Wiser Agent Clause Samples

Wiser Agent. Update system and install dependencies: yum -y update yum -y install epel-release Install Wiser Agent from provided RPM package (package versions might be different) yum install wiser-agent-0.0.1-2.x86_64.rpm Enable and start the Wiser Agent systemctl enable wiser-agent systemctl start wiser-agent Wiser Agent log can be checked with less /var/log/wiser/agent.log FSP package, location specific Install provided FSP package, specific for your location yum install wiser-fsp-certs-%COMPANY_NAME%.rpm This package installs authentication certificates for Wiser Agent, certificates for Syslog and configures Syslog for remote log collection over TCP/TLS and UDP. Syslog remote log collection is needed for integration of Wiser Agent with sensors (Ossec, Cowrie). In order to enable the reception of events from sensors running in separate VMs using secure rsyslog, the following lines need to be present at the end of the /etc/rsyslog.conf file. $DefaultNetstreamDriverCAFile /etc/ssl/certs/ca.crt $DefaultNetstreamDriverCertFile /etc/ssl/certs/rsyslog-server.cyberwiser.eu.crt $DefaultNetstreamDriverKeyFile /etc/ssl/certs/nopass-rsyslog-server.cyberwiser.eu.key $DefaultNetstreamDriver gtls $InputTCPServerStreamDriverAuthMode x509/name $InputTCPServerStreamDriverPermittedPeer ▇▇▇▇▇▇-▇▇▇▇▇▇▇.▇▇▇▇▇▇▇▇▇▇.▇▇ $InputTCPServerStreamDriverMode 1 if $syslogfacility-text == 'local1' then /var/log/snort/snort.alert $template WISER_Format, "%msg%\n" if $msg contains 'CCH REPORT:' then /var/log/wiser/dns_traffic_sensor.log;WISER_Format Besides, for the vulnerability scanner to successfully sends reports, ▇▇▇▇▇▇▇ has to be configured to accept long enough messages. The following line has to be included at the beginning of the file /etc/rsyslog.conf, before the $ModLoad directives: $MaxMessageSize 1m Check you have the correct information in the file /etc/ossim/agent/config.cfg in the section [plugin- defaults]. The data included in this section will be used to identify which WISER Agent is sending the events. In particular, you need to verify these parameters: