Can Wazuh Manager be configured to send traffic to a HEC on splunk?
101 views
Skip to first unread message
Supriya Sudharani Kumaraswamy US
Apr 28, 2020, 10:21:02 AM4/28/20
to Wazuh mailing list
Hi all,
Currently our team uses Splunk Universal Forwarder to forward wazuh traffic from manager to Splunk. We understand there are options available to secure this traffic (https://docs.splunk.com/Documentation/Splunk/8.0.3/Security/ConfigureSplunkforwardingtousesignedcertificates).
But, we were wondering does Wazuh has any ways to send traffic to a HEC on Splunk?
Regards,
Supriya
Jesus Linares
Apr 30, 2020, 3:59:18 AM4/30/20
to Wazuh mailing list
Hi Supriya,
At this moment, Wazuh sends the alerts to a file (alerts.json) or via Syslog. If you want to forward them to another place, you need to use another tool like Filebeat/Logstash.
So, what I recommend is using the following setup: [Wazuh Manager -> alerts.json <- Filebeat] -> [Logstash] -> [Splunk].
Here you can see an example: https://medium.com/ibm-garage/how-to-forward-events-from-logstash-to-splunk-4f2608041feb.
I hope it helps.
Reply all
Reply to author
Forward
0 new messages