Description
The Wazuh platform is up and fully running on AWS, and the fundamental agent connections and macOS compliance modules have been successfully enabled. To fully utilize Wazuh's capabilities, this task involves properly configuring the rules and alerts system. Implementing a well-tuned ruleset and alerting mechanism is critical to ensure that meaningful security events are accurately detected and escalated to the team, while simultaneously minimizing alert fatigue and noise from false positives.
Scope
Included:
- Tuning and configuring the default Wazuh rulesets to match the current infrastructure needs.
- Creating custom rules for specific critical applications, infrastructure components, or custom log sources.
- Configuring alert thresholds and integration with communication channels (e.g., Slack, email, or other incident management tools).
- Validating that alerts are properly categorized by severity and correctly populate the dashboard.
Out of Scope:
- Agent deployments and OS compliance module configuration (already completed).
- Advanced Threat Detection, Continuous Audit, automatic reporting, and overall Dashboard Hardening (these belong to separate tasks).
Acceptance Criteria
Additional Notes
Description
The Wazuh platform is up and fully running on AWS, and the fundamental agent connections and macOS compliance modules have been successfully enabled. To fully utilize Wazuh's capabilities, this task involves properly configuring the rules and alerts system. Implementing a well-tuned ruleset and alerting mechanism is critical to ensure that meaningful security events are accurately detected and escalated to the team, while simultaneously minimizing alert fatigue and noise from false positives.
Scope
Included:
Out of Scope:
Acceptance Criteria
Additional Notes