From c9c46209885e6758451d75e5d90ea23490db7c43 Mon Sep 17 00:00:00 2001 From: Toni de la Fuente Date: Thu, 13 Dec 2018 18:14:31 +0100 Subject: [PATCH] format fix --- integrations/wazuh/README.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/integrations/wazuh/README.md b/integrations/wazuh/README.md index 1be73417..817facdd 100644 --- a/integrations/wazuh/README.md +++ b/integrations/wazuh/README.md @@ -12,7 +12,7 @@ ## Description -Prowler integration with WAZUH using a python wrapper. Due to the wrapper limitations, this integration can be considered as a proof of concept at this time. +Prowler integration with WAZUH using a python wrapper. Due to the wrapper limitations, this integration can be considered as a proof of concept at this time. ## Features @@ -55,7 +55,7 @@ cp /var/ossec/integrations/prowler/integrations/prowler_rules.xml /var/ossec/etc ``` Edit `/var/ossec/etc/ossec.conf` and add the following wodle configuration. Remember that here `timeout 21600 seconds` is 6 hours, just to allow Prowler runs completely in case of a large account. The interval recommended is 1d: -``` +```xml no aws-prowler: account1 @@ -87,7 +87,7 @@ Adjust the level range to what alerts you want to include, as alerts, Elastic Se To make sure rules are working fine, run `/var/ossec/bin/ossec-logtest` and copy/paste this sample JSON: -``` +```json {"prowler":{"Timestamp":"2018-11-29T03:15:50Z","Region":"us-east-1","Profile":"default","Account Number”:”1234567890”,”Control":"[check34] Ensure a log metric filter and alarm exist for IAM policy changes (Scored)","Message":"No CloudWatch group found for CloudTrail events","Status":"Fail","Scored":"Scored","Level":"Level 1","Control ID":"3.4"}, "integration": "prowler"} ``` You must see 3 phases goin on.