Wazuh - Centraleyezer

Wazuh Assets Import Summary

The integration of Wazuh with the Centraleyezer Vulnerability Management platform enhances the import and management of assets, including IP addresses and associated metadata. This collaboration enables organizations to efficiently track, categorize, and analyze their security posture based on Wazuh’s monitoring capabilities.

Wazuh Assets Import Key Features

Data Import:
- Import asset details (IP addresses and metadata) from Wazuh into Centraleyezer, either on-demand or via automated schedules.
Detailed Asset Information:
- Centraleyezer provides structured asset details, including owner, business department, and software inventory.
Risk Scoring & Categorization:
- Configurable risk classification values for imported assets, adjustable based on organizational security policies.
Selective Data Import:
- Supports filtering based on asset type, risk classification, and Wazuh source for precise data imports.
Secure Connectivity:
- Requires Wazuh API access with appropriate authentication.

Considerations

The integration supports mapping one Wazuh instance with one Centraleyezer instance.
Configuring a different Wazuh instance in the plugin will overwrite previously imported asset data.

Requirements

System Requirements:
- Centraleyezer Prerequisites: Latest version of the Centraleyezer Vulnerability Management Platform recommended.
- Wazuh Prerequisites: API access must be enabled for retrieving asset details.
Permissions and Roles:
- Centraleyezer: Requires System Admin or Asset Manager permissions.
- Wazuh: Requires asset and agent retrieval permissions.
- Import mappings require admin-level permissions.

Release Notes

Version 1.0.0:

New mappings for Wazuh asset imports include:

- IP Address
- Owner
- Contact
- Business (Department)
- Tags
- Softwares
- Selected Softwares
- Zone (LAN)
- Risk Class
- Regularly Scanned
- Regularly Pentested
- Asset Type
- Import Type
- Wazuh Sources

Wazuh Summary

The integration of Wazuh with the Centraleyezer Vulnerability Management platform enhances the import and management of security findings related to host-based intrusion detection and log analysis. This collaboration enables organizations to efficiently identify, prioritize, track, and remediate security incidents, thereby improving their overall security posture and risk management.

Wazuh Key Features

Data Import:
- Import security events and vulnerabilities from Wazuh into Centraleyezer, either on-demand or via automated schedules.
- Supported formats: ???.
Detailed Findings:
- Centraleyezer provides comprehensive details on alerts and anomalies detected by Wazuh.
Risk Scoring:
- Configurable severity values for Wazuh findings, adjustable based on organizational risk policies.

Selective Data Import:
- Supports filtering based on event type, severity, and timeframe for more precise data imports.
Secure Connectivity:
- Requires an HTTPS connection with proper authentication.

Considerations

The integration supports mapping one Wazuh instance with one Centraleyezer instance.
Configuring a different Wazuh instance in the plugin will overwrite previously imported data.

Requirements

System Requirements:
- Centraleyezer Prerequisites: Latest version of the Centraleyezer Vulnerability Management Platform recommended.
- Wazuh Prerequisites: API access must be enabled with proper authentication and permissions.
Permissions and Roles:
- Centraleyezer: Requires System Admin or Security Analyst permissions.
- Wazuh: User access for retrieving security alerts and logs.
- Import mappings require admin-level permissions.

Release Notes

Version 1.0.0:

New mappings for findings from Wazuh include:

- Asset (Hostname:Port)
- Username
- Password
- Start Date
- Remote Identifier
- Network