configuring Elastalert with wazuh

Skip to first unread message

Flori Llapi

Dec 3, 2022, 6:12:13 AM12/3/22
to Wazuh mailing list
Hi all I am new to wazuh ,I need to configure elastalert with opensearch of wazuh .
I am using lattest version of wazuh. I dont know how to configure at all elastalert config.yaml file at all that is compatible with opensearch how to find SSL , usernames and passes , etc.The tutorials on internet are not acurate. Please help

Mauricio Ruben Santillan

Dec 5, 2022, 1:46:52 PM12/5/22
to Wazuh mailing list

Is there any specifig reason you're attempting to use Elastalert?
You see, Wazuh Dashboard (which is a fork of Opensearch Dashboard) includes Opensearch's Alerting module that is fully compatible with Wazuh alerts.
Also, Wazuh includes its own integration module that allows you to send alerts to external APIs defining a criteria to filter them. In case you're new to Elastalert, I do recommend you to check any of these commented methods.

Now, If you still want to proceed using Elastalert, then are you getting any specific error? Can you provide some screenshot of it? Any additional information will be usefult.
Also, there Elastalert official documentation here:

Looking forward to your comments.


Dec 6, 2022, 9:00:18 AM12/6/22
to Mauricio Ruben Santillan, Wazuh mailing list
Hi Mauricio , just want to monitor through MS teams in real and in better view thats all.
One more question do you know any tool to convert sigma rules to wazuh rules as they are many and manually needs many human resources ?


You received this message because you are subscribed to a topic in the Google Groups "Wazuh mailing list" group.
To unsubscribe from this topic, visit
To unsubscribe from this group and all its topics, send an email to
To view this discussion on the web visit

Mauricio Ruben Santillan

Dec 6, 2022, 12:46:10 PM12/6/22
to Wazuh mailing list
If you want to receive alerts in your MS Teams, then you should have no problem using the commented Wazuh Dashboard's Alerting feature. Check this out.

Now about converting Sigma rules to Wazuh rules, I haven't heard of nor used any tool as such, but I found next ones:
And there's some related information here:

I hope this helps! Let me know how it goes.
Reply all
Reply to author
0 new messages