Monitor Wazuh

Salma_berechid — Fri, 15 Nov 2024 10:47:42 GMT

Hello,

We have a customer that want to monitor Wazuh ( Wazuh is a free and open source security platform that unifies XDR and SIEM protection for endpoints and cloud workloads. ) . This wazuh is developped using Python and C/C++ so we need to use OneAgent SDK but we don't know how to do this on an open source platform.

Can anyone help please?

Salma

Re: Monitor Wazuh

MostafaHussein — Fri, 15 Nov 2024 14:40:01 GMT

Hi @Salma_berechid ,

after quick investigation i found that Wazuh has multiple workarounds to integrate with Dynatrace and versa

1. API metric ,log and event ingestion (the easiest way)

you can make custom integration from Wazuh due to this reference to send data to Dynatrace APIs.

https://docs.dynatrace.com/docs/shortlink/api-events-v2-post-event
https://docs.dynatrace.com/docs/dynatrace-api/environment-api/metric-v2/post-ingest-metrics
https://docs.dynatrace.com/docs/shortlink/api-log-monitoring-v2-post-ingest
https://docs.dynatrace.com/docs/shortlink/lma-stream-logs-with-logstash

2. Activegate extension that can pull data from Wazuh endpoints then start sending metrics, events and logs to Dynatrace.
https://documentation.wazuh.com/current/user-manual/api/reference.html
and this link for how to develop extension in Dynatrace https://developer.dynatrace.com/develop/dynatrace-extensions-vscode/guides/create_extension/

3. OneAgent SDK is usually is used to extend traces not for custom apps, it depends on the purpose of this extension is it for Real user monitor or for Server Side Monitoring, if you're going to extend traces there's no need to you need first to has access to Wazuh backend code. please check this link that showing what can you do with OneAgent SDK, also check this is a great article explaining how OneAgent SDK can involved with root cause analysis.

BR,
Mostafa Hussein.

topic Re: Monitor Wazuh in Open Q&A

Monitor Wazuh

Re: Monitor Wazuh