opencti-wazuh-connector
Introduction
Architecture
Installation
Configuration
Usage
Troubleshooting
FAQ
Changelog and roadmap
Support and community
Licence and legal information
Development
Indices and glossary
Index
Module Index
Glossary
opencti-wazuh-connector
Index
Edit on GitHub
Index
A
|
B
|
C
|
D
|
E
|
F
|
G
|
H
|
I
|
J
|
L
|
M
|
N
|
O
|
P
|
Q
|
R
|
S
|
T
|
U
|
V
|
W
A
Account (EnrichmentConfig.EntityType attribute)
account_login (AccountMeta attribute)
agents_as_systems (Config attribute)
Alert
Alert rule ID
Alert rule level
allof_nonempty() (in module wazuh.utils)
AllowRegexp (DirSearchOption attribute)
(FileSearchOption attribute)
(RegKeySearchOption attribute)
API
app_url (Config attribute)
AttackPattern (EnrichmentConfig.EntityType attribute)
author_name (Config attribute)
auto (ConnectorConfig attribute)
AWS
B
BasenameOnly (FileSearchOption attribute)
boost (Exists attribute)
(Range attribute)
(Term attribute)
bundle_abort_limit (Config attribute)
C
case_insensitive (Term attribute)
CaseInsensitive (DirSearchOption attribute)
(FileSearchOption attribute)
(ProcessSearchOption attribute)
(RegKeySearchOption attribute)
comma_string_to_set() (in module wazuh.utils)
command_line (ProcessMeta attribute)
common_prefix_string() (in module wazuh.utils)
common_properties (StixHelper attribute)
compare_field() (in module wazuh.utils)
config (Enricher attribute)
Config.AlertRuleSeverity (class in wazuh.config)
Config.IncidentCreateMode (class in wazuh.config)
connector (Config attribute)
ConnectorType (class in wazuh.connector_config)
create_account_from_username() (StixHelper method)
create_addr_sco() (StixHelper method)
create_agent_hostname_observable (Config attribute)
create_agent_ip_observable (Config attribute)
create_enrichment_obs_from_search() (Enricher method)
create_enrichment_obs_from_search_context() (Enricher method)
create_file() (StixHelper method)
create_if() (in module wazuh.utils)
create_incident (Config attribute)
create_incident_response (Config attribute)
create_incident_summary (Config attribute)
create_incident_threshold (Config attribute)
create_obs_sightings (Config attribute)
create_process() (Enricher method)
create_sco() (StixHelper method)
create_sighting_summary (Config attribute)
create_tool() (StixHelper method)
creator (ProcessMeta attribute)
Critical (Config.AlertRuleSeverity attribute)
CTI
CVSS3
cvss3_score_to_severity() (in module wazuh.utils)
cvss3_severity_to_score() (in module wazuh.utils)
cwd (ProcessMeta attribute)
D
datetime_string() (in module wazuh.utils)
Debug (LogLevel attribute)
del_key() (in module wazuh.utils)
dict_member_list_first_or_remove() (in module wazuh.utils)
Directory (EnrichmentConfig.EntityType attribute)
dirsearch_options (SearchConfig attribute)
DirSearchOption (class in wazuh.search_config)
docker
Domain (EnrichmentConfig.EntityType attribute)
DSL
E
EMailAddr (EnrichmentConfig.EntityType attribute)
enrich (Config attribute)
enrich_accounts() (Enricher method)
enrich_addrs() (Enricher method)
enrich_dirs() (Enricher method)
enrich_domains() (Enricher method)
enrich_email_addrs() (Enricher method)
enrich_files() (Enricher method)
enrich_incident() (Enricher method)
enrich_incident_mitre() (Enricher method)
enrich_incident_tool() (Enricher method)
enrich_labels (Config attribute)
enrich_macs() (Enricher method)
enrich_processes() (Enricher method)
enrich_processes_auditd() (Enricher method)
enrich_processes_sysmon() (Enricher method)
enrich_reg_keys() (Enricher method)
enrich_software() (Enricher method)
enrich_traffic() (Enricher method)
enrich_urls() (Enricher method)
enrich_urls_without_host (EnrichmentConfig attribute)
enrich_user_agents() (Enricher method)
enrich_vulnerabilities() (Enricher method)
Enrichment
EnrichmentConfig.EntityType (class in wazuh.enrich_config)
entity_name_value() (in module wazuh.stix_helper)
entity_value() (in module wazuh.stix_helper)
entity_values() (in module wazuh.stix_helper)
Error (LogLevel attribute)
escape_lucene_regex() (in module wazuh.utils)
escape_path() (in module wazuh.utils)
exclude_match (OpenSearchConfig attribute)
extract_field() (in module wazuh.utils)
extract_fields() (in module wazuh.utils)
F
fetch_tools() (Enricher method)
field (Exists attribute)
(Match attribute)
(OrderBy attribute)
(Range attribute)
(Term attribute)
field_as_list() (in module wazuh.utils)
