Dashboard
Connecting...
-
Active Agents
-
Open Incidents
-
Alerts (24h)
-
Endpoints
Recent Alerts
| Time | Host | Event | Severity | Score | Details |
|---|---|---|---|---|---|
No alerts yet | |||||
Agents Status
No agents
Incidents
Security incidents requiring attention
| Time | Host | Event | MITRE | Tactic | Rule | Severity | Score | Details |
|---|
Endpoints
All enrolled endpoints
| Hostname | IP | OS | Status | Last Seen | Actions |
|---|
Agent Detail
Checking...
-
Events
-
Alerts
-
OS
-
IP
Events
| Time | Type | MITRE | Rule | Severity | Score | Detail |
|---|
Active Response
Threat Hunting
Search across all endpoint telemetry
-
Events (24h)
-
Critical/High
-
Auth Failures
-
Auth Success
Results
| Time | Host | Type | MITRE ID | Tactic | Rule | Severity | Score | Details |
|---|
Detection Rules
MITRE ATT&CK detection rules
-
Total
-
Enabled
-
Custom
-
Critical
| ID | Name | MITRE | Tactic | Severity | Score | Type | Status | Actions |
|---|
UEBA
User and Entity Behavior Analytics
-
Alerts
-
Tracked Users
-
High Risk
-
Anomaly Types
User Profiles
No profiles yet
Recent UEBA Alerts
| Time | User | Type | Score | MITRE |
|---|
Vulnerability Detection
CVE matching against installed software inventory
-
Total Packages
-
Critical CVEs
-
High CVEs
-
Last Scan
Detected Vulnerabilities
| Package | Version | CVE | Severity | CVSS | Description |
|---|---|---|---|---|---|
Click Scan Now | |||||
CIS Compliance
CIS Benchmark security configuration assessment (Linux)
-
Score %
-
Grade
-
Passed
-
Failed
CIS Benchmark Results
| Check ID | Title | Severity | Status | Output |
|---|---|---|---|---|
Click Run Checks | ||||
AI Security Analyst
AI-powered threat analysis and real-time security assistant
Checking AI status...
🤖 AI Security Assistant
The AI has access to your live SIEM data — ask anything about your current alerts, threats, or how to respond.
Ask me anything about your security environment...
Examples:
"What are the most critical threats right now?"
"Explain what T1110 attack is happening"
"Write a PowerShell script to block IP 45.33.32.156"
"Is the suspicious port scan a false positive?"
"What should I investigate first?"
Examples:
"What are the most critical threats right now?"
"Explain what T1110 attack is happening"
"Write a PowerShell script to block IP 45.33.32.156"
"Is the suspicious port scan a false positive?"
"What should I investigate first?"
VirusTotal
Scan hashes and IPs against 70+ AV engines
API Key
Scan
Recent Scans
No scans yet
Active Response
Issue commands to enrolled agents
Command
Output
No output yet
Agents
Enrolled security agents
| Hostname | Agent ID | OS | IP | Status | Last Seen | Actions |
|---|
Users
Dashboard user accounts
| Username | Full Name | Role | Status | Last Login | Actions |
|---|
Wazuh Integration
Connect Cibervault to your Wazuh SIEM for unified threat visibility
Wazuh API Connection
Connection Status
Not connected
Configure connection to the left
Wazuh Agents
| ID | Name | IP | OS | Status | Last Seen |
|---|---|---|---|---|---|
Connect Wazuh to see agents | |||||
Recent Wazuh Alerts
| Time | Agent | Rule | Level | Description |
|---|---|---|---|---|
No alerts | ||||
Integration Guide
① Enable Wazuh API
On your Wazuh manager:
Default API port: 55000
Default user: wazuh-wui
systemctl status wazuh-managerDefault API port: 55000
Default user: wazuh-wui
② Forward Wazuh Alerts to Cibervault
Add to
/var/ossec/etc/ossec.conf:<integration> <name>custom-cibervault</name> <hook_url>http://CIBERVAULT_IP:8081/api/v1/wazuh/alert</hook_url> <level>7</level> <alert_format>json</alert_format> </integration>
③ Agent Enrollment
Install Cibervault agent on Wazuh-monitored hosts to get EDR + SIEM coverage on the same endpoint.
④ Unified View
Wazuh alerts appear in Incidents page with source=wazuh tag. Cibervault EDR alerts appear in Wazuh via syslog forwarding.
Settings
Configuration
Server Info
Server:
SMTP Alerts