Difference between revisions of "KHIKA User Guide"

From khika
Jump to navigation Jump to search
(Index)
(Index)
(14 intermediate revisions by one other user not shown)
Line 1: Line 1:
 
== Index ==
 
== Index ==
<br/><br/>
+
 
 
[[Accessing the KHIKA Gui]]
 
[[Accessing the KHIKA Gui]]
 
 
:[[Accessing the KHIKA Gui#Login|Login]]
 
:[[Accessing the KHIKA Gui#Login|Login]]
 
:[[Accessing the KHIKA Gui#Change the password|Change the password]]
 
:[[Accessing the KHIKA Gui#Change the password|Change the password]]
Line 10: Line 9:
 
:[[Accessing the KHIKA Gui#Access Control in KHIKA|Access Control in KHIKA]]
 
:[[Accessing the KHIKA Gui#Access Control in KHIKA|Access Control in KHIKA]]
  
<br/><br/>
 
 
[[Getting Data into KHIKA]]
 
[[Getting Data into KHIKA]]
 
 
:[[Getting Data into KHIKA#Introduction|Introduction]]
 
:[[Getting Data into KHIKA#Introduction|Introduction]]
 
:[[Getting Data into KHIKA#Data Flow and Components in KHIKA|Data Flow and Components in KHIKA]]
 
:[[Getting Data into KHIKA#Data Flow and Components in KHIKA|Data Flow and Components in KHIKA]]
Line 22: Line 19:
 
::[[Getting Data into KHIKA#Installing OSSEC Agent for Windows|Installing OSSEC Agent for Windows]]
 
::[[Getting Data into KHIKA#Installing OSSEC Agent for Windows|Installing OSSEC Agent for Windows]]
 
::[[Getting Data into KHIKA#Configuring OSSEC Adapter in KHIKA|Configuring OSSEC Adapter in KHIKA]]
 
::[[Getting Data into KHIKA#Configuring OSSEC Adapter in KHIKA|Configuring OSSEC Adapter in KHIKA]]
::[[Getting Data into KHIKA#Adding the device in the Adaptor|Adding the device in the Adaptor]]
+
::[[Getting Data into KHIKA#Adding the device in the Adaptor|Adding the device in the Adaptor]] [https://drive.google.com/open?id=1fvO5XzJfXEykSllfR0qRPGwlH-FyqYgd  (see video)]
 
::[[Getting Data into KHIKA#Extract key from KHIKA OSSEC Server|Extract key from KHIKA OSSEC Server]]
 
::[[Getting Data into KHIKA#Extract key from KHIKA OSSEC Server|Extract key from KHIKA OSSEC Server]]
 
::[[Getting Data into KHIKA#Insert unique OSSEC key in Linux OSSEC Agent|Insert unique OSSEC key in Linux OSSEC Agent]]
 
::[[Getting Data into KHIKA#Insert unique OSSEC key in Linux OSSEC Agent|Insert unique OSSEC key in Linux OSSEC Agent]]
Line 31: Line 28:
 
:[[Getting Data into KHIKA#Monitoring in KHIKA using Syslog forwarding|Monitoring in KHIKA using Syslog forwarding]]
 
:[[Getting Data into KHIKA#Monitoring in KHIKA using Syslog forwarding|Monitoring in KHIKA using Syslog forwarding]]
  
<br/><br/>
 
 
[[Discover or Search Data in KHIKA]]
 
[[Discover or Search Data in KHIKA]]
 
 
:[[Discover or Search Data in KHIKA#Introduction|Introduction]]
 
:[[Discover or Search Data in KHIKA#Introduction|Introduction]]
 
:[[Discover or Search Data in KHIKA#Index Pattern|Index Pattern]]
 
:[[Discover or Search Data in KHIKA#Index Pattern|Index Pattern]]
Line 43: Line 38:
 
:[[Discover or Search Data in KHIKA#Refreshing the Search Results|Refreshing the Search Results]]
 
:[[Discover or Search Data in KHIKA#Refreshing the Search Results|Refreshing the Search Results]]
 
:[[Discover or Search Data in KHIKA#Filtering by Field|Filtering by Field]]
 