field_compare() (in module wazuh.utils)
field_json() (OpenSearchConfig method)
field_or_default() (in module wazuh.utils)
field_or_empty() (in module wazuh.utils)
fields (MultiMatch attribute)
File (EnrichmentConfig.EntityType attribute)
filename (FileMeta attribute)
filename_behaviour (EnrichmentConfig attribute)
(StixHelper attribute)
filesearch_options (SearchConfig attribute)
FileSearchOption (class in wazuh.search_config)
filter (Bool attribute)
(OpenSearchConfig attribute)
filter_truthy() (in module wazuh.utils)
FIM
find_hashes() (in module wazuh.stix_helper)
first_field() (in module wazuh.utils)
first_of() (in module wazuh.utils)
first_or_empty() (in module wazuh.utils)
first_or_none() (in module wazuh.utils)
float_or_none() (in module wazuh.utils)
from_env() (Config class method)
G
GCP
GDPR
get_path_sep() (in module wazuh.utils)
gt (Range attribute)
gte (Range attribute)
H
has() (in module wazuh.utils)
has_any() (in module wazuh.utils)
has_atleast() (in module wazuh.utils)
helper (Enricher attribute)
High (Config.AlertRuleSeverity attribute)
hits_abort_limit (Config attribute)
hive
I
id (ConnectorConfig attribute)
ignore_own_entities (Config attribute)
ignore_private_addrs (SearchConfig attribute)
ignore_revoked_indicators (Config attribute)
IgnoreSID (RegKeySearchOption attribute)
IgnoreTrailingSlash (DirSearchOption attribute)
(RegKeySearchOption attribute)
image (ProcessMeta attribute)
in_str_list() (in module wazuh.utils)
incident_entity_relation_type() (in module wazuh.stix_helper)
incident_rule_exclude_list (Config attribute)
include_match (OpenSearchConfig attribute)
IncludeParentDirRef (FileSearchOption attribute)
IncludeRegValues (FileSearchOption attribute)
index (OpenSearchConfig attribute)
indicator_score_threshold (Config attribute)
Info (LogLevel attribute)
InternalEnrichment (ConnectorType attribute)
IoC
ip_proto() (in module wazuh.utils)
ip_protos() (in module wazuh.utils)
IPv4Address (EnrichmentConfig.EntityType attribute)
IPv6Address (EnrichmentConfig.EntityType attribute)
is_enum_set() (in module wazuh.utils)
is_registry_path() (in module wazuh.utils)
J
join_values() (in module wazuh.utils)
L
label_ignore_list (Config attribute)
limit (OpenSearchConfig attribute)
list_or_empty() (in module wazuh.utils)
listify() (in module wazuh.utils)
lists_or_empty() (in module wazuh.utils)
log_level (ConnectorConfig attribute)
LogLevel (class in wazuh.connector_config)
lookup_agent_ip (SearchConfig attribute)
lookup_agent_name (SearchConfig attribute)
lookup_hostnames_in_cmd_line (SearchConfig attribute)
lookup_mac_variants (SearchConfig attribute)
lookup_url_ignore_trailing_slash (SearchConfig attribute)
lookup_url_without_host (SearchConfig attribute)
Low (Config.AlertRuleSeverity attribute)
lt (Range attribute)
lte (Range attribute)
M
MAC (EnrichmentConfig.EntityType attribute)
mac_permutations() (in module wazuh.utils)
Marking definition
MatchSubdirs (DirSearchOption attribute)
(RegKeySearchOption attribute)
max_extrefs (Config attribute)
max_extrefs_per_alert_rule (Config attribute)
max_notes (Config attribute)
max_notes_per_alert_rule (Config attribute)
max_severity() (in module wazuh.utils)
max_tlp (Config attribute)
Medium (Config.AlertRuleSeverity attribute)
merge_into() (in module wazuh.utils)
merge_outof() (in module wazuh.utils)
minimum_should_match (Bool attribute)
module
wazuh.config
wazuh.connector_config
wazuh.enrich
wazuh.opencti_config
wazuh.opensearch
wazuh.opensearch_config
wazuh.opensearch_dsl
wazuh.search_config
wazuh.stix_helper
wazuh.utils
must (Bool attribute)
(wazuh.utils.verify_url parameter)
must_not (Bool attribute)
(wazuh.utils.verify_url parameter)
N
name (ConnectorConfig attribute)
nested_objs (SCOBundle attribute)
NetworkTraffic (EnrichmentConfig.EntityType attribute)
Never (Config.IncidentCreateMode attribute)
non_none() (in module wazuh.utils)
none_unless_threshold() (in module wazuh.utils)
normalise_mac() (in module wazuh.utils)
NormaliseBackslashes (DirSearchOption attribute)
O
objects() (SCOBundle method)
oneof() (in module wazuh.utils)
oneof_nonempty() (in module wazuh.utils)
opencti (Config attribute)
OpenSearch
opensearch (Config attribute)
OpenSearchClient (class in wazuh.opensearch)
OpenSearchClient.ConnectionError
OpenSearchClient.ParseError
OpenSearchClient.QueryError
