Skip to content
/ Wazuh-Stormshield Public template

Wazuh custom decoder and ruleset for Stormshield firewall integration.

2 stars 1 fork Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

FryggFR/Wazuh-Stormshield

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

49 Commits
README.md
README.md
 
 
gplv3.txt
gplv3.txt
 
 
stormshield_decoder.xml
stormshield_decoder.xml
 
 
stormshield_rules.xml
stormshield_rules.xml
 
 

Repository files navigation

Wazuh

Simple Wazuh decoder and rules for Stormshield firewall.

You need to redirect syslog to your Wazuh server

How to use 🛠️

  1. Copy stormshield_rules.xml in /var/ossec/etc/rules
  2. Copy stormshield_decoder.xml in /var/ossec/etc/decoders
  3. Dont forget to chmod/chown ! (chmod 660 and chown wazuh:wazuh)
  4. Configure your manager to accept theses log using remote
<remote>
  <connection>syslog</connection>
  <port>514</port>
  <protocol>tcp,udp</protocol>
  <allowed-ips>192.168.1.0/24</allowed-ips>
</remote>
  1. Restart wazuh-manager

That all.

Enjoy :)

About

Wazuh custom decoder and ruleset for Stormshield firewall integration.

Resources

Readme
Activity

Stars

2 stars

Watchers

1 watching

Forks

1 fork
Report repository

Releases

No releases published

Packages

No packages published