You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Wazuh has multiple reporting systems depending on the source of the information. We have a reporting system for information coming from the API, we have a reporting system for information stored in Indexer, and we have a reporting system coming from metrics of the server.
We want to simplify this by designing a new reporting system which will unify the three. Our initial approach would be to leverage the OpenSearch reporting and notifications plugins. But we might change this strategy if we see fit.
Reporting about Wazuh status and metrics
We want to generate reports about the status of all the elements of Wazuh, including the servers, agents and indexers. These reports will include statistics about the workload of Wazuh over time, the availability of the services and modules, etc.
These reports should help users to manage the system's health, to plan the system's capacity and to analyze the system's performance.
Reporting about security threats
We want to generate reports about the security threats and posture a user might have from the information managed by Wazuh.
We should have at least reports about:
Security posture
Workload protection
Threat intelligence
Compliance and audit
Active response
Vulnerability detection
Configuration assessment
Malware detection
IT hygiene
File integrity monitoring
Custom reporting
We want to provide our users to create personalized reports based on any information available in the indexer.
Functional requirements
Reports are generated in PDF
Reports can be sent via email at scheduled intervals
Reports can be downloaded on demand
A user can list all available reports from one place, depending on the RBAC permissions
A user can create new reports
A user may customize some elements of the default reporting templates
Non-functional requirements
The reporting system must ease container deployment scenarios
TODO
Implementation restrictions
TODO
Plan
Spike
MVP
Feature complete
Acceptance test
The text was updated successfully, but these errors were encountered:
Description
Wazuh has multiple reporting systems depending on the source of the information. We have a reporting system for information coming from the API, we have a reporting system for information stored in Indexer, and we have a reporting system coming from metrics of the server.
We want to simplify this by designing a new reporting system which will unify the three. Our initial approach would be to leverage the OpenSearch reporting and notifications plugins. But we might change this strategy if we see fit.
Reporting about Wazuh status and metrics
We want to generate reports about the status of all the elements of Wazuh, including the servers, agents and indexers. These reports will include statistics about the workload of Wazuh over time, the availability of the services and modules, etc.
These reports should help users to manage the system's health, to plan the system's capacity and to analyze the system's performance.
Reporting about security threats
We want to generate reports about the security threats and posture a user might have from the information managed by Wazuh.
We should have at least reports about:
Custom reporting
We want to provide our users to create personalized reports based on any information available in the indexer.
Functional requirements
Non-functional requirements
Implementation restrictions
Plan
The text was updated successfully, but these errors were encountered: