Wazuh splunk

[phillip...@vixverify.com]

Hi,

We currently use OSSEC agents deployed and feed the events into SPLUNK.

We do not have a OSSEC server.

The OSSEC configurations are manage via ansible. and the log events are sent directly to splunk using the universal forwarder.

We are looking at WAZUH.

Does the Splunk app for WAZUH map the inputs to the CIM used by  Splunk Enterprise Security ?

Would it require a WAZUH manager - or can the events be sent directly from WAZUH to Splunk ?

[Manuel Jiménez]

Hello Phillip,

Currently our Splunk app for Wazuh requires a Wazuh Manager with Wazuh API installed on it, also the app processes forwarded Wazuh alerts directly in JSON format  by itself so that it doesn't need CIM, so I'd recommend you to migrate to Wazuh in order to use our Splunk app.
I hope all your questions have been resolved, for anything else you may need please don't hesitate to write again, I'l be glad to help you.

Best regards,
Manuel

--
You received this message because you are subscribed to the Google Groups "Wazuh mailing list" group.
To unsubscribe from this group and stop receiving emails from it, send an email to wazuh+unsubscribe@googlegroups.com.
To post to this group, send email to wa...@googlegroups.com.
Visit this group at https://groups.google.com/group/wazuh.
To view this discussion on the web visit https://groups.google.com/d/msgid/wazuh/a19956f6-9fb8-4a4c-8ef6-eac0a918c57f%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

--

-

Manuel Jiménez Bernal

manuel....@wazuh.com

https://wazuh.com