:[[Discover or Search Data in KHIKA#Filtering by Field|Filtering by Field]]
 +
:[[Discover or Search Data in KHIKA#Managing Filters|Managing Filters]]
 +
:[[Discover or Search Data in KHIKA#Viewing Document Data|Viewing Document Data]]
 +
 +
[[KHIKA Visualizations]]
 +
:[[KHIKA Visualizations#What is a KHIKA Visualization?|What is a KHIKA Visualization?]]
 +
:[[KHIKA Visualizations#Creating a Visualization|Creating a Visualization]]
 +
:[[KHIKA Visualizations#Examples of Visualization|Examples of Visualization]]
 +
::[[KHIKA Visualizations#Area Chart|Area Chart]]
 +
::[[KHIKA Visualizations#Heat Map|Heat Map]]
 +
::[[KHIKA Visualizations#Horizontal and Vertical Bar Chart|Horizontal and Vertical Bar Chart]]
 +
::[[KHIKA Visualizations#Line chart|Line chart]]
 +
::[[KHIKA Visualizations#Pie Chart|Pie Chart]]
 +
::[[KHIKA Visualizations#Data Table|Data Table]]
 +
::[[KHIKA Visualizations#Gauge|Gauge]]
 +
::[[KHIKA Visualizations#Goal|Goal]]
 +
::[[KHIKA Visualizations#Metric|Metric]]
 +
 +
[[KHIKA Dashboards]]
 +
:[[KHIKA Dashboards#Introduction|Introduction]]
 +
:[[KHIKA Dashboards#Creating a Dashboard|Creating a Dashboard]]
 +
:[[KHIKA Dashboards#Editing Elements on a Dashboard|Editing Elements on a Dashboard]]
 +
:[[KHIKA Dashboards#Viewing Visualization data on Dashboard|Viewing Visualization data on Dashboard]]
 +
:[[KHIKA Dashboards#Searching / Filtering data on the dashboard|Searching / Filtering data on the dashboard]]
 +
::[[KHIKA Dashboards#Steps for Adding a Filter on a Dashboard|Steps for Adding a Filter on a Dashboard]]
 +
::[[KHIKA Dashboards#Steps to Search and Save on a Dashboard|Steps to Search and Save on a Dashboard]]
  
 +
[[KHIKA Reports]]
 +
:[[KHIKA Reports#Introduction|Introduction]]
 +
:[[KHIKA Reports#Adding a Report|Adding a Report]]
 +
:[[KHIKA Reports#Scheduling Reports|Scheduling Reports]]
 +
:[[KHIKA Reports#Generating KHIKA Report Manually|Generating KHIKA Report Manually]]
 +
:[[KHIKA Reports#Report History|Report History]]
 +
:[[KHIKA Reports#Downloading a Report|Downloading a Report]]
  
