KHIKA User Guide

From khika
Revision as of 02:05, 31 March 2020 by Dhanashree kulkarni (talk | contribs) (Index)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search


Accessing the KHIKA Gui

Change the password
Creating a User Group
Creating a Workspace
Creating a new User
Access Control in KHIKA

Getting Data into KHIKA

Data Flow and Components in KHIKA
Loading KHIKA Apps
Importing an Application
Exporting an Application
Server monitoring in KHIKA using OSSEC
Installing OSSEC Agent for Linux
Installing OSSEC Agent for Windows
Configuring OSSEC Adapter in KHIKA
Adding the device in the Adaptor (see video)
Extract key from KHIKA OSSEC Server
Insert unique OSSEC key in Linux OSSEC Agent
Insert unique OSSEC key in Windows OSSEC Agent
Reload Configuration
Verifying OSSEC data collection
Monitoring in KHIKA using Syslog forwarding

Discover or Search Data in KHIKA

Index Pattern
Setting the Time Filter
Searching Your Data
Lucene Query Syntax
Saving and Opening Searches
Changing the Index
Refreshing the Search Results
Filtering by Field
Managing Filters
Viewing Document Data

KHIKA Visualizations

What is a KHIKA Visualization?
Creating a Visualization
Examples of Visualization
Area Chart
Heat Map
Horizontal and Vertical Bar Chart
Line chart
Pie Chart
Data Table

KHIKA Dashboards

Creating a Dashboard
Editing Elements on a Dashboard
Viewing Visualization data on Dashboard
Searching / Filtering data on the dashboard
Steps for Adding a Filter on a Dashboard
Steps to Search and Save on a Dashboard

KHIKA Reports

Adding a Report
Scheduling Reports
Generating KHIKA Report Manually
Report History
Downloading a Report

KHIKA Alerts & Correlations

Alert Dashboard
Creating your own Alerts in KHIKA
Before creating an alert :
Creating a Simple Alert: Logon Failure on Windows
Slightly Advanced Alert: Multiple Logon failure on Windows for the same user
More Advanced Alert: 10 or more unique network connections for a windows host within 1 minute
Advanced Alert: A successful brute-force attack
Alert emails for Stakeholders

Working with KHIKA Adapters

Adding Adapters
Searching Adapters
Assigning Data Aggregator Node to Adapters
Disabling Data Aggregator to Adapters
Modifying Adapters
Deleting Adapters
Writing your own Adaptor

Working with KHIKA Aggregators

Adding New Data Aggregator
Assigning Data Aggregator Node to Workspace
Deleting Data Aggregator Node
Deleting Data Aggregator from Workspace
Assign Adapter to Data Aggregator
Disabling Adapter to Data Aggregator

KHIKA Workspaces

Adding a Workspace
Suspending a Workspace
Resetting a Workspace
Applying Configuration to Workspace
Archiving a Workspace
Adding Data Aggregator to a Workspace
Adding Adapter to a Workspace
Defining and Configuring a Report
Deleting a Workspace

Data Enrichment in KHIKA

About Enrichment
Enrichment of logs in KHIKA
Define your own enrichment

Hardening Monitoring & Analysis

Business Process flow for Linux Hardening
Hardening Dashboard

Data Archival in KHIKA

Data Archival Workflow
For SaaS
For On-Premise
View Data Retention Settings
View Data Archival Status

File Integrity Monitoring

SMTP Server Settings

Start and Stop KHIKA

Node Stop and Start Procedure
Application Server Start and Stop


What is OSSEC?
Why Khika integrates closely with OSSEC?


Refer the next section for Accessing the KHIKA Gui

Go to KHIKA Videos