Difference between revisions of "KHIKA User Guide"
Jump to navigation
Jump to search
(→Index) |
(→Index) |
||
| (41 intermediate revisions by 2 users not shown) | |||
| Line 1: | Line 1: | ||
== Index == | == Index == | ||
| + | [[Accessing the KHIKA Gui]] | ||
| + | :[[Accessing the KHIKA Gui#Login|Login]] | ||
| + | :[[Accessing the KHIKA Gui#Change the password|Change the password]] | ||
| + | :[[Accessing the KHIKA Gui#Creating a User Group|Creating a User Group]] | ||
| + | :[[Accessing the KHIKA Gui#Creating a Workspace|Creating a Workspace]] | ||
| + | :[[Accessing the KHIKA Gui#Creating a new User|Creating a new User]] | ||
| + | :[[Accessing the KHIKA Gui#Access Control in KHIKA|Access Control in KHIKA]] | ||
| + | [[Getting Data into KHIKA]] | ||
| + | :[[Getting Data into KHIKA#Introduction|Introduction]] | ||
| + | :[[Getting Data into KHIKA#Data Flow and Components in KHIKA|Data Flow and Components in KHIKA]] | ||
| + | :[[Load KHIKA App| Loading KHIKA Apps]] | ||
| + | :[[KHIKA Apps | KHIKA Apps]] | ||
| + | :[[Getting Data into KHIKA#Importing an Application|Importing an Application]] | ||
| + | :[[Getting Data into KHIKA#Exporting an Application|Exporting an Application]] | ||
| + | :[[Getting Data into KHIKA#Server monitoring in KHIKA using OSSEC|Server monitoring in KHIKA using OSSEC]] | ||
| + | ::[[Getting Data into KHIKA#Installing OSSEC Agent for Linux|Installing OSSEC Agent for Linux]] | ||
| + | ::[[Getting Data into KHIKA#Installing OSSEC Agent for Windows|Installing OSSEC Agent for Windows]] | ||
| + | ::[[Getting Data into KHIKA#Configuring OSSEC Adapter in KHIKA|Configuring OSSEC Adapter in KHIKA]] | ||
| + | ::[[Getting Data into KHIKA#Adding the device in the Adaptor|Adding the device in the Adaptor]] [https://drive.google.com/open?id=1fvO5XzJfXEykSllfR0qRPGwlH-FyqYgd (see video)] | ||
| + | ::[[Getting Data into KHIKA#Extract key from KHIKA OSSEC Server|Extract key from KHIKA OSSEC Server]] | ||
| + | ::[[Getting Data into KHIKA#Insert unique OSSEC key in Linux OSSEC Agent|Insert unique OSSEC key in Linux OSSEC Agent]] | ||
| + | ::[[Getting Data into KHIKA#Insert unique OSSEC key in Windows OSSEC Agent|Insert unique OSSEC key in Windows OSSEC Agent]] | ||
| + | ::[[Getting Data into KHIKA#Reload Configuration|Reload Configuration]] | ||
| + | ::[[Getting Data into KHIKA#Verifying OSSEC data collection|Verifying OSSEC data collection]] | ||
| + | ::[[Getting Data into KHIKA#Troubleshooting|Troubleshooting]] | ||
| + | :[[Getting Data into KHIKA#Monitoring in KHIKA using Syslog forwarding|Monitoring in KHIKA using Syslog forwarding]] | ||
| − | [[ | + | [[Discover or Search Data in KHIKA]] |
| + | :[[Discover or Search Data in KHIKA#Introduction|Introduction]] | ||
| + | :[[Discover or Search Data in KHIKA#Index Pattern|Index Pattern]] | ||
| + | :[[Discover or Search Data in KHIKA#Setting the Time Filter|Setting the Time Filter]] | ||
| + | :[[Discover or Search Data in KHIKA#Searching Your Data|Searching Your Data]] | ||
| + | :[[Discover or Search Data in KHIKA#Lucene Query Syntax|Lucene Query Syntax]] | ||
| + | :[[Discover or Search Data in KHIKA#Saving and Opening Searches|Saving and Opening Searches]] | ||
| + | :[[Discover or Search Data in KHIKA#Changing the Index|Changing the Index]] | ||
| + | :[[Discover or Search Data in KHIKA#Refreshing the Search Results|Refreshing the Search Results]] | ||
