How to get WAZUH Alert data through API

1,487 views
Skip to first unread message

Mohammad Shafiuddin Russel

unread,
Oct 12, 2022, 7:27:47 PM10/12/22
to Wazuh mailing list
Dear Genius,

Please help me, I need wazuh alert data through RESTful API.

Regards
Shafiuddin Russel

tomas....@wazuh.com

unread,
Oct 12, 2022, 8:39:37 PM10/12/22
to Wazuh mailing list
Hi Shafiuddin Russel,

If you have Wazuh Indexer installed, you can explore the alerts using its API.


For example, to get the alerts from the index wazuh-alerts-4.x-*, this should be the URL to query:

https://{ip_address}:9200/wazuh-alerts-4.x-*/_search?

This is an example body, where you will indicate the search filters:

{
       "query": {
          "bool": {
             "must": [ {
                 "term": {
                     "rule.id": "514"
                  }
              } 
          }
       },
       "size": 10,
       "sort": [
          {
             "timestamp": {
                "order": "desc"
             }
          }
       ]
}

I hope this information helps.

Best regards.

Tomás Turina

Mohammad Shafiuddin Russel

unread,
Oct 16, 2023, 5:23:55 PM10/16/23
to Wazuh | Mailing List
Dear  Tomás Turina,

What are the mechanisms to search for data within a specific date range? For example, how can I search for all data for October 10, 2023, from 00:00:00 to 23:59:59

Regards
Shafiuddin

Reply all
Reply to author
Forward
0 new messages