Description
Enable and configure automatic reporting in Wazuh for macOS devices within the organization. This task ensures that security events, compliance checks, and audit logs are automatically captured, formatted, and delivered to relevant stakeholders, supporting both continuous monitoring and compliance with ENS medium and ISO27001:2022 requirements.
Automatic reporting will provide visibility into system hardening, compliance status, vulnerabilities, and incident alerts, enabling proactive risk management and documentation for audits.
Value/Impact:
Reduces manual effort in monitoring and reporting security and compliance events.
Ensures timely delivery of compliance and security reports for ENS/ISO audits.
Provides continuous visibility into macOS endpoint security posture.
Dependencies / Blockers:
Wazuh-agent must be installed and correctly communicating with the manager.
MacOS compliance and hardening modules should be enabled prior to report configuration.
Rules and alerts should be set up to capture relevant events.
Scope
In Scope:
- Configuration of Wazuh automatic reporting for local macOS devices.
- Definition of report content including:
- Compliance status (ENS medium & ISO27001:2022 controls)
- Hardening checks
- Alerts and security events
- Vulnerability findings
- Scheduling automatic report generation and delivery via email or centralized repository.
- Template customization for clarity and audit readiness.
### Out of Scope:
- Configuration for non-macOS devices (Windows/Linux) at this stage.
- Integration with third-party reporting tools outside Wazuh.
- Full remediation of compliance or hardening issues (this is tracked in separate tasks).
Assumptions / Constraints:
- Devices are connected to the Wazuh manager with a secure channel.
- Email infrastructure or reporting storage is available and accessible.
- Reporting frequency and stakeholders are predefined.
Acceptance Criteria
Additional Notes
- Consider leveraging Wazuh reporting module (ossec-reportd) or API for custom report generation.
- Use predefined templates for ISO27001:2022 controls (Annex A) and ENS medium baseline.
- Ensure logs are retained and archived according to ISO27001:2022 and ENS audit requirements.
- Validate report delivery mechanism against organizational email security policies.
- Plan for future expansion to Windows/Linux endpoints once macOS reporting is stable.
Description
Enable and configure automatic reporting in Wazuh for macOS devices within the organization. This task ensures that security events, compliance checks, and audit logs are automatically captured, formatted, and delivered to relevant stakeholders, supporting both continuous monitoring and compliance with ENS medium and ISO27001:2022 requirements.
Automatic reporting will provide visibility into system hardening, compliance status, vulnerabilities, and incident alerts, enabling proactive risk management and documentation for audits.
Value/Impact:
Reduces manual effort in monitoring and reporting security and compliance events.
Ensures timely delivery of compliance and security reports for ENS/ISO audits.
Provides continuous visibility into macOS endpoint security posture.
Dependencies / Blockers:
Wazuh-agent must be installed and correctly communicating with the manager.
MacOS compliance and hardening modules should be enabled prior to report configuration.
Rules and alerts should be set up to capture relevant events.
Scope
In Scope:
### Out of Scope:
Assumptions / Constraints:
Acceptance Criteria
Additional Notes