Awesome video! Have you had the ability to expand the slack alerts by adding additional information about the alert using the json information data that is on wazuh alerts dashboard? Like Agent IP, TargetUserName, Source IP and etc, windows Event ID, and etc
Nice Video. I am able to get the alerts in slack channel. But not sure how I can modify the template of the alert. So far I am just getting below details: Monitor Successful sudo to ROOT executed. just entered alert status. Please investigate the issue. - Trigger: Sudo command executed - Severity: 1 - Period start: 2022-07-25T11:16:19.208Z - Period end: 2022-07-25T11:31:19.208Z How I can add more fields like Agent Name, user details etc?
hey cool channel, I have a question that may seem silly but I don't want to break anything, I want to configure the manager for email alerts but i dont know what i have to put in mail.test.com .. I don't know what to put, the server's ip? with: 5601?
Hi Lautaro! An SMTP server is an application that's primary purpose is to send, receive, and/or relay outgoing mail between email senders and receivers. ie: Gmail's SMTP server address is smtp.gmail.com if your destination account is a gmail account, you can try smtp.gmail.com And after changed it restart the server. For Systemd: # systemctl restart wazuh-manager For SysV Init: # service wazuh-manager restart also you can find extra information in following link: documentation.wazuh.com/current/user-manual/manager/manual-email-report/index.html?highlight=email Let me know if that works! Regards!
Great video. Thanks
Glad you liked it!
Awesome video! Have you had the ability to expand the slack alerts by adding additional information about the alert using the json information data that is on wazuh alerts dashboard? Like Agent IP, TargetUserName, Source IP and etc, windows Event ID, and etc
I have not yet done a deep dive on getting additional log details but that may certainly be in a future video. Thanks!
@@jowerstechsolutions Thanks Appreciate it. I'll be the first to watch it.
Nice Video. I am able to get the alerts in slack channel. But not sure how I can modify the template of the alert. So far I am just getting below details:
Monitor Successful sudo to ROOT executed. just entered alert status. Please investigate the issue.
- Trigger: Sudo command executed
- Severity: 1
- Period start: 2022-07-25T11:16:19.208Z
- Period end: 2022-07-25T11:31:19.208Z
How I can add more fields like Agent Name, user details etc?
Modifying the template is beyond the scope at the moment but it may be something we can do in the future. Thanks!
Hola buenas se puede personalizar el nivel? para que solo alerte por ejemplo por el nivel 10?
You can set alerts at certain levels within Wazuh, not sure about specific levels going to Slack alerts.
I am doing the same but I am not receiving any alerts
Where do you think you're getting stuck at?
hey cool channel, I have a question that may seem silly but I don't want to break anything, I want to configure the manager for email alerts but i dont know what i have to put in mail.test.com .. I don't know what to put, the server's ip? with: 5601?
Hi Lautaro!
An SMTP server is an application that's primary purpose is to send, receive, and/or relay outgoing mail between email senders and receivers.
ie: Gmail's SMTP server address is smtp.gmail.com
if your destination account is a gmail account, you can try
smtp.gmail.com
And after changed it restart the server.
For Systemd:
# systemctl restart wazuh-manager
For SysV Init:
# service wazuh-manager restart
also you can find extra information in following link:
documentation.wazuh.com/current/user-manual/manager/manual-email-report/index.html?highlight=email
Let me know if that works! Regards!
Thank you for the reference Christian!