44 lines
1.1 KiB
Markdown
44 lines
1.1 KiB
Markdown
# VM104 — Wazuh SIEM
|
|
|
|
| Item | Valor |
|
|
|------|-------|
|
|
| **IP LAN** | `10.10.10.104` |
|
|
| **SSH WAN** | `95.216.14.146:2504` |
|
|
| **Hostname** | wazuh |
|
|
| **URL** | Wazuh Dashboard (LAN / Traefik) |
|
|
|
|
## Papel
|
|
|
|
- SIEM / análise de segurança profunda
|
|
- Alertas → VM122 Desk (Spec 002)
|
|
- Deep-link desde Ops Console (Spec 019)
|
|
|
|
## No repo Git (CT130)
|
|
|
|
**Não há pasta `deploy/vm104/`** — VM104 é produto Wazuh upstream. Integração documentada em:
|
|
|
|
```
|
|
specs/002-wazuh-integration/spec.md
|
|
specs/019-ops-console-active-operations/spec.md (deep-link Wazuh)
|
|
specs/027-desk-rbac-function-matrix/spec.md (security_analyst, noc)
|
|
```
|
|
|
|
## Fluxo
|
|
|
|
```
|
|
Agentes → VM104 Wazuh → webhook/API → VM122 Desk → ticket/CH-*
|
|
Ops Console (VM123) → deep-link → VM104 dashboard (SIEM profundo)
|
|
```
|
|
|
|
## Roles Desk com acesso Wazuh
|
|
|
|
| Função | Wazuh |
|
|
|--------|-------|
|
|
| `security_analyst` | ✅ full |
|
|
| `noc` | ✅ read + deep-link |
|
|
| `ops_lead` | 🔗 deep-link |
|
|
|
|
## Próximo sync
|
|
|
|
- Exportar regras/decoders custom para `docs/vms/VM104-rules/` no repo
|
|
- Documentar URL Traefik Wazuh em `docs/network/`
|