T-Guard Official Documentation
  • Introduction
    • About T-Guard
    • Architecture
  • Installation
    • Prerequisites
    • Installation Steps
    • Integration Steps
    • Use Case
  • User Manual
    • Wazuh (SIEM)
      • Accessing Wazuh Dashboard
      • Deploying Wazuh Agents
      • Wazuh Fields Description
      • Decoders and Rulers
      • Threat Detection and Response
    • DFIR-IRIS
      • DFIR-IRIS (Digital Forensic Incident Response - IRIS)
      • Accessing DFIR-IRIS Dashboard
      • Using IRIS
  • Demo Testing
    • Brute-force Attacks
    • Malware Detection
    • File Integrity Monitoring
Powered by GitBook
On this page
  1. User Manual
  2. Wazuh (SIEM)

Wazuh Fields Description

Here is the overview description of what these log fields mean in Wazuh agent dashboard:

Fields

Description

@timestamp

The specific date and time the log entry was made

agent.id

The unique identifier of the Wazuh agent that sent the log.

agent.ip

The IP address of the Wazuh agent.

agent.name

The name of the agent, presumably the hostname.

full_log

The complete log entry, the example above indicates a PHP warning about a module being already loaded.

location

The location on the filesystem where the log originated, typically a path to a log file.

manager.name

The name of the manager (or server) handling this log.

predecoder.program_name

The name of the program that generated the log.

predecoder.hostname

The hostname where the event was pre decoded.

rule.*

All fields regarding the rule that triggers this alert. The severity of the violated rule is also provided in rule.level

PreviousDeploying Wazuh AgentsNextDecoders and Rulers

Last updated 1 year ago