Identification

OSSEC - Wazuh - SIEM Integration

Security information and event management (SIEM) is a software product that combines services security information management (SIM) and security event management (SEM). They provide real-time analysis of security alerts generated by applications and network hardware, they are also used to log security data and generate reports for compliance purposes

The bacula-enterprise-wazuh-rules package contains a log decoder and and a set of rules to integrate Bacula into the Wazuh SIEM software. (https://wazuh.com).

Wazuh is based on OSSEC and is used to collect, aggregate, index and analyze security data, helping organizations detect intrusions, threats and behavioral anomalies.

The integration of the Bacula server with the Wazuh console can be done via syslog or via the Wazuh agent.

The syslog configuration can be done via the rsyslog package with a configuration such as:

# cat /etc/rsyslog.d/bacula.conf daemon.* @wazuhserver

The bacula-enterprise-wazuh-rules package that contains the Wazuh rules must be installed on the Wazuh server.

See also

Go back to:

• Protection

Go to:

• Detection

• Recovery

Go back to the Bacula Enterprise Security and Threat Analysis chapter.