Skip to content

Vulnerability Detection

The LogSentinel collector supports running vulnerability detection with a dedicated vulnerability connector. The connector supports two types of vulnerability assessment:

  • web vulnerability scanning - the connector regularly tests a set of configured web pages (internal or externally-facing)
  • vulnerability probing - the connector probes all discovered assets in order to detect known services and their respecetive versions and match them against CVE known vulnerabilities.

Below is a sample configuration:

vulnerabilityDetection:
  # there needs to be a designated "vulnerabilities" data source at the SIEM
  dataSourceId: 123e4567-e89b-12d3-a456-426614174000
  web:
    urls:
      - https://hr.internal
      - https://company.com
  probe:
    enabled: true

Additionally, through the Wazuh-based agent, we support agent-based vulnerability detection. It is handled by the ossec connector.

You can check the full configuration reference here.