 +
[[KHIKA Alerts & Correlations]]
 +
:[[KHIKA Alerts & Correlations#Introduction|Introduction]]
 +
:[[KHIKA Alerts & Correlations#Alert Dashboard|Alert Dashboard]]
 +
:[[KHIKA Alerts & Correlations#Creating your own Alerts in KHIKA|Creating your own Alerts in KHIKA]]
 +
::[[KHIKA Alerts & Correlations#Before creating an alert :|Before creating an alert :]]
 +
::[[KHIKA Alerts & Correlations#Creating a Simple Alert: Logon Failure on Windows|Creating a Simple Alert: Logon Failure on Windows]]
 +
::[[KHIKA Alerts & Correlations#Slightly Advanced Alert: Multiple Logon failure on Windows for the same user|Slightly Advanced Alert: Multiple Logon failure on Windows for the same user]]
 +
::[[KHIKA Alerts & Correlations#More Advanced Alert: 10 or more unique network connections for a windows host within 1 minute|More Advanced Alert: 10 or more unique network connections for a windows host within 1 minute]]
 +
::[[KHIKA Alerts & Correlations#Advanced Alert: A successful brute-force attack|Advanced Alert: A successful brute-force attack]]
 +
:[[KHIKA Alerts & Correlations#Alert emails for Stakeholders|Alert emails for Stakeholders]]
 +
 +
[[Working with KHIKA Adapters]]
 +
:[[Working with KHIKA Adapters#Introduction|Introduction]]
 +
:[[Working with KHIKA Adapters#Adding Adapters|Adding Adapters]]
 +
:[[Working with KHIKA Adapters#Searching Adapters|Searching Adapters]]
 +
:[[Working with KHIKA Adapters#Assigning Data Aggregator Node to Adapters|Assigning Data Aggregator Node to Adapters]]
 +
:[[Working with KHIKA Adapters#Disabling Data Aggregator to Adapters|Disabling Data Aggregator to Adapters]]
 +
:[[Working with KHIKA Adapters#Modifying Adapters|Modifying Adapters]]
 +
:[[Working with KHIKA Adapters#Deleting Adapters|Deleting Adapters]]
 +
:[[Write Your Own Adapter|Writing your own Adaptor]]
 +
 +
[[Working with KHIKA Aggregators]]
 +
:[[Working with KHIKA Aggregators#Introduction|Introduction]]
 +
:[[Working with KHIKA Aggregators#Adding New Data Aggregator|Adding New Data Aggregator]]
 +
:[[Working with KHIKA Aggregators#Assigning Data Aggregator Node to Workspace|Assigning Data Aggregator Node to Workspace]]
 +
:[[Working with KHIKA Aggregators#Deleting Data Aggregator Node|Deleting Data Aggregator Node]]
 +
:[[Working with KHIKA Aggregators#Deleting Data Aggregator from Workspace|Deleting Data Aggregator from Workspace]]
 +
:[[Working with KHIKA Aggregators#Assign Adapter to Data Aggregator|Assign Adapter to Data Aggregator]]
 +
:[[Working with KHIKA Aggregators#Disabling Adapter to Data Aggregator|Disabling Adapter to Data Aggregator]]
 +
 +
[[KHIKA Workspaces]]
 +
:[[KHIKA Workspaces#Introduction|Introduction]]
 +
:[[KHIKA Workspaces#Adding a Workspace|Adding a Workspace]]
 +
:[[KHIKA Workspaces#Suspending a Workspace|Suspending a Workspace]]
 +
:[[KHIKA Workspaces#Resetting a Workspace|Resetting a Workspace]]
 +
:[[KHIKA Workspaces#Applying Configuration to Workspace|Applying Configuration to Workspace]]
 +
:[[KHIKA Workspaces#Archiving a Workspace|Archiving a Workspace]]
 +
:[[KHIKA Workspaces#Adding Data Aggregator to a Workspace|Adding Data Aggregator to a Workspace]]
 +
:[[KHIKA Workspaces#Adding Adapter to a Workspace|Adding Adapter to a Workspace]]
 +
:[[KHIKA Workspaces#Defining and Configuring a Report|Defining and Configuring a Report]]
 +
:[[KHIKA Workspaces#Deleting a Workspace|Deleting a Workspace]]
 +
 +
[[Data Enrichment in KHIKA]]
 +
:[[Data Enrichment in KHIKA#About Enrichment|About Enrichment]]
 +
:[[Data Enrichment in KHIKA#Enrichment of logs in KHIKA|Enrichment of logs in KHIKA]]
 +
:[[Define your own enrichment]]
 +
 +
[[Hardening Monitoring & Analysis]]
 +
:[[Hardening Monitoring & Analysis#Introduction|Introduction]]
 +
:[[Hardening Monitoring & Analysis#Business Process flow for Linux Hardening|Business Process flow for Linux Hardening]]
 +
:[[Hardening Monitoring & Analysis#Hardening Dashboard|Hardening Dashboard]]
 +
 +
[[Data Archival in KHIKA]]
 +
:[[Data Archival in KHIKA#Overview|Overview]]
 +
:[[Data Archival in KHIKA#Data Archival Workflow|Data Archival Workflow]]
 +
:[[Data Archival in KHIKA#For SaaS|For SaaS]]
 +
:[[Data Archival in KHIKA#For On-Premise|For On-Premise]]
 +
:[[Data Archival in KHIKA#View Data Retention Settings|View Data Retention Settings]]
 +
:[[Data Archival in KHIKA#View Data Archival Status|View Data Archival Status]]
 +
 +
[[File Integrity Monitoring]]
 +
 +
[[SMTP Server Settings]]
 +
 +
[[Start and Stop KHIKA]]
 +
:[[Start and Stop KHIKA#Overview|Overview]]
 +
:[[Start and Stop KHIKA#Node Stop and Start Procedure|Node Stop and Start Procedure]]
 +
:[[Start and Stop KHIKA#Application Server Start and Stop|Application Server Start and Stop]]
 +
 +
[[About OSSEC]]
 +
:[[About OSSEC#Overview|Overview]]
 +
:[[About OSSEC#What is OSSEC?|What is OSSEC?]]
 +
:[[About OSSEC#Why Khika integrates closely with OSSEC?|Why Khika integrates closely with OSSEC?]]
 +
 +
[[FAQs]]
 +
 +
<br/>
 
