T-Guard Official Documentation

Introduction
- About T-Guard
- Architecture
Installation
- Prerequisites
- Installation Steps
User Manual
- Wazuh (SIEM)
  Accessing Wazuh Dashboard
  Deploying Wazuh Agents
  Wazuh Fields Description
  Decoders and Rulers
  Threat Detection and Response
- DFIR-IRIS
  DFIR-IRIS (Digital Forensic Incident Response - IRIS)
  Accessing DFIR-IRIS Dashboard
  Using IRIS
Demo Testing

Powered by GitBook

On this page

Wazuh Fields Description

PreviousDeploying Wazuh Agents NextDecoders and Rulers

Last updated 8 months ago

Here is the overview description of what these log fields mean in Wazuh agent dashboard:

Fields

Description

@timestamp

The specific date and time the log entry was made

agent.id

The unique identifier of the Wazuh agent that sent the log.

agent.ip

The IP address of the Wazuh agent.

agent.name

The name of the agent, presumably the hostname.

full_log

The complete log entry, the example above indicates a PHP warning about a module being already loaded.

location

The location on the filesystem where the log originated, typically a path to a log file.

manager.name

The name of the manager (or server) handling this log.

predecoder.program_name

The name of the program that generated the log.

predecoder.hostname

The hostname where the event was pre decoded.

rule.*

All fields regarding the rule that triggers this alert. The severity of the violated rule is also provided in rule.level