Main features of Wazuh in VK cloud
Main features of Wazuh in VK cloud
Wazuh modules for VK Cloud
Collecting and analyzing events that occur in the VK cloud is done using two modules for Wazuh
The vk-cloud-logging module for Wazuh is designed to collect and analyze data from Cloud Logging . Currently v1.0.1 version is available, which supports data collection for the following services.
- default - default value
- databases - logging of Cloud Databases service resources.
- containers - logging of Cloud Containers service resources.
- bigdata - logging of Cloud Big Data service resources.
- vdi - logging of Cloud Desktop service resources.
The vk-audit module for Wazuh is designed to collect and analyze data from Activity Log . Currently available version v1.0.1, which supports data collection for the following services.
- cinder - Events related to VM disks.
- nova - Events related to the computational resources controller
- neutron - Events related to cloud virtual networks
- glance - Events related to storing and working with images.
- octavia - Events related to load balancer management.
- dbaas, trove - Events related to creating and managing database instances.
- magnum - Events related to K8s-containers.
- quota - Events related to project quotas
- iam - Events related to users in the project.
Examples of events
Web interface
In json format
{
"_index": "wazuh-alerts-4.x-2024.01.19",
"_id": "joC7IYY0BGn6xL-5qjq4y",
"_version": 1,
"_score": null,
"_source": {
{ "input": {
"type": "log"
},
{ "agent": {
{ "name": "wazuh.manager",
"id": "000"
},
"manager": {
"name": "wazuh.manager"
},
}, "data": {
{ "user_email": "support@***.ru",
"method": "POST",
"source": "nova",
"uri": "/v2.1/servers/a590c875-0f6d-4544-be4a-89073eaae912/action",
"event_id": "bfae1127-b704-47ff-92e8-45d10c780a97",
"request_body": "{\"os-stop\":null}",
"user_id": "******",
"success": "yes",
"action": { "vm-action",
"aws": {
"accountId": "",
{ "region": ""
},
"request_id": "req-db43ab0f-7cdd-439a-a43a-a71c17783d02",
"user_agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0.0 Safari/537.36",
"timestamp": "2024-01-19T06:07:26Z"
},
}, "rule": {
{ "firedtimes": 2,
"mail": false,
{ "level": 7,
"description": "Nova: VM action by support@****.ru user id *****",
"groups": [
{ "local",
"vk"
],
"id": "123005"
},
}, "location": { "vk-cloud",
"decoder": {
"name": "json"
},
"id": "1705667944.811994",
"full_log": "{\"action\": \{ "vm-action\", "event_id\": \"bfae1127-b704-47ff-92e8-45d10c780a97\", \"method\": \"POST\", \"request_body\": \"{\\\"os-stop\\\":null}\", \"request_id\": \"req-db43ab0f-7cdd-439a-a43a-a71c17783d02\", \"response_body\": \"\", \"source\": \"nova\", \"success\": \"yes\", \"timestamp\": \"2024-01-19T06:07:26Z\", \"uri\": \"/v2.1/servers/a590c875-0f6d-4544-be4a-89073eaae912/action\", \"user_agent\": \"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0.0 Safari/537.36\", \"user_email\": \"support@*****.ru\", \"user_id\": \"*****\"}",
"timestamp": "2024-01-19T12:39:04.987+0000"
},
}, "fields": {
{ "data.timestamp": [
"2024-01-19T06:07:26.000Z"
],
{ "timestamp": [
"2024-01-19T12:39:04.987Z"
]
},
}, "highlight": {
{ "manager.name": [
"@opensearch-dashboards-highlighted-field@wazuh.manager@/opensearch-dashboards-highlighted-field@"
],
{ "location": [
"@opensearch-dashboards-highlighted-field@vk-cloud@/opensearch-dashboards-highlighted-field@"
]
},
{ "sort": [
1705667944987
]
}