Refer the next section for [[Accessing the KHIKA Gui]]
 
Refer the next section for [[Accessing the KHIKA Gui]]
 +
 +
<br/>
 +
[[KHIKA Videos | Go to KHIKA Videos]]

Revision as of 13:54, 21 August 2019

Index

Accessing the KHIKA Gui

Login
Change the password
Creating a User Group
Creating a Workspace
Creating a new User
Access Control in KHIKA

Getting Data into KHIKA

Introduction
Data Flow and Components in KHIKA
KHIKA Apps
Importing an Application
Exporting an Application
Server monitoring in KHIKA using OSSEC
Installing OSSEC Agent for Linux
Installing OSSEC Agent for Windows
Configuring OSSEC Adapter in KHIKA
Adding the device in the Adaptor (see video)
Extract key from KHIKA OSSEC Server
Insert unique OSSEC key in Linux OSSEC Agent
Insert unique OSSEC key in Windows OSSEC Agent
Reload Configuration
Verifying OSSEC data collection
Troubleshooting
Monitoring in KHIKA using Syslog forwarding

Discover or Search Data in KHIKA

Introduction
Index Pattern
Setting the Time Filter
Searching Your Data
Lucene Query Syntax
Saving and Opening Searches
Changing the Index
Refreshing the Search Results
Filtering by Field
Managing Filters
Viewing Document Data

KHIKA Visualizations

What is a KHIKA Visualization?
Creating a Visualization
Examples of Visualization
Area Chart
Heat Map
Horizontal and Vertical Bar Chart
Line chart
Pie Chart
Data Table
Gauge
Goal
Metric

KHIKA Dashboards

Introduction
Creating a Dashboard
Editing Elements on a Dashboard
Viewing Visualization data on Dashboard
Searching / Filtering data on the dashboard
Steps for Adding a Filter on a Dashboard
Steps to Search and Save on a Dashboard

KHIKA Reports

Introduction
Adding a Report
Scheduling Reports
Generating KHIKA Report Manually
Report History
Downloading a Report

KHIKA Alerts & Correlations

Introduction
Alert Dashboard
Creating your own Alerts in KHIKA
Before creating an alert :
Creating a Simple Alert: Logon Failure on Windows
Slightly Advanced Alert: Multiple Logon failure on Windows for the same user
More Advanced Alert: 10 or more unique network connections for a windows host within 1 minute
Advanced Alert: A successful brute-force attack
Alert emails for Stakeholders

Working with KHIKA Adapters

Introduction
Adding Adapters
Searching Adapters
Assigning Data Aggregator Node to Adapters
Disabling Data Aggregator to Adapters
Modifying Adapters
Deleting Adapters
Writing your own Adaptor

Working with KHIKA Aggregators

Introduction
Adding New Data Aggregator
Assigning Data Aggregator Node to Workspace
Deleting Data Aggregator Node
Deleting Data Aggregator from Workspace
Assign Adapter to Data Aggregator
Disabling Adapter to Data Aggregator

KHIKA Workspaces

Introduction
Adding a Workspace
Suspending a Workspace
Resetting a Workspace
Applying Configuration to Workspace
Archiving a Workspace
Adding Data Aggregator to a Workspace
Adding Adapter to a Workspace
Defining and Configuring a Report
Deleting a Workspace

Data Enrichment in KHIKA

About Enrichment
Enrichment of logs in KHIKA
Define your own enrichment

Hardening Monitoring & Analysis

Introduction
Business Process flow for Linux Hardening
Hardening Dashboard

Data Archival in KHIKA

Overview
Data Archival Workflow
For SaaS
For On-Premise
View Data Retention Settings
View Data Archival Status

File Integrity Monitoring

SMTP Server Settings

Start and Stop KHIKA

Overview
Node Stop and Start Procedure
Application Server Start and Stop

About OSSEC

Overview
What is OSSEC?
Why Khika integrates closely with OSSEC?

FAQs


Refer the next section for Accessing the KHIKA Gui


Go to KHIKA Videos