| + | :[[Discover or Search Data in KHIKA#Filtering by Field|Filtering by Field]] | ||
| + | :[[Discover or Search Data in KHIKA#Managing Filters|Managing Filters]] | ||
| + | :[[Discover or Search Data in KHIKA#Viewing Document Data|Viewing Document Data]] | ||
| − | + | [[KHIKA Visualizations]] | |
| − | + | :[[KHIKA Visualizations#What is a KHIKA Visualization?|What is a KHIKA Visualization?]] | |
| − | + | :[[KHIKA Visualizations#Creating a Visualization|Creating a Visualization]] | |
| − | + | :[[KHIKA Visualizations#Examples of Visualization|Examples of Visualization]] | |
| − | + | ::[[KHIKA Visualizations#Area Chart|Area Chart]] | |
| − | + | ::[[KHIKA Visualizations#Heat Map|Heat Map]] | |
| + | ::[[KHIKA Visualizations#Horizontal and Vertical Bar Chart|Horizontal and Vertical Bar Chart]] | ||
| + | ::[[KHIKA Visualizations#Line chart|Line chart]] | ||
| + | ::[[KHIKA Visualizations#Pie Chart|Pie Chart]] | ||
| + | ::[[KHIKA Visualizations#Data Table|Data Table]] | ||
| + | ::[[KHIKA Visualizations#Gauge|Gauge]] | ||
| + | ::[[KHIKA Visualizations#Goal|Goal]] | ||
| + | ::[[KHIKA Visualizations#Metric|Metric]] | ||
| + | [[KHIKA Dashboards]] | ||
| + | :[[KHIKA Dashboards#Introduction|Introduction]] | ||
| + | :[[KHIKA Dashboards#Creating a Dashboard|Creating a Dashboard]] | ||
| + | :[[KHIKA Dashboards#Editing Elements on a Dashboard|Editing Elements on a Dashboard]] | ||
| + | :[[KHIKA Dashboards#Viewing Visualization data on Dashboard|Viewing Visualization data on Dashboard]] | ||
| + | :[[KHIKA Dashboards#Searching / Filtering data on the dashboard|Searching / Filtering data on the dashboard]] | ||
| + | ::[[KHIKA Dashboards#Steps for Adding a Filter on a Dashboard|Steps for Adding a Filter on a Dashboard]] | ||
| + | ::[[KHIKA Dashboards#Steps to Search and Save on a Dashboard|Steps to Search and Save on a Dashboard]] | ||
| − | [[ | + | [[KHIKA Reports]] |
| + | :[[KHIKA Reports#Introduction|Introduction]] | ||
| + | :[[KHIKA Reports#Adding a Report|Adding a Report]] | ||
| + | :[[KHIKA Reports#Scheduling Reports|Scheduling Reports]] | ||
| + | :[[KHIKA Reports#Generating KHIKA Report Manually|Generating KHIKA Report Manually]] | ||
| + | :[[KHIKA Reports#Report History|Report History]] | ||
| + | :[[KHIKA Reports#Downloading a Report|Downloading a Report]] | ||
| − | + | [[KHIKA Alerts & Correlations]] | |
| − | + | :[[KHIKA Alerts & Correlations#Introduction|Introduction]] | |
| − | + | :[[KHIKA Alerts & Correlations#Alert Dashboard|Alert Dashboard]] | |
| − | + | :[[KHIKA Alerts & Correlations#Creating your own Alerts in KHIKA|Creating your own Alerts in KHIKA]] | |
| − | + | ::[[KHIKA Alerts & Correlations#Before creating an alert :|Before creating an alert :]] | |
| − | + | ::[[KHIKA Alerts & Correlations#Creating a Simple Alert: Logon Failure on Windows|Creating a Simple Alert: Logon Failure on Windows]] | |
| − | + | ::[[KHIKA Alerts & Correlations#Slightly Advanced Alert: Multiple Logon failure on Windows for the same user|Slightly Advanced Alert: Multiple Logon failure on Windows for the same user]] | |
| + | ::[[KHIKA Alerts & Correlations#More Advanced Alert: 10 or more unique network connections for a windows host within 1 minute|More Advanced Alert: 10 or more unique network connections for a windows host within 1 minute]] | ||
| + | ::[[KHIKA Alerts & Correlations#Advanced Alert: A successful brute-force attack|Advanced Alert: A successful brute-force attack]] | ||
