Wazuh with OpenCTI
644 views
Skip to first unread message
Facu Basgall
Jul 12, 2024, 2:52:19 PM7/12/24
to Wazuh | Mailing List
Hi! I'm new to using OpenCTI but I have integrated it with Wazuh via a Python file.
The goal of the integration is when certain events occur in the Wazuh parse them with OpenCTI, the problem is that I'm not sure if these events are being parsed or not.
Is there any way to see which events were queried against the OpenCTI database? Is there a log file that leaves this information? Thanks
The goal of the integration is when certain events occur in the Wazuh parse them with OpenCTI, the problem is that I'm not sure if these events are being parsed or not.
Is there any way to see which events were queried against the OpenCTI database? Is there a log file that leaves this information? Thanks
Damian Nicastro
Jul 12, 2024, 4:40:03 PM7/12/24
to Wazuh | Mailing List
Hi Facu:
I hope you are fine.
Please, explain how you have done this integration and send the Wazuh config for this.
If this is an integration done with the Wazuh integration module, you may have some logs in "/var/ossec/logs/integrations.log" and/or in "/var/ossec/logs/ossec.log"
You may need to set the DEBUG mode for the Integration module to see more details:
# vi /var/ossec/etc/local_internal_options.conf
...
integrator.debug=2
# systemctl restart wazuh-manager
I hope this helps.
Thanks
Damian Nicastro
Jul 15, 2024, 8:48:14 AM7/15/24
to Wazuh | Mailing List
Hello Facu:
I hope you are fine.
Could you please send the mentioned logs to check the execution of the script and to see if there are any errors?
Please, set the mentioned DEBUG mode to see it with more details.
Thanks
Reply all
Reply to author
Forward
0 new messages