New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
integration with OSSIM? #71
Comments
Hi Kat, this may help. If you already installed the RESTful API on the Wazuh manager. You can generate an updated wazuh.sql file, by going to the /var/ossec/api and run the following python script (rules2ossim.py):
Run it this way to remove some unwanted double quotes:
Then move the wazuh.sql file to the OSSIM box and run:
Now you should be able to copy ossec-single-line.cfg, rename it as wazuh.cfg and change the plugin_id to 22000 (or whatever you defined in the python script). |
Tell me, after running the script: I get the following error: Traceback (most recent call last): What is the problem? |
Hello @Regirv, first of all, sorry for the late reply. You must make a couple of modifications on
After this fix,
I'm closing this ticket. Please don't hesitate to open another if you need it. Juan Pablo Sáez |
You guys have done amazing work on the upgraded version of OSSEC. I wonder if anyone has thought of doing a guide for integration in the OSSIM? I have used Santiago's guide to actually do this, however, the new rulesets do not fire in this case because the IDs have not been integrated into the OSSIM DB. This would be a great add-on/enhancement. I might be willing to put a PR in as I have done some work on this, but wanted to wait on the final release of the new version.
The text was updated successfully, but these errors were encountered: