Multiple integrations with different web hooks

[Mario Garofano]

Hello Community,

I have a question regarding Wazuh integration with Shuffle. I have a Shuffle integration that is triggered at <level>10</level>, meaning it should execute whenever a rule of level 10 or higher is triggered.

However, there are two specific level 10 rules that should trigger a different Shuffle integration (i.e., a different webhook URL associated with another <integration> block in ossec.conf).

Would this be possible? Or, if I specify only those two rules in the second integration, would they trigger both integrations—since they match the general condition (level>=10) as well as the specific rule-based condition?

Thank you,

Mario

[Farouk Musa]

Hi,

You can add two shuffle integration blocks however they will both trigger the rules since they have the same criteria. One thing i can suggest is to reduce the rule level for those rules to level 9 then use their rule IDs to trigger the shuffle integration, instead of a rule level. So in your first integration with rule level, it will trigger level 10 and above. But the second one will only trigger the two rules since you have specified their IDs instead.