1.1 KiB
1.1 KiB
VM104 — Wazuh SIEM
| Item | Valor |
|---|---|
| IP LAN | 10.10.10.104 |
| SSH WAN | 95.216.14.146:2504 |
| Hostname | wazuh |
| URL | Wazuh Dashboard (LAN / Traefik) |
Papel
- SIEM / análise de segurança profunda
- Alertas → VM122 Desk (Spec 002)
- Deep-link desde Ops Console (Spec 019)
No repo Git (CT130)
Não há pasta deploy/vm104/ — VM104 é produto Wazuh upstream. Integração documentada em:
specs/002-wazuh-integration/spec.md
specs/019-ops-console-active-operations/spec.md (deep-link Wazuh)
specs/027-desk-rbac-function-matrix/spec.md (security_analyst, noc)
Fluxo
Agentes → VM104 Wazuh → webhook/API → VM122 Desk → ticket/CH-*
Ops Console (VM123) → deep-link → VM104 dashboard (SIEM profundo)
Roles Desk com acesso Wazuh
| Função | Wazuh |
|---|---|
security_analyst |
✅ full |
noc |
✅ read + deep-link |
ops_lead |
🔗 deep-link |
Próximo sync
- Exportar regras/decoders custom para
docs/vms/VM104-rules/no repo - Documentar URL Traefik Wazuh em
docs/network/