KHIKA User Guide

From khika

Revision as of 10:02, 17 June 2019 by Dhanashree kulkarni (talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

Jump to navigation Jump to search

Index

Accessing the KHIKA Gui

Change the password

Creating a User Group

Creating a Workspace

Creating a new User

Access Control in KHIKA

Getting Data into KHIKA

Data Flow and Components in KHIKA

Importing an Application

Exporting an Application

Server monitoring in KHIKA using OSSEC

Installing OSSEC Agent for Linux

Installing OSSEC Agent for Windows

Configuring OSSEC Adapter in KHIKA

Adding the device in the Adaptor

Extract key from KHIKA OSSEC Server

Insert unique OSSEC key in Linux OSSEC Agent

Insert unique OSSEC key in Windows OSSEC Agent

Reload Configuration

Verifying OSSEC data collection

Troubleshooting

Monitoring in KHIKA using Syslog forwarding

Discover or Search Data in KHIKA

Setting the Time Filter

Searching Your Data

Lucene Query Syntax

Saving and Opening Searches

Changing the Index

Refreshing the Search Results

Filtering by Field

Managing Filters

Viewing Document Data

KHIKA Visualizations

What is a KHIKA Visualization?

Creating a Visualization

Examples of Visualization

Horizontal and Vertical Bar Chart

KHIKA Dashboards

Creating a Dashboard

Editing Elements on a Dashboard

Viewing Visualization data on Dashboard

Searching / Filtering data on the dashboard

Steps for Adding a Filter on a Dashboard

Steps to Search and Save on a Dashboard

Adding a Report

Scheduling Reports

Generating KHIKA Report Manually

Downloading a Report

KHIKA Alerts & Correlations

Alert Dashboard

Creating your own Alerts in KHIKA

Before creating an alert :

Creating a Simple Alert: Logon Failure on Windows

Slightly Advanced Alert: Multiple Logon failure on Windows for the same user

More Advanced Alert: 10 or more unique network connections for a windows host within 1 minute

Advanced Alert: A successful brute-force attack

Alert emails for Stakeholders

Working with KHIKA Adapters

Adding Adapters

Searching Adapters

Assigning Data Aggregator Node to Adapters

Disabling Data Aggregator to Adapters

Modifying Adapters

Deleting Adapters

Writing your own Adaptor

Working with KHIKA Aggregators

Adding New Data Aggregator

Assigning Data Aggregator Node to Workspace

Deleting Data Aggregator Node

Deleting Data Aggregator from Workspace

Assign Adapter to Data Aggregator

Disabling Adapter to Data Aggregator

KHIKA Workspaces

Adding a Workspace

Suspending a Workspace

Resetting a Workspace

Applying Configuration to Workspace

Archiving a Workspace

Adding Data Aggregator to a Workspace

Adding Adapter to a Workspace

Defining and Configuring a Report

Deleting a Workspace

Data Enrichment in KHIKA

About Enrichment

Enrichment of logs in KHIKA

Define your own enrichment

Hardening Monitoring & Analysis

Business Process flow for Linux Hardening

Hardening Dashboard

Data Archival in KHIKA

Data Archival Workflow

View Data Retention Settings

View Data Archival Status

File Integrity Monitoring

Start and Stop KHIKA

Node Stop and Start Procedure

Application Server Start and Stop

Why Khika integrates closely with OSSEC?

Refer the next section for Accessing the KHIKA Gui

Retrieved from "http://khika.com/wiki/index.php?title=KHIKA_User_Guide&oldid=1072"