| + | :[[KHIKA Alerts & Correlations#Alert emails for Stakeholders|Alert emails for Stakeholders]] | ||
| − | + | [[Working with KHIKA Adapters]] | |
| + | :[[Working with KHIKA Adapters#Introduction|Introduction]] | ||
| + | :[[Working with KHIKA Adapters#Adding Adapters|Adding Adapters]] | ||
| + | :[[Working with KHIKA Adapters#Searching Adapters|Searching Adapters]] | ||
| + | :[[Working with KHIKA Adapters#Assigning Data Aggregator Node to Adapters|Assigning Data Aggregator Node to Adapters]] | ||
| + | :[[Working with KHIKA Adapters#Disabling Data Aggregator to Adapters|Disabling Data Aggregator to Adapters]] | ||
| + | :[[Working with KHIKA Adapters#Modifying Adapters|Modifying Adapters]] | ||
| + | :[[Working with KHIKA Adapters#Deleting Adapters|Deleting Adapters]] | ||
| + | :[[Write Your Own Adapter|Writing your own Adaptor]] | ||
| + | [[Working with KHIKA Aggregators]] | ||
| + | :[[Working with KHIKA Aggregators#Introduction|Introduction]] | ||
| + | :[[Working with KHIKA Aggregators#Adding New Data Aggregator|Adding New Data Aggregator]] | ||
| + | :[[Working with KHIKA Aggregators#Assigning Data Aggregator Node to Workspace|Assigning Data Aggregator Node to Workspace]] | ||
| + | :[[Working with KHIKA Aggregators#Deleting Data Aggregator Node|Deleting Data Aggregator Node]] | ||
| + | :[[Working with KHIKA Aggregators#Deleting Data Aggregator from Workspace|Deleting Data Aggregator from Workspace]] | ||
| + | :[[Working with KHIKA Aggregators#Assign Adapter to Data Aggregator|Assign Adapter to Data Aggregator]] | ||
| + | :[[Working with KHIKA Aggregators#Disabling Adapter to Data Aggregator|Disabling Adapter to Data Aggregator]] | ||
| + | [[KHIKA Workspaces]] | ||
| + | :[[KHIKA Workspaces#Introduction|Introduction]] | ||
| + | :[[KHIKA Workspaces#Adding a Workspace|Adding a Workspace]] | ||
| + | :[[KHIKA Workspaces#Suspending a Workspace|Suspending a Workspace]] | ||
| + | :[[KHIKA Workspaces#Resetting a Workspace|Resetting a Workspace]] | ||
| + | :[[KHIKA Workspaces#Applying Configuration to Workspace|Applying Configuration to Workspace]] | ||
| + | :[[KHIKA Workspaces#Archiving a Workspace|Archiving a Workspace]] | ||
| + | :[[KHIKA Workspaces#Adding Data Aggregator to a Workspace|Adding Data Aggregator to a Workspace]] | ||
| + | :[[KHIKA Workspaces#Adding Adapter to a Workspace|Adding Adapter to a Workspace]] | ||
| + | :[[KHIKA Workspaces#Defining and Configuring a Report|Defining and Configuring a Report]] | ||
| + | :[[KHIKA Workspaces#Deleting a Workspace|Deleting a Workspace]] | ||
| + | [[Data Enrichment in KHIKA]] | ||
| + | :[[Data Enrichment in KHIKA#About Enrichment|About Enrichment]] | ||
| + | :[[Data Enrichment in KHIKA#Enrichment of logs in KHIKA|Enrichment of logs in KHIKA]] | ||
| + | :[[Define your own enrichment]] | ||
| + | [[Hardening Monitoring & Analysis]] | ||
| + | :[[Hardening Monitoring & Analysis#Introduction|Introduction]] | ||
| + | :[[Hardening Monitoring & Analysis#Business Process flow for Linux Hardening|Business Process flow for Linux Hardening]] | ||
| + | :[[Hardening Monitoring & Analysis#Hardening Dashboard|Hardening Dashboard]] | ||
| + | [[Data Archival in KHIKA]] | ||
| + | :[[Data Archival in KHIKA#Overview|Overview]] | ||
| + | :[[Data Archival in KHIKA#Data Archival Workflow|Data Archival Workflow]] | ||
| + | :[[Data Archival in KHIKA#For SaaS|For SaaS]] | ||
