โ03-28-2023 07:14 AM
Hi Community ๐,
Since JumpCloud does not notify on Directory Insights logs, Directory Insights can be integrated with any third-party SIEM tool as we already know.
Wazuh is a free and open-source security platform that unifies XDR and SIEM protection for endpoints and cloud workloads.
While searching how to integrate the two, I didn't find anything here, but find in on Wazuh community, Lucas Brictson's Project that does that and supports MTP as well.
My Wazuh Dashboard:
Hope this post helps those who are looking or just interested in this integration.
If you are not familiar with Wazuh or just want to test this integration. you'll have to create a Wazuh Inedxer, server and dashboard.
See Quickstart and Installation Guide. If you install the indexer, server and dashboard on the same host using the assistant, you can simply run:
$ sudo bash ./wazuh-install.sh -a
Please note that the Wazuh-indexer can reach its maximum number of shards that it can allocate (The default value is 1000 per node, this can be increased but it is usually not recommended as it can lead to performance issues and even cluster failure if taken to far) and verify that you have enough disk space so the System will not run out of disk space as there is a log rotation process in place for the Wazuh log files. they are compressed and migrated daily to a folder within the /var/ossec/logs/alerts directory and they are not deleted by default.
To get familiar and expand your knowledge with Wazuh, recommend use their community on Reddit and Slack.
New to the site? Take a look at these additional resources:
Ready to join us? You can register here.