Monitor alert from alerting to a webhook

[Julian Jorge]

Hi, 

We are trying to send a monitor alert from alerting to a webhook of shuffle.

Is there a way to send the complete json just as we can do using the shuffle integration? We need it to be a json to see the different fields from the alert and use it on shuffle.

[Marcos Javier Bonacci]

Hi Julian,

Here is a blog post with a detailed explanation of how to integrate Wazuh>Shuffle. Additionally, in the Wazuh docs section, you can check Wazuh integrations.

Could you share the json that you received via shuffle to check it?

[Julian Jorge]

Hello Marcos,

 I don't think I've explained myself properl. I am using the section of "Alert monitor" from wazuh:

With this tool I can send message from wazuh to Shuffle when there is a conexion outside of spain for example.

But I need to add more fields for the generated aler. How can I do it?

[Marcos Javier Bonacci]

Hi Julian,

In the Actions Section/Message, did you configure a variable with Results?

[Julian Jorge]

Hello,

No, I didn´t configure that. I just do it but the result have not much information.

Is some way to have information from the real alert log?

[Marcos Javier Bonacci]

Hello,

The full alert JSON should be included in a field named all_fields, as the blogspot shows in the image: 

You could set this field to be overwritten if you include {"all_fields": "<whatever>"} as options.