| + | :[[Data Archival in KHIKA#For On-Premise|For On-Premise]] | ||
| + | :[[Data Archival in KHIKA#View Data Retention Settings|View Data Retention Settings]] | ||
| + | :[[Data Archival in KHIKA#View Data Archival Status|View Data Archival Status]] | ||
| + | [[File Integrity Monitoring]] | ||
| + | [[SMTP Server Settings]] | ||
| + | [[Start and Stop KHIKA]] | ||
| + | :[[Start and Stop KHIKA#Overview|Overview]] | ||
| + | :[[Start and Stop KHIKA#Node Stop and Start Procedure|Node Stop and Start Procedure]] | ||
| + | :[[Start and Stop KHIKA#Application Server Start and Stop|Application Server Start and Stop]] | ||
| + | [[About OSSEC]] | ||
| + | :[[About OSSEC#Overview|Overview]] | ||
| + | :[[About OSSEC#What is OSSEC?|What is OSSEC?]] | ||
| + | :[[About OSSEC#Why Khika integrates closely with OSSEC?|Why Khika integrates closely with OSSEC?]] | ||
| + | [[FAQs]] | ||
| + | <br/> | ||
Refer the next section for [[Accessing the KHIKA Gui]] | Refer the next section for [[Accessing the KHIKA Gui]] | ||
| + | |||
| + | <br/> | ||
| + | [[KHIKA Videos | Go to KHIKA Videos]] | ||
Latest revision as of 02:05, 31 March 2020
Index
- Login
- Change the password
- Creating a User Group
- Creating a Workspace
- Creating a new User
- Access Control in KHIKA
- Introduction
- Data Flow and Components in KHIKA
- Loading KHIKA Apps
- KHIKA Apps
- Importing an Application
- Exporting an Application
- Server monitoring in KHIKA using OSSEC
- Installing OSSEC Agent for Linux
- Installing OSSEC Agent for Windows
- Configuring OSSEC Adapter in KHIKA
- Adding the device in the Adaptor (see video)
- Extract key from KHIKA OSSEC Server
- Insert unique OSSEC key in Linux OSSEC Agent
- Insert unique OSSEC key in Windows OSSEC Agent
- Reload Configuration
- Verifying OSSEC data collection
- Troubleshooting
- Monitoring in KHIKA using Syslog forwarding
Discover or Search Data in KHIKA
- Introduction
- Index Pattern
- Setting the Time Filter
- Searching Your Data
- Lucene Query Syntax
- Saving and Opening Searches
- Changing the Index
- Refreshing the Search Results
- Filtering by Field
- Managing Filters
- Viewing Document Data
- Introduction
- Creating a Dashboard
- Editing Elements on a Dashboard
- Viewing Visualization data on Dashboard
- Searching / Filtering data on the dashboard
- Introduction
- Adding a Report
- Scheduling Reports
- Generating KHIKA Report Manually
- Report History
- Downloading a Report
- Introduction
- Adding Adapters
- Searching Adapters
- Assigning Data Aggregator Node to Adapters
- Disabling Data Aggregator to Adapters
- Modifying Adapters
- Deleting Adapters
- Writing your own Adaptor
Working with KHIKA Aggregators
- Introduction
- Adding New Data Aggregator
- Assigning Data Aggregator Node to Workspace
- Deleting Data Aggregator Node
- Deleting Data Aggregator from Workspace
- Assign Adapter to Data Aggregator
- Disabling Adapter to Data Aggregator
- Introduction
- Adding a Workspace
- Suspending a Workspace
- Resetting a Workspace
- Applying Configuration to Workspace
- Archiving a Workspace
- Adding Data Aggregator to a Workspace
- Adding Adapter to a Workspace
- Defining and Configuring a Report
- Deleting a Workspace
Hardening Monitoring & Analysis
- Overview
- Data Archival Workflow
- For SaaS
- For On-Premise
- View Data Retention Settings
- View Data Archival Status
Refer the next section for Accessing the KHIKA Gui
