IDMEFv2 connector for Wazuh

24 views
Skip to first unread message

Thierry Bugier

unread,
Jan 20, 2026, 6:16:38 AM (13 days ago) Jan 20
to Wazuh | Mailing List
Dear all,
 
As part of the testing of the IETF draft IDMEFv2 (Incident Detection Message Exchange Format) standard, a universal security format to exchange alerts between any security tools (Cyber and Physical) and managers (SIEMs), we have developed an IDMEFv2 connector for Wazuh. The challenge is to define a single format for any kind of incident: cyber-security, physical security, performance issues and even natural hazards.
 
Currently, this connector supports the following tools:  

- Clamav: Anti-virus

- Suricata: NIDS

- Wazuh: HIDS

- Zabbix: Performance monitoring

- ZoneMinder: CCTV – Motion detection
 
It is available on the IDMEFv2 GitHub repository (https://github.com/IDMEFv2/idmefv2-connectors)
 
This connector allows you to connect Wazuh to Concerto SIEM (a fork of Prelude OSS), the first IDMEFv2-compatible SIEM (https://github.com/IDMEFv2/Concerto-SIEM).

Please feel free to download and test it and report any issues or remarks/comments in the GitHub. We are very interested by Wazuh users feedback to tune our connector but also the IDMEFv2 format.
 
For more information, visit the IDMEFv2 website: https://www.idmefv2.org  and subscribe to the IDMEFv2mailing list: https://www.freelists.org/list/idmefv2  
 
The development of this connector was carried out within the framework of the European research project Safe4Soc (Standard Alert Format Exchange for SOCs) (https://safe4soc.eu). The project SAFE4SOC, funded under Grant Agreement No. 101145846, is supported by the European Cybersecurity Competence Centre (ECCC).)
 
Best regards,
 

Nicolas Zapata

unread,
Jan 20, 2026, 8:36:00 AM (13 days ago) Jan 20
to Wazuh | Mailing List

Hello Thierry,

Thank you for sharing this initiative and the work done around the IDMEFv2 standard.

It’s great to see efforts toward a universal alert format and the integration with multiple security and monitoring tools, including Wazuh. The connector and the Concerto SIEM project look very interesting, and it’s good to see active development in this area.

I’ll share this with the team and encourage interested users to review the connector and provide feedback through the GitHub repository, as suggested.

Best regards,

Thierry Bugier

unread,
Jan 22, 2026, 8:54:39 AM (11 days ago) Jan 22
to Wazuh | Mailing List
Hello Nicolas,

Thank you very much to spread the word about our project.

Best regards,

Nicolas Zapata

unread,
Jan 29, 2026, 10:01:29 AM (4 days ago) Jan 29
to Wazuh | Mailing List

You’re welcome, and thanks again for sharing your work.

If at any point you’d like to contribute further or share updates, feel free to do so through the integrations repository, which is publicly accessible and open to community contributions.

Best regards,

Reply all
Reply to author
Forward
0 new messages