Best SIEM Dashboards - Grafana Install and Dashboard Creation

Your videos are amazing. We would love to see mode videos about Opensearch like building a SOC stack.
I guess your audience would love a tutorial like that as we don't have it here yet I guess.

Hi Taylor, thanks for the awesome video, Grafana is much faster since its written in GOlang which is complied to machine language same level as C++ in terms of operation speed
Product that are also written in go is Docker and kubernetes , i personally ditched Kibana because of the speed Grafana have to offer , and the fact that you are not entitled only to use ES or OS , BTW there is kind of new log indexer from grafan called LOKI which offer less costly index size and suppose to be much faster.
Thanks

Your videos are amazing.

Thank you so much, I learned a lot from your channel!

Thanks so much for this series, especially with the effort of releasing it at a consistent schedule. I know we aren't there yet but is there any reason why you choose Cassandra as oppose to other DB like mongoDB got backend storage?

Hi Taylor,
Firstly, amazing videos.
I can't get the geolocation to work on Geomap. If I use country code - it says "Unable to find location fields" when location mode is set to Auto.

your videos are amazing, I've followed your steps, and I'm getting a bad gateway in Grafana!!! How i can solve this issue, do i have to change wazuh SSL certificates?

Hey thanks for the video.
I can’t get any sysmon event 3 for some reason. Tried different configurations of sysmon. Any ideas?

Future person. If you’re watching and following along, chances are great that nothing works(there most have been a lot of editing magic by the creator to make everything seem to work) all the time you have/will spend on this “demo” is probably better spent with trusted accounts managers on buying a reliable solution.

Hey taylor thanks for your videos they are amazing.
I have a question about grafana and graylog configuration.
I’m having issue in my grafana saying “Elasticsearch: error Bad Gateway”
I’m using graylog and elastic search in a same machine and grafana in another and i can’t connect them?

Trying to follow along in my lab, how many servers are you using now 2? 1 for Wazuh-Indexer, Graylog and Grafana and 1 for Wazuh Manager? I realize there would be separate servers and a cluster for Wazuh-Indexer in a large production environment.

You will likely get an error regarding g2 processing due to incorrect time format within every log that's placed. it'll look something like this
gl2_processing_error
Replaced invalid timestamp value in message with current time - Value caused exception: Invalid format: "2023-08-02T16:56:53.307-0400" is malformed at "T16:56:53.307-0400".
Make a new pipeline and use this rule and it'll fix it.
rule "parse custom timestamp"
when
has_field("timestamp")
then
let new_date = parse_date(to_string($message.timestamp), "yyyy-MM-dd'T'HH:mm:ss.SSSZ");
set_field("timestamp", new_date);
end

First of all thank you very much! Your videos are very helpful and really amazing!
I need to ask for your help, because I can't find any event id 3 log in graylog or in wazuh discovery.
I can see that logs in event viewer and I cheeked few times configuration for groups, checked if sysmon installed with correct configs by extracting config from test pc by Sysmon64.exe -c and comparing it with config provided by Olaf, but still can't find any event id 3 log in graylog or in wazuh discovery panel.
Can you please point where I can found the root of the issue, or maybe someone already faced to the similar issue and able to solve it?
Will very grateful for any help.

Thanks Gentlemen

IS there someone who got issues with HTTPS on Grafana?
And thank you very much for your time, yyour videos are amazing

Help me,
I had problems when installing Worldmap Panel. I am using grafana v11. In the grafana plugin the worldmap panel option didn't appear, and finally I installed it using the CLI. I have followed these steps, but when searching the worldmap panel I couldn't find it.
Is there a problem with the grafana version?

How would you setup agent -> squid proxy -> destination -> port?

Hi taylor, when i load the sankey panel. It shows error that p is not a function. How to fix this?

We are very interested that graylog can replace filebeat and send data to Wazuh index, and we are also very happy with the application of grafana dashboard. But we also want to keep the image of wazuh kibana, but we don't know how to generate wazuh indices (Just like wazuh-alerts-4.x-2022.*) from graylog. I don't know how to coexist(grafana dashboard & wazuh kibana dashboard)?

how can i make a dashboard with grafana for shadow server?

can you share the tutoriel commands thanks

Terrible time with these Grafana visualizations (Grafana version 10).
*Disclaimer: I stoopit. Worldmap or whatever is gone -- integrated directly into Grafana as Geomap.
I'm still pondering the Sankey. I have the data coming in just fine (verified by clicking the "table view" on). The graph however is blank with an error of, "g is not a function". "g is not a function" is apparently a Grafana error that doesn't necessarily reflect anything to do with the actual error (cascading up the error stack and finally, if nothing catches the real error, it spills out as the 'g is not a function' error -- at least that's what I gather). It therefore has not been resolved (github issue lists it and the response was that there's no real data to know where to begin the troubleshooting), and indeed may well be Grafana more than the plugin. That said, maybe you'll get lucky (whoever you are).
Next:
Geomap wouldn't map a location. This is due to it not seeing relevant fields. In Graylog, after discovering one can't use Extractors because Geo Location processor needs the processed stream that has already done the extracting, turns out one needs a lookup table (faster anyway, I think). This link is your friend here:
www.graylog.org/post/how-to-set-up-graylog-geoip-configuration/
...I wanted destination mapped, so change that accordingly in the rule if that's your case. When creating the pipeline to use the pipeline rule, easy enough but go to System/Pipelines -> Pipelines and create a new one. Link the Wazuh stream, edit Stage 0 and add the pipeline rule you expertly crafted and save. Done. Then configure Geomap in Grafana to use your query by setting the Data dropbox correctly ("A" is the name of your query likely if you didn't rename it), Location Mode to "Lookup", and then you *should* see your pipeline rule field listed in the "Lookup field" box. Gazetteer = Countries. Styles Size = Count (the metric from the query). Should work (fingers crossed).

Many thanks Taylor really, I don't know what to say to thank you!
I have this error message after enabling Geo-Location Processor, appreciate your advice.
gl2_processing_error
Replaced invalid timestamp value in message with current time - Value caused exception: Invalid format: "2023-05-01T09:32:13.933-0400" is malformed at "T09:32:13.933-0400"