The wazuh-integratord is a daemon that allows Wazuh to connect to external APIs and alerting tools such as Slack, VirusTotal and PagerDuty.

Wazuh Integratord

The wazuh-integratord is a daemon that allows Wazuh to connect to external APIs and alerting tools such as Slack, VirusTotal and PagerDuty.

The original version is running in single thread. When there is a large number of alert and the connections to external APIs are slow, the alerting will be delayed.

This version is written in Go. It was created to help to parse alerts log and alerting faster.

Configuration

Wazuh config

/var/ossec/etc/ossec.conf

<ossec_config>

    <integration>
        <name>custom-telegramname>
        <level>5level>
        <hook_url>xxxhook_url>
        <api_key>xxxapi_key>
        <alert_format>jsonalert_format>
    integration>

    <integration>
        <name>custom-loginname>
        <level>3level>
        <hook_url>xxxhook_url>
        <api_key>xxxapi_key>
        <rule_id>5715rule_id>
        <alert_format>jsonalert_format>
    integration>

ossec_config>

Integrator config

/var/ossec/etc/integrator.conf

<integrator_config>
    <max_workers>20max_workers>
integrator_config>

Build

$ go build

Install & Run

Replace original file /var/ossec/bin/wazuh-integratord with this binary

$ ./wazuh-integratord -h

The Wazuh Integratord is a daemon that allows Wazuh to connect to external APIs and alerting tools such as Slack, VirusTotal and PagerDuty.
This version is written in Go, it was created to help to parse alerts log and alerting faster.

Usage of ./wazuh-integratord:
  -f    Run in foreground mode
  -log-level string
        Log level (default "info")
  -t    Test configuration

Run dev

$ ENV=dev ./wazuh-integratord -f

Log level

  • Level: panic fatal error warn info debug trace
  • Default: info

TODO

  • Write unit tests
Owner
Admicro
Đóng góp một phần kiến thức hạn hẹp cho Cộng đồng
Admicro
Similar Resources

Send messages from slack incoming webhook integrations to telegram

Send messages from slack incoming webhook integrations to telegram

slack-to-telegram Slack incoming webhook to telegram Send messages from slack incoming webhook integrations to telegram Tested on Gitlab Slack Notific

Jul 19, 2022

Go library to access geocoding and reverse geocoding APIs

GeoService in Go Code Coverage A geocoding service developed in Go's way, idiomatic and elegant, not just in golang. This product is designed to open

Dec 23, 2022

Fluent JavaScript API for SharePoint and Microsoft Graph REST APIs

Fluent JavaScript API for SharePoint and Microsoft Graph REST APIs

PnPjs is a fluent JavaScript API for consuming SharePoint and Microsoft Graph REST APIs in a type-safe way. You can use it with SharePoint Framework,

Dec 23, 2022

Service that wrap up different movies-related APIs like IMDB and match it to streaming services

Service that wrap up different movies-related APIs like IMDB and match it to streaming services

Service that wrap up different movies-related APIs like IMDB and match it to streaming services. That way you can check in which platforms you can find your favorite movies.

Feb 10, 2022

A golang client for the Twitch v3 API - public APIs only (for now)

go-twitch Test CLIENT_ID="my client ID" go test -v -cover Usage Example File: package main import ( "log" "os" "github.com/knspriggs/go-twi

Sep 27, 2022

Auto-generated Google APIs for Go.

Google APIs Client Library for Go Getting Started $ go get google.golang.org/api/tasks/v1 $ go get google.golang.org/api/moderator/v1 $ go get google.

Jan 8, 2023

Twilight is an unofficial Golang SDK for Twilio APIs

Twilight is an unofficial Golang SDK for Twilio APIs

Twilight is an unofficial Golang SDK for Twilio APIs. Twilight was born as a result of my inability to spell Twilio correctly. I searched for a Twillio Golang client library and couldn’t find any, I decided to build one. Halfway through building this, I realized I had spelled Twilio as Twillio when searching for a client library on Github.

Jul 2, 2021

Sync your bank transactions with google sheets using Open Banking APIs

Sync your bank transactions with google sheets using Open Banking APIs

Jul 22, 2022

Sync your bank transactions with google sheets using Open Banking APIs

this is a markdown version of the copy on the site landing page: https://youneedaspreadsheet.com You need a spreadsheet 📊 Get on top of your finances

Jul 22, 2022
Tiny go package for fetching high and low value of a stock for any given period range using kite connect historical data APIs.

Tiny go package for fetching high and low value of stock for any given period range using Kite connect Historical data APIs.

Apr 27, 2022
starenv allows populating environmental variables from variety of sources, such as AWS Parameter Store, GPG encrypted files and more, with extreme ease.

starenv (*env) allows populating environmental variables from variety of sources, such as AWS Parameter Store, GPG encrypted files and more, with extr

Nov 25, 2022
rpCheckup is an AWS resource policy security checkup tool that identifies public, external account access, intra-org account access, and private resources.
rpCheckup is an AWS resource policy security checkup tool that identifies public, external account access, intra-org     account access, and private resources.

rpCheckup - Catch AWS resource policy backdoors like Endgame rpCheckup is an AWS resource policy security checkup tool that identifies public, externa

Dec 26, 2022
External app to check and cache the latest block from DMO nodes

checkblock External app to check and cache the latest block from DMO nodes. This

Dec 22, 2021
gofrrsockets is a client library used to interact with FRR's daemon UNIX sockets

gofrrsockets gofrrsockets is a client library that can be used to send commands to FRR's daemon UNIX sockets. The library provides a safer (forking cm

Jun 13, 2022
Example code to demonstrate how to mock external clients via context.Context

Mocking external client libraries using context.Context This code is paired with a blog post: Mocking external client libraries using context.Context

Nov 6, 2022
Gocaptcha - An API wrapper for popular captcha solvers such as AntiCaptcha and 2Captcha in Golang

An API wrapper for popular captcha solvers such as AntiCaptcha and 2Captcha in Golang

Nov 1, 2022
It's so many regular expression forms are difficult to understand, such as perl, python, grep awk

Introduction Jamie Zawinski: Some people, when confronted with a problem, think "I know, I'll use regular expressions." Now they have two problems. It

Mar 31, 2022
Mrrobot - A simple greetings bot for Slack that uses events api and hosted on AWS Lambda

Mr. Robot a greeter bot for your slack community build_docker

Aug 21, 2022
Slack API in Go

nlopes/slack has moved! It is being actively maintained at slack-go/slack. This fork was created when the project was moved, and is provided for backw

Oct 2, 2022