Forward events from one wazuh to another

[Tom Powers]

Is it possible to send an event that shows up in Wazuh to one or more other Wazuh servers based on the content of an event?

All insight is appreciated

Thanks

[Ujunwa Okonkwo]

Hello,

Thank you for using Wazuh.

I am delighted to inform you that the Wazuh Server is capable of receiving as many events as you would love to feed in.

However, there are some concerns you must address while you work on large systems. You might have to scale up your environment based on the workload.

You might be interested in having a look at the Hardware Requirements of our Wazuh Server. https://documentation.wazuh.com/current/installation-guide/wazuh-server/index.html

Additionally, you can find the Syslog integration guide here. https://documentation.wazuh.com/current/cloud-service/your-environment/send-syslog-data.html

If you need to receive information from another SIEM via Syslog. The following blog explains how to Configure the Wazuh manager to receive Syslog messages:
https://wazuh.com/blog/how-to-configure-rsyslog-client-to-send-events-to-wazuh/

In order to send Wazuh alerts to another SIEM, we would recommend you use our Syslog output feature. You can read more about this feature here: https://documentation.wazuh.com/current/user-manual/manager/manual-syslog-output.html

All the configuration parameters can be obtained here: https://documentation.wazuh.com/current/user-manual/reference/ossec-conf/syslog-output.html#reference-ossec-syslog-output
Once the logs are received, you can create decoders/rules to generate alerts based on your requirements.

Hope you find the resources useful.

Regards,