh-Engine and optimize accordingly.

Acceptance Criteria

  • Successful integration of MaxMind's GeoIP and ASN databases into the Wazuh-Engine.
  • Enhanced event analysis capabilities with accurate geographical and ASN information.
  • Seamless and efficient automatic updating of MaxMind databases.
  • Updated ruleset effectively utilizing the enriched data for improved threat detection and analysis.
  • Comprehensive documentation and successful passing of integration tests.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@juliancnn juliancnn

@JcabreraC JcabreraC

Labels
epic level/epic module/engine team/core type/enhancement New feature or request
Projects
Release 5.0.0
Status: Done
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Integration of MaxMind GeoIP and ASN Databases into Wazuh-Engine wazuh/wazuh
2 participants
@juliancnn @JcabreraC