I NEED HELP FOR INTEGRATE ALIENVAULT WITH WAZUH

[Lorenzo Putignano]

Hi everyone! 

I'm following this two tutorials for integrate Alienvault OTX with wazuh (Not with the CDB List) 

https://github.com/juaromu/wazuh-domain-stats-alienvault/tree/main

https://www.youtube.com/watch?v=dFHfH_f47Ms

And how you can see this work.... (Photo1)

so i do the dnsquery on   webdatatrace.com -> DNS Stats respond me and start a custo script otx.cmd situated on Programs Files (x86)\ossec-agent\active-response\bin\ that run another script otx.ps1 (i have installed Phowershell 7 as the guide says)

but don't trigger "AlienVault OTX -Indicator(s) Found" on wazuh, can anyone help me?

[Lorenzo Putignano]

Guys solved ! 

Here you can find a simple step by step guide. Write to me for improvements (obviously)

https://github.com/Lorenzoptg/Wazuh

[Manuel Alejandro Roldan Mella]

Hi Lorenzo,

Thanks for the step-by-step guide!

If you have any other questions or need further assistance, please feel free to reach out at any time. I'm here to help and would be happy to provide additional information or clarification as needed.

Regards

[kushagra varshney]

Hi Lorenzo,

I used the same integration steps as given by you for integration wazuh and otx  but i am facing errors in basic ioc matching when ossec is trying to run the script provided in walkthrough.

2025/10/27 11:13:51 wazuh-integratord: ERROR: Unable to run integration for custom-alienvault -> integrations
2025/10/27 11:13:51 wazuh-integratord: ERROR: While running custom-alienvault -> integrations. Output: KeyError: 'win'

i want to use it as, it should verify any ip, domain, or hash coming in my wazuh alerts with the public ioc's in otx and enrich my logs.

Thanks & Regards
Kushagra Varshney