Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Reporting revamp #164

Open
4 tasks
havidarou opened this issue Apr 11, 2024 · 0 comments
Open
4 tasks

Reporting revamp #164

havidarou opened this issue Apr 11, 2024 · 0 comments
Assignees
@asteriscos
Labels
level/objective type/enhancement New feature or request

Comments

@havidarou
Copy link
Member

havidarou commented Apr 11, 2024
edited

Description

Wazuh has multiple reporting systems depending on the source of the information. We have a reporting system for information coming from the API, we have a reporting system for information stored in Indexer, and we have a reporting system coming from metrics of the server.

We want to simplify this by designing a new reporting system which will unify the three. Our initial approach would be to leverage the OpenSearch reporting and notifications plugins. But we might change this strategy if we see fit.

Reporting about Wazuh status and metrics

We want to generate reports about the status of all the elements of Wazuh, including the servers, agents and indexers. These reports will include statistics about the workload of Wazuh over time, the availability of the services and modules, etc.

These reports should help users to manage the system's health, to plan the system's capacity and to analyze the system's performance.

Reporting about security threats

We want to generate reports about the security threats and posture a user might have from the information managed by Wazuh.

We should have at least reports about:

  • Security posture
  • Workload protection
  • Threat intelligence
  • Compliance and audit
  • Active response
  • Vulnerability detection
  • Configuration assessment
  • Malware detection
  • IT hygiene
  • File integrity monitoring

Custom reporting

We want to provide our users to create personalized reports based on any information available in the indexer.

Functional requirements

  • Reports are generated in PDF
  • Reports can be sent via email at scheduled intervals
  • Reports can be downloaded on demand
  • A user can list all available reports from one place, depending on the RBAC permissions
  • A user can create new reports
  • A user may customize some elements of the default reporting templates

Non-functional requirements

  • The reporting system must ease container deployment scenarios
  • TODO

Implementation restrictions

  • TODO

Plan

  • Spike
  • MVP
  • Feature complete
  • Acceptance test
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@asteriscos asteriscos

Labels
level/objective type/enhancement New feature or request
Projects
Release 5.0.0
Status: Blocked
Roadmap
Status: Draft
Milestone
No milestone
Development

No branches or pull requests
2 participants
@havidarou @asteriscos