DFIR IRIS Module Wazuh Indexer - socarium/makarasoc GitHub Wiki

DFIR-IRIS Module Wazuh Indexer

Use the Wazuh-Indexer module to quickly search your logs with Wazuh-Indexer module to spot IoCs. This module is designed to help SOC analysts quickly spot any other endpoints that have the same IoCs associated with their ingested events.

  1. Select DFIR IRIS Module Wazuh Indexer.

  1. Once deployment finish, Access DFIR-IRIS from your Browser App.

Note: ignore error messages.

  1. Open the DFIR-IRIS via Browser App.

  2. Navigate to Advanced -> Modules.

  1. Add a new module.

  1. Input the Module name: iris_wazuhindexer_module

  1. Select Validate module.

  1. Configure the module with Wazuh index environment.

  1. You can check the credential from Wazuh docker file.
nano wazuh-docker/single-node/docker-compose.yml

  1. Select enable module.