OpenSearchClient.SearchError
order (OrderBy attribute)
order_by (OpenSearchConfig attribute)
P
parent (ProcessMeta attribute)
parse_behaviour_string() (StixHelper class method)
parse_human_datetime() (in module wazuh.utils)
parse_order() (OrderBy class method)
parse_sha256() (in module wazuh.utils)
password (OpenSearchConfig attribute)
PerAlert (Config.IncidentCreateMode attribute)
PerAlertRule (Config.IncidentCreateMode attribute)
PerQuery (Config.IncidentCreateMode attribute)
PerSighting (Config.IncidentCreateMode attribute)
pid (ProcessMeta attribute)
priority_from_severity() (in module wazuh.utils)
Process (EnrichmentConfig.EntityType attribute)
ProcessSearchOption (class in wazuh.search_config)
procsearch_options (SearchConfig attribute)
Q
query (Match attribute)
(MultiMatch attribute)
(Query attribute)
R
raises() (in module wazuh.utils)
re_search_or_none() (in module wazuh.utils)
reg_key_regexp() (in module wazuh.utils)
regex_transform_keys() (in module wazuh.utils)
RegistryKey (EnrichmentConfig.EntityType attribute)
regkeysearch_options (SearchConfig attribute)
RegKeySearchOption (class in wazuh.search_config)
remove_empties() (in module wazuh.utils)
remove_host_from_uri() (in module wazuh.utils)
remove_nones() (in module wazuh.utils)
remove_reg_paths() (in module wazuh.utils)
remove_unref_objs() (in module wazuh.stix_helper)
require_indicator_detection (Config attribute)
require_indicator_for_incidents (Config attribute)
require_something() (Bool method)
(Range method)
RequireAbsPath (DirSearchOption attribute)
(FileSearchOption attribute)
(RegKeySearchOption attribute)
rule_exclude_list (Config attribute)
rule_level_to_severity() (in module wazuh.utils)
S
SafeProxy (class in wazuh.utils)
SCO
sco (SCOBundle attribute)
sco_labels (StixHelper attribute)
scope (ConnectorConfig attribute)
SDO
search (Config attribute)
search_after (OpenSearchConfig attribute)
search_field() (in module wazuh.utils)
search_fields() (in module wazuh.utils)
search_in_object() (in module wazuh.utils)
search_in_object_multi() (in module wazuh.utils)
search_match() (OpenSearchClient method)
SearchAdditionalFilenames (FileSearchOption attribute)
SearchFilenameOnly (FileSearchOption attribute)
SearchFilenames (DirSearchOption attribute)
SearchHiveAliases (RegKeySearchOption attribute)
SearchNameAndHash (FileSearchOption attribute)
SearchSize (FileSearchOption attribute)
serialise() (Bool method)
(Exists method)
(Match method)
(MultiMatch method)
(OrderBy method)
(Range method)
(Term method)
severity_to_int() (in module wazuh.utils)
sha256 (FileMeta attribute)
should (Bool attribute)
SID
SIEM
simplify_field_names() (in module wazuh.utils)
size (Query attribute)
SOC
Software (EnrichmentConfig.EntityType attribute)
software_ref_from_vuln_alert() (Enricher method)
sort (Query attribute)
SortOrder (class in wazuh.opensearch_dsl)
SRO
ssl_verify (OpenCTIConfig attribute)
STIX
stix (Enricher attribute)
SupportedEntity (class in wazuh.connector_config)
system_name (Config attribute)
T
throw (wazuh.utils.verify_url parameter)
timeout (OpenSearchConfig attribute)
TLP
tlp_allowed() (in module wazuh.stix_helper)
tlp_marking_from_string() (in module wazuh.stix_helper)
tlps (Config attribute)
token (OpenCTIConfig attribute)
Tool (EnrichmentConfig.EntityType attribute)
tools (Enricher attribute)
truthy() (in module wazuh.utils)
TTP
type (ConnectorConfig attribute)
types (EnrichmentConfig attribute)
U
URL (EnrichmentConfig.EntityType attribute)
url (OpenCTIConfig attribute)
(OpenSearchConfig attribute)
(wazuh.utils.verify_url parameter)
user_id (AccountMeta attribute)
UserAgent (EnrichmentConfig.EntityType attribute)
username (OpenSearchConfig attribute)
UUID
V
validate_mac() (in module wazuh.utils)
validate_stix_id() (in module wazuh.stix_helper)
value (Term attribute)
verify_tls (OpenSearchConfig attribute)
verify_url() (in module wazuh.utils)
Vulnerability (EnrichmentConfig.EntityType attribute)
vulnerability_incident_active_only (Config attribute)
vulnerability_incident_cvss3_score_threshold (Config attribute)
W
Warning (LogLevel attribute)
Wazuh
wazuh.config
module
wazuh.connector_config
module
wazuh.enrich
module
wazuh.opencti_config
module
wazuh.opensearch
module
wazuh.opensearch_config
module
wazuh.opensearch_dsl
module
wazuh.search_config
module
wazuh.stix_helper
module
wazuh.utils
module