Modify Full log
79 views
Skip to first unread message
Riccardo Olivetto
Oct 3, 2025, 2:11:24 PM10/3/25
to Wazuh | Mailing List
Hi, i've created a custom active response script that use ChatGPT.
The active response script is called correctly, but the alert is generated without it's response. How can I add an additional field to see chatgpt response?
The active response script is called correctly, but the alert is generated without it's response. How can I add an additional field to see chatgpt response?
Federico Ramos
Oct 3, 2025, 2:49:55 PM10/3/25
to Wazuh | Mailing List
Hello, Active Response doesn't create new alerts; it's a script that runs based on certain alerts you've configured.
If you want to save the CHATGPT response, you should add a way to persist this data to your script.
If you want to save the CHATGPT response, you should add a way to persist this data to your script.
Riccardo Olivetto
Oct 10, 2025, 5:21:00 AM10/10/25
to Wazuh | Mailing List
I refer to this article: https://documentation.wazuh.com/current/proof-of-concept-guide/leveraging-llms-for-alert-enrichment.html
The script itself doesn't add the field chatgpt responde, but from the visulization of alerts by GUI there is this additional field.
If i share with you my script can you help me?
The script itself doesn't add the field chatgpt responde, but from the visulization of alerts by GUI there is this additional field.
If i share with you my script can you help me?
Luciano Valinotti
Oct 16, 2025, 2:27:01 PM10/16/25
to Wazuh | Mailing List
Hi Riccardo
As the article you referred to shows, the 'chatgpt_response' field visible in the example GUI is populated when the script updates the alert. Active Response scripts themselves don’t automatically store the ChatGPT output in alert fields.
In this case, you would need to add logic in your script to write the response to a custom field, for example, to persist this data. You can find more details on how to update alerts programmatically in the Wazuh Indexer API documentation, and you might also explore some use cases and examples here.
While I’m not able to work on the script itself, I hope this information points you in the right direction.
As the article you referred to shows, the 'chatgpt_response' field visible in the example GUI is populated when the script updates the alert. Active Response scripts themselves don’t automatically store the ChatGPT output in alert fields.
In this case, you would need to add logic in your script to write the response to a custom field, for example, to persist this data. You can find more details on how to update alerts programmatically in the Wazuh Indexer API documentation, and you might also explore some use cases and examples here.
While I’m not able to work on the script itself, I hope this information points you in the right direction.
Reply all
Reply to author
Forward
0 new messages