Wazuh integration with external software

[Ренат Ондар]

Hello team!

i have configured my wazuh server with AIO deployment. I have a lot of usefull data logging. How can I send all this data from Wazuh to external log harvesting software?  
For example DLP or UEBA. 

I tried to find any official information, but all I found integration by API its https://documentation.wazuh.com/current/user-manual/manager/manual-integration.html

I believe there also must be syslog transporting pipeline to external log harvesting solutions.

Please, provide me some info about different types of integrations. Is API the only way?

With respect, Renat

[Alexander Bohorquez]

Hi Pehat,

Thank you for using Wazuh!

In order to send your Wazuh data to external log harvesting software, there are multiple integration options available. While API integration is one way to achieve this: https://documentation.wazuh.com/current/user-manual/manager/manual-integration.html, there are other methods as well. 

Wazuh cand send it's alerts via syslog, here the reference of how to do it: https://documentation.wazuh.com/current/user-manual/manager/manual-syslog-output.html.  You can configure Wazuh to forward logs to a syslog server, which can then be integrated with your log harvesting software or even directly if your destination accepts syslog traffic. 

I hope this information helps. Please let me know if you have any questions.