Cohesity M365 DataProtect SaaS integrate with wazuh

[ismailctest C]

Hi Team,

We need to collect the logs from ' Cohesity M365 DataProtect SaaS', please let us know how to integrate with wazuh.

The plan: Cohesity M365 DataProtect SaaS Subscription

Module: SAAS-M365-UNL-MD

Subscription or License: Subscription

[Dario Menten]

Hello,
Thank you for posting in the community.

For log ingestion, you have some options:

• Log Collection: With the Wazuh Agent, you should be able to read logs and send them to be analyzed to the Wazuh Manager through the Agent-to-Server secure channel.
• Remote Syslog: You can configure your log source to send messages through Syslog protocol to the Wazuh Manager.
• Webhook API: You can write a script to retrieve logs from a Webhook API, then you can run it and ingest the output with a wodle command in Wazuh Manager.

Having in mind the service you need to extract the logs is a Cloud Service, I think the best way would be by using the Webhook API option (If the Cohesity Dataprotect SaaS has this kind of service), here you can see several scripts for using them in a wodle command, you can take them as a reference and write your own.

I hope this will be helpful.

​

[ismailctest C]

Hi Team,

Webhook option is available in cohesity, please find the below url.

https://docs.cohesity.com/baas/data-protect/alerts/configure-alert-notification-rule.htm?tocpath=Monitoring%7CAlerts%7C_____1#CreateAlertNotificationRuleforWebhooksNotification

Please assist with integrating Wazuh, if any script is needed to collect the logs, kindly help on this as well.
Could you perhaps provide step-by-step instructions for finishing the Wazuh integration?

[ismailctest C]

Hi Team,

Pl support