Integration of a preventive security analysis module (MISP, Wazuh,, LogStash, Docker)
61 views
Skip to first unread message
Nouaman Ahmamcha
Mar 25, 2025, 10:45:09 AM3/25/25
to Wazuh | Mailing List
I want to know how to configure all of these modules (MISP, Wazuh, Logstash) to work togethere.
Correct me if this Workflow is wrong :
Workflow:
-
MISP receives threat intelligence updates and shares them with Wazuh.
-
Wazuh detects anomalies based on MISP IoCs and forwards security logs.
-
Logstash collects and parses logs from Wazuh and MISP.
-
Docker containers manage the deployment of all components.
I am using all of these modules inside a Docker containers and running perfect on Ubuntu
Manuel Jose Cano Rojo
Mar 25, 2025, 12:03:02 PM3/25/25
to Wazuh | Mailing List
Hi Nouaman Ahmamcha
you are right in your description, each described component will perform the actions you describe.
you are right in your description, each described component will perform the actions you describe.
Nouaman Ahmamcha
Mar 26, 2025, 10:21:11 AM3/26/25
to Wazuh | Mailing List
what should I configure , because I am completely stuck in here
Manuel Jose Cano Rojo
Apr 7, 2025, 3:07:05 AM4/7/25
to Wazuh | Mailing List
Hi Nouaman,
Since the MISP integration is not supported by default, you need to implement a custom integration to use it. Here, you can find how to implement custom integrations:
You can have this community-provided integration script as a reference in order to better understand the integration requirements:
Lastly, Docker deployment is officially supported and provided in two different deployment options: Single-Node and Multi-Node.
Reply all
Reply to author
Forward
0 new messages