-
Notifications
You must be signed in to change notification settings - Fork 169
/
wazuh-modules.ts
175 lines (174 loc) · 5.39 KB
/
wazuh-modules.ts
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
/*
* Wazuh app - Simple description for each App tabs
* Copyright (C) 2015-2022 Wazuh, Inc.
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* Find more information about this on the LICENSE file.
*/
export const WAZUH_MODULES = {
general: {
title: 'Threat hunting',
appId: 'threat-hunting',
description:
'Browse through your security alerts, identifying issues and threats in your environment.',
},
fim: {
title: 'File integrity monitoring',
appId: 'file-integrity-monitoring',
description:
'Alerts related to file changes, including permissions, content, ownership and attributes.',
},
pm: {
title: 'Malware detection',
appId: 'malware-detection',
description:
'Verify that your systems are configured according to your security policies baseline.',
},
vuls: {
title: 'Vulnerability detection',
appId: 'vulnerability-detection',
description:
'Discover what applications in your environment are affected by well-known vulnerabilities.',
},
oscap: {
title: 'OpenSCAP',
appId: 'openscap',
description:
'Configuration assessment and automation of compliance monitoring using SCAP checks.',
},
audit: {
title: 'System auditing',
appId: 'system-auditing',
description:
'Audit users behavior, monitoring command execution and alerting on access to critical files.',
},
pci: {
title: 'PCI DSS',
appId: 'pci-dss',
description:
'Global security standard for entities that process, store or transmit payment cardholder data.',
},
gdpr: {
title: 'GDPR',
appId: 'gdpr',
description:
'General Data Protection Regulation (GDPR) sets guidelines for processing of personal data.',
},
hipaa: {
title: 'HIPAA',
appId: 'hipaa',
description:
'Health Insurance Portability and Accountability Act of 1996 (HIPAA) provides data privacy and security provisions for safeguarding medical information.',
},
nist: {
title: 'NIST 800-53',
appId: 'nist-800-53',
description:
'National Institute of Standards and Technology Special Publication 800-53 (NIST 800-53) sets guidelines for federal information systems.',
},
tsc: {
title: 'TSC',
appId: 'tsc',
description:
'Trust Services Criteria for Security, Availability, Processing Integrity, Confidentiality, and Privacy',
},
ciscat: {
title: 'CIS-CAT',
appId: 'ciscat',
description:
'Configuration assessment using Center of Internet Security scanner and SCAP checks.',
},
aws: {
title: 'AWS',
appId: 'amazon-web-services',
description:
'Security events related to your Amazon AWS services, collected directly via AWS API.',
},
office: {
title: 'Office 365',
appId: 'office365',
description: 'Security events related to your Office 365 services.',
},
gcp: {
title: 'Google Cloud',
appId: 'google-cloud',
description:
'Security events related to your Google Cloud Platform services, collected directly via GCP API.', // TODO GCP
},
virustotal: {
title: 'VirusTotal',
appId: 'virustotal',
description:
'Alerts resulting from VirusTotal analysis of suspicious files via an integration with their API.',
},
mitre: {
title: 'MITRE ATT&CK',
appId: 'mitre-attack',
description:
'Security events from the knowledge base of adversary tactics and techniques based on real-world observations',
},
syscollector: {
title: 'Inventory data',
// This appId is not used, for consistency was added.
appId: 'endpoint-summary',
description:
'Applications, network configuration, open ports and processes running on your monitored systems.',
},
stats: {
title: 'Stats',
// This appId is not used, for consistency was added.
appId: 'endpoint-summary',
description: 'Stats for agent and logcollector',
},
configuration: {
title: 'Configuration',
// This appId is not used, for consistency was added.
appId: 'endpoint-summary',
description:
'Check the current agent configuration remotely applied by its group.',
},
osquery: {
title: 'Osquery',
appId: 'osquery',
description:
'Osquery can be used to expose an operating system as a high-performance relational database.',
},
sca: {
title: 'Configuration assessment',
appId: 'configuration-assessment',
description:
'Scan your assets as part of a configuration assessment audit.',
},
docker: {
title: 'Docker',
appId: 'docker',
description:
'Monitor and collect the activity from Docker containers such as creation, running, starting, stopping or pausing events.',
},
github: {
title: 'GitHub',
appId: 'github',
description:
'Monitoring events from audit logs of your GitHub organizations.',
},
devTools: {
title: 'API console',
appId: 'api-console',
description: 'Test the API endpoints.',
},
logtest: {
title: 'Test your logs',
appId: 'ruleset-test',
description: 'Check your ruleset testing logs.',
},
// TODO - Research the uses of this code.
testConfiguration: {
title: 'Test your configurations',
appId: '',
description: 'Check configurations before applying them',
},
};