https://github.com/daschr/wazuh-per-hit-alert

Queries an wazuh opensearch instance and creates an notification for each hit.
https://github.com/daschr/wazuh-per-hit-alert

Last synced: 8 days ago
JSON representation

Queries an wazuh opensearch instance and creates an notification for each hit.

• Host: GitHub
• URL: https://github.com/daschr/wazuh-per-hit-alert
• Owner: daschr
• License: mit
• Created: 2024-08-13T09:22:33.000Z (6 months ago)
• Default Branch: main
• Last Pushed: 2024-08-13T12:35:49.000Z (6 months ago)
• Last Synced: 2024-08-14T11:44:25.300Z (6 months ago)
• Language: Rust
• Homepage:
• Size: 12.7 KB
• Stars: 0
• Watchers: 1
• Forks: 0
• Open Issues: 0
• Metadata Files:
  • Readme: README.md
  • License: LICENSE

Awesome Lists containing this project

README

        


  
wazuh-per-hit-alert

  Notification service which queries an OpenSearch instance of Wazuh and alerts users using webhooks for each hit.



  Born out of the frustration that Wazuh is unable to send per-event notifications.



[![Docker](https://img.shields.io/badge/Docker-2496ED?logo=docker&logoColor=fff)](https://hub.docker.com/r/daschr/wazuh-per-hit-alert) ![docker build](https://github.com/daschr/wazuh-per-hit-alert/actions/workflows/docker-image.yml/badge.svg) 

## Capabilities

- query Wazuh's OpenSearch for for arbitrary events

- notify a user using webhooks (POST) for each hit

## Installation (Docker)

1. use the provided [docker-compose.yml](https://github.com/daschr/wazuh-per-hit-alert/blob/main/docker-compose.yml) and spawn the container

2. got into the `etc` docker-volume of the container and edit the config.toml

3. restart the container and check that it's running

4. That's it! You can now test the service by generating some events which will be returned by you configured queries.