How to set up Wazuh as a distributed system?

[Nemo191 Nm]

How to set up Wazuh as a distributed system? Let's say a SIEM is installed in three different cities, there is a SIEM in the head office, it is necessary that data from three cities arrive at the head office, and all the garbage needs to remain in these cities, and only important information goes to the head office, for example, by level, starting say from level 5? How can I set up sending information to the head office under these conditions? How to make a system: Three SIEMs in cities and a main SIEM in the main office, where will information from three SIEMs be sent?

[Anthony Faruna]

Hello, 

Kindly go through our documentation for a distributed deployment. 

You can configure a cluster and make the head office the master node. 

As regards generating alerts from a certain level, you can reference our documentation on custom rules and decoders.

I hope this helps.

Best Regards

On Thu, Apr 25, 2024 at 9:19 AM Nemo191 Nm <nemo...@gmail.com> wrote:

How to set up Wazuh as a distributed system? Let's say a SIEM is installed in three different cities, there is a SIEM in the head office, it is necessary that data from three cities arrive at the head office, and all the garbage needs to remain in these cities, and only important information goes to the head office, for example, by level, starting say from level 5? How can I set up sending information to the head office under these conditions? How to make a system: Three SIEMs in cities and a main SIEM in the main office, where will information from three SIEMs be sent?

--
You received this message because you are subscribed to the Google Groups "Wazuh | Mailing List" group.
To unsubscribe from this group and stop receiving emails from it, send an email to wazuh+un...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/wazuh/a917074f-1574-4196-a148-072cff672d3cn%40googlegroups.com.